cobaltstrike | 9843103e18f69e0df0daa1020694e0f545af5b63cccfbc233f7f15a75f2f56c8

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
31-01-2025 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8a14b029dbb0a25bf4083e1af01f22d8
SHA1

a1ccf5fb53989bfa693686f3665fe1ff6eb2e3a1
SHA256

9843103e18f69e0df0daa1020694e0f545af5b63cccfbc233f7f15a75f2f56c8
SHA512

5ba5b29f3d148049b5c41c6b3886a828a86af9f2c73dce062446612ae7aa97a9843a3d6f311006c92306f21334678ea7f974e4cf0f6bfc614c08dd5063171d9b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUz:T+q56utgpPF8u/7z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0011000000011c2c-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016650-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016875-17.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016b47-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c88-37.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c66-32.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-126.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-156.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-111.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-104.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-95.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-68.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-58.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-80.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016332-74.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf5-62.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd7-46.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2156-0-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x0011000000011c2c-3.dat	xmrig
behavioral1/files/0x0008000000016650-8.dat	xmrig
behavioral1/memory/1532-22-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2488-21-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2324-19-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/files/0x0008000000016875-17.dat	xmrig
behavioral1/files/0x0009000000016b47-23.dat	xmrig
behavioral1/memory/1148-28-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2476-35-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c88-37.dat	xmrig
behavioral1/files/0x0008000000016c66-32.dat	xmrig
behavioral1/memory/2156-84-0x0000000002520000-0x0000000002874000-memory.dmp	xmrig
behavioral1/files/0x000600000001749c-70.dat	xmrig
behavioral1/memory/1148-92-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2208-98-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x0005000000018739-126.dat	xmrig
behavioral1/files/0x0006000000018c16-151.dat	xmrig
behavioral1/files/0x0005000000019278-171.dat	xmrig
behavioral1/files/0x0005000000019297-181.dat	xmrig
behavioral1/memory/2208-974-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2728-737-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2156-624-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2156-511-0x0000000002520000-0x0000000002874000-memory.dmp	xmrig
behavioral1/files/0x0005000000019360-191.dat	xmrig
behavioral1/files/0x000500000001933f-186.dat	xmrig
behavioral1/files/0x0005000000019284-176.dat	xmrig
behavioral1/files/0x0005000000019269-166.dat	xmrig
behavioral1/files/0x0005000000019250-161.dat	xmrig
behavioral1/files/0x0005000000019246-156.dat	xmrig
behavioral1/files/0x0006000000018b4e-145.dat	xmrig
behavioral1/files/0x00050000000187a8-141.dat	xmrig
behavioral1/files/0x000500000001878e-136.dat	xmrig
behavioral1/files/0x0005000000018744-131.dat	xmrig
behavioral1/files/0x0005000000018704-121.dat	xmrig
behavioral1/files/0x00050000000186f4-116.dat	xmrig
behavioral1/files/0x00050000000186f1-111.dat	xmrig
behavioral1/memory/2772-107-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ed-104.dat	xmrig
behavioral1/memory/2476-96-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x00050000000186e7-95.dat	xmrig
behavioral1/memory/2880-91-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x000600000001755b-68.dat	xmrig
behavioral1/files/0x0006000000017497-58.dat	xmrig
behavioral1/memory/2680-87-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2156-86-0x0000000002520000-0x0000000002874000-memory.dmp	xmrig
behavioral1/memory/2156-85-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2944-83-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2836-81-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x0005000000018686-80.dat	xmrig
behavioral1/memory/2700-79-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016332-74.dat	xmrig
behavioral1/memory/2156-64-0x0000000002520000-0x0000000002874000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cf5-62.dat	xmrig
behavioral1/memory/2156-51-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2464-50-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cd7-46.dat	xmrig
behavioral1/memory/2772-41-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/1148-3418-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2488-3439-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2324-3414-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/1532-3437-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2772-3454-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2476-3460-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2488	lEZVtND.exe
2324	PKljrPB.exe
1532	fxJeBsl.exe
1148	mKRKxtV.exe
2476	BznkVzQ.exe
2772	qTEobwe.exe
2464	ywJTVnO.exe
2700	vlUvjCv.exe
2836	JWVSQvE.exe
2944	eKMNWZu.exe
2680	FcbEhjN.exe
2880	TsMLyUh.exe
2728	DhdlmsW.exe
2208	ExLiQsJ.exe
2364	bhqRtxC.exe
2260	nbfMpAa.exe
1812	aWTqACG.exe
2200	ZhFjIcD.exe
2292	ASQArHH.exe
1184	ivzYkcx.exe
1832	qWwXJEg.exe
2452	cUwOqos.exe
1152	tsQMBev.exe
1704	btTnEFr.exe
1684	RCndaZp.exe
1780	xxsViJW.exe
2012	OiCfQBC.exe
2016	LMwoqwY.exe
1968	GyMnivG.exe
2564	CbQdpvj.exe
1556	TSLSoXk.exe
1652	lAkxNnm.exe
1124	AvMUNuG.exe
1696	TjOSJaH.exe
2064	MgoltTM.exe
2088	sIzCCAK.exe
1248	YtEsyfA.exe
2116	fJFlkRr.exe
308	JVOjAAi.exe
1720	xcbWaxC.exe
2588	RfyGSBf.exe
2716	bzDLOHr.exe
2348	dFTgBTO.exe
2096	byccHpm.exe
2400	IXHOQSL.exe
1060	WhdDKno.exe
712	DDtvZOh.exe
2384	ehyBDyt.exe
496	EWRMkYr.exe
3028	dvzWmvg.exe
388	KnakMfL.exe
2508	tMVYqgV.exe
1592	XtkCwMk.exe
1624	dHEOvuu.exe
2512	GTLrqMG.exe
1064	aYTckKb.exe
2760	zktelsD.exe
2800	NTcPGqU.exe
2896	anVodEU.exe
2732	UePsfRS.exe
1804	YqhxVCc.exe
2668	yywZtzi.exe
2224	HiiLENE.exe
2280	yORGYZC.exe

Loads dropped DLL 64 IoCs

pid	Process
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2156-0-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x0011000000011c2c-3.dat	upx
behavioral1/files/0x0008000000016650-8.dat	upx
behavioral1/memory/1532-22-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2488-21-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2324-19-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/files/0x0008000000016875-17.dat	upx
behavioral1/files/0x0009000000016b47-23.dat	upx
behavioral1/memory/1148-28-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2476-35-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x0007000000016c88-37.dat	upx
behavioral1/files/0x0008000000016c66-32.dat	upx
behavioral1/files/0x000600000001749c-70.dat	upx
behavioral1/memory/1148-92-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2208-98-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x0005000000018739-126.dat	upx
behavioral1/files/0x0006000000018c16-151.dat	upx
behavioral1/files/0x0005000000019278-171.dat	upx
behavioral1/files/0x0005000000019297-181.dat	upx
behavioral1/memory/2208-974-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2728-737-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x0005000000019360-191.dat	upx
behavioral1/files/0x000500000001933f-186.dat	upx
behavioral1/files/0x0005000000019284-176.dat	upx
behavioral1/files/0x0005000000019269-166.dat	upx
behavioral1/files/0x0005000000019250-161.dat	upx
behavioral1/files/0x0005000000019246-156.dat	upx
behavioral1/files/0x0006000000018b4e-145.dat	upx
behavioral1/files/0x00050000000187a8-141.dat	upx
behavioral1/files/0x000500000001878e-136.dat	upx
behavioral1/files/0x0005000000018744-131.dat	upx
behavioral1/files/0x0005000000018704-121.dat	upx
behavioral1/files/0x00050000000186f4-116.dat	upx
behavioral1/files/0x00050000000186f1-111.dat	upx
behavioral1/memory/2772-107-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x00050000000186ed-104.dat	upx
behavioral1/memory/2476-96-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x00050000000186e7-95.dat	upx
behavioral1/memory/2880-91-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x000600000001755b-68.dat	upx
behavioral1/files/0x0006000000017497-58.dat	upx
behavioral1/memory/2680-87-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2944-83-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2836-81-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x0005000000018686-80.dat	upx
behavioral1/memory/2700-79-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x0008000000016332-74.dat	upx
behavioral1/files/0x0007000000016cf5-62.dat	upx
behavioral1/memory/2156-51-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2464-50-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x0007000000016cd7-46.dat	upx
behavioral1/memory/2772-41-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/1148-3418-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2488-3439-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2324-3414-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/1532-3437-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2772-3454-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2476-3460-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2880-3495-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2208-3484-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2464-3520-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2836-3564-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2680-3563-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2700-3540-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\sZZDJVk.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rVLXXKD.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PXdVZDZ.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXLNIwx.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LJJocls.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\guxkYkO.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DviJtcl.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KUEfnKT.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hbAaOUl.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXbcygN.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SVNgUmh.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WqInwrl.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\firWwTG.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OMOgEpC.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fshbaZt.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EVfyeoE.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ETrtawJ.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WLDYBsB.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cBxDdDj.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ENARUZK.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XFgJPTf.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IZtmEtP.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tckEUaN.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OiYDOOV.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JGnPjLB.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aWTqACG.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OhsQBgx.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pHdBnXf.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ygxKSDe.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vEFMGDD.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dyuvyJG.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGtTnRr.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tsQMBev.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RfaLGRm.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rBhIixZ.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbqPHmm.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yCenSLw.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MfjcQzz.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EddBPVm.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WTVzAXD.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZZDUsLL.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dkGhSMs.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKSZfyN.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gIZHXTk.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdkTAmT.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\auqBcFs.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ePAswRX.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mjcqIja.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JvZtjTp.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZZxaNSc.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\alGqinL.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXZPXcW.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zXCCpkP.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XDJWkle.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NrwrrFz.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DEHMWUS.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZksUbjq.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QvYZLNa.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IagozCg.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cbwVTCl.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btTnEFr.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RKhORjf.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxgDDFG.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rVDUIqq.exe	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2488	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2156 wrote to memory of 2488	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2156 wrote to memory of 2488	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2156 wrote to memory of 2324	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2156 wrote to memory of 2324	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2156 wrote to memory of 2324	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2156 wrote to memory of 1532	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2156 wrote to memory of 1532	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2156 wrote to memory of 1532	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2156 wrote to memory of 1148	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2156 wrote to memory of 1148	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2156 wrote to memory of 1148	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2156 wrote to memory of 2476	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2156 wrote to memory of 2476	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2156 wrote to memory of 2476	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2156 wrote to memory of 2772	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2156 wrote to memory of 2772	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2156 wrote to memory of 2772	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2156 wrote to memory of 2464	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2156 wrote to memory of 2464	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2156 wrote to memory of 2464	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2156 wrote to memory of 2944	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2156 wrote to memory of 2944	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2156 wrote to memory of 2944	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2156 wrote to memory of 2700	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2156 wrote to memory of 2700	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2156 wrote to memory of 2700	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2156 wrote to memory of 2880	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2156 wrote to memory of 2880	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2156 wrote to memory of 2880	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2156 wrote to memory of 2836	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2156 wrote to memory of 2836	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2156 wrote to memory of 2836	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2156 wrote to memory of 2728	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2156 wrote to memory of 2728	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2156 wrote to memory of 2728	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2156 wrote to memory of 2680	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2156 wrote to memory of 2680	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2156 wrote to memory of 2680	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2156 wrote to memory of 2208	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2156 wrote to memory of 2208	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2156 wrote to memory of 2208	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2156 wrote to memory of 2364	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2156 wrote to memory of 2364	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2156 wrote to memory of 2364	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2156 wrote to memory of 2260	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2156 wrote to memory of 2260	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2156 wrote to memory of 2260	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2156 wrote to memory of 1812	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2156 wrote to memory of 1812	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2156 wrote to memory of 1812	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2156 wrote to memory of 2200	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2156 wrote to memory of 2200	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2156 wrote to memory of 2200	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2156 wrote to memory of 2292	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2156 wrote to memory of 2292	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2156 wrote to memory of 2292	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2156 wrote to memory of 1184	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2156 wrote to memory of 1184	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2156 wrote to memory of 1184	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2156 wrote to memory of 1832	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2156 wrote to memory of 1832	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2156 wrote to memory of 1832	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2156 wrote to memory of 2452	2156	2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_8a14b029dbb0a25bf4083e1af01f22d8_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Windows\System\lEZVtND.exe
  C:\Windows\System\lEZVtND.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\PKljrPB.exe
  C:\Windows\System\PKljrPB.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\fxJeBsl.exe
  C:\Windows\System\fxJeBsl.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\mKRKxtV.exe
  C:\Windows\System\mKRKxtV.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\BznkVzQ.exe
  C:\Windows\System\BznkVzQ.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\qTEobwe.exe
  C:\Windows\System\qTEobwe.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\ywJTVnO.exe
  C:\Windows\System\ywJTVnO.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\eKMNWZu.exe
  C:\Windows\System\eKMNWZu.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\vlUvjCv.exe
  C:\Windows\System\vlUvjCv.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\TsMLyUh.exe
  C:\Windows\System\TsMLyUh.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\JWVSQvE.exe
  C:\Windows\System\JWVSQvE.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\DhdlmsW.exe
  C:\Windows\System\DhdlmsW.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\FcbEhjN.exe
  C:\Windows\System\FcbEhjN.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\ExLiQsJ.exe
  C:\Windows\System\ExLiQsJ.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\bhqRtxC.exe
  C:\Windows\System\bhqRtxC.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\nbfMpAa.exe
  C:\Windows\System\nbfMpAa.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\aWTqACG.exe
  C:\Windows\System\aWTqACG.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\ZhFjIcD.exe
  C:\Windows\System\ZhFjIcD.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\ASQArHH.exe
  C:\Windows\System\ASQArHH.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\ivzYkcx.exe
  C:\Windows\System\ivzYkcx.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\qWwXJEg.exe
  C:\Windows\System\qWwXJEg.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\cUwOqos.exe
  C:\Windows\System\cUwOqos.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\tsQMBev.exe
  C:\Windows\System\tsQMBev.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\btTnEFr.exe
  C:\Windows\System\btTnEFr.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\RCndaZp.exe
  C:\Windows\System\RCndaZp.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\xxsViJW.exe
  C:\Windows\System\xxsViJW.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\OiCfQBC.exe
  C:\Windows\System\OiCfQBC.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\LMwoqwY.exe
  C:\Windows\System\LMwoqwY.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\GyMnivG.exe
  C:\Windows\System\GyMnivG.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\CbQdpvj.exe
  C:\Windows\System\CbQdpvj.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\TSLSoXk.exe
  C:\Windows\System\TSLSoXk.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\lAkxNnm.exe
  C:\Windows\System\lAkxNnm.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\AvMUNuG.exe
  C:\Windows\System\AvMUNuG.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\TjOSJaH.exe
  C:\Windows\System\TjOSJaH.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\MgoltTM.exe
  C:\Windows\System\MgoltTM.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\sIzCCAK.exe
  C:\Windows\System\sIzCCAK.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\YtEsyfA.exe
  C:\Windows\System\YtEsyfA.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\fJFlkRr.exe
  C:\Windows\System\fJFlkRr.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\JVOjAAi.exe
  C:\Windows\System\JVOjAAi.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\xcbWaxC.exe
  C:\Windows\System\xcbWaxC.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\RfyGSBf.exe
  C:\Windows\System\RfyGSBf.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\bzDLOHr.exe
  C:\Windows\System\bzDLOHr.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\dFTgBTO.exe
  C:\Windows\System\dFTgBTO.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\byccHpm.exe
  C:\Windows\System\byccHpm.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\IXHOQSL.exe
  C:\Windows\System\IXHOQSL.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\WhdDKno.exe
  C:\Windows\System\WhdDKno.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\DDtvZOh.exe
  C:\Windows\System\DDtvZOh.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\ehyBDyt.exe
  C:\Windows\System\ehyBDyt.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\EWRMkYr.exe
  C:\Windows\System\EWRMkYr.exe
  2⤵
  - Executes dropped EXE
  PID:496
- C:\Windows\System\dvzWmvg.exe
  C:\Windows\System\dvzWmvg.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\KnakMfL.exe
  C:\Windows\System\KnakMfL.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\tMVYqgV.exe
  C:\Windows\System\tMVYqgV.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\XtkCwMk.exe
  C:\Windows\System\XtkCwMk.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\dHEOvuu.exe
  C:\Windows\System\dHEOvuu.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\GTLrqMG.exe
  C:\Windows\System\GTLrqMG.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\aYTckKb.exe
  C:\Windows\System\aYTckKb.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\zktelsD.exe
  C:\Windows\System\zktelsD.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\NTcPGqU.exe
  C:\Windows\System\NTcPGqU.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\anVodEU.exe
  C:\Windows\System\anVodEU.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\UePsfRS.exe
  C:\Windows\System\UePsfRS.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\YqhxVCc.exe
  C:\Windows\System\YqhxVCc.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\yywZtzi.exe
  C:\Windows\System\yywZtzi.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\HiiLENE.exe
  C:\Windows\System\HiiLENE.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\yORGYZC.exe
  C:\Windows\System\yORGYZC.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\LbdSFax.exe
  C:\Windows\System\LbdSFax.exe
  2⤵
  PID:2172
- C:\Windows\System\syvTQLJ.exe
  C:\Windows\System\syvTQLJ.exe
  2⤵
  PID:2236
- C:\Windows\System\iSLAOsP.exe
  C:\Windows\System\iSLAOsP.exe
  2⤵
  PID:844
- C:\Windows\System\qLkRhtU.exe
  C:\Windows\System\qLkRhtU.exe
  2⤵
  PID:2456
- C:\Windows\System\rRUgUAK.exe
  C:\Windows\System\rRUgUAK.exe
  2⤵
  PID:1824
- C:\Windows\System\pTNAapj.exe
  C:\Windows\System\pTNAapj.exe
  2⤵
  PID:1748
- C:\Windows\System\btipvCc.exe
  C:\Windows\System\btipvCc.exe
  2⤵
  PID:1980
- C:\Windows\System\jfrypZE.exe
  C:\Windows\System\jfrypZE.exe
  2⤵
  PID:852
- C:\Windows\System\QSxhyJU.exe
  C:\Windows\System\QSxhyJU.exe
  2⤵
  PID:1884
- C:\Windows\System\kWiCvQy.exe
  C:\Windows\System\kWiCvQy.exe
  2⤵
  PID:1568
- C:\Windows\System\YpDSCTO.exe
  C:\Windows\System\YpDSCTO.exe
  2⤵
  PID:620
- C:\Windows\System\fzupvgp.exe
  C:\Windows\System\fzupvgp.exe
  2⤵
  PID:568
- C:\Windows\System\LSjBcHd.exe
  C:\Windows\System\LSjBcHd.exe
  2⤵
  PID:1716
- C:\Windows\System\tPcTSJw.exe
  C:\Windows\System\tPcTSJw.exe
  2⤵
  PID:1004
- C:\Windows\System\hLdmYQN.exe
  C:\Windows\System\hLdmYQN.exe
  2⤵
  PID:1976
- C:\Windows\System\DjhJXux.exe
  C:\Windows\System\DjhJXux.exe
  2⤵
  PID:2884
- C:\Windows\System\BJPOBMR.exe
  C:\Windows\System\BJPOBMR.exe
  2⤵
  PID:2560
- C:\Windows\System\DNoJfmo.exe
  C:\Windows\System\DNoJfmo.exe
  2⤵
  PID:1612
- C:\Windows\System\yNBKMrB.exe
  C:\Windows\System\yNBKMrB.exe
  2⤵
  PID:2372
- C:\Windows\System\dXgFvBH.exe
  C:\Windows\System\dXgFvBH.exe
  2⤵
  PID:2616
- C:\Windows\System\RbEUdpK.exe
  C:\Windows\System\RbEUdpK.exe
  2⤵
  PID:780
- C:\Windows\System\flBafEJ.exe
  C:\Windows\System\flBafEJ.exe
  2⤵
  PID:1740
- C:\Windows\System\ssGaRmC.exe
  C:\Windows\System\ssGaRmC.exe
  2⤵
  PID:2948
- C:\Windows\System\mOzKVHy.exe
  C:\Windows\System\mOzKVHy.exe
  2⤵
  PID:2776
- C:\Windows\System\IJxErFI.exe
  C:\Windows\System\IJxErFI.exe
  2⤵
  PID:2748
- C:\Windows\System\sLfCSIp.exe
  C:\Windows\System\sLfCSIp.exe
  2⤵
  PID:2780
- C:\Windows\System\MVGnIdS.exe
  C:\Windows\System\MVGnIdS.exe
  2⤵
  PID:2256
- C:\Windows\System\dNGxFuJ.exe
  C:\Windows\System\dNGxFuJ.exe
  2⤵
  PID:2216
- C:\Windows\System\pkQieJn.exe
  C:\Windows\System\pkQieJn.exe
  2⤵
  PID:2376
- C:\Windows\System\IPWPVMT.exe
  C:\Windows\System\IPWPVMT.exe
  2⤵
  PID:1528
- C:\Windows\System\qNrKMNn.exe
  C:\Windows\System\qNrKMNn.exe
  2⤵
  PID:1256
- C:\Windows\System\mXhrjvh.exe
  C:\Windows\System\mXhrjvh.exe
  2⤵
  PID:304
- C:\Windows\System\aOCellD.exe
  C:\Windows\System\aOCellD.exe
  2⤵
  PID:1920
- C:\Windows\System\hoUJIIz.exe
  C:\Windows\System\hoUJIIz.exe
  2⤵
  PID:1728
- C:\Windows\System\LDuRTRL.exe
  C:\Windows\System\LDuRTRL.exe
  2⤵
  PID:872
- C:\Windows\System\jigrDtB.exe
  C:\Windows\System\jigrDtB.exe
  2⤵
  PID:1660
- C:\Windows\System\ZqqIZsg.exe
  C:\Windows\System\ZqqIZsg.exe
  2⤵
  PID:2876
- C:\Windows\System\SxEmpHW.exe
  C:\Windows\System\SxEmpHW.exe
  2⤵
  PID:2516
- C:\Windows\System\QVrUFGd.exe
  C:\Windows\System\QVrUFGd.exe
  2⤵
  PID:1796
- C:\Windows\System\vympWPk.exe
  C:\Windows\System\vympWPk.exe
  2⤵
  PID:2296
- C:\Windows\System\AuTcksJ.exe
  C:\Windows\System\AuTcksJ.exe
  2⤵
  PID:2976
- C:\Windows\System\qsKKrjC.exe
  C:\Windows\System\qsKKrjC.exe
  2⤵
  PID:2768
- C:\Windows\System\zXPtmsq.exe
  C:\Windows\System\zXPtmsq.exe
  2⤵
  PID:648
- C:\Windows\System\RMaDDdv.exe
  C:\Windows\System\RMaDDdv.exe
  2⤵
  PID:2428
- C:\Windows\System\zXCCpkP.exe
  C:\Windows\System\zXCCpkP.exe
  2⤵
  PID:2368
- C:\Windows\System\QRLPPvo.exe
  C:\Windows\System\QRLPPvo.exe
  2⤵
  PID:448
- C:\Windows\System\ZunFlyn.exe
  C:\Windows\System\ZunFlyn.exe
  2⤵
  PID:1456
- C:\Windows\System\RQtSJge.exe
  C:\Windows\System\RQtSJge.exe
  2⤵
  PID:1960
- C:\Windows\System\PKrNiHE.exe
  C:\Windows\System\PKrNiHE.exe
  2⤵
  PID:3088
- C:\Windows\System\MIeCfHV.exe
  C:\Windows\System\MIeCfHV.exe
  2⤵
  PID:3108
- C:\Windows\System\woWcCOe.exe
  C:\Windows\System\woWcCOe.exe
  2⤵
  PID:3132
- C:\Windows\System\flkuePO.exe
  C:\Windows\System\flkuePO.exe
  2⤵
  PID:3152
- C:\Windows\System\oJZLUqF.exe
  C:\Windows\System\oJZLUqF.exe
  2⤵
  PID:3172
- C:\Windows\System\QFfDBwy.exe
  C:\Windows\System\QFfDBwy.exe
  2⤵
  PID:3188
- C:\Windows\System\bOlwGYj.exe
  C:\Windows\System\bOlwGYj.exe
  2⤵
  PID:3212
- C:\Windows\System\xyjZuuy.exe
  C:\Windows\System\xyjZuuy.exe
  2⤵
  PID:3232
- C:\Windows\System\kuLkpvf.exe
  C:\Windows\System\kuLkpvf.exe
  2⤵
  PID:3252
- C:\Windows\System\TdNlhyJ.exe
  C:\Windows\System\TdNlhyJ.exe
  2⤵
  PID:3268
- C:\Windows\System\venAFAG.exe
  C:\Windows\System\venAFAG.exe
  2⤵
  PID:3292
- C:\Windows\System\UiCwRKF.exe
  C:\Windows\System\UiCwRKF.exe
  2⤵
  PID:3312
- C:\Windows\System\RyBqzvx.exe
  C:\Windows\System\RyBqzvx.exe
  2⤵
  PID:3332
- C:\Windows\System\KAeeVMf.exe
  C:\Windows\System\KAeeVMf.exe
  2⤵
  PID:3348
- C:\Windows\System\BesIlZH.exe
  C:\Windows\System\BesIlZH.exe
  2⤵
  PID:3368
- C:\Windows\System\FdAIrdv.exe
  C:\Windows\System\FdAIrdv.exe
  2⤵
  PID:3392
- C:\Windows\System\laCJSHh.exe
  C:\Windows\System\laCJSHh.exe
  2⤵
  PID:3408
- C:\Windows\System\ThYnVXF.exe
  C:\Windows\System\ThYnVXF.exe
  2⤵
  PID:3428
- C:\Windows\System\yjIONxT.exe
  C:\Windows\System\yjIONxT.exe
  2⤵
  PID:3452
- C:\Windows\System\NtTOish.exe
  C:\Windows\System\NtTOish.exe
  2⤵
  PID:3468
- C:\Windows\System\mmmgupZ.exe
  C:\Windows\System\mmmgupZ.exe
  2⤵
  PID:3488
- C:\Windows\System\zUDrcMO.exe
  C:\Windows\System\zUDrcMO.exe
  2⤵
  PID:3512
- C:\Windows\System\ogzgyIc.exe
  C:\Windows\System\ogzgyIc.exe
  2⤵
  PID:3532
- C:\Windows\System\lbuXjGb.exe
  C:\Windows\System\lbuXjGb.exe
  2⤵
  PID:3548
- C:\Windows\System\NEWuzbj.exe
  C:\Windows\System\NEWuzbj.exe
  2⤵
  PID:3568
- C:\Windows\System\CqadgNA.exe
  C:\Windows\System\CqadgNA.exe
  2⤵
  PID:3604
- C:\Windows\System\VnJbnhg.exe
  C:\Windows\System\VnJbnhg.exe
  2⤵
  PID:3620
- C:\Windows\System\HvYruAz.exe
  C:\Windows\System\HvYruAz.exe
  2⤵
  PID:3640
- C:\Windows\System\vrZrznK.exe
  C:\Windows\System\vrZrznK.exe
  2⤵
  PID:3660
- C:\Windows\System\JlJKyBJ.exe
  C:\Windows\System\JlJKyBJ.exe
  2⤵
  PID:3684
- C:\Windows\System\DLmtRGu.exe
  C:\Windows\System\DLmtRGu.exe
  2⤵
  PID:3700
- C:\Windows\System\QVOGcxc.exe
  C:\Windows\System\QVOGcxc.exe
  2⤵
  PID:3724
- C:\Windows\System\HCMtgkW.exe
  C:\Windows\System\HCMtgkW.exe
  2⤵
  PID:3740
- C:\Windows\System\QTiHSwV.exe
  C:\Windows\System\QTiHSwV.exe
  2⤵
  PID:3760
- C:\Windows\System\xHJcDQo.exe
  C:\Windows\System\xHJcDQo.exe
  2⤵
  PID:3784
- C:\Windows\System\zhtkcWj.exe
  C:\Windows\System\zhtkcWj.exe
  2⤵
  PID:3800
- C:\Windows\System\VXLNIwx.exe
  C:\Windows\System\VXLNIwx.exe
  2⤵
  PID:3820
- C:\Windows\System\SkLslQR.exe
  C:\Windows\System\SkLslQR.exe
  2⤵
  PID:3836
- C:\Windows\System\WVhaXxs.exe
  C:\Windows\System\WVhaXxs.exe
  2⤵
  PID:3860
- C:\Windows\System\ChmpFna.exe
  C:\Windows\System\ChmpFna.exe
  2⤵
  PID:3876
- C:\Windows\System\PRbxXcZ.exe
  C:\Windows\System\PRbxXcZ.exe
  2⤵
  PID:3896
- C:\Windows\System\NAFoJxR.exe
  C:\Windows\System\NAFoJxR.exe
  2⤵
  PID:3920
- C:\Windows\System\XDJWkle.exe
  C:\Windows\System\XDJWkle.exe
  2⤵
  PID:3944
- C:\Windows\System\jodPSyh.exe
  C:\Windows\System\jodPSyh.exe
  2⤵
  PID:3964
- C:\Windows\System\ulLFrYt.exe
  C:\Windows\System\ulLFrYt.exe
  2⤵
  PID:3980
- C:\Windows\System\KkdiLpW.exe
  C:\Windows\System\KkdiLpW.exe
  2⤵
  PID:4004
- C:\Windows\System\BOMxHzZ.exe
  C:\Windows\System\BOMxHzZ.exe
  2⤵
  PID:4024
- C:\Windows\System\QwKWmjY.exe
  C:\Windows\System\QwKWmjY.exe
  2⤵
  PID:4044
- C:\Windows\System\YWxyfzb.exe
  C:\Windows\System\YWxyfzb.exe
  2⤵
  PID:4064
- C:\Windows\System\dgEbTLI.exe
  C:\Windows\System\dgEbTLI.exe
  2⤵
  PID:4080
- C:\Windows\System\UtCNBtv.exe
  C:\Windows\System\UtCNBtv.exe
  2⤵
  PID:2008
- C:\Windows\System\uMZdalW.exe
  C:\Windows\System\uMZdalW.exe
  2⤵
  PID:916
- C:\Windows\System\rDiQbit.exe
  C:\Windows\System\rDiQbit.exe
  2⤵
  PID:2964
- C:\Windows\System\gDQOXcJ.exe
  C:\Windows\System\gDQOXcJ.exe
  2⤵
  PID:2164
- C:\Windows\System\SLJzPkf.exe
  C:\Windows\System\SLJzPkf.exe
  2⤵
  PID:2636
- C:\Windows\System\SUDIyHH.exe
  C:\Windows\System\SUDIyHH.exe
  2⤵
  PID:1328
- C:\Windows\System\zXdbHqS.exe
  C:\Windows\System\zXdbHqS.exe
  2⤵
  PID:2744
- C:\Windows\System\EYnZLVf.exe
  C:\Windows\System\EYnZLVf.exe
  2⤵
  PID:2500
- C:\Windows\System\TkFxnOa.exe
  C:\Windows\System\TkFxnOa.exe
  2⤵
  PID:3096
- C:\Windows\System\TKwVYFH.exe
  C:\Windows\System\TKwVYFH.exe
  2⤵
  PID:3080
- C:\Windows\System\LKgRZLo.exe
  C:\Windows\System\LKgRZLo.exe
  2⤵
  PID:3144
- C:\Windows\System\PDgNCHy.exe
  C:\Windows\System\PDgNCHy.exe
  2⤵
  PID:3180
- C:\Windows\System\PaWJbmc.exe
  C:\Windows\System\PaWJbmc.exe
  2⤵
  PID:3224
- C:\Windows\System\xfXsGMD.exe
  C:\Windows\System\xfXsGMD.exe
  2⤵
  PID:3208
- C:\Windows\System\tvmZdeJ.exe
  C:\Windows\System\tvmZdeJ.exe
  2⤵
  PID:3244
- C:\Windows\System\BUPjcEX.exe
  C:\Windows\System\BUPjcEX.exe
  2⤵
  PID:3288
- C:\Windows\System\AQFYzGU.exe
  C:\Windows\System\AQFYzGU.exe
  2⤵
  PID:3328
- C:\Windows\System\BnoGcNm.exe
  C:\Windows\System\BnoGcNm.exe
  2⤵
  PID:3380
- C:\Windows\System\HlRYHtq.exe
  C:\Windows\System\HlRYHtq.exe
  2⤵
  PID:3364
- C:\Windows\System\XtDqIsp.exe
  C:\Windows\System\XtDqIsp.exe
  2⤵
  PID:3404
- C:\Windows\System\rWMUmWm.exe
  C:\Windows\System\rWMUmWm.exe
  2⤵
  PID:3440
- C:\Windows\System\GrRqYUW.exe
  C:\Windows\System\GrRqYUW.exe
  2⤵
  PID:3484
- C:\Windows\System\pEKgbmN.exe
  C:\Windows\System\pEKgbmN.exe
  2⤵
  PID:3556
- C:\Windows\System\GJkDlnA.exe
  C:\Windows\System\GJkDlnA.exe
  2⤵
  PID:3580
- C:\Windows\System\VQzrZds.exe
  C:\Windows\System\VQzrZds.exe
  2⤵
  PID:3424
- C:\Windows\System\LnRWtCK.exe
  C:\Windows\System\LnRWtCK.exe
  2⤵
  PID:3672
- C:\Windows\System\TVXoKQX.exe
  C:\Windows\System\TVXoKQX.exe
  2⤵
  PID:3680
- C:\Windows\System\WIZFKwn.exe
  C:\Windows\System\WIZFKwn.exe
  2⤵
  PID:3720
- C:\Windows\System\IHPwxMw.exe
  C:\Windows\System\IHPwxMw.exe
  2⤵
  PID:3736
- C:\Windows\System\GuerFyt.exe
  C:\Windows\System\GuerFyt.exe
  2⤵
  PID:3768
- C:\Windows\System\WWDWxnI.exe
  C:\Windows\System\WWDWxnI.exe
  2⤵
  PID:3828
- C:\Windows\System\knYjSku.exe
  C:\Windows\System\knYjSku.exe
  2⤵
  PID:3916
- C:\Windows\System\PbfpVfr.exe
  C:\Windows\System\PbfpVfr.exe
  2⤵
  PID:3848
- C:\Windows\System\sQXyBVd.exe
  C:\Windows\System\sQXyBVd.exe
  2⤵
  PID:3844
- C:\Windows\System\cakwYzg.exe
  C:\Windows\System\cakwYzg.exe
  2⤵
  PID:3956
- C:\Windows\System\wHRwPnD.exe
  C:\Windows\System\wHRwPnD.exe
  2⤵
  PID:3972
- C:\Windows\System\YoKukJv.exe
  C:\Windows\System\YoKukJv.exe
  2⤵
  PID:4000
- C:\Windows\System\dBWINoK.exe
  C:\Windows\System\dBWINoK.exe
  2⤵
  PID:4020
- C:\Windows\System\OzAMlhh.exe
  C:\Windows\System\OzAMlhh.exe
  2⤵
  PID:4060
- C:\Windows\System\KKBMALm.exe
  C:\Windows\System\KKBMALm.exe
  2⤵
  PID:1396
- C:\Windows\System\ozpEvnj.exe
  C:\Windows\System\ozpEvnj.exe
  2⤵
  PID:2756
- C:\Windows\System\uwGYCDk.exe
  C:\Windows\System\uwGYCDk.exe
  2⤵
  PID:3024
- C:\Windows\System\kcyEdJP.exe
  C:\Windows\System\kcyEdJP.exe
  2⤵
  PID:292
- C:\Windows\System\JpzkTsp.exe
  C:\Windows\System\JpzkTsp.exe
  2⤵
  PID:2992
- C:\Windows\System\UDnGfqy.exe
  C:\Windows\System\UDnGfqy.exe
  2⤵
  PID:2864
- C:\Windows\System\QcZcRuo.exe
  C:\Windows\System\QcZcRuo.exe
  2⤵
  PID:3140
- C:\Windows\System\xrxVYEx.exe
  C:\Windows\System\xrxVYEx.exe
  2⤵
  PID:3196
- C:\Windows\System\WBWBcsU.exe
  C:\Windows\System\WBWBcsU.exe
  2⤵
  PID:3304
- C:\Windows\System\mtTfPrb.exe
  C:\Windows\System\mtTfPrb.exe
  2⤵
  PID:3248
- C:\Windows\System\gPUpvlC.exe
  C:\Windows\System\gPUpvlC.exe
  2⤵
  PID:3344
- C:\Windows\System\DeQSnUt.exe
  C:\Windows\System\DeQSnUt.exe
  2⤵
  PID:1404
- C:\Windows\System\twlpyyL.exe
  C:\Windows\System\twlpyyL.exe
  2⤵
  PID:3504
- C:\Windows\System\hQAQjjZ.exe
  C:\Windows\System\hQAQjjZ.exe
  2⤵
  PID:3520
- C:\Windows\System\TkbgEXa.exe
  C:\Windows\System\TkbgEXa.exe
  2⤵
  PID:3524
- C:\Windows\System\pmqhTeB.exe
  C:\Windows\System\pmqhTeB.exe
  2⤵
  PID:3692
- C:\Windows\System\vdheZyN.exe
  C:\Windows\System\vdheZyN.exe
  2⤵
  PID:3752
- C:\Windows\System\kFruIDU.exe
  C:\Windows\System\kFruIDU.exe
  2⤵
  PID:3712
- C:\Windows\System\lHFQJCD.exe
  C:\Windows\System\lHFQJCD.exe
  2⤵
  PID:3872
- C:\Windows\System\lBZtHMQ.exe
  C:\Windows\System\lBZtHMQ.exe
  2⤵
  PID:3884
- C:\Windows\System\YyYQjtD.exe
  C:\Windows\System\YyYQjtD.exe
  2⤵
  PID:3952
- C:\Windows\System\jcVObHi.exe
  C:\Windows\System\jcVObHi.exe
  2⤵
  PID:4112
- C:\Windows\System\LJJocls.exe
  C:\Windows\System\LJJocls.exe
  2⤵
  PID:4136
- C:\Windows\System\BfoEnVN.exe
  C:\Windows\System\BfoEnVN.exe
  2⤵
  PID:4152
- C:\Windows\System\SgDlaHd.exe
  C:\Windows\System\SgDlaHd.exe
  2⤵
  PID:4168
- C:\Windows\System\DvwGqKT.exe
  C:\Windows\System\DvwGqKT.exe
  2⤵
  PID:4192
- C:\Windows\System\BUsVmcJ.exe
  C:\Windows\System\BUsVmcJ.exe
  2⤵
  PID:4212
- C:\Windows\System\YPtoBxb.exe
  C:\Windows\System\YPtoBxb.exe
  2⤵
  PID:4232
- C:\Windows\System\xuJIPMi.exe
  C:\Windows\System\xuJIPMi.exe
  2⤵
  PID:4256
- C:\Windows\System\UxgTTpn.exe
  C:\Windows\System\UxgTTpn.exe
  2⤵
  PID:4272
- C:\Windows\System\TQjHeUC.exe
  C:\Windows\System\TQjHeUC.exe
  2⤵
  PID:4296
- C:\Windows\System\hcDJYzV.exe
  C:\Windows\System\hcDJYzV.exe
  2⤵
  PID:4316
- C:\Windows\System\KnPsgkb.exe
  C:\Windows\System\KnPsgkb.exe
  2⤵
  PID:4336
- C:\Windows\System\wBvywlz.exe
  C:\Windows\System\wBvywlz.exe
  2⤵
  PID:4356
- C:\Windows\System\Euvobzd.exe
  C:\Windows\System\Euvobzd.exe
  2⤵
  PID:4372
- C:\Windows\System\icIoJgy.exe
  C:\Windows\System\icIoJgy.exe
  2⤵
  PID:4396
- C:\Windows\System\EdbOSan.exe
  C:\Windows\System\EdbOSan.exe
  2⤵
  PID:4412
- C:\Windows\System\UDJcqwD.exe
  C:\Windows\System\UDJcqwD.exe
  2⤵
  PID:4436
- C:\Windows\System\bgUVjGN.exe
  C:\Windows\System\bgUVjGN.exe
  2⤵
  PID:4452
- C:\Windows\System\zWxXqnz.exe
  C:\Windows\System\zWxXqnz.exe
  2⤵
  PID:4472
- C:\Windows\System\AXLzkvy.exe
  C:\Windows\System\AXLzkvy.exe
  2⤵
  PID:4496
- C:\Windows\System\unaVhPs.exe
  C:\Windows\System\unaVhPs.exe
  2⤵
  PID:4512
- C:\Windows\System\GKcccGo.exe
  C:\Windows\System\GKcccGo.exe
  2⤵
  PID:4532
- C:\Windows\System\sLnlKVE.exe
  C:\Windows\System\sLnlKVE.exe
  2⤵
  PID:4552
- C:\Windows\System\lhokugP.exe
  C:\Windows\System\lhokugP.exe
  2⤵
  PID:4572
- C:\Windows\System\XjwlREU.exe
  C:\Windows\System\XjwlREU.exe
  2⤵
  PID:4592
- C:\Windows\System\BntPRDy.exe
  C:\Windows\System\BntPRDy.exe
  2⤵
  PID:4616
- C:\Windows\System\BApXfwe.exe
  C:\Windows\System\BApXfwe.exe
  2⤵
  PID:4632
- C:\Windows\System\XxiacJy.exe
  C:\Windows\System\XxiacJy.exe
  2⤵
  PID:4652
- C:\Windows\System\xSOLwzA.exe
  C:\Windows\System\xSOLwzA.exe
  2⤵
  PID:4672
- C:\Windows\System\DAdOWRS.exe
  C:\Windows\System\DAdOWRS.exe
  2⤵
  PID:4692
- C:\Windows\System\efEdUPW.exe
  C:\Windows\System\efEdUPW.exe
  2⤵
  PID:4712
- C:\Windows\System\NIRGIUu.exe
  C:\Windows\System\NIRGIUu.exe
  2⤵
  PID:4732
- C:\Windows\System\SRaClGI.exe
  C:\Windows\System\SRaClGI.exe
  2⤵
  PID:4756
- C:\Windows\System\wiCxyor.exe
  C:\Windows\System\wiCxyor.exe
  2⤵
  PID:4776
- C:\Windows\System\XMoBtGS.exe
  C:\Windows\System\XMoBtGS.exe
  2⤵
  PID:4796
- C:\Windows\System\CcSsWDQ.exe
  C:\Windows\System\CcSsWDQ.exe
  2⤵
  PID:4812
- C:\Windows\System\CdZbcaz.exe
  C:\Windows\System\CdZbcaz.exe
  2⤵
  PID:4836
- C:\Windows\System\WsYDaaI.exe
  C:\Windows\System\WsYDaaI.exe
  2⤵
  PID:4856
- C:\Windows\System\HeswWHQ.exe
  C:\Windows\System\HeswWHQ.exe
  2⤵
  PID:4872
- C:\Windows\System\KysHPVQ.exe
  C:\Windows\System\KysHPVQ.exe
  2⤵
  PID:4888
- C:\Windows\System\geAmqiB.exe
  C:\Windows\System\geAmqiB.exe
  2⤵
  PID:4908
- C:\Windows\System\LAymOfR.exe
  C:\Windows\System\LAymOfR.exe
  2⤵
  PID:4924
- C:\Windows\System\eHextde.exe
  C:\Windows\System\eHextde.exe
  2⤵
  PID:4944
- C:\Windows\System\UEOjQXt.exe
  C:\Windows\System\UEOjQXt.exe
  2⤵
  PID:4980
- C:\Windows\System\MfjcQzz.exe
  C:\Windows\System\MfjcQzz.exe
  2⤵
  PID:4996
- C:\Windows\System\tOJaoFM.exe
  C:\Windows\System\tOJaoFM.exe
  2⤵
  PID:5020
- C:\Windows\System\XXSyvgJ.exe
  C:\Windows\System\XXSyvgJ.exe
  2⤵
  PID:5040
- C:\Windows\System\sSyvSnH.exe
  C:\Windows\System\sSyvSnH.exe
  2⤵
  PID:5056
- C:\Windows\System\xdpOsSB.exe
  C:\Windows\System\xdpOsSB.exe
  2⤵
  PID:5076
- C:\Windows\System\sdjNqgQ.exe
  C:\Windows\System\sdjNqgQ.exe
  2⤵
  PID:5096
- C:\Windows\System\bObIiyL.exe
  C:\Windows\System\bObIiyL.exe
  2⤵
  PID:5116
- C:\Windows\System\VepwXNC.exe
  C:\Windows\System\VepwXNC.exe
  2⤵
  PID:4036
- C:\Windows\System\laDRmGP.exe
  C:\Windows\System\laDRmGP.exe
  2⤵
  PID:4088
- C:\Windows\System\yzCYbYH.exe
  C:\Windows\System\yzCYbYH.exe
  2⤵
  PID:3996
- C:\Windows\System\mMfrmQp.exe
  C:\Windows\System\mMfrmQp.exe
  2⤵
  PID:884
- C:\Windows\System\nwcHocU.exe
  C:\Windows\System\nwcHocU.exe
  2⤵
  PID:1620
- C:\Windows\System\unMtYQc.exe
  C:\Windows\System\unMtYQc.exe
  2⤵
  PID:2788
- C:\Windows\System\imboQdn.exe
  C:\Windows\System\imboQdn.exe
  2⤵
  PID:3128
- C:\Windows\System\zJuCGAn.exe
  C:\Windows\System\zJuCGAn.exe
  2⤵
  PID:3384
- C:\Windows\System\XQspjpb.exe
  C:\Windows\System\XQspjpb.exe
  2⤵
  PID:3284
- C:\Windows\System\LaLCzGB.exe
  C:\Windows\System\LaLCzGB.exe
  2⤵
  PID:3616
- C:\Windows\System\Knlkldo.exe
  C:\Windows\System\Knlkldo.exe
  2⤵
  PID:3668
- C:\Windows\System\SdJBLRX.exe
  C:\Windows\System\SdJBLRX.exe
  2⤵
  PID:3544
- C:\Windows\System\idYwNEf.exe
  C:\Windows\System\idYwNEf.exe
  2⤵
  PID:3732
- C:\Windows\System\FDPdknW.exe
  C:\Windows\System\FDPdknW.exe
  2⤵
  PID:3792
- C:\Windows\System\UFOzJUR.exe
  C:\Windows\System\UFOzJUR.exe
  2⤵
  PID:4124
- C:\Windows\System\ulQxsha.exe
  C:\Windows\System\ulQxsha.exe
  2⤵
  PID:4108
- C:\Windows\System\paRIQor.exe
  C:\Windows\System\paRIQor.exe
  2⤵
  PID:4164
- C:\Windows\System\jrOGDoo.exe
  C:\Windows\System\jrOGDoo.exe
  2⤵
  PID:1708
- C:\Windows\System\bFjYbvL.exe
  C:\Windows\System\bFjYbvL.exe
  2⤵
  PID:4220
- C:\Windows\System\dqKsSVZ.exe
  C:\Windows\System\dqKsSVZ.exe
  2⤵
  PID:4224
- C:\Windows\System\mWigMcF.exe
  C:\Windows\System\mWigMcF.exe
  2⤵
  PID:4324
- C:\Windows\System\yZbuVMO.exe
  C:\Windows\System\yZbuVMO.exe
  2⤵
  PID:4304
- C:\Windows\System\CwaDBWS.exe
  C:\Windows\System\CwaDBWS.exe
  2⤵
  PID:4348
- C:\Windows\System\vKuRznj.exe
  C:\Windows\System\vKuRznj.exe
  2⤵
  PID:4444
- C:\Windows\System\vtODnop.exe
  C:\Windows\System\vtODnop.exe
  2⤵
  PID:4380
- C:\Windows\System\jMHDUpl.exe
  C:\Windows\System\jMHDUpl.exe
  2⤵
  PID:4428
- C:\Windows\System\ZuauMlp.exe
  C:\Windows\System\ZuauMlp.exe
  2⤵
  PID:4488
- C:\Windows\System\hNjUpxc.exe
  C:\Windows\System\hNjUpxc.exe
  2⤵
  PID:4524
- C:\Windows\System\yxqIYwn.exe
  C:\Windows\System\yxqIYwn.exe
  2⤵
  PID:4508
- C:\Windows\System\xpNQLlt.exe
  C:\Windows\System\xpNQLlt.exe
  2⤵
  PID:4604
- C:\Windows\System\DhfzXQo.exe
  C:\Windows\System\DhfzXQo.exe
  2⤵
  PID:4584
- C:\Windows\System\JVWfZvx.exe
  C:\Windows\System\JVWfZvx.exe
  2⤵
  PID:4688
- C:\Windows\System\dVhIwOJ.exe
  C:\Windows\System\dVhIwOJ.exe
  2⤵
  PID:4664
- C:\Windows\System\aBCVFBo.exe
  C:\Windows\System\aBCVFBo.exe
  2⤵
  PID:4704
- C:\Windows\System\XOWgZbd.exe
  C:\Windows\System\XOWgZbd.exe
  2⤵
  PID:4740
- C:\Windows\System\qdkTAmT.exe
  C:\Windows\System\qdkTAmT.exe
  2⤵
  PID:4752
- C:\Windows\System\vylvsnn.exe
  C:\Windows\System\vylvsnn.exe
  2⤵
  PID:4844
- C:\Windows\System\OhsQBgx.exe
  C:\Windows\System\OhsQBgx.exe
  2⤵
  PID:4884
- C:\Windows\System\pHdBnXf.exe
  C:\Windows\System\pHdBnXf.exe
  2⤵
  PID:4920
- C:\Windows\System\VxBbEVe.exe
  C:\Windows\System\VxBbEVe.exe
  2⤵
  PID:4868
- C:\Windows\System\mMeoPhq.exe
  C:\Windows\System\mMeoPhq.exe
  2⤵
  PID:4956
- C:\Windows\System\KGwrrTw.exe
  C:\Windows\System\KGwrrTw.exe
  2⤵
  PID:4968
- C:\Windows\System\pDxQZgk.exe
  C:\Windows\System\pDxQZgk.exe
  2⤵
  PID:5048
- C:\Windows\System\rowzxvx.exe
  C:\Windows\System\rowzxvx.exe
  2⤵
  PID:5052
- C:\Windows\System\FydFQTb.exe
  C:\Windows\System\FydFQTb.exe
  2⤵
  PID:5072
- C:\Windows\System\YpHGQLX.exe
  C:\Windows\System\YpHGQLX.exe
  2⤵
  PID:4040
- C:\Windows\System\guxkYkO.exe
  C:\Windows\System\guxkYkO.exe
  2⤵
  PID:1288
- C:\Windows\System\MPHjDsS.exe
  C:\Windows\System\MPHjDsS.exe
  2⤵
  PID:1340
- C:\Windows\System\FQvkCzr.exe
  C:\Windows\System\FQvkCzr.exe
  2⤵
  PID:2304
- C:\Windows\System\bvOGvuZ.exe
  C:\Windows\System\bvOGvuZ.exe
  2⤵
  PID:3228
- C:\Windows\System\UaFnBee.exe
  C:\Windows\System\UaFnBee.exe
  2⤵
  PID:3264
- C:\Windows\System\voblTDF.exe
  C:\Windows\System\voblTDF.exe
  2⤵
  PID:1500
- C:\Windows\System\zDfEVtT.exe
  C:\Windows\System\zDfEVtT.exe
  2⤵
  PID:3636
- C:\Windows\System\bUIozNZ.exe
  C:\Windows\System\bUIozNZ.exe
  2⤵
  PID:3632
- C:\Windows\System\HRYPbrm.exe
  C:\Windows\System\HRYPbrm.exe
  2⤵
  PID:4120
- C:\Windows\System\aQWgbdx.exe
  C:\Windows\System\aQWgbdx.exe
  2⤵
  PID:4104
- C:\Windows\System\LmKOIkd.exe
  C:\Windows\System\LmKOIkd.exe
  2⤵
  PID:4208
- C:\Windows\System\WvRxwQn.exe
  C:\Windows\System\WvRxwQn.exe
  2⤵
  PID:4252
- C:\Windows\System\oKFXbma.exe
  C:\Windows\System\oKFXbma.exe
  2⤵
  PID:4292
- C:\Windows\System\gyMnUUv.exe
  C:\Windows\System\gyMnUUv.exe
  2⤵
  PID:4264
- C:\Windows\System\McZRrwE.exe
  C:\Windows\System\McZRrwE.exe
  2⤵
  PID:4368
- C:\Windows\System\KfHXlxD.exe
  C:\Windows\System\KfHXlxD.exe
  2⤵
  PID:4460
- C:\Windows\System\bFQPyid.exe
  C:\Windows\System\bFQPyid.exe
  2⤵
  PID:4504
- C:\Windows\System\tmSpyAc.exe
  C:\Windows\System\tmSpyAc.exe
  2⤵
  PID:4468
- C:\Windows\System\SqPKtfS.exe
  C:\Windows\System\SqPKtfS.exe
  2⤵
  PID:4540
- C:\Windows\System\ZZDUsLL.exe
  C:\Windows\System\ZZDUsLL.exe
  2⤵
  PID:4628
- C:\Windows\System\PLeNtaU.exe
  C:\Windows\System\PLeNtaU.exe
  2⤵
  PID:4764
- C:\Windows\System\rSmBgiy.exe
  C:\Windows\System\rSmBgiy.exe
  2⤵
  PID:4808
- C:\Windows\System\NOgsvIA.exe
  C:\Windows\System\NOgsvIA.exe
  2⤵
  PID:4820
- C:\Windows\System\TYBjjwe.exe
  C:\Windows\System\TYBjjwe.exe
  2⤵
  PID:4848
- C:\Windows\System\XfmzffE.exe
  C:\Windows\System\XfmzffE.exe
  2⤵
  PID:4936
- C:\Windows\System\dkGhSMs.exe
  C:\Windows\System\dkGhSMs.exe
  2⤵
  PID:5012
- C:\Windows\System\RzKHapk.exe
  C:\Windows\System\RzKHapk.exe
  2⤵
  PID:3652
- C:\Windows\System\HSSmOKr.exe
  C:\Windows\System\HSSmOKr.exe
  2⤵
  PID:5104
- C:\Windows\System\KlCNLDg.exe
  C:\Windows\System\KlCNLDg.exe
  2⤵
  PID:1016
- C:\Windows\System\QPwImDm.exe
  C:\Windows\System\QPwImDm.exe
  2⤵
  PID:3120
- C:\Windows\System\naYDUTW.exe
  C:\Windows\System\naYDUTW.exe
  2⤵
  PID:2532
- C:\Windows\System\ivlqYGc.exe
  C:\Windows\System\ivlqYGc.exe
  2⤵
  PID:3308
- C:\Windows\System\TUvymAy.exe
  C:\Windows\System\TUvymAy.exe
  2⤵
  PID:3500
- C:\Windows\System\GIhfbFy.exe
  C:\Windows\System\GIhfbFy.exe
  2⤵
  PID:4160
- C:\Windows\System\ygxKSDe.exe
  C:\Windows\System\ygxKSDe.exe
  2⤵
  PID:3888
- C:\Windows\System\UWWzHXe.exe
  C:\Windows\System\UWWzHXe.exe
  2⤵
  PID:4240
- C:\Windows\System\lTalLJM.exe
  C:\Windows\System\lTalLJM.exe
  2⤵
  PID:4268
- C:\Windows\System\dIaNTyY.exe
  C:\Windows\System\dIaNTyY.exe
  2⤵
  PID:4568
- C:\Windows\System\DIQqXKk.exe
  C:\Windows\System\DIQqXKk.exe
  2⤵
  PID:5128
- C:\Windows\System\zmfckDs.exe
  C:\Windows\System\zmfckDs.exe
  2⤵
  PID:5148
- C:\Windows\System\CWHKMJb.exe
  C:\Windows\System\CWHKMJb.exe
  2⤵
  PID:5172
- C:\Windows\System\ZGZDUDo.exe
  C:\Windows\System\ZGZDUDo.exe
  2⤵
  PID:5192
- C:\Windows\System\NrwrrFz.exe
  C:\Windows\System\NrwrrFz.exe
  2⤵
  PID:5212
- C:\Windows\System\kPdUjas.exe
  C:\Windows\System\kPdUjas.exe
  2⤵
  PID:5232
- C:\Windows\System\qEexqdZ.exe
  C:\Windows\System\qEexqdZ.exe
  2⤵
  PID:5252
- C:\Windows\System\PmdosgX.exe
  C:\Windows\System\PmdosgX.exe
  2⤵
  PID:5268
- C:\Windows\System\jdttzFR.exe
  C:\Windows\System\jdttzFR.exe
  2⤵
  PID:5292
- C:\Windows\System\FwibKue.exe
  C:\Windows\System\FwibKue.exe
  2⤵
  PID:5312
- C:\Windows\System\MJdprzg.exe
  C:\Windows\System\MJdprzg.exe
  2⤵
  PID:5328
- C:\Windows\System\SGzJVed.exe
  C:\Windows\System\SGzJVed.exe
  2⤵
  PID:5352
- C:\Windows\System\PnKoMPJ.exe
  C:\Windows\System\PnKoMPJ.exe
  2⤵
  PID:5372
- C:\Windows\System\jGNaiwJ.exe
  C:\Windows\System\jGNaiwJ.exe
  2⤵
  PID:5392
- C:\Windows\System\wrnOICc.exe
  C:\Windows\System\wrnOICc.exe
  2⤵
  PID:5408
- C:\Windows\System\yCoYqVK.exe
  C:\Windows\System\yCoYqVK.exe
  2⤵
  PID:5424
- C:\Windows\System\plvdZiq.exe
  C:\Windows\System\plvdZiq.exe
  2⤵
  PID:5444
- C:\Windows\System\lglyqoY.exe
  C:\Windows\System\lglyqoY.exe
  2⤵
  PID:5464
- C:\Windows\System\ahrfjRR.exe
  C:\Windows\System\ahrfjRR.exe
  2⤵
  PID:5480
- C:\Windows\System\QfSSfZc.exe
  C:\Windows\System\QfSSfZc.exe
  2⤵
  PID:5500
- C:\Windows\System\nThyJBK.exe
  C:\Windows\System\nThyJBK.exe
  2⤵
  PID:5516
- C:\Windows\System\xZwTqAs.exe
  C:\Windows\System\xZwTqAs.exe
  2⤵
  PID:5536
- C:\Windows\System\UYSBSBd.exe
  C:\Windows\System\UYSBSBd.exe
  2⤵
  PID:5556
- C:\Windows\System\CUmpKzZ.exe
  C:\Windows\System\CUmpKzZ.exe
  2⤵
  PID:5592
- C:\Windows\System\UVWCOxX.exe
  C:\Windows\System\UVWCOxX.exe
  2⤵
  PID:5608
- C:\Windows\System\JVTYcLs.exe
  C:\Windows\System\JVTYcLs.exe
  2⤵
  PID:5636
- C:\Windows\System\CwvvBZt.exe
  C:\Windows\System\CwvvBZt.exe
  2⤵
  PID:5652
- C:\Windows\System\ITaiHNV.exe
  C:\Windows\System\ITaiHNV.exe
  2⤵
  PID:5676
- C:\Windows\System\jLXdKIJ.exe
  C:\Windows\System\jLXdKIJ.exe
  2⤵
  PID:5692
- C:\Windows\System\iAVBJUf.exe
  C:\Windows\System\iAVBJUf.exe
  2⤵
  PID:5712
- C:\Windows\System\KEjtxNO.exe
  C:\Windows\System\KEjtxNO.exe
  2⤵
  PID:5736
- C:\Windows\System\WucJURW.exe
  C:\Windows\System\WucJURW.exe
  2⤵
  PID:5752
- C:\Windows\System\bBnvdls.exe
  C:\Windows\System\bBnvdls.exe
  2⤵
  PID:5772
- C:\Windows\System\KDwwpgc.exe
  C:\Windows\System\KDwwpgc.exe
  2⤵
  PID:5796
- C:\Windows\System\ENARUZK.exe
  C:\Windows\System\ENARUZK.exe
  2⤵
  PID:5812
- C:\Windows\System\deJRicr.exe
  C:\Windows\System\deJRicr.exe
  2⤵
  PID:5832
- C:\Windows\System\gXdmnNJ.exe
  C:\Windows\System\gXdmnNJ.exe
  2⤵
  PID:5856
- C:\Windows\System\dtQurVT.exe
  C:\Windows\System\dtQurVT.exe
  2⤵
  PID:5872
- C:\Windows\System\aehaIOO.exe
  C:\Windows\System\aehaIOO.exe
  2⤵
  PID:5896
- C:\Windows\System\iwRpldO.exe
  C:\Windows\System\iwRpldO.exe
  2⤵
  PID:5912
- C:\Windows\System\GPlgtNM.exe
  C:\Windows\System\GPlgtNM.exe
  2⤵
  PID:5932
- C:\Windows\System\GvaLhYy.exe
  C:\Windows\System\GvaLhYy.exe
  2⤵
  PID:5952
- C:\Windows\System\nEbhWSz.exe
  C:\Windows\System\nEbhWSz.exe
  2⤵
  PID:5976
- C:\Windows\System\inxEvZs.exe
  C:\Windows\System\inxEvZs.exe
  2⤵
  PID:5992
- C:\Windows\System\VBPlOOa.exe
  C:\Windows\System\VBPlOOa.exe
  2⤵
  PID:6012
- C:\Windows\System\fshbaZt.exe
  C:\Windows\System\fshbaZt.exe
  2⤵
  PID:6036
- C:\Windows\System\HdiEUvW.exe
  C:\Windows\System\HdiEUvW.exe
  2⤵
  PID:6056
- C:\Windows\System\OKjueVb.exe
  C:\Windows\System\OKjueVb.exe
  2⤵
  PID:6076
- C:\Windows\System\aFwjlEe.exe
  C:\Windows\System\aFwjlEe.exe
  2⤵
  PID:6096
- C:\Windows\System\MGSQnkT.exe
  C:\Windows\System\MGSQnkT.exe
  2⤵
  PID:6116
- C:\Windows\System\uHDvpnC.exe
  C:\Windows\System\uHDvpnC.exe
  2⤵
  PID:6132
- C:\Windows\System\eFvvPEf.exe
  C:\Windows\System\eFvvPEf.exe
  2⤵
  PID:4528
- C:\Windows\System\YwzBkOX.exe
  C:\Windows\System\YwzBkOX.exe
  2⤵
  PID:4644
- C:\Windows\System\tdbqIXq.exe
  C:\Windows\System\tdbqIXq.exe
  2⤵
  PID:4700
- C:\Windows\System\DEHMWUS.exe
  C:\Windows\System\DEHMWUS.exe
  2⤵
  PID:3048
- C:\Windows\System\HtWEBrT.exe
  C:\Windows\System\HtWEBrT.exe
  2⤵
  PID:4940
- C:\Windows\System\fbJzUwL.exe
  C:\Windows\System\fbJzUwL.exe
  2⤵
  PID:4976
- C:\Windows\System\DsRRMIA.exe
  C:\Windows\System\DsRRMIA.exe
  2⤵
  PID:5028
- C:\Windows\System\zaCYDpM.exe
  C:\Windows\System\zaCYDpM.exe
  2⤵
  PID:1756
- C:\Windows\System\uVyEMQY.exe
  C:\Windows\System\uVyEMQY.exe
  2⤵
  PID:5112
- C:\Windows\System\ARodTmN.exe
  C:\Windows\System\ARodTmN.exe
  2⤵
  PID:4052
- C:\Windows\System\cBobcXM.exe
  C:\Windows\System\cBobcXM.exe
  2⤵
  PID:3420
- C:\Windows\System\aCGoItv.exe
  C:\Windows\System\aCGoItv.exe
  2⤵
  PID:4288
- C:\Windows\System\eSJWUAs.exe
  C:\Windows\System\eSJWUAs.exe
  2⤵
  PID:4612
- C:\Windows\System\PSquUIR.exe
  C:\Windows\System\PSquUIR.exe
  2⤵
  PID:4392
- C:\Windows\System\kYLTBlE.exe
  C:\Windows\System\kYLTBlE.exe
  2⤵
  PID:5160
- C:\Windows\System\Ukfmvlw.exe
  C:\Windows\System\Ukfmvlw.exe
  2⤵
  PID:5208
- C:\Windows\System\CHifexn.exe
  C:\Windows\System\CHifexn.exe
  2⤵
  PID:5276
- C:\Windows\System\hbAaOUl.exe
  C:\Windows\System\hbAaOUl.exe
  2⤵
  PID:5184
- C:\Windows\System\qFaVHxT.exe
  C:\Windows\System\qFaVHxT.exe
  2⤵
  PID:5228
- C:\Windows\System\yfyrmtz.exe
  C:\Windows\System\yfyrmtz.exe
  2⤵
  PID:5304
- C:\Windows\System\mdNgLTy.exe
  C:\Windows\System\mdNgLTy.exe
  2⤵
  PID:5364
- C:\Windows\System\rPisktq.exe
  C:\Windows\System\rPisktq.exe
  2⤵
  PID:5436
- C:\Windows\System\JJPUCul.exe
  C:\Windows\System\JJPUCul.exe
  2⤵
  PID:5508
- C:\Windows\System\rIqXrwA.exe
  C:\Windows\System\rIqXrwA.exe
  2⤵
  PID:5388
- C:\Windows\System\bvgRXJI.exe
  C:\Windows\System\bvgRXJI.exe
  2⤵
  PID:5548
- C:\Windows\System\eYSpHwB.exe
  C:\Windows\System\eYSpHwB.exe
  2⤵
  PID:5492
- C:\Windows\System\RfaLGRm.exe
  C:\Windows\System\RfaLGRm.exe
  2⤵
  PID:5564
- C:\Windows\System\kymrMAa.exe
  C:\Windows\System\kymrMAa.exe
  2⤵
  PID:5588
- C:\Windows\System\zKKiUkx.exe
  C:\Windows\System\zKKiUkx.exe
  2⤵
  PID:5688
- C:\Windows\System\GIepHfI.exe
  C:\Windows\System\GIepHfI.exe
  2⤵
  PID:5724
- C:\Windows\System\cIHatTy.exe
  C:\Windows\System\cIHatTy.exe
  2⤵
  PID:5660
- C:\Windows\System\yDLoAbE.exe
  C:\Windows\System\yDLoAbE.exe
  2⤵
  PID:5704
- C:\Windows\System\TijWzoN.exe
  C:\Windows\System\TijWzoN.exe
  2⤵
  PID:5744
- C:\Windows\System\VYPBDTj.exe
  C:\Windows\System\VYPBDTj.exe
  2⤵
  PID:5784
- C:\Windows\System\eIPzMNu.exe
  C:\Windows\System\eIPzMNu.exe
  2⤵
  PID:5844
- C:\Windows\System\ihwvUGk.exe
  C:\Windows\System\ihwvUGk.exe
  2⤵
  PID:5880
- C:\Windows\System\zjPWXJW.exe
  C:\Windows\System\zjPWXJW.exe
  2⤵
  PID:5920
- C:\Windows\System\uRTJCiK.exe
  C:\Windows\System\uRTJCiK.exe
  2⤵
  PID:5960
- C:\Windows\System\CXNghHc.exe
  C:\Windows\System\CXNghHc.exe
  2⤵
  PID:5940
- C:\Windows\System\JiDGNyu.exe
  C:\Windows\System\JiDGNyu.exe
  2⤵
  PID:6004
- C:\Windows\System\YUFUEhO.exe
  C:\Windows\System\YUFUEhO.exe
  2⤵
  PID:5988
- C:\Windows\System\OKNqhql.exe
  C:\Windows\System\OKNqhql.exe
  2⤵
  PID:6084
- C:\Windows\System\uBDPzrZ.exe
  C:\Windows\System\uBDPzrZ.exe
  2⤵
  PID:6088
- C:\Windows\System\zgpNrkg.exe
  C:\Windows\System\zgpNrkg.exe
  2⤵
  PID:6112
- C:\Windows\System\GnsWcgY.exe
  C:\Windows\System\GnsWcgY.exe
  2⤵
  PID:4680
- C:\Windows\System\ngQQXNQ.exe
  C:\Windows\System\ngQQXNQ.exe
  2⤵
  PID:4724
- C:\Windows\System\hotnsBK.exe
  C:\Windows\System\hotnsBK.exe
  2⤵
  PID:4772
- C:\Windows\System\OUUjcYI.exe
  C:\Windows\System\OUUjcYI.exe
  2⤵
  PID:3932
- C:\Windows\System\AVuVPmI.exe
  C:\Windows\System\AVuVPmI.exe
  2⤵
  PID:4904
- C:\Windows\System\nDzdOUO.exe
  C:\Windows\System\nDzdOUO.exe
  2⤵
  PID:3816
- C:\Windows\System\yezzOMh.exe
  C:\Windows\System\yezzOMh.exe
  2⤵
  PID:4344
- C:\Windows\System\kUCrDmF.exe
  C:\Windows\System\kUCrDmF.exe
  2⤵
  PID:3124
- C:\Windows\System\iNRvmzO.exe
  C:\Windows\System\iNRvmzO.exe
  2⤵
  PID:5200
- C:\Windows\System\FUWCplW.exe
  C:\Windows\System\FUWCplW.exe
  2⤵
  PID:300
- C:\Windows\System\CQRRqlx.exe
  C:\Windows\System\CQRRqlx.exe
  2⤵
  PID:5156
- C:\Windows\System\AHtryTl.exe
  C:\Windows\System\AHtryTl.exe
  2⤵
  PID:5224
- C:\Windows\System\begmulS.exe
  C:\Windows\System\begmulS.exe
  2⤵
  PID:5340
- C:\Windows\System\KnKQriP.exe
  C:\Windows\System\KnKQriP.exe
  2⤵
  PID:5380
- C:\Windows\System\Cixyscu.exe
  C:\Windows\System\Cixyscu.exe
  2⤵
  PID:5476
- C:\Windows\System\PEPKiLY.exe
  C:\Windows\System\PEPKiLY.exe
  2⤵
  PID:5572
- C:\Windows\System\ueqIDJh.exe
  C:\Windows\System\ueqIDJh.exe
  2⤵
  PID:5452
- C:\Windows\System\YuFXHbH.exe
  C:\Windows\System\YuFXHbH.exe
  2⤵
  PID:5648
- C:\Windows\System\BIYTVmy.exe
  C:\Windows\System\BIYTVmy.exe
  2⤵
  PID:5760
- C:\Windows\System\yuHHLwV.exe
  C:\Windows\System\yuHHLwV.exe
  2⤵
  PID:5664
- C:\Windows\System\bylHfjO.exe
  C:\Windows\System\bylHfjO.exe
  2⤵
  PID:5824
- C:\Windows\System\NhKkKEK.exe
  C:\Windows\System\NhKkKEK.exe
  2⤵
  PID:5848
- C:\Windows\System\EzPuOyO.exe
  C:\Windows\System\EzPuOyO.exe
  2⤵
  PID:5864
- C:\Windows\System\OfVakUD.exe
  C:\Windows\System\OfVakUD.exe
  2⤵
  PID:6000
- C:\Windows\System\Iymwknj.exe
  C:\Windows\System\Iymwknj.exe
  2⤵
  PID:5908
- C:\Windows\System\ouTlHZD.exe
  C:\Windows\System\ouTlHZD.exe
  2⤵
  PID:6032
- C:\Windows\System\AewKLpI.exe
  C:\Windows\System\AewKLpI.exe
  2⤵
  PID:4464
- C:\Windows\System\OsbPzoq.exe
  C:\Windows\System\OsbPzoq.exe
  2⤵
  PID:6092
- C:\Windows\System\KaIHaKR.exe
  C:\Windows\System\KaIHaKR.exe
  2⤵
  PID:4424
- C:\Windows\System\AdecYTZ.exe
  C:\Windows\System\AdecYTZ.exe
  2⤵
  PID:4748
- C:\Windows\System\hzewzcn.exe
  C:\Windows\System\hzewzcn.exe
  2⤵
  PID:4952
- C:\Windows\System\zyPhWNV.exe
  C:\Windows\System\zyPhWNV.exe
  2⤵
  PID:4420
- C:\Windows\System\heymdIc.exe
  C:\Windows\System\heymdIc.exe
  2⤵
  PID:3220
- C:\Windows\System\LVVNKgA.exe
  C:\Windows\System\LVVNKgA.exe
  2⤵
  PID:4328
- C:\Windows\System\kTwsbzr.exe
  C:\Windows\System\kTwsbzr.exe
  2⤵
  PID:5144
- C:\Windows\System\bpGitay.exe
  C:\Windows\System\bpGitay.exe
  2⤵
  PID:6152
- C:\Windows\System\LpWtBLR.exe
  C:\Windows\System\LpWtBLR.exe
  2⤵
  PID:6176
- C:\Windows\System\iXqWxrQ.exe
  C:\Windows\System\iXqWxrQ.exe
  2⤵
  PID:6196
- C:\Windows\System\iJWCiAW.exe
  C:\Windows\System\iJWCiAW.exe
  2⤵
  PID:6216
- C:\Windows\System\iPYzzor.exe
  C:\Windows\System\iPYzzor.exe
  2⤵
  PID:6236
- C:\Windows\System\yIoEugy.exe
  C:\Windows\System\yIoEugy.exe
  2⤵
  PID:6256
- C:\Windows\System\LOCoLcO.exe
  C:\Windows\System\LOCoLcO.exe
  2⤵
  PID:6276
- C:\Windows\System\BaJKENX.exe
  C:\Windows\System\BaJKENX.exe
  2⤵
  PID:6296
- C:\Windows\System\PGdVGFc.exe
  C:\Windows\System\PGdVGFc.exe
  2⤵
  PID:6316
- C:\Windows\System\USSHbvt.exe
  C:\Windows\System\USSHbvt.exe
  2⤵
  PID:6336
- C:\Windows\System\fnEWiLK.exe
  C:\Windows\System\fnEWiLK.exe
  2⤵
  PID:6356
- C:\Windows\System\KiuYWeI.exe
  C:\Windows\System\KiuYWeI.exe
  2⤵
  PID:6372
- C:\Windows\System\IBhtGer.exe
  C:\Windows\System\IBhtGer.exe
  2⤵
  PID:6396
- C:\Windows\System\eRTAldy.exe
  C:\Windows\System\eRTAldy.exe
  2⤵
  PID:6416
- C:\Windows\System\DpJPnDc.exe
  C:\Windows\System\DpJPnDc.exe
  2⤵
  PID:6436
- C:\Windows\System\jihQuBL.exe
  C:\Windows\System\jihQuBL.exe
  2⤵
  PID:6456
- C:\Windows\System\iwHuQbP.exe
  C:\Windows\System\iwHuQbP.exe
  2⤵
  PID:6476
- C:\Windows\System\uqFFRXp.exe
  C:\Windows\System\uqFFRXp.exe
  2⤵
  PID:6496
- C:\Windows\System\YobDlCo.exe
  C:\Windows\System\YobDlCo.exe
  2⤵
  PID:6520
- C:\Windows\System\sesPmcv.exe
  C:\Windows\System\sesPmcv.exe
  2⤵
  PID:6540
- C:\Windows\System\AzygMeb.exe
  C:\Windows\System\AzygMeb.exe
  2⤵
  PID:6560
- C:\Windows\System\BZPVgQz.exe
  C:\Windows\System\BZPVgQz.exe
  2⤵
  PID:6580
- C:\Windows\System\MmZPfSv.exe
  C:\Windows\System\MmZPfSv.exe
  2⤵
  PID:6600
- C:\Windows\System\eerTlOn.exe
  C:\Windows\System\eerTlOn.exe
  2⤵
  PID:6620
- C:\Windows\System\KriRVZe.exe
  C:\Windows\System\KriRVZe.exe
  2⤵
  PID:6640
- C:\Windows\System\oyyQzJb.exe
  C:\Windows\System\oyyQzJb.exe
  2⤵
  PID:6660
- C:\Windows\System\TzqbMdl.exe
  C:\Windows\System\TzqbMdl.exe
  2⤵
  PID:6680
- C:\Windows\System\kAciBeQ.exe
  C:\Windows\System\kAciBeQ.exe
  2⤵
  PID:6700
- C:\Windows\System\YhUPOJe.exe
  C:\Windows\System\YhUPOJe.exe
  2⤵
  PID:6720
- C:\Windows\System\HjnDlAX.exe
  C:\Windows\System\HjnDlAX.exe
  2⤵
  PID:6740
- C:\Windows\System\vEFMGDD.exe
  C:\Windows\System\vEFMGDD.exe
  2⤵
  PID:6760
- C:\Windows\System\jGOfaeq.exe
  C:\Windows\System\jGOfaeq.exe
  2⤵
  PID:6780
- C:\Windows\System\HzdQIPi.exe
  C:\Windows\System\HzdQIPi.exe
  2⤵
  PID:6800
- C:\Windows\System\PebWRfD.exe
  C:\Windows\System\PebWRfD.exe
  2⤵
  PID:6820
- C:\Windows\System\jaKdxAU.exe
  C:\Windows\System\jaKdxAU.exe
  2⤵
  PID:6840
- C:\Windows\System\ljwZJFn.exe
  C:\Windows\System\ljwZJFn.exe
  2⤵
  PID:6864
- C:\Windows\System\mazyrUr.exe
  C:\Windows\System\mazyrUr.exe
  2⤵
  PID:6884
- C:\Windows\System\zprxCnX.exe
  C:\Windows\System\zprxCnX.exe
  2⤵
  PID:6904
- C:\Windows\System\jJfmDvP.exe
  C:\Windows\System\jJfmDvP.exe
  2⤵
  PID:6924
- C:\Windows\System\ZyeNhJm.exe
  C:\Windows\System\ZyeNhJm.exe
  2⤵
  PID:6940
- C:\Windows\System\MBFdxds.exe
  C:\Windows\System\MBFdxds.exe
  2⤵
  PID:6964
- C:\Windows\System\vVttitn.exe
  C:\Windows\System\vVttitn.exe
  2⤵
  PID:6980
- C:\Windows\System\UwLnkwg.exe
  C:\Windows\System\UwLnkwg.exe
  2⤵
  PID:7004
- C:\Windows\System\EjQNOsB.exe
  C:\Windows\System\EjQNOsB.exe
  2⤵
  PID:7024
- C:\Windows\System\LIMBcao.exe
  C:\Windows\System\LIMBcao.exe
  2⤵
  PID:7044
- C:\Windows\System\AJxasbc.exe
  C:\Windows\System\AJxasbc.exe
  2⤵
  PID:7060
- C:\Windows\System\UTafcBu.exe
  C:\Windows\System\UTafcBu.exe
  2⤵
  PID:7084
- C:\Windows\System\tELshcA.exe
  C:\Windows\System\tELshcA.exe
  2⤵
  PID:7104
- C:\Windows\System\gsizZOQ.exe
  C:\Windows\System\gsizZOQ.exe
  2⤵
  PID:7124
- C:\Windows\System\UxjhvQm.exe
  C:\Windows\System\UxjhvQm.exe
  2⤵
  PID:7144
- C:\Windows\System\nVHPfPe.exe
  C:\Windows\System\nVHPfPe.exe
  2⤵
  PID:7164
- C:\Windows\System\lIiOYhu.exe
  C:\Windows\System\lIiOYhu.exe
  2⤵
  PID:5360
- C:\Windows\System\OEcFCXH.exe
  C:\Windows\System\OEcFCXH.exe
  2⤵
  PID:5728
- C:\Windows\System\rBhIixZ.exe
  C:\Windows\System\rBhIixZ.exe
  2⤵
  PID:5524
- C:\Windows\System\oGdqnIq.exe
  C:\Windows\System\oGdqnIq.exe
  2⤵
  PID:5700
- C:\Windows\System\lytublh.exe
  C:\Windows\System\lytublh.exe
  2⤵
  PID:5748
- C:\Windows\System\Fcnvjzy.exe
  C:\Windows\System\Fcnvjzy.exe
  2⤵
  PID:5948
- C:\Windows\System\xxKPGHQ.exe
  C:\Windows\System\xxKPGHQ.exe
  2⤵
  PID:976
- C:\Windows\System\xgunFYO.exe
  C:\Windows\System\xgunFYO.exe
  2⤵
  PID:5904
- C:\Windows\System\zUtxrWG.exe
  C:\Windows\System\zUtxrWG.exe
  2⤵
  PID:6072
- C:\Windows\System\QjpgCcK.exe
  C:\Windows\System\QjpgCcK.exe
  2⤵
  PID:3976
- C:\Windows\System\htuDxYN.exe
  C:\Windows\System\htuDxYN.exe
  2⤵
  PID:4660
- C:\Windows\System\nWpJCgS.exe
  C:\Windows\System\nWpJCgS.exe
  2⤵
  PID:5180
- C:\Windows\System\oIaArvU.exe
  C:\Windows\System\oIaArvU.exe
  2⤵
  PID:5320
- C:\Windows\System\EVfyeoE.exe
  C:\Windows\System\EVfyeoE.exe
  2⤵
  PID:6148
- C:\Windows\System\QgcGeXK.exe
  C:\Windows\System\QgcGeXK.exe
  2⤵
  PID:2432
- C:\Windows\System\dVHKHwU.exe
  C:\Windows\System\dVHKHwU.exe
  2⤵
  PID:6184
- C:\Windows\System\nygzUdv.exe
  C:\Windows\System\nygzUdv.exe
  2⤵
  PID:6224
- C:\Windows\System\dlpxrOC.exe
  C:\Windows\System\dlpxrOC.exe
  2⤵
  PID:6228
- C:\Windows\System\pZpAgaj.exe
  C:\Windows\System\pZpAgaj.exe
  2⤵
  PID:6272
- C:\Windows\System\HOkEsnc.exe
  C:\Windows\System\HOkEsnc.exe
  2⤵
  PID:6284
- C:\Windows\System\YVfPgTH.exe
  C:\Windows\System\YVfPgTH.exe
  2⤵
  PID:6288
- C:\Windows\System\CjXXRAO.exe
  C:\Windows\System\CjXXRAO.exe
  2⤵
  PID:6332
- C:\Windows\System\AKFXokZ.exe
  C:\Windows\System\AKFXokZ.exe
  2⤵
  PID:6384
- C:\Windows\System\WGlbcLo.exe
  C:\Windows\System\WGlbcLo.exe
  2⤵
  PID:6424
- C:\Windows\System\kRYdNZj.exe
  C:\Windows\System\kRYdNZj.exe
  2⤵
  PID:6428
- C:\Windows\System\kyEeNDK.exe
  C:\Windows\System\kyEeNDK.exe
  2⤵
  PID:6468
- C:\Windows\System\LknGaPT.exe
  C:\Windows\System\LknGaPT.exe
  2⤵
  PID:6516
- C:\Windows\System\EjZrkrL.exe
  C:\Windows\System\EjZrkrL.exe
  2⤵
  PID:6552
- C:\Windows\System\lokIlam.exe
  C:\Windows\System\lokIlam.exe
  2⤵
  PID:6568
- C:\Windows\System\ZksUbjq.exe
  C:\Windows\System\ZksUbjq.exe
  2⤵
  PID:6628
- C:\Windows\System\VPfGVob.exe
  C:\Windows\System\VPfGVob.exe
  2⤵
  PID:6616
- C:\Windows\System\ewSyyNe.exe
  C:\Windows\System\ewSyyNe.exe
  2⤵
  PID:6656
- C:\Windows\System\kCIDMsu.exe
  C:\Windows\System\kCIDMsu.exe
  2⤵
  PID:6696
- C:\Windows\System\RblKKxc.exe
  C:\Windows\System\RblKKxc.exe
  2⤵
  PID:6756
- C:\Windows\System\svFrgtp.exe
  C:\Windows\System\svFrgtp.exe
  2⤵
  PID:6828
- C:\Windows\System\ukgKyRr.exe
  C:\Windows\System\ukgKyRr.exe
  2⤵
  PID:6772
- C:\Windows\System\DqGPyLQ.exe
  C:\Windows\System\DqGPyLQ.exe
  2⤵
  PID:6872
- C:\Windows\System\APnoRVA.exe
  C:\Windows\System\APnoRVA.exe
  2⤵
  PID:6852
- C:\Windows\System\XlaSozN.exe
  C:\Windows\System\XlaSozN.exe
  2⤵
  PID:6948
- C:\Windows\System\RgqkuVa.exe
  C:\Windows\System\RgqkuVa.exe
  2⤵
  PID:6952
- C:\Windows\System\LmryePw.exe
  C:\Windows\System\LmryePw.exe
  2⤵
  PID:7000
- C:\Windows\System\ErkzzmG.exe
  C:\Windows\System\ErkzzmG.exe
  2⤵
  PID:7032
- C:\Windows\System\eCMsABG.exe
  C:\Windows\System\eCMsABG.exe
  2⤵
  PID:7020
- C:\Windows\System\XxjxSwJ.exe
  C:\Windows\System\XxjxSwJ.exe
  2⤵
  PID:2204
- C:\Windows\System\ttEGkix.exe
  C:\Windows\System\ttEGkix.exe
  2⤵
  PID:7096
- C:\Windows\System\pZyOkgl.exe
  C:\Windows\System\pZyOkgl.exe
  2⤵
  PID:3036
- C:\Windows\System\NLJdNnV.exe
  C:\Windows\System\NLJdNnV.exe
  2⤵
  PID:5384
- C:\Windows\System\EddBPVm.exe
  C:\Windows\System\EddBPVm.exe
  2⤵
  PID:5420
- C:\Windows\System\xyAmfyR.exe
  C:\Windows\System\xyAmfyR.exe
  2⤵
  PID:2872
- C:\Windows\System\zWZXRyQ.exe
  C:\Windows\System\zWZXRyQ.exe
  2⤵
  PID:5828
- C:\Windows\System\iAkfObU.exe
  C:\Windows\System\iAkfObU.exe
  2⤵
  PID:5780
- C:\Windows\System\UklsOhC.exe
  C:\Windows\System\UklsOhC.exe
  2⤵
  PID:5892
- C:\Windows\System\YiabBhm.exe
  C:\Windows\System\YiabBhm.exe
  2⤵
  PID:5624
- C:\Windows\System\FtULvJQ.exe
  C:\Windows\System\FtULvJQ.exe
  2⤵
  PID:5140
- C:\Windows\System\TSmCEnu.exe
  C:\Windows\System\TSmCEnu.exe
  2⤵
  PID:5400
- C:\Windows\System\ntIiUuq.exe
  C:\Windows\System\ntIiUuq.exe
  2⤵
  PID:6160
- C:\Windows\System\inmMnhg.exe
  C:\Windows\System\inmMnhg.exe
  2⤵
  PID:6164
- C:\Windows\System\XdWrNsW.exe
  C:\Windows\System\XdWrNsW.exe
  2⤵
  PID:6192
- C:\Windows\System\nfBoBBb.exe
  C:\Windows\System\nfBoBBb.exe
  2⤵
  PID:6248
- C:\Windows\System\Rpwcued.exe
  C:\Windows\System\Rpwcued.exe
  2⤵
  PID:6292
- C:\Windows\System\JOiPqAM.exe
  C:\Windows\System\JOiPqAM.exe
  2⤵
  PID:6348
- C:\Windows\System\fizDjdI.exe
  C:\Windows\System\fizDjdI.exe
  2⤵
  PID:6368
- C:\Windows\System\wJmNyJu.exe
  C:\Windows\System\wJmNyJu.exe
  2⤵
  PID:6452
- C:\Windows\System\bQbxAke.exe
  C:\Windows\System\bQbxAke.exe
  2⤵
  PID:6492
- C:\Windows\System\gsHbZaj.exe
  C:\Windows\System\gsHbZaj.exe
  2⤵
  PID:6536
- C:\Windows\System\JGbfnGF.exe
  C:\Windows\System\JGbfnGF.exe
  2⤵
  PID:6676
- C:\Windows\System\EZqEQUv.exe
  C:\Windows\System\EZqEQUv.exe
  2⤵
  PID:6708
- C:\Windows\System\zuEkEXn.exe
  C:\Windows\System\zuEkEXn.exe
  2⤵
  PID:6748
- C:\Windows\System\dySbJgq.exe
  C:\Windows\System\dySbJgq.exe
  2⤵
  PID:6776
- C:\Windows\System\HICmLAN.exe
  C:\Windows\System\HICmLAN.exe
  2⤵
  PID:6860
- C:\Windows\System\oJeSjva.exe
  C:\Windows\System\oJeSjva.exe
  2⤵
  PID:6960
- C:\Windows\System\RKhORjf.exe
  C:\Windows\System\RKhORjf.exe
  2⤵
  PID:7012
- C:\Windows\System\zkojiiK.exe
  C:\Windows\System\zkojiiK.exe
  2⤵
  PID:7072
- C:\Windows\System\lufVsiR.exe
  C:\Windows\System\lufVsiR.exe
  2⤵
  PID:7056
- C:\Windows\System\jsYEwGi.exe
  C:\Windows\System\jsYEwGi.exe
  2⤵
  PID:7116
- C:\Windows\System\qUVsnHv.exe
  C:\Windows\System\qUVsnHv.exe
  2⤵
  PID:5600
- C:\Windows\System\kpYBpKI.exe
  C:\Windows\System\kpYBpKI.exe
  2⤵
  PID:6512
- C:\Windows\System\HJvKUcI.exe
  C:\Windows\System\HJvKUcI.exe
  2⤵
  PID:2820
- C:\Windows\System\sAqgJXh.exe
  C:\Windows\System\sAqgJXh.exe
  2⤵
  PID:6048
- C:\Windows\System\prPdNpF.exe
  C:\Windows\System\prPdNpF.exe
  2⤵
  PID:3796
- C:\Windows\System\eBxZGzg.exe
  C:\Windows\System\eBxZGzg.exe
  2⤵
  PID:3656
- C:\Windows\System\YbwaHTw.exe
  C:\Windows\System\YbwaHTw.exe
  2⤵
  PID:6188
- C:\Windows\System\xqqoSVM.exe
  C:\Windows\System\xqqoSVM.exe
  2⤵
  PID:6252
- C:\Windows\System\DviJtcl.exe
  C:\Windows\System\DviJtcl.exe
  2⤵
  PID:6380
- C:\Windows\System\LpfvZMz.exe
  C:\Windows\System\LpfvZMz.exe
  2⤵
  PID:6412
- C:\Windows\System\dEPmMIb.exe
  C:\Windows\System\dEPmMIb.exe
  2⤵
  PID:6508
- C:\Windows\System\cbwuvXc.exe
  C:\Windows\System\cbwuvXc.exe
  2⤵
  PID:6528
- C:\Windows\System\LsEwrMK.exe
  C:\Windows\System\LsEwrMK.exe
  2⤵
  PID:6672
- C:\Windows\System\TXRuEJq.exe
  C:\Windows\System\TXRuEJq.exe
  2⤵
  PID:6796
- C:\Windows\System\PrZNrPg.exe
  C:\Windows\System\PrZNrPg.exe
  2⤵
  PID:6916
- C:\Windows\System\ZNtgKaN.exe
  C:\Windows\System\ZNtgKaN.exe
  2⤵
  PID:7036
- C:\Windows\System\QKZBnGo.exe
  C:\Windows\System\QKZBnGo.exe
  2⤵
  PID:7068
- C:\Windows\System\WsjSBmY.exe
  C:\Windows\System\WsjSBmY.exe
  2⤵
  PID:7184
- C:\Windows\System\lvdenRu.exe
  C:\Windows\System\lvdenRu.exe
  2⤵
  PID:7204
- C:\Windows\System\jinxKpQ.exe
  C:\Windows\System\jinxKpQ.exe
  2⤵
  PID:7224
- C:\Windows\System\BCXRPCZ.exe
  C:\Windows\System\BCXRPCZ.exe
  2⤵
  PID:7244
- C:\Windows\System\WqvstRd.exe
  C:\Windows\System\WqvstRd.exe
  2⤵
  PID:7264
- C:\Windows\System\afVzpXX.exe
  C:\Windows\System\afVzpXX.exe
  2⤵
  PID:7284
- C:\Windows\System\SfSBAKb.exe
  C:\Windows\System\SfSBAKb.exe
  2⤵
  PID:7304
- C:\Windows\System\PIjYqTN.exe
  C:\Windows\System\PIjYqTN.exe
  2⤵
  PID:7324
- C:\Windows\System\iflqYwI.exe
  C:\Windows\System\iflqYwI.exe
  2⤵
  PID:7344
- C:\Windows\System\siTsVCa.exe
  C:\Windows\System\siTsVCa.exe
  2⤵
  PID:7364
- C:\Windows\System\BxUaGpb.exe
  C:\Windows\System\BxUaGpb.exe
  2⤵
  PID:7384
- C:\Windows\System\ZQcZsew.exe
  C:\Windows\System\ZQcZsew.exe
  2⤵
  PID:7404
- C:\Windows\System\wEwJDFR.exe
  C:\Windows\System\wEwJDFR.exe
  2⤵
  PID:7424
- C:\Windows\System\RWVFaRU.exe
  C:\Windows\System\RWVFaRU.exe
  2⤵
  PID:7444
- C:\Windows\System\jYUNwXi.exe
  C:\Windows\System\jYUNwXi.exe
  2⤵
  PID:7464
- C:\Windows\System\GLKRVNp.exe
  C:\Windows\System\GLKRVNp.exe
  2⤵
  PID:7484
- C:\Windows\System\ulfGppi.exe
  C:\Windows\System\ulfGppi.exe
  2⤵
  PID:7504
- C:\Windows\System\chRNDGk.exe
  C:\Windows\System\chRNDGk.exe
  2⤵
  PID:7528
- C:\Windows\System\HyvXDzZ.exe
  C:\Windows\System\HyvXDzZ.exe
  2⤵
  PID:7548
- C:\Windows\System\oCSQdPV.exe
  C:\Windows\System\oCSQdPV.exe
  2⤵
  PID:7568
- C:\Windows\System\fBSvJgJ.exe
  C:\Windows\System\fBSvJgJ.exe
  2⤵
  PID:7588
- C:\Windows\System\ovASFfX.exe
  C:\Windows\System\ovASFfX.exe
  2⤵
  PID:7608
- C:\Windows\System\jnfmapV.exe
  C:\Windows\System\jnfmapV.exe
  2⤵
  PID:7624
- C:\Windows\System\annhfPI.exe
  C:\Windows\System\annhfPI.exe
  2⤵
  PID:7644
- C:\Windows\System\rGMLvQl.exe
  C:\Windows\System\rGMLvQl.exe
  2⤵
  PID:7668
- C:\Windows\System\zRGKCRw.exe
  C:\Windows\System\zRGKCRw.exe
  2⤵
  PID:7688
- C:\Windows\System\HHHecVM.exe
  C:\Windows\System\HHHecVM.exe
  2⤵
  PID:7708
- C:\Windows\System\VUKVMqh.exe
  C:\Windows\System\VUKVMqh.exe
  2⤵
  PID:7728
- C:\Windows\System\nPCbkzv.exe
  C:\Windows\System\nPCbkzv.exe
  2⤵
  PID:7748
- C:\Windows\System\KUEfnKT.exe
  C:\Windows\System\KUEfnKT.exe
  2⤵
  PID:7768
- C:\Windows\System\FUpKNpn.exe
  C:\Windows\System\FUpKNpn.exe
  2⤵
  PID:7788
- C:\Windows\System\ldPXCqB.exe
  C:\Windows\System\ldPXCqB.exe
  2⤵
  PID:7812
- C:\Windows\System\goRghkr.exe
  C:\Windows\System\goRghkr.exe
  2⤵
  PID:7832
- C:\Windows\System\QWnLIat.exe
  C:\Windows\System\QWnLIat.exe
  2⤵
  PID:7852
- C:\Windows\System\MGFHCGk.exe
  C:\Windows\System\MGFHCGk.exe
  2⤵
  PID:7872
- C:\Windows\System\lGCYVFT.exe
  C:\Windows\System\lGCYVFT.exe
  2⤵
  PID:7892
- C:\Windows\System\MMHzuvA.exe
  C:\Windows\System\MMHzuvA.exe
  2⤵
  PID:7908
- C:\Windows\System\AarfpfW.exe
  C:\Windows\System\AarfpfW.exe
  2⤵
  PID:7924
- C:\Windows\System\yXitSsa.exe
  C:\Windows\System\yXitSsa.exe
  2⤵
  PID:7948
- C:\Windows\System\icYljFv.exe
  C:\Windows\System\icYljFv.exe
  2⤵
  PID:7968
- C:\Windows\System\YUrbQrt.exe
  C:\Windows\System\YUrbQrt.exe
  2⤵
  PID:7988
- C:\Windows\System\lTTxale.exe
  C:\Windows\System\lTTxale.exe
  2⤵
  PID:8012
- C:\Windows\System\bqRkeWP.exe
  C:\Windows\System\bqRkeWP.exe
  2⤵
  PID:8032
- C:\Windows\System\FUWJBrp.exe
  C:\Windows\System\FUWJBrp.exe
  2⤵
  PID:8052
- C:\Windows\System\ZPJYYyz.exe
  C:\Windows\System\ZPJYYyz.exe
  2⤵
  PID:8072
- C:\Windows\System\NiOAwbv.exe
  C:\Windows\System\NiOAwbv.exe
  2⤵
  PID:8092
- C:\Windows\System\yaZJDZV.exe
  C:\Windows\System\yaZJDZV.exe
  2⤵
  PID:8112
- C:\Windows\System\lPyhTZe.exe
  C:\Windows\System\lPyhTZe.exe
  2⤵
  PID:8132
- C:\Windows\System\vvPdklX.exe
  C:\Windows\System\vvPdklX.exe
  2⤵
  PID:8148
- C:\Windows\System\MfdShcT.exe
  C:\Windows\System\MfdShcT.exe
  2⤵
  PID:8172
- C:\Windows\System\fJUZWiW.exe
  C:\Windows\System\fJUZWiW.exe
  2⤵
  PID:7140
- C:\Windows\System\fsepecO.exe
  C:\Windows\System\fsepecO.exe
  2⤵
  PID:7136
- C:\Windows\System\bTdycSx.exe
  C:\Windows\System\bTdycSx.exe
  2⤵
  PID:5580
- C:\Windows\System\TXbcygN.exe
  C:\Windows\System\TXbcygN.exe
  2⤵
  PID:4828
- C:\Windows\System\GGEMPJq.exe
  C:\Windows\System\GGEMPJq.exe
  2⤵
  PID:6212
- C:\Windows\System\OtxEpZQ.exe
  C:\Windows\System\OtxEpZQ.exe
  2⤵
  PID:2328
- C:\Windows\System\xmGYbQk.exe
  C:\Windows\System\xmGYbQk.exe
  2⤵
  PID:2072
- C:\Windows\System\fnKkKBO.exe
  C:\Windows\System\fnKkKBO.exe
  2⤵
  PID:6636
- C:\Windows\System\rFMPzHF.exe
  C:\Windows\System\rFMPzHF.exe
  2⤵
  PID:6632
- C:\Windows\System\lBKNMWp.exe
  C:\Windows\System\lBKNMWp.exe
  2⤵
  PID:6728
- C:\Windows\System\cwNreZq.exe
  C:\Windows\System\cwNreZq.exe
  2⤵
  PID:6900
- C:\Windows\System\qeBdJGM.exe
  C:\Windows\System\qeBdJGM.exe
  2⤵
  PID:7180
- C:\Windows\System\ZGOimSb.exe
  C:\Windows\System\ZGOimSb.exe
  2⤵
  PID:7220
- C:\Windows\System\DCiVbgQ.exe
  C:\Windows\System\DCiVbgQ.exe
  2⤵
  PID:7236
- C:\Windows\System\PhgGKWg.exe
  C:\Windows\System\PhgGKWg.exe
  2⤵
  PID:7272
- C:\Windows\System\rlYgpUH.exe
  C:\Windows\System\rlYgpUH.exe
  2⤵
  PID:7312
- C:\Windows\System\AFOKpYX.exe
  C:\Windows\System\AFOKpYX.exe
  2⤵
  PID:7336
- C:\Windows\System\dUkELMc.exe
  C:\Windows\System\dUkELMc.exe
  2⤵
  PID:7392
- C:\Windows\System\NxYAloN.exe
  C:\Windows\System\NxYAloN.exe
  2⤵
  PID:7432
- C:\Windows\System\TpduyQt.exe
  C:\Windows\System\TpduyQt.exe
  2⤵
  PID:7416
- C:\Windows\System\VTtrvYX.exe
  C:\Windows\System\VTtrvYX.exe
  2⤵
  PID:7480
- C:\Windows\System\QQbkANq.exe
  C:\Windows\System\QQbkANq.exe
  2⤵
  PID:7496
- C:\Windows\System\alZHsEq.exe
  C:\Windows\System\alZHsEq.exe
  2⤵
  PID:7544
- C:\Windows\System\GRSnUhV.exe
  C:\Windows\System\GRSnUhV.exe
  2⤵
  PID:7596
- C:\Windows\System\AHSkmeu.exe
  C:\Windows\System\AHSkmeu.exe
  2⤵
  PID:7584
- C:\Windows\System\milKuty.exe
  C:\Windows\System\milKuty.exe
  2⤵
  PID:7684
- C:\Windows\System\SlVEfMC.exe
  C:\Windows\System\SlVEfMC.exe
  2⤵
  PID:7620
- C:\Windows\System\cqqaWAl.exe
  C:\Windows\System\cqqaWAl.exe
  2⤵
  PID:7724
- C:\Windows\System\pmieDqe.exe
  C:\Windows\System\pmieDqe.exe
  2⤵
  PID:7736
- C:\Windows\System\kSNHlsr.exe
  C:\Windows\System\kSNHlsr.exe
  2⤵
  PID:7796
- C:\Windows\System\IKWBXXa.exe
  C:\Windows\System\IKWBXXa.exe
  2⤵
  PID:3600
- C:\Windows\System\thrnKys.exe
  C:\Windows\System\thrnKys.exe
  2⤵
  PID:7840
- C:\Windows\System\diyniVU.exe
  C:\Windows\System\diyniVU.exe
  2⤵
  PID:7880
- C:\Windows\System\NDmkyXY.exe
  C:\Windows\System\NDmkyXY.exe
  2⤵
  PID:7916
- C:\Windows\System\LPrBzkl.exe
  C:\Windows\System\LPrBzkl.exe
  2⤵
  PID:7956
- C:\Windows\System\xNAUujt.exe
  C:\Windows\System\xNAUujt.exe
  2⤵
  PID:7980
- C:\Windows\System\aARkNDD.exe
  C:\Windows\System\aARkNDD.exe
  2⤵
  PID:8004
- C:\Windows\System\DAmjJLl.exe
  C:\Windows\System\DAmjJLl.exe
  2⤵
  PID:8020
- C:\Windows\System\hDWhKlu.exe
  C:\Windows\System\hDWhKlu.exe
  2⤵
  PID:8088
- C:\Windows\System\DEacYjV.exe
  C:\Windows\System\DEacYjV.exe
  2⤵
  PID:8064
- C:\Windows\System\aeGMhhV.exe
  C:\Windows\System\aeGMhhV.exe
  2⤵
  PID:8156
- C:\Windows\System\EPAkQOc.exe
  C:\Windows\System\EPAkQOc.exe
  2⤵
  PID:8144
- C:\Windows\System\BJxWgLH.exe
  C:\Windows\System\BJxWgLH.exe
  2⤵
  PID:7156
- C:\Windows\System\gToVqOP.exe
  C:\Windows\System\gToVqOP.exe
  2⤵
  PID:5348
- C:\Windows\System\LsHQdVo.exe
  C:\Windows\System\LsHQdVo.exe
  2⤵
  PID:2344
- C:\Windows\System\cqLsjKt.exe
  C:\Windows\System\cqLsjKt.exe
  2⤵
  PID:6444
- C:\Windows\System\ffushHl.exe
  C:\Windows\System\ffushHl.exe
  2⤵
  PID:6812
- C:\Windows\System\mihnwbm.exe
  C:\Windows\System\mihnwbm.exe
  2⤵
  PID:6576
- C:\Windows\System\rwJrQFh.exe
  C:\Windows\System\rwJrQFh.exe
  2⤵
  PID:7076
- C:\Windows\System\lAcolwE.exe
  C:\Windows\System\lAcolwE.exe
  2⤵
  PID:7240
- C:\Windows\System\OrKUzqm.exe
  C:\Windows\System\OrKUzqm.exe
  2⤵
  PID:7292
- C:\Windows\System\qKbZsAN.exe
  C:\Windows\System\qKbZsAN.exe
  2⤵
  PID:7300
- C:\Windows\System\SIxJvJB.exe
  C:\Windows\System\SIxJvJB.exe
  2⤵
  PID:7316
- C:\Windows\System\tckEUaN.exe
  C:\Windows\System\tckEUaN.exe
  2⤵
  PID:7332
- C:\Windows\System\jONZZEz.exe
  C:\Windows\System\jONZZEz.exe
  2⤵
  PID:7492
- C:\Windows\System\mErBxkP.exe
  C:\Windows\System\mErBxkP.exe
  2⤵
  PID:7456
- C:\Windows\System\VAWXTZS.exe
  C:\Windows\System\VAWXTZS.exe
  2⤵
  PID:7536
- C:\Windows\System\gYaQMQT.exe
  C:\Windows\System\gYaQMQT.exe
  2⤵
  PID:3168
- C:\Windows\System\cllBvcs.exe
  C:\Windows\System\cllBvcs.exe
  2⤵
  PID:7696
- C:\Windows\System\MKFydEv.exe
  C:\Windows\System\MKFydEv.exe
  2⤵
  PID:7652
- C:\Windows\System\UPNmaNv.exe
  C:\Windows\System\UPNmaNv.exe
  2⤵
  PID:7744
- C:\Windows\System\EvvYTuQ.exe
  C:\Windows\System\EvvYTuQ.exe
  2⤵
  PID:7828
- C:\Windows\System\eXTnFnI.exe
  C:\Windows\System\eXTnFnI.exe
  2⤵
  PID:7864
- C:\Windows\System\SASqVqM.exe
  C:\Windows\System\SASqVqM.exe
  2⤵
  PID:3596
- C:\Windows\System\vMMAQMT.exe
  C:\Windows\System\vMMAQMT.exe
  2⤵
  PID:7900
- C:\Windows\System\jwreMwM.exe
  C:\Windows\System\jwreMwM.exe
  2⤵
  PID:7976
- C:\Windows\System\uUHgWaf.exe
  C:\Windows\System\uUHgWaf.exe
  2⤵
  PID:8068
- C:\Windows\System\xbmdirw.exe
  C:\Windows\System\xbmdirw.exe
  2⤵
  PID:8104
- C:\Windows\System\lBCpIvZ.exe
  C:\Windows\System\lBCpIvZ.exe
  2⤵
  PID:5808
- C:\Windows\System\odQtONH.exe
  C:\Windows\System\odQtONH.exe
  2⤵
  PID:3464
- C:\Windows\System\LovXYLR.exe
  C:\Windows\System\LovXYLR.exe
  2⤵
  PID:2308
- C:\Windows\System\miobgzZ.exe
  C:\Windows\System\miobgzZ.exe
  2⤵
  PID:7172
- C:\Windows\System\ytBGhZZ.exe
  C:\Windows\System\ytBGhZZ.exe
  2⤵
  PID:7252
- C:\Windows\System\pefHSmJ.exe
  C:\Windows\System\pefHSmJ.exe
  2⤵
  PID:7436
- C:\Windows\System\PUrNELn.exe
  C:\Windows\System\PUrNELn.exe
  2⤵
  PID:6996
- C:\Windows\System\RifAqcQ.exe
  C:\Windows\System\RifAqcQ.exe
  2⤵
  PID:7460
- C:\Windows\System\XpNsCHC.exe
  C:\Windows\System\XpNsCHC.exe
  2⤵
  PID:7372
- C:\Windows\System\DUAMGIz.exe
  C:\Windows\System\DUAMGIz.exe
  2⤵
  PID:7616
- C:\Windows\System\QvcViUT.exe
  C:\Windows\System\QvcViUT.exe
  2⤵
  PID:2812
- C:\Windows\System\uCKTcAV.exe
  C:\Windows\System\uCKTcAV.exe
  2⤵
  PID:7660
- C:\Windows\System\FejmObd.exe
  C:\Windows\System\FejmObd.exe
  2⤵
  PID:7932
- C:\Windows\System\vBeHvoc.exe
  C:\Windows\System\vBeHvoc.exe
  2⤵
  PID:7984
- C:\Windows\System\mYEBavt.exe
  C:\Windows\System\mYEBavt.exe
  2⤵
  PID:8060
- C:\Windows\System\jYKnAoO.exe
  C:\Windows\System\jYKnAoO.exe
  2⤵
  PID:7944
- C:\Windows\System\RmLWawy.exe
  C:\Windows\System\RmLWawy.exe
  2⤵
  PID:1416
- C:\Windows\System\NSfSoha.exe
  C:\Windows\System\NSfSoha.exe
  2⤵
  PID:5164
- C:\Windows\System\ZMteCTn.exe
  C:\Windows\System\ZMteCTn.exe
  2⤵
  PID:7296
- C:\Windows\System\heXfnsk.exe
  C:\Windows\System\heXfnsk.exe
  2⤵
  PID:7256
- C:\Windows\System\SVNgUmh.exe
  C:\Windows\System\SVNgUmh.exe
  2⤵
  PID:7512
- C:\Windows\System\FIsEDMQ.exe
  C:\Windows\System\FIsEDMQ.exe
  2⤵
  PID:3164
- C:\Windows\System\rFMoPpf.exe
  C:\Windows\System\rFMoPpf.exe
  2⤵
  PID:2868
- C:\Windows\System\sLLowGB.exe
  C:\Windows\System\sLLowGB.exe
  2⤵
  PID:7760
- C:\Windows\System\NGDHqXj.exe
  C:\Windows\System\NGDHqXj.exe
  2⤵
  PID:2804
- C:\Windows\System\TrBHCfJ.exe
  C:\Windows\System\TrBHCfJ.exe
  2⤵
  PID:4180
- C:\Windows\System\sQWezox.exe
  C:\Windows\System\sQWezox.exe
  2⤵
  PID:8000
- C:\Windows\System\AMrJwaR.exe
  C:\Windows\System\AMrJwaR.exe
  2⤵
  PID:2252
- C:\Windows\System\ifRpjbC.exe
  C:\Windows\System\ifRpjbC.exe
  2⤵
  PID:8128
- C:\Windows\System\zasJXPs.exe
  C:\Windows\System\zasJXPs.exe
  2⤵
  PID:8024
- C:\Windows\System\kEWrABd.exe
  C:\Windows\System\kEWrABd.exe
  2⤵
  PID:7200
- C:\Windows\System\tgzPtCF.exe
  C:\Windows\System\tgzPtCF.exe
  2⤵
  PID:6896
- C:\Windows\System\JJCvcrO.exe
  C:\Windows\System\JJCvcrO.exe
  2⤵
  PID:3004
- C:\Windows\System\HaSzBWt.exe
  C:\Windows\System\HaSzBWt.exe
  2⤵
  PID:7276
- C:\Windows\System\nCtikml.exe
  C:\Windows\System\nCtikml.exe
  2⤵
  PID:7704
- C:\Windows\System\xvlbxta.exe
  C:\Windows\System\xvlbxta.exe
  2⤵
  PID:7888
- C:\Windows\System\JWRQsBg.exe
  C:\Windows\System\JWRQsBg.exe
  2⤵
  PID:6344
- C:\Windows\System\cRQUnsc.exe
  C:\Windows\System\cRQUnsc.exe
  2⤵
  PID:8204
- C:\Windows\System\MXHSgjU.exe
  C:\Windows\System\MXHSgjU.exe
  2⤵
  PID:8220
- C:\Windows\System\fAfxEuK.exe
  C:\Windows\System\fAfxEuK.exe
  2⤵
  PID:8236
- C:\Windows\System\kLESxjt.exe
  C:\Windows\System\kLESxjt.exe
  2⤵
  PID:8264
- C:\Windows\System\bkXUaMj.exe
  C:\Windows\System\bkXUaMj.exe
  2⤵
  PID:8284
- C:\Windows\System\KEzhERl.exe
  C:\Windows\System\KEzhERl.exe
  2⤵
  PID:8300
- C:\Windows\System\DBSbBSQ.exe
  C:\Windows\System\DBSbBSQ.exe
  2⤵
  PID:8316
- C:\Windows\System\OfyhHrY.exe
  C:\Windows\System\OfyhHrY.exe
  2⤵
  PID:8332
- C:\Windows\System\igcThwX.exe
  C:\Windows\System\igcThwX.exe
  2⤵
  PID:8352
- C:\Windows\System\ucbIrKx.exe
  C:\Windows\System\ucbIrKx.exe
  2⤵
  PID:8380
- C:\Windows\System\UjdlBcr.exe
  C:\Windows\System\UjdlBcr.exe
  2⤵
  PID:8396
- C:\Windows\System\DYiCYjx.exe
  C:\Windows\System\DYiCYjx.exe
  2⤵
  PID:8412
- C:\Windows\System\kEltfuK.exe
  C:\Windows\System\kEltfuK.exe
  2⤵
  PID:8428
- C:\Windows\System\ymgdcRD.exe
  C:\Windows\System\ymgdcRD.exe
  2⤵
  PID:8448
- C:\Windows\System\IRapcUA.exe
  C:\Windows\System\IRapcUA.exe
  2⤵
  PID:8464
- C:\Windows\System\LnjABiQ.exe
  C:\Windows\System\LnjABiQ.exe
  2⤵
  PID:8484
- C:\Windows\System\UQBkjCS.exe
  C:\Windows\System\UQBkjCS.exe
  2⤵
  PID:8568
- C:\Windows\System\JzrjInS.exe
  C:\Windows\System\JzrjInS.exe
  2⤵
  PID:8584
- C:\Windows\System\DwtNfnD.exe
  C:\Windows\System\DwtNfnD.exe
  2⤵
  PID:8600
- C:\Windows\System\KfYkNSf.exe
  C:\Windows\System\KfYkNSf.exe
  2⤵
  PID:8616
- C:\Windows\System\SsZRaWd.exe
  C:\Windows\System\SsZRaWd.exe
  2⤵
  PID:8632
- C:\Windows\System\RYjrIwY.exe
  C:\Windows\System\RYjrIwY.exe
  2⤵
  PID:8648
- C:\Windows\System\hxezlxt.exe
  C:\Windows\System\hxezlxt.exe
  2⤵
  PID:8664
- C:\Windows\System\eLvhwhy.exe
  C:\Windows\System\eLvhwhy.exe
  2⤵
  PID:8684
- C:\Windows\System\FATuIFi.exe
  C:\Windows\System\FATuIFi.exe
  2⤵
  PID:8716
- C:\Windows\System\etcizHy.exe
  C:\Windows\System\etcizHy.exe
  2⤵
  PID:8736
- C:\Windows\System\HJfXzWh.exe
  C:\Windows\System\HJfXzWh.exe
  2⤵
  PID:8756
- C:\Windows\System\CTmhFNA.exe
  C:\Windows\System\CTmhFNA.exe
  2⤵
  PID:8776
- C:\Windows\System\XNohhAb.exe
  C:\Windows\System\XNohhAb.exe
  2⤵
  PID:8796
- C:\Windows\System\NvoFOKQ.exe
  C:\Windows\System\NvoFOKQ.exe
  2⤵
  PID:8816
- C:\Windows\System\OvIJZCl.exe
  C:\Windows\System\OvIJZCl.exe
  2⤵
  PID:8856
- C:\Windows\System\NNGmVyk.exe
  C:\Windows\System\NNGmVyk.exe
  2⤵
  PID:8916
- C:\Windows\System\ChGwfuJ.exe
  C:\Windows\System\ChGwfuJ.exe
  2⤵
  PID:8936
- C:\Windows\System\wbseijk.exe
  C:\Windows\System\wbseijk.exe
  2⤵
  PID:8952
- C:\Windows\System\PrhqQpV.exe
  C:\Windows\System\PrhqQpV.exe
  2⤵
  PID:8968
- C:\Windows\System\KMrKadJ.exe
  C:\Windows\System\KMrKadJ.exe
  2⤵
  PID:8984
- C:\Windows\System\OqyopFk.exe
  C:\Windows\System\OqyopFk.exe
  2⤵
  PID:9004
- C:\Windows\System\FKSZfyN.exe
  C:\Windows\System\FKSZfyN.exe
  2⤵
  PID:9020
- C:\Windows\System\HKmpWNv.exe
  C:\Windows\System\HKmpWNv.exe
  2⤵
  PID:9036
- C:\Windows\System\uAQHghe.exe
  C:\Windows\System\uAQHghe.exe
  2⤵
  PID:9052
- C:\Windows\System\jxkSnwU.exe
  C:\Windows\System\jxkSnwU.exe
  2⤵
  PID:9068
- C:\Windows\System\EJHuyYW.exe
  C:\Windows\System\EJHuyYW.exe
  2⤵
  PID:9084
- C:\Windows\System\nknagnt.exe
  C:\Windows\System\nknagnt.exe
  2⤵
  PID:9100
- C:\Windows\System\jAsQUlP.exe
  C:\Windows\System\jAsQUlP.exe
  2⤵
  PID:9116
- C:\Windows\System\xxYixxF.exe
  C:\Windows\System\xxYixxF.exe
  2⤵
  PID:9132
- C:\Windows\System\ctGziGj.exe
  C:\Windows\System\ctGziGj.exe
  2⤵
  PID:9148
- C:\Windows\System\miHWVxE.exe
  C:\Windows\System\miHWVxE.exe
  2⤵
  PID:9164
- C:\Windows\System\HxgDDFG.exe
  C:\Windows\System\HxgDDFG.exe
  2⤵
  PID:9180
- C:\Windows\System\auqBcFs.exe
  C:\Windows\System\auqBcFs.exe
  2⤵
  PID:9196
- C:\Windows\System\tbqPHmm.exe
  C:\Windows\System\tbqPHmm.exe
  2⤵
  PID:9212
- C:\Windows\System\TlWRbjc.exe
  C:\Windows\System\TlWRbjc.exe
  2⤵
  PID:7576
- C:\Windows\System\TOrMsdV.exe
  C:\Windows\System\TOrMsdV.exe
  2⤵
  PID:7780
- C:\Windows\System\dtNtCxV.exe
  C:\Windows\System\dtNtCxV.exe
  2⤵
  PID:2740
- C:\Windows\System\NbSpgti.exe
  C:\Windows\System\NbSpgti.exe
  2⤵
  PID:8196
- C:\Windows\System\RHOEGni.exe
  C:\Windows\System\RHOEGni.exe
  2⤵
  PID:2440
- C:\Windows\System\bhKxOPO.exe
  C:\Windows\System\bhKxOPO.exe
  2⤵
  PID:8120
- C:\Windows\System\UNelMlZ.exe
  C:\Windows\System\UNelMlZ.exe
  2⤵
  PID:2388
- C:\Windows\System\PgVVJyC.exe
  C:\Windows\System\PgVVJyC.exe
  2⤵
  PID:8244
- C:\Windows\System\IZMZdwc.exe
  C:\Windows\System\IZMZdwc.exe
  2⤵
  PID:8276
- C:\Windows\System\zcVdbIS.exe
  C:\Windows\System\zcVdbIS.exe
  2⤵
  PID:2660
- C:\Windows\System\jReqzVb.exe
  C:\Windows\System\jReqzVb.exe
  2⤵
  PID:8440
- C:\Windows\System\NKMQqiQ.exe
  C:\Windows\System\NKMQqiQ.exe
  2⤵
  PID:112
- C:\Windows\System\VAXuvld.exe
  C:\Windows\System\VAXuvld.exe
  2⤵
  PID:8496
- C:\Windows\System\TPUWVwO.exe
  C:\Windows\System\TPUWVwO.exe
  2⤵
  PID:8516
- C:\Windows\System\yCenSLw.exe
  C:\Windows\System\yCenSLw.exe
  2⤵
  PID:8536
- C:\Windows\System\iYPZMpW.exe
  C:\Windows\System\iYPZMpW.exe
  2⤵
  PID:8556
- C:\Windows\System\RBMPLZT.exe
  C:\Windows\System\RBMPLZT.exe
  2⤵
  PID:1800
- C:\Windows\System\apXNQeb.exe
  C:\Windows\System\apXNQeb.exe
  2⤵
  PID:628
- C:\Windows\System\aHzRnKz.exe
  C:\Windows\System\aHzRnKz.exe
  2⤵
  PID:2796
- C:\Windows\System\oRgpHCQ.exe
  C:\Windows\System\oRgpHCQ.exe
  2⤵
  PID:8592
- C:\Windows\System\dzaUBFq.exe
  C:\Windows\System\dzaUBFq.exe
  2⤵
  PID:8612
- C:\Windows\System\RAvKYBO.exe
  C:\Windows\System\RAvKYBO.exe
  2⤵
  PID:8656
- C:\Windows\System\oYOqhFN.exe
  C:\Windows\System\oYOqhFN.exe
  2⤵
  PID:8672
- C:\Windows\System\XlLpvvI.exe
  C:\Windows\System\XlLpvvI.exe
  2⤵
  PID:8724
- C:\Windows\System\eGmbgzE.exe
  C:\Windows\System\eGmbgzE.exe
  2⤵
  PID:8764
- C:\Windows\System\eQKGoCq.exe
  C:\Windows\System\eQKGoCq.exe
  2⤵
  PID:8804
- C:\Windows\System\CVqMjVC.exe
  C:\Windows\System\CVqMjVC.exe
  2⤵
  PID:8828
- C:\Windows\System\FfkPApy.exe
  C:\Windows\System\FfkPApy.exe
  2⤵
  PID:8876
- C:\Windows\System\YlvMeBv.exe
  C:\Windows\System\YlvMeBv.exe
  2⤵
  PID:8888
- C:\Windows\System\gDwMlPQ.exe
  C:\Windows\System\gDwMlPQ.exe
  2⤵
  PID:2620
- C:\Windows\System\dyuvyJG.exe
  C:\Windows\System\dyuvyJG.exe
  2⤵
  PID:2416
- C:\Windows\System\ALYtujB.exe
  C:\Windows\System\ALYtujB.exe
  2⤵
  PID:2176
- C:\Windows\System\ynhjQCE.exe
  C:\Windows\System\ynhjQCE.exe
  2⤵
  PID:8944
- C:\Windows\System\nutVbQT.exe
  C:\Windows\System\nutVbQT.exe
  2⤵
  PID:8980
- C:\Windows\System\jisgOic.exe
  C:\Windows\System\jisgOic.exe
  2⤵
  PID:9188
- C:\Windows\System\zqglMYP.exe
  C:\Windows\System\zqglMYP.exe
  2⤵
  PID:9144
- C:\Windows\System\fNgDlZa.exe
  C:\Windows\System\fNgDlZa.exe
  2⤵
  PID:9208
- C:\Windows\System\kwQkBmv.exe
  C:\Windows\System\kwQkBmv.exe
  2⤵
  PID:7676
- C:\Windows\System\kyBCJPF.exe
  C:\Windows\System\kyBCJPF.exe
  2⤵
  PID:8228
- C:\Windows\System\fxYAsCO.exe
  C:\Windows\System\fxYAsCO.exe
  2⤵
  PID:9096
- C:\Windows\System\NQsEPoG.exe
  C:\Windows\System\NQsEPoG.exe
  2⤵
  PID:8256
- C:\Windows\System\UoQCdtM.exe
  C:\Windows\System\UoQCdtM.exe
  2⤵
  PID:3044
- C:\Windows\System\NPpDWKz.exe
  C:\Windows\System\NPpDWKz.exe
  2⤵
  PID:8296
- C:\Windows\System\PXFIBXZ.exe
  C:\Windows\System\PXFIBXZ.exe
  2⤵
  PID:1944
- C:\Windows\System\gQnUyPB.exe
  C:\Windows\System\gQnUyPB.exe
  2⤵
  PID:1360
- C:\Windows\System\jvYZjDZ.exe
  C:\Windows\System\jvYZjDZ.exe
  2⤵
  PID:8364
- C:\Windows\System\toACLoG.exe
  C:\Windows\System\toACLoG.exe
  2⤵
  PID:8376
- C:\Windows\System\CdgYgbW.exe
  C:\Windows\System\CdgYgbW.exe
  2⤵
  PID:1836
- C:\Windows\System\legFole.exe
  C:\Windows\System\legFole.exe
  2⤵
  PID:8476
- C:\Windows\System\DyUlNxt.exe
  C:\Windows\System\DyUlNxt.exe
  2⤵
  PID:1044
- C:\Windows\System\VFhLvQQ.exe
  C:\Windows\System\VFhLvQQ.exe
  2⤵
  PID:8524
- C:\Windows\System\hCEEFeN.exe
  C:\Windows\System\hCEEFeN.exe
  2⤵
  PID:8548
- C:\Windows\System\OqhoEje.exe
  C:\Windows\System\OqhoEje.exe
  2⤵
  PID:1732
- C:\Windows\System\rXVrMSl.exe
  C:\Windows\System\rXVrMSl.exe
  2⤵
  PID:2112
- C:\Windows\System\VkMeudu.exe
  C:\Windows\System\VkMeudu.exe
  2⤵
  PID:8852
- C:\Windows\System\ktcrhpM.exe
  C:\Windows\System\ktcrhpM.exe
  2⤵
  PID:2340
- C:\Windows\System\GdJbuKD.exe
  C:\Windows\System\GdJbuKD.exe
  2⤵
  PID:8628
- C:\Windows\System\rdLTrXg.exe
  C:\Windows\System\rdLTrXg.exe
  2⤵
  PID:8752
- C:\Windows\System\VBecYgG.exe
  C:\Windows\System\VBecYgG.exe
  2⤵
  PID:8960
- C:\Windows\System\OWkezfl.exe
  C:\Windows\System\OWkezfl.exe
  2⤵
  PID:8976
- C:\Windows\System\JmGKDWA.exe
  C:\Windows\System\JmGKDWA.exe
  2⤵
  PID:8792
- C:\Windows\System\RWgLQvu.exe
  C:\Windows\System\RWgLQvu.exe
  2⤵
  PID:8040
- C:\Windows\System\hCqvdTE.exe
  C:\Windows\System\hCqvdTE.exe
  2⤵
  PID:8844
- C:\Windows\System\Yeibuhh.exe
  C:\Windows\System\Yeibuhh.exe
  2⤵
  PID:9192
- C:\Windows\System\pNgoAnp.exe
  C:\Windows\System\pNgoAnp.exe
  2⤵
  PID:8124
- C:\Windows\System\eQleuPH.exe
  C:\Windows\System\eQleuPH.exe
  2⤵
  PID:8344
- C:\Windows\System\OASlyqL.exe
  C:\Windows\System\OASlyqL.exe
  2⤵
  PID:8340
- C:\Windows\System\VoXKLwi.exe
  C:\Windows\System\VoXKLwi.exe
  2⤵
  PID:9160
- C:\Windows\System\bwgaMyE.exe
  C:\Windows\System\bwgaMyE.exe
  2⤵
  PID:8420
- C:\Windows\System\DYGbivp.exe
  C:\Windows\System\DYGbivp.exe
  2⤵
  PID:8472
- C:\Windows\System\drlxgoi.exe
  C:\Windows\System\drlxgoi.exe
  2⤵
  PID:8348
- C:\Windows\System\frmHStI.exe
  C:\Windows\System\frmHStI.exe
  2⤵
  PID:2284
- C:\Windows\System\kadFntS.exe
  C:\Windows\System\kadFntS.exe
  2⤵
  PID:9016
- C:\Windows\System\eDTopSy.exe
  C:\Windows\System\eDTopSy.exe
  2⤵
  PID:9080
- C:\Windows\System\XBbDuuT.exe
  C:\Windows\System\XBbDuuT.exe
  2⤵
  PID:7868
- C:\Windows\System\SHINvFZ.exe
  C:\Windows\System\SHINvFZ.exe
  2⤵
  PID:8580
- C:\Windows\System\isnkjev.exe
  C:\Windows\System\isnkjev.exe
  2⤵
  PID:2268
- C:\Windows\System\lRwOLuS.exe
  C:\Windows\System\lRwOLuS.exe
  2⤵
  PID:8904
- C:\Windows\System\WqInwrl.exe
  C:\Windows\System\WqInwrl.exe
  2⤵
  PID:8864
- C:\Windows\System\sQatnkI.exe
  C:\Windows\System\sQatnkI.exe
  2⤵
  PID:2424
- C:\Windows\System\OoFjXje.exe
  C:\Windows\System\OoFjXje.exe
  2⤵
  PID:8700
- C:\Windows\System\FbJDnCx.exe
  C:\Windows\System\FbJDnCx.exe
  2⤵
  PID:8372
- C:\Windows\System\RvoFNDy.exe
  C:\Windows\System\RvoFNDy.exe
  2⤵
  PID:9156
- C:\Windows\System\WgTmpnC.exe
  C:\Windows\System\WgTmpnC.exe
  2⤵
  PID:1588
- C:\Windows\System\IgEtACV.exe
  C:\Windows\System\IgEtACV.exe
  2⤵
  PID:8812
- C:\Windows\System\rpZxPBe.exe
  C:\Windows\System\rpZxPBe.exe
  2⤵
  PID:9092
- C:\Windows\System\wHQdkrF.exe
  C:\Windows\System\wHQdkrF.exe
  2⤵
  PID:8508
- C:\Windows\System\GBSSGtY.exe
  C:\Windows\System\GBSSGtY.exe
  2⤵
  PID:2092
- C:\Windows\System\fapvJFr.exe
  C:\Windows\System\fapvJFr.exe
  2⤵
  PID:1828
- C:\Windows\System\jTRHMWb.exe
  C:\Windows\System\jTRHMWb.exe
  2⤵
  PID:8528
- C:\Windows\System\jMYlkcc.exe
  C:\Windows\System\jMYlkcc.exe
  2⤵
  PID:9028
- C:\Windows\System\rBQfGYg.exe
  C:\Windows\System\rBQfGYg.exe
  2⤵
  PID:8444
- C:\Windows\System\VhnEUoJ.exe
  C:\Windows\System\VhnEUoJ.exe
  2⤵
  PID:1252
- C:\Windows\System\JFbJbzf.exe
  C:\Windows\System\JFbJbzf.exe
  2⤵
  PID:6548
- C:\Windows\System\cMOnYyS.exe
  C:\Windows\System\cMOnYyS.exe
  2⤵
  PID:9060
- C:\Windows\System\UbXaPIE.exe
  C:\Windows\System\UbXaPIE.exe
  2⤵
  PID:8964
- C:\Windows\System\FXbDyjh.exe
  C:\Windows\System\FXbDyjh.exe
  2⤵
  PID:8232
- C:\Windows\System\NUojNnj.exe
  C:\Windows\System\NUojNnj.exe
  2⤵
  PID:8248
- C:\Windows\System\NlEVncG.exe
  C:\Windows\System\NlEVncG.exe
  2⤵
  PID:9112
- C:\Windows\System\lZBdCfA.exe
  C:\Windows\System\lZBdCfA.exe
  2⤵
  PID:8392
- C:\Windows\System\dIlQlmw.exe
  C:\Windows\System\dIlQlmw.exe
  2⤵
  PID:9232
- C:\Windows\System\XOxZgZT.exe
  C:\Windows\System\XOxZgZT.exe
  2⤵
  PID:9252
- C:\Windows\System\wAazxWU.exe
  C:\Windows\System\wAazxWU.exe
  2⤵
  PID:9268
- C:\Windows\System\mHGKMpe.exe
  C:\Windows\System\mHGKMpe.exe
  2⤵
  PID:9288
- C:\Windows\System\qIlbMFh.exe
  C:\Windows\System\qIlbMFh.exe
  2⤵
  PID:9304
- C:\Windows\System\sZZDJVk.exe
  C:\Windows\System\sZZDJVk.exe
  2⤵
  PID:9320
- C:\Windows\System\ueCqYvk.exe
  C:\Windows\System\ueCqYvk.exe
  2⤵
  PID:9340
- C:\Windows\System\cIgyXAS.exe
  C:\Windows\System\cIgyXAS.exe
  2⤵
  PID:9356
- C:\Windows\System\AkAHHke.exe
  C:\Windows\System\AkAHHke.exe
  2⤵
  PID:9372
- C:\Windows\System\hpqXuCF.exe
  C:\Windows\System\hpqXuCF.exe
  2⤵
  PID:9388
- C:\Windows\System\mdpXkuz.exe
  C:\Windows\System\mdpXkuz.exe
  2⤵
  PID:9404
- C:\Windows\System\pzeidIk.exe
  C:\Windows\System\pzeidIk.exe
  2⤵
  PID:9420
- C:\Windows\System\aBfyNVR.exe
  C:\Windows\System\aBfyNVR.exe
  2⤵
  PID:9436
- C:\Windows\System\JPbTXpG.exe
  C:\Windows\System\JPbTXpG.exe
  2⤵
  PID:9456
- C:\Windows\System\rahYCme.exe
  C:\Windows\System\rahYCme.exe
  2⤵
  PID:9472
- C:\Windows\System\hnGEVaI.exe
  C:\Windows\System\hnGEVaI.exe
  2⤵
  PID:9488
- C:\Windows\System\eljilvN.exe
  C:\Windows\System\eljilvN.exe
  2⤵
  PID:9504
- C:\Windows\System\fbIUBKz.exe
  C:\Windows\System\fbIUBKz.exe
  2⤵
  PID:9524
- C:\Windows\System\MTeFxwX.exe
  C:\Windows\System\MTeFxwX.exe
  2⤵
  PID:9540
- C:\Windows\System\KJMgBUW.exe
  C:\Windows\System\KJMgBUW.exe
  2⤵
  PID:9560
- C:\Windows\System\tIUnxcc.exe
  C:\Windows\System\tIUnxcc.exe
  2⤵
  PID:9580
- C:\Windows\System\pldysGl.exe
  C:\Windows\System\pldysGl.exe
  2⤵
  PID:9652
- C:\Windows\System\AaJYcyB.exe
  C:\Windows\System\AaJYcyB.exe
  2⤵
  PID:9668
- C:\Windows\System\IFjrZEG.exe
  C:\Windows\System\IFjrZEG.exe
  2⤵
  PID:9688
- C:\Windows\System\ltPSMxq.exe
  C:\Windows\System\ltPSMxq.exe
  2⤵
  PID:9704
- C:\Windows\System\tAteCdF.exe
  C:\Windows\System\tAteCdF.exe
  2⤵
  PID:9728
- C:\Windows\System\FZWcxKU.exe
  C:\Windows\System\FZWcxKU.exe
  2⤵
  PID:9744
- C:\Windows\System\lHtnNcU.exe
  C:\Windows\System\lHtnNcU.exe
  2⤵
  PID:9764
- C:\Windows\System\cecJjCE.exe
  C:\Windows\System\cecJjCE.exe
  2⤵
  PID:9780
- C:\Windows\System\XeeQTnG.exe
  C:\Windows\System\XeeQTnG.exe
  2⤵
  PID:9796
- C:\Windows\System\rvwQJOE.exe
  C:\Windows\System\rvwQJOE.exe
  2⤵
  PID:9820
- C:\Windows\System\MFReQbJ.exe
  C:\Windows\System\MFReQbJ.exe
  2⤵
  PID:9836
- C:\Windows\System\CAMllhv.exe
  C:\Windows\System\CAMllhv.exe
  2⤵
  PID:9872
- C:\Windows\System\HxEfgCv.exe
  C:\Windows\System\HxEfgCv.exe
  2⤵
  PID:9892
- C:\Windows\System\ZsAysoI.exe
  C:\Windows\System\ZsAysoI.exe
  2⤵
  PID:9916
- C:\Windows\System\ttZlGtC.exe
  C:\Windows\System\ttZlGtC.exe
  2⤵
  PID:9932
- C:\Windows\System\rBXrnqy.exe
  C:\Windows\System\rBXrnqy.exe
  2⤵
  PID:9952
- C:\Windows\System\rVLXXKD.exe
  C:\Windows\System\rVLXXKD.exe
  2⤵
  PID:9968
- C:\Windows\System\KvRmPzK.exe
  C:\Windows\System\KvRmPzK.exe
  2⤵
  PID:9984
- C:\Windows\System\HZkIdAY.exe
  C:\Windows\System\HZkIdAY.exe
  2⤵
  PID:10004
- C:\Windows\System\UcyXAwj.exe
  C:\Windows\System\UcyXAwj.exe
  2⤵
  PID:10020
- C:\Windows\System\vIJgfHB.exe
  C:\Windows\System\vIJgfHB.exe
  2⤵
  PID:10040
- C:\Windows\System\oFgXOtn.exe
  C:\Windows\System\oFgXOtn.exe
  2⤵
  PID:10056
- C:\Windows\System\xzQZCMS.exe
  C:\Windows\System\xzQZCMS.exe
  2⤵
  PID:10072
- C:\Windows\System\XUnmdgp.exe
  C:\Windows\System\XUnmdgp.exe
  2⤵
  PID:10088
- C:\Windows\System\zDeuZvM.exe
  C:\Windows\System\zDeuZvM.exe
  2⤵
  PID:10144
- C:\Windows\System\LcSnpyk.exe
  C:\Windows\System\LcSnpyk.exe
  2⤵
  PID:10160
- C:\Windows\System\oIKKEyS.exe
  C:\Windows\System\oIKKEyS.exe
  2⤵
  PID:10176
- C:\Windows\System\VEppvQp.exe
  C:\Windows\System\VEppvQp.exe
  2⤵
  PID:10192
- C:\Windows\System\RswRPNO.exe
  C:\Windows\System\RswRPNO.exe
  2⤵
  PID:10208
- C:\Windows\System\mAUFjKh.exe
  C:\Windows\System\mAUFjKh.exe
  2⤵
  PID:10224
- C:\Windows\System\iMjERFp.exe
  C:\Windows\System\iMjERFp.exe
  2⤵
  PID:8360
- C:\Windows\System\UjQyLix.exe
  C:\Windows\System\UjQyLix.exe
  2⤵
  PID:9224
- C:\Windows\System\VUSYMEl.exe
  C:\Windows\System\VUSYMEl.exe
  2⤵
  PID:9280
- C:\Windows\System\FjbNwlt.exe
  C:\Windows\System\FjbNwlt.exe
  2⤵
  PID:9332
- C:\Windows\System\ZZxaNSc.exe
  C:\Windows\System\ZZxaNSc.exe
  2⤵
  PID:9316
- C:\Windows\System\MbpIRrx.exe
  C:\Windows\System\MbpIRrx.exe
  2⤵
  PID:9496
- C:\Windows\System\iLSdKeV.exe
  C:\Windows\System\iLSdKeV.exe
  2⤵
  PID:9532
- C:\Windows\System\BpZPiXH.exe
  C:\Windows\System\BpZPiXH.exe
  2⤵
  PID:9348
- C:\Windows\System\GaWAcKo.exe
  C:\Windows\System\GaWAcKo.exe
  2⤵
  PID:9416
- C:\Windows\System\XohRdco.exe
  C:\Windows\System\XohRdco.exe
  2⤵
  PID:9480
- C:\Windows\System\xGLcyMN.exe
  C:\Windows\System\xGLcyMN.exe
  2⤵
  PID:9556
- C:\Windows\System\CSABTmK.exe
  C:\Windows\System\CSABTmK.exe
  2⤵
  PID:9592
- C:\Windows\System\KpbwpRk.exe
  C:\Windows\System\KpbwpRk.exe
  2⤵
  PID:9632
- C:\Windows\System\aStpwMP.exe
  C:\Windows\System\aStpwMP.exe
  2⤵
  PID:9640
- C:\Windows\System\odzcFvq.exe
  C:\Windows\System\odzcFvq.exe
  2⤵
  PID:9712
- C:\Windows\System\bQSfNjx.exe
  C:\Windows\System\bQSfNjx.exe
  2⤵
  PID:9716
- C:\Windows\System\rVDUIqq.exe
  C:\Windows\System\rVDUIqq.exe
  2⤵
  PID:9724
- C:\Windows\System\DRXIegq.exe
  C:\Windows\System\DRXIegq.exe
  2⤵
  PID:9812
- C:\Windows\System\SEJgRTt.exe
  C:\Windows\System\SEJgRTt.exe
  2⤵
  PID:9740
- C:\Windows\System\DJscPTl.exe
  C:\Windows\System\DJscPTl.exe
  2⤵
  PID:9832
- C:\Windows\System\ozCKeIF.exe
  C:\Windows\System\ozCKeIF.exe
  2⤵
  PID:9852
- C:\Windows\System\ObUynvw.exe
  C:\Windows\System\ObUynvw.exe
  2⤵
  PID:9868
- C:\Windows\System\PddmCFf.exe
  C:\Windows\System\PddmCFf.exe
  2⤵
  PID:9864
- C:\Windows\System\kakRwuZ.exe
  C:\Windows\System\kakRwuZ.exe
  2⤵
  PID:9908
- C:\Windows\System\jfnkpnz.exe
  C:\Windows\System\jfnkpnz.exe
  2⤵
  PID:9976
- C:\Windows\System\firWwTG.exe
  C:\Windows\System\firWwTG.exe
  2⤵
  PID:10032
- C:\Windows\System\pfdCdzg.exe
  C:\Windows\System\pfdCdzg.exe
  2⤵
  PID:10016
- C:\Windows\System\NctPLoE.exe
  C:\Windows\System\NctPLoE.exe
  2⤵
  PID:9992
- C:\Windows\System\MqFzHFx.exe
  C:\Windows\System\MqFzHFx.exe
  2⤵
  PID:10104
- C:\Windows\System\UazBufh.exe
  C:\Windows\System\UazBufh.exe
  2⤵
  PID:9248
- C:\Windows\System\XkbwIWD.exe
  C:\Windows\System\XkbwIWD.exe
  2⤵
  PID:10128
- C:\Windows\System\kwktEYW.exe
  C:\Windows\System\kwktEYW.exe
  2⤵
  PID:10112
- C:\Windows\System\FYGFYcB.exe
  C:\Windows\System\FYGFYcB.exe
  2⤵
  PID:10200
- C:\Windows\System\QDDMykn.exe
  C:\Windows\System\QDDMykn.exe
  2⤵
  PID:10188
- C:\Windows\System\AEphaKf.exe
  C:\Windows\System\AEphaKf.exe
  2⤵
  PID:9240
- C:\Windows\System\gYEzXvD.exe
  C:\Windows\System\gYEzXvD.exe
  2⤵
  PID:9260
- C:\Windows\System\xhKfSnu.exe
  C:\Windows\System\xhKfSnu.exe
  2⤵
  PID:9364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ASQArHH.exe

Filesize
6.0MB

MD5
b991a4774eeb8ce648463beadb44f5c2

SHA1
0766838a2504dd80e9c893b724318a8daa482776

SHA256
1a543e4e92839a8e4041173608a75b45d30e978e7fabc151e9715a479fb4f451

SHA512
bf303a36897a4882190abf1dc5ca7b561547663ea542db9dd87457deab36e30ad928ea26030ba7f61351ae3d65be0284bd00953234598fba65231215a9ce4d3d

Download Submit
C:\Windows\system\BznkVzQ.exe

Filesize
6.0MB

MD5
913d3bfc2d4028a137da85d70787d49f

SHA1
6cc6bc8912fc7a8b4d4977749168b41f19416bc2

SHA256
c1de8f7f6feda8c69208f8f58b60506b7200976c95e9ce197a47f94ca13f1865

SHA512
a4fef2925c685d7833e1a1120872178aea5d2f1fcce59140d14585a4bf0ab8572d72abb1d815b03b8e6e0bbd41e2c94f6fe09edefb55368e906abea59b4a9d21

Download Submit
C:\Windows\system\CbQdpvj.exe

Filesize
6.0MB

MD5
217643d2182b54f7c34a88249d516f48

SHA1
9bf036bc02564b171395ffb5ccb7cbded6f2e326

SHA256
bdeee3b86f25d35124ef8c4048ad23a6409ab12e908617ef7354458b856df279

SHA512
74acf4bfa7984137361c1c53e82d4b7beba931dfe29bdcf4d0a7af744976844ff41cc3d821e444eb2e1bb6a40d6d5ff9540e9acc2aca0366020b2d26e957a651

Download Submit
C:\Windows\system\ExLiQsJ.exe

Filesize
6.0MB

MD5
64d06aa096e89efb1c6fedcc1e73eb57

SHA1
ae962cb66b2b6c51f486bed94b2d3b76e36af67b

SHA256
bc12ee44e87451f3019095dd6172209bd07252a152841c96d48eac07440a112e

SHA512
47675c0ba3f8cef9856987b168a217db56676aafb1e851291e8c895c3e47d339d573e5a047224de7c05fd720b8c7c4918487a4c9ac3a69cff57294dcad2745fd

Download Submit
C:\Windows\system\FcbEhjN.exe

Filesize
6.0MB

MD5
c21cee5d10c83a4be68de6b048b5ffb4

SHA1
7ea062597eaba67ec710b109e09426e5f588e10b

SHA256
11290547591decbfd177fde57e01d1a2c71fe517e048e0304db87a6830e24161

SHA512
fc104929e7440d6c5bb2ae4d405528445a248f7c8d96506c35a2a34bd23125325fb9793509ae96bba39c37d0c7a38180acd40ff0949591973647d4b700cd6421

Download Submit
C:\Windows\system\GyMnivG.exe

Filesize
6.0MB

MD5
f1ba18a1bc939c7a859202576856fb4e

SHA1
22a5336374dc71e2f207ef3464482321e43453f8

SHA256
6a8079b380226931913bef2d235ceee91b233a229a238c79a8d178fb5bee0bc2

SHA512
79f3b504b4b159b7a3bc02610abb4546fe660db2608ef2345225ce9c410081041f3b966794139cfa16ff4297b3371e422edcc736934d549684808e99fe9dd543

Download Submit
C:\Windows\system\JWVSQvE.exe

Filesize
6.0MB

MD5
4fdc68c9f2f3f57e773626fc1317e668

SHA1
840bf2c59fc500ed779d3a8d16127a5442d1871e

SHA256
780ab0c5e011dd277122a14072027a303815eeacc040ab5d3c70fc712a51f8b4

SHA512
9272b1ae474e5e59aedc46d50bfbc9a6e08528e0f9ad5e09bdb5b3dd9b4c9f0f32c0e74fba8db156457b3a34d6f9bcd6a9c38f9f408fc6afe4c6414612af0444

Download Submit
C:\Windows\system\LMwoqwY.exe

Filesize
6.0MB

MD5
33e376f228c559d945775c5adcf53830

SHA1
6234fcf732c40a48b89a69cf591e9f731c910452

SHA256
06e161012386773b9a9c76c52928fbae3b2f05402e996c1813f30d53d9b7ea66

SHA512
e10e7c6e0a45bb28f35f7cf22cf901cb68abe08ef0fce29a12c34e7711661068185e133e1d0c517ef18739964e2810d36c6c5589b7251ca709cb621fdfaf2aa2

Download Submit
C:\Windows\system\OiCfQBC.exe

Filesize
6.0MB

MD5
fad7e7a92361fef5de4aa4b52837e0de

SHA1
196606d9295cefd629cf5be6f6e8f5c74cc4c7a3

SHA256
68b2deaee0dfd8f481a7c421b8b31a870b07c8398805de441f7446533360294b

SHA512
1696c11da5ec3f6c2a10f36ab6ea42f11f200972e6bf63fc610fc0889307369520038c28f420f2ab6da3577af6765b304ee7634de2c2c5b93c5bb181c7137e11

Download Submit
C:\Windows\system\RCndaZp.exe

Filesize
6.0MB

MD5
cd6b6e0d68b262087e1b6e2247d4c96d

SHA1
f52328493e2e9aae65693924a1a2636f29d797a8

SHA256
45762cff9d9ade07a6ab34749f3cd619b91b5f8fba8b4228b052eeba324023c4

SHA512
649ae1bb97bfa3847c1b73983891e517b98b9470937162a31ccc8734ba2f62a5ca1b958e9e30f1817993419319d0ee43f3a193247748db1066b6c62b2b76efac

Download Submit
C:\Windows\system\TSLSoXk.exe

Filesize
6.0MB

MD5
9b4b5aab872ca24b632a14e574d241c2

SHA1
06e93c756c15a0695ef9383a342afe681c8a3ca6

SHA256
f316efa9c7cb1345a40ac222afc0563c35f500a24169fbc7a90c4f99b5d88875

SHA512
c99c8775b3726e203c97ec699da437b91ea2312a0ded88314fe426545853237b13c7d68835a7ac2a1107c5df726c13f11caeb3a3fe71bee35a2fd1bb7d95bb07

Download Submit
C:\Windows\system\ZhFjIcD.exe

Filesize
6.0MB

MD5
0119bf9dc7c8185acec16a9b9da23046

SHA1
467965c0aa30019c183bef0e29f1942204aa2747

SHA256
00678ffd6d3b7be0d8cd013c625992eba6f8761baaedbc5a2df79e2abc8ae413

SHA512
89a37d11b3ffc909613e34baf89f8e5472e02745a8d4735e4cfb75e6097ef14de82f9eab78d64702795ecffd7a6cbf53142d74fb93b67f0f64e2492c0679921b

Download Submit
C:\Windows\system\aWTqACG.exe

Filesize
6.0MB

MD5
76c2092d060a886e25d8948eb301ede0

SHA1
333d19e7e9957aead38f6e079db7dd4badd18498

SHA256
89593e9e6ff2efcaf3a61b660b841387e1ad27864bd1296921781053b4ecfbc0

SHA512
c22bf07e792d33f0fd0a988cb652181c6e556164dd780c943eb6dd51832c311c6ad3d92556d0955c66971cd4993ac6ccd724cddc4ab1a7f7affbd73e4c7f1644

Download Submit
C:\Windows\system\bhqRtxC.exe

Filesize
6.0MB

MD5
f8b7e53c8af31771b8bf40c1ad064c25

SHA1
a8b2c18f37917022a0f0c93c3e78712c2abc504d

SHA256
cf129449195f0d4972300050716bf8e0315d8debba6d9549b2c5b55f0f4a90aa

SHA512
ae762909828c3a95349e5bf39b0be965da7cf929c8d1968b84be3a9485ae752e6226d6a6db595653851475934f7786c8d959ff2595b072c3311877456418f358

Download Submit
C:\Windows\system\btTnEFr.exe

Filesize
6.0MB

MD5
8185a4d9a966c4c6ba0f9a1f5408a381

SHA1
9e290bdce76843c5b52508d7fc82ef2c4f7cd837

SHA256
8aa3c884937fe0c9d0934041573ae7e7df04602a1278423c40b240b66f801b80

SHA512
2e4c5436bb709dfacedd2252681f5d0cb76685b9ccab6daaef1075d5d2f9706ee2500fbf673d69272d6caf0452bd03de3917e993c2932ee2b85d4038572107f5

Download Submit
C:\Windows\system\cUwOqos.exe

Filesize
6.0MB

MD5
23213506bb18cc96c71d9ded3a900a4d

SHA1
fa3ff63c185aab3561f4b7ffab147fecaff30256

SHA256
beb15a27f9d26aa07ba5baad12d511d9b914ec9c54d48e4af2dfc28ae5d213d0

SHA512
621da0cefe7b4f4a2782d68efd205d3e4d52cc51354bca928d39bcba286989da3a2a2effdb423f0fa65bfed9571f6772e293a31352bf35585ff62ee02ce0ba97

Download Submit
C:\Windows\system\eKMNWZu.exe

Filesize
6.0MB

MD5
f648bfdad72a6fea945702a9946120e1

SHA1
d27e1606e495c44eaa264589a2ee7b8d7df45d2a

SHA256
25b6e7201b121d0b7f6980400e96acf364e1485ee612bada0a2bb1a5cdc17da8

SHA512
4487d723b46b371929dc8c9177ad5306bf55153beb6b1f14777ec35c4b525e20c2eb5cc130d80fbbb27dfb2a7089f15b890489985b92266ccb1e045e7d3be94a

Download Submit
C:\Windows\system\fxJeBsl.exe

Filesize
6.0MB

MD5
b040b0f3f3ed454fe94ee822528a910c

SHA1
a36ba12909beb84ddc60406f903745292aa34c43

SHA256
f5cee6ee72e4345dbfa0f819bcf66b6ee1449fbeebbfded24716f057c983695d

SHA512
f200c84f9828c362c6723d486bbc9750548ffe198f466b83a480dd4aed04fe03b2f3d9a7a4e96cc4d48d1bd15021ed74ad83063912a4826626dc6b9b4acddeee

Download Submit
C:\Windows\system\ivzYkcx.exe

Filesize
6.0MB

MD5
4ea5a732c3940306d0b9927051edfdb5

SHA1
3be12305253b73fcaf93e22a7d66747f4d53b85e

SHA256
8c098c27aae878dd128c5083fccdee109d743cbeb8dda837c00043e8f8524d7a

SHA512
bd41324afa84e2a824fd540827710ee91f92bdc1deabfe71a4962f9f8789f36d4f77b141655fe61416e273419b7b904a45e990af14cf536b4716053be31e6878

Download Submit
C:\Windows\system\lAkxNnm.exe

Filesize
6.0MB

MD5
9dcf43b34c95761f4df4a1aa11368c58

SHA1
80abc0aaa74904d47f6aae8aa4571e6ffbb450dc

SHA256
3c5bf3270e0c94ca8017ac2342447da315c4baa22546c24b4ba4e60849477895

SHA512
105ddc98e72bb19491889be05147470ba23d1324065c45c311d57914919d0907654504eb18239ca0fee9a828b0a53c8a7d82c22def864f29ceceae756d243047

Download Submit
C:\Windows\system\nbfMpAa.exe

Filesize
6.0MB

MD5
9c536a681dfd8b36771e293a0bfe0ce6

SHA1
f0b44d0f10897a4db37f792301960a0b3887f26b

SHA256
4ea45db4f8da639a770056968d0498ca275af06bed9ef0400960feec5337f08d

SHA512
c78db781a81bded906f72fe47ef3dbbf4b5f7ad5c6c184f254e1beb928ba664b2bedcc53721a8d6d38536f1bf41800e7b5d9e455c73fd073245bffa356f1c68d

Download Submit
C:\Windows\system\qWwXJEg.exe

Filesize
6.0MB

MD5
02c5b3d54c9c0e77d059f1dd5feaf4e7

SHA1
8ac0bdfd90bc70bdc3b8bdfa82cc99394d9ddf35

SHA256
717f782234cc50980b4ad770261253a72bba392b8ce3cf7b6a9e37d596e5cbbe

SHA512
3a2c05992544ec41d205d9596758325e96fb8cd4e98fed32df27a0da73e6f8f1fc2e169c25d086aa01190fe5cea2122af19cd821e0d7c1ab02b1a9cd9ec3abaf

Download Submit
C:\Windows\system\tsQMBev.exe

Filesize
6.0MB

MD5
8c2f8bd5b36e52ca1937adce23064456

SHA1
f8c81d18e7a4cd14c16c1f4b015dd2ea062c7959

SHA256
cbadd2510760d5982a56f46a917fb01761b3505a8fe6e374ac1c1a4a8baa2116

SHA512
e5d0d928622f747b87c74a261c4132f10ce6b6926784c96a71da18aaa7c0198e410fcda0ceac4ef603e91c0b4f24a6e2ff65c5fcd38be52b6381a5e8de9c5e96

Download Submit
C:\Windows\system\vlUvjCv.exe

Filesize
6.0MB

MD5
cabc255e601c8808a1adb24b8da98d35

SHA1
541945a5305bcb5545731cea37efe7a82f5d9705

SHA256
402939cafcb48fece903d76af642e5a1700d8cccf210ab8a8f0819a00d86573b

SHA512
d7e31ee06fa6936268675d8daeebdb2df9bf8227b381c7e8b3ab2f0edef052ae65fa56e1c5f69c31d7b7cae9035217f0143b60bbf6aa13450aa6cbb728a83fa3

Download Submit
C:\Windows\system\xxsViJW.exe

Filesize
6.0MB

MD5
27a3b5e928a7667852ef82e20907ded8

SHA1
9a1ee724740ca81ba874a626140c3269524292eb

SHA256
e7759d15b0b0cf72078cc7dfa60d3e9b6a2bc81832699520c9c170f13fa577e6

SHA512
eef8a1b64387011b7df7e6fb06677c0ec376b308143ba07f134a4fdb06e7c0b71268f4989c13e0781f1a6f2baf718c0d695c5343408037e617edc0c828df2403

Download Submit
C:\Windows\system\ywJTVnO.exe

Filesize
6.0MB

MD5
58aa74533aa4267d05da82c79f25aa75

SHA1
1aff11105db7d1a1e389951d0eefeef750a88b53

SHA256
0b30c7806468f3b378c25799cee5a4794d27b7cacbfafdabe1487dffcf1ee2db

SHA512
901d8c7a2be024ce636129714c4de058a53090c6802628e12ccad4e7bb433a454a4a5d3d24f377e1f5c26441cd60a00477f372bc321b9d96b6f7a6fac5bdbc96

Download Submit
\Windows\system\DhdlmsW.exe

Filesize
6.0MB

MD5
ddf9f5d5e4952584ce25ecbc6b4fb0e4

SHA1
06af73ca68dbb0a0587a8105cd9f13b51463915a

SHA256
794114d2c073e646a2895a5b66a13023d30cd278628179ee426e127d54767902

SHA512
1d3ed3530431a72f983b0d66878934ae19049bb4db8d9924b700e3fd14a112eec99984370a501ec523436c2922647e7bf5f16a4780af6b04e78f6337ac90d22d

Download Submit
\Windows\system\PKljrPB.exe

Filesize
6.0MB

MD5
50c0995b39767a0252d1b72d7bb767c1

SHA1
c1c5914b429a914b17bb15f0f7f86a4ca2146241

SHA256
535020219fcfb0a1eebb41e762f51e93b53818d5e7538bd3ab47d02e95773d12

SHA512
f64577afe33ac7df674a72897965546f6cc47407a55597dd7d7287b9711be0d813b06d6cb5c19dad1dafe7a1bbdce8903e2bb1609ace1b871f70c3c22f844261

Download Submit
\Windows\system\TsMLyUh.exe

Filesize
6.0MB

MD5
8e362d4122eae62f0f1d48c9172a01d5

SHA1
48d61666daf08ecf3c871a2e29787f38d41e4817

SHA256
b605b93501abd3b15c1fd4da2a7f50b88c7bfbdf1997076a61ab6be93337529c

SHA512
5e3320021dc3e60d32b22976b0b94bdda94a9a512ae15b8ae5959c38b1a5d49c659b40dd1804ac15c817713f17c06b9b163813fd31c9c6f90a7d12c1d5f41f44

Download Submit
\Windows\system\lEZVtND.exe

Filesize
6.0MB

MD5
b1ec698de58ca711d275e32f57935d35

SHA1
11e94b0454312bf77c1e86b9be75bde074b69d23

SHA256
44896293c3fac34e6be35ecc965794479ccc8895f90fa46e8b03b847fd23ed47

SHA512
f31d69b968408edef0426880af8a5e2cb6b8c5b3759fc69ca340706dd2371a4c49da5232fd6322b21407b9378179ac55f1703904280f31c286f797292b080477

Download Submit
\Windows\system\mKRKxtV.exe

Filesize
6.0MB

MD5
0351f46031947a24c7764bb2fa397b95

SHA1
d41444dd34e2ec6355dc98acace5646e1856ef77

SHA256
fe0d9612bbaa6f483e5c69986cdf13058b6c19e1352c5fff5a76958a67cd956f

SHA512
0b8b224c92349f701114b45656c350eb298a3f5ac4a31b1d7059e7677f5db2fbfed7ba90ca9ccf3ef7c99d9973db4a935af50658038e11e5021ca1e0ee1141c5

Download Submit
\Windows\system\qTEobwe.exe

Filesize
6.0MB

MD5
f5a477300a5f2f208be5109bcc1ae7b9

SHA1
10ea329e67d3c45fada159125ac4bbb97a090a98

SHA256
d252d5e85ba625192f4a8fd653b29f654e36d90e01f9d7b48a339b8b55993b52

SHA512
3b7da2bd2499a07a302376c294d28839be84fa4fb6a3bbed724385630e9aa0a734491589efe21679f494e119e902453651b6ab2ed9ee64bbdfced9d75e12f6bf

Download Submit
memory/1148-3418-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1148-28-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1148-92-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1532-22-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1532-3437-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-108-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/2156-64-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/2156-510-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-511-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/2156-623-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/2156-624-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2156-51-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2156-973-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2156-1139-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/2156-49-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2156-0-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2156-386-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/2156-67-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-84-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/2156-97-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2156-24-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2156-33-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/2156-78-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/2156-38-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/2156-20-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2156-86-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/2156-85-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2156-11-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2208-974-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2208-3484-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2208-98-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2324-3414-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2324-19-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2464-3520-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2464-50-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2476-35-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2476-3460-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2476-96-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2488-3439-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2488-21-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3563-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2680-87-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2700-3540-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-79-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3488-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2728-737-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2772-41-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3454-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2772-107-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2836-81-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3564-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2880-3495-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-91-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-3480-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-83-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download