cobaltstrike | 3023e62b82d411945c0e52047cb97bb1f63a604c69e4f2e38f59ce9cae382e21

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

38798184d2eac894d9e96725c39d309a
SHA1

021a5b8a05c5027eca97103b3047ff9977da1f7e
SHA256

3023e62b82d411945c0e52047cb97bb1f63a604c69e4f2e38f59ce9cae382e21
SHA512

1271f52628d24ecc3b9d3c8cb0badd6f78daa9a82b8687f9335a4aacf99d4c75d9b26ba55a2464e8d3181eba558effc0c38330fe30f0c4a296fc76eef6d86a1a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUw:T+q56utgpPF8u/7w

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012272-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000160da-13.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016141-21.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015fa6-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016399-36.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df8-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-195.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-190.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-180.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-175.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-170.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-165.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-135.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-130.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-125.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-120.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017570-115.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174f8-110.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707f-94.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174b4-101.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f02-84.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edc-77.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df5-63.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001660e-47.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016de9-56.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000162e4-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/604-0-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/files/0x000d000000012272-3.dat	xmrig
behavioral1/memory/2132-7-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x00070000000160da-13.dat	xmrig
behavioral1/files/0x0007000000016141-21.dat	xmrig
behavioral1/memory/3052-28-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/1816-29-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2072-20-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/files/0x0008000000015fa6-12.dat	xmrig
behavioral1/files/0x0007000000016399-36.dat	xmrig
behavioral1/memory/2008-49-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2660-57-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/files/0x0006000000016df8-67.dat	xmrig
behavioral1/memory/2552-72-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2796-71-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/3036-86-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2008-85-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x0005000000019203-185.dat	xmrig
behavioral1/memory/2552-232-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/592-394-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/1988-923-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/1460-772-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/3036-577-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x000500000001924f-195.dat	xmrig
behavioral1/files/0x0005000000019237-190.dat	xmrig
behavioral1/files/0x0006000000019056-180.dat	xmrig
behavioral1/files/0x0006000000018fdf-175.dat	xmrig
behavioral1/files/0x0006000000018d83-170.dat	xmrig
behavioral1/files/0x0006000000018d7b-165.dat	xmrig
behavioral1/files/0x0006000000018be7-160.dat	xmrig
behavioral1/files/0x0005000000018745-155.dat	xmrig
behavioral1/files/0x000500000001871c-150.dat	xmrig
behavioral1/files/0x000500000001870c-145.dat	xmrig
behavioral1/files/0x0005000000018706-140.dat	xmrig
behavioral1/files/0x0005000000018697-135.dat	xmrig
behavioral1/files/0x000d000000018683-130.dat	xmrig
behavioral1/files/0x00060000000175f7-125.dat	xmrig
behavioral1/files/0x00060000000175f1-120.dat	xmrig
behavioral1/files/0x0006000000017570-115.dat	xmrig
behavioral1/files/0x00060000000174f8-110.dat	xmrig
behavioral1/memory/1460-96-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2660-95-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/files/0x000600000001707f-94.dat	xmrig
behavioral1/memory/1988-103-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2828-102-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x00060000000174b4-101.dat	xmrig
behavioral1/memory/604-91-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/604-90-0x0000000002410000-0x0000000002764000-memory.dmp	xmrig
behavioral1/files/0x0006000000016f02-84.dat	xmrig
behavioral1/memory/592-79-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2716-78-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/files/0x0006000000016edc-77.dat	xmrig
behavioral1/memory/2828-64-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x0006000000016df5-63.dat	xmrig
behavioral1/memory/2132-48-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x000900000001660e-47.dat	xmrig
behavioral1/files/0x0008000000016de9-56.dat	xmrig
behavioral1/memory/604-55-0x0000000002410000-0x0000000002764000-memory.dmp	xmrig
behavioral1/memory/2072-54-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2796-35-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x00070000000162e4-34.dat	xmrig
behavioral1/memory/604-31-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/604-37-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/3052-3534-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2132	lNRHahB.exe
2072	uWZbrTI.exe
3052	ZRwHPBc.exe
1816	vXrjkEg.exe
2796	sdKwuEf.exe
2716	hgkOgBc.exe
2008	dedNgLn.exe
2660	woJkhVy.exe
2828	tzmYHmf.exe
2552	bfPJfXf.exe
592	loNqokt.exe
3036	HLzqBEb.exe
1460	vSOcpoS.exe
1988	RkmHJfO.exe
2540	OBWUuLl.exe
580	BoiJAFp.exe
1280	czyWAKr.exe
2900	QpXVPgo.exe
280	KKcDLru.exe
1620	PMygqmm.exe
3020	gAJEVWG.exe
2908	EzLJCiv.exe
2140	hzyLgtQ.exe
1328	BsYCXIi.exe
3064	pFfmcmK.exe
960	ABIuiRq.exe
1716	VCzeZmZ.exe
768	pvzplYS.exe
976	pTrTUzy.exe
1792	sfFvjYR.exe
2756	fjxCKmG.exe
1696	kzhjrSz.exe
2040	vTDnEOx.exe
1524	ouEaIkb.exe
1780	vARmtQf.exe
1340	vFYRXqZ.exe
1648	vDJstBL.exe
2300	gbipmRC.exe
2396	xzYPYDQ.exe
1740	KqBTMOI.exe
348	iHWOegY.exe
1828	udPDAbX.exe
2432	CbOfhQR.exe
1012	tmwCmfK.exe
1628	jgvzAZk.exe
1748	OTuNvDY.exe
2972	jihXZzI.exe
1956	iqKPybM.exe
1584	ZjmvIYC.exe
1588	MuKKFtL.exe
1704	dBtqVkr.exe
2712	ckhRCuf.exe
2696	EdDoZgu.exe
2844	dpnOeAQ.exe
620	RmraMJw.exe
2636	JXbndFZ.exe
2556	TksmvuF.exe
1760	PJhGHRu.exe
1720	AsZLfCI.exe
1052	RqQoImP.exe
1656	yOfpgAB.exe
3016	hcnKorf.exe
1916	LpqKADF.exe
2224	mkQVeOO.exe

Loads dropped DLL 64 IoCs

pid	Process
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/604-0-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/files/0x000d000000012272-3.dat	upx
behavioral1/memory/2132-7-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x00070000000160da-13.dat	upx
behavioral1/files/0x0007000000016141-21.dat	upx
behavioral1/memory/3052-28-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/1816-29-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2072-20-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x0008000000015fa6-12.dat	upx
behavioral1/files/0x0007000000016399-36.dat	upx
behavioral1/memory/2008-49-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2660-57-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/files/0x0006000000016df8-67.dat	upx
behavioral1/memory/2552-72-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2796-71-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/3036-86-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2008-85-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x0005000000019203-185.dat	upx
behavioral1/memory/2552-232-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/592-394-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/1988-923-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/1460-772-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/3036-577-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x000500000001924f-195.dat	upx
behavioral1/files/0x0005000000019237-190.dat	upx
behavioral1/files/0x0006000000019056-180.dat	upx
behavioral1/files/0x0006000000018fdf-175.dat	upx
behavioral1/files/0x0006000000018d83-170.dat	upx
behavioral1/files/0x0006000000018d7b-165.dat	upx
behavioral1/files/0x0006000000018be7-160.dat	upx
behavioral1/files/0x0005000000018745-155.dat	upx
behavioral1/files/0x000500000001871c-150.dat	upx
behavioral1/files/0x000500000001870c-145.dat	upx
behavioral1/files/0x0005000000018706-140.dat	upx
behavioral1/files/0x0005000000018697-135.dat	upx
behavioral1/files/0x000d000000018683-130.dat	upx
behavioral1/files/0x00060000000175f7-125.dat	upx
behavioral1/files/0x00060000000175f1-120.dat	upx
behavioral1/files/0x0006000000017570-115.dat	upx
behavioral1/files/0x00060000000174f8-110.dat	upx
behavioral1/memory/1460-96-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2660-95-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/files/0x000600000001707f-94.dat	upx
behavioral1/memory/1988-103-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2828-102-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x00060000000174b4-101.dat	upx
behavioral1/files/0x0006000000016f02-84.dat	upx
behavioral1/memory/592-79-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2716-78-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x0006000000016edc-77.dat	upx
behavioral1/memory/2828-64-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x0006000000016df5-63.dat	upx
behavioral1/memory/2132-48-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x000900000001660e-47.dat	upx
behavioral1/files/0x0008000000016de9-56.dat	upx
behavioral1/memory/2072-54-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2796-35-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x00070000000162e4-34.dat	upx
behavioral1/memory/604-37-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/3052-3534-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2072-3537-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2132-3536-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/1816-3539-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2716-3552-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\UCrZYht.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CZdhUjB.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RlGOdLx.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IEKqNpk.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DglhGMq.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgHhEUA.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WEtzdsz.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yJWQEgq.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HoKdSeO.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lBJRzmT.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ePnybMM.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cKPpuJV.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdtuDDn.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qKbSxTt.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yuScgnM.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BeKMgJs.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bPVlKgn.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZWAdbKU.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eSsFeiH.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LxCYyOw.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LuHsEYl.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PmaCjSh.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XwYNpER.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mVWyjnv.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rYTKwAr.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCZLrCu.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UpObNzS.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YlboNwq.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgHkhQC.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vibivIc.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xoGJzhG.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IvfEugw.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cywKKfe.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\drSdhgF.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\smgRubQ.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FCAHtlu.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zTrZVjU.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oOCkmWd.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eeFcezO.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mwGLPBE.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFjBlLt.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VUhsYeY.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cEICIrI.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kNPqAZN.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OqhAgaA.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MunyHkz.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hwBTzkk.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FIWkWrm.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qqwiydv.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XzDrdUU.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zNxLIGA.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xlFtvMf.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PksHlKo.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZNqfgqK.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EkZcuQe.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rmxYcqA.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dkVRMzF.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fPATnDJ.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SWXfwbk.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BsYCXIi.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LwyAMVb.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Pvjspam.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hghTLTx.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vTKglYD.exe	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 604 wrote to memory of 2132	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 604 wrote to memory of 2132	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 604 wrote to memory of 2132	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 604 wrote to memory of 2072	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 604 wrote to memory of 2072	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 604 wrote to memory of 2072	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 604 wrote to memory of 1816	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 604 wrote to memory of 1816	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 604 wrote to memory of 1816	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 604 wrote to memory of 3052	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 604 wrote to memory of 3052	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 604 wrote to memory of 3052	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 604 wrote to memory of 2796	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 604 wrote to memory of 2796	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 604 wrote to memory of 2796	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 604 wrote to memory of 2716	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 604 wrote to memory of 2716	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 604 wrote to memory of 2716	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 604 wrote to memory of 2008	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 604 wrote to memory of 2008	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 604 wrote to memory of 2008	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 604 wrote to memory of 2660	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 604 wrote to memory of 2660	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 604 wrote to memory of 2660	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 604 wrote to memory of 2828	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 604 wrote to memory of 2828	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 604 wrote to memory of 2828	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 604 wrote to memory of 2552	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 604 wrote to memory of 2552	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 604 wrote to memory of 2552	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 604 wrote to memory of 592	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 604 wrote to memory of 592	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 604 wrote to memory of 592	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 604 wrote to memory of 3036	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 604 wrote to memory of 3036	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 604 wrote to memory of 3036	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 604 wrote to memory of 1460	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 604 wrote to memory of 1460	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 604 wrote to memory of 1460	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 604 wrote to memory of 1988	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 604 wrote to memory of 1988	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 604 wrote to memory of 1988	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 604 wrote to memory of 2540	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 604 wrote to memory of 2540	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 604 wrote to memory of 2540	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 604 wrote to memory of 580	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 604 wrote to memory of 580	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 604 wrote to memory of 580	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 604 wrote to memory of 1280	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 604 wrote to memory of 1280	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 604 wrote to memory of 1280	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 604 wrote to memory of 2900	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 604 wrote to memory of 2900	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 604 wrote to memory of 2900	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 604 wrote to memory of 280	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 604 wrote to memory of 280	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 604 wrote to memory of 280	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 604 wrote to memory of 1620	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 604 wrote to memory of 1620	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 604 wrote to memory of 1620	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 604 wrote to memory of 3020	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 604 wrote to memory of 3020	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 604 wrote to memory of 3020	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 604 wrote to memory of 2908	604	2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_38798184d2eac894d9e96725c39d309a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:604
- C:\Windows\System\lNRHahB.exe
  C:\Windows\System\lNRHahB.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\uWZbrTI.exe
  C:\Windows\System\uWZbrTI.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\vXrjkEg.exe
  C:\Windows\System\vXrjkEg.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\ZRwHPBc.exe
  C:\Windows\System\ZRwHPBc.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\sdKwuEf.exe
  C:\Windows\System\sdKwuEf.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\hgkOgBc.exe
  C:\Windows\System\hgkOgBc.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\dedNgLn.exe
  C:\Windows\System\dedNgLn.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\woJkhVy.exe
  C:\Windows\System\woJkhVy.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\tzmYHmf.exe
  C:\Windows\System\tzmYHmf.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\bfPJfXf.exe
  C:\Windows\System\bfPJfXf.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\loNqokt.exe
  C:\Windows\System\loNqokt.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\HLzqBEb.exe
  C:\Windows\System\HLzqBEb.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\vSOcpoS.exe
  C:\Windows\System\vSOcpoS.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\RkmHJfO.exe
  C:\Windows\System\RkmHJfO.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\OBWUuLl.exe
  C:\Windows\System\OBWUuLl.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\BoiJAFp.exe
  C:\Windows\System\BoiJAFp.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\czyWAKr.exe
  C:\Windows\System\czyWAKr.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\QpXVPgo.exe
  C:\Windows\System\QpXVPgo.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\KKcDLru.exe
  C:\Windows\System\KKcDLru.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\PMygqmm.exe
  C:\Windows\System\PMygqmm.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\gAJEVWG.exe
  C:\Windows\System\gAJEVWG.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\EzLJCiv.exe
  C:\Windows\System\EzLJCiv.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\hzyLgtQ.exe
  C:\Windows\System\hzyLgtQ.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\BsYCXIi.exe
  C:\Windows\System\BsYCXIi.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\pFfmcmK.exe
  C:\Windows\System\pFfmcmK.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\ABIuiRq.exe
  C:\Windows\System\ABIuiRq.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\VCzeZmZ.exe
  C:\Windows\System\VCzeZmZ.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\pvzplYS.exe
  C:\Windows\System\pvzplYS.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\pTrTUzy.exe
  C:\Windows\System\pTrTUzy.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\sfFvjYR.exe
  C:\Windows\System\sfFvjYR.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\fjxCKmG.exe
  C:\Windows\System\fjxCKmG.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\kzhjrSz.exe
  C:\Windows\System\kzhjrSz.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\vTDnEOx.exe
  C:\Windows\System\vTDnEOx.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\ouEaIkb.exe
  C:\Windows\System\ouEaIkb.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\vARmtQf.exe
  C:\Windows\System\vARmtQf.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\vFYRXqZ.exe
  C:\Windows\System\vFYRXqZ.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\vDJstBL.exe
  C:\Windows\System\vDJstBL.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\gbipmRC.exe
  C:\Windows\System\gbipmRC.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\xzYPYDQ.exe
  C:\Windows\System\xzYPYDQ.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\KqBTMOI.exe
  C:\Windows\System\KqBTMOI.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\iHWOegY.exe
  C:\Windows\System\iHWOegY.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\udPDAbX.exe
  C:\Windows\System\udPDAbX.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\CbOfhQR.exe
  C:\Windows\System\CbOfhQR.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\tmwCmfK.exe
  C:\Windows\System\tmwCmfK.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\jgvzAZk.exe
  C:\Windows\System\jgvzAZk.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\OTuNvDY.exe
  C:\Windows\System\OTuNvDY.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\jihXZzI.exe
  C:\Windows\System\jihXZzI.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\iqKPybM.exe
  C:\Windows\System\iqKPybM.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\ZjmvIYC.exe
  C:\Windows\System\ZjmvIYC.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\MuKKFtL.exe
  C:\Windows\System\MuKKFtL.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\dBtqVkr.exe
  C:\Windows\System\dBtqVkr.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\ckhRCuf.exe
  C:\Windows\System\ckhRCuf.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\EdDoZgu.exe
  C:\Windows\System\EdDoZgu.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\dpnOeAQ.exe
  C:\Windows\System\dpnOeAQ.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\RmraMJw.exe
  C:\Windows\System\RmraMJw.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\JXbndFZ.exe
  C:\Windows\System\JXbndFZ.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\TksmvuF.exe
  C:\Windows\System\TksmvuF.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\PJhGHRu.exe
  C:\Windows\System\PJhGHRu.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\AsZLfCI.exe
  C:\Windows\System\AsZLfCI.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\RqQoImP.exe
  C:\Windows\System\RqQoImP.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\yOfpgAB.exe
  C:\Windows\System\yOfpgAB.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\hcnKorf.exe
  C:\Windows\System\hcnKorf.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\LpqKADF.exe
  C:\Windows\System\LpqKADF.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\mkQVeOO.exe
  C:\Windows\System\mkQVeOO.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\oIqzYzt.exe
  C:\Windows\System\oIqzYzt.exe
  2⤵
  PID:2076
- C:\Windows\System\kjLbEix.exe
  C:\Windows\System\kjLbEix.exe
  2⤵
  PID:2376
- C:\Windows\System\ZFSXFpt.exe
  C:\Windows\System\ZFSXFpt.exe
  2⤵
  PID:1624
- C:\Windows\System\nAVptjt.exe
  C:\Windows\System\nAVptjt.exe
  2⤵
  PID:1708
- C:\Windows\System\iRGRXVp.exe
  C:\Windows\System\iRGRXVp.exe
  2⤵
  PID:924
- C:\Windows\System\NOdApGf.exe
  C:\Windows\System\NOdApGf.exe
  2⤵
  PID:848
- C:\Windows\System\eMnNlqX.exe
  C:\Windows\System\eMnNlqX.exe
  2⤵
  PID:1600
- C:\Windows\System\zSLtSeG.exe
  C:\Windows\System\zSLtSeG.exe
  2⤵
  PID:1724
- C:\Windows\System\HfMiszl.exe
  C:\Windows\System\HfMiszl.exe
  2⤵
  PID:2504
- C:\Windows\System\YTbLadv.exe
  C:\Windows\System\YTbLadv.exe
  2⤵
  PID:1860
- C:\Windows\System\IuBpuUl.exe
  C:\Windows\System\IuBpuUl.exe
  2⤵
  PID:2944
- C:\Windows\System\UTVrECY.exe
  C:\Windows\System\UTVrECY.exe
  2⤵
  PID:2524
- C:\Windows\System\juncDrN.exe
  C:\Windows\System\juncDrN.exe
  2⤵
  PID:2092
- C:\Windows\System\fmHxYPu.exe
  C:\Windows\System\fmHxYPu.exe
  2⤵
  PID:2316
- C:\Windows\System\hqbEUUl.exe
  C:\Windows\System\hqbEUUl.exe
  2⤵
  PID:1560
- C:\Windows\System\FVbcRDW.exe
  C:\Windows\System\FVbcRDW.exe
  2⤵
  PID:316
- C:\Windows\System\DOZYYkf.exe
  C:\Windows\System\DOZYYkf.exe
  2⤵
  PID:2852
- C:\Windows\System\QKKTFqL.exe
  C:\Windows\System\QKKTFqL.exe
  2⤵
  PID:2688
- C:\Windows\System\YbFvmQd.exe
  C:\Windows\System\YbFvmQd.exe
  2⤵
  PID:2824
- C:\Windows\System\vFfSgzx.exe
  C:\Windows\System\vFfSgzx.exe
  2⤵
  PID:1936
- C:\Windows\System\rMhCasx.exe
  C:\Windows\System\rMhCasx.exe
  2⤵
  PID:320
- C:\Windows\System\vNqNyMK.exe
  C:\Windows\System\vNqNyMK.exe
  2⤵
  PID:1048
- C:\Windows\System\AXbKNSN.exe
  C:\Windows\System\AXbKNSN.exe
  2⤵
  PID:1116
- C:\Windows\System\zzeVyLW.exe
  C:\Windows\System\zzeVyLW.exe
  2⤵
  PID:2200
- C:\Windows\System\QGYCnNy.exe
  C:\Windows\System\QGYCnNy.exe
  2⤵
  PID:2880
- C:\Windows\System\LLZjepi.exe
  C:\Windows\System\LLZjepi.exe
  2⤵
  PID:1736
- C:\Windows\System\MPIJhAp.exe
  C:\Windows\System\MPIJhAp.exe
  2⤵
  PID:648
- C:\Windows\System\gOklsxR.exe
  C:\Windows\System\gOklsxR.exe
  2⤵
  PID:2624
- C:\Windows\System\DktFzIE.exe
  C:\Windows\System\DktFzIE.exe
  2⤵
  PID:1776
- C:\Windows\System\TftFpSD.exe
  C:\Windows\System\TftFpSD.exe
  2⤵
  PID:1712
- C:\Windows\System\aFgXPAi.exe
  C:\Windows\System\aFgXPAi.exe
  2⤵
  PID:1592
- C:\Windows\System\tMmbfVO.exe
  C:\Windows\System\tMmbfVO.exe
  2⤵
  PID:2208
- C:\Windows\System\nYeopkd.exe
  C:\Windows\System\nYeopkd.exe
  2⤵
  PID:2124
- C:\Windows\System\cTxhwFo.exe
  C:\Windows\System\cTxhwFo.exe
  2⤵
  PID:2360
- C:\Windows\System\zqWFhzZ.exe
  C:\Windows\System\zqWFhzZ.exe
  2⤵
  PID:2816
- C:\Windows\System\TCHNzLk.exe
  C:\Windows\System\TCHNzLk.exe
  2⤵
  PID:2004
- C:\Windows\System\eGaylxL.exe
  C:\Windows\System\eGaylxL.exe
  2⤵
  PID:1152
- C:\Windows\System\doddKrE.exe
  C:\Windows\System\doddKrE.exe
  2⤵
  PID:1808
- C:\Windows\System\qHzaiFA.exe
  C:\Windows\System\qHzaiFA.exe
  2⤵
  PID:2256
- C:\Windows\System\YsqCRYZ.exe
  C:\Windows\System\YsqCRYZ.exe
  2⤵
  PID:2668
- C:\Windows\System\YrArzPb.exe
  C:\Windows\System\YrArzPb.exe
  2⤵
  PID:1088
- C:\Windows\System\XfkBUkh.exe
  C:\Windows\System\XfkBUkh.exe
  2⤵
  PID:1520
- C:\Windows\System\jpuIBwD.exe
  C:\Windows\System\jpuIBwD.exe
  2⤵
  PID:2344
- C:\Windows\System\iglPTcd.exe
  C:\Windows\System\iglPTcd.exe
  2⤵
  PID:1112
- C:\Windows\System\ZcnqaaD.exe
  C:\Windows\System\ZcnqaaD.exe
  2⤵
  PID:2940
- C:\Windows\System\gKewjZB.exe
  C:\Windows\System\gKewjZB.exe
  2⤵
  PID:684
- C:\Windows\System\szMoSbv.exe
  C:\Windows\System\szMoSbv.exe
  2⤵
  PID:3076
- C:\Windows\System\vhQeJoT.exe
  C:\Windows\System\vhQeJoT.exe
  2⤵
  PID:3100
- C:\Windows\System\RunTrnu.exe
  C:\Windows\System\RunTrnu.exe
  2⤵
  PID:3120
- C:\Windows\System\yQITmUH.exe
  C:\Windows\System\yQITmUH.exe
  2⤵
  PID:3140
- C:\Windows\System\irxFYqK.exe
  C:\Windows\System\irxFYqK.exe
  2⤵
  PID:3160
- C:\Windows\System\aYEVGCl.exe
  C:\Windows\System\aYEVGCl.exe
  2⤵
  PID:3180
- C:\Windows\System\IMUHgdT.exe
  C:\Windows\System\IMUHgdT.exe
  2⤵
  PID:3200
- C:\Windows\System\KXQncLy.exe
  C:\Windows\System\KXQncLy.exe
  2⤵
  PID:3220
- C:\Windows\System\KgIwxVi.exe
  C:\Windows\System\KgIwxVi.exe
  2⤵
  PID:3240
- C:\Windows\System\KrAxXhM.exe
  C:\Windows\System\KrAxXhM.exe
  2⤵
  PID:3260
- C:\Windows\System\eehyMDt.exe
  C:\Windows\System\eehyMDt.exe
  2⤵
  PID:3280
- C:\Windows\System\sZQcFoj.exe
  C:\Windows\System\sZQcFoj.exe
  2⤵
  PID:3300
- C:\Windows\System\bYbGhga.exe
  C:\Windows\System\bYbGhga.exe
  2⤵
  PID:3320
- C:\Windows\System\DWhoTED.exe
  C:\Windows\System\DWhoTED.exe
  2⤵
  PID:3336
- C:\Windows\System\fEEprSz.exe
  C:\Windows\System\fEEprSz.exe
  2⤵
  PID:3360
- C:\Windows\System\kRXnLgy.exe
  C:\Windows\System\kRXnLgy.exe
  2⤵
  PID:3380
- C:\Windows\System\QerBvZA.exe
  C:\Windows\System\QerBvZA.exe
  2⤵
  PID:3400
- C:\Windows\System\knadQcT.exe
  C:\Windows\System\knadQcT.exe
  2⤵
  PID:3416
- C:\Windows\System\VVbiDNT.exe
  C:\Windows\System\VVbiDNT.exe
  2⤵
  PID:3440
- C:\Windows\System\OEboIZV.exe
  C:\Windows\System\OEboIZV.exe
  2⤵
  PID:3460
- C:\Windows\System\LwyAMVb.exe
  C:\Windows\System\LwyAMVb.exe
  2⤵
  PID:3480
- C:\Windows\System\loqbnQf.exe
  C:\Windows\System\loqbnQf.exe
  2⤵
  PID:3500
- C:\Windows\System\NONngpy.exe
  C:\Windows\System\NONngpy.exe
  2⤵
  PID:3520
- C:\Windows\System\AnaqgkM.exe
  C:\Windows\System\AnaqgkM.exe
  2⤵
  PID:3540
- C:\Windows\System\LsusPOd.exe
  C:\Windows\System\LsusPOd.exe
  2⤵
  PID:3560
- C:\Windows\System\QdjfvKf.exe
  C:\Windows\System\QdjfvKf.exe
  2⤵
  PID:3576
- C:\Windows\System\hxWrFIp.exe
  C:\Windows\System\hxWrFIp.exe
  2⤵
  PID:3600
- C:\Windows\System\xgJSYRu.exe
  C:\Windows\System\xgJSYRu.exe
  2⤵
  PID:3620
- C:\Windows\System\FyCafPy.exe
  C:\Windows\System\FyCafPy.exe
  2⤵
  PID:3640
- C:\Windows\System\xbWwZcw.exe
  C:\Windows\System\xbWwZcw.exe
  2⤵
  PID:3656
- C:\Windows\System\UTypRVY.exe
  C:\Windows\System\UTypRVY.exe
  2⤵
  PID:3680
- C:\Windows\System\BncsMjM.exe
  C:\Windows\System\BncsMjM.exe
  2⤵
  PID:3700
- C:\Windows\System\TSkHTZb.exe
  C:\Windows\System\TSkHTZb.exe
  2⤵
  PID:3720
- C:\Windows\System\fGOjeov.exe
  C:\Windows\System\fGOjeov.exe
  2⤵
  PID:3740
- C:\Windows\System\cYIxlcG.exe
  C:\Windows\System\cYIxlcG.exe
  2⤵
  PID:3760
- C:\Windows\System\ZZjqdaX.exe
  C:\Windows\System\ZZjqdaX.exe
  2⤵
  PID:3776
- C:\Windows\System\PhTBQPE.exe
  C:\Windows\System\PhTBQPE.exe
  2⤵
  PID:3800
- C:\Windows\System\mZZDzkW.exe
  C:\Windows\System\mZZDzkW.exe
  2⤵
  PID:3820
- C:\Windows\System\YxbOzMt.exe
  C:\Windows\System\YxbOzMt.exe
  2⤵
  PID:3840
- C:\Windows\System\aTCJnjY.exe
  C:\Windows\System\aTCJnjY.exe
  2⤵
  PID:3860
- C:\Windows\System\JJskCgI.exe
  C:\Windows\System\JJskCgI.exe
  2⤵
  PID:3880
- C:\Windows\System\OrKOHwd.exe
  C:\Windows\System\OrKOHwd.exe
  2⤵
  PID:3896
- C:\Windows\System\aKpGIhj.exe
  C:\Windows\System\aKpGIhj.exe
  2⤵
  PID:3920
- C:\Windows\System\seFVaXW.exe
  C:\Windows\System\seFVaXW.exe
  2⤵
  PID:3940
- C:\Windows\System\pZvedRm.exe
  C:\Windows\System\pZvedRm.exe
  2⤵
  PID:3960
- C:\Windows\System\FLQldJu.exe
  C:\Windows\System\FLQldJu.exe
  2⤵
  PID:3980
- C:\Windows\System\iKZdBrL.exe
  C:\Windows\System\iKZdBrL.exe
  2⤵
  PID:4000
- C:\Windows\System\eRdqNgb.exe
  C:\Windows\System\eRdqNgb.exe
  2⤵
  PID:4020
- C:\Windows\System\EGXYISd.exe
  C:\Windows\System\EGXYISd.exe
  2⤵
  PID:4044
- C:\Windows\System\oGtwHfl.exe
  C:\Windows\System\oGtwHfl.exe
  2⤵
  PID:4064
- C:\Windows\System\ypNByei.exe
  C:\Windows\System\ypNByei.exe
  2⤵
  PID:4084
- C:\Windows\System\StohPtM.exe
  C:\Windows\System\StohPtM.exe
  2⤵
  PID:3012
- C:\Windows\System\ktZBAzP.exe
  C:\Windows\System\ktZBAzP.exe
  2⤵
  PID:2180
- C:\Windows\System\iOSdxRJ.exe
  C:\Windows\System\iOSdxRJ.exe
  2⤵
  PID:1492
- C:\Windows\System\JNuVLQq.exe
  C:\Windows\System\JNuVLQq.exe
  2⤵
  PID:2480
- C:\Windows\System\CgQsDRc.exe
  C:\Windows\System\CgQsDRc.exe
  2⤵
  PID:2572
- C:\Windows\System\Olpexfj.exe
  C:\Windows\System\Olpexfj.exe
  2⤵
  PID:2768
- C:\Windows\System\kHxIahN.exe
  C:\Windows\System\kHxIahN.exe
  2⤵
  PID:3116
- C:\Windows\System\JnecuHA.exe
  C:\Windows\System\JnecuHA.exe
  2⤵
  PID:3136
- C:\Windows\System\SOzRQHv.exe
  C:\Windows\System\SOzRQHv.exe
  2⤵
  PID:3196
- C:\Windows\System\InBmoam.exe
  C:\Windows\System\InBmoam.exe
  2⤵
  PID:3236
- C:\Windows\System\ygDEgZS.exe
  C:\Windows\System\ygDEgZS.exe
  2⤵
  PID:3268
- C:\Windows\System\kVhBnpy.exe
  C:\Windows\System\kVhBnpy.exe
  2⤵
  PID:3256
- C:\Windows\System\NgUCcTQ.exe
  C:\Windows\System\NgUCcTQ.exe
  2⤵
  PID:3296
- C:\Windows\System\QenlQwQ.exe
  C:\Windows\System\QenlQwQ.exe
  2⤵
  PID:3356
- C:\Windows\System\NRcrvAW.exe
  C:\Windows\System\NRcrvAW.exe
  2⤵
  PID:3376
- C:\Windows\System\gbUSyXg.exe
  C:\Windows\System\gbUSyXg.exe
  2⤵
  PID:3424
- C:\Windows\System\GLDFGye.exe
  C:\Windows\System\GLDFGye.exe
  2⤵
  PID:3448
- C:\Windows\System\jlDqivx.exe
  C:\Windows\System\jlDqivx.exe
  2⤵
  PID:3472
- C:\Windows\System\DrYYjzg.exe
  C:\Windows\System\DrYYjzg.exe
  2⤵
  PID:3496
- C:\Windows\System\djzQLFt.exe
  C:\Windows\System\djzQLFt.exe
  2⤵
  PID:3556
- C:\Windows\System\qMeRIOn.exe
  C:\Windows\System\qMeRIOn.exe
  2⤵
  PID:3584
- C:\Windows\System\PLKCjhX.exe
  C:\Windows\System\PLKCjhX.exe
  2⤵
  PID:3628
- C:\Windows\System\nnUEbQw.exe
  C:\Windows\System\nnUEbQw.exe
  2⤵
  PID:3664
- C:\Windows\System\IEKqNpk.exe
  C:\Windows\System\IEKqNpk.exe
  2⤵
  PID:3668
- C:\Windows\System\NCxLimV.exe
  C:\Windows\System\NCxLimV.exe
  2⤵
  PID:3712
- C:\Windows\System\sMkfldF.exe
  C:\Windows\System\sMkfldF.exe
  2⤵
  PID:3728
- C:\Windows\System\kIqbUfW.exe
  C:\Windows\System\kIqbUfW.exe
  2⤵
  PID:3768
- C:\Windows\System\UWvHtfW.exe
  C:\Windows\System\UWvHtfW.exe
  2⤵
  PID:3828
- C:\Windows\System\FpzYbgf.exe
  C:\Windows\System\FpzYbgf.exe
  2⤵
  PID:3868
- C:\Windows\System\HJIoDjV.exe
  C:\Windows\System\HJIoDjV.exe
  2⤵
  PID:3888
- C:\Windows\System\rXKLydc.exe
  C:\Windows\System\rXKLydc.exe
  2⤵
  PID:3892
- C:\Windows\System\GYwBiAU.exe
  C:\Windows\System\GYwBiAU.exe
  2⤵
  PID:3936
- C:\Windows\System\SCZLrCu.exe
  C:\Windows\System\SCZLrCu.exe
  2⤵
  PID:3976
- C:\Windows\System\nvsEDTR.exe
  C:\Windows\System\nvsEDTR.exe
  2⤵
  PID:4028
- C:\Windows\System\FgcYzjH.exe
  C:\Windows\System\FgcYzjH.exe
  2⤵
  PID:4052
- C:\Windows\System\CjiTQzz.exe
  C:\Windows\System\CjiTQzz.exe
  2⤵
  PID:4092
- C:\Windows\System\OeIvDjg.exe
  C:\Windows\System\OeIvDjg.exe
  2⤵
  PID:2044
- C:\Windows\System\XMIDWeg.exe
  C:\Windows\System\XMIDWeg.exe
  2⤵
  PID:2244
- C:\Windows\System\acxXqov.exe
  C:\Windows\System\acxXqov.exe
  2⤵
  PID:3088
- C:\Windows\System\dignQyA.exe
  C:\Windows\System\dignQyA.exe
  2⤵
  PID:3156
- C:\Windows\System\UpObNzS.exe
  C:\Windows\System\UpObNzS.exe
  2⤵
  PID:3172
- C:\Windows\System\UKChocv.exe
  C:\Windows\System\UKChocv.exe
  2⤵
  PID:3188
- C:\Windows\System\tkscHQK.exe
  C:\Windows\System\tkscHQK.exe
  2⤵
  PID:3216
- C:\Windows\System\NEQLdNf.exe
  C:\Windows\System\NEQLdNf.exe
  2⤵
  PID:3308
- C:\Windows\System\FmFCKgB.exe
  C:\Windows\System\FmFCKgB.exe
  2⤵
  PID:3408
- C:\Windows\System\JwFOPGq.exe
  C:\Windows\System\JwFOPGq.exe
  2⤵
  PID:3452
- C:\Windows\System\lsDxhfQ.exe
  C:\Windows\System\lsDxhfQ.exe
  2⤵
  PID:3508
- C:\Windows\System\RIPSTEP.exe
  C:\Windows\System\RIPSTEP.exe
  2⤵
  PID:3516
- C:\Windows\System\DgVslEm.exe
  C:\Windows\System\DgVslEm.exe
  2⤵
  PID:3588
- C:\Windows\System\DwEhiRH.exe
  C:\Windows\System\DwEhiRH.exe
  2⤵
  PID:3612
- C:\Windows\System\xLKwbtV.exe
  C:\Windows\System\xLKwbtV.exe
  2⤵
  PID:3756
- C:\Windows\System\RGcATfU.exe
  C:\Windows\System\RGcATfU.exe
  2⤵
  PID:3736
- C:\Windows\System\AXhgIDs.exe
  C:\Windows\System\AXhgIDs.exe
  2⤵
  PID:3812
- C:\Windows\System\BCiqRfW.exe
  C:\Windows\System\BCiqRfW.exe
  2⤵
  PID:3832
- C:\Windows\System\ivtIUQQ.exe
  C:\Windows\System\ivtIUQQ.exe
  2⤵
  PID:3912
- C:\Windows\System\HYOiWJb.exe
  C:\Windows\System\HYOiWJb.exe
  2⤵
  PID:3996
- C:\Windows\System\uxDqhtS.exe
  C:\Windows\System\uxDqhtS.exe
  2⤵
  PID:4012
- C:\Windows\System\uzdgLJT.exe
  C:\Windows\System\uzdgLJT.exe
  2⤵
  PID:856
- C:\Windows\System\eilUizN.exe
  C:\Windows\System\eilUizN.exe
  2⤵
  PID:1240
- C:\Windows\System\GcniDdB.exe
  C:\Windows\System\GcniDdB.exe
  2⤵
  PID:2352
- C:\Windows\System\bLpTqEN.exe
  C:\Windows\System\bLpTqEN.exe
  2⤵
  PID:3092
- C:\Windows\System\ppOlXlJ.exe
  C:\Windows\System\ppOlXlJ.exe
  2⤵
  PID:3352
- C:\Windows\System\TMKzDro.exe
  C:\Windows\System\TMKzDro.exe
  2⤵
  PID:3368
- C:\Windows\System\VIgakph.exe
  C:\Windows\System\VIgakph.exe
  2⤵
  PID:3436
- C:\Windows\System\IfpiCHJ.exe
  C:\Windows\System\IfpiCHJ.exe
  2⤵
  PID:3412
- C:\Windows\System\nBrDKfB.exe
  C:\Windows\System\nBrDKfB.exe
  2⤵
  PID:2784
- C:\Windows\System\whOgHIV.exe
  C:\Windows\System\whOgHIV.exe
  2⤵
  PID:3792
- C:\Windows\System\WksyBmq.exe
  C:\Windows\System\WksyBmq.exe
  2⤵
  PID:3872
- C:\Windows\System\hvYLxoP.exe
  C:\Windows\System\hvYLxoP.exe
  2⤵
  PID:3836
- C:\Windows\System\xBcsFBY.exe
  C:\Windows\System\xBcsFBY.exe
  2⤵
  PID:3932
- C:\Windows\System\UbuWdxJ.exe
  C:\Windows\System\UbuWdxJ.exe
  2⤵
  PID:4060
- C:\Windows\System\tRssFfL.exe
  C:\Windows\System\tRssFfL.exe
  2⤵
  PID:3084
- C:\Windows\System\FFVbexB.exe
  C:\Windows\System\FFVbexB.exe
  2⤵
  PID:4100
- C:\Windows\System\LVOJiep.exe
  C:\Windows\System\LVOJiep.exe
  2⤵
  PID:4120
- C:\Windows\System\ejFUDao.exe
  C:\Windows\System\ejFUDao.exe
  2⤵
  PID:4140
- C:\Windows\System\gamjLPC.exe
  C:\Windows\System\gamjLPC.exe
  2⤵
  PID:4160
- C:\Windows\System\lJNwWby.exe
  C:\Windows\System\lJNwWby.exe
  2⤵
  PID:4180
- C:\Windows\System\HcyGzSC.exe
  C:\Windows\System\HcyGzSC.exe
  2⤵
  PID:4200
- C:\Windows\System\wNXZQnh.exe
  C:\Windows\System\wNXZQnh.exe
  2⤵
  PID:4220
- C:\Windows\System\mHdwjnb.exe
  C:\Windows\System\mHdwjnb.exe
  2⤵
  PID:4240
- C:\Windows\System\zepJFdG.exe
  C:\Windows\System\zepJFdG.exe
  2⤵
  PID:4260
- C:\Windows\System\GEDMLWR.exe
  C:\Windows\System\GEDMLWR.exe
  2⤵
  PID:4280
- C:\Windows\System\HkbfKJi.exe
  C:\Windows\System\HkbfKJi.exe
  2⤵
  PID:4300
- C:\Windows\System\gaVakDG.exe
  C:\Windows\System\gaVakDG.exe
  2⤵
  PID:4320
- C:\Windows\System\OTLiYWC.exe
  C:\Windows\System\OTLiYWC.exe
  2⤵
  PID:4340
- C:\Windows\System\vOIAGdF.exe
  C:\Windows\System\vOIAGdF.exe
  2⤵
  PID:4360
- C:\Windows\System\ufNxctf.exe
  C:\Windows\System\ufNxctf.exe
  2⤵
  PID:4380
- C:\Windows\System\AXfRwwR.exe
  C:\Windows\System\AXfRwwR.exe
  2⤵
  PID:4400
- C:\Windows\System\UnbYKXf.exe
  C:\Windows\System\UnbYKXf.exe
  2⤵
  PID:4420
- C:\Windows\System\aMOORAk.exe
  C:\Windows\System\aMOORAk.exe
  2⤵
  PID:4440
- C:\Windows\System\cxKrifC.exe
  C:\Windows\System\cxKrifC.exe
  2⤵
  PID:4460
- C:\Windows\System\PsEreCA.exe
  C:\Windows\System\PsEreCA.exe
  2⤵
  PID:4480
- C:\Windows\System\iTbNJOq.exe
  C:\Windows\System\iTbNJOq.exe
  2⤵
  PID:4500
- C:\Windows\System\eoefMyU.exe
  C:\Windows\System\eoefMyU.exe
  2⤵
  PID:4520
- C:\Windows\System\QQsniEh.exe
  C:\Windows\System\QQsniEh.exe
  2⤵
  PID:4544
- C:\Windows\System\KHursDC.exe
  C:\Windows\System\KHursDC.exe
  2⤵
  PID:4564
- C:\Windows\System\bMRjVVq.exe
  C:\Windows\System\bMRjVVq.exe
  2⤵
  PID:4584
- C:\Windows\System\MvRFRAU.exe
  C:\Windows\System\MvRFRAU.exe
  2⤵
  PID:4604
- C:\Windows\System\ROhFcuK.exe
  C:\Windows\System\ROhFcuK.exe
  2⤵
  PID:4624
- C:\Windows\System\HVdpsId.exe
  C:\Windows\System\HVdpsId.exe
  2⤵
  PID:4644
- C:\Windows\System\ncNUwSB.exe
  C:\Windows\System\ncNUwSB.exe
  2⤵
  PID:4664
- C:\Windows\System\SCTSrHG.exe
  C:\Windows\System\SCTSrHG.exe
  2⤵
  PID:4684
- C:\Windows\System\yANNdxg.exe
  C:\Windows\System\yANNdxg.exe
  2⤵
  PID:4704
- C:\Windows\System\BhuLoxg.exe
  C:\Windows\System\BhuLoxg.exe
  2⤵
  PID:4724
- C:\Windows\System\QqYdJYC.exe
  C:\Windows\System\QqYdJYC.exe
  2⤵
  PID:4744
- C:\Windows\System\DvIJDkA.exe
  C:\Windows\System\DvIJDkA.exe
  2⤵
  PID:4764
- C:\Windows\System\whukjoq.exe
  C:\Windows\System\whukjoq.exe
  2⤵
  PID:4784
- C:\Windows\System\YlboNwq.exe
  C:\Windows\System\YlboNwq.exe
  2⤵
  PID:4804
- C:\Windows\System\NhSvgSz.exe
  C:\Windows\System\NhSvgSz.exe
  2⤵
  PID:4824
- C:\Windows\System\JVyQxkA.exe
  C:\Windows\System\JVyQxkA.exe
  2⤵
  PID:4844
- C:\Windows\System\RXXwvFN.exe
  C:\Windows\System\RXXwvFN.exe
  2⤵
  PID:4864
- C:\Windows\System\tzWaaUq.exe
  C:\Windows\System\tzWaaUq.exe
  2⤵
  PID:4888
- C:\Windows\System\ivOfMZu.exe
  C:\Windows\System\ivOfMZu.exe
  2⤵
  PID:4908
- C:\Windows\System\kvLGbZa.exe
  C:\Windows\System\kvLGbZa.exe
  2⤵
  PID:4928
- C:\Windows\System\SfAFsHK.exe
  C:\Windows\System\SfAFsHK.exe
  2⤵
  PID:4948
- C:\Windows\System\cIKPiZU.exe
  C:\Windows\System\cIKPiZU.exe
  2⤵
  PID:4968
- C:\Windows\System\hKgHnsO.exe
  C:\Windows\System\hKgHnsO.exe
  2⤵
  PID:4988
- C:\Windows\System\JGrgJGh.exe
  C:\Windows\System\JGrgJGh.exe
  2⤵
  PID:5008
- C:\Windows\System\AIhEbTY.exe
  C:\Windows\System\AIhEbTY.exe
  2⤵
  PID:5028
- C:\Windows\System\cVvNWiB.exe
  C:\Windows\System\cVvNWiB.exe
  2⤵
  PID:5048
- C:\Windows\System\elHozMy.exe
  C:\Windows\System\elHozMy.exe
  2⤵
  PID:5068
- C:\Windows\System\MiILckY.exe
  C:\Windows\System\MiILckY.exe
  2⤵
  PID:5088
- C:\Windows\System\alSvkdX.exe
  C:\Windows\System\alSvkdX.exe
  2⤵
  PID:5108
- C:\Windows\System\njfQjqT.exe
  C:\Windows\System\njfQjqT.exe
  2⤵
  PID:3108
- C:\Windows\System\YKVDITt.exe
  C:\Windows\System\YKVDITt.exe
  2⤵
  PID:2672
- C:\Windows\System\KXSJror.exe
  C:\Windows\System\KXSJror.exe
  2⤵
  PID:3676
- C:\Windows\System\QftDZtT.exe
  C:\Windows\System\QftDZtT.exe
  2⤵
  PID:3552
- C:\Windows\System\yOkmsZD.exe
  C:\Windows\System\yOkmsZD.exe
  2⤵
  PID:3692
- C:\Windows\System\cWlWHEO.exe
  C:\Windows\System\cWlWHEO.exe
  2⤵
  PID:4016
- C:\Windows\System\uxSfMJQ.exe
  C:\Windows\System\uxSfMJQ.exe
  2⤵
  PID:2428
- C:\Windows\System\tWGCmsm.exe
  C:\Windows\System\tWGCmsm.exe
  2⤵
  PID:1964
- C:\Windows\System\pgIVhmx.exe
  C:\Windows\System\pgIVhmx.exe
  2⤵
  PID:4128
- C:\Windows\System\QAweoMH.exe
  C:\Windows\System\QAweoMH.exe
  2⤵
  PID:4152
- C:\Windows\System\YRqPeon.exe
  C:\Windows\System\YRqPeon.exe
  2⤵
  PID:4176
- C:\Windows\System\qTpzXvq.exe
  C:\Windows\System\qTpzXvq.exe
  2⤵
  PID:4212
- C:\Windows\System\ZqWERYF.exe
  C:\Windows\System\ZqWERYF.exe
  2⤵
  PID:4276
- C:\Windows\System\RZsuQBD.exe
  C:\Windows\System\RZsuQBD.exe
  2⤵
  PID:4288
- C:\Windows\System\fQtyjBs.exe
  C:\Windows\System\fQtyjBs.exe
  2⤵
  PID:4348
- C:\Windows\System\ExXobAd.exe
  C:\Windows\System\ExXobAd.exe
  2⤵
  PID:4352
- C:\Windows\System\yMAurnN.exe
  C:\Windows\System\yMAurnN.exe
  2⤵
  PID:4376
- C:\Windows\System\BBWlBHJ.exe
  C:\Windows\System\BBWlBHJ.exe
  2⤵
  PID:4412
- C:\Windows\System\dkCqfdL.exe
  C:\Windows\System\dkCqfdL.exe
  2⤵
  PID:4452
- C:\Windows\System\UCrZYht.exe
  C:\Windows\System\UCrZYht.exe
  2⤵
  PID:4516
- C:\Windows\System\wtXWlUd.exe
  C:\Windows\System\wtXWlUd.exe
  2⤵
  PID:4552
- C:\Windows\System\pORzMMu.exe
  C:\Windows\System\pORzMMu.exe
  2⤵
  PID:4572
- C:\Windows\System\RINgYMA.exe
  C:\Windows\System\RINgYMA.exe
  2⤵
  PID:4596
- C:\Windows\System\ioXOGci.exe
  C:\Windows\System\ioXOGci.exe
  2⤵
  PID:4616
- C:\Windows\System\bLYGpUo.exe
  C:\Windows\System\bLYGpUo.exe
  2⤵
  PID:4656
- C:\Windows\System\cVtOKvD.exe
  C:\Windows\System\cVtOKvD.exe
  2⤵
  PID:4712
- C:\Windows\System\bCpGGDB.exe
  C:\Windows\System\bCpGGDB.exe
  2⤵
  PID:4732
- C:\Windows\System\qdhoDpL.exe
  C:\Windows\System\qdhoDpL.exe
  2⤵
  PID:4760
- C:\Windows\System\RasQsfg.exe
  C:\Windows\System\RasQsfg.exe
  2⤵
  PID:4780
- C:\Windows\System\QyULamF.exe
  C:\Windows\System\QyULamF.exe
  2⤵
  PID:4840
- C:\Windows\System\tqHLYOT.exe
  C:\Windows\System\tqHLYOT.exe
  2⤵
  PID:4872
- C:\Windows\System\ntrRxbd.exe
  C:\Windows\System\ntrRxbd.exe
  2⤵
  PID:4896
- C:\Windows\System\HjXJmwW.exe
  C:\Windows\System\HjXJmwW.exe
  2⤵
  PID:2664
- C:\Windows\System\LgohXcr.exe
  C:\Windows\System\LgohXcr.exe
  2⤵
  PID:4960
- C:\Windows\System\EhnxOWO.exe
  C:\Windows\System\EhnxOWO.exe
  2⤵
  PID:5000
- C:\Windows\System\JpYciGD.exe
  C:\Windows\System\JpYciGD.exe
  2⤵
  PID:5020
- C:\Windows\System\xgzOinf.exe
  C:\Windows\System\xgzOinf.exe
  2⤵
  PID:5084
- C:\Windows\System\FLwGmcP.exe
  C:\Windows\System\FLwGmcP.exe
  2⤵
  PID:5116
- C:\Windows\System\CgPPuHi.exe
  C:\Windows\System\CgPPuHi.exe
  2⤵
  PID:5100
- C:\Windows\System\AebROxi.exe
  C:\Windows\System\AebROxi.exe
  2⤵
  PID:3392
- C:\Windows\System\aLuMqkL.exe
  C:\Windows\System\aLuMqkL.exe
  2⤵
  PID:3432
- C:\Windows\System\gtDZOiV.exe
  C:\Windows\System\gtDZOiV.exe
  2⤵
  PID:3992
- C:\Windows\System\rKSUhhi.exe
  C:\Windows\System\rKSUhhi.exe
  2⤵
  PID:3876
- C:\Windows\System\ycHITJE.exe
  C:\Windows\System\ycHITJE.exe
  2⤵
  PID:2788
- C:\Windows\System\oHUnNUb.exe
  C:\Windows\System\oHUnNUb.exe
  2⤵
  PID:4192
- C:\Windows\System\tBUNwci.exe
  C:\Windows\System\tBUNwci.exe
  2⤵
  PID:4248
- C:\Windows\System\nANTymB.exe
  C:\Windows\System\nANTymB.exe
  2⤵
  PID:4296
- C:\Windows\System\uAsQbMM.exe
  C:\Windows\System\uAsQbMM.exe
  2⤵
  PID:4388
- C:\Windows\System\wUdFEyO.exe
  C:\Windows\System\wUdFEyO.exe
  2⤵
  PID:4336
- C:\Windows\System\EpMdYkg.exe
  C:\Windows\System\EpMdYkg.exe
  2⤵
  PID:4416
- C:\Windows\System\txUiTrs.exe
  C:\Windows\System\txUiTrs.exe
  2⤵
  PID:4528
- C:\Windows\System\RWwABWD.exe
  C:\Windows\System\RWwABWD.exe
  2⤵
  PID:2888
- C:\Windows\System\QZuKvhH.exe
  C:\Windows\System\QZuKvhH.exe
  2⤵
  PID:4560
- C:\Windows\System\fvtzKpy.exe
  C:\Windows\System\fvtzKpy.exe
  2⤵
  PID:4620
- C:\Windows\System\abVFbsh.exe
  C:\Windows\System\abVFbsh.exe
  2⤵
  PID:4680
- C:\Windows\System\zyJaOet.exe
  C:\Windows\System\zyJaOet.exe
  2⤵
  PID:2764
- C:\Windows\System\grDswhE.exe
  C:\Windows\System\grDswhE.exe
  2⤵
  PID:4796
- C:\Windows\System\RXkFoFi.exe
  C:\Windows\System\RXkFoFi.exe
  2⤵
  PID:4832
- C:\Windows\System\EMlBSpi.exe
  C:\Windows\System\EMlBSpi.exe
  2⤵
  PID:4924
- C:\Windows\System\uuESqsE.exe
  C:\Windows\System\uuESqsE.exe
  2⤵
  PID:4940
- C:\Windows\System\zxUMafZ.exe
  C:\Windows\System\zxUMafZ.exe
  2⤵
  PID:4980
- C:\Windows\System\GdBbMPW.exe
  C:\Windows\System\GdBbMPW.exe
  2⤵
  PID:5056
- C:\Windows\System\YCGVYBd.exe
  C:\Windows\System\YCGVYBd.exe
  2⤵
  PID:5064
- C:\Windows\System\Atvqwfr.exe
  C:\Windows\System\Atvqwfr.exe
  2⤵
  PID:2792
- C:\Windows\System\iKpMHtG.exe
  C:\Windows\System\iKpMHtG.exe
  2⤵
  PID:4076
- C:\Windows\System\DFiDzYj.exe
  C:\Windows\System\DFiDzYj.exe
  2⤵
  PID:4156
- C:\Windows\System\xPVtrYA.exe
  C:\Windows\System\xPVtrYA.exe
  2⤵
  PID:4208
- C:\Windows\System\yWCtCPr.exe
  C:\Windows\System\yWCtCPr.exe
  2⤵
  PID:4396
- C:\Windows\System\LebyJxq.exe
  C:\Windows\System\LebyJxq.exe
  2⤵
  PID:4332
- C:\Windows\System\UdSDAcj.exe
  C:\Windows\System\UdSDAcj.exe
  2⤵
  PID:2576
- C:\Windows\System\zaAsoqu.exe
  C:\Windows\System\zaAsoqu.exe
  2⤵
  PID:2780
- C:\Windows\System\aWlJXza.exe
  C:\Windows\System\aWlJXza.exe
  2⤵
  PID:4532
- C:\Windows\System\oluxNll.exe
  C:\Windows\System\oluxNll.exe
  2⤵
  PID:4612
- C:\Windows\System\WgHkhQC.exe
  C:\Windows\System\WgHkhQC.exe
  2⤵
  PID:4752
- C:\Windows\System\ZvJpwYY.exe
  C:\Windows\System\ZvJpwYY.exe
  2⤵
  PID:4860
- C:\Windows\System\hIyJBYT.exe
  C:\Windows\System\hIyJBYT.exe
  2⤵
  PID:4920
- C:\Windows\System\vdBgHWp.exe
  C:\Windows\System\vdBgHWp.exe
  2⤵
  PID:4996
- C:\Windows\System\bOJbxBl.exe
  C:\Windows\System\bOJbxBl.exe
  2⤵
  PID:5096
- C:\Windows\System\QAChLjz.exe
  C:\Windows\System\QAChLjz.exe
  2⤵
  PID:5076
- C:\Windows\System\WOxAErZ.exe
  C:\Windows\System\WOxAErZ.exe
  2⤵
  PID:3372
- C:\Windows\System\ILJOlCp.exe
  C:\Windows\System\ILJOlCp.exe
  2⤵
  PID:1836
- C:\Windows\System\XDUeJjT.exe
  C:\Windows\System\XDUeJjT.exe
  2⤵
  PID:4136
- C:\Windows\System\eHZJMky.exe
  C:\Windows\System\eHZJMky.exe
  2⤵
  PID:4328
- C:\Windows\System\BIOKLFg.exe
  C:\Windows\System\BIOKLFg.exe
  2⤵
  PID:3048
- C:\Windows\System\UCgksRm.exe
  C:\Windows\System\UCgksRm.exe
  2⤵
  PID:2616
- C:\Windows\System\QPPPxFm.exe
  C:\Windows\System\QPPPxFm.exe
  2⤵
  PID:4692
- C:\Windows\System\WANyrgj.exe
  C:\Windows\System\WANyrgj.exe
  2⤵
  PID:4716
- C:\Windows\System\VnbYmHF.exe
  C:\Windows\System\VnbYmHF.exe
  2⤵
  PID:5004
- C:\Windows\System\gAOsEkW.exe
  C:\Windows\System\gAOsEkW.exe
  2⤵
  PID:5136
- C:\Windows\System\GqrntZz.exe
  C:\Windows\System\GqrntZz.exe
  2⤵
  PID:5156
- C:\Windows\System\tyHvIZA.exe
  C:\Windows\System\tyHvIZA.exe
  2⤵
  PID:5176
- C:\Windows\System\cvzxRoj.exe
  C:\Windows\System\cvzxRoj.exe
  2⤵
  PID:5196
- C:\Windows\System\UPVPRzR.exe
  C:\Windows\System\UPVPRzR.exe
  2⤵
  PID:5216
- C:\Windows\System\ZEzPAcv.exe
  C:\Windows\System\ZEzPAcv.exe
  2⤵
  PID:5236
- C:\Windows\System\VcCBSiy.exe
  C:\Windows\System\VcCBSiy.exe
  2⤵
  PID:5256
- C:\Windows\System\ivgIVAR.exe
  C:\Windows\System\ivgIVAR.exe
  2⤵
  PID:5276
- C:\Windows\System\UTswKRV.exe
  C:\Windows\System\UTswKRV.exe
  2⤵
  PID:5296
- C:\Windows\System\OkgNfbW.exe
  C:\Windows\System\OkgNfbW.exe
  2⤵
  PID:5312
- C:\Windows\System\lgNSKSl.exe
  C:\Windows\System\lgNSKSl.exe
  2⤵
  PID:5336
- C:\Windows\System\guuXVTQ.exe
  C:\Windows\System\guuXVTQ.exe
  2⤵
  PID:5356
- C:\Windows\System\kQpzZcZ.exe
  C:\Windows\System\kQpzZcZ.exe
  2⤵
  PID:5376
- C:\Windows\System\hDUteYk.exe
  C:\Windows\System\hDUteYk.exe
  2⤵
  PID:5392
- C:\Windows\System\xdQzGxI.exe
  C:\Windows\System\xdQzGxI.exe
  2⤵
  PID:5416
- C:\Windows\System\mOZVByN.exe
  C:\Windows\System\mOZVByN.exe
  2⤵
  PID:5436
- C:\Windows\System\yeVxDaR.exe
  C:\Windows\System\yeVxDaR.exe
  2⤵
  PID:5456
- C:\Windows\System\fAppRPb.exe
  C:\Windows\System\fAppRPb.exe
  2⤵
  PID:5476
- C:\Windows\System\ZOZKHHQ.exe
  C:\Windows\System\ZOZKHHQ.exe
  2⤵
  PID:5496
- C:\Windows\System\EpbxUrt.exe
  C:\Windows\System\EpbxUrt.exe
  2⤵
  PID:5516
- C:\Windows\System\mALnToz.exe
  C:\Windows\System\mALnToz.exe
  2⤵
  PID:5536
- C:\Windows\System\DsrPmHe.exe
  C:\Windows\System\DsrPmHe.exe
  2⤵
  PID:5556
- C:\Windows\System\RrTDoDS.exe
  C:\Windows\System\RrTDoDS.exe
  2⤵
  PID:5576
- C:\Windows\System\TGyzBhU.exe
  C:\Windows\System\TGyzBhU.exe
  2⤵
  PID:5596
- C:\Windows\System\aTApaqN.exe
  C:\Windows\System\aTApaqN.exe
  2⤵
  PID:5616
- C:\Windows\System\eJRupXX.exe
  C:\Windows\System\eJRupXX.exe
  2⤵
  PID:5632
- C:\Windows\System\QvKAXva.exe
  C:\Windows\System\QvKAXva.exe
  2⤵
  PID:5656
- C:\Windows\System\XeMnSlI.exe
  C:\Windows\System\XeMnSlI.exe
  2⤵
  PID:5672
- C:\Windows\System\qBmCArq.exe
  C:\Windows\System\qBmCArq.exe
  2⤵
  PID:5696
- C:\Windows\System\wgiBvwK.exe
  C:\Windows\System\wgiBvwK.exe
  2⤵
  PID:5712
- C:\Windows\System\KzUGJax.exe
  C:\Windows\System\KzUGJax.exe
  2⤵
  PID:5736
- C:\Windows\System\TczCqeG.exe
  C:\Windows\System\TczCqeG.exe
  2⤵
  PID:5756
- C:\Windows\System\RmRiRUP.exe
  C:\Windows\System\RmRiRUP.exe
  2⤵
  PID:5776
- C:\Windows\System\EPoDZrl.exe
  C:\Windows\System\EPoDZrl.exe
  2⤵
  PID:5796
- C:\Windows\System\yRHyUKK.exe
  C:\Windows\System\yRHyUKK.exe
  2⤵
  PID:5816
- C:\Windows\System\eYNlwUw.exe
  C:\Windows\System\eYNlwUw.exe
  2⤵
  PID:5832
- C:\Windows\System\yXmqUdz.exe
  C:\Windows\System\yXmqUdz.exe
  2⤵
  PID:5856
- C:\Windows\System\TvdUAwC.exe
  C:\Windows\System\TvdUAwC.exe
  2⤵
  PID:5876
- C:\Windows\System\BaWoAZS.exe
  C:\Windows\System\BaWoAZS.exe
  2⤵
  PID:5896
- C:\Windows\System\ytcABHE.exe
  C:\Windows\System\ytcABHE.exe
  2⤵
  PID:5916
- C:\Windows\System\xiFWePY.exe
  C:\Windows\System\xiFWePY.exe
  2⤵
  PID:5936
- C:\Windows\System\imWDXdD.exe
  C:\Windows\System\imWDXdD.exe
  2⤵
  PID:5956
- C:\Windows\System\vKRxxBv.exe
  C:\Windows\System\vKRxxBv.exe
  2⤵
  PID:5976
- C:\Windows\System\xalVXXW.exe
  C:\Windows\System\xalVXXW.exe
  2⤵
  PID:5996
- C:\Windows\System\LlzKvGY.exe
  C:\Windows\System\LlzKvGY.exe
  2⤵
  PID:6016
- C:\Windows\System\CNCZMSA.exe
  C:\Windows\System\CNCZMSA.exe
  2⤵
  PID:6036
- C:\Windows\System\cEQDEFB.exe
  C:\Windows\System\cEQDEFB.exe
  2⤵
  PID:6056
- C:\Windows\System\SdJTwco.exe
  C:\Windows\System\SdJTwco.exe
  2⤵
  PID:6076
- C:\Windows\System\kDqHwPV.exe
  C:\Windows\System\kDqHwPV.exe
  2⤵
  PID:6096
- C:\Windows\System\rTriKNH.exe
  C:\Windows\System\rTriKNH.exe
  2⤵
  PID:6116
- C:\Windows\System\WjcHbRn.exe
  C:\Windows\System\WjcHbRn.exe
  2⤵
  PID:6136
- C:\Windows\System\htVsdgM.exe
  C:\Windows\System\htVsdgM.exe
  2⤵
  PID:2832
- C:\Windows\System\gnfLusC.exe
  C:\Windows\System\gnfLusC.exe
  2⤵
  PID:3212
- C:\Windows\System\ubNltyr.exe
  C:\Windows\System\ubNltyr.exe
  2⤵
  PID:4056
- C:\Windows\System\CcGhTvW.exe
  C:\Windows\System\CcGhTvW.exe
  2⤵
  PID:4496
- C:\Windows\System\nNTbOGC.exe
  C:\Windows\System\nNTbOGC.exe
  2⤵
  PID:2600
- C:\Windows\System\YWoFrjo.exe
  C:\Windows\System\YWoFrjo.exe
  2⤵
  PID:4600
- C:\Windows\System\hfdTDMb.exe
  C:\Windows\System\hfdTDMb.exe
  2⤵
  PID:1980
- C:\Windows\System\CVxZuUY.exe
  C:\Windows\System\CVxZuUY.exe
  2⤵
  PID:1700
- C:\Windows\System\AqHZRjA.exe
  C:\Windows\System\AqHZRjA.exe
  2⤵
  PID:5168
- C:\Windows\System\UeayUDw.exe
  C:\Windows\System\UeayUDw.exe
  2⤵
  PID:5192
- C:\Windows\System\cQXIWBe.exe
  C:\Windows\System\cQXIWBe.exe
  2⤵
  PID:5212
- C:\Windows\System\kcQBOPz.exe
  C:\Windows\System\kcQBOPz.exe
  2⤵
  PID:5228
- C:\Windows\System\yYfWMjR.exe
  C:\Windows\System\yYfWMjR.exe
  2⤵
  PID:5288
- C:\Windows\System\xpCHrqM.exe
  C:\Windows\System\xpCHrqM.exe
  2⤵
  PID:536
- C:\Windows\System\nNoPwjY.exe
  C:\Windows\System\nNoPwjY.exe
  2⤵
  PID:5364
- C:\Windows\System\KQdbijt.exe
  C:\Windows\System\KQdbijt.exe
  2⤵
  PID:5348
- C:\Windows\System\GtOXitm.exe
  C:\Windows\System\GtOXitm.exe
  2⤵
  PID:5408
- C:\Windows\System\aLzhHHs.exe
  C:\Windows\System\aLzhHHs.exe
  2⤵
  PID:2860
- C:\Windows\System\DglhGMq.exe
  C:\Windows\System\DglhGMq.exe
  2⤵
  PID:5432
- C:\Windows\System\rmvZvta.exe
  C:\Windows\System\rmvZvta.exe
  2⤵
  PID:5468
- C:\Windows\System\DoNubWs.exe
  C:\Windows\System\DoNubWs.exe
  2⤵
  PID:5508
- C:\Windows\System\mQzQcEQ.exe
  C:\Windows\System\mQzQcEQ.exe
  2⤵
  PID:5544
- C:\Windows\System\YGdRjCD.exe
  C:\Windows\System\YGdRjCD.exe
  2⤵
  PID:5548
- C:\Windows\System\VDqIObz.exe
  C:\Windows\System\VDqIObz.exe
  2⤵
  PID:5612
- C:\Windows\System\LBXDjmi.exe
  C:\Windows\System\LBXDjmi.exe
  2⤵
  PID:5644
- C:\Windows\System\NCWxFZq.exe
  C:\Windows\System\NCWxFZq.exe
  2⤵
  PID:5628
- C:\Windows\System\BHDnVAd.exe
  C:\Windows\System\BHDnVAd.exe
  2⤵
  PID:5728
- C:\Windows\System\VPfNiGD.exe
  C:\Windows\System\VPfNiGD.exe
  2⤵
  PID:5772
- C:\Windows\System\QfvBZzW.exe
  C:\Windows\System\QfvBZzW.exe
  2⤵
  PID:5752
- C:\Windows\System\XKCwEvX.exe
  C:\Windows\System\XKCwEvX.exe
  2⤵
  PID:5784
- C:\Windows\System\iKDFxkT.exe
  C:\Windows\System\iKDFxkT.exe
  2⤵
  PID:5848
- C:\Windows\System\xTcfHCR.exe
  C:\Windows\System\xTcfHCR.exe
  2⤵
  PID:5884
- C:\Windows\System\GHRTksm.exe
  C:\Windows\System\GHRTksm.exe
  2⤵
  PID:5924
- C:\Windows\System\TLtaPJO.exe
  C:\Windows\System\TLtaPJO.exe
  2⤵
  PID:5944
- C:\Windows\System\HfAGEkH.exe
  C:\Windows\System\HfAGEkH.exe
  2⤵
  PID:5968
- C:\Windows\System\rZXAtLL.exe
  C:\Windows\System\rZXAtLL.exe
  2⤵
  PID:5988
- C:\Windows\System\kuEuXbW.exe
  C:\Windows\System\kuEuXbW.exe
  2⤵
  PID:6052
- C:\Windows\System\oiaWvZZ.exe
  C:\Windows\System\oiaWvZZ.exe
  2⤵
  PID:6024
- C:\Windows\System\zrDirHk.exe
  C:\Windows\System\zrDirHk.exe
  2⤵
  PID:2340
- C:\Windows\System\dYLdsvL.exe
  C:\Windows\System\dYLdsvL.exe
  2⤵
  PID:6124
- C:\Windows\System\OLmqCvu.exe
  C:\Windows\System\OLmqCvu.exe
  2⤵
  PID:6128
- C:\Windows\System\bgNBPdr.exe
  C:\Windows\System\bgNBPdr.exe
  2⤵
  PID:1676
- C:\Windows\System\fduZLZe.exe
  C:\Windows\System\fduZLZe.exe
  2⤵
  PID:4312
- C:\Windows\System\qMVYYCh.exe
  C:\Windows\System\qMVYYCh.exe
  2⤵
  PID:2856
- C:\Windows\System\udNdmiB.exe
  C:\Windows\System\udNdmiB.exe
  2⤵
  PID:4916
- C:\Windows\System\vyOKSGH.exe
  C:\Windows\System\vyOKSGH.exe
  2⤵
  PID:5144
- C:\Windows\System\mlsxDpx.exe
  C:\Windows\System\mlsxDpx.exe
  2⤵
  PID:2260
- C:\Windows\System\DotKPek.exe
  C:\Windows\System\DotKPek.exe
  2⤵
  PID:2308
- C:\Windows\System\bHoOpjX.exe
  C:\Windows\System\bHoOpjX.exe
  2⤵
  PID:5208
- C:\Windows\System\YYzEOUk.exe
  C:\Windows\System\YYzEOUk.exe
  2⤵
  PID:5268
- C:\Windows\System\KwDnvce.exe
  C:\Windows\System\KwDnvce.exe
  2⤵
  PID:5328
- C:\Windows\System\HPEkLvI.exe
  C:\Windows\System\HPEkLvI.exe
  2⤵
  PID:5400
- C:\Windows\System\UHhines.exe
  C:\Windows\System\UHhines.exe
  2⤵
  PID:5484
- C:\Windows\System\mXzKwkz.exe
  C:\Windows\System\mXzKwkz.exe
  2⤵
  PID:5512
- C:\Windows\System\UdfvIPG.exe
  C:\Windows\System\UdfvIPG.exe
  2⤵
  PID:5572
- C:\Windows\System\dLhEYCP.exe
  C:\Windows\System\dLhEYCP.exe
  2⤵
  PID:5588
- C:\Windows\System\ajfWypi.exe
  C:\Windows\System\ajfWypi.exe
  2⤵
  PID:5692
- C:\Windows\System\murNqwY.exe
  C:\Windows\System\murNqwY.exe
  2⤵
  PID:5764
- C:\Windows\System\BdMlHTJ.exe
  C:\Windows\System\BdMlHTJ.exe
  2⤵
  PID:5812
- C:\Windows\System\jCyIPzT.exe
  C:\Windows\System\jCyIPzT.exe
  2⤵
  PID:5788
- C:\Windows\System\wStMnlb.exe
  C:\Windows\System\wStMnlb.exe
  2⤵
  PID:5828
- C:\Windows\System\qFdOqzZ.exe
  C:\Windows\System\qFdOqzZ.exe
  2⤵
  PID:5912
- C:\Windows\System\bMDoRDO.exe
  C:\Windows\System\bMDoRDO.exe
  2⤵
  PID:5992
- C:\Windows\System\WSbEcSQ.exe
  C:\Windows\System\WSbEcSQ.exe
  2⤵
  PID:6028
- C:\Windows\System\KvPSpSQ.exe
  C:\Windows\System\KvPSpSQ.exe
  2⤵
  PID:484
- C:\Windows\System\dclSqve.exe
  C:\Windows\System\dclSqve.exe
  2⤵
  PID:5024
- C:\Windows\System\ahbOgLl.exe
  C:\Windows\System\ahbOgLl.exe
  2⤵
  PID:6132
- C:\Windows\System\lhvLxGK.exe
  C:\Windows\System\lhvLxGK.exe
  2⤵
  PID:4508
- C:\Windows\System\qrpeJKB.exe
  C:\Windows\System\qrpeJKB.exe
  2⤵
  PID:3040
- C:\Windows\System\JeglkQE.exe
  C:\Windows\System\JeglkQE.exe
  2⤵
  PID:2652
- C:\Windows\System\hODnVyh.exe
  C:\Windows\System\hODnVyh.exe
  2⤵
  PID:5224
- C:\Windows\System\WNtUVIX.exe
  C:\Windows\System\WNtUVIX.exe
  2⤵
  PID:4040
- C:\Windows\System\TFiSjBT.exe
  C:\Windows\System\TFiSjBT.exe
  2⤵
  PID:5372
- C:\Windows\System\bkAbpSs.exe
  C:\Windows\System\bkAbpSs.exe
  2⤵
  PID:5248
- C:\Windows\System\ttRuBLS.exe
  C:\Windows\System\ttRuBLS.exe
  2⤵
  PID:5552
- C:\Windows\System\rmYirFa.exe
  C:\Windows\System\rmYirFa.exe
  2⤵
  PID:5720
- C:\Windows\System\rsHwXrb.exe
  C:\Windows\System\rsHwXrb.exe
  2⤵
  PID:5388
- C:\Windows\System\MDHYZHa.exe
  C:\Windows\System\MDHYZHa.exe
  2⤵
  PID:5748
- C:\Windows\System\rDSqlpX.exe
  C:\Windows\System\rDSqlpX.exe
  2⤵
  PID:5872
- C:\Windows\System\bBjTmXQ.exe
  C:\Windows\System\bBjTmXQ.exe
  2⤵
  PID:5532
- C:\Windows\System\FEMeXlm.exe
  C:\Windows\System\FEMeXlm.exe
  2⤵
  PID:1800
- C:\Windows\System\jFAjGAq.exe
  C:\Windows\System\jFAjGAq.exe
  2⤵
  PID:5060
- C:\Windows\System\GcwpvfU.exe
  C:\Windows\System\GcwpvfU.exe
  2⤵
  PID:6108
- C:\Windows\System\hlGurDF.exe
  C:\Windows\System\hlGurDF.exe
  2⤵
  PID:2588
- C:\Windows\System\sTjkFYR.exe
  C:\Windows\System\sTjkFYR.exe
  2⤵
  PID:5184
- C:\Windows\System\hNFvJCb.exe
  C:\Windows\System\hNFvJCb.exe
  2⤵
  PID:5332
- C:\Windows\System\OnFYlKP.exe
  C:\Windows\System\OnFYlKP.exe
  2⤵
  PID:5492
- C:\Windows\System\sIQtIpT.exe
  C:\Windows\System\sIQtIpT.exe
  2⤵
  PID:5564
- C:\Windows\System\AwZBYUQ.exe
  C:\Windows\System\AwZBYUQ.exe
  2⤵
  PID:2120
- C:\Windows\System\qPQefrF.exe
  C:\Windows\System\qPQefrF.exe
  2⤵
  PID:6008
- C:\Windows\System\fMAyMeC.exe
  C:\Windows\System\fMAyMeC.exe
  2⤵
  PID:5684
- C:\Windows\System\iBYEopW.exe
  C:\Windows\System\iBYEopW.exe
  2⤵
  PID:5840
- C:\Windows\System\AExsuct.exe
  C:\Windows\System\AExsuct.exe
  2⤵
  PID:2948
- C:\Windows\System\RWNQUOh.exe
  C:\Windows\System\RWNQUOh.exe
  2⤵
  PID:5124
- C:\Windows\System\rWNIWmR.exe
  C:\Windows\System\rWNIWmR.exe
  2⤵
  PID:2936
- C:\Windows\System\kEjAkFz.exe
  C:\Windows\System\kEjAkFz.exe
  2⤵
  PID:716
- C:\Windows\System\KpiHIjD.exe
  C:\Windows\System\KpiHIjD.exe
  2⤵
  PID:5264
- C:\Windows\System\PNIAXab.exe
  C:\Windows\System\PNIAXab.exe
  2⤵
  PID:5344
- C:\Windows\System\jYHzgrv.exe
  C:\Windows\System\jYHzgrv.exe
  2⤵
  PID:6012
- C:\Windows\System\vRuvJlx.exe
  C:\Windows\System\vRuvJlx.exe
  2⤵
  PID:2296
- C:\Windows\System\HGGxrVP.exe
  C:\Windows\System\HGGxrVP.exe
  2⤵
  PID:2584
- C:\Windows\System\nKiJQjp.exe
  C:\Windows\System\nKiJQjp.exe
  2⤵
  PID:1148
- C:\Windows\System\MLhqebj.exe
  C:\Windows\System\MLhqebj.exe
  2⤵
  PID:5948
- C:\Windows\System\abNmCwt.exe
  C:\Windows\System\abNmCwt.exe
  2⤵
  PID:2220
- C:\Windows\System\KASkRwU.exe
  C:\Windows\System\KASkRwU.exe
  2⤵
  PID:2684
- C:\Windows\System\HlFELoX.exe
  C:\Windows\System\HlFELoX.exe
  2⤵
  PID:4468
- C:\Windows\System\nPnvKNG.exe
  C:\Windows\System\nPnvKNG.exe
  2⤵
  PID:5324
- C:\Windows\System\cuBUxNs.exe
  C:\Windows\System\cuBUxNs.exe
  2⤵
  PID:2564
- C:\Windows\System\UkvREGH.exe
  C:\Windows\System\UkvREGH.exe
  2⤵
  PID:1284
- C:\Windows\System\ruFMxmk.exe
  C:\Windows\System\ruFMxmk.exe
  2⤵
  PID:2264
- C:\Windows\System\oSoGXsI.exe
  C:\Windows\System\oSoGXsI.exe
  2⤵
  PID:5888
- C:\Windows\System\bSrSUcQ.exe
  C:\Windows\System\bSrSUcQ.exe
  2⤵
  PID:2620
- C:\Windows\System\xKtUpoQ.exe
  C:\Windows\System\xKtUpoQ.exe
  2⤵
  PID:2920
- C:\Windows\System\ZIBRObK.exe
  C:\Windows\System\ZIBRObK.exe
  2⤵
  PID:5704
- C:\Windows\System\SnznZur.exe
  C:\Windows\System\SnznZur.exe
  2⤵
  PID:5204
- C:\Windows\System\uhcrtId.exe
  C:\Windows\System\uhcrtId.exe
  2⤵
  PID:1308
- C:\Windows\System\MQSfivG.exe
  C:\Windows\System\MQSfivG.exe
  2⤵
  PID:2676
- C:\Windows\System\jkEHRbC.exe
  C:\Windows\System\jkEHRbC.exe
  2⤵
  PID:6092
- C:\Windows\System\JXkevdy.exe
  C:\Windows\System\JXkevdy.exe
  2⤵
  PID:4676
- C:\Windows\System\aoFzRga.exe
  C:\Windows\System\aoFzRga.exe
  2⤵
  PID:2996
- C:\Windows\System\vgalBTS.exe
  C:\Windows\System\vgalBTS.exe
  2⤵
  PID:1236
- C:\Windows\System\sbvMGCK.exe
  C:\Windows\System\sbvMGCK.exe
  2⤵
  PID:1612
- C:\Windows\System\VXPrpyO.exe
  C:\Windows\System\VXPrpyO.exe
  2⤵
  PID:3056
- C:\Windows\System\bhOKVMi.exe
  C:\Windows\System\bhOKVMi.exe
  2⤵
  PID:1528
- C:\Windows\System\qilGPLt.exe
  C:\Windows\System\qilGPLt.exe
  2⤵
  PID:3208
- C:\Windows\System\EjdTsap.exe
  C:\Windows\System\EjdTsap.exe
  2⤵
  PID:5232
- C:\Windows\System\yUXxZpb.exe
  C:\Windows\System\yUXxZpb.exe
  2⤵
  PID:1660
- C:\Windows\System\xkyNxfw.exe
  C:\Windows\System\xkyNxfw.exe
  2⤵
  PID:6160
- C:\Windows\System\xCGwAXm.exe
  C:\Windows\System\xCGwAXm.exe
  2⤵
  PID:6176
- C:\Windows\System\tTcVPSI.exe
  C:\Windows\System\tTcVPSI.exe
  2⤵
  PID:6212
- C:\Windows\System\jbXzaKI.exe
  C:\Windows\System\jbXzaKI.exe
  2⤵
  PID:6240
- C:\Windows\System\ZLLjrkN.exe
  C:\Windows\System\ZLLjrkN.exe
  2⤵
  PID:6260
- C:\Windows\System\ivjctzb.exe
  C:\Windows\System\ivjctzb.exe
  2⤵
  PID:6280
- C:\Windows\System\DXrqMnM.exe
  C:\Windows\System\DXrqMnM.exe
  2⤵
  PID:6300
- C:\Windows\System\twhfRxh.exe
  C:\Windows\System\twhfRxh.exe
  2⤵
  PID:6320
- C:\Windows\System\gwxrepc.exe
  C:\Windows\System\gwxrepc.exe
  2⤵
  PID:6336
- C:\Windows\System\sIDEjkr.exe
  C:\Windows\System\sIDEjkr.exe
  2⤵
  PID:6368
- C:\Windows\System\lhCccNH.exe
  C:\Windows\System\lhCccNH.exe
  2⤵
  PID:6388
- C:\Windows\System\bUKWslO.exe
  C:\Windows\System\bUKWslO.exe
  2⤵
  PID:6404
- C:\Windows\System\vQvZUlK.exe
  C:\Windows\System\vQvZUlK.exe
  2⤵
  PID:6432
- C:\Windows\System\WaLxcwo.exe
  C:\Windows\System\WaLxcwo.exe
  2⤵
  PID:6448
- C:\Windows\System\MabmqGU.exe
  C:\Windows\System\MabmqGU.exe
  2⤵
  PID:6468
- C:\Windows\System\mXJdHxV.exe
  C:\Windows\System\mXJdHxV.exe
  2⤵
  PID:6484
- C:\Windows\System\TExzvmx.exe
  C:\Windows\System\TExzvmx.exe
  2⤵
  PID:6500
- C:\Windows\System\OksAjHP.exe
  C:\Windows\System\OksAjHP.exe
  2⤵
  PID:6520
- C:\Windows\System\oOCkmWd.exe
  C:\Windows\System\oOCkmWd.exe
  2⤵
  PID:6556
- C:\Windows\System\OJRartD.exe
  C:\Windows\System\OJRartD.exe
  2⤵
  PID:6572
- C:\Windows\System\RZTljvk.exe
  C:\Windows\System\RZTljvk.exe
  2⤵
  PID:6588
- C:\Windows\System\kBEphro.exe
  C:\Windows\System\kBEphro.exe
  2⤵
  PID:6604
- C:\Windows\System\BSsTeyO.exe
  C:\Windows\System\BSsTeyO.exe
  2⤵
  PID:6624
- C:\Windows\System\miiHsTB.exe
  C:\Windows\System\miiHsTB.exe
  2⤵
  PID:6652
- C:\Windows\System\uLWJDDt.exe
  C:\Windows\System\uLWJDDt.exe
  2⤵
  PID:6668
- C:\Windows\System\eomNdJR.exe
  C:\Windows\System\eomNdJR.exe
  2⤵
  PID:6688
- C:\Windows\System\taOmWVe.exe
  C:\Windows\System\taOmWVe.exe
  2⤵
  PID:6708
- C:\Windows\System\JVPyxrY.exe
  C:\Windows\System\JVPyxrY.exe
  2⤵
  PID:6728
- C:\Windows\System\hIDVmDQ.exe
  C:\Windows\System\hIDVmDQ.exe
  2⤵
  PID:6744
- C:\Windows\System\Pvjspam.exe
  C:\Windows\System\Pvjspam.exe
  2⤵
  PID:6776
- C:\Windows\System\UXbeOkz.exe
  C:\Windows\System\UXbeOkz.exe
  2⤵
  PID:6800
- C:\Windows\System\AhvPFsR.exe
  C:\Windows\System\AhvPFsR.exe
  2⤵
  PID:6816
- C:\Windows\System\TTWFbtj.exe
  C:\Windows\System\TTWFbtj.exe
  2⤵
  PID:6832
- C:\Windows\System\zEMpatY.exe
  C:\Windows\System\zEMpatY.exe
  2⤵
  PID:6860
- C:\Windows\System\qCnjloq.exe
  C:\Windows\System\qCnjloq.exe
  2⤵
  PID:6876
- C:\Windows\System\lUcagCk.exe
  C:\Windows\System\lUcagCk.exe
  2⤵
  PID:6892
- C:\Windows\System\cYbjAaq.exe
  C:\Windows\System\cYbjAaq.exe
  2⤵
  PID:6916
- C:\Windows\System\CPEDIQp.exe
  C:\Windows\System\CPEDIQp.exe
  2⤵
  PID:6932
- C:\Windows\System\YngNDrB.exe
  C:\Windows\System\YngNDrB.exe
  2⤵
  PID:6956
- C:\Windows\System\HebqCkM.exe
  C:\Windows\System\HebqCkM.exe
  2⤵
  PID:6972
- C:\Windows\System\HGfWhxp.exe
  C:\Windows\System\HGfWhxp.exe
  2⤵
  PID:6996
- C:\Windows\System\kmYzTXi.exe
  C:\Windows\System\kmYzTXi.exe
  2⤵
  PID:7012
- C:\Windows\System\byNywso.exe
  C:\Windows\System\byNywso.exe
  2⤵
  PID:7032
- C:\Windows\System\EKWuYbe.exe
  C:\Windows\System\EKWuYbe.exe
  2⤵
  PID:7048
- C:\Windows\System\SkTlZvg.exe
  C:\Windows\System\SkTlZvg.exe
  2⤵
  PID:7064
- C:\Windows\System\pypEbYu.exe
  C:\Windows\System\pypEbYu.exe
  2⤵
  PID:7084
- C:\Windows\System\PjWrgtI.exe
  C:\Windows\System\PjWrgtI.exe
  2⤵
  PID:7100
- C:\Windows\System\wKgbjoI.exe
  C:\Windows\System\wKgbjoI.exe
  2⤵
  PID:7116
- C:\Windows\System\SPVexCm.exe
  C:\Windows\System\SPVexCm.exe
  2⤵
  PID:7132
- C:\Windows\System\AaIEcYw.exe
  C:\Windows\System\AaIEcYw.exe
  2⤵
  PID:7148
- C:\Windows\System\tqfHnnT.exe
  C:\Windows\System\tqfHnnT.exe
  2⤵
  PID:7164
- C:\Windows\System\POeJrvg.exe
  C:\Windows\System\POeJrvg.exe
  2⤵
  PID:4956
- C:\Windows\System\mfmSWoT.exe
  C:\Windows\System\mfmSWoT.exe
  2⤵
  PID:1940
- C:\Windows\System\vHggSsK.exe
  C:\Windows\System\vHggSsK.exe
  2⤵
  PID:6220
- C:\Windows\System\WmaSNZd.exe
  C:\Windows\System\WmaSNZd.exe
  2⤵
  PID:6228
- C:\Windows\System\VcZQCcR.exe
  C:\Windows\System\VcZQCcR.exe
  2⤵
  PID:6292
- C:\Windows\System\yulRmCv.exe
  C:\Windows\System\yulRmCv.exe
  2⤵
  PID:6268
- C:\Windows\System\Gysinai.exe
  C:\Windows\System\Gysinai.exe
  2⤵
  PID:6316
- C:\Windows\System\BVTWHZq.exe
  C:\Windows\System\BVTWHZq.exe
  2⤵
  PID:1132
- C:\Windows\System\bwhLWkP.exe
  C:\Windows\System\bwhLWkP.exe
  2⤵
  PID:860
- C:\Windows\System\oMkqSXh.exe
  C:\Windows\System\oMkqSXh.exe
  2⤵
  PID:6396
- C:\Windows\System\vYFaERK.exe
  C:\Windows\System\vYFaERK.exe
  2⤵
  PID:6424
- C:\Windows\System\QvYKkHa.exe
  C:\Windows\System\QvYKkHa.exe
  2⤵
  PID:6440
- C:\Windows\System\FSjaOIS.exe
  C:\Windows\System\FSjaOIS.exe
  2⤵
  PID:6508
- C:\Windows\System\ncyykyJ.exe
  C:\Windows\System\ncyykyJ.exe
  2⤵
  PID:6532
- C:\Windows\System\ENolGSL.exe
  C:\Windows\System\ENolGSL.exe
  2⤵
  PID:6544
- C:\Windows\System\IRrXNjA.exe
  C:\Windows\System\IRrXNjA.exe
  2⤵
  PID:6596
- C:\Windows\System\FPVjjLL.exe
  C:\Windows\System\FPVjjLL.exe
  2⤵
  PID:6616
- C:\Windows\System\LJxgosN.exe
  C:\Windows\System\LJxgosN.exe
  2⤵
  PID:6700
- C:\Windows\System\UKeeHAz.exe
  C:\Windows\System\UKeeHAz.exe
  2⤵
  PID:6752
- C:\Windows\System\WQpdrsE.exe
  C:\Windows\System\WQpdrsE.exe
  2⤵
  PID:6756
- C:\Windows\System\IRfPCsP.exe
  C:\Windows\System\IRfPCsP.exe
  2⤵
  PID:6808
- C:\Windows\System\utptHLw.exe
  C:\Windows\System\utptHLw.exe
  2⤵
  PID:6872
- C:\Windows\System\SsWwvXH.exe
  C:\Windows\System\SsWwvXH.exe
  2⤵
  PID:6852
- C:\Windows\System\ukMMfJz.exe
  C:\Windows\System\ukMMfJz.exe
  2⤵
  PID:6908
- C:\Windows\System\TTYgmkL.exe
  C:\Windows\System\TTYgmkL.exe
  2⤵
  PID:6948
- C:\Windows\System\duYtoke.exe
  C:\Windows\System\duYtoke.exe
  2⤵
  PID:6952
- C:\Windows\System\xrPtBtL.exe
  C:\Windows\System\xrPtBtL.exe
  2⤵
  PID:7044
- C:\Windows\System\xCyTOwm.exe
  C:\Windows\System\xCyTOwm.exe
  2⤵
  PID:7140
- C:\Windows\System\gXnQnFR.exe
  C:\Windows\System\gXnQnFR.exe
  2⤵
  PID:6988
- C:\Windows\System\ZOgnBvw.exe
  C:\Windows\System\ZOgnBvw.exe
  2⤵
  PID:7056
- C:\Windows\System\AFjmFNj.exe
  C:\Windows\System\AFjmFNj.exe
  2⤵
  PID:7124
- C:\Windows\System\gRwpAEH.exe
  C:\Windows\System\gRwpAEH.exe
  2⤵
  PID:2128
- C:\Windows\System\bKNBWZh.exe
  C:\Windows\System\bKNBWZh.exe
  2⤵
  PID:1036
- C:\Windows\System\ttiGJyM.exe
  C:\Windows\System\ttiGJyM.exe
  2⤵
  PID:6208
- C:\Windows\System\POOqZGF.exe
  C:\Windows\System\POOqZGF.exe
  2⤵
  PID:6224
- C:\Windows\System\TIKAyKh.exe
  C:\Windows\System\TIKAyKh.exe
  2⤵
  PID:6348
- C:\Windows\System\OdbGMQc.exe
  C:\Windows\System\OdbGMQc.exe
  2⤵
  PID:1384
- C:\Windows\System\sRoabml.exe
  C:\Windows\System\sRoabml.exe
  2⤵
  PID:6380
- C:\Windows\System\RwAPgsb.exe
  C:\Windows\System\RwAPgsb.exe
  2⤵
  PID:6456
- C:\Windows\System\IgcTZUh.exe
  C:\Windows\System\IgcTZUh.exe
  2⤵
  PID:6480
- C:\Windows\System\dgolKKB.exe
  C:\Windows\System\dgolKKB.exe
  2⤵
  PID:6516
- C:\Windows\System\wgRoenH.exe
  C:\Windows\System\wgRoenH.exe
  2⤵
  PID:6580
- C:\Windows\System\aJxOVJF.exe
  C:\Windows\System\aJxOVJF.exe
  2⤵
  PID:6620
- C:\Windows\System\kNPqAZN.exe
  C:\Windows\System\kNPqAZN.exe
  2⤵
  PID:6680
- C:\Windows\System\QjRyAzL.exe
  C:\Windows\System\QjRyAzL.exe
  2⤵
  PID:6716
- C:\Windows\System\sRdOOSi.exe
  C:\Windows\System\sRdOOSi.exe
  2⤵
  PID:6764
- C:\Windows\System\dsdQYiB.exe
  C:\Windows\System\dsdQYiB.exe
  2⤵
  PID:6900
- C:\Windows\System\VRFFLqH.exe
  C:\Windows\System\VRFFLqH.exe
  2⤵
  PID:6968
- C:\Windows\System\XWLerPc.exe
  C:\Windows\System\XWLerPc.exe
  2⤵
  PID:7008
- C:\Windows\System\GxZVuqQ.exe
  C:\Windows\System\GxZVuqQ.exe
  2⤵
  PID:7024
- C:\Windows\System\bIXNWsm.exe
  C:\Windows\System\bIXNWsm.exe
  2⤵
  PID:6152
- C:\Windows\System\mBkDmGd.exe
  C:\Windows\System\mBkDmGd.exe
  2⤵
  PID:6188
- C:\Windows\System\ewlNINf.exe
  C:\Windows\System\ewlNINf.exe
  2⤵
  PID:6200
- C:\Windows\System\myxmlvU.exe
  C:\Windows\System\myxmlvU.exe
  2⤵
  PID:6288
- C:\Windows\System\qkAogJk.exe
  C:\Windows\System\qkAogJk.exe
  2⤵
  PID:6248
- C:\Windows\System\JURkeYo.exe
  C:\Windows\System\JURkeYo.exe
  2⤵
  PID:6476
- C:\Windows\System\KZEamon.exe
  C:\Windows\System\KZEamon.exe
  2⤵
  PID:6308
- C:\Windows\System\SPecAHs.exe
  C:\Windows\System\SPecAHs.exe
  2⤵
  PID:6740
- C:\Windows\System\aycyuVs.exe
  C:\Windows\System\aycyuVs.exe
  2⤵
  PID:6772
- C:\Windows\System\RJRkduQ.exe
  C:\Windows\System\RJRkduQ.exe
  2⤵
  PID:6940
- C:\Windows\System\YVcoJwr.exe
  C:\Windows\System\YVcoJwr.exe
  2⤵
  PID:6888
- C:\Windows\System\QCQhMBm.exe
  C:\Windows\System\QCQhMBm.exe
  2⤵
  PID:6824
- C:\Windows\System\YzNSPWQ.exe
  C:\Windows\System\YzNSPWQ.exe
  2⤵
  PID:6980
- C:\Windows\System\YLdbZQy.exe
  C:\Windows\System\YLdbZQy.exe
  2⤵
  PID:6184
- C:\Windows\System\ddLBTLo.exe
  C:\Windows\System\ddLBTLo.exe
  2⤵
  PID:7156
- C:\Windows\System\LxCYyOw.exe
  C:\Windows\System\LxCYyOw.exe
  2⤵
  PID:6276
- C:\Windows\System\yRNRnOZ.exe
  C:\Windows\System\yRNRnOZ.exe
  2⤵
  PID:6232
- C:\Windows\System\ihXSkJo.exe
  C:\Windows\System\ihXSkJo.exe
  2⤵
  PID:6724
- C:\Windows\System\ZMOjPXO.exe
  C:\Windows\System\ZMOjPXO.exe
  2⤵
  PID:6848
- C:\Windows\System\ZkJTkNX.exe
  C:\Windows\System\ZkJTkNX.exe
  2⤵
  PID:1104
- C:\Windows\System\NtQgcBO.exe
  C:\Windows\System\NtQgcBO.exe
  2⤵
  PID:6552
- C:\Windows\System\KfDshUk.exe
  C:\Windows\System\KfDshUk.exe
  2⤵
  PID:6944
- C:\Windows\System\JjqoCpp.exe
  C:\Windows\System\JjqoCpp.exe
  2⤵
  PID:6376
- C:\Windows\System\KYRvmpo.exe
  C:\Windows\System\KYRvmpo.exe
  2⤵
  PID:6884
- C:\Windows\System\nVSTCVc.exe
  C:\Windows\System\nVSTCVc.exe
  2⤵
  PID:7112
- C:\Windows\System\hbUGHLe.exe
  C:\Windows\System\hbUGHLe.exe
  2⤵
  PID:6812
- C:\Windows\System\OPAmovX.exe
  C:\Windows\System\OPAmovX.exe
  2⤵
  PID:7184
- C:\Windows\System\wENasRp.exe
  C:\Windows\System\wENasRp.exe
  2⤵
  PID:7200
- C:\Windows\System\hxoDfwc.exe
  C:\Windows\System\hxoDfwc.exe
  2⤵
  PID:7236
- C:\Windows\System\OqmwgLf.exe
  C:\Windows\System\OqmwgLf.exe
  2⤵
  PID:7256
- C:\Windows\System\sqpsEYV.exe
  C:\Windows\System\sqpsEYV.exe
  2⤵
  PID:7272
- C:\Windows\System\hghTLTx.exe
  C:\Windows\System\hghTLTx.exe
  2⤵
  PID:7288
- C:\Windows\System\JsActaY.exe
  C:\Windows\System\JsActaY.exe
  2⤵
  PID:7304
- C:\Windows\System\mukepMs.exe
  C:\Windows\System\mukepMs.exe
  2⤵
  PID:7324
- C:\Windows\System\icRKUYH.exe
  C:\Windows\System\icRKUYH.exe
  2⤵
  PID:7344
- C:\Windows\System\nRBPSJa.exe
  C:\Windows\System\nRBPSJa.exe
  2⤵
  PID:7376
- C:\Windows\System\VxbqiAT.exe
  C:\Windows\System\VxbqiAT.exe
  2⤵
  PID:7396
- C:\Windows\System\SuSEAOC.exe
  C:\Windows\System\SuSEAOC.exe
  2⤵
  PID:7412
- C:\Windows\System\MmJkTXH.exe
  C:\Windows\System\MmJkTXH.exe
  2⤵
  PID:7428
- C:\Windows\System\PpvXXNa.exe
  C:\Windows\System\PpvXXNa.exe
  2⤵
  PID:7468
- C:\Windows\System\TTPSnYX.exe
  C:\Windows\System\TTPSnYX.exe
  2⤵
  PID:7488
- C:\Windows\System\bySARpl.exe
  C:\Windows\System\bySARpl.exe
  2⤵
  PID:7504
- C:\Windows\System\pERyDZH.exe
  C:\Windows\System\pERyDZH.exe
  2⤵
  PID:7520
- C:\Windows\System\jPuKEgF.exe
  C:\Windows\System\jPuKEgF.exe
  2⤵
  PID:7540
- C:\Windows\System\uKTDfoD.exe
  C:\Windows\System\uKTDfoD.exe
  2⤵
  PID:7560
- C:\Windows\System\uECmeXn.exe
  C:\Windows\System\uECmeXn.exe
  2⤵
  PID:7576
- C:\Windows\System\WgHhEUA.exe
  C:\Windows\System\WgHhEUA.exe
  2⤵
  PID:7596
- C:\Windows\System\rDXUjoc.exe
  C:\Windows\System\rDXUjoc.exe
  2⤵
  PID:7624
- C:\Windows\System\JZPuryJ.exe
  C:\Windows\System\JZPuryJ.exe
  2⤵
  PID:7640
- C:\Windows\System\VvaXRbk.exe
  C:\Windows\System\VvaXRbk.exe
  2⤵
  PID:7656
- C:\Windows\System\dRkcxWe.exe
  C:\Windows\System\dRkcxWe.exe
  2⤵
  PID:7692
- C:\Windows\System\gSjRENT.exe
  C:\Windows\System\gSjRENT.exe
  2⤵
  PID:7708
- C:\Windows\System\eRNyPuy.exe
  C:\Windows\System\eRNyPuy.exe
  2⤵
  PID:7728
- C:\Windows\System\SRruOMu.exe
  C:\Windows\System\SRruOMu.exe
  2⤵
  PID:7744
- C:\Windows\System\aOHYykb.exe
  C:\Windows\System\aOHYykb.exe
  2⤵
  PID:7764
- C:\Windows\System\xQQoSOC.exe
  C:\Windows\System\xQQoSOC.exe
  2⤵
  PID:7784
- C:\Windows\System\YlkcpAO.exe
  C:\Windows\System\YlkcpAO.exe
  2⤵
  PID:7804
- C:\Windows\System\mLkDlZk.exe
  C:\Windows\System\mLkDlZk.exe
  2⤵
  PID:7820
- C:\Windows\System\DPbYVfb.exe
  C:\Windows\System\DPbYVfb.exe
  2⤵
  PID:7840
- C:\Windows\System\VxdeWDL.exe
  C:\Windows\System\VxdeWDL.exe
  2⤵
  PID:7864
- C:\Windows\System\QIMZRRD.exe
  C:\Windows\System\QIMZRRD.exe
  2⤵
  PID:7884
- C:\Windows\System\CHYOzxG.exe
  C:\Windows\System\CHYOzxG.exe
  2⤵
  PID:7900
- C:\Windows\System\rMwMxuZ.exe
  C:\Windows\System\rMwMxuZ.exe
  2⤵
  PID:7924
- C:\Windows\System\dOeVEkq.exe
  C:\Windows\System\dOeVEkq.exe
  2⤵
  PID:7944
- C:\Windows\System\QrmvJgZ.exe
  C:\Windows\System\QrmvJgZ.exe
  2⤵
  PID:7960
- C:\Windows\System\UjvPbLx.exe
  C:\Windows\System\UjvPbLx.exe
  2⤵
  PID:7980
- C:\Windows\System\rJHQaHM.exe
  C:\Windows\System\rJHQaHM.exe
  2⤵
  PID:7996
- C:\Windows\System\MqUWqJt.exe
  C:\Windows\System\MqUWqJt.exe
  2⤵
  PID:8012
- C:\Windows\System\unvWMdC.exe
  C:\Windows\System\unvWMdC.exe
  2⤵
  PID:8028
- C:\Windows\System\rmtaJpy.exe
  C:\Windows\System\rmtaJpy.exe
  2⤵
  PID:8052
- C:\Windows\System\dVAVKIA.exe
  C:\Windows\System\dVAVKIA.exe
  2⤵
  PID:8076
- C:\Windows\System\zyglPeQ.exe
  C:\Windows\System\zyglPeQ.exe
  2⤵
  PID:8096
- C:\Windows\System\dRicfUI.exe
  C:\Windows\System\dRicfUI.exe
  2⤵
  PID:8132
- C:\Windows\System\zYfbWCF.exe
  C:\Windows\System\zYfbWCF.exe
  2⤵
  PID:8152
- C:\Windows\System\nidgEho.exe
  C:\Windows\System\nidgEho.exe
  2⤵
  PID:8172
- C:\Windows\System\CUiUXgY.exe
  C:\Windows\System\CUiUXgY.exe
  2⤵
  PID:8188
- C:\Windows\System\KUYxYDw.exe
  C:\Windows\System\KUYxYDw.exe
  2⤵
  PID:6660
- C:\Windows\System\iXLsMVK.exe
  C:\Windows\System\iXLsMVK.exe
  2⤵
  PID:7092
- C:\Windows\System\cGVCzVR.exe
  C:\Windows\System\cGVCzVR.exe
  2⤵
  PID:7224
- C:\Windows\System\WZBDVTy.exe
  C:\Windows\System\WZBDVTy.exe
  2⤵
  PID:7228
- C:\Windows\System\DWDWZAV.exe
  C:\Windows\System\DWDWZAV.exe
  2⤵
  PID:6196
- C:\Windows\System\rACsHUY.exe
  C:\Windows\System\rACsHUY.exe
  2⤵
  PID:7320
- C:\Windows\System\LiXBhAF.exe
  C:\Windows\System\LiXBhAF.exe
  2⤵
  PID:7364
- C:\Windows\System\voFhoNc.exe
  C:\Windows\System\voFhoNc.exe
  2⤵
  PID:7268
- C:\Windows\System\qAFoEuK.exe
  C:\Windows\System\qAFoEuK.exe
  2⤵
  PID:7336
- C:\Windows\System\ZrrWxUc.exe
  C:\Windows\System\ZrrWxUc.exe
  2⤵
  PID:7420
- C:\Windows\System\YGMfZga.exe
  C:\Windows\System\YGMfZga.exe
  2⤵
  PID:7460
- C:\Windows\System\NdbaWlP.exe
  C:\Windows\System\NdbaWlP.exe
  2⤵
  PID:7464
- C:\Windows\System\HViHVQA.exe
  C:\Windows\System\HViHVQA.exe
  2⤵
  PID:7476
- C:\Windows\System\bLbUeGe.exe
  C:\Windows\System\bLbUeGe.exe
  2⤵
  PID:7568
- C:\Windows\System\DfIjjnL.exe
  C:\Windows\System\DfIjjnL.exe
  2⤵
  PID:7556
- C:\Windows\System\IhVCxEb.exe
  C:\Windows\System\IhVCxEb.exe
  2⤵
  PID:7588
- C:\Windows\System\ySabMFS.exe
  C:\Windows\System\ySabMFS.exe
  2⤵
  PID:7632
- C:\Windows\System\jhtWIdP.exe
  C:\Windows\System\jhtWIdP.exe
  2⤵
  PID:7676
- C:\Windows\System\MfPyXKQ.exe
  C:\Windows\System\MfPyXKQ.exe
  2⤵
  PID:7700
- C:\Windows\System\dArcuZk.exe
  C:\Windows\System\dArcuZk.exe
  2⤵
  PID:7812
- C:\Windows\System\lATRlhs.exe
  C:\Windows\System\lATRlhs.exe
  2⤵
  PID:7800
- C:\Windows\System\kwhpaDN.exe
  C:\Windows\System\kwhpaDN.exe
  2⤵
  PID:7848
- C:\Windows\System\sSvlTQm.exe
  C:\Windows\System\sSvlTQm.exe
  2⤵
  PID:7832
- C:\Windows\System\SQZIuQC.exe
  C:\Windows\System\SQZIuQC.exe
  2⤵
  PID:7876
- C:\Windows\System\pCXVAAI.exe
  C:\Windows\System\pCXVAAI.exe
  2⤵
  PID:7880
- C:\Windows\System\lzkLmbT.exe
  C:\Windows\System\lzkLmbT.exe
  2⤵
  PID:7920
- C:\Windows\System\tfUtrIs.exe
  C:\Windows\System\tfUtrIs.exe
  2⤵
  PID:7936
- C:\Windows\System\jhAGBpG.exe
  C:\Windows\System\jhAGBpG.exe
  2⤵
  PID:8048
- C:\Windows\System\sNMqHLa.exe
  C:\Windows\System\sNMqHLa.exe
  2⤵
  PID:8084
- C:\Windows\System\aOIssgk.exe
  C:\Windows\System\aOIssgk.exe
  2⤵
  PID:8060
- C:\Windows\System\BNMIEiX.exe
  C:\Windows\System\BNMIEiX.exe
  2⤵
  PID:8072
- C:\Windows\System\kupFlKM.exe
  C:\Windows\System\kupFlKM.exe
  2⤵
  PID:8148
- C:\Windows\System\CHBpwXY.exe
  C:\Windows\System\CHBpwXY.exe
  2⤵
  PID:8180
- C:\Windows\System\QAUiaHN.exe
  C:\Windows\System\QAUiaHN.exe
  2⤵
  PID:6720
- C:\Windows\System\myufFtf.exe
  C:\Windows\System\myufFtf.exe
  2⤵
  PID:7212
- C:\Windows\System\qcrMckI.exe
  C:\Windows\System\qcrMckI.exe
  2⤵
  PID:7176
- C:\Windows\System\WrZXCXu.exe
  C:\Windows\System\WrZXCXu.exe
  2⤵
  PID:7264
- C:\Windows\System\JnjwnoD.exe
  C:\Windows\System\JnjwnoD.exe
  2⤵
  PID:7300
- C:\Windows\System\nVWtMsS.exe
  C:\Windows\System\nVWtMsS.exe
  2⤵
  PID:7360
- C:\Windows\System\ABhxKBI.exe
  C:\Windows\System\ABhxKBI.exe
  2⤵
  PID:7536
- C:\Windows\System\jGIeoGw.exe
  C:\Windows\System\jGIeoGw.exe
  2⤵
  PID:7452
- C:\Windows\System\rIlaEcu.exe
  C:\Windows\System\rIlaEcu.exe
  2⤵
  PID:7548
- C:\Windows\System\cCsuZpw.exe
  C:\Windows\System\cCsuZpw.exe
  2⤵
  PID:7584
- C:\Windows\System\nJmylcK.exe
  C:\Windows\System\nJmylcK.exe
  2⤵
  PID:7684
- C:\Windows\System\JsWuvUK.exe
  C:\Windows\System\JsWuvUK.exe
  2⤵
  PID:7780
- C:\Windows\System\cywKKfe.exe
  C:\Windows\System\cywKKfe.exe
  2⤵
  PID:7816
- C:\Windows\System\Bumqyfa.exe
  C:\Windows\System\Bumqyfa.exe
  2⤵
  PID:7968
- C:\Windows\System\BAoNYtK.exe
  C:\Windows\System\BAoNYtK.exe
  2⤵
  PID:7976
- C:\Windows\System\khlEovY.exe
  C:\Windows\System\khlEovY.exe
  2⤵
  PID:8108
- C:\Windows\System\vHzfUNg.exe
  C:\Windows\System\vHzfUNg.exe
  2⤵
  PID:8112
- C:\Windows\System\AbfTakS.exe
  C:\Windows\System\AbfTakS.exe
  2⤵
  PID:7912
- C:\Windows\System\dINKkpc.exe
  C:\Windows\System\dINKkpc.exe
  2⤵
  PID:7388
- C:\Windows\System\UwVoFBa.exe
  C:\Windows\System\UwVoFBa.exe
  2⤵
  PID:7796
- C:\Windows\System\kBTwADW.exe
  C:\Windows\System\kBTwADW.exe
  2⤵
  PID:7932
- C:\Windows\System\sAdPiSI.exe
  C:\Windows\System\sAdPiSI.exe
  2⤵
  PID:7076
- C:\Windows\System\eEKVhdU.exe
  C:\Windows\System\eEKVhdU.exe
  2⤵
  PID:7496
- C:\Windows\System\izficwc.exe
  C:\Windows\System\izficwc.exe
  2⤵
  PID:7448
- C:\Windows\System\kiaIVHG.exe
  C:\Windows\System\kiaIVHG.exe
  2⤵
  PID:7736
- C:\Windows\System\tCWYqqA.exe
  C:\Windows\System\tCWYqqA.exe
  2⤵
  PID:7652
- C:\Windows\System\VKczJLc.exe
  C:\Windows\System\VKczJLc.exe
  2⤵
  PID:7688
- C:\Windows\System\wfRWSnC.exe
  C:\Windows\System\wfRWSnC.exe
  2⤵
  PID:7792
- C:\Windows\System\HrafGpx.exe
  C:\Windows\System\HrafGpx.exe
  2⤵
  PID:8044
- C:\Windows\System\pFdsMGH.exe
  C:\Windows\System\pFdsMGH.exe
  2⤵
  PID:7192
- C:\Windows\System\DhpHQgp.exe
  C:\Windows\System\DhpHQgp.exe
  2⤵
  PID:7284
- C:\Windows\System\EWOiJHZ.exe
  C:\Windows\System\EWOiJHZ.exe
  2⤵
  PID:6356
- C:\Windows\System\IJFwoLt.exe
  C:\Windows\System\IJFwoLt.exe
  2⤵
  PID:7372
- C:\Windows\System\UqapeGu.exe
  C:\Windows\System\UqapeGu.exe
  2⤵
  PID:8068
- C:\Windows\System\xxiQLOY.exe
  C:\Windows\System\xxiQLOY.exe
  2⤵
  PID:7636
- C:\Windows\System\QldyRTw.exe
  C:\Windows\System\QldyRTw.exe
  2⤵
  PID:7552
- C:\Windows\System\RsPIpib.exe
  C:\Windows\System\RsPIpib.exe
  2⤵
  PID:7872
- C:\Windows\System\Nnwebwi.exe
  C:\Windows\System\Nnwebwi.exe
  2⤵
  PID:7392
- C:\Windows\System\UTGKtqv.exe
  C:\Windows\System\UTGKtqv.exe
  2⤵
  PID:7604
- C:\Windows\System\oQaVPir.exe
  C:\Windows\System\oQaVPir.exe
  2⤵
  PID:7608
- C:\Windows\System\cCEvZlX.exe
  C:\Windows\System\cCEvZlX.exe
  2⤵
  PID:7480
- C:\Windows\System\tCUXUOM.exe
  C:\Windows\System\tCUXUOM.exe
  2⤵
  PID:8004
- C:\Windows\System\qGkjwcW.exe
  C:\Windows\System\qGkjwcW.exe
  2⤵
  PID:8124
- C:\Windows\System\xrDTyJT.exe
  C:\Windows\System\xrDTyJT.exe
  2⤵
  PID:7532
- C:\Windows\System\acAAYXT.exe
  C:\Windows\System\acAAYXT.exe
  2⤵
  PID:7916
- C:\Windows\System\OxBebIE.exe
  C:\Windows\System\OxBebIE.exe
  2⤵
  PID:8204
- C:\Windows\System\PlElbAP.exe
  C:\Windows\System\PlElbAP.exe
  2⤵
  PID:8224
- C:\Windows\System\hPKMjYD.exe
  C:\Windows\System\hPKMjYD.exe
  2⤵
  PID:8248
- C:\Windows\System\DjoHirx.exe
  C:\Windows\System\DjoHirx.exe
  2⤵
  PID:8268
- C:\Windows\System\GUUPyAL.exe
  C:\Windows\System\GUUPyAL.exe
  2⤵
  PID:8292
- C:\Windows\System\aMrilhM.exe
  C:\Windows\System\aMrilhM.exe
  2⤵
  PID:8308
- C:\Windows\System\BfamOsC.exe
  C:\Windows\System\BfamOsC.exe
  2⤵
  PID:8332
- C:\Windows\System\CvNNyAZ.exe
  C:\Windows\System\CvNNyAZ.exe
  2⤵
  PID:8368
- C:\Windows\System\gqZvntj.exe
  C:\Windows\System\gqZvntj.exe
  2⤵
  PID:8388
- C:\Windows\System\mtyynvc.exe
  C:\Windows\System\mtyynvc.exe
  2⤵
  PID:8404
- C:\Windows\System\msgmFWw.exe
  C:\Windows\System\msgmFWw.exe
  2⤵
  PID:8420
- C:\Windows\System\HCvLptG.exe
  C:\Windows\System\HCvLptG.exe
  2⤵
  PID:8440
- C:\Windows\System\oHBEHDx.exe
  C:\Windows\System\oHBEHDx.exe
  2⤵
  PID:8460
- C:\Windows\System\zWHTuUC.exe
  C:\Windows\System\zWHTuUC.exe
  2⤵
  PID:8476
- C:\Windows\System\Uqshkyj.exe
  C:\Windows\System\Uqshkyj.exe
  2⤵
  PID:8504
- C:\Windows\System\DwJJdOa.exe
  C:\Windows\System\DwJJdOa.exe
  2⤵
  PID:8528
- C:\Windows\System\FcOKXUF.exe
  C:\Windows\System\FcOKXUF.exe
  2⤵
  PID:8552
- C:\Windows\System\VQHrqka.exe
  C:\Windows\System\VQHrqka.exe
  2⤵
  PID:8576
- C:\Windows\System\fSSFZwA.exe
  C:\Windows\System\fSSFZwA.exe
  2⤵
  PID:8592
- C:\Windows\System\FsmyOLV.exe
  C:\Windows\System\FsmyOLV.exe
  2⤵
  PID:8608
- C:\Windows\System\WqEDSeK.exe
  C:\Windows\System\WqEDSeK.exe
  2⤵
  PID:8624
- C:\Windows\System\yulyszU.exe
  C:\Windows\System\yulyszU.exe
  2⤵
  PID:8640
- C:\Windows\System\ePvSiwa.exe
  C:\Windows\System\ePvSiwa.exe
  2⤵
  PID:8656
- C:\Windows\System\dTbbEbj.exe
  C:\Windows\System\dTbbEbj.exe
  2⤵
  PID:8676
- C:\Windows\System\QLHHnAQ.exe
  C:\Windows\System\QLHHnAQ.exe
  2⤵
  PID:8704
- C:\Windows\System\jLncRSy.exe
  C:\Windows\System\jLncRSy.exe
  2⤵
  PID:8740
- C:\Windows\System\pIZYVpS.exe
  C:\Windows\System\pIZYVpS.exe
  2⤵
  PID:8756
- C:\Windows\System\rWDNEtv.exe
  C:\Windows\System\rWDNEtv.exe
  2⤵
  PID:8772
- C:\Windows\System\DSsFLQq.exe
  C:\Windows\System\DSsFLQq.exe
  2⤵
  PID:8788
- C:\Windows\System\GrFpfxR.exe
  C:\Windows\System\GrFpfxR.exe
  2⤵
  PID:8804
- C:\Windows\System\gmhYqVb.exe
  C:\Windows\System\gmhYqVb.exe
  2⤵
  PID:8852
- C:\Windows\System\ISyCdXt.exe
  C:\Windows\System\ISyCdXt.exe
  2⤵
  PID:8868
- C:\Windows\System\WEtzdsz.exe
  C:\Windows\System\WEtzdsz.exe
  2⤵
  PID:8888
- C:\Windows\System\cKQNerj.exe
  C:\Windows\System\cKQNerj.exe
  2⤵
  PID:8916
- C:\Windows\System\NPAIrYW.exe
  C:\Windows\System\NPAIrYW.exe
  2⤵
  PID:8932
- C:\Windows\System\jrnAWqv.exe
  C:\Windows\System\jrnAWqv.exe
  2⤵
  PID:8952
- C:\Windows\System\SqxsGtX.exe
  C:\Windows\System\SqxsGtX.exe
  2⤵
  PID:8972
- C:\Windows\System\yWThgBa.exe
  C:\Windows\System\yWThgBa.exe
  2⤵
  PID:9004
- C:\Windows\System\XUjIeWJ.exe
  C:\Windows\System\XUjIeWJ.exe
  2⤵
  PID:9020
- C:\Windows\System\ZNqfgqK.exe
  C:\Windows\System\ZNqfgqK.exe
  2⤵
  PID:9036
- C:\Windows\System\cRsRHpe.exe
  C:\Windows\System\cRsRHpe.exe
  2⤵
  PID:9056
- C:\Windows\System\eIUAQUh.exe
  C:\Windows\System\eIUAQUh.exe
  2⤵
  PID:9076
- C:\Windows\System\IrKwKif.exe
  C:\Windows\System\IrKwKif.exe
  2⤵
  PID:9092
- C:\Windows\System\AZGpHNo.exe
  C:\Windows\System\AZGpHNo.exe
  2⤵
  PID:9108
- C:\Windows\System\LzemNnp.exe
  C:\Windows\System\LzemNnp.exe
  2⤵
  PID:9124
- C:\Windows\System\dzffCTN.exe
  C:\Windows\System\dzffCTN.exe
  2⤵
  PID:9148
- C:\Windows\System\JzDEJji.exe
  C:\Windows\System\JzDEJji.exe
  2⤵
  PID:9176
- C:\Windows\System\UOslxqq.exe
  C:\Windows\System\UOslxqq.exe
  2⤵
  PID:9208
- C:\Windows\System\mzSndso.exe
  C:\Windows\System\mzSndso.exe
  2⤵
  PID:8008
- C:\Windows\System\KcwlGdX.exe
  C:\Windows\System\KcwlGdX.exe
  2⤵
  PID:7220
- C:\Windows\System\cZyBEZy.exe
  C:\Windows\System\cZyBEZy.exe
  2⤵
  PID:7232
- C:\Windows\System\QVTstmu.exe
  C:\Windows\System\QVTstmu.exe
  2⤵
  PID:8200
- C:\Windows\System\FAplEZb.exe
  C:\Windows\System\FAplEZb.exe
  2⤵
  PID:8280
- C:\Windows\System\SxUyhFC.exe
  C:\Windows\System\SxUyhFC.exe
  2⤵
  PID:8284
- C:\Windows\System\wbTdezI.exe
  C:\Windows\System\wbTdezI.exe
  2⤵
  PID:8344
- C:\Windows\System\JkmtNCW.exe
  C:\Windows\System\JkmtNCW.exe
  2⤵
  PID:8384
- C:\Windows\System\CSKPfyB.exe
  C:\Windows\System\CSKPfyB.exe
  2⤵
  PID:8428
- C:\Windows\System\lYmHPWR.exe
  C:\Windows\System\lYmHPWR.exe
  2⤵
  PID:8452
- C:\Windows\System\fEcYuEr.exe
  C:\Windows\System\fEcYuEr.exe
  2⤵
  PID:8488
- C:\Windows\System\ZfoQPmD.exe
  C:\Windows\System\ZfoQPmD.exe
  2⤵
  PID:8500
- C:\Windows\System\TeDNaau.exe
  C:\Windows\System\TeDNaau.exe
  2⤵
  PID:8548
- C:\Windows\System\vwGFeyS.exe
  C:\Windows\System\vwGFeyS.exe
  2⤵
  PID:8600
- C:\Windows\System\HUoGfaj.exe
  C:\Windows\System\HUoGfaj.exe
  2⤵
  PID:8672
- C:\Windows\System\CGrNBbY.exe
  C:\Windows\System\CGrNBbY.exe
  2⤵
  PID:8648
- C:\Windows\System\dWxSpZE.exe
  C:\Windows\System\dWxSpZE.exe
  2⤵
  PID:8700
- C:\Windows\System\aMwcCRh.exe
  C:\Windows\System\aMwcCRh.exe
  2⤵
  PID:8732
- C:\Windows\System\lhUbtCB.exe
  C:\Windows\System\lhUbtCB.exe
  2⤵
  PID:8768
- C:\Windows\System\WrLblJa.exe
  C:\Windows\System\WrLblJa.exe
  2⤵
  PID:8820
- C:\Windows\System\khaNAAu.exe
  C:\Windows\System\khaNAAu.exe
  2⤵
  PID:8516
- C:\Windows\System\kgxROgV.exe
  C:\Windows\System\kgxROgV.exe
  2⤵
  PID:8876
- C:\Windows\System\YclPzwC.exe
  C:\Windows\System\YclPzwC.exe
  2⤵
  PID:8900
- C:\Windows\System\CbeyWIS.exe
  C:\Windows\System\CbeyWIS.exe
  2⤵
  PID:8948
- C:\Windows\System\UFgBIah.exe
  C:\Windows\System\UFgBIah.exe
  2⤵
  PID:8980
- C:\Windows\System\wtKWNwc.exe
  C:\Windows\System\wtKWNwc.exe
  2⤵
  PID:9012
- C:\Windows\System\kXkElDR.exe
  C:\Windows\System\kXkElDR.exe
  2⤵
  PID:9044
- C:\Windows\System\xYxZVDD.exe
  C:\Windows\System\xYxZVDD.exe
  2⤵
  PID:9104
- C:\Windows\System\oBwUVpi.exe
  C:\Windows\System\oBwUVpi.exe
  2⤵
  PID:9144
- C:\Windows\System\VXAyzFT.exe
  C:\Windows\System\VXAyzFT.exe
  2⤵
  PID:9160
- C:\Windows\System\UqBphub.exe
  C:\Windows\System\UqBphub.exe
  2⤵
  PID:9188
- C:\Windows\System\kibvufd.exe
  C:\Windows\System\kibvufd.exe
  2⤵
  PID:9204
- C:\Windows\System\shtrnTh.exe
  C:\Windows\System\shtrnTh.exe
  2⤵
  PID:8196
- C:\Windows\System\gtuBgXt.exe
  C:\Windows\System\gtuBgXt.exe
  2⤵
  PID:8256
- C:\Windows\System\qBFeArN.exe
  C:\Windows\System\qBFeArN.exe
  2⤵
  PID:8364
- C:\Windows\System\ZegVQMD.exe
  C:\Windows\System\ZegVQMD.exe
  2⤵
  PID:8448
- C:\Windows\System\MhEgBYB.exe
  C:\Windows\System\MhEgBYB.exe
  2⤵
  PID:8324
- C:\Windows\System\jpohnsA.exe
  C:\Windows\System\jpohnsA.exe
  2⤵
  PID:8456
- C:\Windows\System\mzNqLen.exe
  C:\Windows\System\mzNqLen.exe
  2⤵
  PID:8536
- C:\Windows\System\zsyLEYq.exe
  C:\Windows\System\zsyLEYq.exe
  2⤵
  PID:8692
- C:\Windows\System\RIBQMjB.exe
  C:\Windows\System\RIBQMjB.exe
  2⤵
  PID:8664
- C:\Windows\System\JUKvlHv.exe
  C:\Windows\System\JUKvlHv.exe
  2⤵
  PID:8780
- C:\Windows\System\BLZkVLV.exe
  C:\Windows\System\BLZkVLV.exe
  2⤵
  PID:8764
- C:\Windows\System\XXCgcnD.exe
  C:\Windows\System\XXCgcnD.exe
  2⤵
  PID:8912
- C:\Windows\System\caBWgOo.exe
  C:\Windows\System\caBWgOo.exe
  2⤵
  PID:8940
- C:\Windows\System\WBvTQUU.exe
  C:\Windows\System\WBvTQUU.exe
  2⤵
  PID:8908
- C:\Windows\System\UWrNGuD.exe
  C:\Windows\System\UWrNGuD.exe
  2⤵
  PID:9088
- C:\Windows\System\RujUPuk.exe
  C:\Windows\System\RujUPuk.exe
  2⤵
  PID:9196
- C:\Windows\System\rwftpOx.exe
  C:\Windows\System\rwftpOx.exe
  2⤵
  PID:9068
- C:\Windows\System\eqgYuqW.exe
  C:\Windows\System\eqgYuqW.exe
  2⤵
  PID:9172
- C:\Windows\System\IRNetXE.exe
  C:\Windows\System\IRNetXE.exe
  2⤵
  PID:9140
- C:\Windows\System\SouhRql.exe
  C:\Windows\System\SouhRql.exe
  2⤵
  PID:9184
- C:\Windows\System\hSYHqpd.exe
  C:\Windows\System\hSYHqpd.exe
  2⤵
  PID:8484
- C:\Windows\System\VaGqvrs.exe
  C:\Windows\System\VaGqvrs.exe
  2⤵
  PID:8400
- C:\Windows\System\uXmZJAi.exe
  C:\Windows\System\uXmZJAi.exe
  2⤵
  PID:8472
- C:\Windows\System\AtuDDzT.exe
  C:\Windows\System\AtuDDzT.exe
  2⤵
  PID:8748
- C:\Windows\System\fWaXEZV.exe
  C:\Windows\System\fWaXEZV.exe
  2⤵
  PID:8832
- C:\Windows\System\yUvzZBk.exe
  C:\Windows\System\yUvzZBk.exe
  2⤵
  PID:8988
- C:\Windows\System\zIjbkqd.exe
  C:\Windows\System\zIjbkqd.exe
  2⤵
  PID:8416
- C:\Windows\System\HqLptcU.exe
  C:\Windows\System\HqLptcU.exe
  2⤵
  PID:8572
- C:\Windows\System\lJIFLii.exe
  C:\Windows\System\lJIFLii.exe
  2⤵
  PID:8412
- C:\Windows\System\RZvYSmd.exe
  C:\Windows\System\RZvYSmd.exe
  2⤵
  PID:8264
- C:\Windows\System\GiuBhXo.exe
  C:\Windows\System\GiuBhXo.exe
  2⤵
  PID:8340
- C:\Windows\System\WCfojSj.exe
  C:\Windows\System\WCfojSj.exe
  2⤵
  PID:8668
- C:\Windows\System\SIXqzXX.exe
  C:\Windows\System\SIXqzXX.exe
  2⤵
  PID:8616
- C:\Windows\System\RyjzRCw.exe
  C:\Windows\System\RyjzRCw.exe
  2⤵
  PID:8880
- C:\Windows\System\tITdXiL.exe
  C:\Windows\System\tITdXiL.exe
  2⤵
  PID:8928
- C:\Windows\System\MJVDklW.exe
  C:\Windows\System\MJVDklW.exe
  2⤵
  PID:8944
- C:\Windows\System\wGSUBrh.exe
  C:\Windows\System\wGSUBrh.exe
  2⤵
  PID:8288
- C:\Windows\System\zjJeBtJ.exe
  C:\Windows\System\zjJeBtJ.exe
  2⤵
  PID:8632
- C:\Windows\System\rntEbnD.exe
  C:\Windows\System\rntEbnD.exe
  2⤵
  PID:8860
- C:\Windows\System\dSToRJy.exe
  C:\Windows\System\dSToRJy.exe
  2⤵
  PID:9032
- C:\Windows\System\pcvMVcq.exe
  C:\Windows\System\pcvMVcq.exe
  2⤵
  PID:8836
- C:\Windows\System\oInTWgc.exe
  C:\Windows\System\oInTWgc.exe
  2⤵
  PID:9228
- C:\Windows\System\jtABfRQ.exe
  C:\Windows\System\jtABfRQ.exe
  2⤵
  PID:9244
- C:\Windows\System\SLlkiIC.exe
  C:\Windows\System\SLlkiIC.exe
  2⤵
  PID:9268
- C:\Windows\System\KDnICGA.exe
  C:\Windows\System\KDnICGA.exe
  2⤵
  PID:9288
- C:\Windows\System\COPdaOJ.exe
  C:\Windows\System\COPdaOJ.exe
  2⤵
  PID:9304
- C:\Windows\System\PwYtyXy.exe
  C:\Windows\System\PwYtyXy.exe
  2⤵
  PID:9336
- C:\Windows\System\cxcgdtx.exe
  C:\Windows\System\cxcgdtx.exe
  2⤵
  PID:9372
- C:\Windows\System\TmmhvnW.exe
  C:\Windows\System\TmmhvnW.exe
  2⤵
  PID:9392
- C:\Windows\System\sSwDzLp.exe
  C:\Windows\System\sSwDzLp.exe
  2⤵
  PID:9416
- C:\Windows\System\mHkQTvT.exe
  C:\Windows\System\mHkQTvT.exe
  2⤵
  PID:9432
- C:\Windows\System\ZePggNF.exe
  C:\Windows\System\ZePggNF.exe
  2⤵
  PID:9452
- C:\Windows\System\gkngJfy.exe
  C:\Windows\System\gkngJfy.exe
  2⤵
  PID:9468
- C:\Windows\System\nqNzOJh.exe
  C:\Windows\System\nqNzOJh.exe
  2⤵
  PID:9488
- C:\Windows\System\dMATuoB.exe
  C:\Windows\System\dMATuoB.exe
  2⤵
  PID:9512
- C:\Windows\System\HzOqcbK.exe
  C:\Windows\System\HzOqcbK.exe
  2⤵
  PID:9528
- C:\Windows\System\qzjjHVS.exe
  C:\Windows\System\qzjjHVS.exe
  2⤵
  PID:9544
- C:\Windows\System\twDnIsi.exe
  C:\Windows\System\twDnIsi.exe
  2⤵
  PID:9564
- C:\Windows\System\gWGUsrh.exe
  C:\Windows\System\gWGUsrh.exe
  2⤵
  PID:9592
- C:\Windows\System\OFIcWiS.exe
  C:\Windows\System\OFIcWiS.exe
  2⤵
  PID:9612
- C:\Windows\System\hzhWPOj.exe
  C:\Windows\System\hzhWPOj.exe
  2⤵
  PID:9632
- C:\Windows\System\Ikfuulz.exe
  C:\Windows\System\Ikfuulz.exe
  2⤵
  PID:9656
- C:\Windows\System\qYCTwfg.exe
  C:\Windows\System\qYCTwfg.exe
  2⤵
  PID:9676
- C:\Windows\System\zQcXOSM.exe
  C:\Windows\System\zQcXOSM.exe
  2⤵
  PID:9696
- C:\Windows\System\xJQwTub.exe
  C:\Windows\System\xJQwTub.exe
  2⤵
  PID:9716
- C:\Windows\System\awZfATP.exe
  C:\Windows\System\awZfATP.exe
  2⤵
  PID:9736
- C:\Windows\System\JYhJORC.exe
  C:\Windows\System\JYhJORC.exe
  2⤵
  PID:9756
- C:\Windows\System\BjzJPtj.exe
  C:\Windows\System\BjzJPtj.exe
  2⤵
  PID:9780
- C:\Windows\System\vuTPwCh.exe
  C:\Windows\System\vuTPwCh.exe
  2⤵
  PID:9804
- C:\Windows\System\KRKepEw.exe
  C:\Windows\System\KRKepEw.exe
  2⤵
  PID:9824
- C:\Windows\System\gYfZyNv.exe
  C:\Windows\System\gYfZyNv.exe
  2⤵
  PID:9848
- C:\Windows\System\CpWsQBW.exe
  C:\Windows\System\CpWsQBW.exe
  2⤵
  PID:9868
- C:\Windows\System\AbWMOIH.exe
  C:\Windows\System\AbWMOIH.exe
  2⤵
  PID:9884
- C:\Windows\System\yvpFXdy.exe
  C:\Windows\System\yvpFXdy.exe
  2⤵
  PID:9904
- C:\Windows\System\uuCaobb.exe
  C:\Windows\System\uuCaobb.exe
  2⤵
  PID:9928
- C:\Windows\System\lOJuZJR.exe
  C:\Windows\System\lOJuZJR.exe
  2⤵
  PID:9948
- C:\Windows\System\xcpUgKe.exe
  C:\Windows\System\xcpUgKe.exe
  2⤵
  PID:9964
- C:\Windows\System\DEvhcho.exe
  C:\Windows\System\DEvhcho.exe
  2⤵
  PID:9984
- C:\Windows\System\OJaKfAJ.exe
  C:\Windows\System\OJaKfAJ.exe
  2⤵
  PID:10004
- C:\Windows\System\vKdkFAb.exe
  C:\Windows\System\vKdkFAb.exe
  2⤵
  PID:10024
- C:\Windows\System\KDiNOcK.exe
  C:\Windows\System\KDiNOcK.exe
  2⤵
  PID:10044
- C:\Windows\System\DdMabWz.exe
  C:\Windows\System\DdMabWz.exe
  2⤵
  PID:10064
- C:\Windows\System\PLpJnBC.exe
  C:\Windows\System\PLpJnBC.exe
  2⤵
  PID:10080
- C:\Windows\System\QFuBagB.exe
  C:\Windows\System\QFuBagB.exe
  2⤵
  PID:10108
- C:\Windows\System\JjawMPm.exe
  C:\Windows\System\JjawMPm.exe
  2⤵
  PID:10124
- C:\Windows\System\JVzMIjD.exe
  C:\Windows\System\JVzMIjD.exe
  2⤵
  PID:10144
- C:\Windows\System\Thapwvu.exe
  C:\Windows\System\Thapwvu.exe
  2⤵
  PID:10160
- C:\Windows\System\fZRdRrs.exe
  C:\Windows\System\fZRdRrs.exe
  2⤵
  PID:10176
- C:\Windows\System\lBJRzmT.exe
  C:\Windows\System\lBJRzmT.exe
  2⤵
  PID:10192
- C:\Windows\System\ByaZDiB.exe
  C:\Windows\System\ByaZDiB.exe
  2⤵
  PID:10208
- C:\Windows\System\jCiUFNs.exe
  C:\Windows\System\jCiUFNs.exe
  2⤵
  PID:10228
- C:\Windows\System\lWsxJbC.exe
  C:\Windows\System\lWsxJbC.exe
  2⤵
  PID:9296
- C:\Windows\System\VTQOIcj.exe
  C:\Windows\System\VTQOIcj.exe
  2⤵
  PID:9168
- C:\Windows\System\fbhcdHy.exe
  C:\Windows\System\fbhcdHy.exe
  2⤵
  PID:9316
- C:\Windows\System\awtBbsV.exe
  C:\Windows\System\awtBbsV.exe
  2⤵
  PID:8120
- C:\Windows\System\mfFJJAI.exe
  C:\Windows\System\mfFJJAI.exe
  2⤵
  PID:9284
- C:\Windows\System\lscBvup.exe
  C:\Windows\System\lscBvup.exe
  2⤵
  PID:9360
- C:\Windows\System\vTKglYD.exe
  C:\Windows\System\vTKglYD.exe
  2⤵
  PID:9388
- C:\Windows\System\nQrfpVo.exe
  C:\Windows\System\nQrfpVo.exe
  2⤵
  PID:9412
- C:\Windows\System\HDEmjMj.exe
  C:\Windows\System\HDEmjMj.exe
  2⤵
  PID:9476
- C:\Windows\System\PZWfGQu.exe
  C:\Windows\System\PZWfGQu.exe
  2⤵
  PID:9520
- C:\Windows\System\acwodlT.exe
  C:\Windows\System\acwodlT.exe
  2⤵
  PID:9552
- C:\Windows\System\NqLnSMQ.exe
  C:\Windows\System\NqLnSMQ.exe
  2⤵
  PID:9560
- C:\Windows\System\TneMYvO.exe
  C:\Windows\System\TneMYvO.exe
  2⤵
  PID:9588
- C:\Windows\System\ocBIHvu.exe
  C:\Windows\System\ocBIHvu.exe
  2⤵
  PID:9624
- C:\Windows\System\HOwryCG.exe
  C:\Windows\System\HOwryCG.exe
  2⤵
  PID:9644
- C:\Windows\System\YvyXkFo.exe
  C:\Windows\System\YvyXkFo.exe
  2⤵
  PID:9692
- C:\Windows\System\GlutWPf.exe
  C:\Windows\System\GlutWPf.exe
  2⤵
  PID:9712
- C:\Windows\System\qZCOeHm.exe
  C:\Windows\System\qZCOeHm.exe
  2⤵
  PID:9752
- C:\Windows\System\CqyPOBd.exe
  C:\Windows\System\CqyPOBd.exe
  2⤵
  PID:9776
- C:\Windows\System\vuxXiJf.exe
  C:\Windows\System\vuxXiJf.exe
  2⤵
  PID:9816
- C:\Windows\System\GcAAAPS.exe
  C:\Windows\System\GcAAAPS.exe
  2⤵
  PID:9836
- C:\Windows\System\EYTPrJu.exe
  C:\Windows\System\EYTPrJu.exe
  2⤵
  PID:9876
- C:\Windows\System\wiYNUBb.exe
  C:\Windows\System\wiYNUBb.exe
  2⤵
  PID:9920
- C:\Windows\System\YWTigiV.exe
  C:\Windows\System\YWTigiV.exe
  2⤵
  PID:9944
- C:\Windows\System\mYWQlVS.exe
  C:\Windows\System\mYWQlVS.exe
  2⤵
  PID:10000
- C:\Windows\System\drSdhgF.exe
  C:\Windows\System\drSdhgF.exe
  2⤵
  PID:10016
- C:\Windows\System\TgsuyRt.exe
  C:\Windows\System\TgsuyRt.exe
  2⤵
  PID:10052
- C:\Windows\System\CrjnfFp.exe
  C:\Windows\System\CrjnfFp.exe
  2⤵
  PID:10088
- C:\Windows\System\NogCOEj.exe
  C:\Windows\System\NogCOEj.exe
  2⤵
  PID:10116
- C:\Windows\System\wnpwCoV.exe
  C:\Windows\System\wnpwCoV.exe
  2⤵
  PID:10140
- C:\Windows\System\xdgLdSC.exe
  C:\Windows\System\xdgLdSC.exe
  2⤵
  PID:10188
- C:\Windows\System\YiCWPVu.exe
  C:\Windows\System\YiCWPVu.exe
  2⤵
  PID:9236
- C:\Windows\System\pELmEKQ.exe
  C:\Windows\System\pELmEKQ.exe
  2⤵
  PID:10220
- C:\Windows\System\IiYObGI.exe
  C:\Windows\System\IiYObGI.exe
  2⤵
  PID:8520
- C:\Windows\System\IvNwRQE.exe
  C:\Windows\System\IvNwRQE.exe
  2⤵
  PID:9352
- C:\Windows\System\wJfOwsv.exe
  C:\Windows\System\wJfOwsv.exe
  2⤵
  PID:9380
- C:\Windows\System\HITBxkn.exe
  C:\Windows\System\HITBxkn.exe
  2⤵
  PID:9428
- C:\Windows\System\eEfFlRo.exe
  C:\Windows\System\eEfFlRo.exe
  2⤵
  PID:9480
- C:\Windows\System\sagIxHD.exe
  C:\Windows\System\sagIxHD.exe
  2⤵
  PID:9500
- C:\Windows\System\pEgywiv.exe
  C:\Windows\System\pEgywiv.exe
  2⤵
  PID:9556
- C:\Windows\System\PKBDQHp.exe
  C:\Windows\System\PKBDQHp.exe
  2⤵
  PID:9628
- C:\Windows\System\nfvsCGk.exe
  C:\Windows\System\nfvsCGk.exe
  2⤵
  PID:9608
- C:\Windows\System\ZtykSvV.exe
  C:\Windows\System\ZtykSvV.exe
  2⤵
  PID:9768
- C:\Windows\System\KhZIxkN.exe
  C:\Windows\System\KhZIxkN.exe
  2⤵
  PID:9820
- C:\Windows\System\HncMKXS.exe
  C:\Windows\System\HncMKXS.exe
  2⤵
  PID:9896
- C:\Windows\System\nNIwgpr.exe
  C:\Windows\System\nNIwgpr.exe
  2⤵
  PID:9960
- C:\Windows\System\SFgnKUi.exe
  C:\Windows\System\SFgnKUi.exe
  2⤵
  PID:9992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ABIuiRq.exe

Filesize
6.0MB

MD5
2966fc2cbd74e0abbfd3ee161e470674

SHA1
3a3a00f977883f42e11e8b8fb2f76f8a2839295a

SHA256
d18ca3a55d52ccda4cc8b0c4076a56b4fe2bf71ef30a70f36eec89f390ba9654

SHA512
f9e9e7c2ab5f9c0b30cfa065a0680377804aac5de322155c4cacf39719e620ba3b1b8e84a752d7aefad2a08476508a6ad9e2ce083297740affbc85b07060320b

Download Submit
C:\Windows\system\BoiJAFp.exe

Filesize
6.0MB

MD5
f3c157d9e0180b328bf0ce194235d968

SHA1
17f7df24fa25ad2fc188ff69e1416e48f284d596

SHA256
8134bc476fd445a21a8e32817dbda4d19a8afbac80aedc6f000be12083c364f6

SHA512
f7441ed733b09803b5f97dcb08f6040ed82ded9faa65509b7b7e8114fc18af3555ffcde08d405c7d728fa2317b9bd6acd1d81cb68945e29076fbbe907b29923d

Download Submit
C:\Windows\system\BsYCXIi.exe

Filesize
6.0MB

MD5
248b2d2cebb7a7465e7f22ec87d3c3ca

SHA1
4105450e0a01e508f8ab586bb8b13ac0bf0755fe

SHA256
df5ac30babb072a32ecd8aa0a453ea70c76f2a5f19d147807b8d9f1ece06f5c7

SHA512
828b34d9cb887e90a0bb5ea3e9b427898da96e3a0d17bdd9daac3c571bf2eb730871a50f25f84a1b45fb49c4ac2e9a358f2735c96804a36bbc65b870ec5b9f72

Download Submit
C:\Windows\system\EzLJCiv.exe

Filesize
6.0MB

MD5
9b6adfb968b2c812b7b1dc92c0aecd9e

SHA1
ff86f2605afa1a70f4defc3c761a65275fd1afe3

SHA256
d5c4ea0c96157a298b291e459b265812f3f2fc10e72d04e26658891e29703857

SHA512
280733f4cda8a38c16b1bc9bb500afd919e0f20204194233e780a2cf63061981906ec6c112e67761df531b9ed4473fe53b4101631fc110eb57b0801ed038ba98

Download Submit
C:\Windows\system\HLzqBEb.exe

Filesize
6.0MB

MD5
c492aeda9612156843c79c0f3abfb372

SHA1
985307c63e69d51ee6097750b92c126d9865f0c2

SHA256
da102e07d911afaae6c533a4c4b83d2c404be37e933fbe90feeace6557190620

SHA512
4ba9f8948c0a5e5565ea80cfafc3c453d699bedfb86f6c639242f9de6e701832b9d6f2e897b4589491df9a26bbb2e0a8fead2e35359081e9e1fea50ebc145783

Download Submit
C:\Windows\system\KKcDLru.exe

Filesize
6.0MB

MD5
a6da44d8ad66cc9dc202822f91467d03

SHA1
58fa31d2198ba8f9b1efde877e7db120c3c8434e

SHA256
20db50d00c54fe3fcb2c7c48e8c6632a625a4fc223397b519f3d233f5f070fc8

SHA512
041c241c921f85e925bd48823b43b4238c2e14d4b4dfec96d76a808ead92026269ed46a1fe8df97ef09ac88b1bfcb21f53ee86af5cb9e58c0d863d201a2c1243

Download Submit
C:\Windows\system\OBWUuLl.exe

Filesize
6.0MB

MD5
101f46942215069dfb6674d3d79993a9

SHA1
38e10c1583d8e24487fc29304e617a59ee83a29f

SHA256
85c47c138b990012115a19ebcf49d23b6d6e223a372cf31abff3bcfa75120dd5

SHA512
0f3b79af8acc8294715aad31acda5ef2ac318abc6f37117b13df8035d352edeb68b54e5ab9b22b0e0720a651bdc7e573649aa01f820a2f7532773d3021af0052

Download Submit
C:\Windows\system\PMygqmm.exe

Filesize
6.0MB

MD5
33c2327654b57ac18062b5e095ae8980

SHA1
211da41cb8cb6ff09f7eee9266b0aeca856d3506

SHA256
964e03806cfa5751ddcf56fdd42e34a5130951c6e821915a98af59f222e6bd1d

SHA512
9231c042e219411154e24f09146d57dfd073b2bdf2984991ead8e6340093833555c82a8bc1315fc5c12547ac5f2ec9ece316c34b89acd232f27a0a9120996742

Download Submit
C:\Windows\system\QpXVPgo.exe

Filesize
6.0MB

MD5
c843904697225b2b4a86334d0953f3fb

SHA1
30428a3304c33f94c2da978f0669b7cfb1647d44

SHA256
200b03b71f63fb8d39211fcdf31876ed3386c2966be909323d592d5178b8a4f7

SHA512
90e50abf107ae3804f340980fe0bca6782bf363a45efcea2e81ba3bbef9bbaa45fa438ae26daf1ee97cbe518528f4d0b31fc09a9088dd2f0a7f6e0b3304c08ea

Download Submit
C:\Windows\system\RkmHJfO.exe

Filesize
6.0MB

MD5
6207c817809be83fe92fdd667f86c0bd

SHA1
9a1e69a966dbba3c1348477e7e24bf4c21a07807

SHA256
003eaa27a95048bc89be99dffb26b8decd20b52edfc45bcef126d757204763af

SHA512
8b924747121cf99b6d69df4e11a7570dfa2e12c58e392dea3749ea99df6195540fea0f76944edaf88d0131d5198ef7be7e61153cbd0723ee54729ca8f9401f7a

Download Submit
C:\Windows\system\VCzeZmZ.exe

Filesize
6.0MB

MD5
213b86cbc9ef3b980bf80f7ab5b752bc

SHA1
fd3246db8dce40bc42b561246a718e82e184caf3

SHA256
14fd5c9b49b8598d76546c31f7059648d0c215825e533004c399c13c64be9158

SHA512
9ccca07794762825f1f53a1c6c23d5b83acad1d0eef38a55a36e448971966e95189bd6fce9df798220ba1983d498b22f87b95d09734d10f13f7c0a72d93bb1cd

Download Submit
C:\Windows\system\ZRwHPBc.exe

Filesize
6.0MB

MD5
9ec0a11d42aec39cfb109d7c9a629d46

SHA1
9038ad7d348ced3dd626c171c9725faa7838bbf8

SHA256
a9be72e505c360c8b88d3ccf96c3e7e64bd1c2a0cabba0c823b944085ba5e413

SHA512
8180b3bad96d688a9eecc5801dfe267d6046179038dc390e236ed489b35ba71bd9ee4d156bc784099abc4949970bf15d6f379ff1d94fa90a206b98d7c90f505e

Download Submit
C:\Windows\system\czyWAKr.exe

Filesize
6.0MB

MD5
326a3179142811c4300b19018246dcf4

SHA1
7c3768fb19eaeb6ea66fc9e0fbd582b623738588

SHA256
0b4f5d72cb6a43702ae36402025e332940c8bf43852410e22b7c589387068c6c

SHA512
3e84c44f761fef5b7c85fd317fffed33c2f87a8c919ba3f5e31b0294328260527c0eda6c4534cf1c5f094fdf8c896c9b0f0807898d7f8a780700a0b7f7126f00

Download Submit
C:\Windows\system\dedNgLn.exe

Filesize
6.0MB

MD5
c10ada559d93e1dc0eb6ace9fb26b0eb

SHA1
8e9dbb65d9af48e018a305f219c439fd5710eb0d

SHA256
a6477ad24a085a25130b0536ce2299b427c0da687ebce64e1a012632360bb2a1

SHA512
a6ec82a294663c585340f836f0165a5ddcd8796a7f2f4977c72821a2a7ce3b652d19a94671188b92e9bb1f37bfab42034a3b4b793b861ebbb0bdbb58b37bf754

Download Submit
C:\Windows\system\fjxCKmG.exe

Filesize
6.0MB

MD5
d678a912cbe9e512f0a89456182db3d7

SHA1
2f6ef80fcaa55a1b63e82aee3d285c5fff104934

SHA256
fd7151a833eae96fcbf003d88b050f77ef274ba3a2cb7b925be30d515d63b1ed

SHA512
5902558ac786f538a02478ceecbb80afae4104c0660fd702a28f5482405523de1d533dd7080001f8b0596c313ded71632261e5cae19403985a4e48abf32afda0

Download Submit
C:\Windows\system\gAJEVWG.exe

Filesize
6.0MB

MD5
d25bfe55faf5c0010cb405605079a173

SHA1
cad31f9139db5c7bcc3ce954f47d84534f4ba579

SHA256
b1bef5a9823a5123a2f7114f22ec887e2e1a50e714c4d270eaf8b0d6c3415cbe

SHA512
1911d67ee62dbb5cd9d6ebe3ae9534038582b01137d85175c6949845834e03e50f7bb4e3c20d156e724854397701631f6de5e78dc9aa717c094a094fb3d63fcd

Download Submit
C:\Windows\system\hzyLgtQ.exe

Filesize
6.0MB

MD5
77595073486ffe19e44160172b003aa0

SHA1
2cbd01421875c681f6b84cdb299aa0b6c79cc2b3

SHA256
cdaceceb9a07cf0e7c3c5e9655734d82aac3bac6ec0dace02f66c1c93553007b

SHA512
1511b66418e5dde627b2c59542c7b6cc23443294d835ae8c8add65ea599a6c2bf049fda1aec555eb900d50f29fcd9c167e2eca0458156ad3777d63ddca96e9d7

Download Submit
C:\Windows\system\jKHfFZG.exe

Filesize
8B

MD5
f98f6d5df04c6a8f578b98e7da8383dd

SHA1
46fba9d37f68b23a3b2cdafc6abb7c1a26692922

SHA256
584de554225f8bc787799035ae35e702514039b35a25156f036db912788a23fc

SHA512
cafa1621b85551755ca0e1d8d60cfd2b4d19f2bba058b87be01b37a1acaf2d263826e5e38f9b2d682fc832621f7e269dea8dc91cbafd9cd9c4efaaa5cdbbecfa

Download Submit
C:\Windows\system\kzhjrSz.exe

Filesize
6.0MB

MD5
4adcfe612d388d0a013ea525d99aacb5

SHA1
f430261ba30f1da369ffe16c14f9ac64115baa95

SHA256
dd27e4fdbab83655c2f39313ee58e17777f9e30babbb467db4c326c2611889f9

SHA512
1f9492722ea0788fee0fdfeeab13c649ef58b587101d5afe249d9f2636a4419debe3dbefd65e1822ac25afb4a528ed3875aef10a439078cf0913f4f86a5df4bc

Download Submit
C:\Windows\system\loNqokt.exe

Filesize
6.0MB

MD5
0eeaaa5988ec68d120c8ceb26af3238c

SHA1
2e37411544253641162ad33e4e9009456e1e879c

SHA256
81edd27743b91218a481fac2d83e2164f0a71329b82e009416f7cbe5f70ca64d

SHA512
0036625d8deadabff01e64c330904a7693fa7912c079fa217976119a5d7e0d40f7b5832d1d99d5607db44df696fd3fd106c5dc7f585f668c34ca13060b12dd98

Download Submit
C:\Windows\system\pFfmcmK.exe

Filesize
6.0MB

MD5
f796347e46f3a8e6fb6df0e2e1477192

SHA1
63ecaa8305e1bf40526a211c8d1ee031c5f54116

SHA256
f509f6393a870f8114769fd1315de1a229a371428499510f85a6dc5f41b9660c

SHA512
4ebc17d00acb0a513d3e2a6b274e2b2ddb0e2c2e4eda0d9e19c51e1086c5a6af37f3066b24e03e278b926dcbc0b51ae36b7239b89fad18b5e7bc567050d56f76

Download Submit
C:\Windows\system\pTrTUzy.exe

Filesize
6.0MB

MD5
9ec743a82546951f24e7f678bd7cb049

SHA1
1737e54fc94409f66b7af0d13c98b42db93e9863

SHA256
cc2a32a0252c70b9e5ed30d2c3d768f5d0e0d17432e696714d21f4254644dcae

SHA512
5a0321df19c8f0ef3586f4b7010f5b581ce0a1565ee8a4278a77ab4a38998dcb3fbf7569d89091661e2825fa56a402f5e1c36fab8571444f1c34cc1913c23b7a

Download Submit
C:\Windows\system\pvzplYS.exe

Filesize
6.0MB

MD5
422deb701ca4f0a368ee68b1203d258d

SHA1
3de940772fa013c3da3bb6b6cf09106cc82487da

SHA256
874a6334a9cb89a583ea3166a3697f031de260b6dda099996570a9a2c25a0fde

SHA512
1f2b52c9fe9180c1bab739a140a6c2c81deba95455c78b3b687bb6c2ba4c6d2da8902220f19d90ec073bfddd25dc260caaacc23c0ca500395974267b24110a28

Download Submit
C:\Windows\system\sdKwuEf.exe

Filesize
6.0MB

MD5
7cf7ac796ea51ff460dabafe4acb9844

SHA1
9a64fbd8a34c61eb0b9f8f1ff85f1c62b8bd0213

SHA256
7e8f9def674aab1cd6616ab8e7385afe197cb5089f60d67872de87c9c6563a89

SHA512
681c690928d95910ad657d9cd38dae46b74a7b2a604eafc9c43c001057bec8ac8b55e75e7cdb708a887955a196525adf9fdae2c7b8dd3ee5a19348cd5e617c01

Download Submit
C:\Windows\system\sfFvjYR.exe

Filesize
6.0MB

MD5
f3a406341aef38a3dea66fc7c38b62a0

SHA1
fa5b988a8df9ba5119a1c576cbdec9c30100fd17

SHA256
320696909f9cf9dd05562726d66e43902a9b46d8ff9cdd0ad96f36860cf1389c

SHA512
2e05a09150f0494e859cd25741015fcad1f427ccf84814dacb26e1eb360d9313131c97ae216866a84d46524bbc6e1b8ba3e78a2eb767b8bc7355bffc8dd89fa0

Download Submit
C:\Windows\system\tzmYHmf.exe

Filesize
6.0MB

MD5
e734a702dfdf6eab7bf5c879246b5047

SHA1
36602ef25f5d0feb6aa860170be0538eb521a936

SHA256
f5cd045608c72d9cbd68b836b9dd078e4cda91b5c548e48a996ceecf67b399c5

SHA512
ef092710a2049c960ccc79d0382583f7a3495f69d935cbaf60fb7ff4e909d794b7fa82a9cb912758f96403a67a7e79e2070eb163bad13fc1876f194b87b99fb5

Download Submit
C:\Windows\system\uWZbrTI.exe

Filesize
6.0MB

MD5
98975dc74a9b6db79ab2c3c75e29f68b

SHA1
c7fd6fbaa0dd7d0469d7f33dd4478cf97f6baa39

SHA256
e77cac95acfb84044b619b16cfd8fa5101889b02910f1843f15f89bcf0b508fe

SHA512
2c11dcaaec5916b152d3e65c7ef050819e8819ac09099672451f851070528ad588ff88bace33707cadc116065c60b1b8a533f631d503369209f6330a66ba1c3a

Download Submit
C:\Windows\system\vSOcpoS.exe

Filesize
6.0MB

MD5
fe08033af3bef7fb6a0a3041047704ab

SHA1
9d3b758d299e2cc7ead946811484bb1415a3141f

SHA256
59b846c63b16a91335a9461a783a0a144a0a471c1db1a71d6abafc796d5a9049

SHA512
f5441c60cc22203b39f5580a520f89d0070051bfd632b6af66272ab63b3c35a9a244519a21da2bd8f98725c8f8bb72e2f741dac5e0d977d37ef94a56728fc80d

Download Submit
C:\Windows\system\woJkhVy.exe

Filesize
6.0MB

MD5
bdb443d3dcc01b5e1bd6f04b1e64e584

SHA1
215ed28faebb63f23b5d4a3a62d9681756e3a7a2

SHA256
3ff23a48e36cc7411b0ba403c77e818c1483284e396b08e33e07a2a4638e346d

SHA512
5fefb022cca51716c55b5713faa136ca70086567caed7523c04d5b8cc34cb8594e064e5f35ecf51f7120d5501422173594441416ef521808750cf4880d76b121

Download Submit
\Windows\system\bfPJfXf.exe

Filesize
6.0MB

MD5
7b1214589ba7a02578a5c29e75c2c9df

SHA1
068a993bc783dfc51f8b0422a5975a5e646b82a0

SHA256
b34612dd34333740de6c3339836c87954f82372a9c27d668ace37d0a55445768

SHA512
b6e4d67ca296ab9b5bcdc5c811398c02995c8b420d3216ae484dff6436d1df35190cc3edbf985f2245bde2a0e15ee4909f420dce0570db83cd8e54a84836d50a

Download Submit
\Windows\system\hgkOgBc.exe

Filesize
6.0MB

MD5
67afb89636c71d56a4fd8a978873e224

SHA1
682789baeca2020d13006427b4c90686ac700ec2

SHA256
cc7bb87f84691a22c7f07f7faf6748ec241996ec6c2999ba8df4f95d227a7e0d

SHA512
79a0932aace4114c371f6deb438b89f39f62fb1757583e58e20063401314adea0593b928413e5a89507dbefe7725f9f10e3e9b402fe466a283e74cf0bb81ac4c

Download Submit
\Windows\system\lNRHahB.exe

Filesize
6.0MB

MD5
50f46036c0254a3dd086ba4f4099c496

SHA1
24589d5c1838ed7f5ec0cac182d0323d15dcdb72

SHA256
f8b41091729b820c536734c350d931ae2ceaa1638e1d0afe243dce532c7c6875

SHA512
5c9edea50b7b91694f3fdb124ec0265f0510a7495622cb1429a415df9a540a91f5828642846c0016ac47131a27557c43de11a8b1d441f0f94e4786a044eaee27

Download Submit
\Windows\system\vXrjkEg.exe

Filesize
6.0MB

MD5
49ba531f28c9528cd66ebd992596d161

SHA1
c82173f6362d86044069cf15b3d2e38c7e8d3505

SHA256
e4e1d889560bac1b5c4a7281f88a4ab06c8224fd862ed9ff07fc66c6f286a436

SHA512
365e079fdb0f8bb5f3efd8a9a33b6cf5477baffaf9311f0a31de70a2cacbf00ea6ec0eff040d1f9c0cd62f30ae7835cc557f75a888375d8769bdadc70f13476f

Download Submit
memory/592-3582-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/592-79-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/592-394-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/604-31-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/604-27-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/604-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/604-674-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/604-37-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/604-99-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/604-55-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/604-0-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/604-44-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/604-52-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/604-1012-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/604-11-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/604-61-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/604-108-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/604-107-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/604-870-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/604-68-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/604-22-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/604-90-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/604-91-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/1460-772-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/1460-3616-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/1460-96-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/1816-29-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1816-3539-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1988-103-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/1988-923-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/1988-3603-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2008-49-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2008-85-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2008-3553-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2072-54-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2072-20-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2072-3537-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2132-7-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-48-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-3536-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-232-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-3573-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-72-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-57-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2660-3570-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2660-95-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3552-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2716-78-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2796-71-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3560-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2796-35-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2828-102-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3580-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2828-64-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/3036-577-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/3036-3579-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/3036-86-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/3052-3534-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/3052-28-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download