cobaltstrike | 174ebd18d68ac77be2eb3d8e08d7fe6fe5328be783fc9789e00dafc0719854de

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-12-2024 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

faf2688913e07881da2f060a2a4198e6
SHA1

565bc5e67416286b0c46bb03a933d3e5c64d0139
SHA256

174ebd18d68ac77be2eb3d8e08d7fe6fe5328be783fc9789e00dafc0719854de
SHA512

f38212674232e8f05692eb0127509cdcf187219a29a78707d62ba0128512e76249e8c545e471075f8d0131679c2fe9303753c97d7e7eac869991a196db773209
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU2:T+q56utgpPF8u/72

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000700000001211a-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d36-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d3e-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d46-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d96-31.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd1-39.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018792-42.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019256-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-98.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001928c-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019397-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a5-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019353-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019356-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019423-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936b-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-78.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-74.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-70.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-62.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-58.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-54.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d9a-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd1-18.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cfc-17.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2100-0-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x000700000001211a-3.dat	xmrig
behavioral1/files/0x0007000000016d36-12.dat	xmrig
behavioral1/files/0x0007000000016d3e-20.dat	xmrig
behavioral1/files/0x0007000000016d46-26.dat	xmrig
behavioral1/files/0x0007000000016d96-31.dat	xmrig
behavioral1/files/0x0008000000016dd1-39.dat	xmrig
behavioral1/files/0x0006000000018792-42.dat	xmrig
behavioral1/files/0x00060000000190e0-66.dat	xmrig
behavioral1/files/0x0005000000019256-86.dat	xmrig
behavioral1/files/0x0005000000019266-98.dat	xmrig
behavioral1/files/0x000500000001928c-104.dat	xmrig
behavioral1/memory/2100-173-0x00000000023D0000-0x0000000002724000-memory.dmp	xmrig
behavioral1/memory/2100-826-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/1688-195-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2524-193-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2872-191-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2744-189-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2808-188-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2912-186-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2100-185-0x00000000023D0000-0x0000000002724000-memory.dmp	xmrig
behavioral1/memory/2724-184-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2712-182-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2100-181-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2852-180-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2868-178-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2752-176-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2256-174-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/1732-172-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2400-171-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/files/0x0005000000019426-159.dat	xmrig
behavioral1/files/0x0005000000019397-154.dat	xmrig
behavioral1/files/0x00050000000193a5-124.dat	xmrig
behavioral1/files/0x000500000001937b-118.dat	xmrig
behavioral1/files/0x0005000000019353-113.dat	xmrig
behavioral1/files/0x0005000000019356-110.dat	xmrig
behavioral1/files/0x0005000000019438-162.dat	xmrig
behavioral1/files/0x0005000000019423-157.dat	xmrig
behavioral1/files/0x000500000001936b-117.dat	xmrig
behavioral1/files/0x0005000000019284-102.dat	xmrig
behavioral1/files/0x0005000000019263-94.dat	xmrig
behavioral1/files/0x0005000000019259-90.dat	xmrig
behavioral1/files/0x0005000000019244-82.dat	xmrig
behavioral1/files/0x000500000001922c-78.dat	xmrig
behavioral1/files/0x00050000000191ff-74.dat	xmrig
behavioral1/files/0x00050000000191d4-70.dat	xmrig
behavioral1/files/0x00060000000190ce-62.dat	xmrig
behavioral1/files/0x000600000001903b-58.dat	xmrig
behavioral1/files/0x0006000000018f53-54.dat	xmrig
behavioral1/files/0x0006000000018c26-50.dat	xmrig
behavioral1/files/0x0006000000018c1a-46.dat	xmrig
behavioral1/files/0x0007000000016d9a-35.dat	xmrig
behavioral1/files/0x0007000000016cd1-18.dat	xmrig
behavioral1/files/0x0009000000016cfc-17.dat	xmrig
behavioral1/memory/2808-3876-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2524-3877-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/1732-3875-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2872-3878-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/1688-3879-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2400-3880-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2256-4141-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2744-4142-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2868-4143-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2712-4145-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2524	rkMiDAj.exe
1688	khbXnXj.exe
2400	ttSVGOE.exe
1732	kuemLuX.exe
2256	CQpedmM.exe
2752	MOZXiEK.exe
2868	dlngvNE.exe
2852	gUJHOhk.exe
2712	LlUqDJV.exe
2724	cjCHcrW.exe
2912	hfJiNxo.exe
2808	jiOncbg.exe
2744	mOnhjzy.exe
2872	EtDNAne.exe
2600	nhUKncJ.exe
2668	LYwEqRL.exe
3064	eKwrCbd.exe
2124	DZGNhDv.exe
1700	nLzYtfV.exe
984	kwDvVoJ.exe
1788	HNZkPSx.exe
272	UpzfLcG.exe
2932	jYAHJim.exe
2136	tsceHZM.exe
2364	qtEdLLE.exe
1644	VMgQojs.exe
2976	jDddoNR.exe
536	SSAZhRW.exe
1124	JuxwEqY.exe
692	XoPSQpo.exe
1368	vzggUSP.exe
1080	ysvbFPc.exe
1752	PxAIgcW.exe
2952	CMvIgGz.exe
2708	HuaIhHy.exe
3016	QLkcjXh.exe
1784	AKqXdQb.exe
2948	UZKdhWe.exe
1276	tIJAdTu.exe
1852	eHZBmXf.exe
768	BULOsbq.exe
1316	woNPJOc.exe
1028	CKslatu.exe
2180	sPEDvGI.exe
3048	QkFNloI.exe
1552	qIHuGDk.exe
344	HpsTMEO.exe
2240	nFWrhic.exe
2132	csEjHlc.exe
1968	SGdDHHV.exe
548	ULqCMIC.exe
1628	pdXPUvs.exe
2164	RbrwsEt.exe
2412	DwAeeMz.exe
1880	KfEoJZA.exe
1560	fWUHqCm.exe
1708	WCaPmOc.exe
1572	PTYovwP.exe
2076	PFmDufM.exe
1924	khWEbpo.exe
2920	ZoJPTVK.exe
2892	jDwfgCd.exe
2612	tTQreEF.exe
2640	MiwZRiV.exe

Loads dropped DLL 64 IoCs

pid	Process
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2100-0-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/files/0x000700000001211a-3.dat	upx
behavioral1/files/0x0007000000016d36-12.dat	upx
behavioral1/files/0x0007000000016d3e-20.dat	upx
behavioral1/files/0x0007000000016d46-26.dat	upx
behavioral1/files/0x0007000000016d96-31.dat	upx
behavioral1/files/0x0008000000016dd1-39.dat	upx
behavioral1/files/0x0006000000018792-42.dat	upx
behavioral1/files/0x00060000000190e0-66.dat	upx
behavioral1/files/0x0005000000019256-86.dat	upx
behavioral1/files/0x0005000000019266-98.dat	upx
behavioral1/files/0x000500000001928c-104.dat	upx
behavioral1/memory/2100-826-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/1688-195-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2524-193-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2872-191-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2744-189-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2808-188-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2912-186-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2724-184-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2712-182-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2852-180-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2868-178-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2752-176-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2256-174-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/1732-172-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2400-171-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x0005000000019426-159.dat	upx
behavioral1/files/0x0005000000019397-154.dat	upx
behavioral1/files/0x00050000000193a5-124.dat	upx
behavioral1/files/0x000500000001937b-118.dat	upx
behavioral1/files/0x0005000000019353-113.dat	upx
behavioral1/files/0x0005000000019356-110.dat	upx
behavioral1/files/0x0005000000019438-162.dat	upx
behavioral1/files/0x0005000000019423-157.dat	upx
behavioral1/files/0x000500000001936b-117.dat	upx
behavioral1/files/0x0005000000019284-102.dat	upx
behavioral1/files/0x0005000000019263-94.dat	upx
behavioral1/files/0x0005000000019259-90.dat	upx
behavioral1/files/0x0005000000019244-82.dat	upx
behavioral1/files/0x000500000001922c-78.dat	upx
behavioral1/files/0x00050000000191ff-74.dat	upx
behavioral1/files/0x00050000000191d4-70.dat	upx
behavioral1/files/0x00060000000190ce-62.dat	upx
behavioral1/files/0x000600000001903b-58.dat	upx
behavioral1/files/0x0006000000018f53-54.dat	upx
behavioral1/files/0x0006000000018c26-50.dat	upx
behavioral1/files/0x0006000000018c1a-46.dat	upx
behavioral1/files/0x0007000000016d9a-35.dat	upx
behavioral1/files/0x0007000000016cd1-18.dat	upx
behavioral1/files/0x0009000000016cfc-17.dat	upx
behavioral1/memory/2808-3876-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2524-3877-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/1732-3875-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2872-3878-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/1688-3879-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2400-3880-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2256-4141-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2744-4142-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2868-4143-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2712-4145-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2912-4144-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2752-4147-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2724-4146-0x000000013FE10000-0x0000000140164000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\IYnNurO.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDiSVTf.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRdEOcj.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FyAPMTb.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XtiThrI.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FORHrhw.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whQQjYn.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lcMAxTB.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdDoNPC.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wXMixTr.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uWJjBsm.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kuemLuX.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNVrdbF.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JGlMZSY.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnkRdZU.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qZlBexr.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rykLKCq.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oCbKHqN.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MOZXiEK.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DsaRCLB.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iKgaNam.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SeCgHwi.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NZqSPcC.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QXUUNzv.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhnITPM.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhhiiXa.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YbSmaLF.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sJLvpzm.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mJriJWm.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdCGuHO.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFqShiS.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LSjRVuz.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOnhjzy.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKqXdQb.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNdyGdK.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nDezqAI.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\skigCLj.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYMCowj.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dxLPjKQ.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYEnEYD.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LXCSIkI.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ferksIH.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LqhlUVo.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yBMiZEh.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qUhRLov.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HEfOpOK.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kfGxqcY.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WJTHUXn.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tjxsFzg.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JUTEywY.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMZzXHB.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hZLcLtQ.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xxAohfj.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kjDiqiV.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AimFbFF.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mqPOQQa.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lTyLdLs.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UiuOZyA.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SNguCtP.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PFcdxFM.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zDVOTlo.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UZbyspX.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HPiKTEZ.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FPNEmOA.exe	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2524	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2100 wrote to memory of 2524	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2100 wrote to memory of 2524	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2100 wrote to memory of 2400	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2100 wrote to memory of 2400	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2100 wrote to memory of 2400	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2100 wrote to memory of 1688	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2100 wrote to memory of 1688	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2100 wrote to memory of 1688	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2100 wrote to memory of 1732	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2100 wrote to memory of 1732	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2100 wrote to memory of 1732	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2100 wrote to memory of 2256	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2100 wrote to memory of 2256	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2100 wrote to memory of 2256	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2100 wrote to memory of 2752	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2100 wrote to memory of 2752	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2100 wrote to memory of 2752	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2100 wrote to memory of 2868	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2100 wrote to memory of 2868	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2100 wrote to memory of 2868	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2100 wrote to memory of 2852	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2100 wrote to memory of 2852	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2100 wrote to memory of 2852	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2100 wrote to memory of 2712	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2100 wrote to memory of 2712	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2100 wrote to memory of 2712	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2100 wrote to memory of 2724	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2100 wrote to memory of 2724	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2100 wrote to memory of 2724	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2100 wrote to memory of 2912	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2100 wrote to memory of 2912	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2100 wrote to memory of 2912	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2100 wrote to memory of 2808	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2100 wrote to memory of 2808	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2100 wrote to memory of 2808	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2100 wrote to memory of 2744	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2100 wrote to memory of 2744	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2100 wrote to memory of 2744	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2100 wrote to memory of 2872	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2100 wrote to memory of 2872	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2100 wrote to memory of 2872	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2100 wrote to memory of 2600	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2100 wrote to memory of 2600	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2100 wrote to memory of 2600	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2100 wrote to memory of 2668	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2100 wrote to memory of 2668	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2100 wrote to memory of 2668	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2100 wrote to memory of 3064	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2100 wrote to memory of 3064	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2100 wrote to memory of 3064	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2100 wrote to memory of 2124	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2100 wrote to memory of 2124	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2100 wrote to memory of 2124	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2100 wrote to memory of 1700	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2100 wrote to memory of 1700	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2100 wrote to memory of 1700	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2100 wrote to memory of 984	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2100 wrote to memory of 984	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2100 wrote to memory of 984	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2100 wrote to memory of 1788	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2100 wrote to memory of 1788	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2100 wrote to memory of 1788	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2100 wrote to memory of 272	2100	2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-28_faf2688913e07881da2f060a2a4198e6_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\System\rkMiDAj.exe
  C:\Windows\System\rkMiDAj.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\ttSVGOE.exe
  C:\Windows\System\ttSVGOE.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\khbXnXj.exe
  C:\Windows\System\khbXnXj.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\kuemLuX.exe
  C:\Windows\System\kuemLuX.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\CQpedmM.exe
  C:\Windows\System\CQpedmM.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\MOZXiEK.exe
  C:\Windows\System\MOZXiEK.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\dlngvNE.exe
  C:\Windows\System\dlngvNE.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\gUJHOhk.exe
  C:\Windows\System\gUJHOhk.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\LlUqDJV.exe
  C:\Windows\System\LlUqDJV.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\cjCHcrW.exe
  C:\Windows\System\cjCHcrW.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\hfJiNxo.exe
  C:\Windows\System\hfJiNxo.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\jiOncbg.exe
  C:\Windows\System\jiOncbg.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\mOnhjzy.exe
  C:\Windows\System\mOnhjzy.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\EtDNAne.exe
  C:\Windows\System\EtDNAne.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\nhUKncJ.exe
  C:\Windows\System\nhUKncJ.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\LYwEqRL.exe
  C:\Windows\System\LYwEqRL.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\eKwrCbd.exe
  C:\Windows\System\eKwrCbd.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\DZGNhDv.exe
  C:\Windows\System\DZGNhDv.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\nLzYtfV.exe
  C:\Windows\System\nLzYtfV.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\kwDvVoJ.exe
  C:\Windows\System\kwDvVoJ.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\HNZkPSx.exe
  C:\Windows\System\HNZkPSx.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\UpzfLcG.exe
  C:\Windows\System\UpzfLcG.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\jYAHJim.exe
  C:\Windows\System\jYAHJim.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\tsceHZM.exe
  C:\Windows\System\tsceHZM.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\qtEdLLE.exe
  C:\Windows\System\qtEdLLE.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\ysvbFPc.exe
  C:\Windows\System\ysvbFPc.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\VMgQojs.exe
  C:\Windows\System\VMgQojs.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\PxAIgcW.exe
  C:\Windows\System\PxAIgcW.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\jDddoNR.exe
  C:\Windows\System\jDddoNR.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\CMvIgGz.exe
  C:\Windows\System\CMvIgGz.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\SSAZhRW.exe
  C:\Windows\System\SSAZhRW.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\HuaIhHy.exe
  C:\Windows\System\HuaIhHy.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\JuxwEqY.exe
  C:\Windows\System\JuxwEqY.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\QLkcjXh.exe
  C:\Windows\System\QLkcjXh.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\XoPSQpo.exe
  C:\Windows\System\XoPSQpo.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\AKqXdQb.exe
  C:\Windows\System\AKqXdQb.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\vzggUSP.exe
  C:\Windows\System\vzggUSP.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\UZKdhWe.exe
  C:\Windows\System\UZKdhWe.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\tIJAdTu.exe
  C:\Windows\System\tIJAdTu.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\BULOsbq.exe
  C:\Windows\System\BULOsbq.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\eHZBmXf.exe
  C:\Windows\System\eHZBmXf.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\woNPJOc.exe
  C:\Windows\System\woNPJOc.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\CKslatu.exe
  C:\Windows\System\CKslatu.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\sPEDvGI.exe
  C:\Windows\System\sPEDvGI.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\QkFNloI.exe
  C:\Windows\System\QkFNloI.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\qIHuGDk.exe
  C:\Windows\System\qIHuGDk.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\HpsTMEO.exe
  C:\Windows\System\HpsTMEO.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\nFWrhic.exe
  C:\Windows\System\nFWrhic.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\csEjHlc.exe
  C:\Windows\System\csEjHlc.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\SGdDHHV.exe
  C:\Windows\System\SGdDHHV.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\ULqCMIC.exe
  C:\Windows\System\ULqCMIC.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\pdXPUvs.exe
  C:\Windows\System\pdXPUvs.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\RbrwsEt.exe
  C:\Windows\System\RbrwsEt.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\DwAeeMz.exe
  C:\Windows\System\DwAeeMz.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\KfEoJZA.exe
  C:\Windows\System\KfEoJZA.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\fWUHqCm.exe
  C:\Windows\System\fWUHqCm.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\WCaPmOc.exe
  C:\Windows\System\WCaPmOc.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\PTYovwP.exe
  C:\Windows\System\PTYovwP.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\PFmDufM.exe
  C:\Windows\System\PFmDufM.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\khWEbpo.exe
  C:\Windows\System\khWEbpo.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\ZoJPTVK.exe
  C:\Windows\System\ZoJPTVK.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\jDwfgCd.exe
  C:\Windows\System\jDwfgCd.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\tTQreEF.exe
  C:\Windows\System\tTQreEF.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\MiwZRiV.exe
  C:\Windows\System\MiwZRiV.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\MpfbiAu.exe
  C:\Windows\System\MpfbiAu.exe
  2⤵
  PID:2816
- C:\Windows\System\UROiHjc.exe
  C:\Windows\System\UROiHjc.exe
  2⤵
  PID:2624
- C:\Windows\System\BzkUgNd.exe
  C:\Windows\System\BzkUgNd.exe
  2⤵
  PID:2776
- C:\Windows\System\EYyNoLt.exe
  C:\Windows\System\EYyNoLt.exe
  2⤵
  PID:1716
- C:\Windows\System\zICHYcC.exe
  C:\Windows\System\zICHYcC.exe
  2⤵
  PID:2024
- C:\Windows\System\sNVrdbF.exe
  C:\Windows\System\sNVrdbF.exe
  2⤵
  PID:1712
- C:\Windows\System\drFJikz.exe
  C:\Windows\System\drFJikz.exe
  2⤵
  PID:2936
- C:\Windows\System\mpgVdhL.exe
  C:\Windows\System\mpgVdhL.exe
  2⤵
  PID:2564
- C:\Windows\System\cLAYOpX.exe
  C:\Windows\System\cLAYOpX.exe
  2⤵
  PID:2460
- C:\Windows\System\CqVyZQU.exe
  C:\Windows\System\CqVyZQU.exe
  2⤵
  PID:928
- C:\Windows\System\HczMged.exe
  C:\Windows\System\HczMged.exe
  2⤵
  PID:1608
- C:\Windows\System\ZVZVOkb.exe
  C:\Windows\System\ZVZVOkb.exe
  2⤵
  PID:772
- C:\Windows\System\INcieje.exe
  C:\Windows\System\INcieje.exe
  2⤵
  PID:584
- C:\Windows\System\WwYbWYo.exe
  C:\Windows\System\WwYbWYo.exe
  2⤵
  PID:1988
- C:\Windows\System\JJSNUKG.exe
  C:\Windows\System\JJSNUKG.exe
  2⤵
  PID:1076
- C:\Windows\System\BTmVuKn.exe
  C:\Windows\System\BTmVuKn.exe
  2⤵
  PID:3012
- C:\Windows\System\VVzVEgt.exe
  C:\Windows\System\VVzVEgt.exe
  2⤵
  PID:1524
- C:\Windows\System\cJTaFIF.exe
  C:\Windows\System\cJTaFIF.exe
  2⤵
  PID:1792
- C:\Windows\System\UkwxzGv.exe
  C:\Windows\System\UkwxzGv.exe
  2⤵
  PID:1736
- C:\Windows\System\MiCoGoe.exe
  C:\Windows\System\MiCoGoe.exe
  2⤵
  PID:1356
- C:\Windows\System\aFGQLeY.exe
  C:\Windows\System\aFGQLeY.exe
  2⤵
  PID:2472
- C:\Windows\System\uuAjkPq.exe
  C:\Windows\System\uuAjkPq.exe
  2⤵
  PID:2244
- C:\Windows\System\mJNmsIk.exe
  C:\Windows\System\mJNmsIk.exe
  2⤵
  PID:2548
- C:\Windows\System\uxoraWh.exe
  C:\Windows\System\uxoraWh.exe
  2⤵
  PID:2988
- C:\Windows\System\ejaYNtN.exe
  C:\Windows\System\ejaYNtN.exe
  2⤵
  PID:3028
- C:\Windows\System\MNdyGdK.exe
  C:\Windows\System\MNdyGdK.exe
  2⤵
  PID:2440
- C:\Windows\System\nXxtCfN.exe
  C:\Windows\System\nXxtCfN.exe
  2⤵
  PID:3032
- C:\Windows\System\rrdgRSY.exe
  C:\Windows\System\rrdgRSY.exe
  2⤵
  PID:880
- C:\Windows\System\vXYNWEb.exe
  C:\Windows\System\vXYNWEb.exe
  2⤵
  PID:1812
- C:\Windows\System\AeJQhtL.exe
  C:\Windows\System\AeJQhtL.exe
  2⤵
  PID:1600
- C:\Windows\System\ZhXURYx.exe
  C:\Windows\System\ZhXURYx.exe
  2⤵
  PID:2540
- C:\Windows\System\utZLWno.exe
  C:\Windows\System\utZLWno.exe
  2⤵
  PID:2860
- C:\Windows\System\keIxiGg.exe
  C:\Windows\System\keIxiGg.exe
  2⤵
  PID:2904
- C:\Windows\System\RuEOQuw.exe
  C:\Windows\System\RuEOQuw.exe
  2⤵
  PID:2648
- C:\Windows\System\XtiThrI.exe
  C:\Windows\System\XtiThrI.exe
  2⤵
  PID:3068
- C:\Windows\System\maiFElb.exe
  C:\Windows\System\maiFElb.exe
  2⤵
  PID:1896
- C:\Windows\System\lZEYAqI.exe
  C:\Windows\System\lZEYAqI.exe
  2⤵
  PID:1388
- C:\Windows\System\xzHUbfC.exe
  C:\Windows\System\xzHUbfC.exe
  2⤵
  PID:1920
- C:\Windows\System\xWtuYol.exe
  C:\Windows\System\xWtuYol.exe
  2⤵
  PID:264
- C:\Windows\System\qkkIrAA.exe
  C:\Windows\System\qkkIrAA.exe
  2⤵
  PID:2072
- C:\Windows\System\PicrJRU.exe
  C:\Windows\System\PicrJRU.exe
  2⤵
  PID:3020
- C:\Windows\System\HVHUEqe.exe
  C:\Windows\System\HVHUEqe.exe
  2⤵
  PID:1300
- C:\Windows\System\pliMbAY.exe
  C:\Windows\System\pliMbAY.exe
  2⤵
  PID:3076
- C:\Windows\System\FiJKWov.exe
  C:\Windows\System\FiJKWov.exe
  2⤵
  PID:3092
- C:\Windows\System\luYagcG.exe
  C:\Windows\System\luYagcG.exe
  2⤵
  PID:3108
- C:\Windows\System\hXeZlWZ.exe
  C:\Windows\System\hXeZlWZ.exe
  2⤵
  PID:3124
- C:\Windows\System\CQGJouZ.exe
  C:\Windows\System\CQGJouZ.exe
  2⤵
  PID:3140
- C:\Windows\System\lRIqyix.exe
  C:\Windows\System\lRIqyix.exe
  2⤵
  PID:3156
- C:\Windows\System\lqQEHhp.exe
  C:\Windows\System\lqQEHhp.exe
  2⤵
  PID:3172
- C:\Windows\System\KigQadx.exe
  C:\Windows\System\KigQadx.exe
  2⤵
  PID:3188
- C:\Windows\System\QXUUNzv.exe
  C:\Windows\System\QXUUNzv.exe
  2⤵
  PID:3204
- C:\Windows\System\PKHnEWb.exe
  C:\Windows\System\PKHnEWb.exe
  2⤵
  PID:3220
- C:\Windows\System\lJQKuDc.exe
  C:\Windows\System\lJQKuDc.exe
  2⤵
  PID:3236
- C:\Windows\System\DsaRCLB.exe
  C:\Windows\System\DsaRCLB.exe
  2⤵
  PID:3252
- C:\Windows\System\wszcEsZ.exe
  C:\Windows\System\wszcEsZ.exe
  2⤵
  PID:3268
- C:\Windows\System\SgalYrq.exe
  C:\Windows\System\SgalYrq.exe
  2⤵
  PID:3284
- C:\Windows\System\ZMiblyg.exe
  C:\Windows\System\ZMiblyg.exe
  2⤵
  PID:3300
- C:\Windows\System\CiZhqXU.exe
  C:\Windows\System\CiZhqXU.exe
  2⤵
  PID:3316
- C:\Windows\System\OGSHuzl.exe
  C:\Windows\System\OGSHuzl.exe
  2⤵
  PID:3332
- C:\Windows\System\BbORyZl.exe
  C:\Windows\System\BbORyZl.exe
  2⤵
  PID:3348
- C:\Windows\System\kfRnlIi.exe
  C:\Windows\System\kfRnlIi.exe
  2⤵
  PID:3364
- C:\Windows\System\FGNAKLx.exe
  C:\Windows\System\FGNAKLx.exe
  2⤵
  PID:3380
- C:\Windows\System\OcXWsqp.exe
  C:\Windows\System\OcXWsqp.exe
  2⤵
  PID:3396
- C:\Windows\System\UiaSEBb.exe
  C:\Windows\System\UiaSEBb.exe
  2⤵
  PID:3412
- C:\Windows\System\xbquLLD.exe
  C:\Windows\System\xbquLLD.exe
  2⤵
  PID:3428
- C:\Windows\System\oToQryZ.exe
  C:\Windows\System\oToQryZ.exe
  2⤵
  PID:3444
- C:\Windows\System\fwUwwjI.exe
  C:\Windows\System\fwUwwjI.exe
  2⤵
  PID:3460
- C:\Windows\System\NurmKbF.exe
  C:\Windows\System\NurmKbF.exe
  2⤵
  PID:3476
- C:\Windows\System\awGhlnL.exe
  C:\Windows\System\awGhlnL.exe
  2⤵
  PID:3492
- C:\Windows\System\YtNcGQv.exe
  C:\Windows\System\YtNcGQv.exe
  2⤵
  PID:3508
- C:\Windows\System\MhwVjDp.exe
  C:\Windows\System\MhwVjDp.exe
  2⤵
  PID:3524
- C:\Windows\System\eBmTIDj.exe
  C:\Windows\System\eBmTIDj.exe
  2⤵
  PID:3540
- C:\Windows\System\wqonXVj.exe
  C:\Windows\System\wqonXVj.exe
  2⤵
  PID:3556
- C:\Windows\System\LtidKeX.exe
  C:\Windows\System\LtidKeX.exe
  2⤵
  PID:3572
- C:\Windows\System\TFoFmvH.exe
  C:\Windows\System\TFoFmvH.exe
  2⤵
  PID:3588
- C:\Windows\System\iwwWmAx.exe
  C:\Windows\System\iwwWmAx.exe
  2⤵
  PID:3604
- C:\Windows\System\bLwIAIK.exe
  C:\Windows\System\bLwIAIK.exe
  2⤵
  PID:3620
- C:\Windows\System\RktMKBY.exe
  C:\Windows\System\RktMKBY.exe
  2⤵
  PID:3636
- C:\Windows\System\yqgDXfO.exe
  C:\Windows\System\yqgDXfO.exe
  2⤵
  PID:3652
- C:\Windows\System\MgbaxNI.exe
  C:\Windows\System\MgbaxNI.exe
  2⤵
  PID:3668
- C:\Windows\System\LCPMTsE.exe
  C:\Windows\System\LCPMTsE.exe
  2⤵
  PID:3684
- C:\Windows\System\XkziYSt.exe
  C:\Windows\System\XkziYSt.exe
  2⤵
  PID:3700
- C:\Windows\System\roXzYFS.exe
  C:\Windows\System\roXzYFS.exe
  2⤵
  PID:3716
- C:\Windows\System\RpKABfX.exe
  C:\Windows\System\RpKABfX.exe
  2⤵
  PID:3732
- C:\Windows\System\KZLTnbH.exe
  C:\Windows\System\KZLTnbH.exe
  2⤵
  PID:3748
- C:\Windows\System\cJKVfpO.exe
  C:\Windows\System\cJKVfpO.exe
  2⤵
  PID:3764
- C:\Windows\System\kqeWAcx.exe
  C:\Windows\System\kqeWAcx.exe
  2⤵
  PID:3780
- C:\Windows\System\AyYoIvP.exe
  C:\Windows\System\AyYoIvP.exe
  2⤵
  PID:3796
- C:\Windows\System\JGlMZSY.exe
  C:\Windows\System\JGlMZSY.exe
  2⤵
  PID:3812
- C:\Windows\System\wGtZOHk.exe
  C:\Windows\System\wGtZOHk.exe
  2⤵
  PID:3828
- C:\Windows\System\rVtLBJe.exe
  C:\Windows\System\rVtLBJe.exe
  2⤵
  PID:3844
- C:\Windows\System\wZXHFkQ.exe
  C:\Windows\System\wZXHFkQ.exe
  2⤵
  PID:3860
- C:\Windows\System\VuFCYsx.exe
  C:\Windows\System\VuFCYsx.exe
  2⤵
  PID:3876
- C:\Windows\System\pGozQLa.exe
  C:\Windows\System\pGozQLa.exe
  2⤵
  PID:3892
- C:\Windows\System\IBbGqNK.exe
  C:\Windows\System\IBbGqNK.exe
  2⤵
  PID:3908
- C:\Windows\System\euzebce.exe
  C:\Windows\System\euzebce.exe
  2⤵
  PID:3924
- C:\Windows\System\rLLHRQz.exe
  C:\Windows\System\rLLHRQz.exe
  2⤵
  PID:3940
- C:\Windows\System\EUMYgRT.exe
  C:\Windows\System\EUMYgRT.exe
  2⤵
  PID:3956
- C:\Windows\System\NWzriqV.exe
  C:\Windows\System\NWzriqV.exe
  2⤵
  PID:3972
- C:\Windows\System\oIjmVlt.exe
  C:\Windows\System\oIjmVlt.exe
  2⤵
  PID:3988
- C:\Windows\System\VubroMz.exe
  C:\Windows\System\VubroMz.exe
  2⤵
  PID:4004
- C:\Windows\System\zNgdysd.exe
  C:\Windows\System\zNgdysd.exe
  2⤵
  PID:4020
- C:\Windows\System\QRruipe.exe
  C:\Windows\System\QRruipe.exe
  2⤵
  PID:4036
- C:\Windows\System\lwjqSrq.exe
  C:\Windows\System\lwjqSrq.exe
  2⤵
  PID:4052
- C:\Windows\System\beuDuas.exe
  C:\Windows\System\beuDuas.exe
  2⤵
  PID:4068
- C:\Windows\System\cFgNGLd.exe
  C:\Windows\System\cFgNGLd.exe
  2⤵
  PID:4084
- C:\Windows\System\yDyznkL.exe
  C:\Windows\System\yDyznkL.exe
  2⤵
  PID:828
- C:\Windows\System\veDQDaQ.exe
  C:\Windows\System\veDQDaQ.exe
  2⤵
  PID:776
- C:\Windows\System\rAdjDZQ.exe
  C:\Windows\System\rAdjDZQ.exe
  2⤵
  PID:2560
- C:\Windows\System\zMhvCkh.exe
  C:\Windows\System\zMhvCkh.exe
  2⤵
  PID:2592
- C:\Windows\System\BYteFqq.exe
  C:\Windows\System\BYteFqq.exe
  2⤵
  PID:2068
- C:\Windows\System\uYoJqfy.exe
  C:\Windows\System\uYoJqfy.exe
  2⤵
  PID:2856
- C:\Windows\System\BxdXNZV.exe
  C:\Windows\System\BxdXNZV.exe
  2⤵
  PID:2780
- C:\Windows\System\fsMpZcD.exe
  C:\Windows\System\fsMpZcD.exe
  2⤵
  PID:2940
- C:\Windows\System\yOBefwg.exe
  C:\Windows\System\yOBefwg.exe
  2⤵
  PID:2288
- C:\Windows\System\VTfOxtF.exe
  C:\Windows\System\VTfOxtF.exe
  2⤵
  PID:1900
- C:\Windows\System\aaPIXPj.exe
  C:\Windows\System\aaPIXPj.exe
  2⤵
  PID:2348
- C:\Windows\System\HxMucAS.exe
  C:\Windows\System\HxMucAS.exe
  2⤵
  PID:2692
- C:\Windows\System\GvqOBOp.exe
  C:\Windows\System\GvqOBOp.exe
  2⤵
  PID:3116
- C:\Windows\System\DEreOJu.exe
  C:\Windows\System\DEreOJu.exe
  2⤵
  PID:3132
- C:\Windows\System\NXzhdgz.exe
  C:\Windows\System\NXzhdgz.exe
  2⤵
  PID:3164
- C:\Windows\System\SUdKoZz.exe
  C:\Windows\System\SUdKoZz.exe
  2⤵
  PID:3196
- C:\Windows\System\CJxamDq.exe
  C:\Windows\System\CJxamDq.exe
  2⤵
  PID:3228
- C:\Windows\System\tuukSId.exe
  C:\Windows\System\tuukSId.exe
  2⤵
  PID:3276
- C:\Windows\System\NmYkeBT.exe
  C:\Windows\System\NmYkeBT.exe
  2⤵
  PID:3308
- C:\Windows\System\WSHbSqf.exe
  C:\Windows\System\WSHbSqf.exe
  2⤵
  PID:3324
- C:\Windows\System\rCzjcIU.exe
  C:\Windows\System\rCzjcIU.exe
  2⤵
  PID:3372
- C:\Windows\System\thnfrgh.exe
  C:\Windows\System\thnfrgh.exe
  2⤵
  PID:3388
- C:\Windows\System\pbtkNtT.exe
  C:\Windows\System\pbtkNtT.exe
  2⤵
  PID:3420
- C:\Windows\System\OtMmnuT.exe
  C:\Windows\System\OtMmnuT.exe
  2⤵
  PID:3452
- C:\Windows\System\jYnRxrc.exe
  C:\Windows\System\jYnRxrc.exe
  2⤵
  PID:3500
- C:\Windows\System\YikBOHx.exe
  C:\Windows\System\YikBOHx.exe
  2⤵
  PID:3488
- C:\Windows\System\zbADTHq.exe
  C:\Windows\System\zbADTHq.exe
  2⤵
  PID:3548
- C:\Windows\System\bnqkAMs.exe
  C:\Windows\System\bnqkAMs.exe
  2⤵
  PID:3580
- C:\Windows\System\jNIKthe.exe
  C:\Windows\System\jNIKthe.exe
  2⤵
  PID:3612
- C:\Windows\System\nQadfao.exe
  C:\Windows\System\nQadfao.exe
  2⤵
  PID:3644
- C:\Windows\System\obdoRbH.exe
  C:\Windows\System\obdoRbH.exe
  2⤵
  PID:3676
- C:\Windows\System\UrSEOei.exe
  C:\Windows\System\UrSEOei.exe
  2⤵
  PID:3708
- C:\Windows\System\NAMTsSu.exe
  C:\Windows\System\NAMTsSu.exe
  2⤵
  PID:3740
- C:\Windows\System\TwBQwPS.exe
  C:\Windows\System\TwBQwPS.exe
  2⤵
  PID:3788
- C:\Windows\System\AZmlzlD.exe
  C:\Windows\System\AZmlzlD.exe
  2⤵
  PID:3820
- C:\Windows\System\TiqLvAv.exe
  C:\Windows\System\TiqLvAv.exe
  2⤵
  PID:3836
- C:\Windows\System\mlXOPrg.exe
  C:\Windows\System\mlXOPrg.exe
  2⤵
  PID:3884
- C:\Windows\System\FtnHfxW.exe
  C:\Windows\System\FtnHfxW.exe
  2⤵
  PID:3904
- C:\Windows\System\aMoCfbW.exe
  C:\Windows\System\aMoCfbW.exe
  2⤵
  PID:3932
- C:\Windows\System\zuJzHxA.exe
  C:\Windows\System\zuJzHxA.exe
  2⤵
  PID:3964
- C:\Windows\System\cmqZRCW.exe
  C:\Windows\System\cmqZRCW.exe
  2⤵
  PID:3996
- C:\Windows\System\Udjuxdq.exe
  C:\Windows\System\Udjuxdq.exe
  2⤵
  PID:4028
- C:\Windows\System\cLOvXSu.exe
  C:\Windows\System\cLOvXSu.exe
  2⤵
  PID:4076
- C:\Windows\System\FlIxYic.exe
  C:\Windows\System\FlIxYic.exe
  2⤵
  PID:564
- C:\Windows\System\OlcJdoM.exe
  C:\Windows\System\OlcJdoM.exe
  2⤵
  PID:376
- C:\Windows\System\UGiZaha.exe
  C:\Windows\System\UGiZaha.exe
  2⤵
  PID:1604
- C:\Windows\System\INovaia.exe
  C:\Windows\System\INovaia.exe
  2⤵
  PID:2608
- C:\Windows\System\tdMUKTW.exe
  C:\Windows\System\tdMUKTW.exe
  2⤵
  PID:2944
- C:\Windows\System\QXjArAw.exe
  C:\Windows\System\QXjArAw.exe
  2⤵
  PID:2700
- C:\Windows\System\IVxTudT.exe
  C:\Windows\System\IVxTudT.exe
  2⤵
  PID:3100
- C:\Windows\System\AENCNqY.exe
  C:\Windows\System\AENCNqY.exe
  2⤵
  PID:3168
- C:\Windows\System\GSUzdEE.exe
  C:\Windows\System\GSUzdEE.exe
  2⤵
  PID:3200
- C:\Windows\System\XFnWsyC.exe
  C:\Windows\System\XFnWsyC.exe
  2⤵
  PID:3260
- C:\Windows\System\NmzlLyZ.exe
  C:\Windows\System\NmzlLyZ.exe
  2⤵
  PID:3344
- C:\Windows\System\tdzsquM.exe
  C:\Windows\System\tdzsquM.exe
  2⤵
  PID:3408
- C:\Windows\System\RtNevqf.exe
  C:\Windows\System\RtNevqf.exe
  2⤵
  PID:3532
- C:\Windows\System\opDkWOX.exe
  C:\Windows\System\opDkWOX.exe
  2⤵
  PID:3516
- C:\Windows\System\uudcAUd.exe
  C:\Windows\System\uudcAUd.exe
  2⤵
  PID:3616
- C:\Windows\System\iGZzXSt.exe
  C:\Windows\System\iGZzXSt.exe
  2⤵
  PID:3664
- C:\Windows\System\gxJjwAr.exe
  C:\Windows\System\gxJjwAr.exe
  2⤵
  PID:3728
- C:\Windows\System\HBdddAq.exe
  C:\Windows\System\HBdddAq.exe
  2⤵
  PID:3792
- C:\Windows\System\VeFwdGN.exe
  C:\Windows\System\VeFwdGN.exe
  2⤵
  PID:3856
- C:\Windows\System\vrSWNJz.exe
  C:\Windows\System\vrSWNJz.exe
  2⤵
  PID:3952
- C:\Windows\System\rFvCIEh.exe
  C:\Windows\System\rFvCIEh.exe
  2⤵
  PID:4112
- C:\Windows\System\MwJLzBW.exe
  C:\Windows\System\MwJLzBW.exe
  2⤵
  PID:4128
- C:\Windows\System\ETKLdqX.exe
  C:\Windows\System\ETKLdqX.exe
  2⤵
  PID:4144
- C:\Windows\System\vhBFtIz.exe
  C:\Windows\System\vhBFtIz.exe
  2⤵
  PID:4160
- C:\Windows\System\dCBfUhf.exe
  C:\Windows\System\dCBfUhf.exe
  2⤵
  PID:4176
- C:\Windows\System\zVIwEKd.exe
  C:\Windows\System\zVIwEKd.exe
  2⤵
  PID:4192
- C:\Windows\System\HaXQfOc.exe
  C:\Windows\System\HaXQfOc.exe
  2⤵
  PID:4208
- C:\Windows\System\lGasQXk.exe
  C:\Windows\System\lGasQXk.exe
  2⤵
  PID:4224
- C:\Windows\System\aOMOgbV.exe
  C:\Windows\System\aOMOgbV.exe
  2⤵
  PID:4240
- C:\Windows\System\RsdQUZW.exe
  C:\Windows\System\RsdQUZW.exe
  2⤵
  PID:4256
- C:\Windows\System\CSsLdPV.exe
  C:\Windows\System\CSsLdPV.exe
  2⤵
  PID:4272
- C:\Windows\System\JWCtpcr.exe
  C:\Windows\System\JWCtpcr.exe
  2⤵
  PID:4288
- C:\Windows\System\KXDFchJ.exe
  C:\Windows\System\KXDFchJ.exe
  2⤵
  PID:4304
- C:\Windows\System\sGeagPU.exe
  C:\Windows\System\sGeagPU.exe
  2⤵
  PID:4320
- C:\Windows\System\GbCbXQr.exe
  C:\Windows\System\GbCbXQr.exe
  2⤵
  PID:4336
- C:\Windows\System\vkIhkqc.exe
  C:\Windows\System\vkIhkqc.exe
  2⤵
  PID:4352
- C:\Windows\System\sJLvpzm.exe
  C:\Windows\System\sJLvpzm.exe
  2⤵
  PID:4368
- C:\Windows\System\YALSiAJ.exe
  C:\Windows\System\YALSiAJ.exe
  2⤵
  PID:4384
- C:\Windows\System\MqyqQOz.exe
  C:\Windows\System\MqyqQOz.exe
  2⤵
  PID:4400
- C:\Windows\System\TgxUjvs.exe
  C:\Windows\System\TgxUjvs.exe
  2⤵
  PID:4416
- C:\Windows\System\PLJpIxg.exe
  C:\Windows\System\PLJpIxg.exe
  2⤵
  PID:4432
- C:\Windows\System\XqXiZkJ.exe
  C:\Windows\System\XqXiZkJ.exe
  2⤵
  PID:4448
- C:\Windows\System\svCgdVB.exe
  C:\Windows\System\svCgdVB.exe
  2⤵
  PID:4464
- C:\Windows\System\tcintDl.exe
  C:\Windows\System\tcintDl.exe
  2⤵
  PID:4480
- C:\Windows\System\KSLESLx.exe
  C:\Windows\System\KSLESLx.exe
  2⤵
  PID:4496
- C:\Windows\System\VHoChkg.exe
  C:\Windows\System\VHoChkg.exe
  2⤵
  PID:4512
- C:\Windows\System\YAOuAZX.exe
  C:\Windows\System\YAOuAZX.exe
  2⤵
  PID:4528
- C:\Windows\System\ldxcMMB.exe
  C:\Windows\System\ldxcMMB.exe
  2⤵
  PID:4544
- C:\Windows\System\aRAywcT.exe
  C:\Windows\System\aRAywcT.exe
  2⤵
  PID:4560
- C:\Windows\System\iKgaNam.exe
  C:\Windows\System\iKgaNam.exe
  2⤵
  PID:4576
- C:\Windows\System\eqpDCiB.exe
  C:\Windows\System\eqpDCiB.exe
  2⤵
  PID:4592
- C:\Windows\System\kZTMMVx.exe
  C:\Windows\System\kZTMMVx.exe
  2⤵
  PID:4608
- C:\Windows\System\gcdbheO.exe
  C:\Windows\System\gcdbheO.exe
  2⤵
  PID:4624
- C:\Windows\System\gXuEmxC.exe
  C:\Windows\System\gXuEmxC.exe
  2⤵
  PID:4640
- C:\Windows\System\AimFbFF.exe
  C:\Windows\System\AimFbFF.exe
  2⤵
  PID:4656
- C:\Windows\System\nhvzoQM.exe
  C:\Windows\System\nhvzoQM.exe
  2⤵
  PID:4672
- C:\Windows\System\BMRjunx.exe
  C:\Windows\System\BMRjunx.exe
  2⤵
  PID:4688
- C:\Windows\System\HRPkMmx.exe
  C:\Windows\System\HRPkMmx.exe
  2⤵
  PID:4704
- C:\Windows\System\IRNYZyx.exe
  C:\Windows\System\IRNYZyx.exe
  2⤵
  PID:4720
- C:\Windows\System\UPWvRRm.exe
  C:\Windows\System\UPWvRRm.exe
  2⤵
  PID:4736
- C:\Windows\System\ZMagNuV.exe
  C:\Windows\System\ZMagNuV.exe
  2⤵
  PID:4752
- C:\Windows\System\uAmSCcK.exe
  C:\Windows\System\uAmSCcK.exe
  2⤵
  PID:4768
- C:\Windows\System\sSotXGn.exe
  C:\Windows\System\sSotXGn.exe
  2⤵
  PID:4784
- C:\Windows\System\sZnfulv.exe
  C:\Windows\System\sZnfulv.exe
  2⤵
  PID:4800
- C:\Windows\System\alXryOR.exe
  C:\Windows\System\alXryOR.exe
  2⤵
  PID:4816
- C:\Windows\System\YZueIDW.exe
  C:\Windows\System\YZueIDW.exe
  2⤵
  PID:4832
- C:\Windows\System\qNjfTcp.exe
  C:\Windows\System\qNjfTcp.exe
  2⤵
  PID:4848
- C:\Windows\System\WKgxhRH.exe
  C:\Windows\System\WKgxhRH.exe
  2⤵
  PID:4864
- C:\Windows\System\sApfOgJ.exe
  C:\Windows\System\sApfOgJ.exe
  2⤵
  PID:4880
- C:\Windows\System\GjUyocr.exe
  C:\Windows\System\GjUyocr.exe
  2⤵
  PID:4896
- C:\Windows\System\TuZdEVR.exe
  C:\Windows\System\TuZdEVR.exe
  2⤵
  PID:4912
- C:\Windows\System\ZxwHFUY.exe
  C:\Windows\System\ZxwHFUY.exe
  2⤵
  PID:4928
- C:\Windows\System\TsVFPtU.exe
  C:\Windows\System\TsVFPtU.exe
  2⤵
  PID:4944
- C:\Windows\System\VPEEUep.exe
  C:\Windows\System\VPEEUep.exe
  2⤵
  PID:4960
- C:\Windows\System\lymEfNY.exe
  C:\Windows\System\lymEfNY.exe
  2⤵
  PID:4976
- C:\Windows\System\rMoGdrM.exe
  C:\Windows\System\rMoGdrM.exe
  2⤵
  PID:4992
- C:\Windows\System\XWikzLM.exe
  C:\Windows\System\XWikzLM.exe
  2⤵
  PID:5008
- C:\Windows\System\sEGBlXC.exe
  C:\Windows\System\sEGBlXC.exe
  2⤵
  PID:5024
- C:\Windows\System\jKHsNyF.exe
  C:\Windows\System\jKHsNyF.exe
  2⤵
  PID:5040
- C:\Windows\System\ZuBrWKR.exe
  C:\Windows\System\ZuBrWKR.exe
  2⤵
  PID:5056
- C:\Windows\System\ROoYqbf.exe
  C:\Windows\System\ROoYqbf.exe
  2⤵
  PID:5072
- C:\Windows\System\NyLVabR.exe
  C:\Windows\System\NyLVabR.exe
  2⤵
  PID:5088
- C:\Windows\System\fYFXXzM.exe
  C:\Windows\System\fYFXXzM.exe
  2⤵
  PID:5104
- C:\Windows\System\ChNDaZc.exe
  C:\Windows\System\ChNDaZc.exe
  2⤵
  PID:3948
- C:\Windows\System\XTdLpPq.exe
  C:\Windows\System\XTdLpPq.exe
  2⤵
  PID:3968
- C:\Windows\System\oozHune.exe
  C:\Windows\System\oozHune.exe
  2⤵
  PID:4092
- C:\Windows\System\sJpdFme.exe
  C:\Windows\System\sJpdFme.exe
  2⤵
  PID:1888
- C:\Windows\System\YBTayzf.exe
  C:\Windows\System\YBTayzf.exe
  2⤵
  PID:2476
- C:\Windows\System\mlhNLto.exe
  C:\Windows\System\mlhNLto.exe
  2⤵
  PID:2392
- C:\Windows\System\xLctcxQ.exe
  C:\Windows\System\xLctcxQ.exe
  2⤵
  PID:3104
- C:\Windows\System\jwcffFb.exe
  C:\Windows\System\jwcffFb.exe
  2⤵
  PID:3216
- C:\Windows\System\NfIvFhu.exe
  C:\Windows\System\NfIvFhu.exe
  2⤵
  PID:3456
- C:\Windows\System\nDezqAI.exe
  C:\Windows\System\nDezqAI.exe
  2⤵
  PID:3484
- C:\Windows\System\CWzBcYt.exe
  C:\Windows\System\CWzBcYt.exe
  2⤵
  PID:3852
- C:\Windows\System\UKiKGEo.exe
  C:\Windows\System\UKiKGEo.exe
  2⤵
  PID:3872
- C:\Windows\System\JhzrOiw.exe
  C:\Windows\System\JhzrOiw.exe
  2⤵
  PID:3920
- C:\Windows\System\BvKDhdz.exe
  C:\Windows\System\BvKDhdz.exe
  2⤵
  PID:4120
- C:\Windows\System\lLDYwHJ.exe
  C:\Windows\System\lLDYwHJ.exe
  2⤵
  PID:4156
- C:\Windows\System\aOcQJcJ.exe
  C:\Windows\System\aOcQJcJ.exe
  2⤵
  PID:4188
- C:\Windows\System\OpqnsDM.exe
  C:\Windows\System\OpqnsDM.exe
  2⤵
  PID:4236
- C:\Windows\System\gKHIrKF.exe
  C:\Windows\System\gKHIrKF.exe
  2⤵
  PID:4252
- C:\Windows\System\nuXJhHo.exe
  C:\Windows\System\nuXJhHo.exe
  2⤵
  PID:4300
- C:\Windows\System\kbABjcA.exe
  C:\Windows\System\kbABjcA.exe
  2⤵
  PID:4312
- C:\Windows\System\vIVdQhC.exe
  C:\Windows\System\vIVdQhC.exe
  2⤵
  PID:4344
- C:\Windows\System\zhnITPM.exe
  C:\Windows\System\zhnITPM.exe
  2⤵
  PID:4396
- C:\Windows\System\DScLUMx.exe
  C:\Windows\System\DScLUMx.exe
  2⤵
  PID:4412
- C:\Windows\System\ZchZHDs.exe
  C:\Windows\System\ZchZHDs.exe
  2⤵
  PID:4460
- C:\Windows\System\hCvdSrC.exe
  C:\Windows\System\hCvdSrC.exe
  2⤵
  PID:4476
- C:\Windows\System\fupKBpM.exe
  C:\Windows\System\fupKBpM.exe
  2⤵
  PID:4508
- C:\Windows\System\BVQLYVJ.exe
  C:\Windows\System\BVQLYVJ.exe
  2⤵
  PID:4540
- C:\Windows\System\XKlePXP.exe
  C:\Windows\System\XKlePXP.exe
  2⤵
  PID:4600
- C:\Windows\System\dqtaxap.exe
  C:\Windows\System\dqtaxap.exe
  2⤵
  PID:4568
- C:\Windows\System\lRHKGmV.exe
  C:\Windows\System\lRHKGmV.exe
  2⤵
  PID:4632
- C:\Windows\System\wQFrWek.exe
  C:\Windows\System\wQFrWek.exe
  2⤵
  PID:4668
- C:\Windows\System\PfTGUsL.exe
  C:\Windows\System\PfTGUsL.exe
  2⤵
  PID:4700
- C:\Windows\System\jbZCCpB.exe
  C:\Windows\System\jbZCCpB.exe
  2⤵
  PID:4748
- C:\Windows\System\xobjhIL.exe
  C:\Windows\System\xobjhIL.exe
  2⤵
  PID:4780
- C:\Windows\System\dFPqPCq.exe
  C:\Windows\System\dFPqPCq.exe
  2⤵
  PID:4792
- C:\Windows\System\oZbAIye.exe
  C:\Windows\System\oZbAIye.exe
  2⤵
  PID:4872
- C:\Windows\System\jlDUCxv.exe
  C:\Windows\System\jlDUCxv.exe
  2⤵
  PID:4876
- C:\Windows\System\mUfGXZh.exe
  C:\Windows\System\mUfGXZh.exe
  2⤵
  PID:4892
- C:\Windows\System\HlDEMhF.exe
  C:\Windows\System\HlDEMhF.exe
  2⤵
  PID:4924
- C:\Windows\System\UgWprog.exe
  C:\Windows\System\UgWprog.exe
  2⤵
  PID:4956
- C:\Windows\System\xvMhJfQ.exe
  C:\Windows\System\xvMhJfQ.exe
  2⤵
  PID:5032
- C:\Windows\System\ZRRuDLK.exe
  C:\Windows\System\ZRRuDLK.exe
  2⤵
  PID:5036
- C:\Windows\System\SxSQHAL.exe
  C:\Windows\System\SxSQHAL.exe
  2⤵
  PID:5052
- C:\Windows\System\fxGHrPI.exe
  C:\Windows\System\fxGHrPI.exe
  2⤵
  PID:5084
- C:\Windows\System\JijXkac.exe
  C:\Windows\System\JijXkac.exe
  2⤵
  PID:5116
- C:\Windows\System\aTTsaZs.exe
  C:\Windows\System\aTTsaZs.exe
  2⤵
  PID:4048
- C:\Windows\System\xmBCtNP.exe
  C:\Windows\System\xmBCtNP.exe
  2⤵
  PID:1496
- C:\Windows\System\ZzSsoJd.exe
  C:\Windows\System\ZzSsoJd.exe
  2⤵
  PID:3296
- C:\Windows\System\hkosGEm.exe
  C:\Windows\System\hkosGEm.exe
  2⤵
  PID:3440
- C:\Windows\System\tKpTxOJ.exe
  C:\Windows\System\tKpTxOJ.exe
  2⤵
  PID:3760
- C:\Windows\System\rbsENJS.exe
  C:\Windows\System\rbsENJS.exe
  2⤵
  PID:4104
- C:\Windows\System\qMUFQEZ.exe
  C:\Windows\System\qMUFQEZ.exe
  2⤵
  PID:4168
- C:\Windows\System\QBZPujM.exe
  C:\Windows\System\QBZPujM.exe
  2⤵
  PID:4248
- C:\Windows\System\vnaqXwT.exe
  C:\Windows\System\vnaqXwT.exe
  2⤵
  PID:4380
- C:\Windows\System\jqVhCVy.exe
  C:\Windows\System\jqVhCVy.exe
  2⤵
  PID:4440
- C:\Windows\System\uJrrveV.exe
  C:\Windows\System\uJrrveV.exe
  2⤵
  PID:4408
- C:\Windows\System\oURzVrG.exe
  C:\Windows\System\oURzVrG.exe
  2⤵
  PID:4584
- C:\Windows\System\DplKaaN.exe
  C:\Windows\System\DplKaaN.exe
  2⤵
  PID:4652
- C:\Windows\System\imvaRip.exe
  C:\Windows\System\imvaRip.exe
  2⤵
  PID:4712
- C:\Windows\System\IjmfLjL.exe
  C:\Windows\System\IjmfLjL.exe
  2⤵
  PID:4572
- C:\Windows\System\aYYzVrd.exe
  C:\Windows\System\aYYzVrd.exe
  2⤵
  PID:4844
- C:\Windows\System\NhCHzJW.exe
  C:\Windows\System\NhCHzJW.exe
  2⤵
  PID:4728
- C:\Windows\System\LNDwgVy.exe
  C:\Windows\System\LNDwgVy.exe
  2⤵
  PID:4828
- C:\Windows\System\PFcdxFM.exe
  C:\Windows\System\PFcdxFM.exe
  2⤵
  PID:4984
- C:\Windows\System\hgCRofQ.exe
  C:\Windows\System\hgCRofQ.exe
  2⤵
  PID:5096
- C:\Windows\System\NpSdfMv.exe
  C:\Windows\System\NpSdfMv.exe
  2⤵
  PID:2036
- C:\Windows\System\GwfeVna.exe
  C:\Windows\System\GwfeVna.exe
  2⤵
  PID:2572
- C:\Windows\System\sYdlLJD.exe
  C:\Windows\System\sYdlLJD.exe
  2⤵
  PID:5132
- C:\Windows\System\LgAMAUz.exe
  C:\Windows\System\LgAMAUz.exe
  2⤵
  PID:5148
- C:\Windows\System\oVvNthg.exe
  C:\Windows\System\oVvNthg.exe
  2⤵
  PID:5164
- C:\Windows\System\bjhkvfs.exe
  C:\Windows\System\bjhkvfs.exe
  2⤵
  PID:5180
- C:\Windows\System\QsIOGee.exe
  C:\Windows\System\QsIOGee.exe
  2⤵
  PID:5196
- C:\Windows\System\wOacMiK.exe
  C:\Windows\System\wOacMiK.exe
  2⤵
  PID:5212
- C:\Windows\System\GUfIQuz.exe
  C:\Windows\System\GUfIQuz.exe
  2⤵
  PID:5228
- C:\Windows\System\FuAUNQA.exe
  C:\Windows\System\FuAUNQA.exe
  2⤵
  PID:5244
- C:\Windows\System\EHgHgQW.exe
  C:\Windows\System\EHgHgQW.exe
  2⤵
  PID:5260
- C:\Windows\System\vDqNmFx.exe
  C:\Windows\System\vDqNmFx.exe
  2⤵
  PID:5276
- C:\Windows\System\LXCSIkI.exe
  C:\Windows\System\LXCSIkI.exe
  2⤵
  PID:5292
- C:\Windows\System\SIdgVzh.exe
  C:\Windows\System\SIdgVzh.exe
  2⤵
  PID:5308
- C:\Windows\System\ULZWlxb.exe
  C:\Windows\System\ULZWlxb.exe
  2⤵
  PID:5324
- C:\Windows\System\YgNrJLv.exe
  C:\Windows\System\YgNrJLv.exe
  2⤵
  PID:5340
- C:\Windows\System\GxvCcuh.exe
  C:\Windows\System\GxvCcuh.exe
  2⤵
  PID:5356
- C:\Windows\System\wsaZoaX.exe
  C:\Windows\System\wsaZoaX.exe
  2⤵
  PID:5372
- C:\Windows\System\XWWbAFY.exe
  C:\Windows\System\XWWbAFY.exe
  2⤵
  PID:5388
- C:\Windows\System\lcsSolV.exe
  C:\Windows\System\lcsSolV.exe
  2⤵
  PID:5404
- C:\Windows\System\jlLCoUS.exe
  C:\Windows\System\jlLCoUS.exe
  2⤵
  PID:5420
- C:\Windows\System\fUCuxWs.exe
  C:\Windows\System\fUCuxWs.exe
  2⤵
  PID:5436
- C:\Windows\System\cMZnQCZ.exe
  C:\Windows\System\cMZnQCZ.exe
  2⤵
  PID:5452
- C:\Windows\System\MZMRdzC.exe
  C:\Windows\System\MZMRdzC.exe
  2⤵
  PID:5468
- C:\Windows\System\ChRsEtr.exe
  C:\Windows\System\ChRsEtr.exe
  2⤵
  PID:5484
- C:\Windows\System\SeCgHwi.exe
  C:\Windows\System\SeCgHwi.exe
  2⤵
  PID:5500
- C:\Windows\System\mtYzMPb.exe
  C:\Windows\System\mtYzMPb.exe
  2⤵
  PID:5516
- C:\Windows\System\fWfEdJp.exe
  C:\Windows\System\fWfEdJp.exe
  2⤵
  PID:5532
- C:\Windows\System\HOOQxAN.exe
  C:\Windows\System\HOOQxAN.exe
  2⤵
  PID:5548
- C:\Windows\System\GWzfdmA.exe
  C:\Windows\System\GWzfdmA.exe
  2⤵
  PID:5564
- C:\Windows\System\FkboGWJ.exe
  C:\Windows\System\FkboGWJ.exe
  2⤵
  PID:5580
- C:\Windows\System\WTkuZxh.exe
  C:\Windows\System\WTkuZxh.exe
  2⤵
  PID:5596
- C:\Windows\System\UrPeHTU.exe
  C:\Windows\System\UrPeHTU.exe
  2⤵
  PID:5612
- C:\Windows\System\ferksIH.exe
  C:\Windows\System\ferksIH.exe
  2⤵
  PID:5628
- C:\Windows\System\sYttGOj.exe
  C:\Windows\System\sYttGOj.exe
  2⤵
  PID:5644
- C:\Windows\System\lQBOrSl.exe
  C:\Windows\System\lQBOrSl.exe
  2⤵
  PID:5660
- C:\Windows\System\bQjbtdc.exe
  C:\Windows\System\bQjbtdc.exe
  2⤵
  PID:5676
- C:\Windows\System\SzMxlij.exe
  C:\Windows\System\SzMxlij.exe
  2⤵
  PID:5692
- C:\Windows\System\qatOQfP.exe
  C:\Windows\System\qatOQfP.exe
  2⤵
  PID:5708
- C:\Windows\System\OMalGza.exe
  C:\Windows\System\OMalGza.exe
  2⤵
  PID:5724
- C:\Windows\System\qdXbNqn.exe
  C:\Windows\System\qdXbNqn.exe
  2⤵
  PID:5740
- C:\Windows\System\ztEDvQU.exe
  C:\Windows\System\ztEDvQU.exe
  2⤵
  PID:5756
- C:\Windows\System\NdwPMuz.exe
  C:\Windows\System\NdwPMuz.exe
  2⤵
  PID:5772
- C:\Windows\System\oCmHjnB.exe
  C:\Windows\System\oCmHjnB.exe
  2⤵
  PID:5788
- C:\Windows\System\mqPOQQa.exe
  C:\Windows\System\mqPOQQa.exe
  2⤵
  PID:5804
- C:\Windows\System\OtFDQiK.exe
  C:\Windows\System\OtFDQiK.exe
  2⤵
  PID:5820
- C:\Windows\System\hAomRzy.exe
  C:\Windows\System\hAomRzy.exe
  2⤵
  PID:5836
- C:\Windows\System\WbFxBFI.exe
  C:\Windows\System\WbFxBFI.exe
  2⤵
  PID:5852
- C:\Windows\System\LPwKQRC.exe
  C:\Windows\System\LPwKQRC.exe
  2⤵
  PID:5868
- C:\Windows\System\cdCGuHO.exe
  C:\Windows\System\cdCGuHO.exe
  2⤵
  PID:5884
- C:\Windows\System\FPNEmOA.exe
  C:\Windows\System\FPNEmOA.exe
  2⤵
  PID:5900
- C:\Windows\System\sZVMacF.exe
  C:\Windows\System\sZVMacF.exe
  2⤵
  PID:5916
- C:\Windows\System\jLPwhPB.exe
  C:\Windows\System\jLPwhPB.exe
  2⤵
  PID:5932
- C:\Windows\System\IyTXFnu.exe
  C:\Windows\System\IyTXFnu.exe
  2⤵
  PID:5948
- C:\Windows\System\WWHzqrJ.exe
  C:\Windows\System\WWHzqrJ.exe
  2⤵
  PID:5964
- C:\Windows\System\RqfKKCj.exe
  C:\Windows\System\RqfKKCj.exe
  2⤵
  PID:5980
- C:\Windows\System\dkPxcKz.exe
  C:\Windows\System\dkPxcKz.exe
  2⤵
  PID:5996
- C:\Windows\System\uXvzclg.exe
  C:\Windows\System\uXvzclg.exe
  2⤵
  PID:6012
- C:\Windows\System\MpOfLXr.exe
  C:\Windows\System\MpOfLXr.exe
  2⤵
  PID:6028
- C:\Windows\System\YehDbpK.exe
  C:\Windows\System\YehDbpK.exe
  2⤵
  PID:6044
- C:\Windows\System\VsSQdSg.exe
  C:\Windows\System\VsSQdSg.exe
  2⤵
  PID:6060
- C:\Windows\System\dMuxMpq.exe
  C:\Windows\System\dMuxMpq.exe
  2⤵
  PID:6076
- C:\Windows\System\UZKMyUx.exe
  C:\Windows\System\UZKMyUx.exe
  2⤵
  PID:6092
- C:\Windows\System\oVjGoQj.exe
  C:\Windows\System\oVjGoQj.exe
  2⤵
  PID:6108
- C:\Windows\System\FORHrhw.exe
  C:\Windows\System\FORHrhw.exe
  2⤵
  PID:6124
- C:\Windows\System\NCemwTL.exe
  C:\Windows\System\NCemwTL.exe
  2⤵
  PID:6140
- C:\Windows\System\EFJHqrS.exe
  C:\Windows\System\EFJHqrS.exe
  2⤵
  PID:1312
- C:\Windows\System\gbbWIic.exe
  C:\Windows\System\gbbWIic.exe
  2⤵
  PID:4232
- C:\Windows\System\kWULQnC.exe
  C:\Windows\System\kWULQnC.exe
  2⤵
  PID:3248
- C:\Windows\System\kfGxqcY.exe
  C:\Windows\System\kfGxqcY.exe
  2⤵
  PID:4136
- C:\Windows\System\igXOqcS.exe
  C:\Windows\System\igXOqcS.exe
  2⤵
  PID:4296
- C:\Windows\System\zqJMMeQ.exe
  C:\Windows\System\zqJMMeQ.exe
  2⤵
  PID:4776
- C:\Windows\System\GfWylWf.exe
  C:\Windows\System\GfWylWf.exe
  2⤵
  PID:4744
- C:\Windows\System\FWPWEdo.exe
  C:\Windows\System\FWPWEdo.exe
  2⤵
  PID:4064
- C:\Windows\System\NxXSwnO.exe
  C:\Windows\System\NxXSwnO.exe
  2⤵
  PID:5124
- C:\Windows\System\fVYPKVf.exe
  C:\Windows\System\fVYPKVf.exe
  2⤵
  PID:4968
- C:\Windows\System\NdjAUer.exe
  C:\Windows\System\NdjAUer.exe
  2⤵
  PID:5048
- C:\Windows\System\bfTqtGc.exe
  C:\Windows\System\bfTqtGc.exe
  2⤵
  PID:5220
- C:\Windows\System\kksQeTK.exe
  C:\Windows\System\kksQeTK.exe
  2⤵
  PID:5256
- C:\Windows\System\tjtqUSM.exe
  C:\Windows\System\tjtqUSM.exe
  2⤵
  PID:5144
- C:\Windows\System\FEtklMK.exe
  C:\Windows\System\FEtklMK.exe
  2⤵
  PID:5208
- C:\Windows\System\vkwJXvb.exe
  C:\Windows\System\vkwJXvb.exe
  2⤵
  PID:5320
- C:\Windows\System\hWASvoW.exe
  C:\Windows\System\hWASvoW.exe
  2⤵
  PID:5304
- C:\Windows\System\MThPAbQ.exe
  C:\Windows\System\MThPAbQ.exe
  2⤵
  PID:5412
- C:\Windows\System\jFndycD.exe
  C:\Windows\System\jFndycD.exe
  2⤵
  PID:5332
- C:\Windows\System\SmwfTAZ.exe
  C:\Windows\System\SmwfTAZ.exe
  2⤵
  PID:5396
- C:\Windows\System\EwRIlmO.exe
  C:\Windows\System\EwRIlmO.exe
  2⤵
  PID:5460
- C:\Windows\System\XBCjNOE.exe
  C:\Windows\System\XBCjNOE.exe
  2⤵
  PID:5540
- C:\Windows\System\mPpzetf.exe
  C:\Windows\System\mPpzetf.exe
  2⤵
  PID:5576
- C:\Windows\System\QvjhOls.exe
  C:\Windows\System\QvjhOls.exe
  2⤵
  PID:5636
- C:\Windows\System\YSgDbnM.exe
  C:\Windows\System\YSgDbnM.exe
  2⤵
  PID:5652
- C:\Windows\System\mJriJWm.exe
  C:\Windows\System\mJriJWm.exe
  2⤵
  PID:5588
- C:\Windows\System\xQWQqhc.exe
  C:\Windows\System\xQWQqhc.exe
  2⤵
  PID:5668
- C:\Windows\System\rTldSYr.exe
  C:\Windows\System\rTldSYr.exe
  2⤵
  PID:5684
- C:\Windows\System\tjGzfWg.exe
  C:\Windows\System\tjGzfWg.exe
  2⤵
  PID:5736
- C:\Windows\System\UcMMBgH.exe
  C:\Windows\System\UcMMBgH.exe
  2⤵
  PID:5752
- C:\Windows\System\UdZauqO.exe
  C:\Windows\System\UdZauqO.exe
  2⤵
  PID:5800
- C:\Windows\System\TKdCITE.exe
  C:\Windows\System\TKdCITE.exe
  2⤵
  PID:5816
- C:\Windows\System\odAYyOa.exe
  C:\Windows\System\odAYyOa.exe
  2⤵
  PID:5848
- C:\Windows\System\UGSgkUh.exe
  C:\Windows\System\UGSgkUh.exe
  2⤵
  PID:5880
- C:\Windows\System\kufPJtW.exe
  C:\Windows\System\kufPJtW.exe
  2⤵
  PID:5912
- C:\Windows\System\pGOtrnw.exe
  C:\Windows\System\pGOtrnw.exe
  2⤵
  PID:5960
- C:\Windows\System\ZHXwpoA.exe
  C:\Windows\System\ZHXwpoA.exe
  2⤵
  PID:5992
- C:\Windows\System\DrKslKS.exe
  C:\Windows\System\DrKslKS.exe
  2⤵
  PID:6024
- C:\Windows\System\lHwQuSq.exe
  C:\Windows\System\lHwQuSq.exe
  2⤵
  PID:6040
- C:\Windows\System\qZlBexr.exe
  C:\Windows\System\qZlBexr.exe
  2⤵
  PID:6088
- C:\Windows\System\TxnmvFc.exe
  C:\Windows\System\TxnmvFc.exe
  2⤵
  PID:6120
- C:\Windows\System\QdkDIib.exe
  C:\Windows\System\QdkDIib.exe
  2⤵
  PID:6136
- C:\Windows\System\abMjnKD.exe
  C:\Windows\System\abMjnKD.exe
  2⤵
  PID:3868
- C:\Windows\System\yUZqgeo.exe
  C:\Windows\System\yUZqgeo.exe
  2⤵
  PID:4280
- C:\Windows\System\QolcpZz.exe
  C:\Windows\System\QolcpZz.exe
  2⤵
  PID:4840
- C:\Windows\System\wIvpQqM.exe
  C:\Windows\System\wIvpQqM.exe
  2⤵
  PID:4812
- C:\Windows\System\fzVGSxb.exe
  C:\Windows\System\fzVGSxb.exe
  2⤵
  PID:5192
- C:\Windows\System\srbAmmb.exe
  C:\Windows\System\srbAmmb.exe
  2⤵
  PID:5176
- C:\Windows\System\UDRdWrq.exe
  C:\Windows\System\UDRdWrq.exe
  2⤵
  PID:5272
- C:\Windows\System\isHptJG.exe
  C:\Windows\System\isHptJG.exe
  2⤵
  PID:5444
- C:\Windows\System\DQhlIdN.exe
  C:\Windows\System\DQhlIdN.exe
  2⤵
  PID:5492
- C:\Windows\System\RgurDdo.exe
  C:\Windows\System\RgurDdo.exe
  2⤵
  PID:5556
- C:\Windows\System\aLCiRuP.exe
  C:\Windows\System\aLCiRuP.exe
  2⤵
  PID:5364
- C:\Windows\System\ZJGfOtq.exe
  C:\Windows\System\ZJGfOtq.exe
  2⤵
  PID:5780
- C:\Windows\System\EiTDSrV.exe
  C:\Windows\System\EiTDSrV.exe
  2⤵
  PID:5608
- C:\Windows\System\sXlxGCd.exe
  C:\Windows\System\sXlxGCd.exe
  2⤵
  PID:5524
- C:\Windows\System\dAiiwDa.exe
  C:\Windows\System\dAiiwDa.exe
  2⤵
  PID:5764
- C:\Windows\System\oLxjNsT.exe
  C:\Windows\System\oLxjNsT.exe
  2⤵
  PID:5972
- C:\Windows\System\xMCsBXk.exe
  C:\Windows\System\xMCsBXk.exe
  2⤵
  PID:6116
- C:\Windows\System\qZjAJVM.exe
  C:\Windows\System\qZjAJVM.exe
  2⤵
  PID:6148
- C:\Windows\System\bAiTLMe.exe
  C:\Windows\System\bAiTLMe.exe
  2⤵
  PID:6164
- C:\Windows\System\CephdMQ.exe
  C:\Windows\System\CephdMQ.exe
  2⤵
  PID:6180
- C:\Windows\System\aOPgEjO.exe
  C:\Windows\System\aOPgEjO.exe
  2⤵
  PID:6196
- C:\Windows\System\OwrCmdd.exe
  C:\Windows\System\OwrCmdd.exe
  2⤵
  PID:6212
- C:\Windows\System\vCqEvoh.exe
  C:\Windows\System\vCqEvoh.exe
  2⤵
  PID:6228
- C:\Windows\System\OkqURlC.exe
  C:\Windows\System\OkqURlC.exe
  2⤵
  PID:6244
- C:\Windows\System\psTzlxT.exe
  C:\Windows\System\psTzlxT.exe
  2⤵
  PID:6260
- C:\Windows\System\ZlIUMwq.exe
  C:\Windows\System\ZlIUMwq.exe
  2⤵
  PID:6276
- C:\Windows\System\bfUpsfH.exe
  C:\Windows\System\bfUpsfH.exe
  2⤵
  PID:6292
- C:\Windows\System\JDVdKld.exe
  C:\Windows\System\JDVdKld.exe
  2⤵
  PID:6308
- C:\Windows\System\DSgbOWU.exe
  C:\Windows\System\DSgbOWU.exe
  2⤵
  PID:6324
- C:\Windows\System\XNdkwPM.exe
  C:\Windows\System\XNdkwPM.exe
  2⤵
  PID:6340
- C:\Windows\System\RVavGRt.exe
  C:\Windows\System\RVavGRt.exe
  2⤵
  PID:6356
- C:\Windows\System\ExlmWCq.exe
  C:\Windows\System\ExlmWCq.exe
  2⤵
  PID:6372
- C:\Windows\System\eAYMSfx.exe
  C:\Windows\System\eAYMSfx.exe
  2⤵
  PID:6388
- C:\Windows\System\THRzePt.exe
  C:\Windows\System\THRzePt.exe
  2⤵
  PID:6404
- C:\Windows\System\JYuOGmd.exe
  C:\Windows\System\JYuOGmd.exe
  2⤵
  PID:6420
- C:\Windows\System\OksKNkk.exe
  C:\Windows\System\OksKNkk.exe
  2⤵
  PID:6440
- C:\Windows\System\dJVxtfY.exe
  C:\Windows\System\dJVxtfY.exe
  2⤵
  PID:6456
- C:\Windows\System\TnkRdZU.exe
  C:\Windows\System\TnkRdZU.exe
  2⤵
  PID:6472
- C:\Windows\System\AOYkbzj.exe
  C:\Windows\System\AOYkbzj.exe
  2⤵
  PID:6488
- C:\Windows\System\EatELZs.exe
  C:\Windows\System\EatELZs.exe
  2⤵
  PID:6504
- C:\Windows\System\yrTnWUr.exe
  C:\Windows\System\yrTnWUr.exe
  2⤵
  PID:6520
- C:\Windows\System\FKbbDxU.exe
  C:\Windows\System\FKbbDxU.exe
  2⤵
  PID:6536
- C:\Windows\System\ZOLqmfg.exe
  C:\Windows\System\ZOLqmfg.exe
  2⤵
  PID:6552
- C:\Windows\System\RitbEQp.exe
  C:\Windows\System\RitbEQp.exe
  2⤵
  PID:6568
- C:\Windows\System\EwupcHc.exe
  C:\Windows\System\EwupcHc.exe
  2⤵
  PID:6584
- C:\Windows\System\hWfaFmD.exe
  C:\Windows\System\hWfaFmD.exe
  2⤵
  PID:6600
- C:\Windows\System\mvNNjqN.exe
  C:\Windows\System\mvNNjqN.exe
  2⤵
  PID:6616
- C:\Windows\System\KvThRPc.exe
  C:\Windows\System\KvThRPc.exe
  2⤵
  PID:6632
- C:\Windows\System\qXCvhVG.exe
  C:\Windows\System\qXCvhVG.exe
  2⤵
  PID:6648
- C:\Windows\System\MksdxWN.exe
  C:\Windows\System\MksdxWN.exe
  2⤵
  PID:6664
- C:\Windows\System\fGEakKP.exe
  C:\Windows\System\fGEakKP.exe
  2⤵
  PID:6680
- C:\Windows\System\ueggbWL.exe
  C:\Windows\System\ueggbWL.exe
  2⤵
  PID:6696
- C:\Windows\System\yDCWwDp.exe
  C:\Windows\System\yDCWwDp.exe
  2⤵
  PID:6712
- C:\Windows\System\NhuYNzy.exe
  C:\Windows\System\NhuYNzy.exe
  2⤵
  PID:6728
- C:\Windows\System\nbHhoJj.exe
  C:\Windows\System\nbHhoJj.exe
  2⤵
  PID:6744
- C:\Windows\System\efSmQMx.exe
  C:\Windows\System\efSmQMx.exe
  2⤵
  PID:6760
- C:\Windows\System\MNwsSda.exe
  C:\Windows\System\MNwsSda.exe
  2⤵
  PID:6776
- C:\Windows\System\QyYHMOX.exe
  C:\Windows\System\QyYHMOX.exe
  2⤵
  PID:6792
- C:\Windows\System\CXclmtJ.exe
  C:\Windows\System\CXclmtJ.exe
  2⤵
  PID:6808
- C:\Windows\System\HKiQepM.exe
  C:\Windows\System\HKiQepM.exe
  2⤵
  PID:6824
- C:\Windows\System\tOryjet.exe
  C:\Windows\System\tOryjet.exe
  2⤵
  PID:6840
- C:\Windows\System\vHcjKgN.exe
  C:\Windows\System\vHcjKgN.exe
  2⤵
  PID:6856
- C:\Windows\System\JnPuwfY.exe
  C:\Windows\System\JnPuwfY.exe
  2⤵
  PID:6872
- C:\Windows\System\jLcnCae.exe
  C:\Windows\System\jLcnCae.exe
  2⤵
  PID:6888
- C:\Windows\System\OkOygCC.exe
  C:\Windows\System\OkOygCC.exe
  2⤵
  PID:6904
- C:\Windows\System\WZuQWxU.exe
  C:\Windows\System\WZuQWxU.exe
  2⤵
  PID:6920
- C:\Windows\System\gjsVVtk.exe
  C:\Windows\System\gjsVVtk.exe
  2⤵
  PID:6936
- C:\Windows\System\dJpKCWn.exe
  C:\Windows\System\dJpKCWn.exe
  2⤵
  PID:6952
- C:\Windows\System\ICheICF.exe
  C:\Windows\System\ICheICF.exe
  2⤵
  PID:6968
- C:\Windows\System\tIyyqrs.exe
  C:\Windows\System\tIyyqrs.exe
  2⤵
  PID:6984
- C:\Windows\System\CUPQfYy.exe
  C:\Windows\System\CUPQfYy.exe
  2⤵
  PID:7000
- C:\Windows\System\mNFSVAF.exe
  C:\Windows\System\mNFSVAF.exe
  2⤵
  PID:7016
- C:\Windows\System\yyAYpSg.exe
  C:\Windows\System\yyAYpSg.exe
  2⤵
  PID:7032
- C:\Windows\System\aqFyBZh.exe
  C:\Windows\System\aqFyBZh.exe
  2⤵
  PID:7048
- C:\Windows\System\tXPmwiF.exe
  C:\Windows\System\tXPmwiF.exe
  2⤵
  PID:7064
- C:\Windows\System\SwdiDqx.exe
  C:\Windows\System\SwdiDqx.exe
  2⤵
  PID:7080
- C:\Windows\System\lWyCUJc.exe
  C:\Windows\System\lWyCUJc.exe
  2⤵
  PID:7096
- C:\Windows\System\XKqGFoK.exe
  C:\Windows\System\XKqGFoK.exe
  2⤵
  PID:7112
- C:\Windows\System\EQPXXFM.exe
  C:\Windows\System\EQPXXFM.exe
  2⤵
  PID:7128
- C:\Windows\System\pncHScp.exe
  C:\Windows\System\pncHScp.exe
  2⤵
  PID:7144
- C:\Windows\System\UOXFKWj.exe
  C:\Windows\System\UOXFKWj.exe
  2⤵
  PID:7160
- C:\Windows\System\THUlIBu.exe
  C:\Windows\System\THUlIBu.exe
  2⤵
  PID:6084
- C:\Windows\System\LqhlUVo.exe
  C:\Windows\System\LqhlUVo.exe
  2⤵
  PID:4216
- C:\Windows\System\AhkfgQU.exe
  C:\Windows\System\AhkfgQU.exe
  2⤵
  PID:5832
- C:\Windows\System\ZYruYvh.exe
  C:\Windows\System\ZYruYvh.exe
  2⤵
  PID:4424
- C:\Windows\System\tBXfczL.exe
  C:\Windows\System\tBXfczL.exe
  2⤵
  PID:4936
- C:\Windows\System\yBMiZEh.exe
  C:\Windows\System\yBMiZEh.exe
  2⤵
  PID:5316
- C:\Windows\System\OxKyRdQ.exe
  C:\Windows\System\OxKyRdQ.exe
  2⤵
  PID:5384
- C:\Windows\System\pwyNvpS.exe
  C:\Windows\System\pwyNvpS.exe
  2⤵
  PID:2984
- C:\Windows\System\uPGRjLr.exe
  C:\Windows\System\uPGRjLr.exe
  2⤵
  PID:5688
- C:\Windows\System\EMoZzPg.exe
  C:\Windows\System\EMoZzPg.exe
  2⤵
  PID:5864
- C:\Windows\System\sNddtrF.exe
  C:\Windows\System\sNddtrF.exe
  2⤵
  PID:5928
- C:\Windows\System\bfZZHfl.exe
  C:\Windows\System\bfZZHfl.exe
  2⤵
  PID:6160
- C:\Windows\System\efuvvqJ.exe
  C:\Windows\System\efuvvqJ.exe
  2⤵
  PID:6192
- C:\Windows\System\BFqShiS.exe
  C:\Windows\System\BFqShiS.exe
  2⤵
  PID:6208
- C:\Windows\System\jFUsRFJ.exe
  C:\Windows\System\jFUsRFJ.exe
  2⤵
  PID:6256
- C:\Windows\System\cIuaKna.exe
  C:\Windows\System\cIuaKna.exe
  2⤵
  PID:6272
- C:\Windows\System\TAxusYV.exe
  C:\Windows\System\TAxusYV.exe
  2⤵
  PID:6304
- C:\Windows\System\MLKfend.exe
  C:\Windows\System\MLKfend.exe
  2⤵
  PID:6352
- C:\Windows\System\zuFhDae.exe
  C:\Windows\System\zuFhDae.exe
  2⤵
  PID:6368
- C:\Windows\System\XagXJvq.exe
  C:\Windows\System\XagXJvq.exe
  2⤵
  PID:6400
- C:\Windows\System\xavSbYB.exe
  C:\Windows\System\xavSbYB.exe
  2⤵
  PID:6452
- C:\Windows\System\mwQAVdf.exe
  C:\Windows\System\mwQAVdf.exe
  2⤵
  PID:6484
- C:\Windows\System\jbTFqsY.exe
  C:\Windows\System\jbTFqsY.exe
  2⤵
  PID:6516
- C:\Windows\System\NJArYil.exe
  C:\Windows\System\NJArYil.exe
  2⤵
  PID:6528
- C:\Windows\System\IbTRNlL.exe
  C:\Windows\System\IbTRNlL.exe
  2⤵
  PID:6580
- C:\Windows\System\hofXnmi.exe
  C:\Windows\System\hofXnmi.exe
  2⤵
  PID:6596
- C:\Windows\System\nklBzVh.exe
  C:\Windows\System\nklBzVh.exe
  2⤵
  PID:6644
- C:\Windows\System\kBeImuZ.exe
  C:\Windows\System\kBeImuZ.exe
  2⤵
  PID:6676
- C:\Windows\System\vRRUDEe.exe
  C:\Windows\System\vRRUDEe.exe
  2⤵
  PID:6708
- C:\Windows\System\AmKgZAY.exe
  C:\Windows\System\AmKgZAY.exe
  2⤵
  PID:6720
- C:\Windows\System\BxZbQyC.exe
  C:\Windows\System\BxZbQyC.exe
  2⤵
  PID:6756
- C:\Windows\System\XvHPRUe.exe
  C:\Windows\System\XvHPRUe.exe
  2⤵
  PID:6804
- C:\Windows\System\pGTPICO.exe
  C:\Windows\System\pGTPICO.exe
  2⤵
  PID:6836
- C:\Windows\System\uoAxMQk.exe
  C:\Windows\System\uoAxMQk.exe
  2⤵
  PID:6848
- C:\Windows\System\YCkCvHS.exe
  C:\Windows\System\YCkCvHS.exe
  2⤵
  PID:6884
- C:\Windows\System\OfeCaaE.exe
  C:\Windows\System\OfeCaaE.exe
  2⤵
  PID:6916
- C:\Windows\System\lzVCsBs.exe
  C:\Windows\System\lzVCsBs.exe
  2⤵
  PID:6948
- C:\Windows\System\NGXljmH.exe
  C:\Windows\System\NGXljmH.exe
  2⤵
  PID:6996
- C:\Windows\System\UzAYAkZ.exe
  C:\Windows\System\UzAYAkZ.exe
  2⤵
  PID:7028
- C:\Windows\System\kdVbGDc.exe
  C:\Windows\System\kdVbGDc.exe
  2⤵
  PID:7040
- C:\Windows\System\nIzwupJ.exe
  C:\Windows\System\nIzwupJ.exe
  2⤵
  PID:7076
- C:\Windows\System\JzDTeMO.exe
  C:\Windows\System\JzDTeMO.exe
  2⤵
  PID:7108
- C:\Windows\System\zDGLIPl.exe
  C:\Windows\System\zDGLIPl.exe
  2⤵
  PID:7140
- C:\Windows\System\LnhIDkI.exe
  C:\Windows\System\LnhIDkI.exe
  2⤵
  PID:6132
- C:\Windows\System\FIuOpMh.exe
  C:\Windows\System\FIuOpMh.exe
  2⤵
  PID:5004
- C:\Windows\System\rmzIGoH.exe
  C:\Windows\System\rmzIGoH.exe
  2⤵
  PID:5288
- C:\Windows\System\OoyYPXN.exe
  C:\Windows\System\OoyYPXN.exe
  2⤵
  PID:5380
- C:\Windows\System\JmMfHyg.exe
  C:\Windows\System\JmMfHyg.exe
  2⤵
  PID:5860
- C:\Windows\System\eOcwBID.exe
  C:\Windows\System\eOcwBID.exe
  2⤵
  PID:5924
- C:\Windows\System\JCersSn.exe
  C:\Windows\System\JCersSn.exe
  2⤵
  PID:6188
- C:\Windows\System\SosWhBR.exe
  C:\Windows\System\SosWhBR.exe
  2⤵
  PID:6236
- C:\Windows\System\XpTKeML.exe
  C:\Windows\System\XpTKeML.exe
  2⤵
  PID:6332
- C:\Windows\System\kBokCZl.exe
  C:\Windows\System\kBokCZl.exe
  2⤵
  PID:6364
- C:\Windows\System\bHldFbR.exe
  C:\Windows\System\bHldFbR.exe
  2⤵
  PID:6480
- C:\Windows\System\TiAXDwH.exe
  C:\Windows\System\TiAXDwH.exe
  2⤵
  PID:6496
- C:\Windows\System\sBgRcul.exe
  C:\Windows\System\sBgRcul.exe
  2⤵
  PID:6592
- C:\Windows\System\OSxDKpV.exe
  C:\Windows\System\OSxDKpV.exe
  2⤵
  PID:6640
- C:\Windows\System\hPvmSbI.exe
  C:\Windows\System\hPvmSbI.exe
  2⤵
  PID:6704
- C:\Windows\System\ixFDGXt.exe
  C:\Windows\System\ixFDGXt.exe
  2⤵
  PID:6752
- C:\Windows\System\YuggBMM.exe
  C:\Windows\System\YuggBMM.exe
  2⤵
  PID:6816
- C:\Windows\System\skigCLj.exe
  C:\Windows\System\skigCLj.exe
  2⤵
  PID:7172
- C:\Windows\System\EmJWUTJ.exe
  C:\Windows\System\EmJWUTJ.exe
  2⤵
  PID:7188
- C:\Windows\System\kCdoDBL.exe
  C:\Windows\System\kCdoDBL.exe
  2⤵
  PID:7204
- C:\Windows\System\XBYtFhh.exe
  C:\Windows\System\XBYtFhh.exe
  2⤵
  PID:7220
- C:\Windows\System\HqSMJTF.exe
  C:\Windows\System\HqSMJTF.exe
  2⤵
  PID:7236
- C:\Windows\System\BrChhHS.exe
  C:\Windows\System\BrChhHS.exe
  2⤵
  PID:7252
- C:\Windows\System\KtnmpzK.exe
  C:\Windows\System\KtnmpzK.exe
  2⤵
  PID:7268
- C:\Windows\System\xHfcnwV.exe
  C:\Windows\System\xHfcnwV.exe
  2⤵
  PID:7284
- C:\Windows\System\FBSXCbm.exe
  C:\Windows\System\FBSXCbm.exe
  2⤵
  PID:7300
- C:\Windows\System\VkayRjp.exe
  C:\Windows\System\VkayRjp.exe
  2⤵
  PID:7316
- C:\Windows\System\AMaAZOD.exe
  C:\Windows\System\AMaAZOD.exe
  2⤵
  PID:7332
- C:\Windows\System\gJVafxs.exe
  C:\Windows\System\gJVafxs.exe
  2⤵
  PID:7348
- C:\Windows\System\mrBYMBK.exe
  C:\Windows\System\mrBYMBK.exe
  2⤵
  PID:7364
- C:\Windows\System\wpDNloe.exe
  C:\Windows\System\wpDNloe.exe
  2⤵
  PID:7380
- C:\Windows\System\ZMKzyMI.exe
  C:\Windows\System\ZMKzyMI.exe
  2⤵
  PID:7396
- C:\Windows\System\PwMeLuz.exe
  C:\Windows\System\PwMeLuz.exe
  2⤵
  PID:7412
- C:\Windows\System\fQhJuyL.exe
  C:\Windows\System\fQhJuyL.exe
  2⤵
  PID:7428
- C:\Windows\System\cbHoCTu.exe
  C:\Windows\System\cbHoCTu.exe
  2⤵
  PID:7444
- C:\Windows\System\sQmqAkE.exe
  C:\Windows\System\sQmqAkE.exe
  2⤵
  PID:7460
- C:\Windows\System\ENQGfjV.exe
  C:\Windows\System\ENQGfjV.exe
  2⤵
  PID:7476
- C:\Windows\System\aeVaAQr.exe
  C:\Windows\System\aeVaAQr.exe
  2⤵
  PID:7492
- C:\Windows\System\sBpKpAa.exe
  C:\Windows\System\sBpKpAa.exe
  2⤵
  PID:7508
- C:\Windows\System\chuibiQ.exe
  C:\Windows\System\chuibiQ.exe
  2⤵
  PID:7524
- C:\Windows\System\PWeFAIg.exe
  C:\Windows\System\PWeFAIg.exe
  2⤵
  PID:7540
- C:\Windows\System\BYMCowj.exe
  C:\Windows\System\BYMCowj.exe
  2⤵
  PID:7556
- C:\Windows\System\HrkOImt.exe
  C:\Windows\System\HrkOImt.exe
  2⤵
  PID:7572
- C:\Windows\System\LAAmFZB.exe
  C:\Windows\System\LAAmFZB.exe
  2⤵
  PID:7588
- C:\Windows\System\cFSVLEm.exe
  C:\Windows\System\cFSVLEm.exe
  2⤵
  PID:7604
- C:\Windows\System\qxvwkUI.exe
  C:\Windows\System\qxvwkUI.exe
  2⤵
  PID:7620
- C:\Windows\System\ioClCNV.exe
  C:\Windows\System\ioClCNV.exe
  2⤵
  PID:7636
- C:\Windows\System\xstNxBb.exe
  C:\Windows\System\xstNxBb.exe
  2⤵
  PID:7652
- C:\Windows\System\xMZLHlP.exe
  C:\Windows\System\xMZLHlP.exe
  2⤵
  PID:7668
- C:\Windows\System\azqeEcO.exe
  C:\Windows\System\azqeEcO.exe
  2⤵
  PID:7684
- C:\Windows\System\liQuMmW.exe
  C:\Windows\System\liQuMmW.exe
  2⤵
  PID:7700
- C:\Windows\System\RxeOXuF.exe
  C:\Windows\System\RxeOXuF.exe
  2⤵
  PID:7716
- C:\Windows\System\kgBirOZ.exe
  C:\Windows\System\kgBirOZ.exe
  2⤵
  PID:7732
- C:\Windows\System\auTMWep.exe
  C:\Windows\System\auTMWep.exe
  2⤵
  PID:7748
- C:\Windows\System\TtfwlrA.exe
  C:\Windows\System\TtfwlrA.exe
  2⤵
  PID:7764
- C:\Windows\System\KyqCwDI.exe
  C:\Windows\System\KyqCwDI.exe
  2⤵
  PID:7780
- C:\Windows\System\zDVOTlo.exe
  C:\Windows\System\zDVOTlo.exe
  2⤵
  PID:7796
- C:\Windows\System\qlLRUbE.exe
  C:\Windows\System\qlLRUbE.exe
  2⤵
  PID:7812
- C:\Windows\System\sHoKULO.exe
  C:\Windows\System\sHoKULO.exe
  2⤵
  PID:7828
- C:\Windows\System\hWAbMqK.exe
  C:\Windows\System\hWAbMqK.exe
  2⤵
  PID:7844
- C:\Windows\System\DCXlOQa.exe
  C:\Windows\System\DCXlOQa.exe
  2⤵
  PID:7860
- C:\Windows\System\FOqWhHe.exe
  C:\Windows\System\FOqWhHe.exe
  2⤵
  PID:7876
- C:\Windows\System\lhtdeYs.exe
  C:\Windows\System\lhtdeYs.exe
  2⤵
  PID:7892
- C:\Windows\System\LZnIswp.exe
  C:\Windows\System\LZnIswp.exe
  2⤵
  PID:7908
- C:\Windows\System\HryBfUw.exe
  C:\Windows\System\HryBfUw.exe
  2⤵
  PID:7924
- C:\Windows\System\BtDsLcN.exe
  C:\Windows\System\BtDsLcN.exe
  2⤵
  PID:7940
- C:\Windows\System\gLIlCQE.exe
  C:\Windows\System\gLIlCQE.exe
  2⤵
  PID:7956
- C:\Windows\System\EFwckhB.exe
  C:\Windows\System\EFwckhB.exe
  2⤵
  PID:7972
- C:\Windows\System\TKvWnpI.exe
  C:\Windows\System\TKvWnpI.exe
  2⤵
  PID:7988
- C:\Windows\System\xdOGWdB.exe
  C:\Windows\System\xdOGWdB.exe
  2⤵
  PID:8004
- C:\Windows\System\FoaaHxO.exe
  C:\Windows\System\FoaaHxO.exe
  2⤵
  PID:8020
- C:\Windows\System\iLQIuTK.exe
  C:\Windows\System\iLQIuTK.exe
  2⤵
  PID:8036
- C:\Windows\System\QCBCTUS.exe
  C:\Windows\System\QCBCTUS.exe
  2⤵
  PID:8052
- C:\Windows\System\AsBLVzw.exe
  C:\Windows\System\AsBLVzw.exe
  2⤵
  PID:8068
- C:\Windows\System\ZiQIhWW.exe
  C:\Windows\System\ZiQIhWW.exe
  2⤵
  PID:8084
- C:\Windows\System\KuLJmZj.exe
  C:\Windows\System\KuLJmZj.exe
  2⤵
  PID:8100
- C:\Windows\System\zKoUklG.exe
  C:\Windows\System\zKoUklG.exe
  2⤵
  PID:8116
- C:\Windows\System\aeOebwv.exe
  C:\Windows\System\aeOebwv.exe
  2⤵
  PID:8132
- C:\Windows\System\zZVikNn.exe
  C:\Windows\System\zZVikNn.exe
  2⤵
  PID:8148
- C:\Windows\System\lvRHCyh.exe
  C:\Windows\System\lvRHCyh.exe
  2⤵
  PID:8164
- C:\Windows\System\EtALfVs.exe
  C:\Windows\System\EtALfVs.exe
  2⤵
  PID:8180
- C:\Windows\System\yKEpUXJ.exe
  C:\Windows\System\yKEpUXJ.exe
  2⤵
  PID:6880
- C:\Windows\System\PUPHWQw.exe
  C:\Windows\System\PUPHWQw.exe
  2⤵
  PID:6944
- C:\Windows\System\pINlwkz.exe
  C:\Windows\System\pINlwkz.exe
  2⤵
  PID:7008
- C:\Windows\System\qtWGNjl.exe
  C:\Windows\System\qtWGNjl.exe
  2⤵
  PID:7072
- C:\Windows\System\UGMyXkU.exe
  C:\Windows\System\UGMyXkU.exe
  2⤵
  PID:5156
- C:\Windows\System\FwislfW.exe
  C:\Windows\System\FwislfW.exe
  2⤵
  PID:5700
- C:\Windows\System\DWSfXdb.exe
  C:\Windows\System\DWSfXdb.exe
  2⤵
  PID:6220
- C:\Windows\System\okIuGRp.exe
  C:\Windows\System\okIuGRp.exe
  2⤵
  PID:4364
- C:\Windows\System\bsYPfwZ.exe
  C:\Windows\System\bsYPfwZ.exe
  2⤵
  PID:6268
- C:\Windows\System\npBdDaP.exe
  C:\Windows\System\npBdDaP.exe
  2⤵
  PID:6608
- C:\Windows\System\PDkTkUv.exe
  C:\Windows\System\PDkTkUv.exe
  2⤵
  PID:6560
- C:\Windows\System\omeBYYZ.exe
  C:\Windows\System\omeBYYZ.exe
  2⤵
  PID:6624
- C:\Windows\System\ecFlinU.exe
  C:\Windows\System\ecFlinU.exe
  2⤵
  PID:6832
- C:\Windows\System\RGMVbXZ.exe
  C:\Windows\System\RGMVbXZ.exe
  2⤵
  PID:7212
- C:\Windows\System\nxnLtNp.exe
  C:\Windows\System\nxnLtNp.exe
  2⤵
  PID:7244
- C:\Windows\System\qEecjWN.exe
  C:\Windows\System\qEecjWN.exe
  2⤵
  PID:7260
- C:\Windows\System\yMDQszy.exe
  C:\Windows\System\yMDQszy.exe
  2⤵
  PID:7292
- C:\Windows\System\TWwTtuN.exe
  C:\Windows\System\TWwTtuN.exe
  2⤵
  PID:7324
- C:\Windows\System\qaLpPhx.exe
  C:\Windows\System\qaLpPhx.exe
  2⤵
  PID:7356
- C:\Windows\System\dPvYexD.exe
  C:\Windows\System\dPvYexD.exe
  2⤵
  PID:7388
- C:\Windows\System\xKBFuTg.exe
  C:\Windows\System\xKBFuTg.exe
  2⤵
  PID:7392
- C:\Windows\System\vyvIwvD.exe
  C:\Windows\System\vyvIwvD.exe
  2⤵
  PID:7452
- C:\Windows\System\kCkdlOL.exe
  C:\Windows\System\kCkdlOL.exe
  2⤵
  PID:7484
- C:\Windows\System\dxLPjKQ.exe
  C:\Windows\System\dxLPjKQ.exe
  2⤵
  PID:7516
- C:\Windows\System\KNomlCC.exe
  C:\Windows\System\KNomlCC.exe
  2⤵
  PID:7548
- C:\Windows\System\wfxyVuq.exe
  C:\Windows\System\wfxyVuq.exe
  2⤵
  PID:7580
- C:\Windows\System\lLcDLeX.exe
  C:\Windows\System\lLcDLeX.exe
  2⤵
  PID:7612
- C:\Windows\System\KSRZAAp.exe
  C:\Windows\System\KSRZAAp.exe
  2⤵
  PID:7644
- C:\Windows\System\EtMqYLk.exe
  C:\Windows\System\EtMqYLk.exe
  2⤵
  PID:856
- C:\Windows\System\QoEDiOF.exe
  C:\Windows\System\QoEDiOF.exe
  2⤵
  PID:7696
- C:\Windows\System\ioNosYk.exe
  C:\Windows\System\ioNosYk.exe
  2⤵
  PID:7728
- C:\Windows\System\IrvNMGi.exe
  C:\Windows\System\IrvNMGi.exe
  2⤵
  PID:7760
- C:\Windows\System\vgebRFe.exe
  C:\Windows\System\vgebRFe.exe
  2⤵
  PID:7776
- C:\Windows\System\qruHJay.exe
  C:\Windows\System\qruHJay.exe
  2⤵
  PID:7804
- C:\Windows\System\mNlMRDg.exe
  C:\Windows\System\mNlMRDg.exe
  2⤵
  PID:7820
- C:\Windows\System\pHLqufG.exe
  C:\Windows\System\pHLqufG.exe
  2⤵
  PID:7824
- C:\Windows\System\SOAqdVT.exe
  C:\Windows\System\SOAqdVT.exe
  2⤵
  PID:1532
- C:\Windows\System\mlEfkPa.exe
  C:\Windows\System\mlEfkPa.exe
  2⤵
  PID:1668
- C:\Windows\System\DXkRXbk.exe
  C:\Windows\System\DXkRXbk.exe
  2⤵
  PID:1320
- C:\Windows\System\OqOuoVs.exe
  C:\Windows\System\OqOuoVs.exe
  2⤵
  PID:1768
- C:\Windows\System\kKwHfHv.exe
  C:\Windows\System\kKwHfHv.exe
  2⤵
  PID:2252
- C:\Windows\System\usteGLw.exe
  C:\Windows\System\usteGLw.exe
  2⤵
  PID:1548
- C:\Windows\System\LIIlDps.exe
  C:\Windows\System\LIIlDps.exe
  2⤵
  PID:2432
- C:\Windows\System\uZiBVla.exe
  C:\Windows\System\uZiBVla.exe
  2⤵
  PID:1048
- C:\Windows\System\elOOagF.exe
  C:\Windows\System\elOOagF.exe
  2⤵
  PID:7968
- C:\Windows\System\jjpjGVH.exe
  C:\Windows\System\jjpjGVH.exe
  2⤵
  PID:8012
- C:\Windows\System\CAtnlwv.exe
  C:\Windows\System\CAtnlwv.exe
  2⤵
  PID:8032
- C:\Windows\System\UqdDncN.exe
  C:\Windows\System\UqdDncN.exe
  2⤵
  PID:8064
- C:\Windows\System\LJKXNGt.exe
  C:\Windows\System\LJKXNGt.exe
  2⤵
  PID:1544
- C:\Windows\System\RgCYffA.exe
  C:\Windows\System\RgCYffA.exe
  2⤵
  PID:8124
- C:\Windows\System\HYspkgm.exe
  C:\Windows\System\HYspkgm.exe
  2⤵
  PID:8156
- C:\Windows\System\lTyLdLs.exe
  C:\Windows\System\lTyLdLs.exe
  2⤵
  PID:8188
- C:\Windows\System\IdVuhaF.exe
  C:\Windows\System\IdVuhaF.exe
  2⤵
  PID:6980
- C:\Windows\System\WBhUecJ.exe
  C:\Windows\System\WBhUecJ.exe
  2⤵
  PID:7088
- C:\Windows\System\qcAIYUB.exe
  C:\Windows\System\qcAIYUB.exe
  2⤵
  PID:5240
- C:\Windows\System\qfAioli.exe
  C:\Windows\System\qfAioli.exe
  2⤵
  PID:6316
- C:\Windows\System\uKUFcbX.exe
  C:\Windows\System\uKUFcbX.exe
  2⤵
  PID:6412
- C:\Windows\System\ybXZHUD.exe
  C:\Windows\System\ybXZHUD.exe
  2⤵
  PID:6800
- C:\Windows\System\GCUuIjX.exe
  C:\Windows\System\GCUuIjX.exe
  2⤵
  PID:7200
- C:\Windows\System\ZndVNbE.exe
  C:\Windows\System\ZndVNbE.exe
  2⤵
  PID:7264
- C:\Windows\System\icTrntw.exe
  C:\Windows\System\icTrntw.exe
  2⤵
  PID:7328
- C:\Windows\System\qefehwn.exe
  C:\Windows\System\qefehwn.exe
  2⤵
  PID:7408
- C:\Windows\System\gjKEYhz.exe
  C:\Windows\System\gjKEYhz.exe
  2⤵
  PID:7456
- C:\Windows\System\OsbizWN.exe
  C:\Windows\System\OsbizWN.exe
  2⤵
  PID:7520
- C:\Windows\System\iOVjtMU.exe
  C:\Windows\System\iOVjtMU.exe
  2⤵
  PID:7584
- C:\Windows\System\lAWeyEV.exe
  C:\Windows\System\lAWeyEV.exe
  2⤵
  PID:7660
- C:\Windows\System\AhUFwje.exe
  C:\Windows\System\AhUFwje.exe
  2⤵
  PID:7756
- C:\Windows\System\sSoOcok.exe
  C:\Windows\System\sSoOcok.exe
  2⤵
  PID:2108
- C:\Windows\System\zPTprdp.exe
  C:\Windows\System\zPTprdp.exe
  2⤵
  PID:1972
- C:\Windows\System\mbRbUrB.exe
  C:\Windows\System\mbRbUrB.exe
  2⤵
  PID:7840
- C:\Windows\System\gQTrnRf.exe
  C:\Windows\System\gQTrnRf.exe
  2⤵
  PID:1636
- C:\Windows\System\bAdIRUC.exe
  C:\Windows\System\bAdIRUC.exe
  2⤵
  PID:7920
- C:\Windows\System\eGMQESm.exe
  C:\Windows\System\eGMQESm.exe
  2⤵
  PID:7936
- C:\Windows\System\xbRaKzQ.exe
  C:\Windows\System\xbRaKzQ.exe
  2⤵
  PID:7984
- C:\Windows\System\IxQdDkH.exe
  C:\Windows\System\IxQdDkH.exe
  2⤵
  PID:8028
- C:\Windows\System\qxTBvuw.exe
  C:\Windows\System\qxTBvuw.exe
  2⤵
  PID:8096
- C:\Windows\System\yqtdmfp.exe
  C:\Windows\System\yqtdmfp.exe
  2⤵
  PID:8160
- C:\Windows\System\INMdAOA.exe
  C:\Windows\System\INMdAOA.exe
  2⤵
  PID:7060
- C:\Windows\System\MeVttsV.exe
  C:\Windows\System\MeVttsV.exe
  2⤵
  PID:4920
- C:\Windows\System\mLDuzug.exe
  C:\Windows\System\mLDuzug.exe
  2⤵
  PID:6736
- C:\Windows\System\PXELuKk.exe
  C:\Windows\System\PXELuKk.exe
  2⤵
  PID:7232
- C:\Windows\System\ZiWxdVa.exe
  C:\Windows\System\ZiWxdVa.exe
  2⤵
  PID:7296
- C:\Windows\System\ajGoRDC.exe
  C:\Windows\System\ajGoRDC.exe
  2⤵
  PID:7440
- C:\Windows\System\ZunQTrD.exe
  C:\Windows\System\ZunQTrD.exe
  2⤵
  PID:7628
- C:\Windows\System\UiuOZyA.exe
  C:\Windows\System\UiuOZyA.exe
  2⤵
  PID:7744
- C:\Windows\System\GrQKenB.exe
  C:\Windows\System\GrQKenB.exe
  2⤵
  PID:2224
- C:\Windows\System\EHfWwou.exe
  C:\Windows\System\EHfWwou.exe
  2⤵
  PID:8204
- C:\Windows\System\wDGeypw.exe
  C:\Windows\System\wDGeypw.exe
  2⤵
  PID:8220
- C:\Windows\System\VZnLKIJ.exe
  C:\Windows\System\VZnLKIJ.exe
  2⤵
  PID:8236
- C:\Windows\System\hdHgcGt.exe
  C:\Windows\System\hdHgcGt.exe
  2⤵
  PID:8252
- C:\Windows\System\YOGZxlZ.exe
  C:\Windows\System\YOGZxlZ.exe
  2⤵
  PID:8268
- C:\Windows\System\whQQjYn.exe
  C:\Windows\System\whQQjYn.exe
  2⤵
  PID:8284
- C:\Windows\System\Fdaabcm.exe
  C:\Windows\System\Fdaabcm.exe
  2⤵
  PID:8300
- C:\Windows\System\UbtNhIB.exe
  C:\Windows\System\UbtNhIB.exe
  2⤵
  PID:8316
- C:\Windows\System\LSjRVuz.exe
  C:\Windows\System\LSjRVuz.exe
  2⤵
  PID:8332
- C:\Windows\System\VEXFcQh.exe
  C:\Windows\System\VEXFcQh.exe
  2⤵
  PID:8348
- C:\Windows\System\KUMZeyL.exe
  C:\Windows\System\KUMZeyL.exe
  2⤵
  PID:8364
- C:\Windows\System\KhBtcmx.exe
  C:\Windows\System\KhBtcmx.exe
  2⤵
  PID:8380
- C:\Windows\System\BETDUxx.exe
  C:\Windows\System\BETDUxx.exe
  2⤵
  PID:8396
- C:\Windows\System\VWCBzsu.exe
  C:\Windows\System\VWCBzsu.exe
  2⤵
  PID:8412
- C:\Windows\System\JYlPiLn.exe
  C:\Windows\System\JYlPiLn.exe
  2⤵
  PID:8428
- C:\Windows\System\KUwfoIQ.exe
  C:\Windows\System\KUwfoIQ.exe
  2⤵
  PID:8444
- C:\Windows\System\vWGFcpD.exe
  C:\Windows\System\vWGFcpD.exe
  2⤵
  PID:8460
- C:\Windows\System\LQCytzh.exe
  C:\Windows\System\LQCytzh.exe
  2⤵
  PID:8476
- C:\Windows\System\ZxHitbs.exe
  C:\Windows\System\ZxHitbs.exe
  2⤵
  PID:8492
- C:\Windows\System\AnjoKSE.exe
  C:\Windows\System\AnjoKSE.exe
  2⤵
  PID:8508
- C:\Windows\System\SKOgmpH.exe
  C:\Windows\System\SKOgmpH.exe
  2⤵
  PID:8524
- C:\Windows\System\lsNvtwh.exe
  C:\Windows\System\lsNvtwh.exe
  2⤵
  PID:8540
- C:\Windows\System\EuXpRID.exe
  C:\Windows\System\EuXpRID.exe
  2⤵
  PID:8556
- C:\Windows\System\bkYFBLW.exe
  C:\Windows\System\bkYFBLW.exe
  2⤵
  PID:8572
- C:\Windows\System\lcMAxTB.exe
  C:\Windows\System\lcMAxTB.exe
  2⤵
  PID:8588
- C:\Windows\System\DtXZeZD.exe
  C:\Windows\System\DtXZeZD.exe
  2⤵
  PID:8604
- C:\Windows\System\yAIKPRr.exe
  C:\Windows\System\yAIKPRr.exe
  2⤵
  PID:8620
- C:\Windows\System\tGAUGlL.exe
  C:\Windows\System\tGAUGlL.exe
  2⤵
  PID:8636
- C:\Windows\System\rXGGstP.exe
  C:\Windows\System\rXGGstP.exe
  2⤵
  PID:8656
- C:\Windows\System\DkmnklV.exe
  C:\Windows\System\DkmnklV.exe
  2⤵
  PID:8672
- C:\Windows\System\GipoZOM.exe
  C:\Windows\System\GipoZOM.exe
  2⤵
  PID:8688
- C:\Windows\System\AUjSwse.exe
  C:\Windows\System\AUjSwse.exe
  2⤵
  PID:8704
- C:\Windows\System\FuxGJkq.exe
  C:\Windows\System\FuxGJkq.exe
  2⤵
  PID:8720
- C:\Windows\System\qKPudyy.exe
  C:\Windows\System\qKPudyy.exe
  2⤵
  PID:8736
- C:\Windows\System\mAaAzQm.exe
  C:\Windows\System\mAaAzQm.exe
  2⤵
  PID:8752
- C:\Windows\System\KxHUvZZ.exe
  C:\Windows\System\KxHUvZZ.exe
  2⤵
  PID:8768
- C:\Windows\System\BYPUOLv.exe
  C:\Windows\System\BYPUOLv.exe
  2⤵
  PID:8784
- C:\Windows\System\ySGVNou.exe
  C:\Windows\System\ySGVNou.exe
  2⤵
  PID:8800
- C:\Windows\System\NLMKsuk.exe
  C:\Windows\System\NLMKsuk.exe
  2⤵
  PID:8816
- C:\Windows\System\LTmCCIT.exe
  C:\Windows\System\LTmCCIT.exe
  2⤵
  PID:8832
- C:\Windows\System\XfvEnTc.exe
  C:\Windows\System\XfvEnTc.exe
  2⤵
  PID:8848
- C:\Windows\System\pVUhDpr.exe
  C:\Windows\System\pVUhDpr.exe
  2⤵
  PID:8864
- C:\Windows\System\cyYNefY.exe
  C:\Windows\System\cyYNefY.exe
  2⤵
  PID:8880
- C:\Windows\System\EMZzXHB.exe
  C:\Windows\System\EMZzXHB.exe
  2⤵
  PID:8896
- C:\Windows\System\EWpacwH.exe
  C:\Windows\System\EWpacwH.exe
  2⤵
  PID:8912
- C:\Windows\System\yocMYIx.exe
  C:\Windows\System\yocMYIx.exe
  2⤵
  PID:8928
- C:\Windows\System\vBzDVEJ.exe
  C:\Windows\System\vBzDVEJ.exe
  2⤵
  PID:8944
- C:\Windows\System\liOGLJC.exe
  C:\Windows\System\liOGLJC.exe
  2⤵
  PID:8960
- C:\Windows\System\UjwpASx.exe
  C:\Windows\System\UjwpASx.exe
  2⤵
  PID:8976
- C:\Windows\System\pYEnEYD.exe
  C:\Windows\System\pYEnEYD.exe
  2⤵
  PID:8992
- C:\Windows\System\bjOpMay.exe
  C:\Windows\System\bjOpMay.exe
  2⤵
  PID:9008
- C:\Windows\System\GOdRzwr.exe
  C:\Windows\System\GOdRzwr.exe
  2⤵
  PID:9024
- C:\Windows\System\SSIIGUI.exe
  C:\Windows\System\SSIIGUI.exe
  2⤵
  PID:9040
- C:\Windows\System\VVYoYDa.exe
  C:\Windows\System\VVYoYDa.exe
  2⤵
  PID:9056
- C:\Windows\System\dJWjUvc.exe
  C:\Windows\System\dJWjUvc.exe
  2⤵
  PID:9072
- C:\Windows\System\gDqBNTD.exe
  C:\Windows\System\gDqBNTD.exe
  2⤵
  PID:9088
- C:\Windows\System\QVURXDP.exe
  C:\Windows\System\QVURXDP.exe
  2⤵
  PID:9104
- C:\Windows\System\ABuwycs.exe
  C:\Windows\System\ABuwycs.exe
  2⤵
  PID:9120
- C:\Windows\System\lGfGYlw.exe
  C:\Windows\System\lGfGYlw.exe
  2⤵
  PID:9136
- C:\Windows\System\IaRtzTK.exe
  C:\Windows\System\IaRtzTK.exe
  2⤵
  PID:9152
- C:\Windows\System\vvcfPWL.exe
  C:\Windows\System\vvcfPWL.exe
  2⤵
  PID:9168
- C:\Windows\System\tSrrpsy.exe
  C:\Windows\System\tSrrpsy.exe
  2⤵
  PID:9184
- C:\Windows\System\qEABqrW.exe
  C:\Windows\System\qEABqrW.exe
  2⤵
  PID:9200
- C:\Windows\System\YiHBkwz.exe
  C:\Windows\System\YiHBkwz.exe
  2⤵
  PID:7852
- C:\Windows\System\TtiVJqX.exe
  C:\Windows\System\TtiVJqX.exe
  2⤵
  PID:1760
- C:\Windows\System\dkLEtVM.exe
  C:\Windows\System\dkLEtVM.exe
  2⤵
  PID:7964
- C:\Windows\System\ysEMeTR.exe
  C:\Windows\System\ysEMeTR.exe
  2⤵
  PID:8080
- C:\Windows\System\lzRVgYj.exe
  C:\Windows\System\lzRVgYj.exe
  2⤵
  PID:6912
- C:\Windows\System\Fgnnaps.exe
  C:\Windows\System\Fgnnaps.exe
  2⤵
  PID:6464
- C:\Windows\System\xonYDLM.exe
  C:\Windows\System\xonYDLM.exe
  2⤵
  PID:7312
- C:\Windows\System\mCgVPkP.exe
  C:\Windows\System\mCgVPkP.exe
  2⤵
  PID:7552
- C:\Windows\System\OZcPozS.exe
  C:\Windows\System\OZcPozS.exe
  2⤵
  PID:7792
- C:\Windows\System\IxpfzAV.exe
  C:\Windows\System\IxpfzAV.exe
  2⤵
  PID:8216
- C:\Windows\System\rRWEUMF.exe
  C:\Windows\System\rRWEUMF.exe
  2⤵
  PID:8248
- C:\Windows\System\iztrjxt.exe
  C:\Windows\System\iztrjxt.exe
  2⤵
  PID:8280
- C:\Windows\System\KphlQQX.exe
  C:\Windows\System\KphlQQX.exe
  2⤵
  PID:8324
- C:\Windows\System\eeLqpod.exe
  C:\Windows\System\eeLqpod.exe
  2⤵
  PID:8356
- C:\Windows\System\Yjdemfp.exe
  C:\Windows\System\Yjdemfp.exe
  2⤵
  PID:8388
- C:\Windows\System\sTjlMIS.exe
  C:\Windows\System\sTjlMIS.exe
  2⤵
  PID:2380
- C:\Windows\System\wCPuzGX.exe
  C:\Windows\System\wCPuzGX.exe
  2⤵
  PID:8424
- C:\Windows\System\rGiwyDN.exe
  C:\Windows\System\rGiwyDN.exe
  2⤵
  PID:8456
- C:\Windows\System\pdISBJz.exe
  C:\Windows\System\pdISBJz.exe
  2⤵
  PID:8488
- C:\Windows\System\iQRZLNl.exe
  C:\Windows\System\iQRZLNl.exe
  2⤵
  PID:8532
- C:\Windows\System\tyWwYFK.exe
  C:\Windows\System\tyWwYFK.exe
  2⤵
  PID:8564
- C:\Windows\System\wHCmomW.exe
  C:\Windows\System\wHCmomW.exe
  2⤵
  PID:8596
- C:\Windows\System\nlNnCrm.exe
  C:\Windows\System\nlNnCrm.exe
  2⤵
  PID:8628
- C:\Windows\System\hooKpsw.exe
  C:\Windows\System\hooKpsw.exe
  2⤵
  PID:8644
- C:\Windows\System\QnCTgmW.exe
  C:\Windows\System\QnCTgmW.exe
  2⤵
  PID:8680
- C:\Windows\System\TBnjJJA.exe
  C:\Windows\System\TBnjJJA.exe
  2⤵
  PID:8712
- C:\Windows\System\gvDTFEN.exe
  C:\Windows\System\gvDTFEN.exe
  2⤵
  PID:8744
- C:\Windows\System\zKgVFiF.exe
  C:\Windows\System\zKgVFiF.exe
  2⤵
  PID:8776
- C:\Windows\System\xmfPHug.exe
  C:\Windows\System\xmfPHug.exe
  2⤵
  PID:8808
- C:\Windows\System\RYHXkGh.exe
  C:\Windows\System\RYHXkGh.exe
  2⤵
  PID:8840
- C:\Windows\System\Fzvsptu.exe
  C:\Windows\System\Fzvsptu.exe
  2⤵
  PID:8872
- C:\Windows\System\gklUrhy.exe
  C:\Windows\System\gklUrhy.exe
  2⤵
  PID:8920
- C:\Windows\System\AEDpOaO.exe
  C:\Windows\System\AEDpOaO.exe
  2⤵
  PID:8936
- C:\Windows\System\gpmiuDm.exe
  C:\Windows\System\gpmiuDm.exe
  2⤵
  PID:8968
- C:\Windows\System\wVYDxJX.exe
  C:\Windows\System\wVYDxJX.exe
  2⤵
  PID:9000
- C:\Windows\System\XkXPRyr.exe
  C:\Windows\System\XkXPRyr.exe
  2⤵
  PID:9048
- C:\Windows\System\KIASghz.exe
  C:\Windows\System\KIASghz.exe
  2⤵
  PID:9064
- C:\Windows\System\UxelPDQ.exe
  C:\Windows\System\UxelPDQ.exe
  2⤵
  PID:9096
- C:\Windows\System\gSEmKxi.exe
  C:\Windows\System\gSEmKxi.exe
  2⤵
  PID:9128
- C:\Windows\System\YDvXTCG.exe
  C:\Windows\System\YDvXTCG.exe
  2⤵
  PID:9160
- C:\Windows\System\mTVWLmV.exe
  C:\Windows\System\mTVWLmV.exe
  2⤵
  PID:9180
- C:\Windows\System\JUKuIMj.exe
  C:\Windows\System\JUKuIMj.exe
  2⤵
  PID:9212
- C:\Windows\System\CpAonlh.exe
  C:\Windows\System\CpAonlh.exe
  2⤵
  PID:7948
- C:\Windows\System\zhGXqCw.exe
  C:\Windows\System\zhGXqCw.exe
  2⤵
  PID:8060
- C:\Windows\System\iilbmRg.exe
  C:\Windows\System\iilbmRg.exe
  2⤵
  PID:6928
- C:\Windows\System\lBBvMWw.exe
  C:\Windows\System\lBBvMWw.exe
  2⤵
  PID:7504
- C:\Windows\System\DPzQNjV.exe
  C:\Windows\System\DPzQNjV.exe
  2⤵
  PID:8212
- C:\Windows\System\WJTHUXn.exe
  C:\Windows\System\WJTHUXn.exe
  2⤵
  PID:8312
- C:\Windows\System\WQGamEj.exe
  C:\Windows\System\WQGamEj.exe
  2⤵
  PID:8360
- C:\Windows\System\svhYXtm.exe
  C:\Windows\System\svhYXtm.exe
  2⤵
  PID:8408
- C:\Windows\System\Qauhqdp.exe
  C:\Windows\System\Qauhqdp.exe
  2⤵
  PID:8468
- C:\Windows\System\ygvZoGs.exe
  C:\Windows\System\ygvZoGs.exe
  2⤵
  PID:8520
- C:\Windows\System\rPaauox.exe
  C:\Windows\System\rPaauox.exe
  2⤵
  PID:2748
- C:\Windows\System\bbSjkGt.exe
  C:\Windows\System\bbSjkGt.exe
  2⤵
  PID:8668
- C:\Windows\System\biSNLPf.exe
  C:\Windows\System\biSNLPf.exe
  2⤵
  PID:2740
- C:\Windows\System\PyIODaC.exe
  C:\Windows\System\PyIODaC.exe
  2⤵
  PID:8780
- C:\Windows\System\aJrxaUY.exe
  C:\Windows\System\aJrxaUY.exe
  2⤵
  PID:8812
- C:\Windows\System\NAgfbto.exe
  C:\Windows\System\NAgfbto.exe
  2⤵
  PID:2916
- C:\Windows\System\XWHrNbs.exe
  C:\Windows\System\XWHrNbs.exe
  2⤵
  PID:8892
- C:\Windows\System\ADVlBio.exe
  C:\Windows\System\ADVlBio.exe
  2⤵
  PID:2840
- C:\Windows\System\xJYzjYB.exe
  C:\Windows\System\xJYzjYB.exe
  2⤵
  PID:9016
- C:\Windows\System\KfUyMem.exe
  C:\Windows\System\KfUyMem.exe
  2⤵
  PID:9068
- C:\Windows\System\UEobFsw.exe
  C:\Windows\System\UEobFsw.exe
  2⤵
  PID:9132
- C:\Windows\System\wKOLVgz.exe
  C:\Windows\System\wKOLVgz.exe
  2⤵
  PID:9164
- C:\Windows\System\zpwPaOb.exe
  C:\Windows\System\zpwPaOb.exe
  2⤵
  PID:9196
- C:\Windows\System\StdWcHi.exe
  C:\Windows\System\StdWcHi.exe
  2⤵
  PID:5512
- C:\Windows\System\bZkGzfZ.exe
  C:\Windows\System\bZkGzfZ.exe
  2⤵
  PID:6004
- C:\Windows\System\oGkJWAe.exe
  C:\Windows\System\oGkJWAe.exe
  2⤵
  PID:8200
- C:\Windows\System\BLMryuw.exe
  C:\Windows\System\BLMryuw.exe
  2⤵
  PID:8264
- C:\Windows\System\btTgISw.exe
  C:\Windows\System\btTgISw.exe
  2⤵
  PID:2172
- C:\Windows\System\iwwXBBf.exe
  C:\Windows\System\iwwXBBf.exe
  2⤵
  PID:8404
- C:\Windows\System\jNWpcsO.exe
  C:\Windows\System\jNWpcsO.exe
  2⤵
  PID:1908
- C:\Windows\System\aXKSvPP.exe
  C:\Windows\System\aXKSvPP.exe
  2⤵
  PID:8536
- C:\Windows\System\wxfwboW.exe
  C:\Windows\System\wxfwboW.exe
  2⤵
  PID:8632
- C:\Windows\System\LZjnIIy.exe
  C:\Windows\System\LZjnIIy.exe
  2⤵
  PID:8700
- C:\Windows\System\FqFNDRM.exe
  C:\Windows\System\FqFNDRM.exe
  2⤵
  PID:1432
- C:\Windows\System\CxNMSav.exe
  C:\Windows\System\CxNMSav.exe
  2⤵
  PID:2312
- C:\Windows\System\FTKFnJn.exe
  C:\Windows\System\FTKFnJn.exe
  2⤵
  PID:8956
- C:\Windows\System\LgqhOqu.exe
  C:\Windows\System\LgqhOqu.exe
  2⤵
  PID:1684
- C:\Windows\System\vDCWNBf.exe
  C:\Windows\System\vDCWNBf.exe
  2⤵
  PID:9084
- C:\Windows\System\LXMiaSq.exe
  C:\Windows\System\LXMiaSq.exe
  2⤵
  PID:9148
- C:\Windows\System\HrGVmAN.exe
  C:\Windows\System\HrGVmAN.exe
  2⤵
  PID:2308
- C:\Windows\System\FxRDxBd.exe
  C:\Windows\System\FxRDxBd.exe
  2⤵
  PID:2660
- C:\Windows\System\KGxbloj.exe
  C:\Windows\System\KGxbloj.exe
  2⤵
  PID:8244
- C:\Windows\System\CbpGPmE.exe
  C:\Windows\System\CbpGPmE.exe
  2⤵
  PID:8344
- C:\Windows\System\DiOBiIJ.exe
  C:\Windows\System\DiOBiIJ.exe
  2⤵
  PID:8516
- C:\Windows\System\NilZBBe.exe
  C:\Windows\System\NilZBBe.exe
  2⤵
  PID:1248
- C:\Windows\System\hrKUHuT.exe
  C:\Windows\System\hrKUHuT.exe
  2⤵
  PID:1280
- C:\Windows\System\XDaWKqT.exe
  C:\Windows\System\XDaWKqT.exe
  2⤵
  PID:2972
- C:\Windows\System\tTzhcHn.exe
  C:\Windows\System\tTzhcHn.exe
  2⤵
  PID:2732
- C:\Windows\System\GseWcLX.exe
  C:\Windows\System\GseWcLX.exe
  2⤵
  PID:2676
- C:\Windows\System\FXgImLH.exe
  C:\Windows\System\FXgImLH.exe
  2⤵
  PID:2992
- C:\Windows\System\NfHAdLs.exe
  C:\Windows\System\NfHAdLs.exe
  2⤵
  PID:2884
- C:\Windows\System\hZLcLtQ.exe
  C:\Windows\System\hZLcLtQ.exe
  2⤵
  PID:8308
- C:\Windows\System\ifYgQEt.exe
  C:\Windows\System\ifYgQEt.exe
  2⤵
  PID:1092
- C:\Windows\System\OzVmKjC.exe
  C:\Windows\System\OzVmKjC.exe
  2⤵
  PID:8600
- C:\Windows\System\uKGTIBs.exe
  C:\Windows\System\uKGTIBs.exe
  2⤵
  PID:2176
- C:\Windows\System\fNItKil.exe
  C:\Windows\System\fNItKil.exe
  2⤵
  PID:9052
- C:\Windows\System\zXrXNdo.exe
  C:\Windows\System\zXrXNdo.exe
  2⤵
  PID:5480
- C:\Windows\System\GsGKrRb.exe
  C:\Windows\System\GsGKrRb.exe
  2⤵
  PID:2636
- C:\Windows\System\qUhRLov.exe
  C:\Windows\System\qUhRLov.exe
  2⤵
  PID:2188
- C:\Windows\System\WunjoJu.exe
  C:\Windows\System\WunjoJu.exe
  2⤵
  PID:1568
- C:\Windows\System\srXKENI.exe
  C:\Windows\System\srXKENI.exe
  2⤵
  PID:8616
- C:\Windows\System\qImmbmz.exe
  C:\Windows\System\qImmbmz.exe
  2⤵
  PID:2504
- C:\Windows\System\Cuijnwi.exe
  C:\Windows\System\Cuijnwi.exe
  2⤵
  PID:8856
- C:\Windows\System\bHJizkF.exe
  C:\Windows\System\bHJizkF.exe
  2⤵
  PID:1964
- C:\Windows\System\RNXknOE.exe
  C:\Windows\System\RNXknOE.exe
  2⤵
  PID:2864
- C:\Windows\System\gLvBiTQ.exe
  C:\Windows\System\gLvBiTQ.exe
  2⤵
  PID:5720
- C:\Windows\System\LhyobrC.exe
  C:\Windows\System\LhyobrC.exe
  2⤵
  PID:2696
- C:\Windows\System\xgjALhq.exe
  C:\Windows\System\xgjALhq.exe
  2⤵
  PID:9232
- C:\Windows\System\UHAuQhY.exe
  C:\Windows\System\UHAuQhY.exe
  2⤵
  PID:9252
- C:\Windows\System\YBYEBlM.exe
  C:\Windows\System\YBYEBlM.exe
  2⤵
  PID:9268
- C:\Windows\System\UJtiFcA.exe
  C:\Windows\System\UJtiFcA.exe
  2⤵
  PID:9284
- C:\Windows\System\IBfGkfy.exe
  C:\Windows\System\IBfGkfy.exe
  2⤵
  PID:9300
- C:\Windows\System\AYiswkA.exe
  C:\Windows\System\AYiswkA.exe
  2⤵
  PID:9316
- C:\Windows\System\qTnaQrm.exe
  C:\Windows\System\qTnaQrm.exe
  2⤵
  PID:9336
- C:\Windows\System\IYnNurO.exe
  C:\Windows\System\IYnNurO.exe
  2⤵
  PID:9352
- C:\Windows\System\IWeCGpn.exe
  C:\Windows\System\IWeCGpn.exe
  2⤵
  PID:9368
- C:\Windows\System\ZodJbDS.exe
  C:\Windows\System\ZodJbDS.exe
  2⤵
  PID:9384
- C:\Windows\System\WfaAMQO.exe
  C:\Windows\System\WfaAMQO.exe
  2⤵
  PID:9400
- C:\Windows\System\SNbaePt.exe
  C:\Windows\System\SNbaePt.exe
  2⤵
  PID:9416
- C:\Windows\System\RZwwIyQ.exe
  C:\Windows\System\RZwwIyQ.exe
  2⤵
  PID:9432
- C:\Windows\System\UfEpvrF.exe
  C:\Windows\System\UfEpvrF.exe
  2⤵
  PID:9448
- C:\Windows\System\ecFAeoN.exe
  C:\Windows\System\ecFAeoN.exe
  2⤵
  PID:9464
- C:\Windows\System\DQIrwsW.exe
  C:\Windows\System\DQIrwsW.exe
  2⤵
  PID:9480
- C:\Windows\System\bpsVFjQ.exe
  C:\Windows\System\bpsVFjQ.exe
  2⤵
  PID:9496
- C:\Windows\System\XGWKaPI.exe
  C:\Windows\System\XGWKaPI.exe
  2⤵
  PID:9512
- C:\Windows\System\yeNGhzb.exe
  C:\Windows\System\yeNGhzb.exe
  2⤵
  PID:9528
- C:\Windows\System\bOZOkty.exe
  C:\Windows\System\bOZOkty.exe
  2⤵
  PID:9544
- C:\Windows\System\ouiSYnY.exe
  C:\Windows\System\ouiSYnY.exe
  2⤵
  PID:9560
- C:\Windows\System\zUPZQlH.exe
  C:\Windows\System\zUPZQlH.exe
  2⤵
  PID:9576
- C:\Windows\System\jnKuiuj.exe
  C:\Windows\System\jnKuiuj.exe
  2⤵
  PID:9592
- C:\Windows\System\xvkoOPr.exe
  C:\Windows\System\xvkoOPr.exe
  2⤵
  PID:9608
- C:\Windows\System\HBNCkkQ.exe
  C:\Windows\System\HBNCkkQ.exe
  2⤵
  PID:9624
- C:\Windows\System\HuNPwrR.exe
  C:\Windows\System\HuNPwrR.exe
  2⤵
  PID:9640
- C:\Windows\System\fVebYvc.exe
  C:\Windows\System\fVebYvc.exe
  2⤵
  PID:9656
- C:\Windows\System\TvekVMZ.exe
  C:\Windows\System\TvekVMZ.exe
  2⤵
  PID:9676
- C:\Windows\System\QeGbtEp.exe
  C:\Windows\System\QeGbtEp.exe
  2⤵
  PID:9692
- C:\Windows\System\UZbyspX.exe
  C:\Windows\System\UZbyspX.exe
  2⤵
  PID:9708
- C:\Windows\System\YrjEXSr.exe
  C:\Windows\System\YrjEXSr.exe
  2⤵
  PID:9724
- C:\Windows\System\hSmklDu.exe
  C:\Windows\System\hSmklDu.exe
  2⤵
  PID:9740
- C:\Windows\System\lnEcUKp.exe
  C:\Windows\System\lnEcUKp.exe
  2⤵
  PID:9756
- C:\Windows\System\eLqOwsC.exe
  C:\Windows\System\eLqOwsC.exe
  2⤵
  PID:9772
- C:\Windows\System\mMZFucg.exe
  C:\Windows\System\mMZFucg.exe
  2⤵
  PID:9788
- C:\Windows\System\sYkdguu.exe
  C:\Windows\System\sYkdguu.exe
  2⤵
  PID:9804
- C:\Windows\System\jZiUMnk.exe
  C:\Windows\System\jZiUMnk.exe
  2⤵
  PID:9820
- C:\Windows\System\iwdMduU.exe
  C:\Windows\System\iwdMduU.exe
  2⤵
  PID:9836
- C:\Windows\System\fnBKjUl.exe
  C:\Windows\System\fnBKjUl.exe
  2⤵
  PID:9852
- C:\Windows\System\ylFuInE.exe
  C:\Windows\System\ylFuInE.exe
  2⤵
  PID:9868
- C:\Windows\System\vdbAUAW.exe
  C:\Windows\System\vdbAUAW.exe
  2⤵
  PID:9884
- C:\Windows\System\XRadCOk.exe
  C:\Windows\System\XRadCOk.exe
  2⤵
  PID:9900
- C:\Windows\System\JbkdvYl.exe
  C:\Windows\System\JbkdvYl.exe
  2⤵
  PID:9916
- C:\Windows\System\PhZIAzs.exe
  C:\Windows\System\PhZIAzs.exe
  2⤵
  PID:9932
- C:\Windows\System\PKnAgzv.exe
  C:\Windows\System\PKnAgzv.exe
  2⤵
  PID:9948
- C:\Windows\System\ebsoecH.exe
  C:\Windows\System\ebsoecH.exe
  2⤵
  PID:9964
- C:\Windows\System\dTZciFi.exe
  C:\Windows\System\dTZciFi.exe
  2⤵
  PID:9980
- C:\Windows\System\MMvkBXX.exe
  C:\Windows\System\MMvkBXX.exe
  2⤵
  PID:9996
- C:\Windows\System\bpKlmdr.exe
  C:\Windows\System\bpKlmdr.exe
  2⤵
  PID:10012
- C:\Windows\System\rxiqEXC.exe
  C:\Windows\System\rxiqEXC.exe
  2⤵
  PID:10028
- C:\Windows\System\bIDjHwl.exe
  C:\Windows\System\bIDjHwl.exe
  2⤵
  PID:10044
- C:\Windows\System\OfUSdsC.exe
  C:\Windows\System\OfUSdsC.exe
  2⤵
  PID:10060
- C:\Windows\System\mqfRXor.exe
  C:\Windows\System\mqfRXor.exe
  2⤵
  PID:10076
- C:\Windows\System\QEuQUCi.exe
  C:\Windows\System\QEuQUCi.exe
  2⤵
  PID:10092
- C:\Windows\System\LrIBYyB.exe
  C:\Windows\System\LrIBYyB.exe
  2⤵
  PID:10108
- C:\Windows\System\yVPrPiF.exe
  C:\Windows\System\yVPrPiF.exe
  2⤵
  PID:10124
- C:\Windows\System\sVCttTx.exe
  C:\Windows\System\sVCttTx.exe
  2⤵
  PID:10140
- C:\Windows\System\dhawJvN.exe
  C:\Windows\System\dhawJvN.exe
  2⤵
  PID:10156
- C:\Windows\System\AmCYBEu.exe
  C:\Windows\System\AmCYBEu.exe
  2⤵
  PID:10172
- C:\Windows\System\ozajnUl.exe
  C:\Windows\System\ozajnUl.exe
  2⤵
  PID:10188
- C:\Windows\System\VLIAEsi.exe
  C:\Windows\System\VLIAEsi.exe
  2⤵
  PID:10204
- C:\Windows\System\twQfawD.exe
  C:\Windows\System\twQfawD.exe
  2⤵
  PID:10220
- C:\Windows\System\ikTUykK.exe
  C:\Windows\System\ikTUykK.exe
  2⤵
  PID:10236
- C:\Windows\System\sdDoNPC.exe
  C:\Windows\System\sdDoNPC.exe
  2⤵
  PID:8016
- C:\Windows\System\deNJudk.exe
  C:\Windows\System\deNJudk.exe
  2⤵
  PID:2784
- C:\Windows\System\BNlulbN.exe
  C:\Windows\System\BNlulbN.exe
  2⤵
  PID:9228
- C:\Windows\System\TbFMEaD.exe
  C:\Windows\System\TbFMEaD.exe
  2⤵
  PID:9264
- C:\Windows\System\PNmdnBD.exe
  C:\Windows\System\PNmdnBD.exe
  2⤵
  PID:9292
- C:\Windows\System\rbCeudc.exe
  C:\Windows\System\rbCeudc.exe
  2⤵
  PID:9348
- C:\Windows\System\SddGlnX.exe
  C:\Windows\System\SddGlnX.exe
  2⤵
  PID:9360
- C:\Windows\System\EOacDSE.exe
  C:\Windows\System\EOacDSE.exe
  2⤵
  PID:9396
- C:\Windows\System\cedCUFZ.exe
  C:\Windows\System\cedCUFZ.exe
  2⤵
  PID:9460
- C:\Windows\System\AQphsta.exe
  C:\Windows\System\AQphsta.exe
  2⤵
  PID:9412
- C:\Windows\System\OwceINk.exe
  C:\Windows\System\OwceINk.exe
  2⤵
  PID:9524
- C:\Windows\System\IuBcKVB.exe
  C:\Windows\System\IuBcKVB.exe
  2⤵
  PID:9588
- C:\Windows\System\zhhiiXa.exe
  C:\Windows\System\zhhiiXa.exe
  2⤵
  PID:9620
- C:\Windows\System\UXYGLCW.exe
  C:\Windows\System\UXYGLCW.exe
  2⤵
  PID:9688
- C:\Windows\System\LSPnddL.exe
  C:\Windows\System\LSPnddL.exe
  2⤵
  PID:9472
- C:\Windows\System\IsInmDL.exe
  C:\Windows\System\IsInmDL.exe
  2⤵
  PID:9600
- C:\Windows\System\kwINKLe.exe
  C:\Windows\System\kwINKLe.exe
  2⤵
  PID:9784
- C:\Windows\System\xfNgeNk.exe
  C:\Windows\System\xfNgeNk.exe
  2⤵
  PID:9636
- C:\Windows\System\WiUXyZj.exe
  C:\Windows\System\WiUXyZj.exe
  2⤵
  PID:9664
- C:\Windows\System\fvtULSN.exe
  C:\Windows\System\fvtULSN.exe
  2⤵
  PID:9876
- C:\Windows\System\xzvZVej.exe
  C:\Windows\System\xzvZVej.exe
  2⤵
  PID:9940
- C:\Windows\System\TbLnyPp.exe
  C:\Windows\System\TbLnyPp.exe
  2⤵
  PID:9668
- C:\Windows\System\tTIUBxy.exe
  C:\Windows\System\tTIUBxy.exe
  2⤵
  PID:9736
- C:\Windows\System\Zobbxpd.exe
  C:\Windows\System\Zobbxpd.exe
  2⤵
  PID:9796
- C:\Windows\System\EFIPnHl.exe
  C:\Windows\System\EFIPnHl.exe
  2⤵
  PID:9960
- C:\Windows\System\pAOQhTJ.exe
  C:\Windows\System\pAOQhTJ.exe
  2⤵
  PID:9924
- C:\Windows\System\PUSGRXp.exe
  C:\Windows\System\PUSGRXp.exe
  2⤵
  PID:10004
- C:\Windows\System\DluARxd.exe
  C:\Windows\System\DluARxd.exe
  2⤵
  PID:10036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DZGNhDv.exe

Filesize
6.0MB

MD5
91a033cf58c69e5619eb378e21e7cda7

SHA1
8be9016a741be5822242b64c3e4268b84101b5cb

SHA256
b97411970bb09b80f09ffbabcd3ca6b498900109d927f6d32cce5739d40d8d00

SHA512
24bc5855ef68c6441acab1394073bc11751b2d728c3b7b36720d55f8eb2cffdab1b19b33e42c76314df7091bfdf7b8f18cfb0bbe67206aa2590d9ca7c3944355

Download Submit
C:\Windows\system\EtDNAne.exe

Filesize
6.0MB

MD5
d583732907ac5303a70eefa1729b69ce

SHA1
1f6fcd48a89506333c7a132c10bfef4aa21a6d60

SHA256
917fc4cae5514dcd60e76ed669c3cce0a23b75397dbc6af0bffe519084e836f6

SHA512
3b6f55ca30e3449d7c80cec152566b816cae0d2aa811c283c37b9357f529653a7e23b1cf823834ab874ffd7a4b710b73fb99ee8774ddcd1c0c0eeed27021c87a

Download Submit
C:\Windows\system\HNZkPSx.exe

Filesize
6.0MB

MD5
267dcbdc210119fc2dda104cda6eea05

SHA1
f258623c47af1066e33cfe21dd1b96671461bcba

SHA256
6f081a012af53cf74a3d1c1c635aacdb5e4f9eb2609e4ca8c20f6a63a51d0abd

SHA512
e14d2b0aea6a4af3c6846fb39be7d2ac14981adf8f3ac60ae307d4e7ba92d3dc835f69028ad7255bc5a8464430e368a6097e5ca461d4c7ddd81253fce6ae6061

Download Submit
C:\Windows\system\JuxwEqY.exe

Filesize
6.0MB

MD5
2cb1d82a2be0ad1928f161ef848c90cd

SHA1
8ef15f0222fe7366e1a4f3f19a1bf0ff3498a126

SHA256
91b97291f5376f94938354360cffea554544292dcbd81c8a6d5509571ad50258

SHA512
121aba4d8e8d83baedf6d8f28623da9a534a1a787bb9ed7f9fc05097b2b5fd6bad3ba76ebef848f558734dcb7e310eef916fce72b2d082cf9fb76bcd4353d38a

Download Submit
C:\Windows\system\LYwEqRL.exe

Filesize
6.0MB

MD5
472d54e8059806214970fcd1f3b4fa1a

SHA1
22cbdda24fcaa45f7b0c31ed179f5a74a08f4346

SHA256
a8bed42dc800445ee7fd2821b5d4f917e83092080de181d66a5d2ef5c2720f0c

SHA512
0c3079613272574845cbfda481aa453f44c1c0765ee48f8ca90db07e18e3d900341740991a472f33120a4b15d2f120f48e4db5da24e680574f62c78a1ff644ce

Download Submit
C:\Windows\system\LlUqDJV.exe

Filesize
6.0MB

MD5
4f23c9189262c4960a07a6be7f484be6

SHA1
58b677fe63e9bf716731d6985064b8e46e4f4330

SHA256
de948980cb63324d83617add336712c6cc6f0b22b96e646d1aa8f12e444d507f

SHA512
85109c3504834c9ad68cd598c89dfbb37faa78a5bbd02ac02a8abbf9713de773615eaa1ae8800c23392994380873b5321b2fe5cefcd579d93682da1ff3b881a8

Download Submit
C:\Windows\system\MOZXiEK.exe

Filesize
6.0MB

MD5
59f81fa4aaf60b93243891808a10c89c

SHA1
54d554a839931a11142ebbfb6cd4b3653d6595d3

SHA256
579f248840e2e04175b3300f57dc0825712326b573e3c414d0682b06e25e41ec

SHA512
a4ef048f09657268f0018d3c0ce4223fd83cfb534088e32fdb8a57b2fd55295dbe4e9a7b18d774893e077b7ac8e09b25718efa4030664134f71a64197d00c813

Download Submit
C:\Windows\system\SSAZhRW.exe

Filesize
6.0MB

MD5
1101dfcee10c3d28a52bbf7ec798ac8d

SHA1
5524f9b6d23268379474a827699ee5c5599ffa3c

SHA256
30fba823fa603afe9ef07588137fcde38a96a655eb7d556d9f28ad2746ecd7b5

SHA512
38fc5f93bbdcda2cf0a43cedc589682f9f8876e8771bca191786c654b7bc4fce639ac46e9a16162f4f008366023b4b14535c398960855d7eb95b3874359a0d87

Download Submit
C:\Windows\system\UpzfLcG.exe

Filesize
6.0MB

MD5
2201d6412d92217e9f94987f7eb20cae

SHA1
7c6a7a90cb0606e822b45ba090486d9e832f5a0b

SHA256
68887aa439b4bc5cd19285147dec282d0eae3ab4f435476898f1fee1be28eb5a

SHA512
8aeae2beee2619af37a772f9ac41a1c79085806e5d90f6c2af1cba16ca1e6f8f1bcf50dda95411c4ee8b1f4e0fc84202e771f81155c143a78e73ad5200913b02

Download Submit
C:\Windows\system\VMgQojs.exe

Filesize
6.0MB

MD5
bb6038934ec2a9a1ebecb5924896271f

SHA1
5b0edea23f1778c5dc37ff26f1deed164ffd556f

SHA256
a8a0344dc43d55091de25870c8ee9ea42dde678d46b82c50e6210b46c480d363

SHA512
58f0c3dc2318226aa88cbb828787faeee51128f9b8a1d2537dd74d790d970fc63c914dbb033e853a77b5d34db48b08ebe070d7b94d72e6f8561e62e226c10679

Download Submit
C:\Windows\system\cjCHcrW.exe

Filesize
6.0MB

MD5
8563e904ddc131b5e7aa4e3d92563afe

SHA1
b239dbaee671cda36f8350fa9d13f6a82bf08b88

SHA256
3ae08dacaa0b17ecd292d65d4e42e144b3b233f2636dc734f40ebd6d57d1070a

SHA512
f2e9f303f40f97f0d2a34a009db519fb15e65edc479b69b32fd4e996bf78fdee4856798a7e89d6782ba642feef00d412d3458fd98b6e0f2f305b683e56abeac0

Download Submit
C:\Windows\system\dlngvNE.exe

Filesize
6.0MB

MD5
1cf0dbe6680f831b012d2ee9228c5f2e

SHA1
09f57f210a0f33d19947744cf22dc8264e1b19e9

SHA256
5a936bf07c0a8adcc8b44c7b31d1cc85418c51457dba5d073dafee379c8b2d8b

SHA512
53c888a7b1b6d809860fe04de83e8a19c01ba32d1f66d3bdf99e60b350d6ce1e52a3b792672fe025f1e1073a72b67c1c47e9f22c77af0b4c4935e81c97bc08a9

Download Submit
C:\Windows\system\eKwrCbd.exe

Filesize
6.0MB

MD5
7dfca9f36ca1b13ce57723a1022196b4

SHA1
b7f1296de84d2d2587edea8c12ab992527948f9d

SHA256
0547162a803f024f6744763eda58d3f7b30fb2342c1950e09824b5aba70d91a3

SHA512
87ac2e5a00ba16ba05f0a426e9d705de8e0d0d820cc7d77e8048bbeceeebc06cb17a7a1f880a5405d3b994d8137775bb909f95134d2e20dabb3afdfeba4bb54f

Download Submit
C:\Windows\system\gUJHOhk.exe

Filesize
6.0MB

MD5
44fefc4c9d5922acd56d7fd661558c26

SHA1
c5bcc46b74ff1715d0af8aae2edbb6d9cc6aee03

SHA256
c0a82c37d336664ccce335dc8147576f1d86e82a992b72bee7a770d61a6f8ccc

SHA512
8dbf8e25b09a3cc7a65d3fe1ed1daa5d00cae4f4ff33e663386125d313363ade457931d7f0138a5e5e20f0116c8664107f8e4395baadc63a2ffe71ba92b1948d

Download Submit
C:\Windows\system\hfJiNxo.exe

Filesize
6.0MB

MD5
e25a31a2f9a4a041426a4d67d46c337f

SHA1
04cda8166f99f7a5bb13317db97a74799da9fcd0

SHA256
77ba3961401492882ed7ea9c56a86b311d3f2661c3825753f2f67624aa5f7b97

SHA512
3e44c93a0a7d4a93811782b17089c96836f2fc8b22a391869ba0389b17d53010f89c351260287d98471819406204585cddc23ae5894f826f410a0e4b2f0debd6

Download Submit
C:\Windows\system\jDddoNR.exe

Filesize
6.0MB

MD5
b305fef3d8e3cd703da31a17a52197d6

SHA1
eab0c79453f257de2c99907052c13909b117da9f

SHA256
f9b7280ac761764ad45633534ffe7ca6f2d5c5796121d97aef99107532d1ab04

SHA512
b90d60cf4142948c77840767c90d7ac856aba779c641ae0dd70573c17e1d5b02f1c1d12dc23fdf409e3223083d7822f5f19a21d30ba2227514775dc9dfd4df86

Download Submit
C:\Windows\system\jYAHJim.exe

Filesize
6.0MB

MD5
7858ac2262acf5d3b5710f8fb229f2cb

SHA1
132adf790123c3b3efad03a5069ba8bef1c09d2a

SHA256
29c53ef5d589a756a126c3957b2d89d674373f5d16aefd97aa49222351976bae

SHA512
30f474d3ed546ca8113e6c84ea68d085bc6f5e92a293cc54ec0b88a19698e767b9f43febb0c477e019e7947f072d1b8a293610027cf5d437e096d4b2818570bf

Download Submit
C:\Windows\system\jiOncbg.exe

Filesize
6.0MB

MD5
815e16db1b19dfd8330fb24038d8166f

SHA1
5987d12bdbc387366de63d1231b07cc9bfd86b43

SHA256
dbcdfad83e59f8ae41f486a649c8b7c1ee423eeffa6db5369ac1aa8f5364f805

SHA512
de649787d031169b321718253b0be946022b0baf898514790de69bad05df338529fd35ff1060f07e2f712e6cd883911280a525c9a687c470a38896ad7145e202

Download Submit
C:\Windows\system\khbXnXj.exe

Filesize
6.0MB

MD5
a6436db01be3e1b17659d8699ea7a127

SHA1
e0328e48f472eaeaf20ecc7fa7b21879c6af4ba3

SHA256
48cfafddc9b8dcbb26ed9ec6f0472a3616e6aad6d073ac902e80250beef0881c

SHA512
fa11b062ff8b260647df65ac3d951763457b1fcd0db6d9a6b579a3d8cd625b767bcaaae47ca8ced4137e0e1bf24a13ad6f69213797bfd6a8ddd62131b1b4982e

Download Submit
C:\Windows\system\kuemLuX.exe

Filesize
6.0MB

MD5
8f70075aee3c0c051ca86d1b639a93f1

SHA1
6fb98a0450da2a36bc8cebf449b194cffc505b80

SHA256
bf0601ffdeb82397645a9c9a0ac028634866a816723ffc0d8bbdd10ae66ecef7

SHA512
06eb71439fa361d9c0a12a1a00cb17116cd7470586177a2f47582d5c2cc9be3c4a83bff300002ab43c07a14f150e78d633a877f2b832915332019a47f4c0c204

Download Submit
C:\Windows\system\kwDvVoJ.exe

Filesize
6.0MB

MD5
411f7fd2a784e5dc4a26bad807544079

SHA1
b35b6ee75cd0865d50de1ba4acd5d1b3353a8479

SHA256
3404d377a4f8f4adf19595774a221271a4c0944f7a6bafa0e6b62a90bd18862c

SHA512
5185946e9604d01384338b39f8dfa83955e78946f375d01258ff5b7a6889e2b2fb724e81845886848b9346330b2cefb7f9d9629b2746146ac326caa5efc10fc3

Download Submit
C:\Windows\system\mOnhjzy.exe

Filesize
6.0MB

MD5
894126416fafce148e7a2192822d4337

SHA1
ff6d3d9bf05a15a9575705b457277eec8a8f8168

SHA256
66219ca548491ebee20d74aae04ffa607b9901253ad068c0fd9fd652d081f501

SHA512
54875f310d17286369ecc76a2f7a6ad41ec71a139c4ce865d2517c090d58b62575e0c57094851a529bcd3b9431cc8fe07640fe85a0547eb49764742b3837a516

Download Submit
C:\Windows\system\nLzYtfV.exe

Filesize
6.0MB

MD5
c00e60480383681320bef2c63689cafc

SHA1
bd6709e89111b67459871044a539f8003214dad5

SHA256
8f60b60b0611a9f59b5c39548502b937ab4033a93594577e88ab96e32f3bae42

SHA512
f30b1798d8c34878b2145689d8fa73ea2ac22f35d5fa726c1b62cc478efdbca4121d1fda58c3dd91da82bfd4bb4e2409caf8fb310d7211a54257188b0a6660af

Download Submit
C:\Windows\system\nhUKncJ.exe

Filesize
6.0MB

MD5
e012b5b6be9a5a111355132cf5b4b9df

SHA1
5efca28af8b52faf4bcc51978a79a7dbb39c53d8

SHA256
5639027c698441f93739e14e84beacb6b134c83b95218dc2308abdc905d047a3

SHA512
7e12c715ab0d42d261dfd42dccb39aea8d88ae8b48a9bbc68d6d0a376bd6dbf9012e150b62726085fa17fbf01f4fdac06bdadbea0d39fd2b9eec2b3806fc2538

Download Submit
C:\Windows\system\qtEdLLE.exe

Filesize
6.0MB

MD5
fbc6c9bb0c90e9808f5de3313bf31af5

SHA1
2a11980eb825f71e91365f1a82a692c63b9bbbfe

SHA256
0bc70cc131407ae4449b6b0d7fe10c36972bc7e4fc0229a9c3aab1b639f2510c

SHA512
5eec7d79a6361c42695b44de9235071ea69b939972e8f53c1507b42577b4c3672c14216ce9577c15fe514e5f2bd156e7fd659044e23f5e561dd6733d801e4943

Download Submit
C:\Windows\system\tsceHZM.exe

Filesize
6.0MB

MD5
4ff9c0b4a89ff61e4c5e99cb92924633

SHA1
3f637aeb71a800fa1462a79fa40875d7db262f22

SHA256
5aa0e82331128636bc4163ef9eb72e7e8194e8437d8b7e0e00eeeb9fab23b10b

SHA512
fffb7442d889e72f36b8f440337a62eb12b4821852a43e030ce15ef42f2eef5381f42a1aa3ca29ac1a5795534160576a90e2d917e85d0fa49f7da453005257f5

Download Submit
C:\Windows\system\ttSVGOE.exe

Filesize
6.0MB

MD5
6f09ce33c2dbde8cfa8ed4f348887dd0

SHA1
0645dd209a0bec6692dfbc249be3b360c6b91b7e

SHA256
b84cf74f4d770c5e3749f7af5425f38038bc8ef447844671820858a65586a56c

SHA512
f05ba7d400c2ffc4a8827d243e84e330d7fb67fbd04cb98b9deb05560829beecab2480989b8b8ddcc4e8b26f5bf5edd22d2492427081c624b9e2479b72acd39c

Download Submit
\Windows\system\CMvIgGz.exe

Filesize
6.0MB

MD5
57f9758cb22d675c548bf7a4117911cb

SHA1
553802d55a18d8c19600067d8bb60505cc15f82a

SHA256
069cc1b3d3066cf163f48e67bbf057a18384ecec145ece8e68348dbba58064bd

SHA512
1e315f4e46385f2e84d889c232a6e713a05280901929fbc45651c7f1eeceea4de76c9e36b7feb84d7cc07a6a64d3390ef2664591a3e330765f5079dfb0ee56e8

Download Submit
\Windows\system\CQpedmM.exe

Filesize
6.0MB

MD5
b349dacda2497bc1d84f2abecc3d853f

SHA1
d21909622083a34d6370eab2d723268820dbfe64

SHA256
9e09abb0c1fa7df6918f241fdb42bcdfa1059b55781443a0e65f0895e57ee0c0

SHA512
a5fa2d631fda0aba80abe013e6a0051c383185d1a41e53206c29de35b9bb0e64d69885d2cd005d201b8d519c519ef2a6c6322d1128559e53ad0cee798d73a1aa

Download Submit
\Windows\system\HuaIhHy.exe

Filesize
6.0MB

MD5
a92dffc5c9318a10669253f8ca0043ee

SHA1
7ac3f8403c4ca2f31580371f1c92d68abaeb1b1c

SHA256
c26561c5facf18ac75f30866d873061d0f03a4edefb1757d48c05bdd1ae4f704

SHA512
38b0b0c307cea1e4260911ad23c93c068785e6bafbfe9459a2b5a0a4a0766c62e827e1f873b142ef5ea5f918c8a45d91ecc515ccfc2d8f77bcdf19900062df96

Download Submit
\Windows\system\PxAIgcW.exe

Filesize
6.0MB

MD5
fd9a40d803b402f327c06effad15edcd

SHA1
26eec38750978903986249871b856c154b109a85

SHA256
c230d007ab8e6d4f0beb33b4a773c6b3ecca113c8c627429cc90995bd611b4bf

SHA512
efd37872458e0b3e9a307ff0c357f79858c4d9ea26a44c32f3fe5edb071351d7c582de6c7c5dfc79f921618268cb54e0645cb8197188255447e5ade4f8445538

Download Submit
\Windows\system\QLkcjXh.exe

Filesize
6.0MB

MD5
d472503220b043237426f7d3b25fe754

SHA1
cd7c08e5958ba14fc7ba9e57fa968f39867c1466

SHA256
642d1910538ebf1d40876006e7e110b7efa1cfc98e1419b1e3c2b5a0769ab4c7

SHA512
d8713b005fc3feaff32665b35ca5f81fb7b9e2d63b94515626d3a08b28f5400ffaad3d124fad45497433d6e15627c623fe9923195946e220bb62ec1869e58a02

Download Submit
\Windows\system\XoPSQpo.exe

Filesize
6.0MB

MD5
07b502a0d01b2b7b53b35b99cd73be0a

SHA1
89621437f90f2ad5c7b3b651efc540c2a6056339

SHA256
d91c261ea716b8f60123d501747ad1582e5488494289b9f4bf2e76919172b683

SHA512
156f4a402b9d5d8fa7f1acb78c9adce1cd08a8f52d41ae286a96d1c8538906a1dc6109970d07d5c1ae4dab202a416cea798855145bdad6a800ed40d50abad032

Download Submit
\Windows\system\rkMiDAj.exe

Filesize
6.0MB

MD5
40cb128b253eff38f7a9c86e6bb6ce59

SHA1
44287e5c5c4ca740c8d75a4a341a500cc20f9336

SHA256
3d9eab77efeb95cfac3eacc4fea9e4a654c88331ddaf19bf009f3030bd8fc849

SHA512
555f94cecfda6f24d5859115a3399107cf9c9483bbb9fd8ec04f996a9513f68fdd6cf4780cd11407b0acc2d9485be465fc6168031e6cfcb4274eb10a153f39f1

Download Submit
\Windows\system\ysvbFPc.exe

Filesize
6.0MB

MD5
161862b974bef2b1e04949ba11dc6c3a

SHA1
f484c58bc686cf0835716d0542a3ebd24274c205

SHA256
ca3cae2386ca4205493c239b568dbd6a5e9a1993ee9fcb805bd8c1642f80ac1a

SHA512
2bbd526edd1aba3d44db5582c485199c1bfc4a8faa224404efa646207e037aa89521906d6c43c0515335b6bf89826d91e7e856e0785ab3a8c75e301c5fff38e5

Download Submit
memory/1688-195-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1688-3879-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1732-172-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-3875-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-194-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2100-181-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2100-175-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2100-826-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-170-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2100-192-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2100-177-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-150-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2100-1016-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2100-179-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2100-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2100-0-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-173-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2100-183-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2100-190-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2100-185-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2100-1133-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2100-187-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2100-1036-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2100-1017-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2256-174-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-4141-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-3880-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2400-171-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3877-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2524-193-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2712-4145-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2712-182-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2724-4146-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2724-184-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2744-189-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2744-4142-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2752-176-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2752-4147-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2808-188-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3876-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-180-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2852-4166-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2868-178-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-4143-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-3878-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2872-191-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2912-4144-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2912-186-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download