cobaltstrike | 3d6afab9426615b891054dfe0b65c14cda3215baec5b3864a6985b76690b8a6c

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

f257b8f8d76010dbc9156887c70445ff
SHA1

d542a1251dae59319e1706712cbac30b82f690e6
SHA256

3d6afab9426615b891054dfe0b65c14cda3215baec5b3864a6985b76690b8a6c
SHA512

c315a36a716b53a21a329671669297f2d73dfbb6b150c20c2cccaffff5bb660ade0928f82147e32a09b23b7c620598bb4d16c38c7b26bb10c4cd5627ff7cdb89
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUR:T+q56utgpPF8u/7R

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c0000000122e4-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019275-8.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019377-43.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019513-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019640-64.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197c2-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f58-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a06a-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a442-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a443-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a43f-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a32f-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0ab-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cbe-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a438-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a074-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f6e-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8c-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c85-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c87-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c6c-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b0f-98.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b0d-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019a72-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964b-78.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964a-74.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019642-68.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953e-58.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194df-47.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000193a4-42.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019365-32.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019319-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019278-19.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 50 IoCs

miner

resource	yara_rule
behavioral1/memory/1696-0-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x000c0000000122e4-3.dat	xmrig
behavioral1/files/0x0008000000019275-8.dat	xmrig
behavioral1/files/0x0006000000019377-43.dat	xmrig
behavioral1/files/0x0005000000019513-50.dat	xmrig
behavioral1/files/0x0005000000019640-64.dat	xmrig
behavioral1/files/0x00050000000197c2-83.dat	xmrig
behavioral1/files/0x0005000000019f58-128.dat	xmrig
behavioral1/files/0x000500000001a06a-171.dat	xmrig
behavioral1/files/0x000500000001a442-167.dat	xmrig
behavioral1/files/0x000500000001a443-166.dat	xmrig
behavioral1/files/0x000500000001a43f-159.dat	xmrig
behavioral1/files/0x000500000001a32f-151.dat	xmrig
behavioral1/files/0x000500000001a0ab-143.dat	xmrig
behavioral1/files/0x0005000000019cbe-118.dat	xmrig
behavioral1/files/0x000500000001a438-156.dat	xmrig
behavioral1/files/0x000500000001a301-148.dat	xmrig
behavioral1/files/0x000500000001a074-141.dat	xmrig
behavioral1/files/0x0005000000019f6e-133.dat	xmrig
behavioral1/files/0x0005000000019d8c-123.dat	xmrig
behavioral1/files/0x0005000000019c85-109.dat	xmrig
behavioral1/files/0x0005000000019c87-113.dat	xmrig
behavioral1/files/0x0005000000019c6c-103.dat	xmrig
behavioral1/files/0x0005000000019b0f-98.dat	xmrig
behavioral1/files/0x0005000000019b0d-94.dat	xmrig
behavioral1/files/0x0005000000019a72-88.dat	xmrig
behavioral1/files/0x000500000001964b-78.dat	xmrig
behavioral1/files/0x000500000001964a-74.dat	xmrig
behavioral1/files/0x0005000000019642-68.dat	xmrig
behavioral1/files/0x000500000001953e-58.dat	xmrig
behavioral1/files/0x00060000000194df-47.dat	xmrig
behavioral1/files/0x00080000000193a4-42.dat	xmrig
behavioral1/memory/2748-41-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2624-28-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019365-32.dat	xmrig
behavioral1/files/0x0006000000019319-27.dat	xmrig
behavioral1/memory/1956-26-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2440-25-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2084-24-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019278-19.dat	xmrig
behavioral1/memory/2924-2305-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/1696-2751-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/1956-4045-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2084-4046-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2748-4047-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2696-4049-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2440-4052-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2832-4057-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2624-4148-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2624-4149-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2084	FTGITJT.exe
2440	rnNfZcr.exe
1956	sDhnMjJ.exe
2624	KtJQHtU.exe
2748	JNCLGjY.exe
2916	rcKlCaL.exe
2924	lAtJJrG.exe
2832	htPwbEp.exe
2768	ZNyoump.exe
2696	aLUCNkA.exe
2704	JwsVRdy.exe
2560	hSzDXfI.exe
2700	gFwtUsE.exe
1808	VCPWyCK.exe
1656	XYPFQFc.exe
1244	tIJVvVO.exe
1868	kNQCWXe.exe
2784	JRlHnhx.exe
1980	FjrvxaS.exe
1660	hXnXWuD.exe
1996	eRrZvcn.exe
1724	twwVQOt.exe
1688	fcViOVm.exe
1640	XEMhNFE.exe
1032	bGbGRDr.exe
1924	CWvuMpU.exe
1516	xtNdkBt.exe
676	bkwuDtv.exe
1360	OZQuGyt.exe
2152	fFjAzCj.exe
1304	hUFNBGc.exe
2412	mPInLuj.exe
448	FeRJmJa.exe
1356	LZFHTbW.exe
1812	olZSalc.exe
1820	lsnteCr.exe
1488	GyePajm.exe
952	vmJnoBH.exe
888	XPkAeKv.exe
1524	jQvZVbJ.exe
2500	rqcTfgC.exe
2080	BafYMUd.exe
1852	JwhqBGP.exe
3020	LZEaRcL.exe
3036	oTkpGtw.exe
1496	HmLDyvY.exe
2960	Ogzbzwz.exe
2056	KXCNNjB.exe
2964	URhKnBO.exe
336	dwrOWZU.exe
1748	NmuewNZ.exe
2272	IvRHdvM.exe
2956	tEOiNyA.exe
1052	RCYvdZX.exe
2012	KMrLlgX.exe
2028	fUJyYTe.exe
2824	GOQBWrn.exe
2176	HtBOiuF.exe
2552	avwmUVH.exe
596	RdsWNAC.exe
2540	UMHpEYw.exe
2608	eLOIYJu.exe
1512	lqxYVZU.exe
2260	WNGnziI.exe

Loads dropped DLL 64 IoCs

pid	Process
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 50 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1696-0-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x000c0000000122e4-3.dat	upx
behavioral1/files/0x0008000000019275-8.dat	upx
behavioral1/files/0x0006000000019377-43.dat	upx
behavioral1/files/0x0005000000019513-50.dat	upx
behavioral1/files/0x0005000000019640-64.dat	upx
behavioral1/files/0x00050000000197c2-83.dat	upx
behavioral1/files/0x0005000000019f58-128.dat	upx
behavioral1/files/0x000500000001a06a-171.dat	upx
behavioral1/files/0x000500000001a442-167.dat	upx
behavioral1/files/0x000500000001a443-166.dat	upx
behavioral1/files/0x000500000001a43f-159.dat	upx
behavioral1/files/0x000500000001a32f-151.dat	upx
behavioral1/files/0x000500000001a0ab-143.dat	upx
behavioral1/files/0x0005000000019cbe-118.dat	upx
behavioral1/files/0x000500000001a438-156.dat	upx
behavioral1/files/0x000500000001a301-148.dat	upx
behavioral1/files/0x000500000001a074-141.dat	upx
behavioral1/files/0x0005000000019f6e-133.dat	upx
behavioral1/files/0x0005000000019d8c-123.dat	upx
behavioral1/files/0x0005000000019c85-109.dat	upx
behavioral1/files/0x0005000000019c87-113.dat	upx
behavioral1/files/0x0005000000019c6c-103.dat	upx
behavioral1/files/0x0005000000019b0f-98.dat	upx
behavioral1/files/0x0005000000019b0d-94.dat	upx
behavioral1/files/0x0005000000019a72-88.dat	upx
behavioral1/files/0x000500000001964b-78.dat	upx
behavioral1/files/0x000500000001964a-74.dat	upx
behavioral1/files/0x0005000000019642-68.dat	upx
behavioral1/files/0x000500000001953e-58.dat	upx
behavioral1/files/0x00060000000194df-47.dat	upx
behavioral1/files/0x00080000000193a4-42.dat	upx
behavioral1/memory/2748-41-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2624-28-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x0006000000019365-32.dat	upx
behavioral1/files/0x0006000000019319-27.dat	upx
behavioral1/memory/1956-26-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2440-25-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2084-24-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/files/0x0007000000019278-19.dat	upx
behavioral1/memory/2924-2305-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/1696-2751-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/1956-4045-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2084-4046-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2748-4047-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2696-4049-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2440-4052-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2832-4057-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2624-4148-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2624-4149-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EggqfCU.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UnVVfvf.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xKLIAcf.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCUnlQc.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WiFHYhN.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aRocJah.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzeXnVa.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qStATKM.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HmLDyvY.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVpDfJL.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cjyykkY.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\numOYeb.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rrrJBCd.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LzKQhDz.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rpnDJJU.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DMnEmms.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aSDlsLJ.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VBTvXon.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYAKDJG.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fYuMHEl.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzccRxN.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ghcfuab.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fQFZTya.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zFdQOce.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lszToJf.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JElSjBU.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XfEtaew.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CWvuMpU.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CxASITH.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Mvdnsas.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yxONhcg.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mlrIPlI.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DKXVLWe.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YmjNFco.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OiYxBFu.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hQxYzhF.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbfsjTw.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TwJHhWS.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zFehgnK.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BnHuEVC.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\osOGsXK.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PXlybFw.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vQiWibS.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lZezbiP.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XWElSFd.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xjJFQGj.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKXHDie.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BTNhKsq.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FmMQjso.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOgclvI.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VhDEsxf.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjhKysd.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVrLruw.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HQoDxks.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JdskfuD.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aoqUmtV.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rewoRyo.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bvNkUWl.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wgCWkkz.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VamluPE.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UGEqtfw.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UhIEDVT.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhZNnxu.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HuSObEn.exe	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 2084	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1696 wrote to memory of 2084	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1696 wrote to memory of 2084	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1696 wrote to memory of 2440	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1696 wrote to memory of 2440	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1696 wrote to memory of 2440	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1696 wrote to memory of 1956	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1696 wrote to memory of 1956	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1696 wrote to memory of 1956	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1696 wrote to memory of 2624	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1696 wrote to memory of 2624	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1696 wrote to memory of 2624	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1696 wrote to memory of 2748	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1696 wrote to memory of 2748	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1696 wrote to memory of 2748	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1696 wrote to memory of 2924	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1696 wrote to memory of 2924	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1696 wrote to memory of 2924	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1696 wrote to memory of 2916	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1696 wrote to memory of 2916	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1696 wrote to memory of 2916	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1696 wrote to memory of 2832	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1696 wrote to memory of 2832	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1696 wrote to memory of 2832	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1696 wrote to memory of 2768	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1696 wrote to memory of 2768	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1696 wrote to memory of 2768	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1696 wrote to memory of 2696	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1696 wrote to memory of 2696	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1696 wrote to memory of 2696	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1696 wrote to memory of 2704	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1696 wrote to memory of 2704	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1696 wrote to memory of 2704	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1696 wrote to memory of 2560	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1696 wrote to memory of 2560	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1696 wrote to memory of 2560	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1696 wrote to memory of 2700	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1696 wrote to memory of 2700	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1696 wrote to memory of 2700	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1696 wrote to memory of 1808	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1696 wrote to memory of 1808	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1696 wrote to memory of 1808	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1696 wrote to memory of 1656	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1696 wrote to memory of 1656	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1696 wrote to memory of 1656	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1696 wrote to memory of 1244	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1696 wrote to memory of 1244	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1696 wrote to memory of 1244	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1696 wrote to memory of 1868	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1696 wrote to memory of 1868	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1696 wrote to memory of 1868	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1696 wrote to memory of 2784	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1696 wrote to memory of 2784	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1696 wrote to memory of 2784	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1696 wrote to memory of 1980	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1696 wrote to memory of 1980	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1696 wrote to memory of 1980	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1696 wrote to memory of 1660	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1696 wrote to memory of 1660	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1696 wrote to memory of 1660	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1696 wrote to memory of 1996	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1696 wrote to memory of 1996	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1696 wrote to memory of 1996	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1696 wrote to memory of 1724	1696	2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_f257b8f8d76010dbc9156887c70445ff_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Windows\System\FTGITJT.exe
  C:\Windows\System\FTGITJT.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\rnNfZcr.exe
  C:\Windows\System\rnNfZcr.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\sDhnMjJ.exe
  C:\Windows\System\sDhnMjJ.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\KtJQHtU.exe
  C:\Windows\System\KtJQHtU.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\JNCLGjY.exe
  C:\Windows\System\JNCLGjY.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\lAtJJrG.exe
  C:\Windows\System\lAtJJrG.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\rcKlCaL.exe
  C:\Windows\System\rcKlCaL.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\htPwbEp.exe
  C:\Windows\System\htPwbEp.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\ZNyoump.exe
  C:\Windows\System\ZNyoump.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\aLUCNkA.exe
  C:\Windows\System\aLUCNkA.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\JwsVRdy.exe
  C:\Windows\System\JwsVRdy.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\hSzDXfI.exe
  C:\Windows\System\hSzDXfI.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\gFwtUsE.exe
  C:\Windows\System\gFwtUsE.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\VCPWyCK.exe
  C:\Windows\System\VCPWyCK.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\XYPFQFc.exe
  C:\Windows\System\XYPFQFc.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\tIJVvVO.exe
  C:\Windows\System\tIJVvVO.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\kNQCWXe.exe
  C:\Windows\System\kNQCWXe.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\JRlHnhx.exe
  C:\Windows\System\JRlHnhx.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\FjrvxaS.exe
  C:\Windows\System\FjrvxaS.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\hXnXWuD.exe
  C:\Windows\System\hXnXWuD.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\eRrZvcn.exe
  C:\Windows\System\eRrZvcn.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\twwVQOt.exe
  C:\Windows\System\twwVQOt.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\fcViOVm.exe
  C:\Windows\System\fcViOVm.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\XEMhNFE.exe
  C:\Windows\System\XEMhNFE.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\bGbGRDr.exe
  C:\Windows\System\bGbGRDr.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\fFjAzCj.exe
  C:\Windows\System\fFjAzCj.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\CWvuMpU.exe
  C:\Windows\System\CWvuMpU.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\mPInLuj.exe
  C:\Windows\System\mPInLuj.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\xtNdkBt.exe
  C:\Windows\System\xtNdkBt.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\FeRJmJa.exe
  C:\Windows\System\FeRJmJa.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\bkwuDtv.exe
  C:\Windows\System\bkwuDtv.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\LZFHTbW.exe
  C:\Windows\System\LZFHTbW.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\OZQuGyt.exe
  C:\Windows\System\OZQuGyt.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\olZSalc.exe
  C:\Windows\System\olZSalc.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\hUFNBGc.exe
  C:\Windows\System\hUFNBGc.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\GyePajm.exe
  C:\Windows\System\GyePajm.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\lsnteCr.exe
  C:\Windows\System\lsnteCr.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\vmJnoBH.exe
  C:\Windows\System\vmJnoBH.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\XPkAeKv.exe
  C:\Windows\System\XPkAeKv.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\jQvZVbJ.exe
  C:\Windows\System\jQvZVbJ.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\rqcTfgC.exe
  C:\Windows\System\rqcTfgC.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\BafYMUd.exe
  C:\Windows\System\BafYMUd.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\JwhqBGP.exe
  C:\Windows\System\JwhqBGP.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\LZEaRcL.exe
  C:\Windows\System\LZEaRcL.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\oTkpGtw.exe
  C:\Windows\System\oTkpGtw.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\HmLDyvY.exe
  C:\Windows\System\HmLDyvY.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\Ogzbzwz.exe
  C:\Windows\System\Ogzbzwz.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\KXCNNjB.exe
  C:\Windows\System\KXCNNjB.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\URhKnBO.exe
  C:\Windows\System\URhKnBO.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\dwrOWZU.exe
  C:\Windows\System\dwrOWZU.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\NmuewNZ.exe
  C:\Windows\System\NmuewNZ.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\tEOiNyA.exe
  C:\Windows\System\tEOiNyA.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\IvRHdvM.exe
  C:\Windows\System\IvRHdvM.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\RCYvdZX.exe
  C:\Windows\System\RCYvdZX.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\KMrLlgX.exe
  C:\Windows\System\KMrLlgX.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\fUJyYTe.exe
  C:\Windows\System\fUJyYTe.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\GOQBWrn.exe
  C:\Windows\System\GOQBWrn.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\HtBOiuF.exe
  C:\Windows\System\HtBOiuF.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\avwmUVH.exe
  C:\Windows\System\avwmUVH.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\RdsWNAC.exe
  C:\Windows\System\RdsWNAC.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\UMHpEYw.exe
  C:\Windows\System\UMHpEYw.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\eLOIYJu.exe
  C:\Windows\System\eLOIYJu.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\lqxYVZU.exe
  C:\Windows\System\lqxYVZU.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\dKvQrmX.exe
  C:\Windows\System\dKvQrmX.exe
  2⤵
  PID:1480
- C:\Windows\System\WNGnziI.exe
  C:\Windows\System\WNGnziI.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\jCuhTxT.exe
  C:\Windows\System\jCuhTxT.exe
  2⤵
  PID:1760
- C:\Windows\System\wkaHupB.exe
  C:\Windows\System\wkaHupB.exe
  2⤵
  PID:1700
- C:\Windows\System\JKtxLQB.exe
  C:\Windows\System\JKtxLQB.exe
  2⤵
  PID:756
- C:\Windows\System\KZvxqeX.exe
  C:\Windows\System\KZvxqeX.exe
  2⤵
  PID:2984
- C:\Windows\System\ffudoCs.exe
  C:\Windows\System\ffudoCs.exe
  2⤵
  PID:408
- C:\Windows\System\gSOuXQB.exe
  C:\Windows\System\gSOuXQB.exe
  2⤵
  PID:1056
- C:\Windows\System\pcMzxAh.exe
  C:\Windows\System\pcMzxAh.exe
  2⤵
  PID:1564
- C:\Windows\System\FfByGGj.exe
  C:\Windows\System\FfByGGj.exe
  2⤵
  PID:2792
- C:\Windows\System\mNCXRdZ.exe
  C:\Windows\System\mNCXRdZ.exe
  2⤵
  PID:2356
- C:\Windows\System\AyNlQhu.exe
  C:\Windows\System\AyNlQhu.exe
  2⤵
  PID:780
- C:\Windows\System\nhpADjl.exe
  C:\Windows\System\nhpADjl.exe
  2⤵
  PID:612
- C:\Windows\System\qAAysxn.exe
  C:\Windows\System\qAAysxn.exe
  2⤵
  PID:912
- C:\Windows\System\mhFkknT.exe
  C:\Windows\System\mhFkknT.exe
  2⤵
  PID:1804
- C:\Windows\System\KAjbKMw.exe
  C:\Windows\System\KAjbKMw.exe
  2⤵
  PID:2208
- C:\Windows\System\ddPPpao.exe
  C:\Windows\System\ddPPpao.exe
  2⤵
  PID:2248
- C:\Windows\System\tqfJdUg.exe
  C:\Windows\System\tqfJdUg.exe
  2⤵
  PID:2180
- C:\Windows\System\EkHemKt.exe
  C:\Windows\System\EkHemKt.exe
  2⤵
  PID:1792
- C:\Windows\System\aqvSCCg.exe
  C:\Windows\System\aqvSCCg.exe
  2⤵
  PID:1948
- C:\Windows\System\SFgCwrb.exe
  C:\Windows\System\SFgCwrb.exe
  2⤵
  PID:1644
- C:\Windows\System\JvcmjDg.exe
  C:\Windows\System\JvcmjDg.exe
  2⤵
  PID:800
- C:\Windows\System\nfHyqdj.exe
  C:\Windows\System\nfHyqdj.exe
  2⤵
  PID:2276
- C:\Windows\System\eiYMvYW.exe
  C:\Windows\System\eiYMvYW.exe
  2⤵
  PID:2952
- C:\Windows\System\VvaSYdD.exe
  C:\Windows\System\VvaSYdD.exe
  2⤵
  PID:2668
- C:\Windows\System\cgaFYMy.exe
  C:\Windows\System\cgaFYMy.exe
  2⤵
  PID:2652
- C:\Windows\System\nYSHRFB.exe
  C:\Windows\System\nYSHRFB.exe
  2⤵
  PID:2840
- C:\Windows\System\ksKsGKh.exe
  C:\Windows\System\ksKsGKh.exe
  2⤵
  PID:1312
- C:\Windows\System\VOPuSyW.exe
  C:\Windows\System\VOPuSyW.exe
  2⤵
  PID:2892
- C:\Windows\System\OvGHmtf.exe
  C:\Windows\System\OvGHmtf.exe
  2⤵
  PID:1864
- C:\Windows\System\nBPxful.exe
  C:\Windows\System\nBPxful.exe
  2⤵
  PID:2548
- C:\Windows\System\rHrRYgo.exe
  C:\Windows\System\rHrRYgo.exe
  2⤵
  PID:1368
- C:\Windows\System\EhEYFjO.exe
  C:\Windows\System\EhEYFjO.exe
  2⤵
  PID:1672
- C:\Windows\System\NrzXqNf.exe
  C:\Windows\System\NrzXqNf.exe
  2⤵
  PID:2096
- C:\Windows\System\UuPkMkN.exe
  C:\Windows\System\UuPkMkN.exe
  2⤵
  PID:1036
- C:\Windows\System\lWKFPyR.exe
  C:\Windows\System\lWKFPyR.exe
  2⤵
  PID:1308
- C:\Windows\System\LkCaCQj.exe
  C:\Windows\System\LkCaCQj.exe
  2⤵
  PID:2136
- C:\Windows\System\HzDMEpA.exe
  C:\Windows\System\HzDMEpA.exe
  2⤵
  PID:1788
- C:\Windows\System\ruEunOk.exe
  C:\Windows\System\ruEunOk.exe
  2⤵
  PID:2884
- C:\Windows\System\lHMmJsu.exe
  C:\Windows\System\lHMmJsu.exe
  2⤵
  PID:2488
- C:\Windows\System\mlQITCB.exe
  C:\Windows\System\mlQITCB.exe
  2⤵
  PID:3024
- C:\Windows\System\YuMlsvN.exe
  C:\Windows\System\YuMlsvN.exe
  2⤵
  PID:2444
- C:\Windows\System\GoCLHTe.exe
  C:\Windows\System\GoCLHTe.exe
  2⤵
  PID:1316
- C:\Windows\System\JdskfuD.exe
  C:\Windows\System\JdskfuD.exe
  2⤵
  PID:324
- C:\Windows\System\iiYgifV.exe
  C:\Windows\System\iiYgifV.exe
  2⤵
  PID:2496
- C:\Windows\System\mDkqPUI.exe
  C:\Windows\System\mDkqPUI.exe
  2⤵
  PID:2672
- C:\Windows\System\EASmJjT.exe
  C:\Windows\System\EASmJjT.exe
  2⤵
  PID:2564
- C:\Windows\System\QUyQtcn.exe
  C:\Windows\System\QUyQtcn.exe
  2⤵
  PID:2996
- C:\Windows\System\DIiJKAD.exe
  C:\Windows\System\DIiJKAD.exe
  2⤵
  PID:1800
- C:\Windows\System\bqLUeTM.exe
  C:\Windows\System\bqLUeTM.exe
  2⤵
  PID:1856
- C:\Windows\System\ExxkBFx.exe
  C:\Windows\System\ExxkBFx.exe
  2⤵
  PID:3092
- C:\Windows\System\ymiYOLv.exe
  C:\Windows\System\ymiYOLv.exe
  2⤵
  PID:3112
- C:\Windows\System\YvuoKIs.exe
  C:\Windows\System\YvuoKIs.exe
  2⤵
  PID:3132
- C:\Windows\System\wYJWrKI.exe
  C:\Windows\System\wYJWrKI.exe
  2⤵
  PID:3152
- C:\Windows\System\CZqCbWR.exe
  C:\Windows\System\CZqCbWR.exe
  2⤵
  PID:3172
- C:\Windows\System\SgDuYTl.exe
  C:\Windows\System\SgDuYTl.exe
  2⤵
  PID:3192
- C:\Windows\System\lBDyEea.exe
  C:\Windows\System\lBDyEea.exe
  2⤵
  PID:3212
- C:\Windows\System\MSowzmU.exe
  C:\Windows\System\MSowzmU.exe
  2⤵
  PID:3232
- C:\Windows\System\wnCbTCz.exe
  C:\Windows\System\wnCbTCz.exe
  2⤵
  PID:3252
- C:\Windows\System\CxASITH.exe
  C:\Windows\System\CxASITH.exe
  2⤵
  PID:3272
- C:\Windows\System\BfAmuYP.exe
  C:\Windows\System\BfAmuYP.exe
  2⤵
  PID:3292
- C:\Windows\System\FcsnesD.exe
  C:\Windows\System\FcsnesD.exe
  2⤵
  PID:3312
- C:\Windows\System\lVRwXxP.exe
  C:\Windows\System\lVRwXxP.exe
  2⤵
  PID:3332
- C:\Windows\System\oWLFahN.exe
  C:\Windows\System\oWLFahN.exe
  2⤵
  PID:3352
- C:\Windows\System\cVUUfuD.exe
  C:\Windows\System\cVUUfuD.exe
  2⤵
  PID:3372
- C:\Windows\System\nPwnvKF.exe
  C:\Windows\System\nPwnvKF.exe
  2⤵
  PID:3392
- C:\Windows\System\zAnfeXC.exe
  C:\Windows\System\zAnfeXC.exe
  2⤵
  PID:3412
- C:\Windows\System\IkTGRHb.exe
  C:\Windows\System\IkTGRHb.exe
  2⤵
  PID:3432
- C:\Windows\System\NEUjDWy.exe
  C:\Windows\System\NEUjDWy.exe
  2⤵
  PID:3452
- C:\Windows\System\qXluaGz.exe
  C:\Windows\System\qXluaGz.exe
  2⤵
  PID:3472
- C:\Windows\System\WsgDTsJ.exe
  C:\Windows\System\WsgDTsJ.exe
  2⤵
  PID:3488
- C:\Windows\System\rhPkstr.exe
  C:\Windows\System\rhPkstr.exe
  2⤵
  PID:3508
- C:\Windows\System\zCVKcBC.exe
  C:\Windows\System\zCVKcBC.exe
  2⤵
  PID:3528
- C:\Windows\System\yxONhcg.exe
  C:\Windows\System\yxONhcg.exe
  2⤵
  PID:3544
- C:\Windows\System\Vefgqkh.exe
  C:\Windows\System\Vefgqkh.exe
  2⤵
  PID:3572
- C:\Windows\System\TiKtVpJ.exe
  C:\Windows\System\TiKtVpJ.exe
  2⤵
  PID:3588
- C:\Windows\System\ndGXFRB.exe
  C:\Windows\System\ndGXFRB.exe
  2⤵
  PID:3612
- C:\Windows\System\ghcfuab.exe
  C:\Windows\System\ghcfuab.exe
  2⤵
  PID:3628
- C:\Windows\System\wJigFLz.exe
  C:\Windows\System\wJigFLz.exe
  2⤵
  PID:3648
- C:\Windows\System\LtZPIVQ.exe
  C:\Windows\System\LtZPIVQ.exe
  2⤵
  PID:3668
- C:\Windows\System\YKGQcbF.exe
  C:\Windows\System\YKGQcbF.exe
  2⤵
  PID:3688
- C:\Windows\System\GjXRbry.exe
  C:\Windows\System\GjXRbry.exe
  2⤵
  PID:3712
- C:\Windows\System\fCxNywv.exe
  C:\Windows\System\fCxNywv.exe
  2⤵
  PID:3732
- C:\Windows\System\mHfAAKT.exe
  C:\Windows\System\mHfAAKT.exe
  2⤵
  PID:3752
- C:\Windows\System\sMbLsHz.exe
  C:\Windows\System\sMbLsHz.exe
  2⤵
  PID:3772
- C:\Windows\System\jcaXgWv.exe
  C:\Windows\System\jcaXgWv.exe
  2⤵
  PID:3792
- C:\Windows\System\TzBUkfi.exe
  C:\Windows\System\TzBUkfi.exe
  2⤵
  PID:3808
- C:\Windows\System\etFwHlJ.exe
  C:\Windows\System\etFwHlJ.exe
  2⤵
  PID:3828
- C:\Windows\System\OVMFcKX.exe
  C:\Windows\System\OVMFcKX.exe
  2⤵
  PID:3852
- C:\Windows\System\LGmKeXC.exe
  C:\Windows\System\LGmKeXC.exe
  2⤵
  PID:3872
- C:\Windows\System\GhidIsa.exe
  C:\Windows\System\GhidIsa.exe
  2⤵
  PID:3892
- C:\Windows\System\mtQaNUh.exe
  C:\Windows\System\mtQaNUh.exe
  2⤵
  PID:3912
- C:\Windows\System\SibGcRZ.exe
  C:\Windows\System\SibGcRZ.exe
  2⤵
  PID:3932
- C:\Windows\System\LswVNLr.exe
  C:\Windows\System\LswVNLr.exe
  2⤵
  PID:3952
- C:\Windows\System\GRjuwOc.exe
  C:\Windows\System\GRjuwOc.exe
  2⤵
  PID:3972
- C:\Windows\System\wfkNxVZ.exe
  C:\Windows\System\wfkNxVZ.exe
  2⤵
  PID:3992
- C:\Windows\System\NofSxzR.exe
  C:\Windows\System\NofSxzR.exe
  2⤵
  PID:4012
- C:\Windows\System\pFUGpqI.exe
  C:\Windows\System\pFUGpqI.exe
  2⤵
  PID:4032
- C:\Windows\System\AVcVbUt.exe
  C:\Windows\System\AVcVbUt.exe
  2⤵
  PID:4052
- C:\Windows\System\YHjIDHQ.exe
  C:\Windows\System\YHjIDHQ.exe
  2⤵
  PID:4072
- C:\Windows\System\auXcifZ.exe
  C:\Windows\System\auXcifZ.exe
  2⤵
  PID:4092
- C:\Windows\System\ltKTASY.exe
  C:\Windows\System\ltKTASY.exe
  2⤵
  PID:944
- C:\Windows\System\FPeqlRe.exe
  C:\Windows\System\FPeqlRe.exe
  2⤵
  PID:1912
- C:\Windows\System\UkGxfoq.exe
  C:\Windows\System\UkGxfoq.exe
  2⤵
  PID:2820
- C:\Windows\System\QVpDfJL.exe
  C:\Windows\System\QVpDfJL.exe
  2⤵
  PID:1636
- C:\Windows\System\KLCRIJJ.exe
  C:\Windows\System\KLCRIJJ.exe
  2⤵
  PID:1532
- C:\Windows\System\fYiuCxh.exe
  C:\Windows\System\fYiuCxh.exe
  2⤵
  PID:2456
- C:\Windows\System\dsbuijt.exe
  C:\Windows\System\dsbuijt.exe
  2⤵
  PID:2524
- C:\Windows\System\qklkyRU.exe
  C:\Windows\System\qklkyRU.exe
  2⤵
  PID:3012
- C:\Windows\System\MyxPtXp.exe
  C:\Windows\System\MyxPtXp.exe
  2⤵
  PID:1652
- C:\Windows\System\LGgKDWp.exe
  C:\Windows\System\LGgKDWp.exe
  2⤵
  PID:3108
- C:\Windows\System\rtgOizP.exe
  C:\Windows\System\rtgOizP.exe
  2⤵
  PID:3160
- C:\Windows\System\MfbEbCa.exe
  C:\Windows\System\MfbEbCa.exe
  2⤵
  PID:3200
- C:\Windows\System\LkbwMgu.exe
  C:\Windows\System\LkbwMgu.exe
  2⤵
  PID:3248
- C:\Windows\System\GEgHClI.exe
  C:\Windows\System\GEgHClI.exe
  2⤵
  PID:3228
- C:\Windows\System\mZSyUms.exe
  C:\Windows\System\mZSyUms.exe
  2⤵
  PID:3260
- C:\Windows\System\tqgIeGx.exe
  C:\Windows\System\tqgIeGx.exe
  2⤵
  PID:3300
- C:\Windows\System\EMUpvia.exe
  C:\Windows\System\EMUpvia.exe
  2⤵
  PID:3368
- C:\Windows\System\gpuTYZk.exe
  C:\Windows\System\gpuTYZk.exe
  2⤵
  PID:3344
- C:\Windows\System\aJVHSgz.exe
  C:\Windows\System\aJVHSgz.exe
  2⤵
  PID:3384
- C:\Windows\System\OgdZFJc.exe
  C:\Windows\System\OgdZFJc.exe
  2⤵
  PID:3444
- C:\Windows\System\jrVOTJS.exe
  C:\Windows\System\jrVOTJS.exe
  2⤵
  PID:3480
- C:\Windows\System\YEQrRZD.exe
  C:\Windows\System\YEQrRZD.exe
  2⤵
  PID:3500
- C:\Windows\System\ORdCCdy.exe
  C:\Windows\System\ORdCCdy.exe
  2⤵
  PID:3560
- C:\Windows\System\qFZvVGg.exe
  C:\Windows\System\qFZvVGg.exe
  2⤵
  PID:3596
- C:\Windows\System\VamluPE.exe
  C:\Windows\System\VamluPE.exe
  2⤵
  PID:3600
- C:\Windows\System\RbyylNz.exe
  C:\Windows\System\RbyylNz.exe
  2⤵
  PID:3640
- C:\Windows\System\fyncGEa.exe
  C:\Windows\System\fyncGEa.exe
  2⤵
  PID:3664
- C:\Windows\System\jogbFix.exe
  C:\Windows\System\jogbFix.exe
  2⤵
  PID:3704
- C:\Windows\System\uuNRhoT.exe
  C:\Windows\System\uuNRhoT.exe
  2⤵
  PID:3740
- C:\Windows\System\eVRgZJu.exe
  C:\Windows\System\eVRgZJu.exe
  2⤵
  PID:3780
- C:\Windows\System\jSkBpqb.exe
  C:\Windows\System\jSkBpqb.exe
  2⤵
  PID:3836
- C:\Windows\System\uKQkyXj.exe
  C:\Windows\System\uKQkyXj.exe
  2⤵
  PID:3824
- C:\Windows\System\BAXPQPi.exe
  C:\Windows\System\BAXPQPi.exe
  2⤵
  PID:3884
- C:\Windows\System\Pgdeoxr.exe
  C:\Windows\System\Pgdeoxr.exe
  2⤵
  PID:3900
- C:\Windows\System\rMuhkAI.exe
  C:\Windows\System\rMuhkAI.exe
  2⤵
  PID:3940
- C:\Windows\System\NfeNEKl.exe
  C:\Windows\System\NfeNEKl.exe
  2⤵
  PID:3980
- C:\Windows\System\ZYpGvpi.exe
  C:\Windows\System\ZYpGvpi.exe
  2⤵
  PID:4008
- C:\Windows\System\DRVUkDo.exe
  C:\Windows\System\DRVUkDo.exe
  2⤵
  PID:4028
- C:\Windows\System\wEXlDbS.exe
  C:\Windows\System\wEXlDbS.exe
  2⤵
  PID:4088
- C:\Windows\System\LBBsbui.exe
  C:\Windows\System\LBBsbui.exe
  2⤵
  PID:992
- C:\Windows\System\BpFnJQW.exe
  C:\Windows\System\BpFnJQW.exe
  2⤵
  PID:1536
- C:\Windows\System\rFFhIVQ.exe
  C:\Windows\System\rFFhIVQ.exe
  2⤵
  PID:1764
- C:\Windows\System\tWuMhSg.exe
  C:\Windows\System\tWuMhSg.exe
  2⤵
  PID:3048
- C:\Windows\System\XZVtQYb.exe
  C:\Windows\System\XZVtQYb.exe
  2⤵
  PID:928
- C:\Windows\System\pxGIxBV.exe
  C:\Windows\System\pxGIxBV.exe
  2⤵
  PID:3120
- C:\Windows\System\NOMrXbP.exe
  C:\Windows\System\NOMrXbP.exe
  2⤵
  PID:3124
- C:\Windows\System\GEYyfrx.exe
  C:\Windows\System\GEYyfrx.exe
  2⤵
  PID:3240
- C:\Windows\System\UQcKUBo.exe
  C:\Windows\System\UQcKUBo.exe
  2⤵
  PID:3264
- C:\Windows\System\UoMsbeB.exe
  C:\Windows\System\UoMsbeB.exe
  2⤵
  PID:3324
- C:\Windows\System\TrUgYXE.exe
  C:\Windows\System\TrUgYXE.exe
  2⤵
  PID:3304
- C:\Windows\System\DooqTSh.exe
  C:\Windows\System\DooqTSh.exe
  2⤵
  PID:3424
- C:\Windows\System\HemByDu.exe
  C:\Windows\System\HemByDu.exe
  2⤵
  PID:3460
- C:\Windows\System\atFUwgZ.exe
  C:\Windows\System\atFUwgZ.exe
  2⤵
  PID:3540
- C:\Windows\System\wFtQtBB.exe
  C:\Windows\System\wFtQtBB.exe
  2⤵
  PID:3608
- C:\Windows\System\ssTHhqS.exe
  C:\Windows\System\ssTHhqS.exe
  2⤵
  PID:3624
- C:\Windows\System\vOmwdnA.exe
  C:\Windows\System\vOmwdnA.exe
  2⤵
  PID:3660
- C:\Windows\System\OkmnhFx.exe
  C:\Windows\System\OkmnhFx.exe
  2⤵
  PID:3748
- C:\Windows\System\OBywXpm.exe
  C:\Windows\System\OBywXpm.exe
  2⤵
  PID:3788
- C:\Windows\System\qovSMFe.exe
  C:\Windows\System\qovSMFe.exe
  2⤵
  PID:3864
- C:\Windows\System\tlNrdwe.exe
  C:\Windows\System\tlNrdwe.exe
  2⤵
  PID:3904
- C:\Windows\System\akvvLlt.exe
  C:\Windows\System\akvvLlt.exe
  2⤵
  PID:3968
- C:\Windows\System\WPWOkxC.exe
  C:\Windows\System\WPWOkxC.exe
  2⤵
  PID:4048
- C:\Windows\System\nDNKbAR.exe
  C:\Windows\System\nDNKbAR.exe
  2⤵
  PID:4068
- C:\Windows\System\tNWDklS.exe
  C:\Windows\System\tNWDklS.exe
  2⤵
  PID:2388
- C:\Windows\System\yRaGImB.exe
  C:\Windows\System\yRaGImB.exe
  2⤵
  PID:2800
- C:\Windows\System\EwiNeDD.exe
  C:\Windows\System\EwiNeDD.exe
  2⤵
  PID:3148
- C:\Windows\System\wNHyZvO.exe
  C:\Windows\System\wNHyZvO.exe
  2⤵
  PID:3164
- C:\Windows\System\dLGRTcw.exe
  C:\Windows\System\dLGRTcw.exe
  2⤵
  PID:3320
- C:\Windows\System\ZZSHstY.exe
  C:\Windows\System\ZZSHstY.exe
  2⤵
  PID:3328
- C:\Windows\System\medsjxW.exe
  C:\Windows\System\medsjxW.exe
  2⤵
  PID:3388
- C:\Windows\System\QCefDYR.exe
  C:\Windows\System\QCefDYR.exe
  2⤵
  PID:3504
- C:\Windows\System\LndylBL.exe
  C:\Windows\System\LndylBL.exe
  2⤵
  PID:3700
- C:\Windows\System\cDhUNTp.exe
  C:\Windows\System\cDhUNTp.exe
  2⤵
  PID:3708
- C:\Windows\System\vIwMojA.exe
  C:\Windows\System\vIwMojA.exe
  2⤵
  PID:3784
- C:\Windows\System\TrXuTVr.exe
  C:\Windows\System\TrXuTVr.exe
  2⤵
  PID:3860
- C:\Windows\System\EOgfeUU.exe
  C:\Windows\System\EOgfeUU.exe
  2⤵
  PID:3944
- C:\Windows\System\NmQFFnJ.exe
  C:\Windows\System\NmQFFnJ.exe
  2⤵
  PID:4084
- C:\Windows\System\DSqBbmG.exe
  C:\Windows\System\DSqBbmG.exe
  2⤵
  PID:2268
- C:\Windows\System\NPDgUpC.exe
  C:\Windows\System\NPDgUpC.exe
  2⤵
  PID:4104
- C:\Windows\System\XWElSFd.exe
  C:\Windows\System\XWElSFd.exe
  2⤵
  PID:4124
- C:\Windows\System\qfQkQir.exe
  C:\Windows\System\qfQkQir.exe
  2⤵
  PID:4144
- C:\Windows\System\TpxVASn.exe
  C:\Windows\System\TpxVASn.exe
  2⤵
  PID:4168
- C:\Windows\System\MyxBvXV.exe
  C:\Windows\System\MyxBvXV.exe
  2⤵
  PID:4188
- C:\Windows\System\xqjEvpo.exe
  C:\Windows\System\xqjEvpo.exe
  2⤵
  PID:4208
- C:\Windows\System\cRdFCZQ.exe
  C:\Windows\System\cRdFCZQ.exe
  2⤵
  PID:4228
- C:\Windows\System\QXefoCI.exe
  C:\Windows\System\QXefoCI.exe
  2⤵
  PID:4248
- C:\Windows\System\AfyBFbq.exe
  C:\Windows\System\AfyBFbq.exe
  2⤵
  PID:4268
- C:\Windows\System\BPhSwnF.exe
  C:\Windows\System\BPhSwnF.exe
  2⤵
  PID:4284
- C:\Windows\System\QfTaOYH.exe
  C:\Windows\System\QfTaOYH.exe
  2⤵
  PID:4308
- C:\Windows\System\eVyJuDI.exe
  C:\Windows\System\eVyJuDI.exe
  2⤵
  PID:4324
- C:\Windows\System\cbhEdpP.exe
  C:\Windows\System\cbhEdpP.exe
  2⤵
  PID:4340
- C:\Windows\System\YZJuoXh.exe
  C:\Windows\System\YZJuoXh.exe
  2⤵
  PID:4368
- C:\Windows\System\mlrIPlI.exe
  C:\Windows\System\mlrIPlI.exe
  2⤵
  PID:4384
- C:\Windows\System\YYaxWIZ.exe
  C:\Windows\System\YYaxWIZ.exe
  2⤵
  PID:4404
- C:\Windows\System\UzNUOJZ.exe
  C:\Windows\System\UzNUOJZ.exe
  2⤵
  PID:4424
- C:\Windows\System\slDJMCl.exe
  C:\Windows\System\slDJMCl.exe
  2⤵
  PID:4440
- C:\Windows\System\njRTcgH.exe
  C:\Windows\System\njRTcgH.exe
  2⤵
  PID:4456
- C:\Windows\System\cCUnlQc.exe
  C:\Windows\System\cCUnlQc.exe
  2⤵
  PID:4480
- C:\Windows\System\QvwqSLS.exe
  C:\Windows\System\QvwqSLS.exe
  2⤵
  PID:4504
- C:\Windows\System\tbbztkn.exe
  C:\Windows\System\tbbztkn.exe
  2⤵
  PID:4520
- C:\Windows\System\kwWVUoA.exe
  C:\Windows\System\kwWVUoA.exe
  2⤵
  PID:4536
- C:\Windows\System\IbfsjTw.exe
  C:\Windows\System\IbfsjTw.exe
  2⤵
  PID:4552
- C:\Windows\System\gZMkykl.exe
  C:\Windows\System\gZMkykl.exe
  2⤵
  PID:4568
- C:\Windows\System\JWiufqU.exe
  C:\Windows\System\JWiufqU.exe
  2⤵
  PID:4596
- C:\Windows\System\hgewRSf.exe
  C:\Windows\System\hgewRSf.exe
  2⤵
  PID:4628
- C:\Windows\System\PaVULeF.exe
  C:\Windows\System\PaVULeF.exe
  2⤵
  PID:4644
- C:\Windows\System\IscDloU.exe
  C:\Windows\System\IscDloU.exe
  2⤵
  PID:4660
- C:\Windows\System\UGEqtfw.exe
  C:\Windows\System\UGEqtfw.exe
  2⤵
  PID:4676
- C:\Windows\System\RkfYxSf.exe
  C:\Windows\System\RkfYxSf.exe
  2⤵
  PID:4692
- C:\Windows\System\NRmVdSx.exe
  C:\Windows\System\NRmVdSx.exe
  2⤵
  PID:4708
- C:\Windows\System\AyYDHxM.exe
  C:\Windows\System\AyYDHxM.exe
  2⤵
  PID:4736
- C:\Windows\System\AwbezKE.exe
  C:\Windows\System\AwbezKE.exe
  2⤵
  PID:4752
- C:\Windows\System\UKOJSaA.exe
  C:\Windows\System\UKOJSaA.exe
  2⤵
  PID:4784
- C:\Windows\System\xjJFQGj.exe
  C:\Windows\System\xjJFQGj.exe
  2⤵
  PID:4808
- C:\Windows\System\poJhFwp.exe
  C:\Windows\System\poJhFwp.exe
  2⤵
  PID:4824
- C:\Windows\System\ehAwoxb.exe
  C:\Windows\System\ehAwoxb.exe
  2⤵
  PID:4848
- C:\Windows\System\fBSkFoV.exe
  C:\Windows\System\fBSkFoV.exe
  2⤵
  PID:4864
- C:\Windows\System\ZHNeSWB.exe
  C:\Windows\System\ZHNeSWB.exe
  2⤵
  PID:4888
- C:\Windows\System\gSLcSFq.exe
  C:\Windows\System\gSLcSFq.exe
  2⤵
  PID:4904
- C:\Windows\System\KfasaHX.exe
  C:\Windows\System\KfasaHX.exe
  2⤵
  PID:4924
- C:\Windows\System\ZSzgWAm.exe
  C:\Windows\System\ZSzgWAm.exe
  2⤵
  PID:4944
- C:\Windows\System\YzqRyrZ.exe
  C:\Windows\System\YzqRyrZ.exe
  2⤵
  PID:4968
- C:\Windows\System\NxUZXzc.exe
  C:\Windows\System\NxUZXzc.exe
  2⤵
  PID:4988
- C:\Windows\System\AmsEehV.exe
  C:\Windows\System\AmsEehV.exe
  2⤵
  PID:5012
- C:\Windows\System\YgAtdcX.exe
  C:\Windows\System\YgAtdcX.exe
  2⤵
  PID:5028
- C:\Windows\System\McnrxKa.exe
  C:\Windows\System\McnrxKa.exe
  2⤵
  PID:5048
- C:\Windows\System\AWuxhas.exe
  C:\Windows\System\AWuxhas.exe
  2⤵
  PID:5068
- C:\Windows\System\qMgrOWr.exe
  C:\Windows\System\qMgrOWr.exe
  2⤵
  PID:5088
- C:\Windows\System\KQeECsF.exe
  C:\Windows\System\KQeECsF.exe
  2⤵
  PID:5108
- C:\Windows\System\YerAWUV.exe
  C:\Windows\System\YerAWUV.exe
  2⤵
  PID:1624
- C:\Windows\System\GDJphcu.exe
  C:\Windows\System\GDJphcu.exe
  2⤵
  PID:3220
- C:\Windows\System\FDvHVRX.exe
  C:\Windows\System\FDvHVRX.exe
  2⤵
  PID:3380
- C:\Windows\System\JLpuKcg.exe
  C:\Windows\System\JLpuKcg.exe
  2⤵
  PID:3520
- C:\Windows\System\hrFWNpx.exe
  C:\Windows\System\hrFWNpx.exe
  2⤵
  PID:3644
- C:\Windows\System\OCNIYar.exe
  C:\Windows\System\OCNIYar.exe
  2⤵
  PID:3888
- C:\Windows\System\xOYtbQv.exe
  C:\Windows\System\xOYtbQv.exe
  2⤵
  PID:3920
- C:\Windows\System\YzKAVsT.exe
  C:\Windows\System\YzKAVsT.exe
  2⤵
  PID:4060
- C:\Windows\System\LzKQhDz.exe
  C:\Windows\System\LzKQhDz.exe
  2⤵
  PID:1952
- C:\Windows\System\NpBwGBz.exe
  C:\Windows\System\NpBwGBz.exe
  2⤵
  PID:4164
- C:\Windows\System\fahitKH.exe
  C:\Windows\System\fahitKH.exe
  2⤵
  PID:4196
- C:\Windows\System\XxAgVlc.exe
  C:\Windows\System\XxAgVlc.exe
  2⤵
  PID:4244
- C:\Windows\System\UmtWSzJ.exe
  C:\Windows\System\UmtWSzJ.exe
  2⤵
  PID:4180
- C:\Windows\System\vPrlRxP.exe
  C:\Windows\System\vPrlRxP.exe
  2⤵
  PID:4256
- C:\Windows\System\yiSokEd.exe
  C:\Windows\System\yiSokEd.exe
  2⤵
  PID:4280
- C:\Windows\System\EBleaHB.exe
  C:\Windows\System\EBleaHB.exe
  2⤵
  PID:4356
- C:\Windows\System\PmtuLap.exe
  C:\Windows\System\PmtuLap.exe
  2⤵
  PID:4392
- C:\Windows\System\bsPJHJj.exe
  C:\Windows\System\bsPJHJj.exe
  2⤵
  PID:4296
- C:\Windows\System\cmtXOBW.exe
  C:\Windows\System\cmtXOBW.exe
  2⤵
  PID:4432
- C:\Windows\System\BnHuEVC.exe
  C:\Windows\System\BnHuEVC.exe
  2⤵
  PID:4544
- C:\Windows\System\yBEfAPY.exe
  C:\Windows\System\yBEfAPY.exe
  2⤵
  PID:4492
- C:\Windows\System\GAEEMHx.exe
  C:\Windows\System\GAEEMHx.exe
  2⤵
  PID:4160
- C:\Windows\System\wnqSSeK.exe
  C:\Windows\System\wnqSSeK.exe
  2⤵
  PID:4496
- C:\Windows\System\WiFHYhN.exe
  C:\Windows\System\WiFHYhN.exe
  2⤵
  PID:4604
- C:\Windows\System\wVviKAa.exe
  C:\Windows\System\wVviKAa.exe
  2⤵
  PID:4700
- C:\Windows\System\RpZirss.exe
  C:\Windows\System\RpZirss.exe
  2⤵
  PID:4744
- C:\Windows\System\NguccRj.exe
  C:\Windows\System\NguccRj.exe
  2⤵
  PID:4732
- C:\Windows\System\upjKwpK.exe
  C:\Windows\System\upjKwpK.exe
  2⤵
  PID:4656
- C:\Windows\System\dGsVkbO.exe
  C:\Windows\System\dGsVkbO.exe
  2⤵
  PID:4776
- C:\Windows\System\NDfCYZd.exe
  C:\Windows\System\NDfCYZd.exe
  2⤵
  PID:4796
- C:\Windows\System\XFbhlwK.exe
  C:\Windows\System\XFbhlwK.exe
  2⤵
  PID:4820
- C:\Windows\System\dWDbMmG.exe
  C:\Windows\System\dWDbMmG.exe
  2⤵
  PID:4884
- C:\Windows\System\ScRJZai.exe
  C:\Windows\System\ScRJZai.exe
  2⤵
  PID:4916
- C:\Windows\System\WEfeUbU.exe
  C:\Windows\System\WEfeUbU.exe
  2⤵
  PID:4964
- C:\Windows\System\NpdBbCb.exe
  C:\Windows\System\NpdBbCb.exe
  2⤵
  PID:4976
- C:\Windows\System\lUORwna.exe
  C:\Windows\System\lUORwna.exe
  2⤵
  PID:5004
- C:\Windows\System\tbNkUPK.exe
  C:\Windows\System\tbNkUPK.exe
  2⤵
  PID:5084
- C:\Windows\System\wRxjSrf.exe
  C:\Windows\System\wRxjSrf.exe
  2⤵
  PID:3284
- C:\Windows\System\nXxqjkd.exe
  C:\Windows\System\nXxqjkd.exe
  2⤵
  PID:5024
- C:\Windows\System\kFTrCKu.exe
  C:\Windows\System\kFTrCKu.exe
  2⤵
  PID:5104
- C:\Windows\System\MAcgBtC.exe
  C:\Windows\System\MAcgBtC.exe
  2⤵
  PID:3816
- C:\Windows\System\UKxHMWA.exe
  C:\Windows\System\UKxHMWA.exe
  2⤵
  PID:4112
- C:\Windows\System\kKXHDie.exe
  C:\Windows\System\kKXHDie.exe
  2⤵
  PID:3028
- C:\Windows\System\evqZVZK.exe
  C:\Windows\System\evqZVZK.exe
  2⤵
  PID:3768
- C:\Windows\System\pPtaNxe.exe
  C:\Windows\System\pPtaNxe.exe
  2⤵
  PID:4040
- C:\Windows\System\SwEUlnK.exe
  C:\Windows\System\SwEUlnK.exe
  2⤵
  PID:4364
- C:\Windows\System\aRocJah.exe
  C:\Windows\System\aRocJah.exe
  2⤵
  PID:4132
- C:\Windows\System\THQFDDy.exe
  C:\Windows\System\THQFDDy.exe
  2⤵
  PID:4348
- C:\Windows\System\jJBgKsa.exe
  C:\Windows\System\jJBgKsa.exe
  2⤵
  PID:4200
- C:\Windows\System\BAUCjul.exe
  C:\Windows\System\BAUCjul.exe
  2⤵
  PID:4472
- C:\Windows\System\dTCiskb.exe
  C:\Windows\System\dTCiskb.exe
  2⤵
  PID:4984
- C:\Windows\System\RWJCtXx.exe
  C:\Windows\System\RWJCtXx.exe
  2⤵
  PID:2912
- C:\Windows\System\FFtThXM.exe
  C:\Windows\System\FFtThXM.exe
  2⤵
  PID:4668
- C:\Windows\System\TmydsAw.exe
  C:\Windows\System\TmydsAw.exe
  2⤵
  PID:4532
- C:\Windows\System\OddxNBi.exe
  C:\Windows\System\OddxNBi.exe
  2⤵
  PID:4624
- C:\Windows\System\DPJBdXM.exe
  C:\Windows\System\DPJBdXM.exe
  2⤵
  PID:4728
- C:\Windows\System\SEBykbB.exe
  C:\Windows\System\SEBykbB.exe
  2⤵
  PID:4684
- C:\Windows\System\tSHuNYp.exe
  C:\Windows\System\tSHuNYp.exe
  2⤵
  PID:4840
- C:\Windows\System\aEHElja.exe
  C:\Windows\System\aEHElja.exe
  2⤵
  PID:4912
- C:\Windows\System\sAYpZNB.exe
  C:\Windows\System\sAYpZNB.exe
  2⤵
  PID:4800
- C:\Windows\System\BzBTwQk.exe
  C:\Windows\System\BzBTwQk.exe
  2⤵
  PID:4880
- C:\Windows\System\APUHrAh.exe
  C:\Windows\System\APUHrAh.exe
  2⤵
  PID:5076
- C:\Windows\System\ggISWxl.exe
  C:\Windows\System\ggISWxl.exe
  2⤵
  PID:3340
- C:\Windows\System\ZdDuRSb.exe
  C:\Windows\System\ZdDuRSb.exe
  2⤵
  PID:1984
- C:\Windows\System\Nwwaarr.exe
  C:\Windows\System\Nwwaarr.exe
  2⤵
  PID:4476
- C:\Windows\System\YyGlYIC.exe
  C:\Windows\System\YyGlYIC.exe
  2⤵
  PID:4620
- C:\Windows\System\FngwsWn.exe
  C:\Windows\System\FngwsWn.exe
  2⤵
  PID:4844
- C:\Windows\System\OltXUdk.exe
  C:\Windows\System\OltXUdk.exe
  2⤵
  PID:5008
- C:\Windows\System\TvZrUGb.exe
  C:\Windows\System\TvZrUGb.exe
  2⤵
  PID:2328
- C:\Windows\System\jRFZrRE.exe
  C:\Windows\System\jRFZrRE.exe
  2⤵
  PID:5140
- C:\Windows\System\EKgNUVK.exe
  C:\Windows\System\EKgNUVK.exe
  2⤵
  PID:5172
- C:\Windows\System\yRLDXiz.exe
  C:\Windows\System\yRLDXiz.exe
  2⤵
  PID:5204
- C:\Windows\System\JLqlkyf.exe
  C:\Windows\System\JLqlkyf.exe
  2⤵
  PID:5220
- C:\Windows\System\nUhjtkX.exe
  C:\Windows\System\nUhjtkX.exe
  2⤵
  PID:5244
- C:\Windows\System\JqygWdZ.exe
  C:\Windows\System\JqygWdZ.exe
  2⤵
  PID:5264
- C:\Windows\System\ztCMxWC.exe
  C:\Windows\System\ztCMxWC.exe
  2⤵
  PID:5284
- C:\Windows\System\TFEkSlL.exe
  C:\Windows\System\TFEkSlL.exe
  2⤵
  PID:5308
- C:\Windows\System\QpMqDeG.exe
  C:\Windows\System\QpMqDeG.exe
  2⤵
  PID:5328
- C:\Windows\System\anWBeNO.exe
  C:\Windows\System\anWBeNO.exe
  2⤵
  PID:5348
- C:\Windows\System\xJlUlkK.exe
  C:\Windows\System\xJlUlkK.exe
  2⤵
  PID:5368
- C:\Windows\System\JosPpZk.exe
  C:\Windows\System\JosPpZk.exe
  2⤵
  PID:5388
- C:\Windows\System\zfzDaul.exe
  C:\Windows\System\zfzDaul.exe
  2⤵
  PID:5408
- C:\Windows\System\fRkumWu.exe
  C:\Windows\System\fRkumWu.exe
  2⤵
  PID:5428
- C:\Windows\System\wafIyTw.exe
  C:\Windows\System\wafIyTw.exe
  2⤵
  PID:5448
- C:\Windows\System\EyKLBlO.exe
  C:\Windows\System\EyKLBlO.exe
  2⤵
  PID:5468
- C:\Windows\System\TwJHhWS.exe
  C:\Windows\System\TwJHhWS.exe
  2⤵
  PID:5488
- C:\Windows\System\NfuYXYz.exe
  C:\Windows\System\NfuYXYz.exe
  2⤵
  PID:5508
- C:\Windows\System\QojUPuE.exe
  C:\Windows\System\QojUPuE.exe
  2⤵
  PID:5528
- C:\Windows\System\PBTRCnD.exe
  C:\Windows\System\PBTRCnD.exe
  2⤵
  PID:5548
- C:\Windows\System\EjrelrG.exe
  C:\Windows\System\EjrelrG.exe
  2⤵
  PID:5568
- C:\Windows\System\VCHDVIn.exe
  C:\Windows\System\VCHDVIn.exe
  2⤵
  PID:5588
- C:\Windows\System\suGsYvT.exe
  C:\Windows\System\suGsYvT.exe
  2⤵
  PID:5608
- C:\Windows\System\SzuFjzV.exe
  C:\Windows\System\SzuFjzV.exe
  2⤵
  PID:5628
- C:\Windows\System\xVELXiz.exe
  C:\Windows\System\xVELXiz.exe
  2⤵
  PID:5648
- C:\Windows\System\YVaSOdE.exe
  C:\Windows\System\YVaSOdE.exe
  2⤵
  PID:5668
- C:\Windows\System\BStDVFz.exe
  C:\Windows\System\BStDVFz.exe
  2⤵
  PID:5688
- C:\Windows\System\mLsRcjk.exe
  C:\Windows\System\mLsRcjk.exe
  2⤵
  PID:5708
- C:\Windows\System\hJlvpfb.exe
  C:\Windows\System\hJlvpfb.exe
  2⤵
  PID:5728
- C:\Windows\System\ciOyfSw.exe
  C:\Windows\System\ciOyfSw.exe
  2⤵
  PID:5748
- C:\Windows\System\HFHizbo.exe
  C:\Windows\System\HFHizbo.exe
  2⤵
  PID:5768
- C:\Windows\System\kLHTxEH.exe
  C:\Windows\System\kLHTxEH.exe
  2⤵
  PID:5788
- C:\Windows\System\jjPFrCu.exe
  C:\Windows\System\jjPFrCu.exe
  2⤵
  PID:5808
- C:\Windows\System\zFXTKwS.exe
  C:\Windows\System\zFXTKwS.exe
  2⤵
  PID:5828
- C:\Windows\System\itMvgFz.exe
  C:\Windows\System\itMvgFz.exe
  2⤵
  PID:5848
- C:\Windows\System\XiWKSvA.exe
  C:\Windows\System\XiWKSvA.exe
  2⤵
  PID:5868
- C:\Windows\System\JaUteWx.exe
  C:\Windows\System\JaUteWx.exe
  2⤵
  PID:5888
- C:\Windows\System\ARWPiZb.exe
  C:\Windows\System\ARWPiZb.exe
  2⤵
  PID:5908
- C:\Windows\System\dWfIYfd.exe
  C:\Windows\System\dWfIYfd.exe
  2⤵
  PID:5928
- C:\Windows\System\kfoDpmQ.exe
  C:\Windows\System\kfoDpmQ.exe
  2⤵
  PID:5948
- C:\Windows\System\fQFZTya.exe
  C:\Windows\System\fQFZTya.exe
  2⤵
  PID:5968
- C:\Windows\System\wuPHGcZ.exe
  C:\Windows\System\wuPHGcZ.exe
  2⤵
  PID:5988
- C:\Windows\System\VGOwAJp.exe
  C:\Windows\System\VGOwAJp.exe
  2⤵
  PID:6008
- C:\Windows\System\LbegEYt.exe
  C:\Windows\System\LbegEYt.exe
  2⤵
  PID:6028
- C:\Windows\System\dtJRkqJ.exe
  C:\Windows\System\dtJRkqJ.exe
  2⤵
  PID:6048
- C:\Windows\System\uftdUcs.exe
  C:\Windows\System\uftdUcs.exe
  2⤵
  PID:6068
- C:\Windows\System\sbCtsVJ.exe
  C:\Windows\System\sbCtsVJ.exe
  2⤵
  PID:6088
- C:\Windows\System\sodZVZS.exe
  C:\Windows\System\sodZVZS.exe
  2⤵
  PID:6108
- C:\Windows\System\qFpxsVQ.exe
  C:\Windows\System\qFpxsVQ.exe
  2⤵
  PID:6128
- C:\Windows\System\DLikgXO.exe
  C:\Windows\System\DLikgXO.exe
  2⤵
  PID:5064
- C:\Windows\System\IavBkbF.exe
  C:\Windows\System\IavBkbF.exe
  2⤵
  PID:5020
- C:\Windows\System\GaJaJqE.exe
  C:\Windows\System\GaJaJqE.exe
  2⤵
  PID:4220
- C:\Windows\System\KJsxaUW.exe
  C:\Windows\System\KJsxaUW.exe
  2⤵
  PID:4376
- C:\Windows\System\IifQMyG.exe
  C:\Windows\System\IifQMyG.exe
  2⤵
  PID:4264
- C:\Windows\System\MhVjJAq.exe
  C:\Windows\System\MhVjJAq.exe
  2⤵
  PID:4420
- C:\Windows\System\oRXPfyM.exe
  C:\Windows\System\oRXPfyM.exe
  2⤵
  PID:4580
- C:\Windows\System\AuRArPo.exe
  C:\Windows\System\AuRArPo.exe
  2⤵
  PID:4588
- C:\Windows\System\vQiWibS.exe
  C:\Windows\System\vQiWibS.exe
  2⤵
  PID:4136
- C:\Windows\System\rpnDJJU.exe
  C:\Windows\System\rpnDJJU.exe
  2⤵
  PID:4960
- C:\Windows\System\LgCFgBR.exe
  C:\Windows\System\LgCFgBR.exe
  2⤵
  PID:4720
- C:\Windows\System\kBRfHXi.exe
  C:\Windows\System\kBRfHXi.exe
  2⤵
  PID:4896
- C:\Windows\System\zFehgnK.exe
  C:\Windows\System\zFehgnK.exe
  2⤵
  PID:5156
- C:\Windows\System\gpYKVxQ.exe
  C:\Windows\System\gpYKVxQ.exe
  2⤵
  PID:5136
- C:\Windows\System\oSFFgTK.exe
  C:\Windows\System\oSFFgTK.exe
  2⤵
  PID:5260
- C:\Windows\System\jzMVGRC.exe
  C:\Windows\System\jzMVGRC.exe
  2⤵
  PID:5200
- C:\Windows\System\deacpdN.exe
  C:\Windows\System\deacpdN.exe
  2⤵
  PID:2680
- C:\Windows\System\AjoqCkt.exe
  C:\Windows\System\AjoqCkt.exe
  2⤵
  PID:5228
- C:\Windows\System\ocYwDsC.exe
  C:\Windows\System\ocYwDsC.exe
  2⤵
  PID:5296
- C:\Windows\System\zkGgSho.exe
  C:\Windows\System\zkGgSho.exe
  2⤵
  PID:5320
- C:\Windows\System\SoPugVd.exe
  C:\Windows\System\SoPugVd.exe
  2⤵
  PID:5376
- C:\Windows\System\spTefFV.exe
  C:\Windows\System\spTefFV.exe
  2⤵
  PID:5416
- C:\Windows\System\OyisHAa.exe
  C:\Windows\System\OyisHAa.exe
  2⤵
  PID:5436
- C:\Windows\System\ZqMuWbL.exe
  C:\Windows\System\ZqMuWbL.exe
  2⤵
  PID:5440
- C:\Windows\System\kVcbmAv.exe
  C:\Windows\System\kVcbmAv.exe
  2⤵
  PID:5480
- C:\Windows\System\lfpZxuw.exe
  C:\Windows\System\lfpZxuw.exe
  2⤵
  PID:5520
- C:\Windows\System\DSMDffb.exe
  C:\Windows\System\DSMDffb.exe
  2⤵
  PID:5560
- C:\Windows\System\MnWPYGr.exe
  C:\Windows\System\MnWPYGr.exe
  2⤵
  PID:5604
- C:\Windows\System\UrGsPow.exe
  C:\Windows\System\UrGsPow.exe
  2⤵
  PID:5620
- C:\Windows\System\zFdQOce.exe
  C:\Windows\System\zFdQOce.exe
  2⤵
  PID:5640
- C:\Windows\System\RVwWwoi.exe
  C:\Windows\System\RVwWwoi.exe
  2⤵
  PID:5696
- C:\Windows\System\DOuZzzB.exe
  C:\Windows\System\DOuZzzB.exe
  2⤵
  PID:5724
- C:\Windows\System\GHwwsFZ.exe
  C:\Windows\System\GHwwsFZ.exe
  2⤵
  PID:5756
- C:\Windows\System\cdVQzJa.exe
  C:\Windows\System\cdVQzJa.exe
  2⤵
  PID:5796
- C:\Windows\System\ndUpEGQ.exe
  C:\Windows\System\ndUpEGQ.exe
  2⤵
  PID:5820
- C:\Windows\System\QVTzdYL.exe
  C:\Windows\System\QVTzdYL.exe
  2⤵
  PID:5856
- C:\Windows\System\EPZEzfG.exe
  C:\Windows\System\EPZEzfG.exe
  2⤵
  PID:5880
- C:\Windows\System\DfjlzoN.exe
  C:\Windows\System\DfjlzoN.exe
  2⤵
  PID:5924
- C:\Windows\System\ZqodAUi.exe
  C:\Windows\System\ZqodAUi.exe
  2⤵
  PID:5956
- C:\Windows\System\tKCpTfA.exe
  C:\Windows\System\tKCpTfA.exe
  2⤵
  PID:5980
- C:\Windows\System\lmfltcZ.exe
  C:\Windows\System\lmfltcZ.exe
  2⤵
  PID:6024
- C:\Windows\System\lKAWkEq.exe
  C:\Windows\System\lKAWkEq.exe
  2⤵
  PID:6064
- C:\Windows\System\fCpbGee.exe
  C:\Windows\System\fCpbGee.exe
  2⤵
  PID:6084
- C:\Windows\System\CmVilJh.exe
  C:\Windows\System\CmVilJh.exe
  2⤵
  PID:6116
- C:\Windows\System\OVrLruw.exe
  C:\Windows\System\OVrLruw.exe
  2⤵
  PID:6140
- C:\Windows\System\uvbONPa.exe
  C:\Windows\System\uvbONPa.exe
  2⤵
  PID:4100
- C:\Windows\System\XExWEGu.exe
  C:\Windows\System\XExWEGu.exe
  2⤵
  PID:2188
- C:\Windows\System\pscLFpz.exe
  C:\Windows\System\pscLFpz.exe
  2⤵
  PID:4412
- C:\Windows\System\cAKOIEQ.exe
  C:\Windows\System\cAKOIEQ.exe
  2⤵
  PID:5116
- C:\Windows\System\ojFiPem.exe
  C:\Windows\System\ojFiPem.exe
  2⤵
  PID:4528
- C:\Windows\System\GYlevcV.exe
  C:\Windows\System\GYlevcV.exe
  2⤵
  PID:5124
- C:\Windows\System\nSdhLQZ.exe
  C:\Windows\System\nSdhLQZ.exe
  2⤵
  PID:4996
- C:\Windows\System\jKBCDZO.exe
  C:\Windows\System\jKBCDZO.exe
  2⤵
  PID:4704
- C:\Windows\System\UnWZqYY.exe
  C:\Windows\System\UnWZqYY.exe
  2⤵
  PID:5232
- C:\Windows\System\LKHInvh.exe
  C:\Windows\System\LKHInvh.exe
  2⤵
  PID:5236
- C:\Windows\System\PmexPxA.exe
  C:\Windows\System\PmexPxA.exe
  2⤵
  PID:5276
- C:\Windows\System\wYFYapK.exe
  C:\Windows\System\wYFYapK.exe
  2⤵
  PID:5324
- C:\Windows\System\vMdzrPz.exe
  C:\Windows\System\vMdzrPz.exe
  2⤵
  PID:5380
- C:\Windows\System\EBWPBWo.exe
  C:\Windows\System\EBWPBWo.exe
  2⤵
  PID:5444
- C:\Windows\System\HLFFoxK.exe
  C:\Windows\System\HLFFoxK.exe
  2⤵
  PID:5540
- C:\Windows\System\juHbqUb.exe
  C:\Windows\System\juHbqUb.exe
  2⤵
  PID:5616
- C:\Windows\System\dVRKKxp.exe
  C:\Windows\System\dVRKKxp.exe
  2⤵
  PID:5624
- C:\Windows\System\SbheOMB.exe
  C:\Windows\System\SbheOMB.exe
  2⤵
  PID:5680
- C:\Windows\System\rbpVABi.exe
  C:\Windows\System\rbpVABi.exe
  2⤵
  PID:5716
- C:\Windows\System\iGtpCLh.exe
  C:\Windows\System\iGtpCLh.exe
  2⤵
  PID:5760
- C:\Windows\System\kNalRsE.exe
  C:\Windows\System\kNalRsE.exe
  2⤵
  PID:5860
- C:\Windows\System\DtArlzj.exe
  C:\Windows\System\DtArlzj.exe
  2⤵
  PID:5936
- C:\Windows\System\xQYBaGc.exe
  C:\Windows\System\xQYBaGc.exe
  2⤵
  PID:5944
- C:\Windows\System\QqSkNhn.exe
  C:\Windows\System\QqSkNhn.exe
  2⤵
  PID:5976
- C:\Windows\System\yXpCYeA.exe
  C:\Windows\System\yXpCYeA.exe
  2⤵
  PID:6056
- C:\Windows\System\LxFvklv.exe
  C:\Windows\System\LxFvklv.exe
  2⤵
  PID:6124
- C:\Windows\System\LIHBcXq.exe
  C:\Windows\System\LIHBcXq.exe
  2⤵
  PID:4260
- C:\Windows\System\buqrBQU.exe
  C:\Windows\System\buqrBQU.exe
  2⤵
  PID:4956
- C:\Windows\System\IcPtyQu.exe
  C:\Windows\System\IcPtyQu.exe
  2⤵
  PID:4764
- C:\Windows\System\qHuJOZv.exe
  C:\Windows\System\qHuJOZv.exe
  2⤵
  PID:3724
- C:\Windows\System\hpWPNIT.exe
  C:\Windows\System\hpWPNIT.exe
  2⤵
  PID:5152
- C:\Windows\System\ZKDqtJX.exe
  C:\Windows\System\ZKDqtJX.exe
  2⤵
  PID:5240
- C:\Windows\System\oJpuFsE.exe
  C:\Windows\System\oJpuFsE.exe
  2⤵
  PID:5364
- C:\Windows\System\kjSxZto.exe
  C:\Windows\System\kjSxZto.exe
  2⤵
  PID:5424
- C:\Windows\System\PPHBDlT.exe
  C:\Windows\System\PPHBDlT.exe
  2⤵
  PID:5484
- C:\Windows\System\GHLQcYV.exe
  C:\Windows\System\GHLQcYV.exe
  2⤵
  PID:5564
- C:\Windows\System\xCqFOTJ.exe
  C:\Windows\System\xCqFOTJ.exe
  2⤵
  PID:5636
- C:\Windows\System\YNYpVop.exe
  C:\Windows\System\YNYpVop.exe
  2⤵
  PID:5740
- C:\Windows\System\AQunHVV.exe
  C:\Windows\System\AQunHVV.exe
  2⤵
  PID:5836
- C:\Windows\System\KhkgHen.exe
  C:\Windows\System\KhkgHen.exe
  2⤵
  PID:6152
- C:\Windows\System\eZNSRXc.exe
  C:\Windows\System\eZNSRXc.exe
  2⤵
  PID:6172
- C:\Windows\System\HCtpJTk.exe
  C:\Windows\System\HCtpJTk.exe
  2⤵
  PID:6192
- C:\Windows\System\oKRuCde.exe
  C:\Windows\System\oKRuCde.exe
  2⤵
  PID:6212
- C:\Windows\System\OvNnyaY.exe
  C:\Windows\System\OvNnyaY.exe
  2⤵
  PID:6232
- C:\Windows\System\YhqWGoJ.exe
  C:\Windows\System\YhqWGoJ.exe
  2⤵
  PID:6252
- C:\Windows\System\TRHUnnn.exe
  C:\Windows\System\TRHUnnn.exe
  2⤵
  PID:6272
- C:\Windows\System\anCsWwl.exe
  C:\Windows\System\anCsWwl.exe
  2⤵
  PID:6292
- C:\Windows\System\QvlVZiR.exe
  C:\Windows\System\QvlVZiR.exe
  2⤵
  PID:6312
- C:\Windows\System\AluyKzM.exe
  C:\Windows\System\AluyKzM.exe
  2⤵
  PID:6332
- C:\Windows\System\VDWgPfl.exe
  C:\Windows\System\VDWgPfl.exe
  2⤵
  PID:6352
- C:\Windows\System\mPILKkW.exe
  C:\Windows\System\mPILKkW.exe
  2⤵
  PID:6372
- C:\Windows\System\FAoRHwf.exe
  C:\Windows\System\FAoRHwf.exe
  2⤵
  PID:6392
- C:\Windows\System\cBYAcgm.exe
  C:\Windows\System\cBYAcgm.exe
  2⤵
  PID:6412
- C:\Windows\System\BPgjqyy.exe
  C:\Windows\System\BPgjqyy.exe
  2⤵
  PID:6432
- C:\Windows\System\dxWKpzd.exe
  C:\Windows\System\dxWKpzd.exe
  2⤵
  PID:6452
- C:\Windows\System\KWGaOmy.exe
  C:\Windows\System\KWGaOmy.exe
  2⤵
  PID:6472
- C:\Windows\System\kRZryvX.exe
  C:\Windows\System\kRZryvX.exe
  2⤵
  PID:6492
- C:\Windows\System\MEqkhWV.exe
  C:\Windows\System\MEqkhWV.exe
  2⤵
  PID:6512
- C:\Windows\System\nOoKNFW.exe
  C:\Windows\System\nOoKNFW.exe
  2⤵
  PID:6532
- C:\Windows\System\cnmRvyL.exe
  C:\Windows\System\cnmRvyL.exe
  2⤵
  PID:6552
- C:\Windows\System\wsaFvfH.exe
  C:\Windows\System\wsaFvfH.exe
  2⤵
  PID:6572
- C:\Windows\System\kGcDXUo.exe
  C:\Windows\System\kGcDXUo.exe
  2⤵
  PID:6592
- C:\Windows\System\jonaxWf.exe
  C:\Windows\System\jonaxWf.exe
  2⤵
  PID:6612
- C:\Windows\System\HLVAZaW.exe
  C:\Windows\System\HLVAZaW.exe
  2⤵
  PID:6632
- C:\Windows\System\mxNjnZI.exe
  C:\Windows\System\mxNjnZI.exe
  2⤵
  PID:6652
- C:\Windows\System\UdTZcoe.exe
  C:\Windows\System\UdTZcoe.exe
  2⤵
  PID:6672
- C:\Windows\System\ugSRlOX.exe
  C:\Windows\System\ugSRlOX.exe
  2⤵
  PID:6692
- C:\Windows\System\WnYDlOV.exe
  C:\Windows\System\WnYDlOV.exe
  2⤵
  PID:6712
- C:\Windows\System\AEWpcHj.exe
  C:\Windows\System\AEWpcHj.exe
  2⤵
  PID:6732
- C:\Windows\System\PUqwSTX.exe
  C:\Windows\System\PUqwSTX.exe
  2⤵
  PID:6752
- C:\Windows\System\aeMSnWm.exe
  C:\Windows\System\aeMSnWm.exe
  2⤵
  PID:6772
- C:\Windows\System\AKtikej.exe
  C:\Windows\System\AKtikej.exe
  2⤵
  PID:6792
- C:\Windows\System\YorkPjj.exe
  C:\Windows\System\YorkPjj.exe
  2⤵
  PID:6812
- C:\Windows\System\oLuMJUI.exe
  C:\Windows\System\oLuMJUI.exe
  2⤵
  PID:6832
- C:\Windows\System\aHDRIqI.exe
  C:\Windows\System\aHDRIqI.exe
  2⤵
  PID:6856
- C:\Windows\System\xTlTtpL.exe
  C:\Windows\System\xTlTtpL.exe
  2⤵
  PID:6876
- C:\Windows\System\nZLCDWf.exe
  C:\Windows\System\nZLCDWf.exe
  2⤵
  PID:6896
- C:\Windows\System\ixsmdgX.exe
  C:\Windows\System\ixsmdgX.exe
  2⤵
  PID:6916
- C:\Windows\System\SxiTXeG.exe
  C:\Windows\System\SxiTXeG.exe
  2⤵
  PID:6936
- C:\Windows\System\fzWgBEN.exe
  C:\Windows\System\fzWgBEN.exe
  2⤵
  PID:6960
- C:\Windows\System\GHTMTYm.exe
  C:\Windows\System\GHTMTYm.exe
  2⤵
  PID:6980
- C:\Windows\System\osOGsXK.exe
  C:\Windows\System\osOGsXK.exe
  2⤵
  PID:7000
- C:\Windows\System\wDAFifS.exe
  C:\Windows\System\wDAFifS.exe
  2⤵
  PID:7020
- C:\Windows\System\RGifzFF.exe
  C:\Windows\System\RGifzFF.exe
  2⤵
  PID:7040
- C:\Windows\System\TxogixZ.exe
  C:\Windows\System\TxogixZ.exe
  2⤵
  PID:7060
- C:\Windows\System\FldOYjb.exe
  C:\Windows\System\FldOYjb.exe
  2⤵
  PID:7080
- C:\Windows\System\pwNDBbG.exe
  C:\Windows\System\pwNDBbG.exe
  2⤵
  PID:7100
- C:\Windows\System\gttfLVT.exe
  C:\Windows\System\gttfLVT.exe
  2⤵
  PID:7120
- C:\Windows\System\JFPbmvi.exe
  C:\Windows\System\JFPbmvi.exe
  2⤵
  PID:7140
- C:\Windows\System\FcjyqVL.exe
  C:\Windows\System\FcjyqVL.exe
  2⤵
  PID:7160
- C:\Windows\System\FlJOWnm.exe
  C:\Windows\System\FlJOWnm.exe
  2⤵
  PID:5900
- C:\Windows\System\oHESHXC.exe
  C:\Windows\System\oHESHXC.exe
  2⤵
  PID:6096
- C:\Windows\System\IVMVsgW.exe
  C:\Windows\System\IVMVsgW.exe
  2⤵
  PID:3408
- C:\Windows\System\eAMrfUa.exe
  C:\Windows\System\eAMrfUa.exe
  2⤵
  PID:3468
- C:\Windows\System\DBdgecj.exe
  C:\Windows\System\DBdgecj.exe
  2⤵
  PID:4872
- C:\Windows\System\KpFzTUK.exe
  C:\Windows\System\KpFzTUK.exe
  2⤵
  PID:4772
- C:\Windows\System\VNAUYKR.exe
  C:\Windows\System\VNAUYKR.exe
  2⤵
  PID:5384
- C:\Windows\System\nOaWXnE.exe
  C:\Windows\System\nOaWXnE.exe
  2⤵
  PID:5556
- C:\Windows\System\lmXkdVh.exe
  C:\Windows\System\lmXkdVh.exe
  2⤵
  PID:2740
- C:\Windows\System\VJdVzdR.exe
  C:\Windows\System\VJdVzdR.exe
  2⤵
  PID:5744
- C:\Windows\System\VxXwTCc.exe
  C:\Windows\System\VxXwTCc.exe
  2⤵
  PID:6148
- C:\Windows\System\KuzfmeV.exe
  C:\Windows\System\KuzfmeV.exe
  2⤵
  PID:6188
- C:\Windows\System\iJdLvnh.exe
  C:\Windows\System\iJdLvnh.exe
  2⤵
  PID:6220
- C:\Windows\System\WgeNvnv.exe
  C:\Windows\System\WgeNvnv.exe
  2⤵
  PID:6240
- C:\Windows\System\JDhflnP.exe
  C:\Windows\System\JDhflnP.exe
  2⤵
  PID:6264
- C:\Windows\System\AddNAfc.exe
  C:\Windows\System\AddNAfc.exe
  2⤵
  PID:6308
- C:\Windows\System\rpqycTj.exe
  C:\Windows\System\rpqycTj.exe
  2⤵
  PID:6348
- C:\Windows\System\tOgclvI.exe
  C:\Windows\System\tOgclvI.exe
  2⤵
  PID:6368
- C:\Windows\System\SVuTFAU.exe
  C:\Windows\System\SVuTFAU.exe
  2⤵
  PID:6420
- C:\Windows\System\vQsSLOK.exe
  C:\Windows\System\vQsSLOK.exe
  2⤵
  PID:6440
- C:\Windows\System\ZztKWsg.exe
  C:\Windows\System\ZztKWsg.exe
  2⤵
  PID:6464
- C:\Windows\System\cOPjRpA.exe
  C:\Windows\System\cOPjRpA.exe
  2⤵
  PID:6508
- C:\Windows\System\OiYxBFu.exe
  C:\Windows\System\OiYxBFu.exe
  2⤵
  PID:6528
- C:\Windows\System\wngrISN.exe
  C:\Windows\System\wngrISN.exe
  2⤵
  PID:6580
- C:\Windows\System\pnSIXqh.exe
  C:\Windows\System\pnSIXqh.exe
  2⤵
  PID:6608
- C:\Windows\System\BWCUqmA.exe
  C:\Windows\System\BWCUqmA.exe
  2⤵
  PID:6640
- C:\Windows\System\XLqPnng.exe
  C:\Windows\System\XLqPnng.exe
  2⤵
  PID:6664
- C:\Windows\System\LIefjFT.exe
  C:\Windows\System\LIefjFT.exe
  2⤵
  PID:6684
- C:\Windows\System\XJzLLKK.exe
  C:\Windows\System\XJzLLKK.exe
  2⤵
  PID:6740
- C:\Windows\System\noQDnfN.exe
  C:\Windows\System\noQDnfN.exe
  2⤵
  PID:6764
- C:\Windows\System\tXyzPqJ.exe
  C:\Windows\System\tXyzPqJ.exe
  2⤵
  PID:6800
- C:\Windows\System\BEEnXQv.exe
  C:\Windows\System\BEEnXQv.exe
  2⤵
  PID:6824
- C:\Windows\System\gYuWAoH.exe
  C:\Windows\System\gYuWAoH.exe
  2⤵
  PID:6884
- C:\Windows\System\wZnTFDF.exe
  C:\Windows\System\wZnTFDF.exe
  2⤵
  PID:6908
- C:\Windows\System\mgRQcIn.exe
  C:\Windows\System\mgRQcIn.exe
  2⤵
  PID:6956
- C:\Windows\System\fHewUcz.exe
  C:\Windows\System\fHewUcz.exe
  2⤵
  PID:6996
- C:\Windows\System\OTrQTNy.exe
  C:\Windows\System\OTrQTNy.exe
  2⤵
  PID:7036
- C:\Windows\System\EPHQIHL.exe
  C:\Windows\System\EPHQIHL.exe
  2⤵
  PID:7056
- C:\Windows\System\rkRZzuP.exe
  C:\Windows\System\rkRZzuP.exe
  2⤵
  PID:7108
- C:\Windows\System\xkCPpHJ.exe
  C:\Windows\System\xkCPpHJ.exe
  2⤵
  PID:7128
- C:\Windows\System\yGoiFHF.exe
  C:\Windows\System\yGoiFHF.exe
  2⤵
  PID:7152
- C:\Windows\System\BfsSeaX.exe
  C:\Windows\System\BfsSeaX.exe
  2⤵
  PID:6036
- C:\Windows\System\QQAvyUv.exe
  C:\Windows\System\QQAvyUv.exe
  2⤵
  PID:4396
- C:\Windows\System\pwSvspo.exe
  C:\Windows\System\pwSvspo.exe
  2⤵
  PID:4576
- C:\Windows\System\HrBNHiX.exe
  C:\Windows\System\HrBNHiX.exe
  2⤵
  PID:5300
- C:\Windows\System\xpwhroG.exe
  C:\Windows\System\xpwhroG.exe
  2⤵
  PID:5464
- C:\Windows\System\amPsPoa.exe
  C:\Windows\System\amPsPoa.exe
  2⤵
  PID:5676
- C:\Windows\System\FQpkFGx.exe
  C:\Windows\System\FQpkFGx.exe
  2⤵
  PID:5876
- C:\Windows\System\kXMxmuW.exe
  C:\Windows\System\kXMxmuW.exe
  2⤵
  PID:5736
- C:\Windows\System\nSObonM.exe
  C:\Windows\System\nSObonM.exe
  2⤵
  PID:6244
- C:\Windows\System\LAChsRp.exe
  C:\Windows\System\LAChsRp.exe
  2⤵
  PID:6344
- C:\Windows\System\FEAIMYT.exe
  C:\Windows\System\FEAIMYT.exe
  2⤵
  PID:6360
- C:\Windows\System\hESeNin.exe
  C:\Windows\System\hESeNin.exe
  2⤵
  PID:6424
- C:\Windows\System\OENNVJl.exe
  C:\Windows\System\OENNVJl.exe
  2⤵
  PID:6468
- C:\Windows\System\xWCgkRK.exe
  C:\Windows\System\xWCgkRK.exe
  2⤵
  PID:6548
- C:\Windows\System\ggSqbTS.exe
  C:\Windows\System\ggSqbTS.exe
  2⤵
  PID:6628
- C:\Windows\System\gSAcpFc.exe
  C:\Windows\System\gSAcpFc.exe
  2⤵
  PID:6604
- C:\Windows\System\BaNXDvl.exe
  C:\Windows\System\BaNXDvl.exe
  2⤵
  PID:6644
- C:\Windows\System\yhuoJTo.exe
  C:\Windows\System\yhuoJTo.exe
  2⤵
  PID:6720
- C:\Windows\System\IhgOSeS.exe
  C:\Windows\System\IhgOSeS.exe
  2⤵
  PID:6804
- C:\Windows\System\ZopGHbr.exe
  C:\Windows\System\ZopGHbr.exe
  2⤵
  PID:6864
- C:\Windows\System\XyRmmKt.exe
  C:\Windows\System\XyRmmKt.exe
  2⤵
  PID:6852
- C:\Windows\System\BITNjLZ.exe
  C:\Windows\System\BITNjLZ.exe
  2⤵
  PID:6928
- C:\Windows\System\fSJpNNt.exe
  C:\Windows\System\fSJpNNt.exe
  2⤵
  PID:7032
- C:\Windows\System\KZfnZIj.exe
  C:\Windows\System\KZfnZIj.exe
  2⤵
  PID:7076
- C:\Windows\System\TOsjJVY.exe
  C:\Windows\System\TOsjJVY.exe
  2⤵
  PID:7136
- C:\Windows\System\oNtCvBh.exe
  C:\Windows\System\oNtCvBh.exe
  2⤵
  PID:5940
- C:\Windows\System\wFlHrGU.exe
  C:\Windows\System\wFlHrGU.exe
  2⤵
  PID:6120
- C:\Windows\System\mOOzRnA.exe
  C:\Windows\System\mOOzRnA.exe
  2⤵
  PID:5400
- C:\Windows\System\JvjPzzI.exe
  C:\Windows\System\JvjPzzI.exe
  2⤵
  PID:6168
- C:\Windows\System\uulTuCh.exe
  C:\Windows\System\uulTuCh.exe
  2⤵
  PID:6268
- C:\Windows\System\OFuGbCy.exe
  C:\Windows\System\OFuGbCy.exe
  2⤵
  PID:6284
- C:\Windows\System\XYTLESG.exe
  C:\Windows\System\XYTLESG.exe
  2⤵
  PID:6500
- C:\Windows\System\AbachJR.exe
  C:\Windows\System\AbachJR.exe
  2⤵
  PID:6400
- C:\Windows\System\wSgCxKU.exe
  C:\Windows\System\wSgCxKU.exe
  2⤵
  PID:6560
- C:\Windows\System\YZTDScV.exe
  C:\Windows\System\YZTDScV.exe
  2⤵
  PID:6668
- C:\Windows\System\hOFByFm.exe
  C:\Windows\System\hOFByFm.exe
  2⤵
  PID:6700
- C:\Windows\System\YmzVold.exe
  C:\Windows\System\YmzVold.exe
  2⤵
  PID:7012
- C:\Windows\System\tdUqFSy.exe
  C:\Windows\System\tdUqFSy.exe
  2⤵
  PID:6912
- C:\Windows\System\cvsxsXW.exe
  C:\Windows\System\cvsxsXW.exe
  2⤵
  PID:6976
- C:\Windows\System\pyLlGee.exe
  C:\Windows\System\pyLlGee.exe
  2⤵
  PID:7112
- C:\Windows\System\iesAXHu.exe
  C:\Windows\System\iesAXHu.exe
  2⤵
  PID:7156
- C:\Windows\System\HXvnoLB.exe
  C:\Windows\System\HXvnoLB.exe
  2⤵
  PID:5180
- C:\Windows\System\BlDvlvN.exe
  C:\Windows\System\BlDvlvN.exe
  2⤵
  PID:7172
- C:\Windows\System\uoGTiUy.exe
  C:\Windows\System\uoGTiUy.exe
  2⤵
  PID:7192
- C:\Windows\System\GkGQeVU.exe
  C:\Windows\System\GkGQeVU.exe
  2⤵
  PID:7216
- C:\Windows\System\VzlSvWp.exe
  C:\Windows\System\VzlSvWp.exe
  2⤵
  PID:7236
- C:\Windows\System\uKPplvI.exe
  C:\Windows\System\uKPplvI.exe
  2⤵
  PID:7256
- C:\Windows\System\KVQxkMu.exe
  C:\Windows\System\KVQxkMu.exe
  2⤵
  PID:7276
- C:\Windows\System\OoWRznK.exe
  C:\Windows\System\OoWRznK.exe
  2⤵
  PID:7296
- C:\Windows\System\RDhSGTM.exe
  C:\Windows\System\RDhSGTM.exe
  2⤵
  PID:7316
- C:\Windows\System\THqkWPB.exe
  C:\Windows\System\THqkWPB.exe
  2⤵
  PID:7332
- C:\Windows\System\PdVtJzI.exe
  C:\Windows\System\PdVtJzI.exe
  2⤵
  PID:7356
- C:\Windows\System\jlFbgHK.exe
  C:\Windows\System\jlFbgHK.exe
  2⤵
  PID:7376
- C:\Windows\System\fPxcIuo.exe
  C:\Windows\System\fPxcIuo.exe
  2⤵
  PID:7396
- C:\Windows\System\uHiCLeW.exe
  C:\Windows\System\uHiCLeW.exe
  2⤵
  PID:7416
- C:\Windows\System\JJwrLDe.exe
  C:\Windows\System\JJwrLDe.exe
  2⤵
  PID:7432
- C:\Windows\System\dMnayyf.exe
  C:\Windows\System\dMnayyf.exe
  2⤵
  PID:7456
- C:\Windows\System\fMMmyVc.exe
  C:\Windows\System\fMMmyVc.exe
  2⤵
  PID:7476
- C:\Windows\System\zkCyDvN.exe
  C:\Windows\System\zkCyDvN.exe
  2⤵
  PID:7496
- C:\Windows\System\xiiYdLY.exe
  C:\Windows\System\xiiYdLY.exe
  2⤵
  PID:7516
- C:\Windows\System\vXtYgVd.exe
  C:\Windows\System\vXtYgVd.exe
  2⤵
  PID:7536
- C:\Windows\System\qMXCrBt.exe
  C:\Windows\System\qMXCrBt.exe
  2⤵
  PID:7556
- C:\Windows\System\RlMRTye.exe
  C:\Windows\System\RlMRTye.exe
  2⤵
  PID:7576
- C:\Windows\System\FbtvXkd.exe
  C:\Windows\System\FbtvXkd.exe
  2⤵
  PID:7596
- C:\Windows\System\CElGdtV.exe
  C:\Windows\System\CElGdtV.exe
  2⤵
  PID:7616
- C:\Windows\System\iqFZsjE.exe
  C:\Windows\System\iqFZsjE.exe
  2⤵
  PID:7636
- C:\Windows\System\MAXTuWS.exe
  C:\Windows\System\MAXTuWS.exe
  2⤵
  PID:7656
- C:\Windows\System\wRYOmAo.exe
  C:\Windows\System\wRYOmAo.exe
  2⤵
  PID:7676
- C:\Windows\System\hGMzfmQ.exe
  C:\Windows\System\hGMzfmQ.exe
  2⤵
  PID:7696
- C:\Windows\System\tIIyTZB.exe
  C:\Windows\System\tIIyTZB.exe
  2⤵
  PID:7716
- C:\Windows\System\keNbiJk.exe
  C:\Windows\System\keNbiJk.exe
  2⤵
  PID:7736
- C:\Windows\System\dylAZsv.exe
  C:\Windows\System\dylAZsv.exe
  2⤵
  PID:7756
- C:\Windows\System\SCuldbV.exe
  C:\Windows\System\SCuldbV.exe
  2⤵
  PID:7780
- C:\Windows\System\eWxPWxJ.exe
  C:\Windows\System\eWxPWxJ.exe
  2⤵
  PID:7800
- C:\Windows\System\mdGbiLi.exe
  C:\Windows\System\mdGbiLi.exe
  2⤵
  PID:7820
- C:\Windows\System\WEIPCJT.exe
  C:\Windows\System\WEIPCJT.exe
  2⤵
  PID:7840
- C:\Windows\System\EjIOOXX.exe
  C:\Windows\System\EjIOOXX.exe
  2⤵
  PID:7860
- C:\Windows\System\cOkKzNH.exe
  C:\Windows\System\cOkKzNH.exe
  2⤵
  PID:7880
- C:\Windows\System\cSPqbwr.exe
  C:\Windows\System\cSPqbwr.exe
  2⤵
  PID:7900
- C:\Windows\System\HQoDxks.exe
  C:\Windows\System\HQoDxks.exe
  2⤵
  PID:7920
- C:\Windows\System\vuaQOGp.exe
  C:\Windows\System\vuaQOGp.exe
  2⤵
  PID:7940
- C:\Windows\System\zrBGxdN.exe
  C:\Windows\System\zrBGxdN.exe
  2⤵
  PID:7960
- C:\Windows\System\wuBQQXa.exe
  C:\Windows\System\wuBQQXa.exe
  2⤵
  PID:7980
- C:\Windows\System\jNHHVZp.exe
  C:\Windows\System\jNHHVZp.exe
  2⤵
  PID:8000
- C:\Windows\System\wSUEyXZ.exe
  C:\Windows\System\wSUEyXZ.exe
  2⤵
  PID:8020
- C:\Windows\System\avtyrZD.exe
  C:\Windows\System\avtyrZD.exe
  2⤵
  PID:8040
- C:\Windows\System\TfvrVaC.exe
  C:\Windows\System\TfvrVaC.exe
  2⤵
  PID:8060
- C:\Windows\System\unlbipP.exe
  C:\Windows\System\unlbipP.exe
  2⤵
  PID:8080
- C:\Windows\System\WleJlNm.exe
  C:\Windows\System\WleJlNm.exe
  2⤵
  PID:8100
- C:\Windows\System\Tolakyd.exe
  C:\Windows\System\Tolakyd.exe
  2⤵
  PID:8120
- C:\Windows\System\qmsBKaX.exe
  C:\Windows\System\qmsBKaX.exe
  2⤵
  PID:8140
- C:\Windows\System\nsSwFQY.exe
  C:\Windows\System\nsSwFQY.exe
  2⤵
  PID:8160
- C:\Windows\System\onpKPzr.exe
  C:\Windows\System\onpKPzr.exe
  2⤵
  PID:8180
- C:\Windows\System\hwwgDYm.exe
  C:\Windows\System\hwwgDYm.exe
  2⤵
  PID:5496
- C:\Windows\System\DKXVLWe.exe
  C:\Windows\System\DKXVLWe.exe
  2⤵
  PID:6388
- C:\Windows\System\YwXyZgZ.exe
  C:\Windows\System\YwXyZgZ.exe
  2⤵
  PID:6568
- C:\Windows\System\VWtJKLg.exe
  C:\Windows\System\VWtJKLg.exe
  2⤵
  PID:6564
- C:\Windows\System\aJiMcrn.exe
  C:\Windows\System\aJiMcrn.exe
  2⤵
  PID:2760
- C:\Windows\System\cMOstPM.exe
  C:\Windows\System\cMOstPM.exe
  2⤵
  PID:7028
- C:\Windows\System\dcvAhsX.exe
  C:\Windows\System\dcvAhsX.exe
  2⤵
  PID:7068
- C:\Windows\System\urtKDfq.exe
  C:\Windows\System\urtKDfq.exe
  2⤵
  PID:5336
- C:\Windows\System\KzEzwIy.exe
  C:\Windows\System\KzEzwIy.exe
  2⤵
  PID:3524
- C:\Windows\System\cPDQCAK.exe
  C:\Windows\System\cPDQCAK.exe
  2⤵
  PID:7184
- C:\Windows\System\KegsKWU.exe
  C:\Windows\System\KegsKWU.exe
  2⤵
  PID:7232
- C:\Windows\System\EuvkQxL.exe
  C:\Windows\System\EuvkQxL.exe
  2⤵
  PID:7264
- C:\Windows\System\kNkLdkU.exe
  C:\Windows\System\kNkLdkU.exe
  2⤵
  PID:7328
- C:\Windows\System\IxlFrTd.exe
  C:\Windows\System\IxlFrTd.exe
  2⤵
  PID:7344
- C:\Windows\System\HKcIFBZ.exe
  C:\Windows\System\HKcIFBZ.exe
  2⤵
  PID:2648
- C:\Windows\System\EYdgTpH.exe
  C:\Windows\System\EYdgTpH.exe
  2⤵
  PID:7384
- C:\Windows\System\VhDEsxf.exe
  C:\Windows\System\VhDEsxf.exe
  2⤵
  PID:7424
- C:\Windows\System\zvGSoUs.exe
  C:\Windows\System\zvGSoUs.exe
  2⤵
  PID:7428
- C:\Windows\System\HmJWmXm.exe
  C:\Windows\System\HmJWmXm.exe
  2⤵
  PID:7492
- C:\Windows\System\Mvdnsas.exe
  C:\Windows\System\Mvdnsas.exe
  2⤵
  PID:7532
- C:\Windows\System\SffhXoi.exe
  C:\Windows\System\SffhXoi.exe
  2⤵
  PID:7508
- C:\Windows\System\cCoPpkn.exe
  C:\Windows\System\cCoPpkn.exe
  2⤵
  PID:2816
- C:\Windows\System\PCaBOiO.exe
  C:\Windows\System\PCaBOiO.exe
  2⤵
  PID:7608
- C:\Windows\System\TYPAbRN.exe
  C:\Windows\System\TYPAbRN.exe
  2⤵
  PID:2544
- C:\Windows\System\vybLzGe.exe
  C:\Windows\System\vybLzGe.exe
  2⤵
  PID:7628
- C:\Windows\System\CVFEwaA.exe
  C:\Windows\System\CVFEwaA.exe
  2⤵
  PID:7692
- C:\Windows\System\twGnofr.exe
  C:\Windows\System\twGnofr.exe
  2⤵
  PID:7724
- C:\Windows\System\XEEkWcO.exe
  C:\Windows\System\XEEkWcO.exe
  2⤵
  PID:7752
- C:\Windows\System\HtGMhOg.exe
  C:\Windows\System\HtGMhOg.exe
  2⤵
  PID:7208
- C:\Windows\System\JaHTqxM.exe
  C:\Windows\System\JaHTqxM.exe
  2⤵
  PID:7796
- C:\Windows\System\uGmRRvP.exe
  C:\Windows\System\uGmRRvP.exe
  2⤵
  PID:7832
- C:\Windows\System\GoXLJzF.exe
  C:\Windows\System\GoXLJzF.exe
  2⤵
  PID:7876
- C:\Windows\System\hoXkaPQ.exe
  C:\Windows\System\hoXkaPQ.exe
  2⤵
  PID:7892
- C:\Windows\System\ceLbaSa.exe
  C:\Windows\System\ceLbaSa.exe
  2⤵
  PID:7936
- C:\Windows\System\vHbQOaX.exe
  C:\Windows\System\vHbQOaX.exe
  2⤵
  PID:8016
- C:\Windows\System\jRxvUPD.exe
  C:\Windows\System\jRxvUPD.exe
  2⤵
  PID:8048
- C:\Windows\System\cXLmsiA.exe
  C:\Windows\System\cXLmsiA.exe
  2⤵
  PID:8036
- C:\Windows\System\UKbRbJQ.exe
  C:\Windows\System\UKbRbJQ.exe
  2⤵
  PID:1988
- C:\Windows\System\bbasDNF.exe
  C:\Windows\System\bbasDNF.exe
  2⤵
  PID:8128
- C:\Windows\System\BWfBMMX.exe
  C:\Windows\System\BWfBMMX.exe
  2⤵
  PID:8148
- C:\Windows\System\NvYltgF.exe
  C:\Windows\System\NvYltgF.exe
  2⤵
  PID:6380
- C:\Windows\System\vMwboJN.exe
  C:\Windows\System\vMwboJN.exe
  2⤵
  PID:6484
- C:\Windows\System\aPyjFuF.exe
  C:\Windows\System\aPyjFuF.exe
  2⤵
  PID:6328
- C:\Windows\System\TGMNinG.exe
  C:\Windows\System\TGMNinG.exe
  2⤵
  PID:6728
- C:\Windows\System\ETUlpqn.exe
  C:\Windows\System\ETUlpqn.exe
  2⤵
  PID:6828
- C:\Windows\System\PuGUIAO.exe
  C:\Windows\System\PuGUIAO.exe
  2⤵
  PID:7072
- C:\Windows\System\EggqfCU.exe
  C:\Windows\System\EggqfCU.exe
  2⤵
  PID:1164
- C:\Windows\System\SkLGJKr.exe
  C:\Windows\System\SkLGJKr.exe
  2⤵
  PID:7200
- C:\Windows\System\tyvZWkf.exe
  C:\Windows\System\tyvZWkf.exe
  2⤵
  PID:7292
- C:\Windows\System\jngJBBD.exe
  C:\Windows\System\jngJBBD.exe
  2⤵
  PID:7308
- C:\Windows\System\pMYWunD.exe
  C:\Windows\System\pMYWunD.exe
  2⤵
  PID:7364
- C:\Windows\System\eUSfhZx.exe
  C:\Windows\System\eUSfhZx.exe
  2⤵
  PID:2348
- C:\Windows\System\oHjhGUw.exe
  C:\Windows\System\oHjhGUw.exe
  2⤵
  PID:7388
- C:\Windows\System\WnsMAba.exe
  C:\Windows\System\WnsMAba.exe
  2⤵
  PID:2744
- C:\Windows\System\WynmRKH.exe
  C:\Windows\System\WynmRKH.exe
  2⤵
  PID:7484
- C:\Windows\System\JoMybti.exe
  C:\Windows\System\JoMybti.exe
  2⤵
  PID:7568
- C:\Windows\System\QrpTOtF.exe
  C:\Windows\System\QrpTOtF.exe
  2⤵
  PID:7644
- C:\Windows\System\TKqFbcB.exe
  C:\Windows\System\TKqFbcB.exe
  2⤵
  PID:996
- C:\Windows\System\hIHWbQZ.exe
  C:\Windows\System\hIHWbQZ.exe
  2⤵
  PID:7672
- C:\Windows\System\LkDRocl.exe
  C:\Windows\System\LkDRocl.exe
  2⤵
  PID:7704
- C:\Windows\System\MVSlNIA.exe
  C:\Windows\System\MVSlNIA.exe
  2⤵
  PID:2836
- C:\Windows\System\etcEMht.exe
  C:\Windows\System\etcEMht.exe
  2⤵
  PID:7856
- C:\Windows\System\oGDqHwN.exe
  C:\Windows\System\oGDqHwN.exe
  2⤵
  PID:7928
- C:\Windows\System\uWridMg.exe
  C:\Windows\System\uWridMg.exe
  2⤵
  PID:3016
- C:\Windows\System\dyxHUhL.exe
  C:\Windows\System\dyxHUhL.exe
  2⤵
  PID:2584
- C:\Windows\System\EpUFBDs.exe
  C:\Windows\System\EpUFBDs.exe
  2⤵
  PID:7848
- C:\Windows\System\zrbFabW.exe
  C:\Windows\System\zrbFabW.exe
  2⤵
  PID:1944
- C:\Windows\System\npOgSFl.exe
  C:\Windows\System\npOgSFl.exe
  2⤵
  PID:2148
- C:\Windows\System\UUclAIw.exe
  C:\Windows\System\UUclAIw.exe
  2⤵
  PID:2780
- C:\Windows\System\czzrjaw.exe
  C:\Windows\System\czzrjaw.exe
  2⤵
  PID:7996
- C:\Windows\System\KjolyXE.exe
  C:\Windows\System\KjolyXE.exe
  2⤵
  PID:8072
- C:\Windows\System\yyzOeGI.exe
  C:\Windows\System\yyzOeGI.exe
  2⤵
  PID:8152
- C:\Windows\System\VbXRaUt.exe
  C:\Windows\System\VbXRaUt.exe
  2⤵
  PID:8132
- C:\Windows\System\WpPvUms.exe
  C:\Windows\System\WpPvUms.exe
  2⤵
  PID:6760
- C:\Windows\System\yACruaf.exe
  C:\Windows\System\yACruaf.exe
  2⤵
  PID:7188
- C:\Windows\System\HvkjoKs.exe
  C:\Windows\System\HvkjoKs.exe
  2⤵
  PID:6784
- C:\Windows\System\XEZHvJi.exe
  C:\Windows\System\XEZHvJi.exe
  2⤵
  PID:7272
- C:\Windows\System\MzMcMdN.exe
  C:\Windows\System\MzMcMdN.exe
  2⤵
  PID:2944
- C:\Windows\System\uFRYTqc.exe
  C:\Windows\System\uFRYTqc.exe
  2⤵
  PID:7224
- C:\Windows\System\BPswCyU.exe
  C:\Windows\System\BPswCyU.exe
  2⤵
  PID:7448
- C:\Windows\System\nYEIsHW.exe
  C:\Windows\System\nYEIsHW.exe
  2⤵
  PID:7512
- C:\Windows\System\AQgHYZz.exe
  C:\Windows\System\AQgHYZz.exe
  2⤵
  PID:7312
- C:\Windows\System\ahQCKbP.exe
  C:\Windows\System\ahQCKbP.exe
  2⤵
  PID:7552
- C:\Windows\System\HzRrkcW.exe
  C:\Windows\System\HzRrkcW.exe
  2⤵
  PID:7648
- C:\Windows\System\GBevMhO.exe
  C:\Windows\System\GBevMhO.exe
  2⤵
  PID:7524
- C:\Windows\System\iaZbILF.exe
  C:\Windows\System\iaZbILF.exe
  2⤵
  PID:7588
- C:\Windows\System\doVSWAZ.exe
  C:\Windows\System\doVSWAZ.exe
  2⤵
  PID:1668
- C:\Windows\System\VaxQTXa.exe
  C:\Windows\System\VaxQTXa.exe
  2⤵
  PID:2684
- C:\Windows\System\QHaHyAR.exe
  C:\Windows\System\QHaHyAR.exe
  2⤵
  PID:1436
- C:\Windows\System\FBTueFc.exe
  C:\Windows\System\FBTueFc.exe
  2⤵
  PID:7776
- C:\Windows\System\PGZauTq.exe
  C:\Windows\System\PGZauTq.exe
  2⤵
  PID:896
- C:\Windows\System\ywcCtcc.exe
  C:\Windows\System\ywcCtcc.exe
  2⤵
  PID:760
- C:\Windows\System\SuRypMO.exe
  C:\Windows\System\SuRypMO.exe
  2⤵
  PID:812
- C:\Windows\System\flzZcBf.exe
  C:\Windows\System\flzZcBf.exe
  2⤵
  PID:8068
- C:\Windows\System\InJQtDG.exe
  C:\Windows\System\InJQtDG.exe
  2⤵
  PID:1632
- C:\Windows\System\bdVSnOI.exe
  C:\Windows\System\bdVSnOI.exe
  2⤵
  PID:7180
- C:\Windows\System\iAdTUke.exe
  C:\Windows\System\iAdTUke.exe
  2⤵
  PID:7092
- C:\Windows\System\eJKcSnX.exe
  C:\Windows\System\eJKcSnX.exe
  2⤵
  PID:8156
- C:\Windows\System\lhtUBFr.exe
  C:\Windows\System\lhtUBFr.exe
  2⤵
  PID:7248
- C:\Windows\System\CTvjVIp.exe
  C:\Windows\System\CTvjVIp.exe
  2⤵
  PID:2452
- C:\Windows\System\pnREZNC.exe
  C:\Windows\System\pnREZNC.exe
  2⤵
  PID:7348
- C:\Windows\System\RgRBzbK.exe
  C:\Windows\System\RgRBzbK.exe
  2⤵
  PID:7372
- C:\Windows\System\jatwYNa.exe
  C:\Windows\System\jatwYNa.exe
  2⤵
  PID:7868
- C:\Windows\System\nhvTWgZ.exe
  C:\Windows\System\nhvTWgZ.exe
  2⤵
  PID:864
- C:\Windows\System\WWGuviQ.exe
  C:\Windows\System\WWGuviQ.exe
  2⤵
  PID:6180
- C:\Windows\System\BwkpnVo.exe
  C:\Windows\System\BwkpnVo.exe
  2⤵
  PID:7684
- C:\Windows\System\xevlige.exe
  C:\Windows\System\xevlige.exe
  2⤵
  PID:2492
- C:\Windows\System\YIUiqlM.exe
  C:\Windows\System\YIUiqlM.exe
  2⤵
  PID:1784
- C:\Windows\System\lqPimYz.exe
  C:\Windows\System\lqPimYz.exe
  2⤵
  PID:7324
- C:\Windows\System\uAtewEO.exe
  C:\Windows\System\uAtewEO.exe
  2⤵
  PID:3044
- C:\Windows\System\YtKiKyl.exe
  C:\Windows\System\YtKiKyl.exe
  2⤵
  PID:7956
- C:\Windows\System\egiOExN.exe
  C:\Windows\System\egiOExN.exe
  2⤵
  PID:8076
- C:\Windows\System\PXlybFw.exe
  C:\Windows\System\PXlybFw.exe
  2⤵
  PID:908
- C:\Windows\System\lmIUzHJ.exe
  C:\Windows\System\lmIUzHJ.exe
  2⤵
  PID:8176
- C:\Windows\System\mnsogzU.exe
  C:\Windows\System\mnsogzU.exe
  2⤵
  PID:8208
- C:\Windows\System\uaXwWqJ.exe
  C:\Windows\System\uaXwWqJ.exe
  2⤵
  PID:8224
- C:\Windows\System\snWTRUp.exe
  C:\Windows\System\snWTRUp.exe
  2⤵
  PID:8240
- C:\Windows\System\oRuRQFW.exe
  C:\Windows\System\oRuRQFW.exe
  2⤵
  PID:8256
- C:\Windows\System\WYZaNJe.exe
  C:\Windows\System\WYZaNJe.exe
  2⤵
  PID:8272
- C:\Windows\System\KWUQxbL.exe
  C:\Windows\System\KWUQxbL.exe
  2⤵
  PID:8292
- C:\Windows\System\zAcjMlE.exe
  C:\Windows\System\zAcjMlE.exe
  2⤵
  PID:8312
- C:\Windows\System\tTwvdOu.exe
  C:\Windows\System\tTwvdOu.exe
  2⤵
  PID:8344
- C:\Windows\System\PrOGOqp.exe
  C:\Windows\System\PrOGOqp.exe
  2⤵
  PID:8384
- C:\Windows\System\lZezbiP.exe
  C:\Windows\System\lZezbiP.exe
  2⤵
  PID:8400
- C:\Windows\System\hhfNIrV.exe
  C:\Windows\System\hhfNIrV.exe
  2⤵
  PID:8416
- C:\Windows\System\HXfxNbQ.exe
  C:\Windows\System\HXfxNbQ.exe
  2⤵
  PID:8432
- C:\Windows\System\iFrtYre.exe
  C:\Windows\System\iFrtYre.exe
  2⤵
  PID:8448
- C:\Windows\System\soplbhg.exe
  C:\Windows\System\soplbhg.exe
  2⤵
  PID:8476
- C:\Windows\System\uyQnvlf.exe
  C:\Windows\System\uyQnvlf.exe
  2⤵
  PID:8532
- C:\Windows\System\gcFEMQd.exe
  C:\Windows\System\gcFEMQd.exe
  2⤵
  PID:8548
- C:\Windows\System\rQvzwyV.exe
  C:\Windows\System\rQvzwyV.exe
  2⤵
  PID:8584
- C:\Windows\System\SBxUZIJ.exe
  C:\Windows\System\SBxUZIJ.exe
  2⤵
  PID:8600
- C:\Windows\System\kgeCuqn.exe
  C:\Windows\System\kgeCuqn.exe
  2⤵
  PID:8616
- C:\Windows\System\GjuUBrs.exe
  C:\Windows\System\GjuUBrs.exe
  2⤵
  PID:8632
- C:\Windows\System\ZOisSsC.exe
  C:\Windows\System\ZOisSsC.exe
  2⤵
  PID:8652
- C:\Windows\System\qYFZbKd.exe
  C:\Windows\System\qYFZbKd.exe
  2⤵
  PID:8668
- C:\Windows\System\keoQHnh.exe
  C:\Windows\System\keoQHnh.exe
  2⤵
  PID:8684
- C:\Windows\System\nLemsEt.exe
  C:\Windows\System\nLemsEt.exe
  2⤵
  PID:8700
- C:\Windows\System\VJnRMfV.exe
  C:\Windows\System\VJnRMfV.exe
  2⤵
  PID:8716
- C:\Windows\System\zQjHsVW.exe
  C:\Windows\System\zQjHsVW.exe
  2⤵
  PID:8732
- C:\Windows\System\ybGCKbF.exe
  C:\Windows\System\ybGCKbF.exe
  2⤵
  PID:8748
- C:\Windows\System\ZFZlMvV.exe
  C:\Windows\System\ZFZlMvV.exe
  2⤵
  PID:8764
- C:\Windows\System\CclxcFf.exe
  C:\Windows\System\CclxcFf.exe
  2⤵
  PID:8792
- C:\Windows\System\hovsePX.exe
  C:\Windows\System\hovsePX.exe
  2⤵
  PID:8808
- C:\Windows\System\FzfGPop.exe
  C:\Windows\System\FzfGPop.exe
  2⤵
  PID:8824
- C:\Windows\System\DnHcJfw.exe
  C:\Windows\System\DnHcJfw.exe
  2⤵
  PID:8840
- C:\Windows\System\xHeKvnD.exe
  C:\Windows\System\xHeKvnD.exe
  2⤵
  PID:8856
- C:\Windows\System\UnUhDYs.exe
  C:\Windows\System\UnUhDYs.exe
  2⤵
  PID:8872
- C:\Windows\System\ZNxVjDt.exe
  C:\Windows\System\ZNxVjDt.exe
  2⤵
  PID:8888
- C:\Windows\System\NCHOhlb.exe
  C:\Windows\System\NCHOhlb.exe
  2⤵
  PID:8904
- C:\Windows\System\DTiVCJL.exe
  C:\Windows\System\DTiVCJL.exe
  2⤵
  PID:8920
- C:\Windows\System\TTTPXaN.exe
  C:\Windows\System\TTTPXaN.exe
  2⤵
  PID:8936
- C:\Windows\System\hIThUwL.exe
  C:\Windows\System\hIThUwL.exe
  2⤵
  PID:8952
- C:\Windows\System\LkyUxSy.exe
  C:\Windows\System\LkyUxSy.exe
  2⤵
  PID:8968
- C:\Windows\System\tHPJBtL.exe
  C:\Windows\System\tHPJBtL.exe
  2⤵
  PID:8984
- C:\Windows\System\qIhHTna.exe
  C:\Windows\System\qIhHTna.exe
  2⤵
  PID:9000
- C:\Windows\System\BNZbOPO.exe
  C:\Windows\System\BNZbOPO.exe
  2⤵
  PID:9016
- C:\Windows\System\KsVIgQm.exe
  C:\Windows\System\KsVIgQm.exe
  2⤵
  PID:9032
- C:\Windows\System\bIxZYol.exe
  C:\Windows\System\bIxZYol.exe
  2⤵
  PID:9048
- C:\Windows\System\QkPVCut.exe
  C:\Windows\System\QkPVCut.exe
  2⤵
  PID:9064
- C:\Windows\System\rqiUljR.exe
  C:\Windows\System\rqiUljR.exe
  2⤵
  PID:9080
- C:\Windows\System\UWtQvxu.exe
  C:\Windows\System\UWtQvxu.exe
  2⤵
  PID:9096
- C:\Windows\System\dJUoKBV.exe
  C:\Windows\System\dJUoKBV.exe
  2⤵
  PID:9112
- C:\Windows\System\ZFYUKXT.exe
  C:\Windows\System\ZFYUKXT.exe
  2⤵
  PID:9176
- C:\Windows\System\dBeIjxq.exe
  C:\Windows\System\dBeIjxq.exe
  2⤵
  PID:9192
- C:\Windows\System\nqJzyLU.exe
  C:\Windows\System\nqJzyLU.exe
  2⤵
  PID:9212
- C:\Windows\System\oOPqUgH.exe
  C:\Windows\System\oOPqUgH.exe
  2⤵
  PID:8268
- C:\Windows\System\YmjNFco.exe
  C:\Windows\System\YmjNFco.exe
  2⤵
  PID:8252
- C:\Windows\System\wbOwkSU.exe
  C:\Windows\System\wbOwkSU.exe
  2⤵
  PID:8320
- C:\Windows\System\WyPAnhK.exe
  C:\Windows\System\WyPAnhK.exe
  2⤵
  PID:8336
- C:\Windows\System\oRFHhco.exe
  C:\Windows\System\oRFHhco.exe
  2⤵
  PID:8372
- C:\Windows\System\rVmJNap.exe
  C:\Windows\System\rVmJNap.exe
  2⤵
  PID:8412
- C:\Windows\System\VkqfLim.exe
  C:\Windows\System\VkqfLim.exe
  2⤵
  PID:8460
- C:\Windows\System\CGBqEWh.exe
  C:\Windows\System\CGBqEWh.exe
  2⤵
  PID:8424
- C:\Windows\System\kSKUVUq.exe
  C:\Windows\System\kSKUVUq.exe
  2⤵
  PID:8492
- C:\Windows\System\irVqxhp.exe
  C:\Windows\System\irVqxhp.exe
  2⤵
  PID:8512
- C:\Windows\System\egdFIVB.exe
  C:\Windows\System\egdFIVB.exe
  2⤵
  PID:8524
- C:\Windows\System\eBVDTCZ.exe
  C:\Windows\System\eBVDTCZ.exe
  2⤵
  PID:8556
- C:\Windows\System\vAIBjwS.exe
  C:\Windows\System\vAIBjwS.exe
  2⤵
  PID:8568
- C:\Windows\System\PwnWTmN.exe
  C:\Windows\System\PwnWTmN.exe
  2⤵
  PID:8592
- C:\Windows\System\DAFVUIt.exe
  C:\Windows\System\DAFVUIt.exe
  2⤵
  PID:8628
- C:\Windows\System\ooNYbme.exe
  C:\Windows\System\ooNYbme.exe
  2⤵
  PID:8692
- C:\Windows\System\bDdwoXQ.exe
  C:\Windows\System\bDdwoXQ.exe
  2⤵
  PID:8644
- C:\Windows\System\thcRBvl.exe
  C:\Windows\System\thcRBvl.exe
  2⤵
  PID:8712
- C:\Windows\System\bZMsqDT.exe
  C:\Windows\System\bZMsqDT.exe
  2⤵
  PID:8756
- C:\Windows\System\norodht.exe
  C:\Windows\System\norodht.exe
  2⤵
  PID:8800
- C:\Windows\System\FFQFpSE.exe
  C:\Windows\System\FFQFpSE.exe
  2⤵
  PID:8816
- C:\Windows\System\zmuiFCu.exe
  C:\Windows\System\zmuiFCu.exe
  2⤵
  PID:8884
- C:\Windows\System\BrdEjOM.exe
  C:\Windows\System\BrdEjOM.exe
  2⤵
  PID:8948
- C:\Windows\System\NzcTeXX.exe
  C:\Windows\System\NzcTeXX.exe
  2⤵
  PID:9008
- C:\Windows\System\mtsLBcv.exe
  C:\Windows\System\mtsLBcv.exe
  2⤵
  PID:9108
- C:\Windows\System\EZvDHLK.exe
  C:\Windows\System\EZvDHLK.exe
  2⤵
  PID:8804
- C:\Windows\System\lxaVCIE.exe
  C:\Windows\System\lxaVCIE.exe
  2⤵
  PID:8868
- C:\Windows\System\bAeqUtL.exe
  C:\Windows\System\bAeqUtL.exe
  2⤵
  PID:8932
- C:\Windows\System\FELYYGC.exe
  C:\Windows\System\FELYYGC.exe
  2⤵
  PID:8996
- C:\Windows\System\DOiOsvJ.exe
  C:\Windows\System\DOiOsvJ.exe
  2⤵
  PID:9060
- C:\Windows\System\MQnTtEw.exe
  C:\Windows\System\MQnTtEw.exe
  2⤵
  PID:9132
- C:\Windows\System\lAvutfZ.exe
  C:\Windows\System\lAvutfZ.exe
  2⤵
  PID:9148
- C:\Windows\System\EuXwKIT.exe
  C:\Windows\System\EuXwKIT.exe
  2⤵
  PID:9164
- C:\Windows\System\dQrBEyE.exe
  C:\Windows\System\dQrBEyE.exe
  2⤵
  PID:8576
- C:\Windows\System\JzfGUFV.exe
  C:\Windows\System\JzfGUFV.exe
  2⤵
  PID:9208
- C:\Windows\System\wXqIRbz.exe
  C:\Windows\System\wXqIRbz.exe
  2⤵
  PID:7624
- C:\Windows\System\vZFLHRx.exe
  C:\Windows\System\vZFLHRx.exe
  2⤵
  PID:1964
- C:\Windows\System\gexsSvP.exe
  C:\Windows\System\gexsSvP.exe
  2⤵
  PID:7408
- C:\Windows\System\kQrhmFW.exe
  C:\Windows\System\kQrhmFW.exe
  2⤵
  PID:1160
- C:\Windows\System\nDdUHrw.exe
  C:\Windows\System\nDdUHrw.exe
  2⤵
  PID:2588
- C:\Windows\System\PweIsvi.exe
  C:\Windows\System\PweIsvi.exe
  2⤵
  PID:8304
- C:\Windows\System\kkjwHFZ.exe
  C:\Windows\System\kkjwHFZ.exe
  2⤵
  PID:8380
- C:\Windows\System\prsVKvI.exe
  C:\Windows\System\prsVKvI.exe
  2⤵
  PID:8236
- C:\Windows\System\uIGIjWv.exe
  C:\Windows\System\uIGIjWv.exe
  2⤵
  PID:8456
- C:\Windows\System\PcMCxYZ.exe
  C:\Windows\System\PcMCxYZ.exe
  2⤵
  PID:8468
- C:\Windows\System\dAhMFnX.exe
  C:\Windows\System\dAhMFnX.exe
  2⤵
  PID:8560
- C:\Windows\System\EgUqrSJ.exe
  C:\Windows\System\EgUqrSJ.exe
  2⤵
  PID:8496
- C:\Windows\System\JHkZlhJ.exe
  C:\Windows\System\JHkZlhJ.exe
  2⤵
  PID:8676
- C:\Windows\System\jiumwoR.exe
  C:\Windows\System\jiumwoR.exe
  2⤵
  PID:8916
- C:\Windows\System\UOROddG.exe
  C:\Windows\System\UOROddG.exe
  2⤵
  PID:8528
- C:\Windows\System\QNrpFEi.exe
  C:\Windows\System\QNrpFEi.exe
  2⤵
  PID:8836
- C:\Windows\System\pORVZHi.exe
  C:\Windows\System\pORVZHi.exe
  2⤵
  PID:8664
- C:\Windows\System\auKoaev.exe
  C:\Windows\System\auKoaev.exe
  2⤵
  PID:8780
- C:\Windows\System\MxVRcdJ.exe
  C:\Windows\System\MxVRcdJ.exe
  2⤵
  PID:8980
- C:\Windows\System\jLsHAbw.exe
  C:\Windows\System\jLsHAbw.exe
  2⤵
  PID:8964
- C:\Windows\System\LwxhgJw.exe
  C:\Windows\System\LwxhgJw.exe
  2⤵
  PID:9028
- C:\Windows\System\rWwvSRc.exe
  C:\Windows\System\rWwvSRc.exe
  2⤵
  PID:9156
- C:\Windows\System\sShLjiL.exe
  C:\Windows\System\sShLjiL.exe
  2⤵
  PID:2988
- C:\Windows\System\CgYXdBk.exe
  C:\Windows\System\CgYXdBk.exe
  2⤵
  PID:6972
- C:\Windows\System\UicVWaY.exe
  C:\Windows\System\UicVWaY.exe
  2⤵
  PID:1768
- C:\Windows\System\NRirJpl.exe
  C:\Windows\System\NRirJpl.exe
  2⤵
  PID:8232
- C:\Windows\System\qgSmyQm.exe
  C:\Windows\System\qgSmyQm.exe
  2⤵
  PID:8300
- C:\Windows\System\UeBZaOM.exe
  C:\Windows\System\UeBZaOM.exe
  2⤵
  PID:8308
- C:\Windows\System\bhfeYGC.exe
  C:\Windows\System\bhfeYGC.exe
  2⤵
  PID:8520
- C:\Windows\System\aCrxXld.exe
  C:\Windows\System\aCrxXld.exe
  2⤵
  PID:8660
- C:\Windows\System\lOgupEy.exe
  C:\Windows\System\lOgupEy.exe
  2⤵
  PID:9040
- C:\Windows\System\TvcdrFo.exe
  C:\Windows\System\TvcdrFo.exe
  2⤵
  PID:9188
- C:\Windows\System\enLalLN.exe
  C:\Windows\System\enLalLN.exe
  2⤵
  PID:9144
- C:\Windows\System\aSDlsLJ.exe
  C:\Windows\System\aSDlsLJ.exe
  2⤵
  PID:8368
- C:\Windows\System\GEDpvhj.exe
  C:\Windows\System\GEDpvhj.exe
  2⤵
  PID:8788
- C:\Windows\System\JoNwuEz.exe
  C:\Windows\System\JoNwuEz.exe
  2⤵
  PID:8288
- C:\Windows\System\elcHPzp.exe
  C:\Windows\System\elcHPzp.exe
  2⤵
  PID:1796
- C:\Windows\System\eMIkftD.exe
  C:\Windows\System\eMIkftD.exe
  2⤵
  PID:8200
- C:\Windows\System\pcNxmdb.exe
  C:\Windows\System\pcNxmdb.exe
  2⤵
  PID:8596
- C:\Windows\System\iCzxsHK.exe
  C:\Windows\System\iCzxsHK.exe
  2⤵
  PID:8396
- C:\Windows\System\WJGJwtf.exe
  C:\Windows\System\WJGJwtf.exe
  2⤵
  PID:8740
- C:\Windows\System\KQZfzxz.exe
  C:\Windows\System\KQZfzxz.exe
  2⤵
  PID:9204
- C:\Windows\System\ZjhKysd.exe
  C:\Windows\System\ZjhKysd.exe
  2⤵
  PID:9236
- C:\Windows\System\hBwuFlq.exe
  C:\Windows\System\hBwuFlq.exe
  2⤵
  PID:9252
- C:\Windows\System\ZjDZEOr.exe
  C:\Windows\System\ZjDZEOr.exe
  2⤵
  PID:9272
- C:\Windows\System\CiYYqUi.exe
  C:\Windows\System\CiYYqUi.exe
  2⤵
  PID:9288
- C:\Windows\System\nMMOxyR.exe
  C:\Windows\System\nMMOxyR.exe
  2⤵
  PID:9304
- C:\Windows\System\BzranzF.exe
  C:\Windows\System\BzranzF.exe
  2⤵
  PID:9320
- C:\Windows\System\wGSBVMa.exe
  C:\Windows\System\wGSBVMa.exe
  2⤵
  PID:9336
- C:\Windows\System\yyHrCmI.exe
  C:\Windows\System\yyHrCmI.exe
  2⤵
  PID:9356
- C:\Windows\System\fXtHCBU.exe
  C:\Windows\System\fXtHCBU.exe
  2⤵
  PID:9372
- C:\Windows\System\JweCcaF.exe
  C:\Windows\System\JweCcaF.exe
  2⤵
  PID:9388
- C:\Windows\System\oHojxOi.exe
  C:\Windows\System\oHojxOi.exe
  2⤵
  PID:9404
- C:\Windows\System\vFYmkkV.exe
  C:\Windows\System\vFYmkkV.exe
  2⤵
  PID:9420
- C:\Windows\System\gQWdcqO.exe
  C:\Windows\System\gQWdcqO.exe
  2⤵
  PID:9436
- C:\Windows\System\YhmNktt.exe
  C:\Windows\System\YhmNktt.exe
  2⤵
  PID:9452
- C:\Windows\System\tsPEFAc.exe
  C:\Windows\System\tsPEFAc.exe
  2⤵
  PID:9468
- C:\Windows\System\KjkhRWe.exe
  C:\Windows\System\KjkhRWe.exe
  2⤵
  PID:9484
- C:\Windows\System\AbSlpYR.exe
  C:\Windows\System\AbSlpYR.exe
  2⤵
  PID:9500
- C:\Windows\System\jKGzsLf.exe
  C:\Windows\System\jKGzsLf.exe
  2⤵
  PID:9520
- C:\Windows\System\deKmVJN.exe
  C:\Windows\System\deKmVJN.exe
  2⤵
  PID:9540
- C:\Windows\System\tqmChSU.exe
  C:\Windows\System\tqmChSU.exe
  2⤵
  PID:9560
- C:\Windows\System\HXhgPXY.exe
  C:\Windows\System\HXhgPXY.exe
  2⤵
  PID:9576
- C:\Windows\System\fEExblw.exe
  C:\Windows\System\fEExblw.exe
  2⤵
  PID:9592
- C:\Windows\System\DxiSTTY.exe
  C:\Windows\System\DxiSTTY.exe
  2⤵
  PID:9608
- C:\Windows\System\dzGALrz.exe
  C:\Windows\System\dzGALrz.exe
  2⤵
  PID:9624
- C:\Windows\System\eRQsAPZ.exe
  C:\Windows\System\eRQsAPZ.exe
  2⤵
  PID:9640
- C:\Windows\System\twkbfca.exe
  C:\Windows\System\twkbfca.exe
  2⤵
  PID:9656
- C:\Windows\System\vnDkKdB.exe
  C:\Windows\System\vnDkKdB.exe
  2⤵
  PID:9672
- C:\Windows\System\RIFYIrF.exe
  C:\Windows\System\RIFYIrF.exe
  2⤵
  PID:9688
- C:\Windows\System\XfKTGsQ.exe
  C:\Windows\System\XfKTGsQ.exe
  2⤵
  PID:9704
- C:\Windows\System\JfjanNv.exe
  C:\Windows\System\JfjanNv.exe
  2⤵
  PID:9720
- C:\Windows\System\coZNXSE.exe
  C:\Windows\System\coZNXSE.exe
  2⤵
  PID:9736
- C:\Windows\System\EHGpwGx.exe
  C:\Windows\System\EHGpwGx.exe
  2⤵
  PID:9752
- C:\Windows\System\wOwYKZN.exe
  C:\Windows\System\wOwYKZN.exe
  2⤵
  PID:9768
- C:\Windows\System\ViHIIRs.exe
  C:\Windows\System\ViHIIRs.exe
  2⤵
  PID:9788
- C:\Windows\System\eJznRkX.exe
  C:\Windows\System\eJznRkX.exe
  2⤵
  PID:9804
- C:\Windows\System\sNbMGSo.exe
  C:\Windows\System\sNbMGSo.exe
  2⤵
  PID:9820
- C:\Windows\System\bAPJlNW.exe
  C:\Windows\System\bAPJlNW.exe
  2⤵
  PID:9836
- C:\Windows\System\lYRbyBd.exe
  C:\Windows\System\lYRbyBd.exe
  2⤵
  PID:9852
- C:\Windows\System\dOkuuNY.exe
  C:\Windows\System\dOkuuNY.exe
  2⤵
  PID:9868
- C:\Windows\System\bYUSTBQ.exe
  C:\Windows\System\bYUSTBQ.exe
  2⤵
  PID:9884
- C:\Windows\System\eXTpZZw.exe
  C:\Windows\System\eXTpZZw.exe
  2⤵
  PID:9900
- C:\Windows\System\fTfEITc.exe
  C:\Windows\System\fTfEITc.exe
  2⤵
  PID:9916
- C:\Windows\System\RIjYcRk.exe
  C:\Windows\System\RIjYcRk.exe
  2⤵
  PID:9932
- C:\Windows\System\pRJbnsI.exe
  C:\Windows\System\pRJbnsI.exe
  2⤵
  PID:9948
- C:\Windows\System\PKcxQHM.exe
  C:\Windows\System\PKcxQHM.exe
  2⤵
  PID:9964
- C:\Windows\System\yKlPBhs.exe
  C:\Windows\System\yKlPBhs.exe
  2⤵
  PID:9988
- C:\Windows\System\YZjNRZD.exe
  C:\Windows\System\YZjNRZD.exe
  2⤵
  PID:10004
- C:\Windows\System\MfEKsZU.exe
  C:\Windows\System\MfEKsZU.exe
  2⤵
  PID:10020
- C:\Windows\System\wIGqhVY.exe
  C:\Windows\System\wIGqhVY.exe
  2⤵
  PID:10036
- C:\Windows\System\XhPRPgE.exe
  C:\Windows\System\XhPRPgE.exe
  2⤵
  PID:10052
- C:\Windows\System\DRTDxAt.exe
  C:\Windows\System\DRTDxAt.exe
  2⤵
  PID:10068
- C:\Windows\System\BTNhKsq.exe
  C:\Windows\System\BTNhKsq.exe
  2⤵
  PID:10084
- C:\Windows\System\xIEOHVG.exe
  C:\Windows\System\xIEOHVG.exe
  2⤵
  PID:10100
- C:\Windows\System\jRgieOr.exe
  C:\Windows\System\jRgieOr.exe
  2⤵
  PID:10120
- C:\Windows\System\pzrEbFT.exe
  C:\Windows\System\pzrEbFT.exe
  2⤵
  PID:10136
- C:\Windows\System\fpMydAk.exe
  C:\Windows\System\fpMydAk.exe
  2⤵
  PID:10152
- C:\Windows\System\TTdjUjZ.exe
  C:\Windows\System\TTdjUjZ.exe
  2⤵
  PID:10168
- C:\Windows\System\XvpkFYN.exe
  C:\Windows\System\XvpkFYN.exe
  2⤵
  PID:10184
- C:\Windows\System\sANPBPa.exe
  C:\Windows\System\sANPBPa.exe
  2⤵
  PID:10200
- C:\Windows\System\sXBpgdl.exe
  C:\Windows\System\sXBpgdl.exe
  2⤵
  PID:10216
- C:\Windows\System\aEMcNWM.exe
  C:\Windows\System\aEMcNWM.exe
  2⤵
  PID:10232
- C:\Windows\System\HdQnrsD.exe
  C:\Windows\System\HdQnrsD.exe
  2⤵
  PID:8356
- C:\Windows\System\OhMTRVX.exe
  C:\Windows\System\OhMTRVX.exe
  2⤵
  PID:9264
- C:\Windows\System\RrxUBHW.exe
  C:\Windows\System\RrxUBHW.exe
  2⤵
  PID:8776
- C:\Windows\System\QbVXNdW.exe
  C:\Windows\System\QbVXNdW.exe
  2⤵
  PID:9244
- C:\Windows\System\WwHrqfK.exe
  C:\Windows\System\WwHrqfK.exe
  2⤵
  PID:9328
- C:\Windows\System\GDbnOgL.exe
  C:\Windows\System\GDbnOgL.exe
  2⤵
  PID:9368
- C:\Windows\System\dOANfzh.exe
  C:\Windows\System\dOANfzh.exe
  2⤵
  PID:9432
- C:\Windows\System\hhlXDzc.exe
  C:\Windows\System\hhlXDzc.exe
  2⤵
  PID:9496
- C:\Windows\System\riIXGSU.exe
  C:\Windows\System\riIXGSU.exe
  2⤵
  PID:9448
- C:\Windows\System\IEpuXJp.exe
  C:\Windows\System\IEpuXJp.exe
  2⤵
  PID:9380
- C:\Windows\System\dNKlIGr.exe
  C:\Windows\System\dNKlIGr.exe
  2⤵
  PID:9416
- C:\Windows\System\hFyOSTv.exe
  C:\Windows\System\hFyOSTv.exe
  2⤵
  PID:9512
- C:\Windows\System\DMnEmms.exe
  C:\Windows\System\DMnEmms.exe
  2⤵
  PID:9552
- C:\Windows\System\MclBgPl.exe
  C:\Windows\System\MclBgPl.exe
  2⤵
  PID:9568
- C:\Windows\System\FuKSTGO.exe
  C:\Windows\System\FuKSTGO.exe
  2⤵
  PID:9616
- C:\Windows\System\udsjqRg.exe
  C:\Windows\System\udsjqRg.exe
  2⤵
  PID:9680
- C:\Windows\System\FurGoNH.exe
  C:\Windows\System\FurGoNH.exe
  2⤵
  PID:9744
- C:\Windows\System\WisCrLr.exe
  C:\Windows\System\WisCrLr.exe
  2⤵
  PID:9636
- C:\Windows\System\CoUKOLD.exe
  C:\Windows\System\CoUKOLD.exe
  2⤵
  PID:9776
- C:\Windows\System\ndPGWfa.exe
  C:\Windows\System\ndPGWfa.exe
  2⤵
  PID:9816
- C:\Windows\System\pXAjdHs.exe
  C:\Windows\System\pXAjdHs.exe
  2⤵
  PID:9880
- C:\Windows\System\KoPsMeV.exe
  C:\Windows\System\KoPsMeV.exe
  2⤵
  PID:9796
- C:\Windows\System\zQzeHDi.exe
  C:\Windows\System\zQzeHDi.exe
  2⤵
  PID:9828
- C:\Windows\System\NhjKLcj.exe
  C:\Windows\System\NhjKLcj.exe
  2⤵
  PID:9892
- C:\Windows\System\teIlGcU.exe
  C:\Windows\System\teIlGcU.exe
  2⤵
  PID:9924
- C:\Windows\System\Caenafy.exe
  C:\Windows\System\Caenafy.exe
  2⤵
  PID:9712
- C:\Windows\System\pYEeZmv.exe
  C:\Windows\System\pYEeZmv.exe
  2⤵
  PID:9516
- C:\Windows\System\ehuhgbb.exe
  C:\Windows\System\ehuhgbb.exe
  2⤵
  PID:9912
- C:\Windows\System\ZeGJhHQ.exe
  C:\Windows\System\ZeGJhHQ.exe
  2⤵
  PID:10272
- C:\Windows\System\jCqyPOJ.exe
  C:\Windows\System\jCqyPOJ.exe
  2⤵
  PID:10300
- C:\Windows\System\IhzWOul.exe
  C:\Windows\System\IhzWOul.exe
  2⤵
  PID:10324
- C:\Windows\System\IUySpXy.exe
  C:\Windows\System\IUySpXy.exe
  2⤵
  PID:10340
- C:\Windows\System\HUJpcha.exe
  C:\Windows\System\HUJpcha.exe
  2⤵
  PID:10360
- C:\Windows\System\RTZojeX.exe
  C:\Windows\System\RTZojeX.exe
  2⤵
  PID:10384
- C:\Windows\System\ghxgsAz.exe
  C:\Windows\System\ghxgsAz.exe
  2⤵
  PID:10428
- C:\Windows\System\EERvDtA.exe
  C:\Windows\System\EERvDtA.exe
  2⤵
  PID:10448
- C:\Windows\System\qyWkPFh.exe
  C:\Windows\System\qyWkPFh.exe
  2⤵
  PID:10500
- C:\Windows\System\NHjmjKO.exe
  C:\Windows\System\NHjmjKO.exe
  2⤵
  PID:10516
- C:\Windows\System\imHYKbG.exe
  C:\Windows\System\imHYKbG.exe
  2⤵
  PID:10532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CWvuMpU.exe

Filesize
6.0MB

MD5
1702d5eebe1dc2209181e98e7fc19ee3

SHA1
11f6e40c0938e03ed7fb047d5cffeb51d629c1a0

SHA256
6121579a6eb7adf5b5cfbb37f48189b95d0b79135dcf79954adffbeda2ff6f2d

SHA512
5abaae4e590f8266c221055f7b20799348e9c7eb179f59be90d7d9bc1f9256807c26bc0df734ee60a95a42e53b6a0aa2cd2eee9310f73b7e61834223e18da838

Download Submit
C:\Windows\system\FjrvxaS.exe

Filesize
6.0MB

MD5
b4463cf44a6d45d3a69f361045430e17

SHA1
bf94138b0fccad089c8eb5b02088fddb5563e60d

SHA256
308a6c57059196a8c0a409bd88fb3bb16e8b3ec1de58bd0aef8505aaab311b75

SHA512
866d1f4f4263668b18b87a04ba4e5150a12e6362cc3874f615eca9acc3de4e374c1a0c51df8f00e37307db99873ab9961551553b955d2c7e11ea1c0587ae9440

Download Submit
C:\Windows\system\JNCLGjY.exe

Filesize
6.0MB

MD5
094d6fdc22827fa271269026da568510

SHA1
03f93fce01373274c2d11435ba3fe017348989cc

SHA256
3a8c55ed59e030578120609a6f2b474b4f9e0e772e8c666c045de1f7d1ae8935

SHA512
fe6693c563de9b34f2e78b4b2272704859d3bde91119c8e8f09cc7620bbe859da643adc7fff129ca309fde30a923c97129af7c611c8b4460eb1d2ce83faca099

Download Submit
C:\Windows\system\JRlHnhx.exe

Filesize
6.0MB

MD5
7045173e7b058271c2c8d0677e8565e9

SHA1
aeaf32668ffca91544da14583fb8e742f0733156

SHA256
a8300889d74e976edfe2b5f94b8cf2138a073306d97ec82d6adf36fd9c4e8ae7

SHA512
be0012b3830f094b8034e4667c92f9aaf335cd44044273bd24a71c28acc9da4a4a3d393ae5b78e95c412d8a129162caae2967a83f3b21affd2024e0eee892010

Download Submit
C:\Windows\system\JwsVRdy.exe

Filesize
6.0MB

MD5
fc49cd01098462229e1efa55d0ae1967

SHA1
ccea70210c9c176d2148987739c9c224cfb6e74f

SHA256
4db30c6f94b5bd28e2702a682c9962f01f2d56cb831ce2cac44f2d543777ee7b

SHA512
1a8b9fbd5f2b1a97632c57e99edb09f87fc612d2e23a621c61c066b76aa46d4627448bcd01bdef7cd1455a8ee0bea715dc5021b2393365019ae9f362b50367ef

Download Submit
C:\Windows\system\KtJQHtU.exe

Filesize
6.0MB

MD5
29bdba73511172e68a743f0697017d49

SHA1
8572ba773c012ce0e069513fd24a4995578cb110

SHA256
4d3733e88cfddf360d24e1c0c0bec1173f5c61f20b4402d8de9917cab5d44cdf

SHA512
be40b3e8dadb4d4d39d62ccccfcf40559aa870ccdef089d136a15127c263c77652b1a871fca76948f94d702938448b03415144ce54dc2d9d5917b589140b407f

Download Submit
C:\Windows\system\OZQuGyt.exe

Filesize
6.0MB

MD5
f5d014e24c2ee2b1c1c916a915cb69fc

SHA1
379be031cf4595cf23985c9389fe68926c17faed

SHA256
f1fef1aae0876a083131c908b8acc8e81e15690fc9aa2b641dc298a4c8e9b402

SHA512
3fdbaa30e0a0c6a6871a23a87b88245b1e795ebbc90951ab78f4c2d625229247f769a9200386464bc1da59fa9c2e59362a4b6149a8bfd4bac76ccc25108f8e2e

Download Submit
C:\Windows\system\VCPWyCK.exe

Filesize
6.0MB

MD5
71abb0ab81f9a8f2395df64df55d1512

SHA1
c701e4728c462d0099db4f57c41792960817a025

SHA256
31fdd83221490536d2a63642eab7716b2df6a44949d3c7b5093822b3478072ba

SHA512
39db1e2eb1ca3c5e9686831bde4d1946bf744f80710b3ba548f07d8e330ac6a5997b54f69b173c43fc8ecdf723f9892817eee1792c917f61d7601876d2c033d0

Download Submit
C:\Windows\system\XEMhNFE.exe

Filesize
6.0MB

MD5
14803d488c822a880bb2dabe0400a6c7

SHA1
965af218166fc3a02ddc4e7ed713fa7bb9bbb048

SHA256
9716ba4acc86291ca2bad2b5f661d5455e636de42e3f7326c35595fb9e6b7aef

SHA512
094f7f0c43b80bcef9a41dd3a8010341c0a7fed9fb58c0b43e2a6395b380c8f12a59456277aa2af3ccf040d5453b85c4ae98bef80411a33c2da3c5b3d8d22302

Download Submit
C:\Windows\system\XYPFQFc.exe

Filesize
6.0MB

MD5
45d51cadb5a14c3f799614da0019ef50

SHA1
33aec1f2eef933aeaf31a45eb28a6f6cee10b525

SHA256
ceff6a952984e4d2d95cb5d4a2c86e30f333817d7689abfb10b91d8493a7d37a

SHA512
5fef4cd4893902a437b307d817f73843171f0eef5133a5e885f2893635f90331df80b604782a39840b5ad43d6ee43fd58aa3d01b20362ffaf6ca2e8c6349d613

Download Submit
C:\Windows\system\aLUCNkA.exe

Filesize
6.0MB

MD5
0b9c6a7176018faa11bf3efc62d319ae

SHA1
b914bbcc8022866f68e8c077467b94320fa97795

SHA256
0b2e2f6d055264da72e1ac524951c42c9f6749dfac2de203ef4d53b1ba334429

SHA512
dac898194cfd4a00c2d9f43b589727ab93f4de3b06fabb0f0c266162c26f548b2dacbd391835dbccefaaa712970f5fdd54eb5a4e8a40e20ded0d60a976b95d4d

Download Submit
C:\Windows\system\bGbGRDr.exe

Filesize
6.0MB

MD5
8a4bf6e474eba44e1c5e0d1120c57c51

SHA1
7c28c2aa0d9d60b31ccf7d561e2eb8ec42461bd9

SHA256
525201245f298b41b5cc35110564251e0bc5b1a6db44561942c78e67f9ac259b

SHA512
817ba02f7fb78392db88dbe584182cf2a20e1ada6e96c7ff3623f964e87bd05e5c30b47891a4d9ad9cf25857fb05794acc4da9028d6483b6e855bc5c04df1893

Download Submit
C:\Windows\system\bkwuDtv.exe

Filesize
6.0MB

MD5
b63e398e4f049722e6a6b68ba2cc7438

SHA1
aab030ad004643e06f9d115fd02923d2628f27fa

SHA256
4e3b16f8cb56a62ab7e2f7763ff11a6eb9c3e9093dd66a4e08e87fb1e7f29ca7

SHA512
054035dfeabf2604efd3ed6d832fecb8eda952d38b5ba783fc44ab51e781394f42345f6d0dc52be7ebe7cab597d40b293c30e1d75df813d5dba0918aefc33a6a

Download Submit
C:\Windows\system\eRrZvcn.exe

Filesize
6.0MB

MD5
3bac599e0654c21dd78453402fdddb63

SHA1
9018596a88725ca4518950db0da46c460bda6b5c

SHA256
63e96f788d51b2f06afbac6a456836216eeb84edda12bca6381952eac193d906

SHA512
b0cd7d79dbe0e591eb0139ca3837265ff051d94a056be09dacaee5a982042ec3874db5f26daeca909c09d9090ac996798c5522e1a71548469fe807ec5496b947

Download Submit
C:\Windows\system\fFjAzCj.exe

Filesize
6.0MB

MD5
e909cd4bf3a5e92fef7a79cc9c262d19

SHA1
cdbba7a930279366e7e41bccb69725e0b9b3f534

SHA256
033e00f2e625a8ecde0f6a68b9894128b7ae6757f43ef1f35eefe8b379521993

SHA512
8f0f04708975a0dd251e9a416fb8de679ea6a085f1a3dc3d53a5d46dec1e5fafee329f7975ba91aed1b61f8ea728c4c114768a9ea787b6d1d52fbd44a57a30d2

Download Submit
C:\Windows\system\fcViOVm.exe

Filesize
6.0MB

MD5
da3f2ccc91a7a8d4ea01e64d21874e56

SHA1
2ac7bd5e1a0ea203e4d8c8d3c0d54bceacef38e1

SHA256
203347edae3d1eb4aa3bee56a9010ff3544a4cf7ca06f945e6f184916b1e1f85

SHA512
07556bef6bd419824b63e975af08a8ad8477d2fc6682c437daf58f00ed5b259452e3ff6073fb110bb24a040dad9c20f43373d071e09b00b5accb7756473ea6f1

Download Submit
C:\Windows\system\gFwtUsE.exe

Filesize
6.0MB

MD5
5d9e19b36f70313d671bb0cf9997cd5c

SHA1
60b606c3ae2b5d2864bc06ee1680048dcb38409d

SHA256
2558569e3c4630fd29e3bbd7435f8863fd6547d2e23019b7bb611d2a3affc21e

SHA512
1ab5aa3cdec8985ec1c16f5015ef6d238c349cc7c64b4b1b4d817eb437653bde940d7b4891e09002d75323625a5f451279e93caf81a32bfd91de2e66b146d3de

Download Submit
C:\Windows\system\hSzDXfI.exe

Filesize
6.0MB

MD5
257200db28a10a7efc6a70103a863ef4

SHA1
ee10c7334491f582e8aba7c23f993526d6cbb4ab

SHA256
8c1ba25768dc703d02417319e3bc048989fbfb6b8d0fff8a68c7025379dd2814

SHA512
11b404ba980a98d9d6b27af64965e6c16108aafae4115e2dd5827d25a50f47d556096157f015a3a42aef94ef8b0d78b2ef55d1491c8797322d9f96ad9428d674

Download Submit
C:\Windows\system\hXnXWuD.exe

Filesize
6.0MB

MD5
0b4d32bd0a02f72d7fefdf752cd057bf

SHA1
ba249d4bd96872d7e7f70ca17a9de345e9e39834

SHA256
b172fa294b16f623b41c931ae42106dfc29d97cde0902b7d3ff6a324e34029e5

SHA512
a89cee99bfaca78a1e98f03d0df7bf19de364bde95e17546088ab59bda3896b1093e4a930b96130432f6e79b1f284914aa50d30cc124fa0d2749b0eaa097239f

Download Submit
C:\Windows\system\htPwbEp.exe

Filesize
6.0MB

MD5
ff312774e038e82c509eb578aa8c8467

SHA1
93e1f77a05b23a71c66e16da478ec673e35bc8b1

SHA256
e3b40be4e164a1413dac671de3b636f0ae4561a38823da0aebaaeb8e370992ba

SHA512
9c37b626fcbeba0cc7c2493f55b3b5300ad0c58c2f6958ee8317acaec586bfa4bc01dcbb9747f6f5de255f9172e5743a08c8fc76561cffb33eb250f586eb97bf

Download Submit
C:\Windows\system\kNQCWXe.exe

Filesize
6.0MB

MD5
30dad46fb65482e18f86e44a4831631b

SHA1
8d1a9dee49a10fa81083aa0f04a6897ec101c9c4

SHA256
22ced2c9801ceed1aed647f87bd265a2f4d6d11600a7d7ce62fa9c789ab9b72b

SHA512
c906bb9357b24690a8352dfcc3f5f1c3ac9a323511d0af2d1377e91aef038284da75c1567d430a87a984bc86ec15570149ee614f0a09741a493127c30a66e927

Download Submit
C:\Windows\system\lAtJJrG.exe

Filesize
6.0MB

MD5
6ec2be15bd2d6b2193c03db9c12399d1

SHA1
011a4c2187d2dd9c53e9794d2661407bfe0ffd62

SHA256
7d812c3cb28766fc3ba6d9fe93de622bab66ed90613af1fe6dd73cb4bc1d57f6

SHA512
ab18c899aec47275081f9b8dce670d6b42bf86878c92552fecccad27009b9b23d4a44d9649d986ef7224c8420a41a088bb1bcdd94ddd3f244963da6217c57431

Download Submit
C:\Windows\system\rcKlCaL.exe

Filesize
6.0MB

MD5
53fc3d5ca3be521136663ca8fe15183c

SHA1
86e76d7a74cd6d3ea5872cd68672a8c8d89b1927

SHA256
50d6341d6cbfb2a2f60fb348d5670bcbed25fbe1bea1fbd5ce207382c7fea253

SHA512
33127247478333a5eeadd8aeedf493a4102d48f9373b2b005fdb62c299c430168669916bc41166e37b07305a74c558b47dd8bca295668b0c5dc13969a8a5a343

Download Submit
C:\Windows\system\sDhnMjJ.exe

Filesize
6.0MB

MD5
67a2541fbc3e49659cf46bb9ba2f137b

SHA1
63bc3407aedb2cbf5364b1900389aee80bf1d0b2

SHA256
6240685f13ad9e28dd5248dbd9efdca42935b4af3f175a2bdac92701b57b59c0

SHA512
a3e6f54a1a169bfa8bee23e0ab4bcd5ecadc9a70c70e0b98f97a4a70ab767741af0c6923a0995511520f7b13957d067e990b13c4714ab41e139ce7a49e7f2917

Download Submit
C:\Windows\system\tIJVvVO.exe

Filesize
6.0MB

MD5
838f803c5d40b1e0b7d9f2f91cec5a5a

SHA1
96cad34079ee409f17413c0b71bf13b1af093fa8

SHA256
fdb63c8abcc4e4abb69aa99da09758c9b9d660b7496dd7fb913b32ddd4b712dc

SHA512
33b99cda6d2e64b44fafed1faf9d1ebafcde1c0e8674a4437d7a5f59b90a97fc7edc11962a405491df6ec80a1d3fb55d23d7cf17dc1aacd9ce858be0d2f3ec8f

Download Submit
C:\Windows\system\twwVQOt.exe

Filesize
6.0MB

MD5
363147954bd9d0eb0d830be28dd88f60

SHA1
c6eebc3bc6957634868767971ef3a31085486423

SHA256
98366d930efef422949f529a3d2145bbf6c77d3929f95c71d2d201d84c159661

SHA512
640c9d004adacce00232dc02d10a8469fe41346bbc7faac448154a24a1ccc2f60341393a742a60a3e91811fb0b41ca7ea4f318619fc61a9bbace40fcdd025e50

Download Submit
C:\Windows\system\xtNdkBt.exe

Filesize
6.0MB

MD5
6d494b87523f5c75f5d5d8148b5fd061

SHA1
87b9bc7bf76885ad9baf1a862380e14e3b401b50

SHA256
c32f56af70207db6ca595bd6c8cf8aa3d81b09908992711e48b90bb2c131a80a

SHA512
5703ad8e7fc9275d5ed49017c2585f536d5d29dd3be9bc767ad1560d95f6f2f199f89acf54251293ea45692dae9a66d4c2e28090cee131174794c5eea47de200

Download Submit
\Windows\system\FTGITJT.exe

Filesize
6.0MB

MD5
348af0c07ca2d5b485028dc684a9e525

SHA1
4993ed554b3d5f94d1c2b25652e78cfe59548505

SHA256
374891d40e47a5ae7aa5655535d985cacb44f23be1bf8f9e528b158eef9aab18

SHA512
42d831fe4f50361b180bc5309327f6099ceb63090c5511f76e956709e0bebf095198706b78ff0825655c242df82b6f7d9a41d0912a809c272ac47ed7d6b24927

Download Submit
\Windows\system\FeRJmJa.exe

Filesize
6.0MB

MD5
affff428319b4b4f4e34f24915d5d139

SHA1
addb176a161990f8b0978313815d4ae6091c451d

SHA256
ff248a03b506aeeba2ef524bf8e68b456cf98f260646723ef06002d10d61219b

SHA512
b63b86d4f5b03a54cac4994afe8681731ffbef67e68e303a3bf6f6a54145c3508dd139350307e909e89776a1d30fbb920beb0e64849763ccd0c4eeaf8ef8124d

Download Submit
\Windows\system\LZFHTbW.exe

Filesize
6.0MB

MD5
ee02b8c0c484ac0eb56d2e87d4c633b0

SHA1
78f38f24716d7d7a225a6e70af29a82f1489fd9a

SHA256
bfc4624c6aeccf6a02a82e86f595a217ab5084461f6a9479f5f4d39bd8b52423

SHA512
ae88ecce0a1fb216557fc24f07c0f9f408a7229c57955adbdbedb80d4cf912b154b0b64344305db3f0aa14fbb62b1c1d60465c4d1b0950c15d6ad80b8a1f5c97

Download Submit
\Windows\system\ZNyoump.exe

Filesize
6.0MB

MD5
0f27e2d773864c315674e4fcaf91a3f6

SHA1
afc25411c0a9d4414495f91d3f9d422c320ffc3f

SHA256
acd1e3d5cd13bf0c22a86cc9f09c08cbf91341cce22d3ce627175832e5065f21

SHA512
4c7a52ddb421e2d2a722baf2bffc0cc9fe98a01db39fd1e64890ca315b84980e230647049a3e103681aa22a0a47beb1981887317c4f733427fbee3780a7da01e

Download Submit
\Windows\system\mPInLuj.exe

Filesize
6.0MB

MD5
dc07355709e7ec1c6c54711d3625fe36

SHA1
1ef41164ae2fde3d8ffc7866cf65081770d98652

SHA256
ec2879b5d69d01da6acfbba9c5ecfe197efce05067f8b339322cbc98d4a4505d

SHA512
ade5e1d1ae6e0f417f6a6c840abe67ef5a47c2687677fa7bd0173d7771bcf1bfe91c49478619e83f14e8e3e7155b4e27399b22690d1dc4fc7237067eb40c9733

Download Submit
\Windows\system\olZSalc.exe

Filesize
6.0MB

MD5
1c54a4e3f781b071497a6bf2a4a5039e

SHA1
ed0beb991f51d41343c800d22030343fcdb59f7e

SHA256
e38ae3d01ec9eaebf40d2cb59fe47cce05bd4e7fc2cb3e27115e30c017512058

SHA512
e3de14a5c1a35e556305a76cccd5bf1b96a7c632553a6cc12ea8b856645ab1da3dd6e719735d54402023949237f8671f47d526a08f0988106ccbc789d1736672

Download Submit
\Windows\system\rnNfZcr.exe

Filesize
6.0MB

MD5
6103b169af8182182d52d7c44416ca3f

SHA1
6fba741e1a7df71d4b6553730db65ac4bf2e752e

SHA256
848276bd3a9fd226257dee5e05eb8d670c4f3092a52e938c599521c140dcbe5f

SHA512
a5d17a5e2e81114edbc851b0e0eddc138aa13364584c7057b4eb3895a8604d09e27aaaa17366c88e912540f5f72f022a8aeca567339df168cac16372de58f475

Download Submit
memory/1696-23-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1696-2217-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1696-2218-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/1696-35-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1696-21-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/1696-0-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/1696-2751-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/1696-15-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1696-2752-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1696-2316-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/1696-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1956-4045-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-26-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-4046-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-24-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-25-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2440-4052-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2624-28-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4148-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4149-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-4049-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2748-41-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2748-4047-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2832-4057-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2924-2305-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download