cobaltstrike | 903ef79b97b2ace5a09d561c7ace3cd2c0e3b71ac10e977eab59106c0c5fc4be

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 02:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b139c8746c9bc0562e97710b3d088fae
SHA1

27b788c23f600fbc40f05fa09c2403f2a60ea969
SHA256

903ef79b97b2ace5a09d561c7ace3cd2c0e3b71ac10e977eab59106c0c5fc4be
SHA512

7175e371f240bb9a69b12c66229674ff00ccc476a2a3c4a5c4d951a75748c6229226ff8bc2c42fba27f89966e679781dceca1fb175b656472d708fa4429f744f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUA:T+q56utgpPF8u/7A

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000012102-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014714-10.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001471c-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014864-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014a05-28.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000014c00-42.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c53-47.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ccb-57.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d0c-72.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d1f-82.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dc1-123.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016daf-118.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f97-136.dat	cobalt_reflective_dll
behavioral1/files/0x001b000000014504-170.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017390-167.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739b-166.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016e73-128.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016da6-111.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d54-107.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d40-102.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d38-97.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d30-92.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d27-87.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d15-77.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d02-67.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cf6-62.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c9b-52.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000014b38-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014ac1-32.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173b2-177.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173ee-187.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f6-184.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2428-0-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x0008000000012102-6.dat	xmrig
behavioral1/memory/2964-9-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/files/0x0008000000014714-10.dat	xmrig
behavioral1/files/0x000800000001471c-12.dat	xmrig
behavioral1/files/0x0007000000014864-23.dat	xmrig
behavioral1/files/0x0007000000014a05-28.dat	xmrig
behavioral1/files/0x0009000000014c00-42.dat	xmrig
behavioral1/files/0x0006000000016c53-47.dat	xmrig
behavioral1/files/0x0006000000016ccb-57.dat	xmrig
behavioral1/files/0x0006000000016d0c-72.dat	xmrig
behavioral1/files/0x0006000000016d1f-82.dat	xmrig
behavioral1/files/0x0006000000016dc1-123.dat	xmrig
behavioral1/files/0x0006000000016daf-118.dat	xmrig
behavioral1/files/0x0006000000016f97-136.dat	xmrig
behavioral1/memory/2428-140-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2428-146-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2728-157-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2548-159-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2536-165-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2428-162-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2836-132-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x001b000000014504-170.dat	xmrig
behavioral1/files/0x0006000000017390-167.dat	xmrig
behavioral1/files/0x000600000001739b-166.dat	xmrig
behavioral1/memory/2800-154-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2784-151-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2624-147-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2980-131-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2492-161-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2428-158-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2876-145-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2756-143-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2636-141-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2136-139-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/files/0x0006000000016e73-128.dat	xmrig
behavioral1/files/0x0006000000016da6-111.dat	xmrig
behavioral1/files/0x0006000000016d54-107.dat	xmrig
behavioral1/files/0x0006000000016d40-102.dat	xmrig
behavioral1/files/0x0006000000016d38-97.dat	xmrig
behavioral1/files/0x0006000000016d30-92.dat	xmrig
behavioral1/files/0x0006000000016d27-87.dat	xmrig
behavioral1/files/0x0006000000016d15-77.dat	xmrig
behavioral1/files/0x0006000000016d02-67.dat	xmrig
behavioral1/files/0x0006000000016cf6-62.dat	xmrig
behavioral1/files/0x0006000000016c9b-52.dat	xmrig
behavioral1/files/0x0009000000014b38-38.dat	xmrig
behavioral1/files/0x0007000000014ac1-32.dat	xmrig
behavioral1/files/0x00060000000173b2-177.dat	xmrig
behavioral1/memory/2428-191-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2428-196-0x00000000022A0000-0x00000000025F4000-memory.dmp	xmrig
behavioral1/files/0x00060000000173ee-187.dat	xmrig
behavioral1/files/0x00060000000173f6-184.dat	xmrig
behavioral1/memory/2980-632-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2964-4017-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2980-4018-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2136-4019-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2756-4020-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2636-4021-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2800-4024-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2784-4023-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2624-4022-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2728-4025-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2492-4029-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2964	QtkUOgz.exe
2980	OaiCUoO.exe
2836	MtVRZga.exe
2136	fXLhTiG.exe
2636	igKbuyT.exe
2756	oTgEKJa.exe
2876	XhIZQhr.exe
2624	liPRGiQ.exe
2784	ooIhaeb.exe
2800	xUTOLAR.exe
2728	BZKzWdN.exe
2548	jxzSCbI.exe
2492	OIqNlKJ.exe
2536	KjmIurc.exe
2940	mAzvQZE.exe
2952	bueueJO.exe
1524	VhlyBCd.exe
592	GtSDuiy.exe
1080	hmRcaQQ.exe
588	oOFkeMI.exe
556	rIePTaQ.exe
340	CQSwqtx.exe
1432	VHcKEpW.exe
1736	iqErENx.exe
1800	lfgAEjc.exe
2316	ghvXoqk.exe
2732	FRZtXAl.exe
1936	ksFMjvw.exe
1608	phKlWCa.exe
2892	RTnSezC.exe
1792	tRChcim.exe
2392	NCDQodB.exe
1148	GyfBbKx.exe
408	KaRXFmy.exe
3060	xwtxChC.exe
3056	zQUPfrX.exe
2080	CUSXEze.exe
772	ATuBiBM.exe
1636	eSiHkMp.exe
1324	APUjMVI.exe
1156	qFpXArt.exe
1744	mQbjWbk.exe
1628	ERVxsGt.exe
1248	MdtoyhG.exe
2380	AuAIlYx.exe
2184	fSaNMHM.exe
2072	PXxortU.exe
992	YeMGvIL.exe
2372	DXHOhSi.exe
704	tEazeBM.exe
1504	SolFWrP.exe
1520	QFnPqlH.exe
1568	jvJJtYq.exe
2936	oVTGirx.exe
2832	gjtWHFA.exe
2596	gmyMIhq.exe
2780	JJiJjXh.exe
2824	LgiwkeC.exe
2816	IsXtbEl.exe
2504	XmRzyal.exe
2972	eJAXlJM.exe
536	fpSJLsP.exe
1480	FcUemrQ.exe
112	luYASjK.exe

Loads dropped DLL 64 IoCs

pid	Process
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2428-0-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x0008000000012102-6.dat	upx
behavioral1/memory/2964-9-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/files/0x0008000000014714-10.dat	upx
behavioral1/files/0x000800000001471c-12.dat	upx
behavioral1/files/0x0007000000014864-23.dat	upx
behavioral1/files/0x0007000000014a05-28.dat	upx
behavioral1/files/0x0009000000014c00-42.dat	upx
behavioral1/files/0x0006000000016c53-47.dat	upx
behavioral1/files/0x0006000000016ccb-57.dat	upx
behavioral1/files/0x0006000000016d0c-72.dat	upx
behavioral1/files/0x0006000000016d1f-82.dat	upx
behavioral1/files/0x0006000000016dc1-123.dat	upx
behavioral1/files/0x0006000000016daf-118.dat	upx
behavioral1/files/0x0006000000016f97-136.dat	upx
behavioral1/memory/2728-157-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2548-159-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2536-165-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2836-132-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x001b000000014504-170.dat	upx
behavioral1/files/0x0006000000017390-167.dat	upx
behavioral1/files/0x000600000001739b-166.dat	upx
behavioral1/memory/2800-154-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2784-151-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2624-147-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2980-131-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2492-161-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2876-145-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2756-143-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2636-141-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2136-139-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/files/0x0006000000016e73-128.dat	upx
behavioral1/files/0x0006000000016da6-111.dat	upx
behavioral1/files/0x0006000000016d54-107.dat	upx
behavioral1/files/0x0006000000016d40-102.dat	upx
behavioral1/files/0x0006000000016d38-97.dat	upx
behavioral1/files/0x0006000000016d30-92.dat	upx
behavioral1/files/0x0006000000016d27-87.dat	upx
behavioral1/files/0x0006000000016d15-77.dat	upx
behavioral1/files/0x0006000000016d02-67.dat	upx
behavioral1/files/0x0006000000016cf6-62.dat	upx
behavioral1/files/0x0006000000016c9b-52.dat	upx
behavioral1/files/0x0009000000014b38-38.dat	upx
behavioral1/files/0x0007000000014ac1-32.dat	upx
behavioral1/files/0x00060000000173b2-177.dat	upx
behavioral1/memory/2428-191-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2428-196-0x00000000022A0000-0x00000000025F4000-memory.dmp	upx
behavioral1/files/0x00060000000173ee-187.dat	upx
behavioral1/files/0x00060000000173f6-184.dat	upx
behavioral1/memory/2980-632-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2964-4017-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2980-4018-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2136-4019-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2756-4020-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2636-4021-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2800-4024-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2784-4023-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2624-4022-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2728-4025-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2492-4029-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2536-4028-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2548-4027-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2876-4026-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2836-4030-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\znPbKVI.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BQXzhWp.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yiyOmif.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yQHdKGI.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYqDJtV.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLGCEzC.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xGvqpcP.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oUoKINN.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rBbONQf.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GXGZQKM.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WaQXfng.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRLRlLs.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FAfxsMP.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rwDZvHd.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RxnXVRA.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VsdlgvJ.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ljrsNkQ.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XjyFvTi.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BZcAwWV.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqNsBzK.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BZgtNre.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kTwbFyp.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LxYHyYC.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvhZsKM.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fIdvkWs.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iEptsuB.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdXsWqm.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uFlAaYu.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AAxPnPu.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PglLXzn.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NVJbJoP.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XMLSbpm.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IXiAQvZ.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\klmGSly.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZYWsCma.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YIyXJeA.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vkelYAE.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YmHUgfG.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jShaHXu.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFflwsU.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UHHEfyC.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AhGYjor.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MnNidPQ.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PiThZNl.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QZddqRL.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VSOKglZ.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lNNBLYC.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\viDzVeo.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qqMSfKh.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ekHJndq.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWKyWXt.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\psmUNWd.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VJfsmyy.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\afzumVf.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OfrWdbb.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DBdaBKm.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uQCrnYB.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tRChcim.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DXHOhSi.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ttOkDIw.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GBhwvaS.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IoJkkXG.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VlttZdc.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FfRhZfJ.exe	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2964	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2428 wrote to memory of 2964	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2428 wrote to memory of 2964	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2428 wrote to memory of 2980	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2428 wrote to memory of 2980	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2428 wrote to memory of 2980	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2428 wrote to memory of 2836	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2428 wrote to memory of 2836	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2428 wrote to memory of 2836	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2428 wrote to memory of 2136	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2428 wrote to memory of 2136	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2428 wrote to memory of 2136	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2428 wrote to memory of 2636	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2428 wrote to memory of 2636	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2428 wrote to memory of 2636	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2428 wrote to memory of 2756	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2428 wrote to memory of 2756	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2428 wrote to memory of 2756	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2428 wrote to memory of 2876	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2428 wrote to memory of 2876	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2428 wrote to memory of 2876	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2428 wrote to memory of 2624	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2428 wrote to memory of 2624	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2428 wrote to memory of 2624	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2428 wrote to memory of 2784	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2428 wrote to memory of 2784	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2428 wrote to memory of 2784	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2428 wrote to memory of 2800	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2428 wrote to memory of 2800	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2428 wrote to memory of 2800	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2428 wrote to memory of 2728	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2428 wrote to memory of 2728	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2428 wrote to memory of 2728	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2428 wrote to memory of 2548	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2428 wrote to memory of 2548	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2428 wrote to memory of 2548	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2428 wrote to memory of 2492	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2428 wrote to memory of 2492	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2428 wrote to memory of 2492	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2428 wrote to memory of 2536	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2428 wrote to memory of 2536	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2428 wrote to memory of 2536	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2428 wrote to memory of 2940	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2428 wrote to memory of 2940	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2428 wrote to memory of 2940	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2428 wrote to memory of 2952	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2428 wrote to memory of 2952	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2428 wrote to memory of 2952	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2428 wrote to memory of 1524	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2428 wrote to memory of 1524	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2428 wrote to memory of 1524	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2428 wrote to memory of 592	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2428 wrote to memory of 592	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2428 wrote to memory of 592	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2428 wrote to memory of 1080	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2428 wrote to memory of 1080	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2428 wrote to memory of 1080	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2428 wrote to memory of 588	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2428 wrote to memory of 588	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2428 wrote to memory of 588	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2428 wrote to memory of 556	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2428 wrote to memory of 556	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2428 wrote to memory of 556	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2428 wrote to memory of 340	2428	2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_b139c8746c9bc0562e97710b3d088fae_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Windows\System\QtkUOgz.exe
  C:\Windows\System\QtkUOgz.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\OaiCUoO.exe
  C:\Windows\System\OaiCUoO.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\MtVRZga.exe
  C:\Windows\System\MtVRZga.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\fXLhTiG.exe
  C:\Windows\System\fXLhTiG.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\igKbuyT.exe
  C:\Windows\System\igKbuyT.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\oTgEKJa.exe
  C:\Windows\System\oTgEKJa.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\XhIZQhr.exe
  C:\Windows\System\XhIZQhr.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\liPRGiQ.exe
  C:\Windows\System\liPRGiQ.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\ooIhaeb.exe
  C:\Windows\System\ooIhaeb.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\xUTOLAR.exe
  C:\Windows\System\xUTOLAR.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\BZKzWdN.exe
  C:\Windows\System\BZKzWdN.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\jxzSCbI.exe
  C:\Windows\System\jxzSCbI.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\OIqNlKJ.exe
  C:\Windows\System\OIqNlKJ.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\KjmIurc.exe
  C:\Windows\System\KjmIurc.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\mAzvQZE.exe
  C:\Windows\System\mAzvQZE.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\bueueJO.exe
  C:\Windows\System\bueueJO.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\VhlyBCd.exe
  C:\Windows\System\VhlyBCd.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\GtSDuiy.exe
  C:\Windows\System\GtSDuiy.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\hmRcaQQ.exe
  C:\Windows\System\hmRcaQQ.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\oOFkeMI.exe
  C:\Windows\System\oOFkeMI.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\rIePTaQ.exe
  C:\Windows\System\rIePTaQ.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\CQSwqtx.exe
  C:\Windows\System\CQSwqtx.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\VHcKEpW.exe
  C:\Windows\System\VHcKEpW.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\iqErENx.exe
  C:\Windows\System\iqErENx.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\lfgAEjc.exe
  C:\Windows\System\lfgAEjc.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\ghvXoqk.exe
  C:\Windows\System\ghvXoqk.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\ksFMjvw.exe
  C:\Windows\System\ksFMjvw.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\FRZtXAl.exe
  C:\Windows\System\FRZtXAl.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\phKlWCa.exe
  C:\Windows\System\phKlWCa.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\RTnSezC.exe
  C:\Windows\System\RTnSezC.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\NCDQodB.exe
  C:\Windows\System\NCDQodB.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\tRChcim.exe
  C:\Windows\System\tRChcim.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\GyfBbKx.exe
  C:\Windows\System\GyfBbKx.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\KaRXFmy.exe
  C:\Windows\System\KaRXFmy.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\xwtxChC.exe
  C:\Windows\System\xwtxChC.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\zQUPfrX.exe
  C:\Windows\System\zQUPfrX.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\ATuBiBM.exe
  C:\Windows\System\ATuBiBM.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\CUSXEze.exe
  C:\Windows\System\CUSXEze.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\eSiHkMp.exe
  C:\Windows\System\eSiHkMp.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\APUjMVI.exe
  C:\Windows\System\APUjMVI.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\qFpXArt.exe
  C:\Windows\System\qFpXArt.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\mQbjWbk.exe
  C:\Windows\System\mQbjWbk.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\MdtoyhG.exe
  C:\Windows\System\MdtoyhG.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\ERVxsGt.exe
  C:\Windows\System\ERVxsGt.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\AuAIlYx.exe
  C:\Windows\System\AuAIlYx.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\fSaNMHM.exe
  C:\Windows\System\fSaNMHM.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\PXxortU.exe
  C:\Windows\System\PXxortU.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\YeMGvIL.exe
  C:\Windows\System\YeMGvIL.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\DXHOhSi.exe
  C:\Windows\System\DXHOhSi.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\tEazeBM.exe
  C:\Windows\System\tEazeBM.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\SolFWrP.exe
  C:\Windows\System\SolFWrP.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\QFnPqlH.exe
  C:\Windows\System\QFnPqlH.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\jvJJtYq.exe
  C:\Windows\System\jvJJtYq.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\oVTGirx.exe
  C:\Windows\System\oVTGirx.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\gjtWHFA.exe
  C:\Windows\System\gjtWHFA.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\gmyMIhq.exe
  C:\Windows\System\gmyMIhq.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\JJiJjXh.exe
  C:\Windows\System\JJiJjXh.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\LgiwkeC.exe
  C:\Windows\System\LgiwkeC.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\IsXtbEl.exe
  C:\Windows\System\IsXtbEl.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\XmRzyal.exe
  C:\Windows\System\XmRzyal.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\eJAXlJM.exe
  C:\Windows\System\eJAXlJM.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\fpSJLsP.exe
  C:\Windows\System\fpSJLsP.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\luYASjK.exe
  C:\Windows\System\luYASjK.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\FcUemrQ.exe
  C:\Windows\System\FcUemrQ.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\wNFtXqL.exe
  C:\Windows\System\wNFtXqL.exe
  2⤵
  PID:2020
- C:\Windows\System\hNpuQXL.exe
  C:\Windows\System\hNpuQXL.exe
  2⤵
  PID:1724
- C:\Windows\System\BZaFZBL.exe
  C:\Windows\System\BZaFZBL.exe
  2⤵
  PID:1780
- C:\Windows\System\XIUxaru.exe
  C:\Windows\System\XIUxaru.exe
  2⤵
  PID:2016
- C:\Windows\System\bceVnqE.exe
  C:\Windows\System\bceVnqE.exe
  2⤵
  PID:1756
- C:\Windows\System\lCXBAQf.exe
  C:\Windows\System\lCXBAQf.exe
  2⤵
  PID:2992
- C:\Windows\System\JQarJbb.exe
  C:\Windows\System\JQarJbb.exe
  2⤵
  PID:1956
- C:\Windows\System\PhxGGRF.exe
  C:\Windows\System\PhxGGRF.exe
  2⤵
  PID:1964
- C:\Windows\System\FOKlqAa.exe
  C:\Windows\System\FOKlqAa.exe
  2⤵
  PID:2840
- C:\Windows\System\fzNoLCr.exe
  C:\Windows\System\fzNoLCr.exe
  2⤵
  PID:1920
- C:\Windows\System\xqNsBzK.exe
  C:\Windows\System\xqNsBzK.exe
  2⤵
  PID:1512
- C:\Windows\System\EZyGAOm.exe
  C:\Windows\System\EZyGAOm.exe
  2⤵
  PID:2884
- C:\Windows\System\hBsCPZp.exe
  C:\Windows\System\hBsCPZp.exe
  2⤵
  PID:1092
- C:\Windows\System\OPyezCO.exe
  C:\Windows\System\OPyezCO.exe
  2⤵
  PID:888
- C:\Windows\System\qSMCrtw.exe
  C:\Windows\System\qSMCrtw.exe
  2⤵
  PID:3052
- C:\Windows\System\SlJSyaw.exe
  C:\Windows\System\SlJSyaw.exe
  2⤵
  PID:1088
- C:\Windows\System\rYRTWXY.exe
  C:\Windows\System\rYRTWXY.exe
  2⤵
  PID:1924
- C:\Windows\System\lLEXFxE.exe
  C:\Windows\System\lLEXFxE.exe
  2⤵
  PID:696
- C:\Windows\System\wnGfjno.exe
  C:\Windows\System\wnGfjno.exe
  2⤵
  PID:1960
- C:\Windows\System\EDxnryZ.exe
  C:\Windows\System\EDxnryZ.exe
  2⤵
  PID:3004
- C:\Windows\System\nOYkSUd.exe
  C:\Windows\System\nOYkSUd.exe
  2⤵
  PID:2200
- C:\Windows\System\EBSMAoo.exe
  C:\Windows\System\EBSMAoo.exe
  2⤵
  PID:1280
- C:\Windows\System\ZViubjZ.exe
  C:\Windows\System\ZViubjZ.exe
  2⤵
  PID:2164
- C:\Windows\System\ZchxWoX.exe
  C:\Windows\System\ZchxWoX.exe
  2⤵
  PID:1228
- C:\Windows\System\thjVRhr.exe
  C:\Windows\System\thjVRhr.exe
  2⤵
  PID:2864
- C:\Windows\System\jtBjElv.exe
  C:\Windows\System\jtBjElv.exe
  2⤵
  PID:1052
- C:\Windows\System\FqzOhVP.exe
  C:\Windows\System\FqzOhVP.exe
  2⤵
  PID:1912
- C:\Windows\System\YxxOSzI.exe
  C:\Windows\System\YxxOSzI.exe
  2⤵
  PID:2924
- C:\Windows\System\xBWKrIf.exe
  C:\Windows\System\xBWKrIf.exe
  2⤵
  PID:2920
- C:\Windows\System\EngZEOQ.exe
  C:\Windows\System\EngZEOQ.exe
  2⤵
  PID:2792
- C:\Windows\System\fDZfMUw.exe
  C:\Windows\System\fDZfMUw.exe
  2⤵
  PID:2772
- C:\Windows\System\IxPxZGp.exe
  C:\Windows\System\IxPxZGp.exe
  2⤵
  PID:1428
- C:\Windows\System\siZYWwg.exe
  C:\Windows\System\siZYWwg.exe
  2⤵
  PID:484
- C:\Windows\System\LRLRlLs.exe
  C:\Windows\System\LRLRlLs.exe
  2⤵
  PID:2008
- C:\Windows\System\wcdQGTv.exe
  C:\Windows\System\wcdQGTv.exe
  2⤵
  PID:940
- C:\Windows\System\twgZoRf.exe
  C:\Windows\System\twgZoRf.exe
  2⤵
  PID:1484
- C:\Windows\System\hmvTkAg.exe
  C:\Windows\System\hmvTkAg.exe
  2⤵
  PID:1616
- C:\Windows\System\JmTNknh.exe
  C:\Windows\System\JmTNknh.exe
  2⤵
  PID:1544
- C:\Windows\System\zWfVyEJ.exe
  C:\Windows\System\zWfVyEJ.exe
  2⤵
  PID:908
- C:\Windows\System\gOuvTuJ.exe
  C:\Windows\System\gOuvTuJ.exe
  2⤵
  PID:2128
- C:\Windows\System\LZwjNDV.exe
  C:\Windows\System\LZwjNDV.exe
  2⤵
  PID:776
- C:\Windows\System\cZKWLtL.exe
  C:\Windows\System\cZKWLtL.exe
  2⤵
  PID:2588
- C:\Windows\System\cxBRymx.exe
  C:\Windows\System\cxBRymx.exe
  2⤵
  PID:1404
- C:\Windows\System\IakFDrx.exe
  C:\Windows\System\IakFDrx.exe
  2⤵
  PID:1928
- C:\Windows\System\uLdLPYd.exe
  C:\Windows\System\uLdLPYd.exe
  2⤵
  PID:880
- C:\Windows\System\rHuLlhL.exe
  C:\Windows\System\rHuLlhL.exe
  2⤵
  PID:2364
- C:\Windows\System\MNQgddf.exe
  C:\Windows\System\MNQgddf.exe
  2⤵
  PID:2844
- C:\Windows\System\onoicdP.exe
  C:\Windows\System\onoicdP.exe
  2⤵
  PID:2232
- C:\Windows\System\fFJZEfo.exe
  C:\Windows\System\fFJZEfo.exe
  2⤵
  PID:2904
- C:\Windows\System\emKJhmG.exe
  C:\Windows\System\emKJhmG.exe
  2⤵
  PID:2152
- C:\Windows\System\UyOajDL.exe
  C:\Windows\System\UyOajDL.exe
  2⤵
  PID:2240
- C:\Windows\System\OpEDBkH.exe
  C:\Windows\System\OpEDBkH.exe
  2⤵
  PID:2516
- C:\Windows\System\YwUbxFG.exe
  C:\Windows\System\YwUbxFG.exe
  2⤵
  PID:400
- C:\Windows\System\ktlYfWz.exe
  C:\Windows\System\ktlYfWz.exe
  2⤵
  PID:2656
- C:\Windows\System\cKfZrBY.exe
  C:\Windows\System\cKfZrBY.exe
  2⤵
  PID:1948
- C:\Windows\System\JcKJmms.exe
  C:\Windows\System\JcKJmms.exe
  2⤵
  PID:1652
- C:\Windows\System\NBtepvh.exe
  C:\Windows\System\NBtepvh.exe
  2⤵
  PID:1992
- C:\Windows\System\KmZldwj.exe
  C:\Windows\System\KmZldwj.exe
  2⤵
  PID:2264
- C:\Windows\System\OQLnXGx.exe
  C:\Windows\System\OQLnXGx.exe
  2⤵
  PID:2276
- C:\Windows\System\mTxRqYF.exe
  C:\Windows\System\mTxRqYF.exe
  2⤵
  PID:2532
- C:\Windows\System\cygfWZN.exe
  C:\Windows\System\cygfWZN.exe
  2⤵
  PID:1856
- C:\Windows\System\qdXsWqm.exe
  C:\Windows\System\qdXsWqm.exe
  2⤵
  PID:1548
- C:\Windows\System\NCgRhfU.exe
  C:\Windows\System\NCgRhfU.exe
  2⤵
  PID:1952
- C:\Windows\System\NsCmBWx.exe
  C:\Windows\System\NsCmBWx.exe
  2⤵
  PID:2612
- C:\Windows\System\woVugIx.exe
  C:\Windows\System\woVugIx.exe
  2⤵
  PID:1552
- C:\Windows\System\ggrvUhM.exe
  C:\Windows\System\ggrvUhM.exe
  2⤵
  PID:2112
- C:\Windows\System\DBxCxho.exe
  C:\Windows\System\DBxCxho.exe
  2⤵
  PID:1596
- C:\Windows\System\HnedeVJ.exe
  C:\Windows\System\HnedeVJ.exe
  2⤵
  PID:644
- C:\Windows\System\JRhzLUu.exe
  C:\Windows\System\JRhzLUu.exe
  2⤵
  PID:2592
- C:\Windows\System\dAeFfNV.exe
  C:\Windows\System\dAeFfNV.exe
  2⤵
  PID:2488
- C:\Windows\System\dRLxQCI.exe
  C:\Windows\System\dRLxQCI.exe
  2⤵
  PID:2196
- C:\Windows\System\LkKNYry.exe
  C:\Windows\System\LkKNYry.exe
  2⤵
  PID:2064
- C:\Windows\System\OyNNTWj.exe
  C:\Windows\System\OyNNTWj.exe
  2⤵
  PID:2096
- C:\Windows\System\qOygabc.exe
  C:\Windows\System\qOygabc.exe
  2⤵
  PID:3028
- C:\Windows\System\OBeSILj.exe
  C:\Windows\System\OBeSILj.exe
  2⤵
  PID:2352
- C:\Windows\System\nIheAaj.exe
  C:\Windows\System\nIheAaj.exe
  2⤵
  PID:2412
- C:\Windows\System\uXoohaB.exe
  C:\Windows\System\uXoohaB.exe
  2⤵
  PID:596
- C:\Windows\System\qqWEhuf.exe
  C:\Windows\System\qqWEhuf.exe
  2⤵
  PID:2120
- C:\Windows\System\tjFYYeC.exe
  C:\Windows\System\tjFYYeC.exe
  2⤵
  PID:1348
- C:\Windows\System\PEWHdvP.exe
  C:\Windows\System\PEWHdvP.exe
  2⤵
  PID:736
- C:\Windows\System\ttOkDIw.exe
  C:\Windows\System\ttOkDIw.exe
  2⤵
  PID:2584
- C:\Windows\System\NhclEvm.exe
  C:\Windows\System\NhclEvm.exe
  2⤵
  PID:636
- C:\Windows\System\tFdbbMk.exe
  C:\Windows\System\tFdbbMk.exe
  2⤵
  PID:1644
- C:\Windows\System\nPZwBRs.exe
  C:\Windows\System\nPZwBRs.exe
  2⤵
  PID:2968
- C:\Windows\System\wVEGMJv.exe
  C:\Windows\System\wVEGMJv.exe
  2⤵
  PID:1540
- C:\Windows\System\iRJMwMO.exe
  C:\Windows\System\iRJMwMO.exe
  2⤵
  PID:1612
- C:\Windows\System\xeZUzaO.exe
  C:\Windows\System\xeZUzaO.exe
  2⤵
  PID:2676
- C:\Windows\System\weksrqd.exe
  C:\Windows\System\weksrqd.exe
  2⤵
  PID:1860
- C:\Windows\System\VJiKEnT.exe
  C:\Windows\System\VJiKEnT.exe
  2⤵
  PID:2804
- C:\Windows\System\AEVVfWf.exe
  C:\Windows\System\AEVVfWf.exe
  2⤵
  PID:2284
- C:\Windows\System\MpAhzSR.exe
  C:\Windows\System\MpAhzSR.exe
  2⤵
  PID:3080
- C:\Windows\System\uTSnjLU.exe
  C:\Windows\System\uTSnjLU.exe
  2⤵
  PID:3100
- C:\Windows\System\BGhRsBh.exe
  C:\Windows\System\BGhRsBh.exe
  2⤵
  PID:3120
- C:\Windows\System\fhNofeI.exe
  C:\Windows\System\fhNofeI.exe
  2⤵
  PID:3144
- C:\Windows\System\IrymZMh.exe
  C:\Windows\System\IrymZMh.exe
  2⤵
  PID:3160
- C:\Windows\System\EfOqudM.exe
  C:\Windows\System\EfOqudM.exe
  2⤵
  PID:3176
- C:\Windows\System\yAAnuWJ.exe
  C:\Windows\System\yAAnuWJ.exe
  2⤵
  PID:3200
- C:\Windows\System\hNQZJuZ.exe
  C:\Windows\System\hNQZJuZ.exe
  2⤵
  PID:3232
- C:\Windows\System\FNbIBoI.exe
  C:\Windows\System\FNbIBoI.exe
  2⤵
  PID:3248
- C:\Windows\System\WfYTHPA.exe
  C:\Windows\System\WfYTHPA.exe
  2⤵
  PID:3264
- C:\Windows\System\gdbGKWb.exe
  C:\Windows\System\gdbGKWb.exe
  2⤵
  PID:3280
- C:\Windows\System\yzkDqoH.exe
  C:\Windows\System\yzkDqoH.exe
  2⤵
  PID:3296
- C:\Windows\System\TYpPhpf.exe
  C:\Windows\System\TYpPhpf.exe
  2⤵
  PID:3312
- C:\Windows\System\yiipBiW.exe
  C:\Windows\System\yiipBiW.exe
  2⤵
  PID:3332
- C:\Windows\System\znuffcv.exe
  C:\Windows\System\znuffcv.exe
  2⤵
  PID:3348
- C:\Windows\System\wzMvUhn.exe
  C:\Windows\System\wzMvUhn.exe
  2⤵
  PID:3400
- C:\Windows\System\iecgCZE.exe
  C:\Windows\System\iecgCZE.exe
  2⤵
  PID:3416
- C:\Windows\System\LardHNu.exe
  C:\Windows\System\LardHNu.exe
  2⤵
  PID:3432
- C:\Windows\System\BZgtNre.exe
  C:\Windows\System\BZgtNre.exe
  2⤵
  PID:3448
- C:\Windows\System\njmNcPJ.exe
  C:\Windows\System\njmNcPJ.exe
  2⤵
  PID:3468
- C:\Windows\System\xFHBoqh.exe
  C:\Windows\System\xFHBoqh.exe
  2⤵
  PID:3484
- C:\Windows\System\OQDdZAo.exe
  C:\Windows\System\OQDdZAo.exe
  2⤵
  PID:3500
- C:\Windows\System\mhcIMFg.exe
  C:\Windows\System\mhcIMFg.exe
  2⤵
  PID:3520
- C:\Windows\System\UxJmDdd.exe
  C:\Windows\System\UxJmDdd.exe
  2⤵
  PID:3536
- C:\Windows\System\PgoFzCT.exe
  C:\Windows\System\PgoFzCT.exe
  2⤵
  PID:3556
- C:\Windows\System\PEWjCnV.exe
  C:\Windows\System\PEWjCnV.exe
  2⤵
  PID:3572
- C:\Windows\System\BtBmVNh.exe
  C:\Windows\System\BtBmVNh.exe
  2⤵
  PID:3588
- C:\Windows\System\rBqudmf.exe
  C:\Windows\System\rBqudmf.exe
  2⤵
  PID:3608
- C:\Windows\System\PIiUTOC.exe
  C:\Windows\System\PIiUTOC.exe
  2⤵
  PID:3628
- C:\Windows\System\bPsfnxi.exe
  C:\Windows\System\bPsfnxi.exe
  2⤵
  PID:3644
- C:\Windows\System\oKxvUEa.exe
  C:\Windows\System\oKxvUEa.exe
  2⤵
  PID:3700
- C:\Windows\System\MYqDJtV.exe
  C:\Windows\System\MYqDJtV.exe
  2⤵
  PID:3716
- C:\Windows\System\GBhwvaS.exe
  C:\Windows\System\GBhwvaS.exe
  2⤵
  PID:3732
- C:\Windows\System\AzmhDuq.exe
  C:\Windows\System\AzmhDuq.exe
  2⤵
  PID:3752
- C:\Windows\System\XzhsmXP.exe
  C:\Windows\System\XzhsmXP.exe
  2⤵
  PID:3772
- C:\Windows\System\ApYyGsn.exe
  C:\Windows\System\ApYyGsn.exe
  2⤵
  PID:3792
- C:\Windows\System\jhDdkfs.exe
  C:\Windows\System\jhDdkfs.exe
  2⤵
  PID:3812
- C:\Windows\System\pQOQQBJ.exe
  C:\Windows\System\pQOQQBJ.exe
  2⤵
  PID:3836
- C:\Windows\System\PNKffDS.exe
  C:\Windows\System\PNKffDS.exe
  2⤵
  PID:3864
- C:\Windows\System\BsyqDOy.exe
  C:\Windows\System\BsyqDOy.exe
  2⤵
  PID:3880
- C:\Windows\System\WimqUDx.exe
  C:\Windows\System\WimqUDx.exe
  2⤵
  PID:3896
- C:\Windows\System\RJQYTLB.exe
  C:\Windows\System\RJQYTLB.exe
  2⤵
  PID:3912
- C:\Windows\System\oiWwGlY.exe
  C:\Windows\System\oiWwGlY.exe
  2⤵
  PID:3932
- C:\Windows\System\ggFsMdW.exe
  C:\Windows\System\ggFsMdW.exe
  2⤵
  PID:3952
- C:\Windows\System\FghfMlT.exe
  C:\Windows\System\FghfMlT.exe
  2⤵
  PID:3968
- C:\Windows\System\vcZuecz.exe
  C:\Windows\System\vcZuecz.exe
  2⤵
  PID:3984
- C:\Windows\System\ZWrQWBq.exe
  C:\Windows\System\ZWrQWBq.exe
  2⤵
  PID:4000
- C:\Windows\System\fzsmoOK.exe
  C:\Windows\System\fzsmoOK.exe
  2⤵
  PID:4040
- C:\Windows\System\lwuJZJg.exe
  C:\Windows\System\lwuJZJg.exe
  2⤵
  PID:4060
- C:\Windows\System\KNEiIWS.exe
  C:\Windows\System\KNEiIWS.exe
  2⤵
  PID:4076
- C:\Windows\System\LtegeCO.exe
  C:\Windows\System\LtegeCO.exe
  2⤵
  PID:4092
- C:\Windows\System\BTuVAGy.exe
  C:\Windows\System\BTuVAGy.exe
  2⤵
  PID:3088
- C:\Windows\System\sDvWuzv.exe
  C:\Windows\System\sDvWuzv.exe
  2⤵
  PID:2600
- C:\Windows\System\pMKOMyG.exe
  C:\Windows\System\pMKOMyG.exe
  2⤵
  PID:3188
- C:\Windows\System\CRfJOGL.exe
  C:\Windows\System\CRfJOGL.exe
  2⤵
  PID:3140
- C:\Windows\System\RBmsKvl.exe
  C:\Windows\System\RBmsKvl.exe
  2⤵
  PID:3272
- C:\Windows\System\uPDATZp.exe
  C:\Windows\System\uPDATZp.exe
  2⤵
  PID:3208
- C:\Windows\System\lFliFhR.exe
  C:\Windows\System\lFliFhR.exe
  2⤵
  PID:3132
- C:\Windows\System\PMqGJdB.exe
  C:\Windows\System\PMqGJdB.exe
  2⤵
  PID:3364
- C:\Windows\System\zoQEEIF.exe
  C:\Windows\System\zoQEEIF.exe
  2⤵
  PID:3356
- C:\Windows\System\vZvvwBF.exe
  C:\Windows\System\vZvvwBF.exe
  2⤵
  PID:3256
- C:\Windows\System\xKeVMbP.exe
  C:\Windows\System\xKeVMbP.exe
  2⤵
  PID:3384
- C:\Windows\System\TIRefGC.exe
  C:\Windows\System\TIRefGC.exe
  2⤵
  PID:3372
- C:\Windows\System\uxLIdWS.exe
  C:\Windows\System\uxLIdWS.exe
  2⤵
  PID:3552
- C:\Windows\System\oUjbVNY.exe
  C:\Windows\System\oUjbVNY.exe
  2⤵
  PID:3512
- C:\Windows\System\UoqwYrn.exe
  C:\Windows\System\UoqwYrn.exe
  2⤵
  PID:3616
- C:\Windows\System\ffhlrpb.exe
  C:\Windows\System\ffhlrpb.exe
  2⤵
  PID:3656
- C:\Windows\System\oemCnGn.exe
  C:\Windows\System\oemCnGn.exe
  2⤵
  PID:3672
- C:\Windows\System\wJLkjpk.exe
  C:\Windows\System\wJLkjpk.exe
  2⤵
  PID:3688
- C:\Windows\System\VJfsmyy.exe
  C:\Windows\System\VJfsmyy.exe
  2⤵
  PID:3724
- C:\Windows\System\CkjxbNs.exe
  C:\Windows\System\CkjxbNs.exe
  2⤵
  PID:3712
- C:\Windows\System\sxePfEX.exe
  C:\Windows\System\sxePfEX.exe
  2⤵
  PID:3528
- C:\Windows\System\PunyQUa.exe
  C:\Windows\System\PunyQUa.exe
  2⤵
  PID:3596
- C:\Windows\System\yYoMeOr.exe
  C:\Windows\System\yYoMeOr.exe
  2⤵
  PID:3844
- C:\Windows\System\bQxULev.exe
  C:\Windows\System\bQxULev.exe
  2⤵
  PID:3856
- C:\Windows\System\PalVhBT.exe
  C:\Windows\System\PalVhBT.exe
  2⤵
  PID:2808
- C:\Windows\System\KZLIBaQ.exe
  C:\Windows\System\KZLIBaQ.exe
  2⤵
  PID:3780
- C:\Windows\System\RzEcCUb.exe
  C:\Windows\System\RzEcCUb.exe
  2⤵
  PID:3920
- C:\Windows\System\iYwaaiL.exe
  C:\Windows\System\iYwaaiL.exe
  2⤵
  PID:3960
- C:\Windows\System\lWXKDje.exe
  C:\Windows\System\lWXKDje.exe
  2⤵
  PID:3992
- C:\Windows\System\hvhphHf.exe
  C:\Windows\System\hvhphHf.exe
  2⤵
  PID:3904
- C:\Windows\System\thPRYkW.exe
  C:\Windows\System\thPRYkW.exe
  2⤵
  PID:4052
- C:\Windows\System\lzOfBUC.exe
  C:\Windows\System\lzOfBUC.exe
  2⤵
  PID:4036
- C:\Windows\System\VSOKglZ.exe
  C:\Windows\System\VSOKglZ.exe
  2⤵
  PID:4068
- C:\Windows\System\NUTRAkA.exe
  C:\Windows\System\NUTRAkA.exe
  2⤵
  PID:1528
- C:\Windows\System\kXnwxbZ.exe
  C:\Windows\System\kXnwxbZ.exe
  2⤵
  PID:2568
- C:\Windows\System\NpfqeLx.exe
  C:\Windows\System\NpfqeLx.exe
  2⤵
  PID:3184
- C:\Windows\System\ckXYMjT.exe
  C:\Windows\System\ckXYMjT.exe
  2⤵
  PID:3136
- C:\Windows\System\bWhdCwM.exe
  C:\Windows\System\bWhdCwM.exe
  2⤵
  PID:3172
- C:\Windows\System\vKlGMbN.exe
  C:\Windows\System\vKlGMbN.exe
  2⤵
  PID:3408
- C:\Windows\System\YLhCXsJ.exe
  C:\Windows\System\YLhCXsJ.exe
  2⤵
  PID:3476
- C:\Windows\System\GPTjcCS.exe
  C:\Windows\System\GPTjcCS.exe
  2⤵
  PID:3428
- C:\Windows\System\RpJeZnq.exe
  C:\Windows\System\RpJeZnq.exe
  2⤵
  PID:3320
- C:\Windows\System\yvRnCnM.exe
  C:\Windows\System\yvRnCnM.exe
  2⤵
  PID:3392
- C:\Windows\System\izQLdGC.exe
  C:\Windows\System\izQLdGC.exe
  2⤵
  PID:3660
- C:\Windows\System\OTJPVsH.exe
  C:\Windows\System\OTJPVsH.exe
  2⤵
  PID:3708
- C:\Windows\System\uiJyBon.exe
  C:\Windows\System\uiJyBon.exe
  2⤵
  PID:1492
- C:\Windows\System\dVaeeAC.exe
  C:\Windows\System\dVaeeAC.exe
  2⤵
  PID:3808
- C:\Windows\System\wolfhUE.exe
  C:\Windows\System\wolfhUE.exe
  2⤵
  PID:3568
- C:\Windows\System\VTRAPiH.exe
  C:\Windows\System\VTRAPiH.exe
  2⤵
  PID:3980
- C:\Windows\System\VPXdtYi.exe
  C:\Windows\System\VPXdtYi.exe
  2⤵
  PID:4024
- C:\Windows\System\HEUnNGm.exe
  C:\Windows\System\HEUnNGm.exe
  2⤵
  PID:3940
- C:\Windows\System\uhPrXKI.exe
  C:\Windows\System\uhPrXKI.exe
  2⤵
  PID:4028
- C:\Windows\System\yhwjtlX.exe
  C:\Windows\System\yhwjtlX.exe
  2⤵
  PID:3076
- C:\Windows\System\CElDRYS.exe
  C:\Windows\System\CElDRYS.exe
  2⤵
  PID:3156
- C:\Windows\System\fhmfRWs.exe
  C:\Windows\System\fhmfRWs.exe
  2⤵
  PID:3440
- C:\Windows\System\UYAWcAS.exe
  C:\Windows\System\UYAWcAS.exe
  2⤵
  PID:3604
- C:\Windows\System\ieIsNjR.exe
  C:\Windows\System\ieIsNjR.exe
  2⤵
  PID:3888
- C:\Windows\System\sPfchYB.exe
  C:\Windows\System\sPfchYB.exe
  2⤵
  PID:3652
- C:\Windows\System\NVeQKgg.exe
  C:\Windows\System\NVeQKgg.exe
  2⤵
  PID:3848
- C:\Windows\System\QIeDRdT.exe
  C:\Windows\System\QIeDRdT.exe
  2⤵
  PID:3220
- C:\Windows\System\YQBihQc.exe
  C:\Windows\System\YQBihQc.exe
  2⤵
  PID:3800
- C:\Windows\System\kTwbFyp.exe
  C:\Windows\System\kTwbFyp.exe
  2⤵
  PID:3664
- C:\Windows\System\sePtyPf.exe
  C:\Windows\System\sePtyPf.exe
  2⤵
  PID:3680
- C:\Windows\System\afzumVf.exe
  C:\Windows\System\afzumVf.exe
  2⤵
  PID:3744
- C:\Windows\System\fLGCEzC.exe
  C:\Windows\System\fLGCEzC.exe
  2⤵
  PID:3948
- C:\Windows\System\xpsgpVt.exe
  C:\Windows\System\xpsgpVt.exe
  2⤵
  PID:2188
- C:\Windows\System\opfTtbR.exe
  C:\Windows\System\opfTtbR.exe
  2⤵
  PID:3580
- C:\Windows\System\SYHVClQ.exe
  C:\Windows\System\SYHVClQ.exe
  2⤵
  PID:2768
- C:\Windows\System\HIqxamv.exe
  C:\Windows\System\HIqxamv.exe
  2⤵
  PID:3228
- C:\Windows\System\VmfItbJ.exe
  C:\Windows\System\VmfItbJ.exe
  2⤵
  PID:3344
- C:\Windows\System\PitzNZg.exe
  C:\Windows\System\PitzNZg.exe
  2⤵
  PID:3480
- C:\Windows\System\aMaDNHf.exe
  C:\Windows\System\aMaDNHf.exe
  2⤵
  PID:3388
- C:\Windows\System\DNDfGMa.exe
  C:\Windows\System\DNDfGMa.exe
  2⤵
  PID:3824
- C:\Windows\System\sfqxGZi.exe
  C:\Windows\System\sfqxGZi.exe
  2⤵
  PID:1476
- C:\Windows\System\bilUDGp.exe
  C:\Windows\System\bilUDGp.exe
  2⤵
  PID:3832
- C:\Windows\System\dyVSomn.exe
  C:\Windows\System\dyVSomn.exe
  2⤵
  PID:2252
- C:\Windows\System\QuLlOAG.exe
  C:\Windows\System\QuLlOAG.exe
  2⤵
  PID:4056
- C:\Windows\System\okdxZrU.exe
  C:\Windows\System\okdxZrU.exe
  2⤵
  PID:4084
- C:\Windows\System\wImEHIj.exe
  C:\Windows\System\wImEHIj.exe
  2⤵
  PID:1040
- C:\Windows\System\iJgjGTA.exe
  C:\Windows\System\iJgjGTA.exe
  2⤵
  PID:3128
- C:\Windows\System\dBzsxwn.exe
  C:\Windows\System\dBzsxwn.exe
  2⤵
  PID:4016
- C:\Windows\System\bCxSOSB.exe
  C:\Windows\System\bCxSOSB.exe
  2⤵
  PID:4112
- C:\Windows\System\zgOANPh.exe
  C:\Windows\System\zgOANPh.exe
  2⤵
  PID:4128
- C:\Windows\System\uPGjNVx.exe
  C:\Windows\System\uPGjNVx.exe
  2⤵
  PID:4144
- C:\Windows\System\oqfuNhA.exe
  C:\Windows\System\oqfuNhA.exe
  2⤵
  PID:4168
- C:\Windows\System\tYdalXD.exe
  C:\Windows\System\tYdalXD.exe
  2⤵
  PID:4208
- C:\Windows\System\FkYFfBB.exe
  C:\Windows\System\FkYFfBB.exe
  2⤵
  PID:4224
- C:\Windows\System\glFLLND.exe
  C:\Windows\System\glFLLND.exe
  2⤵
  PID:4240
- C:\Windows\System\roTqlPc.exe
  C:\Windows\System\roTqlPc.exe
  2⤵
  PID:4256
- C:\Windows\System\lNNBLYC.exe
  C:\Windows\System\lNNBLYC.exe
  2⤵
  PID:4276
- C:\Windows\System\hIcliYM.exe
  C:\Windows\System\hIcliYM.exe
  2⤵
  PID:4296
- C:\Windows\System\gnDlyca.exe
  C:\Windows\System\gnDlyca.exe
  2⤵
  PID:4312
- C:\Windows\System\zxpeiAK.exe
  C:\Windows\System\zxpeiAK.exe
  2⤵
  PID:4384
- C:\Windows\System\yJHXXfm.exe
  C:\Windows\System\yJHXXfm.exe
  2⤵
  PID:4400
- C:\Windows\System\OzuEynt.exe
  C:\Windows\System\OzuEynt.exe
  2⤵
  PID:4420
- C:\Windows\System\iWFAdoL.exe
  C:\Windows\System\iWFAdoL.exe
  2⤵
  PID:4436
- C:\Windows\System\qLSfYwX.exe
  C:\Windows\System\qLSfYwX.exe
  2⤵
  PID:4452
- C:\Windows\System\wCGpeWy.exe
  C:\Windows\System\wCGpeWy.exe
  2⤵
  PID:4468
- C:\Windows\System\YSmeMXy.exe
  C:\Windows\System\YSmeMXy.exe
  2⤵
  PID:4492
- C:\Windows\System\ubRAMCR.exe
  C:\Windows\System\ubRAMCR.exe
  2⤵
  PID:4516
- C:\Windows\System\wlWsFnC.exe
  C:\Windows\System\wlWsFnC.exe
  2⤵
  PID:4536
- C:\Windows\System\khsvUQQ.exe
  C:\Windows\System\khsvUQQ.exe
  2⤵
  PID:4564
- C:\Windows\System\qizFTDv.exe
  C:\Windows\System\qizFTDv.exe
  2⤵
  PID:4580
- C:\Windows\System\wZmQtSC.exe
  C:\Windows\System\wZmQtSC.exe
  2⤵
  PID:4596
- C:\Windows\System\PftkkHq.exe
  C:\Windows\System\PftkkHq.exe
  2⤵
  PID:4612
- C:\Windows\System\GMIAQJE.exe
  C:\Windows\System\GMIAQJE.exe
  2⤵
  PID:4628
- C:\Windows\System\vbIgFHW.exe
  C:\Windows\System\vbIgFHW.exe
  2⤵
  PID:4644
- C:\Windows\System\jCMyCEA.exe
  C:\Windows\System\jCMyCEA.exe
  2⤵
  PID:4668
- C:\Windows\System\BqGJHuF.exe
  C:\Windows\System\BqGJHuF.exe
  2⤵
  PID:4684
- C:\Windows\System\bwnVbJB.exe
  C:\Windows\System\bwnVbJB.exe
  2⤵
  PID:4716
- C:\Windows\System\xGvqpcP.exe
  C:\Windows\System\xGvqpcP.exe
  2⤵
  PID:4732
- C:\Windows\System\hefknXG.exe
  C:\Windows\System\hefknXG.exe
  2⤵
  PID:4748
- C:\Windows\System\NIqeleY.exe
  C:\Windows\System\NIqeleY.exe
  2⤵
  PID:4776
- C:\Windows\System\iDutuKO.exe
  C:\Windows\System\iDutuKO.exe
  2⤵
  PID:4792
- C:\Windows\System\eNcgSZX.exe
  C:\Windows\System\eNcgSZX.exe
  2⤵
  PID:4808
- C:\Windows\System\TsfjXeE.exe
  C:\Windows\System\TsfjXeE.exe
  2⤵
  PID:4828
- C:\Windows\System\JCsBufx.exe
  C:\Windows\System\JCsBufx.exe
  2⤵
  PID:4848
- C:\Windows\System\oXjFOQU.exe
  C:\Windows\System\oXjFOQU.exe
  2⤵
  PID:4868
- C:\Windows\System\gkFeMaE.exe
  C:\Windows\System\gkFeMaE.exe
  2⤵
  PID:4896
- C:\Windows\System\uKBuKbE.exe
  C:\Windows\System\uKBuKbE.exe
  2⤵
  PID:4912
- C:\Windows\System\wkIXrlS.exe
  C:\Windows\System\wkIXrlS.exe
  2⤵
  PID:4928
- C:\Windows\System\mvJdjlY.exe
  C:\Windows\System\mvJdjlY.exe
  2⤵
  PID:4956
- C:\Windows\System\jnhgWua.exe
  C:\Windows\System\jnhgWua.exe
  2⤵
  PID:4972
- C:\Windows\System\qoASuxH.exe
  C:\Windows\System\qoASuxH.exe
  2⤵
  PID:4988
- C:\Windows\System\LxYHyYC.exe
  C:\Windows\System\LxYHyYC.exe
  2⤵
  PID:5008
- C:\Windows\System\VEgmRaC.exe
  C:\Windows\System\VEgmRaC.exe
  2⤵
  PID:5028
- C:\Windows\System\BsToUoa.exe
  C:\Windows\System\BsToUoa.exe
  2⤵
  PID:5048
- C:\Windows\System\ivhZROE.exe
  C:\Windows\System\ivhZROE.exe
  2⤵
  PID:5076
- C:\Windows\System\MZinZxF.exe
  C:\Windows\System\MZinZxF.exe
  2⤵
  PID:5092
- C:\Windows\System\ByKypfm.exe
  C:\Windows\System\ByKypfm.exe
  2⤵
  PID:5108
- C:\Windows\System\ECDJtTM.exe
  C:\Windows\System\ECDJtTM.exe
  2⤵
  PID:896
- C:\Windows\System\RZUFrgH.exe
  C:\Windows\System\RZUFrgH.exe
  2⤵
  PID:3516
- C:\Windows\System\uFlAaYu.exe
  C:\Windows\System\uFlAaYu.exe
  2⤵
  PID:4176
- C:\Windows\System\QptRrpB.exe
  C:\Windows\System\QptRrpB.exe
  2⤵
  PID:4196
- C:\Windows\System\vupDXyR.exe
  C:\Windows\System\vupDXyR.exe
  2⤵
  PID:4180
- C:\Windows\System\LBFGgMB.exe
  C:\Windows\System\LBFGgMB.exe
  2⤵
  PID:1028
- C:\Windows\System\uJbiAqy.exe
  C:\Windows\System\uJbiAqy.exe
  2⤵
  PID:4308
- C:\Windows\System\VftLqZJ.exe
  C:\Windows\System\VftLqZJ.exe
  2⤵
  PID:4320
- C:\Windows\System\GqnkWUL.exe
  C:\Windows\System\GqnkWUL.exe
  2⤵
  PID:4396
- C:\Windows\System\mWpJmnu.exe
  C:\Windows\System\mWpJmnu.exe
  2⤵
  PID:3640
- C:\Windows\System\MUCPCSO.exe
  C:\Windows\System\MUCPCSO.exe
  2⤵
  PID:4464
- C:\Windows\System\vIoikHD.exe
  C:\Windows\System\vIoikHD.exe
  2⤵
  PID:3564
- C:\Windows\System\UHHEfyC.exe
  C:\Windows\System\UHHEfyC.exe
  2⤵
  PID:4416
- C:\Windows\System\egFHoUe.exe
  C:\Windows\System\egFHoUe.exe
  2⤵
  PID:4348
- C:\Windows\System\hDIWzBW.exe
  C:\Windows\System\hDIWzBW.exe
  2⤵
  PID:4364
- C:\Windows\System\NOnLKzo.exe
  C:\Windows\System\NOnLKzo.exe
  2⤵
  PID:4324
- C:\Windows\System\nXnazxA.exe
  C:\Windows\System\nXnazxA.exe
  2⤵
  PID:4508
- C:\Windows\System\FFkhdJd.exe
  C:\Windows\System\FFkhdJd.exe
  2⤵
  PID:4524
- C:\Windows\System\lwyLuMi.exe
  C:\Windows\System\lwyLuMi.exe
  2⤵
  PID:4528
- C:\Windows\System\hbdnlIR.exe
  C:\Windows\System\hbdnlIR.exe
  2⤵
  PID:4560
- C:\Windows\System\XSouhBV.exe
  C:\Windows\System\XSouhBV.exe
  2⤵
  PID:4572
- C:\Windows\System\ShfXOKQ.exe
  C:\Windows\System\ShfXOKQ.exe
  2⤵
  PID:4656
- C:\Windows\System\mJgLSNp.exe
  C:\Windows\System\mJgLSNp.exe
  2⤵
  PID:4696
- C:\Windows\System\OfrWdbb.exe
  C:\Windows\System\OfrWdbb.exe
  2⤵
  PID:4744
- C:\Windows\System\vZegeEl.exe
  C:\Windows\System\vZegeEl.exe
  2⤵
  PID:2360
- C:\Windows\System\ypKXjKO.exe
  C:\Windows\System\ypKXjKO.exe
  2⤵
  PID:4824
- C:\Windows\System\aRJQEAi.exe
  C:\Windows\System\aRJQEAi.exe
  2⤵
  PID:4860
- C:\Windows\System\PbMPkaK.exe
  C:\Windows\System\PbMPkaK.exe
  2⤵
  PID:4676
- C:\Windows\System\vWiCBvt.exe
  C:\Windows\System\vWiCBvt.exe
  2⤵
  PID:5016
- C:\Windows\System\sCvujWA.exe
  C:\Windows\System\sCvujWA.exe
  2⤵
  PID:5020
- C:\Windows\System\PSirycD.exe
  C:\Windows\System\PSirycD.exe
  2⤵
  PID:4772
- C:\Windows\System\eWOgoxq.exe
  C:\Windows\System\eWOgoxq.exe
  2⤵
  PID:5064
- C:\Windows\System\AxrVWfn.exe
  C:\Windows\System\AxrVWfn.exe
  2⤵
  PID:4104
- C:\Windows\System\PrIaMmn.exe
  C:\Windows\System\PrIaMmn.exe
  2⤵
  PID:3620
- C:\Windows\System\ehDxYyB.exe
  C:\Windows\System\ehDxYyB.exe
  2⤵
  PID:4236
- C:\Windows\System\KhdbRCB.exe
  C:\Windows\System\KhdbRCB.exe
  2⤵
  PID:4428
- C:\Windows\System\EatbTQT.exe
  C:\Windows\System\EatbTQT.exe
  2⤵
  PID:5040
- C:\Windows\System\ZYWsCma.exe
  C:\Windows\System\ZYWsCma.exe
  2⤵
  PID:4880
- C:\Windows\System\gzOZqJR.exe
  C:\Windows\System\gzOZqJR.exe
  2⤵
  PID:5088
- C:\Windows\System\mOjFIgA.exe
  C:\Windows\System\mOjFIgA.exe
  2⤵
  PID:4204
- C:\Windows\System\YccDYad.exe
  C:\Windows\System\YccDYad.exe
  2⤵
  PID:4392
- C:\Windows\System\YLsmFLk.exe
  C:\Windows\System\YLsmFLk.exe
  2⤵
  PID:3872
- C:\Windows\System\OKykRPj.exe
  C:\Windows\System\OKykRPj.exe
  2⤵
  PID:5036
- C:\Windows\System\CTQeAFG.exe
  C:\Windows\System\CTQeAFG.exe
  2⤵
  PID:2308
- C:\Windows\System\tuXueQf.exe
  C:\Windows\System\tuXueQf.exe
  2⤵
  PID:4284
- C:\Windows\System\MlDGpds.exe
  C:\Windows\System\MlDGpds.exe
  2⤵
  PID:4360
- C:\Windows\System\UnYsIGI.exe
  C:\Windows\System\UnYsIGI.exe
  2⤵
  PID:4484
- C:\Windows\System\dWqQlUk.exe
  C:\Windows\System\dWqQlUk.exe
  2⤵
  PID:4624
- C:\Windows\System\CXDGiHs.exe
  C:\Windows\System\CXDGiHs.exe
  2⤵
  PID:4740
- C:\Windows\System\PVImVzf.exe
  C:\Windows\System\PVImVzf.exe
  2⤵
  PID:4664
- C:\Windows\System\VQSIXkP.exe
  C:\Windows\System\VQSIXkP.exe
  2⤵
  PID:4820
- C:\Windows\System\yGSZCWl.exe
  C:\Windows\System\yGSZCWl.exe
  2⤵
  PID:4592
- C:\Windows\System\YSbUNSH.exe
  C:\Windows\System\YSbUNSH.exe
  2⤵
  PID:4728
- C:\Windows\System\AmczSDu.exe
  C:\Windows\System\AmczSDu.exe
  2⤵
  PID:4784
- C:\Windows\System\YwzuzEx.exe
  C:\Windows\System\YwzuzEx.exe
  2⤵
  PID:4936
- C:\Windows\System\fXrxyCS.exe
  C:\Windows\System\fXrxyCS.exe
  2⤵
  PID:5072
- C:\Windows\System\fdHutnv.exe
  C:\Windows\System\fdHutnv.exe
  2⤵
  PID:4264
- C:\Windows\System\bYXwImo.exe
  C:\Windows\System\bYXwImo.exe
  2⤵
  PID:4876
- C:\Windows\System\HHJtdIw.exe
  C:\Windows\System\HHJtdIw.exe
  2⤵
  PID:3112
- C:\Windows\System\TcSisMw.exe
  C:\Windows\System\TcSisMw.exe
  2⤵
  PID:4888
- C:\Windows\System\thzzYuo.exe
  C:\Windows\System\thzzYuo.exe
  2⤵
  PID:4188
- C:\Windows\System\abWqreh.exe
  C:\Windows\System\abWqreh.exe
  2⤵
  PID:4304
- C:\Windows\System\kyDbIvn.exe
  C:\Windows\System\kyDbIvn.exe
  2⤵
  PID:4136
- C:\Windows\System\xOEjSnh.exe
  C:\Windows\System\xOEjSnh.exe
  2⤵
  PID:4332
- C:\Windows\System\xMVhBOn.exe
  C:\Windows\System\xMVhBOn.exe
  2⤵
  PID:4356
- C:\Windows\System\bhBoKzU.exe
  C:\Windows\System\bhBoKzU.exe
  2⤵
  PID:4940
- C:\Windows\System\bSRgtcR.exe
  C:\Windows\System\bSRgtcR.exe
  2⤵
  PID:4556
- C:\Windows\System\plZXcRO.exe
  C:\Windows\System\plZXcRO.exe
  2⤵
  PID:4948
- C:\Windows\System\DlGwVnI.exe
  C:\Windows\System\DlGwVnI.exe
  2⤵
  PID:4380
- C:\Windows\System\wGxfubb.exe
  C:\Windows\System\wGxfubb.exe
  2⤵
  PID:4892
- C:\Windows\System\FAfxsMP.exe
  C:\Windows\System\FAfxsMP.exe
  2⤵
  PID:2476
- C:\Windows\System\Frswqqy.exe
  C:\Windows\System\Frswqqy.exe
  2⤵
  PID:4164
- C:\Windows\System\eLbmPIO.exe
  C:\Windows\System\eLbmPIO.exe
  2⤵
  PID:4192
- C:\Windows\System\hlAoRYD.exe
  C:\Windows\System\hlAoRYD.exe
  2⤵
  PID:4292
- C:\Windows\System\deCDxli.exe
  C:\Windows\System\deCDxli.exe
  2⤵
  PID:2640
- C:\Windows\System\aNisXey.exe
  C:\Windows\System\aNisXey.exe
  2⤵
  PID:4920
- C:\Windows\System\PnMjogH.exe
  C:\Windows\System\PnMjogH.exe
  2⤵
  PID:4588
- C:\Windows\System\vnYYpTc.exe
  C:\Windows\System\vnYYpTc.exe
  2⤵
  PID:4604
- C:\Windows\System\AAxPnPu.exe
  C:\Windows\System\AAxPnPu.exe
  2⤵
  PID:4268
- C:\Windows\System\iIgsrKZ.exe
  C:\Windows\System\iIgsrKZ.exe
  2⤵
  PID:4980
- C:\Windows\System\vLDZlrU.exe
  C:\Windows\System\vLDZlrU.exe
  2⤵
  PID:4372
- C:\Windows\System\HugCtCi.exe
  C:\Windows\System\HugCtCi.exe
  2⤵
  PID:4724
- C:\Windows\System\MazVpuQ.exe
  C:\Windows\System\MazVpuQ.exe
  2⤵
  PID:5100
- C:\Windows\System\uCsStXC.exe
  C:\Windows\System\uCsStXC.exe
  2⤵
  PID:4220
- C:\Windows\System\tThaAZv.exe
  C:\Windows\System\tThaAZv.exe
  2⤵
  PID:5004
- C:\Windows\System\xnTpUGE.exe
  C:\Windows\System\xnTpUGE.exe
  2⤵
  PID:4500
- C:\Windows\System\okSPAdv.exe
  C:\Windows\System\okSPAdv.exe
  2⤵
  PID:4140
- C:\Windows\System\fAxmheW.exe
  C:\Windows\System\fAxmheW.exe
  2⤵
  PID:5104
- C:\Windows\System\lUHVcaX.exe
  C:\Windows\System\lUHVcaX.exe
  2⤵
  PID:5128
- C:\Windows\System\vhsZhOl.exe
  C:\Windows\System\vhsZhOl.exe
  2⤵
  PID:5144
- C:\Windows\System\HVrLJbC.exe
  C:\Windows\System\HVrLJbC.exe
  2⤵
  PID:5160
- C:\Windows\System\tnLwcgx.exe
  C:\Windows\System\tnLwcgx.exe
  2⤵
  PID:5176
- C:\Windows\System\nlxNOrP.exe
  C:\Windows\System\nlxNOrP.exe
  2⤵
  PID:5192
- C:\Windows\System\kGGBJMR.exe
  C:\Windows\System\kGGBJMR.exe
  2⤵
  PID:5212
- C:\Windows\System\HVzHFFd.exe
  C:\Windows\System\HVzHFFd.exe
  2⤵
  PID:5236
- C:\Windows\System\flenkJr.exe
  C:\Windows\System\flenkJr.exe
  2⤵
  PID:5252
- C:\Windows\System\eNdqbVc.exe
  C:\Windows\System\eNdqbVc.exe
  2⤵
  PID:5268
- C:\Windows\System\viDzVeo.exe
  C:\Windows\System\viDzVeo.exe
  2⤵
  PID:5284
- C:\Windows\System\BLnEvbT.exe
  C:\Windows\System\BLnEvbT.exe
  2⤵
  PID:5300
- C:\Windows\System\xSkFCPR.exe
  C:\Windows\System\xSkFCPR.exe
  2⤵
  PID:5360
- C:\Windows\System\NrYJROt.exe
  C:\Windows\System\NrYJROt.exe
  2⤵
  PID:5376
- C:\Windows\System\AYDOGMC.exe
  C:\Windows\System\AYDOGMC.exe
  2⤵
  PID:5392
- C:\Windows\System\ERQBEvV.exe
  C:\Windows\System\ERQBEvV.exe
  2⤵
  PID:5408
- C:\Windows\System\dmKLxQj.exe
  C:\Windows\System\dmKLxQj.exe
  2⤵
  PID:5424
- C:\Windows\System\fJfslYP.exe
  C:\Windows\System\fJfslYP.exe
  2⤵
  PID:5448
- C:\Windows\System\nrvVYaC.exe
  C:\Windows\System\nrvVYaC.exe
  2⤵
  PID:5472
- C:\Windows\System\PfrRqKt.exe
  C:\Windows\System\PfrRqKt.exe
  2⤵
  PID:5492
- C:\Windows\System\GiqlEXr.exe
  C:\Windows\System\GiqlEXr.exe
  2⤵
  PID:5512
- C:\Windows\System\PEgdfot.exe
  C:\Windows\System\PEgdfot.exe
  2⤵
  PID:5536
- C:\Windows\System\DBdaBKm.exe
  C:\Windows\System\DBdaBKm.exe
  2⤵
  PID:5552
- C:\Windows\System\ztpVked.exe
  C:\Windows\System\ztpVked.exe
  2⤵
  PID:5568
- C:\Windows\System\YIyXJeA.exe
  C:\Windows\System\YIyXJeA.exe
  2⤵
  PID:5600
- C:\Windows\System\rhvfZoK.exe
  C:\Windows\System\rhvfZoK.exe
  2⤵
  PID:5616
- C:\Windows\System\vkelYAE.exe
  C:\Windows\System\vkelYAE.exe
  2⤵
  PID:5632
- C:\Windows\System\OiKyanR.exe
  C:\Windows\System\OiKyanR.exe
  2⤵
  PID:5660
- C:\Windows\System\mxALCzT.exe
  C:\Windows\System\mxALCzT.exe
  2⤵
  PID:5680
- C:\Windows\System\TCiyiTA.exe
  C:\Windows\System\TCiyiTA.exe
  2⤵
  PID:5696
- C:\Windows\System\QFuCubB.exe
  C:\Windows\System\QFuCubB.exe
  2⤵
  PID:5712
- C:\Windows\System\YmHUgfG.exe
  C:\Windows\System\YmHUgfG.exe
  2⤵
  PID:5728
- C:\Windows\System\PtdBPja.exe
  C:\Windows\System\PtdBPja.exe
  2⤵
  PID:5744
- C:\Windows\System\ILupXiQ.exe
  C:\Windows\System\ILupXiQ.exe
  2⤵
  PID:5764
- C:\Windows\System\EOyefgE.exe
  C:\Windows\System\EOyefgE.exe
  2⤵
  PID:5784
- C:\Windows\System\vGwuwBe.exe
  C:\Windows\System\vGwuwBe.exe
  2⤵
  PID:5800
- C:\Windows\System\aSiUmxl.exe
  C:\Windows\System\aSiUmxl.exe
  2⤵
  PID:5816
- C:\Windows\System\UpmZBNz.exe
  C:\Windows\System\UpmZBNz.exe
  2⤵
  PID:5832
- C:\Windows\System\kncEZgK.exe
  C:\Windows\System\kncEZgK.exe
  2⤵
  PID:5856
- C:\Windows\System\PinrfBy.exe
  C:\Windows\System\PinrfBy.exe
  2⤵
  PID:5876
- C:\Windows\System\IoJkkXG.exe
  C:\Windows\System\IoJkkXG.exe
  2⤵
  PID:5892
- C:\Windows\System\nOBXUvu.exe
  C:\Windows\System\nOBXUvu.exe
  2⤵
  PID:5944
- C:\Windows\System\RLTLVIr.exe
  C:\Windows\System\RLTLVIr.exe
  2⤵
  PID:5964
- C:\Windows\System\IPMSkvc.exe
  C:\Windows\System\IPMSkvc.exe
  2⤵
  PID:5984
- C:\Windows\System\jObfsDz.exe
  C:\Windows\System\jObfsDz.exe
  2⤵
  PID:6004
- C:\Windows\System\maiXxdW.exe
  C:\Windows\System\maiXxdW.exe
  2⤵
  PID:6024
- C:\Windows\System\rIIVohK.exe
  C:\Windows\System\rIIVohK.exe
  2⤵
  PID:6040
- C:\Windows\System\eFWHByf.exe
  C:\Windows\System\eFWHByf.exe
  2⤵
  PID:6056
- C:\Windows\System\QgvhsoK.exe
  C:\Windows\System\QgvhsoK.exe
  2⤵
  PID:6072
- C:\Windows\System\DRRKgzo.exe
  C:\Windows\System\DRRKgzo.exe
  2⤵
  PID:6096
- C:\Windows\System\gGMfGqi.exe
  C:\Windows\System\gGMfGqi.exe
  2⤵
  PID:6112
- C:\Windows\System\IpxFfsy.exe
  C:\Windows\System\IpxFfsy.exe
  2⤵
  PID:6128
- C:\Windows\System\OnpnowC.exe
  C:\Windows\System\OnpnowC.exe
  2⤵
  PID:4768
- C:\Windows\System\JfcafTi.exe
  C:\Windows\System\JfcafTi.exe
  2⤵
  PID:2560
- C:\Windows\System\tPWaVCL.exe
  C:\Windows\System\tPWaVCL.exe
  2⤵
  PID:5124
- C:\Windows\System\GnHksaB.exe
  C:\Windows\System\GnHksaB.exe
  2⤵
  PID:5220
- C:\Windows\System\HVWxetx.exe
  C:\Windows\System\HVWxetx.exe
  2⤵
  PID:5292
- C:\Windows\System\FcIqFHT.exe
  C:\Windows\System\FcIqFHT.exe
  2⤵
  PID:5248
- C:\Windows\System\YNDTbMC.exe
  C:\Windows\System\YNDTbMC.exe
  2⤵
  PID:5324
- C:\Windows\System\TZCWEqC.exe
  C:\Windows\System\TZCWEqC.exe
  2⤵
  PID:5340
- C:\Windows\System\tOxPMdY.exe
  C:\Windows\System\tOxPMdY.exe
  2⤵
  PID:5356
- C:\Windows\System\xfxikjv.exe
  C:\Windows\System\xfxikjv.exe
  2⤵
  PID:5420
- C:\Windows\System\VlttZdc.exe
  C:\Windows\System\VlttZdc.exe
  2⤵
  PID:5456
- C:\Windows\System\tOYjXsv.exe
  C:\Windows\System\tOYjXsv.exe
  2⤵
  PID:5500
- C:\Windows\System\yHPKmaL.exe
  C:\Windows\System\yHPKmaL.exe
  2⤵
  PID:5440
- C:\Windows\System\FDdGyjk.exe
  C:\Windows\System\FDdGyjk.exe
  2⤵
  PID:5372
- C:\Windows\System\KEzrViC.exe
  C:\Windows\System\KEzrViC.exe
  2⤵
  PID:5548
- C:\Windows\System\wafFhwT.exe
  C:\Windows\System\wafFhwT.exe
  2⤵
  PID:5592
- C:\Windows\System\JGAfAUQ.exe
  C:\Windows\System\JGAfAUQ.exe
  2⤵
  PID:5524
- C:\Windows\System\xypjnwk.exe
  C:\Windows\System\xypjnwk.exe
  2⤵
  PID:5652
- C:\Windows\System\IjMCeDz.exe
  C:\Windows\System\IjMCeDz.exe
  2⤵
  PID:5644
- C:\Windows\System\NWnfRSV.exe
  C:\Windows\System\NWnfRSV.exe
  2⤵
  PID:5704
- C:\Windows\System\TOaOddz.exe
  C:\Windows\System\TOaOddz.exe
  2⤵
  PID:5840
- C:\Windows\System\ZyKQHGd.exe
  C:\Windows\System\ZyKQHGd.exe
  2⤵
  PID:5848
- C:\Windows\System\tEjIfCK.exe
  C:\Windows\System\tEjIfCK.exe
  2⤵
  PID:5692
- C:\Windows\System\soIRIPS.exe
  C:\Windows\System\soIRIPS.exe
  2⤵
  PID:5760
- C:\Windows\System\WzJrtve.exe
  C:\Windows\System\WzJrtve.exe
  2⤵
  PID:5868
- C:\Windows\System\VPmfboG.exe
  C:\Windows\System\VPmfboG.exe
  2⤵
  PID:5792
- C:\Windows\System\TIXZJab.exe
  C:\Windows\System\TIXZJab.exe
  2⤵
  PID:5932
- C:\Windows\System\bRmdgCA.exe
  C:\Windows\System\bRmdgCA.exe
  2⤵
  PID:5908
- C:\Windows\System\QVtfnAT.exe
  C:\Windows\System\QVtfnAT.exe
  2⤵
  PID:5956
- C:\Windows\System\GXUnNIS.exe
  C:\Windows\System\GXUnNIS.exe
  2⤵
  PID:5996
- C:\Windows\System\miPnZin.exe
  C:\Windows\System\miPnZin.exe
  2⤵
  PID:6064
- C:\Windows\System\qMrfyQr.exe
  C:\Windows\System\qMrfyQr.exe
  2⤵
  PID:6108
- C:\Windows\System\TCryHYF.exe
  C:\Windows\System\TCryHYF.exe
  2⤵
  PID:6020
- C:\Windows\System\RFhsCdp.exe
  C:\Windows\System\RFhsCdp.exe
  2⤵
  PID:5156
- C:\Windows\System\ItWoBax.exe
  C:\Windows\System\ItWoBax.exe
  2⤵
  PID:6092
- C:\Windows\System\RGPFCEJ.exe
  C:\Windows\System\RGPFCEJ.exe
  2⤵
  PID:4156
- C:\Windows\System\GUqZiOz.exe
  C:\Windows\System\GUqZiOz.exe
  2⤵
  PID:5276
- C:\Windows\System\dMyIvPr.exe
  C:\Windows\System\dMyIvPr.exe
  2⤵
  PID:5136
- C:\Windows\System\mTTAxCG.exe
  C:\Windows\System\mTTAxCG.exe
  2⤵
  PID:5320
- C:\Windows\System\IlgNJNj.exe
  C:\Windows\System\IlgNJNj.exe
  2⤵
  PID:5232
- C:\Windows\System\vJHaArp.exe
  C:\Windows\System\vJHaArp.exe
  2⤵
  PID:5484
- C:\Windows\System\dVgMZED.exe
  C:\Windows\System\dVgMZED.exe
  2⤵
  PID:5388
- C:\Windows\System\UqpapxT.exe
  C:\Windows\System\UqpapxT.exe
  2⤵
  PID:5404
- C:\Windows\System\nTzuZTp.exe
  C:\Windows\System\nTzuZTp.exe
  2⤵
  PID:5624
- C:\Windows\System\OWfNspg.exe
  C:\Windows\System\OWfNspg.exe
  2⤵
  PID:5368
- C:\Windows\System\eLMSQYm.exe
  C:\Windows\System\eLMSQYm.exe
  2⤵
  PID:5672
- C:\Windows\System\jWlrrme.exe
  C:\Windows\System\jWlrrme.exe
  2⤵
  PID:2288
- C:\Windows\System\RiZsZSI.exe
  C:\Windows\System\RiZsZSI.exe
  2⤵
  PID:5828
- C:\Windows\System\qkkonND.exe
  C:\Windows\System\qkkonND.exe
  2⤵
  PID:5912
- C:\Windows\System\uQCrnYB.exe
  C:\Windows\System\uQCrnYB.exe
  2⤵
  PID:4160
- C:\Windows\System\XIVgFdL.exe
  C:\Windows\System\XIVgFdL.exe
  2⤵
  PID:5184
- C:\Windows\System\eAgjMNr.exe
  C:\Windows\System\eAgjMNr.exe
  2⤵
  PID:5756
- C:\Windows\System\WlfwDjN.exe
  C:\Windows\System\WlfwDjN.exe
  2⤵
  PID:5752
- C:\Windows\System\HZHeVjO.exe
  C:\Windows\System\HZHeVjO.exe
  2⤵
  PID:5976
- C:\Windows\System\xwwetBs.exe
  C:\Windows\System\xwwetBs.exe
  2⤵
  PID:5580
- C:\Windows\System\KaNpdkz.exe
  C:\Windows\System\KaNpdkz.exe
  2⤵
  PID:5168
- C:\Windows\System\ukvVjok.exe
  C:\Windows\System\ukvVjok.exe
  2⤵
  PID:5436
- C:\Windows\System\MNnHika.exe
  C:\Windows\System\MNnHika.exe
  2⤵
  PID:5560
- C:\Windows\System\HvhZsKM.exe
  C:\Windows\System\HvhZsKM.exe
  2⤵
  PID:5608
- C:\Windows\System\XZehvyh.exe
  C:\Windows\System\XZehvyh.exe
  2⤵
  PID:5564
- C:\Windows\System\CtfeTOv.exe
  C:\Windows\System\CtfeTOv.exe
  2⤵
  PID:5532
- C:\Windows\System\NIJLwgP.exe
  C:\Windows\System\NIJLwgP.exe
  2⤵
  PID:5916
- C:\Windows\System\zvsFvIA.exe
  C:\Windows\System\zvsFvIA.exe
  2⤵
  PID:5724
- C:\Windows\System\LtVcJlH.exe
  C:\Windows\System\LtVcJlH.exe
  2⤵
  PID:5884
- C:\Windows\System\bZfJJUJ.exe
  C:\Windows\System\bZfJJUJ.exe
  2⤵
  PID:5264
- C:\Windows\System\WJBNqTf.exe
  C:\Windows\System\WJBNqTf.exe
  2⤵
  PID:4344
- C:\Windows\System\tHBzIil.exe
  C:\Windows\System\tHBzIil.exe
  2⤵
  PID:5204
- C:\Windows\System\PJJVmKC.exe
  C:\Windows\System\PJJVmKC.exe
  2⤵
  PID:5228
- C:\Windows\System\TYodmtW.exe
  C:\Windows\System\TYodmtW.exe
  2⤵
  PID:5544
- C:\Windows\System\bVoxpiy.exe
  C:\Windows\System\bVoxpiy.exe
  2⤵
  PID:1976
- C:\Windows\System\MnCYiOk.exe
  C:\Windows\System\MnCYiOk.exe
  2⤵
  PID:6168
- C:\Windows\System\Ygbnqds.exe
  C:\Windows\System\Ygbnqds.exe
  2⤵
  PID:6192
- C:\Windows\System\gnjtGqW.exe
  C:\Windows\System\gnjtGqW.exe
  2⤵
  PID:6208
- C:\Windows\System\NlSlBkJ.exe
  C:\Windows\System\NlSlBkJ.exe
  2⤵
  PID:6236
- C:\Windows\System\ioVONGd.exe
  C:\Windows\System\ioVONGd.exe
  2⤵
  PID:6252
- C:\Windows\System\VvWXDJV.exe
  C:\Windows\System\VvWXDJV.exe
  2⤵
  PID:6268
- C:\Windows\System\tJptAuC.exe
  C:\Windows\System\tJptAuC.exe
  2⤵
  PID:6284
- C:\Windows\System\JiaufSa.exe
  C:\Windows\System\JiaufSa.exe
  2⤵
  PID:6304
- C:\Windows\System\pqqIqux.exe
  C:\Windows\System\pqqIqux.exe
  2⤵
  PID:6324
- C:\Windows\System\rYZnUPX.exe
  C:\Windows\System\rYZnUPX.exe
  2⤵
  PID:6340
- C:\Windows\System\KHIgOPE.exe
  C:\Windows\System\KHIgOPE.exe
  2⤵
  PID:6356
- C:\Windows\System\LKFUqSm.exe
  C:\Windows\System\LKFUqSm.exe
  2⤵
  PID:6372
- C:\Windows\System\KwcBiWU.exe
  C:\Windows\System\KwcBiWU.exe
  2⤵
  PID:6392
- C:\Windows\System\DlUXnLo.exe
  C:\Windows\System\DlUXnLo.exe
  2⤵
  PID:6416
- C:\Windows\System\LPuonSC.exe
  C:\Windows\System\LPuonSC.exe
  2⤵
  PID:6436
- C:\Windows\System\hsGMzpD.exe
  C:\Windows\System\hsGMzpD.exe
  2⤵
  PID:6456
- C:\Windows\System\jQqhaUO.exe
  C:\Windows\System\jQqhaUO.exe
  2⤵
  PID:6472
- C:\Windows\System\lfAbViq.exe
  C:\Windows\System\lfAbViq.exe
  2⤵
  PID:6528
- C:\Windows\System\PBMQYmb.exe
  C:\Windows\System\PBMQYmb.exe
  2⤵
  PID:6544
- C:\Windows\System\RGpseXl.exe
  C:\Windows\System\RGpseXl.exe
  2⤵
  PID:6560
- C:\Windows\System\IhZmTaD.exe
  C:\Windows\System\IhZmTaD.exe
  2⤵
  PID:6576
- C:\Windows\System\dgchcJN.exe
  C:\Windows\System\dgchcJN.exe
  2⤵
  PID:6592
- C:\Windows\System\OrogGwW.exe
  C:\Windows\System\OrogGwW.exe
  2⤵
  PID:6608
- C:\Windows\System\zSzHxzM.exe
  C:\Windows\System\zSzHxzM.exe
  2⤵
  PID:6624
- C:\Windows\System\rwDZvHd.exe
  C:\Windows\System\rwDZvHd.exe
  2⤵
  PID:6640
- C:\Windows\System\uutHlgZ.exe
  C:\Windows\System\uutHlgZ.exe
  2⤵
  PID:6656
- C:\Windows\System\NfGMWwX.exe
  C:\Windows\System\NfGMWwX.exe
  2⤵
  PID:6672
- C:\Windows\System\ZwqGOvP.exe
  C:\Windows\System\ZwqGOvP.exe
  2⤵
  PID:6688
- C:\Windows\System\ClwHwkf.exe
  C:\Windows\System\ClwHwkf.exe
  2⤵
  PID:6704
- C:\Windows\System\ZVFyItb.exe
  C:\Windows\System\ZVFyItb.exe
  2⤵
  PID:6720
- C:\Windows\System\YnesoyY.exe
  C:\Windows\System\YnesoyY.exe
  2⤵
  PID:6736
- C:\Windows\System\EAuYotJ.exe
  C:\Windows\System\EAuYotJ.exe
  2⤵
  PID:6752
- C:\Windows\System\jcALyYj.exe
  C:\Windows\System\jcALyYj.exe
  2⤵
  PID:6772
- C:\Windows\System\HdIVuZF.exe
  C:\Windows\System\HdIVuZF.exe
  2⤵
  PID:6788
- C:\Windows\System\QSFTxhn.exe
  C:\Windows\System\QSFTxhn.exe
  2⤵
  PID:6804
- C:\Windows\System\yjvBBaA.exe
  C:\Windows\System\yjvBBaA.exe
  2⤵
  PID:6820
- C:\Windows\System\ajWRfRK.exe
  C:\Windows\System\ajWRfRK.exe
  2⤵
  PID:6836
- C:\Windows\System\MXvzIwD.exe
  C:\Windows\System\MXvzIwD.exe
  2⤵
  PID:6852
- C:\Windows\System\IhVobgQ.exe
  C:\Windows\System\IhVobgQ.exe
  2⤵
  PID:6868
- C:\Windows\System\ljrsNkQ.exe
  C:\Windows\System\ljrsNkQ.exe
  2⤵
  PID:6884
- C:\Windows\System\ppgwgde.exe
  C:\Windows\System\ppgwgde.exe
  2⤵
  PID:6900
- C:\Windows\System\BqEfqZj.exe
  C:\Windows\System\BqEfqZj.exe
  2⤵
  PID:6916
- C:\Windows\System\HroefHt.exe
  C:\Windows\System\HroefHt.exe
  2⤵
  PID:6932
- C:\Windows\System\oxigKoJ.exe
  C:\Windows\System\oxigKoJ.exe
  2⤵
  PID:6956
- C:\Windows\System\UiUmFJZ.exe
  C:\Windows\System\UiUmFJZ.exe
  2⤵
  PID:6972
- C:\Windows\System\nlICSNP.exe
  C:\Windows\System\nlICSNP.exe
  2⤵
  PID:6988
- C:\Windows\System\zAqIYga.exe
  C:\Windows\System\zAqIYga.exe
  2⤵
  PID:7012
- C:\Windows\System\nVPLKKt.exe
  C:\Windows\System\nVPLKKt.exe
  2⤵
  PID:7032
- C:\Windows\System\ZslEPrw.exe
  C:\Windows\System\ZslEPrw.exe
  2⤵
  PID:7052
- C:\Windows\System\mJbSadm.exe
  C:\Windows\System\mJbSadm.exe
  2⤵
  PID:7068
- C:\Windows\System\ueZxZMN.exe
  C:\Windows\System\ueZxZMN.exe
  2⤵
  PID:7088
- C:\Windows\System\NzwyAnb.exe
  C:\Windows\System\NzwyAnb.exe
  2⤵
  PID:7108
- C:\Windows\System\ICIbctf.exe
  C:\Windows\System\ICIbctf.exe
  2⤵
  PID:7124
- C:\Windows\System\aMyqiRV.exe
  C:\Windows\System\aMyqiRV.exe
  2⤵
  PID:7140
- C:\Windows\System\foGiOBf.exe
  C:\Windows\System\foGiOBf.exe
  2⤵
  PID:7156
- C:\Windows\System\BDvGHVa.exe
  C:\Windows\System\BDvGHVa.exe
  2⤵
  PID:6032
- C:\Windows\System\IFJjyvH.exe
  C:\Windows\System\IFJjyvH.exe
  2⤵
  PID:6036
- C:\Windows\System\bhMJJBn.exe
  C:\Windows\System\bhMJJBn.exe
  2⤵
  PID:6164
- C:\Windows\System\GwffJnN.exe
  C:\Windows\System\GwffJnN.exe
  2⤵
  PID:6244
- C:\Windows\System\eiSHmfS.exe
  C:\Windows\System\eiSHmfS.exe
  2⤵
  PID:5808
- C:\Windows\System\hgjhrOD.exe
  C:\Windows\System\hgjhrOD.exe
  2⤵
  PID:6320
- C:\Windows\System\DSmhxyd.exe
  C:\Windows\System\DSmhxyd.exe
  2⤵
  PID:5812
- C:\Windows\System\pXHFexy.exe
  C:\Windows\System\pXHFexy.exe
  2⤵
  PID:4760
- C:\Windows\System\bTlxkDS.exe
  C:\Windows\System\bTlxkDS.exe
  2⤵
  PID:5588
- C:\Windows\System\YDZAWdw.exe
  C:\Windows\System\YDZAWdw.exe
  2⤵
  PID:5172
- C:\Windows\System\SAHDQje.exe
  C:\Windows\System\SAHDQje.exe
  2⤵
  PID:6228
- C:\Windows\System\QkMZTOg.exe
  C:\Windows\System\QkMZTOg.exe
  2⤵
  PID:6428
- C:\Windows\System\ECfQsXp.exe
  C:\Windows\System\ECfQsXp.exe
  2⤵
  PID:6296
- C:\Windows\System\djQFhiy.exe
  C:\Windows\System\djQFhiy.exe
  2⤵
  PID:6444
- C:\Windows\System\FSgaFCC.exe
  C:\Windows\System\FSgaFCC.exe
  2⤵
  PID:6496
- C:\Windows\System\TSoJjPP.exe
  C:\Windows\System\TSoJjPP.exe
  2⤵
  PID:6484
- C:\Windows\System\jDBLacA.exe
  C:\Windows\System\jDBLacA.exe
  2⤵
  PID:6516
- C:\Windows\System\XjyFvTi.exe
  C:\Windows\System\XjyFvTi.exe
  2⤵
  PID:6332
- C:\Windows\System\rOyknKv.exe
  C:\Windows\System\rOyknKv.exe
  2⤵
  PID:6408
- C:\Windows\System\PYtKkhY.exe
  C:\Windows\System\PYtKkhY.exe
  2⤵
  PID:5316
- C:\Windows\System\UZtmRMT.exe
  C:\Windows\System\UZtmRMT.exe
  2⤵
  PID:2852
- C:\Windows\System\ZTCahHR.exe
  C:\Windows\System\ZTCahHR.exe
  2⤵
  PID:6636
- C:\Windows\System\NMNeVSA.exe
  C:\Windows\System\NMNeVSA.exe
  2⤵
  PID:6732
- C:\Windows\System\FZaCeLy.exe
  C:\Windows\System\FZaCeLy.exe
  2⤵
  PID:6760
- C:\Windows\System\uKbCpnw.exe
  C:\Windows\System\uKbCpnw.exe
  2⤵
  PID:6832
- C:\Windows\System\BLNdaqd.exe
  C:\Windows\System\BLNdaqd.exe
  2⤵
  PID:6896
- C:\Windows\System\sCCnJsl.exe
  C:\Windows\System\sCCnJsl.exe
  2⤵
  PID:6968
- C:\Windows\System\ajuGGPE.exe
  C:\Windows\System\ajuGGPE.exe
  2⤵
  PID:6812
- C:\Windows\System\EUQlzvZ.exe
  C:\Windows\System\EUQlzvZ.exe
  2⤵
  PID:7044
- C:\Windows\System\pKxsYgc.exe
  C:\Windows\System\pKxsYgc.exe
  2⤵
  PID:6952
- C:\Windows\System\yeeQumA.exe
  C:\Windows\System\yeeQumA.exe
  2⤵
  PID:6848
- C:\Windows\System\uXkwvNn.exe
  C:\Windows\System\uXkwvNn.exe
  2⤵
  PID:6912
- C:\Windows\System\lqBkzBL.exe
  C:\Windows\System\lqBkzBL.exe
  2⤵
  PID:6944
- C:\Windows\System\UsYrKAK.exe
  C:\Windows\System\UsYrKAK.exe
  2⤵
  PID:7064
- C:\Windows\System\rZpBvbo.exe
  C:\Windows\System\rZpBvbo.exe
  2⤵
  PID:7096
- C:\Windows\System\QkzTLWV.exe
  C:\Windows\System\QkzTLWV.exe
  2⤵
  PID:7104
- C:\Windows\System\BuDIrJv.exe
  C:\Windows\System\BuDIrJv.exe
  2⤵
  PID:7152
- C:\Windows\System\VXNIqce.exe
  C:\Windows\System\VXNIqce.exe
  2⤵
  PID:5824
- C:\Windows\System\lTOycoH.exe
  C:\Windows\System\lTOycoH.exe
  2⤵
  PID:7164
- C:\Windows\System\sEalsiq.exe
  C:\Windows\System\sEalsiq.exe
  2⤵
  PID:5336
- C:\Windows\System\BEVlkKy.exe
  C:\Windows\System\BEVlkKy.exe
  2⤵
  PID:5468
- C:\Windows\System\AICRkgm.exe
  C:\Windows\System\AICRkgm.exe
  2⤵
  PID:6424
- C:\Windows\System\AhGYjor.exe
  C:\Windows\System\AhGYjor.exe
  2⤵
  PID:6352
- C:\Windows\System\vcJeeGZ.exe
  C:\Windows\System\vcJeeGZ.exe
  2⤵
  PID:6400
- C:\Windows\System\TDumqFw.exe
  C:\Windows\System\TDumqFw.exe
  2⤵
  PID:6264
- C:\Windows\System\FEysIlF.exe
  C:\Windows\System\FEysIlF.exe
  2⤵
  PID:6480
- C:\Windows\System\euLoYJf.exe
  C:\Windows\System\euLoYJf.exe
  2⤵
  PID:6508
- C:\Windows\System\KHQPGrn.exe
  C:\Windows\System\KHQPGrn.exe
  2⤵
  PID:6368
- C:\Windows\System\azdEEAm.exe
  C:\Windows\System\azdEEAm.exe
  2⤵
  PID:6188
- C:\Windows\System\TbbZPJY.exe
  C:\Windows\System\TbbZPJY.exe
  2⤵
  PID:6556
- C:\Windows\System\ZSeMiat.exe
  C:\Windows\System\ZSeMiat.exe
  2⤵
  PID:6600
- C:\Windows\System\WqrJiEi.exe
  C:\Windows\System\WqrJiEi.exe
  2⤵
  PID:6712
- C:\Windows\System\sRaRDla.exe
  C:\Windows\System\sRaRDla.exe
  2⤵
  PID:2900
- C:\Windows\System\VVNBrDW.exe
  C:\Windows\System\VVNBrDW.exe
  2⤵
  PID:6652
- C:\Windows\System\cFBpNpI.exe
  C:\Windows\System\cFBpNpI.exe
  2⤵
  PID:6684
- C:\Windows\System\LuYAByN.exe
  C:\Windows\System\LuYAByN.exe
  2⤵
  PID:6892
- C:\Windows\System\pyVFePl.exe
  C:\Windows\System\pyVFePl.exe
  2⤵
  PID:6948
- C:\Windows\System\zmziKxV.exe
  C:\Windows\System\zmziKxV.exe
  2⤵
  PID:7008
- C:\Windows\System\CUkJVfu.exe
  C:\Windows\System\CUkJVfu.exe
  2⤵
  PID:5992
- C:\Windows\System\TkGKyDy.exe
  C:\Windows\System\TkGKyDy.exe
  2⤵
  PID:5844
- C:\Windows\System\hYRBPrX.exe
  C:\Windows\System\hYRBPrX.exe
  2⤵
  PID:6504
- C:\Windows\System\jShaHXu.exe
  C:\Windows\System\jShaHXu.exe
  2⤵
  PID:6604
- C:\Windows\System\pRenXuH.exe
  C:\Windows\System\pRenXuH.exe
  2⤵
  PID:6764
- C:\Windows\System\nJiGbhl.exe
  C:\Windows\System\nJiGbhl.exe
  2⤵
  PID:6964
- C:\Windows\System\dzEqRch.exe
  C:\Windows\System\dzEqRch.exe
  2⤵
  PID:6620
- C:\Windows\System\IXFFhTF.exe
  C:\Windows\System\IXFFhTF.exe
  2⤵
  PID:6588
- C:\Windows\System\FqBkNPM.exe
  C:\Windows\System\FqBkNPM.exe
  2⤵
  PID:6800
- C:\Windows\System\eDZEAhx.exe
  C:\Windows\System\eDZEAhx.exe
  2⤵
  PID:7060
- C:\Windows\System\eZzRAzn.exe
  C:\Windows\System\eZzRAzn.exe
  2⤵
  PID:6204
- C:\Windows\System\fWONoUW.exe
  C:\Windows\System\fWONoUW.exe
  2⤵
  PID:5740
- C:\Windows\System\bZoIlDG.exe
  C:\Windows\System\bZoIlDG.exe
  2⤵
  PID:7148
- C:\Windows\System\DfBhwqI.exe
  C:\Windows\System\DfBhwqI.exe
  2⤵
  PID:6184
- C:\Windows\System\AKdDVnZ.exe
  C:\Windows\System\AKdDVnZ.exe
  2⤵
  PID:6536
- C:\Windows\System\OSNQjkW.exe
  C:\Windows\System\OSNQjkW.exe
  2⤵
  PID:5332
- C:\Windows\System\NpAswEc.exe
  C:\Windows\System\NpAswEc.exe
  2⤵
  PID:6876
- C:\Windows\System\aKDWLUS.exe
  C:\Windows\System\aKDWLUS.exe
  2⤵
  PID:7076
- C:\Windows\System\GRsfriT.exe
  C:\Windows\System\GRsfriT.exe
  2⤵
  PID:7028
- C:\Windows\System\kztuAlm.exe
  C:\Windows\System\kztuAlm.exe
  2⤵
  PID:6780
- C:\Windows\System\LHWZrPJ.exe
  C:\Windows\System\LHWZrPJ.exe
  2⤵
  PID:6940
- C:\Windows\System\cxurkBD.exe
  C:\Windows\System\cxurkBD.exe
  2⤵
  PID:7084
- C:\Windows\System\uQdyJYm.exe
  C:\Windows\System\uQdyJYm.exe
  2⤵
  PID:7024
- C:\Windows\System\oqZxGdd.exe
  C:\Windows\System\oqZxGdd.exe
  2⤵
  PID:6700
- C:\Windows\System\XZEOETU.exe
  C:\Windows\System\XZEOETU.exe
  2⤵
  PID:3464
- C:\Windows\System\ydRKdVI.exe
  C:\Windows\System\ydRKdVI.exe
  2⤵
  PID:7120
- C:\Windows\System\ImejabW.exe
  C:\Windows\System\ImejabW.exe
  2⤵
  PID:7172
- C:\Windows\System\pNuYjWz.exe
  C:\Windows\System\pNuYjWz.exe
  2⤵
  PID:7188
- C:\Windows\System\pgSoBRn.exe
  C:\Windows\System\pgSoBRn.exe
  2⤵
  PID:7208
- C:\Windows\System\znPbKVI.exe
  C:\Windows\System\znPbKVI.exe
  2⤵
  PID:7224
- C:\Windows\System\IkSZzkW.exe
  C:\Windows\System\IkSZzkW.exe
  2⤵
  PID:7240
- C:\Windows\System\JFVgPAp.exe
  C:\Windows\System\JFVgPAp.exe
  2⤵
  PID:7256
- C:\Windows\System\XKuUlws.exe
  C:\Windows\System\XKuUlws.exe
  2⤵
  PID:7272
- C:\Windows\System\qONqLHp.exe
  C:\Windows\System\qONqLHp.exe
  2⤵
  PID:7288
- C:\Windows\System\NELuBbw.exe
  C:\Windows\System\NELuBbw.exe
  2⤵
  PID:7308
- C:\Windows\System\skfsJih.exe
  C:\Windows\System\skfsJih.exe
  2⤵
  PID:7324
- C:\Windows\System\HjgHVyK.exe
  C:\Windows\System\HjgHVyK.exe
  2⤵
  PID:7340
- C:\Windows\System\GiXjkLV.exe
  C:\Windows\System\GiXjkLV.exe
  2⤵
  PID:7356
- C:\Windows\System\xOEHVVy.exe
  C:\Windows\System\xOEHVVy.exe
  2⤵
  PID:7372
- C:\Windows\System\EOEVSSw.exe
  C:\Windows\System\EOEVSSw.exe
  2⤵
  PID:7388
- C:\Windows\System\RgPdEsv.exe
  C:\Windows\System\RgPdEsv.exe
  2⤵
  PID:7404
- C:\Windows\System\gyqRUvG.exe
  C:\Windows\System\gyqRUvG.exe
  2⤵
  PID:7420
- C:\Windows\System\AncWNMG.exe
  C:\Windows\System\AncWNMG.exe
  2⤵
  PID:7436
- C:\Windows\System\RdLrrws.exe
  C:\Windows\System\RdLrrws.exe
  2⤵
  PID:7452
- C:\Windows\System\kowxhXZ.exe
  C:\Windows\System\kowxhXZ.exe
  2⤵
  PID:7468
- C:\Windows\System\Qsvnwfr.exe
  C:\Windows\System\Qsvnwfr.exe
  2⤵
  PID:7484
- C:\Windows\System\utKQkRI.exe
  C:\Windows\System\utKQkRI.exe
  2⤵
  PID:7500
- C:\Windows\System\hmXmsXU.exe
  C:\Windows\System\hmXmsXU.exe
  2⤵
  PID:7516
- C:\Windows\System\FmbQnWe.exe
  C:\Windows\System\FmbQnWe.exe
  2⤵
  PID:7532
- C:\Windows\System\syrqahb.exe
  C:\Windows\System\syrqahb.exe
  2⤵
  PID:7548
- C:\Windows\System\imRHkhJ.exe
  C:\Windows\System\imRHkhJ.exe
  2⤵
  PID:7564
- C:\Windows\System\FbkiUyr.exe
  C:\Windows\System\FbkiUyr.exe
  2⤵
  PID:7580
- C:\Windows\System\OzXlWbo.exe
  C:\Windows\System\OzXlWbo.exe
  2⤵
  PID:7596
- C:\Windows\System\mgTxzbf.exe
  C:\Windows\System\mgTxzbf.exe
  2⤵
  PID:7612
- C:\Windows\System\fwxOPJI.exe
  C:\Windows\System\fwxOPJI.exe
  2⤵
  PID:7628
- C:\Windows\System\kfDaqpU.exe
  C:\Windows\System\kfDaqpU.exe
  2⤵
  PID:7644
- C:\Windows\System\ywpfhbs.exe
  C:\Windows\System\ywpfhbs.exe
  2⤵
  PID:7660
- C:\Windows\System\peDKUEs.exe
  C:\Windows\System\peDKUEs.exe
  2⤵
  PID:7676
- C:\Windows\System\szvKUWa.exe
  C:\Windows\System\szvKUWa.exe
  2⤵
  PID:7692
- C:\Windows\System\zUMeVME.exe
  C:\Windows\System\zUMeVME.exe
  2⤵
  PID:7708
- C:\Windows\System\cbSotPI.exe
  C:\Windows\System\cbSotPI.exe
  2⤵
  PID:7724
- C:\Windows\System\GbqnMAn.exe
  C:\Windows\System\GbqnMAn.exe
  2⤵
  PID:7740
- C:\Windows\System\YXeKibg.exe
  C:\Windows\System\YXeKibg.exe
  2⤵
  PID:7756
- C:\Windows\System\VzMgqcJ.exe
  C:\Windows\System\VzMgqcJ.exe
  2⤵
  PID:7772
- C:\Windows\System\kMjZEtF.exe
  C:\Windows\System\kMjZEtF.exe
  2⤵
  PID:7788
- C:\Windows\System\ekEMbcX.exe
  C:\Windows\System\ekEMbcX.exe
  2⤵
  PID:7804
- C:\Windows\System\EgKvszN.exe
  C:\Windows\System\EgKvszN.exe
  2⤵
  PID:7820
- C:\Windows\System\ieUXtkB.exe
  C:\Windows\System\ieUXtkB.exe
  2⤵
  PID:7836
- C:\Windows\System\nUPkQXn.exe
  C:\Windows\System\nUPkQXn.exe
  2⤵
  PID:7852
- C:\Windows\System\futVhhJ.exe
  C:\Windows\System\futVhhJ.exe
  2⤵
  PID:7868
- C:\Windows\System\vnakPNE.exe
  C:\Windows\System\vnakPNE.exe
  2⤵
  PID:7884
- C:\Windows\System\ADZqKjg.exe
  C:\Windows\System\ADZqKjg.exe
  2⤵
  PID:7900
- C:\Windows\System\gLkkcEx.exe
  C:\Windows\System\gLkkcEx.exe
  2⤵
  PID:7916
- C:\Windows\System\iflyGhl.exe
  C:\Windows\System\iflyGhl.exe
  2⤵
  PID:7932
- C:\Windows\System\YoJHvZn.exe
  C:\Windows\System\YoJHvZn.exe
  2⤵
  PID:7948
- C:\Windows\System\JQwuhgI.exe
  C:\Windows\System\JQwuhgI.exe
  2⤵
  PID:7964
- C:\Windows\System\hbmgLwV.exe
  C:\Windows\System\hbmgLwV.exe
  2⤵
  PID:7980
- C:\Windows\System\EnbwzDo.exe
  C:\Windows\System\EnbwzDo.exe
  2⤵
  PID:7996
- C:\Windows\System\GBrruZN.exe
  C:\Windows\System\GBrruZN.exe
  2⤵
  PID:8012
- C:\Windows\System\coxbVsS.exe
  C:\Windows\System\coxbVsS.exe
  2⤵
  PID:8028
- C:\Windows\System\RmoXoHj.exe
  C:\Windows\System\RmoXoHj.exe
  2⤵
  PID:8044
- C:\Windows\System\NQMyyZk.exe
  C:\Windows\System\NQMyyZk.exe
  2⤵
  PID:8060
- C:\Windows\System\vkBxsVs.exe
  C:\Windows\System\vkBxsVs.exe
  2⤵
  PID:8076
- C:\Windows\System\pUDghKX.exe
  C:\Windows\System\pUDghKX.exe
  2⤵
  PID:8092
- C:\Windows\System\NwYsXCB.exe
  C:\Windows\System\NwYsXCB.exe
  2⤵
  PID:8108
- C:\Windows\System\MnNidPQ.exe
  C:\Windows\System\MnNidPQ.exe
  2⤵
  PID:8124
- C:\Windows\System\utwfTLk.exe
  C:\Windows\System\utwfTLk.exe
  2⤵
  PID:8140
- C:\Windows\System\FzkWqnW.exe
  C:\Windows\System\FzkWqnW.exe
  2⤵
  PID:8156
- C:\Windows\System\JppxpCN.exe
  C:\Windows\System\JppxpCN.exe
  2⤵
  PID:8172
- C:\Windows\System\TAqkEwk.exe
  C:\Windows\System\TAqkEwk.exe
  2⤵
  PID:8188
- C:\Windows\System\wZCXoOT.exe
  C:\Windows\System\wZCXoOT.exe
  2⤵
  PID:6464
- C:\Windows\System\ilETJFh.exe
  C:\Windows\System\ilETJFh.exe
  2⤵
  PID:7040
- C:\Windows\System\AArbdgQ.exe
  C:\Windows\System\AArbdgQ.exe
  2⤵
  PID:7296
- C:\Windows\System\ornsbQV.exe
  C:\Windows\System\ornsbQV.exe
  2⤵
  PID:7464
- C:\Windows\System\IYkqjjA.exe
  C:\Windows\System\IYkqjjA.exe
  2⤵
  PID:7496
- C:\Windows\System\kVdgyQk.exe
  C:\Windows\System\kVdgyQk.exe
  2⤵
  PID:7588
- C:\Windows\System\jrgDzGk.exe
  C:\Windows\System\jrgDzGk.exe
  2⤵
  PID:7508
- C:\Windows\System\nOrsbhb.exe
  C:\Windows\System\nOrsbhb.exe
  2⤵
  PID:7480
- C:\Windows\System\iLmmkkF.exe
  C:\Windows\System\iLmmkkF.exe
  2⤵
  PID:7544
- C:\Windows\System\gToKMlC.exe
  C:\Windows\System\gToKMlC.exe
  2⤵
  PID:7604
- C:\Windows\System\OGymlQV.exe
  C:\Windows\System\OGymlQV.exe
  2⤵
  PID:7672
- C:\Windows\System\BYnfrqO.exe
  C:\Windows\System\BYnfrqO.exe
  2⤵
  PID:7736
- C:\Windows\System\teqMqkd.exe
  C:\Windows\System\teqMqkd.exe
  2⤵
  PID:7752
- C:\Windows\System\LkRusdJ.exe
  C:\Windows\System\LkRusdJ.exe
  2⤵
  PID:7832
- C:\Windows\System\gwzqJlt.exe
  C:\Windows\System\gwzqJlt.exe
  2⤵
  PID:7784
- C:\Windows\System\ZgrYHiV.exe
  C:\Windows\System\ZgrYHiV.exe
  2⤵
  PID:7848
- C:\Windows\System\aXlQgMG.exe
  C:\Windows\System\aXlQgMG.exe
  2⤵
  PID:7912
- C:\Windows\System\TjsffKz.exe
  C:\Windows\System\TjsffKz.exe
  2⤵
  PID:7972
- C:\Windows\System\WnuQrrW.exe
  C:\Windows\System\WnuQrrW.exe
  2⤵
  PID:8004
- C:\Windows\System\yfPQehi.exe
  C:\Windows\System\yfPQehi.exe
  2⤵
  PID:7940
- C:\Windows\System\BWZECfq.exe
  C:\Windows\System\BWZECfq.exe
  2⤵
  PID:8052
- C:\Windows\System\AbRENEX.exe
  C:\Windows\System\AbRENEX.exe
  2⤵
  PID:8084
- C:\Windows\System\AAGhmOI.exe
  C:\Windows\System\AAGhmOI.exe
  2⤵
  PID:8152
- C:\Windows\System\pVfssfe.exe
  C:\Windows\System\pVfssfe.exe
  2⤵
  PID:6492
- C:\Windows\System\JrQbTJd.exe
  C:\Windows\System\JrQbTJd.exe
  2⤵
  PID:8132
- C:\Windows\System\bGfBXnC.exe
  C:\Windows\System\bGfBXnC.exe
  2⤵
  PID:5688
- C:\Windows\System\tbIVgWk.exe
  C:\Windows\System\tbIVgWk.exe
  2⤵
  PID:7200
- C:\Windows\System\ibRQJUa.exe
  C:\Windows\System\ibRQJUa.exe
  2⤵
  PID:7220
- C:\Windows\System\iqbpkGq.exe
  C:\Windows\System\iqbpkGq.exe
  2⤵
  PID:7248
- C:\Windows\System\LOmubxO.exe
  C:\Windows\System\LOmubxO.exe
  2⤵
  PID:7232
- C:\Windows\System\xGLgPGr.exe
  C:\Windows\System\xGLgPGr.exe
  2⤵
  PID:7336
- C:\Windows\System\OvusyOe.exe
  C:\Windows\System\OvusyOe.exe
  2⤵
  PID:7460
- C:\Windows\System\HYnOnwE.exe
  C:\Windows\System\HYnOnwE.exe
  2⤵
  PID:7556
- C:\Windows\System\DUOwCwC.exe
  C:\Windows\System\DUOwCwC.exe
  2⤵
  PID:7364
- C:\Windows\System\KQTSWJu.exe
  C:\Windows\System\KQTSWJu.exe
  2⤵
  PID:7368
- C:\Windows\System\BOZmArW.exe
  C:\Windows\System\BOZmArW.exe
  2⤵
  PID:7656
- C:\Windows\System\wkcrMaY.exe
  C:\Windows\System\wkcrMaY.exe
  2⤵
  PID:7576
- C:\Windows\System\SHmRbvf.exe
  C:\Windows\System\SHmRbvf.exe
  2⤵
  PID:7720
- C:\Windows\System\vhtPiZl.exe
  C:\Windows\System\vhtPiZl.exe
  2⤵
  PID:7540
- C:\Windows\System\xkJpWHg.exe
  C:\Windows\System\xkJpWHg.exe
  2⤵
  PID:7732
- C:\Windows\System\PiThZNl.exe
  C:\Windows\System\PiThZNl.exe
  2⤵
  PID:7780
- C:\Windows\System\eftFuHQ.exe
  C:\Windows\System\eftFuHQ.exe
  2⤵
  PID:7928
- C:\Windows\System\APHcLZG.exe
  C:\Windows\System\APHcLZG.exe
  2⤵
  PID:7896
- C:\Windows\System\RdBgRiv.exe
  C:\Windows\System\RdBgRiv.exe
  2⤵
  PID:8184
- C:\Windows\System\yEXAvdn.exe
  C:\Windows\System\yEXAvdn.exe
  2⤵
  PID:6348
- C:\Windows\System\aFOTkgm.exe
  C:\Windows\System\aFOTkgm.exe
  2⤵
  PID:8148
- C:\Windows\System\jNGuunB.exe
  C:\Windows\System\jNGuunB.exe
  2⤵
  PID:6928
- C:\Windows\System\EcvOTEJ.exe
  C:\Windows\System\EcvOTEJ.exe
  2⤵
  PID:7432
- C:\Windows\System\ScKgnfI.exe
  C:\Windows\System\ScKgnfI.exe
  2⤵
  PID:7396
- C:\Windows\System\RvMNhIP.exe
  C:\Windows\System\RvMNhIP.exe
  2⤵
  PID:7524
- C:\Windows\System\fbZflSn.exe
  C:\Windows\System\fbZflSn.exe
  2⤵
  PID:7620
- C:\Windows\System\NtyuHxS.exe
  C:\Windows\System\NtyuHxS.exe
  2⤵
  PID:7688
- C:\Windows\System\aVfMPXZ.exe
  C:\Windows\System\aVfMPXZ.exe
  2⤵
  PID:7476
- C:\Windows\System\oUoKINN.exe
  C:\Windows\System\oUoKINN.exe
  2⤵
  PID:7956
- C:\Windows\System\mIZvOYB.exe
  C:\Windows\System\mIZvOYB.exe
  2⤵
  PID:8136
- C:\Windows\System\szACgAf.exe
  C:\Windows\System\szACgAf.exe
  2⤵
  PID:7428
- C:\Windows\System\zYiPWqT.exe
  C:\Windows\System\zYiPWqT.exe
  2⤵
  PID:8040
- C:\Windows\System\HRoQyyg.exe
  C:\Windows\System\HRoQyyg.exe
  2⤵
  PID:7668
- C:\Windows\System\qDPCkME.exe
  C:\Windows\System\qDPCkME.exe
  2⤵
  PID:7412
- C:\Windows\System\QgQMXWw.exe
  C:\Windows\System\QgQMXWw.exe
  2⤵
  PID:7892
- C:\Windows\System\rfOlNhW.exe
  C:\Windows\System\rfOlNhW.exe
  2⤵
  PID:7844
- C:\Windows\System\kIUVnnh.exe
  C:\Windows\System\kIUVnnh.exe
  2⤵
  PID:7236
- C:\Windows\System\glwqBlu.exe
  C:\Windows\System\glwqBlu.exe
  2⤵
  PID:8204
- C:\Windows\System\sfOTotk.exe
  C:\Windows\System\sfOTotk.exe
  2⤵
  PID:8232
- C:\Windows\System\KYmjHCu.exe
  C:\Windows\System\KYmjHCu.exe
  2⤵
  PID:8248
- C:\Windows\System\UZJdxhX.exe
  C:\Windows\System\UZJdxhX.exe
  2⤵
  PID:8280
- C:\Windows\System\zegVjkD.exe
  C:\Windows\System\zegVjkD.exe
  2⤵
  PID:8304
- C:\Windows\System\IVIBarr.exe
  C:\Windows\System\IVIBarr.exe
  2⤵
  PID:8328
- C:\Windows\System\IgHlPBm.exe
  C:\Windows\System\IgHlPBm.exe
  2⤵
  PID:8344
- C:\Windows\System\XwxrlHl.exe
  C:\Windows\System\XwxrlHl.exe
  2⤵
  PID:8360
- C:\Windows\System\VswQsMn.exe
  C:\Windows\System\VswQsMn.exe
  2⤵
  PID:8376
- C:\Windows\System\lGbPaCU.exe
  C:\Windows\System\lGbPaCU.exe
  2⤵
  PID:8392
- C:\Windows\System\mUhuINY.exe
  C:\Windows\System\mUhuINY.exe
  2⤵
  PID:8408
- C:\Windows\System\BiChDMH.exe
  C:\Windows\System\BiChDMH.exe
  2⤵
  PID:8424
- C:\Windows\System\lvhIKWK.exe
  C:\Windows\System\lvhIKWK.exe
  2⤵
  PID:8440
- C:\Windows\System\XMLSbpm.exe
  C:\Windows\System\XMLSbpm.exe
  2⤵
  PID:8456
- C:\Windows\System\yAhnCxw.exe
  C:\Windows\System\yAhnCxw.exe
  2⤵
  PID:8476
- C:\Windows\System\RcRqSoE.exe
  C:\Windows\System\RcRqSoE.exe
  2⤵
  PID:8504
- C:\Windows\System\RkJYYgs.exe
  C:\Windows\System\RkJYYgs.exe
  2⤵
  PID:8520
- C:\Windows\System\oHCUyIj.exe
  C:\Windows\System\oHCUyIj.exe
  2⤵
  PID:8540
- C:\Windows\System\HZftBwN.exe
  C:\Windows\System\HZftBwN.exe
  2⤵
  PID:8568
- C:\Windows\System\VqrMGea.exe
  C:\Windows\System\VqrMGea.exe
  2⤵
  PID:8600
- C:\Windows\System\EEBnSPY.exe
  C:\Windows\System\EEBnSPY.exe
  2⤵
  PID:8620
- C:\Windows\System\QYwkIkj.exe
  C:\Windows\System\QYwkIkj.exe
  2⤵
  PID:8636
- C:\Windows\System\poaCIkM.exe
  C:\Windows\System\poaCIkM.exe
  2⤵
  PID:8656
- C:\Windows\System\KyjYWVU.exe
  C:\Windows\System\KyjYWVU.exe
  2⤵
  PID:8672
- C:\Windows\System\HuOMoJv.exe
  C:\Windows\System\HuOMoJv.exe
  2⤵
  PID:8696
- C:\Windows\System\rgeEaUM.exe
  C:\Windows\System\rgeEaUM.exe
  2⤵
  PID:8712
- C:\Windows\System\TzHGTFe.exe
  C:\Windows\System\TzHGTFe.exe
  2⤵
  PID:8728
- C:\Windows\System\NNVGqmK.exe
  C:\Windows\System\NNVGqmK.exe
  2⤵
  PID:8744
- C:\Windows\System\jZoCzNK.exe
  C:\Windows\System\jZoCzNK.exe
  2⤵
  PID:8760
- C:\Windows\System\VxcBglC.exe
  C:\Windows\System\VxcBglC.exe
  2⤵
  PID:8776
- C:\Windows\System\RAjaZNc.exe
  C:\Windows\System\RAjaZNc.exe
  2⤵
  PID:8792
- C:\Windows\System\OgKlUrH.exe
  C:\Windows\System\OgKlUrH.exe
  2⤵
  PID:8808
- C:\Windows\System\MMnqlTa.exe
  C:\Windows\System\MMnqlTa.exe
  2⤵
  PID:8824
- C:\Windows\System\ocXYeKh.exe
  C:\Windows\System\ocXYeKh.exe
  2⤵
  PID:8840
- C:\Windows\System\xoMuuGN.exe
  C:\Windows\System\xoMuuGN.exe
  2⤵
  PID:8856
- C:\Windows\System\QspESmz.exe
  C:\Windows\System\QspESmz.exe
  2⤵
  PID:8872
- C:\Windows\System\YLRDQja.exe
  C:\Windows\System\YLRDQja.exe
  2⤵
  PID:8916
- C:\Windows\System\iAQctfQ.exe
  C:\Windows\System\iAQctfQ.exe
  2⤵
  PID:8932
- C:\Windows\System\FiFLhbo.exe
  C:\Windows\System\FiFLhbo.exe
  2⤵
  PID:8952
- C:\Windows\System\ehACNkT.exe
  C:\Windows\System\ehACNkT.exe
  2⤵
  PID:8968
- C:\Windows\System\rSwKTHA.exe
  C:\Windows\System\rSwKTHA.exe
  2⤵
  PID:8984
- C:\Windows\System\SIgeBCC.exe
  C:\Windows\System\SIgeBCC.exe
  2⤵
  PID:9004
- C:\Windows\System\YXwfceb.exe
  C:\Windows\System\YXwfceb.exe
  2⤵
  PID:9028
- C:\Windows\System\QZddqRL.exe
  C:\Windows\System\QZddqRL.exe
  2⤵
  PID:9044
- C:\Windows\System\wYYEjru.exe
  C:\Windows\System\wYYEjru.exe
  2⤵
  PID:9060
- C:\Windows\System\HadDJnL.exe
  C:\Windows\System\HadDJnL.exe
  2⤵
  PID:9076
- C:\Windows\System\GtWtbYm.exe
  C:\Windows\System\GtWtbYm.exe
  2⤵
  PID:9096
- C:\Windows\System\UbGkDNu.exe
  C:\Windows\System\UbGkDNu.exe
  2⤵
  PID:9120
- C:\Windows\System\gQpNvWq.exe
  C:\Windows\System\gQpNvWq.exe
  2⤵
  PID:9144
- C:\Windows\System\jeAvsVV.exe
  C:\Windows\System\jeAvsVV.exe
  2⤵
  PID:9160
- C:\Windows\System\qcQdUtY.exe
  C:\Windows\System\qcQdUtY.exe
  2⤵
  PID:9196
- C:\Windows\System\SuGJwZC.exe
  C:\Windows\System\SuGJwZC.exe
  2⤵
  PID:9212
- C:\Windows\System\AqDdlhW.exe
  C:\Windows\System\AqDdlhW.exe
  2⤵
  PID:7384
- C:\Windows\System\MdBRcoO.exe
  C:\Windows\System\MdBRcoO.exe
  2⤵
  PID:8260
- C:\Windows\System\qVWuCyl.exe
  C:\Windows\System\qVWuCyl.exe
  2⤵
  PID:8312
- C:\Windows\System\kPkFYGx.exe
  C:\Windows\System\kPkFYGx.exe
  2⤵
  PID:8324
- C:\Windows\System\sTFlAJI.exe
  C:\Windows\System\sTFlAJI.exe
  2⤵
  PID:8036
- C:\Windows\System\JzJZeyV.exe
  C:\Windows\System\JzJZeyV.exe
  2⤵
  PID:8416
- C:\Windows\System\vUbhojb.exe
  C:\Windows\System\vUbhojb.exe
  2⤵
  PID:8240
- C:\Windows\System\Fzrlysa.exe
  C:\Windows\System\Fzrlysa.exe
  2⤵
  PID:8296
- C:\Windows\System\WdFcqUJ.exe
  C:\Windows\System\WdFcqUJ.exe
  2⤵
  PID:8432
- C:\Windows\System\aXvRbKZ.exe
  C:\Windows\System\aXvRbKZ.exe
  2⤵
  PID:8368
- C:\Windows\System\ZmRUVWQ.exe
  C:\Windows\System\ZmRUVWQ.exe
  2⤵
  PID:8448
- C:\Windows\System\DjkNKmj.exe
  C:\Windows\System\DjkNKmj.exe
  2⤵
  PID:8532
- C:\Windows\System\BaIJYNX.exe
  C:\Windows\System\BaIJYNX.exe
  2⤵
  PID:8580
- C:\Windows\System\KCgAuFg.exe
  C:\Windows\System\KCgAuFg.exe
  2⤵
  PID:8628
- C:\Windows\System\MxnTojH.exe
  C:\Windows\System\MxnTojH.exe
  2⤵
  PID:8736
- C:\Windows\System\btzMxxM.exe
  C:\Windows\System\btzMxxM.exe
  2⤵
  PID:8548
- C:\Windows\System\gHRCqVw.exe
  C:\Windows\System\gHRCqVw.exe
  2⤵
  PID:8804
- C:\Windows\System\rzMZpTs.exe
  C:\Windows\System\rzMZpTs.exe
  2⤵
  PID:8820
- C:\Windows\System\mQhBidw.exe
  C:\Windows\System\mQhBidw.exe
  2⤵
  PID:8880
- C:\Windows\System\FKtpaQE.exe
  C:\Windows\System\FKtpaQE.exe
  2⤵
  PID:8908
- C:\Windows\System\rBbONQf.exe
  C:\Windows\System\rBbONQf.exe
  2⤵
  PID:8976
- C:\Windows\System\QHlYcmC.exe
  C:\Windows\System\QHlYcmC.exe
  2⤵
  PID:9168
- C:\Windows\System\pUAZVjG.exe
  C:\Windows\System\pUAZVjG.exe
  2⤵
  PID:8708
- C:\Windows\System\TWeexNI.exe
  C:\Windows\System\TWeexNI.exe
  2⤵
  PID:8800
- C:\Windows\System\eALJscy.exe
  C:\Windows\System\eALJscy.exe
  2⤵
  PID:9084
- C:\Windows\System\UjrYItr.exe
  C:\Windows\System\UjrYItr.exe
  2⤵
  PID:9156
- C:\Windows\System\RxnXVRA.exe
  C:\Windows\System\RxnXVRA.exe
  2⤵
  PID:8216
- C:\Windows\System\PeKzCId.exe
  C:\Windows\System\PeKzCId.exe
  2⤵
  PID:9188
- C:\Windows\System\GVNhbhP.exe
  C:\Windows\System\GVNhbhP.exe
  2⤵
  PID:8220
- C:\Windows\System\bHgbklR.exe
  C:\Windows\System\bHgbklR.exe
  2⤵
  PID:8020
- C:\Windows\System\sdhNiNe.exe
  C:\Windows\System\sdhNiNe.exe
  2⤵
  PID:8496
- C:\Windows\System\tisklpN.exe
  C:\Windows\System\tisklpN.exe
  2⤵
  PID:7304
- C:\Windows\System\khnaSQV.exe
  C:\Windows\System\khnaSQV.exe
  2⤵
  PID:8468
- C:\Windows\System\VsEsAPr.exe
  C:\Windows\System\VsEsAPr.exe
  2⤵
  PID:8484
- C:\Windows\System\KfSFRHS.exe
  C:\Windows\System\KfSFRHS.exe
  2⤵
  PID:8680
- C:\Windows\System\bFVhxqw.exe
  C:\Windows\System\bFVhxqw.exe
  2⤵
  PID:8752
- C:\Windows\System\UdNhOze.exe
  C:\Windows\System\UdNhOze.exe
  2⤵
  PID:8904
- C:\Windows\System\XkChLnz.exe
  C:\Windows\System\XkChLnz.exe
  2⤵
  PID:7800
- C:\Windows\System\sGfupeO.exe
  C:\Windows\System\sGfupeO.exe
  2⤵
  PID:9056
- C:\Windows\System\IdpsIYd.exe
  C:\Windows\System\IdpsIYd.exe
  2⤵
  PID:8784
- C:\Windows\System\lSBBoBy.exe
  C:\Windows\System\lSBBoBy.exe
  2⤵
  PID:8928
- C:\Windows\System\PRTrsLh.exe
  C:\Windows\System\PRTrsLh.exe
  2⤵
  PID:8896
- C:\Windows\System\iYikBDe.exe
  C:\Windows\System\iYikBDe.exe
  2⤵
  PID:9036
- C:\Windows\System\JAqsHlt.exe
  C:\Windows\System\JAqsHlt.exe
  2⤵
  PID:9052
- C:\Windows\System\FfRhZfJ.exe
  C:\Windows\System\FfRhZfJ.exe
  2⤵
  PID:9112
- C:\Windows\System\vymGKuX.exe
  C:\Windows\System\vymGKuX.exe
  2⤵
  PID:7264
- C:\Windows\System\iSomDxv.exe
  C:\Windows\System\iSomDxv.exe
  2⤵
  PID:8292
- C:\Windows\System\ahXuljG.exe
  C:\Windows\System\ahXuljG.exe
  2⤵
  PID:8340
- C:\Windows\System\eVCRkys.exe
  C:\Windows\System\eVCRkys.exe
  2⤵
  PID:8372
- C:\Windows\System\rpavTLQ.exe
  C:\Windows\System\rpavTLQ.exe
  2⤵
  PID:8772
- C:\Windows\System\zxsAerN.exe
  C:\Windows\System\zxsAerN.exe
  2⤵
  PID:8512
- C:\Windows\System\eqSCEwF.exe
  C:\Windows\System\eqSCEwF.exe
  2⤵
  PID:8940
- C:\Windows\System\QsBTzkg.exe
  C:\Windows\System\QsBTzkg.exe
  2⤵
  PID:8848
- C:\Windows\System\IVhCLTU.exe
  C:\Windows\System\IVhCLTU.exe
  2⤵
  PID:9128
- C:\Windows\System\ByeUbhQ.exe
  C:\Windows\System\ByeUbhQ.exe
  2⤵
  PID:8832
- C:\Windows\System\PrnDqdC.exe
  C:\Windows\System\PrnDqdC.exe
  2⤵
  PID:8864
- C:\Windows\System\nPoEbat.exe
  C:\Windows\System\nPoEbat.exe
  2⤵
  PID:9108
- C:\Windows\System\AOJZTNR.exe
  C:\Windows\System\AOJZTNR.exe
  2⤵
  PID:8404
- C:\Windows\System\PQioCdy.exe
  C:\Windows\System\PQioCdy.exe
  2⤵
  PID:8464
- C:\Windows\System\ZbTULPg.exe
  C:\Windows\System\ZbTULPg.exe
  2⤵
  PID:8564
- C:\Windows\System\yXSKvGv.exe
  C:\Windows\System\yXSKvGv.exe
  2⤵
  PID:8724
- C:\Windows\System\EEamXhq.exe
  C:\Windows\System\EEamXhq.exe
  2⤵
  PID:8560
- C:\Windows\System\alRpyga.exe
  C:\Windows\System\alRpyga.exe
  2⤵
  PID:8596
- C:\Windows\System\ASuHWWF.exe
  C:\Windows\System\ASuHWWF.exe
  2⤵
  PID:9000
- C:\Windows\System\ooVsWck.exe
  C:\Windows\System\ooVsWck.exe
  2⤵
  PID:8256
- C:\Windows\System\SkDjLfB.exe
  C:\Windows\System\SkDjLfB.exe
  2⤵
  PID:9024
- C:\Windows\System\kCCPIBZ.exe
  C:\Windows\System\kCCPIBZ.exe
  2⤵
  PID:9184
- C:\Windows\System\rIYcmAk.exe
  C:\Windows\System\rIYcmAk.exe
  2⤵
  PID:8592
- C:\Windows\System\AKnYJjv.exe
  C:\Windows\System\AKnYJjv.exe
  2⤵
  PID:8868
- C:\Windows\System\PnpVXbA.exe
  C:\Windows\System\PnpVXbA.exe
  2⤵
  PID:8616
- C:\Windows\System\lmtqYIS.exe
  C:\Windows\System\lmtqYIS.exe
  2⤵
  PID:9172
- C:\Windows\System\tlwpuhf.exe
  C:\Windows\System\tlwpuhf.exe
  2⤵
  PID:9116
- C:\Windows\System\ZxsRBIV.exe
  C:\Windows\System\ZxsRBIV.exe
  2⤵
  PID:9068
- C:\Windows\System\QpyOcmh.exe
  C:\Windows\System\QpyOcmh.exe
  2⤵
  PID:8536
- C:\Windows\System\ltqCBRn.exe
  C:\Windows\System\ltqCBRn.exe
  2⤵
  PID:9232
- C:\Windows\System\AULglWn.exe
  C:\Windows\System\AULglWn.exe
  2⤵
  PID:9256
- C:\Windows\System\OMPqiJE.exe
  C:\Windows\System\OMPqiJE.exe
  2⤵
  PID:9272
- C:\Windows\System\luUqrQV.exe
  C:\Windows\System\luUqrQV.exe
  2⤵
  PID:9288
- C:\Windows\System\EccmZYb.exe
  C:\Windows\System\EccmZYb.exe
  2⤵
  PID:9316
- C:\Windows\System\DHwoAHL.exe
  C:\Windows\System\DHwoAHL.exe
  2⤵
  PID:9332
- C:\Windows\System\ZurfKLD.exe
  C:\Windows\System\ZurfKLD.exe
  2⤵
  PID:9356
- C:\Windows\System\FfBFOLj.exe
  C:\Windows\System\FfBFOLj.exe
  2⤵
  PID:9372
- C:\Windows\System\RShTAkK.exe
  C:\Windows\System\RShTAkK.exe
  2⤵
  PID:9392
- C:\Windows\System\lmFoURF.exe
  C:\Windows\System\lmFoURF.exe
  2⤵
  PID:9412
- C:\Windows\System\HsrSwiL.exe
  C:\Windows\System\HsrSwiL.exe
  2⤵
  PID:9436
- C:\Windows\System\NQxOuYT.exe
  C:\Windows\System\NQxOuYT.exe
  2⤵
  PID:9452
- C:\Windows\System\AnQormB.exe
  C:\Windows\System\AnQormB.exe
  2⤵
  PID:9472
- C:\Windows\System\XLVdWxh.exe
  C:\Windows\System\XLVdWxh.exe
  2⤵
  PID:9496
- C:\Windows\System\jTafUUA.exe
  C:\Windows\System\jTafUUA.exe
  2⤵
  PID:9512
- C:\Windows\System\JcXSehe.exe
  C:\Windows\System\JcXSehe.exe
  2⤵
  PID:9528
- C:\Windows\System\oYXRgkr.exe
  C:\Windows\System\oYXRgkr.exe
  2⤵
  PID:9544
- C:\Windows\System\XcvTmYw.exe
  C:\Windows\System\XcvTmYw.exe
  2⤵
  PID:9560
- C:\Windows\System\dLgqVlG.exe
  C:\Windows\System\dLgqVlG.exe
  2⤵
  PID:9592
- C:\Windows\System\UDHylIL.exe
  C:\Windows\System\UDHylIL.exe
  2⤵
  PID:9608
- C:\Windows\System\DIKSRXF.exe
  C:\Windows\System\DIKSRXF.exe
  2⤵
  PID:9628
- C:\Windows\System\BrXpCjI.exe
  C:\Windows\System\BrXpCjI.exe
  2⤵
  PID:9648
- C:\Windows\System\LkeErGE.exe
  C:\Windows\System\LkeErGE.exe
  2⤵
  PID:9672
- C:\Windows\System\RfpMVSU.exe
  C:\Windows\System\RfpMVSU.exe
  2⤵
  PID:9700
- C:\Windows\System\IzTvwxQ.exe
  C:\Windows\System\IzTvwxQ.exe
  2⤵
  PID:9720
- C:\Windows\System\YxLJKRa.exe
  C:\Windows\System\YxLJKRa.exe
  2⤵
  PID:9736
- C:\Windows\System\GtCzyTN.exe
  C:\Windows\System\GtCzyTN.exe
  2⤵
  PID:9752
- C:\Windows\System\XpBEQFt.exe
  C:\Windows\System\XpBEQFt.exe
  2⤵
  PID:9772
- C:\Windows\System\gfqNPoI.exe
  C:\Windows\System\gfqNPoI.exe
  2⤵
  PID:9796
- C:\Windows\System\tKgYwEQ.exe
  C:\Windows\System\tKgYwEQ.exe
  2⤵
  PID:9816
- C:\Windows\System\JpWUipg.exe
  C:\Windows\System\JpWUipg.exe
  2⤵
  PID:9832
- C:\Windows\System\cZmomKa.exe
  C:\Windows\System\cZmomKa.exe
  2⤵
  PID:9848
- C:\Windows\System\IXiAQvZ.exe
  C:\Windows\System\IXiAQvZ.exe
  2⤵
  PID:9880
- C:\Windows\System\efVjnTu.exe
  C:\Windows\System\efVjnTu.exe
  2⤵
  PID:9896
- C:\Windows\System\PbhjRWI.exe
  C:\Windows\System\PbhjRWI.exe
  2⤵
  PID:9916
- C:\Windows\System\TgjhxkV.exe
  C:\Windows\System\TgjhxkV.exe
  2⤵
  PID:9940
- C:\Windows\System\CzNlJxX.exe
  C:\Windows\System\CzNlJxX.exe
  2⤵
  PID:9956
- C:\Windows\System\JzqOQGE.exe
  C:\Windows\System\JzqOQGE.exe
  2⤵
  PID:9980
- C:\Windows\System\aiUSkyc.exe
  C:\Windows\System\aiUSkyc.exe
  2⤵
  PID:9996
- C:\Windows\System\CQtwiUC.exe
  C:\Windows\System\CQtwiUC.exe
  2⤵
  PID:10012
- C:\Windows\System\KNNySZN.exe
  C:\Windows\System\KNNySZN.exe
  2⤵
  PID:10028
- C:\Windows\System\gdguwKp.exe
  C:\Windows\System\gdguwKp.exe
  2⤵
  PID:10060
- C:\Windows\System\nnRGisw.exe
  C:\Windows\System\nnRGisw.exe
  2⤵
  PID:10076
- C:\Windows\System\HPUvwyp.exe
  C:\Windows\System\HPUvwyp.exe
  2⤵
  PID:10100
- C:\Windows\System\JkvJQAO.exe
  C:\Windows\System\JkvJQAO.exe
  2⤵
  PID:10116
- C:\Windows\System\niOeYsG.exe
  C:\Windows\System\niOeYsG.exe
  2⤵
  PID:10132
- C:\Windows\System\iOhHFBS.exe
  C:\Windows\System\iOhHFBS.exe
  2⤵
  PID:10156
- C:\Windows\System\cJNvNEK.exe
  C:\Windows\System\cJNvNEK.exe
  2⤵
  PID:10172
- C:\Windows\System\lvFJHpJ.exe
  C:\Windows\System\lvFJHpJ.exe
  2⤵
  PID:10188
- C:\Windows\System\BZcAwWV.exe
  C:\Windows\System\BZcAwWV.exe
  2⤵
  PID:10204
- C:\Windows\System\pDGtnGd.exe
  C:\Windows\System\pDGtnGd.exe
  2⤵
  PID:10228
- C:\Windows\System\dWHTuMS.exe
  C:\Windows\System\dWHTuMS.exe
  2⤵
  PID:9224
- C:\Windows\System\JWLmJYe.exe
  C:\Windows\System\JWLmJYe.exe
  2⤵
  PID:9252
- C:\Windows\System\QvIfPFc.exe
  C:\Windows\System\QvIfPFc.exe
  2⤵
  PID:9296
- C:\Windows\System\PMEeDgY.exe
  C:\Windows\System\PMEeDgY.exe
  2⤵
  PID:9308
- C:\Windows\System\weeVund.exe
  C:\Windows\System\weeVund.exe
  2⤵
  PID:9328
- C:\Windows\System\iYkhOeC.exe
  C:\Windows\System\iYkhOeC.exe
  2⤵
  PID:9368
- C:\Windows\System\VsdlgvJ.exe
  C:\Windows\System\VsdlgvJ.exe
  2⤵
  PID:9404
- C:\Windows\System\QyHBNxe.exe
  C:\Windows\System\QyHBNxe.exe
  2⤵
  PID:9432
- C:\Windows\System\jEGGKar.exe
  C:\Windows\System\jEGGKar.exe
  2⤵
  PID:9492
- C:\Windows\System\jyWXeeX.exe
  C:\Windows\System\jyWXeeX.exe
  2⤵
  PID:9536
- C:\Windows\System\TYYBchk.exe
  C:\Windows\System\TYYBchk.exe
  2⤵
  PID:9556
- C:\Windows\System\PwTWJJa.exe
  C:\Windows\System\PwTWJJa.exe
  2⤵
  PID:9584
- C:\Windows\System\wxVLmbD.exe
  C:\Windows\System\wxVLmbD.exe
  2⤵
  PID:9644
- C:\Windows\System\FBKZDip.exe
  C:\Windows\System\FBKZDip.exe
  2⤵
  PID:9656
- C:\Windows\System\dIbuyrk.exe
  C:\Windows\System\dIbuyrk.exe
  2⤵
  PID:9696
- C:\Windows\System\AOhUfvd.exe
  C:\Windows\System\AOhUfvd.exe
  2⤵
  PID:9728
- C:\Windows\System\qTeWTtl.exe
  C:\Windows\System\qTeWTtl.exe
  2⤵
  PID:9768
- C:\Windows\System\kTIlIuI.exe
  C:\Windows\System\kTIlIuI.exe
  2⤵
  PID:9812
- C:\Windows\System\xZbCest.exe
  C:\Windows\System\xZbCest.exe
  2⤵
  PID:9828
- C:\Windows\System\lIYETpI.exe
  C:\Windows\System\lIYETpI.exe
  2⤵
  PID:9872
- C:\Windows\System\flmtEhI.exe
  C:\Windows\System\flmtEhI.exe
  2⤵
  PID:9864
- C:\Windows\System\kXXCums.exe
  C:\Windows\System\kXXCums.exe
  2⤵
  PID:9924
- C:\Windows\System\BdZCGft.exe
  C:\Windows\System\BdZCGft.exe
  2⤵
  PID:9964
- C:\Windows\System\QnScPvv.exe
  C:\Windows\System\QnScPvv.exe
  2⤵
  PID:9976
- C:\Windows\System\KiTeiJh.exe
  C:\Windows\System\KiTeiJh.exe
  2⤵
  PID:10008
- C:\Windows\System\hsPjfKz.exe
  C:\Windows\System\hsPjfKz.exe
  2⤵
  PID:10024
- C:\Windows\System\vQqVSrb.exe
  C:\Windows\System\vQqVSrb.exe
  2⤵
  PID:10084
- C:\Windows\System\LoRkMrX.exe
  C:\Windows\System\LoRkMrX.exe
  2⤵
  PID:10108
- C:\Windows\System\csrMxqc.exe
  C:\Windows\System\csrMxqc.exe
  2⤵
  PID:10140
- C:\Windows\System\VnlwxNv.exe
  C:\Windows\System\VnlwxNv.exe
  2⤵
  PID:10168
- C:\Windows\System\TvcSspi.exe
  C:\Windows\System\TvcSspi.exe
  2⤵
  PID:10236
- C:\Windows\System\EFxaOom.exe
  C:\Windows\System\EFxaOom.exe
  2⤵
  PID:9284
- C:\Windows\System\CclshqC.exe
  C:\Windows\System\CclshqC.exe
  2⤵
  PID:9388
- C:\Windows\System\VegJpJm.exe
  C:\Windows\System\VegJpJm.exe
  2⤵
  PID:10180
- C:\Windows\System\PglLXzn.exe
  C:\Windows\System\PglLXzn.exe
  2⤵
  PID:9312
- C:\Windows\System\SxINWAA.exe
  C:\Windows\System\SxINWAA.exe
  2⤵
  PID:9364
- C:\Windows\System\EoOIXzw.exe
  C:\Windows\System\EoOIXzw.exe
  2⤵
  PID:9588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BZKzWdN.exe

Filesize
6.0MB

MD5
f1874ea3e5668a9cf919c630ab5aec8e

SHA1
64dbfee1253a093cdb3270d7ee60fe2c5a2196c8

SHA256
77ff15355f84d7118ecbd631bef0f5f783b1d58437bfa783a74b20ca9cd3b368

SHA512
e2130cc132657ba19e6644dd27a6b9fe1007e5ddf49dfc9b1839b295579af0c7c5db1dd2bde95d85f582225687858a6eef06fa2bf230723b943a62ef455c39d8

Download Submit
C:\Windows\system\CQSwqtx.exe

Filesize
6.0MB

MD5
70931cde535e7aa9b27b2b9ac1bb52c8

SHA1
1bab538adf53399a7bf21641fa91bf437a813477

SHA256
792c8b828220a85350f642f50347ba057739fc98c6100ef862f3c612e585c235

SHA512
982dda6dcef749fd791ff87f3b9640e5ef763e35237fca5e521db2f1db2bb866390549c119fe94c4a6a797283c87fc8af09d2ba90d70e4e6b99821db6fe2cc99

Download Submit
C:\Windows\system\FRZtXAl.exe

Filesize
6.0MB

MD5
cb992a4c8bbb9fa1ff08515eda4a8e44

SHA1
9135d30d3cd3fe03f86a0ae50650611c2c6ab59b

SHA256
4072c3733acc6c454d89aaa2d2f9d4005108e6cb376b9cb185b89174d50a08dd

SHA512
02d2c88fafac80c979b03c4250ab0e18581851f3f3f5197d94205caf4251f8943ff9ad703a13713761123c21b221a870a31095e42bcba2a11a4b4d82665c9e62

Download Submit
C:\Windows\system\GtSDuiy.exe

Filesize
6.0MB

MD5
efc8baa037b57642e6e02082dadefedd

SHA1
ea94d1731e95e8dc4ec0d34f09447253d8819c23

SHA256
399dc8a0e7b97f7715328cf458828406f1f9113f02bbcd3a13071890642333f7

SHA512
4f93daabf8d8d7da8bfb97678498f1664504d024238e9e849c98c622a3987485f8b2d8e33686f0fe81d3343c251a93ba74562a9fcbf730d4c67468e1d0e55e85

Download Submit
C:\Windows\system\KjmIurc.exe

Filesize
6.0MB

MD5
9b2ae60b7fdb27de06ada4473cac3f7e

SHA1
7a5055c4532c5bcc9ff0b97c2e7567cea23ee169

SHA256
e3de2d42cba507a5c260a008a4c9ccbb1379be8e80bdcc88ee6e15de429e38b7

SHA512
9c042495115602cd2e2b34b106305c6be75b3579690df2b4900017611c66963e2bd0f58fb12bf70ca53f8b078f3cee2562d6918462a80e9aa489c94c45317c96

Download Submit
C:\Windows\system\MtVRZga.exe

Filesize
6.0MB

MD5
898741ae255bb0897518619db7b6fd17

SHA1
f7126f4e04ac17fd7ab82fc8f8c01fc1f7bf3522

SHA256
d84ab5a0a74232b562779c1b9d7fcd766ebde3ad3f39f39aec1b1627465e33e6

SHA512
ec5ce1c329ba50cf2c3b96b927bcd6c500933676950f901289b4dbe75147cab22abc232bafa67d966c1510d2dfae8e470efe7da8d4252c6df80c8a585ebc8137

Download Submit
C:\Windows\system\NCDQodB.exe

Filesize
6.0MB

MD5
a682a7efeeca85ae6140d05dbc6b00ff

SHA1
a03396b9056634d73179aa114bb9a2536162e48a

SHA256
792813796b1d344b4f34c3c23f4868413e304a943eb5e5647a90616020519de2

SHA512
d538aad70b335c5534078851341b5028345a3d3a83f7ed5e39faca88862579a1ed93483f7ee0bb55994f9250724ff17a77f059090ab58fd8b95cf3049d95e5d1

Download Submit
C:\Windows\system\OIqNlKJ.exe

Filesize
6.0MB

MD5
dd6c89d71ae23d75357b7c45bd075484

SHA1
0b50d22b5710ba7a33e20b4a536404c1269a67ed

SHA256
0d764c0bc080469c4d46bfc566d7449ec185e6e14917d9649e94392de18d3ff7

SHA512
57e640feb43882c85983e2dd948df59a88b3fd3eee9d3c5d4669d9baf4c66d3177e5c5ae6f2498066abff01e544698aec2e3f74712861a4815f723de15431a1a

Download Submit
C:\Windows\system\QtkUOgz.exe

Filesize
6.0MB

MD5
9e4a855694dcd714523bf4fb5aee71ec

SHA1
588c280468c5f0baa1a43399660f6b2150c469c8

SHA256
653329c921e0808c94cb13d1742688902a4427c90493e7e930ad9cc38ada3f43

SHA512
05a4f4d697651e58200931ae0bc6283671a705297267f1719ac48c0670cb169020ba3ea58c3371f1863fde06d7f3a33a69033ee6cc81a24d5776391ac437c9f1

Download Submit
C:\Windows\system\RTnSezC.exe

Filesize
6.0MB

MD5
804f6cba36b797dd64dd31e82d17fad5

SHA1
0a9eb51fcfab2e12c9f2cc80510534cab0652ad7

SHA256
da9a4870c19315f7b0658f9d4559bec12d1f4796064ae4f1a78994a2680dc87e

SHA512
9af1a31341d1af972df03ad647f43614202090748bb38823bb1f42d73e0352aa4f39520bfa39d53e9ed9b7c68c4e1bf123b1492f4a4f3a045c18fbdc91dbbb0b

Download Submit
C:\Windows\system\VHcKEpW.exe

Filesize
6.0MB

MD5
e51d96bb22a06918307018550216fac1

SHA1
b4220424b031a884c79b8e585cdfef53e5cb6b49

SHA256
ad4b873c684906ad53799eda981ef2449f246a63254e1dd1467488de0509c130

SHA512
0ac6605c961ce6d52c035d52ee22d6e60213e189072626c98c0cf1393fb32f2fe5e9c2a0d6ed5e847ff56a8c40253d9f47b8efb818d375a11341d8adf69d23b3

Download Submit
C:\Windows\system\VhlyBCd.exe

Filesize
6.0MB

MD5
9504ed6f7053eb014bb37f5ac80ee024

SHA1
125b80561e4e4d7135f83abc1525632fa83c2596

SHA256
d9b0b5645fd9fb559a2a95b6f886ab0fb1d6055f49136ae0f500ace6c1077371

SHA512
6ad265b9c22ee5966ba4ecba218225c4df507893bdd97090e28e1de7f99ff4320ab76a1d7aab5cd61463b1a06e1c6ee277b466e7a9d327e30759df367008431f

Download Submit
C:\Windows\system\XhIZQhr.exe

Filesize
6.0MB

MD5
3999c4b524a8c9a740ae445fa14ce7c7

SHA1
0dd920d916723b957ac861d6896b4ab4752b1d13

SHA256
154ba960e9b5fa3ecc5b6fc47f740ead3f7ac4484376dd78dc2e1d06825892fb

SHA512
971349fcc864f22a5ea45784fc14d0cc266123bb6d38a7213d18b6c1d04aba341aae3a7565288001eb1321d31811f52bd2822e34150b7787ea89dba1bf94aeaf

Download Submit
C:\Windows\system\bueueJO.exe

Filesize
6.0MB

MD5
7ea3ba3ae60b5116038330190fab4f50

SHA1
336b71bb1aa6ae32188a157e388c18272c16da4d

SHA256
9e2d6579bfe2ac6beb5571f18db854c17e578f0499ac94e3756f2daedbe6cfa6

SHA512
600b3ec2b68e7dea24c48ae09514c895a72c9d6df87a8fcb41050adde75d3813df6d18e184f3cc608391cd83ecdcd36b0ac186634734e7e40f3ffbd4b16dd6a9

Download Submit
C:\Windows\system\fXLhTiG.exe

Filesize
6.0MB

MD5
6931fea8ecbe211a7a2e4e3bc61361e2

SHA1
bc9ea34bcbc88410cb104641a49dc593f0c0be51

SHA256
08920860faf6bd35c372dd31f11c868ea9593e46bae3ffbd5b8e7e8568673e4b

SHA512
49017c682db47ad81d701210128b7fc253e7625f1b05dd4fcc0f64ae3bc06462ea16562d29ad071ead4449226dfb33a4b205428befe364e34f40c9aec86af474

Download Submit
C:\Windows\system\ghvXoqk.exe

Filesize
6.0MB

MD5
797b094e561a816dcd73f150681c5fbd

SHA1
34b87124fe12bcd16d5389b37ec49270c1ce7dee

SHA256
13ff23fcb11d2b75b0c538b06b1505c09b514c845d6123c1f63c101e72f1698a

SHA512
8a431b0189551521c07a01106bd39594376cbd201c98b4cbb1a23a3b105f8ccf77924381f103f7fd3a2df5c2b4110732c41773ac6ac60b9fc622707b5fe207cf

Download Submit
C:\Windows\system\hmRcaQQ.exe

Filesize
6.0MB

MD5
2d0a20bef065dc14dc386146624bdd74

SHA1
7e479e56736ab72385eb8ca78c944322872c60b6

SHA256
e74f8c2dbad6d182f76a8105ea8c494578dfe5c7b4ed30fd0e0f18985c0170d3

SHA512
c91130325634fa5503011ed0a773129c6b596f2ad952c6382ef9dbb78e267dac2a364d6bfeb910ca81ad6a41862a6217d4830f674c68663c3e0986b90a5f048d

Download Submit
C:\Windows\system\igKbuyT.exe

Filesize
6.0MB

MD5
825a2ddca8283649473f83e9d3a0d333

SHA1
1c2c518c829d0e9180f6955ae1b0d7cd0a7f39f5

SHA256
b2f8700c7b14beb3d30e8713aa3c09bea9e08df18e8735d3731ca85ef0008431

SHA512
67828214dd60f99f849002bf2c6c41c58a184676066c231ced8a5f83cd3e81fa52a87715df15477a7438b7f34c92fa9bdb7d3baa3be5470b978efc8637cbf21c

Download Submit
C:\Windows\system\iqErENx.exe

Filesize
6.0MB

MD5
7c363d0808564347d3497f894ae38d65

SHA1
df46affaf68994bb54962eee78dfe0ab92aba8b3

SHA256
a08ed0a6df29b025d0331c49ab96aa6ee2b40d4ca204028dc99fc93ed247f3aa

SHA512
fb41a0fc3ffe74b25fbd7773a6024bbef229fa35a9aa55020918f6f00dfca77b70d3e6dd8f90afff076edd0399c132330cd21736999967e7390b86af36c5455c

Download Submit
C:\Windows\system\jxzSCbI.exe

Filesize
6.0MB

MD5
8bed958e2a5b689ec625e2c78883de73

SHA1
d95bc3d38605bfaf24697c661ef4f5c8fcb34756

SHA256
f1604f70dba890b19870f45029f76d864c67ec74e082f079f2e84710a9c9cef5

SHA512
c5cead445f1d05edbf450893f70229df932535e3ff4dc209d35debee173927870421e3816aaf98eab0ce715128088bfed982225da9b977aebd3ad3a523e843bc

Download Submit
C:\Windows\system\ksFMjvw.exe

Filesize
6.0MB

MD5
f37659baa624a9a9b1029a2060ad5169

SHA1
84672c86a908bfdacbfd3f9348c38a14fafede86

SHA256
40509184f7e2d71dbf7b28ea1193e731e57ed9f5229edf1b613224a0624032f8

SHA512
ae53d3d52436e2eac17056a423e777e1d02ee441e403e1d36ab6aebd4549a327d5a5b57bec2231e2f314aa88bb3570ecc0de22384231e8becd0d51a169b4e329

Download Submit
C:\Windows\system\lfgAEjc.exe

Filesize
6.0MB

MD5
4bf79a935e2e7609ef628a96adca5bd3

SHA1
3abe2eeadad40f65492815e839581bf89e6027b1

SHA256
88c0cd2494bf371e5b8cada41f50b0ef438310fc404f5ff3991c5e0f6d4a513f

SHA512
979d6634ff4994709e113d4d10d8a1bbf1e9c890fca747b6290fdc82701af8cd277649dfb8b5f22e0cb3d3c3baf31a7725f76f699b813dc3be9bd7839be42854

Download Submit
C:\Windows\system\liPRGiQ.exe

Filesize
6.0MB

MD5
51c5215375667cfff352737877a82b93

SHA1
fbd130b0419a412dfb8ca97f67c395d82b73c944

SHA256
8baff54d57546926342a05bb75f7d858f16ed512cec189d377fe718cdac5f816

SHA512
ac4ca31fbff9a8f27f7383e70a13417b1b300ef987cb5a47c2c705f2262925d11eee404a165c455383e0ebccdb43bb9f482827b2b721b661bd1ef7aa8d599c45

Download Submit
C:\Windows\system\mAzvQZE.exe

Filesize
6.0MB

MD5
3e63833dd25ee311694ece3b5aa47ce9

SHA1
48d5a76687c088cd9124929c70aeb9dc34ae528f

SHA256
d0916aa07e28b43b034b8120e45f9231511fcce7b6a0ff47cf0af77b6eaa9978

SHA512
113cf843603f62de1eb7f0e1f993df15d7dd80caf76ce45706c4faf837d2f3a3fc3b4de6f349271ff6d5f3697c459a5209bfa3c7f99cbbca664774a96d9691e8

Download Submit
C:\Windows\system\oOFkeMI.exe

Filesize
6.0MB

MD5
0843c499744a7fa07681d6f7539459e6

SHA1
d3f4ec777487c9a727a662d4f12cb9af0fc18056

SHA256
ca27eed2a55caa84b1240a78a597134a74be98868ec2ebdf0ca47f20ee00b75f

SHA512
11fc2b45ae6c7ca4f500a90cafac67804edacb141904830f68b98b3e571a481527566203a7b2caef969f79f00d9f5e480cafa6c6e4dc18659185169a1ffde25c

Download Submit
C:\Windows\system\oTgEKJa.exe

Filesize
6.0MB

MD5
1e3be1404175941e0fac7283389288f6

SHA1
e9b1af45018ef4588a8417c4ccb937903b4b5b21

SHA256
49c68d27424bac8bb8a6fb6c1e902243d009865b0428bc93e144f7f8191f3547

SHA512
9868d0d8dc1216eecf462d75e8c60c6e3de5a499e57959e11b59e64a6929dae8f3cdee91f97fab1faeb920a80ae6121a5d927793139c9a33f5e14d5091021e2c

Download Submit
C:\Windows\system\ooIhaeb.exe

Filesize
6.0MB

MD5
e7870ebc62ada3424a450962316bb63c

SHA1
de198194b75c4194bbdbda0153a48487d506e75c

SHA256
1fcdd17d37b0e4fcf7777b2229ee47c30be28b663b9784afd5dfb8d93b8e12c5

SHA512
b761ba400ee6ce4620ec318b2fdcb6f539243d1afc69505a5ae4878fdaa476f2497f919f108acb4baa444748802fd10d9192bed707815d7b5c290d9b7987eae9

Download Submit
C:\Windows\system\rIePTaQ.exe

Filesize
6.0MB

MD5
04cc23e80c189753c3588ca221a6e9f6

SHA1
81f33f23ed02e7ff6ead52aaede82cbf8098a322

SHA256
e4468225a83620497474e65d82b569f01bdba9ab60553e8dd2af4e8a69a19836

SHA512
099502ed2db2a74389d4921582d4e95baa2b2684f00ecff1dd2238d883ebd69b0075e740660e828b07490ddf8dcd14f0efd753f73a2b20a8b3865e6fea01b361

Download Submit
C:\Windows\system\tRChcim.exe

Filesize
6.0MB

MD5
0ee774297816072f7dc51e560cac7f41

SHA1
c22fdea23f06b4dc21964e7ef3f0d65fcd20e248

SHA256
42faab774c11076ef810ed56181ead14d59db16791299822c714f456b5856200

SHA512
f009b31f8e2ff7cd2d45e99a69a494c5f4ed911c33e7b759a394c9bda0c9e417c05a554d89c0ffee62037c69c5d3af7e5a24ad56b474c368969916c6575e336a

Download Submit
C:\Windows\system\xUTOLAR.exe

Filesize
6.0MB

MD5
16217bd74d8cafde8692df96e21563ad

SHA1
21d0ebd9b1a5736a378c676fdfe0e1995f89e7ec

SHA256
1d8242147e2a05c0cdfe7be461396112db07bb0315036ec86353133a2ca1da5b

SHA512
a902f967e90036c69edf1f4ddd3ae2f563d11099dd52df15c65ce63578d322a40e44d9565d7ddbe2409661e710d4e74d7f43becba426e33073170327e920b7b7

Download Submit
\Windows\system\OaiCUoO.exe

Filesize
6.0MB

MD5
c29a35f1629d013155599e69cba82618

SHA1
b28dff677c8615001a4bfd8365923a6752beaffd

SHA256
9a5ed31c793b857545ff0e26172d55780dcd4fe3af1e83bd49ccb7dc967ae894

SHA512
0bf78e179493f08c6a9a6d718bf4a664776ed4b6024305f9ff16c0b7249d66cd59f4bb22231c48f6c669b710050958986f52f4b861c90ec4960c9fa3b186bb30

Download Submit
\Windows\system\phKlWCa.exe

Filesize
6.0MB

MD5
9dfac9ee4819ffe33ae5dae1bb210830

SHA1
b53baff1e2cd8d4e1856507ece706eb089f63d39

SHA256
4d94359644531dbe5eb563c0c069e5772a2bf8783075e2958fdbcb6a64f9d56c

SHA512
be7a98ecdae7e5c1b7572ab03e5e8c1a24866408407d757c2f385c4a6f776369ec8804baab39a7e2f2524930119d2d3c57a634d43e1ba047bf7c4c0ab52d6ce0

Download Submit
memory/2136-139-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2136-4019-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2428-144-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2428-138-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2428-155-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2428-160-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2428-158-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-191-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-168-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2428-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2428-142-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-0-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-162-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-196-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-8-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-146-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2428-148-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-140-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-153-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-14-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-769-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-4029-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2492-161-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2536-4028-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-165-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-159-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-4027-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-147-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4022-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2636-141-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-4021-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-157-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2728-4025-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2756-4020-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-143-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-151-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-4023-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-4024-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2800-154-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2836-132-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2836-4030-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2876-145-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2876-4026-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2964-4017-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2964-9-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2980-4018-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2980-632-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2980-131-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download