cobaltstrike | da6574b24c2f37e45ac388317122317233266d300d82b44e9467fd00aed9f3de

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 10:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b84658eae37f839904353f1a7564aeb6
SHA1

ac5641bd7ca423093c2cc83a8835b94e5f78cfa1
SHA256

da6574b24c2f37e45ac388317122317233266d300d82b44e9467fd00aed9f3de
SHA512

caacd6e9e826a12b5dd5c7d1c86720a76f789e9f7d141014fc3dcfba728d60fa176928230146247341c2508b2f8df2600d3adc6bffe3d783330ca85f8fc086ae
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUS:T+q56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000f0000000139a5-6.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173b2-12.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173f6-19.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001746c-28.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001749c-47.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017474-29.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017481-35.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019614-50.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016f97-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019616-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c38-102.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962a-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db8-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019da4-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d20-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d44-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3a-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196e8-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001966c-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001997c-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c53-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ac-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019618-68.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07b-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a1-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42b-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a345-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a067-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb9-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9f-153.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2076-0-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/files/0x000f0000000139a5-6.dat	xmrig
behavioral1/files/0x00080000000173b2-12.dat	xmrig
behavioral1/memory/2644-15-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/1664-13-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x00070000000173f6-19.dat	xmrig
behavioral1/files/0x000700000001746c-28.dat	xmrig
behavioral1/memory/2076-36-0x0000000002320000-0x0000000002674000-memory.dmp	xmrig
behavioral1/memory/2848-42-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2076-41-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/1900-39-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2896-30-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2288-48-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x000900000001749c-47.dat	xmrig
behavioral1/memory/2076-46-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x0007000000017474-29.dat	xmrig
behavioral1/files/0x0009000000017481-35.dat	xmrig
behavioral1/memory/2700-33-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x0005000000019614-50.dat	xmrig
behavioral1/files/0x0009000000016f97-54.dat	xmrig
behavioral1/files/0x0005000000019616-70.dat	xmrig
behavioral1/memory/2732-81-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c38-102.dat	xmrig
behavioral1/files/0x000500000001962a-80.dat	xmrig
behavioral1/memory/2828-79-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c36-95.dat	xmrig
behavioral1/files/0x0005000000019db8-138.dat	xmrig
behavioral1/files/0x0005000000019da4-135.dat	xmrig
behavioral1/files/0x0005000000019d20-129.dat	xmrig
behavioral1/files/0x0005000000019d44-139.dat	xmrig
behavioral1/files/0x0005000000019c3a-120.dat	xmrig
behavioral1/files/0x00050000000196e8-118.dat	xmrig
behavioral1/memory/2644-116-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2700-145-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2152-114-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2592-110-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001966c-106.dat	xmrig
behavioral1/memory/2076-98-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001997c-96.dat	xmrig
behavioral1/memory/2724-91-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c53-124.dat	xmrig
behavioral1/files/0x00050000000196ac-87.dat	xmrig
behavioral1/memory/2916-64-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2076-69-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019618-68.dat	xmrig
behavioral1/memory/1900-146-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x000500000001a07b-167.dat	xmrig
behavioral1/files/0x000500000001a0a1-170.dat	xmrig
behavioral1/memory/2288-480-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2076-1074-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/files/0x000500000001a42b-187.dat	xmrig
behavioral1/files/0x000500000001a345-183.dat	xmrig
behavioral1/files/0x000500000001a067-162.dat	xmrig
behavioral1/files/0x000500000001a301-176.dat	xmrig
behavioral1/files/0x0005000000019fb9-157.dat	xmrig
behavioral1/files/0x0005000000019f9f-153.dat	xmrig
behavioral1/memory/1664-3999-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2644-4000-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2896-4001-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2700-4002-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2848-4004-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/1900-4003-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2288-4005-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2828-4006-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1664	OnDJuMd.exe
2644	jdVqxPZ.exe
2896	ntbYOmd.exe
1900	ESjwcyE.exe
2700	OldhyYp.exe
2848	jGsiKmw.exe
2288	tZkGjaf.exe
2828	aIROyHL.exe
2916	ROnSoeY.exe
2732	EmrqNoj.exe
2724	XKnnXDq.exe
2592	KvBhQfH.exe
2152	yXcjsQO.exe
1644	BZueAeY.exe
1056	mPhFMKs.exe
2660	edmCsLc.exe
1800	LtyYbxL.exe
2928	cKxosJL.exe
2756	EIKuWpl.exe
2936	mMnEzEp.exe
3012	eRzSrtl.exe
1328	qUSmxpg.exe
2452	dVfWBLp.exe
2532	QqGFKnm.exe
2444	eEqVqyg.exe
1584	jmxgkcv.exe
1564	hlYCRrI.exe
1932	oUJAWKR.exe
1552	DNEbHOA.exe
1196	LgakJRl.exe
1956	EoTaDQC.exe
968	evkXIek.exe
1740	gHLcVWA.exe
1732	QabOIYw.exe
2240	uDiOasp.exe
1708	kIRLqHy.exe
1960	LPZUDDJ.exe
2128	BzmaKjC.exe
2260	ViprKPL.exe
2132	BPNGUrP.exe
1424	mFtjADp.exe
376	yCDbces.exe
2340	DSkxOUc.exe
1596	QMeXinn.exe
2252	qEWdUXv.exe
1016	zVrvJnI.exe
888	nPTquvb.exe
676	RMNAwEd.exe
276	eeOOofy.exe
2348	pifIBQC.exe
1536	RiRyGIx.exe
1540	XnOPTuD.exe
2376	orVQoVT.exe
2088	EPuKoii.exe
2712	dgBKSyR.exe
2716	osFmjfV.exe
2736	hUHKGoj.exe
3068	hzHmmbi.exe
2636	wGLPYTh.exe
3052	lFQDsKr.exe
2548	cOhxqOe.exe
600	JdyNXWL.exe
1036	xWIHUbV.exe
900	jrLlCeP.exe

Loads dropped DLL 64 IoCs

pid	Process
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2076-0-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x000f0000000139a5-6.dat	upx
behavioral1/files/0x00080000000173b2-12.dat	upx
behavioral1/memory/2644-15-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/1664-13-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x00070000000173f6-19.dat	upx
behavioral1/files/0x000700000001746c-28.dat	upx
behavioral1/memory/2848-42-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/1900-39-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2896-30-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2288-48-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x000900000001749c-47.dat	upx
behavioral1/files/0x0007000000017474-29.dat	upx
behavioral1/files/0x0009000000017481-35.dat	upx
behavioral1/memory/2700-33-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x0005000000019614-50.dat	upx
behavioral1/files/0x0009000000016f97-54.dat	upx
behavioral1/files/0x0005000000019616-70.dat	upx
behavioral1/memory/2732-81-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x0005000000019c38-102.dat	upx
behavioral1/files/0x000500000001962a-80.dat	upx
behavioral1/memory/2828-79-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/files/0x0005000000019c36-95.dat	upx
behavioral1/files/0x0005000000019db8-138.dat	upx
behavioral1/files/0x0005000000019da4-135.dat	upx
behavioral1/files/0x0005000000019d20-129.dat	upx
behavioral1/files/0x0005000000019d44-139.dat	upx
behavioral1/files/0x0005000000019c3a-120.dat	upx
behavioral1/files/0x00050000000196e8-118.dat	upx
behavioral1/memory/2644-116-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2700-145-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2152-114-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2592-110-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/files/0x000500000001966c-106.dat	upx
behavioral1/files/0x000500000001997c-96.dat	upx
behavioral1/memory/2724-91-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x0005000000019c53-124.dat	upx
behavioral1/files/0x00050000000196ac-87.dat	upx
behavioral1/memory/2916-64-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2076-69-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x0005000000019618-68.dat	upx
behavioral1/memory/1900-146-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x000500000001a07b-167.dat	upx
behavioral1/files/0x000500000001a0a1-170.dat	upx
behavioral1/memory/2288-480-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x000500000001a42b-187.dat	upx
behavioral1/files/0x000500000001a345-183.dat	upx
behavioral1/files/0x000500000001a067-162.dat	upx
behavioral1/files/0x000500000001a301-176.dat	upx
behavioral1/files/0x0005000000019fb9-157.dat	upx
behavioral1/files/0x0005000000019f9f-153.dat	upx
behavioral1/memory/1664-3999-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2644-4000-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2896-4001-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2700-4002-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2848-4004-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/1900-4003-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2288-4005-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2828-4006-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2916-4007-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2724-4008-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2732-4009-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2592-4010-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2152-4011-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\LtOBAvZ.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vqTbBcy.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fmWcKHG.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EabwAEH.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fPcBYci.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DSuFtaM.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OWPZvfq.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SDemyna.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LiZGlQF.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VTrBkAO.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XyJxTQA.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bNsVHZs.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iqMMvHj.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dgBKSyR.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iyoiGwr.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lTAAqSf.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tfpXPfs.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LaCceWR.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VEIiUOg.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OwPIvSl.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\faKhewS.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\apjgVGZ.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Xbodvkb.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VNmKhgo.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SxrPiJd.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TzwVVjN.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fCkyCga.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UhSLjTw.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cvWQjwt.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zGPKfCI.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sKyduim.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKumgWs.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DljVPra.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jMztTRr.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KdnaFoU.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IiKcNdZ.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\opjoUWZ.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XYorhTS.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\erUBviA.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMCBUPr.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hQcRMDe.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhGLifj.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVyWlIS.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GHglcAS.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RzRuORK.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AhQaqme.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CcGQmdr.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLRkuvQ.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CbSyzkh.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zpNZpAQ.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFeNCoG.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\daoulDD.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VyLgohW.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\luUydvh.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EIKuWpl.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iwJnvRK.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PxyyHIC.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wJCvhfn.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LyQLxmQ.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCSYFBB.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mMnEzEp.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dygwNxR.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YRIZCyp.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FejJywE.exe	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 1664	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2076 wrote to memory of 1664	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2076 wrote to memory of 1664	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2076 wrote to memory of 2644	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2076 wrote to memory of 2644	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2076 wrote to memory of 2644	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2076 wrote to memory of 2896	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2076 wrote to memory of 2896	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2076 wrote to memory of 2896	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2076 wrote to memory of 1900	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2076 wrote to memory of 1900	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2076 wrote to memory of 1900	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2076 wrote to memory of 2700	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2076 wrote to memory of 2700	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2076 wrote to memory of 2700	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2076 wrote to memory of 2848	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2076 wrote to memory of 2848	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2076 wrote to memory of 2848	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2076 wrote to memory of 2288	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2076 wrote to memory of 2288	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2076 wrote to memory of 2288	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2076 wrote to memory of 2828	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2076 wrote to memory of 2828	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2076 wrote to memory of 2828	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2076 wrote to memory of 2916	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2076 wrote to memory of 2916	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2076 wrote to memory of 2916	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2076 wrote to memory of 2724	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2076 wrote to memory of 2724	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2076 wrote to memory of 2724	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2076 wrote to memory of 2732	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2076 wrote to memory of 2732	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2076 wrote to memory of 2732	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2076 wrote to memory of 2592	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2076 wrote to memory of 2592	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2076 wrote to memory of 2592	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2076 wrote to memory of 1056	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2076 wrote to memory of 1056	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2076 wrote to memory of 1056	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2076 wrote to memory of 2152	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2076 wrote to memory of 2152	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2076 wrote to memory of 2152	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2076 wrote to memory of 1800	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2076 wrote to memory of 1800	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2076 wrote to memory of 1800	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2076 wrote to memory of 1644	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2076 wrote to memory of 1644	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2076 wrote to memory of 1644	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2076 wrote to memory of 2928	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2076 wrote to memory of 2928	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2076 wrote to memory of 2928	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2076 wrote to memory of 2660	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2076 wrote to memory of 2660	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2076 wrote to memory of 2660	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2076 wrote to memory of 2756	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2076 wrote to memory of 2756	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2076 wrote to memory of 2756	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2076 wrote to memory of 2936	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2076 wrote to memory of 2936	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2076 wrote to memory of 2936	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2076 wrote to memory of 1328	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2076 wrote to memory of 1328	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2076 wrote to memory of 1328	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2076 wrote to memory of 3012	2076	2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_b84658eae37f839904353f1a7564aeb6_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\System\OnDJuMd.exe
  C:\Windows\System\OnDJuMd.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\jdVqxPZ.exe
  C:\Windows\System\jdVqxPZ.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\ntbYOmd.exe
  C:\Windows\System\ntbYOmd.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\ESjwcyE.exe
  C:\Windows\System\ESjwcyE.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\OldhyYp.exe
  C:\Windows\System\OldhyYp.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\jGsiKmw.exe
  C:\Windows\System\jGsiKmw.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\tZkGjaf.exe
  C:\Windows\System\tZkGjaf.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\aIROyHL.exe
  C:\Windows\System\aIROyHL.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\ROnSoeY.exe
  C:\Windows\System\ROnSoeY.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\XKnnXDq.exe
  C:\Windows\System\XKnnXDq.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\EmrqNoj.exe
  C:\Windows\System\EmrqNoj.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\KvBhQfH.exe
  C:\Windows\System\KvBhQfH.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\mPhFMKs.exe
  C:\Windows\System\mPhFMKs.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\yXcjsQO.exe
  C:\Windows\System\yXcjsQO.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\LtyYbxL.exe
  C:\Windows\System\LtyYbxL.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\BZueAeY.exe
  C:\Windows\System\BZueAeY.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\cKxosJL.exe
  C:\Windows\System\cKxosJL.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\edmCsLc.exe
  C:\Windows\System\edmCsLc.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\EIKuWpl.exe
  C:\Windows\System\EIKuWpl.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\mMnEzEp.exe
  C:\Windows\System\mMnEzEp.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\qUSmxpg.exe
  C:\Windows\System\qUSmxpg.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\eRzSrtl.exe
  C:\Windows\System\eRzSrtl.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\dVfWBLp.exe
  C:\Windows\System\dVfWBLp.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\QqGFKnm.exe
  C:\Windows\System\QqGFKnm.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\eEqVqyg.exe
  C:\Windows\System\eEqVqyg.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\jmxgkcv.exe
  C:\Windows\System\jmxgkcv.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\hlYCRrI.exe
  C:\Windows\System\hlYCRrI.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\oUJAWKR.exe
  C:\Windows\System\oUJAWKR.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\DNEbHOA.exe
  C:\Windows\System\DNEbHOA.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\LgakJRl.exe
  C:\Windows\System\LgakJRl.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\EoTaDQC.exe
  C:\Windows\System\EoTaDQC.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\evkXIek.exe
  C:\Windows\System\evkXIek.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\gHLcVWA.exe
  C:\Windows\System\gHLcVWA.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\QabOIYw.exe
  C:\Windows\System\QabOIYw.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\uDiOasp.exe
  C:\Windows\System\uDiOasp.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\kIRLqHy.exe
  C:\Windows\System\kIRLqHy.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\LPZUDDJ.exe
  C:\Windows\System\LPZUDDJ.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\BzmaKjC.exe
  C:\Windows\System\BzmaKjC.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\ViprKPL.exe
  C:\Windows\System\ViprKPL.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\BPNGUrP.exe
  C:\Windows\System\BPNGUrP.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\mFtjADp.exe
  C:\Windows\System\mFtjADp.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\yCDbces.exe
  C:\Windows\System\yCDbces.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\DSkxOUc.exe
  C:\Windows\System\DSkxOUc.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\QMeXinn.exe
  C:\Windows\System\QMeXinn.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\qEWdUXv.exe
  C:\Windows\System\qEWdUXv.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\zVrvJnI.exe
  C:\Windows\System\zVrvJnI.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\nPTquvb.exe
  C:\Windows\System\nPTquvb.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\RMNAwEd.exe
  C:\Windows\System\RMNAwEd.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\eeOOofy.exe
  C:\Windows\System\eeOOofy.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\pifIBQC.exe
  C:\Windows\System\pifIBQC.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\RiRyGIx.exe
  C:\Windows\System\RiRyGIx.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\XnOPTuD.exe
  C:\Windows\System\XnOPTuD.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\orVQoVT.exe
  C:\Windows\System\orVQoVT.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\EPuKoii.exe
  C:\Windows\System\EPuKoii.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\dgBKSyR.exe
  C:\Windows\System\dgBKSyR.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\osFmjfV.exe
  C:\Windows\System\osFmjfV.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\hUHKGoj.exe
  C:\Windows\System\hUHKGoj.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\hzHmmbi.exe
  C:\Windows\System\hzHmmbi.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\wGLPYTh.exe
  C:\Windows\System\wGLPYTh.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\lFQDsKr.exe
  C:\Windows\System\lFQDsKr.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\cOhxqOe.exe
  C:\Windows\System\cOhxqOe.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\JdyNXWL.exe
  C:\Windows\System\JdyNXWL.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\xWIHUbV.exe
  C:\Windows\System\xWIHUbV.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\jrLlCeP.exe
  C:\Windows\System\jrLlCeP.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\uEdGLxv.exe
  C:\Windows\System\uEdGLxv.exe
  2⤵
  PID:2176
- C:\Windows\System\RhRjhje.exe
  C:\Windows\System\RhRjhje.exe
  2⤵
  PID:1160
- C:\Windows\System\pVMIVkn.exe
  C:\Windows\System\pVMIVkn.exe
  2⤵
  PID:3064
- C:\Windows\System\xORiMFr.exe
  C:\Windows\System\xORiMFr.exe
  2⤵
  PID:2864
- C:\Windows\System\vpYPRer.exe
  C:\Windows\System\vpYPRer.exe
  2⤵
  PID:2720
- C:\Windows\System\VZFuFCr.exe
  C:\Windows\System\VZFuFCr.exe
  2⤵
  PID:444
- C:\Windows\System\xqHUQMe.exe
  C:\Windows\System\xqHUQMe.exe
  2⤵
  PID:1312
- C:\Windows\System\ttPdDns.exe
  C:\Windows\System\ttPdDns.exe
  2⤵
  PID:704
- C:\Windows\System\BfddQTa.exe
  C:\Windows\System\BfddQTa.exe
  2⤵
  PID:1804
- C:\Windows\System\paQUcLG.exe
  C:\Windows\System\paQUcLG.exe
  2⤵
  PID:112
- C:\Windows\System\KDYPdUB.exe
  C:\Windows\System\KDYPdUB.exe
  2⤵
  PID:1784
- C:\Windows\System\OJvdHrt.exe
  C:\Windows\System\OJvdHrt.exe
  2⤵
  PID:1228
- C:\Windows\System\CvnPaZg.exe
  C:\Windows\System\CvnPaZg.exe
  2⤵
  PID:1164
- C:\Windows\System\GsNAWUY.exe
  C:\Windows\System\GsNAWUY.exe
  2⤵
  PID:1212
- C:\Windows\System\bUYhuEM.exe
  C:\Windows\System\bUYhuEM.exe
  2⤵
  PID:2124
- C:\Windows\System\GpaITZa.exe
  C:\Windows\System\GpaITZa.exe
  2⤵
  PID:3016
- C:\Windows\System\KNVKqoX.exe
  C:\Windows\System\KNVKqoX.exe
  2⤵
  PID:1456
- C:\Windows\System\pbeBGSc.exe
  C:\Windows\System\pbeBGSc.exe
  2⤵
  PID:1892
- C:\Windows\System\wIKFWMV.exe
  C:\Windows\System\wIKFWMV.exe
  2⤵
  PID:2292
- C:\Windows\System\TUxktQm.exe
  C:\Windows\System\TUxktQm.exe
  2⤵
  PID:1580
- C:\Windows\System\TUVwhZZ.exe
  C:\Windows\System\TUVwhZZ.exe
  2⤵
  PID:2580
- C:\Windows\System\iXXwTno.exe
  C:\Windows\System\iXXwTno.exe
  2⤵
  PID:1532
- C:\Windows\System\IEpmcwN.exe
  C:\Windows\System\IEpmcwN.exe
  2⤵
  PID:2488
- C:\Windows\System\DIlBJZi.exe
  C:\Windows\System\DIlBJZi.exe
  2⤵
  PID:2272
- C:\Windows\System\VEIiUOg.exe
  C:\Windows\System\VEIiUOg.exe
  2⤵
  PID:2332
- C:\Windows\System\iBbHtAD.exe
  C:\Windows\System\iBbHtAD.exe
  2⤵
  PID:2696
- C:\Windows\System\gurBNzi.exe
  C:\Windows\System\gurBNzi.exe
  2⤵
  PID:2084
- C:\Windows\System\DRCrTCJ.exe
  C:\Windows\System\DRCrTCJ.exe
  2⤵
  PID:1992
- C:\Windows\System\fLfyoLY.exe
  C:\Windows\System\fLfyoLY.exe
  2⤵
  PID:1984
- C:\Windows\System\KdnaFoU.exe
  C:\Windows\System\KdnaFoU.exe
  2⤵
  PID:1368
- C:\Windows\System\jYzYrTg.exe
  C:\Windows\System\jYzYrTg.exe
  2⤵
  PID:2200
- C:\Windows\System\aAsVRfv.exe
  C:\Windows\System\aAsVRfv.exe
  2⤵
  PID:2108
- C:\Windows\System\eaYZxFy.exe
  C:\Windows\System\eaYZxFy.exe
  2⤵
  PID:1512
- C:\Windows\System\tpTRDcx.exe
  C:\Windows\System\tpTRDcx.exe
  2⤵
  PID:2224
- C:\Windows\System\jRSORSU.exe
  C:\Windows\System\jRSORSU.exe
  2⤵
  PID:1588
- C:\Windows\System\suFJdEQ.exe
  C:\Windows\System\suFJdEQ.exe
  2⤵
  PID:2324
- C:\Windows\System\NzNRUWK.exe
  C:\Windows\System\NzNRUWK.exe
  2⤵
  PID:1684
- C:\Windows\System\CYaLcSA.exe
  C:\Windows\System\CYaLcSA.exe
  2⤵
  PID:1712
- C:\Windows\System\sqBItuQ.exe
  C:\Windows\System\sqBItuQ.exe
  2⤵
  PID:3024
- C:\Windows\System\nSPSNXk.exe
  C:\Windows\System\nSPSNXk.exe
  2⤵
  PID:564
- C:\Windows\System\dygwNxR.exe
  C:\Windows\System\dygwNxR.exe
  2⤵
  PID:2432
- C:\Windows\System\lrVTOfK.exe
  C:\Windows\System\lrVTOfK.exe
  2⤵
  PID:892
- C:\Windows\System\aIqYkFo.exe
  C:\Windows\System\aIqYkFo.exe
  2⤵
  PID:280
- C:\Windows\System\QiUmaEb.exe
  C:\Windows\System\QiUmaEb.exe
  2⤵
  PID:2776
- C:\Windows\System\lbHpHxj.exe
  C:\Windows\System\lbHpHxj.exe
  2⤵
  PID:2740
- C:\Windows\System\DShisvY.exe
  C:\Windows\System\DShisvY.exe
  2⤵
  PID:2692
- C:\Windows\System\VrzXQxv.exe
  C:\Windows\System\VrzXQxv.exe
  2⤵
  PID:2572
- C:\Windows\System\fcfdNOx.exe
  C:\Windows\System\fcfdNOx.exe
  2⤵
  PID:3040
- C:\Windows\System\eWItIwh.exe
  C:\Windows\System\eWItIwh.exe
  2⤵
  PID:1948
- C:\Windows\System\CPfNsHi.exe
  C:\Windows\System\CPfNsHi.exe
  2⤵
  PID:2000
- C:\Windows\System\liZqCzx.exe
  C:\Windows\System\liZqCzx.exe
  2⤵
  PID:2484
- C:\Windows\System\ClWIAUA.exe
  C:\Windows\System\ClWIAUA.exe
  2⤵
  PID:1748
- C:\Windows\System\eQNeCjS.exe
  C:\Windows\System\eQNeCjS.exe
  2⤵
  PID:2892
- C:\Windows\System\utwznAp.exe
  C:\Windows\System\utwznAp.exe
  2⤵
  PID:2984
- C:\Windows\System\wXHMKEL.exe
  C:\Windows\System\wXHMKEL.exe
  2⤵
  PID:2536
- C:\Windows\System\SKkcueR.exe
  C:\Windows\System\SKkcueR.exe
  2⤵
  PID:2968
- C:\Windows\System\gjhVJFB.exe
  C:\Windows\System\gjhVJFB.exe
  2⤵
  PID:1280
- C:\Windows\System\yfiBppx.exe
  C:\Windows\System\yfiBppx.exe
  2⤵
  PID:2300
- C:\Windows\System\IcDFhtO.exe
  C:\Windows\System\IcDFhtO.exe
  2⤵
  PID:1504
- C:\Windows\System\AaiAazZ.exe
  C:\Windows\System\AaiAazZ.exe
  2⤵
  PID:2868
- C:\Windows\System\nLLCrce.exe
  C:\Windows\System\nLLCrce.exe
  2⤵
  PID:2056
- C:\Windows\System\wRAOweg.exe
  C:\Windows\System\wRAOweg.exe
  2⤵
  PID:1144
- C:\Windows\System\RwLiDMP.exe
  C:\Windows\System\RwLiDMP.exe
  2⤵
  PID:1728
- C:\Windows\System\oZQuVhF.exe
  C:\Windows\System\oZQuVhF.exe
  2⤵
  PID:2876
- C:\Windows\System\HlsQiDo.exe
  C:\Windows\System\HlsQiDo.exe
  2⤵
  PID:1668
- C:\Windows\System\ZOEHcKD.exe
  C:\Windows\System\ZOEHcKD.exe
  2⤵
  PID:1508
- C:\Windows\System\JjAVgFT.exe
  C:\Windows\System\JjAVgFT.exe
  2⤵
  PID:1944
- C:\Windows\System\nvnAWpx.exe
  C:\Windows\System\nvnAWpx.exe
  2⤵
  PID:2948
- C:\Windows\System\KNuXMwm.exe
  C:\Windows\System\KNuXMwm.exe
  2⤵
  PID:1976
- C:\Windows\System\rwYbWkd.exe
  C:\Windows\System\rwYbWkd.exe
  2⤵
  PID:536
- C:\Windows\System\QGHDsMU.exe
  C:\Windows\System\QGHDsMU.exe
  2⤵
  PID:1028
- C:\Windows\System\qPJmPWN.exe
  C:\Windows\System\qPJmPWN.exe
  2⤵
  PID:2396
- C:\Windows\System\cTxIflo.exe
  C:\Windows\System\cTxIflo.exe
  2⤵
  PID:624
- C:\Windows\System\NLHokTy.exe
  C:\Windows\System\NLHokTy.exe
  2⤵
  PID:2996
- C:\Windows\System\RqgdFXU.exe
  C:\Windows\System\RqgdFXU.exe
  2⤵
  PID:2816
- C:\Windows\System\OzWaAZT.exe
  C:\Windows\System\OzWaAZT.exe
  2⤵
  PID:2860
- C:\Windows\System\MAzndop.exe
  C:\Windows\System\MAzndop.exe
  2⤵
  PID:2812
- C:\Windows\System\CaotzIh.exe
  C:\Windows\System\CaotzIh.exe
  2⤵
  PID:2408
- C:\Windows\System\buSwcCQ.exe
  C:\Windows\System\buSwcCQ.exe
  2⤵
  PID:2900
- C:\Windows\System\UeFALpk.exe
  C:\Windows\System\UeFALpk.exe
  2⤵
  PID:3076
- C:\Windows\System\VLKGtRt.exe
  C:\Windows\System\VLKGtRt.exe
  2⤵
  PID:3096
- C:\Windows\System\dbeTtMF.exe
  C:\Windows\System\dbeTtMF.exe
  2⤵
  PID:3116
- C:\Windows\System\vKRqKqm.exe
  C:\Windows\System\vKRqKqm.exe
  2⤵
  PID:3132
- C:\Windows\System\ZpHZFIX.exe
  C:\Windows\System\ZpHZFIX.exe
  2⤵
  PID:3148
- C:\Windows\System\ZHqtWRO.exe
  C:\Windows\System\ZHqtWRO.exe
  2⤵
  PID:3164
- C:\Windows\System\GPhmQgH.exe
  C:\Windows\System\GPhmQgH.exe
  2⤵
  PID:3184
- C:\Windows\System\qvgTRDF.exe
  C:\Windows\System\qvgTRDF.exe
  2⤵
  PID:3212
- C:\Windows\System\dVHvVkL.exe
  C:\Windows\System\dVHvVkL.exe
  2⤵
  PID:3232
- C:\Windows\System\LHHrksc.exe
  C:\Windows\System\LHHrksc.exe
  2⤵
  PID:3248
- C:\Windows\System\oiQGBjI.exe
  C:\Windows\System\oiQGBjI.exe
  2⤵
  PID:3268
- C:\Windows\System\JQkLFqV.exe
  C:\Windows\System\JQkLFqV.exe
  2⤵
  PID:3292
- C:\Windows\System\KxkipXp.exe
  C:\Windows\System\KxkipXp.exe
  2⤵
  PID:3312
- C:\Windows\System\FWYlKZY.exe
  C:\Windows\System\FWYlKZY.exe
  2⤵
  PID:3328
- C:\Windows\System\NpVeWsj.exe
  C:\Windows\System\NpVeWsj.exe
  2⤵
  PID:3344
- C:\Windows\System\ZYoMqmN.exe
  C:\Windows\System\ZYoMqmN.exe
  2⤵
  PID:3380
- C:\Windows\System\pnfWLYc.exe
  C:\Windows\System\pnfWLYc.exe
  2⤵
  PID:3396
- C:\Windows\System\ZgRjazb.exe
  C:\Windows\System\ZgRjazb.exe
  2⤵
  PID:3412
- C:\Windows\System\MpiGLTL.exe
  C:\Windows\System\MpiGLTL.exe
  2⤵
  PID:3428
- C:\Windows\System\LtOBAvZ.exe
  C:\Windows\System\LtOBAvZ.exe
  2⤵
  PID:3444
- C:\Windows\System\vcKHeUN.exe
  C:\Windows\System\vcKHeUN.exe
  2⤵
  PID:3460
- C:\Windows\System\WQBJRKQ.exe
  C:\Windows\System\WQBJRKQ.exe
  2⤵
  PID:3476
- C:\Windows\System\OtssIrh.exe
  C:\Windows\System\OtssIrh.exe
  2⤵
  PID:3496
- C:\Windows\System\QaNVmSg.exe
  C:\Windows\System\QaNVmSg.exe
  2⤵
  PID:3512
- C:\Windows\System\fHsEKGa.exe
  C:\Windows\System\fHsEKGa.exe
  2⤵
  PID:3548
- C:\Windows\System\VmYddIo.exe
  C:\Windows\System\VmYddIo.exe
  2⤵
  PID:3580
- C:\Windows\System\uteyRJm.exe
  C:\Windows\System\uteyRJm.exe
  2⤵
  PID:3604
- C:\Windows\System\DEIuueh.exe
  C:\Windows\System\DEIuueh.exe
  2⤵
  PID:3624
- C:\Windows\System\QXMVhLu.exe
  C:\Windows\System\QXMVhLu.exe
  2⤵
  PID:3656
- C:\Windows\System\CPDzNkN.exe
  C:\Windows\System\CPDzNkN.exe
  2⤵
  PID:3672
- C:\Windows\System\boJpCNq.exe
  C:\Windows\System\boJpCNq.exe
  2⤵
  PID:3688
- C:\Windows\System\YzNOlif.exe
  C:\Windows\System\YzNOlif.exe
  2⤵
  PID:3704
- C:\Windows\System\jnQoLyy.exe
  C:\Windows\System\jnQoLyy.exe
  2⤵
  PID:3720
- C:\Windows\System\jjUIncb.exe
  C:\Windows\System\jjUIncb.exe
  2⤵
  PID:3756
- C:\Windows\System\uWjcalb.exe
  C:\Windows\System\uWjcalb.exe
  2⤵
  PID:3776
- C:\Windows\System\XerRSVr.exe
  C:\Windows\System\XerRSVr.exe
  2⤵
  PID:3792
- C:\Windows\System\urcZPUE.exe
  C:\Windows\System\urcZPUE.exe
  2⤵
  PID:3808
- C:\Windows\System\WjgCxdW.exe
  C:\Windows\System\WjgCxdW.exe
  2⤵
  PID:3824
- C:\Windows\System\ZksKozX.exe
  C:\Windows\System\ZksKozX.exe
  2⤵
  PID:3840
- C:\Windows\System\eCXwAEo.exe
  C:\Windows\System\eCXwAEo.exe
  2⤵
  PID:3856
- C:\Windows\System\jRSzSgm.exe
  C:\Windows\System\jRSzSgm.exe
  2⤵
  PID:3872
- C:\Windows\System\uSNxuTR.exe
  C:\Windows\System\uSNxuTR.exe
  2⤵
  PID:3888
- C:\Windows\System\wJperSk.exe
  C:\Windows\System\wJperSk.exe
  2⤵
  PID:3904
- C:\Windows\System\zjyuDmk.exe
  C:\Windows\System\zjyuDmk.exe
  2⤵
  PID:3920
- C:\Windows\System\LGENyNx.exe
  C:\Windows\System\LGENyNx.exe
  2⤵
  PID:3940
- C:\Windows\System\EtkuRpn.exe
  C:\Windows\System\EtkuRpn.exe
  2⤵
  PID:3956
- C:\Windows\System\nlWQfjp.exe
  C:\Windows\System\nlWQfjp.exe
  2⤵
  PID:3972
- C:\Windows\System\xVaioqs.exe
  C:\Windows\System\xVaioqs.exe
  2⤵
  PID:3988
- C:\Windows\System\AphuNIo.exe
  C:\Windows\System\AphuNIo.exe
  2⤵
  PID:4024
- C:\Windows\System\YxQvevB.exe
  C:\Windows\System\YxQvevB.exe
  2⤵
  PID:4064
- C:\Windows\System\vBzSbJq.exe
  C:\Windows\System\vBzSbJq.exe
  2⤵
  PID:4080
- C:\Windows\System\cWMyHPs.exe
  C:\Windows\System\cWMyHPs.exe
  2⤵
  PID:712
- C:\Windows\System\ZDnCRLG.exe
  C:\Windows\System\ZDnCRLG.exe
  2⤵
  PID:2856
- C:\Windows\System\AAbmPxX.exe
  C:\Windows\System\AAbmPxX.exe
  2⤵
  PID:2808
- C:\Windows\System\FisgxzS.exe
  C:\Windows\System\FisgxzS.exe
  2⤵
  PID:3192
- C:\Windows\System\PmQXCRu.exe
  C:\Windows\System\PmQXCRu.exe
  2⤵
  PID:3208
- C:\Windows\System\OydRYVo.exe
  C:\Windows\System\OydRYVo.exe
  2⤵
  PID:3140
- C:\Windows\System\wHSIAZd.exe
  C:\Windows\System\wHSIAZd.exe
  2⤵
  PID:3288
- C:\Windows\System\DStuVGo.exe
  C:\Windows\System\DStuVGo.exe
  2⤵
  PID:3352
- C:\Windows\System\TOPfAKc.exe
  C:\Windows\System\TOPfAKc.exe
  2⤵
  PID:3256
- C:\Windows\System\ysijcFz.exe
  C:\Windows\System\ysijcFz.exe
  2⤵
  PID:3300
- C:\Windows\System\PnrzwSH.exe
  C:\Windows\System\PnrzwSH.exe
  2⤵
  PID:3340
- C:\Windows\System\qXcypnN.exe
  C:\Windows\System\qXcypnN.exe
  2⤵
  PID:3468
- C:\Windows\System\nTKDcNM.exe
  C:\Windows\System\nTKDcNM.exe
  2⤵
  PID:3556
- C:\Windows\System\NhrqaXc.exe
  C:\Windows\System\NhrqaXc.exe
  2⤵
  PID:3520
- C:\Windows\System\YRFBiHq.exe
  C:\Windows\System\YRFBiHq.exe
  2⤵
  PID:3388
- C:\Windows\System\IUVDfey.exe
  C:\Windows\System\IUVDfey.exe
  2⤵
  PID:3452
- C:\Windows\System\AeXiuos.exe
  C:\Windows\System\AeXiuos.exe
  2⤵
  PID:1672
- C:\Windows\System\jVHHDLX.exe
  C:\Windows\System\jVHHDLX.exe
  2⤵
  PID:3572
- C:\Windows\System\iTndDgF.exe
  C:\Windows\System\iTndDgF.exe
  2⤵
  PID:3620
- C:\Windows\System\KYDsgVJ.exe
  C:\Windows\System\KYDsgVJ.exe
  2⤵
  PID:3652
- C:\Windows\System\BewVIDo.exe
  C:\Windows\System\BewVIDo.exe
  2⤵
  PID:3668
- C:\Windows\System\VjAUJWF.exe
  C:\Windows\System\VjAUJWF.exe
  2⤵
  PID:3748
- C:\Windows\System\OWPZvfq.exe
  C:\Windows\System\OWPZvfq.exe
  2⤵
  PID:3712
- C:\Windows\System\nEUzyii.exe
  C:\Windows\System\nEUzyii.exe
  2⤵
  PID:3764
- C:\Windows\System\xcdXxkd.exe
  C:\Windows\System\xcdXxkd.exe
  2⤵
  PID:3816
- C:\Windows\System\BFPZWGb.exe
  C:\Windows\System\BFPZWGb.exe
  2⤵
  PID:3912
- C:\Windows\System\FEtqsSC.exe
  C:\Windows\System\FEtqsSC.exe
  2⤵
  PID:3928
- C:\Windows\System\YRIZCyp.exe
  C:\Windows\System\YRIZCyp.exe
  2⤵
  PID:3868
- C:\Windows\System\fcKsWwe.exe
  C:\Windows\System\fcKsWwe.exe
  2⤵
  PID:3980
- C:\Windows\System\NLFBwQO.exe
  C:\Windows\System\NLFBwQO.exe
  2⤵
  PID:4000
- C:\Windows\System\weveelX.exe
  C:\Windows\System\weveelX.exe
  2⤵
  PID:4048
- C:\Windows\System\JXzuydu.exe
  C:\Windows\System\JXzuydu.exe
  2⤵
  PID:4092
- C:\Windows\System\oHhzHQO.exe
  C:\Windows\System\oHhzHQO.exe
  2⤵
  PID:3968
- C:\Windows\System\LepShdW.exe
  C:\Windows\System\LepShdW.exe
  2⤵
  PID:4016
- C:\Windows\System\koADWVT.exe
  C:\Windows\System\koADWVT.exe
  2⤵
  PID:2820
- C:\Windows\System\upyBORW.exe
  C:\Windows\System\upyBORW.exe
  2⤵
  PID:3156
- C:\Windows\System\vqTbBcy.exe
  C:\Windows\System\vqTbBcy.exe
  2⤵
  PID:3364
- C:\Windows\System\WdIhHcm.exe
  C:\Windows\System\WdIhHcm.exe
  2⤵
  PID:3320
- C:\Windows\System\oiqHXlq.exe
  C:\Windows\System\oiqHXlq.exe
  2⤵
  PID:3284
- C:\Windows\System\NZGPQWC.exe
  C:\Windows\System\NZGPQWC.exe
  2⤵
  PID:3264
- C:\Windows\System\iBwPYPo.exe
  C:\Windows\System\iBwPYPo.exe
  2⤵
  PID:1268
- C:\Windows\System\YsoZNHw.exe
  C:\Windows\System\YsoZNHw.exe
  2⤵
  PID:3420
- C:\Windows\System\lEXvIOw.exe
  C:\Windows\System\lEXvIOw.exe
  2⤵
  PID:3536
- C:\Windows\System\zpNZpAQ.exe
  C:\Windows\System\zpNZpAQ.exe
  2⤵
  PID:3540
- C:\Windows\System\ueHdkje.exe
  C:\Windows\System\ueHdkje.exe
  2⤵
  PID:1716
- C:\Windows\System\ongStPM.exe
  C:\Windows\System\ongStPM.exe
  2⤵
  PID:3616
- C:\Windows\System\ozVITVI.exe
  C:\Windows\System\ozVITVI.exe
  2⤵
  PID:3600
- C:\Windows\System\sWSFVDu.exe
  C:\Windows\System\sWSFVDu.exe
  2⤵
  PID:3596
- C:\Windows\System\zspCmHq.exe
  C:\Windows\System\zspCmHq.exe
  2⤵
  PID:3684
- C:\Windows\System\CdSHRxL.exe
  C:\Windows\System\CdSHRxL.exe
  2⤵
  PID:2588
- C:\Windows\System\YILWBOj.exe
  C:\Windows\System\YILWBOj.exe
  2⤵
  PID:3848
- C:\Windows\System\HyhdqsU.exe
  C:\Windows\System\HyhdqsU.exe
  2⤵
  PID:3884
- C:\Windows\System\JksMBNh.exe
  C:\Windows\System\JksMBNh.exe
  2⤵
  PID:2112
- C:\Windows\System\WCzKahl.exe
  C:\Windows\System\WCzKahl.exe
  2⤵
  PID:4044
- C:\Windows\System\NFeNCoG.exe
  C:\Windows\System\NFeNCoG.exe
  2⤵
  PID:2844
- C:\Windows\System\VYufyHx.exe
  C:\Windows\System\VYufyHx.exe
  2⤵
  PID:3932
- C:\Windows\System\TjthNmK.exe
  C:\Windows\System\TjthNmK.exe
  2⤵
  PID:4036
- C:\Windows\System\mSULMlN.exe
  C:\Windows\System\mSULMlN.exe
  2⤵
  PID:4060
- C:\Windows\System\AqcIDKh.exe
  C:\Windows\System\AqcIDKh.exe
  2⤵
  PID:4004
- C:\Windows\System\ChKOMxM.exe
  C:\Windows\System\ChKOMxM.exe
  2⤵
  PID:1060
- C:\Windows\System\aDrukTL.exe
  C:\Windows\System\aDrukTL.exe
  2⤵
  PID:684
- C:\Windows\System\VOsxZax.exe
  C:\Windows\System\VOsxZax.exe
  2⤵
  PID:2884
- C:\Windows\System\VJBaJlB.exe
  C:\Windows\System\VJBaJlB.exe
  2⤵
  PID:3180
- C:\Windows\System\jqQzDkl.exe
  C:\Windows\System\jqQzDkl.exe
  2⤵
  PID:2676
- C:\Windows\System\QaiJifL.exe
  C:\Windows\System\QaiJifL.exe
  2⤵
  PID:3244
- C:\Windows\System\vqQBHnK.exe
  C:\Windows\System\vqQBHnK.exe
  2⤵
  PID:3436
- C:\Windows\System\PYPAGOE.exe
  C:\Windows\System\PYPAGOE.exe
  2⤵
  PID:3440
- C:\Windows\System\sQqCnFK.exe
  C:\Windows\System\sQqCnFK.exe
  2⤵
  PID:4100
- C:\Windows\System\npWvCjC.exe
  C:\Windows\System\npWvCjC.exe
  2⤵
  PID:4116
- C:\Windows\System\jEBXZUY.exe
  C:\Windows\System\jEBXZUY.exe
  2⤵
  PID:4132
- C:\Windows\System\DOMAzzN.exe
  C:\Windows\System\DOMAzzN.exe
  2⤵
  PID:4152
- C:\Windows\System\MbbXmZf.exe
  C:\Windows\System\MbbXmZf.exe
  2⤵
  PID:4220
- C:\Windows\System\IQRnEQN.exe
  C:\Windows\System\IQRnEQN.exe
  2⤵
  PID:4272
- C:\Windows\System\CsLJVuz.exe
  C:\Windows\System\CsLJVuz.exe
  2⤵
  PID:4288
- C:\Windows\System\hLiYTPL.exe
  C:\Windows\System\hLiYTPL.exe
  2⤵
  PID:4324
- C:\Windows\System\uopNdvk.exe
  C:\Windows\System\uopNdvk.exe
  2⤵
  PID:4344
- C:\Windows\System\ssXCiBS.exe
  C:\Windows\System\ssXCiBS.exe
  2⤵
  PID:4360
- C:\Windows\System\guZIGZg.exe
  C:\Windows\System\guZIGZg.exe
  2⤵
  PID:4376
- C:\Windows\System\fvcWeDL.exe
  C:\Windows\System\fvcWeDL.exe
  2⤵
  PID:4404
- C:\Windows\System\VEYOGXl.exe
  C:\Windows\System\VEYOGXl.exe
  2⤵
  PID:4424
- C:\Windows\System\TDgNGGg.exe
  C:\Windows\System\TDgNGGg.exe
  2⤵
  PID:4440
- C:\Windows\System\hQcRMDe.exe
  C:\Windows\System\hQcRMDe.exe
  2⤵
  PID:4456
- C:\Windows\System\RAPMtzh.exe
  C:\Windows\System\RAPMtzh.exe
  2⤵
  PID:4476
- C:\Windows\System\zQuPyJd.exe
  C:\Windows\System\zQuPyJd.exe
  2⤵
  PID:4496
- C:\Windows\System\DRWHmeT.exe
  C:\Windows\System\DRWHmeT.exe
  2⤵
  PID:4520
- C:\Windows\System\LydQZvQ.exe
  C:\Windows\System\LydQZvQ.exe
  2⤵
  PID:4536
- C:\Windows\System\AgJILYQ.exe
  C:\Windows\System\AgJILYQ.exe
  2⤵
  PID:4552
- C:\Windows\System\dkPuLFC.exe
  C:\Windows\System\dkPuLFC.exe
  2⤵
  PID:4572
- C:\Windows\System\WdhOtbz.exe
  C:\Windows\System\WdhOtbz.exe
  2⤵
  PID:4596
- C:\Windows\System\hJUxljN.exe
  C:\Windows\System\hJUxljN.exe
  2⤵
  PID:4612
- C:\Windows\System\YbAtSGw.exe
  C:\Windows\System\YbAtSGw.exe
  2⤵
  PID:4652
- C:\Windows\System\wJAqYhu.exe
  C:\Windows\System\wJAqYhu.exe
  2⤵
  PID:4668
- C:\Windows\System\aHlhlDF.exe
  C:\Windows\System\aHlhlDF.exe
  2⤵
  PID:4684
- C:\Windows\System\QOerKRt.exe
  C:\Windows\System\QOerKRt.exe
  2⤵
  PID:4704
- C:\Windows\System\LUPyImK.exe
  C:\Windows\System\LUPyImK.exe
  2⤵
  PID:4724
- C:\Windows\System\NuENecr.exe
  C:\Windows\System\NuENecr.exe
  2⤵
  PID:4748
- C:\Windows\System\YvDgLdN.exe
  C:\Windows\System\YvDgLdN.exe
  2⤵
  PID:4764
- C:\Windows\System\zzIJWje.exe
  C:\Windows\System\zzIJWje.exe
  2⤵
  PID:4780
- C:\Windows\System\pxZdDEj.exe
  C:\Windows\System\pxZdDEj.exe
  2⤵
  PID:4804
- C:\Windows\System\nRWsvhd.exe
  C:\Windows\System\nRWsvhd.exe
  2⤵
  PID:4824
- C:\Windows\System\TNBCiPA.exe
  C:\Windows\System\TNBCiPA.exe
  2⤵
  PID:4844
- C:\Windows\System\mtMskPa.exe
  C:\Windows\System\mtMskPa.exe
  2⤵
  PID:4864
- C:\Windows\System\AxASzHQ.exe
  C:\Windows\System\AxASzHQ.exe
  2⤵
  PID:4880
- C:\Windows\System\ffhoPeE.exe
  C:\Windows\System\ffhoPeE.exe
  2⤵
  PID:4896
- C:\Windows\System\jkQnKXH.exe
  C:\Windows\System\jkQnKXH.exe
  2⤵
  PID:4924
- C:\Windows\System\BxClUdl.exe
  C:\Windows\System\BxClUdl.exe
  2⤵
  PID:4940
- C:\Windows\System\aopCffg.exe
  C:\Windows\System\aopCffg.exe
  2⤵
  PID:4960
- C:\Windows\System\gNTGOpR.exe
  C:\Windows\System\gNTGOpR.exe
  2⤵
  PID:4976
- C:\Windows\System\xhrVtzA.exe
  C:\Windows\System\xhrVtzA.exe
  2⤵
  PID:4992
- C:\Windows\System\sgrbGfY.exe
  C:\Windows\System\sgrbGfY.exe
  2⤵
  PID:5016
- C:\Windows\System\FejJywE.exe
  C:\Windows\System\FejJywE.exe
  2⤵
  PID:5032
- C:\Windows\System\vwjWDUJ.exe
  C:\Windows\System\vwjWDUJ.exe
  2⤵
  PID:5048
- C:\Windows\System\xoOKCpS.exe
  C:\Windows\System\xoOKCpS.exe
  2⤵
  PID:5080
- C:\Windows\System\iWaqoMC.exe
  C:\Windows\System\iWaqoMC.exe
  2⤵
  PID:5100
- C:\Windows\System\AaYforV.exe
  C:\Windows\System\AaYforV.exe
  2⤵
  PID:5116
- C:\Windows\System\OwPIvSl.exe
  C:\Windows\System\OwPIvSl.exe
  2⤵
  PID:3732
- C:\Windows\System\cvWQjwt.exe
  C:\Windows\System\cvWQjwt.exe
  2⤵
  PID:3900
- C:\Windows\System\zsPvaLp.exe
  C:\Windows\System\zsPvaLp.exe
  2⤵
  PID:4032
- C:\Windows\System\MHEOPRR.exe
  C:\Windows\System\MHEOPRR.exe
  2⤵
  PID:2656
- C:\Windows\System\UZPBdLz.exe
  C:\Windows\System\UZPBdLz.exe
  2⤵
  PID:3368
- C:\Windows\System\ymmgPOK.exe
  C:\Windows\System\ymmgPOK.exe
  2⤵
  PID:3740
- C:\Windows\System\tmZNELh.exe
  C:\Windows\System\tmZNELh.exe
  2⤵
  PID:840
- C:\Windows\System\NHfFJSE.exe
  C:\Windows\System\NHfFJSE.exe
  2⤵
  PID:3836
- C:\Windows\System\pBbJHGz.exe
  C:\Windows\System\pBbJHGz.exe
  2⤵
  PID:2620
- C:\Windows\System\CXxfZNm.exe
  C:\Windows\System\CXxfZNm.exe
  2⤵
  PID:3036
- C:\Windows\System\dhfStMi.exe
  C:\Windows\System\dhfStMi.exe
  2⤵
  PID:3832
- C:\Windows\System\WoDKTcY.exe
  C:\Windows\System\WoDKTcY.exe
  2⤵
  PID:4108
- C:\Windows\System\KAZDfWG.exe
  C:\Windows\System\KAZDfWG.exe
  2⤵
  PID:4192
- C:\Windows\System\vVgXtci.exe
  C:\Windows\System\vVgXtci.exe
  2⤵
  PID:4236
- C:\Windows\System\txdhDBt.exe
  C:\Windows\System\txdhDBt.exe
  2⤵
  PID:4216
- C:\Windows\System\xmfJljf.exe
  C:\Windows\System\xmfJljf.exe
  2⤵
  PID:4252
- C:\Windows\System\ryIFarF.exe
  C:\Windows\System\ryIFarF.exe
  2⤵
  PID:4264
- C:\Windows\System\DxtgwAy.exe
  C:\Windows\System\DxtgwAy.exe
  2⤵
  PID:4280
- C:\Windows\System\bLQkySB.exe
  C:\Windows\System\bLQkySB.exe
  2⤵
  PID:4300
- C:\Windows\System\zVDpoqU.exe
  C:\Windows\System\zVDpoqU.exe
  2⤵
  PID:4332
- C:\Windows\System\uFgGPnY.exe
  C:\Windows\System\uFgGPnY.exe
  2⤵
  PID:4384
- C:\Windows\System\ewiydfD.exe
  C:\Windows\System\ewiydfD.exe
  2⤵
  PID:4508
- C:\Windows\System\HZJINBG.exe
  C:\Windows\System\HZJINBG.exe
  2⤵
  PID:4448
- C:\Windows\System\GaERylP.exe
  C:\Windows\System\GaERylP.exe
  2⤵
  PID:4488
- C:\Windows\System\jNDUcla.exe
  C:\Windows\System\jNDUcla.exe
  2⤵
  PID:4584
- C:\Windows\System\wJFSeUM.exe
  C:\Windows\System\wJFSeUM.exe
  2⤵
  PID:4592
- C:\Windows\System\NAtomzO.exe
  C:\Windows\System\NAtomzO.exe
  2⤵
  PID:4648
- C:\Windows\System\iwJnvRK.exe
  C:\Windows\System\iwJnvRK.exe
  2⤵
  PID:4608
- C:\Windows\System\IMhUJEm.exe
  C:\Windows\System\IMhUJEm.exe
  2⤵
  PID:4680
- C:\Windows\System\FZhmHvE.exe
  C:\Windows\System\FZhmHvE.exe
  2⤵
  PID:4696
- C:\Windows\System\rrOcytc.exe
  C:\Windows\System\rrOcytc.exe
  2⤵
  PID:4700
- C:\Windows\System\iXGJypa.exe
  C:\Windows\System\iXGJypa.exe
  2⤵
  PID:4792
- C:\Windows\System\oDPzmCp.exe
  C:\Windows\System\oDPzmCp.exe
  2⤵
  PID:4840
- C:\Windows\System\qLkKNlw.exe
  C:\Windows\System\qLkKNlw.exe
  2⤵
  PID:4904
- C:\Windows\System\XENvpcE.exe
  C:\Windows\System\XENvpcE.exe
  2⤵
  PID:4916
- C:\Windows\System\LSzbaXR.exe
  C:\Windows\System\LSzbaXR.exe
  2⤵
  PID:4820
- C:\Windows\System\FaWsYfi.exe
  C:\Windows\System\FaWsYfi.exe
  2⤵
  PID:4892
- C:\Windows\System\KZsvlRl.exe
  C:\Windows\System\KZsvlRl.exe
  2⤵
  PID:4956
- C:\Windows\System\cwxyuVZ.exe
  C:\Windows\System\cwxyuVZ.exe
  2⤵
  PID:5024
- C:\Windows\System\drvnAmc.exe
  C:\Windows\System\drvnAmc.exe
  2⤵
  PID:5068
- C:\Windows\System\PBmroGi.exe
  C:\Windows\System\PBmroGi.exe
  2⤵
  PID:5092
- C:\Windows\System\QdmSBQj.exe
  C:\Windows\System\QdmSBQj.exe
  2⤵
  PID:1656
- C:\Windows\System\IlvssUB.exe
  C:\Windows\System\IlvssUB.exe
  2⤵
  PID:2604
- C:\Windows\System\ytUuUIN.exe
  C:\Windows\System\ytUuUIN.exe
  2⤵
  PID:4008
- C:\Windows\System\GDlyKew.exe
  C:\Windows\System\GDlyKew.exe
  2⤵
  PID:2140
- C:\Windows\System\aYMLWFV.exe
  C:\Windows\System\aYMLWFV.exe
  2⤵
  PID:4124
- C:\Windows\System\kAIhNbZ.exe
  C:\Windows\System\kAIhNbZ.exe
  2⤵
  PID:3356
- C:\Windows\System\bfWcgao.exe
  C:\Windows\System\bfWcgao.exe
  2⤵
  PID:3800
- C:\Windows\System\vwTfuzI.exe
  C:\Windows\System\vwTfuzI.exe
  2⤵
  PID:3144
- C:\Windows\System\XoJtZIh.exe
  C:\Windows\System\XoJtZIh.exe
  2⤵
  PID:3852
- C:\Windows\System\xnGqZpT.exe
  C:\Windows\System\xnGqZpT.exe
  2⤵
  PID:3488
- C:\Windows\System\YYgKBLY.exe
  C:\Windows\System\YYgKBLY.exe
  2⤵
  PID:3376
- C:\Windows\System\OSPKSjb.exe
  C:\Windows\System\OSPKSjb.exe
  2⤵
  PID:4196
- C:\Windows\System\zJzBYDY.exe
  C:\Windows\System\zJzBYDY.exe
  2⤵
  PID:1440
- C:\Windows\System\hVdCEVS.exe
  C:\Windows\System\hVdCEVS.exe
  2⤵
  PID:4296
- C:\Windows\System\lxLwiMJ.exe
  C:\Windows\System\lxLwiMJ.exe
  2⤵
  PID:4436
- C:\Windows\System\oKybaTd.exe
  C:\Windows\System\oKybaTd.exe
  2⤵
  PID:4468
- C:\Windows\System\TsDOogy.exe
  C:\Windows\System\TsDOogy.exe
  2⤵
  PID:4560
- C:\Windows\System\bDRWYDw.exe
  C:\Windows\System\bDRWYDw.exe
  2⤵
  PID:4420
- C:\Windows\System\WFyGCIj.exe
  C:\Windows\System\WFyGCIj.exe
  2⤵
  PID:4636
- C:\Windows\System\VkQVSlW.exe
  C:\Windows\System\VkQVSlW.exe
  2⤵
  PID:4644
- C:\Windows\System\qmeRPeH.exe
  C:\Windows\System\qmeRPeH.exe
  2⤵
  PID:4732
- C:\Windows\System\jreNWdP.exe
  C:\Windows\System\jreNWdP.exe
  2⤵
  PID:4908
- C:\Windows\System\SmRoHjl.exe
  C:\Windows\System\SmRoHjl.exe
  2⤵
  PID:5056
- C:\Windows\System\EqWgzeg.exe
  C:\Windows\System\EqWgzeg.exe
  2⤵
  PID:4832
- C:\Windows\System\DgtmANA.exe
  C:\Windows\System\DgtmANA.exe
  2⤵
  PID:4912
- C:\Windows\System\CgKrSsd.exe
  C:\Windows\System\CgKrSsd.exe
  2⤵
  PID:4984
- C:\Windows\System\XxvErBz.exe
  C:\Windows\System\XxvErBz.exe
  2⤵
  PID:5008
- C:\Windows\System\RrHLgwm.exe
  C:\Windows\System\RrHLgwm.exe
  2⤵
  PID:5000
- C:\Windows\System\jqHIKyP.exe
  C:\Windows\System\jqHIKyP.exe
  2⤵
  PID:3640
- C:\Windows\System\BNzkKaf.exe
  C:\Windows\System\BNzkKaf.exe
  2⤵
  PID:3964
- C:\Windows\System\RjRYPKQ.exe
  C:\Windows\System\RjRYPKQ.exe
  2⤵
  PID:4256
- C:\Windows\System\BgVokEQ.exe
  C:\Windows\System\BgVokEQ.exe
  2⤵
  PID:4340
- C:\Windows\System\bgwNFcQ.exe
  C:\Windows\System\bgwNFcQ.exe
  2⤵
  PID:4320
- C:\Windows\System\qKVqRKx.exe
  C:\Windows\System\qKVqRKx.exe
  2⤵
  PID:3680
- C:\Windows\System\fnCCOVe.exe
  C:\Windows\System\fnCCOVe.exe
  2⤵
  PID:4128
- C:\Windows\System\eEMybQs.exe
  C:\Windows\System\eEMybQs.exe
  2⤵
  PID:3648
- C:\Windows\System\khoHNAi.exe
  C:\Windows\System\khoHNAi.exe
  2⤵
  PID:4076
- C:\Windows\System\PQcmyQk.exe
  C:\Windows\System\PQcmyQk.exe
  2⤵
  PID:4432
- C:\Windows\System\QdtQdzz.exe
  C:\Windows\System\QdtQdzz.exe
  2⤵
  PID:4580
- C:\Windows\System\dvnooEj.exe
  C:\Windows\System\dvnooEj.exe
  2⤵
  PID:4412
- C:\Windows\System\rHBhwqU.exe
  C:\Windows\System\rHBhwqU.exe
  2⤵
  PID:4532
- C:\Windows\System\MHavTgb.exe
  C:\Windows\System\MHavTgb.exe
  2⤵
  PID:4788
- C:\Windows\System\HMzfjDi.exe
  C:\Windows\System\HMzfjDi.exe
  2⤵
  PID:5076
- C:\Windows\System\TVDYEhB.exe
  C:\Windows\System\TVDYEhB.exe
  2⤵
  PID:1488
- C:\Windows\System\WRmrpsK.exe
  C:\Windows\System\WRmrpsK.exe
  2⤵
  PID:5012
- C:\Windows\System\fdBXeJg.exe
  C:\Windows\System\fdBXeJg.exe
  2⤵
  PID:3804
- C:\Windows\System\wVJsRGp.exe
  C:\Windows\System\wVJsRGp.exe
  2⤵
  PID:2624
- C:\Windows\System\bhurBgc.exe
  C:\Windows\System\bhurBgc.exe
  2⤵
  PID:4368
- C:\Windows\System\NBVjkQt.exe
  C:\Windows\System\NBVjkQt.exe
  2⤵
  PID:4544
- C:\Windows\System\EchiKlx.exe
  C:\Windows\System\EchiKlx.exe
  2⤵
  PID:2768
- C:\Windows\System\tZOonUV.exe
  C:\Windows\System\tZOonUV.exe
  2⤵
  PID:4304
- C:\Windows\System\JbpEsFf.exe
  C:\Windows\System\JbpEsFf.exe
  2⤵
  PID:4720
- C:\Windows\System\wiQezIe.exe
  C:\Windows\System\wiQezIe.exe
  2⤵
  PID:4744
- C:\Windows\System\pyaMPBt.exe
  C:\Windows\System\pyaMPBt.exe
  2⤵
  PID:4812
- C:\Windows\System\icBkrPU.exe
  C:\Windows\System\icBkrPU.exe
  2⤵
  PID:4548
- C:\Windows\System\wjRntdJ.exe
  C:\Windows\System\wjRntdJ.exe
  2⤵
  PID:3592
- C:\Windows\System\BYUebbI.exe
  C:\Windows\System\BYUebbI.exe
  2⤵
  PID:4604
- C:\Windows\System\VvrEphd.exe
  C:\Windows\System\VvrEphd.exe
  2⤵
  PID:4396
- C:\Windows\System\uEGTrft.exe
  C:\Windows\System\uEGTrft.exe
  2⤵
  PID:4932
- C:\Windows\System\TtctlBY.exe
  C:\Windows\System\TtctlBY.exe
  2⤵
  PID:4200
- C:\Windows\System\MNavZrd.exe
  C:\Windows\System\MNavZrd.exe
  2⤵
  PID:4816
- C:\Windows\System\UjMoytR.exe
  C:\Windows\System\UjMoytR.exe
  2⤵
  PID:5004
- C:\Windows\System\vtZcOyh.exe
  C:\Windows\System\vtZcOyh.exe
  2⤵
  PID:4212
- C:\Windows\System\OkEpHhB.exe
  C:\Windows\System\OkEpHhB.exe
  2⤵
  PID:5132
- C:\Windows\System\zAXkAiB.exe
  C:\Windows\System\zAXkAiB.exe
  2⤵
  PID:5156
- C:\Windows\System\LLqvWoC.exe
  C:\Windows\System\LLqvWoC.exe
  2⤵
  PID:5176
- C:\Windows\System\tGyDjHu.exe
  C:\Windows\System\tGyDjHu.exe
  2⤵
  PID:5192
- C:\Windows\System\iyoiGwr.exe
  C:\Windows\System\iyoiGwr.exe
  2⤵
  PID:5208
- C:\Windows\System\mnlwSpy.exe
  C:\Windows\System\mnlwSpy.exe
  2⤵
  PID:5232
- C:\Windows\System\MVqmiZO.exe
  C:\Windows\System\MVqmiZO.exe
  2⤵
  PID:5248
- C:\Windows\System\IXqTCRi.exe
  C:\Windows\System\IXqTCRi.exe
  2⤵
  PID:5276
- C:\Windows\System\AMpuWqu.exe
  C:\Windows\System\AMpuWqu.exe
  2⤵
  PID:5292
- C:\Windows\System\fmWcKHG.exe
  C:\Windows\System\fmWcKHG.exe
  2⤵
  PID:5308
- C:\Windows\System\VSkHySa.exe
  C:\Windows\System\VSkHySa.exe
  2⤵
  PID:5324
- C:\Windows\System\IKlOuNs.exe
  C:\Windows\System\IKlOuNs.exe
  2⤵
  PID:5340
- C:\Windows\System\AagAReX.exe
  C:\Windows\System\AagAReX.exe
  2⤵
  PID:5364
- C:\Windows\System\czBCyaS.exe
  C:\Windows\System\czBCyaS.exe
  2⤵
  PID:5380
- C:\Windows\System\extsLOd.exe
  C:\Windows\System\extsLOd.exe
  2⤵
  PID:5396
- C:\Windows\System\qLLhGlT.exe
  C:\Windows\System\qLLhGlT.exe
  2⤵
  PID:5412
- C:\Windows\System\NFGxUbI.exe
  C:\Windows\System\NFGxUbI.exe
  2⤵
  PID:5428
- C:\Windows\System\aKpvJja.exe
  C:\Windows\System\aKpvJja.exe
  2⤵
  PID:5448
- C:\Windows\System\jEywaql.exe
  C:\Windows\System\jEywaql.exe
  2⤵
  PID:5496
- C:\Windows\System\HMGEVPJ.exe
  C:\Windows\System\HMGEVPJ.exe
  2⤵
  PID:5520
- C:\Windows\System\qJwitFk.exe
  C:\Windows\System\qJwitFk.exe
  2⤵
  PID:5536
- C:\Windows\System\UdFaDzN.exe
  C:\Windows\System\UdFaDzN.exe
  2⤵
  PID:5552
- C:\Windows\System\vMoNyjI.exe
  C:\Windows\System\vMoNyjI.exe
  2⤵
  PID:5576
- C:\Windows\System\KcNfbfd.exe
  C:\Windows\System\KcNfbfd.exe
  2⤵
  PID:5596
- C:\Windows\System\vjGtYHH.exe
  C:\Windows\System\vjGtYHH.exe
  2⤵
  PID:5616
- C:\Windows\System\KCtYTLm.exe
  C:\Windows\System\KCtYTLm.exe
  2⤵
  PID:5632
- C:\Windows\System\raxhvAf.exe
  C:\Windows\System\raxhvAf.exe
  2⤵
  PID:5648
- C:\Windows\System\GiTSBix.exe
  C:\Windows\System\GiTSBix.exe
  2⤵
  PID:5664
- C:\Windows\System\IDqrYXq.exe
  C:\Windows\System\IDqrYXq.exe
  2⤵
  PID:5684
- C:\Windows\System\WnykEup.exe
  C:\Windows\System\WnykEup.exe
  2⤵
  PID:5704
- C:\Windows\System\sDTASmc.exe
  C:\Windows\System\sDTASmc.exe
  2⤵
  PID:5720
- C:\Windows\System\jsHqNGa.exe
  C:\Windows\System\jsHqNGa.exe
  2⤵
  PID:5740
- C:\Windows\System\oDsozDB.exe
  C:\Windows\System\oDsozDB.exe
  2⤵
  PID:5756
- C:\Windows\System\YAQLHBR.exe
  C:\Windows\System\YAQLHBR.exe
  2⤵
  PID:5772
- C:\Windows\System\GUWkJHt.exe
  C:\Windows\System\GUWkJHt.exe
  2⤵
  PID:5796
- C:\Windows\System\wGDLbHf.exe
  C:\Windows\System\wGDLbHf.exe
  2⤵
  PID:5812
- C:\Windows\System\lOfTLtz.exe
  C:\Windows\System\lOfTLtz.exe
  2⤵
  PID:5828
- C:\Windows\System\biwKUHM.exe
  C:\Windows\System\biwKUHM.exe
  2⤵
  PID:5844
- C:\Windows\System\OXFneIB.exe
  C:\Windows\System\OXFneIB.exe
  2⤵
  PID:5860
- C:\Windows\System\yqjxYfj.exe
  C:\Windows\System\yqjxYfj.exe
  2⤵
  PID:5880
- C:\Windows\System\YocEQad.exe
  C:\Windows\System\YocEQad.exe
  2⤵
  PID:5896
- C:\Windows\System\DWLzmpC.exe
  C:\Windows\System\DWLzmpC.exe
  2⤵
  PID:5912
- C:\Windows\System\IFLCJFS.exe
  C:\Windows\System\IFLCJFS.exe
  2⤵
  PID:5932
- C:\Windows\System\LGJOhxX.exe
  C:\Windows\System\LGJOhxX.exe
  2⤵
  PID:5948
- C:\Windows\System\lyulhPw.exe
  C:\Windows\System\lyulhPw.exe
  2⤵
  PID:5964
- C:\Windows\System\xsGXhOP.exe
  C:\Windows\System\xsGXhOP.exe
  2⤵
  PID:5980
- C:\Windows\System\YJBzeXF.exe
  C:\Windows\System\YJBzeXF.exe
  2⤵
  PID:5996
- C:\Windows\System\gjxucas.exe
  C:\Windows\System\gjxucas.exe
  2⤵
  PID:6012
- C:\Windows\System\oknAkVE.exe
  C:\Windows\System\oknAkVE.exe
  2⤵
  PID:6028
- C:\Windows\System\mNNQwpV.exe
  C:\Windows\System\mNNQwpV.exe
  2⤵
  PID:6044
- C:\Windows\System\WqQbuSZ.exe
  C:\Windows\System\WqQbuSZ.exe
  2⤵
  PID:6060
- C:\Windows\System\oKBKNNr.exe
  C:\Windows\System\oKBKNNr.exe
  2⤵
  PID:6076
- C:\Windows\System\EXpvjuR.exe
  C:\Windows\System\EXpvjuR.exe
  2⤵
  PID:6092
- C:\Windows\System\ewvZsJN.exe
  C:\Windows\System\ewvZsJN.exe
  2⤵
  PID:6108
- C:\Windows\System\cwiQWeh.exe
  C:\Windows\System\cwiQWeh.exe
  2⤵
  PID:6124
- C:\Windows\System\PWSnJRf.exe
  C:\Windows\System\PWSnJRf.exe
  2⤵
  PID:6140
- C:\Windows\System\tKnwJdD.exe
  C:\Windows\System\tKnwJdD.exe
  2⤵
  PID:4796
- C:\Windows\System\ABlubyE.exe
  C:\Windows\System\ABlubyE.exe
  2⤵
  PID:4740
- C:\Windows\System\NjZbiRT.exe
  C:\Windows\System\NjZbiRT.exe
  2⤵
  PID:5152
- C:\Windows\System\xRjQulY.exe
  C:\Windows\System\xRjQulY.exe
  2⤵
  PID:5216
- C:\Windows\System\Lqowfze.exe
  C:\Windows\System\Lqowfze.exe
  2⤵
  PID:5256
- C:\Windows\System\skzaioB.exe
  C:\Windows\System\skzaioB.exe
  2⤵
  PID:5272
- C:\Windows\System\jiECHyQ.exe
  C:\Windows\System\jiECHyQ.exe
  2⤵
  PID:5200
- C:\Windows\System\wZeHBqf.exe
  C:\Windows\System\wZeHBqf.exe
  2⤵
  PID:4144
- C:\Windows\System\imQjLOg.exe
  C:\Windows\System\imQjLOg.exe
  2⤵
  PID:5128
- C:\Windows\System\WeeOhqm.exe
  C:\Windows\System\WeeOhqm.exe
  2⤵
  PID:5336
- C:\Windows\System\USRRQzg.exe
  C:\Windows\System\USRRQzg.exe
  2⤵
  PID:5408
- C:\Windows\System\UehQXxP.exe
  C:\Windows\System\UehQXxP.exe
  2⤵
  PID:5288
- C:\Windows\System\XKqoidK.exe
  C:\Windows\System\XKqoidK.exe
  2⤵
  PID:5356
- C:\Windows\System\AXwohos.exe
  C:\Windows\System\AXwohos.exe
  2⤵
  PID:5244
- C:\Windows\System\oRFDpNg.exe
  C:\Windows\System\oRFDpNg.exe
  2⤵
  PID:5360
- C:\Windows\System\TtOcUGm.exe
  C:\Windows\System\TtOcUGm.exe
  2⤵
  PID:5456
- C:\Windows\System\daoulDD.exe
  C:\Windows\System\daoulDD.exe
  2⤵
  PID:5476
- C:\Windows\System\TxsFVQx.exe
  C:\Windows\System\TxsFVQx.exe
  2⤵
  PID:5464
- C:\Windows\System\czdbXMG.exe
  C:\Windows\System\czdbXMG.exe
  2⤵
  PID:5516
- C:\Windows\System\ApLSEor.exe
  C:\Windows\System\ApLSEor.exe
  2⤵
  PID:5588
- C:\Windows\System\DplMUKo.exe
  C:\Windows\System\DplMUKo.exe
  2⤵
  PID:5628
- C:\Windows\System\snudVaN.exe
  C:\Windows\System\snudVaN.exe
  2⤵
  PID:5692
- C:\Windows\System\KYayctI.exe
  C:\Windows\System\KYayctI.exe
  2⤵
  PID:5736
- C:\Windows\System\OsPwVRu.exe
  C:\Windows\System\OsPwVRu.exe
  2⤵
  PID:5804
- C:\Windows\System\BVDDcle.exe
  C:\Windows\System\BVDDcle.exe
  2⤵
  PID:5572
- C:\Windows\System\lwUItvK.exe
  C:\Windows\System\lwUItvK.exe
  2⤵
  PID:5672
- C:\Windows\System\pqyUtZA.exe
  C:\Windows\System\pqyUtZA.exe
  2⤵
  PID:5716
- C:\Windows\System\NSnfWyr.exe
  C:\Windows\System\NSnfWyr.exe
  2⤵
  PID:5836
- C:\Windows\System\IAnSUGv.exe
  C:\Windows\System\IAnSUGv.exe
  2⤵
  PID:5784
- C:\Windows\System\xiLaYvR.exe
  C:\Windows\System\xiLaYvR.exe
  2⤵
  PID:5852
- C:\Windows\System\zYjmsTE.exe
  C:\Windows\System\zYjmsTE.exe
  2⤵
  PID:5568
- C:\Windows\System\lTAAqSf.exe
  C:\Windows\System\lTAAqSf.exe
  2⤵
  PID:5780
- C:\Windows\System\GXYSvrN.exe
  C:\Windows\System\GXYSvrN.exe
  2⤵
  PID:5908
- C:\Windows\System\NrvuczL.exe
  C:\Windows\System\NrvuczL.exe
  2⤵
  PID:5972
- C:\Windows\System\PxyyHIC.exe
  C:\Windows\System\PxyyHIC.exe
  2⤵
  PID:5988
- C:\Windows\System\dUQxJgt.exe
  C:\Windows\System\dUQxJgt.exe
  2⤵
  PID:6008
- C:\Windows\System\pZxurrM.exe
  C:\Windows\System\pZxurrM.exe
  2⤵
  PID:6036
- C:\Windows\System\DPlGuJV.exe
  C:\Windows\System\DPlGuJV.exe
  2⤵
  PID:1632
- C:\Windows\System\YWDFoZd.exe
  C:\Windows\System\YWDFoZd.exe
  2⤵
  PID:6072
- C:\Windows\System\XSzjkpE.exe
  C:\Windows\System\XSzjkpE.exe
  2⤵
  PID:6136
- C:\Windows\System\UhQpRIB.exe
  C:\Windows\System\UhQpRIB.exe
  2⤵
  PID:6116
- C:\Windows\System\dYVKygS.exe
  C:\Windows\System\dYVKygS.exe
  2⤵
  PID:5188
- C:\Windows\System\kQeJtUN.exe
  C:\Windows\System\kQeJtUN.exe
  2⤵
  PID:5264
- C:\Windows\System\iokVrbf.exe
  C:\Windows\System\iokVrbf.exe
  2⤵
  PID:3408
- C:\Windows\System\alNbTeH.exe
  C:\Windows\System\alNbTeH.exe
  2⤵
  PID:5440
- C:\Windows\System\kVbkMnv.exe
  C:\Windows\System\kVbkMnv.exe
  2⤵
  PID:5424
- C:\Windows\System\cFKYobG.exe
  C:\Windows\System\cFKYobG.exe
  2⤵
  PID:5168
- C:\Windows\System\ORzhgqN.exe
  C:\Windows\System\ORzhgqN.exe
  2⤵
  PID:5472
- C:\Windows\System\zBFdOpF.exe
  C:\Windows\System\zBFdOpF.exe
  2⤵
  PID:5468
- C:\Windows\System\zYmeLKP.exe
  C:\Windows\System\zYmeLKP.exe
  2⤵
  PID:5488
- C:\Windows\System\OxcqiuW.exe
  C:\Windows\System\OxcqiuW.exe
  2⤵
  PID:5376
- C:\Windows\System\jkXpgZj.exe
  C:\Windows\System\jkXpgZj.exe
  2⤵
  PID:5768
- C:\Windows\System\KpoEXMn.exe
  C:\Windows\System\KpoEXMn.exe
  2⤵
  PID:5752
- C:\Windows\System\xNJGOTA.exe
  C:\Windows\System\xNJGOTA.exe
  2⤵
  PID:5824
- C:\Windows\System\NorcQPC.exe
  C:\Windows\System\NorcQPC.exe
  2⤵
  PID:5532
- C:\Windows\System\XuRawKc.exe
  C:\Windows\System\XuRawKc.exe
  2⤵
  PID:5872
- C:\Windows\System\VgMAxUo.exe
  C:\Windows\System\VgMAxUo.exe
  2⤵
  PID:5888
- C:\Windows\System\bFKiHko.exe
  C:\Windows\System\bFKiHko.exe
  2⤵
  PID:5940
- C:\Windows\System\BNKzKfa.exe
  C:\Windows\System\BNKzKfa.exe
  2⤵
  PID:6020
- C:\Windows\System\IKdVBHg.exe
  C:\Windows\System\IKdVBHg.exe
  2⤵
  PID:6024
- C:\Windows\System\xYUMimJ.exe
  C:\Windows\System\xYUMimJ.exe
  2⤵
  PID:1008
- C:\Windows\System\tvJmVxB.exe
  C:\Windows\System\tvJmVxB.exe
  2⤵
  PID:6084
- C:\Windows\System\eKwRDkd.exe
  C:\Windows\System\eKwRDkd.exe
  2⤵
  PID:5220
- C:\Windows\System\PenUHTT.exe
  C:\Windows\System\PenUHTT.exe
  2⤵
  PID:5584
- C:\Windows\System\ecHSbfU.exe
  C:\Windows\System\ecHSbfU.exe
  2⤵
  PID:5332
- C:\Windows\System\fqvjZKH.exe
  C:\Windows\System\fqvjZKH.exe
  2⤵
  PID:2264
- C:\Windows\System\QFGquVb.exe
  C:\Windows\System\QFGquVb.exe
  2⤵
  PID:5612
- C:\Windows\System\oKVVPEy.exe
  C:\Windows\System\oKVVPEy.exe
  2⤵
  PID:5728
- C:\Windows\System\yxMWskm.exe
  C:\Windows\System\yxMWskm.exe
  2⤵
  PID:5644
- C:\Windows\System\GYcXytj.exe
  C:\Windows\System\GYcXytj.exe
  2⤵
  PID:5960
- C:\Windows\System\vwVoGBS.exe
  C:\Windows\System\vwVoGBS.exe
  2⤵
  PID:4936
- C:\Windows\System\jPyNbpe.exe
  C:\Windows\System\jPyNbpe.exe
  2⤵
  PID:5268
- C:\Windows\System\WUVmFop.exe
  C:\Windows\System\WUVmFop.exe
  2⤵
  PID:4164
- C:\Windows\System\ZHOqQfm.exe
  C:\Windows\System\ZHOqQfm.exe
  2⤵
  PID:5172
- C:\Windows\System\nCmlCug.exe
  C:\Windows\System\nCmlCug.exe
  2⤵
  PID:5820
- C:\Windows\System\ozRyqQX.exe
  C:\Windows\System\ozRyqQX.exe
  2⤵
  PID:5204
- C:\Windows\System\PQEiKWP.exe
  C:\Windows\System\PQEiKWP.exe
  2⤵
  PID:5592
- C:\Windows\System\wJCvhfn.exe
  C:\Windows\System\wJCvhfn.exe
  2⤵
  PID:5560
- C:\Windows\System\xBUlvyY.exe
  C:\Windows\System\xBUlvyY.exe
  2⤵
  PID:916
- C:\Windows\System\UJYPdgy.exe
  C:\Windows\System\UJYPdgy.exe
  2⤵
  PID:5976
- C:\Windows\System\GVELuBr.exe
  C:\Windows\System\GVELuBr.exe
  2⤵
  PID:5348
- C:\Windows\System\zGPKfCI.exe
  C:\Windows\System\zGPKfCI.exe
  2⤵
  PID:5144
- C:\Windows\System\xeUZNhD.exe
  C:\Windows\System\xeUZNhD.exe
  2⤵
  PID:5404
- C:\Windows\System\IiKcNdZ.exe
  C:\Windows\System\IiKcNdZ.exe
  2⤵
  PID:6164
- C:\Windows\System\phcXsNS.exe
  C:\Windows\System\phcXsNS.exe
  2⤵
  PID:6180
- C:\Windows\System\pcWvcwd.exe
  C:\Windows\System\pcWvcwd.exe
  2⤵
  PID:6200
- C:\Windows\System\HHkdnNW.exe
  C:\Windows\System\HHkdnNW.exe
  2⤵
  PID:6216
- C:\Windows\System\vZqRAdD.exe
  C:\Windows\System\vZqRAdD.exe
  2⤵
  PID:6236
- C:\Windows\System\qopjiNf.exe
  C:\Windows\System\qopjiNf.exe
  2⤵
  PID:6252
- C:\Windows\System\oVczSxs.exe
  C:\Windows\System\oVczSxs.exe
  2⤵
  PID:6272
- C:\Windows\System\KSmPrIk.exe
  C:\Windows\System\KSmPrIk.exe
  2⤵
  PID:6288
- C:\Windows\System\yEeaVIb.exe
  C:\Windows\System\yEeaVIb.exe
  2⤵
  PID:6304
- C:\Windows\System\AIOpkhn.exe
  C:\Windows\System\AIOpkhn.exe
  2⤵
  PID:6320
- C:\Windows\System\fkwdljJ.exe
  C:\Windows\System\fkwdljJ.exe
  2⤵
  PID:6336
- C:\Windows\System\YwPTQhL.exe
  C:\Windows\System\YwPTQhL.exe
  2⤵
  PID:6352
- C:\Windows\System\dseZqSy.exe
  C:\Windows\System\dseZqSy.exe
  2⤵
  PID:6368
- C:\Windows\System\FgOctoe.exe
  C:\Windows\System\FgOctoe.exe
  2⤵
  PID:6384
- C:\Windows\System\YAdtTML.exe
  C:\Windows\System\YAdtTML.exe
  2⤵
  PID:6400
- C:\Windows\System\gmrqgMO.exe
  C:\Windows\System\gmrqgMO.exe
  2⤵
  PID:6416
- C:\Windows\System\sImITBZ.exe
  C:\Windows\System\sImITBZ.exe
  2⤵
  PID:6432
- C:\Windows\System\FgqnaqK.exe
  C:\Windows\System\FgqnaqK.exe
  2⤵
  PID:6448
- C:\Windows\System\ODviVnt.exe
  C:\Windows\System\ODviVnt.exe
  2⤵
  PID:6464
- C:\Windows\System\sgVupxc.exe
  C:\Windows\System\sgVupxc.exe
  2⤵
  PID:6480
- C:\Windows\System\pXPiGcw.exe
  C:\Windows\System\pXPiGcw.exe
  2⤵
  PID:6508
- C:\Windows\System\AHeKczA.exe
  C:\Windows\System\AHeKczA.exe
  2⤵
  PID:6524
- C:\Windows\System\OrLdAwR.exe
  C:\Windows\System\OrLdAwR.exe
  2⤵
  PID:6540
- C:\Windows\System\QJRdlIf.exe
  C:\Windows\System\QJRdlIf.exe
  2⤵
  PID:6560
- C:\Windows\System\PSHToti.exe
  C:\Windows\System\PSHToti.exe
  2⤵
  PID:6584
- C:\Windows\System\sSOpPrB.exe
  C:\Windows\System\sSOpPrB.exe
  2⤵
  PID:6600
- C:\Windows\System\zSNcIaW.exe
  C:\Windows\System\zSNcIaW.exe
  2⤵
  PID:6616
- C:\Windows\System\TPEHJaK.exe
  C:\Windows\System\TPEHJaK.exe
  2⤵
  PID:6632
- C:\Windows\System\YVDIsOR.exe
  C:\Windows\System\YVDIsOR.exe
  2⤵
  PID:6648
- C:\Windows\System\ypsSCTB.exe
  C:\Windows\System\ypsSCTB.exe
  2⤵
  PID:6664
- C:\Windows\System\bFRpNVn.exe
  C:\Windows\System\bFRpNVn.exe
  2⤵
  PID:6680
- C:\Windows\System\eSHGAbr.exe
  C:\Windows\System\eSHGAbr.exe
  2⤵
  PID:6696
- C:\Windows\System\wOzYObf.exe
  C:\Windows\System\wOzYObf.exe
  2⤵
  PID:6712
- C:\Windows\System\hyhywZE.exe
  C:\Windows\System\hyhywZE.exe
  2⤵
  PID:6732
- C:\Windows\System\YTSXOPD.exe
  C:\Windows\System\YTSXOPD.exe
  2⤵
  PID:6748
- C:\Windows\System\hbWREkJ.exe
  C:\Windows\System\hbWREkJ.exe
  2⤵
  PID:6764
- C:\Windows\System\XaPJnyt.exe
  C:\Windows\System\XaPJnyt.exe
  2⤵
  PID:6780
- C:\Windows\System\RrzOMsr.exe
  C:\Windows\System\RrzOMsr.exe
  2⤵
  PID:6796
- C:\Windows\System\AwVBzVC.exe
  C:\Windows\System\AwVBzVC.exe
  2⤵
  PID:6812
- C:\Windows\System\DqbZbfM.exe
  C:\Windows\System\DqbZbfM.exe
  2⤵
  PID:6844
- C:\Windows\System\beulLrg.exe
  C:\Windows\System\beulLrg.exe
  2⤵
  PID:6860
- C:\Windows\System\pjlQxVt.exe
  C:\Windows\System\pjlQxVt.exe
  2⤵
  PID:6880
- C:\Windows\System\zsOudpa.exe
  C:\Windows\System\zsOudpa.exe
  2⤵
  PID:6896
- C:\Windows\System\hoWzOxL.exe
  C:\Windows\System\hoWzOxL.exe
  2⤵
  PID:6916
- C:\Windows\System\gweXdsA.exe
  C:\Windows\System\gweXdsA.exe
  2⤵
  PID:6932
- C:\Windows\System\DKhQUDB.exe
  C:\Windows\System\DKhQUDB.exe
  2⤵
  PID:6948
- C:\Windows\System\nXyVJgE.exe
  C:\Windows\System\nXyVJgE.exe
  2⤵
  PID:6964
- C:\Windows\System\UZXrTxg.exe
  C:\Windows\System\UZXrTxg.exe
  2⤵
  PID:6980
- C:\Windows\System\IyMLWFn.exe
  C:\Windows\System\IyMLWFn.exe
  2⤵
  PID:6996
- C:\Windows\System\aNzTmpH.exe
  C:\Windows\System\aNzTmpH.exe
  2⤵
  PID:7012
- C:\Windows\System\ztXzjdq.exe
  C:\Windows\System\ztXzjdq.exe
  2⤵
  PID:7028
- C:\Windows\System\PqnYAeT.exe
  C:\Windows\System\PqnYAeT.exe
  2⤵
  PID:7044
- C:\Windows\System\UCCOiUr.exe
  C:\Windows\System\UCCOiUr.exe
  2⤵
  PID:7060
- C:\Windows\System\WSDqyvG.exe
  C:\Windows\System\WSDqyvG.exe
  2⤵
  PID:7076
- C:\Windows\System\kcPdxnF.exe
  C:\Windows\System\kcPdxnF.exe
  2⤵
  PID:7092
- C:\Windows\System\EQfgtoc.exe
  C:\Windows\System\EQfgtoc.exe
  2⤵
  PID:7108
- C:\Windows\System\faKhewS.exe
  C:\Windows\System\faKhewS.exe
  2⤵
  PID:7124
- C:\Windows\System\NwQVySl.exe
  C:\Windows\System\NwQVySl.exe
  2⤵
  PID:7140
- C:\Windows\System\WhYtxWc.exe
  C:\Windows\System\WhYtxWc.exe
  2⤵
  PID:7156
- C:\Windows\System\dVdEyxH.exe
  C:\Windows\System\dVdEyxH.exe
  2⤵
  PID:5764
- C:\Windows\System\XyJxTQA.exe
  C:\Windows\System\XyJxTQA.exe
  2⤵
  PID:6188
- C:\Windows\System\HnWVtJz.exe
  C:\Windows\System\HnWVtJz.exe
  2⤵
  PID:6196
- C:\Windows\System\oEYjHtJ.exe
  C:\Windows\System\oEYjHtJ.exe
  2⤵
  PID:6260
- C:\Windows\System\AKbRTNN.exe
  C:\Windows\System\AKbRTNN.exe
  2⤵
  PID:6212
- C:\Windows\System\FkWiHLm.exe
  C:\Windows\System\FkWiHLm.exe
  2⤵
  PID:6300
- C:\Windows\System\xmrUYAV.exe
  C:\Windows\System\xmrUYAV.exe
  2⤵
  PID:6392
- C:\Windows\System\hzlbyba.exe
  C:\Windows\System\hzlbyba.exe
  2⤵
  PID:6428
- C:\Windows\System\EabwAEH.exe
  C:\Windows\System\EabwAEH.exe
  2⤵
  PID:6440
- C:\Windows\System\DlEGcJN.exe
  C:\Windows\System\DlEGcJN.exe
  2⤵
  PID:6408
- C:\Windows\System\bPQOOeg.exe
  C:\Windows\System\bPQOOeg.exe
  2⤵
  PID:6348
- C:\Windows\System\rKdmuVq.exe
  C:\Windows\System\rKdmuVq.exe
  2⤵
  PID:6284
- C:\Windows\System\QgQhVCh.exe
  C:\Windows\System\QgQhVCh.exe
  2⤵
  PID:6500
- C:\Windows\System\YedyeGD.exe
  C:\Windows\System\YedyeGD.exe
  2⤵
  PID:6572
- C:\Windows\System\vOfWfxE.exe
  C:\Windows\System\vOfWfxE.exe
  2⤵
  PID:6612
- C:\Windows\System\AQNOiLD.exe
  C:\Windows\System\AQNOiLD.exe
  2⤵
  PID:6676
- C:\Windows\System\xLZJqcl.exe
  C:\Windows\System\xLZJqcl.exe
  2⤵
  PID:6624
- C:\Windows\System\YCnjGlq.exe
  C:\Windows\System\YCnjGlq.exe
  2⤵
  PID:6520
- C:\Windows\System\IMmnhmu.exe
  C:\Windows\System\IMmnhmu.exe
  2⤵
  PID:6592
- C:\Windows\System\gwxRMbj.exe
  C:\Windows\System\gwxRMbj.exe
  2⤵
  PID:5920
- C:\Windows\System\gVakAfP.exe
  C:\Windows\System\gVakAfP.exe
  2⤵
  PID:6724
- C:\Windows\System\rlSofjQ.exe
  C:\Windows\System\rlSofjQ.exe
  2⤵
  PID:6756
- C:\Windows\System\uRrHKUi.exe
  C:\Windows\System\uRrHKUi.exe
  2⤵
  PID:6804
- C:\Windows\System\kagGsyj.exe
  C:\Windows\System\kagGsyj.exe
  2⤵
  PID:4316
- C:\Windows\System\YpLTvOn.exe
  C:\Windows\System\YpLTvOn.exe
  2⤵
  PID:6888
- C:\Windows\System\lUuoVbp.exe
  C:\Windows\System\lUuoVbp.exe
  2⤵
  PID:2168
- C:\Windows\System\kVAIeYa.exe
  C:\Windows\System\kVAIeYa.exe
  2⤵
  PID:6904
- C:\Windows\System\nyrtdWo.exe
  C:\Windows\System\nyrtdWo.exe
  2⤵
  PID:6912
- C:\Windows\System\msQnCAn.exe
  C:\Windows\System\msQnCAn.exe
  2⤵
  PID:6976
- C:\Windows\System\prHmoBV.exe
  C:\Windows\System\prHmoBV.exe
  2⤵
  PID:7056
- C:\Windows\System\JQaWfvH.exe
  C:\Windows\System\JQaWfvH.exe
  2⤵
  PID:6232
- C:\Windows\System\JFLTQQj.exe
  C:\Windows\System\JFLTQQj.exe
  2⤵
  PID:6152
- C:\Windows\System\tkYGzAI.exe
  C:\Windows\System\tkYGzAI.exe
  2⤵
  PID:6376
- C:\Windows\System\hjuikcF.exe
  C:\Windows\System\hjuikcF.exe
  2⤵
  PID:6660
- C:\Windows\System\pFYUkeI.exe
  C:\Windows\System\pFYUkeI.exe
  2⤵
  PID:6656
- C:\Windows\System\sKyduim.exe
  C:\Windows\System\sKyduim.exe
  2⤵
  PID:2320
- C:\Windows\System\EpNXKzC.exe
  C:\Windows\System\EpNXKzC.exe
  2⤵
  PID:6556
- C:\Windows\System\wvPMWqG.exe
  C:\Windows\System\wvPMWqG.exe
  2⤵
  PID:6852
- C:\Windows\System\mJyHKpG.exe
  C:\Windows\System\mJyHKpG.exe
  2⤵
  PID:6516
- C:\Windows\System\pHTvfPn.exe
  C:\Windows\System\pHTvfPn.exe
  2⤵
  PID:6872
- C:\Windows\System\uhGLifj.exe
  C:\Windows\System\uhGLifj.exe
  2⤵
  PID:6924
- C:\Windows\System\WpZDjmP.exe
  C:\Windows\System\WpZDjmP.exe
  2⤵
  PID:6944
- C:\Windows\System\apjgVGZ.exe
  C:\Windows\System\apjgVGZ.exe
  2⤵
  PID:7024
- C:\Windows\System\VHtIGXf.exe
  C:\Windows\System\VHtIGXf.exe
  2⤵
  PID:7104
- C:\Windows\System\ysXenzA.exe
  C:\Windows\System\ysXenzA.exe
  2⤵
  PID:7120
- C:\Windows\System\bNsVHZs.exe
  C:\Windows\System\bNsVHZs.exe
  2⤵
  PID:6160
- C:\Windows\System\GUaLZMf.exe
  C:\Windows\System\GUaLZMf.exe
  2⤵
  PID:6424
- C:\Windows\System\bvOwqws.exe
  C:\Windows\System\bvOwqws.exe
  2⤵
  PID:6460
- C:\Windows\System\fBKNXbB.exe
  C:\Windows\System\fBKNXbB.exe
  2⤵
  PID:7164
- C:\Windows\System\kjlZysX.exe
  C:\Windows\System\kjlZysX.exe
  2⤵
  PID:6192
- C:\Windows\System\VwLDLIM.exe
  C:\Windows\System\VwLDLIM.exe
  2⤵
  PID:6644
- C:\Windows\System\KbKHvwB.exe
  C:\Windows\System\KbKHvwB.exe
  2⤵
  PID:6672
- C:\Windows\System\TyCeQgB.exe
  C:\Windows\System\TyCeQgB.exe
  2⤵
  PID:6792
- C:\Windows\System\Xbodvkb.exe
  C:\Windows\System\Xbodvkb.exe
  2⤵
  PID:6840
- C:\Windows\System\pDJqnJx.exe
  C:\Windows\System\pDJqnJx.exe
  2⤵
  PID:6608
- C:\Windows\System\ppOuIxu.exe
  C:\Windows\System\ppOuIxu.exe
  2⤵
  PID:6992
- C:\Windows\System\rrCsItY.exe
  C:\Windows\System\rrCsItY.exe
  2⤵
  PID:7072
- C:\Windows\System\kGEFESQ.exe
  C:\Windows\System\kGEFESQ.exe
  2⤵
  PID:7148
- C:\Windows\System\OUuaxYe.exe
  C:\Windows\System\OUuaxYe.exe
  2⤵
  PID:6296
- C:\Windows\System\jZNykXT.exe
  C:\Windows\System\jZNykXT.exe
  2⤵
  PID:6332
- C:\Windows\System\HcTqrOG.exe
  C:\Windows\System\HcTqrOG.exe
  2⤵
  PID:6568
- C:\Windows\System\zqdUlik.exe
  C:\Windows\System\zqdUlik.exe
  2⤵
  PID:6876
- C:\Windows\System\BNcMrGI.exe
  C:\Windows\System\BNcMrGI.exe
  2⤵
  PID:6820
- C:\Windows\System\XGpZZIh.exe
  C:\Windows\System\XGpZZIh.exe
  2⤵
  PID:7088
- C:\Windows\System\OgrbwVa.exe
  C:\Windows\System\OgrbwVa.exe
  2⤵
  PID:7008
- C:\Windows\System\QsaKVVj.exe
  C:\Windows\System\QsaKVVj.exe
  2⤵
  PID:6728
- C:\Windows\System\gsgDXzB.exe
  C:\Windows\System\gsgDXzB.exe
  2⤵
  PID:6940
- C:\Windows\System\kNxiEWa.exe
  C:\Windows\System\kNxiEWa.exe
  2⤵
  PID:6316
- C:\Windows\System\KcRUoNc.exe
  C:\Windows\System\KcRUoNc.exe
  2⤵
  PID:6156
- C:\Windows\System\pxbcUHa.exe
  C:\Windows\System\pxbcUHa.exe
  2⤵
  PID:7184
- C:\Windows\System\vNpIXKC.exe
  C:\Windows\System\vNpIXKC.exe
  2⤵
  PID:7200
- C:\Windows\System\vAkvxlN.exe
  C:\Windows\System\vAkvxlN.exe
  2⤵
  PID:7216
- C:\Windows\System\JgMAHHX.exe
  C:\Windows\System\JgMAHHX.exe
  2⤵
  PID:7236
- C:\Windows\System\dGJAIkn.exe
  C:\Windows\System\dGJAIkn.exe
  2⤵
  PID:7252
- C:\Windows\System\QRMTscP.exe
  C:\Windows\System\QRMTscP.exe
  2⤵
  PID:7268
- C:\Windows\System\mLgJwmj.exe
  C:\Windows\System\mLgJwmj.exe
  2⤵
  PID:7288
- C:\Windows\System\JHGZwAn.exe
  C:\Windows\System\JHGZwAn.exe
  2⤵
  PID:7324
- C:\Windows\System\SDemyna.exe
  C:\Windows\System\SDemyna.exe
  2⤵
  PID:7348
- C:\Windows\System\HCrGqgS.exe
  C:\Windows\System\HCrGqgS.exe
  2⤵
  PID:7368
- C:\Windows\System\nSEGHuu.exe
  C:\Windows\System\nSEGHuu.exe
  2⤵
  PID:7384
- C:\Windows\System\haTPGBO.exe
  C:\Windows\System\haTPGBO.exe
  2⤵
  PID:7400
- C:\Windows\System\piwtiXz.exe
  C:\Windows\System\piwtiXz.exe
  2⤵
  PID:7416
- C:\Windows\System\IXzOCml.exe
  C:\Windows\System\IXzOCml.exe
  2⤵
  PID:7432
- C:\Windows\System\rYVpLcp.exe
  C:\Windows\System\rYVpLcp.exe
  2⤵
  PID:7448
- C:\Windows\System\KZFdlrC.exe
  C:\Windows\System\KZFdlrC.exe
  2⤵
  PID:7472
- C:\Windows\System\flqlZWe.exe
  C:\Windows\System\flqlZWe.exe
  2⤵
  PID:7496
- C:\Windows\System\SAuWWvW.exe
  C:\Windows\System\SAuWWvW.exe
  2⤵
  PID:7512
- C:\Windows\System\vGIMLEZ.exe
  C:\Windows\System\vGIMLEZ.exe
  2⤵
  PID:7528
- C:\Windows\System\sLrNAJh.exe
  C:\Windows\System\sLrNAJh.exe
  2⤵
  PID:7544
- C:\Windows\System\wckdcpn.exe
  C:\Windows\System\wckdcpn.exe
  2⤵
  PID:7560
- C:\Windows\System\MuILuCs.exe
  C:\Windows\System\MuILuCs.exe
  2⤵
  PID:7576
- C:\Windows\System\cVrCXeN.exe
  C:\Windows\System\cVrCXeN.exe
  2⤵
  PID:7592
- C:\Windows\System\mJZkigr.exe
  C:\Windows\System\mJZkigr.exe
  2⤵
  PID:7612
- C:\Windows\System\jJkCOCu.exe
  C:\Windows\System\jJkCOCu.exe
  2⤵
  PID:7628
- C:\Windows\System\JMFKMvr.exe
  C:\Windows\System\JMFKMvr.exe
  2⤵
  PID:7644
- C:\Windows\System\opjoUWZ.exe
  C:\Windows\System\opjoUWZ.exe
  2⤵
  PID:7660
- C:\Windows\System\AxkVcny.exe
  C:\Windows\System\AxkVcny.exe
  2⤵
  PID:7676
- C:\Windows\System\rKESsLm.exe
  C:\Windows\System\rKESsLm.exe
  2⤵
  PID:7692
- C:\Windows\System\FFxiNay.exe
  C:\Windows\System\FFxiNay.exe
  2⤵
  PID:7708
- C:\Windows\System\QrYGFsI.exe
  C:\Windows\System\QrYGFsI.exe
  2⤵
  PID:7724
- C:\Windows\System\ZKfQLPG.exe
  C:\Windows\System\ZKfQLPG.exe
  2⤵
  PID:7740
- C:\Windows\System\xcFBbzH.exe
  C:\Windows\System\xcFBbzH.exe
  2⤵
  PID:7756
- C:\Windows\System\FZVaoKB.exe
  C:\Windows\System\FZVaoKB.exe
  2⤵
  PID:7772
- C:\Windows\System\ApnSoLM.exe
  C:\Windows\System\ApnSoLM.exe
  2⤵
  PID:7788
- C:\Windows\System\UfnJCoB.exe
  C:\Windows\System\UfnJCoB.exe
  2⤵
  PID:7804
- C:\Windows\System\XNWDbBq.exe
  C:\Windows\System\XNWDbBq.exe
  2⤵
  PID:7820
- C:\Windows\System\oLszAJe.exe
  C:\Windows\System\oLszAJe.exe
  2⤵
  PID:7836
- C:\Windows\System\uiiMjTY.exe
  C:\Windows\System\uiiMjTY.exe
  2⤵
  PID:7852
- C:\Windows\System\owuKIrs.exe
  C:\Windows\System\owuKIrs.exe
  2⤵
  PID:7868
- C:\Windows\System\LEHVaQq.exe
  C:\Windows\System\LEHVaQq.exe
  2⤵
  PID:7884
- C:\Windows\System\eTisIrm.exe
  C:\Windows\System\eTisIrm.exe
  2⤵
  PID:7900
- C:\Windows\System\VQVOsrH.exe
  C:\Windows\System\VQVOsrH.exe
  2⤵
  PID:7916
- C:\Windows\System\KmDnKem.exe
  C:\Windows\System\KmDnKem.exe
  2⤵
  PID:7932
- C:\Windows\System\ucbGxhb.exe
  C:\Windows\System\ucbGxhb.exe
  2⤵
  PID:7948
- C:\Windows\System\CJifcPL.exe
  C:\Windows\System\CJifcPL.exe
  2⤵
  PID:7964
- C:\Windows\System\ajLRDqa.exe
  C:\Windows\System\ajLRDqa.exe
  2⤵
  PID:7980
- C:\Windows\System\wpQpNPU.exe
  C:\Windows\System\wpQpNPU.exe
  2⤵
  PID:7996
- C:\Windows\System\ruxoyAb.exe
  C:\Windows\System\ruxoyAb.exe
  2⤵
  PID:8012
- C:\Windows\System\ZCSYFBB.exe
  C:\Windows\System\ZCSYFBB.exe
  2⤵
  PID:8028
- C:\Windows\System\uKMflZA.exe
  C:\Windows\System\uKMflZA.exe
  2⤵
  PID:8044
- C:\Windows\System\fEKABJL.exe
  C:\Windows\System\fEKABJL.exe
  2⤵
  PID:8060
- C:\Windows\System\hppnbYq.exe
  C:\Windows\System\hppnbYq.exe
  2⤵
  PID:8076
- C:\Windows\System\etiTyvp.exe
  C:\Windows\System\etiTyvp.exe
  2⤵
  PID:8092
- C:\Windows\System\maczxWc.exe
  C:\Windows\System\maczxWc.exe
  2⤵
  PID:8108
- C:\Windows\System\USOmuXV.exe
  C:\Windows\System\USOmuXV.exe
  2⤵
  PID:8124
- C:\Windows\System\nlkouqJ.exe
  C:\Windows\System\nlkouqJ.exe
  2⤵
  PID:8152
- C:\Windows\System\XYrFnGQ.exe
  C:\Windows\System\XYrFnGQ.exe
  2⤵
  PID:8168
- C:\Windows\System\ptRIhyU.exe
  C:\Windows\System\ptRIhyU.exe
  2⤵
  PID:8184
- C:\Windows\System\fLfTQzL.exe
  C:\Windows\System\fLfTQzL.exe
  2⤵
  PID:7176
- C:\Windows\System\MEuWHRv.exe
  C:\Windows\System\MEuWHRv.exe
  2⤵
  PID:7100
- C:\Windows\System\yWkVOOL.exe
  C:\Windows\System\yWkVOOL.exe
  2⤵
  PID:7228
- C:\Windows\System\lGMFwFi.exe
  C:\Windows\System\lGMFwFi.exe
  2⤵
  PID:7248
- C:\Windows\System\VPHuaxU.exe
  C:\Windows\System\VPHuaxU.exe
  2⤵
  PID:7332
- C:\Windows\System\WuGcfld.exe
  C:\Windows\System\WuGcfld.exe
  2⤵
  PID:7364
- C:\Windows\System\LOeabwv.exe
  C:\Windows\System\LOeabwv.exe
  2⤵
  PID:7380
- C:\Windows\System\vmttsvg.exe
  C:\Windows\System\vmttsvg.exe
  2⤵
  PID:7308
- C:\Windows\System\iqWJAla.exe
  C:\Windows\System\iqWJAla.exe
  2⤵
  PID:7488
- C:\Windows\System\xROmkbj.exe
  C:\Windows\System\xROmkbj.exe
  2⤵
  PID:7504
- C:\Windows\System\BjSQVQK.exe
  C:\Windows\System\BjSQVQK.exe
  2⤵
  PID:7636
- C:\Windows\System\WkvVQVb.exe
  C:\Windows\System\WkvVQVb.exe
  2⤵
  PID:7524
- C:\Windows\System\wgfgLJW.exe
  C:\Windows\System\wgfgLJW.exe
  2⤵
  PID:7624
- C:\Windows\System\fYIvfNI.exe
  C:\Windows\System\fYIvfNI.exe
  2⤵
  PID:7688
- C:\Windows\System\Kfvlavu.exe
  C:\Windows\System\Kfvlavu.exe
  2⤵
  PID:7752
- C:\Windows\System\wNDAgpS.exe
  C:\Windows\System\wNDAgpS.exe
  2⤵
  PID:7704
- C:\Windows\System\mtjicvv.exe
  C:\Windows\System\mtjicvv.exe
  2⤵
  PID:7800
- C:\Windows\System\wMzZmBZ.exe
  C:\Windows\System\wMzZmBZ.exe
  2⤵
  PID:7796
- C:\Windows\System\PCxqiwX.exe
  C:\Windows\System\PCxqiwX.exe
  2⤵
  PID:7780
- C:\Windows\System\rrrCYqX.exe
  C:\Windows\System\rrrCYqX.exe
  2⤵
  PID:7844
- C:\Windows\System\qrXdyBR.exe
  C:\Windows\System\qrXdyBR.exe
  2⤵
  PID:7908
- C:\Windows\System\iosamvb.exe
  C:\Windows\System\iosamvb.exe
  2⤵
  PID:7972
- C:\Windows\System\cIBraJM.exe
  C:\Windows\System\cIBraJM.exe
  2⤵
  PID:8008
- C:\Windows\System\BsUgixN.exe
  C:\Windows\System\BsUgixN.exe
  2⤵
  PID:8020
- C:\Windows\System\ggwszCy.exe
  C:\Windows\System\ggwszCy.exe
  2⤵
  PID:7992
- C:\Windows\System\cZVoDXe.exe
  C:\Windows\System\cZVoDXe.exe
  2⤵
  PID:8100
- C:\Windows\System\YXBCYRo.exe
  C:\Windows\System\YXBCYRo.exe
  2⤵
  PID:8132
- C:\Windows\System\WjFYLru.exe
  C:\Windows\System\WjFYLru.exe
  2⤵
  PID:8148
- C:\Windows\System\hnSUfYU.exe
  C:\Windows\System\hnSUfYU.exe
  2⤵
  PID:8180
- C:\Windows\System\UNGiKUX.exe
  C:\Windows\System\UNGiKUX.exe
  2⤵
  PID:6824
- C:\Windows\System\qykIVrM.exe
  C:\Windows\System\qykIVrM.exe
  2⤵
  PID:7224
- C:\Windows\System\auqUQIQ.exe
  C:\Windows\System\auqUQIQ.exe
  2⤵
  PID:6956
- C:\Windows\System\nRCJLcU.exe
  C:\Windows\System\nRCJLcU.exe
  2⤵
  PID:7344
- C:\Windows\System\rbiRkpZ.exe
  C:\Windows\System\rbiRkpZ.exe
  2⤵
  PID:7312
- C:\Windows\System\sgfxjUT.exe
  C:\Windows\System\sgfxjUT.exe
  2⤵
  PID:7412
- C:\Windows\System\lkbninW.exe
  C:\Windows\System\lkbninW.exe
  2⤵
  PID:7464
- C:\Windows\System\XYorhTS.exe
  C:\Windows\System\XYorhTS.exe
  2⤵
  PID:7668
- C:\Windows\System\pZwbztQ.exe
  C:\Windows\System\pZwbztQ.exe
  2⤵
  PID:7492
- C:\Windows\System\iOosKdh.exe
  C:\Windows\System\iOosKdh.exe
  2⤵
  PID:7536
- C:\Windows\System\BwyLJzu.exe
  C:\Windows\System\BwyLJzu.exe
  2⤵
  PID:7428
- C:\Windows\System\JlJkdCK.exe
  C:\Windows\System\JlJkdCK.exe
  2⤵
  PID:7568
- C:\Windows\System\GeeOnbu.exe
  C:\Windows\System\GeeOnbu.exe
  2⤵
  PID:7684
- C:\Windows\System\RVaKiuW.exe
  C:\Windows\System\RVaKiuW.exe
  2⤵
  PID:7600
- C:\Windows\System\IccBaVf.exe
  C:\Windows\System\IccBaVf.exe
  2⤵
  PID:7940
- C:\Windows\System\QKBoYKG.exe
  C:\Windows\System\QKBoYKG.exe
  2⤵
  PID:8140
- C:\Windows\System\nnQreFE.exe
  C:\Windows\System\nnQreFE.exe
  2⤵
  PID:8120
- C:\Windows\System\onqIcCK.exe
  C:\Windows\System\onqIcCK.exe
  2⤵
  PID:7764
- C:\Windows\System\JmbNBWQ.exe
  C:\Windows\System\JmbNBWQ.exe
  2⤵
  PID:8160
- C:\Windows\System\RudPEzF.exe
  C:\Windows\System\RudPEzF.exe
  2⤵
  PID:7284
- C:\Windows\System\eikqzBH.exe
  C:\Windows\System\eikqzBH.exe
  2⤵
  PID:7340
- C:\Windows\System\zOuzXUB.exe
  C:\Windows\System\zOuzXUB.exe
  2⤵
  PID:8036
- C:\Windows\System\CupxWZZ.exe
  C:\Windows\System\CupxWZZ.exe
  2⤵
  PID:7864
- C:\Windows\System\nmmRWxg.exe
  C:\Windows\System\nmmRWxg.exe
  2⤵
  PID:7444
- C:\Windows\System\aenYYei.exe
  C:\Windows\System\aenYYei.exe
  2⤵
  PID:7604
- C:\Windows\System\YbPNvVV.exe
  C:\Windows\System\YbPNvVV.exe
  2⤵
  PID:7656
- C:\Windows\System\EYpDKEu.exe
  C:\Windows\System\EYpDKEu.exe
  2⤵
  PID:6988
- C:\Windows\System\XBAhRaG.exe
  C:\Windows\System\XBAhRaG.exe
  2⤵
  PID:7360
- C:\Windows\System\tBuwaWK.exe
  C:\Windows\System\tBuwaWK.exe
  2⤵
  PID:8068
- C:\Windows\System\ulYAhsL.exe
  C:\Windows\System\ulYAhsL.exe
  2⤵
  PID:7956
- C:\Windows\System\OOAcpew.exe
  C:\Windows\System\OOAcpew.exe
  2⤵
  PID:7876
- C:\Windows\System\YJIxxtF.exe
  C:\Windows\System\YJIxxtF.exe
  2⤵
  PID:7720
- C:\Windows\System\rnhQtzJ.exe
  C:\Windows\System\rnhQtzJ.exe
  2⤵
  PID:7424
- C:\Windows\System\kxNcUyh.exe
  C:\Windows\System\kxNcUyh.exe
  2⤵
  PID:7540
- C:\Windows\System\KBYVNYP.exe
  C:\Windows\System\KBYVNYP.exe
  2⤵
  PID:8144
- C:\Windows\System\sNDECqQ.exe
  C:\Windows\System\sNDECqQ.exe
  2⤵
  PID:7480
- C:\Windows\System\paUwJto.exe
  C:\Windows\System\paUwJto.exe
  2⤵
  PID:7736
- C:\Windows\System\vXUhELb.exe
  C:\Windows\System\vXUhELb.exe
  2⤵
  PID:7816
- C:\Windows\System\dyTgKSl.exe
  C:\Windows\System\dyTgKSl.exe
  2⤵
  PID:7748
- C:\Windows\System\GErfEUR.exe
  C:\Windows\System\GErfEUR.exe
  2⤵
  PID:8116
- C:\Windows\System\TShTgMk.exe
  C:\Windows\System\TShTgMk.exe
  2⤵
  PID:7456
- C:\Windows\System\uNCLjSu.exe
  C:\Windows\System\uNCLjSu.exe
  2⤵
  PID:8228
- C:\Windows\System\hyqljUd.exe
  C:\Windows\System\hyqljUd.exe
  2⤵
  PID:8244
- C:\Windows\System\jwQyAUg.exe
  C:\Windows\System\jwQyAUg.exe
  2⤵
  PID:8260
- C:\Windows\System\LNFqgiA.exe
  C:\Windows\System\LNFqgiA.exe
  2⤵
  PID:8284
- C:\Windows\System\WNANHmM.exe
  C:\Windows\System\WNANHmM.exe
  2⤵
  PID:8300
- C:\Windows\System\JckuWVu.exe
  C:\Windows\System\JckuWVu.exe
  2⤵
  PID:8324
- C:\Windows\System\dTHSFCG.exe
  C:\Windows\System\dTHSFCG.exe
  2⤵
  PID:8340
- C:\Windows\System\dxHlTxh.exe
  C:\Windows\System\dxHlTxh.exe
  2⤵
  PID:8356
- C:\Windows\System\zaiKWxC.exe
  C:\Windows\System\zaiKWxC.exe
  2⤵
  PID:8372
- C:\Windows\System\LWJxKPz.exe
  C:\Windows\System\LWJxKPz.exe
  2⤵
  PID:8388
- C:\Windows\System\XTDulvO.exe
  C:\Windows\System\XTDulvO.exe
  2⤵
  PID:8404
- C:\Windows\System\NDuUibl.exe
  C:\Windows\System\NDuUibl.exe
  2⤵
  PID:8420
- C:\Windows\System\DtsqEPM.exe
  C:\Windows\System\DtsqEPM.exe
  2⤵
  PID:8464
- C:\Windows\System\KPSgUWY.exe
  C:\Windows\System\KPSgUWY.exe
  2⤵
  PID:8484
- C:\Windows\System\UKgTHbG.exe
  C:\Windows\System\UKgTHbG.exe
  2⤵
  PID:8504
- C:\Windows\System\iTbAFmb.exe
  C:\Windows\System\iTbAFmb.exe
  2⤵
  PID:8528
- C:\Windows\System\ECLfCSr.exe
  C:\Windows\System\ECLfCSr.exe
  2⤵
  PID:8544
- C:\Windows\System\cLanRDe.exe
  C:\Windows\System\cLanRDe.exe
  2⤵
  PID:8560
- C:\Windows\System\BASEsJS.exe
  C:\Windows\System\BASEsJS.exe
  2⤵
  PID:8576
- C:\Windows\System\rYheKQC.exe
  C:\Windows\System\rYheKQC.exe
  2⤵
  PID:8592
- C:\Windows\System\owDecbw.exe
  C:\Windows\System\owDecbw.exe
  2⤵
  PID:8608
- C:\Windows\System\bRYeCCS.exe
  C:\Windows\System\bRYeCCS.exe
  2⤵
  PID:8624
- C:\Windows\System\BTWCkHf.exe
  C:\Windows\System\BTWCkHf.exe
  2⤵
  PID:8640
- C:\Windows\System\DyVfkwj.exe
  C:\Windows\System\DyVfkwj.exe
  2⤵
  PID:8660
- C:\Windows\System\lhBxxel.exe
  C:\Windows\System\lhBxxel.exe
  2⤵
  PID:8676
- C:\Windows\System\ROlbtBp.exe
  C:\Windows\System\ROlbtBp.exe
  2⤵
  PID:8692
- C:\Windows\System\umdSImI.exe
  C:\Windows\System\umdSImI.exe
  2⤵
  PID:8708
- C:\Windows\System\WKumgWs.exe
  C:\Windows\System\WKumgWs.exe
  2⤵
  PID:8724
- C:\Windows\System\gTTpgIH.exe
  C:\Windows\System\gTTpgIH.exe
  2⤵
  PID:8740
- C:\Windows\System\iAftBZC.exe
  C:\Windows\System\iAftBZC.exe
  2⤵
  PID:8756
- C:\Windows\System\UAQVXOU.exe
  C:\Windows\System\UAQVXOU.exe
  2⤵
  PID:8772
- C:\Windows\System\WFAlNOM.exe
  C:\Windows\System\WFAlNOM.exe
  2⤵
  PID:8788
- C:\Windows\System\SKxhgJS.exe
  C:\Windows\System\SKxhgJS.exe
  2⤵
  PID:8804
- C:\Windows\System\cxBTOOh.exe
  C:\Windows\System\cxBTOOh.exe
  2⤵
  PID:8820
- C:\Windows\System\aTEUJyS.exe
  C:\Windows\System\aTEUJyS.exe
  2⤵
  PID:8836
- C:\Windows\System\vFJLvew.exe
  C:\Windows\System\vFJLvew.exe
  2⤵
  PID:8852
- C:\Windows\System\GDNuJNS.exe
  C:\Windows\System\GDNuJNS.exe
  2⤵
  PID:8868
- C:\Windows\System\FeDKToi.exe
  C:\Windows\System\FeDKToi.exe
  2⤵
  PID:8884
- C:\Windows\System\mxOBhFd.exe
  C:\Windows\System\mxOBhFd.exe
  2⤵
  PID:8900
- C:\Windows\System\TBtJxQI.exe
  C:\Windows\System\TBtJxQI.exe
  2⤵
  PID:8916
- C:\Windows\System\oBYvIYH.exe
  C:\Windows\System\oBYvIYH.exe
  2⤵
  PID:8932
- C:\Windows\System\TOQYSkZ.exe
  C:\Windows\System\TOQYSkZ.exe
  2⤵
  PID:8948
- C:\Windows\System\MCUDTyg.exe
  C:\Windows\System\MCUDTyg.exe
  2⤵
  PID:8964
- C:\Windows\System\ILIwJIl.exe
  C:\Windows\System\ILIwJIl.exe
  2⤵
  PID:8980
- C:\Windows\System\ZLIMESm.exe
  C:\Windows\System\ZLIMESm.exe
  2⤵
  PID:8996
- C:\Windows\System\NhhpPKz.exe
  C:\Windows\System\NhhpPKz.exe
  2⤵
  PID:9012
- C:\Windows\System\MojNDTK.exe
  C:\Windows\System\MojNDTK.exe
  2⤵
  PID:9028
- C:\Windows\System\adrUgiP.exe
  C:\Windows\System\adrUgiP.exe
  2⤵
  PID:9044
- C:\Windows\System\tmeUxAn.exe
  C:\Windows\System\tmeUxAn.exe
  2⤵
  PID:9060
- C:\Windows\System\ZQxNjnl.exe
  C:\Windows\System\ZQxNjnl.exe
  2⤵
  PID:9076
- C:\Windows\System\AJKfLiv.exe
  C:\Windows\System\AJKfLiv.exe
  2⤵
  PID:9092
- C:\Windows\System\yWmDVnL.exe
  C:\Windows\System\yWmDVnL.exe
  2⤵
  PID:9108
- C:\Windows\System\GmyzyOM.exe
  C:\Windows\System\GmyzyOM.exe
  2⤵
  PID:9124
- C:\Windows\System\KlZzaIQ.exe
  C:\Windows\System\KlZzaIQ.exe
  2⤵
  PID:9140
- C:\Windows\System\ZGWroBq.exe
  C:\Windows\System\ZGWroBq.exe
  2⤵
  PID:9156
- C:\Windows\System\DNTZCXV.exe
  C:\Windows\System\DNTZCXV.exe
  2⤵
  PID:9172
- C:\Windows\System\qLaehlQ.exe
  C:\Windows\System\qLaehlQ.exe
  2⤵
  PID:9188
- C:\Windows\System\FrOhKZQ.exe
  C:\Windows\System\FrOhKZQ.exe
  2⤵
  PID:9204
- C:\Windows\System\NvIdagI.exe
  C:\Windows\System\NvIdagI.exe
  2⤵
  PID:7280
- C:\Windows\System\pyCkcMm.exe
  C:\Windows\System\pyCkcMm.exe
  2⤵
  PID:8200
- C:\Windows\System\ZfiFPiX.exe
  C:\Windows\System\ZfiFPiX.exe
  2⤵
  PID:8268
- C:\Windows\System\yGEwyMj.exe
  C:\Windows\System\yGEwyMj.exe
  2⤵
  PID:8256
- C:\Windows\System\qTWiDjk.exe
  C:\Windows\System\qTWiDjk.exe
  2⤵
  PID:8292
- C:\Windows\System\LeWATdR.exe
  C:\Windows\System\LeWATdR.exe
  2⤵
  PID:8320
- C:\Windows\System\KhVnvjm.exe
  C:\Windows\System\KhVnvjm.exe
  2⤵
  PID:8412
- C:\Windows\System\CcGQmdr.exe
  C:\Windows\System\CcGQmdr.exe
  2⤵
  PID:8396
- C:\Windows\System\JBEUyJS.exe
  C:\Windows\System\JBEUyJS.exe
  2⤵
  PID:8432
- C:\Windows\System\fPcBYci.exe
  C:\Windows\System\fPcBYci.exe
  2⤵
  PID:8332
- C:\Windows\System\IGoQIik.exe
  C:\Windows\System\IGoQIik.exe
  2⤵
  PID:8448
- C:\Windows\System\tLRkuvQ.exe
  C:\Windows\System\tLRkuvQ.exe
  2⤵
  PID:8476
- C:\Windows\System\ozmmYbT.exe
  C:\Windows\System\ozmmYbT.exe
  2⤵
  PID:8480
- C:\Windows\System\vtfzsqV.exe
  C:\Windows\System\vtfzsqV.exe
  2⤵
  PID:8520
- C:\Windows\System\uvoyijw.exe
  C:\Windows\System\uvoyijw.exe
  2⤵
  PID:8568
- C:\Windows\System\hsSVntd.exe
  C:\Windows\System\hsSVntd.exe
  2⤵
  PID:8572
- C:\Windows\System\ZJxqXhx.exe
  C:\Windows\System\ZJxqXhx.exe
  2⤵
  PID:8648
- C:\Windows\System\AoLpnIp.exe
  C:\Windows\System\AoLpnIp.exe
  2⤵
  PID:8656
- C:\Windows\System\eUUkRkV.exe
  C:\Windows\System\eUUkRkV.exe
  2⤵
  PID:8688
- C:\Windows\System\eJeiCoX.exe
  C:\Windows\System\eJeiCoX.exe
  2⤵
  PID:8812
- C:\Windows\System\wEtoIVg.exe
  C:\Windows\System\wEtoIVg.exe
  2⤵
  PID:8844
- C:\Windows\System\OuTLxOS.exe
  C:\Windows\System\OuTLxOS.exe
  2⤵
  PID:8796
- C:\Windows\System\qCEhqrL.exe
  C:\Windows\System\qCEhqrL.exe
  2⤵
  PID:8732
- C:\Windows\System\CsIFYnI.exe
  C:\Windows\System\CsIFYnI.exe
  2⤵
  PID:8880
- C:\Windows\System\JwpATVN.exe
  C:\Windows\System\JwpATVN.exe
  2⤵
  PID:8972
- C:\Windows\System\XIxaZFY.exe
  C:\Windows\System\XIxaZFY.exe
  2⤵
  PID:8828
- C:\Windows\System\xImyWCq.exe
  C:\Windows\System\xImyWCq.exe
  2⤵
  PID:8860
- C:\Windows\System\dXwwLaZ.exe
  C:\Windows\System\dXwwLaZ.exe
  2⤵
  PID:8896
- C:\Windows\System\EFJXhNa.exe
  C:\Windows\System\EFJXhNa.exe
  2⤵
  PID:8992
- C:\Windows\System\NqWQsmu.exe
  C:\Windows\System\NqWQsmu.exe
  2⤵
  PID:9040
- C:\Windows\System\rGaRCtM.exe
  C:\Windows\System\rGaRCtM.exe
  2⤵
  PID:9136
- C:\Windows\System\LDrQNCO.exe
  C:\Windows\System\LDrQNCO.exe
  2⤵
  PID:9052
- C:\Windows\System\OtJczuf.exe
  C:\Windows\System\OtJczuf.exe
  2⤵
  PID:9148
- C:\Windows\System\LiZGlQF.exe
  C:\Windows\System\LiZGlQF.exe
  2⤵
  PID:9152
- C:\Windows\System\HtXxqdz.exe
  C:\Windows\System\HtXxqdz.exe
  2⤵
  PID:9212
- C:\Windows\System\TjJXKQS.exe
  C:\Windows\System\TjJXKQS.exe
  2⤵
  PID:8252
- C:\Windows\System\ixbxuFD.exe
  C:\Windows\System\ixbxuFD.exe
  2⤵
  PID:8316
- C:\Windows\System\TRegOvT.exe
  C:\Windows\System\TRegOvT.exe
  2⤵
  PID:8364
- C:\Windows\System\rXagioY.exe
  C:\Windows\System\rXagioY.exe
  2⤵
  PID:8240
- C:\Windows\System\WzOZLtZ.exe
  C:\Windows\System\WzOZLtZ.exe
  2⤵
  PID:7264
- C:\Windows\System\sIQoEAJ.exe
  C:\Windows\System\sIQoEAJ.exe
  2⤵
  PID:8500
- C:\Windows\System\eWjnHoL.exe
  C:\Windows\System\eWjnHoL.exe
  2⤵
  PID:8636
- C:\Windows\System\AAtfPpU.exe
  C:\Windows\System\AAtfPpU.exe
  2⤵
  PID:8672
- C:\Windows\System\TbDMmFs.exe
  C:\Windows\System\TbDMmFs.exe
  2⤵
  PID:8876
- C:\Windows\System\WyTJGUt.exe
  C:\Windows\System\WyTJGUt.exe
  2⤵
  PID:8540
- C:\Windows\System\vLMnOQY.exe
  C:\Windows\System\vLMnOQY.exe
  2⤵
  PID:8832
- C:\Windows\System\GAtcQSN.exe
  C:\Windows\System\GAtcQSN.exe
  2⤵
  PID:8908
- C:\Windows\System\IXtFQWo.exe
  C:\Windows\System\IXtFQWo.exe
  2⤵
  PID:9008
- C:\Windows\System\cyxnBrn.exe
  C:\Windows\System\cyxnBrn.exe
  2⤵
  PID:9068
- C:\Windows\System\UEncwTI.exe
  C:\Windows\System\UEncwTI.exe
  2⤵
  PID:9168
- C:\Windows\System\HXXxPyu.exe
  C:\Windows\System\HXXxPyu.exe
  2⤵
  PID:9104
- C:\Windows\System\RwOhZIx.exe
  C:\Windows\System\RwOhZIx.exe
  2⤵
  PID:9184
- C:\Windows\System\fgybwZA.exe
  C:\Windows\System\fgybwZA.exe
  2⤵
  PID:8436
- C:\Windows\System\uDXNVLM.exe
  C:\Windows\System\uDXNVLM.exe
  2⤵
  PID:8588
- C:\Windows\System\YqhqXft.exe
  C:\Windows\System\YqhqXft.exe
  2⤵
  PID:8276
- C:\Windows\System\kGoywWC.exe
  C:\Windows\System\kGoywWC.exe
  2⤵
  PID:8668
- C:\Windows\System\EpWCoag.exe
  C:\Windows\System\EpWCoag.exe
  2⤵
  PID:8556
- C:\Windows\System\OaJpgoF.exe
  C:\Windows\System\OaJpgoF.exe
  2⤵
  PID:9004
- C:\Windows\System\DSuFtaM.exe
  C:\Windows\System\DSuFtaM.exe
  2⤵
  PID:8892
- C:\Windows\System\hVQeqLW.exe
  C:\Windows\System\hVQeqLW.exe
  2⤵
  PID:8988
- C:\Windows\System\hUWrzWw.exe
  C:\Windows\System\hUWrzWw.exe
  2⤵
  PID:8764
- C:\Windows\System\LjmnlDv.exe
  C:\Windows\System\LjmnlDv.exe
  2⤵
  PID:8456
- C:\Windows\System\XTWnmrj.exe
  C:\Windows\System\XTWnmrj.exe
  2⤵
  PID:8716
- C:\Windows\System\OzDoKSu.exe
  C:\Windows\System\OzDoKSu.exe
  2⤵
  PID:8944
- C:\Windows\System\rtrnArH.exe
  C:\Windows\System\rtrnArH.exe
  2⤵
  PID:8700
- C:\Windows\System\jvvISIR.exe
  C:\Windows\System\jvvISIR.exe
  2⤵
  PID:9116
- C:\Windows\System\LPtZxWe.exe
  C:\Windows\System\LPtZxWe.exe
  2⤵
  PID:9220
- C:\Windows\System\fVuhtEA.exe
  C:\Windows\System\fVuhtEA.exe
  2⤵
  PID:9236
- C:\Windows\System\oTtYFSj.exe
  C:\Windows\System\oTtYFSj.exe
  2⤵
  PID:9252
- C:\Windows\System\oJYNVwq.exe
  C:\Windows\System\oJYNVwq.exe
  2⤵
  PID:9268
- C:\Windows\System\xnIeHge.exe
  C:\Windows\System\xnIeHge.exe
  2⤵
  PID:9284
- C:\Windows\System\IDpSiFx.exe
  C:\Windows\System\IDpSiFx.exe
  2⤵
  PID:9300
- C:\Windows\System\yWhnpfy.exe
  C:\Windows\System\yWhnpfy.exe
  2⤵
  PID:9316
- C:\Windows\System\pXBKEyJ.exe
  C:\Windows\System\pXBKEyJ.exe
  2⤵
  PID:9332
- C:\Windows\System\tfpXPfs.exe
  C:\Windows\System\tfpXPfs.exe
  2⤵
  PID:9348
- C:\Windows\System\VqsiknO.exe
  C:\Windows\System\VqsiknO.exe
  2⤵
  PID:9364
- C:\Windows\System\VdotbrK.exe
  C:\Windows\System\VdotbrK.exe
  2⤵
  PID:9380
- C:\Windows\System\GRwugxg.exe
  C:\Windows\System\GRwugxg.exe
  2⤵
  PID:9396
- C:\Windows\System\PlttWEr.exe
  C:\Windows\System\PlttWEr.exe
  2⤵
  PID:9412
- C:\Windows\System\IFSbBnM.exe
  C:\Windows\System\IFSbBnM.exe
  2⤵
  PID:9428
- C:\Windows\System\uisHUMG.exe
  C:\Windows\System\uisHUMG.exe
  2⤵
  PID:9444
- C:\Windows\System\xPoRHZb.exe
  C:\Windows\System\xPoRHZb.exe
  2⤵
  PID:9460
- C:\Windows\System\GWNdnzt.exe
  C:\Windows\System\GWNdnzt.exe
  2⤵
  PID:9476
- C:\Windows\System\aIPddnS.exe
  C:\Windows\System\aIPddnS.exe
  2⤵
  PID:9492
- C:\Windows\System\uiETyfW.exe
  C:\Windows\System\uiETyfW.exe
  2⤵
  PID:9508
- C:\Windows\System\aVQuYgp.exe
  C:\Windows\System\aVQuYgp.exe
  2⤵
  PID:9524
- C:\Windows\System\OfMuCoM.exe
  C:\Windows\System\OfMuCoM.exe
  2⤵
  PID:9540
- C:\Windows\System\GrAxHcL.exe
  C:\Windows\System\GrAxHcL.exe
  2⤵
  PID:9556
- C:\Windows\System\CQpBpGs.exe
  C:\Windows\System\CQpBpGs.exe
  2⤵
  PID:9572
- C:\Windows\System\iGXhAOu.exe
  C:\Windows\System\iGXhAOu.exe
  2⤵
  PID:9588
- C:\Windows\System\FsObWmI.exe
  C:\Windows\System\FsObWmI.exe
  2⤵
  PID:9604
- C:\Windows\System\XMNjFxX.exe
  C:\Windows\System\XMNjFxX.exe
  2⤵
  PID:9620
- C:\Windows\System\pozuqbr.exe
  C:\Windows\System\pozuqbr.exe
  2⤵
  PID:9636
- C:\Windows\System\vOjWKeU.exe
  C:\Windows\System\vOjWKeU.exe
  2⤵
  PID:9652
- C:\Windows\System\KNinrQY.exe
  C:\Windows\System\KNinrQY.exe
  2⤵
  PID:9668
- C:\Windows\System\fxIoKHB.exe
  C:\Windows\System\fxIoKHB.exe
  2⤵
  PID:9684
- C:\Windows\System\JVyWlIS.exe
  C:\Windows\System\JVyWlIS.exe
  2⤵
  PID:9700
- C:\Windows\System\iUoVJQn.exe
  C:\Windows\System\iUoVJQn.exe
  2⤵
  PID:9716
- C:\Windows\System\frFijUt.exe
  C:\Windows\System\frFijUt.exe
  2⤵
  PID:9732
- C:\Windows\System\EzHOxIZ.exe
  C:\Windows\System\EzHOxIZ.exe
  2⤵
  PID:9748
- C:\Windows\System\jZpoYrP.exe
  C:\Windows\System\jZpoYrP.exe
  2⤵
  PID:9764
- C:\Windows\System\MYsHIrC.exe
  C:\Windows\System\MYsHIrC.exe
  2⤵
  PID:9780
- C:\Windows\System\rhiFEnI.exe
  C:\Windows\System\rhiFEnI.exe
  2⤵
  PID:9796
- C:\Windows\System\xHiexHz.exe
  C:\Windows\System\xHiexHz.exe
  2⤵
  PID:9812
- C:\Windows\System\VcGNZPb.exe
  C:\Windows\System\VcGNZPb.exe
  2⤵
  PID:9828
- C:\Windows\System\QhASzty.exe
  C:\Windows\System\QhASzty.exe
  2⤵
  PID:9844
- C:\Windows\System\hgXgnLq.exe
  C:\Windows\System\hgXgnLq.exe
  2⤵
  PID:9860
- C:\Windows\System\hIkiIoN.exe
  C:\Windows\System\hIkiIoN.exe
  2⤵
  PID:9876
- C:\Windows\System\Nhvbbai.exe
  C:\Windows\System\Nhvbbai.exe
  2⤵
  PID:9892
- C:\Windows\System\HlgXwKv.exe
  C:\Windows\System\HlgXwKv.exe
  2⤵
  PID:9908
- C:\Windows\System\aBSkoPZ.exe
  C:\Windows\System\aBSkoPZ.exe
  2⤵
  PID:9924
- C:\Windows\System\ymIwhgU.exe
  C:\Windows\System\ymIwhgU.exe
  2⤵
  PID:9940
- C:\Windows\System\HymVRVM.exe
  C:\Windows\System\HymVRVM.exe
  2⤵
  PID:9956
- C:\Windows\System\TMqsGmc.exe
  C:\Windows\System\TMqsGmc.exe
  2⤵
  PID:9972
- C:\Windows\System\xjnzQrh.exe
  C:\Windows\System\xjnzQrh.exe
  2⤵
  PID:9988
- C:\Windows\System\ZmjTqIN.exe
  C:\Windows\System\ZmjTqIN.exe
  2⤵
  PID:10004
- C:\Windows\System\UmlEFrD.exe
  C:\Windows\System\UmlEFrD.exe
  2⤵
  PID:10020
- C:\Windows\System\KuZmROM.exe
  C:\Windows\System\KuZmROM.exe
  2⤵
  PID:10036
- C:\Windows\System\JkaWquJ.exe
  C:\Windows\System\JkaWquJ.exe
  2⤵
  PID:10052
- C:\Windows\System\VNmKhgo.exe
  C:\Windows\System\VNmKhgo.exe
  2⤵
  PID:10068
- C:\Windows\System\JZHlGps.exe
  C:\Windows\System\JZHlGps.exe
  2⤵
  PID:10084
- C:\Windows\System\EGzZMwY.exe
  C:\Windows\System\EGzZMwY.exe
  2⤵
  PID:10100
- C:\Windows\System\MZqpWbL.exe
  C:\Windows\System\MZqpWbL.exe
  2⤵
  PID:10116
- C:\Windows\System\ZMcRgUI.exe
  C:\Windows\System\ZMcRgUI.exe
  2⤵
  PID:10132
- C:\Windows\System\TAGauSD.exe
  C:\Windows\System\TAGauSD.exe
  2⤵
  PID:10148
- C:\Windows\System\cFOtPRF.exe
  C:\Windows\System\cFOtPRF.exe
  2⤵
  PID:10164
- C:\Windows\System\OMhPTOk.exe
  C:\Windows\System\OMhPTOk.exe
  2⤵
  PID:10180
- C:\Windows\System\ZMMBvuV.exe
  C:\Windows\System\ZMMBvuV.exe
  2⤵
  PID:10200
- C:\Windows\System\gSzRwDx.exe
  C:\Windows\System\gSzRwDx.exe
  2⤵
  PID:10216
- C:\Windows\System\vykuxOW.exe
  C:\Windows\System\vykuxOW.exe
  2⤵
  PID:10232
- C:\Windows\System\BDlulMs.exe
  C:\Windows\System\BDlulMs.exe
  2⤵
  PID:9228
- C:\Windows\System\wANydhA.exe
  C:\Windows\System\wANydhA.exe
  2⤵
  PID:8620
- C:\Windows\System\QRjEXUg.exe
  C:\Windows\System\QRjEXUg.exe
  2⤵
  PID:9324
- C:\Windows\System\JJvjIoW.exe
  C:\Windows\System\JJvjIoW.exe
  2⤵
  PID:9296
- C:\Windows\System\KuNzYMA.exe
  C:\Windows\System\KuNzYMA.exe
  2⤵
  PID:8752
- C:\Windows\System\lEbiRNR.exe
  C:\Windows\System\lEbiRNR.exe
  2⤵
  PID:9360
- C:\Windows\System\kOPyTXu.exe
  C:\Windows\System\kOPyTXu.exe
  2⤵
  PID:9344
- C:\Windows\System\tcOuIzS.exe
  C:\Windows\System\tcOuIzS.exe
  2⤵
  PID:9516
- C:\Windows\System\rfLWMGM.exe
  C:\Windows\System\rfLWMGM.exe
  2⤵
  PID:9536
- C:\Windows\System\UpAsMwu.exe
  C:\Windows\System\UpAsMwu.exe
  2⤵
  PID:9504
- C:\Windows\System\lQqmzjp.exe
  C:\Windows\System\lQqmzjp.exe
  2⤵
  PID:9596
- C:\Windows\System\EYKBWGX.exe
  C:\Windows\System\EYKBWGX.exe
  2⤵
  PID:9648
- C:\Windows\System\aFFOOGP.exe
  C:\Windows\System\aFFOOGP.exe
  2⤵
  PID:9712
- C:\Windows\System\mqJQywc.exe
  C:\Windows\System\mqJQywc.exe
  2⤵
  PID:9948
- C:\Windows\System\LoAsDdT.exe
  C:\Windows\System\LoAsDdT.exe
  2⤵
  PID:10224
- C:\Windows\System\BzsIsqB.exe
  C:\Windows\System\BzsIsqB.exe
  2⤵
  PID:10212
- C:\Windows\System\OzvUHjs.exe
  C:\Windows\System\OzvUHjs.exe
  2⤵
  PID:9036
- C:\Windows\System\vWuZzXF.exe
  C:\Windows\System\vWuZzXF.exe
  2⤵
  PID:9356
- C:\Windows\System\WjjlPgq.exe
  C:\Windows\System\WjjlPgq.exe
  2⤵
  PID:9340
- C:\Windows\System\uDeqBUn.exe
  C:\Windows\System\uDeqBUn.exe
  2⤵
  PID:9836
- C:\Windows\System\oVTOeEj.exe
  C:\Windows\System\oVTOeEj.exe
  2⤵
  PID:9820
- C:\Windows\System\EfYIvIb.exe
  C:\Windows\System\EfYIvIb.exe
  2⤵
  PID:9964
- C:\Windows\System\mHfysiN.exe
  C:\Windows\System\mHfysiN.exe
  2⤵
  PID:10092
- C:\Windows\System\zqdzIWu.exe
  C:\Windows\System\zqdzIWu.exe
  2⤵
  PID:9696
- C:\Windows\System\qTTFhwx.exe
  C:\Windows\System\qTTFhwx.exe
  2⤵
  PID:9984
- C:\Windows\System\RYTnSQB.exe
  C:\Windows\System\RYTnSQB.exe
  2⤵
  PID:9724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BZueAeY.exe

Filesize
6.0MB

MD5
9b4ebd48055e306b700fd30386e47b86

SHA1
65bbedc4ff6fcc97d42aa07cc52ecc11553b10f3

SHA256
52870b24b688411d9da2a96fe5ecb7edd993aed4ad1d43cc954c9dcaa4337312

SHA512
048ce0801b3c238bd283528d0913eac67d9cdaddb770e432e3d5612be8a727e04a17855419cb5cc155f549ba9abeb6fa54b1c3372dbab00ab14d1f35764b22c8

Download Submit
C:\Windows\system\EIKuWpl.exe

Filesize
6.0MB

MD5
6a7248e49278dd57db7600bb51209a64

SHA1
2b04182767950d858e1d35359692b753ec0ac9c1

SHA256
cb5c42264266cc39f7a033defc54823363abd94bd89c3052593c19af66b55c4d

SHA512
d5f635d7fe51c51de7c1c813079e3327e2e14f74d6b7556d1e7fd860bbe5e99bd9ffd31640d14f75a65b90682f810af0df3f8aa08b74de02de33c62537b69589

Download Submit
C:\Windows\system\ESjwcyE.exe

Filesize
6.0MB

MD5
553326432bbcff6b1db48d3f8d946d84

SHA1
461d420883deada351a2eef9aaa9382a08d743f0

SHA256
7c98e4ed18f846046af1421018cbb0ec967da147e39ddf1d3150ee1fc5991107

SHA512
831e80e7be02e0444d18db0c218ea1bc9d696630fc349e02ac1f975d5519358ef43c1af4539f3fc307936ca14a92ddc3b36fdec6fa1a0a5e2e73a7dca26eacf9

Download Submit
C:\Windows\system\EmrqNoj.exe

Filesize
6.0MB

MD5
b6418f0eb3d10de80db87c42ecd7ea02

SHA1
81011ad1ab11dd4bca19853783d3220ac8976023

SHA256
9036d8e3ef17beee593180c8e4e948b25c9768847283f6c812445ef6a376884f

SHA512
31c77b3019a56597c77e651e4e1de083598775b81a4a96717f797e3f2a0380954fd2b1067b97e7ddeb2d77bf7a5a0bc1faf7c959fb296b5d253ca2543354cec5

Download Submit
C:\Windows\system\EoTaDQC.exe

Filesize
6.0MB

MD5
7181719bdc49b2b742d5160d1773817b

SHA1
921a8210d074e3d61542908d685624cbd6e10f8f

SHA256
95888815cb1a73c5d2ef9ec36e9ff333ed7f378b744d0c650432810f21a9c1e6

SHA512
41a96b775d267613da7bf92f92080c09f7d5dfddd58448fbd20a561bcc59f927aac07436ac1ad12f3720c8d73304556a1f31744fb8aedc334c5f3c9bd12fdc7b

Download Submit
C:\Windows\system\KvBhQfH.exe

Filesize
6.0MB

MD5
611e4bb8c012c023d9f6cca3896f6af5

SHA1
3c6daf92f1a2c87da05c393aa8be94f8f71434be

SHA256
c57c0c87521f35193eef1b62550fbc19112508ed6b593f382ddcd1d90d73322e

SHA512
fd3498b682a3c0477dd8fc11ea49aef30b0d89df06f428e648b79991a6a4b07a81dc550dcbb37f9f53cd4e32232a088b63a843cb370e93906d277e9c614c1d87

Download Submit
C:\Windows\system\LgakJRl.exe

Filesize
6.0MB

MD5
c4b38097fe9a7f760246ad75b0962cfa

SHA1
f7d4b8f7db4e6986736ce4b584b773bf9ec836c7

SHA256
2eee76abf93f56e6cc36180edb6ebfc20def428872cd14c1c468161672cc0bbe

SHA512
64552af8a2a225f84639f42ef0adfe75fe9ea30d09dbbe53214ed4398652109a3b74146dd1871b51d83ad11d406be317528402f4d2395e5988210e85373a0c2c

Download Submit
C:\Windows\system\LtyYbxL.exe

Filesize
6.0MB

MD5
0a54b3e8bf2897a6f6859a5575c448dd

SHA1
9e38378832a4c31dfae32f10831021f9f05bcef9

SHA256
b97ea81724067ab9a7429afe928099af52bade1d350a8c37186c35946d157e35

SHA512
9ba216cc30caa93827b2b2af24e269cda26d6877a4e7a05e01c18218806f39e9719b1e011901d330fa384654a6c7f3b66d0e2826fbd5e3e89d089d19f0ee85d1

Download Submit
C:\Windows\system\OldhyYp.exe

Filesize
6.0MB

MD5
46762a8591860bb31f8db3c4a0a28084

SHA1
23845ab2bb5a092c5e9806ad7944ed7dde762a05

SHA256
07c6c4e002cd8d07d8ec6bca9aa3d461a8325fbf4e90f278430d3b36e9c6dc19

SHA512
c581962ffc5a7946c54638d5db92b422aec5f67af25a02bd2c6308ea3983969f61a40725f65a3652c3efb03d4a5a4108f75e604b0206e6ed62f7f51b38f401ae

Download Submit
C:\Windows\system\OnDJuMd.exe

Filesize
6.0MB

MD5
ce7d870946cc07943c91a24854bd7b4a

SHA1
a8b990c10697519fb867c104dde9e9abde927b2e

SHA256
5d10d2e9b98cc150e5a60aa635183ca8b5284432bc05bbd902a2406310b4eb4b

SHA512
fb14740b1e0ed3fa78563823bd022f3d3c01e629b2da67e939b6ccc2f94460cfcd099b7f6d085bbc84dcd84d7b5bc8458b96370ce9d57a7cfd402321dc2b7f57

Download Submit
C:\Windows\system\XKnnXDq.exe

Filesize
6.0MB

MD5
5db10459168254ce2b1d3f7fc2c4f74d

SHA1
d717dd91911999b90868fa178cc01e0dcad5c2e8

SHA256
a2e78d2f37affd34f907ee976c949477abf99c5f1668b1ae9d659e290a486667

SHA512
ca903553cc7f0dbcc430b49ecbc75db224bbd9b63526837e8cb1ee77a3a2ce919686021781f69e3af87a4d3fc748c54da1851ebcbc515e331f46b6cb12cfded7

Download Submit
C:\Windows\system\eEqVqyg.exe

Filesize
6.0MB

MD5
ab726b6dabb43944a04cbea8daf83975

SHA1
0d5aae93bc4afc89acd9553481312d620fbaf836

SHA256
beae4fb936fdb938453cd669d6e1d104f056967481d84e68a32085e18d8a8cde

SHA512
ccf4687bac7fbb7ee839c5ede42a7973dd1f1b9e3bad7a1cc8cf611a1960ef82a2074526a8a126288649eac4bae9b9ff5ec09e184c0e523e9ace3e55a741d918

Download Submit
C:\Windows\system\eRzSrtl.exe

Filesize
6.0MB

MD5
046a2fb69598340cfd9a792d58488354

SHA1
539c1fab66641cf6b0de3f661c75b51b28acd311

SHA256
d190fa233b4ea75d1bbd1973a0ed62e1c4d02d618598c77db9962361a9251952

SHA512
0252f5f5f26f5ea2c7662e106c02e1d8ecf6e6179a6cd242451f0c1889423d9cbaf547a15c765bc23bd0c523d2955e16b8a3241a5e98738f77f4f76ca74f643f

Download Submit
C:\Windows\system\evkXIek.exe

Filesize
6.0MB

MD5
de260837d4bd1d018f329f44652db048

SHA1
5cae591f733e0dd044197a8d2b8c71a0311c2397

SHA256
ac82ae68277b2057095b1ea54b719bdb958296e9c42caac1903c9e86ae5a830c

SHA512
49cefe18728ffd5e82bba2b4d15b2b2c027da4a44fc7253bbd17cfef85483f1eb2236b623c9ed958214b518d2ae0fecffd800c161065465e60ba804e43c78619

Download Submit
C:\Windows\system\hlYCRrI.exe

Filesize
6.0MB

MD5
b368d4f7ddb3bde6b42c603d62727582

SHA1
6724947d966bc01ee2e4b635022122e34bd2cfac

SHA256
4c078d98e1fc5fd3e45b519208e4e935ef8f69ece5a03b4970871e90e280964a

SHA512
4dd7ce1a31399958f63d3b5bda0348a97af71d92e69c43eb3d6444b18010e9ad8f3152035eb23f7292b310c73e005aa9591f351ef3330cc909fd187950675c54

Download Submit
C:\Windows\system\jGsiKmw.exe

Filesize
6.0MB

MD5
971fa2a975ad8e5d8546d8285ca8116e

SHA1
9bbc3c17914bc8a1a78b818f7b668a7ab3a290ea

SHA256
de74022dec262490556b9e329e1d7e4a0034739fec2543163e300baeb6662128

SHA512
c76ceea51d4f729d14f0920f66d12d2de88ea38fd749a807c24e84217863ad029f7462fe3a5fe9d01cb37e5528a078947528a2ee2fc2057aab15bf2cffe16e4f

Download Submit
C:\Windows\system\jdVqxPZ.exe

Filesize
6.0MB

MD5
59e01e2c5c2381a2ebb1e4cc5399acd8

SHA1
65cf44c7f5db4a6f0a4d54795f2f765fa2083683

SHA256
36d40008db94464265341db1f5220383f2e7256a9ed8e0844d8b89e7b883b768

SHA512
3f9ad195a4ffea16316d8af13943266c41f5dda520c6f24e1ebe5a55acc86ddd3102d7c761fa8d04ccb3911908fb8d66659828767a94b24a625fa4fa3dc765ad

Download Submit
C:\Windows\system\jmxgkcv.exe

Filesize
6.0MB

MD5
e90eead8b010f30ab8ebd5dd3e3de25d

SHA1
54230261757ed4e575b8c326b789f62aefda024c

SHA256
8e6fb6baec4cd4df4c20087c54b35bfab209b78011887024ab13d3b89eb8fcf7

SHA512
a9d04a6339a06c46535a11a8f84879454c546f485b59c6b27aef52c0eae09eaf4e0ea53392e4549df5b305e0a700267075294397f7df22913b693f6a09eefcee

Download Submit
C:\Windows\system\mMnEzEp.exe

Filesize
6.0MB

MD5
b2265154a92ee4e550d2a7003ca799e4

SHA1
3cc21cb370168b876017626ee158fbb1e78ad505

SHA256
64453c52663869c384ff31d13947c64bf60eec5b1cfeab89ed88c3f21fd5ba2e

SHA512
1a91a893163e99c62c390ea0bbeb516706a48bc1836f1e31aaf4d86b669e27658f457bf653ce39e856a1866874d21d21b554c4ec99e1865ac7d2b9b87a11aae0

Download Submit
C:\Windows\system\mPhFMKs.exe

Filesize
6.0MB

MD5
4114356498142df4b4ae2d55efc5d85d

SHA1
132fc7c72621cd15df25d83f2188f6f7eb43c85e

SHA256
702690fc40095dfe2d529e5a88de45788554fedab31125c8bcc9caec29d4041a

SHA512
926c5450b748f328122bf4d136522cd1afd47067416604fb6aee91839148cbd4c8a9200d8e709148c3f0dc535d8939f4d266429b813190e08a589157ba11beb3

Download Submit
C:\Windows\system\ntbYOmd.exe

Filesize
6.0MB

MD5
bb69ace0b25062f2bbc6eb2c01019b86

SHA1
0464af8e8329301c589bd08093312e042a986c86

SHA256
ba6fcdd5ac5e040bed92e1dd6a0cc2658b65a41638eb10601334f264245aec20

SHA512
8de426418c3b268bdc068c25b9fddb4f4bcd2506b8979272ab3f55e4340a89907a8112657fa3e0fe8d5cfed4834e4a7a4048eda0af300c8661aa2ce872a1178e

Download Submit
C:\Windows\system\oUJAWKR.exe

Filesize
6.0MB

MD5
c9f10e33ef3dcde9b897e22b2b98ad2d

SHA1
d3e763961598078873ed9cf7db837af4d572fca8

SHA256
e72610d927c90ae9e889bdc3094b679530f61eb233f62ab24e9f0b68c2aa2548

SHA512
a36f65f0b91c05585f705b6649bccb32ad1e4c6d25096b5487e153e3896e5794dddd08519d6d59d78e6e414d7e8a1c5b137f067bb5448b23a674a06101d12704

Download Submit
C:\Windows\system\tZkGjaf.exe

Filesize
6.0MB

MD5
ccf71449c1098eaacfe0739e55d1400f

SHA1
f7a4f580c84acadad1be895149bacc3b026afc26

SHA256
74e079f00cd8695b805387aeccb9207b8952a33fac311539497f3620deba327d

SHA512
f26f7a4264c83cda88a1697dc32d9771ed94303884f666805ceddb16b31c6020d4e8da635e9ef4f757eb7c77f339024ee433042ef97f7c683fe2ae99edb6b341

Download Submit
C:\Windows\system\yXcjsQO.exe

Filesize
6.0MB

MD5
76657df6e0173e078209dc0a59faa644

SHA1
aef87c1a96ee6caf6ec0c8cae54a05dff44142c2

SHA256
19e9e2b0922b6d77dd37ba89ac3a68adad6d965e10ac46f6b50997c94a59ad02

SHA512
5d0ee970f26b6ed5cbdb919612cd3763cf95eb89b4eda4017e96dafbfc35ffcdee0de8ccfe210411c588cb9797769a55d3e172e09bbaf7f9002910d880412bff

Download Submit
\Windows\system\DNEbHOA.exe

Filesize
6.0MB

MD5
e9c31458e4038954928c6ec7a9e5a275

SHA1
51074f0ac8f8664cce6c9b21c83652bcb8ae288b

SHA256
8c5cba4926a8c185bb8dfd6735ad384c624a98fb28d07054652dc60b991c4c54

SHA512
b9a1dff4b3b5f6b10400f1d42d160bdab3bd47357a8a33e1d37777f09601a8e74be220348272797a91c5540c153d07945cd208290cede93f153dbf901bb3aa99

Download Submit
\Windows\system\QqGFKnm.exe

Filesize
6.0MB

MD5
7d7dedaddd1c3309443f6fe5c448a6e2

SHA1
61c6e11802d6a20e885cf8e8052c95b55bea04ab

SHA256
a04ea0c7dc7a067519d4ecf2f83a2fde48aaf7e3ac1db96a928f5db22d0d24b3

SHA512
fd4d730e43adac89d06ebe1d6731c2dc830fd3a84fc116062fcec8d59ec07d9401dac8359417847efcfe1d57bb9e4323120c7de992dd9a17ca88edacb66030d8

Download Submit
\Windows\system\ROnSoeY.exe

Filesize
6.0MB

MD5
90e7a2545341ab37b14acbdc32c48908

SHA1
d4311aab46d47f6a3bfe6e7ac378d92c9e4daee2

SHA256
89331ead5251ef87f8c4b5c604896a462d43cff62502d7be5ef6553c98bdc763

SHA512
2e83812438a354a1cc34a711ab25a2c87207c071f867c42d617d07513b94ccfcc1804b2405aace0592f4f9bc55921c3e1cba1bf6573df3b8166936e7e9152484

Download Submit
\Windows\system\aIROyHL.exe

Filesize
6.0MB

MD5
e0c828a143e82720ef2d0058192aeb8d

SHA1
cc5091aac4a29a1fcf0b081ff717645a3004a111

SHA256
e85bf30c2790789be9b5bdcd6a56a200356c286ebbf34ec812c6d2def4e4d4a1

SHA512
9e261614df3ffc1ae8ffb5487dda6371633049538b45aa3e189b406172056f79037be7f87eb9b511a3cee27295780358ca30e114bf6455be4173c358f7224f61

Download Submit
\Windows\system\cKxosJL.exe

Filesize
6.0MB

MD5
2f1af9657505a112734548defbe7a786

SHA1
ef2278d6c91abdda4e1bc072a462881d2ad9a2f0

SHA256
08679bb98202ee34aaed326ba2a73eae880304b1b6d6414bbef3ee3281b20e09

SHA512
bd84d5ff3ae37ec2894b9a8a764e7b85b03008fab6ae6bbe95f6678149b8ecf1eba83e6fb7c7594cc73967aec5189908ade2c7cb77254dc7887334b6d8518467

Download Submit
\Windows\system\dVfWBLp.exe

Filesize
6.0MB

MD5
56e8bf2c431b529ca5806664d7aea141

SHA1
1b66eb5b8fc15522d7a537c2f6d7904361f02a93

SHA256
787831b2e85613271a22fc0149c421b55980e4bece8a9fc546559226793ec51f

SHA512
84b1e1585a4591422396de68fc669bd09012338df5e680d0456344f14e5ab1a09b12be80c792febfa819ece04003943a00f05b809457d776398f1acd1b1191f2

Download Submit
\Windows\system\edmCsLc.exe

Filesize
6.0MB

MD5
a69d832a28d2484219a2942e54f10bc5

SHA1
ef9f011c497cf4b007b0597f9000a4c750bb2e6c

SHA256
017c3d04db10977c84a3e7679478768bcdb75cd72138c9678cd3d97245068b8a

SHA512
6ea642c3ad35319b88a5f65a140a069a1a2d6772d5f78141f6bde1b74d896db87f43b5334a0ee33b1fdf85c4847fdf44190dc8bcd5a25ddabadc3c3110ebb537

Download Submit
\Windows\system\qUSmxpg.exe

Filesize
6.0MB

MD5
7f78baf0c0becc3a324f0d0698870d7c

SHA1
847d086421237f8d50e1b25233ed4124d979f4ff

SHA256
df634e5734096e51fc5802c2cdc14651c90d11bf8044282ee9d804b4885aa556

SHA512
986e8b14679608d32b3309bfbba3716e8451c8fa0474d652dbce1d2bf8a7c767bca3e32c2f53745536a1e066e4b015772dfb7e0156862eea8cf2782e5161266b

Download Submit
memory/1664-3999-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1664-13-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1900-146-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1900-39-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1900-4003-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2076-111-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2076-9-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2076-115-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-761-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-0-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-1074-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2076-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2076-874-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2076-117-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2076-24-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2076-88-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-36-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2076-41-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-61-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2076-69-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-358-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2076-598-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2076-46-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2076-1072-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-98-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2152-114-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2152-4011-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2288-480-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2288-4005-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2288-48-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2592-110-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-4010-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-116-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2644-4000-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2644-15-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2700-4002-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2700-145-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2700-33-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2724-4008-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2724-91-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2732-4009-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-81-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-4006-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-79-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-42-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-4004-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-4001-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2896-30-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2916-4007-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2916-64-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download