cobaltstrike | e11da5c4892ad51d2190c211f8e23b21ad6c81a5c0b2cf33155a320124ea53ab

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 10:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a93d371745cb5af80733eec739b570ae
SHA1

11104038ab51dca23fd644cbc7a137d98c793837
SHA256

e11da5c4892ad51d2190c211f8e23b21ad6c81a5c0b2cf33155a320124ea53ab
SHA512

6c4cfb39ebef99723c375f525a0c9e57894ac90daa7169de0efead78c95436d7bf6f0e40fb31adef2af60780d1e15c3858161fef5fb577b32a2d6033fcc5d045
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUC:T+q56utgpPF8u/7C

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120f9-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000160da-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016141-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000162e4-26.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016399-37.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c89-69.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174b4-84.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-114.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-129.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-199.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-184.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-174.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-164.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-169.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-134.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-124.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174f8-97.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707f-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017570-104.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016b86-66.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016689-49.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016890-58.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f38-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2100-0-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120f9-3.dat	xmrig
behavioral1/memory/2100-6-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/files/0x00080000000160da-9.dat	xmrig
behavioral1/memory/2060-14-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x0008000000016141-11.dat	xmrig
behavioral1/memory/2100-12-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/memory/2688-21-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2100-19-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/files/0x00070000000162e4-26.dat	xmrig
behavioral1/memory/2804-29-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2100-23-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/memory/2100-31-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016399-37.dat	xmrig
behavioral1/memory/2940-44-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2500-42-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2752-36-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2688-59-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2708-60-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c89-69.dat	xmrig
behavioral1/memory/3052-74-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x00060000000174b4-84.dat	xmrig
behavioral1/memory/2628-68-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2628-105-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/1636-99-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/files/0x00060000000175f1-114.dat	xmrig
behavioral1/files/0x00060000000175f7-119.dat	xmrig
behavioral1/files/0x0005000000018697-129.dat	xmrig
behavioral1/files/0x0006000000018d7b-159.dat	xmrig
behavioral1/files/0x0005000000019203-179.dat	xmrig
behavioral1/memory/2584-850-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/1636-674-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/1980-518-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2764-335-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/3052-203-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019274-199.dat	xmrig
behavioral1/files/0x0005000000019261-194.dat	xmrig
behavioral1/files/0x000500000001924f-189.dat	xmrig
behavioral1/files/0x0005000000019237-184.dat	xmrig
behavioral1/files/0x0006000000019056-174.dat	xmrig
behavioral1/files/0x0006000000018d83-164.dat	xmrig
behavioral1/files/0x0006000000018fdf-169.dat	xmrig
behavioral1/files/0x0006000000018be7-154.dat	xmrig
behavioral1/files/0x0005000000018745-149.dat	xmrig
behavioral1/files/0x000500000001871c-144.dat	xmrig
behavioral1/files/0x000500000001870c-139.dat	xmrig
behavioral1/files/0x0005000000018706-134.dat	xmrig
behavioral1/files/0x000d000000018683-124.dat	xmrig
behavioral1/memory/2708-98-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x00060000000174f8-97.dat	xmrig
behavioral1/memory/2584-106-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2764-83-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2940-82-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x000600000001707f-81.dat	xmrig
behavioral1/files/0x0006000000017570-104.dat	xmrig
behavioral1/memory/2804-67-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x0008000000016b86-66.dat	xmrig
behavioral1/memory/2100-63-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/1980-88-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2908-87-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2752-73-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2100-70-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/memory/2908-51-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2060-50-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2500	xkNSTzc.exe
2060	EnAzNEA.exe
2688	mTkNiZc.exe
2804	KmenHZb.exe
2752	uCgcELm.exe
2940	xhNJkeo.exe
2908	PqQuxzC.exe
2708	hDnobar.exe
2628	GOAJvZX.exe
3052	MkkOmwd.exe
2764	HOmayxW.exe
1980	JUMPVuA.exe
1636	xxgNUit.exe
2584	hgzrvEV.exe
2364	TvIdRGQ.exe
2832	zIymkrb.exe
2348	HQkbnxD.exe
2656	SaLhHEq.exe
2088	OdJIsmq.exe
2200	uTbIAJM.exe
1644	HqcbQDx.exe
388	qhrHQVX.exe
2448	ONTwQvq.exe
908	QOetxVC.exe
2968	HVKBVDV.exe
320	wPHNUig.exe
1612	WRYcwpK.exe
2316	bfYTCzG.exe
408	ZCxEJtw.exe
2328	ympnRVU.exe
2212	NrXdTil.exe
1892	ZIHFNew.exe
1856	iVKBRmX.exe
656	GZIGUsO.exe
2972	qNylxoL.exe
1340	CYOZHbK.exe
1760	cSgYuud.exe
580	qKcIOrG.exe
1576	tGxsGhB.exe
752	VWXOORs.exe
2460	FKGfuPP.exe
2268	YOOxVdk.exe
2936	QxmMFaQ.exe
2528	iShjHJV.exe
2828	pwQXGdy.exe
2016	plAJJdm.exe
3048	txfdmdC.exe
1524	dpuDnJM.exe
352	AEpzZfL.exe
876	McVbKHM.exe
3008	jQxYWkb.exe
2976	MOscSvR.exe
2524	rIxpDAR.exe
1572	PPSfjGv.exe
1356	vGKDxBN.exe
2340	IosIlkc.exe
2320	utULNHc.exe
2704	BHfyYgT.exe
2880	MtfXMsJ.exe
2616	tQWPFzS.exe
1784	hwnojrJ.exe
1708	JIkclmV.exe
2748	euKeUdR.exe
1844	xbSMuWq.exe

Loads dropped DLL 64 IoCs

pid	Process
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2100-0-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x00080000000120f9-3.dat	upx
behavioral1/memory/2100-6-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x00080000000160da-9.dat	upx
behavioral1/memory/2060-14-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x0008000000016141-11.dat	upx
behavioral1/memory/2688-21-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x00070000000162e4-26.dat	upx
behavioral1/memory/2804-29-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x0008000000016399-37.dat	upx
behavioral1/memory/2940-44-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2500-42-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2752-36-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2688-59-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2708-60-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x0008000000016c89-69.dat	upx
behavioral1/memory/3052-74-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x00060000000174b4-84.dat	upx
behavioral1/memory/2628-68-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2628-105-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/1636-99-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/files/0x00060000000175f1-114.dat	upx
behavioral1/files/0x00060000000175f7-119.dat	upx
behavioral1/files/0x0005000000018697-129.dat	upx
behavioral1/files/0x0006000000018d7b-159.dat	upx
behavioral1/files/0x0005000000019203-179.dat	upx
behavioral1/memory/2584-850-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/1636-674-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/1980-518-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2764-335-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/3052-203-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x0005000000019274-199.dat	upx
behavioral1/files/0x0005000000019261-194.dat	upx
behavioral1/files/0x000500000001924f-189.dat	upx
behavioral1/files/0x0005000000019237-184.dat	upx
behavioral1/files/0x0006000000019056-174.dat	upx
behavioral1/files/0x0006000000018d83-164.dat	upx
behavioral1/files/0x0006000000018fdf-169.dat	upx
behavioral1/files/0x0006000000018be7-154.dat	upx
behavioral1/files/0x0005000000018745-149.dat	upx
behavioral1/files/0x000500000001871c-144.dat	upx
behavioral1/files/0x000500000001870c-139.dat	upx
behavioral1/files/0x0005000000018706-134.dat	upx
behavioral1/files/0x000d000000018683-124.dat	upx
behavioral1/memory/2708-98-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x00060000000174f8-97.dat	upx
behavioral1/memory/2584-106-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2764-83-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2940-82-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x000600000001707f-81.dat	upx
behavioral1/files/0x0006000000017570-104.dat	upx
behavioral1/memory/2804-67-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x0008000000016b86-66.dat	upx
behavioral1/memory/1980-88-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2908-87-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2752-73-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2908-51-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2060-50-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x0007000000016689-49.dat	upx
behavioral1/files/0x0007000000016890-58.dat	upx
behavioral1/memory/2100-35-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x0008000000015f38-34.dat	upx
behavioral1/memory/2500-3420-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2060-3424-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YZXtLag.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWxkkRI.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iYPjiFL.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RsNnJEX.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IanitvM.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EVzbMfz.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EhvzOCJ.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uURhhLw.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lwUzRQu.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iAjZtjg.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QsCZTCz.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ISMXPLr.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\culxeua.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kMirekO.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XnfsVmb.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RCaeYfC.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\meXEePG.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vxaBIhd.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xrUuOsb.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hJbPpfD.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XjuOtlG.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XdmmgsL.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFfPtpr.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TQGeOfF.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HSEzfRb.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GbPibOh.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAdquWx.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHkHGCa.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTxxxAk.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vqqEfuK.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YgZTMOP.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QwJgACl.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hRYcnxk.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dBOWsoh.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bAJNPxQ.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xRiNYDD.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TpEmIGw.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rXkkKmN.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fxJatDY.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aIjzfBO.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PuAGfei.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OywmqkU.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxtqVqG.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zZKTfxY.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YeouZdV.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\odSqwhR.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESUFxaB.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGtUxqv.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ruCEAaR.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JyLLzLa.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\djHHBur.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nSAYqBA.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\coHUpeS.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SZlNbGn.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zDCSqFO.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tPoiMoa.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kCNEzsX.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TtBHQxM.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OkwrZYQ.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aVRZjeS.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RLqZaze.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvfmMwr.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tXTyCoy.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WDLYbTR.exe	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2500	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2100 wrote to memory of 2500	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2100 wrote to memory of 2500	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2100 wrote to memory of 2060	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2100 wrote to memory of 2060	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2100 wrote to memory of 2060	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2100 wrote to memory of 2688	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2100 wrote to memory of 2688	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2100 wrote to memory of 2688	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2100 wrote to memory of 2804	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2100 wrote to memory of 2804	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2100 wrote to memory of 2804	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2100 wrote to memory of 2752	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2100 wrote to memory of 2752	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2100 wrote to memory of 2752	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2100 wrote to memory of 2940	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2100 wrote to memory of 2940	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2100 wrote to memory of 2940	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2100 wrote to memory of 2908	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2100 wrote to memory of 2908	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2100 wrote to memory of 2908	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2100 wrote to memory of 2708	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2100 wrote to memory of 2708	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2100 wrote to memory of 2708	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2100 wrote to memory of 2628	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2100 wrote to memory of 2628	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2100 wrote to memory of 2628	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2100 wrote to memory of 3052	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2100 wrote to memory of 3052	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2100 wrote to memory of 3052	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2100 wrote to memory of 2764	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2100 wrote to memory of 2764	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2100 wrote to memory of 2764	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2100 wrote to memory of 1980	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2100 wrote to memory of 1980	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2100 wrote to memory of 1980	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2100 wrote to memory of 1636	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2100 wrote to memory of 1636	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2100 wrote to memory of 1636	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2100 wrote to memory of 2584	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2100 wrote to memory of 2584	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2100 wrote to memory of 2584	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2100 wrote to memory of 2364	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2100 wrote to memory of 2364	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2100 wrote to memory of 2364	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2100 wrote to memory of 2832	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2100 wrote to memory of 2832	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2100 wrote to memory of 2832	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2100 wrote to memory of 2348	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2100 wrote to memory of 2348	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2100 wrote to memory of 2348	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2100 wrote to memory of 2656	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2100 wrote to memory of 2656	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2100 wrote to memory of 2656	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2100 wrote to memory of 2088	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2100 wrote to memory of 2088	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2100 wrote to memory of 2088	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2100 wrote to memory of 2200	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2100 wrote to memory of 2200	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2100 wrote to memory of 2200	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2100 wrote to memory of 1644	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2100 wrote to memory of 1644	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2100 wrote to memory of 1644	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2100 wrote to memory of 388	2100	2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_a93d371745cb5af80733eec739b570ae_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\System\xkNSTzc.exe
  C:\Windows\System\xkNSTzc.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\EnAzNEA.exe
  C:\Windows\System\EnAzNEA.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\mTkNiZc.exe
  C:\Windows\System\mTkNiZc.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\KmenHZb.exe
  C:\Windows\System\KmenHZb.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\uCgcELm.exe
  C:\Windows\System\uCgcELm.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\xhNJkeo.exe
  C:\Windows\System\xhNJkeo.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\PqQuxzC.exe
  C:\Windows\System\PqQuxzC.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\hDnobar.exe
  C:\Windows\System\hDnobar.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\GOAJvZX.exe
  C:\Windows\System\GOAJvZX.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\MkkOmwd.exe
  C:\Windows\System\MkkOmwd.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\HOmayxW.exe
  C:\Windows\System\HOmayxW.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\JUMPVuA.exe
  C:\Windows\System\JUMPVuA.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\xxgNUit.exe
  C:\Windows\System\xxgNUit.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\hgzrvEV.exe
  C:\Windows\System\hgzrvEV.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\TvIdRGQ.exe
  C:\Windows\System\TvIdRGQ.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\zIymkrb.exe
  C:\Windows\System\zIymkrb.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\HQkbnxD.exe
  C:\Windows\System\HQkbnxD.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\SaLhHEq.exe
  C:\Windows\System\SaLhHEq.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\OdJIsmq.exe
  C:\Windows\System\OdJIsmq.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\uTbIAJM.exe
  C:\Windows\System\uTbIAJM.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\HqcbQDx.exe
  C:\Windows\System\HqcbQDx.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\qhrHQVX.exe
  C:\Windows\System\qhrHQVX.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\ONTwQvq.exe
  C:\Windows\System\ONTwQvq.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\QOetxVC.exe
  C:\Windows\System\QOetxVC.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\HVKBVDV.exe
  C:\Windows\System\HVKBVDV.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\wPHNUig.exe
  C:\Windows\System\wPHNUig.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\WRYcwpK.exe
  C:\Windows\System\WRYcwpK.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\bfYTCzG.exe
  C:\Windows\System\bfYTCzG.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\ZCxEJtw.exe
  C:\Windows\System\ZCxEJtw.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\ympnRVU.exe
  C:\Windows\System\ympnRVU.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\NrXdTil.exe
  C:\Windows\System\NrXdTil.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\ZIHFNew.exe
  C:\Windows\System\ZIHFNew.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\iVKBRmX.exe
  C:\Windows\System\iVKBRmX.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\GZIGUsO.exe
  C:\Windows\System\GZIGUsO.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\qNylxoL.exe
  C:\Windows\System\qNylxoL.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\CYOZHbK.exe
  C:\Windows\System\CYOZHbK.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\cSgYuud.exe
  C:\Windows\System\cSgYuud.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\qKcIOrG.exe
  C:\Windows\System\qKcIOrG.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\tGxsGhB.exe
  C:\Windows\System\tGxsGhB.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\VWXOORs.exe
  C:\Windows\System\VWXOORs.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\FKGfuPP.exe
  C:\Windows\System\FKGfuPP.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\YOOxVdk.exe
  C:\Windows\System\YOOxVdk.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\QxmMFaQ.exe
  C:\Windows\System\QxmMFaQ.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\iShjHJV.exe
  C:\Windows\System\iShjHJV.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\pwQXGdy.exe
  C:\Windows\System\pwQXGdy.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\plAJJdm.exe
  C:\Windows\System\plAJJdm.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\txfdmdC.exe
  C:\Windows\System\txfdmdC.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\dpuDnJM.exe
  C:\Windows\System\dpuDnJM.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\AEpzZfL.exe
  C:\Windows\System\AEpzZfL.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\McVbKHM.exe
  C:\Windows\System\McVbKHM.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\jQxYWkb.exe
  C:\Windows\System\jQxYWkb.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\MOscSvR.exe
  C:\Windows\System\MOscSvR.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\rIxpDAR.exe
  C:\Windows\System\rIxpDAR.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\PPSfjGv.exe
  C:\Windows\System\PPSfjGv.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\vGKDxBN.exe
  C:\Windows\System\vGKDxBN.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\IosIlkc.exe
  C:\Windows\System\IosIlkc.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\utULNHc.exe
  C:\Windows\System\utULNHc.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\BHfyYgT.exe
  C:\Windows\System\BHfyYgT.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\MtfXMsJ.exe
  C:\Windows\System\MtfXMsJ.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\tQWPFzS.exe
  C:\Windows\System\tQWPFzS.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\hwnojrJ.exe
  C:\Windows\System\hwnojrJ.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\JIkclmV.exe
  C:\Windows\System\JIkclmV.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\euKeUdR.exe
  C:\Windows\System\euKeUdR.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\xbSMuWq.exe
  C:\Windows\System\xbSMuWq.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\QXzfMlr.exe
  C:\Windows\System\QXzfMlr.exe
  2⤵
  PID:2836
- C:\Windows\System\GPlPtqK.exe
  C:\Windows\System\GPlPtqK.exe
  2⤵
  PID:1916
- C:\Windows\System\IwQXfek.exe
  C:\Windows\System\IwQXfek.exe
  2⤵
  PID:828
- C:\Windows\System\EXqytNF.exe
  C:\Windows\System\EXqytNF.exe
  2⤵
  PID:2360
- C:\Windows\System\yEllxio.exe
  C:\Windows\System\yEllxio.exe
  2⤵
  PID:1160
- C:\Windows\System\NNyHKJN.exe
  C:\Windows\System\NNyHKJN.exe
  2⤵
  PID:2692
- C:\Windows\System\HaBosKX.exe
  C:\Windows\System\HaBosKX.exe
  2⤵
  PID:928
- C:\Windows\System\RPlzVFq.exe
  C:\Windows\System\RPlzVFq.exe
  2⤵
  PID:2964
- C:\Windows\System\ZlodwfF.exe
  C:\Windows\System\ZlodwfF.exe
  2⤵
  PID:1332
- C:\Windows\System\mMJvDGx.exe
  C:\Windows\System\mMJvDGx.exe
  2⤵
  PID:1140
- C:\Windows\System\uiGMNJO.exe
  C:\Windows\System\uiGMNJO.exe
  2⤵
  PID:1792
- C:\Windows\System\YROaRSD.exe
  C:\Windows\System\YROaRSD.exe
  2⤵
  PID:1616
- C:\Windows\System\ZahWVnR.exe
  C:\Windows\System\ZahWVnR.exe
  2⤵
  PID:2180
- C:\Windows\System\LMhAdil.exe
  C:\Windows\System\LMhAdil.exe
  2⤵
  PID:1520
- C:\Windows\System\BWAuCPH.exe
  C:\Windows\System\BWAuCPH.exe
  2⤵
  PID:2260
- C:\Windows\System\uGIjRbL.exe
  C:\Windows\System\uGIjRbL.exe
  2⤵
  PID:688
- C:\Windows\System\JkwgyDv.exe
  C:\Windows\System\JkwgyDv.exe
  2⤵
  PID:2296
- C:\Windows\System\GjWtKem.exe
  C:\Windows\System\GjWtKem.exe
  2⤵
  PID:2900
- C:\Windows\System\LpwjvMn.exe
  C:\Windows\System\LpwjvMn.exe
  2⤵
  PID:2520
- C:\Windows\System\kUGqfPi.exe
  C:\Windows\System\kUGqfPi.exe
  2⤵
  PID:556
- C:\Windows\System\crqSGwo.exe
  C:\Windows\System\crqSGwo.exe
  2⤵
  PID:1944
- C:\Windows\System\AgmaFJG.exe
  C:\Windows\System\AgmaFJG.exe
  2⤵
  PID:2408
- C:\Windows\System\hxWcHAe.exe
  C:\Windows\System\hxWcHAe.exe
  2⤵
  PID:2876
- C:\Windows\System\KyzGOMT.exe
  C:\Windows\System\KyzGOMT.exe
  2⤵
  PID:1548
- C:\Windows\System\dcNTFuK.exe
  C:\Windows\System\dcNTFuK.exe
  2⤵
  PID:2536
- C:\Windows\System\ymyTYIP.exe
  C:\Windows\System\ymyTYIP.exe
  2⤵
  PID:1932
- C:\Windows\System\AfnCLld.exe
  C:\Windows\System\AfnCLld.exe
  2⤵
  PID:2728
- C:\Windows\System\VTpIJgY.exe
  C:\Windows\System\VTpIJgY.exe
  2⤵
  PID:2620
- C:\Windows\System\MTksdBW.exe
  C:\Windows\System\MTksdBW.exe
  2⤵
  PID:2824
- C:\Windows\System\kpxKSRC.exe
  C:\Windows\System\kpxKSRC.exe
  2⤵
  PID:2812
- C:\Windows\System\QhhqjgO.exe
  C:\Windows\System\QhhqjgO.exe
  2⤵
  PID:2844
- C:\Windows\System\GhBxkYB.exe
  C:\Windows\System\GhBxkYB.exe
  2⤵
  PID:2004
- C:\Windows\System\rahoRjf.exe
  C:\Windows\System\rahoRjf.exe
  2⤵
  PID:1836
- C:\Windows\System\MxSLAPv.exe
  C:\Windows\System\MxSLAPv.exe
  2⤵
  PID:476
- C:\Windows\System\mearqhe.exe
  C:\Windows\System\mearqhe.exe
  2⤵
  PID:692
- C:\Windows\System\fbWnEOB.exe
  C:\Windows\System\fbWnEOB.exe
  2⤵
  PID:1600
- C:\Windows\System\khNzocr.exe
  C:\Windows\System\khNzocr.exe
  2⤵
  PID:880
- C:\Windows\System\AFKFQOZ.exe
  C:\Windows\System\AFKFQOZ.exe
  2⤵
  PID:2956
- C:\Windows\System\tHkHGCa.exe
  C:\Windows\System\tHkHGCa.exe
  2⤵
  PID:1540
- C:\Windows\System\MJXoXmO.exe
  C:\Windows\System\MJXoXmO.exe
  2⤵
  PID:896
- C:\Windows\System\rqkQkCN.exe
  C:\Windows\System\rqkQkCN.exe
  2⤵
  PID:2264
- C:\Windows\System\DcqFPyk.exe
  C:\Windows\System\DcqFPyk.exe
  2⤵
  PID:2512
- C:\Windows\System\cvmVikU.exe
  C:\Windows\System\cvmVikU.exe
  2⤵
  PID:2548
- C:\Windows\System\OkuwMyg.exe
  C:\Windows\System\OkuwMyg.exe
  2⤵
  PID:1908
- C:\Windows\System\UXXvLSM.exe
  C:\Windows\System\UXXvLSM.exe
  2⤵
  PID:1680
- C:\Windows\System\rewsUIZ.exe
  C:\Windows\System\rewsUIZ.exe
  2⤵
  PID:2792
- C:\Windows\System\MPvsaCr.exe
  C:\Windows\System\MPvsaCr.exe
  2⤵
  PID:2292
- C:\Windows\System\RXjuOQQ.exe
  C:\Windows\System\RXjuOQQ.exe
  2⤵
  PID:2640
- C:\Windows\System\EYRbzpB.exe
  C:\Windows\System\EYRbzpB.exe
  2⤵
  PID:1388
- C:\Windows\System\QABWeFL.exe
  C:\Windows\System\QABWeFL.exe
  2⤵
  PID:1428
- C:\Windows\System\DTJfkXe.exe
  C:\Windows\System\DTJfkXe.exe
  2⤵
  PID:3080
- C:\Windows\System\oRjRPBw.exe
  C:\Windows\System\oRjRPBw.exe
  2⤵
  PID:3096
- C:\Windows\System\tfaOcko.exe
  C:\Windows\System\tfaOcko.exe
  2⤵
  PID:3116
- C:\Windows\System\PAFFTBb.exe
  C:\Windows\System\PAFFTBb.exe
  2⤵
  PID:3140
- C:\Windows\System\meLEYHR.exe
  C:\Windows\System\meLEYHR.exe
  2⤵
  PID:3160
- C:\Windows\System\pMmmhnE.exe
  C:\Windows\System\pMmmhnE.exe
  2⤵
  PID:3180
- C:\Windows\System\TEcSKog.exe
  C:\Windows\System\TEcSKog.exe
  2⤵
  PID:3200
- C:\Windows\System\sTStypv.exe
  C:\Windows\System\sTStypv.exe
  2⤵
  PID:3220
- C:\Windows\System\CVxYwWM.exe
  C:\Windows\System\CVxYwWM.exe
  2⤵
  PID:3240
- C:\Windows\System\XRRxVqT.exe
  C:\Windows\System\XRRxVqT.exe
  2⤵
  PID:3256
- C:\Windows\System\eVrDPQp.exe
  C:\Windows\System\eVrDPQp.exe
  2⤵
  PID:3280
- C:\Windows\System\qzaLHbO.exe
  C:\Windows\System\qzaLHbO.exe
  2⤵
  PID:3300
- C:\Windows\System\wmDquOQ.exe
  C:\Windows\System\wmDquOQ.exe
  2⤵
  PID:3320
- C:\Windows\System\HeMKSUQ.exe
  C:\Windows\System\HeMKSUQ.exe
  2⤵
  PID:3340
- C:\Windows\System\TOrdbVg.exe
  C:\Windows\System\TOrdbVg.exe
  2⤵
  PID:3360
- C:\Windows\System\aucEheF.exe
  C:\Windows\System\aucEheF.exe
  2⤵
  PID:3380
- C:\Windows\System\yAGBwfp.exe
  C:\Windows\System\yAGBwfp.exe
  2⤵
  PID:3400
- C:\Windows\System\qJmUNwB.exe
  C:\Windows\System\qJmUNwB.exe
  2⤵
  PID:3420
- C:\Windows\System\bxtqVqG.exe
  C:\Windows\System\bxtqVqG.exe
  2⤵
  PID:3440
- C:\Windows\System\IKNLTHl.exe
  C:\Windows\System\IKNLTHl.exe
  2⤵
  PID:3460
- C:\Windows\System\TUqZNEY.exe
  C:\Windows\System\TUqZNEY.exe
  2⤵
  PID:3480
- C:\Windows\System\CtfmmKh.exe
  C:\Windows\System\CtfmmKh.exe
  2⤵
  PID:3496
- C:\Windows\System\gaRkjTu.exe
  C:\Windows\System\gaRkjTu.exe
  2⤵
  PID:3520
- C:\Windows\System\qMYdLBJ.exe
  C:\Windows\System\qMYdLBJ.exe
  2⤵
  PID:3540
- C:\Windows\System\GemncNz.exe
  C:\Windows\System\GemncNz.exe
  2⤵
  PID:3564
- C:\Windows\System\rjKTDBk.exe
  C:\Windows\System\rjKTDBk.exe
  2⤵
  PID:3584
- C:\Windows\System\DVNmClZ.exe
  C:\Windows\System\DVNmClZ.exe
  2⤵
  PID:3604
- C:\Windows\System\xtkoNzj.exe
  C:\Windows\System\xtkoNzj.exe
  2⤵
  PID:3620
- C:\Windows\System\uLtkdbp.exe
  C:\Windows\System\uLtkdbp.exe
  2⤵
  PID:3640
- C:\Windows\System\baoJdBw.exe
  C:\Windows\System\baoJdBw.exe
  2⤵
  PID:3660
- C:\Windows\System\FekkXkC.exe
  C:\Windows\System\FekkXkC.exe
  2⤵
  PID:3684
- C:\Windows\System\JTDsZFH.exe
  C:\Windows\System\JTDsZFH.exe
  2⤵
  PID:3704
- C:\Windows\System\WXOSUXQ.exe
  C:\Windows\System\WXOSUXQ.exe
  2⤵
  PID:3724
- C:\Windows\System\eZOWPVa.exe
  C:\Windows\System\eZOWPVa.exe
  2⤵
  PID:3740
- C:\Windows\System\HIbZUSf.exe
  C:\Windows\System\HIbZUSf.exe
  2⤵
  PID:3764
- C:\Windows\System\dPCGwUT.exe
  C:\Windows\System\dPCGwUT.exe
  2⤵
  PID:3784
- C:\Windows\System\saNufvN.exe
  C:\Windows\System\saNufvN.exe
  2⤵
  PID:3804
- C:\Windows\System\WeeMlkN.exe
  C:\Windows\System\WeeMlkN.exe
  2⤵
  PID:3820
- C:\Windows\System\CYTXfsq.exe
  C:\Windows\System\CYTXfsq.exe
  2⤵
  PID:3840
- C:\Windows\System\uvENgbX.exe
  C:\Windows\System\uvENgbX.exe
  2⤵
  PID:3864
- C:\Windows\System\bgRtBiF.exe
  C:\Windows\System\bgRtBiF.exe
  2⤵
  PID:3884
- C:\Windows\System\zZKTfxY.exe
  C:\Windows\System\zZKTfxY.exe
  2⤵
  PID:3904
- C:\Windows\System\gAFvRfw.exe
  C:\Windows\System\gAFvRfw.exe
  2⤵
  PID:3924
- C:\Windows\System\pCOzhQT.exe
  C:\Windows\System\pCOzhQT.exe
  2⤵
  PID:3944
- C:\Windows\System\IAaxUtW.exe
  C:\Windows\System\IAaxUtW.exe
  2⤵
  PID:3964
- C:\Windows\System\VdXsqQb.exe
  C:\Windows\System\VdXsqQb.exe
  2⤵
  PID:3984
- C:\Windows\System\ccNSeHK.exe
  C:\Windows\System\ccNSeHK.exe
  2⤵
  PID:4004
- C:\Windows\System\msTLYfo.exe
  C:\Windows\System\msTLYfo.exe
  2⤵
  PID:4024
- C:\Windows\System\cWKxHEZ.exe
  C:\Windows\System\cWKxHEZ.exe
  2⤵
  PID:4044
- C:\Windows\System\yjPkntb.exe
  C:\Windows\System\yjPkntb.exe
  2⤵
  PID:4064
- C:\Windows\System\KQYuOaR.exe
  C:\Windows\System\KQYuOaR.exe
  2⤵
  PID:4084
- C:\Windows\System\xJMdXXa.exe
  C:\Windows\System\xJMdXXa.exe
  2⤵
  PID:2272
- C:\Windows\System\oloJEet.exe
  C:\Windows\System\oloJEet.exe
  2⤵
  PID:2116
- C:\Windows\System\EryjwzA.exe
  C:\Windows\System\EryjwzA.exe
  2⤵
  PID:1196
- C:\Windows\System\CfXEDQR.exe
  C:\Windows\System\CfXEDQR.exe
  2⤵
  PID:756
- C:\Windows\System\IVUhprx.exe
  C:\Windows\System\IVUhprx.exe
  2⤵
  PID:2376
- C:\Windows\System\lwpuyMB.exe
  C:\Windows\System\lwpuyMB.exe
  2⤵
  PID:3040
- C:\Windows\System\dasuGSY.exe
  C:\Windows\System\dasuGSY.exe
  2⤵
  PID:2432
- C:\Windows\System\IrsMPhH.exe
  C:\Windows\System\IrsMPhH.exe
  2⤵
  PID:1564
- C:\Windows\System\VvVAcHy.exe
  C:\Windows\System\VvVAcHy.exe
  2⤵
  PID:2680
- C:\Windows\System\PuAGfei.exe
  C:\Windows\System\PuAGfei.exe
  2⤵
  PID:2760
- C:\Windows\System\ntPCEQh.exe
  C:\Windows\System\ntPCEQh.exe
  2⤵
  PID:3104
- C:\Windows\System\eYKNHFq.exe
  C:\Windows\System\eYKNHFq.exe
  2⤵
  PID:3124
- C:\Windows\System\hUPqMxC.exe
  C:\Windows\System\hUPqMxC.exe
  2⤵
  PID:3132
- C:\Windows\System\NipShXa.exe
  C:\Windows\System\NipShXa.exe
  2⤵
  PID:3188
- C:\Windows\System\oxzFjje.exe
  C:\Windows\System\oxzFjje.exe
  2⤵
  PID:3228
- C:\Windows\System\cmOHERE.exe
  C:\Windows\System\cmOHERE.exe
  2⤵
  PID:3216
- C:\Windows\System\OpdNNYi.exe
  C:\Windows\System\OpdNNYi.exe
  2⤵
  PID:3252
- C:\Windows\System\kURAhIz.exe
  C:\Windows\System\kURAhIz.exe
  2⤵
  PID:3288
- C:\Windows\System\MfCMsDU.exe
  C:\Windows\System\MfCMsDU.exe
  2⤵
  PID:3328
- C:\Windows\System\RsNnJEX.exe
  C:\Windows\System\RsNnJEX.exe
  2⤵
  PID:3388
- C:\Windows\System\UuHlkrn.exe
  C:\Windows\System\UuHlkrn.exe
  2⤵
  PID:3372
- C:\Windows\System\LgHxheg.exe
  C:\Windows\System\LgHxheg.exe
  2⤵
  PID:3412
- C:\Windows\System\BjNlTcP.exe
  C:\Windows\System\BjNlTcP.exe
  2⤵
  PID:3456
- C:\Windows\System\FoKfquy.exe
  C:\Windows\System\FoKfquy.exe
  2⤵
  PID:3492
- C:\Windows\System\HUVdPfn.exe
  C:\Windows\System\HUVdPfn.exe
  2⤵
  PID:3560
- C:\Windows\System\FjucuzR.exe
  C:\Windows\System\FjucuzR.exe
  2⤵
  PID:3596
- C:\Windows\System\qfFgzqi.exe
  C:\Windows\System\qfFgzqi.exe
  2⤵
  PID:3636
- C:\Windows\System\efTOjUQ.exe
  C:\Windows\System\efTOjUQ.exe
  2⤵
  PID:3672
- C:\Windows\System\cpHxRSU.exe
  C:\Windows\System\cpHxRSU.exe
  2⤵
  PID:3656
- C:\Windows\System\rbLvQWH.exe
  C:\Windows\System\rbLvQWH.exe
  2⤵
  PID:3716
- C:\Windows\System\ovcoTeQ.exe
  C:\Windows\System\ovcoTeQ.exe
  2⤵
  PID:3760
- C:\Windows\System\ShHLNck.exe
  C:\Windows\System\ShHLNck.exe
  2⤵
  PID:3780
- C:\Windows\System\bAYOhYf.exe
  C:\Windows\System\bAYOhYf.exe
  2⤵
  PID:3836
- C:\Windows\System\OncQjSP.exe
  C:\Windows\System\OncQjSP.exe
  2⤵
  PID:3816
- C:\Windows\System\KHnhWQV.exe
  C:\Windows\System\KHnhWQV.exe
  2⤵
  PID:3912
- C:\Windows\System\qjyczPm.exe
  C:\Windows\System\qjyczPm.exe
  2⤵
  PID:3952
- C:\Windows\System\YuCzWpP.exe
  C:\Windows\System\YuCzWpP.exe
  2⤵
  PID:3956
- C:\Windows\System\AtQlOzs.exe
  C:\Windows\System\AtQlOzs.exe
  2⤵
  PID:3936
- C:\Windows\System\iuObiao.exe
  C:\Windows\System\iuObiao.exe
  2⤵
  PID:4020
- C:\Windows\System\WoMvLQq.exe
  C:\Windows\System\WoMvLQq.exe
  2⤵
  PID:4072
- C:\Windows\System\TnXtaHQ.exe
  C:\Windows\System\TnXtaHQ.exe
  2⤵
  PID:4060
- C:\Windows\System\rJuptWu.exe
  C:\Windows\System\rJuptWu.exe
  2⤵
  PID:2108
- C:\Windows\System\CJbWirl.exe
  C:\Windows\System\CJbWirl.exe
  2⤵
  PID:1528
- C:\Windows\System\aSZxOMo.exe
  C:\Windows\System\aSZxOMo.exe
  2⤵
  PID:348
- C:\Windows\System\FDvEXBE.exe
  C:\Windows\System\FDvEXBE.exe
  2⤵
  PID:2420
- C:\Windows\System\fyCdqby.exe
  C:\Windows\System\fyCdqby.exe
  2⤵
  PID:2596
- C:\Windows\System\wlmpmmg.exe
  C:\Windows\System\wlmpmmg.exe
  2⤵
  PID:3108
- C:\Windows\System\HUGICKH.exe
  C:\Windows\System\HUGICKH.exe
  2⤵
  PID:3076
- C:\Windows\System\ijWxVSD.exe
  C:\Windows\System\ijWxVSD.exe
  2⤵
  PID:3092
- C:\Windows\System\qIiqliT.exe
  C:\Windows\System\qIiqliT.exe
  2⤵
  PID:3176
- C:\Windows\System\UwEKRlE.exe
  C:\Windows\System\UwEKRlE.exe
  2⤵
  PID:3316
- C:\Windows\System\TBPBPCw.exe
  C:\Windows\System\TBPBPCw.exe
  2⤵
  PID:3352
- C:\Windows\System\nLFXEXv.exe
  C:\Windows\System\nLFXEXv.exe
  2⤵
  PID:3432
- C:\Windows\System\xFGYrgF.exe
  C:\Windows\System\xFGYrgF.exe
  2⤵
  PID:3376
- C:\Windows\System\hfFERIz.exe
  C:\Windows\System\hfFERIz.exe
  2⤵
  PID:3512
- C:\Windows\System\tTmbgBD.exe
  C:\Windows\System\tTmbgBD.exe
  2⤵
  PID:3572
- C:\Windows\System\evAuBSy.exe
  C:\Windows\System\evAuBSy.exe
  2⤵
  PID:3628
- C:\Windows\System\mYdyDBY.exe
  C:\Windows\System\mYdyDBY.exe
  2⤵
  PID:3720
- C:\Windows\System\FoHMYpe.exe
  C:\Windows\System\FoHMYpe.exe
  2⤵
  PID:3772
- C:\Windows\System\tEFyVCr.exe
  C:\Windows\System\tEFyVCr.exe
  2⤵
  PID:3696
- C:\Windows\System\jqXsrcO.exe
  C:\Windows\System\jqXsrcO.exe
  2⤵
  PID:3828
- C:\Windows\System\vckvjrq.exe
  C:\Windows\System\vckvjrq.exe
  2⤵
  PID:3856
- C:\Windows\System\apQncPP.exe
  C:\Windows\System\apQncPP.exe
  2⤵
  PID:3940
- C:\Windows\System\iBCRcOY.exe
  C:\Windows\System\iBCRcOY.exe
  2⤵
  PID:4040
- C:\Windows\System\mFYKUYp.exe
  C:\Windows\System\mFYKUYp.exe
  2⤵
  PID:4012
- C:\Windows\System\TFgtLoU.exe
  C:\Windows\System\TFgtLoU.exe
  2⤵
  PID:4052
- C:\Windows\System\GJjOoRy.exe
  C:\Windows\System\GJjOoRy.exe
  2⤵
  PID:1040
- C:\Windows\System\seKSZOg.exe
  C:\Windows\System\seKSZOg.exe
  2⤵
  PID:1656
- C:\Windows\System\aVRZjeS.exe
  C:\Windows\System\aVRZjeS.exe
  2⤵
  PID:1952
- C:\Windows\System\XwiSCUm.exe
  C:\Windows\System\XwiSCUm.exe
  2⤵
  PID:3088
- C:\Windows\System\nCLiKpc.exe
  C:\Windows\System\nCLiKpc.exe
  2⤵
  PID:3168
- C:\Windows\System\ONMNgti.exe
  C:\Windows\System\ONMNgti.exe
  2⤵
  PID:3248
- C:\Windows\System\PCDnKlm.exe
  C:\Windows\System\PCDnKlm.exe
  2⤵
  PID:3356
- C:\Windows\System\ezmpGko.exe
  C:\Windows\System\ezmpGko.exe
  2⤵
  PID:2808
- C:\Windows\System\PiyGGZL.exe
  C:\Windows\System\PiyGGZL.exe
  2⤵
  PID:2868
- C:\Windows\System\sSzisVV.exe
  C:\Windows\System\sSzisVV.exe
  2⤵
  PID:3612
- C:\Windows\System\MjhqzZy.exe
  C:\Windows\System\MjhqzZy.exe
  2⤵
  PID:3756
- C:\Windows\System\RLqZaze.exe
  C:\Windows\System\RLqZaze.exe
  2⤵
  PID:3916
- C:\Windows\System\DfsWwra.exe
  C:\Windows\System\DfsWwra.exe
  2⤵
  PID:2712
- C:\Windows\System\NjUwrXc.exe
  C:\Windows\System\NjUwrXc.exe
  2⤵
  PID:4032
- C:\Windows\System\NIxHsBf.exe
  C:\Windows\System\NIxHsBf.exe
  2⤵
  PID:3880
- C:\Windows\System\iSfdYNw.exe
  C:\Windows\System\iSfdYNw.exe
  2⤵
  PID:344
- C:\Windows\System\xBWacxc.exe
  C:\Windows\System\xBWacxc.exe
  2⤵
  PID:576
- C:\Windows\System\CGXaSzd.exe
  C:\Windows\System\CGXaSzd.exe
  2⤵
  PID:2440
- C:\Windows\System\CLvRtar.exe
  C:\Windows\System\CLvRtar.exe
  2⤵
  PID:4104
- C:\Windows\System\xHKhRqt.exe
  C:\Windows\System\xHKhRqt.exe
  2⤵
  PID:4124
- C:\Windows\System\rGxXqNB.exe
  C:\Windows\System\rGxXqNB.exe
  2⤵
  PID:4144
- C:\Windows\System\RXQvCdA.exe
  C:\Windows\System\RXQvCdA.exe
  2⤵
  PID:4164
- C:\Windows\System\kCxhIHZ.exe
  C:\Windows\System\kCxhIHZ.exe
  2⤵
  PID:4184
- C:\Windows\System\FuogACg.exe
  C:\Windows\System\FuogACg.exe
  2⤵
  PID:4204
- C:\Windows\System\vsUFruR.exe
  C:\Windows\System\vsUFruR.exe
  2⤵
  PID:4224
- C:\Windows\System\UVjRlrf.exe
  C:\Windows\System\UVjRlrf.exe
  2⤵
  PID:4244
- C:\Windows\System\PenZQsg.exe
  C:\Windows\System\PenZQsg.exe
  2⤵
  PID:4260
- C:\Windows\System\pxaBsWV.exe
  C:\Windows\System\pxaBsWV.exe
  2⤵
  PID:4280
- C:\Windows\System\tTxqeny.exe
  C:\Windows\System\tTxqeny.exe
  2⤵
  PID:4304
- C:\Windows\System\KclskWA.exe
  C:\Windows\System\KclskWA.exe
  2⤵
  PID:4324
- C:\Windows\System\OsoSpgA.exe
  C:\Windows\System\OsoSpgA.exe
  2⤵
  PID:4344
- C:\Windows\System\dnzojiA.exe
  C:\Windows\System\dnzojiA.exe
  2⤵
  PID:4364
- C:\Windows\System\OIqkWDO.exe
  C:\Windows\System\OIqkWDO.exe
  2⤵
  PID:4384
- C:\Windows\System\gKwvFZI.exe
  C:\Windows\System\gKwvFZI.exe
  2⤵
  PID:4404
- C:\Windows\System\DATVCac.exe
  C:\Windows\System\DATVCac.exe
  2⤵
  PID:4424
- C:\Windows\System\ffIgkKB.exe
  C:\Windows\System\ffIgkKB.exe
  2⤵
  PID:4444
- C:\Windows\System\UemAXXP.exe
  C:\Windows\System\UemAXXP.exe
  2⤵
  PID:4464
- C:\Windows\System\HVtQPkI.exe
  C:\Windows\System\HVtQPkI.exe
  2⤵
  PID:4484
- C:\Windows\System\BWHRArj.exe
  C:\Windows\System\BWHRArj.exe
  2⤵
  PID:4504
- C:\Windows\System\EIgQbhV.exe
  C:\Windows\System\EIgQbhV.exe
  2⤵
  PID:4524
- C:\Windows\System\CQBAefD.exe
  C:\Windows\System\CQBAefD.exe
  2⤵
  PID:4544
- C:\Windows\System\WuDEmos.exe
  C:\Windows\System\WuDEmos.exe
  2⤵
  PID:4564
- C:\Windows\System\HlNYKST.exe
  C:\Windows\System\HlNYKST.exe
  2⤵
  PID:4584
- C:\Windows\System\KvdoHMB.exe
  C:\Windows\System\KvdoHMB.exe
  2⤵
  PID:4604
- C:\Windows\System\BZvBBiS.exe
  C:\Windows\System\BZvBBiS.exe
  2⤵
  PID:4628
- C:\Windows\System\xvIzPPg.exe
  C:\Windows\System\xvIzPPg.exe
  2⤵
  PID:4648
- C:\Windows\System\HVLfHvV.exe
  C:\Windows\System\HVLfHvV.exe
  2⤵
  PID:4664
- C:\Windows\System\gHGsZAr.exe
  C:\Windows\System\gHGsZAr.exe
  2⤵
  PID:4684
- C:\Windows\System\nyIsIzP.exe
  C:\Windows\System\nyIsIzP.exe
  2⤵
  PID:4704
- C:\Windows\System\MTzykCV.exe
  C:\Windows\System\MTzykCV.exe
  2⤵
  PID:4724
- C:\Windows\System\FrwZfdI.exe
  C:\Windows\System\FrwZfdI.exe
  2⤵
  PID:4744
- C:\Windows\System\opRmRre.exe
  C:\Windows\System\opRmRre.exe
  2⤵
  PID:4768
- C:\Windows\System\WznHlTE.exe
  C:\Windows\System\WznHlTE.exe
  2⤵
  PID:4788
- C:\Windows\System\dSonjVH.exe
  C:\Windows\System\dSonjVH.exe
  2⤵
  PID:4808
- C:\Windows\System\itqnTXw.exe
  C:\Windows\System\itqnTXw.exe
  2⤵
  PID:4828
- C:\Windows\System\NRQejsN.exe
  C:\Windows\System\NRQejsN.exe
  2⤵
  PID:4848
- C:\Windows\System\GvFganF.exe
  C:\Windows\System\GvFganF.exe
  2⤵
  PID:4868
- C:\Windows\System\koWESgH.exe
  C:\Windows\System\koWESgH.exe
  2⤵
  PID:4888
- C:\Windows\System\hHxFGOg.exe
  C:\Windows\System\hHxFGOg.exe
  2⤵
  PID:4908
- C:\Windows\System\gqRJTEi.exe
  C:\Windows\System\gqRJTEi.exe
  2⤵
  PID:4928
- C:\Windows\System\VLfsuIK.exe
  C:\Windows\System\VLfsuIK.exe
  2⤵
  PID:4944
- C:\Windows\System\XmrIlnY.exe
  C:\Windows\System\XmrIlnY.exe
  2⤵
  PID:4968
- C:\Windows\System\nDcibkL.exe
  C:\Windows\System\nDcibkL.exe
  2⤵
  PID:4988
- C:\Windows\System\WhRbwat.exe
  C:\Windows\System\WhRbwat.exe
  2⤵
  PID:5008
- C:\Windows\System\WlzlMhB.exe
  C:\Windows\System\WlzlMhB.exe
  2⤵
  PID:5028
- C:\Windows\System\SlzivCq.exe
  C:\Windows\System\SlzivCq.exe
  2⤵
  PID:5048
- C:\Windows\System\jEFJgOB.exe
  C:\Windows\System\jEFJgOB.exe
  2⤵
  PID:5068
- C:\Windows\System\AQqPimo.exe
  C:\Windows\System\AQqPimo.exe
  2⤵
  PID:5088
- C:\Windows\System\lzGZAEW.exe
  C:\Windows\System\lzGZAEW.exe
  2⤵
  PID:5108
- C:\Windows\System\KaLJkea.exe
  C:\Windows\System\KaLJkea.exe
  2⤵
  PID:3396
- C:\Windows\System\oddPdmN.exe
  C:\Windows\System\oddPdmN.exe
  2⤵
  PID:3448
- C:\Windows\System\gUkfjOg.exe
  C:\Windows\System\gUkfjOg.exe
  2⤵
  PID:3712
- C:\Windows\System\kiHOQgy.exe
  C:\Windows\System\kiHOQgy.exe
  2⤵
  PID:3752
- C:\Windows\System\mBZwIAa.exe
  C:\Windows\System\mBZwIAa.exe
  2⤵
  PID:3848
- C:\Windows\System\llNGYre.exe
  C:\Windows\System\llNGYre.exe
  2⤵
  PID:4092
- C:\Windows\System\ycvczxX.exe
  C:\Windows\System\ycvczxX.exe
  2⤵
  PID:1964
- C:\Windows\System\SOheCrw.exe
  C:\Windows\System\SOheCrw.exe
  2⤵
  PID:1056
- C:\Windows\System\sLxpOGt.exe
  C:\Windows\System\sLxpOGt.exe
  2⤵
  PID:3212
- C:\Windows\System\vlOndmD.exe
  C:\Windows\System\vlOndmD.exe
  2⤵
  PID:4160
- C:\Windows\System\feKwgBQ.exe
  C:\Windows\System\feKwgBQ.exe
  2⤵
  PID:4172
- C:\Windows\System\rDHEngm.exe
  C:\Windows\System\rDHEngm.exe
  2⤵
  PID:4196
- C:\Windows\System\SpiYkFN.exe
  C:\Windows\System\SpiYkFN.exe
  2⤵
  PID:4216
- C:\Windows\System\FoFVKeN.exe
  C:\Windows\System\FoFVKeN.exe
  2⤵
  PID:4288
- C:\Windows\System\VYFiwMC.exe
  C:\Windows\System\VYFiwMC.exe
  2⤵
  PID:4316
- C:\Windows\System\YiyPTBC.exe
  C:\Windows\System\YiyPTBC.exe
  2⤵
  PID:4340
- C:\Windows\System\DNkfAxm.exe
  C:\Windows\System\DNkfAxm.exe
  2⤵
  PID:4392
- C:\Windows\System\AhmUXmX.exe
  C:\Windows\System\AhmUXmX.exe
  2⤵
  PID:4432
- C:\Windows\System\qqsyHhK.exe
  C:\Windows\System\qqsyHhK.exe
  2⤵
  PID:4412
- C:\Windows\System\qQyrqCR.exe
  C:\Windows\System\qQyrqCR.exe
  2⤵
  PID:4476
- C:\Windows\System\KEIOJdg.exe
  C:\Windows\System\KEIOJdg.exe
  2⤵
  PID:4492
- C:\Windows\System\wPnOvbB.exe
  C:\Windows\System\wPnOvbB.exe
  2⤵
  PID:4516
- C:\Windows\System\tjEnMUQ.exe
  C:\Windows\System\tjEnMUQ.exe
  2⤵
  PID:4540
- C:\Windows\System\yEEOvUf.exe
  C:\Windows\System\yEEOvUf.exe
  2⤵
  PID:4580
- C:\Windows\System\QiUZPec.exe
  C:\Windows\System\QiUZPec.exe
  2⤵
  PID:4624
- C:\Windows\System\EkcxODL.exe
  C:\Windows\System\EkcxODL.exe
  2⤵
  PID:4616
- C:\Windows\System\vQyjJJl.exe
  C:\Windows\System\vQyjJJl.exe
  2⤵
  PID:4712
- C:\Windows\System\REPLerw.exe
  C:\Windows\System\REPLerw.exe
  2⤵
  PID:4700
- C:\Windows\System\FyeooHt.exe
  C:\Windows\System\FyeooHt.exe
  2⤵
  PID:4732
- C:\Windows\System\gFOjNFj.exe
  C:\Windows\System\gFOjNFj.exe
  2⤵
  PID:4804
- C:\Windows\System\oMLnFGk.exe
  C:\Windows\System\oMLnFGk.exe
  2⤵
  PID:2848
- C:\Windows\System\ugcsVPt.exe
  C:\Windows\System\ugcsVPt.exe
  2⤵
  PID:4824
- C:\Windows\System\mOdZypu.exe
  C:\Windows\System\mOdZypu.exe
  2⤵
  PID:4860
- C:\Windows\System\OvwGtJZ.exe
  C:\Windows\System\OvwGtJZ.exe
  2⤵
  PID:4924
- C:\Windows\System\QsCZTCz.exe
  C:\Windows\System\QsCZTCz.exe
  2⤵
  PID:4952
- C:\Windows\System\YOeGZsa.exe
  C:\Windows\System\YOeGZsa.exe
  2⤵
  PID:4960
- C:\Windows\System\KHZuUCT.exe
  C:\Windows\System\KHZuUCT.exe
  2⤵
  PID:5000
- C:\Windows\System\uWPLjwt.exe
  C:\Windows\System\uWPLjwt.exe
  2⤵
  PID:5024
- C:\Windows\System\WfTPcbg.exe
  C:\Windows\System\WfTPcbg.exe
  2⤵
  PID:3032
- C:\Windows\System\CipwLFO.exe
  C:\Windows\System\CipwLFO.exe
  2⤵
  PID:5080
- C:\Windows\System\VBkCsIZ.exe
  C:\Windows\System\VBkCsIZ.exe
  2⤵
  PID:5100
- C:\Windows\System\jMomfHO.exe
  C:\Windows\System\jMomfHO.exe
  2⤵
  PID:3276
- C:\Windows\System\dYQhOOa.exe
  C:\Windows\System\dYQhOOa.exe
  2⤵
  PID:3792
- C:\Windows\System\kjXnHXK.exe
  C:\Windows\System\kjXnHXK.exe
  2⤵
  PID:1740
- C:\Windows\System\ZSDkzal.exe
  C:\Windows\System\ZSDkzal.exe
  2⤵
  PID:3976
- C:\Windows\System\ulCzOcu.exe
  C:\Windows\System\ulCzOcu.exe
  2⤵
  PID:4112
- C:\Windows\System\oIvyyws.exe
  C:\Windows\System\oIvyyws.exe
  2⤵
  PID:4132
- C:\Windows\System\brbIXZk.exe
  C:\Windows\System\brbIXZk.exe
  2⤵
  PID:4240
- C:\Windows\System\abebmBk.exe
  C:\Windows\System\abebmBk.exe
  2⤵
  PID:4276
- C:\Windows\System\KRxyjTV.exe
  C:\Windows\System\KRxyjTV.exe
  2⤵
  PID:4296
- C:\Windows\System\TvMLhWE.exe
  C:\Windows\System\TvMLhWE.exe
  2⤵
  PID:4356
- C:\Windows\System\SISEMmB.exe
  C:\Windows\System\SISEMmB.exe
  2⤵
  PID:2720
- C:\Windows\System\MuvQhha.exe
  C:\Windows\System\MuvQhha.exe
  2⤵
  PID:4460
- C:\Windows\System\tbGWNab.exe
  C:\Windows\System\tbGWNab.exe
  2⤵
  PID:4520
- C:\Windows\System\LngMrCY.exe
  C:\Windows\System\LngMrCY.exe
  2⤵
  PID:4572
- C:\Windows\System\XzRzqHg.exe
  C:\Windows\System\XzRzqHg.exe
  2⤵
  PID:4644
- C:\Windows\System\qySvmho.exe
  C:\Windows\System\qySvmho.exe
  2⤵
  PID:4656
- C:\Windows\System\LSMEbrM.exe
  C:\Windows\System\LSMEbrM.exe
  2⤵
  PID:4756
- C:\Windows\System\sjSbWTM.exe
  C:\Windows\System\sjSbWTM.exe
  2⤵
  PID:4796
- C:\Windows\System\vxaBIhd.exe
  C:\Windows\System\vxaBIhd.exe
  2⤵
  PID:4776
- C:\Windows\System\PmjAghm.exe
  C:\Windows\System\PmjAghm.exe
  2⤵
  PID:4876
- C:\Windows\System\wucdNbr.exe
  C:\Windows\System\wucdNbr.exe
  2⤵
  PID:4896
- C:\Windows\System\yXcgZIv.exe
  C:\Windows\System\yXcgZIv.exe
  2⤵
  PID:4940
- C:\Windows\System\PxBGjZf.exe
  C:\Windows\System\PxBGjZf.exe
  2⤵
  PID:5016
- C:\Windows\System\riEeTvX.exe
  C:\Windows\System\riEeTvX.exe
  2⤵
  PID:3024
- C:\Windows\System\Ruciviv.exe
  C:\Windows\System\Ruciviv.exe
  2⤵
  PID:3152
- C:\Windows\System\aPnnuoP.exe
  C:\Windows\System\aPnnuoP.exe
  2⤵
  PID:3368
- C:\Windows\System\LqrqlbR.exe
  C:\Windows\System\LqrqlbR.exe
  2⤵
  PID:3900
- C:\Windows\System\AdwdEem.exe
  C:\Windows\System\AdwdEem.exe
  2⤵
  PID:1936
- C:\Windows\System\DGThKOz.exe
  C:\Windows\System\DGThKOz.exe
  2⤵
  PID:4140
- C:\Windows\System\FIGDQko.exe
  C:\Windows\System\FIGDQko.exe
  2⤵
  PID:4252
- C:\Windows\System\oyjsfqm.exe
  C:\Windows\System\oyjsfqm.exe
  2⤵
  PID:4256
- C:\Windows\System\IDtWBmf.exe
  C:\Windows\System\IDtWBmf.exe
  2⤵
  PID:4472
- C:\Windows\System\pSAaEFJ.exe
  C:\Windows\System\pSAaEFJ.exe
  2⤵
  PID:5132
- C:\Windows\System\pzuiyTC.exe
  C:\Windows\System\pzuiyTC.exe
  2⤵
  PID:5152
- C:\Windows\System\OjYjBMw.exe
  C:\Windows\System\OjYjBMw.exe
  2⤵
  PID:5172
- C:\Windows\System\ThNrHmA.exe
  C:\Windows\System\ThNrHmA.exe
  2⤵
  PID:5192
- C:\Windows\System\qBaeXPv.exe
  C:\Windows\System\qBaeXPv.exe
  2⤵
  PID:5212
- C:\Windows\System\akmEfHE.exe
  C:\Windows\System\akmEfHE.exe
  2⤵
  PID:5232
- C:\Windows\System\oPUZiZl.exe
  C:\Windows\System\oPUZiZl.exe
  2⤵
  PID:5252
- C:\Windows\System\LPXnHmd.exe
  C:\Windows\System\LPXnHmd.exe
  2⤵
  PID:5272
- C:\Windows\System\QZroszr.exe
  C:\Windows\System\QZroszr.exe
  2⤵
  PID:5292
- C:\Windows\System\BmoLgDr.exe
  C:\Windows\System\BmoLgDr.exe
  2⤵
  PID:5312
- C:\Windows\System\CnCGisB.exe
  C:\Windows\System\CnCGisB.exe
  2⤵
  PID:5332
- C:\Windows\System\ntqVaWc.exe
  C:\Windows\System\ntqVaWc.exe
  2⤵
  PID:5352
- C:\Windows\System\DrNjZHq.exe
  C:\Windows\System\DrNjZHq.exe
  2⤵
  PID:5372
- C:\Windows\System\GDVyEWk.exe
  C:\Windows\System\GDVyEWk.exe
  2⤵
  PID:5392
- C:\Windows\System\mmfMCjF.exe
  C:\Windows\System\mmfMCjF.exe
  2⤵
  PID:5412
- C:\Windows\System\cEHmmmc.exe
  C:\Windows\System\cEHmmmc.exe
  2⤵
  PID:5432
- C:\Windows\System\uRpCNmS.exe
  C:\Windows\System\uRpCNmS.exe
  2⤵
  PID:5452
- C:\Windows\System\JayQkcH.exe
  C:\Windows\System\JayQkcH.exe
  2⤵
  PID:5472
- C:\Windows\System\ZjvSewm.exe
  C:\Windows\System\ZjvSewm.exe
  2⤵
  PID:5492
- C:\Windows\System\uvqnBEt.exe
  C:\Windows\System\uvqnBEt.exe
  2⤵
  PID:5512
- C:\Windows\System\nBvZwcq.exe
  C:\Windows\System\nBvZwcq.exe
  2⤵
  PID:5532
- C:\Windows\System\zoZKebz.exe
  C:\Windows\System\zoZKebz.exe
  2⤵
  PID:5552
- C:\Windows\System\kOiqpaF.exe
  C:\Windows\System\kOiqpaF.exe
  2⤵
  PID:5572
- C:\Windows\System\SuLiOgZ.exe
  C:\Windows\System\SuLiOgZ.exe
  2⤵
  PID:5592
- C:\Windows\System\KgtmPbi.exe
  C:\Windows\System\KgtmPbi.exe
  2⤵
  PID:5612
- C:\Windows\System\YlWUoLX.exe
  C:\Windows\System\YlWUoLX.exe
  2⤵
  PID:5632
- C:\Windows\System\cCtsseW.exe
  C:\Windows\System\cCtsseW.exe
  2⤵
  PID:5652
- C:\Windows\System\RKIJQIJ.exe
  C:\Windows\System\RKIJQIJ.exe
  2⤵
  PID:5672
- C:\Windows\System\HzyMRrd.exe
  C:\Windows\System\HzyMRrd.exe
  2⤵
  PID:5692
- C:\Windows\System\XOPLcKM.exe
  C:\Windows\System\XOPLcKM.exe
  2⤵
  PID:5712
- C:\Windows\System\ScLBuQQ.exe
  C:\Windows\System\ScLBuQQ.exe
  2⤵
  PID:5732
- C:\Windows\System\yyTpdbm.exe
  C:\Windows\System\yyTpdbm.exe
  2⤵
  PID:5752
- C:\Windows\System\rTenEGG.exe
  C:\Windows\System\rTenEGG.exe
  2⤵
  PID:5772
- C:\Windows\System\mVOXEqs.exe
  C:\Windows\System\mVOXEqs.exe
  2⤵
  PID:5792
- C:\Windows\System\qLNNhHK.exe
  C:\Windows\System\qLNNhHK.exe
  2⤵
  PID:5812
- C:\Windows\System\dbZZIlX.exe
  C:\Windows\System\dbZZIlX.exe
  2⤵
  PID:5832
- C:\Windows\System\ozCNNDw.exe
  C:\Windows\System\ozCNNDw.exe
  2⤵
  PID:5852
- C:\Windows\System\KCfZzlm.exe
  C:\Windows\System\KCfZzlm.exe
  2⤵
  PID:5872
- C:\Windows\System\gNHHXWL.exe
  C:\Windows\System\gNHHXWL.exe
  2⤵
  PID:5892
- C:\Windows\System\kQqXQjp.exe
  C:\Windows\System\kQqXQjp.exe
  2⤵
  PID:5912
- C:\Windows\System\hSwgYCI.exe
  C:\Windows\System\hSwgYCI.exe
  2⤵
  PID:5932
- C:\Windows\System\pXkLZgK.exe
  C:\Windows\System\pXkLZgK.exe
  2⤵
  PID:5952
- C:\Windows\System\XBasNXK.exe
  C:\Windows\System\XBasNXK.exe
  2⤵
  PID:5972
- C:\Windows\System\HxViVCn.exe
  C:\Windows\System\HxViVCn.exe
  2⤵
  PID:5992
- C:\Windows\System\quBXfzm.exe
  C:\Windows\System\quBXfzm.exe
  2⤵
  PID:6012
- C:\Windows\System\zzWqqgB.exe
  C:\Windows\System\zzWqqgB.exe
  2⤵
  PID:6032
- C:\Windows\System\yzVNkfk.exe
  C:\Windows\System\yzVNkfk.exe
  2⤵
  PID:6052
- C:\Windows\System\mkTeisp.exe
  C:\Windows\System\mkTeisp.exe
  2⤵
  PID:6072
- C:\Windows\System\LuxQZJU.exe
  C:\Windows\System\LuxQZJU.exe
  2⤵
  PID:6092
- C:\Windows\System\yKZFqra.exe
  C:\Windows\System\yKZFqra.exe
  2⤵
  PID:6112
- C:\Windows\System\WDLYbTR.exe
  C:\Windows\System\WDLYbTR.exe
  2⤵
  PID:6132
- C:\Windows\System\sXFYSEt.exe
  C:\Windows\System\sXFYSEt.exe
  2⤵
  PID:4560
- C:\Windows\System\sAhppln.exe
  C:\Windows\System\sAhppln.exe
  2⤵
  PID:4672
- C:\Windows\System\FxKWAIS.exe
  C:\Windows\System\FxKWAIS.exe
  2⤵
  PID:4760
- C:\Windows\System\dYBxUSG.exe
  C:\Windows\System\dYBxUSG.exe
  2⤵
  PID:4844
- C:\Windows\System\WuckiXw.exe
  C:\Windows\System\WuckiXw.exe
  2⤵
  PID:4816
- C:\Windows\System\qUkbVxj.exe
  C:\Windows\System\qUkbVxj.exe
  2⤵
  PID:4916
- C:\Windows\System\YyKlCgp.exe
  C:\Windows\System\YyKlCgp.exe
  2⤵
  PID:5004
- C:\Windows\System\DQNuaIJ.exe
  C:\Windows\System\DQNuaIJ.exe
  2⤵
  PID:5036
- C:\Windows\System\FezXnzd.exe
  C:\Windows\System\FezXnzd.exe
  2⤵
  PID:3580
- C:\Windows\System\XaEujZh.exe
  C:\Windows\System\XaEujZh.exe
  2⤵
  PID:3932
- C:\Windows\System\NPwTQsC.exe
  C:\Windows\System\NPwTQsC.exe
  2⤵
  PID:4116
- C:\Windows\System\rjxQtfS.exe
  C:\Windows\System\rjxQtfS.exe
  2⤵
  PID:4232
- C:\Windows\System\qqXMXwB.exe
  C:\Windows\System\qqXMXwB.exe
  2⤵
  PID:4420
- C:\Windows\System\ngPeQgC.exe
  C:\Windows\System\ngPeQgC.exe
  2⤵
  PID:4480
- C:\Windows\System\BxSKtlX.exe
  C:\Windows\System\BxSKtlX.exe
  2⤵
  PID:5160
- C:\Windows\System\kyPpnlC.exe
  C:\Windows\System\kyPpnlC.exe
  2⤵
  PID:5184
- C:\Windows\System\SOcRZSl.exe
  C:\Windows\System\SOcRZSl.exe
  2⤵
  PID:5204
- C:\Windows\System\JgWeQBd.exe
  C:\Windows\System\JgWeQBd.exe
  2⤵
  PID:5244
- C:\Windows\System\FIutyLC.exe
  C:\Windows\System\FIutyLC.exe
  2⤵
  PID:5300
- C:\Windows\System\JSjCSrn.exe
  C:\Windows\System\JSjCSrn.exe
  2⤵
  PID:5320
- C:\Windows\System\RbIrVMM.exe
  C:\Windows\System\RbIrVMM.exe
  2⤵
  PID:5344
- C:\Windows\System\bCkKCQN.exe
  C:\Windows\System\bCkKCQN.exe
  2⤵
  PID:5364
- C:\Windows\System\RMYKvET.exe
  C:\Windows\System\RMYKvET.exe
  2⤵
  PID:5428
- C:\Windows\System\wJdwsvu.exe
  C:\Windows\System\wJdwsvu.exe
  2⤵
  PID:5440
- C:\Windows\System\UGpOtGe.exe
  C:\Windows\System\UGpOtGe.exe
  2⤵
  PID:5480
- C:\Windows\System\rOGcDwE.exe
  C:\Windows\System\rOGcDwE.exe
  2⤵
  PID:5504
- C:\Windows\System\dfMovxE.exe
  C:\Windows\System\dfMovxE.exe
  2⤵
  PID:5528
- C:\Windows\System\GWTRCWn.exe
  C:\Windows\System\GWTRCWn.exe
  2⤵
  PID:5560
- C:\Windows\System\tYkUYkS.exe
  C:\Windows\System\tYkUYkS.exe
  2⤵
  PID:5588
- C:\Windows\System\gsOtKHu.exe
  C:\Windows\System\gsOtKHu.exe
  2⤵
  PID:5620
- C:\Windows\System\fuacBiF.exe
  C:\Windows\System\fuacBiF.exe
  2⤵
  PID:5648
- C:\Windows\System\rhOqleA.exe
  C:\Windows\System\rhOqleA.exe
  2⤵
  PID:5708
- C:\Windows\System\baVNEIv.exe
  C:\Windows\System\baVNEIv.exe
  2⤵
  PID:1248
- C:\Windows\System\fEIYqFS.exe
  C:\Windows\System\fEIYqFS.exe
  2⤵
  PID:5748
- C:\Windows\System\wYWaHWe.exe
  C:\Windows\System\wYWaHWe.exe
  2⤵
  PID:5768
- C:\Windows\System\FewCvVb.exe
  C:\Windows\System\FewCvVb.exe
  2⤵
  PID:5820
- C:\Windows\System\gKILpYF.exe
  C:\Windows\System\gKILpYF.exe
  2⤵
  PID:5840
- C:\Windows\System\DDrwSod.exe
  C:\Windows\System\DDrwSod.exe
  2⤵
  PID:5864
- C:\Windows\System\nTdBHHy.exe
  C:\Windows\System\nTdBHHy.exe
  2⤵
  PID:5884
- C:\Windows\System\xmrXnJO.exe
  C:\Windows\System\xmrXnJO.exe
  2⤵
  PID:5924
- C:\Windows\System\MhwXxdp.exe
  C:\Windows\System\MhwXxdp.exe
  2⤵
  PID:5960
- C:\Windows\System\uThYacd.exe
  C:\Windows\System\uThYacd.exe
  2⤵
  PID:6020
- C:\Windows\System\blueIjU.exe
  C:\Windows\System\blueIjU.exe
  2⤵
  PID:6060
- C:\Windows\System\esiEjtC.exe
  C:\Windows\System\esiEjtC.exe
  2⤵
  PID:6064
- C:\Windows\System\NmttlXh.exe
  C:\Windows\System\NmttlXh.exe
  2⤵
  PID:6108
- C:\Windows\System\ykdHnMp.exe
  C:\Windows\System\ykdHnMp.exe
  2⤵
  PID:6128
- C:\Windows\System\HgIkRBM.exe
  C:\Windows\System\HgIkRBM.exe
  2⤵
  PID:4612
- C:\Windows\System\fWFwrtD.exe
  C:\Windows\System\fWFwrtD.exe
  2⤵
  PID:4764
- C:\Windows\System\gUXgOzk.exe
  C:\Windows\System\gUXgOzk.exe
  2⤵
  PID:4840
- C:\Windows\System\DEFcvwz.exe
  C:\Windows\System\DEFcvwz.exe
  2⤵
  PID:4904
- C:\Windows\System\STCQswM.exe
  C:\Windows\System\STCQswM.exe
  2⤵
  PID:2632
- C:\Windows\System\oIsVQyZ.exe
  C:\Windows\System\oIsVQyZ.exe
  2⤵
  PID:288
- C:\Windows\System\oAdPWaf.exe
  C:\Windows\System\oAdPWaf.exe
  2⤵
  PID:4352
- C:\Windows\System\twcbPBK.exe
  C:\Windows\System\twcbPBK.exe
  2⤵
  PID:5144
- C:\Windows\System\KzlEeEv.exe
  C:\Windows\System\KzlEeEv.exe
  2⤵
  PID:5168
- C:\Windows\System\lsAsZoH.exe
  C:\Windows\System\lsAsZoH.exe
  2⤵
  PID:5264
- C:\Windows\System\KBkuaVf.exe
  C:\Windows\System\KBkuaVf.exe
  2⤵
  PID:5304
- C:\Windows\System\ddncxIb.exe
  C:\Windows\System\ddncxIb.exe
  2⤵
  PID:5380
- C:\Windows\System\QrPhRAg.exe
  C:\Windows\System\QrPhRAg.exe
  2⤵
  PID:5400
- C:\Windows\System\QxpQPJD.exe
  C:\Windows\System\QxpQPJD.exe
  2⤵
  PID:5468
- C:\Windows\System\UjMWmFD.exe
  C:\Windows\System\UjMWmFD.exe
  2⤵
  PID:5548
- C:\Windows\System\ivzGYKy.exe
  C:\Windows\System\ivzGYKy.exe
  2⤵
  PID:5544
- C:\Windows\System\UGjVIzH.exe
  C:\Windows\System\UGjVIzH.exe
  2⤵
  PID:5640
- C:\Windows\System\jVTgqOi.exe
  C:\Windows\System\jVTgqOi.exe
  2⤵
  PID:5688
- C:\Windows\System\kGXSNCi.exe
  C:\Windows\System\kGXSNCi.exe
  2⤵
  PID:5724
- C:\Windows\System\VoEalEL.exe
  C:\Windows\System\VoEalEL.exe
  2⤵
  PID:1488
- C:\Windows\System\mhBLfVu.exe
  C:\Windows\System\mhBLfVu.exe
  2⤵
  PID:5848
- C:\Windows\System\iICyTyU.exe
  C:\Windows\System\iICyTyU.exe
  2⤵
  PID:5944
- C:\Windows\System\rFKdhza.exe
  C:\Windows\System\rFKdhza.exe
  2⤵
  PID:5964
- C:\Windows\System\avAyCjp.exe
  C:\Windows\System\avAyCjp.exe
  2⤵
  PID:6004
- C:\Windows\System\djeSnvu.exe
  C:\Windows\System\djeSnvu.exe
  2⤵
  PID:6044
- C:\Windows\System\FxKKjul.exe
  C:\Windows\System\FxKKjul.exe
  2⤵
  PID:4600
- C:\Windows\System\CkjgPoT.exe
  C:\Windows\System\CkjgPoT.exe
  2⤵
  PID:1312
- C:\Windows\System\kVISEvI.exe
  C:\Windows\System\kVISEvI.exe
  2⤵
  PID:5056
- C:\Windows\System\vVweQeF.exe
  C:\Windows\System\vVweQeF.exe
  2⤵
  PID:308
- C:\Windows\System\cNNqQEw.exe
  C:\Windows\System\cNNqQEw.exe
  2⤵
  PID:5140
- C:\Windows\System\mIoBxuP.exe
  C:\Windows\System\mIoBxuP.exe
  2⤵
  PID:5228
- C:\Windows\System\scNJauq.exe
  C:\Windows\System\scNJauq.exe
  2⤵
  PID:5268
- C:\Windows\System\eJLzveO.exe
  C:\Windows\System\eJLzveO.exe
  2⤵
  PID:5348
- C:\Windows\System\bpwcFnt.exe
  C:\Windows\System\bpwcFnt.exe
  2⤵
  PID:5388
- C:\Windows\System\KIslcGh.exe
  C:\Windows\System\KIslcGh.exe
  2⤵
  PID:1920
- C:\Windows\System\yyAiUFk.exe
  C:\Windows\System\yyAiUFk.exe
  2⤵
  PID:5700
- C:\Windows\System\yrICdUd.exe
  C:\Windows\System\yrICdUd.exe
  2⤵
  PID:5808
- C:\Windows\System\NhyAUVI.exe
  C:\Windows\System\NhyAUVI.exe
  2⤵
  PID:5804
- C:\Windows\System\wfUnzsY.exe
  C:\Windows\System\wfUnzsY.exe
  2⤵
  PID:6156
- C:\Windows\System\uVzneEr.exe
  C:\Windows\System\uVzneEr.exe
  2⤵
  PID:6176
- C:\Windows\System\McSHXoN.exe
  C:\Windows\System\McSHXoN.exe
  2⤵
  PID:6196
- C:\Windows\System\fLTGnXE.exe
  C:\Windows\System\fLTGnXE.exe
  2⤵
  PID:6216
- C:\Windows\System\pEkCpZk.exe
  C:\Windows\System\pEkCpZk.exe
  2⤵
  PID:6236
- C:\Windows\System\dQZSlHu.exe
  C:\Windows\System\dQZSlHu.exe
  2⤵
  PID:6256
- C:\Windows\System\ZyCjJul.exe
  C:\Windows\System\ZyCjJul.exe
  2⤵
  PID:6276
- C:\Windows\System\GijfUbT.exe
  C:\Windows\System\GijfUbT.exe
  2⤵
  PID:6296
- C:\Windows\System\oondGno.exe
  C:\Windows\System\oondGno.exe
  2⤵
  PID:6316
- C:\Windows\System\JgsCwsy.exe
  C:\Windows\System\JgsCwsy.exe
  2⤵
  PID:6336
- C:\Windows\System\kOvFMmB.exe
  C:\Windows\System\kOvFMmB.exe
  2⤵
  PID:6356
- C:\Windows\System\WvbVfpg.exe
  C:\Windows\System\WvbVfpg.exe
  2⤵
  PID:6376
- C:\Windows\System\TBSktEX.exe
  C:\Windows\System\TBSktEX.exe
  2⤵
  PID:6396
- C:\Windows\System\ZWjKwqG.exe
  C:\Windows\System\ZWjKwqG.exe
  2⤵
  PID:6416
- C:\Windows\System\CmtBjJK.exe
  C:\Windows\System\CmtBjJK.exe
  2⤵
  PID:6436
- C:\Windows\System\WLzACGV.exe
  C:\Windows\System\WLzACGV.exe
  2⤵
  PID:6456
- C:\Windows\System\PMEwHIp.exe
  C:\Windows\System\PMEwHIp.exe
  2⤵
  PID:6480
- C:\Windows\System\veewIzz.exe
  C:\Windows\System\veewIzz.exe
  2⤵
  PID:6500
- C:\Windows\System\GuWMryw.exe
  C:\Windows\System\GuWMryw.exe
  2⤵
  PID:6520
- C:\Windows\System\kRvZVZu.exe
  C:\Windows\System\kRvZVZu.exe
  2⤵
  PID:6540
- C:\Windows\System\KywvIts.exe
  C:\Windows\System\KywvIts.exe
  2⤵
  PID:6560
- C:\Windows\System\SxqMOBh.exe
  C:\Windows\System\SxqMOBh.exe
  2⤵
  PID:6580
- C:\Windows\System\QKkGndN.exe
  C:\Windows\System\QKkGndN.exe
  2⤵
  PID:6600
- C:\Windows\System\uNRJNmO.exe
  C:\Windows\System\uNRJNmO.exe
  2⤵
  PID:6620
- C:\Windows\System\JWNsMpw.exe
  C:\Windows\System\JWNsMpw.exe
  2⤵
  PID:6640
- C:\Windows\System\ZukAYKm.exe
  C:\Windows\System\ZukAYKm.exe
  2⤵
  PID:6660
- C:\Windows\System\bsDPLEH.exe
  C:\Windows\System\bsDPLEH.exe
  2⤵
  PID:6680
- C:\Windows\System\cgoyljx.exe
  C:\Windows\System\cgoyljx.exe
  2⤵
  PID:6700
- C:\Windows\System\UjZQOgz.exe
  C:\Windows\System\UjZQOgz.exe
  2⤵
  PID:6720
- C:\Windows\System\IAbupGe.exe
  C:\Windows\System\IAbupGe.exe
  2⤵
  PID:6740
- C:\Windows\System\YnAfQIw.exe
  C:\Windows\System\YnAfQIw.exe
  2⤵
  PID:6760
- C:\Windows\System\QYBYfdg.exe
  C:\Windows\System\QYBYfdg.exe
  2⤵
  PID:6780
- C:\Windows\System\ijWbrOx.exe
  C:\Windows\System\ijWbrOx.exe
  2⤵
  PID:6800
- C:\Windows\System\sLBVczP.exe
  C:\Windows\System\sLBVczP.exe
  2⤵
  PID:6820
- C:\Windows\System\rNSwJIP.exe
  C:\Windows\System\rNSwJIP.exe
  2⤵
  PID:6840
- C:\Windows\System\qbdtanR.exe
  C:\Windows\System\qbdtanR.exe
  2⤵
  PID:6860
- C:\Windows\System\tKTdKMh.exe
  C:\Windows\System\tKTdKMh.exe
  2⤵
  PID:6880
- C:\Windows\System\eKwFjnv.exe
  C:\Windows\System\eKwFjnv.exe
  2⤵
  PID:6900
- C:\Windows\System\MpWLPmn.exe
  C:\Windows\System\MpWLPmn.exe
  2⤵
  PID:6920
- C:\Windows\System\lwpifeg.exe
  C:\Windows\System\lwpifeg.exe
  2⤵
  PID:6940
- C:\Windows\System\UAHxyal.exe
  C:\Windows\System\UAHxyal.exe
  2⤵
  PID:6960
- C:\Windows\System\JyeqdyC.exe
  C:\Windows\System\JyeqdyC.exe
  2⤵
  PID:6980
- C:\Windows\System\NbnHDhr.exe
  C:\Windows\System\NbnHDhr.exe
  2⤵
  PID:7000
- C:\Windows\System\FCCPxmE.exe
  C:\Windows\System\FCCPxmE.exe
  2⤵
  PID:7020
- C:\Windows\System\RemGmDK.exe
  C:\Windows\System\RemGmDK.exe
  2⤵
  PID:7040
- C:\Windows\System\rAnWNMr.exe
  C:\Windows\System\rAnWNMr.exe
  2⤵
  PID:7060
- C:\Windows\System\hxwslHz.exe
  C:\Windows\System\hxwslHz.exe
  2⤵
  PID:7080
- C:\Windows\System\PFEVLZN.exe
  C:\Windows\System\PFEVLZN.exe
  2⤵
  PID:7100
- C:\Windows\System\tXrOvgV.exe
  C:\Windows\System\tXrOvgV.exe
  2⤵
  PID:7120
- C:\Windows\System\NotPsFG.exe
  C:\Windows\System\NotPsFG.exe
  2⤵
  PID:7140
- C:\Windows\System\mRvsvCl.exe
  C:\Windows\System\mRvsvCl.exe
  2⤵
  PID:7160
- C:\Windows\System\pqivbQW.exe
  C:\Windows\System\pqivbQW.exe
  2⤵
  PID:5980
- C:\Windows\System\mjYjxfb.exe
  C:\Windows\System\mjYjxfb.exe
  2⤵
  PID:6124
- C:\Windows\System\rviegxj.exe
  C:\Windows\System\rviegxj.exe
  2⤵
  PID:4640
- C:\Windows\System\XSXiHwY.exe
  C:\Windows\System\XSXiHwY.exe
  2⤵
  PID:1736
- C:\Windows\System\uEgWBot.exe
  C:\Windows\System\uEgWBot.exe
  2⤵
  PID:3552
- C:\Windows\System\rNMvbyr.exe
  C:\Windows\System\rNMvbyr.exe
  2⤵
  PID:5188
- C:\Windows\System\ZwhplzU.exe
  C:\Windows\System\ZwhplzU.exe
  2⤵
  PID:5424
- C:\Windows\System\yFBfNWM.exe
  C:\Windows\System\yFBfNWM.exe
  2⤵
  PID:5580
- C:\Windows\System\nLxPSGF.exe
  C:\Windows\System\nLxPSGF.exe
  2⤵
  PID:5624
- C:\Windows\System\FnxbkQg.exe
  C:\Windows\System\FnxbkQg.exe
  2⤵
  PID:5800
- C:\Windows\System\QcdDnZw.exe
  C:\Windows\System\QcdDnZw.exe
  2⤵
  PID:6172
- C:\Windows\System\ogBEHOd.exe
  C:\Windows\System\ogBEHOd.exe
  2⤵
  PID:6204
- C:\Windows\System\QutVkyD.exe
  C:\Windows\System\QutVkyD.exe
  2⤵
  PID:6244
- C:\Windows\System\QJbjYlx.exe
  C:\Windows\System\QJbjYlx.exe
  2⤵
  PID:6268
- C:\Windows\System\JwyWrYz.exe
  C:\Windows\System\JwyWrYz.exe
  2⤵
  PID:6312
- C:\Windows\System\HYzZEsJ.exe
  C:\Windows\System\HYzZEsJ.exe
  2⤵
  PID:6344
- C:\Windows\System\ALjdFgG.exe
  C:\Windows\System\ALjdFgG.exe
  2⤵
  PID:6368
- C:\Windows\System\tcffLnb.exe
  C:\Windows\System\tcffLnb.exe
  2⤵
  PID:6412
- C:\Windows\System\EhvzOCJ.exe
  C:\Windows\System\EhvzOCJ.exe
  2⤵
  PID:6444
- C:\Windows\System\wcPmAUr.exe
  C:\Windows\System\wcPmAUr.exe
  2⤵
  PID:6472
- C:\Windows\System\lUAMoYq.exe
  C:\Windows\System\lUAMoYq.exe
  2⤵
  PID:6516
- C:\Windows\System\BSevnrC.exe
  C:\Windows\System\BSevnrC.exe
  2⤵
  PID:6532
- C:\Windows\System\KRPdYIE.exe
  C:\Windows\System\KRPdYIE.exe
  2⤵
  PID:6576
- C:\Windows\System\lINgoak.exe
  C:\Windows\System\lINgoak.exe
  2⤵
  PID:6608
- C:\Windows\System\bjvlSSo.exe
  C:\Windows\System\bjvlSSo.exe
  2⤵
  PID:6632
- C:\Windows\System\nOLZbaL.exe
  C:\Windows\System\nOLZbaL.exe
  2⤵
  PID:6688
- C:\Windows\System\EfIFdlT.exe
  C:\Windows\System\EfIFdlT.exe
  2⤵
  PID:6708
- C:\Windows\System\twyxvWr.exe
  C:\Windows\System\twyxvWr.exe
  2⤵
  PID:6732
- C:\Windows\System\DBfMPbB.exe
  C:\Windows\System\DBfMPbB.exe
  2⤵
  PID:6776
- C:\Windows\System\gZvCdCa.exe
  C:\Windows\System\gZvCdCa.exe
  2⤵
  PID:6796
- C:\Windows\System\SPpHOmI.exe
  C:\Windows\System\SPpHOmI.exe
  2⤵
  PID:6856
- C:\Windows\System\hrTiqQo.exe
  C:\Windows\System\hrTiqQo.exe
  2⤵
  PID:6888
- C:\Windows\System\MPqwbfk.exe
  C:\Windows\System\MPqwbfk.exe
  2⤵
  PID:6908
- C:\Windows\System\xwpBIkp.exe
  C:\Windows\System\xwpBIkp.exe
  2⤵
  PID:6976
- C:\Windows\System\wTagvUH.exe
  C:\Windows\System\wTagvUH.exe
  2⤵
  PID:7048
- C:\Windows\System\uHoqDAb.exe
  C:\Windows\System\uHoqDAb.exe
  2⤵
  PID:7036
- C:\Windows\System\hOCwlZA.exe
  C:\Windows\System\hOCwlZA.exe
  2⤵
  PID:7092
- C:\Windows\System\HcQoMzg.exe
  C:\Windows\System\HcQoMzg.exe
  2⤵
  PID:7112
- C:\Windows\System\oWEgaWJ.exe
  C:\Windows\System\oWEgaWJ.exe
  2⤵
  PID:5940
- C:\Windows\System\ngzcyyg.exe
  C:\Windows\System\ngzcyyg.exe
  2⤵
  PID:4456
- C:\Windows\System\EteRCvb.exe
  C:\Windows\System\EteRCvb.exe
  2⤵
  PID:4176
- C:\Windows\System\WfoXrgJ.exe
  C:\Windows\System\WfoXrgJ.exe
  2⤵
  PID:5148
- C:\Windows\System\THXRGJO.exe
  C:\Windows\System\THXRGJO.exe
  2⤵
  PID:5340
- C:\Windows\System\jvoXcUQ.exe
  C:\Windows\System\jvoXcUQ.exe
  2⤵
  PID:5508
- C:\Windows\System\vhrSrrX.exe
  C:\Windows\System\vhrSrrX.exe
  2⤵
  PID:5680
- C:\Windows\System\uRGgsTw.exe
  C:\Windows\System\uRGgsTw.exe
  2⤵
  PID:5868
- C:\Windows\System\WjyJeDq.exe
  C:\Windows\System\WjyJeDq.exe
  2⤵
  PID:6232
- C:\Windows\System\MMZmRnI.exe
  C:\Windows\System\MMZmRnI.exe
  2⤵
  PID:6348
- C:\Windows\System\nNNxGiD.exe
  C:\Windows\System\nNNxGiD.exe
  2⤵
  PID:6364
- C:\Windows\System\rcbFCya.exe
  C:\Windows\System\rcbFCya.exe
  2⤵
  PID:6428
- C:\Windows\System\YDPHEjV.exe
  C:\Windows\System\YDPHEjV.exe
  2⤵
  PID:6476
- C:\Windows\System\xrUuOsb.exe
  C:\Windows\System\xrUuOsb.exe
  2⤵
  PID:2872
- C:\Windows\System\SAbyCaR.exe
  C:\Windows\System\SAbyCaR.exe
  2⤵
  PID:6528
- C:\Windows\System\qQIVZxw.exe
  C:\Windows\System\qQIVZxw.exe
  2⤵
  PID:6588
- C:\Windows\System\sJtMsly.exe
  C:\Windows\System\sJtMsly.exe
  2⤵
  PID:6668
- C:\Windows\System\uhLcQSt.exe
  C:\Windows\System\uhLcQSt.exe
  2⤵
  PID:6712
- C:\Windows\System\JyLLzLa.exe
  C:\Windows\System\JyLLzLa.exe
  2⤵
  PID:6768
- C:\Windows\System\QnppdyJ.exe
  C:\Windows\System\QnppdyJ.exe
  2⤵
  PID:6816
- C:\Windows\System\zrIHNCF.exe
  C:\Windows\System\zrIHNCF.exe
  2⤵
  PID:6868
- C:\Windows\System\ahtiXaU.exe
  C:\Windows\System\ahtiXaU.exe
  2⤵
  PID:6936
- C:\Windows\System\jgqWxfk.exe
  C:\Windows\System\jgqWxfk.exe
  2⤵
  PID:2944
- C:\Windows\System\BUrgJLw.exe
  C:\Windows\System\BUrgJLw.exe
  2⤵
  PID:2472
- C:\Windows\System\xlOKPBW.exe
  C:\Windows\System\xlOKPBW.exe
  2⤵
  PID:2856
- C:\Windows\System\vgUBore.exe
  C:\Windows\System\vgUBore.exe
  2⤵
  PID:2668
- C:\Windows\System\eKAbPsf.exe
  C:\Windows\System\eKAbPsf.exe
  2⤵
  PID:2644
- C:\Windows\System\qsFogeu.exe
  C:\Windows\System\qsFogeu.exe
  2⤵
  PID:1472
- C:\Windows\System\MhDXZYq.exe
  C:\Windows\System\MhDXZYq.exe
  2⤵
  PID:2256
- C:\Windows\System\JaoqyzI.exe
  C:\Windows\System\JaoqyzI.exe
  2⤵
  PID:2248
- C:\Windows\System\HsRkEcN.exe
  C:\Windows\System\HsRkEcN.exe
  2⤵
  PID:1580
- C:\Windows\System\xRiNYDD.exe
  C:\Windows\System\xRiNYDD.exe
  2⤵
  PID:768
- C:\Windows\System\melsePh.exe
  C:\Windows\System\melsePh.exe
  2⤵
  PID:2196
- C:\Windows\System\yCvxKOF.exe
  C:\Windows\System\yCvxKOF.exe
  2⤵
  PID:1308
- C:\Windows\System\SgUFfay.exe
  C:\Windows\System\SgUFfay.exe
  2⤵
  PID:1544
- C:\Windows\System\sbDDXqR.exe
  C:\Windows\System\sbDDXqR.exe
  2⤵
  PID:7052
- C:\Windows\System\bYFECPk.exe
  C:\Windows\System\bYFECPk.exe
  2⤵
  PID:6024
- C:\Windows\System\sRFBweJ.exe
  C:\Windows\System\sRFBweJ.exe
  2⤵
  PID:5420
- C:\Windows\System\gfhchqd.exe
  C:\Windows\System\gfhchqd.exe
  2⤵
  PID:6084
- C:\Windows\System\yfsMpCO.exe
  C:\Windows\System\yfsMpCO.exe
  2⤵
  PID:6192
- C:\Windows\System\PRVumeR.exe
  C:\Windows\System\PRVumeR.exe
  2⤵
  PID:7152
- C:\Windows\System\VRiWQyY.exe
  C:\Windows\System\VRiWQyY.exe
  2⤵
  PID:6328
- C:\Windows\System\bievrag.exe
  C:\Windows\System\bievrag.exe
  2⤵
  PID:6292
- C:\Windows\System\FdozHQG.exe
  C:\Windows\System\FdozHQG.exe
  2⤵
  PID:6332
- C:\Windows\System\dtEFbTV.exe
  C:\Windows\System\dtEFbTV.exe
  2⤵
  PID:1804
- C:\Windows\System\HhyIZOh.exe
  C:\Windows\System\HhyIZOh.exe
  2⤵
  PID:6404
- C:\Windows\System\cieHVsc.exe
  C:\Windows\System\cieHVsc.exe
  2⤵
  PID:6848
- C:\Windows\System\jsndgop.exe
  C:\Windows\System\jsndgop.exe
  2⤵
  PID:2652
- C:\Windows\System\fHyrqbc.exe
  C:\Windows\System\fHyrqbc.exe
  2⤵
  PID:1492
- C:\Windows\System\myjqmFF.exe
  C:\Windows\System\myjqmFF.exe
  2⤵
  PID:2924
- C:\Windows\System\OXSdYUE.exe
  C:\Windows\System\OXSdYUE.exe
  2⤵
  PID:2852
- C:\Windows\System\rDUpOsd.exe
  C:\Windows\System\rDUpOsd.exe
  2⤵
  PID:3516
- C:\Windows\System\lcBMXRo.exe
  C:\Windows\System\lcBMXRo.exe
  2⤵
  PID:604
- C:\Windows\System\OMfsfnd.exe
  C:\Windows\System\OMfsfnd.exe
  2⤵
  PID:2012
- C:\Windows\System\nkzSeeb.exe
  C:\Windows\System\nkzSeeb.exe
  2⤵
  PID:1608
- C:\Windows\System\HSEzfRb.exe
  C:\Windows\System\HSEzfRb.exe
  2⤵
  PID:6872
- C:\Windows\System\JJwrbBT.exe
  C:\Windows\System\JJwrbBT.exe
  2⤵
  PID:7096
- C:\Windows\System\nsIlNxP.exe
  C:\Windows\System\nsIlNxP.exe
  2⤵
  PID:7116
- C:\Windows\System\KZoSVJN.exe
  C:\Windows\System\KZoSVJN.exe
  2⤵
  PID:5284
- C:\Windows\System\zjelXCt.exe
  C:\Windows\System\zjelXCt.exe
  2⤵
  PID:6432
- C:\Windows\System\LoEVGMJ.exe
  C:\Windows\System\LoEVGMJ.exe
  2⤵
  PID:6728
- C:\Windows\System\ynjGFUl.exe
  C:\Windows\System\ynjGFUl.exe
  2⤵
  PID:4620
- C:\Windows\System\oReNigl.exe
  C:\Windows\System\oReNigl.exe
  2⤵
  PID:7076
- C:\Windows\System\HCuwDmw.exe
  C:\Windows\System\HCuwDmw.exe
  2⤵
  PID:5664
- C:\Windows\System\nKVmWWX.exe
  C:\Windows\System\nKVmWWX.exe
  2⤵
  PID:6264
- C:\Windows\System\GicrAPs.exe
  C:\Windows\System\GicrAPs.exe
  2⤵
  PID:3536
- C:\Windows\System\RSSUnQm.exe
  C:\Windows\System\RSSUnQm.exe
  2⤵
  PID:1940
- C:\Windows\System\VMYFarW.exe
  C:\Windows\System\VMYFarW.exe
  2⤵
  PID:6272
- C:\Windows\System\oxmkXCP.exe
  C:\Windows\System\oxmkXCP.exe
  2⤵
  PID:1848
- C:\Windows\System\nRjXISM.exe
  C:\Windows\System\nRjXISM.exe
  2⤵
  PID:5984
- C:\Windows\System\ygNWJFk.exe
  C:\Windows\System\ygNWJFk.exe
  2⤵
  PID:2664
- C:\Windows\System\rCBsBes.exe
  C:\Windows\System\rCBsBes.exe
  2⤵
  PID:6692
- C:\Windows\System\IUYrinU.exe
  C:\Windows\System\IUYrinU.exe
  2⤵
  PID:6612
- C:\Windows\System\QUzSIhZ.exe
  C:\Windows\System\QUzSIhZ.exe
  2⤵
  PID:5260
- C:\Windows\System\rejOZTm.exe
  C:\Windows\System\rejOZTm.exe
  2⤵
  PID:6492
- C:\Windows\System\BjsEhvW.exe
  C:\Windows\System\BjsEhvW.exe
  2⤵
  PID:5844
- C:\Windows\System\EXZoVUv.exe
  C:\Windows\System\EXZoVUv.exe
  2⤵
  PID:6372
- C:\Windows\System\HvFpzbz.exe
  C:\Windows\System\HvFpzbz.exe
  2⤵
  PID:6188
- C:\Windows\System\vxBbiKz.exe
  C:\Windows\System\vxBbiKz.exe
  2⤵
  PID:1992
- C:\Windows\System\tvpBwMv.exe
  C:\Windows\System\tvpBwMv.exe
  2⤵
  PID:2120
- C:\Windows\System\qeoRwIX.exe
  C:\Windows\System\qeoRwIX.exe
  2⤵
  PID:6100
- C:\Windows\System\OgjCjfZ.exe
  C:\Windows\System\OgjCjfZ.exe
  2⤵
  PID:2240
- C:\Windows\System\OpPfhFx.exe
  C:\Windows\System\OpPfhFx.exe
  2⤵
  PID:1852
- C:\Windows\System\EBVquuG.exe
  C:\Windows\System\EBVquuG.exe
  2⤵
  PID:7176
- C:\Windows\System\hhjIocy.exe
  C:\Windows\System\hhjIocy.exe
  2⤵
  PID:7200
- C:\Windows\System\EbkEwie.exe
  C:\Windows\System\EbkEwie.exe
  2⤵
  PID:7220
- C:\Windows\System\XXshoQa.exe
  C:\Windows\System\XXshoQa.exe
  2⤵
  PID:7248
- C:\Windows\System\CgNRzao.exe
  C:\Windows\System\CgNRzao.exe
  2⤵
  PID:7264
- C:\Windows\System\wcQwRZV.exe
  C:\Windows\System\wcQwRZV.exe
  2⤵
  PID:7288
- C:\Windows\System\TkKrKgC.exe
  C:\Windows\System\TkKrKgC.exe
  2⤵
  PID:7304
- C:\Windows\System\dBJgCZK.exe
  C:\Windows\System\dBJgCZK.exe
  2⤵
  PID:7328
- C:\Windows\System\GZaDhMn.exe
  C:\Windows\System\GZaDhMn.exe
  2⤵
  PID:7348
- C:\Windows\System\uGzTMsW.exe
  C:\Windows\System\uGzTMsW.exe
  2⤵
  PID:7364
- C:\Windows\System\IKMeRod.exe
  C:\Windows\System\IKMeRod.exe
  2⤵
  PID:7380
- C:\Windows\System\byaUgWo.exe
  C:\Windows\System\byaUgWo.exe
  2⤵
  PID:7396
- C:\Windows\System\qsvGdRX.exe
  C:\Windows\System\qsvGdRX.exe
  2⤵
  PID:7412
- C:\Windows\System\qVmRJbB.exe
  C:\Windows\System\qVmRJbB.exe
  2⤵
  PID:7428
- C:\Windows\System\pxWRgQN.exe
  C:\Windows\System\pxWRgQN.exe
  2⤵
  PID:7444
- C:\Windows\System\ZoVowML.exe
  C:\Windows\System\ZoVowML.exe
  2⤵
  PID:7460
- C:\Windows\System\yRltvXV.exe
  C:\Windows\System\yRltvXV.exe
  2⤵
  PID:7504
- C:\Windows\System\QIXlJGK.exe
  C:\Windows\System\QIXlJGK.exe
  2⤵
  PID:7528
- C:\Windows\System\diLrOiK.exe
  C:\Windows\System\diLrOiK.exe
  2⤵
  PID:7548
- C:\Windows\System\LSqMoVd.exe
  C:\Windows\System\LSqMoVd.exe
  2⤵
  PID:7564
- C:\Windows\System\iUcVRdg.exe
  C:\Windows\System\iUcVRdg.exe
  2⤵
  PID:7584
- C:\Windows\System\dnlNjLC.exe
  C:\Windows\System\dnlNjLC.exe
  2⤵
  PID:7600
- C:\Windows\System\HoZShQS.exe
  C:\Windows\System\HoZShQS.exe
  2⤵
  PID:7620
- C:\Windows\System\TpEmIGw.exe
  C:\Windows\System\TpEmIGw.exe
  2⤵
  PID:7640
- C:\Windows\System\BnAwMVf.exe
  C:\Windows\System\BnAwMVf.exe
  2⤵
  PID:7656
- C:\Windows\System\cRjaIQa.exe
  C:\Windows\System\cRjaIQa.exe
  2⤵
  PID:7688
- C:\Windows\System\ddMbvSL.exe
  C:\Windows\System\ddMbvSL.exe
  2⤵
  PID:7708
- C:\Windows\System\LWgAoAY.exe
  C:\Windows\System\LWgAoAY.exe
  2⤵
  PID:7724
- C:\Windows\System\XZObdCl.exe
  C:\Windows\System\XZObdCl.exe
  2⤵
  PID:7740
- C:\Windows\System\jiSeZtD.exe
  C:\Windows\System\jiSeZtD.exe
  2⤵
  PID:7756
- C:\Windows\System\iiGuVrB.exe
  C:\Windows\System\iiGuVrB.exe
  2⤵
  PID:7772
- C:\Windows\System\iezJRKd.exe
  C:\Windows\System\iezJRKd.exe
  2⤵
  PID:7788
- C:\Windows\System\qufjUYZ.exe
  C:\Windows\System\qufjUYZ.exe
  2⤵
  PID:7804
- C:\Windows\System\oTnvreP.exe
  C:\Windows\System\oTnvreP.exe
  2⤵
  PID:7820
- C:\Windows\System\ZYVkqOv.exe
  C:\Windows\System\ZYVkqOv.exe
  2⤵
  PID:7840
- C:\Windows\System\jYdXmJc.exe
  C:\Windows\System\jYdXmJc.exe
  2⤵
  PID:7864
- C:\Windows\System\rhXtVJx.exe
  C:\Windows\System\rhXtVJx.exe
  2⤵
  PID:7880
- C:\Windows\System\IcdthGd.exe
  C:\Windows\System\IcdthGd.exe
  2⤵
  PID:7904
- C:\Windows\System\FPTPzVo.exe
  C:\Windows\System\FPTPzVo.exe
  2⤵
  PID:7920
- C:\Windows\System\GRwNKBY.exe
  C:\Windows\System\GRwNKBY.exe
  2⤵
  PID:7948
- C:\Windows\System\oTdPyTQ.exe
  C:\Windows\System\oTdPyTQ.exe
  2⤵
  PID:7988
- C:\Windows\System\EtFWKdf.exe
  C:\Windows\System\EtFWKdf.exe
  2⤵
  PID:8004
- C:\Windows\System\sCRiYpc.exe
  C:\Windows\System\sCRiYpc.exe
  2⤵
  PID:8028
- C:\Windows\System\eFARqeR.exe
  C:\Windows\System\eFARqeR.exe
  2⤵
  PID:8044
- C:\Windows\System\AXSYmbp.exe
  C:\Windows\System\AXSYmbp.exe
  2⤵
  PID:8060
- C:\Windows\System\RHOawFg.exe
  C:\Windows\System\RHOawFg.exe
  2⤵
  PID:8080
- C:\Windows\System\ZGdUCOn.exe
  C:\Windows\System\ZGdUCOn.exe
  2⤵
  PID:8104
- C:\Windows\System\XFtfLCl.exe
  C:\Windows\System\XFtfLCl.exe
  2⤵
  PID:8120
- C:\Windows\System\byZovGR.exe
  C:\Windows\System\byZovGR.exe
  2⤵
  PID:8136
- C:\Windows\System\SmTfMHA.exe
  C:\Windows\System\SmTfMHA.exe
  2⤵
  PID:8152
- C:\Windows\System\eLBOHpi.exe
  C:\Windows\System\eLBOHpi.exe
  2⤵
  PID:8168
- C:\Windows\System\hTEkphg.exe
  C:\Windows\System\hTEkphg.exe
  2⤵
  PID:6288
- C:\Windows\System\pjeVlxs.exe
  C:\Windows\System\pjeVlxs.exe
  2⤵
  PID:7196
- C:\Windows\System\uWiTcyM.exe
  C:\Windows\System\uWiTcyM.exe
  2⤵
  PID:7232
- C:\Windows\System\YZXtLag.exe
  C:\Windows\System\YZXtLag.exe
  2⤵
  PID:2192
- C:\Windows\System\sXUfEtW.exe
  C:\Windows\System\sXUfEtW.exe
  2⤵
  PID:7244
- C:\Windows\System\uURhhLw.exe
  C:\Windows\System\uURhhLw.exe
  2⤵
  PID:7276
- C:\Windows\System\aSqihvC.exe
  C:\Windows\System\aSqihvC.exe
  2⤵
  PID:7320
- C:\Windows\System\wDoAlYN.exe
  C:\Windows\System\wDoAlYN.exe
  2⤵
  PID:7344
- C:\Windows\System\PsrnfRh.exe
  C:\Windows\System\PsrnfRh.exe
  2⤵
  PID:7388
- C:\Windows\System\deTdLhH.exe
  C:\Windows\System\deTdLhH.exe
  2⤵
  PID:7452
- C:\Windows\System\kMRjWWM.exe
  C:\Windows\System\kMRjWWM.exe
  2⤵
  PID:7408
- C:\Windows\System\WRVbXjB.exe
  C:\Windows\System\WRVbXjB.exe
  2⤵
  PID:7440
- C:\Windows\System\ZcKrmMd.exe
  C:\Windows\System\ZcKrmMd.exe
  2⤵
  PID:7480
- C:\Windows\System\bZBccQS.exe
  C:\Windows\System\bZBccQS.exe
  2⤵
  PID:7592
- C:\Windows\System\pSlhicF.exe
  C:\Windows\System\pSlhicF.exe
  2⤵
  PID:7580
- C:\Windows\System\nQGZFks.exe
  C:\Windows\System\nQGZFks.exe
  2⤵
  PID:7648
- C:\Windows\System\OwkvpJe.exe
  C:\Windows\System\OwkvpJe.exe
  2⤵
  PID:7672
- C:\Windows\System\JvuDYDQ.exe
  C:\Windows\System\JvuDYDQ.exe
  2⤵
  PID:7684
- C:\Windows\System\CnjvMwi.exe
  C:\Windows\System\CnjvMwi.exe
  2⤵
  PID:7800
- C:\Windows\System\CuxkCcl.exe
  C:\Windows\System\CuxkCcl.exe
  2⤵
  PID:7780
- C:\Windows\System\xXRtRYM.exe
  C:\Windows\System\xXRtRYM.exe
  2⤵
  PID:7852
- C:\Windows\System\BgVNjgf.exe
  C:\Windows\System\BgVNjgf.exe
  2⤵
  PID:7836
- C:\Windows\System\mllQomb.exe
  C:\Windows\System\mllQomb.exe
  2⤵
  PID:7896
- C:\Windows\System\csbyLyK.exe
  C:\Windows\System\csbyLyK.exe
  2⤵
  PID:7704
- C:\Windows\System\QoAvCAl.exe
  C:\Windows\System\QoAvCAl.exe
  2⤵
  PID:7876
- C:\Windows\System\AWvQlUM.exe
  C:\Windows\System\AWvQlUM.exe
  2⤵
  PID:7980
- C:\Windows\System\ShcUqpL.exe
  C:\Windows\System\ShcUqpL.exe
  2⤵
  PID:7964
- C:\Windows\System\UJVYnSG.exe
  C:\Windows\System\UJVYnSG.exe
  2⤵
  PID:7976
- C:\Windows\System\fvtDkis.exe
  C:\Windows\System\fvtDkis.exe
  2⤵
  PID:8144
- C:\Windows\System\IPExYDo.exe
  C:\Windows\System\IPExYDo.exe
  2⤵
  PID:7984
- C:\Windows\System\zLYuQyT.exe
  C:\Windows\System\zLYuQyT.exe
  2⤵
  PID:7228
- C:\Windows\System\UxsRTso.exe
  C:\Windows\System\UxsRTso.exe
  2⤵
  PID:8016
- C:\Windows\System\xiEzcfg.exe
  C:\Windows\System\xiEzcfg.exe
  2⤵
  PID:8132
- C:\Windows\System\gcrZqRj.exe
  C:\Windows\System\gcrZqRj.exe
  2⤵
  PID:8056
- C:\Windows\System\naqadgu.exe
  C:\Windows\System\naqadgu.exe
  2⤵
  PID:7324
- C:\Windows\System\NblrDoz.exe
  C:\Windows\System\NblrDoz.exe
  2⤵
  PID:7404
- C:\Windows\System\tDkdxKk.exe
  C:\Windows\System\tDkdxKk.exe
  2⤵
  PID:7520
- C:\Windows\System\AuSAXMm.exe
  C:\Windows\System\AuSAXMm.exe
  2⤵
  PID:7296
- C:\Windows\System\sLpwYTn.exe
  C:\Windows\System\sLpwYTn.exe
  2⤵
  PID:7556
- C:\Windows\System\QVUHoDb.exe
  C:\Windows\System\QVUHoDb.exe
  2⤵
  PID:7424
- C:\Windows\System\VPznsSa.exe
  C:\Windows\System\VPznsSa.exe
  2⤵
  PID:7628
- C:\Windows\System\IdUptSZ.exe
  C:\Windows\System\IdUptSZ.exe
  2⤵
  PID:7540
- C:\Windows\System\mqrAJOp.exe
  C:\Windows\System\mqrAJOp.exe
  2⤵
  PID:7748
- C:\Windows\System\evWHGZs.exe
  C:\Windows\System\evWHGZs.exe
  2⤵
  PID:7720
- C:\Windows\System\YMbpeif.exe
  C:\Windows\System\YMbpeif.exe
  2⤵
  PID:7816
- C:\Windows\System\JWprzgR.exe
  C:\Windows\System\JWprzgR.exe
  2⤵
  PID:7892
- C:\Windows\System\MahGsxx.exe
  C:\Windows\System\MahGsxx.exe
  2⤵
  PID:7916
- C:\Windows\System\inrURKO.exe
  C:\Windows\System\inrURKO.exe
  2⤵
  PID:7132
- C:\Windows\System\SBWpQjY.exe
  C:\Windows\System\SBWpQjY.exe
  2⤵
  PID:7932
- C:\Windows\System\BQxzGrA.exe
  C:\Windows\System\BQxzGrA.exe
  2⤵
  PID:7972
- C:\Windows\System\fsiapat.exe
  C:\Windows\System\fsiapat.exe
  2⤵
  PID:8072
- C:\Windows\System\PfxPedl.exe
  C:\Windows\System\PfxPedl.exe
  2⤵
  PID:8024
- C:\Windows\System\LNXMraz.exe
  C:\Windows\System\LNXMraz.exe
  2⤵
  PID:8128
- C:\Windows\System\JILUIjx.exe
  C:\Windows\System\JILUIjx.exe
  2⤵
  PID:5240
- C:\Windows\System\bUwiNfm.exe
  C:\Windows\System\bUwiNfm.exe
  2⤵
  PID:7500
- C:\Windows\System\EshquDw.exe
  C:\Windows\System\EshquDw.exe
  2⤵
  PID:7216
- C:\Windows\System\YTeCaTL.exe
  C:\Windows\System\YTeCaTL.exe
  2⤵
  PID:7576
- C:\Windows\System\TCREUMS.exe
  C:\Windows\System\TCREUMS.exe
  2⤵
  PID:7664
- C:\Windows\System\WqEQjzk.exe
  C:\Windows\System\WqEQjzk.exe
  2⤵
  PID:7944
- C:\Windows\System\kWjcDSI.exe
  C:\Windows\System\kWjcDSI.exe
  2⤵
  PID:7860
- C:\Windows\System\MAuCHdZ.exe
  C:\Windows\System\MAuCHdZ.exe
  2⤵
  PID:7764
- C:\Windows\System\JVuNKHz.exe
  C:\Windows\System\JVuNKHz.exe
  2⤵
  PID:7172
- C:\Windows\System\tvwqAtC.exe
  C:\Windows\System\tvwqAtC.exe
  2⤵
  PID:7436
- C:\Windows\System\tshqyKE.exe
  C:\Windows\System\tshqyKE.exe
  2⤵
  PID:8116
- C:\Windows\System\LkcECRD.exe
  C:\Windows\System\LkcECRD.exe
  2⤵
  PID:8052
- C:\Windows\System\GiyGpGl.exe
  C:\Windows\System\GiyGpGl.exe
  2⤵
  PID:7496
- C:\Windows\System\zaZlPwj.exe
  C:\Windows\System\zaZlPwj.exe
  2⤵
  PID:7476
- C:\Windows\System\XfPlhCa.exe
  C:\Windows\System\XfPlhCa.exe
  2⤵
  PID:7796
- C:\Windows\System\HSwUrcG.exe
  C:\Windows\System\HSwUrcG.exe
  2⤵
  PID:7108
- C:\Windows\System\PNzAbCt.exe
  C:\Windows\System\PNzAbCt.exe
  2⤵
  PID:7572
- C:\Windows\System\pAtslOp.exe
  C:\Windows\System\pAtslOp.exe
  2⤵
  PID:7376
- C:\Windows\System\hCSfmlu.exe
  C:\Windows\System\hCSfmlu.exe
  2⤵
  PID:8180
- C:\Windows\System\PHyhPjd.exe
  C:\Windows\System\PHyhPjd.exe
  2⤵
  PID:7256
- C:\Windows\System\okBFlPo.exe
  C:\Windows\System\okBFlPo.exe
  2⤵
  PID:7340
- C:\Windows\System\qCysqiT.exe
  C:\Windows\System\qCysqiT.exe
  2⤵
  PID:7732
- C:\Windows\System\CaiCFyb.exe
  C:\Windows\System\CaiCFyb.exe
  2⤵
  PID:7828
- C:\Windows\System\yZTPvlx.exe
  C:\Windows\System\yZTPvlx.exe
  2⤵
  PID:8196
- C:\Windows\System\OtDhIJR.exe
  C:\Windows\System\OtDhIJR.exe
  2⤵
  PID:8224
- C:\Windows\System\mWSCMBA.exe
  C:\Windows\System\mWSCMBA.exe
  2⤵
  PID:8244
- C:\Windows\System\JhTHaKL.exe
  C:\Windows\System\JhTHaKL.exe
  2⤵
  PID:8264
- C:\Windows\System\WSsyAAt.exe
  C:\Windows\System\WSsyAAt.exe
  2⤵
  PID:8304
- C:\Windows\System\yRNVNZB.exe
  C:\Windows\System\yRNVNZB.exe
  2⤵
  PID:8320
- C:\Windows\System\lEGtYNe.exe
  C:\Windows\System\lEGtYNe.exe
  2⤵
  PID:8336
- C:\Windows\System\GogLArr.exe
  C:\Windows\System\GogLArr.exe
  2⤵
  PID:8360
- C:\Windows\System\XErKQng.exe
  C:\Windows\System\XErKQng.exe
  2⤵
  PID:8376
- C:\Windows\System\AUogkkS.exe
  C:\Windows\System\AUogkkS.exe
  2⤵
  PID:8392
- C:\Windows\System\YwmBzFN.exe
  C:\Windows\System\YwmBzFN.exe
  2⤵
  PID:8416
- C:\Windows\System\HWpOdRI.exe
  C:\Windows\System\HWpOdRI.exe
  2⤵
  PID:8432
- C:\Windows\System\YMebeYM.exe
  C:\Windows\System\YMebeYM.exe
  2⤵
  PID:8448
- C:\Windows\System\IEFDRMS.exe
  C:\Windows\System\IEFDRMS.exe
  2⤵
  PID:8468
- C:\Windows\System\VGKxDvc.exe
  C:\Windows\System\VGKxDvc.exe
  2⤵
  PID:8484
- C:\Windows\System\aVxUNSz.exe
  C:\Windows\System\aVxUNSz.exe
  2⤵
  PID:8500
- C:\Windows\System\iZAvEGH.exe
  C:\Windows\System\iZAvEGH.exe
  2⤵
  PID:8516
- C:\Windows\System\CPHcDKJ.exe
  C:\Windows\System\CPHcDKJ.exe
  2⤵
  PID:8536
- C:\Windows\System\EpjTKDW.exe
  C:\Windows\System\EpjTKDW.exe
  2⤵
  PID:8588
- C:\Windows\System\NzjbvXC.exe
  C:\Windows\System\NzjbvXC.exe
  2⤵
  PID:8608
- C:\Windows\System\jfeJykm.exe
  C:\Windows\System\jfeJykm.exe
  2⤵
  PID:8624
- C:\Windows\System\jXYKRuC.exe
  C:\Windows\System\jXYKRuC.exe
  2⤵
  PID:8640
- C:\Windows\System\IqwiJAc.exe
  C:\Windows\System\IqwiJAc.exe
  2⤵
  PID:8656
- C:\Windows\System\aIRKIIG.exe
  C:\Windows\System\aIRKIIG.exe
  2⤵
  PID:8676
- C:\Windows\System\JEbYKYc.exe
  C:\Windows\System\JEbYKYc.exe
  2⤵
  PID:8696
- C:\Windows\System\bWMGMfp.exe
  C:\Windows\System\bWMGMfp.exe
  2⤵
  PID:8724
- C:\Windows\System\mpyiATg.exe
  C:\Windows\System\mpyiATg.exe
  2⤵
  PID:8744
- C:\Windows\System\ZvrGJNH.exe
  C:\Windows\System\ZvrGJNH.exe
  2⤵
  PID:8772
- C:\Windows\System\LtqouDc.exe
  C:\Windows\System\LtqouDc.exe
  2⤵
  PID:8788
- C:\Windows\System\HJBDlOe.exe
  C:\Windows\System\HJBDlOe.exe
  2⤵
  PID:8808
- C:\Windows\System\ysUfQWq.exe
  C:\Windows\System\ysUfQWq.exe
  2⤵
  PID:8836
- C:\Windows\System\GFSnRNB.exe
  C:\Windows\System\GFSnRNB.exe
  2⤵
  PID:8856
- C:\Windows\System\nJthbDq.exe
  C:\Windows\System\nJthbDq.exe
  2⤵
  PID:8872
- C:\Windows\System\MjZRfLy.exe
  C:\Windows\System\MjZRfLy.exe
  2⤵
  PID:8896
- C:\Windows\System\KIdhwEB.exe
  C:\Windows\System\KIdhwEB.exe
  2⤵
  PID:8916
- C:\Windows\System\MhjgLjd.exe
  C:\Windows\System\MhjgLjd.exe
  2⤵
  PID:8940
- C:\Windows\System\tPoiMoa.exe
  C:\Windows\System\tPoiMoa.exe
  2⤵
  PID:8960
- C:\Windows\System\hSKpSFj.exe
  C:\Windows\System\hSKpSFj.exe
  2⤵
  PID:8976
- C:\Windows\System\pCfJWWE.exe
  C:\Windows\System\pCfJWWE.exe
  2⤵
  PID:8992
- C:\Windows\System\gkZRyDD.exe
  C:\Windows\System\gkZRyDD.exe
  2⤵
  PID:9016
- C:\Windows\System\aTcPcEP.exe
  C:\Windows\System\aTcPcEP.exe
  2⤵
  PID:9036
- C:\Windows\System\eLvyXzF.exe
  C:\Windows\System\eLvyXzF.exe
  2⤵
  PID:9056
- C:\Windows\System\DarHcOO.exe
  C:\Windows\System\DarHcOO.exe
  2⤵
  PID:9076
- C:\Windows\System\xNTqgLc.exe
  C:\Windows\System\xNTqgLc.exe
  2⤵
  PID:9092
- C:\Windows\System\ihEGdPE.exe
  C:\Windows\System\ihEGdPE.exe
  2⤵
  PID:9112
- C:\Windows\System\HNqoqbQ.exe
  C:\Windows\System\HNqoqbQ.exe
  2⤵
  PID:9132
- C:\Windows\System\jKOEwge.exe
  C:\Windows\System\jKOEwge.exe
  2⤵
  PID:9148
- C:\Windows\System\fTxxxAk.exe
  C:\Windows\System\fTxxxAk.exe
  2⤵
  PID:9168
- C:\Windows\System\uqqJjup.exe
  C:\Windows\System\uqqJjup.exe
  2⤵
  PID:9184
- C:\Windows\System\ahDFlYX.exe
  C:\Windows\System\ahDFlYX.exe
  2⤵
  PID:7968
- C:\Windows\System\LKKlMRp.exe
  C:\Windows\System\LKKlMRp.exe
  2⤵
  PID:7888
- C:\Windows\System\DfcCAvW.exe
  C:\Windows\System\DfcCAvW.exe
  2⤵
  PID:8236
- C:\Windows\System\hVlOVYA.exe
  C:\Windows\System\hVlOVYA.exe
  2⤵
  PID:8272
- C:\Windows\System\kdVHdHa.exe
  C:\Windows\System\kdVHdHa.exe
  2⤵
  PID:8292
- C:\Windows\System\cmFRkSp.exe
  C:\Windows\System\cmFRkSp.exe
  2⤵
  PID:8328
- C:\Windows\System\KWvfcWT.exe
  C:\Windows\System\KWvfcWT.exe
  2⤵
  PID:8400
- C:\Windows\System\rweZGkb.exe
  C:\Windows\System\rweZGkb.exe
  2⤵
  PID:8388
- C:\Windows\System\XomtWEd.exe
  C:\Windows\System\XomtWEd.exe
  2⤵
  PID:8348
- C:\Windows\System\ttjuZHx.exe
  C:\Windows\System\ttjuZHx.exe
  2⤵
  PID:8176
- C:\Windows\System\FQeXWgt.exe
  C:\Windows\System\FQeXWgt.exe
  2⤵
  PID:8480
- C:\Windows\System\XYmGvoT.exe
  C:\Windows\System\XYmGvoT.exe
  2⤵
  PID:8532
- C:\Windows\System\vsJVHyB.exe
  C:\Windows\System\vsJVHyB.exe
  2⤵
  PID:8508
- C:\Windows\System\HWbSjyx.exe
  C:\Windows\System\HWbSjyx.exe
  2⤵
  PID:8560
- C:\Windows\System\pNlThUr.exe
  C:\Windows\System\pNlThUr.exe
  2⤵
  PID:8580
- C:\Windows\System\cKLEYam.exe
  C:\Windows\System\cKLEYam.exe
  2⤵
  PID:8600
- C:\Windows\System\sHIARdG.exe
  C:\Windows\System\sHIARdG.exe
  2⤵
  PID:8632
- C:\Windows\System\sWiHaDA.exe
  C:\Windows\System\sWiHaDA.exe
  2⤵
  PID:8664
- C:\Windows\System\MxPlCSz.exe
  C:\Windows\System\MxPlCSz.exe
  2⤵
  PID:8712
- C:\Windows\System\ZBUEwDb.exe
  C:\Windows\System\ZBUEwDb.exe
  2⤵
  PID:8736
- C:\Windows\System\UTgjGAv.exe
  C:\Windows\System\UTgjGAv.exe
  2⤵
  PID:8784
- C:\Windows\System\ziSRSvQ.exe
  C:\Windows\System\ziSRSvQ.exe
  2⤵
  PID:8820
- C:\Windows\System\BnckolL.exe
  C:\Windows\System\BnckolL.exe
  2⤵
  PID:8832
- C:\Windows\System\TowPWQs.exe
  C:\Windows\System\TowPWQs.exe
  2⤵
  PID:8868
- C:\Windows\System\SpfOFLj.exe
  C:\Windows\System\SpfOFLj.exe
  2⤵
  PID:8908
- C:\Windows\System\rmCKFQP.exe
  C:\Windows\System\rmCKFQP.exe
  2⤵
  PID:8948
- C:\Windows\System\WrdOiBr.exe
  C:\Windows\System\WrdOiBr.exe
  2⤵
  PID:8988
- C:\Windows\System\rdJaLgX.exe
  C:\Windows\System\rdJaLgX.exe
  2⤵
  PID:9008
- C:\Windows\System\RkJpNSx.exe
  C:\Windows\System\RkJpNSx.exe
  2⤵
  PID:9028
- C:\Windows\System\QkdpXXT.exe
  C:\Windows\System\QkdpXXT.exe
  2⤵
  PID:9100
- C:\Windows\System\prCXkKq.exe
  C:\Windows\System\prCXkKq.exe
  2⤵
  PID:9052
- C:\Windows\System\rexuUby.exe
  C:\Windows\System\rexuUby.exe
  2⤵
  PID:9180
- C:\Windows\System\fIrQkUZ.exe
  C:\Windows\System\fIrQkUZ.exe
  2⤵
  PID:9124
- C:\Windows\System\eWxkkRI.exe
  C:\Windows\System\eWxkkRI.exe
  2⤵
  PID:9196
- C:\Windows\System\zpClHTs.exe
  C:\Windows\System\zpClHTs.exe
  2⤵
  PID:9212
- C:\Windows\System\RWFoWUv.exe
  C:\Windows\System\RWFoWUv.exe
  2⤵
  PID:8232
- C:\Windows\System\sxQbVtK.exe
  C:\Windows\System\sxQbVtK.exe
  2⤵
  PID:8892
- C:\Windows\System\EXSnPLR.exe
  C:\Windows\System\EXSnPLR.exe
  2⤵
  PID:8284
- C:\Windows\System\zaGkWzE.exe
  C:\Windows\System\zaGkWzE.exe
  2⤵
  PID:8344
- C:\Windows\System\uIVjaaG.exe
  C:\Windows\System\uIVjaaG.exe
  2⤵
  PID:8424
- C:\Windows\System\NjnSOdy.exe
  C:\Windows\System\NjnSOdy.exe
  2⤵
  PID:8556
- C:\Windows\System\uSNADkO.exe
  C:\Windows\System\uSNADkO.exe
  2⤵
  PID:8464
- C:\Windows\System\DNlVZtj.exe
  C:\Windows\System\DNlVZtj.exe
  2⤵
  PID:8572
- C:\Windows\System\MoebasU.exe
  C:\Windows\System\MoebasU.exe
  2⤵
  PID:8672
- C:\Windows\System\IPIJZwA.exe
  C:\Windows\System\IPIJZwA.exe
  2⤵
  PID:8752
- C:\Windows\System\pWORMaF.exe
  C:\Windows\System\pWORMaF.exe
  2⤵
  PID:8848
- C:\Windows\System\tkPxBlN.exe
  C:\Windows\System\tkPxBlN.exe
  2⤵
  PID:8936
- C:\Windows\System\odSqwhR.exe
  C:\Windows\System\odSqwhR.exe
  2⤵
  PID:6068
- C:\Windows\System\SRNdRZb.exe
  C:\Windows\System\SRNdRZb.exe
  2⤵
  PID:9176
- C:\Windows\System\hYoMkoF.exe
  C:\Windows\System\hYoMkoF.exe
  2⤵
  PID:9192
- C:\Windows\System\MvCUiVt.exe
  C:\Windows\System\MvCUiVt.exe
  2⤵
  PID:8288
- C:\Windows\System\UbTdhsk.exe
  C:\Windows\System\UbTdhsk.exe
  2⤵
  PID:8352
- C:\Windows\System\eTKnToj.exe
  C:\Windows\System\eTKnToj.exe
  2⤵
  PID:7316
- C:\Windows\System\KYVudMK.exe
  C:\Windows\System\KYVudMK.exe
  2⤵
  PID:8604
- C:\Windows\System\NyhxhtR.exe
  C:\Windows\System\NyhxhtR.exe
  2⤵
  PID:9208
- C:\Windows\System\Pxseszr.exe
  C:\Windows\System\Pxseszr.exe
  2⤵
  PID:8300
- C:\Windows\System\uKvjzyM.exe
  C:\Windows\System\uKvjzyM.exe
  2⤵
  PID:8412
- C:\Windows\System\dEroufv.exe
  C:\Windows\System\dEroufv.exe
  2⤵
  PID:8456
- C:\Windows\System\seZjNrR.exe
  C:\Windows\System\seZjNrR.exe
  2⤵
  PID:8704
- C:\Windows\System\HcfYhSg.exe
  C:\Windows\System\HcfYhSg.exe
  2⤵
  PID:8760
- C:\Windows\System\lMSxnzP.exe
  C:\Windows\System\lMSxnzP.exe
  2⤵
  PID:8852
- C:\Windows\System\kWNzCIj.exe
  C:\Windows\System\kWNzCIj.exe
  2⤵
  PID:9064
- C:\Windows\System\dSABBdC.exe
  C:\Windows\System\dSABBdC.exe
  2⤵
  PID:8216
- C:\Windows\System\hvJhXHX.exe
  C:\Windows\System\hvJhXHX.exe
  2⤵
  PID:9044
- C:\Windows\System\TXCefgm.exe
  C:\Windows\System\TXCefgm.exe
  2⤵
  PID:8888
- C:\Windows\System\yhQksyk.exe
  C:\Windows\System\yhQksyk.exe
  2⤵
  PID:8544
- C:\Windows\System\eyleeBh.exe
  C:\Windows\System\eyleeBh.exe
  2⤵
  PID:996
- C:\Windows\System\jseuCmv.exe
  C:\Windows\System\jseuCmv.exe
  2⤵
  PID:8780
- C:\Windows\System\fzqAouo.exe
  C:\Windows\System\fzqAouo.exe
  2⤵
  PID:9088
- C:\Windows\System\xgynSKV.exe
  C:\Windows\System\xgynSKV.exe
  2⤵
  PID:8256
- C:\Windows\System\RrpotMi.exe
  C:\Windows\System\RrpotMi.exe
  2⤵
  PID:9160
- C:\Windows\System\JObSYOl.exe
  C:\Windows\System\JObSYOl.exe
  2⤵
  PID:8596
- C:\Windows\System\sMZQfKX.exe
  C:\Windows\System\sMZQfKX.exe
  2⤵
  PID:5564
- C:\Windows\System\sGUQcQR.exe
  C:\Windows\System\sGUQcQR.exe
  2⤵
  PID:8756
- C:\Windows\System\atFKiQf.exe
  C:\Windows\System\atFKiQf.exe
  2⤵
  PID:9004
- C:\Windows\System\yNCQqMZ.exe
  C:\Windows\System\yNCQqMZ.exe
  2⤵
  PID:8356
- C:\Windows\System\NokGYSr.exe
  C:\Windows\System\NokGYSr.exe
  2⤵
  PID:8688
- C:\Windows\System\ATRbKdt.exe
  C:\Windows\System\ATRbKdt.exe
  2⤵
  PID:8804
- C:\Windows\System\MhcSKFe.exe
  C:\Windows\System\MhcSKFe.exe
  2⤵
  PID:8720
- C:\Windows\System\IGpEwFf.exe
  C:\Windows\System\IGpEwFf.exe
  2⤵
  PID:8280
- C:\Windows\System\SBLyYVG.exe
  C:\Windows\System\SBLyYVG.exe
  2⤵
  PID:9024
- C:\Windows\System\pUkAgug.exe
  C:\Windows\System\pUkAgug.exe
  2⤵
  PID:9164
- C:\Windows\System\UXpcOKz.exe
  C:\Windows\System\UXpcOKz.exe
  2⤵
  PID:9228
- C:\Windows\System\XpasSkE.exe
  C:\Windows\System\XpasSkE.exe
  2⤵
  PID:9244
- C:\Windows\System\YDkBOwJ.exe
  C:\Windows\System\YDkBOwJ.exe
  2⤵
  PID:9268
- C:\Windows\System\MFivmLV.exe
  C:\Windows\System\MFivmLV.exe
  2⤵
  PID:9284
- C:\Windows\System\nEcjdmO.exe
  C:\Windows\System\nEcjdmO.exe
  2⤵
  PID:9304
- C:\Windows\System\tzfoIZl.exe
  C:\Windows\System\tzfoIZl.exe
  2⤵
  PID:9320
- C:\Windows\System\RbkZhOz.exe
  C:\Windows\System\RbkZhOz.exe
  2⤵
  PID:9340
- C:\Windows\System\cborfRB.exe
  C:\Windows\System\cborfRB.exe
  2⤵
  PID:9356
- C:\Windows\System\cLrvruG.exe
  C:\Windows\System\cLrvruG.exe
  2⤵
  PID:9376
- C:\Windows\System\SbsHqjU.exe
  C:\Windows\System\SbsHqjU.exe
  2⤵
  PID:9408
- C:\Windows\System\wkNPoEk.exe
  C:\Windows\System\wkNPoEk.exe
  2⤵
  PID:9432
- C:\Windows\System\rsMeErt.exe
  C:\Windows\System\rsMeErt.exe
  2⤵
  PID:9448
- C:\Windows\System\ieHfkBA.exe
  C:\Windows\System\ieHfkBA.exe
  2⤵
  PID:9472
- C:\Windows\System\tLBJDtZ.exe
  C:\Windows\System\tLBJDtZ.exe
  2⤵
  PID:9488
- C:\Windows\System\UevTCub.exe
  C:\Windows\System\UevTCub.exe
  2⤵
  PID:9512
- C:\Windows\System\eCKlVYQ.exe
  C:\Windows\System\eCKlVYQ.exe
  2⤵
  PID:9528
- C:\Windows\System\rdOjncU.exe
  C:\Windows\System\rdOjncU.exe
  2⤵
  PID:9548
- C:\Windows\System\KJkJrsC.exe
  C:\Windows\System\KJkJrsC.exe
  2⤵
  PID:9568
- C:\Windows\System\OquRooi.exe
  C:\Windows\System\OquRooi.exe
  2⤵
  PID:9588
- C:\Windows\System\dVIOacp.exe
  C:\Windows\System\dVIOacp.exe
  2⤵
  PID:9608
- C:\Windows\System\INgMVpI.exe
  C:\Windows\System\INgMVpI.exe
  2⤵
  PID:9628
- C:\Windows\System\NnZWqeo.exe
  C:\Windows\System\NnZWqeo.exe
  2⤵
  PID:9652
- C:\Windows\System\fFqJaeN.exe
  C:\Windows\System\fFqJaeN.exe
  2⤵
  PID:9668
- C:\Windows\System\TNXSXrl.exe
  C:\Windows\System\TNXSXrl.exe
  2⤵
  PID:9692
- C:\Windows\System\zpWFJZx.exe
  C:\Windows\System\zpWFJZx.exe
  2⤵
  PID:9708
- C:\Windows\System\JQLVjzK.exe
  C:\Windows\System\JQLVjzK.exe
  2⤵
  PID:9728
- C:\Windows\System\OdKrwWW.exe
  C:\Windows\System\OdKrwWW.exe
  2⤵
  PID:9748
- C:\Windows\System\vWJRChf.exe
  C:\Windows\System\vWJRChf.exe
  2⤵
  PID:9764
- C:\Windows\System\PJsRTrT.exe
  C:\Windows\System\PJsRTrT.exe
  2⤵
  PID:9788
- C:\Windows\System\LIaCQdk.exe
  C:\Windows\System\LIaCQdk.exe
  2⤵
  PID:9812
- C:\Windows\System\QESHhuS.exe
  C:\Windows\System\QESHhuS.exe
  2⤵
  PID:9828
- C:\Windows\System\DIBgHiy.exe
  C:\Windows\System\DIBgHiy.exe
  2⤵
  PID:9852
- C:\Windows\System\FrHAbZF.exe
  C:\Windows\System\FrHAbZF.exe
  2⤵
  PID:9872
- C:\Windows\System\WgHewzH.exe
  C:\Windows\System\WgHewzH.exe
  2⤵
  PID:9888
- C:\Windows\System\NDItbVE.exe
  C:\Windows\System\NDItbVE.exe
  2⤵
  PID:9904
- C:\Windows\System\ssssiqa.exe
  C:\Windows\System\ssssiqa.exe
  2⤵
  PID:9920
- C:\Windows\System\RFijlWt.exe
  C:\Windows\System\RFijlWt.exe
  2⤵
  PID:9936
- C:\Windows\System\JyLVobA.exe
  C:\Windows\System\JyLVobA.exe
  2⤵
  PID:9952
- C:\Windows\System\yrHuSPF.exe
  C:\Windows\System\yrHuSPF.exe
  2⤵
  PID:9968
- C:\Windows\System\NADaMEI.exe
  C:\Windows\System\NADaMEI.exe
  2⤵
  PID:9984
- C:\Windows\System\ghVbuVK.exe
  C:\Windows\System\ghVbuVK.exe
  2⤵
  PID:10000
- C:\Windows\System\wBjQPVe.exe
  C:\Windows\System\wBjQPVe.exe
  2⤵
  PID:10052
- C:\Windows\System\hBtVgwn.exe
  C:\Windows\System\hBtVgwn.exe
  2⤵
  PID:10068
- C:\Windows\System\FItrWEC.exe
  C:\Windows\System\FItrWEC.exe
  2⤵
  PID:10084
- C:\Windows\System\Otvuuib.exe
  C:\Windows\System\Otvuuib.exe
  2⤵
  PID:10104
- C:\Windows\System\aDOkKBx.exe
  C:\Windows\System\aDOkKBx.exe
  2⤵
  PID:10132
- C:\Windows\System\sFEyyjs.exe
  C:\Windows\System\sFEyyjs.exe
  2⤵
  PID:10148
- C:\Windows\System\SDwwHYs.exe
  C:\Windows\System\SDwwHYs.exe
  2⤵
  PID:10172
- C:\Windows\System\rNlTEBh.exe
  C:\Windows\System\rNlTEBh.exe
  2⤵
  PID:10192
- C:\Windows\System\YsPhQre.exe
  C:\Windows\System\YsPhQre.exe
  2⤵
  PID:10208
- C:\Windows\System\UIJdbOD.exe
  C:\Windows\System\UIJdbOD.exe
  2⤵
  PID:10224
- C:\Windows\System\NvnUCyY.exe
  C:\Windows\System\NvnUCyY.exe
  2⤵
  PID:9224
- C:\Windows\System\XEzjnWP.exe
  C:\Windows\System\XEzjnWP.exe
  2⤵
  PID:9260
- C:\Windows\System\Fryrtwz.exe
  C:\Windows\System\Fryrtwz.exe
  2⤵
  PID:9296
- C:\Windows\System\YggBqKo.exe
  C:\Windows\System\YggBqKo.exe
  2⤵
  PID:9332
- C:\Windows\System\AprWfLH.exe
  C:\Windows\System\AprWfLH.exe
  2⤵
  PID:9372
- C:\Windows\System\JajZidf.exe
  C:\Windows\System\JajZidf.exe
  2⤵
  PID:9384
- C:\Windows\System\ZsjlaHF.exe
  C:\Windows\System\ZsjlaHF.exe
  2⤵
  PID:9420
- C:\Windows\System\cPpiREK.exe
  C:\Windows\System\cPpiREK.exe
  2⤵
  PID:9440
- C:\Windows\System\MuoaarE.exe
  C:\Windows\System\MuoaarE.exe
  2⤵
  PID:9468
- C:\Windows\System\DZwTxxo.exe
  C:\Windows\System\DZwTxxo.exe
  2⤵
  PID:9484
- C:\Windows\System\WQmEUZx.exe
  C:\Windows\System\WQmEUZx.exe
  2⤵
  PID:9564
- C:\Windows\System\TtadxYk.exe
  C:\Windows\System\TtadxYk.exe
  2⤵
  PID:9596
- C:\Windows\System\faEaxKl.exe
  C:\Windows\System\faEaxKl.exe
  2⤵
  PID:9616
- C:\Windows\System\eVGCakw.exe
  C:\Windows\System\eVGCakw.exe
  2⤵
  PID:9640
- C:\Windows\System\lqPSlBP.exe
  C:\Windows\System\lqPSlBP.exe
  2⤵
  PID:9684
- C:\Windows\System\GXUfeRY.exe
  C:\Windows\System\GXUfeRY.exe
  2⤵
  PID:9720
- C:\Windows\System\VRXPDKd.exe
  C:\Windows\System\VRXPDKd.exe
  2⤵
  PID:9756
- C:\Windows\System\amiwwDr.exe
  C:\Windows\System\amiwwDr.exe
  2⤵
  PID:9784
- C:\Windows\System\IGltCUa.exe
  C:\Windows\System\IGltCUa.exe
  2⤵
  PID:9804
- C:\Windows\System\iOFDKHd.exe
  C:\Windows\System\iOFDKHd.exe
  2⤵
  PID:9848
- C:\Windows\System\uoxotPR.exe
  C:\Windows\System\uoxotPR.exe
  2⤵
  PID:9900
- C:\Windows\System\bGlbEsF.exe
  C:\Windows\System\bGlbEsF.exe
  2⤵
  PID:9884
- C:\Windows\System\RuYKXVf.exe
  C:\Windows\System\RuYKXVf.exe
  2⤵
  PID:9980
- C:\Windows\System\ojvuTwc.exe
  C:\Windows\System\ojvuTwc.exe
  2⤵
  PID:10032
- C:\Windows\System\WgwuHmG.exe
  C:\Windows\System\WgwuHmG.exe
  2⤵
  PID:9992
- C:\Windows\System\ofxymfw.exe
  C:\Windows\System\ofxymfw.exe
  2⤵
  PID:10076
- C:\Windows\System\tWAFSEF.exe
  C:\Windows\System\tWAFSEF.exe
  2⤵
  PID:10120
- C:\Windows\System\AxNUuKh.exe
  C:\Windows\System\AxNUuKh.exe
  2⤵
  PID:10096
- C:\Windows\System\DiFXmRc.exe
  C:\Windows\System\DiFXmRc.exe
  2⤵
  PID:10160
- C:\Windows\System\RVGZTGY.exe
  C:\Windows\System\RVGZTGY.exe
  2⤵
  PID:10200
- C:\Windows\System\riQxuOv.exe
  C:\Windows\System\riQxuOv.exe
  2⤵
  PID:9280
- C:\Windows\System\uDzyqwj.exe
  C:\Windows\System\uDzyqwj.exe
  2⤵
  PID:9264
- C:\Windows\System\ldkwPaD.exe
  C:\Windows\System\ldkwPaD.exe
  2⤵
  PID:9392
- C:\Windows\System\gJmNauL.exe
  C:\Windows\System\gJmNauL.exe
  2⤵
  PID:9312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\GOAJvZX.exe

Filesize
6.0MB

MD5
c30808989fb8a05698699706b748abaf

SHA1
ae2c6770f77600822fd76f72fc9ce0a78bb50af1

SHA256
a130c4cae5af6b431c6fb2c874f016d36e0ae87d8eed2c43b52844ee4a5621f8

SHA512
757f3f49911d75d6ad3f0bd29e9dbc58d789bc9c698bb0391dde625750fabd110b3447f74aa26bdf7bbdc5aed971604f294daee3f75a85667d22e06dc3493ec0

Download Submit
C:\Windows\system\HOmayxW.exe

Filesize
6.0MB

MD5
cfecdc784862bb3991dabd162940d27a

SHA1
ecb433c88771586498352f7f864fcc9906eefded

SHA256
18b3b416c82f87766744ca3c9543a059f865b0f6facca15eb51142e971c617d6

SHA512
21eb43266e70f0334a99f4a3773fdd42a8eee326d56326d549e3dfc5b73a50de0cfeeee78240a223a3537833cc212322da9e5b76bb6ba83677d3d0882342a02c

Download Submit
C:\Windows\system\HQkbnxD.exe

Filesize
6.0MB

MD5
84c6e1d792668600b1220ab3bed1d211

SHA1
c13714481bc9a310b2f91d9dbb073a734cf03038

SHA256
34430e5f638ada957be49b01a242d8cb2b47fc7bc0390327ec2a1c33aed9bb1f

SHA512
d96c92d4971cb3b2eebbd2885d4eca340d2e4b74b7c730e223273ef21fb0e56ebc242018e1fad7cd86d1b766be4e92fd1248889dae141da9a0e50a8c0d4e1b07

Download Submit
C:\Windows\system\HVKBVDV.exe

Filesize
6.0MB

MD5
556a19bba14a233ca06fbf62a4d31878

SHA1
2958a1490ec1b1046c1b765ede29377ba2066dc9

SHA256
d691f3d606688c2d7a181bc48dc0a52075167b2e7031682123c0cc258d292f44

SHA512
735148519192fe343b746f5cf62c1351ee79a273b09f46a6e06ec04d929b99a435f28d1629248ab527f36ba4e9fa434687658d6586de598cdf10caf880ddd80f

Download Submit
C:\Windows\system\HqcbQDx.exe

Filesize
6.0MB

MD5
e1357830713b23aa31d9d9d8608e1b80

SHA1
ab3be629b1778d4a334c6197eb6327ef1a7f0db0

SHA256
b6ed85cb87b95f6ca7d12bd91eef750d646ec6d6f4414a8e0f91c4e0400d960b

SHA512
2e930960b32ca6bbfed5e2a66cb6889f7497a0ec8db3da772c3b2abc03f35ea20dcf220a0041727ff634d5eb5de52ffacb886a75218718155319e211422330d9

Download Submit
C:\Windows\system\KmenHZb.exe

Filesize
6.0MB

MD5
000c774f48662659c1af8531c6602485

SHA1
a44bc41c1b56ed30215044d5093fb7f1a2f42b01

SHA256
9d4e2d34dbaf0c23aa75a139e5f86bd023d9ff6422cb4681529b56adb7623e73

SHA512
c7aec703033eb6eb2ec948d8e054ed7a0e64fc2d61e7467c7360e6e58c9714905f8bf30e84196f0d1d14572f100eac69e50d015df1042c3d6541030f28a0d529

Download Submit
C:\Windows\system\NrXdTil.exe

Filesize
6.0MB

MD5
9c00b9642eb1510316efab07dd0ff2f9

SHA1
5f56ee61e0de464ec08ead6707997ac19719c962

SHA256
0cb34e67e9b55432ddb42aeca2aa351642ee3a5e85b748b9737f6aa933978f59

SHA512
2ccd601d4f5dafdfcd119ceca890e4e2b25a66bbc83849fff1db84c5047b5782f6c9e3944106799d2e1148d0bbe06a79f5a963f0990910ba6ace6d3237a8123d

Download Submit
C:\Windows\system\ONTwQvq.exe

Filesize
6.0MB

MD5
048da9bfd6b502baf58dcb90d7ae06bc

SHA1
acb0a9468157f87db7ca5d9dfb4afa4f7760a273

SHA256
89add14dcd0e6a74836d2d84b488a5168c7c210dec899bdf4ff803080d2867aa

SHA512
f7f0fa704f52c270dd0e413b13e31403bd5d2d94320895af5ab49c1b68508bc02e793bb12337f3c2bce0ef1b2a0a8f500bd58ef4613b406ab8780741734a5406

Download Submit
C:\Windows\system\OdJIsmq.exe

Filesize
6.0MB

MD5
1a773ddbfb54aad17edb2c56a2b6ad24

SHA1
848b37a271bf6576d0ab81fc19ee1c8c9c9606fe

SHA256
811ba78fb42fec6a7f151969106942e2f3c04cf72dbb155aa53a86ab8d777201

SHA512
cb94b719353a83236166560911d3463cadebf91d4e17d17be72ffa67d974f5890325c8d1d5d4c739ddd6259e612875a5dcfb8c90b70e47d6e62dd9bb57bfe181

Download Submit
C:\Windows\system\PqQuxzC.exe

Filesize
6.0MB

MD5
7bbd2ea39c61b27019a472ec776547a5

SHA1
926cc232a41b0c242a28b50b0b2b77e85ae70e92

SHA256
f2473454a7f7f79f08ab9b790330e9ab7617e449e617831548b1dfb75bdc9863

SHA512
d7b3699dd3da23124feb8ec323da1ebe1701a35b8abb6238c5d1384283c6e3824ff50f30510e4c039c49badaed98152315f342aba7a9438aaf31ec5eb2e0861e

Download Submit
C:\Windows\system\QOetxVC.exe

Filesize
6.0MB

MD5
bea952575e4d781ad8f08f554063553e

SHA1
860175c4bcbcc39402aa1e308ebec37a59591377

SHA256
3a748117e9602750f05b34523d6f9c46b2d831687b5ec8e805b9ba0b720655fe

SHA512
2cb6ce0ae0826f7862cb40bab2212faceb248133170ea2153fab67cf4350bda14e5e1c27f84295aa863fd5cb6bdbd357b955c376e42e993e6b15dab1264d90c2

Download Submit
C:\Windows\system\SaLhHEq.exe

Filesize
6.0MB

MD5
93c0e17244d401605226f403424883fb

SHA1
0dc92f5993e92a3f4e8e360ea29c146ecb1444a9

SHA256
2b628c9df049e4ddbf291eb36bf532ef82fceb858775d5be85945d9c236c15f7

SHA512
644dc2e6e2db09f07c983db450ac7b579991763c354808b8dfd785ef958b07d75c4736e85b04f15d96b31455d47953877d27ce7f88e938d10b20fa04f6532fe2

Download Submit
C:\Windows\system\TvIdRGQ.exe

Filesize
6.0MB

MD5
c11d5be9cb8afaf84c2771870da4a25f

SHA1
8c8142eebc1ff07ce16a18be0f88bb5732d703e5

SHA256
a6e18ee35e767f73cc756a8cee792819b7f8c6e80be3ccdee3413b05cc022622

SHA512
3239afed4b590a22d19a6d94837a734d4ffbc14a269147da5571c0eb1d686553470627dbf22556b10a465f2ef6264ebe4459bd494a437c6138b1fc4fdb49e3f0

Download Submit
C:\Windows\system\WRYcwpK.exe

Filesize
6.0MB

MD5
3aad740e3d589bf319ee6cbfb36b6931

SHA1
1e049fb55a1981b731bbc201d31cb9b0217a8eae

SHA256
a626bd5eca11e60c4f6f7c384bae7cac3e2c70ec314c6718e77836cb0ffc1aeb

SHA512
dabdc777ba8e126ff1c34886c2622e374e24173008f006773d30b1fce6f8b508fcb9ed05c891169e55d3a114eb59d2e92bfe30a60a6171b60d2221d1865f31ea

Download Submit
C:\Windows\system\ZCxEJtw.exe

Filesize
6.0MB

MD5
81ed39ae9c6f8ff146e244e03534b72d

SHA1
f0f9179389982323ed08880c9c493be3ec93095b

SHA256
6b401ddeacb5c806b334d9d12c59c245991016fea1e3b3874c4e52f9e8ed6780

SHA512
11ec81344086a9dc107693459093c319c85982a486287147a622e9f2f60663b4cce945074d957ceba3b67527d8fb450f77013753be5698286b60dbda87372065

Download Submit
C:\Windows\system\ZIHFNew.exe

Filesize
6.0MB

MD5
0c39ffb21669913fb8bb0e1ef1e4aae5

SHA1
02a3138163196961402f88c852371ca0079e5f59

SHA256
8b31adaa5aaa686a6f94fc8cdd4f0473aa2535c1700e8ea6c7bbb5d9cec30161

SHA512
8be153127225be4a024a2db5c682ccd41812b4ca024c7912aa97163a6ed8109c94a1e96b20147267b83cf9892df55edc29d355f80cb92961ed5f10662fbd2a43

Download Submit
C:\Windows\system\bfYTCzG.exe

Filesize
6.0MB

MD5
b563b63b369db86ac24e02fd56d33e7c

SHA1
6489438cc91d9c24fe71c0fa0a6f70ebea64d895

SHA256
b268f0f1f05672869fd0451a6af0cf0ccb52b5707240703612191035d8b3fe6f

SHA512
303ccc35f712cb2eb6de1254107d37e905fa9cc5f4054829e3413d38a9a7621fecfb6f9c7392cf638e3c6c544e4b4bf7921eaffd75b837c33cb6b157b6cbd5ef

Download Submit
C:\Windows\system\fhCBSES.exe

Filesize
8B

MD5
febf99df58219c0be3df605839308be8

SHA1
fe08ce1d9706203d07fbc982e915a9748183cc3f

SHA256
2ce4a59836f0a031aec5d0d6f8f98a0ee6897953a52c2d5078ad2f6387c5fe28

SHA512
072f48361a96aff933e48813373ee8cb32016fd515623751cbbe6de4b7f708e17b737377255763f3861e774f66800a839af33790f30e4cf89e33517cb8d62729

Download Submit
C:\Windows\system\hDnobar.exe

Filesize
6.0MB

MD5
0e6b7125f63bddb31ccfdf132efa41ec

SHA1
4e768a30952cbdf6e0580eeb7643a3709c330cdf

SHA256
d1715ad8ee359c0d899f54804e9a2f2a9235735cf476deb5fff4e5ffe81d32f0

SHA512
65728bf3d7c8114318c40da016c0d141f3774e3db799860d602a4a2ce24258f7ea9fef8f56114adf9ca7a1965ef250f34f23cbcda32e8305b88769d2121f5286

Download Submit
C:\Windows\system\hgzrvEV.exe

Filesize
6.0MB

MD5
d43d2de95f20584045c8bfde1f73e8b8

SHA1
00164f7bf12758d9887b66d84a7d2ccc2d13660b

SHA256
cc07358dd260f0db09f5245cf213a3f74f33e2471c6785d7c847fa7ae01abd66

SHA512
e96ae5834c86430b59dee954afb18cfba9cb09340728e7a57e26628b5fa7f01f95870b54027fb8212dfe24b64bd0eac131d4cc407cdf9560d2744e7d028e52b1

Download Submit
C:\Windows\system\mTkNiZc.exe

Filesize
6.0MB

MD5
59a5b646f36a4bed30e9070df80dbdce

SHA1
4cdae353688860eb4098361308aaff30abf8a99b

SHA256
cfca58c6fecd6067f62a951c5b95daa7a4821fd9d15b933045dd13778c026a65

SHA512
ece751b6397f1217f4cfe9dac291ba34dec50b00e67a1aefb132b7fd8425be5f1476107cfad0df754ead8ebea2d3d87197543840e833a28a71894b1ecb7d02ab

Download Submit
C:\Windows\system\qhrHQVX.exe

Filesize
6.0MB

MD5
adf54ea78635264d206c50f29176b0f9

SHA1
eef16976f848737ca181e477bcfa522d7b21812c

SHA256
fc6e9d51474ba947f3bbd0b023b9bf8c3abb6d7bb542585eb4911d0627a9f929

SHA512
2fc2779817882a8c8de6ea413a0483cdf10265f07dff666c30396194c38c669343071fb4136096a4e42027ae440192252520ef52e15ef4c98a9acb62e988b8ef

Download Submit
C:\Windows\system\uCgcELm.exe

Filesize
6.0MB

MD5
21915240f0aaae1c8481313169405d7a

SHA1
5f61b8a3a8935c6f6c54c54d86b2861eb2111d9e

SHA256
f624e136bf928d408ba41bc9771876c5dce410b43832427969b1228e1d13a173

SHA512
9af892c41f25f0eb8b1b7929edd7898702978aecf51a86778b7ebb35f86b094eb90f7f859ecc8d1e14027bed4a754160cc3c85d0d3ee1299ed9a3230bfdab334

Download Submit
C:\Windows\system\uTbIAJM.exe

Filesize
6.0MB

MD5
53f26594ffe69e6663dd3472da1cb93a

SHA1
6d15bc47908712e015d1e27f64dd94af91a2bbbc

SHA256
ddcb509db1c2a8c8c3b2af5a3f3f9b825a333ca58d903afc37a70891700b5b78

SHA512
02c99041c0cbeef12a211cecd0e83bd65744499b0fbc8a33e815f42203662b715e388244d305e23b0a48d78f6cce7e055104e1369c1179e7c514102a22b90e8a

Download Submit
C:\Windows\system\wPHNUig.exe

Filesize
6.0MB

MD5
c0723b9b5208b8b02d27d32993a8b5b6

SHA1
1da0b3f85626f9a60e26ee5798694b13f787755b

SHA256
f0a53b06c3220460b4beed4899243dbf21e0f74b3d9213044e2345c2db3f37a3

SHA512
0c3c940aa6ad61fce2f0886bf9142d93c99cc7b8b299daf657195da8eaf2c5e7dd44e61df846ba1d0e7b3ea93c0c4fab4077e6818cf6379dd96cc4e5248557a9

Download Submit
C:\Windows\system\xxgNUit.exe

Filesize
6.0MB

MD5
eb9b5739d8b1eee78611eb238da7a5a6

SHA1
a50e6ec96de897dd5c0208a998ca335c5d5f3b9b

SHA256
cb0cecc7b1f9846035bea4b5ce4c4f15b070543c5bb0e95462f328ac4f96ad4d

SHA512
3c7869d4e2e4d38cba57b95c9d8d4a5e8800a9e49e01b9a0cb7edcd7343eda9efdcca6f22065755139aa700663123bbe5d6a03a36d8cc89de6ff7c05b14d83d2

Download Submit
C:\Windows\system\ympnRVU.exe

Filesize
6.0MB

MD5
56fba22758abf8f9ec5176230940d034

SHA1
36c4db46719c63d4e638c249b5b8bae02e06556a

SHA256
a2cb2a1b3639f58467a8dbc308b567ef1bc8f29750f80af8626f063be94c8820

SHA512
8997ec16a918e8ca770f5eace45e8d58c19fbf4fccddf0c2249383108e6ec466738e8dde391691aa49da85fcfe7ba4b33c4886ef6e079511a008131ebcabed8a

Download Submit
C:\Windows\system\zIymkrb.exe

Filesize
6.0MB

MD5
4b01f43bd5eff0a3297ef3544eaf062a

SHA1
0b4541108ed5e5e95a3c9a2e82b3c68776820ea7

SHA256
53304d231b14078a683e7ec39a2f815e39ea39938c9e3f3ffbbb13bcc0e8414b

SHA512
86dccdfda7657025aa922a73fb0e0d67480621d5b215b373b4b01e57e003dee1cff52377a21c59b3e74e3d4166c4fbdab5cd76efb156ca82e98f14f77c8c7c9a

Download Submit
\Windows\system\EnAzNEA.exe

Filesize
6.0MB

MD5
488213a5f7e23e55ac1949b15d3943ea

SHA1
fe778eb21183fd5117d3c1dcd548e5a8a2e090ea

SHA256
cba85e149aa5d1f828957dfbc8ff502f6caf0548dd29aa88d2f5fc0a136bd02f

SHA512
ef72533b5f7f1361ee173ec9491b0eb0e622818c456c8fbd169985dc0feb647dd8e20470c5ae2079bc9fbe5c48fef4da48fa745953d6a7d9db2139d727e7bc44

Download Submit
\Windows\system\JUMPVuA.exe

Filesize
6.0MB

MD5
e44f145b311f916401bee1f55983157c

SHA1
dc1e2af6645c3f072b37983a207cda4fc8ffd222

SHA256
3c8f5c6160032d4889e9c4eb6da65071a3d4bf3b7059e96e8b568562271b3864

SHA512
ab516d28d220461963d62d31e346dfc03aacf3d2aad1dbc1aba297549099f8002823dead13892c77b637667af26fdf60cc1c08f134f906cc4f335dc7eec40913

Download Submit
\Windows\system\MkkOmwd.exe

Filesize
6.0MB

MD5
a7efafece0c9c66fff3ab60e7b6da83b

SHA1
eb79f40a061dfdb0c5aa300c571d39048d1eb20f

SHA256
4d9d953274224760aeaefe15bf9d121fa9b3f54cba479df4e732e35d155b9dee

SHA512
906a5647c6a283d2c39f0addbfb8dffbd0da9013b7c0167cdda008923d2b6f7a25ad62d9dd454aa483c79ac57c4c7c6b6b705df8458496fb637f1aa1cb301cd7

Download Submit
\Windows\system\xhNJkeo.exe

Filesize
6.0MB

MD5
9508e8334588457d7ff20d0983faa821

SHA1
f7bce924da839c9781a94d420f6ed9293f1ea5fa

SHA256
59f38188c1d7c0d2ee766c3ac5f97cfa2b221021f9cbc51f41932ec845e9f036

SHA512
cbb17056c4b98ecd72d9929e07320a1486c2e0ec4ce0f1a0ae4d1f072fad9edf55609af6cf093c0772f8fd7dd05600fb41623cd510a2ca35c200f94dc612b2ea

Download Submit
\Windows\system\xkNSTzc.exe

Filesize
6.0MB

MD5
8f50460cc3ddb14ba2cc9ce815903235

SHA1
90758719b996224b8fc46905f27b1887bc39c717

SHA256
f31298196346eb5f52066d974799476cfd5a9e5bbc16d5d392675d4b5fa04d3c

SHA512
95084e1b4dcf8e2c11f71b4b47a5ca0cfcf97b0c7920f0b53af7951d049811237eee7cd4537621c417080869e59a62fcaccfd96e129eddb749a34c645c5f4e97

Download Submit
memory/1636-3741-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-99-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-674-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1980-3709-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/1980-518-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/1980-88-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2060-3424-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2060-14-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2060-50-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2100-38-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2100-111-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-612-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-762-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-1-0x0000000000200000-0x0000000000210000-memory.dmp

Filesize
64KB

Download
memory/2100-937-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-35-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-0-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-6-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2100-46-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-63-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-101-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-112-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-55-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-31-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-23-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-93-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-92-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-102-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-12-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-70-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-19-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2500-42-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2500-3420-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2584-3731-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-106-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-850-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-68-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-105-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-3717-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-21-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3542-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2688-59-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2708-98-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-60-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3695-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-73-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3667-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-36-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3738-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2764-335-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2764-83-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2804-67-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3527-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2804-29-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2908-3694-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-51-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-87-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-82-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-3689-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-44-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-203-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-3706-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-74-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download