cobaltstrike | ef2977f58304f8a6423550ba172821585b5033681aa51761ba52f592777fd91d

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 10:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

5efe2d23af61eb383d9257a4b912e728
SHA1

b7010f4de964dd63836ca2017e5fb2c440e53030
SHA256

ef2977f58304f8a6423550ba172821585b5033681aa51761ba52f592777fd91d
SHA512

87502f8a262202c764931b99d429e8b11a1e68cba4135dbd84796d4ff6e678548d8b4dfc6fd8525fadd7fcb0a800ca33aa39a58efbe956cad16e657b0cb83898
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUS:T+q56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001226a-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191f3-12.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191f7-9.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019229-24.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019234-28.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001924c-33.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018690-53.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001926b-49.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019539-70.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019271-63.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e4-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019639-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db5-196.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d54-191.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d2d-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c63-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c48-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c4a-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998a-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c43-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196f6-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196be-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967d-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019620-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-102.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-85.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1644-0-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x000c00000001226a-3.dat	xmrig
behavioral1/files/0x00070000000191f3-12.dat	xmrig
behavioral1/memory/1636-13-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2320-15-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x00070000000191f7-9.dat	xmrig
behavioral1/files/0x0006000000019229-24.dat	xmrig
behavioral1/memory/1644-34-0x0000000002230000-0x0000000002584000-memory.dmp	xmrig
behavioral1/memory/2100-32-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019234-28.dat	xmrig
behavioral1/files/0x000600000001924c-33.dat	xmrig
behavioral1/memory/2212-21-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/1644-42-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2712-44-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/1644-43-0x0000000002230000-0x0000000002584000-memory.dmp	xmrig
behavioral1/files/0x0008000000018690-53.dat	xmrig
behavioral1/memory/356-57-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/3040-50-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x000800000001926b-49.dat	xmrig
behavioral1/files/0x0005000000019539-70.dat	xmrig
behavioral1/memory/1096-71-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2572-64-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x0007000000019271-63.dat	xmrig
behavioral1/files/0x00050000000195e4-77.dat	xmrig
behavioral1/memory/1444-87-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/files/0x0005000000019629-135.dat	xmrig
behavioral1/files/0x0005000000019639-142.dat	xmrig
behavioral1/files/0x0005000000019db5-196.dat	xmrig
behavioral1/memory/1644-1107-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2360-1002-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2068-842-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/1444-633-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/3060-417-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/1644-334-0x0000000002230000-0x0000000002584000-memory.dmp	xmrig
behavioral1/memory/1096-237-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d54-191.dat	xmrig
behavioral1/files/0x0005000000019d2d-186.dat	xmrig
behavioral1/files/0x0005000000019c63-181.dat	xmrig
behavioral1/files/0x0005000000019c48-172.dat	xmrig
behavioral1/files/0x0005000000019c4a-175.dat	xmrig
behavioral1/files/0x000500000001998a-162.dat	xmrig
behavioral1/files/0x0005000000019c43-165.dat	xmrig
behavioral1/files/0x00050000000196f6-156.dat	xmrig
behavioral1/files/0x00050000000196be-151.dat	xmrig
behavioral1/files/0x000500000001967d-145.dat	xmrig
behavioral1/files/0x0005000000019627-131.dat	xmrig
behavioral1/files/0x0005000000019623-121.dat	xmrig
behavioral1/files/0x0005000000019625-127.dat	xmrig
behavioral1/files/0x0005000000019621-117.dat	xmrig
behavioral1/files/0x0005000000019620-112.dat	xmrig
behavioral1/memory/1644-109-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/1644-108-0x0000000002230000-0x0000000002584000-memory.dmp	xmrig
behavioral1/memory/2360-104-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2572-103-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x000500000001961f-102.dat	xmrig
behavioral1/memory/2068-96-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/356-95-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x000500000001961d-94.dat	xmrig
behavioral1/memory/3060-79-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2712-78-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/3040-86-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x000500000001961b-85.dat	xmrig
behavioral1/memory/1644-61-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2212-60-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1636	RvrsvtJ.exe
2320	yqZgsvw.exe
2212	pXqOikM.exe
2100	qYMbiXr.exe
2776	vgBLkFn.exe
2712	cYJxwiR.exe
3040	pKhMqSw.exe
356	cpBTGkh.exe
2572	JvUdfFh.exe
1096	hsdqBfa.exe
3060	qlGIiin.exe
1444	LRgkhdX.exe
2068	OeQgrXg.exe
2360	uxZlnpT.exe
1048	IPLiqpA.exe
2820	zEIaQtp.exe
884	LiSjbBc.exe
2824	HbZBPEB.exe
1660	zzXISad.exe
2904	TypKYxE.exe
2912	RGepoAg.exe
2936	HvwzuIS.exe
2436	LyVCPgI.exe
2468	BlGTXCb.exe
2196	zqAHopk.exe
1240	StBtdAo.exe
2184	YQqYvJV.exe
2540	ExsIMWb.exe
1500	expvNFC.exe
376	VrwuQti.exe
936	RrZFlCA.exe
1472	Kbgsuzx.exe
1712	jEAOUUe.exe
908	MLTHrPF.exe
2952	XJBCKBR.exe
652	grFcNln.exe
588	LuibQUd.exe
1780	oUKUoAV.exe
2132	AzguVst.exe
988	EEzvzgE.exe
2260	wabiaoK.exe
2148	BtbEYnI.exe
2080	vXKYYyB.exe
1004	aRtOUyw.exe
2124	cMFwklN.exe
2264	CEFhPpi.exe
2508	aAGRAcv.exe
900	scQEseO.exe
1484	qYEvBYe.exe
2964	OtLRUNf.exe
1580	yXkeJVA.exe
1584	yGBCNse.exe
2304	pLfraZJ.exe
2128	joQIDLj.exe
2772	WaKlsOG.exe
2968	elZImnL.exe
2672	VbkvGth.exe
2892	hMToVls.exe
2104	uYKuanm.exe
2612	MmuJjsc.exe
1304	Jwfgclv.exe
324	VJeWSsC.exe
1300	LpNcwnm.exe
1480	KjTEgSh.exe

Loads dropped DLL 64 IoCs

pid	Process
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1644-0-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x000c00000001226a-3.dat	upx
behavioral1/files/0x00070000000191f3-12.dat	upx
behavioral1/memory/1636-13-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2320-15-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x00070000000191f7-9.dat	upx
behavioral1/files/0x0006000000019229-24.dat	upx
behavioral1/memory/2100-32-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x0006000000019234-28.dat	upx
behavioral1/files/0x000600000001924c-33.dat	upx
behavioral1/memory/2212-21-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/1644-42-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2712-44-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/1644-43-0x0000000002230000-0x0000000002584000-memory.dmp	upx
behavioral1/files/0x0008000000018690-53.dat	upx
behavioral1/memory/356-57-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/3040-50-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x000800000001926b-49.dat	upx
behavioral1/files/0x0005000000019539-70.dat	upx
behavioral1/memory/1096-71-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2572-64-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x0007000000019271-63.dat	upx
behavioral1/files/0x00050000000195e4-77.dat	upx
behavioral1/memory/1444-87-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/files/0x0005000000019629-135.dat	upx
behavioral1/files/0x0005000000019639-142.dat	upx
behavioral1/files/0x0005000000019db5-196.dat	upx
behavioral1/memory/2360-1002-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2068-842-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/1444-633-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/3060-417-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/1096-237-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/files/0x0005000000019d54-191.dat	upx
behavioral1/files/0x0005000000019d2d-186.dat	upx
behavioral1/files/0x0005000000019c63-181.dat	upx
behavioral1/files/0x0005000000019c48-172.dat	upx
behavioral1/files/0x0005000000019c4a-175.dat	upx
behavioral1/files/0x000500000001998a-162.dat	upx
behavioral1/files/0x0005000000019c43-165.dat	upx
behavioral1/files/0x00050000000196f6-156.dat	upx
behavioral1/files/0x00050000000196be-151.dat	upx
behavioral1/files/0x000500000001967d-145.dat	upx
behavioral1/files/0x0005000000019627-131.dat	upx
behavioral1/files/0x0005000000019623-121.dat	upx
behavioral1/files/0x0005000000019625-127.dat	upx
behavioral1/files/0x0005000000019621-117.dat	upx
behavioral1/files/0x0005000000019620-112.dat	upx
behavioral1/memory/2360-104-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2572-103-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x000500000001961f-102.dat	upx
behavioral1/memory/2068-96-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/356-95-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x000500000001961d-94.dat	upx
behavioral1/memory/3060-79-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2712-78-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/3040-86-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x000500000001961b-85.dat	upx
behavioral1/memory/2212-60-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2776-40-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/1636-3509-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2320-3507-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2100-3512-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2212-3550-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2776-3552-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qsniTgQ.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UJwfFzm.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vAqcwgM.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZODrImg.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zNxCgBQ.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JXjpiOZ.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KhxHItN.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vYAIDTp.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Jbcgezg.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YorHZQh.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFEUhJw.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXzacVF.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RmZhJgL.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oiuQEIo.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WSJvZek.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tONKYEW.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lbRveOd.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mhOzVsW.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DmegoTn.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xlctUfW.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MklamMp.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WQrnBdM.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngjQlZk.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yoXrSXk.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\huNAzPr.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wmWwDVH.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRnOlJz.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wmpCVsa.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SMGdAQO.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TeZVudN.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xeYpTHV.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvNyTfk.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aRtOUyw.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WZeNwzw.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Wyqxisk.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\teAABwA.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fPVNLHC.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KfylYQY.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DRXRTjF.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZRmDpvA.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pXqOikM.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cwsuaPl.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nyTzljv.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KOmWRGQ.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GaSEKKQ.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QUSIdOq.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NmnZGrO.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PiFNVkF.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OxuYkSd.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uFHrpoP.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bMYdRzL.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dsnYoCZ.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YjdStok.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKQFPcL.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aRBKNbj.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PGabGMa.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vNYuZoK.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xEEJRXo.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RaddjMA.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TsVvyfO.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kqQyOVA.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfpHcyt.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kRlzsxj.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PCRbrsq.exe	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 1636	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1644 wrote to memory of 1636	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1644 wrote to memory of 1636	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1644 wrote to memory of 2320	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1644 wrote to memory of 2320	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1644 wrote to memory of 2320	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1644 wrote to memory of 2212	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1644 wrote to memory of 2212	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1644 wrote to memory of 2212	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1644 wrote to memory of 2100	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1644 wrote to memory of 2100	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1644 wrote to memory of 2100	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1644 wrote to memory of 2776	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1644 wrote to memory of 2776	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1644 wrote to memory of 2776	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1644 wrote to memory of 2712	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1644 wrote to memory of 2712	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1644 wrote to memory of 2712	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1644 wrote to memory of 3040	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1644 wrote to memory of 3040	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1644 wrote to memory of 3040	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1644 wrote to memory of 356	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1644 wrote to memory of 356	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1644 wrote to memory of 356	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1644 wrote to memory of 2572	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1644 wrote to memory of 2572	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1644 wrote to memory of 2572	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1644 wrote to memory of 1096	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1644 wrote to memory of 1096	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1644 wrote to memory of 1096	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1644 wrote to memory of 3060	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1644 wrote to memory of 3060	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1644 wrote to memory of 3060	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1644 wrote to memory of 1444	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1644 wrote to memory of 1444	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1644 wrote to memory of 1444	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1644 wrote to memory of 2068	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1644 wrote to memory of 2068	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1644 wrote to memory of 2068	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1644 wrote to memory of 2360	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1644 wrote to memory of 2360	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1644 wrote to memory of 2360	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1644 wrote to memory of 1048	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1644 wrote to memory of 1048	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1644 wrote to memory of 1048	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1644 wrote to memory of 2820	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1644 wrote to memory of 2820	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1644 wrote to memory of 2820	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1644 wrote to memory of 884	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1644 wrote to memory of 884	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1644 wrote to memory of 884	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1644 wrote to memory of 2824	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1644 wrote to memory of 2824	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1644 wrote to memory of 2824	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1644 wrote to memory of 1660	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1644 wrote to memory of 1660	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1644 wrote to memory of 1660	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1644 wrote to memory of 2904	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1644 wrote to memory of 2904	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1644 wrote to memory of 2904	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1644 wrote to memory of 2912	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1644 wrote to memory of 2912	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1644 wrote to memory of 2912	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1644 wrote to memory of 2936	1644	2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_5efe2d23af61eb383d9257a4b912e728_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Windows\System\RvrsvtJ.exe
  C:\Windows\System\RvrsvtJ.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\yqZgsvw.exe
  C:\Windows\System\yqZgsvw.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\pXqOikM.exe
  C:\Windows\System\pXqOikM.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\qYMbiXr.exe
  C:\Windows\System\qYMbiXr.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\vgBLkFn.exe
  C:\Windows\System\vgBLkFn.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\cYJxwiR.exe
  C:\Windows\System\cYJxwiR.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\pKhMqSw.exe
  C:\Windows\System\pKhMqSw.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\cpBTGkh.exe
  C:\Windows\System\cpBTGkh.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\JvUdfFh.exe
  C:\Windows\System\JvUdfFh.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\hsdqBfa.exe
  C:\Windows\System\hsdqBfa.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\qlGIiin.exe
  C:\Windows\System\qlGIiin.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\LRgkhdX.exe
  C:\Windows\System\LRgkhdX.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\OeQgrXg.exe
  C:\Windows\System\OeQgrXg.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\uxZlnpT.exe
  C:\Windows\System\uxZlnpT.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\IPLiqpA.exe
  C:\Windows\System\IPLiqpA.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\zEIaQtp.exe
  C:\Windows\System\zEIaQtp.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\LiSjbBc.exe
  C:\Windows\System\LiSjbBc.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\HbZBPEB.exe
  C:\Windows\System\HbZBPEB.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\zzXISad.exe
  C:\Windows\System\zzXISad.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\TypKYxE.exe
  C:\Windows\System\TypKYxE.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\RGepoAg.exe
  C:\Windows\System\RGepoAg.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\HvwzuIS.exe
  C:\Windows\System\HvwzuIS.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\LyVCPgI.exe
  C:\Windows\System\LyVCPgI.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\BlGTXCb.exe
  C:\Windows\System\BlGTXCb.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\zqAHopk.exe
  C:\Windows\System\zqAHopk.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\StBtdAo.exe
  C:\Windows\System\StBtdAo.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\YQqYvJV.exe
  C:\Windows\System\YQqYvJV.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\ExsIMWb.exe
  C:\Windows\System\ExsIMWb.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\expvNFC.exe
  C:\Windows\System\expvNFC.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\VrwuQti.exe
  C:\Windows\System\VrwuQti.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\RrZFlCA.exe
  C:\Windows\System\RrZFlCA.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\Kbgsuzx.exe
  C:\Windows\System\Kbgsuzx.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\jEAOUUe.exe
  C:\Windows\System\jEAOUUe.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\MLTHrPF.exe
  C:\Windows\System\MLTHrPF.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\XJBCKBR.exe
  C:\Windows\System\XJBCKBR.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\grFcNln.exe
  C:\Windows\System\grFcNln.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\LuibQUd.exe
  C:\Windows\System\LuibQUd.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\oUKUoAV.exe
  C:\Windows\System\oUKUoAV.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\AzguVst.exe
  C:\Windows\System\AzguVst.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\EEzvzgE.exe
  C:\Windows\System\EEzvzgE.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\wabiaoK.exe
  C:\Windows\System\wabiaoK.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\BtbEYnI.exe
  C:\Windows\System\BtbEYnI.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\vXKYYyB.exe
  C:\Windows\System\vXKYYyB.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\aRtOUyw.exe
  C:\Windows\System\aRtOUyw.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\cMFwklN.exe
  C:\Windows\System\cMFwklN.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\CEFhPpi.exe
  C:\Windows\System\CEFhPpi.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\aAGRAcv.exe
  C:\Windows\System\aAGRAcv.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\scQEseO.exe
  C:\Windows\System\scQEseO.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\qYEvBYe.exe
  C:\Windows\System\qYEvBYe.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\OtLRUNf.exe
  C:\Windows\System\OtLRUNf.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\yXkeJVA.exe
  C:\Windows\System\yXkeJVA.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\yGBCNse.exe
  C:\Windows\System\yGBCNse.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\pLfraZJ.exe
  C:\Windows\System\pLfraZJ.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\joQIDLj.exe
  C:\Windows\System\joQIDLj.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\WaKlsOG.exe
  C:\Windows\System\WaKlsOG.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\elZImnL.exe
  C:\Windows\System\elZImnL.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\VbkvGth.exe
  C:\Windows\System\VbkvGth.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\hMToVls.exe
  C:\Windows\System\hMToVls.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\uYKuanm.exe
  C:\Windows\System\uYKuanm.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\MmuJjsc.exe
  C:\Windows\System\MmuJjsc.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\Jwfgclv.exe
  C:\Windows\System\Jwfgclv.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\VJeWSsC.exe
  C:\Windows\System\VJeWSsC.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\zhSiBDx.exe
  C:\Windows\System\zhSiBDx.exe
  2⤵
  PID:2812
- C:\Windows\System\LpNcwnm.exe
  C:\Windows\System\LpNcwnm.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\ucBJURK.exe
  C:\Windows\System\ucBJURK.exe
  2⤵
  PID:484
- C:\Windows\System\KjTEgSh.exe
  C:\Windows\System\KjTEgSh.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\kyXdTEs.exe
  C:\Windows\System\kyXdTEs.exe
  2⤵
  PID:2368
- C:\Windows\System\kHLaAtq.exe
  C:\Windows\System\kHLaAtq.exe
  2⤵
  PID:2944
- C:\Windows\System\IjRDQkn.exe
  C:\Windows\System\IjRDQkn.exe
  2⤵
  PID:1064
- C:\Windows\System\QPgMKiT.exe
  C:\Windows\System\QPgMKiT.exe
  2⤵
  PID:2416
- C:\Windows\System\zGmUvMM.exe
  C:\Windows\System\zGmUvMM.exe
  2⤵
  PID:1348
- C:\Windows\System\RYWcbuj.exe
  C:\Windows\System\RYWcbuj.exe
  2⤵
  PID:1600
- C:\Windows\System\ZsYmwaD.exe
  C:\Windows\System\ZsYmwaD.exe
  2⤵
  PID:2204
- C:\Windows\System\IyRcRDB.exe
  C:\Windows\System\IyRcRDB.exe
  2⤵
  PID:960
- C:\Windows\System\rvFWvFk.exe
  C:\Windows\System\rvFWvFk.exe
  2⤵
  PID:2940
- C:\Windows\System\bmWhFhf.exe
  C:\Windows\System\bmWhFhf.exe
  2⤵
  PID:1524
- C:\Windows\System\dJtLrzj.exe
  C:\Windows\System\dJtLrzj.exe
  2⤵
  PID:2172
- C:\Windows\System\ozKDUoh.exe
  C:\Windows\System\ozKDUoh.exe
  2⤵
  PID:596
- C:\Windows\System\TlQswJT.exe
  C:\Windows\System\TlQswJT.exe
  2⤵
  PID:2496
- C:\Windows\System\ZzslLLa.exe
  C:\Windows\System\ZzslLLa.exe
  2⤵
  PID:1788
- C:\Windows\System\yHqjYlN.exe
  C:\Windows\System\yHqjYlN.exe
  2⤵
  PID:996
- C:\Windows\System\DBzwJYF.exe
  C:\Windows\System\DBzwJYF.exe
  2⤵
  PID:276
- C:\Windows\System\TYXQIJW.exe
  C:\Windows\System\TYXQIJW.exe
  2⤵
  PID:676
- C:\Windows\System\ozoyQAd.exe
  C:\Windows\System\ozoyQAd.exe
  2⤵
  PID:3020
- C:\Windows\System\yLeIKaS.exe
  C:\Windows\System\yLeIKaS.exe
  2⤵
  PID:2708
- C:\Windows\System\WZeNwzw.exe
  C:\Windows\System\WZeNwzw.exe
  2⤵
  PID:1596
- C:\Windows\System\zKhaorF.exe
  C:\Windows\System\zKhaorF.exe
  2⤵
  PID:916
- C:\Windows\System\aJfLjst.exe
  C:\Windows\System\aJfLjst.exe
  2⤵
  PID:2788
- C:\Windows\System\KYUEVLc.exe
  C:\Windows\System\KYUEVLc.exe
  2⤵
  PID:1704
- C:\Windows\System\PgSYRZm.exe
  C:\Windows\System\PgSYRZm.exe
  2⤵
  PID:2652
- C:\Windows\System\LTeDQlK.exe
  C:\Windows\System\LTeDQlK.exe
  2⤵
  PID:2636
- C:\Windows\System\OeNtKuJ.exe
  C:\Windows\System\OeNtKuJ.exe
  2⤵
  PID:2324
- C:\Windows\System\GwDtjKY.exe
  C:\Windows\System\GwDtjKY.exe
  2⤵
  PID:2948
- C:\Windows\System\qpEcChx.exe
  C:\Windows\System\qpEcChx.exe
  2⤵
  PID:2924
- C:\Windows\System\txkdjqs.exe
  C:\Windows\System\txkdjqs.exe
  2⤵
  PID:2444
- C:\Windows\System\qmHlrhM.exe
  C:\Windows\System\qmHlrhM.exe
  2⤵
  PID:1052
- C:\Windows\System\iibyfOp.exe
  C:\Windows\System\iibyfOp.exe
  2⤵
  PID:844
- C:\Windows\System\WHvUydy.exe
  C:\Windows\System\WHvUydy.exe
  2⤵
  PID:2520
- C:\Windows\System\TntxekU.exe
  C:\Windows\System\TntxekU.exe
  2⤵
  PID:1860
- C:\Windows\System\QOOCNoE.exe
  C:\Windows\System\QOOCNoE.exe
  2⤵
  PID:1604
- C:\Windows\System\ENDJlPa.exe
  C:\Windows\System\ENDJlPa.exe
  2⤵
  PID:560
- C:\Windows\System\unnasGZ.exe
  C:\Windows\System\unnasGZ.exe
  2⤵
  PID:1760
- C:\Windows\System\lOMbyme.exe
  C:\Windows\System\lOMbyme.exe
  2⤵
  PID:544
- C:\Windows\System\fWCcPVm.exe
  C:\Windows\System\fWCcPVm.exe
  2⤵
  PID:2344
- C:\Windows\System\cynVmkA.exe
  C:\Windows\System\cynVmkA.exe
  2⤵
  PID:2720
- C:\Windows\System\oAPApkE.exe
  C:\Windows\System\oAPApkE.exe
  2⤵
  PID:2980
- C:\Windows\System\htaFrGT.exe
  C:\Windows\System\htaFrGT.exe
  2⤵
  PID:2680
- C:\Windows\System\JgalUKh.exe
  C:\Windows\System\JgalUKh.exe
  2⤵
  PID:2844
- C:\Windows\System\ZilnLdw.exe
  C:\Windows\System\ZilnLdw.exe
  2⤵
  PID:2448
- C:\Windows\System\wNZQEIN.exe
  C:\Windows\System\wNZQEIN.exe
  2⤵
  PID:2900
- C:\Windows\System\SPBixmZ.exe
  C:\Windows\System\SPBixmZ.exe
  2⤵
  PID:2512
- C:\Windows\System\eHwdNlZ.exe
  C:\Windows\System\eHwdNlZ.exe
  2⤵
  PID:2896
- C:\Windows\System\GhuuUCV.exe
  C:\Windows\System\GhuuUCV.exe
  2⤵
  PID:2420
- C:\Windows\System\cJoMxsK.exe
  C:\Windows\System\cJoMxsK.exe
  2⤵
  PID:3080
- C:\Windows\System\lfKKOeg.exe
  C:\Windows\System\lfKKOeg.exe
  2⤵
  PID:3100
- C:\Windows\System\hfmhHZy.exe
  C:\Windows\System\hfmhHZy.exe
  2⤵
  PID:3120
- C:\Windows\System\esYQsEZ.exe
  C:\Windows\System\esYQsEZ.exe
  2⤵
  PID:3140
- C:\Windows\System\XHyBbIv.exe
  C:\Windows\System\XHyBbIv.exe
  2⤵
  PID:3160
- C:\Windows\System\qhlWBcA.exe
  C:\Windows\System\qhlWBcA.exe
  2⤵
  PID:3180
- C:\Windows\System\dHckVEI.exe
  C:\Windows\System\dHckVEI.exe
  2⤵
  PID:3196
- C:\Windows\System\XjXVPyF.exe
  C:\Windows\System\XjXVPyF.exe
  2⤵
  PID:3216
- C:\Windows\System\GzcpSIs.exe
  C:\Windows\System\GzcpSIs.exe
  2⤵
  PID:3236
- C:\Windows\System\YqbTkIw.exe
  C:\Windows\System\YqbTkIw.exe
  2⤵
  PID:3264
- C:\Windows\System\qixTRNW.exe
  C:\Windows\System\qixTRNW.exe
  2⤵
  PID:3284
- C:\Windows\System\vGbuZoR.exe
  C:\Windows\System\vGbuZoR.exe
  2⤵
  PID:3304
- C:\Windows\System\dHVeUMH.exe
  C:\Windows\System\dHVeUMH.exe
  2⤵
  PID:3320
- C:\Windows\System\EHPyxwX.exe
  C:\Windows\System\EHPyxwX.exe
  2⤵
  PID:3340
- C:\Windows\System\YIkHLxe.exe
  C:\Windows\System\YIkHLxe.exe
  2⤵
  PID:3360
- C:\Windows\System\uLGdxpH.exe
  C:\Windows\System\uLGdxpH.exe
  2⤵
  PID:3380
- C:\Windows\System\SRClxbh.exe
  C:\Windows\System\SRClxbh.exe
  2⤵
  PID:3404
- C:\Windows\System\emKsqmf.exe
  C:\Windows\System\emKsqmf.exe
  2⤵
  PID:3424
- C:\Windows\System\ofxABCK.exe
  C:\Windows\System\ofxABCK.exe
  2⤵
  PID:3440
- C:\Windows\System\eFfsmZm.exe
  C:\Windows\System\eFfsmZm.exe
  2⤵
  PID:3464
- C:\Windows\System\sfvGcki.exe
  C:\Windows\System\sfvGcki.exe
  2⤵
  PID:3484
- C:\Windows\System\PPWTjdp.exe
  C:\Windows\System\PPWTjdp.exe
  2⤵
  PID:3504
- C:\Windows\System\OIXJrVQ.exe
  C:\Windows\System\OIXJrVQ.exe
  2⤵
  PID:3520
- C:\Windows\System\grwmprO.exe
  C:\Windows\System\grwmprO.exe
  2⤵
  PID:3540
- C:\Windows\System\styTsFu.exe
  C:\Windows\System\styTsFu.exe
  2⤵
  PID:3564
- C:\Windows\System\JJhZPhj.exe
  C:\Windows\System\JJhZPhj.exe
  2⤵
  PID:3584
- C:\Windows\System\GwKpqIl.exe
  C:\Windows\System\GwKpqIl.exe
  2⤵
  PID:3604
- C:\Windows\System\lBoSQdq.exe
  C:\Windows\System\lBoSQdq.exe
  2⤵
  PID:3624
- C:\Windows\System\BXywlnV.exe
  C:\Windows\System\BXywlnV.exe
  2⤵
  PID:3640
- C:\Windows\System\IlFBeBQ.exe
  C:\Windows\System\IlFBeBQ.exe
  2⤵
  PID:3660
- C:\Windows\System\vXVENva.exe
  C:\Windows\System\vXVENva.exe
  2⤵
  PID:3684
- C:\Windows\System\QlglBof.exe
  C:\Windows\System\QlglBof.exe
  2⤵
  PID:3704
- C:\Windows\System\rCSwlKY.exe
  C:\Windows\System\rCSwlKY.exe
  2⤵
  PID:3720
- C:\Windows\System\XabozxS.exe
  C:\Windows\System\XabozxS.exe
  2⤵
  PID:3744
- C:\Windows\System\ckXhXPg.exe
  C:\Windows\System\ckXhXPg.exe
  2⤵
  PID:3764
- C:\Windows\System\CorLhuG.exe
  C:\Windows\System\CorLhuG.exe
  2⤵
  PID:3784
- C:\Windows\System\WVatvaX.exe
  C:\Windows\System\WVatvaX.exe
  2⤵
  PID:3804
- C:\Windows\System\aozEiJj.exe
  C:\Windows\System\aozEiJj.exe
  2⤵
  PID:3824
- C:\Windows\System\nckrpXF.exe
  C:\Windows\System\nckrpXF.exe
  2⤵
  PID:3844
- C:\Windows\System\rIijzgg.exe
  C:\Windows\System\rIijzgg.exe
  2⤵
  PID:3864
- C:\Windows\System\rPYTPNz.exe
  C:\Windows\System\rPYTPNz.exe
  2⤵
  PID:3884
- C:\Windows\System\iSziWjl.exe
  C:\Windows\System\iSziWjl.exe
  2⤵
  PID:3904
- C:\Windows\System\nFcwsXE.exe
  C:\Windows\System\nFcwsXE.exe
  2⤵
  PID:3920
- C:\Windows\System\JEtonsl.exe
  C:\Windows\System\JEtonsl.exe
  2⤵
  PID:3944
- C:\Windows\System\RuLkwtO.exe
  C:\Windows\System\RuLkwtO.exe
  2⤵
  PID:3960
- C:\Windows\System\vYzJKiu.exe
  C:\Windows\System\vYzJKiu.exe
  2⤵
  PID:3984
- C:\Windows\System\TQLvboy.exe
  C:\Windows\System\TQLvboy.exe
  2⤵
  PID:4004
- C:\Windows\System\DxpFibh.exe
  C:\Windows\System\DxpFibh.exe
  2⤵
  PID:4024
- C:\Windows\System\UqRVKNG.exe
  C:\Windows\System\UqRVKNG.exe
  2⤵
  PID:4040
- C:\Windows\System\oseRMQz.exe
  C:\Windows\System\oseRMQz.exe
  2⤵
  PID:4060
- C:\Windows\System\pHmUQLv.exe
  C:\Windows\System\pHmUQLv.exe
  2⤵
  PID:4080
- C:\Windows\System\BzekUZf.exe
  C:\Windows\System\BzekUZf.exe
  2⤵
  PID:2244
- C:\Windows\System\iZbrUCy.exe
  C:\Windows\System\iZbrUCy.exe
  2⤵
  PID:1748
- C:\Windows\System\tWDLeWr.exe
  C:\Windows\System\tWDLeWr.exe
  2⤵
  PID:3028
- C:\Windows\System\STmCWTf.exe
  C:\Windows\System\STmCWTf.exe
  2⤵
  PID:2668
- C:\Windows\System\psyGTRs.exe
  C:\Windows\System\psyGTRs.exe
  2⤵
  PID:1588
- C:\Windows\System\IuQGlPj.exe
  C:\Windows\System\IuQGlPj.exe
  2⤵
  PID:2352
- C:\Windows\System\niSHbDE.exe
  C:\Windows\System\niSHbDE.exe
  2⤵
  PID:2876
- C:\Windows\System\WRuWhhD.exe
  C:\Windows\System\WRuWhhD.exe
  2⤵
  PID:3092
- C:\Windows\System\TjOnfBy.exe
  C:\Windows\System\TjOnfBy.exe
  2⤵
  PID:1120
- C:\Windows\System\QolPBap.exe
  C:\Windows\System\QolPBap.exe
  2⤵
  PID:3076
- C:\Windows\System\IMnmlUx.exe
  C:\Windows\System\IMnmlUx.exe
  2⤵
  PID:3116
- C:\Windows\System\QntCIFO.exe
  C:\Windows\System\QntCIFO.exe
  2⤵
  PID:3208
- C:\Windows\System\dcawPsh.exe
  C:\Windows\System\dcawPsh.exe
  2⤵
  PID:3152
- C:\Windows\System\OEaMoIJ.exe
  C:\Windows\System\OEaMoIJ.exe
  2⤵
  PID:3224
- C:\Windows\System\zienQlb.exe
  C:\Windows\System\zienQlb.exe
  2⤵
  PID:3280
- C:\Windows\System\quqfcWn.exe
  C:\Windows\System\quqfcWn.exe
  2⤵
  PID:3336
- C:\Windows\System\mNOlxJv.exe
  C:\Windows\System\mNOlxJv.exe
  2⤵
  PID:3412
- C:\Windows\System\UfcZbNI.exe
  C:\Windows\System\UfcZbNI.exe
  2⤵
  PID:3316
- C:\Windows\System\sGzWPar.exe
  C:\Windows\System\sGzWPar.exe
  2⤵
  PID:3392
- C:\Windows\System\AYAVWus.exe
  C:\Windows\System\AYAVWus.exe
  2⤵
  PID:3492
- C:\Windows\System\LRVShfm.exe
  C:\Windows\System\LRVShfm.exe
  2⤵
  PID:3532
- C:\Windows\System\rmbKtgP.exe
  C:\Windows\System\rmbKtgP.exe
  2⤵
  PID:3480
- C:\Windows\System\zZMQsSp.exe
  C:\Windows\System\zZMQsSp.exe
  2⤵
  PID:3512
- C:\Windows\System\GHoImVR.exe
  C:\Windows\System\GHoImVR.exe
  2⤵
  PID:3560
- C:\Windows\System\tbkdAlW.exe
  C:\Windows\System\tbkdAlW.exe
  2⤵
  PID:3596
- C:\Windows\System\oCALabU.exe
  C:\Windows\System\oCALabU.exe
  2⤵
  PID:3692
- C:\Windows\System\nwTFxeb.exe
  C:\Windows\System\nwTFxeb.exe
  2⤵
  PID:3700
- C:\Windows\System\lKtTTNy.exe
  C:\Windows\System\lKtTTNy.exe
  2⤵
  PID:3732
- C:\Windows\System\pHGMOwO.exe
  C:\Windows\System\pHGMOwO.exe
  2⤵
  PID:3716
- C:\Windows\System\WuCWdil.exe
  C:\Windows\System\WuCWdil.exe
  2⤵
  PID:3752
- C:\Windows\System\lZFMbuB.exe
  C:\Windows\System\lZFMbuB.exe
  2⤵
  PID:3820
- C:\Windows\System\DhrVrHP.exe
  C:\Windows\System\DhrVrHP.exe
  2⤵
  PID:3856
- C:\Windows\System\TnCOObx.exe
  C:\Windows\System\TnCOObx.exe
  2⤵
  PID:3836
- C:\Windows\System\FtkyPbp.exe
  C:\Windows\System\FtkyPbp.exe
  2⤵
  PID:3872
- C:\Windows\System\OOFYcqw.exe
  C:\Windows\System\OOFYcqw.exe
  2⤵
  PID:3932
- C:\Windows\System\SfpHcyt.exe
  C:\Windows\System\SfpHcyt.exe
  2⤵
  PID:3912
- C:\Windows\System\UAGJBTy.exe
  C:\Windows\System\UAGJBTy.exe
  2⤵
  PID:4020
- C:\Windows\System\krEvxBr.exe
  C:\Windows\System\krEvxBr.exe
  2⤵
  PID:3996
- C:\Windows\System\qaqxovq.exe
  C:\Windows\System\qaqxovq.exe
  2⤵
  PID:4036
- C:\Windows\System\igebbbv.exe
  C:\Windows\System\igebbbv.exe
  2⤵
  PID:4068
- C:\Windows\System\FMPzURo.exe
  C:\Windows\System\FMPzURo.exe
  2⤵
  PID:984
- C:\Windows\System\EwewSRu.exe
  C:\Windows\System\EwewSRu.exe
  2⤵
  PID:2012
- C:\Windows\System\vrEMlcr.exe
  C:\Windows\System\vrEMlcr.exe
  2⤵
  PID:1508
- C:\Windows\System\VqvAtoV.exe
  C:\Windows\System\VqvAtoV.exe
  2⤵
  PID:3088
- C:\Windows\System\AAyKWkJ.exe
  C:\Windows\System\AAyKWkJ.exe
  2⤵
  PID:3096
- C:\Windows\System\TrbFDZO.exe
  C:\Windows\System\TrbFDZO.exe
  2⤵
  PID:2872
- C:\Windows\System\QDltxPI.exe
  C:\Windows\System\QDltxPI.exe
  2⤵
  PID:2092
- C:\Windows\System\akUafWP.exe
  C:\Windows\System\akUafWP.exe
  2⤵
  PID:3204
- C:\Windows\System\ftJiDca.exe
  C:\Windows\System\ftJiDca.exe
  2⤵
  PID:3292
- C:\Windows\System\JmZcZlz.exe
  C:\Windows\System\JmZcZlz.exe
  2⤵
  PID:3312
- C:\Windows\System\DfNBXKP.exe
  C:\Windows\System\DfNBXKP.exe
  2⤵
  PID:3400
- C:\Windows\System\MLXABBE.exe
  C:\Windows\System\MLXABBE.exe
  2⤵
  PID:3496
- C:\Windows\System\OpLNdpO.exe
  C:\Windows\System\OpLNdpO.exe
  2⤵
  PID:3548
- C:\Windows\System\UmIHwCo.exe
  C:\Windows\System\UmIHwCo.exe
  2⤵
  PID:3616
- C:\Windows\System\YYVycGM.exe
  C:\Windows\System\YYVycGM.exe
  2⤵
  PID:3436
- C:\Windows\System\eNfyJDH.exe
  C:\Windows\System\eNfyJDH.exe
  2⤵
  PID:3636
- C:\Windows\System\ZjBfVMm.exe
  C:\Windows\System\ZjBfVMm.exe
  2⤵
  PID:3652
- C:\Windows\System\CDJneUo.exe
  C:\Windows\System\CDJneUo.exe
  2⤵
  PID:3772
- C:\Windows\System\QdMfANI.exe
  C:\Windows\System\QdMfANI.exe
  2⤵
  PID:3832
- C:\Windows\System\dOUJIlT.exe
  C:\Windows\System\dOUJIlT.exe
  2⤵
  PID:3876
- C:\Windows\System\WuvHdIC.exe
  C:\Windows\System\WuvHdIC.exe
  2⤵
  PID:3896
- C:\Windows\System\utXilzt.exe
  C:\Windows\System\utXilzt.exe
  2⤵
  PID:3976
- C:\Windows\System\wxAFIzJ.exe
  C:\Windows\System\wxAFIzJ.exe
  2⤵
  PID:4056
- C:\Windows\System\xehgIxr.exe
  C:\Windows\System\xehgIxr.exe
  2⤵
  PID:1872
- C:\Windows\System\ThtMxzf.exe
  C:\Windows\System\ThtMxzf.exe
  2⤵
  PID:2676
- C:\Windows\System\onevQrg.exe
  C:\Windows\System\onevQrg.exe
  2⤵
  PID:552
- C:\Windows\System\OIaivjK.exe
  C:\Windows\System\OIaivjK.exe
  2⤵
  PID:2000
- C:\Windows\System\AczoinX.exe
  C:\Windows\System\AczoinX.exe
  2⤵
  PID:3168
- C:\Windows\System\JDsmwYB.exe
  C:\Windows\System\JDsmwYB.exe
  2⤵
  PID:2740
- C:\Windows\System\IDfEbzx.exe
  C:\Windows\System\IDfEbzx.exe
  2⤵
  PID:3332
- C:\Windows\System\ETrEiVJ.exe
  C:\Windows\System\ETrEiVJ.exe
  2⤵
  PID:3276
- C:\Windows\System\yEShWUO.exe
  C:\Windows\System\yEShWUO.exe
  2⤵
  PID:3416
- C:\Windows\System\dgoUCsf.exe
  C:\Windows\System\dgoUCsf.exe
  2⤵
  PID:3356
- C:\Windows\System\NEczGAO.exe
  C:\Windows\System\NEczGAO.exe
  2⤵
  PID:3712
- C:\Windows\System\AywFBtu.exe
  C:\Windows\System\AywFBtu.exe
  2⤵
  PID:2312
- C:\Windows\System\GSccBor.exe
  C:\Windows\System\GSccBor.exe
  2⤵
  PID:3852
- C:\Windows\System\xothOVv.exe
  C:\Windows\System\xothOVv.exe
  2⤵
  PID:3972
- C:\Windows\System\prxlCqL.exe
  C:\Windows\System\prxlCqL.exe
  2⤵
  PID:3980
- C:\Windows\System\GMeclyy.exe
  C:\Windows\System\GMeclyy.exe
  2⤵
  PID:4092
- C:\Windows\System\VSZgyvJ.exe
  C:\Windows\System\VSZgyvJ.exe
  2⤵
  PID:2516
- C:\Windows\System\LlpDMfM.exe
  C:\Windows\System\LlpDMfM.exe
  2⤵
  PID:1680
- C:\Windows\System\kRlzsxj.exe
  C:\Windows\System\kRlzsxj.exe
  2⤵
  PID:3256
- C:\Windows\System\okFoAnL.exe
  C:\Windows\System\okFoAnL.exe
  2⤵
  PID:3176
- C:\Windows\System\LdxuFfv.exe
  C:\Windows\System\LdxuFfv.exe
  2⤵
  PID:3472
- C:\Windows\System\dtiCnwo.exe
  C:\Windows\System\dtiCnwo.exe
  2⤵
  PID:3736
- C:\Windows\System\YcfgSap.exe
  C:\Windows\System\YcfgSap.exe
  2⤵
  PID:3792
- C:\Windows\System\ODXaWuR.exe
  C:\Windows\System\ODXaWuR.exe
  2⤵
  PID:3728
- C:\Windows\System\keKPgUO.exe
  C:\Windows\System\keKPgUO.exe
  2⤵
  PID:4112
- C:\Windows\System\vnzhxEW.exe
  C:\Windows\System\vnzhxEW.exe
  2⤵
  PID:4132
- C:\Windows\System\AKaQsKT.exe
  C:\Windows\System\AKaQsKT.exe
  2⤵
  PID:4148
- C:\Windows\System\VJmKmjM.exe
  C:\Windows\System\VJmKmjM.exe
  2⤵
  PID:4172
- C:\Windows\System\OIufaPQ.exe
  C:\Windows\System\OIufaPQ.exe
  2⤵
  PID:4192
- C:\Windows\System\ZFRJbrZ.exe
  C:\Windows\System\ZFRJbrZ.exe
  2⤵
  PID:4212
- C:\Windows\System\evTkOer.exe
  C:\Windows\System\evTkOer.exe
  2⤵
  PID:4228
- C:\Windows\System\nzaQaHC.exe
  C:\Windows\System\nzaQaHC.exe
  2⤵
  PID:4252
- C:\Windows\System\vVMkcXl.exe
  C:\Windows\System\vVMkcXl.exe
  2⤵
  PID:4272
- C:\Windows\System\pcysFDa.exe
  C:\Windows\System\pcysFDa.exe
  2⤵
  PID:4292
- C:\Windows\System\IoBhhpe.exe
  C:\Windows\System\IoBhhpe.exe
  2⤵
  PID:4312
- C:\Windows\System\yPHooeD.exe
  C:\Windows\System\yPHooeD.exe
  2⤵
  PID:4332
- C:\Windows\System\HJhCotd.exe
  C:\Windows\System\HJhCotd.exe
  2⤵
  PID:4348
- C:\Windows\System\nCEyOiU.exe
  C:\Windows\System\nCEyOiU.exe
  2⤵
  PID:4368
- C:\Windows\System\kULDHmn.exe
  C:\Windows\System\kULDHmn.exe
  2⤵
  PID:4388
- C:\Windows\System\oXMdkiI.exe
  C:\Windows\System\oXMdkiI.exe
  2⤵
  PID:4416
- C:\Windows\System\JKVwwSL.exe
  C:\Windows\System\JKVwwSL.exe
  2⤵
  PID:4436
- C:\Windows\System\hqkTWCd.exe
  C:\Windows\System\hqkTWCd.exe
  2⤵
  PID:4456
- C:\Windows\System\ongezfX.exe
  C:\Windows\System\ongezfX.exe
  2⤵
  PID:4472
- C:\Windows\System\kGXKXzi.exe
  C:\Windows\System\kGXKXzi.exe
  2⤵
  PID:4492
- C:\Windows\System\PJCgsro.exe
  C:\Windows\System\PJCgsro.exe
  2⤵
  PID:4512
- C:\Windows\System\FtjGbOZ.exe
  C:\Windows\System\FtjGbOZ.exe
  2⤵
  PID:4536
- C:\Windows\System\LEoqshf.exe
  C:\Windows\System\LEoqshf.exe
  2⤵
  PID:4552
- C:\Windows\System\hDUfUCG.exe
  C:\Windows\System\hDUfUCG.exe
  2⤵
  PID:4572
- C:\Windows\System\zNpyiEU.exe
  C:\Windows\System\zNpyiEU.exe
  2⤵
  PID:4592
- C:\Windows\System\vRtXLPp.exe
  C:\Windows\System\vRtXLPp.exe
  2⤵
  PID:4616
- C:\Windows\System\idISLLE.exe
  C:\Windows\System\idISLLE.exe
  2⤵
  PID:4632
- C:\Windows\System\ahaFxYQ.exe
  C:\Windows\System\ahaFxYQ.exe
  2⤵
  PID:4652
- C:\Windows\System\xtPKfsD.exe
  C:\Windows\System\xtPKfsD.exe
  2⤵
  PID:4672
- C:\Windows\System\YjIePVp.exe
  C:\Windows\System\YjIePVp.exe
  2⤵
  PID:4696
- C:\Windows\System\pVUfilr.exe
  C:\Windows\System\pVUfilr.exe
  2⤵
  PID:4716
- C:\Windows\System\bRxazvR.exe
  C:\Windows\System\bRxazvR.exe
  2⤵
  PID:4736
- C:\Windows\System\gDEmXaY.exe
  C:\Windows\System\gDEmXaY.exe
  2⤵
  PID:4756
- C:\Windows\System\dhmvtGu.exe
  C:\Windows\System\dhmvtGu.exe
  2⤵
  PID:4776
- C:\Windows\System\lLWhATv.exe
  C:\Windows\System\lLWhATv.exe
  2⤵
  PID:4792
- C:\Windows\System\PcVgPQg.exe
  C:\Windows\System\PcVgPQg.exe
  2⤵
  PID:4816
- C:\Windows\System\OMHrsEz.exe
  C:\Windows\System\OMHrsEz.exe
  2⤵
  PID:4836
- C:\Windows\System\UxoQoJw.exe
  C:\Windows\System\UxoQoJw.exe
  2⤵
  PID:4856
- C:\Windows\System\ZQTwaGn.exe
  C:\Windows\System\ZQTwaGn.exe
  2⤵
  PID:4876
- C:\Windows\System\hBLmSSm.exe
  C:\Windows\System\hBLmSSm.exe
  2⤵
  PID:4896
- C:\Windows\System\auXaMoz.exe
  C:\Windows\System\auXaMoz.exe
  2⤵
  PID:4916
- C:\Windows\System\FueEdUC.exe
  C:\Windows\System\FueEdUC.exe
  2⤵
  PID:4936
- C:\Windows\System\QkBRhzU.exe
  C:\Windows\System\QkBRhzU.exe
  2⤵
  PID:4952
- C:\Windows\System\qkcXMrK.exe
  C:\Windows\System\qkcXMrK.exe
  2⤵
  PID:4972
- C:\Windows\System\zghLREy.exe
  C:\Windows\System\zghLREy.exe
  2⤵
  PID:4992
- C:\Windows\System\ngORtUr.exe
  C:\Windows\System\ngORtUr.exe
  2⤵
  PID:5012
- C:\Windows\System\EprmHZn.exe
  C:\Windows\System\EprmHZn.exe
  2⤵
  PID:5032
- C:\Windows\System\OoqbeuQ.exe
  C:\Windows\System\OoqbeuQ.exe
  2⤵
  PID:5056
- C:\Windows\System\ckAvreK.exe
  C:\Windows\System\ckAvreK.exe
  2⤵
  PID:5076
- C:\Windows\System\PwrpjAQ.exe
  C:\Windows\System\PwrpjAQ.exe
  2⤵
  PID:5096
- C:\Windows\System\VKuvgCZ.exe
  C:\Windows\System\VKuvgCZ.exe
  2⤵
  PID:2736
- C:\Windows\System\aypDiGL.exe
  C:\Windows\System\aypDiGL.exe
  2⤵
  PID:3776
- C:\Windows\System\EkDHYrL.exe
  C:\Windows\System\EkDHYrL.exe
  2⤵
  PID:4076
- C:\Windows\System\EuoMyBZ.exe
  C:\Windows\System\EuoMyBZ.exe
  2⤵
  PID:3536
- C:\Windows\System\jBJfhaM.exe
  C:\Windows\System\jBJfhaM.exe
  2⤵
  PID:3632
- C:\Windows\System\AXDWzcH.exe
  C:\Windows\System\AXDWzcH.exe
  2⤵
  PID:3892
- C:\Windows\System\OsrzYDs.exe
  C:\Windows\System\OsrzYDs.exe
  2⤵
  PID:3328
- C:\Windows\System\ESNZhDB.exe
  C:\Windows\System\ESNZhDB.exe
  2⤵
  PID:4124
- C:\Windows\System\eRqoIVz.exe
  C:\Windows\System\eRqoIVz.exe
  2⤵
  PID:4168
- C:\Windows\System\eYlZiYo.exe
  C:\Windows\System\eYlZiYo.exe
  2⤵
  PID:2972
- C:\Windows\System\uFUQPUd.exe
  C:\Windows\System\uFUQPUd.exe
  2⤵
  PID:4204
- C:\Windows\System\dLGUBZg.exe
  C:\Windows\System\dLGUBZg.exe
  2⤵
  PID:4240
- C:\Windows\System\BfnrGqW.exe
  C:\Windows\System\BfnrGqW.exe
  2⤵
  PID:4280
- C:\Windows\System\RkvVuog.exe
  C:\Windows\System\RkvVuog.exe
  2⤵
  PID:4328
- C:\Windows\System\lDwBWIv.exe
  C:\Windows\System\lDwBWIv.exe
  2⤵
  PID:2748
- C:\Windows\System\tEGaRlJ.exe
  C:\Windows\System\tEGaRlJ.exe
  2⤵
  PID:4364
- C:\Windows\System\aBrzfZm.exe
  C:\Windows\System\aBrzfZm.exe
  2⤵
  PID:4408
- C:\Windows\System\FRUaCwG.exe
  C:\Windows\System\FRUaCwG.exe
  2⤵
  PID:4380
- C:\Windows\System\Ielwrqu.exe
  C:\Windows\System\Ielwrqu.exe
  2⤵
  PID:4448
- C:\Windows\System\HwPkwye.exe
  C:\Windows\System\HwPkwye.exe
  2⤵
  PID:4432
- C:\Windows\System\WDKHeUF.exe
  C:\Windows\System\WDKHeUF.exe
  2⤵
  PID:4528
- C:\Windows\System\eWMdolz.exe
  C:\Windows\System\eWMdolz.exe
  2⤵
  PID:4524
- C:\Windows\System\ieMaGvh.exe
  C:\Windows\System\ieMaGvh.exe
  2⤵
  PID:4568
- C:\Windows\System\vNYuZoK.exe
  C:\Windows\System\vNYuZoK.exe
  2⤵
  PID:4544
- C:\Windows\System\FaBjcTw.exe
  C:\Windows\System\FaBjcTw.exe
  2⤵
  PID:4640
- C:\Windows\System\VCkGNKI.exe
  C:\Windows\System\VCkGNKI.exe
  2⤵
  PID:4624
- C:\Windows\System\IQSRedk.exe
  C:\Windows\System\IQSRedk.exe
  2⤵
  PID:4664
- C:\Windows\System\cWtijiv.exe
  C:\Windows\System\cWtijiv.exe
  2⤵
  PID:4708
- C:\Windows\System\gtnYYFy.exe
  C:\Windows\System\gtnYYFy.exe
  2⤵
  PID:4772
- C:\Windows\System\yrfiZvd.exe
  C:\Windows\System\yrfiZvd.exe
  2⤵
  PID:4748
- C:\Windows\System\uFHrpoP.exe
  C:\Windows\System\uFHrpoP.exe
  2⤵
  PID:4788
- C:\Windows\System\tdxNSph.exe
  C:\Windows\System\tdxNSph.exe
  2⤵
  PID:4888
- C:\Windows\System\TMaCURy.exe
  C:\Windows\System\TMaCURy.exe
  2⤵
  PID:4828
- C:\Windows\System\jzhjqGC.exe
  C:\Windows\System\jzhjqGC.exe
  2⤵
  PID:4872
- C:\Windows\System\tceFgst.exe
  C:\Windows\System\tceFgst.exe
  2⤵
  PID:4908
- C:\Windows\System\xkvxVhq.exe
  C:\Windows\System\xkvxVhq.exe
  2⤵
  PID:5004
- C:\Windows\System\wkzsqoE.exe
  C:\Windows\System\wkzsqoE.exe
  2⤵
  PID:4980
- C:\Windows\System\dLsxKcI.exe
  C:\Windows\System\dLsxKcI.exe
  2⤵
  PID:5084
- C:\Windows\System\RToMSKh.exe
  C:\Windows\System\RToMSKh.exe
  2⤵
  PID:5072
- C:\Windows\System\AtdzlYE.exe
  C:\Windows\System\AtdzlYE.exe
  2⤵
  PID:4000
- C:\Windows\System\hqSGWlP.exe
  C:\Windows\System\hqSGWlP.exe
  2⤵
  PID:3928
- C:\Windows\System\gfeLXJt.exe
  C:\Windows\System\gfeLXJt.exe
  2⤵
  PID:2588
- C:\Windows\System\ejoxocs.exe
  C:\Windows\System\ejoxocs.exe
  2⤵
  PID:568
- C:\Windows\System\fUMWxuh.exe
  C:\Windows\System\fUMWxuh.exe
  2⤵
  PID:3260
- C:\Windows\System\LrlYCli.exe
  C:\Windows\System\LrlYCli.exe
  2⤵
  PID:4120
- C:\Windows\System\yLdbYiu.exe
  C:\Windows\System\yLdbYiu.exe
  2⤵
  PID:2756
- C:\Windows\System\fLdxSNq.exe
  C:\Windows\System\fLdxSNq.exe
  2⤵
  PID:4248
- C:\Windows\System\NDgEwBg.exe
  C:\Windows\System\NDgEwBg.exe
  2⤵
  PID:2548
- C:\Windows\System\bAnlnJn.exe
  C:\Windows\System\bAnlnJn.exe
  2⤵
  PID:4300
- C:\Windows\System\XsBXVvE.exe
  C:\Windows\System\XsBXVvE.exe
  2⤵
  PID:4224
- C:\Windows\System\nxGmiMO.exe
  C:\Windows\System\nxGmiMO.exe
  2⤵
  PID:4340
- C:\Windows\System\PhPHAZL.exe
  C:\Windows\System\PhPHAZL.exe
  2⤵
  PID:4424
- C:\Windows\System\HOcbQGt.exe
  C:\Windows\System\HOcbQGt.exe
  2⤵
  PID:1256
- C:\Windows\System\GVczOMq.exe
  C:\Windows\System\GVczOMq.exe
  2⤵
  PID:4612
- C:\Windows\System\uAJwwSt.exe
  C:\Windows\System\uAJwwSt.exe
  2⤵
  PID:4500
- C:\Windows\System\DDMRCSM.exe
  C:\Windows\System\DDMRCSM.exe
  2⤵
  PID:4560
- C:\Windows\System\nuKqlCg.exe
  C:\Windows\System\nuKqlCg.exe
  2⤵
  PID:4588
- C:\Windows\System\UVBzNHz.exe
  C:\Windows\System\UVBzNHz.exe
  2⤵
  PID:4800
- C:\Windows\System\zIIbWvh.exe
  C:\Windows\System\zIIbWvh.exe
  2⤵
  PID:4728
- C:\Windows\System\zLWuyje.exe
  C:\Windows\System\zLWuyje.exe
  2⤵
  PID:4784
- C:\Windows\System\slfpwpH.exe
  C:\Windows\System\slfpwpH.exe
  2⤵
  PID:4868
- C:\Windows\System\wEGyZgP.exe
  C:\Windows\System\wEGyZgP.exe
  2⤵
  PID:4988
- C:\Windows\System\jmuMIMn.exe
  C:\Windows\System\jmuMIMn.exe
  2⤵
  PID:4824
- C:\Windows\System\RErDKhH.exe
  C:\Windows\System\RErDKhH.exe
  2⤵
  PID:5104
- C:\Windows\System\XlXtVfY.exe
  C:\Windows\System\XlXtVfY.exe
  2⤵
  PID:5108
- C:\Windows\System\jMIyKCK.exe
  C:\Windows\System\jMIyKCK.exe
  2⤵
  PID:5068
- C:\Windows\System\PfsfqNG.exe
  C:\Windows\System\PfsfqNG.exe
  2⤵
  PID:2432
- C:\Windows\System\pyNNlmt.exe
  C:\Windows\System\pyNNlmt.exe
  2⤵
  PID:4100
- C:\Windows\System\dnapirc.exe
  C:\Windows\System\dnapirc.exe
  2⤵
  PID:4160
- C:\Windows\System\vdWlIAM.exe
  C:\Windows\System\vdWlIAM.exe
  2⤵
  PID:4180
- C:\Windows\System\SDMZCvc.exe
  C:\Windows\System\SDMZCvc.exe
  2⤵
  PID:4220
- C:\Windows\System\VBGFXZB.exe
  C:\Windows\System\VBGFXZB.exe
  2⤵
  PID:4488
- C:\Windows\System\GONQBZw.exe
  C:\Windows\System\GONQBZw.exe
  2⤵
  PID:4268
- C:\Windows\System\XCNAEFf.exe
  C:\Windows\System\XCNAEFf.exe
  2⤵
  PID:4608
- C:\Windows\System\RdLvWgO.exe
  C:\Windows\System\RdLvWgO.exe
  2⤵
  PID:4404
- C:\Windows\System\EytYnRY.exe
  C:\Windows\System\EytYnRY.exe
  2⤵
  PID:4804
- C:\Windows\System\qoqWHnW.exe
  C:\Windows\System\qoqWHnW.exe
  2⤵
  PID:4968
- C:\Windows\System\gBQRQTf.exe
  C:\Windows\System\gBQRQTf.exe
  2⤵
  PID:4724
- C:\Windows\System\bOQtVjW.exe
  C:\Windows\System\bOQtVjW.exe
  2⤵
  PID:2616
- C:\Windows\System\rcGfGTg.exe
  C:\Windows\System\rcGfGTg.exe
  2⤵
  PID:4812
- C:\Windows\System\LQuRZjj.exe
  C:\Windows\System\LQuRZjj.exe
  2⤵
  PID:4144
- C:\Windows\System\HWOlDcC.exe
  C:\Windows\System\HWOlDcC.exe
  2⤵
  PID:2692
- C:\Windows\System\hfJqxLj.exe
  C:\Windows\System\hfJqxLj.exe
  2⤵
  PID:2808
- C:\Windows\System\kBJXakY.exe
  C:\Windows\System\kBJXakY.exe
  2⤵
  PID:860
- C:\Windows\System\DXVSEoG.exe
  C:\Windows\System\DXVSEoG.exe
  2⤵
  PID:1796
- C:\Windows\System\prbfDai.exe
  C:\Windows\System\prbfDai.exe
  2⤵
  PID:320
- C:\Windows\System\LNDPMPJ.exe
  C:\Windows\System\LNDPMPJ.exe
  2⤵
  PID:4600
- C:\Windows\System\hOimYzu.exe
  C:\Windows\System\hOimYzu.exe
  2⤵
  PID:4684
- C:\Windows\System\hkgfyZb.exe
  C:\Windows\System\hkgfyZb.exe
  2⤵
  PID:4704
- C:\Windows\System\OWxoayV.exe
  C:\Windows\System\OWxoayV.exe
  2⤵
  PID:4832
- C:\Windows\System\aNwdKPK.exe
  C:\Windows\System\aNwdKPK.exe
  2⤵
  PID:3552
- C:\Windows\System\LfREVYe.exe
  C:\Windows\System\LfREVYe.exe
  2⤵
  PID:4320
- C:\Windows\System\EaAmTBI.exe
  C:\Windows\System\EaAmTBI.exe
  2⤵
  PID:4580
- C:\Windows\System\JnPUdel.exe
  C:\Windows\System\JnPUdel.exe
  2⤵
  PID:5128
- C:\Windows\System\hiQWiKB.exe
  C:\Windows\System\hiQWiKB.exe
  2⤵
  PID:5144
- C:\Windows\System\VTIjoFs.exe
  C:\Windows\System\VTIjoFs.exe
  2⤵
  PID:5172
- C:\Windows\System\hSnWSye.exe
  C:\Windows\System\hSnWSye.exe
  2⤵
  PID:5192
- C:\Windows\System\dZOaksM.exe
  C:\Windows\System\dZOaksM.exe
  2⤵
  PID:5212
- C:\Windows\System\kmLbSmq.exe
  C:\Windows\System\kmLbSmq.exe
  2⤵
  PID:5232
- C:\Windows\System\nNCWmjZ.exe
  C:\Windows\System\nNCWmjZ.exe
  2⤵
  PID:5252
- C:\Windows\System\gMmOass.exe
  C:\Windows\System\gMmOass.exe
  2⤵
  PID:5272
- C:\Windows\System\mXVEqyM.exe
  C:\Windows\System\mXVEqyM.exe
  2⤵
  PID:5292
- C:\Windows\System\lPbSyMc.exe
  C:\Windows\System\lPbSyMc.exe
  2⤵
  PID:5308
- C:\Windows\System\dVvZlqZ.exe
  C:\Windows\System\dVvZlqZ.exe
  2⤵
  PID:5328
- C:\Windows\System\mEfZNam.exe
  C:\Windows\System\mEfZNam.exe
  2⤵
  PID:5352
- C:\Windows\System\HICsZdQ.exe
  C:\Windows\System\HICsZdQ.exe
  2⤵
  PID:5372
- C:\Windows\System\PVCQWTN.exe
  C:\Windows\System\PVCQWTN.exe
  2⤵
  PID:5388
- C:\Windows\System\ANiYbpa.exe
  C:\Windows\System\ANiYbpa.exe
  2⤵
  PID:5412
- C:\Windows\System\MYwGJnY.exe
  C:\Windows\System\MYwGJnY.exe
  2⤵
  PID:5432
- C:\Windows\System\eErdPuW.exe
  C:\Windows\System\eErdPuW.exe
  2⤵
  PID:5452
- C:\Windows\System\cQVHoIy.exe
  C:\Windows\System\cQVHoIy.exe
  2⤵
  PID:5468
- C:\Windows\System\qpnNgKS.exe
  C:\Windows\System\qpnNgKS.exe
  2⤵
  PID:5492
- C:\Windows\System\yyaYlbd.exe
  C:\Windows\System\yyaYlbd.exe
  2⤵
  PID:5512
- C:\Windows\System\qKDdYde.exe
  C:\Windows\System\qKDdYde.exe
  2⤵
  PID:5532
- C:\Windows\System\pibqKdw.exe
  C:\Windows\System\pibqKdw.exe
  2⤵
  PID:5552
- C:\Windows\System\ZLyQzVk.exe
  C:\Windows\System\ZLyQzVk.exe
  2⤵
  PID:5572
- C:\Windows\System\CQyDqNR.exe
  C:\Windows\System\CQyDqNR.exe
  2⤵
  PID:5588
- C:\Windows\System\vZFBdzZ.exe
  C:\Windows\System\vZFBdzZ.exe
  2⤵
  PID:5612
- C:\Windows\System\ksFjMLI.exe
  C:\Windows\System\ksFjMLI.exe
  2⤵
  PID:5632
- C:\Windows\System\NXXneSV.exe
  C:\Windows\System\NXXneSV.exe
  2⤵
  PID:5652
- C:\Windows\System\gFzqiWu.exe
  C:\Windows\System\gFzqiWu.exe
  2⤵
  PID:5672
- C:\Windows\System\Aclteyu.exe
  C:\Windows\System\Aclteyu.exe
  2⤵
  PID:5692
- C:\Windows\System\CYNnxcG.exe
  C:\Windows\System\CYNnxcG.exe
  2⤵
  PID:5708
- C:\Windows\System\hfeyTSH.exe
  C:\Windows\System\hfeyTSH.exe
  2⤵
  PID:5728
- C:\Windows\System\VKxZZOH.exe
  C:\Windows\System\VKxZZOH.exe
  2⤵
  PID:5748
- C:\Windows\System\PEjaKzF.exe
  C:\Windows\System\PEjaKzF.exe
  2⤵
  PID:5768
- C:\Windows\System\lqqwSOW.exe
  C:\Windows\System\lqqwSOW.exe
  2⤵
  PID:5788
- C:\Windows\System\vgUWfNy.exe
  C:\Windows\System\vgUWfNy.exe
  2⤵
  PID:5808
- C:\Windows\System\DSgZqEh.exe
  C:\Windows\System\DSgZqEh.exe
  2⤵
  PID:5828
- C:\Windows\System\lvnlLfT.exe
  C:\Windows\System\lvnlLfT.exe
  2⤵
  PID:5848
- C:\Windows\System\ZdeXZEI.exe
  C:\Windows\System\ZdeXZEI.exe
  2⤵
  PID:5872
- C:\Windows\System\MXqellC.exe
  C:\Windows\System\MXqellC.exe
  2⤵
  PID:5892
- C:\Windows\System\ABoTiKr.exe
  C:\Windows\System\ABoTiKr.exe
  2⤵
  PID:5908
- C:\Windows\System\aqWwrOM.exe
  C:\Windows\System\aqWwrOM.exe
  2⤵
  PID:5928
- C:\Windows\System\PMhCoad.exe
  C:\Windows\System\PMhCoad.exe
  2⤵
  PID:5948
- C:\Windows\System\qhQYJQo.exe
  C:\Windows\System\qhQYJQo.exe
  2⤵
  PID:5964
- C:\Windows\System\AlzaCAy.exe
  C:\Windows\System\AlzaCAy.exe
  2⤵
  PID:5984
- C:\Windows\System\NJICipa.exe
  C:\Windows\System\NJICipa.exe
  2⤵
  PID:6000
- C:\Windows\System\wsIOEFO.exe
  C:\Windows\System\wsIOEFO.exe
  2⤵
  PID:6016
- C:\Windows\System\BjrIZYG.exe
  C:\Windows\System\BjrIZYG.exe
  2⤵
  PID:6032
- C:\Windows\System\XyZmLBi.exe
  C:\Windows\System\XyZmLBi.exe
  2⤵
  PID:6048
- C:\Windows\System\DeCdpcE.exe
  C:\Windows\System\DeCdpcE.exe
  2⤵
  PID:6068
- C:\Windows\System\PKgsrRC.exe
  C:\Windows\System\PKgsrRC.exe
  2⤵
  PID:6084
- C:\Windows\System\hHgUCaV.exe
  C:\Windows\System\hHgUCaV.exe
  2⤵
  PID:6104
- C:\Windows\System\OqyJINZ.exe
  C:\Windows\System\OqyJINZ.exe
  2⤵
  PID:6120
- C:\Windows\System\uNOuYwG.exe
  C:\Windows\System\uNOuYwG.exe
  2⤵
  PID:6140
- C:\Windows\System\PkCwqKf.exe
  C:\Windows\System\PkCwqKf.exe
  2⤵
  PID:4712
- C:\Windows\System\iYRYPen.exe
  C:\Windows\System\iYRYPen.exe
  2⤵
  PID:2560
- C:\Windows\System\AvySIRK.exe
  C:\Windows\System\AvySIRK.exe
  2⤵
  PID:4236
- C:\Windows\System\sxrdYcB.exe
  C:\Windows\System\sxrdYcB.exe
  2⤵
  PID:1968
- C:\Windows\System\WVhOaeL.exe
  C:\Windows\System\WVhOaeL.exe
  2⤵
  PID:5140
- C:\Windows\System\XGRekkY.exe
  C:\Windows\System\XGRekkY.exe
  2⤵
  PID:5184
- C:\Windows\System\PxeShqU.exe
  C:\Windows\System\PxeShqU.exe
  2⤵
  PID:5248
- C:\Windows\System\ZjwTrtc.exe
  C:\Windows\System\ZjwTrtc.exe
  2⤵
  PID:5224
- C:\Windows\System\jvXpUOv.exe
  C:\Windows\System\jvXpUOv.exe
  2⤵
  PID:2140
- C:\Windows\System\IGcVyzL.exe
  C:\Windows\System\IGcVyzL.exe
  2⤵
  PID:5324
- C:\Windows\System\pGrIgvV.exe
  C:\Windows\System\pGrIgvV.exe
  2⤵
  PID:5300
- C:\Windows\System\DnpKzbV.exe
  C:\Windows\System\DnpKzbV.exe
  2⤵
  PID:5348
- C:\Windows\System\awEOrME.exe
  C:\Windows\System\awEOrME.exe
  2⤵
  PID:2784
- C:\Windows\System\ZgIygja.exe
  C:\Windows\System\ZgIygja.exe
  2⤵
  PID:5440
- C:\Windows\System\cOSAjyn.exe
  C:\Windows\System\cOSAjyn.exe
  2⤵
  PID:5428
- C:\Windows\System\MdmQXyK.exe
  C:\Windows\System\MdmQXyK.exe
  2⤵
  PID:5488
- C:\Windows\System\ubNRjeC.exe
  C:\Windows\System\ubNRjeC.exe
  2⤵
  PID:5500
- C:\Windows\System\LrEZQxY.exe
  C:\Windows\System\LrEZQxY.exe
  2⤵
  PID:5504
- C:\Windows\System\xPrtZpG.exe
  C:\Windows\System\xPrtZpG.exe
  2⤵
  PID:5548
- C:\Windows\System\fyYscjf.exe
  C:\Windows\System\fyYscjf.exe
  2⤵
  PID:5608
- C:\Windows\System\UxtVCJc.exe
  C:\Windows\System\UxtVCJc.exe
  2⤵
  PID:5716
- C:\Windows\System\OUmrrOx.exe
  C:\Windows\System\OUmrrOx.exe
  2⤵
  PID:5668
- C:\Windows\System\hIDrLHK.exe
  C:\Windows\System\hIDrLHK.exe
  2⤵
  PID:5700
- C:\Windows\System\gCggzlU.exe
  C:\Windows\System\gCggzlU.exe
  2⤵
  PID:5744
- C:\Windows\System\gjZXTjh.exe
  C:\Windows\System\gjZXTjh.exe
  2⤵
  PID:5776
- C:\Windows\System\ERwVaBc.exe
  C:\Windows\System\ERwVaBc.exe
  2⤵
  PID:5844
- C:\Windows\System\hdQwJyY.exe
  C:\Windows\System\hdQwJyY.exe
  2⤵
  PID:5816
- C:\Windows\System\NIqjpwd.exe
  C:\Windows\System\NIqjpwd.exe
  2⤵
  PID:5884
- C:\Windows\System\orsgGOa.exe
  C:\Windows\System\orsgGOa.exe
  2⤵
  PID:1684
- C:\Windows\System\mjHHfoM.exe
  C:\Windows\System\mjHHfoM.exe
  2⤵
  PID:1696
- C:\Windows\System\krFOwxr.exe
  C:\Windows\System\krFOwxr.exe
  2⤵
  PID:2116
- C:\Windows\System\nelRfbd.exe
  C:\Windows\System\nelRfbd.exe
  2⤵
  PID:1996
- C:\Windows\System\ODcbMFG.exe
  C:\Windows\System\ODcbMFG.exe
  2⤵
  PID:2408
- C:\Windows\System\IPkBzxh.exe
  C:\Windows\System\IPkBzxh.exe
  2⤵
  PID:448
- C:\Windows\System\gllbRZB.exe
  C:\Windows\System\gllbRZB.exe
  2⤵
  PID:1700
- C:\Windows\System\scAQeEr.exe
  C:\Windows\System\scAQeEr.exe
  2⤵
  PID:3068
- C:\Windows\System\QNpycAJ.exe
  C:\Windows\System\QNpycAJ.exe
  2⤵
  PID:2992
- C:\Windows\System\LPPRrrt.exe
  C:\Windows\System\LPPRrrt.exe
  2⤵
  PID:5916
- C:\Windows\System\GHrMfZZ.exe
  C:\Windows\System\GHrMfZZ.exe
  2⤵
  PID:5924
- C:\Windows\System\iAUCjNp.exe
  C:\Windows\System\iAUCjNp.exe
  2⤵
  PID:2624
- C:\Windows\System\NHSseWf.exe
  C:\Windows\System\NHSseWf.exe
  2⤵
  PID:5956
- C:\Windows\System\tFMQBoY.exe
  C:\Windows\System\tFMQBoY.exe
  2⤵
  PID:6060
- C:\Windows\System\VCsSfFB.exe
  C:\Windows\System\VCsSfFB.exe
  2⤵
  PID:6096
- C:\Windows\System\JkZLhIV.exe
  C:\Windows\System\JkZLhIV.exe
  2⤵
  PID:5972
- C:\Windows\System\CvauLHx.exe
  C:\Windows\System\CvauLHx.exe
  2⤵
  PID:6044
- C:\Windows\System\qvfdOJA.exe
  C:\Windows\System\qvfdOJA.exe
  2⤵
  PID:6080
- C:\Windows\System\mNrZEBi.exe
  C:\Windows\System\mNrZEBi.exe
  2⤵
  PID:4284
- C:\Windows\System\WsBSoKs.exe
  C:\Windows\System\WsBSoKs.exe
  2⤵
  PID:6112
- C:\Windows\System\oGhDblC.exe
  C:\Windows\System\oGhDblC.exe
  2⤵
  PID:5116
- C:\Windows\System\FCShAhH.exe
  C:\Windows\System\FCShAhH.exe
  2⤵
  PID:4688
- C:\Windows\System\bDwrgCB.exe
  C:\Windows\System\bDwrgCB.exe
  2⤵
  PID:5180
- C:\Windows\System\pDDEgtD.exe
  C:\Windows\System\pDDEgtD.exe
  2⤵
  PID:2392
- C:\Windows\System\XboBaRc.exe
  C:\Windows\System\XboBaRc.exe
  2⤵
  PID:5364
- C:\Windows\System\DAzRwpe.exe
  C:\Windows\System\DAzRwpe.exe
  2⤵
  PID:5476
- C:\Windows\System\xidTSzd.exe
  C:\Windows\System\xidTSzd.exe
  2⤵
  PID:5604
- C:\Windows\System\iKmvAVT.exe
  C:\Windows\System\iKmvAVT.exe
  2⤵
  PID:5640
- C:\Windows\System\bwqeLoe.exe
  C:\Windows\System\bwqeLoe.exe
  2⤵
  PID:5284
- C:\Windows\System\ndZGwvo.exe
  C:\Windows\System\ndZGwvo.exe
  2⤵
  PID:5408
- C:\Windows\System\JvhLVmE.exe
  C:\Windows\System\JvhLVmE.exe
  2⤵
  PID:5624
- C:\Windows\System\fqlxQLh.exe
  C:\Windows\System\fqlxQLh.exe
  2⤵
  PID:5684
- C:\Windows\System\GXKGZLe.exe
  C:\Windows\System\GXKGZLe.exe
  2⤵
  PID:5736
- C:\Windows\System\MvzGoUK.exe
  C:\Windows\System\MvzGoUK.exe
  2⤵
  PID:5760
- C:\Windows\System\KdsAWrE.exe
  C:\Windows\System\KdsAWrE.exe
  2⤵
  PID:5800
- C:\Windows\System\pByeBAA.exe
  C:\Windows\System\pByeBAA.exe
  2⤵
  PID:5856
- C:\Windows\System\wgtbCuK.exe
  C:\Windows\System\wgtbCuK.exe
  2⤵
  PID:1736
- C:\Windows\System\jERrJvn.exe
  C:\Windows\System\jERrJvn.exe
  2⤵
  PID:3232
- C:\Windows\System\oKTeDod.exe
  C:\Windows\System\oKTeDod.exe
  2⤵
  PID:3300
- C:\Windows\System\HaQwUjb.exe
  C:\Windows\System\HaQwUjb.exe
  2⤵
  PID:2284
- C:\Windows\System\DMmsYJm.exe
  C:\Windows\System\DMmsYJm.exe
  2⤵
  PID:2804
- C:\Windows\System\NOSKDyS.exe
  C:\Windows\System\NOSKDyS.exe
  2⤵
  PID:3056
- C:\Windows\System\HvgoQOZ.exe
  C:\Windows\System\HvgoQOZ.exe
  2⤵
  PID:1800
- C:\Windows\System\SnXeUEU.exe
  C:\Windows\System\SnXeUEU.exe
  2⤵
  PID:5920
- C:\Windows\System\gQnioTn.exe
  C:\Windows\System\gQnioTn.exe
  2⤵
  PID:6028
- C:\Windows\System\zneFrNB.exe
  C:\Windows\System\zneFrNB.exe
  2⤵
  PID:5088
- C:\Windows\System\NyeDYbJ.exe
  C:\Windows\System\NyeDYbJ.exe
  2⤵
  PID:4520
- C:\Windows\System\JeLxwBv.exe
  C:\Windows\System\JeLxwBv.exe
  2⤵
  PID:6008
- C:\Windows\System\JAAKlJs.exe
  C:\Windows\System\JAAKlJs.exe
  2⤵
  PID:4904
- C:\Windows\System\eJdFSzr.exe
  C:\Windows\System\eJdFSzr.exe
  2⤵
  PID:5264
- C:\Windows\System\RrhcZrm.exe
  C:\Windows\System\RrhcZrm.exe
  2⤵
  PID:5360
- C:\Windows\System\SzOImwy.exe
  C:\Windows\System\SzOImwy.exe
  2⤵
  PID:5220
- C:\Windows\System\JdNkVMY.exe
  C:\Windows\System\JdNkVMY.exe
  2⤵
  PID:5596
- C:\Windows\System\OiOsiGo.exe
  C:\Windows\System\OiOsiGo.exe
  2⤵
  PID:2120
- C:\Windows\System\iPFECYk.exe
  C:\Windows\System\iPFECYk.exe
  2⤵
  PID:5756
- C:\Windows\System\kVngYlS.exe
  C:\Windows\System\kVngYlS.exe
  2⤵
  PID:5660
- C:\Windows\System\QJqEnON.exe
  C:\Windows\System\QJqEnON.exe
  2⤵
  PID:584
- C:\Windows\System\zDRqLMJ.exe
  C:\Windows\System\zDRqLMJ.exe
  2⤵
  PID:5336
- C:\Windows\System\XRSfygI.exe
  C:\Windows\System\XRSfygI.exe
  2⤵
  PID:2908
- C:\Windows\System\YdhqVdK.exe
  C:\Windows\System\YdhqVdK.exe
  2⤵
  PID:1544
- C:\Windows\System\GIOcZQg.exe
  C:\Windows\System\GIOcZQg.exe
  2⤵
  PID:2040
- C:\Windows\System\impMUMn.exe
  C:\Windows\System\impMUMn.exe
  2⤵
  PID:2840
- C:\Windows\System\zONPMfl.exe
  C:\Windows\System\zONPMfl.exe
  2⤵
  PID:4752
- C:\Windows\System\MIpqBPX.exe
  C:\Windows\System\MIpqBPX.exe
  2⤵
  PID:6056
- C:\Windows\System\yPGjBEf.exe
  C:\Windows\System\yPGjBEf.exe
  2⤵
  PID:5484
- C:\Windows\System\OssGIEI.exe
  C:\Windows\System\OssGIEI.exe
  2⤵
  PID:5644
- C:\Windows\System\Ihayvav.exe
  C:\Windows\System\Ihayvav.exe
  2⤵
  PID:5524
- C:\Windows\System\uzfoSsp.exe
  C:\Windows\System\uzfoSsp.exe
  2⤵
  PID:5508
- C:\Windows\System\kzLkcqL.exe
  C:\Windows\System\kzLkcqL.exe
  2⤵
  PID:5824
- C:\Windows\System\SMqAGIk.exe
  C:\Windows\System\SMqAGIk.exe
  2⤵
  PID:576
- C:\Windows\System\rWVEmuz.exe
  C:\Windows\System\rWVEmuz.exe
  2⤵
  PID:5936
- C:\Windows\System\NjszAms.exe
  C:\Windows\System\NjszAms.exe
  2⤵
  PID:2604
- C:\Windows\System\eoMjklW.exe
  C:\Windows\System\eoMjklW.exe
  2⤵
  PID:2880
- C:\Windows\System\pbMoTvk.exe
  C:\Windows\System\pbMoTvk.exe
  2⤵
  PID:704
- C:\Windows\System\vFKVEXl.exe
  C:\Windows\System\vFKVEXl.exe
  2⤵
  PID:6040
- C:\Windows\System\GmWqMEF.exe
  C:\Windows\System\GmWqMEF.exe
  2⤵
  PID:4852
- C:\Windows\System\tqtxJqP.exe
  C:\Windows\System\tqtxJqP.exe
  2⤵
  PID:5168
- C:\Windows\System\PVSVmef.exe
  C:\Windows\System\PVSVmef.exe
  2⤵
  PID:624
- C:\Windows\System\eWofnBX.exe
  C:\Windows\System\eWofnBX.exe
  2⤵
  PID:6024
- C:\Windows\System\XDUQmDR.exe
  C:\Windows\System\XDUQmDR.exe
  2⤵
  PID:5888
- C:\Windows\System\wmpCVsa.exe
  C:\Windows\System\wmpCVsa.exe
  2⤵
  PID:5560
- C:\Windows\System\gyuAvsh.exe
  C:\Windows\System\gyuAvsh.exe
  2⤵
  PID:4264
- C:\Windows\System\eNerOhd.exe
  C:\Windows\System\eNerOhd.exe
  2⤵
  PID:5628
- C:\Windows\System\wnmmhaq.exe
  C:\Windows\System\wnmmhaq.exe
  2⤵
  PID:5860
- C:\Windows\System\fPVNLHC.exe
  C:\Windows\System\fPVNLHC.exe
  2⤵
  PID:6148
- C:\Windows\System\dHtuoYu.exe
  C:\Windows\System\dHtuoYu.exe
  2⤵
  PID:6164
- C:\Windows\System\WUcmcQn.exe
  C:\Windows\System\WUcmcQn.exe
  2⤵
  PID:6180
- C:\Windows\System\NMlkwWR.exe
  C:\Windows\System\NMlkwWR.exe
  2⤵
  PID:6196
- C:\Windows\System\RnXOscf.exe
  C:\Windows\System\RnXOscf.exe
  2⤵
  PID:6248
- C:\Windows\System\oeECJnr.exe
  C:\Windows\System\oeECJnr.exe
  2⤵
  PID:6264
- C:\Windows\System\jAiqTxx.exe
  C:\Windows\System\jAiqTxx.exe
  2⤵
  PID:6280
- C:\Windows\System\QcvHGFJ.exe
  C:\Windows\System\QcvHGFJ.exe
  2⤵
  PID:6304
- C:\Windows\System\bOtTdkw.exe
  C:\Windows\System\bOtTdkw.exe
  2⤵
  PID:6324
- C:\Windows\System\ExWrOmE.exe
  C:\Windows\System\ExWrOmE.exe
  2⤵
  PID:6340
- C:\Windows\System\bAasMUa.exe
  C:\Windows\System\bAasMUa.exe
  2⤵
  PID:6356
- C:\Windows\System\uyKqkvB.exe
  C:\Windows\System\uyKqkvB.exe
  2⤵
  PID:6376
- C:\Windows\System\raIWkRQ.exe
  C:\Windows\System\raIWkRQ.exe
  2⤵
  PID:6400
- C:\Windows\System\GejlrSZ.exe
  C:\Windows\System\GejlrSZ.exe
  2⤵
  PID:6416
- C:\Windows\System\pGlhlck.exe
  C:\Windows\System\pGlhlck.exe
  2⤵
  PID:6432
- C:\Windows\System\FDANKze.exe
  C:\Windows\System\FDANKze.exe
  2⤵
  PID:6468
- C:\Windows\System\GYUmLgc.exe
  C:\Windows\System\GYUmLgc.exe
  2⤵
  PID:6484
- C:\Windows\System\WermvUM.exe
  C:\Windows\System\WermvUM.exe
  2⤵
  PID:6512
- C:\Windows\System\ldKvnMH.exe
  C:\Windows\System\ldKvnMH.exe
  2⤵
  PID:6528
- C:\Windows\System\mvucSlH.exe
  C:\Windows\System\mvucSlH.exe
  2⤵
  PID:6544
- C:\Windows\System\iXGInkV.exe
  C:\Windows\System\iXGInkV.exe
  2⤵
  PID:6564
- C:\Windows\System\buIfwuH.exe
  C:\Windows\System\buIfwuH.exe
  2⤵
  PID:6584
- C:\Windows\System\IrMQXHn.exe
  C:\Windows\System\IrMQXHn.exe
  2⤵
  PID:6608
- C:\Windows\System\lbRveOd.exe
  C:\Windows\System\lbRveOd.exe
  2⤵
  PID:6624
- C:\Windows\System\WdYcGWG.exe
  C:\Windows\System\WdYcGWG.exe
  2⤵
  PID:6640
- C:\Windows\System\pxcLNXg.exe
  C:\Windows\System\pxcLNXg.exe
  2⤵
  PID:6660
- C:\Windows\System\aenWNEQ.exe
  C:\Windows\System\aenWNEQ.exe
  2⤵
  PID:6688
- C:\Windows\System\kxjgSgw.exe
  C:\Windows\System\kxjgSgw.exe
  2⤵
  PID:6712
- C:\Windows\System\OmmkOle.exe
  C:\Windows\System\OmmkOle.exe
  2⤵
  PID:6728
- C:\Windows\System\WCLBeYQ.exe
  C:\Windows\System\WCLBeYQ.exe
  2⤵
  PID:6748
- C:\Windows\System\pnTwTbl.exe
  C:\Windows\System\pnTwTbl.exe
  2⤵
  PID:6764
- C:\Windows\System\VbITFZH.exe
  C:\Windows\System\VbITFZH.exe
  2⤵
  PID:6780
- C:\Windows\System\wSKAejq.exe
  C:\Windows\System\wSKAejq.exe
  2⤵
  PID:6800
- C:\Windows\System\msGILrO.exe
  C:\Windows\System\msGILrO.exe
  2⤵
  PID:6832
- C:\Windows\System\yZQlZJl.exe
  C:\Windows\System\yZQlZJl.exe
  2⤵
  PID:6848
- C:\Windows\System\OAQEGwX.exe
  C:\Windows\System\OAQEGwX.exe
  2⤵
  PID:6868
- C:\Windows\System\HamNPyb.exe
  C:\Windows\System\HamNPyb.exe
  2⤵
  PID:6888
- C:\Windows\System\xyHNuTD.exe
  C:\Windows\System\xyHNuTD.exe
  2⤵
  PID:6904
- C:\Windows\System\uEUShQH.exe
  C:\Windows\System\uEUShQH.exe
  2⤵
  PID:6928
- C:\Windows\System\GDauYIM.exe
  C:\Windows\System\GDauYIM.exe
  2⤵
  PID:6944
- C:\Windows\System\HMzQGXe.exe
  C:\Windows\System\HMzQGXe.exe
  2⤵
  PID:6960
- C:\Windows\System\idmmrvc.exe
  C:\Windows\System\idmmrvc.exe
  2⤵
  PID:6992
- C:\Windows\System\YbzOFyI.exe
  C:\Windows\System\YbzOFyI.exe
  2⤵
  PID:7008
- C:\Windows\System\csauCAh.exe
  C:\Windows\System\csauCAh.exe
  2⤵
  PID:7024
- C:\Windows\System\NhPMjeu.exe
  C:\Windows\System\NhPMjeu.exe
  2⤵
  PID:7040
- C:\Windows\System\TUeZDeH.exe
  C:\Windows\System\TUeZDeH.exe
  2⤵
  PID:7060
- C:\Windows\System\mwLplfv.exe
  C:\Windows\System\mwLplfv.exe
  2⤵
  PID:7084
- C:\Windows\System\cpnqFZa.exe
  C:\Windows\System\cpnqFZa.exe
  2⤵
  PID:7100
- C:\Windows\System\yvfWOgK.exe
  C:\Windows\System\yvfWOgK.exe
  2⤵
  PID:7116
- C:\Windows\System\ymmBqjI.exe
  C:\Windows\System\ymmBqjI.exe
  2⤵
  PID:7140
- C:\Windows\System\SfTtBKl.exe
  C:\Windows\System\SfTtBKl.exe
  2⤵
  PID:7164
- C:\Windows\System\uBondOF.exe
  C:\Windows\System\uBondOF.exe
  2⤵
  PID:4660
- C:\Windows\System\vByngtg.exe
  C:\Windows\System\vByngtg.exe
  2⤵
  PID:6188
- C:\Windows\System\DyCctnX.exe
  C:\Windows\System\DyCctnX.exe
  2⤵
  PID:6160
- C:\Windows\System\qaAUBNa.exe
  C:\Windows\System\qaAUBNa.exe
  2⤵
  PID:6204
- C:\Windows\System\sSjMSuL.exe
  C:\Windows\System\sSjMSuL.exe
  2⤵
  PID:6232
- C:\Windows\System\gBhXOfS.exe
  C:\Windows\System\gBhXOfS.exe
  2⤵
  PID:6240
- C:\Windows\System\gOjgAwu.exe
  C:\Windows\System\gOjgAwu.exe
  2⤵
  PID:6288
- C:\Windows\System\KlSIdEQ.exe
  C:\Windows\System\KlSIdEQ.exe
  2⤵
  PID:6296
- C:\Windows\System\OFYVukA.exe
  C:\Windows\System\OFYVukA.exe
  2⤵
  PID:6336
- C:\Windows\System\InvqWhc.exe
  C:\Windows\System\InvqWhc.exe
  2⤵
  PID:6408
- C:\Windows\System\rFLtDop.exe
  C:\Windows\System\rFLtDop.exe
  2⤵
  PID:6444
- C:\Windows\System\tvvDkBN.exe
  C:\Windows\System\tvvDkBN.exe
  2⤵
  PID:6396
- C:\Windows\System\hPygSxK.exe
  C:\Windows\System\hPygSxK.exe
  2⤵
  PID:6448
- C:\Windows\System\VkiqMTe.exe
  C:\Windows\System\VkiqMTe.exe
  2⤵
  PID:6536
- C:\Windows\System\qJzeonX.exe
  C:\Windows\System\qJzeonX.exe
  2⤵
  PID:6580
- C:\Windows\System\swanSIs.exe
  C:\Windows\System\swanSIs.exe
  2⤵
  PID:6552
- C:\Windows\System\YBQJxQu.exe
  C:\Windows\System\YBQJxQu.exe
  2⤵
  PID:6648
- C:\Windows\System\UBUrTCE.exe
  C:\Windows\System\UBUrTCE.exe
  2⤵
  PID:6672
- C:\Windows\System\NJVUhDT.exe
  C:\Windows\System\NJVUhDT.exe
  2⤵
  PID:6684
- C:\Windows\System\cQNctXi.exe
  C:\Windows\System\cQNctXi.exe
  2⤵
  PID:6740
- C:\Windows\System\hVDtdcz.exe
  C:\Windows\System\hVDtdcz.exe
  2⤵
  PID:6720
- C:\Windows\System\XphMRGS.exe
  C:\Windows\System\XphMRGS.exe
  2⤵
  PID:6788
- C:\Windows\System\LqFuNNh.exe
  C:\Windows\System\LqFuNNh.exe
  2⤵
  PID:6816
- C:\Windows\System\IktyWXS.exe
  C:\Windows\System\IktyWXS.exe
  2⤵
  PID:6840
- C:\Windows\System\yazkndT.exe
  C:\Windows\System\yazkndT.exe
  2⤵
  PID:6876
- C:\Windows\System\KvdtvLX.exe
  C:\Windows\System\KvdtvLX.exe
  2⤵
  PID:6884
- C:\Windows\System\xEEJRXo.exe
  C:\Windows\System\xEEJRXo.exe
  2⤵
  PID:6924
- C:\Windows\System\SUBWYcJ.exe
  C:\Windows\System\SUBWYcJ.exe
  2⤵
  PID:6976
- C:\Windows\System\bWmWjiO.exe
  C:\Windows\System\bWmWjiO.exe
  2⤵
  PID:6988
- C:\Windows\System\cwsuaPl.exe
  C:\Windows\System\cwsuaPl.exe
  2⤵
  PID:7048
- C:\Windows\System\LtxGtdD.exe
  C:\Windows\System\LtxGtdD.exe
  2⤵
  PID:7096
- C:\Windows\System\OwKJNGp.exe
  C:\Windows\System\OwKJNGp.exe
  2⤵
  PID:7076
- C:\Windows\System\qvaUqPH.exe
  C:\Windows\System\qvaUqPH.exe
  2⤵
  PID:7136
- C:\Windows\System\sdWDdWq.exe
  C:\Windows\System\sdWDdWq.exe
  2⤵
  PID:1272
- C:\Windows\System\etPhHzD.exe
  C:\Windows\System\etPhHzD.exe
  2⤵
  PID:1672
- C:\Windows\System\xEwbmXH.exe
  C:\Windows\System\xEwbmXH.exe
  2⤵
  PID:1552
- C:\Windows\System\iiGrzQr.exe
  C:\Windows\System\iiGrzQr.exe
  2⤵
  PID:6364
- C:\Windows\System\ktWzCKp.exe
  C:\Windows\System\ktWzCKp.exe
  2⤵
  PID:6428
- C:\Windows\System\cdYADcZ.exe
  C:\Windows\System\cdYADcZ.exe
  2⤵
  PID:6276
- C:\Windows\System\zlReIvD.exe
  C:\Windows\System\zlReIvD.exe
  2⤵
  PID:6572
- C:\Windows\System\SIEMuiV.exe
  C:\Windows\System\SIEMuiV.exe
  2⤵
  PID:6476
- C:\Windows\System\KxcIgio.exe
  C:\Windows\System\KxcIgio.exe
  2⤵
  PID:6384
- C:\Windows\System\brOaZLs.exe
  C:\Windows\System\brOaZLs.exe
  2⤵
  PID:6596
- C:\Windows\System\CrhtRbW.exe
  C:\Windows\System\CrhtRbW.exe
  2⤵
  PID:6652
- C:\Windows\System\boORsih.exe
  C:\Windows\System\boORsih.exe
  2⤵
  PID:6696
- C:\Windows\System\jWXkJMA.exe
  C:\Windows\System\jWXkJMA.exe
  2⤵
  PID:6724
- C:\Windows\System\xTmoNMp.exe
  C:\Windows\System\xTmoNMp.exe
  2⤵
  PID:6956
- C:\Windows\System\YAVtegt.exe
  C:\Windows\System\YAVtegt.exe
  2⤵
  PID:6984
- C:\Windows\System\fupivFY.exe
  C:\Windows\System\fupivFY.exe
  2⤵
  PID:7112
- C:\Windows\System\slZJbOi.exe
  C:\Windows\System\slZJbOi.exe
  2⤵
  PID:7004
- C:\Windows\System\iMNdyAt.exe
  C:\Windows\System\iMNdyAt.exe
  2⤵
  PID:7072
- C:\Windows\System\sdVvpgb.exe
  C:\Windows\System\sdVvpgb.exe
  2⤵
  PID:6940
- C:\Windows\System\WieeCzL.exe
  C:\Windows\System\WieeCzL.exe
  2⤵
  PID:5156
- C:\Windows\System\NxiWtks.exe
  C:\Windows\System\NxiWtks.exe
  2⤵
  PID:6208
- C:\Windows\System\MFBitRd.exe
  C:\Windows\System\MFBitRd.exe
  2⤵
  PID:7160
- C:\Windows\System\eXijcze.exe
  C:\Windows\System\eXijcze.exe
  2⤵
  PID:7128
- C:\Windows\System\IEtquHl.exe
  C:\Windows\System\IEtquHl.exe
  2⤵
  PID:6920
- C:\Windows\System\vJQkmzR.exe
  C:\Windows\System\vJQkmzR.exe
  2⤵
  PID:6440
- C:\Windows\System\ENOVYhF.exe
  C:\Windows\System\ENOVYhF.exe
  2⤵
  PID:7148
- C:\Windows\System\iZjfkQp.exe
  C:\Windows\System\iZjfkQp.exe
  2⤵
  PID:6972
- C:\Windows\System\vmWXsKx.exe
  C:\Windows\System\vmWXsKx.exe
  2⤵
  PID:6796
- C:\Windows\System\EfUQDQJ.exe
  C:\Windows\System\EfUQDQJ.exe
  2⤵
  PID:6388
- C:\Windows\System\sHhZCSJ.exe
  C:\Windows\System\sHhZCSJ.exe
  2⤵
  PID:6460
- C:\Windows\System\VrhXbGK.exe
  C:\Windows\System\VrhXbGK.exe
  2⤵
  PID:6216
- C:\Windows\System\sEuvkgg.exe
  C:\Windows\System\sEuvkgg.exe
  2⤵
  PID:6860
- C:\Windows\System\NXbdBNY.exe
  C:\Windows\System\NXbdBNY.exe
  2⤵
  PID:6220
- C:\Windows\System\mauElVQ.exe
  C:\Windows\System\mauElVQ.exe
  2⤵
  PID:6636
- C:\Windows\System\DgpCCzE.exe
  C:\Windows\System\DgpCCzE.exe
  2⤵
  PID:6828
- C:\Windows\System\knstXoy.exe
  C:\Windows\System\knstXoy.exe
  2⤵
  PID:6260
- C:\Windows\System\YPCGGqk.exe
  C:\Windows\System\YPCGGqk.exe
  2⤵
  PID:6560
- C:\Windows\System\WRPLSRL.exe
  C:\Windows\System\WRPLSRL.exe
  2⤵
  PID:6812
- C:\Windows\System\DoMzOjQ.exe
  C:\Windows\System\DoMzOjQ.exe
  2⤵
  PID:6352
- C:\Windows\System\dABYnqH.exe
  C:\Windows\System\dABYnqH.exe
  2⤵
  PID:6224
- C:\Windows\System\DVcPwxL.exe
  C:\Windows\System\DVcPwxL.exe
  2⤵
  PID:7032
- C:\Windows\System\CDVGgOA.exe
  C:\Windows\System\CDVGgOA.exe
  2⤵
  PID:7020
- C:\Windows\System\hnoKuMK.exe
  C:\Windows\System\hnoKuMK.exe
  2⤵
  PID:6172
- C:\Windows\System\QBFWQrC.exe
  C:\Windows\System\QBFWQrC.exe
  2⤵
  PID:6320
- C:\Windows\System\lMxZYRw.exe
  C:\Windows\System\lMxZYRw.exe
  2⤵
  PID:7176
- C:\Windows\System\uBsFkNA.exe
  C:\Windows\System\uBsFkNA.exe
  2⤵
  PID:7204
- C:\Windows\System\gMtAyhT.exe
  C:\Windows\System\gMtAyhT.exe
  2⤵
  PID:7220
- C:\Windows\System\bBIvsky.exe
  C:\Windows\System\bBIvsky.exe
  2⤵
  PID:7236
- C:\Windows\System\exxOZoi.exe
  C:\Windows\System\exxOZoi.exe
  2⤵
  PID:7252
- C:\Windows\System\jrYKOBW.exe
  C:\Windows\System\jrYKOBW.exe
  2⤵
  PID:7276
- C:\Windows\System\CqsBGtN.exe
  C:\Windows\System\CqsBGtN.exe
  2⤵
  PID:7304
- C:\Windows\System\ECeBvHf.exe
  C:\Windows\System\ECeBvHf.exe
  2⤵
  PID:7324
- C:\Windows\System\LnSSTlP.exe
  C:\Windows\System\LnSSTlP.exe
  2⤵
  PID:7340
- C:\Windows\System\YWkkoPv.exe
  C:\Windows\System\YWkkoPv.exe
  2⤵
  PID:7356
- C:\Windows\System\WcdMOYK.exe
  C:\Windows\System\WcdMOYK.exe
  2⤵
  PID:7372
- C:\Windows\System\xRmfwVN.exe
  C:\Windows\System\xRmfwVN.exe
  2⤵
  PID:7404
- C:\Windows\System\DuBzFwE.exe
  C:\Windows\System\DuBzFwE.exe
  2⤵
  PID:7424
- C:\Windows\System\waCRqxy.exe
  C:\Windows\System\waCRqxy.exe
  2⤵
  PID:7444
- C:\Windows\System\molljtE.exe
  C:\Windows\System\molljtE.exe
  2⤵
  PID:7464
- C:\Windows\System\XIfVUxv.exe
  C:\Windows\System\XIfVUxv.exe
  2⤵
  PID:7480
- C:\Windows\System\WjWvUIa.exe
  C:\Windows\System\WjWvUIa.exe
  2⤵
  PID:7500
- C:\Windows\System\GHuSjBa.exe
  C:\Windows\System\GHuSjBa.exe
  2⤵
  PID:7516
- C:\Windows\System\TCLTimR.exe
  C:\Windows\System\TCLTimR.exe
  2⤵
  PID:7540
- C:\Windows\System\hXOREor.exe
  C:\Windows\System\hXOREor.exe
  2⤵
  PID:7556
- C:\Windows\System\HkwZwog.exe
  C:\Windows\System\HkwZwog.exe
  2⤵
  PID:7580
- C:\Windows\System\sYLwoOO.exe
  C:\Windows\System\sYLwoOO.exe
  2⤵
  PID:7600
- C:\Windows\System\bnGcGyA.exe
  C:\Windows\System\bnGcGyA.exe
  2⤵
  PID:7620
- C:\Windows\System\aeGlxuG.exe
  C:\Windows\System\aeGlxuG.exe
  2⤵
  PID:7636
- C:\Windows\System\aNyWdgy.exe
  C:\Windows\System\aNyWdgy.exe
  2⤵
  PID:7656
- C:\Windows\System\STsQJpK.exe
  C:\Windows\System\STsQJpK.exe
  2⤵
  PID:7672
- C:\Windows\System\gosLSEB.exe
  C:\Windows\System\gosLSEB.exe
  2⤵
  PID:7692
- C:\Windows\System\peeJRZp.exe
  C:\Windows\System\peeJRZp.exe
  2⤵
  PID:7716
- C:\Windows\System\TOxnuGM.exe
  C:\Windows\System\TOxnuGM.exe
  2⤵
  PID:7736
- C:\Windows\System\IXXTaYO.exe
  C:\Windows\System\IXXTaYO.exe
  2⤵
  PID:7752
- C:\Windows\System\aSxinaj.exe
  C:\Windows\System\aSxinaj.exe
  2⤵
  PID:7768
- C:\Windows\System\fCaCACA.exe
  C:\Windows\System\fCaCACA.exe
  2⤵
  PID:7784
- C:\Windows\System\qimxmyU.exe
  C:\Windows\System\qimxmyU.exe
  2⤵
  PID:7800
- C:\Windows\System\lLZODcs.exe
  C:\Windows\System\lLZODcs.exe
  2⤵
  PID:7848
- C:\Windows\System\NyuvlMp.exe
  C:\Windows\System\NyuvlMp.exe
  2⤵
  PID:7864
- C:\Windows\System\lAAkNMY.exe
  C:\Windows\System\lAAkNMY.exe
  2⤵
  PID:7888
- C:\Windows\System\vxIjcej.exe
  C:\Windows\System\vxIjcej.exe
  2⤵
  PID:7908
- C:\Windows\System\UuwiteS.exe
  C:\Windows\System\UuwiteS.exe
  2⤵
  PID:7924
- C:\Windows\System\bvGbQDg.exe
  C:\Windows\System\bvGbQDg.exe
  2⤵
  PID:7940
- C:\Windows\System\wadYpig.exe
  C:\Windows\System\wadYpig.exe
  2⤵
  PID:7956
- C:\Windows\System\TAKsCGQ.exe
  C:\Windows\System\TAKsCGQ.exe
  2⤵
  PID:7972
- C:\Windows\System\kjrOsDc.exe
  C:\Windows\System\kjrOsDc.exe
  2⤵
  PID:7988
- C:\Windows\System\YbybFRX.exe
  C:\Windows\System\YbybFRX.exe
  2⤵
  PID:8004
- C:\Windows\System\bPYLMbR.exe
  C:\Windows\System\bPYLMbR.exe
  2⤵
  PID:8020
- C:\Windows\System\DunfxwO.exe
  C:\Windows\System\DunfxwO.exe
  2⤵
  PID:8036
- C:\Windows\System\JxHpbaX.exe
  C:\Windows\System\JxHpbaX.exe
  2⤵
  PID:8060
- C:\Windows\System\wUOPUUg.exe
  C:\Windows\System\wUOPUUg.exe
  2⤵
  PID:8076
- C:\Windows\System\EIZWgnU.exe
  C:\Windows\System\EIZWgnU.exe
  2⤵
  PID:8096
- C:\Windows\System\iySTtWr.exe
  C:\Windows\System\iySTtWr.exe
  2⤵
  PID:8120
- C:\Windows\System\gVcEWkv.exe
  C:\Windows\System\gVcEWkv.exe
  2⤵
  PID:8144
- C:\Windows\System\YPJyzNS.exe
  C:\Windows\System\YPJyzNS.exe
  2⤵
  PID:8160
- C:\Windows\System\JFOBBnX.exe
  C:\Windows\System\JFOBBnX.exe
  2⤵
  PID:8176
- C:\Windows\System\GPXyaBQ.exe
  C:\Windows\System\GPXyaBQ.exe
  2⤵
  PID:6500
- C:\Windows\System\kkaxPll.exe
  C:\Windows\System\kkaxPll.exe
  2⤵
  PID:7264
- C:\Windows\System\PYNzcMz.exe
  C:\Windows\System\PYNzcMz.exe
  2⤵
  PID:6176
- C:\Windows\System\vWkZVKx.exe
  C:\Windows\System\vWkZVKx.exe
  2⤵
  PID:7300
- C:\Windows\System\AhoVTPB.exe
  C:\Windows\System\AhoVTPB.exe
  2⤵
  PID:7336
- C:\Windows\System\HVyQEmp.exe
  C:\Windows\System\HVyQEmp.exe
  2⤵
  PID:7320
- C:\Windows\System\wrMGNlr.exe
  C:\Windows\System\wrMGNlr.exe
  2⤵
  PID:7396
- C:\Windows\System\MKwDbyw.exe
  C:\Windows\System\MKwDbyw.exe
  2⤵
  PID:7416
- C:\Windows\System\DMpUGxb.exe
  C:\Windows\System\DMpUGxb.exe
  2⤵
  PID:7476
- C:\Windows\System\dpUfIpP.exe
  C:\Windows\System\dpUfIpP.exe
  2⤵
  PID:7452
- C:\Windows\System\EYIQwLp.exe
  C:\Windows\System\EYIQwLp.exe
  2⤵
  PID:7488
- C:\Windows\System\NIzlFSw.exe
  C:\Windows\System\NIzlFSw.exe
  2⤵
  PID:7588
- C:\Windows\System\gkkkegC.exe
  C:\Windows\System\gkkkegC.exe
  2⤵
  PID:7576
- C:\Windows\System\bKQHIzW.exe
  C:\Windows\System\bKQHIzW.exe
  2⤵
  PID:7700
- C:\Windows\System\LgMioQy.exe
  C:\Windows\System\LgMioQy.exe
  2⤵
  PID:7608
- C:\Windows\System\PgiNqqC.exe
  C:\Windows\System\PgiNqqC.exe
  2⤵
  PID:7644
- C:\Windows\System\DKdbgdh.exe
  C:\Windows\System\DKdbgdh.exe
  2⤵
  PID:7780
- C:\Windows\System\hwoBqMt.exe
  C:\Windows\System\hwoBqMt.exe
  2⤵
  PID:7824
- C:\Windows\System\PdKxbWA.exe
  C:\Windows\System\PdKxbWA.exe
  2⤵
  PID:7724
- C:\Windows\System\xSphStk.exe
  C:\Windows\System\xSphStk.exe
  2⤵
  PID:7836
- C:\Windows\System\KpJcfzf.exe
  C:\Windows\System\KpJcfzf.exe
  2⤵
  PID:7796
- C:\Windows\System\vSiQLFb.exe
  C:\Windows\System\vSiQLFb.exe
  2⤵
  PID:7860
- C:\Windows\System\wbxkVfV.exe
  C:\Windows\System\wbxkVfV.exe
  2⤵
  PID:7884
- C:\Windows\System\hQmunuf.exe
  C:\Windows\System\hQmunuf.exe
  2⤵
  PID:7952
- C:\Windows\System\emYXgxV.exe
  C:\Windows\System\emYXgxV.exe
  2⤵
  PID:8016
- C:\Windows\System\jcpGQZT.exe
  C:\Windows\System\jcpGQZT.exe
  2⤵
  PID:8056
- C:\Windows\System\ruIquRH.exe
  C:\Windows\System\ruIquRH.exe
  2⤵
  PID:8132
- C:\Windows\System\KqjYGHR.exe
  C:\Windows\System\KqjYGHR.exe
  2⤵
  PID:7896
- C:\Windows\System\AKRcznG.exe
  C:\Windows\System\AKRcznG.exe
  2⤵
  PID:7968
- C:\Windows\System\XJegdhn.exe
  C:\Windows\System\XJegdhn.exe
  2⤵
  PID:8032
- C:\Windows\System\EcyKdzl.exe
  C:\Windows\System\EcyKdzl.exe
  2⤵
  PID:8108
- C:\Windows\System\dzYKwaR.exe
  C:\Windows\System\dzYKwaR.exe
  2⤵
  PID:7900
- C:\Windows\System\doOJuhE.exe
  C:\Windows\System\doOJuhE.exe
  2⤵
  PID:8188
- C:\Windows\System\LCInLDI.exe
  C:\Windows\System\LCInLDI.exe
  2⤵
  PID:6680
- C:\Windows\System\LvggBZK.exe
  C:\Windows\System\LvggBZK.exe
  2⤵
  PID:7188
- C:\Windows\System\LEFWrUH.exe
  C:\Windows\System\LEFWrUH.exe
  2⤵
  PID:7228
- C:\Windows\System\ItXdOgz.exe
  C:\Windows\System\ItXdOgz.exe
  2⤵
  PID:7268
- C:\Windows\System\KyXqeaF.exe
  C:\Windows\System\KyXqeaF.exe
  2⤵
  PID:7272
- C:\Windows\System\ZaoQWmB.exe
  C:\Windows\System\ZaoQWmB.exe
  2⤵
  PID:7292
- C:\Windows\System\UMdOJxo.exe
  C:\Windows\System\UMdOJxo.exe
  2⤵
  PID:7332
- C:\Windows\System\vAAxUFI.exe
  C:\Windows\System\vAAxUFI.exe
  2⤵
  PID:7512
- C:\Windows\System\hysBYuk.exe
  C:\Windows\System\hysBYuk.exe
  2⤵
  PID:7528
- C:\Windows\System\MiIJNZO.exe
  C:\Windows\System\MiIJNZO.exe
  2⤵
  PID:7436
- C:\Windows\System\JiyFnSh.exe
  C:\Windows\System\JiyFnSh.exe
  2⤵
  PID:7628
- C:\Windows\System\ViyWFiv.exe
  C:\Windows\System\ViyWFiv.exe
  2⤵
  PID:7668
- C:\Windows\System\EBHfWsl.exe
  C:\Windows\System\EBHfWsl.exe
  2⤵
  PID:7568
- C:\Windows\System\iIYFWFn.exe
  C:\Windows\System\iIYFWFn.exe
  2⤵
  PID:7652
- C:\Windows\System\aSUOSZf.exe
  C:\Windows\System\aSUOSZf.exe
  2⤵
  PID:7844
- C:\Windows\System\kvVoJhM.exe
  C:\Windows\System\kvVoJhM.exe
  2⤵
  PID:7816
- C:\Windows\System\CjALmCe.exe
  C:\Windows\System\CjALmCe.exe
  2⤵
  PID:7812
- C:\Windows\System\lPRCUuW.exe
  C:\Windows\System\lPRCUuW.exe
  2⤵
  PID:8048
- C:\Windows\System\MYmwjot.exe
  C:\Windows\System\MYmwjot.exe
  2⤵
  PID:8136
- C:\Windows\System\tErrxyH.exe
  C:\Windows\System\tErrxyH.exe
  2⤵
  PID:8116
- C:\Windows\System\mLhLrsc.exe
  C:\Windows\System\mLhLrsc.exe
  2⤵
  PID:7964
- C:\Windows\System\CeHphwo.exe
  C:\Windows\System\CeHphwo.exe
  2⤵
  PID:8012
- C:\Windows\System\fmAcdFj.exe
  C:\Windows\System\fmAcdFj.exe
  2⤵
  PID:7196
- C:\Windows\System\idexQVU.exe
  C:\Windows\System\idexQVU.exe
  2⤵
  PID:8184
- C:\Windows\System\WIxeMBw.exe
  C:\Windows\System\WIxeMBw.exe
  2⤵
  PID:7368
- C:\Windows\System\dlFOzoM.exe
  C:\Windows\System\dlFOzoM.exe
  2⤵
  PID:6604
- C:\Windows\System\MXCPPft.exe
  C:\Windows\System\MXCPPft.exe
  2⤵
  PID:7432
- C:\Windows\System\kcCquix.exe
  C:\Windows\System\kcCquix.exe
  2⤵
  PID:7472
- C:\Windows\System\zEeyHKK.exe
  C:\Windows\System\zEeyHKK.exe
  2⤵
  PID:7712
- C:\Windows\System\sPyhoJF.exe
  C:\Windows\System\sPyhoJF.exe
  2⤵
  PID:7948
- C:\Windows\System\LPumgQN.exe
  C:\Windows\System\LPumgQN.exe
  2⤵
  PID:7688
- C:\Windows\System\ZgyFWsW.exe
  C:\Windows\System\ZgyFWsW.exe
  2⤵
  PID:8052
- C:\Windows\System\LKYucPN.exe
  C:\Windows\System\LKYucPN.exe
  2⤵
  PID:8172
- C:\Windows\System\YBcutxM.exe
  C:\Windows\System\YBcutxM.exe
  2⤵
  PID:7412
- C:\Windows\System\obivOPi.exe
  C:\Windows\System\obivOPi.exe
  2⤵
  PID:8156
- C:\Windows\System\kanlriN.exe
  C:\Windows\System\kanlriN.exe
  2⤵
  PID:7664
- C:\Windows\System\uXBveGs.exe
  C:\Windows\System\uXBveGs.exe
  2⤵
  PID:7532
- C:\Windows\System\ZlwJaYa.exe
  C:\Windows\System\ZlwJaYa.exe
  2⤵
  PID:8092
- C:\Windows\System\zTUihnk.exe
  C:\Windows\System\zTUihnk.exe
  2⤵
  PID:7684
- C:\Windows\System\KKkzQsY.exe
  C:\Windows\System\KKkzQsY.exe
  2⤵
  PID:7296
- C:\Windows\System\cqkNWWQ.exe
  C:\Windows\System\cqkNWWQ.exe
  2⤵
  PID:7832
- C:\Windows\System\dHDFGms.exe
  C:\Windows\System\dHDFGms.exe
  2⤵
  PID:7880
- C:\Windows\System\AFwwnYj.exe
  C:\Windows\System\AFwwnYj.exe
  2⤵
  PID:7260
- C:\Windows\System\fEJoPxv.exe
  C:\Windows\System\fEJoPxv.exe
  2⤵
  PID:8200
- C:\Windows\System\fBkrkhG.exe
  C:\Windows\System\fBkrkhG.exe
  2⤵
  PID:8216
- C:\Windows\System\uoqAgMY.exe
  C:\Windows\System\uoqAgMY.exe
  2⤵
  PID:8232
- C:\Windows\System\PQsImZU.exe
  C:\Windows\System\PQsImZU.exe
  2⤵
  PID:8248
- C:\Windows\System\lRUsvGd.exe
  C:\Windows\System\lRUsvGd.exe
  2⤵
  PID:8264
- C:\Windows\System\iZxgEpO.exe
  C:\Windows\System\iZxgEpO.exe
  2⤵
  PID:8280
- C:\Windows\System\eKrXRTd.exe
  C:\Windows\System\eKrXRTd.exe
  2⤵
  PID:8296
- C:\Windows\System\YPyedjj.exe
  C:\Windows\System\YPyedjj.exe
  2⤵
  PID:8312
- C:\Windows\System\aqAgVJW.exe
  C:\Windows\System\aqAgVJW.exe
  2⤵
  PID:8328
- C:\Windows\System\dhrvKGX.exe
  C:\Windows\System\dhrvKGX.exe
  2⤵
  PID:8344
- C:\Windows\System\evHzdMX.exe
  C:\Windows\System\evHzdMX.exe
  2⤵
  PID:8360
- C:\Windows\System\FbbGhVb.exe
  C:\Windows\System\FbbGhVb.exe
  2⤵
  PID:8380
- C:\Windows\System\XQaWzhD.exe
  C:\Windows\System\XQaWzhD.exe
  2⤵
  PID:8396
- C:\Windows\System\qRJjgyw.exe
  C:\Windows\System\qRJjgyw.exe
  2⤵
  PID:8420
- C:\Windows\System\yhuilgs.exe
  C:\Windows\System\yhuilgs.exe
  2⤵
  PID:8436
- C:\Windows\System\vnKdTBQ.exe
  C:\Windows\System\vnKdTBQ.exe
  2⤵
  PID:8452
- C:\Windows\System\TNdiJvc.exe
  C:\Windows\System\TNdiJvc.exe
  2⤵
  PID:8472
- C:\Windows\System\HqGBrpR.exe
  C:\Windows\System\HqGBrpR.exe
  2⤵
  PID:8488
- C:\Windows\System\WRBCSmw.exe
  C:\Windows\System\WRBCSmw.exe
  2⤵
  PID:8504
- C:\Windows\System\hezVuiC.exe
  C:\Windows\System\hezVuiC.exe
  2⤵
  PID:8732
- C:\Windows\System\ReXkhKU.exe
  C:\Windows\System\ReXkhKU.exe
  2⤵
  PID:8860
- C:\Windows\System\qwOidxW.exe
  C:\Windows\System\qwOidxW.exe
  2⤵
  PID:8876
- C:\Windows\System\dZxvJgt.exe
  C:\Windows\System\dZxvJgt.exe
  2⤵
  PID:8892
- C:\Windows\System\DPrRkJk.exe
  C:\Windows\System\DPrRkJk.exe
  2⤵
  PID:8920
- C:\Windows\System\GYIxIBD.exe
  C:\Windows\System\GYIxIBD.exe
  2⤵
  PID:8936
- C:\Windows\System\cTtXFqY.exe
  C:\Windows\System\cTtXFqY.exe
  2⤵
  PID:8952
- C:\Windows\System\OsdOYiZ.exe
  C:\Windows\System\OsdOYiZ.exe
  2⤵
  PID:8968
- C:\Windows\System\rRxoAHe.exe
  C:\Windows\System\rRxoAHe.exe
  2⤵
  PID:8992
- C:\Windows\System\NtrSOdK.exe
  C:\Windows\System\NtrSOdK.exe
  2⤵
  PID:9012
- C:\Windows\System\ONXwdih.exe
  C:\Windows\System\ONXwdih.exe
  2⤵
  PID:9028
- C:\Windows\System\cPXLHzy.exe
  C:\Windows\System\cPXLHzy.exe
  2⤵
  PID:9044
- C:\Windows\System\Zwtinuq.exe
  C:\Windows\System\Zwtinuq.exe
  2⤵
  PID:9064
- C:\Windows\System\lKzobIi.exe
  C:\Windows\System\lKzobIi.exe
  2⤵
  PID:9080
- C:\Windows\System\NVoGgPD.exe
  C:\Windows\System\NVoGgPD.exe
  2⤵
  PID:9112
- C:\Windows\System\PVgQedZ.exe
  C:\Windows\System\PVgQedZ.exe
  2⤵
  PID:9132
- C:\Windows\System\ErRaNbd.exe
  C:\Windows\System\ErRaNbd.exe
  2⤵
  PID:9148
- C:\Windows\System\sTKvmYD.exe
  C:\Windows\System\sTKvmYD.exe
  2⤵
  PID:9164
- C:\Windows\System\rsOFxYt.exe
  C:\Windows\System\rsOFxYt.exe
  2⤵
  PID:9180
- C:\Windows\System\NVkLjBB.exe
  C:\Windows\System\NVkLjBB.exe
  2⤵
  PID:9208
- C:\Windows\System\SUoziiE.exe
  C:\Windows\System\SUoziiE.exe
  2⤵
  PID:8224
- C:\Windows\System\TLJqewG.exe
  C:\Windows\System\TLJqewG.exe
  2⤵
  PID:8240
- C:\Windows\System\zgxkaCp.exe
  C:\Windows\System\zgxkaCp.exe
  2⤵
  PID:8304
- C:\Windows\System\UxafyKg.exe
  C:\Windows\System\UxafyKg.exe
  2⤵
  PID:8320
- C:\Windows\System\fsuOndt.exe
  C:\Windows\System\fsuOndt.exe
  2⤵
  PID:8292
- C:\Windows\System\ayEBvpj.exe
  C:\Windows\System\ayEBvpj.exe
  2⤵
  PID:8416
- C:\Windows\System\XTnooZo.exe
  C:\Windows\System\XTnooZo.exe
  2⤵
  PID:8388
- C:\Windows\System\XvOHqLJ.exe
  C:\Windows\System\XvOHqLJ.exe
  2⤵
  PID:8496
- C:\Windows\System\ClfcjSG.exe
  C:\Windows\System\ClfcjSG.exe
  2⤵
  PID:8544
- C:\Windows\System\TTmXFHJ.exe
  C:\Windows\System\TTmXFHJ.exe
  2⤵
  PID:8560
- C:\Windows\System\DiXeXzu.exe
  C:\Windows\System\DiXeXzu.exe
  2⤵
  PID:8576
- C:\Windows\System\PabBYHI.exe
  C:\Windows\System\PabBYHI.exe
  2⤵
  PID:8592
- C:\Windows\System\hQHZCHO.exe
  C:\Windows\System\hQHZCHO.exe
  2⤵
  PID:8620
- C:\Windows\System\xfJgHbB.exe
  C:\Windows\System\xfJgHbB.exe
  2⤵
  PID:8636
- C:\Windows\System\KMbUqCI.exe
  C:\Windows\System\KMbUqCI.exe
  2⤵
  PID:8652
- C:\Windows\System\HAHcbWF.exe
  C:\Windows\System\HAHcbWF.exe
  2⤵
  PID:8696
- C:\Windows\System\WhQgkkY.exe
  C:\Windows\System\WhQgkkY.exe
  2⤵
  PID:8720
- C:\Windows\System\sjjGtax.exe
  C:\Windows\System\sjjGtax.exe
  2⤵
  PID:8748
- C:\Windows\System\vvChASp.exe
  C:\Windows\System\vvChASp.exe
  2⤵
  PID:8756
- C:\Windows\System\ODKpARP.exe
  C:\Windows\System\ODKpARP.exe
  2⤵
  PID:8784
- C:\Windows\System\aJsnseQ.exe
  C:\Windows\System\aJsnseQ.exe
  2⤵
  PID:8808
- C:\Windows\System\ndbtefm.exe
  C:\Windows\System\ndbtefm.exe
  2⤵
  PID:8816
- C:\Windows\System\rzpMaVF.exe
  C:\Windows\System\rzpMaVF.exe
  2⤵
  PID:8840
- C:\Windows\System\IHpYYcE.exe
  C:\Windows\System\IHpYYcE.exe
  2⤵
  PID:8888
- C:\Windows\System\ZwdJgBX.exe
  C:\Windows\System\ZwdJgBX.exe
  2⤵
  PID:8908
- C:\Windows\System\KDiEhrP.exe
  C:\Windows\System\KDiEhrP.exe
  2⤵
  PID:8944
- C:\Windows\System\tyaxpyO.exe
  C:\Windows\System\tyaxpyO.exe
  2⤵
  PID:8988
- C:\Windows\System\ibonbiV.exe
  C:\Windows\System\ibonbiV.exe
  2⤵
  PID:9008
- C:\Windows\System\rHMjMiO.exe
  C:\Windows\System\rHMjMiO.exe
  2⤵
  PID:9056
- C:\Windows\System\VhnvWvy.exe
  C:\Windows\System\VhnvWvy.exe
  2⤵
  PID:9040
- C:\Windows\System\EqLRQUT.exe
  C:\Windows\System\EqLRQUT.exe
  2⤵
  PID:9104
- C:\Windows\System\fwAvigj.exe
  C:\Windows\System\fwAvigj.exe
  2⤵
  PID:9172
- C:\Windows\System\NVvfQNG.exe
  C:\Windows\System\NVvfQNG.exe
  2⤵
  PID:8276
- C:\Windows\System\nTBzdOI.exe
  C:\Windows\System\nTBzdOI.exe
  2⤵
  PID:8352
- C:\Windows\System\QRLZFjB.exe
  C:\Windows\System\QRLZFjB.exe
  2⤵
  PID:9120
- C:\Windows\System\oZycAKB.exe
  C:\Windows\System\oZycAKB.exe
  2⤵
  PID:9124
- C:\Windows\System\lZticpu.exe
  C:\Windows\System\lZticpu.exe
  2⤵
  PID:8288
- C:\Windows\System\qjXbTNz.exe
  C:\Windows\System\qjXbTNz.exe
  2⤵
  PID:8392
- C:\Windows\System\xKrtzpX.exe
  C:\Windows\System\xKrtzpX.exe
  2⤵
  PID:8480
- C:\Windows\System\AimNJgV.exe
  C:\Windows\System\AimNJgV.exe
  2⤵
  PID:7384
- C:\Windows\System\hpsgduQ.exe
  C:\Windows\System\hpsgduQ.exe
  2⤵
  PID:8600
- C:\Windows\System\dfCpxFu.exe
  C:\Windows\System\dfCpxFu.exe
  2⤵
  PID:8616
- C:\Windows\System\sgEMWMT.exe
  C:\Windows\System\sgEMWMT.exe
  2⤵
  PID:8632
- C:\Windows\System\LOlOBny.exe
  C:\Windows\System\LOlOBny.exe
  2⤵
  PID:8668
- C:\Windows\System\UFzXbXn.exe
  C:\Windows\System\UFzXbXn.exe
  2⤵
  PID:8404
- C:\Windows\System\XGfdgPq.exe
  C:\Windows\System\XGfdgPq.exe
  2⤵
  PID:8724
- C:\Windows\System\ZOSvkBy.exe
  C:\Windows\System\ZOSvkBy.exe
  2⤵
  PID:8728
- C:\Windows\System\qNpIojZ.exe
  C:\Windows\System\qNpIojZ.exe
  2⤵
  PID:8812
- C:\Windows\System\hctQWZH.exe
  C:\Windows\System\hctQWZH.exe
  2⤵
  PID:8856
- C:\Windows\System\ArDKNsK.exe
  C:\Windows\System\ArDKNsK.exe
  2⤵
  PID:8948
- C:\Windows\System\ESWavyZ.exe
  C:\Windows\System\ESWavyZ.exe
  2⤵
  PID:9036
- C:\Windows\System\rOXoskI.exe
  C:\Windows\System\rOXoskI.exe
  2⤵
  PID:9076
- C:\Windows\System\GmmCxvb.exe
  C:\Windows\System\GmmCxvb.exe
  2⤵
  PID:9188
- C:\Windows\System\IuSJkoN.exe
  C:\Windows\System\IuSJkoN.exe
  2⤵
  PID:9100
- C:\Windows\System\nITLYTe.exe
  C:\Windows\System\nITLYTe.exe
  2⤵
  PID:9140
- C:\Windows\System\qLdTatr.exe
  C:\Windows\System\qLdTatr.exe
  2⤵
  PID:8356
- C:\Windows\System\YsDCPRl.exe
  C:\Windows\System\YsDCPRl.exe
  2⤵
  PID:8432
- C:\Windows\System\gJOPiHn.exe
  C:\Windows\System\gJOPiHn.exe
  2⤵
  PID:8500
- C:\Windows\System\cvAkGWy.exe
  C:\Windows\System\cvAkGWy.exe
  2⤵
  PID:8484
- C:\Windows\System\dSRTfSt.exe
  C:\Windows\System\dSRTfSt.exe
  2⤵
  PID:8692
- C:\Windows\System\isEWCjf.exe
  C:\Windows\System\isEWCjf.exe
  2⤵
  PID:8788
- C:\Windows\System\VomBvfz.exe
  C:\Windows\System\VomBvfz.exe
  2⤵
  PID:8704
- C:\Windows\System\VgdDCsQ.exe
  C:\Windows\System\VgdDCsQ.exe
  2⤵
  PID:8868
- C:\Windows\System\rEynHTa.exe
  C:\Windows\System\rEynHTa.exe
  2⤵
  PID:8904
- C:\Windows\System\iycJZQg.exe
  C:\Windows\System\iycJZQg.exe
  2⤵
  PID:9052
- C:\Windows\System\pGgGyHw.exe
  C:\Windows\System\pGgGyHw.exe
  2⤵
  PID:7316
- C:\Windows\System\ZnxziOb.exe
  C:\Windows\System\ZnxziOb.exe
  2⤵
  PID:8428
- C:\Windows\System\DIttusW.exe
  C:\Windows\System\DIttusW.exe
  2⤵
  PID:8340
- C:\Windows\System\EeUlnaa.exe
  C:\Windows\System\EeUlnaa.exe
  2⤵
  PID:8572
- C:\Windows\System\UolgWBj.exe
  C:\Windows\System\UolgWBj.exe
  2⤵
  PID:8672
- C:\Windows\System\cuEepTW.exe
  C:\Windows\System\cuEepTW.exe
  2⤵
  PID:8832
- C:\Windows\System\MerXmSw.exe
  C:\Windows\System\MerXmSw.exe
  2⤵
  PID:8916
- C:\Windows\System\WsDbeJF.exe
  C:\Windows\System\WsDbeJF.exe
  2⤵
  PID:8540
- C:\Windows\System\hVAEKZA.exe
  C:\Windows\System\hVAEKZA.exe
  2⤵
  PID:8208
- C:\Windows\System\eMykLYs.exe
  C:\Windows\System\eMykLYs.exe
  2⤵
  PID:9144
- C:\Windows\System\DNqpmWB.exe
  C:\Windows\System\DNqpmWB.exe
  2⤵
  PID:8688
- C:\Windows\System\LhywFji.exe
  C:\Windows\System\LhywFji.exe
  2⤵
  PID:8644
- C:\Windows\System\oEyNIZJ.exe
  C:\Windows\System\oEyNIZJ.exe
  2⤵
  PID:8928
- C:\Windows\System\VSvHnLC.exe
  C:\Windows\System\VSvHnLC.exe
  2⤵
  PID:8272
- C:\Windows\System\xVxtJGU.exe
  C:\Windows\System\xVxtJGU.exe
  2⤵
  PID:8824
- C:\Windows\System\zhtkicY.exe
  C:\Windows\System\zhtkicY.exe
  2⤵
  PID:8740
- C:\Windows\System\FMBvNDT.exe
  C:\Windows\System\FMBvNDT.exe
  2⤵
  PID:8684
- C:\Windows\System\SwbmOSa.exe
  C:\Windows\System\SwbmOSa.exe
  2⤵
  PID:7536
- C:\Windows\System\YVNOWXg.exe
  C:\Windows\System\YVNOWXg.exe
  2⤵
  PID:8680
- C:\Windows\System\xiSPmnr.exe
  C:\Windows\System\xiSPmnr.exe
  2⤵
  PID:8000
- C:\Windows\System\GBsVoCC.exe
  C:\Windows\System\GBsVoCC.exe
  2⤵
  PID:9236
- C:\Windows\System\mYUkANc.exe
  C:\Windows\System\mYUkANc.exe
  2⤵
  PID:9264
- C:\Windows\System\BVOpDyG.exe
  C:\Windows\System\BVOpDyG.exe
  2⤵
  PID:9280
- C:\Windows\System\JshUSCI.exe
  C:\Windows\System\JshUSCI.exe
  2⤵
  PID:9296
- C:\Windows\System\mOxtRXu.exe
  C:\Windows\System\mOxtRXu.exe
  2⤵
  PID:9316
- C:\Windows\System\lMgHZXA.exe
  C:\Windows\System\lMgHZXA.exe
  2⤵
  PID:9336
- C:\Windows\System\xOvvvCN.exe
  C:\Windows\System\xOvvvCN.exe
  2⤵
  PID:9364
- C:\Windows\System\jNJoAJP.exe
  C:\Windows\System\jNJoAJP.exe
  2⤵
  PID:9380
- C:\Windows\System\gPQcBUl.exe
  C:\Windows\System\gPQcBUl.exe
  2⤵
  PID:9400
- C:\Windows\System\WTeRKkn.exe
  C:\Windows\System\WTeRKkn.exe
  2⤵
  PID:9416
- C:\Windows\System\eEraUMu.exe
  C:\Windows\System\eEraUMu.exe
  2⤵
  PID:9432
- C:\Windows\System\hWjGvST.exe
  C:\Windows\System\hWjGvST.exe
  2⤵
  PID:9456
- C:\Windows\System\rAiMQYF.exe
  C:\Windows\System\rAiMQYF.exe
  2⤵
  PID:9480
- C:\Windows\System\ujbqwkT.exe
  C:\Windows\System\ujbqwkT.exe
  2⤵
  PID:9496
- C:\Windows\System\LMHtkeR.exe
  C:\Windows\System\LMHtkeR.exe
  2⤵
  PID:9512
- C:\Windows\System\SzwfxHp.exe
  C:\Windows\System\SzwfxHp.exe
  2⤵
  PID:9528
- C:\Windows\System\oYojOMw.exe
  C:\Windows\System\oYojOMw.exe
  2⤵
  PID:9544
- C:\Windows\System\cDmoriu.exe
  C:\Windows\System\cDmoriu.exe
  2⤵
  PID:9588
- C:\Windows\System\HUTSEbM.exe
  C:\Windows\System\HUTSEbM.exe
  2⤵
  PID:9604
- C:\Windows\System\SFiTPDC.exe
  C:\Windows\System\SFiTPDC.exe
  2⤵
  PID:9624
- C:\Windows\System\UpYkHwH.exe
  C:\Windows\System\UpYkHwH.exe
  2⤵
  PID:9644
- C:\Windows\System\kQWOYHH.exe
  C:\Windows\System\kQWOYHH.exe
  2⤵
  PID:9664
- C:\Windows\System\pPXPWtf.exe
  C:\Windows\System\pPXPWtf.exe
  2⤵
  PID:9680
- C:\Windows\System\MPAnpmG.exe
  C:\Windows\System\MPAnpmG.exe
  2⤵
  PID:9704
- C:\Windows\System\rYeFrjM.exe
  C:\Windows\System\rYeFrjM.exe
  2⤵
  PID:9720
- C:\Windows\System\MragWri.exe
  C:\Windows\System\MragWri.exe
  2⤵
  PID:9748
- C:\Windows\System\VrAcgVq.exe
  C:\Windows\System\VrAcgVq.exe
  2⤵
  PID:9764
- C:\Windows\System\hrtwAVv.exe
  C:\Windows\System\hrtwAVv.exe
  2⤵
  PID:9784
- C:\Windows\System\qJXQcUI.exe
  C:\Windows\System\qJXQcUI.exe
  2⤵
  PID:9804
- C:\Windows\System\OqWcpez.exe
  C:\Windows\System\OqWcpez.exe
  2⤵
  PID:9824
- C:\Windows\System\YbLLWXC.exe
  C:\Windows\System\YbLLWXC.exe
  2⤵
  PID:9844
- C:\Windows\System\lLpSQsn.exe
  C:\Windows\System\lLpSQsn.exe
  2⤵
  PID:9860
- C:\Windows\System\aefHKex.exe
  C:\Windows\System\aefHKex.exe
  2⤵
  PID:9880
- C:\Windows\System\EHUftiR.exe
  C:\Windows\System\EHUftiR.exe
  2⤵
  PID:9904
- C:\Windows\System\yPWWcTd.exe
  C:\Windows\System\yPWWcTd.exe
  2⤵
  PID:9920
- C:\Windows\System\wdtxecU.exe
  C:\Windows\System\wdtxecU.exe
  2⤵
  PID:9936
- C:\Windows\System\wHRSQMg.exe
  C:\Windows\System\wHRSQMg.exe
  2⤵
  PID:9952
- C:\Windows\System\tufRpRj.exe
  C:\Windows\System\tufRpRj.exe
  2⤵
  PID:9968
- C:\Windows\System\jazPHgd.exe
  C:\Windows\System\jazPHgd.exe
  2⤵
  PID:9984
- C:\Windows\System\MIDidIz.exe
  C:\Windows\System\MIDidIz.exe
  2⤵
  PID:10000
- C:\Windows\System\djpKIpE.exe
  C:\Windows\System\djpKIpE.exe
  2⤵
  PID:10016
- C:\Windows\System\jtYOFtl.exe
  C:\Windows\System\jtYOFtl.exe
  2⤵
  PID:10036
- C:\Windows\System\DtLGTtL.exe
  C:\Windows\System\DtLGTtL.exe
  2⤵
  PID:10056
- C:\Windows\System\NlXKABB.exe
  C:\Windows\System\NlXKABB.exe
  2⤵
  PID:10076
- C:\Windows\System\woQrvER.exe
  C:\Windows\System\woQrvER.exe
  2⤵
  PID:10092
- C:\Windows\System\eQQlNja.exe
  C:\Windows\System\eQQlNja.exe
  2⤵
  PID:10112
- C:\Windows\System\BaipHJM.exe
  C:\Windows\System\BaipHJM.exe
  2⤵
  PID:10140
- C:\Windows\System\IDksWJy.exe
  C:\Windows\System\IDksWJy.exe
  2⤵
  PID:10180
- C:\Windows\System\tUxFSEF.exe
  C:\Windows\System\tUxFSEF.exe
  2⤵
  PID:10200
- C:\Windows\System\RxpxBnJ.exe
  C:\Windows\System\RxpxBnJ.exe
  2⤵
  PID:10224
- C:\Windows\System\fUaKpRD.exe
  C:\Windows\System\fUaKpRD.exe
  2⤵
  PID:8568
- C:\Windows\System\cwikOUZ.exe
  C:\Windows\System\cwikOUZ.exe
  2⤵
  PID:9232
- C:\Windows\System\EeyVBSj.exe
  C:\Windows\System\EeyVBSj.exe
  2⤵
  PID:9256
- C:\Windows\System\SduWYVO.exe
  C:\Windows\System\SduWYVO.exe
  2⤵
  PID:9328
- C:\Windows\System\qfHmLHS.exe
  C:\Windows\System\qfHmLHS.exe
  2⤵
  PID:9352
- C:\Windows\System\tZhzrQV.exe
  C:\Windows\System\tZhzrQV.exe
  2⤵
  PID:9376
- C:\Windows\System\VqXcRQq.exe
  C:\Windows\System\VqXcRQq.exe
  2⤵
  PID:9424
- C:\Windows\System\gLMKVJr.exe
  C:\Windows\System\gLMKVJr.exe
  2⤵
  PID:9428
- C:\Windows\System\BXBYLaI.exe
  C:\Windows\System\BXBYLaI.exe
  2⤵
  PID:9476
- C:\Windows\System\KqZeVkg.exe
  C:\Windows\System\KqZeVkg.exe
  2⤵
  PID:9508
- C:\Windows\System\NsPxvDF.exe
  C:\Windows\System\NsPxvDF.exe
  2⤵
  PID:9536
- C:\Windows\System\zfPVMNE.exe
  C:\Windows\System\zfPVMNE.exe
  2⤵
  PID:9564
- C:\Windows\System\ZSVMxvM.exe
  C:\Windows\System\ZSVMxvM.exe
  2⤵
  PID:9584
- C:\Windows\System\EOFpiJJ.exe
  C:\Windows\System\EOFpiJJ.exe
  2⤵
  PID:9616
- C:\Windows\System\vshQzsu.exe
  C:\Windows\System\vshQzsu.exe
  2⤵
  PID:9636
- C:\Windows\System\ptfMcHb.exe
  C:\Windows\System\ptfMcHb.exe
  2⤵
  PID:9672
- C:\Windows\System\ABXuSgl.exe
  C:\Windows\System\ABXuSgl.exe
  2⤵
  PID:9696
- C:\Windows\System\eSruEDW.exe
  C:\Windows\System\eSruEDW.exe
  2⤵
  PID:9716
- C:\Windows\System\uBBzQNR.exe
  C:\Windows\System\uBBzQNR.exe
  2⤵
  PID:9760
- C:\Windows\System\XodvyYT.exe
  C:\Windows\System\XodvyYT.exe
  2⤵
  PID:9776
- C:\Windows\System\FkLHCwR.exe
  C:\Windows\System\FkLHCwR.exe
  2⤵
  PID:9812
- C:\Windows\System\voLAuhf.exe
  C:\Windows\System\voLAuhf.exe
  2⤵
  PID:9836
- C:\Windows\System\AbMUooA.exe
  C:\Windows\System\AbMUooA.exe
  2⤵
  PID:9888
- C:\Windows\System\UDHniui.exe
  C:\Windows\System\UDHniui.exe
  2⤵
  PID:9896
- C:\Windows\System\reasOkm.exe
  C:\Windows\System\reasOkm.exe
  2⤵
  PID:9932
- C:\Windows\System\yzqcCTQ.exe
  C:\Windows\System\yzqcCTQ.exe
  2⤵
  PID:9964
- C:\Windows\System\TspVMgK.exe
  C:\Windows\System\TspVMgK.exe
  2⤵
  PID:9916
- C:\Windows\System\BSdpEED.exe
  C:\Windows\System\BSdpEED.exe
  2⤵
  PID:10100
- C:\Windows\System\BiMKbDI.exe
  C:\Windows\System\BiMKbDI.exe
  2⤵
  PID:10008
- C:\Windows\System\OEcRZPS.exe
  C:\Windows\System\OEcRZPS.exe
  2⤵
  PID:10088
- C:\Windows\System\fjfWVYC.exe
  C:\Windows\System\fjfWVYC.exe
  2⤵
  PID:10128
- C:\Windows\System\nrBrysf.exe
  C:\Windows\System\nrBrysf.exe
  2⤵
  PID:10152
- C:\Windows\System\tYaywBQ.exe
  C:\Windows\System\tYaywBQ.exe
  2⤵
  PID:9224
- C:\Windows\System\taKjNcc.exe
  C:\Windows\System\taKjNcc.exe
  2⤵
  PID:9260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AqffPdP.exe

Filesize
8B

MD5
171d8cdad6c958664bc64b7ac9acc7db

SHA1
34a8b0bf4a2feda43ec85c448bceefbc82f2f806

SHA256
827aa895e801414fdc25ed54edde8897f8082b73e3a25ae1d28da88ad659c91a

SHA512
7a7f61ccbebf5563361a9ef7ed04c9ac68f4770b47b9ed16c3667f36ab43a3927ff06f300d3f2d0847d0a65f0339e87b9eeed647795388cb9b6fa4e687661f1e

Download Submit
C:\Windows\system\BlGTXCb.exe

Filesize
6.0MB

MD5
729d03b496ab372a24f717e6f329438c

SHA1
5caf11b1ead71e82923b187cbf0022a1d7cb8a02

SHA256
e62c98d0b9e9a17d6f0d54642ed695e5e72b8885ce43a99214eefb4d248eff4c

SHA512
d0bc8d4cf4e3fd5d7154b2411908574c83a1f56d5e88d4430a590c7515022017aa25dca26a3f5aa00bf5d8ef6be51bad719b683bdaf9fe5ce23a40d373d55774

Download Submit
C:\Windows\system\ExsIMWb.exe

Filesize
6.0MB

MD5
16fae3217b3aa3ccac0d61d1c9d2b159

SHA1
258a16aa99e867b188bb77eadfb741cbe34d9d9b

SHA256
8da2f18f8e637336794b5376aaea889e85bfcb54955dcffb490ea184dd7adea2

SHA512
326f1e15dc9117327c23fa2d0210265d9aebcdfbb0c35f7338db0e90054982190273f399e9bbdb376ea39445162023607a650d2c9dc8e59ecd9ddb8f260be9cc

Download Submit
C:\Windows\system\HbZBPEB.exe

Filesize
6.0MB

MD5
66de4bbad89780ed4be21803cbc47076

SHA1
e2ccc3f84c71d0ad1c3edcde115591bda3b8e0cf

SHA256
0b46fc76a11413cd1e65de790c8ebc4ee632211f6fc10d6a9a3b8f1647129721

SHA512
7056baf8e31abc55424215134e5f2786d376dfacde9222cd44fd94a31e67670cce6eb47fb2bae951f06571e545a18891d01d25b4fa50aaec7e19b3edb5f85df9

Download Submit
C:\Windows\system\HvwzuIS.exe

Filesize
6.0MB

MD5
9a945f276c4eebad80a120d59583131b

SHA1
9317e3aea396117b1ec02519bb44121904f1bab4

SHA256
6877ff4a975ba7d5d742b8081e29f8ad053674c68b1f2d663064eb174b9ee0bc

SHA512
0a3a7e2f7929c3525398527bf815d01e43a8314d37179229a73b3276f5dffb9937bf5a393d8301d0bb6c1a9435b3caf2e878d14be043ae459e2a1f2be346c683

Download Submit
C:\Windows\system\IPLiqpA.exe

Filesize
6.0MB

MD5
89504ec5799ca2a6f15a7c5974596986

SHA1
b2b923bdcdb995ac58509221f50598b52e9a10fc

SHA256
926d79c70e07ea95330d1f3ff61a14146785c065ab7bc1f2b20c01e33cbfde8c

SHA512
5465de1e88e96265df2e78ea6b2e52ae8db67bcc21272845473076c2eb38e2b8184d1838e4e2c9940fb0d02c3555e0a0acd0dc79c38ef212832438c1f8be6571

Download Submit
C:\Windows\system\JvUdfFh.exe

Filesize
6.0MB

MD5
e3da1d848c824f354bf8e8738eda1278

SHA1
515c5a349c5a40bd88b3b62fba4b49047a4c5068

SHA256
dabb0debe7bf0fe0dd1549923a9ac758bb6f5170014617739b50d88650e6edc7

SHA512
89ce29e97134558880b3b086d3e29f52a814b2ba250ab130b527762cfe6560eafe18d31a9ca54bcf8593115d907deb7b70ee912ba4d34a2684d0621371e9e807

Download Submit
C:\Windows\system\Kbgsuzx.exe

Filesize
6.0MB

MD5
e080a8b3c6e98b68c71b24a61585bbc4

SHA1
bdf8784209fb2dd389ea72ad8c155278a51caed2

SHA256
9c8859e200f2c754ed549088f87f0caa6736c20b158c8b57ec819511641baaf4

SHA512
84cd06be0f23278cb534f597ad0e7db50042e2694c66315ae3ffd6341a4dbea5a06d545597b6d73be3dfe7ad86794e0f3f74c6da84ff56971a58510cf132d603

Download Submit
C:\Windows\system\LRgkhdX.exe

Filesize
6.0MB

MD5
91fe05d5f7798226620f059ba15bf482

SHA1
38e20f228c39cf2c1e1358f4679ba6cd48055330

SHA256
8e606e02748b20161ae82d6286a010d26e2f392774d76953dfcb86da8baf09e3

SHA512
5dd548310fa34468e04bdc40586ae952f2849ba16ddd4bf7b4320f3e68706224d68471615f89062323ac7b1d65e28d3889648484b7e668ace301bd4eb34a5171

Download Submit
C:\Windows\system\LiSjbBc.exe

Filesize
6.0MB

MD5
3ec53a0cc3d28600561a4fdf685fe1a0

SHA1
cbc565e540a6e78f18e503b733d13d77cadd04eb

SHA256
b120ef999d036a17c9fdc87216380cd6a4f5fd90c2d4cdb9d2c9c648b8b781f0

SHA512
61ed8e0d73c5f067315d9a7ea73dabb98160db091430b68721087b704b7a1a7ff061293e9ce3bb313a2751e3ca9fda5fa07805fa5aea2321c8ef81527fd11a0c

Download Submit
C:\Windows\system\LyVCPgI.exe

Filesize
6.0MB

MD5
d07b247ab5d5e197600ce2766a0b6db8

SHA1
4086bcfc24f77d0811dfb650a33ff65cd6faf426

SHA256
682d887513b7f63e899791dc5b791c7a1d7ea8330eb39a331e6887668d0c0029

SHA512
d5ccbba26532474204129717218b64255e85f4bf0dad748b8e5b0a617294da9f2b4a348684d6249ce4e8c545367868e2fd0bb5bf413d05b0bf2ebf14dd24f0c0

Download Submit
C:\Windows\system\OeQgrXg.exe

Filesize
6.0MB

MD5
7153a110f442897f8bc6f2de4bcd48f2

SHA1
6ecdbfd6a5a3cf157b9e8eb8b8c87ed2c5087a9d

SHA256
6616d59fa250f2eccb207a046009ca4e13962e7eee071fd9b8ae6a4e6b030e5a

SHA512
6e6c8f1daa6bd13ab7147a38d4bcfe3ba9f52b5678d9b63bce01cd36aeb952b0955e2fb6d11332ca9dcb932f42fe0c25ee74d67eac705f4848bb32301dedbebd

Download Submit
C:\Windows\system\RGepoAg.exe

Filesize
6.0MB

MD5
143e55c026d0d6a81550f156fa55770b

SHA1
ff0c155fe2f9000b7d24ffe24da96c557873bd6b

SHA256
af78a32ad5d6514cf79d8251773222cbf4a217f3b210be2ee72187aefa21f107

SHA512
602a89a1267cd4d270775d63736560ccb69433e766d87092ef3afc5133ef813caa6425e01011a56f945e1465ece6b5fb8b04b8f34298b1855e3ed2e158dd9aca

Download Submit
C:\Windows\system\RrZFlCA.exe

Filesize
6.0MB

MD5
9e2f7c0365462259152b357f2176f6ee

SHA1
747b044ceda0d9dd3de7a7294208cb1a0678d841

SHA256
03c2d4f318c490996e7da431d57fcd72d74a5674ba89b24fbe0caee9310203f3

SHA512
dbbdbd8aaea05d7455ba6401a4ffd1f5e1a5bdb1adb9813509c74a8a7960c423866d0d04b2decd4241f16e461fd0bfa8a8dd4f34e55b0448b56c279faaeb54c2

Download Submit
C:\Windows\system\StBtdAo.exe

Filesize
6.0MB

MD5
f2fd57bdb532783eaf01dedf4fc3655d

SHA1
115ec61beb58bf17c09ade2898e75030f9d979c2

SHA256
fbe5006d2a3cff3a510cf9b7bdc72e98379bf6bd6bfc238a8b3160914e1f2db8

SHA512
54b5460994319b6f62f96c945667cc68cc6200ff6ded7895d30ab7c415ec2e9c83e1b03c1686e1eaffa6514d971eb1c59d8c41453edc21f77953965fe6972b24

Download Submit
C:\Windows\system\TypKYxE.exe

Filesize
6.0MB

MD5
3ca6481790800b66675391c073b137db

SHA1
c2172ae7e369aacdd0aa6fadeabf726ce170f6ae

SHA256
5f5448bce645a3f0ac41fe3b6d4070961616bcdeda1074fa7629bb294c30899a

SHA512
a6b68e1f81357e9601f59120e5ef9b28bca7315067af86b0013f38b3fcd3ac02e375b4fe0950c7e00d187215c6d17ca9aceebad2dc557fc2cd5963f46472b42e

Download Submit
C:\Windows\system\VrwuQti.exe

Filesize
6.0MB

MD5
8a96a88840fd82b721768a3a13d0eee2

SHA1
e3f55e10c8c2a96f61792e0aba8aedd1940438d3

SHA256
a37bfe6a71781610ad321851691f91820c32938fffa3b09578996ca082e66a51

SHA512
a21411a74b80127d6b796a6569bab0c4f7a8bcce8c3c18c7038a5e69fbe6e931724e9a7e2f17ae08a14c93493b675ad74aa42b58b93a4927a666e44933428125

Download Submit
C:\Windows\system\YQqYvJV.exe

Filesize
6.0MB

MD5
52ed9151de43fa78c5e378c1db501874

SHA1
94c9d8a5b5167986477cb873617abf41f94c35bc

SHA256
254c4faa796a0b96c6c2f718eb33fa925862d3f75232359571f2ce76682ae662

SHA512
965b44cc590923addc356a250679d196cf38962f231cf156128234be5b0b842736349cea8c5225054520875a809ecdcbe667aaa187ab9d02143919076812ebe1

Download Submit
C:\Windows\system\expvNFC.exe

Filesize
6.0MB

MD5
59619c9327915901b5dae8cde1b8ddee

SHA1
d91765f0e507a659a9ed4b73ef91a906405ccfa0

SHA256
7bd231bff341cf0c4a27eecd022c209be80e78841028b2809fe0c433e632f565

SHA512
fbece2af3256f15ebd9c7ade5645523bc58b1df3b0c5e0fc1c73c6bc096967020eb3f7204949e5e003857677032152ccbd7a5e02844cf248f14d2e4c362b2b7d

Download Submit
C:\Windows\system\hsdqBfa.exe

Filesize
6.0MB

MD5
720bf13356d19c42fe33da1bd3fc6f0a

SHA1
ee62de0940cfbfb10b4f883b3ed8edcca1871755

SHA256
8bd00c7df01cdd020bf7b6864eb54072a4bd7a2b285dd9bbbf39e79cba685827

SHA512
2d5a9582bef51caa94cbc7df80acb13eff26c85642f51306ab54b5e6c24fe24c4ac3d464e8a869cdbd0ee9134965c4f0b4ea6306306c1f7e5bd93472245c5e73

Download Submit
C:\Windows\system\pKhMqSw.exe

Filesize
6.0MB

MD5
25cf849ce45b29188ccb5f115ecd0a66

SHA1
8834c0d498c410af8ca20e3b28def418eb7ffde7

SHA256
6726a45009e52fa7601f56152b2688b5de6abdddc2fb394db7c6170f95986f84

SHA512
67d0ac79651d70f58593e907e96841e42c16d04e5644b2486643dc30a6ed7ef7637bc52304b8899409875b519392b2ba9a5461292d801cead271fb470fe96c18

Download Submit
C:\Windows\system\pXqOikM.exe

Filesize
6.0MB

MD5
77a66d51c253d83523ddd32ea47251cd

SHA1
fb665b3575254e7ec0264dd90cb148a2f0eadb37

SHA256
8e7c7893af06c371d5fe2080150fe13cbcc40493aea65673279cda43da399bdd

SHA512
2eff43a6857113d2dd8e2740001ccb9986ff3476ff93620a010b5252d356c8b56d1046a1af1186f04cfcda781e22f8f71c175cc20077afb8de005f4d3bc5142d

Download Submit
C:\Windows\system\qYMbiXr.exe

Filesize
6.0MB

MD5
58b8a86a35d4a06d80815ee0d0572b68

SHA1
09fce7dd69a83faf9fe6049f66892c828433341c

SHA256
655e7f085434181416cdf556fe9ac3807b4cf08aa09b8581db73270194dafd16

SHA512
72c25e9019e53048fafea83349c213706f1e4ec44141fab8e921555ddff5a7b422e44b2d9ec0d3f052c2cefb6ce1b35514c9debbf4de04bf5d34611274f3514a

Download Submit
C:\Windows\system\qlGIiin.exe

Filesize
6.0MB

MD5
b1612e43fb459737939e8f6d4b92367c

SHA1
7377e1d6055005450c61267cf1f0b84f50ca932e

SHA256
82e3258f37c7a73019404fa4664c08a373cfd857f70fbcb2fdd1a1e8db92bdad

SHA512
47397b28eaefc1416e92b79a17455825091888ee6de6e2204af2e4ebe4903088603c08b483bbd70115e203ae10b31c07e91542c454b2cae775cebe616e15366f

Download Submit
C:\Windows\system\uxZlnpT.exe

Filesize
6.0MB

MD5
0b39bc045296ce61c280218d814eaf46

SHA1
63c1694e21cbef2d42ab11f8fda75bdc5b7a878c

SHA256
3ede8832c42995ca9598b3dfe3fdd14d37a8b0734776d7857d4bd115e7cdb128

SHA512
de4104caef84ec9811024b897b36e87a26615263da8678b95541eea93f485d80d00609ff06925f197755ce88d5398091d9b21e21399fe19f493436d5b5f07907

Download Submit
C:\Windows\system\yqZgsvw.exe

Filesize
6.0MB

MD5
8e8f822f432082192f3fdb547fa3856c

SHA1
83bf8e4678bc1384604c00e33984aa4c5e1cc210

SHA256
878e3864d418572ae9cc554b4fdb9267f4611968dfb4c8fd4bd3f94a3792905f

SHA512
5ff1af0b60c3fae854bc77166c80eec582b2bbf56403f0113b7a75651688b0ce8729487d19b3b67e0dbb5a6a20ed31b1af7f081356f4f531a94d393142a9bcdc

Download Submit
C:\Windows\system\zEIaQtp.exe

Filesize
6.0MB

MD5
e6a15a5bbb1df659118e0e5116d6ee31

SHA1
e7db2d6657695d3927ca1370e10d935701ced47e

SHA256
e26b415824516d7ba7bd59e8875266cf4469d1ed36167b987e59fb650f1c395a

SHA512
001ac20a74dfb8f2be66501152a95b743a356975aa00c1dd617da04556eb2ab7829384937210ae3a7850f4f1ae0252d8756d13935080db8c5fa4a54b0d3d8c86

Download Submit
C:\Windows\system\zqAHopk.exe

Filesize
6.0MB

MD5
ed70951c02854e4c418713113db053c7

SHA1
f0361c21cccf0295e84bf90e6f288ea3718105f1

SHA256
9c4a61fbaa858bcf91fe33c55b7a4c68b5ee47de2bc570aeaf279e266d043614

SHA512
4cc243954dca1f2cac54be2e201e5731dbb7c3111abf3f2f4fb0bcaf9e4a51de1cf0c7a54964c218d62762d750105fa36a5af22418e07553056983799f09183b

Download Submit
C:\Windows\system\zzXISad.exe

Filesize
6.0MB

MD5
34cd6766b3f9945e35c36f9dd8e0d366

SHA1
08412d76694b86a4d1f17e9959da93107ff2e112

SHA256
5f302227b0dd88b764c66fba35a09fb68e36bf8deba8f51c5e561588624c13e1

SHA512
7ae69f4d80c4e8579f037ba3db4cd45e4b27ddea6e166789dd43e91e85fe6175ca8a5f88a4cd610b496d596b989dd15a71b037275a5a51859d4f31a5ef5b978c

Download Submit
\Windows\system\RvrsvtJ.exe

Filesize
6.0MB

MD5
da2a45ebe64c2c34ba63b71a1a22c17e

SHA1
f54202a2f2befbbc782f7c6bcec5bc1684e2d388

SHA256
5381519fde3b67811b0b23a5a3aaa5b3aae5ace84d91915365597c02fc3569a6

SHA512
d23c97a484e497b544303042733c9052f0cc2663e4b8ee724098ba7fa1de43ed6e46e90002bb72730e2616e22f4892ce70919a5b5b1c9b828134df19dfeb9550

Download Submit
\Windows\system\cYJxwiR.exe

Filesize
6.0MB

MD5
c36e210266d955456641463fea34ff1c

SHA1
d6ceab2e7fea12eb5aa8e1e7d94b661639f05eb0

SHA256
9e8327a176ca9777afdc9020029c662d7b16cf51dc85406f2f6eca5fbc7e705c

SHA512
a127f317324b4e26b8b92be8981ef74ee142678afaaace910fa28aea2778d642c1da3d62b4f81af75d3e98980ff234f385fe45f8cf28bfe204f2cfe32dbc3950

Download Submit
\Windows\system\cpBTGkh.exe

Filesize
6.0MB

MD5
a359b1158a11bd08bc6c8314a9c27806

SHA1
de60c40c81aeab40dfe11bc08661707ed3e58caa

SHA256
c598249571e39ed5ff740f061fbe6942d6ebb537fe2324dacc404809bccb30af

SHA512
cfd48479246ec78cdea132e3e86b7f68af7f1d75346b4a616ad1d406709290fd65cb8b2eccc71db0f75bdb59adde58c91978d6832f85e847d37437927ee08cdd

Download Submit
\Windows\system\vgBLkFn.exe

Filesize
6.0MB

MD5
8099858f3de150809cdec4ae0a25dcca

SHA1
86b022546be245b7f40cf75491f583731ecb66c8

SHA256
5d7eeef45b7304c400f9594ace209fa0f745fc71c6b17ca3d13d6923f761a48e

SHA512
ea09e5b672a54bc77fc6de8dc851e3d1b07233d54f35b9d14ebdf6fd6000a9bfc7223f062907fe7105f4c3cb80a763c4996ba4ceb6ac5b9f680de7aad9a24aef

Download Submit
memory/356-95-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/356-3609-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/356-57-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-71-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-237-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-3628-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/1444-87-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1444-3630-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1444-633-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1636-3509-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/1636-13-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/1644-109-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1644-902-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-30-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-17-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1644-34-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/1644-334-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/1644-83-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/1644-740-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/1644-0-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1644-75-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/1644-68-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/1644-10-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/1644-99-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/1644-108-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/1644-43-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/1644-39-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/1644-46-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/1644-100-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-61-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/1644-1107-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1644-42-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1644-91-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-3648-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-96-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-842-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-3512-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-32-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-60-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-3550-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-21-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-3507-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2320-15-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2360-1002-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-104-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-3669-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-64-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2572-103-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2572-3627-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2712-44-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3598-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2712-78-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2776-40-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3552-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/3040-50-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/3040-3604-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/3040-86-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3629-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-417-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-79-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download