cobaltstrike | 3b7be88a10460d40251e206f63429e460aafe1f61035c3c02d33f7de2294091b

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
27/01/2025, 05:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b4ae671a519e114a99f025840580536f
SHA1

ab39598e168a2d7e6296363984d0bc5c1f18b1da
SHA256

3b7be88a10460d40251e206f63429e460aafe1f61035c3c02d33f7de2294091b
SHA512

5e5bd0478e60e798d06d98a129b96ca8d1ee1d26663e18105337bb31bbf59572b71a490b5f37960da88eee9baf8ee3cd9b2012fa8bc40514fd643e0877c6e812
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUx:T+q56utgpPF8u/7x

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120f9-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d71-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016e1d-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017342-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017355-33.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f57-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-74.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c0b-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2b9-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a05a-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a033-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f71-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d69-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019931-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019665-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a020-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a0-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-87.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-73.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-65.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191d1-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d5c-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cd5-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-121.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173a3-48.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001739f-39.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2280-0-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/files/0x00080000000120f9-6.dat	xmrig
behavioral1/files/0x0008000000016d71-10.dat	xmrig
behavioral1/files/0x0008000000016e1d-11.dat	xmrig
behavioral1/memory/2784-22-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/files/0x0008000000017342-23.dat	xmrig
behavioral1/memory/2704-20-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2708-16-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x0007000000017355-33.dat	xmrig
behavioral1/memory/2928-36-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2280-50-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c8-60.dat	xmrig
behavioral1/files/0x0005000000019f57-146.dat	xmrig
behavioral1/files/0x00050000000195cc-74.dat	xmrig
behavioral1/files/0x0005000000019c0b-165.dat	xmrig
behavioral1/memory/2552-235-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2344-688-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/616-954-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x000500000001a2b9-190.dat	xmrig
behavioral1/files/0x000500000001a05a-185.dat	xmrig
behavioral1/files/0x000500000001a033-180.dat	xmrig
behavioral1/files/0x0005000000019f71-171.dat	xmrig
behavioral1/files/0x0005000000019d69-169.dat	xmrig
behavioral1/files/0x0005000000019cfc-167.dat	xmrig
behavioral1/files/0x0005000000019bf0-163.dat	xmrig
behavioral1/files/0x0005000000019931-161.dat	xmrig
behavioral1/files/0x0005000000019665-158.dat	xmrig
behavioral1/files/0x000500000001a020-174.dat	xmrig
behavioral1/files/0x0005000000019bec-115.dat	xmrig
behavioral1/memory/1932-107-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/files/0x00050000000196a0-105.dat	xmrig
behavioral1/files/0x0005000000019624-95.dat	xmrig
behavioral1/files/0x00050000000195d0-87.dat	xmrig
behavioral1/files/0x00050000000195e0-85.dat	xmrig
behavioral1/memory/2968-76-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ce-73.dat	xmrig
behavioral1/files/0x00050000000195ca-65.dat	xmrig
behavioral1/memory/2344-58-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2280-57-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x00070000000191d1-55.dat	xmrig
behavioral1/files/0x0005000000019d5c-138.dat	xmrig
behavioral1/files/0x0005000000019cd5-131.dat	xmrig
behavioral1/files/0x0005000000019bf2-121.dat	xmrig
behavioral1/memory/2280-120-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2280-111-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/616-101-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/444-83-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2708-52-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2628-51-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2552-41-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/files/0x00070000000173a3-48.dat	xmrig
behavioral1/files/0x000700000001739f-39.dat	xmrig
behavioral1/memory/2988-29-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2928-3549-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2988-3557-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2704-3550-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2784-3577-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2552-3594-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2708-3575-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/616-4068-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2628-4067-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/1932-4066-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2968-4065-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2344-4073-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2708	BKanPaw.exe
2784	pbxjDFl.exe
2704	akTkbGH.exe
2988	xnNKBtA.exe
2928	AGWaZne.exe
2552	yWYDXCt.exe
2628	pwWOkOr.exe
2344	Dqpekov.exe
2968	slXPdeU.exe
444	YpilwmP.exe
616	iJocBOI.exe
1932	FUKvLKu.exe
700	qLEbION.exe
2328	NvzpHUM.exe
2904	EouyPWJ.exe
2816	otTIyMc.exe
556	ZpmaboU.exe
2332	xRwAmXE.exe
1568	FDjtztm.exe
2276	IfNmccR.exe
2380	ZuMkntV.exe
1160	jJMkuSJ.exe
2932	OxftgGv.exe
2360	eaEgXFx.exe
2468	zCeYSWR.exe
796	yLAbNrw.exe
1760	zPxlxQw.exe
1876	VNJwJxo.exe
2188	xfKNhCz.exe
1348	xOlASJW.exe
1108	bvhVZZT.exe
1716	caVfYvx.exe
920	JsjaIdS.exe
2736	JpFjDsO.exe
2976	FgCtQWa.exe
2104	liDbCHJ.exe
1564	IRtRLia.exe
2728	yLEcqHQ.exe
1972	YWlSsTY.exe
1980	rmcwilc.exe
2636	iYANoJo.exe
1196	XNpHYQl.exe
1904	sMQeyxd.exe
308	JnwsHdw.exe
2652	CYhbiMI.exe
2304	vtwqofK.exe
2248	MmXUIsH.exe
2980	mVnbNbE.exe
1092	MhvjVuY.exe
1664	ufTcMNw.exe
1520	ZQfjqJE.exe
3056	pGhXWtq.exe
2060	XJUCyXj.exe
1616	SeEfRel.exe
1720	qhDUWnw.exe
2684	UpPOZLH.exe
2564	IlMFvKU.exe
2760	tLrZYMY.exe
2172	sUtbqjw.exe
2624	TCkoWHV.exe
1252	oKCvcBT.exe
1208	psfINDT.exe
2804	vEyycZY.exe
2520	jfHthCi.exe

Loads dropped DLL 64 IoCs

pid	Process
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2280-0-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x00080000000120f9-6.dat	upx
behavioral1/files/0x0008000000016d71-10.dat	upx
behavioral1/files/0x0008000000016e1d-11.dat	upx
behavioral1/memory/2784-22-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/files/0x0008000000017342-23.dat	upx
behavioral1/memory/2704-20-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2708-16-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x0007000000017355-33.dat	upx
behavioral1/memory/2928-36-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2280-50-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x00050000000195c8-60.dat	upx
behavioral1/files/0x0005000000019f57-146.dat	upx
behavioral1/files/0x00050000000195cc-74.dat	upx
behavioral1/files/0x0005000000019c0b-165.dat	upx
behavioral1/memory/2552-235-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2344-688-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/616-954-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x000500000001a2b9-190.dat	upx
behavioral1/files/0x000500000001a05a-185.dat	upx
behavioral1/files/0x000500000001a033-180.dat	upx
behavioral1/files/0x0005000000019f71-171.dat	upx
behavioral1/files/0x0005000000019d69-169.dat	upx
behavioral1/files/0x0005000000019cfc-167.dat	upx
behavioral1/files/0x0005000000019bf0-163.dat	upx
behavioral1/files/0x0005000000019931-161.dat	upx
behavioral1/files/0x0005000000019665-158.dat	upx
behavioral1/files/0x000500000001a020-174.dat	upx
behavioral1/files/0x0005000000019bec-115.dat	upx
behavioral1/memory/1932-107-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/files/0x00050000000196a0-105.dat	upx
behavioral1/files/0x0005000000019624-95.dat	upx
behavioral1/files/0x00050000000195d0-87.dat	upx
behavioral1/files/0x00050000000195e0-85.dat	upx
behavioral1/memory/2968-76-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x00050000000195ce-73.dat	upx
behavioral1/files/0x00050000000195ca-65.dat	upx
behavioral1/memory/2344-58-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x00070000000191d1-55.dat	upx
behavioral1/files/0x0005000000019d5c-138.dat	upx
behavioral1/files/0x0005000000019cd5-131.dat	upx
behavioral1/files/0x0005000000019bf2-121.dat	upx
behavioral1/memory/616-101-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/444-83-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2708-52-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2628-51-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2280-42-0x00000000023F0000-0x0000000002744000-memory.dmp	upx
behavioral1/memory/2552-41-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/files/0x00070000000173a3-48.dat	upx
behavioral1/files/0x000700000001739f-39.dat	upx
behavioral1/memory/2988-29-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2928-3549-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2988-3557-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2704-3550-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2784-3577-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2552-3594-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2708-3575-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/616-4068-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2628-4067-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/1932-4066-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2968-4065-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2344-4073-0x000000013F400000-0x000000013F754000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\cWvXWhr.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hDyVEzI.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kurIRzA.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yyFVKkc.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mbvREdj.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPizqTw.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OXSztEO.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XJUFJGc.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SxjbZtR.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LVFhUws.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MQYtjNh.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NYnLzfx.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oMFQILg.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UrvbLCM.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JIbqnxL.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UulpXZv.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxtUEvR.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\liDbCHJ.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vrTWmgt.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hADcwjj.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OqAoVUs.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MBOCWZM.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VzmDtTW.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FftScMf.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gqYlsaA.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kQBzfNc.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dISOtLu.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mfapxSH.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UOwLbsE.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nclmdNU.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TheSnhJ.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mTYbMgp.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XcEAsKQ.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDxOYHO.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lQQCqyI.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AsqUjXi.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BHlWRZP.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zrUsHJQ.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQJSvIT.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cvLDpAb.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kNbgkQz.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VuybHLP.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NqoMfmW.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OtnfgSA.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eSrSnpP.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\caVfYvx.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sUWulXW.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fiugbtZ.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\shAJAFQ.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PzfPkQh.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\guijXZi.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FMtQzyU.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wSInNGT.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KJDWfqj.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oDHziJZ.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JnwsHdw.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tVbijVL.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NYBHToS.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\clsCCDq.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCtjgzH.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YzErzKu.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ulMwiEh.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XZsAtlJ.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VQLmOiT.exe	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2708	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2280 wrote to memory of 2708	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2280 wrote to memory of 2708	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2280 wrote to memory of 2784	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2280 wrote to memory of 2784	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2280 wrote to memory of 2784	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2280 wrote to memory of 2704	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2280 wrote to memory of 2704	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2280 wrote to memory of 2704	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2280 wrote to memory of 2988	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2280 wrote to memory of 2988	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2280 wrote to memory of 2988	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2280 wrote to memory of 2928	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2280 wrote to memory of 2928	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2280 wrote to memory of 2928	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2280 wrote to memory of 2552	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2280 wrote to memory of 2552	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2280 wrote to memory of 2552	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2280 wrote to memory of 2628	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2280 wrote to memory of 2628	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2280 wrote to memory of 2628	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2280 wrote to memory of 2344	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2280 wrote to memory of 2344	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2280 wrote to memory of 2344	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2280 wrote to memory of 2968	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2280 wrote to memory of 2968	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2280 wrote to memory of 2968	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2280 wrote to memory of 1568	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2280 wrote to memory of 1568	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2280 wrote to memory of 1568	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2280 wrote to memory of 444	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2280 wrote to memory of 444	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2280 wrote to memory of 444	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2280 wrote to memory of 2276	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2280 wrote to memory of 2276	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2280 wrote to memory of 2276	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2280 wrote to memory of 616	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2280 wrote to memory of 616	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2280 wrote to memory of 616	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2280 wrote to memory of 2380	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2280 wrote to memory of 2380	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2280 wrote to memory of 2380	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2280 wrote to memory of 1932	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2280 wrote to memory of 1932	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2280 wrote to memory of 1932	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2280 wrote to memory of 1160	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2280 wrote to memory of 1160	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2280 wrote to memory of 1160	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2280 wrote to memory of 700	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2280 wrote to memory of 700	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2280 wrote to memory of 700	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2280 wrote to memory of 2932	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2280 wrote to memory of 2932	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2280 wrote to memory of 2932	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2280 wrote to memory of 2328	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2280 wrote to memory of 2328	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2280 wrote to memory of 2328	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2280 wrote to memory of 2360	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2280 wrote to memory of 2360	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2280 wrote to memory of 2360	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2280 wrote to memory of 2904	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2280 wrote to memory of 2904	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2280 wrote to memory of 2904	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2280 wrote to memory of 2468	2280	2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-27_b4ae671a519e114a99f025840580536f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Windows\System\BKanPaw.exe
  C:\Windows\System\BKanPaw.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\pbxjDFl.exe
  C:\Windows\System\pbxjDFl.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\akTkbGH.exe
  C:\Windows\System\akTkbGH.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\xnNKBtA.exe
  C:\Windows\System\xnNKBtA.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\AGWaZne.exe
  C:\Windows\System\AGWaZne.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\yWYDXCt.exe
  C:\Windows\System\yWYDXCt.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\pwWOkOr.exe
  C:\Windows\System\pwWOkOr.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\Dqpekov.exe
  C:\Windows\System\Dqpekov.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\slXPdeU.exe
  C:\Windows\System\slXPdeU.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\FDjtztm.exe
  C:\Windows\System\FDjtztm.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\YpilwmP.exe
  C:\Windows\System\YpilwmP.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\IfNmccR.exe
  C:\Windows\System\IfNmccR.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\iJocBOI.exe
  C:\Windows\System\iJocBOI.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\ZuMkntV.exe
  C:\Windows\System\ZuMkntV.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\FUKvLKu.exe
  C:\Windows\System\FUKvLKu.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\jJMkuSJ.exe
  C:\Windows\System\jJMkuSJ.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\qLEbION.exe
  C:\Windows\System\qLEbION.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\OxftgGv.exe
  C:\Windows\System\OxftgGv.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\NvzpHUM.exe
  C:\Windows\System\NvzpHUM.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\eaEgXFx.exe
  C:\Windows\System\eaEgXFx.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\EouyPWJ.exe
  C:\Windows\System\EouyPWJ.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\zCeYSWR.exe
  C:\Windows\System\zCeYSWR.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\otTIyMc.exe
  C:\Windows\System\otTIyMc.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\yLAbNrw.exe
  C:\Windows\System\yLAbNrw.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\ZpmaboU.exe
  C:\Windows\System\ZpmaboU.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\zPxlxQw.exe
  C:\Windows\System\zPxlxQw.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\xRwAmXE.exe
  C:\Windows\System\xRwAmXE.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\VNJwJxo.exe
  C:\Windows\System\VNJwJxo.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\xfKNhCz.exe
  C:\Windows\System\xfKNhCz.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\xOlASJW.exe
  C:\Windows\System\xOlASJW.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\bvhVZZT.exe
  C:\Windows\System\bvhVZZT.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\caVfYvx.exe
  C:\Windows\System\caVfYvx.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\JsjaIdS.exe
  C:\Windows\System\JsjaIdS.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\JpFjDsO.exe
  C:\Windows\System\JpFjDsO.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\FgCtQWa.exe
  C:\Windows\System\FgCtQWa.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\liDbCHJ.exe
  C:\Windows\System\liDbCHJ.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\IRtRLia.exe
  C:\Windows\System\IRtRLia.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\yLEcqHQ.exe
  C:\Windows\System\yLEcqHQ.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\YWlSsTY.exe
  C:\Windows\System\YWlSsTY.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\rmcwilc.exe
  C:\Windows\System\rmcwilc.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\iYANoJo.exe
  C:\Windows\System\iYANoJo.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\XNpHYQl.exe
  C:\Windows\System\XNpHYQl.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\sMQeyxd.exe
  C:\Windows\System\sMQeyxd.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\JnwsHdw.exe
  C:\Windows\System\JnwsHdw.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\CYhbiMI.exe
  C:\Windows\System\CYhbiMI.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\vtwqofK.exe
  C:\Windows\System\vtwqofK.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\MmXUIsH.exe
  C:\Windows\System\MmXUIsH.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\mVnbNbE.exe
  C:\Windows\System\mVnbNbE.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\MhvjVuY.exe
  C:\Windows\System\MhvjVuY.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\ufTcMNw.exe
  C:\Windows\System\ufTcMNw.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\ZQfjqJE.exe
  C:\Windows\System\ZQfjqJE.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\pGhXWtq.exe
  C:\Windows\System\pGhXWtq.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\XJUCyXj.exe
  C:\Windows\System\XJUCyXj.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\SeEfRel.exe
  C:\Windows\System\SeEfRel.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\qhDUWnw.exe
  C:\Windows\System\qhDUWnw.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\tLrZYMY.exe
  C:\Windows\System\tLrZYMY.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\UpPOZLH.exe
  C:\Windows\System\UpPOZLH.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\sUtbqjw.exe
  C:\Windows\System\sUtbqjw.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\IlMFvKU.exe
  C:\Windows\System\IlMFvKU.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\TCkoWHV.exe
  C:\Windows\System\TCkoWHV.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\oKCvcBT.exe
  C:\Windows\System\oKCvcBT.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\vEyycZY.exe
  C:\Windows\System\vEyycZY.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\psfINDT.exe
  C:\Windows\System\psfINDT.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\WgQUoSw.exe
  C:\Windows\System\WgQUoSw.exe
  2⤵
  PID:596
- C:\Windows\System\jfHthCi.exe
  C:\Windows\System\jfHthCi.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\FEaXdcv.exe
  C:\Windows\System\FEaXdcv.exe
  2⤵
  PID:1880
- C:\Windows\System\sUWulXW.exe
  C:\Windows\System\sUWulXW.exe
  2⤵
  PID:1004
- C:\Windows\System\vKYdNTm.exe
  C:\Windows\System\vKYdNTm.exe
  2⤵
  PID:3068
- C:\Windows\System\DAQDAtM.exe
  C:\Windows\System\DAQDAtM.exe
  2⤵
  PID:2424
- C:\Windows\System\tUjiScl.exe
  C:\Windows\System\tUjiScl.exe
  2⤵
  PID:1816
- C:\Windows\System\UwJhfow.exe
  C:\Windows\System\UwJhfow.exe
  2⤵
  PID:2100
- C:\Windows\System\KhzBSmq.exe
  C:\Windows\System\KhzBSmq.exe
  2⤵
  PID:1492
- C:\Windows\System\UNyAemC.exe
  C:\Windows\System\UNyAemC.exe
  2⤵
  PID:2144
- C:\Windows\System\AcprFEN.exe
  C:\Windows\System\AcprFEN.exe
  2⤵
  PID:996
- C:\Windows\System\ozdiOUB.exe
  C:\Windows\System\ozdiOUB.exe
  2⤵
  PID:2020
- C:\Windows\System\XGVtSjb.exe
  C:\Windows\System\XGVtSjb.exe
  2⤵
  PID:2292
- C:\Windows\System\nYOSqsl.exe
  C:\Windows\System\nYOSqsl.exe
  2⤵
  PID:1392
- C:\Windows\System\IGgBvqR.exe
  C:\Windows\System\IGgBvqR.exe
  2⤵
  PID:1940
- C:\Windows\System\guijXZi.exe
  C:\Windows\System\guijXZi.exe
  2⤵
  PID:2024
- C:\Windows\System\mLggkTR.exe
  C:\Windows\System\mLggkTR.exe
  2⤵
  PID:2984
- C:\Windows\System\rKilJEV.exe
  C:\Windows\System\rKilJEV.exe
  2⤵
  PID:1316
- C:\Windows\System\sUqiGIK.exe
  C:\Windows\System\sUqiGIK.exe
  2⤵
  PID:2080
- C:\Windows\System\bDOifNS.exe
  C:\Windows\System\bDOifNS.exe
  2⤵
  PID:1636
- C:\Windows\System\GIaVPbX.exe
  C:\Windows\System\GIaVPbX.exe
  2⤵
  PID:1008
- C:\Windows\System\sXxfGGX.exe
  C:\Windows\System\sXxfGGX.exe
  2⤵
  PID:1736
- C:\Windows\System\RtqIfaL.exe
  C:\Windows\System\RtqIfaL.exe
  2⤵
  PID:2696
- C:\Windows\System\AHctwEI.exe
  C:\Windows\System\AHctwEI.exe
  2⤵
  PID:2464
- C:\Windows\System\WYQHLvj.exe
  C:\Windows\System\WYQHLvj.exe
  2⤵
  PID:2856
- C:\Windows\System\ZoKgLeS.exe
  C:\Windows\System\ZoKgLeS.exe
  2⤵
  PID:1612
- C:\Windows\System\leJJJms.exe
  C:\Windows\System\leJJJms.exe
  2⤵
  PID:3012
- C:\Windows\System\VqnbJQY.exe
  C:\Windows\System\VqnbJQY.exe
  2⤵
  PID:2992
- C:\Windows\System\dPrVaDd.exe
  C:\Windows\System\dPrVaDd.exe
  2⤵
  PID:1712
- C:\Windows\System\HDasTrZ.exe
  C:\Windows\System\HDasTrZ.exe
  2⤵
  PID:1956
- C:\Windows\System\pEVzqRZ.exe
  C:\Windows\System\pEVzqRZ.exe
  2⤵
  PID:900
- C:\Windows\System\FSkKzKA.exe
  C:\Windows\System\FSkKzKA.exe
  2⤵
  PID:2888
- C:\Windows\System\TeHTjKZ.exe
  C:\Windows\System\TeHTjKZ.exe
  2⤵
  PID:2472
- C:\Windows\System\ISGXYXu.exe
  C:\Windows\System\ISGXYXu.exe
  2⤵
  PID:2116
- C:\Windows\System\XcEAsKQ.exe
  C:\Windows\System\XcEAsKQ.exe
  2⤵
  PID:1320
- C:\Windows\System\xWPMBRx.exe
  C:\Windows\System\xWPMBRx.exe
  2⤵
  PID:960
- C:\Windows\System\IeEdcvZ.exe
  C:\Windows\System\IeEdcvZ.exe
  2⤵
  PID:924
- C:\Windows\System\bLcEnVm.exe
  C:\Windows\System\bLcEnVm.exe
  2⤵
  PID:1548
- C:\Windows\System\KBBPaDb.exe
  C:\Windows\System\KBBPaDb.exe
  2⤵
  PID:1604
- C:\Windows\System\qRgTHsJ.exe
  C:\Windows\System\qRgTHsJ.exe
  2⤵
  PID:2528
- C:\Windows\System\nfxsqGW.exe
  C:\Windows\System\nfxsqGW.exe
  2⤵
  PID:3092
- C:\Windows\System\lQvkRkb.exe
  C:\Windows\System\lQvkRkb.exe
  2⤵
  PID:3116
- C:\Windows\System\OVTLPER.exe
  C:\Windows\System\OVTLPER.exe
  2⤵
  PID:3136
- C:\Windows\System\ISTloAJ.exe
  C:\Windows\System\ISTloAJ.exe
  2⤵
  PID:3152
- C:\Windows\System\HBIgVMX.exe
  C:\Windows\System\HBIgVMX.exe
  2⤵
  PID:3176
- C:\Windows\System\sgkaedt.exe
  C:\Windows\System\sgkaedt.exe
  2⤵
  PID:3192
- C:\Windows\System\JIgwFET.exe
  C:\Windows\System\JIgwFET.exe
  2⤵
  PID:3212
- C:\Windows\System\kQUkqVY.exe
  C:\Windows\System\kQUkqVY.exe
  2⤵
  PID:3232
- C:\Windows\System\sDsCVpW.exe
  C:\Windows\System\sDsCVpW.exe
  2⤵
  PID:3252
- C:\Windows\System\yJlxTRK.exe
  C:\Windows\System\yJlxTRK.exe
  2⤵
  PID:3272
- C:\Windows\System\WIomSCa.exe
  C:\Windows\System\WIomSCa.exe
  2⤵
  PID:3292
- C:\Windows\System\hydkWRl.exe
  C:\Windows\System\hydkWRl.exe
  2⤵
  PID:3312
- C:\Windows\System\iZkYvIT.exe
  C:\Windows\System\iZkYvIT.exe
  2⤵
  PID:3336
- C:\Windows\System\nUcNWvP.exe
  C:\Windows\System\nUcNWvP.exe
  2⤵
  PID:3356
- C:\Windows\System\BZhWHYV.exe
  C:\Windows\System\BZhWHYV.exe
  2⤵
  PID:3372
- C:\Windows\System\RXIOYjt.exe
  C:\Windows\System\RXIOYjt.exe
  2⤵
  PID:3392
- C:\Windows\System\PSKalPj.exe
  C:\Windows\System\PSKalPj.exe
  2⤵
  PID:3416
- C:\Windows\System\bzmmxxd.exe
  C:\Windows\System\bzmmxxd.exe
  2⤵
  PID:3432
- C:\Windows\System\WwSlvGW.exe
  C:\Windows\System\WwSlvGW.exe
  2⤵
  PID:3452
- C:\Windows\System\zRrzjZi.exe
  C:\Windows\System\zRrzjZi.exe
  2⤵
  PID:3472
- C:\Windows\System\GOJOMZn.exe
  C:\Windows\System\GOJOMZn.exe
  2⤵
  PID:3492
- C:\Windows\System\dMEDRoo.exe
  C:\Windows\System\dMEDRoo.exe
  2⤵
  PID:3516
- C:\Windows\System\tVbijVL.exe
  C:\Windows\System\tVbijVL.exe
  2⤵
  PID:3532
- C:\Windows\System\UYUwtqL.exe
  C:\Windows\System\UYUwtqL.exe
  2⤵
  PID:3552
- C:\Windows\System\lfCyAOK.exe
  C:\Windows\System\lfCyAOK.exe
  2⤵
  PID:3572
- C:\Windows\System\PZoRslQ.exe
  C:\Windows\System\PZoRslQ.exe
  2⤵
  PID:3588
- C:\Windows\System\uNvUqBN.exe
  C:\Windows\System\uNvUqBN.exe
  2⤵
  PID:3608
- C:\Windows\System\WFCtZxE.exe
  C:\Windows\System\WFCtZxE.exe
  2⤵
  PID:3624
- C:\Windows\System\AibapMl.exe
  C:\Windows\System\AibapMl.exe
  2⤵
  PID:3648
- C:\Windows\System\eWjwplK.exe
  C:\Windows\System\eWjwplK.exe
  2⤵
  PID:3672
- C:\Windows\System\pzaYwnW.exe
  C:\Windows\System\pzaYwnW.exe
  2⤵
  PID:3688
- C:\Windows\System\OysjOxK.exe
  C:\Windows\System\OysjOxK.exe
  2⤵
  PID:3708
- C:\Windows\System\woahxFE.exe
  C:\Windows\System\woahxFE.exe
  2⤵
  PID:3728
- C:\Windows\System\VbsMTNu.exe
  C:\Windows\System\VbsMTNu.exe
  2⤵
  PID:3752
- C:\Windows\System\HgjtNVy.exe
  C:\Windows\System\HgjtNVy.exe
  2⤵
  PID:3776
- C:\Windows\System\ZRiAxwD.exe
  C:\Windows\System\ZRiAxwD.exe
  2⤵
  PID:3792
- C:\Windows\System\dgNnsKz.exe
  C:\Windows\System\dgNnsKz.exe
  2⤵
  PID:3808
- C:\Windows\System\HCQZGoV.exe
  C:\Windows\System\HCQZGoV.exe
  2⤵
  PID:3832
- C:\Windows\System\dLItsHe.exe
  C:\Windows\System\dLItsHe.exe
  2⤵
  PID:3852
- C:\Windows\System\hZEOHoK.exe
  C:\Windows\System\hZEOHoK.exe
  2⤵
  PID:3876
- C:\Windows\System\ghWRNKI.exe
  C:\Windows\System\ghWRNKI.exe
  2⤵
  PID:3892
- C:\Windows\System\KuKrNtS.exe
  C:\Windows\System\KuKrNtS.exe
  2⤵
  PID:3908
- C:\Windows\System\jyhVfvE.exe
  C:\Windows\System\jyhVfvE.exe
  2⤵
  PID:3928
- C:\Windows\System\JLvEOcv.exe
  C:\Windows\System\JLvEOcv.exe
  2⤵
  PID:3948
- C:\Windows\System\fMeFTEq.exe
  C:\Windows\System\fMeFTEq.exe
  2⤵
  PID:3964
- C:\Windows\System\cahESPV.exe
  C:\Windows\System\cahESPV.exe
  2⤵
  PID:3980
- C:\Windows\System\ChgmHGj.exe
  C:\Windows\System\ChgmHGj.exe
  2⤵
  PID:4004
- C:\Windows\System\GPvATgo.exe
  C:\Windows\System\GPvATgo.exe
  2⤵
  PID:4024
- C:\Windows\System\SpNFvcq.exe
  C:\Windows\System\SpNFvcq.exe
  2⤵
  PID:4056
- C:\Windows\System\DhhqPwt.exe
  C:\Windows\System\DhhqPwt.exe
  2⤵
  PID:4080
- C:\Windows\System\zaPJvWT.exe
  C:\Windows\System\zaPJvWT.exe
  2⤵
  PID:3064
- C:\Windows\System\kSmLKjI.exe
  C:\Windows\System\kSmLKjI.exe
  2⤵
  PID:648
- C:\Windows\System\zrUsHJQ.exe
  C:\Windows\System\zrUsHJQ.exe
  2⤵
  PID:1780
- C:\Windows\System\trjUvBO.exe
  C:\Windows\System\trjUvBO.exe
  2⤵
  PID:2700
- C:\Windows\System\fglQdwC.exe
  C:\Windows\System\fglQdwC.exe
  2⤵
  PID:1640
- C:\Windows\System\mfapxSH.exe
  C:\Windows\System\mfapxSH.exe
  2⤵
  PID:2764
- C:\Windows\System\zBCoTyF.exe
  C:\Windows\System\zBCoTyF.exe
  2⤵
  PID:2860
- C:\Windows\System\txMrUcc.exe
  C:\Windows\System\txMrUcc.exe
  2⤵
  PID:432
- C:\Windows\System\BvIVHKB.exe
  C:\Windows\System\BvIVHKB.exe
  2⤵
  PID:2648
- C:\Windows\System\RUWrxie.exe
  C:\Windows\System\RUWrxie.exe
  2⤵
  PID:1824
- C:\Windows\System\ODpeeya.exe
  C:\Windows\System\ODpeeya.exe
  2⤵
  PID:2808
- C:\Windows\System\SxjbZtR.exe
  C:\Windows\System\SxjbZtR.exe
  2⤵
  PID:2936
- C:\Windows\System\gJpYfjS.exe
  C:\Windows\System\gJpYfjS.exe
  2⤵
  PID:1976
- C:\Windows\System\bSqGWxv.exe
  C:\Windows\System\bSqGWxv.exe
  2⤵
  PID:760
- C:\Windows\System\PkGYBQz.exe
  C:\Windows\System\PkGYBQz.exe
  2⤵
  PID:3084
- C:\Windows\System\hRFZXjf.exe
  C:\Windows\System\hRFZXjf.exe
  2⤵
  PID:1984
- C:\Windows\System\FaucoVY.exe
  C:\Windows\System\FaucoVY.exe
  2⤵
  PID:3172
- C:\Windows\System\NjwBtAY.exe
  C:\Windows\System\NjwBtAY.exe
  2⤵
  PID:3204
- C:\Windows\System\QlEHsrz.exe
  C:\Windows\System\QlEHsrz.exe
  2⤵
  PID:3144
- C:\Windows\System\mMeZRkN.exe
  C:\Windows\System\mMeZRkN.exe
  2⤵
  PID:3240
- C:\Windows\System\tsbWVhc.exe
  C:\Windows\System\tsbWVhc.exe
  2⤵
  PID:3284
- C:\Windows\System\usVKsFL.exe
  C:\Windows\System\usVKsFL.exe
  2⤵
  PID:3224
- C:\Windows\System\fRmpXhL.exe
  C:\Windows\System\fRmpXhL.exe
  2⤵
  PID:3264
- C:\Windows\System\fJfeest.exe
  C:\Windows\System\fJfeest.exe
  2⤵
  PID:3308
- C:\Windows\System\ukqVCgM.exe
  C:\Windows\System\ukqVCgM.exe
  2⤵
  PID:3348
- C:\Windows\System\FEEzACG.exe
  C:\Windows\System\FEEzACG.exe
  2⤵
  PID:3388
- C:\Windows\System\JpSrGwN.exe
  C:\Windows\System\JpSrGwN.exe
  2⤵
  PID:3488
- C:\Windows\System\LSxFDZK.exe
  C:\Windows\System\LSxFDZK.exe
  2⤵
  PID:3528
- C:\Windows\System\HTBMOif.exe
  C:\Windows\System\HTBMOif.exe
  2⤵
  PID:3564
- C:\Windows\System\GqLPvXe.exe
  C:\Windows\System\GqLPvXe.exe
  2⤵
  PID:3500
- C:\Windows\System\uMKPUDt.exe
  C:\Windows\System\uMKPUDt.exe
  2⤵
  PID:3632
- C:\Windows\System\saNoVrg.exe
  C:\Windows\System\saNoVrg.exe
  2⤵
  PID:3636
- C:\Windows\System\sbccKDL.exe
  C:\Windows\System\sbccKDL.exe
  2⤵
  PID:3684
- C:\Windows\System\PNPBtNH.exe
  C:\Windows\System\PNPBtNH.exe
  2⤵
  PID:3584
- C:\Windows\System\nhWPpCu.exe
  C:\Windows\System\nhWPpCu.exe
  2⤵
  PID:3724
- C:\Windows\System\hJooUCp.exe
  C:\Windows\System\hJooUCp.exe
  2⤵
  PID:3660
- C:\Windows\System\qzytuko.exe
  C:\Windows\System\qzytuko.exe
  2⤵
  PID:3656
- C:\Windows\System\mCIvZwJ.exe
  C:\Windows\System\mCIvZwJ.exe
  2⤵
  PID:3744
- C:\Windows\System\ZGVClKa.exe
  C:\Windows\System\ZGVClKa.exe
  2⤵
  PID:3844
- C:\Windows\System\JhEZmEM.exe
  C:\Windows\System\JhEZmEM.exe
  2⤵
  PID:3820
- C:\Windows\System\GBSKQIV.exe
  C:\Windows\System\GBSKQIV.exe
  2⤵
  PID:3816
- C:\Windows\System\hcDNLZd.exe
  C:\Windows\System\hcDNLZd.exe
  2⤵
  PID:3956
- C:\Windows\System\aMdGddB.exe
  C:\Windows\System\aMdGddB.exe
  2⤵
  PID:4000
- C:\Windows\System\FbgCgSL.exe
  C:\Windows\System\FbgCgSL.exe
  2⤵
  PID:3864
- C:\Windows\System\ETAwHgs.exe
  C:\Windows\System\ETAwHgs.exe
  2⤵
  PID:4088
- C:\Windows\System\NSuTWRs.exe
  C:\Windows\System\NSuTWRs.exe
  2⤵
  PID:2088
- C:\Windows\System\GCGGKal.exe
  C:\Windows\System\GCGGKal.exe
  2⤵
  PID:2688
- C:\Windows\System\tzxHADe.exe
  C:\Windows\System\tzxHADe.exe
  2⤵
  PID:1624
- C:\Windows\System\OUqgYnn.exe
  C:\Windows\System\OUqgYnn.exe
  2⤵
  PID:4068
- C:\Windows\System\RizSDlY.exe
  C:\Windows\System\RizSDlY.exe
  2⤵
  PID:3112
- C:\Windows\System\oPMfncb.exe
  C:\Windows\System\oPMfncb.exe
  2⤵
  PID:3220
- C:\Windows\System\fHkJrep.exe
  C:\Windows\System\fHkJrep.exe
  2⤵
  PID:3412
- C:\Windows\System\lCurksB.exe
  C:\Windows\System\lCurksB.exe
  2⤵
  PID:1396
- C:\Windows\System\MOSbnWQ.exe
  C:\Windows\System\MOSbnWQ.exe
  2⤵
  PID:3440
- C:\Windows\System\DTlycSf.exe
  C:\Windows\System\DTlycSf.exe
  2⤵
  PID:3468
- C:\Windows\System\kPOzqGg.exe
  C:\Windows\System\kPOzqGg.exe
  2⤵
  PID:3644
- C:\Windows\System\hROLSQZ.exe
  C:\Windows\System\hROLSQZ.exe
  2⤵
  PID:3700
- C:\Windows\System\orQDvIj.exe
  C:\Windows\System\orQDvIj.exe
  2⤵
  PID:3840
- C:\Windows\System\IFmHrWu.exe
  C:\Windows\System\IFmHrWu.exe
  2⤵
  PID:3988
- C:\Windows\System\wRbaVhF.exe
  C:\Windows\System\wRbaVhF.exe
  2⤵
  PID:2068
- C:\Windows\System\snKHYmP.exe
  C:\Windows\System\snKHYmP.exe
  2⤵
  PID:2288
- C:\Windows\System\CRyHxgC.exe
  C:\Windows\System\CRyHxgC.exe
  2⤵
  PID:3332
- C:\Windows\System\CZoGBcs.exe
  C:\Windows\System\CZoGBcs.exe
  2⤵
  PID:3548
- C:\Windows\System\rnXuwmd.exe
  C:\Windows\System\rnXuwmd.exe
  2⤵
  PID:3772
- C:\Windows\System\NYBHToS.exe
  C:\Windows\System\NYBHToS.exe
  2⤵
  PID:3736
- C:\Windows\System\YCHTxsK.exe
  C:\Windows\System\YCHTxsK.exe
  2⤵
  PID:4032
- C:\Windows\System\TYbKBaL.exe
  C:\Windows\System\TYbKBaL.exe
  2⤵
  PID:3904
- C:\Windows\System\THoJuJu.exe
  C:\Windows\System\THoJuJu.exe
  2⤵
  PID:3188
- C:\Windows\System\HqVAwEb.exe
  C:\Windows\System\HqVAwEb.exe
  2⤵
  PID:3304
- C:\Windows\System\pxIIjaz.exe
  C:\Windows\System\pxIIjaz.exe
  2⤵
  PID:3128
- C:\Windows\System\rjGqKcj.exe
  C:\Windows\System\rjGqKcj.exe
  2⤵
  PID:568
- C:\Windows\System\AyCexte.exe
  C:\Windows\System\AyCexte.exe
  2⤵
  PID:3936
- C:\Windows\System\sBdHprh.exe
  C:\Windows\System\sBdHprh.exe
  2⤵
  PID:3244
- C:\Windows\System\luCjmZn.exe
  C:\Windows\System\luCjmZn.exe
  2⤵
  PID:3364
- C:\Windows\System\JBUdktp.exe
  C:\Windows\System\JBUdktp.exe
  2⤵
  PID:3480
- C:\Windows\System\VCkLZPY.exe
  C:\Windows\System\VCkLZPY.exe
  2⤵
  PID:4100
- C:\Windows\System\cCtjgzH.exe
  C:\Windows\System\cCtjgzH.exe
  2⤵
  PID:4120
- C:\Windows\System\JwwQNFW.exe
  C:\Windows\System\JwwQNFW.exe
  2⤵
  PID:4140
- C:\Windows\System\QsVlKYc.exe
  C:\Windows\System\QsVlKYc.exe
  2⤵
  PID:4160
- C:\Windows\System\IvWVUlQ.exe
  C:\Windows\System\IvWVUlQ.exe
  2⤵
  PID:4180
- C:\Windows\System\BpqioUX.exe
  C:\Windows\System\BpqioUX.exe
  2⤵
  PID:4200
- C:\Windows\System\BQWCErW.exe
  C:\Windows\System\BQWCErW.exe
  2⤵
  PID:4216
- C:\Windows\System\fjaFiRP.exe
  C:\Windows\System\fjaFiRP.exe
  2⤵
  PID:4240
- C:\Windows\System\xUUFVNQ.exe
  C:\Windows\System\xUUFVNQ.exe
  2⤵
  PID:4260
- C:\Windows\System\wSlVNRb.exe
  C:\Windows\System\wSlVNRb.exe
  2⤵
  PID:4280
- C:\Windows\System\GasDSBg.exe
  C:\Windows\System\GasDSBg.exe
  2⤵
  PID:4300
- C:\Windows\System\NKNVLuf.exe
  C:\Windows\System\NKNVLuf.exe
  2⤵
  PID:4320
- C:\Windows\System\yMsplLS.exe
  C:\Windows\System\yMsplLS.exe
  2⤵
  PID:4340
- C:\Windows\System\fAGcofl.exe
  C:\Windows\System\fAGcofl.exe
  2⤵
  PID:4360
- C:\Windows\System\JdTlgxt.exe
  C:\Windows\System\JdTlgxt.exe
  2⤵
  PID:4380
- C:\Windows\System\OrDpIKP.exe
  C:\Windows\System\OrDpIKP.exe
  2⤵
  PID:4400
- C:\Windows\System\TlnVPIl.exe
  C:\Windows\System\TlnVPIl.exe
  2⤵
  PID:4420
- C:\Windows\System\yRoMFgn.exe
  C:\Windows\System\yRoMFgn.exe
  2⤵
  PID:4440
- C:\Windows\System\VOdvFWN.exe
  C:\Windows\System\VOdvFWN.exe
  2⤵
  PID:4460
- C:\Windows\System\EKPRNVC.exe
  C:\Windows\System\EKPRNVC.exe
  2⤵
  PID:4480
- C:\Windows\System\vrTWmgt.exe
  C:\Windows\System\vrTWmgt.exe
  2⤵
  PID:4496
- C:\Windows\System\eCDQfKn.exe
  C:\Windows\System\eCDQfKn.exe
  2⤵
  PID:4520
- C:\Windows\System\ipdrWWj.exe
  C:\Windows\System\ipdrWWj.exe
  2⤵
  PID:4536
- C:\Windows\System\utFmeXy.exe
  C:\Windows\System\utFmeXy.exe
  2⤵
  PID:4560
- C:\Windows\System\VnkJdMx.exe
  C:\Windows\System\VnkJdMx.exe
  2⤵
  PID:4576
- C:\Windows\System\xwNyCTO.exe
  C:\Windows\System\xwNyCTO.exe
  2⤵
  PID:4600
- C:\Windows\System\uhLABqX.exe
  C:\Windows\System\uhLABqX.exe
  2⤵
  PID:4620
- C:\Windows\System\EMeKNpi.exe
  C:\Windows\System\EMeKNpi.exe
  2⤵
  PID:4640
- C:\Windows\System\lTrfZPd.exe
  C:\Windows\System\lTrfZPd.exe
  2⤵
  PID:4660
- C:\Windows\System\PJREVnR.exe
  C:\Windows\System\PJREVnR.exe
  2⤵
  PID:4680
- C:\Windows\System\jQBtgqt.exe
  C:\Windows\System\jQBtgqt.exe
  2⤵
  PID:4696
- C:\Windows\System\bTuwViK.exe
  C:\Windows\System\bTuwViK.exe
  2⤵
  PID:4716
- C:\Windows\System\oNFkVJz.exe
  C:\Windows\System\oNFkVJz.exe
  2⤵
  PID:4740
- C:\Windows\System\mltPpuY.exe
  C:\Windows\System\mltPpuY.exe
  2⤵
  PID:4760
- C:\Windows\System\XTbrpJM.exe
  C:\Windows\System\XTbrpJM.exe
  2⤵
  PID:4780
- C:\Windows\System\hQkLGJJ.exe
  C:\Windows\System\hQkLGJJ.exe
  2⤵
  PID:4800
- C:\Windows\System\CpOYaSc.exe
  C:\Windows\System\CpOYaSc.exe
  2⤵
  PID:4820
- C:\Windows\System\hADcwjj.exe
  C:\Windows\System\hADcwjj.exe
  2⤵
  PID:4840
- C:\Windows\System\eOuxbMz.exe
  C:\Windows\System\eOuxbMz.exe
  2⤵
  PID:4856
- C:\Windows\System\KnSWpuA.exe
  C:\Windows\System\KnSWpuA.exe
  2⤵
  PID:4880
- C:\Windows\System\LBddfxH.exe
  C:\Windows\System\LBddfxH.exe
  2⤵
  PID:4896
- C:\Windows\System\yzLQdEg.exe
  C:\Windows\System\yzLQdEg.exe
  2⤵
  PID:4912
- C:\Windows\System\dgvDjMv.exe
  C:\Windows\System\dgvDjMv.exe
  2⤵
  PID:4936
- C:\Windows\System\WoooWAh.exe
  C:\Windows\System\WoooWAh.exe
  2⤵
  PID:4952
- C:\Windows\System\cHoxquv.exe
  C:\Windows\System\cHoxquv.exe
  2⤵
  PID:4976
- C:\Windows\System\YzErzKu.exe
  C:\Windows\System\YzErzKu.exe
  2⤵
  PID:5000
- C:\Windows\System\aHyyuWi.exe
  C:\Windows\System\aHyyuWi.exe
  2⤵
  PID:5020
- C:\Windows\System\aAJkHqU.exe
  C:\Windows\System\aAJkHqU.exe
  2⤵
  PID:5040
- C:\Windows\System\gmJBqBN.exe
  C:\Windows\System\gmJBqBN.exe
  2⤵
  PID:5060
- C:\Windows\System\FOOjlpJ.exe
  C:\Windows\System\FOOjlpJ.exe
  2⤵
  PID:5080
- C:\Windows\System\oFATvLu.exe
  C:\Windows\System\oFATvLu.exe
  2⤵
  PID:5100
- C:\Windows\System\HRkVNNE.exe
  C:\Windows\System\HRkVNNE.exe
  2⤵
  PID:3716
- C:\Windows\System\pTsRQnC.exe
  C:\Windows\System\pTsRQnC.exe
  2⤵
  PID:3668
- C:\Windows\System\fvlclLb.exe
  C:\Windows\System\fvlclLb.exe
  2⤵
  PID:4064
- C:\Windows\System\zWlcXCE.exe
  C:\Windows\System\zWlcXCE.exe
  2⤵
  PID:3020
- C:\Windows\System\hPizqTw.exe
  C:\Windows\System\hPizqTw.exe
  2⤵
  PID:2560
- C:\Windows\System\SOzuCPa.exe
  C:\Windows\System\SOzuCPa.exe
  2⤵
  PID:3620
- C:\Windows\System\BtLrYzK.exe
  C:\Windows\System\BtLrYzK.exe
  2⤵
  PID:3900
- C:\Windows\System\llAQdCE.exe
  C:\Windows\System\llAQdCE.exe
  2⤵
  PID:2848
- C:\Windows\System\itHkmTc.exe
  C:\Windows\System\itHkmTc.exe
  2⤵
  PID:3320
- C:\Windows\System\ZdqjCZt.exe
  C:\Windows\System\ZdqjCZt.exe
  2⤵
  PID:2660
- C:\Windows\System\mPHmMSo.exe
  C:\Windows\System\mPHmMSo.exe
  2⤵
  PID:1968
- C:\Windows\System\mnOvFxr.exe
  C:\Windows\System\mnOvFxr.exe
  2⤵
  PID:3404
- C:\Windows\System\DqHHTkU.exe
  C:\Windows\System\DqHHTkU.exe
  2⤵
  PID:3200
- C:\Windows\System\gTCMLLZ.exe
  C:\Windows\System\gTCMLLZ.exe
  2⤵
  PID:4188
- C:\Windows\System\alryIiZ.exe
  C:\Windows\System\alryIiZ.exe
  2⤵
  PID:4176
- C:\Windows\System\iMBMFhr.exe
  C:\Windows\System\iMBMFhr.exe
  2⤵
  PID:4236
- C:\Windows\System\wMJTotz.exe
  C:\Windows\System\wMJTotz.exe
  2⤵
  PID:4248
- C:\Windows\System\VzmDtTW.exe
  C:\Windows\System\VzmDtTW.exe
  2⤵
  PID:4272
- C:\Windows\System\kJboFJw.exe
  C:\Windows\System\kJboFJw.exe
  2⤵
  PID:4348
- C:\Windows\System\mMBDdaP.exe
  C:\Windows\System\mMBDdaP.exe
  2⤵
  PID:4328
- C:\Windows\System\TWYRAfR.exe
  C:\Windows\System\TWYRAfR.exe
  2⤵
  PID:4368
- C:\Windows\System\vfbhkXG.exe
  C:\Windows\System\vfbhkXG.exe
  2⤵
  PID:4408
- C:\Windows\System\hRCsmFj.exe
  C:\Windows\System\hRCsmFj.exe
  2⤵
  PID:4448
- C:\Windows\System\ldGioNd.exe
  C:\Windows\System\ldGioNd.exe
  2⤵
  PID:4476
- C:\Windows\System\gHutllH.exe
  C:\Windows\System\gHutllH.exe
  2⤵
  PID:4544
- C:\Windows\System\yARXTdA.exe
  C:\Windows\System\yARXTdA.exe
  2⤵
  PID:4552
- C:\Windows\System\HUqkYwN.exe
  C:\Windows\System\HUqkYwN.exe
  2⤵
  PID:4584
- C:\Windows\System\qXUpGWs.exe
  C:\Windows\System\qXUpGWs.exe
  2⤵
  PID:4628
- C:\Windows\System\qjjBOFv.exe
  C:\Windows\System\qjjBOFv.exe
  2⤵
  PID:4668
- C:\Windows\System\LSuqRFa.exe
  C:\Windows\System\LSuqRFa.exe
  2⤵
  PID:4648
- C:\Windows\System\keeLDZT.exe
  C:\Windows\System\keeLDZT.exe
  2⤵
  PID:4708
- C:\Windows\System\HtzxItt.exe
  C:\Windows\System\HtzxItt.exe
  2⤵
  PID:4724
- C:\Windows\System\TQBYhFq.exe
  C:\Windows\System\TQBYhFq.exe
  2⤵
  PID:4768
- C:\Windows\System\dZHGSZr.exe
  C:\Windows\System\dZHGSZr.exe
  2⤵
  PID:4828
- C:\Windows\System\AEwQCWe.exe
  C:\Windows\System\AEwQCWe.exe
  2⤵
  PID:4832
- C:\Windows\System\KADjAVK.exe
  C:\Windows\System\KADjAVK.exe
  2⤵
  PID:4848
- C:\Windows\System\gOXQAsU.exe
  C:\Windows\System\gOXQAsU.exe
  2⤵
  PID:4948
- C:\Windows\System\yEOicxs.exe
  C:\Windows\System\yEOicxs.exe
  2⤵
  PID:4984
- C:\Windows\System\jxXGZWu.exe
  C:\Windows\System\jxXGZWu.exe
  2⤵
  PID:4968
- C:\Windows\System\AZJMSkL.exe
  C:\Windows\System\AZJMSkL.exe
  2⤵
  PID:5016
- C:\Windows\System\wiMGvhJ.exe
  C:\Windows\System\wiMGvhJ.exe
  2⤵
  PID:2720
- C:\Windows\System\oLMvgpP.exe
  C:\Windows\System\oLMvgpP.exe
  2⤵
  PID:5068
- C:\Windows\System\zNqPbRY.exe
  C:\Windows\System\zNqPbRY.exe
  2⤵
  PID:5108
- C:\Windows\System\drVtyZM.exe
  C:\Windows\System\drVtyZM.exe
  2⤵
  PID:3460
- C:\Windows\System\CVaRNvI.exe
  C:\Windows\System\CVaRNvI.exe
  2⤵
  PID:2164
- C:\Windows\System\shovwBO.exe
  C:\Windows\System\shovwBO.exe
  2⤵
  PID:3600
- C:\Windows\System\FJFkYjA.exe
  C:\Windows\System\FJFkYjA.exe
  2⤵
  PID:3920
- C:\Windows\System\XZsAtlJ.exe
  C:\Windows\System\XZsAtlJ.exe
  2⤵
  PID:2952
- C:\Windows\System\nKqFohA.exe
  C:\Windows\System\nKqFohA.exe
  2⤵
  PID:896
- C:\Windows\System\eYRPnXz.exe
  C:\Windows\System\eYRPnXz.exe
  2⤵
  PID:3560
- C:\Windows\System\NLpoXpu.exe
  C:\Windows\System\NLpoXpu.exe
  2⤵
  PID:4148
- C:\Windows\System\evRVJti.exe
  C:\Windows\System\evRVJti.exe
  2⤵
  PID:4132
- C:\Windows\System\qJYEcgP.exe
  C:\Windows\System\qJYEcgP.exe
  2⤵
  PID:4232
- C:\Windows\System\oaTqJSt.exe
  C:\Windows\System\oaTqJSt.exe
  2⤵
  PID:4388
- C:\Windows\System\eVIERbA.exe
  C:\Windows\System\eVIERbA.exe
  2⤵
  PID:4252
- C:\Windows\System\JhiuAFb.exe
  C:\Windows\System\JhiuAFb.exe
  2⤵
  PID:4436
- C:\Windows\System\dNlbJYt.exe
  C:\Windows\System\dNlbJYt.exe
  2⤵
  PID:4508
- C:\Windows\System\CYyajXf.exe
  C:\Windows\System\CYyajXf.exe
  2⤵
  PID:4616
- C:\Windows\System\qcrnmaF.exe
  C:\Windows\System\qcrnmaF.exe
  2⤵
  PID:4556
- C:\Windows\System\UOGKvpk.exe
  C:\Windows\System\UOGKvpk.exe
  2⤵
  PID:4588
- C:\Windows\System\ewzssby.exe
  C:\Windows\System\ewzssby.exe
  2⤵
  PID:4676
- C:\Windows\System\coJIYvo.exe
  C:\Windows\System\coJIYvo.exe
  2⤵
  PID:4732
- C:\Windows\System\PYqNpQc.exe
  C:\Windows\System\PYqNpQc.exe
  2⤵
  PID:4904
- C:\Windows\System\dGNGmli.exe
  C:\Windows\System\dGNGmli.exe
  2⤵
  PID:4688
- C:\Windows\System\oMFQILg.exe
  C:\Windows\System\oMFQILg.exe
  2⤵
  PID:4932
- C:\Windows\System\WgEmZkg.exe
  C:\Windows\System\WgEmZkg.exe
  2⤵
  PID:4872
- C:\Windows\System\OpmbxkU.exe
  C:\Windows\System\OpmbxkU.exe
  2⤵
  PID:5032
- C:\Windows\System\rNYmeOh.exe
  C:\Windows\System\rNYmeOh.exe
  2⤵
  PID:5088
- C:\Windows\System\aTQmgXK.exe
  C:\Windows\System\aTQmgXK.exe
  2⤵
  PID:4052
- C:\Windows\System\kVMosaA.exe
  C:\Windows\System\kVMosaA.exe
  2⤵
  PID:5056
- C:\Windows\System\qVAYTNm.exe
  C:\Windows\System\qVAYTNm.exe
  2⤵
  PID:5112
- C:\Windows\System\kCEwjam.exe
  C:\Windows\System\kCEwjam.exe
  2⤵
  PID:3604
- C:\Windows\System\qbNvJkh.exe
  C:\Windows\System\qbNvJkh.exe
  2⤵
  PID:1512
- C:\Windows\System\lxOHbRe.exe
  C:\Windows\System\lxOHbRe.exe
  2⤵
  PID:3032
- C:\Windows\System\dsnxyef.exe
  C:\Windows\System\dsnxyef.exe
  2⤵
  PID:4396
- C:\Windows\System\OEMMjPm.exe
  C:\Windows\System\OEMMjPm.exe
  2⤵
  PID:4224
- C:\Windows\System\fwETZeN.exe
  C:\Windows\System\fwETZeN.exe
  2⤵
  PID:4428
- C:\Windows\System\PThBYgG.exe
  C:\Windows\System\PThBYgG.exe
  2⤵
  PID:4472
- C:\Windows\System\mGxnNVI.exe
  C:\Windows\System\mGxnNVI.exe
  2⤵
  PID:4432
- C:\Windows\System\RmpXptY.exe
  C:\Windows\System\RmpXptY.exe
  2⤵
  PID:4532
- C:\Windows\System\dXGFNIa.exe
  C:\Windows\System\dXGFNIa.exe
  2⤵
  PID:4712
- C:\Windows\System\oddAvBy.exe
  C:\Windows\System\oddAvBy.exe
  2⤵
  PID:4736
- C:\Windows\System\rgxGxjQ.exe
  C:\Windows\System\rgxGxjQ.exe
  2⤵
  PID:5136
- C:\Windows\System\LVFhUws.exe
  C:\Windows\System\LVFhUws.exe
  2⤵
  PID:5156
- C:\Windows\System\OXxQzsc.exe
  C:\Windows\System\OXxQzsc.exe
  2⤵
  PID:5176
- C:\Windows\System\mBHblSE.exe
  C:\Windows\System\mBHblSE.exe
  2⤵
  PID:5192
- C:\Windows\System\TvSkysc.exe
  C:\Windows\System\TvSkysc.exe
  2⤵
  PID:5216
- C:\Windows\System\dCMAiMD.exe
  C:\Windows\System\dCMAiMD.exe
  2⤵
  PID:5236
- C:\Windows\System\zEPmhtp.exe
  C:\Windows\System\zEPmhtp.exe
  2⤵
  PID:5256
- C:\Windows\System\hqAkyXa.exe
  C:\Windows\System\hqAkyXa.exe
  2⤵
  PID:5272
- C:\Windows\System\gfYcSLE.exe
  C:\Windows\System\gfYcSLE.exe
  2⤵
  PID:5292
- C:\Windows\System\uzPVCYV.exe
  C:\Windows\System\uzPVCYV.exe
  2⤵
  PID:5312
- C:\Windows\System\LIbcYfw.exe
  C:\Windows\System\LIbcYfw.exe
  2⤵
  PID:5336
- C:\Windows\System\rsaoNoW.exe
  C:\Windows\System\rsaoNoW.exe
  2⤵
  PID:5352
- C:\Windows\System\cwvVKek.exe
  C:\Windows\System\cwvVKek.exe
  2⤵
  PID:5372
- C:\Windows\System\GFjBSAt.exe
  C:\Windows\System\GFjBSAt.exe
  2⤵
  PID:5392
- C:\Windows\System\tiloyeu.exe
  C:\Windows\System\tiloyeu.exe
  2⤵
  PID:5416
- C:\Windows\System\AWrgzGl.exe
  C:\Windows\System\AWrgzGl.exe
  2⤵
  PID:5432
- C:\Windows\System\bSRtvHg.exe
  C:\Windows\System\bSRtvHg.exe
  2⤵
  PID:5456
- C:\Windows\System\yDarJyQ.exe
  C:\Windows\System\yDarJyQ.exe
  2⤵
  PID:5472
- C:\Windows\System\vOJBSoy.exe
  C:\Windows\System\vOJBSoy.exe
  2⤵
  PID:5496
- C:\Windows\System\iwpRmLK.exe
  C:\Windows\System\iwpRmLK.exe
  2⤵
  PID:5512
- C:\Windows\System\GBUdJUa.exe
  C:\Windows\System\GBUdJUa.exe
  2⤵
  PID:5536
- C:\Windows\System\oUGTOFf.exe
  C:\Windows\System\oUGTOFf.exe
  2⤵
  PID:5568
- C:\Windows\System\kEaLOzT.exe
  C:\Windows\System\kEaLOzT.exe
  2⤵
  PID:5584
- C:\Windows\System\ccGSOqO.exe
  C:\Windows\System\ccGSOqO.exe
  2⤵
  PID:5604
- C:\Windows\System\gIEfYUa.exe
  C:\Windows\System\gIEfYUa.exe
  2⤵
  PID:5620
- C:\Windows\System\QaZrfGz.exe
  C:\Windows\System\QaZrfGz.exe
  2⤵
  PID:5644
- C:\Windows\System\yLdpibH.exe
  C:\Windows\System\yLdpibH.exe
  2⤵
  PID:5668
- C:\Windows\System\HyPfyvY.exe
  C:\Windows\System\HyPfyvY.exe
  2⤵
  PID:5688
- C:\Windows\System\yfsUnDe.exe
  C:\Windows\System\yfsUnDe.exe
  2⤵
  PID:5708
- C:\Windows\System\NWrcsJf.exe
  C:\Windows\System\NWrcsJf.exe
  2⤵
  PID:5728
- C:\Windows\System\mXuPkmi.exe
  C:\Windows\System\mXuPkmi.exe
  2⤵
  PID:5748
- C:\Windows\System\IgcuJZX.exe
  C:\Windows\System\IgcuJZX.exe
  2⤵
  PID:5768
- C:\Windows\System\oCYhkQc.exe
  C:\Windows\System\oCYhkQc.exe
  2⤵
  PID:5788
- C:\Windows\System\LqGhlfk.exe
  C:\Windows\System\LqGhlfk.exe
  2⤵
  PID:5804
- C:\Windows\System\chcIPhu.exe
  C:\Windows\System\chcIPhu.exe
  2⤵
  PID:5828
- C:\Windows\System\leirlMO.exe
  C:\Windows\System\leirlMO.exe
  2⤵
  PID:5848
- C:\Windows\System\clsCCDq.exe
  C:\Windows\System\clsCCDq.exe
  2⤵
  PID:5868
- C:\Windows\System\OLeQYqA.exe
  C:\Windows\System\OLeQYqA.exe
  2⤵
  PID:5888
- C:\Windows\System\UFTSChB.exe
  C:\Windows\System\UFTSChB.exe
  2⤵
  PID:5908
- C:\Windows\System\eeXSEmN.exe
  C:\Windows\System\eeXSEmN.exe
  2⤵
  PID:5928
- C:\Windows\System\BxkcIgE.exe
  C:\Windows\System\BxkcIgE.exe
  2⤵
  PID:5944
- C:\Windows\System\vQzGGyV.exe
  C:\Windows\System\vQzGGyV.exe
  2⤵
  PID:5968
- C:\Windows\System\luwiUfu.exe
  C:\Windows\System\luwiUfu.exe
  2⤵
  PID:5988
- C:\Windows\System\lJqAhDS.exe
  C:\Windows\System\lJqAhDS.exe
  2⤵
  PID:6008
- C:\Windows\System\kvJWieM.exe
  C:\Windows\System\kvJWieM.exe
  2⤵
  PID:6028
- C:\Windows\System\XFxElAD.exe
  C:\Windows\System\XFxElAD.exe
  2⤵
  PID:6048
- C:\Windows\System\UgawwPn.exe
  C:\Windows\System\UgawwPn.exe
  2⤵
  PID:6068
- C:\Windows\System\wDECRwP.exe
  C:\Windows\System\wDECRwP.exe
  2⤵
  PID:6088
- C:\Windows\System\oLROjrY.exe
  C:\Windows\System\oLROjrY.exe
  2⤵
  PID:6108
- C:\Windows\System\LEoYQYN.exe
  C:\Windows\System\LEoYQYN.exe
  2⤵
  PID:6128
- C:\Windows\System\cuuoyIp.exe
  C:\Windows\System\cuuoyIp.exe
  2⤵
  PID:5012
- C:\Windows\System\jPRPxfW.exe
  C:\Windows\System\jPRPxfW.exe
  2⤵
  PID:4752
- C:\Windows\System\cURMzkq.exe
  C:\Windows\System\cURMzkq.exe
  2⤵
  PID:2772
- C:\Windows\System\yabSCpO.exe
  C:\Windows\System\yabSCpO.exe
  2⤵
  PID:5008
- C:\Windows\System\ekoPimh.exe
  C:\Windows\System\ekoPimh.exe
  2⤵
  PID:1376
- C:\Windows\System\OvcOrVb.exe
  C:\Windows\System\OvcOrVb.exe
  2⤵
  PID:2756
- C:\Windows\System\ghXtKYg.exe
  C:\Windows\System\ghXtKYg.exe
  2⤵
  PID:4016
- C:\Windows\System\nMriuSg.exe
  C:\Windows\System\nMriuSg.exe
  2⤵
  PID:4168
- C:\Windows\System\FftScMf.exe
  C:\Windows\System\FftScMf.exe
  2⤵
  PID:4156
- C:\Windows\System\LUpXyze.exe
  C:\Windows\System\LUpXyze.exe
  2⤵
  PID:4452
- C:\Windows\System\VIleevl.exe
  C:\Windows\System\VIleevl.exe
  2⤵
  PID:5124
- C:\Windows\System\qFMFsgD.exe
  C:\Windows\System\qFMFsgD.exe
  2⤵
  PID:5172
- C:\Windows\System\KmgIoMs.exe
  C:\Windows\System\KmgIoMs.exe
  2⤵
  PID:4924
- C:\Windows\System\dQXolOS.exe
  C:\Windows\System\dQXolOS.exe
  2⤵
  PID:5208
- C:\Windows\System\njdpTno.exe
  C:\Windows\System\njdpTno.exe
  2⤵
  PID:5248
- C:\Windows\System\YYXPZSE.exe
  C:\Windows\System\YYXPZSE.exe
  2⤵
  PID:5188
- C:\Windows\System\TChiGVl.exe
  C:\Windows\System\TChiGVl.exe
  2⤵
  PID:5224
- C:\Windows\System\ksJYsIM.exe
  C:\Windows\System\ksJYsIM.exe
  2⤵
  PID:5264
- C:\Windows\System\EVNgHLO.exe
  C:\Windows\System\EVNgHLO.exe
  2⤵
  PID:5360
- C:\Windows\System\gZgBFDr.exe
  C:\Windows\System\gZgBFDr.exe
  2⤵
  PID:5412
- C:\Windows\System\aEqgszq.exe
  C:\Windows\System\aEqgszq.exe
  2⤵
  PID:5344
- C:\Windows\System\WpuHFoq.exe
  C:\Windows\System\WpuHFoq.exe
  2⤵
  PID:5388
- C:\Windows\System\dSrRPMG.exe
  C:\Windows\System\dSrRPMG.exe
  2⤵
  PID:2176
- C:\Windows\System\PomisQu.exe
  C:\Windows\System\PomisQu.exe
  2⤵
  PID:5468
- C:\Windows\System\TbGiTVe.exe
  C:\Windows\System\TbGiTVe.exe
  2⤵
  PID:5508
- C:\Windows\System\ElMqHUC.exe
  C:\Windows\System\ElMqHUC.exe
  2⤵
  PID:5580
- C:\Windows\System\OMMFtmD.exe
  C:\Windows\System\OMMFtmD.exe
  2⤵
  PID:5592
- C:\Windows\System\MSDcFub.exe
  C:\Windows\System\MSDcFub.exe
  2⤵
  PID:5664
- C:\Windows\System\ovNsmFB.exe
  C:\Windows\System\ovNsmFB.exe
  2⤵
  PID:5636
- C:\Windows\System\GDCKoOh.exe
  C:\Windows\System\GDCKoOh.exe
  2⤵
  PID:5704
- C:\Windows\System\pQwqKPK.exe
  C:\Windows\System\pQwqKPK.exe
  2⤵
  PID:5744
- C:\Windows\System\iCPTcIC.exe
  C:\Windows\System\iCPTcIC.exe
  2⤵
  PID:5776
- C:\Windows\System\JvKITAO.exe
  C:\Windows\System\JvKITAO.exe
  2⤵
  PID:5812
- C:\Windows\System\XFwAhLP.exe
  C:\Windows\System\XFwAhLP.exe
  2⤵
  PID:5816
- C:\Windows\System\HmwyxzD.exe
  C:\Windows\System\HmwyxzD.exe
  2⤵
  PID:5864
- C:\Windows\System\OMXEnyF.exe
  C:\Windows\System\OMXEnyF.exe
  2⤵
  PID:5896
- C:\Windows\System\QxiFUap.exe
  C:\Windows\System\QxiFUap.exe
  2⤵
  PID:5924
- C:\Windows\System\nbSgeAK.exe
  C:\Windows\System\nbSgeAK.exe
  2⤵
  PID:5956
- C:\Windows\System\lzzLfxr.exe
  C:\Windows\System\lzzLfxr.exe
  2⤵
  PID:5980
- C:\Windows\System\rQSlewU.exe
  C:\Windows\System\rQSlewU.exe
  2⤵
  PID:6000
- C:\Windows\System\BwofKqo.exe
  C:\Windows\System\BwofKqo.exe
  2⤵
  PID:6060
- C:\Windows\System\nJIThfm.exe
  C:\Windows\System\nJIThfm.exe
  2⤵
  PID:6104
- C:\Windows\System\SimLGEl.exe
  C:\Windows\System\SimLGEl.exe
  2⤵
  PID:6116
- C:\Windows\System\NYaPIYW.exe
  C:\Windows\System\NYaPIYW.exe
  2⤵
  PID:6140
- C:\Windows\System\VQLmOiT.exe
  C:\Windows\System\VQLmOiT.exe
  2⤵
  PID:2592
- C:\Windows\System\cmWSbms.exe
  C:\Windows\System\cmWSbms.exe
  2⤵
  PID:1900
- C:\Windows\System\AFEHall.exe
  C:\Windows\System\AFEHall.exe
  2⤵
  PID:3328
- C:\Windows\System\wysxfzK.exe
  C:\Windows\System\wysxfzK.exe
  2⤵
  PID:4572
- C:\Windows\System\wSInNGT.exe
  C:\Windows\System\wSInNGT.exe
  2⤵
  PID:4296
- C:\Windows\System\huSGrdO.exe
  C:\Windows\System\huSGrdO.exe
  2⤵
  PID:2604
- C:\Windows\System\UrvbLCM.exe
  C:\Windows\System\UrvbLCM.exe
  2⤵
  PID:2732
- C:\Windows\System\CyQkZza.exe
  C:\Windows\System\CyQkZza.exe
  2⤵
  PID:4528
- C:\Windows\System\PZriCYk.exe
  C:\Windows\System\PZriCYk.exe
  2⤵
  PID:5184
- C:\Windows\System\ISPtpSv.exe
  C:\Windows\System\ISPtpSv.exe
  2⤵
  PID:5332
- C:\Windows\System\kqRlnPW.exe
  C:\Windows\System\kqRlnPW.exe
  2⤵
  PID:5308
- C:\Windows\System\qGczztV.exe
  C:\Windows\System\qGczztV.exe
  2⤵
  PID:5444
- C:\Windows\System\hiwjtCi.exe
  C:\Windows\System\hiwjtCi.exe
  2⤵
  PID:5528
- C:\Windows\System\BmIkVcf.exe
  C:\Windows\System\BmIkVcf.exe
  2⤵
  PID:5424
- C:\Windows\System\fTTyAQV.exe
  C:\Windows\System\fTTyAQV.exe
  2⤵
  PID:5560
- C:\Windows\System\gVpZvSO.exe
  C:\Windows\System\gVpZvSO.exe
  2⤵
  PID:2912
- C:\Windows\System\tWWMrxO.exe
  C:\Windows\System\tWWMrxO.exe
  2⤵
  PID:5656
- C:\Windows\System\xvfgewT.exe
  C:\Windows\System\xvfgewT.exe
  2⤵
  PID:5696
- C:\Windows\System\PIguIDr.exe
  C:\Windows\System\PIguIDr.exe
  2⤵
  PID:5764
- C:\Windows\System\HKdXIXM.exe
  C:\Windows\System\HKdXIXM.exe
  2⤵
  PID:5836
- C:\Windows\System\JRWUHft.exe
  C:\Windows\System\JRWUHft.exe
  2⤵
  PID:5844
- C:\Windows\System\KJDWfqj.exe
  C:\Windows\System\KJDWfqj.exe
  2⤵
  PID:2740
- C:\Windows\System\AMYrHlE.exe
  C:\Windows\System\AMYrHlE.exe
  2⤵
  PID:5976
- C:\Windows\System\NDxOYHO.exe
  C:\Windows\System\NDxOYHO.exe
  2⤵
  PID:6024
- C:\Windows\System\GpdTZbX.exe
  C:\Windows\System\GpdTZbX.exe
  2⤵
  PID:6040
- C:\Windows\System\OXSztEO.exe
  C:\Windows\System\OXSztEO.exe
  2⤵
  PID:4864
- C:\Windows\System\jZdeQsh.exe
  C:\Windows\System\jZdeQsh.exe
  2⤵
  PID:4876
- C:\Windows\System\IJDcAnZ.exe
  C:\Windows\System\IJDcAnZ.exe
  2⤵
  PID:4372
- C:\Windows\System\pAdwOmC.exe
  C:\Windows\System\pAdwOmC.exe
  2⤵
  PID:4652
- C:\Windows\System\SfXevvV.exe
  C:\Windows\System\SfXevvV.exe
  2⤵
  PID:4796
- C:\Windows\System\ZYtovVq.exe
  C:\Windows\System\ZYtovVq.exe
  2⤵
  PID:5252
- C:\Windows\System\OSaNovL.exe
  C:\Windows\System\OSaNovL.exe
  2⤵
  PID:5204
- C:\Windows\System\DZEPprl.exe
  C:\Windows\System\DZEPprl.exe
  2⤵
  PID:5228
- C:\Windows\System\cuZKHzQ.exe
  C:\Windows\System\cuZKHzQ.exe
  2⤵
  PID:5408
- C:\Windows\System\LJtlHBf.exe
  C:\Windows\System\LJtlHBf.exe
  2⤵
  PID:2260
- C:\Windows\System\xwRmcjT.exe
  C:\Windows\System\xwRmcjT.exe
  2⤵
  PID:5616
- C:\Windows\System\GWUWROy.exe
  C:\Windows\System\GWUWROy.exe
  2⤵
  PID:5660
- C:\Windows\System\XiozRjs.exe
  C:\Windows\System\XiozRjs.exe
  2⤵
  PID:5720
- C:\Windows\System\LqcOQiJ.exe
  C:\Windows\System\LqcOQiJ.exe
  2⤵
  PID:2596
- C:\Windows\System\sJwcsuQ.exe
  C:\Windows\System\sJwcsuQ.exe
  2⤵
  PID:5964
- C:\Windows\System\RkqqkvL.exe
  C:\Windows\System\RkqqkvL.exe
  2⤵
  PID:5920
- C:\Windows\System\micckuP.exe
  C:\Windows\System\micckuP.exe
  2⤵
  PID:6056
- C:\Windows\System\aEDnxyc.exe
  C:\Windows\System\aEDnxyc.exe
  2⤵
  PID:2900
- C:\Windows\System\cEivIFW.exe
  C:\Windows\System\cEivIFW.exe
  2⤵
  PID:3508
- C:\Windows\System\UcXOqOF.exe
  C:\Windows\System\UcXOqOF.exe
  2⤵
  PID:4792
- C:\Windows\System\BFmAvCB.exe
  C:\Windows\System\BFmAvCB.exe
  2⤵
  PID:6152
- C:\Windows\System\KRXMlqW.exe
  C:\Windows\System\KRXMlqW.exe
  2⤵
  PID:6172
- C:\Windows\System\EJyqgQm.exe
  C:\Windows\System\EJyqgQm.exe
  2⤵
  PID:6192
- C:\Windows\System\DDzknSO.exe
  C:\Windows\System\DDzknSO.exe
  2⤵
  PID:6212
- C:\Windows\System\ZzliFea.exe
  C:\Windows\System\ZzliFea.exe
  2⤵
  PID:6228
- C:\Windows\System\QBcYwEG.exe
  C:\Windows\System\QBcYwEG.exe
  2⤵
  PID:6252
- C:\Windows\System\eYdYUQm.exe
  C:\Windows\System\eYdYUQm.exe
  2⤵
  PID:6272
- C:\Windows\System\MRmSNca.exe
  C:\Windows\System\MRmSNca.exe
  2⤵
  PID:6292
- C:\Windows\System\MoVbLEM.exe
  C:\Windows\System\MoVbLEM.exe
  2⤵
  PID:6312
- C:\Windows\System\zljOhkO.exe
  C:\Windows\System\zljOhkO.exe
  2⤵
  PID:6328
- C:\Windows\System\GiGADSo.exe
  C:\Windows\System\GiGADSo.exe
  2⤵
  PID:6352
- C:\Windows\System\BuTgFDF.exe
  C:\Windows\System\BuTgFDF.exe
  2⤵
  PID:6372
- C:\Windows\System\QrlBZZo.exe
  C:\Windows\System\QrlBZZo.exe
  2⤵
  PID:6392
- C:\Windows\System\qRXoQUv.exe
  C:\Windows\System\qRXoQUv.exe
  2⤵
  PID:6412
- C:\Windows\System\uSNvyMd.exe
  C:\Windows\System\uSNvyMd.exe
  2⤵
  PID:6428
- C:\Windows\System\zSpkPap.exe
  C:\Windows\System\zSpkPap.exe
  2⤵
  PID:6452
- C:\Windows\System\SZewfse.exe
  C:\Windows\System\SZewfse.exe
  2⤵
  PID:6472
- C:\Windows\System\fDzxqnd.exe
  C:\Windows\System\fDzxqnd.exe
  2⤵
  PID:6492
- C:\Windows\System\EPPlwaD.exe
  C:\Windows\System\EPPlwaD.exe
  2⤵
  PID:6512
- C:\Windows\System\QZQeWzQ.exe
  C:\Windows\System\QZQeWzQ.exe
  2⤵
  PID:6532
- C:\Windows\System\zKLmJnO.exe
  C:\Windows\System\zKLmJnO.exe
  2⤵
  PID:6548
- C:\Windows\System\cnBNTDB.exe
  C:\Windows\System\cnBNTDB.exe
  2⤵
  PID:6572
- C:\Windows\System\RZLHQcy.exe
  C:\Windows\System\RZLHQcy.exe
  2⤵
  PID:6592
- C:\Windows\System\uByEoWF.exe
  C:\Windows\System\uByEoWF.exe
  2⤵
  PID:6612
- C:\Windows\System\uSTwjit.exe
  C:\Windows\System\uSTwjit.exe
  2⤵
  PID:6628
- C:\Windows\System\SyVmgQA.exe
  C:\Windows\System\SyVmgQA.exe
  2⤵
  PID:6652
- C:\Windows\System\YzlSVwZ.exe
  C:\Windows\System\YzlSVwZ.exe
  2⤵
  PID:6668
- C:\Windows\System\aJfTUoH.exe
  C:\Windows\System\aJfTUoH.exe
  2⤵
  PID:6692
- C:\Windows\System\skqSiZr.exe
  C:\Windows\System\skqSiZr.exe
  2⤵
  PID:6708
- C:\Windows\System\vmcLtgH.exe
  C:\Windows\System\vmcLtgH.exe
  2⤵
  PID:6728
- C:\Windows\System\tgbdPdN.exe
  C:\Windows\System\tgbdPdN.exe
  2⤵
  PID:6748
- C:\Windows\System\Usnvedc.exe
  C:\Windows\System\Usnvedc.exe
  2⤵
  PID:6772
- C:\Windows\System\KrbOKDv.exe
  C:\Windows\System\KrbOKDv.exe
  2⤵
  PID:6792
- C:\Windows\System\AZMcZiT.exe
  C:\Windows\System\AZMcZiT.exe
  2⤵
  PID:6812
- C:\Windows\System\XPnkOPl.exe
  C:\Windows\System\XPnkOPl.exe
  2⤵
  PID:6828
- C:\Windows\System\KtiFvwP.exe
  C:\Windows\System\KtiFvwP.exe
  2⤵
  PID:6852
- C:\Windows\System\UaUZHAl.exe
  C:\Windows\System\UaUZHAl.exe
  2⤵
  PID:6872
- C:\Windows\System\OFQGelx.exe
  C:\Windows\System\OFQGelx.exe
  2⤵
  PID:6892
- C:\Windows\System\vAzDasu.exe
  C:\Windows\System\vAzDasu.exe
  2⤵
  PID:6912
- C:\Windows\System\rzBklzu.exe
  C:\Windows\System\rzBklzu.exe
  2⤵
  PID:6932
- C:\Windows\System\JXrWsSG.exe
  C:\Windows\System\JXrWsSG.exe
  2⤵
  PID:6952
- C:\Windows\System\fdDMDrr.exe
  C:\Windows\System\fdDMDrr.exe
  2⤵
  PID:6972
- C:\Windows\System\edeGvaI.exe
  C:\Windows\System\edeGvaI.exe
  2⤵
  PID:6992
- C:\Windows\System\fiugbtZ.exe
  C:\Windows\System\fiugbtZ.exe
  2⤵
  PID:7012
- C:\Windows\System\sMDieHS.exe
  C:\Windows\System\sMDieHS.exe
  2⤵
  PID:7032
- C:\Windows\System\qKobABw.exe
  C:\Windows\System\qKobABw.exe
  2⤵
  PID:7052
- C:\Windows\System\ZMgncSx.exe
  C:\Windows\System\ZMgncSx.exe
  2⤵
  PID:7068
- C:\Windows\System\bHgEdjK.exe
  C:\Windows\System\bHgEdjK.exe
  2⤵
  PID:7092
- C:\Windows\System\CXNJeiT.exe
  C:\Windows\System\CXNJeiT.exe
  2⤵
  PID:7108
- C:\Windows\System\EisldPg.exe
  C:\Windows\System\EisldPg.exe
  2⤵
  PID:7132
- C:\Windows\System\vYLwceD.exe
  C:\Windows\System\vYLwceD.exe
  2⤵
  PID:7148
- C:\Windows\System\sTULIel.exe
  C:\Windows\System\sTULIel.exe
  2⤵
  PID:4836
- C:\Windows\System\tkBnVsH.exe
  C:\Windows\System\tkBnVsH.exe
  2⤵
  PID:5152
- C:\Windows\System\zTryxAl.exe
  C:\Windows\System\zTryxAl.exe
  2⤵
  PID:5368
- C:\Windows\System\eXBKGBo.exe
  C:\Windows\System\eXBKGBo.exe
  2⤵
  PID:5652
- C:\Windows\System\YkORIjw.exe
  C:\Windows\System\YkORIjw.exe
  2⤵
  PID:5736
- C:\Windows\System\yjcWNja.exe
  C:\Windows\System\yjcWNja.exe
  2⤵
  PID:5756
- C:\Windows\System\QAFHpgC.exe
  C:\Windows\System\QAFHpgC.exe
  2⤵
  PID:5840
- C:\Windows\System\zLTaWYN.exe
  C:\Windows\System\zLTaWYN.exe
  2⤵
  PID:3428
- C:\Windows\System\hEPlfsX.exe
  C:\Windows\System\hEPlfsX.exe
  2⤵
  PID:3696
- C:\Windows\System\PBZRDGC.exe
  C:\Windows\System\PBZRDGC.exe
  2⤵
  PID:6164
- C:\Windows\System\vTslGJs.exe
  C:\Windows\System\vTslGJs.exe
  2⤵
  PID:6180
- C:\Windows\System\FQUxLgd.exe
  C:\Windows\System\FQUxLgd.exe
  2⤵
  PID:6244
- C:\Windows\System\siEZNbm.exe
  C:\Windows\System\siEZNbm.exe
  2⤵
  PID:6284
- C:\Windows\System\BaasReX.exe
  C:\Windows\System\BaasReX.exe
  2⤵
  PID:6268
- C:\Windows\System\cYyxspf.exe
  C:\Windows\System\cYyxspf.exe
  2⤵
  PID:6308
- C:\Windows\System\yqsDTBT.exe
  C:\Windows\System\yqsDTBT.exe
  2⤵
  PID:6368
- C:\Windows\System\efadTAP.exe
  C:\Windows\System\efadTAP.exe
  2⤵
  PID:6344
- C:\Windows\System\zUekyWc.exe
  C:\Windows\System\zUekyWc.exe
  2⤵
  PID:6444
- C:\Windows\System\bytLrqi.exe
  C:\Windows\System\bytLrqi.exe
  2⤵
  PID:6384
- C:\Windows\System\uOQWjiu.exe
  C:\Windows\System\uOQWjiu.exe
  2⤵
  PID:6460
- C:\Windows\System\eVlinTE.exe
  C:\Windows\System\eVlinTE.exe
  2⤵
  PID:6500
- C:\Windows\System\pkYrrfH.exe
  C:\Windows\System\pkYrrfH.exe
  2⤵
  PID:6564
- C:\Windows\System\FFFQlFp.exe
  C:\Windows\System\FFFQlFp.exe
  2⤵
  PID:6544
- C:\Windows\System\ldJbECs.exe
  C:\Windows\System\ldJbECs.exe
  2⤵
  PID:6648
- C:\Windows\System\tytXbys.exe
  C:\Windows\System\tytXbys.exe
  2⤵
  PID:6584
- C:\Windows\System\mtccoyi.exe
  C:\Windows\System\mtccoyi.exe
  2⤵
  PID:6684
- C:\Windows\System\bHxBnce.exe
  C:\Windows\System\bHxBnce.exe
  2⤵
  PID:6720
- C:\Windows\System\toByhyN.exe
  C:\Windows\System\toByhyN.exe
  2⤵
  PID:6756
- C:\Windows\System\KJSPUpA.exe
  C:\Windows\System\KJSPUpA.exe
  2⤵
  PID:6744
- C:\Windows\System\egJizLu.exe
  C:\Windows\System\egJizLu.exe
  2⤵
  PID:6784
- C:\Windows\System\jRAVtTy.exe
  C:\Windows\System\jRAVtTy.exe
  2⤵
  PID:6848
- C:\Windows\System\shAJAFQ.exe
  C:\Windows\System\shAJAFQ.exe
  2⤵
  PID:6860
- C:\Windows\System\bpvjMpU.exe
  C:\Windows\System\bpvjMpU.exe
  2⤵
  PID:6884
- C:\Windows\System\DwHYXfi.exe
  C:\Windows\System\DwHYXfi.exe
  2⤵
  PID:6920
- C:\Windows\System\ghDUvLZ.exe
  C:\Windows\System\ghDUvLZ.exe
  2⤵
  PID:6940
- C:\Windows\System\TQnJKLe.exe
  C:\Windows\System\TQnJKLe.exe
  2⤵
  PID:6968
- C:\Windows\System\qaMkojA.exe
  C:\Windows\System\qaMkojA.exe
  2⤵
  PID:6984
- C:\Windows\System\fJBMVWz.exe
  C:\Windows\System\fJBMVWz.exe
  2⤵
  PID:7076
- C:\Windows\System\mvWUVqx.exe
  C:\Windows\System\mvWUVqx.exe
  2⤵
  PID:7024
- C:\Windows\System\gWFbuMt.exe
  C:\Windows\System\gWFbuMt.exe
  2⤵
  PID:7128
- C:\Windows\System\hVYYfWY.exe
  C:\Windows\System\hVYYfWY.exe
  2⤵
  PID:7164
- C:\Windows\System\KMoGIHo.exe
  C:\Windows\System\KMoGIHo.exe
  2⤵
  PID:7144
- C:\Windows\System\umXeMCP.exe
  C:\Windows\System\umXeMCP.exe
  2⤵
  PID:5148
- C:\Windows\System\oSHDUbA.exe
  C:\Windows\System\oSHDUbA.exe
  2⤵
  PID:5428
- C:\Windows\System\lPmpXEX.exe
  C:\Windows\System\lPmpXEX.exe
  2⤵
  PID:3080
- C:\Windows\System\rHrfFPf.exe
  C:\Windows\System\rHrfFPf.exe
  2⤵
  PID:6208
- C:\Windows\System\slcQuAS.exe
  C:\Windows\System\slcQuAS.exe
  2⤵
  PID:6036
- C:\Windows\System\IzZiitS.exe
  C:\Windows\System\IzZiitS.exe
  2⤵
  PID:6168
- C:\Windows\System\DTLWOJP.exe
  C:\Windows\System\DTLWOJP.exe
  2⤵
  PID:6320
- C:\Windows\System\ciNZMLI.exe
  C:\Windows\System\ciNZMLI.exe
  2⤵
  PID:6404
- C:\Windows\System\RCanrMi.exe
  C:\Windows\System\RCanrMi.exe
  2⤵
  PID:6440
- C:\Windows\System\ranTySP.exe
  C:\Windows\System\ranTySP.exe
  2⤵
  PID:6336
- C:\Windows\System\gqYlsaA.exe
  C:\Windows\System\gqYlsaA.exe
  2⤵
  PID:6508
- C:\Windows\System\MoTnrEd.exe
  C:\Windows\System\MoTnrEd.exe
  2⤵
  PID:6424
- C:\Windows\System\sdBkTQY.exe
  C:\Windows\System\sdBkTQY.exe
  2⤵
  PID:6588
- C:\Windows\System\iNabioO.exe
  C:\Windows\System\iNabioO.exe
  2⤵
  PID:6660
- C:\Windows\System\reJJWMa.exe
  C:\Windows\System\reJJWMa.exe
  2⤵
  PID:6636
- C:\Windows\System\UvLdbtX.exe
  C:\Windows\System\UvLdbtX.exe
  2⤵
  PID:6804
- C:\Windows\System\dWPQekD.exe
  C:\Windows\System\dWPQekD.exe
  2⤵
  PID:6676
- C:\Windows\System\SwPSCWh.exe
  C:\Windows\System\SwPSCWh.exe
  2⤵
  PID:6704
- C:\Windows\System\TErHIgr.exe
  C:\Windows\System\TErHIgr.exe
  2⤵
  PID:6928
- C:\Windows\System\eeBFPdA.exe
  C:\Windows\System\eeBFPdA.exe
  2⤵
  PID:6824
- C:\Windows\System\ZJGUCgQ.exe
  C:\Windows\System\ZJGUCgQ.exe
  2⤵
  PID:7004
- C:\Windows\System\asfBsQt.exe
  C:\Windows\System\asfBsQt.exe
  2⤵
  PID:6960
- C:\Windows\System\pVyQucM.exe
  C:\Windows\System\pVyQucM.exe
  2⤵
  PID:7048
- C:\Windows\System\QQJSvIT.exe
  C:\Windows\System\QQJSvIT.exe
  2⤵
  PID:7104
- C:\Windows\System\fwKzZRu.exe
  C:\Windows\System\fwKzZRu.exe
  2⤵
  PID:5524
- C:\Windows\System\fRmDppR.exe
  C:\Windows\System\fRmDppR.exe
  2⤵
  PID:5544
- C:\Windows\System\LrICDDg.exe
  C:\Windows\System\LrICDDg.exe
  2⤵
  PID:5760
- C:\Windows\System\lQQCqyI.exe
  C:\Windows\System\lQQCqyI.exe
  2⤵
  PID:6240
- C:\Windows\System\gvqeeWv.exe
  C:\Windows\System\gvqeeWv.exe
  2⤵
  PID:6224
- C:\Windows\System\YfJGVqw.exe
  C:\Windows\System\YfJGVqw.exe
  2⤵
  PID:6160
- C:\Windows\System\MTYMEPi.exe
  C:\Windows\System\MTYMEPi.exe
  2⤵
  PID:6580
- C:\Windows\System\KBNIPvp.exe
  C:\Windows\System\KBNIPvp.exe
  2⤵
  PID:6436
- C:\Windows\System\EgOQEnI.exe
  C:\Windows\System\EgOQEnI.exe
  2⤵
  PID:1212
- C:\Windows\System\eXesDdn.exe
  C:\Windows\System\eXesDdn.exe
  2⤵
  PID:6836
- C:\Windows\System\eyUqLkT.exe
  C:\Windows\System\eyUqLkT.exe
  2⤵
  PID:6908
- C:\Windows\System\uyvACzA.exe
  C:\Windows\System\uyvACzA.exe
  2⤵
  PID:6964
- C:\Windows\System\MQYtjNh.exe
  C:\Windows\System\MQYtjNh.exe
  2⤵
  PID:7100
- C:\Windows\System\eJROCqc.exe
  C:\Windows\System\eJROCqc.exe
  2⤵
  PID:6740
- C:\Windows\System\JHiLVcH.exe
  C:\Windows\System\JHiLVcH.exe
  2⤵
  PID:2232
- C:\Windows\System\vvOhPBD.exe
  C:\Windows\System\vvOhPBD.exe
  2⤵
  PID:6788
- C:\Windows\System\aCbCdnF.exe
  C:\Windows\System\aCbCdnF.exe
  2⤵
  PID:6236
- C:\Windows\System\iAwlxBh.exe
  C:\Windows\System\iAwlxBh.exe
  2⤵
  PID:6520
- C:\Windows\System\CvDheyD.exe
  C:\Windows\System\CvDheyD.exe
  2⤵
  PID:6888
- C:\Windows\System\mzvMdcG.exe
  C:\Windows\System\mzvMdcG.exe
  2⤵
  PID:5448
- C:\Windows\System\ZbfmpOy.exe
  C:\Windows\System\ZbfmpOy.exe
  2⤵
  PID:6716
- C:\Windows\System\dOLodGJ.exe
  C:\Windows\System\dOLodGJ.exe
  2⤵
  PID:1936
- C:\Windows\System\heluLyf.exe
  C:\Windows\System\heluLyf.exe
  2⤵
  PID:5484
- C:\Windows\System\bxNFHKy.exe
  C:\Windows\System\bxNFHKy.exe
  2⤵
  PID:6604
- C:\Windows\System\YlPYUZM.exe
  C:\Windows\System\YlPYUZM.exe
  2⤵
  PID:2964
- C:\Windows\System\YJKOPNg.exe
  C:\Windows\System\YJKOPNg.exe
  2⤵
  PID:7180
- C:\Windows\System\zDqqNHr.exe
  C:\Windows\System\zDqqNHr.exe
  2⤵
  PID:7196
- C:\Windows\System\qLlQxEl.exe
  C:\Windows\System\qLlQxEl.exe
  2⤵
  PID:7212
- C:\Windows\System\lBfvgGA.exe
  C:\Windows\System\lBfvgGA.exe
  2⤵
  PID:7228
- C:\Windows\System\GHIAYjL.exe
  C:\Windows\System\GHIAYjL.exe
  2⤵
  PID:7244
- C:\Windows\System\elUwhae.exe
  C:\Windows\System\elUwhae.exe
  2⤵
  PID:7260
- C:\Windows\System\tbGhlvW.exe
  C:\Windows\System\tbGhlvW.exe
  2⤵
  PID:7276
- C:\Windows\System\wqKjsNP.exe
  C:\Windows\System\wqKjsNP.exe
  2⤵
  PID:7292
- C:\Windows\System\UOwLbsE.exe
  C:\Windows\System\UOwLbsE.exe
  2⤵
  PID:7308
- C:\Windows\System\BcZnLyg.exe
  C:\Windows\System\BcZnLyg.exe
  2⤵
  PID:7324
- C:\Windows\System\FwlwmrJ.exe
  C:\Windows\System\FwlwmrJ.exe
  2⤵
  PID:7340
- C:\Windows\System\NVyNOEb.exe
  C:\Windows\System\NVyNOEb.exe
  2⤵
  PID:7356
- C:\Windows\System\qCNLnvL.exe
  C:\Windows\System\qCNLnvL.exe
  2⤵
  PID:7372
- C:\Windows\System\pkjqxeE.exe
  C:\Windows\System\pkjqxeE.exe
  2⤵
  PID:7388
- C:\Windows\System\PpaMhRq.exe
  C:\Windows\System\PpaMhRq.exe
  2⤵
  PID:7404
- C:\Windows\System\SmEdiaa.exe
  C:\Windows\System\SmEdiaa.exe
  2⤵
  PID:7420
- C:\Windows\System\LndGsrx.exe
  C:\Windows\System\LndGsrx.exe
  2⤵
  PID:7436
- C:\Windows\System\ADfqQDX.exe
  C:\Windows\System\ADfqQDX.exe
  2⤵
  PID:7452
- C:\Windows\System\YqxSXlt.exe
  C:\Windows\System\YqxSXlt.exe
  2⤵
  PID:7468
- C:\Windows\System\liEkEJP.exe
  C:\Windows\System\liEkEJP.exe
  2⤵
  PID:7520
- C:\Windows\System\nclmdNU.exe
  C:\Windows\System\nclmdNU.exe
  2⤵
  PID:7540
- C:\Windows\System\ZtRljMH.exe
  C:\Windows\System\ZtRljMH.exe
  2⤵
  PID:7556
- C:\Windows\System\TfZUhiT.exe
  C:\Windows\System\TfZUhiT.exe
  2⤵
  PID:7572
- C:\Windows\System\kGoMuJC.exe
  C:\Windows\System\kGoMuJC.exe
  2⤵
  PID:7588
- C:\Windows\System\QnfokOT.exe
  C:\Windows\System\QnfokOT.exe
  2⤵
  PID:7608
- C:\Windows\System\ryqKepU.exe
  C:\Windows\System\ryqKepU.exe
  2⤵
  PID:7624
- C:\Windows\System\zhhkcPM.exe
  C:\Windows\System\zhhkcPM.exe
  2⤵
  PID:7640
- C:\Windows\System\TheSnhJ.exe
  C:\Windows\System\TheSnhJ.exe
  2⤵
  PID:7656
- C:\Windows\System\DjeYlVa.exe
  C:\Windows\System\DjeYlVa.exe
  2⤵
  PID:7672
- C:\Windows\System\cCVXLtf.exe
  C:\Windows\System\cCVXLtf.exe
  2⤵
  PID:7688
- C:\Windows\System\WfSylrh.exe
  C:\Windows\System\WfSylrh.exe
  2⤵
  PID:7704
- C:\Windows\System\ghYfiIx.exe
  C:\Windows\System\ghYfiIx.exe
  2⤵
  PID:7720
- C:\Windows\System\bXKmqkT.exe
  C:\Windows\System\bXKmqkT.exe
  2⤵
  PID:7736
- C:\Windows\System\SOIAnwF.exe
  C:\Windows\System\SOIAnwF.exe
  2⤵
  PID:7752
- C:\Windows\System\aQFmKjg.exe
  C:\Windows\System\aQFmKjg.exe
  2⤵
  PID:7768
- C:\Windows\System\jZnCIhF.exe
  C:\Windows\System\jZnCIhF.exe
  2⤵
  PID:7788
- C:\Windows\System\UCDNZil.exe
  C:\Windows\System\UCDNZil.exe
  2⤵
  PID:7808
- C:\Windows\System\qTVZxfe.exe
  C:\Windows\System\qTVZxfe.exe
  2⤵
  PID:7824
- C:\Windows\System\OqAoVUs.exe
  C:\Windows\System\OqAoVUs.exe
  2⤵
  PID:7840
- C:\Windows\System\fiZULLO.exe
  C:\Windows\System\fiZULLO.exe
  2⤵
  PID:7856
- C:\Windows\System\drgTvGe.exe
  C:\Windows\System\drgTvGe.exe
  2⤵
  PID:7872
- C:\Windows\System\QcwnOeB.exe
  C:\Windows\System\QcwnOeB.exe
  2⤵
  PID:7888
- C:\Windows\System\lVXyptN.exe
  C:\Windows\System\lVXyptN.exe
  2⤵
  PID:7904
- C:\Windows\System\NQaxEEa.exe
  C:\Windows\System\NQaxEEa.exe
  2⤵
  PID:7920
- C:\Windows\System\nUaKMMc.exe
  C:\Windows\System\nUaKMMc.exe
  2⤵
  PID:7936
- C:\Windows\System\AKMtLbA.exe
  C:\Windows\System\AKMtLbA.exe
  2⤵
  PID:7952
- C:\Windows\System\YLDCCbZ.exe
  C:\Windows\System\YLDCCbZ.exe
  2⤵
  PID:7968
- C:\Windows\System\OyZgVFm.exe
  C:\Windows\System\OyZgVFm.exe
  2⤵
  PID:7984
- C:\Windows\System\vWSDmkR.exe
  C:\Windows\System\vWSDmkR.exe
  2⤵
  PID:8000
- C:\Windows\System\ybvHDIG.exe
  C:\Windows\System\ybvHDIG.exe
  2⤵
  PID:8016
- C:\Windows\System\bdVsYuI.exe
  C:\Windows\System\bdVsYuI.exe
  2⤵
  PID:8032
- C:\Windows\System\XzFAzjE.exe
  C:\Windows\System\XzFAzjE.exe
  2⤵
  PID:8048
- C:\Windows\System\sZRctPe.exe
  C:\Windows\System\sZRctPe.exe
  2⤵
  PID:8064
- C:\Windows\System\VnDilVq.exe
  C:\Windows\System\VnDilVq.exe
  2⤵
  PID:8080
- C:\Windows\System\hDyVEzI.exe
  C:\Windows\System\hDyVEzI.exe
  2⤵
  PID:8100
- C:\Windows\System\ZWiSptP.exe
  C:\Windows\System\ZWiSptP.exe
  2⤵
  PID:8116
- C:\Windows\System\rFtIsaL.exe
  C:\Windows\System\rFtIsaL.exe
  2⤵
  PID:8132
- C:\Windows\System\MfczIFb.exe
  C:\Windows\System\MfczIFb.exe
  2⤵
  PID:8148
- C:\Windows\System\jqbOBWz.exe
  C:\Windows\System\jqbOBWz.exe
  2⤵
  PID:8164
- C:\Windows\System\LzbdOPU.exe
  C:\Windows\System\LzbdOPU.exe
  2⤵
  PID:8180
- C:\Windows\System\IEHQGtw.exe
  C:\Windows\System\IEHQGtw.exe
  2⤵
  PID:5244
- C:\Windows\System\yeZXCIN.exe
  C:\Windows\System\yeZXCIN.exe
  2⤵
  PID:7124
- C:\Windows\System\uCKyLKC.exe
  C:\Windows\System\uCKyLKC.exe
  2⤵
  PID:4892
- C:\Windows\System\WinasFS.exe
  C:\Windows\System\WinasFS.exe
  2⤵
  PID:7084
- C:\Windows\System\zWAvimK.exe
  C:\Windows\System\zWAvimK.exe
  2⤵
  PID:6380
- C:\Windows\System\vNdiSOg.exe
  C:\Windows\System\vNdiSOg.exe
  2⤵
  PID:6700
- C:\Windows\System\ypSnRem.exe
  C:\Windows\System\ypSnRem.exe
  2⤵
  PID:7252
- C:\Windows\System\VCyJgxX.exe
  C:\Windows\System\VCyJgxX.exe
  2⤵
  PID:7288
- C:\Windows\System\jMHVxsT.exe
  C:\Windows\System\jMHVxsT.exe
  2⤵
  PID:7352
- C:\Windows\System\OkNpTnk.exe
  C:\Windows\System\OkNpTnk.exe
  2⤵
  PID:7416
- C:\Windows\System\eTxgjLc.exe
  C:\Windows\System\eTxgjLc.exe
  2⤵
  PID:6624
- C:\Windows\System\QnHLDsN.exe
  C:\Windows\System\QnHLDsN.exe
  2⤵
  PID:7496
- C:\Windows\System\WInnyui.exe
  C:\Windows\System\WInnyui.exe
  2⤵
  PID:7508
- C:\Windows\System\lQxdmKe.exe
  C:\Windows\System\lQxdmKe.exe
  2⤵
  PID:1704
- C:\Windows\System\SfFspSB.exe
  C:\Windows\System\SfFspSB.exe
  2⤵
  PID:7548
- C:\Windows\System\xxBRPCK.exe
  C:\Windows\System\xxBRPCK.exe
  2⤵
  PID:5940
- C:\Windows\System\KIwKMPJ.exe
  C:\Windows\System\KIwKMPJ.exe
  2⤵
  PID:7584
- C:\Windows\System\kurIRzA.exe
  C:\Windows\System\kurIRzA.exe
  2⤵
  PID:7852
- C:\Windows\System\RnGpfzd.exe
  C:\Windows\System\RnGpfzd.exe
  2⤵
  PID:7896
- C:\Windows\System\dNCFaQw.exe
  C:\Windows\System\dNCFaQw.exe
  2⤵
  PID:7948
- C:\Windows\System\icfaioG.exe
  C:\Windows\System\icfaioG.exe
  2⤵
  PID:7964
- C:\Windows\System\BqUJFJQ.exe
  C:\Windows\System\BqUJFJQ.exe
  2⤵
  PID:8012
- C:\Windows\System\NCPBqxf.exe
  C:\Windows\System\NCPBqxf.exe
  2⤵
  PID:8056
- C:\Windows\System\ZRKytVs.exe
  C:\Windows\System\ZRKytVs.exe
  2⤵
  PID:8108
- C:\Windows\System\EDdVEST.exe
  C:\Windows\System\EDdVEST.exe
  2⤵
  PID:3768
- C:\Windows\System\imRXuwG.exe
  C:\Windows\System\imRXuwG.exe
  2⤵
  PID:8128
- C:\Windows\System\dicFPJE.exe
  C:\Windows\System\dicFPJE.exe
  2⤵
  PID:8160
- C:\Windows\System\vCATTQm.exe
  C:\Windows\System\vCATTQm.exe
  2⤵
  PID:3804
- C:\Windows\System\UgBJwsH.exe
  C:\Windows\System\UgBJwsH.exe
  2⤵
  PID:7088
- C:\Windows\System\EMSNErs.exe
  C:\Windows\System\EMSNErs.exe
  2⤵
  PID:6408
- C:\Windows\System\DhMajgl.exe
  C:\Windows\System\DhMajgl.exe
  2⤵
  PID:7256
- C:\Windows\System\skezwZj.exe
  C:\Windows\System\skezwZj.exe
  2⤵
  PID:7384
- C:\Windows\System\XCEPILX.exe
  C:\Windows\System\XCEPILX.exe
  2⤵
  PID:7204
- C:\Windows\System\cOyKHsC.exe
  C:\Windows\System\cOyKHsC.exe
  2⤵
  PID:7300
- C:\Windows\System\CRctSpR.exe
  C:\Windows\System\CRctSpR.exe
  2⤵
  PID:7368
- C:\Windows\System\IMXqtiC.exe
  C:\Windows\System\IMXqtiC.exe
  2⤵
  PID:7464
- C:\Windows\System\cpDzZQF.exe
  C:\Windows\System\cpDzZQF.exe
  2⤵
  PID:7616
- C:\Windows\System\ulMwiEh.exe
  C:\Windows\System\ulMwiEh.exe
  2⤵
  PID:7620
- C:\Windows\System\GGHbrGo.exe
  C:\Windows\System\GGHbrGo.exe
  2⤵
  PID:7448
- C:\Windows\System\FYQThNv.exe
  C:\Windows\System\FYQThNv.exe
  2⤵
  PID:6924
- C:\Windows\System\wdNEVzd.exe
  C:\Windows\System\wdNEVzd.exe
  2⤵
  PID:7632
- C:\Windows\System\QIovnUI.exe
  C:\Windows\System\QIovnUI.exe
  2⤵
  PID:7684
- C:\Windows\System\iiylfvy.exe
  C:\Windows\System\iiylfvy.exe
  2⤵
  PID:7780
- C:\Windows\System\XKzrYzF.exe
  C:\Windows\System\XKzrYzF.exe
  2⤵
  PID:2568
- C:\Windows\System\OFSFjyd.exe
  C:\Windows\System\OFSFjyd.exe
  2⤵
  PID:7760
- C:\Windows\System\YfAJOZH.exe
  C:\Windows\System\YfAJOZH.exe
  2⤵
  PID:1744
- C:\Windows\System\wGeLzzl.exe
  C:\Windows\System\wGeLzzl.exe
  2⤵
  PID:2108
- C:\Windows\System\VjZFttZ.exe
  C:\Windows\System\VjZFttZ.exe
  2⤵
  PID:7848
- C:\Windows\System\VzKvndW.exe
  C:\Windows\System\VzKvndW.exe
  2⤵
  PID:1896
- C:\Windows\System\PwIxwaJ.exe
  C:\Windows\System\PwIxwaJ.exe
  2⤵
  PID:1088
- C:\Windows\System\QiSWGif.exe
  C:\Windows\System\QiSWGif.exe
  2⤵
  PID:1276
- C:\Windows\System\TbSUgiI.exe
  C:\Windows\System\TbSUgiI.exe
  2⤵
  PID:2896
- C:\Windows\System\gEPTbUh.exe
  C:\Windows\System\gEPTbUh.exe
  2⤵
  PID:7932
- C:\Windows\System\kitlywe.exe
  C:\Windows\System\kitlywe.exe
  2⤵
  PID:7960
- C:\Windows\System\AsEmFuf.exe
  C:\Windows\System\AsEmFuf.exe
  2⤵
  PID:2012
- C:\Windows\System\zqRpDag.exe
  C:\Windows\System\zqRpDag.exe
  2⤵
  PID:2252
- C:\Windows\System\MTNkJXO.exe
  C:\Windows\System\MTNkJXO.exe
  2⤵
  PID:2460
- C:\Windows\System\oyVVjlN.exe
  C:\Windows\System\oyVVjlN.exe
  2⤵
  PID:2056
- C:\Windows\System\ZVFDpuF.exe
  C:\Windows\System\ZVFDpuF.exe
  2⤵
  PID:8156
- C:\Windows\System\RmqiDEg.exe
  C:\Windows\System\RmqiDEg.exe
  2⤵
  PID:6120
- C:\Windows\System\EpPwNYk.exe
  C:\Windows\System\EpPwNYk.exe
  2⤵
  PID:2364
- C:\Windows\System\cApzCPM.exe
  C:\Windows\System\cApzCPM.exe
  2⤵
  PID:6988
- C:\Windows\System\FMtQzyU.exe
  C:\Windows\System\FMtQzyU.exe
  2⤵
  PID:7336
- C:\Windows\System\LYvgKLr.exe
  C:\Windows\System\LYvgKLr.exe
  2⤵
  PID:7532
- C:\Windows\System\JIbqnxL.exe
  C:\Windows\System\JIbqnxL.exe
  2⤵
  PID:6204
- C:\Windows\System\nxvYTEa.exe
  C:\Windows\System\nxvYTEa.exe
  2⤵
  PID:7396
- C:\Windows\System\QdiZbxI.exe
  C:\Windows\System\QdiZbxI.exe
  2⤵
  PID:7208
- C:\Windows\System\DHoSBiD.exe
  C:\Windows\System\DHoSBiD.exe
  2⤵
  PID:6736
- C:\Windows\System\eyXwLUf.exe
  C:\Windows\System\eyXwLUf.exe
  2⤵
  PID:7668
- C:\Windows\System\pajmPja.exe
  C:\Windows\System\pajmPja.exe
  2⤵
  PID:7648
- C:\Windows\System\aLsSHSv.exe
  C:\Windows\System\aLsSHSv.exe
  2⤵
  PID:7776
- C:\Windows\System\bykZEfr.exe
  C:\Windows\System\bykZEfr.exe
  2⤵
  PID:2316
- C:\Windows\System\qOpVFyj.exe
  C:\Windows\System\qOpVFyj.exe
  2⤵
  PID:2996
- C:\Windows\System\pHfIwnN.exe
  C:\Windows\System\pHfIwnN.exe
  2⤵
  PID:7880
- C:\Windows\System\FmiylmO.exe
  C:\Windows\System\FmiylmO.exe
  2⤵
  PID:2152
- C:\Windows\System\wMgsxhS.exe
  C:\Windows\System\wMgsxhS.exe
  2⤵
  PID:1864
- C:\Windows\System\PSWPymr.exe
  C:\Windows\System\PSWPymr.exe
  2⤵
  PID:8112
- C:\Windows\System\EhctCVw.exe
  C:\Windows\System\EhctCVw.exe
  2⤵
  PID:8188
- C:\Windows\System\LpHmFuN.exe
  C:\Windows\System\LpHmFuN.exe
  2⤵
  PID:8092
- C:\Windows\System\QPMvhnT.exe
  C:\Windows\System\QPMvhnT.exe
  2⤵
  PID:6528
- C:\Windows\System\AopXxKZ.exe
  C:\Windows\System\AopXxKZ.exe
  2⤵
  PID:7912
- C:\Windows\System\kIrAseq.exe
  C:\Windows\System\kIrAseq.exe
  2⤵
  PID:7980
- C:\Windows\System\GYqZwdZ.exe
  C:\Windows\System\GYqZwdZ.exe
  2⤵
  PID:7484
- C:\Windows\System\AoNFgDq.exe
  C:\Windows\System\AoNFgDq.exe
  2⤵
  PID:1768
- C:\Windows\System\NkaiFHm.exe
  C:\Windows\System\NkaiFHm.exe
  2⤵
  PID:2352
- C:\Windows\System\sZUPSbq.exe
  C:\Windows\System\sZUPSbq.exe
  2⤵
  PID:7996
- C:\Windows\System\mlvQcuA.exe
  C:\Windows\System\mlvQcuA.exe
  2⤵
  PID:7800
- C:\Windows\System\imYCvOD.exe
  C:\Windows\System\imYCvOD.exe
  2⤵
  PID:7480
- C:\Windows\System\LzkvEKP.exe
  C:\Windows\System\LzkvEKP.exe
  2⤵
  PID:1908
- C:\Windows\System\QjyDTWn.exe
  C:\Windows\System\QjyDTWn.exe
  2⤵
  PID:6080
- C:\Windows\System\kHfkYXi.exe
  C:\Windows\System\kHfkYXi.exe
  2⤵
  PID:7728
- C:\Windows\System\yyFVKkc.exe
  C:\Windows\System\yyFVKkc.exe
  2⤵
  PID:4136
- C:\Windows\System\xBcTfTF.exe
  C:\Windows\System\xBcTfTF.exe
  2⤵
  PID:7900
- C:\Windows\System\bUuCHJW.exe
  C:\Windows\System\bUuCHJW.exe
  2⤵
  PID:7188
- C:\Windows\System\eWwwEjp.exe
  C:\Windows\System\eWwwEjp.exe
  2⤵
  PID:7320
- C:\Windows\System\zsCXIBX.exe
  C:\Windows\System\zsCXIBX.exe
  2⤵
  PID:1648
- C:\Windows\System\BnSZXXV.exe
  C:\Windows\System\BnSZXXV.exe
  2⤵
  PID:7596
- C:\Windows\System\NRcttkw.exe
  C:\Windows\System\NRcttkw.exe
  2⤵
  PID:2132
- C:\Windows\System\wduMALN.exe
  C:\Windows\System\wduMALN.exe
  2⤵
  PID:7564
- C:\Windows\System\wTOptKD.exe
  C:\Windows\System\wTOptKD.exe
  2⤵
  PID:7348
- C:\Windows\System\xEwQxRe.exe
  C:\Windows\System\xEwQxRe.exe
  2⤵
  PID:2268
- C:\Windows\System\djEPVEN.exe
  C:\Windows\System\djEPVEN.exe
  2⤵
  PID:7680
- C:\Windows\System\ioapSaG.exe
  C:\Windows\System\ioapSaG.exe
  2⤵
  PID:8208
- C:\Windows\System\QcHGvGW.exe
  C:\Windows\System\QcHGvGW.exe
  2⤵
  PID:8224
- C:\Windows\System\KaTJRkW.exe
  C:\Windows\System\KaTJRkW.exe
  2⤵
  PID:8248
- C:\Windows\System\ttVizWo.exe
  C:\Windows\System\ttVizWo.exe
  2⤵
  PID:8284
- C:\Windows\System\bTHIaaF.exe
  C:\Windows\System\bTHIaaF.exe
  2⤵
  PID:8300
- C:\Windows\System\fvNeOdH.exe
  C:\Windows\System\fvNeOdH.exe
  2⤵
  PID:8316
- C:\Windows\System\MDDHJOX.exe
  C:\Windows\System\MDDHJOX.exe
  2⤵
  PID:8340
- C:\Windows\System\GfHHxki.exe
  C:\Windows\System\GfHHxki.exe
  2⤵
  PID:8356
- C:\Windows\System\DCmcHWU.exe
  C:\Windows\System\DCmcHWU.exe
  2⤵
  PID:8376
- C:\Windows\System\yQLFraS.exe
  C:\Windows\System\yQLFraS.exe
  2⤵
  PID:8396
- C:\Windows\System\IPKYbFU.exe
  C:\Windows\System\IPKYbFU.exe
  2⤵
  PID:8416
- C:\Windows\System\rqNfPVR.exe
  C:\Windows\System\rqNfPVR.exe
  2⤵
  PID:8432
- C:\Windows\System\dbrFKWu.exe
  C:\Windows\System\dbrFKWu.exe
  2⤵
  PID:8448
- C:\Windows\System\VLvVNsZ.exe
  C:\Windows\System\VLvVNsZ.exe
  2⤵
  PID:8464
- C:\Windows\System\OSFUexh.exe
  C:\Windows\System\OSFUexh.exe
  2⤵
  PID:8484
- C:\Windows\System\cvLDpAb.exe
  C:\Windows\System\cvLDpAb.exe
  2⤵
  PID:8596
- C:\Windows\System\pzwgMMh.exe
  C:\Windows\System\pzwgMMh.exe
  2⤵
  PID:8612
- C:\Windows\System\iowpWwd.exe
  C:\Windows\System\iowpWwd.exe
  2⤵
  PID:8636
- C:\Windows\System\euvLMDr.exe
  C:\Windows\System\euvLMDr.exe
  2⤵
  PID:8652
- C:\Windows\System\kpANHxO.exe
  C:\Windows\System\kpANHxO.exe
  2⤵
  PID:8668
- C:\Windows\System\kUzsXwU.exe
  C:\Windows\System\kUzsXwU.exe
  2⤵
  PID:8684
- C:\Windows\System\ApoLTFc.exe
  C:\Windows\System\ApoLTFc.exe
  2⤵
  PID:8700
- C:\Windows\System\MeXkxsE.exe
  C:\Windows\System\MeXkxsE.exe
  2⤵
  PID:8716
- C:\Windows\System\GSEGVhG.exe
  C:\Windows\System\GSEGVhG.exe
  2⤵
  PID:8732
- C:\Windows\System\GKbbTPA.exe
  C:\Windows\System\GKbbTPA.exe
  2⤵
  PID:8748
- C:\Windows\System\JzupDzz.exe
  C:\Windows\System\JzupDzz.exe
  2⤵
  PID:8764
- C:\Windows\System\PqnTVvQ.exe
  C:\Windows\System\PqnTVvQ.exe
  2⤵
  PID:8780
- C:\Windows\System\IYNldNq.exe
  C:\Windows\System\IYNldNq.exe
  2⤵
  PID:8796
- C:\Windows\System\rFZiKVL.exe
  C:\Windows\System\rFZiKVL.exe
  2⤵
  PID:8812
- C:\Windows\System\xgRWpAu.exe
  C:\Windows\System\xgRWpAu.exe
  2⤵
  PID:8828
- C:\Windows\System\SSbVLkQ.exe
  C:\Windows\System\SSbVLkQ.exe
  2⤵
  PID:8848
- C:\Windows\System\kkcEFtq.exe
  C:\Windows\System\kkcEFtq.exe
  2⤵
  PID:8864
- C:\Windows\System\KJMmvro.exe
  C:\Windows\System\KJMmvro.exe
  2⤵
  PID:8880
- C:\Windows\System\TSdvQBt.exe
  C:\Windows\System\TSdvQBt.exe
  2⤵
  PID:8900
- C:\Windows\System\DSuwSON.exe
  C:\Windows\System\DSuwSON.exe
  2⤵
  PID:8916
- C:\Windows\System\xOjCvwB.exe
  C:\Windows\System\xOjCvwB.exe
  2⤵
  PID:8932
- C:\Windows\System\OunjUFG.exe
  C:\Windows\System\OunjUFG.exe
  2⤵
  PID:8972
- C:\Windows\System\tMrZxIO.exe
  C:\Windows\System\tMrZxIO.exe
  2⤵
  PID:8988
- C:\Windows\System\pHnrtzr.exe
  C:\Windows\System\pHnrtzr.exe
  2⤵
  PID:9060
- C:\Windows\System\BYLDtnP.exe
  C:\Windows\System\BYLDtnP.exe
  2⤵
  PID:9084
- C:\Windows\System\NzazUks.exe
  C:\Windows\System\NzazUks.exe
  2⤵
  PID:9100
- C:\Windows\System\ZmJbyAM.exe
  C:\Windows\System\ZmJbyAM.exe
  2⤵
  PID:9116
- C:\Windows\System\tBWXLYC.exe
  C:\Windows\System\tBWXLYC.exe
  2⤵
  PID:9132
- C:\Windows\System\UOJzUvU.exe
  C:\Windows\System\UOJzUvU.exe
  2⤵
  PID:9148
- C:\Windows\System\tJlHyCS.exe
  C:\Windows\System\tJlHyCS.exe
  2⤵
  PID:9164
- C:\Windows\System\QyFCsgC.exe
  C:\Windows\System\QyFCsgC.exe
  2⤵
  PID:9180
- C:\Windows\System\NYnLzfx.exe
  C:\Windows\System\NYnLzfx.exe
  2⤵
  PID:9196
- C:\Windows\System\xLfAbUe.exe
  C:\Windows\System\xLfAbUe.exe
  2⤵
  PID:9212
- C:\Windows\System\nDwUoxo.exe
  C:\Windows\System\nDwUoxo.exe
  2⤵
  PID:7820
- C:\Windows\System\mIBphpT.exe
  C:\Windows\System\mIBphpT.exe
  2⤵
  PID:8236
- C:\Windows\System\hOGLbCg.exe
  C:\Windows\System\hOGLbCg.exe
  2⤵
  PID:8296
- C:\Windows\System\ZjEznaE.exe
  C:\Windows\System\ZjEznaE.exe
  2⤵
  PID:8336
- C:\Windows\System\hxwDGNR.exe
  C:\Windows\System\hxwDGNR.exe
  2⤵
  PID:8408
- C:\Windows\System\KxrdXqu.exe
  C:\Windows\System\KxrdXqu.exe
  2⤵
  PID:7732
- C:\Windows\System\GZUWboD.exe
  C:\Windows\System\GZUWboD.exe
  2⤵
  PID:2308
- C:\Windows\System\pytbVOZ.exe
  C:\Windows\System\pytbVOZ.exe
  2⤵
  PID:7176
- C:\Windows\System\mplPIHp.exe
  C:\Windows\System\mplPIHp.exe
  2⤵
  PID:8220
- C:\Windows\System\EqcJhxo.exe
  C:\Windows\System\EqcJhxo.exe
  2⤵
  PID:8272
- C:\Windows\System\teOlXgY.exe
  C:\Windows\System\teOlXgY.exe
  2⤵
  PID:8312
- C:\Windows\System\KMDlgeO.exe
  C:\Windows\System\KMDlgeO.exe
  2⤵
  PID:8392
- C:\Windows\System\UCWxuwj.exe
  C:\Windows\System\UCWxuwj.exe
  2⤵
  PID:8460
- C:\Windows\System\rVmCEkC.exe
  C:\Windows\System\rVmCEkC.exe
  2⤵
  PID:8508
- C:\Windows\System\nNzagwZ.exe
  C:\Windows\System\nNzagwZ.exe
  2⤵
  PID:8524
- C:\Windows\System\GurMJPX.exe
  C:\Windows\System\GurMJPX.exe
  2⤵
  PID:8540
- C:\Windows\System\zaKvPpM.exe
  C:\Windows\System\zaKvPpM.exe
  2⤵
  PID:8556
- C:\Windows\System\JeesRFi.exe
  C:\Windows\System\JeesRFi.exe
  2⤵
  PID:8572
- C:\Windows\System\SNItSBh.exe
  C:\Windows\System\SNItSBh.exe
  2⤵
  PID:8588
- C:\Windows\System\XJUFJGc.exe
  C:\Windows\System\XJUFJGc.exe
  2⤵
  PID:8620
- C:\Windows\System\TSHGoRy.exe
  C:\Windows\System\TSHGoRy.exe
  2⤵
  PID:8632
- C:\Windows\System\kPIhLwl.exe
  C:\Windows\System\kPIhLwl.exe
  2⤵
  PID:8696
- C:\Windows\System\KcsWdlN.exe
  C:\Windows\System\KcsWdlN.exe
  2⤵
  PID:8844
- C:\Windows\System\qFUyRDO.exe
  C:\Windows\System\qFUyRDO.exe
  2⤵
  PID:8820
- C:\Windows\System\rFPndjv.exe
  C:\Windows\System\rFPndjv.exe
  2⤵
  PID:8896
- C:\Windows\System\mqwzgrU.exe
  C:\Windows\System\mqwzgrU.exe
  2⤵
  PID:9000
- C:\Windows\System\ilUDOWL.exe
  C:\Windows\System\ilUDOWL.exe
  2⤵
  PID:8964
- C:\Windows\System\HckVFzs.exe
  C:\Windows\System\HckVFzs.exe
  2⤵
  PID:8948
- C:\Windows\System\tinOmdi.exe
  C:\Windows\System\tinOmdi.exe
  2⤵
  PID:8984
- C:\Windows\System\LEaGxgR.exe
  C:\Windows\System\LEaGxgR.exe
  2⤵
  PID:9032
- C:\Windows\System\HYAFHxg.exe
  C:\Windows\System\HYAFHxg.exe
  2⤵
  PID:9036
- C:\Windows\System\TJHbxfU.exe
  C:\Windows\System\TJHbxfU.exe
  2⤵
  PID:9044
- C:\Windows\System\bNmmtoj.exe
  C:\Windows\System\bNmmtoj.exe
  2⤵
  PID:9124
- C:\Windows\System\vvGPKKM.exe
  C:\Windows\System\vvGPKKM.exe
  2⤵
  PID:9160
- C:\Windows\System\jTRxAro.exe
  C:\Windows\System\jTRxAro.exe
  2⤵
  PID:8076
- C:\Windows\System\ULEZSka.exe
  C:\Windows\System\ULEZSka.exe
  2⤵
  PID:9172
- C:\Windows\System\MCXoItH.exe
  C:\Windows\System\MCXoItH.exe
  2⤵
  PID:8204
- C:\Windows\System\zwHNRkL.exe
  C:\Windows\System\zwHNRkL.exe
  2⤵
  PID:7512
- C:\Windows\System\hKLZaKv.exe
  C:\Windows\System\hKLZaKv.exe
  2⤵
  PID:844
- C:\Windows\System\DPvQgWi.exe
  C:\Windows\System\DPvQgWi.exe
  2⤵
  PID:8444
- C:\Windows\System\wUDCSvX.exe
  C:\Windows\System\wUDCSvX.exe
  2⤵
  PID:8308
- C:\Windows\System\pMEUTSc.exe
  C:\Windows\System\pMEUTSc.exe
  2⤵
  PID:532
- C:\Windows\System\suxzihO.exe
  C:\Windows\System\suxzihO.exe
  2⤵
  PID:8536
- C:\Windows\System\pvhbCIl.exe
  C:\Windows\System\pvhbCIl.exe
  2⤵
  PID:8520
- C:\Windows\System\Ybjjijz.exe
  C:\Windows\System\Ybjjijz.exe
  2⤵
  PID:8584
- C:\Windows\System\boserYZ.exe
  C:\Windows\System\boserYZ.exe
  2⤵
  PID:7332
- C:\Windows\System\ZmBIICj.exe
  C:\Windows\System\ZmBIICj.exe
  2⤵
  PID:776
- C:\Windows\System\iIopKyS.exe
  C:\Windows\System\iIopKyS.exe
  2⤵
  PID:8676
- C:\Windows\System\repTaen.exe
  C:\Windows\System\repTaen.exe
  2⤵
  PID:8744
- C:\Windows\System\xZxYHrk.exe
  C:\Windows\System\xZxYHrk.exe
  2⤵
  PID:560
- C:\Windows\System\SjnpOzx.exe
  C:\Windows\System\SjnpOzx.exe
  2⤵
  PID:8840
- C:\Windows\System\YEMyoDF.exe
  C:\Windows\System\YEMyoDF.exe
  2⤵
  PID:9004
- C:\Windows\System\trrSPHT.exe
  C:\Windows\System\trrSPHT.exe
  2⤵
  PID:9192
- C:\Windows\System\lkfTSsh.exe
  C:\Windows\System\lkfTSsh.exe
  2⤵
  PID:7744
- C:\Windows\System\jMBEnWq.exe
  C:\Windows\System\jMBEnWq.exe
  2⤵
  PID:8692
- C:\Windows\System\kFAUROY.exe
  C:\Windows\System\kFAUROY.exe
  2⤵
  PID:8216
- C:\Windows\System\WVyGBHB.exe
  C:\Windows\System\WVyGBHB.exe
  2⤵
  PID:9108
- C:\Windows\System\bfOSccj.exe
  C:\Windows\System\bfOSccj.exe
  2⤵
  PID:9204
- C:\Windows\System\fwGlMqQ.exe
  C:\Windows\System\fwGlMqQ.exe
  2⤵
  PID:8608
- C:\Windows\System\MIYMmhZ.exe
  C:\Windows\System\MIYMmhZ.exe
  2⤵
  PID:8724
- C:\Windows\System\eRaMgaQ.exe
  C:\Windows\System\eRaMgaQ.exe
  2⤵
  PID:8788
- C:\Windows\System\AsqUjXi.exe
  C:\Windows\System\AsqUjXi.exe
  2⤵
  PID:8264
- C:\Windows\System\tAJJUFM.exe
  C:\Windows\System\tAJJUFM.exe
  2⤵
  PID:8552
- C:\Windows\System\NuBfJxu.exe
  C:\Windows\System\NuBfJxu.exe
  2⤵
  PID:8760
- C:\Windows\System\dhuVaxj.exe
  C:\Windows\System\dhuVaxj.exe
  2⤵
  PID:8968
- C:\Windows\System\kQBzfNc.exe
  C:\Windows\System\kQBzfNc.exe
  2⤵
  PID:9024
- C:\Windows\System\AZHeDFz.exe
  C:\Windows\System\AZHeDFz.exe
  2⤵
  PID:8060
- C:\Windows\System\fEODQvQ.exe
  C:\Windows\System\fEODQvQ.exe
  2⤵
  PID:8244
- C:\Windows\System\dtNATCa.exe
  C:\Windows\System\dtNATCa.exe
  2⤵
  PID:9080
- C:\Windows\System\BIKxymT.exe
  C:\Windows\System\BIKxymT.exe
  2⤵
  PID:8328
- C:\Windows\System\ThtxuDQ.exe
  C:\Windows\System\ThtxuDQ.exe
  2⤵
  PID:8872
- C:\Windows\System\UZYekgt.exe
  C:\Windows\System\UZYekgt.exe
  2⤵
  PID:8836
- C:\Windows\System\pJczVVg.exe
  C:\Windows\System\pJczVVg.exe
  2⤵
  PID:8476
- C:\Windows\System\gdeCuEe.exe
  C:\Windows\System\gdeCuEe.exe
  2⤵
  PID:8888
- C:\Windows\System\XeGsSsQ.exe
  C:\Windows\System\XeGsSsQ.exe
  2⤵
  PID:9048
- C:\Windows\System\nqLpqqz.exe
  C:\Windows\System\nqLpqqz.exe
  2⤵
  PID:7432
- C:\Windows\System\zJykMcR.exe
  C:\Windows\System\zJykMcR.exe
  2⤵
  PID:9208
- C:\Windows\System\PvkTpHg.exe
  C:\Windows\System\PvkTpHg.exe
  2⤵
  PID:8792
- C:\Windows\System\NrLRIBU.exe
  C:\Windows\System\NrLRIBU.exe
  2⤵
  PID:8728
- C:\Windows\System\ZSRosKm.exe
  C:\Windows\System\ZSRosKm.exe
  2⤵
  PID:8544
- C:\Windows\System\XPPiLZh.exe
  C:\Windows\System\XPPiLZh.exe
  2⤵
  PID:9076
- C:\Windows\System\MNLQLdD.exe
  C:\Windows\System\MNLQLdD.exe
  2⤵
  PID:8404
- C:\Windows\System\ElUMXtF.exe
  C:\Windows\System\ElUMXtF.exe
  2⤵
  PID:8260
- C:\Windows\System\hObxUvP.exe
  C:\Windows\System\hObxUvP.exe
  2⤵
  PID:7664
- C:\Windows\System\VuybHLP.exe
  C:\Windows\System\VuybHLP.exe
  2⤵
  PID:8940
- C:\Windows\System\EbEaitJ.exe
  C:\Windows\System\EbEaitJ.exe
  2⤵
  PID:8808
- C:\Windows\System\ERuNbEm.exe
  C:\Windows\System\ERuNbEm.exe
  2⤵
  PID:9224
- C:\Windows\System\kIVdJNj.exe
  C:\Windows\System\kIVdJNj.exe
  2⤵
  PID:9240
- C:\Windows\System\ndOZBRM.exe
  C:\Windows\System\ndOZBRM.exe
  2⤵
  PID:9256
- C:\Windows\System\UKIPubz.exe
  C:\Windows\System\UKIPubz.exe
  2⤵
  PID:9272
- C:\Windows\System\VtCVBCs.exe
  C:\Windows\System\VtCVBCs.exe
  2⤵
  PID:9288
- C:\Windows\System\HdHwoun.exe
  C:\Windows\System\HdHwoun.exe
  2⤵
  PID:9304
- C:\Windows\System\DynTyvL.exe
  C:\Windows\System\DynTyvL.exe
  2⤵
  PID:9320
- C:\Windows\System\UcOIGNV.exe
  C:\Windows\System\UcOIGNV.exe
  2⤵
  PID:9336
- C:\Windows\System\lKgGWJF.exe
  C:\Windows\System\lKgGWJF.exe
  2⤵
  PID:9352
- C:\Windows\System\XFPJoCk.exe
  C:\Windows\System\XFPJoCk.exe
  2⤵
  PID:9372
- C:\Windows\System\YXYtAJb.exe
  C:\Windows\System\YXYtAJb.exe
  2⤵
  PID:9396
- C:\Windows\System\OsgdSLj.exe
  C:\Windows\System\OsgdSLj.exe
  2⤵
  PID:9416
- C:\Windows\System\VdOBMCz.exe
  C:\Windows\System\VdOBMCz.exe
  2⤵
  PID:9436
- C:\Windows\System\vJiaaMi.exe
  C:\Windows\System\vJiaaMi.exe
  2⤵
  PID:9456
- C:\Windows\System\nccGSXk.exe
  C:\Windows\System\nccGSXk.exe
  2⤵
  PID:9472
- C:\Windows\System\LzGkect.exe
  C:\Windows\System\LzGkect.exe
  2⤵
  PID:9488
- C:\Windows\System\KhpbSZO.exe
  C:\Windows\System\KhpbSZO.exe
  2⤵
  PID:9508
- C:\Windows\System\hoUEbjW.exe
  C:\Windows\System\hoUEbjW.exe
  2⤵
  PID:9524
- C:\Windows\System\apYqSjq.exe
  C:\Windows\System\apYqSjq.exe
  2⤵
  PID:9548
- C:\Windows\System\sudKcpT.exe
  C:\Windows\System\sudKcpT.exe
  2⤵
  PID:9568
- C:\Windows\System\ITexjfY.exe
  C:\Windows\System\ITexjfY.exe
  2⤵
  PID:9584
- C:\Windows\System\qhSelET.exe
  C:\Windows\System\qhSelET.exe
  2⤵
  PID:9600
- C:\Windows\System\AbwNuiV.exe
  C:\Windows\System\AbwNuiV.exe
  2⤵
  PID:9616
- C:\Windows\System\xwprXOH.exe
  C:\Windows\System\xwprXOH.exe
  2⤵
  PID:9632
- C:\Windows\System\dRTvwti.exe
  C:\Windows\System\dRTvwti.exe
  2⤵
  PID:9648
- C:\Windows\System\WdgMQDH.exe
  C:\Windows\System\WdgMQDH.exe
  2⤵
  PID:9668
- C:\Windows\System\TvKgPrF.exe
  C:\Windows\System\TvKgPrF.exe
  2⤵
  PID:9684
- C:\Windows\System\CxkUsYv.exe
  C:\Windows\System\CxkUsYv.exe
  2⤵
  PID:9700
- C:\Windows\System\zKmZvvl.exe
  C:\Windows\System\zKmZvvl.exe
  2⤵
  PID:9716
- C:\Windows\System\smRCjjv.exe
  C:\Windows\System\smRCjjv.exe
  2⤵
  PID:9732
- C:\Windows\System\WqBoNOt.exe
  C:\Windows\System\WqBoNOt.exe
  2⤵
  PID:9748
- C:\Windows\System\SHclOxf.exe
  C:\Windows\System\SHclOxf.exe
  2⤵
  PID:9768
- C:\Windows\System\JZYWybg.exe
  C:\Windows\System\JZYWybg.exe
  2⤵
  PID:9784
- C:\Windows\System\VTNAlAm.exe
  C:\Windows\System\VTNAlAm.exe
  2⤵
  PID:9800
- C:\Windows\System\sevhUcG.exe
  C:\Windows\System\sevhUcG.exe
  2⤵
  PID:9816
- C:\Windows\System\wmKgqAy.exe
  C:\Windows\System\wmKgqAy.exe
  2⤵
  PID:9832
- C:\Windows\System\wISmqEb.exe
  C:\Windows\System\wISmqEb.exe
  2⤵
  PID:9848
- C:\Windows\System\EJlBTFZ.exe
  C:\Windows\System\EJlBTFZ.exe
  2⤵
  PID:9864
- C:\Windows\System\hSDbWfk.exe
  C:\Windows\System\hSDbWfk.exe
  2⤵
  PID:9880
- C:\Windows\System\giBmHTJ.exe
  C:\Windows\System\giBmHTJ.exe
  2⤵
  PID:9896
- C:\Windows\System\oDHziJZ.exe
  C:\Windows\System\oDHziJZ.exe
  2⤵
  PID:9912
- C:\Windows\System\ujadOGU.exe
  C:\Windows\System\ujadOGU.exe
  2⤵
  PID:9928
- C:\Windows\System\aXpvuLF.exe
  C:\Windows\System\aXpvuLF.exe
  2⤵
  PID:9944
- C:\Windows\System\MCcYtUa.exe
  C:\Windows\System\MCcYtUa.exe
  2⤵
  PID:9960
- C:\Windows\System\ezUkPQW.exe
  C:\Windows\System\ezUkPQW.exe
  2⤵
  PID:9976
- C:\Windows\System\lvPdUCg.exe
  C:\Windows\System\lvPdUCg.exe
  2⤵
  PID:9992
- C:\Windows\System\yDkztLL.exe
  C:\Windows\System\yDkztLL.exe
  2⤵
  PID:10008
- C:\Windows\System\lKeegPH.exe
  C:\Windows\System\lKeegPH.exe
  2⤵
  PID:10024
- C:\Windows\System\YczNrzU.exe
  C:\Windows\System\YczNrzU.exe
  2⤵
  PID:10040
- C:\Windows\System\qWpvTcy.exe
  C:\Windows\System\qWpvTcy.exe
  2⤵
  PID:10056
- C:\Windows\System\pkDnFxx.exe
  C:\Windows\System\pkDnFxx.exe
  2⤵
  PID:10072
- C:\Windows\System\paiBjrM.exe
  C:\Windows\System\paiBjrM.exe
  2⤵
  PID:10088
- C:\Windows\System\fcdWyIS.exe
  C:\Windows\System\fcdWyIS.exe
  2⤵
  PID:10104
- C:\Windows\System\AkZOLHe.exe
  C:\Windows\System\AkZOLHe.exe
  2⤵
  PID:10120
- C:\Windows\System\AKFCqAt.exe
  C:\Windows\System\AKFCqAt.exe
  2⤵
  PID:10136
- C:\Windows\System\rNboIHS.exe
  C:\Windows\System\rNboIHS.exe
  2⤵
  PID:10152
- C:\Windows\System\aocMfPf.exe
  C:\Windows\System\aocMfPf.exe
  2⤵
  PID:10168
- C:\Windows\System\GQNroEG.exe
  C:\Windows\System\GQNroEG.exe
  2⤵
  PID:10184
- C:\Windows\System\YsqJZGM.exe
  C:\Windows\System\YsqJZGM.exe
  2⤵
  PID:10200
- C:\Windows\System\OWkoVEF.exe
  C:\Windows\System\OWkoVEF.exe
  2⤵
  PID:10216
- C:\Windows\System\YrPdgJB.exe
  C:\Windows\System\YrPdgJB.exe
  2⤵
  PID:10232
- C:\Windows\System\DNnJDqh.exe
  C:\Windows\System\DNnJDqh.exe
  2⤵
  PID:9248
- C:\Windows\System\ZAdyyFS.exe
  C:\Windows\System\ZAdyyFS.exe
  2⤵
  PID:9316
- C:\Windows\System\ZiiqDMZ.exe
  C:\Windows\System\ZiiqDMZ.exe
  2⤵
  PID:9280
- C:\Windows\System\WxOWzuR.exe
  C:\Windows\System\WxOWzuR.exe
  2⤵
  PID:9424
- C:\Windows\System\ANxCRCF.exe
  C:\Windows\System\ANxCRCF.exe
  2⤵
  PID:9500
- C:\Windows\System\bMeJThd.exe
  C:\Windows\System\bMeJThd.exe
  2⤵
  PID:9608
- C:\Windows\System\YXYqoHU.exe
  C:\Windows\System\YXYqoHU.exe
  2⤵
  PID:9676
- C:\Windows\System\baylRpy.exe
  C:\Windows\System\baylRpy.exe
  2⤵
  PID:9740
- C:\Windows\System\LSoTOmo.exe
  C:\Windows\System\LSoTOmo.exe
  2⤵
  PID:8924
- C:\Windows\System\oEdRSdd.exe
  C:\Windows\System\oEdRSdd.exe
  2⤵
  PID:9360
- C:\Windows\System\eXPbukv.exe
  C:\Windows\System\eXPbukv.exe
  2⤵
  PID:9484
- C:\Windows\System\vnqZHoC.exe
  C:\Windows\System\vnqZHoC.exe
  2⤵
  PID:9564
- C:\Windows\System\aLevMYc.exe
  C:\Windows\System\aLevMYc.exe
  2⤵
  PID:9628
- C:\Windows\System\GhothwP.exe
  C:\Windows\System\GhothwP.exe
  2⤵
  PID:9696
- C:\Windows\System\PSMkvwQ.exe
  C:\Windows\System\PSMkvwQ.exe
  2⤵
  PID:9812
- C:\Windows\System\SiaIwdv.exe
  C:\Windows\System\SiaIwdv.exe
  2⤵
  PID:9872
- C:\Windows\System\TXEUBJt.exe
  C:\Windows\System\TXEUBJt.exe
  2⤵
  PID:9908
- C:\Windows\System\LtDTQPu.exe
  C:\Windows\System\LtDTQPu.exe
  2⤵
  PID:9972
- C:\Windows\System\vxHnYqP.exe
  C:\Windows\System\vxHnYqP.exe
  2⤵
  PID:10036
- C:\Windows\System\jBbZsOH.exe
  C:\Windows\System\jBbZsOH.exe
  2⤵
  PID:10128
- C:\Windows\System\iwtrSgw.exe
  C:\Windows\System\iwtrSgw.exe
  2⤵
  PID:10192
- C:\Windows\System\sWyftCb.exe
  C:\Windows\System\sWyftCb.exe
  2⤵
  PID:9920
- C:\Windows\System\QhlLtEC.exe
  C:\Windows\System\QhlLtEC.exe
  2⤵
  PID:9888
- C:\Windows\System\dpXGlZM.exe
  C:\Windows\System\dpXGlZM.exe
  2⤵
  PID:10228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AGWaZne.exe

Filesize
6.0MB

MD5
ebad2ba48546a8563e25da0c739fda56

SHA1
6aa773580e3ab10cb2c4154ce60222e51b7fb12a

SHA256
36b303152aa1c18d5a35cf12f983c1cd401c9d8d1c4bdd1d49dda7c6cf98477d

SHA512
be2d3c399f943be738f5b3e15aa6f058ed96f7570b2a55c857a698b87cf95ec41e7d27338412f6b35954e4bed2ac4de7ca1d6536ff440a503b5345a875deec9f

Download Submit
C:\Windows\system\BKanPaw.exe

Filesize
6.0MB

MD5
092736a5c76437e36d5335ea48adde61

SHA1
5115e2e838c475def50a5a1a92a4b761c70bca00

SHA256
b0fa3df24e775b854ebd11baf8a2c579e20047389adae0c74e29eb346ac3a3d7

SHA512
c6869c4623174bf8072b86224c9c70a41332580888b435138cf09a1df349ae21724ebbde40349fde7ed3d53702e6e2187d1c057bf8eeb0b6f5d8f19afd0da3ce

Download Submit
C:\Windows\system\Dqpekov.exe

Filesize
6.0MB

MD5
8111096da18f72c1ebd900aa348f92de

SHA1
417f8e5e939b6df35874415178fdf6b2db78dee3

SHA256
d4921b738ae9806cb4fd7713b89c4dfe805f91833d9f50ffa4d8f67511425ac6

SHA512
bec50e3f75d9317b150002ea88afeb07f7c363980d930e29d9221c75d1b3c858977dab1e659f61861b800587913b282adeec5e8c3c27e7c0d44baa5300f440b7

Download Submit
C:\Windows\system\EouyPWJ.exe

Filesize
6.0MB

MD5
f91d17578ed3c171b7c5c06664768abe

SHA1
6473b5dbf71b9caba3ec6f9cec96f5d503eb07a4

SHA256
6e0b77639b26f2b9f6ada18bac9b74891e79fc2f8053b12536cd0741296dc75e

SHA512
bc986661b3538c0d8a8f9b22b70d768b4ffeb6e235947390357f35d1a76fecdf453a311924f923ac9563d59081b8e78e7d8939727b46c28bb838ee3d546833ba

Download Submit
C:\Windows\system\FUKvLKu.exe

Filesize
6.0MB

MD5
782eeb67bf732f68eea09b1044ab14d2

SHA1
c90bb8bbc748bd25837131530faeeff52356533f

SHA256
4e31031030867e63e90841c828e63d1f4d1c427758918bac9430ce2888d273b6

SHA512
88d42bb8ad85c549db05d1a5900cbc3389693e131681f34492fd2fea29b1ff7618b426eb4e4ef146843ee1e91e7e35668624148b221599b52663cfab243f9a65

Download Submit
C:\Windows\system\NvzpHUM.exe

Filesize
6.0MB

MD5
638eacccaed4806410a80c3b50e7b975

SHA1
471f23dc26bb4b6c0ef3728c3262f4f2ba563639

SHA256
180948d150c70eb3a16b63276935f4a94c2d5d319cf46ca2fcb92f139fd211f1

SHA512
98479d81c2660909806cbaa60cd6c040772b567130012ba15f763dae990fac67d3e147c68fa3394b724a20e5362579350ce3484457385daab1974f3996bac1f8

Download Submit
C:\Windows\system\OxftgGv.exe

Filesize
6.0MB

MD5
eac458e16ff207ec0d37b20db1335e00

SHA1
cda0af666618969b5ac90e50db24415bb5cd63d4

SHA256
f24dd85f2ec78bd75abc7e984f60e1d43b4a21ff878196764e87b190df72a96f

SHA512
16b02cc6dee8c27d1db20240d52d632e3f7b74e2b824d32542ea6d4fb5c8dcb798f69a3fd6c793d7dee770aaa5c21e28b944fbac5e8676470a18ab4ebe978fc5

Download Submit
C:\Windows\system\VNJwJxo.exe

Filesize
6.0MB

MD5
1f3817c841c775436ad8a9ce7f31b457

SHA1
582f2d4aafa699290ae7ac274b16eb0b5c0af962

SHA256
1408d5b3bf23b2ddfff8379c2e5b0a60edf9c3406ff3e75ea89c4b4cc3529920

SHA512
9880929ca7fb83533f7b760d3f4cddef93fbfce0509a455a9a78d57ff664cc73cf9fbd6be9db0e904e0e5b3ca66f758edfd044b3936b9cfec6061a19f20e19aa

Download Submit
C:\Windows\system\YpilwmP.exe

Filesize
6.0MB

MD5
5541b8ba1e5f9ad510aa9dd92150160f

SHA1
3da8af2fc2bc1e427149c5467f61eee81ab9913e

SHA256
be4a23ef8837dd7a512213d464b4b42d7161c545093cb97cba5cc4bc86c8d3cf

SHA512
822492b566f2424340b190c41df262afc1b8821099ec9facceee070a8d846889214044608959febc12173b6496138890b38c4ba80d98611bfd0f052db7c0f714

Download Submit
C:\Windows\system\ZpmaboU.exe

Filesize
6.0MB

MD5
46cb0b61269da3e1f658e757a7bd516a

SHA1
c3a0d06d48ad49e8f68b26214ef440bbab8263d8

SHA256
d7cacf72afc974a3f9a6789ba733eb8c3e36485f06489af49f82b70b2f7a3a4e

SHA512
b5f4e94fbcfc30f785db9009a56a75c0c11029cc3ef16eabef83bb2bf15ec335d90cb06bbbfb9d92095ad84c846784f8fa7d0aeaffb8fe610be0d29232d4f8d0

Download Submit
C:\Windows\system\bvhVZZT.exe

Filesize
6.0MB

MD5
a48ae416c2f5d79770821635e1a61fb7

SHA1
1fd9da6b0da62157252f1846444239f71ee23784

SHA256
161f6dd6df8d6096798c4f71b1f7eaf2c03010cdce127a5b715f4eb5663f1ebf

SHA512
21a04efcb66e08db0acac1e4852fa9e6e94a8360104f50110a855f25ee5b8af9cc360ebcd0d914352cb7a8d376d5b95e2dc6eb1e4535063aedfba34f6db2485f

Download Submit
C:\Windows\system\caVfYvx.exe

Filesize
6.0MB

MD5
bcc9a2826b8db30a0a92d1dcb952f7a1

SHA1
1801336c7b688e5ff9406d8532e6e30e33d13409

SHA256
91566e5b6d3373e1dfeb9c7148a4f54536c2eeaed07f39adf1d14a360b655c03

SHA512
ff14cf5f2750d149224e366ce8d064702d641340e622235e07c437d636b2d0395e81708698f3ac28bd83605cdcea9800645668700d228020792f762c2baeb00d

Download Submit
C:\Windows\system\eaEgXFx.exe

Filesize
6.0MB

MD5
03a4f8ea7ddb9f3cba765ff0bc7866a8

SHA1
8b6b0b2adc8b3e32053b588bd1e9288a97f80953

SHA256
4c8304b1cd8abc2c899e9ff038d153fe78fbe932683bea3dfb4483557220eef9

SHA512
968fa78d55f7f53b14c8e1d982dfaa01ce690862510183ca8dc2b98372afe4defd7aafa1cd3b55d00fcc5f93cc9d71a5f73f9a3d1687278329512db355eac324

Download Submit
C:\Windows\system\iJocBOI.exe

Filesize
6.0MB

MD5
b2a0be030620f4a8ae8129f388ff0ccb

SHA1
0ca585d47cd82d468a395e54e8a86c595dacd581

SHA256
0e4f3cd2c605b4b956b1c218d071e30edeeffc4924fc4f484ffa18db3238058a

SHA512
09749141a29f44aa996ff76845cb9c4e8107b93bbd6a00fd9bea797503de2db77eeff298e0ab1db590cf236d0f50baf94e22beba2d87e2dff3573b4a05b3f809

Download Submit
C:\Windows\system\jJMkuSJ.exe

Filesize
6.0MB

MD5
513696ff3d02b039e1e0bff1c3d776d4

SHA1
6d2d2b99c1cad5c061c6a207a585a339064e0ee0

SHA256
04542d4843fb0318cd1761a0c5fcaa935d56ac69bb170ba11039c30623d4c841

SHA512
8f6b6540dd89a74ff1070d45d824438e3ba673f3b1dc31fdc624b4596a8b0ea5650839fd6b3f5525217705a52fb712bec2a476e6fe74e02cd2b2a403c6d14b81

Download Submit
C:\Windows\system\otTIyMc.exe

Filesize
6.0MB

MD5
59c9929109eee0243cc5d45f7478911a

SHA1
cc03fa19b7854b393a326bc2fdb1f62c0f238ea6

SHA256
2d04d7038b9eeec099ed330d69f1a1742903bafa4e513234fb3c3651ab373643

SHA512
c787d1bc08e3d5c823112815cb3352211f78b40f15c0d2cb1e4590083efa7b85bc28836c72c0ccbb57be4561f14a74f9de533ffa5495d840640bee8e2420cee7

Download Submit
C:\Windows\system\pbxjDFl.exe

Filesize
6.0MB

MD5
583dcab7beb00692a66c57aae9313c19

SHA1
81a0ce4629916f163891ed6bb325b302c3d227f9

SHA256
75c84c8bb63c51b86b28a4b9cdb22e28e5d7ca1612c5977891af90991829747f

SHA512
c1fe6122272d7755193f75bf37ef7ee29ec9cb13fc2e8a9066c423d9c05f6894966359d2d963e842b0129acccf9d14d29eb785a84421112fb340fee58dc7642a

Download Submit
C:\Windows\system\pwWOkOr.exe

Filesize
6.0MB

MD5
f5689b441078816301915d7fcbaf57e5

SHA1
04a6d9108b0d3f5cad58187f59e6a223779807e6

SHA256
a852787c1f97fd76707c576b80b0ff2d6fcaa5515ee5f74513f0ee95c5c9fbdc

SHA512
058ec3bce8ec9eb50d052ebde461de0b1d0595b6a406c14fdf03665883b6f1734f9a08239f321278f2d029fdd21a443ec46a8034c2bed30ee5226882c14e4f49

Download Submit
C:\Windows\system\qLEbION.exe

Filesize
6.0MB

MD5
d03c4224b0d2ed31d0d88c5540d665e7

SHA1
132bf7f85bdc3311141e5bc8ba66273e05c6d292

SHA256
2c8a19c1bb7c6640fa2100e96f1955edc5e8458d4cdab7139dafea7d756606a1

SHA512
849cd0f5022d9b549295da3c8de35961fa482182765b7dbdd4f3839b779435231f40a1464f0639baaaa0240bd0b59b57d4c0428fef1f157a597593790ee358b5

Download Submit
C:\Windows\system\xOlASJW.exe

Filesize
6.0MB

MD5
f5356c9c7a1d9f9965906ab6624f0733

SHA1
6c67987e63657bd21b7ab0d3e7bd1a89718348f6

SHA256
e2405c1c32ed76849af1fd767071c09c14ed480709712200d94bd7e0669fbf4b

SHA512
10916be978b3e4f5a1e15925ec9f87bc91c2334dd5682df2127910b812be36bce979a8dfed9cd4db34348462b424a0912f8a2ae904a0e5862af5701ebe74d3d9

Download Submit
C:\Windows\system\xRwAmXE.exe

Filesize
6.0MB

MD5
a5c9f5130fc613189757e7931860bb6b

SHA1
ebea95f5f5dc655bfaf630c5435da6ed682f25a1

SHA256
d0f0a3f7dc8d039fd3cbf4e9c3e99597a77e984e69ae0dd73fbecf531abc96d9

SHA512
7e1f434686ff908371acdeedd62a1ec9c5a437da3f6321fd46c6daa0250ff905b5d90bbca8c6c6c72fb15670557bff3df950946fbd0d8abb844c2513999a6e89

Download Submit
C:\Windows\system\xfKNhCz.exe

Filesize
6.0MB

MD5
d35feaee006b1f3cf415484148c4d9ab

SHA1
72736f4e0e9b0186bed5808ef613195de8f35ea5

SHA256
c6480d68d6c7a76cea3de74a5b975415bc1221b4a9555d8ffbe3ed3bc79fe610

SHA512
e7c92fd712018d09f0959cde2324a8987a588210e837669efe02de13cd3759452c4621f49134f956b536f83bf9f3f5c035616b9d9b9ea02f3da7bef6a2e2b0ce

Download Submit
C:\Windows\system\yLAbNrw.exe

Filesize
6.0MB

MD5
a452b7508ce7b70556b77dd80258869b

SHA1
0ecb5c0f3f65e7e5786973aa309594c02481abfb

SHA256
488f97abeacf7c78046121962a889fe0bb3d0f853d620c3afd0585d41bfb712c

SHA512
f595d05bdd62c75671b919e3b06f5f8a04668923350d52c281e0ccdd5b9e46c9f44f97c0cfa4929420fabc59d19f4140367841729c2d9542270a12ab182ee04f

Download Submit
C:\Windows\system\yWYDXCt.exe

Filesize
6.0MB

MD5
ba62508b7915e633fff128ec80e18e85

SHA1
a3e26e1923edee31d9dc3a8da268bd8b040db40e

SHA256
68bcb7c335fced911f1ff88d2df0edf7091cda20cd99958a236f231315e2d7c6

SHA512
8a25fe8e823df857183aa48d9a8a9860b5e77e13b67e5938189d2df1073bf1bb2b20030ebeb53bb95b459ff42e62a6c34a84e7bf4290e88221b4269a61936589

Download Submit
C:\Windows\system\zCeYSWR.exe

Filesize
6.0MB

MD5
bb60bf41fd71bc57191727af0a521cf0

SHA1
fb50e63a37bb7d928afb6ccead61d332f949feac

SHA256
051df0054de7dbf11bd8e37e75d2ccbc30c90a29cde17675121defbea1c4662a

SHA512
23148c203aeacfb9dc530216e75cd82ee75da3edad959e018d970a6279efb58910c8e3437b55f26f2c018546213668290dbed80aa7d9b8709d38ef3d7c33e20b

Download Submit
C:\Windows\system\zPxlxQw.exe

Filesize
6.0MB

MD5
f9ac8e04a82a2d9cb5546a01ecbb2ca7

SHA1
2ee8d4917acf80c810ee8fbbffc48c6fdd403ee8

SHA256
6980f03ac864c8c78d9cc947fa62b4be8ea593dc631bd97c40e7b9f57fc23e02

SHA512
31046faa5820a837f097b62be8c96f23eddc9a9a5c6a76f87d78f3ec4a6153dc9de05c7d36580d63a3531af827059ad3249e90b7e1e4a4648a5347b4bc53f7f4

Download Submit
\Windows\system\FDjtztm.exe

Filesize
6.0MB

MD5
d273cc4755d1948d2b7f2827ddb5e327

SHA1
a28c7dc6fe298d9933fe412b7e042ce77b4a0e85

SHA256
30f371b10a44f24ee9dbd471c2d8cc077f861ddeba1b76ae0a35d384c5ab0eac

SHA512
401c00d85d4ab20a86b92c9ad5e6144f12126a9907df8e152812f42d1a86ee260539f00073e57ee1e9bb6e3e787f6bc64f201468abb897bd7b226efcb9197c74

Download Submit
\Windows\system\IfNmccR.exe

Filesize
6.0MB

MD5
4a5319373e92a204dfad798bdbfac80a

SHA1
d3b58fe85974cdc3b6ffea3a51002d497d088c09

SHA256
16f478f6b724907ed986c400629e76dea674a2a64d6b8148e25f546401df792a

SHA512
c2ed3c0cbbdf0f16a20610846a0465c923967f0d3fc49876de574ce6b04adb772ce88162f6ff349d6512026347508b08580667c73c9ee4561e653cdd3bc0dfc3

Download Submit
\Windows\system\ZuMkntV.exe

Filesize
6.0MB

MD5
a9da48b94e158b9d08cb09bcb46f1ade

SHA1
d96f2ed0ae2e904848c66f2c3f12bba7b5450a17

SHA256
889ee858e3c2a1ab3dd8d913ade5408051d5e9081be84599b77de5dc653e2acc

SHA512
7b76cd8ddd24d3a7f1cae0532e0148dbc32bf37f43861d98258bbb827a19653a2e082d8f54d2731b973c108ce6d2ec868c477e8218aef9cde3d59d4e1909502a

Download Submit
\Windows\system\akTkbGH.exe

Filesize
6.0MB

MD5
61e6c157a8e3cd9c77041dfd69e3b9e0

SHA1
746a02d6527d54c2f3cd7e0427528fc9f9207930

SHA256
f0fc95486d595ff725edf6bd6a63c89154bbc766f6de4641faa644f02485bad8

SHA512
ae0bd8344013e4e25ddad35d004a2dda59e293c9f162baf7fec4bdc7c0145abdce5171e35e9ed21cd5ba277ddfe8c9863ac48ac86251cdc8ec3d11b1b5957574

Download Submit
\Windows\system\slXPdeU.exe

Filesize
6.0MB

MD5
822557907143b8d9f04a46a15fe0cf43

SHA1
8c5551e22e4567af88173ec11bef9287a4b043ec

SHA256
a94678f4052c8787481b6a0af45889d007bcc66d31a0e4ce1e497160cf404347

SHA512
e58b7bfdb893606cace7498b9c61874417a793ec7d13116c1a83e19c4492b10846f602b4008ecdb40cfbe2d95862a0c11a89fe4410a5b3513e1d5b60f1308063

Download Submit
\Windows\system\xnNKBtA.exe

Filesize
6.0MB

MD5
a5dee5701f4992e7a6c3fba5d89cb9b7

SHA1
d08b2fda3b6505c53c8bc17d00b82d55d97e6069

SHA256
cce6a8a5d9657edb9439e7bbe437d61ee316b56e3981e16b010d371c6d35f59b

SHA512
ff06c3e818810a720faf6bd1e8e9773c544b214399dd752003d1ee353786eabe06ff8b76f77b44c9f0a12a4021ba11fd51d1069cc93eddbf66e0942140980c91

Download Submit
memory/444-83-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/616-954-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/616-101-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/616-4068-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/1932-107-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1932-4066-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2280-91-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2280-24-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2280-952-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2280-953-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2280-1090-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2280-1248-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2280-1249-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-1250-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2280-79-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2280-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2280-951-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2280-40-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2280-42-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2280-57-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2280-56-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2280-50-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2280-35-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2280-72-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2280-124-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2280-19-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-120-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-119-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2280-111-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2280-17-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2280-0-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2280-84-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2344-4073-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2344-58-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2344-688-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2552-41-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2552-235-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2552-3594-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2628-4067-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-51-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3550-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-20-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3575-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2708-16-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2708-52-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3577-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2784-22-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2928-3549-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2928-36-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2968-76-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-4065-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-3557-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2988-29-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download