cobaltstrike | fda226e79e2451a7e1ff74e69eb7a4c20ffede70256ba48b5c35af6c585a561a

Analysis

max time kernel
148s
max time network
133s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 09:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

d6cb4e9b9b9fdd920206cae3335bdb47
SHA1

280e00ebfcf628d5f456c26bdc702233dfcfbfa2
SHA256

fda226e79e2451a7e1ff74e69eb7a4c20ffede70256ba48b5c35af6c585a561a
SHA512

42c1546fb00ab44986aa9060ad62f1bc7516c54dd2b26d03b55bc74e0b85bdefc8a7eb512b70c41ad0e99ec76c5eed6b7408d18500d1a7c485f0f1edcc273e6d
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUX:j+R56utgpPF8u/7X

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d0000000133b8-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d70-7.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016fc9-17.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016fe5-18.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-35.dat	cobalt_reflective_dll
behavioral1/files/0x0012000000016d52-42.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195af-45.dat	cobalt_reflective_dll
behavioral1/files/0x000a0000000170f8-29.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-54.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-57.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-66.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-102.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-119.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-191.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-76.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-69.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 60 IoCs

miner

resource	yara_rule
behavioral1/memory/2868-0-0x000000013F810000-0x000000013FB5D000-memory.dmp	xmrig
behavioral1/files/0x000d0000000133b8-3.dat	xmrig
behavioral1/files/0x0008000000016d70-7.dat	xmrig
behavioral1/files/0x0007000000016fc9-17.dat	xmrig
behavioral1/memory/2760-9-0x000000013F9D0000-0x000000013FD1D000-memory.dmp	xmrig
behavioral1/files/0x0007000000016fe5-18.dat	xmrig
behavioral1/memory/2252-30-0x000000013FEA0000-0x00000001401ED000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-35.dat	xmrig
behavioral1/files/0x0012000000016d52-42.dat	xmrig
behavioral1/files/0x00070000000195af-45.dat	xmrig
behavioral1/memory/2636-38-0x000000013F5D0000-0x000000013F91D000-memory.dmp	xmrig
behavioral1/memory/2940-22-0x000000013FFA0000-0x00000001402ED000-memory.dmp	xmrig
behavioral1/files/0x000a0000000170f8-29.dat	xmrig
behavioral1/memory/2752-28-0x000000013F640000-0x000000013F98D000-memory.dmp	xmrig
behavioral1/memory/2840-13-0x000000013FD90000-0x00000001400DD000-memory.dmp	xmrig
behavioral1/memory/2144-49-0x000000013F6E0000-0x000000013FA2D000-memory.dmp	xmrig
behavioral1/memory/1456-55-0x000000013F310000-0x000000013F65D000-memory.dmp	xmrig
behavioral1/files/0x00050000000195b1-54.dat	xmrig
behavioral1/files/0x00050000000195b3-57.dat	xmrig
behavioral1/memory/3044-61-0x000000013F230000-0x000000013F57D000-memory.dmp	xmrig
behavioral1/files/0x00050000000195b5-66.dat	xmrig
behavioral1/memory/2696-87-0x000000013FBA0000-0x000000013FEED000-memory.dmp	xmrig
behavioral1/files/0x00050000000195bd-90.dat	xmrig
behavioral1/files/0x00050000000195c3-93.dat	xmrig
behavioral1/files/0x00050000000195c5-102.dat	xmrig
behavioral1/memory/1140-103-0x000000013F420000-0x000000013F76D000-memory.dmp	xmrig
behavioral1/memory/3004-109-0x000000013F250000-0x000000013F59D000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-119.dat	xmrig
behavioral1/memory/1052-127-0x000000013FCA0000-0x000000013FFED000-memory.dmp	xmrig
behavioral1/memory/1264-139-0x000000013F7F0000-0x000000013FB3D000-memory.dmp	xmrig
behavioral1/files/0x00050000000197fd-144.dat	xmrig
behavioral1/files/0x000500000001998d-156.dat	xmrig
behavioral1/files/0x0005000000019bf5-162.dat	xmrig
behavioral1/files/0x0005000000019bf6-167.dat	xmrig
behavioral1/memory/456-181-0x000000013F0C0000-0x000000013F40D000-memory.dmp	xmrig
behavioral1/memory/112-193-0x000000013FAE0000-0x000000013FE2D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d62-191.dat	xmrig
behavioral1/memory/2468-187-0x000000013F5A0000-0x000000013F8ED000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d61-186.dat	xmrig
behavioral1/files/0x0005000000019c3c-179.dat	xmrig
behavioral1/memory/2400-175-0x000000013FBF0000-0x000000013FF3D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf9-173.dat	xmrig
behavioral1/memory/1592-169-0x000000013FA10000-0x000000013FD5D000-memory.dmp	xmrig
behavioral1/memory/2172-151-0x000000013F520000-0x000000013F86D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019820-149.dat	xmrig
behavioral1/memory/3056-145-0x000000013FCF0000-0x000000014003D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019761-137.dat	xmrig
behavioral1/memory/2188-133-0x000000013F910000-0x000000013FC5D000-memory.dmp	xmrig
behavioral1/files/0x000500000001975a-131.dat	xmrig
behavioral1/files/0x0005000000019643-125.dat	xmrig
behavioral1/memory/524-115-0x000000013FCB0000-0x000000013FFFD000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-113.dat	xmrig
behavioral1/files/0x00050000000195c6-108.dat	xmrig
behavioral1/memory/2936-97-0x000000013F300000-0x000000013F64D000-memory.dmp	xmrig
behavioral1/memory/2812-95-0x000000013F530000-0x000000013F87D000-memory.dmp	xmrig
behavioral1/memory/1260-77-0x000000013F6C0000-0x000000013FA0D000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c1-86.dat	xmrig
behavioral1/memory/2932-83-0x000000013FA00000-0x000000013FD4D000-memory.dmp	xmrig
behavioral1/files/0x00050000000195bb-76.dat	xmrig
behavioral1/files/0x00050000000195b7-69.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2760	sOWyBjH.exe
2840	iNKWTkJ.exe
2752	umskHbo.exe
2940	GMudPwK.exe
2252	sRclKJX.exe
2636	jTGmAQj.exe
2668	uCYdKXU.exe
2144	nvAvxAN.exe
1456	lQKZofD.exe
3044	DNHiRwo.exe
2932	QIuVUmZ.exe
2356	wzMlecB.exe
1260	idCKKIw.exe
2696	cDIAIQS.exe
2936	nBtsXev.exe
2812	XTSJapH.exe
1140	ipaSUNd.exe
3004	TAhVOKu.exe
524	ZOQDDQm.exe
332	cKzUwpj.exe
1052	NhMAHpr.exe
2188	xzaCXSe.exe
1264	FAgEQOQ.exe
3056	yIziBAG.exe
2172	kpaTFPg.exe
2128	eqmrwNh.exe
2552	hvBwCVK.exe
1592	VRwaFMK.exe
2400	tiiEpQX.exe
456	BliWvnL.exe
2468	PFpXGRb.exe
112	DnxQQKy.exe
1540	eTLXlsV.exe
1708	rcaznpA.exe
2612	mxwBeZw.exe
940	PlEuzCp.exe
2100	HOfdLxN.exe
2576	DswhnAD.exe
960	sXVoGmZ.exe
1876	eVJIufX.exe
2408	lSiHrLB.exe
1704	ZEZGLza.exe
1396	MLcmkdx.exe
1936	PXxZOFq.exe
1716	AhBPiKE.exe
1812	KHFLbKU.exe
2316	AoVPDEU.exe
1552	AiPzdiG.exe
2692	bqEHVHe.exe
2340	hDqLpqy.exe
2228	QriNqMF.exe
2996	PqXmPAW.exe
1448	FmWMzxL.exe
1736	gnZfYGh.exe
2832	ejqVzSH.exe
2464	UFpklWW.exe
3060	JKgSPdO.exe
2388	cCcDABT.exe
1724	aHuOpFy.exe
1584	JXzzXaz.exe
2368	QTCAoun.exe
2844	nmKzNRC.exe
1020	tnYoMBd.exe
2204	qhZsAQf.exe

Loads dropped DLL 64 IoCs

pid	Process
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\lQKZofD.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\auDzeCM.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpCeZHu.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXpTqBS.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\haQUNSB.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LSIsnRH.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdrTurI.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pTpeOiR.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCDiWDl.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZxHWBJo.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aPXaBne.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BUsZLrO.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KlJBHIX.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uxhPAkg.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWShAKG.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\snrUKHy.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\idIhLDT.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EvoLPod.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ejqVzSH.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iuVblOB.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oAqUUvt.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NAQLOcK.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qokBzHf.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HKjCTcV.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaxyGPg.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OXJAYqW.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\abeqiPq.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GRewTzC.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LkYKDmO.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yqOxeaY.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LfPabHS.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UvlDwXZ.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oKUnrbm.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dVpcYxI.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vDRPZRe.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KCwZxCi.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PZCNKgZ.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UDCoPOP.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GbQBmEq.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oORwsvD.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MCTqTwR.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RHtpMtn.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oEVJKKf.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eZbIabi.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uNIcYFB.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPvveTe.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JUBaIor.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wcIIllW.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YvHENRy.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLQFTWJ.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jFGwThC.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PjEBFCh.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GNYHUDi.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XTSJapH.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kNeFkHO.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ITZLuje.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PbsLfbT.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UxXxUjo.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLAVvUM.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ufYVoaI.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wmWBTIF.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rqJMjYw.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VCizeuU.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\naAUccg.exe	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2760	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2868 wrote to memory of 2760	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2868 wrote to memory of 2760	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2868 wrote to memory of 2840	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2868 wrote to memory of 2840	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2868 wrote to memory of 2840	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2868 wrote to memory of 2752	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2868 wrote to memory of 2752	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2868 wrote to memory of 2752	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2868 wrote to memory of 2940	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2868 wrote to memory of 2940	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2868 wrote to memory of 2940	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2868 wrote to memory of 2252	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2868 wrote to memory of 2252	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2868 wrote to memory of 2252	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2868 wrote to memory of 2636	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2868 wrote to memory of 2636	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2868 wrote to memory of 2636	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2868 wrote to memory of 2668	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2868 wrote to memory of 2668	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2868 wrote to memory of 2668	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2868 wrote to memory of 2144	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2868 wrote to memory of 2144	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2868 wrote to memory of 2144	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2868 wrote to memory of 1456	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2868 wrote to memory of 1456	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2868 wrote to memory of 1456	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2868 wrote to memory of 3044	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2868 wrote to memory of 3044	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2868 wrote to memory of 3044	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2868 wrote to memory of 2932	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2868 wrote to memory of 2932	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2868 wrote to memory of 2932	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2868 wrote to memory of 2356	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2868 wrote to memory of 2356	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2868 wrote to memory of 2356	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2868 wrote to memory of 1260	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2868 wrote to memory of 1260	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2868 wrote to memory of 1260	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2868 wrote to memory of 2936	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2868 wrote to memory of 2936	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2868 wrote to memory of 2936	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2868 wrote to memory of 2696	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2868 wrote to memory of 2696	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2868 wrote to memory of 2696	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2868 wrote to memory of 2812	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2868 wrote to memory of 2812	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2868 wrote to memory of 2812	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2868 wrote to memory of 1140	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2868 wrote to memory of 1140	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2868 wrote to memory of 1140	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2868 wrote to memory of 3004	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2868 wrote to memory of 3004	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2868 wrote to memory of 3004	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2868 wrote to memory of 524	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2868 wrote to memory of 524	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2868 wrote to memory of 524	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2868 wrote to memory of 332	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2868 wrote to memory of 332	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2868 wrote to memory of 332	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2868 wrote to memory of 1052	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2868 wrote to memory of 1052	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2868 wrote to memory of 1052	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2868 wrote to memory of 2188	2868	2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_d6cb4e9b9b9fdd920206cae3335bdb47_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Windows\System\sOWyBjH.exe
  C:\Windows\System\sOWyBjH.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\iNKWTkJ.exe
  C:\Windows\System\iNKWTkJ.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\umskHbo.exe
  C:\Windows\System\umskHbo.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\GMudPwK.exe
  C:\Windows\System\GMudPwK.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\sRclKJX.exe
  C:\Windows\System\sRclKJX.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\jTGmAQj.exe
  C:\Windows\System\jTGmAQj.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\uCYdKXU.exe
  C:\Windows\System\uCYdKXU.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\nvAvxAN.exe
  C:\Windows\System\nvAvxAN.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\lQKZofD.exe
  C:\Windows\System\lQKZofD.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\DNHiRwo.exe
  C:\Windows\System\DNHiRwo.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\QIuVUmZ.exe
  C:\Windows\System\QIuVUmZ.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\wzMlecB.exe
  C:\Windows\System\wzMlecB.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\idCKKIw.exe
  C:\Windows\System\idCKKIw.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\nBtsXev.exe
  C:\Windows\System\nBtsXev.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\cDIAIQS.exe
  C:\Windows\System\cDIAIQS.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\XTSJapH.exe
  C:\Windows\System\XTSJapH.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\ipaSUNd.exe
  C:\Windows\System\ipaSUNd.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\TAhVOKu.exe
  C:\Windows\System\TAhVOKu.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\ZOQDDQm.exe
  C:\Windows\System\ZOQDDQm.exe
  2⤵
  - Executes dropped EXE
  PID:524
- C:\Windows\System\cKzUwpj.exe
  C:\Windows\System\cKzUwpj.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\NhMAHpr.exe
  C:\Windows\System\NhMAHpr.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\xzaCXSe.exe
  C:\Windows\System\xzaCXSe.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\FAgEQOQ.exe
  C:\Windows\System\FAgEQOQ.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\yIziBAG.exe
  C:\Windows\System\yIziBAG.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\kpaTFPg.exe
  C:\Windows\System\kpaTFPg.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\eqmrwNh.exe
  C:\Windows\System\eqmrwNh.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\hvBwCVK.exe
  C:\Windows\System\hvBwCVK.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\VRwaFMK.exe
  C:\Windows\System\VRwaFMK.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\tiiEpQX.exe
  C:\Windows\System\tiiEpQX.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\BliWvnL.exe
  C:\Windows\System\BliWvnL.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\PFpXGRb.exe
  C:\Windows\System\PFpXGRb.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\DnxQQKy.exe
  C:\Windows\System\DnxQQKy.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\eTLXlsV.exe
  C:\Windows\System\eTLXlsV.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\rcaznpA.exe
  C:\Windows\System\rcaznpA.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\mxwBeZw.exe
  C:\Windows\System\mxwBeZw.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\PlEuzCp.exe
  C:\Windows\System\PlEuzCp.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\HOfdLxN.exe
  C:\Windows\System\HOfdLxN.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\DswhnAD.exe
  C:\Windows\System\DswhnAD.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\sXVoGmZ.exe
  C:\Windows\System\sXVoGmZ.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\lSiHrLB.exe
  C:\Windows\System\lSiHrLB.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\eVJIufX.exe
  C:\Windows\System\eVJIufX.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\ZEZGLza.exe
  C:\Windows\System\ZEZGLza.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\MLcmkdx.exe
  C:\Windows\System\MLcmkdx.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\PXxZOFq.exe
  C:\Windows\System\PXxZOFq.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\AhBPiKE.exe
  C:\Windows\System\AhBPiKE.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\KHFLbKU.exe
  C:\Windows\System\KHFLbKU.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\AoVPDEU.exe
  C:\Windows\System\AoVPDEU.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\JXzzXaz.exe
  C:\Windows\System\JXzzXaz.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\AiPzdiG.exe
  C:\Windows\System\AiPzdiG.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\xQZkRzA.exe
  C:\Windows\System\xQZkRzA.exe
  2⤵
  PID:2768
- C:\Windows\System\bqEHVHe.exe
  C:\Windows\System\bqEHVHe.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\ajaFHor.exe
  C:\Windows\System\ajaFHor.exe
  2⤵
  PID:2664
- C:\Windows\System\hDqLpqy.exe
  C:\Windows\System\hDqLpqy.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\xskQoVS.exe
  C:\Windows\System\xskQoVS.exe
  2⤵
  PID:2168
- C:\Windows\System\QriNqMF.exe
  C:\Windows\System\QriNqMF.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\AAknqLM.exe
  C:\Windows\System\AAknqLM.exe
  2⤵
  PID:2596
- C:\Windows\System\PqXmPAW.exe
  C:\Windows\System\PqXmPAW.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\sxKioYl.exe
  C:\Windows\System\sxKioYl.exe
  2⤵
  PID:2456
- C:\Windows\System\FmWMzxL.exe
  C:\Windows\System\FmWMzxL.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\KdmuVxJ.exe
  C:\Windows\System\KdmuVxJ.exe
  2⤵
  PID:1616
- C:\Windows\System\gnZfYGh.exe
  C:\Windows\System\gnZfYGh.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\kpefVCk.exe
  C:\Windows\System\kpefVCk.exe
  2⤵
  PID:1984
- C:\Windows\System\ejqVzSH.exe
  C:\Windows\System\ejqVzSH.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\eVNBLFo.exe
  C:\Windows\System\eVNBLFo.exe
  2⤵
  PID:1748
- C:\Windows\System\UFpklWW.exe
  C:\Windows\System\UFpklWW.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\rlPphPW.exe
  C:\Windows\System\rlPphPW.exe
  2⤵
  PID:1912
- C:\Windows\System\JKgSPdO.exe
  C:\Windows\System\JKgSPdO.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\pnOLLJM.exe
  C:\Windows\System\pnOLLJM.exe
  2⤵
  PID:1964
- C:\Windows\System\cCcDABT.exe
  C:\Windows\System\cCcDABT.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\ACAcqsm.exe
  C:\Windows\System\ACAcqsm.exe
  2⤵
  PID:1028
- C:\Windows\System\aHuOpFy.exe
  C:\Windows\System\aHuOpFy.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\fNBdemk.exe
  C:\Windows\System\fNBdemk.exe
  2⤵
  PID:980
- C:\Windows\System\QTCAoun.exe
  C:\Windows\System\QTCAoun.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\jJUUoEE.exe
  C:\Windows\System\jJUUoEE.exe
  2⤵
  PID:948
- C:\Windows\System\nmKzNRC.exe
  C:\Windows\System\nmKzNRC.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\VSFdZCG.exe
  C:\Windows\System\VSFdZCG.exe
  2⤵
  PID:1940
- C:\Windows\System\tnYoMBd.exe
  C:\Windows\System\tnYoMBd.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\mvgOMty.exe
  C:\Windows\System\mvgOMty.exe
  2⤵
  PID:2748
- C:\Windows\System\qhZsAQf.exe
  C:\Windows\System\qhZsAQf.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\cxcCSGD.exe
  C:\Windows\System\cxcCSGD.exe
  2⤵
  PID:2632
- C:\Windows\System\wagRoet.exe
  C:\Windows\System\wagRoet.exe
  2⤵
  PID:2724
- C:\Windows\System\kebmEAu.exe
  C:\Windows\System\kebmEAu.exe
  2⤵
  PID:1756
- C:\Windows\System\DGbcwDF.exe
  C:\Windows\System\DGbcwDF.exe
  2⤵
  PID:2564
- C:\Windows\System\fkUoHak.exe
  C:\Windows\System\fkUoHak.exe
  2⤵
  PID:2116
- C:\Windows\System\RYsHLTh.exe
  C:\Windows\System\RYsHLTh.exe
  2⤵
  PID:1712
- C:\Windows\System\IQKdiEr.exe
  C:\Windows\System\IQKdiEr.exe
  2⤵
  PID:2320
- C:\Windows\System\hDqzEwQ.exe
  C:\Windows\System\hDqzEwQ.exe
  2⤵
  PID:2852
- C:\Windows\System\GpVdhAo.exe
  C:\Windows\System\GpVdhAo.exe
  2⤵
  PID:2196
- C:\Windows\System\qXtEPNa.exe
  C:\Windows\System\qXtEPNa.exe
  2⤵
  PID:1820
- C:\Windows\System\wpBMkNi.exe
  C:\Windows\System\wpBMkNi.exe
  2⤵
  PID:2448
- C:\Windows\System\FfvxToX.exe
  C:\Windows\System\FfvxToX.exe
  2⤵
  PID:2104
- C:\Windows\System\UbDsKdZ.exe
  C:\Windows\System\UbDsKdZ.exe
  2⤵
  PID:1668
- C:\Windows\System\hCCkGwP.exe
  C:\Windows\System\hCCkGwP.exe
  2⤵
  PID:2536
- C:\Windows\System\nNjqKaQ.exe
  C:\Windows\System\nNjqKaQ.exe
  2⤵
  PID:784
- C:\Windows\System\naAUccg.exe
  C:\Windows\System\naAUccg.exe
  2⤵
  PID:2784
- C:\Windows\System\cOfeXRo.exe
  C:\Windows\System\cOfeXRo.exe
  2⤵
  PID:3036
- C:\Windows\System\EAgVERI.exe
  C:\Windows\System\EAgVERI.exe
  2⤵
  PID:2008
- C:\Windows\System\OvXQBYi.exe
  C:\Windows\System\OvXQBYi.exe
  2⤵
  PID:2900
- C:\Windows\System\AgQADDj.exe
  C:\Windows\System\AgQADDj.exe
  2⤵
  PID:2968
- C:\Windows\System\bVmfHiG.exe
  C:\Windows\System\bVmfHiG.exe
  2⤵
  PID:3008
- C:\Windows\System\sEwivPm.exe
  C:\Windows\System\sEwivPm.exe
  2⤵
  PID:1948
- C:\Windows\System\epxLguS.exe
  C:\Windows\System\epxLguS.exe
  2⤵
  PID:1828
- C:\Windows\System\AXDrylV.exe
  C:\Windows\System\AXDrylV.exe
  2⤵
  PID:1548
- C:\Windows\System\rzOylVI.exe
  C:\Windows\System\rzOylVI.exe
  2⤵
  PID:1188
- C:\Windows\System\srddDDI.exe
  C:\Windows\System\srddDDI.exe
  2⤵
  PID:2280
- C:\Windows\System\rUEwMUl.exe
  C:\Windows\System\rUEwMUl.exe
  2⤵
  PID:1284
- C:\Windows\System\cJuszjd.exe
  C:\Windows\System\cJuszjd.exe
  2⤵
  PID:2700
- C:\Windows\System\PayYvgx.exe
  C:\Windows\System\PayYvgx.exe
  2⤵
  PID:2152
- C:\Windows\System\iCvisLp.exe
  C:\Windows\System\iCvisLp.exe
  2⤵
  PID:2292
- C:\Windows\System\YNcDtag.exe
  C:\Windows\System\YNcDtag.exe
  2⤵
  PID:1760
- C:\Windows\System\TlMXfPM.exe
  C:\Windows\System\TlMXfPM.exe
  2⤵
  PID:2344
- C:\Windows\System\vFPbJZy.exe
  C:\Windows\System\vFPbJZy.exe
  2⤵
  PID:1684
- C:\Windows\System\YhfGVSK.exe
  C:\Windows\System\YhfGVSK.exe
  2⤵
  PID:2012
- C:\Windows\System\FwmGqtV.exe
  C:\Windows\System\FwmGqtV.exe
  2⤵
  PID:2984
- C:\Windows\System\YNvRXWh.exe
  C:\Windows\System\YNvRXWh.exe
  2⤵
  PID:2800
- C:\Windows\System\WcdyBYD.exe
  C:\Windows\System\WcdyBYD.exe
  2⤵
  PID:2060
- C:\Windows\System\SLjJPOj.exe
  C:\Windows\System\SLjJPOj.exe
  2⤵
  PID:2036
- C:\Windows\System\VuQzFjZ.exe
  C:\Windows\System\VuQzFjZ.exe
  2⤵
  PID:2136
- C:\Windows\System\nygqPOz.exe
  C:\Windows\System\nygqPOz.exe
  2⤵
  PID:2120
- C:\Windows\System\ELmUOXn.exe
  C:\Windows\System\ELmUOXn.exe
  2⤵
  PID:320
- C:\Windows\System\UbzOljd.exe
  C:\Windows\System\UbzOljd.exe
  2⤵
  PID:2904
- C:\Windows\System\XxSbhmo.exe
  C:\Windows\System\XxSbhmo.exe
  2⤵
  PID:1060
- C:\Windows\System\CTNsezS.exe
  C:\Windows\System\CTNsezS.exe
  2⤵
  PID:892
- C:\Windows\System\ZADOgTl.exe
  C:\Windows\System\ZADOgTl.exe
  2⤵
  PID:1604
- C:\Windows\System\LqcAleC.exe
  C:\Windows\System\LqcAleC.exe
  2⤵
  PID:2352
- C:\Windows\System\VKxVduy.exe
  C:\Windows\System\VKxVduy.exe
  2⤵
  PID:1400
- C:\Windows\System\kyHOAHo.exe
  C:\Windows\System\kyHOAHo.exe
  2⤵
  PID:1932
- C:\Windows\System\EANCTOl.exe
  C:\Windows\System\EANCTOl.exe
  2⤵
  PID:2076
- C:\Windows\System\MHJyLqB.exe
  C:\Windows\System\MHJyLqB.exe
  2⤵
  PID:1640
- C:\Windows\System\BirXfbY.exe
  C:\Windows\System\BirXfbY.exe
  2⤵
  PID:3000
- C:\Windows\System\TYDeILN.exe
  C:\Windows\System\TYDeILN.exe
  2⤵
  PID:2916
- C:\Windows\System\vtAoKLE.exe
  C:\Windows\System\vtAoKLE.exe
  2⤵
  PID:2300
- C:\Windows\System\ruzYDBL.exe
  C:\Windows\System\ruzYDBL.exe
  2⤵
  PID:2372
- C:\Windows\System\VNoWyap.exe
  C:\Windows\System\VNoWyap.exe
  2⤵
  PID:1744
- C:\Windows\System\DYNvCtz.exe
  C:\Windows\System\DYNvCtz.exe
  2⤵
  PID:2428
- C:\Windows\System\hNRqYjx.exe
  C:\Windows\System\hNRqYjx.exe
  2⤵
  PID:1392
- C:\Windows\System\XxPYmfa.exe
  C:\Windows\System\XxPYmfa.exe
  2⤵
  PID:108
- C:\Windows\System\qCYGnjG.exe
  C:\Windows\System\qCYGnjG.exe
  2⤵
  PID:3012
- C:\Windows\System\sVhguRs.exe
  C:\Windows\System\sVhguRs.exe
  2⤵
  PID:1952
- C:\Windows\System\eaHFLiC.exe
  C:\Windows\System\eaHFLiC.exe
  2⤵
  PID:1664
- C:\Windows\System\yqOxeaY.exe
  C:\Windows\System\yqOxeaY.exe
  2⤵
  PID:1980
- C:\Windows\System\FILtfZQ.exe
  C:\Windows\System\FILtfZQ.exe
  2⤵
  PID:1628
- C:\Windows\System\fnPlbGa.exe
  C:\Windows\System\fnPlbGa.exe
  2⤵
  PID:1208
- C:\Windows\System\DEqijrk.exe
  C:\Windows\System\DEqijrk.exe
  2⤵
  PID:580
- C:\Windows\System\KmKYnhp.exe
  C:\Windows\System\KmKYnhp.exe
  2⤵
  PID:2816
- C:\Windows\System\wqgFVeY.exe
  C:\Windows\System\wqgFVeY.exe
  2⤵
  PID:2496
- C:\Windows\System\rUtsVeW.exe
  C:\Windows\System\rUtsVeW.exe
  2⤵
  PID:2200
- C:\Windows\System\tiVpgVH.exe
  C:\Windows\System\tiVpgVH.exe
  2⤵
  PID:964
- C:\Windows\System\XYfYDZY.exe
  C:\Windows\System\XYfYDZY.exe
  2⤵
  PID:2928
- C:\Windows\System\aYEgKsC.exe
  C:\Windows\System\aYEgKsC.exe
  2⤵
  PID:2444
- C:\Windows\System\ATgGTvv.exe
  C:\Windows\System\ATgGTvv.exe
  2⤵
  PID:2908
- C:\Windows\System\ZnScmkU.exe
  C:\Windows\System\ZnScmkU.exe
  2⤵
  PID:1560
- C:\Windows\System\TMpOadn.exe
  C:\Windows\System\TMpOadn.exe
  2⤵
  PID:364
- C:\Windows\System\sJGIbEM.exe
  C:\Windows\System\sJGIbEM.exe
  2⤵
  PID:2828
- C:\Windows\System\AmYBkwd.exe
  C:\Windows\System\AmYBkwd.exe
  2⤵
  PID:2016
- C:\Windows\System\EGgCyYb.exe
  C:\Windows\System\EGgCyYb.exe
  2⤵
  PID:1976
- C:\Windows\System\KskizUN.exe
  C:\Windows\System\KskizUN.exe
  2⤵
  PID:888
- C:\Windows\System\sCCjuOP.exe
  C:\Windows\System\sCCjuOP.exe
  2⤵
  PID:900
- C:\Windows\System\GOENrIc.exe
  C:\Windows\System\GOENrIc.exe
  2⤵
  PID:2532
- C:\Windows\System\vfNCVrj.exe
  C:\Windows\System\vfNCVrj.exe
  2⤵
  PID:2248
- C:\Windows\System\WkXPdhy.exe
  C:\Windows\System\WkXPdhy.exe
  2⤵
  PID:2224
- C:\Windows\System\YXGvrnA.exe
  C:\Windows\System\YXGvrnA.exe
  2⤵
  PID:2480
- C:\Windows\System\tNPtfYm.exe
  C:\Windows\System\tNPtfYm.exe
  2⤵
  PID:2656
- C:\Windows\System\kNeFkHO.exe
  C:\Windows\System\kNeFkHO.exe
  2⤵
  PID:1492
- C:\Windows\System\AwlWXJO.exe
  C:\Windows\System\AwlWXJO.exe
  2⤵
  PID:2648
- C:\Windows\System\pJkGTnA.exe
  C:\Windows\System\pJkGTnA.exe
  2⤵
  PID:2432
- C:\Windows\System\dsnqMdg.exe
  C:\Windows\System\dsnqMdg.exe
  2⤵
  PID:2208
- C:\Windows\System\IeOQaNJ.exe
  C:\Windows\System\IeOQaNJ.exe
  2⤵
  PID:2772
- C:\Windows\System\Lqffugs.exe
  C:\Windows\System\Lqffugs.exe
  2⤵
  PID:1924
- C:\Windows\System\iuVNdZS.exe
  C:\Windows\System\iuVNdZS.exe
  2⤵
  PID:1884
- C:\Windows\System\SNHsKoR.exe
  C:\Windows\System\SNHsKoR.exe
  2⤵
  PID:1612
- C:\Windows\System\sxsyCou.exe
  C:\Windows\System\sxsyCou.exe
  2⤵
  PID:2864
- C:\Windows\System\mkpsSnc.exe
  C:\Windows\System\mkpsSnc.exe
  2⤵
  PID:1476
- C:\Windows\System\HiQQlHM.exe
  C:\Windows\System\HiQQlHM.exe
  2⤵
  PID:544
- C:\Windows\System\GFVIpgP.exe
  C:\Windows\System\GFVIpgP.exe
  2⤵
  PID:3084
- C:\Windows\System\Atbqzfd.exe
  C:\Windows\System\Atbqzfd.exe
  2⤵
  PID:3104
- C:\Windows\System\AHYRGYd.exe
  C:\Windows\System\AHYRGYd.exe
  2⤵
  PID:3120
- C:\Windows\System\kTrzvnP.exe
  C:\Windows\System\kTrzvnP.exe
  2⤵
  PID:3136
- C:\Windows\System\YaNiQVq.exe
  C:\Windows\System\YaNiQVq.exe
  2⤵
  PID:3152
- C:\Windows\System\rLZLxSu.exe
  C:\Windows\System\rLZLxSu.exe
  2⤵
  PID:3168
- C:\Windows\System\xUMKSOw.exe
  C:\Windows\System\xUMKSOw.exe
  2⤵
  PID:3248
- C:\Windows\System\Hpwnhik.exe
  C:\Windows\System\Hpwnhik.exe
  2⤵
  PID:3264
- C:\Windows\System\TFDcPWM.exe
  C:\Windows\System\TFDcPWM.exe
  2⤵
  PID:3280
- C:\Windows\System\xkGEzXj.exe
  C:\Windows\System\xkGEzXj.exe
  2⤵
  PID:3296
- C:\Windows\System\qxMmqET.exe
  C:\Windows\System\qxMmqET.exe
  2⤵
  PID:3312
- C:\Windows\System\UaxyGPg.exe
  C:\Windows\System\UaxyGPg.exe
  2⤵
  PID:3372
- C:\Windows\System\CjooxET.exe
  C:\Windows\System\CjooxET.exe
  2⤵
  PID:3388
- C:\Windows\System\RqcPMPl.exe
  C:\Windows\System\RqcPMPl.exe
  2⤵
  PID:3412
- C:\Windows\System\zWqoupc.exe
  C:\Windows\System\zWqoupc.exe
  2⤵
  PID:3428
- C:\Windows\System\TqIBWOj.exe
  C:\Windows\System\TqIBWOj.exe
  2⤵
  PID:3444
- C:\Windows\System\JPmMKKY.exe
  C:\Windows\System\JPmMKKY.exe
  2⤵
  PID:3460
- C:\Windows\System\MuYSoCz.exe
  C:\Windows\System\MuYSoCz.exe
  2⤵
  PID:3476
- C:\Windows\System\wqCdrxj.exe
  C:\Windows\System\wqCdrxj.exe
  2⤵
  PID:3496
- C:\Windows\System\GBSfRVv.exe
  C:\Windows\System\GBSfRVv.exe
  2⤵
  PID:3524
- C:\Windows\System\HTilsIe.exe
  C:\Windows\System\HTilsIe.exe
  2⤵
  PID:3572
- C:\Windows\System\eKWzazA.exe
  C:\Windows\System\eKWzazA.exe
  2⤵
  PID:3588
- C:\Windows\System\QuaYtdJ.exe
  C:\Windows\System\QuaYtdJ.exe
  2⤵
  PID:3612
- C:\Windows\System\iHdNgRP.exe
  C:\Windows\System\iHdNgRP.exe
  2⤵
  PID:3628
- C:\Windows\System\MkFJpSc.exe
  C:\Windows\System\MkFJpSc.exe
  2⤵
  PID:3644
- C:\Windows\System\NShxtsK.exe
  C:\Windows\System\NShxtsK.exe
  2⤵
  PID:3708
- C:\Windows\System\BIxoetM.exe
  C:\Windows\System\BIxoetM.exe
  2⤵
  PID:3724
- C:\Windows\System\vhDuzmJ.exe
  C:\Windows\System\vhDuzmJ.exe
  2⤵
  PID:3740
- C:\Windows\System\blfgrsv.exe
  C:\Windows\System\blfgrsv.exe
  2⤵
  PID:3756
- C:\Windows\System\PZRbHzq.exe
  C:\Windows\System\PZRbHzq.exe
  2⤵
  PID:3780
- C:\Windows\System\BIzMwGH.exe
  C:\Windows\System\BIzMwGH.exe
  2⤵
  PID:3828
- C:\Windows\System\ANMNoQp.exe
  C:\Windows\System\ANMNoQp.exe
  2⤵
  PID:3844
- C:\Windows\System\xhSOkxp.exe
  C:\Windows\System\xhSOkxp.exe
  2⤵
  PID:3860
- C:\Windows\System\BZLMTzW.exe
  C:\Windows\System\BZLMTzW.exe
  2⤵
  PID:3876
- C:\Windows\System\krikryr.exe
  C:\Windows\System\krikryr.exe
  2⤵
  PID:3900
- C:\Windows\System\RnHXSsO.exe
  C:\Windows\System\RnHXSsO.exe
  2⤵
  PID:3920
- C:\Windows\System\WQGTnsD.exe
  C:\Windows\System\WQGTnsD.exe
  2⤵
  PID:3944
- C:\Windows\System\UAoCrhG.exe
  C:\Windows\System\UAoCrhG.exe
  2⤵
  PID:3960
- C:\Windows\System\HadhvqP.exe
  C:\Windows\System\HadhvqP.exe
  2⤵
  PID:3976
- C:\Windows\System\iMvVxCB.exe
  C:\Windows\System\iMvVxCB.exe
  2⤵
  PID:4048
- C:\Windows\System\MCTqTwR.exe
  C:\Windows\System\MCTqTwR.exe
  2⤵
  PID:4064
- C:\Windows\System\tjSpGMM.exe
  C:\Windows\System\tjSpGMM.exe
  2⤵
  PID:4080
- C:\Windows\System\dNvwAbW.exe
  C:\Windows\System\dNvwAbW.exe
  2⤵
  PID:1204
- C:\Windows\System\vkfjXfL.exe
  C:\Windows\System\vkfjXfL.exe
  2⤵
  PID:2124
- C:\Windows\System\RWEgtHh.exe
  C:\Windows\System\RWEgtHh.exe
  2⤵
  PID:3092
- C:\Windows\System\kHqSrlE.exe
  C:\Windows\System\kHqSrlE.exe
  2⤵
  PID:3080
- C:\Windows\System\CgmHoDM.exe
  C:\Windows\System\CgmHoDM.exe
  2⤵
  PID:3200
- C:\Windows\System\iFalNLi.exe
  C:\Windows\System\iFalNLi.exe
  2⤵
  PID:3216
- C:\Windows\System\eypEddA.exe
  C:\Windows\System\eypEddA.exe
  2⤵
  PID:3180
- C:\Windows\System\otytXaY.exe
  C:\Windows\System\otytXaY.exe
  2⤵
  PID:3224
- C:\Windows\System\wYjSsSL.exe
  C:\Windows\System\wYjSsSL.exe
  2⤵
  PID:3288
- C:\Windows\System\kQFgCJg.exe
  C:\Windows\System\kQFgCJg.exe
  2⤵
  PID:3308
- C:\Windows\System\AvtRXez.exe
  C:\Windows\System\AvtRXez.exe
  2⤵
  PID:3348
- C:\Windows\System\Jxjccxq.exe
  C:\Windows\System\Jxjccxq.exe
  2⤵
  PID:3360
- C:\Windows\System\aBNVYCW.exe
  C:\Windows\System\aBNVYCW.exe
  2⤵
  PID:3468
- C:\Windows\System\MJfdBdl.exe
  C:\Windows\System\MJfdBdl.exe
  2⤵
  PID:3512
- C:\Windows\System\mwEDUTa.exe
  C:\Windows\System\mwEDUTa.exe
  2⤵
  PID:3488
- C:\Windows\System\PGNdEOr.exe
  C:\Windows\System\PGNdEOr.exe
  2⤵
  PID:3536
- C:\Windows\System\OwmOfjY.exe
  C:\Windows\System\OwmOfjY.exe
  2⤵
  PID:3560
- C:\Windows\System\UyOsnSb.exe
  C:\Windows\System\UyOsnSb.exe
  2⤵
  PID:3636
- C:\Windows\System\SeqntdH.exe
  C:\Windows\System\SeqntdH.exe
  2⤵
  PID:3584
- C:\Windows\System\lETGzGr.exe
  C:\Windows\System\lETGzGr.exe
  2⤵
  PID:3624
- C:\Windows\System\gchdAbd.exe
  C:\Windows\System\gchdAbd.exe
  2⤵
  PID:3664
- C:\Windows\System\CXaCDqC.exe
  C:\Windows\System\CXaCDqC.exe
  2⤵
  PID:3776
- C:\Windows\System\KQqipaZ.exe
  C:\Windows\System\KQqipaZ.exe
  2⤵
  PID:3824
- C:\Windows\System\eDFoCCi.exe
  C:\Windows\System\eDFoCCi.exe
  2⤵
  PID:3852
- C:\Windows\System\YpudqLb.exe
  C:\Windows\System\YpudqLb.exe
  2⤵
  PID:3892
- C:\Windows\System\QDaqFBO.exe
  C:\Windows\System\QDaqFBO.exe
  2⤵
  PID:3968
- C:\Windows\System\VtuuZjp.exe
  C:\Windows\System\VtuuZjp.exe
  2⤵
  PID:3912
- C:\Windows\System\IzOYvlQ.exe
  C:\Windows\System\IzOYvlQ.exe
  2⤵
  PID:3956
- C:\Windows\System\qXMlkdu.exe
  C:\Windows\System\qXMlkdu.exe
  2⤵
  PID:3984
- C:\Windows\System\QjSgmCq.exe
  C:\Windows\System\QjSgmCq.exe
  2⤵
  PID:3988
- C:\Windows\System\TgbKxUM.exe
  C:\Windows\System\TgbKxUM.exe
  2⤵
  PID:3160
- C:\Windows\System\VfmqQKs.exe
  C:\Windows\System\VfmqQKs.exe
  2⤵
  PID:3076
- C:\Windows\System\wxeywGd.exe
  C:\Windows\System\wxeywGd.exe
  2⤵
  PID:3176
- C:\Windows\System\ohQMUrS.exe
  C:\Windows\System\ohQMUrS.exe
  2⤵
  PID:3340
- C:\Windows\System\YwhdMxZ.exe
  C:\Windows\System\YwhdMxZ.exe
  2⤵
  PID:3244
- C:\Windows\System\BfLVDNE.exe
  C:\Windows\System\BfLVDNE.exe
  2⤵
  PID:3260
- C:\Windows\System\yFIaLQY.exe
  C:\Windows\System\yFIaLQY.exe
  2⤵
  PID:3228
- C:\Windows\System\NZNNKlg.exe
  C:\Windows\System\NZNNKlg.exe
  2⤵
  PID:3400
- C:\Windows\System\jVyHrGz.exe
  C:\Windows\System\jVyHrGz.exe
  2⤵
  PID:3256
- C:\Windows\System\ShbwUWy.exe
  C:\Windows\System\ShbwUWy.exe
  2⤵
  PID:3568
- C:\Windows\System\wUdYhNs.exe
  C:\Windows\System\wUdYhNs.exe
  2⤵
  PID:3328
- C:\Windows\System\NREKwAg.exe
  C:\Windows\System\NREKwAg.exe
  2⤵
  PID:3788
- C:\Windows\System\BkUaBdj.exe
  C:\Windows\System\BkUaBdj.exe
  2⤵
  PID:3656
- C:\Windows\System\oMhOdpf.exe
  C:\Windows\System\oMhOdpf.exe
  2⤵
  PID:3424
- C:\Windows\System\KRviHQg.exe
  C:\Windows\System\KRviHQg.exe
  2⤵
  PID:3408
- C:\Windows\System\ndbFYWr.exe
  C:\Windows\System\ndbFYWr.exe
  2⤵
  PID:3696
- C:\Windows\System\pDOLqxr.exe
  C:\Windows\System\pDOLqxr.exe
  2⤵
  PID:3736
- C:\Windows\System\PhbPLAZ.exe
  C:\Windows\System\PhbPLAZ.exe
  2⤵
  PID:3936
- C:\Windows\System\ExEZUdV.exe
  C:\Windows\System\ExEZUdV.exe
  2⤵
  PID:3772
- C:\Windows\System\mpOQytE.exe
  C:\Windows\System\mpOQytE.exe
  2⤵
  PID:3836
- C:\Windows\System\sIkPgjo.exe
  C:\Windows\System\sIkPgjo.exe
  2⤵
  PID:3660
- C:\Windows\System\QzVEaKs.exe
  C:\Windows\System\QzVEaKs.exe
  2⤵
  PID:3532
- C:\Windows\System\auDzeCM.exe
  C:\Windows\System\auDzeCM.exe
  2⤵
  PID:3796
- C:\Windows\System\TuyNTHl.exe
  C:\Windows\System\TuyNTHl.exe
  2⤵
  PID:3128
- C:\Windows\System\aDeXUCf.exe
  C:\Windows\System\aDeXUCf.exe
  2⤵
  PID:3304
- C:\Windows\System\dHoxUzO.exe
  C:\Windows\System\dHoxUzO.exe
  2⤵
  PID:3116
- C:\Windows\System\mzyFSIl.exe
  C:\Windows\System\mzyFSIl.exe
  2⤵
  PID:3184
- C:\Windows\System\lOWkHZq.exe
  C:\Windows\System\lOWkHZq.exe
  2⤵
  PID:3204
- C:\Windows\System\SlfgQOi.exe
  C:\Windows\System\SlfgQOi.exe
  2⤵
  PID:3720
- C:\Windows\System\XlIRADL.exe
  C:\Windows\System\XlIRADL.exe
  2⤵
  PID:3552
- C:\Windows\System\pWfnYno.exe
  C:\Windows\System\pWfnYno.exe
  2⤵
  PID:4056
- C:\Windows\System\VoYxZdS.exe
  C:\Windows\System\VoYxZdS.exe
  2⤵
  PID:3540
- C:\Windows\System\ccAzSSn.exe
  C:\Windows\System\ccAzSSn.exe
  2⤵
  PID:3688
- C:\Windows\System\kouMfnu.exe
  C:\Windows\System\kouMfnu.exe
  2⤵
  PID:3704
- C:\Windows\System\nGhrnix.exe
  C:\Windows\System\nGhrnix.exe
  2⤵
  PID:3952
- C:\Windows\System\wXTQutr.exe
  C:\Windows\System\wXTQutr.exe
  2⤵
  PID:3272
- C:\Windows\System\MwDhKZV.exe
  C:\Windows\System\MwDhKZV.exe
  2⤵
  PID:4016
- C:\Windows\System\EpGOTjg.exe
  C:\Windows\System\EpGOTjg.exe
  2⤵
  PID:4032
- C:\Windows\System\MRnbRCo.exe
  C:\Windows\System\MRnbRCo.exe
  2⤵
  PID:972
- C:\Windows\System\kdrTurI.exe
  C:\Windows\System\kdrTurI.exe
  2⤵
  PID:2508
- C:\Windows\System\hxQLhJO.exe
  C:\Windows\System\hxQLhJO.exe
  2⤵
  PID:3992
- C:\Windows\System\PBuDSAq.exe
  C:\Windows\System\PBuDSAq.exe
  2⤵
  PID:3504
- C:\Windows\System\KkYedxo.exe
  C:\Windows\System\KkYedxo.exe
  2⤵
  PID:3544
- C:\Windows\System\GYqRUEx.exe
  C:\Windows\System\GYqRUEx.exe
  2⤵
  PID:4072
- C:\Windows\System\VumoYPN.exe
  C:\Windows\System\VumoYPN.exe
  2⤵
  PID:3680
- C:\Windows\System\dUNLxek.exe
  C:\Windows\System\dUNLxek.exe
  2⤵
  PID:3332
- C:\Windows\System\FwYmErn.exe
  C:\Windows\System\FwYmErn.exe
  2⤵
  PID:928
- C:\Windows\System\bhIlEZR.exe
  C:\Windows\System\bhIlEZR.exe
  2⤵
  PID:3556
- C:\Windows\System\zHFzyDP.exe
  C:\Windows\System\zHFzyDP.exe
  2⤵
  PID:3364
- C:\Windows\System\twrgyKi.exe
  C:\Windows\System\twrgyKi.exe
  2⤵
  PID:3752
- C:\Windows\System\NtdpCcP.exe
  C:\Windows\System\NtdpCcP.exe
  2⤵
  PID:3384
- C:\Windows\System\QXKSxWp.exe
  C:\Windows\System\QXKSxWp.exe
  2⤵
  PID:3808
- C:\Windows\System\JyhlAKK.exe
  C:\Windows\System\JyhlAKK.exe
  2⤵
  PID:4164
- C:\Windows\System\SmgmiGE.exe
  C:\Windows\System\SmgmiGE.exe
  2⤵
  PID:4180
- C:\Windows\System\IaVJrLi.exe
  C:\Windows\System\IaVJrLi.exe
  2⤵
  PID:4200
- C:\Windows\System\FbIlQjc.exe
  C:\Windows\System\FbIlQjc.exe
  2⤵
  PID:4220
- C:\Windows\System\uIdMkyS.exe
  C:\Windows\System\uIdMkyS.exe
  2⤵
  PID:4240
- C:\Windows\System\jaHUALc.exe
  C:\Windows\System\jaHUALc.exe
  2⤵
  PID:4288
- C:\Windows\System\IvFSQEt.exe
  C:\Windows\System\IvFSQEt.exe
  2⤵
  PID:4304
- C:\Windows\System\DUFoyqW.exe
  C:\Windows\System\DUFoyqW.exe
  2⤵
  PID:4320
- C:\Windows\System\AlSIvpM.exe
  C:\Windows\System\AlSIvpM.exe
  2⤵
  PID:4336
- C:\Windows\System\QmZrjpt.exe
  C:\Windows\System\QmZrjpt.exe
  2⤵
  PID:4352
- C:\Windows\System\Rcmnboq.exe
  C:\Windows\System\Rcmnboq.exe
  2⤵
  PID:4376
- C:\Windows\System\dApdKIk.exe
  C:\Windows\System\dApdKIk.exe
  2⤵
  PID:4392
- C:\Windows\System\rvYJoLP.exe
  C:\Windows\System\rvYJoLP.exe
  2⤵
  PID:4432
- C:\Windows\System\vDRPZRe.exe
  C:\Windows\System\vDRPZRe.exe
  2⤵
  PID:4448
- C:\Windows\System\iuVblOB.exe
  C:\Windows\System\iuVblOB.exe
  2⤵
  PID:4468
- C:\Windows\System\SGqcucB.exe
  C:\Windows\System\SGqcucB.exe
  2⤵
  PID:4488
- C:\Windows\System\UyOuvJB.exe
  C:\Windows\System\UyOuvJB.exe
  2⤵
  PID:4504
- C:\Windows\System\xknTEcO.exe
  C:\Windows\System\xknTEcO.exe
  2⤵
  PID:4520
- C:\Windows\System\jJAbcbA.exe
  C:\Windows\System\jJAbcbA.exe
  2⤵
  PID:4544
- C:\Windows\System\fFSRoZj.exe
  C:\Windows\System\fFSRoZj.exe
  2⤵
  PID:4560
- C:\Windows\System\harGaoB.exe
  C:\Windows\System\harGaoB.exe
  2⤵
  PID:4584
- C:\Windows\System\KCwZxCi.exe
  C:\Windows\System\KCwZxCi.exe
  2⤵
  PID:4600
- C:\Windows\System\pCUUpWA.exe
  C:\Windows\System\pCUUpWA.exe
  2⤵
  PID:4616
- C:\Windows\System\vLJsaKx.exe
  C:\Windows\System\vLJsaKx.exe
  2⤵
  PID:4632
- C:\Windows\System\IqZOdiC.exe
  C:\Windows\System\IqZOdiC.exe
  2⤵
  PID:4648
- C:\Windows\System\PZCNKgZ.exe
  C:\Windows\System\PZCNKgZ.exe
  2⤵
  PID:4664
- C:\Windows\System\zBkSyPE.exe
  C:\Windows\System\zBkSyPE.exe
  2⤵
  PID:4680
- C:\Windows\System\ECeKftr.exe
  C:\Windows\System\ECeKftr.exe
  2⤵
  PID:4696
- C:\Windows\System\uzNOtFW.exe
  C:\Windows\System\uzNOtFW.exe
  2⤵
  PID:4712
- C:\Windows\System\IylMZMk.exe
  C:\Windows\System\IylMZMk.exe
  2⤵
  PID:4728
- C:\Windows\System\TnVehmp.exe
  C:\Windows\System\TnVehmp.exe
  2⤵
  PID:4744
- C:\Windows\System\brbuCnN.exe
  C:\Windows\System\brbuCnN.exe
  2⤵
  PID:4760
- C:\Windows\System\UwFIWht.exe
  C:\Windows\System\UwFIWht.exe
  2⤵
  PID:4776
- C:\Windows\System\BlCvSTC.exe
  C:\Windows\System\BlCvSTC.exe
  2⤵
  PID:4792
- C:\Windows\System\KDnXVyy.exe
  C:\Windows\System\KDnXVyy.exe
  2⤵
  PID:4808
- C:\Windows\System\WulidJk.exe
  C:\Windows\System\WulidJk.exe
  2⤵
  PID:4824
- C:\Windows\System\cMTyZgk.exe
  C:\Windows\System\cMTyZgk.exe
  2⤵
  PID:4840
- C:\Windows\System\STLZYTq.exe
  C:\Windows\System\STLZYTq.exe
  2⤵
  PID:4856
- C:\Windows\System\NOUSjUq.exe
  C:\Windows\System\NOUSjUq.exe
  2⤵
  PID:4872
- C:\Windows\System\GOQXpyj.exe
  C:\Windows\System\GOQXpyj.exe
  2⤵
  PID:4888
- C:\Windows\System\YUqrebS.exe
  C:\Windows\System\YUqrebS.exe
  2⤵
  PID:4904
- C:\Windows\System\tSNzgvE.exe
  C:\Windows\System\tSNzgvE.exe
  2⤵
  PID:4920
- C:\Windows\System\acXloov.exe
  C:\Windows\System\acXloov.exe
  2⤵
  PID:4936
- C:\Windows\System\sTVzgaX.exe
  C:\Windows\System\sTVzgaX.exe
  2⤵
  PID:4952
- C:\Windows\System\UDCoPOP.exe
  C:\Windows\System\UDCoPOP.exe
  2⤵
  PID:4968
- C:\Windows\System\pfIKcmJ.exe
  C:\Windows\System\pfIKcmJ.exe
  2⤵
  PID:4984
- C:\Windows\System\hiRvlDT.exe
  C:\Windows\System\hiRvlDT.exe
  2⤵
  PID:5000
- C:\Windows\System\KtnsanU.exe
  C:\Windows\System\KtnsanU.exe
  2⤵
  PID:5016
- C:\Windows\System\ZTOEPAT.exe
  C:\Windows\System\ZTOEPAT.exe
  2⤵
  PID:5032
- C:\Windows\System\sueilvg.exe
  C:\Windows\System\sueilvg.exe
  2⤵
  PID:5052
- C:\Windows\System\EQTuvQh.exe
  C:\Windows\System\EQTuvQh.exe
  2⤵
  PID:5068
- C:\Windows\System\SABuZkt.exe
  C:\Windows\System\SABuZkt.exe
  2⤵
  PID:5084
- C:\Windows\System\FoIKLtI.exe
  C:\Windows\System\FoIKLtI.exe
  2⤵
  PID:5100
- C:\Windows\System\ErFTkth.exe
  C:\Windows\System\ErFTkth.exe
  2⤵
  PID:5116
- C:\Windows\System\EAqGFZk.exe
  C:\Windows\System\EAqGFZk.exe
  2⤵
  PID:4028
- C:\Windows\System\SAfsrpQ.exe
  C:\Windows\System\SAfsrpQ.exe
  2⤵
  PID:3840
- C:\Windows\System\UQjVhHQ.exe
  C:\Windows\System\UQjVhHQ.exe
  2⤵
  PID:1248
- C:\Windows\System\yCUvpMa.exe
  C:\Windows\System\yCUvpMa.exe
  2⤵
  PID:4104
- C:\Windows\System\Xpaehgd.exe
  C:\Windows\System\Xpaehgd.exe
  2⤵
  PID:4212
- C:\Windows\System\zENqJSJ.exe
  C:\Windows\System\zENqJSJ.exe
  2⤵
  PID:4260
- C:\Windows\System\IiMZDEI.exe
  C:\Windows\System\IiMZDEI.exe
  2⤵
  PID:4280
- C:\Windows\System\QnQaAOy.exe
  C:\Windows\System\QnQaAOy.exe
  2⤵
  PID:4156
- C:\Windows\System\YKWokKE.exe
  C:\Windows\System\YKWokKE.exe
  2⤵
  PID:3996
- C:\Windows\System\feNbHaF.exe
  C:\Windows\System\feNbHaF.exe
  2⤵
  PID:4112
- C:\Windows\System\VSDWouy.exe
  C:\Windows\System\VSDWouy.exe
  2⤵
  PID:4328
- C:\Windows\System\bstjMwX.exe
  C:\Windows\System\bstjMwX.exe
  2⤵
  PID:4388
- C:\Windows\System\vpwfxXw.exe
  C:\Windows\System\vpwfxXw.exe
  2⤵
  PID:4152
- C:\Windows\System\orzUKVQ.exe
  C:\Windows\System\orzUKVQ.exe
  2⤵
  PID:4444
- C:\Windows\System\CTJyEHf.exe
  C:\Windows\System\CTJyEHf.exe
  2⤵
  PID:4484
- C:\Windows\System\yHwDXxf.exe
  C:\Windows\System\yHwDXxf.exe
  2⤵
  PID:4196
- C:\Windows\System\oAqUUvt.exe
  C:\Windows\System\oAqUUvt.exe
  2⤵
  PID:4596
- C:\Windows\System\rkqVQKA.exe
  C:\Windows\System\rkqVQKA.exe
  2⤵
  PID:4660
- C:\Windows\System\GTJxhKo.exe
  C:\Windows\System\GTJxhKo.exe
  2⤵
  PID:3600
- C:\Windows\System\RggiOcN.exe
  C:\Windows\System\RggiOcN.exe
  2⤵
  PID:4720
- C:\Windows\System\XOMcxXr.exe
  C:\Windows\System\XOMcxXr.exe
  2⤵
  PID:4332
- C:\Windows\System\uxhPAkg.exe
  C:\Windows\System\uxhPAkg.exe
  2⤵
  PID:4132
- C:\Windows\System\nBSwuIl.exe
  C:\Windows\System\nBSwuIl.exe
  2⤵
  PID:4644
- C:\Windows\System\DJXWmQu.exe
  C:\Windows\System\DJXWmQu.exe
  2⤵
  PID:4672
- C:\Windows\System\UGNlsMl.exe
  C:\Windows\System\UGNlsMl.exe
  2⤵
  PID:4788
- C:\Windows\System\ZgqAkwh.exe
  C:\Windows\System\ZgqAkwh.exe
  2⤵
  PID:4460
- C:\Windows\System\qPGBDtp.exe
  C:\Windows\System\qPGBDtp.exe
  2⤵
  PID:4500
- C:\Windows\System\NZsGvJf.exe
  C:\Windows\System\NZsGvJf.exe
  2⤵
  PID:4772
- C:\Windows\System\aCETydS.exe
  C:\Windows\System\aCETydS.exe
  2⤵
  PID:4576
- C:\Windows\System\KPNiwvF.exe
  C:\Windows\System\KPNiwvF.exe
  2⤵
  PID:4676
- C:\Windows\System\XHReLYW.exe
  C:\Windows\System\XHReLYW.exe
  2⤵
  PID:4536
- C:\Windows\System\pQBZxxY.exe
  C:\Windows\System\pQBZxxY.exe
  2⤵
  PID:4836
- C:\Windows\System\RHtpMtn.exe
  C:\Windows\System\RHtpMtn.exe
  2⤵
  PID:4852
- C:\Windows\System\qvhIprs.exe
  C:\Windows\System\qvhIprs.exe
  2⤵
  PID:4900
- C:\Windows\System\TbNBmeJ.exe
  C:\Windows\System\TbNBmeJ.exe
  2⤵
  PID:4960
- C:\Windows\System\qBUtZdG.exe
  C:\Windows\System\qBUtZdG.exe
  2⤵
  PID:4916
- C:\Windows\System\OOUOkih.exe
  C:\Windows\System\OOUOkih.exe
  2⤵
  PID:4944
- C:\Windows\System\eXyXPVa.exe
  C:\Windows\System\eXyXPVa.exe
  2⤵
  PID:5012
- C:\Windows\System\LSYabYg.exe
  C:\Windows\System\LSYabYg.exe
  2⤵
  PID:5076
- C:\Windows\System\SsSjvwl.exe
  C:\Windows\System\SsSjvwl.exe
  2⤵
  PID:5108
- C:\Windows\System\XoyMbBs.exe
  C:\Windows\System\XoyMbBs.exe
  2⤵
  PID:4088
- C:\Windows\System\rPcSatA.exe
  C:\Windows\System\rPcSatA.exe
  2⤵
  PID:4248
- C:\Windows\System\OJtTjLs.exe
  C:\Windows\System\OJtTjLs.exe
  2⤵
  PID:3472
- C:\Windows\System\uPwuYNL.exe
  C:\Windows\System\uPwuYNL.exe
  2⤵
  PID:4208
- C:\Windows\System\bVRvTpp.exe
  C:\Windows\System\bVRvTpp.exe
  2⤵
  PID:4316
- C:\Windows\System\tGVjsgS.exe
  C:\Windows\System\tGVjsgS.exe
  2⤵
  PID:4228
- C:\Windows\System\KYmNAhA.exe
  C:\Windows\System\KYmNAhA.exe
  2⤵
  PID:4384
- C:\Windows\System\OFFDFOM.exe
  C:\Windows\System\OFFDFOM.exe
  2⤵
  PID:4512
- C:\Windows\System\LmPQyZa.exe
  C:\Windows\System\LmPQyZa.exe
  2⤵
  PID:4540
- C:\Windows\System\GRmZXzF.exe
  C:\Windows\System\GRmZXzF.exe
  2⤵
  PID:4236
- C:\Windows\System\hJlNclj.exe
  C:\Windows\System\hJlNclj.exe
  2⤵
  PID:4296
- C:\Windows\System\AiXPtQI.exe
  C:\Windows\System\AiXPtQI.exe
  2⤵
  PID:4400
- C:\Windows\System\YvHENRy.exe
  C:\Windows\System\YvHENRy.exe
  2⤵
  PID:4408
- C:\Windows\System\wuHdlZr.exe
  C:\Windows\System\wuHdlZr.exe
  2⤵
  PID:4464
- C:\Windows\System\olJiuof.exe
  C:\Windows\System\olJiuof.exe
  2⤵
  PID:4428
- C:\Windows\System\MQKTBUJ.exe
  C:\Windows\System\MQKTBUJ.exe
  2⤵
  PID:4640
- C:\Windows\System\XGGbBtR.exe
  C:\Windows\System\XGGbBtR.exe
  2⤵
  PID:4832
- C:\Windows\System\LwdbStu.exe
  C:\Windows\System\LwdbStu.exe
  2⤵
  PID:4932
- C:\Windows\System\scvnVVe.exe
  C:\Windows\System\scvnVVe.exe
  2⤵
  PID:5044
- C:\Windows\System\kjbzFti.exe
  C:\Windows\System\kjbzFti.exe
  2⤵
  PID:4976
- C:\Windows\System\CQmLsCT.exe
  C:\Windows\System\CQmLsCT.exe
  2⤵
  PID:4896
- C:\Windows\System\pTpeOiR.exe
  C:\Windows\System\pTpeOiR.exe
  2⤵
  PID:5080
- C:\Windows\System\NbMGyot.exe
  C:\Windows\System\NbMGyot.exe
  2⤵
  PID:4100
- C:\Windows\System\IiPWHWI.exe
  C:\Windows\System\IiPWHWI.exe
  2⤵
  PID:3240
- C:\Windows\System\TTVXCLT.exe
  C:\Windows\System\TTVXCLT.exe
  2⤵
  PID:4480
- C:\Windows\System\ZvrVVbD.exe
  C:\Windows\System\ZvrVVbD.exe
  2⤵
  PID:4692
- C:\Windows\System\drGhdng.exe
  C:\Windows\System\drGhdng.exe
  2⤵
  PID:4456
- C:\Windows\System\TJtALrW.exe
  C:\Windows\System\TJtALrW.exe
  2⤵
  PID:4528
- C:\Windows\System\HoQJVMx.exe
  C:\Windows\System\HoQJVMx.exe
  2⤵
  PID:4572
- C:\Windows\System\qDYrRBA.exe
  C:\Windows\System\qDYrRBA.exe
  2⤵
  PID:4608
- C:\Windows\System\hZZrNLD.exe
  C:\Windows\System\hZZrNLD.exe
  2⤵
  PID:4996
- C:\Windows\System\qcRfeJA.exe
  C:\Windows\System\qcRfeJA.exe
  2⤵
  PID:4268
- C:\Windows\System\zLQFTWJ.exe
  C:\Windows\System\zLQFTWJ.exe
  2⤵
  PID:3484
- C:\Windows\System\zCTiNee.exe
  C:\Windows\System\zCTiNee.exe
  2⤵
  PID:4628
- C:\Windows\System\INNtvhH.exe
  C:\Windows\System\INNtvhH.exe
  2⤵
  PID:4368
- C:\Windows\System\FKEMXvh.exe
  C:\Windows\System\FKEMXvh.exe
  2⤵
  PID:4784
- C:\Windows\System\LWibnqv.exe
  C:\Windows\System\LWibnqv.exe
  2⤵
  PID:4736
- C:\Windows\System\orAnnVY.exe
  C:\Windows\System\orAnnVY.exe
  2⤵
  PID:3144
- C:\Windows\System\edyCGCb.exe
  C:\Windows\System\edyCGCb.exe
  2⤵
  PID:4372
- C:\Windows\System\PdkdSmI.exe
  C:\Windows\System\PdkdSmI.exe
  2⤵
  PID:5132
- C:\Windows\System\ZCDiWDl.exe
  C:\Windows\System\ZCDiWDl.exe
  2⤵
  PID:5148
- C:\Windows\System\alXEhDy.exe
  C:\Windows\System\alXEhDy.exe
  2⤵
  PID:5164
- C:\Windows\System\KCrNTPm.exe
  C:\Windows\System\KCrNTPm.exe
  2⤵
  PID:5184
- C:\Windows\System\yLxyqwt.exe
  C:\Windows\System\yLxyqwt.exe
  2⤵
  PID:5200
- C:\Windows\System\KeqbQFA.exe
  C:\Windows\System\KeqbQFA.exe
  2⤵
  PID:5216
- C:\Windows\System\caKicZj.exe
  C:\Windows\System\caKicZj.exe
  2⤵
  PID:5232
- C:\Windows\System\ICGkeWW.exe
  C:\Windows\System\ICGkeWW.exe
  2⤵
  PID:5248
- C:\Windows\System\tsslriv.exe
  C:\Windows\System\tsslriv.exe
  2⤵
  PID:5264
- C:\Windows\System\WmvARnb.exe
  C:\Windows\System\WmvARnb.exe
  2⤵
  PID:5280
- C:\Windows\System\ToSKmzB.exe
  C:\Windows\System\ToSKmzB.exe
  2⤵
  PID:5296
- C:\Windows\System\uMBOehu.exe
  C:\Windows\System\uMBOehu.exe
  2⤵
  PID:5340
- C:\Windows\System\CmCKMDT.exe
  C:\Windows\System\CmCKMDT.exe
  2⤵
  PID:5356
- C:\Windows\System\zmixrnV.exe
  C:\Windows\System\zmixrnV.exe
  2⤵
  PID:5372
- C:\Windows\System\IyJQaGv.exe
  C:\Windows\System\IyJQaGv.exe
  2⤵
  PID:5388
- C:\Windows\System\JDFzKBT.exe
  C:\Windows\System\JDFzKBT.exe
  2⤵
  PID:5404
- C:\Windows\System\NAQLOcK.exe
  C:\Windows\System\NAQLOcK.exe
  2⤵
  PID:5420
- C:\Windows\System\yYaWgKG.exe
  C:\Windows\System\yYaWgKG.exe
  2⤵
  PID:5436
- C:\Windows\System\LAdnUUY.exe
  C:\Windows\System\LAdnUUY.exe
  2⤵
  PID:5452
- C:\Windows\System\DAsCLeC.exe
  C:\Windows\System\DAsCLeC.exe
  2⤵
  PID:5468
- C:\Windows\System\hBniGLy.exe
  C:\Windows\System\hBniGLy.exe
  2⤵
  PID:5484
- C:\Windows\System\jdXYPgz.exe
  C:\Windows\System\jdXYPgz.exe
  2⤵
  PID:5500
- C:\Windows\System\MIDMWit.exe
  C:\Windows\System\MIDMWit.exe
  2⤵
  PID:5516
- C:\Windows\System\sMBqynl.exe
  C:\Windows\System\sMBqynl.exe
  2⤵
  PID:5532
- C:\Windows\System\HgyhJnH.exe
  C:\Windows\System\HgyhJnH.exe
  2⤵
  PID:5548
- C:\Windows\System\KABTwWv.exe
  C:\Windows\System\KABTwWv.exe
  2⤵
  PID:5564
- C:\Windows\System\QQjAOWP.exe
  C:\Windows\System\QQjAOWP.exe
  2⤵
  PID:5584
- C:\Windows\System\hRDiJFn.exe
  C:\Windows\System\hRDiJFn.exe
  2⤵
  PID:5836
- C:\Windows\System\HAglxJK.exe
  C:\Windows\System\HAglxJK.exe
  2⤵
  PID:5868
- C:\Windows\System\rkuFuYx.exe
  C:\Windows\System\rkuFuYx.exe
  2⤵
  PID:5888
- C:\Windows\System\UNOxuZL.exe
  C:\Windows\System\UNOxuZL.exe
  2⤵
  PID:5908
- C:\Windows\System\gdqtGGn.exe
  C:\Windows\System\gdqtGGn.exe
  2⤵
  PID:5928
- C:\Windows\System\scvQCJz.exe
  C:\Windows\System\scvQCJz.exe
  2⤵
  PID:5976
- C:\Windows\System\eAvWPFt.exe
  C:\Windows\System\eAvWPFt.exe
  2⤵
  PID:6020
- C:\Windows\System\UkWGkjY.exe
  C:\Windows\System\UkWGkjY.exe
  2⤵
  PID:6040
- C:\Windows\System\QTXGGRN.exe
  C:\Windows\System\QTXGGRN.exe
  2⤵
  PID:4312
- C:\Windows\System\wqGjhXn.exe
  C:\Windows\System\wqGjhXn.exe
  2⤵
  PID:5160
- C:\Windows\System\hXpTqBS.exe
  C:\Windows\System\hXpTqBS.exe
  2⤵
  PID:4148
- C:\Windows\System\XhHwINa.exe
  C:\Windows\System\XhHwINa.exe
  2⤵
  PID:5140
- C:\Windows\System\FadgLDm.exe
  C:\Windows\System\FadgLDm.exe
  2⤵
  PID:5212
- C:\Windows\System\NKCriyu.exe
  C:\Windows\System\NKCriyu.exe
  2⤵
  PID:5244
- C:\Windows\System\uNIcYFB.exe
  C:\Windows\System\uNIcYFB.exe
  2⤵
  PID:5292
- C:\Windows\System\Cdewyue.exe
  C:\Windows\System\Cdewyue.exe
  2⤵
  PID:5096
- C:\Windows\System\JXfQnXG.exe
  C:\Windows\System\JXfQnXG.exe
  2⤵
  PID:5320
- C:\Windows\System\FfedjMg.exe
  C:\Windows\System\FfedjMg.exe
  2⤵
  PID:5348
- C:\Windows\System\WOYKOcO.exe
  C:\Windows\System\WOYKOcO.exe
  2⤵
  PID:5380
- C:\Windows\System\rxdiJuc.exe
  C:\Windows\System\rxdiJuc.exe
  2⤵
  PID:5432
- C:\Windows\System\pNuTJgZ.exe
  C:\Windows\System\pNuTJgZ.exe
  2⤵
  PID:2044
- C:\Windows\System\paUwOHu.exe
  C:\Windows\System\paUwOHu.exe
  2⤵
  PID:5444
- C:\Windows\System\dSFRSWI.exe
  C:\Windows\System\dSFRSWI.exe
  2⤵
  PID:5540
- C:\Windows\System\BjWusYz.exe
  C:\Windows\System\BjWusYz.exe
  2⤵
  PID:5572
- C:\Windows\System\ITZLuje.exe
  C:\Windows\System\ITZLuje.exe
  2⤵
  PID:5556
- C:\Windows\System\sPuBfcC.exe
  C:\Windows\System\sPuBfcC.exe
  2⤵
  PID:5592
- C:\Windows\System\hocyWUS.exe
  C:\Windows\System\hocyWUS.exe
  2⤵
  PID:956
- C:\Windows\System\GGQduBl.exe
  C:\Windows\System\GGQduBl.exe
  2⤵
  PID:1692
- C:\Windows\System\LXydOwq.exe
  C:\Windows\System\LXydOwq.exe
  2⤵
  PID:5620
- C:\Windows\System\hrkGEou.exe
  C:\Windows\System\hrkGEou.exe
  2⤵
  PID:5616
- C:\Windows\System\qwUWVQB.exe
  C:\Windows\System\qwUWVQB.exe
  2⤵
  PID:5652
- C:\Windows\System\mgEELdn.exe
  C:\Windows\System\mgEELdn.exe
  2⤵
  PID:5644
- C:\Windows\System\xJdebVx.exe
  C:\Windows\System\xJdebVx.exe
  2⤵
  PID:5680
- C:\Windows\System\qXUaBjj.exe
  C:\Windows\System\qXUaBjj.exe
  2⤵
  PID:5712
- C:\Windows\System\ScHrGkU.exe
  C:\Windows\System\ScHrGkU.exe
  2⤵
  PID:5688
- C:\Windows\System\PGqEhjj.exe
  C:\Windows\System\PGqEhjj.exe
  2⤵
  PID:5844
- C:\Windows\System\ObECDSV.exe
  C:\Windows\System\ObECDSV.exe
  2⤵
  PID:5740
- C:\Windows\System\uaHBpHN.exe
  C:\Windows\System\uaHBpHN.exe
  2⤵
  PID:5848
- C:\Windows\System\pOGxCBk.exe
  C:\Windows\System\pOGxCBk.exe
  2⤵
  PID:5800
- C:\Windows\System\LfPabHS.exe
  C:\Windows\System\LfPabHS.exe
  2⤵
  PID:5720
- C:\Windows\System\kXRDxwY.exe
  C:\Windows\System\kXRDxwY.exe
  2⤵
  PID:5764
- C:\Windows\System\ENzeRpD.exe
  C:\Windows\System\ENzeRpD.exe
  2⤵
  PID:5780
- C:\Windows\System\kzOtfvv.exe
  C:\Windows\System\kzOtfvv.exe
  2⤵
  PID:5864
- C:\Windows\System\GbQBmEq.exe
  C:\Windows\System\GbQBmEq.exe
  2⤵
  PID:5804
- C:\Windows\System\woyhUij.exe
  C:\Windows\System\woyhUij.exe
  2⤵
  PID:5916
- C:\Windows\System\hhwpcgQ.exe
  C:\Windows\System\hhwpcgQ.exe
  2⤵
  PID:5880
- C:\Windows\System\BBdXcYV.exe
  C:\Windows\System\BBdXcYV.exe
  2⤵
  PID:5988
- C:\Windows\System\zqNSAqA.exe
  C:\Windows\System\zqNSAqA.exe
  2⤵
  PID:5996
- C:\Windows\System\VsTjSUN.exe
  C:\Windows\System\VsTjSUN.exe
  2⤵
  PID:5944
- C:\Windows\System\GeleTIu.exe
  C:\Windows\System\GeleTIu.exe
  2⤵
  PID:6000
- C:\Windows\System\KLsWNls.exe
  C:\Windows\System\KLsWNls.exe
  2⤵
  PID:6016
- C:\Windows\System\uYabuHo.exe
  C:\Windows\System\uYabuHo.exe
  2⤵
  PID:6028
- C:\Windows\System\HbRMTIe.exe
  C:\Windows\System\HbRMTIe.exe
  2⤵
  PID:6088
- C:\Windows\System\gFrMHba.exe
  C:\Windows\System\gFrMHba.exe
  2⤵
  PID:6060
- C:\Windows\System\aAtUnUL.exe
  C:\Windows\System\aAtUnUL.exe
  2⤵
  PID:6092
- C:\Windows\System\zPcFDVB.exe
  C:\Windows\System\zPcFDVB.exe
  2⤵
  PID:6116
- C:\Windows\System\xYaSIKM.exe
  C:\Windows\System\xYaSIKM.exe
  2⤵
  PID:6140
- C:\Windows\System\ZZfIBPS.exe
  C:\Windows\System\ZZfIBPS.exe
  2⤵
  PID:5024
- C:\Windows\System\aixwqqW.exe
  C:\Windows\System\aixwqqW.exe
  2⤵
  PID:5144
- C:\Windows\System\tcufCWK.exe
  C:\Windows\System\tcufCWK.exe
  2⤵
  PID:5272
- C:\Windows\System\GePnkJZ.exe
  C:\Windows\System\GePnkJZ.exe
  2⤵
  PID:5288
- C:\Windows\System\VBVpTuS.exe
  C:\Windows\System\VBVpTuS.exe
  2⤵
  PID:5352
- C:\Windows\System\lRZensN.exe
  C:\Windows\System\lRZensN.exe
  2⤵
  PID:308
- C:\Windows\System\gzeBenT.exe
  C:\Windows\System\gzeBenT.exe
  2⤵
  PID:5416
- C:\Windows\System\HCdaPWs.exe
  C:\Windows\System\HCdaPWs.exe
  2⤵
  PID:5508
- C:\Windows\System\xVYOESl.exe
  C:\Windows\System\xVYOESl.exe
  2⤵
  PID:5560
- C:\Windows\System\VSXRgCO.exe
  C:\Windows\System\VSXRgCO.exe
  2⤵
  PID:5608
- C:\Windows\System\ockrxzs.exe
  C:\Windows\System\ockrxzs.exe
  2⤵
  PID:5632
- C:\Windows\System\mFCFeep.exe
  C:\Windows\System\mFCFeep.exe
  2⤵
  PID:5672
- C:\Windows\System\hFAofjm.exe
  C:\Windows\System\hFAofjm.exe
  2⤵
  PID:5744
- C:\Windows\System\kLYJShI.exe
  C:\Windows\System\kLYJShI.exe
  2⤵
  PID:5772
- C:\Windows\System\EyFpSWo.exe
  C:\Windows\System\EyFpSWo.exe
  2⤵
  PID:5752
- C:\Windows\System\ljsKcCc.exe
  C:\Windows\System\ljsKcCc.exe
  2⤵
  PID:5856
- C:\Windows\System\vaSHybR.exe
  C:\Windows\System\vaSHybR.exe
  2⤵
  PID:5920
- C:\Windows\System\olHUTMU.exe
  C:\Windows\System\olHUTMU.exe
  2⤵
  PID:5924
- C:\Windows\System\zHcrGPo.exe
  C:\Windows\System\zHcrGPo.exe
  2⤵
  PID:6052
- C:\Windows\System\FPirWwE.exe
  C:\Windows\System\FPirWwE.exe
  2⤵
  PID:5884
- C:\Windows\System\wmWBTIF.exe
  C:\Windows\System\wmWBTIF.exe
  2⤵
  PID:5960
- C:\Windows\System\UxXxUjo.exe
  C:\Windows\System\UxXxUjo.exe
  2⤵
  PID:6108
- C:\Windows\System\LvXAKHD.exe
  C:\Windows\System\LvXAKHD.exe
  2⤵
  PID:6104
- C:\Windows\System\sbTLIkX.exe
  C:\Windows\System\sbTLIkX.exe
  2⤵
  PID:848
- C:\Windows\System\Vjuovdx.exe
  C:\Windows\System\Vjuovdx.exe
  2⤵
  PID:912
- C:\Windows\System\cuWwEBn.exe
  C:\Windows\System\cuWwEBn.exe
  2⤵
  PID:2976
- C:\Windows\System\mTjzKMa.exe
  C:\Windows\System\mTjzKMa.exe
  2⤵
  PID:5256
- C:\Windows\System\qvhkFKI.exe
  C:\Windows\System\qvhkFKI.exe
  2⤵
  PID:4496
- C:\Windows\System\lNpUVwA.exe
  C:\Windows\System\lNpUVwA.exe
  2⤵
  PID:5428
- C:\Windows\System\skXXYbu.exe
  C:\Windows\System\skXXYbu.exe
  2⤵
  PID:5528
- C:\Windows\System\kxVRPRN.exe
  C:\Windows\System\kxVRPRN.exe
  2⤵
  PID:1168
- C:\Windows\System\OizVHCc.exe
  C:\Windows\System\OizVHCc.exe
  2⤵
  PID:2540
- C:\Windows\System\WkhzGDd.exe
  C:\Windows\System\WkhzGDd.exe
  2⤵
  PID:5732
- C:\Windows\System\GlAWTck.exe
  C:\Windows\System\GlAWTck.exe
  2⤵
  PID:5776
- C:\Windows\System\uYxkywu.exe
  C:\Windows\System\uYxkywu.exe
  2⤵
  PID:5940
- C:\Windows\System\sdQBZaI.exe
  C:\Windows\System\sdQBZaI.exe
  2⤵
  PID:1068
- C:\Windows\System\zPvveTe.exe
  C:\Windows\System\zPvveTe.exe
  2⤵
  PID:2616
- C:\Windows\System\usgnRTZ.exe
  C:\Windows\System\usgnRTZ.exe
  2⤵
  PID:1972
- C:\Windows\System\CkpwlAm.exe
  C:\Windows\System\CkpwlAm.exe
  2⤵
  PID:6128
- C:\Windows\System\ofwGrsJ.exe
  C:\Windows\System\ofwGrsJ.exe
  2⤵
  PID:5832
- C:\Windows\System\UsFNlen.exe
  C:\Windows\System\UsFNlen.exe
  2⤵
  PID:6012
- C:\Windows\System\bgzEdSm.exe
  C:\Windows\System\bgzEdSm.exe
  2⤵
  PID:5460
- C:\Windows\System\qBlliGh.exe
  C:\Windows\System\qBlliGh.exe
  2⤵
  PID:5316
- C:\Windows\System\iVYqyFL.exe
  C:\Windows\System\iVYqyFL.exe
  2⤵
  PID:1880
- C:\Windows\System\XfJIIHv.exe
  C:\Windows\System\XfJIIHv.exe
  2⤵
  PID:5412
- C:\Windows\System\mGCsgpp.exe
  C:\Windows\System\mGCsgpp.exe
  2⤵
  PID:5700
- C:\Windows\System\yHmmVGv.exe
  C:\Windows\System\yHmmVGv.exe
  2⤵
  PID:5788
- C:\Windows\System\rqJMjYw.exe
  C:\Windows\System\rqJMjYw.exe
  2⤵
  PID:5896
- C:\Windows\System\xCpPiFp.exe
  C:\Windows\System\xCpPiFp.exe
  2⤵
  PID:5736
- C:\Windows\System\culxaRg.exe
  C:\Windows\System\culxaRg.exe
  2⤵
  PID:5816
- C:\Windows\System\wrDMXBc.exe
  C:\Windows\System\wrDMXBc.exe
  2⤵
  PID:5972
- C:\Windows\System\UNgbVwq.exe
  C:\Windows\System\UNgbVwq.exe
  2⤵
  PID:748
- C:\Windows\System\Lcsphar.exe
  C:\Windows\System\Lcsphar.exe
  2⤵
  PID:1156
- C:\Windows\System\PkBHaKi.exe
  C:\Windows\System\PkBHaKi.exe
  2⤵
  PID:2004
- C:\Windows\System\pJfhaFz.exe
  C:\Windows\System\pJfhaFz.exe
  2⤵
  PID:2620
- C:\Windows\System\FZoRSPc.exe
  C:\Windows\System\FZoRSPc.exe
  2⤵
  PID:5656
- C:\Windows\System\XmxOkFI.exe
  C:\Windows\System\XmxOkFI.exe
  2⤵
  PID:6120
- C:\Windows\System\TVxiGiZ.exe
  C:\Windows\System\TVxiGiZ.exe
  2⤵
  PID:5600
- C:\Windows\System\RKECAhP.exe
  C:\Windows\System\RKECAhP.exe
  2⤵
  PID:6148
- C:\Windows\System\tPHJmdB.exe
  C:\Windows\System\tPHJmdB.exe
  2⤵
  PID:6164
- C:\Windows\System\twZXotL.exe
  C:\Windows\System\twZXotL.exe
  2⤵
  PID:6180
- C:\Windows\System\nZhDIcw.exe
  C:\Windows\System\nZhDIcw.exe
  2⤵
  PID:6196
- C:\Windows\System\oEVJKKf.exe
  C:\Windows\System\oEVJKKf.exe
  2⤵
  PID:6212
- C:\Windows\System\OxHglZP.exe
  C:\Windows\System\OxHglZP.exe
  2⤵
  PID:6228
- C:\Windows\System\gZkieJc.exe
  C:\Windows\System\gZkieJc.exe
  2⤵
  PID:6244
- C:\Windows\System\ENujBLi.exe
  C:\Windows\System\ENujBLi.exe
  2⤵
  PID:6260
- C:\Windows\System\zAdtpHy.exe
  C:\Windows\System\zAdtpHy.exe
  2⤵
  PID:6280
- C:\Windows\System\rIydkIJ.exe
  C:\Windows\System\rIydkIJ.exe
  2⤵
  PID:6296
- C:\Windows\System\WsDElwG.exe
  C:\Windows\System\WsDElwG.exe
  2⤵
  PID:6312
- C:\Windows\System\hoGerMl.exe
  C:\Windows\System\hoGerMl.exe
  2⤵
  PID:6328
- C:\Windows\System\JXwVPEJ.exe
  C:\Windows\System\JXwVPEJ.exe
  2⤵
  PID:6344
- C:\Windows\System\rMCSUfW.exe
  C:\Windows\System\rMCSUfW.exe
  2⤵
  PID:6360
- C:\Windows\System\SOezwdI.exe
  C:\Windows\System\SOezwdI.exe
  2⤵
  PID:6376
- C:\Windows\System\FJfAHcs.exe
  C:\Windows\System\FJfAHcs.exe
  2⤵
  PID:6396
- C:\Windows\System\PbsLfbT.exe
  C:\Windows\System\PbsLfbT.exe
  2⤵
  PID:6412
- C:\Windows\System\BMUCsvH.exe
  C:\Windows\System\BMUCsvH.exe
  2⤵
  PID:6428
- C:\Windows\System\zwjyESj.exe
  C:\Windows\System\zwjyESj.exe
  2⤵
  PID:6444
- C:\Windows\System\TZmxEkF.exe
  C:\Windows\System\TZmxEkF.exe
  2⤵
  PID:6460
- C:\Windows\System\yVArgGu.exe
  C:\Windows\System\yVArgGu.exe
  2⤵
  PID:6476
- C:\Windows\System\gEsMCaE.exe
  C:\Windows\System\gEsMCaE.exe
  2⤵
  PID:6492
- C:\Windows\System\upcgeJD.exe
  C:\Windows\System\upcgeJD.exe
  2⤵
  PID:6508
- C:\Windows\System\gdQwskO.exe
  C:\Windows\System\gdQwskO.exe
  2⤵
  PID:6524
- C:\Windows\System\HNdjtKN.exe
  C:\Windows\System\HNdjtKN.exe
  2⤵
  PID:6540
- C:\Windows\System\qgMHkyZ.exe
  C:\Windows\System\qgMHkyZ.exe
  2⤵
  PID:6564
- C:\Windows\System\RPVhpNQ.exe
  C:\Windows\System\RPVhpNQ.exe
  2⤵
  PID:6580
- C:\Windows\System\rbjLOCb.exe
  C:\Windows\System\rbjLOCb.exe
  2⤵
  PID:6596
- C:\Windows\System\OXrCLIY.exe
  C:\Windows\System\OXrCLIY.exe
  2⤵
  PID:6612
- C:\Windows\System\CZeRylp.exe
  C:\Windows\System\CZeRylp.exe
  2⤵
  PID:6628
- C:\Windows\System\yymzFgR.exe
  C:\Windows\System\yymzFgR.exe
  2⤵
  PID:6648
- C:\Windows\System\UkKlRWo.exe
  C:\Windows\System\UkKlRWo.exe
  2⤵
  PID:6664
- C:\Windows\System\wxigdbH.exe
  C:\Windows\System\wxigdbH.exe
  2⤵
  PID:6680
- C:\Windows\System\WMlTfFu.exe
  C:\Windows\System\WMlTfFu.exe
  2⤵
  PID:6696
- C:\Windows\System\vZEGkIj.exe
  C:\Windows\System\vZEGkIj.exe
  2⤵
  PID:6712
- C:\Windows\System\nehCImW.exe
  C:\Windows\System\nehCImW.exe
  2⤵
  PID:6728
- C:\Windows\System\gMeyKJb.exe
  C:\Windows\System\gMeyKJb.exe
  2⤵
  PID:6744
- C:\Windows\System\JNwglNs.exe
  C:\Windows\System\JNwglNs.exe
  2⤵
  PID:6764
- C:\Windows\System\bGABiQD.exe
  C:\Windows\System\bGABiQD.exe
  2⤵
  PID:6780
- C:\Windows\System\sZCgMPi.exe
  C:\Windows\System\sZCgMPi.exe
  2⤵
  PID:6796
- C:\Windows\System\yKjrcDS.exe
  C:\Windows\System\yKjrcDS.exe
  2⤵
  PID:6812
- C:\Windows\System\GbQESGh.exe
  C:\Windows\System\GbQESGh.exe
  2⤵
  PID:6828
- C:\Windows\System\jNYARlv.exe
  C:\Windows\System\jNYARlv.exe
  2⤵
  PID:6844
- C:\Windows\System\CflBHPr.exe
  C:\Windows\System\CflBHPr.exe
  2⤵
  PID:6860
- C:\Windows\System\pBETPTy.exe
  C:\Windows\System\pBETPTy.exe
  2⤵
  PID:6876
- C:\Windows\System\hmbBbvh.exe
  C:\Windows\System\hmbBbvh.exe
  2⤵
  PID:6892
- C:\Windows\System\xAbQDGf.exe
  C:\Windows\System\xAbQDGf.exe
  2⤵
  PID:6912
- C:\Windows\System\iWOZQoN.exe
  C:\Windows\System\iWOZQoN.exe
  2⤵
  PID:6928
- C:\Windows\System\SzVWxHi.exe
  C:\Windows\System\SzVWxHi.exe
  2⤵
  PID:6944
- C:\Windows\System\OiAHbYY.exe
  C:\Windows\System\OiAHbYY.exe
  2⤵
  PID:6960
- C:\Windows\System\DnatrDn.exe
  C:\Windows\System\DnatrDn.exe
  2⤵
  PID:6976
- C:\Windows\System\LyewJum.exe
  C:\Windows\System\LyewJum.exe
  2⤵
  PID:6992
- C:\Windows\System\ABAKXhF.exe
  C:\Windows\System\ABAKXhF.exe
  2⤵
  PID:7008
- C:\Windows\System\uitnRYd.exe
  C:\Windows\System\uitnRYd.exe
  2⤵
  PID:7028
- C:\Windows\System\OXJAYqW.exe
  C:\Windows\System\OXJAYqW.exe
  2⤵
  PID:7044
- C:\Windows\System\KfsUlyZ.exe
  C:\Windows\System\KfsUlyZ.exe
  2⤵
  PID:7060
- C:\Windows\System\JzTxZjs.exe
  C:\Windows\System\JzTxZjs.exe
  2⤵
  PID:7076
- C:\Windows\System\VpLRLrB.exe
  C:\Windows\System\VpLRLrB.exe
  2⤵
  PID:7092
- C:\Windows\System\vsqznHz.exe
  C:\Windows\System\vsqznHz.exe
  2⤵
  PID:7108
- C:\Windows\System\KjJDNCu.exe
  C:\Windows\System\KjJDNCu.exe
  2⤵
  PID:7132
- C:\Windows\System\uFBzcnb.exe
  C:\Windows\System\uFBzcnb.exe
  2⤵
  PID:7148
- C:\Windows\System\UAMHmGJ.exe
  C:\Windows\System\UAMHmGJ.exe
  2⤵
  PID:7164
- C:\Windows\System\jFGwThC.exe
  C:\Windows\System\jFGwThC.exe
  2⤵
  PID:6096
- C:\Windows\System\fNtkMzz.exe
  C:\Windows\System\fNtkMzz.exe
  2⤵
  PID:6224
- C:\Windows\System\gbTpdSW.exe
  C:\Windows\System\gbTpdSW.exe
  2⤵
  PID:5704
- C:\Windows\System\oORwsvD.exe
  C:\Windows\System\oORwsvD.exe
  2⤵
  PID:6208
- C:\Windows\System\kFWtdDp.exe
  C:\Windows\System\kFWtdDp.exe
  2⤵
  PID:6276
- C:\Windows\System\cgCWPmT.exe
  C:\Windows\System\cgCWPmT.exe
  2⤵
  PID:6324
- C:\Windows\System\MOWYJGa.exe
  C:\Windows\System\MOWYJGa.exe
  2⤵
  PID:6352
- C:\Windows\System\QYotyjX.exe
  C:\Windows\System\QYotyjX.exe
  2⤵
  PID:6372
- C:\Windows\System\zYioNgO.exe
  C:\Windows\System\zYioNgO.exe
  2⤵
  PID:6424
- C:\Windows\System\LlapcUs.exe
  C:\Windows\System\LlapcUs.exe
  2⤵
  PID:6440
- C:\Windows\System\RQCFSyO.exe
  C:\Windows\System\RQCFSyO.exe
  2⤵
  PID:6536
- C:\Windows\System\xeSPKlP.exe
  C:\Windows\System\xeSPKlP.exe
  2⤵
  PID:6560
- C:\Windows\System\xhYqQqb.exe
  C:\Windows\System\xhYqQqb.exe
  2⤵
  PID:6624
- C:\Windows\System\sksKydZ.exe
  C:\Windows\System\sksKydZ.exe
  2⤵
  PID:6604
- C:\Windows\System\FaVXDMb.exe
  C:\Windows\System\FaVXDMb.exe
  2⤵
  PID:6692
- C:\Windows\System\NYWkifB.exe
  C:\Windows\System\NYWkifB.exe
  2⤵
  PID:6676
- C:\Windows\System\MCAQbGt.exe
  C:\Windows\System\MCAQbGt.exe
  2⤵
  PID:6752
- C:\Windows\System\KRKuiqT.exe
  C:\Windows\System\KRKuiqT.exe
  2⤵
  PID:6736
- C:\Windows\System\TVAPvRO.exe
  C:\Windows\System\TVAPvRO.exe
  2⤵
  PID:6808
- C:\Windows\System\fXTjvdT.exe
  C:\Windows\System\fXTjvdT.exe
  2⤵
  PID:6872
- C:\Windows\System\HACaZbK.exe
  C:\Windows\System\HACaZbK.exe
  2⤵
  PID:6852
- C:\Windows\System\qbixzgh.exe
  C:\Windows\System\qbixzgh.exe
  2⤵
  PID:6856
- C:\Windows\System\zFuDaxA.exe
  C:\Windows\System\zFuDaxA.exe
  2⤵
  PID:6924
- C:\Windows\System\BHDRomq.exe
  C:\Windows\System\BHDRomq.exe
  2⤵
  PID:6940
- C:\Windows\System\msWCEVf.exe
  C:\Windows\System\msWCEVf.exe
  2⤵
  PID:7000
- C:\Windows\System\jXcmlLC.exe
  C:\Windows\System\jXcmlLC.exe
  2⤵
  PID:7020
- C:\Windows\System\DjIgSzK.exe
  C:\Windows\System\DjIgSzK.exe
  2⤵
  PID:7040
- C:\Windows\System\eIkbnGp.exe
  C:\Windows\System\eIkbnGp.exe
  2⤵
  PID:7088
- C:\Windows\System\NHLpSeB.exe
  C:\Windows\System\NHLpSeB.exe
  2⤵
  PID:6392
- C:\Windows\System\ZykWrDM.exe
  C:\Windows\System\ZykWrDM.exe
  2⤵
  PID:7160
- C:\Windows\System\csxzfoL.exe
  C:\Windows\System\csxzfoL.exe
  2⤵
  PID:6256
- C:\Windows\System\ahAaghc.exe
  C:\Windows\System\ahAaghc.exe
  2⤵
  PID:6176
- C:\Windows\System\jOImeEo.exe
  C:\Windows\System\jOImeEo.exe
  2⤵
  PID:6320
- C:\Windows\System\rGuNrnf.exe
  C:\Windows\System\rGuNrnf.exe
  2⤵
  PID:6308
- C:\Windows\System\fydyDQU.exe
  C:\Windows\System\fydyDQU.exe
  2⤵
  PID:6436
- C:\Windows\System\iJHpoqX.exe
  C:\Windows\System\iJHpoqX.exe
  2⤵
  PID:6356
- C:\Windows\System\DGbIYbr.exe
  C:\Windows\System\DGbIYbr.exe
  2⤵
  PID:6592
- C:\Windows\System\OkNeObl.exe
  C:\Windows\System\OkNeObl.exe
  2⤵
  PID:6520
- C:\Windows\System\XtuCBVf.exe
  C:\Windows\System\XtuCBVf.exe
  2⤵
  PID:6708
- C:\Windows\System\nPIreIJ.exe
  C:\Windows\System\nPIreIJ.exe
  2⤵
  PID:6672
- C:\Windows\System\BnREEmQ.exe
  C:\Windows\System\BnREEmQ.exe
  2⤵
  PID:6868
- C:\Windows\System\tVQRWmD.exe
  C:\Windows\System\tVQRWmD.exe
  2⤵
  PID:6920
- C:\Windows\System\GjmbIlO.exe
  C:\Windows\System\GjmbIlO.exe
  2⤵
  PID:6956
- C:\Windows\System\gkZxBwF.exe
  C:\Windows\System\gkZxBwF.exe
  2⤵
  PID:6936
- C:\Windows\System\VJlHLDg.exe
  C:\Windows\System\VJlHLDg.exe
  2⤵
  PID:6188
- C:\Windows\System\lTUILeg.exe
  C:\Windows\System\lTUILeg.exe
  2⤵
  PID:7084
- C:\Windows\System\WkzNOJH.exe
  C:\Windows\System\WkzNOJH.exe
  2⤵
  PID:6468
- C:\Windows\System\QnATDFn.exe
  C:\Windows\System\QnATDFn.exe
  2⤵
  PID:1676
- C:\Windows\System\DEiMLvO.exe
  C:\Windows\System\DEiMLvO.exe
  2⤵
  PID:6472
- C:\Windows\System\jaJsfOJ.exe
  C:\Windows\System\jaJsfOJ.exe
  2⤵
  PID:6640
- C:\Windows\System\GJyYKFL.exe
  C:\Windows\System\GJyYKFL.exe
  2⤵
  PID:6792
- C:\Windows\System\XXWVeCk.exe
  C:\Windows\System\XXWVeCk.exe
  2⤵
  PID:6984
- C:\Windows\System\EknRmjo.exe
  C:\Windows\System\EknRmjo.exe
  2⤵
  PID:6268
- C:\Windows\System\MysdvxS.exe
  C:\Windows\System\MysdvxS.exe
  2⤵
  PID:7072
- C:\Windows\System\DlNnmwo.exe
  C:\Windows\System\DlNnmwo.exe
  2⤵
  PID:6500
- C:\Windows\System\qokBzHf.exe
  C:\Windows\System\qokBzHf.exe
  2⤵
  PID:6840
- C:\Windows\System\MUTzZwm.exe
  C:\Windows\System\MUTzZwm.exe
  2⤵
  PID:6656
- C:\Windows\System\WdFaEKH.exe
  C:\Windows\System\WdFaEKH.exe
  2⤵
  PID:6884
- C:\Windows\System\rihGpHE.exe
  C:\Windows\System\rihGpHE.exe
  2⤵
  PID:7180
- C:\Windows\System\CBDrcAf.exe
  C:\Windows\System\CBDrcAf.exe
  2⤵
  PID:7196
- C:\Windows\System\GCAbIgg.exe
  C:\Windows\System\GCAbIgg.exe
  2⤵
  PID:7212
- C:\Windows\System\dljETYd.exe
  C:\Windows\System\dljETYd.exe
  2⤵
  PID:7228
- C:\Windows\System\gQRjvZl.exe
  C:\Windows\System\gQRjvZl.exe
  2⤵
  PID:7244
- C:\Windows\System\wYInekn.exe
  C:\Windows\System\wYInekn.exe
  2⤵
  PID:7264
- C:\Windows\System\QAJehSK.exe
  C:\Windows\System\QAJehSK.exe
  2⤵
  PID:7284
- C:\Windows\System\hzZtSbj.exe
  C:\Windows\System\hzZtSbj.exe
  2⤵
  PID:7300
- C:\Windows\System\eMkOTDM.exe
  C:\Windows\System\eMkOTDM.exe
  2⤵
  PID:7316
- C:\Windows\System\yxxzfPU.exe
  C:\Windows\System\yxxzfPU.exe
  2⤵
  PID:7336
- C:\Windows\System\psHaXJw.exe
  C:\Windows\System\psHaXJw.exe
  2⤵
  PID:7360
- C:\Windows\System\RgZqcpy.exe
  C:\Windows\System\RgZqcpy.exe
  2⤵
  PID:7376
- C:\Windows\System\yWShAKG.exe
  C:\Windows\System\yWShAKG.exe
  2⤵
  PID:7396
- C:\Windows\System\VwfZsmA.exe
  C:\Windows\System\VwfZsmA.exe
  2⤵
  PID:7412
- C:\Windows\System\nGqQfZj.exe
  C:\Windows\System\nGqQfZj.exe
  2⤵
  PID:7428
- C:\Windows\System\NCZdIxK.exe
  C:\Windows\System\NCZdIxK.exe
  2⤵
  PID:7460
- C:\Windows\System\PjEBFCh.exe
  C:\Windows\System\PjEBFCh.exe
  2⤵
  PID:7476
- C:\Windows\System\LHveyzl.exe
  C:\Windows\System\LHveyzl.exe
  2⤵
  PID:7492
- C:\Windows\System\mLcivgm.exe
  C:\Windows\System\mLcivgm.exe
  2⤵
  PID:7508
- C:\Windows\System\kvHPbFM.exe
  C:\Windows\System\kvHPbFM.exe
  2⤵
  PID:7528
- C:\Windows\System\vFZAbIr.exe
  C:\Windows\System\vFZAbIr.exe
  2⤵
  PID:7544
- C:\Windows\System\OithNbd.exe
  C:\Windows\System\OithNbd.exe
  2⤵
  PID:7564
- C:\Windows\System\aOsiQlF.exe
  C:\Windows\System\aOsiQlF.exe
  2⤵
  PID:7584
- C:\Windows\System\PzsXVPg.exe
  C:\Windows\System\PzsXVPg.exe
  2⤵
  PID:7600
- C:\Windows\System\LHqvtQI.exe
  C:\Windows\System\LHqvtQI.exe
  2⤵
  PID:7616
- C:\Windows\System\meTNCmH.exe
  C:\Windows\System\meTNCmH.exe
  2⤵
  PID:7632
- C:\Windows\System\CGMOyFd.exe
  C:\Windows\System\CGMOyFd.exe
  2⤵
  PID:7648
- C:\Windows\System\hkyCldd.exe
  C:\Windows\System\hkyCldd.exe
  2⤵
  PID:7664
- C:\Windows\System\RvmqlfQ.exe
  C:\Windows\System\RvmqlfQ.exe
  2⤵
  PID:7684
- C:\Windows\System\gsKguNs.exe
  C:\Windows\System\gsKguNs.exe
  2⤵
  PID:7704
- C:\Windows\System\RTqNQWz.exe
  C:\Windows\System\RTqNQWz.exe
  2⤵
  PID:7720
- C:\Windows\System\dyHMeNf.exe
  C:\Windows\System\dyHMeNf.exe
  2⤵
  PID:7736
- C:\Windows\System\PgJtKOF.exe
  C:\Windows\System\PgJtKOF.exe
  2⤵
  PID:7752
- C:\Windows\System\bYUENcx.exe
  C:\Windows\System\bYUENcx.exe
  2⤵
  PID:7776
- C:\Windows\System\XLgLcLu.exe
  C:\Windows\System\XLgLcLu.exe
  2⤵
  PID:7792
- C:\Windows\System\YMDhJOd.exe
  C:\Windows\System\YMDhJOd.exe
  2⤵
  PID:7808
- C:\Windows\System\XgXjYUv.exe
  C:\Windows\System\XgXjYUv.exe
  2⤵
  PID:7824
- C:\Windows\System\HShGDlt.exe
  C:\Windows\System\HShGDlt.exe
  2⤵
  PID:7840
- C:\Windows\System\sUPTsiy.exe
  C:\Windows\System\sUPTsiy.exe
  2⤵
  PID:7856
- C:\Windows\System\sbFnJzn.exe
  C:\Windows\System\sbFnJzn.exe
  2⤵
  PID:7880
- C:\Windows\System\yHOxyXY.exe
  C:\Windows\System\yHOxyXY.exe
  2⤵
  PID:7896
- C:\Windows\System\fCRwKhY.exe
  C:\Windows\System\fCRwKhY.exe
  2⤵
  PID:7916
- C:\Windows\System\tVVsTvZ.exe
  C:\Windows\System\tVVsTvZ.exe
  2⤵
  PID:7932
- C:\Windows\System\ZpaCmVT.exe
  C:\Windows\System\ZpaCmVT.exe
  2⤵
  PID:7948
- C:\Windows\System\EwqRJww.exe
  C:\Windows\System\EwqRJww.exe
  2⤵
  PID:7964
- C:\Windows\System\nSngDqv.exe
  C:\Windows\System\nSngDqv.exe
  2⤵
  PID:7980
- C:\Windows\System\KTvERmV.exe
  C:\Windows\System\KTvERmV.exe
  2⤵
  PID:8008
- C:\Windows\System\zIttfck.exe
  C:\Windows\System\zIttfck.exe
  2⤵
  PID:8028
- C:\Windows\System\qcuDCME.exe
  C:\Windows\System\qcuDCME.exe
  2⤵
  PID:8044
- C:\Windows\System\ihSSevU.exe
  C:\Windows\System\ihSSevU.exe
  2⤵
  PID:8060
- C:\Windows\System\BytoChX.exe
  C:\Windows\System\BytoChX.exe
  2⤵
  PID:8080
- C:\Windows\System\haQUNSB.exe
  C:\Windows\System\haQUNSB.exe
  2⤵
  PID:8100
- C:\Windows\System\dtAVEvK.exe
  C:\Windows\System\dtAVEvK.exe
  2⤵
  PID:8120
- C:\Windows\System\ldBTnfN.exe
  C:\Windows\System\ldBTnfN.exe
  2⤵
  PID:8148
- C:\Windows\System\BISYdeQ.exe
  C:\Windows\System\BISYdeQ.exe
  2⤵
  PID:8164
- C:\Windows\System\abeqiPq.exe
  C:\Windows\System\abeqiPq.exe
  2⤵
  PID:8188
- C:\Windows\System\mfUXZhS.exe
  C:\Windows\System\mfUXZhS.exe
  2⤵
  PID:7036
- C:\Windows\System\YgcwDJo.exe
  C:\Windows\System\YgcwDJo.exe
  2⤵
  PID:7280
- C:\Windows\System\gCOUyKV.exe
  C:\Windows\System\gCOUyKV.exe
  2⤵
  PID:6548
- C:\Windows\System\VxHCkxK.exe
  C:\Windows\System\VxHCkxK.exe
  2⤵
  PID:7252
- C:\Windows\System\smRMYXI.exe
  C:\Windows\System\smRMYXI.exe
  2⤵
  PID:7296
- C:\Windows\System\YTKuumW.exe
  C:\Windows\System\YTKuumW.exe
  2⤵
  PID:7356
- C:\Windows\System\CJFtxUZ.exe
  C:\Windows\System\CJFtxUZ.exe
  2⤵
  PID:7624
- C:\Windows\System\kdKjAXj.exe
  C:\Windows\System\kdKjAXj.exe
  2⤵
  PID:7716
- C:\Windows\System\KxjLcoj.exe
  C:\Windows\System\KxjLcoj.exe
  2⤵
  PID:7748
- C:\Windows\System\DVEXWfH.exe
  C:\Windows\System\DVEXWfH.exe
  2⤵
  PID:7852
- C:\Windows\System\jSJbSsS.exe
  C:\Windows\System\jSJbSsS.exe
  2⤵
  PID:7924
- C:\Windows\System\Ibyhmgs.exe
  C:\Windows\System\Ibyhmgs.exe
  2⤵
  PID:7864
- C:\Windows\System\cIpuqnP.exe
  C:\Windows\System\cIpuqnP.exe
  2⤵
  PID:7836
- C:\Windows\System\vOemiiW.exe
  C:\Windows\System\vOemiiW.exe
  2⤵
  PID:7904
- C:\Windows\System\lPsgYMa.exe
  C:\Windows\System\lPsgYMa.exe
  2⤵
  PID:7960
- C:\Windows\System\MeTANfv.exe
  C:\Windows\System\MeTANfv.exe
  2⤵
  PID:8036
- C:\Windows\System\JlFTEDW.exe
  C:\Windows\System\JlFTEDW.exe
  2⤵
  PID:8076
- C:\Windows\System\ZvWyBVI.exe
  C:\Windows\System\ZvWyBVI.exe
  2⤵
  PID:8128
- C:\Windows\System\kUeNQOg.exe
  C:\Windows\System\kUeNQOg.exe
  2⤵
  PID:8184
- C:\Windows\System\iHsavGc.exe
  C:\Windows\System\iHsavGc.exe
  2⤵
  PID:7140
- C:\Windows\System\CPJtzZs.exe
  C:\Windows\System\CPJtzZs.exe
  2⤵
  PID:6160
- C:\Windows\System\QCuHBsH.exe
  C:\Windows\System\QCuHBsH.exe
  2⤵
  PID:7192
- C:\Windows\System\zJGQXQP.exe
  C:\Windows\System\zJGQXQP.exe
  2⤵
  PID:7236
- C:\Windows\System\luYAzJu.exe
  C:\Windows\System\luYAzJu.exe
  2⤵
  PID:7908
- C:\Windows\System\xCKirsX.exe
  C:\Windows\System\xCKirsX.exe
  2⤵
  PID:1480
- C:\Windows\System\IYWxszl.exe
  C:\Windows\System\IYWxszl.exe
  2⤵
  PID:7504
- C:\Windows\System\VXAtdJx.exe
  C:\Windows\System\VXAtdJx.exe
  2⤵
  PID:7732
- C:\Windows\System\wafhHdq.exe
  C:\Windows\System\wafhHdq.exe
  2⤵
  PID:8096
- C:\Windows\System\HfQgYcI.exe
  C:\Windows\System\HfQgYcI.exe
  2⤵
  PID:7872
- C:\Windows\System\sBEUDTj.exe
  C:\Windows\System\sBEUDTj.exe
  2⤵
  PID:8052
- C:\Windows\System\cKBNXFN.exe
  C:\Windows\System\cKBNXFN.exe
  2⤵
  PID:7700
- C:\Windows\System\JTxSQwG.exe
  C:\Windows\System\JTxSQwG.exe
  2⤵
  PID:7928
- C:\Windows\System\rpJkSVN.exe
  C:\Windows\System\rpJkSVN.exe
  2⤵
  PID:7612
- C:\Windows\System\IglQasq.exe
  C:\Windows\System\IglQasq.exe
  2⤵
  PID:7644
- C:\Windows\System\vRBgMil.exe
  C:\Windows\System\vRBgMil.exe
  2⤵
  PID:7596
- C:\Windows\System\oJQcgVQ.exe
  C:\Windows\System\oJQcgVQ.exe
  2⤵
  PID:7332
- C:\Windows\System\tvqozmw.exe
  C:\Windows\System\tvqozmw.exe
  2⤵
  PID:7660
- C:\Windows\System\uyXuBwM.exe
  C:\Windows\System\uyXuBwM.exe
  2⤵
  PID:7848
- C:\Windows\System\NlfgOJB.exe
  C:\Windows\System\NlfgOJB.exe
  2⤵
  PID:7956
- C:\Windows\System\UvlDwXZ.exe
  C:\Windows\System\UvlDwXZ.exe
  2⤵
  PID:7608
- C:\Windows\System\nZePUmc.exe
  C:\Windows\System\nZePUmc.exe
  2⤵
  PID:7408
- C:\Windows\System\owaOArb.exe
  C:\Windows\System\owaOArb.exe
  2⤵
  PID:6608
- C:\Windows\System\amtnaDp.exe
  C:\Windows\System\amtnaDp.exe
  2⤵
  PID:7404
- C:\Windows\System\LBGVOqh.exe
  C:\Windows\System\LBGVOqh.exe
  2⤵
  PID:8072
- C:\Windows\System\pEIlArs.exe
  C:\Windows\System\pEIlArs.exe
  2⤵
  PID:8200
- C:\Windows\System\vptIZFf.exe
  C:\Windows\System\vptIZFf.exe
  2⤵
  PID:8220
- C:\Windows\System\FDkQdxf.exe
  C:\Windows\System\FDkQdxf.exe
  2⤵
  PID:8244
- C:\Windows\System\ypvcsPQ.exe
  C:\Windows\System\ypvcsPQ.exe
  2⤵
  PID:8264
- C:\Windows\System\ZnwwkzS.exe
  C:\Windows\System\ZnwwkzS.exe
  2⤵
  PID:8288
- C:\Windows\System\sWpovBX.exe
  C:\Windows\System\sWpovBX.exe
  2⤵
  PID:8320
- C:\Windows\System\VCizeuU.exe
  C:\Windows\System\VCizeuU.exe
  2⤵
  PID:8376
- C:\Windows\System\MSQjEoB.exe
  C:\Windows\System\MSQjEoB.exe
  2⤵
  PID:8420
- C:\Windows\System\vkleIrK.exe
  C:\Windows\System\vkleIrK.exe
  2⤵
  PID:8436
- C:\Windows\System\FTRHFwR.exe
  C:\Windows\System\FTRHFwR.exe
  2⤵
  PID:8456
- C:\Windows\System\YbCcwrw.exe
  C:\Windows\System\YbCcwrw.exe
  2⤵
  PID:8648
- C:\Windows\System\EIBvIOm.exe
  C:\Windows\System\EIBvIOm.exe
  2⤵
  PID:8664
- C:\Windows\System\mlAkKVt.exe
  C:\Windows\System\mlAkKVt.exe
  2⤵
  PID:8680
- C:\Windows\System\veFQxvG.exe
  C:\Windows\System\veFQxvG.exe
  2⤵
  PID:8696
- C:\Windows\System\LBwplWj.exe
  C:\Windows\System\LBwplWj.exe
  2⤵
  PID:8712
- C:\Windows\System\xEkUJzd.exe
  C:\Windows\System\xEkUJzd.exe
  2⤵
  PID:8728
- C:\Windows\System\qvpczYt.exe
  C:\Windows\System\qvpczYt.exe
  2⤵
  PID:8744
- C:\Windows\System\VKROcoJ.exe
  C:\Windows\System\VKROcoJ.exe
  2⤵
  PID:8760
- C:\Windows\System\nHQZFjZ.exe
  C:\Windows\System\nHQZFjZ.exe
  2⤵
  PID:8776
- C:\Windows\System\nRjyVEw.exe
  C:\Windows\System\nRjyVEw.exe
  2⤵
  PID:8792
- C:\Windows\System\KFzWOrh.exe
  C:\Windows\System\KFzWOrh.exe
  2⤵
  PID:8808
- C:\Windows\System\UYUvyGO.exe
  C:\Windows\System\UYUvyGO.exe
  2⤵
  PID:8828
- C:\Windows\System\OLVxNBM.exe
  C:\Windows\System\OLVxNBM.exe
  2⤵
  PID:8844
- C:\Windows\System\OIUUXnE.exe
  C:\Windows\System\OIUUXnE.exe
  2⤵
  PID:8860
- C:\Windows\System\UMBjKFd.exe
  C:\Windows\System\UMBjKFd.exe
  2⤵
  PID:8880
- C:\Windows\System\pFzNIBa.exe
  C:\Windows\System\pFzNIBa.exe
  2⤵
  PID:8908
- C:\Windows\System\rpktiqX.exe
  C:\Windows\System\rpktiqX.exe
  2⤵
  PID:8932
- C:\Windows\System\AjWyjjb.exe
  C:\Windows\System\AjWyjjb.exe
  2⤵
  PID:8948
- C:\Windows\System\gbjaNUu.exe
  C:\Windows\System\gbjaNUu.exe
  2⤵
  PID:8964
- C:\Windows\System\INKujLv.exe
  C:\Windows\System\INKujLv.exe
  2⤵
  PID:8980
- C:\Windows\System\FzQdQMK.exe
  C:\Windows\System\FzQdQMK.exe
  2⤵
  PID:8996
- C:\Windows\System\bIacwdt.exe
  C:\Windows\System\bIacwdt.exe
  2⤵
  PID:9012
- C:\Windows\System\rBroowr.exe
  C:\Windows\System\rBroowr.exe
  2⤵
  PID:9028
- C:\Windows\System\oKUnrbm.exe
  C:\Windows\System\oKUnrbm.exe
  2⤵
  PID:9052
- C:\Windows\System\alNgisZ.exe
  C:\Windows\System\alNgisZ.exe
  2⤵
  PID:9072
- C:\Windows\System\uvMKDjt.exe
  C:\Windows\System\uvMKDjt.exe
  2⤵
  PID:9092
- C:\Windows\System\klAEzki.exe
  C:\Windows\System\klAEzki.exe
  2⤵
  PID:9112
- C:\Windows\System\UasPxQz.exe
  C:\Windows\System\UasPxQz.exe
  2⤵
  PID:9140
- C:\Windows\System\hlNXyCN.exe
  C:\Windows\System\hlNXyCN.exe
  2⤵
  PID:9164
- C:\Windows\System\rNUnZoZ.exe
  C:\Windows\System\rNUnZoZ.exe
  2⤵
  PID:9180
- C:\Windows\System\IWQsDsj.exe
  C:\Windows\System\IWQsDsj.exe
  2⤵
  PID:9196
- C:\Windows\System\FVYwbCu.exe
  C:\Windows\System\FVYwbCu.exe
  2⤵
  PID:7516
- C:\Windows\System\LvEoIsG.exe
  C:\Windows\System\LvEoIsG.exe
  2⤵
  PID:8256
- C:\Windows\System\ezFSjRj.exe
  C:\Windows\System\ezFSjRj.exe
  2⤵
  PID:8296
- C:\Windows\System\oByfKvI.exe
  C:\Windows\System\oByfKvI.exe
  2⤵
  PID:8312
- C:\Windows\System\bcVNUEF.exe
  C:\Windows\System\bcVNUEF.exe
  2⤵
  PID:8724
- C:\Windows\System\XxPfgSu.exe
  C:\Windows\System\XxPfgSu.exe
  2⤵
  PID:7552
- C:\Windows\System\UMUHkQo.exe
  C:\Windows\System\UMUHkQo.exe
  2⤵
  PID:7972
- C:\Windows\System\FiPqpzS.exe
  C:\Windows\System\FiPqpzS.exe
  2⤵
  PID:7576
- C:\Windows\System\guxmBXJ.exe
  C:\Windows\System\guxmBXJ.exe
  2⤵
  PID:7536
- C:\Windows\System\GFHpFmD.exe
  C:\Windows\System\GFHpFmD.exe
  2⤵
  PID:8000
- C:\Windows\System\dVpcYxI.exe
  C:\Windows\System\dVpcYxI.exe
  2⤵
  PID:8068
- C:\Windows\System\LOwiUjF.exe
  C:\Windows\System\LOwiUjF.exe
  2⤵
  PID:7456
- C:\Windows\System\nejggDE.exe
  C:\Windows\System\nejggDE.exe
  2⤵
  PID:8272
- C:\Windows\System\ZCyQWib.exe
  C:\Windows\System\ZCyQWib.exe
  2⤵
  PID:8352
- C:\Windows\System\UxzuuZK.exe
  C:\Windows\System\UxzuuZK.exe
  2⤵
  PID:8888
- C:\Windows\System\gpBYyIG.exe
  C:\Windows\System\gpBYyIG.exe
  2⤵
  PID:8524
- C:\Windows\System\dSQHMyB.exe
  C:\Windows\System\dSQHMyB.exe
  2⤵
  PID:8560
- C:\Windows\System\xDFobqH.exe
  C:\Windows\System\xDFobqH.exe
  2⤵
  PID:8584
- C:\Windows\System\ZxHWBJo.exe
  C:\Windows\System\ZxHWBJo.exe
  2⤵
  PID:8620
- C:\Windows\System\ohkyQUF.exe
  C:\Windows\System\ohkyQUF.exe
  2⤵
  PID:7472
- C:\Windows\System\tXYcWAx.exe
  C:\Windows\System\tXYcWAx.exe
  2⤵
  PID:8940
- C:\Windows\System\wOMbUHN.exe
  C:\Windows\System\wOMbUHN.exe
  2⤵
  PID:7640
- C:\Windows\System\izPCVAQ.exe
  C:\Windows\System\izPCVAQ.exe
  2⤵
  PID:8800
- C:\Windows\System\oXRyFCf.exe
  C:\Windows\System\oXRyFCf.exe
  2⤵
  PID:7500
- C:\Windows\System\ptosvsp.exe
  C:\Windows\System\ptosvsp.exe
  2⤵
  PID:7672
- C:\Windows\System\GtJhoWE.exe
  C:\Windows\System\GtJhoWE.exe
  2⤵
  PID:7444
- C:\Windows\System\nhQfOnq.exe
  C:\Windows\System\nhQfOnq.exe
  2⤵
  PID:7260
- C:\Windows\System\YbQMQZw.exe
  C:\Windows\System\YbQMQZw.exe
  2⤵
  PID:8356
- C:\Windows\System\Faldyry.exe
  C:\Windows\System\Faldyry.exe
  2⤵
  PID:8432
- C:\Windows\System\UteUqEE.exe
  C:\Windows\System\UteUqEE.exe
  2⤵
  PID:8488
- C:\Windows\System\QufMgGy.exe
  C:\Windows\System\QufMgGy.exe
  2⤵
  PID:8472
- C:\Windows\System\RGzmkeR.exe
  C:\Windows\System\RGzmkeR.exe
  2⤵
  PID:8496
- C:\Windows\System\thnumVi.exe
  C:\Windows\System\thnumVi.exe
  2⤵
  PID:8516
- C:\Windows\System\yvfJZCb.exe
  C:\Windows\System\yvfJZCb.exe
  2⤵
  PID:8552
- C:\Windows\System\zSkwKUt.exe
  C:\Windows\System\zSkwKUt.exe
  2⤵
  PID:8600
- C:\Windows\System\GpCeZHu.exe
  C:\Windows\System\GpCeZHu.exe
  2⤵
  PID:8624
- C:\Windows\System\CmJGGaL.exe
  C:\Windows\System\CmJGGaL.exe
  2⤵
  PID:8708
- C:\Windows\System\DtzEcet.exe
  C:\Windows\System\DtzEcet.exe
  2⤵
  PID:8804
- C:\Windows\System\JGqQsXf.exe
  C:\Windows\System\JGqQsXf.exe
  2⤵
  PID:8956
- C:\Windows\System\tbZKutu.exe
  C:\Windows\System\tbZKutu.exe
  2⤵
  PID:9104
- C:\Windows\System\uTIjoGK.exe
  C:\Windows\System\uTIjoGK.exe
  2⤵
  PID:8928
- C:\Windows\System\NCSbvGt.exe
  C:\Windows\System\NCSbvGt.exe
  2⤵
  PID:9152
- C:\Windows\System\nNvBwsb.exe
  C:\Windows\System\nNvBwsb.exe
  2⤵
  PID:9088
- C:\Windows\System\CSUeyWW.exe
  C:\Windows\System\CSUeyWW.exe
  2⤵
  PID:8396
- C:\Windows\System\JUBaIor.exe
  C:\Windows\System\JUBaIor.exe
  2⤵
  PID:8404
- C:\Windows\System\GkThNHd.exe
  C:\Windows\System\GkThNHd.exe
  2⤵
  PID:8408
- C:\Windows\System\YCdjArx.exe
  C:\Windows\System\YCdjArx.exe
  2⤵
  PID:8788
- C:\Windows\System\ipwkxCI.exe
  C:\Windows\System\ipwkxCI.exe
  2⤵
  PID:7440
- C:\Windows\System\TPjrrUM.exe
  C:\Windows\System\TPjrrUM.exe
  2⤵
  PID:8556
- C:\Windows\System\dIFFNlF.exe
  C:\Windows\System\dIFFNlF.exe
  2⤵
  PID:7572
- C:\Windows\System\bmBTTSh.exe
  C:\Windows\System\bmBTTSh.exe
  2⤵
  PID:7868
- C:\Windows\System\KKMcQsD.exe
  C:\Windows\System\KKMcQsD.exe
  2⤵
  PID:8336
- C:\Windows\System\lcNXGsH.exe
  C:\Windows\System\lcNXGsH.exe
  2⤵
  PID:8876
- C:\Windows\System\iqvhSgW.exe
  C:\Windows\System\iqvhSgW.exe
  2⤵
  PID:8464
- C:\Windows\System\GNYHUDi.exe
  C:\Windows\System\GNYHUDi.exe
  2⤵
  PID:9048
- C:\Windows\System\wBhgjRc.exe
  C:\Windows\System\wBhgjRc.exe
  2⤵
  PID:8836
- C:\Windows\System\XvFDfgQ.exe
  C:\Windows\System\XvFDfgQ.exe
  2⤵
  PID:9024
- C:\Windows\System\XDbkmGb.exe
  C:\Windows\System\XDbkmGb.exe
  2⤵
  PID:6660
- C:\Windows\System\SmlLVyn.exe
  C:\Windows\System\SmlLVyn.exe
  2⤵
  PID:9136
- C:\Windows\System\sBECgTd.exe
  C:\Windows\System\sBECgTd.exe
  2⤵
  PID:8852
- C:\Windows\System\XzQbHoh.exe
  C:\Windows\System\XzQbHoh.exe
  2⤵
  PID:8428
- C:\Windows\System\JBKwPTr.exe
  C:\Windows\System\JBKwPTr.exe
  2⤵
  PID:7292
- C:\Windows\System\xQCxEwK.exe
  C:\Windows\System\xQCxEwK.exe
  2⤵
  PID:8540
- C:\Windows\System\APhFyCe.exe
  C:\Windows\System\APhFyCe.exe
  2⤵
  PID:8580
- C:\Windows\System\QWJUQrv.exe
  C:\Windows\System\QWJUQrv.exe
  2⤵
  PID:8856
- C:\Windows\System\LQbdYOU.exe
  C:\Windows\System\LQbdYOU.exe
  2⤵
  PID:9108
- C:\Windows\System\WdCCSgV.exe
  C:\Windows\System\WdCCSgV.exe
  2⤵
  PID:9060
- C:\Windows\System\eLAVvUM.exe
  C:\Windows\System\eLAVvUM.exe
  2⤵
  PID:9128
- C:\Windows\System\VkOuTQw.exe
  C:\Windows\System\VkOuTQw.exe
  2⤵
  PID:9192
- C:\Windows\System\OYgzjng.exe
  C:\Windows\System\OYgzjng.exe
  2⤵
  PID:7816
- C:\Windows\System\AqHukkY.exe
  C:\Windows\System\AqHukkY.exe
  2⤵
  PID:9068
- C:\Windows\System\VmYXCCF.exe
  C:\Windows\System\VmYXCCF.exe
  2⤵
  PID:8452
- C:\Windows\System\jZynclB.exe
  C:\Windows\System\jZynclB.exe
  2⤵
  PID:8660
- C:\Windows\System\YkqlwRZ.exe
  C:\Windows\System\YkqlwRZ.exe
  2⤵
  PID:8720
- C:\Windows\System\kwhQflI.exe
  C:\Windows\System\kwhQflI.exe
  2⤵
  PID:8480
- C:\Windows\System\XLiwQfk.exe
  C:\Windows\System\XLiwQfk.exe
  2⤵
  PID:8896
- C:\Windows\System\uIKkRUp.exe
  C:\Windows\System\uIKkRUp.exe
  2⤵
  PID:8508
- C:\Windows\System\exFcnLm.exe
  C:\Windows\System\exFcnLm.exe
  2⤵
  PID:8640
- C:\Windows\System\TGfJuIr.exe
  C:\Windows\System\TGfJuIr.exe
  2⤵
  PID:8616
- C:\Windows\System\BAUvkRJ.exe
  C:\Windows\System\BAUvkRJ.exe
  2⤵
  PID:9020
- C:\Windows\System\nwoymxT.exe
  C:\Windows\System\nwoymxT.exe
  2⤵
  PID:8644
- C:\Windows\System\pVEQJcI.exe
  C:\Windows\System\pVEQJcI.exe
  2⤵
  PID:8604
- C:\Windows\System\thHeDad.exe
  C:\Windows\System\thHeDad.exe
  2⤵
  PID:8904
- C:\Windows\System\ktHdmMy.exe
  C:\Windows\System\ktHdmMy.exe
  2⤵
  PID:8492
- C:\Windows\System\nWwDybl.exe
  C:\Windows\System\nWwDybl.exe
  2⤵
  PID:8872
- C:\Windows\System\snrUKHy.exe
  C:\Windows\System\snrUKHy.exe
  2⤵
  PID:9212
- C:\Windows\System\hcxjKDm.exe
  C:\Windows\System\hcxjKDm.exe
  2⤵
  PID:9204
- C:\Windows\System\OvsVmdu.exe
  C:\Windows\System\OvsVmdu.exe
  2⤵
  PID:8692
- C:\Windows\System\inbYCbF.exe
  C:\Windows\System\inbYCbF.exe
  2⤵
  PID:8504
- C:\Windows\System\rrPfpRn.exe
  C:\Windows\System\rrPfpRn.exe
  2⤵
  PID:9156
- C:\Windows\System\mWURoOl.exe
  C:\Windows\System\mWURoOl.exe
  2⤵
  PID:8824
- C:\Windows\System\XHAMytF.exe
  C:\Windows\System\XHAMytF.exe
  2⤵
  PID:8568
- C:\Windows\System\emLqPDQ.exe
  C:\Windows\System\emLqPDQ.exe
  2⤵
  PID:8768
- C:\Windows\System\sZpwWuA.exe
  C:\Windows\System\sZpwWuA.exe
  2⤵
  PID:8020
- C:\Windows\System\biPevMR.exe
  C:\Windows\System\biPevMR.exe
  2⤵
  PID:8332
- C:\Windows\System\oCwNLVx.exe
  C:\Windows\System\oCwNLVx.exe
  2⤵
  PID:7224
- C:\Windows\System\DpLzMiD.exe
  C:\Windows\System\DpLzMiD.exe
  2⤵
  PID:8688
- C:\Windows\System\EGcWDjZ.exe
  C:\Windows\System\EGcWDjZ.exe
  2⤵
  PID:7556
- C:\Windows\System\wNnkEJO.exe
  C:\Windows\System\wNnkEJO.exe
  2⤵
  PID:8632
- C:\Windows\System\XVKgxTp.exe
  C:\Windows\System\XVKgxTp.exe
  2⤵
  PID:8308
- C:\Windows\System\gKahaao.exe
  C:\Windows\System\gKahaao.exe
  2⤵
  PID:8016
- C:\Windows\System\GjkVPfH.exe
  C:\Windows\System\GjkVPfH.exe
  2⤵
  PID:9284
- C:\Windows\System\JQJikjd.exe
  C:\Windows\System\JQJikjd.exe
  2⤵
  PID:9300
- C:\Windows\System\OYgupJX.exe
  C:\Windows\System\OYgupJX.exe
  2⤵
  PID:9316
- C:\Windows\System\SrubBKw.exe
  C:\Windows\System\SrubBKw.exe
  2⤵
  PID:9336
- C:\Windows\System\PdChASM.exe
  C:\Windows\System\PdChASM.exe
  2⤵
  PID:9352
- C:\Windows\System\EbGvkQM.exe
  C:\Windows\System\EbGvkQM.exe
  2⤵
  PID:9368
- C:\Windows\System\uShrvLD.exe
  C:\Windows\System\uShrvLD.exe
  2⤵
  PID:9384
- C:\Windows\System\qLvrbUs.exe
  C:\Windows\System\qLvrbUs.exe
  2⤵
  PID:9400
- C:\Windows\System\wcIIllW.exe
  C:\Windows\System\wcIIllW.exe
  2⤵
  PID:9416
- C:\Windows\System\RgPyjoa.exe
  C:\Windows\System\RgPyjoa.exe
  2⤵
  PID:9432
- C:\Windows\System\eDthAUH.exe
  C:\Windows\System\eDthAUH.exe
  2⤵
  PID:9448
- C:\Windows\System\gkabaGG.exe
  C:\Windows\System\gkabaGG.exe
  2⤵
  PID:9464
- C:\Windows\System\vEWhXat.exe
  C:\Windows\System\vEWhXat.exe
  2⤵
  PID:9480
- C:\Windows\System\bXPfXxI.exe
  C:\Windows\System\bXPfXxI.exe
  2⤵
  PID:9496
- C:\Windows\System\NHOYBzn.exe
  C:\Windows\System\NHOYBzn.exe
  2⤵
  PID:9512
- C:\Windows\System\KeGMHkp.exe
  C:\Windows\System\KeGMHkp.exe
  2⤵
  PID:9528
- C:\Windows\System\tGiIQHo.exe
  C:\Windows\System\tGiIQHo.exe
  2⤵
  PID:9544
- C:\Windows\System\ZqGqSHu.exe
  C:\Windows\System\ZqGqSHu.exe
  2⤵
  PID:9560
- C:\Windows\System\fJezquK.exe
  C:\Windows\System\fJezquK.exe
  2⤵
  PID:9576
- C:\Windows\System\sWpCYZW.exe
  C:\Windows\System\sWpCYZW.exe
  2⤵
  PID:9592
- C:\Windows\System\tAeYYKs.exe
  C:\Windows\System\tAeYYKs.exe
  2⤵
  PID:9608
- C:\Windows\System\wituQdP.exe
  C:\Windows\System\wituQdP.exe
  2⤵
  PID:9624
- C:\Windows\System\rFhNvHo.exe
  C:\Windows\System\rFhNvHo.exe
  2⤵
  PID:9644
- C:\Windows\System\idIhLDT.exe
  C:\Windows\System\idIhLDT.exe
  2⤵
  PID:9660
- C:\Windows\System\KmLvZbP.exe
  C:\Windows\System\KmLvZbP.exe
  2⤵
  PID:9676
- C:\Windows\System\OGVfqOt.exe
  C:\Windows\System\OGVfqOt.exe
  2⤵
  PID:9696
- C:\Windows\System\nFCJWpb.exe
  C:\Windows\System\nFCJWpb.exe
  2⤵
  PID:9712
- C:\Windows\System\pdpWSwJ.exe
  C:\Windows\System\pdpWSwJ.exe
  2⤵
  PID:9732
- C:\Windows\System\bqOHOFZ.exe
  C:\Windows\System\bqOHOFZ.exe
  2⤵
  PID:9748
- C:\Windows\System\ouSNCDs.exe
  C:\Windows\System\ouSNCDs.exe
  2⤵
  PID:9764
- C:\Windows\System\ZEWUfrP.exe
  C:\Windows\System\ZEWUfrP.exe
  2⤵
  PID:9988
- C:\Windows\System\PvzbnIW.exe
  C:\Windows\System\PvzbnIW.exe
  2⤵
  PID:10008
- C:\Windows\System\DdhySHb.exe
  C:\Windows\System\DdhySHb.exe
  2⤵
  PID:10028
- C:\Windows\System\BgamJqY.exe
  C:\Windows\System\BgamJqY.exe
  2⤵
  PID:10064
- C:\Windows\System\sxlmTsZ.exe
  C:\Windows\System\sxlmTsZ.exe
  2⤵
  PID:10152
- C:\Windows\System\Exqumcx.exe
  C:\Windows\System\Exqumcx.exe
  2⤵
  PID:10168
- C:\Windows\System\DSiZGqO.exe
  C:\Windows\System\DSiZGqO.exe
  2⤵
  PID:10196
- C:\Windows\System\EofjTNF.exe
  C:\Windows\System\EofjTNF.exe
  2⤵
  PID:10220
- C:\Windows\System\sLYLHpT.exe
  C:\Windows\System\sLYLHpT.exe
  2⤵
  PID:8596
- C:\Windows\System\htTAjbF.exe
  C:\Windows\System\htTAjbF.exe
  2⤵
  PID:9296
- C:\Windows\System\pZcixrJ.exe
  C:\Windows\System\pZcixrJ.exe
  2⤵
  PID:9332
- C:\Windows\System\XWIhYUD.exe
  C:\Windows\System\XWIhYUD.exe
  2⤵
  PID:9396
- C:\Windows\System\sNdRDSV.exe
  C:\Windows\System\sNdRDSV.exe
  2⤵
  PID:9428
- C:\Windows\System\qvDMduW.exe
  C:\Windows\System\qvDMduW.exe
  2⤵
  PID:7696
- C:\Windows\System\NyktKgI.exe
  C:\Windows\System\NyktKgI.exe
  2⤵
  PID:8572
- C:\Windows\System\aPXaBne.exe
  C:\Windows\System\aPXaBne.exe
  2⤵
  PID:7580
- C:\Windows\System\xdQdqha.exe
  C:\Windows\System\xdQdqha.exe
  2⤵
  PID:9556
- C:\Windows\System\shpOoDB.exe
  C:\Windows\System\shpOoDB.exe
  2⤵
  PID:9004
- C:\Windows\System\ufYVoaI.exe
  C:\Windows\System\ufYVoaI.exe
  2⤵
  PID:9220
- C:\Windows\System\xMrEZog.exe
  C:\Windows\System\xMrEZog.exe
  2⤵
  PID:9244
- C:\Windows\System\GRewTzC.exe
  C:\Windows\System\GRewTzC.exe
  2⤵
  PID:9504
- C:\Windows\System\wDgKYCK.exe
  C:\Windows\System\wDgKYCK.exe
  2⤵
  PID:9280
- C:\Windows\System\ZofeUlm.exe
  C:\Windows\System\ZofeUlm.exe
  2⤵
  PID:9604
- C:\Windows\System\HKjCTcV.exe
  C:\Windows\System\HKjCTcV.exe
  2⤵
  PID:9344
- C:\Windows\System\vGdxSSR.exe
  C:\Windows\System\vGdxSSR.exe
  2⤵
  PID:9812
- C:\Windows\System\LxOImkp.exe
  C:\Windows\System\LxOImkp.exe
  2⤵
  PID:9824
- C:\Windows\System\vbAKGcf.exe
  C:\Windows\System\vbAKGcf.exe
  2⤵
  PID:9852
- C:\Windows\System\DqIUMdg.exe
  C:\Windows\System\DqIUMdg.exe
  2⤵
  PID:9888
- C:\Windows\System\VDcmLPv.exe
  C:\Windows\System\VDcmLPv.exe
  2⤵
  PID:9904
- C:\Windows\System\jrTWmHR.exe
  C:\Windows\System\jrTWmHR.exe
  2⤵
  PID:9804
- C:\Windows\System\aBmgRhV.exe
  C:\Windows\System\aBmgRhV.exe
  2⤵
  PID:9720
- C:\Windows\System\XWMWuuA.exe
  C:\Windows\System\XWMWuuA.exe
  2⤵
  PID:9724
- C:\Windows\System\UBTbElg.exe
  C:\Windows\System\UBTbElg.exe
  2⤵
  PID:9864
- C:\Windows\System\KlJBHIX.exe
  C:\Windows\System\KlJBHIX.exe
  2⤵
  PID:9876
- C:\Windows\System\fDsZGje.exe
  C:\Windows\System\fDsZGje.exe
  2⤵
  PID:9980
- C:\Windows\System\CeeIPey.exe
  C:\Windows\System\CeeIPey.exe
  2⤵
  PID:9940
- C:\Windows\System\KnPlkOS.exe
  C:\Windows\System\KnPlkOS.exe
  2⤵
  PID:9924
- C:\Windows\System\UsAVNTk.exe
  C:\Windows\System\UsAVNTk.exe
  2⤵
  PID:9968
- C:\Windows\System\mPnsqDT.exe
  C:\Windows\System\mPnsqDT.exe
  2⤵
  PID:10036
- C:\Windows\System\EvoLPod.exe
  C:\Windows\System\EvoLPod.exe
  2⤵
  PID:10060
- C:\Windows\System\LSIsnRH.exe
  C:\Windows\System\LSIsnRH.exe
  2⤵
  PID:10080
- C:\Windows\System\raukdWk.exe
  C:\Windows\System\raukdWk.exe
  2⤵
  PID:10116
- C:\Windows\System\sBkdpbI.exe
  C:\Windows\System\sBkdpbI.exe
  2⤵
  PID:10124
- C:\Windows\System\LyXpAza.exe
  C:\Windows\System\LyXpAza.exe
  2⤵
  PID:10128
- C:\Windows\System\EGGDHZI.exe
  C:\Windows\System\EGGDHZI.exe
  2⤵
  PID:10148
- C:\Windows\System\LilfNHa.exe
  C:\Windows\System\LilfNHa.exe
  2⤵
  PID:10164
- C:\Windows\System\qLJfahF.exe
  C:\Windows\System\qLJfahF.exe
  2⤵
  PID:10208
- C:\Windows\System\eVsmack.exe
  C:\Windows\System\eVsmack.exe
  2⤵
  PID:10216
- C:\Windows\System\QRBUETX.exe
  C:\Windows\System\QRBUETX.exe
  2⤵
  PID:9324
- C:\Windows\System\wFvSSlC.exe
  C:\Windows\System\wFvSSlC.exe
  2⤵
  PID:7988
- C:\Windows\System\qErmmOT.exe
  C:\Windows\System\qErmmOT.exe
  2⤵
  PID:9268
- C:\Windows\System\gKRWzJc.exe
  C:\Windows\System\gKRWzJc.exe
  2⤵
  PID:9408
- C:\Windows\System\EYOsxuZ.exe
  C:\Windows\System\EYOsxuZ.exe
  2⤵
  PID:8388
- C:\Windows\System\sOonsph.exe
  C:\Windows\System\sOonsph.exe
  2⤵
  PID:9568
- C:\Windows\System\ihmlMnk.exe
  C:\Windows\System\ihmlMnk.exe
  2⤵
  PID:9620
- C:\Windows\System\oMIYCIc.exe
  C:\Windows\System\oMIYCIc.exe
  2⤵
  PID:9488
- C:\Windows\System\GcrBQpS.exe
  C:\Windows\System\GcrBQpS.exe
  2⤵
  PID:9588
- C:\Windows\System\xKlvlnz.exe
  C:\Windows\System\xKlvlnz.exe
  2⤵
  PID:9240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BliWvnL.exe

Filesize
5.7MB

MD5
41f8393785f6e1e36d8e39435a54e6ab

SHA1
bbbab6ba5519da8f6acea67f0de200e08fb9f642

SHA256
3b4acb7dcfafd48a942d9504c73c7c17791e64155ebbf178ba029010239908a7

SHA512
c3520d3017e25340ad8cab9a8ac6aef6442a03b6d3a130f2de26b901a3519a7a6beacfdbcff68f20a7960dcfcf78177507b519fe3273d69cab2de9b21dd39324

Download Submit
C:\Windows\system\DnxQQKy.exe

Filesize
5.7MB

MD5
b69f779371e1040923bfe5a5a48d8ee1

SHA1
572788fd12eb5f9b5bee0ce2cff4dae65da13cea

SHA256
f6228baf8bb0da33743de0d4eb13ce2b248b86ab258e1ee33b9598d0520f382b

SHA512
9bc2137cf91e9fc9c91ea5b69ea2bed6981e1265dbd0d1738a0d9c875eb1c3c326264a0d7bdab5ea4328141c2b16b9e02171e6631f413b130a546d7475893076

Download Submit
C:\Windows\system\FAgEQOQ.exe

Filesize
5.7MB

MD5
cdb6f7a9312cd1d9dbea34b4f1f365e7

SHA1
7eb9a561d06f68ab6d1990aceea9a5e84b4d8027

SHA256
13b06554b4894bdfa753978fd6662d5f220ededacd5b07d2cff830e124a154b8

SHA512
ce6097401f4052af9b7ce1570110daa7899b29995d5fa761a2efaf81de4ad77391fb7a3a284f934d5f130ddf6b959829d503adf936d055e0e5eba8e2d4a44282

Download Submit
C:\Windows\system\NhMAHpr.exe

Filesize
5.7MB

MD5
a2171dc10225531d8732b98d5ffcfd3f

SHA1
f363a8b3ec6ec8bff857be15af460e9057216fb7

SHA256
d0d0abdb62580c4192d85bd2d21be10d7936bf1bf2f9446e7503deee0236cb8f

SHA512
777ec85f441cb59760d073b42de052e63515bb3a6b8680cd0fdcfa5b09a84ad9fc9fdfdfbe29ff23874a1b2bed78e696a1332102e2791f2a327d3cfa1eeaab76

Download Submit
C:\Windows\system\PFpXGRb.exe

Filesize
5.7MB

MD5
5865d825a9bb96f174cc53a4da59a7bf

SHA1
c4b4a365da54bf1941a2eed606ba013d621c1cfc

SHA256
cbe2930d78006bd57e6a3435a099ae897a693530021b55c79422bb39a0b1c82f

SHA512
c4018c2aaf2879395daec81346d0d4e9f30648cf96b58daf91136c65e23a871d7725b337df47c09a4e670faef51701301c470974b6add64fbb2e3d71d59ce035

Download Submit
C:\Windows\system\QIuVUmZ.exe

Filesize
5.7MB

MD5
4dcaf13de421fed3f05b3266315ff864

SHA1
b4484a4b11699990d4c7c947b3b94bf6f0aff484

SHA256
96c1569721498ce02a9a6da5096ac06dff18129e650e64c0c786af2858b61a1e

SHA512
d2b7e07db33b0b3c3a496a6869e63da6102ac019100ddac424797e1f094a7c8a79fb35a7e9f70f88a9d961587003bfbead80136be1bcdc87600d2955f8b7be5d

Download Submit
C:\Windows\system\TAhVOKu.exe

Filesize
5.7MB

MD5
1ac7638f9a2963ca2e6b049ae186a571

SHA1
0d85281468b7aa59c3e9045a60cf0dbfd530db42

SHA256
35f3561ac5ad0db705c574511d92a6a7f223ffa33c65810ff2982d85e477800a

SHA512
ab18e5bc52bcd7d4b12cb098456fc8e859bd2cf2636a51e9d44078892ede78d9b62be35c0d0aa846e28fa060d596e6d9f63cee73c9d098ecf4ea2375bfe729a4

Download Submit
C:\Windows\system\VRwaFMK.exe

Filesize
5.7MB

MD5
19218d2c718ecae62d9e6c8b3ec650af

SHA1
f6b22f0c8c68319cf262ecc6c62207fc76b49d66

SHA256
7052e09938f0068cadb8dc403afae9ac53463bab73d2a5a3e59d7a91993c06fd

SHA512
bebaabac09f9875874a14a4a07b4d5a919901f19d45c2b6f0da6cac7461445cba08b25da8234f97b19617cc05d60da52f0db6e3a74e65839135e31a9414e25bf

Download Submit
C:\Windows\system\XTSJapH.exe

Filesize
5.7MB

MD5
354d977f5755f32d84beaff714d0baad

SHA1
0759fe857033e9091e021cb86232098c1910b3a2

SHA256
2840c3cf4f682e6e1622713439853257e40974c12ca520330a316ab734f987f9

SHA512
a9bb8f2125a2a9aee1d6576ffaafc1c66141aae65e5441ca40470185da6eda93220859b074dddc5d51b4a6593daf45c71351943f473faaff58835d933e798c33

Download Submit
C:\Windows\system\ZOQDDQm.exe

Filesize
5.7MB

MD5
2dbbc27ca8aac946dbbf6f91e004d2de

SHA1
4d21f385f9709f92a88c0b62c10e02eabb443d78

SHA256
a5e93235fb87a6837809088d79bbcffec1748e80804d0e34a05679328bbbbf24

SHA512
0ce547d2db59a25385303ae1e11853bc9a14732bbeede2037edcd20acd787c53a7d75099143270e5c24ab17b381e9909a0679c29f00ec2576e3ab1acbd0d4e91

Download Submit
C:\Windows\system\cDIAIQS.exe

Filesize
5.7MB

MD5
0c4e4736f057014bd39b4e725b39728b

SHA1
3f22a15811c506da3c19d337dee33f1635f4b731

SHA256
94894e4b2dd26f04276eeadec925c35f8d57b39e62d56a61dc092f74726edd57

SHA512
ed13c4ddc7634cbbe6b3d9eb39b3cdcdb43f2618a5ad30c1c5b77fcaef2a955e4d070529bdbaa22291fd7bba1a5e32418b9bb0256ac41c79a4c02120526aba3d

Download Submit
C:\Windows\system\cKzUwpj.exe

Filesize
5.7MB

MD5
91a39811d3ea13a905f4401d1bb5b984

SHA1
73a3da30114168ad111fb6bbac228c8fadcfa967

SHA256
fcc9da01e47c5bc61921cc1b49a62556648156756b86beafa2cfe4f141f7cdc6

SHA512
ec7608e66ab19e07382cb791872437a0a0ead86ee94d59b72dd974be566486f46a2b3655cabc26043e26755b061bc90e0b560d440a29047cc24b0361cbab873d

Download Submit
C:\Windows\system\eqmrwNh.exe

Filesize
5.7MB

MD5
61a75084e41168e52466886dc2fed722

SHA1
d5f520c04078f714ae017b5208d6c8976921d494

SHA256
cb493de92d19c66bf7cbab6d989d400ec0428e184bc747613bfd6688bd2b6fad

SHA512
0337beb168e030e8d43e1f4d1420a92f6231619e42036940bbca21f65c1f29b08e024405772d8236a8d146511cb238df3f31d44211284a857a046a6adc505842

Download Submit
C:\Windows\system\hvBwCVK.exe

Filesize
5.7MB

MD5
940665b81b94143e734e8bc0e0582ece

SHA1
0922256070fb8be822bef94251469a21c4c36b92

SHA256
4d0ecf0d2437946cad76c12049b5fbab8ef64da6b32e6e062b5165fe097e7263

SHA512
60c0edbca5851a14467a07aac6ff58c4e7b0d05ef4d93fe8ffd6a5eb3960838185b7c76a520ab4c0c88d66fc6e9ab88a4e11d8e772f661b73afa76511781598d

Download Submit
C:\Windows\system\idCKKIw.exe

Filesize
5.7MB

MD5
390edc30e289ac6b77a6f0c2c566fb47

SHA1
6c43ab62808754a6c9171d9a16af4e33c21230b9

SHA256
8bd23c5f07c9bbb6d7e2c1afd62f2d2c92b9732bea37a4d9ecee73df34fc1c2c

SHA512
890893ed5247f34b40ffebf526d85125753403f39d55d6271dc57d929ebcc15f3db9ec208fb23dbd2565c90d0bafb293b4a7d6faaa3f0017e19d84955d71119f

Download Submit
C:\Windows\system\ipaSUNd.exe

Filesize
5.7MB

MD5
834dd2b27b61113b2fc1635c201c734c

SHA1
43538d21aae25297423e1ad47f55a5ab4ddabfe5

SHA256
92cba74f704dbfe63419b0afc1ba0e6a381b73b7744b28b4b3cf09bee6f21836

SHA512
146e50e60775bf6f9e8db21a99846e751f57897942edd9dd94b82d18d09ef77fee4b86313ad50679d52f79b283362c400b386856f2266c1922f9c1dda3acd99c

Download Submit
C:\Windows\system\jTGmAQj.exe

Filesize
5.7MB

MD5
b090c3d723bf3bf41835885534b98005

SHA1
8a4e9ce403be8fbf309ce477778b94eda0f946fe

SHA256
05e9f4ecc9d687c8b52623d03dd1542cc5105f528c9c5d193d860a8af6e7e9f1

SHA512
c656eee2acb8d7b35b3c429cf8a39206dcd0b41f4f1823b2b5cc48b2b8c36cda39925160b4be43bdafbc5b628c8efa96acd4a5c82b30c749be858a932ee9348e

Download Submit
C:\Windows\system\kpaTFPg.exe

Filesize
5.7MB

MD5
33b1ed442c033ff97f29b7329425c9a8

SHA1
ae7f4f19a0c0db7bf0232fa1fe1c54e7c05959bd

SHA256
7ee63327f2f52f17a70a1856022f6b56e0e2903dc2ad02f572fdf8612334e9e1

SHA512
e9f0034647e9183b778c08da312dd0bc08aa8be36b43fcf870a6a872826223bc34b0f7796373bb436fa04e30662459ccdd05db4464b3a936a014ed2538484139

Download Submit
C:\Windows\system\lQKZofD.exe

Filesize
5.7MB

MD5
313e3bff87ec088f22983bcaf8a92f75

SHA1
cce916d407d4949271a34fd4aa52e59c2ab902b3

SHA256
4a8d91d390235133a3c09f2103b5dc1ee4424f2d42c6c58b0e575add1dc92d21

SHA512
8f87245afceb08ac063216a4902c1d3b06ae0960d6f7924cb25b81af71aef56cb64a60619ad408756ab2f8e893fc397ed46f3e129e38090669349b53de1d743b

Download Submit
C:\Windows\system\nBtsXev.exe

Filesize
5.7MB

MD5
8dc360c490ddbd4e7475c5d346e2fedd

SHA1
9173b3acbd73bf7adbfa4be44fef11c424c13fc5

SHA256
3652f30c555ba858a962958013bff463ee91c8ccbad3ff7a3918f5a31f100174

SHA512
fe266ad27ecef91d1a27070dbedb2fa3f829a258ccb162a07892e01a2c5042a48cc7ac2f9a9b5c8ece38f2d20918c37540ce168b3ad4b4139ca57f77e349811e

Download Submit
C:\Windows\system\nvAvxAN.exe

Filesize
5.7MB

MD5
8511b2d47974f60fbd2db8db86b23adf

SHA1
5aa9e3027c929f49754d49666b8c580584992ef9

SHA256
cfcada797a7aa27772411fedeb716fcc4295fb1d1483c162f6a2b55ab61fc7a0

SHA512
cec43568fac455dfff8397ce53a08c3ecd5d9fbb97c4857211ef639854d403f4f73e6dafe915a0a1f36ce317251a1c1d9505306ea8c4fd8a56c8b656396a40fc

Download Submit
C:\Windows\system\sRclKJX.exe

Filesize
5.7MB

MD5
b982c88a3eef3b021b72fb818d129485

SHA1
fdd2bde86de0aa8d31d0b0d16173392fa2beb27a

SHA256
cd7a77f6c46fb9a46d151a29c835afc4aaa7fad57e505c0a1cc6f746c90ad4a2

SHA512
10fa8694e911b36bb2034e62685c7cd13ca1f15b06d4ed29ce9c5b9bb4690e17ea0a9c86c48b45300881f8c8514cfd26e12e4ca73239fd27be4305af111c929e

Download Submit
C:\Windows\system\tiiEpQX.exe

Filesize
5.7MB

MD5
68c81babc6d9b5601882c3ee5f592886

SHA1
db3c5b5afe1e0237adf5873f88498a501936d276

SHA256
9ffc8b1b2aff957872a7bb131c63b51a654ce604b4580f8c218dae2303b1ea95

SHA512
a3919c177a4cd1470dd154ddd16021251a8c643e8a22b712992314f11c8d81bb5c9394d247d800aa12618ab756f70694b90a2f6faf64b63d1823d575479e107b

Download Submit
C:\Windows\system\uCYdKXU.exe

Filesize
5.7MB

MD5
eb79d5516c471befddb59f769fe885b0

SHA1
a96996fee2badaeffea99b5f7e18b134a12da6de

SHA256
d510d3b4dfccccef5ad99e28e0a8a6c287bf2cff71df771c74cddf0554dfbd5a

SHA512
4fcd07436e32a656b30b065289c9632afdd2351b87cc5bc4a2aeff8e94ce7b82485426b8db90f111317a0fe2ba0e253790d3d1eb952686ca39c839643a242b4b

Download Submit
C:\Windows\system\umskHbo.exe

Filesize
5.7MB

MD5
b017e061c32fb4824a97ffe92cf6e8df

SHA1
140f11c4e2cf825be44fb8804e97d7daf4c2747f

SHA256
4862a63d3b8933fed34b057e64bed902e1e041653ac571b3b164941fa2a0aa39

SHA512
89da87efef0f13c826b351b6a6324179621cb9ccc363b343c1bb768fed5800fad594b9b7fe1d8615460f160799cc24d2f8cf5ca6e4e8edcc8fd455a25589e0b8

Download Submit
C:\Windows\system\wzMlecB.exe

Filesize
5.7MB

MD5
13250928f3fa43cbd8067f09493dd053

SHA1
fae21cb935c382f2ebd8ac564b9bf328b40e1885

SHA256
591b050c6fc1cbea8a2c8ffa4bdd4d8811e9341e47634cc4e7b81f181e7c0c5b

SHA512
09820890e5db5cbedec9357a0270e6b09465ff62b55cf112aac1ddb2596c2b163770085e9a414a08fb36ee9d5eebb6871b772add1ead17a31d42306cb2923afb

Download Submit
C:\Windows\system\xzaCXSe.exe

Filesize
5.7MB

MD5
de41b0adf46b5e1854fb57d62b3f38de

SHA1
39239b1f5620117a6dce98bd739953d3e81e93c1

SHA256
b49d88e3c55301844f8ce8f12fca25b27d769a152ca31d32d6f66fb338ab0afa

SHA512
8e38bdf21a9cf89140cd8212acb8745212a6da4198acdd3c0446cd4c56d17c6cc992bca5afcba3f47c382c655041882a8edbb5a850b076540c171834767d5d99

Download Submit
C:\Windows\system\yIziBAG.exe

Filesize
5.7MB

MD5
e43580eefea932e7e2d41cc39745d5fc

SHA1
e66a9009106e8bb73c1b3624c59548202b1d2d32

SHA256
b8a6459a2308dfda986e238e3284fee1c2c702cdaf970bda534785799ce7b1d5

SHA512
693efe9611b895ba4977cc7121c74593c31dcc999d5650d63a737db06c48c182684beb5ac58daa848a696eb459ca7112d2f2f0bd6929c4e923e9290339ed2903

Download Submit
\Windows\system\DNHiRwo.exe

Filesize
5.7MB

MD5
f3a229504dfea297b8dc0f68e62a80af

SHA1
96c44b980837caa08ac1ce1efb47b4ac8e3511a5

SHA256
050bcc2d2c3f6b8730406fc56a3c3e1a1159aea838588a6d89cb74a457223683

SHA512
70146463165d249ea0972c471fcff725e63d225e59684085e7446c69d5457227f57994fb36627a8ad429dbba615d529554223bad1ac2c4364c27b2115056124a

Download Submit
\Windows\system\GMudPwK.exe

Filesize
5.7MB

MD5
1f2d06941bc392a760a6051972d97415

SHA1
2d6770db703f5a601abc3966bc698150c6c92c22

SHA256
9114b26559e92cfa5567065c62701203310e8017d6303d30ae3cabee90d16c09

SHA512
fcb1bfaed319bbb48866afcdc376e5962330169c43f91dc82a2106ce270d5bb6b0a1431e7f11baf8a5c5be2741e8d8e27b0e95c8efe3e8be871030467d2016f7

Download Submit
\Windows\system\iNKWTkJ.exe

Filesize
5.7MB

MD5
ed8e638c8d05f6a1f0447a78420e8700

SHA1
0bc04039aeaf5bdd26d938212cb024c1b72cc806

SHA256
95a34545f88777ad491b631d684a6518216288ca8215be905afbc77d1042d5e8

SHA512
36eafccd28ca5bfc03a5b41f6fc7d733dca8d0aa7d30c8a138fe92cf35176c8affb9c1c6efdd780cd815e6babe750032b0bb4d285e491cdd3cbaf4f1c49b776f

Download Submit
\Windows\system\sOWyBjH.exe

Filesize
5.7MB

MD5
a2df1044637906b6f3f72606e20ca32f

SHA1
67eca1e1e57871d1745cf40ab42c3085c1d948c2

SHA256
da0f4abbe08f3ec2afb7c92b26d2ee9b000feea7aacef61e6d2bf37c74ceb8cf

SHA512
640066dbb9c299be72f0be511bc66a3392991d8073164852b5e49ee7d856cf029a2e1277a473a44d698c3915fc1273ec395c97d8080f33f57f8af0e679047c7f

Download Submit
memory/112-193-0x000000013FAE0000-0x000000013FE2D000-memory.dmp

Filesize
3.3MB

Download
memory/456-181-0x000000013F0C0000-0x000000013F40D000-memory.dmp

Filesize
3.3MB

Download
memory/524-115-0x000000013FCB0000-0x000000013FFFD000-memory.dmp

Filesize
3.3MB

Download
memory/1052-127-0x000000013FCA0000-0x000000013FFED000-memory.dmp

Filesize
3.3MB

Download
memory/1140-103-0x000000013F420000-0x000000013F76D000-memory.dmp

Filesize
3.3MB

Download
memory/1260-77-0x000000013F6C0000-0x000000013FA0D000-memory.dmp

Filesize
3.3MB

Download
memory/1264-139-0x000000013F7F0000-0x000000013FB3D000-memory.dmp

Filesize
3.3MB

Download
memory/1456-55-0x000000013F310000-0x000000013F65D000-memory.dmp

Filesize
3.3MB

Download
memory/1592-169-0x000000013FA10000-0x000000013FD5D000-memory.dmp

Filesize
3.3MB

Download
memory/2144-49-0x000000013F6E0000-0x000000013FA2D000-memory.dmp

Filesize
3.3MB

Download
memory/2172-151-0x000000013F520000-0x000000013F86D000-memory.dmp

Filesize
3.3MB

Download
memory/2188-133-0x000000013F910000-0x000000013FC5D000-memory.dmp

Filesize
3.3MB

Download
memory/2252-30-0x000000013FEA0000-0x00000001401ED000-memory.dmp

Filesize
3.3MB

Download
memory/2400-175-0x000000013FBF0000-0x000000013FF3D000-memory.dmp

Filesize
3.3MB

Download
memory/2468-187-0x000000013F5A0000-0x000000013F8ED000-memory.dmp

Filesize
3.3MB

Download
memory/2636-38-0x000000013F5D0000-0x000000013F91D000-memory.dmp

Filesize
3.3MB

Download
memory/2696-87-0x000000013FBA0000-0x000000013FEED000-memory.dmp

Filesize
3.3MB

Download
memory/2752-28-0x000000013F640000-0x000000013F98D000-memory.dmp

Filesize
3.3MB

Download
memory/2760-9-0x000000013F9D0000-0x000000013FD1D000-memory.dmp

Filesize
3.3MB

Download
memory/2812-95-0x000000013F530000-0x000000013F87D000-memory.dmp

Filesize
3.3MB

Download
memory/2840-13-0x000000013FD90000-0x00000001400DD000-memory.dmp

Filesize
3.3MB

Download
memory/2868-0-0x000000013F810000-0x000000013FB5D000-memory.dmp

Filesize
3.3MB

Download
memory/2868-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2932-83-0x000000013FA00000-0x000000013FD4D000-memory.dmp

Filesize
3.3MB

Download
memory/2936-97-0x000000013F300000-0x000000013F64D000-memory.dmp

Filesize
3.3MB

Download
memory/2940-22-0x000000013FFA0000-0x00000001402ED000-memory.dmp

Filesize
3.3MB

Download
memory/3004-109-0x000000013F250000-0x000000013F59D000-memory.dmp

Filesize
3.3MB

Download
memory/3044-61-0x000000013F230000-0x000000013F57D000-memory.dmp

Filesize
3.3MB

Download
memory/3056-145-0x000000013FCF0000-0x000000014003D000-memory.dmp

Filesize
3.3MB

Download