cobaltstrike | e0af610b144791a9274cf21ba00d205bd13e2b676fb2d6a028d04d9cc9bbaf63

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

70eb3704c1628bb4470889708298367e
SHA1

055a247babc5d6c2b3f5b96ea2962bf2dc36586d
SHA256

e0af610b144791a9274cf21ba00d205bd13e2b676fb2d6a028d04d9cc9bbaf63
SHA512

1665db245a248111b9e2576820cedd1d66875b35bf9878296ca48cf87530d409314ea570135e2e7b5f34c1be03752ac503688c74bd8d985e6c752c5b7deca7eb
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUG:T+q56utgpPF8u/7G

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120ff-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014cde-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014f7b-31.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015016-40.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d11-54.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016db3-93.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4a-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4e-85.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d33-60.dat	cobalt_reflective_dll
behavioral1/files/0x003400000001487e-108.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dc7-111.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016db8-100.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ee0-125.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175cc-143.dat	cobalt_reflective_dll
behavioral1/files/0x0031000000018654-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001875d-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-169.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186de-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186d2-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018669-157.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175d2-149.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175c6-141.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017546-137.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000170b5-133.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017051-129.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd6-121.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd2-117.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d46-70.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015512-53.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015048-46.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014b28-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014bda-16.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/files/0x00080000000120ff-6.dat	xmrig
behavioral1/memory/2760-20-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x0007000000014cde-27.dat	xmrig
behavioral1/memory/2632-30-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x0007000000014f7b-31.dat	xmrig
behavioral1/files/0x0007000000015016-40.dat	xmrig
behavioral1/memory/2652-48-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d11-54.dat	xmrig
behavioral1/memory/2656-64-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2564-75-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2536-77-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016db3-93.dat	xmrig
behavioral1/files/0x0006000000016d4a-76.dat	xmrig
behavioral1/files/0x0006000000016d4e-85.dat	xmrig
behavioral1/memory/2760-74-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d33-60.dat	xmrig
behavioral1/memory/1496-103-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/768-102-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/files/0x003400000001487e-108.dat	xmrig
behavioral1/files/0x0006000000016dc7-111.dat	xmrig
behavioral1/files/0x0006000000016db8-100.dat	xmrig
behavioral1/files/0x0006000000016ee0-125.dat	xmrig
behavioral1/files/0x00060000000175cc-143.dat	xmrig
behavioral1/files/0x0031000000018654-153.dat	xmrig
behavioral1/memory/2656-3455-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2088-3436-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2672-3467-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/1496-3474-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2536-3481-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/768-3480-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2492-3466-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2760-3465-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/3016-3464-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2696-3463-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2676-3462-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2564-3460-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2652-3444-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2632-3438-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2536-933-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x000500000001875d-173.dat	xmrig
behavioral1/files/0x00050000000186ee-169.dat	xmrig
behavioral1/files/0x00050000000186de-165.dat	xmrig
behavioral1/files/0x00050000000186d2-161.dat	xmrig
behavioral1/files/0x0005000000018669-157.dat	xmrig
behavioral1/files/0x00060000000175d2-149.dat	xmrig
behavioral1/files/0x00060000000175c6-141.dat	xmrig
behavioral1/files/0x0006000000017546-137.dat	xmrig
behavioral1/files/0x00060000000170b5-133.dat	xmrig
behavioral1/files/0x0006000000017051-129.dat	xmrig
behavioral1/files/0x0006000000016dd6-121.dat	xmrig
behavioral1/files/0x0006000000016dd2-117.dat	xmrig
behavioral1/memory/3016-97-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d46-70.dat	xmrig
behavioral1/memory/2492-69-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2672-59-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x0008000000015512-53.dat	xmrig
behavioral1/memory/2240-49-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0009000000015048-46.dat	xmrig
behavioral1/memory/2696-37-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2088-26-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/files/0x0008000000014b28-11.dat	xmrig
behavioral1/files/0x0008000000014bda-16.dat	xmrig
behavioral1/memory/2676-9-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2240-0-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2676	MwMhxqb.exe
2760	kejIBmZ.exe
2088	OrtWCIE.exe
2632	LtruPMM.exe
2696	FDKDeMP.exe
2652	DxraSSq.exe
2672	fvAutPB.exe
2656	betmRGo.exe
2492	tARohSs.exe
2564	aoFxaDS.exe
2536	rBZFnEA.exe
3016	OOxCamh.exe
768	tbemVap.exe
1496	sjNjpTV.exe
2816	NbNifet.exe
2872	YbjvjSk.exe
1248	BcwAMZG.exe
2344	JmzxDYV.exe
1968	kFyajyy.exe
1944	glJVTkV.exe
1296	iZXgKWW.exe
1856	KbHksNg.exe
2756	Yddbgjy.exe
1048	bJHPpND.exe
1872	pqKscKU.exe
1932	TIQJnIm.exe
1032	sDXnUQn.exe
1036	kjsXYVV.exe
2160	cOPUQQS.exe
2324	UchdtUU.exe
2136	KouYYhO.exe
2156	SxjUeNx.exe
2472	NtoHolo.exe
2376	aqHgBGW.exe
2120	IrXTsJw.exe
1632	vwmegqx.exe
1540	tIqUTcf.exe
1096	cVaxbUL.exe
2384	VUMGdgr.exe
2084	KsdpfEO.exe
1816	kUYQJxB.exe
2752	gbDYgkG.exe
2336	pMjVrEl.exe
1324	kSCgBuc.exe
536	ZKEEoUU.exe
1776	eYHOeTu.exe
112	ORzrrFB.exe
2044	fPWfOJI.exe
1148	yuxMhci.exe
892	QYDlwQe.exe
2140	nLxJVLl.exe
2288	xmKfEeF.exe
1276	QeUAMiw.exe
1824	iRnlHfv.exe
2280	GJLssWC.exe
336	eGdEJXU.exe
560	GHYeuJK.exe
740	pfvaeXP.exe
2276	symdTah.exe
1348	NdleoIx.exe
888	ToSgNoB.exe
2012	uMtoqxX.exe
2952	PIRnzPI.exe
2400	zedkvDD.exe

Loads dropped DLL 64 IoCs

pid	Process
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00080000000120ff-6.dat	upx
behavioral1/memory/2760-20-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x0007000000014cde-27.dat	upx
behavioral1/memory/2632-30-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x0007000000014f7b-31.dat	upx
behavioral1/files/0x0007000000015016-40.dat	upx
behavioral1/memory/2652-48-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x0006000000016d11-54.dat	upx
behavioral1/memory/2656-64-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2564-75-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2536-77-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x0006000000016db3-93.dat	upx
behavioral1/files/0x0006000000016d4a-76.dat	upx
behavioral1/files/0x0006000000016d4e-85.dat	upx
behavioral1/memory/2760-74-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x0006000000016d33-60.dat	upx
behavioral1/memory/1496-103-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/768-102-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/files/0x003400000001487e-108.dat	upx
behavioral1/files/0x0006000000016dc7-111.dat	upx
behavioral1/files/0x0006000000016db8-100.dat	upx
behavioral1/files/0x0006000000016ee0-125.dat	upx
behavioral1/files/0x00060000000175cc-143.dat	upx
behavioral1/files/0x0031000000018654-153.dat	upx
behavioral1/memory/2656-3455-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2088-3436-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2672-3467-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/1496-3474-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2536-3481-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/768-3480-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2492-3466-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2760-3465-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/3016-3464-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2696-3463-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2676-3462-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2564-3460-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2652-3444-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2632-3438-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2536-933-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x000500000001875d-173.dat	upx
behavioral1/files/0x00050000000186ee-169.dat	upx
behavioral1/files/0x00050000000186de-165.dat	upx
behavioral1/files/0x00050000000186d2-161.dat	upx
behavioral1/files/0x0005000000018669-157.dat	upx
behavioral1/files/0x00060000000175d2-149.dat	upx
behavioral1/files/0x00060000000175c6-141.dat	upx
behavioral1/files/0x0006000000017546-137.dat	upx
behavioral1/files/0x00060000000170b5-133.dat	upx
behavioral1/files/0x0006000000017051-129.dat	upx
behavioral1/files/0x0006000000016dd6-121.dat	upx
behavioral1/files/0x0006000000016dd2-117.dat	upx
behavioral1/memory/3016-97-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x0006000000016d46-70.dat	upx
behavioral1/memory/2492-69-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2672-59-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x0008000000015512-53.dat	upx
behavioral1/memory/2240-49-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x0009000000015048-46.dat	upx
behavioral1/memory/2696-37-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2088-26-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/files/0x0008000000014b28-11.dat	upx
behavioral1/files/0x0008000000014bda-16.dat	upx
behavioral1/memory/2676-9-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2240-0-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rIjWAlL.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\teUmDcY.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xFvxkJS.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FChFcEU.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bJMyBgy.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qvbGref.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OyWgVrE.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mzucjvd.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzyvQyK.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QhEYfbS.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aeeKOdA.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\quQjucT.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnGGdXi.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xmKfEeF.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BJZIGYz.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HSEGGpm.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AfhOBGV.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBHdKHf.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KLXjRkc.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NgOFqqW.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WthdVdY.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HfIjJSa.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lbfrYvD.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yXOpnPO.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\curShtW.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oyHTZkd.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HdAnGXj.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwBiJwa.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\arXsbdX.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CIUkYYC.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EbNeAjy.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BxsKgcn.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LSOZQnu.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krsGRIQ.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBrDcDJ.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WihWjOG.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UvzMHuK.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\trjlPna.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rfuyCKk.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IdSiogc.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AwDaiHE.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnOyUvA.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LlbIzYP.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gQQjThk.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PeRUMlP.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CxdjNiF.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FUIZZFV.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGdEJXU.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ePVQCpJ.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ixYpJtj.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xuWSmeI.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tZykkqe.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bBsOZtS.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tuozLCT.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBADIql.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MPkccgJ.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aVYWzRV.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjgISxA.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ufGbHsG.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rGBWwzG.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnFDBGB.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PkgAmkt.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtBGzvy.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXIrbOd.exe	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2676	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2240 wrote to memory of 2676	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2240 wrote to memory of 2676	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2240 wrote to memory of 2088	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2240 wrote to memory of 2088	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2240 wrote to memory of 2088	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2240 wrote to memory of 2760	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2240 wrote to memory of 2760	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2240 wrote to memory of 2760	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2240 wrote to memory of 2632	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2240 wrote to memory of 2632	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2240 wrote to memory of 2632	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2240 wrote to memory of 2696	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2240 wrote to memory of 2696	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2240 wrote to memory of 2696	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2240 wrote to memory of 2652	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2240 wrote to memory of 2652	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2240 wrote to memory of 2652	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2240 wrote to memory of 2672	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2240 wrote to memory of 2672	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2240 wrote to memory of 2672	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2240 wrote to memory of 2656	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2240 wrote to memory of 2656	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2240 wrote to memory of 2656	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2240 wrote to memory of 2492	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2240 wrote to memory of 2492	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2240 wrote to memory of 2492	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2240 wrote to memory of 2564	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2240 wrote to memory of 2564	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2240 wrote to memory of 2564	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2240 wrote to memory of 2536	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2240 wrote to memory of 2536	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2240 wrote to memory of 2536	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2240 wrote to memory of 3016	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2240 wrote to memory of 3016	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2240 wrote to memory of 3016	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2240 wrote to memory of 768	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2240 wrote to memory of 768	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2240 wrote to memory of 768	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2240 wrote to memory of 1496	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2240 wrote to memory of 1496	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2240 wrote to memory of 1496	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2240 wrote to memory of 2816	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2240 wrote to memory of 2816	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2240 wrote to memory of 2816	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2240 wrote to memory of 2872	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2240 wrote to memory of 2872	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2240 wrote to memory of 2872	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2240 wrote to memory of 1248	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2240 wrote to memory of 1248	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2240 wrote to memory of 1248	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2240 wrote to memory of 2344	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2240 wrote to memory of 2344	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2240 wrote to memory of 2344	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2240 wrote to memory of 1968	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2240 wrote to memory of 1968	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2240 wrote to memory of 1968	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2240 wrote to memory of 1944	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2240 wrote to memory of 1944	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2240 wrote to memory of 1944	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2240 wrote to memory of 1296	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2240 wrote to memory of 1296	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2240 wrote to memory of 1296	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2240 wrote to memory of 1856	2240	2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_70eb3704c1628bb4470889708298367e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\System\MwMhxqb.exe
  C:\Windows\System\MwMhxqb.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\OrtWCIE.exe
  C:\Windows\System\OrtWCIE.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\kejIBmZ.exe
  C:\Windows\System\kejIBmZ.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\LtruPMM.exe
  C:\Windows\System\LtruPMM.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\FDKDeMP.exe
  C:\Windows\System\FDKDeMP.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\DxraSSq.exe
  C:\Windows\System\DxraSSq.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\fvAutPB.exe
  C:\Windows\System\fvAutPB.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\betmRGo.exe
  C:\Windows\System\betmRGo.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\tARohSs.exe
  C:\Windows\System\tARohSs.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\aoFxaDS.exe
  C:\Windows\System\aoFxaDS.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\rBZFnEA.exe
  C:\Windows\System\rBZFnEA.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\OOxCamh.exe
  C:\Windows\System\OOxCamh.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\tbemVap.exe
  C:\Windows\System\tbemVap.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\sjNjpTV.exe
  C:\Windows\System\sjNjpTV.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\NbNifet.exe
  C:\Windows\System\NbNifet.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\YbjvjSk.exe
  C:\Windows\System\YbjvjSk.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\BcwAMZG.exe
  C:\Windows\System\BcwAMZG.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\JmzxDYV.exe
  C:\Windows\System\JmzxDYV.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\kFyajyy.exe
  C:\Windows\System\kFyajyy.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\glJVTkV.exe
  C:\Windows\System\glJVTkV.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\iZXgKWW.exe
  C:\Windows\System\iZXgKWW.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\KbHksNg.exe
  C:\Windows\System\KbHksNg.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\Yddbgjy.exe
  C:\Windows\System\Yddbgjy.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\bJHPpND.exe
  C:\Windows\System\bJHPpND.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\pqKscKU.exe
  C:\Windows\System\pqKscKU.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\TIQJnIm.exe
  C:\Windows\System\TIQJnIm.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\sDXnUQn.exe
  C:\Windows\System\sDXnUQn.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\kjsXYVV.exe
  C:\Windows\System\kjsXYVV.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\cOPUQQS.exe
  C:\Windows\System\cOPUQQS.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\UchdtUU.exe
  C:\Windows\System\UchdtUU.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\KouYYhO.exe
  C:\Windows\System\KouYYhO.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\SxjUeNx.exe
  C:\Windows\System\SxjUeNx.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\NtoHolo.exe
  C:\Windows\System\NtoHolo.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\aqHgBGW.exe
  C:\Windows\System\aqHgBGW.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\IrXTsJw.exe
  C:\Windows\System\IrXTsJw.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\vwmegqx.exe
  C:\Windows\System\vwmegqx.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\tIqUTcf.exe
  C:\Windows\System\tIqUTcf.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\cVaxbUL.exe
  C:\Windows\System\cVaxbUL.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\VUMGdgr.exe
  C:\Windows\System\VUMGdgr.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\KsdpfEO.exe
  C:\Windows\System\KsdpfEO.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\kUYQJxB.exe
  C:\Windows\System\kUYQJxB.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\gbDYgkG.exe
  C:\Windows\System\gbDYgkG.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\pMjVrEl.exe
  C:\Windows\System\pMjVrEl.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\kSCgBuc.exe
  C:\Windows\System\kSCgBuc.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\ZKEEoUU.exe
  C:\Windows\System\ZKEEoUU.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\eYHOeTu.exe
  C:\Windows\System\eYHOeTu.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\ORzrrFB.exe
  C:\Windows\System\ORzrrFB.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\fPWfOJI.exe
  C:\Windows\System\fPWfOJI.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\yuxMhci.exe
  C:\Windows\System\yuxMhci.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\QYDlwQe.exe
  C:\Windows\System\QYDlwQe.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\nLxJVLl.exe
  C:\Windows\System\nLxJVLl.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\xmKfEeF.exe
  C:\Windows\System\xmKfEeF.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\QeUAMiw.exe
  C:\Windows\System\QeUAMiw.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\iRnlHfv.exe
  C:\Windows\System\iRnlHfv.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\GJLssWC.exe
  C:\Windows\System\GJLssWC.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\eGdEJXU.exe
  C:\Windows\System\eGdEJXU.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\GHYeuJK.exe
  C:\Windows\System\GHYeuJK.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\pfvaeXP.exe
  C:\Windows\System\pfvaeXP.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\symdTah.exe
  C:\Windows\System\symdTah.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\NdleoIx.exe
  C:\Windows\System\NdleoIx.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\ToSgNoB.exe
  C:\Windows\System\ToSgNoB.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\uMtoqxX.exe
  C:\Windows\System\uMtoqxX.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\PIRnzPI.exe
  C:\Windows\System\PIRnzPI.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\zedkvDD.exe
  C:\Windows\System\zedkvDD.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\GJelJUL.exe
  C:\Windows\System\GJelJUL.exe
  2⤵
  PID:2068
- C:\Windows\System\hFeHtIv.exe
  C:\Windows\System\hFeHtIv.exe
  2⤵
  PID:2976
- C:\Windows\System\eMospRz.exe
  C:\Windows\System\eMospRz.exe
  2⤵
  PID:1584
- C:\Windows\System\EbNeAjy.exe
  C:\Windows\System\EbNeAjy.exe
  2⤵
  PID:2648
- C:\Windows\System\mzShQNc.exe
  C:\Windows\System\mzShQNc.exe
  2⤵
  PID:2080
- C:\Windows\System\dZggJKS.exe
  C:\Windows\System\dZggJKS.exe
  2⤵
  PID:2804
- C:\Windows\System\FoDnzMl.exe
  C:\Windows\System\FoDnzMl.exe
  2⤵
  PID:2520
- C:\Windows\System\TvIrlLd.exe
  C:\Windows\System\TvIrlLd.exe
  2⤵
  PID:2548
- C:\Windows\System\sPTxdEk.exe
  C:\Windows\System\sPTxdEk.exe
  2⤵
  PID:2524
- C:\Windows\System\UPfsMbm.exe
  C:\Windows\System\UPfsMbm.exe
  2⤵
  PID:3000
- C:\Windows\System\FqiZaLg.exe
  C:\Windows\System\FqiZaLg.exe
  2⤵
  PID:1056
- C:\Windows\System\nwWUiMb.exe
  C:\Windows\System\nwWUiMb.exe
  2⤵
  PID:696
- C:\Windows\System\IJieQjn.exe
  C:\Windows\System\IJieQjn.exe
  2⤵
  PID:1628
- C:\Windows\System\GdRaDPN.exe
  C:\Windows\System\GdRaDPN.exe
  2⤵
  PID:2840
- C:\Windows\System\WkRXzSU.exe
  C:\Windows\System\WkRXzSU.exe
  2⤵
  PID:2532
- C:\Windows\System\NhIqAaQ.exe
  C:\Windows\System\NhIqAaQ.exe
  2⤵
  PID:1796
- C:\Windows\System\IdSiogc.exe
  C:\Windows\System\IdSiogc.exe
  2⤵
  PID:1972
- C:\Windows\System\gpilgmc.exe
  C:\Windows\System\gpilgmc.exe
  2⤵
  PID:1820
- C:\Windows\System\ACfWLbi.exe
  C:\Windows\System\ACfWLbi.exe
  2⤵
  PID:632
- C:\Windows\System\QhFzOJY.exe
  C:\Windows\System\QhFzOJY.exe
  2⤵
  PID:1652
- C:\Windows\System\NQEXdcj.exe
  C:\Windows\System\NQEXdcj.exe
  2⤵
  PID:760
- C:\Windows\System\tjzwbGd.exe
  C:\Windows\System\tjzwbGd.exe
  2⤵
  PID:2468
- C:\Windows\System\tOtarJs.exe
  C:\Windows\System\tOtarJs.exe
  2⤵
  PID:2476
- C:\Windows\System\jzEifzk.exe
  C:\Windows\System\jzEifzk.exe
  2⤵
  PID:664
- C:\Windows\System\arEwlCc.exe
  C:\Windows\System\arEwlCc.exe
  2⤵
  PID:1136
- C:\Windows\System\SFJfwNE.exe
  C:\Windows\System\SFJfwNE.exe
  2⤵
  PID:1748
- C:\Windows\System\vCXVRps.exe
  C:\Windows\System\vCXVRps.exe
  2⤵
  PID:2372
- C:\Windows\System\kDNQhMT.exe
  C:\Windows\System\kDNQhMT.exe
  2⤵
  PID:2168
- C:\Windows\System\SMRTFix.exe
  C:\Windows\System\SMRTFix.exe
  2⤵
  PID:1328
- C:\Windows\System\QudGQSm.exe
  C:\Windows\System\QudGQSm.exe
  2⤵
  PID:1360
- C:\Windows\System\AOCSwVL.exe
  C:\Windows\System\AOCSwVL.exe
  2⤵
  PID:1708
- C:\Windows\System\OGWAsRd.exe
  C:\Windows\System\OGWAsRd.exe
  2⤵
  PID:908
- C:\Windows\System\gQnwZKa.exe
  C:\Windows\System\gQnwZKa.exe
  2⤵
  PID:700
- C:\Windows\System\ubXsSjT.exe
  C:\Windows\System\ubXsSjT.exe
  2⤵
  PID:2808
- C:\Windows\System\ohaZXgl.exe
  C:\Windows\System\ohaZXgl.exe
  2⤵
  PID:2032
- C:\Windows\System\VwlWOYB.exe
  C:\Windows\System\VwlWOYB.exe
  2⤵
  PID:2428
- C:\Windows\System\duCmhIN.exe
  C:\Windows\System\duCmhIN.exe
  2⤵
  PID:2332
- C:\Windows\System\enUkjwR.exe
  C:\Windows\System\enUkjwR.exe
  2⤵
  PID:2232
- C:\Windows\System\hVjaeOv.exe
  C:\Windows\System\hVjaeOv.exe
  2⤵
  PID:612
- C:\Windows\System\ghOoqhC.exe
  C:\Windows\System\ghOoqhC.exe
  2⤵
  PID:1604
- C:\Windows\System\xjtYgZF.exe
  C:\Windows\System\xjtYgZF.exe
  2⤵
  PID:2788
- C:\Windows\System\lzZPbuT.exe
  C:\Windows\System\lzZPbuT.exe
  2⤵
  PID:2388
- C:\Windows\System\ePVQCpJ.exe
  C:\Windows\System\ePVQCpJ.exe
  2⤵
  PID:2244
- C:\Windows\System\oYGRMdD.exe
  C:\Windows\System\oYGRMdD.exe
  2⤵
  PID:2992
- C:\Windows\System\xLlCmBx.exe
  C:\Windows\System\xLlCmBx.exe
  2⤵
  PID:592
- C:\Windows\System\WdKkssF.exe
  C:\Windows\System\WdKkssF.exe
  2⤵
  PID:2824
- C:\Windows\System\zolYoku.exe
  C:\Windows\System\zolYoku.exe
  2⤵
  PID:1964
- C:\Windows\System\XzbmUDq.exe
  C:\Windows\System\XzbmUDq.exe
  2⤵
  PID:2352
- C:\Windows\System\JNTuvBx.exe
  C:\Windows\System\JNTuvBx.exe
  2⤵
  PID:1948
- C:\Windows\System\MeszUuE.exe
  C:\Windows\System\MeszUuE.exe
  2⤵
  PID:2220
- C:\Windows\System\xDsGURU.exe
  C:\Windows\System\xDsGURU.exe
  2⤵
  PID:912
- C:\Windows\System\eoHjQvy.exe
  C:\Windows\System\eoHjQvy.exe
  2⤵
  PID:1912
- C:\Windows\System\HzyvQyK.exe
  C:\Windows\System\HzyvQyK.exe
  2⤵
  PID:1556
- C:\Windows\System\OPIewbD.exe
  C:\Windows\System\OPIewbD.exe
  2⤵
  PID:1020
- C:\Windows\System\RzayqVN.exe
  C:\Windows\System\RzayqVN.exe
  2⤵
  PID:2296
- C:\Windows\System\jkopaGE.exe
  C:\Windows\System\jkopaGE.exe
  2⤵
  PID:944
- C:\Windows\System\psJBqCl.exe
  C:\Windows\System\psJBqCl.exe
  2⤵
  PID:1504
- C:\Windows\System\QhEYfbS.exe
  C:\Windows\System\QhEYfbS.exe
  2⤵
  PID:1600
- C:\Windows\System\yOKDCFX.exe
  C:\Windows\System\yOKDCFX.exe
  2⤵
  PID:2716
- C:\Windows\System\rJpyBcz.exe
  C:\Windows\System\rJpyBcz.exe
  2⤵
  PID:2528
- C:\Windows\System\fOOgFyq.exe
  C:\Windows\System\fOOgFyq.exe
  2⤵
  PID:1656
- C:\Windows\System\MPkccgJ.exe
  C:\Windows\System\MPkccgJ.exe
  2⤵
  PID:3084
- C:\Windows\System\lzeVwqP.exe
  C:\Windows\System\lzeVwqP.exe
  2⤵
  PID:3100
- C:\Windows\System\nhrTFdV.exe
  C:\Windows\System\nhrTFdV.exe
  2⤵
  PID:3116
- C:\Windows\System\hjLPtYq.exe
  C:\Windows\System\hjLPtYq.exe
  2⤵
  PID:3132
- C:\Windows\System\ixYpJtj.exe
  C:\Windows\System\ixYpJtj.exe
  2⤵
  PID:3148
- C:\Windows\System\cyNPScv.exe
  C:\Windows\System\cyNPScv.exe
  2⤵
  PID:3164
- C:\Windows\System\vllnQRd.exe
  C:\Windows\System\vllnQRd.exe
  2⤵
  PID:3180
- C:\Windows\System\mWyDvSM.exe
  C:\Windows\System\mWyDvSM.exe
  2⤵
  PID:3196
- C:\Windows\System\QBXBkZh.exe
  C:\Windows\System\QBXBkZh.exe
  2⤵
  PID:3212
- C:\Windows\System\sBAFwbZ.exe
  C:\Windows\System\sBAFwbZ.exe
  2⤵
  PID:3228
- C:\Windows\System\mfLbKdM.exe
  C:\Windows\System\mfLbKdM.exe
  2⤵
  PID:3244
- C:\Windows\System\DMqkwqs.exe
  C:\Windows\System\DMqkwqs.exe
  2⤵
  PID:3260
- C:\Windows\System\qQhTrDd.exe
  C:\Windows\System\qQhTrDd.exe
  2⤵
  PID:3276
- C:\Windows\System\FiToxbB.exe
  C:\Windows\System\FiToxbB.exe
  2⤵
  PID:3292
- C:\Windows\System\RelVhwS.exe
  C:\Windows\System\RelVhwS.exe
  2⤵
  PID:3308
- C:\Windows\System\OVBKxYD.exe
  C:\Windows\System\OVBKxYD.exe
  2⤵
  PID:3324
- C:\Windows\System\EHuPMqE.exe
  C:\Windows\System\EHuPMqE.exe
  2⤵
  PID:3340
- C:\Windows\System\rOoBeIv.exe
  C:\Windows\System\rOoBeIv.exe
  2⤵
  PID:3356
- C:\Windows\System\NeJnyKX.exe
  C:\Windows\System\NeJnyKX.exe
  2⤵
  PID:3372
- C:\Windows\System\FHShbRO.exe
  C:\Windows\System\FHShbRO.exe
  2⤵
  PID:3388
- C:\Windows\System\tWOIOMx.exe
  C:\Windows\System\tWOIOMx.exe
  2⤵
  PID:3404
- C:\Windows\System\kCkiUpo.exe
  C:\Windows\System\kCkiUpo.exe
  2⤵
  PID:3420
- C:\Windows\System\OxeUENL.exe
  C:\Windows\System\OxeUENL.exe
  2⤵
  PID:3436
- C:\Windows\System\AfhOBGV.exe
  C:\Windows\System\AfhOBGV.exe
  2⤵
  PID:3452
- C:\Windows\System\WHKCdpj.exe
  C:\Windows\System\WHKCdpj.exe
  2⤵
  PID:3468
- C:\Windows\System\iwfPdmg.exe
  C:\Windows\System\iwfPdmg.exe
  2⤵
  PID:3484
- C:\Windows\System\KcNdnVc.exe
  C:\Windows\System\KcNdnVc.exe
  2⤵
  PID:3500
- C:\Windows\System\vwElFxr.exe
  C:\Windows\System\vwElFxr.exe
  2⤵
  PID:3516
- C:\Windows\System\IgmkPEw.exe
  C:\Windows\System\IgmkPEw.exe
  2⤵
  PID:3532
- C:\Windows\System\lbfrYvD.exe
  C:\Windows\System\lbfrYvD.exe
  2⤵
  PID:3548
- C:\Windows\System\YrBidGt.exe
  C:\Windows\System\YrBidGt.exe
  2⤵
  PID:3564
- C:\Windows\System\ENOhsQh.exe
  C:\Windows\System\ENOhsQh.exe
  2⤵
  PID:3580
- C:\Windows\System\whYumOo.exe
  C:\Windows\System\whYumOo.exe
  2⤵
  PID:3596
- C:\Windows\System\fANBjbL.exe
  C:\Windows\System\fANBjbL.exe
  2⤵
  PID:3612
- C:\Windows\System\dzYaHNj.exe
  C:\Windows\System\dzYaHNj.exe
  2⤵
  PID:3628
- C:\Windows\System\PkBrSeY.exe
  C:\Windows\System\PkBrSeY.exe
  2⤵
  PID:3644
- C:\Windows\System\NvqSBYP.exe
  C:\Windows\System\NvqSBYP.exe
  2⤵
  PID:3660
- C:\Windows\System\PytjjDA.exe
  C:\Windows\System\PytjjDA.exe
  2⤵
  PID:3676
- C:\Windows\System\IVDgwhy.exe
  C:\Windows\System\IVDgwhy.exe
  2⤵
  PID:3692
- C:\Windows\System\oyqwZcR.exe
  C:\Windows\System\oyqwZcR.exe
  2⤵
  PID:3708
- C:\Windows\System\OacGndr.exe
  C:\Windows\System\OacGndr.exe
  2⤵
  PID:3724
- C:\Windows\System\PKTXDGX.exe
  C:\Windows\System\PKTXDGX.exe
  2⤵
  PID:3740
- C:\Windows\System\AwDaiHE.exe
  C:\Windows\System\AwDaiHE.exe
  2⤵
  PID:3756
- C:\Windows\System\XskmjHO.exe
  C:\Windows\System\XskmjHO.exe
  2⤵
  PID:3772
- C:\Windows\System\OKkpqJH.exe
  C:\Windows\System\OKkpqJH.exe
  2⤵
  PID:3788
- C:\Windows\System\fomHeXo.exe
  C:\Windows\System\fomHeXo.exe
  2⤵
  PID:3804
- C:\Windows\System\NHFEnui.exe
  C:\Windows\System\NHFEnui.exe
  2⤵
  PID:3820
- C:\Windows\System\ZLnEVTs.exe
  C:\Windows\System\ZLnEVTs.exe
  2⤵
  PID:3836
- C:\Windows\System\LMWgkQN.exe
  C:\Windows\System\LMWgkQN.exe
  2⤵
  PID:3852
- C:\Windows\System\hdoTQNv.exe
  C:\Windows\System\hdoTQNv.exe
  2⤵
  PID:3868
- C:\Windows\System\XxBvqSB.exe
  C:\Windows\System\XxBvqSB.exe
  2⤵
  PID:3884
- C:\Windows\System\yVQSoRx.exe
  C:\Windows\System\yVQSoRx.exe
  2⤵
  PID:3900
- C:\Windows\System\TbagFAA.exe
  C:\Windows\System\TbagFAA.exe
  2⤵
  PID:3916
- C:\Windows\System\WWXIwPS.exe
  C:\Windows\System\WWXIwPS.exe
  2⤵
  PID:3932
- C:\Windows\System\oTqwEKX.exe
  C:\Windows\System\oTqwEKX.exe
  2⤵
  PID:3948
- C:\Windows\System\dbXeUGi.exe
  C:\Windows\System\dbXeUGi.exe
  2⤵
  PID:3964
- C:\Windows\System\HBwkQhe.exe
  C:\Windows\System\HBwkQhe.exe
  2⤵
  PID:3980
- C:\Windows\System\hafGIPc.exe
  C:\Windows\System\hafGIPc.exe
  2⤵
  PID:3996
- C:\Windows\System\LkLGUlr.exe
  C:\Windows\System\LkLGUlr.exe
  2⤵
  PID:4012
- C:\Windows\System\lWNtOLp.exe
  C:\Windows\System\lWNtOLp.exe
  2⤵
  PID:4028
- C:\Windows\System\FiVRKML.exe
  C:\Windows\System\FiVRKML.exe
  2⤵
  PID:4044
- C:\Windows\System\zhWZJKn.exe
  C:\Windows\System\zhWZJKn.exe
  2⤵
  PID:4060
- C:\Windows\System\CtcDgjB.exe
  C:\Windows\System\CtcDgjB.exe
  2⤵
  PID:4076
- C:\Windows\System\eeBsmpB.exe
  C:\Windows\System\eeBsmpB.exe
  2⤵
  PID:4092
- C:\Windows\System\wyJShqM.exe
  C:\Windows\System\wyJShqM.exe
  2⤵
  PID:1264
- C:\Windows\System\EwiKsgF.exe
  C:\Windows\System\EwiKsgF.exe
  2⤵
  PID:756
- C:\Windows\System\pTJmpIQ.exe
  C:\Windows\System\pTJmpIQ.exe
  2⤵
  PID:1648
- C:\Windows\System\WtBGzvy.exe
  C:\Windows\System\WtBGzvy.exe
  2⤵
  PID:2424
- C:\Windows\System\zJOlmTm.exe
  C:\Windows\System\zJOlmTm.exe
  2⤵
  PID:956
- C:\Windows\System\xheXgHd.exe
  C:\Windows\System\xheXgHd.exe
  2⤵
  PID:2444
- C:\Windows\System\ucXGnNQ.exe
  C:\Windows\System\ucXGnNQ.exe
  2⤵
  PID:3012
- C:\Windows\System\VAmlHdF.exe
  C:\Windows\System\VAmlHdF.exe
  2⤵
  PID:3076
- C:\Windows\System\IqgfFeJ.exe
  C:\Windows\System\IqgfFeJ.exe
  2⤵
  PID:3108
- C:\Windows\System\ROAhwMB.exe
  C:\Windows\System\ROAhwMB.exe
  2⤵
  PID:3140
- C:\Windows\System\caSYlfx.exe
  C:\Windows\System\caSYlfx.exe
  2⤵
  PID:3172
- C:\Windows\System\AlcZCit.exe
  C:\Windows\System\AlcZCit.exe
  2⤵
  PID:3204
- C:\Windows\System\eVoObAl.exe
  C:\Windows\System\eVoObAl.exe
  2⤵
  PID:3236
- C:\Windows\System\JAgiODN.exe
  C:\Windows\System\JAgiODN.exe
  2⤵
  PID:3268
- C:\Windows\System\QaCWzbJ.exe
  C:\Windows\System\QaCWzbJ.exe
  2⤵
  PID:3300
- C:\Windows\System\vQZOuuJ.exe
  C:\Windows\System\vQZOuuJ.exe
  2⤵
  PID:3332
- C:\Windows\System\YRqKofY.exe
  C:\Windows\System\YRqKofY.exe
  2⤵
  PID:3364
- C:\Windows\System\SoZIkwB.exe
  C:\Windows\System\SoZIkwB.exe
  2⤵
  PID:3396
- C:\Windows\System\xxeNFrU.exe
  C:\Windows\System\xxeNFrU.exe
  2⤵
  PID:3444
- C:\Windows\System\KJgqZwg.exe
  C:\Windows\System\KJgqZwg.exe
  2⤵
  PID:3464
- C:\Windows\System\Sihuijs.exe
  C:\Windows\System\Sihuijs.exe
  2⤵
  PID:3508
- C:\Windows\System\ScdpLQp.exe
  C:\Windows\System\ScdpLQp.exe
  2⤵
  PID:3528
- C:\Windows\System\NGyGUUC.exe
  C:\Windows\System\NGyGUUC.exe
  2⤵
  PID:3560
- C:\Windows\System\eMnUWAC.exe
  C:\Windows\System\eMnUWAC.exe
  2⤵
  PID:3588
- C:\Windows\System\nULBjHV.exe
  C:\Windows\System\nULBjHV.exe
  2⤵
  PID:3636
- C:\Windows\System\hHjNOpj.exe
  C:\Windows\System\hHjNOpj.exe
  2⤵
  PID:3656
- C:\Windows\System\gTObXcl.exe
  C:\Windows\System\gTObXcl.exe
  2⤵
  PID:3688
- C:\Windows\System\aSDhcnb.exe
  C:\Windows\System\aSDhcnb.exe
  2⤵
  PID:3736
- C:\Windows\System\FiEaKzW.exe
  C:\Windows\System\FiEaKzW.exe
  2⤵
  PID:3752
- C:\Windows\System\ZjwMcFo.exe
  C:\Windows\System\ZjwMcFo.exe
  2⤵
  PID:3784
- C:\Windows\System\KjCqQWb.exe
  C:\Windows\System\KjCqQWb.exe
  2⤵
  PID:3816
- C:\Windows\System\BxsKgcn.exe
  C:\Windows\System\BxsKgcn.exe
  2⤵
  PID:3860
- C:\Windows\System\GFMjnpj.exe
  C:\Windows\System\GFMjnpj.exe
  2⤵
  PID:3892
- C:\Windows\System\bXdmUtw.exe
  C:\Windows\System\bXdmUtw.exe
  2⤵
  PID:3912
- C:\Windows\System\veuJnyD.exe
  C:\Windows\System\veuJnyD.exe
  2⤵
  PID:3956
- C:\Windows\System\oQIzfMO.exe
  C:\Windows\System\oQIzfMO.exe
  2⤵
  PID:3976
- C:\Windows\System\byWhVew.exe
  C:\Windows\System\byWhVew.exe
  2⤵
  PID:4008
- C:\Windows\System\atEQczl.exe
  C:\Windows\System\atEQczl.exe
  2⤵
  PID:4040
- C:\Windows\System\wXaUQhb.exe
  C:\Windows\System\wXaUQhb.exe
  2⤵
  PID:4072
- C:\Windows\System\TsnNVZQ.exe
  C:\Windows\System\TsnNVZQ.exe
  2⤵
  PID:1812
- C:\Windows\System\PFyBuug.exe
  C:\Windows\System\PFyBuug.exe
  2⤵
  PID:2036
- C:\Windows\System\ecOSDhz.exe
  C:\Windows\System\ecOSDhz.exe
  2⤵
  PID:1752
- C:\Windows\System\YawMnBI.exe
  C:\Windows\System\YawMnBI.exe
  2⤵
  PID:1712
- C:\Windows\System\mlwSpxC.exe
  C:\Windows\System\mlwSpxC.exe
  2⤵
  PID:3096
- C:\Windows\System\OcaQfYs.exe
  C:\Windows\System\OcaQfYs.exe
  2⤵
  PID:3176
- C:\Windows\System\CHjFPaU.exe
  C:\Windows\System\CHjFPaU.exe
  2⤵
  PID:3208
- C:\Windows\System\bXhQpWh.exe
  C:\Windows\System\bXhQpWh.exe
  2⤵
  PID:3304
- C:\Windows\System\wtoBxqp.exe
  C:\Windows\System\wtoBxqp.exe
  2⤵
  PID:3380
- C:\Windows\System\ebZREjc.exe
  C:\Windows\System\ebZREjc.exe
  2⤵
  PID:3460
- C:\Windows\System\slHTkJP.exe
  C:\Windows\System\slHTkJP.exe
  2⤵
  PID:3524
- C:\Windows\System\OiidlJP.exe
  C:\Windows\System\OiidlJP.exe
  2⤵
  PID:3604
- C:\Windows\System\MmjQAAV.exe
  C:\Windows\System\MmjQAAV.exe
  2⤵
  PID:3652
- C:\Windows\System\hSUUXTe.exe
  C:\Windows\System\hSUUXTe.exe
  2⤵
  PID:3716
- C:\Windows\System\bAmBhOm.exe
  C:\Windows\System\bAmBhOm.exe
  2⤵
  PID:3748
- C:\Windows\System\QzjnmAL.exe
  C:\Windows\System\QzjnmAL.exe
  2⤵
  PID:3844
- C:\Windows\System\apccSHU.exe
  C:\Windows\System\apccSHU.exe
  2⤵
  PID:3908
- C:\Windows\System\hcCtKPO.exe
  C:\Windows\System\hcCtKPO.exe
  2⤵
  PID:3972
- C:\Windows\System\mZCLQLn.exe
  C:\Windows\System\mZCLQLn.exe
  2⤵
  PID:4020
- C:\Windows\System\Leauooc.exe
  C:\Windows\System\Leauooc.exe
  2⤵
  PID:4084
- C:\Windows\System\HIqzUit.exe
  C:\Windows\System\HIqzUit.exe
  2⤵
  PID:2204
- C:\Windows\System\WlXiWtW.exe
  C:\Windows\System\WlXiWtW.exe
  2⤵
  PID:2300
- C:\Windows\System\TSzWOGB.exe
  C:\Windows\System\TSzWOGB.exe
  2⤵
  PID:2660
- C:\Windows\System\zOhOTxn.exe
  C:\Windows\System\zOhOTxn.exe
  2⤵
  PID:3224
- C:\Windows\System\VFtoItT.exe
  C:\Windows\System\VFtoItT.exe
  2⤵
  PID:3288
- C:\Windows\System\sCAKeSW.exe
  C:\Windows\System\sCAKeSW.exe
  2⤵
  PID:2912
- C:\Windows\System\VFXbDtk.exe
  C:\Windows\System\VFXbDtk.exe
  2⤵
  PID:3556
- C:\Windows\System\TjnUtsN.exe
  C:\Windows\System\TjnUtsN.exe
  2⤵
  PID:3700
- C:\Windows\System\fDKTdse.exe
  C:\Windows\System\fDKTdse.exe
  2⤵
  PID:3848
- C:\Windows\System\LqDmBdz.exe
  C:\Windows\System\LqDmBdz.exe
  2⤵
  PID:4104
- C:\Windows\System\NgbyMHR.exe
  C:\Windows\System\NgbyMHR.exe
  2⤵
  PID:4120
- C:\Windows\System\HwvOtQP.exe
  C:\Windows\System\HwvOtQP.exe
  2⤵
  PID:4136
- C:\Windows\System\zsDysgh.exe
  C:\Windows\System\zsDysgh.exe
  2⤵
  PID:4152
- C:\Windows\System\prrPaSp.exe
  C:\Windows\System\prrPaSp.exe
  2⤵
  PID:4168
- C:\Windows\System\OxVDwsd.exe
  C:\Windows\System\OxVDwsd.exe
  2⤵
  PID:4184
- C:\Windows\System\RAtAcZV.exe
  C:\Windows\System\RAtAcZV.exe
  2⤵
  PID:4200
- C:\Windows\System\FiQQbwa.exe
  C:\Windows\System\FiQQbwa.exe
  2⤵
  PID:4216
- C:\Windows\System\agyUpRw.exe
  C:\Windows\System\agyUpRw.exe
  2⤵
  PID:4232
- C:\Windows\System\RhmEIEm.exe
  C:\Windows\System\RhmEIEm.exe
  2⤵
  PID:4248
- C:\Windows\System\litWMAd.exe
  C:\Windows\System\litWMAd.exe
  2⤵
  PID:4264
- C:\Windows\System\TaxxtBt.exe
  C:\Windows\System\TaxxtBt.exe
  2⤵
  PID:4280
- C:\Windows\System\dcIivrf.exe
  C:\Windows\System\dcIivrf.exe
  2⤵
  PID:4296
- C:\Windows\System\WsMBprg.exe
  C:\Windows\System\WsMBprg.exe
  2⤵
  PID:4312
- C:\Windows\System\bvUmBBP.exe
  C:\Windows\System\bvUmBBP.exe
  2⤵
  PID:4328
- C:\Windows\System\FoQcbeS.exe
  C:\Windows\System\FoQcbeS.exe
  2⤵
  PID:4344
- C:\Windows\System\phFBDei.exe
  C:\Windows\System\phFBDei.exe
  2⤵
  PID:4360
- C:\Windows\System\kJOMvLA.exe
  C:\Windows\System\kJOMvLA.exe
  2⤵
  PID:4376
- C:\Windows\System\VoEWkKg.exe
  C:\Windows\System\VoEWkKg.exe
  2⤵
  PID:4392
- C:\Windows\System\PAsOpzh.exe
  C:\Windows\System\PAsOpzh.exe
  2⤵
  PID:4408
- C:\Windows\System\eyKmXMX.exe
  C:\Windows\System\eyKmXMX.exe
  2⤵
  PID:4424
- C:\Windows\System\czVKuCO.exe
  C:\Windows\System\czVKuCO.exe
  2⤵
  PID:4440
- C:\Windows\System\FtDVBEx.exe
  C:\Windows\System\FtDVBEx.exe
  2⤵
  PID:4456
- C:\Windows\System\OBHdKHf.exe
  C:\Windows\System\OBHdKHf.exe
  2⤵
  PID:4472
- C:\Windows\System\BHtLfDa.exe
  C:\Windows\System\BHtLfDa.exe
  2⤵
  PID:4488
- C:\Windows\System\tiEaNUb.exe
  C:\Windows\System\tiEaNUb.exe
  2⤵
  PID:4504
- C:\Windows\System\lhaQalN.exe
  C:\Windows\System\lhaQalN.exe
  2⤵
  PID:4520
- C:\Windows\System\NnpAwoo.exe
  C:\Windows\System\NnpAwoo.exe
  2⤵
  PID:4536
- C:\Windows\System\BquJHOq.exe
  C:\Windows\System\BquJHOq.exe
  2⤵
  PID:4552
- C:\Windows\System\wWUJpIt.exe
  C:\Windows\System\wWUJpIt.exe
  2⤵
  PID:4568
- C:\Windows\System\FMhjwwa.exe
  C:\Windows\System\FMhjwwa.exe
  2⤵
  PID:4584
- C:\Windows\System\iNmMqVg.exe
  C:\Windows\System\iNmMqVg.exe
  2⤵
  PID:4600
- C:\Windows\System\VjWXmxU.exe
  C:\Windows\System\VjWXmxU.exe
  2⤵
  PID:4616
- C:\Windows\System\jDHlqjx.exe
  C:\Windows\System\jDHlqjx.exe
  2⤵
  PID:4632
- C:\Windows\System\pVDRoTM.exe
  C:\Windows\System\pVDRoTM.exe
  2⤵
  PID:4648
- C:\Windows\System\NWHCHSo.exe
  C:\Windows\System\NWHCHSo.exe
  2⤵
  PID:4664
- C:\Windows\System\xFvxkJS.exe
  C:\Windows\System\xFvxkJS.exe
  2⤵
  PID:4680
- C:\Windows\System\qfSvqqP.exe
  C:\Windows\System\qfSvqqP.exe
  2⤵
  PID:4696
- C:\Windows\System\zLBShsL.exe
  C:\Windows\System\zLBShsL.exe
  2⤵
  PID:4712
- C:\Windows\System\uXsndhP.exe
  C:\Windows\System\uXsndhP.exe
  2⤵
  PID:4728
- C:\Windows\System\NUNCJII.exe
  C:\Windows\System\NUNCJII.exe
  2⤵
  PID:4744
- C:\Windows\System\VuBjlpD.exe
  C:\Windows\System\VuBjlpD.exe
  2⤵
  PID:4760
- C:\Windows\System\KPrXehc.exe
  C:\Windows\System\KPrXehc.exe
  2⤵
  PID:4776
- C:\Windows\System\aeeKOdA.exe
  C:\Windows\System\aeeKOdA.exe
  2⤵
  PID:4792
- C:\Windows\System\BWCISgo.exe
  C:\Windows\System\BWCISgo.exe
  2⤵
  PID:4808
- C:\Windows\System\FPvlDDl.exe
  C:\Windows\System\FPvlDDl.exe
  2⤵
  PID:4824
- C:\Windows\System\AhMSmpn.exe
  C:\Windows\System\AhMSmpn.exe
  2⤵
  PID:4840
- C:\Windows\System\vXIrbOd.exe
  C:\Windows\System\vXIrbOd.exe
  2⤵
  PID:4856
- C:\Windows\System\aAtASTT.exe
  C:\Windows\System\aAtASTT.exe
  2⤵
  PID:4872
- C:\Windows\System\WBVucqX.exe
  C:\Windows\System\WBVucqX.exe
  2⤵
  PID:4888
- C:\Windows\System\IjaEsRg.exe
  C:\Windows\System\IjaEsRg.exe
  2⤵
  PID:4904
- C:\Windows\System\zOaSpsg.exe
  C:\Windows\System\zOaSpsg.exe
  2⤵
  PID:4920
- C:\Windows\System\gQarQjW.exe
  C:\Windows\System\gQarQjW.exe
  2⤵
  PID:4936
- C:\Windows\System\gZfaUGH.exe
  C:\Windows\System\gZfaUGH.exe
  2⤵
  PID:4952
- C:\Windows\System\OENFIcz.exe
  C:\Windows\System\OENFIcz.exe
  2⤵
  PID:4968
- C:\Windows\System\FDanKbQ.exe
  C:\Windows\System\FDanKbQ.exe
  2⤵
  PID:4984
- C:\Windows\System\eXAvDXc.exe
  C:\Windows\System\eXAvDXc.exe
  2⤵
  PID:5000
- C:\Windows\System\DGHPrAu.exe
  C:\Windows\System\DGHPrAu.exe
  2⤵
  PID:5016
- C:\Windows\System\UfcvACh.exe
  C:\Windows\System\UfcvACh.exe
  2⤵
  PID:5032
- C:\Windows\System\fvdXwZD.exe
  C:\Windows\System\fvdXwZD.exe
  2⤵
  PID:5048
- C:\Windows\System\eDifVRB.exe
  C:\Windows\System\eDifVRB.exe
  2⤵
  PID:5064
- C:\Windows\System\runvqwb.exe
  C:\Windows\System\runvqwb.exe
  2⤵
  PID:5080
- C:\Windows\System\gWyGDct.exe
  C:\Windows\System\gWyGDct.exe
  2⤵
  PID:5096
- C:\Windows\System\pbgOWwy.exe
  C:\Windows\System\pbgOWwy.exe
  2⤵
  PID:5112
- C:\Windows\System\CrNKkcp.exe
  C:\Windows\System\CrNKkcp.exe
  2⤵
  PID:4004
- C:\Windows\System\YJAgRIP.exe
  C:\Windows\System\YJAgRIP.exe
  2⤵
  PID:2164
- C:\Windows\System\EkSkuSa.exe
  C:\Windows\System\EkSkuSa.exe
  2⤵
  PID:3056
- C:\Windows\System\oiPaSXW.exe
  C:\Windows\System\oiPaSXW.exe
  2⤵
  PID:3336
- C:\Windows\System\kBJsdsd.exe
  C:\Windows\System\kBJsdsd.exe
  2⤵
  PID:3608
- C:\Windows\System\FnRueXV.exe
  C:\Windows\System\FnRueXV.exe
  2⤵
  PID:4112
- C:\Windows\System\ecgzRZW.exe
  C:\Windows\System\ecgzRZW.exe
  2⤵
  PID:4100
- C:\Windows\System\UoqMrWP.exe
  C:\Windows\System\UoqMrWP.exe
  2⤵
  PID:4148
- C:\Windows\System\kZtZvMB.exe
  C:\Windows\System\kZtZvMB.exe
  2⤵
  PID:4160
- C:\Windows\System\fBfmbqG.exe
  C:\Windows\System\fBfmbqG.exe
  2⤵
  PID:4196
- C:\Windows\System\KLXjRkc.exe
  C:\Windows\System\KLXjRkc.exe
  2⤵
  PID:4228
- C:\Windows\System\DakkQZX.exe
  C:\Windows\System\DakkQZX.exe
  2⤵
  PID:4260
- C:\Windows\System\aMcchez.exe
  C:\Windows\System\aMcchez.exe
  2⤵
  PID:4304
- C:\Windows\System\OrmUxpE.exe
  C:\Windows\System\OrmUxpE.exe
  2⤵
  PID:4320
- C:\Windows\System\ZsFzyfY.exe
  C:\Windows\System\ZsFzyfY.exe
  2⤵
  PID:4352
- C:\Windows\System\snSgPLQ.exe
  C:\Windows\System\snSgPLQ.exe
  2⤵
  PID:4384
- C:\Windows\System\MuNitKJ.exe
  C:\Windows\System\MuNitKJ.exe
  2⤵
  PID:4416
- C:\Windows\System\FFwecDo.exe
  C:\Windows\System\FFwecDo.exe
  2⤵
  PID:4448
- C:\Windows\System\SPUEIew.exe
  C:\Windows\System\SPUEIew.exe
  2⤵
  PID:4480
- C:\Windows\System\bmOAgbz.exe
  C:\Windows\System\bmOAgbz.exe
  2⤵
  PID:4512
- C:\Windows\System\lkiBiPV.exe
  C:\Windows\System\lkiBiPV.exe
  2⤵
  PID:4544
- C:\Windows\System\xfRHarR.exe
  C:\Windows\System\xfRHarR.exe
  2⤵
  PID:4576
- C:\Windows\System\tSMbkZv.exe
  C:\Windows\System\tSMbkZv.exe
  2⤵
  PID:4608
- C:\Windows\System\bgmMnmi.exe
  C:\Windows\System\bgmMnmi.exe
  2⤵
  PID:4640
- C:\Windows\System\AaPbETo.exe
  C:\Windows\System\AaPbETo.exe
  2⤵
  PID:4672
- C:\Windows\System\AzdaQoB.exe
  C:\Windows\System\AzdaQoB.exe
  2⤵
  PID:4704
- C:\Windows\System\JyYjDHv.exe
  C:\Windows\System\JyYjDHv.exe
  2⤵
  PID:4736
- C:\Windows\System\FULEmAH.exe
  C:\Windows\System\FULEmAH.exe
  2⤵
  PID:4756
- C:\Windows\System\NnyxyTE.exe
  C:\Windows\System\NnyxyTE.exe
  2⤵
  PID:4788
- C:\Windows\System\OmUNBzP.exe
  C:\Windows\System\OmUNBzP.exe
  2⤵
  PID:264
- C:\Windows\System\RwHBrGW.exe
  C:\Windows\System\RwHBrGW.exe
  2⤵
  PID:4836
- C:\Windows\System\FfBkwEy.exe
  C:\Windows\System\FfBkwEy.exe
  2⤵
  PID:4880
- C:\Windows\System\dnmxIYK.exe
  C:\Windows\System\dnmxIYK.exe
  2⤵
  PID:4912
- C:\Windows\System\MnTpdAa.exe
  C:\Windows\System\MnTpdAa.exe
  2⤵
  PID:2404
- C:\Windows\System\cPTQfwd.exe
  C:\Windows\System\cPTQfwd.exe
  2⤵
  PID:4960
- C:\Windows\System\quQjucT.exe
  C:\Windows\System\quQjucT.exe
  2⤵
  PID:4992
- C:\Windows\System\cpVDpHB.exe
  C:\Windows\System\cpVDpHB.exe
  2⤵
  PID:5024
- C:\Windows\System\XGRZIOc.exe
  C:\Windows\System\XGRZIOc.exe
  2⤵
  PID:5056
- C:\Windows\System\ZOjzgAr.exe
  C:\Windows\System\ZOjzgAr.exe
  2⤵
  PID:5104
- C:\Windows\System\HxdyRzE.exe
  C:\Windows\System\HxdyRzE.exe
  2⤵
  PID:3988
- C:\Windows\System\PjTHMAO.exe
  C:\Windows\System\PjTHMAO.exe
  2⤵
  PID:3256
- C:\Windows\System\bXapRRY.exe
  C:\Windows\System\bXapRRY.exe
  2⤵
  PID:3160
- C:\Windows\System\SEEaaGU.exe
  C:\Windows\System\SEEaaGU.exe
  2⤵
  PID:3812
- C:\Windows\System\nhITUZB.exe
  C:\Windows\System\nhITUZB.exe
  2⤵
  PID:4132
- C:\Windows\System\FChFcEU.exe
  C:\Windows\System\FChFcEU.exe
  2⤵
  PID:4208
- C:\Windows\System\OtphUIy.exe
  C:\Windows\System\OtphUIy.exe
  2⤵
  PID:4244
- C:\Windows\System\JzZGsqV.exe
  C:\Windows\System\JzZGsqV.exe
  2⤵
  PID:4288
- C:\Windows\System\gVEMxGl.exe
  C:\Windows\System\gVEMxGl.exe
  2⤵
  PID:4356
- C:\Windows\System\jxjMGUR.exe
  C:\Windows\System\jxjMGUR.exe
  2⤵
  PID:4436
- C:\Windows\System\NkFizen.exe
  C:\Windows\System\NkFizen.exe
  2⤵
  PID:2152
- C:\Windows\System\qAPKYJm.exe
  C:\Windows\System\qAPKYJm.exe
  2⤵
  PID:4560
- C:\Windows\System\vKkPmTG.exe
  C:\Windows\System\vKkPmTG.exe
  2⤵
  PID:4580
- C:\Windows\System\xJUahxm.exe
  C:\Windows\System\xJUahxm.exe
  2⤵
  PID:4628
- C:\Windows\System\vNvmfsG.exe
  C:\Windows\System\vNvmfsG.exe
  2⤵
  PID:4692
- C:\Windows\System\DMxdKRo.exe
  C:\Windows\System\DMxdKRo.exe
  2⤵
  PID:580
- C:\Windows\System\tDQwKPI.exe
  C:\Windows\System\tDQwKPI.exe
  2⤵
  PID:4804
- C:\Windows\System\NYGPyyH.exe
  C:\Windows\System\NYGPyyH.exe
  2⤵
  PID:4868
- C:\Windows\System\GxckymU.exe
  C:\Windows\System\GxckymU.exe
  2⤵
  PID:4928
- C:\Windows\System\SWphJVE.exe
  C:\Windows\System\SWphJVE.exe
  2⤵
  PID:4980
- C:\Windows\System\fXBFAaY.exe
  C:\Windows\System\fXBFAaY.exe
  2⤵
  PID:5044
- C:\Windows\System\ooVGcXQ.exe
  C:\Windows\System\ooVGcXQ.exe
  2⤵
  PID:5108
- C:\Windows\System\FIVYQiX.exe
  C:\Windows\System\FIVYQiX.exe
  2⤵
  PID:2408
- C:\Windows\System\IYhzakC.exe
  C:\Windows\System\IYhzakC.exe
  2⤵
  PID:3924
- C:\Windows\System\JnteNTD.exe
  C:\Windows\System\JnteNTD.exe
  2⤵
  PID:1424
- C:\Windows\System\UizVlEe.exe
  C:\Windows\System\UizVlEe.exe
  2⤵
  PID:2644
- C:\Windows\System\aRmzytY.exe
  C:\Windows\System\aRmzytY.exe
  2⤵
  PID:4452
- C:\Windows\System\jlCoLiB.exe
  C:\Windows\System\jlCoLiB.exe
  2⤵
  PID:4564
- C:\Windows\System\dMsjCgy.exe
  C:\Windows\System\dMsjCgy.exe
  2⤵
  PID:4660
- C:\Windows\System\gcEDYxx.exe
  C:\Windows\System\gcEDYxx.exe
  2⤵
  PID:4772
- C:\Windows\System\QjvLwQe.exe
  C:\Windows\System\QjvLwQe.exe
  2⤵
  PID:4896
- C:\Windows\System\ZOoevZm.exe
  C:\Windows\System\ZOoevZm.exe
  2⤵
  PID:5028
- C:\Windows\System\AfLlPRs.exe
  C:\Windows\System\AfLlPRs.exe
  2⤵
  PID:4068
- C:\Windows\System\CqMHraI.exe
  C:\Windows\System\CqMHraI.exe
  2⤵
  PID:4192
- C:\Windows\System\gHREjIw.exe
  C:\Windows\System\gHREjIw.exe
  2⤵
  PID:4276
- C:\Windows\System\pwulZjr.exe
  C:\Windows\System\pwulZjr.exe
  2⤵
  PID:4676
- C:\Windows\System\VtMPhFv.exe
  C:\Windows\System\VtMPhFv.exe
  2⤵
  PID:4916
- C:\Windows\System\dpGHbHP.exe
  C:\Windows\System\dpGHbHP.exe
  2⤵
  PID:5132
- C:\Windows\System\kwREsZz.exe
  C:\Windows\System\kwREsZz.exe
  2⤵
  PID:5148
- C:\Windows\System\mjXLEqn.exe
  C:\Windows\System\mjXLEqn.exe
  2⤵
  PID:5164
- C:\Windows\System\xHuCjeG.exe
  C:\Windows\System\xHuCjeG.exe
  2⤵
  PID:5180
- C:\Windows\System\KGBwHDe.exe
  C:\Windows\System\KGBwHDe.exe
  2⤵
  PID:5196
- C:\Windows\System\JYBFyTL.exe
  C:\Windows\System\JYBFyTL.exe
  2⤵
  PID:5212
- C:\Windows\System\wCGvuVP.exe
  C:\Windows\System\wCGvuVP.exe
  2⤵
  PID:5228
- C:\Windows\System\mbQhpPG.exe
  C:\Windows\System\mbQhpPG.exe
  2⤵
  PID:5244
- C:\Windows\System\izOVVNL.exe
  C:\Windows\System\izOVVNL.exe
  2⤵
  PID:5260
- C:\Windows\System\LEjDgSB.exe
  C:\Windows\System\LEjDgSB.exe
  2⤵
  PID:5276
- C:\Windows\System\FhygBCX.exe
  C:\Windows\System\FhygBCX.exe
  2⤵
  PID:5292
- C:\Windows\System\NAzIEQW.exe
  C:\Windows\System\NAzIEQW.exe
  2⤵
  PID:5308
- C:\Windows\System\bchLLsp.exe
  C:\Windows\System\bchLLsp.exe
  2⤵
  PID:5324
- C:\Windows\System\HrNzzVk.exe
  C:\Windows\System\HrNzzVk.exe
  2⤵
  PID:5344
- C:\Windows\System\yZpEPre.exe
  C:\Windows\System\yZpEPre.exe
  2⤵
  PID:5360
- C:\Windows\System\fvtteaA.exe
  C:\Windows\System\fvtteaA.exe
  2⤵
  PID:5376
- C:\Windows\System\nsNjEOb.exe
  C:\Windows\System\nsNjEOb.exe
  2⤵
  PID:5392
- C:\Windows\System\ZefbUEg.exe
  C:\Windows\System\ZefbUEg.exe
  2⤵
  PID:5408
- C:\Windows\System\ofCaKZZ.exe
  C:\Windows\System\ofCaKZZ.exe
  2⤵
  PID:5424
- C:\Windows\System\FtHpWOs.exe
  C:\Windows\System\FtHpWOs.exe
  2⤵
  PID:5440
- C:\Windows\System\htOejwu.exe
  C:\Windows\System\htOejwu.exe
  2⤵
  PID:5456
- C:\Windows\System\UmSlhWF.exe
  C:\Windows\System\UmSlhWF.exe
  2⤵
  PID:5472
- C:\Windows\System\Xrxcpzu.exe
  C:\Windows\System\Xrxcpzu.exe
  2⤵
  PID:5488
- C:\Windows\System\akkTSiE.exe
  C:\Windows\System\akkTSiE.exe
  2⤵
  PID:5504
- C:\Windows\System\Imafmnj.exe
  C:\Windows\System\Imafmnj.exe
  2⤵
  PID:5520
- C:\Windows\System\xqGRWVM.exe
  C:\Windows\System\xqGRWVM.exe
  2⤵
  PID:5536
- C:\Windows\System\igkQhoq.exe
  C:\Windows\System\igkQhoq.exe
  2⤵
  PID:5552
- C:\Windows\System\WAAKEkV.exe
  C:\Windows\System\WAAKEkV.exe
  2⤵
  PID:5568
- C:\Windows\System\tZykkqe.exe
  C:\Windows\System\tZykkqe.exe
  2⤵
  PID:5584
- C:\Windows\System\oykWGOD.exe
  C:\Windows\System\oykWGOD.exe
  2⤵
  PID:5600
- C:\Windows\System\fqHkRiT.exe
  C:\Windows\System\fqHkRiT.exe
  2⤵
  PID:5616
- C:\Windows\System\fEOgMVp.exe
  C:\Windows\System\fEOgMVp.exe
  2⤵
  PID:5632
- C:\Windows\System\HvmzhHg.exe
  C:\Windows\System\HvmzhHg.exe
  2⤵
  PID:5648
- C:\Windows\System\NYdSRwn.exe
  C:\Windows\System\NYdSRwn.exe
  2⤵
  PID:5664
- C:\Windows\System\OXfaaTN.exe
  C:\Windows\System\OXfaaTN.exe
  2⤵
  PID:5680
- C:\Windows\System\xvFamty.exe
  C:\Windows\System\xvFamty.exe
  2⤵
  PID:5696
- C:\Windows\System\SMxPIZG.exe
  C:\Windows\System\SMxPIZG.exe
  2⤵
  PID:5712
- C:\Windows\System\OFUCEzB.exe
  C:\Windows\System\OFUCEzB.exe
  2⤵
  PID:5728
- C:\Windows\System\EZyqkXr.exe
  C:\Windows\System\EZyqkXr.exe
  2⤵
  PID:5744
- C:\Windows\System\pgRtPxi.exe
  C:\Windows\System\pgRtPxi.exe
  2⤵
  PID:5760
- C:\Windows\System\SeILZCX.exe
  C:\Windows\System\SeILZCX.exe
  2⤵
  PID:5776
- C:\Windows\System\cCgkxAm.exe
  C:\Windows\System\cCgkxAm.exe
  2⤵
  PID:5792
- C:\Windows\System\EjIsEHb.exe
  C:\Windows\System\EjIsEHb.exe
  2⤵
  PID:5808
- C:\Windows\System\RLjjWKo.exe
  C:\Windows\System\RLjjWKo.exe
  2⤵
  PID:5824
- C:\Windows\System\rLkzpNV.exe
  C:\Windows\System\rLkzpNV.exe
  2⤵
  PID:5840
- C:\Windows\System\bSxUGUN.exe
  C:\Windows\System\bSxUGUN.exe
  2⤵
  PID:5856
- C:\Windows\System\acUtZSa.exe
  C:\Windows\System\acUtZSa.exe
  2⤵
  PID:5872
- C:\Windows\System\zORQabc.exe
  C:\Windows\System\zORQabc.exe
  2⤵
  PID:5888
- C:\Windows\System\gmzHinP.exe
  C:\Windows\System\gmzHinP.exe
  2⤵
  PID:5904
- C:\Windows\System\JrhSEGi.exe
  C:\Windows\System\JrhSEGi.exe
  2⤵
  PID:5920
- C:\Windows\System\rMHUCJq.exe
  C:\Windows\System\rMHUCJq.exe
  2⤵
  PID:5936
- C:\Windows\System\lXcgRNb.exe
  C:\Windows\System\lXcgRNb.exe
  2⤵
  PID:5952
- C:\Windows\System\tEVgjoh.exe
  C:\Windows\System\tEVgjoh.exe
  2⤵
  PID:5968
- C:\Windows\System\YTTZxXq.exe
  C:\Windows\System\YTTZxXq.exe
  2⤵
  PID:5984
- C:\Windows\System\bXxdmIc.exe
  C:\Windows\System\bXxdmIc.exe
  2⤵
  PID:6000
- C:\Windows\System\QjpDCYM.exe
  C:\Windows\System\QjpDCYM.exe
  2⤵
  PID:6016
- C:\Windows\System\YjWLaNF.exe
  C:\Windows\System\YjWLaNF.exe
  2⤵
  PID:6032
- C:\Windows\System\prjWVEX.exe
  C:\Windows\System\prjWVEX.exe
  2⤵
  PID:6048
- C:\Windows\System\UYHFuhk.exe
  C:\Windows\System\UYHFuhk.exe
  2⤵
  PID:6064
- C:\Windows\System\xeJxuUV.exe
  C:\Windows\System\xeJxuUV.exe
  2⤵
  PID:6080
- C:\Windows\System\PZOgfCN.exe
  C:\Windows\System\PZOgfCN.exe
  2⤵
  PID:6096
- C:\Windows\System\VQfhQvU.exe
  C:\Windows\System\VQfhQvU.exe
  2⤵
  PID:6112
- C:\Windows\System\JuIqfAn.exe
  C:\Windows\System\JuIqfAn.exe
  2⤵
  PID:6128
- C:\Windows\System\TulNHVV.exe
  C:\Windows\System\TulNHVV.exe
  2⤵
  PID:4848
- C:\Windows\System\qaGQHHv.exe
  C:\Windows\System\qaGQHHv.exe
  2⤵
  PID:4932
- C:\Windows\System\kJiOvlS.exe
  C:\Windows\System\kJiOvlS.exe
  2⤵
  PID:3476
- C:\Windows\System\GdpPfdI.exe
  C:\Windows\System\GdpPfdI.exe
  2⤵
  PID:4532
- C:\Windows\System\zMkhCdQ.exe
  C:\Windows\System\zMkhCdQ.exe
  2⤵
  PID:5128
- C:\Windows\System\XAppEEa.exe
  C:\Windows\System\XAppEEa.exe
  2⤵
  PID:5160
- C:\Windows\System\wVfmtlA.exe
  C:\Windows\System\wVfmtlA.exe
  2⤵
  PID:5192
- C:\Windows\System\HCmHLCS.exe
  C:\Windows\System\HCmHLCS.exe
  2⤵
  PID:5224
- C:\Windows\System\syFuTUb.exe
  C:\Windows\System\syFuTUb.exe
  2⤵
  PID:5300
- C:\Windows\System\AaPPLRF.exe
  C:\Windows\System\AaPPLRF.exe
  2⤵
  PID:5256
- C:\Windows\System\aFoUWnB.exe
  C:\Windows\System\aFoUWnB.exe
  2⤵
  PID:5320
- C:\Windows\System\THrpKAi.exe
  C:\Windows\System\THrpKAi.exe
  2⤵
  PID:5372
- C:\Windows\System\RgGOjET.exe
  C:\Windows\System\RgGOjET.exe
  2⤵
  PID:5388
- C:\Windows\System\VUrHDyT.exe
  C:\Windows\System\VUrHDyT.exe
  2⤵
  PID:5436
- C:\Windows\System\QeGrgqS.exe
  C:\Windows\System\QeGrgqS.exe
  2⤵
  PID:5452
- C:\Windows\System\EMvTjep.exe
  C:\Windows\System\EMvTjep.exe
  2⤵
  PID:5484
- C:\Windows\System\QhbRuzb.exe
  C:\Windows\System\QhbRuzb.exe
  2⤵
  PID:5516
- C:\Windows\System\BWueJzz.exe
  C:\Windows\System\BWueJzz.exe
  2⤵
  PID:5548
- C:\Windows\System\iPourcB.exe
  C:\Windows\System\iPourcB.exe
  2⤵
  PID:5676
- C:\Windows\System\zshvDpq.exe
  C:\Windows\System\zshvDpq.exe
  2⤵
  PID:5752
- C:\Windows\System\qELTufX.exe
  C:\Windows\System\qELTufX.exe
  2⤵
  PID:5804
- C:\Windows\System\oWWDLow.exe
  C:\Windows\System\oWWDLow.exe
  2⤵
  PID:5928
- C:\Windows\System\PUCVOYD.exe
  C:\Windows\System\PUCVOYD.exe
  2⤵
  PID:5976
- C:\Windows\System\QvMiaVc.exe
  C:\Windows\System\QvMiaVc.exe
  2⤵
  PID:6040
- C:\Windows\System\tJJzHmL.exe
  C:\Windows\System\tJJzHmL.exe
  2⤵
  PID:6076
- C:\Windows\System\BEdMBOp.exe
  C:\Windows\System\BEdMBOp.exe
  2⤵
  PID:6124
- C:\Windows\System\kHtaCaZ.exe
  C:\Windows\System\kHtaCaZ.exe
  2⤵
  PID:5124
- C:\Windows\System\PNixGBX.exe
  C:\Windows\System\PNixGBX.exe
  2⤵
  PID:5156
- C:\Windows\System\ZQmwHQu.exe
  C:\Windows\System\ZQmwHQu.exe
  2⤵
  PID:5268
- C:\Windows\System\RldNJfE.exe
  C:\Windows\System\RldNJfE.exe
  2⤵
  PID:5288
- C:\Windows\System\ghGbfHo.exe
  C:\Windows\System\ghGbfHo.exe
  2⤵
  PID:5672
- C:\Windows\System\eYTrHhT.exe
  C:\Windows\System\eYTrHhT.exe
  2⤵
  PID:5740
- C:\Windows\System\ewwYQOS.exe
  C:\Windows\System\ewwYQOS.exe
  2⤵
  PID:2924
- C:\Windows\System\OphrFUc.exe
  C:\Windows\System\OphrFUc.exe
  2⤵
  PID:2920
- C:\Windows\System\dLkpxHU.exe
  C:\Windows\System\dLkpxHU.exe
  2⤵
  PID:5236
- C:\Windows\System\ZvRWecs.exe
  C:\Windows\System\ZvRWecs.exe
  2⤵
  PID:5852
- C:\Windows\System\bWUmiOG.exe
  C:\Windows\System\bWUmiOG.exe
  2⤵
  PID:5884
- C:\Windows\System\tuYqiuI.exe
  C:\Windows\System\tuYqiuI.exe
  2⤵
  PID:5944
- C:\Windows\System\TCcipcN.exe
  C:\Windows\System\TCcipcN.exe
  2⤵
  PID:5368
- C:\Windows\System\IPvjnvc.exe
  C:\Windows\System\IPvjnvc.exe
  2⤵
  PID:5836
- C:\Windows\System\PBbpBZt.exe
  C:\Windows\System\PBbpBZt.exe
  2⤵
  PID:5352
- C:\Windows\System\hoaWZqr.exe
  C:\Windows\System\hoaWZqr.exe
  2⤵
  PID:5496
- C:\Windows\System\dQAsePJ.exe
  C:\Windows\System\dQAsePJ.exe
  2⤵
  PID:5332
- C:\Windows\System\ccwSIBc.exe
  C:\Windows\System\ccwSIBc.exe
  2⤵
  PID:5640
- C:\Windows\System\PEJTNQt.exe
  C:\Windows\System\PEJTNQt.exe
  2⤵
  PID:2124
- C:\Windows\System\gBSTClc.exe
  C:\Windows\System\gBSTClc.exe
  2⤵
  PID:5816
- C:\Windows\System\kCusrQz.exe
  C:\Windows\System\kCusrQz.exe
  2⤵
  PID:5784
- C:\Windows\System\HYtDwHJ.exe
  C:\Windows\System\HYtDwHJ.exe
  2⤵
  PID:1368
- C:\Windows\System\CfpJNua.exe
  C:\Windows\System\CfpJNua.exe
  2⤵
  PID:4324
- C:\Windows\System\tNyBDaC.exe
  C:\Windows\System\tNyBDaC.exe
  2⤵
  PID:5864
- C:\Windows\System\evLeYBi.exe
  C:\Windows\System\evLeYBi.exe
  2⤵
  PID:5996
- C:\Windows\System\FDuhjbY.exe
  C:\Windows\System\FDuhjbY.exe
  2⤵
  PID:2852
- C:\Windows\System\XoRvXlP.exe
  C:\Windows\System\XoRvXlP.exe
  2⤵
  PID:5704
- C:\Windows\System\RcPrFNz.exe
  C:\Windows\System\RcPrFNz.exe
  2⤵
  PID:4388
- C:\Windows\System\AANaVmz.exe
  C:\Windows\System\AANaVmz.exe
  2⤵
  PID:5708
- C:\Windows\System\wRmUVqk.exe
  C:\Windows\System\wRmUVqk.exe
  2⤵
  PID:1088
- C:\Windows\System\zCKeoic.exe
  C:\Windows\System\zCKeoic.exe
  2⤵
  PID:6092
- C:\Windows\System\yXOpnPO.exe
  C:\Windows\System\yXOpnPO.exe
  2⤵
  PID:5644
- C:\Windows\System\zYdmhfP.exe
  C:\Windows\System\zYdmhfP.exe
  2⤵
  PID:5272
- C:\Windows\System\SAXQibj.exe
  C:\Windows\System\SAXQibj.exe
  2⤵
  PID:5832
- C:\Windows\System\nKuFoVG.exe
  C:\Windows\System\nKuFoVG.exe
  2⤵
  PID:2360
- C:\Windows\System\DedQVSM.exe
  C:\Windows\System\DedQVSM.exe
  2⤵
  PID:5960
- C:\Windows\System\Jkxdjii.exe
  C:\Windows\System\Jkxdjii.exe
  2⤵
  PID:2712
- C:\Windows\System\uIMEZwj.exe
  C:\Windows\System\uIMEZwj.exe
  2⤵
  PID:5900
- C:\Windows\System\EmFzmnG.exe
  C:\Windows\System\EmFzmnG.exe
  2⤵
  PID:2368
- C:\Windows\System\DQYfHlX.exe
  C:\Windows\System\DQYfHlX.exe
  2⤵
  PID:6104
- C:\Windows\System\Eemqcim.exe
  C:\Windows\System\Eemqcim.exe
  2⤵
  PID:5576
- C:\Windows\System\dtjDUtT.exe
  C:\Windows\System\dtjDUtT.exe
  2⤵
  PID:4180
- C:\Windows\System\WhZugxb.exe
  C:\Windows\System\WhZugxb.exe
  2⤵
  PID:6160
- C:\Windows\System\zxVuRSA.exe
  C:\Windows\System\zxVuRSA.exe
  2⤵
  PID:6176
- C:\Windows\System\mYwoJGY.exe
  C:\Windows\System\mYwoJGY.exe
  2⤵
  PID:6192
- C:\Windows\System\HeJesyh.exe
  C:\Windows\System\HeJesyh.exe
  2⤵
  PID:6208
- C:\Windows\System\uUbCKOr.exe
  C:\Windows\System\uUbCKOr.exe
  2⤵
  PID:6224
- C:\Windows\System\sSOLDkg.exe
  C:\Windows\System\sSOLDkg.exe
  2⤵
  PID:6240
- C:\Windows\System\WffuLQM.exe
  C:\Windows\System\WffuLQM.exe
  2⤵
  PID:6256
- C:\Windows\System\tItNwmK.exe
  C:\Windows\System\tItNwmK.exe
  2⤵
  PID:6284
- C:\Windows\System\lyzdGOH.exe
  C:\Windows\System\lyzdGOH.exe
  2⤵
  PID:6300
- C:\Windows\System\BcpfEgc.exe
  C:\Windows\System\BcpfEgc.exe
  2⤵
  PID:6316
- C:\Windows\System\cnjOdrd.exe
  C:\Windows\System\cnjOdrd.exe
  2⤵
  PID:6336
- C:\Windows\System\vorDZoX.exe
  C:\Windows\System\vorDZoX.exe
  2⤵
  PID:6380
- C:\Windows\System\JWqZDKU.exe
  C:\Windows\System\JWqZDKU.exe
  2⤵
  PID:6396
- C:\Windows\System\hxdvmfC.exe
  C:\Windows\System\hxdvmfC.exe
  2⤵
  PID:6416
- C:\Windows\System\XNcHsqX.exe
  C:\Windows\System\XNcHsqX.exe
  2⤵
  PID:6440
- C:\Windows\System\hdcHBBk.exe
  C:\Windows\System\hdcHBBk.exe
  2⤵
  PID:6456
- C:\Windows\System\FsBkiOx.exe
  C:\Windows\System\FsBkiOx.exe
  2⤵
  PID:6476
- C:\Windows\System\iySANpg.exe
  C:\Windows\System\iySANpg.exe
  2⤵
  PID:6492
- C:\Windows\System\hQxcVzP.exe
  C:\Windows\System\hQxcVzP.exe
  2⤵
  PID:6508
- C:\Windows\System\dPiqmaV.exe
  C:\Windows\System\dPiqmaV.exe
  2⤵
  PID:6528
- C:\Windows\System\DNuaxpo.exe
  C:\Windows\System\DNuaxpo.exe
  2⤵
  PID:6552
- C:\Windows\System\rehDkkk.exe
  C:\Windows\System\rehDkkk.exe
  2⤵
  PID:6568
- C:\Windows\System\NgOFqqW.exe
  C:\Windows\System\NgOFqqW.exe
  2⤵
  PID:6588
- C:\Windows\System\ucTxdyC.exe
  C:\Windows\System\ucTxdyC.exe
  2⤵
  PID:6608
- C:\Windows\System\OUhQYyU.exe
  C:\Windows\System\OUhQYyU.exe
  2⤵
  PID:6624
- C:\Windows\System\FAktMmp.exe
  C:\Windows\System\FAktMmp.exe
  2⤵
  PID:6664
- C:\Windows\System\LNwomgT.exe
  C:\Windows\System\LNwomgT.exe
  2⤵
  PID:6680
- C:\Windows\System\tjGAduG.exe
  C:\Windows\System\tjGAduG.exe
  2⤵
  PID:6708
- C:\Windows\System\AIyXGcq.exe
  C:\Windows\System\AIyXGcq.exe
  2⤵
  PID:6724
- C:\Windows\System\lLfQJEQ.exe
  C:\Windows\System\lLfQJEQ.exe
  2⤵
  PID:6740
- C:\Windows\System\RrttYwS.exe
  C:\Windows\System\RrttYwS.exe
  2⤵
  PID:6756
- C:\Windows\System\QNjyLfI.exe
  C:\Windows\System\QNjyLfI.exe
  2⤵
  PID:6772
- C:\Windows\System\bCuUmOP.exe
  C:\Windows\System\bCuUmOP.exe
  2⤵
  PID:6788
- C:\Windows\System\KaqlqUB.exe
  C:\Windows\System\KaqlqUB.exe
  2⤵
  PID:6804
- C:\Windows\System\PcwtAao.exe
  C:\Windows\System\PcwtAao.exe
  2⤵
  PID:6820
- C:\Windows\System\luvONHC.exe
  C:\Windows\System\luvONHC.exe
  2⤵
  PID:6836
- C:\Windows\System\wxBaNJR.exe
  C:\Windows\System\wxBaNJR.exe
  2⤵
  PID:6852
- C:\Windows\System\BKyerIo.exe
  C:\Windows\System\BKyerIo.exe
  2⤵
  PID:6868
- C:\Windows\System\kGRyrJF.exe
  C:\Windows\System\kGRyrJF.exe
  2⤵
  PID:6884
- C:\Windows\System\wobghfI.exe
  C:\Windows\System\wobghfI.exe
  2⤵
  PID:6900
- C:\Windows\System\iRWyEYZ.exe
  C:\Windows\System\iRWyEYZ.exe
  2⤵
  PID:6916
- C:\Windows\System\pJoyzSi.exe
  C:\Windows\System\pJoyzSi.exe
  2⤵
  PID:6932
- C:\Windows\System\cMnrZUE.exe
  C:\Windows\System\cMnrZUE.exe
  2⤵
  PID:6948
- C:\Windows\System\IgxCyiw.exe
  C:\Windows\System\IgxCyiw.exe
  2⤵
  PID:6964
- C:\Windows\System\svJDBcy.exe
  C:\Windows\System\svJDBcy.exe
  2⤵
  PID:6980
- C:\Windows\System\HUslDPR.exe
  C:\Windows\System\HUslDPR.exe
  2⤵
  PID:6996
- C:\Windows\System\AjHsfzV.exe
  C:\Windows\System\AjHsfzV.exe
  2⤵
  PID:7012
- C:\Windows\System\apFmaCQ.exe
  C:\Windows\System\apFmaCQ.exe
  2⤵
  PID:7028
- C:\Windows\System\CKcEcXo.exe
  C:\Windows\System\CKcEcXo.exe
  2⤵
  PID:7044
- C:\Windows\System\JMWydyi.exe
  C:\Windows\System\JMWydyi.exe
  2⤵
  PID:7060
- C:\Windows\System\kLzDeNm.exe
  C:\Windows\System\kLzDeNm.exe
  2⤵
  PID:7076
- C:\Windows\System\CgZxPOH.exe
  C:\Windows\System\CgZxPOH.exe
  2⤵
  PID:7092
- C:\Windows\System\FDriDIe.exe
  C:\Windows\System\FDriDIe.exe
  2⤵
  PID:7108
- C:\Windows\System\pIMFHcu.exe
  C:\Windows\System\pIMFHcu.exe
  2⤵
  PID:7124
- C:\Windows\System\aNBnkgY.exe
  C:\Windows\System\aNBnkgY.exe
  2⤵
  PID:7140
- C:\Windows\System\TuTejAF.exe
  C:\Windows\System\TuTejAF.exe
  2⤵
  PID:7156
- C:\Windows\System\WbMAgdD.exe
  C:\Windows\System\WbMAgdD.exe
  2⤵
  PID:5448
- C:\Windows\System\KexUYHi.exe
  C:\Windows\System\KexUYHi.exe
  2⤵
  PID:1920
- C:\Windows\System\jyzGCCv.exe
  C:\Windows\System\jyzGCCv.exe
  2⤵
  PID:2616
- C:\Windows\System\IomTmnK.exe
  C:\Windows\System\IomTmnK.exe
  2⤵
  PID:6216
- C:\Windows\System\YhlgWVl.exe
  C:\Windows\System\YhlgWVl.exe
  2⤵
  PID:6252
- C:\Windows\System\BKJjmKn.exe
  C:\Windows\System\BKJjmKn.exe
  2⤵
  PID:6232
- C:\Windows\System\RNErFGt.exe
  C:\Windows\System\RNErFGt.exe
  2⤵
  PID:6276
- C:\Windows\System\nsByZGx.exe
  C:\Windows\System\nsByZGx.exe
  2⤵
  PID:6308
- C:\Windows\System\WvkUxop.exe
  C:\Windows\System\WvkUxop.exe
  2⤵
  PID:6332
- C:\Windows\System\iJmuzhI.exe
  C:\Windows\System\iJmuzhI.exe
  2⤵
  PID:6352
- C:\Windows\System\MqitKtB.exe
  C:\Windows\System\MqitKtB.exe
  2⤵
  PID:6388
- C:\Windows\System\hPVKnpJ.exe
  C:\Windows\System\hPVKnpJ.exe
  2⤵
  PID:6376
- C:\Windows\System\mtePuwp.exe
  C:\Windows\System\mtePuwp.exe
  2⤵
  PID:6408
- C:\Windows\System\UvzMHuK.exe
  C:\Windows\System\UvzMHuK.exe
  2⤵
  PID:572
- C:\Windows\System\YxLmXbI.exe
  C:\Windows\System\YxLmXbI.exe
  2⤵
  PID:6500
- C:\Windows\System\JzLBcxJ.exe
  C:\Windows\System\JzLBcxJ.exe
  2⤵
  PID:6540
- C:\Windows\System\rLamvEn.exe
  C:\Windows\System\rLamvEn.exe
  2⤵
  PID:6452
- C:\Windows\System\txTyHHv.exe
  C:\Windows\System\txTyHHv.exe
  2⤵
  PID:6524
- C:\Windows\System\MnoygtL.exe
  C:\Windows\System\MnoygtL.exe
  2⤵
  PID:6580
- C:\Windows\System\rgeZDgq.exe
  C:\Windows\System\rgeZDgq.exe
  2⤵
  PID:6616
- C:\Windows\System\laAEGpX.exe
  C:\Windows\System\laAEGpX.exe
  2⤵
  PID:2488
- C:\Windows\System\lFKmRGJ.exe
  C:\Windows\System\lFKmRGJ.exe
  2⤵
  PID:6636
- C:\Windows\System\uYNKtrg.exe
  C:\Windows\System\uYNKtrg.exe
  2⤵
  PID:6672
- C:\Windows\System\iDfwXGR.exe
  C:\Windows\System\iDfwXGR.exe
  2⤵
  PID:6696
- C:\Windows\System\ogdSlMM.exe
  C:\Windows\System\ogdSlMM.exe
  2⤵
  PID:6720
- C:\Windows\System\DlugvzD.exe
  C:\Windows\System\DlugvzD.exe
  2⤵
  PID:6736
- C:\Windows\System\iXpfJjd.exe
  C:\Windows\System\iXpfJjd.exe
  2⤵
  PID:6764
- C:\Windows\System\EESTKtb.exe
  C:\Windows\System\EESTKtb.exe
  2⤵
  PID:6796
- C:\Windows\System\AAUdFqn.exe
  C:\Windows\System\AAUdFqn.exe
  2⤵
  PID:6844
- C:\Windows\System\fVoguwW.exe
  C:\Windows\System\fVoguwW.exe
  2⤵
  PID:6880
- C:\Windows\System\OlOKUgn.exe
  C:\Windows\System\OlOKUgn.exe
  2⤵
  PID:6912
- C:\Windows\System\hOVlFNn.exe
  C:\Windows\System\hOVlFNn.exe
  2⤵
  PID:6924
- C:\Windows\System\UVPtpQB.exe
  C:\Windows\System\UVPtpQB.exe
  2⤵
  PID:6976
- C:\Windows\System\XFjxLhP.exe
  C:\Windows\System\XFjxLhP.exe
  2⤵
  PID:6960
- C:\Windows\System\xtewSPl.exe
  C:\Windows\System\xtewSPl.exe
  2⤵
  PID:7100
- C:\Windows\System\qSfaJWi.exe
  C:\Windows\System\qSfaJWi.exe
  2⤵
  PID:7084
- C:\Windows\System\WmluQmf.exe
  C:\Windows\System\WmluQmf.exe
  2⤵
  PID:7088
- C:\Windows\System\OZirvKh.exe
  C:\Windows\System\OZirvKh.exe
  2⤵
  PID:5848
- C:\Windows\System\TfHUfDA.exe
  C:\Windows\System\TfHUfDA.exe
  2⤵
  PID:6264
- C:\Windows\System\hVxhqKf.exe
  C:\Windows\System\hVxhqKf.exe
  2⤵
  PID:6360
- C:\Windows\System\UyCfMNH.exe
  C:\Windows\System\UyCfMNH.exe
  2⤵
  PID:6188
- C:\Windows\System\nVkPPDw.exe
  C:\Windows\System\nVkPPDw.exe
  2⤵
  PID:6296
- C:\Windows\System\iOcAQpI.exe
  C:\Windows\System\iOcAQpI.exe
  2⤵
  PID:6372
- C:\Windows\System\nJQXGxn.exe
  C:\Windows\System\nJQXGxn.exe
  2⤵
  PID:6468
- C:\Windows\System\sfoSJRU.exe
  C:\Windows\System\sfoSJRU.exe
  2⤵
  PID:6536
- C:\Windows\System\JptkFRg.exe
  C:\Windows\System\JptkFRg.exe
  2⤵
  PID:6564
- C:\Windows\System\oZhBmlZ.exe
  C:\Windows\System\oZhBmlZ.exe
  2⤵
  PID:6520
- C:\Windows\System\GGrqbvZ.exe
  C:\Windows\System\GGrqbvZ.exe
  2⤵
  PID:6600
- C:\Windows\System\ffQlNqJ.exe
  C:\Windows\System\ffQlNqJ.exe
  2⤵
  PID:6688
- C:\Windows\System\csiBSLe.exe
  C:\Windows\System\csiBSLe.exe
  2⤵
  PID:6780
- C:\Windows\System\LaACVEr.exe
  C:\Windows\System\LaACVEr.exe
  2⤵
  PID:6828
- C:\Windows\System\XMiCovj.exe
  C:\Windows\System\XMiCovj.exe
  2⤵
  PID:6816
- C:\Windows\System\eKqsSgB.exe
  C:\Windows\System\eKqsSgB.exe
  2⤵
  PID:6972
- C:\Windows\System\zgIemTB.exe
  C:\Windows\System\zgIemTB.exe
  2⤵
  PID:7072
- C:\Windows\System\ospIdrZ.exe
  C:\Windows\System\ospIdrZ.exe
  2⤵
  PID:6896
- C:\Windows\System\bBsOZtS.exe
  C:\Windows\System\bBsOZtS.exe
  2⤵
  PID:7164
- C:\Windows\System\KoNnAVV.exe
  C:\Windows\System\KoNnAVV.exe
  2⤵
  PID:6152
- C:\Windows\System\cdQAbwX.exe
  C:\Windows\System\cdQAbwX.exe
  2⤵
  PID:2664
- C:\Windows\System\PeRUMlP.exe
  C:\Windows\System\PeRUMlP.exe
  2⤵
  PID:6168
- C:\Windows\System\SkeXsED.exe
  C:\Windows\System\SkeXsED.exe
  2⤵
  PID:6348
- C:\Windows\System\OTYojTi.exe
  C:\Windows\System\OTYojTi.exe
  2⤵
  PID:6544
- C:\Windows\System\NBYPLUP.exe
  C:\Windows\System\NBYPLUP.exe
  2⤵
  PID:6292
- C:\Windows\System\WHgfOcJ.exe
  C:\Windows\System\WHgfOcJ.exe
  2⤵
  PID:1340
- C:\Windows\System\DrHYJXu.exe
  C:\Windows\System\DrHYJXu.exe
  2⤵
  PID:6748
- C:\Windows\System\LoNYYnF.exe
  C:\Windows\System\LoNYYnF.exe
  2⤵
  PID:6272
- C:\Windows\System\YFswkgt.exe
  C:\Windows\System\YFswkgt.exe
  2⤵
  PID:6692
- C:\Windows\System\xzROfbt.exe
  C:\Windows\System\xzROfbt.exe
  2⤵
  PID:6832
- C:\Windows\System\TjSwGYG.exe
  C:\Windows\System\TjSwGYG.exe
  2⤵
  PID:6992
- C:\Windows\System\LSOZQnu.exe
  C:\Windows\System\LSOZQnu.exe
  2⤵
  PID:7148
- C:\Windows\System\RxfNQWE.exe
  C:\Windows\System\RxfNQWE.exe
  2⤵
  PID:5912
- C:\Windows\System\EjImhJx.exe
  C:\Windows\System\EjImhJx.exe
  2⤵
  PID:6204
- C:\Windows\System\IavhQTV.exe
  C:\Windows\System\IavhQTV.exe
  2⤵
  PID:6432
- C:\Windows\System\IGAUxig.exe
  C:\Windows\System\IGAUxig.exe
  2⤵
  PID:6368
- C:\Windows\System\VvieSsy.exe
  C:\Windows\System\VvieSsy.exe
  2⤵
  PID:7136
- C:\Windows\System\krsGRIQ.exe
  C:\Windows\System\krsGRIQ.exe
  2⤵
  PID:6488
- C:\Windows\System\INMbaOR.exe
  C:\Windows\System\INMbaOR.exe
  2⤵
  PID:6184
- C:\Windows\System\GRwiPXM.exe
  C:\Windows\System\GRwiPXM.exe
  2⤵
  PID:6576
- C:\Windows\System\pwvnKed.exe
  C:\Windows\System\pwvnKed.exe
  2⤵
  PID:7296
- C:\Windows\System\yhOcaQQ.exe
  C:\Windows\System\yhOcaQQ.exe
  2⤵
  PID:7396
- C:\Windows\System\dtlNcph.exe
  C:\Windows\System\dtlNcph.exe
  2⤵
  PID:7412
- C:\Windows\System\KiDcAog.exe
  C:\Windows\System\KiDcAog.exe
  2⤵
  PID:7428
- C:\Windows\System\wqFlWyM.exe
  C:\Windows\System\wqFlWyM.exe
  2⤵
  PID:7444
- C:\Windows\System\fplwEYr.exe
  C:\Windows\System\fplwEYr.exe
  2⤵
  PID:7460
- C:\Windows\System\xVqhMzR.exe
  C:\Windows\System\xVqhMzR.exe
  2⤵
  PID:7476
- C:\Windows\System\bYnLNVk.exe
  C:\Windows\System\bYnLNVk.exe
  2⤵
  PID:7492
- C:\Windows\System\nhNyEPM.exe
  C:\Windows\System\nhNyEPM.exe
  2⤵
  PID:7508
- C:\Windows\System\OzQqkmm.exe
  C:\Windows\System\OzQqkmm.exe
  2⤵
  PID:7524
- C:\Windows\System\CtGvHHV.exe
  C:\Windows\System\CtGvHHV.exe
  2⤵
  PID:7540
- C:\Windows\System\NgQJbZT.exe
  C:\Windows\System\NgQJbZT.exe
  2⤵
  PID:7556
- C:\Windows\System\XmrMPhf.exe
  C:\Windows\System\XmrMPhf.exe
  2⤵
  PID:7572
- C:\Windows\System\iMBWpDl.exe
  C:\Windows\System\iMBWpDl.exe
  2⤵
  PID:7588
- C:\Windows\System\QGUGUnw.exe
  C:\Windows\System\QGUGUnw.exe
  2⤵
  PID:7604
- C:\Windows\System\tVhExns.exe
  C:\Windows\System\tVhExns.exe
  2⤵
  PID:7620
- C:\Windows\System\gIxqijx.exe
  C:\Windows\System\gIxqijx.exe
  2⤵
  PID:7636
- C:\Windows\System\FUfMCmk.exe
  C:\Windows\System\FUfMCmk.exe
  2⤵
  PID:7652
- C:\Windows\System\CnHxRzm.exe
  C:\Windows\System\CnHxRzm.exe
  2⤵
  PID:7668
- C:\Windows\System\HHrEovb.exe
  C:\Windows\System\HHrEovb.exe
  2⤵
  PID:7684
- C:\Windows\System\NZqFopk.exe
  C:\Windows\System\NZqFopk.exe
  2⤵
  PID:7700
- C:\Windows\System\XHsMIaY.exe
  C:\Windows\System\XHsMIaY.exe
  2⤵
  PID:7716
- C:\Windows\System\curShtW.exe
  C:\Windows\System\curShtW.exe
  2⤵
  PID:7732
- C:\Windows\System\qurdwFj.exe
  C:\Windows\System\qurdwFj.exe
  2⤵
  PID:7748
- C:\Windows\System\oBkwBrd.exe
  C:\Windows\System\oBkwBrd.exe
  2⤵
  PID:7764
- C:\Windows\System\XhAvgNO.exe
  C:\Windows\System\XhAvgNO.exe
  2⤵
  PID:7780
- C:\Windows\System\iUHYZJj.exe
  C:\Windows\System\iUHYZJj.exe
  2⤵
  PID:7796
- C:\Windows\System\yvQgSKQ.exe
  C:\Windows\System\yvQgSKQ.exe
  2⤵
  PID:7812
- C:\Windows\System\rXbZRTl.exe
  C:\Windows\System\rXbZRTl.exe
  2⤵
  PID:7828
- C:\Windows\System\QqcORYa.exe
  C:\Windows\System\QqcORYa.exe
  2⤵
  PID:7844
- C:\Windows\System\aVYWzRV.exe
  C:\Windows\System\aVYWzRV.exe
  2⤵
  PID:7864
- C:\Windows\System\IHSZryJ.exe
  C:\Windows\System\IHSZryJ.exe
  2⤵
  PID:7880
- C:\Windows\System\ztSoxFl.exe
  C:\Windows\System\ztSoxFl.exe
  2⤵
  PID:7896
- C:\Windows\System\VQzhdUt.exe
  C:\Windows\System\VQzhdUt.exe
  2⤵
  PID:7912
- C:\Windows\System\PnrEmHd.exe
  C:\Windows\System\PnrEmHd.exe
  2⤵
  PID:7932
- C:\Windows\System\AKADtkm.exe
  C:\Windows\System\AKADtkm.exe
  2⤵
  PID:7948
- C:\Windows\System\bmswetY.exe
  C:\Windows\System\bmswetY.exe
  2⤵
  PID:7976
- C:\Windows\System\WthdVdY.exe
  C:\Windows\System\WthdVdY.exe
  2⤵
  PID:8048
- C:\Windows\System\gemBAve.exe
  C:\Windows\System\gemBAve.exe
  2⤵
  PID:8064
- C:\Windows\System\GTqpAMx.exe
  C:\Windows\System\GTqpAMx.exe
  2⤵
  PID:8080
- C:\Windows\System\vcyNQKo.exe
  C:\Windows\System\vcyNQKo.exe
  2⤵
  PID:8096
- C:\Windows\System\IlytWmJ.exe
  C:\Windows\System\IlytWmJ.exe
  2⤵
  PID:8112
- C:\Windows\System\LLMhmNW.exe
  C:\Windows\System\LLMhmNW.exe
  2⤵
  PID:8132
- C:\Windows\System\fnpXoIl.exe
  C:\Windows\System\fnpXoIl.exe
  2⤵
  PID:8148
- C:\Windows\System\tNrWpnL.exe
  C:\Windows\System\tNrWpnL.exe
  2⤵
  PID:8164
- C:\Windows\System\xezQsha.exe
  C:\Windows\System\xezQsha.exe
  2⤵
  PID:8180
- C:\Windows\System\qcpLsuz.exe
  C:\Windows\System\qcpLsuz.exe
  2⤵
  PID:2560
- C:\Windows\System\mZuPgCJ.exe
  C:\Windows\System\mZuPgCJ.exe
  2⤵
  PID:2512
- C:\Windows\System\qTCSFyk.exe
  C:\Windows\System\qTCSFyk.exe
  2⤵
  PID:2844
- C:\Windows\System\PacswyK.exe
  C:\Windows\System\PacswyK.exe
  2⤵
  PID:2640
- C:\Windows\System\WfPxJaM.exe
  C:\Windows\System\WfPxJaM.exe
  2⤵
  PID:7180
- C:\Windows\System\oqAKsEO.exe
  C:\Windows\System\oqAKsEO.exe
  2⤵
  PID:7196
- C:\Windows\System\qmnodCb.exe
  C:\Windows\System\qmnodCb.exe
  2⤵
  PID:7212
- C:\Windows\System\aenFNMi.exe
  C:\Windows\System\aenFNMi.exe
  2⤵
  PID:7228
- C:\Windows\System\oUcDFAe.exe
  C:\Windows\System\oUcDFAe.exe
  2⤵
  PID:7236
- C:\Windows\System\xuWSmeI.exe
  C:\Windows\System\xuWSmeI.exe
  2⤵
  PID:7256
- C:\Windows\System\lVAclkY.exe
  C:\Windows\System\lVAclkY.exe
  2⤵
  PID:7268
- C:\Windows\System\cjWLUzZ.exe
  C:\Windows\System\cjWLUzZ.exe
  2⤵
  PID:7284
- C:\Windows\System\QjdYoZy.exe
  C:\Windows\System\QjdYoZy.exe
  2⤵
  PID:2180
- C:\Windows\System\udfOsrn.exe
  C:\Windows\System\udfOsrn.exe
  2⤵
  PID:7332
- C:\Windows\System\KEjuXoO.exe
  C:\Windows\System\KEjuXoO.exe
  2⤵
  PID:7356
- C:\Windows\System\cLKupnm.exe
  C:\Windows\System\cLKupnm.exe
  2⤵
  PID:7352
- C:\Windows\System\TrhKgyx.exe
  C:\Windows\System\TrhKgyx.exe
  2⤵
  PID:7376
- C:\Windows\System\pnGGdXi.exe
  C:\Windows\System\pnGGdXi.exe
  2⤵
  PID:7392
- C:\Windows\System\EqdTJtE.exe
  C:\Windows\System\EqdTJtE.exe
  2⤵
  PID:7424
- C:\Windows\System\hQfQgUo.exe
  C:\Windows\System\hQfQgUo.exe
  2⤵
  PID:7488
- C:\Windows\System\oWTcWtk.exe
  C:\Windows\System\oWTcWtk.exe
  2⤵
  PID:7552
- C:\Windows\System\RVfYoqc.exe
  C:\Windows\System\RVfYoqc.exe
  2⤵
  PID:7440
- C:\Windows\System\fxfneXv.exe
  C:\Windows\System\fxfneXv.exe
  2⤵
  PID:7504
- C:\Windows\System\oyHTZkd.exe
  C:\Windows\System\oyHTZkd.exe
  2⤵
  PID:7564
- C:\Windows\System\felCAQU.exe
  C:\Windows\System\felCAQU.exe
  2⤵
  PID:7616
- C:\Windows\System\tAJyaRM.exe
  C:\Windows\System\tAJyaRM.exe
  2⤵
  PID:7660
- C:\Windows\System\qyOcabA.exe
  C:\Windows\System\qyOcabA.exe
  2⤵
  PID:7680
- C:\Windows\System\LaCQHRA.exe
  C:\Windows\System\LaCQHRA.exe
  2⤵
  PID:7696
- C:\Windows\System\NNxfJxC.exe
  C:\Windows\System\NNxfJxC.exe
  2⤵
  PID:7744
- C:\Windows\System\KOEeosJ.exe
  C:\Windows\System\KOEeosJ.exe
  2⤵
  PID:7772
- C:\Windows\System\KFEEAEi.exe
  C:\Windows\System\KFEEAEi.exe
  2⤵
  PID:7804
- C:\Windows\System\iIpAbcH.exe
  C:\Windows\System\iIpAbcH.exe
  2⤵
  PID:7840
- C:\Windows\System\NUhLuUK.exe
  C:\Windows\System\NUhLuUK.exe
  2⤵
  PID:7904
- C:\Windows\System\UACOjBw.exe
  C:\Windows\System\UACOjBw.exe
  2⤵
  PID:7860
- C:\Windows\System\ikxWydM.exe
  C:\Windows\System\ikxWydM.exe
  2⤵
  PID:7924
- C:\Windows\System\hvjILxd.exe
  C:\Windows\System\hvjILxd.exe
  2⤵
  PID:7956
- C:\Windows\System\HaxwjPr.exe
  C:\Windows\System\HaxwjPr.exe
  2⤵
  PID:7972
- C:\Windows\System\zJpNHRA.exe
  C:\Windows\System\zJpNHRA.exe
  2⤵
  PID:7996
- C:\Windows\System\mYKcdRS.exe
  C:\Windows\System\mYKcdRS.exe
  2⤵
  PID:8012
- C:\Windows\System\rgHHCRq.exe
  C:\Windows\System\rgHHCRq.exe
  2⤵
  PID:8028
- C:\Windows\System\DrcfMqi.exe
  C:\Windows\System\DrcfMqi.exe
  2⤵
  PID:8044
- C:\Windows\System\WWuMRMZ.exe
  C:\Windows\System\WWuMRMZ.exe
  2⤵
  PID:8056
- C:\Windows\System\wpTyhre.exe
  C:\Windows\System\wpTyhre.exe
  2⤵
  PID:8140
- C:\Windows\System\vCHxlGI.exe
  C:\Windows\System\vCHxlGI.exe
  2⤵
  PID:8128
- C:\Windows\System\OOGmJSa.exe
  C:\Windows\System\OOGmJSa.exe
  2⤵
  PID:5204
- C:\Windows\System\VAkLvyJ.exe
  C:\Windows\System\VAkLvyJ.exe
  2⤵
  PID:7188
- C:\Windows\System\mnOyUvA.exe
  C:\Windows\System\mnOyUvA.exe
  2⤵
  PID:8156
- C:\Windows\System\JZsAnYL.exe
  C:\Windows\System\JZsAnYL.exe
  2⤵
  PID:6876
- C:\Windows\System\jGWSGwX.exe
  C:\Windows\System\jGWSGwX.exe
  2⤵
  PID:2620
- C:\Windows\System\OfMUygI.exe
  C:\Windows\System\OfMUygI.exe
  2⤵
  PID:7244
- C:\Windows\System\CBoFdjC.exe
  C:\Windows\System\CBoFdjC.exe
  2⤵
  PID:7276
- C:\Windows\System\LRPrqNB.exe
  C:\Windows\System\LRPrqNB.exe
  2⤵
  PID:7324
- C:\Windows\System\MDMJrvb.exe
  C:\Windows\System\MDMJrvb.exe
  2⤵
  PID:7384
- C:\Windows\System\uJnCJAj.exe
  C:\Windows\System\uJnCJAj.exe
  2⤵
  PID:7304
- C:\Windows\System\sqzWPLh.exe
  C:\Windows\System\sqzWPLh.exe
  2⤵
  PID:7532
- C:\Windows\System\LgmfDHL.exe
  C:\Windows\System\LgmfDHL.exe
  2⤵
  PID:7708
- C:\Windows\System\RXwpAGx.exe
  C:\Windows\System\RXwpAGx.exe
  2⤵
  PID:7500
- C:\Windows\System\KTjFLVU.exe
  C:\Windows\System\KTjFLVU.exe
  2⤵
  PID:7740
- C:\Windows\System\wRniRbE.exe
  C:\Windows\System\wRniRbE.exe
  2⤵
  PID:1808
- C:\Windows\System\OrwcnLx.exe
  C:\Windows\System\OrwcnLx.exe
  2⤵
  PID:7852
- C:\Windows\System\lNHxwFM.exe
  C:\Windows\System\lNHxwFM.exe
  2⤵
  PID:7888
- C:\Windows\System\qrCFnHu.exe
  C:\Windows\System\qrCFnHu.exe
  2⤵
  PID:7968
- C:\Windows\System\OgxngGZ.exe
  C:\Windows\System\OgxngGZ.exe
  2⤵
  PID:2740
- C:\Windows\System\SqZooOL.exe
  C:\Windows\System\SqZooOL.exe
  2⤵
  PID:8076
- C:\Windows\System\QILMfyD.exe
  C:\Windows\System\QILMfyD.exe
  2⤵
  PID:8120
- C:\Windows\System\xqTRKSh.exe
  C:\Windows\System\xqTRKSh.exe
  2⤵
  PID:8188
- C:\Windows\System\dVmGzTt.exe
  C:\Windows\System\dVmGzTt.exe
  2⤵
  PID:7172
- C:\Windows\System\qxXPMzk.exe
  C:\Windows\System\qxXPMzk.exe
  2⤵
  PID:2540
- C:\Windows\System\pSDKlyw.exe
  C:\Windows\System\pSDKlyw.exe
  2⤵
  PID:7344
- C:\Windows\System\TYBxOoI.exe
  C:\Windows\System\TYBxOoI.exe
  2⤵
  PID:7348
- C:\Windows\System\uaDjYxu.exe
  C:\Windows\System\uaDjYxu.exe
  2⤵
  PID:7408
- C:\Windows\System\GAyRfig.exe
  C:\Windows\System\GAyRfig.exe
  2⤵
  PID:7548
- C:\Windows\System\VxlvkGj.exe
  C:\Windows\System\VxlvkGj.exe
  2⤵
  PID:7676
- C:\Windows\System\ChDOqCN.exe
  C:\Windows\System\ChDOqCN.exe
  2⤵
  PID:2800
- C:\Windows\System\PJLpNVh.exe
  C:\Windows\System\PJLpNVh.exe
  2⤵
  PID:7920
- C:\Windows\System\MXGhCfV.exe
  C:\Windows\System\MXGhCfV.exe
  2⤵
  PID:7876
- C:\Windows\System\cWgiFXC.exe
  C:\Windows\System\cWgiFXC.exe
  2⤵
  PID:8008
- C:\Windows\System\KNkJPSK.exe
  C:\Windows\System\KNkJPSK.exe
  2⤵
  PID:7856
- C:\Windows\System\LoHdJck.exe
  C:\Windows\System\LoHdJck.exe
  2⤵
  PID:7068
- C:\Windows\System\bJMyBgy.exe
  C:\Windows\System\bJMyBgy.exe
  2⤵
  PID:7292
- C:\Windows\System\cuvjhVx.exe
  C:\Windows\System\cuvjhVx.exe
  2⤵
  PID:7820
- C:\Windows\System\HrlJNvK.exe
  C:\Windows\System\HrlJNvK.exe
  2⤵
  PID:2984
- C:\Windows\System\jBJRWeT.exe
  C:\Windows\System\jBJRWeT.exe
  2⤵
  PID:7756
- C:\Windows\System\CteBpLR.exe
  C:\Windows\System\CteBpLR.exe
  2⤵
  PID:2792
- C:\Windows\System\CxdjNiF.exe
  C:\Windows\System\CxdjNiF.exe
  2⤵
  PID:2784
- C:\Windows\System\SQQCzYZ.exe
  C:\Windows\System\SQQCzYZ.exe
  2⤵
  PID:7628
- C:\Windows\System\gLaNgbY.exe
  C:\Windows\System\gLaNgbY.exe
  2⤵
  PID:7336
- C:\Windows\System\RawZnwt.exe
  C:\Windows\System\RawZnwt.exe
  2⤵
  PID:7520
- C:\Windows\System\nxKRLMr.exe
  C:\Windows\System\nxKRLMr.exe
  2⤵
  PID:7204
- C:\Windows\System\CjIIYyt.exe
  C:\Windows\System\CjIIYyt.exe
  2⤵
  PID:7472
- C:\Windows\System\qLZMXmE.exe
  C:\Windows\System\qLZMXmE.exe
  2⤵
  PID:8040
- C:\Windows\System\xrVQhVK.exe
  C:\Windows\System\xrVQhVK.exe
  2⤵
  PID:7328
- C:\Windows\System\zQpOjwp.exe
  C:\Windows\System\zQpOjwp.exe
  2⤵
  PID:7372
- C:\Windows\System\BcDZYyI.exe
  C:\Windows\System\BcDZYyI.exe
  2⤵
  PID:8020
- C:\Windows\System\dfIzKIb.exe
  C:\Windows\System\dfIzKIb.exe
  2⤵
  PID:7600
- C:\Windows\System\kjKuKRX.exe
  C:\Windows\System\kjKuKRX.exe
  2⤵
  PID:6516
- C:\Windows\System\fTHJLXE.exe
  C:\Windows\System\fTHJLXE.exe
  2⤵
  PID:8204
- C:\Windows\System\PXAsZbR.exe
  C:\Windows\System\PXAsZbR.exe
  2⤵
  PID:8224
- C:\Windows\System\ERKjaFr.exe
  C:\Windows\System\ERKjaFr.exe
  2⤵
  PID:8248
- C:\Windows\System\aCsNvMS.exe
  C:\Windows\System\aCsNvMS.exe
  2⤵
  PID:8264
- C:\Windows\System\zXoznDv.exe
  C:\Windows\System\zXoznDv.exe
  2⤵
  PID:8300
- C:\Windows\System\MwRvVye.exe
  C:\Windows\System\MwRvVye.exe
  2⤵
  PID:8316
- C:\Windows\System\aRBfAOz.exe
  C:\Windows\System\aRBfAOz.exe
  2⤵
  PID:8332
- C:\Windows\System\rjpCRCa.exe
  C:\Windows\System\rjpCRCa.exe
  2⤵
  PID:8356
- C:\Windows\System\jZnDWiz.exe
  C:\Windows\System\jZnDWiz.exe
  2⤵
  PID:8384
- C:\Windows\System\NYdGTsZ.exe
  C:\Windows\System\NYdGTsZ.exe
  2⤵
  PID:8404
- C:\Windows\System\YBpCxxK.exe
  C:\Windows\System\YBpCxxK.exe
  2⤵
  PID:8440
- C:\Windows\System\YpxvEKS.exe
  C:\Windows\System\YpxvEKS.exe
  2⤵
  PID:8460
- C:\Windows\System\JGkEvyX.exe
  C:\Windows\System\JGkEvyX.exe
  2⤵
  PID:8476
- C:\Windows\System\VeyLnYK.exe
  C:\Windows\System\VeyLnYK.exe
  2⤵
  PID:8492
- C:\Windows\System\kKkjRQF.exe
  C:\Windows\System\kKkjRQF.exe
  2⤵
  PID:8508
- C:\Windows\System\JuEybVG.exe
  C:\Windows\System\JuEybVG.exe
  2⤵
  PID:8524
- C:\Windows\System\YXSTAaF.exe
  C:\Windows\System\YXSTAaF.exe
  2⤵
  PID:8540
- C:\Windows\System\kJDbWfB.exe
  C:\Windows\System\kJDbWfB.exe
  2⤵
  PID:8556
- C:\Windows\System\rGpEkMH.exe
  C:\Windows\System\rGpEkMH.exe
  2⤵
  PID:8576
- C:\Windows\System\GVVXbBG.exe
  C:\Windows\System\GVVXbBG.exe
  2⤵
  PID:8592
- C:\Windows\System\gqcRkcn.exe
  C:\Windows\System\gqcRkcn.exe
  2⤵
  PID:8616
- C:\Windows\System\mxTGvyA.exe
  C:\Windows\System\mxTGvyA.exe
  2⤵
  PID:8632
- C:\Windows\System\xxxoBir.exe
  C:\Windows\System\xxxoBir.exe
  2⤵
  PID:8648
- C:\Windows\System\nRUpqyo.exe
  C:\Windows\System\nRUpqyo.exe
  2⤵
  PID:8664
- C:\Windows\System\nCYuzHY.exe
  C:\Windows\System\nCYuzHY.exe
  2⤵
  PID:8684
- C:\Windows\System\UCMxQSo.exe
  C:\Windows\System\UCMxQSo.exe
  2⤵
  PID:8700
- C:\Windows\System\jfRVybE.exe
  C:\Windows\System\jfRVybE.exe
  2⤵
  PID:8716
- C:\Windows\System\IBNcaPB.exe
  C:\Windows\System\IBNcaPB.exe
  2⤵
  PID:8736
- C:\Windows\System\zBDzaOZ.exe
  C:\Windows\System\zBDzaOZ.exe
  2⤵
  PID:8756
- C:\Windows\System\tHmRsss.exe
  C:\Windows\System\tHmRsss.exe
  2⤵
  PID:8780
- C:\Windows\System\aSQgFCs.exe
  C:\Windows\System\aSQgFCs.exe
  2⤵
  PID:8800
- C:\Windows\System\yYzQGkm.exe
  C:\Windows\System\yYzQGkm.exe
  2⤵
  PID:8816
- C:\Windows\System\jKOfdcL.exe
  C:\Windows\System\jKOfdcL.exe
  2⤵
  PID:8832
- C:\Windows\System\zidHNrw.exe
  C:\Windows\System\zidHNrw.exe
  2⤵
  PID:8852
- C:\Windows\System\kAlhfXO.exe
  C:\Windows\System\kAlhfXO.exe
  2⤵
  PID:8876
- C:\Windows\System\NBrDcDJ.exe
  C:\Windows\System\NBrDcDJ.exe
  2⤵
  PID:8892
- C:\Windows\System\qvbGref.exe
  C:\Windows\System\qvbGref.exe
  2⤵
  PID:8952
- C:\Windows\System\DcwCPiK.exe
  C:\Windows\System\DcwCPiK.exe
  2⤵
  PID:8976
- C:\Windows\System\GlyZXww.exe
  C:\Windows\System\GlyZXww.exe
  2⤵
  PID:8992
- C:\Windows\System\yxYbzpZ.exe
  C:\Windows\System\yxYbzpZ.exe
  2⤵
  PID:9008
- C:\Windows\System\EWzdZLv.exe
  C:\Windows\System\EWzdZLv.exe
  2⤵
  PID:9024
- C:\Windows\System\PiUyerV.exe
  C:\Windows\System\PiUyerV.exe
  2⤵
  PID:9040
- C:\Windows\System\WaDMcdW.exe
  C:\Windows\System\WaDMcdW.exe
  2⤵
  PID:9056
- C:\Windows\System\ugYdfCB.exe
  C:\Windows\System\ugYdfCB.exe
  2⤵
  PID:9072
- C:\Windows\System\uDqMnvs.exe
  C:\Windows\System\uDqMnvs.exe
  2⤵
  PID:9088
- C:\Windows\System\KpYyIEt.exe
  C:\Windows\System\KpYyIEt.exe
  2⤵
  PID:9104
- C:\Windows\System\LeocQpA.exe
  C:\Windows\System\LeocQpA.exe
  2⤵
  PID:9120
- C:\Windows\System\xGXdnJs.exe
  C:\Windows\System\xGXdnJs.exe
  2⤵
  PID:9136
- C:\Windows\System\CloSxmB.exe
  C:\Windows\System\CloSxmB.exe
  2⤵
  PID:9152
- C:\Windows\System\gTDzZMl.exe
  C:\Windows\System\gTDzZMl.exe
  2⤵
  PID:9168
- C:\Windows\System\kYuFqLe.exe
  C:\Windows\System\kYuFqLe.exe
  2⤵
  PID:9184
- C:\Windows\System\oasrJAZ.exe
  C:\Windows\System\oasrJAZ.exe
  2⤵
  PID:9200
- C:\Windows\System\ciHBRHY.exe
  C:\Windows\System\ciHBRHY.exe
  2⤵
  PID:8216
- C:\Windows\System\gJcSlvW.exe
  C:\Windows\System\gJcSlvW.exe
  2⤵
  PID:8176
- C:\Windows\System\IPdzfNw.exe
  C:\Windows\System\IPdzfNw.exe
  2⤵
  PID:8240
- C:\Windows\System\ZAizCEA.exe
  C:\Windows\System\ZAizCEA.exe
  2⤵
  PID:8272
- C:\Windows\System\QHVhWjn.exe
  C:\Windows\System\QHVhWjn.exe
  2⤵
  PID:8288
- C:\Windows\System\zxryHEt.exe
  C:\Windows\System\zxryHEt.exe
  2⤵
  PID:8340
- C:\Windows\System\fhTZDzI.exe
  C:\Windows\System\fhTZDzI.exe
  2⤵
  PID:8328
- C:\Windows\System\sXjxWZg.exe
  C:\Windows\System\sXjxWZg.exe
  2⤵
  PID:8484
- C:\Windows\System\dFRBuHL.exe
  C:\Windows\System\dFRBuHL.exe
  2⤵
  PID:8552
- C:\Windows\System\xWfdPes.exe
  C:\Windows\System\xWfdPes.exe
  2⤵
  PID:8424
- C:\Windows\System\yIRuxsi.exe
  C:\Windows\System\yIRuxsi.exe
  2⤵
  PID:8468
- C:\Windows\System\WEeDijp.exe
  C:\Windows\System\WEeDijp.exe
  2⤵
  PID:8504
- C:\Windows\System\CbQpfVq.exe
  C:\Windows\System\CbQpfVq.exe
  2⤵
  PID:8572
- C:\Windows\System\JABqxWZ.exe
  C:\Windows\System\JABqxWZ.exe
  2⤵
  PID:8600
- C:\Windows\System\RmWuooa.exe
  C:\Windows\System\RmWuooa.exe
  2⤵
  PID:8628
- C:\Windows\System\UjgISxA.exe
  C:\Windows\System\UjgISxA.exe
  2⤵
  PID:8660
- C:\Windows\System\WEiRnHg.exe
  C:\Windows\System\WEiRnHg.exe
  2⤵
  PID:5580
- C:\Windows\System\DDTziyM.exe
  C:\Windows\System\DDTziyM.exe
  2⤵
  PID:8728
- C:\Windows\System\dNlasne.exe
  C:\Windows\System\dNlasne.exe
  2⤵
  PID:8744
- C:\Windows\System\KtAxejX.exe
  C:\Windows\System\KtAxejX.exe
  2⤵
  PID:8752
- C:\Windows\System\wHNTDEf.exe
  C:\Windows\System\wHNTDEf.exe
  2⤵
  PID:8812
- C:\Windows\System\vkMEPJk.exe
  C:\Windows\System\vkMEPJk.exe
  2⤵
  PID:8824
- C:\Windows\System\lWFLAmr.exe
  C:\Windows\System\lWFLAmr.exe
  2⤵
  PID:8848
- C:\Windows\System\HcAIjoE.exe
  C:\Windows\System\HcAIjoE.exe
  2⤵
  PID:9192
- C:\Windows\System\rpXmdgW.exe
  C:\Windows\System\rpXmdgW.exe
  2⤵
  PID:8236
- C:\Windows\System\qdSIWRf.exe
  C:\Windows\System\qdSIWRf.exe
  2⤵
  PID:8200
- C:\Windows\System\aXPIKtF.exe
  C:\Windows\System\aXPIKtF.exe
  2⤵
  PID:8372
- C:\Windows\System\tuozLCT.exe
  C:\Windows\System\tuozLCT.exe
  2⤵
  PID:8348
- C:\Windows\System\HdAnGXj.exe
  C:\Windows\System\HdAnGXj.exe
  2⤵
  PID:8448
- C:\Windows\System\cZyOzKo.exe
  C:\Windows\System\cZyOzKo.exe
  2⤵
  PID:8416
- C:\Windows\System\knkdOzY.exe
  C:\Windows\System\knkdOzY.exe
  2⤵
  PID:8420
- C:\Windows\System\zzmZPoa.exe
  C:\Windows\System\zzmZPoa.exe
  2⤵
  PID:8568
- C:\Windows\System\DHYynON.exe
  C:\Windows\System\DHYynON.exe
  2⤵
  PID:1976
- C:\Windows\System\aSaBtHM.exe
  C:\Windows\System\aSaBtHM.exe
  2⤵
  PID:8536
- C:\Windows\System\dbsdsyP.exe
  C:\Windows\System\dbsdsyP.exe
  2⤵
  PID:8436
- C:\Windows\System\nEGbhtQ.exe
  C:\Windows\System\nEGbhtQ.exe
  2⤵
  PID:1984
- C:\Windows\System\npGGwTf.exe
  C:\Windows\System\npGGwTf.exe
  2⤵
  PID:8768
- C:\Windows\System\WvRhRkP.exe
  C:\Windows\System\WvRhRkP.exe
  2⤵
  PID:8772
- C:\Windows\System\nBiESqQ.exe
  C:\Windows\System\nBiESqQ.exe
  2⤵
  PID:8888
- C:\Windows\System\sVsGBCJ.exe
  C:\Windows\System\sVsGBCJ.exe
  2⤵
  PID:8960
- C:\Windows\System\szuGCgj.exe
  C:\Windows\System\szuGCgj.exe
  2⤵
  PID:8968
- C:\Windows\System\BswidYd.exe
  C:\Windows\System\BswidYd.exe
  2⤵
  PID:9004
- C:\Windows\System\lGrNvSa.exe
  C:\Windows\System\lGrNvSa.exe
  2⤵
  PID:9032
- C:\Windows\System\dpyjsPA.exe
  C:\Windows\System\dpyjsPA.exe
  2⤵
  PID:9036
- C:\Windows\System\ekEwvtX.exe
  C:\Windows\System\ekEwvtX.exe
  2⤵
  PID:9096
- C:\Windows\System\sIegqMF.exe
  C:\Windows\System\sIegqMF.exe
  2⤵
  PID:8948
- C:\Windows\System\FwREDNH.exe
  C:\Windows\System\FwREDNH.exe
  2⤵
  PID:8988
- C:\Windows\System\GuGpuxO.exe
  C:\Windows\System\GuGpuxO.exe
  2⤵
  PID:8984
- C:\Windows\System\jDYryDz.exe
  C:\Windows\System\jDYryDz.exe
  2⤵
  PID:9084
- C:\Windows\System\EfNtsDw.exe
  C:\Windows\System\EfNtsDw.exe
  2⤵
  PID:9164
- C:\Windows\System\waacAEA.exe
  C:\Windows\System\waacAEA.exe
  2⤵
  PID:8220
- C:\Windows\System\cQfWQYk.exe
  C:\Windows\System\cQfWQYk.exe
  2⤵
  PID:9180
- C:\Windows\System\blgpKXv.exe
  C:\Windows\System\blgpKXv.exe
  2⤵
  PID:8244
- C:\Windows\System\eGxycki.exe
  C:\Windows\System\eGxycki.exe
  2⤵
  PID:8644
- C:\Windows\System\OzaoTTP.exe
  C:\Windows\System\OzaoTTP.exe
  2⤵
  PID:608
- C:\Windows\System\xVYuUnJ.exe
  C:\Windows\System\xVYuUnJ.exe
  2⤵
  PID:8732
- C:\Windows\System\cYphyWA.exe
  C:\Windows\System\cYphyWA.exe
  2⤵
  PID:8920
- C:\Windows\System\QOxdxQQ.exe
  C:\Windows\System\QOxdxQQ.exe
  2⤵
  PID:8884
- C:\Windows\System\iXVrbjX.exe
  C:\Windows\System\iXVrbjX.exe
  2⤵
  PID:8932
- C:\Windows\System\iFxACCs.exe
  C:\Windows\System\iFxACCs.exe
  2⤵
  PID:1440
- C:\Windows\System\xhcOYVx.exe
  C:\Windows\System\xhcOYVx.exe
  2⤵
  PID:9176
- C:\Windows\System\QhOmTJt.exe
  C:\Windows\System\QhOmTJt.exe
  2⤵
  PID:9052
- C:\Windows\System\aYvWaNp.exe
  C:\Windows\System\aYvWaNp.exe
  2⤵
  PID:8324
- C:\Windows\System\PUbQNMa.exe
  C:\Windows\System\PUbQNMa.exe
  2⤵
  PID:8400
- C:\Windows\System\IjaHONd.exe
  C:\Windows\System\IjaHONd.exe
  2⤵
  PID:8516
- C:\Windows\System\EmirfCr.exe
  C:\Windows\System\EmirfCr.exe
  2⤵
  PID:2880
- C:\Windows\System\geXoWXl.exe
  C:\Windows\System\geXoWXl.exe
  2⤵
  PID:8624
- C:\Windows\System\dVsgTGk.exe
  C:\Windows\System\dVsgTGk.exe
  2⤵
  PID:8432
- C:\Windows\System\ufGbHsG.exe
  C:\Windows\System\ufGbHsG.exe
  2⤵
  PID:9128
- C:\Windows\System\yGCrrOH.exe
  C:\Windows\System\yGCrrOH.exe
  2⤵
  PID:1396
- C:\Windows\System\CUewqfg.exe
  C:\Windows\System\CUewqfg.exe
  2⤵
  PID:8828
- C:\Windows\System\wtPUCDb.exe
  C:\Windows\System\wtPUCDb.exe
  2⤵
  PID:8908
- C:\Windows\System\RhETrfq.exe
  C:\Windows\System\RhETrfq.exe
  2⤵
  PID:9148
- C:\Windows\System\CuujqFj.exe
  C:\Windows\System\CuujqFj.exe
  2⤵
  PID:2776
- C:\Windows\System\HUKgRdj.exe
  C:\Windows\System\HUKgRdj.exe
  2⤵
  PID:7312
- C:\Windows\System\rNagASW.exe
  C:\Windows\System\rNagASW.exe
  2⤵
  PID:2908
- C:\Windows\System\XTCjOls.exe
  C:\Windows\System\XTCjOls.exe
  2⤵
  PID:9064
- C:\Windows\System\ebTfOFn.exe
  C:\Windows\System\ebTfOFn.exe
  2⤵
  PID:8584
- C:\Windows\System\KErzNpl.exe
  C:\Windows\System\KErzNpl.exe
  2⤵
  PID:2832
- C:\Windows\System\zjyBQkF.exe
  C:\Windows\System\zjyBQkF.exe
  2⤵
  PID:1996
- C:\Windows\System\MnkvkVk.exe
  C:\Windows\System\MnkvkVk.exe
  2⤵
  PID:9224
- C:\Windows\System\GfnYGgC.exe
  C:\Windows\System\GfnYGgC.exe
  2⤵
  PID:9240
- C:\Windows\System\zEdwFhn.exe
  C:\Windows\System\zEdwFhn.exe
  2⤵
  PID:9256
- C:\Windows\System\MOCnzAL.exe
  C:\Windows\System\MOCnzAL.exe
  2⤵
  PID:9272
- C:\Windows\System\idVGHpT.exe
  C:\Windows\System\idVGHpT.exe
  2⤵
  PID:9288
- C:\Windows\System\EvHNXrc.exe
  C:\Windows\System\EvHNXrc.exe
  2⤵
  PID:9504
- C:\Windows\System\owHfuhw.exe
  C:\Windows\System\owHfuhw.exe
  2⤵
  PID:9524
- C:\Windows\System\SwBiJwa.exe
  C:\Windows\System\SwBiJwa.exe
  2⤵
  PID:9540
- C:\Windows\System\FHtLdaT.exe
  C:\Windows\System\FHtLdaT.exe
  2⤵
  PID:9760
- C:\Windows\System\QRQspFd.exe
  C:\Windows\System\QRQspFd.exe
  2⤵
  PID:9840
- C:\Windows\System\WMOkoXa.exe
  C:\Windows\System\WMOkoXa.exe
  2⤵
  PID:10000
- C:\Windows\System\wppsdkW.exe
  C:\Windows\System\wppsdkW.exe
  2⤵
  PID:10084
- C:\Windows\System\mLMwPOF.exe
  C:\Windows\System\mLMwPOF.exe
  2⤵
  PID:10100
- C:\Windows\System\YNEABhG.exe
  C:\Windows\System\YNEABhG.exe
  2⤵
  PID:10120
- C:\Windows\System\CZdDbxJ.exe
  C:\Windows\System\CZdDbxJ.exe
  2⤵
  PID:10140
- C:\Windows\System\QZsomBH.exe
  C:\Windows\System\QZsomBH.exe
  2⤵
  PID:10160
- C:\Windows\System\EeNCXJN.exe
  C:\Windows\System\EeNCXJN.exe
  2⤵
  PID:10180
- C:\Windows\System\ETjoybW.exe
  C:\Windows\System\ETjoybW.exe
  2⤵
  PID:10204
- C:\Windows\System\sDbuFum.exe
  C:\Windows\System\sDbuFum.exe
  2⤵
  PID:10228
- C:\Windows\System\ejvwysF.exe
  C:\Windows\System\ejvwysF.exe
  2⤵
  PID:9220
- C:\Windows\System\zpyeNSf.exe
  C:\Windows\System\zpyeNSf.exe
  2⤵
  PID:9280
- C:\Windows\System\fXqgQOE.exe
  C:\Windows\System\fXqgQOE.exe
  2⤵
  PID:9308
- C:\Windows\System\UEQKcTk.exe
  C:\Windows\System\UEQKcTk.exe
  2⤵
  PID:9512
- C:\Windows\System\BFtSuXt.exe
  C:\Windows\System\BFtSuXt.exe
  2⤵
  PID:9368
- C:\Windows\System\EJqoHmM.exe
  C:\Windows\System\EJqoHmM.exe
  2⤵
  PID:9416
- C:\Windows\System\buAZZOy.exe
  C:\Windows\System\buAZZOy.exe
  2⤵
  PID:9484
- C:\Windows\System\Phmxdvr.exe
  C:\Windows\System\Phmxdvr.exe
  2⤵
  PID:9372
- C:\Windows\System\bkIGAqD.exe
  C:\Windows\System\bkIGAqD.exe
  2⤵
  PID:9404
- C:\Windows\System\XugKnhb.exe
  C:\Windows\System\XugKnhb.exe
  2⤵
  PID:9436
- C:\Windows\System\ZdYZTuc.exe
  C:\Windows\System\ZdYZTuc.exe
  2⤵
  PID:9476
- C:\Windows\System\vAUaeKk.exe
  C:\Windows\System\vAUaeKk.exe
  2⤵
  PID:9496
- C:\Windows\System\gfvYsig.exe
  C:\Windows\System\gfvYsig.exe
  2⤵
  PID:9536
- C:\Windows\System\eVEjqZm.exe
  C:\Windows\System\eVEjqZm.exe
  2⤵
  PID:9556
- C:\Windows\System\KERRYWq.exe
  C:\Windows\System\KERRYWq.exe
  2⤵
  PID:9716
- C:\Windows\System\amiahIi.exe
  C:\Windows\System\amiahIi.exe
  2⤵
  PID:9576
- C:\Windows\System\yiqQjcd.exe
  C:\Windows\System\yiqQjcd.exe
  2⤵
  PID:9596
- C:\Windows\System\kYfeGZc.exe
  C:\Windows\System\kYfeGZc.exe
  2⤵
  PID:9624
- C:\Windows\System\NcytvxN.exe
  C:\Windows\System\NcytvxN.exe
  2⤵
  PID:9644
- C:\Windows\System\zdASUck.exe
  C:\Windows\System\zdASUck.exe
  2⤵
  PID:9676
- C:\Windows\System\trjlPna.exe
  C:\Windows\System\trjlPna.exe
  2⤵
  PID:9712
- C:\Windows\System\dysKnXn.exe
  C:\Windows\System\dysKnXn.exe
  2⤵
  PID:9704
- C:\Windows\System\DEklVLI.exe
  C:\Windows\System\DEklVLI.exe
  2⤵
  PID:9744
- C:\Windows\System\UiaRNZb.exe
  C:\Windows\System\UiaRNZb.exe
  2⤵
  PID:9772
- C:\Windows\System\WLIbisW.exe
  C:\Windows\System\WLIbisW.exe
  2⤵
  PID:9784
- C:\Windows\System\SeNgXMF.exe
  C:\Windows\System\SeNgXMF.exe
  2⤵
  PID:9820
- C:\Windows\System\bBdIufj.exe
  C:\Windows\System\bBdIufj.exe
  2⤵
  PID:9856
- C:\Windows\System\hoxpFbE.exe
  C:\Windows\System\hoxpFbE.exe
  2⤵
  PID:9884
- C:\Windows\System\rGBWwzG.exe
  C:\Windows\System\rGBWwzG.exe
  2⤵
  PID:9908
- C:\Windows\System\wytREYk.exe
  C:\Windows\System\wytREYk.exe
  2⤵
  PID:9936
- C:\Windows\System\YbaJLHM.exe
  C:\Windows\System\YbaJLHM.exe
  2⤵
  PID:9960
- C:\Windows\System\uXCNPFZ.exe
  C:\Windows\System\uXCNPFZ.exe
  2⤵
  PID:9972
- C:\Windows\System\TRhFgoH.exe
  C:\Windows\System\TRhFgoH.exe
  2⤵
  PID:9992
- C:\Windows\System\Vfunvoe.exe
  C:\Windows\System\Vfunvoe.exe
  2⤵
  PID:10020
- C:\Windows\System\gVZcExD.exe
  C:\Windows\System\gVZcExD.exe
  2⤵
  PID:10128
- C:\Windows\System\VLUsoxo.exe
  C:\Windows\System\VLUsoxo.exe
  2⤵
  PID:10044
- C:\Windows\System\KfVoRoF.exe
  C:\Windows\System\KfVoRoF.exe
  2⤵
  PID:10068
- C:\Windows\System\JXgtEks.exe
  C:\Windows\System\JXgtEks.exe
  2⤵
  PID:10080
- C:\Windows\System\MhHXcnu.exe
  C:\Windows\System\MhHXcnu.exe
  2⤵
  PID:10036
- C:\Windows\System\HmnaTOq.exe
  C:\Windows\System\HmnaTOq.exe
  2⤵
  PID:10040
- C:\Windows\System\PXHVSdc.exe
  C:\Windows\System\PXHVSdc.exe
  2⤵
  PID:10192
- C:\Windows\System\IIXCAQf.exe
  C:\Windows\System\IIXCAQf.exe
  2⤵
  PID:10224
- C:\Windows\System\ihpsAqL.exe
  C:\Windows\System\ihpsAqL.exe
  2⤵
  PID:2356
- C:\Windows\System\IXDFmJk.exe
  C:\Windows\System\IXDFmJk.exe
  2⤵
  PID:9296
- C:\Windows\System\QRyzivj.exe
  C:\Windows\System\QRyzivj.exe
  2⤵
  PID:9332
- C:\Windows\System\FsjdrXS.exe
  C:\Windows\System\FsjdrXS.exe
  2⤵
  PID:9344
- C:\Windows\System\fAWUJlU.exe
  C:\Windows\System\fAWUJlU.exe
  2⤵
  PID:9420
- C:\Windows\System\lxtyQYO.exe
  C:\Windows\System\lxtyQYO.exe
  2⤵
  PID:9384
- C:\Windows\System\ZxdRCyK.exe
  C:\Windows\System\ZxdRCyK.exe
  2⤵
  PID:9464
- C:\Windows\System\eAiuqNc.exe
  C:\Windows\System\eAiuqNc.exe
  2⤵
  PID:9568
- C:\Windows\System\kViqxxC.exe
  C:\Windows\System\kViqxxC.exe
  2⤵
  PID:9620
- C:\Windows\System\YDkvHLR.exe
  C:\Windows\System\YDkvHLR.exe
  2⤵
  PID:9696
- C:\Windows\System\DolWWAR.exe
  C:\Windows\System\DolWWAR.exe
  2⤵
  PID:9816
- C:\Windows\System\xfcwixL.exe
  C:\Windows\System\xfcwixL.exe
  2⤵
  PID:9808
- C:\Windows\System\IFNdCPq.exe
  C:\Windows\System\IFNdCPq.exe
  2⤵
  PID:9836
- C:\Windows\System\muasEiC.exe
  C:\Windows\System\muasEiC.exe
  2⤵
  PID:9632
- C:\Windows\System\heONvqT.exe
  C:\Windows\System\heONvqT.exe
  2⤵
  PID:9796
- C:\Windows\System\TiqCbIU.exe
  C:\Windows\System\TiqCbIU.exe
  2⤵
  PID:9872
- C:\Windows\System\zyfVBmt.exe
  C:\Windows\System\zyfVBmt.exe
  2⤵
  PID:9896
- C:\Windows\System\mopGPui.exe
  C:\Windows\System\mopGPui.exe
  2⤵
  PID:9948
- C:\Windows\System\fHFlxdY.exe
  C:\Windows\System\fHFlxdY.exe
  2⤵
  PID:10060
- C:\Windows\System\KFNlrEX.exe
  C:\Windows\System\KFNlrEX.exe
  2⤵
  PID:10008
- C:\Windows\System\PZiuaeX.exe
  C:\Windows\System\PZiuaeX.exe
  2⤵
  PID:10148
- C:\Windows\System\ayinWTz.exe
  C:\Windows\System\ayinWTz.exe
  2⤵
  PID:9264
- C:\Windows\System\ULNxcgN.exe
  C:\Windows\System\ULNxcgN.exe
  2⤵
  PID:1792
- C:\Windows\System\BNRtBDf.exe
  C:\Windows\System\BNRtBDf.exe
  2⤵
  PID:9356
- C:\Windows\System\XpTHIhz.exe
  C:\Windows\System\XpTHIhz.exe
  2⤵
  PID:9468
- C:\Windows\System\yARlajU.exe
  C:\Windows\System\yARlajU.exe
  2⤵
  PID:9612
- C:\Windows\System\PdIHTPa.exe
  C:\Windows\System\PdIHTPa.exe
  2⤵
  PID:9432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DxraSSq.exe

Filesize
6.0MB

MD5
04430aaad001cb05f5d11badb4336e7a

SHA1
9b15d5e7701f76b1379861384411f1d53ac2239a

SHA256
3501cf77ef6513a0889c8f70ea2cc0284d744101d936f47492e1228ac11c597c

SHA512
2e9703159a7a61a48d900adf3bc9d0c78431511e4a92a3c72641b73ab9693254f4f1ca98c5aadb910e19987d2e4973592fbe5070a24d87acac4540d2117e6ccb

Download Submit
C:\Windows\system\JmzxDYV.exe

Filesize
6.0MB

MD5
578b1c4e9c7dd110b441fc8d46d2f989

SHA1
41f79cf153ea8ed42014f451f297f28083989d9b

SHA256
7cfa8cec4d4b2375c3e8eea2c6ea06301a6fdd906e4d55312d9c53d19050c354

SHA512
27e19e67c6fd2cb4ae8c7ba1e37d83384d8d207844b2fef1e6cce45d6a5c309b1aa05a004f4b9d64a702c76783390a9600feb6bbcd003cf871c3a09573105c95

Download Submit
C:\Windows\system\KbHksNg.exe

Filesize
6.0MB

MD5
ffb7d9dba0b1468806aa94ae9dc447fa

SHA1
d6b1ee8dd14f0a2318aa209efa72d5e2b43c7e38

SHA256
be0cabb7cfb904f209d4276675b332e1ae3d5c7b729ace655e7f7e9c005b0b75

SHA512
51de1cccf78a1bfd8f725580cb1c3903af155fafb7e60f2cd7c32808007237d7234e2a6d8f48a6b94150dc26e98091090ae613502d12f6b6f7ccb97f7747d388

Download Submit
C:\Windows\system\KouYYhO.exe

Filesize
6.0MB

MD5
61dc9b3cb37ad611da44cf183d8cc423

SHA1
246369ba1c9876684a4504d09cf2b74b1cbe4b6b

SHA256
6f706819b7ee63ffd95dfbe3e0b2e4c781825910a4906ab7d242d1aec87c4481

SHA512
cdccc4846e180bd920b5bd1a47013acb45687f4b857cced514fc01e5da3649e5ae963ea0f4d068d5f9ab62594919882ac77b4d8ed789e6e3541504d73ff4c77a

Download Submit
C:\Windows\system\LtruPMM.exe

Filesize
6.0MB

MD5
001764587b840c1972fa52b8372f6705

SHA1
a4b57f10cd3fbcfbaa5c712736560540daf21fcb

SHA256
8e0105e39ec3b3546a7164c73cc1dbdfbc44ea85d125ccc2f4238634bc7e75d3

SHA512
126b1f3f2daac46c8a6c5a9153c5bf22808b8ae596dd9aa698b361d7c64cdee55c9c06fd1e6820aec1da8ce41f18c445debc73a6ca44812b96f55e065b47bb9c

Download Submit
C:\Windows\system\MwMhxqb.exe

Filesize
6.0MB

MD5
79a3d297a969a96b2bc9385872739c55

SHA1
43cf43a7056ab6aac107c1c2b9ec5c0abf0423cc

SHA256
404013e5682f6204cacb214599bd9c3bc5675fe3155b86c8bd511a41281449dd

SHA512
722a54014e76e7cbadc836a8c25982a83b0ffed0ca4946446d1e27b26f284d9ecd5d61f07a13581870b48fb1814944b4604aff675e08bea5452b824c9e7faea7

Download Submit
C:\Windows\system\NbNifet.exe

Filesize
6.0MB

MD5
09de488e360947317ed55c3a2491ad51

SHA1
f1917b0d1dcd0e78869a4954b996f0a6c95534a4

SHA256
093868f5cc898bd30cb155c09ea95775d05fd6334eab71b080d4f36a4ef76192

SHA512
2bab9cb787fcfc96ed2f212b1818f937ee20ea97a0173718c6c08f5c2e45641308c768953794960d046b85909b65e77ec5515aec4923bd61cd3822855c531ee1

Download Submit
C:\Windows\system\OOxCamh.exe

Filesize
6.0MB

MD5
30fb732869472ac8ccd07e299082d4a7

SHA1
5a9b23757913f4a8b91afeddb6768edc47d4cac3

SHA256
e72461532a0682e400d0d8f1cf6f32d52c447bd66de5c387f253248dec6a603b

SHA512
df79899f3d2d31e11a80477f73d249ddd14f771c2f7d7b1fa2dcfafd9223bcd6852cf38f35f483381a6da0b557bd4814d591ee3079372ef86ccb17c037deb01d

Download Submit
C:\Windows\system\OrtWCIE.exe

Filesize
6.0MB

MD5
5b606c09388e5700fb3d6f9bd10d1dc4

SHA1
419944e217a5b7a3af5859e982ad4070469b267a

SHA256
8661ac7bc1d1c8b5594c576f602d469e8c38fd9d8aba880e514f0dd794db8ebd

SHA512
2aa97db71908762bfeb76c22adabec733de467e0d89e5642f0d14028b65276a82c722d4f59dfcfc3d64958236ce173a3a13883310735d7c9edc2a695f3558dc7

Download Submit
C:\Windows\system\SxjUeNx.exe

Filesize
6.0MB

MD5
e67b866fca10a02001d70e0cfe675d67

SHA1
9771c70d7fd521136f645b281c6b7745bd923cee

SHA256
5afea2b0ec60248ed38bf93c530e90db9722f8e85df8645f7fab780576be1bb2

SHA512
65e31e1eaf129a2b44fe4157a151e44dae0bfce4c9d391ff7e3aa336e401e99fff7f6993bf283276089c5e000c7ff29f98f8d99e2044810e77e560aa6446e330

Download Submit
C:\Windows\system\TIQJnIm.exe

Filesize
6.0MB

MD5
d7b310e114d787db73ffead872b506be

SHA1
0f7f249bc2500bee2762cccb5e8b332b588e6bd2

SHA256
48c1410e26c1acd78ecfb04daf20a277dd53327f2aa1a6b8456e77e6663746e7

SHA512
bd17375cf5ef989333e15ccd35a4b53fe46c2e99c60f340fc61b2f6c070556314441db1b428ebe794a3ffe4aedf11d093afc4f882a0434b0b1681f2503055307

Download Submit
C:\Windows\system\UchdtUU.exe

Filesize
6.0MB

MD5
e57ea45911f4287db3c64ac3fb6314f5

SHA1
775b51aec99a21f611b4b710df3358072206fb59

SHA256
0fba889425ae139a274f8e48b54ce49229fec0ae90339bd4b02eec400fb69eca

SHA512
847b9decdd0c57492742a9881207b4f6923d7bbf62665ddb1be58178b3f665c246e649aae5b335504515da8894ec526e5bb0347f0f952bc46d9048201595dc4e

Download Submit
C:\Windows\system\YbjvjSk.exe

Filesize
6.0MB

MD5
21529e8bddd120d3afb5d46090b541f2

SHA1
f40c2c571417efbee57570a37e7082e5f3d59974

SHA256
fe9395d59d8e8809df0e77cf73854b6445a369cf0b6251cd108fcb61dd9ed1b7

SHA512
8d2ca466d4aed957db34d276c26fcd100b13ca51c02dfdcd71fc1d7ad2130baa3e4b92a76b58fa944c793ff6d12995f0194d732a82d3c253206acc6cedfd5b14

Download Submit
C:\Windows\system\Yddbgjy.exe

Filesize
6.0MB

MD5
0afb014f646ddccd5ac568b0dc794b10

SHA1
bd00ab31760d409b3c1e9ebde2c9aec1e1eb2d45

SHA256
fa1f0f2e4ba9bd579f86699c1183a604ea9d3ce4ec72879174168ce3ea673613

SHA512
8c84483cff837492249464da3225d4e1989823a77e4b10b0aca6f5f7c5f96ced936fac222da10a81114331798cad7e340cb77c3264185f9af15b0ba9cd92ddfa

Download Submit
C:\Windows\system\bJHPpND.exe

Filesize
6.0MB

MD5
85b6f6c561977a244ba9900f42be90b7

SHA1
b459ad0a9597b0dd97ef535ef950a99949fc3254

SHA256
fc05cca65b1d9e34120abd3ffc081268d842a53be710eb69c2699fa49169eb50

SHA512
185908092a04d0adeaf723c40e021ed19f3dae8fa611f183ccec81ab01e563d53210bf2ae631cce0c4e0a8a9deab83d79f17fa17a09ca4afbb7bcfbe43fa4444

Download Submit
C:\Windows\system\betmRGo.exe

Filesize
6.0MB

MD5
08357d74b27fe0f0ecea4a87e01815eb

SHA1
d6e0c7e85a0dd547af2c9f1c3a7a5c4beb18fa0e

SHA256
47950448edb598f4c3248fb448f63ea6b8fd42bec7bd926b5e64637b3eaf137c

SHA512
1a4ab8e89c03ddfbd16fce964d47191fd49b956433529bca5bbacdfe6433de6765382018b2b703472af6a4e1e1fa0c4c567d29f7f97ee5e3e72d2eb5e7901f7c

Download Submit
C:\Windows\system\cOPUQQS.exe

Filesize
6.0MB

MD5
9cfd28b574cb7111372f1a7e7c8202eb

SHA1
a86ee257ec71d52982a8a0d6cc141f8776cf734f

SHA256
cd457a37aa20d594d687e2b5f3d94b2376e74e39b8b474f188c97659818aee09

SHA512
61d49d6dbf409b4d81bd55b80b63a74dd0fad7433d7c74e71657eebd408cb0075414058e4ae3c969beda773ffa9223a3f7fab4dce744add6846e7a7de93ec2c1

Download Submit
C:\Windows\system\fvAutPB.exe

Filesize
6.0MB

MD5
afa4d6fde70c4b78d80848dc099b9aaf

SHA1
e21d451b5257155be085b3bea447e74cf75b83f2

SHA256
48ef273d7ad1b83278c48276b07f509bf4b00480e908252df5581bfa51a814c5

SHA512
cab7c035d23b42e8c2d2800c895fa79067aa274a3255e7366aefad374fb8515064059979ca43ff5ca7dbb350d752c9a36c39c54e41006ec142b52ae20d369a28

Download Submit
C:\Windows\system\glJVTkV.exe

Filesize
6.0MB

MD5
191c71e57ea364856ef3ce8c607d5b33

SHA1
3e60e2d08cea8a3f7e121d46eaa586d2709a02b9

SHA256
8ac9ee23d4248171dbf985d8ae49a8f47ec9ecd9243521a19f8ad3e683f2bbe8

SHA512
6f7250415d990318c6a254358173f298b8362923497d20f2d5eb81884627ff4e5d849d10503e77c24db64043208f6f4ee2d16b25123d05c84d43ac74e6d24b5b

Download Submit
C:\Windows\system\iZXgKWW.exe

Filesize
6.0MB

MD5
1720b6b4e51c4729c48fce32c3a0f0bb

SHA1
098a28af540b6fd74254879de12c3554a0d32965

SHA256
8a3845bb6bb9fcf61f8edaf5e37769892787cab0805bc607319cc40bb342d328

SHA512
ca76ea5e72d99aa5490fbab4ca8a3b5b3916d0b2c9449a074414769715d57917993b2239717d02653b824c6c5c53086e3d37669451dda2be7c8579e70c007d3f

Download Submit
C:\Windows\system\kFyajyy.exe

Filesize
6.0MB

MD5
1275205438e237e341a0e9a9e94de0e5

SHA1
a06c5f52cd24c10c890c8eb94b7ad01e2be8e544

SHA256
4f5d83653105ff467715c437f359fa26ef555c46318d4445ee94034a8f86c608

SHA512
6c2538c173b9a8b02ed4fa7459673122a857ae3bf42d069f3bfe914a4d3092bc29bf671faeafeb8def4a832ed132ea941e3c07ec8c6f7634ac155b63a602efe3

Download Submit
C:\Windows\system\kejIBmZ.exe

Filesize
6.0MB

MD5
518a6c22c9db1f7ea68aeee2053d8a75

SHA1
0d6f2324262c7e85860ce4c1d86ec18a641dd8e1

SHA256
9b8457644aa3be306087a6a28d8ced22d8f78b1a130e062aa388ca8bc88261fd

SHA512
a8411be3d5c1a6cf2cb9be7861627c7472fe538b61b00c96e7a4e869f87835963629d3eeb4278f20d012585ed0cc955bc8455aa668fa416e346d690821039ff6

Download Submit
C:\Windows\system\kjsXYVV.exe

Filesize
6.0MB

MD5
f62ec83e1923fa63f75fa191ae93a36d

SHA1
625cb4eaaa29908925f99a389e7ce6a1885c03e4

SHA256
2867dcd58b77d57edd970715cdb78e27aaf27e145b6b91084e894910158aa449

SHA512
58e4dd8f4cd883a5abeebfa2601a18de9dfca4d7331036f3095706efde7b8b1b3c6d5dc6cab4d16a912a7454a343459509070066257a91d6a746391df4f0fdde

Download Submit
C:\Windows\system\rBZFnEA.exe

Filesize
6.0MB

MD5
f32ce917e8c4c1cae13aa9d8c622ea0f

SHA1
7f1ef4f7bc1de61621031569a9b0dea4f5c7685f

SHA256
71dff63042c8a6806b332dde805cf9d1440991208cff1b6f3881d4ebdada0b4d

SHA512
a3d9824b0e1644bf09afcb3439ae18f5dcac44919dfd3b40122a20edb3326f004cb074cf6c90ff06c5cd246b7f4fae0fd796e0f3949b65325b481afc2f328891

Download Submit
C:\Windows\system\sDXnUQn.exe

Filesize
6.0MB

MD5
5e0d57577763222bca8eeeceff2047e9

SHA1
2292aba54eecd1370ea4c591a626ecffcd7d7a09

SHA256
acc701187fcda087fda0f3897bb0c28beb2a80a571c2c90bcc2ee391a36eecbf

SHA512
64a54ce5952f6d57c85df0bc0e2babcb49f038ed0bfea5a432a1b0adccc34f3789dc11c9194b31c1a807f8f8364ce0e6eb9b9b0158c8deaa64bc29d100aa7f73

Download Submit
C:\Windows\system\sjNjpTV.exe

Filesize
6.0MB

MD5
1abb5343ed6195d2d3018a0b96c270b2

SHA1
3e53b3478eb457b219d767b9e9ebe33d906c1c1f

SHA256
1f44e2da09b8158902df719fdf17ac1b812b64d633ce51eb2eff918435a77715

SHA512
29529b0b153792a1acf5c76c44e8319584afc80980976e8ea8465138f68de72d61b8e0839af95e9d98376d8f2d3c0e969948bf649eecb871fbb0f89ffa8d7d2f

Download Submit
C:\Windows\system\tbemVap.exe

Filesize
6.0MB

MD5
378d918cc98f5ba46f471dcbc5388130

SHA1
95636605cd411cf42a2aca4ffae20451d2329f97

SHA256
4bac80fed275fbfbd2a4d324985c6ed4ef02b48018272cbcd42617e8e369df14

SHA512
10ab524e3ceed5c59ba9c301349e0edb8efeca96c8e090fea350720479b41fed0d70b456ce5874754cbe73a985bf2390c22ce39c6571ca7b5e1ee6ec1d354007

Download Submit
\Windows\system\BcwAMZG.exe

Filesize
6.0MB

MD5
49d0d685b88ce7baeb6644dac7487f86

SHA1
8d1b0e3a8d962255f10bcfb5f6ed4915356a1d3f

SHA256
1772d411f382548bb6dd57b1a86c509fb1295a17aba53431dcbdde2d501c2062

SHA512
71d62c10815ca0c4f2240aabb6ef86de7c8a949fe1fc9be2895d509d87c352278ea36ae696df1e4e948bdba4a5f83c278bb5d3ca236f78b893a473d043405beb

Download Submit
\Windows\system\FDKDeMP.exe

Filesize
6.0MB

MD5
a48c425b80decd1e57bfa68c5ae4ef9d

SHA1
122d66ae2ffa84a9ec4fdb04925b492be64c814e

SHA256
3538662d9becf2bd5c987bdd04f2710d884a1470eb68c83bb9e2df3cc5be9eeb

SHA512
a89877397117105ccaee5f466a52b7a81ce2b5dad22ed14cc2ec2e132727246a53f19115c284b76622b05ee4f95b6a5c052d269adae35fdd29c20d1db5d55c2b

Download Submit
\Windows\system\aoFxaDS.exe

Filesize
6.0MB

MD5
1853a89bca61a2c5e7ce3919578b0ecb

SHA1
f78bc3cc8e26d36b682f72f40b8d98f00a1df480

SHA256
e1f5517cbd88b45096e2d815c57271530e3f72a039d9ceaea9489102e40d8714

SHA512
f161efb33ed4481b13b3b40418c8b65fcbe97349ab1c3b61a706fe8c35b927caba9305f76e5eafb7682fcf22174ab1a3f656fe3c26acc828bfebdf641af14aa6

Download Submit
\Windows\system\pqKscKU.exe

Filesize
6.0MB

MD5
b473d49901c6e0f46c803d9e8b542e8b

SHA1
ce06272498f97bd27d1b4e3da1b969b7d0c53186

SHA256
e6d6df5dc9fdc29043d7d8e284ca842b365bb365f51d11c868014d09294e8ede

SHA512
ecb0029cc7de82c006f82129fa3fb5d52f6eebef0b05e914083e6371cabf1c157db7c75aaa339c3f6458c62b2ae091f453780f8b6086ce7a723df1c94911a3c7

Download Submit
\Windows\system\tARohSs.exe

Filesize
6.0MB

MD5
f251dc065c116571d226538caa849598

SHA1
bd30ca7346aef7c4c55b3cce5ec7c80dff0c0bbf

SHA256
06d31391c38985f135df7a50fae0809aee2e7b168508cff5aea01abe63992018

SHA512
59184db9d4f55c66a2358d283a9ca794c68911ccd32d67e675d81d2dfd50279f5980e285831d274441fafb684aa9d3f4fce917bf3c9b8c2aeb9e6ada0e33c3c1

Download Submit
memory/768-3480-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/768-102-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-103-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-3474-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-3436-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2088-26-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2240-336-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2240-1916-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2240-0-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2240-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2240-8-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2240-17-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2240-49-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2240-22-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2240-94-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2240-80-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2240-526-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2240-89-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2240-29-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2240-88-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2240-1070-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2240-105-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2240-104-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2240-36-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2240-86-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2492-3466-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-69-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-933-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-3481-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-77-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3460-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-75-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3438-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2632-30-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2652-48-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3444-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2656-64-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2656-3455-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3467-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2672-59-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2676-9-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2676-3462-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2696-37-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3463-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-74-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2760-20-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3465-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/3016-97-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-3464-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download