cobaltstrike | f5108dfbdffed0e1560f1413140ac638c3f3c9e600571f6b285e497a3d39f3aa

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e24842e9f5ef62984d9eee5182bff023
SHA1

9444a1b031c325a20ea0860157ecdcf9e170034d
SHA256

f5108dfbdffed0e1560f1413140ac638c3f3c9e600571f6b285e497a3d39f3aa
SHA512

539fc487753ff23ec3e60e358b265f9b31d1d007e318bba955c7ddfc0ac565ee53890d8d9e10791e2fc61c88e379dcbe96bcb45d05cee7b4893f34312263bc67
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUZ:T+q56utgpPF8u/7Z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120f9-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ab9-7.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c56-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c73-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cc5-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ce7-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d1d-39.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018669-70.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d36-64.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f2-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018781-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001868b-123.dat	cobalt_reflective_dll
behavioral1/files/0x001400000001866f-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018742-112.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f8-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018731-118.dat	cobalt_reflective_dll
behavioral1/files/0x0011000000018682-91.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175e7-75.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000165a7-44.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d2e-53.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878c-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926a-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019379-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939d-183.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a9-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019279-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019227-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-143.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1992-0-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x00080000000120f9-3.dat	xmrig
behavioral1/files/0x0008000000016ab9-7.dat	xmrig
behavioral1/memory/2088-14-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2184-12-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c56-9.dat	xmrig
behavioral1/files/0x0008000000016c73-25.dat	xmrig
behavioral1/memory/1648-26-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2932-28-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cc5-32.dat	xmrig
behavioral1/memory/576-34-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x0007000000016ce7-35.dat	xmrig
behavioral1/files/0x0007000000016d1d-39.dat	xmrig
behavioral1/files/0x0006000000018669-70.dat	xmrig
behavioral1/files/0x0008000000016d36-64.dat	xmrig
behavioral1/files/0x00050000000186f2-90.dat	xmrig
behavioral1/memory/1992-100-0x00000000024E0000-0x0000000002834000-memory.dmp	xmrig
behavioral1/files/0x0005000000018781-115.dat	xmrig
behavioral1/files/0x000500000001868b-123.dat	xmrig
behavioral1/files/0x001400000001866f-121.dat	xmrig
behavioral1/memory/1992-87-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x0005000000018742-112.dat	xmrig
behavioral1/memory/2184-107-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186f8-104.dat	xmrig
behavioral1/memory/2848-78-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/1992-69-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2796-65-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018731-118.dat	xmrig
behavioral1/memory/1992-103-0x00000000024E0000-0x0000000002834000-memory.dmp	xmrig
behavioral1/memory/2640-102-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2760-99-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2812-97-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x0011000000018682-91.dat	xmrig
behavioral1/memory/1992-130-0x00000000024E0000-0x0000000002834000-memory.dmp	xmrig
behavioral1/files/0x00060000000175e7-75.dat	xmrig
behavioral1/memory/2704-72-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2472-61-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x00090000000165a7-44.dat	xmrig
behavioral1/files/0x0008000000016d2e-53.dat	xmrig
behavioral1/files/0x000500000001878c-133.dat	xmrig
behavioral1/files/0x000500000001926a-158.dat	xmrig
behavioral1/files/0x0005000000019284-168.dat	xmrig
behavioral1/memory/2956-556-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/1992-551-0x00000000024E0000-0x0000000002834000-memory.dmp	xmrig
behavioral1/memory/1992-950-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2932-232-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a4-189.dat	xmrig
behavioral1/files/0x0005000000019379-178.dat	xmrig
behavioral1/files/0x000500000001939d-183.dat	xmrig
behavioral1/files/0x00050000000192a9-173.dat	xmrig
behavioral1/files/0x0005000000019279-162.dat	xmrig
behavioral1/files/0x000500000001925e-148.dat	xmrig
behavioral1/files/0x0005000000019261-152.dat	xmrig
behavioral1/files/0x0005000000019227-138.dat	xmrig
behavioral1/files/0x000500000001922c-143.dat	xmrig
behavioral1/memory/2956-52-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2088-4021-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2184-4022-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2932-4023-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/1648-4024-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/576-4025-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2796-4026-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2956-4027-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2472-4028-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2184	VBylwRC.exe
2088	MlOdFjj.exe
1648	omaHLbR.exe
2932	jUCrlfF.exe
576	nnUUdYT.exe
2796	ygeauzB.exe
2956	pfTBVcm.exe
2704	iZgItQx.exe
2472	BuTcpTr.exe
2848	pKAquZv.exe
2812	wMwosgW.exe
2760	PrQeWTc.exe
2640	iPVZwSs.exe
644	clRvrfA.exe
2776	OicVLSZ.exe
2916	efUDNZa.exe
2652	XufTXCk.exe
2000	cUFdoFw.exe
1756	fgbPpik.exe
1604	ocnoDWf.exe
2692	uSnbYdY.exe
3064	ftKAmnr.exe
2188	oeqlQxQ.exe
2120	dBcgxNf.exe
2052	yzYbgpH.exe
1536	LQzXfQF.exe
2452	fgwkbuI.exe
1104	EIALYjM.exe
2108	rnjSgGA.exe
1616	RQnrslS.exe
616	PLBpgtQ.exe
1960	vVVhXHB.exe
1748	FGyxywp.exe
2200	iVmTkWJ.exe
2008	fWLXXeg.exe
1372	QEabgAu.exe
812	BHNcWcg.exe
1380	qJaNFfk.exe
1780	wtYSVAv.exe
888	VCNIoxI.exe
1048	kUoTSAU.exe
2520	RrMAsjs.exe
2564	qSjfzLq.exe
1776	KWEsbuj.exe
2172	kiGNxhb.exe
2576	mplTTbH.exe
1744	MJDvNRf.exe
2984	zHeCMej.exe
2496	MIJHxbC.exe
788	NxCZzrd.exe
1688	ygtjWho.exe
2436	BcxFHmQ.exe
2548	PAZAdYs.exe
2864	NGrsDSE.exe
2724	TkvLVNq.exe
2740	TTeOWyu.exe
2944	qcNhOfC.exe
2272	inyKYqB.exe
2716	iLHjVCC.exe
2404	dtNsQHL.exe
2696	JeiFfHU.exe
2908	ZerqnJI.exe
2860	PgwznLW.exe
896	VmbmmUn.exe

Loads dropped DLL 64 IoCs

pid	Process
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1992-0-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x00080000000120f9-3.dat	upx
behavioral1/files/0x0008000000016ab9-7.dat	upx
behavioral1/memory/2088-14-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2184-12-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x0008000000016c56-9.dat	upx
behavioral1/files/0x0008000000016c73-25.dat	upx
behavioral1/memory/1648-26-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2932-28-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/files/0x0007000000016cc5-32.dat	upx
behavioral1/memory/576-34-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x0007000000016ce7-35.dat	upx
behavioral1/files/0x0007000000016d1d-39.dat	upx
behavioral1/files/0x0006000000018669-70.dat	upx
behavioral1/files/0x0008000000016d36-64.dat	upx
behavioral1/files/0x00050000000186f2-90.dat	upx
behavioral1/files/0x0005000000018781-115.dat	upx
behavioral1/files/0x000500000001868b-123.dat	upx
behavioral1/files/0x001400000001866f-121.dat	upx
behavioral1/memory/1992-87-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x0005000000018742-112.dat	upx
behavioral1/memory/2184-107-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x00050000000186f8-104.dat	upx
behavioral1/memory/2848-78-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2796-65-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/files/0x0005000000018731-118.dat	upx
behavioral1/memory/2640-102-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2760-99-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2812-97-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x0011000000018682-91.dat	upx
behavioral1/memory/1992-130-0x00000000024E0000-0x0000000002834000-memory.dmp	upx
behavioral1/files/0x00060000000175e7-75.dat	upx
behavioral1/memory/2704-72-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2472-61-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x00090000000165a7-44.dat	upx
behavioral1/files/0x0008000000016d2e-53.dat	upx
behavioral1/files/0x000500000001878c-133.dat	upx
behavioral1/files/0x000500000001926a-158.dat	upx
behavioral1/files/0x0005000000019284-168.dat	upx
behavioral1/memory/2956-556-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2932-232-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/files/0x00050000000193a4-189.dat	upx
behavioral1/files/0x0005000000019379-178.dat	upx
behavioral1/files/0x000500000001939d-183.dat	upx
behavioral1/files/0x00050000000192a9-173.dat	upx
behavioral1/files/0x0005000000019279-162.dat	upx
behavioral1/files/0x000500000001925e-148.dat	upx
behavioral1/files/0x0005000000019261-152.dat	upx
behavioral1/files/0x0005000000019227-138.dat	upx
behavioral1/files/0x000500000001922c-143.dat	upx
behavioral1/memory/2956-52-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2088-4021-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2184-4022-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2932-4023-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/1648-4024-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/576-4025-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2796-4026-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2956-4027-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2472-4028-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2704-4029-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2848-4030-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2760-4032-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2640-4031-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2812-4033-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dCqIxtm.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cSyKBnF.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nUuOfQx.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RYePBle.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PMdQwjz.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GztwImZ.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\klTPPsa.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\myoPjcO.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RfzhJLj.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\olCsfjZ.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZnxSIsz.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZkjtlgJ.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jOEoFml.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEdkGhs.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NPWFqSM.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vefCTRc.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HWIfBCz.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AOGwMaa.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pDXPVYq.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tFmjgIn.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cUFdoFw.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EGRAqDQ.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GJOiwJE.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sgQrBfb.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbtfQgB.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvQhMiL.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DIHzzwW.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFuYJiY.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eqwSMnk.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bLeHtLA.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BMjJkox.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pcfhpBt.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uptonXc.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wmTjZmF.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\smDNHZq.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgwznLW.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PypcVrX.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzaqUue.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSnbYdY.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YgIqlTH.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvZKPsU.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pCygVsm.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VBPWDVt.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DRIIybA.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wvVccuW.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QcQeNWQ.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oUWNtXU.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AkddSZY.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTWqkeg.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wWmwsqC.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kXtmClO.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XxNhHbW.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xjQcFDY.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lSmXgrx.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QinTfJA.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gOdguCO.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ghzQqHa.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dDZpsyX.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WZsPWDd.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\efZXrMg.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QujeXrZ.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Rhgzbvc.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kFpSQyD.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nFXisgu.exe	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2184	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1992 wrote to memory of 2184	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1992 wrote to memory of 2184	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1992 wrote to memory of 2088	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1992 wrote to memory of 2088	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1992 wrote to memory of 2088	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1992 wrote to memory of 1648	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1992 wrote to memory of 1648	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1992 wrote to memory of 1648	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1992 wrote to memory of 2932	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1992 wrote to memory of 2932	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1992 wrote to memory of 2932	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1992 wrote to memory of 576	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1992 wrote to memory of 576	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1992 wrote to memory of 576	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1992 wrote to memory of 2796	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1992 wrote to memory of 2796	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1992 wrote to memory of 2796	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1992 wrote to memory of 2956	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1992 wrote to memory of 2956	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1992 wrote to memory of 2956	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1992 wrote to memory of 2472	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1992 wrote to memory of 2472	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1992 wrote to memory of 2472	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1992 wrote to memory of 2704	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1992 wrote to memory of 2704	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1992 wrote to memory of 2704	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1992 wrote to memory of 2848	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1992 wrote to memory of 2848	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1992 wrote to memory of 2848	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1992 wrote to memory of 2812	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1992 wrote to memory of 2812	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1992 wrote to memory of 2812	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1992 wrote to memory of 2760	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1992 wrote to memory of 2760	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1992 wrote to memory of 2760	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1992 wrote to memory of 2652	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1992 wrote to memory of 2652	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1992 wrote to memory of 2652	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1992 wrote to memory of 2640	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1992 wrote to memory of 2640	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1992 wrote to memory of 2640	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1992 wrote to memory of 2000	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1992 wrote to memory of 2000	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1992 wrote to memory of 2000	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1992 wrote to memory of 644	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1992 wrote to memory of 644	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1992 wrote to memory of 644	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1992 wrote to memory of 1756	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1992 wrote to memory of 1756	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1992 wrote to memory of 1756	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1992 wrote to memory of 2776	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1992 wrote to memory of 2776	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1992 wrote to memory of 2776	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1992 wrote to memory of 1604	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1992 wrote to memory of 1604	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1992 wrote to memory of 1604	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1992 wrote to memory of 2916	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1992 wrote to memory of 2916	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1992 wrote to memory of 2916	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1992 wrote to memory of 2692	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1992 wrote to memory of 2692	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1992 wrote to memory of 2692	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1992 wrote to memory of 3064	1992	2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_e24842e9f5ef62984d9eee5182bff023_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\System\VBylwRC.exe
  C:\Windows\System\VBylwRC.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\MlOdFjj.exe
  C:\Windows\System\MlOdFjj.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\omaHLbR.exe
  C:\Windows\System\omaHLbR.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\jUCrlfF.exe
  C:\Windows\System\jUCrlfF.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\nnUUdYT.exe
  C:\Windows\System\nnUUdYT.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\ygeauzB.exe
  C:\Windows\System\ygeauzB.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\pfTBVcm.exe
  C:\Windows\System\pfTBVcm.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\BuTcpTr.exe
  C:\Windows\System\BuTcpTr.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\iZgItQx.exe
  C:\Windows\System\iZgItQx.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\pKAquZv.exe
  C:\Windows\System\pKAquZv.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\wMwosgW.exe
  C:\Windows\System\wMwosgW.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\PrQeWTc.exe
  C:\Windows\System\PrQeWTc.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\XufTXCk.exe
  C:\Windows\System\XufTXCk.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\iPVZwSs.exe
  C:\Windows\System\iPVZwSs.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\cUFdoFw.exe
  C:\Windows\System\cUFdoFw.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\clRvrfA.exe
  C:\Windows\System\clRvrfA.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\fgbPpik.exe
  C:\Windows\System\fgbPpik.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\OicVLSZ.exe
  C:\Windows\System\OicVLSZ.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\ocnoDWf.exe
  C:\Windows\System\ocnoDWf.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\efUDNZa.exe
  C:\Windows\System\efUDNZa.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\uSnbYdY.exe
  C:\Windows\System\uSnbYdY.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\ftKAmnr.exe
  C:\Windows\System\ftKAmnr.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\oeqlQxQ.exe
  C:\Windows\System\oeqlQxQ.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\dBcgxNf.exe
  C:\Windows\System\dBcgxNf.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\yzYbgpH.exe
  C:\Windows\System\yzYbgpH.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\LQzXfQF.exe
  C:\Windows\System\LQzXfQF.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\fgwkbuI.exe
  C:\Windows\System\fgwkbuI.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\EIALYjM.exe
  C:\Windows\System\EIALYjM.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\rnjSgGA.exe
  C:\Windows\System\rnjSgGA.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\RQnrslS.exe
  C:\Windows\System\RQnrslS.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\PLBpgtQ.exe
  C:\Windows\System\PLBpgtQ.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\vVVhXHB.exe
  C:\Windows\System\vVVhXHB.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\FGyxywp.exe
  C:\Windows\System\FGyxywp.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\iVmTkWJ.exe
  C:\Windows\System\iVmTkWJ.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\fWLXXeg.exe
  C:\Windows\System\fWLXXeg.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\QEabgAu.exe
  C:\Windows\System\QEabgAu.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\BHNcWcg.exe
  C:\Windows\System\BHNcWcg.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\qJaNFfk.exe
  C:\Windows\System\qJaNFfk.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\wtYSVAv.exe
  C:\Windows\System\wtYSVAv.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\VCNIoxI.exe
  C:\Windows\System\VCNIoxI.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\kUoTSAU.exe
  C:\Windows\System\kUoTSAU.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\RrMAsjs.exe
  C:\Windows\System\RrMAsjs.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\qSjfzLq.exe
  C:\Windows\System\qSjfzLq.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\KWEsbuj.exe
  C:\Windows\System\KWEsbuj.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\kiGNxhb.exe
  C:\Windows\System\kiGNxhb.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\mplTTbH.exe
  C:\Windows\System\mplTTbH.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\MJDvNRf.exe
  C:\Windows\System\MJDvNRf.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\zHeCMej.exe
  C:\Windows\System\zHeCMej.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\MIJHxbC.exe
  C:\Windows\System\MIJHxbC.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\NxCZzrd.exe
  C:\Windows\System\NxCZzrd.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\ygtjWho.exe
  C:\Windows\System\ygtjWho.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\BcxFHmQ.exe
  C:\Windows\System\BcxFHmQ.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\PAZAdYs.exe
  C:\Windows\System\PAZAdYs.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\NGrsDSE.exe
  C:\Windows\System\NGrsDSE.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\TkvLVNq.exe
  C:\Windows\System\TkvLVNq.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\TTeOWyu.exe
  C:\Windows\System\TTeOWyu.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\qcNhOfC.exe
  C:\Windows\System\qcNhOfC.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\inyKYqB.exe
  C:\Windows\System\inyKYqB.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\iLHjVCC.exe
  C:\Windows\System\iLHjVCC.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\dtNsQHL.exe
  C:\Windows\System\dtNsQHL.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\JeiFfHU.exe
  C:\Windows\System\JeiFfHU.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\ZerqnJI.exe
  C:\Windows\System\ZerqnJI.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\PgwznLW.exe
  C:\Windows\System\PgwznLW.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\VmbmmUn.exe
  C:\Windows\System\VmbmmUn.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\BDKjglQ.exe
  C:\Windows\System\BDKjglQ.exe
  2⤵
  PID:2636
- C:\Windows\System\dnZLvOT.exe
  C:\Windows\System\dnZLvOT.exe
  2⤵
  PID:2260
- C:\Windows\System\LlMALPU.exe
  C:\Windows\System\LlMALPU.exe
  2⤵
  PID:2208
- C:\Windows\System\VdsRsoA.exe
  C:\Windows\System\VdsRsoA.exe
  2⤵
  PID:2556
- C:\Windows\System\aQgcXFw.exe
  C:\Windows\System\aQgcXFw.exe
  2⤵
  PID:1704
- C:\Windows\System\uWlrUKx.exe
  C:\Windows\System\uWlrUKx.exe
  2⤵
  PID:1496
- C:\Windows\System\CNDkeue.exe
  C:\Windows\System\CNDkeue.exe
  2⤵
  PID:2480
- C:\Windows\System\rGxjCPI.exe
  C:\Windows\System\rGxjCPI.exe
  2⤵
  PID:908
- C:\Windows\System\DswqrLg.exe
  C:\Windows\System\DswqrLg.exe
  2⤵
  PID:2032
- C:\Windows\System\nAcUFja.exe
  C:\Windows\System\nAcUFja.exe
  2⤵
  PID:1692
- C:\Windows\System\yilVPnB.exe
  C:\Windows\System\yilVPnB.exe
  2⤵
  PID:1636
- C:\Windows\System\QdqjwvN.exe
  C:\Windows\System\QdqjwvN.exe
  2⤵
  PID:2240
- C:\Windows\System\wFEDoRJ.exe
  C:\Windows\System\wFEDoRJ.exe
  2⤵
  PID:2024
- C:\Windows\System\HIyAToI.exe
  C:\Windows\System\HIyAToI.exe
  2⤵
  PID:704
- C:\Windows\System\ZNOOBNr.exe
  C:\Windows\System\ZNOOBNr.exe
  2⤵
  PID:2540
- C:\Windows\System\UyXwajM.exe
  C:\Windows\System\UyXwajM.exe
  2⤵
  PID:1484
- C:\Windows\System\TzAgzCW.exe
  C:\Windows\System\TzAgzCW.exe
  2⤵
  PID:2016
- C:\Windows\System\fIXoOkr.exe
  C:\Windows\System\fIXoOkr.exe
  2⤵
  PID:600
- C:\Windows\System\PZsFbHQ.exe
  C:\Windows\System\PZsFbHQ.exe
  2⤵
  PID:1564
- C:\Windows\System\LrEbwUb.exe
  C:\Windows\System\LrEbwUb.exe
  2⤵
  PID:2224
- C:\Windows\System\RavIDwd.exe
  C:\Windows\System\RavIDwd.exe
  2⤵
  PID:2176
- C:\Windows\System\FEdkGhs.exe
  C:\Windows\System\FEdkGhs.exe
  2⤵
  PID:816
- C:\Windows\System\zHwIXAe.exe
  C:\Windows\System\zHwIXAe.exe
  2⤵
  PID:584
- C:\Windows\System\BMjJkox.exe
  C:\Windows\System\BMjJkox.exe
  2⤵
  PID:2856
- C:\Windows\System\dUBVQev.exe
  C:\Windows\System\dUBVQev.exe
  2⤵
  PID:1712
- C:\Windows\System\QHEUhJr.exe
  C:\Windows\System\QHEUhJr.exe
  2⤵
  PID:1288
- C:\Windows\System\XXvAeId.exe
  C:\Windows\System\XXvAeId.exe
  2⤵
  PID:2012
- C:\Windows\System\KcfhJsX.exe
  C:\Windows\System\KcfhJsX.exe
  2⤵
  PID:1272
- C:\Windows\System\pKmnOYS.exe
  C:\Windows\System\pKmnOYS.exe
  2⤵
  PID:2212
- C:\Windows\System\sASXlnk.exe
  C:\Windows\System\sASXlnk.exe
  2⤵
  PID:2096
- C:\Windows\System\fpGBCgI.exe
  C:\Windows\System\fpGBCgI.exe
  2⤵
  PID:1016
- C:\Windows\System\DVfgOVg.exe
  C:\Windows\System\DVfgOVg.exe
  2⤵
  PID:1264
- C:\Windows\System\FxiIDJy.exe
  C:\Windows\System\FxiIDJy.exe
  2⤵
  PID:1984
- C:\Windows\System\klTPPsa.exe
  C:\Windows\System\klTPPsa.exe
  2⤵
  PID:1676
- C:\Windows\System\LbVGRhn.exe
  C:\Windows\System\LbVGRhn.exe
  2⤵
  PID:2004
- C:\Windows\System\iaeSZKB.exe
  C:\Windows\System\iaeSZKB.exe
  2⤵
  PID:2460
- C:\Windows\System\arGgsDs.exe
  C:\Windows\System\arGgsDs.exe
  2⤵
  PID:592
- C:\Windows\System\KrkPwTX.exe
  C:\Windows\System\KrkPwTX.exe
  2⤵
  PID:1752
- C:\Windows\System\HlcIpig.exe
  C:\Windows\System\HlcIpig.exe
  2⤵
  PID:2344
- C:\Windows\System\kLOdLku.exe
  C:\Windows\System\kLOdLku.exe
  2⤵
  PID:1668
- C:\Windows\System\DRIIybA.exe
  C:\Windows\System\DRIIybA.exe
  2⤵
  PID:2604
- C:\Windows\System\WdsKfRO.exe
  C:\Windows\System\WdsKfRO.exe
  2⤵
  PID:1912
- C:\Windows\System\nkmofGD.exe
  C:\Windows\System\nkmofGD.exe
  2⤵
  PID:1628
- C:\Windows\System\dCqIxtm.exe
  C:\Windows\System\dCqIxtm.exe
  2⤵
  PID:2552
- C:\Windows\System\RPzarOk.exe
  C:\Windows\System\RPzarOk.exe
  2⤵
  PID:2280
- C:\Windows\System\pcfhpBt.exe
  C:\Windows\System\pcfhpBt.exe
  2⤵
  PID:2252
- C:\Windows\System\DmfBuWR.exe
  C:\Windows\System\DmfBuWR.exe
  2⤵
  PID:1356
- C:\Windows\System\usWbunl.exe
  C:\Windows\System\usWbunl.exe
  2⤵
  PID:1680
- C:\Windows\System\EEFOjJP.exe
  C:\Windows\System\EEFOjJP.exe
  2⤵
  PID:1784
- C:\Windows\System\sRIjAbX.exe
  C:\Windows\System\sRIjAbX.exe
  2⤵
  PID:2560
- C:\Windows\System\OyJyUMq.exe
  C:\Windows\System\OyJyUMq.exe
  2⤵
  PID:2412
- C:\Windows\System\uJjRrSJ.exe
  C:\Windows\System\uJjRrSJ.exe
  2⤵
  PID:2324
- C:\Windows\System\VfKOsHU.exe
  C:\Windows\System\VfKOsHU.exe
  2⤵
  PID:2756
- C:\Windows\System\WdFtgeI.exe
  C:\Windows\System\WdFtgeI.exe
  2⤵
  PID:840
- C:\Windows\System\wjJeLfl.exe
  C:\Windows\System\wjJeLfl.exe
  2⤵
  PID:2824
- C:\Windows\System\IoXFqHM.exe
  C:\Windows\System\IoXFqHM.exe
  2⤵
  PID:2632
- C:\Windows\System\bLeHtLA.exe
  C:\Windows\System\bLeHtLA.exe
  2⤵
  PID:1660
- C:\Windows\System\lRIHqsp.exe
  C:\Windows\System\lRIHqsp.exe
  2⤵
  PID:2292
- C:\Windows\System\qRfXnQh.exe
  C:\Windows\System\qRfXnQh.exe
  2⤵
  PID:892
- C:\Windows\System\tHJlwoA.exe
  C:\Windows\System\tHJlwoA.exe
  2⤵
  PID:1476
- C:\Windows\System\saLdozj.exe
  C:\Windows\System\saLdozj.exe
  2⤵
  PID:2612
- C:\Windows\System\uBSFTvL.exe
  C:\Windows\System\uBSFTvL.exe
  2⤵
  PID:2572
- C:\Windows\System\kyQNRAK.exe
  C:\Windows\System\kyQNRAK.exe
  2⤵
  PID:780
- C:\Windows\System\ApeNFnB.exe
  C:\Windows\System\ApeNFnB.exe
  2⤵
  PID:868
- C:\Windows\System\AasXKRM.exe
  C:\Windows\System\AasXKRM.exe
  2⤵
  PID:2080
- C:\Windows\System\DpNcUro.exe
  C:\Windows\System\DpNcUro.exe
  2⤵
  PID:320
- C:\Windows\System\AbaxvQK.exe
  C:\Windows\System\AbaxvQK.exe
  2⤵
  PID:3088
- C:\Windows\System\DfSNdzF.exe
  C:\Windows\System\DfSNdzF.exe
  2⤵
  PID:3108
- C:\Windows\System\akTslUm.exe
  C:\Windows\System\akTslUm.exe
  2⤵
  PID:3124
- C:\Windows\System\SFJmNsg.exe
  C:\Windows\System\SFJmNsg.exe
  2⤵
  PID:3144
- C:\Windows\System\epYyYrh.exe
  C:\Windows\System\epYyYrh.exe
  2⤵
  PID:3160
- C:\Windows\System\jhBGjpl.exe
  C:\Windows\System\jhBGjpl.exe
  2⤵
  PID:3184
- C:\Windows\System\fLAWevV.exe
  C:\Windows\System\fLAWevV.exe
  2⤵
  PID:3208
- C:\Windows\System\CNtDAST.exe
  C:\Windows\System\CNtDAST.exe
  2⤵
  PID:3228
- C:\Windows\System\yXlGmKp.exe
  C:\Windows\System\yXlGmKp.exe
  2⤵
  PID:3244
- C:\Windows\System\RHJyACJ.exe
  C:\Windows\System\RHJyACJ.exe
  2⤵
  PID:3264
- C:\Windows\System\OnRmwxn.exe
  C:\Windows\System\OnRmwxn.exe
  2⤵
  PID:3280
- C:\Windows\System\zScekdK.exe
  C:\Windows\System\zScekdK.exe
  2⤵
  PID:3296
- C:\Windows\System\MistPMp.exe
  C:\Windows\System\MistPMp.exe
  2⤵
  PID:3316
- C:\Windows\System\NCUJgBY.exe
  C:\Windows\System\NCUJgBY.exe
  2⤵
  PID:3348
- C:\Windows\System\TwKUeVD.exe
  C:\Windows\System\TwKUeVD.exe
  2⤵
  PID:3364
- C:\Windows\System\jOEoFml.exe
  C:\Windows\System\jOEoFml.exe
  2⤵
  PID:3388
- C:\Windows\System\bcQWLEe.exe
  C:\Windows\System\bcQWLEe.exe
  2⤵
  PID:3404
- C:\Windows\System\fFIxhpQ.exe
  C:\Windows\System\fFIxhpQ.exe
  2⤵
  PID:3424
- C:\Windows\System\mVSFmQP.exe
  C:\Windows\System\mVSFmQP.exe
  2⤵
  PID:3440
- C:\Windows\System\qhWHYUj.exe
  C:\Windows\System\qhWHYUj.exe
  2⤵
  PID:3468
- C:\Windows\System\NAOegSC.exe
  C:\Windows\System\NAOegSC.exe
  2⤵
  PID:3488
- C:\Windows\System\jfbiCDI.exe
  C:\Windows\System\jfbiCDI.exe
  2⤵
  PID:3508
- C:\Windows\System\nFqGpCu.exe
  C:\Windows\System\nFqGpCu.exe
  2⤵
  PID:3528
- C:\Windows\System\hNvWXbe.exe
  C:\Windows\System\hNvWXbe.exe
  2⤵
  PID:3544
- C:\Windows\System\GocQXbv.exe
  C:\Windows\System\GocQXbv.exe
  2⤵
  PID:3568
- C:\Windows\System\FYnoYbl.exe
  C:\Windows\System\FYnoYbl.exe
  2⤵
  PID:3588
- C:\Windows\System\tAjFQSJ.exe
  C:\Windows\System\tAjFQSJ.exe
  2⤵
  PID:3604
- C:\Windows\System\GBZttdA.exe
  C:\Windows\System\GBZttdA.exe
  2⤵
  PID:3620
- C:\Windows\System\sgQrBfb.exe
  C:\Windows\System\sgQrBfb.exe
  2⤵
  PID:3636
- C:\Windows\System\gUguFIV.exe
  C:\Windows\System\gUguFIV.exe
  2⤵
  PID:3652
- C:\Windows\System\YkFZJKS.exe
  C:\Windows\System\YkFZJKS.exe
  2⤵
  PID:3668
- C:\Windows\System\agryevD.exe
  C:\Windows\System\agryevD.exe
  2⤵
  PID:3684
- C:\Windows\System\tyGhSou.exe
  C:\Windows\System\tyGhSou.exe
  2⤵
  PID:3736
- C:\Windows\System\kZWLnIq.exe
  C:\Windows\System\kZWLnIq.exe
  2⤵
  PID:3756
- C:\Windows\System\JraoSCA.exe
  C:\Windows\System\JraoSCA.exe
  2⤵
  PID:3776
- C:\Windows\System\OfOPSrR.exe
  C:\Windows\System\OfOPSrR.exe
  2⤵
  PID:3796
- C:\Windows\System\NPWFqSM.exe
  C:\Windows\System\NPWFqSM.exe
  2⤵
  PID:3816
- C:\Windows\System\pAyWpAr.exe
  C:\Windows\System\pAyWpAr.exe
  2⤵
  PID:3836
- C:\Windows\System\hXUvoWn.exe
  C:\Windows\System\hXUvoWn.exe
  2⤵
  PID:3856
- C:\Windows\System\oCbBGJp.exe
  C:\Windows\System\oCbBGJp.exe
  2⤵
  PID:3876
- C:\Windows\System\ZsTxBqd.exe
  C:\Windows\System\ZsTxBqd.exe
  2⤵
  PID:3896
- C:\Windows\System\brVCXgX.exe
  C:\Windows\System\brVCXgX.exe
  2⤵
  PID:3916
- C:\Windows\System\IeGctFm.exe
  C:\Windows\System\IeGctFm.exe
  2⤵
  PID:3936
- C:\Windows\System\LmJixtt.exe
  C:\Windows\System\LmJixtt.exe
  2⤵
  PID:3956
- C:\Windows\System\XsXJJeC.exe
  C:\Windows\System\XsXJJeC.exe
  2⤵
  PID:3976
- C:\Windows\System\CQcFjtY.exe
  C:\Windows\System\CQcFjtY.exe
  2⤵
  PID:3996
- C:\Windows\System\YBEfPuc.exe
  C:\Windows\System\YBEfPuc.exe
  2⤵
  PID:4016
- C:\Windows\System\IkNkZwt.exe
  C:\Windows\System\IkNkZwt.exe
  2⤵
  PID:4036
- C:\Windows\System\jDApRkI.exe
  C:\Windows\System\jDApRkI.exe
  2⤵
  PID:4052
- C:\Windows\System\WzGAxyI.exe
  C:\Windows\System\WzGAxyI.exe
  2⤵
  PID:4076
- C:\Windows\System\YOCHyQg.exe
  C:\Windows\System\YOCHyQg.exe
  2⤵
  PID:1908
- C:\Windows\System\LmQpaCf.exe
  C:\Windows\System\LmQpaCf.exe
  2⤵
  PID:2672
- C:\Windows\System\cLXHOhj.exe
  C:\Windows\System\cLXHOhj.exe
  2⤵
  PID:1888
- C:\Windows\System\GVvkLhj.exe
  C:\Windows\System\GVvkLhj.exe
  2⤵
  PID:3096
- C:\Windows\System\DnwaFOM.exe
  C:\Windows\System\DnwaFOM.exe
  2⤵
  PID:3136
- C:\Windows\System\RzhwAva.exe
  C:\Windows\System\RzhwAva.exe
  2⤵
  PID:3076
- C:\Windows\System\XPOUFAC.exe
  C:\Windows\System\XPOUFAC.exe
  2⤵
  PID:3180
- C:\Windows\System\JqJnhTb.exe
  C:\Windows\System\JqJnhTb.exe
  2⤵
  PID:3220
- C:\Windows\System\YGgUTxe.exe
  C:\Windows\System\YGgUTxe.exe
  2⤵
  PID:3120
- C:\Windows\System\WUSvNgo.exe
  C:\Windows\System\WUSvNgo.exe
  2⤵
  PID:3192
- C:\Windows\System\oCokGMU.exe
  C:\Windows\System\oCokGMU.exe
  2⤵
  PID:3204
- C:\Windows\System\wEgbcSc.exe
  C:\Windows\System\wEgbcSc.exe
  2⤵
  PID:3344
- C:\Windows\System\jiCGxzb.exe
  C:\Windows\System\jiCGxzb.exe
  2⤵
  PID:3380
- C:\Windows\System\uCkSdMG.exe
  C:\Windows\System\uCkSdMG.exe
  2⤵
  PID:3272
- C:\Windows\System\PMlOSqe.exe
  C:\Windows\System\PMlOSqe.exe
  2⤵
  PID:3304
- C:\Windows\System\gPaPcHp.exe
  C:\Windows\System\gPaPcHp.exe
  2⤵
  PID:3360
- C:\Windows\System\YTMsHwY.exe
  C:\Windows\System\YTMsHwY.exe
  2⤵
  PID:3476
- C:\Windows\System\ORmbTtx.exe
  C:\Windows\System\ORmbTtx.exe
  2⤵
  PID:3480
- C:\Windows\System\yhupoHW.exe
  C:\Windows\System\yhupoHW.exe
  2⤵
  PID:3556
- C:\Windows\System\lDYRvDH.exe
  C:\Windows\System\lDYRvDH.exe
  2⤵
  PID:3632
- C:\Windows\System\XvhAfNR.exe
  C:\Windows\System\XvhAfNR.exe
  2⤵
  PID:3516
- C:\Windows\System\XSOZamg.exe
  C:\Windows\System\XSOZamg.exe
  2⤵
  PID:3580
- C:\Windows\System\EvTEBHF.exe
  C:\Windows\System\EvTEBHF.exe
  2⤵
  PID:3616
- C:\Windows\System\hewHSIQ.exe
  C:\Windows\System\hewHSIQ.exe
  2⤵
  PID:2628
- C:\Windows\System\yUcSfTx.exe
  C:\Windows\System\yUcSfTx.exe
  2⤵
  PID:3712
- C:\Windows\System\vefCTRc.exe
  C:\Windows\System\vefCTRc.exe
  2⤵
  PID:3752
- C:\Windows\System\TxjeKSC.exe
  C:\Windows\System\TxjeKSC.exe
  2⤵
  PID:3732
- C:\Windows\System\AVESRQZ.exe
  C:\Windows\System\AVESRQZ.exe
  2⤵
  PID:3772
- C:\Windows\System\PhsqWXe.exe
  C:\Windows\System\PhsqWXe.exe
  2⤵
  PID:3828
- C:\Windows\System\IKYLQGc.exe
  C:\Windows\System\IKYLQGc.exe
  2⤵
  PID:3864
- C:\Windows\System\pLWTCPd.exe
  C:\Windows\System\pLWTCPd.exe
  2⤵
  PID:3884
- C:\Windows\System\zsOEnSH.exe
  C:\Windows\System\zsOEnSH.exe
  2⤵
  PID:3912
- C:\Windows\System\IefXwyS.exe
  C:\Windows\System\IefXwyS.exe
  2⤵
  PID:3924
- C:\Windows\System\LeLLvxZ.exe
  C:\Windows\System\LeLLvxZ.exe
  2⤵
  PID:3984
- C:\Windows\System\zbJCCHJ.exe
  C:\Windows\System\zbJCCHJ.exe
  2⤵
  PID:3968
- C:\Windows\System\uJzjdkT.exe
  C:\Windows\System\uJzjdkT.exe
  2⤵
  PID:4012
- C:\Windows\System\xYwIoJw.exe
  C:\Windows\System\xYwIoJw.exe
  2⤵
  PID:4064
- C:\Windows\System\BOVDITV.exe
  C:\Windows\System\BOVDITV.exe
  2⤵
  PID:4084
- C:\Windows\System\BdAJVPR.exe
  C:\Windows\System\BdAJVPR.exe
  2⤵
  PID:4092
- C:\Windows\System\nqACgad.exe
  C:\Windows\System\nqACgad.exe
  2⤵
  PID:3240
- C:\Windows\System\uheXuml.exe
  C:\Windows\System\uheXuml.exe
  2⤵
  PID:3084
- C:\Windows\System\MKhdFeL.exe
  C:\Windows\System\MKhdFeL.exe
  2⤵
  PID:2664
- C:\Windows\System\gcbgWBM.exe
  C:\Windows\System\gcbgWBM.exe
  2⤵
  PID:3288
- C:\Windows\System\PSTwPAG.exe
  C:\Windows\System\PSTwPAG.exe
  2⤵
  PID:3420
- C:\Windows\System\iBGVxKs.exe
  C:\Windows\System\iBGVxKs.exe
  2⤵
  PID:3384
- C:\Windows\System\zuGWceF.exe
  C:\Windows\System\zuGWceF.exe
  2⤵
  PID:3464
- C:\Windows\System\NslsvJi.exe
  C:\Windows\System\NslsvJi.exe
  2⤵
  PID:2420
- C:\Windows\System\ZVAmqYd.exe
  C:\Windows\System\ZVAmqYd.exe
  2⤵
  PID:3552
- C:\Windows\System\uptonXc.exe
  C:\Windows\System\uptonXc.exe
  2⤵
  PID:3540
- C:\Windows\System\agtFIGt.exe
  C:\Windows\System\agtFIGt.exe
  2⤵
  PID:3536
- C:\Windows\System\HWIfBCz.exe
  C:\Windows\System\HWIfBCz.exe
  2⤵
  PID:3648
- C:\Windows\System\MQELPJC.exe
  C:\Windows\System\MQELPJC.exe
  2⤵
  PID:2140
- C:\Windows\System\HiZoHzo.exe
  C:\Windows\System\HiZoHzo.exe
  2⤵
  PID:3812
- C:\Windows\System\YmRrkyg.exe
  C:\Windows\System\YmRrkyg.exe
  2⤵
  PID:3948
- C:\Windows\System\GwCWAgQ.exe
  C:\Windows\System\GwCWAgQ.exe
  2⤵
  PID:4028
- C:\Windows\System\dlpKcic.exe
  C:\Windows\System\dlpKcic.exe
  2⤵
  PID:4088
- C:\Windows\System\IVFVDdA.exe
  C:\Windows\System\IVFVDdA.exe
  2⤵
  PID:2840
- C:\Windows\System\ZUcBytv.exe
  C:\Windows\System\ZUcBytv.exe
  2⤵
  PID:3972
- C:\Windows\System\mIAPhaW.exe
  C:\Windows\System\mIAPhaW.exe
  2⤵
  PID:1700
- C:\Windows\System\nTUSBFn.exe
  C:\Windows\System\nTUSBFn.exe
  2⤵
  PID:3888
- C:\Windows\System\cLNCYeH.exe
  C:\Windows\System\cLNCYeH.exe
  2⤵
  PID:3824
- C:\Windows\System\GqMSRek.exe
  C:\Windows\System\GqMSRek.exe
  2⤵
  PID:1248
- C:\Windows\System\CTKkaFT.exe
  C:\Windows\System\CTKkaFT.exe
  2⤵
  PID:2784
- C:\Windows\System\afmNsMq.exe
  C:\Windows\System\afmNsMq.exe
  2⤵
  PID:3336
- C:\Windows\System\STwIYyB.exe
  C:\Windows\System\STwIYyB.exe
  2⤵
  PID:3356
- C:\Windows\System\gIPnbhk.exe
  C:\Windows\System\gIPnbhk.exe
  2⤵
  PID:3456
- C:\Windows\System\MICecOk.exe
  C:\Windows\System\MICecOk.exe
  2⤵
  PID:3432
- C:\Windows\System\uEWjzMn.exe
  C:\Windows\System\uEWjzMn.exe
  2⤵
  PID:3952
- C:\Windows\System\KVXEjZD.exe
  C:\Windows\System\KVXEjZD.exe
  2⤵
  PID:3784
- C:\Windows\System\YgIqlTH.exe
  C:\Windows\System\YgIqlTH.exe
  2⤵
  PID:3176
- C:\Windows\System\BDPYSEW.exe
  C:\Windows\System\BDPYSEW.exe
  2⤵
  PID:3988
- C:\Windows\System\ljCsUuQ.exe
  C:\Windows\System\ljCsUuQ.exe
  2⤵
  PID:3340
- C:\Windows\System\qAbknXB.exe
  C:\Windows\System\qAbknXB.exe
  2⤵
  PID:3116
- C:\Windows\System\VguWNpB.exe
  C:\Windows\System\VguWNpB.exe
  2⤵
  PID:3016
- C:\Windows\System\QaxmjcA.exe
  C:\Windows\System\QaxmjcA.exe
  2⤵
  PID:3520
- C:\Windows\System\eZEVKzH.exe
  C:\Windows\System\eZEVKzH.exe
  2⤵
  PID:696
- C:\Windows\System\pAlqSlZ.exe
  C:\Windows\System\pAlqSlZ.exe
  2⤵
  PID:3068
- C:\Windows\System\YhertGQ.exe
  C:\Windows\System\YhertGQ.exe
  2⤵
  PID:3844
- C:\Windows\System\zYMvVWa.exe
  C:\Windows\System\zYMvVWa.exe
  2⤵
  PID:2732
- C:\Windows\System\xkZoVVg.exe
  C:\Windows\System\xkZoVVg.exe
  2⤵
  PID:4044
- C:\Windows\System\rdkxEVb.exe
  C:\Windows\System\rdkxEVb.exe
  2⤵
  PID:3048
- C:\Windows\System\VHsuqiN.exe
  C:\Windows\System\VHsuqiN.exe
  2⤵
  PID:2036
- C:\Windows\System\qmAvCLO.exe
  C:\Windows\System\qmAvCLO.exe
  2⤵
  PID:2660
- C:\Windows\System\tNZYzHe.exe
  C:\Windows\System\tNZYzHe.exe
  2⤵
  PID:3416
- C:\Windows\System\bVCIdWs.exe
  C:\Windows\System\bVCIdWs.exe
  2⤵
  PID:1856
- C:\Windows\System\iJFjQXV.exe
  C:\Windows\System\iJFjQXV.exe
  2⤵
  PID:3140
- C:\Windows\System\zCQdvFK.exe
  C:\Windows\System\zCQdvFK.exe
  2⤵
  PID:2364
- C:\Windows\System\cDMTlhS.exe
  C:\Windows\System\cDMTlhS.exe
  2⤵
  PID:2476
- C:\Windows\System\LZtSzds.exe
  C:\Windows\System\LZtSzds.exe
  2⤵
  PID:2408
- C:\Windows\System\rHyXbgY.exe
  C:\Windows\System\rHyXbgY.exe
  2⤵
  PID:3484
- C:\Windows\System\qdCtDDV.exe
  C:\Windows\System\qdCtDDV.exe
  2⤵
  PID:1684
- C:\Windows\System\EgSgysK.exe
  C:\Windows\System\EgSgysK.exe
  2⤵
  PID:1608
- C:\Windows\System\KobSFRQ.exe
  C:\Windows\System\KobSFRQ.exe
  2⤵
  PID:2168
- C:\Windows\System\SmePyGz.exe
  C:\Windows\System\SmePyGz.exe
  2⤵
  PID:2468
- C:\Windows\System\hJjdVzw.exe
  C:\Windows\System\hJjdVzw.exe
  2⤵
  PID:4104
- C:\Windows\System\rczajSo.exe
  C:\Windows\System\rczajSo.exe
  2⤵
  PID:4140
- C:\Windows\System\wbqQyYp.exe
  C:\Windows\System\wbqQyYp.exe
  2⤵
  PID:4164
- C:\Windows\System\XpQyIpt.exe
  C:\Windows\System\XpQyIpt.exe
  2⤵
  PID:4188
- C:\Windows\System\xmslaYj.exe
  C:\Windows\System\xmslaYj.exe
  2⤵
  PID:4204
- C:\Windows\System\jmxICqr.exe
  C:\Windows\System\jmxICqr.exe
  2⤵
  PID:4228
- C:\Windows\System\fofBdHk.exe
  C:\Windows\System\fofBdHk.exe
  2⤵
  PID:4272
- C:\Windows\System\ivSltPd.exe
  C:\Windows\System\ivSltPd.exe
  2⤵
  PID:4292
- C:\Windows\System\PlPdOYA.exe
  C:\Windows\System\PlPdOYA.exe
  2⤵
  PID:4308
- C:\Windows\System\UlhOalc.exe
  C:\Windows\System\UlhOalc.exe
  2⤵
  PID:4324
- C:\Windows\System\JRpsnXc.exe
  C:\Windows\System\JRpsnXc.exe
  2⤵
  PID:4344
- C:\Windows\System\tmtsQed.exe
  C:\Windows\System\tmtsQed.exe
  2⤵
  PID:4360
- C:\Windows\System\sVWGZlw.exe
  C:\Windows\System\sVWGZlw.exe
  2⤵
  PID:4380
- C:\Windows\System\oXYzVCM.exe
  C:\Windows\System\oXYzVCM.exe
  2⤵
  PID:4396
- C:\Windows\System\kLPGvyJ.exe
  C:\Windows\System\kLPGvyJ.exe
  2⤵
  PID:4420
- C:\Windows\System\tcDyPjc.exe
  C:\Windows\System\tcDyPjc.exe
  2⤵
  PID:4440
- C:\Windows\System\qSePYnK.exe
  C:\Windows\System\qSePYnK.exe
  2⤵
  PID:4456
- C:\Windows\System\auaEAYL.exe
  C:\Windows\System\auaEAYL.exe
  2⤵
  PID:4480
- C:\Windows\System\MbCpIUa.exe
  C:\Windows\System\MbCpIUa.exe
  2⤵
  PID:4500
- C:\Windows\System\peBNdct.exe
  C:\Windows\System\peBNdct.exe
  2⤵
  PID:4536
- C:\Windows\System\EGeIyFd.exe
  C:\Windows\System\EGeIyFd.exe
  2⤵
  PID:4552
- C:\Windows\System\IXZwVfh.exe
  C:\Windows\System\IXZwVfh.exe
  2⤵
  PID:4568
- C:\Windows\System\IanzVks.exe
  C:\Windows\System\IanzVks.exe
  2⤵
  PID:4584
- C:\Windows\System\aBhOuHk.exe
  C:\Windows\System\aBhOuHk.exe
  2⤵
  PID:4600
- C:\Windows\System\XjNAaWX.exe
  C:\Windows\System\XjNAaWX.exe
  2⤵
  PID:4616
- C:\Windows\System\LwldeLW.exe
  C:\Windows\System\LwldeLW.exe
  2⤵
  PID:4632
- C:\Windows\System\zzGXcWg.exe
  C:\Windows\System\zzGXcWg.exe
  2⤵
  PID:4648
- C:\Windows\System\mfkeJUl.exe
  C:\Windows\System\mfkeJUl.exe
  2⤵
  PID:4664
- C:\Windows\System\BEpTTlp.exe
  C:\Windows\System\BEpTTlp.exe
  2⤵
  PID:4680
- C:\Windows\System\SpsDeBz.exe
  C:\Windows\System\SpsDeBz.exe
  2⤵
  PID:4696
- C:\Windows\System\HWqHYJY.exe
  C:\Windows\System\HWqHYJY.exe
  2⤵
  PID:4760
- C:\Windows\System\lzKINeQ.exe
  C:\Windows\System\lzKINeQ.exe
  2⤵
  PID:4784
- C:\Windows\System\GPysvPX.exe
  C:\Windows\System\GPysvPX.exe
  2⤵
  PID:4800
- C:\Windows\System\SPmIQdr.exe
  C:\Windows\System\SPmIQdr.exe
  2⤵
  PID:4820
- C:\Windows\System\kXtmClO.exe
  C:\Windows\System\kXtmClO.exe
  2⤵
  PID:4840
- C:\Windows\System\wkrmdCk.exe
  C:\Windows\System\wkrmdCk.exe
  2⤵
  PID:4856
- C:\Windows\System\ziGHvVz.exe
  C:\Windows\System\ziGHvVz.exe
  2⤵
  PID:4872
- C:\Windows\System\cPcyfZj.exe
  C:\Windows\System\cPcyfZj.exe
  2⤵
  PID:4888
- C:\Windows\System\WLNXzzI.exe
  C:\Windows\System\WLNXzzI.exe
  2⤵
  PID:4904
- C:\Windows\System\EkaDVkt.exe
  C:\Windows\System\EkaDVkt.exe
  2⤵
  PID:4920
- C:\Windows\System\WnblXOo.exe
  C:\Windows\System\WnblXOo.exe
  2⤵
  PID:4936
- C:\Windows\System\toAPpnF.exe
  C:\Windows\System\toAPpnF.exe
  2⤵
  PID:4952
- C:\Windows\System\WmkkGuK.exe
  C:\Windows\System\WmkkGuK.exe
  2⤵
  PID:4972
- C:\Windows\System\BOiXmYs.exe
  C:\Windows\System\BOiXmYs.exe
  2⤵
  PID:5004
- C:\Windows\System\wsfiTyf.exe
  C:\Windows\System\wsfiTyf.exe
  2⤵
  PID:5020
- C:\Windows\System\yCXosJD.exe
  C:\Windows\System\yCXosJD.exe
  2⤵
  PID:5036
- C:\Windows\System\zqgJZRt.exe
  C:\Windows\System\zqgJZRt.exe
  2⤵
  PID:5052
- C:\Windows\System\mYzVtmX.exe
  C:\Windows\System\mYzVtmX.exe
  2⤵
  PID:5068
- C:\Windows\System\dDZpsyX.exe
  C:\Windows\System\dDZpsyX.exe
  2⤵
  PID:5096
- C:\Windows\System\GlumnSe.exe
  C:\Windows\System\GlumnSe.exe
  2⤵
  PID:5112
- C:\Windows\System\MfHplYL.exe
  C:\Windows\System\MfHplYL.exe
  2⤵
  PID:3372
- C:\Windows\System\MpWLMmQ.exe
  C:\Windows\System\MpWLMmQ.exe
  2⤵
  PID:4116
- C:\Windows\System\RRHDhmN.exe
  C:\Windows\System\RRHDhmN.exe
  2⤵
  PID:4136
- C:\Windows\System\KRljWvO.exe
  C:\Windows\System\KRljWvO.exe
  2⤵
  PID:4212
- C:\Windows\System\ekgetCt.exe
  C:\Windows\System\ekgetCt.exe
  2⤵
  PID:2608
- C:\Windows\System\GEeOSSw.exe
  C:\Windows\System\GEeOSSw.exe
  2⤵
  PID:1964
- C:\Windows\System\kFIbFQs.exe
  C:\Windows\System\kFIbFQs.exe
  2⤵
  PID:4160
- C:\Windows\System\IUxsWeu.exe
  C:\Windows\System\IUxsWeu.exe
  2⤵
  PID:4264
- C:\Windows\System\mkZRitT.exe
  C:\Windows\System\mkZRitT.exe
  2⤵
  PID:4280
- C:\Windows\System\OJynZrC.exe
  C:\Windows\System\OJynZrC.exe
  2⤵
  PID:4336
- C:\Windows\System\pOSWanz.exe
  C:\Windows\System\pOSWanz.exe
  2⤵
  PID:4404
- C:\Windows\System\qZuRfBR.exe
  C:\Windows\System\qZuRfBR.exe
  2⤵
  PID:4316
- C:\Windows\System\VTWwJdB.exe
  C:\Windows\System\VTWwJdB.exe
  2⤵
  PID:4392
- C:\Windows\System\jtQfUQP.exe
  C:\Windows\System\jtQfUQP.exe
  2⤵
  PID:4472
- C:\Windows\System\KyTSgLM.exe
  C:\Windows\System\KyTSgLM.exe
  2⤵
  PID:4520
- C:\Windows\System\HZeqAVQ.exe
  C:\Windows\System\HZeqAVQ.exe
  2⤵
  PID:1632
- C:\Windows\System\unJKwwp.exe
  C:\Windows\System\unJKwwp.exe
  2⤵
  PID:4592
- C:\Windows\System\bxunvdc.exe
  C:\Windows\System\bxunvdc.exe
  2⤵
  PID:4660
- C:\Windows\System\KvYNMbr.exe
  C:\Windows\System\KvYNMbr.exe
  2⤵
  PID:4492
- C:\Windows\System\JDKVAZX.exe
  C:\Windows\System\JDKVAZX.exe
  2⤵
  PID:4548
- C:\Windows\System\cRKDXoj.exe
  C:\Windows\System\cRKDXoj.exe
  2⤵
  PID:4672
- C:\Windows\System\tCZaOxF.exe
  C:\Windows\System\tCZaOxF.exe
  2⤵
  PID:4716
- C:\Windows\System\mEMyHOE.exe
  C:\Windows\System\mEMyHOE.exe
  2⤵
  PID:4732
- C:\Windows\System\qAjkBmi.exe
  C:\Windows\System\qAjkBmi.exe
  2⤵
  PID:4708
- C:\Windows\System\ZMyWANN.exe
  C:\Windows\System\ZMyWANN.exe
  2⤵
  PID:2828
- C:\Windows\System\rKaEAhZ.exe
  C:\Windows\System\rKaEAhZ.exe
  2⤵
  PID:4792
- C:\Windows\System\rzirdue.exe
  C:\Windows\System\rzirdue.exe
  2⤵
  PID:4880
- C:\Windows\System\CLhRPMe.exe
  C:\Windows\System\CLhRPMe.exe
  2⤵
  PID:4944
- C:\Windows\System\aeIWHMA.exe
  C:\Windows\System\aeIWHMA.exe
  2⤵
  PID:4988
- C:\Windows\System\UwjSohP.exe
  C:\Windows\System\UwjSohP.exe
  2⤵
  PID:4828
- C:\Windows\System\ErzfpOj.exe
  C:\Windows\System\ErzfpOj.exe
  2⤵
  PID:5064
- C:\Windows\System\OtFjWPs.exe
  C:\Windows\System\OtFjWPs.exe
  2⤵
  PID:4964
- C:\Windows\System\IkGWRzo.exe
  C:\Windows\System\IkGWRzo.exe
  2⤵
  PID:4868
- C:\Windows\System\gVBUDCS.exe
  C:\Windows\System\gVBUDCS.exe
  2⤵
  PID:5084
- C:\Windows\System\pbaHAcN.exe
  C:\Windows\System\pbaHAcN.exe
  2⤵
  PID:5104
- C:\Windows\System\mJUlHvU.exe
  C:\Windows\System\mJUlHvU.exe
  2⤵
  PID:4112
- C:\Windows\System\RDqcbIm.exe
  C:\Windows\System\RDqcbIm.exe
  2⤵
  PID:4128
- C:\Windows\System\FHkoUWM.exe
  C:\Windows\System\FHkoUWM.exe
  2⤵
  PID:1732
- C:\Windows\System\PoWNfKP.exe
  C:\Windows\System\PoWNfKP.exe
  2⤵
  PID:4196
- C:\Windows\System\kMmhiLg.exe
  C:\Windows\System\kMmhiLg.exe
  2⤵
  PID:4240
- C:\Windows\System\uApNMlj.exe
  C:\Windows\System\uApNMlj.exe
  2⤵
  PID:2768
- C:\Windows\System\HEcteVt.exe
  C:\Windows\System\HEcteVt.exe
  2⤵
  PID:2204
- C:\Windows\System\DlDGDji.exe
  C:\Windows\System\DlDGDji.exe
  2⤵
  PID:4464
- C:\Windows\System\nGqBSjn.exe
  C:\Windows\System\nGqBSjn.exe
  2⤵
  PID:4624
- C:\Windows\System\ROwacXk.exe
  C:\Windows\System\ROwacXk.exe
  2⤵
  PID:4544
- C:\Windows\System\eLnGluE.exe
  C:\Windows\System\eLnGluE.exe
  2⤵
  PID:4488
- C:\Windows\System\gdVbIrn.exe
  C:\Windows\System\gdVbIrn.exe
  2⤵
  PID:4376
- C:\Windows\System\lNLljur.exe
  C:\Windows\System\lNLljur.exe
  2⤵
  PID:3060
- C:\Windows\System\AfdEsdQ.exe
  C:\Windows\System\AfdEsdQ.exe
  2⤵
  PID:4512
- C:\Windows\System\AQXkUPe.exe
  C:\Windows\System\AQXkUPe.exe
  2⤵
  PID:3044
- C:\Windows\System\qKrqPQE.exe
  C:\Windows\System\qKrqPQE.exe
  2⤵
  PID:4644
- C:\Windows\System\XBYlSqo.exe
  C:\Windows\System\XBYlSqo.exe
  2⤵
  PID:1040
- C:\Windows\System\NXRZwPh.exe
  C:\Windows\System\NXRZwPh.exe
  2⤵
  PID:2700
- C:\Windows\System\hDPVaCc.exe
  C:\Windows\System\hDPVaCc.exe
  2⤵
  PID:4932
- C:\Windows\System\wVylIpG.exe
  C:\Windows\System\wVylIpG.exe
  2⤵
  PID:4852
- C:\Windows\System\wCeoboQ.exe
  C:\Windows\System\wCeoboQ.exe
  2⤵
  PID:4776
- C:\Windows\System\HLgIUPn.exe
  C:\Windows\System\HLgIUPn.exe
  2⤵
  PID:4180
- C:\Windows\System\LBIXdLF.exe
  C:\Windows\System\LBIXdLF.exe
  2⤵
  PID:4816
- C:\Windows\System\DbtfQgB.exe
  C:\Windows\System\DbtfQgB.exe
  2⤵
  PID:3964
- C:\Windows\System\jaxPCcY.exe
  C:\Windows\System\jaxPCcY.exe
  2⤵
  PID:3560
- C:\Windows\System\VWYJNdX.exe
  C:\Windows\System\VWYJNdX.exe
  2⤵
  PID:4408
- C:\Windows\System\jXSLleP.exe
  C:\Windows\System\jXSLleP.exe
  2⤵
  PID:3708
- C:\Windows\System\gVZOusM.exe
  C:\Windows\System\gVZOusM.exe
  2⤵
  PID:4528
- C:\Windows\System\esjbqDG.exe
  C:\Windows\System\esjbqDG.exe
  2⤵
  PID:4356
- C:\Windows\System\XLYaBHb.exe
  C:\Windows\System\XLYaBHb.exe
  2⤵
  PID:4772
- C:\Windows\System\LFIbTMF.exe
  C:\Windows\System\LFIbTMF.exe
  2⤵
  PID:4836
- C:\Windows\System\QoaVGTb.exe
  C:\Windows\System\QoaVGTb.exe
  2⤵
  PID:4656
- C:\Windows\System\UtQjeFF.exe
  C:\Windows\System\UtQjeFF.exe
  2⤵
  PID:5012
- C:\Windows\System\ZwDmzWZ.exe
  C:\Windows\System\ZwDmzWZ.exe
  2⤵
  PID:5048
- C:\Windows\System\cejlzxy.exe
  C:\Windows\System\cejlzxy.exe
  2⤵
  PID:4756
- C:\Windows\System\eSusCoW.exe
  C:\Windows\System\eSusCoW.exe
  2⤵
  PID:4896
- C:\Windows\System\LXywJSk.exe
  C:\Windows\System\LXywJSk.exe
  2⤵
  PID:2820
- C:\Windows\System\TvQhMiL.exe
  C:\Windows\System\TvQhMiL.exe
  2⤵
  PID:4148
- C:\Windows\System\twqpMwY.exe
  C:\Windows\System\twqpMwY.exe
  2⤵
  PID:3584
- C:\Windows\System\DYCqSTP.exe
  C:\Windows\System\DYCqSTP.exe
  2⤵
  PID:4284
- C:\Windows\System\NOSTYzT.exe
  C:\Windows\System\NOSTYzT.exe
  2⤵
  PID:4508
- C:\Windows\System\wwucqBx.exe
  C:\Windows\System\wwucqBx.exe
  2⤵
  PID:4912
- C:\Windows\System\MHHTZXs.exe
  C:\Windows\System\MHHTZXs.exe
  2⤵
  PID:4744
- C:\Windows\System\duiPKBI.exe
  C:\Windows\System\duiPKBI.exe
  2⤵
  PID:3256
- C:\Windows\System\OrlEfMH.exe
  C:\Windows\System\OrlEfMH.exe
  2⤵
  PID:4900
- C:\Windows\System\hXtLBQJ.exe
  C:\Windows\System\hXtLBQJ.exe
  2⤵
  PID:2584
- C:\Windows\System\OStKzfO.exe
  C:\Windows\System\OStKzfO.exe
  2⤵
  PID:4916
- C:\Windows\System\blxnAmm.exe
  C:\Windows\System\blxnAmm.exe
  2⤵
  PID:1820
- C:\Windows\System\JWVDBdN.exe
  C:\Windows\System\JWVDBdN.exe
  2⤵
  PID:4516
- C:\Windows\System\JrmYkox.exe
  C:\Windows\System\JrmYkox.exe
  2⤵
  PID:4768
- C:\Windows\System\BZPwOkq.exe
  C:\Windows\System\BZPwOkq.exe
  2⤵
  PID:4640
- C:\Windows\System\PKkHjiU.exe
  C:\Windows\System\PKkHjiU.exe
  2⤵
  PID:4436
- C:\Windows\System\GVBAqKK.exe
  C:\Windows\System\GVBAqKK.exe
  2⤵
  PID:4608
- C:\Windows\System\fOBoAkS.exe
  C:\Windows\System\fOBoAkS.exe
  2⤵
  PID:4200
- C:\Windows\System\HbgLeXM.exe
  C:\Windows\System\HbgLeXM.exe
  2⤵
  PID:5124
- C:\Windows\System\vufOnpT.exe
  C:\Windows\System\vufOnpT.exe
  2⤵
  PID:5140
- C:\Windows\System\CHwoksN.exe
  C:\Windows\System\CHwoksN.exe
  2⤵
  PID:5164
- C:\Windows\System\AOGwMaa.exe
  C:\Windows\System\AOGwMaa.exe
  2⤵
  PID:5188
- C:\Windows\System\SARiaJz.exe
  C:\Windows\System\SARiaJz.exe
  2⤵
  PID:5204
- C:\Windows\System\cSyKBnF.exe
  C:\Windows\System\cSyKBnF.exe
  2⤵
  PID:5220
- C:\Windows\System\CgYNLVH.exe
  C:\Windows\System\CgYNLVH.exe
  2⤵
  PID:5236
- C:\Windows\System\WoBihvG.exe
  C:\Windows\System\WoBihvG.exe
  2⤵
  PID:5252
- C:\Windows\System\GlWpDqj.exe
  C:\Windows\System\GlWpDqj.exe
  2⤵
  PID:5268
- C:\Windows\System\ytlgTZv.exe
  C:\Windows\System\ytlgTZv.exe
  2⤵
  PID:5284
- C:\Windows\System\lSmXgrx.exe
  C:\Windows\System\lSmXgrx.exe
  2⤵
  PID:5300
- C:\Windows\System\SOdUoLz.exe
  C:\Windows\System\SOdUoLz.exe
  2⤵
  PID:5316
- C:\Windows\System\FEWXNnC.exe
  C:\Windows\System\FEWXNnC.exe
  2⤵
  PID:5332
- C:\Windows\System\AhlnhuU.exe
  C:\Windows\System\AhlnhuU.exe
  2⤵
  PID:5348
- C:\Windows\System\IFkMECI.exe
  C:\Windows\System\IFkMECI.exe
  2⤵
  PID:5372
- C:\Windows\System\QErrFQo.exe
  C:\Windows\System\QErrFQo.exe
  2⤵
  PID:5388
- C:\Windows\System\kFpSQyD.exe
  C:\Windows\System\kFpSQyD.exe
  2⤵
  PID:5404
- C:\Windows\System\xYKeYrC.exe
  C:\Windows\System\xYKeYrC.exe
  2⤵
  PID:5448
- C:\Windows\System\tGCjziE.exe
  C:\Windows\System\tGCjziE.exe
  2⤵
  PID:5488
- C:\Windows\System\YUeTXkr.exe
  C:\Windows\System\YUeTXkr.exe
  2⤵
  PID:5508
- C:\Windows\System\VXaEVMx.exe
  C:\Windows\System\VXaEVMx.exe
  2⤵
  PID:5524
- C:\Windows\System\IznTLXA.exe
  C:\Windows\System\IznTLXA.exe
  2⤵
  PID:5540
- C:\Windows\System\QfAkXmN.exe
  C:\Windows\System\QfAkXmN.exe
  2⤵
  PID:5560
- C:\Windows\System\SSDlRif.exe
  C:\Windows\System\SSDlRif.exe
  2⤵
  PID:5576
- C:\Windows\System\jhgFZkX.exe
  C:\Windows\System\jhgFZkX.exe
  2⤵
  PID:5604
- C:\Windows\System\FasghGp.exe
  C:\Windows\System\FasghGp.exe
  2⤵
  PID:5628
- C:\Windows\System\geydJpt.exe
  C:\Windows\System\geydJpt.exe
  2⤵
  PID:5644
- C:\Windows\System\nzlpbXD.exe
  C:\Windows\System\nzlpbXD.exe
  2⤵
  PID:5660
- C:\Windows\System\ApyvGyH.exe
  C:\Windows\System\ApyvGyH.exe
  2⤵
  PID:5688
- C:\Windows\System\nDHecpU.exe
  C:\Windows\System\nDHecpU.exe
  2⤵
  PID:5712
- C:\Windows\System\myoPjcO.exe
  C:\Windows\System\myoPjcO.exe
  2⤵
  PID:5740
- C:\Windows\System\ObHAXkY.exe
  C:\Windows\System\ObHAXkY.exe
  2⤵
  PID:5756
- C:\Windows\System\KJCgGVN.exe
  C:\Windows\System\KJCgGVN.exe
  2⤵
  PID:5776
- C:\Windows\System\CmsziQJ.exe
  C:\Windows\System\CmsziQJ.exe
  2⤵
  PID:5796
- C:\Windows\System\SlZBrQZ.exe
  C:\Windows\System\SlZBrQZ.exe
  2⤵
  PID:5824
- C:\Windows\System\GywQjop.exe
  C:\Windows\System\GywQjop.exe
  2⤵
  PID:5840
- C:\Windows\System\FQYNgsX.exe
  C:\Windows\System\FQYNgsX.exe
  2⤵
  PID:5856
- C:\Windows\System\BHbcQbC.exe
  C:\Windows\System\BHbcQbC.exe
  2⤵
  PID:5872
- C:\Windows\System\KsQKkmt.exe
  C:\Windows\System\KsQKkmt.exe
  2⤵
  PID:5888
- C:\Windows\System\HfsHhEk.exe
  C:\Windows\System\HfsHhEk.exe
  2⤵
  PID:5904
- C:\Windows\System\ZxsxjaF.exe
  C:\Windows\System\ZxsxjaF.exe
  2⤵
  PID:5920
- C:\Windows\System\TNfgcoq.exe
  C:\Windows\System\TNfgcoq.exe
  2⤵
  PID:5936
- C:\Windows\System\YAZmsIG.exe
  C:\Windows\System\YAZmsIG.exe
  2⤵
  PID:5980
- C:\Windows\System\nFqBmlD.exe
  C:\Windows\System\nFqBmlD.exe
  2⤵
  PID:5996
- C:\Windows\System\wvVccuW.exe
  C:\Windows\System\wvVccuW.exe
  2⤵
  PID:6020
- C:\Windows\System\aHzOPhN.exe
  C:\Windows\System\aHzOPhN.exe
  2⤵
  PID:6036
- C:\Windows\System\tvMaBcu.exe
  C:\Windows\System\tvMaBcu.exe
  2⤵
  PID:6052
- C:\Windows\System\FYyWWMg.exe
  C:\Windows\System\FYyWWMg.exe
  2⤵
  PID:6072
- C:\Windows\System\zgzxZVf.exe
  C:\Windows\System\zgzxZVf.exe
  2⤵
  PID:6092
- C:\Windows\System\VjDfoBO.exe
  C:\Windows\System\VjDfoBO.exe
  2⤵
  PID:6112
- C:\Windows\System\ryrFMHH.exe
  C:\Windows\System\ryrFMHH.exe
  2⤵
  PID:3524
- C:\Windows\System\iCLHewP.exe
  C:\Windows\System\iCLHewP.exe
  2⤵
  PID:4752
- C:\Windows\System\IQijXrl.exe
  C:\Windows\System\IQijXrl.exe
  2⤵
  PID:5136
- C:\Windows\System\lFaNAxN.exe
  C:\Windows\System\lFaNAxN.exe
  2⤵
  PID:4248
- C:\Windows\System\dWFxkVE.exe
  C:\Windows\System\dWFxkVE.exe
  2⤵
  PID:5148
- C:\Windows\System\VpNlquC.exe
  C:\Windows\System\VpNlquC.exe
  2⤵
  PID:5196
- C:\Windows\System\dwVnpRH.exe
  C:\Windows\System\dwVnpRH.exe
  2⤵
  PID:5292
- C:\Windows\System\cIOsMLs.exe
  C:\Windows\System\cIOsMLs.exe
  2⤵
  PID:5364
- C:\Windows\System\ngrUKGu.exe
  C:\Windows\System\ngrUKGu.exe
  2⤵
  PID:5344
- C:\Windows\System\NPbPJkN.exe
  C:\Windows\System\NPbPJkN.exe
  2⤵
  PID:5436
- C:\Windows\System\zuDuewQ.exe
  C:\Windows\System\zuDuewQ.exe
  2⤵
  PID:5184
- C:\Windows\System\hALHbeh.exe
  C:\Windows\System\hALHbeh.exe
  2⤵
  PID:5244
- C:\Windows\System\nogqtex.exe
  C:\Windows\System\nogqtex.exe
  2⤵
  PID:5280
- C:\Windows\System\vQXqoMg.exe
  C:\Windows\System\vQXqoMg.exe
  2⤵
  PID:5312
- C:\Windows\System\oNCTVAF.exe
  C:\Windows\System\oNCTVAF.exe
  2⤵
  PID:5484
- C:\Windows\System\ZbcLGjj.exe
  C:\Windows\System\ZbcLGjj.exe
  2⤵
  PID:5496
- C:\Windows\System\UGxnxMB.exe
  C:\Windows\System\UGxnxMB.exe
  2⤵
  PID:5552
- C:\Windows\System\tPJMuKX.exe
  C:\Windows\System\tPJMuKX.exe
  2⤵
  PID:5596
- C:\Windows\System\xveWPRT.exe
  C:\Windows\System\xveWPRT.exe
  2⤵
  PID:5668
- C:\Windows\System\OVgKMcX.exe
  C:\Windows\System\OVgKMcX.exe
  2⤵
  PID:5616
- C:\Windows\System\WEcFFaq.exe
  C:\Windows\System\WEcFFaq.exe
  2⤵
  PID:5656
- C:\Windows\System\BzOjxoV.exe
  C:\Windows\System\BzOjxoV.exe
  2⤵
  PID:5748
- C:\Windows\System\guErUlK.exe
  C:\Windows\System\guErUlK.exe
  2⤵
  PID:5736
- C:\Windows\System\OpufRVc.exe
  C:\Windows\System\OpufRVc.exe
  2⤵
  PID:5816
- C:\Windows\System\aWLpglO.exe
  C:\Windows\System\aWLpglO.exe
  2⤵
  PID:5832
- C:\Windows\System\yBcRmSX.exe
  C:\Windows\System\yBcRmSX.exe
  2⤵
  PID:5884
- C:\Windows\System\Iteahkj.exe
  C:\Windows\System\Iteahkj.exe
  2⤵
  PID:5932
- C:\Windows\System\DlHRCod.exe
  C:\Windows\System\DlHRCod.exe
  2⤵
  PID:5868
- C:\Windows\System\pguVbIG.exe
  C:\Windows\System\pguVbIG.exe
  2⤵
  PID:5960
- C:\Windows\System\fvYpZpx.exe
  C:\Windows\System\fvYpZpx.exe
  2⤵
  PID:5972
- C:\Windows\System\EAKBwjY.exe
  C:\Windows\System\EAKBwjY.exe
  2⤵
  PID:5992
- C:\Windows\System\PQpxjPI.exe
  C:\Windows\System\PQpxjPI.exe
  2⤵
  PID:6088
- C:\Windows\System\duFZDaS.exe
  C:\Windows\System\duFZDaS.exe
  2⤵
  PID:6068
- C:\Windows\System\iSVLbcg.exe
  C:\Windows\System\iSVLbcg.exe
  2⤵
  PID:6104
- C:\Windows\System\hNwqPaP.exe
  C:\Windows\System\hNwqPaP.exe
  2⤵
  PID:4432
- C:\Windows\System\FonmXZV.exe
  C:\Windows\System\FonmXZV.exe
  2⤵
  PID:4260
- C:\Windows\System\jTOqslC.exe
  C:\Windows\System\jTOqslC.exe
  2⤵
  PID:5396
- C:\Windows\System\aYUPVly.exe
  C:\Windows\System\aYUPVly.exe
  2⤵
  PID:1796
- C:\Windows\System\iQCvIzP.exe
  C:\Windows\System\iQCvIzP.exe
  2⤵
  PID:5432
- C:\Windows\System\jARfVco.exe
  C:\Windows\System\jARfVco.exe
  2⤵
  PID:5328
- C:\Windows\System\CKohPdT.exe
  C:\Windows\System\CKohPdT.exe
  2⤵
  PID:5464
- C:\Windows\System\NpqvPqB.exe
  C:\Windows\System\NpqvPqB.exe
  2⤵
  PID:5548
- C:\Windows\System\hasJSuL.exe
  C:\Windows\System\hasJSuL.exe
  2⤵
  PID:5588
- C:\Windows\System\NEfTYGM.exe
  C:\Windows\System\NEfTYGM.exe
  2⤵
  PID:5532
- C:\Windows\System\MHgFsLC.exe
  C:\Windows\System\MHgFsLC.exe
  2⤵
  PID:5468
- C:\Windows\System\OGRkVzq.exe
  C:\Windows\System\OGRkVzq.exe
  2⤵
  PID:5768
- C:\Windows\System\gBgwYiQ.exe
  C:\Windows\System\gBgwYiQ.exe
  2⤵
  PID:5792
- C:\Windows\System\AvDFeME.exe
  C:\Windows\System\AvDFeME.exe
  2⤵
  PID:5680
- C:\Windows\System\CQMsbxL.exe
  C:\Windows\System\CQMsbxL.exe
  2⤵
  PID:5720
- C:\Windows\System\vIBxeTl.exe
  C:\Windows\System\vIBxeTl.exe
  2⤵
  PID:6004
- C:\Windows\System\xogInTU.exe
  C:\Windows\System\xogInTU.exe
  2⤵
  PID:6060
- C:\Windows\System\ULQdSPl.exe
  C:\Windows\System\ULQdSPl.exe
  2⤵
  PID:5784
- C:\Windows\System\CBGerJm.exe
  C:\Windows\System\CBGerJm.exe
  2⤵
  PID:2388
- C:\Windows\System\tZPoZJK.exe
  C:\Windows\System\tZPoZJK.exe
  2⤵
  PID:5988
- C:\Windows\System\bDHcZfH.exe
  C:\Windows\System\bDHcZfH.exe
  2⤵
  PID:5900
- C:\Windows\System\FvrbBkB.exe
  C:\Windows\System\FvrbBkB.exe
  2⤵
  PID:6084
- C:\Windows\System\WhBODwz.exe
  C:\Windows\System\WhBODwz.exe
  2⤵
  PID:6124
- C:\Windows\System\CnKdjmw.exe
  C:\Windows\System\CnKdjmw.exe
  2⤵
  PID:5804
- C:\Windows\System\pDXPVYq.exe
  C:\Windows\System\pDXPVYq.exe
  2⤵
  PID:5456
- C:\Windows\System\bSHYIjU.exe
  C:\Windows\System\bSHYIjU.exe
  2⤵
  PID:5440
- C:\Windows\System\rIHWHOG.exe
  C:\Windows\System\rIHWHOG.exe
  2⤵
  PID:5260
- C:\Windows\System\BdeGQbR.exe
  C:\Windows\System\BdeGQbR.exe
  2⤵
  PID:5636
- C:\Windows\System\FhNAMsS.exe
  C:\Windows\System\FhNAMsS.exe
  2⤵
  PID:5704
- C:\Windows\System\evVjwvQ.exe
  C:\Windows\System\evVjwvQ.exe
  2⤵
  PID:5732
- C:\Windows\System\JRMnnHX.exe
  C:\Windows\System\JRMnnHX.exe
  2⤵
  PID:5412
- C:\Windows\System\MJILSyL.exe
  C:\Windows\System\MJILSyL.exe
  2⤵
  PID:2248
- C:\Windows\System\NcTTjQH.exe
  C:\Windows\System\NcTTjQH.exe
  2⤵
  PID:5724
- C:\Windows\System\nzqjVlf.exe
  C:\Windows\System\nzqjVlf.exe
  2⤵
  PID:380
- C:\Windows\System\XWJHKSQ.exe
  C:\Windows\System\XWJHKSQ.exe
  2⤵
  PID:4728
- C:\Windows\System\QinTfJA.exe
  C:\Windows\System\QinTfJA.exe
  2⤵
  PID:5944
- C:\Windows\System\wXNzlee.exe
  C:\Windows\System\wXNzlee.exe
  2⤵
  PID:5232
- C:\Windows\System\skECnIE.exe
  C:\Windows\System\skECnIE.exe
  2⤵
  PID:5880
- C:\Windows\System\OaEeulB.exe
  C:\Windows\System\OaEeulB.exe
  2⤵
  PID:5504
- C:\Windows\System\xjQcFDY.exe
  C:\Windows\System\xjQcFDY.exe
  2⤵
  PID:1328
- C:\Windows\System\qjPIZxa.exe
  C:\Windows\System\qjPIZxa.exe
  2⤵
  PID:5948
- C:\Windows\System\dQQcLQb.exe
  C:\Windows\System\dQQcLQb.exe
  2⤵
  PID:6016
- C:\Windows\System\fXIzFsP.exe
  C:\Windows\System\fXIzFsP.exe
  2⤵
  PID:5592
- C:\Windows\System\UEEJgOn.exe
  C:\Windows\System\UEEJgOn.exe
  2⤵
  PID:2116
- C:\Windows\System\gxlOuhC.exe
  C:\Windows\System\gxlOuhC.exe
  2⤵
  PID:6148
- C:\Windows\System\nUuOfQx.exe
  C:\Windows\System\nUuOfQx.exe
  2⤵
  PID:6196
- C:\Windows\System\fPdWOal.exe
  C:\Windows\System\fPdWOal.exe
  2⤵
  PID:6220
- C:\Windows\System\qRpqSqe.exe
  C:\Windows\System\qRpqSqe.exe
  2⤵
  PID:6236
- C:\Windows\System\BtyKgmo.exe
  C:\Windows\System\BtyKgmo.exe
  2⤵
  PID:6252
- C:\Windows\System\WbkGsPe.exe
  C:\Windows\System\WbkGsPe.exe
  2⤵
  PID:6272
- C:\Windows\System\FWwnFmO.exe
  C:\Windows\System\FWwnFmO.exe
  2⤵
  PID:6308
- C:\Windows\System\iZegcPt.exe
  C:\Windows\System\iZegcPt.exe
  2⤵
  PID:6324
- C:\Windows\System\OhSYHYg.exe
  C:\Windows\System\OhSYHYg.exe
  2⤵
  PID:6340
- C:\Windows\System\GFLowFk.exe
  C:\Windows\System\GFLowFk.exe
  2⤵
  PID:6364
- C:\Windows\System\RyieFXP.exe
  C:\Windows\System\RyieFXP.exe
  2⤵
  PID:6380
- C:\Windows\System\iyhBeDy.exe
  C:\Windows\System\iyhBeDy.exe
  2⤵
  PID:6396
- C:\Windows\System\EUxxCyy.exe
  C:\Windows\System\EUxxCyy.exe
  2⤵
  PID:6412
- C:\Windows\System\zJkjqna.exe
  C:\Windows\System\zJkjqna.exe
  2⤵
  PID:6436
- C:\Windows\System\RnhwLic.exe
  C:\Windows\System\RnhwLic.exe
  2⤵
  PID:6472
- C:\Windows\System\gyfrUei.exe
  C:\Windows\System\gyfrUei.exe
  2⤵
  PID:6488
- C:\Windows\System\QcQeNWQ.exe
  C:\Windows\System\QcQeNWQ.exe
  2⤵
  PID:6504
- C:\Windows\System\sVNtnPB.exe
  C:\Windows\System\sVNtnPB.exe
  2⤵
  PID:6520
- C:\Windows\System\bsbfqjR.exe
  C:\Windows\System\bsbfqjR.exe
  2⤵
  PID:6536
- C:\Windows\System\zSZFMIQ.exe
  C:\Windows\System\zSZFMIQ.exe
  2⤵
  PID:6552
- C:\Windows\System\jbYMyCB.exe
  C:\Windows\System\jbYMyCB.exe
  2⤵
  PID:6572
- C:\Windows\System\oHaCaYL.exe
  C:\Windows\System\oHaCaYL.exe
  2⤵
  PID:6592
- C:\Windows\System\dMhZDDl.exe
  C:\Windows\System\dMhZDDl.exe
  2⤵
  PID:6612
- C:\Windows\System\PBTtKsa.exe
  C:\Windows\System\PBTtKsa.exe
  2⤵
  PID:6632
- C:\Windows\System\hscTkFe.exe
  C:\Windows\System\hscTkFe.exe
  2⤵
  PID:6648
- C:\Windows\System\xCbFCYR.exe
  C:\Windows\System\xCbFCYR.exe
  2⤵
  PID:6664
- C:\Windows\System\iRLEOSe.exe
  C:\Windows\System\iRLEOSe.exe
  2⤵
  PID:6680
- C:\Windows\System\XQgHtoB.exe
  C:\Windows\System\XQgHtoB.exe
  2⤵
  PID:6732
- C:\Windows\System\nCEnJIQ.exe
  C:\Windows\System\nCEnJIQ.exe
  2⤵
  PID:6752
- C:\Windows\System\PctwPsU.exe
  C:\Windows\System\PctwPsU.exe
  2⤵
  PID:6768
- C:\Windows\System\CIAQDxt.exe
  C:\Windows\System\CIAQDxt.exe
  2⤵
  PID:6784
- C:\Windows\System\wMZsWvZ.exe
  C:\Windows\System\wMZsWvZ.exe
  2⤵
  PID:6800
- C:\Windows\System\KsziAGW.exe
  C:\Windows\System\KsziAGW.exe
  2⤵
  PID:6816
- C:\Windows\System\HmHOobK.exe
  C:\Windows\System\HmHOobK.exe
  2⤵
  PID:6832
- C:\Windows\System\YZtjQTW.exe
  C:\Windows\System\YZtjQTW.exe
  2⤵
  PID:6856
- C:\Windows\System\wzbkfsL.exe
  C:\Windows\System\wzbkfsL.exe
  2⤵
  PID:6872
- C:\Windows\System\WwHOtbd.exe
  C:\Windows\System\WwHOtbd.exe
  2⤵
  PID:6892
- C:\Windows\System\MDjzHUo.exe
  C:\Windows\System\MDjzHUo.exe
  2⤵
  PID:6912
- C:\Windows\System\djhRnPe.exe
  C:\Windows\System\djhRnPe.exe
  2⤵
  PID:6928
- C:\Windows\System\hPcZEQI.exe
  C:\Windows\System\hPcZEQI.exe
  2⤵
  PID:6948
- C:\Windows\System\JOcyFYc.exe
  C:\Windows\System\JOcyFYc.exe
  2⤵
  PID:6964
- C:\Windows\System\riljevu.exe
  C:\Windows\System\riljevu.exe
  2⤵
  PID:7004
- C:\Windows\System\SGMyVNh.exe
  C:\Windows\System\SGMyVNh.exe
  2⤵
  PID:7024
- C:\Windows\System\XufYWbE.exe
  C:\Windows\System\XufYWbE.exe
  2⤵
  PID:7048
- C:\Windows\System\ISjitDj.exe
  C:\Windows\System\ISjitDj.exe
  2⤵
  PID:7068
- C:\Windows\System\LFZCsTQ.exe
  C:\Windows\System\LFZCsTQ.exe
  2⤵
  PID:7088
- C:\Windows\System\dmSYbzE.exe
  C:\Windows\System\dmSYbzE.exe
  2⤵
  PID:7108
- C:\Windows\System\DhVOSjb.exe
  C:\Windows\System\DhVOSjb.exe
  2⤵
  PID:7124
- C:\Windows\System\rPvwsTP.exe
  C:\Windows\System\rPvwsTP.exe
  2⤵
  PID:7148
- C:\Windows\System\LhzlZPs.exe
  C:\Windows\System\LhzlZPs.exe
  2⤵
  PID:5820
- C:\Windows\System\avzdbxr.exe
  C:\Windows\System\avzdbxr.exe
  2⤵
  PID:1944
- C:\Windows\System\hZqWRLn.exe
  C:\Windows\System\hZqWRLn.exe
  2⤵
  PID:1100
- C:\Windows\System\gTbYwje.exe
  C:\Windows\System\gTbYwje.exe
  2⤵
  PID:6216
- C:\Windows\System\LRUAyqW.exe
  C:\Windows\System\LRUAyqW.exe
  2⤵
  PID:6160
- C:\Windows\System\BcesyRf.exe
  C:\Windows\System\BcesyRf.exe
  2⤵
  PID:6176
- C:\Windows\System\AzYRjFe.exe
  C:\Windows\System\AzYRjFe.exe
  2⤵
  PID:5520
- C:\Windows\System\DXFYyqr.exe
  C:\Windows\System\DXFYyqr.exe
  2⤵
  PID:5684
- C:\Windows\System\fGvnzQH.exe
  C:\Windows\System\fGvnzQH.exe
  2⤵
  PID:4372
- C:\Windows\System\PrHgywE.exe
  C:\Windows\System\PrHgywE.exe
  2⤵
  PID:4340
- C:\Windows\System\RVCrxMN.exe
  C:\Windows\System\RVCrxMN.exe
  2⤵
  PID:6404
- C:\Windows\System\MPwecfl.exe
  C:\Windows\System\MPwecfl.exe
  2⤵
  PID:6352
- C:\Windows\System\XAMBKvd.exe
  C:\Windows\System\XAMBKvd.exe
  2⤵
  PID:6388
- C:\Windows\System\jjQhPaP.exe
  C:\Windows\System\jjQhPaP.exe
  2⤵
  PID:6452
- C:\Windows\System\DIHzzwW.exe
  C:\Windows\System\DIHzzwW.exe
  2⤵
  PID:6464
- C:\Windows\System\zuIjxws.exe
  C:\Windows\System\zuIjxws.exe
  2⤵
  PID:6564
- C:\Windows\System\VbgIGtG.exe
  C:\Windows\System\VbgIGtG.exe
  2⤵
  PID:6608
- C:\Windows\System\UgIxKBe.exe
  C:\Windows\System\UgIxKBe.exe
  2⤵
  PID:6584
- C:\Windows\System\WVdiMhQ.exe
  C:\Windows\System\WVdiMhQ.exe
  2⤵
  PID:6660
- C:\Windows\System\zOkXsVi.exe
  C:\Windows\System\zOkXsVi.exe
  2⤵
  PID:6700
- C:\Windows\System\DxHhnOm.exe
  C:\Windows\System\DxHhnOm.exe
  2⤵
  PID:6548
- C:\Windows\System\YpBLeqK.exe
  C:\Windows\System\YpBLeqK.exe
  2⤵
  PID:6716
- C:\Windows\System\gjctfmW.exe
  C:\Windows\System\gjctfmW.exe
  2⤵
  PID:6744
- C:\Windows\System\Loxrcas.exe
  C:\Windows\System\Loxrcas.exe
  2⤵
  PID:6840
- C:\Windows\System\KjRToLT.exe
  C:\Windows\System\KjRToLT.exe
  2⤵
  PID:6884
- C:\Windows\System\JckMUnp.exe
  C:\Windows\System\JckMUnp.exe
  2⤵
  PID:6924
- C:\Windows\System\WsqqTcH.exe
  C:\Windows\System\WsqqTcH.exe
  2⤵
  PID:6900
- C:\Windows\System\JHOoyqB.exe
  C:\Windows\System\JHOoyqB.exe
  2⤵
  PID:6944
- C:\Windows\System\xTUlezp.exe
  C:\Windows\System\xTUlezp.exe
  2⤵
  PID:6864
- C:\Windows\System\kQJdSGb.exe
  C:\Windows\System\kQJdSGb.exe
  2⤵
  PID:6984
- C:\Windows\System\afFGsVZ.exe
  C:\Windows\System\afFGsVZ.exe
  2⤵
  PID:7000
- C:\Windows\System\nFXisgu.exe
  C:\Windows\System\nFXisgu.exe
  2⤵
  PID:7056
- C:\Windows\System\pLCgZhN.exe
  C:\Windows\System\pLCgZhN.exe
  2⤵
  PID:7080
- C:\Windows\System\CGoJxNP.exe
  C:\Windows\System\CGoJxNP.exe
  2⤵
  PID:7132
- C:\Windows\System\xrtsYyH.exe
  C:\Windows\System\xrtsYyH.exe
  2⤵
  PID:7144
- C:\Windows\System\rYPfUjo.exe
  C:\Windows\System\rYPfUjo.exe
  2⤵
  PID:6212
- C:\Windows\System\degGlQi.exe
  C:\Windows\System\degGlQi.exe
  2⤵
  PID:6184
- C:\Windows\System\rCkHEMH.exe
  C:\Windows\System\rCkHEMH.exe
  2⤵
  PID:876
- C:\Windows\System\OhNMaJr.exe
  C:\Windows\System\OhNMaJr.exe
  2⤵
  PID:6424
- C:\Windows\System\zhbyeny.exe
  C:\Windows\System\zhbyeny.exe
  2⤵
  PID:6336
- C:\Windows\System\HqWVBbt.exe
  C:\Windows\System\HqWVBbt.exe
  2⤵
  PID:6376
- C:\Windows\System\EvyELIZ.exe
  C:\Windows\System\EvyELIZ.exe
  2⤵
  PID:7156
- C:\Windows\System\lQWltuU.exe
  C:\Windows\System\lQWltuU.exe
  2⤵
  PID:2872
- C:\Windows\System\jqrRUPx.exe
  C:\Windows\System\jqrRUPx.exe
  2⤵
  PID:3792
- C:\Windows\System\oPLNWgA.exe
  C:\Windows\System\oPLNWgA.exe
  2⤵
  PID:6500
- C:\Windows\System\ITsmcDW.exe
  C:\Windows\System\ITsmcDW.exe
  2⤵
  PID:6600
- C:\Windows\System\wlnpXIV.exe
  C:\Windows\System\wlnpXIV.exe
  2⤵
  PID:6688
- C:\Windows\System\XjXihty.exe
  C:\Windows\System\XjXihty.exe
  2⤵
  PID:6704
- C:\Windows\System\MRwkwNK.exe
  C:\Windows\System\MRwkwNK.exe
  2⤵
  PID:6712
- C:\Windows\System\QBJmgnx.exe
  C:\Windows\System\QBJmgnx.exe
  2⤵
  PID:6808
- C:\Windows\System\czKiCIx.exe
  C:\Windows\System\czKiCIx.exe
  2⤵
  PID:6852
- C:\Windows\System\RiZcrgX.exe
  C:\Windows\System\RiZcrgX.exe
  2⤵
  PID:6940
- C:\Windows\System\KVatnuw.exe
  C:\Windows\System\KVatnuw.exe
  2⤵
  PID:7020
- C:\Windows\System\DHFHlsF.exe
  C:\Windows\System\DHFHlsF.exe
  2⤵
  PID:6824
- C:\Windows\System\KwwmrkG.exe
  C:\Windows\System\KwwmrkG.exe
  2⤵
  PID:6992
- C:\Windows\System\WeNKjnc.exe
  C:\Windows\System\WeNKjnc.exe
  2⤵
  PID:7064
- C:\Windows\System\IWbhuVq.exe
  C:\Windows\System\IWbhuVq.exe
  2⤵
  PID:7104
- C:\Windows\System\rvZKPsU.exe
  C:\Windows\System\rvZKPsU.exe
  2⤵
  PID:6300
- C:\Windows\System\dvwlyvO.exe
  C:\Windows\System\dvwlyvO.exe
  2⤵
  PID:6260
- C:\Windows\System\oUWNtXU.exe
  C:\Windows\System\oUWNtXU.exe
  2⤵
  PID:7120
- C:\Windows\System\QDdQMsZ.exe
  C:\Windows\System\QDdQMsZ.exe
  2⤵
  PID:6228
- C:\Windows\System\jtCIMXF.exe
  C:\Windows\System\jtCIMXF.exe
  2⤵
  PID:6420
- C:\Windows\System\WsKLrQe.exe
  C:\Windows\System\WsKLrQe.exe
  2⤵
  PID:6180
- C:\Windows\System\wveXChz.exe
  C:\Windows\System\wveXChz.exe
  2⤵
  PID:6360
- C:\Windows\System\gfaAAPH.exe
  C:\Windows\System\gfaAAPH.exe
  2⤵
  PID:6480
- C:\Windows\System\MYtnOLV.exe
  C:\Windows\System\MYtnOLV.exe
  2⤵
  PID:6920
- C:\Windows\System\yPlXBnZ.exe
  C:\Windows\System\yPlXBnZ.exe
  2⤵
  PID:7044
- C:\Windows\System\YtRkoaF.exe
  C:\Windows\System\YtRkoaF.exe
  2⤵
  PID:6348
- C:\Windows\System\sFpinpp.exe
  C:\Windows\System\sFpinpp.exe
  2⤵
  PID:6628
- C:\Windows\System\LOMqcgs.exe
  C:\Windows\System\LOMqcgs.exe
  2⤵
  PID:6172
- C:\Windows\System\pXPIrLR.exe
  C:\Windows\System\pXPIrLR.exe
  2⤵
  PID:7076
- C:\Windows\System\JwfshZn.exe
  C:\Windows\System\JwfshZn.exe
  2⤵
  PID:6448
- C:\Windows\System\XgKexvx.exe
  C:\Windows\System\XgKexvx.exe
  2⤵
  PID:6432
- C:\Windows\System\OHVaeRf.exe
  C:\Windows\System\OHVaeRf.exe
  2⤵
  PID:6728
- C:\Windows\System\gHMBchx.exe
  C:\Windows\System\gHMBchx.exe
  2⤵
  PID:6696
- C:\Windows\System\qmBADPU.exe
  C:\Windows\System\qmBADPU.exe
  2⤵
  PID:6848
- C:\Windows\System\miaDlbQ.exe
  C:\Windows\System\miaDlbQ.exe
  2⤵
  PID:7040
- C:\Windows\System\qtVaXTG.exe
  C:\Windows\System\qtVaXTG.exe
  2⤵
  PID:7164
- C:\Windows\System\UHFCqIN.exe
  C:\Windows\System\UHFCqIN.exe
  2⤵
  PID:6708
- C:\Windows\System\jTAChHa.exe
  C:\Windows\System\jTAChHa.exe
  2⤵
  PID:6936
- C:\Windows\System\nDjvGsK.exe
  C:\Windows\System\nDjvGsK.exe
  2⤵
  PID:7180
- C:\Windows\System\foJYeFT.exe
  C:\Windows\System\foJYeFT.exe
  2⤵
  PID:7196
- C:\Windows\System\uCmccbZ.exe
  C:\Windows\System\uCmccbZ.exe
  2⤵
  PID:7212
- C:\Windows\System\bylnINQ.exe
  C:\Windows\System\bylnINQ.exe
  2⤵
  PID:7228
- C:\Windows\System\tFUxRvu.exe
  C:\Windows\System\tFUxRvu.exe
  2⤵
  PID:7248
- C:\Windows\System\zRTlRUf.exe
  C:\Windows\System\zRTlRUf.exe
  2⤵
  PID:7272
- C:\Windows\System\kLRfSbD.exe
  C:\Windows\System\kLRfSbD.exe
  2⤵
  PID:7292
- C:\Windows\System\AFgoinv.exe
  C:\Windows\System\AFgoinv.exe
  2⤵
  PID:7308
- C:\Windows\System\VpHtHBY.exe
  C:\Windows\System\VpHtHBY.exe
  2⤵
  PID:7328
- C:\Windows\System\LOgOMUo.exe
  C:\Windows\System\LOgOMUo.exe
  2⤵
  PID:7360
- C:\Windows\System\JHbaKXC.exe
  C:\Windows\System\JHbaKXC.exe
  2⤵
  PID:7376
- C:\Windows\System\BFuYJiY.exe
  C:\Windows\System\BFuYJiY.exe
  2⤵
  PID:7392
- C:\Windows\System\txuveIg.exe
  C:\Windows\System\txuveIg.exe
  2⤵
  PID:7408
- C:\Windows\System\gOdguCO.exe
  C:\Windows\System\gOdguCO.exe
  2⤵
  PID:7424
- C:\Windows\System\CsSIfNf.exe
  C:\Windows\System\CsSIfNf.exe
  2⤵
  PID:7440
- C:\Windows\System\qDqbFiH.exe
  C:\Windows\System\qDqbFiH.exe
  2⤵
  PID:7456
- C:\Windows\System\tqLhJSr.exe
  C:\Windows\System\tqLhJSr.exe
  2⤵
  PID:7472
- C:\Windows\System\vjrTYkj.exe
  C:\Windows\System\vjrTYkj.exe
  2⤵
  PID:7488
- C:\Windows\System\apeelsw.exe
  C:\Windows\System\apeelsw.exe
  2⤵
  PID:7504
- C:\Windows\System\AkddSZY.exe
  C:\Windows\System\AkddSZY.exe
  2⤵
  PID:7520
- C:\Windows\System\HpcWIZZ.exe
  C:\Windows\System\HpcWIZZ.exe
  2⤵
  PID:7536
- C:\Windows\System\IZkCqsH.exe
  C:\Windows\System\IZkCqsH.exe
  2⤵
  PID:7556
- C:\Windows\System\CcKOJzg.exe
  C:\Windows\System\CcKOJzg.exe
  2⤵
  PID:7572
- C:\Windows\System\xzziafy.exe
  C:\Windows\System\xzziafy.exe
  2⤵
  PID:7588
- C:\Windows\System\gnqPaGc.exe
  C:\Windows\System\gnqPaGc.exe
  2⤵
  PID:7604
- C:\Windows\System\rFHIZnh.exe
  C:\Windows\System\rFHIZnh.exe
  2⤵
  PID:7668
- C:\Windows\System\SOkyauV.exe
  C:\Windows\System\SOkyauV.exe
  2⤵
  PID:7684
- C:\Windows\System\hcFvaLT.exe
  C:\Windows\System\hcFvaLT.exe
  2⤵
  PID:7704
- C:\Windows\System\mRqixEt.exe
  C:\Windows\System\mRqixEt.exe
  2⤵
  PID:7724
- C:\Windows\System\hneKCbm.exe
  C:\Windows\System\hneKCbm.exe
  2⤵
  PID:7744
- C:\Windows\System\ihNxkKR.exe
  C:\Windows\System\ihNxkKR.exe
  2⤵
  PID:7768
- C:\Windows\System\oTwkQzM.exe
  C:\Windows\System\oTwkQzM.exe
  2⤵
  PID:7796
- C:\Windows\System\SZdYdaV.exe
  C:\Windows\System\SZdYdaV.exe
  2⤵
  PID:7812
- C:\Windows\System\tlgyrrI.exe
  C:\Windows\System\tlgyrrI.exe
  2⤵
  PID:7840
- C:\Windows\System\UsVFmch.exe
  C:\Windows\System\UsVFmch.exe
  2⤵
  PID:7860
- C:\Windows\System\CkRHVjC.exe
  C:\Windows\System\CkRHVjC.exe
  2⤵
  PID:7888
- C:\Windows\System\RPyXMhc.exe
  C:\Windows\System\RPyXMhc.exe
  2⤵
  PID:7916
- C:\Windows\System\aLJWJYe.exe
  C:\Windows\System\aLJWJYe.exe
  2⤵
  PID:7936
- C:\Windows\System\RYePBle.exe
  C:\Windows\System\RYePBle.exe
  2⤵
  PID:7956
- C:\Windows\System\GgfRSRW.exe
  C:\Windows\System\GgfRSRW.exe
  2⤵
  PID:7980
- C:\Windows\System\xgGazfN.exe
  C:\Windows\System\xgGazfN.exe
  2⤵
  PID:7996
- C:\Windows\System\mqlaAjn.exe
  C:\Windows\System\mqlaAjn.exe
  2⤵
  PID:8016
- C:\Windows\System\GICLsXn.exe
  C:\Windows\System\GICLsXn.exe
  2⤵
  PID:8032
- C:\Windows\System\aFPcMwS.exe
  C:\Windows\System\aFPcMwS.exe
  2⤵
  PID:8052
- C:\Windows\System\SEVjUBC.exe
  C:\Windows\System\SEVjUBC.exe
  2⤵
  PID:8068
- C:\Windows\System\cqqyfyF.exe
  C:\Windows\System\cqqyfyF.exe
  2⤵
  PID:8088
- C:\Windows\System\ziyXLfF.exe
  C:\Windows\System\ziyXLfF.exe
  2⤵
  PID:8108
- C:\Windows\System\tEyPBSt.exe
  C:\Windows\System\tEyPBSt.exe
  2⤵
  PID:8124
- C:\Windows\System\wvdKRGI.exe
  C:\Windows\System\wvdKRGI.exe
  2⤵
  PID:8144
- C:\Windows\System\IVNFEfz.exe
  C:\Windows\System\IVNFEfz.exe
  2⤵
  PID:8160
- C:\Windows\System\zVsOjqZ.exe
  C:\Windows\System\zVsOjqZ.exe
  2⤵
  PID:8176
- C:\Windows\System\uLmlnjR.exe
  C:\Windows\System\uLmlnjR.exe
  2⤵
  PID:6268
- C:\Windows\System\DtlsPko.exe
  C:\Windows\System\DtlsPko.exe
  2⤵
  PID:7192
- C:\Windows\System\ISqnjCI.exe
  C:\Windows\System\ISqnjCI.exe
  2⤵
  PID:7264
- C:\Windows\System\tpFaOxc.exe
  C:\Windows\System\tpFaOxc.exe
  2⤵
  PID:7116
- C:\Windows\System\inxZhrW.exe
  C:\Windows\System\inxZhrW.exe
  2⤵
  PID:7096
- C:\Windows\System\KoaLNJJ.exe
  C:\Windows\System\KoaLNJJ.exe
  2⤵
  PID:7352
- C:\Windows\System\aeZERCc.exe
  C:\Windows\System\aeZERCc.exe
  2⤵
  PID:7448
- C:\Windows\System\zHfkQBQ.exe
  C:\Windows\System\zHfkQBQ.exe
  2⤵
  PID:7516
- C:\Windows\System\HUknxPk.exe
  C:\Windows\System\HUknxPk.exe
  2⤵
  PID:7612
- C:\Windows\System\bwDEncs.exe
  C:\Windows\System\bwDEncs.exe
  2⤵
  PID:7324
- C:\Windows\System\pLvVwXE.exe
  C:\Windows\System\pLvVwXE.exe
  2⤵
  PID:7620
- C:\Windows\System\OFyIZEW.exe
  C:\Windows\System\OFyIZEW.exe
  2⤵
  PID:7640
- C:\Windows\System\xSpEnZa.exe
  C:\Windows\System\xSpEnZa.exe
  2⤵
  PID:7660
- C:\Windows\System\IEvsMvE.exe
  C:\Windows\System\IEvsMvE.exe
  2⤵
  PID:7732
- C:\Windows\System\zTqzdOF.exe
  C:\Windows\System\zTqzdOF.exe
  2⤵
  PID:7468
- C:\Windows\System\lnjtZoo.exe
  C:\Windows\System\lnjtZoo.exe
  2⤵
  PID:7788
- C:\Windows\System\UxNwnKf.exe
  C:\Windows\System\UxNwnKf.exe
  2⤵
  PID:7832
- C:\Windows\System\akoiDFH.exe
  C:\Windows\System\akoiDFH.exe
  2⤵
  PID:7836
- C:\Windows\System\pKGFiuw.exe
  C:\Windows\System\pKGFiuw.exe
  2⤵
  PID:7404
- C:\Windows\System\qDRAsoI.exe
  C:\Windows\System\qDRAsoI.exe
  2⤵
  PID:7204
- C:\Windows\System\hDFLWzM.exe
  C:\Windows\System\hDFLWzM.exe
  2⤵
  PID:7720
- C:\Windows\System\AxqgHys.exe
  C:\Windows\System\AxqgHys.exe
  2⤵
  PID:7764
- C:\Windows\System\DXzwDmf.exe
  C:\Windows\System\DXzwDmf.exe
  2⤵
  PID:7568
- C:\Windows\System\kHtALKh.exe
  C:\Windows\System\kHtALKh.exe
  2⤵
  PID:7712
- C:\Windows\System\lKVvpUZ.exe
  C:\Windows\System\lKVvpUZ.exe
  2⤵
  PID:7852
- C:\Windows\System\uJfidvL.exe
  C:\Windows\System\uJfidvL.exe
  2⤵
  PID:7932
- C:\Windows\System\WhZBDdr.exe
  C:\Windows\System\WhZBDdr.exe
  2⤵
  PID:7968
- C:\Windows\System\IoFHVaT.exe
  C:\Windows\System\IoFHVaT.exe
  2⤵
  PID:7988
- C:\Windows\System\JWmnTqn.exe
  C:\Windows\System\JWmnTqn.exe
  2⤵
  PID:8012
- C:\Windows\System\xOxYevE.exe
  C:\Windows\System\xOxYevE.exe
  2⤵
  PID:8116
- C:\Windows\System\CPEBSpL.exe
  C:\Windows\System\CPEBSpL.exe
  2⤵
  PID:8188
- C:\Windows\System\KEXGfxs.exe
  C:\Windows\System\KEXGfxs.exe
  2⤵
  PID:7256
- C:\Windows\System\bTFQAoc.exe
  C:\Windows\System\bTFQAoc.exe
  2⤵
  PID:8100
- C:\Windows\System\mGvOGbp.exe
  C:\Windows\System\mGvOGbp.exe
  2⤵
  PID:7420
- C:\Windows\System\RqZgmkb.exe
  C:\Windows\System\RqZgmkb.exe
  2⤵
  PID:8140
- C:\Windows\System\EWRIdle.exe
  C:\Windows\System\EWRIdle.exe
  2⤵
  PID:7176
- C:\Windows\System\uujtnzw.exe
  C:\Windows\System\uujtnzw.exe
  2⤵
  PID:6764
- C:\Windows\System\ZRqrgoe.exe
  C:\Windows\System\ZRqrgoe.exe
  2⤵
  PID:7480
- C:\Windows\System\ghzQqHa.exe
  C:\Windows\System\ghzQqHa.exe
  2⤵
  PID:6672
- C:\Windows\System\TYcgBKB.exe
  C:\Windows\System\TYcgBKB.exe
  2⤵
  PID:7316
- C:\Windows\System\QOlGYEp.exe
  C:\Windows\System\QOlGYEp.exe
  2⤵
  PID:7636
- C:\Windows\System\eXpMLqr.exe
  C:\Windows\System\eXpMLqr.exe
  2⤵
  PID:7692
- C:\Windows\System\WZsPWDd.exe
  C:\Windows\System\WZsPWDd.exe
  2⤵
  PID:7820
- C:\Windows\System\NlVacWx.exe
  C:\Windows\System\NlVacWx.exe
  2⤵
  PID:7868
- C:\Windows\System\lhVMpRK.exe
  C:\Windows\System\lhVMpRK.exe
  2⤵
  PID:7532
- C:\Windows\System\zjPfczL.exe
  C:\Windows\System\zjPfczL.exe
  2⤵
  PID:7784
- C:\Windows\System\wAuVDZB.exe
  C:\Windows\System\wAuVDZB.exe
  2⤵
  PID:7948
- C:\Windows\System\vzsjYnj.exe
  C:\Windows\System\vzsjYnj.exe
  2⤵
  PID:8040
- C:\Windows\System\UVACOKR.exe
  C:\Windows\System\UVACOKR.exe
  2⤵
  PID:8156
- C:\Windows\System\rcqlIaB.exe
  C:\Windows\System\rcqlIaB.exe
  2⤵
  PID:7600
- C:\Windows\System\oFSvrXi.exe
  C:\Windows\System\oFSvrXi.exe
  2⤵
  PID:7900
- C:\Windows\System\FLXpzPi.exe
  C:\Windows\System\FLXpzPi.exe
  2⤵
  PID:7344
- C:\Windows\System\rehVybP.exe
  C:\Windows\System\rehVybP.exe
  2⤵
  PID:6512
- C:\Windows\System\SKxsCve.exe
  C:\Windows\System\SKxsCve.exe
  2⤵
  PID:7388
- C:\Windows\System\eYDqlcq.exe
  C:\Windows\System\eYDqlcq.exe
  2⤵
  PID:6792
- C:\Windows\System\OLNkrhn.exe
  C:\Windows\System\OLNkrhn.exe
  2⤵
  PID:8168
- C:\Windows\System\OKfovKh.exe
  C:\Windows\System\OKfovKh.exe
  2⤵
  PID:6288
- C:\Windows\System\igLJzkQ.exe
  C:\Windows\System\igLJzkQ.exe
  2⤵
  PID:7284
- C:\Windows\System\MfXevBs.exe
  C:\Windows\System\MfXevBs.exe
  2⤵
  PID:7656
- C:\Windows\System\BoEcwid.exe
  C:\Windows\System\BoEcwid.exe
  2⤵
  PID:1560
- C:\Windows\System\iBqqKqK.exe
  C:\Windows\System\iBqqKqK.exe
  2⤵
  PID:7904
- C:\Windows\System\gwmbjQR.exe
  C:\Windows\System\gwmbjQR.exe
  2⤵
  PID:7320
- C:\Windows\System\hAUcigV.exe
  C:\Windows\System\hAUcigV.exe
  2⤵
  PID:7500
- C:\Windows\System\jAUPWBI.exe
  C:\Windows\System\jAUPWBI.exe
  2⤵
  PID:8008
- C:\Windows\System\yMiuDEl.exe
  C:\Windows\System\yMiuDEl.exe
  2⤵
  PID:7896
- C:\Windows\System\QcTfDtt.exe
  C:\Windows\System\QcTfDtt.exe
  2⤵
  PID:6528
- C:\Windows\System\VzBWkzb.exe
  C:\Windows\System\VzBWkzb.exe
  2⤵
  PID:8136
- C:\Windows\System\NXmxlkV.exe
  C:\Windows\System\NXmxlkV.exe
  2⤵
  PID:7384
- C:\Windows\System\grnpDMc.exe
  C:\Windows\System\grnpDMc.exe
  2⤵
  PID:7884
- C:\Windows\System\AcyKeGH.exe
  C:\Windows\System\AcyKeGH.exe
  2⤵
  PID:7464
- C:\Windows\System\vscCIRY.exe
  C:\Windows\System\vscCIRY.exe
  2⤵
  PID:7760
- C:\Windows\System\hoXOygF.exe
  C:\Windows\System\hoXOygF.exe
  2⤵
  PID:7652
- C:\Windows\System\pJZVThp.exe
  C:\Windows\System\pJZVThp.exe
  2⤵
  PID:7972
- C:\Windows\System\qJzBdKc.exe
  C:\Windows\System\qJzBdKc.exe
  2⤵
  PID:7876
- C:\Windows\System\vjBmSeY.exe
  C:\Windows\System\vjBmSeY.exe
  2⤵
  PID:7632
- C:\Windows\System\yipjjaP.exe
  C:\Windows\System\yipjjaP.exe
  2⤵
  PID:7348
- C:\Windows\System\ICjzDyQ.exe
  C:\Windows\System\ICjzDyQ.exe
  2⤵
  PID:7872
- C:\Windows\System\hSDIwph.exe
  C:\Windows\System\hSDIwph.exe
  2⤵
  PID:7300
- C:\Windows\System\JGMDwkQ.exe
  C:\Windows\System\JGMDwkQ.exe
  2⤵
  PID:8212
- C:\Windows\System\dyVDAwG.exe
  C:\Windows\System\dyVDAwG.exe
  2⤵
  PID:8228
- C:\Windows\System\PzLZbEr.exe
  C:\Windows\System\PzLZbEr.exe
  2⤵
  PID:8244
- C:\Windows\System\ozDaBAs.exe
  C:\Windows\System\ozDaBAs.exe
  2⤵
  PID:8272
- C:\Windows\System\PMdQwjz.exe
  C:\Windows\System\PMdQwjz.exe
  2⤵
  PID:8296
- C:\Windows\System\ZtPqynb.exe
  C:\Windows\System\ZtPqynb.exe
  2⤵
  PID:8312
- C:\Windows\System\huxhvKV.exe
  C:\Windows\System\huxhvKV.exe
  2⤵
  PID:8344
- C:\Windows\System\vKWKkKW.exe
  C:\Windows\System\vKWKkKW.exe
  2⤵
  PID:8364
- C:\Windows\System\oqdPKVv.exe
  C:\Windows\System\oqdPKVv.exe
  2⤵
  PID:8380
- C:\Windows\System\qAEohYm.exe
  C:\Windows\System\qAEohYm.exe
  2⤵
  PID:8400
- C:\Windows\System\cKqTMbK.exe
  C:\Windows\System\cKqTMbK.exe
  2⤵
  PID:8428
- C:\Windows\System\hZKgQiA.exe
  C:\Windows\System\hZKgQiA.exe
  2⤵
  PID:8448
- C:\Windows\System\plPZSPP.exe
  C:\Windows\System\plPZSPP.exe
  2⤵
  PID:8468
- C:\Windows\System\DijGjIv.exe
  C:\Windows\System\DijGjIv.exe
  2⤵
  PID:8488
- C:\Windows\System\oiHFvWh.exe
  C:\Windows\System\oiHFvWh.exe
  2⤵
  PID:8504
- C:\Windows\System\RfzhJLj.exe
  C:\Windows\System\RfzhJLj.exe
  2⤵
  PID:8520
- C:\Windows\System\yqRkkaU.exe
  C:\Windows\System\yqRkkaU.exe
  2⤵
  PID:8536
- C:\Windows\System\icywzxS.exe
  C:\Windows\System\icywzxS.exe
  2⤵
  PID:8552
- C:\Windows\System\zlozxkg.exe
  C:\Windows\System\zlozxkg.exe
  2⤵
  PID:8568
- C:\Windows\System\MusuUiK.exe
  C:\Windows\System\MusuUiK.exe
  2⤵
  PID:8600
- C:\Windows\System\iTucsmA.exe
  C:\Windows\System\iTucsmA.exe
  2⤵
  PID:8616
- C:\Windows\System\YcXbbdA.exe
  C:\Windows\System\YcXbbdA.exe
  2⤵
  PID:8632
- C:\Windows\System\nOYSmaB.exe
  C:\Windows\System\nOYSmaB.exe
  2⤵
  PID:8652
- C:\Windows\System\ZxndUgi.exe
  C:\Windows\System\ZxndUgi.exe
  2⤵
  PID:8672
- C:\Windows\System\XNVFHpL.exe
  C:\Windows\System\XNVFHpL.exe
  2⤵
  PID:8688
- C:\Windows\System\zEQtmkX.exe
  C:\Windows\System\zEQtmkX.exe
  2⤵
  PID:8708
- C:\Windows\System\xLUkaeQ.exe
  C:\Windows\System\xLUkaeQ.exe
  2⤵
  PID:8728
- C:\Windows\System\DvCBlEB.exe
  C:\Windows\System\DvCBlEB.exe
  2⤵
  PID:8748
- C:\Windows\System\KjGXMRT.exe
  C:\Windows\System\KjGXMRT.exe
  2⤵
  PID:8764
- C:\Windows\System\JkbPBGT.exe
  C:\Windows\System\JkbPBGT.exe
  2⤵
  PID:8788
- C:\Windows\System\RTTHjlx.exe
  C:\Windows\System\RTTHjlx.exe
  2⤵
  PID:8808
- C:\Windows\System\jdegoSv.exe
  C:\Windows\System\jdegoSv.exe
  2⤵
  PID:8836
- C:\Windows\System\VhKVWIa.exe
  C:\Windows\System\VhKVWIa.exe
  2⤵
  PID:8864
- C:\Windows\System\amViscY.exe
  C:\Windows\System\amViscY.exe
  2⤵
  PID:8880
- C:\Windows\System\olCsfjZ.exe
  C:\Windows\System\olCsfjZ.exe
  2⤵
  PID:8896
- C:\Windows\System\lwMTULf.exe
  C:\Windows\System\lwMTULf.exe
  2⤵
  PID:8916
- C:\Windows\System\lPDXKNE.exe
  C:\Windows\System\lPDXKNE.exe
  2⤵
  PID:8948
- C:\Windows\System\UdzbprC.exe
  C:\Windows\System\UdzbprC.exe
  2⤵
  PID:8964
- C:\Windows\System\LWUHMLy.exe
  C:\Windows\System\LWUHMLy.exe
  2⤵
  PID:8980
- C:\Windows\System\KRVdqzx.exe
  C:\Windows\System\KRVdqzx.exe
  2⤵
  PID:9000
- C:\Windows\System\kWMiKWL.exe
  C:\Windows\System\kWMiKWL.exe
  2⤵
  PID:9024
- C:\Windows\System\vrkgMuF.exe
  C:\Windows\System\vrkgMuF.exe
  2⤵
  PID:9040
- C:\Windows\System\XtaHeKQ.exe
  C:\Windows\System\XtaHeKQ.exe
  2⤵
  PID:9060
- C:\Windows\System\gHckqsX.exe
  C:\Windows\System\gHckqsX.exe
  2⤵
  PID:9080
- C:\Windows\System\FCBtFel.exe
  C:\Windows\System\FCBtFel.exe
  2⤵
  PID:9100
- C:\Windows\System\BIaBYLJ.exe
  C:\Windows\System\BIaBYLJ.exe
  2⤵
  PID:9120
- C:\Windows\System\eQTbZiF.exe
  C:\Windows\System\eQTbZiF.exe
  2⤵
  PID:9136
- C:\Windows\System\chOteKP.exe
  C:\Windows\System\chOteKP.exe
  2⤵
  PID:9156
- C:\Windows\System\MTWqkeg.exe
  C:\Windows\System\MTWqkeg.exe
  2⤵
  PID:9172
- C:\Windows\System\fpwaHOK.exe
  C:\Windows\System\fpwaHOK.exe
  2⤵
  PID:9188
- C:\Windows\System\zrAnmTe.exe
  C:\Windows\System\zrAnmTe.exe
  2⤵
  PID:9212
- C:\Windows\System\qOzlfPx.exe
  C:\Windows\System\qOzlfPx.exe
  2⤵
  PID:7224
- C:\Windows\System\ldsLyjo.exe
  C:\Windows\System\ldsLyjo.exe
  2⤵
  PID:7188
- C:\Windows\System\MkxjkhN.exe
  C:\Windows\System\MkxjkhN.exe
  2⤵
  PID:8264
- C:\Windows\System\xnyvbNs.exe
  C:\Windows\System\xnyvbNs.exe
  2⤵
  PID:5480
- C:\Windows\System\nyjzEnV.exe
  C:\Windows\System\nyjzEnV.exe
  2⤵
  PID:8224
- C:\Windows\System\vpGoORG.exe
  C:\Windows\System\vpGoORG.exe
  2⤵
  PID:8304
- C:\Windows\System\zGTBVSJ.exe
  C:\Windows\System\zGTBVSJ.exe
  2⤵
  PID:8340
- C:\Windows\System\tyGwVrj.exe
  C:\Windows\System\tyGwVrj.exe
  2⤵
  PID:8376
- C:\Windows\System\yhBfrZI.exe
  C:\Windows\System\yhBfrZI.exe
  2⤵
  PID:8388
- C:\Windows\System\uIsRDQi.exe
  C:\Windows\System\uIsRDQi.exe
  2⤵
  PID:8436
- C:\Windows\System\HmjWlxE.exe
  C:\Windows\System\HmjWlxE.exe
  2⤵
  PID:8460
- C:\Windows\System\GztwImZ.exe
  C:\Windows\System\GztwImZ.exe
  2⤵
  PID:8476
- C:\Windows\System\VVkuReQ.exe
  C:\Windows\System\VVkuReQ.exe
  2⤵
  PID:8528
- C:\Windows\System\UPeaXYf.exe
  C:\Windows\System\UPeaXYf.exe
  2⤵
  PID:8612
- C:\Windows\System\suwcEry.exe
  C:\Windows\System\suwcEry.exe
  2⤵
  PID:8680
- C:\Windows\System\AlMxZXb.exe
  C:\Windows\System\AlMxZXb.exe
  2⤵
  PID:8580
- C:\Windows\System\zlMCTQO.exe
  C:\Windows\System\zlMCTQO.exe
  2⤵
  PID:8800
- C:\Windows\System\EzgsEPx.exe
  C:\Windows\System\EzgsEPx.exe
  2⤵
  PID:8576
- C:\Windows\System\WPkDUHV.exe
  C:\Windows\System\WPkDUHV.exe
  2⤵
  PID:8892
- C:\Windows\System\dOfceob.exe
  C:\Windows\System\dOfceob.exe
  2⤵
  PID:8736
- C:\Windows\System\JEiCHZX.exe
  C:\Windows\System\JEiCHZX.exe
  2⤵
  PID:8784
- C:\Windows\System\ndyNcZs.exe
  C:\Windows\System\ndyNcZs.exe
  2⤵
  PID:8872
- C:\Windows\System\wDsfdRJ.exe
  C:\Windows\System\wDsfdRJ.exe
  2⤵
  PID:8924
- C:\Windows\System\gFWiWjP.exe
  C:\Windows\System\gFWiWjP.exe
  2⤵
  PID:8932
- C:\Windows\System\yowjPGl.exe
  C:\Windows\System\yowjPGl.exe
  2⤵
  PID:8484
- C:\Windows\System\rCFmvER.exe
  C:\Windows\System\rCFmvER.exe
  2⤵
  PID:9008
- C:\Windows\System\YsQpFHQ.exe
  C:\Windows\System\YsQpFHQ.exe
  2⤵
  PID:9052
- C:\Windows\System\qUsJoVK.exe
  C:\Windows\System\qUsJoVK.exe
  2⤵
  PID:9096
- C:\Windows\System\AiKhyRp.exe
  C:\Windows\System\AiKhyRp.exe
  2⤵
  PID:9196
- C:\Windows\System\UscTOhu.exe
  C:\Windows\System\UscTOhu.exe
  2⤵
  PID:9116
- C:\Windows\System\uJIkdUb.exe
  C:\Windows\System\uJIkdUb.exe
  2⤵
  PID:9036
- C:\Windows\System\NadqdKm.exe
  C:\Windows\System\NadqdKm.exe
  2⤵
  PID:9184
- C:\Windows\System\DOsjxLX.exe
  C:\Windows\System\DOsjxLX.exe
  2⤵
  PID:8240
- C:\Windows\System\aWMCTgB.exe
  C:\Windows\System\aWMCTgB.exe
  2⤵
  PID:9072
- C:\Windows\System\dlYiCHL.exe
  C:\Windows\System\dlYiCHL.exe
  2⤵
  PID:8064
- C:\Windows\System\gTyNXwZ.exe
  C:\Windows\System\gTyNXwZ.exe
  2⤵
  PID:7584
- C:\Windows\System\lxQRqAs.exe
  C:\Windows\System\lxQRqAs.exe
  2⤵
  PID:8256
- C:\Windows\System\nkWBHLJ.exe
  C:\Windows\System\nkWBHLJ.exe
  2⤵
  PID:8420
- C:\Windows\System\jMkIQCF.exe
  C:\Windows\System\jMkIQCF.exe
  2⤵
  PID:8328
- C:\Windows\System\wXqvwps.exe
  C:\Windows\System\wXqvwps.exe
  2⤵
  PID:8444
- C:\Windows\System\efZXrMg.exe
  C:\Windows\System\efZXrMg.exe
  2⤵
  PID:8392
- C:\Windows\System\aulVTLT.exe
  C:\Windows\System\aulVTLT.exe
  2⤵
  PID:8724
- C:\Windows\System\LFsQMUQ.exe
  C:\Windows\System\LFsQMUQ.exe
  2⤵
  PID:8852
- C:\Windows\System\dvZXnpQ.exe
  C:\Windows\System\dvZXnpQ.exe
  2⤵
  PID:8596
- C:\Windows\System\zlBfiFO.exe
  C:\Windows\System\zlBfiFO.exe
  2⤵
  PID:8668
- C:\Windows\System\bakAocA.exe
  C:\Windows\System\bakAocA.exe
  2⤵
  PID:8828
- C:\Windows\System\NKqcldY.exe
  C:\Windows\System\NKqcldY.exe
  2⤵
  PID:8928
- C:\Windows\System\JgWLoMJ.exe
  C:\Windows\System\JgWLoMJ.exe
  2⤵
  PID:9088
- C:\Windows\System\ugRKbGK.exe
  C:\Windows\System\ugRKbGK.exe
  2⤵
  PID:9108
- C:\Windows\System\KrNUeDV.exe
  C:\Windows\System\KrNUeDV.exe
  2⤵
  PID:8236
- C:\Windows\System\rTRgSfc.exe
  C:\Windows\System\rTRgSfc.exe
  2⤵
  PID:8200
- C:\Windows\System\iOoUkLU.exe
  C:\Windows\System\iOoUkLU.exe
  2⤵
  PID:9016
- C:\Windows\System\iipkgmI.exe
  C:\Windows\System\iipkgmI.exe
  2⤵
  PID:9144
- C:\Windows\System\kqYjaMQ.exe
  C:\Windows\System\kqYjaMQ.exe
  2⤵
  PID:9148
- C:\Windows\System\mUXhfXG.exe
  C:\Windows\System\mUXhfXG.exe
  2⤵
  PID:8292
- C:\Windows\System\iEHrkKQ.exe
  C:\Windows\System\iEHrkKQ.exe
  2⤵
  PID:8608
- C:\Windows\System\LKnSUlO.exe
  C:\Windows\System\LKnSUlO.exe
  2⤵
  PID:8716
- C:\Windows\System\wtbJxzk.exe
  C:\Windows\System\wtbJxzk.exe
  2⤵
  PID:8848
- C:\Windows\System\vcaWblK.exe
  C:\Windows\System\vcaWblK.exe
  2⤵
  PID:8760
- C:\Windows\System\iwNSNos.exe
  C:\Windows\System\iwNSNos.exe
  2⤵
  PID:8512
- C:\Windows\System\bMgdIul.exe
  C:\Windows\System\bMgdIul.exe
  2⤵
  PID:8664
- C:\Windows\System\ppaVZeo.exe
  C:\Windows\System\ppaVZeo.exe
  2⤵
  PID:7912
- C:\Windows\System\TPdzCLf.exe
  C:\Windows\System\TPdzCLf.exe
  2⤵
  PID:9076
- C:\Windows\System\SiNQobM.exe
  C:\Windows\System\SiNQobM.exe
  2⤵
  PID:9164
- C:\Windows\System\mnrPKuj.exe
  C:\Windows\System\mnrPKuj.exe
  2⤵
  PID:8480
- C:\Windows\System\lINenSc.exe
  C:\Windows\System\lINenSc.exe
  2⤵
  PID:8592
- C:\Windows\System\IFDyqrn.exe
  C:\Windows\System\IFDyqrn.exe
  2⤵
  PID:8888
- C:\Windows\System\tFmjgIn.exe
  C:\Windows\System\tFmjgIn.exe
  2⤵
  PID:9020
- C:\Windows\System\UFZvZqF.exe
  C:\Windows\System\UFZvZqF.exe
  2⤵
  PID:8628
- C:\Windows\System\IiyzVGc.exe
  C:\Windows\System\IiyzVGc.exe
  2⤵
  PID:8696
- C:\Windows\System\JOIDGsv.exe
  C:\Windows\System\JOIDGsv.exe
  2⤵
  PID:8220
- C:\Windows\System\iNNzWTR.exe
  C:\Windows\System\iNNzWTR.exe
  2⤵
  PID:7992
- C:\Windows\System\cgGRZVq.exe
  C:\Windows\System\cgGRZVq.exe
  2⤵
  PID:9132
- C:\Windows\System\EWLyVSo.exe
  C:\Windows\System\EWLyVSo.exe
  2⤵
  PID:8860
- C:\Windows\System\iJQVmRz.exe
  C:\Windows\System\iJQVmRz.exe
  2⤵
  PID:8992
- C:\Windows\System\ISbESVJ.exe
  C:\Windows\System\ISbESVJ.exe
  2⤵
  PID:9152
- C:\Windows\System\tNNqnqq.exe
  C:\Windows\System\tNNqnqq.exe
  2⤵
  PID:8844
- C:\Windows\System\RQhCZMX.exe
  C:\Windows\System\RQhCZMX.exe
  2⤵
  PID:8332
- C:\Windows\System\OfzXyCl.exe
  C:\Windows\System\OfzXyCl.exe
  2⤵
  PID:8204
- C:\Windows\System\eqwSMnk.exe
  C:\Windows\System\eqwSMnk.exe
  2⤵
  PID:8496
- C:\Windows\System\leQjQFJ.exe
  C:\Windows\System\leQjQFJ.exe
  2⤵
  PID:8976
- C:\Windows\System\RINbViV.exe
  C:\Windows\System\RINbViV.exe
  2⤵
  PID:9224
- C:\Windows\System\wsERtsV.exe
  C:\Windows\System\wsERtsV.exe
  2⤵
  PID:9244
- C:\Windows\System\gnRSLJR.exe
  C:\Windows\System\gnRSLJR.exe
  2⤵
  PID:9268
- C:\Windows\System\PPHsYMr.exe
  C:\Windows\System\PPHsYMr.exe
  2⤵
  PID:9292
- C:\Windows\System\bIdDSXx.exe
  C:\Windows\System\bIdDSXx.exe
  2⤵
  PID:9308
- C:\Windows\System\SGIfGJX.exe
  C:\Windows\System\SGIfGJX.exe
  2⤵
  PID:9324
- C:\Windows\System\WHNaUsx.exe
  C:\Windows\System\WHNaUsx.exe
  2⤵
  PID:9340
- C:\Windows\System\YSAyVUO.exe
  C:\Windows\System\YSAyVUO.exe
  2⤵
  PID:9368
- C:\Windows\System\xYrSqMy.exe
  C:\Windows\System\xYrSqMy.exe
  2⤵
  PID:9384
- C:\Windows\System\iaLUiIR.exe
  C:\Windows\System\iaLUiIR.exe
  2⤵
  PID:9408
- C:\Windows\System\LaiTorS.exe
  C:\Windows\System\LaiTorS.exe
  2⤵
  PID:9428
- C:\Windows\System\jtSOEHq.exe
  C:\Windows\System\jtSOEHq.exe
  2⤵
  PID:9452
- C:\Windows\System\fxVNntg.exe
  C:\Windows\System\fxVNntg.exe
  2⤵
  PID:9468
- C:\Windows\System\VTAfFGf.exe
  C:\Windows\System\VTAfFGf.exe
  2⤵
  PID:9492
- C:\Windows\System\xDudiAQ.exe
  C:\Windows\System\xDudiAQ.exe
  2⤵
  PID:9508
- C:\Windows\System\vQfPeIt.exe
  C:\Windows\System\vQfPeIt.exe
  2⤵
  PID:9532
- C:\Windows\System\GJOiwJE.exe
  C:\Windows\System\GJOiwJE.exe
  2⤵
  PID:9552
- C:\Windows\System\EULkgpP.exe
  C:\Windows\System\EULkgpP.exe
  2⤵
  PID:9572
- C:\Windows\System\UecyNpH.exe
  C:\Windows\System\UecyNpH.exe
  2⤵
  PID:9592
- C:\Windows\System\pCygVsm.exe
  C:\Windows\System\pCygVsm.exe
  2⤵
  PID:9612
- C:\Windows\System\ZKuajvP.exe
  C:\Windows\System\ZKuajvP.exe
  2⤵
  PID:9632
- C:\Windows\System\myBQAHM.exe
  C:\Windows\System\myBQAHM.exe
  2⤵
  PID:9652
- C:\Windows\System\AyKWFBI.exe
  C:\Windows\System\AyKWFBI.exe
  2⤵
  PID:9668
- C:\Windows\System\PmfhkZQ.exe
  C:\Windows\System\PmfhkZQ.exe
  2⤵
  PID:9684
- C:\Windows\System\GzdGswN.exe
  C:\Windows\System\GzdGswN.exe
  2⤵
  PID:9708
- C:\Windows\System\nOAVHSj.exe
  C:\Windows\System\nOAVHSj.exe
  2⤵
  PID:9724
- C:\Windows\System\hoUqJAx.exe
  C:\Windows\System\hoUqJAx.exe
  2⤵
  PID:9744
- C:\Windows\System\PypcVrX.exe
  C:\Windows\System\PypcVrX.exe
  2⤵
  PID:9780
- C:\Windows\System\PTdUmxe.exe
  C:\Windows\System\PTdUmxe.exe
  2⤵
  PID:9804
- C:\Windows\System\Pgbssdi.exe
  C:\Windows\System\Pgbssdi.exe
  2⤵
  PID:9820
- C:\Windows\System\MaVqEPy.exe
  C:\Windows\System\MaVqEPy.exe
  2⤵
  PID:9840
- C:\Windows\System\MWQwqCt.exe
  C:\Windows\System\MWQwqCt.exe
  2⤵
  PID:9860
- C:\Windows\System\bwXoBzR.exe
  C:\Windows\System\bwXoBzR.exe
  2⤵
  PID:9880
- C:\Windows\System\NbeObtW.exe
  C:\Windows\System\NbeObtW.exe
  2⤵
  PID:9904
- C:\Windows\System\WAQeKCF.exe
  C:\Windows\System\WAQeKCF.exe
  2⤵
  PID:9924
- C:\Windows\System\ywLtXbZ.exe
  C:\Windows\System\ywLtXbZ.exe
  2⤵
  PID:9940
- C:\Windows\System\RunfCUh.exe
  C:\Windows\System\RunfCUh.exe
  2⤵
  PID:9956
- C:\Windows\System\OqgwjjF.exe
  C:\Windows\System\OqgwjjF.exe
  2⤵
  PID:9972
- C:\Windows\System\zaLriEM.exe
  C:\Windows\System\zaLriEM.exe
  2⤵
  PID:9992
- C:\Windows\System\cbppCDa.exe
  C:\Windows\System\cbppCDa.exe
  2⤵
  PID:10012
- C:\Windows\System\kCiMWDr.exe
  C:\Windows\System\kCiMWDr.exe
  2⤵
  PID:10040
- C:\Windows\System\umgzeMo.exe
  C:\Windows\System\umgzeMo.exe
  2⤵
  PID:10060
- C:\Windows\System\ttTvzWM.exe
  C:\Windows\System\ttTvzWM.exe
  2⤵
  PID:10080
- C:\Windows\System\eZmQPRd.exe
  C:\Windows\System\eZmQPRd.exe
  2⤵
  PID:10096
- C:\Windows\System\vtloqut.exe
  C:\Windows\System\vtloqut.exe
  2⤵
  PID:10120
- C:\Windows\System\GSjfWPy.exe
  C:\Windows\System\GSjfWPy.exe
  2⤵
  PID:10136
- C:\Windows\System\CUItOoy.exe
  C:\Windows\System\CUItOoy.exe
  2⤵
  PID:10164
- C:\Windows\System\zvxqpOJ.exe
  C:\Windows\System\zvxqpOJ.exe
  2⤵
  PID:10184
- C:\Windows\System\hshXsEm.exe
  C:\Windows\System\hshXsEm.exe
  2⤵
  PID:10204
- C:\Windows\System\KYYtkNB.exe
  C:\Windows\System\KYYtkNB.exe
  2⤵
  PID:10220
- C:\Windows\System\tUHRrfk.exe
  C:\Windows\System\tUHRrfk.exe
  2⤵
  PID:10236
- C:\Windows\System\SlXQXNX.exe
  C:\Windows\System\SlXQXNX.exe
  2⤵
  PID:9252
- C:\Windows\System\bNNtiNL.exe
  C:\Windows\System\bNNtiNL.exe
  2⤵
  PID:9232
- C:\Windows\System\nOBjxkg.exe
  C:\Windows\System\nOBjxkg.exe
  2⤵
  PID:8944
- C:\Windows\System\FIGFTcP.exe
  C:\Windows\System\FIGFTcP.exe
  2⤵
  PID:9348
- C:\Windows\System\XHmLKDM.exe
  C:\Windows\System\XHmLKDM.exe
  2⤵
  PID:9392
- C:\Windows\System\ZxHZJuo.exe
  C:\Windows\System\ZxHZJuo.exe
  2⤵
  PID:9420
- C:\Windows\System\HMTQzmR.exe
  C:\Windows\System\HMTQzmR.exe
  2⤵
  PID:9436
- C:\Windows\System\FNXaPwY.exe
  C:\Windows\System\FNXaPwY.exe
  2⤵
  PID:9488
- C:\Windows\System\VvIoUKP.exe
  C:\Windows\System\VvIoUKP.exe
  2⤵
  PID:9520
- C:\Windows\System\kPQmvOE.exe
  C:\Windows\System\kPQmvOE.exe
  2⤵
  PID:9528
- C:\Windows\System\oBTsuDv.exe
  C:\Windows\System\oBTsuDv.exe
  2⤵
  PID:9560
- C:\Windows\System\SZuYaYt.exe
  C:\Windows\System\SZuYaYt.exe
  2⤵
  PID:9588
- C:\Windows\System\vGfbUcg.exe
  C:\Windows\System\vGfbUcg.exe
  2⤵
  PID:9624
- C:\Windows\System\mVxcgsQ.exe
  C:\Windows\System\mVxcgsQ.exe
  2⤵
  PID:9676
- C:\Windows\System\gsKTueN.exe
  C:\Windows\System\gsKTueN.exe
  2⤵
  PID:9644
- C:\Windows\System\DxLSxKh.exe
  C:\Windows\System\DxLSxKh.exe
  2⤵
  PID:9740
- C:\Windows\System\IskIOxZ.exe
  C:\Windows\System\IskIOxZ.exe
  2⤵
  PID:1008
- C:\Windows\System\ddmSQJr.exe
  C:\Windows\System\ddmSQJr.exe
  2⤵
  PID:9776
- C:\Windows\System\bLQVJEQ.exe
  C:\Windows\System\bLQVJEQ.exe
  2⤵
  PID:9812
- C:\Windows\System\FFySKWk.exe
  C:\Windows\System\FFySKWk.exe
  2⤵
  PID:9868
- C:\Windows\System\UvcdTnY.exe
  C:\Windows\System\UvcdTnY.exe
  2⤵
  PID:9896
- C:\Windows\System\ukngyPa.exe
  C:\Windows\System\ukngyPa.exe
  2⤵
  PID:9920
- C:\Windows\System\GuVPzxj.exe
  C:\Windows\System\GuVPzxj.exe
  2⤵
  PID:9980
- C:\Windows\System\wmMvwEA.exe
  C:\Windows\System\wmMvwEA.exe
  2⤵
  PID:10004
- C:\Windows\System\KCyGsQl.exe
  C:\Windows\System\KCyGsQl.exe
  2⤵
  PID:10028
- C:\Windows\System\wWmwsqC.exe
  C:\Windows\System\wWmwsqC.exe
  2⤵
  PID:10076
- C:\Windows\System\IjAHeUO.exe
  C:\Windows\System\IjAHeUO.exe
  2⤵
  PID:10112
- C:\Windows\System\eeMwOIS.exe
  C:\Windows\System\eeMwOIS.exe
  2⤵
  PID:10088
- C:\Windows\System\OycEinv.exe
  C:\Windows\System\OycEinv.exe
  2⤵
  PID:10148
- C:\Windows\System\iWNJbdK.exe
  C:\Windows\System\iWNJbdK.exe
  2⤵
  PID:8208
- C:\Windows\System\RXxbOAP.exe
  C:\Windows\System\RXxbOAP.exe
  2⤵
  PID:10228
- C:\Windows\System\clrVkpD.exe
  C:\Windows\System\clrVkpD.exe
  2⤵
  PID:9316
- C:\Windows\System\QlxUuCm.exe
  C:\Windows\System\QlxUuCm.exe
  2⤵
  PID:9220
- C:\Windows\System\tTUmCEu.exe
  C:\Windows\System\tTUmCEu.exe
  2⤵
  PID:9352
- C:\Windows\System\exXrGHv.exe
  C:\Windows\System\exXrGHv.exe
  2⤵
  PID:9364
- C:\Windows\System\eYFFtHB.exe
  C:\Windows\System\eYFFtHB.exe
  2⤵
  PID:9400
- C:\Windows\System\VXInVfw.exe
  C:\Windows\System\VXInVfw.exe
  2⤵
  PID:9540
- C:\Windows\System\RZBkLAD.exe
  C:\Windows\System\RZBkLAD.exe
  2⤵
  PID:9648
- C:\Windows\System\BePGiqi.exe
  C:\Windows\System\BePGiqi.exe
  2⤵
  PID:9736
- C:\Windows\System\ISXLUlR.exe
  C:\Windows\System\ISXLUlR.exe
  2⤵
  PID:9828
- C:\Windows\System\jEhXznL.exe
  C:\Windows\System\jEhXznL.exe
  2⤵
  PID:9608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EIALYjM.exe

Filesize
6.0MB

MD5
537858d870f767867a57abd98137ae86

SHA1
f80e47032f766b708a7592a123b9eca7d71748dd

SHA256
45317d628a0e7bd223137628802447bd8ae441e1152cd2cf3e2e68a38a179da4

SHA512
796cd7114be945363fced9fee496f2569bfcf221184e3f14f581a031e7a9272223b579d59dfa0750516d085df2e9341d4eee2c39bdc0f12e0d6df763da3f9301

Download Submit
C:\Windows\system\LQzXfQF.exe

Filesize
6.0MB

MD5
4308a92a5ac418378bfff83caa9355df

SHA1
4d022135e7039b0c91e0e09612f214a04b97be31

SHA256
f3241f67d729dab03b7421b851dba4f246772ca0c6b71624e98154cebb26b71a

SHA512
00a20456f61192eabb28ed9c5d4528a22d423086ec85300409fba1ac404c78c018171c5f23d391cc89ac507a6db668229adbd61cf9fea929bcabe08285c28650

Download Submit
C:\Windows\system\OicVLSZ.exe

Filesize
6.0MB

MD5
0181b1208c8e4de73a60a548927eb492

SHA1
2b752a35bb0f6b2e6438d40d67ebc13b88e9b040

SHA256
34b3de1236da56501622b34b4e53194b3d8abb59e3135e8d5a2247e06bc0808a

SHA512
f2e106f959dcc56b7148ec921f4f5ad458a4e3c694fb8acae5b6a7cf9d88fec793e63ccc44c0c389ddcc9131932e4d72b7c96436a166d3288b80aba53c452b96

Download Submit
C:\Windows\system\PLBpgtQ.exe

Filesize
6.0MB

MD5
df8bb8b9f8770ea9939389c038e4d8a3

SHA1
b64d4f934523697a4f48f8a7ef7b4d5a0e1a676d

SHA256
6cc03262dd69b84af2f2da46514748f4794d19fb8bcb84730e0dc209e30700b2

SHA512
e75c2443f14f65060b17e26d251e033752e155172ba70b6e329a8b8fc4088a605b88929aeafa9bee04645c49e8355ec7138cb1b220bdc9a12e15e94593efbd21

Download Submit
C:\Windows\system\RQnrslS.exe

Filesize
6.0MB

MD5
e4de99295a057ff9a114d8ae0a71516e

SHA1
7190c3029933204665b7884755421623f7c088ea

SHA256
d38a08c3d0892e9126f28844e9ba4f8446dac9580f8554274c569a84059c58c7

SHA512
36bdd7d7686bdd4729929c1c57c661ef437b78e0981f16ffc1480dec1164f3a4c8730bf576ffffa339383f7a0b83b84c904446eefcd13e8fd70810013df66553

Download Submit
C:\Windows\system\XufTXCk.exe

Filesize
6.0MB

MD5
97ec799fa87e40db2ff2a1da232c622e

SHA1
7e93ee4fd796c224f8624b146346e98a8182fbef

SHA256
e5d9ac9cdd836c894f81f394ff8882ad09afb2e46b0aca84d4c1d29481e21012

SHA512
825db1918bcfc427dd4356bb02480f0ba1270cf707524183b375517224960af387eaecd95ecd365497ddcfe4e1736945e258675310e4f82176aa945e7110af05

Download Submit
C:\Windows\system\cUFdoFw.exe

Filesize
6.0MB

MD5
893f0710d1c5a799949ff057fe762bd0

SHA1
393f1f6fc701ce8f42bc3555d0b012bc5a684e2b

SHA256
b5c9dc6abcf5b4adc87d5df3ddfde6ebe45442cfedc63cd00f008a87167d5663

SHA512
de2eb4a89e16e97d5668b3c2b7f94ba4cf23d888dfc60ca97669b1945aa650e97b168f6ad17350ce866759bacd34a05f790fbfd02458dbb8507f1c679307969c

Download Submit
C:\Windows\system\dBcgxNf.exe

Filesize
6.0MB

MD5
09b30c6cd8156d399a4ab350cbda1ed6

SHA1
4906b48ef6b93dfc7b3eeabf5428095e9f1409da

SHA256
7f4bf8d0a513d7c228e4ee416fea5aeb0ff99c9ae9b60f2e51bef57d85231d36

SHA512
5c38b6adfa4b970f0dc071a46feb7c07116d7ff66db18987c21c8a607e225c78c01fb73de829cdda7c272cbc40953fcb7fae40797f498f42829f81aa4c5b2463

Download Submit
C:\Windows\system\fgwkbuI.exe

Filesize
6.0MB

MD5
e4415c0279bc4a6cd8310778bc1b41b3

SHA1
c9f8fcb6253051c97ad14e1999cd9240827b3978

SHA256
c8da294b47133d92c2d1d19092d3dde0f87a89ae9ed1c3e4cbf2d32423f4ddf4

SHA512
8489abc1d296c38d84cc050377934a3a02308f2e5d3f19149a8a663fcfdf27258db8e1deeec5c711e2d19811a283d5639b7eee5130a47ffad0b4ede6216abe4d

Download Submit
C:\Windows\system\ftKAmnr.exe

Filesize
6.0MB

MD5
b595b2f236a820bbebef16ad98e1d3e8

SHA1
cb53d153e5e4811a6e00e228640be7e8b2db4076

SHA256
3f425876aad983c568c9168cd8679be76b0e745b7d54bd68879291deb0032707

SHA512
244db52d126c845d7e34b0e95075ae736b84c3f5bcaee218080ac3e2705d451ebb78545ab3fafe167e474924d8dac6db79f0ac39ed40cb69b58b8ee33c4f6f67

Download Submit
C:\Windows\system\iPVZwSs.exe

Filesize
6.0MB

MD5
f3ab6018521b4ade9c03dfa2cfd4b067

SHA1
f15b7677d1e17595dd42fd2a8419846aabd79cf3

SHA256
8982770637f4e36a51baa8a44240899ee1eb558b5555c47630d1f2cdaad11c75

SHA512
878ee57f4464b20cde0f3453dd400c3bca402b83a9cf1d554ebab1ff9793d639640df21d4cfd8779d60299ad804731dbf5dc009260b76092c2e125386cf9ff74

Download Submit
C:\Windows\system\iZgItQx.exe

Filesize
6.0MB

MD5
241d2817d0eb8c693ae66eedc73260d4

SHA1
cecd97a0ffffd23acabd649d4c3313abe4ff9e35

SHA256
6c1e238bf3458eb73fb034171907fe8668b019089ec48e0a9c6e7eff64ae329a

SHA512
d4655b50bb219a824071913d55abb964bfb13579a3e29d7bfcba9a6dfb802823616e5d3e1f7983191d56df7090903caa951d203b2755a97c1082ece4af22fa19

Download Submit
C:\Windows\system\jUCrlfF.exe

Filesize
6.0MB

MD5
9f384724c600fbeac60d6b057ba4dcc9

SHA1
27a67b79eaa7e75be174b4b509b76d36f3522b27

SHA256
c2f5da71a2905e9b7a927ff88e6871085f36529a065fc4dc1f7c55ed9119de81

SHA512
0299830c9889b11d76192a9ca113d06ccd6f8ba6828d265bd7345657532aaa75f29819b8b876683bcb54415c81828cea777cbf8177ec5d02509868af2bbaaf82

Download Submit
C:\Windows\system\nnUUdYT.exe

Filesize
6.0MB

MD5
80af66619def81ae218b48ad71e7bf75

SHA1
ecba1dd51c49a84689ae8f96c8be39531a25a32e

SHA256
1603965b666177e8639d8ea72a02015ae0fdb0b901d43b26a65041e03aeb9adf

SHA512
186a4d09dca35f71c09de8efd3d83ce2c615dcf214a5b2ebdf64883dfeab20d19c666c001b7f1d357b69e1d23a64fe749912a00f97eaa2eb7f4280d95af2307b

Download Submit
C:\Windows\system\oeqlQxQ.exe

Filesize
6.0MB

MD5
5961cd8be7bb6637a27a714cfe8f8888

SHA1
fb899019e03bb5737c92ea8e6333aab0ee31481c

SHA256
b7ff34d704a0107335c163e7a626626486ebd981debca530e1adf1d98f27544b

SHA512
46a5255d5c1bcb404c592599f3572b489ca33d5cc28c002b26df06179a4b5ddc48c109570c0669fa08e3cff2622197be5eb1d574622e88171bcc45ba5cbc57dd

Download Submit
C:\Windows\system\omaHLbR.exe

Filesize
6.0MB

MD5
342827f87abafff11d9d9330ce4ea92e

SHA1
51306c744f0db0e03933dd381b180d62729ea1ff

SHA256
26b27c1790924a6328225b606a35402dcab4265d0e671b62047afc10f618db48

SHA512
b9a770dd5e80892b1134b19427c6fee082a6858eb72b384ee8b53caac8ad46fb8e55b621174d2048bd8561d90fe758c44143d2c1cbaee1fca6f4a4c295bfaf76

Download Submit
C:\Windows\system\pKAquZv.exe

Filesize
6.0MB

MD5
c307659c76ef10e9e9240aa97a12ab7c

SHA1
7c3f82a636b7dbf3c9ebefc1a509f8d0f789e7f0

SHA256
f0160d7a0a87efef9a5bda9465f5e7e62b9e5671408489cec735423278b06e7c

SHA512
08e77ceb5953bbeb5e3517264a1467265cf3260c7e7477a65538be0e35a4199a18ebf17f087bc23da20bdae2ba8b970dbddd751fd4d28bf41d85d5edeb5d5cb1

Download Submit
C:\Windows\system\rnjSgGA.exe

Filesize
6.0MB

MD5
5828aaca321bd0f3ad441ea735b883c6

SHA1
0e4390a85559f8ae9e9c0f915a17d6ed3e89fe9e

SHA256
1f06d4f917bcd14c1b913a4e4411d21abf72e11b5cdd5a854c46ceae676eed8e

SHA512
415563a0d2a64875ae7468cd1a283f4e8ac0e0107f20faa9037ef5c39be2619a11ebe9f51388c8d8a90bd2a8007fe4b6e3636adf5200f96cf5459c4e9d954800

Download Submit
C:\Windows\system\uSnbYdY.exe

Filesize
6.0MB

MD5
2eb4579ebd09071f1576fe44af6cd451

SHA1
13b05079729a3f6a6ee01c3c1fa43c309bfc7d38

SHA256
c19e41f541f5e7d7fc3c47c6f089d07338d26a746a73b13cddc8011bc6bdaae4

SHA512
592ed68cb8fc40d7229646e0475bb66b24dd9380e96777201a932e9d8e562ba1824905fd940d4bf00b9581b46f3de851590c74e66f58335c281cde240c2e1333

Download Submit
C:\Windows\system\vVVhXHB.exe

Filesize
6.0MB

MD5
58019a43ee1765ed2e941aea70ef5476

SHA1
655f26431ff88af39d5c1403adea17074ec1c189

SHA256
52ab03f3884fbc18e16b2707a5e20aff70f72f28cde6f410d423e8e5da5234ae

SHA512
682df56b0ff4c2d3d692179df5f100297322902eb9b1bd98188a4b6663d922e096647bb5fc5b7e1becb97d12677b3185870e2fb8a6cea9e0c73848fa183fb31f

Download Submit
C:\Windows\system\wMwosgW.exe

Filesize
6.0MB

MD5
f8f29d46f048703c5ce68638ade8bb3d

SHA1
033f59f48029ef1441bc15888fa11e1cbab29a6a

SHA256
3cab58c5cd3e376941833d624c3e0fc03ca2cb0fc9c24f798b8917341414efa5

SHA512
f00174b491a63a74a84c08f72aacd3f8d26aa7564f8862f11dcdad3648b0fc403291a4c5102f2c3db518e824916a43a9c944f0e85791d568776484277b19f929

Download Submit
C:\Windows\system\yzYbgpH.exe

Filesize
6.0MB

MD5
d08382191542e8601c41a9623d39a645

SHA1
943bef72b7e959723a13eda588db9efe4fd86dc0

SHA256
920901f4a33d6be773dbacbf1fb21850e11de905eb0cc43337664e44f600f1d8

SHA512
276292b70afcd31c42501bfca17858bb43ba3e7b298114e66626d78e55aa37bbb5c4e0004c8092abc21b7a4f61d57132e012606e501eec95f94c7be541c9759f

Download Submit
\Windows\system\BuTcpTr.exe

Filesize
6.0MB

MD5
953505ce1ba6679c7403541ffc32b4e9

SHA1
5820f92d6b61e23b7dae1d026c3590c2fb785496

SHA256
6a5fe280bd4c4e4b36f864ab1f328604da81215c7ff0f6a31662c21793e733cc

SHA512
3c671a4ac74d66dd10ed2b11d37b16f36d05e1b49218466d1659ccebe1f5d94f0bfdb7053e714e386fe1f115ec28df76d19fa9f5f187f65deebc3e54cf1c563a

Download Submit
\Windows\system\MlOdFjj.exe

Filesize
6.0MB

MD5
a2a638b8a829147c64ae070d67fefb35

SHA1
55ac16d1e59e18263d660c263007f7d2d2e1f03f

SHA256
026d7a53be0f81fe87004c6db932ecd2d66336568d9dfea96567578db86b0e07

SHA512
8e79d598038011b381b18d2712e4148d983430a900388f18802222101ec2ab5b6664bd68a4adad9d844acf5c4c168c0a04c2e47096e688fad7cbd238c0b36c5f

Download Submit
\Windows\system\PrQeWTc.exe

Filesize
6.0MB

MD5
6960bec46e65642e031b9d65db188cd7

SHA1
d70e23cd42e11f04c6b703b32a15f6f3bfd1c3e2

SHA256
d8622285cff100993ac0dc5c487222b41073d972ad67f06f0c0da717bd0452f9

SHA512
643cc23ee5fcc25c3fb8cc9302981d38ce4da046861182d06832c73ca141373996d65421df8236029b9661b619c7f31e8bc7b2f9533e2390ed4b74d285361056

Download Submit
\Windows\system\VBylwRC.exe

Filesize
6.0MB

MD5
72411f512e6f6a1cb27c9137a0cde994

SHA1
6d8095b0a0b6bdd145f34f10a124e4a8a0347a62

SHA256
1cd0d2b74eb3920f172fb0b772848f91d59bc6196bb4622859003d268b33691a

SHA512
7890138f7c320cd9f8d2f95fb3bf148927b1549cafb6acc6ec6d3c926a0cd00944fcf54986a3a5dec763040da2ecb838251f1f49051fe7d4df0bd3d0864aad92

Download Submit
\Windows\system\clRvrfA.exe

Filesize
6.0MB

MD5
04994879fbb5a4f15f910bdbb005d05a

SHA1
930d6aa9b4c62d749d55926722646d1e93f81327

SHA256
e403dff85b48e2a22e622915293ac116fc0f196be094770420886bbf9e3c64f3

SHA512
21837a6a794e8e5781c4392d61a157f77c41288daeb16b8f929c7f8552e7987dad030f6e4a02b410cfdad08fe061bd8040637335f8b8c571df91eb08d7e95e6a

Download Submit
\Windows\system\efUDNZa.exe

Filesize
6.0MB

MD5
bde32be1af5a19d36c20c5e7450eb725

SHA1
0e368b6f1105815794d6f2e5c86b87135ba3182d

SHA256
634d41649b2286871fc907a28f0589b2c155511b1b0e7eb7c56bbf534063b4bf

SHA512
ccdabd4df25cac4faaa17843be516ec9802278c66710c8a0bab339013e87557d4727c21ab8a826feacea1573c2ddf75b49b448621365d78c2e1a4d217014c60d

Download Submit
\Windows\system\fgbPpik.exe

Filesize
6.0MB

MD5
4af8e4cfd7ff4d9be0c5423ae6d87cf2

SHA1
33d025cf15d84304e756cae7ef12f1b7956945fb

SHA256
3500bf1a98d630b4240687f0220a654beac0fe5f10d043b5b62dab0bf087d5fe

SHA512
b8c0b85d24d8260cd947e2b547a049624f9cafe3f3d866f4d5de2adf73d4a4cf0e3de1bd6fbfd7e4c06d56e51aedb5eb3616d0dea9f9205db874c19f76945c0e

Download Submit
\Windows\system\ocnoDWf.exe

Filesize
6.0MB

MD5
0f596e43327ace6d2fe667f11ddc1cfd

SHA1
3c2b87df6474192a40169ac2248d9b9190a52bc8

SHA256
633a399d3ca2d18fa0855233134bfd82ed9783fc906088d420c4158a71d07c75

SHA512
ea459da9dd8598764701d5fcc08a9afeaaabcc3b5d986338604f7e9b26c3e74c919f10f21b886b16e029ef512d8f5b8f2bc4dde7d6a545daa84163e624f039af

Download Submit
\Windows\system\pfTBVcm.exe

Filesize
6.0MB

MD5
9f6628930be065019d8bba6b81a5b389

SHA1
3b1b9b78126372d8a8b451bfcfe07c7fec74aa9a

SHA256
e8b62d2481e8df34b132479435723392c3d2367c660b36f715003412be0237e8

SHA512
585f5354035d410747932fa9635841f48c69a8fe12e65ed9a350751b9ac027ef9ca4659dea56e4f56aa57a429834b6e8e92d60377d1c3f08c464676799765f94

Download Submit
\Windows\system\ygeauzB.exe

Filesize
6.0MB

MD5
6997c49d565187ae6a929d86df5cc223

SHA1
3a5833a2874bc9becabb11fce4beea805d694fef

SHA256
bd07406375b74372bc156a8310cb607f0b087c89059b71124a74d8dbdad0422e

SHA512
67b3905d7f63da361c7c8f125ae832709c3773efb46df9719879191635d7ffea6b0ba19384c331eadad9afff4fcf95044b1508028dce77f8f6eb76c2d6b274b6

Download Submit
memory/576-34-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/576-4025-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/1648-26-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1648-4024-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1992-551-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/1992-313-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/1992-100-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/1992-130-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/1992-87-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1992-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/1992-71-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/1992-62-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/1992-81-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1992-59-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/1992-47-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/1992-15-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1992-103-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/1992-111-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/1992-24-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/1992-0-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1992-92-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/1992-69-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/1992-709-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/1992-728-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1992-954-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/1992-1183-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/1992-1182-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/1992-963-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/1992-950-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-4021-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-14-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-107-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-4022-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-12-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2472-61-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2472-4028-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-102-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2640-4031-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2704-72-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-4029-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-99-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-4032-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-65-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-4026-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-97-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-4033-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-78-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-4030-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-232-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2932-4023-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2932-28-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2956-4027-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2956-556-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2956-52-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download