cobaltstrike | abd40d12fb2639d5e1fe33f19d22496eaecd829fbd0586042247107a2ea21652

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02/02/2025, 21:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

45aab847945489f7259536a176e50921
SHA1

dc6f9d3d2a63a91d9b1bb4312fbe1a68a30b18d9
SHA256

abd40d12fb2639d5e1fe33f19d22496eaecd829fbd0586042247107a2ea21652
SHA512

6987973f48cf810943be30218fd6a70e60fc968c322d536be4838e4cecac1e407628c8a6fa69f5c8541a5d5a358ea5c6426a68b81cfdb6d9bf8eeca2a6762c7a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUU:T+q56utgpPF8u/7U

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012255-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cb6-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cda-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017429-61.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017467-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018634-103.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191cf-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019369-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019345-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019329-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019232-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001921d-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019219-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019214-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f8-152.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191df-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d1-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ad-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001919c-127.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019080-122.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001907c-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018741-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018636-106.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017520-86.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018617-93.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017447-72.dat	cobalt_reflective_dll
behavioral1/files/0x002b000000015c7b-59.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017420-52.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d29-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d18-27.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000015d21-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cf4-21.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3068-0-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/files/0x000a000000012255-3.dat	xmrig
behavioral1/memory/2660-7-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x0008000000015cb6-9.dat	xmrig
behavioral1/files/0x0007000000015cda-16.dat	xmrig
behavioral1/memory/2936-33-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2884-40-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/3068-49-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2576-53-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/files/0x0007000000017429-61.dat	xmrig
behavioral1/memory/940-65-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x0006000000017467-76.dat	xmrig
behavioral1/memory/2080-73-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/1868-88-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x0005000000018634-103.dat	xmrig
behavioral1/files/0x00050000000191cf-137.dat	xmrig
behavioral1/files/0x0005000000019369-187.dat	xmrig
behavioral1/memory/2740-740-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/1868-611-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/3068-528-0x0000000002300000-0x0000000002654000-memory.dmp	xmrig
behavioral1/memory/1180-455-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2080-327-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/940-198-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x0005000000019345-182.dat	xmrig
behavioral1/files/0x0005000000019329-177.dat	xmrig
behavioral1/files/0x0005000000019232-172.dat	xmrig
behavioral1/files/0x000500000001921d-167.dat	xmrig
behavioral1/files/0x0005000000019219-162.dat	xmrig
behavioral1/files/0x0005000000019214-157.dat	xmrig
behavioral1/files/0x00050000000191f8-152.dat	xmrig
behavioral1/files/0x00050000000191df-147.dat	xmrig
behavioral1/files/0x00050000000191d1-142.dat	xmrig
behavioral1/files/0x00050000000191ad-132.dat	xmrig
behavioral1/files/0x000500000001919c-127.dat	xmrig
behavioral1/files/0x0006000000019080-122.dat	xmrig
behavioral1/files/0x000600000001907c-117.dat	xmrig
behavioral1/files/0x0005000000018741-112.dat	xmrig
behavioral1/files/0x0005000000018636-106.dat	xmrig
behavioral1/memory/2576-87-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2740-95-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x0006000000017520-86.dat	xmrig
behavioral1/memory/2100-94-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/files/0x0009000000018617-93.dat	xmrig
behavioral1/files/0x0006000000017447-72.dat	xmrig
behavioral1/memory/1180-81-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2560-80-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2100-60-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/files/0x002b000000015c7b-59.dat	xmrig
behavioral1/memory/2660-56-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x0007000000017420-52.dat	xmrig
behavioral1/memory/2560-46-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x0009000000015d29-45.dat	xmrig
behavioral1/memory/2636-29-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d18-27.dat	xmrig
behavioral1/memory/2892-38-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x000a000000015d21-35.dat	xmrig
behavioral1/memory/2796-26-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015cf4-21.dat	xmrig
behavioral1/memory/2660-3157-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2936-3162-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2636-3163-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2892-3161-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2560-3160-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2796-3159-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2660	SfaCsXJ.exe
2936	vxwLdoV.exe
2796	pjeQREw.exe
2636	RZwgOVt.exe
2892	YgGkCAt.exe
2884	qfoqBvm.exe
2560	ILhiddh.exe
2576	DgjEvxH.exe
2100	XSThzty.exe
940	KojiwGW.exe
2080	BjWnXmg.exe
1180	VfraPZg.exe
1868	unMsMjR.exe
2740	FBnvwpZ.exe
1472	DsYekMi.exe
2728	rPChHov.exe
2336	TBaViBy.exe
1824	cGLJDtT.exe
1880	MqMnYSo.exe
2904	eydEhml.exe
1996	SoUdvqi.exe
1084	KjGsjZV.exe
2020	BPBUxJA.exe
1548	RHYkVYf.exe
2348	jaWdmLK.exe
2176	yaKIhif.exe
1884	DsSHEpd.exe
2744	CXMGLGU.exe
3056	Ogebobm.exe
1444	cSGEMWc.exe
2288	tKJAkYZ.exe
2084	prnIsEl.exe
1764	BTSwytK.exe
1856	OrDtDYn.exe
2856	mEGKvMm.exe
1332	VpSjEQi.exe
540	YOfDjPV.exe
1888	gFcMuub.exe
1976	szKwKue.exe
3052	ESHBRqL.exe
2384	ugYLudG.exe
748	wNeTxua.exe
2460	QEcWYSA.exe
2356	NmczpHl.exe
1656	xzMGmaX.exe
2452	LbzLuQH.exe
2984	hoMuvBc.exe
1148	oqLmtDs.exe
2432	ZWYtPfE.exe
2588	stEFIRl.exe
1036	ayPLymY.exe
2436	NHbuSLv.exe
1560	VCdJKNB.exe
3028	ZYpOiWX.exe
2632	ZJyBSGg.exe
2684	wKIZSVy.exe
2812	ZDeEYRv.exe
2532	KNSPBXa.exe
2524	xIhHIng.exe
756	ORMAUjK.exe
2136	gUakgBH.exe
2212	nyWWwlx.exe
2828	BbjiOBr.exe
1968	HJKFGeS.exe

Loads dropped DLL 64 IoCs

pid	Process
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3068-0-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/files/0x000a000000012255-3.dat	upx
behavioral1/memory/2660-7-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x0008000000015cb6-9.dat	upx
behavioral1/files/0x0007000000015cda-16.dat	upx
behavioral1/memory/2936-33-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2884-40-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/3068-49-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2576-53-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x0007000000017429-61.dat	upx
behavioral1/memory/940-65-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x0006000000017467-76.dat	upx
behavioral1/memory/2080-73-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/1868-88-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x0005000000018634-103.dat	upx
behavioral1/files/0x00050000000191cf-137.dat	upx
behavioral1/files/0x0005000000019369-187.dat	upx
behavioral1/memory/2740-740-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/1868-611-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/1180-455-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2080-327-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/940-198-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x0005000000019345-182.dat	upx
behavioral1/files/0x0005000000019329-177.dat	upx
behavioral1/files/0x0005000000019232-172.dat	upx
behavioral1/files/0x000500000001921d-167.dat	upx
behavioral1/files/0x0005000000019219-162.dat	upx
behavioral1/files/0x0005000000019214-157.dat	upx
behavioral1/files/0x00050000000191f8-152.dat	upx
behavioral1/files/0x00050000000191df-147.dat	upx
behavioral1/files/0x00050000000191d1-142.dat	upx
behavioral1/files/0x00050000000191ad-132.dat	upx
behavioral1/files/0x000500000001919c-127.dat	upx
behavioral1/files/0x0006000000019080-122.dat	upx
behavioral1/files/0x000600000001907c-117.dat	upx
behavioral1/files/0x0005000000018741-112.dat	upx
behavioral1/files/0x0005000000018636-106.dat	upx
behavioral1/memory/2576-87-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2740-95-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x0006000000017520-86.dat	upx
behavioral1/memory/2100-94-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/files/0x0009000000018617-93.dat	upx
behavioral1/files/0x0006000000017447-72.dat	upx
behavioral1/memory/1180-81-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2560-80-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2100-60-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/files/0x002b000000015c7b-59.dat	upx
behavioral1/memory/2660-56-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x0007000000017420-52.dat	upx
behavioral1/memory/2560-46-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x0009000000015d29-45.dat	upx
behavioral1/memory/2636-29-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x0007000000015d18-27.dat	upx
behavioral1/memory/2892-38-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x000a000000015d21-35.dat	upx
behavioral1/memory/2796-26-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/files/0x0007000000015cf4-21.dat	upx
behavioral1/memory/2660-3157-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2936-3162-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2636-3163-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2892-3161-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2560-3160-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2796-3159-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2576-3164-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pjAZHXo.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iUMecBV.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OmoAorn.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tDnyTFq.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RqmuxHa.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oXbWwiy.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZnjlpkB.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MjlfARt.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tKJAkYZ.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFyoonI.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TzIpDeb.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qmgXWoq.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SZyJwJe.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Kyfcbcx.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xpgmbJz.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNRNLYH.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFYMVGH.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EONoWwC.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AfYcGrV.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bVFrzxU.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMseGDk.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xrQqQyJ.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hJmXIsf.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\byilYrP.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kSvLOXH.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ghIftKm.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\htrTQVF.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PdmPxcR.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uOSPxak.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xZeqsie.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QjGzSBs.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RUqTMmF.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NuSgEmT.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ViHrrES.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMMVFbt.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GuIUQIu.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XVECuvu.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CkYMXab.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kEGObmD.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KCUOWdF.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fehavBE.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SUZVHYb.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GuRDsPX.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\afTVccA.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mlYyqzq.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XUASEoL.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YSaEstw.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XhQaBso.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GAXfKMr.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Jengrho.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WaznCKK.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lmBKFRI.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VaDDaxl.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krEjFQj.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nQQJoJZ.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EPNQuIC.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XTdbOsT.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KtKDRTy.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\khxgZKK.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yGZXFEp.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SoFAjNq.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CjAvSiY.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Pzobvhf.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KlhpYKz.exe	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2660	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3068 wrote to memory of 2660	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3068 wrote to memory of 2660	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3068 wrote to memory of 2796	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3068 wrote to memory of 2796	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3068 wrote to memory of 2796	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3068 wrote to memory of 2936	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3068 wrote to memory of 2936	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3068 wrote to memory of 2936	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3068 wrote to memory of 2636	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3068 wrote to memory of 2636	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3068 wrote to memory of 2636	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3068 wrote to memory of 2884	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3068 wrote to memory of 2884	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3068 wrote to memory of 2884	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3068 wrote to memory of 2892	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3068 wrote to memory of 2892	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3068 wrote to memory of 2892	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3068 wrote to memory of 2560	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3068 wrote to memory of 2560	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3068 wrote to memory of 2560	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3068 wrote to memory of 2576	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3068 wrote to memory of 2576	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3068 wrote to memory of 2576	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3068 wrote to memory of 2100	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3068 wrote to memory of 2100	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3068 wrote to memory of 2100	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3068 wrote to memory of 940	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3068 wrote to memory of 940	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3068 wrote to memory of 940	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3068 wrote to memory of 2080	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3068 wrote to memory of 2080	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3068 wrote to memory of 2080	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3068 wrote to memory of 1180	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3068 wrote to memory of 1180	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3068 wrote to memory of 1180	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3068 wrote to memory of 1868	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3068 wrote to memory of 1868	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3068 wrote to memory of 1868	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3068 wrote to memory of 2740	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3068 wrote to memory of 2740	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3068 wrote to memory of 2740	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3068 wrote to memory of 1472	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3068 wrote to memory of 1472	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3068 wrote to memory of 1472	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3068 wrote to memory of 2728	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3068 wrote to memory of 2728	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3068 wrote to memory of 2728	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3068 wrote to memory of 2336	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3068 wrote to memory of 2336	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3068 wrote to memory of 2336	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3068 wrote to memory of 1824	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3068 wrote to memory of 1824	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3068 wrote to memory of 1824	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3068 wrote to memory of 1880	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3068 wrote to memory of 1880	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3068 wrote to memory of 1880	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3068 wrote to memory of 2904	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3068 wrote to memory of 2904	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3068 wrote to memory of 2904	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3068 wrote to memory of 1996	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3068 wrote to memory of 1996	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3068 wrote to memory of 1996	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3068 wrote to memory of 1084	3068	2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-02_45aab847945489f7259536a176e50921_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\System\SfaCsXJ.exe
  C:\Windows\System\SfaCsXJ.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\pjeQREw.exe
  C:\Windows\System\pjeQREw.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\vxwLdoV.exe
  C:\Windows\System\vxwLdoV.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\RZwgOVt.exe
  C:\Windows\System\RZwgOVt.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\qfoqBvm.exe
  C:\Windows\System\qfoqBvm.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\YgGkCAt.exe
  C:\Windows\System\YgGkCAt.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\ILhiddh.exe
  C:\Windows\System\ILhiddh.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\DgjEvxH.exe
  C:\Windows\System\DgjEvxH.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\XSThzty.exe
  C:\Windows\System\XSThzty.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\KojiwGW.exe
  C:\Windows\System\KojiwGW.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\BjWnXmg.exe
  C:\Windows\System\BjWnXmg.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\VfraPZg.exe
  C:\Windows\System\VfraPZg.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\unMsMjR.exe
  C:\Windows\System\unMsMjR.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\FBnvwpZ.exe
  C:\Windows\System\FBnvwpZ.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\DsYekMi.exe
  C:\Windows\System\DsYekMi.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\rPChHov.exe
  C:\Windows\System\rPChHov.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\TBaViBy.exe
  C:\Windows\System\TBaViBy.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\cGLJDtT.exe
  C:\Windows\System\cGLJDtT.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\MqMnYSo.exe
  C:\Windows\System\MqMnYSo.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\eydEhml.exe
  C:\Windows\System\eydEhml.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\SoUdvqi.exe
  C:\Windows\System\SoUdvqi.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\KjGsjZV.exe
  C:\Windows\System\KjGsjZV.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\BPBUxJA.exe
  C:\Windows\System\BPBUxJA.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\RHYkVYf.exe
  C:\Windows\System\RHYkVYf.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\jaWdmLK.exe
  C:\Windows\System\jaWdmLK.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\yaKIhif.exe
  C:\Windows\System\yaKIhif.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\DsSHEpd.exe
  C:\Windows\System\DsSHEpd.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\CXMGLGU.exe
  C:\Windows\System\CXMGLGU.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\Ogebobm.exe
  C:\Windows\System\Ogebobm.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\cSGEMWc.exe
  C:\Windows\System\cSGEMWc.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\tKJAkYZ.exe
  C:\Windows\System\tKJAkYZ.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\prnIsEl.exe
  C:\Windows\System\prnIsEl.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\BTSwytK.exe
  C:\Windows\System\BTSwytK.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\OrDtDYn.exe
  C:\Windows\System\OrDtDYn.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\mEGKvMm.exe
  C:\Windows\System\mEGKvMm.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\VpSjEQi.exe
  C:\Windows\System\VpSjEQi.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\YOfDjPV.exe
  C:\Windows\System\YOfDjPV.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\gFcMuub.exe
  C:\Windows\System\gFcMuub.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\szKwKue.exe
  C:\Windows\System\szKwKue.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\ESHBRqL.exe
  C:\Windows\System\ESHBRqL.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\ugYLudG.exe
  C:\Windows\System\ugYLudG.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\wNeTxua.exe
  C:\Windows\System\wNeTxua.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\QEcWYSA.exe
  C:\Windows\System\QEcWYSA.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\NmczpHl.exe
  C:\Windows\System\NmczpHl.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\xzMGmaX.exe
  C:\Windows\System\xzMGmaX.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\LbzLuQH.exe
  C:\Windows\System\LbzLuQH.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\hoMuvBc.exe
  C:\Windows\System\hoMuvBc.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\oqLmtDs.exe
  C:\Windows\System\oqLmtDs.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\ZWYtPfE.exe
  C:\Windows\System\ZWYtPfE.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\stEFIRl.exe
  C:\Windows\System\stEFIRl.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\ayPLymY.exe
  C:\Windows\System\ayPLymY.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\NHbuSLv.exe
  C:\Windows\System\NHbuSLv.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\VCdJKNB.exe
  C:\Windows\System\VCdJKNB.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\ZYpOiWX.exe
  C:\Windows\System\ZYpOiWX.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\ZJyBSGg.exe
  C:\Windows\System\ZJyBSGg.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\wKIZSVy.exe
  C:\Windows\System\wKIZSVy.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\ZDeEYRv.exe
  C:\Windows\System\ZDeEYRv.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\KNSPBXa.exe
  C:\Windows\System\KNSPBXa.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\xIhHIng.exe
  C:\Windows\System\xIhHIng.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\ORMAUjK.exe
  C:\Windows\System\ORMAUjK.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\gUakgBH.exe
  C:\Windows\System\gUakgBH.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\nyWWwlx.exe
  C:\Windows\System\nyWWwlx.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\BbjiOBr.exe
  C:\Windows\System\BbjiOBr.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\HJKFGeS.exe
  C:\Windows\System\HJKFGeS.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\NljrDca.exe
  C:\Windows\System\NljrDca.exe
  2⤵
  PID:2872
- C:\Windows\System\ZjSJQPz.exe
  C:\Windows\System\ZjSJQPz.exe
  2⤵
  PID:2592
- C:\Windows\System\njNUIrA.exe
  C:\Windows\System\njNUIrA.exe
  2⤵
  PID:1292
- C:\Windows\System\XnJDIdZ.exe
  C:\Windows\System\XnJDIdZ.exe
  2⤵
  PID:848
- C:\Windows\System\QdjaMFc.exe
  C:\Windows\System\QdjaMFc.exe
  2⤵
  PID:780
- C:\Windows\System\GTKBUAv.exe
  C:\Windows\System\GTKBUAv.exe
  2⤵
  PID:2372
- C:\Windows\System\QlqeXPc.exe
  C:\Windows\System\QlqeXPc.exe
  2⤵
  PID:2412
- C:\Windows\System\wQjQYBT.exe
  C:\Windows\System\wQjQYBT.exe
  2⤵
  PID:600
- C:\Windows\System\JawnsqV.exe
  C:\Windows\System\JawnsqV.exe
  2⤵
  PID:1768
- C:\Windows\System\JQgdlaq.exe
  C:\Windows\System\JQgdlaq.exe
  2⤵
  PID:2280
- C:\Windows\System\ctDCKdp.exe
  C:\Windows\System\ctDCKdp.exe
  2⤵
  PID:1876
- C:\Windows\System\WlSgIdc.exe
  C:\Windows\System\WlSgIdc.exe
  2⤵
  PID:1760
- C:\Windows\System\WItsvEY.exe
  C:\Windows\System\WItsvEY.exe
  2⤵
  PID:1552
- C:\Windows\System\tBVUYhc.exe
  C:\Windows\System\tBVUYhc.exe
  2⤵
  PID:1720
- C:\Windows\System\PNXlfFm.exe
  C:\Windows\System\PNXlfFm.exe
  2⤵
  PID:592
- C:\Windows\System\VmXcfyo.exe
  C:\Windows\System\VmXcfyo.exe
  2⤵
  PID:1396
- C:\Windows\System\uCRcMAN.exe
  C:\Windows\System\uCRcMAN.exe
  2⤵
  PID:1232
- C:\Windows\System\YTBSydS.exe
  C:\Windows\System\YTBSydS.exe
  2⤵
  PID:2064
- C:\Windows\System\xEGntYA.exe
  C:\Windows\System\xEGntYA.exe
  2⤵
  PID:2444
- C:\Windows\System\BkXaXGW.exe
  C:\Windows\System\BkXaXGW.exe
  2⤵
  PID:2296
- C:\Windows\System\aWkMpcv.exe
  C:\Windows\System\aWkMpcv.exe
  2⤵
  PID:2276
- C:\Windows\System\ERTHNLF.exe
  C:\Windows\System\ERTHNLF.exe
  2⤵
  PID:1596
- C:\Windows\System\oNKjHmv.exe
  C:\Windows\System\oNKjHmv.exe
  2⤵
  PID:2648
- C:\Windows\System\VOKsiAz.exe
  C:\Windows\System\VOKsiAz.exe
  2⤵
  PID:2656
- C:\Windows\System\khHurLY.exe
  C:\Windows\System\khHurLY.exe
  2⤵
  PID:2808
- C:\Windows\System\plPsTqv.exe
  C:\Windows\System\plPsTqv.exe
  2⤵
  PID:1620
- C:\Windows\System\jBLCgVS.exe
  C:\Windows\System\jBLCgVS.exe
  2⤵
  PID:796
- C:\Windows\System\oSigEOH.exe
  C:\Windows\System\oSigEOH.exe
  2⤵
  PID:2720
- C:\Windows\System\SSmzylA.exe
  C:\Windows\System\SSmzylA.exe
  2⤵
  PID:1624
- C:\Windows\System\UuvDAYq.exe
  C:\Windows\System\UuvDAYq.exe
  2⤵
  PID:2416
- C:\Windows\System\UrShOiP.exe
  C:\Windows\System\UrShOiP.exe
  2⤵
  PID:2488
- C:\Windows\System\DOSTWxo.exe
  C:\Windows\System\DOSTWxo.exe
  2⤵
  PID:2932
- C:\Windows\System\weBXafO.exe
  C:\Windows\System\weBXafO.exe
  2⤵
  PID:656
- C:\Windows\System\bnOcsCO.exe
  C:\Windows\System\bnOcsCO.exe
  2⤵
  PID:1588
- C:\Windows\System\WjKhYuF.exe
  C:\Windows\System\WjKhYuF.exe
  2⤵
  PID:1048
- C:\Windows\System\jTybSmm.exe
  C:\Windows\System\jTybSmm.exe
  2⤵
  PID:1300
- C:\Windows\System\QLEXGyx.exe
  C:\Windows\System\QLEXGyx.exe
  2⤵
  PID:1608
- C:\Windows\System\HZVSdAc.exe
  C:\Windows\System\HZVSdAc.exe
  2⤵
  PID:2368
- C:\Windows\System\FnbEiwn.exe
  C:\Windows\System\FnbEiwn.exe
  2⤵
  PID:2056
- C:\Windows\System\ZhqkcpA.exe
  C:\Windows\System\ZhqkcpA.exe
  2⤵
  PID:2260
- C:\Windows\System\WqNkiGW.exe
  C:\Windows\System\WqNkiGW.exe
  2⤵
  PID:3016
- C:\Windows\System\pkpGiWc.exe
  C:\Windows\System\pkpGiWc.exe
  2⤵
  PID:2440
- C:\Windows\System\WKucfKf.exe
  C:\Windows\System\WKucfKf.exe
  2⤵
  PID:2816
- C:\Windows\System\daYlhzr.exe
  C:\Windows\System\daYlhzr.exe
  2⤵
  PID:572
- C:\Windows\System\WdIEXWP.exe
  C:\Windows\System\WdIEXWP.exe
  2⤵
  PID:2404
- C:\Windows\System\BNtKdDX.exe
  C:\Windows\System\BNtKdDX.exe
  2⤵
  PID:2900
- C:\Windows\System\UWdOnvb.exe
  C:\Windows\System\UWdOnvb.exe
  2⤵
  PID:2952
- C:\Windows\System\egSGUpD.exe
  C:\Windows\System\egSGUpD.exe
  2⤵
  PID:3092
- C:\Windows\System\HfJFmfu.exe
  C:\Windows\System\HfJFmfu.exe
  2⤵
  PID:3112
- C:\Windows\System\ccOAQXr.exe
  C:\Windows\System\ccOAQXr.exe
  2⤵
  PID:3132
- C:\Windows\System\gZcgEfN.exe
  C:\Windows\System\gZcgEfN.exe
  2⤵
  PID:3152
- C:\Windows\System\EiDpdtn.exe
  C:\Windows\System\EiDpdtn.exe
  2⤵
  PID:3172
- C:\Windows\System\rzqQAbg.exe
  C:\Windows\System\rzqQAbg.exe
  2⤵
  PID:3192
- C:\Windows\System\PjZmdiz.exe
  C:\Windows\System\PjZmdiz.exe
  2⤵
  PID:3212
- C:\Windows\System\yVvSsjN.exe
  C:\Windows\System\yVvSsjN.exe
  2⤵
  PID:3232
- C:\Windows\System\BWGTREK.exe
  C:\Windows\System\BWGTREK.exe
  2⤵
  PID:3256
- C:\Windows\System\UlHfcEi.exe
  C:\Windows\System\UlHfcEi.exe
  2⤵
  PID:3276
- C:\Windows\System\ksxrHYl.exe
  C:\Windows\System\ksxrHYl.exe
  2⤵
  PID:3296
- C:\Windows\System\YQLKkgj.exe
  C:\Windows\System\YQLKkgj.exe
  2⤵
  PID:3316
- C:\Windows\System\JyTpcqj.exe
  C:\Windows\System\JyTpcqj.exe
  2⤵
  PID:3332
- C:\Windows\System\ADtGtRp.exe
  C:\Windows\System\ADtGtRp.exe
  2⤵
  PID:3356
- C:\Windows\System\BQUMLzg.exe
  C:\Windows\System\BQUMLzg.exe
  2⤵
  PID:3376
- C:\Windows\System\EojLttZ.exe
  C:\Windows\System\EojLttZ.exe
  2⤵
  PID:3396
- C:\Windows\System\zwKnoTP.exe
  C:\Windows\System\zwKnoTP.exe
  2⤵
  PID:3416
- C:\Windows\System\ZIMXLEV.exe
  C:\Windows\System\ZIMXLEV.exe
  2⤵
  PID:3436
- C:\Windows\System\jhAKGkX.exe
  C:\Windows\System\jhAKGkX.exe
  2⤵
  PID:3456
- C:\Windows\System\kIdSvoM.exe
  C:\Windows\System\kIdSvoM.exe
  2⤵
  PID:3476
- C:\Windows\System\dJPQWdk.exe
  C:\Windows\System\dJPQWdk.exe
  2⤵
  PID:3496
- C:\Windows\System\CdROTFj.exe
  C:\Windows\System\CdROTFj.exe
  2⤵
  PID:3516
- C:\Windows\System\ZsuwgMP.exe
  C:\Windows\System\ZsuwgMP.exe
  2⤵
  PID:3536
- C:\Windows\System\DrRlzEP.exe
  C:\Windows\System\DrRlzEP.exe
  2⤵
  PID:3556
- C:\Windows\System\rklohOI.exe
  C:\Windows\System\rklohOI.exe
  2⤵
  PID:3576
- C:\Windows\System\ayBnPni.exe
  C:\Windows\System\ayBnPni.exe
  2⤵
  PID:3596
- C:\Windows\System\trcrqaa.exe
  C:\Windows\System\trcrqaa.exe
  2⤵
  PID:3616
- C:\Windows\System\pmSkdxz.exe
  C:\Windows\System\pmSkdxz.exe
  2⤵
  PID:3636
- C:\Windows\System\MxFJHBu.exe
  C:\Windows\System\MxFJHBu.exe
  2⤵
  PID:3652
- C:\Windows\System\MfNcVCc.exe
  C:\Windows\System\MfNcVCc.exe
  2⤵
  PID:3676
- C:\Windows\System\oWMaGzd.exe
  C:\Windows\System\oWMaGzd.exe
  2⤵
  PID:3692
- C:\Windows\System\WjnafZU.exe
  C:\Windows\System\WjnafZU.exe
  2⤵
  PID:3716
- C:\Windows\System\OIjklpJ.exe
  C:\Windows\System\OIjklpJ.exe
  2⤵
  PID:3736
- C:\Windows\System\IlBtodT.exe
  C:\Windows\System\IlBtodT.exe
  2⤵
  PID:3760
- C:\Windows\System\BHCfgGp.exe
  C:\Windows\System\BHCfgGp.exe
  2⤵
  PID:3780
- C:\Windows\System\TVKyhDp.exe
  C:\Windows\System\TVKyhDp.exe
  2⤵
  PID:3800
- C:\Windows\System\LopLvyp.exe
  C:\Windows\System\LopLvyp.exe
  2⤵
  PID:3820
- C:\Windows\System\HXPrbLU.exe
  C:\Windows\System\HXPrbLU.exe
  2⤵
  PID:3844
- C:\Windows\System\lNBUdYc.exe
  C:\Windows\System\lNBUdYc.exe
  2⤵
  PID:3864
- C:\Windows\System\fMXEYOl.exe
  C:\Windows\System\fMXEYOl.exe
  2⤵
  PID:3884
- C:\Windows\System\HnMBbOz.exe
  C:\Windows\System\HnMBbOz.exe
  2⤵
  PID:3904
- C:\Windows\System\RqLMeSV.exe
  C:\Windows\System\RqLMeSV.exe
  2⤵
  PID:3924
- C:\Windows\System\FKPAlQj.exe
  C:\Windows\System\FKPAlQj.exe
  2⤵
  PID:3944
- C:\Windows\System\MhOOYWo.exe
  C:\Windows\System\MhOOYWo.exe
  2⤵
  PID:3964
- C:\Windows\System\VWBzLcZ.exe
  C:\Windows\System\VWBzLcZ.exe
  2⤵
  PID:3980
- C:\Windows\System\TzBrEHT.exe
  C:\Windows\System\TzBrEHT.exe
  2⤵
  PID:4000
- C:\Windows\System\zsdQCiz.exe
  C:\Windows\System\zsdQCiz.exe
  2⤵
  PID:4024
- C:\Windows\System\GkRfqMU.exe
  C:\Windows\System\GkRfqMU.exe
  2⤵
  PID:4044
- C:\Windows\System\SdDdcAX.exe
  C:\Windows\System\SdDdcAX.exe
  2⤵
  PID:4064
- C:\Windows\System\nRprXxB.exe
  C:\Windows\System\nRprXxB.exe
  2⤵
  PID:4084
- C:\Windows\System\JPzHUBL.exe
  C:\Windows\System\JPzHUBL.exe
  2⤵
  PID:2120
- C:\Windows\System\wWBFkCt.exe
  C:\Windows\System\wWBFkCt.exe
  2⤵
  PID:404
- C:\Windows\System\pCuBlcY.exe
  C:\Windows\System\pCuBlcY.exe
  2⤵
  PID:1616
- C:\Windows\System\GjnjlLP.exe
  C:\Windows\System\GjnjlLP.exe
  2⤵
  PID:1724
- C:\Windows\System\pigjCYr.exe
  C:\Windows\System\pigjCYr.exe
  2⤵
  PID:2968
- C:\Windows\System\KtqNVpn.exe
  C:\Windows\System\KtqNVpn.exe
  2⤵
  PID:1228
- C:\Windows\System\ZOEubFh.exe
  C:\Windows\System\ZOEubFh.exe
  2⤵
  PID:2664
- C:\Windows\System\FprLwqh.exe
  C:\Windows\System\FprLwqh.exe
  2⤵
  PID:2224
- C:\Windows\System\MPHtLnn.exe
  C:\Windows\System\MPHtLnn.exe
  2⤵
  PID:1016
- C:\Windows\System\GrPzFbT.exe
  C:\Windows\System\GrPzFbT.exe
  2⤵
  PID:3100
- C:\Windows\System\sIrtqva.exe
  C:\Windows\System\sIrtqva.exe
  2⤵
  PID:3088
- C:\Windows\System\waoeaSn.exe
  C:\Windows\System\waoeaSn.exe
  2⤵
  PID:3144
- C:\Windows\System\WBZoFZu.exe
  C:\Windows\System\WBZoFZu.exe
  2⤵
  PID:3188
- C:\Windows\System\MJwAktB.exe
  C:\Windows\System\MJwAktB.exe
  2⤵
  PID:3224
- C:\Windows\System\RNbyrla.exe
  C:\Windows\System\RNbyrla.exe
  2⤵
  PID:3240
- C:\Windows\System\dSbzaiL.exe
  C:\Windows\System\dSbzaiL.exe
  2⤵
  PID:3284
- C:\Windows\System\iSSrouP.exe
  C:\Windows\System\iSSrouP.exe
  2⤵
  PID:3288
- C:\Windows\System\vvQBbcS.exe
  C:\Windows\System\vvQBbcS.exe
  2⤵
  PID:3324
- C:\Windows\System\WaznCKK.exe
  C:\Windows\System\WaznCKK.exe
  2⤵
  PID:3372
- C:\Windows\System\fkPjSLA.exe
  C:\Windows\System\fkPjSLA.exe
  2⤵
  PID:3428
- C:\Windows\System\onFQtYh.exe
  C:\Windows\System\onFQtYh.exe
  2⤵
  PID:3464
- C:\Windows\System\LrtyfWQ.exe
  C:\Windows\System\LrtyfWQ.exe
  2⤵
  PID:3484
- C:\Windows\System\gdbJMUK.exe
  C:\Windows\System\gdbJMUK.exe
  2⤵
  PID:3508
- C:\Windows\System\bgwZODg.exe
  C:\Windows\System\bgwZODg.exe
  2⤵
  PID:3532
- C:\Windows\System\XpqfhuD.exe
  C:\Windows\System\XpqfhuD.exe
  2⤵
  PID:3568
- C:\Windows\System\MjvqLWL.exe
  C:\Windows\System\MjvqLWL.exe
  2⤵
  PID:3628
- C:\Windows\System\gAyfGAK.exe
  C:\Windows\System\gAyfGAK.exe
  2⤵
  PID:3668
- C:\Windows\System\OOndcql.exe
  C:\Windows\System\OOndcql.exe
  2⤵
  PID:3700
- C:\Windows\System\qIukvQW.exe
  C:\Windows\System\qIukvQW.exe
  2⤵
  PID:3748
- C:\Windows\System\qWPTBUF.exe
  C:\Windows\System\qWPTBUF.exe
  2⤵
  PID:3724
- C:\Windows\System\BORquCQ.exe
  C:\Windows\System\BORquCQ.exe
  2⤵
  PID:3776
- C:\Windows\System\rAzQFjq.exe
  C:\Windows\System\rAzQFjq.exe
  2⤵
  PID:3816
- C:\Windows\System\qjVkYqA.exe
  C:\Windows\System\qjVkYqA.exe
  2⤵
  PID:3852
- C:\Windows\System\DIbHlSp.exe
  C:\Windows\System\DIbHlSp.exe
  2⤵
  PID:3892
- C:\Windows\System\qdWbany.exe
  C:\Windows\System\qdWbany.exe
  2⤵
  PID:3896
- C:\Windows\System\XMFClaz.exe
  C:\Windows\System\XMFClaz.exe
  2⤵
  PID:3956
- C:\Windows\System\jVvhCed.exe
  C:\Windows\System\jVvhCed.exe
  2⤵
  PID:3992
- C:\Windows\System\SPbhkpk.exe
  C:\Windows\System\SPbhkpk.exe
  2⤵
  PID:4012
- C:\Windows\System\fXWxtte.exe
  C:\Windows\System\fXWxtte.exe
  2⤵
  PID:4072
- C:\Windows\System\TXfFbqC.exe
  C:\Windows\System\TXfFbqC.exe
  2⤵
  PID:2400
- C:\Windows\System\iNrinfr.exe
  C:\Windows\System\iNrinfr.exe
  2⤵
  PID:2300
- C:\Windows\System\YToffbd.exe
  C:\Windows\System\YToffbd.exe
  2⤵
  PID:1740
- C:\Windows\System\BJxczIL.exe
  C:\Windows\System\BJxczIL.exe
  2⤵
  PID:872
- C:\Windows\System\TWksvyo.exe
  C:\Windows\System\TWksvyo.exe
  2⤵
  PID:2644
- C:\Windows\System\rjLPhNh.exe
  C:\Windows\System\rjLPhNh.exe
  2⤵
  PID:1820
- C:\Windows\System\hGnVFIl.exe
  C:\Windows\System\hGnVFIl.exe
  2⤵
  PID:3128
- C:\Windows\System\slCzgpu.exe
  C:\Windows\System\slCzgpu.exe
  2⤵
  PID:3140
- C:\Windows\System\mUVAFKT.exe
  C:\Windows\System\mUVAFKT.exe
  2⤵
  PID:3180
- C:\Windows\System\gXuRKgB.exe
  C:\Windows\System\gXuRKgB.exe
  2⤵
  PID:3244
- C:\Windows\System\QERSdjv.exe
  C:\Windows\System\QERSdjv.exe
  2⤵
  PID:3348
- C:\Windows\System\GJYVBUL.exe
  C:\Windows\System\GJYVBUL.exe
  2⤵
  PID:3364
- C:\Windows\System\KLlWwDW.exe
  C:\Windows\System\KLlWwDW.exe
  2⤵
  PID:3472
- C:\Windows\System\Gasyywt.exe
  C:\Windows\System\Gasyywt.exe
  2⤵
  PID:3408
- C:\Windows\System\WEljphq.exe
  C:\Windows\System\WEljphq.exe
  2⤵
  PID:3512
- C:\Windows\System\vMrFTBw.exe
  C:\Windows\System\vMrFTBw.exe
  2⤵
  PID:3584
- C:\Windows\System\esghPkk.exe
  C:\Windows\System\esghPkk.exe
  2⤵
  PID:3648
- C:\Windows\System\XbxAnDA.exe
  C:\Windows\System\XbxAnDA.exe
  2⤵
  PID:3688
- C:\Windows\System\HkHSnNq.exe
  C:\Windows\System\HkHSnNq.exe
  2⤵
  PID:3768
- C:\Windows\System\KWkBsqa.exe
  C:\Windows\System\KWkBsqa.exe
  2⤵
  PID:3772
- C:\Windows\System\xwWHSbP.exe
  C:\Windows\System\xwWHSbP.exe
  2⤵
  PID:3856
- C:\Windows\System\KqoQibu.exe
  C:\Windows\System\KqoQibu.exe
  2⤵
  PID:3960
- C:\Windows\System\obTTHlQ.exe
  C:\Windows\System\obTTHlQ.exe
  2⤵
  PID:4008
- C:\Windows\System\qLsElrr.exe
  C:\Windows\System\qLsElrr.exe
  2⤵
  PID:4020
- C:\Windows\System\GOKyyFW.exe
  C:\Windows\System\GOKyyFW.exe
  2⤵
  PID:2756
- C:\Windows\System\xTPLcNM.exe
  C:\Windows\System\xTPLcNM.exe
  2⤵
  PID:752
- C:\Windows\System\MDvkASm.exe
  C:\Windows\System\MDvkASm.exe
  2⤵
  PID:1708
- C:\Windows\System\qWPdekN.exe
  C:\Windows\System\qWPdekN.exe
  2⤵
  PID:2732
- C:\Windows\System\FaEPXwh.exe
  C:\Windows\System\FaEPXwh.exe
  2⤵
  PID:3220
- C:\Windows\System\mQnNlQF.exe
  C:\Windows\System\mQnNlQF.exe
  2⤵
  PID:3204
- C:\Windows\System\zDlExhx.exe
  C:\Windows\System\zDlExhx.exe
  2⤵
  PID:3268
- C:\Windows\System\WeQoBWn.exe
  C:\Windows\System\WeQoBWn.exe
  2⤵
  PID:3352
- C:\Windows\System\URmMjZm.exe
  C:\Windows\System\URmMjZm.exe
  2⤵
  PID:3548
- C:\Windows\System\ktzgbRa.exe
  C:\Windows\System\ktzgbRa.exe
  2⤵
  PID:3632
- C:\Windows\System\LqSWXpY.exe
  C:\Windows\System\LqSWXpY.exe
  2⤵
  PID:3712
- C:\Windows\System\bLQHltp.exe
  C:\Windows\System\bLQHltp.exe
  2⤵
  PID:3872
- C:\Windows\System\wKOVWEg.exe
  C:\Windows\System\wKOVWEg.exe
  2⤵
  PID:3876
- C:\Windows\System\vZwMYfn.exe
  C:\Windows\System\vZwMYfn.exe
  2⤵
  PID:4040
- C:\Windows\System\qRKwmdN.exe
  C:\Windows\System\qRKwmdN.exe
  2⤵
  PID:4076
- C:\Windows\System\qefVBFm.exe
  C:\Windows\System\qefVBFm.exe
  2⤵
  PID:4060
- C:\Windows\System\KmqTYJT.exe
  C:\Windows\System\KmqTYJT.exe
  2⤵
  PID:1728
- C:\Windows\System\ybBDATL.exe
  C:\Windows\System\ybBDATL.exe
  2⤵
  PID:3084
- C:\Windows\System\UxCnIvA.exe
  C:\Windows\System\UxCnIvA.exe
  2⤵
  PID:3148
- C:\Windows\System\QctaIes.exe
  C:\Windows\System\QctaIes.exe
  2⤵
  PID:3392
- C:\Windows\System\owCmzAg.exe
  C:\Windows\System\owCmzAg.exe
  2⤵
  PID:3612
- C:\Windows\System\YprTLGC.exe
  C:\Windows\System\YprTLGC.exe
  2⤵
  PID:3412
- C:\Windows\System\oJDsvVG.exe
  C:\Windows\System\oJDsvVG.exe
  2⤵
  PID:3608
- C:\Windows\System\IrGsOZg.exe
  C:\Windows\System\IrGsOZg.exe
  2⤵
  PID:2668
- C:\Windows\System\WcZQdhJ.exe
  C:\Windows\System\WcZQdhJ.exe
  2⤵
  PID:2988
- C:\Windows\System\IemPzav.exe
  C:\Windows\System\IemPzav.exe
  2⤵
  PID:1272
- C:\Windows\System\qKmSOdQ.exe
  C:\Windows\System\qKmSOdQ.exe
  2⤵
  PID:3524
- C:\Windows\System\jshsppQ.exe
  C:\Windows\System\jshsppQ.exe
  2⤵
  PID:2552
- C:\Windows\System\xcEnoBl.exe
  C:\Windows\System\xcEnoBl.exe
  2⤵
  PID:4112
- C:\Windows\System\fRObCxf.exe
  C:\Windows\System\fRObCxf.exe
  2⤵
  PID:4132
- C:\Windows\System\QxUczTk.exe
  C:\Windows\System\QxUczTk.exe
  2⤵
  PID:4152
- C:\Windows\System\VnvQbSj.exe
  C:\Windows\System\VnvQbSj.exe
  2⤵
  PID:4172
- C:\Windows\System\OBeAUZj.exe
  C:\Windows\System\OBeAUZj.exe
  2⤵
  PID:4192
- C:\Windows\System\zjUxqUp.exe
  C:\Windows\System\zjUxqUp.exe
  2⤵
  PID:4212
- C:\Windows\System\LzkBnlu.exe
  C:\Windows\System\LzkBnlu.exe
  2⤵
  PID:4232
- C:\Windows\System\DRegYNC.exe
  C:\Windows\System\DRegYNC.exe
  2⤵
  PID:4248
- C:\Windows\System\tbgyTsz.exe
  C:\Windows\System\tbgyTsz.exe
  2⤵
  PID:4272
- C:\Windows\System\kwUpxPT.exe
  C:\Windows\System\kwUpxPT.exe
  2⤵
  PID:4292
- C:\Windows\System\hEfnbsj.exe
  C:\Windows\System\hEfnbsj.exe
  2⤵
  PID:4312
- C:\Windows\System\tRaFFtN.exe
  C:\Windows\System\tRaFFtN.exe
  2⤵
  PID:4332
- C:\Windows\System\oiWdZtc.exe
  C:\Windows\System\oiWdZtc.exe
  2⤵
  PID:4352
- C:\Windows\System\SulRXqx.exe
  C:\Windows\System\SulRXqx.exe
  2⤵
  PID:4372
- C:\Windows\System\IKNWJtw.exe
  C:\Windows\System\IKNWJtw.exe
  2⤵
  PID:4392
- C:\Windows\System\Zvmmlij.exe
  C:\Windows\System\Zvmmlij.exe
  2⤵
  PID:4408
- C:\Windows\System\kzBFAOp.exe
  C:\Windows\System\kzBFAOp.exe
  2⤵
  PID:4432
- C:\Windows\System\mLYiamP.exe
  C:\Windows\System\mLYiamP.exe
  2⤵
  PID:4452
- C:\Windows\System\YTZiImF.exe
  C:\Windows\System\YTZiImF.exe
  2⤵
  PID:4472
- C:\Windows\System\EFDjKeF.exe
  C:\Windows\System\EFDjKeF.exe
  2⤵
  PID:4492
- C:\Windows\System\TgiZYCS.exe
  C:\Windows\System\TgiZYCS.exe
  2⤵
  PID:4512
- C:\Windows\System\cBYCnbZ.exe
  C:\Windows\System\cBYCnbZ.exe
  2⤵
  PID:4528
- C:\Windows\System\xbDdZVd.exe
  C:\Windows\System\xbDdZVd.exe
  2⤵
  PID:4548
- C:\Windows\System\fnAWAek.exe
  C:\Windows\System\fnAWAek.exe
  2⤵
  PID:4568
- C:\Windows\System\eCmttUE.exe
  C:\Windows\System\eCmttUE.exe
  2⤵
  PID:4592
- C:\Windows\System\bYcrdDJ.exe
  C:\Windows\System\bYcrdDJ.exe
  2⤵
  PID:4612
- C:\Windows\System\dajwpbB.exe
  C:\Windows\System\dajwpbB.exe
  2⤵
  PID:4632
- C:\Windows\System\MEumnRO.exe
  C:\Windows\System\MEumnRO.exe
  2⤵
  PID:4648
- C:\Windows\System\rWOrZyS.exe
  C:\Windows\System\rWOrZyS.exe
  2⤵
  PID:4668
- C:\Windows\System\HEvIYjy.exe
  C:\Windows\System\HEvIYjy.exe
  2⤵
  PID:4692
- C:\Windows\System\smjaeRN.exe
  C:\Windows\System\smjaeRN.exe
  2⤵
  PID:4712
- C:\Windows\System\fAIUuGB.exe
  C:\Windows\System\fAIUuGB.exe
  2⤵
  PID:4728
- C:\Windows\System\WzysbgD.exe
  C:\Windows\System\WzysbgD.exe
  2⤵
  PID:4752
- C:\Windows\System\dtXBzeo.exe
  C:\Windows\System\dtXBzeo.exe
  2⤵
  PID:4772
- C:\Windows\System\WuvGmpa.exe
  C:\Windows\System\WuvGmpa.exe
  2⤵
  PID:4792
- C:\Windows\System\wQjfebf.exe
  C:\Windows\System\wQjfebf.exe
  2⤵
  PID:4812
- C:\Windows\System\cXvfmRp.exe
  C:\Windows\System\cXvfmRp.exe
  2⤵
  PID:4832
- C:\Windows\System\HdqGLPR.exe
  C:\Windows\System\HdqGLPR.exe
  2⤵
  PID:4852
- C:\Windows\System\xIXEkgo.exe
  C:\Windows\System\xIXEkgo.exe
  2⤵
  PID:4872
- C:\Windows\System\LHpXdLE.exe
  C:\Windows\System\LHpXdLE.exe
  2⤵
  PID:4892
- C:\Windows\System\OAkTJPr.exe
  C:\Windows\System\OAkTJPr.exe
  2⤵
  PID:4912
- C:\Windows\System\AXrNpzW.exe
  C:\Windows\System\AXrNpzW.exe
  2⤵
  PID:4932
- C:\Windows\System\rPsuTUy.exe
  C:\Windows\System\rPsuTUy.exe
  2⤵
  PID:4952
- C:\Windows\System\tqrzPUy.exe
  C:\Windows\System\tqrzPUy.exe
  2⤵
  PID:4972
- C:\Windows\System\yKdYPHZ.exe
  C:\Windows\System\yKdYPHZ.exe
  2⤵
  PID:4992
- C:\Windows\System\HKWHDse.exe
  C:\Windows\System\HKWHDse.exe
  2⤵
  PID:5012
- C:\Windows\System\zFkAtIJ.exe
  C:\Windows\System\zFkAtIJ.exe
  2⤵
  PID:5032
- C:\Windows\System\RTNAymy.exe
  C:\Windows\System\RTNAymy.exe
  2⤵
  PID:5052
- C:\Windows\System\KBzzpnR.exe
  C:\Windows\System\KBzzpnR.exe
  2⤵
  PID:5072
- C:\Windows\System\EzFWvTy.exe
  C:\Windows\System\EzFWvTy.exe
  2⤵
  PID:5092
- C:\Windows\System\JiyeDBM.exe
  C:\Windows\System\JiyeDBM.exe
  2⤵
  PID:5112
- C:\Windows\System\xRNBXDi.exe
  C:\Windows\System\xRNBXDi.exe
  2⤵
  PID:3808
- C:\Windows\System\PHCpEKZ.exe
  C:\Windows\System\PHCpEKZ.exe
  2⤵
  PID:1220
- C:\Windows\System\XryWjEE.exe
  C:\Windows\System\XryWjEE.exe
  2⤵
  PID:4016
- C:\Windows\System\HpLMaTz.exe
  C:\Windows\System\HpLMaTz.exe
  2⤵
  PID:1628
- C:\Windows\System\OCzoQho.exe
  C:\Windows\System\OCzoQho.exe
  2⤵
  PID:4104
- C:\Windows\System\gjkxAqg.exe
  C:\Windows\System\gjkxAqg.exe
  2⤵
  PID:4148
- C:\Windows\System\FPsVfjB.exe
  C:\Windows\System\FPsVfjB.exe
  2⤵
  PID:4160
- C:\Windows\System\YlyEtfb.exe
  C:\Windows\System\YlyEtfb.exe
  2⤵
  PID:4168
- C:\Windows\System\WFbHPAq.exe
  C:\Windows\System\WFbHPAq.exe
  2⤵
  PID:4208
- C:\Windows\System\ZyQKeCY.exe
  C:\Windows\System\ZyQKeCY.exe
  2⤵
  PID:4260
- C:\Windows\System\vJITcGv.exe
  C:\Windows\System\vJITcGv.exe
  2⤵
  PID:4280
- C:\Windows\System\yckiZta.exe
  C:\Windows\System\yckiZta.exe
  2⤵
  PID:2256
- C:\Windows\System\KYFjeNJ.exe
  C:\Windows\System\KYFjeNJ.exe
  2⤵
  PID:4324
- C:\Windows\System\mhHhfoZ.exe
  C:\Windows\System\mhHhfoZ.exe
  2⤵
  PID:4424
- C:\Windows\System\IzlzCsm.exe
  C:\Windows\System\IzlzCsm.exe
  2⤵
  PID:4368
- C:\Windows\System\FamQjAu.exe
  C:\Windows\System\FamQjAu.exe
  2⤵
  PID:4468
- C:\Windows\System\mUvDUPF.exe
  C:\Windows\System\mUvDUPF.exe
  2⤵
  PID:4448
- C:\Windows\System\MAJiiqZ.exe
  C:\Windows\System\MAJiiqZ.exe
  2⤵
  PID:4540
- C:\Windows\System\CjqubQb.exe
  C:\Windows\System\CjqubQb.exe
  2⤵
  PID:4580
- C:\Windows\System\BCgqoeE.exe
  C:\Windows\System\BCgqoeE.exe
  2⤵
  PID:4556
- C:\Windows\System\UHafoqs.exe
  C:\Windows\System\UHafoqs.exe
  2⤵
  PID:4624
- C:\Windows\System\YVdaVXg.exe
  C:\Windows\System\YVdaVXg.exe
  2⤵
  PID:4604
- C:\Windows\System\dkCSawv.exe
  C:\Windows\System\dkCSawv.exe
  2⤵
  PID:4680
- C:\Windows\System\jbXAsDO.exe
  C:\Windows\System\jbXAsDO.exe
  2⤵
  PID:4704
- C:\Windows\System\NCQWtVY.exe
  C:\Windows\System\NCQWtVY.exe
  2⤵
  PID:4720
- C:\Windows\System\MyuXtnx.exe
  C:\Windows\System\MyuXtnx.exe
  2⤵
  PID:576
- C:\Windows\System\HXNpHaT.exe
  C:\Windows\System\HXNpHaT.exe
  2⤵
  PID:4820
- C:\Windows\System\OwUpTNQ.exe
  C:\Windows\System\OwUpTNQ.exe
  2⤵
  PID:4860
- C:\Windows\System\ilwRtTB.exe
  C:\Windows\System\ilwRtTB.exe
  2⤵
  PID:4864
- C:\Windows\System\vghlhkP.exe
  C:\Windows\System\vghlhkP.exe
  2⤵
  PID:4884
- C:\Windows\System\lvoDYCA.exe
  C:\Windows\System\lvoDYCA.exe
  2⤵
  PID:4944
- C:\Windows\System\uRyhdXH.exe
  C:\Windows\System\uRyhdXH.exe
  2⤵
  PID:4968
- C:\Windows\System\JgzLAkX.exe
  C:\Windows\System\JgzLAkX.exe
  2⤵
  PID:5008
- C:\Windows\System\kSMoRNI.exe
  C:\Windows\System\kSMoRNI.exe
  2⤵
  PID:5040
- C:\Windows\System\CTcnYza.exe
  C:\Windows\System\CTcnYza.exe
  2⤵
  PID:5064
- C:\Windows\System\xZfRkjU.exe
  C:\Windows\System\xZfRkjU.exe
  2⤵
  PID:5084
- C:\Windows\System\liARZLD.exe
  C:\Windows\System\liARZLD.exe
  2⤵
  PID:3788
- C:\Windows\System\AZhwiPI.exe
  C:\Windows\System\AZhwiPI.exe
  2⤵
  PID:3952
- C:\Windows\System\XrkOdZg.exe
  C:\Windows\System\XrkOdZg.exe
  2⤵
  PID:2284
- C:\Windows\System\nUWbCNn.exe
  C:\Windows\System\nUWbCNn.exe
  2⤵
  PID:3104
- C:\Windows\System\zeWqjiE.exe
  C:\Windows\System\zeWqjiE.exe
  2⤵
  PID:4184
- C:\Windows\System\zGlkxST.exe
  C:\Windows\System\zGlkxST.exe
  2⤵
  PID:4256
- C:\Windows\System\UHmwZcR.exe
  C:\Windows\System\UHmwZcR.exe
  2⤵
  PID:4284
- C:\Windows\System\GDCCwip.exe
  C:\Windows\System\GDCCwip.exe
  2⤵
  PID:4288
- C:\Windows\System\XfdequT.exe
  C:\Windows\System\XfdequT.exe
  2⤵
  PID:4320
- C:\Windows\System\AWVcIxY.exe
  C:\Windows\System\AWVcIxY.exe
  2⤵
  PID:4460
- C:\Windows\System\nerBmBR.exe
  C:\Windows\System\nerBmBR.exe
  2⤵
  PID:4504
- C:\Windows\System\HHKDGED.exe
  C:\Windows\System\HHKDGED.exe
  2⤵
  PID:4488
- C:\Windows\System\YEoyXVY.exe
  C:\Windows\System\YEoyXVY.exe
  2⤵
  PID:4584
- C:\Windows\System\GKxNkAv.exe
  C:\Windows\System\GKxNkAv.exe
  2⤵
  PID:4564
- C:\Windows\System\eeQSGlT.exe
  C:\Windows\System\eeQSGlT.exe
  2⤵
  PID:4640
- C:\Windows\System\gEGIHHi.exe
  C:\Windows\System\gEGIHHi.exe
  2⤵
  PID:4784
- C:\Windows\System\zKzUpOG.exe
  C:\Windows\System\zKzUpOG.exe
  2⤵
  PID:4804
- C:\Windows\System\otHXLum.exe
  C:\Windows\System\otHXLum.exe
  2⤵
  PID:4828
- C:\Windows\System\dbnMLNZ.exe
  C:\Windows\System\dbnMLNZ.exe
  2⤵
  PID:4868
- C:\Windows\System\XUpaWaC.exe
  C:\Windows\System\XUpaWaC.exe
  2⤵
  PID:4920
- C:\Windows\System\xopSkUp.exe
  C:\Windows\System\xopSkUp.exe
  2⤵
  PID:4988
- C:\Windows\System\EcQRmRk.exe
  C:\Windows\System\EcQRmRk.exe
  2⤵
  PID:5028
- C:\Windows\System\SubaXMn.exe
  C:\Windows\System\SubaXMn.exe
  2⤵
  PID:5080
- C:\Windows\System\LXobrkb.exe
  C:\Windows\System\LXobrkb.exe
  2⤵
  PID:3252
- C:\Windows\System\fRDikLp.exe
  C:\Windows\System\fRDikLp.exe
  2⤵
  PID:4100
- C:\Windows\System\iEKakHP.exe
  C:\Windows\System\iEKakHP.exe
  2⤵
  PID:4128
- C:\Windows\System\kyyWEvl.exe
  C:\Windows\System\kyyWEvl.exe
  2⤵
  PID:2556
- C:\Windows\System\jUaeYcC.exe
  C:\Windows\System\jUaeYcC.exe
  2⤵
  PID:4340
- C:\Windows\System\FcrxtOY.exe
  C:\Windows\System\FcrxtOY.exe
  2⤵
  PID:3040
- C:\Windows\System\MhyiFza.exe
  C:\Windows\System\MhyiFza.exe
  2⤵
  PID:4524
- C:\Windows\System\eeCSOrB.exe
  C:\Windows\System\eeCSOrB.exe
  2⤵
  PID:4484
- C:\Windows\System\rxPeXIC.exe
  C:\Windows\System\rxPeXIC.exe
  2⤵
  PID:4608
- C:\Windows\System\fepAifK.exe
  C:\Windows\System\fepAifK.exe
  2⤵
  PID:4684
- C:\Windows\System\wVEIwBe.exe
  C:\Windows\System\wVEIwBe.exe
  2⤵
  PID:4760
- C:\Windows\System\tXLWIWn.exe
  C:\Windows\System\tXLWIWn.exe
  2⤵
  PID:4888
- C:\Windows\System\cOhHpYq.exe
  C:\Windows\System\cOhHpYq.exe
  2⤵
  PID:4964
- C:\Windows\System\apXZRgI.exe
  C:\Windows\System\apXZRgI.exe
  2⤵
  PID:2268
- C:\Windows\System\HQyOtiO.exe
  C:\Windows\System\HQyOtiO.exe
  2⤵
  PID:5068
- C:\Windows\System\vclHQQD.exe
  C:\Windows\System\vclHQQD.exe
  2⤵
  PID:3796
- C:\Windows\System\LMEmbTs.exe
  C:\Windows\System\LMEmbTs.exe
  2⤵
  PID:4188
- C:\Windows\System\kyeAFxo.exe
  C:\Windows\System\kyeAFxo.exe
  2⤵
  PID:4268
- C:\Windows\System\FpxQmIy.exe
  C:\Windows\System\FpxQmIy.exe
  2⤵
  PID:4344
- C:\Windows\System\wCGOYKw.exe
  C:\Windows\System\wCGOYKw.exe
  2⤵
  PID:4404
- C:\Windows\System\yrAuAli.exe
  C:\Windows\System\yrAuAli.exe
  2⤵
  PID:5136
- C:\Windows\System\EDOysJp.exe
  C:\Windows\System\EDOysJp.exe
  2⤵
  PID:5156
- C:\Windows\System\WbpSQaP.exe
  C:\Windows\System\WbpSQaP.exe
  2⤵
  PID:5176
- C:\Windows\System\CKLEgFu.exe
  C:\Windows\System\CKLEgFu.exe
  2⤵
  PID:5196
- C:\Windows\System\BLSkRre.exe
  C:\Windows\System\BLSkRre.exe
  2⤵
  PID:5216
- C:\Windows\System\kyeFxay.exe
  C:\Windows\System\kyeFxay.exe
  2⤵
  PID:5236
- C:\Windows\System\dGRabkK.exe
  C:\Windows\System\dGRabkK.exe
  2⤵
  PID:5256
- C:\Windows\System\yBBWlXR.exe
  C:\Windows\System\yBBWlXR.exe
  2⤵
  PID:5276
- C:\Windows\System\oSDzWRu.exe
  C:\Windows\System\oSDzWRu.exe
  2⤵
  PID:5296
- C:\Windows\System\GuRDsPX.exe
  C:\Windows\System\GuRDsPX.exe
  2⤵
  PID:5316
- C:\Windows\System\UuiUasR.exe
  C:\Windows\System\UuiUasR.exe
  2⤵
  PID:5336
- C:\Windows\System\hiUEfXO.exe
  C:\Windows\System\hiUEfXO.exe
  2⤵
  PID:5356
- C:\Windows\System\yGSQcug.exe
  C:\Windows\System\yGSQcug.exe
  2⤵
  PID:5376
- C:\Windows\System\aFOKuPC.exe
  C:\Windows\System\aFOKuPC.exe
  2⤵
  PID:5396
- C:\Windows\System\PcsCCKi.exe
  C:\Windows\System\PcsCCKi.exe
  2⤵
  PID:5416
- C:\Windows\System\fwiisqQ.exe
  C:\Windows\System\fwiisqQ.exe
  2⤵
  PID:5436
- C:\Windows\System\ITFaEkU.exe
  C:\Windows\System\ITFaEkU.exe
  2⤵
  PID:5456
- C:\Windows\System\kaNbtYv.exe
  C:\Windows\System\kaNbtYv.exe
  2⤵
  PID:5476
- C:\Windows\System\whKOzzY.exe
  C:\Windows\System\whKOzzY.exe
  2⤵
  PID:5496
- C:\Windows\System\yYgxFEM.exe
  C:\Windows\System\yYgxFEM.exe
  2⤵
  PID:5516
- C:\Windows\System\SfaxnTA.exe
  C:\Windows\System\SfaxnTA.exe
  2⤵
  PID:5536
- C:\Windows\System\qexyoON.exe
  C:\Windows\System\qexyoON.exe
  2⤵
  PID:5556
- C:\Windows\System\YSGAufn.exe
  C:\Windows\System\YSGAufn.exe
  2⤵
  PID:5576
- C:\Windows\System\GDlznOx.exe
  C:\Windows\System\GDlznOx.exe
  2⤵
  PID:5596
- C:\Windows\System\QMSksmr.exe
  C:\Windows\System\QMSksmr.exe
  2⤵
  PID:5616
- C:\Windows\System\XkqzOwP.exe
  C:\Windows\System\XkqzOwP.exe
  2⤵
  PID:5636
- C:\Windows\System\THgbHqi.exe
  C:\Windows\System\THgbHqi.exe
  2⤵
  PID:5656
- C:\Windows\System\ElppZmr.exe
  C:\Windows\System\ElppZmr.exe
  2⤵
  PID:5676
- C:\Windows\System\HzEGngl.exe
  C:\Windows\System\HzEGngl.exe
  2⤵
  PID:5696
- C:\Windows\System\rjyGsRs.exe
  C:\Windows\System\rjyGsRs.exe
  2⤵
  PID:5716
- C:\Windows\System\DDSREIV.exe
  C:\Windows\System\DDSREIV.exe
  2⤵
  PID:5736
- C:\Windows\System\tvcmvPA.exe
  C:\Windows\System\tvcmvPA.exe
  2⤵
  PID:5752
- C:\Windows\System\IJTxQnH.exe
  C:\Windows\System\IJTxQnH.exe
  2⤵
  PID:5776
- C:\Windows\System\izEBTbK.exe
  C:\Windows\System\izEBTbK.exe
  2⤵
  PID:5792
- C:\Windows\System\fGDmPms.exe
  C:\Windows\System\fGDmPms.exe
  2⤵
  PID:5816
- C:\Windows\System\HbLBttm.exe
  C:\Windows\System\HbLBttm.exe
  2⤵
  PID:5836
- C:\Windows\System\sXEISXI.exe
  C:\Windows\System\sXEISXI.exe
  2⤵
  PID:5856
- C:\Windows\System\TJOSbbH.exe
  C:\Windows\System\TJOSbbH.exe
  2⤵
  PID:5876
- C:\Windows\System\wWIPYXG.exe
  C:\Windows\System\wWIPYXG.exe
  2⤵
  PID:5896
- C:\Windows\System\yREdCKn.exe
  C:\Windows\System\yREdCKn.exe
  2⤵
  PID:5916
- C:\Windows\System\DCasTcA.exe
  C:\Windows\System\DCasTcA.exe
  2⤵
  PID:5936
- C:\Windows\System\jeVBVkR.exe
  C:\Windows\System\jeVBVkR.exe
  2⤵
  PID:5956
- C:\Windows\System\SIVEydV.exe
  C:\Windows\System\SIVEydV.exe
  2⤵
  PID:5980
- C:\Windows\System\IRvyqyw.exe
  C:\Windows\System\IRvyqyw.exe
  2⤵
  PID:6000
- C:\Windows\System\WkwnMJq.exe
  C:\Windows\System\WkwnMJq.exe
  2⤵
  PID:6020
- C:\Windows\System\lHtOYzT.exe
  C:\Windows\System\lHtOYzT.exe
  2⤵
  PID:6040
- C:\Windows\System\zlkNape.exe
  C:\Windows\System\zlkNape.exe
  2⤵
  PID:6060
- C:\Windows\System\oSgAPyu.exe
  C:\Windows\System\oSgAPyu.exe
  2⤵
  PID:6080
- C:\Windows\System\tvLFsmS.exe
  C:\Windows\System\tvLFsmS.exe
  2⤵
  PID:6100
- C:\Windows\System\HqulKax.exe
  C:\Windows\System\HqulKax.exe
  2⤵
  PID:6120
- C:\Windows\System\BRqIwWa.exe
  C:\Windows\System\BRqIwWa.exe
  2⤵
  PID:6140
- C:\Windows\System\CAZBRPL.exe
  C:\Windows\System\CAZBRPL.exe
  2⤵
  PID:4688
- C:\Windows\System\NTVIceq.exe
  C:\Windows\System\NTVIceq.exe
  2⤵
  PID:4880
- C:\Windows\System\ozwmtEA.exe
  C:\Windows\System\ozwmtEA.exe
  2⤵
  PID:2528
- C:\Windows\System\vyfcgxE.exe
  C:\Windows\System\vyfcgxE.exe
  2⤵
  PID:5108
- C:\Windows\System\AUqwnNv.exe
  C:\Windows\System\AUqwnNv.exe
  2⤵
  PID:2152
- C:\Windows\System\bVFrzxU.exe
  C:\Windows\System\bVFrzxU.exe
  2⤵
  PID:4364
- C:\Windows\System\npGcqoz.exe
  C:\Windows\System\npGcqoz.exe
  2⤵
  PID:5132
- C:\Windows\System\MEWYaeD.exe
  C:\Windows\System\MEWYaeD.exe
  2⤵
  PID:5144
- C:\Windows\System\pWlkcix.exe
  C:\Windows\System\pWlkcix.exe
  2⤵
  PID:5168
- C:\Windows\System\uwWKVhG.exe
  C:\Windows\System\uwWKVhG.exe
  2⤵
  PID:5208
- C:\Windows\System\NsUjxnC.exe
  C:\Windows\System\NsUjxnC.exe
  2⤵
  PID:5228
- C:\Windows\System\aQODQKg.exe
  C:\Windows\System\aQODQKg.exe
  2⤵
  PID:5272
- C:\Windows\System\EOKmHoR.exe
  C:\Windows\System\EOKmHoR.exe
  2⤵
  PID:5324
- C:\Windows\System\HSjenBR.exe
  C:\Windows\System\HSjenBR.exe
  2⤵
  PID:5364
- C:\Windows\System\kqPRUkN.exe
  C:\Windows\System\kqPRUkN.exe
  2⤵
  PID:5348
- C:\Windows\System\LwKMVmT.exe
  C:\Windows\System\LwKMVmT.exe
  2⤵
  PID:5388
- C:\Windows\System\UIyuIbV.exe
  C:\Windows\System\UIyuIbV.exe
  2⤵
  PID:5424
- C:\Windows\System\esHyKqJ.exe
  C:\Windows\System\esHyKqJ.exe
  2⤵
  PID:5472
- C:\Windows\System\cOwwMpS.exe
  C:\Windows\System\cOwwMpS.exe
  2⤵
  PID:5532
- C:\Windows\System\wBcHUdM.exe
  C:\Windows\System\wBcHUdM.exe
  2⤵
  PID:5544
- C:\Windows\System\fHMEdCm.exe
  C:\Windows\System\fHMEdCm.exe
  2⤵
  PID:5568
- C:\Windows\System\WiEEKSO.exe
  C:\Windows\System\WiEEKSO.exe
  2⤵
  PID:5608
- C:\Windows\System\sNtADCI.exe
  C:\Windows\System\sNtADCI.exe
  2⤵
  PID:5624
- C:\Windows\System\rsuKtAD.exe
  C:\Windows\System\rsuKtAD.exe
  2⤵
  PID:5692
- C:\Windows\System\yRlnmpJ.exe
  C:\Windows\System\yRlnmpJ.exe
  2⤵
  PID:5728
- C:\Windows\System\PveLZDx.exe
  C:\Windows\System\PveLZDx.exe
  2⤵
  PID:5760
- C:\Windows\System\VSkGMiy.exe
  C:\Windows\System\VSkGMiy.exe
  2⤵
  PID:5764
- C:\Windows\System\ZnpCeug.exe
  C:\Windows\System\ZnpCeug.exe
  2⤵
  PID:5788
- C:\Windows\System\QPwciMS.exe
  C:\Windows\System\QPwciMS.exe
  2⤵
  PID:5832
- C:\Windows\System\pToOoYA.exe
  C:\Windows\System\pToOoYA.exe
  2⤵
  PID:5884
- C:\Windows\System\hgeLGEn.exe
  C:\Windows\System\hgeLGEn.exe
  2⤵
  PID:5904
- C:\Windows\System\ZVZNiEn.exe
  C:\Windows\System\ZVZNiEn.exe
  2⤵
  PID:5928
- C:\Windows\System\bTGDhfa.exe
  C:\Windows\System\bTGDhfa.exe
  2⤵
  PID:5976
- C:\Windows\System\RDblyTI.exe
  C:\Windows\System\RDblyTI.exe
  2⤵
  PID:6008
- C:\Windows\System\jDCVEZC.exe
  C:\Windows\System\jDCVEZC.exe
  2⤵
  PID:6056
- C:\Windows\System\VnHHiTP.exe
  C:\Windows\System\VnHHiTP.exe
  2⤵
  PID:6096
- C:\Windows\System\iZuLTjB.exe
  C:\Windows\System\iZuLTjB.exe
  2⤵
  PID:6128
- C:\Windows\System\dNuDktn.exe
  C:\Windows\System\dNuDktn.exe
  2⤵
  PID:4808
- C:\Windows\System\GuIUQIu.exe
  C:\Windows\System\GuIUQIu.exe
  2⤵
  PID:4620
- C:\Windows\System\SmQAeVI.exe
  C:\Windows\System\SmQAeVI.exe
  2⤵
  PID:2996
- C:\Windows\System\MDaFFBH.exe
  C:\Windows\System\MDaFFBH.exe
  2⤵
  PID:4200
- C:\Windows\System\ovYisrm.exe
  C:\Windows\System\ovYisrm.exe
  2⤵
  PID:2476
- C:\Windows\System\SUgYTbT.exe
  C:\Windows\System\SUgYTbT.exe
  2⤵
  PID:5172
- C:\Windows\System\IciihZv.exe
  C:\Windows\System\IciihZv.exe
  2⤵
  PID:5204
- C:\Windows\System\XupaRJa.exe
  C:\Windows\System\XupaRJa.exe
  2⤵
  PID:5264
- C:\Windows\System\UcMGAIx.exe
  C:\Windows\System\UcMGAIx.exe
  2⤵
  PID:5332
- C:\Windows\System\BNnInnw.exe
  C:\Windows\System\BNnInnw.exe
  2⤵
  PID:5392
- C:\Windows\System\kjmWEfs.exe
  C:\Windows\System\kjmWEfs.exe
  2⤵
  PID:5448
- C:\Windows\System\KGmFzFG.exe
  C:\Windows\System\KGmFzFG.exe
  2⤵
  PID:5492
- C:\Windows\System\uFYgNYc.exe
  C:\Windows\System\uFYgNYc.exe
  2⤵
  PID:5508
- C:\Windows\System\zyaPbUC.exe
  C:\Windows\System\zyaPbUC.exe
  2⤵
  PID:5564
- C:\Windows\System\ytMAtdP.exe
  C:\Windows\System\ytMAtdP.exe
  2⤵
  PID:5652
- C:\Windows\System\CwVLDTE.exe
  C:\Windows\System\CwVLDTE.exe
  2⤵
  PID:5708
- C:\Windows\System\udbMqIF.exe
  C:\Windows\System\udbMqIF.exe
  2⤵
  PID:5784
- C:\Windows\System\GvQAWeS.exe
  C:\Windows\System\GvQAWeS.exe
  2⤵
  PID:5824
- C:\Windows\System\YAmuTdY.exe
  C:\Windows\System\YAmuTdY.exe
  2⤵
  PID:5864
- C:\Windows\System\LniRpAd.exe
  C:\Windows\System\LniRpAd.exe
  2⤵
  PID:1640
- C:\Windows\System\OFVCMod.exe
  C:\Windows\System\OFVCMod.exe
  2⤵
  PID:5944
- C:\Windows\System\mDsxueM.exe
  C:\Windows\System\mDsxueM.exe
  2⤵
  PID:6092
- C:\Windows\System\lWcTMHZ.exe
  C:\Windows\System\lWcTMHZ.exe
  2⤵
  PID:6116
- C:\Windows\System\gTKBkEJ.exe
  C:\Windows\System\gTKBkEJ.exe
  2⤵
  PID:6112
- C:\Windows\System\ybUZdsF.exe
  C:\Windows\System\ybUZdsF.exe
  2⤵
  PID:4824
- C:\Windows\System\Lbdlrnw.exe
  C:\Windows\System\Lbdlrnw.exe
  2⤵
  PID:2640
- C:\Windows\System\hpsdxJI.exe
  C:\Windows\System\hpsdxJI.exe
  2⤵
  PID:5152
- C:\Windows\System\sKqhrAZ.exe
  C:\Windows\System\sKqhrAZ.exe
  2⤵
  PID:1072
- C:\Windows\System\xZeqsie.exe
  C:\Windows\System\xZeqsie.exe
  2⤵
  PID:5308
- C:\Windows\System\JpwGKdQ.exe
  C:\Windows\System\JpwGKdQ.exe
  2⤵
  PID:5444
- C:\Windows\System\zaBLEGO.exe
  C:\Windows\System\zaBLEGO.exe
  2⤵
  PID:5488
- C:\Windows\System\fKKcDva.exe
  C:\Windows\System\fKKcDva.exe
  2⤵
  PID:5504
- C:\Windows\System\SsOdmUU.exe
  C:\Windows\System\SsOdmUU.exe
  2⤵
  PID:5648
- C:\Windows\System\CbAfqCH.exe
  C:\Windows\System\CbAfqCH.exe
  2⤵
  PID:5664
- C:\Windows\System\JNCwoUK.exe
  C:\Windows\System\JNCwoUK.exe
  2⤵
  PID:5812
- C:\Windows\System\FbPUESD.exe
  C:\Windows\System\FbPUESD.exe
  2⤵
  PID:5992
- C:\Windows\System\avYGbZO.exe
  C:\Windows\System\avYGbZO.exe
  2⤵
  PID:5952
- C:\Windows\System\CMqgThD.exe
  C:\Windows\System\CMqgThD.exe
  2⤵
  PID:5996
- C:\Windows\System\kPtiihH.exe
  C:\Windows\System\kPtiihH.exe
  2⤵
  PID:6076
- C:\Windows\System\DTsJwZk.exe
  C:\Windows\System\DTsJwZk.exe
  2⤵
  PID:2752
- C:\Windows\System\LNPETcP.exe
  C:\Windows\System\LNPETcP.exe
  2⤵
  PID:5252
- C:\Windows\System\eEzxQIN.exe
  C:\Windows\System\eEzxQIN.exe
  2⤵
  PID:4536
- C:\Windows\System\EZYwXIK.exe
  C:\Windows\System\EZYwXIK.exe
  2⤵
  PID:5384
- C:\Windows\System\rdQPIvg.exe
  C:\Windows\System\rdQPIvg.exe
  2⤵
  PID:5464
- C:\Windows\System\pfKceBN.exe
  C:\Windows\System\pfKceBN.exe
  2⤵
  PID:5688
- C:\Windows\System\XvaWwYI.exe
  C:\Windows\System\XvaWwYI.exe
  2⤵
  PID:5908
- C:\Windows\System\hFJTgAj.exe
  C:\Windows\System\hFJTgAj.exe
  2⤵
  PID:2804
- C:\Windows\System\zWkAnQG.exe
  C:\Windows\System\zWkAnQG.exe
  2⤵
  PID:4940
- C:\Windows\System\nsKbnqk.exe
  C:\Windows\System\nsKbnqk.exe
  2⤵
  PID:2676
- C:\Windows\System\hQzFpfd.exe
  C:\Windows\System\hQzFpfd.exe
  2⤵
  PID:5304
- C:\Windows\System\rnDbVPI.exe
  C:\Windows\System\rnDbVPI.exe
  2⤵
  PID:5644
- C:\Windows\System\EzJHJwZ.exe
  C:\Windows\System\EzJHJwZ.exe
  2⤵
  PID:2920
- C:\Windows\System\eeFDWau.exe
  C:\Windows\System\eeFDWau.exe
  2⤵
  PID:944
- C:\Windows\System\sgEYJBY.exe
  C:\Windows\System\sgEYJBY.exe
  2⤵
  PID:2572
- C:\Windows\System\kBlnenM.exe
  C:\Windows\System\kBlnenM.exe
  2⤵
  PID:6152
- C:\Windows\System\GWvPRKb.exe
  C:\Windows\System\GWvPRKb.exe
  2⤵
  PID:6172
- C:\Windows\System\DQTrqCC.exe
  C:\Windows\System\DQTrqCC.exe
  2⤵
  PID:6192
- C:\Windows\System\PICgbes.exe
  C:\Windows\System\PICgbes.exe
  2⤵
  PID:6212
- C:\Windows\System\heFbIFw.exe
  C:\Windows\System\heFbIFw.exe
  2⤵
  PID:6232
- C:\Windows\System\WeSYdaZ.exe
  C:\Windows\System\WeSYdaZ.exe
  2⤵
  PID:6252
- C:\Windows\System\xGvtURJ.exe
  C:\Windows\System\xGvtURJ.exe
  2⤵
  PID:6272
- C:\Windows\System\fqdSKTp.exe
  C:\Windows\System\fqdSKTp.exe
  2⤵
  PID:6292
- C:\Windows\System\QjGzSBs.exe
  C:\Windows\System\QjGzSBs.exe
  2⤵
  PID:6312
- C:\Windows\System\FHgEsbg.exe
  C:\Windows\System\FHgEsbg.exe
  2⤵
  PID:6332
- C:\Windows\System\iyXZmMQ.exe
  C:\Windows\System\iyXZmMQ.exe
  2⤵
  PID:6352
- C:\Windows\System\RmVZnEe.exe
  C:\Windows\System\RmVZnEe.exe
  2⤵
  PID:6372
- C:\Windows\System\BNEQTDF.exe
  C:\Windows\System\BNEQTDF.exe
  2⤵
  PID:6392
- C:\Windows\System\mftWdyr.exe
  C:\Windows\System\mftWdyr.exe
  2⤵
  PID:6412
- C:\Windows\System\gVneuPs.exe
  C:\Windows\System\gVneuPs.exe
  2⤵
  PID:6432
- C:\Windows\System\BDulbNR.exe
  C:\Windows\System\BDulbNR.exe
  2⤵
  PID:6452
- C:\Windows\System\fcMrMCS.exe
  C:\Windows\System\fcMrMCS.exe
  2⤵
  PID:6472
- C:\Windows\System\UOvccBH.exe
  C:\Windows\System\UOvccBH.exe
  2⤵
  PID:6492
- C:\Windows\System\QxmhddC.exe
  C:\Windows\System\QxmhddC.exe
  2⤵
  PID:6512
- C:\Windows\System\lKIvXAD.exe
  C:\Windows\System\lKIvXAD.exe
  2⤵
  PID:6528
- C:\Windows\System\hKiXHLC.exe
  C:\Windows\System\hKiXHLC.exe
  2⤵
  PID:6552
- C:\Windows\System\mFfpxLm.exe
  C:\Windows\System\mFfpxLm.exe
  2⤵
  PID:6572
- C:\Windows\System\COGszqc.exe
  C:\Windows\System\COGszqc.exe
  2⤵
  PID:6592
- C:\Windows\System\isSSMkc.exe
  C:\Windows\System\isSSMkc.exe
  2⤵
  PID:6612
- C:\Windows\System\xELRNoE.exe
  C:\Windows\System\xELRNoE.exe
  2⤵
  PID:6636
- C:\Windows\System\CzIECWX.exe
  C:\Windows\System\CzIECWX.exe
  2⤵
  PID:6652
- C:\Windows\System\JdliaUs.exe
  C:\Windows\System\JdliaUs.exe
  2⤵
  PID:6680
- C:\Windows\System\TLiratT.exe
  C:\Windows\System\TLiratT.exe
  2⤵
  PID:6712
- C:\Windows\System\wOHqLUm.exe
  C:\Windows\System\wOHqLUm.exe
  2⤵
  PID:6732
- C:\Windows\System\shLpwQQ.exe
  C:\Windows\System\shLpwQQ.exe
  2⤵
  PID:6752
- C:\Windows\System\UEWFZbp.exe
  C:\Windows\System\UEWFZbp.exe
  2⤵
  PID:6772
- C:\Windows\System\rXniNUM.exe
  C:\Windows\System\rXniNUM.exe
  2⤵
  PID:6792
- C:\Windows\System\RWgeuDt.exe
  C:\Windows\System\RWgeuDt.exe
  2⤵
  PID:6816
- C:\Windows\System\bBhrWxE.exe
  C:\Windows\System\bBhrWxE.exe
  2⤵
  PID:6832
- C:\Windows\System\bNqkYUq.exe
  C:\Windows\System\bNqkYUq.exe
  2⤵
  PID:6848
- C:\Windows\System\wzuSnJH.exe
  C:\Windows\System\wzuSnJH.exe
  2⤵
  PID:6864
- C:\Windows\System\AqKgHHR.exe
  C:\Windows\System\AqKgHHR.exe
  2⤵
  PID:6880
- C:\Windows\System\cOGRtel.exe
  C:\Windows\System\cOGRtel.exe
  2⤵
  PID:6900
- C:\Windows\System\SupcoWz.exe
  C:\Windows\System\SupcoWz.exe
  2⤵
  PID:6916
- C:\Windows\System\dUQMFpm.exe
  C:\Windows\System\dUQMFpm.exe
  2⤵
  PID:6932
- C:\Windows\System\NdJfLUu.exe
  C:\Windows\System\NdJfLUu.exe
  2⤵
  PID:6964
- C:\Windows\System\WpOPFRo.exe
  C:\Windows\System\WpOPFRo.exe
  2⤵
  PID:6980
- C:\Windows\System\VMzqKSv.exe
  C:\Windows\System\VMzqKSv.exe
  2⤵
  PID:7012
- C:\Windows\System\bVEGeVj.exe
  C:\Windows\System\bVEGeVj.exe
  2⤵
  PID:7032
- C:\Windows\System\WHjGbKU.exe
  C:\Windows\System\WHjGbKU.exe
  2⤵
  PID:7052
- C:\Windows\System\qTgFsDF.exe
  C:\Windows\System\qTgFsDF.exe
  2⤵
  PID:7072
- C:\Windows\System\EVsnAWC.exe
  C:\Windows\System\EVsnAWC.exe
  2⤵
  PID:7096
- C:\Windows\System\nRpTviC.exe
  C:\Windows\System\nRpTviC.exe
  2⤵
  PID:7112
- C:\Windows\System\LAfVjse.exe
  C:\Windows\System\LAfVjse.exe
  2⤵
  PID:7132
- C:\Windows\System\euquCtK.exe
  C:\Windows\System\euquCtK.exe
  2⤵
  PID:7152
- C:\Windows\System\zmzoZWz.exe
  C:\Windows\System\zmzoZWz.exe
  2⤵
  PID:2124
- C:\Windows\System\mlmwryG.exe
  C:\Windows\System\mlmwryG.exe
  2⤵
  PID:5844
- C:\Windows\System\AUqWCSr.exe
  C:\Windows\System\AUqWCSr.exe
  2⤵
  PID:6048
- C:\Windows\System\wGgxcnh.exe
  C:\Windows\System\wGgxcnh.exe
  2⤵
  PID:6072
- C:\Windows\System\SOQiyeN.exe
  C:\Windows\System\SOQiyeN.exe
  2⤵
  PID:6184
- C:\Windows\System\CCgGCxB.exe
  C:\Windows\System\CCgGCxB.exe
  2⤵
  PID:6208
- C:\Windows\System\LjxosHG.exe
  C:\Windows\System\LjxosHG.exe
  2⤵
  PID:6268
- C:\Windows\System\jXYuzhF.exe
  C:\Windows\System\jXYuzhF.exe
  2⤵
  PID:3732
- C:\Windows\System\fntwmBV.exe
  C:\Windows\System\fntwmBV.exe
  2⤵
  PID:6288
- C:\Windows\System\XNgCHQK.exe
  C:\Windows\System\XNgCHQK.exe
  2⤵
  PID:6348
- C:\Windows\System\dAxmjOf.exe
  C:\Windows\System\dAxmjOf.exe
  2⤵
  PID:6360
- C:\Windows\System\vsMDbom.exe
  C:\Windows\System\vsMDbom.exe
  2⤵
  PID:6420
- C:\Windows\System\XVDqqPU.exe
  C:\Windows\System\XVDqqPU.exe
  2⤵
  PID:6408
- C:\Windows\System\zDvcnmc.exe
  C:\Windows\System\zDvcnmc.exe
  2⤵
  PID:6448
- C:\Windows\System\JLUIRls.exe
  C:\Windows\System\JLUIRls.exe
  2⤵
  PID:6500
- C:\Windows\System\LPywmSr.exe
  C:\Windows\System\LPywmSr.exe
  2⤵
  PID:2624
- C:\Windows\System\HiUryEb.exe
  C:\Windows\System\HiUryEb.exe
  2⤵
  PID:6524
- C:\Windows\System\XkUIrIF.exe
  C:\Windows\System\XkUIrIF.exe
  2⤵
  PID:6588
- C:\Windows\System\EglTXsx.exe
  C:\Windows\System\EglTXsx.exe
  2⤵
  PID:6604
- C:\Windows\System\ONRWdLk.exe
  C:\Windows\System\ONRWdLk.exe
  2⤵
  PID:6620
- C:\Windows\System\LFmhKMK.exe
  C:\Windows\System\LFmhKMK.exe
  2⤵
  PID:6668
- C:\Windows\System\rCXFdRT.exe
  C:\Windows\System\rCXFdRT.exe
  2⤵
  PID:6676
- C:\Windows\System\VenPxYW.exe
  C:\Windows\System\VenPxYW.exe
  2⤵
  PID:2204
- C:\Windows\System\bPfYrFN.exe
  C:\Windows\System\bPfYrFN.exe
  2⤵
  PID:2864
- C:\Windows\System\nVJRyiB.exe
  C:\Windows\System\nVJRyiB.exe
  2⤵
  PID:3004
- C:\Windows\System\DNQeNez.exe
  C:\Windows\System\DNQeNez.exe
  2⤵
  PID:2492
- C:\Windows\System\ciJhxUg.exe
  C:\Windows\System\ciJhxUg.exe
  2⤵
  PID:6760
- C:\Windows\System\KbwmQnM.exe
  C:\Windows\System\KbwmQnM.exe
  2⤵
  PID:6804
- C:\Windows\System\UroXLdm.exe
  C:\Windows\System\UroXLdm.exe
  2⤵
  PID:6812
- C:\Windows\System\MaxzCVF.exe
  C:\Windows\System\MaxzCVF.exe
  2⤵
  PID:6744
- C:\Windows\System\sbtYIwZ.exe
  C:\Windows\System\sbtYIwZ.exe
  2⤵
  PID:1312
- C:\Windows\System\prpwyEG.exe
  C:\Windows\System\prpwyEG.exe
  2⤵
  PID:6940
- C:\Windows\System\kScncgR.exe
  C:\Windows\System\kScncgR.exe
  2⤵
  PID:6860
- C:\Windows\System\onUbOGj.exe
  C:\Windows\System\onUbOGj.exe
  2⤵
  PID:6992
- C:\Windows\System\CZDKMKX.exe
  C:\Windows\System\CZDKMKX.exe
  2⤵
  PID:6896
- C:\Windows\System\kjbpqiq.exe
  C:\Windows\System\kjbpqiq.exe
  2⤵
  PID:6972
- C:\Windows\System\LDEAIBE.exe
  C:\Windows\System\LDEAIBE.exe
  2⤵
  PID:7024
- C:\Windows\System\xSXXvjI.exe
  C:\Windows\System\xSXXvjI.exe
  2⤵
  PID:7068
- C:\Windows\System\mVICRFW.exe
  C:\Windows\System\mVICRFW.exe
  2⤵
  PID:7088
- C:\Windows\System\ZMeTeBU.exe
  C:\Windows\System\ZMeTeBU.exe
  2⤵
  PID:7140
- C:\Windows\System\zGAKobS.exe
  C:\Windows\System\zGAKobS.exe
  2⤵
  PID:7124
- C:\Windows\System\qSyamop.exe
  C:\Windows\System\qSyamop.exe
  2⤵
  PID:2228
- C:\Windows\System\NxikPdj.exe
  C:\Windows\System\NxikPdj.exe
  2⤵
  PID:5808
- C:\Windows\System\mpDhqZP.exe
  C:\Windows\System\mpDhqZP.exe
  2⤵
  PID:5668
- C:\Windows\System\rzhNxkt.exe
  C:\Windows\System\rzhNxkt.exe
  2⤵
  PID:6200
- C:\Windows\System\sxcJOha.exe
  C:\Windows\System\sxcJOha.exe
  2⤵
  PID:6388
- C:\Windows\System\XJNtDTq.exe
  C:\Windows\System\XJNtDTq.exe
  2⤵
  PID:6460
- C:\Windows\System\JQpwStM.exe
  C:\Windows\System\JQpwStM.exe
  2⤵
  PID:6488
- C:\Windows\System\Qshkgvr.exe
  C:\Windows\System\Qshkgvr.exe
  2⤵
  PID:6564
- C:\Windows\System\KfCGzYz.exe
  C:\Windows\System\KfCGzYz.exe
  2⤵
  PID:6380
- C:\Windows\System\YJkljoI.exe
  C:\Windows\System\YJkljoI.exe
  2⤵
  PID:2536
- C:\Windows\System\NygBeRk.exe
  C:\Windows\System\NygBeRk.exe
  2⤵
  PID:6608
- C:\Windows\System\levzocJ.exe
  C:\Windows\System\levzocJ.exe
  2⤵
  PID:1536
- C:\Windows\System\NQxVVvD.exe
  C:\Windows\System\NQxVVvD.exe
  2⤵
  PID:6644
- C:\Windows\System\oIojyAZ.exe
  C:\Windows\System\oIojyAZ.exe
  2⤵
  PID:2184
- C:\Windows\System\dlXrFtd.exe
  C:\Windows\System\dlXrFtd.exe
  2⤵
  PID:6724
- C:\Windows\System\gitlVsx.exe
  C:\Windows\System\gitlVsx.exe
  2⤵
  PID:6768
- C:\Windows\System\xWfyaNU.exe
  C:\Windows\System\xWfyaNU.exe
  2⤵
  PID:2680
- C:\Windows\System\zeQvleY.exe
  C:\Windows\System\zeQvleY.exe
  2⤵
  PID:6808
- C:\Windows\System\AXkibdI.exe
  C:\Windows\System\AXkibdI.exe
  2⤵
  PID:6912
- C:\Windows\System\kTznhcu.exe
  C:\Windows\System\kTznhcu.exe
  2⤵
  PID:2844
- C:\Windows\System\QvMlcWA.exe
  C:\Windows\System\QvMlcWA.exe
  2⤵
  PID:6828
- C:\Windows\System\hNcgZhN.exe
  C:\Windows\System\hNcgZhN.exe
  2⤵
  PID:7044
- C:\Windows\System\xNRNLYH.exe
  C:\Windows\System\xNRNLYH.exe
  2⤵
  PID:7080
- C:\Windows\System\vwrGVDi.exe
  C:\Windows\System\vwrGVDi.exe
  2⤵
  PID:7164
- C:\Windows\System\nBjguEc.exe
  C:\Windows\System\nBjguEc.exe
  2⤵
  PID:1600
- C:\Windows\System\NwUDjzr.exe
  C:\Windows\System\NwUDjzr.exe
  2⤵
  PID:7148
- C:\Windows\System\rtAPrAq.exe
  C:\Windows\System\rtAPrAq.exe
  2⤵
  PID:2924
- C:\Windows\System\kgVtWEG.exe
  C:\Windows\System\kgVtWEG.exe
  2⤵
  PID:6168
- C:\Windows\System\ZJnAqet.exe
  C:\Windows\System\ZJnAqet.exe
  2⤵
  PID:6228
- C:\Windows\System\bMQJIYO.exe
  C:\Windows\System\bMQJIYO.exe
  2⤵
  PID:6344
- C:\Windows\System\uQFagNq.exe
  C:\Windows\System\uQFagNq.exe
  2⤵
  PID:6600
- C:\Windows\System\Iagrngs.exe
  C:\Windows\System\Iagrngs.exe
  2⤵
  PID:2508
- C:\Windows\System\CyvTRaI.exe
  C:\Windows\System\CyvTRaI.exe
  2⤵
  PID:6700
- C:\Windows\System\URoPXzu.exe
  C:\Windows\System\URoPXzu.exe
  2⤵
  PID:2232
- C:\Windows\System\YURXxaP.exe
  C:\Windows\System\YURXxaP.exe
  2⤵
  PID:108
- C:\Windows\System\trXalsv.exe
  C:\Windows\System\trXalsv.exe
  2⤵
  PID:444
- C:\Windows\System\tMseGDk.exe
  C:\Windows\System\tMseGDk.exe
  2⤵
  PID:6928
- C:\Windows\System\wvpxYZV.exe
  C:\Windows\System\wvpxYZV.exe
  2⤵
  PID:6924
- C:\Windows\System\TNWstSJ.exe
  C:\Windows\System\TNWstSJ.exe
  2⤵
  PID:2380
- C:\Windows\System\IZRFTZa.exe
  C:\Windows\System\IZRFTZa.exe
  2⤵
  PID:7108
- C:\Windows\System\RHhBXUH.exe
  C:\Windows\System\RHhBXUH.exe
  2⤵
  PID:6220
- C:\Windows\System\vHydLnH.exe
  C:\Windows\System\vHydLnH.exe
  2⤵
  PID:6320
- C:\Windows\System\gWLFwZB.exe
  C:\Windows\System\gWLFwZB.exe
  2⤵
  PID:6304
- C:\Windows\System\fjQlHRk.exe
  C:\Windows\System\fjQlHRk.exe
  2⤵
  PID:6544
- C:\Windows\System\XGnbedf.exe
  C:\Windows\System\XGnbedf.exe
  2⤵
  PID:2192
- C:\Windows\System\DYHjYwk.exe
  C:\Windows\System\DYHjYwk.exe
  2⤵
  PID:6872
- C:\Windows\System\WgKdvnE.exe
  C:\Windows\System\WgKdvnE.exe
  2⤵
  PID:7060
- C:\Windows\System\TlXSLHU.exe
  C:\Windows\System\TlXSLHU.exe
  2⤵
  PID:6504
- C:\Windows\System\eEvcSEc.exe
  C:\Windows\System\eEvcSEc.exe
  2⤵
  PID:7196
- C:\Windows\System\urrAJId.exe
  C:\Windows\System\urrAJId.exe
  2⤵
  PID:7216
- C:\Windows\System\ICgDPKa.exe
  C:\Windows\System\ICgDPKa.exe
  2⤵
  PID:7236
- C:\Windows\System\bkgMXbh.exe
  C:\Windows\System\bkgMXbh.exe
  2⤵
  PID:7256
- C:\Windows\System\efxMGgA.exe
  C:\Windows\System\efxMGgA.exe
  2⤵
  PID:7280
- C:\Windows\System\imddXIZ.exe
  C:\Windows\System\imddXIZ.exe
  2⤵
  PID:7296
- C:\Windows\System\lFRixbo.exe
  C:\Windows\System\lFRixbo.exe
  2⤵
  PID:7312
- C:\Windows\System\HMQeJjc.exe
  C:\Windows\System\HMQeJjc.exe
  2⤵
  PID:7332
- C:\Windows\System\EufKtNL.exe
  C:\Windows\System\EufKtNL.exe
  2⤵
  PID:7356
- C:\Windows\System\CuwcuAi.exe
  C:\Windows\System\CuwcuAi.exe
  2⤵
  PID:7376
- C:\Windows\System\ooipnGY.exe
  C:\Windows\System\ooipnGY.exe
  2⤵
  PID:7392
- C:\Windows\System\mGAISah.exe
  C:\Windows\System\mGAISah.exe
  2⤵
  PID:7416
- C:\Windows\System\fSdyXlU.exe
  C:\Windows\System\fSdyXlU.exe
  2⤵
  PID:7440
- C:\Windows\System\RWMmVCo.exe
  C:\Windows\System\RWMmVCo.exe
  2⤵
  PID:7456
- C:\Windows\System\YGqlAWF.exe
  C:\Windows\System\YGqlAWF.exe
  2⤵
  PID:7472
- C:\Windows\System\xYbQMhH.exe
  C:\Windows\System\xYbQMhH.exe
  2⤵
  PID:7488
- C:\Windows\System\PgsNRtE.exe
  C:\Windows\System\PgsNRtE.exe
  2⤵
  PID:7512
- C:\Windows\System\llcQiuD.exe
  C:\Windows\System\llcQiuD.exe
  2⤵
  PID:7536
- C:\Windows\System\uZhEkbi.exe
  C:\Windows\System\uZhEkbi.exe
  2⤵
  PID:7560
- C:\Windows\System\wsKgEya.exe
  C:\Windows\System\wsKgEya.exe
  2⤵
  PID:7580
- C:\Windows\System\kgkKsVb.exe
  C:\Windows\System\kgkKsVb.exe
  2⤵
  PID:7596
- C:\Windows\System\zXGpkZn.exe
  C:\Windows\System\zXGpkZn.exe
  2⤵
  PID:7624
- C:\Windows\System\odxeHRs.exe
  C:\Windows\System\odxeHRs.exe
  2⤵
  PID:7640
- C:\Windows\System\UbgTeuZ.exe
  C:\Windows\System\UbgTeuZ.exe
  2⤵
  PID:7656
- C:\Windows\System\HRkrPgr.exe
  C:\Windows\System\HRkrPgr.exe
  2⤵
  PID:7680
- C:\Windows\System\HRzAYke.exe
  C:\Windows\System\HRzAYke.exe
  2⤵
  PID:7704
- C:\Windows\System\oRNZfZt.exe
  C:\Windows\System\oRNZfZt.exe
  2⤵
  PID:7720
- C:\Windows\System\RygtLzH.exe
  C:\Windows\System\RygtLzH.exe
  2⤵
  PID:7736
- C:\Windows\System\opPTbVb.exe
  C:\Windows\System\opPTbVb.exe
  2⤵
  PID:7752
- C:\Windows\System\VaWzlpm.exe
  C:\Windows\System\VaWzlpm.exe
  2⤵
  PID:7768
- C:\Windows\System\nqByeNg.exe
  C:\Windows\System\nqByeNg.exe
  2⤵
  PID:7800
- C:\Windows\System\dYgaJRN.exe
  C:\Windows\System\dYgaJRN.exe
  2⤵
  PID:7816
- C:\Windows\System\FyQNlfy.exe
  C:\Windows\System\FyQNlfy.exe
  2⤵
  PID:7844
- C:\Windows\System\bWedvCn.exe
  C:\Windows\System\bWedvCn.exe
  2⤵
  PID:7860
- C:\Windows\System\BtSreJY.exe
  C:\Windows\System\BtSreJY.exe
  2⤵
  PID:7876
- C:\Windows\System\RDEIWXf.exe
  C:\Windows\System\RDEIWXf.exe
  2⤵
  PID:7896
- C:\Windows\System\IuskPdE.exe
  C:\Windows\System\IuskPdE.exe
  2⤵
  PID:7916
- C:\Windows\System\DtPPVLC.exe
  C:\Windows\System\DtPPVLC.exe
  2⤵
  PID:7936
- C:\Windows\System\jqALgmS.exe
  C:\Windows\System\jqALgmS.exe
  2⤵
  PID:7952
- C:\Windows\System\efByPUH.exe
  C:\Windows\System\efByPUH.exe
  2⤵
  PID:7976
- C:\Windows\System\WcHHZgP.exe
  C:\Windows\System\WcHHZgP.exe
  2⤵
  PID:8000
- C:\Windows\System\cxEhWXm.exe
  C:\Windows\System\cxEhWXm.exe
  2⤵
  PID:8016
- C:\Windows\System\DAJuazD.exe
  C:\Windows\System\DAJuazD.exe
  2⤵
  PID:8040
- C:\Windows\System\MRwPFDX.exe
  C:\Windows\System\MRwPFDX.exe
  2⤵
  PID:8060
- C:\Windows\System\HSjgjZE.exe
  C:\Windows\System\HSjgjZE.exe
  2⤵
  PID:8080
- C:\Windows\System\kIdGwqL.exe
  C:\Windows\System\kIdGwqL.exe
  2⤵
  PID:8100
- C:\Windows\System\tbLILAO.exe
  C:\Windows\System\tbLILAO.exe
  2⤵
  PID:8116
- C:\Windows\System\Ennpxhi.exe
  C:\Windows\System\Ennpxhi.exe
  2⤵
  PID:8132
- C:\Windows\System\kKVomen.exe
  C:\Windows\System\kKVomen.exe
  2⤵
  PID:8148
- C:\Windows\System\ybLOQcK.exe
  C:\Windows\System\ybLOQcK.exe
  2⤵
  PID:8164
- C:\Windows\System\TXhSDwF.exe
  C:\Windows\System\TXhSDwF.exe
  2⤵
  PID:8188
- C:\Windows\System\RJqBJKm.exe
  C:\Windows\System\RJqBJKm.exe
  2⤵
  PID:6952
- C:\Windows\System\XNJuAvq.exe
  C:\Windows\System\XNJuAvq.exe
  2⤵
  PID:7176
- C:\Windows\System\ojgjLhD.exe
  C:\Windows\System\ojgjLhD.exe
  2⤵
  PID:6728
- C:\Windows\System\TkLqNhO.exe
  C:\Windows\System\TkLqNhO.exe
  2⤵
  PID:7004
- C:\Windows\System\ACasSxs.exe
  C:\Windows\System\ACasSxs.exe
  2⤵
  PID:6568
- C:\Windows\System\ItlRTJi.exe
  C:\Windows\System\ItlRTJi.exe
  2⤵
  PID:7224
- C:\Windows\System\ufghGQl.exe
  C:\Windows\System\ufghGQl.exe
  2⤵
  PID:7204
- C:\Windows\System\ECAfvgh.exe
  C:\Windows\System\ECAfvgh.exe
  2⤵
  PID:7264
- C:\Windows\System\owkGEKb.exe
  C:\Windows\System\owkGEKb.exe
  2⤵
  PID:7304
- C:\Windows\System\uQLvJQz.exe
  C:\Windows\System\uQLvJQz.exe
  2⤵
  PID:7292
- C:\Windows\System\OZunatf.exe
  C:\Windows\System\OZunatf.exe
  2⤵
  PID:7348
- C:\Windows\System\cNqtekr.exe
  C:\Windows\System\cNqtekr.exe
  2⤵
  PID:7388
- C:\Windows\System\jryeaYV.exe
  C:\Windows\System\jryeaYV.exe
  2⤵
  PID:7428
- C:\Windows\System\edTRbAy.exe
  C:\Windows\System\edTRbAy.exe
  2⤵
  PID:7468
- C:\Windows\System\seliHkm.exe
  C:\Windows\System\seliHkm.exe
  2⤵
  PID:7448
- C:\Windows\System\vEkQiGo.exe
  C:\Windows\System\vEkQiGo.exe
  2⤵
  PID:7480
- C:\Windows\System\foaEkLN.exe
  C:\Windows\System\foaEkLN.exe
  2⤵
  PID:7552
- C:\Windows\System\ERxODbK.exe
  C:\Windows\System\ERxODbK.exe
  2⤵
  PID:7576
- C:\Windows\System\efUOxYm.exe
  C:\Windows\System\efUOxYm.exe
  2⤵
  PID:7608
- C:\Windows\System\hwcXlpA.exe
  C:\Windows\System\hwcXlpA.exe
  2⤵
  PID:7636
- C:\Windows\System\ycTbbBw.exe
  C:\Windows\System\ycTbbBw.exe
  2⤵
  PID:7620
- C:\Windows\System\dVQuzNE.exe
  C:\Windows\System\dVQuzNE.exe
  2⤵
  PID:7692
- C:\Windows\System\tDtbZGg.exe
  C:\Windows\System\tDtbZGg.exe
  2⤵
  PID:7716
- C:\Windows\System\dUrVATl.exe
  C:\Windows\System\dUrVATl.exe
  2⤵
  PID:7732
- C:\Windows\System\DJfNzTr.exe
  C:\Windows\System\DJfNzTr.exe
  2⤵
  PID:7824
- C:\Windows\System\hkfjRuR.exe
  C:\Windows\System\hkfjRuR.exe
  2⤵
  PID:7828
- C:\Windows\System\JumwMhz.exe
  C:\Windows\System\JumwMhz.exe
  2⤵
  PID:7912
- C:\Windows\System\TFyoonI.exe
  C:\Windows\System\TFyoonI.exe
  2⤵
  PID:7892
- C:\Windows\System\zgftBia.exe
  C:\Windows\System\zgftBia.exe
  2⤵
  PID:7984
- C:\Windows\System\FGihQwT.exe
  C:\Windows\System\FGihQwT.exe
  2⤵
  PID:7968
- C:\Windows\System\VmgaKXx.exe
  C:\Windows\System\VmgaKXx.exe
  2⤵
  PID:8036
- C:\Windows\System\kIPEuiv.exe
  C:\Windows\System\kIPEuiv.exe
  2⤵
  PID:8012
- C:\Windows\System\vpjQPRE.exe
  C:\Windows\System\vpjQPRE.exe
  2⤵
  PID:8068
- C:\Windows\System\AMGJIwa.exe
  C:\Windows\System\AMGJIwa.exe
  2⤵
  PID:8108
- C:\Windows\System\IUhAJUd.exe
  C:\Windows\System\IUhAJUd.exe
  2⤵
  PID:8172
- C:\Windows\System\iaGDqLW.exe
  C:\Windows\System\iaGDqLW.exe
  2⤵
  PID:8088
- C:\Windows\System\scQQOwH.exe
  C:\Windows\System\scQQOwH.exe
  2⤵
  PID:6340
- C:\Windows\System\lXpseCA.exe
  C:\Windows\System\lXpseCA.exe
  2⤵
  PID:7172
- C:\Windows\System\FWPlXwb.exe
  C:\Windows\System\FWPlXwb.exe
  2⤵
  PID:6740
- C:\Windows\System\MbpNoHm.exe
  C:\Windows\System\MbpNoHm.exe
  2⤵
  PID:7120
- C:\Windows\System\HEXgeyC.exe
  C:\Windows\System\HEXgeyC.exe
  2⤵
  PID:6948
- C:\Windows\System\DfFAvGy.exe
  C:\Windows\System\DfFAvGy.exe
  2⤵
  PID:6548
- C:\Windows\System\zOWnzSH.exe
  C:\Windows\System\zOWnzSH.exe
  2⤵
  PID:7248
- C:\Windows\System\QVLrxfx.exe
  C:\Windows\System\QVLrxfx.exe
  2⤵
  PID:7340
- C:\Windows\System\LkTFKdc.exe
  C:\Windows\System\LkTFKdc.exe
  2⤵
  PID:7328
- C:\Windows\System\atEscJE.exe
  C:\Windows\System\atEscJE.exe
  2⤵
  PID:7408
- C:\Windows\System\TLNiAJB.exe
  C:\Windows\System\TLNiAJB.exe
  2⤵
  PID:7508
- C:\Windows\System\PLHMkVw.exe
  C:\Windows\System\PLHMkVw.exe
  2⤵
  PID:7784
- C:\Windows\System\ovUVyHJ.exe
  C:\Windows\System\ovUVyHJ.exe
  2⤵
  PID:7672
- C:\Windows\System\IuZiTbn.exe
  C:\Windows\System\IuZiTbn.exe
  2⤵
  PID:7556
- C:\Windows\System\AYAmiDP.exe
  C:\Windows\System\AYAmiDP.exe
  2⤵
  PID:7908
- C:\Windows\System\hYouUrP.exe
  C:\Windows\System\hYouUrP.exe
  2⤵
  PID:7904
- C:\Windows\System\RjXlWLb.exe
  C:\Windows\System\RjXlWLb.exe
  2⤵
  PID:7836
- C:\Windows\System\yGSTPNq.exe
  C:\Windows\System\yGSTPNq.exe
  2⤵
  PID:7932
- C:\Windows\System\wHgKjyr.exe
  C:\Windows\System\wHgKjyr.exe
  2⤵
  PID:8096
- C:\Windows\System\RZGwNTS.exe
  C:\Windows\System\RZGwNTS.exe
  2⤵
  PID:8128
- C:\Windows\System\FRiOwDV.exe
  C:\Windows\System\FRiOwDV.exe
  2⤵
  PID:8160
- C:\Windows\System\pnEiisR.exe
  C:\Windows\System\pnEiisR.exe
  2⤵
  PID:7188
- C:\Windows\System\bQNrHZU.exe
  C:\Windows\System\bQNrHZU.exe
  2⤵
  PID:8024
- C:\Windows\System\bySMHvQ.exe
  C:\Windows\System\bySMHvQ.exe
  2⤵
  PID:7272
- C:\Windows\System\DdEMhSH.exe
  C:\Windows\System\DdEMhSH.exe
  2⤵
  PID:7364
- C:\Windows\System\mpmSbTT.exe
  C:\Windows\System\mpmSbTT.exe
  2⤵
  PID:7504
- C:\Windows\System\TTHrrbq.exe
  C:\Windows\System\TTHrrbq.exe
  2⤵
  PID:7748
- C:\Windows\System\HefLssM.exe
  C:\Windows\System\HefLssM.exe
  2⤵
  PID:7632
- C:\Windows\System\SxAREWa.exe
  C:\Windows\System\SxAREWa.exe
  2⤵
  PID:7788
- C:\Windows\System\tszMeSr.exe
  C:\Windows\System\tszMeSr.exe
  2⤵
  PID:7652
- C:\Windows\System\aqbAFmJ.exe
  C:\Windows\System\aqbAFmJ.exe
  2⤵
  PID:7852
- C:\Windows\System\rwQqnfB.exe
  C:\Windows\System\rwQqnfB.exe
  2⤵
  PID:7948
- C:\Windows\System\QrsCmBt.exe
  C:\Windows\System\QrsCmBt.exe
  2⤵
  PID:6520
- C:\Windows\System\xajqeDB.exe
  C:\Windows\System\xajqeDB.exe
  2⤵
  PID:7696
- C:\Windows\System\sJeLehY.exe
  C:\Windows\System\sJeLehY.exe
  2⤵
  PID:7792
- C:\Windows\System\tGTVisP.exe
  C:\Windows\System\tGTVisP.exe
  2⤵
  PID:8140
- C:\Windows\System\bYKOhsa.exe
  C:\Windows\System\bYKOhsa.exe
  2⤵
  PID:7436
- C:\Windows\System\dTXIhrc.exe
  C:\Windows\System\dTXIhrc.exe
  2⤵
  PID:7528
- C:\Windows\System\EKsrscW.exe
  C:\Windows\System\EKsrscW.exe
  2⤵
  PID:7764
- C:\Windows\System\ZcbbptQ.exe
  C:\Windows\System\ZcbbptQ.exe
  2⤵
  PID:2360
- C:\Windows\System\ChiMabS.exe
  C:\Windows\System\ChiMabS.exe
  2⤵
  PID:7424
- C:\Windows\System\tSjzExB.exe
  C:\Windows\System\tSjzExB.exe
  2⤵
  PID:7972
- C:\Windows\System\CSsGWel.exe
  C:\Windows\System\CSsGWel.exe
  2⤵
  PID:8056
- C:\Windows\System\AhyVIvK.exe
  C:\Windows\System\AhyVIvK.exe
  2⤵
  PID:7544
- C:\Windows\System\dbshEQp.exe
  C:\Windows\System\dbshEQp.exe
  2⤵
  PID:7988
- C:\Windows\System\WMevDVW.exe
  C:\Windows\System\WMevDVW.exe
  2⤵
  PID:7928
- C:\Windows\System\zDFYkmX.exe
  C:\Windows\System\zDFYkmX.exe
  2⤵
  PID:7780
- C:\Windows\System\RJtRURj.exe
  C:\Windows\System\RJtRURj.exe
  2⤵
  PID:3248
- C:\Windows\System\RZMrreE.exe
  C:\Windows\System\RZMrreE.exe
  2⤵
  PID:2860
- C:\Windows\System\xzwaBHZ.exe
  C:\Windows\System\xzwaBHZ.exe
  2⤵
  PID:1964
- C:\Windows\System\QuTtbbl.exe
  C:\Windows\System\QuTtbbl.exe
  2⤵
  PID:1776
- C:\Windows\System\wouGFuc.exe
  C:\Windows\System\wouGFuc.exe
  2⤵
  PID:1960
- C:\Windows\System\JGUpniG.exe
  C:\Windows\System\JGUpniG.exe
  2⤵
  PID:8072
- C:\Windows\System\neWyFHO.exe
  C:\Windows\System\neWyFHO.exe
  2⤵
  PID:7568
- C:\Windows\System\vRglfgW.exe
  C:\Windows\System\vRglfgW.exe
  2⤵
  PID:7244
- C:\Windows\System\yWrpJTu.exe
  C:\Windows\System\yWrpJTu.exe
  2⤵
  PID:7688
- C:\Windows\System\ccETQGs.exe
  C:\Windows\System\ccETQGs.exe
  2⤵
  PID:7524
- C:\Windows\System\AGCAjXC.exe
  C:\Windows\System\AGCAjXC.exe
  2⤵
  PID:7232
- C:\Windows\System\VMMeEyl.exe
  C:\Windows\System\VMMeEyl.exe
  2⤵
  PID:8200
- C:\Windows\System\zxyZXic.exe
  C:\Windows\System\zxyZXic.exe
  2⤵
  PID:8220
- C:\Windows\System\XhdUKVq.exe
  C:\Windows\System\XhdUKVq.exe
  2⤵
  PID:8236
- C:\Windows\System\HNEiCrk.exe
  C:\Windows\System\HNEiCrk.exe
  2⤵
  PID:8252
- C:\Windows\System\rwKnRAf.exe
  C:\Windows\System\rwKnRAf.exe
  2⤵
  PID:8272
- C:\Windows\System\jlQWnpr.exe
  C:\Windows\System\jlQWnpr.exe
  2⤵
  PID:8296
- C:\Windows\System\HmYPfwr.exe
  C:\Windows\System\HmYPfwr.exe
  2⤵
  PID:8312
- C:\Windows\System\gfooFlh.exe
  C:\Windows\System\gfooFlh.exe
  2⤵
  PID:8332
- C:\Windows\System\zwjAIuK.exe
  C:\Windows\System\zwjAIuK.exe
  2⤵
  PID:8348
- C:\Windows\System\GcIKkOc.exe
  C:\Windows\System\GcIKkOc.exe
  2⤵
  PID:8372
- C:\Windows\System\HqxmZPe.exe
  C:\Windows\System\HqxmZPe.exe
  2⤵
  PID:8408
- C:\Windows\System\ezYvkKL.exe
  C:\Windows\System\ezYvkKL.exe
  2⤵
  PID:8432
- C:\Windows\System\seQTFlp.exe
  C:\Windows\System\seQTFlp.exe
  2⤵
  PID:8460
- C:\Windows\System\uwSGWNC.exe
  C:\Windows\System\uwSGWNC.exe
  2⤵
  PID:8480
- C:\Windows\System\AZjaBgW.exe
  C:\Windows\System\AZjaBgW.exe
  2⤵
  PID:8496
- C:\Windows\System\lLfgnlD.exe
  C:\Windows\System\lLfgnlD.exe
  2⤵
  PID:8512
- C:\Windows\System\GykRKzZ.exe
  C:\Windows\System\GykRKzZ.exe
  2⤵
  PID:8532
- C:\Windows\System\qDmFuaq.exe
  C:\Windows\System\qDmFuaq.exe
  2⤵
  PID:8564
- C:\Windows\System\dNGOplE.exe
  C:\Windows\System\dNGOplE.exe
  2⤵
  PID:8584
- C:\Windows\System\LkeyNgF.exe
  C:\Windows\System\LkeyNgF.exe
  2⤵
  PID:8600
- C:\Windows\System\KexiSDY.exe
  C:\Windows\System\KexiSDY.exe
  2⤵
  PID:8616
- C:\Windows\System\SfFHdrM.exe
  C:\Windows\System\SfFHdrM.exe
  2⤵
  PID:8632
- C:\Windows\System\Hdpxaei.exe
  C:\Windows\System\Hdpxaei.exe
  2⤵
  PID:8648
- C:\Windows\System\EQDXFvy.exe
  C:\Windows\System\EQDXFvy.exe
  2⤵
  PID:8668
- C:\Windows\System\nLoNNgf.exe
  C:\Windows\System\nLoNNgf.exe
  2⤵
  PID:8684
- C:\Windows\System\tOdWLMc.exe
  C:\Windows\System\tOdWLMc.exe
  2⤵
  PID:8712
- C:\Windows\System\kNvMmMg.exe
  C:\Windows\System\kNvMmMg.exe
  2⤵
  PID:8732
- C:\Windows\System\fGZCHiw.exe
  C:\Windows\System\fGZCHiw.exe
  2⤵
  PID:8764
- C:\Windows\System\wDHcquq.exe
  C:\Windows\System\wDHcquq.exe
  2⤵
  PID:8780
- C:\Windows\System\ynpjJsN.exe
  C:\Windows\System\ynpjJsN.exe
  2⤵
  PID:8812
- C:\Windows\System\iJtKrWm.exe
  C:\Windows\System\iJtKrWm.exe
  2⤵
  PID:8832
- C:\Windows\System\vLZQswT.exe
  C:\Windows\System\vLZQswT.exe
  2⤵
  PID:8848
- C:\Windows\System\NQzCwCM.exe
  C:\Windows\System\NQzCwCM.exe
  2⤵
  PID:8872
- C:\Windows\System\VDMzhdn.exe
  C:\Windows\System\VDMzhdn.exe
  2⤵
  PID:8888
- C:\Windows\System\VgUpWGD.exe
  C:\Windows\System\VgUpWGD.exe
  2⤵
  PID:8904
- C:\Windows\System\aMhgvIO.exe
  C:\Windows\System\aMhgvIO.exe
  2⤵
  PID:8920
- C:\Windows\System\ujgCzFr.exe
  C:\Windows\System\ujgCzFr.exe
  2⤵
  PID:8940
- C:\Windows\System\bFicmgj.exe
  C:\Windows\System\bFicmgj.exe
  2⤵
  PID:8956
- C:\Windows\System\zmTTkzU.exe
  C:\Windows\System\zmTTkzU.exe
  2⤵
  PID:8976
- C:\Windows\System\zGUfcSd.exe
  C:\Windows\System\zGUfcSd.exe
  2⤵
  PID:8992
- C:\Windows\System\uHczPxb.exe
  C:\Windows\System\uHczPxb.exe
  2⤵
  PID:9032
- C:\Windows\System\AIIoMdB.exe
  C:\Windows\System\AIIoMdB.exe
  2⤵
  PID:9048
- C:\Windows\System\vHPHRkq.exe
  C:\Windows\System\vHPHRkq.exe
  2⤵
  PID:9064
- C:\Windows\System\bbAojtN.exe
  C:\Windows\System\bbAojtN.exe
  2⤵
  PID:9088
- C:\Windows\System\DlMDCvC.exe
  C:\Windows\System\DlMDCvC.exe
  2⤵
  PID:9104
- C:\Windows\System\eVcXnwf.exe
  C:\Windows\System\eVcXnwf.exe
  2⤵
  PID:9128
- C:\Windows\System\JUKdYmR.exe
  C:\Windows\System\JUKdYmR.exe
  2⤵
  PID:9144
- C:\Windows\System\QqgsFrQ.exe
  C:\Windows\System\QqgsFrQ.exe
  2⤵
  PID:9160
- C:\Windows\System\PvczvsD.exe
  C:\Windows\System\PvczvsD.exe
  2⤵
  PID:9176
- C:\Windows\System\WFjnqJa.exe
  C:\Windows\System\WFjnqJa.exe
  2⤵
  PID:9196
- C:\Windows\System\chTyjmS.exe
  C:\Windows\System\chTyjmS.exe
  2⤵
  PID:9212
- C:\Windows\System\LbkiIep.exe
  C:\Windows\System\LbkiIep.exe
  2⤵
  PID:1952
- C:\Windows\System\CHkNNNZ.exe
  C:\Windows\System\CHkNNNZ.exe
  2⤵
  PID:8212
- C:\Windows\System\MWCizNl.exe
  C:\Windows\System\MWCizNl.exe
  2⤵
  PID:8292
- C:\Windows\System\bfEpAmy.exe
  C:\Windows\System\bfEpAmy.exe
  2⤵
  PID:8344
- C:\Windows\System\lwXybNv.exe
  C:\Windows\System\lwXybNv.exe
  2⤵
  PID:8304
- C:\Windows\System\bCqRyaY.exe
  C:\Windows\System\bCqRyaY.exe
  2⤵
  PID:8392
- C:\Windows\System\sqdGxRb.exe
  C:\Windows\System\sqdGxRb.exe
  2⤵
  PID:8452
- C:\Windows\System\drYyceh.exe
  C:\Windows\System\drYyceh.exe
  2⤵
  PID:8488
- C:\Windows\System\cVdPqiV.exe
  C:\Windows\System\cVdPqiV.exe
  2⤵
  PID:8492
- C:\Windows\System\ucXWCtP.exe
  C:\Windows\System\ucXWCtP.exe
  2⤵
  PID:8556
- C:\Windows\System\IPUdEyu.exe
  C:\Windows\System\IPUdEyu.exe
  2⤵
  PID:8576
- C:\Windows\System\VuNQMJZ.exe
  C:\Windows\System\VuNQMJZ.exe
  2⤵
  PID:8628
- C:\Windows\System\qeoQBDf.exe
  C:\Windows\System\qeoQBDf.exe
  2⤵
  PID:8696
- C:\Windows\System\svpwXUd.exe
  C:\Windows\System\svpwXUd.exe
  2⤵
  PID:8680
- C:\Windows\System\cydNbTl.exe
  C:\Windows\System\cydNbTl.exe
  2⤵
  PID:8676
- C:\Windows\System\hEfUBah.exe
  C:\Windows\System\hEfUBah.exe
  2⤵
  PID:8760
- C:\Windows\System\iHnydtw.exe
  C:\Windows\System\iHnydtw.exe
  2⤵
  PID:8796
- C:\Windows\System\HYfntBK.exe
  C:\Windows\System\HYfntBK.exe
  2⤵
  PID:8820
- C:\Windows\System\NVubZlG.exe
  C:\Windows\System\NVubZlG.exe
  2⤵
  PID:8844
- C:\Windows\System\uVZdqIV.exe
  C:\Windows\System\uVZdqIV.exe
  2⤵
  PID:8916
- C:\Windows\System\afTVccA.exe
  C:\Windows\System\afTVccA.exe
  2⤵
  PID:8900
- C:\Windows\System\pjAZHXo.exe
  C:\Windows\System\pjAZHXo.exe
  2⤵
  PID:8896
- C:\Windows\System\GQxWodi.exe
  C:\Windows\System\GQxWodi.exe
  2⤵
  PID:9004
- C:\Windows\System\MySVTNe.exe
  C:\Windows\System\MySVTNe.exe
  2⤵
  PID:9044
- C:\Windows\System\AkwoHie.exe
  C:\Windows\System\AkwoHie.exe
  2⤵
  PID:9084
- C:\Windows\System\BFKvjJz.exe
  C:\Windows\System\BFKvjJz.exe
  2⤵
  PID:9028
- C:\Windows\System\nhRvoGV.exe
  C:\Windows\System\nhRvoGV.exe
  2⤵
  PID:9188
- C:\Windows\System\dfbNSCW.exe
  C:\Windows\System\dfbNSCW.exe
  2⤵
  PID:9056
- C:\Windows\System\uVQwdFL.exe
  C:\Windows\System\uVQwdFL.exe
  2⤵
  PID:8196
- C:\Windows\System\tlQqGEU.exe
  C:\Windows\System\tlQqGEU.exe
  2⤵
  PID:8280
- C:\Windows\System\EnkGkpr.exe
  C:\Windows\System\EnkGkpr.exe
  2⤵
  PID:8216
- C:\Windows\System\PHDzdnP.exe
  C:\Windows\System\PHDzdnP.exe
  2⤵
  PID:8364
- C:\Windows\System\yWYYpBR.exe
  C:\Windows\System\yWYYpBR.exe
  2⤵
  PID:8260
- C:\Windows\System\mjAtOUm.exe
  C:\Windows\System\mjAtOUm.exe
  2⤵
  PID:8396
- C:\Windows\System\UvmDDzX.exe
  C:\Windows\System\UvmDDzX.exe
  2⤵
  PID:8540
- C:\Windows\System\RLlkcDz.exe
  C:\Windows\System\RLlkcDz.exe
  2⤵
  PID:8560
- C:\Windows\System\woPvbOq.exe
  C:\Windows\System\woPvbOq.exe
  2⤵
  PID:8624
- C:\Windows\System\yzxqJhq.exe
  C:\Windows\System\yzxqJhq.exe
  2⤵
  PID:8656
- C:\Windows\System\SqydhCI.exe
  C:\Windows\System\SqydhCI.exe
  2⤵
  PID:8472
- C:\Windows\System\BDynQvM.exe
  C:\Windows\System\BDynQvM.exe
  2⤵
  PID:8776
- C:\Windows\System\UiuhtfL.exe
  C:\Windows\System\UiuhtfL.exe
  2⤵
  PID:8828
- C:\Windows\System\GFkakXc.exe
  C:\Windows\System\GFkakXc.exe
  2⤵
  PID:8868
- C:\Windows\System\wdoDlhA.exe
  C:\Windows\System\wdoDlhA.exe
  2⤵
  PID:8952
- C:\Windows\System\VFCtaJY.exe
  C:\Windows\System\VFCtaJY.exe
  2⤵
  PID:8936
- C:\Windows\System\RsDBgPv.exe
  C:\Windows\System\RsDBgPv.exe
  2⤵
  PID:8988
- C:\Windows\System\OqUgSkg.exe
  C:\Windows\System\OqUgSkg.exe
  2⤵
  PID:9184
- C:\Windows\System\NEUbqCP.exe
  C:\Windows\System\NEUbqCP.exe
  2⤵
  PID:9100
- C:\Windows\System\mjjNtQs.exe
  C:\Windows\System\mjjNtQs.exe
  2⤵
  PID:7008
- C:\Windows\System\PwArxFQ.exe
  C:\Windows\System\PwArxFQ.exe
  2⤵
  PID:9124
- C:\Windows\System\PQnPJxT.exe
  C:\Windows\System\PQnPJxT.exe
  2⤵
  PID:8228
- C:\Windows\System\eHwofUs.exe
  C:\Windows\System\eHwofUs.exe
  2⤵
  PID:8404
- C:\Windows\System\SZyJwJe.exe
  C:\Windows\System\SZyJwJe.exe
  2⤵
  PID:8440
- C:\Windows\System\nBMMTnW.exe
  C:\Windows\System\nBMMTnW.exe
  2⤵
  PID:8520
- C:\Windows\System\wbUyCIQ.exe
  C:\Windows\System\wbUyCIQ.exe
  2⤵
  PID:8592
- C:\Windows\System\tihuifD.exe
  C:\Windows\System\tihuifD.exe
  2⤵
  PID:8700
- C:\Windows\System\NJHwhgr.exe
  C:\Windows\System\NJHwhgr.exe
  2⤵
  PID:8728
- C:\Windows\System\NMWaaKw.exe
  C:\Windows\System\NMWaaKw.exe
  2⤵
  PID:8856
- C:\Windows\System\PQjgnEb.exe
  C:\Windows\System\PQjgnEb.exe
  2⤵
  PID:9000
- C:\Windows\System\HCileKm.exe
  C:\Windows\System\HCileKm.exe
  2⤵
  PID:9204
- C:\Windows\System\YNSTMfy.exe
  C:\Windows\System\YNSTMfy.exe
  2⤵
  PID:8468
- C:\Windows\System\CpxqhrU.exe
  C:\Windows\System\CpxqhrU.exe
  2⤵
  PID:8504
- C:\Windows\System\kdsHyoP.exe
  C:\Windows\System\kdsHyoP.exe
  2⤵
  PID:8840
- C:\Windows\System\GdSQvEa.exe
  C:\Windows\System\GdSQvEa.exe
  2⤵
  PID:8268
- C:\Windows\System\pDCPapr.exe
  C:\Windows\System\pDCPapr.exe
  2⤵
  PID:9076
- C:\Windows\System\oFGzqKz.exe
  C:\Windows\System\oFGzqKz.exe
  2⤵
  PID:8964
- C:\Windows\System\uunLXts.exe
  C:\Windows\System\uunLXts.exe
  2⤵
  PID:8804
- C:\Windows\System\jZPwRMh.exe
  C:\Windows\System\jZPwRMh.exe
  2⤵
  PID:8428
- C:\Windows\System\VuqMjty.exe
  C:\Windows\System\VuqMjty.exe
  2⤵
  PID:8884
- C:\Windows\System\MoACQhC.exe
  C:\Windows\System\MoACQhC.exe
  2⤵
  PID:8948
- C:\Windows\System\CvWXKFS.exe
  C:\Windows\System\CvWXKFS.exe
  2⤵
  PID:9168
- C:\Windows\System\ubKzEGH.exe
  C:\Windows\System\ubKzEGH.exe
  2⤵
  PID:9080
- C:\Windows\System\nPKnjnd.exe
  C:\Windows\System\nPKnjnd.exe
  2⤵
  PID:8708
- C:\Windows\System\ZWhfppO.exe
  C:\Windows\System\ZWhfppO.exe
  2⤵
  PID:8596
- C:\Windows\System\jVWLUHr.exe
  C:\Windows\System\jVWLUHr.exe
  2⤵
  PID:8660
- C:\Windows\System\dmGLgst.exe
  C:\Windows\System\dmGLgst.exe
  2⤵
  PID:8288
- C:\Windows\System\mdTjaAY.exe
  C:\Windows\System\mdTjaAY.exe
  2⤵
  PID:8724
- C:\Windows\System\tRJgHlQ.exe
  C:\Windows\System\tRJgHlQ.exe
  2⤵
  PID:9240
- C:\Windows\System\GHGJECX.exe
  C:\Windows\System\GHGJECX.exe
  2⤵
  PID:9268
- C:\Windows\System\aHSlgaH.exe
  C:\Windows\System\aHSlgaH.exe
  2⤵
  PID:9328
- C:\Windows\System\sCzYfYp.exe
  C:\Windows\System\sCzYfYp.exe
  2⤵
  PID:9344
- C:\Windows\System\BTaPKxE.exe
  C:\Windows\System\BTaPKxE.exe
  2⤵
  PID:9360
- C:\Windows\System\VmOncTi.exe
  C:\Windows\System\VmOncTi.exe
  2⤵
  PID:9380
- C:\Windows\System\lmBKFRI.exe
  C:\Windows\System\lmBKFRI.exe
  2⤵
  PID:9408
- C:\Windows\System\lCbYSXr.exe
  C:\Windows\System\lCbYSXr.exe
  2⤵
  PID:9428
- C:\Windows\System\FyfiCNj.exe
  C:\Windows\System\FyfiCNj.exe
  2⤵
  PID:9444
- C:\Windows\System\mrOBGoM.exe
  C:\Windows\System\mrOBGoM.exe
  2⤵
  PID:9464
- C:\Windows\System\AXQfQGB.exe
  C:\Windows\System\AXQfQGB.exe
  2⤵
  PID:9488
- C:\Windows\System\zStokxn.exe
  C:\Windows\System\zStokxn.exe
  2⤵
  PID:9508
- C:\Windows\System\WZInHsB.exe
  C:\Windows\System\WZInHsB.exe
  2⤵
  PID:9528
- C:\Windows\System\ZICgIPe.exe
  C:\Windows\System\ZICgIPe.exe
  2⤵
  PID:9544
- C:\Windows\System\LfBSMeK.exe
  C:\Windows\System\LfBSMeK.exe
  2⤵
  PID:9564
- C:\Windows\System\KyIOdjd.exe
  C:\Windows\System\KyIOdjd.exe
  2⤵
  PID:9584
- C:\Windows\System\YJcgLnv.exe
  C:\Windows\System\YJcgLnv.exe
  2⤵
  PID:9604
- C:\Windows\System\suMFfBe.exe
  C:\Windows\System\suMFfBe.exe
  2⤵
  PID:9620
- C:\Windows\System\eiNQxxZ.exe
  C:\Windows\System\eiNQxxZ.exe
  2⤵
  PID:9636
- C:\Windows\System\bUzMQXq.exe
  C:\Windows\System\bUzMQXq.exe
  2⤵
  PID:9652
- C:\Windows\System\VeaMSII.exe
  C:\Windows\System\VeaMSII.exe
  2⤵
  PID:9676
- C:\Windows\System\XHBFRrJ.exe
  C:\Windows\System\XHBFRrJ.exe
  2⤵
  PID:9692
- C:\Windows\System\oUcpcqA.exe
  C:\Windows\System\oUcpcqA.exe
  2⤵
  PID:9712
- C:\Windows\System\nbthMQT.exe
  C:\Windows\System\nbthMQT.exe
  2⤵
  PID:9728
- C:\Windows\System\hYdPoir.exe
  C:\Windows\System\hYdPoir.exe
  2⤵
  PID:9772
- C:\Windows\System\kdrxKyz.exe
  C:\Windows\System\kdrxKyz.exe
  2⤵
  PID:9788
- C:\Windows\System\dxrMaZo.exe
  C:\Windows\System\dxrMaZo.exe
  2⤵
  PID:9812
- C:\Windows\System\rBAuuyM.exe
  C:\Windows\System\rBAuuyM.exe
  2⤵
  PID:9832
- C:\Windows\System\hXxBsbE.exe
  C:\Windows\System\hXxBsbE.exe
  2⤵
  PID:9848
- C:\Windows\System\GRgnmFU.exe
  C:\Windows\System\GRgnmFU.exe
  2⤵
  PID:9864
- C:\Windows\System\BMQqaZv.exe
  C:\Windows\System\BMQqaZv.exe
  2⤵
  PID:9884
- C:\Windows\System\bqIDjvY.exe
  C:\Windows\System\bqIDjvY.exe
  2⤵
  PID:9900
- C:\Windows\System\pQcHgDB.exe
  C:\Windows\System\pQcHgDB.exe
  2⤵
  PID:9932
- C:\Windows\System\qJWPqpQ.exe
  C:\Windows\System\qJWPqpQ.exe
  2⤵
  PID:9952
- C:\Windows\System\GHmfiNf.exe
  C:\Windows\System\GHmfiNf.exe
  2⤵
  PID:9972
- C:\Windows\System\YpolnbW.exe
  C:\Windows\System\YpolnbW.exe
  2⤵
  PID:9988
- C:\Windows\System\caMTphw.exe
  C:\Windows\System\caMTphw.exe
  2⤵
  PID:10004
- C:\Windows\System\WwelOWP.exe
  C:\Windows\System\WwelOWP.exe
  2⤵
  PID:10024
- C:\Windows\System\YzXqmUn.exe
  C:\Windows\System\YzXqmUn.exe
  2⤵
  PID:10044
- C:\Windows\System\AWadNpz.exe
  C:\Windows\System\AWadNpz.exe
  2⤵
  PID:10064
- C:\Windows\System\JYOVxMz.exe
  C:\Windows\System\JYOVxMz.exe
  2⤵
  PID:10080
- C:\Windows\System\pIUiPLk.exe
  C:\Windows\System\pIUiPLk.exe
  2⤵
  PID:10112
- C:\Windows\System\HLXZbqT.exe
  C:\Windows\System\HLXZbqT.exe
  2⤵
  PID:10128
- C:\Windows\System\pKuBpiE.exe
  C:\Windows\System\pKuBpiE.exe
  2⤵
  PID:10144
- C:\Windows\System\fXtSQeN.exe
  C:\Windows\System\fXtSQeN.exe
  2⤵
  PID:10176
- C:\Windows\System\CxIYsmQ.exe
  C:\Windows\System\CxIYsmQ.exe
  2⤵
  PID:10192
- C:\Windows\System\HkwBysO.exe
  C:\Windows\System\HkwBysO.exe
  2⤵
  PID:10208
- C:\Windows\System\GDcLtQO.exe
  C:\Windows\System\GDcLtQO.exe
  2⤵
  PID:10228
- C:\Windows\System\tbUElrg.exe
  C:\Windows\System\tbUElrg.exe
  2⤵
  PID:9228
- C:\Windows\System\sYtCCMW.exe
  C:\Windows\System\sYtCCMW.exe
  2⤵
  PID:9232
- C:\Windows\System\MHUxQAm.exe
  C:\Windows\System\MHUxQAm.exe
  2⤵
  PID:9252
- C:\Windows\System\sLnYJRZ.exe
  C:\Windows\System\sLnYJRZ.exe
  2⤵
  PID:9288
- C:\Windows\System\grtGKVj.exe
  C:\Windows\System\grtGKVj.exe
  2⤵
  PID:9304
- C:\Windows\System\hkAtYWP.exe
  C:\Windows\System\hkAtYWP.exe
  2⤵
  PID:8644
- C:\Windows\System\GlFVIzw.exe
  C:\Windows\System\GlFVIzw.exe
  2⤵
  PID:9372
- C:\Windows\System\yqgygQx.exe
  C:\Windows\System\yqgygQx.exe
  2⤵
  PID:9388
- C:\Windows\System\wzcuBJF.exe
  C:\Windows\System\wzcuBJF.exe
  2⤵
  PID:9440
- C:\Windows\System\gtKjAzS.exe
  C:\Windows\System\gtKjAzS.exe
  2⤵
  PID:9472
- C:\Windows\System\CgJTIbH.exe
  C:\Windows\System\CgJTIbH.exe
  2⤵
  PID:9500
- C:\Windows\System\COsELRB.exe
  C:\Windows\System\COsELRB.exe
  2⤵
  PID:9536
- C:\Windows\System\GzGJueL.exe
  C:\Windows\System\GzGJueL.exe
  2⤵
  PID:9592
- C:\Windows\System\GenpiyR.exe
  C:\Windows\System\GenpiyR.exe
  2⤵
  PID:9580
- C:\Windows\System\HlcqaSG.exe
  C:\Windows\System\HlcqaSG.exe
  2⤵
  PID:9648
- C:\Windows\System\iZuAGJq.exe
  C:\Windows\System\iZuAGJq.exe
  2⤵
  PID:9708
- C:\Windows\System\BXFIVjl.exe
  C:\Windows\System\BXFIVjl.exe
  2⤵
  PID:9736
- C:\Windows\System\JtcEnaz.exe
  C:\Windows\System\JtcEnaz.exe
  2⤵
  PID:9756
- C:\Windows\System\KWdaspK.exe
  C:\Windows\System\KWdaspK.exe
  2⤵
  PID:9804
- C:\Windows\System\BbypAEJ.exe
  C:\Windows\System\BbypAEJ.exe
  2⤵
  PID:9844
- C:\Windows\System\DDWbhVe.exe
  C:\Windows\System\DDWbhVe.exe
  2⤵
  PID:9892
- C:\Windows\System\dQnGzXK.exe
  C:\Windows\System\dQnGzXK.exe
  2⤵
  PID:9912
- C:\Windows\System\KsoMGgl.exe
  C:\Windows\System\KsoMGgl.exe
  2⤵
  PID:9908
- C:\Windows\System\wbpZIqv.exe
  C:\Windows\System\wbpZIqv.exe
  2⤵
  PID:9948
- C:\Windows\System\hYzsEXa.exe
  C:\Windows\System\hYzsEXa.exe
  2⤵
  PID:9996
- C:\Windows\System\fNobskD.exe
  C:\Windows\System\fNobskD.exe
  2⤵
  PID:10016
- C:\Windows\System\jxCYjEl.exe
  C:\Windows\System\jxCYjEl.exe
  2⤵
  PID:10056
- C:\Windows\System\zNnvaVR.exe
  C:\Windows\System\zNnvaVR.exe
  2⤵
  PID:9984
- C:\Windows\System\IshMdqm.exe
  C:\Windows\System\IshMdqm.exe
  2⤵
  PID:10108
- C:\Windows\System\mNsUEBq.exe
  C:\Windows\System\mNsUEBq.exe
  2⤵
  PID:10092
- C:\Windows\System\PyKHNty.exe
  C:\Windows\System\PyKHNty.exe
  2⤵
  PID:10160
- C:\Windows\System\urGmlzS.exe
  C:\Windows\System\urGmlzS.exe
  2⤵
  PID:10236
- C:\Windows\System\MNyotyE.exe
  C:\Windows\System\MNyotyE.exe
  2⤵
  PID:10188
- C:\Windows\System\CsxyKEa.exe
  C:\Windows\System\CsxyKEa.exe
  2⤵
  PID:10216
- C:\Windows\System\jAoxmCU.exe
  C:\Windows\System\jAoxmCU.exe
  2⤵
  PID:8356
- C:\Windows\System\dEilaHT.exe
  C:\Windows\System\dEilaHT.exe
  2⤵
  PID:9524
- C:\Windows\System\nXxqlfd.exe
  C:\Windows\System\nXxqlfd.exe
  2⤵
  PID:9560
- C:\Windows\System\CrltwLd.exe
  C:\Windows\System\CrltwLd.exe
  2⤵
  PID:9688
- C:\Windows\System\xaXRCfp.exe
  C:\Windows\System\xaXRCfp.exe
  2⤵
  PID:9660
- C:\Windows\System\MLVMOcy.exe
  C:\Windows\System\MLVMOcy.exe
  2⤵
  PID:9748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BPBUxJA.exe

Filesize
6.0MB

MD5
a004408382affc7073fa73f72a322ce6

SHA1
4a3c93286e5a26bbdec5db74b21f0c53e144b595

SHA256
9593efd69fec127619a9befa638873b586a6b7d86d048dcef5a7acccef7dc1c2

SHA512
90dcf6d24f91301c23db6d2632b3dc1aab2203ae920490976d8d2fbb334f59904d814cc0e2d89b1cbbdc9b38205d1284e4c4fbb779b13462c8b9dde4d9d88e38

Download Submit
C:\Windows\system\BjWnXmg.exe

Filesize
6.0MB

MD5
b8cf5c8fae5938aeb9a94670be62ba09

SHA1
e8e78c8792ebf3b9cf56118844c39e39c240654c

SHA256
2be23fe28113fcc6d3b8723ceab7137ecc8fb462f3c5b3dc778fce23dcd46c06

SHA512
0a9ddec9dc7669d8f367439d9f0531d277cf2c101af290bf2c5401d57db2de483a1290aa552e258b56f1a4b2cdddc510e42b5e3102ecac88a5c1982d7e595fe0

Download Submit
C:\Windows\system\CXMGLGU.exe

Filesize
6.0MB

MD5
b2fc3fcda59ac19b680e785b1368d1c0

SHA1
da33f60607cfbd3ee6ac5b1c5289fabe16ea2a5d

SHA256
bf29e3b62e86f565b211784d1927f2fcfa7814fcde92c71baa5089e8ba5d9730

SHA512
ef3f7ad4a37360c3034cbaba45fcc5c5689482eee25cbf655497222113637d90181d391f6d1cd7968a39c186e9a04dffd46885d50d3f983344e7ef09696f0195

Download Submit
C:\Windows\system\DgjEvxH.exe

Filesize
6.0MB

MD5
e2cca8b60ae43cd90dd86276e035eecf

SHA1
db85c6ad22a2bbfaa586a50f08eac3449aab98a8

SHA256
363011c41ac8fae55f5a4fc178a1b032a47df6f1ed0c58ebf9176948925e04e9

SHA512
6bb9dc4d2a8e49848f118e55c806627578bf010988b4ea3a8e89adf3c91820447e190613ca9a9bdf82ececc059a1e5baa03b40976bbadc0a3b8fea6271cc2be7

Download Submit
C:\Windows\system\DsSHEpd.exe

Filesize
6.0MB

MD5
2946409bb7b03ce52661bf8129eca441

SHA1
8193e6ad7af893b93fa5c4371022ba95a28c3a53

SHA256
be78f5ae2cc5d951052ffdd0b8b4b0860e3b877a20167c91ad7d64f6afcde609

SHA512
dda9dd96781661c6dabe0a01fb23d51bd55824a65e7e9b3f02e20d85097c9217b4b93126bc2a99d22c7de33d698346e49c2e9e4197d473ebeddd6efb95de1871

Download Submit
C:\Windows\system\DsYekMi.exe

Filesize
6.0MB

MD5
8e4bea754b9f45ab51ac9817fd260aff

SHA1
98e3723c7c536225f3ef200e64ec10b3b514422e

SHA256
bfba3987f7bd7e117b7a180bbeb6af96dc6ef213abee67ddff9f6cbadff5b008

SHA512
2d7c562d2709af8a5708e522f8d961473acd8741c4dbfd86c30eb0471552a2678be2ce7e8e09da39239a6c771d90306b9212a488cf992c2cd095dc58afab4197

Download Submit
C:\Windows\system\FBnvwpZ.exe

Filesize
6.0MB

MD5
67a358b4a574b89e603e7b9abc20abfc

SHA1
22401ad39ce6c0ef164e9c42d91dd563c2f5a3e3

SHA256
75bc5d3bf78df4c6787d7b380f48ddb801325395768f3a994df3fde3537d26f7

SHA512
b94a791ff864dd563d5bc703aae1a9963150c1cbc87fc6cc633709c5860965df9fafdff975ebe1fad0c1a0ac2cd8c4ad8a9110472f5e5bdfefe1ad2668bfaf84

Download Submit
C:\Windows\system\ILhiddh.exe

Filesize
6.0MB

MD5
15cccc72a8d8c7cbbfa34eba02d6cb50

SHA1
8c29452ee25010748a501b8b0ff19c53c2ab70eb

SHA256
5d63b2a49c1318605fadf1f44f15acf3d32aa632f001183ddadc1d9b25c2422a

SHA512
760f8c440e01920c9ca9727cf6e7f3a622c754e9ca525935e68dc7b842aa5cfd6706ef2b325fdfb49835ac90a42d57232abac238aa3fedae56f093636a6f7cdb

Download Submit
C:\Windows\system\IpGUxAI.exe

Filesize
8B

MD5
1760320093189d4bf78b8639ea3f00d9

SHA1
d6aef81870559d9a70afeb715ddc9f155f517003

SHA256
6882c48711d0e2b3e3b7204f53e0e7c44e0e783282ff9cd01b9a857691dfbc75

SHA512
5190d1005f40de4a9500882245c634bc3ed7b487363c7802893bddbf477fb6ca0f2e6d87b0f5a0456b775e11eb76e71512f8e76e2fab35dcb059221e3e39e886

Download Submit
C:\Windows\system\KjGsjZV.exe

Filesize
6.0MB

MD5
e82bbd66fd22dfb9587ba328789a8a42

SHA1
298ef5c1c0d265df4f638d11679f1c7c8df354f0

SHA256
f6a390d80d1850ba49413ccc8ea6f50e549900d9d6c9a6fd94231069d960b3ed

SHA512
904163609558f4986c10d76e355bb2532dd5a42d775456876e231e9a677c7e9c0d53603ad87b6b50b963e539b94894a153ce78dc04523119bcfa93be9574b1d6

Download Submit
C:\Windows\system\MqMnYSo.exe

Filesize
6.0MB

MD5
9b1bad1709071cd364dc6713bfd1d358

SHA1
1cac831154548e82a005f5b32a25e1dac98d8496

SHA256
453bb88588b0104b1399d5953a97dd59da441090b5b48d66a87b4952244acfa4

SHA512
0d573b90a95591467a77712622f5db6c2ddaf875852066bf8eae0cae7f06df15cc67e43bc3db08a33991e89c03f76d5593908ee97f31d53f69e4085605c30b89

Download Submit
C:\Windows\system\Ogebobm.exe

Filesize
6.0MB

MD5
b99c6db9f655f83362521c0f4c2af58c

SHA1
ea1cc22ae9076d9a05670f830d1f6e58a1e46552

SHA256
610c7ef99ece6f144c69ae0705ed81e9ad1514f277e2094f6524b90b0311a5cb

SHA512
29c753fec4aae7fde446bbd46a04d846460a43fab803395597afe7a63512b2f4153e24fed7e87b552f523be494dcb1cfd9a1d931a0b5707029b9d298049d0121

Download Submit
C:\Windows\system\RHYkVYf.exe

Filesize
6.0MB

MD5
aeaa345e3563df53dfb0ded1f918117e

SHA1
b06c96b2db1231dd93f6d52667cece3eb4f718e9

SHA256
27e25dde77daa1cc90db0bc83105cb23d7db04e20581b74bbd1f84ff0246802b

SHA512
de8ad683ee5fbd48c2cfffa8777cba1fb14e11662544bf9ad27cfcab9852b50da9071bfcc15acc556f40f243a7c02d51f8a731d5d589199b08b25e8623f9a4fa

Download Submit
C:\Windows\system\RZwgOVt.exe

Filesize
6.0MB

MD5
e9b94798cf47639aa443e5c410f425c1

SHA1
6d436895e2c6e40728e08cf41466e0d4bacdff6c

SHA256
cc9c0b83af7723f9b6b6817f653d4db022e4a3be8039f610bc8e2f3be02474a1

SHA512
61285be8397193358e28e5fe4f52fbe34bcbd71eec8d68b5ce3e19ca569396fa02659e8164fed8cb6ee9766f87081023b9e278b022b60b99dbfc3c8e9a0f6541

Download Submit
C:\Windows\system\SoUdvqi.exe

Filesize
6.0MB

MD5
84a4e682561f51225851926cc154e2bc

SHA1
6eed7477335be4450455496168a91bbc4a290f99

SHA256
7400439940f85a3eecd9ce9751f7a7e1560f8ba397e3cf1132d400804388eb96

SHA512
4520c4defc734987ae63113feb79faada5174c1788ec651c73ff83b33a2e02ab2e803e66e33086d920ea4ce96305b35097d1199b042095b9eddc8e7808cb29d7

Download Submit
C:\Windows\system\TBaViBy.exe

Filesize
6.0MB

MD5
556a3b5e0f86095acaa3cb6c9b60f6e1

SHA1
b225c760995139e93dc06fd0fba5cf1ad99d0c4b

SHA256
d91a863e8538d7b7ce2aabf6d51beeddba79025ed6ca319cca99e2844889ced7

SHA512
2098bc0d21340e70f652b0184c62ba50021c953b1d689e1ae8cc846a1404bc254ee198ea7a7f473f4b367b7baefd64fb481a85366e1e966ef30e6c031cfb7e25

Download Submit
C:\Windows\system\XSThzty.exe

Filesize
6.0MB

MD5
7a42afa09ea68f8a77a232f68f57564c

SHA1
dea1a51136ace1cf8a4744345e6ed5e0487e422c

SHA256
48d5d44ace073c9cfbced36d0f0abfcd2a2b88a60bcd2c0bc12970e49f8dea76

SHA512
9b062788f57837ac034491a6d95246ba644e006143d481b9248c2b1c31cfc7eafe62134cc0bb0b6b306d6b829ed45b530d9ce2cf94a70f8e3f2331aacbf0763e

Download Submit
C:\Windows\system\YgGkCAt.exe

Filesize
6.0MB

MD5
35370d33fe2c67bb17b09e0d66077344

SHA1
0aa133954e0afc3d0894dbfe8c4ba82bfa849a71

SHA256
25b9da05e7f90a99306f66696f1dfb1a4ccc777c035e139bccd3da4320ad5c9b

SHA512
a646b1b39a516e7b6ca827960406c5d29fa8d8c73ac4684f3ae4f2cc8819135c1ef4eb9278e3574aec4a9e2b3ecf4ab67f6fea54ce8b603f3c3956b9e4be7cb7

Download Submit
C:\Windows\system\cGLJDtT.exe

Filesize
6.0MB

MD5
8fc24e425b12ca4693d39f04c05d6e19

SHA1
f6e51bf54c8dc0591558dd57d2034bbddbad0fd7

SHA256
e04b7e10a5ef2f43a83fba31b91e999175b433b6fcc45263b94dde1909980f88

SHA512
cb924a89b175bbaf6edb97b2a3b38c845d4739f0ef486aef723907250bf11c07011bcddae248e57e527e1cbdef16367376818d2fb29dcbc142a76175afeb9f78

Download Submit
C:\Windows\system\cSGEMWc.exe

Filesize
6.0MB

MD5
8b17f63897a513c0756fc09898bf7784

SHA1
b00619fa26e15501cc931caad91241748df6e7a8

SHA256
2552bbb11bf3ff35055036127a7aff360b379d4054117b28b066f05ec3804ea1

SHA512
f830228f802f236e7a905ee5aba55289af327eb20b1496ffd20f8c6f4188f4526b1658d0840d84a4c2f4cad7bffb6302c0c76d73ee229d233bb83c5cd7bdb035

Download Submit
C:\Windows\system\eydEhml.exe

Filesize
6.0MB

MD5
e54025b9090c4955961d4a6db4cf451e

SHA1
e54a966067d7a60d26e01882869f03c6d863498c

SHA256
4a487878018bfd0abf433e8793036339b2c055a2ab63aa0c059c281db28d381a

SHA512
f21241d3ddb50d826c6af353398028e31521b684aaafbf220a6e52e735a9378aea77be1ecdc74195fd81b8c12a900bb99cdacbdb7086c865658dd85103068e91

Download Submit
C:\Windows\system\jaWdmLK.exe

Filesize
6.0MB

MD5
ceb4ca03a204b23ad42708be9e71a5d7

SHA1
4b7d290b645e745a8cc1d7a16ff3b0799d42dd92

SHA256
46ba692e61baedef0ebf0e28c7793a5854016db384851d124284f355e6ebdbd9

SHA512
aa9bf9357de0fbfebe447589c352462c89f674f9844e730827aec9579fcd818137df803593bf999da16e4771a78a85236f684130bb321a3bf10daa2cb18a41e0

Download Submit
C:\Windows\system\prnIsEl.exe

Filesize
6.0MB

MD5
9dc00b89cf856e648a0517ade833a094

SHA1
1fed8d9bacdbbd959fc0e01af4adc4e0a08097c7

SHA256
5a798d758cec67aa6db81609680de2756fc99c371be0b3fd98f2259b0e27726e

SHA512
9f2d604f9a48280e8e2d762fecdeb42b85882b17892dbe045385a82339cfeb3b4b129d177a8a7673726f4b2104b519f16dc65ace2f9d4d0f0ca29be61fc3564e

Download Submit
C:\Windows\system\rPChHov.exe

Filesize
6.0MB

MD5
c05d9f53b59f1ae04fbb4193f899f3f1

SHA1
f97ffc736e5e0c6f5b0386479c5d66d2ad9bc4b9

SHA256
c338a9c82032437294106be5ff5c29bb97ffa95185a3f6b14222f2e0963ae73b

SHA512
b6959e77fc7659e67a0f5563ef6ef3f8148feae6be2a0bfc70e89f9b3b46171fbeb209dc1bb2aebaaca501fc7b7f88d1cb061917f4ecd739b8c98fbe8ddc5fa3

Download Submit
C:\Windows\system\tKJAkYZ.exe

Filesize
6.0MB

MD5
050a606a72fdfdba49f9a8b36213a3eb

SHA1
2abf02bb7da68f5da3fd41c9788deec9f1e1bf16

SHA256
06be4a930eccc4412c14d49ab023938f6f7c68b315b5071bea776241ff959779

SHA512
1e840f89e0be471b43fd6a9e089679c0c884b6d77d9a731cd000cef8768dade5be0b692ba916957aa78613bae504b9019956a80a34263876b2581d32d0ba9b6b

Download Submit
C:\Windows\system\unMsMjR.exe

Filesize
6.0MB

MD5
bd0f249e01213429ef87a0e6bc3a90bb

SHA1
5b4bf25898f89d24499c57e65b1893577acb577d

SHA256
0bf76ff71c6fa738ca605f763caafc4924473f3296eaabc0bd9e674a024ec2e2

SHA512
c0f13d4c82fffbcc2d022556a31e16bf24afbc6c0c7a679f098cff1bf326dc1a06c61187d1f31ae87551d0d656aa49e83697d8dbf8c1d6baf525ba439bb6a04e

Download Submit
C:\Windows\system\vxwLdoV.exe

Filesize
6.0MB

MD5
7991dfbe81103e354f61b8b67f961dc4

SHA1
68248819cae65987e1142bd5f95dbcca98e082f2

SHA256
9d55580a1602212dbde3722f043c9eea2e9cb49521f31dd01cd33bd386317c13

SHA512
5710fd380f3f9ec63074ca0d24d4f865a4d339abf7be1e51f6174ab9b11fd2e6b32c0ce81128491cc029604ee752f03a779f79fe6ddb287d18b5b8d7c8efe7f8

Download Submit
C:\Windows\system\yaKIhif.exe

Filesize
6.0MB

MD5
c01cf8ed686a787c98f3588a560d34c6

SHA1
fafd8a6c06dc31eecc62bfca2bd69f9b241bc7f1

SHA256
c6bae6d012d69a4de714a9d83117a25f88722483f9fe189aea15b656b0585e05

SHA512
b228de82402d65c14fb84254a3e11e79bce8b4665675f7443d80cff60ea6bd59ca0d3e3351b8d937c56d26dd3b5a502038fac6e01ebee5d56e93d497e8db76e8

Download Submit
\Windows\system\KojiwGW.exe

Filesize
6.0MB

MD5
f4188c8c5fe72e8af32cbdaa80aae0ac

SHA1
a5d38d2075bb547b211bc5e172406b6c525c057f

SHA256
7fe59f2043cd3bafd520ad361ba20a6ba6aec652eff608b58e5cc5de9c607b00

SHA512
2f5c074b71d7571d8cc84d1e30948c14044eca7f548e999ecf061ac469d7b3a661b608e7488db6bc3666e273344ce94463aaf149d3146f804e70f46da2473f6e

Download Submit
\Windows\system\SfaCsXJ.exe

Filesize
6.0MB

MD5
5d00498926c219d1d6c4a7b87dfef217

SHA1
e782e2f474e53bed30732af992f5c2d2dda163b7

SHA256
32b7299e1a8ee20af63ccfa1dfb4ae0051a4455a43d2e7342f54afcec216e719

SHA512
335f697535e0dff0c42f02461629b1f2997e8327fd93b5d38f3a219f41f287b53f52c527852060c2a5ae03a8adf24e6d3f64ca46db31abed1e2b3ca43126c744

Download Submit
\Windows\system\VfraPZg.exe

Filesize
6.0MB

MD5
37988a8c3839158cc081b5bba43ee50e

SHA1
879a1c309a4cb7a3ccef2b08867a5f54f33e8f7a

SHA256
91537b3b6af249b999c7348aa5ab5e038399693444fccee85a0c5036f11879db

SHA512
4218709bc5c55444bf98ffe413b300f1548a54b997e70f2d7b732121ca4f5d65d86cd2b3f73dd844af8aa090222ef53f6573c56e56a3d60fe963084e8f772c0a

Download Submit
\Windows\system\pjeQREw.exe

Filesize
6.0MB

MD5
ee29b5d4e75934345fa616d75b028ecd

SHA1
d1ca50337aafd91a8a91585632a4f01798ecea0c

SHA256
4ce4850a06cb6e58cf02407219ebe93c7601e012b28afe7343aeeae72737b7b6

SHA512
083c6d3660924c5ad39de6960f5300af88d8c2bd02500940961c6d17ea8e32d2993d8a5773600f9392397e1dea57399cdd161f3ce223786f80b66788c009ed49

Download Submit
\Windows\system\qfoqBvm.exe

Filesize
6.0MB

MD5
cce733b2613b2835b033565d2cda86ad

SHA1
7501fd6a9e9f9601c20e178a0d1d0897c434ef2b

SHA256
063f1b8c35c8178b8ec2199f7b3f463128037d9bf78122fb6540960746370cee

SHA512
2928c72f738233ebec48bfc701f94ff440ed7af82fd0f37084379642a41263c0e1a5b3c96844b47a448f7ffa176be75a122f4b6fd559bae0fd8a663f48088cbd

Download Submit
memory/940-3167-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/940-198-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/940-65-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1180-455-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1180-3172-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1180-81-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1868-88-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/1868-3180-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/1868-611-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2080-73-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2080-3176-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2080-327-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2100-60-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-3185-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-94-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-46-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2560-80-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3160-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2576-53-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2576-87-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3164-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2636-29-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-3163-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-56-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2660-7-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2660-3157-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2740-95-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2740-3181-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2740-740-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2796-26-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3159-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3547-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-40-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3161-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2892-38-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3162-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2936-33-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/3068-263-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/3068-49-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/3068-528-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/3068-374-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/3068-0-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/3068-850-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/3068-42-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/3068-25-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-78-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/3068-37-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/3068-100-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/3068-99-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/3068-14-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-62-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/3068-70-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1-0x0000000000300000-0x0000000000310000-memory.dmp

Filesize
64KB

Download