cobaltstrike | 62054fca1865bfd62541f163652e4ea466669f93b9256b51940e1ff4bd4eae62

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22/01/2025, 02:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

340eb845728b4656a62a7870d76acb8b
SHA1

8ca6336869aba52a570e0fe6d07a940a3fd7905f
SHA256

62054fca1865bfd62541f163652e4ea466669f93b9256b51940e1ff4bd4eae62
SHA512

45cdeac3163c8c60235255bf2498e0f87ac95f86cdc15d698ac00506d1a4cc1feb8e6610e035d685f48f2436836523e060f47671937c16a31d205b86393432aa
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUm:T+q56utgpPF8u/7m

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001227e-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186ee-8.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186fd-15.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001873d-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018728-19.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018784-26.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878f-31.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000187a5-35.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001925e-38.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-42.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-50.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-58.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001977d-179.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196b1-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-158.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197f8-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196af-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-115.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018683-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-47.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2404-0-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x000a00000001227e-3.dat	xmrig
behavioral1/files/0x00070000000186ee-8.dat	xmrig
behavioral1/files/0x00070000000186fd-15.dat	xmrig
behavioral1/files/0x000600000001873d-23.dat	xmrig
behavioral1/files/0x0007000000018728-19.dat	xmrig
behavioral1/files/0x0006000000018784-26.dat	xmrig
behavioral1/files/0x000600000001878f-31.dat	xmrig
behavioral1/files/0x00060000000187a5-35.dat	xmrig
behavioral1/files/0x000700000001925e-38.dat	xmrig
behavioral1/files/0x00050000000195c5-42.dat	xmrig
behavioral1/files/0x000500000001960b-50.dat	xmrig
behavioral1/files/0x000500000001960f-58.dat	xmrig
behavioral1/memory/2404-75-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/files/0x000500000001961b-129.dat	xmrig
behavioral1/files/0x0005000000019619-125.dat	xmrig
behavioral1/files/0x0005000000019621-149.dat	xmrig
behavioral1/memory/2548-925-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2404-858-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x0005000000019667-182.dat	xmrig
behavioral1/files/0x000500000001977d-179.dat	xmrig
behavioral1/files/0x00050000000196b1-172.dat	xmrig
behavioral1/files/0x0005000000019625-166.dat	xmrig
behavioral1/files/0x0005000000019623-158.dat	xmrig
behavioral1/files/0x00050000000197f8-186.dat	xmrig
behavioral1/files/0x000500000001961d-135.dat	xmrig
behavioral1/files/0x00050000000196af-169.dat	xmrig
behavioral1/files/0x0005000000019622-153.dat	xmrig
behavioral1/files/0x000500000001961f-141.dat	xmrig
behavioral1/files/0x0005000000019615-115.dat	xmrig
behavioral1/files/0x0008000000018683-109.dat	xmrig
behavioral1/files/0x0005000000019617-121.dat	xmrig
behavioral1/memory/2728-94-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2720-92-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2856-90-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2404-89-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2796-88-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2700-86-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/1496-84-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2892-82-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2248-80-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2404-79-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/memory/2484-78-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2404-77-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2432-76-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/files/0x0005000000019613-112.dat	xmrig
behavioral1/memory/2808-103-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2712-100-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x0005000000019611-99.dat	xmrig
behavioral1/memory/1228-74-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2548-73-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/files/0x000500000001960d-55.dat	xmrig
behavioral1/files/0x0005000000019609-47.dat	xmrig
behavioral1/memory/2796-3383-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2720-3385-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/1496-3406-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2856-3423-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2892-3459-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2808-3474-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2728-3456-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2484-3452-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/1228-3436-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2700-3422-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2548-3410-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2548	wIKtjxl.exe
1228	CbAUzGg.exe
2432	JgONkMm.exe
2484	znQMtcp.exe
2248	pZOTuSB.exe
2892	yytfIyd.exe
1496	XxLArMs.exe
2700	fyOCXir.exe
2796	sEDQCQn.exe
2856	SMdBiwD.exe
2720	LlxRCTu.exe
2728	cENrVRv.exe
2712	ukoJJmj.exe
2808	RuVjLSL.exe
1760	ygyeVcw.exe
1452	qMqBzPr.exe
1776	WFYiXkA.exe
1088	NpTsttF.exe
1424	uthAODo.exe
1428	jqKrHFX.exe
1780	oPYBVDo.exe
1844	pfOrOWJ.exe
1656	VTCHtEN.exe
2832	Ylebxsx.exe
2664	LsdRpwo.exe
2120	oGMLjhA.exe
2488	DjBrReH.exe
3012	KPTkFgP.exe
2496	YuPZaMp.exe
2692	wthItev.exe
1608	goPauTY.exe
640	HOWPFmN.exe
2460	AWGmUdH.exe
1712	MljluTy.exe
2436	ktVNQwY.exe
1116	MojPTxp.exe
864	QFNqQxW.exe
1724	QAMzmBE.exe
1540	TjrnrwF.exe
1336	cRuIGoU.exe
2236	dmyLKvS.exe
1544	hXFHqwc.exe
2388	SCEvkMY.exe
2960	beQSGWk.exe
2228	SffSlrD.exe
304	yJJoBJc.exe
2948	lNaePTG.exe
1812	CdwDSNu.exe
884	VvMFjnt.exe
2520	YloXLSq.exe
1592	BDQNziD.exe
380	BGMXUGT.exe
2452	fsttJEP.exe
2724	uZPmpTD.exe
2456	QEDzjUm.exe
1832	zybbthM.exe
2944	znUCIbW.exe
2508	ujgtAwa.exe
2800	vKTxRCN.exe
2660	nATCRPx.exe
2296	OMPvNKC.exe
2424	EdEWCVI.exe
2920	TMbCukn.exe
2876	LTkJFFC.exe

Loads dropped DLL 64 IoCs

pid	Process
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2404-0-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x000a00000001227e-3.dat	upx
behavioral1/files/0x00070000000186ee-8.dat	upx
behavioral1/files/0x00070000000186fd-15.dat	upx
behavioral1/files/0x000600000001873d-23.dat	upx
behavioral1/files/0x0007000000018728-19.dat	upx
behavioral1/files/0x0006000000018784-26.dat	upx
behavioral1/files/0x000600000001878f-31.dat	upx
behavioral1/files/0x00060000000187a5-35.dat	upx
behavioral1/files/0x000700000001925e-38.dat	upx
behavioral1/files/0x00050000000195c5-42.dat	upx
behavioral1/files/0x000500000001960b-50.dat	upx
behavioral1/files/0x000500000001960f-58.dat	upx
behavioral1/files/0x000500000001961b-129.dat	upx
behavioral1/files/0x0005000000019619-125.dat	upx
behavioral1/files/0x0005000000019621-149.dat	upx
behavioral1/memory/2548-925-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2404-858-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x0005000000019667-182.dat	upx
behavioral1/files/0x000500000001977d-179.dat	upx
behavioral1/files/0x00050000000196b1-172.dat	upx
behavioral1/files/0x0005000000019625-166.dat	upx
behavioral1/files/0x0005000000019623-158.dat	upx
behavioral1/files/0x00050000000197f8-186.dat	upx
behavioral1/files/0x000500000001961d-135.dat	upx
behavioral1/files/0x00050000000196af-169.dat	upx
behavioral1/files/0x0005000000019622-153.dat	upx
behavioral1/files/0x000500000001961f-141.dat	upx
behavioral1/files/0x0005000000019615-115.dat	upx
behavioral1/files/0x0008000000018683-109.dat	upx
behavioral1/files/0x0005000000019617-121.dat	upx
behavioral1/memory/2728-94-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2720-92-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2856-90-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2796-88-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2700-86-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/1496-84-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2892-82-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2248-80-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2484-78-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2432-76-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/files/0x0005000000019613-112.dat	upx
behavioral1/memory/2808-103-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2712-100-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x0005000000019611-99.dat	upx
behavioral1/memory/1228-74-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2548-73-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/files/0x000500000001960d-55.dat	upx
behavioral1/files/0x0005000000019609-47.dat	upx
behavioral1/memory/2796-3383-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2720-3385-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/1496-3406-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2856-3423-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2892-3459-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2808-3474-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2728-3456-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2484-3452-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/1228-3436-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2700-3422-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2548-3410-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2432-3409-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2712-3408-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2248-3407-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VpvMObX.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVpQyhj.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UtyOgMq.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oGMLjhA.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\loJJDzd.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dmoxtWA.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ytReNAo.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kqvmASP.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ReUHaKO.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nSMebMp.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZJOpiWj.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lXhDnJY.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GtVrVwP.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RgFfJcX.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xsuHSae.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JtTCJHf.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWvsNzC.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aPTQRtN.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NmpNRdP.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZVuPGAh.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BpPiYWJ.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHCQEmO.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vKTxRCN.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GbYpoUm.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nDwkctR.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mAvGuoq.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nKRHAkL.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rAQxQZq.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FBWxcVO.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JNEfZPw.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMPRmqq.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RRzeeVX.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wGtQNsY.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zGjoYaq.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYIzLAY.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wLGDtJs.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HGbEAml.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nZgkXDy.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gccjHcx.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\urvrqtN.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vuhwkmv.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lawZoQm.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kRjGlbZ.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BeCAyWU.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jMMCnZD.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FgFjNYJ.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNqgKYs.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ncQJZxQ.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WilRrkj.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XmWehis.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ynMEtdz.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GcsSgmb.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNAMzsW.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iUJJKRd.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QwaOvfm.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnnkRua.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MXQZUKg.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aASUAGu.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UhBcKnC.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnjLSpF.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\thVzdhB.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aesuVSz.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zxFwuVN.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBWqWWx.exe	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2548	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2404 wrote to memory of 2548	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2404 wrote to memory of 2548	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2404 wrote to memory of 1228	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2404 wrote to memory of 1228	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2404 wrote to memory of 1228	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2404 wrote to memory of 2432	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2404 wrote to memory of 2432	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2404 wrote to memory of 2432	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2404 wrote to memory of 2484	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2404 wrote to memory of 2484	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2404 wrote to memory of 2484	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2404 wrote to memory of 2248	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2404 wrote to memory of 2248	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2404 wrote to memory of 2248	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2404 wrote to memory of 2892	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2404 wrote to memory of 2892	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2404 wrote to memory of 2892	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2404 wrote to memory of 1496	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2404 wrote to memory of 1496	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2404 wrote to memory of 1496	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2404 wrote to memory of 2700	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2404 wrote to memory of 2700	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2404 wrote to memory of 2700	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2404 wrote to memory of 2796	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2404 wrote to memory of 2796	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2404 wrote to memory of 2796	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2404 wrote to memory of 2856	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2404 wrote to memory of 2856	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2404 wrote to memory of 2856	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2404 wrote to memory of 2720	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2404 wrote to memory of 2720	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2404 wrote to memory of 2720	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2404 wrote to memory of 2728	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2404 wrote to memory of 2728	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2404 wrote to memory of 2728	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2404 wrote to memory of 2712	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2404 wrote to memory of 2712	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2404 wrote to memory of 2712	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2404 wrote to memory of 2808	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2404 wrote to memory of 2808	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2404 wrote to memory of 2808	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2404 wrote to memory of 1760	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2404 wrote to memory of 1760	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2404 wrote to memory of 1760	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2404 wrote to memory of 1452	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2404 wrote to memory of 1452	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2404 wrote to memory of 1452	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2404 wrote to memory of 1776	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2404 wrote to memory of 1776	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2404 wrote to memory of 1776	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2404 wrote to memory of 1424	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2404 wrote to memory of 1424	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2404 wrote to memory of 1424	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2404 wrote to memory of 1088	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2404 wrote to memory of 1088	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2404 wrote to memory of 1088	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2404 wrote to memory of 1780	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2404 wrote to memory of 1780	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2404 wrote to memory of 1780	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2404 wrote to memory of 1428	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2404 wrote to memory of 1428	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2404 wrote to memory of 1428	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2404 wrote to memory of 1656	2404	2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_340eb845728b4656a62a7870d76acb8b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Windows\System\wIKtjxl.exe
  C:\Windows\System\wIKtjxl.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\CbAUzGg.exe
  C:\Windows\System\CbAUzGg.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\JgONkMm.exe
  C:\Windows\System\JgONkMm.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\znQMtcp.exe
  C:\Windows\System\znQMtcp.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\pZOTuSB.exe
  C:\Windows\System\pZOTuSB.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\yytfIyd.exe
  C:\Windows\System\yytfIyd.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\XxLArMs.exe
  C:\Windows\System\XxLArMs.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\fyOCXir.exe
  C:\Windows\System\fyOCXir.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\sEDQCQn.exe
  C:\Windows\System\sEDQCQn.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\SMdBiwD.exe
  C:\Windows\System\SMdBiwD.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\LlxRCTu.exe
  C:\Windows\System\LlxRCTu.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\cENrVRv.exe
  C:\Windows\System\cENrVRv.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\ukoJJmj.exe
  C:\Windows\System\ukoJJmj.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\RuVjLSL.exe
  C:\Windows\System\RuVjLSL.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\ygyeVcw.exe
  C:\Windows\System\ygyeVcw.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\qMqBzPr.exe
  C:\Windows\System\qMqBzPr.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\WFYiXkA.exe
  C:\Windows\System\WFYiXkA.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\uthAODo.exe
  C:\Windows\System\uthAODo.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\NpTsttF.exe
  C:\Windows\System\NpTsttF.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\oPYBVDo.exe
  C:\Windows\System\oPYBVDo.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\jqKrHFX.exe
  C:\Windows\System\jqKrHFX.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\VTCHtEN.exe
  C:\Windows\System\VTCHtEN.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\pfOrOWJ.exe
  C:\Windows\System\pfOrOWJ.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\Ylebxsx.exe
  C:\Windows\System\Ylebxsx.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\LsdRpwo.exe
  C:\Windows\System\LsdRpwo.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\oGMLjhA.exe
  C:\Windows\System\oGMLjhA.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\DjBrReH.exe
  C:\Windows\System\DjBrReH.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\wthItev.exe
  C:\Windows\System\wthItev.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\KPTkFgP.exe
  C:\Windows\System\KPTkFgP.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\HOWPFmN.exe
  C:\Windows\System\HOWPFmN.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\YuPZaMp.exe
  C:\Windows\System\YuPZaMp.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\goPauTY.exe
  C:\Windows\System\goPauTY.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\MljluTy.exe
  C:\Windows\System\MljluTy.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\AWGmUdH.exe
  C:\Windows\System\AWGmUdH.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\ktVNQwY.exe
  C:\Windows\System\ktVNQwY.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\MojPTxp.exe
  C:\Windows\System\MojPTxp.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\QAMzmBE.exe
  C:\Windows\System\QAMzmBE.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\QFNqQxW.exe
  C:\Windows\System\QFNqQxW.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\TjrnrwF.exe
  C:\Windows\System\TjrnrwF.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\cRuIGoU.exe
  C:\Windows\System\cRuIGoU.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\dmyLKvS.exe
  C:\Windows\System\dmyLKvS.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\hXFHqwc.exe
  C:\Windows\System\hXFHqwc.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\beQSGWk.exe
  C:\Windows\System\beQSGWk.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\SCEvkMY.exe
  C:\Windows\System\SCEvkMY.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\SffSlrD.exe
  C:\Windows\System\SffSlrD.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\yJJoBJc.exe
  C:\Windows\System\yJJoBJc.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\lNaePTG.exe
  C:\Windows\System\lNaePTG.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\CdwDSNu.exe
  C:\Windows\System\CdwDSNu.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\VvMFjnt.exe
  C:\Windows\System\VvMFjnt.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\YloXLSq.exe
  C:\Windows\System\YloXLSq.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\BDQNziD.exe
  C:\Windows\System\BDQNziD.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\BGMXUGT.exe
  C:\Windows\System\BGMXUGT.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\zybbthM.exe
  C:\Windows\System\zybbthM.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\fsttJEP.exe
  C:\Windows\System\fsttJEP.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\znUCIbW.exe
  C:\Windows\System\znUCIbW.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\uZPmpTD.exe
  C:\Windows\System\uZPmpTD.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\vKTxRCN.exe
  C:\Windows\System\vKTxRCN.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\QEDzjUm.exe
  C:\Windows\System\QEDzjUm.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\nATCRPx.exe
  C:\Windows\System\nATCRPx.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\ujgtAwa.exe
  C:\Windows\System\ujgtAwa.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\LTkJFFC.exe
  C:\Windows\System\LTkJFFC.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\OMPvNKC.exe
  C:\Windows\System\OMPvNKC.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\rAGzIzk.exe
  C:\Windows\System\rAGzIzk.exe
  2⤵
  PID:1772
- C:\Windows\System\EdEWCVI.exe
  C:\Windows\System\EdEWCVI.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\TOqNeMJ.exe
  C:\Windows\System\TOqNeMJ.exe
  2⤵
  PID:2584
- C:\Windows\System\TMbCukn.exe
  C:\Windows\System\TMbCukn.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\DooFCxS.exe
  C:\Windows\System\DooFCxS.exe
  2⤵
  PID:1796
- C:\Windows\System\hoaxlNB.exe
  C:\Windows\System\hoaxlNB.exe
  2⤵
  PID:912
- C:\Windows\System\aBBIPmb.exe
  C:\Windows\System\aBBIPmb.exe
  2⤵
  PID:1616
- C:\Windows\System\yRRzIzb.exe
  C:\Windows\System\yRRzIzb.exe
  2⤵
  PID:288
- C:\Windows\System\iUJJKRd.exe
  C:\Windows\System\iUJJKRd.exe
  2⤵
  PID:2940
- C:\Windows\System\QhbyMOc.exe
  C:\Windows\System\QhbyMOc.exe
  2⤵
  PID:2784
- C:\Windows\System\rAQxQZq.exe
  C:\Windows\System\rAQxQZq.exe
  2⤵
  PID:2180
- C:\Windows\System\qafmlTf.exe
  C:\Windows\System\qafmlTf.exe
  2⤵
  PID:792
- C:\Windows\System\KGfjuEZ.exe
  C:\Windows\System\KGfjuEZ.exe
  2⤵
  PID:900
- C:\Windows\System\XvmhDIo.exe
  C:\Windows\System\XvmhDIo.exe
  2⤵
  PID:468
- C:\Windows\System\XQKXFVc.exe
  C:\Windows\System\XQKXFVc.exe
  2⤵
  PID:1032
- C:\Windows\System\fWYgBoK.exe
  C:\Windows\System\fWYgBoK.exe
  2⤵
  PID:564
- C:\Windows\System\CsnbwyS.exe
  C:\Windows\System\CsnbwyS.exe
  2⤵
  PID:2900
- C:\Windows\System\XGmWPBW.exe
  C:\Windows\System\XGmWPBW.exe
  2⤵
  PID:2996
- C:\Windows\System\ewFVwfl.exe
  C:\Windows\System\ewFVwfl.exe
  2⤵
  PID:1968
- C:\Windows\System\cdxZvgz.exe
  C:\Windows\System\cdxZvgz.exe
  2⤵
  PID:2156
- C:\Windows\System\jrrYImw.exe
  C:\Windows\System\jrrYImw.exe
  2⤵
  PID:916
- C:\Windows\System\pzgupOD.exe
  C:\Windows\System\pzgupOD.exe
  2⤵
  PID:1048
- C:\Windows\System\xdxtUOK.exe
  C:\Windows\System\xdxtUOK.exe
  2⤵
  PID:2648
- C:\Windows\System\aPhHmFe.exe
  C:\Windows\System\aPhHmFe.exe
  2⤵
  PID:2640
- C:\Windows\System\OQuNfUD.exe
  C:\Windows\System\OQuNfUD.exe
  2⤵
  PID:1072
- C:\Windows\System\zUwGwyA.exe
  C:\Windows\System\zUwGwyA.exe
  2⤵
  PID:1628
- C:\Windows\System\TnjLSpF.exe
  C:\Windows\System\TnjLSpF.exe
  2⤵
  PID:1536
- C:\Windows\System\XlcnMHy.exe
  C:\Windows\System\XlcnMHy.exe
  2⤵
  PID:1980
- C:\Windows\System\NtVUDaA.exe
  C:\Windows\System\NtVUDaA.exe
  2⤵
  PID:2716
- C:\Windows\System\diHihdu.exe
  C:\Windows\System\diHihdu.exe
  2⤵
  PID:1220
- C:\Windows\System\lXKYDOI.exe
  C:\Windows\System\lXKYDOI.exe
  2⤵
  PID:2916
- C:\Windows\System\XlGFVIi.exe
  C:\Windows\System\XlGFVIi.exe
  2⤵
  PID:3028
- C:\Windows\System\eGpdnJY.exe
  C:\Windows\System\eGpdnJY.exe
  2⤵
  PID:1296
- C:\Windows\System\hRDXTzX.exe
  C:\Windows\System\hRDXTzX.exe
  2⤵
  PID:2492
- C:\Windows\System\zHpqWsN.exe
  C:\Windows\System\zHpqWsN.exe
  2⤵
  PID:2212
- C:\Windows\System\ypsjlma.exe
  C:\Windows\System\ypsjlma.exe
  2⤵
  PID:780
- C:\Windows\System\fvSvBzw.exe
  C:\Windows\System\fvSvBzw.exe
  2⤵
  PID:2348
- C:\Windows\System\GBAAEsl.exe
  C:\Windows\System\GBAAEsl.exe
  2⤵
  PID:1984
- C:\Windows\System\sMwkqqx.exe
  C:\Windows\System\sMwkqqx.exe
  2⤵
  PID:2524
- C:\Windows\System\gBPvkEb.exe
  C:\Windows\System\gBPvkEb.exe
  2⤵
  PID:2372
- C:\Windows\System\AUyUoJw.exe
  C:\Windows\System\AUyUoJw.exe
  2⤵
  PID:1020
- C:\Windows\System\jKCyFbS.exe
  C:\Windows\System\jKCyFbS.exe
  2⤵
  PID:1584
- C:\Windows\System\mxXXkLT.exe
  C:\Windows\System\mxXXkLT.exe
  2⤵
  PID:3036
- C:\Windows\System\gVhQRUf.exe
  C:\Windows\System\gVhQRUf.exe
  2⤵
  PID:2688
- C:\Windows\System\dAYQeLh.exe
  C:\Windows\System\dAYQeLh.exe
  2⤵
  PID:2924
- C:\Windows\System\SDxMNGP.exe
  C:\Windows\System\SDxMNGP.exe
  2⤵
  PID:1824
- C:\Windows\System\BlxinNo.exe
  C:\Windows\System\BlxinNo.exe
  2⤵
  PID:2624
- C:\Windows\System\SoIMyrl.exe
  C:\Windows\System\SoIMyrl.exe
  2⤵
  PID:1184
- C:\Windows\System\tBKEUeI.exe
  C:\Windows\System\tBKEUeI.exe
  2⤵
  PID:2192
- C:\Windows\System\VPdTCMX.exe
  C:\Windows\System\VPdTCMX.exe
  2⤵
  PID:1792
- C:\Windows\System\RjfBQcl.exe
  C:\Windows\System\RjfBQcl.exe
  2⤵
  PID:2528
- C:\Windows\System\jrfFORC.exe
  C:\Windows\System\jrfFORC.exe
  2⤵
  PID:3076
- C:\Windows\System\MbzzDNr.exe
  C:\Windows\System\MbzzDNr.exe
  2⤵
  PID:3092
- C:\Windows\System\iLeGFXx.exe
  C:\Windows\System\iLeGFXx.exe
  2⤵
  PID:3108
- C:\Windows\System\AALxeXh.exe
  C:\Windows\System\AALxeXh.exe
  2⤵
  PID:3128
- C:\Windows\System\wlPienc.exe
  C:\Windows\System\wlPienc.exe
  2⤵
  PID:3172
- C:\Windows\System\GekjvhC.exe
  C:\Windows\System\GekjvhC.exe
  2⤵
  PID:3204
- C:\Windows\System\dxtOBUK.exe
  C:\Windows\System\dxtOBUK.exe
  2⤵
  PID:3220
- C:\Windows\System\Gvuyxfb.exe
  C:\Windows\System\Gvuyxfb.exe
  2⤵
  PID:3240
- C:\Windows\System\tvsHRnm.exe
  C:\Windows\System\tvsHRnm.exe
  2⤵
  PID:3260
- C:\Windows\System\QKYcIcN.exe
  C:\Windows\System\QKYcIcN.exe
  2⤵
  PID:3276
- C:\Windows\System\ZbOmLbu.exe
  C:\Windows\System\ZbOmLbu.exe
  2⤵
  PID:3296
- C:\Windows\System\ukuvxlE.exe
  C:\Windows\System\ukuvxlE.exe
  2⤵
  PID:3320
- C:\Windows\System\AqwAERg.exe
  C:\Windows\System\AqwAERg.exe
  2⤵
  PID:3340
- C:\Windows\System\QdCZWCT.exe
  C:\Windows\System\QdCZWCT.exe
  2⤵
  PID:3360
- C:\Windows\System\UWYgPhF.exe
  C:\Windows\System\UWYgPhF.exe
  2⤵
  PID:3376
- C:\Windows\System\SlvbvPA.exe
  C:\Windows\System\SlvbvPA.exe
  2⤵
  PID:3408
- C:\Windows\System\FQtoBYe.exe
  C:\Windows\System\FQtoBYe.exe
  2⤵
  PID:3424
- C:\Windows\System\wccpATH.exe
  C:\Windows\System\wccpATH.exe
  2⤵
  PID:3440
- C:\Windows\System\XGRzUes.exe
  C:\Windows\System\XGRzUes.exe
  2⤵
  PID:3464
- C:\Windows\System\pUahmra.exe
  C:\Windows\System\pUahmra.exe
  2⤵
  PID:3480
- C:\Windows\System\SCpStMa.exe
  C:\Windows\System\SCpStMa.exe
  2⤵
  PID:3508
- C:\Windows\System\NkwRVCl.exe
  C:\Windows\System\NkwRVCl.exe
  2⤵
  PID:3528
- C:\Windows\System\LfDixby.exe
  C:\Windows\System\LfDixby.exe
  2⤵
  PID:3544
- C:\Windows\System\lKmNQtI.exe
  C:\Windows\System\lKmNQtI.exe
  2⤵
  PID:3568
- C:\Windows\System\gQUvDkr.exe
  C:\Windows\System\gQUvDkr.exe
  2⤵
  PID:3584
- C:\Windows\System\HvcqWTY.exe
  C:\Windows\System\HvcqWTY.exe
  2⤵
  PID:3600
- C:\Windows\System\JbLMqas.exe
  C:\Windows\System\JbLMqas.exe
  2⤵
  PID:3616
- C:\Windows\System\qEbapqF.exe
  C:\Windows\System\qEbapqF.exe
  2⤵
  PID:3632
- C:\Windows\System\NsBQAJQ.exe
  C:\Windows\System\NsBQAJQ.exe
  2⤵
  PID:3648
- C:\Windows\System\KIJCayX.exe
  C:\Windows\System\KIJCayX.exe
  2⤵
  PID:3668
- C:\Windows\System\NnoSbNV.exe
  C:\Windows\System\NnoSbNV.exe
  2⤵
  PID:3684
- C:\Windows\System\WBmWKeQ.exe
  C:\Windows\System\WBmWKeQ.exe
  2⤵
  PID:3700
- C:\Windows\System\sZLZQGj.exe
  C:\Windows\System\sZLZQGj.exe
  2⤵
  PID:3716
- C:\Windows\System\rYSFCws.exe
  C:\Windows\System\rYSFCws.exe
  2⤵
  PID:3736
- C:\Windows\System\VEyajFV.exe
  C:\Windows\System\VEyajFV.exe
  2⤵
  PID:3756
- C:\Windows\System\UneLlRV.exe
  C:\Windows\System\UneLlRV.exe
  2⤵
  PID:3772
- C:\Windows\System\PNGOoRb.exe
  C:\Windows\System\PNGOoRb.exe
  2⤵
  PID:3788
- C:\Windows\System\jKydpeR.exe
  C:\Windows\System\jKydpeR.exe
  2⤵
  PID:3804
- C:\Windows\System\YtNQnmv.exe
  C:\Windows\System\YtNQnmv.exe
  2⤵
  PID:3820
- C:\Windows\System\jzOjoSU.exe
  C:\Windows\System\jzOjoSU.exe
  2⤵
  PID:3836
- C:\Windows\System\jrOLxvx.exe
  C:\Windows\System\jrOLxvx.exe
  2⤵
  PID:3904
- C:\Windows\System\lWEKWsS.exe
  C:\Windows\System\lWEKWsS.exe
  2⤵
  PID:3920
- C:\Windows\System\BsqOTIn.exe
  C:\Windows\System\BsqOTIn.exe
  2⤵
  PID:3944
- C:\Windows\System\iyvMpEK.exe
  C:\Windows\System\iyvMpEK.exe
  2⤵
  PID:3964
- C:\Windows\System\XubtXuR.exe
  C:\Windows\System\XubtXuR.exe
  2⤵
  PID:3984
- C:\Windows\System\vYDoKZx.exe
  C:\Windows\System\vYDoKZx.exe
  2⤵
  PID:4004
- C:\Windows\System\XMVcoAS.exe
  C:\Windows\System\XMVcoAS.exe
  2⤵
  PID:4024
- C:\Windows\System\OXYdAgj.exe
  C:\Windows\System\OXYdAgj.exe
  2⤵
  PID:4044
- C:\Windows\System\NatLNQS.exe
  C:\Windows\System\NatLNQS.exe
  2⤵
  PID:4064
- C:\Windows\System\IUalpEB.exe
  C:\Windows\System\IUalpEB.exe
  2⤵
  PID:4080
- C:\Windows\System\LMpYXLY.exe
  C:\Windows\System\LMpYXLY.exe
  2⤵
  PID:772
- C:\Windows\System\anmNWQj.exe
  C:\Windows\System\anmNWQj.exe
  2⤵
  PID:2024
- C:\Windows\System\giGPiim.exe
  C:\Windows\System\giGPiim.exe
  2⤵
  PID:2464
- C:\Windows\System\puRTGNN.exe
  C:\Windows\System\puRTGNN.exe
  2⤵
  PID:3116
- C:\Windows\System\TdRlEaU.exe
  C:\Windows\System\TdRlEaU.exe
  2⤵
  PID:2152
- C:\Windows\System\itRmbjq.exe
  C:\Windows\System\itRmbjq.exe
  2⤵
  PID:1512
- C:\Windows\System\hGPBPJJ.exe
  C:\Windows\System\hGPBPJJ.exe
  2⤵
  PID:2064
- C:\Windows\System\xgyXxen.exe
  C:\Windows\System\xgyXxen.exe
  2⤵
  PID:3188
- C:\Windows\System\nOruLMY.exe
  C:\Windows\System\nOruLMY.exe
  2⤵
  PID:840
- C:\Windows\System\pFJalYl.exe
  C:\Windows\System\pFJalYl.exe
  2⤵
  PID:3144
- C:\Windows\System\hNpPYLs.exe
  C:\Windows\System\hNpPYLs.exe
  2⤵
  PID:3228
- C:\Windows\System\RdmEigE.exe
  C:\Windows\System\RdmEigE.exe
  2⤵
  PID:3216
- C:\Windows\System\ejEkCMc.exe
  C:\Windows\System\ejEkCMc.exe
  2⤵
  PID:3316
- C:\Windows\System\VsWgTIo.exe
  C:\Windows\System\VsWgTIo.exe
  2⤵
  PID:3384
- C:\Windows\System\cotAwGP.exe
  C:\Windows\System\cotAwGP.exe
  2⤵
  PID:3432
- C:\Windows\System\lixhLWD.exe
  C:\Windows\System\lixhLWD.exe
  2⤵
  PID:3524
- C:\Windows\System\qZSbjPm.exe
  C:\Windows\System\qZSbjPm.exe
  2⤵
  PID:3564
- C:\Windows\System\iqBnWlP.exe
  C:\Windows\System\iqBnWlP.exe
  2⤵
  PID:3256
- C:\Windows\System\ofOiJtf.exe
  C:\Windows\System\ofOiJtf.exe
  2⤵
  PID:3292
- C:\Windows\System\RnQeMOd.exe
  C:\Windows\System\RnQeMOd.exe
  2⤵
  PID:3332
- C:\Windows\System\rcQeaaZ.exe
  C:\Windows\System\rcQeaaZ.exe
  2⤵
  PID:3696
- C:\Windows\System\wpZRSEA.exe
  C:\Windows\System\wpZRSEA.exe
  2⤵
  PID:3420
- C:\Windows\System\FRgbeLb.exe
  C:\Windows\System\FRgbeLb.exe
  2⤵
  PID:3460
- C:\Windows\System\XfUBiuB.exe
  C:\Windows\System\XfUBiuB.exe
  2⤵
  PID:3500
- C:\Windows\System\nIhhcld.exe
  C:\Windows\System\nIhhcld.exe
  2⤵
  PID:3540
- C:\Windows\System\UZbNIHD.exe
  C:\Windows\System\UZbNIHD.exe
  2⤵
  PID:3748
- C:\Windows\System\pxpvRCh.exe
  C:\Windows\System\pxpvRCh.exe
  2⤵
  PID:3816
- C:\Windows\System\RLSpmkD.exe
  C:\Windows\System\RLSpmkD.exe
  2⤵
  PID:3708
- C:\Windows\System\adDhgXq.exe
  C:\Windows\System\adDhgXq.exe
  2⤵
  PID:3612
- C:\Windows\System\thVzdhB.exe
  C:\Windows\System\thVzdhB.exe
  2⤵
  PID:3856
- C:\Windows\System\mDNPLUZ.exe
  C:\Windows\System\mDNPLUZ.exe
  2⤵
  PID:3876
- C:\Windows\System\mmfVaak.exe
  C:\Windows\System\mmfVaak.exe
  2⤵
  PID:3892
- C:\Windows\System\cqNMMaK.exe
  C:\Windows\System\cqNMMaK.exe
  2⤵
  PID:3992
- C:\Windows\System\mLWqelK.exe
  C:\Windows\System\mLWqelK.exe
  2⤵
  PID:3936
- C:\Windows\System\pnuzfEB.exe
  C:\Windows\System\pnuzfEB.exe
  2⤵
  PID:3976
- C:\Windows\System\MBkeHyP.exe
  C:\Windows\System\MBkeHyP.exe
  2⤵
  PID:4036
- C:\Windows\System\UYZOFBZ.exe
  C:\Windows\System\UYZOFBZ.exe
  2⤵
  PID:3040
- C:\Windows\System\jRMyqJF.exe
  C:\Windows\System\jRMyqJF.exe
  2⤵
  PID:4060
- C:\Windows\System\cdfhhhE.exe
  C:\Windows\System\cdfhhhE.exe
  2⤵
  PID:3088
- C:\Windows\System\iGDYZGx.exe
  C:\Windows\System\iGDYZGx.exe
  2⤵
  PID:756
- C:\Windows\System\LsNqnjz.exe
  C:\Windows\System\LsNqnjz.exe
  2⤵
  PID:2208
- C:\Windows\System\ziCMhje.exe
  C:\Windows\System\ziCMhje.exe
  2⤵
  PID:3200
- C:\Windows\System\vHldlRY.exe
  C:\Windows\System\vHldlRY.exe
  2⤵
  PID:2932
- C:\Windows\System\mNkDZeD.exe
  C:\Windows\System\mNkDZeD.exe
  2⤵
  PID:3156
- C:\Windows\System\lXhDnJY.exe
  C:\Windows\System\lXhDnJY.exe
  2⤵
  PID:3272
- C:\Windows\System\GSXSGjq.exe
  C:\Windows\System\GSXSGjq.exe
  2⤵
  PID:3356
- C:\Windows\System\SwwNEdk.exe
  C:\Windows\System\SwwNEdk.exe
  2⤵
  PID:3516
- C:\Windows\System\JpvxrLd.exe
  C:\Windows\System\JpvxrLd.exe
  2⤵
  PID:3328
- C:\Windows\System\ezncWnp.exe
  C:\Windows\System\ezncWnp.exe
  2⤵
  PID:3628
- C:\Windows\System\SwVpJgd.exe
  C:\Windows\System\SwVpJgd.exe
  2⤵
  PID:3664
- C:\Windows\System\PErWMxO.exe
  C:\Windows\System\PErWMxO.exe
  2⤵
  PID:3492
- C:\Windows\System\kNvbBHR.exe
  C:\Windows\System\kNvbBHR.exe
  2⤵
  PID:3832
- C:\Windows\System\aesuVSz.exe
  C:\Windows\System\aesuVSz.exe
  2⤵
  PID:3768
- C:\Windows\System\zEyZgza.exe
  C:\Windows\System\zEyZgza.exe
  2⤵
  PID:3784
- C:\Windows\System\xBkTWUI.exe
  C:\Windows\System\xBkTWUI.exe
  2⤵
  PID:3852
- C:\Windows\System\WjlrgiZ.exe
  C:\Windows\System\WjlrgiZ.exe
  2⤵
  PID:3952
- C:\Windows\System\lUJsCCP.exe
  C:\Windows\System\lUJsCCP.exe
  2⤵
  PID:3996
- C:\Windows\System\UAsVzAl.exe
  C:\Windows\System\UAsVzAl.exe
  2⤵
  PID:3896
- C:\Windows\System\uDRbOkH.exe
  C:\Windows\System\uDRbOkH.exe
  2⤵
  PID:2816
- C:\Windows\System\PGxIqNl.exe
  C:\Windows\System\PGxIqNl.exe
  2⤵
  PID:4052
- C:\Windows\System\LDZWEOR.exe
  C:\Windows\System\LDZWEOR.exe
  2⤵
  PID:2304
- C:\Windows\System\kYIzLAY.exe
  C:\Windows\System\kYIzLAY.exe
  2⤵
  PID:2340
- C:\Windows\System\uvRoRLu.exe
  C:\Windows\System\uvRoRLu.exe
  2⤵
  PID:3304
- C:\Windows\System\nQwrcxn.exe
  C:\Windows\System\nQwrcxn.exe
  2⤵
  PID:3404
- C:\Windows\System\BEbaMMB.exe
  C:\Windows\System\BEbaMMB.exe
  2⤵
  PID:3212
- C:\Windows\System\ZccmxCx.exe
  C:\Windows\System\ZccmxCx.exe
  2⤵
  PID:3248
- C:\Windows\System\XAtFVIz.exe
  C:\Windows\System\XAtFVIz.exe
  2⤵
  PID:3692
- C:\Windows\System\pepXDxp.exe
  C:\Windows\System\pepXDxp.exe
  2⤵
  PID:3560
- C:\Windows\System\wUrbWnX.exe
  C:\Windows\System\wUrbWnX.exe
  2⤵
  PID:3496
- C:\Windows\System\aOYPLGI.exe
  C:\Windows\System\aOYPLGI.exe
  2⤵
  PID:3640
- C:\Windows\System\MHoSRPt.exe
  C:\Windows\System\MHoSRPt.exe
  2⤵
  PID:3864
- C:\Windows\System\zPPpIGK.exe
  C:\Windows\System\zPPpIGK.exe
  2⤵
  PID:3928
- C:\Windows\System\zyBbecI.exe
  C:\Windows\System\zyBbecI.exe
  2⤵
  PID:4040
- C:\Windows\System\mNLzywr.exe
  C:\Windows\System\mNLzywr.exe
  2⤵
  PID:4100
- C:\Windows\System\dyibwnW.exe
  C:\Windows\System\dyibwnW.exe
  2⤵
  PID:4116
- C:\Windows\System\FDHSGlT.exe
  C:\Windows\System\FDHSGlT.exe
  2⤵
  PID:4140
- C:\Windows\System\RHDgJFp.exe
  C:\Windows\System\RHDgJFp.exe
  2⤵
  PID:4160
- C:\Windows\System\EXOBjnF.exe
  C:\Windows\System\EXOBjnF.exe
  2⤵
  PID:4180
- C:\Windows\System\WBpmyXM.exe
  C:\Windows\System\WBpmyXM.exe
  2⤵
  PID:4204
- C:\Windows\System\rcWLTsQ.exe
  C:\Windows\System\rcWLTsQ.exe
  2⤵
  PID:4220
- C:\Windows\System\DAiOTjG.exe
  C:\Windows\System\DAiOTjG.exe
  2⤵
  PID:4236
- C:\Windows\System\CmGxSid.exe
  C:\Windows\System\CmGxSid.exe
  2⤵
  PID:4252
- C:\Windows\System\cDRXGGu.exe
  C:\Windows\System\cDRXGGu.exe
  2⤵
  PID:4276
- C:\Windows\System\bpGAzve.exe
  C:\Windows\System\bpGAzve.exe
  2⤵
  PID:4300
- C:\Windows\System\urvrqtN.exe
  C:\Windows\System\urvrqtN.exe
  2⤵
  PID:4320
- C:\Windows\System\dxJHVzz.exe
  C:\Windows\System\dxJHVzz.exe
  2⤵
  PID:4336
- C:\Windows\System\JqenPEk.exe
  C:\Windows\System\JqenPEk.exe
  2⤵
  PID:4356
- C:\Windows\System\fziHXNB.exe
  C:\Windows\System\fziHXNB.exe
  2⤵
  PID:4380
- C:\Windows\System\FOBuCCe.exe
  C:\Windows\System\FOBuCCe.exe
  2⤵
  PID:4396
- C:\Windows\System\zgSnoxy.exe
  C:\Windows\System\zgSnoxy.exe
  2⤵
  PID:4424
- C:\Windows\System\uAbAvPQ.exe
  C:\Windows\System\uAbAvPQ.exe
  2⤵
  PID:4440
- C:\Windows\System\VqHizNf.exe
  C:\Windows\System\VqHizNf.exe
  2⤵
  PID:4464
- C:\Windows\System\twdvFlw.exe
  C:\Windows\System\twdvFlw.exe
  2⤵
  PID:4492
- C:\Windows\System\PXvBBKJ.exe
  C:\Windows\System\PXvBBKJ.exe
  2⤵
  PID:4512
- C:\Windows\System\fBwRVKm.exe
  C:\Windows\System\fBwRVKm.exe
  2⤵
  PID:4532
- C:\Windows\System\VgUaomm.exe
  C:\Windows\System\VgUaomm.exe
  2⤵
  PID:4556
- C:\Windows\System\RaZuBhX.exe
  C:\Windows\System\RaZuBhX.exe
  2⤵
  PID:4572
- C:\Windows\System\AIYbVUv.exe
  C:\Windows\System\AIYbVUv.exe
  2⤵
  PID:4588
- C:\Windows\System\gyjKUuN.exe
  C:\Windows\System\gyjKUuN.exe
  2⤵
  PID:4612
- C:\Windows\System\ezoCiBc.exe
  C:\Windows\System\ezoCiBc.exe
  2⤵
  PID:4636
- C:\Windows\System\bYyzJhA.exe
  C:\Windows\System\bYyzJhA.exe
  2⤵
  PID:4656
- C:\Windows\System\xxDGhTM.exe
  C:\Windows\System\xxDGhTM.exe
  2⤵
  PID:4672
- C:\Windows\System\lUxOfoi.exe
  C:\Windows\System\lUxOfoi.exe
  2⤵
  PID:4692
- C:\Windows\System\bdhDjry.exe
  C:\Windows\System\bdhDjry.exe
  2⤵
  PID:4708
- C:\Windows\System\FbMlhjk.exe
  C:\Windows\System\FbMlhjk.exe
  2⤵
  PID:4724
- C:\Windows\System\OsYeAKJ.exe
  C:\Windows\System\OsYeAKJ.exe
  2⤵
  PID:4740
- C:\Windows\System\AfqNcxD.exe
  C:\Windows\System\AfqNcxD.exe
  2⤵
  PID:4760
- C:\Windows\System\JYTmNFx.exe
  C:\Windows\System\JYTmNFx.exe
  2⤵
  PID:4788
- C:\Windows\System\uHxUKHQ.exe
  C:\Windows\System\uHxUKHQ.exe
  2⤵
  PID:4804
- C:\Windows\System\lVqkrAq.exe
  C:\Windows\System\lVqkrAq.exe
  2⤵
  PID:4836
- C:\Windows\System\FKMKoRm.exe
  C:\Windows\System\FKMKoRm.exe
  2⤵
  PID:4856
- C:\Windows\System\YUzdFwW.exe
  C:\Windows\System\YUzdFwW.exe
  2⤵
  PID:4876
- C:\Windows\System\mnaBPPk.exe
  C:\Windows\System\mnaBPPk.exe
  2⤵
  PID:4896
- C:\Windows\System\IAXLxFO.exe
  C:\Windows\System\IAXLxFO.exe
  2⤵
  PID:4916
- C:\Windows\System\DYkxSsr.exe
  C:\Windows\System\DYkxSsr.exe
  2⤵
  PID:4940
- C:\Windows\System\YeUIzbc.exe
  C:\Windows\System\YeUIzbc.exe
  2⤵
  PID:4960
- C:\Windows\System\WilRrkj.exe
  C:\Windows\System\WilRrkj.exe
  2⤵
  PID:4980
- C:\Windows\System\nueSyun.exe
  C:\Windows\System\nueSyun.exe
  2⤵
  PID:5004
- C:\Windows\System\FZrrvCI.exe
  C:\Windows\System\FZrrvCI.exe
  2⤵
  PID:5024
- C:\Windows\System\JiQxBuw.exe
  C:\Windows\System\JiQxBuw.exe
  2⤵
  PID:5044
- C:\Windows\System\JIhIDvC.exe
  C:\Windows\System\JIhIDvC.exe
  2⤵
  PID:5064
- C:\Windows\System\QVSRQRl.exe
  C:\Windows\System\QVSRQRl.exe
  2⤵
  PID:5084
- C:\Windows\System\NlILzYA.exe
  C:\Windows\System\NlILzYA.exe
  2⤵
  PID:5104
- C:\Windows\System\jOpbwHY.exe
  C:\Windows\System\jOpbwHY.exe
  2⤵
  PID:2912
- C:\Windows\System\dxEkhtS.exe
  C:\Windows\System\dxEkhtS.exe
  2⤵
  PID:1516
- C:\Windows\System\PmFSvqP.exe
  C:\Windows\System\PmFSvqP.exe
  2⤵
  PID:3152
- C:\Windows\System\hvTkBna.exe
  C:\Windows\System\hvTkBna.exe
  2⤵
  PID:3252
- C:\Windows\System\kPstIYx.exe
  C:\Windows\System\kPstIYx.exe
  2⤵
  PID:3348
- C:\Windows\System\hNedCBI.exe
  C:\Windows\System\hNedCBI.exe
  2⤵
  PID:3800
- C:\Windows\System\jtTgMCH.exe
  C:\Windows\System\jtTgMCH.exe
  2⤵
  PID:3456
- C:\Windows\System\pcJCCYz.exe
  C:\Windows\System\pcJCCYz.exe
  2⤵
  PID:4076
- C:\Windows\System\ZzyKBYz.exe
  C:\Windows\System\ZzyKBYz.exe
  2⤵
  PID:4136
- C:\Windows\System\zSPOohH.exe
  C:\Windows\System\zSPOohH.exe
  2⤵
  PID:3844
- C:\Windows\System\JhfdVEI.exe
  C:\Windows\System\JhfdVEI.exe
  2⤵
  PID:4020
- C:\Windows\System\sSfrqet.exe
  C:\Windows\System\sSfrqet.exe
  2⤵
  PID:4112
- C:\Windows\System\aVmgSzp.exe
  C:\Windows\System\aVmgSzp.exe
  2⤵
  PID:4196
- C:\Windows\System\GbYpoUm.exe
  C:\Windows\System\GbYpoUm.exe
  2⤵
  PID:4260
- C:\Windows\System\VMdzvtG.exe
  C:\Windows\System\VMdzvtG.exe
  2⤵
  PID:4232
- C:\Windows\System\QhzWtGS.exe
  C:\Windows\System\QhzWtGS.exe
  2⤵
  PID:4364
- C:\Windows\System\kqsfvVE.exe
  C:\Windows\System\kqsfvVE.exe
  2⤵
  PID:4416
- C:\Windows\System\tOgZwIU.exe
  C:\Windows\System\tOgZwIU.exe
  2⤵
  PID:4352
- C:\Windows\System\bmaHZRt.exe
  C:\Windows\System\bmaHZRt.exe
  2⤵
  PID:4392
- C:\Windows\System\KMghkKe.exe
  C:\Windows\System\KMghkKe.exe
  2⤵
  PID:4500
- C:\Windows\System\LJiySzG.exe
  C:\Windows\System\LJiySzG.exe
  2⤵
  PID:4540
- C:\Windows\System\GsPchtY.exe
  C:\Windows\System\GsPchtY.exe
  2⤵
  PID:4472
- C:\Windows\System\UGBDOHU.exe
  C:\Windows\System\UGBDOHU.exe
  2⤵
  PID:4584
- C:\Windows\System\oDJvUKq.exe
  C:\Windows\System\oDJvUKq.exe
  2⤵
  PID:4628
- C:\Windows\System\ZkTjsWq.exe
  C:\Windows\System\ZkTjsWq.exe
  2⤵
  PID:4568
- C:\Windows\System\mEwomJa.exe
  C:\Windows\System\mEwomJa.exe
  2⤵
  PID:4700
- C:\Windows\System\TadqqGx.exe
  C:\Windows\System\TadqqGx.exe
  2⤵
  PID:4684
- C:\Windows\System\ICrDLjf.exe
  C:\Windows\System\ICrDLjf.exe
  2⤵
  PID:4736
- C:\Windows\System\BiHphGL.exe
  C:\Windows\System\BiHphGL.exe
  2⤵
  PID:4784
- C:\Windows\System\OdZllvi.exe
  C:\Windows\System\OdZllvi.exe
  2⤵
  PID:4800
- C:\Windows\System\XHkinlR.exe
  C:\Windows\System\XHkinlR.exe
  2⤵
  PID:4720
- C:\Windows\System\rleknPq.exe
  C:\Windows\System\rleknPq.exe
  2⤵
  PID:4828
- C:\Windows\System\xSNmeZN.exe
  C:\Windows\System\xSNmeZN.exe
  2⤵
  PID:4816
- C:\Windows\System\FBWxcVO.exe
  C:\Windows\System\FBWxcVO.exe
  2⤵
  PID:4844
- C:\Windows\System\dhxhiKE.exe
  C:\Windows\System\dhxhiKE.exe
  2⤵
  PID:4904
- C:\Windows\System\THGUWhj.exe
  C:\Windows\System\THGUWhj.exe
  2⤵
  PID:4908
- C:\Windows\System\ixwmVjd.exe
  C:\Windows\System\ixwmVjd.exe
  2⤵
  PID:5000
- C:\Windows\System\mgGHYjO.exe
  C:\Windows\System\mgGHYjO.exe
  2⤵
  PID:5040
- C:\Windows\System\QUVIfZI.exe
  C:\Windows\System\QUVIfZI.exe
  2⤵
  PID:5076
- C:\Windows\System\TOhvRkV.exe
  C:\Windows\System\TOhvRkV.exe
  2⤵
  PID:5020
- C:\Windows\System\jiNQHgY.exe
  C:\Windows\System\jiNQHgY.exe
  2⤵
  PID:2908
- C:\Windows\System\fomQRxk.exe
  C:\Windows\System\fomQRxk.exe
  2⤵
  PID:3416
- C:\Windows\System\WWvoSth.exe
  C:\Windows\System\WWvoSth.exe
  2⤵
  PID:4108
- C:\Windows\System\wLyLsfI.exe
  C:\Windows\System\wLyLsfI.exe
  2⤵
  PID:3732
- C:\Windows\System\BvFqOAP.exe
  C:\Windows\System\BvFqOAP.exe
  2⤵
  PID:3164
- C:\Windows\System\COHjZTP.exe
  C:\Windows\System\COHjZTP.exe
  2⤵
  PID:4188
- C:\Windows\System\lQBJPyk.exe
  C:\Windows\System\lQBJPyk.exe
  2⤵
  PID:4268
- C:\Windows\System\JAczIsd.exe
  C:\Windows\System\JAczIsd.exe
  2⤵
  PID:4368
- C:\Windows\System\kTSoffp.exe
  C:\Windows\System\kTSoffp.exe
  2⤵
  PID:4504
- C:\Windows\System\BhrlVKN.exe
  C:\Windows\System\BhrlVKN.exe
  2⤵
  PID:4524
- C:\Windows\System\sJowygW.exe
  C:\Windows\System\sJowygW.exe
  2⤵
  PID:4680
- C:\Windows\System\aLyOzSY.exe
  C:\Windows\System\aLyOzSY.exe
  2⤵
  PID:4752
- C:\Windows\System\IPOqqdI.exe
  C:\Windows\System\IPOqqdI.exe
  2⤵
  PID:2176
- C:\Windows\System\VXFPVzm.exe
  C:\Windows\System\VXFPVzm.exe
  2⤵
  PID:4176
- C:\Windows\System\FbgFBzD.exe
  C:\Windows\System\FbgFBzD.exe
  2⤵
  PID:4284
- C:\Windows\System\iVzitxP.exe
  C:\Windows\System\iVzitxP.exe
  2⤵
  PID:4328
- C:\Windows\System\TnSGSit.exe
  C:\Windows\System\TnSGSit.exe
  2⤵
  PID:4452
- C:\Windows\System\Xlqvpjc.exe
  C:\Windows\System\Xlqvpjc.exe
  2⤵
  PID:5100
- C:\Windows\System\OZakFQm.exe
  C:\Windows\System\OZakFQm.exe
  2⤵
  PID:4528
- C:\Windows\System\WVaITVI.exe
  C:\Windows\System\WVaITVI.exe
  2⤵
  PID:4128
- C:\Windows\System\iZWmebr.exe
  C:\Windows\System\iZWmebr.exe
  2⤵
  PID:3368
- C:\Windows\System\UihKRrj.exe
  C:\Windows\System\UihKRrj.exe
  2⤵
  PID:3712
- C:\Windows\System\VacONsF.exe
  C:\Windows\System\VacONsF.exe
  2⤵
  PID:4932
- C:\Windows\System\AhbxanX.exe
  C:\Windows\System\AhbxanX.exe
  2⤵
  PID:5116
- C:\Windows\System\nDwkctR.exe
  C:\Windows\System\nDwkctR.exe
  2⤵
  PID:2052
- C:\Windows\System\NHGqIZG.exe
  C:\Windows\System\NHGqIZG.exe
  2⤵
  PID:4824
- C:\Windows\System\chqjiUZ.exe
  C:\Windows\System\chqjiUZ.exe
  2⤵
  PID:3284
- C:\Windows\System\RVABZYH.exe
  C:\Windows\System\RVABZYH.exe
  2⤵
  PID:4652
- C:\Windows\System\SpMErIw.exe
  C:\Windows\System\SpMErIw.exe
  2⤵
  PID:4580
- C:\Windows\System\qHZTOhb.exe
  C:\Windows\System\qHZTOhb.exe
  2⤵
  PID:320
- C:\Windows\System\tNmhnjP.exe
  C:\Windows\System\tNmhnjP.exe
  2⤵
  PID:4952
- C:\Windows\System\kstAZcS.exe
  C:\Windows\System\kstAZcS.exe
  2⤵
  PID:5136
- C:\Windows\System\hMbHASU.exe
  C:\Windows\System\hMbHASU.exe
  2⤵
  PID:5152
- C:\Windows\System\gCuglIP.exe
  C:\Windows\System\gCuglIP.exe
  2⤵
  PID:5176
- C:\Windows\System\YUbGFVD.exe
  C:\Windows\System\YUbGFVD.exe
  2⤵
  PID:5200
- C:\Windows\System\loJJDzd.exe
  C:\Windows\System\loJJDzd.exe
  2⤵
  PID:5240
- C:\Windows\System\rfIfRWN.exe
  C:\Windows\System\rfIfRWN.exe
  2⤵
  PID:5260
- C:\Windows\System\NpMCTPH.exe
  C:\Windows\System\NpMCTPH.exe
  2⤵
  PID:5280
- C:\Windows\System\GLBIcgF.exe
  C:\Windows\System\GLBIcgF.exe
  2⤵
  PID:5300
- C:\Windows\System\WxiTkRZ.exe
  C:\Windows\System\WxiTkRZ.exe
  2⤵
  PID:5320
- C:\Windows\System\HumRKdU.exe
  C:\Windows\System\HumRKdU.exe
  2⤵
  PID:5340
- C:\Windows\System\vQfuTTj.exe
  C:\Windows\System\vQfuTTj.exe
  2⤵
  PID:5360
- C:\Windows\System\qeYslvw.exe
  C:\Windows\System\qeYslvw.exe
  2⤵
  PID:5380
- C:\Windows\System\wLGDtJs.exe
  C:\Windows\System\wLGDtJs.exe
  2⤵
  PID:5400
- C:\Windows\System\cdUhpXs.exe
  C:\Windows\System\cdUhpXs.exe
  2⤵
  PID:5420
- C:\Windows\System\qFYfgux.exe
  C:\Windows\System\qFYfgux.exe
  2⤵
  PID:5440
- C:\Windows\System\LtThVRv.exe
  C:\Windows\System\LtThVRv.exe
  2⤵
  PID:5460
- C:\Windows\System\TxmltVq.exe
  C:\Windows\System\TxmltVq.exe
  2⤵
  PID:5480
- C:\Windows\System\bYSpZpt.exe
  C:\Windows\System\bYSpZpt.exe
  2⤵
  PID:5500
- C:\Windows\System\dljMhWP.exe
  C:\Windows\System\dljMhWP.exe
  2⤵
  PID:5520
- C:\Windows\System\QnCzgsa.exe
  C:\Windows\System\QnCzgsa.exe
  2⤵
  PID:5540
- C:\Windows\System\MyzAvmR.exe
  C:\Windows\System\MyzAvmR.exe
  2⤵
  PID:5560
- C:\Windows\System\AsTKCHR.exe
  C:\Windows\System\AsTKCHR.exe
  2⤵
  PID:5576
- C:\Windows\System\XlNPzah.exe
  C:\Windows\System\XlNPzah.exe
  2⤵
  PID:5596
- C:\Windows\System\thFJlmG.exe
  C:\Windows\System\thFJlmG.exe
  2⤵
  PID:5616
- C:\Windows\System\AvOFoeb.exe
  C:\Windows\System\AvOFoeb.exe
  2⤵
  PID:5632
- C:\Windows\System\tIPMWYi.exe
  C:\Windows\System\tIPMWYi.exe
  2⤵
  PID:5656
- C:\Windows\System\PaNPcyG.exe
  C:\Windows\System\PaNPcyG.exe
  2⤵
  PID:5676
- C:\Windows\System\zxFwuVN.exe
  C:\Windows\System\zxFwuVN.exe
  2⤵
  PID:5692
- C:\Windows\System\ErergJE.exe
  C:\Windows\System\ErergJE.exe
  2⤵
  PID:5708
- C:\Windows\System\VlvXhak.exe
  C:\Windows\System\VlvXhak.exe
  2⤵
  PID:5724
- C:\Windows\System\eqrmFpr.exe
  C:\Windows\System\eqrmFpr.exe
  2⤵
  PID:5740
- C:\Windows\System\qYNWWaZ.exe
  C:\Windows\System\qYNWWaZ.exe
  2⤵
  PID:5756
- C:\Windows\System\lXkDRhb.exe
  C:\Windows\System\lXkDRhb.exe
  2⤵
  PID:5772
- C:\Windows\System\NGPUtda.exe
  C:\Windows\System\NGPUtda.exe
  2⤵
  PID:5796
- C:\Windows\System\oWkUYbw.exe
  C:\Windows\System\oWkUYbw.exe
  2⤵
  PID:5824
- C:\Windows\System\fIDYlZu.exe
  C:\Windows\System\fIDYlZu.exe
  2⤵
  PID:5840
- C:\Windows\System\kxdxNgX.exe
  C:\Windows\System\kxdxNgX.exe
  2⤵
  PID:5876
- C:\Windows\System\pcpkjnl.exe
  C:\Windows\System\pcpkjnl.exe
  2⤵
  PID:5892
- C:\Windows\System\bfXfjlN.exe
  C:\Windows\System\bfXfjlN.exe
  2⤵
  PID:5908
- C:\Windows\System\PksnGjb.exe
  C:\Windows\System\PksnGjb.exe
  2⤵
  PID:5932
- C:\Windows\System\VXrCaBJ.exe
  C:\Windows\System\VXrCaBJ.exe
  2⤵
  PID:5952
- C:\Windows\System\rEnDXAN.exe
  C:\Windows\System\rEnDXAN.exe
  2⤵
  PID:5976
- C:\Windows\System\GLAWbSe.exe
  C:\Windows\System\GLAWbSe.exe
  2⤵
  PID:5992
- C:\Windows\System\iakyyOA.exe
  C:\Windows\System\iakyyOA.exe
  2⤵
  PID:6012
- C:\Windows\System\svPjioX.exe
  C:\Windows\System\svPjioX.exe
  2⤵
  PID:6028
- C:\Windows\System\mAvGuoq.exe
  C:\Windows\System\mAvGuoq.exe
  2⤵
  PID:6048
- C:\Windows\System\clxTaWW.exe
  C:\Windows\System\clxTaWW.exe
  2⤵
  PID:6068
- C:\Windows\System\HGbEAml.exe
  C:\Windows\System\HGbEAml.exe
  2⤵
  PID:6092
- C:\Windows\System\SjGYuiK.exe
  C:\Windows\System\SjGYuiK.exe
  2⤵
  PID:6116
- C:\Windows\System\zihDjwR.exe
  C:\Windows\System\zihDjwR.exe
  2⤵
  PID:6136
- C:\Windows\System\HvAiGzK.exe
  C:\Windows\System\HvAiGzK.exe
  2⤵
  PID:4244
- C:\Windows\System\EVUEeKU.exe
  C:\Windows\System\EVUEeKU.exe
  2⤵
  PID:4624
- C:\Windows\System\pYfkDVN.exe
  C:\Windows\System\pYfkDVN.exe
  2⤵
  PID:2128
- C:\Windows\System\gHXYbxf.exe
  C:\Windows\System\gHXYbxf.exe
  2⤵
  PID:5052
- C:\Windows\System\bhSPJST.exe
  C:\Windows\System\bhSPJST.exe
  2⤵
  PID:2080
- C:\Windows\System\kRjGlbZ.exe
  C:\Windows\System\kRjGlbZ.exe
  2⤵
  PID:3596
- C:\Windows\System\OBWqWWx.exe
  C:\Windows\System\OBWqWWx.exe
  2⤵
  PID:5096
- C:\Windows\System\PxlLZmt.exe
  C:\Windows\System\PxlLZmt.exe
  2⤵
  PID:4812
- C:\Windows\System\qnPwgCU.exe
  C:\Windows\System\qnPwgCU.exe
  2⤵
  PID:5032
- C:\Windows\System\etHHCMJ.exe
  C:\Windows\System\etHHCMJ.exe
  2⤵
  PID:4956
- C:\Windows\System\nPMCwXB.exe
  C:\Windows\System\nPMCwXB.exe
  2⤵
  PID:5184
- C:\Windows\System\dTijFZE.exe
  C:\Windows\System\dTijFZE.exe
  2⤵
  PID:5172
- C:\Windows\System\OyFDIzo.exe
  C:\Windows\System\OyFDIzo.exe
  2⤵
  PID:5124
- C:\Windows\System\mpPGFGT.exe
  C:\Windows\System\mpPGFGT.exe
  2⤵
  PID:5196
- C:\Windows\System\SROghCg.exe
  C:\Windows\System\SROghCg.exe
  2⤵
  PID:5208
- C:\Windows\System\kHwuJfs.exe
  C:\Windows\System\kHwuJfs.exe
  2⤵
  PID:5232
- C:\Windows\System\jCsPKMA.exe
  C:\Windows\System\jCsPKMA.exe
  2⤵
  PID:5292
- C:\Windows\System\DdfpySl.exe
  C:\Windows\System\DdfpySl.exe
  2⤵
  PID:5268
- C:\Windows\System\BGezYYu.exe
  C:\Windows\System\BGezYYu.exe
  2⤵
  PID:5376
- C:\Windows\System\SksumZN.exe
  C:\Windows\System\SksumZN.exe
  2⤵
  PID:2476
- C:\Windows\System\UIAZjFj.exe
  C:\Windows\System\UIAZjFj.exe
  2⤵
  PID:5496
- C:\Windows\System\swbwQDd.exe
  C:\Windows\System\swbwQDd.exe
  2⤵
  PID:5348
- C:\Windows\System\JKAORie.exe
  C:\Windows\System\JKAORie.exe
  2⤵
  PID:5432
- C:\Windows\System\xMxKrnT.exe
  C:\Windows\System\xMxKrnT.exe
  2⤵
  PID:5572
- C:\Windows\System\GtVrVwP.exe
  C:\Windows\System\GtVrVwP.exe
  2⤵
  PID:5612
- C:\Windows\System\kAdXKPB.exe
  C:\Windows\System\kAdXKPB.exe
  2⤵
  PID:5648
- C:\Windows\System\fUSOCKf.exe
  C:\Windows\System\fUSOCKf.exe
  2⤵
  PID:5552
- C:\Windows\System\jgcvvYf.exe
  C:\Windows\System\jgcvvYf.exe
  2⤵
  PID:5584
- C:\Windows\System\ZkeQlXt.exe
  C:\Windows\System\ZkeQlXt.exe
  2⤵
  PID:5720
- C:\Windows\System\krYMglI.exe
  C:\Windows\System\krYMglI.exe
  2⤵
  PID:5784
- C:\Windows\System\mYrRSMI.exe
  C:\Windows\System\mYrRSMI.exe
  2⤵
  PID:5668
- C:\Windows\System\UBJkJjW.exe
  C:\Windows\System\UBJkJjW.exe
  2⤵
  PID:5916
- C:\Windows\System\xJFlwBN.exe
  C:\Windows\System\xJFlwBN.exe
  2⤵
  PID:5804
- C:\Windows\System\gKcrQpB.exe
  C:\Windows\System\gKcrQpB.exe
  2⤵
  PID:5672
- C:\Windows\System\ysxMrTp.exe
  C:\Windows\System\ysxMrTp.exe
  2⤵
  PID:5704
- C:\Windows\System\hitECWz.exe
  C:\Windows\System\hitECWz.exe
  2⤵
  PID:5852
- C:\Windows\System\IGvaCVy.exe
  C:\Windows\System\IGvaCVy.exe
  2⤵
  PID:5964
- C:\Windows\System\ZGYDgTX.exe
  C:\Windows\System\ZGYDgTX.exe
  2⤵
  PID:6008
- C:\Windows\System\gCKwXYy.exe
  C:\Windows\System\gCKwXYy.exe
  2⤵
  PID:6080
- C:\Windows\System\cyOlQeZ.exe
  C:\Windows\System\cyOlQeZ.exe
  2⤵
  PID:5872
- C:\Windows\System\HCPJjfB.exe
  C:\Windows\System\HCPJjfB.exe
  2⤵
  PID:2852
- C:\Windows\System\weRcifx.exe
  C:\Windows\System\weRcifx.exe
  2⤵
  PID:6024
- C:\Windows\System\vjFCQSL.exe
  C:\Windows\System\vjFCQSL.exe
  2⤵
  PID:2880
- C:\Windows\System\uYYMqVA.exe
  C:\Windows\System\uYYMqVA.exe
  2⤵
  PID:6100
- C:\Windows\System\uKyTTxo.exe
  C:\Windows\System\uKyTTxo.exe
  2⤵
  PID:5080
- C:\Windows\System\NTjbkNE.exe
  C:\Windows\System\NTjbkNE.exe
  2⤵
  PID:4192
- C:\Windows\System\TtAoKqo.exe
  C:\Windows\System\TtAoKqo.exe
  2⤵
  PID:4292
- C:\Windows\System\iMZiduj.exe
  C:\Windows\System\iMZiduj.exe
  2⤵
  PID:2216
- C:\Windows\System\kglZrpi.exe
  C:\Windows\System\kglZrpi.exe
  2⤵
  PID:4488
- C:\Windows\System\jLsqBRg.exe
  C:\Windows\System\jLsqBRg.exe
  2⤵
  PID:4648
- C:\Windows\System\yuPeVqr.exe
  C:\Windows\System\yuPeVqr.exe
  2⤵
  PID:4848
- C:\Windows\System\qNaLBrc.exe
  C:\Windows\System\qNaLBrc.exe
  2⤵
  PID:4344
- C:\Windows\System\cEvZyPS.exe
  C:\Windows\System\cEvZyPS.exe
  2⤵
  PID:5220
- C:\Windows\System\iLGighz.exe
  C:\Windows\System\iLGighz.exe
  2⤵
  PID:5272
- C:\Windows\System\BeCAyWU.exe
  C:\Windows\System\BeCAyWU.exe
  2⤵
  PID:5332
- C:\Windows\System\FqUFtAT.exe
  C:\Windows\System\FqUFtAT.exe
  2⤵
  PID:5352
- C:\Windows\System\sDTflTs.exe
  C:\Windows\System\sDTflTs.exe
  2⤵
  PID:5356
- C:\Windows\System\cEsydEE.exe
  C:\Windows\System\cEsydEE.exe
  2⤵
  PID:5536
- C:\Windows\System\kWvsNzC.exe
  C:\Windows\System\kWvsNzC.exe
  2⤵
  PID:5396
- C:\Windows\System\KJXHbIp.exe
  C:\Windows\System\KJXHbIp.exe
  2⤵
  PID:4312
- C:\Windows\System\nodaftJ.exe
  C:\Windows\System\nodaftJ.exe
  2⤵
  PID:5588
- C:\Windows\System\WztOrer.exe
  C:\Windows\System\WztOrer.exe
  2⤵
  PID:5716
- C:\Windows\System\IDJlBqQ.exe
  C:\Windows\System\IDJlBqQ.exe
  2⤵
  PID:5780
- C:\Windows\System\qpkFZBz.exe
  C:\Windows\System\qpkFZBz.exe
  2⤵
  PID:5820
- C:\Windows\System\rlKtLEE.exe
  C:\Windows\System\rlKtLEE.exe
  2⤵
  PID:5856
- C:\Windows\System\PfSrZWV.exe
  C:\Windows\System\PfSrZWV.exe
  2⤵
  PID:5768
- C:\Windows\System\CCmxqST.exe
  C:\Windows\System\CCmxqST.exe
  2⤵
  PID:6004
- C:\Windows\System\YQvOgEo.exe
  C:\Windows\System\YQvOgEo.exe
  2⤵
  PID:5940
- C:\Windows\System\iFsFPcd.exe
  C:\Windows\System\iFsFPcd.exe
  2⤵
  PID:5900
- C:\Windows\System\FESHhrv.exe
  C:\Windows\System\FESHhrv.exe
  2⤵
  PID:5984
- C:\Windows\System\MXPwMfu.exe
  C:\Windows\System\MXPwMfu.exe
  2⤵
  PID:6060
- C:\Windows\System\asCkoSw.exe
  C:\Windows\System\asCkoSw.exe
  2⤵
  PID:4248
- C:\Windows\System\gWqSjxi.exe
  C:\Windows\System\gWqSjxi.exe
  2⤵
  PID:4408
- C:\Windows\System\TTGELMQ.exe
  C:\Windows\System\TTGELMQ.exe
  2⤵
  PID:4032
- C:\Windows\System\ONejuzo.exe
  C:\Windows\System\ONejuzo.exe
  2⤵
  PID:2788
- C:\Windows\System\fUShfvM.exe
  C:\Windows\System\fUShfvM.exe
  2⤵
  PID:5336
- C:\Windows\System\KOdlrtH.exe
  C:\Windows\System\KOdlrtH.exe
  2⤵
  PID:3452
- C:\Windows\System\sjWcDFn.exe
  C:\Windows\System\sjWcDFn.exe
  2⤵
  PID:5216
- C:\Windows\System\fUoXPkM.exe
  C:\Windows\System\fUoXPkM.exe
  2⤵
  PID:5640
- C:\Windows\System\zXXXMTu.exe
  C:\Windows\System\zXXXMTu.exe
  2⤵
  PID:872
- C:\Windows\System\jqMyfeJ.exe
  C:\Windows\System\jqMyfeJ.exe
  2⤵
  PID:5508
- C:\Windows\System\RXcyxNx.exe
  C:\Windows\System\RXcyxNx.exe
  2⤵
  PID:5308
- C:\Windows\System\qXJcAvw.exe
  C:\Windows\System\qXJcAvw.exe
  2⤵
  PID:2828
- C:\Windows\System\STTxMJS.exe
  C:\Windows\System\STTxMJS.exe
  2⤵
  PID:5684
- C:\Windows\System\DApepiV.exe
  C:\Windows\System\DApepiV.exe
  2⤵
  PID:5732
- C:\Windows\System\VcsxcEx.exe
  C:\Windows\System\VcsxcEx.exe
  2⤵
  PID:5816
- C:\Windows\System\eYwXzCL.exe
  C:\Windows\System\eYwXzCL.exe
  2⤵
  PID:6124
- C:\Windows\System\jiAJZpk.exe
  C:\Windows\System\jiAJZpk.exe
  2⤵
  PID:6108
- C:\Windows\System\zlionBb.exe
  C:\Windows\System\zlionBb.exe
  2⤵
  PID:2356
- C:\Windows\System\SbgxhLF.exe
  C:\Windows\System\SbgxhLF.exe
  2⤵
  PID:6056
- C:\Windows\System\shxFrML.exe
  C:\Windows\System\shxFrML.exe
  2⤵
  PID:6160
- C:\Windows\System\QjniRPe.exe
  C:\Windows\System\QjniRPe.exe
  2⤵
  PID:6176
- C:\Windows\System\TDZAkbP.exe
  C:\Windows\System\TDZAkbP.exe
  2⤵
  PID:6200
- C:\Windows\System\GwrvDNk.exe
  C:\Windows\System\GwrvDNk.exe
  2⤵
  PID:6224
- C:\Windows\System\ZsFvetp.exe
  C:\Windows\System\ZsFvetp.exe
  2⤵
  PID:6260
- C:\Windows\System\MHEaewS.exe
  C:\Windows\System\MHEaewS.exe
  2⤵
  PID:6280
- C:\Windows\System\yUyunoM.exe
  C:\Windows\System\yUyunoM.exe
  2⤵
  PID:6296
- C:\Windows\System\wjCFVJD.exe
  C:\Windows\System\wjCFVJD.exe
  2⤵
  PID:6316
- C:\Windows\System\VuKxKNF.exe
  C:\Windows\System\VuKxKNF.exe
  2⤵
  PID:6336
- C:\Windows\System\gCmeDmb.exe
  C:\Windows\System\gCmeDmb.exe
  2⤵
  PID:6356
- C:\Windows\System\IJlcCbG.exe
  C:\Windows\System\IJlcCbG.exe
  2⤵
  PID:6376
- C:\Windows\System\XmWehis.exe
  C:\Windows\System\XmWehis.exe
  2⤵
  PID:6396
- C:\Windows\System\oLumUxU.exe
  C:\Windows\System\oLumUxU.exe
  2⤵
  PID:6416
- C:\Windows\System\nKRHAkL.exe
  C:\Windows\System\nKRHAkL.exe
  2⤵
  PID:6436
- C:\Windows\System\ZpnbWCC.exe
  C:\Windows\System\ZpnbWCC.exe
  2⤵
  PID:6456
- C:\Windows\System\RgFfJcX.exe
  C:\Windows\System\RgFfJcX.exe
  2⤵
  PID:6472
- C:\Windows\System\ftfBJUZ.exe
  C:\Windows\System\ftfBJUZ.exe
  2⤵
  PID:6492
- C:\Windows\System\ciAAqSJ.exe
  C:\Windows\System\ciAAqSJ.exe
  2⤵
  PID:6516
- C:\Windows\System\Nzoqncj.exe
  C:\Windows\System\Nzoqncj.exe
  2⤵
  PID:6536
- C:\Windows\System\mRgtdpu.exe
  C:\Windows\System\mRgtdpu.exe
  2⤵
  PID:6556
- C:\Windows\System\kMQQRpn.exe
  C:\Windows\System\kMQQRpn.exe
  2⤵
  PID:6576
- C:\Windows\System\GGzeLBP.exe
  C:\Windows\System\GGzeLBP.exe
  2⤵
  PID:6592
- C:\Windows\System\dwhGylP.exe
  C:\Windows\System\dwhGylP.exe
  2⤵
  PID:6616
- C:\Windows\System\DjJSzwK.exe
  C:\Windows\System\DjJSzwK.exe
  2⤵
  PID:6640
- C:\Windows\System\ynMEtdz.exe
  C:\Windows\System\ynMEtdz.exe
  2⤵
  PID:6660
- C:\Windows\System\lIziWob.exe
  C:\Windows\System\lIziWob.exe
  2⤵
  PID:6684
- C:\Windows\System\AnghbnG.exe
  C:\Windows\System\AnghbnG.exe
  2⤵
  PID:6700
- C:\Windows\System\jJnZlMM.exe
  C:\Windows\System\jJnZlMM.exe
  2⤵
  PID:6720
- C:\Windows\System\JPSFXyy.exe
  C:\Windows\System\JPSFXyy.exe
  2⤵
  PID:6740
- C:\Windows\System\nVBtYPn.exe
  C:\Windows\System\nVBtYPn.exe
  2⤵
  PID:6764
- C:\Windows\System\IHNYvyj.exe
  C:\Windows\System\IHNYvyj.exe
  2⤵
  PID:6780
- C:\Windows\System\GnhAEKz.exe
  C:\Windows\System\GnhAEKz.exe
  2⤵
  PID:6800
- C:\Windows\System\CBZJbEi.exe
  C:\Windows\System\CBZJbEi.exe
  2⤵
  PID:6820
- C:\Windows\System\AxlwOFt.exe
  C:\Windows\System\AxlwOFt.exe
  2⤵
  PID:6840
- C:\Windows\System\mxGTDeH.exe
  C:\Windows\System\mxGTDeH.exe
  2⤵
  PID:6860
- C:\Windows\System\YYKJdby.exe
  C:\Windows\System\YYKJdby.exe
  2⤵
  PID:6884
- C:\Windows\System\DvJNBVQ.exe
  C:\Windows\System\DvJNBVQ.exe
  2⤵
  PID:6900
- C:\Windows\System\ESEqBGd.exe
  C:\Windows\System\ESEqBGd.exe
  2⤵
  PID:6920
- C:\Windows\System\ChmUjSn.exe
  C:\Windows\System\ChmUjSn.exe
  2⤵
  PID:6940
- C:\Windows\System\JFgANiQ.exe
  C:\Windows\System\JFgANiQ.exe
  2⤵
  PID:6956
- C:\Windows\System\kXcuNwd.exe
  C:\Windows\System\kXcuNwd.exe
  2⤵
  PID:6976
- C:\Windows\System\hotJoNC.exe
  C:\Windows\System\hotJoNC.exe
  2⤵
  PID:7000
- C:\Windows\System\ciKiWaL.exe
  C:\Windows\System\ciKiWaL.exe
  2⤵
  PID:7020
- C:\Windows\System\TinEVhU.exe
  C:\Windows\System\TinEVhU.exe
  2⤵
  PID:7040
- C:\Windows\System\uKMZkwl.exe
  C:\Windows\System\uKMZkwl.exe
  2⤵
  PID:7060
- C:\Windows\System\JQEQohd.exe
  C:\Windows\System\JQEQohd.exe
  2⤵
  PID:7084
- C:\Windows\System\JRYEJgV.exe
  C:\Windows\System\JRYEJgV.exe
  2⤵
  PID:7104
- C:\Windows\System\nZgkXDy.exe
  C:\Windows\System\nZgkXDy.exe
  2⤵
  PID:7124
- C:\Windows\System\UlDkYvH.exe
  C:\Windows\System\UlDkYvH.exe
  2⤵
  PID:7144
- C:\Windows\System\FHZAtip.exe
  C:\Windows\System\FHZAtip.exe
  2⤵
  PID:7164
- C:\Windows\System\VIiZQCG.exe
  C:\Windows\System\VIiZQCG.exe
  2⤵
  PID:2240
- C:\Windows\System\gcpCQhp.exe
  C:\Windows\System\gcpCQhp.exe
  2⤵
  PID:5476
- C:\Windows\System\dAyjnpP.exe
  C:\Windows\System\dAyjnpP.exe
  2⤵
  PID:6084
- C:\Windows\System\xVKTJWL.exe
  C:\Windows\System\xVKTJWL.exe
  2⤵
  PID:5848
- C:\Windows\System\xcDtvwb.exe
  C:\Windows\System\xcDtvwb.exe
  2⤵
  PID:5144
- C:\Windows\System\DBSKKUM.exe
  C:\Windows\System\DBSKKUM.exe
  2⤵
  PID:4272
- C:\Windows\System\ovnyoSP.exe
  C:\Windows\System\ovnyoSP.exe
  2⤵
  PID:5548
- C:\Windows\System\oydcRDw.exe
  C:\Windows\System\oydcRDw.exe
  2⤵
  PID:5392
- C:\Windows\System\RdeGpKK.exe
  C:\Windows\System\RdeGpKK.exe
  2⤵
  PID:6212
- C:\Windows\System\GcsSgmb.exe
  C:\Windows\System\GcsSgmb.exe
  2⤵
  PID:2444
- C:\Windows\System\YTsefmy.exe
  C:\Windows\System\YTsefmy.exe
  2⤵
  PID:6312
- C:\Windows\System\dmoxtWA.exe
  C:\Windows\System\dmoxtWA.exe
  2⤵
  PID:6192
- C:\Windows\System\ytReNAo.exe
  C:\Windows\System\ytReNAo.exe
  2⤵
  PID:6184
- C:\Windows\System\QqjQaJT.exe
  C:\Windows\System\QqjQaJT.exe
  2⤵
  PID:3008
- C:\Windows\System\SBisvHn.exe
  C:\Windows\System\SBisvHn.exe
  2⤵
  PID:6248
- C:\Windows\System\GkpJHCm.exe
  C:\Windows\System\GkpJHCm.exe
  2⤵
  PID:6292
- C:\Windows\System\ysYCkaA.exe
  C:\Windows\System\ysYCkaA.exe
  2⤵
  PID:6432
- C:\Windows\System\XsVJBHS.exe
  C:\Windows\System\XsVJBHS.exe
  2⤵
  PID:6332
- C:\Windows\System\rZvzCWs.exe
  C:\Windows\System\rZvzCWs.exe
  2⤵
  PID:6404
- C:\Windows\System\NDoSpkI.exe
  C:\Windows\System\NDoSpkI.exe
  2⤵
  PID:6512
- C:\Windows\System\laWvdhf.exe
  C:\Windows\System\laWvdhf.exe
  2⤵
  PID:6552
- C:\Windows\System\UIdIARo.exe
  C:\Windows\System\UIdIARo.exe
  2⤵
  PID:6448
- C:\Windows\System\yyKCREF.exe
  C:\Windows\System\yyKCREF.exe
  2⤵
  PID:2308
- C:\Windows\System\suZBGeS.exe
  C:\Windows\System\suZBGeS.exe
  2⤵
  PID:6636
- C:\Windows\System\wwrskwQ.exe
  C:\Windows\System\wwrskwQ.exe
  2⤵
  PID:6608
- C:\Windows\System\uKaRbiX.exe
  C:\Windows\System\uKaRbiX.exe
  2⤵
  PID:6652
- C:\Windows\System\TIriDFI.exe
  C:\Windows\System\TIriDFI.exe
  2⤵
  PID:6716
- C:\Windows\System\WDJbFxb.exe
  C:\Windows\System\WDJbFxb.exe
  2⤵
  PID:1624
- C:\Windows\System\YHqWtbT.exe
  C:\Windows\System\YHqWtbT.exe
  2⤵
  PID:6692
- C:\Windows\System\aPTQRtN.exe
  C:\Windows\System\aPTQRtN.exe
  2⤵
  PID:6792
- C:\Windows\System\JvbwFot.exe
  C:\Windows\System\JvbwFot.exe
  2⤵
  PID:6732
- C:\Windows\System\wfKRhYW.exe
  C:\Windows\System\wfKRhYW.exe
  2⤵
  PID:1784
- C:\Windows\System\JNEfZPw.exe
  C:\Windows\System\JNEfZPw.exe
  2⤵
  PID:2772
- C:\Windows\System\RuMjqeS.exe
  C:\Windows\System\RuMjqeS.exe
  2⤵
  PID:2904
- C:\Windows\System\xsQmdYJ.exe
  C:\Windows\System\xsQmdYJ.exe
  2⤵
  PID:6848
- C:\Windows\System\LOHhawl.exe
  C:\Windows\System\LOHhawl.exe
  2⤵
  PID:6892
- C:\Windows\System\fMDjAeW.exe
  C:\Windows\System\fMDjAeW.exe
  2⤵
  PID:6996
- C:\Windows\System\nZHVKKC.exe
  C:\Windows\System\nZHVKKC.exe
  2⤵
  PID:6928
- C:\Windows\System\zWziFig.exe
  C:\Windows\System\zWziFig.exe
  2⤵
  PID:7008
- C:\Windows\System\CaCWjGj.exe
  C:\Windows\System\CaCWjGj.exe
  2⤵
  PID:7036
- C:\Windows\System\sDGoujw.exe
  C:\Windows\System\sDGoujw.exe
  2⤵
  PID:7080
- C:\Windows\System\aqaUrpR.exe
  C:\Windows\System\aqaUrpR.exe
  2⤵
  PID:7052
- C:\Windows\System\ckGXmtu.exe
  C:\Windows\System\ckGXmtu.exe
  2⤵
  PID:7120
- C:\Windows\System\YBLHsST.exe
  C:\Windows\System\YBLHsST.exe
  2⤵
  PID:7152
- C:\Windows\System\aiSpIla.exe
  C:\Windows\System\aiSpIla.exe
  2⤵
  PID:5368
- C:\Windows\System\rwOomaJ.exe
  C:\Windows\System\rwOomaJ.exe
  2⤵
  PID:4996
- C:\Windows\System\xXeehKL.exe
  C:\Windows\System\xXeehKL.exe
  2⤵
  PID:5904
- C:\Windows\System\rkPBurF.exe
  C:\Windows\System\rkPBurF.exe
  2⤵
  PID:4460
- C:\Windows\System\kqvmASP.exe
  C:\Windows\System\kqvmASP.exe
  2⤵
  PID:5812
- C:\Windows\System\XopgLhK.exe
  C:\Windows\System\XopgLhK.exe
  2⤵
  PID:6152
- C:\Windows\System\hFKOLMT.exe
  C:\Windows\System\hFKOLMT.exe
  2⤵
  PID:6348
- C:\Windows\System\uEFVThY.exe
  C:\Windows\System\uEFVThY.exe
  2⤵
  PID:6272
- C:\Windows\System\CJNDjVP.exe
  C:\Windows\System\CJNDjVP.exe
  2⤵
  PID:4404
- C:\Windows\System\OtQvfhW.exe
  C:\Windows\System\OtQvfhW.exe
  2⤵
  PID:6288
- C:\Windows\System\fbJXEMY.exe
  C:\Windows\System\fbJXEMY.exe
  2⤵
  PID:6364
- C:\Windows\System\MrmDPiY.exe
  C:\Windows\System\MrmDPiY.exe
  2⤵
  PID:6372
- C:\Windows\System\lQxZDGa.exe
  C:\Windows\System\lQxZDGa.exe
  2⤵
  PID:6480
- C:\Windows\System\DLDdILn.exe
  C:\Windows\System\DLDdILn.exe
  2⤵
  PID:6544
- C:\Windows\System\LOtcxYb.exe
  C:\Windows\System\LOtcxYb.exe
  2⤵
  PID:6532
- C:\Windows\System\LCedKPh.exe
  C:\Windows\System\LCedKPh.exe
  2⤵
  PID:6604
- C:\Windows\System\fnMHQZw.exe
  C:\Windows\System\fnMHQZw.exe
  2⤵
  PID:6760
- C:\Windows\System\cJgCnFH.exe
  C:\Windows\System\cJgCnFH.exe
  2⤵
  PID:6708
- C:\Windows\System\WAupKRn.exe
  C:\Windows\System\WAupKRn.exe
  2⤵
  PID:2196
- C:\Windows\System\CarTSrX.exe
  C:\Windows\System\CarTSrX.exe
  2⤵
  PID:6832
- C:\Windows\System\kSQYijy.exe
  C:\Windows\System\kSQYijy.exe
  2⤵
  PID:2260
- C:\Windows\System\VpSfdLX.exe
  C:\Windows\System\VpSfdLX.exe
  2⤵
  PID:2480
- C:\Windows\System\mZpyoxE.exe
  C:\Windows\System\mZpyoxE.exe
  2⤵
  PID:2200
- C:\Windows\System\XbWEbkm.exe
  C:\Windows\System\XbWEbkm.exe
  2⤵
  PID:6988
- C:\Windows\System\MNAMzsW.exe
  C:\Windows\System\MNAMzsW.exe
  2⤵
  PID:6972
- C:\Windows\System\EBQbUxJ.exe
  C:\Windows\System\EBQbUxJ.exe
  2⤵
  PID:1080
- C:\Windows\System\sKLoYPC.exe
  C:\Windows\System\sKLoYPC.exe
  2⤵
  PID:6624
- C:\Windows\System\oEyvZKC.exe
  C:\Windows\System\oEyvZKC.exe
  2⤵
  PID:7140
- C:\Windows\System\SoYDyWd.exe
  C:\Windows\System\SoYDyWd.exe
  2⤵
  PID:2840
- C:\Windows\System\FXnXvVg.exe
  C:\Windows\System\FXnXvVg.exe
  2⤵
  PID:3016
- C:\Windows\System\BnpvFFD.exe
  C:\Windows\System\BnpvFFD.exe
  2⤵
  PID:6276
- C:\Windows\System\yKgISKH.exe
  C:\Windows\System\yKgISKH.exe
  2⤵
  PID:6352
- C:\Windows\System\ObjDSoF.exe
  C:\Windows\System\ObjDSoF.exe
  2⤵
  PID:6256
- C:\Windows\System\RXfxMfU.exe
  C:\Windows\System\RXfxMfU.exe
  2⤵
  PID:6388
- C:\Windows\System\eAjsXjQ.exe
  C:\Windows\System\eAjsXjQ.exe
  2⤵
  PID:6328
- C:\Windows\System\KpqEYfz.exe
  C:\Windows\System\KpqEYfz.exe
  2⤵
  PID:6648
- C:\Windows\System\DiIOywc.exe
  C:\Windows\System\DiIOywc.exe
  2⤵
  PID:4484
- C:\Windows\System\cLakfCo.exe
  C:\Windows\System\cLakfCo.exe
  2⤵
  PID:6672
- C:\Windows\System\ETuZRmG.exe
  C:\Windows\System\ETuZRmG.exe
  2⤵
  PID:6736
- C:\Windows\System\lvJount.exe
  C:\Windows\System\lvJount.exe
  2⤵
  PID:6796
- C:\Windows\System\CHsYrXH.exe
  C:\Windows\System\CHsYrXH.exe
  2⤵
  PID:6656
- C:\Windows\System\LikqlrH.exe
  C:\Windows\System\LikqlrH.exe
  2⤵
  PID:6856
- C:\Windows\System\EeUPPYT.exe
  C:\Windows\System\EeUPPYT.exe
  2⤵
  PID:6952
- C:\Windows\System\CxvHikr.exe
  C:\Windows\System\CxvHikr.exe
  2⤵
  PID:1684
- C:\Windows\System\shKWwMp.exe
  C:\Windows\System\shKWwMp.exe
  2⤵
  PID:7096
- C:\Windows\System\GgxwMUR.exe
  C:\Windows\System\GgxwMUR.exe
  2⤵
  PID:5252
- C:\Windows\System\CndjntD.exe
  C:\Windows\System\CndjntD.exe
  2⤵
  PID:2752
- C:\Windows\System\IlyGEwX.exe
  C:\Windows\System\IlyGEwX.exe
  2⤵
  PID:6076
- C:\Windows\System\lwYgbcF.exe
  C:\Windows\System\lwYgbcF.exe
  2⤵
  PID:6148
- C:\Windows\System\OTAXmko.exe
  C:\Windows\System\OTAXmko.exe
  2⤵
  PID:6484
- C:\Windows\System\MgRTNIp.exe
  C:\Windows\System\MgRTNIp.exe
  2⤵
  PID:6368
- C:\Windows\System\tsYmMPH.exe
  C:\Windows\System\tsYmMPH.exe
  2⤵
  PID:5188
- C:\Windows\System\HwMDYtE.exe
  C:\Windows\System\HwMDYtE.exe
  2⤵
  PID:6412
- C:\Windows\System\BGKkLcu.exe
  C:\Windows\System\BGKkLcu.exe
  2⤵
  PID:6880
- C:\Windows\System\auhtHJq.exe
  C:\Windows\System\auhtHJq.exe
  2⤵
  PID:3044
- C:\Windows\System\bPfBHqe.exe
  C:\Windows\System\bPfBHqe.exe
  2⤵
  PID:672
- C:\Windows\System\zHXdGRN.exe
  C:\Windows\System\zHXdGRN.exe
  2⤵
  PID:1572
- C:\Windows\System\mTWBQUF.exe
  C:\Windows\System\mTWBQUF.exe
  2⤵
  PID:7068
- C:\Windows\System\OVhkQLl.exe
  C:\Windows\System\OVhkQLl.exe
  2⤵
  PID:2468
- C:\Windows\System\EMElfKQ.exe
  C:\Windows\System\EMElfKQ.exe
  2⤵
  PID:7092
- C:\Windows\System\nsNIqGF.exe
  C:\Windows\System\nsNIqGF.exe
  2⤵
  PID:7100
- C:\Windows\System\CGTTYaL.exe
  C:\Windows\System\CGTTYaL.exe
  2⤵
  PID:6168
- C:\Windows\System\zfbDmsx.exe
  C:\Windows\System\zfbDmsx.exe
  2⤵
  PID:6424
- C:\Windows\System\BGebLnQ.exe
  C:\Windows\System\BGebLnQ.exe
  2⤵
  PID:988
- C:\Windows\System\NwdjBKm.exe
  C:\Windows\System\NwdjBKm.exe
  2⤵
  PID:3780
- C:\Windows\System\EFgLhRV.exe
  C:\Windows\System\EFgLhRV.exe
  2⤵
  PID:6188
- C:\Windows\System\eHdMDIo.exe
  C:\Windows\System\eHdMDIo.exe
  2⤵
  PID:6240
- C:\Windows\System\AbSGxiO.exe
  C:\Windows\System\AbSGxiO.exe
  2⤵
  PID:2928
- C:\Windows\System\xsuHSae.exe
  C:\Windows\System\xsuHSae.exe
  2⤵
  PID:2696
- C:\Windows\System\XnznpgG.exe
  C:\Windows\System\XnznpgG.exe
  2⤵
  PID:1808
- C:\Windows\System\aXDVCtA.exe
  C:\Windows\System\aXDVCtA.exe
  2⤵
  PID:1504
- C:\Windows\System\IfGumMX.exe
  C:\Windows\System\IfGumMX.exe
  2⤵
  PID:1936
- C:\Windows\System\vjuePSz.exe
  C:\Windows\System\vjuePSz.exe
  2⤵
  PID:1484
- C:\Windows\System\riTQujK.exe
  C:\Windows\System\riTQujK.exe
  2⤵
  PID:1520
- C:\Windows\System\ljFsuts.exe
  C:\Windows\System\ljFsuts.exe
  2⤵
  PID:1044
- C:\Windows\System\VKNlHdH.exe
  C:\Windows\System\VKNlHdH.exe
  2⤵
  PID:2792
- C:\Windows\System\vwUeuKB.exe
  C:\Windows\System\vwUeuKB.exe
  2⤵
  PID:2224
- C:\Windows\System\ADVLnzq.exe
  C:\Windows\System\ADVLnzq.exe
  2⤵
  PID:108
- C:\Windows\System\ofMlQHH.exe
  C:\Windows\System\ofMlQHH.exe
  2⤵
  PID:7184
- C:\Windows\System\FsFNekE.exe
  C:\Windows\System\FsFNekE.exe
  2⤵
  PID:7200
- C:\Windows\System\qcbJZbY.exe
  C:\Windows\System\qcbJZbY.exe
  2⤵
  PID:7216
- C:\Windows\System\IKQGamK.exe
  C:\Windows\System\IKQGamK.exe
  2⤵
  PID:7236
- C:\Windows\System\XjYqUkL.exe
  C:\Windows\System\XjYqUkL.exe
  2⤵
  PID:7260
- C:\Windows\System\gccjHcx.exe
  C:\Windows\System\gccjHcx.exe
  2⤵
  PID:7280
- C:\Windows\System\byDYaaS.exe
  C:\Windows\System\byDYaaS.exe
  2⤵
  PID:7308
- C:\Windows\System\MkRFpSF.exe
  C:\Windows\System\MkRFpSF.exe
  2⤵
  PID:7328
- C:\Windows\System\CPNzTMc.exe
  C:\Windows\System\CPNzTMc.exe
  2⤵
  PID:7344
- C:\Windows\System\hyyEimQ.exe
  C:\Windows\System\hyyEimQ.exe
  2⤵
  PID:7364
- C:\Windows\System\RKsQXhq.exe
  C:\Windows\System\RKsQXhq.exe
  2⤵
  PID:7380
- C:\Windows\System\xPLbYet.exe
  C:\Windows\System\xPLbYet.exe
  2⤵
  PID:7396
- C:\Windows\System\mcTazda.exe
  C:\Windows\System\mcTazda.exe
  2⤵
  PID:7416
- C:\Windows\System\pxFfpeF.exe
  C:\Windows\System\pxFfpeF.exe
  2⤵
  PID:7436
- C:\Windows\System\ArLbdMr.exe
  C:\Windows\System\ArLbdMr.exe
  2⤵
  PID:7452
- C:\Windows\System\asIEOlX.exe
  C:\Windows\System\asIEOlX.exe
  2⤵
  PID:7472
- C:\Windows\System\mICfEGr.exe
  C:\Windows\System\mICfEGr.exe
  2⤵
  PID:7488
- C:\Windows\System\rUVGhNU.exe
  C:\Windows\System\rUVGhNU.exe
  2⤵
  PID:7504
- C:\Windows\System\QFgFjRs.exe
  C:\Windows\System\QFgFjRs.exe
  2⤵
  PID:7524
- C:\Windows\System\mpDJMAQ.exe
  C:\Windows\System\mpDJMAQ.exe
  2⤵
  PID:7540
- C:\Windows\System\wflHiRq.exe
  C:\Windows\System\wflHiRq.exe
  2⤵
  PID:7560
- C:\Windows\System\UdVPNsE.exe
  C:\Windows\System\UdVPNsE.exe
  2⤵
  PID:7580
- C:\Windows\System\ppYElJC.exe
  C:\Windows\System\ppYElJC.exe
  2⤵
  PID:7596
- C:\Windows\System\IOpjtOu.exe
  C:\Windows\System\IOpjtOu.exe
  2⤵
  PID:7616
- C:\Windows\System\KaGWhxP.exe
  C:\Windows\System\KaGWhxP.exe
  2⤵
  PID:7636
- C:\Windows\System\YVzAEBV.exe
  C:\Windows\System\YVzAEBV.exe
  2⤵
  PID:7656
- C:\Windows\System\FPBGwir.exe
  C:\Windows\System\FPBGwir.exe
  2⤵
  PID:7672
- C:\Windows\System\SlVOTRM.exe
  C:\Windows\System\SlVOTRM.exe
  2⤵
  PID:7728
- C:\Windows\System\RBwExdc.exe
  C:\Windows\System\RBwExdc.exe
  2⤵
  PID:7744
- C:\Windows\System\hjwRNMw.exe
  C:\Windows\System\hjwRNMw.exe
  2⤵
  PID:7760
- C:\Windows\System\HDueRUl.exe
  C:\Windows\System\HDueRUl.exe
  2⤵
  PID:7784
- C:\Windows\System\NOLAVWN.exe
  C:\Windows\System\NOLAVWN.exe
  2⤵
  PID:7800
- C:\Windows\System\lqELYvZ.exe
  C:\Windows\System\lqELYvZ.exe
  2⤵
  PID:7816
- C:\Windows\System\eQnKMfQ.exe
  C:\Windows\System\eQnKMfQ.exe
  2⤵
  PID:7832
- C:\Windows\System\XVQDEmD.exe
  C:\Windows\System\XVQDEmD.exe
  2⤵
  PID:7848
- C:\Windows\System\VpvMObX.exe
  C:\Windows\System\VpvMObX.exe
  2⤵
  PID:7864
- C:\Windows\System\hMTWkqe.exe
  C:\Windows\System\hMTWkqe.exe
  2⤵
  PID:7880
- C:\Windows\System\gQHUHvm.exe
  C:\Windows\System\gQHUHvm.exe
  2⤵
  PID:7896
- C:\Windows\System\ewoUtSP.exe
  C:\Windows\System\ewoUtSP.exe
  2⤵
  PID:7916
- C:\Windows\System\rdfCQrb.exe
  C:\Windows\System\rdfCQrb.exe
  2⤵
  PID:7932
- C:\Windows\System\GUrnPet.exe
  C:\Windows\System\GUrnPet.exe
  2⤵
  PID:7948
- C:\Windows\System\GdjkJTh.exe
  C:\Windows\System\GdjkJTh.exe
  2⤵
  PID:7968
- C:\Windows\System\dtTavww.exe
  C:\Windows\System\dtTavww.exe
  2⤵
  PID:8028
- C:\Windows\System\FHJkqEm.exe
  C:\Windows\System\FHJkqEm.exe
  2⤵
  PID:8052
- C:\Windows\System\zahSjib.exe
  C:\Windows\System\zahSjib.exe
  2⤵
  PID:8068
- C:\Windows\System\EhYNzGl.exe
  C:\Windows\System\EhYNzGl.exe
  2⤵
  PID:8088
- C:\Windows\System\XGQDoQw.exe
  C:\Windows\System\XGQDoQw.exe
  2⤵
  PID:8116
- C:\Windows\System\DlgXoNm.exe
  C:\Windows\System\DlgXoNm.exe
  2⤵
  PID:8132
- C:\Windows\System\RvRmEJq.exe
  C:\Windows\System\RvRmEJq.exe
  2⤵
  PID:8148
- C:\Windows\System\iYKJHgd.exe
  C:\Windows\System\iYKJHgd.exe
  2⤵
  PID:8164
- C:\Windows\System\NRTlSrW.exe
  C:\Windows\System\NRTlSrW.exe
  2⤵
  PID:8180
- C:\Windows\System\hcjjtkE.exe
  C:\Windows\System\hcjjtkE.exe
  2⤵
  PID:1148
- C:\Windows\System\djjpooO.exe
  C:\Windows\System\djjpooO.exe
  2⤵
  PID:6600
- C:\Windows\System\mUJbkWI.exe
  C:\Windows\System\mUJbkWI.exe
  2⤵
  PID:2812
- C:\Windows\System\jMMCnZD.exe
  C:\Windows\System\jMMCnZD.exe
  2⤵
  PID:7208
- C:\Windows\System\RRzeeVX.exe
  C:\Windows\System\RRzeeVX.exe
  2⤵
  PID:7288
- C:\Windows\System\XXdTruM.exe
  C:\Windows\System\XXdTruM.exe
  2⤵
  PID:7304
- C:\Windows\System\GgAFDWo.exe
  C:\Windows\System\GgAFDWo.exe
  2⤵
  PID:7376
- C:\Windows\System\uJKauHk.exe
  C:\Windows\System\uJKauHk.exe
  2⤵
  PID:7444
- C:\Windows\System\QEcLYUd.exe
  C:\Windows\System\QEcLYUd.exe
  2⤵
  PID:7516
- C:\Windows\System\sRXhwaA.exe
  C:\Windows\System\sRXhwaA.exe
  2⤵
  PID:7556
- C:\Windows\System\LvTcWFO.exe
  C:\Windows\System\LvTcWFO.exe
  2⤵
  PID:484
- C:\Windows\System\kgctyZC.exe
  C:\Windows\System\kgctyZC.exe
  2⤵
  PID:3024
- C:\Windows\System\DKnYFEO.exe
  C:\Windows\System\DKnYFEO.exe
  2⤵
  PID:1280
- C:\Windows\System\UFCAoFi.exe
  C:\Windows\System\UFCAoFi.exe
  2⤵
  PID:1948
- C:\Windows\System\PcVjzBN.exe
  C:\Windows\System\PcVjzBN.exe
  2⤵
  PID:7276
- C:\Windows\System\DsFwHGx.exe
  C:\Windows\System\DsFwHGx.exe
  2⤵
  PID:7352
- C:\Windows\System\XQVcuDv.exe
  C:\Windows\System\XQVcuDv.exe
  2⤵
  PID:7424
- C:\Windows\System\ZgRodBs.exe
  C:\Windows\System\ZgRodBs.exe
  2⤵
  PID:7532
- C:\Windows\System\gJDGcTr.exe
  C:\Windows\System\gJDGcTr.exe
  2⤵
  PID:7604
- C:\Windows\System\lnWzkkY.exe
  C:\Windows\System\lnWzkkY.exe
  2⤵
  PID:7648
- C:\Windows\System\VDbkqpU.exe
  C:\Windows\System\VDbkqpU.exe
  2⤵
  PID:7688
- C:\Windows\System\WaVyHCb.exe
  C:\Windows\System\WaVyHCb.exe
  2⤵
  PID:7708
- C:\Windows\System\SLfmYSV.exe
  C:\Windows\System\SLfmYSV.exe
  2⤵
  PID:7768
- C:\Windows\System\oJLPKqh.exe
  C:\Windows\System\oJLPKqh.exe
  2⤵
  PID:7812
- C:\Windows\System\WZPguaA.exe
  C:\Windows\System\WZPguaA.exe
  2⤵
  PID:7904
- C:\Windows\System\lNwYuEO.exe
  C:\Windows\System\lNwYuEO.exe
  2⤵
  PID:7944
- C:\Windows\System\zSSmVDt.exe
  C:\Windows\System\zSSmVDt.exe
  2⤵
  PID:7988
- C:\Windows\System\AcSkyuY.exe
  C:\Windows\System\AcSkyuY.exe
  2⤵
  PID:8016
- C:\Windows\System\ZJEWsKp.exe
  C:\Windows\System\ZJEWsKp.exe
  2⤵
  PID:7716
- C:\Windows\System\KvIoBHS.exe
  C:\Windows\System\KvIoBHS.exe
  2⤵
  PID:8100
- C:\Windows\System\LbvRiXQ.exe
  C:\Windows\System\LbvRiXQ.exe
  2⤵
  PID:7296
- C:\Windows\System\oRHSXYS.exe
  C:\Windows\System\oRHSXYS.exe
  2⤵
  PID:7412
- C:\Windows\System\uxcvdQm.exe
  C:\Windows\System\uxcvdQm.exe
  2⤵
  PID:7552
- C:\Windows\System\ksjGlvI.exe
  C:\Windows\System\ksjGlvI.exe
  2⤵
  PID:7756
- C:\Windows\System\XsmLSXa.exe
  C:\Windows\System\XsmLSXa.exe
  2⤵
  PID:7956
- C:\Windows\System\CVpQyhj.exe
  C:\Windows\System\CVpQyhj.exe
  2⤵
  PID:7888
- C:\Windows\System\FfTuini.exe
  C:\Windows\System\FfTuini.exe
  2⤵
  PID:7624
- C:\Windows\System\PqmgDTy.exe
  C:\Windows\System\PqmgDTy.exe
  2⤵
  PID:7964
- C:\Windows\System\cQhKzCf.exe
  C:\Windows\System\cQhKzCf.exe
  2⤵
  PID:8080
- C:\Windows\System\JOETOGF.exe
  C:\Windows\System\JOETOGF.exe
  2⤵
  PID:1932
- C:\Windows\System\pudlDyt.exe
  C:\Windows\System\pudlDyt.exe
  2⤵
  PID:7372
- C:\Windows\System\qLsyToD.exe
  C:\Windows\System\qLsyToD.exe
  2⤵
  PID:7692
- C:\Windows\System\SofAAYa.exe
  C:\Windows\System\SofAAYa.exe
  2⤵
  PID:1104
- C:\Windows\System\GGXkhyD.exe
  C:\Windows\System\GGXkhyD.exe
  2⤵
  PID:7320
- C:\Windows\System\gHArZhd.exe
  C:\Windows\System\gHArZhd.exe
  2⤵
  PID:1260
- C:\Windows\System\rjftbxu.exe
  C:\Windows\System\rjftbxu.exe
  2⤵
  PID:7644
- C:\Windows\System\HglxvRJ.exe
  C:\Windows\System\HglxvRJ.exe
  2⤵
  PID:7776
- C:\Windows\System\vMPRmqq.exe
  C:\Windows\System\vMPRmqq.exe
  2⤵
  PID:7940
- C:\Windows\System\lPmzGZg.exe
  C:\Windows\System\lPmzGZg.exe
  2⤵
  PID:8012
- C:\Windows\System\cTvizRr.exe
  C:\Windows\System\cTvizRr.exe
  2⤵
  PID:7464
- C:\Windows\System\sGKtyYF.exe
  C:\Windows\System\sGKtyYF.exe
  2⤵
  PID:7228
- C:\Windows\System\gmWoMyl.exe
  C:\Windows\System\gmWoMyl.exe
  2⤵
  PID:8172
- C:\Windows\System\SjuZgUo.exe
  C:\Windows\System\SjuZgUo.exe
  2⤵
  PID:7736
- C:\Windows\System\ugCzMqj.exe
  C:\Windows\System\ugCzMqj.exe
  2⤵
  PID:7876
- C:\Windows\System\FghpZPL.exe
  C:\Windows\System\FghpZPL.exe
  2⤵
  PID:7408
- C:\Windows\System\xulnoAR.exe
  C:\Windows\System\xulnoAR.exe
  2⤵
  PID:3068
- C:\Windows\System\IUVArUi.exe
  C:\Windows\System\IUVArUi.exe
  2⤵
  PID:2592
- C:\Windows\System\tjwxWle.exe
  C:\Windows\System\tjwxWle.exe
  2⤵
  PID:7960
- C:\Windows\System\KFfITIX.exe
  C:\Windows\System\KFfITIX.exe
  2⤵
  PID:8160
- C:\Windows\System\RlnfPhC.exe
  C:\Windows\System\RlnfPhC.exe
  2⤵
  PID:6816
- C:\Windows\System\HormxpV.exe
  C:\Windows\System\HormxpV.exe
  2⤵
  PID:7548
- C:\Windows\System\rAbKERO.exe
  C:\Windows\System\rAbKERO.exe
  2⤵
  PID:2132
- C:\Windows\System\OYiBoIg.exe
  C:\Windows\System\OYiBoIg.exe
  2⤵
  PID:7432
- C:\Windows\System\EloSWen.exe
  C:\Windows\System\EloSWen.exe
  2⤵
  PID:8096
- C:\Windows\System\xQCiEte.exe
  C:\Windows\System\xQCiEte.exe
  2⤵
  PID:7248
- C:\Windows\System\diQLNhY.exe
  C:\Windows\System\diQLNhY.exe
  2⤵
  PID:8140
- C:\Windows\System\CIGleMK.exe
  C:\Windows\System\CIGleMK.exe
  2⤵
  PID:7928
- C:\Windows\System\ENMrBWI.exe
  C:\Windows\System\ENMrBWI.exe
  2⤵
  PID:7796
- C:\Windows\System\FKeZTTl.exe
  C:\Windows\System\FKeZTTl.exe
  2⤵
  PID:7500
- C:\Windows\System\oswiepG.exe
  C:\Windows\System\oswiepG.exe
  2⤵
  PID:7576
- C:\Windows\System\LRyzFXk.exe
  C:\Windows\System\LRyzFXk.exe
  2⤵
  PID:8004
- C:\Windows\System\juFJJuh.exe
  C:\Windows\System\juFJJuh.exe
  2⤵
  PID:8024
- C:\Windows\System\VndwOpn.exe
  C:\Windows\System\VndwOpn.exe
  2⤵
  PID:7180
- C:\Windows\System\gbMiiVV.exe
  C:\Windows\System\gbMiiVV.exe
  2⤵
  PID:8048
- C:\Windows\System\TYsKgFi.exe
  C:\Windows\System\TYsKgFi.exe
  2⤵
  PID:6812
- C:\Windows\System\FGJKEPd.exe
  C:\Windows\System\FGJKEPd.exe
  2⤵
  PID:6912
- C:\Windows\System\swipAem.exe
  C:\Windows\System\swipAem.exe
  2⤵
  PID:8064
- C:\Windows\System\gYmpSLo.exe
  C:\Windows\System\gYmpSLo.exe
  2⤵
  PID:7704
- C:\Windows\System\UsBSiAp.exe
  C:\Windows\System\UsBSiAp.exe
  2⤵
  PID:7360
- C:\Windows\System\uDFvIya.exe
  C:\Windows\System\uDFvIya.exe
  2⤵
  PID:8008
- C:\Windows\System\SXKAIWv.exe
  C:\Windows\System\SXKAIWv.exe
  2⤵
  PID:8124
- C:\Windows\System\UBMNuaq.exe
  C:\Windows\System\UBMNuaq.exe
  2⤵
  PID:7512
- C:\Windows\System\NGUVYKD.exe
  C:\Windows\System\NGUVYKD.exe
  2⤵
  PID:7872
- C:\Windows\System\TJtkXWB.exe
  C:\Windows\System\TJtkXWB.exe
  2⤵
  PID:7468
- C:\Windows\System\bJEuKiY.exe
  C:\Windows\System\bJEuKiY.exe
  2⤵
  PID:7808
- C:\Windows\System\yiqrpwo.exe
  C:\Windows\System\yiqrpwo.exe
  2⤵
  PID:8156
- C:\Windows\System\PsIyjmU.exe
  C:\Windows\System\PsIyjmU.exe
  2⤵
  PID:7752
- C:\Windows\System\MsgrhVK.exe
  C:\Windows\System\MsgrhVK.exe
  2⤵
  PID:7272
- C:\Windows\System\qALUZJV.exe
  C:\Windows\System\qALUZJV.exe
  2⤵
  PID:7176
- C:\Windows\System\SRFzYgj.exe
  C:\Windows\System\SRFzYgj.exe
  2⤵
  PID:8216
- C:\Windows\System\ktqaNlV.exe
  C:\Windows\System\ktqaNlV.exe
  2⤵
  PID:8256
- C:\Windows\System\BimcIej.exe
  C:\Windows\System\BimcIej.exe
  2⤵
  PID:8272
- C:\Windows\System\ZVuPGAh.exe
  C:\Windows\System\ZVuPGAh.exe
  2⤵
  PID:8292
- C:\Windows\System\uXPMcnf.exe
  C:\Windows\System\uXPMcnf.exe
  2⤵
  PID:8308
- C:\Windows\System\DHquhdm.exe
  C:\Windows\System\DHquhdm.exe
  2⤵
  PID:8324
- C:\Windows\System\xppUvju.exe
  C:\Windows\System\xppUvju.exe
  2⤵
  PID:8340
- C:\Windows\System\uxpqcnH.exe
  C:\Windows\System\uxpqcnH.exe
  2⤵
  PID:8356
- C:\Windows\System\pdrScTH.exe
  C:\Windows\System\pdrScTH.exe
  2⤵
  PID:8372
- C:\Windows\System\gujiaLA.exe
  C:\Windows\System\gujiaLA.exe
  2⤵
  PID:8388
- C:\Windows\System\TaredMC.exe
  C:\Windows\System\TaredMC.exe
  2⤵
  PID:8404
- C:\Windows\System\bArqjhe.exe
  C:\Windows\System\bArqjhe.exe
  2⤵
  PID:8420
- C:\Windows\System\AErtiwk.exe
  C:\Windows\System\AErtiwk.exe
  2⤵
  PID:8436
- C:\Windows\System\OUbLVbM.exe
  C:\Windows\System\OUbLVbM.exe
  2⤵
  PID:8456
- C:\Windows\System\KxWZirq.exe
  C:\Windows\System\KxWZirq.exe
  2⤵
  PID:8472
- C:\Windows\System\LsLZltk.exe
  C:\Windows\System\LsLZltk.exe
  2⤵
  PID:8488
- C:\Windows\System\iEGTwPG.exe
  C:\Windows\System\iEGTwPG.exe
  2⤵
  PID:8504
- C:\Windows\System\JQVHKpc.exe
  C:\Windows\System\JQVHKpc.exe
  2⤵
  PID:8520
- C:\Windows\System\gesEBXQ.exe
  C:\Windows\System\gesEBXQ.exe
  2⤵
  PID:8536
- C:\Windows\System\qGrvlKW.exe
  C:\Windows\System\qGrvlKW.exe
  2⤵
  PID:8552
- C:\Windows\System\BpPiYWJ.exe
  C:\Windows\System\BpPiYWJ.exe
  2⤵
  PID:8568
- C:\Windows\System\AVoeKaw.exe
  C:\Windows\System\AVoeKaw.exe
  2⤵
  PID:8584
- C:\Windows\System\pLxovuO.exe
  C:\Windows\System\pLxovuO.exe
  2⤵
  PID:8600
- C:\Windows\System\sLqoFeP.exe
  C:\Windows\System\sLqoFeP.exe
  2⤵
  PID:8616
- C:\Windows\System\ZupmtkV.exe
  C:\Windows\System\ZupmtkV.exe
  2⤵
  PID:8632
- C:\Windows\System\jIzqMiJ.exe
  C:\Windows\System\jIzqMiJ.exe
  2⤵
  PID:8648
- C:\Windows\System\FEoGoxF.exe
  C:\Windows\System\FEoGoxF.exe
  2⤵
  PID:8664
- C:\Windows\System\LJofHlO.exe
  C:\Windows\System\LJofHlO.exe
  2⤵
  PID:8680
- C:\Windows\System\expCvFY.exe
  C:\Windows\System\expCvFY.exe
  2⤵
  PID:8696
- C:\Windows\System\oYmArTM.exe
  C:\Windows\System\oYmArTM.exe
  2⤵
  PID:8712
- C:\Windows\System\KWxFxGi.exe
  C:\Windows\System\KWxFxGi.exe
  2⤵
  PID:8728
- C:\Windows\System\mWuHxml.exe
  C:\Windows\System\mWuHxml.exe
  2⤵
  PID:8744
- C:\Windows\System\FjiDMuF.exe
  C:\Windows\System\FjiDMuF.exe
  2⤵
  PID:8760
- C:\Windows\System\ZkdMCKa.exe
  C:\Windows\System\ZkdMCKa.exe
  2⤵
  PID:8776
- C:\Windows\System\oKrmQdr.exe
  C:\Windows\System\oKrmQdr.exe
  2⤵
  PID:8792
- C:\Windows\System\EmRityt.exe
  C:\Windows\System\EmRityt.exe
  2⤵
  PID:8812
- C:\Windows\System\JemJRxV.exe
  C:\Windows\System\JemJRxV.exe
  2⤵
  PID:8832
- C:\Windows\System\ipusPTe.exe
  C:\Windows\System\ipusPTe.exe
  2⤵
  PID:8852
- C:\Windows\System\QBjECml.exe
  C:\Windows\System\QBjECml.exe
  2⤵
  PID:8868
- C:\Windows\System\dhajUCC.exe
  C:\Windows\System\dhajUCC.exe
  2⤵
  PID:8884
- C:\Windows\System\LsTwlfr.exe
  C:\Windows\System\LsTwlfr.exe
  2⤵
  PID:8900
- C:\Windows\System\IoGmcal.exe
  C:\Windows\System\IoGmcal.exe
  2⤵
  PID:8916
- C:\Windows\System\guIqkLq.exe
  C:\Windows\System\guIqkLq.exe
  2⤵
  PID:8932
- C:\Windows\System\TGwQcFD.exe
  C:\Windows\System\TGwQcFD.exe
  2⤵
  PID:8948
- C:\Windows\System\hCvwGgc.exe
  C:\Windows\System\hCvwGgc.exe
  2⤵
  PID:8964
- C:\Windows\System\TLlGZfa.exe
  C:\Windows\System\TLlGZfa.exe
  2⤵
  PID:8980
- C:\Windows\System\GieBAWz.exe
  C:\Windows\System\GieBAWz.exe
  2⤵
  PID:9000
- C:\Windows\System\ZADXnAP.exe
  C:\Windows\System\ZADXnAP.exe
  2⤵
  PID:9028
- C:\Windows\System\fnPMzJK.exe
  C:\Windows\System\fnPMzJK.exe
  2⤵
  PID:9044
- C:\Windows\System\pUXBWbD.exe
  C:\Windows\System\pUXBWbD.exe
  2⤵
  PID:9060
- C:\Windows\System\hwiSoMc.exe
  C:\Windows\System\hwiSoMc.exe
  2⤵
  PID:9076
- C:\Windows\System\OZJLxZL.exe
  C:\Windows\System\OZJLxZL.exe
  2⤵
  PID:9092
- C:\Windows\System\cdmkCvM.exe
  C:\Windows\System\cdmkCvM.exe
  2⤵
  PID:9108
- C:\Windows\System\dCGUjXv.exe
  C:\Windows\System\dCGUjXv.exe
  2⤵
  PID:9160
- C:\Windows\System\GREidrk.exe
  C:\Windows\System\GREidrk.exe
  2⤵
  PID:9188
- C:\Windows\System\hnAPnZG.exe
  C:\Windows\System\hnAPnZG.exe
  2⤵
  PID:9204
- C:\Windows\System\xlWbeoM.exe
  C:\Windows\System\xlWbeoM.exe
  2⤵
  PID:7924
- C:\Windows\System\slVdorb.exe
  C:\Windows\System\slVdorb.exe
  2⤵
  PID:8196
- C:\Windows\System\wkdDcjA.exe
  C:\Windows\System\wkdDcjA.exe
  2⤵
  PID:8248
- C:\Windows\System\riTMZwc.exe
  C:\Windows\System\riTMZwc.exe
  2⤵
  PID:8280
- C:\Windows\System\NXTPhIA.exe
  C:\Windows\System\NXTPhIA.exe
  2⤵
  PID:8332
- C:\Windows\System\APHEjRu.exe
  C:\Windows\System\APHEjRu.exe
  2⤵
  PID:8352
- C:\Windows\System\mCAqPZj.exe
  C:\Windows\System\mCAqPZj.exe
  2⤵
  PID:8336
- C:\Windows\System\aNcGSLN.exe
  C:\Windows\System\aNcGSLN.exe
  2⤵
  PID:8400
- C:\Windows\System\xtgFWKs.exe
  C:\Windows\System\xtgFWKs.exe
  2⤵
  PID:8464
- C:\Windows\System\WwtiQsS.exe
  C:\Windows\System\WwtiQsS.exe
  2⤵
  PID:8484
- C:\Windows\System\thbOsyl.exe
  C:\Windows\System\thbOsyl.exe
  2⤵
  PID:8480
- C:\Windows\System\fhbFIUl.exe
  C:\Windows\System\fhbFIUl.exe
  2⤵
  PID:8576
- C:\Windows\System\NziuwCb.exe
  C:\Windows\System\NziuwCb.exe
  2⤵
  PID:8532
- C:\Windows\System\rolyhhD.exe
  C:\Windows\System\rolyhhD.exe
  2⤵
  PID:8624
- C:\Windows\System\QwaOvfm.exe
  C:\Windows\System\QwaOvfm.exe
  2⤵
  PID:8608
- C:\Windows\System\KugAlGv.exe
  C:\Windows\System\KugAlGv.exe
  2⤵
  PID:8612
- C:\Windows\System\bkJqyHC.exe
  C:\Windows\System\bkJqyHC.exe
  2⤵
  PID:8708
- C:\Windows\System\inaqNUg.exe
  C:\Windows\System\inaqNUg.exe
  2⤵
  PID:8756
- C:\Windows\System\XNuvODE.exe
  C:\Windows\System\XNuvODE.exe
  2⤵
  PID:8804
- C:\Windows\System\TwmBbkK.exe
  C:\Windows\System\TwmBbkK.exe
  2⤵
  PID:8800
- C:\Windows\System\YjNocsp.exe
  C:\Windows\System\YjNocsp.exe
  2⤵
  PID:8876
- C:\Windows\System\dlzFEek.exe
  C:\Windows\System\dlzFEek.exe
  2⤵
  PID:8828
- C:\Windows\System\eOOyXSJ.exe
  C:\Windows\System\eOOyXSJ.exe
  2⤵
  PID:8896
- C:\Windows\System\NjJfAMV.exe
  C:\Windows\System\NjJfAMV.exe
  2⤵
  PID:8908
- C:\Windows\System\jYnYVAy.exe
  C:\Windows\System\jYnYVAy.exe
  2⤵
  PID:8976
- C:\Windows\System\SvyCEsn.exe
  C:\Windows\System\SvyCEsn.exe
  2⤵
  PID:8988
- C:\Windows\System\mwNyHIc.exe
  C:\Windows\System\mwNyHIc.exe
  2⤵
  PID:9016
- C:\Windows\System\FFACxor.exe
  C:\Windows\System\FFACxor.exe
  2⤵
  PID:9040
- C:\Windows\System\WcnwXqq.exe
  C:\Windows\System\WcnwXqq.exe
  2⤵
  PID:9088
- C:\Windows\System\hcXtAfW.exe
  C:\Windows\System\hcXtAfW.exe
  2⤵
  PID:9168
- C:\Windows\System\UthjjUe.exe
  C:\Windows\System\UthjjUe.exe
  2⤵
  PID:9132
- C:\Windows\System\uPugJqh.exe
  C:\Windows\System\uPugJqh.exe
  2⤵
  PID:9148
- C:\Windows\System\fPLhEBP.exe
  C:\Windows\System\fPLhEBP.exe
  2⤵
  PID:9180
- C:\Windows\System\fRGgxml.exe
  C:\Windows\System\fRGgxml.exe
  2⤵
  PID:7592
- C:\Windows\System\PQeehLj.exe
  C:\Windows\System\PQeehLj.exe
  2⤵
  PID:1820
- C:\Windows\System\qBZljoJ.exe
  C:\Windows\System\qBZljoJ.exe
  2⤵
  PID:9196
- C:\Windows\System\pbwmTjb.exe
  C:\Windows\System\pbwmTjb.exe
  2⤵
  PID:8304
- C:\Windows\System\mVpNfBL.exe
  C:\Windows\System\mVpNfBL.exe
  2⤵
  PID:8368
- C:\Windows\System\caxPVsb.exe
  C:\Windows\System\caxPVsb.exe
  2⤵
  PID:8656
- C:\Windows\System\UVzcsoi.exe
  C:\Windows\System\UVzcsoi.exe
  2⤵
  PID:8676
- C:\Windows\System\zKGqukR.exe
  C:\Windows\System\zKGqukR.exe
  2⤵
  PID:8788
- C:\Windows\System\ymVENOl.exe
  C:\Windows\System\ymVENOl.exe
  2⤵
  PID:8348
- C:\Windows\System\yDoXPRq.exe
  C:\Windows\System\yDoXPRq.exe
  2⤵
  PID:8580
- C:\Windows\System\CyRJgMe.exe
  C:\Windows\System\CyRJgMe.exe
  2⤵
  PID:8596
- C:\Windows\System\XGaCAci.exe
  C:\Windows\System\XGaCAci.exe
  2⤵
  PID:8772
- C:\Windows\System\WOwoUNa.exe
  C:\Windows\System\WOwoUNa.exe
  2⤵
  PID:8880
- C:\Windows\System\lLtSpLM.exe
  C:\Windows\System\lLtSpLM.exe
  2⤵
  PID:8956
- C:\Windows\System\dPWmBmh.exe
  C:\Windows\System\dPWmBmh.exe
  2⤵
  PID:9012
- C:\Windows\System\uhpaZfP.exe
  C:\Windows\System\uhpaZfP.exe
  2⤵
  PID:9036
- C:\Windows\System\nTwsuOQ.exe
  C:\Windows\System\nTwsuOQ.exe
  2⤵
  PID:9084
- C:\Windows\System\gBBEVzE.exe
  C:\Windows\System\gBBEVzE.exe
  2⤵
  PID:9104
- C:\Windows\System\mZdYYBq.exe
  C:\Windows\System\mZdYYBq.exe
  2⤵
  PID:9140
- C:\Windows\System\RVfAgiL.exe
  C:\Windows\System\RVfAgiL.exe
  2⤵
  PID:7196
- C:\Windows\System\oPBMruz.exe
  C:\Windows\System\oPBMruz.exe
  2⤵
  PID:2164
- C:\Windows\System\qNaFGLC.exe
  C:\Windows\System\qNaFGLC.exe
  2⤵
  PID:8512
- C:\Windows\System\tFNxZKa.exe
  C:\Windows\System\tFNxZKa.exe
  2⤵
  PID:8740
- C:\Windows\System\TbZxEqk.exe
  C:\Windows\System\TbZxEqk.exe
  2⤵
  PID:8992
- C:\Windows\System\ALRYYyM.exe
  C:\Windows\System\ALRYYyM.exe
  2⤵
  PID:8640
- C:\Windows\System\FgFjNYJ.exe
  C:\Windows\System\FgFjNYJ.exe
  2⤵
  PID:8848
- C:\Windows\System\eSZBbed.exe
  C:\Windows\System\eSZBbed.exe
  2⤵
  PID:8692
- C:\Windows\System\jaXtTHX.exe
  C:\Windows\System\jaXtTHX.exe
  2⤵
  PID:8592
- C:\Windows\System\phvExVE.exe
  C:\Windows\System\phvExVE.exe
  2⤵
  PID:8320
- C:\Windows\System\NmpNRdP.exe
  C:\Windows\System\NmpNRdP.exe
  2⤵
  PID:8544
- C:\Windows\System\zsnfEWw.exe
  C:\Windows\System\zsnfEWw.exe
  2⤵
  PID:8860
- C:\Windows\System\AorhakH.exe
  C:\Windows\System\AorhakH.exe
  2⤵
  PID:9068
- C:\Windows\System\RgMIMZr.exe
  C:\Windows\System\RgMIMZr.exe
  2⤵
  PID:8284
- C:\Windows\System\NwmQrPW.exe
  C:\Windows\System\NwmQrPW.exe
  2⤵
  PID:9232
- C:\Windows\System\USRHEHt.exe
  C:\Windows\System\USRHEHt.exe
  2⤵
  PID:9248
- C:\Windows\System\wChAKMi.exe
  C:\Windows\System\wChAKMi.exe
  2⤵
  PID:9264
- C:\Windows\System\IfBwdDz.exe
  C:\Windows\System\IfBwdDz.exe
  2⤵
  PID:9280
- C:\Windows\System\BDzCSDN.exe
  C:\Windows\System\BDzCSDN.exe
  2⤵
  PID:9296
- C:\Windows\System\OfuuwEQ.exe
  C:\Windows\System\OfuuwEQ.exe
  2⤵
  PID:9312
- C:\Windows\System\VfZEosH.exe
  C:\Windows\System\VfZEosH.exe
  2⤵
  PID:9328
- C:\Windows\System\ZdHWKQP.exe
  C:\Windows\System\ZdHWKQP.exe
  2⤵
  PID:9344
- C:\Windows\System\hFQKWxO.exe
  C:\Windows\System\hFQKWxO.exe
  2⤵
  PID:9360
- C:\Windows\System\KrGjRYm.exe
  C:\Windows\System\KrGjRYm.exe
  2⤵
  PID:9380
- C:\Windows\System\ZhOWJVq.exe
  C:\Windows\System\ZhOWJVq.exe
  2⤵
  PID:9396
- C:\Windows\System\XvALepH.exe
  C:\Windows\System\XvALepH.exe
  2⤵
  PID:9412
- C:\Windows\System\giVkmpm.exe
  C:\Windows\System\giVkmpm.exe
  2⤵
  PID:9428
- C:\Windows\System\RdqAQXV.exe
  C:\Windows\System\RdqAQXV.exe
  2⤵
  PID:9444
- C:\Windows\System\bjeGoNi.exe
  C:\Windows\System\bjeGoNi.exe
  2⤵
  PID:9464
- C:\Windows\System\qznFFPn.exe
  C:\Windows\System\qznFFPn.exe
  2⤵
  PID:9480
- C:\Windows\System\vQFVbBR.exe
  C:\Windows\System\vQFVbBR.exe
  2⤵
  PID:9496
- C:\Windows\System\VHYIjxH.exe
  C:\Windows\System\VHYIjxH.exe
  2⤵
  PID:9516
- C:\Windows\System\ceflWkY.exe
  C:\Windows\System\ceflWkY.exe
  2⤵
  PID:9536
- C:\Windows\System\fHTaYle.exe
  C:\Windows\System\fHTaYle.exe
  2⤵
  PID:9552
- C:\Windows\System\arqoDps.exe
  C:\Windows\System\arqoDps.exe
  2⤵
  PID:9592
- C:\Windows\System\TnnkRua.exe
  C:\Windows\System\TnnkRua.exe
  2⤵
  PID:9608
- C:\Windows\System\yEOSCtq.exe
  C:\Windows\System\yEOSCtq.exe
  2⤵
  PID:9624
- C:\Windows\System\AOlRanr.exe
  C:\Windows\System\AOlRanr.exe
  2⤵
  PID:9640
- C:\Windows\System\weYTjUG.exe
  C:\Windows\System\weYTjUG.exe
  2⤵
  PID:9656
- C:\Windows\System\irsmkbB.exe
  C:\Windows\System\irsmkbB.exe
  2⤵
  PID:9672
- C:\Windows\System\LAsYrRW.exe
  C:\Windows\System\LAsYrRW.exe
  2⤵
  PID:9688
- C:\Windows\System\tTjiHmO.exe
  C:\Windows\System\tTjiHmO.exe
  2⤵
  PID:9704
- C:\Windows\System\BisiPPX.exe
  C:\Windows\System\BisiPPX.exe
  2⤵
  PID:9720
- C:\Windows\System\ZdvVvtO.exe
  C:\Windows\System\ZdvVvtO.exe
  2⤵
  PID:9736
- C:\Windows\System\qDyBtLr.exe
  C:\Windows\System\qDyBtLr.exe
  2⤵
  PID:9752
- C:\Windows\System\wxlqjqq.exe
  C:\Windows\System\wxlqjqq.exe
  2⤵
  PID:9768
- C:\Windows\System\olhgddB.exe
  C:\Windows\System\olhgddB.exe
  2⤵
  PID:9784
- C:\Windows\System\qRgYqfA.exe
  C:\Windows\System\qRgYqfA.exe
  2⤵
  PID:9800
- C:\Windows\System\IiVsVMZ.exe
  C:\Windows\System\IiVsVMZ.exe
  2⤵
  PID:9820
- C:\Windows\System\gEoAkSF.exe
  C:\Windows\System\gEoAkSF.exe
  2⤵
  PID:9836
- C:\Windows\System\lInpJgp.exe
  C:\Windows\System\lInpJgp.exe
  2⤵
  PID:9852
- C:\Windows\System\VpxvpxG.exe
  C:\Windows\System\VpxvpxG.exe
  2⤵
  PID:9868
- C:\Windows\System\SohkULJ.exe
  C:\Windows\System\SohkULJ.exe
  2⤵
  PID:9892
- C:\Windows\System\EvEEYnQ.exe
  C:\Windows\System\EvEEYnQ.exe
  2⤵
  PID:9908
- C:\Windows\System\HuWSLTk.exe
  C:\Windows\System\HuWSLTk.exe
  2⤵
  PID:9924
- C:\Windows\System\aGwVnXv.exe
  C:\Windows\System\aGwVnXv.exe
  2⤵
  PID:9940
- C:\Windows\System\smWVMaO.exe
  C:\Windows\System\smWVMaO.exe
  2⤵
  PID:9956
- C:\Windows\System\JViDDeB.exe
  C:\Windows\System\JViDDeB.exe
  2⤵
  PID:9972
- C:\Windows\System\NxBQdln.exe
  C:\Windows\System\NxBQdln.exe
  2⤵
  PID:9988
- C:\Windows\System\UCcvoFW.exe
  C:\Windows\System\UCcvoFW.exe
  2⤵
  PID:10004
- C:\Windows\System\DGRYxLr.exe
  C:\Windows\System\DGRYxLr.exe
  2⤵
  PID:10020
- C:\Windows\System\gxRuTns.exe
  C:\Windows\System\gxRuTns.exe
  2⤵
  PID:10036
- C:\Windows\System\QRmfAfc.exe
  C:\Windows\System\QRmfAfc.exe
  2⤵
  PID:10052
- C:\Windows\System\eoMPIGK.exe
  C:\Windows\System\eoMPIGK.exe
  2⤵
  PID:10068
- C:\Windows\System\lyQenzC.exe
  C:\Windows\System\lyQenzC.exe
  2⤵
  PID:10084
- C:\Windows\System\HoVbXMO.exe
  C:\Windows\System\HoVbXMO.exe
  2⤵
  PID:10100
- C:\Windows\System\ccphAFl.exe
  C:\Windows\System\ccphAFl.exe
  2⤵
  PID:10116
- C:\Windows\System\kLkxYEk.exe
  C:\Windows\System\kLkxYEk.exe
  2⤵
  PID:10132
- C:\Windows\System\sOavsdn.exe
  C:\Windows\System\sOavsdn.exe
  2⤵
  PID:10152
- C:\Windows\System\hNNHGHi.exe
  C:\Windows\System\hNNHGHi.exe
  2⤵
  PID:10168
- C:\Windows\System\odXzXPk.exe
  C:\Windows\System\odXzXPk.exe
  2⤵
  PID:10184
- C:\Windows\System\YWNCsbT.exe
  C:\Windows\System\YWNCsbT.exe
  2⤵
  PID:10204
- C:\Windows\System\ypslCxs.exe
  C:\Windows\System\ypslCxs.exe
  2⤵
  PID:10220
- C:\Windows\System\ValHNmM.exe
  C:\Windows\System\ValHNmM.exe
  2⤵
  PID:10236
- C:\Windows\System\AHlExpu.exe
  C:\Windows\System\AHlExpu.exe
  2⤵
  PID:8448
- C:\Windows\System\hnqWSnY.exe
  C:\Windows\System\hnqWSnY.exe
  2⤵
  PID:9008
- C:\Windows\System\BSCXmoK.exe
  C:\Windows\System\BSCXmoK.exe
  2⤵
  PID:9372
- C:\Windows\System\rNVkTkp.exe
  C:\Windows\System\rNVkTkp.exe
  2⤵
  PID:9392
- C:\Windows\System\euYvzOD.exe
  C:\Windows\System\euYvzOD.exe
  2⤵
  PID:9320
- C:\Windows\System\TuOFPsP.exe
  C:\Windows\System\TuOFPsP.exe
  2⤵
  PID:9528
- C:\Windows\System\XCogRvH.exe
  C:\Windows\System\XCogRvH.exe
  2⤵
  PID:9548
- C:\Windows\System\IEBGNQq.exe
  C:\Windows\System\IEBGNQq.exe
  2⤵
  PID:9580
- C:\Windows\System\mXUqvtQ.exe
  C:\Windows\System\mXUqvtQ.exe
  2⤵
  PID:9620
- C:\Windows\System\tpksEFR.exe
  C:\Windows\System\tpksEFR.exe
  2⤵
  PID:9680
- C:\Windows\System\vNuXdUB.exe
  C:\Windows\System\vNuXdUB.exe
  2⤵
  PID:9728
- C:\Windows\System\zObuhKl.exe
  C:\Windows\System\zObuhKl.exe
  2⤵
  PID:9776
- C:\Windows\System\wSCkBHR.exe
  C:\Windows\System\wSCkBHR.exe
  2⤵
  PID:9816
- C:\Windows\System\zwxUCuv.exe
  C:\Windows\System\zwxUCuv.exe
  2⤵
  PID:9860
- C:\Windows\System\kMCUhiD.exe
  C:\Windows\System\kMCUhiD.exe
  2⤵
  PID:9996
- C:\Windows\System\KysvFAl.exe
  C:\Windows\System\KysvFAl.exe
  2⤵
  PID:10032
- C:\Windows\System\XYDetUA.exe
  C:\Windows\System\XYDetUA.exe
  2⤵
  PID:10076
- C:\Windows\System\UtyOgMq.exe
  C:\Windows\System\UtyOgMq.exe
  2⤵
  PID:10148
- C:\Windows\System\pFmuZoH.exe
  C:\Windows\System\pFmuZoH.exe
  2⤵
  PID:10144
- C:\Windows\System\MXQZUKg.exe
  C:\Windows\System\MXQZUKg.exe
  2⤵
  PID:10196
- C:\Windows\System\vdkiLlY.exe
  C:\Windows\System\vdkiLlY.exe
  2⤵
  PID:9260
- C:\Windows\System\JZYUbyV.exe
  C:\Windows\System\JZYUbyV.exe
  2⤵
  PID:9408
- C:\Windows\System\bjmMzXu.exe
  C:\Windows\System\bjmMzXu.exe
  2⤵
  PID:9356
- C:\Windows\System\FaTNurz.exe
  C:\Windows\System\FaTNurz.exe
  2⤵
  PID:9568
- C:\Windows\System\RXcGmyf.exe
  C:\Windows\System\RXcGmyf.exe
  2⤵
  PID:9564
- C:\Windows\System\EInnXkN.exe
  C:\Windows\System\EInnXkN.exe
  2⤵
  PID:9604
- C:\Windows\System\KSUEWsP.exe
  C:\Windows\System\KSUEWsP.exe
  2⤵
  PID:9744
- C:\Windows\System\vfyELMz.exe
  C:\Windows\System\vfyELMz.exe
  2⤵
  PID:9712
- C:\Windows\System\JtTCJHf.exe
  C:\Windows\System\JtTCJHf.exe
  2⤵
  PID:9700
- C:\Windows\System\cdXaXjQ.exe
  C:\Windows\System\cdXaXjQ.exe
  2⤵
  PID:9812
- C:\Windows\System\cJKfZDB.exe
  C:\Windows\System\cJKfZDB.exe
  2⤵
  PID:9900
- C:\Windows\System\tMraXtB.exe
  C:\Windows\System\tMraXtB.exe
  2⤵
  PID:9880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DjBrReH.exe

Filesize
6.0MB

MD5
318ddc5e77c63a4c209ca8eb28949fa0

SHA1
8f4358b5a1568f84e5fef05a30c6d4bb9475e149

SHA256
97bc240a12bd5c5fa8a787d1c0a4a2cb720232ea635fefc4423aee7c1ef15454

SHA512
4a559cd8b1c8eefe09cc4e941236f843c42875e19a42dbd4b7b569143711f5a72ad5f17a7c567cb15334fba17df1f7f07d94d87807390dd57f0fc715f9079f07

Download Submit
C:\Windows\system\JgONkMm.exe

Filesize
6.0MB

MD5
bc723fee50b85269626e362c3af03bc3

SHA1
7797ed8b8a69159b43fad3e4ced6039ce633020b

SHA256
9338c1a04baf5e3dad0d0864b0a0272c44532bbcb0b06b5aa3df2cd626f0664a

SHA512
e66c439d9d14f4fd4382409b56eb0afb94326bcb253776538fd21a33a0f84f7848f48f835a906d42fd9a7aa0057d1c5a88325b3fc86ca8abdae40ed76551ba21

Download Submit
C:\Windows\system\KPTkFgP.exe

Filesize
6.0MB

MD5
036150d7d89eff47e39781c7c56f312f

SHA1
0d9709810bc171b944bb0cadbbf20299f44ac9ea

SHA256
403fe8acd31d6b36fad5c826dffaa7fef82a16a36dc0c759568a8963e1bc5059

SHA512
0c9ecf3dcf6228f83c71cfcc9705652c5d1ad3dd9dc5dd6e7c345861ad77e6e183ae65e125ae72719733ef254db429e75098c5f91a3ebff6213e12acae40fcb0

Download Submit
C:\Windows\system\LlxRCTu.exe

Filesize
6.0MB

MD5
84d216cf5d1b1da6fad33d275eadbe86

SHA1
4c367d792a5024a3181ab44ce6a40cc5b8b30894

SHA256
326d3169f84c6b7b2381fd32a326f16650dca8819b6f169cdec7bfc0549490f1

SHA512
9c48d4ab03a819112c8eec198bd58615ae84266ecc3d920bed8fe30b10f09b32ed34f872440f566abb1e6878f6c5624990c8356caea6892beb961840a57093ce

Download Submit
C:\Windows\system\LsdRpwo.exe

Filesize
6.0MB

MD5
e9c379637b9fbaa3f36dd3a7258876a7

SHA1
061c5a51490d18079acaa3549b8cc32d02e8faec

SHA256
4757fab08baba220c384250aac86c4ef2cbccc4b7505530046ed60cf07d414b7

SHA512
86347866c5bf90648db55a6b34ec4885c3f6c4e33652dd4f467e6bf7cfad8cc559e27fba6819b06b1548565f4764a05edacaaaa8ef08095bf9b2b9353639038a

Download Submit
C:\Windows\system\NpTsttF.exe

Filesize
6.0MB

MD5
3b995d47f3b9bbab5fb920018b0bf164

SHA1
68a9cf1b2a8f2555be5c86d99c4294da2bae5381

SHA256
a1730a64acf2fb1f37f671a37832d76453be97253b739cf78703893f9c49c8da

SHA512
df2291ebc7673a9fdb5b40e126d7bafbf95cb551a16da849278543415f5a7f50e7dd8c1b2f77e5635466cbe354c7698d70b14027f7cf676b2b8c42848b658f4c

Download Submit
C:\Windows\system\RuVjLSL.exe

Filesize
6.0MB

MD5
1bd59e3701fe301d323c39b6de717151

SHA1
e94a186e3e426cf237d845cd817c93cf439fadb4

SHA256
be5473b65e2e3c1a16b7fccb430448c9964b9d06b008e439461cec5795e604db

SHA512
6856b24f5965b81edd529a5cec4fe6b6be1a634d187f46b05ffcf6cb9020ea9f7d39b7b9428866ca0031969619220d3bffe4182fde8e1c2242085ba25c75a446

Download Submit
C:\Windows\system\SMdBiwD.exe

Filesize
6.0MB

MD5
98a1e44aa4ddfc22ecc80e7ba27d666e

SHA1
f6fde5c1060585c193a43f29f92b40c87f461328

SHA256
b15aefd83c0b5278e402440564a16abfe5937f540881bcc5b2d59eaae5b90c9d

SHA512
84c417e9fbb047f735b3804fc15ecc8344d3aaa8ad0d2302bce31b87d15b5f4f14dc6cc4129c01ab69b231d3617410aa1f818f62361158af1a723a7595e0575d

Download Submit
C:\Windows\system\WFYiXkA.exe

Filesize
6.0MB

MD5
6729f4485b02b313d20cff7c7b8cb712

SHA1
1ab98122ba7f06ea14910410b912a9d8d999a862

SHA256
9151fa62bc8d5363069d62deeb733f0d5008ef850b8ff2817ff17d228912b731

SHA512
87a006cfb6995453d21deeed2bdb488a86c1062270d8227214786b12374a6ea9646fedd988cf0f9b71808aedadd72f0d5bccb6110bc4f2e8c9cc1cd654dbd5ce

Download Submit
C:\Windows\system\XxLArMs.exe

Filesize
6.0MB

MD5
dd8d5d066a1ea3b51b85d310dcdb0440

SHA1
7960f45c22e053c517d4802cdb3a106bb2a4f9db

SHA256
595adb780a08f00649f64bc5c0b11eade001261fed6b6d69a4f884047a297fcb

SHA512
88fbe89444daa5533d6fa61861c9343108810cddc33dc402b4e42e925f3f450ce0de3a9f7b7c6274c7ec414e2e77c00549207d0557f562323a5197f25ffdd7d3

Download Submit
C:\Windows\system\Ylebxsx.exe

Filesize
6.0MB

MD5
258903f8557c240b2687d3ee12cf152a

SHA1
debc65039e84af88e26b96e927c3ee8e0a29bd6a

SHA256
21700b6bc501ff6c882b41fd37c4b39990ee4237352c2fa6e886438b210e62f2

SHA512
c7008b9c606f4236e8d38f7ecde9eef630d895669fd4b22b0425e78bc6f2689d08097f5dba175cddc00706461cf75fe13ab906244e2add88aa058ac4aba294aa

Download Submit
C:\Windows\system\YuPZaMp.exe

Filesize
6.0MB

MD5
3aaaf7b2964850ffd0ac2f4dd165742e

SHA1
c6c3d4ff3ec853dc61fcf8c80b6504f976683696

SHA256
9bd030778e2ae6170ff9a2628c6f7ea065bea2fb16779562cc21a142aee7f32a

SHA512
0c32ba992d6d290d5dc2bd4acdd3a778ec188ef25730851c854f729f470fbc12f9353a82943e96729433344e60a428e815019a27058f89f085f79b87a5051b40

Download Submit
C:\Windows\system\cENrVRv.exe

Filesize
6.0MB

MD5
845808844ad052ab9c10ca9124ccf193

SHA1
9c9af41f4511b2ac8edbe60d1d338b33b58a704d

SHA256
ff4cf3892eb20e6e27990b7f3af61fd3a59ee6c71662b789b774bcacf6a16b8d

SHA512
a8de5540a7f5ad1d95585dd4ac3a4b6c18574ee8e89dd1ceeeb257715fb2d4ff03c9293e7271146f14703bd0c9021088d445ddc27e7d5dfc7f1e1644799fe414

Download Submit
C:\Windows\system\fyOCXir.exe

Filesize
6.0MB

MD5
cc55c4cb327bba116cb814c32db7edfb

SHA1
c7869b3cf09809a50966d92a7b3b449ea9fc281f

SHA256
38617a8a6f2040f5743a28025313d9e0a9eaf12d1a4521a37c6c026162fb8be7

SHA512
52ec0e50328c9977ae598a78ece0aeb0b63bbaaa0ae54e7f5b19360e09c462ee8ca2d14f34079db1f4cb9dbbc47ad4d59924c1e81305a6761a288335e63c2e87

Download Submit
C:\Windows\system\goPauTY.exe

Filesize
6.0MB

MD5
61b2644b3323ea50c54c6efd5f380c25

SHA1
6afb97ed08baf742b33208df776081f1ab402c19

SHA256
dc8e279abd67fc94a933ec3aacd4ea2e26d50c7f849f83ff4a4df5397a984203

SHA512
86cfda821eb2cd9581bbbf7b4a07a168140328028a266083aafe2582d7f99f36334e533bc22e79721c866f9ffd987f94a18d7b06de9e84557f1833d0c0c8781d

Download Submit
C:\Windows\system\oGMLjhA.exe

Filesize
6.0MB

MD5
768139ce5364ca30e08b20369cd14338

SHA1
7033275cc05f44512dd6a5b3171d93b45f71c79e

SHA256
04c1853b70bfbe8581449369b728be99ef11b27e2c4b6fd1557325cb17bdb36c

SHA512
0cd7434d2f419843048b9394838f316fd11b2f71a7cfee9cc7b401522f15a0621efe20385141ff4a42069ec3d3ff7aa6421416f5758fc50f9da3d4e1b076d1f6

Download Submit
C:\Windows\system\pZOTuSB.exe

Filesize
6.0MB

MD5
d56f56bd9028c926968900a0fb1506c3

SHA1
43fbfa4d39bc62ec28dc9ec4045f854835f43c63

SHA256
046bae74ab99731cc1b23f807f45b303b61d0df8e7eab0f21305e07bd2784efd

SHA512
d8dd5a41a0d236bdd57793fdc72fe4665304cb33f50093bb30ecff2905bb5a995209a827fab2681780db103148657d47defbd687bc0c015bb759948c1842e410

Download Submit
C:\Windows\system\pfOrOWJ.exe

Filesize
6.0MB

MD5
4de145e3ef7cc50c18a6071e28777945

SHA1
540e557f6ec1175edfe79b5c96b6ea7263e8c76d

SHA256
8df6e123b9cba5c9b3c0e1474ba6a6dc18767c54eb633abe27fe948c621ac5cc

SHA512
b8a01195a88b43a5c0dc54914eb36a65b797542750ab42751f3cc78dd0920e5c807ba568b4344c1713b6aba3ed651cc6721a819091ffa7d2d736f0969042dbda

Download Submit
C:\Windows\system\qMqBzPr.exe

Filesize
6.0MB

MD5
aeba1c168bc614ce4eb9dd1cb3e9d33c

SHA1
fd56916f156e1c0048258663f8d29684ad4ec827

SHA256
2270480c24876cd59dc933df88b9cba65d52a6e2f65107db39a3a56d1d915fb7

SHA512
8422f32da4243c9f47d8ade7611c14094e0f236774c4f305faff62467244e948f3386743fc200a9d82062a321fceb82f7fd7c38b3536c93a9c5166ed78c90abe

Download Submit
C:\Windows\system\sEDQCQn.exe

Filesize
6.0MB

MD5
e004039f99506a84be66d05e7505f832

SHA1
61fa0c70dc494545cbe25da23a2887c5d81f1d2f

SHA256
1cce0ca618bfb4a9efb03fb24138be494fd28863c01f1fac2e166ea646c84bfc

SHA512
2514b70077da263defeec2b2d771649cc05413034ef22a67c71ae95f5d7b0eee82241301d4cabef570a4401abe353be051ec8d6732fa68b77a7b9eca75abf080

Download Submit
C:\Windows\system\ukoJJmj.exe

Filesize
6.0MB

MD5
8acb08326deda5e3cf374a0d5deb14cf

SHA1
975b8a87d1ee5309c38db592fc246c70ddd1495a

SHA256
5c6f91b5e22d6673a6bc26dd33e3a98889a8b53f2a5b8c55a5eac1f99481294d

SHA512
9d543c56c0172464cc9152f0fe51e642b3c921e0c9d657960bf2bb6a4d5ff4738cef73b8401f995cf356fa5d7dbc8c6d4b0bc3d131af8262d5e38d195276c3a2

Download Submit
C:\Windows\system\wthItev.exe

Filesize
6.0MB

MD5
7630939b44330705ba32f4df780051a8

SHA1
a31412b644881123a8feeb3f22df4eb419daf11d

SHA256
19d1964229ed66e3f6b33685d4a621899d92621b56e0ac0065c412b290f244a0

SHA512
a2da1087678e8a2fd15d22facac2d6078f18d9eac111f1daa80344323e4d1ffa0dd79d30652edfe94dc09b68b853642b182dae06e4eff15b7c9411a1bc44e042

Download Submit
C:\Windows\system\ygyeVcw.exe

Filesize
6.0MB

MD5
dff41cecc04b94718a5c70d71ca2a696

SHA1
e694c0afe0da19b24b43208313f7ddefeb365aea

SHA256
29a0483bf3b4fae9a8e1b129b4c79ac7e3d8e48165c8be1cc5b896e6c12d0263

SHA512
810c00a078257e981644d9153d34dce46aacddc77bc8be90d6839929b5347e51fc8c4b384674269eeb5407d70c1a21a76b3d57a426d6b3c92c9f9f169ab5f2f9

Download Submit
C:\Windows\system\yytfIyd.exe

Filesize
6.0MB

MD5
a796a2ca1ed18210dc997da60cbab314

SHA1
54e068a139489ad5dccf323b499a3afefbf4e822

SHA256
c479d7dd0c68a4ec37aaa8d96561311f965d9c9fd91b304742d6266365881108

SHA512
38bab92d42b4db2b8423b39ac38d9e6a0dd093b3b66d53658a78fe189e70ef0183d300bb5bbd73bb559d883a7dbc4e5dc62bee13d2de277efc7d0e2dba9f166f

Download Submit
C:\Windows\system\znQMtcp.exe

Filesize
6.0MB

MD5
b8ee458b3fef839111cec4819e1c60e6

SHA1
6b648fec626d0b20c79353344cfcba04fe12eac1

SHA256
97681151396e3a7110c37539cafe96dc391cfae4ca932cb0b692560c65ad5ee9

SHA512
2c4f35763dda7d2e94d9b8dc68c457d11e8c47946b60f2be3b027c12a768b9f2965e13b09c94dbd2fbbd727109ad7b27e4852f952028ec400fdb751386dca4cb

Download Submit
\Windows\system\CbAUzGg.exe

Filesize
6.0MB

MD5
3020da0e432a930e69aae97aad46dc0b

SHA1
8ab60257988d51c2dc3abb30fefde4d3d0460cd9

SHA256
08993c1053f8fdea823ae6a52bd0edae813d5f50501c882af6654eaad2f74bae

SHA512
70d6a913a7b74a3b714018a2a777d5f4a9f19ac2e66f1990df40daa2c669bfa44bb8ad1d0a8d5ef49ceb3823cb40077c117ee96b6f65f97dfcc65b746d178c81

Download Submit
\Windows\system\HOWPFmN.exe

Filesize
6.0MB

MD5
9a6cbd68914b1731033e090738cbf12a

SHA1
af1eddf88a229c667930af28f343b69b38b4997f

SHA256
6f58e240e745149b20dce2f7771feb3655fccd6d61a61416a71db7b2d42882a3

SHA512
ab9166382f4b2a83e934b60e666a468848ad7b84e1180e22283334ca7df3b35df05a91882294d348516184ebf2b2603eaba5c57d8f700217fd53c8b9c536240a

Download Submit
\Windows\system\VTCHtEN.exe

Filesize
6.0MB

MD5
812d9ab3f64fc11e3320b14e15bfe4b5

SHA1
172c861ec6a37ad39fd5cfc277fc321d453fbd04

SHA256
4f0dbe42dcbaaff4421947d2cd475e0bbd3cf7e22ebc2ad95c888d1377e2632c

SHA512
17779bb357900af0b12fcd012c7987eda84007f16bfac5704aceab2f17c1602414b0026a4f0a1d8691715717e515a9805a8a149402a238520651f68363ff8a9f

Download Submit
\Windows\system\jqKrHFX.exe

Filesize
6.0MB

MD5
d499f4910cfd4cebdf9b7c6e7c04ce1c

SHA1
b11b156526671a97eaeb7874e17d7499e7fd80e5

SHA256
201e9c0c89ff5f4d0a691246a90836f145ed907d1cda66dcd9ac41f81ec4eb41

SHA512
f1e55607836c09f224b7d5dcebc08dd414f2cba2e32fcdd16438f750c5ad261f8a9cbeec8550d008e518ad31ed47bab834299c4c9c86693a1cc2396585d25fe3

Download Submit
\Windows\system\oPYBVDo.exe

Filesize
6.0MB

MD5
89d42f75a367947d9de194d621721031

SHA1
fe2724dd13fbd300021246772fbf7b8dd941aeee

SHA256
971725dc0fb3885e42bec3687fc5353e72a3baf9151e5b6a6de96d3524e29113

SHA512
bfd3869ee3bfb67ef6160fd73e4b4d94def8d07f01b870ccfab8820e21cafc6fb6545bcde8eb9fcd5a3138f460d28f1b3356cdc35fa4d224d022ac78d989ad2b

Download Submit
\Windows\system\uthAODo.exe

Filesize
6.0MB

MD5
9b81728831a86ddc1b748116c7b71f51

SHA1
7ecc0dd7f2520ee0caaad8f363016faf1881ad39

SHA256
e2c35e1dc21fd5d1e9866deabd94c23c16724644679dd89ce56cf46c414eb916

SHA512
575055ba881b8006a9482936972813c5158d30e99e0c33f12b1d87353373a000961147f9f057e4ba24086604223b6e16013abc04c57c6bfe2e1fd0365e538e83

Download Submit
\Windows\system\wIKtjxl.exe

Filesize
6.0MB

MD5
5a22dfd51c81c99e878a7b42f40d8b4d

SHA1
59a93a3789aa2b82eaddcc90ea192e85fc8dd780

SHA256
cbbda3ab4f7c5862df0ce84add8768bdb619e395f4aa93d61aedcf7a7e9e5af0

SHA512
66d6afbc2ab40b4defa9de6ce7ba3aadf448bfe7e57ba477b8fc0400e411cf4cf77518f1cb878c278fc9b6bcadb54b8a3e66080c0ff6b1d43c6f89a7844dbb28

Download Submit
memory/1228-74-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1228-3436-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1496-84-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-3406-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-80-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2248-3407-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2404-101-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-105-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-93-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2404-91-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-104-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2404-89-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2404-75-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2404-87-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1067-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-85-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2404-95-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2404-83-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1174-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-81-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2404-858-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2404-79-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1066-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-77-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2404-0-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2404-859-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-76-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2432-3409-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2484-3452-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2484-78-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2548-925-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2548-73-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2548-3410-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2700-86-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2700-3422-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3408-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2712-100-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3385-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-92-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3456-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2728-94-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2796-88-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3383-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3474-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-103-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-3423-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2856-90-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3459-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2892-82-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download