cobaltstrike | ae285c60262d8b792b53ab2db08e26e1482abd0b9dfe767e0385709e94e93eda

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

73778515af78e06ba736b68f484400c1
SHA1

caec5c1e590f798cb6d56004b63954e6160679a0
SHA256

ae285c60262d8b792b53ab2db08e26e1482abd0b9dfe767e0385709e94e93eda
SHA512

f2d59a228af2b00c8749f7faa9283fe97df0b6d69755c2459d7d38893aa9f47249f49707e01dceeed4b0072f96deeb7448ff762868acc6cf7ce5324c98b0ba87
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUG:T+q56utgpPF8u/7G

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016890-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016b86-13.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c89-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d22-59.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-86.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000164de-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-195.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-200.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-189.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-150.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-145.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-140.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-135.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-130.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-81.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-73.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d68-64.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d4c-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf0-39.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ca0-32.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1860-0-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/memory/1860-6-0x0000000002290000-0x00000000025E4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016890-8.dat	xmrig
behavioral1/memory/2052-21-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/files/0x0008000000016b86-13.dat	xmrig
behavioral1/files/0x0008000000016c89-18.dat	xmrig
behavioral1/memory/1968-35-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/1984-40-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d22-59.dat	xmrig
behavioral1/memory/1276-60-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x0005000000018706-86.dat	xmrig
behavioral1/files/0x00080000000164de-103.dat	xmrig
behavioral1/memory/2668-108-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/files/0x0005000000018745-120.dat	xmrig
behavioral1/files/0x0005000000019358-195.dat	xmrig
behavioral1/memory/1860-1093-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2668-953-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2440-755-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2804-560-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2504-408-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2716-221-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x000500000001938e-200.dat	xmrig
behavioral1/files/0x0005000000019354-189.dat	xmrig
behavioral1/files/0x00050000000192a1-185.dat	xmrig
behavioral1/files/0x0005000000019299-180.dat	xmrig
behavioral1/files/0x000500000001927a-175.dat	xmrig
behavioral1/files/0x0005000000019274-170.dat	xmrig
behavioral1/files/0x0005000000019261-165.dat	xmrig
behavioral1/files/0x000500000001924f-159.dat	xmrig
behavioral1/files/0x0005000000019237-155.dat	xmrig
behavioral1/files/0x0005000000019203-150.dat	xmrig
behavioral1/files/0x0006000000019056-145.dat	xmrig
behavioral1/files/0x0006000000018fdf-140.dat	xmrig
behavioral1/files/0x0006000000018d83-135.dat	xmrig
behavioral1/files/0x0006000000018d7b-130.dat	xmrig
behavioral1/files/0x0006000000018be7-125.dat	xmrig
behavioral1/files/0x000500000001871c-115.dat	xmrig
behavioral1/memory/1860-113-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/1860-112-0x0000000002290000-0x00000000025E4000-memory.dmp	xmrig
behavioral1/memory/2636-107-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2440-101-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/1276-100-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x000500000001870c-99.dat	xmrig
behavioral1/memory/2804-91-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2332-90-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2504-83-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2260-82-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x0005000000018697-81.dat	xmrig
behavioral1/memory/1968-79-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2716-75-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2300-74-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/files/0x000d000000018683-73.dat	xmrig
behavioral1/memory/2936-70-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2636-65-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d68-64.dat	xmrig
behavioral1/memory/2260-47-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2052-57-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2332-54-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d4c-52.dat	xmrig
behavioral1/files/0x0007000000016cf0-39.dat	xmrig
behavioral1/memory/1860-33-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016ca0-32.dat	xmrig
behavioral1/memory/2300-31-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1984	PzjnfmB.exe
2052	jMrSdbc.exe
2936	mzoltwg.exe
2300	mqhoicg.exe
1968	QcuXEdI.exe
2260	MiAabCf.exe
2332	wWYUByc.exe
1276	tjBZRYA.exe
2636	VDWlMjA.exe
2716	IAFMNiQ.exe
2504	FEUEZab.exe
2804	VrdaHzO.exe
2440	wcdzDwh.exe
2668	YXeWwfk.exe
2560	KYewFvs.exe
1052	viuHqSw.exe
1624	RtmtDUY.exe
1472	aToYZsU.exe
1124	UfAxqEh.exe
1436	kEzpJbC.exe
2240	XYLyeTd.exe
1944	PEOZzij.exe
308	tAgrTlp.exe
2016	HgwjuBT.exe
2780	GUhtYhm.exe
2484	PgZUmaP.exe
692	nzgGwsX.exe
2456	WYcsQEZ.exe
2988	IhWWUet.exe
1008	QVsoxAO.exe
544	eLZeXOX.exe
2152	DTLjSwN.exe
1672	PSEQGBJ.exe
1700	MCvDwfD.exe
1360	fvWlgUY.exe
1232	yfZgMcF.exe
2436	RpgNujw.exe
2060	SmofmcT.exe
1152	iukksfG.exe
2404	vpEakUL.exe
1692	gPSOjhj.exe
884	wypuFsi.exe
2384	SlbFkqt.exe
2372	ujYMlkS.exe
2256	zycKUqh.exe
2224	JCwTNSU.exe
1768	QTmDwyE.exe
2216	nThXrNV.exe
1888	sazGFwR.exe
900	SjxUnoO.exe
2184	gWABuQF.exe
1868	cjJQbYS.exe
1600	NcOBwdA.exe
1784	MfSZoVU.exe
2252	lYDfhTx.exe
1660	lQycaGt.exe
2428	fEIOQdR.exe
1236	wDdqOMi.exe
2200	JKwLEEd.exe
2648	UeSWveV.exe
2532	JEbpzzY.exe
2544	xekMBWf.exe
860	wcpVpZo.exe
2984	tOLwcHN.exe

Loads dropped DLL 64 IoCs

pid	Process
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1860-0-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/memory/1860-6-0x0000000002290000-0x00000000025E4000-memory.dmp	upx
behavioral1/files/0x0008000000016890-8.dat	upx
behavioral1/memory/2052-21-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/files/0x0008000000016b86-13.dat	upx
behavioral1/files/0x0008000000016c89-18.dat	upx
behavioral1/memory/1968-35-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/1984-40-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x0007000000016d22-59.dat	upx
behavioral1/memory/1276-60-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x0005000000018706-86.dat	upx
behavioral1/files/0x00080000000164de-103.dat	upx
behavioral1/memory/2668-108-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/files/0x0005000000018745-120.dat	upx
behavioral1/files/0x0005000000019358-195.dat	upx
behavioral1/memory/2668-953-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2440-755-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2804-560-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2504-408-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2716-221-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x000500000001938e-200.dat	upx
behavioral1/files/0x0005000000019354-189.dat	upx
behavioral1/files/0x00050000000192a1-185.dat	upx
behavioral1/files/0x0005000000019299-180.dat	upx
behavioral1/files/0x000500000001927a-175.dat	upx
behavioral1/files/0x0005000000019274-170.dat	upx
behavioral1/files/0x0005000000019261-165.dat	upx
behavioral1/files/0x000500000001924f-159.dat	upx
behavioral1/files/0x0005000000019237-155.dat	upx
behavioral1/files/0x0005000000019203-150.dat	upx
behavioral1/files/0x0006000000019056-145.dat	upx
behavioral1/files/0x0006000000018fdf-140.dat	upx
behavioral1/files/0x0006000000018d83-135.dat	upx
behavioral1/files/0x0006000000018d7b-130.dat	upx
behavioral1/files/0x0006000000018be7-125.dat	upx
behavioral1/files/0x000500000001871c-115.dat	upx
behavioral1/memory/2636-107-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2440-101-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/1276-100-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x000500000001870c-99.dat	upx
behavioral1/memory/2804-91-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2332-90-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2504-83-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2260-82-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x0005000000018697-81.dat	upx
behavioral1/memory/1968-79-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2716-75-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2300-74-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/files/0x000d000000018683-73.dat	upx
behavioral1/memory/2936-70-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2636-65-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x0009000000016d68-64.dat	upx
behavioral1/memory/2260-47-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2052-57-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2332-54-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x0007000000016d4c-52.dat	upx
behavioral1/files/0x0007000000016cf0-39.dat	upx
behavioral1/memory/1860-33-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x0008000000016ca0-32.dat	upx
behavioral1/memory/2300-31-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2936-29-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2052-3518-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/1984-3515-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gBkQexG.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FunVFTM.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zivHAAW.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JSJndNK.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bFBIJhc.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CvalJyl.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnSYaYs.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hAoLqqt.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VnPdDOj.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VSvykGQ.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYcsQEZ.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xlmbuMO.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GlLKmNh.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mdujnPW.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XQEvNUN.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IUPmMcD.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ORYHzwF.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wsJcoDI.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLravFM.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PHWqxRR.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BvKSHtJ.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RZHfUKr.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hymvfvL.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uqDvHkJ.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TIVwsAU.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwXCjoq.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gppOluQ.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dQzJMoL.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\srZFAxX.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MPpcvML.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVKdTHM.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iatETDe.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rUAogEp.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NPWuqOv.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uNiraUw.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nqttqsT.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RldzCZn.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSKJKNI.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VwZzpus.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sErdJyG.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lBxcGhE.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQxGfcL.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WasSIiA.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cXpCbOQ.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFqbQXT.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VBCkcBR.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PwZwyDk.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ugAUhCS.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZxiJTSX.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WNgtLIU.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\doHlyHT.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NZquSzA.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qNGTHCC.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gnpVCbg.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UtIfTsM.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PSpClmE.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JDJGaIu.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNudSxy.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\naEhOYP.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPCDyZF.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nzlacTk.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnQtDfh.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GSaQXtn.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LQRQHFk.exe	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 1984	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1860 wrote to memory of 1984	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1860 wrote to memory of 1984	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1860 wrote to memory of 2052	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1860 wrote to memory of 2052	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1860 wrote to memory of 2052	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1860 wrote to memory of 2300	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1860 wrote to memory of 2300	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1860 wrote to memory of 2300	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1860 wrote to memory of 2936	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1860 wrote to memory of 2936	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1860 wrote to memory of 2936	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1860 wrote to memory of 1968	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1860 wrote to memory of 1968	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1860 wrote to memory of 1968	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1860 wrote to memory of 2260	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1860 wrote to memory of 2260	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1860 wrote to memory of 2260	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1860 wrote to memory of 1276	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1860 wrote to memory of 1276	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1860 wrote to memory of 1276	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1860 wrote to memory of 2332	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1860 wrote to memory of 2332	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1860 wrote to memory of 2332	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1860 wrote to memory of 2636	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1860 wrote to memory of 2636	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1860 wrote to memory of 2636	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1860 wrote to memory of 2716	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1860 wrote to memory of 2716	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1860 wrote to memory of 2716	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1860 wrote to memory of 2504	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1860 wrote to memory of 2504	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1860 wrote to memory of 2504	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1860 wrote to memory of 2804	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1860 wrote to memory of 2804	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1860 wrote to memory of 2804	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1860 wrote to memory of 2440	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1860 wrote to memory of 2440	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1860 wrote to memory of 2440	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1860 wrote to memory of 2668	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1860 wrote to memory of 2668	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1860 wrote to memory of 2668	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1860 wrote to memory of 2560	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1860 wrote to memory of 2560	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1860 wrote to memory of 2560	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1860 wrote to memory of 1052	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1860 wrote to memory of 1052	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1860 wrote to memory of 1052	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1860 wrote to memory of 1624	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1860 wrote to memory of 1624	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1860 wrote to memory of 1624	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1860 wrote to memory of 1472	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1860 wrote to memory of 1472	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1860 wrote to memory of 1472	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1860 wrote to memory of 1124	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1860 wrote to memory of 1124	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1860 wrote to memory of 1124	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1860 wrote to memory of 1436	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1860 wrote to memory of 1436	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1860 wrote to memory of 1436	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1860 wrote to memory of 2240	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1860 wrote to memory of 2240	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1860 wrote to memory of 2240	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1860 wrote to memory of 1944	1860	2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_73778515af78e06ba736b68f484400c1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Windows\System\PzjnfmB.exe
  C:\Windows\System\PzjnfmB.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\jMrSdbc.exe
  C:\Windows\System\jMrSdbc.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\mqhoicg.exe
  C:\Windows\System\mqhoicg.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\mzoltwg.exe
  C:\Windows\System\mzoltwg.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\QcuXEdI.exe
  C:\Windows\System\QcuXEdI.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\MiAabCf.exe
  C:\Windows\System\MiAabCf.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\tjBZRYA.exe
  C:\Windows\System\tjBZRYA.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\wWYUByc.exe
  C:\Windows\System\wWYUByc.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\VDWlMjA.exe
  C:\Windows\System\VDWlMjA.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\IAFMNiQ.exe
  C:\Windows\System\IAFMNiQ.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\FEUEZab.exe
  C:\Windows\System\FEUEZab.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\VrdaHzO.exe
  C:\Windows\System\VrdaHzO.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\wcdzDwh.exe
  C:\Windows\System\wcdzDwh.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\YXeWwfk.exe
  C:\Windows\System\YXeWwfk.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\KYewFvs.exe
  C:\Windows\System\KYewFvs.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\viuHqSw.exe
  C:\Windows\System\viuHqSw.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\RtmtDUY.exe
  C:\Windows\System\RtmtDUY.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\aToYZsU.exe
  C:\Windows\System\aToYZsU.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\UfAxqEh.exe
  C:\Windows\System\UfAxqEh.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\kEzpJbC.exe
  C:\Windows\System\kEzpJbC.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\XYLyeTd.exe
  C:\Windows\System\XYLyeTd.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\PEOZzij.exe
  C:\Windows\System\PEOZzij.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\tAgrTlp.exe
  C:\Windows\System\tAgrTlp.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\HgwjuBT.exe
  C:\Windows\System\HgwjuBT.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\GUhtYhm.exe
  C:\Windows\System\GUhtYhm.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\PgZUmaP.exe
  C:\Windows\System\PgZUmaP.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\nzgGwsX.exe
  C:\Windows\System\nzgGwsX.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\WYcsQEZ.exe
  C:\Windows\System\WYcsQEZ.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\IhWWUet.exe
  C:\Windows\System\IhWWUet.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\QVsoxAO.exe
  C:\Windows\System\QVsoxAO.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\eLZeXOX.exe
  C:\Windows\System\eLZeXOX.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\DTLjSwN.exe
  C:\Windows\System\DTLjSwN.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\PSEQGBJ.exe
  C:\Windows\System\PSEQGBJ.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\MCvDwfD.exe
  C:\Windows\System\MCvDwfD.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\fvWlgUY.exe
  C:\Windows\System\fvWlgUY.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\yfZgMcF.exe
  C:\Windows\System\yfZgMcF.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\RpgNujw.exe
  C:\Windows\System\RpgNujw.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\SmofmcT.exe
  C:\Windows\System\SmofmcT.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\iukksfG.exe
  C:\Windows\System\iukksfG.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\vpEakUL.exe
  C:\Windows\System\vpEakUL.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\gPSOjhj.exe
  C:\Windows\System\gPSOjhj.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\wypuFsi.exe
  C:\Windows\System\wypuFsi.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\SlbFkqt.exe
  C:\Windows\System\SlbFkqt.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\ujYMlkS.exe
  C:\Windows\System\ujYMlkS.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\zycKUqh.exe
  C:\Windows\System\zycKUqh.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\JCwTNSU.exe
  C:\Windows\System\JCwTNSU.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\QTmDwyE.exe
  C:\Windows\System\QTmDwyE.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\nThXrNV.exe
  C:\Windows\System\nThXrNV.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\sazGFwR.exe
  C:\Windows\System\sazGFwR.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\SjxUnoO.exe
  C:\Windows\System\SjxUnoO.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\gWABuQF.exe
  C:\Windows\System\gWABuQF.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\cjJQbYS.exe
  C:\Windows\System\cjJQbYS.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\NcOBwdA.exe
  C:\Windows\System\NcOBwdA.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\MfSZoVU.exe
  C:\Windows\System\MfSZoVU.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\lYDfhTx.exe
  C:\Windows\System\lYDfhTx.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\lQycaGt.exe
  C:\Windows\System\lQycaGt.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\fEIOQdR.exe
  C:\Windows\System\fEIOQdR.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\wDdqOMi.exe
  C:\Windows\System\wDdqOMi.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\JKwLEEd.exe
  C:\Windows\System\JKwLEEd.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\UeSWveV.exe
  C:\Windows\System\UeSWveV.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\JEbpzzY.exe
  C:\Windows\System\JEbpzzY.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\xekMBWf.exe
  C:\Windows\System\xekMBWf.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\wcpVpZo.exe
  C:\Windows\System\wcpVpZo.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\tOLwcHN.exe
  C:\Windows\System\tOLwcHN.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\rTrxwEM.exe
  C:\Windows\System\rTrxwEM.exe
  2⤵
  PID:2320
- C:\Windows\System\fTTkMCZ.exe
  C:\Windows\System\fTTkMCZ.exe
  2⤵
  PID:1620
- C:\Windows\System\mejpyTT.exe
  C:\Windows\System\mejpyTT.exe
  2⤵
  PID:2236
- C:\Windows\System\iyYGQOr.exe
  C:\Windows\System\iyYGQOr.exe
  2⤵
  PID:1776
- C:\Windows\System\OEqujLi.exe
  C:\Windows\System\OEqujLi.exe
  2⤵
  PID:2044
- C:\Windows\System\UElbmpY.exe
  C:\Windows\System\UElbmpY.exe
  2⤵
  PID:484
- C:\Windows\System\NWkpfub.exe
  C:\Windows\System\NWkpfub.exe
  2⤵
  PID:556
- C:\Windows\System\qVHxQzD.exe
  C:\Windows\System\qVHxQzD.exe
  2⤵
  PID:2768
- C:\Windows\System\cbtXFPo.exe
  C:\Windows\System\cbtXFPo.exe
  2⤵
  PID:1872
- C:\Windows\System\bDSEezD.exe
  C:\Windows\System\bDSEezD.exe
  2⤵
  PID:596
- C:\Windows\System\kUaNzwf.exe
  C:\Windows\System\kUaNzwf.exe
  2⤵
  PID:804
- C:\Windows\System\AUrIlip.exe
  C:\Windows\System\AUrIlip.exe
  2⤵
  PID:1612
- C:\Windows\System\ErLmuDM.exe
  C:\Windows\System\ErLmuDM.exe
  2⤵
  PID:1516
- C:\Windows\System\ScdxBUQ.exe
  C:\Windows\System\ScdxBUQ.exe
  2⤵
  PID:856
- C:\Windows\System\zyCwTJV.exe
  C:\Windows\System\zyCwTJV.exe
  2⤵
  PID:2748
- C:\Windows\System\unSjUkm.exe
  C:\Windows\System\unSjUkm.exe
  2⤵
  PID:568
- C:\Windows\System\EkwAXhE.exe
  C:\Windows\System\EkwAXhE.exe
  2⤵
  PID:2676
- C:\Windows\System\ljpLqol.exe
  C:\Windows\System\ljpLqol.exe
  2⤵
  PID:560
- C:\Windows\System\lmqMBpO.exe
  C:\Windows\System\lmqMBpO.exe
  2⤵
  PID:1792
- C:\Windows\System\iTfEFjc.exe
  C:\Windows\System\iTfEFjc.exe
  2⤵
  PID:1724
- C:\Windows\System\KTiVdoC.exe
  C:\Windows\System\KTiVdoC.exe
  2⤵
  PID:2064
- C:\Windows\System\LZOqRxM.exe
  C:\Windows\System\LZOqRxM.exe
  2⤵
  PID:2068
- C:\Windows\System\ybWAVAd.exe
  C:\Windows\System\ybWAVAd.exe
  2⤵
  PID:1608
- C:\Windows\System\EfExObO.exe
  C:\Windows\System\EfExObO.exe
  2⤵
  PID:2944
- C:\Windows\System\fMMEdmL.exe
  C:\Windows\System\fMMEdmL.exe
  2⤵
  PID:2888
- C:\Windows\System\iPAvOvi.exe
  C:\Windows\System\iPAvOvi.exe
  2⤵
  PID:2620
- C:\Windows\System\GxgJsbn.exe
  C:\Windows\System\GxgJsbn.exe
  2⤵
  PID:2968
- C:\Windows\System\qEanuUl.exe
  C:\Windows\System\qEanuUl.exe
  2⤵
  PID:3008
- C:\Windows\System\fMOaRSw.exe
  C:\Windows\System\fMOaRSw.exe
  2⤵
  PID:3012
- C:\Windows\System\UrLJOyI.exe
  C:\Windows\System\UrLJOyI.exe
  2⤵
  PID:1076
- C:\Windows\System\ksuXFkV.exe
  C:\Windows\System\ksuXFkV.exe
  2⤵
  PID:2032
- C:\Windows\System\ILfsRtq.exe
  C:\Windows\System\ILfsRtq.exe
  2⤵
  PID:2736
- C:\Windows\System\RvvlERg.exe
  C:\Windows\System\RvvlERg.exe
  2⤵
  PID:2840
- C:\Windows\System\wjDwIsh.exe
  C:\Windows\System\wjDwIsh.exe
  2⤵
  PID:2864
- C:\Windows\System\HdgJoFM.exe
  C:\Windows\System\HdgJoFM.exe
  2⤵
  PID:448
- C:\Windows\System\wSwovUE.exe
  C:\Windows\System\wSwovUE.exe
  2⤵
  PID:1668
- C:\Windows\System\gNuODtm.exe
  C:\Windows\System\gNuODtm.exe
  2⤵
  PID:3060
- C:\Windows\System\wgAfctA.exe
  C:\Windows\System\wgAfctA.exe
  2⤵
  PID:876
- C:\Windows\System\yvvkLIj.exe
  C:\Windows\System\yvvkLIj.exe
  2⤵
  PID:1084
- C:\Windows\System\dijfjgX.exe
  C:\Windows\System\dijfjgX.exe
  2⤵
  PID:2084
- C:\Windows\System\kqykdpR.exe
  C:\Windows\System\kqykdpR.exe
  2⤵
  PID:2368
- C:\Windows\System\NnfoVdo.exe
  C:\Windows\System\NnfoVdo.exe
  2⤵
  PID:3092
- C:\Windows\System\bJXwAYD.exe
  C:\Windows\System\bJXwAYD.exe
  2⤵
  PID:3112
- C:\Windows\System\ZqXKRGW.exe
  C:\Windows\System\ZqXKRGW.exe
  2⤵
  PID:3132
- C:\Windows\System\HDmVFvN.exe
  C:\Windows\System\HDmVFvN.exe
  2⤵
  PID:3152
- C:\Windows\System\MCBwEmB.exe
  C:\Windows\System\MCBwEmB.exe
  2⤵
  PID:3172
- C:\Windows\System\AZtrOZZ.exe
  C:\Windows\System\AZtrOZZ.exe
  2⤵
  PID:3192
- C:\Windows\System\ELshkLa.exe
  C:\Windows\System\ELshkLa.exe
  2⤵
  PID:3212
- C:\Windows\System\SKpIlDV.exe
  C:\Windows\System\SKpIlDV.exe
  2⤵
  PID:3232
- C:\Windows\System\QbqDQyQ.exe
  C:\Windows\System\QbqDQyQ.exe
  2⤵
  PID:3252
- C:\Windows\System\lqxAeQH.exe
  C:\Windows\System\lqxAeQH.exe
  2⤵
  PID:3272
- C:\Windows\System\hbZWvqU.exe
  C:\Windows\System\hbZWvqU.exe
  2⤵
  PID:3292
- C:\Windows\System\vOwaCbk.exe
  C:\Windows\System\vOwaCbk.exe
  2⤵
  PID:3312
- C:\Windows\System\HcVBSim.exe
  C:\Windows\System\HcVBSim.exe
  2⤵
  PID:3332
- C:\Windows\System\PGWFXZT.exe
  C:\Windows\System\PGWFXZT.exe
  2⤵
  PID:3352
- C:\Windows\System\RsiGTSh.exe
  C:\Windows\System\RsiGTSh.exe
  2⤵
  PID:3372
- C:\Windows\System\MfwFidp.exe
  C:\Windows\System\MfwFidp.exe
  2⤵
  PID:3392
- C:\Windows\System\lRhSxpU.exe
  C:\Windows\System\lRhSxpU.exe
  2⤵
  PID:3412
- C:\Windows\System\GniwqDw.exe
  C:\Windows\System\GniwqDw.exe
  2⤵
  PID:3432
- C:\Windows\System\JBhSXRH.exe
  C:\Windows\System\JBhSXRH.exe
  2⤵
  PID:3452
- C:\Windows\System\DYbsFVr.exe
  C:\Windows\System\DYbsFVr.exe
  2⤵
  PID:3476
- C:\Windows\System\hhoRwXD.exe
  C:\Windows\System\hhoRwXD.exe
  2⤵
  PID:3496
- C:\Windows\System\oVqRyJy.exe
  C:\Windows\System\oVqRyJy.exe
  2⤵
  PID:3516
- C:\Windows\System\nxSKxMU.exe
  C:\Windows\System\nxSKxMU.exe
  2⤵
  PID:3536
- C:\Windows\System\jcZZlQo.exe
  C:\Windows\System\jcZZlQo.exe
  2⤵
  PID:3556
- C:\Windows\System\vqDldKY.exe
  C:\Windows\System\vqDldKY.exe
  2⤵
  PID:3576
- C:\Windows\System\KWlFXLw.exe
  C:\Windows\System\KWlFXLw.exe
  2⤵
  PID:3596
- C:\Windows\System\mBeRfUO.exe
  C:\Windows\System\mBeRfUO.exe
  2⤵
  PID:3616
- C:\Windows\System\HPmxXxP.exe
  C:\Windows\System\HPmxXxP.exe
  2⤵
  PID:3636
- C:\Windows\System\cupytAA.exe
  C:\Windows\System\cupytAA.exe
  2⤵
  PID:3656
- C:\Windows\System\eWsyAPN.exe
  C:\Windows\System\eWsyAPN.exe
  2⤵
  PID:3676
- C:\Windows\System\njxnkSw.exe
  C:\Windows\System\njxnkSw.exe
  2⤵
  PID:3696
- C:\Windows\System\oEimMaX.exe
  C:\Windows\System\oEimMaX.exe
  2⤵
  PID:3716
- C:\Windows\System\aoaRhfw.exe
  C:\Windows\System\aoaRhfw.exe
  2⤵
  PID:3736
- C:\Windows\System\OYESBKd.exe
  C:\Windows\System\OYESBKd.exe
  2⤵
  PID:3756
- C:\Windows\System\IRATKAr.exe
  C:\Windows\System\IRATKAr.exe
  2⤵
  PID:3776
- C:\Windows\System\TtCsXfB.exe
  C:\Windows\System\TtCsXfB.exe
  2⤵
  PID:3796
- C:\Windows\System\uCHGasf.exe
  C:\Windows\System\uCHGasf.exe
  2⤵
  PID:3816
- C:\Windows\System\iYzutOa.exe
  C:\Windows\System\iYzutOa.exe
  2⤵
  PID:3836
- C:\Windows\System\wbnnAza.exe
  C:\Windows\System\wbnnAza.exe
  2⤵
  PID:3856
- C:\Windows\System\VERIrmE.exe
  C:\Windows\System\VERIrmE.exe
  2⤵
  PID:3876
- C:\Windows\System\YJaIUsI.exe
  C:\Windows\System\YJaIUsI.exe
  2⤵
  PID:3896
- C:\Windows\System\JfPvRfI.exe
  C:\Windows\System\JfPvRfI.exe
  2⤵
  PID:3916
- C:\Windows\System\xkOOlia.exe
  C:\Windows\System\xkOOlia.exe
  2⤵
  PID:3936
- C:\Windows\System\dFmgdaF.exe
  C:\Windows\System\dFmgdaF.exe
  2⤵
  PID:3956
- C:\Windows\System\YvAODbJ.exe
  C:\Windows\System\YvAODbJ.exe
  2⤵
  PID:3976
- C:\Windows\System\QzGzBxG.exe
  C:\Windows\System\QzGzBxG.exe
  2⤵
  PID:4000
- C:\Windows\System\YoMTHRG.exe
  C:\Windows\System\YoMTHRG.exe
  2⤵
  PID:4020
- C:\Windows\System\smNAAaR.exe
  C:\Windows\System\smNAAaR.exe
  2⤵
  PID:4040
- C:\Windows\System\RVahbRo.exe
  C:\Windows\System\RVahbRo.exe
  2⤵
  PID:4060
- C:\Windows\System\MBcjlKp.exe
  C:\Windows\System\MBcjlKp.exe
  2⤵
  PID:4080
- C:\Windows\System\cZHcnia.exe
  C:\Windows\System\cZHcnia.exe
  2⤵
  PID:1572
- C:\Windows\System\IhyxjmE.exe
  C:\Windows\System\IhyxjmE.exe
  2⤵
  PID:1828
- C:\Windows\System\tpcoTOV.exe
  C:\Windows\System\tpcoTOV.exe
  2⤵
  PID:3056
- C:\Windows\System\zBKSlNP.exe
  C:\Windows\System\zBKSlNP.exe
  2⤵
  PID:2880
- C:\Windows\System\QhYztik.exe
  C:\Windows\System\QhYztik.exe
  2⤵
  PID:2508
- C:\Windows\System\EoBoAif.exe
  C:\Windows\System\EoBoAif.exe
  2⤵
  PID:1344
- C:\Windows\System\TbndpHu.exe
  C:\Windows\System\TbndpHu.exe
  2⤵
  PID:1088
- C:\Windows\System\rGaohzK.exe
  C:\Windows\System\rGaohzK.exe
  2⤵
  PID:2088
- C:\Windows\System\whtiJnP.exe
  C:\Windows\System\whtiJnP.exe
  2⤵
  PID:2092
- C:\Windows\System\PTcrCgO.exe
  C:\Windows\System\PTcrCgO.exe
  2⤵
  PID:936
- C:\Windows\System\svDVuVY.exe
  C:\Windows\System\svDVuVY.exe
  2⤵
  PID:988
- C:\Windows\System\gmFepcH.exe
  C:\Windows\System\gmFepcH.exe
  2⤵
  PID:2232
- C:\Windows\System\iVqIDkt.exe
  C:\Windows\System\iVqIDkt.exe
  2⤵
  PID:3100
- C:\Windows\System\NeAgbnT.exe
  C:\Windows\System\NeAgbnT.exe
  2⤵
  PID:3120
- C:\Windows\System\GIyqvuM.exe
  C:\Windows\System\GIyqvuM.exe
  2⤵
  PID:3144
- C:\Windows\System\TwvaOOR.exe
  C:\Windows\System\TwvaOOR.exe
  2⤵
  PID:3164
- C:\Windows\System\qpBmUTT.exe
  C:\Windows\System\qpBmUTT.exe
  2⤵
  PID:3204
- C:\Windows\System\haZfeSz.exe
  C:\Windows\System\haZfeSz.exe
  2⤵
  PID:3244
- C:\Windows\System\YSrFuuT.exe
  C:\Windows\System\YSrFuuT.exe
  2⤵
  PID:3300
- C:\Windows\System\BIFMUwW.exe
  C:\Windows\System\BIFMUwW.exe
  2⤵
  PID:3320
- C:\Windows\System\neLaSKd.exe
  C:\Windows\System\neLaSKd.exe
  2⤵
  PID:3344
- C:\Windows\System\dGxPABp.exe
  C:\Windows\System\dGxPABp.exe
  2⤵
  PID:3388
- C:\Windows\System\WjEQywc.exe
  C:\Windows\System\WjEQywc.exe
  2⤵
  PID:3408
- C:\Windows\System\RsTzPcC.exe
  C:\Windows\System\RsTzPcC.exe
  2⤵
  PID:3444
- C:\Windows\System\SEDTynG.exe
  C:\Windows\System\SEDTynG.exe
  2⤵
  PID:3492
- C:\Windows\System\DzqClpC.exe
  C:\Windows\System\DzqClpC.exe
  2⤵
  PID:3524
- C:\Windows\System\PSmsrNr.exe
  C:\Windows\System\PSmsrNr.exe
  2⤵
  PID:3564
- C:\Windows\System\aEXthVe.exe
  C:\Windows\System\aEXthVe.exe
  2⤵
  PID:3568
- C:\Windows\System\BDtgIPH.exe
  C:\Windows\System\BDtgIPH.exe
  2⤵
  PID:3632
- C:\Windows\System\buuCfgx.exe
  C:\Windows\System\buuCfgx.exe
  2⤵
  PID:3648
- C:\Windows\System\lmSSowh.exe
  C:\Windows\System\lmSSowh.exe
  2⤵
  PID:3708
- C:\Windows\System\NfMkKuW.exe
  C:\Windows\System\NfMkKuW.exe
  2⤵
  PID:3744
- C:\Windows\System\PlHXlLC.exe
  C:\Windows\System\PlHXlLC.exe
  2⤵
  PID:3764
- C:\Windows\System\tPDQjXh.exe
  C:\Windows\System\tPDQjXh.exe
  2⤵
  PID:3772
- C:\Windows\System\HCWMuTD.exe
  C:\Windows\System\HCWMuTD.exe
  2⤵
  PID:3808
- C:\Windows\System\CTxnqTA.exe
  C:\Windows\System\CTxnqTA.exe
  2⤵
  PID:3868
- C:\Windows\System\ZLdsEWu.exe
  C:\Windows\System\ZLdsEWu.exe
  2⤵
  PID:3888
- C:\Windows\System\ZeCflHX.exe
  C:\Windows\System\ZeCflHX.exe
  2⤵
  PID:3932
- C:\Windows\System\GXLpyrG.exe
  C:\Windows\System\GXLpyrG.exe
  2⤵
  PID:3984
- C:\Windows\System\VUrgRXP.exe
  C:\Windows\System\VUrgRXP.exe
  2⤵
  PID:3988
- C:\Windows\System\cgaGZgR.exe
  C:\Windows\System\cgaGZgR.exe
  2⤵
  PID:4032
- C:\Windows\System\YduLYpW.exe
  C:\Windows\System\YduLYpW.exe
  2⤵
  PID:4056
- C:\Windows\System\bqCXydA.exe
  C:\Windows\System\bqCXydA.exe
  2⤵
  PID:1604
- C:\Windows\System\sHmFvig.exe
  C:\Windows\System\sHmFvig.exe
  2⤵
  PID:2708
- C:\Windows\System\EnQnlUX.exe
  C:\Windows\System\EnQnlUX.exe
  2⤵
  PID:1956
- C:\Windows\System\eWtezIn.exe
  C:\Windows\System\eWtezIn.exe
  2⤵
  PID:1952
- C:\Windows\System\IrHQFND.exe
  C:\Windows\System\IrHQFND.exe
  2⤵
  PID:2672
- C:\Windows\System\syaidNt.exe
  C:\Windows\System\syaidNt.exe
  2⤵
  PID:1556
- C:\Windows\System\yKvMqou.exe
  C:\Windows\System\yKvMqou.exe
  2⤵
  PID:1844
- C:\Windows\System\BGYuFss.exe
  C:\Windows\System\BGYuFss.exe
  2⤵
  PID:3104
- C:\Windows\System\nFGFBbT.exe
  C:\Windows\System\nFGFBbT.exe
  2⤵
  PID:3080
- C:\Windows\System\SrTyqac.exe
  C:\Windows\System\SrTyqac.exe
  2⤵
  PID:3188
- C:\Windows\System\hNvTxiQ.exe
  C:\Windows\System\hNvTxiQ.exe
  2⤵
  PID:3228
- C:\Windows\System\zRsatUZ.exe
  C:\Windows\System\zRsatUZ.exe
  2⤵
  PID:3268
- C:\Windows\System\xanmfJB.exe
  C:\Windows\System\xanmfJB.exe
  2⤵
  PID:3380
- C:\Windows\System\NKghGid.exe
  C:\Windows\System\NKghGid.exe
  2⤵
  PID:3428
- C:\Windows\System\NgbBfQc.exe
  C:\Windows\System\NgbBfQc.exe
  2⤵
  PID:3468
- C:\Windows\System\MlSmmAj.exe
  C:\Windows\System\MlSmmAj.exe
  2⤵
  PID:3484
- C:\Windows\System\GacPbsL.exe
  C:\Windows\System\GacPbsL.exe
  2⤵
  PID:3548
- C:\Windows\System\HggrFlT.exe
  C:\Windows\System\HggrFlT.exe
  2⤵
  PID:3612
- C:\Windows\System\zgPpWAB.exe
  C:\Windows\System\zgPpWAB.exe
  2⤵
  PID:3704
- C:\Windows\System\DgTqHkD.exe
  C:\Windows\System\DgTqHkD.exe
  2⤵
  PID:3748
- C:\Windows\System\uNJHVQn.exe
  C:\Windows\System\uNJHVQn.exe
  2⤵
  PID:3828
- C:\Windows\System\VUwVjyu.exe
  C:\Windows\System\VUwVjyu.exe
  2⤵
  PID:3848
- C:\Windows\System\yHtHXHz.exe
  C:\Windows\System\yHtHXHz.exe
  2⤵
  PID:3884
- C:\Windows\System\pehACmG.exe
  C:\Windows\System\pehACmG.exe
  2⤵
  PID:3972
- C:\Windows\System\DEbACxT.exe
  C:\Windows\System\DEbACxT.exe
  2⤵
  PID:4048
- C:\Windows\System\LLEulwN.exe
  C:\Windows\System\LLEulwN.exe
  2⤵
  PID:4088
- C:\Windows\System\ziQrekN.exe
  C:\Windows\System\ziQrekN.exe
  2⤵
  PID:848
- C:\Windows\System\lCQlviH.exe
  C:\Windows\System\lCQlviH.exe
  2⤵
  PID:1996
- C:\Windows\System\ypMFkOt.exe
  C:\Windows\System\ypMFkOt.exe
  2⤵
  PID:956
- C:\Windows\System\hdVoECy.exe
  C:\Windows\System\hdVoECy.exe
  2⤵
  PID:2336
- C:\Windows\System\AaZVesP.exe
  C:\Windows\System\AaZVesP.exe
  2⤵
  PID:3140
- C:\Windows\System\FEeXmvE.exe
  C:\Windows\System\FEeXmvE.exe
  2⤵
  PID:3284
- C:\Windows\System\lHXcLbZ.exe
  C:\Windows\System\lHXcLbZ.exe
  2⤵
  PID:3324
- C:\Windows\System\aNwGGqw.exe
  C:\Windows\System\aNwGGqw.exe
  2⤵
  PID:3420
- C:\Windows\System\ySVxxBe.exe
  C:\Windows\System\ySVxxBe.exe
  2⤵
  PID:3460
- C:\Windows\System\PaVpLAl.exe
  C:\Windows\System\PaVpLAl.exe
  2⤵
  PID:3532
- C:\Windows\System\tbcEpkW.exe
  C:\Windows\System\tbcEpkW.exe
  2⤵
  PID:3688
- C:\Windows\System\qKPcMNk.exe
  C:\Windows\System\qKPcMNk.exe
  2⤵
  PID:4108
- C:\Windows\System\ANhMqas.exe
  C:\Windows\System\ANhMqas.exe
  2⤵
  PID:4128
- C:\Windows\System\bUMhRhn.exe
  C:\Windows\System\bUMhRhn.exe
  2⤵
  PID:4148
- C:\Windows\System\aXAFjct.exe
  C:\Windows\System\aXAFjct.exe
  2⤵
  PID:4168
- C:\Windows\System\kfoqctn.exe
  C:\Windows\System\kfoqctn.exe
  2⤵
  PID:4188
- C:\Windows\System\yoBIVGT.exe
  C:\Windows\System\yoBIVGT.exe
  2⤵
  PID:4208
- C:\Windows\System\inPUeoW.exe
  C:\Windows\System\inPUeoW.exe
  2⤵
  PID:4228
- C:\Windows\System\YZxaKnW.exe
  C:\Windows\System\YZxaKnW.exe
  2⤵
  PID:4248
- C:\Windows\System\gJgNBRE.exe
  C:\Windows\System\gJgNBRE.exe
  2⤵
  PID:4268
- C:\Windows\System\NdHYcCg.exe
  C:\Windows\System\NdHYcCg.exe
  2⤵
  PID:4288
- C:\Windows\System\HWMblfj.exe
  C:\Windows\System\HWMblfj.exe
  2⤵
  PID:4308
- C:\Windows\System\LdOsLfB.exe
  C:\Windows\System\LdOsLfB.exe
  2⤵
  PID:4328
- C:\Windows\System\ZviWLBR.exe
  C:\Windows\System\ZviWLBR.exe
  2⤵
  PID:4352
- C:\Windows\System\MAFCTYL.exe
  C:\Windows\System\MAFCTYL.exe
  2⤵
  PID:4372
- C:\Windows\System\CGudIaA.exe
  C:\Windows\System\CGudIaA.exe
  2⤵
  PID:4392
- C:\Windows\System\hyzSVnf.exe
  C:\Windows\System\hyzSVnf.exe
  2⤵
  PID:4412
- C:\Windows\System\UdacCne.exe
  C:\Windows\System\UdacCne.exe
  2⤵
  PID:4432
- C:\Windows\System\SRmOHXN.exe
  C:\Windows\System\SRmOHXN.exe
  2⤵
  PID:4452
- C:\Windows\System\FdOaPWU.exe
  C:\Windows\System\FdOaPWU.exe
  2⤵
  PID:4472
- C:\Windows\System\yrGlLme.exe
  C:\Windows\System\yrGlLme.exe
  2⤵
  PID:4492
- C:\Windows\System\YiCCGcT.exe
  C:\Windows\System\YiCCGcT.exe
  2⤵
  PID:4512
- C:\Windows\System\JDHFkNK.exe
  C:\Windows\System\JDHFkNK.exe
  2⤵
  PID:4532
- C:\Windows\System\McoicNf.exe
  C:\Windows\System\McoicNf.exe
  2⤵
  PID:4552
- C:\Windows\System\YfQtpYa.exe
  C:\Windows\System\YfQtpYa.exe
  2⤵
  PID:4572
- C:\Windows\System\vVWDUMc.exe
  C:\Windows\System\vVWDUMc.exe
  2⤵
  PID:4592
- C:\Windows\System\HVFseXk.exe
  C:\Windows\System\HVFseXk.exe
  2⤵
  PID:4612
- C:\Windows\System\bFKBOYP.exe
  C:\Windows\System\bFKBOYP.exe
  2⤵
  PID:4632
- C:\Windows\System\CKmpXIF.exe
  C:\Windows\System\CKmpXIF.exe
  2⤵
  PID:4652
- C:\Windows\System\bYbiuwz.exe
  C:\Windows\System\bYbiuwz.exe
  2⤵
  PID:4672
- C:\Windows\System\bePgjoJ.exe
  C:\Windows\System\bePgjoJ.exe
  2⤵
  PID:4688
- C:\Windows\System\lAfcCAz.exe
  C:\Windows\System\lAfcCAz.exe
  2⤵
  PID:4712
- C:\Windows\System\ZiLUmjo.exe
  C:\Windows\System\ZiLUmjo.exe
  2⤵
  PID:4732
- C:\Windows\System\EHQemYI.exe
  C:\Windows\System\EHQemYI.exe
  2⤵
  PID:4752
- C:\Windows\System\AsADSnl.exe
  C:\Windows\System\AsADSnl.exe
  2⤵
  PID:4772
- C:\Windows\System\CdfsARx.exe
  C:\Windows\System\CdfsARx.exe
  2⤵
  PID:4792
- C:\Windows\System\RYwBAIn.exe
  C:\Windows\System\RYwBAIn.exe
  2⤵
  PID:4812
- C:\Windows\System\bjsYuwZ.exe
  C:\Windows\System\bjsYuwZ.exe
  2⤵
  PID:4832
- C:\Windows\System\xmoivFh.exe
  C:\Windows\System\xmoivFh.exe
  2⤵
  PID:4852
- C:\Windows\System\iSlWXVh.exe
  C:\Windows\System\iSlWXVh.exe
  2⤵
  PID:4872
- C:\Windows\System\aFZLjyE.exe
  C:\Windows\System\aFZLjyE.exe
  2⤵
  PID:4888
- C:\Windows\System\wNevtNk.exe
  C:\Windows\System\wNevtNk.exe
  2⤵
  PID:4912
- C:\Windows\System\GeSVVoK.exe
  C:\Windows\System\GeSVVoK.exe
  2⤵
  PID:4932
- C:\Windows\System\xcnAhzK.exe
  C:\Windows\System\xcnAhzK.exe
  2⤵
  PID:4952
- C:\Windows\System\ChTuqvk.exe
  C:\Windows\System\ChTuqvk.exe
  2⤵
  PID:4976
- C:\Windows\System\cGExfco.exe
  C:\Windows\System\cGExfco.exe
  2⤵
  PID:4996
- C:\Windows\System\WjoCZvW.exe
  C:\Windows\System\WjoCZvW.exe
  2⤵
  PID:5016
- C:\Windows\System\POgWFdt.exe
  C:\Windows\System\POgWFdt.exe
  2⤵
  PID:5040
- C:\Windows\System\bMnIFvx.exe
  C:\Windows\System\bMnIFvx.exe
  2⤵
  PID:5060
- C:\Windows\System\mtNvfDp.exe
  C:\Windows\System\mtNvfDp.exe
  2⤵
  PID:5080
- C:\Windows\System\GxFriTk.exe
  C:\Windows\System\GxFriTk.exe
  2⤵
  PID:5100
- C:\Windows\System\RQhDikb.exe
  C:\Windows\System\RQhDikb.exe
  2⤵
  PID:3728
- C:\Windows\System\nLNZxvV.exe
  C:\Windows\System\nLNZxvV.exe
  2⤵
  PID:3804
- C:\Windows\System\JCxooqM.exe
  C:\Windows\System\JCxooqM.exe
  2⤵
  PID:3892
- C:\Windows\System\lqViUfY.exe
  C:\Windows\System\lqViUfY.exe
  2⤵
  PID:4068
- C:\Windows\System\awaPKNX.exe
  C:\Windows\System\awaPKNX.exe
  2⤵
  PID:2248
- C:\Windows\System\fKIpfZx.exe
  C:\Windows\System\fKIpfZx.exe
  2⤵
  PID:2740
- C:\Windows\System\rfvXgih.exe
  C:\Windows\System\rfvXgih.exe
  2⤵
  PID:3088
- C:\Windows\System\WGeOroS.exe
  C:\Windows\System\WGeOroS.exe
  2⤵
  PID:3148
- C:\Windows\System\uPIHWgw.exe
  C:\Windows\System\uPIHWgw.exe
  2⤵
  PID:3400
- C:\Windows\System\unOFAkN.exe
  C:\Windows\System\unOFAkN.exe
  2⤵
  PID:3652
- C:\Windows\System\KAaLDnF.exe
  C:\Windows\System\KAaLDnF.exe
  2⤵
  PID:4104
- C:\Windows\System\BCsVPvA.exe
  C:\Windows\System\BCsVPvA.exe
  2⤵
  PID:4116
- C:\Windows\System\DyzEjPS.exe
  C:\Windows\System\DyzEjPS.exe
  2⤵
  PID:4176
- C:\Windows\System\YMjFlWe.exe
  C:\Windows\System\YMjFlWe.exe
  2⤵
  PID:4160
- C:\Windows\System\AagywlJ.exe
  C:\Windows\System\AagywlJ.exe
  2⤵
  PID:4224
- C:\Windows\System\XNvEzZZ.exe
  C:\Windows\System\XNvEzZZ.exe
  2⤵
  PID:4264
- C:\Windows\System\LIvrAIB.exe
  C:\Windows\System\LIvrAIB.exe
  2⤵
  PID:4276
- C:\Windows\System\NtrKAAT.exe
  C:\Windows\System\NtrKAAT.exe
  2⤵
  PID:4280
- C:\Windows\System\nzMbUJN.exe
  C:\Windows\System\nzMbUJN.exe
  2⤵
  PID:4320
- C:\Windows\System\AwgpCWi.exe
  C:\Windows\System\AwgpCWi.exe
  2⤵
  PID:4364
- C:\Windows\System\AJDiELj.exe
  C:\Windows\System\AJDiELj.exe
  2⤵
  PID:4428
- C:\Windows\System\kiWvqTK.exe
  C:\Windows\System\kiWvqTK.exe
  2⤵
  PID:4460
- C:\Windows\System\XldfzjY.exe
  C:\Windows\System\XldfzjY.exe
  2⤵
  PID:4480
- C:\Windows\System\JDxcCEu.exe
  C:\Windows\System\JDxcCEu.exe
  2⤵
  PID:4504
- C:\Windows\System\yYKeuXJ.exe
  C:\Windows\System\yYKeuXJ.exe
  2⤵
  PID:4548
- C:\Windows\System\ioPVOkG.exe
  C:\Windows\System\ioPVOkG.exe
  2⤵
  PID:4584
- C:\Windows\System\eDAkfug.exe
  C:\Windows\System\eDAkfug.exe
  2⤵
  PID:4628
- C:\Windows\System\KQGjvSd.exe
  C:\Windows\System\KQGjvSd.exe
  2⤵
  PID:4640
- C:\Windows\System\XXkpvmQ.exe
  C:\Windows\System\XXkpvmQ.exe
  2⤵
  PID:4644
- C:\Windows\System\LAPBreA.exe
  C:\Windows\System\LAPBreA.exe
  2⤵
  PID:4708
- C:\Windows\System\SioTwfM.exe
  C:\Windows\System\SioTwfM.exe
  2⤵
  PID:4728
- C:\Windows\System\GBQnEmM.exe
  C:\Windows\System\GBQnEmM.exe
  2⤵
  PID:4788
- C:\Windows\System\whKJAmS.exe
  C:\Windows\System\whKJAmS.exe
  2⤵
  PID:4808
- C:\Windows\System\GJkMTze.exe
  C:\Windows\System\GJkMTze.exe
  2⤵
  PID:4840
- C:\Windows\System\YtBygLt.exe
  C:\Windows\System\YtBygLt.exe
  2⤵
  PID:4864
- C:\Windows\System\xeOSYUI.exe
  C:\Windows\System\xeOSYUI.exe
  2⤵
  PID:4884
- C:\Windows\System\UOxHyxf.exe
  C:\Windows\System\UOxHyxf.exe
  2⤵
  PID:4948
- C:\Windows\System\dtwRViX.exe
  C:\Windows\System\dtwRViX.exe
  2⤵
  PID:4964
- C:\Windows\System\oMQCwGY.exe
  C:\Windows\System\oMQCwGY.exe
  2⤵
  PID:5012
- C:\Windows\System\POdwaIA.exe
  C:\Windows\System\POdwaIA.exe
  2⤵
  PID:5048
- C:\Windows\System\eMmDSJq.exe
  C:\Windows\System\eMmDSJq.exe
  2⤵
  PID:5072
- C:\Windows\System\iWYZqny.exe
  C:\Windows\System\iWYZqny.exe
  2⤵
  PID:5116
- C:\Windows\System\vuKUEEb.exe
  C:\Windows\System\vuKUEEb.exe
  2⤵
  PID:3948
- C:\Windows\System\OfGEGoo.exe
  C:\Windows\System\OfGEGoo.exe
  2⤵
  PID:4072
- C:\Windows\System\pHeUvrj.exe
  C:\Windows\System\pHeUvrj.exe
  2⤵
  PID:3084
- C:\Windows\System\JPgvBWs.exe
  C:\Windows\System\JPgvBWs.exe
  2⤵
  PID:3184
- C:\Windows\System\gaSxUwI.exe
  C:\Windows\System\gaSxUwI.exe
  2⤵
  PID:3240
- C:\Windows\System\EXrbtQY.exe
  C:\Windows\System\EXrbtQY.exe
  2⤵
  PID:3464
- C:\Windows\System\SzeCUrA.exe
  C:\Windows\System\SzeCUrA.exe
  2⤵
  PID:3724
- C:\Windows\System\EAInCAX.exe
  C:\Windows\System\EAInCAX.exe
  2⤵
  PID:4216
- C:\Windows\System\xbsTFtS.exe
  C:\Windows\System\xbsTFtS.exe
  2⤵
  PID:4244
- C:\Windows\System\RKlxKuD.exe
  C:\Windows\System\RKlxKuD.exe
  2⤵
  PID:4284
- C:\Windows\System\qUcrwJu.exe
  C:\Windows\System\qUcrwJu.exe
  2⤵
  PID:4360
- C:\Windows\System\yPWsgBd.exe
  C:\Windows\System\yPWsgBd.exe
  2⤵
  PID:4420
- C:\Windows\System\uenxcdM.exe
  C:\Windows\System\uenxcdM.exe
  2⤵
  PID:4464
- C:\Windows\System\FEHMmjF.exe
  C:\Windows\System\FEHMmjF.exe
  2⤵
  PID:4484
- C:\Windows\System\pNrakjQ.exe
  C:\Windows\System\pNrakjQ.exe
  2⤵
  PID:4564
- C:\Windows\System\CIfSFtG.exe
  C:\Windows\System\CIfSFtG.exe
  2⤵
  PID:1460
- C:\Windows\System\RcKcRVK.exe
  C:\Windows\System\RcKcRVK.exe
  2⤵
  PID:4684
- C:\Windows\System\XQEvNUN.exe
  C:\Windows\System\XQEvNUN.exe
  2⤵
  PID:4744
- C:\Windows\System\UVTnSQf.exe
  C:\Windows\System\UVTnSQf.exe
  2⤵
  PID:4760
- C:\Windows\System\famFVLV.exe
  C:\Windows\System\famFVLV.exe
  2⤵
  PID:5132
- C:\Windows\System\FJxQTcW.exe
  C:\Windows\System\FJxQTcW.exe
  2⤵
  PID:5152
- C:\Windows\System\bQsAZJh.exe
  C:\Windows\System\bQsAZJh.exe
  2⤵
  PID:5172
- C:\Windows\System\cCpFkSl.exe
  C:\Windows\System\cCpFkSl.exe
  2⤵
  PID:5192
- C:\Windows\System\PrQlasP.exe
  C:\Windows\System\PrQlasP.exe
  2⤵
  PID:5212
- C:\Windows\System\TaTQufy.exe
  C:\Windows\System\TaTQufy.exe
  2⤵
  PID:5232
- C:\Windows\System\yIqFQLZ.exe
  C:\Windows\System\yIqFQLZ.exe
  2⤵
  PID:5252
- C:\Windows\System\hXRqbzK.exe
  C:\Windows\System\hXRqbzK.exe
  2⤵
  PID:5272
- C:\Windows\System\YydRTiA.exe
  C:\Windows\System\YydRTiA.exe
  2⤵
  PID:5292
- C:\Windows\System\PwytAqF.exe
  C:\Windows\System\PwytAqF.exe
  2⤵
  PID:5312
- C:\Windows\System\wXaRGDl.exe
  C:\Windows\System\wXaRGDl.exe
  2⤵
  PID:5332
- C:\Windows\System\WtHSEgC.exe
  C:\Windows\System\WtHSEgC.exe
  2⤵
  PID:5352
- C:\Windows\System\FkrIzAG.exe
  C:\Windows\System\FkrIzAG.exe
  2⤵
  PID:5372
- C:\Windows\System\aRWKmfT.exe
  C:\Windows\System\aRWKmfT.exe
  2⤵
  PID:5392
- C:\Windows\System\rdvhftF.exe
  C:\Windows\System\rdvhftF.exe
  2⤵
  PID:5412
- C:\Windows\System\DksBOlV.exe
  C:\Windows\System\DksBOlV.exe
  2⤵
  PID:5432
- C:\Windows\System\KVaqaFB.exe
  C:\Windows\System\KVaqaFB.exe
  2⤵
  PID:5452
- C:\Windows\System\hEszcZw.exe
  C:\Windows\System\hEszcZw.exe
  2⤵
  PID:5472
- C:\Windows\System\jKHNLxa.exe
  C:\Windows\System\jKHNLxa.exe
  2⤵
  PID:5492
- C:\Windows\System\rjiYFUx.exe
  C:\Windows\System\rjiYFUx.exe
  2⤵
  PID:5512
- C:\Windows\System\gfMxXLF.exe
  C:\Windows\System\gfMxXLF.exe
  2⤵
  PID:5532
- C:\Windows\System\ALnNPPS.exe
  C:\Windows\System\ALnNPPS.exe
  2⤵
  PID:5552
- C:\Windows\System\lPrVryo.exe
  C:\Windows\System\lPrVryo.exe
  2⤵
  PID:5572
- C:\Windows\System\GvxOEwI.exe
  C:\Windows\System\GvxOEwI.exe
  2⤵
  PID:5592
- C:\Windows\System\jFUbYrF.exe
  C:\Windows\System\jFUbYrF.exe
  2⤵
  PID:5612
- C:\Windows\System\svDlAlS.exe
  C:\Windows\System\svDlAlS.exe
  2⤵
  PID:5636
- C:\Windows\System\StVByct.exe
  C:\Windows\System\StVByct.exe
  2⤵
  PID:5656
- C:\Windows\System\YRNCIzu.exe
  C:\Windows\System\YRNCIzu.exe
  2⤵
  PID:5676
- C:\Windows\System\BcaYEPk.exe
  C:\Windows\System\BcaYEPk.exe
  2⤵
  PID:5696
- C:\Windows\System\sonxuXA.exe
  C:\Windows\System\sonxuXA.exe
  2⤵
  PID:5716
- C:\Windows\System\fiKIwUl.exe
  C:\Windows\System\fiKIwUl.exe
  2⤵
  PID:5736
- C:\Windows\System\spczuto.exe
  C:\Windows\System\spczuto.exe
  2⤵
  PID:5756
- C:\Windows\System\QVEYWOr.exe
  C:\Windows\System\QVEYWOr.exe
  2⤵
  PID:5776
- C:\Windows\System\rdruPZj.exe
  C:\Windows\System\rdruPZj.exe
  2⤵
  PID:5796
- C:\Windows\System\EGPKwTj.exe
  C:\Windows\System\EGPKwTj.exe
  2⤵
  PID:5816
- C:\Windows\System\XIzXaOB.exe
  C:\Windows\System\XIzXaOB.exe
  2⤵
  PID:5836
- C:\Windows\System\DrVwWvr.exe
  C:\Windows\System\DrVwWvr.exe
  2⤵
  PID:5856
- C:\Windows\System\lwShddD.exe
  C:\Windows\System\lwShddD.exe
  2⤵
  PID:5876
- C:\Windows\System\HjpeeQo.exe
  C:\Windows\System\HjpeeQo.exe
  2⤵
  PID:5896
- C:\Windows\System\hSbtXku.exe
  C:\Windows\System\hSbtXku.exe
  2⤵
  PID:5916
- C:\Windows\System\VGRhmgr.exe
  C:\Windows\System\VGRhmgr.exe
  2⤵
  PID:5936
- C:\Windows\System\gSjwJYl.exe
  C:\Windows\System\gSjwJYl.exe
  2⤵
  PID:5956
- C:\Windows\System\FnYpVUD.exe
  C:\Windows\System\FnYpVUD.exe
  2⤵
  PID:5976
- C:\Windows\System\ghWUSuv.exe
  C:\Windows\System\ghWUSuv.exe
  2⤵
  PID:5996
- C:\Windows\System\EXUTdAb.exe
  C:\Windows\System\EXUTdAb.exe
  2⤵
  PID:6016
- C:\Windows\System\MAzDpvK.exe
  C:\Windows\System\MAzDpvK.exe
  2⤵
  PID:6036
- C:\Windows\System\wTWkCYG.exe
  C:\Windows\System\wTWkCYG.exe
  2⤵
  PID:6056
- C:\Windows\System\ynEFXsz.exe
  C:\Windows\System\ynEFXsz.exe
  2⤵
  PID:6076
- C:\Windows\System\JGVCYNR.exe
  C:\Windows\System\JGVCYNR.exe
  2⤵
  PID:6096
- C:\Windows\System\nQFAYNe.exe
  C:\Windows\System\nQFAYNe.exe
  2⤵
  PID:6116
- C:\Windows\System\QXklzQE.exe
  C:\Windows\System\QXklzQE.exe
  2⤵
  PID:6136
- C:\Windows\System\qPCDyZF.exe
  C:\Windows\System\qPCDyZF.exe
  2⤵
  PID:4868
- C:\Windows\System\BRqHPiD.exe
  C:\Windows\System\BRqHPiD.exe
  2⤵
  PID:4900
- C:\Windows\System\ksGUoNE.exe
  C:\Windows\System\ksGUoNE.exe
  2⤵
  PID:4992
- C:\Windows\System\jkaXmXE.exe
  C:\Windows\System\jkaXmXE.exe
  2⤵
  PID:4988
- C:\Windows\System\IqVmsUz.exe
  C:\Windows\System\IqVmsUz.exe
  2⤵
  PID:5008
- C:\Windows\System\tMsoWTB.exe
  C:\Windows\System\tMsoWTB.exe
  2⤵
  PID:5092
- C:\Windows\System\nldCdeD.exe
  C:\Windows\System\nldCdeD.exe
  2⤵
  PID:3052
- C:\Windows\System\UPuzmhP.exe
  C:\Windows\System\UPuzmhP.exe
  2⤵
  PID:3200
- C:\Windows\System\VxLntjY.exe
  C:\Windows\System\VxLntjY.exe
  2⤵
  PID:3440
- C:\Windows\System\YBpcSOY.exe
  C:\Windows\System\YBpcSOY.exe
  2⤵
  PID:4144
- C:\Windows\System\sOnWaUb.exe
  C:\Windows\System\sOnWaUb.exe
  2⤵
  PID:4240
- C:\Windows\System\UzsIrEz.exe
  C:\Windows\System\UzsIrEz.exe
  2⤵
  PID:2244
- C:\Windows\System\flZamyd.exe
  C:\Windows\System\flZamyd.exe
  2⤵
  PID:4400
- C:\Windows\System\uOhOHIv.exe
  C:\Windows\System\uOhOHIv.exe
  2⤵
  PID:1812
- C:\Windows\System\cQytRCZ.exe
  C:\Windows\System\cQytRCZ.exe
  2⤵
  PID:4580
- C:\Windows\System\VgRgWBD.exe
  C:\Windows\System\VgRgWBD.exe
  2⤵
  PID:4600
- C:\Windows\System\qGOXbgu.exe
  C:\Windows\System\qGOXbgu.exe
  2⤵
  PID:4780
- C:\Windows\System\xAexzLZ.exe
  C:\Windows\System\xAexzLZ.exe
  2⤵
  PID:5140
- C:\Windows\System\jCbJTCZ.exe
  C:\Windows\System\jCbJTCZ.exe
  2⤵
  PID:5180
- C:\Windows\System\iBXTMDB.exe
  C:\Windows\System\iBXTMDB.exe
  2⤵
  PID:5200
- C:\Windows\System\wmDjQTC.exe
  C:\Windows\System\wmDjQTC.exe
  2⤵
  PID:5224
- C:\Windows\System\MQloBiB.exe
  C:\Windows\System\MQloBiB.exe
  2⤵
  PID:5268
- C:\Windows\System\LTxneeM.exe
  C:\Windows\System\LTxneeM.exe
  2⤵
  PID:5284
- C:\Windows\System\QJQtJsN.exe
  C:\Windows\System\QJQtJsN.exe
  2⤵
  PID:5324
- C:\Windows\System\yaRljWK.exe
  C:\Windows\System\yaRljWK.exe
  2⤵
  PID:5380
- C:\Windows\System\JViZdWv.exe
  C:\Windows\System\JViZdWv.exe
  2⤵
  PID:5420
- C:\Windows\System\YtUjxZU.exe
  C:\Windows\System\YtUjxZU.exe
  2⤵
  PID:5440
- C:\Windows\System\wKaIcYI.exe
  C:\Windows\System\wKaIcYI.exe
  2⤵
  PID:5444
- C:\Windows\System\kpjbraD.exe
  C:\Windows\System\kpjbraD.exe
  2⤵
  PID:5508
- C:\Windows\System\mLFmcVd.exe
  C:\Windows\System\mLFmcVd.exe
  2⤵
  PID:5528
- C:\Windows\System\hCZMuOW.exe
  C:\Windows\System\hCZMuOW.exe
  2⤵
  PID:5568
- C:\Windows\System\MwhnnpM.exe
  C:\Windows\System\MwhnnpM.exe
  2⤵
  PID:5620
- C:\Windows\System\yRNZzRr.exe
  C:\Windows\System\yRNZzRr.exe
  2⤵
  PID:5644
- C:\Windows\System\hmPJiBj.exe
  C:\Windows\System\hmPJiBj.exe
  2⤵
  PID:5668
- C:\Windows\System\GJYoggE.exe
  C:\Windows\System\GJYoggE.exe
  2⤵
  PID:5712
- C:\Windows\System\NZquSzA.exe
  C:\Windows\System\NZquSzA.exe
  2⤵
  PID:5732
- C:\Windows\System\mRlcwkV.exe
  C:\Windows\System\mRlcwkV.exe
  2⤵
  PID:5772
- C:\Windows\System\KTWjvwh.exe
  C:\Windows\System\KTWjvwh.exe
  2⤵
  PID:5804
- C:\Windows\System\RctStQm.exe
  C:\Windows\System\RctStQm.exe
  2⤵
  PID:5828
- C:\Windows\System\skDPefE.exe
  C:\Windows\System\skDPefE.exe
  2⤵
  PID:5872
- C:\Windows\System\JNTZDfN.exe
  C:\Windows\System\JNTZDfN.exe
  2⤵
  PID:5904
- C:\Windows\System\ZJsptNC.exe
  C:\Windows\System\ZJsptNC.exe
  2⤵
  PID:5928
- C:\Windows\System\jBhDByT.exe
  C:\Windows\System\jBhDByT.exe
  2⤵
  PID:5972
- C:\Windows\System\jXqkuzL.exe
  C:\Windows\System\jXqkuzL.exe
  2⤵
  PID:6004
- C:\Windows\System\nbSfvuV.exe
  C:\Windows\System\nbSfvuV.exe
  2⤵
  PID:6032
- C:\Windows\System\htBSrrU.exe
  C:\Windows\System\htBSrrU.exe
  2⤵
  PID:6048
- C:\Windows\System\PzllXDe.exe
  C:\Windows\System\PzllXDe.exe
  2⤵
  PID:6104
- C:\Windows\System\icNyvrL.exe
  C:\Windows\System\icNyvrL.exe
  2⤵
  PID:4860
- C:\Windows\System\pFPpVTT.exe
  C:\Windows\System\pFPpVTT.exe
  2⤵
  PID:4824
- C:\Windows\System\VqzOhxH.exe
  C:\Windows\System\VqzOhxH.exe
  2⤵
  PID:4896
- C:\Windows\System\vBepiqO.exe
  C:\Windows\System\vBepiqO.exe
  2⤵
  PID:5028
- C:\Windows\System\lDAzdAD.exe
  C:\Windows\System\lDAzdAD.exe
  2⤵
  PID:3832
- C:\Windows\System\HZQxHdW.exe
  C:\Windows\System\HZQxHdW.exe
  2⤵
  PID:1948
- C:\Windows\System\ExSswop.exe
  C:\Windows\System\ExSswop.exe
  2⤵
  PID:3512
- C:\Windows\System\PSqaEjB.exe
  C:\Windows\System\PSqaEjB.exe
  2⤵
  PID:4304
- C:\Windows\System\HWdYvbL.exe
  C:\Windows\System\HWdYvbL.exe
  2⤵
  PID:4388
- C:\Windows\System\cNnJQUS.exe
  C:\Windows\System\cNnJQUS.exe
  2⤵
  PID:4408
- C:\Windows\System\ehmGrTc.exe
  C:\Windows\System\ehmGrTc.exe
  2⤵
  PID:4740
- C:\Windows\System\vkKlypN.exe
  C:\Windows\System\vkKlypN.exe
  2⤵
  PID:5128
- C:\Windows\System\JGFrcNO.exe
  C:\Windows\System\JGFrcNO.exe
  2⤵
  PID:5184
- C:\Windows\System\cDwMvgH.exe
  C:\Windows\System\cDwMvgH.exe
  2⤵
  PID:5204
- C:\Windows\System\noKcIxh.exe
  C:\Windows\System\noKcIxh.exe
  2⤵
  PID:5288
- C:\Windows\System\RZHfUKr.exe
  C:\Windows\System\RZHfUKr.exe
  2⤵
  PID:5360
- C:\Windows\System\KvjEXnD.exe
  C:\Windows\System\KvjEXnD.exe
  2⤵
  PID:5424
- C:\Windows\System\ICVHYIY.exe
  C:\Windows\System\ICVHYIY.exe
  2⤵
  PID:5484
- C:\Windows\System\SGeAzTL.exe
  C:\Windows\System\SGeAzTL.exe
  2⤵
  PID:5520
- C:\Windows\System\ZBqSZnO.exe
  C:\Windows\System\ZBqSZnO.exe
  2⤵
  PID:3024
- C:\Windows\System\ltLVbYz.exe
  C:\Windows\System\ltLVbYz.exe
  2⤵
  PID:5584
- C:\Windows\System\uphjXto.exe
  C:\Windows\System\uphjXto.exe
  2⤵
  PID:5604
- C:\Windows\System\bLeoCbG.exe
  C:\Windows\System\bLeoCbG.exe
  2⤵
  PID:5724
- C:\Windows\System\jDbPjzp.exe
  C:\Windows\System\jDbPjzp.exe
  2⤵
  PID:5748
- C:\Windows\System\NKcFtJG.exe
  C:\Windows\System\NKcFtJG.exe
  2⤵
  PID:5832
- C:\Windows\System\rEkwPsp.exe
  C:\Windows\System\rEkwPsp.exe
  2⤵
  PID:5892
- C:\Windows\System\LCOATNG.exe
  C:\Windows\System\LCOATNG.exe
  2⤵
  PID:5924
- C:\Windows\System\MGZYKLc.exe
  C:\Windows\System\MGZYKLc.exe
  2⤵
  PID:5992
- C:\Windows\System\omEAaWu.exe
  C:\Windows\System\omEAaWu.exe
  2⤵
  PID:6112
- C:\Windows\System\ypsSNjH.exe
  C:\Windows\System\ypsSNjH.exe
  2⤵
  PID:1732
- C:\Windows\System\lNsmuZX.exe
  C:\Windows\System\lNsmuZX.exe
  2⤵
  PID:2468
- C:\Windows\System\VhaeHYq.exe
  C:\Windows\System\VhaeHYq.exe
  2⤵
  PID:5004
- C:\Windows\System\YIExPVo.exe
  C:\Windows\System\YIExPVo.exe
  2⤵
  PID:2828
- C:\Windows\System\fJmlyLB.exe
  C:\Windows\System\fJmlyLB.exe
  2⤵
  PID:4204
- C:\Windows\System\rJVMDlb.exe
  C:\Windows\System\rJVMDlb.exe
  2⤵
  PID:2120
- C:\Windows\System\DKyEPkr.exe
  C:\Windows\System\DKyEPkr.exe
  2⤵
  PID:4508
- C:\Windows\System\NEEtCvC.exe
  C:\Windows\System\NEEtCvC.exe
  2⤵
  PID:5124
- C:\Windows\System\FHPywmi.exe
  C:\Windows\System\FHPywmi.exe
  2⤵
  PID:6156
- C:\Windows\System\iJejIoQ.exe
  C:\Windows\System\iJejIoQ.exe
  2⤵
  PID:6176
- C:\Windows\System\GtbRlUA.exe
  C:\Windows\System\GtbRlUA.exe
  2⤵
  PID:6196
- C:\Windows\System\ZIXPvQB.exe
  C:\Windows\System\ZIXPvQB.exe
  2⤵
  PID:6216
- C:\Windows\System\MhQQskA.exe
  C:\Windows\System\MhQQskA.exe
  2⤵
  PID:6244
- C:\Windows\System\ebzzfDk.exe
  C:\Windows\System\ebzzfDk.exe
  2⤵
  PID:6264
- C:\Windows\System\zrgxnSG.exe
  C:\Windows\System\zrgxnSG.exe
  2⤵
  PID:6284
- C:\Windows\System\JqOkmAh.exe
  C:\Windows\System\JqOkmAh.exe
  2⤵
  PID:6316
- C:\Windows\System\vgonYiN.exe
  C:\Windows\System\vgonYiN.exe
  2⤵
  PID:6336
- C:\Windows\System\CZUCnZQ.exe
  C:\Windows\System\CZUCnZQ.exe
  2⤵
  PID:6364
- C:\Windows\System\JWdwxwu.exe
  C:\Windows\System\JWdwxwu.exe
  2⤵
  PID:6388
- C:\Windows\System\bOWkdHt.exe
  C:\Windows\System\bOWkdHt.exe
  2⤵
  PID:6408
- C:\Windows\System\kWdNyCk.exe
  C:\Windows\System\kWdNyCk.exe
  2⤵
  PID:6428
- C:\Windows\System\PNIfrtx.exe
  C:\Windows\System\PNIfrtx.exe
  2⤵
  PID:6448
- C:\Windows\System\ZmbBNQR.exe
  C:\Windows\System\ZmbBNQR.exe
  2⤵
  PID:6472
- C:\Windows\System\QhNyKNq.exe
  C:\Windows\System\QhNyKNq.exe
  2⤵
  PID:6492
- C:\Windows\System\nFnLuvm.exe
  C:\Windows\System\nFnLuvm.exe
  2⤵
  PID:6512
- C:\Windows\System\sTYnjGQ.exe
  C:\Windows\System\sTYnjGQ.exe
  2⤵
  PID:6532
- C:\Windows\System\swXCPPM.exe
  C:\Windows\System\swXCPPM.exe
  2⤵
  PID:6552
- C:\Windows\System\LQwQwle.exe
  C:\Windows\System\LQwQwle.exe
  2⤵
  PID:6572
- C:\Windows\System\BuGIwoO.exe
  C:\Windows\System\BuGIwoO.exe
  2⤵
  PID:6592
- C:\Windows\System\WuwPZRQ.exe
  C:\Windows\System\WuwPZRQ.exe
  2⤵
  PID:6612
- C:\Windows\System\gukjaHn.exe
  C:\Windows\System\gukjaHn.exe
  2⤵
  PID:6632
- C:\Windows\System\OHHcxvX.exe
  C:\Windows\System\OHHcxvX.exe
  2⤵
  PID:6652
- C:\Windows\System\HtDwAGp.exe
  C:\Windows\System\HtDwAGp.exe
  2⤵
  PID:6672
- C:\Windows\System\xfqQAxf.exe
  C:\Windows\System\xfqQAxf.exe
  2⤵
  PID:6692
- C:\Windows\System\KXIUpKy.exe
  C:\Windows\System\KXIUpKy.exe
  2⤵
  PID:6712
- C:\Windows\System\CbZIpuC.exe
  C:\Windows\System\CbZIpuC.exe
  2⤵
  PID:6732
- C:\Windows\System\lBzyydn.exe
  C:\Windows\System\lBzyydn.exe
  2⤵
  PID:6752
- C:\Windows\System\MuAViev.exe
  C:\Windows\System\MuAViev.exe
  2⤵
  PID:6772
- C:\Windows\System\aKwKupp.exe
  C:\Windows\System\aKwKupp.exe
  2⤵
  PID:6792
- C:\Windows\System\KOQGeBb.exe
  C:\Windows\System\KOQGeBb.exe
  2⤵
  PID:6812
- C:\Windows\System\WSXzbpb.exe
  C:\Windows\System\WSXzbpb.exe
  2⤵
  PID:6832
- C:\Windows\System\TEjHrzG.exe
  C:\Windows\System\TEjHrzG.exe
  2⤵
  PID:6856
- C:\Windows\System\umxcvPa.exe
  C:\Windows\System\umxcvPa.exe
  2⤵
  PID:6876
- C:\Windows\System\LkcJAwq.exe
  C:\Windows\System\LkcJAwq.exe
  2⤵
  PID:6896
- C:\Windows\System\crQenOE.exe
  C:\Windows\System\crQenOE.exe
  2⤵
  PID:6916
- C:\Windows\System\igWfkFd.exe
  C:\Windows\System\igWfkFd.exe
  2⤵
  PID:6936
- C:\Windows\System\mrrwpRB.exe
  C:\Windows\System\mrrwpRB.exe
  2⤵
  PID:6956
- C:\Windows\System\ZHxiWrw.exe
  C:\Windows\System\ZHxiWrw.exe
  2⤵
  PID:6976
- C:\Windows\System\bwilpPA.exe
  C:\Windows\System\bwilpPA.exe
  2⤵
  PID:6996
- C:\Windows\System\pZjWmOe.exe
  C:\Windows\System\pZjWmOe.exe
  2⤵
  PID:7016
- C:\Windows\System\GMmRukS.exe
  C:\Windows\System\GMmRukS.exe
  2⤵
  PID:7036
- C:\Windows\System\JDxaoED.exe
  C:\Windows\System\JDxaoED.exe
  2⤵
  PID:7056
- C:\Windows\System\qokkogK.exe
  C:\Windows\System\qokkogK.exe
  2⤵
  PID:7076
- C:\Windows\System\BbEeKHQ.exe
  C:\Windows\System\BbEeKHQ.exe
  2⤵
  PID:7100
- C:\Windows\System\OEIGaIf.exe
  C:\Windows\System\OEIGaIf.exe
  2⤵
  PID:7120
- C:\Windows\System\aEgbqaw.exe
  C:\Windows\System\aEgbqaw.exe
  2⤵
  PID:7140
- C:\Windows\System\OZGlxNB.exe
  C:\Windows\System\OZGlxNB.exe
  2⤵
  PID:7160
- C:\Windows\System\EFYAKCS.exe
  C:\Windows\System\EFYAKCS.exe
  2⤵
  PID:5280
- C:\Windows\System\KIpsmpI.exe
  C:\Windows\System\KIpsmpI.exe
  2⤵
  PID:5384
- C:\Windows\System\vCvQHkh.exe
  C:\Windows\System\vCvQHkh.exe
  2⤵
  PID:5468
- C:\Windows\System\FZsQmVZ.exe
  C:\Windows\System\FZsQmVZ.exe
  2⤵
  PID:5544
- C:\Windows\System\LjZtDDk.exe
  C:\Windows\System\LjZtDDk.exe
  2⤵
  PID:1548
- C:\Windows\System\UGqhVoG.exe
  C:\Windows\System\UGqhVoG.exe
  2⤵
  PID:5632
- C:\Windows\System\mnFAisX.exe
  C:\Windows\System\mnFAisX.exe
  2⤵
  PID:5764
- C:\Windows\System\nOKogui.exe
  C:\Windows\System\nOKogui.exe
  2⤵
  PID:5884
- C:\Windows\System\WqUqSzl.exe
  C:\Windows\System\WqUqSzl.exe
  2⤵
  PID:5864
- C:\Windows\System\qlPiLPV.exe
  C:\Windows\System\qlPiLPV.exe
  2⤵
  PID:6024
- C:\Windows\System\YVJrPje.exe
  C:\Windows\System\YVJrPje.exe
  2⤵
  PID:6088
- C:\Windows\System\QSmyzjW.exe
  C:\Windows\System\QSmyzjW.exe
  2⤵
  PID:6132
- C:\Windows\System\PXXkWRa.exe
  C:\Windows\System\PXXkWRa.exe
  2⤵
  PID:4008
- C:\Windows\System\JXHsmBy.exe
  C:\Windows\System\JXHsmBy.exe
  2⤵
  PID:3248
- C:\Windows\System\UeqHJhF.exe
  C:\Windows\System\UeqHJhF.exe
  2⤵
  PID:4768
- C:\Windows\System\HsFjXbT.exe
  C:\Windows\System\HsFjXbT.exe
  2⤵
  PID:6164
- C:\Windows\System\cpLaTKF.exe
  C:\Windows\System\cpLaTKF.exe
  2⤵
  PID:6204
- C:\Windows\System\wFmraln.exe
  C:\Windows\System\wFmraln.exe
  2⤵
  PID:6208
- C:\Windows\System\nzlacTk.exe
  C:\Windows\System\nzlacTk.exe
  2⤵
  PID:6252
- C:\Windows\System\JnXbFbN.exe
  C:\Windows\System\JnXbFbN.exe
  2⤵
  PID:6276
- C:\Windows\System\pKPGEmF.exe
  C:\Windows\System\pKPGEmF.exe
  2⤵
  PID:6328
- C:\Windows\System\jNmRMKr.exe
  C:\Windows\System\jNmRMKr.exe
  2⤵
  PID:6356
- C:\Windows\System\oRxiVgs.exe
  C:\Windows\System\oRxiVgs.exe
  2⤵
  PID:6404
- C:\Windows\System\DLzUdQU.exe
  C:\Windows\System\DLzUdQU.exe
  2⤵
  PID:6456
- C:\Windows\System\mxLWHeA.exe
  C:\Windows\System\mxLWHeA.exe
  2⤵
  PID:6480
- C:\Windows\System\MQKVVyL.exe
  C:\Windows\System\MQKVVyL.exe
  2⤵
  PID:6508
- C:\Windows\System\WtgafvP.exe
  C:\Windows\System\WtgafvP.exe
  2⤵
  PID:6528
- C:\Windows\System\tFAKygi.exe
  C:\Windows\System\tFAKygi.exe
  2⤵
  PID:6580
- C:\Windows\System\mFDeMYY.exe
  C:\Windows\System\mFDeMYY.exe
  2⤵
  PID:6564
- C:\Windows\System\VZlQiev.exe
  C:\Windows\System\VZlQiev.exe
  2⤵
  PID:2520
- C:\Windows\System\mztVXYC.exe
  C:\Windows\System\mztVXYC.exe
  2⤵
  PID:2896
- C:\Windows\System\WRsUIEL.exe
  C:\Windows\System\WRsUIEL.exe
  2⤵
  PID:6664
- C:\Windows\System\AumTIAF.exe
  C:\Windows\System\AumTIAF.exe
  2⤵
  PID:1000
- C:\Windows\System\jKJHnbw.exe
  C:\Windows\System\jKJHnbw.exe
  2⤵
  PID:6720
- C:\Windows\System\MhaSWhZ.exe
  C:\Windows\System\MhaSWhZ.exe
  2⤵
  PID:6744
- C:\Windows\System\MrsmNiN.exe
  C:\Windows\System\MrsmNiN.exe
  2⤵
  PID:6788
- C:\Windows\System\pcOXNwu.exe
  C:\Windows\System\pcOXNwu.exe
  2⤵
  PID:6808
- C:\Windows\System\pEWkjky.exe
  C:\Windows\System\pEWkjky.exe
  2⤵
  PID:6872
- C:\Windows\System\slHcOfa.exe
  C:\Windows\System\slHcOfa.exe
  2⤵
  PID:6904
- C:\Windows\System\IJxLsZq.exe
  C:\Windows\System\IJxLsZq.exe
  2⤵
  PID:6948
- C:\Windows\System\crYuiPV.exe
  C:\Windows\System\crYuiPV.exe
  2⤵
  PID:6888
- C:\Windows\System\xLravFM.exe
  C:\Windows\System\xLravFM.exe
  2⤵
  PID:6928
- C:\Windows\System\TmDDrni.exe
  C:\Windows\System\TmDDrni.exe
  2⤵
  PID:7004
- C:\Windows\System\xcgLnDp.exe
  C:\Windows\System\xcgLnDp.exe
  2⤵
  PID:7044
- C:\Windows\System\FGPCjyo.exe
  C:\Windows\System\FGPCjyo.exe
  2⤵
  PID:7116
- C:\Windows\System\HHrRdXs.exe
  C:\Windows\System\HHrRdXs.exe
  2⤵
  PID:2528
- C:\Windows\System\uMjGbPm.exe
  C:\Windows\System\uMjGbPm.exe
  2⤵
  PID:7084
- C:\Windows\System\LzMGdMn.exe
  C:\Windows\System\LzMGdMn.exe
  2⤵
  PID:7136
- C:\Windows\System\MYodUUs.exe
  C:\Windows\System\MYodUUs.exe
  2⤵
  PID:5160
- C:\Windows\System\HXQZULy.exe
  C:\Windows\System\HXQZULy.exe
  2⤵
  PID:2552
- C:\Windows\System\fotTlgC.exe
  C:\Windows\System\fotTlgC.exe
  2⤵
  PID:5588
- C:\Windows\System\DxsSaVT.exe
  C:\Windows\System\DxsSaVT.exe
  2⤵
  PID:3020
- C:\Windows\System\LPYRdiy.exe
  C:\Windows\System\LPYRdiy.exe
  2⤵
  PID:2820
- C:\Windows\System\fsGdkwg.exe
  C:\Windows\System\fsGdkwg.exe
  2⤵
  PID:5652
- C:\Windows\System\UPUhiKA.exe
  C:\Windows\System\UPUhiKA.exe
  2⤵
  PID:2692
- C:\Windows\System\LJqrTIg.exe
  C:\Windows\System\LJqrTIg.exe
  2⤵
  PID:4920
- C:\Windows\System\BkdPlra.exe
  C:\Windows\System\BkdPlra.exe
  2⤵
  PID:2344
- C:\Windows\System\mKNnIuP.exe
  C:\Windows\System\mKNnIuP.exe
  2⤵
  PID:2588
- C:\Windows\System\FhUATMe.exe
  C:\Windows\System\FhUATMe.exe
  2⤵
  PID:6188
- C:\Windows\System\bwwTRQJ.exe
  C:\Windows\System\bwwTRQJ.exe
  2⤵
  PID:6228
- C:\Windows\System\kqZnptc.exe
  C:\Windows\System\kqZnptc.exe
  2⤵
  PID:6360
- C:\Windows\System\NKFwRIZ.exe
  C:\Windows\System\NKFwRIZ.exe
  2⤵
  PID:2424
- C:\Windows\System\NmSwFtv.exe
  C:\Windows\System\NmSwFtv.exe
  2⤵
  PID:6420
- C:\Windows\System\bpmIfXf.exe
  C:\Windows\System\bpmIfXf.exe
  2⤵
  PID:6440
- C:\Windows\System\wtGvYfY.exe
  C:\Windows\System\wtGvYfY.exe
  2⤵
  PID:6520
- C:\Windows\System\cEjIObV.exe
  C:\Windows\System\cEjIObV.exe
  2⤵
  PID:6620
- C:\Windows\System\OXZRlas.exe
  C:\Windows\System\OXZRlas.exe
  2⤵
  PID:6604
- C:\Windows\System\ONBcKzc.exe
  C:\Windows\System\ONBcKzc.exe
  2⤵
  PID:6660
- C:\Windows\System\IZiMqTS.exe
  C:\Windows\System\IZiMqTS.exe
  2⤵
  PID:6680
- C:\Windows\System\uCFTHXY.exe
  C:\Windows\System\uCFTHXY.exe
  2⤵
  PID:6780
- C:\Windows\System\cimQySb.exe
  C:\Windows\System\cimQySb.exe
  2⤵
  PID:6824
- C:\Windows\System\sUNwhsI.exe
  C:\Windows\System\sUNwhsI.exe
  2⤵
  PID:6884
- C:\Windows\System\yujVfFJ.exe
  C:\Windows\System\yujVfFJ.exe
  2⤵
  PID:6992
- C:\Windows\System\mogiszD.exe
  C:\Windows\System\mogiszD.exe
  2⤵
  PID:6964
- C:\Windows\System\pqIDKvP.exe
  C:\Windows\System\pqIDKvP.exe
  2⤵
  PID:7008
- C:\Windows\System\vKrfVgh.exe
  C:\Windows\System\vKrfVgh.exe
  2⤵
  PID:7152
- C:\Windows\System\wqjKUgc.exe
  C:\Windows\System\wqjKUgc.exe
  2⤵
  PID:7128
- C:\Windows\System\EJaeFMt.exe
  C:\Windows\System\EJaeFMt.exe
  2⤵
  PID:5320
- C:\Windows\System\JjvgQDn.exe
  C:\Windows\System\JjvgQDn.exe
  2⤵
  PID:5648
- C:\Windows\System\Wxhhpjr.exe
  C:\Windows\System\Wxhhpjr.exe
  2⤵
  PID:5824
- C:\Windows\System\GnIoElR.exe
  C:\Windows\System\GnIoElR.exe
  2⤵
  PID:2908
- C:\Windows\System\pIKIDMM.exe
  C:\Windows\System\pIKIDMM.exe
  2⤵
  PID:5964
- C:\Windows\System\nzyAIEE.exe
  C:\Windows\System\nzyAIEE.exe
  2⤵
  PID:4520
- C:\Windows\System\OMVJLSU.exe
  C:\Windows\System\OMVJLSU.exe
  2⤵
  PID:6256
- C:\Windows\System\ItMbHEz.exe
  C:\Windows\System\ItMbHEz.exe
  2⤵
  PID:6324
- C:\Windows\System\NInjMox.exe
  C:\Windows\System\NInjMox.exe
  2⤵
  PID:6424
- C:\Windows\System\PiBdtNp.exe
  C:\Windows\System\PiBdtNp.exe
  2⤵
  PID:6464
- C:\Windows\System\wjgDQwe.exe
  C:\Windows\System\wjgDQwe.exe
  2⤵
  PID:2600
- C:\Windows\System\IUPmMcD.exe
  C:\Windows\System\IUPmMcD.exe
  2⤵
  PID:6560
- C:\Windows\System\dRLUCxX.exe
  C:\Windows\System\dRLUCxX.exe
  2⤵
  PID:6728
- C:\Windows\System\DhxRzDk.exe
  C:\Windows\System\DhxRzDk.exe
  2⤵
  PID:6828
- C:\Windows\System\eeYdHnf.exe
  C:\Windows\System\eeYdHnf.exe
  2⤵
  PID:6908
- C:\Windows\System\vqFkAOi.exe
  C:\Windows\System\vqFkAOi.exe
  2⤵
  PID:6932
- C:\Windows\System\SkoMVfh.exe
  C:\Windows\System\SkoMVfh.exe
  2⤵
  PID:7148
- C:\Windows\System\vhYYdzs.exe
  C:\Windows\System\vhYYdzs.exe
  2⤵
  PID:7096
- C:\Windows\System\FFDmdDA.exe
  C:\Windows\System\FFDmdDA.exe
  2⤵
  PID:5400
- C:\Windows\System\EsgOqvL.exe
  C:\Windows\System\EsgOqvL.exe
  2⤵
  PID:7184
- C:\Windows\System\NifzTUD.exe
  C:\Windows\System\NifzTUD.exe
  2⤵
  PID:7204
- C:\Windows\System\pBrFjgU.exe
  C:\Windows\System\pBrFjgU.exe
  2⤵
  PID:7224
- C:\Windows\System\WOPwERK.exe
  C:\Windows\System\WOPwERK.exe
  2⤵
  PID:7244
- C:\Windows\System\VLOtfal.exe
  C:\Windows\System\VLOtfal.exe
  2⤵
  PID:7264
- C:\Windows\System\cbiXbjy.exe
  C:\Windows\System\cbiXbjy.exe
  2⤵
  PID:7284
- C:\Windows\System\ymkrbgf.exe
  C:\Windows\System\ymkrbgf.exe
  2⤵
  PID:7304
- C:\Windows\System\qNGTHCC.exe
  C:\Windows\System\qNGTHCC.exe
  2⤵
  PID:7324
- C:\Windows\System\yrlbeFQ.exe
  C:\Windows\System\yrlbeFQ.exe
  2⤵
  PID:7344
- C:\Windows\System\OZuzPRN.exe
  C:\Windows\System\OZuzPRN.exe
  2⤵
  PID:7364
- C:\Windows\System\hCPcfPq.exe
  C:\Windows\System\hCPcfPq.exe
  2⤵
  PID:7384
- C:\Windows\System\EFUUmKd.exe
  C:\Windows\System\EFUUmKd.exe
  2⤵
  PID:7404
- C:\Windows\System\qXIIHUs.exe
  C:\Windows\System\qXIIHUs.exe
  2⤵
  PID:7424
- C:\Windows\System\IpJafXD.exe
  C:\Windows\System\IpJafXD.exe
  2⤵
  PID:7444
- C:\Windows\System\JwaBdpS.exe
  C:\Windows\System\JwaBdpS.exe
  2⤵
  PID:7464
- C:\Windows\System\ApbXPlz.exe
  C:\Windows\System\ApbXPlz.exe
  2⤵
  PID:7484
- C:\Windows\System\NANHBtU.exe
  C:\Windows\System\NANHBtU.exe
  2⤵
  PID:7504
- C:\Windows\System\okXOWcI.exe
  C:\Windows\System\okXOWcI.exe
  2⤵
  PID:7524
- C:\Windows\System\xsgTBuG.exe
  C:\Windows\System\xsgTBuG.exe
  2⤵
  PID:7544
- C:\Windows\System\iFNObtl.exe
  C:\Windows\System\iFNObtl.exe
  2⤵
  PID:7564
- C:\Windows\System\ZOVlgxT.exe
  C:\Windows\System\ZOVlgxT.exe
  2⤵
  PID:7584
- C:\Windows\System\NJsvhmQ.exe
  C:\Windows\System\NJsvhmQ.exe
  2⤵
  PID:7604
- C:\Windows\System\uqoTvNe.exe
  C:\Windows\System\uqoTvNe.exe
  2⤵
  PID:7624
- C:\Windows\System\JYIHUAd.exe
  C:\Windows\System\JYIHUAd.exe
  2⤵
  PID:7644
- C:\Windows\System\NSqBRNI.exe
  C:\Windows\System\NSqBRNI.exe
  2⤵
  PID:7668
- C:\Windows\System\lPchsWu.exe
  C:\Windows\System\lPchsWu.exe
  2⤵
  PID:7688
- C:\Windows\System\GnmVNXy.exe
  C:\Windows\System\GnmVNXy.exe
  2⤵
  PID:7708
- C:\Windows\System\SjLjjFD.exe
  C:\Windows\System\SjLjjFD.exe
  2⤵
  PID:7728
- C:\Windows\System\VVPVemF.exe
  C:\Windows\System\VVPVemF.exe
  2⤵
  PID:7748
- C:\Windows\System\IOvPcKb.exe
  C:\Windows\System\IOvPcKb.exe
  2⤵
  PID:7768
- C:\Windows\System\oHrxCBo.exe
  C:\Windows\System\oHrxCBo.exe
  2⤵
  PID:7788
- C:\Windows\System\UaTeHMg.exe
  C:\Windows\System\UaTeHMg.exe
  2⤵
  PID:7808
- C:\Windows\System\AEICCQE.exe
  C:\Windows\System\AEICCQE.exe
  2⤵
  PID:7828
- C:\Windows\System\mmxLTep.exe
  C:\Windows\System\mmxLTep.exe
  2⤵
  PID:7848
- C:\Windows\System\GMErNmb.exe
  C:\Windows\System\GMErNmb.exe
  2⤵
  PID:7868
- C:\Windows\System\CzaAzmw.exe
  C:\Windows\System\CzaAzmw.exe
  2⤵
  PID:7888
- C:\Windows\System\motwIOZ.exe
  C:\Windows\System\motwIOZ.exe
  2⤵
  PID:7908
- C:\Windows\System\xjqHBmR.exe
  C:\Windows\System\xjqHBmR.exe
  2⤵
  PID:7928
- C:\Windows\System\BZGLdSd.exe
  C:\Windows\System\BZGLdSd.exe
  2⤵
  PID:7948
- C:\Windows\System\DiXRmpb.exe
  C:\Windows\System\DiXRmpb.exe
  2⤵
  PID:7968
- C:\Windows\System\qtSMVYY.exe
  C:\Windows\System\qtSMVYY.exe
  2⤵
  PID:7988
- C:\Windows\System\BthaCri.exe
  C:\Windows\System\BthaCri.exe
  2⤵
  PID:8008
- C:\Windows\System\MohNoPN.exe
  C:\Windows\System\MohNoPN.exe
  2⤵
  PID:8028
- C:\Windows\System\iZkPsBq.exe
  C:\Windows\System\iZkPsBq.exe
  2⤵
  PID:8048
- C:\Windows\System\iJZlmej.exe
  C:\Windows\System\iJZlmej.exe
  2⤵
  PID:8068
- C:\Windows\System\sUXyiaw.exe
  C:\Windows\System\sUXyiaw.exe
  2⤵
  PID:8088
- C:\Windows\System\OaBphpT.exe
  C:\Windows\System\OaBphpT.exe
  2⤵
  PID:8108
- C:\Windows\System\SPzpDev.exe
  C:\Windows\System\SPzpDev.exe
  2⤵
  PID:8128
- C:\Windows\System\usVqiEq.exe
  C:\Windows\System\usVqiEq.exe
  2⤵
  PID:8148
- C:\Windows\System\VypkNHj.exe
  C:\Windows\System\VypkNHj.exe
  2⤵
  PID:8168
- C:\Windows\System\nbMeLAk.exe
  C:\Windows\System\nbMeLAk.exe
  2⤵
  PID:8188
- C:\Windows\System\WrQeXSk.exe
  C:\Windows\System\WrQeXSk.exe
  2⤵
  PID:1596
- C:\Windows\System\wVMiCpc.exe
  C:\Windows\System\wVMiCpc.exe
  2⤵
  PID:4648
- C:\Windows\System\DXtGDpj.exe
  C:\Windows\System\DXtGDpj.exe
  2⤵
  PID:6312
- C:\Windows\System\ZShHSqY.exe
  C:\Windows\System\ZShHSqY.exe
  2⤵
  PID:2616
- C:\Windows\System\ObfcqYN.exe
  C:\Windows\System\ObfcqYN.exe
  2⤵
  PID:6600
- C:\Windows\System\tVKBreY.exe
  C:\Windows\System\tVKBreY.exe
  2⤵
  PID:6668
- C:\Windows\System\iNgEBoN.exe
  C:\Windows\System\iNgEBoN.exe
  2⤵
  PID:6764
- C:\Windows\System\YxUHvxa.exe
  C:\Windows\System\YxUHvxa.exe
  2⤵
  PID:6988
- C:\Windows\System\RbnVOGC.exe
  C:\Windows\System\RbnVOGC.exe
  2⤵
  PID:7088
- C:\Windows\System\AHUGPSt.exe
  C:\Windows\System\AHUGPSt.exe
  2⤵
  PID:5488
- C:\Windows\System\MEdzfGn.exe
  C:\Windows\System\MEdzfGn.exe
  2⤵
  PID:7200
- C:\Windows\System\UlIrgfE.exe
  C:\Windows\System\UlIrgfE.exe
  2⤵
  PID:7240
- C:\Windows\System\NbrqFaC.exe
  C:\Windows\System\NbrqFaC.exe
  2⤵
  PID:7280
- C:\Windows\System\LtWhZPg.exe
  C:\Windows\System\LtWhZPg.exe
  2⤵
  PID:7300
- C:\Windows\System\eKlmBFf.exe
  C:\Windows\System\eKlmBFf.exe
  2⤵
  PID:7316
- C:\Windows\System\svqifJb.exe
  C:\Windows\System\svqifJb.exe
  2⤵
  PID:7336
- C:\Windows\System\sEKBosh.exe
  C:\Windows\System\sEKBosh.exe
  2⤵
  PID:7380
- C:\Windows\System\VuUkRXf.exe
  C:\Windows\System\VuUkRXf.exe
  2⤵
  PID:7416
- C:\Windows\System\nnYbqMu.exe
  C:\Windows\System\nnYbqMu.exe
  2⤵
  PID:7460
- C:\Windows\System\LqpKCuh.exe
  C:\Windows\System\LqpKCuh.exe
  2⤵
  PID:7500
- C:\Windows\System\iRlVNSf.exe
  C:\Windows\System\iRlVNSf.exe
  2⤵
  PID:7532
- C:\Windows\System\PpbYvFR.exe
  C:\Windows\System\PpbYvFR.exe
  2⤵
  PID:7556
- C:\Windows\System\rZNJPOz.exe
  C:\Windows\System\rZNJPOz.exe
  2⤵
  PID:7600
- C:\Windows\System\smFjvKp.exe
  C:\Windows\System\smFjvKp.exe
  2⤵
  PID:7640
- C:\Windows\System\bFBIJhc.exe
  C:\Windows\System\bFBIJhc.exe
  2⤵
  PID:7656
- C:\Windows\System\lwvZplV.exe
  C:\Windows\System\lwvZplV.exe
  2⤵
  PID:7704
- C:\Windows\System\rcJJwXu.exe
  C:\Windows\System\rcJJwXu.exe
  2⤵
  PID:7736
- C:\Windows\System\EuKrREZ.exe
  C:\Windows\System\EuKrREZ.exe
  2⤵
  PID:7740
- C:\Windows\System\DnZuctA.exe
  C:\Windows\System\DnZuctA.exe
  2⤵
  PID:7780
- C:\Windows\System\BCSRQKX.exe
  C:\Windows\System\BCSRQKX.exe
  2⤵
  PID:7820
- C:\Windows\System\QfbnRBQ.exe
  C:\Windows\System\QfbnRBQ.exe
  2⤵
  PID:7864
- C:\Windows\System\MBNdXcC.exe
  C:\Windows\System\MBNdXcC.exe
  2⤵
  PID:7896
- C:\Windows\System\vnGChNN.exe
  C:\Windows\System\vnGChNN.exe
  2⤵
  PID:7920
- C:\Windows\System\ALIPLHh.exe
  C:\Windows\System\ALIPLHh.exe
  2⤵
  PID:7940
- C:\Windows\System\gKzryqs.exe
  C:\Windows\System\gKzryqs.exe
  2⤵
  PID:8004
- C:\Windows\System\cPUFhJe.exe
  C:\Windows\System\cPUFhJe.exe
  2⤵
  PID:8020
- C:\Windows\System\TKklEDe.exe
  C:\Windows\System\TKklEDe.exe
  2⤵
  PID:8056
- C:\Windows\System\InEmKbI.exe
  C:\Windows\System\InEmKbI.exe
  2⤵
  PID:8060
- C:\Windows\System\QqnKpVD.exe
  C:\Windows\System\QqnKpVD.exe
  2⤵
  PID:8124
- C:\Windows\System\xlmbuMO.exe
  C:\Windows\System\xlmbuMO.exe
  2⤵
  PID:8144
- C:\Windows\System\ZNPmquf.exe
  C:\Windows\System\ZNPmquf.exe
  2⤵
  PID:8180
- C:\Windows\System\XEoELKy.exe
  C:\Windows\System\XEoELKy.exe
  2⤵
  PID:6128
- C:\Windows\System\FKHQeTl.exe
  C:\Windows\System\FKHQeTl.exe
  2⤵
  PID:2136
- C:\Windows\System\WOVSQBb.exe
  C:\Windows\System\WOVSQBb.exe
  2⤵
  PID:6444
- C:\Windows\System\rYfRTYi.exe
  C:\Windows\System\rYfRTYi.exe
  2⤵
  PID:2796
- C:\Windows\System\GOyJmaC.exe
  C:\Windows\System\GOyJmaC.exe
  2⤵
  PID:6800
- C:\Windows\System\WTkjtSe.exe
  C:\Windows\System\WTkjtSe.exe
  2⤵
  PID:7192
- C:\Windows\System\LGmXZRS.exe
  C:\Windows\System\LGmXZRS.exe
  2⤵
  PID:7180
- C:\Windows\System\JlXvGKK.exe
  C:\Windows\System\JlXvGKK.exe
  2⤵
  PID:7212
- C:\Windows\System\WEOuOYr.exe
  C:\Windows\System\WEOuOYr.exe
  2⤵
  PID:7276
- C:\Windows\System\mRhUxqf.exe
  C:\Windows\System\mRhUxqf.exe
  2⤵
  PID:7352
- C:\Windows\System\GujSENF.exe
  C:\Windows\System\GujSENF.exe
  2⤵
  PID:7396
- C:\Windows\System\HxLoWUq.exe
  C:\Windows\System\HxLoWUq.exe
  2⤵
  PID:7480
- C:\Windows\System\haiDQEZ.exe
  C:\Windows\System\haiDQEZ.exe
  2⤵
  PID:7476
- C:\Windows\System\YNGdBQY.exe
  C:\Windows\System\YNGdBQY.exe
  2⤵
  PID:7552
- C:\Windows\System\kjsNhpH.exe
  C:\Windows\System\kjsNhpH.exe
  2⤵
  PID:7632
- C:\Windows\System\LaMTlfK.exe
  C:\Windows\System\LaMTlfK.exe
  2⤵
  PID:7696
- C:\Windows\System\uFpiKyq.exe
  C:\Windows\System\uFpiKyq.exe
  2⤵
  PID:7764
- C:\Windows\System\JHuLXuE.exe
  C:\Windows\System\JHuLXuE.exe
  2⤵
  PID:7804
- C:\Windows\System\CIedbRJ.exe
  C:\Windows\System\CIedbRJ.exe
  2⤵
  PID:1704
- C:\Windows\System\PmsmzXs.exe
  C:\Windows\System\PmsmzXs.exe
  2⤵
  PID:7904
- C:\Windows\System\BjzrOEe.exe
  C:\Windows\System\BjzrOEe.exe
  2⤵
  PID:7984
- C:\Windows\System\teghBTY.exe
  C:\Windows\System\teghBTY.exe
  2⤵
  PID:8044
- C:\Windows\System\hAoLqqt.exe
  C:\Windows\System\hAoLqqt.exe
  2⤵
  PID:8040
- C:\Windows\System\ZJTUvWb.exe
  C:\Windows\System\ZJTUvWb.exe
  2⤵
  PID:8084
- C:\Windows\System\GGdjkAl.exe
  C:\Windows\System\GGdjkAl.exe
  2⤵
  PID:8156
- C:\Windows\System\PzCaulJ.exe
  C:\Windows\System\PzCaulJ.exe
  2⤵
  PID:6072
- C:\Windows\System\CpFFdQt.exe
  C:\Windows\System\CpFFdQt.exe
  2⤵
  PID:6640
- C:\Windows\System\toUKkVU.exe
  C:\Windows\System\toUKkVU.exe
  2⤵
  PID:6844
- C:\Windows\System\CZOPKFL.exe
  C:\Windows\System\CZOPKFL.exe
  2⤵
  PID:6840
- C:\Windows\System\acdLAJe.exe
  C:\Windows\System\acdLAJe.exe
  2⤵
  PID:7220
- C:\Windows\System\XKBhSNg.exe
  C:\Windows\System\XKBhSNg.exe
  2⤵
  PID:7292
- C:\Windows\System\EJfwJKb.exe
  C:\Windows\System\EJfwJKb.exe
  2⤵
  PID:7436
- C:\Windows\System\PZizlRY.exe
  C:\Windows\System\PZizlRY.exe
  2⤵
  PID:7536
- C:\Windows\System\PgJyZAC.exe
  C:\Windows\System\PgJyZAC.exe
  2⤵
  PID:7576
- C:\Windows\System\UffZZXe.exe
  C:\Windows\System\UffZZXe.exe
  2⤵
  PID:7636
- C:\Windows\System\rVyUgrz.exe
  C:\Windows\System\rVyUgrz.exe
  2⤵
  PID:7720
- C:\Windows\System\VkQTWzI.exe
  C:\Windows\System\VkQTWzI.exe
  2⤵
  PID:7824
- C:\Windows\System\SokZQTW.exe
  C:\Windows\System\SokZQTW.exe
  2⤵
  PID:8000
- C:\Windows\System\sdXZyJu.exe
  C:\Windows\System\sdXZyJu.exe
  2⤵
  PID:8100
- C:\Windows\System\RNxzBDf.exe
  C:\Windows\System\RNxzBDf.exe
  2⤵
  PID:8136
- C:\Windows\System\HCgVqmO.exe
  C:\Windows\System\HCgVqmO.exe
  2⤵
  PID:6704
- C:\Windows\System\cLgNoAm.exe
  C:\Windows\System\cLgNoAm.exe
  2⤵
  PID:6972
- C:\Windows\System\iwGVCsW.exe
  C:\Windows\System\iwGVCsW.exe
  2⤵
  PID:7256
- C:\Windows\System\SCKJfUE.exe
  C:\Windows\System\SCKJfUE.exe
  2⤵
  PID:3528
- C:\Windows\System\rJwtJZh.exe
  C:\Windows\System\rJwtJZh.exe
  2⤵
  PID:7492
- C:\Windows\System\HQkGBzE.exe
  C:\Windows\System\HQkGBzE.exe
  2⤵
  PID:7700
- C:\Windows\System\cnKvCDN.exe
  C:\Windows\System\cnKvCDN.exe
  2⤵
  PID:7876
- C:\Windows\System\sQeAuhY.exe
  C:\Windows\System\sQeAuhY.exe
  2⤵
  PID:7996
- C:\Windows\System\NuwqnEa.exe
  C:\Windows\System\NuwqnEa.exe
  2⤵
  PID:2308
- C:\Windows\System\yAfREEl.exe
  C:\Windows\System\yAfREEl.exe
  2⤵
  PID:4348
- C:\Windows\System\pvOehLa.exe
  C:\Windows\System\pvOehLa.exe
  2⤵
  PID:1928
- C:\Windows\System\vKoWAYI.exe
  C:\Windows\System\vKoWAYI.exe
  2⤵
  PID:2516
- C:\Windows\System\sXQqYtX.exe
  C:\Windows\System\sXQqYtX.exe
  2⤵
  PID:7452
- C:\Windows\System\btqjpgX.exe
  C:\Windows\System\btqjpgX.exe
  2⤵
  PID:7676
- C:\Windows\System\oytcBXf.exe
  C:\Windows\System\oytcBXf.exe
  2⤵
  PID:3996
- C:\Windows\System\LoPJheX.exe
  C:\Windows\System\LoPJheX.exe
  2⤵
  PID:7856
- C:\Windows\System\ELAGgIW.exe
  C:\Windows\System\ELAGgIW.exe
  2⤵
  PID:8096
- C:\Windows\System\oFxsWRM.exe
  C:\Windows\System\oFxsWRM.exe
  2⤵
  PID:3028
- C:\Windows\System\sfcSUpF.exe
  C:\Windows\System\sfcSUpF.exe
  2⤵
  PID:5032
- C:\Windows\System\LqfsLcL.exe
  C:\Windows\System\LqfsLcL.exe
  2⤵
  PID:8216
- C:\Windows\System\GKNGQOC.exe
  C:\Windows\System\GKNGQOC.exe
  2⤵
  PID:8236
- C:\Windows\System\xbaXTCi.exe
  C:\Windows\System\xbaXTCi.exe
  2⤵
  PID:8256
- C:\Windows\System\UYEuHYq.exe
  C:\Windows\System\UYEuHYq.exe
  2⤵
  PID:8272
- C:\Windows\System\PdrxORV.exe
  C:\Windows\System\PdrxORV.exe
  2⤵
  PID:8288
- C:\Windows\System\OtuePwL.exe
  C:\Windows\System\OtuePwL.exe
  2⤵
  PID:8304
- C:\Windows\System\faeSDOQ.exe
  C:\Windows\System\faeSDOQ.exe
  2⤵
  PID:8320
- C:\Windows\System\UUjaTpt.exe
  C:\Windows\System\UUjaTpt.exe
  2⤵
  PID:8336
- C:\Windows\System\gCBVCyz.exe
  C:\Windows\System\gCBVCyz.exe
  2⤵
  PID:8356
- C:\Windows\System\sOxTbIm.exe
  C:\Windows\System\sOxTbIm.exe
  2⤵
  PID:8380
- C:\Windows\System\ueeuhCq.exe
  C:\Windows\System\ueeuhCq.exe
  2⤵
  PID:8404
- C:\Windows\System\CVGJLSx.exe
  C:\Windows\System\CVGJLSx.exe
  2⤵
  PID:8428
- C:\Windows\System\LgAOdqL.exe
  C:\Windows\System\LgAOdqL.exe
  2⤵
  PID:8448
- C:\Windows\System\iMVamUm.exe
  C:\Windows\System\iMVamUm.exe
  2⤵
  PID:8468
- C:\Windows\System\jgGPBKp.exe
  C:\Windows\System\jgGPBKp.exe
  2⤵
  PID:8492
- C:\Windows\System\RZMEIeG.exe
  C:\Windows\System\RZMEIeG.exe
  2⤵
  PID:8512
- C:\Windows\System\cNhdxid.exe
  C:\Windows\System\cNhdxid.exe
  2⤵
  PID:8532
- C:\Windows\System\LuqVscv.exe
  C:\Windows\System\LuqVscv.exe
  2⤵
  PID:8592
- C:\Windows\System\ZrfXOOP.exe
  C:\Windows\System\ZrfXOOP.exe
  2⤵
  PID:8608
- C:\Windows\System\wjOGFBx.exe
  C:\Windows\System\wjOGFBx.exe
  2⤵
  PID:8624
- C:\Windows\System\kylXexP.exe
  C:\Windows\System\kylXexP.exe
  2⤵
  PID:8640
- C:\Windows\System\mRglapd.exe
  C:\Windows\System\mRglapd.exe
  2⤵
  PID:8656
- C:\Windows\System\DPPGLVf.exe
  C:\Windows\System\DPPGLVf.exe
  2⤵
  PID:8680
- C:\Windows\System\NFgBHAN.exe
  C:\Windows\System\NFgBHAN.exe
  2⤵
  PID:8696
- C:\Windows\System\atGBKnh.exe
  C:\Windows\System\atGBKnh.exe
  2⤵
  PID:8720
- C:\Windows\System\cdgsuJo.exe
  C:\Windows\System\cdgsuJo.exe
  2⤵
  PID:8744
- C:\Windows\System\XhUJyTg.exe
  C:\Windows\System\XhUJyTg.exe
  2⤵
  PID:8760
- C:\Windows\System\rOTRTrx.exe
  C:\Windows\System\rOTRTrx.exe
  2⤵
  PID:8776
- C:\Windows\System\LhTRtbs.exe
  C:\Windows\System\LhTRtbs.exe
  2⤵
  PID:8800
- C:\Windows\System\tbVlqOT.exe
  C:\Windows\System\tbVlqOT.exe
  2⤵
  PID:8816
- C:\Windows\System\bUMdnLX.exe
  C:\Windows\System\bUMdnLX.exe
  2⤵
  PID:8832
- C:\Windows\System\OedydHl.exe
  C:\Windows\System\OedydHl.exe
  2⤵
  PID:8852
- C:\Windows\System\JugGBKv.exe
  C:\Windows\System\JugGBKv.exe
  2⤵
  PID:8872
- C:\Windows\System\pouaDIx.exe
  C:\Windows\System\pouaDIx.exe
  2⤵
  PID:8888
- C:\Windows\System\RZGRxtk.exe
  C:\Windows\System\RZGRxtk.exe
  2⤵
  PID:8916
- C:\Windows\System\XUICYQe.exe
  C:\Windows\System\XUICYQe.exe
  2⤵
  PID:8932
- C:\Windows\System\BzruSem.exe
  C:\Windows\System\BzruSem.exe
  2⤵
  PID:8976
- C:\Windows\System\uIqJDrL.exe
  C:\Windows\System\uIqJDrL.exe
  2⤵
  PID:8996
- C:\Windows\System\MdTEtlQ.exe
  C:\Windows\System\MdTEtlQ.exe
  2⤵
  PID:9016
- C:\Windows\System\OMnnKwn.exe
  C:\Windows\System\OMnnKwn.exe
  2⤵
  PID:9032
- C:\Windows\System\mnfYbOh.exe
  C:\Windows\System\mnfYbOh.exe
  2⤵
  PID:9056
- C:\Windows\System\nRLRbPZ.exe
  C:\Windows\System\nRLRbPZ.exe
  2⤵
  PID:9076
- C:\Windows\System\uNWwcGz.exe
  C:\Windows\System\uNWwcGz.exe
  2⤵
  PID:9092
- C:\Windows\System\VQSWMMm.exe
  C:\Windows\System\VQSWMMm.exe
  2⤵
  PID:9112
- C:\Windows\System\FUgbncO.exe
  C:\Windows\System\FUgbncO.exe
  2⤵
  PID:9136
- C:\Windows\System\SKKAeXY.exe
  C:\Windows\System\SKKAeXY.exe
  2⤵
  PID:9164
- C:\Windows\System\eQiphbO.exe
  C:\Windows\System\eQiphbO.exe
  2⤵
  PID:9180
- C:\Windows\System\phDjbTt.exe
  C:\Windows\System\phDjbTt.exe
  2⤵
  PID:9196
- C:\Windows\System\YwdOTaV.exe
  C:\Windows\System\YwdOTaV.exe
  2⤵
  PID:9212
- C:\Windows\System\XNihQBz.exe
  C:\Windows\System\XNihQBz.exe
  2⤵
  PID:2584
- C:\Windows\System\GefaodX.exe
  C:\Windows\System\GefaodX.exe
  2⤵
  PID:7412
- C:\Windows\System\dtQNojJ.exe
  C:\Windows\System\dtQNojJ.exe
  2⤵
  PID:8016
- C:\Windows\System\ARPckib.exe
  C:\Windows\System\ARPckib.exe
  2⤵
  PID:7816
- C:\Windows\System\aFHOtvH.exe
  C:\Windows\System\aFHOtvH.exe
  2⤵
  PID:2812
- C:\Windows\System\DUIGDdZ.exe
  C:\Windows\System\DUIGDdZ.exe
  2⤵
  PID:8232
- C:\Windows\System\CficzcR.exe
  C:\Windows\System\CficzcR.exe
  2⤵
  PID:8284
- C:\Windows\System\YWGgTlp.exe
  C:\Windows\System\YWGgTlp.exe
  2⤵
  PID:8312
- C:\Windows\System\GONTwQm.exe
  C:\Windows\System\GONTwQm.exe
  2⤵
  PID:8328
- C:\Windows\System\NROeLuT.exe
  C:\Windows\System\NROeLuT.exe
  2⤵
  PID:8388
- C:\Windows\System\VkGZyCX.exe
  C:\Windows\System\VkGZyCX.exe
  2⤵
  PID:8412
- C:\Windows\System\fkpHtDP.exe
  C:\Windows\System\fkpHtDP.exe
  2⤵
  PID:8416
- C:\Windows\System\tFbPZbM.exe
  C:\Windows\System\tFbPZbM.exe
  2⤵
  PID:8476
- C:\Windows\System\VwZzpus.exe
  C:\Windows\System\VwZzpus.exe
  2⤵
  PID:8528
- C:\Windows\System\MFEHQSV.exe
  C:\Windows\System\MFEHQSV.exe
  2⤵
  PID:1524
- C:\Windows\System\MqbddYo.exe
  C:\Windows\System\MqbddYo.exe
  2⤵
  PID:1224
- C:\Windows\System\XIXKnKb.exe
  C:\Windows\System\XIXKnKb.exe
  2⤵
  PID:8564
- C:\Windows\System\iguvCPb.exe
  C:\Windows\System\iguvCPb.exe
  2⤵
  PID:8580
- C:\Windows\System\BMwsreS.exe
  C:\Windows\System\BMwsreS.exe
  2⤵
  PID:2572
- C:\Windows\System\ZoTTnDh.exe
  C:\Windows\System\ZoTTnDh.exe
  2⤵
  PID:1056
- C:\Windows\System\WaTFCdY.exe
  C:\Windows\System\WaTFCdY.exe
  2⤵
  PID:2844
- C:\Windows\System\KjrSnkK.exe
  C:\Windows\System\KjrSnkK.exe
  2⤵
  PID:960
- C:\Windows\System\kFRyPbA.exe
  C:\Windows\System\kFRyPbA.exe
  2⤵
  PID:1252
- C:\Windows\System\RsBzwDd.exe
  C:\Windows\System\RsBzwDd.exe
  2⤵
  PID:8588
- C:\Windows\System\NJDxiQg.exe
  C:\Windows\System\NJDxiQg.exe
  2⤵
  PID:8620
- C:\Windows\System\VQJJdnM.exe
  C:\Windows\System\VQJJdnM.exe
  2⤵
  PID:8668
- C:\Windows\System\BkMstSk.exe
  C:\Windows\System\BkMstSk.exe
  2⤵
  PID:8688
- C:\Windows\System\ZbCNmCZ.exe
  C:\Windows\System\ZbCNmCZ.exe
  2⤵
  PID:8708
- C:\Windows\System\URLrRnl.exe
  C:\Windows\System\URLrRnl.exe
  2⤵
  PID:8756
- C:\Windows\System\WjdIEok.exe
  C:\Windows\System\WjdIEok.exe
  2⤵
  PID:8824
- C:\Windows\System\nPJiaTL.exe
  C:\Windows\System\nPJiaTL.exe
  2⤵
  PID:8896
- C:\Windows\System\CZJTjLU.exe
  C:\Windows\System\CZJTjLU.exe
  2⤵
  PID:8900
- C:\Windows\System\IZxnidg.exe
  C:\Windows\System\IZxnidg.exe
  2⤵
  PID:8732
- C:\Windows\System\xUJeDsJ.exe
  C:\Windows\System\xUJeDsJ.exe
  2⤵
  PID:8772
- C:\Windows\System\WmxQpwL.exe
  C:\Windows\System\WmxQpwL.exe
  2⤵
  PID:8952
- C:\Windows\System\goSGVUr.exe
  C:\Windows\System\goSGVUr.exe
  2⤵
  PID:8964
- C:\Windows\System\DWYNIqg.exe
  C:\Windows\System\DWYNIqg.exe
  2⤵
  PID:9040
- C:\Windows\System\yfSCKzu.exe
  C:\Windows\System\yfSCKzu.exe
  2⤵
  PID:9064
- C:\Windows\System\HYOJTxr.exe
  C:\Windows\System\HYOJTxr.exe
  2⤵
  PID:9088
- C:\Windows\System\tRLCJiu.exe
  C:\Windows\System\tRLCJiu.exe
  2⤵
  PID:9108
- C:\Windows\System\ZyWpfyH.exe
  C:\Windows\System\ZyWpfyH.exe
  2⤵
  PID:8968
- C:\Windows\System\BDDQgoN.exe
  C:\Windows\System\BDDQgoN.exe
  2⤵
  PID:9208
- C:\Windows\System\LQTwUjF.exe
  C:\Windows\System\LQTwUjF.exe
  2⤵
  PID:2340
- C:\Windows\System\QYaxYRj.exe
  C:\Windows\System\QYaxYRj.exe
  2⤵
  PID:7400
- C:\Windows\System\hhHxCvB.exe
  C:\Windows\System\hhHxCvB.exe
  2⤵
  PID:5752
- C:\Windows\System\VttpoId.exe
  C:\Windows\System\VttpoId.exe
  2⤵
  PID:8212
- C:\Windows\System\lmBntKi.exe
  C:\Windows\System\lmBntKi.exe
  2⤵
  PID:2172
- C:\Windows\System\jYWwMFa.exe
  C:\Windows\System\jYWwMFa.exe
  2⤵
  PID:8344
- C:\Windows\System\cdWzJsc.exe
  C:\Windows\System\cdWzJsc.exe
  2⤵
  PID:8376
- C:\Windows\System\YdUMPrI.exe
  C:\Windows\System\YdUMPrI.exe
  2⤵
  PID:8444
- C:\Windows\System\MGVcyed.exe
  C:\Windows\System\MGVcyed.exe
  2⤵
  PID:8504
- C:\Windows\System\qjrsQcv.exe
  C:\Windows\System\qjrsQcv.exe
  2⤵
  PID:8480
- C:\Windows\System\zTQprzW.exe
  C:\Windows\System\zTQprzW.exe
  2⤵
  PID:8576
- C:\Windows\System\umPWFEW.exe
  C:\Windows\System\umPWFEW.exe
  2⤵
  PID:1616
- C:\Windows\System\sErdJyG.exe
  C:\Windows\System\sErdJyG.exe
  2⤵
  PID:2644
- C:\Windows\System\FmjVYVb.exe
  C:\Windows\System\FmjVYVb.exe
  2⤵
  PID:5848
- C:\Windows\System\rWCGaxM.exe
  C:\Windows\System\rWCGaxM.exe
  2⤵
  PID:8796
- C:\Windows\System\YABHddS.exe
  C:\Windows\System\YABHddS.exe
  2⤵
  PID:8560
- C:\Windows\System\rELcmxl.exe
  C:\Windows\System\rELcmxl.exe
  2⤵
  PID:8808
- C:\Windows\System\zNsUiBc.exe
  C:\Windows\System\zNsUiBc.exe
  2⤵
  PID:2832
- C:\Windows\System\OznYxfj.exe
  C:\Windows\System\OznYxfj.exe
  2⤵
  PID:8740
- C:\Windows\System\dJPGdNO.exe
  C:\Windows\System\dJPGdNO.exe
  2⤵
  PID:8960
- C:\Windows\System\TsQtdSO.exe
  C:\Windows\System\TsQtdSO.exe
  2⤵
  PID:8884
- C:\Windows\System\SzGJrxu.exe
  C:\Windows\System\SzGJrxu.exe
  2⤵
  PID:2940
- C:\Windows\System\BXspoHH.exe
  C:\Windows\System\BXspoHH.exe
  2⤵
  PID:8988
- C:\Windows\System\MSrWEoI.exe
  C:\Windows\System\MSrWEoI.exe
  2⤵
  PID:9048
- C:\Windows\System\PvJgFxu.exe
  C:\Windows\System\PvJgFxu.exe
  2⤵
  PID:9072
- C:\Windows\System\YlozbjP.exe
  C:\Windows\System\YlozbjP.exe
  2⤵
  PID:9132
- C:\Windows\System\sklTxHs.exe
  C:\Windows\System\sklTxHs.exe
  2⤵
  PID:2652
- C:\Windows\System\VtaWCEQ.exe
  C:\Windows\System\VtaWCEQ.exe
  2⤵
  PID:8248
- C:\Windows\System\tSWxucC.exe
  C:\Windows\System\tSWxucC.exe
  2⤵
  PID:8300
- C:\Windows\System\qitLtJW.exe
  C:\Windows\System\qitLtJW.exe
  2⤵
  PID:2536
- C:\Windows\System\nEDDmzT.exe
  C:\Windows\System\nEDDmzT.exe
  2⤵
  PID:8912
- C:\Windows\System\KcxOtal.exe
  C:\Windows\System\KcxOtal.exe
  2⤵
  PID:8716
- C:\Windows\System\AjyLrHT.exe
  C:\Windows\System\AjyLrHT.exe
  2⤵
  PID:380
- C:\Windows\System\OOWGyZZ.exe
  C:\Windows\System\OOWGyZZ.exe
  2⤵
  PID:2472
- C:\Windows\System\QbomBJC.exe
  C:\Windows\System\QbomBJC.exe
  2⤵
  PID:8500
- C:\Windows\System\bjnYnSh.exe
  C:\Windows\System\bjnYnSh.exe
  2⤵
  PID:2632
- C:\Windows\System\DeIYhAY.exe
  C:\Windows\System\DeIYhAY.exe
  2⤵
  PID:2156
- C:\Windows\System\yuineGh.exe
  C:\Windows\System\yuineGh.exe
  2⤵
  PID:8860
- C:\Windows\System\IhZCYel.exe
  C:\Windows\System\IhZCYel.exe
  2⤵
  PID:8768
- C:\Windows\System\iTxPyBH.exe
  C:\Windows\System\iTxPyBH.exe
  2⤵
  PID:8924
- C:\Windows\System\KUqrpTu.exe
  C:\Windows\System\KUqrpTu.exe
  2⤵
  PID:8992
- C:\Windows\System\pNPlZjn.exe
  C:\Windows\System\pNPlZjn.exe
  2⤵
  PID:7900
- C:\Windows\System\sbWNIIV.exe
  C:\Windows\System\sbWNIIV.exe
  2⤵
  PID:2160
- C:\Windows\System\KVWEKhN.exe
  C:\Windows\System\KVWEKhN.exe
  2⤵
  PID:8572
- C:\Windows\System\bMjdMdi.exe
  C:\Windows\System\bMjdMdi.exe
  2⤵
  PID:8280
- C:\Windows\System\PEfzBTb.exe
  C:\Windows\System\PEfzBTb.exe
  2⤵
  PID:8636
- C:\Windows\System\RLiylnB.exe
  C:\Windows\System\RLiylnB.exe
  2⤵
  PID:2132
- C:\Windows\System\rsDnzkw.exe
  C:\Windows\System\rsDnzkw.exe
  2⤵
  PID:8868
- C:\Windows\System\qvJxiJw.exe
  C:\Windows\System\qvJxiJw.exe
  2⤵
  PID:1004
- C:\Windows\System\RUTfwPG.exe
  C:\Windows\System\RUTfwPG.exe
  2⤵
  PID:9028
- C:\Windows\System\OSOqIkk.exe
  C:\Windows\System\OSOqIkk.exe
  2⤵
  PID:9152
- C:\Windows\System\ByPiyVW.exe
  C:\Windows\System\ByPiyVW.exe
  2⤵
  PID:9084
- C:\Windows\System\RIDEUdB.exe
  C:\Windows\System\RIDEUdB.exe
  2⤵
  PID:8268
- C:\Windows\System\heXHUqr.exe
  C:\Windows\System\heXHUqr.exe
  2⤵
  PID:2852
- C:\Windows\System\QCFZdGX.exe
  C:\Windows\System\QCFZdGX.exe
  2⤵
  PID:8864
- C:\Windows\System\hkGoind.exe
  C:\Windows\System\hkGoind.exe
  2⤵
  PID:7296
- C:\Windows\System\Zrvtjup.exe
  C:\Windows\System\Zrvtjup.exe
  2⤵
  PID:8440
- C:\Windows\System\XNwxgXl.exe
  C:\Windows\System\XNwxgXl.exe
  2⤵
  PID:9160
- C:\Windows\System\acObSeb.exe
  C:\Windows\System\acObSeb.exe
  2⤵
  PID:8792
- C:\Windows\System\josZgzu.exe
  C:\Windows\System\josZgzu.exe
  2⤵
  PID:9104
- C:\Windows\System\AiksEej.exe
  C:\Windows\System\AiksEej.exe
  2⤵
  PID:8652
- C:\Windows\System\iatETDe.exe
  C:\Windows\System\iatETDe.exe
  2⤵
  PID:8664
- C:\Windows\System\qBohCYx.exe
  C:\Windows\System\qBohCYx.exe
  2⤵
  PID:1656
- C:\Windows\System\pHzPTKA.exe
  C:\Windows\System\pHzPTKA.exe
  2⤵
  PID:8928
- C:\Windows\System\YDyGzVO.exe
  C:\Windows\System\YDyGzVO.exe
  2⤵
  PID:8552
- C:\Windows\System\UqVpIcB.exe
  C:\Windows\System\UqVpIcB.exe
  2⤵
  PID:9240
- C:\Windows\System\icLKBiX.exe
  C:\Windows\System\icLKBiX.exe
  2⤵
  PID:9256
- C:\Windows\System\QLAenDr.exe
  C:\Windows\System\QLAenDr.exe
  2⤵
  PID:9288
- C:\Windows\System\UoJDXSG.exe
  C:\Windows\System\UoJDXSG.exe
  2⤵
  PID:9304
- C:\Windows\System\ZfVPrXF.exe
  C:\Windows\System\ZfVPrXF.exe
  2⤵
  PID:9320
- C:\Windows\System\eBedIFN.exe
  C:\Windows\System\eBedIFN.exe
  2⤵
  PID:9344
- C:\Windows\System\JnlGdxT.exe
  C:\Windows\System\JnlGdxT.exe
  2⤵
  PID:9364
- C:\Windows\System\HAgwiyD.exe
  C:\Windows\System\HAgwiyD.exe
  2⤵
  PID:9384
- C:\Windows\System\aezqTFW.exe
  C:\Windows\System\aezqTFW.exe
  2⤵
  PID:9404
- C:\Windows\System\JHsWvep.exe
  C:\Windows\System\JHsWvep.exe
  2⤵
  PID:9420
- C:\Windows\System\sNJfYOl.exe
  C:\Windows\System\sNJfYOl.exe
  2⤵
  PID:9436
- C:\Windows\System\ZrnyRcK.exe
  C:\Windows\System\ZrnyRcK.exe
  2⤵
  PID:9452
- C:\Windows\System\mWkXlBx.exe
  C:\Windows\System\mWkXlBx.exe
  2⤵
  PID:9468
- C:\Windows\System\rFQICvm.exe
  C:\Windows\System\rFQICvm.exe
  2⤵
  PID:9492
- C:\Windows\System\hmkZHRX.exe
  C:\Windows\System\hmkZHRX.exe
  2⤵
  PID:9512
- C:\Windows\System\ewSfCNp.exe
  C:\Windows\System\ewSfCNp.exe
  2⤵
  PID:9532
- C:\Windows\System\qOTMayY.exe
  C:\Windows\System\qOTMayY.exe
  2⤵
  PID:9552
- C:\Windows\System\gpVqvyW.exe
  C:\Windows\System\gpVqvyW.exe
  2⤵
  PID:9572
- C:\Windows\System\pvFFVtX.exe
  C:\Windows\System\pvFFVtX.exe
  2⤵
  PID:9588
- C:\Windows\System\cmxqkfW.exe
  C:\Windows\System\cmxqkfW.exe
  2⤵
  PID:9608
- C:\Windows\System\eKVWtIH.exe
  C:\Windows\System\eKVWtIH.exe
  2⤵
  PID:9624
- C:\Windows\System\LLywVcp.exe
  C:\Windows\System\LLywVcp.exe
  2⤵
  PID:9644
- C:\Windows\System\ZFSORbL.exe
  C:\Windows\System\ZFSORbL.exe
  2⤵
  PID:9660
- C:\Windows\System\HWMxReK.exe
  C:\Windows\System\HWMxReK.exe
  2⤵
  PID:9708
- C:\Windows\System\rbFtnxy.exe
  C:\Windows\System\rbFtnxy.exe
  2⤵
  PID:9724
- C:\Windows\System\zgJSIDl.exe
  C:\Windows\System\zgJSIDl.exe
  2⤵
  PID:9744
- C:\Windows\System\EiHLgxE.exe
  C:\Windows\System\EiHLgxE.exe
  2⤵
  PID:9760
- C:\Windows\System\kLimaSV.exe
  C:\Windows\System\kLimaSV.exe
  2⤵
  PID:9792
- C:\Windows\System\tPDUKAL.exe
  C:\Windows\System\tPDUKAL.exe
  2⤵
  PID:9812
- C:\Windows\System\LohLGLe.exe
  C:\Windows\System\LohLGLe.exe
  2⤵
  PID:9832
- C:\Windows\System\GtVhgeG.exe
  C:\Windows\System\GtVhgeG.exe
  2⤵
  PID:9848
- C:\Windows\System\baMLqug.exe
  C:\Windows\System\baMLqug.exe
  2⤵
  PID:9868
- C:\Windows\System\MTwIJsu.exe
  C:\Windows\System\MTwIJsu.exe
  2⤵
  PID:9884
- C:\Windows\System\XyDSwSk.exe
  C:\Windows\System\XyDSwSk.exe
  2⤵
  PID:9900
- C:\Windows\System\nHPrAZl.exe
  C:\Windows\System\nHPrAZl.exe
  2⤵
  PID:9916
- C:\Windows\System\FuJMUuV.exe
  C:\Windows\System\FuJMUuV.exe
  2⤵
  PID:9948
- C:\Windows\System\ZjLvnHi.exe
  C:\Windows\System\ZjLvnHi.exe
  2⤵
  PID:9968
- C:\Windows\System\ngDxNHF.exe
  C:\Windows\System\ngDxNHF.exe
  2⤵
  PID:9992
- C:\Windows\System\VwlbkvM.exe
  C:\Windows\System\VwlbkvM.exe
  2⤵
  PID:10012
- C:\Windows\System\hymvfvL.exe
  C:\Windows\System\hymvfvL.exe
  2⤵
  PID:10028
- C:\Windows\System\MFAHBXw.exe
  C:\Windows\System\MFAHBXw.exe
  2⤵
  PID:10048
- C:\Windows\System\qdcrRTW.exe
  C:\Windows\System\qdcrRTW.exe
  2⤵
  PID:10068
- C:\Windows\System\UsfXFAH.exe
  C:\Windows\System\UsfXFAH.exe
  2⤵
  PID:10088
- C:\Windows\System\iadoezC.exe
  C:\Windows\System\iadoezC.exe
  2⤵
  PID:10104
- C:\Windows\System\HEQJFFh.exe
  C:\Windows\System\HEQJFFh.exe
  2⤵
  PID:10136
- C:\Windows\System\EnZXBEr.exe
  C:\Windows\System\EnZXBEr.exe
  2⤵
  PID:10152
- C:\Windows\System\MAmxmaO.exe
  C:\Windows\System\MAmxmaO.exe
  2⤵
  PID:10168
- C:\Windows\System\TYnDGGA.exe
  C:\Windows\System\TYnDGGA.exe
  2⤵
  PID:10184
- C:\Windows\System\FfdNCZp.exe
  C:\Windows\System\FfdNCZp.exe
  2⤵
  PID:10204
- C:\Windows\System\mEIDuhH.exe
  C:\Windows\System\mEIDuhH.exe
  2⤵
  PID:10228
- C:\Windows\System\CvayHIc.exe
  C:\Windows\System\CvayHIc.exe
  2⤵
  PID:9012
- C:\Windows\System\qrEhwXh.exe
  C:\Windows\System\qrEhwXh.exe
  2⤵
  PID:9264
- C:\Windows\System\ivfAIjC.exe
  C:\Windows\System\ivfAIjC.exe
  2⤵
  PID:9284
- C:\Windows\System\vuBmENQ.exe
  C:\Windows\System\vuBmENQ.exe
  2⤵
  PID:9328
- C:\Windows\System\QKgdpjT.exe
  C:\Windows\System\QKgdpjT.exe
  2⤵
  PID:9332
- C:\Windows\System\lsvGxWg.exe
  C:\Windows\System\lsvGxWg.exe
  2⤵
  PID:9336
- C:\Windows\System\eFBYJMI.exe
  C:\Windows\System\eFBYJMI.exe
  2⤵
  PID:9432
- C:\Windows\System\GKTnbVm.exe
  C:\Windows\System\GKTnbVm.exe
  2⤵
  PID:9504
- C:\Windows\System\VWTYRKK.exe
  C:\Windows\System\VWTYRKK.exe
  2⤵
  PID:9620
- C:\Windows\System\pGeTLYd.exe
  C:\Windows\System\pGeTLYd.exe
  2⤵
  PID:9484
- C:\Windows\System\QfSIMvM.exe
  C:\Windows\System\QfSIMvM.exe
  2⤵
  PID:9520
- C:\Windows\System\CvalJyl.exe
  C:\Windows\System\CvalJyl.exe
  2⤵
  PID:9528
- C:\Windows\System\FanijoG.exe
  C:\Windows\System\FanijoG.exe
  2⤵
  PID:9632
- C:\Windows\System\OHLYqOe.exe
  C:\Windows\System\OHLYqOe.exe
  2⤵
  PID:9596
- C:\Windows\System\kqdBFnU.exe
  C:\Windows\System\kqdBFnU.exe
  2⤵
  PID:9688
- C:\Windows\System\IbxBUkh.exe
  C:\Windows\System\IbxBUkh.exe
  2⤵
  PID:9704
- C:\Windows\System\gZZZepO.exe
  C:\Windows\System\gZZZepO.exe
  2⤵
  PID:9772
- C:\Windows\System\ZJukaXY.exe
  C:\Windows\System\ZJukaXY.exe
  2⤵
  PID:9756
- C:\Windows\System\NjPgVHM.exe
  C:\Windows\System\NjPgVHM.exe
  2⤵
  PID:9800
- C:\Windows\System\Djiecap.exe
  C:\Windows\System\Djiecap.exe
  2⤵
  PID:9828
- C:\Windows\System\WMHXBrP.exe
  C:\Windows\System\WMHXBrP.exe
  2⤵
  PID:9880
- C:\Windows\System\eINRqlF.exe
  C:\Windows\System\eINRqlF.exe
  2⤵
  PID:9892
- C:\Windows\System\VDUwvYE.exe
  C:\Windows\System\VDUwvYE.exe
  2⤵
  PID:9964
- C:\Windows\System\cbatFPE.exe
  C:\Windows\System\cbatFPE.exe
  2⤵
  PID:9944
- C:\Windows\System\gnpVCbg.exe
  C:\Windows\System\gnpVCbg.exe
  2⤵
  PID:9988
- C:\Windows\System\RUQTubx.exe
  C:\Windows\System\RUQTubx.exe
  2⤵
  PID:10040
- C:\Windows\System\gmPgoJX.exe
  C:\Windows\System\gmPgoJX.exe
  2⤵
  PID:10084
- C:\Windows\System\hSDBnVZ.exe
  C:\Windows\System\hSDBnVZ.exe
  2⤵
  PID:10128
- C:\Windows\System\SyPnnZG.exe
  C:\Windows\System\SyPnnZG.exe
  2⤵
  PID:10164
- C:\Windows\System\iUPRCkY.exe
  C:\Windows\System\iUPRCkY.exe
  2⤵
  PID:10236
- C:\Windows\System\DprEkpO.exe
  C:\Windows\System\DprEkpO.exe
  2⤵
  PID:10176
- C:\Windows\System\KXedkMh.exe
  C:\Windows\System\KXedkMh.exe
  2⤵
  PID:10224
- C:\Windows\System\LiGuwLz.exe
  C:\Windows\System\LiGuwLz.exe
  2⤵
  PID:9248
- C:\Windows\System\xrLHAnX.exe
  C:\Windows\System\xrLHAnX.exe
  2⤵
  PID:9356
- C:\Windows\System\nJuMXZJ.exe
  C:\Windows\System\nJuMXZJ.exe
  2⤵
  PID:9584
- C:\Windows\System\ACgnzvR.exe
  C:\Windows\System\ACgnzvR.exe
  2⤵
  PID:9376
- C:\Windows\System\pPiijOQ.exe
  C:\Windows\System\pPiijOQ.exe
  2⤵
  PID:9412
- C:\Windows\System\YudEYWP.exe
  C:\Windows\System\YudEYWP.exe
  2⤵
  PID:9548
- C:\Windows\System\NEDwlvT.exe
  C:\Windows\System\NEDwlvT.exe
  2⤵
  PID:9560
- C:\Windows\System\vNeOXZC.exe
  C:\Windows\System\vNeOXZC.exe
  2⤵
  PID:9752
- C:\Windows\System\YoJtsGc.exe
  C:\Windows\System\YoJtsGc.exe
  2⤵
  PID:9600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DTLjSwN.exe

Filesize
6.0MB

MD5
94bbee3ccdb37e3952af555938ed26f8

SHA1
b730470192a78b6a738d62d5ff2214d104a3ecad

SHA256
ee86b78bbbd2cfef9f6bbe37cda3bc83a977d5739135213b0e9410c36598cffc

SHA512
24793f674f8c49638d73f442feb9213497fefa81b839cfa880e08a8f68a2142e569e7247b1a9ecba0ec3566fb6b2b66d94a0917d2b61328327ef4c0ef5df5770

Download Submit
C:\Windows\system\FEUEZab.exe

Filesize
6.0MB

MD5
df28f8576f1435a252707d86fa758b2a

SHA1
cc35564734a437bf5293d419770ebf5c3e070b4d

SHA256
109ae8f4c5063056c187c65ba402f235e64013560b2791cafaec6a5cadb19e23

SHA512
733b5eae4e076125c78fc23a3afb051acb1f39ad2d2a5cfc37041da06c0c7100d79739213b16fc0f88c55909ae8ab567a5b473fea79e3f8c35a4732730496f93

Download Submit
C:\Windows\system\GUhtYhm.exe

Filesize
6.0MB

MD5
2afcac5f54c488b1b8363edf73f17a46

SHA1
3586a895d91ad07b59b9f870a8d0cd1f333de293

SHA256
d1003714bea99dd3af147985452e8622fc4a016600367f786aedc3ef41e999a4

SHA512
77ffa5471e3e1286a6d9f6edf8fa65d4685b5f05ef77b5913ccc4fc56f84d01590b42b0edc029b27fb567a55c0a89c8118c0e074b832d50c9071a002797a6222

Download Submit
C:\Windows\system\HgwjuBT.exe

Filesize
6.0MB

MD5
ffdb462e4926fa63389ff85d60cee049

SHA1
2038a80805044ce4c568e324a0c171cd9a9d5b14

SHA256
7f1e9b6084a878c3c54dfbcb1903c6586e4328924ee7e39bad3a384b0fa1b466

SHA512
49a66909aad6d53dab64461cfd1680a8c5ff27418c700bd7d70f810ddc9b7db3b561420cbe2a0306fa2d028888d8aeff975011daf43970447f475404ec4584eb

Download Submit
C:\Windows\system\IAFMNiQ.exe

Filesize
6.0MB

MD5
ba8d4a71b86a7f98ce16ad0e41612d0e

SHA1
7e90eb6ad2daeae9427cfe9c1353b6a8a281fa22

SHA256
6e4d1e74fa813d2b213b0e31d7dd6d6e8fb33b3ee030e3dcfb9bbe74f6f4e982

SHA512
4c487f4340858da9d8bfbf7e83f4fee62685d7a464743ca7e8552fcd9fc44fc87b9655f7f390c927e216f12cff5ef5fccff241b66341271f9c607d8c438e5871

Download Submit
C:\Windows\system\IhWWUet.exe

Filesize
6.0MB

MD5
79dae90167513b9d32bbab947751fdad

SHA1
1469fe54e0c72b7c7a7d234a44e9e7a6f3363e54

SHA256
5b59d10978e5541c4afb44f40b7286261b1d905e72ed64bb86cbb9ebeb5fb1de

SHA512
3016c97d480bbd60964619214ffd4a2f636918514a16a1ff8c9a6777c3815b25d0b0153a4f11a9b75f614560d2c3fb1b7415ad4c1f129a7495266d0da6b3a135

Download Submit
C:\Windows\system\KYewFvs.exe

Filesize
6.0MB

MD5
92e254b3ec409811dc14f9baae41c3ff

SHA1
2316c784daec03887eb946441248e6eb13b08e29

SHA256
4f0f844cfd3036d93e9d90f1d133dab2c4e6507d4e46102a749d8dec1e09d4a0

SHA512
3c13007a83793b3368d5dd1aa48ad18184268abce4d55f99d578a6965a7091783aedc9e316c514f96dcf4573d1599532230030ccfb17b0b3d3cd48f7dde1888d

Download Submit
C:\Windows\system\MiAabCf.exe

Filesize
6.0MB

MD5
c89d254704bf0fa5062005a941ffc245

SHA1
f2c6dd72e5774860c3b8744865bd06546b45d0a8

SHA256
d5e96be56ac6262c8a3eaaa68e3701d1a91f5cb38bf96157f436ca7bc47537fb

SHA512
605b7c0c5816324cfc566e1d0ef9c6c491bdbc4eb06fa5180bf57301d1f2116b3d50b78dc442b0d2b961646ad03c836f223febb22c2d90a29666004fc3d62584

Download Submit
C:\Windows\system\PEOZzij.exe

Filesize
6.0MB

MD5
f251904a5c2673e59907d8d6a3f46389

SHA1
accf864ad03edc1cbc0874e2a094701596141fe5

SHA256
0a788d76705db86915815ed069715183f93317c2ead8e930ed59f4218f8a2b60

SHA512
c521221b62807fc88b2c8fe3752306e175940de6df1136db82e0f9eea7ec5c68a802bc88764438c59071b97a55b420146d366ba8a9a1dfc0f9a0706e35c9d7bb

Download Submit
C:\Windows\system\PgZUmaP.exe

Filesize
6.0MB

MD5
f336e3287b09778da810a4dbf19e622f

SHA1
15e1a241d2b0e189b95456282988c7a971e96393

SHA256
5d01d538842aa52d4bef318dd4536c28625b4a456f06bf24f6cdbec53e31ca3f

SHA512
35e14ee628a4161f9d8ca34798f53b41ccf0bda0d5068836f3fb78581fe84baa8e1d6e11aa15dbfed7025722d1e00126e9519f97113e92bf4ed9b055f3773e5d

Download Submit
C:\Windows\system\QVsoxAO.exe

Filesize
6.0MB

MD5
99b3a648f8eedb60218da2f2dcb51b81

SHA1
f827f1ac2ef8f540aa56dd880e05beea849e149f

SHA256
92479728512b8597428a9f3dc163ea07aaeeda7e73c4f9780a2d728fca3a2c8e

SHA512
736b28b5f917f26a7aa80286408d1d8e7778535ad0a1c9dc24455c71344e0ed74550397d531f13d7f5ed9e627223b81e0dd86dc30e4c3aebad52cd5b49fbc6e0

Download Submit
C:\Windows\system\QcuXEdI.exe

Filesize
6.0MB

MD5
0c744ff076f40e5581d2502223f19440

SHA1
7d9bc34131e52561e01281042081bbbed03f46eb

SHA256
7c1a6aaef775e45b8c1b6724617abfd5bee74055bfefcad123686a4853397bca

SHA512
75e9f3c7e3b4589f7b231b68c9fed2dae52c11e61c6a74b94e5f781e2e9772e6dc0d2f603162e7190509676928a172da07365267f083c3d3f729d85f9c470267

Download Submit
C:\Windows\system\RtmtDUY.exe

Filesize
6.0MB

MD5
559fa37a0a36ceab4ff7cfdae124a10d

SHA1
cafcdf0c5437a2108f9536d71a085f884d3715df

SHA256
c1cf1c74c1379328e7acaa6656a2a942990d0818e7e0c534efa6e0353d161f8e

SHA512
7f9f175aa9dd93063bf925ccc09e54c126cbdf6118e16cdac53f9783fb1ddfaf4a8fb84b529241814bfb9d3bb247ef23785576c57ea92de8d175650846572ba5

Download Submit
C:\Windows\system\UfAxqEh.exe

Filesize
6.0MB

MD5
4ff00c8ef7cff193f41966b363b6048f

SHA1
0f0b7dab9c28f29e867cbe327ed5ff55a982f643

SHA256
273ce1cf33063eca6d6470c43feea354077ebcc1ce157e5d839243b579cdecfe

SHA512
139116574c51b58737094b1986e6934d3e3b98aea360d8b6bd7a942e0e490b0796b176d77bcab82c77362020f7cbc2b87f4a9b43e11ace564b563c358b14e179

Download Submit
C:\Windows\system\VDWlMjA.exe

Filesize
6.0MB

MD5
d4d57790509c25b2b4bf6979f41f137b

SHA1
a366896cb30431e219a7b9b1fe8dcc95cd3d2083

SHA256
f5a399ce29e6dd4413439a4332f8253bb701e9eb3c9a5eebfff987f28e3600a8

SHA512
1b9abaa4dc5767f296e31aeea9bf4a2e3e2abb40987272b0e788f8bc84f0732389e9c697ef8e486ac02b4f2a351cf325542e47da260daeee13629057f231a335

Download Submit
C:\Windows\system\WYcsQEZ.exe

Filesize
6.0MB

MD5
1ef33e82593fa40981a8c86c2bbfd99b

SHA1
6dc30a2473a0d3c616d4c4c7f24e0d1c1595c5b6

SHA256
b464265764a7dba82a8416cbf39d2fea1c775ad3f412feb1390fb6076ce69d70

SHA512
1f7f1280e97352f3a4565c40b870cb48bef616bda737883b910b15f0c75932501f48b94a828f104b040303e4e0ac3d8aa1f88e2e6923f09869fe5ba2897ab25d

Download Submit
C:\Windows\system\XYLyeTd.exe

Filesize
6.0MB

MD5
1283794453aabb6971c691a35a62ba7f

SHA1
00f418325b77d6bd4df529f0f69fbdb88a951d1f

SHA256
0b8cfb8b625b04ac366c7dd60e5cccd4371bc606c55bd0006cd68c1e1e9bd859

SHA512
8d12838b49ecd026bd9d7252ef8a4fa5817a391e19b8306d011c3f8b36c681e2af8876d57b10c6153a1630078131d8bb01eba93edfbcf239660f24c61ebc054a

Download Submit
C:\Windows\system\aToYZsU.exe

Filesize
6.0MB

MD5
7589403e76a2292f3de3401d9c67ed85

SHA1
9ba08056bce61c104333c6694d6571a3d3492c41

SHA256
73c0cdc7ca9aa5be3b6cc8ae2258f9b30531fe9f499b5ee5dc8c27b245db4aec

SHA512
985f03be0bb93a2a6ac830cc0e496ade1506abb53c4a818d346e5fbe00fbdff442c6bdb8f3af3d8022e78bc27ad633f2fe11fc481e1ec86988547b1f07b420fd

Download Submit
C:\Windows\system\eLZeXOX.exe

Filesize
6.0MB

MD5
310c99b86a8348cf80b9cbad00e9c78c

SHA1
711e92be5f738c77c3adab7646ffcf9c2b0ca10c

SHA256
0cab1fe2c60d06fc09b38b1db097fde70871cdf6bb110aa4714e5cb05d610c62

SHA512
306615f33732155a39413543397da5a7bf6d4189946f92da2f963f25b72d32104792084b5b1a5f14c1a41d4fc5b398b9dc9615560f4f1fa8d257b9b822865ce2

Download Submit
C:\Windows\system\kEzpJbC.exe

Filesize
6.0MB

MD5
e98cc9a3d2b0b3f873e5f8ab5ba53be4

SHA1
4194ecbe50ded635a0f07083b19878bbcc97eca7

SHA256
9bb6af4ff1323797276553461ce379de7b3c9d41ffddfb5d2c12e259e0f2f942

SHA512
893fae0ffdc59b74e11956e47053e88e6afe5b00573cd77be0f4bb36742ae6ef4d3c57b496c6c6fe73761ea9b64be6f7f27f3a0e3d3ebd46f890ce7e87eb82c3

Download Submit
C:\Windows\system\nzgGwsX.exe

Filesize
6.0MB

MD5
74b7838901292d4f88b9093170a2f7e3

SHA1
243f0423ffde23bffe13689d951d4d900f632279

SHA256
678eee15a4a435a4a2b90f6f8d53248399800cf9304f1feacfef9153fd6dda98

SHA512
4fcf90209d6bc091cf1e130d3e412f200b912c4776f086670492bcbe4336b263797ddacbc14de281b90dc927fe6b64cd2c6d46852d1d59370a9526388261d077

Download Submit
C:\Windows\system\tAgrTlp.exe

Filesize
6.0MB

MD5
dd7db6dbaeedf7d6f9d6201a4d75479a

SHA1
2eeb03ac5a4805953b08873adf4ad8eea87ea552

SHA256
9d506b6cebbc8cce077376183dc49ae72d88fc3910a5ae62a3e87ad8c6c4ffa6

SHA512
654521e49e704dba086977527462604254504dbd8c664f7d9addb9a18d2450428daf87fc45d61a27cfecc44f91f754eee8be382026806f2a1d23e2071aa26df8

Download Submit
C:\Windows\system\tjBZRYA.exe

Filesize
6.0MB

MD5
b6bf70fa7f1863c96fbcbc32cc040442

SHA1
2e8a1c2f3f72b67535e5624e7dc92745dd25de1c

SHA256
6b18414ba7c0c4ad4da4bb39035d3ec9a345cfff17191cceb054348253e4ab28

SHA512
18915150bff1b413d8d4debc339b81b42e8ec6e6d29ea7d4edfda298eae5b0d513f4e10ad2c66eac3006fd2bd4efb13729e0c595c8ea01c0322976730e5c03e9

Download Submit
C:\Windows\system\viuHqSw.exe

Filesize
6.0MB

MD5
45afd567e5bed009896e9013b2e43eaa

SHA1
917d2e3c5757e24e1e3c1d6e139a5e8ff114abf3

SHA256
1063f49756294bb630ef956aae6c40820c4016f34f5b1693b07a5e1281527d02

SHA512
8bb13a65e24c3bd66ee18427276c0ea64e1c66c60763eb174b0bb738a295ac1f086a9949a9d09df54ad0d56c748457ae2631df7c0d1f65cf80888876a7ccba41

Download Submit
C:\Windows\system\wWYUByc.exe

Filesize
6.0MB

MD5
9b833100d0cbcf1941e2ddca450ad738

SHA1
1642929bb4eb984212da88b398abba6d57acd75c

SHA256
37528ed5e4ab55cd89010eacaeeb8fe1d46c1d45d60281b3eb7b967f15a02d5b

SHA512
0b2f023dcc2116b4736ed3480eecf79e745023f4ea436c55d2cb1c2ec8d495d4b6ae00cb450a538d6ae61770facb7efdd6efd522efb1234411a547f6370c5354

Download Submit
C:\Windows\system\wXxzGaB.exe

Filesize
8B

MD5
32a95f7b3aa4d8b8de6f6be4bc6843a3

SHA1
cd0c3f0e17dc8efe36f0413081315e0e23e74d30

SHA256
14c7ddf5e5236c36d77bb41c670cedaf6f5ec9855a2638559737bbb54cfe5ee1

SHA512
7072248cd9e91234d388ed60f5fa42ab64606a7ee59b7c79c0f1ab836cbb6011abf2214c7e60e558ab6879cec5ccee2b64003760ac03687a8a27115c500211b3

Download Submit
C:\Windows\system\wcdzDwh.exe

Filesize
6.0MB

MD5
05864885810b209ea7563a6d3b326294

SHA1
e4417936bed8d7af559b77209cbd8da8a32108d3

SHA256
bad415fe43a9f93313ef958e0ef288100c56be109edaa5c49d2a8611c8b9870b

SHA512
71954c7fbf1dc03b8be34200b63b20b1ed2213b73b044cc7101c589109b6916a92617b34bfecbd0e3bdbaf2853f85c6f8a91e51ef2901c9a3221856c8df47148

Download Submit
\Windows\system\PzjnfmB.exe

Filesize
6.0MB

MD5
322842ff4f45114915cac352d23dc958

SHA1
f4de6a41d5a336b5e0fbdd5fc11cb60e25c8e0ce

SHA256
db6b2735fdf4469ec74f7e39b3222fd94bfb6ee0471bb4058f4f63ca283aea75

SHA512
c0e313d9fd810d45405d746ebc9dee466d2f4c94950189f7a68f8f36f355773fd889c31a4339ddf60ec31e016df7ee247b04a2783da0bbd8f409e6633baf4098

Download Submit
\Windows\system\VrdaHzO.exe

Filesize
6.0MB

MD5
bb8e156189c125c64ef87430dc1a21eb

SHA1
e1421e8da7014c113727f0fc0d7754870fec04a8

SHA256
87f47a3a651a77c26e564979728de8762a2248f23ffc4a128838738604112efa

SHA512
0be84bcefe9460b11c9c7fc12616464d02b0b7c3876b2d213fa862a66b4a0121932e29dc92ab8d28e24819274aa2c3bd2b3d54878f5694f5f8518e924d7e160e

Download Submit
\Windows\system\YXeWwfk.exe

Filesize
6.0MB

MD5
8a3e56d4a600afa8b8d018371fad8bde

SHA1
cceb5b4db3675b456961268d3bb7589b5c8ff35b

SHA256
183434b103e2ebc6a72b2f422fc22f7ed923110fe813f7f9c91874a1dbc6e3ef

SHA512
5c273bbc107dc03d5c75de111cb08da2f6aad4979b222420c128012f10c126f1ef776b25f26756f74cdf6b87b480616d5b71af95541b61c2691a701241f40823

Download Submit
\Windows\system\jMrSdbc.exe

Filesize
6.0MB

MD5
92db97e76d45bcfcd374e3ffc00fbee0

SHA1
9bc77b4c5fed834226032a1bc648e30152ad93f1

SHA256
ea7b32505f7f66e3078370935ee3928ee1729a8233899b076475e6518fbb9d1b

SHA512
50b97d2d14da46dbf3bb4ef904bba40294f14002d09b712739468a0dd3958aae456a5bc53c72be5dfccb6bef57d79c1e4a4d0de142eec174bce1de9a3e4b9b89

Download Submit
\Windows\system\mqhoicg.exe

Filesize
6.0MB

MD5
dca860630cf917579a843a51c1235fbc

SHA1
3a78ce0e67a97624fade64da827b9bc4da3a7476

SHA256
02bb86d9163794d53ac1e4fabc8327e3648b3009e393835ad10dd7a0e0969052

SHA512
26605aea2ac0e5cd3a4556569177e70ddac48db0d74e324a742209f38e0219e034d528242fb8220afd4daaab2b3e7fd9d3c0310c7a1c477883ede7daf252019a

Download Submit
\Windows\system\mzoltwg.exe

Filesize
6.0MB

MD5
39566a6fb6dff5fbf6b3e15eb16d9ef8

SHA1
9d2d890b5f176bbe5ee0224a38e5f4efbfa9c1fe

SHA256
e3f06bb059a857b9b34d4780f55b94a7a3fd3c1bf46c6c1e1e94eeab5840e120

SHA512
2a0a82c584e4c712dc1f259c411002de9ec453057bdbdba48e1b7e27c6d13c4d26be5441252b54eac6d11005a14aac9d64f2fab2a1e626c8bf1b29fcfb5efd31

Download Submit
memory/1276-3536-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1276-100-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1276-60-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1860-113-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/1860-0-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-851-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/1860-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/1860-71-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-6-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-53-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1860-41-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-62-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/1860-37-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-27-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-112-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-25-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/1860-104-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/1860-33-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-653-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-12-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-96-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-95-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-16-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/1860-481-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1860-87-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1860-1093-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/1860-58-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-35-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/1968-79-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/1968-3520-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/1984-40-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/1984-3515-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2052-57-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2052-21-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2052-3518-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2260-47-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2260-82-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2260-3519-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2300-31-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2300-3529-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2300-74-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2332-54-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-90-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-3533-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-101-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-3540-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-755-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2504-3538-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2504-408-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2504-83-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2636-107-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2636-3537-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2636-65-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3541-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2668-953-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2668-108-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3532-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-221-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-75-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-560-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3539-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2804-91-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2936-70-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3528-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2936-29-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download