cobaltstrike | 389b1fb22ad042d6f1561939d07f973a2665010c19ca35e74921009804d99708

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22/01/2025, 19:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

15b364e6fa76398470177498f0923c01
SHA1

92b1def14e5a128ff4c4383d3a8f0fa4b78fa4f6
SHA256

389b1fb22ad042d6f1561939d07f973a2665010c19ca35e74921009804d99708
SHA512

b88a401a8f78f01d7671c2351961c202fa694f1d808941aa4b93d4d49c55f71ba4900433e0698830a58415eebcb4613df52a5c1716df603759fb44288d18973e
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUN:T+q56utgpPF8u/7N

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0016000000018657-12.dat	cobalt_reflective_dll
behavioral1/files/0x000f000000018662-19.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878d-30.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000190c6-38.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d20-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9f-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a067-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07b-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb9-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019da4-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42b-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a345-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a431-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42f-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a1-114.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017474-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48e-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48c-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4aa-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a434-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49c-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46a-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db8-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d44-63.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000191fd-55.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000190c9-51.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001867d-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000012101-6.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2204-0-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x0016000000018657-12.dat	xmrig
behavioral1/memory/1936-14-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/files/0x000f000000018662-19.dat	xmrig
behavioral1/memory/2164-21-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2844-23-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2676-29-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x000600000001878d-30.dat	xmrig
behavioral1/files/0x00070000000190c6-38.dat	xmrig
behavioral1/memory/3044-48-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d20-70.dat	xmrig
behavioral1/files/0x0005000000019f9f-85.dat	xmrig
behavioral1/memory/976-91-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2640-97-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2572-95-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2204-94-0x0000000002470000-0x00000000027C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a067-101.dat	xmrig
behavioral1/files/0x000500000001a07b-104.dat	xmrig
behavioral1/memory/2204-92-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2616-90-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2904-87-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019fb9-86.dat	xmrig
behavioral1/memory/2912-83-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019da4-82.dat	xmrig
behavioral1/files/0x000500000001a42b-128.dat	xmrig
behavioral1/files/0x000500000001a301-122.dat	xmrig
behavioral1/files/0x000500000001a42d-136.dat	xmrig
behavioral1/files/0x000500000001a345-125.dat	xmrig
behavioral1/files/0x000500000001a431-145.dat	xmrig
behavioral1/files/0x000500000001a42f-143.dat	xmrig
behavioral1/memory/2772-147-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2204-146-0x0000000002470000-0x00000000027C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a0a1-114.dat	xmrig
behavioral1/files/0x0008000000017474-110.dat	xmrig
behavioral1/files/0x000500000001a48e-159.dat	xmrig
behavioral1/files/0x000500000001a48c-183.dat	xmrig
behavioral1/files/0x000500000001a4aa-168.dat	xmrig
behavioral1/memory/2676-211-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x000500000001a49a-162.dat	xmrig
behavioral1/files/0x000500000001a434-150.dat	xmrig
behavioral1/files/0x000500000001a4b5-179.dat	xmrig
behavioral1/files/0x000500000001a49c-178.dat	xmrig
behavioral1/files/0x000500000001a46a-176.dat	xmrig
behavioral1/files/0x0005000000019db8-75.dat	xmrig
behavioral1/memory/2768-69-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d44-63.dat	xmrig
behavioral1/files/0x00080000000191fd-55.dat	xmrig
behavioral1/memory/2824-61-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/files/0x00070000000190c9-51.dat	xmrig
behavioral1/memory/2204-46-0x0000000002470000-0x00000000027C4000-memory.dmp	xmrig
behavioral1/memory/2204-42-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2772-37-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/files/0x000700000001867d-28.dat	xmrig
behavioral1/files/0x0007000000012101-6.dat	xmrig
behavioral1/memory/1936-4017-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2164-4018-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2844-4019-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2676-4020-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2772-4021-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/3044-4022-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2824-4024-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2768-4023-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2912-4025-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2572-4027-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1936	nxMcCXF.exe
2164	MQbNGbs.exe
2844	VpfXWGO.exe
2676	tTvbNYV.exe
2772	DOUGQbt.exe
3044	QjPwDmZ.exe
2824	wBIdgls.exe
2768	EFeUzOb.exe
2912	vikJJZX.exe
2904	ZVGJAeV.exe
2572	ZNsGPya.exe
2616	fDwwkWf.exe
2640	qdBFddH.exe
976	hARhNtH.exe
1204	zPuQvMr.exe
2464	PiqwRVc.exe
1252	CbOeZZG.exe
1616	ltetnlT.exe
2948	RDFojtn.exe
1420	PZVHSAZ.exe
2116	ASrTTHQ.exe
2976	zUjKvbz.exe
2380	sxjPZDc.exe
1756	BGQhSej.exe
2244	YfTqcKB.exe
2268	lRWVkzV.exe
1724	HqjIrMN.exe
272	RSUMnXO.exe
1236	jhiyrXx.exe
2012	ePwCEgU.exe
540	MWbrPBD.exe
1608	HKkIelE.exe
1692	UdnVwXq.exe
2180	VGRjUqQ.exe
2440	uQBGPPE.exe
2240	zitvwMn.exe
396	WwLsjTI.exe
1564	fjlspiz.exe
1536	CZPHQSx.exe
3024	RferjMj.exe
2156	FPQjDZk.exe
1968	AyVYjue.exe
2340	iNNroSW.exe
2060	LFrTqnq.exe
1676	jAQxLkL.exe
2512	DKXfmJC.exe
1916	aNiomhz.exe
1708	xjtdHyS.exe
1484	KhDJexI.exe
864	aUGihsy.exe
1580	ZlOgqZu.exe
1680	kXagfAH.exe
2652	JxBzmJy.exe
2660	MloyOVH.exe
2724	XjmXqxX.exe
2788	oUIXHBB.exe
2604	NvOvDoZ.exe
2740	SkEZHGu.exe
2584	JcMdsTd.exe
1840	hwfmFNr.exe
2184	kTFWikW.exe
2096	OBcYevd.exe
1880	cAyICVB.exe
1148	gMqsdtf.exe

Loads dropped DLL 64 IoCs

pid	Process
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2204-0-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x0016000000018657-12.dat	upx
behavioral1/memory/1936-14-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/files/0x000f000000018662-19.dat	upx
behavioral1/memory/2164-21-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2844-23-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2676-29-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x000600000001878d-30.dat	upx
behavioral1/files/0x00070000000190c6-38.dat	upx
behavioral1/memory/3044-48-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/files/0x0005000000019d20-70.dat	upx
behavioral1/files/0x0005000000019f9f-85.dat	upx
behavioral1/memory/976-91-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2640-97-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2572-95-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x000500000001a067-101.dat	upx
behavioral1/files/0x000500000001a07b-104.dat	upx
behavioral1/memory/2616-90-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2904-87-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x0005000000019fb9-86.dat	upx
behavioral1/memory/2912-83-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/files/0x0005000000019da4-82.dat	upx
behavioral1/files/0x000500000001a42b-128.dat	upx
behavioral1/files/0x000500000001a301-122.dat	upx
behavioral1/files/0x000500000001a42d-136.dat	upx
behavioral1/files/0x000500000001a345-125.dat	upx
behavioral1/files/0x000500000001a431-145.dat	upx
behavioral1/files/0x000500000001a42f-143.dat	upx
behavioral1/memory/2772-147-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2204-146-0x0000000002470000-0x00000000027C4000-memory.dmp	upx
behavioral1/files/0x000500000001a0a1-114.dat	upx
behavioral1/files/0x0008000000017474-110.dat	upx
behavioral1/files/0x000500000001a48e-159.dat	upx
behavioral1/files/0x000500000001a48c-183.dat	upx
behavioral1/files/0x000500000001a4aa-168.dat	upx
behavioral1/memory/2676-211-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x000500000001a49a-162.dat	upx
behavioral1/files/0x000500000001a434-150.dat	upx
behavioral1/files/0x000500000001a4b5-179.dat	upx
behavioral1/files/0x000500000001a49c-178.dat	upx
behavioral1/files/0x000500000001a46a-176.dat	upx
behavioral1/files/0x0005000000019db8-75.dat	upx
behavioral1/memory/2768-69-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x0005000000019d44-63.dat	upx
behavioral1/files/0x00080000000191fd-55.dat	upx
behavioral1/memory/2824-61-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/files/0x00070000000190c9-51.dat	upx
behavioral1/memory/2204-42-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2772-37-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/files/0x000700000001867d-28.dat	upx
behavioral1/files/0x0007000000012101-6.dat	upx
behavioral1/memory/1936-4017-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2164-4018-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2844-4019-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2676-4020-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2772-4021-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/3044-4022-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2824-4024-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2768-4023-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2912-4025-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2572-4027-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2616-4026-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2640-4029-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2904-4028-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CEoPJUZ.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\miaople.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PpuInMt.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHvwNyd.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LCjsPIg.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qrSJizT.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aktEqmb.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\osXHXmK.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QeEhIRY.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kqhWQAf.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WBGAUkg.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bPAXqhE.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XlDZZyE.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hARhNtH.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kXagfAH.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYoOlFc.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vbhgkrb.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sPyiNxm.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jYczldF.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRiSrHf.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uOAWYEt.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PKDuZay.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZGsJrSy.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UerWBFL.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDwwkWf.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MWbrPBD.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMWxNZa.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIgCnnL.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nSWoXGv.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NCtxtNe.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LCprPFo.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VkzAnMF.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UZhFqFi.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hkPGztt.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMxPfEH.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFdbWGa.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mwRFEjk.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YsrekBM.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ylrFkSM.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQnwweC.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nvBVbpi.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xfnXCsg.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XmFyLNw.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gJTabXE.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KPJoCVg.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vxkffih.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aINkkfQ.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tZMPyNN.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkGiJHr.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qoOLFbX.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EzViDuE.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CGeDqks.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BbihniD.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jAQxLkL.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PinmzFv.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EUZiLgm.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\laUjPKW.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\diFKTzb.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESGhFJR.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kMiNFlP.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vikJJZX.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KIjCcLV.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YftBxfy.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFBTVfZ.exe	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 1936	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2204 wrote to memory of 1936	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2204 wrote to memory of 1936	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2204 wrote to memory of 2164	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2204 wrote to memory of 2164	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2204 wrote to memory of 2164	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2204 wrote to memory of 2844	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2204 wrote to memory of 2844	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2204 wrote to memory of 2844	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2204 wrote to memory of 2676	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2204 wrote to memory of 2676	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2204 wrote to memory of 2676	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2204 wrote to memory of 2772	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2204 wrote to memory of 2772	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2204 wrote to memory of 2772	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2204 wrote to memory of 3044	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2204 wrote to memory of 3044	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2204 wrote to memory of 3044	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2204 wrote to memory of 2824	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2204 wrote to memory of 2824	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2204 wrote to memory of 2824	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2204 wrote to memory of 2768	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2204 wrote to memory of 2768	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2204 wrote to memory of 2768	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2204 wrote to memory of 2904	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2204 wrote to memory of 2904	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2204 wrote to memory of 2904	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2204 wrote to memory of 2912	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2204 wrote to memory of 2912	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2204 wrote to memory of 2912	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2204 wrote to memory of 2616	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2204 wrote to memory of 2616	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2204 wrote to memory of 2616	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2204 wrote to memory of 2572	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2204 wrote to memory of 2572	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2204 wrote to memory of 2572	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2204 wrote to memory of 2640	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2204 wrote to memory of 2640	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2204 wrote to memory of 2640	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2204 wrote to memory of 976	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2204 wrote to memory of 976	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2204 wrote to memory of 976	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2204 wrote to memory of 1204	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2204 wrote to memory of 1204	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2204 wrote to memory of 1204	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2204 wrote to memory of 2464	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2204 wrote to memory of 2464	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2204 wrote to memory of 2464	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2204 wrote to memory of 1252	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2204 wrote to memory of 1252	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2204 wrote to memory of 1252	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2204 wrote to memory of 1616	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2204 wrote to memory of 1616	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2204 wrote to memory of 1616	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2204 wrote to memory of 2948	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2204 wrote to memory of 2948	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2204 wrote to memory of 2948	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2204 wrote to memory of 1420	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2204 wrote to memory of 1420	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2204 wrote to memory of 1420	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2204 wrote to memory of 2116	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2204 wrote to memory of 2116	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2204 wrote to memory of 2116	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2204 wrote to memory of 2976	2204	2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_15b364e6fa76398470177498f0923c01_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\System\nxMcCXF.exe
  C:\Windows\System\nxMcCXF.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\MQbNGbs.exe
  C:\Windows\System\MQbNGbs.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\VpfXWGO.exe
  C:\Windows\System\VpfXWGO.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\tTvbNYV.exe
  C:\Windows\System\tTvbNYV.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\DOUGQbt.exe
  C:\Windows\System\DOUGQbt.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\QjPwDmZ.exe
  C:\Windows\System\QjPwDmZ.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\wBIdgls.exe
  C:\Windows\System\wBIdgls.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\EFeUzOb.exe
  C:\Windows\System\EFeUzOb.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\ZVGJAeV.exe
  C:\Windows\System\ZVGJAeV.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\vikJJZX.exe
  C:\Windows\System\vikJJZX.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\fDwwkWf.exe
  C:\Windows\System\fDwwkWf.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\ZNsGPya.exe
  C:\Windows\System\ZNsGPya.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\qdBFddH.exe
  C:\Windows\System\qdBFddH.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\hARhNtH.exe
  C:\Windows\System\hARhNtH.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\zPuQvMr.exe
  C:\Windows\System\zPuQvMr.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\PiqwRVc.exe
  C:\Windows\System\PiqwRVc.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\CbOeZZG.exe
  C:\Windows\System\CbOeZZG.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\ltetnlT.exe
  C:\Windows\System\ltetnlT.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\RDFojtn.exe
  C:\Windows\System\RDFojtn.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\PZVHSAZ.exe
  C:\Windows\System\PZVHSAZ.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\ASrTTHQ.exe
  C:\Windows\System\ASrTTHQ.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\zUjKvbz.exe
  C:\Windows\System\zUjKvbz.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\sxjPZDc.exe
  C:\Windows\System\sxjPZDc.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\BGQhSej.exe
  C:\Windows\System\BGQhSej.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\YfTqcKB.exe
  C:\Windows\System\YfTqcKB.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\lRWVkzV.exe
  C:\Windows\System\lRWVkzV.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\ePwCEgU.exe
  C:\Windows\System\ePwCEgU.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\HqjIrMN.exe
  C:\Windows\System\HqjIrMN.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\MWbrPBD.exe
  C:\Windows\System\MWbrPBD.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\RSUMnXO.exe
  C:\Windows\System\RSUMnXO.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\HKkIelE.exe
  C:\Windows\System\HKkIelE.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\jhiyrXx.exe
  C:\Windows\System\jhiyrXx.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\UdnVwXq.exe
  C:\Windows\System\UdnVwXq.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\VGRjUqQ.exe
  C:\Windows\System\VGRjUqQ.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\uQBGPPE.exe
  C:\Windows\System\uQBGPPE.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\zitvwMn.exe
  C:\Windows\System\zitvwMn.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\WwLsjTI.exe
  C:\Windows\System\WwLsjTI.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\fjlspiz.exe
  C:\Windows\System\fjlspiz.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\CZPHQSx.exe
  C:\Windows\System\CZPHQSx.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\RferjMj.exe
  C:\Windows\System\RferjMj.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\FPQjDZk.exe
  C:\Windows\System\FPQjDZk.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\AyVYjue.exe
  C:\Windows\System\AyVYjue.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\aNiomhz.exe
  C:\Windows\System\aNiomhz.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\iNNroSW.exe
  C:\Windows\System\iNNroSW.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\xjtdHyS.exe
  C:\Windows\System\xjtdHyS.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\LFrTqnq.exe
  C:\Windows\System\LFrTqnq.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\KhDJexI.exe
  C:\Windows\System\KhDJexI.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\jAQxLkL.exe
  C:\Windows\System\jAQxLkL.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\aUGihsy.exe
  C:\Windows\System\aUGihsy.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\DKXfmJC.exe
  C:\Windows\System\DKXfmJC.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\ZlOgqZu.exe
  C:\Windows\System\ZlOgqZu.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\kXagfAH.exe
  C:\Windows\System\kXagfAH.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\JxBzmJy.exe
  C:\Windows\System\JxBzmJy.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\MloyOVH.exe
  C:\Windows\System\MloyOVH.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\oUIXHBB.exe
  C:\Windows\System\oUIXHBB.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\XjmXqxX.exe
  C:\Windows\System\XjmXqxX.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\NvOvDoZ.exe
  C:\Windows\System\NvOvDoZ.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\SkEZHGu.exe
  C:\Windows\System\SkEZHGu.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\hwfmFNr.exe
  C:\Windows\System\hwfmFNr.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\JcMdsTd.exe
  C:\Windows\System\JcMdsTd.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\kTFWikW.exe
  C:\Windows\System\kTFWikW.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\OBcYevd.exe
  C:\Windows\System\OBcYevd.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\cAyICVB.exe
  C:\Windows\System\cAyICVB.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\gMqsdtf.exe
  C:\Windows\System\gMqsdtf.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\jnuBGPO.exe
  C:\Windows\System\jnuBGPO.exe
  2⤵
  PID:2296
- C:\Windows\System\pniWGNk.exe
  C:\Windows\System\pniWGNk.exe
  2⤵
  PID:1380
- C:\Windows\System\ABtWXVE.exe
  C:\Windows\System\ABtWXVE.exe
  2⤵
  PID:2188
- C:\Windows\System\qlTDjzc.exe
  C:\Windows\System\qlTDjzc.exe
  2⤵
  PID:1792
- C:\Windows\System\QNRxnOv.exe
  C:\Windows\System\QNRxnOv.exe
  2⤵
  PID:2540
- C:\Windows\System\AWwAeQP.exe
  C:\Windows\System\AWwAeQP.exe
  2⤵
  PID:772
- C:\Windows\System\MnhEDdU.exe
  C:\Windows\System\MnhEDdU.exe
  2⤵
  PID:1364
- C:\Windows\System\ACHYTsm.exe
  C:\Windows\System\ACHYTsm.exe
  2⤵
  PID:3056
- C:\Windows\System\USYunPv.exe
  C:\Windows\System\USYunPv.exe
  2⤵
  PID:1684
- C:\Windows\System\qWoFetC.exe
  C:\Windows\System\qWoFetC.exe
  2⤵
  PID:2108
- C:\Windows\System\fxWrWGU.exe
  C:\Windows\System\fxWrWGU.exe
  2⤵
  PID:2104
- C:\Windows\System\AvsPbrz.exe
  C:\Windows\System\AvsPbrz.exe
  2⤵
  PID:1624
- C:\Windows\System\IlCwLHq.exe
  C:\Windows\System\IlCwLHq.exe
  2⤵
  PID:1648
- C:\Windows\System\UlmLBeR.exe
  C:\Windows\System\UlmLBeR.exe
  2⤵
  PID:372
- C:\Windows\System\oGawvLa.exe
  C:\Windows\System\oGawvLa.exe
  2⤵
  PID:1800
- C:\Windows\System\wHqjMJU.exe
  C:\Windows\System\wHqjMJU.exe
  2⤵
  PID:1656
- C:\Windows\System\FRNsspK.exe
  C:\Windows\System\FRNsspK.exe
  2⤵
  PID:1760
- C:\Windows\System\zABzDvV.exe
  C:\Windows\System\zABzDvV.exe
  2⤵
  PID:2132
- C:\Windows\System\HxAGSnt.exe
  C:\Windows\System\HxAGSnt.exe
  2⤵
  PID:1468
- C:\Windows\System\tRVGThO.exe
  C:\Windows\System\tRVGThO.exe
  2⤵
  PID:1632
- C:\Windows\System\qMuLApf.exe
  C:\Windows\System\qMuLApf.exe
  2⤵
  PID:2324
- C:\Windows\System\WzSrjEE.exe
  C:\Windows\System\WzSrjEE.exe
  2⤵
  PID:2160
- C:\Windows\System\zouwmsB.exe
  C:\Windows\System\zouwmsB.exe
  2⤵
  PID:2092
- C:\Windows\System\eLgmygp.exe
  C:\Windows\System\eLgmygp.exe
  2⤵
  PID:2696
- C:\Windows\System\bFfcqUf.exe
  C:\Windows\System\bFfcqUf.exe
  2⤵
  PID:2764
- C:\Windows\System\uqXIzVm.exe
  C:\Windows\System\uqXIzVm.exe
  2⤵
  PID:2568
- C:\Windows\System\xqiUHaU.exe
  C:\Windows\System\xqiUHaU.exe
  2⤵
  PID:1908
- C:\Windows\System\OFdbWGa.exe
  C:\Windows\System\OFdbWGa.exe
  2⤵
  PID:2032
- C:\Windows\System\XSPgOEE.exe
  C:\Windows\System\XSPgOEE.exe
  2⤵
  PID:2916
- C:\Windows\System\XXnYRxh.exe
  C:\Windows\System\XXnYRxh.exe
  2⤵
  PID:1996
- C:\Windows\System\jYoVzJU.exe
  C:\Windows\System\jYoVzJU.exe
  2⤵
  PID:1480
- C:\Windows\System\YNYlxCq.exe
  C:\Windows\System\YNYlxCq.exe
  2⤵
  PID:2148
- C:\Windows\System\IYoOlFc.exe
  C:\Windows\System\IYoOlFc.exe
  2⤵
  PID:1772
- C:\Windows\System\uvFduXR.exe
  C:\Windows\System\uvFduXR.exe
  2⤵
  PID:2800
- C:\Windows\System\lWrdaGx.exe
  C:\Windows\System\lWrdaGx.exe
  2⤵
  PID:1944
- C:\Windows\System\LCprPFo.exe
  C:\Windows\System\LCprPFo.exe
  2⤵
  PID:784
- C:\Windows\System\RroCRPx.exe
  C:\Windows\System\RroCRPx.exe
  2⤵
  PID:2276
- C:\Windows\System\wQnwweC.exe
  C:\Windows\System\wQnwweC.exe
  2⤵
  PID:2732
- C:\Windows\System\XbaYKKE.exe
  C:\Windows\System\XbaYKKE.exe
  2⤵
  PID:1652
- C:\Windows\System\KiMgwVI.exe
  C:\Windows\System\KiMgwVI.exe
  2⤵
  PID:2504
- C:\Windows\System\SsUBwmm.exe
  C:\Windows\System\SsUBwmm.exe
  2⤵
  PID:2328
- C:\Windows\System\iOAAdoo.exe
  C:\Windows\System\iOAAdoo.exe
  2⤵
  PID:2248
- C:\Windows\System\kMEGgCI.exe
  C:\Windows\System\kMEGgCI.exe
  2⤵
  PID:2284
- C:\Windows\System\HnnuWHF.exe
  C:\Windows\System\HnnuWHF.exe
  2⤵
  PID:2400
- C:\Windows\System\cGXBbPD.exe
  C:\Windows\System\cGXBbPD.exe
  2⤵
  PID:2968
- C:\Windows\System\rhWsRlg.exe
  C:\Windows\System\rhWsRlg.exe
  2⤵
  PID:2760
- C:\Windows\System\vpGNOCN.exe
  C:\Windows\System\vpGNOCN.exe
  2⤵
  PID:2120
- C:\Windows\System\RynamKz.exe
  C:\Windows\System\RynamKz.exe
  2⤵
  PID:2796
- C:\Windows\System\ovhwsHj.exe
  C:\Windows\System\ovhwsHj.exe
  2⤵
  PID:680
- C:\Windows\System\uDTqAjy.exe
  C:\Windows\System\uDTqAjy.exe
  2⤵
  PID:852
- C:\Windows\System\LRiSrHf.exe
  C:\Windows\System\LRiSrHf.exe
  2⤵
  PID:972
- C:\Windows\System\tQxTCHF.exe
  C:\Windows\System\tQxTCHF.exe
  2⤵
  PID:3016
- C:\Windows\System\lTXdTtd.exe
  C:\Windows\System\lTXdTtd.exe
  2⤵
  PID:1732
- C:\Windows\System\faqHSxq.exe
  C:\Windows\System\faqHSxq.exe
  2⤵
  PID:788
- C:\Windows\System\lHtdPns.exe
  C:\Windows\System\lHtdPns.exe
  2⤵
  PID:2304
- C:\Windows\System\ljgRsyD.exe
  C:\Windows\System\ljgRsyD.exe
  2⤵
  PID:1556
- C:\Windows\System\ZcUcXij.exe
  C:\Windows\System\ZcUcXij.exe
  2⤵
  PID:2280
- C:\Windows\System\CCMHtCb.exe
  C:\Windows\System\CCMHtCb.exe
  2⤵
  PID:3080
- C:\Windows\System\WoVXkor.exe
  C:\Windows\System\WoVXkor.exe
  2⤵
  PID:3096
- C:\Windows\System\eigediK.exe
  C:\Windows\System\eigediK.exe
  2⤵
  PID:3112
- C:\Windows\System\JdngOmV.exe
  C:\Windows\System\JdngOmV.exe
  2⤵
  PID:3128
- C:\Windows\System\ySJXLOP.exe
  C:\Windows\System\ySJXLOP.exe
  2⤵
  PID:3144
- C:\Windows\System\QsCVgHR.exe
  C:\Windows\System\QsCVgHR.exe
  2⤵
  PID:3160
- C:\Windows\System\nNTKnmg.exe
  C:\Windows\System\nNTKnmg.exe
  2⤵
  PID:3176
- C:\Windows\System\KIjCcLV.exe
  C:\Windows\System\KIjCcLV.exe
  2⤵
  PID:3204
- C:\Windows\System\nfbhtRb.exe
  C:\Windows\System\nfbhtRb.exe
  2⤵
  PID:3220
- C:\Windows\System\rlYGYbz.exe
  C:\Windows\System\rlYGYbz.exe
  2⤵
  PID:3236
- C:\Windows\System\uKMnXOq.exe
  C:\Windows\System\uKMnXOq.exe
  2⤵
  PID:3252
- C:\Windows\System\OgciNfo.exe
  C:\Windows\System\OgciNfo.exe
  2⤵
  PID:3268
- C:\Windows\System\soCwmrX.exe
  C:\Windows\System\soCwmrX.exe
  2⤵
  PID:3296
- C:\Windows\System\HwSbEiu.exe
  C:\Windows\System\HwSbEiu.exe
  2⤵
  PID:3316
- C:\Windows\System\qodyykK.exe
  C:\Windows\System\qodyykK.exe
  2⤵
  PID:3380
- C:\Windows\System\etOCrMI.exe
  C:\Windows\System\etOCrMI.exe
  2⤵
  PID:3396
- C:\Windows\System\LCjsPIg.exe
  C:\Windows\System\LCjsPIg.exe
  2⤵
  PID:3428
- C:\Windows\System\VkzAnMF.exe
  C:\Windows\System\VkzAnMF.exe
  2⤵
  PID:3444
- C:\Windows\System\vBksFRO.exe
  C:\Windows\System\vBksFRO.exe
  2⤵
  PID:3460
- C:\Windows\System\UNKBxkt.exe
  C:\Windows\System\UNKBxkt.exe
  2⤵
  PID:3492
- C:\Windows\System\aEbpipW.exe
  C:\Windows\System\aEbpipW.exe
  2⤵
  PID:3512
- C:\Windows\System\hcJIASA.exe
  C:\Windows\System\hcJIASA.exe
  2⤵
  PID:3532
- C:\Windows\System\VtTbHrQ.exe
  C:\Windows\System\VtTbHrQ.exe
  2⤵
  PID:3552
- C:\Windows\System\jCsObmt.exe
  C:\Windows\System\jCsObmt.exe
  2⤵
  PID:3568
- C:\Windows\System\zghrKEe.exe
  C:\Windows\System\zghrKEe.exe
  2⤵
  PID:3584
- C:\Windows\System\lHpxwos.exe
  C:\Windows\System\lHpxwos.exe
  2⤵
  PID:3600
- C:\Windows\System\uAIlefZ.exe
  C:\Windows\System\uAIlefZ.exe
  2⤵
  PID:3616
- C:\Windows\System\VqMghdR.exe
  C:\Windows\System\VqMghdR.exe
  2⤵
  PID:3632
- C:\Windows\System\tttsUTI.exe
  C:\Windows\System\tttsUTI.exe
  2⤵
  PID:3652
- C:\Windows\System\aKRgdiE.exe
  C:\Windows\System\aKRgdiE.exe
  2⤵
  PID:3688
- C:\Windows\System\lNmpBFy.exe
  C:\Windows\System\lNmpBFy.exe
  2⤵
  PID:3708
- C:\Windows\System\RFjOkzE.exe
  C:\Windows\System\RFjOkzE.exe
  2⤵
  PID:3724
- C:\Windows\System\FTOxYlg.exe
  C:\Windows\System\FTOxYlg.exe
  2⤵
  PID:3740
- C:\Windows\System\wqnzlSd.exe
  C:\Windows\System\wqnzlSd.exe
  2⤵
  PID:3776
- C:\Windows\System\hfgqBhR.exe
  C:\Windows\System\hfgqBhR.exe
  2⤵
  PID:3792
- C:\Windows\System\gqiibRl.exe
  C:\Windows\System\gqiibRl.exe
  2⤵
  PID:3816
- C:\Windows\System\lnfMwdO.exe
  C:\Windows\System\lnfMwdO.exe
  2⤵
  PID:3836
- C:\Windows\System\aGpBJkl.exe
  C:\Windows\System\aGpBJkl.exe
  2⤵
  PID:3856
- C:\Windows\System\NikyaEL.exe
  C:\Windows\System\NikyaEL.exe
  2⤵
  PID:3876
- C:\Windows\System\OmOyswg.exe
  C:\Windows\System\OmOyswg.exe
  2⤵
  PID:3892
- C:\Windows\System\NdXJvSj.exe
  C:\Windows\System\NdXJvSj.exe
  2⤵
  PID:3908
- C:\Windows\System\FUoyUDW.exe
  C:\Windows\System\FUoyUDW.exe
  2⤵
  PID:3924
- C:\Windows\System\zUCTrGP.exe
  C:\Windows\System\zUCTrGP.exe
  2⤵
  PID:3940
- C:\Windows\System\KLGFyxL.exe
  C:\Windows\System\KLGFyxL.exe
  2⤵
  PID:3960
- C:\Windows\System\vbhgkrb.exe
  C:\Windows\System\vbhgkrb.exe
  2⤵
  PID:3984
- C:\Windows\System\YftBxfy.exe
  C:\Windows\System\YftBxfy.exe
  2⤵
  PID:4000
- C:\Windows\System\Aybetwe.exe
  C:\Windows\System\Aybetwe.exe
  2⤵
  PID:4044
- C:\Windows\System\NehfDnR.exe
  C:\Windows\System\NehfDnR.exe
  2⤵
  PID:4060
- C:\Windows\System\JTVZNdS.exe
  C:\Windows\System\JTVZNdS.exe
  2⤵
  PID:4076
- C:\Windows\System\IOXSoSC.exe
  C:\Windows\System\IOXSoSC.exe
  2⤵
  PID:4092
- C:\Windows\System\YoJdixT.exe
  C:\Windows\System\YoJdixT.exe
  2⤵
  PID:3120
- C:\Windows\System\sYHavDc.exe
  C:\Windows\System\sYHavDc.exe
  2⤵
  PID:3192
- C:\Windows\System\bzRIZwf.exe
  C:\Windows\System\bzRIZwf.exe
  2⤵
  PID:3228
- C:\Windows\System\ysuVQMg.exe
  C:\Windows\System\ysuVQMg.exe
  2⤵
  PID:1980
- C:\Windows\System\dQjRcBr.exe
  C:\Windows\System\dQjRcBr.exe
  2⤵
  PID:1488
- C:\Windows\System\RFgyAGH.exe
  C:\Windows\System\RFgyAGH.exe
  2⤵
  PID:1532
- C:\Windows\System\ixoLYCB.exe
  C:\Windows\System\ixoLYCB.exe
  2⤵
  PID:1044
- C:\Windows\System\eSQTKOg.exe
  C:\Windows\System\eSQTKOg.exe
  2⤵
  PID:3140
- C:\Windows\System\WUZupvC.exe
  C:\Windows\System\WUZupvC.exe
  2⤵
  PID:3248
- C:\Windows\System\adApvbQ.exe
  C:\Windows\System\adApvbQ.exe
  2⤵
  PID:2520
- C:\Windows\System\Wctzcyy.exe
  C:\Windows\System\Wctzcyy.exe
  2⤵
  PID:3136
- C:\Windows\System\CADQBBu.exe
  C:\Windows\System\CADQBBu.exe
  2⤵
  PID:3280
- C:\Windows\System\MLrJsCy.exe
  C:\Windows\System\MLrJsCy.exe
  2⤵
  PID:3328
- C:\Windows\System\hkSvFJH.exe
  C:\Windows\System\hkSvFJH.exe
  2⤵
  PID:3308
- C:\Windows\System\PvCqiAQ.exe
  C:\Windows\System\PvCqiAQ.exe
  2⤵
  PID:3360
- C:\Windows\System\gABVKRI.exe
  C:\Windows\System\gABVKRI.exe
  2⤵
  PID:3440
- C:\Windows\System\evACvhs.exe
  C:\Windows\System\evACvhs.exe
  2⤵
  PID:3408
- C:\Windows\System\WsCntyk.exe
  C:\Windows\System\WsCntyk.exe
  2⤵
  PID:3424
- C:\Windows\System\BSjoRun.exe
  C:\Windows\System\BSjoRun.exe
  2⤵
  PID:3508
- C:\Windows\System\PinmzFv.exe
  C:\Windows\System\PinmzFv.exe
  2⤵
  PID:3560
- C:\Windows\System\HKXlcmN.exe
  C:\Windows\System\HKXlcmN.exe
  2⤵
  PID:3628
- C:\Windows\System\EUZiLgm.exe
  C:\Windows\System\EUZiLgm.exe
  2⤵
  PID:3576
- C:\Windows\System\CjudfDX.exe
  C:\Windows\System\CjudfDX.exe
  2⤵
  PID:3684
- C:\Windows\System\HmCfbjq.exe
  C:\Windows\System\HmCfbjq.exe
  2⤵
  PID:3700
- C:\Windows\System\laUjPKW.exe
  C:\Windows\System\laUjPKW.exe
  2⤵
  PID:3720
- C:\Windows\System\mnFUiWO.exe
  C:\Windows\System\mnFUiWO.exe
  2⤵
  PID:3748
- C:\Windows\System\vxkffih.exe
  C:\Windows\System\vxkffih.exe
  2⤵
  PID:3752
- C:\Windows\System\BkzpCfP.exe
  C:\Windows\System\BkzpCfP.exe
  2⤵
  PID:3804
- C:\Windows\System\kKmlAKx.exe
  C:\Windows\System\kKmlAKx.exe
  2⤵
  PID:3844
- C:\Windows\System\EHMttyG.exe
  C:\Windows\System\EHMttyG.exe
  2⤵
  PID:3884
- C:\Windows\System\wDTMzWm.exe
  C:\Windows\System\wDTMzWm.exe
  2⤵
  PID:3864
- C:\Windows\System\DTlzAuO.exe
  C:\Windows\System\DTlzAuO.exe
  2⤵
  PID:3992
- C:\Windows\System\NAdAHDW.exe
  C:\Windows\System\NAdAHDW.exe
  2⤵
  PID:3968
- C:\Windows\System\kCzITfI.exe
  C:\Windows\System\kCzITfI.exe
  2⤵
  PID:3980
- C:\Windows\System\TqZDMDZ.exe
  C:\Windows\System\TqZDMDZ.exe
  2⤵
  PID:3872
- C:\Windows\System\oAtoGDQ.exe
  C:\Windows\System\oAtoGDQ.exe
  2⤵
  PID:4084
- C:\Windows\System\LPXBEAo.exe
  C:\Windows\System\LPXBEAo.exe
  2⤵
  PID:4028
- C:\Windows\System\gFTnnXp.exe
  C:\Windows\System\gFTnnXp.exe
  2⤵
  PID:3124
- C:\Windows\System\ToEJcXo.exe
  C:\Windows\System\ToEJcXo.exe
  2⤵
  PID:1216
- C:\Windows\System\RqMaVXz.exe
  C:\Windows\System\RqMaVXz.exe
  2⤵
  PID:3184
- C:\Windows\System\qJYgGFn.exe
  C:\Windows\System\qJYgGFn.exe
  2⤵
  PID:3200
- C:\Windows\System\FdYHtBc.exe
  C:\Windows\System\FdYHtBc.exe
  2⤵
  PID:2272
- C:\Windows\System\iZwsSGC.exe
  C:\Windows\System\iZwsSGC.exe
  2⤵
  PID:3284
- C:\Windows\System\UiFQRZc.exe
  C:\Windows\System\UiFQRZc.exe
  2⤵
  PID:3388
- C:\Windows\System\QMWBrUg.exe
  C:\Windows\System\QMWBrUg.exe
  2⤵
  PID:3348
- C:\Windows\System\KEYokGX.exe
  C:\Windows\System\KEYokGX.exe
  2⤵
  PID:3488
- C:\Windows\System\NODnFFd.exe
  C:\Windows\System\NODnFFd.exe
  2⤵
  PID:3472
- C:\Windows\System\BaTouFF.exe
  C:\Windows\System\BaTouFF.exe
  2⤵
  PID:3456
- C:\Windows\System\vLyoaFy.exe
  C:\Windows\System\vLyoaFy.exe
  2⤵
  PID:3596
- C:\Windows\System\SXDGoJm.exe
  C:\Windows\System\SXDGoJm.exe
  2⤵
  PID:3660
- C:\Windows\System\GyKchlK.exe
  C:\Windows\System\GyKchlK.exe
  2⤵
  PID:3644
- C:\Windows\System\lVlawNU.exe
  C:\Windows\System\lVlawNU.exe
  2⤵
  PID:3716
- C:\Windows\System\cUTorBA.exe
  C:\Windows\System\cUTorBA.exe
  2⤵
  PID:3764
- C:\Windows\System\QzNTvgq.exe
  C:\Windows\System\QzNTvgq.exe
  2⤵
  PID:3808
- C:\Windows\System\sgPWToY.exe
  C:\Windows\System\sgPWToY.exe
  2⤵
  PID:3936
- C:\Windows\System\SMOpVfD.exe
  C:\Windows\System\SMOpVfD.exe
  2⤵
  PID:4036
- C:\Windows\System\OhzLYJw.exe
  C:\Windows\System\OhzLYJw.exe
  2⤵
  PID:760
- C:\Windows\System\NLiLzyp.exe
  C:\Windows\System\NLiLzyp.exe
  2⤵
  PID:1892
- C:\Windows\System\ClvPJAa.exe
  C:\Windows\System\ClvPJAa.exe
  2⤵
  PID:2656
- C:\Windows\System\oepRBJN.exe
  C:\Windows\System\oepRBJN.exe
  2⤵
  PID:3076
- C:\Windows\System\rfVqRGj.exe
  C:\Windows\System\rfVqRGj.exe
  2⤵
  PID:3108
- C:\Windows\System\IkpBPiy.exe
  C:\Windows\System\IkpBPiy.exe
  2⤵
  PID:3916
- C:\Windows\System\psBkVAB.exe
  C:\Windows\System\psBkVAB.exe
  2⤵
  PID:4012
- C:\Windows\System\peBHkwX.exe
  C:\Windows\System\peBHkwX.exe
  2⤵
  PID:4072
- C:\Windows\System\rLTfjPL.exe
  C:\Windows\System\rLTfjPL.exe
  2⤵
  PID:3376
- C:\Windows\System\hYdCJWp.exe
  C:\Windows\System\hYdCJWp.exe
  2⤵
  PID:3420
- C:\Windows\System\qFBTVfZ.exe
  C:\Windows\System\qFBTVfZ.exe
  2⤵
  PID:3592
- C:\Windows\System\lNacDOx.exe
  C:\Windows\System\lNacDOx.exe
  2⤵
  PID:3680
- C:\Windows\System\GHmOxMX.exe
  C:\Windows\System\GHmOxMX.exe
  2⤵
  PID:2384
- C:\Windows\System\yxPXRxE.exe
  C:\Windows\System\yxPXRxE.exe
  2⤵
  PID:1788
- C:\Windows\System\jwIGUZh.exe
  C:\Windows\System\jwIGUZh.exe
  2⤵
  PID:3952
- C:\Windows\System\mEIFxhJ.exe
  C:\Windows\System\mEIFxhJ.exe
  2⤵
  PID:3848
- C:\Windows\System\JvJwBzo.exe
  C:\Windows\System\JvJwBzo.exe
  2⤵
  PID:1912
- C:\Windows\System\gpPriDH.exe
  C:\Windows\System\gpPriDH.exe
  2⤵
  PID:3244
- C:\Windows\System\rOUIXQR.exe
  C:\Windows\System\rOUIXQR.exe
  2⤵
  PID:3904
- C:\Windows\System\lcYiXIm.exe
  C:\Windows\System\lcYiXIm.exe
  2⤵
  PID:3392
- C:\Windows\System\JbUGYRe.exe
  C:\Windows\System\JbUGYRe.exe
  2⤵
  PID:3260
- C:\Windows\System\IeUjblJ.exe
  C:\Windows\System\IeUjblJ.exe
  2⤵
  PID:3528
- C:\Windows\System\maebmQG.exe
  C:\Windows\System\maebmQG.exe
  2⤵
  PID:2236
- C:\Windows\System\LpjlOlQ.exe
  C:\Windows\System\LpjlOlQ.exe
  2⤵
  PID:3608
- C:\Windows\System\ujFOqdE.exe
  C:\Windows\System\ujFOqdE.exe
  2⤵
  PID:3772
- C:\Windows\System\gEcLgNP.exe
  C:\Windows\System\gEcLgNP.exe
  2⤵
  PID:3216
- C:\Windows\System\EUkywqO.exe
  C:\Windows\System\EUkywqO.exe
  2⤵
  PID:4020
- C:\Windows\System\gvsmWQo.exe
  C:\Windows\System\gvsmWQo.exe
  2⤵
  PID:2088
- C:\Windows\System\MEIbngO.exe
  C:\Windows\System\MEIbngO.exe
  2⤵
  PID:2336
- C:\Windows\System\GGoToSs.exe
  C:\Windows\System\GGoToSs.exe
  2⤵
  PID:3344
- C:\Windows\System\rUrrxoz.exe
  C:\Windows\System\rUrrxoz.exe
  2⤵
  PID:3544
- C:\Windows\System\lwBnpGJ.exe
  C:\Windows\System\lwBnpGJ.exe
  2⤵
  PID:3732
- C:\Windows\System\EYlWJec.exe
  C:\Windows\System\EYlWJec.exe
  2⤵
  PID:3104
- C:\Windows\System\LwVYWcA.exe
  C:\Windows\System\LwVYWcA.exe
  2⤵
  PID:2388
- C:\Windows\System\dgKzMGq.exe
  C:\Windows\System\dgKzMGq.exe
  2⤵
  PID:3920
- C:\Windows\System\fGhbQZt.exe
  C:\Windows\System\fGhbQZt.exe
  2⤵
  PID:4068
- C:\Windows\System\QVZhyoF.exe
  C:\Windows\System\QVZhyoF.exe
  2⤵
  PID:2960
- C:\Windows\System\AgrlPFe.exe
  C:\Windows\System\AgrlPFe.exe
  2⤵
  PID:2040
- C:\Windows\System\fdCReqB.exe
  C:\Windows\System\fdCReqB.exe
  2⤵
  PID:4112
- C:\Windows\System\mLWXjVU.exe
  C:\Windows\System\mLWXjVU.exe
  2⤵
  PID:4128
- C:\Windows\System\GrRcTSh.exe
  C:\Windows\System\GrRcTSh.exe
  2⤵
  PID:4148
- C:\Windows\System\WwqsXYb.exe
  C:\Windows\System\WwqsXYb.exe
  2⤵
  PID:4164
- C:\Windows\System\zjeUsfx.exe
  C:\Windows\System\zjeUsfx.exe
  2⤵
  PID:4180
- C:\Windows\System\ffJrZfi.exe
  C:\Windows\System\ffJrZfi.exe
  2⤵
  PID:4196
- C:\Windows\System\uPhJFUk.exe
  C:\Windows\System\uPhJFUk.exe
  2⤵
  PID:4212
- C:\Windows\System\oXKQpVY.exe
  C:\Windows\System\oXKQpVY.exe
  2⤵
  PID:4228
- C:\Windows\System\xdElRNW.exe
  C:\Windows\System\xdElRNW.exe
  2⤵
  PID:4244
- C:\Windows\System\WOlhRte.exe
  C:\Windows\System\WOlhRte.exe
  2⤵
  PID:4316
- C:\Windows\System\VBkSHTW.exe
  C:\Windows\System\VBkSHTW.exe
  2⤵
  PID:4336
- C:\Windows\System\OYSokev.exe
  C:\Windows\System\OYSokev.exe
  2⤵
  PID:4356
- C:\Windows\System\LUnZhKO.exe
  C:\Windows\System\LUnZhKO.exe
  2⤵
  PID:4376
- C:\Windows\System\pNogecc.exe
  C:\Windows\System\pNogecc.exe
  2⤵
  PID:4392
- C:\Windows\System\FvZPQeN.exe
  C:\Windows\System\FvZPQeN.exe
  2⤵
  PID:4408
- C:\Windows\System\eNcldGA.exe
  C:\Windows\System\eNcldGA.exe
  2⤵
  PID:4424
- C:\Windows\System\iAGDdrX.exe
  C:\Windows\System\iAGDdrX.exe
  2⤵
  PID:4440
- C:\Windows\System\vzMfySB.exe
  C:\Windows\System\vzMfySB.exe
  2⤵
  PID:4468
- C:\Windows\System\gqRWsNy.exe
  C:\Windows\System\gqRWsNy.exe
  2⤵
  PID:4488
- C:\Windows\System\txGPYDQ.exe
  C:\Windows\System\txGPYDQ.exe
  2⤵
  PID:4504
- C:\Windows\System\yHFfOyn.exe
  C:\Windows\System\yHFfOyn.exe
  2⤵
  PID:4528
- C:\Windows\System\OIiOtCG.exe
  C:\Windows\System\OIiOtCG.exe
  2⤵
  PID:4556
- C:\Windows\System\LuvkyRl.exe
  C:\Windows\System\LuvkyRl.exe
  2⤵
  PID:4576
- C:\Windows\System\NPnakQi.exe
  C:\Windows\System\NPnakQi.exe
  2⤵
  PID:4596
- C:\Windows\System\RnBRWFS.exe
  C:\Windows\System\RnBRWFS.exe
  2⤵
  PID:4612
- C:\Windows\System\kXPNVdM.exe
  C:\Windows\System\kXPNVdM.exe
  2⤵
  PID:4640
- C:\Windows\System\YJnWqLD.exe
  C:\Windows\System\YJnWqLD.exe
  2⤵
  PID:4656
- C:\Windows\System\gjROLiT.exe
  C:\Windows\System\gjROLiT.exe
  2⤵
  PID:4676
- C:\Windows\System\nSpWgOY.exe
  C:\Windows\System\nSpWgOY.exe
  2⤵
  PID:4696
- C:\Windows\System\LgAcLnn.exe
  C:\Windows\System\LgAcLnn.exe
  2⤵
  PID:4712
- C:\Windows\System\jARHMjl.exe
  C:\Windows\System\jARHMjl.exe
  2⤵
  PID:4728
- C:\Windows\System\fEBetFK.exe
  C:\Windows\System\fEBetFK.exe
  2⤵
  PID:4748
- C:\Windows\System\WeLsjVj.exe
  C:\Windows\System\WeLsjVj.exe
  2⤵
  PID:4768
- C:\Windows\System\POpyAJs.exe
  C:\Windows\System\POpyAJs.exe
  2⤵
  PID:4784
- C:\Windows\System\KIqppCx.exe
  C:\Windows\System\KIqppCx.exe
  2⤵
  PID:4808
- C:\Windows\System\XYKKzni.exe
  C:\Windows\System\XYKKzni.exe
  2⤵
  PID:4836
- C:\Windows\System\rFYafLh.exe
  C:\Windows\System\rFYafLh.exe
  2⤵
  PID:4856
- C:\Windows\System\wueXmuI.exe
  C:\Windows\System\wueXmuI.exe
  2⤵
  PID:4872
- C:\Windows\System\AurhhRT.exe
  C:\Windows\System\AurhhRT.exe
  2⤵
  PID:4888
- C:\Windows\System\OQDYDWU.exe
  C:\Windows\System\OQDYDWU.exe
  2⤵
  PID:4904
- C:\Windows\System\RvmmTGZ.exe
  C:\Windows\System\RvmmTGZ.exe
  2⤵
  PID:4920
- C:\Windows\System\gqvMHay.exe
  C:\Windows\System\gqvMHay.exe
  2⤵
  PID:4940
- C:\Windows\System\cEsCfwF.exe
  C:\Windows\System\cEsCfwF.exe
  2⤵
  PID:4956
- C:\Windows\System\wQEilGi.exe
  C:\Windows\System\wQEilGi.exe
  2⤵
  PID:4992
- C:\Windows\System\faUvyKi.exe
  C:\Windows\System\faUvyKi.exe
  2⤵
  PID:5016
- C:\Windows\System\UayXrjE.exe
  C:\Windows\System\UayXrjE.exe
  2⤵
  PID:5036
- C:\Windows\System\eVANDSG.exe
  C:\Windows\System\eVANDSG.exe
  2⤵
  PID:5056
- C:\Windows\System\KGjuGhl.exe
  C:\Windows\System\KGjuGhl.exe
  2⤵
  PID:5076
- C:\Windows\System\JFcalkn.exe
  C:\Windows\System\JFcalkn.exe
  2⤵
  PID:5092
- C:\Windows\System\gyUyKUI.exe
  C:\Windows\System\gyUyKUI.exe
  2⤵
  PID:2424
- C:\Windows\System\chpyDdD.exe
  C:\Windows\System\chpyDdD.exe
  2⤵
  PID:3828
- C:\Windows\System\TwYeOrj.exe
  C:\Windows\System\TwYeOrj.exe
  2⤵
  PID:3832
- C:\Windows\System\NoRXEvO.exe
  C:\Windows\System\NoRXEvO.exe
  2⤵
  PID:4136
- C:\Windows\System\drJeUbO.exe
  C:\Windows\System\drJeUbO.exe
  2⤵
  PID:4156
- C:\Windows\System\mzkVKxH.exe
  C:\Windows\System\mzkVKxH.exe
  2⤵
  PID:4224
- C:\Windows\System\vyuyhBW.exe
  C:\Windows\System\vyuyhBW.exe
  2⤵
  PID:4260
- C:\Windows\System\YVCjBgj.exe
  C:\Windows\System\YVCjBgj.exe
  2⤵
  PID:4240
- C:\Windows\System\sqjYrws.exe
  C:\Windows\System\sqjYrws.exe
  2⤵
  PID:4280
- C:\Windows\System\NlydUwM.exe
  C:\Windows\System\NlydUwM.exe
  2⤵
  PID:4236
- C:\Windows\System\YFaqFRC.exe
  C:\Windows\System\YFaqFRC.exe
  2⤵
  PID:1660
- C:\Windows\System\TeUxMWE.exe
  C:\Windows\System\TeUxMWE.exe
  2⤵
  PID:4332
- C:\Windows\System\jDfhwgK.exe
  C:\Windows\System\jDfhwgK.exe
  2⤵
  PID:4364
- C:\Windows\System\kMaUuTV.exe
  C:\Windows\System\kMaUuTV.exe
  2⤵
  PID:4420
- C:\Windows\System\oLdcfUl.exe
  C:\Windows\System\oLdcfUl.exe
  2⤵
  PID:4368
- C:\Windows\System\jnfsAFE.exe
  C:\Windows\System\jnfsAFE.exe
  2⤵
  PID:4496
- C:\Windows\System\PIBpeMl.exe
  C:\Windows\System\PIBpeMl.exe
  2⤵
  PID:4536
- C:\Windows\System\WASYXVG.exe
  C:\Windows\System\WASYXVG.exe
  2⤵
  PID:4484
- C:\Windows\System\haUGqZz.exe
  C:\Windows\System\haUGqZz.exe
  2⤵
  PID:4572
- C:\Windows\System\KujRYrc.exe
  C:\Windows\System\KujRYrc.exe
  2⤵
  PID:4632
- C:\Windows\System\UZhFqFi.exe
  C:\Windows\System\UZhFqFi.exe
  2⤵
  PID:4648
- C:\Windows\System\XCVWMLU.exe
  C:\Windows\System\XCVWMLU.exe
  2⤵
  PID:4704
- C:\Windows\System\kPJxjcE.exe
  C:\Windows\System\kPJxjcE.exe
  2⤵
  PID:4740
- C:\Windows\System\PvfCtdg.exe
  C:\Windows\System\PvfCtdg.exe
  2⤵
  PID:4820
- C:\Windows\System\AqplxFu.exe
  C:\Windows\System\AqplxFu.exe
  2⤵
  PID:4724
- C:\Windows\System\HAXMpnk.exe
  C:\Windows\System\HAXMpnk.exe
  2⤵
  PID:4828
- C:\Windows\System\UhKOWnG.exe
  C:\Windows\System\UhKOWnG.exe
  2⤵
  PID:4844
- C:\Windows\System\TRykCfI.exe
  C:\Windows\System\TRykCfI.exe
  2⤵
  PID:4868
- C:\Windows\System\azwYZbR.exe
  C:\Windows\System\azwYZbR.exe
  2⤵
  PID:4936
- C:\Windows\System\TupPQqz.exe
  C:\Windows\System\TupPQqz.exe
  2⤵
  PID:4948
- C:\Windows\System\aBpSnmn.exe
  C:\Windows\System\aBpSnmn.exe
  2⤵
  PID:4984
- C:\Windows\System\sMMVUfc.exe
  C:\Windows\System\sMMVUfc.exe
  2⤵
  PID:5000
- C:\Windows\System\SRfLyuK.exe
  C:\Windows\System\SRfLyuK.exe
  2⤵
  PID:5008
- C:\Windows\System\sEbHXRT.exe
  C:\Windows\System\sEbHXRT.exe
  2⤵
  PID:5116
- C:\Windows\System\hkPGztt.exe
  C:\Windows\System\hkPGztt.exe
  2⤵
  PID:4120
- C:\Windows\System\JrNqNvn.exe
  C:\Windows\System\JrNqNvn.exe
  2⤵
  PID:4208
- C:\Windows\System\CJLhLbi.exe
  C:\Windows\System\CJLhLbi.exe
  2⤵
  PID:1776
- C:\Windows\System\QJKuMTe.exe
  C:\Windows\System\QJKuMTe.exe
  2⤵
  PID:4188
- C:\Windows\System\SBpuapw.exe
  C:\Windows\System\SBpuapw.exe
  2⤵
  PID:4348
- C:\Windows\System\HKRREEE.exe
  C:\Windows\System\HKRREEE.exe
  2⤵
  PID:4400
- C:\Windows\System\EoCrEGy.exe
  C:\Windows\System\EoCrEGy.exe
  2⤵
  PID:4544
- C:\Windows\System\NbogKvY.exe
  C:\Windows\System\NbogKvY.exe
  2⤵
  PID:4552
- C:\Windows\System\UUJCVMZ.exe
  C:\Windows\System\UUJCVMZ.exe
  2⤵
  PID:4592
- C:\Windows\System\ARoFrFr.exe
  C:\Windows\System\ARoFrFr.exe
  2⤵
  PID:4288
- C:\Windows\System\xMkwlqn.exe
  C:\Windows\System\xMkwlqn.exe
  2⤵
  PID:4736
- C:\Windows\System\IuDuGiH.exe
  C:\Windows\System\IuDuGiH.exe
  2⤵
  PID:4804
- C:\Windows\System\UayiPgI.exe
  C:\Windows\System\UayiPgI.exe
  2⤵
  PID:4932
- C:\Windows\System\pdHORNG.exe
  C:\Windows\System\pdHORNG.exe
  2⤵
  PID:4416
- C:\Windows\System\KTvbCtC.exe
  C:\Windows\System\KTvbCtC.exe
  2⤵
  PID:4460
- C:\Windows\System\PJlixaN.exe
  C:\Windows\System\PJlixaN.exe
  2⤵
  PID:4144
- C:\Windows\System\mwRFEjk.exe
  C:\Windows\System\mwRFEjk.exe
  2⤵
  PID:4976
- C:\Windows\System\wwgRyrb.exe
  C:\Windows\System\wwgRyrb.exe
  2⤵
  PID:5024
- C:\Windows\System\xIuuLZd.exe
  C:\Windows\System\xIuuLZd.exe
  2⤵
  PID:4852
- C:\Windows\System\zXPlwNH.exe
  C:\Windows\System\zXPlwNH.exe
  2⤵
  PID:4780
- C:\Windows\System\tqSAyfF.exe
  C:\Windows\System\tqSAyfF.exe
  2⤵
  PID:5048
- C:\Windows\System\szdoVGl.exe
  C:\Windows\System\szdoVGl.exe
  2⤵
  PID:4608
- C:\Windows\System\GULNsuI.exe
  C:\Windows\System\GULNsuI.exe
  2⤵
  PID:2576
- C:\Windows\System\KYowpCr.exe
  C:\Windows\System\KYowpCr.exe
  2⤵
  PID:5084
- C:\Windows\System\tRbDSUZ.exe
  C:\Windows\System\tRbDSUZ.exe
  2⤵
  PID:5108
- C:\Windows\System\rJDXbRd.exe
  C:\Windows\System\rJDXbRd.exe
  2⤵
  PID:4272
- C:\Windows\System\iPMFMEB.exe
  C:\Windows\System\iPMFMEB.exe
  2⤵
  PID:4432
- C:\Windows\System\RHKiFuG.exe
  C:\Windows\System\RHKiFuG.exe
  2⤵
  PID:4652
- C:\Windows\System\nSWoXGv.exe
  C:\Windows\System\nSWoXGv.exe
  2⤵
  PID:4452
- C:\Windows\System\KlxmwGB.exe
  C:\Windows\System\KlxmwGB.exe
  2⤵
  PID:4520
- C:\Windows\System\VkWGNFB.exe
  C:\Windows\System\VkWGNFB.exe
  2⤵
  PID:2620
- C:\Windows\System\yGiJEqr.exe
  C:\Windows\System\yGiJEqr.exe
  2⤵
  PID:4800
- C:\Windows\System\cRbyqYy.exe
  C:\Windows\System\cRbyqYy.exe
  2⤵
  PID:4720
- C:\Windows\System\ygbkVNt.exe
  C:\Windows\System\ygbkVNt.exe
  2⤵
  PID:4952
- C:\Windows\System\Buqdunv.exe
  C:\Windows\System\Buqdunv.exe
  2⤵
  PID:3956
- C:\Windows\System\yitmUEI.exe
  C:\Windows\System\yitmUEI.exe
  2⤵
  PID:4884
- C:\Windows\System\uOAWYEt.exe
  C:\Windows\System\uOAWYEt.exe
  2⤵
  PID:2908
- C:\Windows\System\uHTMFPr.exe
  C:\Windows\System\uHTMFPr.exe
  2⤵
  PID:4456
- C:\Windows\System\oFLOsAM.exe
  C:\Windows\System\oFLOsAM.exe
  2⤵
  PID:4796
- C:\Windows\System\usrYUZS.exe
  C:\Windows\System\usrYUZS.exe
  2⤵
  PID:3292
- C:\Windows\System\nGKijJU.exe
  C:\Windows\System\nGKijJU.exe
  2⤵
  PID:4584
- C:\Windows\System\faLIcnR.exe
  C:\Windows\System\faLIcnR.exe
  2⤵
  PID:4604
- C:\Windows\System\nHAeRvJ.exe
  C:\Windows\System\nHAeRvJ.exe
  2⤵
  PID:4816
- C:\Windows\System\SMRYyCZ.exe
  C:\Windows\System\SMRYyCZ.exe
  2⤵
  PID:5072
- C:\Windows\System\DJgeMgG.exe
  C:\Windows\System\DJgeMgG.exe
  2⤵
  PID:4104
- C:\Windows\System\seydxXy.exe
  C:\Windows\System\seydxXy.exe
  2⤵
  PID:4176
- C:\Windows\System\ZxusQxL.exe
  C:\Windows\System\ZxusQxL.exe
  2⤵
  PID:4764
- C:\Windows\System\qDLPxhW.exe
  C:\Windows\System\qDLPxhW.exe
  2⤵
  PID:4524
- C:\Windows\System\IxwhBIu.exe
  C:\Windows\System\IxwhBIu.exe
  2⤵
  PID:2692
- C:\Windows\System\xEdGOYp.exe
  C:\Windows\System\xEdGOYp.exe
  2⤵
  PID:4624
- C:\Windows\System\JlZMnbR.exe
  C:\Windows\System\JlZMnbR.exe
  2⤵
  PID:316
- C:\Windows\System\NvTVTEA.exe
  C:\Windows\System\NvTVTEA.exe
  2⤵
  PID:1280
- C:\Windows\System\eadVLvz.exe
  C:\Windows\System\eadVLvz.exe
  2⤵
  PID:5128
- C:\Windows\System\zlYcdIe.exe
  C:\Windows\System\zlYcdIe.exe
  2⤵
  PID:5144
- C:\Windows\System\fHePTwx.exe
  C:\Windows\System\fHePTwx.exe
  2⤵
  PID:5160
- C:\Windows\System\ZJHdoTf.exe
  C:\Windows\System\ZJHdoTf.exe
  2⤵
  PID:5176
- C:\Windows\System\bZgGnuV.exe
  C:\Windows\System\bZgGnuV.exe
  2⤵
  PID:5192
- C:\Windows\System\PVWsbsA.exe
  C:\Windows\System\PVWsbsA.exe
  2⤵
  PID:5208
- C:\Windows\System\VDozYEo.exe
  C:\Windows\System\VDozYEo.exe
  2⤵
  PID:5224
- C:\Windows\System\aCkowpJ.exe
  C:\Windows\System\aCkowpJ.exe
  2⤵
  PID:5240
- C:\Windows\System\EMJOOTs.exe
  C:\Windows\System\EMJOOTs.exe
  2⤵
  PID:5256
- C:\Windows\System\DInMSPa.exe
  C:\Windows\System\DInMSPa.exe
  2⤵
  PID:5272
- C:\Windows\System\qHtJxRK.exe
  C:\Windows\System\qHtJxRK.exe
  2⤵
  PID:5288
- C:\Windows\System\HYqsreX.exe
  C:\Windows\System\HYqsreX.exe
  2⤵
  PID:5304
- C:\Windows\System\eHeraEO.exe
  C:\Windows\System\eHeraEO.exe
  2⤵
  PID:5324
- C:\Windows\System\sigcJpA.exe
  C:\Windows\System\sigcJpA.exe
  2⤵
  PID:5340
- C:\Windows\System\iNUZhxf.exe
  C:\Windows\System\iNUZhxf.exe
  2⤵
  PID:5356
- C:\Windows\System\uhChuEz.exe
  C:\Windows\System\uhChuEz.exe
  2⤵
  PID:5372
- C:\Windows\System\FtjZFas.exe
  C:\Windows\System\FtjZFas.exe
  2⤵
  PID:5388
- C:\Windows\System\ibcXxqS.exe
  C:\Windows\System\ibcXxqS.exe
  2⤵
  PID:5404
- C:\Windows\System\YdLWmGz.exe
  C:\Windows\System\YdLWmGz.exe
  2⤵
  PID:5420
- C:\Windows\System\lktjKHL.exe
  C:\Windows\System\lktjKHL.exe
  2⤵
  PID:5436
- C:\Windows\System\OqIEXgj.exe
  C:\Windows\System\OqIEXgj.exe
  2⤵
  PID:5452
- C:\Windows\System\IySnAAd.exe
  C:\Windows\System\IySnAAd.exe
  2⤵
  PID:5468
- C:\Windows\System\WXMPxuE.exe
  C:\Windows\System\WXMPxuE.exe
  2⤵
  PID:5484
- C:\Windows\System\qYETXct.exe
  C:\Windows\System\qYETXct.exe
  2⤵
  PID:5500
- C:\Windows\System\ocfbqtD.exe
  C:\Windows\System\ocfbqtD.exe
  2⤵
  PID:5520
- C:\Windows\System\MwpBysd.exe
  C:\Windows\System\MwpBysd.exe
  2⤵
  PID:5536
- C:\Windows\System\zVrxvLw.exe
  C:\Windows\System\zVrxvLw.exe
  2⤵
  PID:5552
- C:\Windows\System\wLcfVzH.exe
  C:\Windows\System\wLcfVzH.exe
  2⤵
  PID:5568
- C:\Windows\System\vmFxgZd.exe
  C:\Windows\System\vmFxgZd.exe
  2⤵
  PID:5584
- C:\Windows\System\sVTkCRz.exe
  C:\Windows\System\sVTkCRz.exe
  2⤵
  PID:5600
- C:\Windows\System\BSGgpiB.exe
  C:\Windows\System\BSGgpiB.exe
  2⤵
  PID:5616
- C:\Windows\System\XrUWCPj.exe
  C:\Windows\System\XrUWCPj.exe
  2⤵
  PID:5632
- C:\Windows\System\vTtMyAp.exe
  C:\Windows\System\vTtMyAp.exe
  2⤵
  PID:5656
- C:\Windows\System\kwTXuBZ.exe
  C:\Windows\System\kwTXuBZ.exe
  2⤵
  PID:5672
- C:\Windows\System\GsOcogR.exe
  C:\Windows\System\GsOcogR.exe
  2⤵
  PID:5688
- C:\Windows\System\DTYRRgQ.exe
  C:\Windows\System\DTYRRgQ.exe
  2⤵
  PID:5704
- C:\Windows\System\XmFyLNw.exe
  C:\Windows\System\XmFyLNw.exe
  2⤵
  PID:5720
- C:\Windows\System\uGCuxgf.exe
  C:\Windows\System\uGCuxgf.exe
  2⤵
  PID:5736
- C:\Windows\System\nKJFKEz.exe
  C:\Windows\System\nKJFKEz.exe
  2⤵
  PID:5752
- C:\Windows\System\QNhAqci.exe
  C:\Windows\System\QNhAqci.exe
  2⤵
  PID:5768
- C:\Windows\System\zvQbdXb.exe
  C:\Windows\System\zvQbdXb.exe
  2⤵
  PID:5784
- C:\Windows\System\LBDsWOj.exe
  C:\Windows\System\LBDsWOj.exe
  2⤵
  PID:5800
- C:\Windows\System\ojXOYRi.exe
  C:\Windows\System\ojXOYRi.exe
  2⤵
  PID:5816
- C:\Windows\System\aWHkTve.exe
  C:\Windows\System\aWHkTve.exe
  2⤵
  PID:5832
- C:\Windows\System\eeXruHK.exe
  C:\Windows\System\eeXruHK.exe
  2⤵
  PID:5848
- C:\Windows\System\GCpcgbF.exe
  C:\Windows\System\GCpcgbF.exe
  2⤵
  PID:5864
- C:\Windows\System\AHTkxfq.exe
  C:\Windows\System\AHTkxfq.exe
  2⤵
  PID:5880
- C:\Windows\System\WOlgxii.exe
  C:\Windows\System\WOlgxii.exe
  2⤵
  PID:5896
- C:\Windows\System\VwbhTgi.exe
  C:\Windows\System\VwbhTgi.exe
  2⤵
  PID:5912
- C:\Windows\System\WaHnoov.exe
  C:\Windows\System\WaHnoov.exe
  2⤵
  PID:5928
- C:\Windows\System\VAhrzHr.exe
  C:\Windows\System\VAhrzHr.exe
  2⤵
  PID:5944
- C:\Windows\System\OOomZsi.exe
  C:\Windows\System\OOomZsi.exe
  2⤵
  PID:5964
- C:\Windows\System\kFUjdbq.exe
  C:\Windows\System\kFUjdbq.exe
  2⤵
  PID:5984
- C:\Windows\System\vtNKZBf.exe
  C:\Windows\System\vtNKZBf.exe
  2⤵
  PID:6000
- C:\Windows\System\utirIDO.exe
  C:\Windows\System\utirIDO.exe
  2⤵
  PID:6016
- C:\Windows\System\JRTVNjF.exe
  C:\Windows\System\JRTVNjF.exe
  2⤵
  PID:6032
- C:\Windows\System\NCDQChR.exe
  C:\Windows\System\NCDQChR.exe
  2⤵
  PID:6048
- C:\Windows\System\KirHazx.exe
  C:\Windows\System\KirHazx.exe
  2⤵
  PID:6064
- C:\Windows\System\obtONwE.exe
  C:\Windows\System\obtONwE.exe
  2⤵
  PID:6080
- C:\Windows\System\ARgyMeX.exe
  C:\Windows\System\ARgyMeX.exe
  2⤵
  PID:6096
- C:\Windows\System\pNaSKOq.exe
  C:\Windows\System\pNaSKOq.exe
  2⤵
  PID:6120
- C:\Windows\System\zJTyspR.exe
  C:\Windows\System\zJTyspR.exe
  2⤵
  PID:6140
- C:\Windows\System\tABqGit.exe
  C:\Windows\System\tABqGit.exe
  2⤵
  PID:4912
- C:\Windows\System\QAcJxrA.exe
  C:\Windows\System\QAcJxrA.exe
  2⤵
  PID:4388
- C:\Windows\System\AwIJIbM.exe
  C:\Windows\System\AwIJIbM.exe
  2⤵
  PID:5152
- C:\Windows\System\EgLVnyk.exe
  C:\Windows\System\EgLVnyk.exe
  2⤵
  PID:5216
- C:\Windows\System\jVWXZGg.exe
  C:\Windows\System\jVWXZGg.exe
  2⤵
  PID:5172
- C:\Windows\System\dhoewrR.exe
  C:\Windows\System\dhoewrR.exe
  2⤵
  PID:5220
- C:\Windows\System\jvhjzoR.exe
  C:\Windows\System\jvhjzoR.exe
  2⤵
  PID:5284
- C:\Windows\System\dEhviOS.exe
  C:\Windows\System\dEhviOS.exe
  2⤵
  PID:5348
- C:\Windows\System\wCwxRBy.exe
  C:\Windows\System\wCwxRBy.exe
  2⤵
  PID:5412
- C:\Windows\System\GPZLaHw.exe
  C:\Windows\System\GPZLaHw.exe
  2⤵
  PID:5300
- C:\Windows\System\KJeSOVs.exe
  C:\Windows\System\KJeSOVs.exe
  2⤵
  PID:5268
- C:\Windows\System\XcFwfcU.exe
  C:\Windows\System\XcFwfcU.exe
  2⤵
  PID:5400
- C:\Windows\System\zSkxSiz.exe
  C:\Windows\System\zSkxSiz.exe
  2⤵
  PID:5548
- C:\Windows\System\VfBlUIx.exe
  C:\Windows\System\VfBlUIx.exe
  2⤵
  PID:5532
- C:\Windows\System\sOQODLc.exe
  C:\Windows\System\sOQODLc.exe
  2⤵
  PID:5528
- C:\Windows\System\RHwDSoU.exe
  C:\Windows\System\RHwDSoU.exe
  2⤵
  PID:5592
- C:\Windows\System\lvVEBIb.exe
  C:\Windows\System\lvVEBIb.exe
  2⤵
  PID:5644
- C:\Windows\System\ZBZWXnQ.exe
  C:\Windows\System\ZBZWXnQ.exe
  2⤵
  PID:5668
- C:\Windows\System\nBOcRsn.exe
  C:\Windows\System\nBOcRsn.exe
  2⤵
  PID:5716
- C:\Windows\System\qopHpuk.exe
  C:\Windows\System\qopHpuk.exe
  2⤵
  PID:5780
- C:\Windows\System\mLqDkEp.exe
  C:\Windows\System\mLqDkEp.exe
  2⤵
  PID:5732
- C:\Windows\System\ErHpsIo.exe
  C:\Windows\System\ErHpsIo.exe
  2⤵
  PID:5728
- C:\Windows\System\JhtMoIK.exe
  C:\Windows\System\JhtMoIK.exe
  2⤵
  PID:3008
- C:\Windows\System\vLxtmYl.exe
  C:\Windows\System\vLxtmYl.exe
  2⤵
  PID:5828
- C:\Windows\System\CQclmOk.exe
  C:\Windows\System\CQclmOk.exe
  2⤵
  PID:5860
- C:\Windows\System\WTqinAT.exe
  C:\Windows\System\WTqinAT.exe
  2⤵
  PID:5924
- C:\Windows\System\YrEHTNx.exe
  C:\Windows\System\YrEHTNx.exe
  2⤵
  PID:5940
- C:\Windows\System\dUFHeSc.exe
  C:\Windows\System\dUFHeSc.exe
  2⤵
  PID:5972
- C:\Windows\System\ETZZEAB.exe
  C:\Windows\System\ETZZEAB.exe
  2⤵
  PID:2720
- C:\Windows\System\cRbwikA.exe
  C:\Windows\System\cRbwikA.exe
  2⤵
  PID:6028
- C:\Windows\System\ELsXLej.exe
  C:\Windows\System\ELsXLej.exe
  2⤵
  PID:6040
- C:\Windows\System\cJXCUue.exe
  C:\Windows\System\cJXCUue.exe
  2⤵
  PID:6076
- C:\Windows\System\RCSxpjO.exe
  C:\Windows\System\RCSxpjO.exe
  2⤵
  PID:6108
- C:\Windows\System\BBfSQsU.exe
  C:\Windows\System\BBfSQsU.exe
  2⤵
  PID:2972
- C:\Windows\System\kKxwASv.exe
  C:\Windows\System\kKxwASv.exe
  2⤵
  PID:5380
- C:\Windows\System\WJgImil.exe
  C:\Windows\System\WJgImil.exe
  2⤵
  PID:6092
- C:\Windows\System\zsqFfNX.exe
  C:\Windows\System\zsqFfNX.exe
  2⤵
  PID:5188
- C:\Windows\System\bEdyufD.exe
  C:\Windows\System\bEdyufD.exe
  2⤵
  PID:5296
- C:\Windows\System\hQEuXAP.exe
  C:\Windows\System\hQEuXAP.exe
  2⤵
  PID:6136
- C:\Windows\System\YySNUYq.exe
  C:\Windows\System\YySNUYq.exe
  2⤵
  PID:5396
- C:\Windows\System\TprmlKA.exe
  C:\Windows\System\TprmlKA.exe
  2⤵
  PID:5476
- C:\Windows\System\NVPPKma.exe
  C:\Windows\System\NVPPKma.exe
  2⤵
  PID:5460
- C:\Windows\System\mYPhcde.exe
  C:\Windows\System\mYPhcde.exe
  2⤵
  PID:5492
- C:\Windows\System\mmssOlx.exe
  C:\Windows\System\mmssOlx.exe
  2⤵
  PID:5564
- C:\Windows\System\DWaVtMH.exe
  C:\Windows\System\DWaVtMH.exe
  2⤵
  PID:5760
- C:\Windows\System\GYgDTyL.exe
  C:\Windows\System\GYgDTyL.exe
  2⤵
  PID:5560
- C:\Windows\System\BEhytER.exe
  C:\Windows\System\BEhytER.exe
  2⤵
  PID:5652
- C:\Windows\System\lqrYTKs.exe
  C:\Windows\System\lqrYTKs.exe
  2⤵
  PID:5844
- C:\Windows\System\LfIzeQT.exe
  C:\Windows\System\LfIzeQT.exe
  2⤵
  PID:5776
- C:\Windows\System\IKnQybf.exe
  C:\Windows\System\IKnQybf.exe
  2⤵
  PID:5976
- C:\Windows\System\vYFPksq.exe
  C:\Windows\System\vYFPksq.exe
  2⤵
  PID:5960
- C:\Windows\System\ntxDSwj.exe
  C:\Windows\System\ntxDSwj.exe
  2⤵
  PID:5980
- C:\Windows\System\LxGYOpb.exe
  C:\Windows\System\LxGYOpb.exe
  2⤵
  PID:4476
- C:\Windows\System\VTBDzLt.exe
  C:\Windows\System\VTBDzLt.exe
  2⤵
  PID:6104
- C:\Windows\System\JXkteTZ.exe
  C:\Windows\System\JXkteTZ.exe
  2⤵
  PID:5252
- C:\Windows\System\lDUMrLU.exe
  C:\Windows\System\lDUMrLU.exe
  2⤵
  PID:5264
- C:\Windows\System\ACYjPHJ.exe
  C:\Windows\System\ACYjPHJ.exe
  2⤵
  PID:5576
- C:\Windows\System\BjGUXDl.exe
  C:\Windows\System\BjGUXDl.exe
  2⤵
  PID:5448
- C:\Windows\System\upuuZyp.exe
  C:\Windows\System\upuuZyp.exe
  2⤵
  PID:5512
- C:\Windows\System\tCCvluI.exe
  C:\Windows\System\tCCvluI.exe
  2⤵
  PID:5384
- C:\Windows\System\IZqkpaC.exe
  C:\Windows\System\IZqkpaC.exe
  2⤵
  PID:5712
- C:\Windows\System\SyJokTu.exe
  C:\Windows\System\SyJokTu.exe
  2⤵
  PID:5824
- C:\Windows\System\LBCIDyN.exe
  C:\Windows\System\LBCIDyN.exe
  2⤵
  PID:5700
- C:\Windows\System\bgpysbq.exe
  C:\Windows\System\bgpysbq.exe
  2⤵
  PID:6072
- C:\Windows\System\cxNHaZU.exe
  C:\Windows\System\cxNHaZU.exe
  2⤵
  PID:1288
- C:\Windows\System\TOSQiuV.exe
  C:\Windows\System\TOSQiuV.exe
  2⤵
  PID:5320
- C:\Windows\System\AIgFWDr.exe
  C:\Windows\System\AIgFWDr.exe
  2⤵
  PID:5640
- C:\Windows\System\CLYypnO.exe
  C:\Windows\System\CLYypnO.exe
  2⤵
  PID:6012
- C:\Windows\System\VzLcaWE.exe
  C:\Windows\System\VzLcaWE.exe
  2⤵
  PID:5508
- C:\Windows\System\dDcDyUZ.exe
  C:\Windows\System\dDcDyUZ.exe
  2⤵
  PID:5876
- C:\Windows\System\pNjibkw.exe
  C:\Windows\System\pNjibkw.exe
  2⤵
  PID:6160
- C:\Windows\System\ONNlBgi.exe
  C:\Windows\System\ONNlBgi.exe
  2⤵
  PID:6176
- C:\Windows\System\trMcGih.exe
  C:\Windows\System\trMcGih.exe
  2⤵
  PID:6196
- C:\Windows\System\sdoAkgG.exe
  C:\Windows\System\sdoAkgG.exe
  2⤵
  PID:6212
- C:\Windows\System\jRryErl.exe
  C:\Windows\System\jRryErl.exe
  2⤵
  PID:6228
- C:\Windows\System\tCMjTpe.exe
  C:\Windows\System\tCMjTpe.exe
  2⤵
  PID:6244
- C:\Windows\System\NWWCLag.exe
  C:\Windows\System\NWWCLag.exe
  2⤵
  PID:6260
- C:\Windows\System\mlEWavx.exe
  C:\Windows\System\mlEWavx.exe
  2⤵
  PID:6276
- C:\Windows\System\LTPGsTa.exe
  C:\Windows\System\LTPGsTa.exe
  2⤵
  PID:6292
- C:\Windows\System\iXUwAvS.exe
  C:\Windows\System\iXUwAvS.exe
  2⤵
  PID:6308
- C:\Windows\System\WZvOqUq.exe
  C:\Windows\System\WZvOqUq.exe
  2⤵
  PID:6324
- C:\Windows\System\uauZrxS.exe
  C:\Windows\System\uauZrxS.exe
  2⤵
  PID:6340
- C:\Windows\System\lvBabTz.exe
  C:\Windows\System\lvBabTz.exe
  2⤵
  PID:6356
- C:\Windows\System\EtPgJxH.exe
  C:\Windows\System\EtPgJxH.exe
  2⤵
  PID:6372
- C:\Windows\System\gxAaYBm.exe
  C:\Windows\System\gxAaYBm.exe
  2⤵
  PID:6388
- C:\Windows\System\fBMeWZw.exe
  C:\Windows\System\fBMeWZw.exe
  2⤵
  PID:6404
- C:\Windows\System\YEEiESM.exe
  C:\Windows\System\YEEiESM.exe
  2⤵
  PID:6420
- C:\Windows\System\FmHuplO.exe
  C:\Windows\System\FmHuplO.exe
  2⤵
  PID:6436
- C:\Windows\System\ukwncLm.exe
  C:\Windows\System\ukwncLm.exe
  2⤵
  PID:6452
- C:\Windows\System\DXXiLXy.exe
  C:\Windows\System\DXXiLXy.exe
  2⤵
  PID:6468
- C:\Windows\System\buNKQvl.exe
  C:\Windows\System\buNKQvl.exe
  2⤵
  PID:6484
- C:\Windows\System\CYrhVWL.exe
  C:\Windows\System\CYrhVWL.exe
  2⤵
  PID:6504
- C:\Windows\System\niNPMzL.exe
  C:\Windows\System\niNPMzL.exe
  2⤵
  PID:6540
- C:\Windows\System\fdSgtlq.exe
  C:\Windows\System\fdSgtlq.exe
  2⤵
  PID:6556
- C:\Windows\System\jKNumBV.exe
  C:\Windows\System\jKNumBV.exe
  2⤵
  PID:6572
- C:\Windows\System\anTDGxm.exe
  C:\Windows\System\anTDGxm.exe
  2⤵
  PID:6588
- C:\Windows\System\zJKLVYO.exe
  C:\Windows\System\zJKLVYO.exe
  2⤵
  PID:6604
- C:\Windows\System\vbpzYII.exe
  C:\Windows\System\vbpzYII.exe
  2⤵
  PID:6620
- C:\Windows\System\UjZbKxr.exe
  C:\Windows\System\UjZbKxr.exe
  2⤵
  PID:6636
- C:\Windows\System\UaOrpdi.exe
  C:\Windows\System\UaOrpdi.exe
  2⤵
  PID:6652
- C:\Windows\System\hMxHFZc.exe
  C:\Windows\System\hMxHFZc.exe
  2⤵
  PID:6668
- C:\Windows\System\iTliILU.exe
  C:\Windows\System\iTliILU.exe
  2⤵
  PID:6684
- C:\Windows\System\SuScapn.exe
  C:\Windows\System\SuScapn.exe
  2⤵
  PID:6708
- C:\Windows\System\tNSLJhz.exe
  C:\Windows\System\tNSLJhz.exe
  2⤵
  PID:6728
- C:\Windows\System\StuSVAG.exe
  C:\Windows\System\StuSVAG.exe
  2⤵
  PID:6744
- C:\Windows\System\nsrdRZu.exe
  C:\Windows\System\nsrdRZu.exe
  2⤵
  PID:6760
- C:\Windows\System\lnCKPMS.exe
  C:\Windows\System\lnCKPMS.exe
  2⤵
  PID:6776
- C:\Windows\System\qrSJizT.exe
  C:\Windows\System\qrSJizT.exe
  2⤵
  PID:6792
- C:\Windows\System\MiyJNNk.exe
  C:\Windows\System\MiyJNNk.exe
  2⤵
  PID:6808
- C:\Windows\System\lZVxDQe.exe
  C:\Windows\System\lZVxDQe.exe
  2⤵
  PID:6824
- C:\Windows\System\BLuXTwx.exe
  C:\Windows\System\BLuXTwx.exe
  2⤵
  PID:6840
- C:\Windows\System\fpxAAyx.exe
  C:\Windows\System\fpxAAyx.exe
  2⤵
  PID:6856
- C:\Windows\System\MBVFTia.exe
  C:\Windows\System\MBVFTia.exe
  2⤵
  PID:6872
- C:\Windows\System\TUjBtCJ.exe
  C:\Windows\System\TUjBtCJ.exe
  2⤵
  PID:6892
- C:\Windows\System\EYAxexn.exe
  C:\Windows\System\EYAxexn.exe
  2⤵
  PID:6908
- C:\Windows\System\hJAGLyj.exe
  C:\Windows\System\hJAGLyj.exe
  2⤵
  PID:6924
- C:\Windows\System\eFMcwtn.exe
  C:\Windows\System\eFMcwtn.exe
  2⤵
  PID:6940
- C:\Windows\System\PHvJuON.exe
  C:\Windows\System\PHvJuON.exe
  2⤵
  PID:6956
- C:\Windows\System\TveVhzT.exe
  C:\Windows\System\TveVhzT.exe
  2⤵
  PID:6972
- C:\Windows\System\nTjtryb.exe
  C:\Windows\System\nTjtryb.exe
  2⤵
  PID:6988
- C:\Windows\System\hlGPfkq.exe
  C:\Windows\System\hlGPfkq.exe
  2⤵
  PID:7004
- C:\Windows\System\ixclIth.exe
  C:\Windows\System\ixclIth.exe
  2⤵
  PID:7020
- C:\Windows\System\CvJkNEF.exe
  C:\Windows\System\CvJkNEF.exe
  2⤵
  PID:7036
- C:\Windows\System\BCfFQHf.exe
  C:\Windows\System\BCfFQHf.exe
  2⤵
  PID:7052
- C:\Windows\System\lIapEnM.exe
  C:\Windows\System\lIapEnM.exe
  2⤵
  PID:7068
- C:\Windows\System\eKWHVpE.exe
  C:\Windows\System\eKWHVpE.exe
  2⤵
  PID:7084
- C:\Windows\System\DugJPpJ.exe
  C:\Windows\System\DugJPpJ.exe
  2⤵
  PID:7100
- C:\Windows\System\PKDuZay.exe
  C:\Windows\System\PKDuZay.exe
  2⤵
  PID:7116
- C:\Windows\System\eVWkyRs.exe
  C:\Windows\System\eVWkyRs.exe
  2⤵
  PID:7132
- C:\Windows\System\ZorfyrB.exe
  C:\Windows\System\ZorfyrB.exe
  2⤵
  PID:7148
- C:\Windows\System\srgMRAU.exe
  C:\Windows\System\srgMRAU.exe
  2⤵
  PID:7164
- C:\Windows\System\trkWaiQ.exe
  C:\Windows\System\trkWaiQ.exe
  2⤵
  PID:4172
- C:\Windows\System\PuDDmJg.exe
  C:\Windows\System\PuDDmJg.exe
  2⤵
  PID:1780
- C:\Windows\System\YYQXUOD.exe
  C:\Windows\System\YYQXUOD.exe
  2⤵
  PID:6184
- C:\Windows\System\jPgvRTg.exe
  C:\Windows\System\jPgvRTg.exe
  2⤵
  PID:5432
- C:\Windows\System\jxFzODN.exe
  C:\Windows\System\jxFzODN.exe
  2⤵
  PID:2944
- C:\Windows\System\WrElVVj.exe
  C:\Windows\System\WrElVVj.exe
  2⤵
  PID:444
- C:\Windows\System\GjVaJnU.exe
  C:\Windows\System\GjVaJnU.exe
  2⤵
  PID:6204
- C:\Windows\System\TnQtSGd.exe
  C:\Windows\System\TnQtSGd.exe
  2⤵
  PID:6240
- C:\Windows\System\bMaLvkw.exe
  C:\Windows\System\bMaLvkw.exe
  2⤵
  PID:6316
- C:\Windows\System\Fyqhnkx.exe
  C:\Windows\System\Fyqhnkx.exe
  2⤵
  PID:6336
- C:\Windows\System\vtbmGen.exe
  C:\Windows\System\vtbmGen.exe
  2⤵
  PID:6272
- C:\Windows\System\cIlzfrz.exe
  C:\Windows\System\cIlzfrz.exe
  2⤵
  PID:6412
- C:\Windows\System\FxIeTLS.exe
  C:\Windows\System\FxIeTLS.exe
  2⤵
  PID:6396
- C:\Windows\System\bYQgoYe.exe
  C:\Windows\System\bYQgoYe.exe
  2⤵
  PID:6476
- C:\Windows\System\fXpRmmI.exe
  C:\Windows\System\fXpRmmI.exe
  2⤵
  PID:6460
- C:\Windows\System\dfIchKW.exe
  C:\Windows\System\dfIchKW.exe
  2⤵
  PID:6512
- C:\Windows\System\GoATPfN.exe
  C:\Windows\System\GoATPfN.exe
  2⤵
  PID:6528
- C:\Windows\System\YsrekBM.exe
  C:\Windows\System\YsrekBM.exe
  2⤵
  PID:6568
- C:\Windows\System\RKpDqPh.exe
  C:\Windows\System\RKpDqPh.exe
  2⤵
  PID:6632
- C:\Windows\System\xoFxUOn.exe
  C:\Windows\System\xoFxUOn.exe
  2⤵
  PID:6704
- C:\Windows\System\TXirluy.exe
  C:\Windows\System\TXirluy.exe
  2⤵
  PID:6768
- C:\Windows\System\gbwJrkb.exe
  C:\Windows\System\gbwJrkb.exe
  2⤵
  PID:6736
- C:\Windows\System\AvFLCRw.exe
  C:\Windows\System\AvFLCRw.exe
  2⤵
  PID:6648
- C:\Windows\System\IHOyHJL.exe
  C:\Windows\System\IHOyHJL.exe
  2⤵
  PID:6788
- C:\Windows\System\xtbGTVu.exe
  C:\Windows\System\xtbGTVu.exe
  2⤵
  PID:6888
- C:\Windows\System\upkGWqp.exe
  C:\Windows\System\upkGWqp.exe
  2⤵
  PID:6936
- C:\Windows\System\ekNMBob.exe
  C:\Windows\System\ekNMBob.exe
  2⤵
  PID:6884
- C:\Windows\System\ThYfnsq.exe
  C:\Windows\System\ThYfnsq.exe
  2⤵
  PID:7000
- C:\Windows\System\ngnpdUh.exe
  C:\Windows\System\ngnpdUh.exe
  2⤵
  PID:6724
- C:\Windows\System\hmbkubU.exe
  C:\Windows\System\hmbkubU.exe
  2⤵
  PID:7016
- C:\Windows\System\XBERcax.exe
  C:\Windows\System\XBERcax.exe
  2⤵
  PID:6948
- C:\Windows\System\IzpCaVl.exe
  C:\Windows\System\IzpCaVl.exe
  2⤵
  PID:7124
- C:\Windows\System\MFWrfgy.exe
  C:\Windows\System\MFWrfgy.exe
  2⤵
  PID:7140
- C:\Windows\System\MdmaPrS.exe
  C:\Windows\System\MdmaPrS.exe
  2⤵
  PID:7160
- C:\Windows\System\diFKTzb.exe
  C:\Windows\System\diFKTzb.exe
  2⤵
  PID:2020
- C:\Windows\System\TBBLECf.exe
  C:\Windows\System\TBBLECf.exe
  2⤵
  PID:2416
- C:\Windows\System\VOxhKSj.exe
  C:\Windows\System\VOxhKSj.exe
  2⤵
  PID:6172
- C:\Windows\System\JlUCmaH.exe
  C:\Windows\System\JlUCmaH.exe
  2⤵
  PID:2924
- C:\Windows\System\ShBALYP.exe
  C:\Windows\System\ShBALYP.exe
  2⤵
  PID:6432
- C:\Windows\System\etBjhPd.exe
  C:\Windows\System\etBjhPd.exe
  2⤵
  PID:6448
- C:\Windows\System\TWzUxQx.exe
  C:\Windows\System\TWzUxQx.exe
  2⤵
  PID:6520
- C:\Windows\System\OmdSZFR.exe
  C:\Windows\System\OmdSZFR.exe
  2⤵
  PID:6600
- C:\Windows\System\vIWjpAz.exe
  C:\Windows\System\vIWjpAz.exe
  2⤵
  PID:2524
- C:\Windows\System\yGxGgHt.exe
  C:\Windows\System\yGxGgHt.exe
  2⤵
  PID:6836
- C:\Windows\System\UfXPqGA.exe
  C:\Windows\System\UfXPqGA.exe
  2⤵
  PID:6904
- C:\Windows\System\cOvvWtM.exe
  C:\Windows\System\cOvvWtM.exe
  2⤵
  PID:6548
- C:\Windows\System\uhtIoAK.exe
  C:\Windows\System\uhtIoAK.exe
  2⤵
  PID:6740
- C:\Windows\System\MunDluL.exe
  C:\Windows\System\MunDluL.exe
  2⤵
  PID:1932
- C:\Windows\System\kRedHfQ.exe
  C:\Windows\System\kRedHfQ.exe
  2⤵
  PID:6616
- C:\Windows\System\fHoFGkG.exe
  C:\Windows\System\fHoFGkG.exe
  2⤵
  PID:856
- C:\Windows\System\EtYSDbU.exe
  C:\Windows\System\EtYSDbU.exe
  2⤵
  PID:6536
- C:\Windows\System\DraToxi.exe
  C:\Windows\System\DraToxi.exe
  2⤵
  PID:6696
- C:\Windows\System\MuBOkpE.exe
  C:\Windows\System\MuBOkpE.exe
  2⤵
  PID:6584
- C:\Windows\System\pTJjhKx.exe
  C:\Windows\System\pTJjhKx.exe
  2⤵
  PID:6968
- C:\Windows\System\xDrQEaC.exe
  C:\Windows\System\xDrQEaC.exe
  2⤵
  PID:7044
- C:\Windows\System\hHYJLWK.exe
  C:\Windows\System\hHYJLWK.exe
  2⤵
  PID:7112
- C:\Windows\System\mQHIiXv.exe
  C:\Windows\System\mQHIiXv.exe
  2⤵
  PID:6152
- C:\Windows\System\vIjnGry.exe
  C:\Windows\System\vIjnGry.exe
  2⤵
  PID:2212
- C:\Windows\System\ewjMYYc.exe
  C:\Windows\System\ewjMYYc.exe
  2⤵
  PID:1672
- C:\Windows\System\bTsCGyF.exe
  C:\Windows\System\bTsCGyF.exe
  2⤵
  PID:6348
- C:\Windows\System\OuRhnFT.exe
  C:\Windows\System\OuRhnFT.exe
  2⤵
  PID:1736
- C:\Windows\System\rkGZwtr.exe
  C:\Windows\System\rkGZwtr.exe
  2⤵
  PID:6352
- C:\Windows\System\LLhVOiu.exe
  C:\Windows\System\LLhVOiu.exe
  2⤵
  PID:6332
- C:\Windows\System\PIgKJOv.exe
  C:\Windows\System\PIgKJOv.exe
  2⤵
  PID:6384
- C:\Windows\System\pExTGfn.exe
  C:\Windows\System\pExTGfn.exe
  2⤵
  PID:6664
- C:\Windows\System\HKZkAzA.exe
  C:\Windows\System\HKZkAzA.exe
  2⤵
  PID:7048
- C:\Windows\System\yQtzgRT.exe
  C:\Windows\System\yQtzgRT.exe
  2⤵
  PID:6832
- C:\Windows\System\rvOlbtH.exe
  C:\Windows\System\rvOlbtH.exe
  2⤵
  PID:6752
- C:\Windows\System\WEAdQbh.exe
  C:\Windows\System\WEAdQbh.exe
  2⤵
  PID:288
- C:\Windows\System\uiwrJcX.exe
  C:\Windows\System\uiwrJcX.exe
  2⤵
  PID:1144
- C:\Windows\System\mukmpgr.exe
  C:\Windows\System\mukmpgr.exe
  2⤵
  PID:5664
- C:\Windows\System\aktEqmb.exe
  C:\Windows\System\aktEqmb.exe
  2⤵
  PID:6784
- C:\Windows\System\vWqsCKf.exe
  C:\Windows\System\vWqsCKf.exe
  2⤵
  PID:6916
- C:\Windows\System\BHYhmdi.exe
  C:\Windows\System\BHYhmdi.exe
  2⤵
  PID:2580
- C:\Windows\System\qUGNWOf.exe
  C:\Windows\System\qUGNWOf.exe
  2⤵
  PID:6284
- C:\Windows\System\WpFiKpd.exe
  C:\Windows\System\WpFiKpd.exe
  2⤵
  PID:6952
- C:\Windows\System\QrwPIHo.exe
  C:\Windows\System\QrwPIHo.exe
  2⤵
  PID:6188
- C:\Windows\System\jvmysts.exe
  C:\Windows\System\jvmysts.exe
  2⤵
  PID:7176
- C:\Windows\System\ppvjodR.exe
  C:\Windows\System\ppvjodR.exe
  2⤵
  PID:7192
- C:\Windows\System\dSzCdaG.exe
  C:\Windows\System\dSzCdaG.exe
  2⤵
  PID:7208
- C:\Windows\System\manYpPk.exe
  C:\Windows\System\manYpPk.exe
  2⤵
  PID:7228
- C:\Windows\System\xkUwinG.exe
  C:\Windows\System\xkUwinG.exe
  2⤵
  PID:7244
- C:\Windows\System\ltbgzuB.exe
  C:\Windows\System\ltbgzuB.exe
  2⤵
  PID:7260
- C:\Windows\System\rMVBKGx.exe
  C:\Windows\System\rMVBKGx.exe
  2⤵
  PID:7276
- C:\Windows\System\XftImLV.exe
  C:\Windows\System\XftImLV.exe
  2⤵
  PID:7292
- C:\Windows\System\eZoLrih.exe
  C:\Windows\System\eZoLrih.exe
  2⤵
  PID:7308
- C:\Windows\System\TcyTDZf.exe
  C:\Windows\System\TcyTDZf.exe
  2⤵
  PID:7324
- C:\Windows\System\ZTLcnEE.exe
  C:\Windows\System\ZTLcnEE.exe
  2⤵
  PID:7340
- C:\Windows\System\RrCQRiR.exe
  C:\Windows\System\RrCQRiR.exe
  2⤵
  PID:7356
- C:\Windows\System\rtEHQmD.exe
  C:\Windows\System\rtEHQmD.exe
  2⤵
  PID:7372
- C:\Windows\System\XFwDOHy.exe
  C:\Windows\System\XFwDOHy.exe
  2⤵
  PID:7388
- C:\Windows\System\EpuakBA.exe
  C:\Windows\System\EpuakBA.exe
  2⤵
  PID:7404
- C:\Windows\System\YAfuqnp.exe
  C:\Windows\System\YAfuqnp.exe
  2⤵
  PID:7420
- C:\Windows\System\SqrdpVA.exe
  C:\Windows\System\SqrdpVA.exe
  2⤵
  PID:7436
- C:\Windows\System\sJSuPXS.exe
  C:\Windows\System\sJSuPXS.exe
  2⤵
  PID:7456
- C:\Windows\System\qWhlDZG.exe
  C:\Windows\System\qWhlDZG.exe
  2⤵
  PID:7472
- C:\Windows\System\hMRhNlL.exe
  C:\Windows\System\hMRhNlL.exe
  2⤵
  PID:7488
- C:\Windows\System\QLBArUA.exe
  C:\Windows\System\QLBArUA.exe
  2⤵
  PID:7504
- C:\Windows\System\iXGmDEQ.exe
  C:\Windows\System\iXGmDEQ.exe
  2⤵
  PID:7528
- C:\Windows\System\xRzEZAS.exe
  C:\Windows\System\xRzEZAS.exe
  2⤵
  PID:7612
- C:\Windows\System\QeBvtEN.exe
  C:\Windows\System\QeBvtEN.exe
  2⤵
  PID:7628
- C:\Windows\System\WzalpJC.exe
  C:\Windows\System\WzalpJC.exe
  2⤵
  PID:7668
- C:\Windows\System\CSyNRJP.exe
  C:\Windows\System\CSyNRJP.exe
  2⤵
  PID:7684
- C:\Windows\System\nRhoXXa.exe
  C:\Windows\System\nRhoXXa.exe
  2⤵
  PID:7700
- C:\Windows\System\mJmwMDI.exe
  C:\Windows\System\mJmwMDI.exe
  2⤵
  PID:7716
- C:\Windows\System\tDeiwvK.exe
  C:\Windows\System\tDeiwvK.exe
  2⤵
  PID:7732
- C:\Windows\System\gaAUNsP.exe
  C:\Windows\System\gaAUNsP.exe
  2⤵
  PID:7748
- C:\Windows\System\Ailqpxh.exe
  C:\Windows\System\Ailqpxh.exe
  2⤵
  PID:7764
- C:\Windows\System\BwlCtnZ.exe
  C:\Windows\System\BwlCtnZ.exe
  2⤵
  PID:7780
- C:\Windows\System\cqhxioL.exe
  C:\Windows\System\cqhxioL.exe
  2⤵
  PID:7796
- C:\Windows\System\bslBZUM.exe
  C:\Windows\System\bslBZUM.exe
  2⤵
  PID:7812
- C:\Windows\System\ESGhFJR.exe
  C:\Windows\System\ESGhFJR.exe
  2⤵
  PID:7832
- C:\Windows\System\YziDWDl.exe
  C:\Windows\System\YziDWDl.exe
  2⤵
  PID:7848
- C:\Windows\System\cVPQGOu.exe
  C:\Windows\System\cVPQGOu.exe
  2⤵
  PID:7864
- C:\Windows\System\IJenYcd.exe
  C:\Windows\System\IJenYcd.exe
  2⤵
  PID:7884
- C:\Windows\System\TcwbWNJ.exe
  C:\Windows\System\TcwbWNJ.exe
  2⤵
  PID:7900
- C:\Windows\System\YnAONJk.exe
  C:\Windows\System\YnAONJk.exe
  2⤵
  PID:7916
- C:\Windows\System\owDqcsH.exe
  C:\Windows\System\owDqcsH.exe
  2⤵
  PID:7932
- C:\Windows\System\QapMreD.exe
  C:\Windows\System\QapMreD.exe
  2⤵
  PID:7948
- C:\Windows\System\weThBxR.exe
  C:\Windows\System\weThBxR.exe
  2⤵
  PID:7964
- C:\Windows\System\ZGsJrSy.exe
  C:\Windows\System\ZGsJrSy.exe
  2⤵
  PID:7980
- C:\Windows\System\fgfDIZt.exe
  C:\Windows\System\fgfDIZt.exe
  2⤵
  PID:7996
- C:\Windows\System\hkAOfnV.exe
  C:\Windows\System\hkAOfnV.exe
  2⤵
  PID:8016
- C:\Windows\System\FliqUah.exe
  C:\Windows\System\FliqUah.exe
  2⤵
  PID:8040
- C:\Windows\System\EZfkatD.exe
  C:\Windows\System\EZfkatD.exe
  2⤵
  PID:8084
- C:\Windows\System\gJTabXE.exe
  C:\Windows\System\gJTabXE.exe
  2⤵
  PID:8104
- C:\Windows\System\yGyAcxb.exe
  C:\Windows\System\yGyAcxb.exe
  2⤵
  PID:8120
- C:\Windows\System\FlAtfok.exe
  C:\Windows\System\FlAtfok.exe
  2⤵
  PID:8136
- C:\Windows\System\PxZqFYq.exe
  C:\Windows\System\PxZqFYq.exe
  2⤵
  PID:8156
- C:\Windows\System\MeZWnzg.exe
  C:\Windows\System\MeZWnzg.exe
  2⤵
  PID:8172
- C:\Windows\System\DSJftkG.exe
  C:\Windows\System\DSJftkG.exe
  2⤵
  PID:8188
- C:\Windows\System\EfbtnRX.exe
  C:\Windows\System\EfbtnRX.exe
  2⤵
  PID:7236
- C:\Windows\System\tRgzrTo.exe
  C:\Windows\System\tRgzrTo.exe
  2⤵
  PID:7304
- C:\Windows\System\RbFUuHd.exe
  C:\Windows\System\RbFUuHd.exe
  2⤵
  PID:4688
- C:\Windows\System\TxSsEtd.exe
  C:\Windows\System\TxSsEtd.exe
  2⤵
  PID:7396
- C:\Windows\System\osXHXmK.exe
  C:\Windows\System\osXHXmK.exe
  2⤵
  PID:7468
- C:\Windows\System\ANoMniB.exe
  C:\Windows\System\ANoMniB.exe
  2⤵
  PID:1600
- C:\Windows\System\nUETJhT.exe
  C:\Windows\System\nUETJhT.exe
  2⤵
  PID:6756
- C:\Windows\System\pxGVMKS.exe
  C:\Windows\System\pxGVMKS.exe
  2⤵
  PID:6676
- C:\Windows\System\UszLwyf.exe
  C:\Windows\System\UszLwyf.exe
  2⤵
  PID:6300
- C:\Windows\System\KiFAhss.exe
  C:\Windows\System\KiFAhss.exe
  2⤵
  PID:7416
- C:\Windows\System\brErcWB.exe
  C:\Windows\System\brErcWB.exe
  2⤵
  PID:2392
- C:\Windows\System\BkGiJHr.exe
  C:\Windows\System\BkGiJHr.exe
  2⤵
  PID:7448
- C:\Windows\System\YcefFLp.exe
  C:\Windows\System\YcefFLp.exe
  2⤵
  PID:7444
- C:\Windows\System\qWUCaKz.exe
  C:\Windows\System\qWUCaKz.exe
  2⤵
  PID:7512
- C:\Windows\System\PcEwEQA.exe
  C:\Windows\System\PcEwEQA.exe
  2⤵
  PID:7288
- C:\Windows\System\tvlJhJX.exe
  C:\Windows\System\tvlJhJX.exe
  2⤵
  PID:7216
- C:\Windows\System\WBGAUkg.exe
  C:\Windows\System\WBGAUkg.exe
  2⤵
  PID:7188
- C:\Windows\System\nyUlRWB.exe
  C:\Windows\System\nyUlRWB.exe
  2⤵
  PID:7552
- C:\Windows\System\DtZooFC.exe
  C:\Windows\System\DtZooFC.exe
  2⤵
  PID:7568
- C:\Windows\System\PSlTUYp.exe
  C:\Windows\System\PSlTUYp.exe
  2⤵
  PID:7588
- C:\Windows\System\NFUzwXq.exe
  C:\Windows\System\NFUzwXq.exe
  2⤵
  PID:7604
- C:\Windows\System\KlafpCh.exe
  C:\Windows\System\KlafpCh.exe
  2⤵
  PID:7592
- C:\Windows\System\FVfilOO.exe
  C:\Windows\System\FVfilOO.exe
  2⤵
  PID:7656
- C:\Windows\System\cpsXYyn.exe
  C:\Windows\System\cpsXYyn.exe
  2⤵
  PID:7692
- C:\Windows\System\ilRirQD.exe
  C:\Windows\System\ilRirQD.exe
  2⤵
  PID:7708
- C:\Windows\System\MLguoLs.exe
  C:\Windows\System\MLguoLs.exe
  2⤵
  PID:7744
- C:\Windows\System\ixYhMJt.exe
  C:\Windows\System\ixYhMJt.exe
  2⤵
  PID:7724
- C:\Windows\System\qoOLFbX.exe
  C:\Windows\System\qoOLFbX.exe
  2⤵
  PID:7792
- C:\Windows\System\wwtzBdc.exe
  C:\Windows\System\wwtzBdc.exe
  2⤵
  PID:7856
- C:\Windows\System\zDRRuMI.exe
  C:\Windows\System\zDRRuMI.exe
  2⤵
  PID:7924
- C:\Windows\System\aWyPjbi.exe
  C:\Windows\System\aWyPjbi.exe
  2⤵
  PID:7840
- C:\Windows\System\vmvyZhk.exe
  C:\Windows\System\vmvyZhk.exe
  2⤵
  PID:7844
- C:\Windows\System\wpnTFKC.exe
  C:\Windows\System\wpnTFKC.exe
  2⤵
  PID:8008
- C:\Windows\System\aINkkfQ.exe
  C:\Windows\System\aINkkfQ.exe
  2⤵
  PID:7944
- C:\Windows\System\LfFAMtD.exe
  C:\Windows\System\LfFAMtD.exe
  2⤵
  PID:8032
- C:\Windows\System\TYcHaAk.exe
  C:\Windows\System\TYcHaAk.exe
  2⤵
  PID:8132
- C:\Windows\System\fIIcSHd.exe
  C:\Windows\System\fIIcSHd.exe
  2⤵
  PID:8164
- C:\Windows\System\VIoupIW.exe
  C:\Windows\System\VIoupIW.exe
  2⤵
  PID:8060
- C:\Windows\System\ydSLZcn.exe
  C:\Windows\System\ydSLZcn.exe
  2⤵
  PID:8168
- C:\Windows\System\QzlaNZw.exe
  C:\Windows\System\QzlaNZw.exe
  2⤵
  PID:8056
- C:\Windows\System\vucjoVh.exe
  C:\Windows\System\vucjoVh.exe
  2⤵
  PID:7268
- C:\Windows\System\UnbgVIx.exe
  C:\Windows\System\UnbgVIx.exe
  2⤵
  PID:7332
- C:\Windows\System\fQWeDnN.exe
  C:\Windows\System\fQWeDnN.exe
  2⤵
  PID:6480
- C:\Windows\System\ynQnyoy.exe
  C:\Windows\System\ynQnyoy.exe
  2⤵
  PID:7400
- C:\Windows\System\WhZaWsZ.exe
  C:\Windows\System\WhZaWsZ.exe
  2⤵
  PID:6380
- C:\Windows\System\RkMygdR.exe
  C:\Windows\System\RkMygdR.exe
  2⤵
  PID:7320
- C:\Windows\System\PTYwtKe.exe
  C:\Windows\System\PTYwtKe.exe
  2⤵
  PID:7384
- C:\Windows\System\cIXvbxk.exe
  C:\Windows\System\cIXvbxk.exe
  2⤵
  PID:7620
- C:\Windows\System\pJtcPZo.exe
  C:\Windows\System\pJtcPZo.exe
  2⤵
  PID:7584
- C:\Windows\System\ngXDAiR.exe
  C:\Windows\System\ngXDAiR.exe
  2⤵
  PID:1768
- C:\Windows\System\TTydEPm.exe
  C:\Windows\System\TTydEPm.exe
  2⤵
  PID:7544
- C:\Windows\System\JqZJawj.exe
  C:\Windows\System\JqZJawj.exe
  2⤵
  PID:7596
- C:\Windows\System\hgeiNBb.exe
  C:\Windows\System\hgeiNBb.exe
  2⤵
  PID:7676
- C:\Windows\System\NgArjjK.exe
  C:\Windows\System\NgArjjK.exe
  2⤵
  PID:7728
- C:\Windows\System\PlogglP.exe
  C:\Windows\System\PlogglP.exe
  2⤵
  PID:7892
- C:\Windows\System\vsmDvLp.exe
  C:\Windows\System\vsmDvLp.exe
  2⤵
  PID:8048
- C:\Windows\System\zUTDBNt.exe
  C:\Windows\System\zUTDBNt.exe
  2⤵
  PID:8152
- C:\Windows\System\KTpqvKl.exe
  C:\Windows\System\KTpqvKl.exe
  2⤵
  PID:7804
- C:\Windows\System\bBUuwMD.exe
  C:\Windows\System\bBUuwMD.exe
  2⤵
  PID:7880
- C:\Windows\System\KPJoCVg.exe
  C:\Windows\System\KPJoCVg.exe
  2⤵
  PID:8072
- C:\Windows\System\LXwfdDY.exe
  C:\Windows\System\LXwfdDY.exe
  2⤵
  PID:8112
- C:\Windows\System\RfOaXjt.exe
  C:\Windows\System\RfOaXjt.exe
  2⤵
  PID:7060
- C:\Windows\System\yPMScRs.exe
  C:\Windows\System\yPMScRs.exe
  2⤵
  PID:7200
- C:\Windows\System\PbWmTze.exe
  C:\Windows\System\PbWmTze.exe
  2⤵
  PID:7380
- C:\Windows\System\WHCPzoH.exe
  C:\Windows\System\WHCPzoH.exe
  2⤵
  PID:6256
- C:\Windows\System\HQxQUUx.exe
  C:\Windows\System\HQxQUUx.exe
  2⤵
  PID:3012
- C:\Windows\System\zfidsDJ.exe
  C:\Windows\System\zfidsDJ.exe
  2⤵
  PID:7368
- C:\Windows\System\gtJXuHM.exe
  C:\Windows\System\gtJXuHM.exe
  2⤵
  PID:7648
- C:\Windows\System\OachRrQ.exe
  C:\Windows\System\OachRrQ.exe
  2⤵
  PID:7992
- C:\Windows\System\tdMBkBQ.exe
  C:\Windows\System\tdMBkBQ.exe
  2⤵
  PID:7808
- C:\Windows\System\eeLXWwt.exe
  C:\Windows\System\eeLXWwt.exe
  2⤵
  PID:8024
- C:\Windows\System\XZpTPDm.exe
  C:\Windows\System\XZpTPDm.exe
  2⤵
  PID:7204
- C:\Windows\System\wuDChRa.exe
  C:\Windows\System\wuDChRa.exe
  2⤵
  PID:7564
- C:\Windows\System\HhpAAan.exe
  C:\Windows\System\HhpAAan.exe
  2⤵
  PID:7032
- C:\Windows\System\hHhYlYT.exe
  C:\Windows\System\hHhYlYT.exe
  2⤵
  PID:7516
- C:\Windows\System\GAjDNjF.exe
  C:\Windows\System\GAjDNjF.exe
  2⤵
  PID:7976
- C:\Windows\System\uZpUrUK.exe
  C:\Windows\System\uZpUrUK.exe
  2⤵
  PID:8076
- C:\Windows\System\oOTmqQR.exe
  C:\Windows\System\oOTmqQR.exe
  2⤵
  PID:7960
- C:\Windows\System\aJuBlnK.exe
  C:\Windows\System\aJuBlnK.exe
  2⤵
  PID:8200
- C:\Windows\System\EgmdYFj.exe
  C:\Windows\System\EgmdYFj.exe
  2⤵
  PID:8216
- C:\Windows\System\jnVsAEL.exe
  C:\Windows\System\jnVsAEL.exe
  2⤵
  PID:8232
- C:\Windows\System\ZgbRYVT.exe
  C:\Windows\System\ZgbRYVT.exe
  2⤵
  PID:8248
- C:\Windows\System\zTKYSYU.exe
  C:\Windows\System\zTKYSYU.exe
  2⤵
  PID:8264
- C:\Windows\System\ckCukCc.exe
  C:\Windows\System\ckCukCc.exe
  2⤵
  PID:8280
- C:\Windows\System\MmWZqvn.exe
  C:\Windows\System\MmWZqvn.exe
  2⤵
  PID:8300
- C:\Windows\System\UoVZdxR.exe
  C:\Windows\System\UoVZdxR.exe
  2⤵
  PID:8316
- C:\Windows\System\gTQiBcg.exe
  C:\Windows\System\gTQiBcg.exe
  2⤵
  PID:8332
- C:\Windows\System\jorlPKW.exe
  C:\Windows\System\jorlPKW.exe
  2⤵
  PID:8360
- C:\Windows\System\dWDwWCd.exe
  C:\Windows\System\dWDwWCd.exe
  2⤵
  PID:8380
- C:\Windows\System\yIcTPIF.exe
  C:\Windows\System\yIcTPIF.exe
  2⤵
  PID:8396
- C:\Windows\System\NCtxtNe.exe
  C:\Windows\System\NCtxtNe.exe
  2⤵
  PID:8412
- C:\Windows\System\VlUvulM.exe
  C:\Windows\System\VlUvulM.exe
  2⤵
  PID:8428
- C:\Windows\System\RMFtkTU.exe
  C:\Windows\System\RMFtkTU.exe
  2⤵
  PID:8444
- C:\Windows\System\uogCJOE.exe
  C:\Windows\System\uogCJOE.exe
  2⤵
  PID:8464
- C:\Windows\System\UVCHGRM.exe
  C:\Windows\System\UVCHGRM.exe
  2⤵
  PID:8480
- C:\Windows\System\flUhbfh.exe
  C:\Windows\System\flUhbfh.exe
  2⤵
  PID:8500
- C:\Windows\System\VGBQFqS.exe
  C:\Windows\System\VGBQFqS.exe
  2⤵
  PID:8516
- C:\Windows\System\sFeVtKu.exe
  C:\Windows\System\sFeVtKu.exe
  2⤵
  PID:8532
- C:\Windows\System\vHDzxeG.exe
  C:\Windows\System\vHDzxeG.exe
  2⤵
  PID:8548
- C:\Windows\System\SqVLBWh.exe
  C:\Windows\System\SqVLBWh.exe
  2⤵
  PID:8564
- C:\Windows\System\Sarobkm.exe
  C:\Windows\System\Sarobkm.exe
  2⤵
  PID:8580
- C:\Windows\System\ZgrOJlJ.exe
  C:\Windows\System\ZgrOJlJ.exe
  2⤵
  PID:8596
- C:\Windows\System\zQDdukF.exe
  C:\Windows\System\zQDdukF.exe
  2⤵
  PID:8612
- C:\Windows\System\YCXmqys.exe
  C:\Windows\System\YCXmqys.exe
  2⤵
  PID:8628
- C:\Windows\System\cgtjncx.exe
  C:\Windows\System\cgtjncx.exe
  2⤵
  PID:8648
- C:\Windows\System\LoCWOOW.exe
  C:\Windows\System\LoCWOOW.exe
  2⤵
  PID:8664
- C:\Windows\System\lxwLZUo.exe
  C:\Windows\System\lxwLZUo.exe
  2⤵
  PID:8680
- C:\Windows\System\pqAHutE.exe
  C:\Windows\System\pqAHutE.exe
  2⤵
  PID:8696
- C:\Windows\System\szYzEzj.exe
  C:\Windows\System\szYzEzj.exe
  2⤵
  PID:8712
- C:\Windows\System\fzFmqKq.exe
  C:\Windows\System\fzFmqKq.exe
  2⤵
  PID:8728
- C:\Windows\System\CiHqQRv.exe
  C:\Windows\System\CiHqQRv.exe
  2⤵
  PID:8744
- C:\Windows\System\eKZnDXF.exe
  C:\Windows\System\eKZnDXF.exe
  2⤵
  PID:8760
- C:\Windows\System\sHPPbSz.exe
  C:\Windows\System\sHPPbSz.exe
  2⤵
  PID:8776
- C:\Windows\System\lOjOMLU.exe
  C:\Windows\System\lOjOMLU.exe
  2⤵
  PID:8792
- C:\Windows\System\QhMfJXU.exe
  C:\Windows\System\QhMfJXU.exe
  2⤵
  PID:8808
- C:\Windows\System\yLTBTFo.exe
  C:\Windows\System\yLTBTFo.exe
  2⤵
  PID:8828
- C:\Windows\System\WMWxNZa.exe
  C:\Windows\System\WMWxNZa.exe
  2⤵
  PID:8844
- C:\Windows\System\VAGDmrF.exe
  C:\Windows\System\VAGDmrF.exe
  2⤵
  PID:8860
- C:\Windows\System\ZXUfUtp.exe
  C:\Windows\System\ZXUfUtp.exe
  2⤵
  PID:8876
- C:\Windows\System\Eanjtsj.exe
  C:\Windows\System\Eanjtsj.exe
  2⤵
  PID:8892
- C:\Windows\System\DTVeWXd.exe
  C:\Windows\System\DTVeWXd.exe
  2⤵
  PID:8912
- C:\Windows\System\GIcIAPN.exe
  C:\Windows\System\GIcIAPN.exe
  2⤵
  PID:8928
- C:\Windows\System\aPFSdXQ.exe
  C:\Windows\System\aPFSdXQ.exe
  2⤵
  PID:8944
- C:\Windows\System\IryreNl.exe
  C:\Windows\System\IryreNl.exe
  2⤵
  PID:8964
- C:\Windows\System\DdgsFPS.exe
  C:\Windows\System\DdgsFPS.exe
  2⤵
  PID:8988
- C:\Windows\System\RuatcMn.exe
  C:\Windows\System\RuatcMn.exe
  2⤵
  PID:9004
- C:\Windows\System\dEYfMDk.exe
  C:\Windows\System\dEYfMDk.exe
  2⤵
  PID:9024
- C:\Windows\System\KjXxKAt.exe
  C:\Windows\System\KjXxKAt.exe
  2⤵
  PID:9044
- C:\Windows\System\dcDimFz.exe
  C:\Windows\System\dcDimFz.exe
  2⤵
  PID:9064
- C:\Windows\System\IXxFFFA.exe
  C:\Windows\System\IXxFFFA.exe
  2⤵
  PID:9088
- C:\Windows\System\dyalXMb.exe
  C:\Windows\System\dyalXMb.exe
  2⤵
  PID:9108
- C:\Windows\System\LKvnPlP.exe
  C:\Windows\System\LKvnPlP.exe
  2⤵
  PID:9132
- C:\Windows\System\SzyDIUh.exe
  C:\Windows\System\SzyDIUh.exe
  2⤵
  PID:9152
- C:\Windows\System\JZvjYLi.exe
  C:\Windows\System\JZvjYLi.exe
  2⤵
  PID:9172
- C:\Windows\System\qtrkOwC.exe
  C:\Windows\System\qtrkOwC.exe
  2⤵
  PID:9192
- C:\Windows\System\MnViLJZ.exe
  C:\Windows\System\MnViLJZ.exe
  2⤵
  PID:8196
- C:\Windows\System\FGlyRUY.exe
  C:\Windows\System\FGlyRUY.exe
  2⤵
  PID:8224
- C:\Windows\System\HSJoXoP.exe
  C:\Windows\System\HSJoXoP.exe
  2⤵
  PID:8288
- C:\Windows\System\ylrFkSM.exe
  C:\Windows\System\ylrFkSM.exe
  2⤵
  PID:8272
- C:\Windows\System\PfjiVif.exe
  C:\Windows\System\PfjiVif.exe
  2⤵
  PID:8080
- C:\Windows\System\PQcxOVm.exe
  C:\Windows\System\PQcxOVm.exe
  2⤵
  PID:8324
- C:\Windows\System\HTZbJww.exe
  C:\Windows\System\HTZbJww.exe
  2⤵
  PID:8372
- C:\Windows\System\vnyICKw.exe
  C:\Windows\System\vnyICKw.exe
  2⤵
  PID:8408
- C:\Windows\System\yPgZtJF.exe
  C:\Windows\System\yPgZtJF.exe
  2⤵
  PID:8544
- C:\Windows\System\sNPVwni.exe
  C:\Windows\System\sNPVwni.exe
  2⤵
  PID:8492
- C:\Windows\System\jsSkVlU.exe
  C:\Windows\System\jsSkVlU.exe
  2⤵
  PID:8524
- C:\Windows\System\mBipuYF.exe
  C:\Windows\System\mBipuYF.exe
  2⤵
  PID:8640
- C:\Windows\System\qTpOfub.exe
  C:\Windows\System\qTpOfub.exe
  2⤵
  PID:8704
- C:\Windows\System\LmXTCcV.exe
  C:\Windows\System\LmXTCcV.exe
  2⤵
  PID:8588
- C:\Windows\System\soiQDmU.exe
  C:\Windows\System\soiQDmU.exe
  2⤵
  PID:8736
- C:\Windows\System\tZOPdsr.exe
  C:\Windows\System\tZOPdsr.exe
  2⤵
  PID:8800
- C:\Windows\System\eZDkPLf.exe
  C:\Windows\System\eZDkPLf.exe
  2⤵
  PID:8756
- C:\Windows\System\RYmAgTP.exe
  C:\Windows\System\RYmAgTP.exe
  2⤵
  PID:8624
- C:\Windows\System\EzViDuE.exe
  C:\Windows\System\EzViDuE.exe
  2⤵
  PID:8820
- C:\Windows\System\HSGIHao.exe
  C:\Windows\System\HSGIHao.exe
  2⤵
  PID:8868
- C:\Windows\System\ReUAmSZ.exe
  C:\Windows\System\ReUAmSZ.exe
  2⤵
  PID:8904
- C:\Windows\System\VKBuwJD.exe
  C:\Windows\System\VKBuwJD.exe
  2⤵
  PID:8952
- C:\Windows\System\SBZtwDF.exe
  C:\Windows\System\SBZtwDF.exe
  2⤵
  PID:8980
- C:\Windows\System\cMzpkmr.exe
  C:\Windows\System\cMzpkmr.exe
  2⤵
  PID:9016
- C:\Windows\System\aNdTPtp.exe
  C:\Windows\System\aNdTPtp.exe
  2⤵
  PID:9032
- C:\Windows\System\nvBVbpi.exe
  C:\Windows\System\nvBVbpi.exe
  2⤵
  PID:9076
- C:\Windows\System\QNGyTiK.exe
  C:\Windows\System\QNGyTiK.exe
  2⤵
  PID:9140
- C:\Windows\System\ZJKFDzT.exe
  C:\Windows\System\ZJKFDzT.exe
  2⤵
  PID:9116
- C:\Windows\System\tZHoQHW.exe
  C:\Windows\System\tZHoQHW.exe
  2⤵
  PID:9164
- C:\Windows\System\MybAUKF.exe
  C:\Windows\System\MybAUKF.exe
  2⤵
  PID:9188
- C:\Windows\System\zRsPZgg.exe
  C:\Windows\System\zRsPZgg.exe
  2⤵
  PID:8100
- C:\Windows\System\RLilymO.exe
  C:\Windows\System\RLilymO.exe
  2⤵
  PID:8212
- C:\Windows\System\CEoPJUZ.exe
  C:\Windows\System\CEoPJUZ.exe
  2⤵
  PID:8256
- C:\Windows\System\ZRJkYBG.exe
  C:\Windows\System\ZRJkYBG.exe
  2⤵
  PID:8276
- C:\Windows\System\YtoAQFW.exe
  C:\Windows\System\YtoAQFW.exe
  2⤵
  PID:8340
- C:\Windows\System\uMeDUsa.exe
  C:\Windows\System\uMeDUsa.exe
  2⤵
  PID:8452
- C:\Windows\System\VnXUtuj.exe
  C:\Windows\System\VnXUtuj.exe
  2⤵
  PID:8772
- C:\Windows\System\kvIboXz.exe
  C:\Windows\System\kvIboXz.exe
  2⤵
  PID:9036
- C:\Windows\System\POrhHtT.exe
  C:\Windows\System\POrhHtT.exe
  2⤵
  PID:9104
- C:\Windows\System\zCwmOaP.exe
  C:\Windows\System\zCwmOaP.exe
  2⤵
  PID:6236
- C:\Windows\System\kPPOPeU.exe
  C:\Windows\System\kPPOPeU.exe
  2⤵
  PID:8344
- C:\Windows\System\AuUDbDS.exe
  C:\Windows\System\AuUDbDS.exe
  2⤵
  PID:8208
- C:\Windows\System\fcGaKFa.exe
  C:\Windows\System\fcGaKFa.exe
  2⤵
  PID:8148
- C:\Windows\System\RWrRDPE.exe
  C:\Windows\System\RWrRDPE.exe
  2⤵
  PID:8472
- C:\Windows\System\hADuctB.exe
  C:\Windows\System\hADuctB.exe
  2⤵
  PID:8908
- C:\Windows\System\unylPKA.exe
  C:\Windows\System\unylPKA.exe
  2⤵
  PID:9000
- C:\Windows\System\XMadEuB.exe
  C:\Windows\System\XMadEuB.exe
  2⤵
  PID:8740
- C:\Windows\System\QhmvHvE.exe
  C:\Windows\System\QhmvHvE.exe
  2⤵
  PID:8940
- C:\Windows\System\sWhnEFI.exe
  C:\Windows\System\sWhnEFI.exe
  2⤵
  PID:8852
- C:\Windows\System\UfyOJLS.exe
  C:\Windows\System\UfyOJLS.exe
  2⤵
  PID:8440
- C:\Windows\System\OKrSvxj.exe
  C:\Windows\System\OKrSvxj.exe
  2⤵
  PID:8956
- C:\Windows\System\wJSVkyw.exe
  C:\Windows\System\wJSVkyw.exe
  2⤵
  PID:9084
- C:\Windows\System\PJmzyzu.exe
  C:\Windows\System\PJmzyzu.exe
  2⤵
  PID:8996
- C:\Windows\System\yxEqKXl.exe
  C:\Windows\System\yxEqKXl.exe
  2⤵
  PID:9212
- C:\Windows\System\CpYYBAj.exe
  C:\Windows\System\CpYYBAj.exe
  2⤵
  PID:8184
- C:\Windows\System\JSPyUHh.exe
  C:\Windows\System\JSPyUHh.exe
  2⤵
  PID:7548
- C:\Windows\System\tZMPyNN.exe
  C:\Windows\System\tZMPyNN.exe
  2⤵
  PID:8460
- C:\Windows\System\RiPrgxX.exe
  C:\Windows\System\RiPrgxX.exe
  2⤵
  PID:8308
- C:\Windows\System\QINVvbd.exe
  C:\Windows\System\QINVvbd.exe
  2⤵
  PID:9184
- C:\Windows\System\BfzVvZb.exe
  C:\Windows\System\BfzVvZb.exe
  2⤵
  PID:9204
- C:\Windows\System\XjCKsRm.exe
  C:\Windows\System\XjCKsRm.exe
  2⤵
  PID:8920
- C:\Windows\System\yLDoACL.exe
  C:\Windows\System\yLDoACL.exe
  2⤵
  PID:8556
- C:\Windows\System\JCvnvzZ.exe
  C:\Windows\System\JCvnvzZ.exe
  2⤵
  PID:8352
- C:\Windows\System\bEdnuMY.exe
  C:\Windows\System\bEdnuMY.exe
  2⤵
  PID:9224
- C:\Windows\System\IJFwgjR.exe
  C:\Windows\System\IJFwgjR.exe
  2⤵
  PID:9240
- C:\Windows\System\LStgcse.exe
  C:\Windows\System\LStgcse.exe
  2⤵
  PID:9260
- C:\Windows\System\CZafwrW.exe
  C:\Windows\System\CZafwrW.exe
  2⤵
  PID:9280
- C:\Windows\System\DWtFwOj.exe
  C:\Windows\System\DWtFwOj.exe
  2⤵
  PID:9300
- C:\Windows\System\OkBqXEa.exe
  C:\Windows\System\OkBqXEa.exe
  2⤵
  PID:9320
- C:\Windows\System\HxcJiIz.exe
  C:\Windows\System\HxcJiIz.exe
  2⤵
  PID:9356
- C:\Windows\System\LIgCnnL.exe
  C:\Windows\System\LIgCnnL.exe
  2⤵
  PID:9376
- C:\Windows\System\MJwotSf.exe
  C:\Windows\System\MJwotSf.exe
  2⤵
  PID:9392
- C:\Windows\System\rRekCeB.exe
  C:\Windows\System\rRekCeB.exe
  2⤵
  PID:9412
- C:\Windows\System\nwfIvdF.exe
  C:\Windows\System\nwfIvdF.exe
  2⤵
  PID:9444
- C:\Windows\System\omqjvxr.exe
  C:\Windows\System\omqjvxr.exe
  2⤵
  PID:9460
- C:\Windows\System\kQjZrdo.exe
  C:\Windows\System\kQjZrdo.exe
  2⤵
  PID:9476
- C:\Windows\System\miaople.exe
  C:\Windows\System\miaople.exe
  2⤵
  PID:9500
- C:\Windows\System\gMFgeVi.exe
  C:\Windows\System\gMFgeVi.exe
  2⤵
  PID:9520
- C:\Windows\System\kwhEdqs.exe
  C:\Windows\System\kwhEdqs.exe
  2⤵
  PID:9540
- C:\Windows\System\SrvzfwB.exe
  C:\Windows\System\SrvzfwB.exe
  2⤵
  PID:9556
- C:\Windows\System\EBnSAMS.exe
  C:\Windows\System\EBnSAMS.exe
  2⤵
  PID:9580
- C:\Windows\System\PuIZJCm.exe
  C:\Windows\System\PuIZJCm.exe
  2⤵
  PID:9600
- C:\Windows\System\VJBucQl.exe
  C:\Windows\System\VJBucQl.exe
  2⤵
  PID:9620
- C:\Windows\System\EgHreLE.exe
  C:\Windows\System\EgHreLE.exe
  2⤵
  PID:9640
- C:\Windows\System\CcaryRK.exe
  C:\Windows\System\CcaryRK.exe
  2⤵
  PID:9660
- C:\Windows\System\cUyTVHQ.exe
  C:\Windows\System\cUyTVHQ.exe
  2⤵
  PID:9680
- C:\Windows\System\viciuDv.exe
  C:\Windows\System\viciuDv.exe
  2⤵
  PID:9704
- C:\Windows\System\slDlphx.exe
  C:\Windows\System\slDlphx.exe
  2⤵
  PID:9720
- C:\Windows\System\oJKdkRb.exe
  C:\Windows\System\oJKdkRb.exe
  2⤵
  PID:9736
- C:\Windows\System\uhYlNGa.exe
  C:\Windows\System\uhYlNGa.exe
  2⤵
  PID:9760
- C:\Windows\System\MbeeOqJ.exe
  C:\Windows\System\MbeeOqJ.exe
  2⤵
  PID:9776
- C:\Windows\System\HxJjCwD.exe
  C:\Windows\System\HxJjCwD.exe
  2⤵
  PID:9792
- C:\Windows\System\qEMfqrL.exe
  C:\Windows\System\qEMfqrL.exe
  2⤵
  PID:9816
- C:\Windows\System\JpXnXJa.exe
  C:\Windows\System\JpXnXJa.exe
  2⤵
  PID:9832
- C:\Windows\System\CaEqPRv.exe
  C:\Windows\System\CaEqPRv.exe
  2⤵
  PID:9848
- C:\Windows\System\VKsnSTQ.exe
  C:\Windows\System\VKsnSTQ.exe
  2⤵
  PID:9864
- C:\Windows\System\khGasWh.exe
  C:\Windows\System\khGasWh.exe
  2⤵
  PID:9892
- C:\Windows\System\gYeGZxm.exe
  C:\Windows\System\gYeGZxm.exe
  2⤵
  PID:9912
- C:\Windows\System\ZEzWAEf.exe
  C:\Windows\System\ZEzWAEf.exe
  2⤵
  PID:9928
- C:\Windows\System\CCoLcWK.exe
  C:\Windows\System\CCoLcWK.exe
  2⤵
  PID:9948
- C:\Windows\System\PQcDPhF.exe
  C:\Windows\System\PQcDPhF.exe
  2⤵
  PID:9964
- C:\Windows\System\UOrjkUN.exe
  C:\Windows\System\UOrjkUN.exe
  2⤵
  PID:9988
- C:\Windows\System\XlAZebd.exe
  C:\Windows\System\XlAZebd.exe
  2⤵
  PID:10012
- C:\Windows\System\NjnDPeE.exe
  C:\Windows\System\NjnDPeE.exe
  2⤵
  PID:10028
- C:\Windows\System\NOdBpSV.exe
  C:\Windows\System\NOdBpSV.exe
  2⤵
  PID:10044
- C:\Windows\System\hdjRdGN.exe
  C:\Windows\System\hdjRdGN.exe
  2⤵
  PID:10060
- C:\Windows\System\voCdwQi.exe
  C:\Windows\System\voCdwQi.exe
  2⤵
  PID:10088
- C:\Windows\System\EJuPWgB.exe
  C:\Windows\System\EJuPWgB.exe
  2⤵
  PID:10112
- C:\Windows\System\ZSCssTy.exe
  C:\Windows\System\ZSCssTy.exe
  2⤵
  PID:10144
- C:\Windows\System\hphgmog.exe
  C:\Windows\System\hphgmog.exe
  2⤵
  PID:10160
- C:\Windows\System\aIgFuTN.exe
  C:\Windows\System\aIgFuTN.exe
  2⤵
  PID:10180
- C:\Windows\System\IAeOJjf.exe
  C:\Windows\System\IAeOJjf.exe
  2⤵
  PID:10208
- C:\Windows\System\Eefrsme.exe
  C:\Windows\System\Eefrsme.exe
  2⤵
  PID:10228
- C:\Windows\System\qAZskla.exe
  C:\Windows\System\qAZskla.exe
  2⤵
  PID:8960
- C:\Windows\System\YstLyjr.exe
  C:\Windows\System\YstLyjr.exe
  2⤵
  PID:9256
- C:\Windows\System\RMzobqB.exe
  C:\Windows\System\RMzobqB.exe
  2⤵
  PID:9328
- C:\Windows\System\LbjMBkc.exe
  C:\Windows\System\LbjMBkc.exe
  2⤵
  PID:9052
- C:\Windows\System\dLFrTIX.exe
  C:\Windows\System\dLFrTIX.exe
  2⤵
  PID:9272
- C:\Windows\System\YtEWAra.exe
  C:\Windows\System\YtEWAra.exe
  2⤵
  PID:9316
- C:\Windows\System\ilvPeON.exe
  C:\Windows\System\ilvPeON.exe
  2⤵
  PID:9348
- C:\Windows\System\yWJFnWk.exe
  C:\Windows\System\yWJFnWk.exe
  2⤵
  PID:9420
- C:\Windows\System\rEwhuIs.exe
  C:\Windows\System\rEwhuIs.exe
  2⤵
  PID:9424
- C:\Windows\System\IcaRXKc.exe
  C:\Windows\System\IcaRXKc.exe
  2⤵
  PID:8972
- C:\Windows\System\lXYJFPa.exe
  C:\Windows\System\lXYJFPa.exe
  2⤵
  PID:9468
- C:\Windows\System\VZAOfsl.exe
  C:\Windows\System\VZAOfsl.exe
  2⤵
  PID:9512
- C:\Windows\System\JNRtNxr.exe
  C:\Windows\System\JNRtNxr.exe
  2⤵
  PID:9528
- C:\Windows\System\GEmdpGM.exe
  C:\Windows\System\GEmdpGM.exe
  2⤵
  PID:9568
- C:\Windows\System\poKAxKG.exe
  C:\Windows\System\poKAxKG.exe
  2⤵
  PID:9564
- C:\Windows\System\bVhmqik.exe
  C:\Windows\System\bVhmqik.exe
  2⤵
  PID:9596
- C:\Windows\System\LbDPHIp.exe
  C:\Windows\System\LbDPHIp.exe
  2⤵
  PID:9712
- C:\Windows\System\ZMLjGvn.exe
  C:\Windows\System\ZMLjGvn.exe
  2⤵
  PID:9732
- C:\Windows\System\fdwNZVg.exe
  C:\Windows\System\fdwNZVg.exe
  2⤵
  PID:9768
- C:\Windows\System\zNZMJAw.exe
  C:\Windows\System\zNZMJAw.exe
  2⤵
  PID:9824
- C:\Windows\System\vaLNbvK.exe
  C:\Windows\System\vaLNbvK.exe
  2⤵
  PID:9844
- C:\Windows\System\AaarFgb.exe
  C:\Windows\System\AaarFgb.exe
  2⤵
  PID:9936
- C:\Windows\System\PYAizCB.exe
  C:\Windows\System\PYAizCB.exe
  2⤵
  PID:9976
- C:\Windows\System\AxZbdQk.exe
  C:\Windows\System\AxZbdQk.exe
  2⤵
  PID:9884
- C:\Windows\System\usBtZlB.exe
  C:\Windows\System\usBtZlB.exe
  2⤵
  PID:9920
- C:\Windows\System\cIJShav.exe
  C:\Windows\System\cIJShav.exe
  2⤵
  PID:10008
- C:\Windows\System\CzwsEGV.exe
  C:\Windows\System\CzwsEGV.exe
  2⤵
  PID:10036
- C:\Windows\System\qyNbPWF.exe
  C:\Windows\System\qyNbPWF.exe
  2⤵
  PID:10076
- C:\Windows\System\pBnpwLt.exe
  C:\Windows\System\pBnpwLt.exe
  2⤵
  PID:9436
- C:\Windows\System\GkuuOEg.exe
  C:\Windows\System\GkuuOEg.exe
  2⤵
  PID:10152
- C:\Windows\System\YCTsdmk.exe
  C:\Windows\System\YCTsdmk.exe
  2⤵
  PID:10188
- C:\Windows\System\dYLcjXH.exe
  C:\Windows\System\dYLcjXH.exe
  2⤵
  PID:10196
- C:\Windows\System\pBsAxsY.exe
  C:\Windows\System\pBsAxsY.exe
  2⤵
  PID:7788
- C:\Windows\System\ymSNaHR.exe
  C:\Windows\System\ymSNaHR.exe
  2⤵
  PID:9236
- C:\Windows\System\tpEaehb.exe
  C:\Windows\System\tpEaehb.exe
  2⤵
  PID:9344
- C:\Windows\System\EOzbgXs.exe
  C:\Windows\System\EOzbgXs.exe
  2⤵
  PID:9372
- C:\Windows\System\GEOoIKj.exe
  C:\Windows\System\GEOoIKj.exe
  2⤵
  PID:9364
- C:\Windows\System\SMBIXRA.exe
  C:\Windows\System\SMBIXRA.exe
  2⤵
  PID:9552
- C:\Windows\System\quwzdjY.exe
  C:\Windows\System\quwzdjY.exe
  2⤵
  PID:9516
- C:\Windows\System\dPrnJRW.exe
  C:\Windows\System\dPrnJRW.exe
  2⤵
  PID:9572
- C:\Windows\System\JkMiSiP.exe
  C:\Windows\System\JkMiSiP.exe
  2⤵
  PID:9612
- C:\Windows\System\bYDKaHh.exe
  C:\Windows\System\bYDKaHh.exe
  2⤵
  PID:9668
- C:\Windows\System\RwEIOjU.exe
  C:\Windows\System\RwEIOjU.exe
  2⤵
  PID:9676
- C:\Windows\System\oRzYPpA.exe
  C:\Windows\System\oRzYPpA.exe
  2⤵
  PID:9784
- C:\Windows\System\xTHaTQm.exe
  C:\Windows\System\xTHaTQm.exe
  2⤵
  PID:9808
- C:\Windows\System\WYhXJhu.exe
  C:\Windows\System\WYhXJhu.exe
  2⤵
  PID:9812
- C:\Windows\System\avwiYiu.exe
  C:\Windows\System\avwiYiu.exe
  2⤵
  PID:9944
- C:\Windows\System\FUEaNOX.exe
  C:\Windows\System\FUEaNOX.exe
  2⤵
  PID:10020
- C:\Windows\System\MvFyNgD.exe
  C:\Windows\System\MvFyNgD.exe
  2⤵
  PID:9956
- C:\Windows\System\tdauEEL.exe
  C:\Windows\System\tdauEEL.exe
  2⤵
  PID:10100
- C:\Windows\System\xfnXCsg.exe
  C:\Windows\System\xfnXCsg.exe
  2⤵
  PID:10120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BGQhSej.exe

Filesize
6.0MB

MD5
78f617cd80b7cbbc1b0bdddbfd9ea664

SHA1
4dbdda3b981bd5b37b5728a1b2b21bf64374ff2d

SHA256
d302969a8a8c519e70eac1480f00db684e9cf64e62b12fb101a3c1f4057c2244

SHA512
42a61f21bd5a93cc79882458b3e67b0a61be735c19bb3caf04723962f3c4f110859ee4ff7a60ff87d70a3bc6dd28b2359211a3b584ef8e792c8204a2b762bcfc

Download Submit
C:\Windows\system\CbOeZZG.exe

Filesize
6.0MB

MD5
8711ae41e7b1a08f2b4a089a8a21e73c

SHA1
9e6d79482b32ad58d31d814e331f7d1f6aaba3d1

SHA256
16f91dd9a835f35d816959eea72ab55e29eaa5c9a7b14ff4a358307265c89c65

SHA512
85ff4ad8d665a03aaeda9890863cb7d5297331c6e6e79f7606a5aa4b39ec763db166fe023fd1b8dfcd2eaa0cc247e0a33515840fa6447237ffffb2fb7a5f8c29

Download Submit
C:\Windows\system\EFeUzOb.exe

Filesize
6.0MB

MD5
128b73ba9a9f80672af9bc7428ecf347

SHA1
0497d565889fab3d037fd99f389dde16131c3149

SHA256
9490176a629d0e562583e5d6fa202dce37a6a7febce5fd692823c56fb9b41b41

SHA512
058158c6a9e3c671704989ee9aedab8ad5b291515025a25a1d3698aa3829247473800e078d70385c296038669867571bea16c273478be52bad299f4ebd4ad9b4

Download Submit
C:\Windows\system\MQbNGbs.exe

Filesize
6.0MB

MD5
7145317b5e86b87d63c087412bdd5ac6

SHA1
b189b3e4097cf727a48a18a75dd0e8b68f3e15b3

SHA256
c47bcb1d158ac2e4c9ababbfb3a757aea953f0abe5f904e7f1654211f685e28e

SHA512
be54f2553bbd18223077e65d3b5372bf284604d5a2ff666b839739fd12f9492e03a9551b2701043b5472fd9a4dcc5435c2a3ed6c6b46fcc880bf3219f0e2088d

Download Submit
C:\Windows\system\PZVHSAZ.exe

Filesize
6.0MB

MD5
f65c4902b32d9b72053b84f65e2c9b4b

SHA1
db54f9a080fce5d9f9aabfe582f414997e807d22

SHA256
49664aa13c6d7c1e168468a3a362788306dde24ccb83cd82fbc0facd15322ae3

SHA512
213ff896e6fde5cd87323692a2958ab816b669822cbe752facc280b4f7d069be4396d88b3c9f3d1430ecb5de9ca562830c3fd656a61ea0ac8e0e3278693d1f5b

Download Submit
C:\Windows\system\QjPwDmZ.exe

Filesize
6.0MB

MD5
a6a8530da679c73659e4fbe01fd34cc7

SHA1
96ca46cdc348ade1ff9ce90867cbdf4ff83e9b5c

SHA256
bb70d34a88d2a2b642f0ca700183afc60e574041d0958f4d71da7d5c7b61a6a0

SHA512
9031544620c19718dbfb7de2956bf1b35729b9df2dd579eb3bab4e187e4d5442f3b4b286867745c17665377d9baa6799f447009605f54cc0fe53f8d689383fba

Download Submit
C:\Windows\system\RDFojtn.exe

Filesize
6.0MB

MD5
b1cef28993c0b5d85eccdbd5decea857

SHA1
6e98ae88cc4a6c646e6921ad7b7a4be6fe9c04d1

SHA256
257cb60287121ed061ac850b58482f19c0dfcfae71712fa167b15db2972c9d45

SHA512
21d066a0491b0785d0bc4421bf9582bba0ecc2cc32581ea261974bedbc40bd53d8ddcf192dd69459612b34939dd5434690858be3bb3fc6c98826aee4c666b2b6

Download Submit
C:\Windows\system\RSUMnXO.exe

Filesize
6.0MB

MD5
8ce76f90b01138a942bd690daf91eb79

SHA1
5bf7bdea5baa5b298e905f8062bb7803b081f3d5

SHA256
49638a873a5d015f66a4463506494dc07795f8cf8db41e89c864aa36be7d1723

SHA512
b643b4d5cb80d14fcd32f7303f87b63af67be4665e7cdb0f85faf6c494ccd9065d706e54f69ecf8a4d638f410af25c3d420f6a9e1e83e8c1a763eff777e4f27d

Download Submit
C:\Windows\system\VpfXWGO.exe

Filesize
6.0MB

MD5
cba4b5f8580f4f70b6952b15bfecb9fb

SHA1
0dbe03b572f9869ea2cb7da6f7a5a73acfb70ae7

SHA256
0154458c64e32c4b940cd9bbf1bc8c80faa58d9f36f25a6101f68faf48b96417

SHA512
134def5f9de74dc449b639ab983ebb9d92954626f6046d8f134778263fdc8cc7353177a36764aa3905d5ef6e0bda9ae6c05c58d37ea7e81a02968f49dd33c529

Download Submit
C:\Windows\system\ZNsGPya.exe

Filesize
6.0MB

MD5
90cbf12ae76b47853a2289b24e328c9c

SHA1
bc33ed52be7cb3a82f4cacd3446a06c5acf2702c

SHA256
d28b9fc6b68c81400c264e74811f24d49fef36dd3a472a8e2590d92d1fd3017f

SHA512
e081df744fbbdcc007f75349029cfe007c98b4eb37c39b3855ae80395ef52d48fdbdc464031d463b743686432c24772fdf61df8d64b5c605ac4ed5de87c3df13

Download Submit
C:\Windows\system\ZVGJAeV.exe

Filesize
6.0MB

MD5
6fa6eaafcac059bd850935a16803b844

SHA1
dbae22657e8d437a9996cb89bfe7d9ce36c5dc43

SHA256
8c2815a49a8017822c7bdc1c2737a1594e73559284673ad90b843a82c01c8582

SHA512
85f1066cfea40ed56c718f864b1caadcc21aa08123ff797b520b77a09fe793f9dc9b4878f102c4d3a7e89a4ef3620fa9e7611063c66f94218f998716b9a79114

Download Submit
C:\Windows\system\ePwCEgU.exe

Filesize
6.0MB

MD5
0c66ec6dacaa2919cb513ab750ad0a24

SHA1
ff82ef69320691129cfad4a55a84f01bab8c70b0

SHA256
08097a291f7a85ac72c57a9bdbdd64f1020dd5f4026567db2ea1692590bbf38b

SHA512
4b513c0534dd8095efe469c1f1ff43f263ecb4c290f428fc73f4a451ab7b85c32035d2f14534cbf53727054ce9e8c3dde0e537ef75bc596f27214b855ebe8e23

Download Submit
C:\Windows\system\fDwwkWf.exe

Filesize
6.0MB

MD5
4d33555b0c5c18567f20b33203f1069d

SHA1
8b8cace780dd19226d119466468bb34fafa01205

SHA256
e007f9ca7598bd3277fcc03df37ac70f0f83c608d9c89b822e1c099382ec3b95

SHA512
4ae58db76f8cdaafba36f76f74f192c6f17fc54a31c048f60ef7886d60c85b3e350b2096a184d4b4f46019019e78fa0be4408547f309e3638321013c7aa38a8f

Download Submit
C:\Windows\system\hARhNtH.exe

Filesize
6.0MB

MD5
afb97365cc5730c5c3e53cb006a286ca

SHA1
c6ae34261e554ccad7da77e0d035f9eae098e013

SHA256
c3426424883442d09683481bde764011336db479f69b90b4cd723fb3cd5be1cf

SHA512
6bae0abe2bcc58b9615fcf47c5a3505a6dce88d5e4c2b64feae2b08f202945b9e2a9eb75fffcae8a9265ad1b5dff21d2dcbc8ee5ec3b26215086bfe5ab736eda

Download Submit
C:\Windows\system\jhiyrXx.exe

Filesize
6.0MB

MD5
e0c25cc0fee41fde4092d03eb23ed67f

SHA1
a977fe1c17819ae85156ccc6dfa02623321a9754

SHA256
f3e825734d985da4ed66c40f328284812892520e7e6b84e47004b3e8b32f0844

SHA512
4fd3dd92f619e06c80d8ceab3dae1ae1cd292621cc5339ab995cc4e1a753bd1a7f1ebc7c8ec9e3d0a8b5533ea9a18243a95f6c7dee2967b8de5de790ee435a18

Download Submit
C:\Windows\system\lRWVkzV.exe

Filesize
6.0MB

MD5
d9c9091c3e3fc3a976104a83e83df2a4

SHA1
8c3290a15b7260ab9b4995158f40d226ea7526b8

SHA256
bdda926e012ec82009ea289fb8c78a9d33d5ac6889cbb2919637e091fde550f2

SHA512
5d0ecc39332ee8a9da5d9fcbcd1a5b25a240488cf28ec1edb879398437b8d891ec98c3908892c6465361d60a7cd29ce0c7e7eb028531f3b3cdca8fceadb9ec91

Download Submit
C:\Windows\system\ltetnlT.exe

Filesize
6.0MB

MD5
d56d70f05c23dc56973f9d3e46ceedf2

SHA1
4cb3f308f25f8801cc3c520414150ec9b613503a

SHA256
aa9f89b1023da9ce11c597a92f66ae4f4923a4b3873dc0278d08d5b231f2ff9b

SHA512
c03c275831f5f4f7d2bcdf279629558d09e2c2ce4e42ead141aa29476047f40c3db2767d8999a0b1aef78a98fbbeac184ae6ce2b5f71371f6f0e9207a024b756

Download Submit
C:\Windows\system\nxMcCXF.exe

Filesize
6.0MB

MD5
586e1188b08a679304e8d7e3c985836c

SHA1
701e0683aa6f2878536d120fd5138f014b8c910b

SHA256
f27fc58769762d3c90d67db922e8fce8b24745365effd02cc86b7f4c4ab6770a

SHA512
9ead7ca01a80d05bd7400ad9d27fa919475ebf8226a539a0493043949d908eaddf92cb46840decaa3390ffa5063aa479922c78e58f52a43f7286150308840eda

Download Submit
C:\Windows\system\qdBFddH.exe

Filesize
6.0MB

MD5
70e356850feab16abf9eb615402ccdb3

SHA1
7533d424c958f15bb62c00634dc86716d9136c9c

SHA256
b671528c7b0b0cda719d029589b7dd7b3e7096a7d1b9960dfdb65eea80a7f7f3

SHA512
06c7a39f774537105135a023f4d333212419c427358c898f0a7f39887bf0b7c8deda8f63cb435e5ddc05f5e7edecbf75f62270442777896805469dcedc138698

Download Submit
C:\Windows\system\sxjPZDc.exe

Filesize
6.0MB

MD5
9bc70820aa870e4780dbca35f657c9f7

SHA1
081fee325afbf2db6b463b3e531ebf3d059f7015

SHA256
e8dde01638766e8bd87396a4d6ab3dba62a18540d1332066dfe72519aa85283a

SHA512
85398ca6af398b124398301001e892c82330b31f96e48677bc87954dd891ab0a03d6fc3c1a5e7d6f3289162e4f994bfec213638c9b05d02fc394ca03b4b3855a

Download Submit
C:\Windows\system\tTvbNYV.exe

Filesize
6.0MB

MD5
19f1c7521aa3c66df8b01ee94057c890

SHA1
d20bd8c12ca7cbf4c75a3b01ba8b1ceefd40ff2e

SHA256
515b4015a9f62d9a85abb7a89ed4627a19ab1f1f8ae59667a28332f1402766c1

SHA512
7529a2ed11758bd09bf902274104fa5fb9ac16776f102b68fe9b8e0fa0e7d41c9041174df0197686aeb87b025b2d1da1a6de673728f2b88d943cb1529ba76b0a

Download Submit
C:\Windows\system\vikJJZX.exe

Filesize
6.0MB

MD5
e7905a4478e452722bf4441fbbb95539

SHA1
9cf970c6a42a6627eee5f313cd1a92c07485adb6

SHA256
427c861a67247985a374a07b24b0e60bc1fdf4ed135395bd915ad386fc6e059b

SHA512
1b112f0f865849fa3f145d5feb37b1df8ddde0aab96595e5979266f3857e92370e2b041b7bd7b9bc38825dbc162be6faceb2d38309abc6b545fdea869f4e87f4

Download Submit
C:\Windows\system\wBIdgls.exe

Filesize
6.0MB

MD5
951853690e5e7cf56a07296bf21bc419

SHA1
7c2dfa171d0249419fb85b3c1a90d67f178ff774

SHA256
d1df32892eca21b34b0e5f7e43f6bb87c4f10b30a9839c091eda9db03e9d75d5

SHA512
611f6225e3f10215cf2a2b89f2bbd5d6c62bc43b2dea061bc8d66e231a31562f5207b99bf49453add0eb4bd4e1fc3f5062a3980de7cfd77a7c994cac767abc71

Download Submit
C:\Windows\system\zPuQvMr.exe

Filesize
6.0MB

MD5
af92564949b07db68f07de22ea4da47c

SHA1
ddf30f920338a385f2910ec4dd2926de91596a6b

SHA256
2b09e8c35b4c5ec3667243a0e06305e5588f8df242b51cecfc0cb3ad2fe9f6cf

SHA512
4cb45ded801b0dddbb0553fa4e1cbb0a354339fde120b222cdc23ceb338c607b61860cee4cad58f7cc1cb51953926b363b6069835f4f71c6169de02eba18c63e

Download Submit
C:\Windows\system\zUjKvbz.exe

Filesize
6.0MB

MD5
2428a2af88761c2536c993d038f24c4c

SHA1
e4a43e2d03325340256976e0f2e188cd824cf7b2

SHA256
44c8094ac78aa18718477a86415fb353cf79ba4fe62c124ad4ac45368e08b2d7

SHA512
bc17e2dd8c1f82aaf99794203c3d27604e4d765ae900d3c3ba1c9c17e8bb70ae66b11309d8534a73e8004187832cdf890e7216f422d356e7ad3928360f126cf1

Download Submit
\Windows\system\ASrTTHQ.exe

Filesize
6.0MB

MD5
ec74e3dde2bc8bb1178cefcd753cca3b

SHA1
2e9848402abe5a329bda7bafdb80c0def5a312ed

SHA256
62075d0621c3614ed7c1bed1407f96200cea907b2f43ac659ecc615977857f94

SHA512
602579c136f133109b6e8345cb0c4793d245e4f62fa7ccaf07759c0b740eb0e0f54d16b347581ea6b4d963356b0d9faf8eb80c1fd3f1752db7c9f23d175ccf64

Download Submit
\Windows\system\DOUGQbt.exe

Filesize
6.0MB

MD5
ed83106d2a7b90fdf35ab0a52ca917ae

SHA1
e8f2ed04b9a494fdd0680dd2af99900f28cead76

SHA256
8047340d34b5fe1a8934682f86835bc283da3d09d235be141b48ca01aaac3b30

SHA512
9c61b512f90de4391f7c341d41d6255b3be0e083d48b8c13e72b932ff0fcabf411270a5603cc0f47449fce86eb2026f79bcd97c61d28b7fded22dee0356f5858

Download Submit
\Windows\system\HKkIelE.exe

Filesize
6.0MB

MD5
00d66879ddc0d7245ae1728c5af53a5b

SHA1
8c7efecf16cb6e2d41b3f9f610eb7da989a63228

SHA256
488fef5a41dd7cb5fa2f565beaf43be4d372e17717b01a42d9332657f830703d

SHA512
9ec1f609ecde5bc95b5235b9f4e098bcf06dfd0ea292c5457483a8790780b9afc82120f054375d85eab4523dc9cfd231a76326fe39fb7150aa6f4effc47d382c

Download Submit
\Windows\system\HqjIrMN.exe

Filesize
6.0MB

MD5
f6aef53de70820bc12f1102b99aa4d3b

SHA1
a1790cf5e6da391893b280c5c2f9f2cc1e9e45ef

SHA256
d790d3d69b0abb6c0bae8cad7e7d3830b56a9c8bf556794b3fd20d5c415f88b1

SHA512
858094977872aa219195cbbed5a5bc2510bf4813f39de6bb48a1d7ee2425e531fc3a0df10b4942aa2f57d6a2a5299708b44c61d356f947263d7f559802daa86d

Download Submit
\Windows\system\MWbrPBD.exe

Filesize
6.0MB

MD5
0f16735e1956143443d685fcbc4d4f29

SHA1
f48e3afeda53fe9db84a0181345c6e5e98f391bc

SHA256
2129f32881eea8ed737eb8119889025b4f18fa864bf76b67c927ae2e644db72c

SHA512
ccbace22af4d6b062fbcccb499e9c3853ffac2673c9b23a24213b2400f75944fde693a61f15b8b43d8f2626ca5927a9fd800c56c99b771f7367562841dc3b22a

Download Submit
\Windows\system\PiqwRVc.exe

Filesize
6.0MB

MD5
cd15163ee5162147c3ce2025b5d79bcf

SHA1
951ecb04089097c6963f996f5b8a6eb866674fd9

SHA256
d4bf509af81885d4ce58ef07383a79e627f41ec4af1e25ffbbea06eaa73d472c

SHA512
cde5fb2c486faace532aa037335860424f00dc3e8ec477a96e2a492b29311202d3aab41337dd4e08f5667d82b0925987bb3c7abce8548704bd0f55fe10985639

Download Submit
\Windows\system\YfTqcKB.exe

Filesize
6.0MB

MD5
868b5e22bd706548d75e0d70d6aa787c

SHA1
9eab634aa14b2ed834d325fea5258986bb6fa6f3

SHA256
85d9ebba28f4db84020ce6525e4d5b840308c0e7c60be8588528cd8d647c3fb6

SHA512
c54615c6d11d737a5acdd370a928b1ae79c95d0cab49cabd7dfa83bf06a088882cf21ab7a0c2ac0aac5d3f35d01928db4faaca49cc5243410780398912cfafa4

Download Submit
memory/976-91-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/976-4030-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/1936-14-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1936-4017-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-21-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-4018-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-94-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-96-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-146-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-76-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2204-8-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-18-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-27-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-92-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-99-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-0-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-22-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2204-732-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-728-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-921-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-920-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-1098-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-923-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-582-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2204-42-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-46-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-93-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-95-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-4027-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-4026-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-90-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-4029-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2640-97-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2676-211-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2676-29-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4020-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2768-69-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2768-4023-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2772-37-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2772-147-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2772-4021-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2824-4024-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2824-61-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2844-4019-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2844-23-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2904-87-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-4028-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-4025-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-83-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-4022-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/3044-48-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download