cobaltstrike | e2ea6c71f6168d42aeac3606a0bc798e3c92b5174b8ab9dc2b8fcd0cb4faaf82

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-09-2024 21:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

48ed029c0688b01396219dde84c55988
SHA1

e55ddfdbb415a42f64cb08c6c9bda5c836129c0a
SHA256

e2ea6c71f6168d42aeac3606a0bc798e3c92b5174b8ab9dc2b8fcd0cb4faaf82
SHA512

f581cde0204d474238897de8f97951db9bb49833dc1e4278faa26f3d9150b0050de2b2164d6e48a1a6a743a3aba3d9bbb863929cbeebe4d1cb16b86775f75d55
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUC:T+q56utgpPF8u/7C

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 36 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0003000000012000-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d89-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017079-15.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173a7-18.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173a9-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017488-30.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000174cc-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019282-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-55.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-98.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-162.dat	cobalt_reflective_dll
behavioral1/files/0x0034000000016d64-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019582-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950c-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-75.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-50.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000017492-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2212-0-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x0003000000012000-6.dat	xmrig
behavioral1/files/0x0008000000016d89-8.dat	xmrig
behavioral1/files/0x0008000000017079-15.dat	xmrig
behavioral1/files/0x00070000000173a7-18.dat	xmrig
behavioral1/files/0x00070000000173a9-26.dat	xmrig
behavioral1/files/0x0007000000017488-30.dat	xmrig
behavioral1/files/0x00090000000174cc-41.dat	xmrig
behavioral1/files/0x0007000000019282-45.dat	xmrig
behavioral1/files/0x0005000000019350-55.dat	xmrig
behavioral1/files/0x00050000000193c2-65.dat	xmrig
behavioral1/files/0x0005000000019431-85.dat	xmrig
behavioral1/files/0x0005000000019461-98.dat	xmrig
behavioral1/memory/2008-147-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2212-1098-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2212-182-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2716-175-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x000500000001961f-172.dat	xmrig
behavioral1/files/0x0005000000019619-166.dat	xmrig
behavioral1/files/0x000500000001961b-162.dat	xmrig
behavioral1/memory/2212-157-0x0000000002460000-0x00000000027B4000-memory.dmp	xmrig
behavioral1/files/0x0034000000016d64-156.dat	xmrig
behavioral1/memory/2684-154-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019617-152.dat	xmrig
behavioral1/files/0x0005000000019615-143.dat	xmrig
behavioral1/files/0x0005000000019611-134.dat	xmrig
behavioral1/files/0x000500000001960d-126.dat	xmrig
behavioral1/files/0x0005000000019609-118.dat	xmrig
behavioral1/memory/2792-209-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2220-207-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/3012-201-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/276-195-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2196-189-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/1856-187-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2580-185-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2548-179-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2212-171-0x0000000002460000-0x00000000027B4000-memory.dmp	xmrig
behavioral1/memory/2736-170-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x000500000001961d-167.dat	xmrig
behavioral1/memory/2668-161-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2816-142-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019613-140.dat	xmrig
behavioral1/files/0x000500000001960f-131.dat	xmrig
behavioral1/files/0x0005000000019582-110.dat	xmrig
behavioral1/files/0x000500000001960b-124.dat	xmrig
behavioral1/files/0x00050000000195c5-116.dat	xmrig
behavioral1/files/0x000500000001950c-105.dat	xmrig
behavioral1/files/0x000500000001944f-95.dat	xmrig
behavioral1/files/0x0005000000019441-90.dat	xmrig
behavioral1/files/0x0005000000019427-80.dat	xmrig
behavioral1/files/0x000500000001941e-75.dat	xmrig
behavioral1/files/0x00050000000193e1-70.dat	xmrig
behavioral1/files/0x00050000000193b4-60.dat	xmrig
behavioral1/files/0x0005000000019334-50.dat	xmrig
behavioral1/files/0x000a000000017492-36.dat	xmrig
behavioral1/memory/2008-3684-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/3012-3694-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2580-3693-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2220-3716-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2792-3720-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2668-3719-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2716-3718-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2196-3717-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2816-3741-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2792	jxqyIFs.exe
2816	uaEzOQX.exe
2008	VdqNELx.exe
2684	XavLarm.exe
2668	VpvTOjl.exe
2736	WYSELBN.exe
2716	dPuPBpY.exe
2548	qbxCHJJ.exe
2580	AFRNefc.exe
1856	QLFOhqj.exe
2196	jQEszRo.exe
276	lDINNWV.exe
3012	udZrtaz.exe
2220	jQYVIqY.exe
2096	KaXuxIJ.exe
1152	kOMrAVV.exe
1356	lpwkfQj.exe
1724	alRLPFB.exe
344	qiKwJgO.exe
2608	wAnbBLQ.exe
2284	CCBDlIB.exe
2076	NsXVErP.exe
1028	WZohgwS.exe
3064	RkCQbdb.exe
2924	TKTRyQX.exe
1508	rTBkFkJ.exe
1712	xanmYjf.exe
956	kPCqmFb.exe
2436	ZqZzODL.exe
568	dtzCvRH.exe
1804	SDJgsck.exe
1324	NkdBYVd.exe
1796	XWPHAfN.exe
2264	EDSLyfB.exe
2408	ZkgcikQ.exe
2348	wxILdqa.exe
2236	bpHIlKo.exe
2980	hRwVyhy.exe
2352	iBdxkXj.exe
1596	acXnzYa.exe
2192	qxxAbIG.exe
2332	ZsjgPEZ.exe
2660	zsgnbVy.exe
444	JgkbCde.exe
1044	rGOMJWM.exe
1092	qyNdvdR.exe
760	RzqWSnI.exe
1972	AJShcRD.exe
1776	GMutSpb.exe
848	RVITiGZ.exe
1360	SUcaUAR.exe
2000	dKTAsxo.exe
688	ASUaWcJ.exe
2452	OTqmgES.exe
1948	lsYmNma.exe
1848	SKOBsYh.exe
2784	cDlgMtf.exe
2384	xxbXGKa.exe
2148	ljHiRwp.exe
2876	yfSYwon.exe
340	pPWJHyC.exe
1376	lSYvGgG.exe
2280	WNFzNci.exe
1156	WePxgBy.exe

Loads dropped DLL 64 IoCs

pid	Process
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2212-0-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x0003000000012000-6.dat	upx
behavioral1/files/0x0008000000016d89-8.dat	upx
behavioral1/files/0x0008000000017079-15.dat	upx
behavioral1/files/0x00070000000173a7-18.dat	upx
behavioral1/files/0x00070000000173a9-26.dat	upx
behavioral1/files/0x0007000000017488-30.dat	upx
behavioral1/files/0x00090000000174cc-41.dat	upx
behavioral1/files/0x0007000000019282-45.dat	upx
behavioral1/files/0x0005000000019350-55.dat	upx
behavioral1/files/0x00050000000193c2-65.dat	upx
behavioral1/files/0x0005000000019431-85.dat	upx
behavioral1/files/0x0005000000019461-98.dat	upx
behavioral1/memory/2008-147-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2212-1098-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2716-175-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x000500000001961f-172.dat	upx
behavioral1/files/0x0005000000019619-166.dat	upx
behavioral1/files/0x000500000001961b-162.dat	upx
behavioral1/files/0x0034000000016d64-156.dat	upx
behavioral1/memory/2684-154-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/files/0x0005000000019617-152.dat	upx
behavioral1/files/0x0005000000019615-143.dat	upx
behavioral1/files/0x0005000000019611-134.dat	upx
behavioral1/files/0x000500000001960d-126.dat	upx
behavioral1/files/0x0005000000019609-118.dat	upx
behavioral1/memory/2792-209-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2220-207-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/3012-201-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/276-195-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2196-189-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/1856-187-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2580-185-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2548-179-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2736-170-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x000500000001961d-167.dat	upx
behavioral1/memory/2668-161-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2816-142-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x0005000000019613-140.dat	upx
behavioral1/files/0x000500000001960f-131.dat	upx
behavioral1/files/0x0005000000019582-110.dat	upx
behavioral1/files/0x000500000001960b-124.dat	upx
behavioral1/files/0x00050000000195c5-116.dat	upx
behavioral1/files/0x000500000001950c-105.dat	upx
behavioral1/files/0x000500000001944f-95.dat	upx
behavioral1/files/0x0005000000019441-90.dat	upx
behavioral1/files/0x0005000000019427-80.dat	upx
behavioral1/files/0x000500000001941e-75.dat	upx
behavioral1/files/0x00050000000193e1-70.dat	upx
behavioral1/files/0x00050000000193b4-60.dat	upx
behavioral1/files/0x0005000000019334-50.dat	upx
behavioral1/files/0x000a000000017492-36.dat	upx
behavioral1/memory/2008-3684-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/3012-3694-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2580-3693-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2220-3716-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2792-3720-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2668-3719-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2716-3718-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2196-3717-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2816-3741-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/276-3742-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/1856-3743-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2548-3744-0x000000013F510000-0x000000013F864000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ukthnTQ.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HgXWQzZ.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SdNoJel.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qXLhIyY.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vkCkXFy.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IBFXgGs.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bfVLMTv.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ojwppkv.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxILdqa.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HDCcSIi.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hRUZTQH.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GztgudM.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zvpgKQU.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ywFScgq.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uTcYTUS.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nuQagXK.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JjWDcwy.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCnYBNL.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uokeWFs.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hnNzonA.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rViPWVr.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WDWFhVP.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQbwfnR.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPCqmFb.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZUFIjIy.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FxjkDpO.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JvdAYmd.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fXovzCv.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TmehZkQ.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dhFDpyK.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uzkSulJ.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HaFLOSx.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zmTYJlr.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtKAFEU.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dCZYevv.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Luguted.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYIgNEn.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OAmWHhJ.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xAjvlYL.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qbGTWmq.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UCLUYkc.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xusKaEk.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\grOAhdu.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYXhTST.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmQuOLO.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iykoAnH.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NyOUxfk.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iJtwMxN.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fQIzLii.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NtfvuDu.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vagFgYm.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GRMRGyp.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SaZnfuv.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJShcRD.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZmgoVR.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLASHIu.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGgujwi.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SPLzdCD.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FghPcZn.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IxSaNgM.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HBmHepG.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hHIKHxo.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZvvHZAL.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGViLqI.exe	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2792	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2212 wrote to memory of 2792	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2212 wrote to memory of 2792	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2212 wrote to memory of 2816	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2212 wrote to memory of 2816	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2212 wrote to memory of 2816	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2212 wrote to memory of 2008	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2212 wrote to memory of 2008	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2212 wrote to memory of 2008	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2212 wrote to memory of 2684	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2212 wrote to memory of 2684	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2212 wrote to memory of 2684	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2212 wrote to memory of 2668	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2212 wrote to memory of 2668	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2212 wrote to memory of 2668	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2212 wrote to memory of 2736	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2212 wrote to memory of 2736	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2212 wrote to memory of 2736	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2212 wrote to memory of 2716	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2212 wrote to memory of 2716	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2212 wrote to memory of 2716	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2212 wrote to memory of 2548	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2212 wrote to memory of 2548	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2212 wrote to memory of 2548	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2212 wrote to memory of 2580	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2212 wrote to memory of 2580	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2212 wrote to memory of 2580	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2212 wrote to memory of 1856	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2212 wrote to memory of 1856	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2212 wrote to memory of 1856	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2212 wrote to memory of 2196	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2212 wrote to memory of 2196	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2212 wrote to memory of 2196	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2212 wrote to memory of 276	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2212 wrote to memory of 276	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2212 wrote to memory of 276	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2212 wrote to memory of 3012	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2212 wrote to memory of 3012	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2212 wrote to memory of 3012	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2212 wrote to memory of 2220	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2212 wrote to memory of 2220	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2212 wrote to memory of 2220	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2212 wrote to memory of 2096	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2212 wrote to memory of 2096	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2212 wrote to memory of 2096	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2212 wrote to memory of 1152	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2212 wrote to memory of 1152	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2212 wrote to memory of 1152	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2212 wrote to memory of 1356	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2212 wrote to memory of 1356	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2212 wrote to memory of 1356	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2212 wrote to memory of 1724	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2212 wrote to memory of 1724	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2212 wrote to memory of 1724	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2212 wrote to memory of 344	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2212 wrote to memory of 344	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2212 wrote to memory of 344	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2212 wrote to memory of 2608	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2212 wrote to memory of 2608	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2212 wrote to memory of 2608	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2212 wrote to memory of 2284	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2212 wrote to memory of 2284	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2212 wrote to memory of 2284	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2212 wrote to memory of 2076	2212	2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-20_48ed029c0688b01396219dde84c55988_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\System\jxqyIFs.exe
  C:\Windows\System\jxqyIFs.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\uaEzOQX.exe
  C:\Windows\System\uaEzOQX.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\VdqNELx.exe
  C:\Windows\System\VdqNELx.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\XavLarm.exe
  C:\Windows\System\XavLarm.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\VpvTOjl.exe
  C:\Windows\System\VpvTOjl.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\WYSELBN.exe
  C:\Windows\System\WYSELBN.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\dPuPBpY.exe
  C:\Windows\System\dPuPBpY.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\qbxCHJJ.exe
  C:\Windows\System\qbxCHJJ.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\AFRNefc.exe
  C:\Windows\System\AFRNefc.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\QLFOhqj.exe
  C:\Windows\System\QLFOhqj.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\jQEszRo.exe
  C:\Windows\System\jQEszRo.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\lDINNWV.exe
  C:\Windows\System\lDINNWV.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\udZrtaz.exe
  C:\Windows\System\udZrtaz.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\jQYVIqY.exe
  C:\Windows\System\jQYVIqY.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\KaXuxIJ.exe
  C:\Windows\System\KaXuxIJ.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\kOMrAVV.exe
  C:\Windows\System\kOMrAVV.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\lpwkfQj.exe
  C:\Windows\System\lpwkfQj.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\alRLPFB.exe
  C:\Windows\System\alRLPFB.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\qiKwJgO.exe
  C:\Windows\System\qiKwJgO.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\wAnbBLQ.exe
  C:\Windows\System\wAnbBLQ.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\CCBDlIB.exe
  C:\Windows\System\CCBDlIB.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\NsXVErP.exe
  C:\Windows\System\NsXVErP.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\WZohgwS.exe
  C:\Windows\System\WZohgwS.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\iBdxkXj.exe
  C:\Windows\System\iBdxkXj.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\RkCQbdb.exe
  C:\Windows\System\RkCQbdb.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\qxxAbIG.exe
  C:\Windows\System\qxxAbIG.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\TKTRyQX.exe
  C:\Windows\System\TKTRyQX.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\ZsjgPEZ.exe
  C:\Windows\System\ZsjgPEZ.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\rTBkFkJ.exe
  C:\Windows\System\rTBkFkJ.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\JgkbCde.exe
  C:\Windows\System\JgkbCde.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\xanmYjf.exe
  C:\Windows\System\xanmYjf.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\rGOMJWM.exe
  C:\Windows\System\rGOMJWM.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\kPCqmFb.exe
  C:\Windows\System\kPCqmFb.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\qyNdvdR.exe
  C:\Windows\System\qyNdvdR.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\ZqZzODL.exe
  C:\Windows\System\ZqZzODL.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\RzqWSnI.exe
  C:\Windows\System\RzqWSnI.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\dtzCvRH.exe
  C:\Windows\System\dtzCvRH.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\AJShcRD.exe
  C:\Windows\System\AJShcRD.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\SDJgsck.exe
  C:\Windows\System\SDJgsck.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\GMutSpb.exe
  C:\Windows\System\GMutSpb.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\NkdBYVd.exe
  C:\Windows\System\NkdBYVd.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\RVITiGZ.exe
  C:\Windows\System\RVITiGZ.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\XWPHAfN.exe
  C:\Windows\System\XWPHAfN.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\SUcaUAR.exe
  C:\Windows\System\SUcaUAR.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\EDSLyfB.exe
  C:\Windows\System\EDSLyfB.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\dKTAsxo.exe
  C:\Windows\System\dKTAsxo.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\ZkgcikQ.exe
  C:\Windows\System\ZkgcikQ.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\ASUaWcJ.exe
  C:\Windows\System\ASUaWcJ.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\wxILdqa.exe
  C:\Windows\System\wxILdqa.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\OTqmgES.exe
  C:\Windows\System\OTqmgES.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\bpHIlKo.exe
  C:\Windows\System\bpHIlKo.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\lsYmNma.exe
  C:\Windows\System\lsYmNma.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\hRwVyhy.exe
  C:\Windows\System\hRwVyhy.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\SKOBsYh.exe
  C:\Windows\System\SKOBsYh.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\acXnzYa.exe
  C:\Windows\System\acXnzYa.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\cDlgMtf.exe
  C:\Windows\System\cDlgMtf.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\zsgnbVy.exe
  C:\Windows\System\zsgnbVy.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\xxbXGKa.exe
  C:\Windows\System\xxbXGKa.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\ljHiRwp.exe
  C:\Windows\System\ljHiRwp.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\yfSYwon.exe
  C:\Windows\System\yfSYwon.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\pPWJHyC.exe
  C:\Windows\System\pPWJHyC.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\lSYvGgG.exe
  C:\Windows\System\lSYvGgG.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\WNFzNci.exe
  C:\Windows\System\WNFzNci.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\RVpGkfn.exe
  C:\Windows\System\RVpGkfn.exe
  2⤵
  PID:2172
- C:\Windows\System\WePxgBy.exe
  C:\Windows\System\WePxgBy.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\OevubLx.exe
  C:\Windows\System\OevubLx.exe
  2⤵
  PID:2424
- C:\Windows\System\WLaYXbU.exe
  C:\Windows\System\WLaYXbU.exe
  2⤵
  PID:1756
- C:\Windows\System\AojolwC.exe
  C:\Windows\System\AojolwC.exe
  2⤵
  PID:2476
- C:\Windows\System\lIaPxen.exe
  C:\Windows\System\lIaPxen.exe
  2⤵
  PID:1992
- C:\Windows\System\RFvpcNK.exe
  C:\Windows\System\RFvpcNK.exe
  2⤵
  PID:1684
- C:\Windows\System\IdQORbL.exe
  C:\Windows\System\IdQORbL.exe
  2⤵
  PID:1008
- C:\Windows\System\jnBUDHA.exe
  C:\Windows\System\jnBUDHA.exe
  2⤵
  PID:1928
- C:\Windows\System\oHEYUcz.exe
  C:\Windows\System\oHEYUcz.exe
  2⤵
  PID:2692
- C:\Windows\System\vQhYVrs.exe
  C:\Windows\System\vQhYVrs.exe
  2⤵
  PID:2920
- C:\Windows\System\eMocqpD.exe
  C:\Windows\System\eMocqpD.exe
  2⤵
  PID:1200
- C:\Windows\System\vkRdeJF.exe
  C:\Windows\System\vkRdeJF.exe
  2⤵
  PID:2448
- C:\Windows\System\zVPjuTX.exe
  C:\Windows\System\zVPjuTX.exe
  2⤵
  PID:2164
- C:\Windows\System\NJpWiZs.exe
  C:\Windows\System\NJpWiZs.exe
  2⤵
  PID:2960
- C:\Windows\System\vHoTdJO.exe
  C:\Windows\System\vHoTdJO.exe
  2⤵
  PID:2324
- C:\Windows\System\ULSCtIF.exe
  C:\Windows\System\ULSCtIF.exe
  2⤵
  PID:1924
- C:\Windows\System\zbQnwCQ.exe
  C:\Windows\System\zbQnwCQ.exe
  2⤵
  PID:2124
- C:\Windows\System\gaJTHtn.exe
  C:\Windows\System\gaJTHtn.exe
  2⤵
  PID:1560
- C:\Windows\System\GSNJODf.exe
  C:\Windows\System\GSNJODf.exe
  2⤵
  PID:2136
- C:\Windows\System\lxYqzvH.exe
  C:\Windows\System\lxYqzvH.exe
  2⤵
  PID:3004
- C:\Windows\System\alVDboy.exe
  C:\Windows\System\alVDboy.exe
  2⤵
  PID:2988
- C:\Windows\System\GelZeHt.exe
  C:\Windows\System\GelZeHt.exe
  2⤵
  PID:2276
- C:\Windows\System\kQyZOgI.exe
  C:\Windows\System\kQyZOgI.exe
  2⤵
  PID:620
- C:\Windows\System\nZuijKl.exe
  C:\Windows\System\nZuijKl.exe
  2⤵
  PID:2260
- C:\Windows\System\FLgYftJ.exe
  C:\Windows\System\FLgYftJ.exe
  2⤵
  PID:1424
- C:\Windows\System\TQvonTg.exe
  C:\Windows\System\TQvonTg.exe
  2⤵
  PID:1380
- C:\Windows\System\BIZGVCX.exe
  C:\Windows\System\BIZGVCX.exe
  2⤵
  PID:2432
- C:\Windows\System\uzgEFJb.exe
  C:\Windows\System\uzgEFJb.exe
  2⤵
  PID:884
- C:\Windows\System\hIhcSjV.exe
  C:\Windows\System\hIhcSjV.exe
  2⤵
  PID:3032
- C:\Windows\System\TncgRuV.exe
  C:\Windows\System\TncgRuV.exe
  2⤵
  PID:2752
- C:\Windows\System\dDIfeJS.exe
  C:\Windows\System\dDIfeJS.exe
  2⤵
  PID:1592
- C:\Windows\System\PXoGtlb.exe
  C:\Windows\System\PXoGtlb.exe
  2⤵
  PID:2320
- C:\Windows\System\aDyzFZi.exe
  C:\Windows\System\aDyzFZi.exe
  2⤵
  PID:3076
- C:\Windows\System\qGpHlVE.exe
  C:\Windows\System\qGpHlVE.exe
  2⤵
  PID:3092
- C:\Windows\System\rIuoiss.exe
  C:\Windows\System\rIuoiss.exe
  2⤵
  PID:3108
- C:\Windows\System\VkmdJQl.exe
  C:\Windows\System\VkmdJQl.exe
  2⤵
  PID:3132
- C:\Windows\System\zutHtXp.exe
  C:\Windows\System\zutHtXp.exe
  2⤵
  PID:3152
- C:\Windows\System\yFVbcIR.exe
  C:\Windows\System\yFVbcIR.exe
  2⤵
  PID:3168
- C:\Windows\System\KSJCOYG.exe
  C:\Windows\System\KSJCOYG.exe
  2⤵
  PID:3184
- C:\Windows\System\eDagDDv.exe
  C:\Windows\System\eDagDDv.exe
  2⤵
  PID:3208
- C:\Windows\System\GHxQgJj.exe
  C:\Windows\System\GHxQgJj.exe
  2⤵
  PID:3240
- C:\Windows\System\WseJpWO.exe
  C:\Windows\System\WseJpWO.exe
  2⤵
  PID:3260
- C:\Windows\System\YoZSlRr.exe
  C:\Windows\System\YoZSlRr.exe
  2⤵
  PID:3276
- C:\Windows\System\guqtKKc.exe
  C:\Windows\System\guqtKKc.exe
  2⤵
  PID:3296
- C:\Windows\System\RYFlpxz.exe
  C:\Windows\System\RYFlpxz.exe
  2⤵
  PID:3320
- C:\Windows\System\FAVkUvy.exe
  C:\Windows\System\FAVkUvy.exe
  2⤵
  PID:3340
- C:\Windows\System\eklbfBy.exe
  C:\Windows\System\eklbfBy.exe
  2⤵
  PID:3356
- C:\Windows\System\SgFyHJJ.exe
  C:\Windows\System\SgFyHJJ.exe
  2⤵
  PID:3376
- C:\Windows\System\teHDFDP.exe
  C:\Windows\System\teHDFDP.exe
  2⤵
  PID:3396
- C:\Windows\System\PErAutg.exe
  C:\Windows\System\PErAutg.exe
  2⤵
  PID:3416
- C:\Windows\System\UVCvbLD.exe
  C:\Windows\System\UVCvbLD.exe
  2⤵
  PID:3436
- C:\Windows\System\dAQLrGS.exe
  C:\Windows\System\dAQLrGS.exe
  2⤵
  PID:3460
- C:\Windows\System\TeKUXwK.exe
  C:\Windows\System\TeKUXwK.exe
  2⤵
  PID:3480
- C:\Windows\System\WfFrKAQ.exe
  C:\Windows\System\WfFrKAQ.exe
  2⤵
  PID:3500
- C:\Windows\System\lFjqTJa.exe
  C:\Windows\System\lFjqTJa.exe
  2⤵
  PID:3520
- C:\Windows\System\SEbwFUD.exe
  C:\Windows\System\SEbwFUD.exe
  2⤵
  PID:3540
- C:\Windows\System\IRMntvS.exe
  C:\Windows\System\IRMntvS.exe
  2⤵
  PID:3556
- C:\Windows\System\MWzHKwP.exe
  C:\Windows\System\MWzHKwP.exe
  2⤵
  PID:3576
- C:\Windows\System\hHIKHxo.exe
  C:\Windows\System\hHIKHxo.exe
  2⤵
  PID:3596
- C:\Windows\System\gjIQAwo.exe
  C:\Windows\System\gjIQAwo.exe
  2⤵
  PID:3616
- C:\Windows\System\KAGvtac.exe
  C:\Windows\System\KAGvtac.exe
  2⤵
  PID:3636
- C:\Windows\System\NKGwkvH.exe
  C:\Windows\System\NKGwkvH.exe
  2⤵
  PID:3656
- C:\Windows\System\eRBKupR.exe
  C:\Windows\System\eRBKupR.exe
  2⤵
  PID:3680
- C:\Windows\System\cTqFLxV.exe
  C:\Windows\System\cTqFLxV.exe
  2⤵
  PID:3696
- C:\Windows\System\UobDvVu.exe
  C:\Windows\System\UobDvVu.exe
  2⤵
  PID:3716
- C:\Windows\System\rmLqesp.exe
  C:\Windows\System\rmLqesp.exe
  2⤵
  PID:3732
- C:\Windows\System\oYiTAln.exe
  C:\Windows\System\oYiTAln.exe
  2⤵
  PID:3760
- C:\Windows\System\PAapIcg.exe
  C:\Windows\System\PAapIcg.exe
  2⤵
  PID:3776
- C:\Windows\System\RezwfvY.exe
  C:\Windows\System\RezwfvY.exe
  2⤵
  PID:3796
- C:\Windows\System\egSsFwc.exe
  C:\Windows\System\egSsFwc.exe
  2⤵
  PID:3816
- C:\Windows\System\lBKcCEj.exe
  C:\Windows\System\lBKcCEj.exe
  2⤵
  PID:3840
- C:\Windows\System\cKWpReP.exe
  C:\Windows\System\cKWpReP.exe
  2⤵
  PID:3860
- C:\Windows\System\mnZblOM.exe
  C:\Windows\System\mnZblOM.exe
  2⤵
  PID:3876
- C:\Windows\System\GxajoNE.exe
  C:\Windows\System\GxajoNE.exe
  2⤵
  PID:3896
- C:\Windows\System\OkdcaCd.exe
  C:\Windows\System\OkdcaCd.exe
  2⤵
  PID:3924
- C:\Windows\System\SOgDyBa.exe
  C:\Windows\System\SOgDyBa.exe
  2⤵
  PID:3944
- C:\Windows\System\vCDDKbW.exe
  C:\Windows\System\vCDDKbW.exe
  2⤵
  PID:3960
- C:\Windows\System\mMYJEBS.exe
  C:\Windows\System\mMYJEBS.exe
  2⤵
  PID:3980
- C:\Windows\System\rSRbuud.exe
  C:\Windows\System\rSRbuud.exe
  2⤵
  PID:4000
- C:\Windows\System\tHlyIsN.exe
  C:\Windows\System\tHlyIsN.exe
  2⤵
  PID:4024
- C:\Windows\System\nWzAwrx.exe
  C:\Windows\System\nWzAwrx.exe
  2⤵
  PID:4040
- C:\Windows\System\ZvvHZAL.exe
  C:\Windows\System\ZvvHZAL.exe
  2⤵
  PID:4064
- C:\Windows\System\HyuDxlM.exe
  C:\Windows\System\HyuDxlM.exe
  2⤵
  PID:4084
- C:\Windows\System\RMsUhKY.exe
  C:\Windows\System\RMsUhKY.exe
  2⤵
  PID:1000
- C:\Windows\System\mIlnHWW.exe
  C:\Windows\System\mIlnHWW.exe
  2⤵
  PID:3008
- C:\Windows\System\uNwtEjV.exe
  C:\Windows\System\uNwtEjV.exe
  2⤵
  PID:2112
- C:\Windows\System\RBjrxjC.exe
  C:\Windows\System\RBjrxjC.exe
  2⤵
  PID:2464
- C:\Windows\System\BKsIlrr.exe
  C:\Windows\System\BKsIlrr.exe
  2⤵
  PID:1996
- C:\Windows\System\HwBTqIz.exe
  C:\Windows\System\HwBTqIz.exe
  2⤵
  PID:2900
- C:\Windows\System\UHakuAV.exe
  C:\Windows\System\UHakuAV.exe
  2⤵
  PID:2492
- C:\Windows\System\qGofepO.exe
  C:\Windows\System\qGofepO.exe
  2⤵
  PID:1628
- C:\Windows\System\ZLbDgbm.exe
  C:\Windows\System\ZLbDgbm.exe
  2⤵
  PID:1444
- C:\Windows\System\yayQlTQ.exe
  C:\Windows\System\yayQlTQ.exe
  2⤵
  PID:1480
- C:\Windows\System\jjMgCDV.exe
  C:\Windows\System\jjMgCDV.exe
  2⤵
  PID:2380
- C:\Windows\System\YmbTbSl.exe
  C:\Windows\System\YmbTbSl.exe
  2⤵
  PID:1788
- C:\Windows\System\frjuzlZ.exe
  C:\Windows\System\frjuzlZ.exe
  2⤵
  PID:3128
- C:\Windows\System\PRWyFBz.exe
  C:\Windows\System\PRWyFBz.exe
  2⤵
  PID:2040
- C:\Windows\System\DJiZxnq.exe
  C:\Windows\System\DJiZxnq.exe
  2⤵
  PID:3248
- C:\Windows\System\RZTSFDF.exe
  C:\Windows\System\RZTSFDF.exe
  2⤵
  PID:3100
- C:\Windows\System\HjMrMRj.exe
  C:\Windows\System\HjMrMRj.exe
  2⤵
  PID:3216
- C:\Windows\System\RuUAyDN.exe
  C:\Windows\System\RuUAyDN.exe
  2⤵
  PID:3268
- C:\Windows\System\eGQgZPE.exe
  C:\Windows\System\eGQgZPE.exe
  2⤵
  PID:3272
- C:\Windows\System\AuIfZbM.exe
  C:\Windows\System\AuIfZbM.exe
  2⤵
  PID:3304
- C:\Windows\System\jnkgjfv.exe
  C:\Windows\System\jnkgjfv.exe
  2⤵
  PID:3364
- C:\Windows\System\dXYNkYe.exe
  C:\Windows\System\dXYNkYe.exe
  2⤵
  PID:3404
- C:\Windows\System\jzSZave.exe
  C:\Windows\System\jzSZave.exe
  2⤵
  PID:3424
- C:\Windows\System\WqYnNBx.exe
  C:\Windows\System\WqYnNBx.exe
  2⤵
  PID:3452
- C:\Windows\System\FhoyRLg.exe
  C:\Windows\System\FhoyRLg.exe
  2⤵
  PID:3476
- C:\Windows\System\WAhMWBj.exe
  C:\Windows\System\WAhMWBj.exe
  2⤵
  PID:3508
- C:\Windows\System\XEyCQkb.exe
  C:\Windows\System\XEyCQkb.exe
  2⤵
  PID:3552
- C:\Windows\System\FFxIjth.exe
  C:\Windows\System\FFxIjth.exe
  2⤵
  PID:3604
- C:\Windows\System\tCbPdQc.exe
  C:\Windows\System\tCbPdQc.exe
  2⤵
  PID:3624
- C:\Windows\System\IoKaect.exe
  C:\Windows\System\IoKaect.exe
  2⤵
  PID:3644
- C:\Windows\System\pUxDdAm.exe
  C:\Windows\System\pUxDdAm.exe
  2⤵
  PID:3672
- C:\Windows\System\tVbDMpN.exe
  C:\Windows\System\tVbDMpN.exe
  2⤵
  PID:3704
- C:\Windows\System\opLahtA.exe
  C:\Windows\System\opLahtA.exe
  2⤵
  PID:3740
- C:\Windows\System\RueBnNV.exe
  C:\Windows\System\RueBnNV.exe
  2⤵
  PID:3768
- C:\Windows\System\hpiLYsI.exe
  C:\Windows\System\hpiLYsI.exe
  2⤵
  PID:3784
- C:\Windows\System\nKyjnOP.exe
  C:\Windows\System\nKyjnOP.exe
  2⤵
  PID:3812
- C:\Windows\System\UICcfii.exe
  C:\Windows\System\UICcfii.exe
  2⤵
  PID:3884
- C:\Windows\System\yfvRbgY.exe
  C:\Windows\System\yfvRbgY.exe
  2⤵
  PID:3836
- C:\Windows\System\bXVHsUk.exe
  C:\Windows\System\bXVHsUk.exe
  2⤵
  PID:3912
- C:\Windows\System\lSBAAjL.exe
  C:\Windows\System\lSBAAjL.exe
  2⤵
  PID:3936
- C:\Windows\System\xnVSpLq.exe
  C:\Windows\System\xnVSpLq.exe
  2⤵
  PID:4008
- C:\Windows\System\sBbeufs.exe
  C:\Windows\System\sBbeufs.exe
  2⤵
  PID:4036
- C:\Windows\System\qbGTWmq.exe
  C:\Windows\System\qbGTWmq.exe
  2⤵
  PID:4080
- C:\Windows\System\HHYvorG.exe
  C:\Windows\System\HHYvorG.exe
  2⤵
  PID:2600
- C:\Windows\System\qpowogr.exe
  C:\Windows\System\qpowogr.exe
  2⤵
  PID:2820
- C:\Windows\System\vtXnHFo.exe
  C:\Windows\System\vtXnHFo.exe
  2⤵
  PID:828
- C:\Windows\System\MdRTDjp.exe
  C:\Windows\System\MdRTDjp.exe
  2⤵
  PID:1732
- C:\Windows\System\iJtwMxN.exe
  C:\Windows\System\iJtwMxN.exe
  2⤵
  PID:2732
- C:\Windows\System\suIzDBS.exe
  C:\Windows\System\suIzDBS.exe
  2⤵
  PID:2152
- C:\Windows\System\xNliTSA.exe
  C:\Windows\System\xNliTSA.exe
  2⤵
  PID:1516
- C:\Windows\System\FIUCmzz.exe
  C:\Windows\System\FIUCmzz.exe
  2⤵
  PID:3140
- C:\Windows\System\MmrUmdh.exe
  C:\Windows\System\MmrUmdh.exe
  2⤵
  PID:3284
- C:\Windows\System\ttEQRqg.exe
  C:\Windows\System\ttEQRqg.exe
  2⤵
  PID:3164
- C:\Windows\System\TkOYzXt.exe
  C:\Windows\System\TkOYzXt.exe
  2⤵
  PID:3408
- C:\Windows\System\BOvvMuo.exe
  C:\Windows\System\BOvvMuo.exe
  2⤵
  PID:3448
- C:\Windows\System\FDjAdkW.exe
  C:\Windows\System\FDjAdkW.exe
  2⤵
  PID:3496
- C:\Windows\System\ErXQXsp.exe
  C:\Windows\System\ErXQXsp.exe
  2⤵
  PID:3588
- C:\Windows\System\MqnsMro.exe
  C:\Windows\System\MqnsMro.exe
  2⤵
  PID:3336
- C:\Windows\System\tYjDGwo.exe
  C:\Windows\System\tYjDGwo.exe
  2⤵
  PID:3668
- C:\Windows\System\qGViLqI.exe
  C:\Windows\System\qGViLqI.exe
  2⤵
  PID:3804
- C:\Windows\System\eTRTdqX.exe
  C:\Windows\System\eTRTdqX.exe
  2⤵
  PID:3348
- C:\Windows\System\ZXhIFbj.exe
  C:\Windows\System\ZXhIFbj.exe
  2⤵
  PID:3428
- C:\Windows\System\HDCcSIi.exe
  C:\Windows\System\HDCcSIi.exe
  2⤵
  PID:3516
- C:\Windows\System\IOfNWAY.exe
  C:\Windows\System\IOfNWAY.exe
  2⤵
  PID:3908
- C:\Windows\System\nYzZDSe.exe
  C:\Windows\System\nYzZDSe.exe
  2⤵
  PID:3952
- C:\Windows\System\mSTHpJp.exe
  C:\Windows\System\mSTHpJp.exe
  2⤵
  PID:3832
- C:\Windows\System\kuJGanp.exe
  C:\Windows\System\kuJGanp.exe
  2⤵
  PID:2952
- C:\Windows\System\fQIzLii.exe
  C:\Windows\System\fQIzLii.exe
  2⤵
  PID:3932
- C:\Windows\System\XyYnxdk.exe
  C:\Windows\System\XyYnxdk.exe
  2⤵
  PID:3584
- C:\Windows\System\bHdkmjX.exe
  C:\Windows\System\bHdkmjX.exe
  2⤵
  PID:3444
- C:\Windows\System\JuSNvjZ.exe
  C:\Windows\System\JuSNvjZ.exe
  2⤵
  PID:3956
- C:\Windows\System\onUNpmX.exe
  C:\Windows\System\onUNpmX.exe
  2⤵
  PID:4052
- C:\Windows\System\fcWBPwf.exe
  C:\Windows\System\fcWBPwf.exe
  2⤵
  PID:4072
- C:\Windows\System\gWDJXqJ.exe
  C:\Windows\System\gWDJXqJ.exe
  2⤵
  PID:1584
- C:\Windows\System\edSjCoO.exe
  C:\Windows\System\edSjCoO.exe
  2⤵
  PID:3748
- C:\Windows\System\cHqRdHW.exe
  C:\Windows\System\cHqRdHW.exe
  2⤵
  PID:1700
- C:\Windows\System\UGcKmrq.exe
  C:\Windows\System\UGcKmrq.exe
  2⤵
  PID:3332
- C:\Windows\System\hMFrtRV.exe
  C:\Windows\System\hMFrtRV.exe
  2⤵
  PID:3388
- C:\Windows\System\YxEwjWz.exe
  C:\Windows\System\YxEwjWz.exe
  2⤵
  PID:3728
- C:\Windows\System\PNOZCjk.exe
  C:\Windows\System\PNOZCjk.exe
  2⤵
  PID:3904
- C:\Windows\System\XQaTLBi.exe
  C:\Windows\System\XQaTLBi.exe
  2⤵
  PID:3632
- C:\Windows\System\bGUaJld.exe
  C:\Windows\System\bGUaJld.exe
  2⤵
  PID:1868
- C:\Windows\System\kSOHqaP.exe
  C:\Windows\System\kSOHqaP.exe
  2⤵
  PID:3916
- C:\Windows\System\koDqLuo.exe
  C:\Windows\System\koDqLuo.exe
  2⤵
  PID:3200
- C:\Windows\System\AdXNAEu.exe
  C:\Windows\System\AdXNAEu.exe
  2⤵
  PID:3392
- C:\Windows\System\ruiOYzq.exe
  C:\Windows\System\ruiOYzq.exe
  2⤵
  PID:3652
- C:\Windows\System\YhqJmyd.exe
  C:\Windows\System\YhqJmyd.exe
  2⤵
  PID:3792
- C:\Windows\System\AvBkPmh.exe
  C:\Windows\System\AvBkPmh.exe
  2⤵
  PID:4112
- C:\Windows\System\EmwHQsp.exe
  C:\Windows\System\EmwHQsp.exe
  2⤵
  PID:4136
- C:\Windows\System\fcqPNyP.exe
  C:\Windows\System\fcqPNyP.exe
  2⤵
  PID:4152
- C:\Windows\System\jVKrshI.exe
  C:\Windows\System\jVKrshI.exe
  2⤵
  PID:4176
- C:\Windows\System\GYtUkRq.exe
  C:\Windows\System\GYtUkRq.exe
  2⤵
  PID:4208
- C:\Windows\System\LQhAtFG.exe
  C:\Windows\System\LQhAtFG.exe
  2⤵
  PID:4228
- C:\Windows\System\pPgPOts.exe
  C:\Windows\System\pPgPOts.exe
  2⤵
  PID:4248
- C:\Windows\System\rwtezVD.exe
  C:\Windows\System\rwtezVD.exe
  2⤵
  PID:4268
- C:\Windows\System\SttQSxr.exe
  C:\Windows\System\SttQSxr.exe
  2⤵
  PID:4284
- C:\Windows\System\dsCYnQm.exe
  C:\Windows\System\dsCYnQm.exe
  2⤵
  PID:4300
- C:\Windows\System\ISmCUPU.exe
  C:\Windows\System\ISmCUPU.exe
  2⤵
  PID:4316
- C:\Windows\System\asvqmYl.exe
  C:\Windows\System\asvqmYl.exe
  2⤵
  PID:4332
- C:\Windows\System\TukTAvN.exe
  C:\Windows\System\TukTAvN.exe
  2⤵
  PID:4348
- C:\Windows\System\SYqZcNd.exe
  C:\Windows\System\SYqZcNd.exe
  2⤵
  PID:4364
- C:\Windows\System\HeZCNZa.exe
  C:\Windows\System\HeZCNZa.exe
  2⤵
  PID:4380
- C:\Windows\System\yjUVAZo.exe
  C:\Windows\System\yjUVAZo.exe
  2⤵
  PID:4396
- C:\Windows\System\wtoOufE.exe
  C:\Windows\System\wtoOufE.exe
  2⤵
  PID:4412
- C:\Windows\System\HaFLOSx.exe
  C:\Windows\System\HaFLOSx.exe
  2⤵
  PID:4428
- C:\Windows\System\yueJoCY.exe
  C:\Windows\System\yueJoCY.exe
  2⤵
  PID:4444
- C:\Windows\System\iZmgoVR.exe
  C:\Windows\System\iZmgoVR.exe
  2⤵
  PID:4464
- C:\Windows\System\fuOmeMr.exe
  C:\Windows\System\fuOmeMr.exe
  2⤵
  PID:4500
- C:\Windows\System\dbrFnRL.exe
  C:\Windows\System\dbrFnRL.exe
  2⤵
  PID:4520
- C:\Windows\System\tzJaeJa.exe
  C:\Windows\System\tzJaeJa.exe
  2⤵
  PID:4540
- C:\Windows\System\oYElufU.exe
  C:\Windows\System\oYElufU.exe
  2⤵
  PID:4584
- C:\Windows\System\olIRCOS.exe
  C:\Windows\System\olIRCOS.exe
  2⤵
  PID:4600
- C:\Windows\System\AJmFeRK.exe
  C:\Windows\System\AJmFeRK.exe
  2⤵
  PID:4620
- C:\Windows\System\VnXMFLn.exe
  C:\Windows\System\VnXMFLn.exe
  2⤵
  PID:4636
- C:\Windows\System\meSDTBM.exe
  C:\Windows\System\meSDTBM.exe
  2⤵
  PID:4656
- C:\Windows\System\lpXuDCb.exe
  C:\Windows\System\lpXuDCb.exe
  2⤵
  PID:4672
- C:\Windows\System\Fscrrxs.exe
  C:\Windows\System\Fscrrxs.exe
  2⤵
  PID:4688
- C:\Windows\System\tHxbRPM.exe
  C:\Windows\System\tHxbRPM.exe
  2⤵
  PID:4704
- C:\Windows\System\YabXHTq.exe
  C:\Windows\System\YabXHTq.exe
  2⤵
  PID:4720
- C:\Windows\System\FqeduAa.exe
  C:\Windows\System\FqeduAa.exe
  2⤵
  PID:4736
- C:\Windows\System\sIBfcLE.exe
  C:\Windows\System\sIBfcLE.exe
  2⤵
  PID:4764
- C:\Windows\System\RNJNQOh.exe
  C:\Windows\System\RNJNQOh.exe
  2⤵
  PID:4784
- C:\Windows\System\juAjkOY.exe
  C:\Windows\System\juAjkOY.exe
  2⤵
  PID:4804
- C:\Windows\System\CUoPwCV.exe
  C:\Windows\System\CUoPwCV.exe
  2⤵
  PID:4824
- C:\Windows\System\GKbMVtw.exe
  C:\Windows\System\GKbMVtw.exe
  2⤵
  PID:4840
- C:\Windows\System\VlqfSwX.exe
  C:\Windows\System\VlqfSwX.exe
  2⤵
  PID:4856
- C:\Windows\System\lvKWQZt.exe
  C:\Windows\System\lvKWQZt.exe
  2⤵
  PID:4872
- C:\Windows\System\xNJIyQW.exe
  C:\Windows\System\xNJIyQW.exe
  2⤵
  PID:4892
- C:\Windows\System\HOhQpwM.exe
  C:\Windows\System\HOhQpwM.exe
  2⤵
  PID:4908
- C:\Windows\System\KwaFKSi.exe
  C:\Windows\System\KwaFKSi.exe
  2⤵
  PID:4924
- C:\Windows\System\nghTcaf.exe
  C:\Windows\System\nghTcaf.exe
  2⤵
  PID:4940
- C:\Windows\System\wkojiJu.exe
  C:\Windows\System\wkojiJu.exe
  2⤵
  PID:4956
- C:\Windows\System\lFpSjdY.exe
  C:\Windows\System\lFpSjdY.exe
  2⤵
  PID:4972
- C:\Windows\System\NzFJyBk.exe
  C:\Windows\System\NzFJyBk.exe
  2⤵
  PID:4988
- C:\Windows\System\eEYGzvs.exe
  C:\Windows\System\eEYGzvs.exe
  2⤵
  PID:5004
- C:\Windows\System\KAhTWNg.exe
  C:\Windows\System\KAhTWNg.exe
  2⤵
  PID:5020
- C:\Windows\System\CcItyop.exe
  C:\Windows\System\CcItyop.exe
  2⤵
  PID:5036
- C:\Windows\System\aLGbmFX.exe
  C:\Windows\System\aLGbmFX.exe
  2⤵
  PID:5052
- C:\Windows\System\vAHwqNg.exe
  C:\Windows\System\vAHwqNg.exe
  2⤵
  PID:5068
- C:\Windows\System\XdYmrIo.exe
  C:\Windows\System\XdYmrIo.exe
  2⤵
  PID:5084
- C:\Windows\System\FOqqknO.exe
  C:\Windows\System\FOqqknO.exe
  2⤵
  PID:5100
- C:\Windows\System\OBDYkEL.exe
  C:\Windows\System\OBDYkEL.exe
  2⤵
  PID:5116
- C:\Windows\System\VTrEjvn.exe
  C:\Windows\System\VTrEjvn.exe
  2⤵
  PID:4020
- C:\Windows\System\pBOctJH.exe
  C:\Windows\System\pBOctJH.exe
  2⤵
  PID:3224
- C:\Windows\System\CSLamlm.exe
  C:\Windows\System\CSLamlm.exe
  2⤵
  PID:2360
- C:\Windows\System\KWqIKQI.exe
  C:\Windows\System\KWqIKQI.exe
  2⤵
  PID:3724
- C:\Windows\System\ZibGTkA.exe
  C:\Windows\System\ZibGTkA.exe
  2⤵
  PID:3472
- C:\Windows\System\WwwYScl.exe
  C:\Windows\System\WwwYScl.exe
  2⤵
  PID:4160
- C:\Windows\System\tozqTkj.exe
  C:\Windows\System\tozqTkj.exe
  2⤵
  PID:4224
- C:\Windows\System\WRDUYhX.exe
  C:\Windows\System\WRDUYhX.exe
  2⤵
  PID:4324
- C:\Windows\System\hHAJkWD.exe
  C:\Windows\System\hHAJkWD.exe
  2⤵
  PID:3568
- C:\Windows\System\CgWdyJl.exe
  C:\Windows\System\CgWdyJl.exe
  2⤵
  PID:4104
- C:\Windows\System\hRUZTQH.exe
  C:\Windows\System\hRUZTQH.exe
  2⤵
  PID:4144
- C:\Windows\System\UfozSGm.exe
  C:\Windows\System\UfozSGm.exe
  2⤵
  PID:3548
- C:\Windows\System\ljCDpBe.exe
  C:\Windows\System\ljCDpBe.exe
  2⤵
  PID:4424
- C:\Windows\System\ttPLFhD.exe
  C:\Windows\System\ttPLFhD.exe
  2⤵
  PID:4192
- C:\Windows\System\qpdlozr.exe
  C:\Windows\System\qpdlozr.exe
  2⤵
  PID:4512
- C:\Windows\System\UtBLDVI.exe
  C:\Windows\System\UtBLDVI.exe
  2⤵
  PID:4560
- C:\Windows\System\pEVeuwY.exe
  C:\Windows\System\pEVeuwY.exe
  2⤵
  PID:4576
- C:\Windows\System\rMgBeWH.exe
  C:\Windows\System\rMgBeWH.exe
  2⤵
  PID:4616
- C:\Windows\System\oZgAhLB.exe
  C:\Windows\System\oZgAhLB.exe
  2⤵
  PID:4680
- C:\Windows\System\eyQfwKN.exe
  C:\Windows\System\eyQfwKN.exe
  2⤵
  PID:4744
- C:\Windows\System\MVbYgjj.exe
  C:\Windows\System\MVbYgjj.exe
  2⤵
  PID:4760
- C:\Windows\System\kLWiZwl.exe
  C:\Windows\System\kLWiZwl.exe
  2⤵
  PID:4832
- C:\Windows\System\MXQSHNL.exe
  C:\Windows\System\MXQSHNL.exe
  2⤵
  PID:4900
- C:\Windows\System\yTOBLZm.exe
  C:\Windows\System\yTOBLZm.exe
  2⤵
  PID:4968
- C:\Windows\System\tDPiKEz.exe
  C:\Windows\System\tDPiKEz.exe
  2⤵
  PID:4596
- C:\Windows\System\wkUdiMo.exe
  C:\Windows\System\wkUdiMo.exe
  2⤵
  PID:4488
- C:\Windows\System\DCxyTUW.exe
  C:\Windows\System\DCxyTUW.exe
  2⤵
  PID:4532
- C:\Windows\System\QqppdbS.exe
  C:\Windows\System\QqppdbS.exe
  2⤵
  PID:4376
- C:\Windows\System\UdRlfDO.exe
  C:\Windows\System\UdRlfDO.exe
  2⤵
  PID:4628
- C:\Windows\System\dHYUkgi.exe
  C:\Windows\System\dHYUkgi.exe
  2⤵
  PID:4728
- C:\Windows\System\IwnykoP.exe
  C:\Windows\System\IwnykoP.exe
  2⤵
  PID:4916
- C:\Windows\System\QCbUaMF.exe
  C:\Windows\System\QCbUaMF.exe
  2⤵
  PID:4172
- C:\Windows\System\xvrPPpW.exe
  C:\Windows\System\xvrPPpW.exe
  2⤵
  PID:3124
- C:\Windows\System\GhsSqBK.exe
  C:\Windows\System\GhsSqBK.exe
  2⤵
  PID:4420
- C:\Windows\System\FiqRiEu.exe
  C:\Windows\System\FiqRiEu.exe
  2⤵
  PID:4508
- C:\Windows\System\lsPThNC.exe
  C:\Windows\System\lsPThNC.exe
  2⤵
  PID:4652
- C:\Windows\System\BubTobt.exe
  C:\Windows\System\BubTobt.exe
  2⤵
  PID:4868
- C:\Windows\System\wxOUcev.exe
  C:\Windows\System\wxOUcev.exe
  2⤵
  PID:5032
- C:\Windows\System\XKcbEtQ.exe
  C:\Windows\System\XKcbEtQ.exe
  2⤵
  PID:4340
- C:\Windows\System\egENzgQ.exe
  C:\Windows\System\egENzgQ.exe
  2⤵
  PID:4296
- C:\Windows\System\HaXswSk.exe
  C:\Windows\System\HaXswSk.exe
  2⤵
  PID:408
- C:\Windows\System\NZyLlWK.exe
  C:\Windows\System\NZyLlWK.exe
  2⤵
  PID:4460
- C:\Windows\System\KMWVdxF.exe
  C:\Windows\System\KMWVdxF.exe
  2⤵
  PID:4608
- C:\Windows\System\mVIveae.exe
  C:\Windows\System\mVIveae.exe
  2⤵
  PID:4796
- C:\Windows\System\iJVyzQl.exe
  C:\Windows\System\iJVyzQl.exe
  2⤵
  PID:4964
- C:\Windows\System\IzqnNaL.exe
  C:\Windows\System\IzqnNaL.exe
  2⤵
  PID:4408
- C:\Windows\System\zVFyCqt.exe
  C:\Windows\System\zVFyCqt.exe
  2⤵
  PID:3232
- C:\Windows\System\jpnYKgs.exe
  C:\Windows\System\jpnYKgs.exe
  2⤵
  PID:3512
- C:\Windows\System\zmTYJlr.exe
  C:\Windows\System\zmTYJlr.exe
  2⤵
  PID:5076
- C:\Windows\System\eMxIjGE.exe
  C:\Windows\System\eMxIjGE.exe
  2⤵
  PID:5012
- C:\Windows\System\JRmtvjY.exe
  C:\Windows\System\JRmtvjY.exe
  2⤵
  PID:2248
- C:\Windows\System\HpDLNoY.exe
  C:\Windows\System\HpDLNoY.exe
  2⤵
  PID:4668
- C:\Windows\System\tIxCexy.exe
  C:\Windows\System\tIxCexy.exe
  2⤵
  PID:5064
- C:\Windows\System\DeTBIXA.exe
  C:\Windows\System\DeTBIXA.exe
  2⤵
  PID:1816
- C:\Windows\System\rdbCnqM.exe
  C:\Windows\System\rdbCnqM.exe
  2⤵
  PID:3024
- C:\Windows\System\NtfvuDu.exe
  C:\Windows\System\NtfvuDu.exe
  2⤵
  PID:4820
- C:\Windows\System\UlKIcsf.exe
  C:\Windows\System\UlKIcsf.exe
  2⤵
  PID:3988
- C:\Windows\System\AFYGWBo.exe
  C:\Windows\System\AFYGWBo.exe
  2⤵
  PID:3352
- C:\Windows\System\IpwkxsY.exe
  C:\Windows\System\IpwkxsY.exe
  2⤵
  PID:4852
- C:\Windows\System\kbKdknv.exe
  C:\Windows\System\kbKdknv.exe
  2⤵
  PID:4440
- C:\Windows\System\utADnVn.exe
  C:\Windows\System\utADnVn.exe
  2⤵
  PID:4292
- C:\Windows\System\IRJdZlM.exe
  C:\Windows\System\IRJdZlM.exe
  2⤵
  PID:4308
- C:\Windows\System\KtcDEoy.exe
  C:\Windows\System\KtcDEoy.exe
  2⤵
  PID:3468
- C:\Windows\System\QnszYjX.exe
  C:\Windows\System\QnszYjX.exe
  2⤵
  PID:4952
- C:\Windows\System\mGgphCb.exe
  C:\Windows\System\mGgphCb.exe
  2⤵
  PID:4480
- C:\Windows\System\vFXAyFo.exe
  C:\Windows\System\vFXAyFo.exe
  2⤵
  PID:5080
- C:\Windows\System\iqLHBEj.exe
  C:\Windows\System\iqLHBEj.exe
  2⤵
  PID:3612
- C:\Windows\System\EhQfBJB.exe
  C:\Windows\System\EhQfBJB.exe
  2⤵
  PID:4700
- C:\Windows\System\jBgWFKy.exe
  C:\Windows\System\jBgWFKy.exe
  2⤵
  PID:4012
- C:\Windows\System\vFRFNTb.exe
  C:\Windows\System\vFRFNTb.exe
  2⤵
  PID:3852
- C:\Windows\System\eWQoRcU.exe
  C:\Windows\System\eWQoRcU.exe
  2⤵
  PID:4264
- C:\Windows\System\IHEqYfm.exe
  C:\Windows\System\IHEqYfm.exe
  2⤵
  PID:5096
- C:\Windows\System\TBfHLcs.exe
  C:\Windows\System\TBfHLcs.exe
  2⤵
  PID:4556
- C:\Windows\System\IBFXgGs.exe
  C:\Windows\System\IBFXgGs.exe
  2⤵
  PID:4188
- C:\Windows\System\MFSzmAe.exe
  C:\Windows\System\MFSzmAe.exe
  2⤵
  PID:3856
- C:\Windows\System\tqoXxCk.exe
  C:\Windows\System\tqoXxCk.exe
  2⤵
  PID:3692
- C:\Windows\System\dYcRptJ.exe
  C:\Windows\System\dYcRptJ.exe
  2⤵
  PID:3084
- C:\Windows\System\bbBUekZ.exe
  C:\Windows\System\bbBUekZ.exe
  2⤵
  PID:4712
- C:\Windows\System\BaeYEfL.exe
  C:\Windows\System\BaeYEfL.exe
  2⤵
  PID:1912
- C:\Windows\System\hrdSoUl.exe
  C:\Windows\System\hrdSoUl.exe
  2⤵
  PID:4932
- C:\Windows\System\rPDPUYL.exe
  C:\Windows\System\rPDPUYL.exe
  2⤵
  PID:4280
- C:\Windows\System\oGkPFxG.exe
  C:\Windows\System\oGkPFxG.exe
  2⤵
  PID:4772
- C:\Windows\System\ZDgvbZC.exe
  C:\Windows\System\ZDgvbZC.exe
  2⤵
  PID:5124
- C:\Windows\System\UtreNQq.exe
  C:\Windows\System\UtreNQq.exe
  2⤵
  PID:5144
- C:\Windows\System\BUuEOZC.exe
  C:\Windows\System\BUuEOZC.exe
  2⤵
  PID:5160
- C:\Windows\System\geObxQF.exe
  C:\Windows\System\geObxQF.exe
  2⤵
  PID:5180
- C:\Windows\System\eKexITX.exe
  C:\Windows\System\eKexITX.exe
  2⤵
  PID:5196
- C:\Windows\System\siqfthS.exe
  C:\Windows\System\siqfthS.exe
  2⤵
  PID:5212
- C:\Windows\System\BHUlHwJ.exe
  C:\Windows\System\BHUlHwJ.exe
  2⤵
  PID:5228
- C:\Windows\System\EvZoNDw.exe
  C:\Windows\System\EvZoNDw.exe
  2⤵
  PID:5248
- C:\Windows\System\iwHBMar.exe
  C:\Windows\System\iwHBMar.exe
  2⤵
  PID:5264
- C:\Windows\System\iiaSMds.exe
  C:\Windows\System\iiaSMds.exe
  2⤵
  PID:5284
- C:\Windows\System\AfXUNlH.exe
  C:\Windows\System\AfXUNlH.exe
  2⤵
  PID:5300
- C:\Windows\System\dygRORa.exe
  C:\Windows\System\dygRORa.exe
  2⤵
  PID:5316
- C:\Windows\System\HINfjky.exe
  C:\Windows\System\HINfjky.exe
  2⤵
  PID:5332
- C:\Windows\System\GsQYuOu.exe
  C:\Windows\System\GsQYuOu.exe
  2⤵
  PID:5364
- C:\Windows\System\ihMyyYr.exe
  C:\Windows\System\ihMyyYr.exe
  2⤵
  PID:5380
- C:\Windows\System\QtpoUpm.exe
  C:\Windows\System\QtpoUpm.exe
  2⤵
  PID:5396
- C:\Windows\System\BtKAFEU.exe
  C:\Windows\System\BtKAFEU.exe
  2⤵
  PID:5412
- C:\Windows\System\GFUujNf.exe
  C:\Windows\System\GFUujNf.exe
  2⤵
  PID:5428
- C:\Windows\System\WfiZZFc.exe
  C:\Windows\System\WfiZZFc.exe
  2⤵
  PID:5452
- C:\Windows\System\SPAfUqH.exe
  C:\Windows\System\SPAfUqH.exe
  2⤵
  PID:5472
- C:\Windows\System\IYKLqGS.exe
  C:\Windows\System\IYKLqGS.exe
  2⤵
  PID:5488
- C:\Windows\System\NuCiqDN.exe
  C:\Windows\System\NuCiqDN.exe
  2⤵
  PID:5504
- C:\Windows\System\rJExTLo.exe
  C:\Windows\System\rJExTLo.exe
  2⤵
  PID:5520
- C:\Windows\System\JUbWeJo.exe
  C:\Windows\System\JUbWeJo.exe
  2⤵
  PID:5552
- C:\Windows\System\mJvGOTi.exe
  C:\Windows\System\mJvGOTi.exe
  2⤵
  PID:5568
- C:\Windows\System\brYyuTB.exe
  C:\Windows\System\brYyuTB.exe
  2⤵
  PID:5588
- C:\Windows\System\fnFUpGX.exe
  C:\Windows\System\fnFUpGX.exe
  2⤵
  PID:5604
- C:\Windows\System\BUwNSFq.exe
  C:\Windows\System\BUwNSFq.exe
  2⤵
  PID:5620
- C:\Windows\System\IcVRilZ.exe
  C:\Windows\System\IcVRilZ.exe
  2⤵
  PID:5636
- C:\Windows\System\bXaEvPp.exe
  C:\Windows\System\bXaEvPp.exe
  2⤵
  PID:5652
- C:\Windows\System\BCNLYhM.exe
  C:\Windows\System\BCNLYhM.exe
  2⤵
  PID:5668
- C:\Windows\System\gveYnSJ.exe
  C:\Windows\System\gveYnSJ.exe
  2⤵
  PID:5684
- C:\Windows\System\BunKiFe.exe
  C:\Windows\System\BunKiFe.exe
  2⤵
  PID:5700
- C:\Windows\System\fiApaUQ.exe
  C:\Windows\System\fiApaUQ.exe
  2⤵
  PID:5716
- C:\Windows\System\JKrEcwB.exe
  C:\Windows\System\JKrEcwB.exe
  2⤵
  PID:5732
- C:\Windows\System\YCNNLFb.exe
  C:\Windows\System\YCNNLFb.exe
  2⤵
  PID:5756
- C:\Windows\System\JLGalNO.exe
  C:\Windows\System\JLGalNO.exe
  2⤵
  PID:5776
- C:\Windows\System\LNxtjRR.exe
  C:\Windows\System\LNxtjRR.exe
  2⤵
  PID:5808
- C:\Windows\System\ZDaDjgI.exe
  C:\Windows\System\ZDaDjgI.exe
  2⤵
  PID:5824
- C:\Windows\System\WhgqnyQ.exe
  C:\Windows\System\WhgqnyQ.exe
  2⤵
  PID:5840
- C:\Windows\System\zfpBgAA.exe
  C:\Windows\System\zfpBgAA.exe
  2⤵
  PID:5856
- C:\Windows\System\aTIQUGi.exe
  C:\Windows\System\aTIQUGi.exe
  2⤵
  PID:5872
- C:\Windows\System\PXEWDRn.exe
  C:\Windows\System\PXEWDRn.exe
  2⤵
  PID:5888
- C:\Windows\System\nORoXVU.exe
  C:\Windows\System\nORoXVU.exe
  2⤵
  PID:5904
- C:\Windows\System\rPwZHTQ.exe
  C:\Windows\System\rPwZHTQ.exe
  2⤵
  PID:5924
- C:\Windows\System\JvdAYmd.exe
  C:\Windows\System\JvdAYmd.exe
  2⤵
  PID:5940
- C:\Windows\System\fkpKWqC.exe
  C:\Windows\System\fkpKWqC.exe
  2⤵
  PID:5956
- C:\Windows\System\SdNoJel.exe
  C:\Windows\System\SdNoJel.exe
  2⤵
  PID:5972
- C:\Windows\System\tLujVTG.exe
  C:\Windows\System\tLujVTG.exe
  2⤵
  PID:5988
- C:\Windows\System\jUkHvzK.exe
  C:\Windows\System\jUkHvzK.exe
  2⤵
  PID:6008
- C:\Windows\System\nljyuHq.exe
  C:\Windows\System\nljyuHq.exe
  2⤵
  PID:6024
- C:\Windows\System\ZUFIjIy.exe
  C:\Windows\System\ZUFIjIy.exe
  2⤵
  PID:6040
- C:\Windows\System\HUSLBfd.exe
  C:\Windows\System\HUSLBfd.exe
  2⤵
  PID:6056
- C:\Windows\System\Mqvakld.exe
  C:\Windows\System\Mqvakld.exe
  2⤵
  PID:6072
- C:\Windows\System\MmHwJAU.exe
  C:\Windows\System\MmHwJAU.exe
  2⤵
  PID:6088
- C:\Windows\System\ypNeBMO.exe
  C:\Windows\System\ypNeBMO.exe
  2⤵
  PID:6104
- C:\Windows\System\ZzorJEe.exe
  C:\Windows\System\ZzorJEe.exe
  2⤵
  PID:6120
- C:\Windows\System\WZwUqJx.exe
  C:\Windows\System\WZwUqJx.exe
  2⤵
  PID:2780
- C:\Windows\System\wWFKWJG.exe
  C:\Windows\System\wWFKWJG.exe
  2⤵
  PID:5224
- C:\Windows\System\ejagDXZ.exe
  C:\Windows\System\ejagDXZ.exe
  2⤵
  PID:5324
- C:\Windows\System\wuRnTIm.exe
  C:\Windows\System\wuRnTIm.exe
  2⤵
  PID:5376
- C:\Windows\System\lkMTxQA.exe
  C:\Windows\System\lkMTxQA.exe
  2⤵
  PID:5448
- C:\Windows\System\xyGcAVx.exe
  C:\Windows\System\xyGcAVx.exe
  2⤵
  PID:4572
- C:\Windows\System\plOiJGF.exe
  C:\Windows\System\plOiJGF.exe
  2⤵
  PID:2616
- C:\Windows\System\ETYdGzw.exe
  C:\Windows\System\ETYdGzw.exe
  2⤵
  PID:4592
- C:\Windows\System\vkOlhKe.exe
  C:\Windows\System\vkOlhKe.exe
  2⤵
  PID:1036
- C:\Windows\System\AdYwFwn.exe
  C:\Windows\System\AdYwFwn.exe
  2⤵
  PID:5628
- C:\Windows\System\mKmXWfL.exe
  C:\Windows\System\mKmXWfL.exe
  2⤵
  PID:4752
- C:\Windows\System\ExqfUHf.exe
  C:\Windows\System\ExqfUHf.exe
  2⤵
  PID:908
- C:\Windows\System\vGFkLkI.exe
  C:\Windows\System\vGFkLkI.exe
  2⤵
  PID:5660
- C:\Windows\System\gSHQxfW.exe
  C:\Windows\System\gSHQxfW.exe
  2⤵
  PID:5692
- C:\Windows\System\QZTIFXr.exe
  C:\Windows\System\QZTIFXr.exe
  2⤵
  PID:1644
- C:\Windows\System\nnVtZsy.exe
  C:\Windows\System\nnVtZsy.exe
  2⤵
  PID:5820
- C:\Windows\System\ZmErwhh.exe
  C:\Windows\System\ZmErwhh.exe
  2⤵
  PID:5884
- C:\Windows\System\uuNZUTW.exe
  C:\Windows\System\uuNZUTW.exe
  2⤵
  PID:5948
- C:\Windows\System\TWkFYpH.exe
  C:\Windows\System\TWkFYpH.exe
  2⤵
  PID:6016
- C:\Windows\System\OBnRoeE.exe
  C:\Windows\System\OBnRoeE.exe
  2⤵
  PID:6080
- C:\Windows\System\mTsnidz.exe
  C:\Windows\System\mTsnidz.exe
  2⤵
  PID:5464
- C:\Windows\System\YrOtEJL.exe
  C:\Windows\System\YrOtEJL.exe
  2⤵
  PID:5528
- C:\Windows\System\rwELgfs.exe
  C:\Windows\System\rwELgfs.exe
  2⤵
  PID:5540
- C:\Windows\System\jBRdlyz.exe
  C:\Windows\System\jBRdlyz.exe
  2⤵
  PID:5580
- C:\Windows\System\GmzWomg.exe
  C:\Windows\System\GmzWomg.exe
  2⤵
  PID:5644
- C:\Windows\System\WWZVvCQ.exe
  C:\Windows\System\WWZVvCQ.exe
  2⤵
  PID:5680
- C:\Windows\System\pHaexiN.exe
  C:\Windows\System\pHaexiN.exe
  2⤵
  PID:5744
- C:\Windows\System\NZFAbuA.exe
  C:\Windows\System\NZFAbuA.exe
  2⤵
  PID:5788
- C:\Windows\System\CWnBsLv.exe
  C:\Windows\System\CWnBsLv.exe
  2⤵
  PID:5804
- C:\Windows\System\yUKQjWQ.exe
  C:\Windows\System\yUKQjWQ.exe
  2⤵
  PID:5868
- C:\Windows\System\xWethyW.exe
  C:\Windows\System\xWethyW.exe
  2⤵
  PID:5936
- C:\Windows\System\AsCiAwZ.exe
  C:\Windows\System\AsCiAwZ.exe
  2⤵
  PID:6000
- C:\Windows\System\hahZVLw.exe
  C:\Windows\System\hahZVLw.exe
  2⤵
  PID:6064
- C:\Windows\System\jFocEgC.exe
  C:\Windows\System\jFocEgC.exe
  2⤵
  PID:4312
- C:\Windows\System\rPUyDoC.exe
  C:\Windows\System\rPUyDoC.exe
  2⤵
  PID:6128
- C:\Windows\System\xiigPhg.exe
  C:\Windows\System\xiigPhg.exe
  2⤵
  PID:2128
- C:\Windows\System\hOZKlKo.exe
  C:\Windows\System\hOZKlKo.exe
  2⤵
  PID:5132
- C:\Windows\System\LoYKlcc.exe
  C:\Windows\System\LoYKlcc.exe
  2⤵
  PID:5244
- C:\Windows\System\BVkJwAu.exe
  C:\Windows\System\BVkJwAu.exe
  2⤵
  PID:5360
- C:\Windows\System\DNOtgjU.exe
  C:\Windows\System\DNOtgjU.exe
  2⤵
  PID:5392
- C:\Windows\System\QvOscqX.exe
  C:\Windows\System\QvOscqX.exe
  2⤵
  PID:5312
- C:\Windows\System\LFtYHOe.exe
  C:\Windows\System\LFtYHOe.exe
  2⤵
  PID:5240
- C:\Windows\System\jXKUinn.exe
  C:\Windows\System\jXKUinn.exe
  2⤵
  PID:1580
- C:\Windows\System\PqWXVqM.exe
  C:\Windows\System\PqWXVqM.exe
  2⤵
  PID:484
- C:\Windows\System\oeqhTHe.exe
  C:\Windows\System\oeqhTHe.exe
  2⤵
  PID:2108
- C:\Windows\System\PwTahZV.exe
  C:\Windows\System\PwTahZV.exe
  2⤵
  PID:1600
- C:\Windows\System\sBEOXyy.exe
  C:\Windows\System\sBEOXyy.exe
  2⤵
  PID:2180
- C:\Windows\System\BTgtAwV.exe
  C:\Windows\System\BTgtAwV.exe
  2⤵
  PID:2116
- C:\Windows\System\lCmvuPd.exe
  C:\Windows\System\lCmvuPd.exe
  2⤵
  PID:1500
- C:\Windows\System\yYbLwwB.exe
  C:\Windows\System\yYbLwwB.exe
  2⤵
  PID:2440
- C:\Windows\System\IdMIZMh.exe
  C:\Windows\System\IdMIZMh.exe
  2⤵
  PID:1800
- C:\Windows\System\QNJznge.exe
  C:\Windows\System\QNJznge.exe
  2⤵
  PID:5260
- C:\Windows\System\stEQMML.exe
  C:\Windows\System\stEQMML.exe
  2⤵
  PID:5436
- C:\Windows\System\QdIHIwY.exe
  C:\Windows\System\QdIHIwY.exe
  2⤵
  PID:2836
- C:\Windows\System\EkURyBN.exe
  C:\Windows\System\EkURyBN.exe
  2⤵
  PID:5564
- C:\Windows\System\ySpiMCR.exe
  C:\Windows\System\ySpiMCR.exe
  2⤵
  PID:4360
- C:\Windows\System\NXJzisT.exe
  C:\Windows\System\NXJzisT.exe
  2⤵
  PID:4204
- C:\Windows\System\mjJYXIC.exe
  C:\Windows\System\mjJYXIC.exe
  2⤵
  PID:5192
- C:\Windows\System\axTuySH.exe
  C:\Windows\System\axTuySH.exe
  2⤵
  PID:5372
- C:\Windows\System\VpiKqno.exe
  C:\Windows\System\VpiKqno.exe
  2⤵
  PID:2708
- C:\Windows\System\GOiFhum.exe
  C:\Windows\System\GOiFhum.exe
  2⤵
  PID:5484
- C:\Windows\System\KLgvBtM.exe
  C:\Windows\System\KLgvBtM.exe
  2⤵
  PID:4128
- C:\Windows\System\kNCmTsn.exe
  C:\Windows\System\kNCmTsn.exe
  2⤵
  PID:5852
- C:\Windows\System\cXNOFjw.exe
  C:\Windows\System\cXNOFjw.exe
  2⤵
  PID:5424
- C:\Windows\System\jrSCClJ.exe
  C:\Windows\System\jrSCClJ.exe
  2⤵
  PID:6052
- C:\Windows\System\UpeGPoA.exe
  C:\Windows\System\UpeGPoA.exe
  2⤵
  PID:5576
- C:\Windows\System\QNGKJaC.exe
  C:\Windows\System\QNGKJaC.exe
  2⤵
  PID:5536
- C:\Windows\System\vmYaITp.exe
  C:\Windows\System\vmYaITp.exe
  2⤵
  PID:5740
- C:\Windows\System\GeKPOzX.exe
  C:\Windows\System\GeKPOzX.exe
  2⤵
  PID:5836
- C:\Windows\System\vEymedf.exe
  C:\Windows\System\vEymedf.exe
  2⤵
  PID:6036
- C:\Windows\System\rnstwQv.exe
  C:\Windows\System\rnstwQv.exe
  2⤵
  PID:5932
- C:\Windows\System\acrhZxa.exe
  C:\Windows\System\acrhZxa.exe
  2⤵
  PID:2036
- C:\Windows\System\VSTYzPQ.exe
  C:\Windows\System\VSTYzPQ.exe
  2⤵
  PID:5348
- C:\Windows\System\xDlVrSM.exe
  C:\Windows\System\xDlVrSM.exe
  2⤵
  PID:5208
- C:\Windows\System\TIkxPbN.exe
  C:\Windows\System\TIkxPbN.exe
  2⤵
  PID:2916
- C:\Windows\System\HbunNBK.exe
  C:\Windows\System\HbunNBK.exe
  2⤵
  PID:1780
- C:\Windows\System\NUjTWQD.exe
  C:\Windows\System\NUjTWQD.exe
  2⤵
  PID:2472
- C:\Windows\System\MEKfOaK.exe
  C:\Windows\System\MEKfOaK.exe
  2⤵
  PID:5560
- C:\Windows\System\hDDRoWl.exe
  C:\Windows\System\hDDRoWl.exe
  2⤵
  PID:5728
- C:\Windows\System\iAxBbRN.exe
  C:\Windows\System\iAxBbRN.exe
  2⤵
  PID:5816
- C:\Windows\System\LhrRTDl.exe
  C:\Windows\System\LhrRTDl.exe
  2⤵
  PID:5676
- C:\Windows\System\izJiHsW.exe
  C:\Windows\System\izJiHsW.exe
  2⤵
  PID:4260
- C:\Windows\System\fYnbbAF.exe
  C:\Windows\System\fYnbbAF.exe
  2⤵
  PID:5344
- C:\Windows\System\FxjkDpO.exe
  C:\Windows\System\FxjkDpO.exe
  2⤵
  PID:5768
- C:\Windows\System\sjzEirG.exe
  C:\Windows\System\sjzEirG.exe
  2⤵
  PID:816
- C:\Windows\System\tUKlvsX.exe
  C:\Windows\System\tUKlvsX.exe
  2⤵
  PID:5356
- C:\Windows\System\BXIPGDd.exe
  C:\Windows\System\BXIPGDd.exe
  2⤵
  PID:5276
- C:\Windows\System\KfihABP.exe
  C:\Windows\System\KfihABP.exe
  2⤵
  PID:5108
- C:\Windows\System\HKuPOVj.exe
  C:\Windows\System\HKuPOVj.exe
  2⤵
  PID:2892
- C:\Windows\System\cmLdgTk.exe
  C:\Windows\System\cmLdgTk.exe
  2⤵
  PID:6096
- C:\Windows\System\bMSvvVc.exe
  C:\Windows\System\bMSvvVc.exe
  2⤵
  PID:1672
- C:\Windows\System\efRRyPh.exe
  C:\Windows\System\efRRyPh.exe
  2⤵
  PID:5188
- C:\Windows\System\dffPqiG.exe
  C:\Windows\System\dffPqiG.exe
  2⤵
  PID:4244
- C:\Windows\System\qXyOfCf.exe
  C:\Windows\System\qXyOfCf.exe
  2⤵
  PID:2160
- C:\Windows\System\qfWdCBa.exe
  C:\Windows\System\qfWdCBa.exe
  2⤵
  PID:576
- C:\Windows\System\RIxAZtN.exe
  C:\Windows\System\RIxAZtN.exe
  2⤵
  PID:3312
- C:\Windows\System\GIrVpoO.exe
  C:\Windows\System\GIrVpoO.exe
  2⤵
  PID:5500
- C:\Windows\System\daXnPdv.exe
  C:\Windows\System\daXnPdv.exe
  2⤵
  PID:5968
- C:\Windows\System\krMigGf.exe
  C:\Windows\System\krMigGf.exe
  2⤵
  PID:2512
- C:\Windows\System\aMHEjfC.exe
  C:\Windows\System\aMHEjfC.exe
  2⤵
  PID:2544
- C:\Windows\System\qjPMKpE.exe
  C:\Windows\System\qjPMKpE.exe
  2⤵
  PID:5140
- C:\Windows\System\OPZboUD.exe
  C:\Windows\System\OPZboUD.exe
  2⤵
  PID:5900
- C:\Windows\System\zHvTQHN.exe
  C:\Windows\System\zHvTQHN.exe
  2⤵
  PID:2420
- C:\Windows\System\ANhiDkv.exe
  C:\Windows\System\ANhiDkv.exe
  2⤵
  PID:4568
- C:\Windows\System\grOAhdu.exe
  C:\Windows\System\grOAhdu.exe
  2⤵
  PID:4756
- C:\Windows\System\fWmHJkd.exe
  C:\Windows\System\fWmHJkd.exe
  2⤵
  PID:2868
- C:\Windows\System\gWGidAA.exe
  C:\Windows\System\gWGidAA.exe
  2⤵
  PID:5340
- C:\Windows\System\mAfhTsM.exe
  C:\Windows\System\mAfhTsM.exe
  2⤵
  PID:2588
- C:\Windows\System\eFmnrwX.exe
  C:\Windows\System\eFmnrwX.exe
  2⤵
  PID:1640
- C:\Windows\System\gEQuwLl.exe
  C:\Windows\System\gEQuwLl.exe
  2⤵
  PID:6160
- C:\Windows\System\OdOTxfD.exe
  C:\Windows\System\OdOTxfD.exe
  2⤵
  PID:6176
- C:\Windows\System\BRqcPLD.exe
  C:\Windows\System\BRqcPLD.exe
  2⤵
  PID:6192
- C:\Windows\System\fhhAaFa.exe
  C:\Windows\System\fhhAaFa.exe
  2⤵
  PID:6220
- C:\Windows\System\fupWJzL.exe
  C:\Windows\System\fupWJzL.exe
  2⤵
  PID:6284
- C:\Windows\System\UCLUYkc.exe
  C:\Windows\System\UCLUYkc.exe
  2⤵
  PID:6304
- C:\Windows\System\RnsKBun.exe
  C:\Windows\System\RnsKBun.exe
  2⤵
  PID:6324
- C:\Windows\System\VkjHpVe.exe
  C:\Windows\System\VkjHpVe.exe
  2⤵
  PID:6344
- C:\Windows\System\GzkiZMY.exe
  C:\Windows\System\GzkiZMY.exe
  2⤵
  PID:6368
- C:\Windows\System\XHEPhdM.exe
  C:\Windows\System\XHEPhdM.exe
  2⤵
  PID:6428
- C:\Windows\System\JjWDcwy.exe
  C:\Windows\System\JjWDcwy.exe
  2⤵
  PID:6448
- C:\Windows\System\QBaMUBa.exe
  C:\Windows\System\QBaMUBa.exe
  2⤵
  PID:6464
- C:\Windows\System\jCnYBNL.exe
  C:\Windows\System\jCnYBNL.exe
  2⤵
  PID:6480
- C:\Windows\System\hTpeSXU.exe
  C:\Windows\System\hTpeSXU.exe
  2⤵
  PID:6496
- C:\Windows\System\SyymOlu.exe
  C:\Windows\System\SyymOlu.exe
  2⤵
  PID:6512
- C:\Windows\System\ClbaZfP.exe
  C:\Windows\System\ClbaZfP.exe
  2⤵
  PID:6528
- C:\Windows\System\ffSibce.exe
  C:\Windows\System\ffSibce.exe
  2⤵
  PID:6544
- C:\Windows\System\uEYiLRH.exe
  C:\Windows\System\uEYiLRH.exe
  2⤵
  PID:6560
- C:\Windows\System\KIlfoeC.exe
  C:\Windows\System\KIlfoeC.exe
  2⤵
  PID:6576
- C:\Windows\System\tNccLjl.exe
  C:\Windows\System\tNccLjl.exe
  2⤵
  PID:6592
- C:\Windows\System\XzOQcTX.exe
  C:\Windows\System\XzOQcTX.exe
  2⤵
  PID:6608
- C:\Windows\System\ssNrWYI.exe
  C:\Windows\System\ssNrWYI.exe
  2⤵
  PID:6624
- C:\Windows\System\eGgujwi.exe
  C:\Windows\System\eGgujwi.exe
  2⤵
  PID:6640
- C:\Windows\System\KmPdzhU.exe
  C:\Windows\System\KmPdzhU.exe
  2⤵
  PID:6656
- C:\Windows\System\anjwGys.exe
  C:\Windows\System\anjwGys.exe
  2⤵
  PID:6672
- C:\Windows\System\cxsBVsY.exe
  C:\Windows\System\cxsBVsY.exe
  2⤵
  PID:6688
- C:\Windows\System\FHyIXOi.exe
  C:\Windows\System\FHyIXOi.exe
  2⤵
  PID:6704
- C:\Windows\System\UxqULxW.exe
  C:\Windows\System\UxqULxW.exe
  2⤵
  PID:6720
- C:\Windows\System\pTWxinn.exe
  C:\Windows\System\pTWxinn.exe
  2⤵
  PID:6736
- C:\Windows\System\ZUGahWF.exe
  C:\Windows\System\ZUGahWF.exe
  2⤵
  PID:6752
- C:\Windows\System\xpkjUYV.exe
  C:\Windows\System\xpkjUYV.exe
  2⤵
  PID:6768
- C:\Windows\System\kgxBQyj.exe
  C:\Windows\System\kgxBQyj.exe
  2⤵
  PID:6784
- C:\Windows\System\srGUkEh.exe
  C:\Windows\System\srGUkEh.exe
  2⤵
  PID:6800
- C:\Windows\System\JQPaxJi.exe
  C:\Windows\System\JQPaxJi.exe
  2⤵
  PID:6816
- C:\Windows\System\DStfMWK.exe
  C:\Windows\System\DStfMWK.exe
  2⤵
  PID:6832
- C:\Windows\System\aQjvVCY.exe
  C:\Windows\System\aQjvVCY.exe
  2⤵
  PID:6848
- C:\Windows\System\YmBUCtD.exe
  C:\Windows\System\YmBUCtD.exe
  2⤵
  PID:6864
- C:\Windows\System\pkhHBPM.exe
  C:\Windows\System\pkhHBPM.exe
  2⤵
  PID:6880
- C:\Windows\System\EQgnJmm.exe
  C:\Windows\System\EQgnJmm.exe
  2⤵
  PID:6896
- C:\Windows\System\wtlELEO.exe
  C:\Windows\System\wtlELEO.exe
  2⤵
  PID:6912
- C:\Windows\System\DBuZVsd.exe
  C:\Windows\System\DBuZVsd.exe
  2⤵
  PID:6928
- C:\Windows\System\YiBXjkG.exe
  C:\Windows\System\YiBXjkG.exe
  2⤵
  PID:6948
- C:\Windows\System\wfbgYrZ.exe
  C:\Windows\System\wfbgYrZ.exe
  2⤵
  PID:6964
- C:\Windows\System\UiusXVa.exe
  C:\Windows\System\UiusXVa.exe
  2⤵
  PID:6980
- C:\Windows\System\TxtniTW.exe
  C:\Windows\System\TxtniTW.exe
  2⤵
  PID:6996
- C:\Windows\System\rvSXgcg.exe
  C:\Windows\System\rvSXgcg.exe
  2⤵
  PID:7012
- C:\Windows\System\sLuMXxx.exe
  C:\Windows\System\sLuMXxx.exe
  2⤵
  PID:7028
- C:\Windows\System\iiaUJlm.exe
  C:\Windows\System\iiaUJlm.exe
  2⤵
  PID:7044
- C:\Windows\System\mBDWwMR.exe
  C:\Windows\System\mBDWwMR.exe
  2⤵
  PID:7060
- C:\Windows\System\etORela.exe
  C:\Windows\System\etORela.exe
  2⤵
  PID:7076
- C:\Windows\System\nuuAPOC.exe
  C:\Windows\System\nuuAPOC.exe
  2⤵
  PID:7092
- C:\Windows\System\wqmmgqH.exe
  C:\Windows\System\wqmmgqH.exe
  2⤵
  PID:7108
- C:\Windows\System\AQcQGeQ.exe
  C:\Windows\System\AQcQGeQ.exe
  2⤵
  PID:7124
- C:\Windows\System\PdTYKgG.exe
  C:\Windows\System\PdTYKgG.exe
  2⤵
  PID:7140
- C:\Windows\System\UFjxBeX.exe
  C:\Windows\System\UFjxBeX.exe
  2⤵
  PID:7156
- C:\Windows\System\dCsjvEC.exe
  C:\Windows\System\dCsjvEC.exe
  2⤵
  PID:1372
- C:\Windows\System\gVijNqZ.exe
  C:\Windows\System\gVijNqZ.exe
  2⤵
  PID:5156
- C:\Windows\System\EEvxGQL.exe
  C:\Windows\System\EEvxGQL.exe
  2⤵
  PID:5204
- C:\Windows\System\uXyrOFA.exe
  C:\Windows\System\uXyrOFA.exe
  2⤵
  PID:3036
- C:\Windows\System\ZvntNST.exe
  C:\Windows\System\ZvntNST.exe
  2⤵
  PID:3000
- C:\Windows\System\qkWxQdY.exe
  C:\Windows\System\qkWxQdY.exe
  2⤵
  PID:1536
- C:\Windows\System\wKVfdID.exe
  C:\Windows\System\wKVfdID.exe
  2⤵
  PID:3016
- C:\Windows\System\kGuMAMg.exe
  C:\Windows\System\kGuMAMg.exe
  2⤵
  PID:1764
- C:\Windows\System\ruFpIEi.exe
  C:\Windows\System\ruFpIEi.exe
  2⤵
  PID:6188
- C:\Windows\System\SMPPCbU.exe
  C:\Windows\System\SMPPCbU.exe
  2⤵
  PID:6212
- C:\Windows\System\BAxpBNI.exe
  C:\Windows\System\BAxpBNI.exe
  2⤵
  PID:6240
- C:\Windows\System\zYXhTST.exe
  C:\Windows\System\zYXhTST.exe
  2⤵
  PID:6252
- C:\Windows\System\awKQIln.exe
  C:\Windows\System\awKQIln.exe
  2⤵
  PID:6268
- C:\Windows\System\iFOACGb.exe
  C:\Windows\System\iFOACGb.exe
  2⤵
  PID:6296
- C:\Windows\System\pcIymXE.exe
  C:\Windows\System\pcIymXE.exe
  2⤵
  PID:6340
- C:\Windows\System\uMzaWef.exe
  C:\Windows\System\uMzaWef.exe
  2⤵
  PID:6276
- C:\Windows\System\ctoIJLT.exe
  C:\Windows\System\ctoIJLT.exe
  2⤵
  PID:6320
- C:\Windows\System\DMxMgxk.exe
  C:\Windows\System\DMxMgxk.exe
  2⤵
  PID:6364
- C:\Windows\System\JBxpXzX.exe
  C:\Windows\System\JBxpXzX.exe
  2⤵
  PID:6400
- C:\Windows\System\idnDwOA.exe
  C:\Windows\System\idnDwOA.exe
  2⤵
  PID:6412
- C:\Windows\System\jjZKfls.exe
  C:\Windows\System\jjZKfls.exe
  2⤵
  PID:6436
- C:\Windows\System\KHwQbNS.exe
  C:\Windows\System\KHwQbNS.exe
  2⤵
  PID:6460
- C:\Windows\System\WHXJlzv.exe
  C:\Windows\System\WHXJlzv.exe
  2⤵
  PID:6520
- C:\Windows\System\krsSoQw.exe
  C:\Windows\System\krsSoQw.exe
  2⤵
  PID:6584
- C:\Windows\System\AEQGGbW.exe
  C:\Windows\System\AEQGGbW.exe
  2⤵
  PID:6648
- C:\Windows\System\BsNKwho.exe
  C:\Windows\System\BsNKwho.exe
  2⤵
  PID:936
- C:\Windows\System\VYQOesz.exe
  C:\Windows\System\VYQOesz.exe
  2⤵
  PID:6712
- C:\Windows\System\pTgrIdO.exe
  C:\Windows\System\pTgrIdO.exe
  2⤵
  PID:6508
- C:\Windows\System\fXovzCv.exe
  C:\Windows\System\fXovzCv.exe
  2⤵
  PID:6572
- C:\Windows\System\gupFdhj.exe
  C:\Windows\System\gupFdhj.exe
  2⤵
  PID:6636
- C:\Windows\System\KUojMyX.exe
  C:\Windows\System\KUojMyX.exe
  2⤵
  PID:6780
- C:\Windows\System\CdSXYGf.exe
  C:\Windows\System\CdSXYGf.exe
  2⤵
  PID:6844
- C:\Windows\System\rDMqxwO.exe
  C:\Windows\System\rDMqxwO.exe
  2⤵
  PID:6904
- C:\Windows\System\UwVTVMv.exe
  C:\Windows\System\UwVTVMv.exe
  2⤵
  PID:6972
- C:\Windows\System\imUuQxE.exe
  C:\Windows\System\imUuQxE.exe
  2⤵
  PID:4240
- C:\Windows\System\DEvmazL.exe
  C:\Windows\System\DEvmazL.exe
  2⤵
  PID:6792
- C:\Windows\System\jWptqBE.exe
  C:\Windows\System\jWptqBE.exe
  2⤵
  PID:1792
- C:\Windows\System\CwxkpNP.exe
  C:\Windows\System\CwxkpNP.exe
  2⤵
  PID:6796
- C:\Windows\System\BhzSWkW.exe
  C:\Windows\System\BhzSWkW.exe
  2⤵
  PID:6892
- C:\Windows\System\wKzbGVO.exe
  C:\Windows\System\wKzbGVO.exe
  2⤵
  PID:6988
- C:\Windows\System\SZVqnpg.exe
  C:\Windows\System\SZVqnpg.exe
  2⤵
  PID:7040
- C:\Windows\System\fZEphnA.exe
  C:\Windows\System\fZEphnA.exe
  2⤵
  PID:7100
- C:\Windows\System\NtlsYfi.exe
  C:\Windows\System\NtlsYfi.exe
  2⤵
  PID:7088
- C:\Windows\System\GfMreGM.exe
  C:\Windows\System\GfMreGM.exe
  2⤵
  PID:7164
- C:\Windows\System\QGomMiu.exe
  C:\Windows\System\QGomMiu.exe
  2⤵
  PID:6172
- C:\Windows\System\lizClxm.exe
  C:\Windows\System\lizClxm.exe
  2⤵
  PID:7120
- C:\Windows\System\StKjASc.exe
  C:\Windows\System\StKjASc.exe
  2⤵
  PID:2844
- C:\Windows\System\YsZzsFF.exe
  C:\Windows\System\YsZzsFF.exe
  2⤵
  PID:324
- C:\Windows\System\SpmbPlH.exe
  C:\Windows\System\SpmbPlH.exe
  2⤵
  PID:6312
- C:\Windows\System\QSbfZqL.exe
  C:\Windows\System\QSbfZqL.exe
  2⤵
  PID:6392
- C:\Windows\System\zAnjRjW.exe
  C:\Windows\System\zAnjRjW.exe
  2⤵
  PID:1556
- C:\Windows\System\lMvlgFr.exe
  C:\Windows\System\lMvlgFr.exe
  2⤵
  PID:6216
- C:\Windows\System\xusKaEk.exe
  C:\Windows\System\xusKaEk.exe
  2⤵
  PID:4812
- C:\Windows\System\NMBvMfq.exe
  C:\Windows\System\NMBvMfq.exe
  2⤵
  PID:496
- C:\Windows\System\tYkRlat.exe
  C:\Windows\System\tYkRlat.exe
  2⤵
  PID:6272
- C:\Windows\System\uokeWFs.exe
  C:\Windows\System\uokeWFs.exe
  2⤵
  PID:6360
- C:\Windows\System\hnNzonA.exe
  C:\Windows\System\hnNzonA.exe
  2⤵
  PID:6456
- C:\Windows\System\tfNqzvn.exe
  C:\Windows\System\tfNqzvn.exe
  2⤵
  PID:6568
- C:\Windows\System\PtwefHd.exe
  C:\Windows\System\PtwefHd.exe
  2⤵
  PID:6872
- C:\Windows\System\YebPIHd.exe
  C:\Windows\System\YebPIHd.exe
  2⤵
  PID:6632
- C:\Windows\System\SPLzdCD.exe
  C:\Windows\System\SPLzdCD.exe
  2⤵
  PID:6476
- C:\Windows\System\SYsFpOe.exe
  C:\Windows\System\SYsFpOe.exe
  2⤵
  PID:7004
- C:\Windows\System\IRstDuJ.exe
  C:\Windows\System\IRstDuJ.exe
  2⤵
  PID:6860
- C:\Windows\System\lSTKdDX.exe
  C:\Windows\System\lSTKdDX.exe
  2⤵
  PID:6764
- C:\Windows\System\pawOtGw.exe
  C:\Windows\System\pawOtGw.exe
  2⤵
  PID:7036
- C:\Windows\System\fGNZphn.exe
  C:\Windows\System\fGNZphn.exe
  2⤵
  PID:6960
- C:\Windows\System\WRocKGx.exe
  C:\Windows\System\WRocKGx.exe
  2⤵
  PID:6264
- C:\Windows\System\nGfJRGJ.exe
  C:\Windows\System\nGfJRGJ.exe
  2⤵
  PID:6232
- C:\Windows\System\GDwGOJo.exe
  C:\Windows\System\GDwGOJo.exe
  2⤵
  PID:2704
- C:\Windows\System\SldJjWI.exe
  C:\Windows\System\SldJjWI.exe
  2⤵
  PID:1676
- C:\Windows\System\xUwyYdG.exe
  C:\Windows\System\xUwyYdG.exe
  2⤵
  PID:6776
- C:\Windows\System\HnlubyL.exe
  C:\Windows\System\HnlubyL.exe
  2⤵
  PID:6132
- C:\Windows\System\CwHBBNt.exe
  C:\Windows\System\CwHBBNt.exe
  2⤵
  PID:6620
- C:\Windows\System\wIoMGRm.exe
  C:\Windows\System\wIoMGRm.exe
  2⤵
  PID:5712
- C:\Windows\System\rbNLvOs.exe
  C:\Windows\System\rbNLvOs.exe
  2⤵
  PID:6828
- C:\Windows\System\rhYVykT.exe
  C:\Windows\System\rhYVykT.exe
  2⤵
  PID:7020
- C:\Windows\System\VmEeQeL.exe
  C:\Windows\System\VmEeQeL.exe
  2⤵
  PID:2216
- C:\Windows\System\gyuxroU.exe
  C:\Windows\System\gyuxroU.exe
  2⤵
  PID:5176
- C:\Windows\System\AQJaxhk.exe
  C:\Windows\System\AQJaxhk.exe
  2⤵
  PID:6248
- C:\Windows\System\kazWsIy.exe
  C:\Windows\System\kazWsIy.exe
  2⤵
  PID:7148
- C:\Windows\System\SEJUdoE.exe
  C:\Windows\System\SEJUdoE.exe
  2⤵
  PID:6444
- C:\Windows\System\tUbYhog.exe
  C:\Windows\System\tUbYhog.exe
  2⤵
  PID:2572
- C:\Windows\System\MrAAmPg.exe
  C:\Windows\System\MrAAmPg.exe
  2⤵
  PID:7052
- C:\Windows\System\Rxylcjm.exe
  C:\Windows\System\Rxylcjm.exe
  2⤵
  PID:7176
- C:\Windows\System\qUdUFaW.exe
  C:\Windows\System\qUdUFaW.exe
  2⤵
  PID:7192
- C:\Windows\System\PFEapBu.exe
  C:\Windows\System\PFEapBu.exe
  2⤵
  PID:7208
- C:\Windows\System\RMbbcMr.exe
  C:\Windows\System\RMbbcMr.exe
  2⤵
  PID:7224
- C:\Windows\System\GfXHVlV.exe
  C:\Windows\System\GfXHVlV.exe
  2⤵
  PID:7240
- C:\Windows\System\ESoYnEC.exe
  C:\Windows\System\ESoYnEC.exe
  2⤵
  PID:7256
- C:\Windows\System\ffxymbp.exe
  C:\Windows\System\ffxymbp.exe
  2⤵
  PID:7272
- C:\Windows\System\jeIwmhB.exe
  C:\Windows\System\jeIwmhB.exe
  2⤵
  PID:7288
- C:\Windows\System\zbWmcfv.exe
  C:\Windows\System\zbWmcfv.exe
  2⤵
  PID:7304
- C:\Windows\System\QUFLhnF.exe
  C:\Windows\System\QUFLhnF.exe
  2⤵
  PID:7320
- C:\Windows\System\rmDMGzM.exe
  C:\Windows\System\rmDMGzM.exe
  2⤵
  PID:7336
- C:\Windows\System\OTNpBHr.exe
  C:\Windows\System\OTNpBHr.exe
  2⤵
  PID:7352
- C:\Windows\System\tExMPuP.exe
  C:\Windows\System\tExMPuP.exe
  2⤵
  PID:7368
- C:\Windows\System\DWrGWqo.exe
  C:\Windows\System\DWrGWqo.exe
  2⤵
  PID:7384
- C:\Windows\System\zWAHRIe.exe
  C:\Windows\System\zWAHRIe.exe
  2⤵
  PID:7400
- C:\Windows\System\QbSDhpv.exe
  C:\Windows\System\QbSDhpv.exe
  2⤵
  PID:7416
- C:\Windows\System\uyvGJfm.exe
  C:\Windows\System\uyvGJfm.exe
  2⤵
  PID:7432
- C:\Windows\System\WkBCayg.exe
  C:\Windows\System\WkBCayg.exe
  2⤵
  PID:7448
- C:\Windows\System\OfAeXRc.exe
  C:\Windows\System\OfAeXRc.exe
  2⤵
  PID:7464
- C:\Windows\System\QcrZbes.exe
  C:\Windows\System\QcrZbes.exe
  2⤵
  PID:7484
- C:\Windows\System\zjHVeTq.exe
  C:\Windows\System\zjHVeTq.exe
  2⤵
  PID:7500
- C:\Windows\System\mwJtOba.exe
  C:\Windows\System\mwJtOba.exe
  2⤵
  PID:7516
- C:\Windows\System\PKTioPt.exe
  C:\Windows\System\PKTioPt.exe
  2⤵
  PID:7532
- C:\Windows\System\qxzOxWd.exe
  C:\Windows\System\qxzOxWd.exe
  2⤵
  PID:7548
- C:\Windows\System\LIyiIib.exe
  C:\Windows\System\LIyiIib.exe
  2⤵
  PID:7564
- C:\Windows\System\jgmCdpo.exe
  C:\Windows\System\jgmCdpo.exe
  2⤵
  PID:7580
- C:\Windows\System\XQhGQhF.exe
  C:\Windows\System\XQhGQhF.exe
  2⤵
  PID:7596
- C:\Windows\System\VfmJqQh.exe
  C:\Windows\System\VfmJqQh.exe
  2⤵
  PID:7612
- C:\Windows\System\bSYUmZY.exe
  C:\Windows\System\bSYUmZY.exe
  2⤵
  PID:7628
- C:\Windows\System\zyeYwiN.exe
  C:\Windows\System\zyeYwiN.exe
  2⤵
  PID:7644
- C:\Windows\System\muadHGb.exe
  C:\Windows\System\muadHGb.exe
  2⤵
  PID:7660
- C:\Windows\System\uWyQykh.exe
  C:\Windows\System\uWyQykh.exe
  2⤵
  PID:7676
- C:\Windows\System\jPrNYaK.exe
  C:\Windows\System\jPrNYaK.exe
  2⤵
  PID:7692
- C:\Windows\System\exKhaXZ.exe
  C:\Windows\System\exKhaXZ.exe
  2⤵
  PID:7708
- C:\Windows\System\BmQuOLO.exe
  C:\Windows\System\BmQuOLO.exe
  2⤵
  PID:7724
- C:\Windows\System\lCqGvQT.exe
  C:\Windows\System\lCqGvQT.exe
  2⤵
  PID:7740
- C:\Windows\System\MYgSDHK.exe
  C:\Windows\System\MYgSDHK.exe
  2⤵
  PID:7756
- C:\Windows\System\CtWpfde.exe
  C:\Windows\System\CtWpfde.exe
  2⤵
  PID:7772
- C:\Windows\System\NErjloX.exe
  C:\Windows\System\NErjloX.exe
  2⤵
  PID:7788
- C:\Windows\System\TOrALaD.exe
  C:\Windows\System\TOrALaD.exe
  2⤵
  PID:7804
- C:\Windows\System\LXPpSPk.exe
  C:\Windows\System\LXPpSPk.exe
  2⤵
  PID:7820
- C:\Windows\System\PoYNsAq.exe
  C:\Windows\System\PoYNsAq.exe
  2⤵
  PID:7836
- C:\Windows\System\OBoboya.exe
  C:\Windows\System\OBoboya.exe
  2⤵
  PID:7852
- C:\Windows\System\TaFdBvC.exe
  C:\Windows\System\TaFdBvC.exe
  2⤵
  PID:7868
- C:\Windows\System\vnAjUye.exe
  C:\Windows\System\vnAjUye.exe
  2⤵
  PID:7884
- C:\Windows\System\YDzXGjf.exe
  C:\Windows\System\YDzXGjf.exe
  2⤵
  PID:7900
- C:\Windows\System\GzNHmaz.exe
  C:\Windows\System\GzNHmaz.exe
  2⤵
  PID:7916
- C:\Windows\System\MeqnsOh.exe
  C:\Windows\System\MeqnsOh.exe
  2⤵
  PID:7932
- C:\Windows\System\ugLfEmA.exe
  C:\Windows\System\ugLfEmA.exe
  2⤵
  PID:7948
- C:\Windows\System\PSHHBZk.exe
  C:\Windows\System\PSHHBZk.exe
  2⤵
  PID:7964
- C:\Windows\System\RqvcyTq.exe
  C:\Windows\System\RqvcyTq.exe
  2⤵
  PID:7984
- C:\Windows\System\FghPcZn.exe
  C:\Windows\System\FghPcZn.exe
  2⤵
  PID:8000
- C:\Windows\System\OAmWHhJ.exe
  C:\Windows\System\OAmWHhJ.exe
  2⤵
  PID:8016
- C:\Windows\System\DvEnukS.exe
  C:\Windows\System\DvEnukS.exe
  2⤵
  PID:8032
- C:\Windows\System\eMxaEBz.exe
  C:\Windows\System\eMxaEBz.exe
  2⤵
  PID:8048
- C:\Windows\System\qBfuHAu.exe
  C:\Windows\System\qBfuHAu.exe
  2⤵
  PID:8064
- C:\Windows\System\xowEySh.exe
  C:\Windows\System\xowEySh.exe
  2⤵
  PID:8080
- C:\Windows\System\gwWIXiy.exe
  C:\Windows\System\gwWIXiy.exe
  2⤵
  PID:8100
- C:\Windows\System\rdptcWd.exe
  C:\Windows\System\rdptcWd.exe
  2⤵
  PID:8116
- C:\Windows\System\aSpGMzu.exe
  C:\Windows\System\aSpGMzu.exe
  2⤵
  PID:8132
- C:\Windows\System\deZHhnY.exe
  C:\Windows\System\deZHhnY.exe
  2⤵
  PID:8148
- C:\Windows\System\BcZPeQH.exe
  C:\Windows\System\BcZPeQH.exe
  2⤵
  PID:8164
- C:\Windows\System\TIusUou.exe
  C:\Windows\System\TIusUou.exe
  2⤵
  PID:8180
- C:\Windows\System\PFQMMNQ.exe
  C:\Windows\System\PFQMMNQ.exe
  2⤵
  PID:6504
- C:\Windows\System\SPBqkJK.exe
  C:\Windows\System\SPBqkJK.exe
  2⤵
  PID:7220
- C:\Windows\System\FhrnFYq.exe
  C:\Windows\System\FhrnFYq.exe
  2⤵
  PID:7284
- C:\Windows\System\KxDCLde.exe
  C:\Windows\System\KxDCLde.exe
  2⤵
  PID:7348
- C:\Windows\System\KzubMEn.exe
  C:\Windows\System\KzubMEn.exe
  2⤵
  PID:7412
- C:\Windows\System\srHFjbY.exe
  C:\Windows\System\srHFjbY.exe
  2⤵
  PID:7480
- C:\Windows\System\PxjeDbP.exe
  C:\Windows\System\PxjeDbP.exe
  2⤵
  PID:7512
- C:\Windows\System\pjnrrbl.exe
  C:\Windows\System\pjnrrbl.exe
  2⤵
  PID:7540
- C:\Windows\System\CZBKRTH.exe
  C:\Windows\System\CZBKRTH.exe
  2⤵
  PID:7572
- C:\Windows\System\HhYTkpF.exe
  C:\Windows\System\HhYTkpF.exe
  2⤵
  PID:7104
- C:\Windows\System\qkXDhWK.exe
  C:\Windows\System\qkXDhWK.exe
  2⤵
  PID:7604
- C:\Windows\System\cQgCjpO.exe
  C:\Windows\System\cQgCjpO.exe
  2⤵
  PID:7268
- C:\Windows\System\kTCSjZk.exe
  C:\Windows\System\kTCSjZk.exe
  2⤵
  PID:7556
- C:\Windows\System\djgXUzy.exe
  C:\Windows\System\djgXUzy.exe
  2⤵
  PID:6700
- C:\Windows\System\haSAQbU.exe
  C:\Windows\System\haSAQbU.exe
  2⤵
  PID:6408
- C:\Windows\System\enMHQuk.exe
  C:\Windows\System\enMHQuk.exe
  2⤵
  PID:7300
- C:\Windows\System\GnpIcFl.exe
  C:\Windows\System\GnpIcFl.exe
  2⤵
  PID:7640
- C:\Windows\System\gCnVwnd.exe
  C:\Windows\System\gCnVwnd.exe
  2⤵
  PID:7456
- C:\Windows\System\ZJPEoNv.exe
  C:\Windows\System\ZJPEoNv.exe
  2⤵
  PID:7668
- C:\Windows\System\LTemqOq.exe
  C:\Windows\System\LTemqOq.exe
  2⤵
  PID:7700
- C:\Windows\System\JsOylIr.exe
  C:\Windows\System\JsOylIr.exe
  2⤵
  PID:7716
- C:\Windows\System\CQoDwnq.exe
  C:\Windows\System\CQoDwnq.exe
  2⤵
  PID:7764
- C:\Windows\System\QFYrlBa.exe
  C:\Windows\System\QFYrlBa.exe
  2⤵
  PID:7800
- C:\Windows\System\jwKQFuW.exe
  C:\Windows\System\jwKQFuW.exe
  2⤵
  PID:7864
- C:\Windows\System\DuTFATH.exe
  C:\Windows\System\DuTFATH.exe
  2⤵
  PID:7928
- C:\Windows\System\SoAwuiD.exe
  C:\Windows\System\SoAwuiD.exe
  2⤵
  PID:7996
- C:\Windows\System\mONCZVE.exe
  C:\Windows\System\mONCZVE.exe
  2⤵
  PID:7912
- C:\Windows\System\cEyZbBR.exe
  C:\Windows\System\cEyZbBR.exe
  2⤵
  PID:7972
- C:\Windows\System\xMJRNeg.exe
  C:\Windows\System\xMJRNeg.exe
  2⤵
  PID:8008
- C:\Windows\System\DRYlOTy.exe
  C:\Windows\System\DRYlOTy.exe
  2⤵
  PID:8012
- C:\Windows\System\JJioguJ.exe
  C:\Windows\System\JJioguJ.exe
  2⤵
  PID:8044
- C:\Windows\System\UGmnvvn.exe
  C:\Windows\System\UGmnvvn.exe
  2⤵
  PID:6944
- C:\Windows\System\pvqSFeH.exe
  C:\Windows\System\pvqSFeH.exe
  2⤵
  PID:8076
- C:\Windows\System\bfVLMTv.exe
  C:\Windows\System\bfVLMTv.exe
  2⤵
  PID:8160
- C:\Windows\System\TkSsVpJ.exe
  C:\Windows\System\TkSsVpJ.exe
  2⤵
  PID:7280
- C:\Windows\System\gJrIomD.exe
  C:\Windows\System\gJrIomD.exe
  2⤵
  PID:7408
- C:\Windows\System\HijycOP.exe
  C:\Windows\System\HijycOP.exe
  2⤵
  PID:8176
- C:\Windows\System\GAUSTuP.exe
  C:\Windows\System\GAUSTuP.exe
  2⤵
  PID:7316
- C:\Windows\System\KFjOJXm.exe
  C:\Windows\System\KFjOJXm.exe
  2⤵
  PID:6388
- C:\Windows\System\iykoAnH.exe
  C:\Windows\System\iykoAnH.exe
  2⤵
  PID:7492
- C:\Windows\System\geLylQE.exe
  C:\Windows\System\geLylQE.exe
  2⤵
  PID:7364
- C:\Windows\System\AOaeYad.exe
  C:\Windows\System\AOaeYad.exe
  2⤵
  PID:7232
- C:\Windows\System\FBTUBHw.exe
  C:\Windows\System\FBTUBHw.exe
  2⤵
  PID:7588
- C:\Windows\System\BgbBDxz.exe
  C:\Windows\System\BgbBDxz.exe
  2⤵
  PID:7296
- C:\Windows\System\wZxrzIE.exe
  C:\Windows\System\wZxrzIE.exe
  2⤵
  PID:7428
- C:\Windows\System\YAySMat.exe
  C:\Windows\System\YAySMat.exe
  2⤵
  PID:7748
- C:\Windows\System\JrZqAxE.exe
  C:\Windows\System\JrZqAxE.exe
  2⤵
  PID:7860
- C:\Windows\System\kkqNShD.exe
  C:\Windows\System\kkqNShD.exe
  2⤵
  PID:7880
- C:\Windows\System\ieCDdvd.exe
  C:\Windows\System\ieCDdvd.exe
  2⤵
  PID:7848
- C:\Windows\System\zyGbXas.exe
  C:\Windows\System\zyGbXas.exe
  2⤵
  PID:7784
- C:\Windows\System\wZfGHLj.exe
  C:\Windows\System\wZfGHLj.exe
  2⤵
  PID:8072
- C:\Windows\System\ticJFns.exe
  C:\Windows\System\ticJFns.exe
  2⤵
  PID:7444
- C:\Windows\System\rRKMjoo.exe
  C:\Windows\System\rRKMjoo.exe
  2⤵
  PID:8088
- C:\Windows\System\tMEOyJC.exe
  C:\Windows\System\tMEOyJC.exe
  2⤵
  PID:7576
- C:\Windows\System\yxJEXII.exe
  C:\Windows\System\yxJEXII.exe
  2⤵
  PID:8156
- C:\Windows\System\EfLRACv.exe
  C:\Windows\System\EfLRACv.exe
  2⤵
  PID:7216
- C:\Windows\System\JDBZtfc.exe
  C:\Windows\System\JDBZtfc.exe
  2⤵
  PID:7732
- C:\Windows\System\yQWhiXn.exe
  C:\Windows\System\yQWhiXn.exe
  2⤵
  PID:7844
- C:\Windows\System\rqKSbGI.exe
  C:\Windows\System\rqKSbGI.exe
  2⤵
  PID:7944
- C:\Windows\System\FdAPNLR.exe
  C:\Windows\System\FdAPNLR.exe
  2⤵
  PID:7252
- C:\Windows\System\qdALHBu.exe
  C:\Windows\System\qdALHBu.exe
  2⤵
  PID:7204
- C:\Windows\System\fSjpMPp.exe
  C:\Windows\System\fSjpMPp.exe
  2⤵
  PID:8144
- C:\Windows\System\TuAgLEL.exe
  C:\Windows\System\TuAgLEL.exe
  2⤵
  PID:7608
- C:\Windows\System\RgWZtSX.exe
  C:\Windows\System\RgWZtSX.exe
  2⤵
  PID:7684
- C:\Windows\System\KWgQELE.exe
  C:\Windows\System\KWgQELE.exe
  2⤵
  PID:8040
- C:\Windows\System\SOrKMNE.exe
  C:\Windows\System\SOrKMNE.exe
  2⤵
  PID:8208
- C:\Windows\System\kCpvTJC.exe
  C:\Windows\System\kCpvTJC.exe
  2⤵
  PID:8224
- C:\Windows\System\jjJJlMc.exe
  C:\Windows\System\jjJJlMc.exe
  2⤵
  PID:8240
- C:\Windows\System\VMlmAnp.exe
  C:\Windows\System\VMlmAnp.exe
  2⤵
  PID:8260
- C:\Windows\System\eawMLsv.exe
  C:\Windows\System\eawMLsv.exe
  2⤵
  PID:8276
- C:\Windows\System\DmSJlvS.exe
  C:\Windows\System\DmSJlvS.exe
  2⤵
  PID:8292
- C:\Windows\System\TmehZkQ.exe
  C:\Windows\System\TmehZkQ.exe
  2⤵
  PID:8308
- C:\Windows\System\tDAUWPH.exe
  C:\Windows\System\tDAUWPH.exe
  2⤵
  PID:8324
- C:\Windows\System\VpAzQvk.exe
  C:\Windows\System\VpAzQvk.exe
  2⤵
  PID:8340
- C:\Windows\System\MRvPPmK.exe
  C:\Windows\System\MRvPPmK.exe
  2⤵
  PID:8356
- C:\Windows\System\fUszoXx.exe
  C:\Windows\System\fUszoXx.exe
  2⤵
  PID:8372
- C:\Windows\System\YURFlpm.exe
  C:\Windows\System\YURFlpm.exe
  2⤵
  PID:8392
- C:\Windows\System\lNdtUyI.exe
  C:\Windows\System\lNdtUyI.exe
  2⤵
  PID:8408
- C:\Windows\System\VNQRCka.exe
  C:\Windows\System\VNQRCka.exe
  2⤵
  PID:8424
- C:\Windows\System\pcussKi.exe
  C:\Windows\System\pcussKi.exe
  2⤵
  PID:8440
- C:\Windows\System\ILRbyoW.exe
  C:\Windows\System\ILRbyoW.exe
  2⤵
  PID:8456
- C:\Windows\System\IkKOADF.exe
  C:\Windows\System\IkKOADF.exe
  2⤵
  PID:8472
- C:\Windows\System\dhFDpyK.exe
  C:\Windows\System\dhFDpyK.exe
  2⤵
  PID:8488
- C:\Windows\System\fWHheyJ.exe
  C:\Windows\System\fWHheyJ.exe
  2⤵
  PID:8504
- C:\Windows\System\zuxpPRn.exe
  C:\Windows\System\zuxpPRn.exe
  2⤵
  PID:8520
- C:\Windows\System\BhHRAAN.exe
  C:\Windows\System\BhHRAAN.exe
  2⤵
  PID:8536
- C:\Windows\System\ojKnISC.exe
  C:\Windows\System\ojKnISC.exe
  2⤵
  PID:8552
- C:\Windows\System\gJLfxNu.exe
  C:\Windows\System\gJLfxNu.exe
  2⤵
  PID:8568
- C:\Windows\System\kugZmBB.exe
  C:\Windows\System\kugZmBB.exe
  2⤵
  PID:8584
- C:\Windows\System\YZohoOt.exe
  C:\Windows\System\YZohoOt.exe
  2⤵
  PID:8600
- C:\Windows\System\RLGvayY.exe
  C:\Windows\System\RLGvayY.exe
  2⤵
  PID:8616
- C:\Windows\System\rJOSPYX.exe
  C:\Windows\System\rJOSPYX.exe
  2⤵
  PID:8632
- C:\Windows\System\MCgogAT.exe
  C:\Windows\System\MCgogAT.exe
  2⤵
  PID:8648
- C:\Windows\System\TTSvwra.exe
  C:\Windows\System\TTSvwra.exe
  2⤵
  PID:8664
- C:\Windows\System\qmZHVOx.exe
  C:\Windows\System\qmZHVOx.exe
  2⤵
  PID:8680
- C:\Windows\System\yyaWFOa.exe
  C:\Windows\System\yyaWFOa.exe
  2⤵
  PID:8696
- C:\Windows\System\wcbhaeA.exe
  C:\Windows\System\wcbhaeA.exe
  2⤵
  PID:8712
- C:\Windows\System\OlTcxAR.exe
  C:\Windows\System\OlTcxAR.exe
  2⤵
  PID:8728
- C:\Windows\System\wjfwzYI.exe
  C:\Windows\System\wjfwzYI.exe
  2⤵
  PID:8744
- C:\Windows\System\QhFNGtW.exe
  C:\Windows\System\QhFNGtW.exe
  2⤵
  PID:8760
- C:\Windows\System\PInEeDf.exe
  C:\Windows\System\PInEeDf.exe
  2⤵
  PID:8776
- C:\Windows\System\wjWyQTs.exe
  C:\Windows\System\wjWyQTs.exe
  2⤵
  PID:8792
- C:\Windows\System\PDftdEj.exe
  C:\Windows\System\PDftdEj.exe
  2⤵
  PID:8808
- C:\Windows\System\GqlCeTJ.exe
  C:\Windows\System\GqlCeTJ.exe
  2⤵
  PID:8824
- C:\Windows\System\VGIlFmg.exe
  C:\Windows\System\VGIlFmg.exe
  2⤵
  PID:8840
- C:\Windows\System\XuIReOC.exe
  C:\Windows\System\XuIReOC.exe
  2⤵
  PID:8856
- C:\Windows\System\DFjTApm.exe
  C:\Windows\System\DFjTApm.exe
  2⤵
  PID:8872
- C:\Windows\System\lAElndl.exe
  C:\Windows\System\lAElndl.exe
  2⤵
  PID:8888
- C:\Windows\System\TZlUxYP.exe
  C:\Windows\System\TZlUxYP.exe
  2⤵
  PID:8904
- C:\Windows\System\yoKhvEr.exe
  C:\Windows\System\yoKhvEr.exe
  2⤵
  PID:8920
- C:\Windows\System\BMvQGyK.exe
  C:\Windows\System\BMvQGyK.exe
  2⤵
  PID:8936
- C:\Windows\System\nZchgZB.exe
  C:\Windows\System\nZchgZB.exe
  2⤵
  PID:8952
- C:\Windows\System\UCioLfk.exe
  C:\Windows\System\UCioLfk.exe
  2⤵
  PID:8968
- C:\Windows\System\aPlmyRF.exe
  C:\Windows\System\aPlmyRF.exe
  2⤵
  PID:8984
- C:\Windows\System\aXJRfft.exe
  C:\Windows\System\aXJRfft.exe
  2⤵
  PID:9000
- C:\Windows\System\sPJhUTU.exe
  C:\Windows\System\sPJhUTU.exe
  2⤵
  PID:9016
- C:\Windows\System\HAaqfQb.exe
  C:\Windows\System\HAaqfQb.exe
  2⤵
  PID:9032
- C:\Windows\System\cBSzfsq.exe
  C:\Windows\System\cBSzfsq.exe
  2⤵
  PID:9048
- C:\Windows\System\fQIwsTr.exe
  C:\Windows\System\fQIwsTr.exe
  2⤵
  PID:9064
- C:\Windows\System\OhnIeha.exe
  C:\Windows\System\OhnIeha.exe
  2⤵
  PID:9080
- C:\Windows\System\wNkxWsB.exe
  C:\Windows\System\wNkxWsB.exe
  2⤵
  PID:9096
- C:\Windows\System\UOYNmBr.exe
  C:\Windows\System\UOYNmBr.exe
  2⤵
  PID:9112
- C:\Windows\System\uzkSulJ.exe
  C:\Windows\System\uzkSulJ.exe
  2⤵
  PID:9128
- C:\Windows\System\tnxrvQZ.exe
  C:\Windows\System\tnxrvQZ.exe
  2⤵
  PID:9144
- C:\Windows\System\cSGgWPK.exe
  C:\Windows\System\cSGgWPK.exe
  2⤵
  PID:9160
- C:\Windows\System\ZSDPFKO.exe
  C:\Windows\System\ZSDPFKO.exe
  2⤵
  PID:9176
- C:\Windows\System\exDQgEU.exe
  C:\Windows\System\exDQgEU.exe
  2⤵
  PID:9192
- C:\Windows\System\LXDmsGo.exe
  C:\Windows\System\LXDmsGo.exe
  2⤵
  PID:9208
- C:\Windows\System\FDGFmsT.exe
  C:\Windows\System\FDGFmsT.exe
  2⤵
  PID:8112
- C:\Windows\System\jzAVheS.exe
  C:\Windows\System\jzAVheS.exe
  2⤵
  PID:8204
- C:\Windows\System\AaUTbHV.exe
  C:\Windows\System\AaUTbHV.exe
  2⤵
  PID:7084
- C:\Windows\System\mzKnXnP.exe
  C:\Windows\System\mzKnXnP.exe
  2⤵
  PID:7924
- C:\Windows\System\miOwzuQ.exe
  C:\Windows\System\miOwzuQ.exe
  2⤵
  PID:8220
- C:\Windows\System\ExuOGBt.exe
  C:\Windows\System\ExuOGBt.exe
  2⤵
  PID:8284
- C:\Windows\System\GoToSeZ.exe
  C:\Windows\System\GoToSeZ.exe
  2⤵
  PID:8348
- C:\Windows\System\ewZTawO.exe
  C:\Windows\System\ewZTawO.exe
  2⤵
  PID:8388
- C:\Windows\System\MIkjVhr.exe
  C:\Windows\System\MIkjVhr.exe
  2⤵
  PID:8336
- C:\Windows\System\BuwVIEc.exe
  C:\Windows\System\BuwVIEc.exe
  2⤵
  PID:8420
- C:\Windows\System\DZnRfEt.exe
  C:\Windows\System\DZnRfEt.exe
  2⤵
  PID:8448
- C:\Windows\System\xdECKkK.exe
  C:\Windows\System\xdECKkK.exe
  2⤵
  PID:8464
- C:\Windows\System\iEUvfOy.exe
  C:\Windows\System\iEUvfOy.exe
  2⤵
  PID:8500
- C:\Windows\System\hfbhRbZ.exe
  C:\Windows\System\hfbhRbZ.exe
  2⤵
  PID:8516
- C:\Windows\System\zppMkhM.exe
  C:\Windows\System\zppMkhM.exe
  2⤵
  PID:8580
- C:\Windows\System\MIRKHDS.exe
  C:\Windows\System\MIRKHDS.exe
  2⤵
  PID:8644
- C:\Windows\System\aTqexcn.exe
  C:\Windows\System\aTqexcn.exe
  2⤵
  PID:8596
- C:\Windows\System\KLAmbmf.exe
  C:\Windows\System\KLAmbmf.exe
  2⤵
  PID:8660
- C:\Windows\System\QSFWAYz.exe
  C:\Windows\System\QSFWAYz.exe
  2⤵
  PID:8736
- C:\Windows\System\NFPOhid.exe
  C:\Windows\System\NFPOhid.exe
  2⤵
  PID:8800
- C:\Windows\System\EyufMDs.exe
  C:\Windows\System\EyufMDs.exe
  2⤵
  PID:8864
- C:\Windows\System\chigqQf.exe
  C:\Windows\System\chigqQf.exe
  2⤵
  PID:8928
- C:\Windows\System\OvPLHXs.exe
  C:\Windows\System\OvPLHXs.exe
  2⤵
  PID:8992
- C:\Windows\System\YldCCPR.exe
  C:\Windows\System\YldCCPR.exe
  2⤵
  PID:9056
- C:\Windows\System\lpWdphe.exe
  C:\Windows\System\lpWdphe.exe
  2⤵
  PID:9088
- C:\Windows\System\TEvEudn.exe
  C:\Windows\System\TEvEudn.exe
  2⤵
  PID:8912
- C:\Windows\System\AcjJWOX.exe
  C:\Windows\System\AcjJWOX.exe
  2⤵
  PID:8756
- C:\Windows\System\MkRWuDi.exe
  C:\Windows\System\MkRWuDi.exe
  2⤵
  PID:8820
- C:\Windows\System\tSVuHhw.exe
  C:\Windows\System\tSVuHhw.exe
  2⤵
  PID:8916
- C:\Windows\System\nlspkEy.exe
  C:\Windows\System\nlspkEy.exe
  2⤵
  PID:9008
- C:\Windows\System\YQGsKez.exe
  C:\Windows\System\YQGsKez.exe
  2⤵
  PID:9076
- C:\Windows\System\QtcihCE.exe
  C:\Windows\System\QtcihCE.exe
  2⤵
  PID:9152
- C:\Windows\System\bBuAZbU.exe
  C:\Windows\System\bBuAZbU.exe
  2⤵
  PID:8092
- C:\Windows\System\qVLARoX.exe
  C:\Windows\System\qVLARoX.exe
  2⤵
  PID:7816
- C:\Windows\System\mRJQqhP.exe
  C:\Windows\System\mRJQqhP.exe
  2⤵
  PID:8304
- C:\Windows\System\qvxgUkB.exe
  C:\Windows\System\qvxgUkB.exe
  2⤵
  PID:8468
- C:\Windows\System\OTSRskx.exe
  C:\Windows\System\OTSRskx.exe
  2⤵
  PID:8560
- C:\Windows\System\uqBAgSH.exe
  C:\Windows\System\uqBAgSH.exe
  2⤵
  PID:8704
- C:\Windows\System\LOajoNQ.exe
  C:\Windows\System\LOajoNQ.exe
  2⤵
  PID:8960
- C:\Windows\System\mrLMyxL.exe
  C:\Windows\System\mrLMyxL.exe
  2⤵
  PID:8724
- C:\Windows\System\GFrQzzM.exe
  C:\Windows\System\GFrQzzM.exe
  2⤵
  PID:9172
- C:\Windows\System\EcNvsNx.exe
  C:\Windows\System\EcNvsNx.exe
  2⤵
  PID:7396
- C:\Windows\System\aVEytre.exe
  C:\Windows\System\aVEytre.exe
  2⤵
  PID:8512
- C:\Windows\System\brxrmfk.exe
  C:\Windows\System\brxrmfk.exe
  2⤵
  PID:8788
- C:\Windows\System\pnzEHtr.exe
  C:\Windows\System\pnzEHtr.exe
  2⤵
  PID:6888
- C:\Windows\System\gTmMPAP.exe
  C:\Windows\System\gTmMPAP.exe
  2⤵
  PID:8484
- C:\Windows\System\qXLhIyY.exe
  C:\Windows\System\qXLhIyY.exe
  2⤵
  PID:8768
- C:\Windows\System\fJTsrHL.exe
  C:\Windows\System\fJTsrHL.exe
  2⤵
  PID:9028
- C:\Windows\System\DWIRMHm.exe
  C:\Windows\System\DWIRMHm.exe
  2⤵
  PID:9040
- C:\Windows\System\rViPWVr.exe
  C:\Windows\System\rViPWVr.exe
  2⤵
  PID:8316
- C:\Windows\System\vdDscAq.exe
  C:\Windows\System\vdDscAq.exe
  2⤵
  PID:8576
- C:\Windows\System\RRwobOp.exe
  C:\Windows\System\RRwobOp.exe
  2⤵
  PID:8404
- C:\Windows\System\xghcrCn.exe
  C:\Windows\System\xghcrCn.exe
  2⤵
  PID:7188
- C:\Windows\System\LgWpOQm.exe
  C:\Windows\System\LgWpOQm.exe
  2⤵
  PID:8980
- C:\Windows\System\ucrzRqI.exe
  C:\Windows\System\ucrzRqI.exe
  2⤵
  PID:8236
- C:\Windows\System\JUbvrxZ.exe
  C:\Windows\System\JUbvrxZ.exe
  2⤵
  PID:9168
- C:\Windows\System\DyRiMnq.exe
  C:\Windows\System\DyRiMnq.exe
  2⤵
  PID:7960
- C:\Windows\System\VdhTSpg.exe
  C:\Windows\System\VdhTSpg.exe
  2⤵
  PID:8436
- C:\Windows\System\ZUiaTNt.exe
  C:\Windows\System\ZUiaTNt.exe
  2⤵
  PID:9072
- C:\Windows\System\rTWfItm.exe
  C:\Windows\System\rTWfItm.exe
  2⤵
  PID:9120
- C:\Windows\System\QovPNIj.exe
  C:\Windows\System\QovPNIj.exe
  2⤵
  PID:9188
- C:\Windows\System\PCkeEiN.exe
  C:\Windows\System\PCkeEiN.exe
  2⤵
  PID:8976
- C:\Windows\System\AywLhsu.exe
  C:\Windows\System\AywLhsu.exe
  2⤵
  PID:8416
- C:\Windows\System\NyOUxfk.exe
  C:\Windows\System\NyOUxfk.exe
  2⤵
  PID:8816
- C:\Windows\System\hHJOOaA.exe
  C:\Windows\System\hHJOOaA.exe
  2⤵
  PID:8964
- C:\Windows\System\PtAmpOV.exe
  C:\Windows\System\PtAmpOV.exe
  2⤵
  PID:8848
- C:\Windows\System\jmJLayf.exe
  C:\Windows\System\jmJLayf.exe
  2⤵
  PID:8200
- C:\Windows\System\wUSbxJr.exe
  C:\Windows\System\wUSbxJr.exe
  2⤵
  PID:9232
- C:\Windows\System\aObQDVB.exe
  C:\Windows\System\aObQDVB.exe
  2⤵
  PID:9248
- C:\Windows\System\uoBuHhy.exe
  C:\Windows\System\uoBuHhy.exe
  2⤵
  PID:9268
- C:\Windows\System\vsnlPRd.exe
  C:\Windows\System\vsnlPRd.exe
  2⤵
  PID:9284
- C:\Windows\System\EiaWpUP.exe
  C:\Windows\System\EiaWpUP.exe
  2⤵
  PID:9300
- C:\Windows\System\HVFDGQa.exe
  C:\Windows\System\HVFDGQa.exe
  2⤵
  PID:9316
- C:\Windows\System\zhTyocR.exe
  C:\Windows\System\zhTyocR.exe
  2⤵
  PID:9332
- C:\Windows\System\NtMnevD.exe
  C:\Windows\System\NtMnevD.exe
  2⤵
  PID:9348
- C:\Windows\System\IQuUTof.exe
  C:\Windows\System\IQuUTof.exe
  2⤵
  PID:9364
- C:\Windows\System\DEKcZmi.exe
  C:\Windows\System\DEKcZmi.exe
  2⤵
  PID:9380
- C:\Windows\System\ZMbAdyh.exe
  C:\Windows\System\ZMbAdyh.exe
  2⤵
  PID:9396
- C:\Windows\System\gqJbetr.exe
  C:\Windows\System\gqJbetr.exe
  2⤵
  PID:9412
- C:\Windows\System\HoEgopp.exe
  C:\Windows\System\HoEgopp.exe
  2⤵
  PID:9428
- C:\Windows\System\BzgRvxC.exe
  C:\Windows\System\BzgRvxC.exe
  2⤵
  PID:9444
- C:\Windows\System\rgoFXBy.exe
  C:\Windows\System\rgoFXBy.exe
  2⤵
  PID:9460
- C:\Windows\System\IxSaNgM.exe
  C:\Windows\System\IxSaNgM.exe
  2⤵
  PID:9476
- C:\Windows\System\hPOqQpT.exe
  C:\Windows\System\hPOqQpT.exe
  2⤵
  PID:9492
- C:\Windows\System\fDbESvP.exe
  C:\Windows\System\fDbESvP.exe
  2⤵
  PID:9508
- C:\Windows\System\DoHsClL.exe
  C:\Windows\System\DoHsClL.exe
  2⤵
  PID:9528
- C:\Windows\System\uwbkWAD.exe
  C:\Windows\System\uwbkWAD.exe
  2⤵
  PID:9544
- C:\Windows\System\cFgaZen.exe
  C:\Windows\System\cFgaZen.exe
  2⤵
  PID:9560
- C:\Windows\System\ekJiDrJ.exe
  C:\Windows\System\ekJiDrJ.exe
  2⤵
  PID:9576
- C:\Windows\System\BwuugnP.exe
  C:\Windows\System\BwuugnP.exe
  2⤵
  PID:9592
- C:\Windows\System\gRODQaR.exe
  C:\Windows\System\gRODQaR.exe
  2⤵
  PID:9608
- C:\Windows\System\LcEpCmu.exe
  C:\Windows\System\LcEpCmu.exe
  2⤵
  PID:9624
- C:\Windows\System\AzmHuKy.exe
  C:\Windows\System\AzmHuKy.exe
  2⤵
  PID:9640
- C:\Windows\System\bmTgezF.exe
  C:\Windows\System\bmTgezF.exe
  2⤵
  PID:9656
- C:\Windows\System\BkrsHxR.exe
  C:\Windows\System\BkrsHxR.exe
  2⤵
  PID:9672
- C:\Windows\System\mofaYQC.exe
  C:\Windows\System\mofaYQC.exe
  2⤵
  PID:9688
- C:\Windows\System\OpBIWKs.exe
  C:\Windows\System\OpBIWKs.exe
  2⤵
  PID:9704
- C:\Windows\System\ZqbOOYj.exe
  C:\Windows\System\ZqbOOYj.exe
  2⤵
  PID:9720
- C:\Windows\System\LPMlbnQ.exe
  C:\Windows\System\LPMlbnQ.exe
  2⤵
  PID:9736
- C:\Windows\System\bPlafuu.exe
  C:\Windows\System\bPlafuu.exe
  2⤵
  PID:9752
- C:\Windows\System\GztgudM.exe
  C:\Windows\System\GztgudM.exe
  2⤵
  PID:9768
- C:\Windows\System\wYsOGWO.exe
  C:\Windows\System\wYsOGWO.exe
  2⤵
  PID:9784
- C:\Windows\System\BPUvjdg.exe
  C:\Windows\System\BPUvjdg.exe
  2⤵
  PID:9800
- C:\Windows\System\jfTzgtU.exe
  C:\Windows\System\jfTzgtU.exe
  2⤵
  PID:9816
- C:\Windows\System\vkCkXFy.exe
  C:\Windows\System\vkCkXFy.exe
  2⤵
  PID:9832
- C:\Windows\System\TAinLrt.exe
  C:\Windows\System\TAinLrt.exe
  2⤵
  PID:9848
- C:\Windows\System\MwKbdja.exe
  C:\Windows\System\MwKbdja.exe
  2⤵
  PID:9864
- C:\Windows\System\UadNuGE.exe
  C:\Windows\System\UadNuGE.exe
  2⤵
  PID:9880
- C:\Windows\System\RTcyJAQ.exe
  C:\Windows\System\RTcyJAQ.exe
  2⤵
  PID:9896
- C:\Windows\System\aOMNuVL.exe
  C:\Windows\System\aOMNuVL.exe
  2⤵
  PID:9912
- C:\Windows\System\hjfRuig.exe
  C:\Windows\System\hjfRuig.exe
  2⤵
  PID:9928
- C:\Windows\System\adsVhmY.exe
  C:\Windows\System\adsVhmY.exe
  2⤵
  PID:9944
- C:\Windows\System\lpbnyin.exe
  C:\Windows\System\lpbnyin.exe
  2⤵
  PID:9960
- C:\Windows\System\qsjnBbG.exe
  C:\Windows\System\qsjnBbG.exe
  2⤵
  PID:9976
- C:\Windows\System\RfiYIeS.exe
  C:\Windows\System\RfiYIeS.exe
  2⤵
  PID:9992
- C:\Windows\System\wWrZfOX.exe
  C:\Windows\System\wWrZfOX.exe
  2⤵
  PID:10008
- C:\Windows\System\JiXQPVc.exe
  C:\Windows\System\JiXQPVc.exe
  2⤵
  PID:10024
- C:\Windows\System\LcgHQeg.exe
  C:\Windows\System\LcgHQeg.exe
  2⤵
  PID:10040
- C:\Windows\System\TDxMCIJ.exe
  C:\Windows\System\TDxMCIJ.exe
  2⤵
  PID:10056
- C:\Windows\System\DuZElLX.exe
  C:\Windows\System\DuZElLX.exe
  2⤵
  PID:10072
- C:\Windows\System\SjrLlDd.exe
  C:\Windows\System\SjrLlDd.exe
  2⤵
  PID:10088
- C:\Windows\System\MrNEnWn.exe
  C:\Windows\System\MrNEnWn.exe
  2⤵
  PID:10104
- C:\Windows\System\AkpWyTJ.exe
  C:\Windows\System\AkpWyTJ.exe
  2⤵
  PID:10120
- C:\Windows\System\nYGBedk.exe
  C:\Windows\System\nYGBedk.exe
  2⤵
  PID:10136
- C:\Windows\System\qxXJIsR.exe
  C:\Windows\System\qxXJIsR.exe
  2⤵
  PID:10152
- C:\Windows\System\NBWRSjo.exe
  C:\Windows\System\NBWRSjo.exe
  2⤵
  PID:10168
- C:\Windows\System\kdYsWnh.exe
  C:\Windows\System\kdYsWnh.exe
  2⤵
  PID:10184
- C:\Windows\System\ztdjdqO.exe
  C:\Windows\System\ztdjdqO.exe
  2⤵
  PID:10200
- C:\Windows\System\kndVgSV.exe
  C:\Windows\System\kndVgSV.exe
  2⤵
  PID:10216
- C:\Windows\System\VqfxKly.exe
  C:\Windows\System\VqfxKly.exe
  2⤵
  PID:10232
- C:\Windows\System\zWvNWrw.exe
  C:\Windows\System\zWvNWrw.exe
  2⤵
  PID:8384
- C:\Windows\System\HemKIDZ.exe
  C:\Windows\System\HemKIDZ.exe
  2⤵
  PID:9228
- C:\Windows\System\oXrLXvK.exe
  C:\Windows\System\oXrLXvK.exe
  2⤵
  PID:9276
- C:\Windows\System\gSqelyv.exe
  C:\Windows\System\gSqelyv.exe
  2⤵
  PID:9340
- C:\Windows\System\qqzdwrf.exe
  C:\Windows\System\qqzdwrf.exe
  2⤵
  PID:9292
- C:\Windows\System\eEIhmjk.exe
  C:\Windows\System\eEIhmjk.exe
  2⤵
  PID:9296
- C:\Windows\System\eSfbtlk.exe
  C:\Windows\System\eSfbtlk.exe
  2⤵
  PID:9472
- C:\Windows\System\DlJGYNw.exe
  C:\Windows\System\DlJGYNw.exe
  2⤵
  PID:9500
- C:\Windows\System\rQDmCUE.exe
  C:\Windows\System\rQDmCUE.exe
  2⤵
  PID:9392
- C:\Windows\System\GNwtJYK.exe
  C:\Windows\System\GNwtJYK.exe
  2⤵
  PID:9516
- C:\Windows\System\iXvMgtw.exe
  C:\Windows\System\iXvMgtw.exe
  2⤵
  PID:9540
- C:\Windows\System\VlPJjmp.exe
  C:\Windows\System\VlPJjmp.exe
  2⤵
  PID:9552
- C:\Windows\System\mNUDwtA.exe
  C:\Windows\System\mNUDwtA.exe
  2⤵
  PID:9632
- C:\Windows\System\TnZfTGc.exe
  C:\Windows\System\TnZfTGc.exe
  2⤵
  PID:9588
- C:\Windows\System\rmMGqRx.exe
  C:\Windows\System\rmMGqRx.exe
  2⤵
  PID:9648
- C:\Windows\System\VqBymEd.exe
  C:\Windows\System\VqBymEd.exe
  2⤵
  PID:9712
- C:\Windows\System\XJQTceQ.exe
  C:\Windows\System\XJQTceQ.exe
  2⤵
  PID:9696
- C:\Windows\System\vagFgYm.exe
  C:\Windows\System\vagFgYm.exe
  2⤵
  PID:9760
- C:\Windows\System\piqsMjv.exe
  C:\Windows\System\piqsMjv.exe
  2⤵
  PID:9796
- C:\Windows\System\SUdAMHg.exe
  C:\Windows\System\SUdAMHg.exe
  2⤵
  PID:9812
- C:\Windows\System\xnTdeci.exe
  C:\Windows\System\xnTdeci.exe
  2⤵
  PID:9860
- C:\Windows\System\hpZTzbk.exe
  C:\Windows\System\hpZTzbk.exe
  2⤵
  PID:9876
- C:\Windows\System\nPqYrSI.exe
  C:\Windows\System\nPqYrSI.exe
  2⤵
  PID:9940
- C:\Windows\System\hmAWvdI.exe
  C:\Windows\System\hmAWvdI.exe
  2⤵
  PID:10004
- C:\Windows\System\TFymwVa.exe
  C:\Windows\System\TFymwVa.exe
  2⤵
  PID:9920
- C:\Windows\System\IaJqpMr.exe
  C:\Windows\System\IaJqpMr.exe
  2⤵
  PID:10036
- C:\Windows\System\lyWuCmN.exe
  C:\Windows\System\lyWuCmN.exe
  2⤵
  PID:8564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AFRNefc.exe

Filesize
6.0MB

MD5
dbe58a4bfb1fe7ac2e69c6dd52fa8e58

SHA1
8bd83f94235b2971bdf7c9a2af7af427a9130344

SHA256
3dfa7427509be45892cc55478c767776da265229783de73e9951a35cfd3bdff0

SHA512
2569ff43de6bd78a9bd82ec2a6c5a4618806f2af14478bd5b59fcb6c1368aa909e14fa492aee3ec92ba288159b7a2f6c5e1ad2ccd352142ef30f3d132431c8b0

Download Submit
C:\Windows\system\CCBDlIB.exe

Filesize
6.0MB

MD5
bd79feead60ef1a18817bb5841acacd7

SHA1
0e6bec702ba923c106578f7645cb20f9fc4633a9

SHA256
90c92a2b6fe7155e6c4c85e742574ac24a1db5dd37357146b38bce44ddc675ff

SHA512
a4c805cd64e092bcf9751c4c194a4547d91ce40f8207c3c74f73895d017bb68dd374cf9c96691487d5f458656c8123f90a342c25ccce0fc875f813d655360403

Download Submit
C:\Windows\system\KaXuxIJ.exe

Filesize
6.0MB

MD5
c21e537fe4637207cc40e5ed194e2344

SHA1
cf30ac632e246772b8d959485e74fa41773c5653

SHA256
904cb8a2fa1398e4364035feaac7169987d82393500df20596fa13cfff364836

SHA512
9d6f4f24325cf58e03931ccb2ddac21ccd04d1bac0a302df6107e2628e63b85ba593bbde0b11375a29a8f204c6b6fd54c43c821c54e88f8c6dd656dd96d80a73

Download Submit
C:\Windows\system\NsXVErP.exe

Filesize
6.0MB

MD5
dd97854a4efb45e994160a610d4130fa

SHA1
2f3722332509352419ebdc42bf35c72b9ecd5438

SHA256
92287db44259b8a6f70016130dd64939a5d760e29c9956aff1cda3fc92b529c4

SHA512
4415b8a83ffddff46fdc475dc2214a6978bfb2b1c08e413fc3c27b80d0e88d0ae819f368e38f31b733fb8de78c79a3a3a84e333dc62fee3e1b7c80e931fc5efc

Download Submit
C:\Windows\system\QLFOhqj.exe

Filesize
6.0MB

MD5
e84ff1929d095d8db8e5629de369ae3f

SHA1
94bad210e096c44f23cc46f49ffd93ba56b752a3

SHA256
0486e442d2c1d893b94634eb468a5ed63f152e9058c269d5427e43c7a25db816

SHA512
fcf75417eb785ec7aa79524955a001bfa1b69338092a81870762ece389b090ea2497e92de80b78307ca4e28cbaecd81fe7c209cc6d9947ac4cb07cfaea2518d0

Download Submit
C:\Windows\system\RkCQbdb.exe

Filesize
6.0MB

MD5
e0ec7b010d09717777db7297ce64b7d5

SHA1
9cf94365cc1d144a797e3ce380d2a0a2afb52719

SHA256
3be5e3bc2cf1ea3a8be733b764c90db2d31d724579ce14da0906d331e0f2ed60

SHA512
372ab5acf7598b38511ba85cefb2a6d4744088415c6d7aabb922ce91281c5fd337829b377aa33ec67b591b023b90490c89648cf05253cb19f08c6833a0deab5b

Download Submit
C:\Windows\system\TKTRyQX.exe

Filesize
6.0MB

MD5
4e962dcd600ad162d19a2f1698715518

SHA1
6987c3cb82ad076f6c870f5cf6651bcad2c5a90a

SHA256
8439e649fc3cde317cb0a8745aa5d93d46c9c38ea08a62b4f2c49c3daf9d0111

SHA512
dca0826172350941e3450d2479691db57fe9b10e991d938a14f96170dc77824e1676f3f858906b0c61e306016a83d086e54b689280b0f80ea000432f8c70c62d

Download Submit
C:\Windows\system\VdqNELx.exe

Filesize
6.0MB

MD5
020397c07f1e137d9d03de8efb65f658

SHA1
ee930cda0b79f39ba39ad594ed872b97587fd5f1

SHA256
2cb913a12dc9c2c970963c80b4f98fe60acfa7b2c2138089d3a12cedefb72f0a

SHA512
a89b60ac034ac58b0d49b6f1424e31e36cf583115017f07133d4533a35870210ac68b975fb59d365366b00e74d67a096ce23e35e7418031002a64ff6ec215d66

Download Submit
C:\Windows\system\VpvTOjl.exe

Filesize
6.0MB

MD5
5e65845837f40ae03421c19adcc4b981

SHA1
75323cd09203157cc34364fdac6ce7fa0f743162

SHA256
37ac116ceeca574fab9197255b995fd3c04d18942b422b5f7010c312a442ce02

SHA512
7047df0ebafe13f7dc18ff25679876a927c480a94c2e665dc6f5a349fa4cf1db2a9d9efd99695b20687eab2cc58312a325ec48afcbe1cf3dbceff232295d17f7

Download Submit
C:\Windows\system\WYSELBN.exe

Filesize
6.0MB

MD5
2ab4b409fd51e03fc0111b2a08f24d77

SHA1
34c8d5dbc0236bb1f96ebd49814e37a568bf5b89

SHA256
919154e331d0572b5d6592151fb1e5ad52072bf9ada03e0ae8ee211a2b656514

SHA512
3f088c3aced8244e20e4e49f1c438f33d7b67da13fbab7380fd3e129f9b87e93ffac2ac2b67074e70c045d5f5b7e83378d1d100d9d66b75c8bd8e7725b605b7e

Download Submit
C:\Windows\system\WZohgwS.exe

Filesize
6.0MB

MD5
c98f24a3d50b0076aba515a8eb75b7f6

SHA1
bf3e46f0537b1efcd97dbbee29f5c30ac62f1ed8

SHA256
084da4471157db5f0f3ad28d4da14bbda18eaee0d78ee86da8f604b79bdccecb

SHA512
b4995eb79b98b8bc3dcb157542e380696e09aca785f6296be7c0548c9bc4e27d203d8d42e0dbfea048e74e61cc155d0d6c189f8538cf40a6a274771aecf60756

Download Submit
C:\Windows\system\alRLPFB.exe

Filesize
6.0MB

MD5
45ab6ad61320b1e16ca91e30b73376de

SHA1
2cec09ba2f3423475b4cf77a568ae4286506ceb3

SHA256
aa2c6ae2c5d57b654a23d8dc3b3a602b0c087f23e410f43b0e8bf53ea12f79b7

SHA512
27afcc119091fa01e1fac655ce08ab17a762a39770cacc85c43e2d02e27fccfbb313a79e75f3db09f9ca5dcdc4ae4cd4af8a7c3e1ab3445efe09c56280dcc8ba

Download Submit
C:\Windows\system\dPuPBpY.exe

Filesize
6.0MB

MD5
509be1ee6955e744900fe96bffac9b8b

SHA1
f95ec71357a1d8a271b73232e48fb76a74519dda

SHA256
b5b1cd99c71e21a902c7d006a5f2cfb08a37b9f5b62e9bbd0a07b3235a0f1cc7

SHA512
99a1492e1d862dfbfde9adf9b6ce5c984d3c33eec2a1aa679ba634fb0a03b73b4dfb440a16fdfb8a553401a26f76a63302ab69d7389d8672a77e042e050a90f0

Download Submit
C:\Windows\system\jQEszRo.exe

Filesize
6.0MB

MD5
64f9cb731e27349d73b56cf0ba3817dc

SHA1
240c5844cbfd0deb72711b721ece9c86a38e954a

SHA256
5d55a41c6aa958a569f274a6dc6282f70bf42df4bd0d6704d02a43fa8b12c2aa

SHA512
13fd614659937eade362ab3870030f1fb22fdc3221f6227c1a908d813db39cf0695f0aba0440f44b8e361edeceab824743929fde4c5b1291c40edbec6c8fc974

Download Submit
C:\Windows\system\jQYVIqY.exe

Filesize
6.0MB

MD5
f36d94812e1109b18eb38bdede2767a7

SHA1
248c44d03d43348ac57cdc514f1edb7684f1e5af

SHA256
012d4f4822038477ad17a531485e5ae41c1ac2dca7204b2b05bb1f95fb41d31f

SHA512
985eb3560b8946e07faf10b7a2018600d2f1202039880fe8631fa90d633fd7e1cfa7565286f82b0c4fb272a4745328de321616a238e1bdd6bdb5ca4553b5ef2f

Download Submit
C:\Windows\system\jxqyIFs.exe

Filesize
6.0MB

MD5
ce7cbe61ba6d46e228906dd8f27b7eb1

SHA1
88cd0f15aa863c49ba802d3cd31a8c8c633c638f

SHA256
5c2500054a3be2075e7933bd8ae4557a6fdd22a1547720bfa20bfb4b4169abde

SHA512
9ac6ebf49182573dc008a818db8bd935c71e431e84c170be7b7fa55710f61b55817fb7fb0dff273d230a048ecc0670b30e6f4f52b98bcccf3aa36f050b706a1e

Download Submit
C:\Windows\system\kOMrAVV.exe

Filesize
6.0MB

MD5
c3d06922e0bc98a3bd9d3f066ce35e3e

SHA1
b0a04db0289aeb663c55b236d3ab1edab4c9d1e4

SHA256
8c8bea32c8dec4b65955a6f4a79914f8ac0404fe9f88038141a19237fedcb5f0

SHA512
0180386a80871d9f82cf5409c4293a9900d92f90c1ab07f72a2de70e1d61ef7abd64d3e54189a6d3b5bf1ed893f9a0b4fc1132de00dd11f6bdca89afdbf163ce

Download Submit
C:\Windows\system\kPCqmFb.exe

Filesize
6.0MB

MD5
8130b1d0eecef79a47f31f14d3f0469a

SHA1
a9e29f46c9e152613d2207e551a80b2ba05a4fbe

SHA256
72e275a127284afc76d5093e825d78a87532a602aba183997632ecbb24091e8c

SHA512
fb204bfe69681d713f343a3bce6a9f648209a4304f62df3d31ac3c5a2013dbaf92d1459d51c66d2635375449bd8545f368212586cd86281cdacfe3eafdd2345e

Download Submit
C:\Windows\system\lDINNWV.exe

Filesize
6.0MB

MD5
3757f0d8b001b7737d604f8331b9d64a

SHA1
10c14aa1628e463264a66c2c8b16cce554ba31d5

SHA256
d72fbddd744f0947017788821e6f0f9fdf8e14e18bd29baa2c50ad13fc532cff

SHA512
4de0801bb0c1d7e66102f5448c57b703bbaeacd2aea3f3c14e6a4c7facf18e5f0ce8c7612f2e44c8857e55771777a2aff09f1aba8815cd84acad9cf37cb86548

Download Submit
C:\Windows\system\lpwkfQj.exe

Filesize
6.0MB

MD5
d11939818a4cca22ba5496f278f0eb60

SHA1
54782fdfa9143d370e7695a726fbe9b406d25f61

SHA256
34fce5517b73e87d1ba2907475c03bdd3a16c679a377a5281d752f79dab80d8b

SHA512
7798f93a1bcbfc32770c820b78b975444812ad464d3373e2a52440c8ceddf5ca4e6ac53b509a28b8992ff3af508e020a385ac5012ecf9604250efc39d6ea07ae

Download Submit
C:\Windows\system\qbxCHJJ.exe

Filesize
6.0MB

MD5
79fbbe238e7d6e3b0e68e4da25ed4793

SHA1
359040ad9995317aaef7b0a2381c988b966e8962

SHA256
adb1e5325990a90d8e52bb63d32be743fd94dcc66521a1fbcd388f34f373aaa8

SHA512
ce3778488d6d630bd9e82e2bab5b415f21963d0f4c363d9c7a349ff399c0e074666da5e43757246bade416328e0372a15b6d569d0f2fd4ade65c26bfdec04886

Download Submit
C:\Windows\system\qiKwJgO.exe

Filesize
6.0MB

MD5
0fba172480c76f6624832674800485ef

SHA1
a037c4fb05956c251fe596847d8eea731e0d311d

SHA256
e4b6f2e087ef8aceb855a502f088710c3db146d9fe0acc80670db43b3e540975

SHA512
5995b519edbb9f90c318bab1b9293a9449edc809431813ed2b9add892d163cab2c5f208f6ee2949dc11ac4885d8e5dadc377c9fde96e1fd1d8a30073053994a6

Download Submit
C:\Windows\system\rTBkFkJ.exe

Filesize
6.0MB

MD5
d86e181d0bcae08cb3880d39eac8bad3

SHA1
318e313e39d4983da14e63fc839bdfdcc47787fe

SHA256
73bdd7be9e525e95042d5bcccd720ea9453f00fe3b856f7474431af02e97c86f

SHA512
3c384329b1326d804bd1666ebeb6b4980c7b54a497a14100e2126d8b4086599cb48053388ba74e7293145195faba910bd1a8cf3e745b02fcf6df1dd8ae3076cf

Download Submit
C:\Windows\system\udZrtaz.exe

Filesize
6.0MB

MD5
f64d37edb2b699ae8310a93133c7c96f

SHA1
7be321970c542978bf24aba89bd80bf0108d57c7

SHA256
dd8e56f8eb2fa318411d471dbca1605ba2196433ec21285ceb893d6216bfd423

SHA512
14810a4b4857d4c229c0e3277f949df345a752d9bb61115f2da857c0d4147225955733dff6cffed80e20cb687bcc9ac6575aa4b6e8047bbf22c40cc2fb8bb0ec

Download Submit
C:\Windows\system\xanmYjf.exe

Filesize
6.0MB

MD5
49b40021685dea3a738b71d8f6107833

SHA1
c6151ac24e5177367876a800a33b692037749547

SHA256
2513f200e74f691f5bfb63e73d8a2b0bb88dc562fb46836a2334accafe69e4e6

SHA512
b2159b8ff6e900cd43ddd0b81709d40ce9a78da75b72fc719e302ef106aad64f20d6480450b7d3bc660e3aafc0fdc2879429d1758123b1c8f71f1719c21ec060

Download Submit
\Windows\system\JgkbCde.exe

Filesize
6.0MB

MD5
cb9282e816a5b0c0e43d48d7ce9730f5

SHA1
300cfff01c9d714a9bd8695acc1dad854e4f95fb

SHA256
857fc69884a542a41cd8e80a13c23215cf8392f03a0dab19facc63751eddc5f4

SHA512
c8335e5c0d8911c5d6b91268593c1791cb1203988c760b503077d9c677ccf66470f69c22a861a2d6af90c632f2344f71cdf559c00f8c9597c2c22ec22c39cbab

Download Submit
\Windows\system\RzqWSnI.exe

Filesize
6.0MB

MD5
6d40987773721be82bd202d4805449c8

SHA1
79fa84c51d9f31be544ec3aae46bc8774cedbe8d

SHA256
df65bfb84f01b48b52963ff31f25eff6bdd7f786c261fc0647ff4a2942cb0c6d

SHA512
50bbdec4e837ce5bceadeb5733ac6b602ee1426d5414b5b59fe331c5e1a4b4a092b39f6a78478c0aa54b56554ad73e2d4e52584c3bde4c034f89aece9fbfc57d

Download Submit
\Windows\system\XavLarm.exe

Filesize
6.0MB

MD5
bfebbb4fd849f4c4d2ed2a2e1f955702

SHA1
434c8c13c6a76a25d17d422d9fce586141f29df3

SHA256
2a59aff8571304a784b570d18a2fc707ecedfeae42e64ddc748d3d7afdac61df

SHA512
5b557ca97267cce9bcc510de0c5fd37cb9e450dcc852fddb2f2a6fccd016d4d3fc619b11365bdfc85311b2526d7a49746cdd8ad79c90b66a8938c8c1c4ff8ad4

Download Submit
\Windows\system\ZqZzODL.exe

Filesize
6.0MB

MD5
f6b7364db8d811dad378a9083502b4e4

SHA1
88b70052802bc7968d810e521871f4de2fc9bc1c

SHA256
7be76494f7671fd496879dd97b6064f8b8e9c3a2343a9eb6da3ca1b1431109a9

SHA512
d7e02f83e338241e993cc401c60bf5125efb678f690647ae4d71e7babe78f34463c046e5e9a5e31f5628922c4df3a3c42ebe3d5fd63a5eeb32797e1a9a9aa6a0

Download Submit
\Windows\system\ZsjgPEZ.exe

Filesize
6.0MB

MD5
53db2f740df8eb3ddeef746f767d583c

SHA1
703e6cf5a87a6babb97a376d4bb5ac50843eb055

SHA256
2e2a50f13f39462208e58f69df6ac4d2579de99f6211b20fe9a9e2db90170171

SHA512
20d169c53fdb8eb35e66eb322cee775ec66816f8071e5e20127ad94e888ab32bb5760d9f240383fef43e331471a00dbd69a901368de04a2331929dd88ee5ea54

Download Submit
\Windows\system\iBdxkXj.exe

Filesize
6.0MB

MD5
0dd37df896f7d1acf1476fab7b9b5c27

SHA1
8928864830ca1bbb626101f22b2eb0e8b4b3e1ba

SHA256
1472cefd3afc5a56d308ff67a0da4480fb503e3685c173e77914c296645a14e4

SHA512
761f76e7f0d0d19aebfcc0f8bff871906a8873c3f9a0585bc77c10f091111e6d16d89e37d54c459a6cf08433929af4043409d3174ecfd34426ee66853bb5b840

Download Submit
\Windows\system\qxxAbIG.exe

Filesize
6.0MB

MD5
4536b3ca21d690a9a8c30d05fb28727c

SHA1
0523438ab436989bae6fd311829ba91e42b416b1

SHA256
04345702d4aa6a74e9bc3d0bbd516e7cde1c2cff3c73e11e08e802e3bbecacf0

SHA512
5278c8ae23472af124d901e122f758440e2e023a7dc039cebfe7b723381685618f051fb9b5ea4c57f81be886823cfceae97209ba40be0ce7cb6da84f24d4afd4

Download Submit
\Windows\system\qyNdvdR.exe

Filesize
6.0MB

MD5
bd111ed2ef8c0bf284cbfdfa7fd9f8b7

SHA1
d019384e57e6fb99508c7434719adfe142ffbea0

SHA256
4ec271bf25d8746d8fe2ec63de730819495f29fc110d845c3b11e60a9375f0c0

SHA512
c922074727f99163623e6bc377986c25acae797e48f64b21d79a9bdf8e8a498079f52ff4dc417123eb9f55904d2da6d1afcdcea150d75777bf5cdaf0471d88e2

Download Submit
\Windows\system\rGOMJWM.exe

Filesize
6.0MB

MD5
66b504b4d9714af06600df6b7bfcddde

SHA1
1f22535b2bae73c0f0432d3818a9ed2dab60d23e

SHA256
9761d5b2e1d4c281d44459290a8b6bf31f38cc6fdad8a7975e1f41ad36238453

SHA512
effe7fa4304035d45468da3cb1b9e16446b75ff32213d14f025bd931a54c6c02b4e7a0f2f1998e143de7544ebf993c34d7779563f101cddd4ea40a995ed44c95

Download Submit
\Windows\system\uaEzOQX.exe

Filesize
6.0MB

MD5
b75776ae7a693c0ffaf340e96ce8bb73

SHA1
09676e42b1ad39d60805ca8d1900e704ba6c8d33

SHA256
e454816515c61011056a76986f15293f442d50fc25f06476f655e4bf33a066f6

SHA512
589f30f6328ef5d8b3f0d9ad91d9935dc03e8c095022abd8941f38c96e688894842aa8d7fe17357f6d4de34c3124c47b5b47e5a897d99f31192a96faf05e84c5

Download Submit
\Windows\system\wAnbBLQ.exe

Filesize
6.0MB

MD5
544408c5b6e30541f3e9f947952299bd

SHA1
da83f3cb7bbf8db1391cf1a498c95c330a231a10

SHA256
73f5e06835c4a15e4aaa85bece93b981a467cec3ab325a1c2ea1c6d55ed60387

SHA512
f907dc57ed3438529ea9d5b045e4232bfc815e0334706af43915c172f5567b61b63243f42c0aa0bacf6fd7d76e28fab3dfd70202505ce74c79f9bee3917ad034

Download Submit
memory/276-195-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/276-3742-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1856-3743-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-187-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-3684-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2008-147-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2196-3717-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2196-189-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2212-198-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-182-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-188-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2212-186-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-204-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1098-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2212-171-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1233-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-208-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1342-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2212-151-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1341-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1340-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-113-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2212-146-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-0-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2212-157-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-165-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2212-192-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2212-176-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-207-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-3716-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-3744-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2548-179-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3693-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-185-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-161-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3719-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-154-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3753-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3718-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2716-175-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2736-170-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3745-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3720-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-209-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3741-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2816-142-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/3012-3694-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-201-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download