cobaltstrike | 605bb56c8522c6108048826d726e13143901392f57210b994d111e0c2aa1390f

Analysis

max time kernel
94s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
31-01-2025 01:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b885109321c749ab9b280276873d2a70
SHA1

daba54a84c9a2fd4ef86cadbdc6d07b42a6a3f07
SHA256

605bb56c8522c6108048826d726e13143901392f57210b994d111e0c2aa1390f
SHA512

cf2d8c00721af95604a9bdd1066ddfde27318b243b90e272ddf0e9a21f103d698aae1eb81fb4609de0dc12a269b98478aa9d0d55e7d5845c681706bd41c1a115
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUw:T+q56utgpPF8u/7w

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001225e-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186ca-23.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016e09-16.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c6-14.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186dd-37.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186d9-33.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-66.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018718-62.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019240-54.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018710-53.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019606-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019608-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-104.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1496-0-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x000b00000001225e-3.dat	xmrig
behavioral1/memory/824-19-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2888-22-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/1496-21-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2688-20-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/files/0x00070000000186ca-23.dat	xmrig
behavioral1/files/0x0009000000016e09-16.dat	xmrig
behavioral1/files/0x00060000000186c6-14.dat	xmrig
behavioral1/memory/2748-29-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2756-36-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x00060000000186dd-37.dat	xmrig
behavioral1/files/0x00060000000186d9-33.dat	xmrig
behavioral1/memory/2760-63-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2652-65-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019605-66.dat	xmrig
behavioral1/files/0x0009000000018718-62.dat	xmrig
behavioral1/memory/1496-59-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2608-58-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2684-55-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019240-54.dat	xmrig
behavioral1/files/0x0006000000018710-53.dat	xmrig
behavioral1/memory/1496-42-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019606-75.dat	xmrig
behavioral1/memory/2108-71-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019608-80.dat	xmrig
behavioral1/memory/2536-79-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/1124-86-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/files/0x000500000001960a-89.dat	xmrig
behavioral1/memory/1512-93-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c3c-133.dat	xmrig
behavioral1/files/0x0005000000019d8e-160.dat	xmrig
behavioral1/files/0x0005000000019f8a-171.dat	xmrig
behavioral1/files/0x000500000001a09e-186.dat	xmrig
behavioral1/memory/1964-1115-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/1496-858-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/1496-520-0x0000000002390000-0x00000000026E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a075-177.dat	xmrig
behavioral1/files/0x000500000001a307-190.dat	xmrig
behavioral1/files/0x000500000001a07e-183.dat	xmrig
behavioral1/files/0x0005000000019f94-174.dat	xmrig
behavioral1/files/0x0005000000019dbf-164.dat	xmrig
behavioral1/files/0x0005000000019cba-150.dat	xmrig
behavioral1/files/0x0005000000019cca-154.dat	xmrig
behavioral1/files/0x0005000000019c57-144.dat	xmrig
behavioral1/files/0x0005000000019c3e-140.dat	xmrig
behavioral1/files/0x00050000000196a1-126.dat	xmrig
behavioral1/files/0x000500000001961e-125.dat	xmrig
behavioral1/files/0x0005000000019c34-123.dat	xmrig
behavioral1/memory/2108-115-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019926-122.dat	xmrig
behavioral1/memory/1964-100-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-99.dat	xmrig
behavioral1/files/0x0005000000019667-111.dat	xmrig
behavioral1/files/0x000500000001961c-104.dat	xmrig
behavioral1/memory/824-3842-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2748-3848-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2756-3860-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2688-3869-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2888-3893-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2760-3940-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2608-3939-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2536-4035-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2684-4052-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2888	RaVUTmv.exe
824	mMzPFMT.exe
2688	GpBaxTr.exe
2748	CKRhBxO.exe
2756	PwfyeCl.exe
2684	ikbggqr.exe
2760	RodzOjQ.exe
2608	iTvAXkJ.exe
2652	TVLTSaL.exe
2108	IwtYVem.exe
2536	maPfkxy.exe
1124	tfhhmFj.exe
1512	ccIQaKe.exe
1964	XAtPWys.exe
1920	iwLlfXy.exe
2080	dLuEejU.exe
1424	cmKqCdr.exe
2464	BHiDuXv.exe
1932	tNrSvuy.exe
2576	xnTjfss.exe
2692	HtTeDNZ.exe
264	ScDOZHs.exe
1916	JlwayTQ.exe
2436	AEklsnU.exe
2356	Oibpvse.exe
2456	UOeuHdK.exe
2364	XDtzhdO.exe
2204	aopPIly.exe
2404	WJgkAeu.exe
632	nUaqmVu.exe
2164	BNBWmIy.exe
2968	HkHPJvA.exe
2812	HmJjHyw.exe
840	OxPgkaX.exe
1528	vFlFoxr.exe
980	gwysEmL.exe
2352	MmiYmoZ.exe
1784	EwoJGwo.exe
772	rstuTXe.exe
1004	NpBYliw.exe
1764	IzHwzDM.exe
1080	YBhJzlO.exe
2936	HtXIrus.exe
2956	hyDvciU.exe
1316	fXbzAuX.exe
1368	TbRbqaE.exe
1640	eGIwGQk.exe
2020	uNDosfO.exe
1928	UaVnKJq.exe
1500	GJMkOHa.exe
2680	bNNLgit.exe
2008	OYUzHnw.exe
3000	KSgCsiq.exe
1604	BxNoRdf.exe
2320	JzSJQMC.exe
2052	UcuZnYc.exe
2720	rAeSnBL.exe
3032	doEXKJV.exe
2804	zZTVZPu.exe
2120	pJBWvjj.exe
2740	JMCfGQB.exe
2712	HcTplMD.exe
2264	sLEaPQo.exe
2640	dWswLAG.exe

Loads dropped DLL 64 IoCs

pid	Process
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1496-0-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x000b00000001225e-3.dat	upx
behavioral1/memory/824-19-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2888-22-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2688-20-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/files/0x00070000000186ca-23.dat	upx
behavioral1/files/0x0009000000016e09-16.dat	upx
behavioral1/files/0x00060000000186c6-14.dat	upx
behavioral1/memory/2748-29-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2756-36-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x00060000000186dd-37.dat	upx
behavioral1/files/0x00060000000186d9-33.dat	upx
behavioral1/memory/2760-63-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2652-65-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x0005000000019605-66.dat	upx
behavioral1/files/0x0009000000018718-62.dat	upx
behavioral1/memory/2608-58-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2684-55-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x0007000000019240-54.dat	upx
behavioral1/files/0x0006000000018710-53.dat	upx
behavioral1/memory/1496-42-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x0005000000019606-75.dat	upx
behavioral1/memory/2108-71-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x0005000000019608-80.dat	upx
behavioral1/memory/2536-79-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/1124-86-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/files/0x000500000001960a-89.dat	upx
behavioral1/memory/1512-93-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x0005000000019c3c-133.dat	upx
behavioral1/files/0x0005000000019d8e-160.dat	upx
behavioral1/files/0x0005000000019f8a-171.dat	upx
behavioral1/files/0x000500000001a09e-186.dat	upx
behavioral1/memory/1964-1115-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/files/0x000500000001a075-177.dat	upx
behavioral1/files/0x000500000001a307-190.dat	upx
behavioral1/files/0x000500000001a07e-183.dat	upx
behavioral1/files/0x0005000000019f94-174.dat	upx
behavioral1/files/0x0005000000019dbf-164.dat	upx
behavioral1/files/0x0005000000019cba-150.dat	upx
behavioral1/files/0x0005000000019cca-154.dat	upx
behavioral1/files/0x0005000000019c57-144.dat	upx
behavioral1/files/0x0005000000019c3e-140.dat	upx
behavioral1/files/0x00050000000196a1-126.dat	upx
behavioral1/files/0x000500000001961e-125.dat	upx
behavioral1/files/0x0005000000019c34-123.dat	upx
behavioral1/memory/2108-115-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x0005000000019926-122.dat	upx
behavioral1/memory/1964-100-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/files/0x000500000001960c-99.dat	upx
behavioral1/files/0x0005000000019667-111.dat	upx
behavioral1/files/0x000500000001961c-104.dat	upx
behavioral1/memory/824-3842-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2748-3848-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2756-3860-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2688-3869-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2888-3893-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2760-3940-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2608-3939-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2536-4035-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2684-4052-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2652-4051-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/1124-4056-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/1964-4057-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2108-4055-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GlGXJwS.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ydZEQrs.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezBJjHv.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qirODVL.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\enUNzFq.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KhQDlUb.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpNrwun.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IXARqKp.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VMATiRI.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FqknLUY.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Douimjt.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kSVQdAc.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pSSFyAM.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLOOFwN.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qvxgZYZ.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gKexhGj.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XEHeqxg.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qkooNTA.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DivRBHI.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UhDyFYt.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fFuKgdf.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LOoCzhW.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iyGAklF.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ViWLMwt.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eYjguhc.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVqYGKW.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RtmOxcI.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYyJSOv.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RlrPeSL.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGLrJYQ.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vhAjBOp.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SzWUWpk.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iFfJsDt.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nBdXeZV.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zTdldIc.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uKAvOwc.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ajamEXz.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CMROAwt.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FggAGCI.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQzQIVN.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZGRDytV.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Sjkvzes.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iwLlfXy.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oViBIFN.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JkHHEPy.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PrUxTWH.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GHXuzQT.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRTifXH.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\peRlIrz.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ekdFvwc.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSJoRSp.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UxbfRor.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tCloKht.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mevJHzu.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpTlkQU.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HLYeFzh.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nUaqmVu.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OYUzHnw.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tWFOYsk.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PHUvauM.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ecCILIT.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KbCklfd.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DlyPHVW.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hRThiHZ.exe	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 2888	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1496 wrote to memory of 2888	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1496 wrote to memory of 2888	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1496 wrote to memory of 2688	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1496 wrote to memory of 2688	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1496 wrote to memory of 2688	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1496 wrote to memory of 824	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1496 wrote to memory of 824	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1496 wrote to memory of 824	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1496 wrote to memory of 2748	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1496 wrote to memory of 2748	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1496 wrote to memory of 2748	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1496 wrote to memory of 2756	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1496 wrote to memory of 2756	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1496 wrote to memory of 2756	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1496 wrote to memory of 2684	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1496 wrote to memory of 2684	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1496 wrote to memory of 2684	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1496 wrote to memory of 2760	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1496 wrote to memory of 2760	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1496 wrote to memory of 2760	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1496 wrote to memory of 2652	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1496 wrote to memory of 2652	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1496 wrote to memory of 2652	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1496 wrote to memory of 2608	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1496 wrote to memory of 2608	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1496 wrote to memory of 2608	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1496 wrote to memory of 2108	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1496 wrote to memory of 2108	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1496 wrote to memory of 2108	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1496 wrote to memory of 2536	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1496 wrote to memory of 2536	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1496 wrote to memory of 2536	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1496 wrote to memory of 1124	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1496 wrote to memory of 1124	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1496 wrote to memory of 1124	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1496 wrote to memory of 1512	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1496 wrote to memory of 1512	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1496 wrote to memory of 1512	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1496 wrote to memory of 1964	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1496 wrote to memory of 1964	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1496 wrote to memory of 1964	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1496 wrote to memory of 1920	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1496 wrote to memory of 1920	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1496 wrote to memory of 1920	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1496 wrote to memory of 2464	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1496 wrote to memory of 2464	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1496 wrote to memory of 2464	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1496 wrote to memory of 2080	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1496 wrote to memory of 2080	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1496 wrote to memory of 2080	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1496 wrote to memory of 1932	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1496 wrote to memory of 1932	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1496 wrote to memory of 1932	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1496 wrote to memory of 1424	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1496 wrote to memory of 1424	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1496 wrote to memory of 1424	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1496 wrote to memory of 2692	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1496 wrote to memory of 2692	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1496 wrote to memory of 2692	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1496 wrote to memory of 2576	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1496 wrote to memory of 2576	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1496 wrote to memory of 2576	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1496 wrote to memory of 264	1496	2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_b885109321c749ab9b280276873d2a70_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Windows\System\RaVUTmv.exe
  C:\Windows\System\RaVUTmv.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\GpBaxTr.exe
  C:\Windows\System\GpBaxTr.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\mMzPFMT.exe
  C:\Windows\System\mMzPFMT.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\CKRhBxO.exe
  C:\Windows\System\CKRhBxO.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\PwfyeCl.exe
  C:\Windows\System\PwfyeCl.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\ikbggqr.exe
  C:\Windows\System\ikbggqr.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\RodzOjQ.exe
  C:\Windows\System\RodzOjQ.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\TVLTSaL.exe
  C:\Windows\System\TVLTSaL.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\iTvAXkJ.exe
  C:\Windows\System\iTvAXkJ.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\IwtYVem.exe
  C:\Windows\System\IwtYVem.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\maPfkxy.exe
  C:\Windows\System\maPfkxy.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\tfhhmFj.exe
  C:\Windows\System\tfhhmFj.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\ccIQaKe.exe
  C:\Windows\System\ccIQaKe.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\XAtPWys.exe
  C:\Windows\System\XAtPWys.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\iwLlfXy.exe
  C:\Windows\System\iwLlfXy.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\BHiDuXv.exe
  C:\Windows\System\BHiDuXv.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\dLuEejU.exe
  C:\Windows\System\dLuEejU.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\tNrSvuy.exe
  C:\Windows\System\tNrSvuy.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\cmKqCdr.exe
  C:\Windows\System\cmKqCdr.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\HtTeDNZ.exe
  C:\Windows\System\HtTeDNZ.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\xnTjfss.exe
  C:\Windows\System\xnTjfss.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\ScDOZHs.exe
  C:\Windows\System\ScDOZHs.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\JlwayTQ.exe
  C:\Windows\System\JlwayTQ.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\AEklsnU.exe
  C:\Windows\System\AEklsnU.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\Oibpvse.exe
  C:\Windows\System\Oibpvse.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\UOeuHdK.exe
  C:\Windows\System\UOeuHdK.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\XDtzhdO.exe
  C:\Windows\System\XDtzhdO.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\aopPIly.exe
  C:\Windows\System\aopPIly.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\WJgkAeu.exe
  C:\Windows\System\WJgkAeu.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\BNBWmIy.exe
  C:\Windows\System\BNBWmIy.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\nUaqmVu.exe
  C:\Windows\System\nUaqmVu.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\OxPgkaX.exe
  C:\Windows\System\OxPgkaX.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\HkHPJvA.exe
  C:\Windows\System\HkHPJvA.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\gwysEmL.exe
  C:\Windows\System\gwysEmL.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\HmJjHyw.exe
  C:\Windows\System\HmJjHyw.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\EwoJGwo.exe
  C:\Windows\System\EwoJGwo.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\vFlFoxr.exe
  C:\Windows\System\vFlFoxr.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\rstuTXe.exe
  C:\Windows\System\rstuTXe.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\MmiYmoZ.exe
  C:\Windows\System\MmiYmoZ.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\NpBYliw.exe
  C:\Windows\System\NpBYliw.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\IzHwzDM.exe
  C:\Windows\System\IzHwzDM.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\YBhJzlO.exe
  C:\Windows\System\YBhJzlO.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\HtXIrus.exe
  C:\Windows\System\HtXIrus.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\hyDvciU.exe
  C:\Windows\System\hyDvciU.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\fXbzAuX.exe
  C:\Windows\System\fXbzAuX.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\TbRbqaE.exe
  C:\Windows\System\TbRbqaE.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\eGIwGQk.exe
  C:\Windows\System\eGIwGQk.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\uNDosfO.exe
  C:\Windows\System\uNDosfO.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\UaVnKJq.exe
  C:\Windows\System\UaVnKJq.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\GJMkOHa.exe
  C:\Windows\System\GJMkOHa.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\bNNLgit.exe
  C:\Windows\System\bNNLgit.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\OYUzHnw.exe
  C:\Windows\System\OYUzHnw.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\KSgCsiq.exe
  C:\Windows\System\KSgCsiq.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\BxNoRdf.exe
  C:\Windows\System\BxNoRdf.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\JzSJQMC.exe
  C:\Windows\System\JzSJQMC.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\UcuZnYc.exe
  C:\Windows\System\UcuZnYc.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\rAeSnBL.exe
  C:\Windows\System\rAeSnBL.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\pJBWvjj.exe
  C:\Windows\System\pJBWvjj.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\doEXKJV.exe
  C:\Windows\System\doEXKJV.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\JMCfGQB.exe
  C:\Windows\System\JMCfGQB.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\zZTVZPu.exe
  C:\Windows\System\zZTVZPu.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\HcTplMD.exe
  C:\Windows\System\HcTplMD.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\sLEaPQo.exe
  C:\Windows\System\sLEaPQo.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\wKcilmt.exe
  C:\Windows\System\wKcilmt.exe
  2⤵
  PID:2672
- C:\Windows\System\dWswLAG.exe
  C:\Windows\System\dWswLAG.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\DONqHhf.exe
  C:\Windows\System\DONqHhf.exe
  2⤵
  PID:2988
- C:\Windows\System\NnofRrq.exe
  C:\Windows\System\NnofRrq.exe
  2⤵
  PID:2552
- C:\Windows\System\NYGXpbU.exe
  C:\Windows\System\NYGXpbU.exe
  2⤵
  PID:2768
- C:\Windows\System\MMnRZbA.exe
  C:\Windows\System\MMnRZbA.exe
  2⤵
  PID:2648
- C:\Windows\System\oXWqnDS.exe
  C:\Windows\System\oXWqnDS.exe
  2⤵
  PID:2092
- C:\Windows\System\emktZIU.exe
  C:\Windows\System\emktZIU.exe
  2⤵
  PID:1044
- C:\Windows\System\bqCWPsj.exe
  C:\Windows\System\bqCWPsj.exe
  2⤵
  PID:2056
- C:\Windows\System\ODzOITd.exe
  C:\Windows\System\ODzOITd.exe
  2⤵
  PID:2480
- C:\Windows\System\PuLpyNz.exe
  C:\Windows\System\PuLpyNz.exe
  2⤵
  PID:776
- C:\Windows\System\VTUCGPh.exe
  C:\Windows\System\VTUCGPh.exe
  2⤵
  PID:1632
- C:\Windows\System\zLXbDNG.exe
  C:\Windows\System\zLXbDNG.exe
  2⤵
  PID:2168
- C:\Windows\System\ItccGpp.exe
  C:\Windows\System\ItccGpp.exe
  2⤵
  PID:2980
- C:\Windows\System\ELZmFXf.exe
  C:\Windows\System\ELZmFXf.exe
  2⤵
  PID:2964
- C:\Windows\System\oRCXdXt.exe
  C:\Windows\System\oRCXdXt.exe
  2⤵
  PID:2208
- C:\Windows\System\MUjZPRt.exe
  C:\Windows\System\MUjZPRt.exe
  2⤵
  PID:2232
- C:\Windows\System\pSYHthS.exe
  C:\Windows\System\pSYHthS.exe
  2⤵
  PID:2544
- C:\Windows\System\ZqmCjKU.exe
  C:\Windows\System\ZqmCjKU.exe
  2⤵
  PID:2016
- C:\Windows\System\jLPsJYe.exe
  C:\Windows\System\jLPsJYe.exe
  2⤵
  PID:1660
- C:\Windows\System\vtWlbqz.exe
  C:\Windows\System\vtWlbqz.exe
  2⤵
  PID:1432
- C:\Windows\System\fiwFWBw.exe
  C:\Windows\System\fiwFWBw.exe
  2⤵
  PID:2564
- C:\Windows\System\UPiLCxO.exe
  C:\Windows\System\UPiLCxO.exe
  2⤵
  PID:2100
- C:\Windows\System\CUQwoST.exe
  C:\Windows\System\CUQwoST.exe
  2⤵
  PID:820
- C:\Windows\System\fUljaBN.exe
  C:\Windows\System\fUljaBN.exe
  2⤵
  PID:2912
- C:\Windows\System\KjsggsG.exe
  C:\Windows\System\KjsggsG.exe
  2⤵
  PID:1440
- C:\Windows\System\aGQElbN.exe
  C:\Windows\System\aGQElbN.exe
  2⤵
  PID:3056
- C:\Windows\System\CCWepxD.exe
  C:\Windows\System\CCWepxD.exe
  2⤵
  PID:404
- C:\Windows\System\dBcSMHU.exe
  C:\Windows\System\dBcSMHU.exe
  2⤵
  PID:1136
- C:\Windows\System\lXGXguB.exe
  C:\Windows\System\lXGXguB.exe
  2⤵
  PID:1480
- C:\Windows\System\PwORpDh.exe
  C:\Windows\System\PwORpDh.exe
  2⤵
  PID:1572
- C:\Windows\System\xERcyuY.exe
  C:\Windows\System\xERcyuY.exe
  2⤵
  PID:2272
- C:\Windows\System\bxylOUF.exe
  C:\Windows\System\bxylOUF.exe
  2⤵
  PID:1312
- C:\Windows\System\xmojMwb.exe
  C:\Windows\System\xmojMwb.exe
  2⤵
  PID:1608
- C:\Windows\System\AXeeKck.exe
  C:\Windows\System\AXeeKck.exe
  2⤵
  PID:2996
- C:\Windows\System\InJdDVk.exe
  C:\Windows\System\InJdDVk.exe
  2⤵
  PID:2824
- C:\Windows\System\NkYYpFK.exe
  C:\Windows\System\NkYYpFK.exe
  2⤵
  PID:2632
- C:\Windows\System\NSKPRNZ.exe
  C:\Windows\System\NSKPRNZ.exe
  2⤵
  PID:2764
- C:\Windows\System\wRKsdTE.exe
  C:\Windows\System\wRKsdTE.exe
  2⤵
  PID:2128
- C:\Windows\System\hAdsmDT.exe
  C:\Windows\System\hAdsmDT.exe
  2⤵
  PID:2376
- C:\Windows\System\xcXIDDQ.exe
  C:\Windows\System\xcXIDDQ.exe
  2⤵
  PID:2548
- C:\Windows\System\krPEdni.exe
  C:\Windows\System\krPEdni.exe
  2⤵
  PID:2596
- C:\Windows\System\IXARqKp.exe
  C:\Windows\System\IXARqKp.exe
  2⤵
  PID:1984
- C:\Windows\System\jTGBDKu.exe
  C:\Windows\System\jTGBDKu.exe
  2⤵
  PID:1952
- C:\Windows\System\XKWwdXU.exe
  C:\Windows\System\XKWwdXU.exe
  2⤵
  PID:684
- C:\Windows\System\TDeoIdO.exe
  C:\Windows\System\TDeoIdO.exe
  2⤵
  PID:1860
- C:\Windows\System\MatIWol.exe
  C:\Windows\System\MatIWol.exe
  2⤵
  PID:1960
- C:\Windows\System\aUdTXoa.exe
  C:\Windows\System\aUdTXoa.exe
  2⤵
  PID:2228
- C:\Windows\System\STGKXTO.exe
  C:\Windows\System\STGKXTO.exe
  2⤵
  PID:2156
- C:\Windows\System\uDezQin.exe
  C:\Windows\System\uDezQin.exe
  2⤵
  PID:1552
- C:\Windows\System\lFPxBms.exe
  C:\Windows\System\lFPxBms.exe
  2⤵
  PID:1028
- C:\Windows\System\qxWSrfk.exe
  C:\Windows\System\qxWSrfk.exe
  2⤵
  PID:1756
- C:\Windows\System\ZGSjOWW.exe
  C:\Windows\System\ZGSjOWW.exe
  2⤵
  PID:1896
- C:\Windows\System\CDDDRSw.exe
  C:\Windows\System\CDDDRSw.exe
  2⤵
  PID:880
- C:\Windows\System\xZjViaM.exe
  C:\Windows\System\xZjViaM.exe
  2⤵
  PID:1084
- C:\Windows\System\ThqhLEn.exe
  C:\Windows\System\ThqhLEn.exe
  2⤵
  PID:2724
- C:\Windows\System\WoHbiWK.exe
  C:\Windows\System\WoHbiWK.exe
  2⤵
  PID:2808
- C:\Windows\System\vhAjBOp.exe
  C:\Windows\System\vhAjBOp.exe
  2⤵
  PID:2916
- C:\Windows\System\IRMbfyp.exe
  C:\Windows\System\IRMbfyp.exe
  2⤵
  PID:2336
- C:\Windows\System\JITVsqx.exe
  C:\Windows\System\JITVsqx.exe
  2⤵
  PID:1948
- C:\Windows\System\QVysjmJ.exe
  C:\Windows\System\QVysjmJ.exe
  2⤵
  PID:2448
- C:\Windows\System\BGRGujn.exe
  C:\Windows\System\BGRGujn.exe
  2⤵
  PID:1708
- C:\Windows\System\dvMqkAz.exe
  C:\Windows\System\dvMqkAz.exe
  2⤵
  PID:2800
- C:\Windows\System\dBRsTQh.exe
  C:\Windows\System\dBRsTQh.exe
  2⤵
  PID:2360
- C:\Windows\System\qvcyRdV.exe
  C:\Windows\System\qvcyRdV.exe
  2⤵
  PID:3012
- C:\Windows\System\hRThiHZ.exe
  C:\Windows\System\hRThiHZ.exe
  2⤵
  PID:1716
- C:\Windows\System\HlNBtzt.exe
  C:\Windows\System\HlNBtzt.exe
  2⤵
  PID:2496
- C:\Windows\System\GjwGBqy.exe
  C:\Windows\System\GjwGBqy.exe
  2⤵
  PID:2876
- C:\Windows\System\rOUWfOB.exe
  C:\Windows\System\rOUWfOB.exe
  2⤵
  PID:1872
- C:\Windows\System\LCWDUBN.exe
  C:\Windows\System\LCWDUBN.exe
  2⤵
  PID:2624
- C:\Windows\System\GVGQUSw.exe
  C:\Windows\System\GVGQUSw.exe
  2⤵
  PID:348
- C:\Windows\System\yEQgDMC.exe
  C:\Windows\System\yEQgDMC.exe
  2⤵
  PID:1944
- C:\Windows\System\aMfWNYg.exe
  C:\Windows\System\aMfWNYg.exe
  2⤵
  PID:868
- C:\Windows\System\mXYhoPt.exe
  C:\Windows\System\mXYhoPt.exe
  2⤵
  PID:2828
- C:\Windows\System\zFURjtN.exe
  C:\Windows\System\zFURjtN.exe
  2⤵
  PID:1428
- C:\Windows\System\eiovzER.exe
  C:\Windows\System\eiovzER.exe
  2⤵
  PID:2904
- C:\Windows\System\hTOKJXr.exe
  C:\Windows\System\hTOKJXr.exe
  2⤵
  PID:2852
- C:\Windows\System\rNqzNME.exe
  C:\Windows\System\rNqzNME.exe
  2⤵
  PID:1800
- C:\Windows\System\RJSxmaS.exe
  C:\Windows\System\RJSxmaS.exe
  2⤵
  PID:3088
- C:\Windows\System\eNmyNyf.exe
  C:\Windows\System\eNmyNyf.exe
  2⤵
  PID:3108
- C:\Windows\System\FKfqUao.exe
  C:\Windows\System\FKfqUao.exe
  2⤵
  PID:3128
- C:\Windows\System\VVoXuVE.exe
  C:\Windows\System\VVoXuVE.exe
  2⤵
  PID:3144
- C:\Windows\System\QRgFOVu.exe
  C:\Windows\System\QRgFOVu.exe
  2⤵
  PID:3164
- C:\Windows\System\QVgBQBR.exe
  C:\Windows\System\QVgBQBR.exe
  2⤵
  PID:3188
- C:\Windows\System\UhDyFYt.exe
  C:\Windows\System\UhDyFYt.exe
  2⤵
  PID:3208
- C:\Windows\System\PohyFfZ.exe
  C:\Windows\System\PohyFfZ.exe
  2⤵
  PID:3224
- C:\Windows\System\ztOAtcT.exe
  C:\Windows\System\ztOAtcT.exe
  2⤵
  PID:3244
- C:\Windows\System\vnFSBau.exe
  C:\Windows\System\vnFSBau.exe
  2⤵
  PID:3260
- C:\Windows\System\IPKPJyb.exe
  C:\Windows\System\IPKPJyb.exe
  2⤵
  PID:3280
- C:\Windows\System\fEvHvyV.exe
  C:\Windows\System\fEvHvyV.exe
  2⤵
  PID:3300
- C:\Windows\System\WbgEUkg.exe
  C:\Windows\System\WbgEUkg.exe
  2⤵
  PID:3328
- C:\Windows\System\iyGAklF.exe
  C:\Windows\System\iyGAklF.exe
  2⤵
  PID:3348
- C:\Windows\System\TyZZGaN.exe
  C:\Windows\System\TyZZGaN.exe
  2⤵
  PID:3364
- C:\Windows\System\WDEKhCW.exe
  C:\Windows\System\WDEKhCW.exe
  2⤵
  PID:3392
- C:\Windows\System\JUEVBnr.exe
  C:\Windows\System\JUEVBnr.exe
  2⤵
  PID:3412
- C:\Windows\System\LwVyZlh.exe
  C:\Windows\System\LwVyZlh.exe
  2⤵
  PID:3440
- C:\Windows\System\VbQsjRl.exe
  C:\Windows\System\VbQsjRl.exe
  2⤵
  PID:3460
- C:\Windows\System\bSJoRSp.exe
  C:\Windows\System\bSJoRSp.exe
  2⤵
  PID:3476
- C:\Windows\System\btxGZma.exe
  C:\Windows\System\btxGZma.exe
  2⤵
  PID:3496
- C:\Windows\System\wyZJvrx.exe
  C:\Windows\System\wyZJvrx.exe
  2⤵
  PID:3520
- C:\Windows\System\BTcnuzy.exe
  C:\Windows\System\BTcnuzy.exe
  2⤵
  PID:3540
- C:\Windows\System\pQfIWIQ.exe
  C:\Windows\System\pQfIWIQ.exe
  2⤵
  PID:3556
- C:\Windows\System\sFduAVS.exe
  C:\Windows\System\sFduAVS.exe
  2⤵
  PID:3572
- C:\Windows\System\BBKpYzv.exe
  C:\Windows\System\BBKpYzv.exe
  2⤵
  PID:3588
- C:\Windows\System\yJItUsS.exe
  C:\Windows\System\yJItUsS.exe
  2⤵
  PID:3612
- C:\Windows\System\bLFWNgr.exe
  C:\Windows\System\bLFWNgr.exe
  2⤵
  PID:3628
- C:\Windows\System\GgqMJkR.exe
  C:\Windows\System\GgqMJkR.exe
  2⤵
  PID:3644
- C:\Windows\System\ZmMiLhw.exe
  C:\Windows\System\ZmMiLhw.exe
  2⤵
  PID:3660
- C:\Windows\System\gKexhGj.exe
  C:\Windows\System\gKexhGj.exe
  2⤵
  PID:3680
- C:\Windows\System\YiMEPQW.exe
  C:\Windows\System\YiMEPQW.exe
  2⤵
  PID:3704
- C:\Windows\System\dkSuUEN.exe
  C:\Windows\System\dkSuUEN.exe
  2⤵
  PID:3728
- C:\Windows\System\SDUKztQ.exe
  C:\Windows\System\SDUKztQ.exe
  2⤵
  PID:3748
- C:\Windows\System\QiXuquw.exe
  C:\Windows\System\QiXuquw.exe
  2⤵
  PID:3768
- C:\Windows\System\sokPsFg.exe
  C:\Windows\System\sokPsFg.exe
  2⤵
  PID:3788
- C:\Windows\System\OndpRJD.exe
  C:\Windows\System\OndpRJD.exe
  2⤵
  PID:3808
- C:\Windows\System\SzWUWpk.exe
  C:\Windows\System\SzWUWpk.exe
  2⤵
  PID:3840
- C:\Windows\System\fMlYUDk.exe
  C:\Windows\System\fMlYUDk.exe
  2⤵
  PID:3856
- C:\Windows\System\jlqHmdQ.exe
  C:\Windows\System\jlqHmdQ.exe
  2⤵
  PID:3876
- C:\Windows\System\ViWLMwt.exe
  C:\Windows\System\ViWLMwt.exe
  2⤵
  PID:3896
- C:\Windows\System\AcgydFb.exe
  C:\Windows\System\AcgydFb.exe
  2⤵
  PID:3912
- C:\Windows\System\iFfJsDt.exe
  C:\Windows\System\iFfJsDt.exe
  2⤵
  PID:3932
- C:\Windows\System\INbwFsC.exe
  C:\Windows\System\INbwFsC.exe
  2⤵
  PID:3952
- C:\Windows\System\tLGLYJT.exe
  C:\Windows\System\tLGLYJT.exe
  2⤵
  PID:3968
- C:\Windows\System\npVyeQm.exe
  C:\Windows\System\npVyeQm.exe
  2⤵
  PID:3996
- C:\Windows\System\fWAdzPM.exe
  C:\Windows\System\fWAdzPM.exe
  2⤵
  PID:4016
- C:\Windows\System\pByqXTw.exe
  C:\Windows\System\pByqXTw.exe
  2⤵
  PID:4036
- C:\Windows\System\wiLICxT.exe
  C:\Windows\System\wiLICxT.exe
  2⤵
  PID:4052
- C:\Windows\System\pTASEdu.exe
  C:\Windows\System\pTASEdu.exe
  2⤵
  PID:4068
- C:\Windows\System\NSMtEgb.exe
  C:\Windows\System\NSMtEgb.exe
  2⤵
  PID:4084
- C:\Windows\System\cbTeOsW.exe
  C:\Windows\System\cbTeOsW.exe
  2⤵
  PID:2796
- C:\Windows\System\ZpETUdf.exe
  C:\Windows\System\ZpETUdf.exe
  2⤵
  PID:2372
- C:\Windows\System\UxbfRor.exe
  C:\Windows\System\UxbfRor.exe
  2⤵
  PID:1612
- C:\Windows\System\OoIOXLV.exe
  C:\Windows\System\OoIOXLV.exe
  2⤵
  PID:1972
- C:\Windows\System\IlIDTSb.exe
  C:\Windows\System\IlIDTSb.exe
  2⤵
  PID:1532
- C:\Windows\System\BwTLrvp.exe
  C:\Windows\System\BwTLrvp.exe
  2⤵
  PID:3116
- C:\Windows\System\GhNzuVU.exe
  C:\Windows\System\GhNzuVU.exe
  2⤵
  PID:3120
- C:\Windows\System\mDEleRO.exe
  C:\Windows\System\mDEleRO.exe
  2⤵
  PID:2628
- C:\Windows\System\hyCNppA.exe
  C:\Windows\System\hyCNppA.exe
  2⤵
  PID:3196
- C:\Windows\System\GbbfHDX.exe
  C:\Windows\System\GbbfHDX.exe
  2⤵
  PID:1072
- C:\Windows\System\ZSUmJRm.exe
  C:\Windows\System\ZSUmJRm.exe
  2⤵
  PID:3236
- C:\Windows\System\GjzCenk.exe
  C:\Windows\System\GjzCenk.exe
  2⤵
  PID:3272
- C:\Windows\System\vWcYBXR.exe
  C:\Windows\System\vWcYBXR.exe
  2⤵
  PID:1868
- C:\Windows\System\WXXBZTf.exe
  C:\Windows\System\WXXBZTf.exe
  2⤵
  PID:3320
- C:\Windows\System\shXdHtM.exe
  C:\Windows\System\shXdHtM.exe
  2⤵
  PID:3180
- C:\Windows\System\oavVmfw.exe
  C:\Windows\System\oavVmfw.exe
  2⤵
  PID:3104
- C:\Windows\System\FgJnZOY.exe
  C:\Windows\System\FgJnZOY.exe
  2⤵
  PID:3176
- C:\Windows\System\MyaOWDW.exe
  C:\Windows\System\MyaOWDW.exe
  2⤵
  PID:3296
- C:\Windows\System\DZUQbTy.exe
  C:\Windows\System\DZUQbTy.exe
  2⤵
  PID:3448
- C:\Windows\System\EAsvWXa.exe
  C:\Windows\System\EAsvWXa.exe
  2⤵
  PID:3492
- C:\Windows\System\WuZVALP.exe
  C:\Windows\System\WuZVALP.exe
  2⤵
  PID:3532
- C:\Windows\System\NTPujaT.exe
  C:\Windows\System\NTPujaT.exe
  2⤵
  PID:3384
- C:\Windows\System\BRnpoQM.exe
  C:\Windows\System\BRnpoQM.exe
  2⤵
  PID:3372
- C:\Windows\System\fXxaQoj.exe
  C:\Windows\System\fXxaQoj.exe
  2⤵
  PID:3432
- C:\Windows\System\HoWXUJI.exe
  C:\Windows\System\HoWXUJI.exe
  2⤵
  PID:3472
- C:\Windows\System\pusLjFi.exe
  C:\Windows\System\pusLjFi.exe
  2⤵
  PID:3716
- C:\Windows\System\xgeEIYI.exe
  C:\Windows\System\xgeEIYI.exe
  2⤵
  PID:952
- C:\Windows\System\qabtuPC.exe
  C:\Windows\System\qabtuPC.exe
  2⤵
  PID:3548
- C:\Windows\System\VMATiRI.exe
  C:\Windows\System\VMATiRI.exe
  2⤵
  PID:3764
- C:\Windows\System\wvvZnGA.exe
  C:\Windows\System\wvvZnGA.exe
  2⤵
  PID:3620
- C:\Windows\System\BsCsFFJ.exe
  C:\Windows\System\BsCsFFJ.exe
  2⤵
  PID:3696
- C:\Windows\System\uLxGAOx.exe
  C:\Windows\System\uLxGAOx.exe
  2⤵
  PID:3804
- C:\Windows\System\JLEqZee.exe
  C:\Windows\System\JLEqZee.exe
  2⤵
  PID:3884
- C:\Windows\System\gUABjDV.exe
  C:\Windows\System\gUABjDV.exe
  2⤵
  PID:1232
- C:\Windows\System\ijzcPZe.exe
  C:\Windows\System\ijzcPZe.exe
  2⤵
  PID:2900
- C:\Windows\System\anCLZfe.exe
  C:\Windows\System\anCLZfe.exe
  2⤵
  PID:3964
- C:\Windows\System\HVGYEmA.exe
  C:\Windows\System\HVGYEmA.exe
  2⤵
  PID:4044
- C:\Windows\System\lhQhWkr.exe
  C:\Windows\System\lhQhWkr.exe
  2⤵
  PID:1740
- C:\Windows\System\mePqQVC.exe
  C:\Windows\System\mePqQVC.exe
  2⤵
  PID:3084
- C:\Windows\System\CPQWywx.exe
  C:\Windows\System\CPQWywx.exe
  2⤵
  PID:2144
- C:\Windows\System\bOYYMnr.exe
  C:\Windows\System\bOYYMnr.exe
  2⤵
  PID:4112
- C:\Windows\System\FebCrEb.exe
  C:\Windows\System\FebCrEb.exe
  2⤵
  PID:4180
- C:\Windows\System\KAhEPoM.exe
  C:\Windows\System\KAhEPoM.exe
  2⤵
  PID:4196
- C:\Windows\System\CezXbCy.exe
  C:\Windows\System\CezXbCy.exe
  2⤵
  PID:4212
- C:\Windows\System\kRJTbSk.exe
  C:\Windows\System\kRJTbSk.exe
  2⤵
  PID:4228
- C:\Windows\System\jedcgGM.exe
  C:\Windows\System\jedcgGM.exe
  2⤵
  PID:4244
- C:\Windows\System\LsndcfM.exe
  C:\Windows\System\LsndcfM.exe
  2⤵
  PID:4260
- C:\Windows\System\UTYEGti.exe
  C:\Windows\System\UTYEGti.exe
  2⤵
  PID:4276
- C:\Windows\System\eYjguhc.exe
  C:\Windows\System\eYjguhc.exe
  2⤵
  PID:4292
- C:\Windows\System\BSuvhIb.exe
  C:\Windows\System\BSuvhIb.exe
  2⤵
  PID:4308
- C:\Windows\System\oCZEVmh.exe
  C:\Windows\System\oCZEVmh.exe
  2⤵
  PID:4324
- C:\Windows\System\SNhpIVI.exe
  C:\Windows\System\SNhpIVI.exe
  2⤵
  PID:4340
- C:\Windows\System\TgDOUDI.exe
  C:\Windows\System\TgDOUDI.exe
  2⤵
  PID:4356
- C:\Windows\System\KiJFBIw.exe
  C:\Windows\System\KiJFBIw.exe
  2⤵
  PID:4372
- C:\Windows\System\KZvQNoT.exe
  C:\Windows\System\KZvQNoT.exe
  2⤵
  PID:4388
- C:\Windows\System\hIWxjIN.exe
  C:\Windows\System\hIWxjIN.exe
  2⤵
  PID:4404
- C:\Windows\System\ZRjODla.exe
  C:\Windows\System\ZRjODla.exe
  2⤵
  PID:4420
- C:\Windows\System\FaPhJkX.exe
  C:\Windows\System\FaPhJkX.exe
  2⤵
  PID:4436
- C:\Windows\System\zXWFIQk.exe
  C:\Windows\System\zXWFIQk.exe
  2⤵
  PID:4452
- C:\Windows\System\iCKHcIq.exe
  C:\Windows\System\iCKHcIq.exe
  2⤵
  PID:4468
- C:\Windows\System\fBqdgGm.exe
  C:\Windows\System\fBqdgGm.exe
  2⤵
  PID:4484
- C:\Windows\System\GlGXJwS.exe
  C:\Windows\System\GlGXJwS.exe
  2⤵
  PID:4500
- C:\Windows\System\pYkBAoh.exe
  C:\Windows\System\pYkBAoh.exe
  2⤵
  PID:4516
- C:\Windows\System\DiPyAnq.exe
  C:\Windows\System\DiPyAnq.exe
  2⤵
  PID:4532
- C:\Windows\System\xWlYhrj.exe
  C:\Windows\System\xWlYhrj.exe
  2⤵
  PID:4548
- C:\Windows\System\lzBPTyT.exe
  C:\Windows\System\lzBPTyT.exe
  2⤵
  PID:4564
- C:\Windows\System\RctrFWy.exe
  C:\Windows\System\RctrFWy.exe
  2⤵
  PID:4580
- C:\Windows\System\VJEeFuw.exe
  C:\Windows\System\VJEeFuw.exe
  2⤵
  PID:4596
- C:\Windows\System\jGdSzaZ.exe
  C:\Windows\System\jGdSzaZ.exe
  2⤵
  PID:4612
- C:\Windows\System\fNdqQVa.exe
  C:\Windows\System\fNdqQVa.exe
  2⤵
  PID:4628
- C:\Windows\System\LmcGHDh.exe
  C:\Windows\System\LmcGHDh.exe
  2⤵
  PID:4644
- C:\Windows\System\ZAEzwpy.exe
  C:\Windows\System\ZAEzwpy.exe
  2⤵
  PID:4660
- C:\Windows\System\FxCNJNJ.exe
  C:\Windows\System\FxCNJNJ.exe
  2⤵
  PID:4676
- C:\Windows\System\jiKQgan.exe
  C:\Windows\System\jiKQgan.exe
  2⤵
  PID:4692
- C:\Windows\System\HgbYHGw.exe
  C:\Windows\System\HgbYHGw.exe
  2⤵
  PID:4708
- C:\Windows\System\tWFOYsk.exe
  C:\Windows\System\tWFOYsk.exe
  2⤵
  PID:4724
- C:\Windows\System\GYBFKZr.exe
  C:\Windows\System\GYBFKZr.exe
  2⤵
  PID:4740
- C:\Windows\System\LcSGCVk.exe
  C:\Windows\System\LcSGCVk.exe
  2⤵
  PID:4760
- C:\Windows\System\GoJiEHs.exe
  C:\Windows\System\GoJiEHs.exe
  2⤵
  PID:4776
- C:\Windows\System\WYJbLUe.exe
  C:\Windows\System\WYJbLUe.exe
  2⤵
  PID:4792
- C:\Windows\System\RyOIWFX.exe
  C:\Windows\System\RyOIWFX.exe
  2⤵
  PID:4808
- C:\Windows\System\KQSaqyz.exe
  C:\Windows\System\KQSaqyz.exe
  2⤵
  PID:4824
- C:\Windows\System\tbbOCwz.exe
  C:\Windows\System\tbbOCwz.exe
  2⤵
  PID:4840
- C:\Windows\System\RDrgNsG.exe
  C:\Windows\System\RDrgNsG.exe
  2⤵
  PID:4856
- C:\Windows\System\CbEGcMu.exe
  C:\Windows\System\CbEGcMu.exe
  2⤵
  PID:4872
- C:\Windows\System\EFthCQG.exe
  C:\Windows\System\EFthCQG.exe
  2⤵
  PID:4888
- C:\Windows\System\bmrldYk.exe
  C:\Windows\System\bmrldYk.exe
  2⤵
  PID:4904
- C:\Windows\System\UcQDLhM.exe
  C:\Windows\System\UcQDLhM.exe
  2⤵
  PID:4920
- C:\Windows\System\YEbDXCt.exe
  C:\Windows\System\YEbDXCt.exe
  2⤵
  PID:4936
- C:\Windows\System\FiKZyZs.exe
  C:\Windows\System\FiKZyZs.exe
  2⤵
  PID:4952
- C:\Windows\System\aDoboOB.exe
  C:\Windows\System\aDoboOB.exe
  2⤵
  PID:4972
- C:\Windows\System\SPiNcim.exe
  C:\Windows\System\SPiNcim.exe
  2⤵
  PID:4988
- C:\Windows\System\CLgrrcn.exe
  C:\Windows\System\CLgrrcn.exe
  2⤵
  PID:5004
- C:\Windows\System\OpzaMxw.exe
  C:\Windows\System\OpzaMxw.exe
  2⤵
  PID:5020
- C:\Windows\System\wLJfobo.exe
  C:\Windows\System\wLJfobo.exe
  2⤵
  PID:5036
- C:\Windows\System\VQpbKzn.exe
  C:\Windows\System\VQpbKzn.exe
  2⤵
  PID:5052
- C:\Windows\System\HXkYvzy.exe
  C:\Windows\System\HXkYvzy.exe
  2⤵
  PID:5068
- C:\Windows\System\nBdXeZV.exe
  C:\Windows\System\nBdXeZV.exe
  2⤵
  PID:5084
- C:\Windows\System\CFtBnTp.exe
  C:\Windows\System\CFtBnTp.exe
  2⤵
  PID:5100
- C:\Windows\System\bphQDBJ.exe
  C:\Windows\System\bphQDBJ.exe
  2⤵
  PID:5116
- C:\Windows\System\vvZulpu.exe
  C:\Windows\System\vvZulpu.exe
  2⤵
  PID:2116
- C:\Windows\System\FxdhDuX.exe
  C:\Windows\System\FxdhDuX.exe
  2⤵
  PID:3288
- C:\Windows\System\evyUDcp.exe
  C:\Windows\System\evyUDcp.exe
  2⤵
  PID:3780
- C:\Windows\System\AzQVcsh.exe
  C:\Windows\System\AzQVcsh.exe
  2⤵
  PID:3736
- C:\Windows\System\PBAelPC.exe
  C:\Windows\System\PBAelPC.exe
  2⤵
  PID:3452
- C:\Windows\System\jKgqKdJ.exe
  C:\Windows\System\jKgqKdJ.exe
  2⤵
  PID:3336
- C:\Windows\System\sCFmuvc.exe
  C:\Windows\System\sCFmuvc.exe
  2⤵
  PID:3604
- C:\Windows\System\RRNSvAD.exe
  C:\Windows\System\RRNSvAD.exe
  2⤵
  PID:3640
- C:\Windows\System\iXaJoEC.exe
  C:\Windows\System\iXaJoEC.exe
  2⤵
  PID:3512
- C:\Windows\System\UfknGxy.exe
  C:\Windows\System\UfknGxy.exe
  2⤵
  PID:3740
- C:\Windows\System\TNsWjko.exe
  C:\Windows\System\TNsWjko.exe
  2⤵
  PID:2696
- C:\Windows\System\OhoWKgS.exe
  C:\Windows\System\OhoWKgS.exe
  2⤵
  PID:3160
- C:\Windows\System\AMfRubL.exe
  C:\Windows\System\AMfRubL.exe
  2⤵
  PID:3824
- C:\Windows\System\vDqBtuR.exe
  C:\Windows\System\vDqBtuR.exe
  2⤵
  PID:3836
- C:\Windows\System\ReEoFLb.exe
  C:\Windows\System\ReEoFLb.exe
  2⤵
  PID:3976
- C:\Windows\System\ZSevKdI.exe
  C:\Windows\System\ZSevKdI.exe
  2⤵
  PID:4176
- C:\Windows\System\BWPbVVa.exe
  C:\Windows\System\BWPbVVa.exe
  2⤵
  PID:2000
- C:\Windows\System\CpiEvab.exe
  C:\Windows\System\CpiEvab.exe
  2⤵
  PID:3528
- C:\Windows\System\njjuTpN.exe
  C:\Windows\System\njjuTpN.exe
  2⤵
  PID:3568
- C:\Windows\System\JIUUWhG.exe
  C:\Windows\System\JIUUWhG.exe
  2⤵
  PID:3504
- C:\Windows\System\uJZhnyl.exe
  C:\Windows\System\uJZhnyl.exe
  2⤵
  PID:3656
- C:\Windows\System\yIfieiE.exe
  C:\Windows\System\yIfieiE.exe
  2⤵
  PID:3924
- C:\Windows\System\JraUihb.exe
  C:\Windows\System\JraUihb.exe
  2⤵
  PID:1032
- C:\Windows\System\ZOOWrAw.exe
  C:\Windows\System\ZOOWrAw.exe
  2⤵
  PID:3220
- C:\Windows\System\MvJGtlO.exe
  C:\Windows\System\MvJGtlO.exe
  2⤵
  PID:3096
- C:\Windows\System\QnHmXhA.exe
  C:\Windows\System\QnHmXhA.exe
  2⤵
  PID:2468
- C:\Windows\System\dWRMuxM.exe
  C:\Windows\System\dWRMuxM.exe
  2⤵
  PID:1336
- C:\Windows\System\jIQWvGS.exe
  C:\Windows\System\jIQWvGS.exe
  2⤵
  PID:4064
- C:\Windows\System\poXqKbL.exe
  C:\Windows\System\poXqKbL.exe
  2⤵
  PID:3984
- C:\Windows\System\XqqeiTn.exe
  C:\Windows\System\XqqeiTn.exe
  2⤵
  PID:4208
- C:\Windows\System\pFqOGwV.exe
  C:\Windows\System\pFqOGwV.exe
  2⤵
  PID:4220
- C:\Windows\System\UVBIdTz.exe
  C:\Windows\System\UVBIdTz.exe
  2⤵
  PID:4256
- C:\Windows\System\cVBoWqN.exe
  C:\Windows\System\cVBoWqN.exe
  2⤵
  PID:4332
- C:\Windows\System\GXMKvFJ.exe
  C:\Windows\System\GXMKvFJ.exe
  2⤵
  PID:4336
- C:\Windows\System\YCXjTny.exe
  C:\Windows\System\YCXjTny.exe
  2⤵
  PID:4364
- C:\Windows\System\uTPQKUe.exe
  C:\Windows\System\uTPQKUe.exe
  2⤵
  PID:4396
- C:\Windows\System\dYqefCK.exe
  C:\Windows\System\dYqefCK.exe
  2⤵
  PID:4412
- C:\Windows\System\WqIzick.exe
  C:\Windows\System\WqIzick.exe
  2⤵
  PID:4444
- C:\Windows\System\bPdZROM.exe
  C:\Windows\System\bPdZROM.exe
  2⤵
  PID:4476
- C:\Windows\System\rJsLRXD.exe
  C:\Windows\System\rJsLRXD.exe
  2⤵
  PID:4512
- C:\Windows\System\HERziDy.exe
  C:\Windows\System\HERziDy.exe
  2⤵
  PID:4560
- C:\Windows\System\lWiYBBn.exe
  C:\Windows\System\lWiYBBn.exe
  2⤵
  PID:4572
- C:\Windows\System\hPkqqSY.exe
  C:\Windows\System\hPkqqSY.exe
  2⤵
  PID:4608
- C:\Windows\System\BffQhMc.exe
  C:\Windows\System\BffQhMc.exe
  2⤵
  PID:4656
- C:\Windows\System\hQRKWiG.exe
  C:\Windows\System\hQRKWiG.exe
  2⤵
  PID:4716
- C:\Windows\System\fEGMmPF.exe
  C:\Windows\System\fEGMmPF.exe
  2⤵
  PID:4700
- C:\Windows\System\xTRGVYu.exe
  C:\Windows\System\xTRGVYu.exe
  2⤵
  PID:4732
- C:\Windows\System\CdXaWjN.exe
  C:\Windows\System\CdXaWjN.exe
  2⤵
  PID:4788
- C:\Windows\System\VVODvEv.exe
  C:\Windows\System\VVODvEv.exe
  2⤵
  PID:4820
- C:\Windows\System\iGsIYNg.exe
  C:\Windows\System\iGsIYNg.exe
  2⤵
  PID:4832
- C:\Windows\System\MwUqEGY.exe
  C:\Windows\System\MwUqEGY.exe
  2⤵
  PID:4884
- C:\Windows\System\XwikKZR.exe
  C:\Windows\System\XwikKZR.exe
  2⤵
  PID:4864
- C:\Windows\System\pAhkkRG.exe
  C:\Windows\System\pAhkkRG.exe
  2⤵
  PID:4948
- C:\Windows\System\goIBdlr.exe
  C:\Windows\System\goIBdlr.exe
  2⤵
  PID:4964
- C:\Windows\System\uYWkMJC.exe
  C:\Windows\System\uYWkMJC.exe
  2⤵
  PID:5016
- C:\Windows\System\JOimJiY.exe
  C:\Windows\System\JOimJiY.exe
  2⤵
  PID:5048
- C:\Windows\System\tcqhpnb.exe
  C:\Windows\System\tcqhpnb.exe
  2⤵
  PID:5080
- C:\Windows\System\wTtALrU.exe
  C:\Windows\System\wTtALrU.exe
  2⤵
  PID:5112
- C:\Windows\System\yiszxuG.exe
  C:\Windows\System\yiszxuG.exe
  2⤵
  PID:5096
- C:\Windows\System\WmJuIzp.exe
  C:\Windows\System\WmJuIzp.exe
  2⤵
  PID:3232
- C:\Windows\System\lnmDWmt.exe
  C:\Windows\System\lnmDWmt.exe
  2⤵
  PID:3820
- C:\Windows\System\ITJfVdC.exe
  C:\Windows\System\ITJfVdC.exe
  2⤵
  PID:3380
- C:\Windows\System\oViBIFN.exe
  C:\Windows\System\oViBIFN.exe
  2⤵
  PID:3676
- C:\Windows\System\AwJNisC.exe
  C:\Windows\System\AwJNisC.exe
  2⤵
  PID:4076
- C:\Windows\System\myvHaPI.exe
  C:\Windows\System\myvHaPI.exe
  2⤵
  PID:4752
- C:\Windows\System\CQOaZMW.exe
  C:\Windows\System\CQOaZMW.exe
  2⤵
  PID:3944
- C:\Windows\System\jXunzpr.exe
  C:\Windows\System\jXunzpr.exe
  2⤵
  PID:3948
- C:\Windows\System\UZGTuPC.exe
  C:\Windows\System\UZGTuPC.exe
  2⤵
  PID:3404
- C:\Windows\System\rThhzxF.exe
  C:\Windows\System\rThhzxF.exe
  2⤵
  PID:3852
- C:\Windows\System\TTPVyJd.exe
  C:\Windows\System\TTPVyJd.exe
  2⤵
  PID:3652
- C:\Windows\System\tDxazVK.exe
  C:\Windows\System\tDxazVK.exe
  2⤵
  PID:3216
- C:\Windows\System\zTdldIc.exe
  C:\Windows\System\zTdldIc.exe
  2⤵
  PID:3356
- C:\Windows\System\hmdVYKG.exe
  C:\Windows\System\hmdVYKG.exe
  2⤵
  PID:4092
- C:\Windows\System\WwJnuiT.exe
  C:\Windows\System\WwJnuiT.exe
  2⤵
  PID:4192
- C:\Windows\System\AmWXBGz.exe
  C:\Windows\System\AmWXBGz.exe
  2⤵
  PID:4240
- C:\Windows\System\HRottWH.exe
  C:\Windows\System\HRottWH.exe
  2⤵
  PID:4432
- C:\Windows\System\zMFrpih.exe
  C:\Windows\System\zMFrpih.exe
  2⤵
  PID:4348
- C:\Windows\System\eGxhdTf.exe
  C:\Windows\System\eGxhdTf.exe
  2⤵
  PID:4508
- C:\Windows\System\kJBBUnn.exe
  C:\Windows\System\kJBBUnn.exe
  2⤵
  PID:4652
- C:\Windows\System\cekaeDq.exe
  C:\Windows\System\cekaeDq.exe
  2⤵
  PID:4540
- C:\Windows\System\sBXqyHN.exe
  C:\Windows\System\sBXqyHN.exe
  2⤵
  PID:4684
- C:\Windows\System\jkggYdt.exe
  C:\Windows\System\jkggYdt.exe
  2⤵
  PID:4804
- C:\Windows\System\Foklnzr.exe
  C:\Windows\System\Foklnzr.exe
  2⤵
  PID:4912
- C:\Windows\System\sKRyVBZ.exe
  C:\Windows\System\sKRyVBZ.exe
  2⤵
  PID:4836
- C:\Windows\System\HBXxFKD.exe
  C:\Windows\System\HBXxFKD.exe
  2⤵
  PID:4980
- C:\Windows\System\eaeNrYu.exe
  C:\Windows\System\eaeNrYu.exe
  2⤵
  PID:4968
- C:\Windows\System\ZlhIYhn.exe
  C:\Windows\System\ZlhIYhn.exe
  2⤵
  PID:5028
- C:\Windows\System\IyPlNpk.exe
  C:\Windows\System\IyPlNpk.exe
  2⤵
  PID:3268
- C:\Windows\System\qefKKjb.exe
  C:\Windows\System\qefKKjb.exe
  2⤵
  PID:5092
- C:\Windows\System\DdlaDnV.exe
  C:\Windows\System\DdlaDnV.exe
  2⤵
  PID:3688
- C:\Windows\System\GyPseXB.exe
  C:\Windows\System\GyPseXB.exe
  2⤵
  PID:1676
- C:\Windows\System\dnBYrYX.exe
  C:\Windows\System\dnBYrYX.exe
  2⤵
  PID:3864
- C:\Windows\System\dBzOZxl.exe
  C:\Windows\System\dBzOZxl.exe
  2⤵
  PID:3720
- C:\Windows\System\DPirJEF.exe
  C:\Windows\System\DPirJEF.exe
  2⤵
  PID:1452
- C:\Windows\System\uQnDyhK.exe
  C:\Windows\System\uQnDyhK.exe
  2⤵
  PID:2600
- C:\Windows\System\fSkBApg.exe
  C:\Windows\System\fSkBApg.exe
  2⤵
  PID:2132
- C:\Windows\System\MKBEqCb.exe
  C:\Windows\System\MKBEqCb.exe
  2⤵
  PID:4252
- C:\Windows\System\JYUDoTA.exe
  C:\Windows\System\JYUDoTA.exe
  2⤵
  PID:4024
- C:\Windows\System\gWoYIlJ.exe
  C:\Windows\System\gWoYIlJ.exe
  2⤵
  PID:4428
- C:\Windows\System\tgJHAIQ.exe
  C:\Windows\System\tgJHAIQ.exe
  2⤵
  PID:4636
- C:\Windows\System\xWEYjJG.exe
  C:\Windows\System\xWEYjJG.exe
  2⤵
  PID:4576
- C:\Windows\System\zEltviT.exe
  C:\Windows\System\zEltviT.exe
  2⤵
  PID:4768
- C:\Windows\System\McuVHWo.exe
  C:\Windows\System\McuVHWo.exe
  2⤵
  PID:4900
- C:\Windows\System\FkQAwPp.exe
  C:\Windows\System\FkQAwPp.exe
  2⤵
  PID:5064
- C:\Windows\System\uGgJKAm.exe
  C:\Windows\System\uGgJKAm.exe
  2⤵
  PID:3712
- C:\Windows\System\aOzmuHe.exe
  C:\Windows\System\aOzmuHe.exe
  2⤵
  PID:3408
- C:\Windows\System\rahAzXu.exe
  C:\Windows\System\rahAzXu.exe
  2⤵
  PID:4120
- C:\Windows\System\PsnfnAw.exe
  C:\Windows\System\PsnfnAw.exe
  2⤵
  PID:4008
- C:\Windows\System\RlhdDcw.exe
  C:\Windows\System\RlhdDcw.exe
  2⤵
  PID:2616
- C:\Windows\System\dmdxalI.exe
  C:\Windows\System\dmdxalI.exe
  2⤵
  PID:4592
- C:\Windows\System\GwCdhIq.exe
  C:\Windows\System\GwCdhIq.exe
  2⤵
  PID:5124
- C:\Windows\System\TcrFtvj.exe
  C:\Windows\System\TcrFtvj.exe
  2⤵
  PID:5140
- C:\Windows\System\OhjaDcs.exe
  C:\Windows\System\OhjaDcs.exe
  2⤵
  PID:5156
- C:\Windows\System\RXJoYbS.exe
  C:\Windows\System\RXJoYbS.exe
  2⤵
  PID:5172
- C:\Windows\System\GgVTxhP.exe
  C:\Windows\System\GgVTxhP.exe
  2⤵
  PID:5188
- C:\Windows\System\xBHuNKE.exe
  C:\Windows\System\xBHuNKE.exe
  2⤵
  PID:5204
- C:\Windows\System\mPciTRG.exe
  C:\Windows\System\mPciTRG.exe
  2⤵
  PID:5220
- C:\Windows\System\oLBbxNM.exe
  C:\Windows\System\oLBbxNM.exe
  2⤵
  PID:5240
- C:\Windows\System\nuHQwKh.exe
  C:\Windows\System\nuHQwKh.exe
  2⤵
  PID:5256
- C:\Windows\System\geTkHMW.exe
  C:\Windows\System\geTkHMW.exe
  2⤵
  PID:5272
- C:\Windows\System\OaoeSaJ.exe
  C:\Windows\System\OaoeSaJ.exe
  2⤵
  PID:5288
- C:\Windows\System\PZvurOm.exe
  C:\Windows\System\PZvurOm.exe
  2⤵
  PID:5304
- C:\Windows\System\ZNpMYrb.exe
  C:\Windows\System\ZNpMYrb.exe
  2⤵
  PID:5320
- C:\Windows\System\VHzYiHB.exe
  C:\Windows\System\VHzYiHB.exe
  2⤵
  PID:5336
- C:\Windows\System\sCwfcjg.exe
  C:\Windows\System\sCwfcjg.exe
  2⤵
  PID:5352
- C:\Windows\System\LPpCsyE.exe
  C:\Windows\System\LPpCsyE.exe
  2⤵
  PID:5368
- C:\Windows\System\ZqGEQae.exe
  C:\Windows\System\ZqGEQae.exe
  2⤵
  PID:5384
- C:\Windows\System\pCCPIFc.exe
  C:\Windows\System\pCCPIFc.exe
  2⤵
  PID:5400
- C:\Windows\System\ubwTYwA.exe
  C:\Windows\System\ubwTYwA.exe
  2⤵
  PID:5416
- C:\Windows\System\vPpXdpQ.exe
  C:\Windows\System\vPpXdpQ.exe
  2⤵
  PID:5432
- C:\Windows\System\IPLuibo.exe
  C:\Windows\System\IPLuibo.exe
  2⤵
  PID:5448
- C:\Windows\System\mQkkYmU.exe
  C:\Windows\System\mQkkYmU.exe
  2⤵
  PID:5464
- C:\Windows\System\PpjNspm.exe
  C:\Windows\System\PpjNspm.exe
  2⤵
  PID:5480
- C:\Windows\System\aiiuFYO.exe
  C:\Windows\System\aiiuFYO.exe
  2⤵
  PID:5496
- C:\Windows\System\whrJnXV.exe
  C:\Windows\System\whrJnXV.exe
  2⤵
  PID:5516
- C:\Windows\System\ZitxtBv.exe
  C:\Windows\System\ZitxtBv.exe
  2⤵
  PID:5532
- C:\Windows\System\zeAzcze.exe
  C:\Windows\System\zeAzcze.exe
  2⤵
  PID:5548
- C:\Windows\System\vVqPlYE.exe
  C:\Windows\System\vVqPlYE.exe
  2⤵
  PID:5564
- C:\Windows\System\IXtEkNF.exe
  C:\Windows\System\IXtEkNF.exe
  2⤵
  PID:5580
- C:\Windows\System\hLWItMl.exe
  C:\Windows\System\hLWItMl.exe
  2⤵
  PID:5596
- C:\Windows\System\NXnOlDK.exe
  C:\Windows\System\NXnOlDK.exe
  2⤵
  PID:5612
- C:\Windows\System\UToPVFD.exe
  C:\Windows\System\UToPVFD.exe
  2⤵
  PID:5628
- C:\Windows\System\dpeCcjD.exe
  C:\Windows\System\dpeCcjD.exe
  2⤵
  PID:5644
- C:\Windows\System\zesVoOI.exe
  C:\Windows\System\zesVoOI.exe
  2⤵
  PID:5660
- C:\Windows\System\qhiJMVd.exe
  C:\Windows\System\qhiJMVd.exe
  2⤵
  PID:5676
- C:\Windows\System\IrrMLCS.exe
  C:\Windows\System\IrrMLCS.exe
  2⤵
  PID:5692
- C:\Windows\System\HZDcxDz.exe
  C:\Windows\System\HZDcxDz.exe
  2⤵
  PID:5708
- C:\Windows\System\AWCigJg.exe
  C:\Windows\System\AWCigJg.exe
  2⤵
  PID:5724
- C:\Windows\System\EwGdqHh.exe
  C:\Windows\System\EwGdqHh.exe
  2⤵
  PID:5740
- C:\Windows\System\HDtXlxt.exe
  C:\Windows\System\HDtXlxt.exe
  2⤵
  PID:5756
- C:\Windows\System\rYTImxY.exe
  C:\Windows\System\rYTImxY.exe
  2⤵
  PID:5772
- C:\Windows\System\EtgZwoz.exe
  C:\Windows\System\EtgZwoz.exe
  2⤵
  PID:5788
- C:\Windows\System\qHNQoeN.exe
  C:\Windows\System\qHNQoeN.exe
  2⤵
  PID:5804
- C:\Windows\System\VSMbxjF.exe
  C:\Windows\System\VSMbxjF.exe
  2⤵
  PID:5820
- C:\Windows\System\TvGpoHO.exe
  C:\Windows\System\TvGpoHO.exe
  2⤵
  PID:5836
- C:\Windows\System\tkmuPmK.exe
  C:\Windows\System\tkmuPmK.exe
  2⤵
  PID:5852
- C:\Windows\System\hecFSww.exe
  C:\Windows\System\hecFSww.exe
  2⤵
  PID:5868
- C:\Windows\System\NyRLUgg.exe
  C:\Windows\System\NyRLUgg.exe
  2⤵
  PID:5884
- C:\Windows\System\FYGjSmH.exe
  C:\Windows\System\FYGjSmH.exe
  2⤵
  PID:5900
- C:\Windows\System\SpYvFsp.exe
  C:\Windows\System\SpYvFsp.exe
  2⤵
  PID:5916
- C:\Windows\System\tUffBWd.exe
  C:\Windows\System\tUffBWd.exe
  2⤵
  PID:5932
- C:\Windows\System\oRZQoGu.exe
  C:\Windows\System\oRZQoGu.exe
  2⤵
  PID:5948
- C:\Windows\System\tWdFQID.exe
  C:\Windows\System\tWdFQID.exe
  2⤵
  PID:5964
- C:\Windows\System\WSOJqbe.exe
  C:\Windows\System\WSOJqbe.exe
  2⤵
  PID:5980
- C:\Windows\System\FITOhhd.exe
  C:\Windows\System\FITOhhd.exe
  2⤵
  PID:5996
- C:\Windows\System\uwOakDu.exe
  C:\Windows\System\uwOakDu.exe
  2⤵
  PID:6016
- C:\Windows\System\MfiXxOS.exe
  C:\Windows\System\MfiXxOS.exe
  2⤵
  PID:6032
- C:\Windows\System\cWtWFdq.exe
  C:\Windows\System\cWtWFdq.exe
  2⤵
  PID:6048
- C:\Windows\System\DKqlHqL.exe
  C:\Windows\System\DKqlHqL.exe
  2⤵
  PID:6064
- C:\Windows\System\EDWsSak.exe
  C:\Windows\System\EDWsSak.exe
  2⤵
  PID:6080
- C:\Windows\System\ukSRWlo.exe
  C:\Windows\System\ukSRWlo.exe
  2⤵
  PID:6096
- C:\Windows\System\CbThZcc.exe
  C:\Windows\System\CbThZcc.exe
  2⤵
  PID:6112
- C:\Windows\System\aiHcfgY.exe
  C:\Windows\System\aiHcfgY.exe
  2⤵
  PID:6128
- C:\Windows\System\yZSFKOI.exe
  C:\Windows\System\yZSFKOI.exe
  2⤵
  PID:3564
- C:\Windows\System\WnuTQwX.exe
  C:\Windows\System\WnuTQwX.exe
  2⤵
  PID:5108
- C:\Windows\System\FKldORh.exe
  C:\Windows\System\FKldORh.exe
  2⤵
  PID:3908
- C:\Windows\System\dubHvrn.exe
  C:\Windows\System\dubHvrn.exe
  2⤵
  PID:3100
- C:\Windows\System\EknUyCC.exe
  C:\Windows\System\EknUyCC.exe
  2⤵
  PID:4524
- C:\Windows\System\wRMhQCW.exe
  C:\Windows\System\wRMhQCW.exe
  2⤵
  PID:804
- C:\Windows\System\RvzIkdo.exe
  C:\Windows\System\RvzIkdo.exe
  2⤵
  PID:4556
- C:\Windows\System\EuckRfx.exe
  C:\Windows\System\EuckRfx.exe
  2⤵
  PID:5152
- C:\Windows\System\noBtAgV.exe
  C:\Windows\System\noBtAgV.exe
  2⤵
  PID:5200
- C:\Windows\System\qTTXBEF.exe
  C:\Windows\System\qTTXBEF.exe
  2⤵
  PID:5236
- C:\Windows\System\wpGqcMP.exe
  C:\Windows\System\wpGqcMP.exe
  2⤵
  PID:5268
- C:\Windows\System\KWpijoj.exe
  C:\Windows\System\KWpijoj.exe
  2⤵
  PID:5300
- C:\Windows\System\GWnVqqA.exe
  C:\Windows\System\GWnVqqA.exe
  2⤵
  PID:5316
- C:\Windows\System\QfbxWyP.exe
  C:\Windows\System\QfbxWyP.exe
  2⤵
  PID:5344
- C:\Windows\System\SJFdQfa.exe
  C:\Windows\System\SJFdQfa.exe
  2⤵
  PID:5392
- C:\Windows\System\ShjHEBF.exe
  C:\Windows\System\ShjHEBF.exe
  2⤵
  PID:1728
- C:\Windows\System\oVcPvyk.exe
  C:\Windows\System\oVcPvyk.exe
  2⤵
  PID:5460
- C:\Windows\System\nudFBLV.exe
  C:\Windows\System\nudFBLV.exe
  2⤵
  PID:5408
- C:\Windows\System\SIpyfzI.exe
  C:\Windows\System\SIpyfzI.exe
  2⤵
  PID:5524
- C:\Windows\System\taYBOCZ.exe
  C:\Windows\System\taYBOCZ.exe
  2⤵
  PID:5472
- C:\Windows\System\YJdokjq.exe
  C:\Windows\System\YJdokjq.exe
  2⤵
  PID:5592
- C:\Windows\System\JeyCHjE.exe
  C:\Windows\System\JeyCHjE.exe
  2⤵
  PID:5652
- C:\Windows\System\GhBjCZr.exe
  C:\Windows\System\GhBjCZr.exe
  2⤵
  PID:5572
- C:\Windows\System\LPmCPWn.exe
  C:\Windows\System\LPmCPWn.exe
  2⤵
  PID:5608
- C:\Windows\System\SqAaMLP.exe
  C:\Windows\System\SqAaMLP.exe
  2⤵
  PID:5688
- C:\Windows\System\JQBqnEO.exe
  C:\Windows\System\JQBqnEO.exe
  2⤵
  PID:5716
- C:\Windows\System\UAjtHUO.exe
  C:\Windows\System\UAjtHUO.exe
  2⤵
  PID:1060
- C:\Windows\System\rNKRRgw.exe
  C:\Windows\System\rNKRRgw.exe
  2⤵
  PID:5780
- C:\Windows\System\RBxItIX.exe
  C:\Windows\System\RBxItIX.exe
  2⤵
  PID:5764
- C:\Windows\System\hrNDWai.exe
  C:\Windows\System\hrNDWai.exe
  2⤵
  PID:5816
- C:\Windows\System\aSrltVM.exe
  C:\Windows\System\aSrltVM.exe
  2⤵
  PID:2024
- C:\Windows\System\byTFIOe.exe
  C:\Windows\System\byTFIOe.exe
  2⤵
  PID:5796
- C:\Windows\System\QdhMdBo.exe
  C:\Windows\System\QdhMdBo.exe
  2⤵
  PID:2432
- C:\Windows\System\MqSxvTp.exe
  C:\Windows\System\MqSxvTp.exe
  2⤵
  PID:5908
- C:\Windows\System\LiIxkHJ.exe
  C:\Windows\System\LiIxkHJ.exe
  2⤵
  PID:1180
- C:\Windows\System\aIcimam.exe
  C:\Windows\System\aIcimam.exe
  2⤵
  PID:5944
- C:\Windows\System\NaTdoEW.exe
  C:\Windows\System\NaTdoEW.exe
  2⤵
  PID:5972
- C:\Windows\System\tJGMdlP.exe
  C:\Windows\System\tJGMdlP.exe
  2⤵
  PID:5988
- C:\Windows\System\DjtlwNF.exe
  C:\Windows\System\DjtlwNF.exe
  2⤵
  PID:892
- C:\Windows\System\JmnZJNp.exe
  C:\Windows\System\JmnZJNp.exe
  2⤵
  PID:6024
- C:\Windows\System\vBeYOuN.exe
  C:\Windows\System\vBeYOuN.exe
  2⤵
  PID:6056
- C:\Windows\System\gdhOgYj.exe
  C:\Windows\System\gdhOgYj.exe
  2⤵
  PID:6060
- C:\Windows\System\zQvqGsa.exe
  C:\Windows\System\zQvqGsa.exe
  2⤵
  PID:6092
- C:\Windows\System\VWRxdbI.exe
  C:\Windows\System\VWRxdbI.exe
  2⤵
  PID:4688
- C:\Windows\System\sEowNwE.exe
  C:\Windows\System\sEowNwE.exe
  2⤵
  PID:1968
- C:\Windows\System\wzPfVVq.exe
  C:\Windows\System\wzPfVVq.exe
  2⤵
  PID:2460
- C:\Windows\System\nbhpzHd.exe
  C:\Windows\System\nbhpzHd.exe
  2⤵
  PID:5148
- C:\Windows\System\arCOtxB.exe
  C:\Windows\System\arCOtxB.exe
  2⤵
  PID:5212
- C:\Windows\System\tjUKbYU.exe
  C:\Windows\System\tjUKbYU.exe
  2⤵
  PID:5296
- C:\Windows\System\LGxGjzu.exe
  C:\Windows\System\LGxGjzu.exe
  2⤵
  PID:5424
- C:\Windows\System\VVlSHpk.exe
  C:\Windows\System\VVlSHpk.exe
  2⤵
  PID:5812
- C:\Windows\System\xTFRtZw.exe
  C:\Windows\System\xTFRtZw.exe
  2⤵
  PID:2324
- C:\Windows\System\XlYqhPD.exe
  C:\Windows\System\XlYqhPD.exe
  2⤵
  PID:1904
- C:\Windows\System\edkACBV.exe
  C:\Windows\System\edkACBV.exe
  2⤵
  PID:5864
- C:\Windows\System\JGnxNFO.exe
  C:\Windows\System\JGnxNFO.exe
  2⤵
  PID:5168
- C:\Windows\System\GCCtxbA.exe
  C:\Windows\System\GCCtxbA.exe
  2⤵
  PID:1704
- C:\Windows\System\sFBhywG.exe
  C:\Windows\System\sFBhywG.exe
  2⤵
  PID:2188
- C:\Windows\System\CYdDgVd.exe
  C:\Windows\System\CYdDgVd.exe
  2⤵
  PID:4736
- C:\Windows\System\CwXVFxj.exe
  C:\Windows\System\CwXVFxj.exe
  2⤵
  PID:5960
- C:\Windows\System\WvnDDud.exe
  C:\Windows\System\WvnDDud.exe
  2⤵
  PID:3292
- C:\Windows\System\OrJUfTJ.exe
  C:\Windows\System\OrJUfTJ.exe
  2⤵
  PID:5380
- C:\Windows\System\tCloKht.exe
  C:\Windows\System\tCloKht.exe
  2⤵
  PID:5228
- C:\Windows\System\IHClzXu.exe
  C:\Windows\System\IHClzXu.exe
  2⤵
  PID:5232
- C:\Windows\System\GHNfQyM.exe
  C:\Windows\System\GHNfQyM.exe
  2⤵
  PID:5556
- C:\Windows\System\dqvsCzp.exe
  C:\Windows\System\dqvsCzp.exe
  2⤵
  PID:5560
- C:\Windows\System\YfBDoYN.exe
  C:\Windows\System\YfBDoYN.exe
  2⤵
  PID:5576
- C:\Windows\System\CHFZFNt.exe
  C:\Windows\System\CHFZFNt.exe
  2⤵
  PID:5636
- C:\Windows\System\CBXDSiy.exe
  C:\Windows\System\CBXDSiy.exe
  2⤵
  PID:5668
- C:\Windows\System\PsxtOwG.exe
  C:\Windows\System\PsxtOwG.exe
  2⤵
  PID:1104
- C:\Windows\System\KhQDlUb.exe
  C:\Windows\System\KhQDlUb.exe
  2⤵
  PID:5844
- C:\Windows\System\nzSYDFB.exe
  C:\Windows\System\nzSYDFB.exe
  2⤵
  PID:836
- C:\Windows\System\FQFfxKr.exe
  C:\Windows\System\FQFfxKr.exe
  2⤵
  PID:2528
- C:\Windows\System\QXEVrzY.exe
  C:\Windows\System\QXEVrzY.exe
  2⤵
  PID:6076
- C:\Windows\System\sgiYxle.exe
  C:\Windows\System\sgiYxle.exe
  2⤵
  PID:948
- C:\Windows\System\DLdVnBn.exe
  C:\Windows\System\DLdVnBn.exe
  2⤵
  PID:5180
- C:\Windows\System\sDdMptP.exe
  C:\Windows\System\sDdMptP.exe
  2⤵
  PID:4204
- C:\Windows\System\NnjIwkJ.exe
  C:\Windows\System\NnjIwkJ.exe
  2⤵
  PID:2280
- C:\Windows\System\jJimVOj.exe
  C:\Windows\System\jJimVOj.exe
  2⤵
  PID:5896
- C:\Windows\System\VUOAeiA.exe
  C:\Windows\System\VUOAeiA.exe
  2⤵
  PID:5444
- C:\Windows\System\BEovbFa.exe
  C:\Windows\System\BEovbFa.exe
  2⤵
  PID:3048
- C:\Windows\System\sEFPDRU.exe
  C:\Windows\System\sEFPDRU.exe
  2⤵
  PID:5732
- C:\Windows\System\cqrJlXM.exe
  C:\Windows\System\cqrJlXM.exe
  2⤵
  PID:5504
- C:\Windows\System\MFgdlXD.exe
  C:\Windows\System\MFgdlXD.exe
  2⤵
  PID:5752
- C:\Windows\System\pXvSwaP.exe
  C:\Windows\System\pXvSwaP.exe
  2⤵
  PID:6072
- C:\Windows\System\lMifona.exe
  C:\Windows\System\lMifona.exe
  2⤵
  PID:5248
- C:\Windows\System\qFtulJH.exe
  C:\Windows\System\qFtulJH.exe
  2⤵
  PID:5700
- C:\Windows\System\owcYhfo.exe
  C:\Windows\System\owcYhfo.exe
  2⤵
  PID:6160
- C:\Windows\System\wEHvxdf.exe
  C:\Windows\System\wEHvxdf.exe
  2⤵
  PID:6176
- C:\Windows\System\sVtRsyu.exe
  C:\Windows\System\sVtRsyu.exe
  2⤵
  PID:6192
- C:\Windows\System\wtquIJn.exe
  C:\Windows\System\wtquIJn.exe
  2⤵
  PID:6208
- C:\Windows\System\ipaynkI.exe
  C:\Windows\System\ipaynkI.exe
  2⤵
  PID:6224
- C:\Windows\System\KsWxNRb.exe
  C:\Windows\System\KsWxNRb.exe
  2⤵
  PID:6240
- C:\Windows\System\nhRiUaS.exe
  C:\Windows\System\nhRiUaS.exe
  2⤵
  PID:6256
- C:\Windows\System\GnmhqVz.exe
  C:\Windows\System\GnmhqVz.exe
  2⤵
  PID:6272
- C:\Windows\System\NHABNah.exe
  C:\Windows\System\NHABNah.exe
  2⤵
  PID:6288
- C:\Windows\System\GNMFEKC.exe
  C:\Windows\System\GNMFEKC.exe
  2⤵
  PID:6304
- C:\Windows\System\WcicRiC.exe
  C:\Windows\System\WcicRiC.exe
  2⤵
  PID:6320
- C:\Windows\System\hFZmjyH.exe
  C:\Windows\System\hFZmjyH.exe
  2⤵
  PID:6336
- C:\Windows\System\SBKlaZd.exe
  C:\Windows\System\SBKlaZd.exe
  2⤵
  PID:6352
- C:\Windows\System\djNJYLg.exe
  C:\Windows\System\djNJYLg.exe
  2⤵
  PID:6368
- C:\Windows\System\ykpqPcO.exe
  C:\Windows\System\ykpqPcO.exe
  2⤵
  PID:6384
- C:\Windows\System\rVvNEIO.exe
  C:\Windows\System\rVvNEIO.exe
  2⤵
  PID:6400
- C:\Windows\System\weYCHkS.exe
  C:\Windows\System\weYCHkS.exe
  2⤵
  PID:6416
- C:\Windows\System\HYBmBOR.exe
  C:\Windows\System\HYBmBOR.exe
  2⤵
  PID:6432
- C:\Windows\System\JkHHEPy.exe
  C:\Windows\System\JkHHEPy.exe
  2⤵
  PID:6448
- C:\Windows\System\KMtnfju.exe
  C:\Windows\System\KMtnfju.exe
  2⤵
  PID:6464
- C:\Windows\System\PHUvauM.exe
  C:\Windows\System\PHUvauM.exe
  2⤵
  PID:6480
- C:\Windows\System\OGlNfJs.exe
  C:\Windows\System\OGlNfJs.exe
  2⤵
  PID:6496
- C:\Windows\System\DIBarXr.exe
  C:\Windows\System\DIBarXr.exe
  2⤵
  PID:6512
- C:\Windows\System\QaotfQZ.exe
  C:\Windows\System\QaotfQZ.exe
  2⤵
  PID:6528
- C:\Windows\System\MEDwHcK.exe
  C:\Windows\System\MEDwHcK.exe
  2⤵
  PID:6544
- C:\Windows\System\TgNXKYd.exe
  C:\Windows\System\TgNXKYd.exe
  2⤵
  PID:6560
- C:\Windows\System\MJRnWrl.exe
  C:\Windows\System\MJRnWrl.exe
  2⤵
  PID:6576
- C:\Windows\System\mOXTEbK.exe
  C:\Windows\System\mOXTEbK.exe
  2⤵
  PID:6592
- C:\Windows\System\xgrqMgr.exe
  C:\Windows\System\xgrqMgr.exe
  2⤵
  PID:6608
- C:\Windows\System\XcOJxvF.exe
  C:\Windows\System\XcOJxvF.exe
  2⤵
  PID:6624
- C:\Windows\System\yJMltpn.exe
  C:\Windows\System\yJMltpn.exe
  2⤵
  PID:6640
- C:\Windows\System\sMkOeMe.exe
  C:\Windows\System\sMkOeMe.exe
  2⤵
  PID:6656
- C:\Windows\System\zXigXPz.exe
  C:\Windows\System\zXigXPz.exe
  2⤵
  PID:6672
- C:\Windows\System\aHTkjPB.exe
  C:\Windows\System\aHTkjPB.exe
  2⤵
  PID:6688
- C:\Windows\System\bgIjPJs.exe
  C:\Windows\System\bgIjPJs.exe
  2⤵
  PID:6704
- C:\Windows\System\uKAvOwc.exe
  C:\Windows\System\uKAvOwc.exe
  2⤵
  PID:6720
- C:\Windows\System\JVqYGKW.exe
  C:\Windows\System\JVqYGKW.exe
  2⤵
  PID:6736
- C:\Windows\System\vRMNQbN.exe
  C:\Windows\System\vRMNQbN.exe
  2⤵
  PID:6752
- C:\Windows\System\AueorBR.exe
  C:\Windows\System\AueorBR.exe
  2⤵
  PID:6768
- C:\Windows\System\cMlzFac.exe
  C:\Windows\System\cMlzFac.exe
  2⤵
  PID:6784
- C:\Windows\System\kEsslaZ.exe
  C:\Windows\System\kEsslaZ.exe
  2⤵
  PID:6800
- C:\Windows\System\PDArQJT.exe
  C:\Windows\System\PDArQJT.exe
  2⤵
  PID:6816
- C:\Windows\System\OokRmvY.exe
  C:\Windows\System\OokRmvY.exe
  2⤵
  PID:6832
- C:\Windows\System\BlIOcLk.exe
  C:\Windows\System\BlIOcLk.exe
  2⤵
  PID:6848
- C:\Windows\System\zkZhviJ.exe
  C:\Windows\System\zkZhviJ.exe
  2⤵
  PID:6864
- C:\Windows\System\KKReuAT.exe
  C:\Windows\System\KKReuAT.exe
  2⤵
  PID:6884
- C:\Windows\System\WMZHUmF.exe
  C:\Windows\System\WMZHUmF.exe
  2⤵
  PID:6900
- C:\Windows\System\RtmOxcI.exe
  C:\Windows\System\RtmOxcI.exe
  2⤵
  PID:6916
- C:\Windows\System\apkbTUk.exe
  C:\Windows\System\apkbTUk.exe
  2⤵
  PID:6932
- C:\Windows\System\eGTDmfc.exe
  C:\Windows\System\eGTDmfc.exe
  2⤵
  PID:6948
- C:\Windows\System\bkLrzms.exe
  C:\Windows\System\bkLrzms.exe
  2⤵
  PID:6964
- C:\Windows\System\YMwYaaI.exe
  C:\Windows\System\YMwYaaI.exe
  2⤵
  PID:6980
- C:\Windows\System\jyuowbb.exe
  C:\Windows\System\jyuowbb.exe
  2⤵
  PID:6996
- C:\Windows\System\PrUxTWH.exe
  C:\Windows\System\PrUxTWH.exe
  2⤵
  PID:7012
- C:\Windows\System\cIhEPAl.exe
  C:\Windows\System\cIhEPAl.exe
  2⤵
  PID:7028
- C:\Windows\System\ufiNPMm.exe
  C:\Windows\System\ufiNPMm.exe
  2⤵
  PID:7044
- C:\Windows\System\fFuKgdf.exe
  C:\Windows\System\fFuKgdf.exe
  2⤵
  PID:7060
- C:\Windows\System\keGJLDG.exe
  C:\Windows\System\keGJLDG.exe
  2⤵
  PID:7076
- C:\Windows\System\BhOGuZO.exe
  C:\Windows\System\BhOGuZO.exe
  2⤵
  PID:7092
- C:\Windows\System\TtkUGjI.exe
  C:\Windows\System\TtkUGjI.exe
  2⤵
  PID:7108
- C:\Windows\System\tixVFZx.exe
  C:\Windows\System\tixVFZx.exe
  2⤵
  PID:7124
- C:\Windows\System\kRdGGXK.exe
  C:\Windows\System\kRdGGXK.exe
  2⤵
  PID:7140
- C:\Windows\System\KFQubkC.exe
  C:\Windows\System\KFQubkC.exe
  2⤵
  PID:7156
- C:\Windows\System\bAJUGxJ.exe
  C:\Windows\System\bAJUGxJ.exe
  2⤵
  PID:2984
- C:\Windows\System\xwIBbZt.exe
  C:\Windows\System\xwIBbZt.exe
  2⤵
  PID:2396
- C:\Windows\System\QhslYOm.exe
  C:\Windows\System\QhslYOm.exe
  2⤵
  PID:1980
- C:\Windows\System\NUZOYRH.exe
  C:\Windows\System\NUZOYRH.exe
  2⤵
  PID:5928
- C:\Windows\System\NcKBUal.exe
  C:\Windows\System\NcKBUal.exe
  2⤵
  PID:2040
- C:\Windows\System\dqKkmTR.exe
  C:\Windows\System\dqKkmTR.exe
  2⤵
  PID:6156
- C:\Windows\System\umqHaBb.exe
  C:\Windows\System\umqHaBb.exe
  2⤵
  PID:6220
- C:\Windows\System\FwmcJxw.exe
  C:\Windows\System\FwmcJxw.exe
  2⤵
  PID:6284
- C:\Windows\System\HKhxYtK.exe
  C:\Windows\System\HKhxYtK.exe
  2⤵
  PID:6168
- C:\Windows\System\OysXWbu.exe
  C:\Windows\System\OysXWbu.exe
  2⤵
  PID:6232
- C:\Windows\System\dXaKHsx.exe
  C:\Windows\System\dXaKHsx.exe
  2⤵
  PID:6296
- C:\Windows\System\qhxWqKt.exe
  C:\Windows\System\qhxWqKt.exe
  2⤵
  PID:6360
- C:\Windows\System\cWDOHVT.exe
  C:\Windows\System\cWDOHVT.exe
  2⤵
  PID:6380
- C:\Windows\System\aQpqztI.exe
  C:\Windows\System\aQpqztI.exe
  2⤵
  PID:6476
- C:\Windows\System\dVFDqvc.exe
  C:\Windows\System\dVFDqvc.exe
  2⤵
  PID:6504
- C:\Windows\System\UdLIsOg.exe
  C:\Windows\System\UdLIsOg.exe
  2⤵
  PID:6568
- C:\Windows\System\yVNGAxw.exe
  C:\Windows\System\yVNGAxw.exe
  2⤵
  PID:6460
- C:\Windows\System\jDuiGXR.exe
  C:\Windows\System\jDuiGXR.exe
  2⤵
  PID:6524
- C:\Windows\System\wmkoUEI.exe
  C:\Windows\System\wmkoUEI.exe
  2⤵
  PID:6616
- C:\Windows\System\FtftZot.exe
  C:\Windows\System\FtftZot.exe
  2⤵
  PID:6424
- C:\Windows\System\nQZamSL.exe
  C:\Windows\System\nQZamSL.exe
  2⤵
  PID:6652
- C:\Windows\System\HVhhIlN.exe
  C:\Windows\System\HVhhIlN.exe
  2⤵
  PID:6664
- C:\Windows\System\dsIfVGl.exe
  C:\Windows\System\dsIfVGl.exe
  2⤵
  PID:6760
- C:\Windows\System\GdIoXYo.exe
  C:\Windows\System\GdIoXYo.exe
  2⤵
  PID:6796
- C:\Windows\System\yyrPwEE.exe
  C:\Windows\System\yyrPwEE.exe
  2⤵
  PID:6684
- C:\Windows\System\OqxBAww.exe
  C:\Windows\System\OqxBAww.exe
  2⤵
  PID:6748
- C:\Windows\System\DEFJxAg.exe
  C:\Windows\System\DEFJxAg.exe
  2⤵
  PID:6812
- C:\Windows\System\UYpvqmA.exe
  C:\Windows\System\UYpvqmA.exe
  2⤵
  PID:6872
- C:\Windows\System\MHcXtHf.exe
  C:\Windows\System\MHcXtHf.exe
  2⤵
  PID:6912
- C:\Windows\System\czeCbRF.exe
  C:\Windows\System\czeCbRF.exe
  2⤵
  PID:6924
- C:\Windows\System\SLGgBKy.exe
  C:\Windows\System\SLGgBKy.exe
  2⤵
  PID:7020
- C:\Windows\System\ZNQkPWy.exe
  C:\Windows\System\ZNQkPWy.exe
  2⤵
  PID:6972
- C:\Windows\System\pitSUcN.exe
  C:\Windows\System\pitSUcN.exe
  2⤵
  PID:7008
- C:\Windows\System\yKBaWhF.exe
  C:\Windows\System\yKBaWhF.exe
  2⤵
  PID:7052
- C:\Windows\System\nYOUrEy.exe
  C:\Windows\System\nYOUrEy.exe
  2⤵
  PID:7088
- C:\Windows\System\lNRENZj.exe
  C:\Windows\System\lNRENZj.exe
  2⤵
  PID:7148
- C:\Windows\System\NhFdVPN.exe
  C:\Windows\System\NhFdVPN.exe
  2⤵
  PID:7136
- C:\Windows\System\cKnQGxB.exe
  C:\Windows\System\cKnQGxB.exe
  2⤵
  PID:6044
- C:\Windows\System\eufQBLF.exe
  C:\Windows\System\eufQBLF.exe
  2⤵
  PID:5640
- C:\Windows\System\mSPcBNR.exe
  C:\Windows\System\mSPcBNR.exe
  2⤵
  PID:6200
- C:\Windows\System\vdqvHKL.exe
  C:\Windows\System\vdqvHKL.exe
  2⤵
  PID:3636
- C:\Windows\System\KMOGHpx.exe
  C:\Windows\System\KMOGHpx.exe
  2⤵
  PID:6188
- C:\Windows\System\sTJYmFa.exe
  C:\Windows\System\sTJYmFa.exe
  2⤵
  PID:6264
- C:\Windows\System\RMrUXvY.exe
  C:\Windows\System\RMrUXvY.exe
  2⤵
  PID:6508
- C:\Windows\System\XdSvAmY.exe
  C:\Windows\System\XdSvAmY.exe
  2⤵
  PID:6456
- C:\Windows\System\JNmXiZI.exe
  C:\Windows\System\JNmXiZI.exe
  2⤵
  PID:6492
- C:\Windows\System\XITkOLB.exe
  C:\Windows\System\XITkOLB.exe
  2⤵
  PID:6588
- C:\Windows\System\ajamEXz.exe
  C:\Windows\System\ajamEXz.exe
  2⤵
  PID:6792
- C:\Windows\System\vIAeWWn.exe
  C:\Windows\System\vIAeWWn.exe
  2⤵
  PID:6844
- C:\Windows\System\YYCwGrT.exe
  C:\Windows\System\YYCwGrT.exe
  2⤵
  PID:6620
- C:\Windows\System\cobXiKA.exe
  C:\Windows\System\cobXiKA.exe
  2⤵
  PID:6828
- C:\Windows\System\wuMNfsV.exe
  C:\Windows\System\wuMNfsV.exe
  2⤵
  PID:6908
- C:\Windows\System\lxZLmuX.exe
  C:\Windows\System\lxZLmuX.exe
  2⤵
  PID:6944
- C:\Windows\System\vwgInEF.exe
  C:\Windows\System\vwgInEF.exe
  2⤵
  PID:7152
- C:\Windows\System\BDjxxbt.exe
  C:\Windows\System\BDjxxbt.exe
  2⤵
  PID:6280
- C:\Windows\System\PQAhoqk.exe
  C:\Windows\System\PQAhoqk.exe
  2⤵
  PID:6348
- C:\Windows\System\pAnwWAP.exe
  C:\Windows\System\pAnwWAP.exe
  2⤵
  PID:7024
- C:\Windows\System\molWCbP.exe
  C:\Windows\System\molWCbP.exe
  2⤵
  PID:1616
- C:\Windows\System\igRDRGN.exe
  C:\Windows\System\igRDRGN.exe
  2⤵
  PID:6344
- C:\Windows\System\VfizhPh.exe
  C:\Windows\System\VfizhPh.exe
  2⤵
  PID:6520
- C:\Windows\System\LphRXHi.exe
  C:\Windows\System\LphRXHi.exe
  2⤵
  PID:6636
- C:\Windows\System\LPaVXgT.exe
  C:\Windows\System\LPaVXgT.exe
  2⤵
  PID:6728
- C:\Windows\System\VIrYEDu.exe
  C:\Windows\System\VIrYEDu.exe
  2⤵
  PID:6896
- C:\Windows\System\rbMVgTQ.exe
  C:\Windows\System\rbMVgTQ.exe
  2⤵
  PID:5684
- C:\Windows\System\RWPtWmL.exe
  C:\Windows\System\RWPtWmL.exe
  2⤵
  PID:7120
- C:\Windows\System\TlyECrM.exe
  C:\Windows\System\TlyECrM.exe
  2⤵
  PID:7068
- C:\Windows\System\lGLrJYQ.exe
  C:\Windows\System\lGLrJYQ.exe
  2⤵
  PID:7104
- C:\Windows\System\MKsOfLs.exe
  C:\Windows\System\MKsOfLs.exe
  2⤵
  PID:7132
- C:\Windows\System\VhFaFup.exe
  C:\Windows\System\VhFaFup.exe
  2⤵
  PID:7292
- C:\Windows\System\wDfGOet.exe
  C:\Windows\System\wDfGOet.exe
  2⤵
  PID:7308
- C:\Windows\System\wRSETlI.exe
  C:\Windows\System\wRSETlI.exe
  2⤵
  PID:7324
- C:\Windows\System\bPtzkOh.exe
  C:\Windows\System\bPtzkOh.exe
  2⤵
  PID:7340
- C:\Windows\System\gtUVgHF.exe
  C:\Windows\System\gtUVgHF.exe
  2⤵
  PID:7356
- C:\Windows\System\xOvEWnx.exe
  C:\Windows\System\xOvEWnx.exe
  2⤵
  PID:7372
- C:\Windows\System\AZZDcMK.exe
  C:\Windows\System\AZZDcMK.exe
  2⤵
  PID:7388
- C:\Windows\System\AccjCGJ.exe
  C:\Windows\System\AccjCGJ.exe
  2⤵
  PID:7404
- C:\Windows\System\RpIVvsY.exe
  C:\Windows\System\RpIVvsY.exe
  2⤵
  PID:7420
- C:\Windows\System\hyRopDb.exe
  C:\Windows\System\hyRopDb.exe
  2⤵
  PID:7436
- C:\Windows\System\AUocYzA.exe
  C:\Windows\System\AUocYzA.exe
  2⤵
  PID:7452
- C:\Windows\System\Nrrrcpl.exe
  C:\Windows\System\Nrrrcpl.exe
  2⤵
  PID:7468
- C:\Windows\System\kUvQHzt.exe
  C:\Windows\System\kUvQHzt.exe
  2⤵
  PID:7484
- C:\Windows\System\URfFOCR.exe
  C:\Windows\System\URfFOCR.exe
  2⤵
  PID:7500
- C:\Windows\System\OAsrhHC.exe
  C:\Windows\System\OAsrhHC.exe
  2⤵
  PID:7520
- C:\Windows\System\QsGmHcY.exe
  C:\Windows\System\QsGmHcY.exe
  2⤵
  PID:7536
- C:\Windows\System\WKkgUgp.exe
  C:\Windows\System\WKkgUgp.exe
  2⤵
  PID:7552
- C:\Windows\System\nWXHozU.exe
  C:\Windows\System\nWXHozU.exe
  2⤵
  PID:7568
- C:\Windows\System\qUiwbnE.exe
  C:\Windows\System\qUiwbnE.exe
  2⤵
  PID:7584
- C:\Windows\System\hlnTWCB.exe
  C:\Windows\System\hlnTWCB.exe
  2⤵
  PID:7600
- C:\Windows\System\XpauOzZ.exe
  C:\Windows\System\XpauOzZ.exe
  2⤵
  PID:7616
- C:\Windows\System\nRFNExK.exe
  C:\Windows\System\nRFNExK.exe
  2⤵
  PID:7632
- C:\Windows\System\sPDfzaX.exe
  C:\Windows\System\sPDfzaX.exe
  2⤵
  PID:7648
- C:\Windows\System\HKpqFVX.exe
  C:\Windows\System\HKpqFVX.exe
  2⤵
  PID:7664
- C:\Windows\System\cmMmyKR.exe
  C:\Windows\System\cmMmyKR.exe
  2⤵
  PID:7680
- C:\Windows\System\wVSzEHq.exe
  C:\Windows\System\wVSzEHq.exe
  2⤵
  PID:7696
- C:\Windows\System\csNhdvt.exe
  C:\Windows\System\csNhdvt.exe
  2⤵
  PID:7712
- C:\Windows\System\VQuEHfs.exe
  C:\Windows\System\VQuEHfs.exe
  2⤵
  PID:7728
- C:\Windows\System\ywzSAeY.exe
  C:\Windows\System\ywzSAeY.exe
  2⤵
  PID:7744
- C:\Windows\System\squiYrp.exe
  C:\Windows\System\squiYrp.exe
  2⤵
  PID:7760
- C:\Windows\System\bAFBSrF.exe
  C:\Windows\System\bAFBSrF.exe
  2⤵
  PID:7776
- C:\Windows\System\BjivbxO.exe
  C:\Windows\System\BjivbxO.exe
  2⤵
  PID:7792
- C:\Windows\System\VPKRMdn.exe
  C:\Windows\System\VPKRMdn.exe
  2⤵
  PID:7808
- C:\Windows\System\TzlNPeS.exe
  C:\Windows\System\TzlNPeS.exe
  2⤵
  PID:7824
- C:\Windows\System\MciLKan.exe
  C:\Windows\System\MciLKan.exe
  2⤵
  PID:7840
- C:\Windows\System\YROtFTf.exe
  C:\Windows\System\YROtFTf.exe
  2⤵
  PID:7856
- C:\Windows\System\aOovKGC.exe
  C:\Windows\System\aOovKGC.exe
  2⤵
  PID:7872
- C:\Windows\System\CBSOOHS.exe
  C:\Windows\System\CBSOOHS.exe
  2⤵
  PID:7888
- C:\Windows\System\NnPKaIH.exe
  C:\Windows\System\NnPKaIH.exe
  2⤵
  PID:7904
- C:\Windows\System\nOdLXng.exe
  C:\Windows\System\nOdLXng.exe
  2⤵
  PID:7920
- C:\Windows\System\HSuoIQK.exe
  C:\Windows\System\HSuoIQK.exe
  2⤵
  PID:7936
- C:\Windows\System\DdNNwKV.exe
  C:\Windows\System\DdNNwKV.exe
  2⤵
  PID:7952
- C:\Windows\System\PkQYrAY.exe
  C:\Windows\System\PkQYrAY.exe
  2⤵
  PID:7968
- C:\Windows\System\BLZFzRw.exe
  C:\Windows\System\BLZFzRw.exe
  2⤵
  PID:7984
- C:\Windows\System\pjbeeFy.exe
  C:\Windows\System\pjbeeFy.exe
  2⤵
  PID:8000
- C:\Windows\System\RZysmhg.exe
  C:\Windows\System\RZysmhg.exe
  2⤵
  PID:8020
- C:\Windows\System\OVTEUTk.exe
  C:\Windows\System\OVTEUTk.exe
  2⤵
  PID:8036
- C:\Windows\System\bZxJzWD.exe
  C:\Windows\System\bZxJzWD.exe
  2⤵
  PID:8052
- C:\Windows\System\JIKgbOY.exe
  C:\Windows\System\JIKgbOY.exe
  2⤵
  PID:8068
- C:\Windows\System\vNPZEun.exe
  C:\Windows\System\vNPZEun.exe
  2⤵
  PID:8084
- C:\Windows\System\FqknLUY.exe
  C:\Windows\System\FqknLUY.exe
  2⤵
  PID:8100
- C:\Windows\System\GgQeYBC.exe
  C:\Windows\System\GgQeYBC.exe
  2⤵
  PID:8116
- C:\Windows\System\wkJfgVU.exe
  C:\Windows\System\wkJfgVU.exe
  2⤵
  PID:8132
- C:\Windows\System\cRrBlFR.exe
  C:\Windows\System\cRrBlFR.exe
  2⤵
  PID:8148
- C:\Windows\System\RmAlyvv.exe
  C:\Windows\System\RmAlyvv.exe
  2⤵
  PID:8164
- C:\Windows\System\LjqTBuB.exe
  C:\Windows\System\LjqTBuB.exe
  2⤵
  PID:8180
- C:\Windows\System\yygpsqV.exe
  C:\Windows\System\yygpsqV.exe
  2⤵
  PID:7100
- C:\Windows\System\cTVrnZk.exe
  C:\Windows\System\cTVrnZk.exe
  2⤵
  PID:6992
- C:\Windows\System\omzwSTA.exe
  C:\Windows\System\omzwSTA.exe
  2⤵
  PID:7220
- C:\Windows\System\pUkBrzu.exe
  C:\Windows\System\pUkBrzu.exe
  2⤵
  PID:7276
- C:\Windows\System\ecCILIT.exe
  C:\Windows\System\ecCILIT.exe
  2⤵
  PID:7332
- C:\Windows\System\AJbptoU.exe
  C:\Windows\System\AJbptoU.exe
  2⤵
  PID:6648
- C:\Windows\System\mmvmhjZ.exe
  C:\Windows\System\mmvmhjZ.exe
  2⤵
  PID:6440
- C:\Windows\System\YxGozEe.exe
  C:\Windows\System\YxGozEe.exe
  2⤵
  PID:7192
- C:\Windows\System\CLPqaql.exe
  C:\Windows\System\CLPqaql.exe
  2⤵
  PID:7212
- C:\Windows\System\jENZxsd.exe
  C:\Windows\System\jENZxsd.exe
  2⤵
  PID:7236
- C:\Windows\System\tmoAkEO.exe
  C:\Windows\System\tmoAkEO.exe
  2⤵
  PID:7256
- C:\Windows\System\dGMXxgN.exe
  C:\Windows\System\dGMXxgN.exe
  2⤵
  PID:7280
- C:\Windows\System\NYFqjPu.exe
  C:\Windows\System\NYFqjPu.exe
  2⤵
  PID:7368
- C:\Windows\System\ScoEbPY.exe
  C:\Windows\System\ScoEbPY.exe
  2⤵
  PID:7380
- C:\Windows\System\jOJVnFL.exe
  C:\Windows\System\jOJVnFL.exe
  2⤵
  PID:7444
- C:\Windows\System\kNCDnRm.exe
  C:\Windows\System\kNCDnRm.exe
  2⤵
  PID:7400
- C:\Windows\System\JporDuO.exe
  C:\Windows\System\JporDuO.exe
  2⤵
  PID:7428
- C:\Windows\System\VVSOmKs.exe
  C:\Windows\System\VVSOmKs.exe
  2⤵
  PID:7496
- C:\Windows\System\AtWbifK.exe
  C:\Windows\System\AtWbifK.exe
  2⤵
  PID:7508
- C:\Windows\System\vYMaZiG.exe
  C:\Windows\System\vYMaZiG.exe
  2⤵
  PID:7548
- C:\Windows\System\XHjvobt.exe
  C:\Windows\System\XHjvobt.exe
  2⤵
  PID:7612
- C:\Windows\System\rFTGysO.exe
  C:\Windows\System\rFTGysO.exe
  2⤵
  PID:7676
- C:\Windows\System\sxdGgQf.exe
  C:\Windows\System\sxdGgQf.exe
  2⤵
  PID:7596
- C:\Windows\System\ANUFRTd.exe
  C:\Windows\System\ANUFRTd.exe
  2⤵
  PID:7660
- C:\Windows\System\HWqkPyY.exe
  C:\Windows\System\HWqkPyY.exe
  2⤵
  PID:7756
- C:\Windows\System\XEHeqxg.exe
  C:\Windows\System\XEHeqxg.exe
  2⤵
  PID:7740
- C:\Windows\System\thjLZnP.exe
  C:\Windows\System\thjLZnP.exe
  2⤵
  PID:7836
- C:\Windows\System\RoorWyN.exe
  C:\Windows\System\RoorWyN.exe
  2⤵
  PID:7900
- C:\Windows\System\grbKPfh.exe
  C:\Windows\System\grbKPfh.exe
  2⤵
  PID:7964
- C:\Windows\System\CnZfJRm.exe
  C:\Windows\System\CnZfJRm.exe
  2⤵
  PID:8032
- C:\Windows\System\VftCeOw.exe
  C:\Windows\System\VftCeOw.exe
  2⤵
  PID:8096
- C:\Windows\System\AlkrFbU.exe
  C:\Windows\System\AlkrFbU.exe
  2⤵
  PID:8160
- C:\Windows\System\OyvLXRt.exe
  C:\Windows\System\OyvLXRt.exe
  2⤵
  PID:7188
- C:\Windows\System\sLvsYbP.exe
  C:\Windows\System\sLvsYbP.exe
  2⤵
  PID:7980
- C:\Windows\System\tCLJmJl.exe
  C:\Windows\System\tCLJmJl.exe
  2⤵
  PID:7004
- C:\Windows\System\wfFpdrS.exe
  C:\Windows\System\wfFpdrS.exe
  2⤵
  PID:6960
- C:\Windows\System\gyGDyFj.exe
  C:\Windows\System\gyGDyFj.exe
  2⤵
  PID:7820
- C:\Windows\System\gFztXIV.exe
  C:\Windows\System\gFztXIV.exe
  2⤵
  PID:7912
- C:\Windows\System\AkZivQQ.exe
  C:\Windows\System\AkZivQQ.exe
  2⤵
  PID:8012
- C:\Windows\System\rLmhVpD.exe
  C:\Windows\System\rLmhVpD.exe
  2⤵
  PID:8076
- C:\Windows\System\AyKUrnn.exe
  C:\Windows\System\AyKUrnn.exe
  2⤵
  PID:7252
- C:\Windows\System\GHXuzQT.exe
  C:\Windows\System\GHXuzQT.exe
  2⤵
  PID:7412
- C:\Windows\System\AXYortW.exe
  C:\Windows\System\AXYortW.exe
  2⤵
  PID:7244
- C:\Windows\System\OPWHzyd.exe
  C:\Windows\System\OPWHzyd.exe
  2⤵
  PID:8140
- C:\Windows\System\ySrQbtH.exe
  C:\Windows\System\ySrQbtH.exe
  2⤵
  PID:8176
- C:\Windows\System\IEGRMNA.exe
  C:\Windows\System\IEGRMNA.exe
  2⤵
  PID:7580
- C:\Windows\System\KmpIQEf.exe
  C:\Windows\System\KmpIQEf.exe
  2⤵
  PID:7228
- C:\Windows\System\KVrQcqK.exe
  C:\Windows\System\KVrQcqK.exe
  2⤵
  PID:7720
- C:\Windows\System\GxyOASY.exe
  C:\Windows\System\GxyOASY.exe
  2⤵
  PID:7268
- C:\Windows\System\BFULcwH.exe
  C:\Windows\System\BFULcwH.exe
  2⤵
  PID:7644
- C:\Windows\System\kiQbjSo.exe
  C:\Windows\System\kiQbjSo.exe
  2⤵
  PID:7672
- C:\Windows\System\pJQgDBs.exe
  C:\Windows\System\pJQgDBs.exe
  2⤵
  PID:7832
- C:\Windows\System\cOozYqs.exe
  C:\Windows\System\cOozYqs.exe
  2⤵
  PID:8092
- C:\Windows\System\Douimjt.exe
  C:\Windows\System\Douimjt.exe
  2⤵
  PID:6604
- C:\Windows\System\gOpdVda.exe
  C:\Windows\System\gOpdVda.exe
  2⤵
  PID:7264
- C:\Windows\System\Zngbvze.exe
  C:\Windows\System\Zngbvze.exe
  2⤵
  PID:7736
- C:\Windows\System\zAxQcyl.exe
  C:\Windows\System\zAxQcyl.exe
  2⤵
  PID:7948
- C:\Windows\System\baPnzBr.exe
  C:\Windows\System\baPnzBr.exe
  2⤵
  PID:7884
- C:\Windows\System\kSVQdAc.exe
  C:\Windows\System\kSVQdAc.exe
  2⤵
  PID:7996
- C:\Windows\System\NXloZeo.exe
  C:\Windows\System\NXloZeo.exe
  2⤵
  PID:8028
- C:\Windows\System\ntxEkQY.exe
  C:\Windows\System\ntxEkQY.exe
  2⤵
  PID:8048
- C:\Windows\System\crcDfPb.exe
  C:\Windows\System\crcDfPb.exe
  2⤵
  PID:7480
- C:\Windows\System\JXiFNVo.exe
  C:\Windows\System\JXiFNVo.exe
  2⤵
  PID:7516
- C:\Windows\System\zxwSdsi.exe
  C:\Windows\System\zxwSdsi.exe
  2⤵
  PID:7544
- C:\Windows\System\TmXTaZp.exe
  C:\Windows\System\TmXTaZp.exe
  2⤵
  PID:7816
- C:\Windows\System\yPVAmcP.exe
  C:\Windows\System\yPVAmcP.exe
  2⤵
  PID:7804
- C:\Windows\System\ZFjgJim.exe
  C:\Windows\System\ZFjgJim.exe
  2⤵
  PID:7248
- C:\Windows\System\fwuKQNX.exe
  C:\Windows\System\fwuKQNX.exe
  2⤵
  PID:7336
- C:\Windows\System\oCdXCVX.exe
  C:\Windows\System\oCdXCVX.exe
  2⤵
  PID:7868
- C:\Windows\System\fyzNAhF.exe
  C:\Windows\System\fyzNAhF.exe
  2⤵
  PID:7560
- C:\Windows\System\LOoCzhW.exe
  C:\Windows\System\LOoCzhW.exe
  2⤵
  PID:7492
- C:\Windows\System\feMdDCO.exe
  C:\Windows\System\feMdDCO.exe
  2⤵
  PID:8156
- C:\Windows\System\uXhpHiD.exe
  C:\Windows\System\uXhpHiD.exe
  2⤵
  PID:6880
- C:\Windows\System\SoUpibH.exe
  C:\Windows\System\SoUpibH.exe
  2⤵
  PID:7208
- C:\Windows\System\EYFrRnp.exe
  C:\Windows\System\EYFrRnp.exe
  2⤵
  PID:7960
- C:\Windows\System\AwAfIYA.exe
  C:\Windows\System\AwAfIYA.exe
  2⤵
  PID:8144
- C:\Windows\System\vaGHvwP.exe
  C:\Windows\System\vaGHvwP.exe
  2⤵
  PID:8196
- C:\Windows\System\dUuOXvN.exe
  C:\Windows\System\dUuOXvN.exe
  2⤵
  PID:8212
- C:\Windows\System\OrfrAoX.exe
  C:\Windows\System\OrfrAoX.exe
  2⤵
  PID:8228
- C:\Windows\System\bPLRwIM.exe
  C:\Windows\System\bPLRwIM.exe
  2⤵
  PID:8244
- C:\Windows\System\uiIvzEl.exe
  C:\Windows\System\uiIvzEl.exe
  2⤵
  PID:8260
- C:\Windows\System\paEZBrl.exe
  C:\Windows\System\paEZBrl.exe
  2⤵
  PID:8276
- C:\Windows\System\nTgRheA.exe
  C:\Windows\System\nTgRheA.exe
  2⤵
  PID:8292
- C:\Windows\System\UAZONFa.exe
  C:\Windows\System\UAZONFa.exe
  2⤵
  PID:8308
- C:\Windows\System\VtFuvRJ.exe
  C:\Windows\System\VtFuvRJ.exe
  2⤵
  PID:8324
- C:\Windows\System\YSKuuKA.exe
  C:\Windows\System\YSKuuKA.exe
  2⤵
  PID:8340
- C:\Windows\System\miXKejX.exe
  C:\Windows\System\miXKejX.exe
  2⤵
  PID:8356
- C:\Windows\System\efJvrSf.exe
  C:\Windows\System\efJvrSf.exe
  2⤵
  PID:8372
- C:\Windows\System\qvrbmLI.exe
  C:\Windows\System\qvrbmLI.exe
  2⤵
  PID:8388
- C:\Windows\System\rlHKyKW.exe
  C:\Windows\System\rlHKyKW.exe
  2⤵
  PID:8404
- C:\Windows\System\GYfJjrM.exe
  C:\Windows\System\GYfJjrM.exe
  2⤵
  PID:8420
- C:\Windows\System\cMFPtzH.exe
  C:\Windows\System\cMFPtzH.exe
  2⤵
  PID:8440
- C:\Windows\System\uFdDiAd.exe
  C:\Windows\System\uFdDiAd.exe
  2⤵
  PID:8456
- C:\Windows\System\jdokJQc.exe
  C:\Windows\System\jdokJQc.exe
  2⤵
  PID:8472
- C:\Windows\System\bydmYzB.exe
  C:\Windows\System\bydmYzB.exe
  2⤵
  PID:8488
- C:\Windows\System\zZOrlth.exe
  C:\Windows\System\zZOrlth.exe
  2⤵
  PID:8504
- C:\Windows\System\CMROAwt.exe
  C:\Windows\System\CMROAwt.exe
  2⤵
  PID:8520
- C:\Windows\System\UVuidYG.exe
  C:\Windows\System\UVuidYG.exe
  2⤵
  PID:8536
- C:\Windows\System\jCYIqKK.exe
  C:\Windows\System\jCYIqKK.exe
  2⤵
  PID:8552
- C:\Windows\System\MJVGlcC.exe
  C:\Windows\System\MJVGlcC.exe
  2⤵
  PID:8568
- C:\Windows\System\urbQXGg.exe
  C:\Windows\System\urbQXGg.exe
  2⤵
  PID:8584
- C:\Windows\System\pNvGCUy.exe
  C:\Windows\System\pNvGCUy.exe
  2⤵
  PID:8600
- C:\Windows\System\VADgVae.exe
  C:\Windows\System\VADgVae.exe
  2⤵
  PID:8616
- C:\Windows\System\LdNtToZ.exe
  C:\Windows\System\LdNtToZ.exe
  2⤵
  PID:8632
- C:\Windows\System\cGAmKgn.exe
  C:\Windows\System\cGAmKgn.exe
  2⤵
  PID:8648
- C:\Windows\System\tHHINgb.exe
  C:\Windows\System\tHHINgb.exe
  2⤵
  PID:8664
- C:\Windows\System\pNQUooe.exe
  C:\Windows\System\pNQUooe.exe
  2⤵
  PID:8680
- C:\Windows\System\pVrCbvV.exe
  C:\Windows\System\pVrCbvV.exe
  2⤵
  PID:8696
- C:\Windows\System\lCbqrNX.exe
  C:\Windows\System\lCbqrNX.exe
  2⤵
  PID:8712
- C:\Windows\System\ZQQjnWs.exe
  C:\Windows\System\ZQQjnWs.exe
  2⤵
  PID:8728
- C:\Windows\System\HpNrwun.exe
  C:\Windows\System\HpNrwun.exe
  2⤵
  PID:8744
- C:\Windows\System\XWgLFlp.exe
  C:\Windows\System\XWgLFlp.exe
  2⤵
  PID:8760
- C:\Windows\System\ydZEQrs.exe
  C:\Windows\System\ydZEQrs.exe
  2⤵
  PID:8776
- C:\Windows\System\CFFaWgf.exe
  C:\Windows\System\CFFaWgf.exe
  2⤵
  PID:8792
- C:\Windows\System\AVrsQDC.exe
  C:\Windows\System\AVrsQDC.exe
  2⤵
  PID:8808
- C:\Windows\System\hYMhWqr.exe
  C:\Windows\System\hYMhWqr.exe
  2⤵
  PID:8824
- C:\Windows\System\fwtUkQh.exe
  C:\Windows\System\fwtUkQh.exe
  2⤵
  PID:8840
- C:\Windows\System\LUEoScU.exe
  C:\Windows\System\LUEoScU.exe
  2⤵
  PID:8856
- C:\Windows\System\uHgbvgg.exe
  C:\Windows\System\uHgbvgg.exe
  2⤵
  PID:8872
- C:\Windows\System\UhzMPYi.exe
  C:\Windows\System\UhzMPYi.exe
  2⤵
  PID:8888
- C:\Windows\System\ImcCFlA.exe
  C:\Windows\System\ImcCFlA.exe
  2⤵
  PID:8904
- C:\Windows\System\vXIhYzH.exe
  C:\Windows\System\vXIhYzH.exe
  2⤵
  PID:8920
- C:\Windows\System\cXZfLcZ.exe
  C:\Windows\System\cXZfLcZ.exe
  2⤵
  PID:8936
- C:\Windows\System\xukztwk.exe
  C:\Windows\System\xukztwk.exe
  2⤵
  PID:8952
- C:\Windows\System\XJtsKcX.exe
  C:\Windows\System\XJtsKcX.exe
  2⤵
  PID:8968
- C:\Windows\System\GGEHmkb.exe
  C:\Windows\System\GGEHmkb.exe
  2⤵
  PID:8984
- C:\Windows\System\EEcxxBA.exe
  C:\Windows\System\EEcxxBA.exe
  2⤵
  PID:9000
- C:\Windows\System\BUZLtOA.exe
  C:\Windows\System\BUZLtOA.exe
  2⤵
  PID:9016
- C:\Windows\System\bHtUXPG.exe
  C:\Windows\System\bHtUXPG.exe
  2⤵
  PID:9032
- C:\Windows\System\IKOHKQW.exe
  C:\Windows\System\IKOHKQW.exe
  2⤵
  PID:9048
- C:\Windows\System\FZKinNO.exe
  C:\Windows\System\FZKinNO.exe
  2⤵
  PID:9064
- C:\Windows\System\QdsXnFX.exe
  C:\Windows\System\QdsXnFX.exe
  2⤵
  PID:9080
- C:\Windows\System\SDaKYLK.exe
  C:\Windows\System\SDaKYLK.exe
  2⤵
  PID:9096
- C:\Windows\System\YdfcHKv.exe
  C:\Windows\System\YdfcHKv.exe
  2⤵
  PID:9112
- C:\Windows\System\otiiPox.exe
  C:\Windows\System\otiiPox.exe
  2⤵
  PID:9128
- C:\Windows\System\MooxofC.exe
  C:\Windows\System\MooxofC.exe
  2⤵
  PID:9144
- C:\Windows\System\bwZmslm.exe
  C:\Windows\System\bwZmslm.exe
  2⤵
  PID:9160
- C:\Windows\System\uPVBxHE.exe
  C:\Windows\System\uPVBxHE.exe
  2⤵
  PID:9176
- C:\Windows\System\MMyMPSe.exe
  C:\Windows\System\MMyMPSe.exe
  2⤵
  PID:9192
- C:\Windows\System\Oiqoxqm.exe
  C:\Windows\System\Oiqoxqm.exe
  2⤵
  PID:9208
- C:\Windows\System\IcJtCjz.exe
  C:\Windows\System\IcJtCjz.exe
  2⤵
  PID:6540
- C:\Windows\System\jJifIOT.exe
  C:\Windows\System\jJifIOT.exe
  2⤵
  PID:8252
- C:\Windows\System\BUNiYEy.exe
  C:\Windows\System\BUNiYEy.exe
  2⤵
  PID:8256
- C:\Windows\System\obwGtTE.exe
  C:\Windows\System\obwGtTE.exe
  2⤵
  PID:8288
- C:\Windows\System\yCbJjJF.exe
  C:\Windows\System\yCbJjJF.exe
  2⤵
  PID:8348
- C:\Windows\System\FggAGCI.exe
  C:\Windows\System\FggAGCI.exe
  2⤵
  PID:8352
- C:\Windows\System\MnIifJg.exe
  C:\Windows\System\MnIifJg.exe
  2⤵
  PID:8368
- C:\Windows\System\qAQjfRZ.exe
  C:\Windows\System\qAQjfRZ.exe
  2⤵
  PID:8400
- C:\Windows\System\wDjaIQP.exe
  C:\Windows\System\wDjaIQP.exe
  2⤵
  PID:8480
- C:\Windows\System\EdBMqLA.exe
  C:\Windows\System\EdBMqLA.exe
  2⤵
  PID:8544
- C:\Windows\System\weOKJsm.exe
  C:\Windows\System\weOKJsm.exe
  2⤵
  PID:8608
- C:\Windows\System\viyDKZy.exe
  C:\Windows\System\viyDKZy.exe
  2⤵
  PID:8528
- C:\Windows\System\rKjVBAZ.exe
  C:\Windows\System\rKjVBAZ.exe
  2⤵
  PID:8592
- C:\Windows\System\nppuNoX.exe
  C:\Windows\System\nppuNoX.exe
  2⤵
  PID:8612
- C:\Windows\System\pUCmRfx.exe
  C:\Windows\System\pUCmRfx.exe
  2⤵
  PID:8672
- C:\Windows\System\oKYAmfB.exe
  C:\Windows\System\oKYAmfB.exe
  2⤵
  PID:8704
- C:\Windows\System\znMcHkE.exe
  C:\Windows\System\znMcHkE.exe
  2⤵
  PID:8740
- C:\Windows\System\SaOQCfq.exe
  C:\Windows\System\SaOQCfq.exe
  2⤵
  PID:8804
- C:\Windows\System\kgmWouZ.exe
  C:\Windows\System\kgmWouZ.exe
  2⤵
  PID:8688
- C:\Windows\System\MvraZHI.exe
  C:\Windows\System\MvraZHI.exe
  2⤵
  PID:8896
- C:\Windows\System\xYyJSOv.exe
  C:\Windows\System\xYyJSOv.exe
  2⤵
  PID:8960
- C:\Windows\System\AuBVwDI.exe
  C:\Windows\System\AuBVwDI.exe
  2⤵
  PID:9024
- C:\Windows\System\jbdVzzw.exe
  C:\Windows\System\jbdVzzw.exe
  2⤵
  PID:8720
- C:\Windows\System\szDrrua.exe
  C:\Windows\System\szDrrua.exe
  2⤵
  PID:8788
- C:\Windows\System\gIAudNU.exe
  C:\Windows\System\gIAudNU.exe
  2⤵
  PID:8980
- C:\Windows\System\piKHxhN.exe
  C:\Windows\System\piKHxhN.exe
  2⤵
  PID:8848
- C:\Windows\System\uXlfOqv.exe
  C:\Windows\System\uXlfOqv.exe
  2⤵
  PID:8916
- C:\Windows\System\hcfpBHV.exe
  C:\Windows\System\hcfpBHV.exe
  2⤵
  PID:9044
- C:\Windows\System\PASbJBk.exe
  C:\Windows\System\PASbJBk.exe
  2⤵
  PID:9124
- C:\Windows\System\gywHdZO.exe
  C:\Windows\System\gywHdZO.exe
  2⤵
  PID:9108
- C:\Windows\System\prIqlHP.exe
  C:\Windows\System\prIqlHP.exe
  2⤵
  PID:9184
- C:\Windows\System\ArRhpSB.exe
  C:\Windows\System\ArRhpSB.exe
  2⤵
  PID:7204
- C:\Windows\System\BulMgyv.exe
  C:\Windows\System\BulMgyv.exe
  2⤵
  PID:8224
- C:\Windows\System\LOyvifk.exe
  C:\Windows\System\LOyvifk.exe
  2⤵
  PID:8320
- C:\Windows\System\QUSyfxy.exe
  C:\Windows\System\QUSyfxy.exe
  2⤵
  PID:8304
- C:\Windows\System\PtfZarV.exe
  C:\Windows\System\PtfZarV.exe
  2⤵
  PID:8448
- C:\Windows\System\BnwYJdl.exe
  C:\Windows\System\BnwYJdl.exe
  2⤵
  PID:8576
- C:\Windows\System\VwnKOJG.exe
  C:\Windows\System\VwnKOJG.exe
  2⤵
  PID:8496
- C:\Windows\System\uOVkcss.exe
  C:\Windows\System\uOVkcss.exe
  2⤵
  PID:8644
- C:\Windows\System\UOyRjlO.exe
  C:\Windows\System\UOyRjlO.exe
  2⤵
  PID:8656
- C:\Windows\System\OKECiVR.exe
  C:\Windows\System\OKECiVR.exe
  2⤵
  PID:8836
- C:\Windows\System\CCGziWQ.exe
  C:\Windows\System\CCGziWQ.exe
  2⤵
  PID:8868
- C:\Windows\System\YPMaThR.exe
  C:\Windows\System\YPMaThR.exe
  2⤵
  PID:9056
- C:\Windows\System\SOxMrVk.exe
  C:\Windows\System\SOxMrVk.exe
  2⤵
  PID:8756
- C:\Windows\System\WaaAGsI.exe
  C:\Windows\System\WaaAGsI.exe
  2⤵
  PID:9008
- C:\Windows\System\YTqnQGC.exe
  C:\Windows\System\YTqnQGC.exe
  2⤵
  PID:9088
- C:\Windows\System\qCHhNPo.exe
  C:\Windows\System\qCHhNPo.exe
  2⤵
  PID:9104
- C:\Windows\System\IBrCrkI.exe
  C:\Windows\System\IBrCrkI.exe
  2⤵
  PID:9188
- C:\Windows\System\KonOujO.exe
  C:\Windows\System\KonOujO.exe
  2⤵
  PID:8236
- C:\Windows\System\qEQmhFA.exe
  C:\Windows\System\qEQmhFA.exe
  2⤵
  PID:8452
- C:\Windows\System\Torpobs.exe
  C:\Windows\System\Torpobs.exe
  2⤵
  PID:8580
- C:\Windows\System\ZZKXVPg.exe
  C:\Windows\System\ZZKXVPg.exe
  2⤵
  PID:8468
- C:\Windows\System\YRuIglc.exe
  C:\Windows\System\YRuIglc.exe
  2⤵
  PID:8932
- C:\Windows\System\nNYSNmI.exe
  C:\Windows\System\nNYSNmI.exe
  2⤵
  PID:8996
- C:\Windows\System\yfIeKMy.exe
  C:\Windows\System\yfIeKMy.exe
  2⤵
  PID:9072
- C:\Windows\System\WlsNxDL.exe
  C:\Windows\System\WlsNxDL.exe
  2⤵
  PID:9204
- C:\Windows\System\UIoLvWH.exe
  C:\Windows\System\UIoLvWH.exe
  2⤵
  PID:8336
- C:\Windows\System\LVCiyyy.exe
  C:\Windows\System\LVCiyyy.exe
  2⤵
  PID:9156
- C:\Windows\System\xFxzdMo.exe
  C:\Windows\System\xFxzdMo.exe
  2⤵
  PID:8500
- C:\Windows\System\gQgUkzg.exe
  C:\Windows\System\gQgUkzg.exe
  2⤵
  PID:8800
- C:\Windows\System\nrZhFMa.exe
  C:\Windows\System\nrZhFMa.exe
  2⤵
  PID:8884
- C:\Windows\System\ZTSiWKB.exe
  C:\Windows\System\ZTSiWKB.exe
  2⤵
  PID:8204
- C:\Windows\System\PSlDoEE.exe
  C:\Windows\System\PSlDoEE.exe
  2⤵
  PID:8992
- C:\Windows\System\FcVZQiz.exe
  C:\Windows\System\FcVZQiz.exe
  2⤵
  PID:9220
- C:\Windows\System\apVAGXW.exe
  C:\Windows\System\apVAGXW.exe
  2⤵
  PID:9236
- C:\Windows\System\OXBbVNe.exe
  C:\Windows\System\OXBbVNe.exe
  2⤵
  PID:9252
- C:\Windows\System\ZsJGtPF.exe
  C:\Windows\System\ZsJGtPF.exe
  2⤵
  PID:9268
- C:\Windows\System\isDdapB.exe
  C:\Windows\System\isDdapB.exe
  2⤵
  PID:9284
- C:\Windows\System\gHAvIWX.exe
  C:\Windows\System\gHAvIWX.exe
  2⤵
  PID:9300
- C:\Windows\System\BNsgNGX.exe
  C:\Windows\System\BNsgNGX.exe
  2⤵
  PID:9316
- C:\Windows\System\PZIdSzp.exe
  C:\Windows\System\PZIdSzp.exe
  2⤵
  PID:9332
- C:\Windows\System\YsMIznb.exe
  C:\Windows\System\YsMIznb.exe
  2⤵
  PID:9348
- C:\Windows\System\rhOePNN.exe
  C:\Windows\System\rhOePNN.exe
  2⤵
  PID:9364
- C:\Windows\System\pSSFyAM.exe
  C:\Windows\System\pSSFyAM.exe
  2⤵
  PID:9380
- C:\Windows\System\CeTfCig.exe
  C:\Windows\System\CeTfCig.exe
  2⤵
  PID:9396
- C:\Windows\System\GkdSEIe.exe
  C:\Windows\System\GkdSEIe.exe
  2⤵
  PID:9412
- C:\Windows\System\LuzqFVP.exe
  C:\Windows\System\LuzqFVP.exe
  2⤵
  PID:9428
- C:\Windows\System\IKEbKAE.exe
  C:\Windows\System\IKEbKAE.exe
  2⤵
  PID:9444
- C:\Windows\System\XuwBcaQ.exe
  C:\Windows\System\XuwBcaQ.exe
  2⤵
  PID:9460
- C:\Windows\System\PlAFQTL.exe
  C:\Windows\System\PlAFQTL.exe
  2⤵
  PID:9476
- C:\Windows\System\xRRaiVR.exe
  C:\Windows\System\xRRaiVR.exe
  2⤵
  PID:9492
- C:\Windows\System\zsjqLCl.exe
  C:\Windows\System\zsjqLCl.exe
  2⤵
  PID:9508
- C:\Windows\System\VKUHeXg.exe
  C:\Windows\System\VKUHeXg.exe
  2⤵
  PID:9524
- C:\Windows\System\bznnNoc.exe
  C:\Windows\System\bznnNoc.exe
  2⤵
  PID:9540
- C:\Windows\System\hBTGnYN.exe
  C:\Windows\System\hBTGnYN.exe
  2⤵
  PID:9556
- C:\Windows\System\wXikuEe.exe
  C:\Windows\System\wXikuEe.exe
  2⤵
  PID:9572
- C:\Windows\System\GKgJwTg.exe
  C:\Windows\System\GKgJwTg.exe
  2⤵
  PID:9588
- C:\Windows\System\AFdicud.exe
  C:\Windows\System\AFdicud.exe
  2⤵
  PID:9604
- C:\Windows\System\CdnReZk.exe
  C:\Windows\System\CdnReZk.exe
  2⤵
  PID:9620
- C:\Windows\System\IBRZcFF.exe
  C:\Windows\System\IBRZcFF.exe
  2⤵
  PID:9636
- C:\Windows\System\LepSxHz.exe
  C:\Windows\System\LepSxHz.exe
  2⤵
  PID:9652
- C:\Windows\System\xkEqEJB.exe
  C:\Windows\System\xkEqEJB.exe
  2⤵
  PID:9668
- C:\Windows\System\UooWUWf.exe
  C:\Windows\System\UooWUWf.exe
  2⤵
  PID:9684
- C:\Windows\System\QlGqTkN.exe
  C:\Windows\System\QlGqTkN.exe
  2⤵
  PID:9700
- C:\Windows\System\HgITDJd.exe
  C:\Windows\System\HgITDJd.exe
  2⤵
  PID:9716
- C:\Windows\System\OdEomOc.exe
  C:\Windows\System\OdEomOc.exe
  2⤵
  PID:9732
- C:\Windows\System\wyrjsWB.exe
  C:\Windows\System\wyrjsWB.exe
  2⤵
  PID:9748
- C:\Windows\System\kpbKhki.exe
  C:\Windows\System\kpbKhki.exe
  2⤵
  PID:9764
- C:\Windows\System\ueEqvCD.exe
  C:\Windows\System\ueEqvCD.exe
  2⤵
  PID:9780
- C:\Windows\System\xBWinRO.exe
  C:\Windows\System\xBWinRO.exe
  2⤵
  PID:9796
- C:\Windows\System\qXVWphD.exe
  C:\Windows\System\qXVWphD.exe
  2⤵
  PID:9812
- C:\Windows\System\ffODAQU.exe
  C:\Windows\System\ffODAQU.exe
  2⤵
  PID:9836
- C:\Windows\System\SkaqVsg.exe
  C:\Windows\System\SkaqVsg.exe
  2⤵
  PID:9856
- C:\Windows\System\sHYXqCz.exe
  C:\Windows\System\sHYXqCz.exe
  2⤵
  PID:9884
- C:\Windows\System\xwQNeaw.exe
  C:\Windows\System\xwQNeaw.exe
  2⤵
  PID:9900
- C:\Windows\System\DdjKmad.exe
  C:\Windows\System\DdjKmad.exe
  2⤵
  PID:9916
- C:\Windows\System\SHJluUx.exe
  C:\Windows\System\SHJluUx.exe
  2⤵
  PID:9932
- C:\Windows\System\mgGGMNP.exe
  C:\Windows\System\mgGGMNP.exe
  2⤵
  PID:9948
- C:\Windows\System\mDTfMHs.exe
  C:\Windows\System\mDTfMHs.exe
  2⤵
  PID:9964
- C:\Windows\System\IziDCiI.exe
  C:\Windows\System\IziDCiI.exe
  2⤵
  PID:9992
- C:\Windows\System\rrpCwaf.exe
  C:\Windows\System\rrpCwaf.exe
  2⤵
  PID:10060
- C:\Windows\System\wvcGbJC.exe
  C:\Windows\System\wvcGbJC.exe
  2⤵
  PID:10076
- C:\Windows\System\yESkoKf.exe
  C:\Windows\System\yESkoKf.exe
  2⤵
  PID:10092
- C:\Windows\System\cHHDIWW.exe
  C:\Windows\System\cHHDIWW.exe
  2⤵
  PID:10108
- C:\Windows\System\jgcaZKO.exe
  C:\Windows\System\jgcaZKO.exe
  2⤵
  PID:10124
- C:\Windows\System\PEWZNkA.exe
  C:\Windows\System\PEWZNkA.exe
  2⤵
  PID:10140
- C:\Windows\System\DFWyWPP.exe
  C:\Windows\System\DFWyWPP.exe
  2⤵
  PID:10156
- C:\Windows\System\lUXdlFd.exe
  C:\Windows\System\lUXdlFd.exe
  2⤵
  PID:10176
- C:\Windows\System\anNiEyc.exe
  C:\Windows\System\anNiEyc.exe
  2⤵
  PID:10192
- C:\Windows\System\YgVkYup.exe
  C:\Windows\System\YgVkYup.exe
  2⤵
  PID:10208
- C:\Windows\System\qkooNTA.exe
  C:\Windows\System\qkooNTA.exe
  2⤵
  PID:10224
- C:\Windows\System\InMylRi.exe
  C:\Windows\System\InMylRi.exe
  2⤵
  PID:9228
- C:\Windows\System\KbCklfd.exe
  C:\Windows\System\KbCklfd.exe
  2⤵
  PID:9244
- C:\Windows\System\xlztkov.exe
  C:\Windows\System\xlztkov.exe
  2⤵
  PID:9292
- C:\Windows\System\ZXnwKKL.exe
  C:\Windows\System\ZXnwKKL.exe
  2⤵
  PID:9248
- C:\Windows\System\YuZfZSN.exe
  C:\Windows\System\YuZfZSN.exe
  2⤵
  PID:9280
- C:\Windows\System\pFsyiKi.exe
  C:\Windows\System\pFsyiKi.exe
  2⤵
  PID:9360
- C:\Windows\System\MRIvazc.exe
  C:\Windows\System\MRIvazc.exe
  2⤵
  PID:9424
- C:\Windows\System\YLWjpWE.exe
  C:\Windows\System\YLWjpWE.exe
  2⤵
  PID:9488
- C:\Windows\System\AUQtqzq.exe
  C:\Windows\System\AUQtqzq.exe
  2⤵
  PID:9552
- C:\Windows\System\MUdWNqm.exe
  C:\Windows\System\MUdWNqm.exe
  2⤵
  PID:9612
- C:\Windows\System\XPVPnvu.exe
  C:\Windows\System\XPVPnvu.exe
  2⤵
  PID:9676
- C:\Windows\System\ExBzJPp.exe
  C:\Windows\System\ExBzJPp.exe
  2⤵
  PID:9504
- C:\Windows\System\lhCtegJ.exe
  C:\Windows\System\lhCtegJ.exe
  2⤵
  PID:9776
- C:\Windows\System\oIXLxdL.exe
  C:\Windows\System\oIXLxdL.exe
  2⤵
  PID:9372
- C:\Windows\System\evWeFGk.exe
  C:\Windows\System\evWeFGk.exe
  2⤵
  PID:9468
- C:\Windows\System\KujnAgS.exe
  C:\Windows\System\KujnAgS.exe
  2⤵
  PID:9564
- C:\Windows\System\NErhOhu.exe
  C:\Windows\System\NErhOhu.exe
  2⤵
  PID:9628
- C:\Windows\System\gmRJuhe.exe
  C:\Windows\System\gmRJuhe.exe
  2⤵
  PID:9692
- C:\Windows\System\jHEUSun.exe
  C:\Windows\System\jHEUSun.exe
  2⤵
  PID:9756
- C:\Windows\System\MEdBIBb.exe
  C:\Windows\System\MEdBIBb.exe
  2⤵
  PID:9820
- C:\Windows\System\UVQpglf.exe
  C:\Windows\System\UVQpglf.exe
  2⤵
  PID:9844
- C:\Windows\System\yWevKxE.exe
  C:\Windows\System\yWevKxE.exe
  2⤵
  PID:9872
- C:\Windows\System\LXtMein.exe
  C:\Windows\System\LXtMein.exe
  2⤵
  PID:9876
- C:\Windows\System\HiecwPe.exe
  C:\Windows\System\HiecwPe.exe
  2⤵
  PID:9944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AEklsnU.exe

Filesize
6.0MB

MD5
c3b76afd1564518ec8854a453eee0536

SHA1
4900973b083f565f55204e553d7600cc34edb249

SHA256
1b8bf6c81663126dc975df121806585548afed45527b64dcf1e339fd5205284b

SHA512
c0bb49718dc75231601b42ac4e2bad4f6da1adc7b3975d8d16728148d2b1551ea9e5eaffc15e7075e63e59aec149ed839e04e55c5e755cee2f190d84204ad14d

Download Submit
C:\Windows\system\BHiDuXv.exe

Filesize
6.0MB

MD5
5965bccd79d3e96b5aae9e37b251bb35

SHA1
8091c68914aa47fc7de09ad669c3a8ef84aa4a83

SHA256
7c753845396c6c453839b2481cb1e46a91c3c55928273a7db863752820e6eb46

SHA512
1057e2f20f127dddd1875520909a318c1dba78568c149a961337854a2202e96681bbffa3ee46f629d591c2a1dc6ebc1cfbf7bc0fc34a3f852d7703c4955c281d

Download Submit
C:\Windows\system\GpBaxTr.exe

Filesize
6.0MB

MD5
95e31485e3241a46b8812d6316cc93be

SHA1
59ffc8180b7d2464322b9c5a1af970a2b1a7af3b

SHA256
8939d0bc756ee0a354ac30a7e79f7d00135e9e21050b5711c8156749b63cc337

SHA512
a95768ef682f7c78531df95e717b532812517ae49ca4759d01b066ff9bd5b972704adda82fe463bb50eec90d4bad583ecab9f4ce80af72a19088b75859e18062

Download Submit
C:\Windows\system\JlwayTQ.exe

Filesize
6.0MB

MD5
537f57a8e81dc1370968f6def18d6d47

SHA1
575183b1c554eb37a89a24eedc3f0517ac1b0b3d

SHA256
1003e3607ee43b1a9df412a1187bfa1bdd8259dc29d2cfee9b28dbfbfe222851

SHA512
e132bba59db698cf926f675523531fe718e8a5ce91d86a580cfa2acaca2074c7210ec36fdf92b7b7f4766a9dbd6d69f26bf3a40a148e183dd7de9320eeb29752

Download Submit
C:\Windows\system\Oibpvse.exe

Filesize
6.0MB

MD5
cd3077fd38d3f0101f5fbcec27b758a2

SHA1
db65d47fd2cae93676d34c5f2f3bb7f4d5a53bb6

SHA256
bcc0c24a6e290d52874dada709b3fedfe9bdf155299fc373fb1c94266b3de41d

SHA512
67bc728e2ba7ebfa27501c23a5207b6e2becf92ab117daf893bfcde618ce7af4cd02edceabad4b9d29af1a495e0a2e4ba862fb1961ea854dc418585b11f098a7

Download Submit
C:\Windows\system\PwfyeCl.exe

Filesize
6.0MB

MD5
275459bce6673de174f361f2d12620fa

SHA1
875b2a793c99bcde05a178e2ea55b80f2387cf3b

SHA256
ad36b60ed4bc0c2707883d95ca96059b771fcdc7026afbcedc0f381eec5dcdd0

SHA512
576e618860984abec352ef1b69b716e6bafed11bcd1f691b323d7f75bfa7b86c10fa4e38baeec29b093e683b53eae1fffff26b8449e204ed836fa2f0b2809740

Download Submit
C:\Windows\system\RodzOjQ.exe

Filesize
6.0MB

MD5
c57ba2f1a709dda8c358b447715f4e56

SHA1
a3300b6982552b6e0165459459325f226bf10db0

SHA256
1865e9ebf9ed56b7d06924d7d0031981d44734a1fd0d7a113173a68ac9a00184

SHA512
27ecb71c8d073f8ff6003585ba2a08071dd71814aa1a6a988a844e84715d0080f457e432f8e1aa754ea585fc29a72893212976ec8d92d48c898a6070254b79df

Download Submit
C:\Windows\system\ScDOZHs.exe

Filesize
6.0MB

MD5
4e4900d6cf4576dbde05ea7c904bd0ed

SHA1
b2eb7dbd7744b67cc2aeee04ff10911fddbe7564

SHA256
1ad35ec6dafbaa90114258cd747775e020071a4b4548140521dcf1b7d7687918

SHA512
9ac9223aa68aeccfaaf9e948533a6fdab566cd62671bd80e851d30aa1229bf80f795b52930b039e646f7975efa298c9d94a9990e5ce62de0f039a90e1f12fd2c

Download Submit
C:\Windows\system\TVLTSaL.exe

Filesize
6.0MB

MD5
bcffca606dfdc0b7a77e016c6c6bfc3b

SHA1
c0fae3f3793755bb9de8b4605659f6a9cff56966

SHA256
4a9426221a8129554635ac7099f6fbe1a50d4e86927a2947632e75a2c262c766

SHA512
f643b368c56335867c8afce577bbebfa198c539ec59a92d71bafea0c24787297958161dd5eefd44851b6ed197130b1a834ea7efce60fb513993cd797b6df9169

Download Submit
C:\Windows\system\UOeuHdK.exe

Filesize
6.0MB

MD5
682443b46cab8f9d0c4c337199fe8a51

SHA1
d7fc3face178cd849240526e565bd4c87590fadd

SHA256
c98d2311313cda1c8f136c41c17b0bdc14b4e7378d821b9b382029ac00055599

SHA512
c553d7072ebeefbfda6b2e0c10efc187fd4b83465200d57268d7388d89266f0752f45706e67826b988156ab8f340b3c7adbbd95b156609bee83b14fb08a10dfc

Download Submit
C:\Windows\system\WJgkAeu.exe

Filesize
6.0MB

MD5
de01a71de976b740407b23c61feee67e

SHA1
b6ba073e5437a67f02227f31d56a1db855a72928

SHA256
476465950fea046d68d1e00c27d61deadf2d58894a9124ab5b44f32ef13ce2e1

SHA512
3d275c144b22d0984ae1978f999ac40941c42ca9fe42b1f9b0c4a125882830fc7a3a07e0f4c94f4749ae79c0a74472a1ca9447c03689afbe60b441ee7685d8f8

Download Submit
C:\Windows\system\XAtPWys.exe

Filesize
6.0MB

MD5
9bccafaaf14b15405903de9045be87a6

SHA1
b02b380cf44544abdc2916f9d5b7351d5b158882

SHA256
bbaa6676487e2955b4d2bfba32fafdb15a87d7432280d3d72b58b6341296c9ec

SHA512
96c1d19aa8508cbda8a970839622a0fd26d95fa67973092151c591d62206972faa2423bdf09a5b677bad91a5fdb089fe4783a776d53945dd60e524616b0a986f

Download Submit
C:\Windows\system\XDtzhdO.exe

Filesize
6.0MB

MD5
c214f5c73302dd1b08187bb4e12b1844

SHA1
c896cd3d29bd510e566cca6956dcdd6b5ddb9a65

SHA256
602f4f5d56922aa537f69ba8adc6cf75b854de65b5e4a8d804ca8e98aad7ca0d

SHA512
342a6ea540ba197330cd31c7cd1152f7c3463d8c5884658c5840b7ff6524113035085df1d8660e4de1cc5a7f1b266d3f179df477b94fbd216fa5c4ebad8a6cb3

Download Submit
C:\Windows\system\aopPIly.exe

Filesize
6.0MB

MD5
b88fda2ae7164fc01b8a3b042caff19a

SHA1
b2af84db6c64e7ba84012cbdf5af5cdb1f29066f

SHA256
8c2f1600539fafc84550661c4ac18b927fd641e7c4305422af396b28b71ec151

SHA512
8d7fbaeeb050fea16d07bfdce1d1d8a4454a811dfa367dddfbe47d147eda07cf456f49216c5299943062e8ccf56cc90b2948b8f8f30213684fed0f1b4406e01d

Download Submit
C:\Windows\system\ccIQaKe.exe

Filesize
6.0MB

MD5
e3a43f75be9524ceedee2ef0b1494ed9

SHA1
173d50c2a4949545b625c9859800c4b3cc6351c9

SHA256
f419633a346161874d58212c0427a39edcfe54cca79d122aab37821dbea938c6

SHA512
f960f2bb08b5ec7a9ee427a233fb889d0d8ec4b376fad2002cda91d8b25bd414d634c5b0691ebc992cb6619ed267152c9e96c9ea78b737c54be3474c53c8ab44

Download Submit
C:\Windows\system\cmKqCdr.exe

Filesize
6.0MB

MD5
17d7eb8c1bed22453b2c2daab6c34641

SHA1
89545fc37d99505f2b948d6df25385fc13d42c81

SHA256
4a5bf9d6400e7d6be722926431d01ebd77017445f3cbd6af80f2f7c462f2d029

SHA512
b301ad50cf4d52b60d0ab9f4c25b8b48f6845fb3bad6fa7af525ca276d60db10679e16aeb978f1f92bacd4c4f2e9642e45f28ac610fcad5e9bb25f036e574895

Download Submit
C:\Windows\system\dLuEejU.exe

Filesize
6.0MB

MD5
1acabe5d70c4462685c01c921728d251

SHA1
23563bba181b058fca063c59767ac684885dabb8

SHA256
4fc6c6e04c51e42718d869b5dfd72065d8c5d595e08f7acdc6beba6ce0547703

SHA512
f05ee2b62f8338bdef445c3dc3fa91cff88f67dc33a95b2c36728e82507c528da1e03daf2f3af45cc8cfc5750761e514de9443dc1371d49bd53a79cb0770c926

Download Submit
C:\Windows\system\iTvAXkJ.exe

Filesize
6.0MB

MD5
8da86ce282c6ea7ceca544dada6d8244

SHA1
b3b7188f8c87befc7629388e598aa4d134b9b823

SHA256
a02dd486a884665daa5a2eebb9c4d91ac4eeb9067a62059fbbd3c7ebfd08dab5

SHA512
1706b049969e1328e52a5c7def1f357f960bc04632610604bcb6dbcd3d09ebd469f8c3d2c949cdfc29ec41fbe9ffd982ff6fc7ccd9c898a5811a6bf98ee49b3e

Download Submit
C:\Windows\system\iwLlfXy.exe

Filesize
6.0MB

MD5
760f515637137c4cb9db849472b81645

SHA1
400f1820b437e8f708aff9b6cb844721f6ded502

SHA256
2daf5a5d5b786e2989b89673b6b8272dd64f6cc1b0c09e7afbb889c4382ada36

SHA512
e68971602bd13ee9b038f195c0a956bcdfe0da12c2392a6c26ea13c45e0a7976ce73da4db72f4cac9f739732ffa0f4c72d340b730b00d0a65b7940007968e3eb

Download Submit
C:\Windows\system\mMzPFMT.exe

Filesize
6.0MB

MD5
0ab4856795825601f5a363504cf52800

SHA1
ef8598ce6f3a0ce0d13d1a54ab87e3ace9ceeaa5

SHA256
f6ec133d3d7948a88d8547e267cc4cc6214f30f9872f85b551881f27042e86e5

SHA512
1309438123f6c404bbd5d92af970881c42dd027e65c0324d10ab3e67b73e51dc4c96288bec1113346b66667fe9ebe83a32e0e96d77af92ef88381f44dac0f293

Download Submit
C:\Windows\system\maPfkxy.exe

Filesize
6.0MB

MD5
bef20a2c741a1e06c49e9a1b5f489e89

SHA1
5b5075e6cc0344853ab78e55bfa1eeaddbe3f8a1

SHA256
81f4669c3d125bd4844494a50e08041253e23f9664febc8d9f3586cdc94de73f

SHA512
61211df42f7dd63e8a5480b6a8b3105bd2dfdc3f09d26828487e5b670887ab493671c472382165b61deef4754f298a7f6d3542b248d8c834bdbe647cd86805b9

Download Submit
C:\Windows\system\nUaqmVu.exe

Filesize
6.0MB

MD5
c46d95aa491b2965846c4d101891dbff

SHA1
924d5a76fde506a905199aa4473ac3ab36dd25f2

SHA256
741713710fbfd5a4f64e61e09c0251100540b3871be0c812ab46dc18a96e82da

SHA512
c7256a25fe371cd08a8e56da219102c108d26c5b59850e2e463b2f83978eee2213427a178d84169fd022047561379fab0b0f901e7329c7ce09af9ab880b46db3

Download Submit
C:\Windows\system\tNrSvuy.exe

Filesize
6.0MB

MD5
9e8e808a60daa8ad5a081d35d3ed1f24

SHA1
9a4a3eb3e0cf8928c97ed3f08c7a7a40545453c7

SHA256
8eeb63560712f14c7c80ba9341b31e0b31f013e680e0b69ca3b841def91c5330

SHA512
9fb88b18c75ec5b1f7126889d54e3e4b0409706564852911e04935facdf2fdfb81e26d55035361abcd3be1e7d8ed985d8160802a023b2c37572d73380de0069e

Download Submit
C:\Windows\system\xnTjfss.exe

Filesize
6.0MB

MD5
d19319b8236a304162782b11f15996f0

SHA1
36ff06b7a6258a8f0979976a35c1972f8792b41e

SHA256
e202745d79e72af096d894eae4ad67177c070de455fedaeefa3b26b2e352e06a

SHA512
341f72119d9e327e2ee68f630d47c818316872bc21a103e7f93a513c57ce8a5b2dedbef49e396e15ac2a78f9aade97d9d8c3b9475bb715fa34498af8f070be26

Download Submit
\Windows\system\BNBWmIy.exe

Filesize
6.0MB

MD5
dc96ed1114fe4fedcf1113a95bad7f96

SHA1
43253c6168736cdf2e235d41eef76f7523e15c05

SHA256
92b9e46f84c9385174ac54700d9572cbafec26827dec709ea43f54302e78f3bb

SHA512
da5de3e8a6b8d8f6dcf721260dfc4ad1738e46bbc8e1eae5f57a3a6e7c929563e3e42fcd47682d33af90d2451fe723ecfe5aa7da81b999bbfc567d5565d8fd87

Download Submit
\Windows\system\CKRhBxO.exe

Filesize
6.0MB

MD5
c9563abf580b20f931cec61f1f197328

SHA1
4b1ba97e11d98e898eed0e6e1feeb3f2b8b11492

SHA256
f66253b01ec1f85134094a9588bc3117038d2526123320513f361d8e6a29b3bb

SHA512
5148fd7927dbc8f0d1bbe4d029b338ac7b2c0d1e914ec766626ef7741314121d3de48c2e454c47791bddb19c84e6132ca8eaea0243bf30e03c94c18d56c262a9

Download Submit
\Windows\system\HkHPJvA.exe

Filesize
6.0MB

MD5
88e6986bbd97fda6248d7b205efda364

SHA1
6240c18ced82459a00460e9c7ba080fbd5f60774

SHA256
c60b1afacfc8a3e90cf9257901af594ecbb4a8fc4f7a7f826b829b262479baf8

SHA512
a0642e03f32f5ee0b3d195de6b0685b83dbf8c24ad5529455cc749cd6e1f26e4963a18a192b64ba49d30b9ca915b6c535be3e3de0411f3719daf6fe69b07ec96

Download Submit
\Windows\system\HtTeDNZ.exe

Filesize
6.0MB

MD5
f512702c58a14e87e485e99b0253103b

SHA1
bf621edd1080ca58fa07491b889b59ace5432517

SHA256
bc52969c3e0eff9694d1e46f253613ffbb6cb75af60ec8fb55df22c821bf2a2d

SHA512
4324edea350f18e1160988fadded417538fcbb47e8c289ac99cff81f3167be5f8d35a09e06c10e655c494ec2462a76ab3f6772bfe8190e1f9ac06d37f4e832fc

Download Submit
\Windows\system\IwtYVem.exe

Filesize
6.0MB

MD5
4c92ff324b260dcc2d0a0686fcedb565

SHA1
ad94e6e1afdc9fe592897d81be1a82dfab3db45c

SHA256
8bb8057642f79882f12963a2df846844bf27c731b355e563e2655736a692bf6d

SHA512
df1352a25bacaff29569009ee893600f4457a72ae94dd0a0d8ae1bc39e7b1d08a3fd1e1bfba4428ed2e7db27946cd8bd3b6c6a8939fc453e6a3ada505c33379e

Download Submit
\Windows\system\OxPgkaX.exe

Filesize
6.0MB

MD5
2da6260305bfb0f943193625186832b7

SHA1
020c2bba6a24ba5d4fbc4361a7c922ce2067774b

SHA256
347d588921d97f30c0a08893a958cf535003bf7fc7370d80332826de54ac8603

SHA512
05d5033916725c731d07ca7491ce331d745466342e8444f6a109ee2a2e63655d753982ca3057bed0952daaff35ce45e4cfbe010d8383dd367798839c506010f6

Download Submit
\Windows\system\RaVUTmv.exe

Filesize
6.0MB

MD5
dcdf91e51d6c5b9ab03a1f62947939cb

SHA1
9667586a1e747bb726c73b77cccda0d69faba369

SHA256
851ccd85b0649ca3099d3845fcbc51340f17665a56e1fd72e6acac83a5b6d02e

SHA512
9a25f2237b04c4db3cfa4c92bcb3d8329e21c970b76a57bcd6d4812ac91af07e1fc5967b3ea809908145a6e9779fb1c046fd7fa9002469d499b0b0748d440c40

Download Submit
\Windows\system\ikbggqr.exe

Filesize
6.0MB

MD5
1c66221a1e38f42dc0d5223a75dba308

SHA1
fc2f168a04259bca7541dae63cf19549543e0311

SHA256
5c34d0f29b39740584bb6f94cd94a8891656770ba9fe1a174a94552023be4faf

SHA512
ad86f20dac640f7b1c1b50ec36d05052e02d0b873faa00d0a32f232e67185136c47fa6fdf931dd869f31e117b0df16ca79a78a8d6abbe31870eadecdadc9b129

Download Submit
\Windows\system\tfhhmFj.exe

Filesize
6.0MB

MD5
d09ef682f2313307279a01bcc2da6d31

SHA1
4d501e11908eed1167149a97ee563b91a502a1c6

SHA256
8a79f7c855941dc9a5eb71fe7943de32897cb2c069764111ababce322aa663a9

SHA512
e3e458dd78997867445f794a17be80fe40b9816dd6e9df1766e45b2f40fed8190508bb2891204ca1f52cd6a9dd799c408173a0c6a66b2e7cef06849741293b38

Download Submit
memory/824-3842-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/824-19-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/1124-4056-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/1124-86-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/1496-61-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1496-24-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/1496-94-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-42-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-92-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1496-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1496-67-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-84-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-78-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-1027-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-59-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-1212-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-858-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1496-520-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-297-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-97-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-0-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-21-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/1496-38-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-60-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-35-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-9-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1512-4036-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1512-93-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1964-1115-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1964-4057-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1964-100-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2108-4055-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-115-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-71-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-79-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2536-4035-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3939-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2608-58-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2652-65-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-4051-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-4052-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-55-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3869-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2688-20-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3848-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2748-29-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3860-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-36-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3940-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-63-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-22-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-3893-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download