cobaltstrike | d74d253f3cb651e8228ed2516262a7dcd793f21d7787018b1c6e35cee586875e

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24/01/2025, 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

1bcce87ea601cc40627565a86d0bd429
SHA1

7b0e8e2a3e3dc30cd1f407938150f45106ef1f91
SHA256

d74d253f3cb651e8228ed2516262a7dcd793f21d7787018b1c6e35cee586875e
SHA512

14b636e4ece8f3c4ab0d198097900814d6c6a335d6d339926fb4482f422006f518edb170f398bae22e0d2648bf89d750d55c7400a2a0c0c2c583d6923f012093
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUw:T+q56utgpPF8u/7w

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a0000000120d6-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019261-8.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019299-19.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001927a-16.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000192a1-23.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019354-38.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001939f-43.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019647-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019a85-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b18-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c8f-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a077-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f62-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f77-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cc8-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d98-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c91-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c79-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b16-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197e4-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019650-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019543-99.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a8-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019535-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964f-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019645-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952e-85.dat	cobalt_reflective_dll
behavioral1/files/0x002e000000019203-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019520-67.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952b-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019518-58.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019358-47.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 60 IoCs

miner

resource	yara_rule
behavioral1/memory/2712-0-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x000a0000000120d6-6.dat	xmrig
behavioral1/files/0x0007000000019261-8.dat	xmrig
behavioral1/memory/2952-14-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2672-15-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x0006000000019299-19.dat	xmrig
behavioral1/files/0x000700000001927a-16.dat	xmrig
behavioral1/files/0x00060000000192a1-23.dat	xmrig
behavioral1/memory/2836-35-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2592-34-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x0006000000019354-38.dat	xmrig
behavioral1/files/0x000700000001939f-43.dat	xmrig
behavioral1/memory/2688-55-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2552-75-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/files/0x0005000000019647-121.dat	xmrig
behavioral1/files/0x0005000000019a85-135.dat	xmrig
behavioral1/files/0x0005000000019b18-145.dat	xmrig
behavioral1/files/0x0005000000019c8f-155.dat	xmrig
behavioral1/files/0x000500000001a077-185.dat	xmrig
behavioral1/memory/876-410-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2712-858-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2504-657-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2712-409-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/2032-208-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2712-207-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f62-175.dat	xmrig
behavioral1/files/0x0005000000019f77-180.dat	xmrig
behavioral1/files/0x0005000000019cc8-165.dat	xmrig
behavioral1/files/0x0005000000019d98-170.dat	xmrig
behavioral1/files/0x0005000000019c91-160.dat	xmrig
behavioral1/files/0x0005000000019c79-150.dat	xmrig
behavioral1/files/0x0005000000019b16-140.dat	xmrig
behavioral1/files/0x00050000000197e4-130.dat	xmrig
behavioral1/files/0x0005000000019650-126.dat	xmrig
behavioral1/files/0x0005000000019543-99.dat	xmrig
behavioral1/memory/536-98-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195a8-95.dat	xmrig
behavioral1/files/0x0005000000019535-88.dat	xmrig
behavioral1/memory/2504-80-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/files/0x000500000001964f-114.dat	xmrig
behavioral1/files/0x0005000000019645-104.dat	xmrig
behavioral1/memory/2712-103-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x000500000001952e-85.dat	xmrig
behavioral1/files/0x002e000000019203-78.dat	xmrig
behavioral1/memory/876-68-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x0005000000019520-67.dat	xmrig
behavioral1/files/0x000500000001952b-72.dat	xmrig
behavioral1/memory/2032-62-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2712-61-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2616-52-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2712-60-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x0005000000019518-58.dat	xmrig
behavioral1/memory/2572-48-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019358-47.dat	xmrig
behavioral1/memory/2684-33-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2684-3528-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2552-3539-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/536-3540-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/876-3543-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2504-3542-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2952	PfyKrPa.exe
2672	XinPwqB.exe
2836	SpSNgQW.exe
2684	QnSOIDR.exe
2592	aVFCxgg.exe
2572	kKuIDrG.exe
2616	hhSNiEF.exe
2688	AeohCKz.exe
2032	JJoYBZD.exe
876	UgSSctm.exe
2552	EzjVkOm.exe
2504	ksxTZow.exe
536	CtfQDjV.exe
1688	eXFCTfx.exe
1708	HnvCgUj.exe
2464	KhMggSO.exe
2260	gHGFFXh.exe
1732	UpPqZwm.exe
320	JsTQxMW.exe
1000	AWUMyIQ.exe
2236	yFlKyjB.exe
2316	dWpIyrM.exe
1980	ISdoDqD.exe
2352	RxBlmbd.exe
2112	FiGSKTd.exe
2028	yEApQCg.exe
376	IvSbjjA.exe
1320	rNyKxuG.exe
600	uMdYOBK.exe
1672	eTJFIXh.exe
2756	YPhBVBz.exe
892	LXpzRDm.exe
1556	FQUKQUu.exe
1564	Mtthedi.exe
2536	JUzVBaJ.exe
1132	lpdjMgN.exe
1292	zCDbWAG.exe
1640	HwALpoS.exe
2476	bIbEekk.exe
2364	PpBQzAd.exe
2980	gtSjQbs.exe
2744	oIkUNca.exe
1040	QBFbdzk.exe
2988	jfDyqCA.exe
1940	OfvAWNX.exe
2852	DdWTSKG.exe
888	lYZjLCU.exe
2932	qArsHso.exe
2812	YkvEQpM.exe
2892	AeRFEoR.exe
3004	VDyRPjz.exe
1928	AuOSzYI.exe
2652	AVDPDxr.exe
2924	VTYJMNG.exe
2360	QEsQiIY.exe
2736	QNzeFfa.exe
2600	skJHfSU.exe
2876	QyCkzLv.exe
1344	jlmMocU.exe
408	GJJqlnt.exe
2896	ykMxtPu.exe
1692	CrgeqgI.exe
1744	EnclDQy.exe
2664	bAicldb.exe

Loads dropped DLL 64 IoCs

pid	Process
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 54 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2712-0-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x000a0000000120d6-6.dat	upx
behavioral1/files/0x0007000000019261-8.dat	upx
behavioral1/memory/2952-14-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2672-15-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x0006000000019299-19.dat	upx
behavioral1/files/0x000700000001927a-16.dat	upx
behavioral1/files/0x00060000000192a1-23.dat	upx
behavioral1/memory/2836-35-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2592-34-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x0006000000019354-38.dat	upx
behavioral1/files/0x000700000001939f-43.dat	upx
behavioral1/memory/2688-55-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2552-75-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/files/0x0005000000019647-121.dat	upx
behavioral1/files/0x0005000000019a85-135.dat	upx
behavioral1/files/0x0005000000019b18-145.dat	upx
behavioral1/files/0x0005000000019c8f-155.dat	upx
behavioral1/files/0x000500000001a077-185.dat	upx
behavioral1/memory/876-410-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2504-657-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2032-208-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x0005000000019f62-175.dat	upx
behavioral1/files/0x0005000000019f77-180.dat	upx
behavioral1/files/0x0005000000019cc8-165.dat	upx
behavioral1/files/0x0005000000019d98-170.dat	upx
behavioral1/files/0x0005000000019c91-160.dat	upx
behavioral1/files/0x0005000000019c79-150.dat	upx
behavioral1/files/0x0005000000019b16-140.dat	upx
behavioral1/files/0x00050000000197e4-130.dat	upx
behavioral1/files/0x0005000000019650-126.dat	upx
behavioral1/files/0x0005000000019543-99.dat	upx
behavioral1/memory/536-98-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x00050000000195a8-95.dat	upx
behavioral1/files/0x0005000000019535-88.dat	upx
behavioral1/memory/2504-80-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/files/0x000500000001964f-114.dat	upx
behavioral1/files/0x0005000000019645-104.dat	upx
behavioral1/files/0x000500000001952e-85.dat	upx
behavioral1/files/0x002e000000019203-78.dat	upx
behavioral1/memory/876-68-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x0005000000019520-67.dat	upx
behavioral1/files/0x000500000001952b-72.dat	upx
behavioral1/memory/2032-62-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2616-52-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2712-60-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x0005000000019518-58.dat	upx
behavioral1/memory/2572-48-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x0006000000019358-47.dat	upx
behavioral1/memory/2684-33-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2552-3539-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/536-3540-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/876-3543-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2504-3542-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kXNvRjM.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fkrIPnp.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOBJmwF.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhOvHGm.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OxzeEit.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mSdmceE.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FQUKQUu.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BEaxRZc.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rYAOTDq.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSaXGYz.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IVCmJCi.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfGxBUq.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mvyEJWf.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GGBYqUv.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bBCzRGE.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BRFQLQN.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZQvGGVC.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RfFDCEh.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gPWJHJx.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzSAhUa.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRxuKgX.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jTpmUdD.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\awIbCep.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZoGgUby.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JsTQxMW.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UofdZUs.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uIFmsTY.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\elkaPtN.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xeRFWbM.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXKwuOG.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CsLXuBX.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QEsQiIY.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkvvrnX.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YEapdwD.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ImFQJuQ.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QwzqaIU.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ktzHwbP.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LoflsVy.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xgMhLLJ.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nwRNGNw.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wLYdcnx.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJesFDC.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jiQWJGL.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LQyUNpb.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OXQnMcr.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Clehept.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EnclDQy.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RbtNmqU.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mrEmJhL.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\glsUkND.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iWlXUbX.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OzfYWSx.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UQBNQwA.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EPPeDHY.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GGuVPik.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iRLNWvw.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CPboyrN.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KnLdtBD.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kTWuQLt.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iiSxhOY.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQdSfTy.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EvpTyUj.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NpsCScJ.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rRfmyhW.exe	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 2952	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2712 wrote to memory of 2952	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2712 wrote to memory of 2952	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2712 wrote to memory of 2672	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2712 wrote to memory of 2672	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2712 wrote to memory of 2672	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2712 wrote to memory of 2684	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2712 wrote to memory of 2684	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2712 wrote to memory of 2684	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2712 wrote to memory of 2836	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2712 wrote to memory of 2836	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2712 wrote to memory of 2836	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2712 wrote to memory of 2592	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2712 wrote to memory of 2592	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2712 wrote to memory of 2592	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2712 wrote to memory of 2572	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2712 wrote to memory of 2572	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2712 wrote to memory of 2572	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2712 wrote to memory of 2616	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2712 wrote to memory of 2616	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2712 wrote to memory of 2616	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2712 wrote to memory of 2688	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2712 wrote to memory of 2688	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2712 wrote to memory of 2688	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2712 wrote to memory of 2032	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2712 wrote to memory of 2032	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2712 wrote to memory of 2032	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2712 wrote to memory of 876	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2712 wrote to memory of 876	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2712 wrote to memory of 876	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2712 wrote to memory of 2552	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2712 wrote to memory of 2552	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2712 wrote to memory of 2552	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2712 wrote to memory of 2504	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2712 wrote to memory of 2504	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2712 wrote to memory of 2504	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2712 wrote to memory of 536	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2712 wrote to memory of 536	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2712 wrote to memory of 536	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2712 wrote to memory of 2260	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2712 wrote to memory of 2260	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2712 wrote to memory of 2260	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2712 wrote to memory of 1688	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2712 wrote to memory of 1688	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2712 wrote to memory of 1688	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2712 wrote to memory of 1732	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2712 wrote to memory of 1732	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2712 wrote to memory of 1732	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2712 wrote to memory of 1708	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2712 wrote to memory of 1708	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2712 wrote to memory of 1708	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2712 wrote to memory of 320	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2712 wrote to memory of 320	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2712 wrote to memory of 320	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2712 wrote to memory of 2464	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2712 wrote to memory of 2464	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2712 wrote to memory of 2464	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2712 wrote to memory of 1000	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2712 wrote to memory of 1000	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2712 wrote to memory of 1000	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2712 wrote to memory of 2236	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2712 wrote to memory of 2236	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2712 wrote to memory of 2236	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2712 wrote to memory of 2316	2712	2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-24_1bcce87ea601cc40627565a86d0bd429_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Windows\System\PfyKrPa.exe
  C:\Windows\System\PfyKrPa.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\XinPwqB.exe
  C:\Windows\System\XinPwqB.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\QnSOIDR.exe
  C:\Windows\System\QnSOIDR.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\SpSNgQW.exe
  C:\Windows\System\SpSNgQW.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\aVFCxgg.exe
  C:\Windows\System\aVFCxgg.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\kKuIDrG.exe
  C:\Windows\System\kKuIDrG.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\hhSNiEF.exe
  C:\Windows\System\hhSNiEF.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\AeohCKz.exe
  C:\Windows\System\AeohCKz.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\JJoYBZD.exe
  C:\Windows\System\JJoYBZD.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\UgSSctm.exe
  C:\Windows\System\UgSSctm.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\EzjVkOm.exe
  C:\Windows\System\EzjVkOm.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\ksxTZow.exe
  C:\Windows\System\ksxTZow.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\CtfQDjV.exe
  C:\Windows\System\CtfQDjV.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\gHGFFXh.exe
  C:\Windows\System\gHGFFXh.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\eXFCTfx.exe
  C:\Windows\System\eXFCTfx.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\UpPqZwm.exe
  C:\Windows\System\UpPqZwm.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\HnvCgUj.exe
  C:\Windows\System\HnvCgUj.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\JsTQxMW.exe
  C:\Windows\System\JsTQxMW.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\KhMggSO.exe
  C:\Windows\System\KhMggSO.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\AWUMyIQ.exe
  C:\Windows\System\AWUMyIQ.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\yFlKyjB.exe
  C:\Windows\System\yFlKyjB.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\dWpIyrM.exe
  C:\Windows\System\dWpIyrM.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\ISdoDqD.exe
  C:\Windows\System\ISdoDqD.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\RxBlmbd.exe
  C:\Windows\System\RxBlmbd.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\FiGSKTd.exe
  C:\Windows\System\FiGSKTd.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\yEApQCg.exe
  C:\Windows\System\yEApQCg.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\IvSbjjA.exe
  C:\Windows\System\IvSbjjA.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\rNyKxuG.exe
  C:\Windows\System\rNyKxuG.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\uMdYOBK.exe
  C:\Windows\System\uMdYOBK.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\eTJFIXh.exe
  C:\Windows\System\eTJFIXh.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\YPhBVBz.exe
  C:\Windows\System\YPhBVBz.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\LXpzRDm.exe
  C:\Windows\System\LXpzRDm.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\FQUKQUu.exe
  C:\Windows\System\FQUKQUu.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\Mtthedi.exe
  C:\Windows\System\Mtthedi.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\JUzVBaJ.exe
  C:\Windows\System\JUzVBaJ.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\zCDbWAG.exe
  C:\Windows\System\zCDbWAG.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\lpdjMgN.exe
  C:\Windows\System\lpdjMgN.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\HwALpoS.exe
  C:\Windows\System\HwALpoS.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\bIbEekk.exe
  C:\Windows\System\bIbEekk.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\oIkUNca.exe
  C:\Windows\System\oIkUNca.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\PpBQzAd.exe
  C:\Windows\System\PpBQzAd.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\jfDyqCA.exe
  C:\Windows\System\jfDyqCA.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\gtSjQbs.exe
  C:\Windows\System\gtSjQbs.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\DdWTSKG.exe
  C:\Windows\System\DdWTSKG.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\QBFbdzk.exe
  C:\Windows\System\QBFbdzk.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\VDyRPjz.exe
  C:\Windows\System\VDyRPjz.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\OfvAWNX.exe
  C:\Windows\System\OfvAWNX.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\AuOSzYI.exe
  C:\Windows\System\AuOSzYI.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\lYZjLCU.exe
  C:\Windows\System\lYZjLCU.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\AVDPDxr.exe
  C:\Windows\System\AVDPDxr.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\qArsHso.exe
  C:\Windows\System\qArsHso.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\VTYJMNG.exe
  C:\Windows\System\VTYJMNG.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\YkvEQpM.exe
  C:\Windows\System\YkvEQpM.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\QEsQiIY.exe
  C:\Windows\System\QEsQiIY.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\AeRFEoR.exe
  C:\Windows\System\AeRFEoR.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\QNzeFfa.exe
  C:\Windows\System\QNzeFfa.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\skJHfSU.exe
  C:\Windows\System\skJHfSU.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\QyCkzLv.exe
  C:\Windows\System\QyCkzLv.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\jlmMocU.exe
  C:\Windows\System\jlmMocU.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\GJJqlnt.exe
  C:\Windows\System\GJJqlnt.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\ykMxtPu.exe
  C:\Windows\System\ykMxtPu.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\CrgeqgI.exe
  C:\Windows\System\CrgeqgI.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\EnclDQy.exe
  C:\Windows\System\EnclDQy.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\bAicldb.exe
  C:\Windows\System\bAicldb.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\QVIGCbZ.exe
  C:\Windows\System\QVIGCbZ.exe
  2⤵
  PID:644
- C:\Windows\System\zkHexmR.exe
  C:\Windows\System\zkHexmR.exe
  2⤵
  PID:2608
- C:\Windows\System\cQTCZYg.exe
  C:\Windows\System\cQTCZYg.exe
  2⤵
  PID:1704
- C:\Windows\System\UXQyinV.exe
  C:\Windows\System\UXQyinV.exe
  2⤵
  PID:2440
- C:\Windows\System\AarShlE.exe
  C:\Windows\System\AarShlE.exe
  2⤵
  PID:2468
- C:\Windows\System\kXNvRjM.exe
  C:\Windows\System\kXNvRjM.exe
  2⤵
  PID:2396
- C:\Windows\System\NnqXLrt.exe
  C:\Windows\System\NnqXLrt.exe
  2⤵
  PID:1984
- C:\Windows\System\UkdJXCE.exe
  C:\Windows\System\UkdJXCE.exe
  2⤵
  PID:2296
- C:\Windows\System\rymPUUO.exe
  C:\Windows\System\rymPUUO.exe
  2⤵
  PID:960
- C:\Windows\System\BOvDLGP.exe
  C:\Windows\System\BOvDLGP.exe
  2⤵
  PID:2096
- C:\Windows\System\RaHfpIk.exe
  C:\Windows\System\RaHfpIk.exe
  2⤵
  PID:1236
- C:\Windows\System\CzhqMxV.exe
  C:\Windows\System\CzhqMxV.exe
  2⤵
  PID:340
- C:\Windows\System\sEqlpgW.exe
  C:\Windows\System\sEqlpgW.exe
  2⤵
  PID:1400
- C:\Windows\System\oBhFPOu.exe
  C:\Windows\System\oBhFPOu.exe
  2⤵
  PID:1360
- C:\Windows\System\xaPtaUv.exe
  C:\Windows\System\xaPtaUv.exe
  2⤵
  PID:2356
- C:\Windows\System\qTVKICj.exe
  C:\Windows\System\qTVKICj.exe
  2⤵
  PID:1788
- C:\Windows\System\JwIkiAi.exe
  C:\Windows\System\JwIkiAi.exe
  2⤵
  PID:2120
- C:\Windows\System\wSofeaS.exe
  C:\Windows\System\wSofeaS.exe
  2⤵
  PID:2920
- C:\Windows\System\eYECebI.exe
  C:\Windows\System\eYECebI.exe
  2⤵
  PID:2420
- C:\Windows\System\WDUxBwp.exe
  C:\Windows\System\WDUxBwp.exe
  2⤵
  PID:1604
- C:\Windows\System\dAdyceo.exe
  C:\Windows\System\dAdyceo.exe
  2⤵
  PID:1888
- C:\Windows\System\fkrIPnp.exe
  C:\Windows\System\fkrIPnp.exe
  2⤵
  PID:776
- C:\Windows\System\LvNZXGT.exe
  C:\Windows\System\LvNZXGT.exe
  2⤵
  PID:2488
- C:\Windows\System\DHqqyVH.exe
  C:\Windows\System\DHqqyVH.exe
  2⤵
  PID:2992
- C:\Windows\System\DyZYFjx.exe
  C:\Windows\System\DyZYFjx.exe
  2⤵
  PID:2848
- C:\Windows\System\yiyeEum.exe
  C:\Windows\System\yiyeEum.exe
  2⤵
  PID:2336
- C:\Windows\System\lQOKcMc.exe
  C:\Windows\System\lQOKcMc.exe
  2⤵
  PID:2656
- C:\Windows\System\LvbgcMA.exe
  C:\Windows\System\LvbgcMA.exe
  2⤵
  PID:2976
- C:\Windows\System\ymgCUED.exe
  C:\Windows\System\ymgCUED.exe
  2⤵
  PID:1948
- C:\Windows\System\VAowRzM.exe
  C:\Windows\System\VAowRzM.exe
  2⤵
  PID:2584
- C:\Windows\System\dQiSaqN.exe
  C:\Windows\System\dQiSaqN.exe
  2⤵
  PID:2540
- C:\Windows\System\vMRWiLT.exe
  C:\Windows\System\vMRWiLT.exe
  2⤵
  PID:1584
- C:\Windows\System\IMyXWyi.exe
  C:\Windows\System\IMyXWyi.exe
  2⤵
  PID:2060
- C:\Windows\System\EFzeLcI.exe
  C:\Windows\System\EFzeLcI.exe
  2⤵
  PID:1748
- C:\Windows\System\UXucfir.exe
  C:\Windows\System\UXucfir.exe
  2⤵
  PID:1956
- C:\Windows\System\bUyePwz.exe
  C:\Windows\System\bUyePwz.exe
  2⤵
  PID:2400
- C:\Windows\System\nJugiOp.exe
  C:\Windows\System\nJugiOp.exe
  2⤵
  PID:1896
- C:\Windows\System\FeYbXeB.exe
  C:\Windows\System\FeYbXeB.exe
  2⤵
  PID:784
- C:\Windows\System\PymNQPL.exe
  C:\Windows\System\PymNQPL.exe
  2⤵
  PID:1228
- C:\Windows\System\TkPbmri.exe
  C:\Windows\System\TkPbmri.exe
  2⤵
  PID:3084
- C:\Windows\System\uFCHLMI.exe
  C:\Windows\System\uFCHLMI.exe
  2⤵
  PID:3100
- C:\Windows\System\FNksQMK.exe
  C:\Windows\System\FNksQMK.exe
  2⤵
  PID:3116
- C:\Windows\System\rpJhzVz.exe
  C:\Windows\System\rpJhzVz.exe
  2⤵
  PID:3132
- C:\Windows\System\QQdSfTy.exe
  C:\Windows\System\QQdSfTy.exe
  2⤵
  PID:3148
- C:\Windows\System\euJacKf.exe
  C:\Windows\System\euJacKf.exe
  2⤵
  PID:3164
- C:\Windows\System\iNTMKNd.exe
  C:\Windows\System\iNTMKNd.exe
  2⤵
  PID:3180
- C:\Windows\System\AruxJLH.exe
  C:\Windows\System\AruxJLH.exe
  2⤵
  PID:3196
- C:\Windows\System\IdLmgEz.exe
  C:\Windows\System\IdLmgEz.exe
  2⤵
  PID:3212
- C:\Windows\System\VunDYYd.exe
  C:\Windows\System\VunDYYd.exe
  2⤵
  PID:3228
- C:\Windows\System\bNJosma.exe
  C:\Windows\System\bNJosma.exe
  2⤵
  PID:3244
- C:\Windows\System\qoteZhJ.exe
  C:\Windows\System\qoteZhJ.exe
  2⤵
  PID:3260
- C:\Windows\System\GNsgqvE.exe
  C:\Windows\System\GNsgqvE.exe
  2⤵
  PID:3276
- C:\Windows\System\UAjQERc.exe
  C:\Windows\System\UAjQERc.exe
  2⤵
  PID:3292
- C:\Windows\System\kfHCXWY.exe
  C:\Windows\System\kfHCXWY.exe
  2⤵
  PID:3308
- C:\Windows\System\fKsalsN.exe
  C:\Windows\System\fKsalsN.exe
  2⤵
  PID:3324
- C:\Windows\System\ZcNVaRq.exe
  C:\Windows\System\ZcNVaRq.exe
  2⤵
  PID:3340
- C:\Windows\System\aYOsnTM.exe
  C:\Windows\System\aYOsnTM.exe
  2⤵
  PID:3356
- C:\Windows\System\JJkbGUi.exe
  C:\Windows\System\JJkbGUi.exe
  2⤵
  PID:3372
- C:\Windows\System\JKSwoWd.exe
  C:\Windows\System\JKSwoWd.exe
  2⤵
  PID:3388
- C:\Windows\System\fmAkuyP.exe
  C:\Windows\System\fmAkuyP.exe
  2⤵
  PID:3404
- C:\Windows\System\CZAhHxu.exe
  C:\Windows\System\CZAhHxu.exe
  2⤵
  PID:3420
- C:\Windows\System\VfGxBUq.exe
  C:\Windows\System\VfGxBUq.exe
  2⤵
  PID:3436
- C:\Windows\System\gtyjAiy.exe
  C:\Windows\System\gtyjAiy.exe
  2⤵
  PID:3452
- C:\Windows\System\UeWvAOx.exe
  C:\Windows\System\UeWvAOx.exe
  2⤵
  PID:3468
- C:\Windows\System\drjZbrX.exe
  C:\Windows\System\drjZbrX.exe
  2⤵
  PID:3484
- C:\Windows\System\blDSzrb.exe
  C:\Windows\System\blDSzrb.exe
  2⤵
  PID:3500
- C:\Windows\System\aAoUvHO.exe
  C:\Windows\System\aAoUvHO.exe
  2⤵
  PID:3516
- C:\Windows\System\zCHCSpn.exe
  C:\Windows\System\zCHCSpn.exe
  2⤵
  PID:3532
- C:\Windows\System\QOnopgt.exe
  C:\Windows\System\QOnopgt.exe
  2⤵
  PID:3548
- C:\Windows\System\ECFEHbx.exe
  C:\Windows\System\ECFEHbx.exe
  2⤵
  PID:3572
- C:\Windows\System\BYncShD.exe
  C:\Windows\System\BYncShD.exe
  2⤵
  PID:3588
- C:\Windows\System\WximhYm.exe
  C:\Windows\System\WximhYm.exe
  2⤵
  PID:3604
- C:\Windows\System\SmOUlwl.exe
  C:\Windows\System\SmOUlwl.exe
  2⤵
  PID:3620
- C:\Windows\System\kPctgct.exe
  C:\Windows\System\kPctgct.exe
  2⤵
  PID:3636
- C:\Windows\System\KmaivHM.exe
  C:\Windows\System\KmaivHM.exe
  2⤵
  PID:3656
- C:\Windows\System\ksClyXS.exe
  C:\Windows\System\ksClyXS.exe
  2⤵
  PID:3672
- C:\Windows\System\FbcHBqk.exe
  C:\Windows\System\FbcHBqk.exe
  2⤵
  PID:3688
- C:\Windows\System\JqpEzdr.exe
  C:\Windows\System\JqpEzdr.exe
  2⤵
  PID:3704
- C:\Windows\System\pfGPjAM.exe
  C:\Windows\System\pfGPjAM.exe
  2⤵
  PID:3720
- C:\Windows\System\EyVKkjC.exe
  C:\Windows\System\EyVKkjC.exe
  2⤵
  PID:3736
- C:\Windows\System\RiqIKEQ.exe
  C:\Windows\System\RiqIKEQ.exe
  2⤵
  PID:3752
- C:\Windows\System\qgvvLCo.exe
  C:\Windows\System\qgvvLCo.exe
  2⤵
  PID:3768
- C:\Windows\System\uyyONXo.exe
  C:\Windows\System\uyyONXo.exe
  2⤵
  PID:3784
- C:\Windows\System\tOBJmwF.exe
  C:\Windows\System\tOBJmwF.exe
  2⤵
  PID:3800
- C:\Windows\System\eAVXzCN.exe
  C:\Windows\System\eAVXzCN.exe
  2⤵
  PID:3816
- C:\Windows\System\tkvvrnX.exe
  C:\Windows\System\tkvvrnX.exe
  2⤵
  PID:3832
- C:\Windows\System\SCOEClu.exe
  C:\Windows\System\SCOEClu.exe
  2⤵
  PID:3848
- C:\Windows\System\sxnbPGO.exe
  C:\Windows\System\sxnbPGO.exe
  2⤵
  PID:3864
- C:\Windows\System\FgpkGwB.exe
  C:\Windows\System\FgpkGwB.exe
  2⤵
  PID:3880
- C:\Windows\System\dBbNEcp.exe
  C:\Windows\System\dBbNEcp.exe
  2⤵
  PID:3896
- C:\Windows\System\xAeqave.exe
  C:\Windows\System\xAeqave.exe
  2⤵
  PID:3912
- C:\Windows\System\wuhdGnl.exe
  C:\Windows\System\wuhdGnl.exe
  2⤵
  PID:3928
- C:\Windows\System\uZlNCBa.exe
  C:\Windows\System\uZlNCBa.exe
  2⤵
  PID:3944
- C:\Windows\System\SfZulnm.exe
  C:\Windows\System\SfZulnm.exe
  2⤵
  PID:3960
- C:\Windows\System\vmJJCKS.exe
  C:\Windows\System\vmJJCKS.exe
  2⤵
  PID:3976
- C:\Windows\System\aqZmnNu.exe
  C:\Windows\System\aqZmnNu.exe
  2⤵
  PID:3992
- C:\Windows\System\rOKcjEO.exe
  C:\Windows\System\rOKcjEO.exe
  2⤵
  PID:4008
- C:\Windows\System\flVZyMs.exe
  C:\Windows\System\flVZyMs.exe
  2⤵
  PID:4024
- C:\Windows\System\eVNIpME.exe
  C:\Windows\System\eVNIpME.exe
  2⤵
  PID:4040
- C:\Windows\System\sgnkjRD.exe
  C:\Windows\System\sgnkjRD.exe
  2⤵
  PID:4056
- C:\Windows\System\hqfXtyX.exe
  C:\Windows\System\hqfXtyX.exe
  2⤵
  PID:4072
- C:\Windows\System\UWxWwcE.exe
  C:\Windows\System\UWxWwcE.exe
  2⤵
  PID:4088
- C:\Windows\System\bVaKRWu.exe
  C:\Windows\System\bVaKRWu.exe
  2⤵
  PID:1308
- C:\Windows\System\UcpmUcs.exe
  C:\Windows\System\UcpmUcs.exe
  2⤵
  PID:1068
- C:\Windows\System\NwpIaMj.exe
  C:\Windows\System\NwpIaMj.exe
  2⤵
  PID:2324
- C:\Windows\System\mWAuTjF.exe
  C:\Windows\System\mWAuTjF.exe
  2⤵
  PID:1608
- C:\Windows\System\lhYpjqP.exe
  C:\Windows\System\lhYpjqP.exe
  2⤵
  PID:2140
- C:\Windows\System\rElkGRH.exe
  C:\Windows\System\rElkGRH.exe
  2⤵
  PID:2692
- C:\Windows\System\GjBvYAV.exe
  C:\Windows\System\GjBvYAV.exe
  2⤵
  PID:2612
- C:\Windows\System\XEubLcq.exe
  C:\Windows\System\XEubLcq.exe
  2⤵
  PID:900
- C:\Windows\System\KVnkBmK.exe
  C:\Windows\System\KVnkBmK.exe
  2⤵
  PID:2124
- C:\Windows\System\jUMfGxX.exe
  C:\Windows\System\jUMfGxX.exe
  2⤵
  PID:2220
- C:\Windows\System\LqONIGR.exe
  C:\Windows\System\LqONIGR.exe
  2⤵
  PID:2312
- C:\Windows\System\wRvXuFr.exe
  C:\Windows\System\wRvXuFr.exe
  2⤵
  PID:2000
- C:\Windows\System\ZNVANUc.exe
  C:\Windows\System\ZNVANUc.exe
  2⤵
  PID:1520
- C:\Windows\System\bBSGmiL.exe
  C:\Windows\System\bBSGmiL.exe
  2⤵
  PID:3108
- C:\Windows\System\DneuhWJ.exe
  C:\Windows\System\DneuhWJ.exe
  2⤵
  PID:3140
- C:\Windows\System\lNEviIr.exe
  C:\Windows\System\lNEviIr.exe
  2⤵
  PID:3176
- C:\Windows\System\fkIFCPE.exe
  C:\Windows\System\fkIFCPE.exe
  2⤵
  PID:3188
- C:\Windows\System\xEAtjdU.exe
  C:\Windows\System\xEAtjdU.exe
  2⤵
  PID:3236
- C:\Windows\System\wddcdMw.exe
  C:\Windows\System\wddcdMw.exe
  2⤵
  PID:3252
- C:\Windows\System\CfpmInL.exe
  C:\Windows\System\CfpmInL.exe
  2⤵
  PID:3284
- C:\Windows\System\zTGhcrb.exe
  C:\Windows\System\zTGhcrb.exe
  2⤵
  PID:3316
- C:\Windows\System\gdZERkI.exe
  C:\Windows\System\gdZERkI.exe
  2⤵
  PID:3364
- C:\Windows\System\xGoGetg.exe
  C:\Windows\System\xGoGetg.exe
  2⤵
  PID:3380
- C:\Windows\System\KBdyywb.exe
  C:\Windows\System\KBdyywb.exe
  2⤵
  PID:3412
- C:\Windows\System\ksCoTlx.exe
  C:\Windows\System\ksCoTlx.exe
  2⤵
  PID:3444
- C:\Windows\System\ZwOjkVB.exe
  C:\Windows\System\ZwOjkVB.exe
  2⤵
  PID:3476
- C:\Windows\System\naArDXZ.exe
  C:\Windows\System\naArDXZ.exe
  2⤵
  PID:3508
- C:\Windows\System\JPSDSKK.exe
  C:\Windows\System\JPSDSKK.exe
  2⤵
  PID:3540
- C:\Windows\System\QdRrZMF.exe
  C:\Windows\System\QdRrZMF.exe
  2⤵
  PID:3580
- C:\Windows\System\rTFKtHm.exe
  C:\Windows\System\rTFKtHm.exe
  2⤵
  PID:3612
- C:\Windows\System\uTgEaBg.exe
  C:\Windows\System\uTgEaBg.exe
  2⤵
  PID:3644
- C:\Windows\System\hjIZavi.exe
  C:\Windows\System\hjIZavi.exe
  2⤵
  PID:3696
- C:\Windows\System\NmCcsMi.exe
  C:\Windows\System\NmCcsMi.exe
  2⤵
  PID:3728
- C:\Windows\System\SjOQfIX.exe
  C:\Windows\System\SjOQfIX.exe
  2⤵
  PID:3760
- C:\Windows\System\asLJKgM.exe
  C:\Windows\System\asLJKgM.exe
  2⤵
  PID:3792
- C:\Windows\System\yNEnBhZ.exe
  C:\Windows\System\yNEnBhZ.exe
  2⤵
  PID:3824
- C:\Windows\System\EyVyVlp.exe
  C:\Windows\System\EyVyVlp.exe
  2⤵
  PID:3856
- C:\Windows\System\uYqybxW.exe
  C:\Windows\System\uYqybxW.exe
  2⤵
  PID:3872
- C:\Windows\System\oqCPRTx.exe
  C:\Windows\System\oqCPRTx.exe
  2⤵
  PID:3904
- C:\Windows\System\bgXvCQw.exe
  C:\Windows\System\bgXvCQw.exe
  2⤵
  PID:3876
- C:\Windows\System\yWXgfIR.exe
  C:\Windows\System\yWXgfIR.exe
  2⤵
  PID:3968
- C:\Windows\System\UJecgKf.exe
  C:\Windows\System\UJecgKf.exe
  2⤵
  PID:4000
- C:\Windows\System\dzSAhUa.exe
  C:\Windows\System\dzSAhUa.exe
  2⤵
  PID:4048
- C:\Windows\System\CGfsxUv.exe
  C:\Windows\System\CGfsxUv.exe
  2⤵
  PID:4080
- C:\Windows\System\QBNXNoR.exe
  C:\Windows\System\QBNXNoR.exe
  2⤵
  PID:2328
- C:\Windows\System\sDAlKpJ.exe
  C:\Windows\System\sDAlKpJ.exe
  2⤵
  PID:3000
- C:\Windows\System\rnISSNb.exe
  C:\Windows\System\rnISSNb.exe
  2⤵
  PID:1628
- C:\Windows\System\kHxCpDA.exe
  C:\Windows\System\kHxCpDA.exe
  2⤵
  PID:1724
- C:\Windows\System\ejaHkhi.exe
  C:\Windows\System\ejaHkhi.exe
  2⤵
  PID:3052
- C:\Windows\System\nijKxpO.exe
  C:\Windows\System\nijKxpO.exe
  2⤵
  PID:1332
- C:\Windows\System\ItakWtF.exe
  C:\Windows\System\ItakWtF.exe
  2⤵
  PID:928
- C:\Windows\System\jEwqmAX.exe
  C:\Windows\System\jEwqmAX.exe
  2⤵
  PID:3092
- C:\Windows\System\zJGUdwI.exe
  C:\Windows\System\zJGUdwI.exe
  2⤵
  PID:3208
- C:\Windows\System\KMkReuX.exe
  C:\Windows\System\KMkReuX.exe
  2⤵
  PID:3224
- C:\Windows\System\AcnUNYb.exe
  C:\Windows\System\AcnUNYb.exe
  2⤵
  PID:3320
- C:\Windows\System\GEjDDDz.exe
  C:\Windows\System\GEjDDDz.exe
  2⤵
  PID:3400
- C:\Windows\System\mvyEJWf.exe
  C:\Windows\System\mvyEJWf.exe
  2⤵
  PID:3428
- C:\Windows\System\kAkLKCu.exe
  C:\Windows\System\kAkLKCu.exe
  2⤵
  PID:3512
- C:\Windows\System\bacUqGm.exe
  C:\Windows\System\bacUqGm.exe
  2⤵
  PID:3600
- C:\Windows\System\AJesFDC.exe
  C:\Windows\System\AJesFDC.exe
  2⤵
  PID:3616
- C:\Windows\System\LoflsVy.exe
  C:\Windows\System\LoflsVy.exe
  2⤵
  PID:3712
- C:\Windows\System\yTBhhJD.exe
  C:\Windows\System\yTBhhJD.exe
  2⤵
  PID:3684
- C:\Windows\System\JLPbBtr.exe
  C:\Windows\System\JLPbBtr.exe
  2⤵
  PID:3840
- C:\Windows\System\PcMwnqX.exe
  C:\Windows\System\PcMwnqX.exe
  2⤵
  PID:3920
- C:\Windows\System\UXbmgYk.exe
  C:\Windows\System\UXbmgYk.exe
  2⤵
  PID:4016
- C:\Windows\System\IzofLoX.exe
  C:\Windows\System\IzofLoX.exe
  2⤵
  PID:4064
- C:\Windows\System\dFtQIYJ.exe
  C:\Windows\System\dFtQIYJ.exe
  2⤵
  PID:1916
- C:\Windows\System\FcUZaFC.exe
  C:\Windows\System\FcUZaFC.exe
  2⤵
  PID:4108
- C:\Windows\System\tlbZUUC.exe
  C:\Windows\System\tlbZUUC.exe
  2⤵
  PID:4124
- C:\Windows\System\KLjRwzP.exe
  C:\Windows\System\KLjRwzP.exe
  2⤵
  PID:4140
- C:\Windows\System\UQBNQwA.exe
  C:\Windows\System\UQBNQwA.exe
  2⤵
  PID:4156
- C:\Windows\System\ZabQnvG.exe
  C:\Windows\System\ZabQnvG.exe
  2⤵
  PID:4172
- C:\Windows\System\MJVqJwh.exe
  C:\Windows\System\MJVqJwh.exe
  2⤵
  PID:4188
- C:\Windows\System\YDMhxBI.exe
  C:\Windows\System\YDMhxBI.exe
  2⤵
  PID:4204
- C:\Windows\System\NvnuWEA.exe
  C:\Windows\System\NvnuWEA.exe
  2⤵
  PID:4220
- C:\Windows\System\URAToeV.exe
  C:\Windows\System\URAToeV.exe
  2⤵
  PID:4236
- C:\Windows\System\WimLZwY.exe
  C:\Windows\System\WimLZwY.exe
  2⤵
  PID:4252
- C:\Windows\System\JvSiZMB.exe
  C:\Windows\System\JvSiZMB.exe
  2⤵
  PID:4268
- C:\Windows\System\NDqpqeU.exe
  C:\Windows\System\NDqpqeU.exe
  2⤵
  PID:4284
- C:\Windows\System\uUSXAjd.exe
  C:\Windows\System\uUSXAjd.exe
  2⤵
  PID:4300
- C:\Windows\System\PgqQdrv.exe
  C:\Windows\System\PgqQdrv.exe
  2⤵
  PID:4316
- C:\Windows\System\jgaatLM.exe
  C:\Windows\System\jgaatLM.exe
  2⤵
  PID:4332
- C:\Windows\System\HcFrDVP.exe
  C:\Windows\System\HcFrDVP.exe
  2⤵
  PID:4348
- C:\Windows\System\oSqToEB.exe
  C:\Windows\System\oSqToEB.exe
  2⤵
  PID:4364
- C:\Windows\System\vkGDIRH.exe
  C:\Windows\System\vkGDIRH.exe
  2⤵
  PID:4380
- C:\Windows\System\qifQOHR.exe
  C:\Windows\System\qifQOHR.exe
  2⤵
  PID:4396
- C:\Windows\System\yjbEVDP.exe
  C:\Windows\System\yjbEVDP.exe
  2⤵
  PID:4412
- C:\Windows\System\niKTOUp.exe
  C:\Windows\System\niKTOUp.exe
  2⤵
  PID:4428
- C:\Windows\System\FeYIxHM.exe
  C:\Windows\System\FeYIxHM.exe
  2⤵
  PID:4444
- C:\Windows\System\IGtRpTq.exe
  C:\Windows\System\IGtRpTq.exe
  2⤵
  PID:4460
- C:\Windows\System\NvWtSwK.exe
  C:\Windows\System\NvWtSwK.exe
  2⤵
  PID:4480
- C:\Windows\System\xyptBUm.exe
  C:\Windows\System\xyptBUm.exe
  2⤵
  PID:4496
- C:\Windows\System\YydGYLC.exe
  C:\Windows\System\YydGYLC.exe
  2⤵
  PID:4512
- C:\Windows\System\vXEVjWX.exe
  C:\Windows\System\vXEVjWX.exe
  2⤵
  PID:4528
- C:\Windows\System\YUUEcpE.exe
  C:\Windows\System\YUUEcpE.exe
  2⤵
  PID:4544
- C:\Windows\System\Cqwgtof.exe
  C:\Windows\System\Cqwgtof.exe
  2⤵
  PID:4560
- C:\Windows\System\vjiPdjc.exe
  C:\Windows\System\vjiPdjc.exe
  2⤵
  PID:4576
- C:\Windows\System\pBOkmzx.exe
  C:\Windows\System\pBOkmzx.exe
  2⤵
  PID:4592
- C:\Windows\System\afSlUom.exe
  C:\Windows\System\afSlUom.exe
  2⤵
  PID:4608
- C:\Windows\System\LbgrunP.exe
  C:\Windows\System\LbgrunP.exe
  2⤵
  PID:4624
- C:\Windows\System\SyrnMZM.exe
  C:\Windows\System\SyrnMZM.exe
  2⤵
  PID:4640
- C:\Windows\System\qFeLmXu.exe
  C:\Windows\System\qFeLmXu.exe
  2⤵
  PID:4656
- C:\Windows\System\qlHvVWW.exe
  C:\Windows\System\qlHvVWW.exe
  2⤵
  PID:4672
- C:\Windows\System\pteITnY.exe
  C:\Windows\System\pteITnY.exe
  2⤵
  PID:4688
- C:\Windows\System\LbOAWRC.exe
  C:\Windows\System\LbOAWRC.exe
  2⤵
  PID:4704
- C:\Windows\System\DouTtba.exe
  C:\Windows\System\DouTtba.exe
  2⤵
  PID:4720
- C:\Windows\System\RisnKRf.exe
  C:\Windows\System\RisnKRf.exe
  2⤵
  PID:4736
- C:\Windows\System\louPLcQ.exe
  C:\Windows\System\louPLcQ.exe
  2⤵
  PID:4752
- C:\Windows\System\UofdZUs.exe
  C:\Windows\System\UofdZUs.exe
  2⤵
  PID:4768
- C:\Windows\System\xaUXMlJ.exe
  C:\Windows\System\xaUXMlJ.exe
  2⤵
  PID:4784
- C:\Windows\System\dzDxWay.exe
  C:\Windows\System\dzDxWay.exe
  2⤵
  PID:4800
- C:\Windows\System\AMEbynI.exe
  C:\Windows\System\AMEbynI.exe
  2⤵
  PID:4816
- C:\Windows\System\KqGSQNZ.exe
  C:\Windows\System\KqGSQNZ.exe
  2⤵
  PID:4832
- C:\Windows\System\VMDCrGF.exe
  C:\Windows\System\VMDCrGF.exe
  2⤵
  PID:4848
- C:\Windows\System\fbaKAuM.exe
  C:\Windows\System\fbaKAuM.exe
  2⤵
  PID:4864
- C:\Windows\System\DDRDDWu.exe
  C:\Windows\System\DDRDDWu.exe
  2⤵
  PID:4880
- C:\Windows\System\cyxGsYx.exe
  C:\Windows\System\cyxGsYx.exe
  2⤵
  PID:4896
- C:\Windows\System\BEaxRZc.exe
  C:\Windows\System\BEaxRZc.exe
  2⤵
  PID:4912
- C:\Windows\System\cHIFxuV.exe
  C:\Windows\System\cHIFxuV.exe
  2⤵
  PID:4932
- C:\Windows\System\wfvvBHM.exe
  C:\Windows\System\wfvvBHM.exe
  2⤵
  PID:4948
- C:\Windows\System\JiweGHA.exe
  C:\Windows\System\JiweGHA.exe
  2⤵
  PID:4964
- C:\Windows\System\NaDxlwE.exe
  C:\Windows\System\NaDxlwE.exe
  2⤵
  PID:4980
- C:\Windows\System\MxrHAcq.exe
  C:\Windows\System\MxrHAcq.exe
  2⤵
  PID:4996
- C:\Windows\System\UlXBoTa.exe
  C:\Windows\System\UlXBoTa.exe
  2⤵
  PID:5012
- C:\Windows\System\WLhfrfF.exe
  C:\Windows\System\WLhfrfF.exe
  2⤵
  PID:5028
- C:\Windows\System\sbVRKeT.exe
  C:\Windows\System\sbVRKeT.exe
  2⤵
  PID:5044
- C:\Windows\System\nLTrRRs.exe
  C:\Windows\System\nLTrRRs.exe
  2⤵
  PID:5060
- C:\Windows\System\LchxgEp.exe
  C:\Windows\System\LchxgEp.exe
  2⤵
  PID:5076
- C:\Windows\System\NvHYeLp.exe
  C:\Windows\System\NvHYeLp.exe
  2⤵
  PID:5092
- C:\Windows\System\mDBNGNo.exe
  C:\Windows\System\mDBNGNo.exe
  2⤵
  PID:5108
- C:\Windows\System\Nkaswwf.exe
  C:\Windows\System\Nkaswwf.exe
  2⤵
  PID:1680
- C:\Windows\System\nmQuiwo.exe
  C:\Windows\System\nmQuiwo.exe
  2⤵
  PID:2788
- C:\Windows\System\gNNLNBC.exe
  C:\Windows\System\gNNLNBC.exe
  2⤵
  PID:3160
- C:\Windows\System\KnLdtBD.exe
  C:\Windows\System\KnLdtBD.exe
  2⤵
  PID:2520
- C:\Windows\System\FdAVhiw.exe
  C:\Windows\System\FdAVhiw.exe
  2⤵
  PID:3192
- C:\Windows\System\cSxNGOe.exe
  C:\Windows\System\cSxNGOe.exe
  2⤵
  PID:3448
- C:\Windows\System\YDYkSDs.exe
  C:\Windows\System\YDYkSDs.exe
  2⤵
  PID:3560
- C:\Windows\System\kyIpYbv.exe
  C:\Windows\System\kyIpYbv.exe
  2⤵
  PID:3680
- C:\Windows\System\ITWPubw.exe
  C:\Windows\System\ITWPubw.exe
  2⤵
  PID:3828
- C:\Windows\System\CFZIzqJ.exe
  C:\Windows\System\CFZIzqJ.exe
  2⤵
  PID:3812
- C:\Windows\System\iKZkZXi.exe
  C:\Windows\System\iKZkZXi.exe
  2⤵
  PID:4100
- C:\Windows\System\vbXyrTO.exe
  C:\Windows\System\vbXyrTO.exe
  2⤵
  PID:2804
- C:\Windows\System\ZTYNBoV.exe
  C:\Windows\System\ZTYNBoV.exe
  2⤵
  PID:4116
- C:\Windows\System\cOTKcBM.exe
  C:\Windows\System\cOTKcBM.exe
  2⤵
  PID:4152
- C:\Windows\System\YuCFWji.exe
  C:\Windows\System\YuCFWji.exe
  2⤵
  PID:4180
- C:\Windows\System\xgMhLLJ.exe
  C:\Windows\System\xgMhLLJ.exe
  2⤵
  PID:4264
- C:\Windows\System\vCDRaaO.exe
  C:\Windows\System\vCDRaaO.exe
  2⤵
  PID:4292
- C:\Windows\System\KhehwwF.exe
  C:\Windows\System\KhehwwF.exe
  2⤵
  PID:4328
- C:\Windows\System\xRxOmBY.exe
  C:\Windows\System\xRxOmBY.exe
  2⤵
  PID:4280
- C:\Windows\System\dxgbmCu.exe
  C:\Windows\System\dxgbmCu.exe
  2⤵
  PID:4340
- C:\Windows\System\iUuAtgQ.exe
  C:\Windows\System\iUuAtgQ.exe
  2⤵
  PID:4344
- C:\Windows\System\dcVOgsC.exe
  C:\Windows\System\dcVOgsC.exe
  2⤵
  PID:4452
- C:\Windows\System\KOLoGSa.exe
  C:\Windows\System\KOLoGSa.exe
  2⤵
  PID:4436
- C:\Windows\System\mYckyys.exe
  C:\Windows\System\mYckyys.exe
  2⤵
  PID:4468
- C:\Windows\System\cnaxwIQ.exe
  C:\Windows\System\cnaxwIQ.exe
  2⤵
  PID:4552
- C:\Windows\System\AswsRUp.exe
  C:\Windows\System\AswsRUp.exe
  2⤵
  PID:4584
- C:\Windows\System\CrNfEko.exe
  C:\Windows\System\CrNfEko.exe
  2⤵
  PID:4620
- C:\Windows\System\jcESbBx.exe
  C:\Windows\System\jcESbBx.exe
  2⤵
  PID:4652
- C:\Windows\System\LxcdCea.exe
  C:\Windows\System\LxcdCea.exe
  2⤵
  PID:4572
- C:\Windows\System\EvpTyUj.exe
  C:\Windows\System\EvpTyUj.exe
  2⤵
  PID:2716
- C:\Windows\System\YSgWoOp.exe
  C:\Windows\System\YSgWoOp.exe
  2⤵
  PID:4780
- C:\Windows\System\vzikyPQ.exe
  C:\Windows\System\vzikyPQ.exe
  2⤵
  PID:2808
- C:\Windows\System\nVGMOYk.exe
  C:\Windows\System\nVGMOYk.exe
  2⤵
  PID:4844
- C:\Windows\System\qVskFQq.exe
  C:\Windows\System\qVskFQq.exe
  2⤵
  PID:4904
- C:\Windows\System\OGNJXrt.exe
  C:\Windows\System\OGNJXrt.exe
  2⤵
  PID:4972
- C:\Windows\System\GpZDwRa.exe
  C:\Windows\System\GpZDwRa.exe
  2⤵
  PID:5036
- C:\Windows\System\qsAdavy.exe
  C:\Windows\System\qsAdavy.exe
  2⤵
  PID:4664
- C:\Windows\System\wIvRjSg.exe
  C:\Windows\System\wIvRjSg.exe
  2⤵
  PID:5104
- C:\Windows\System\cqzjjyu.exe
  C:\Windows\System\cqzjjyu.exe
  2⤵
  PID:2272
- C:\Windows\System\wUiDumO.exe
  C:\Windows\System\wUiDumO.exe
  2⤵
  PID:4728
- C:\Windows\System\WTchmZN.exe
  C:\Windows\System\WTchmZN.exe
  2⤵
  PID:2828
- C:\Windows\System\fiVGiyn.exe
  C:\Windows\System\fiVGiyn.exe
  2⤵
  PID:3940
- C:\Windows\System\EqRkOmV.exe
  C:\Windows\System\EqRkOmV.exe
  2⤵
  PID:4168
- C:\Windows\System\FXaAdmg.exe
  C:\Windows\System\FXaAdmg.exe
  2⤵
  PID:4296
- C:\Windows\System\DDiiCpY.exe
  C:\Windows\System\DDiiCpY.exe
  2⤵
  PID:4520
- C:\Windows\System\YXpoWcY.exe
  C:\Windows\System\YXpoWcY.exe
  2⤵
  PID:4648
- C:\Windows\System\nPlbfZb.exe
  C:\Windows\System\nPlbfZb.exe
  2⤵
  PID:5136
- C:\Windows\System\iyjnGZx.exe
  C:\Windows\System\iyjnGZx.exe
  2⤵
  PID:5152
- C:\Windows\System\HsqcRoT.exe
  C:\Windows\System\HsqcRoT.exe
  2⤵
  PID:5168
- C:\Windows\System\aaqhSWz.exe
  C:\Windows\System\aaqhSWz.exe
  2⤵
  PID:5184
- C:\Windows\System\gIwyLhr.exe
  C:\Windows\System\gIwyLhr.exe
  2⤵
  PID:5200
- C:\Windows\System\czlcakE.exe
  C:\Windows\System\czlcakE.exe
  2⤵
  PID:5216
- C:\Windows\System\bSlTllx.exe
  C:\Windows\System\bSlTllx.exe
  2⤵
  PID:5232
- C:\Windows\System\KcEOILd.exe
  C:\Windows\System\KcEOILd.exe
  2⤵
  PID:5248
- C:\Windows\System\RCcauYc.exe
  C:\Windows\System\RCcauYc.exe
  2⤵
  PID:5264
- C:\Windows\System\AlqhYhj.exe
  C:\Windows\System\AlqhYhj.exe
  2⤵
  PID:5280
- C:\Windows\System\VZIURPV.exe
  C:\Windows\System\VZIURPV.exe
  2⤵
  PID:5300
- C:\Windows\System\idAGsiD.exe
  C:\Windows\System\idAGsiD.exe
  2⤵
  PID:5316
- C:\Windows\System\UGvvzvW.exe
  C:\Windows\System\UGvvzvW.exe
  2⤵
  PID:5332
- C:\Windows\System\XWeMKLy.exe
  C:\Windows\System\XWeMKLy.exe
  2⤵
  PID:5388
- C:\Windows\System\YEapdwD.exe
  C:\Windows\System\YEapdwD.exe
  2⤵
  PID:5404
- C:\Windows\System\zPgOxPn.exe
  C:\Windows\System\zPgOxPn.exe
  2⤵
  PID:5420
- C:\Windows\System\YZjCuaf.exe
  C:\Windows\System\YZjCuaf.exe
  2⤵
  PID:5436
- C:\Windows\System\wfnFmRq.exe
  C:\Windows\System\wfnFmRq.exe
  2⤵
  PID:5452
- C:\Windows\System\yFyivMp.exe
  C:\Windows\System\yFyivMp.exe
  2⤵
  PID:5468
- C:\Windows\System\oIrDKyY.exe
  C:\Windows\System\oIrDKyY.exe
  2⤵
  PID:5484
- C:\Windows\System\FZrGHIT.exe
  C:\Windows\System\FZrGHIT.exe
  2⤵
  PID:5500
- C:\Windows\System\SuARkDC.exe
  C:\Windows\System\SuARkDC.exe
  2⤵
  PID:5516
- C:\Windows\System\RmXdSev.exe
  C:\Windows\System\RmXdSev.exe
  2⤵
  PID:5532
- C:\Windows\System\rQtNbqe.exe
  C:\Windows\System\rQtNbqe.exe
  2⤵
  PID:5548
- C:\Windows\System\MseoXKK.exe
  C:\Windows\System\MseoXKK.exe
  2⤵
  PID:5564
- C:\Windows\System\nFceEUE.exe
  C:\Windows\System\nFceEUE.exe
  2⤵
  PID:5580
- C:\Windows\System\sNuDqBO.exe
  C:\Windows\System\sNuDqBO.exe
  2⤵
  PID:5596
- C:\Windows\System\nNxiyDP.exe
  C:\Windows\System\nNxiyDP.exe
  2⤵
  PID:5616
- C:\Windows\System\RfZWCcN.exe
  C:\Windows\System\RfZWCcN.exe
  2⤵
  PID:5632
- C:\Windows\System\CFydraX.exe
  C:\Windows\System\CFydraX.exe
  2⤵
  PID:5648
- C:\Windows\System\QzbjrAb.exe
  C:\Windows\System\QzbjrAb.exe
  2⤵
  PID:5664
- C:\Windows\System\vmQQjYS.exe
  C:\Windows\System\vmQQjYS.exe
  2⤵
  PID:5680
- C:\Windows\System\NaTiCrE.exe
  C:\Windows\System\NaTiCrE.exe
  2⤵
  PID:5696
- C:\Windows\System\QUFwudk.exe
  C:\Windows\System\QUFwudk.exe
  2⤵
  PID:5712
- C:\Windows\System\zVnbtbZ.exe
  C:\Windows\System\zVnbtbZ.exe
  2⤵
  PID:5728
- C:\Windows\System\KgPIpFv.exe
  C:\Windows\System\KgPIpFv.exe
  2⤵
  PID:5744
- C:\Windows\System\iikeAYn.exe
  C:\Windows\System\iikeAYn.exe
  2⤵
  PID:5760
- C:\Windows\System\xGFmVde.exe
  C:\Windows\System\xGFmVde.exe
  2⤵
  PID:5776
- C:\Windows\System\EKxoiKj.exe
  C:\Windows\System\EKxoiKj.exe
  2⤵
  PID:5792
- C:\Windows\System\jsNJZoy.exe
  C:\Windows\System\jsNJZoy.exe
  2⤵
  PID:5808
- C:\Windows\System\ZIryRFw.exe
  C:\Windows\System\ZIryRFw.exe
  2⤵
  PID:5824
- C:\Windows\System\CfeosYs.exe
  C:\Windows\System\CfeosYs.exe
  2⤵
  PID:5840
- C:\Windows\System\EYIJDlA.exe
  C:\Windows\System\EYIJDlA.exe
  2⤵
  PID:5856
- C:\Windows\System\ueDoGKV.exe
  C:\Windows\System\ueDoGKV.exe
  2⤵
  PID:5872
- C:\Windows\System\HEgFEww.exe
  C:\Windows\System\HEgFEww.exe
  2⤵
  PID:5888
- C:\Windows\System\EcafyTG.exe
  C:\Windows\System\EcafyTG.exe
  2⤵
  PID:5904
- C:\Windows\System\iSrodqO.exe
  C:\Windows\System\iSrodqO.exe
  2⤵
  PID:5920
- C:\Windows\System\zTAtJZH.exe
  C:\Windows\System\zTAtJZH.exe
  2⤵
  PID:5936
- C:\Windows\System\ffgjClD.exe
  C:\Windows\System\ffgjClD.exe
  2⤵
  PID:5952
- C:\Windows\System\ENlyOyy.exe
  C:\Windows\System\ENlyOyy.exe
  2⤵
  PID:5968
- C:\Windows\System\cOFSCty.exe
  C:\Windows\System\cOFSCty.exe
  2⤵
  PID:5984
- C:\Windows\System\sLbbnPT.exe
  C:\Windows\System\sLbbnPT.exe
  2⤵
  PID:6000
- C:\Windows\System\JivNkHE.exe
  C:\Windows\System\JivNkHE.exe
  2⤵
  PID:6016
- C:\Windows\System\eyNqkXp.exe
  C:\Windows\System\eyNqkXp.exe
  2⤵
  PID:6032
- C:\Windows\System\RzEAMiP.exe
  C:\Windows\System\RzEAMiP.exe
  2⤵
  PID:6052
- C:\Windows\System\MhGguFc.exe
  C:\Windows\System\MhGguFc.exe
  2⤵
  PID:6068
- C:\Windows\System\XIVtTXy.exe
  C:\Windows\System\XIVtTXy.exe
  2⤵
  PID:6084
- C:\Windows\System\EXSYMgz.exe
  C:\Windows\System\EXSYMgz.exe
  2⤵
  PID:6100
- C:\Windows\System\wmVLlGl.exe
  C:\Windows\System\wmVLlGl.exe
  2⤵
  PID:6116
- C:\Windows\System\fhDHenX.exe
  C:\Windows\System\fhDHenX.exe
  2⤵
  PID:6132
- C:\Windows\System\dFKZLWb.exe
  C:\Windows\System\dFKZLWb.exe
  2⤵
  PID:4716
- C:\Windows\System\zaaBYDn.exe
  C:\Windows\System\zaaBYDn.exe
  2⤵
  PID:2680
- C:\Windows\System\TTgwoOz.exe
  C:\Windows\System\TTgwoOz.exe
  2⤵
  PID:5004
- C:\Windows\System\BwcjYMQ.exe
  C:\Windows\System\BwcjYMQ.exe
  2⤵
  PID:2568
- C:\Windows\System\lvJXQBJ.exe
  C:\Windows\System\lvJXQBJ.exe
  2⤵
  PID:4232
- C:\Windows\System\lIONJWa.exe
  C:\Windows\System\lIONJWa.exe
  2⤵
  PID:5144
- C:\Windows\System\oaFRZVh.exe
  C:\Windows\System\oaFRZVh.exe
  2⤵
  PID:5208
- C:\Windows\System\vlCRhEF.exe
  C:\Windows\System\vlCRhEF.exe
  2⤵
  PID:4828
- C:\Windows\System\fxTuUFz.exe
  C:\Windows\System\fxTuUFz.exe
  2⤵
  PID:4888
- C:\Windows\System\UDtxHnM.exe
  C:\Windows\System\UDtxHnM.exe
  2⤵
  PID:5240
- C:\Windows\System\hWJzWXu.exe
  C:\Windows\System\hWJzWXu.exe
  2⤵
  PID:4956
- C:\Windows\System\xIfMjXK.exe
  C:\Windows\System\xIfMjXK.exe
  2⤵
  PID:4988
- C:\Windows\System\tddSNZw.exe
  C:\Windows\System\tddSNZw.exe
  2⤵
  PID:5052
- C:\Windows\System\xHpRtUA.exe
  C:\Windows\System\xHpRtUA.exe
  2⤵
  PID:3080
- C:\Windows\System\jIOSAZT.exe
  C:\Windows\System\jIOSAZT.exe
  2⤵
  PID:5084
- C:\Windows\System\fOQdRDa.exe
  C:\Windows\System\fOQdRDa.exe
  2⤵
  PID:3384
- C:\Windows\System\EZoDwex.exe
  C:\Windows\System\EZoDwex.exe
  2⤵
  PID:3952
- C:\Windows\System\jrpzEzB.exe
  C:\Windows\System\jrpzEzB.exe
  2⤵
  PID:4388
- C:\Windows\System\YReMLQH.exe
  C:\Windows\System\YReMLQH.exe
  2⤵
  PID:5132
- C:\Windows\System\czIVUld.exe
  C:\Windows\System\czIVUld.exe
  2⤵
  PID:5196
- C:\Windows\System\uhCMamM.exe
  C:\Windows\System\uhCMamM.exe
  2⤵
  PID:5260
- C:\Windows\System\rXsxvfS.exe
  C:\Windows\System\rXsxvfS.exe
  2⤵
  PID:5328
- C:\Windows\System\wwjkope.exe
  C:\Windows\System\wwjkope.exe
  2⤵
  PID:1960
- C:\Windows\System\bWGCwOW.exe
  C:\Windows\System\bWGCwOW.exe
  2⤵
  PID:2944
- C:\Windows\System\ZFtmlVe.exe
  C:\Windows\System\ZFtmlVe.exe
  2⤵
  PID:4944
- C:\Windows\System\DbPfuRa.exe
  C:\Windows\System\DbPfuRa.exe
  2⤵
  PID:4776
- C:\Windows\System\rXFeooK.exe
  C:\Windows\System\rXFeooK.exe
  2⤵
  PID:4616
- C:\Windows\System\rAqdIZJ.exe
  C:\Windows\System\rAqdIZJ.exe
  2⤵
  PID:4408
- C:\Windows\System\VCYMmhE.exe
  C:\Windows\System\VCYMmhE.exe
  2⤵
  PID:4276
- C:\Windows\System\dVLnoSD.exe
  C:\Windows\System\dVLnoSD.exe
  2⤵
  PID:4228
- C:\Windows\System\smsCkYt.exe
  C:\Windows\System\smsCkYt.exe
  2⤵
  PID:2276
- C:\Windows\System\LeFxCma.exe
  C:\Windows\System\LeFxCma.exe
  2⤵
  PID:5416
- C:\Windows\System\WJMZIrb.exe
  C:\Windows\System\WJMZIrb.exe
  2⤵
  PID:5448
- C:\Windows\System\CqOIKJE.exe
  C:\Windows\System\CqOIKJE.exe
  2⤵
  PID:5464
- C:\Windows\System\BLtxPHv.exe
  C:\Windows\System\BLtxPHv.exe
  2⤵
  PID:5512
- C:\Windows\System\ygYFRyH.exe
  C:\Windows\System\ygYFRyH.exe
  2⤵
  PID:5544
- C:\Windows\System\XRmmNXq.exe
  C:\Windows\System\XRmmNXq.exe
  2⤵
  PID:5572
- C:\Windows\System\TMKVyJU.exe
  C:\Windows\System\TMKVyJU.exe
  2⤵
  PID:5604
- C:\Windows\System\gjwjuFX.exe
  C:\Windows\System\gjwjuFX.exe
  2⤵
  PID:5640
- C:\Windows\System\NYWwSwq.exe
  C:\Windows\System\NYWwSwq.exe
  2⤵
  PID:5676
- C:\Windows\System\egijmYo.exe
  C:\Windows\System\egijmYo.exe
  2⤵
  PID:5708
- C:\Windows\System\pxVfvAW.exe
  C:\Windows\System\pxVfvAW.exe
  2⤵
  PID:5772
- C:\Windows\System\dHnmnnb.exe
  C:\Windows\System\dHnmnnb.exe
  2⤵
  PID:5660
- C:\Windows\System\WHrHFZD.exe
  C:\Windows\System\WHrHFZD.exe
  2⤵
  PID:5692
- C:\Windows\System\HEeAzcK.exe
  C:\Windows\System\HEeAzcK.exe
  2⤵
  PID:5756
- C:\Windows\System\RpNFuEG.exe
  C:\Windows\System\RpNFuEG.exe
  2⤵
  PID:5832
- C:\Windows\System\gAbvOBF.exe
  C:\Windows\System\gAbvOBF.exe
  2⤵
  PID:5816
- C:\Windows\System\eFlivmu.exe
  C:\Windows\System\eFlivmu.exe
  2⤵
  PID:5848
- C:\Windows\System\rhzdVOu.exe
  C:\Windows\System\rhzdVOu.exe
  2⤵
  PID:5960
- C:\Windows\System\KeWjTOX.exe
  C:\Windows\System\KeWjTOX.exe
  2⤵
  PID:5912
- C:\Windows\System\nvaHBjL.exe
  C:\Windows\System\nvaHBjL.exe
  2⤵
  PID:6024
- C:\Windows\System\SMpmsxm.exe
  C:\Windows\System\SMpmsxm.exe
  2⤵
  PID:6012
- C:\Windows\System\GGBYqUv.exe
  C:\Windows\System\GGBYqUv.exe
  2⤵
  PID:6040
- C:\Windows\System\vjctLLs.exe
  C:\Windows\System\vjctLLs.exe
  2⤵
  PID:6092
- C:\Windows\System\uMYHdtf.exe
  C:\Windows\System\uMYHdtf.exe
  2⤵
  PID:6124
- C:\Windows\System\ctBavAC.exe
  C:\Windows\System\ctBavAC.exe
  2⤵
  PID:6112
- C:\Windows\System\ufMlkdA.exe
  C:\Windows\System\ufMlkdA.exe
  2⤵
  PID:4712
- C:\Windows\System\zuXEztY.exe
  C:\Windows\System\zuXEztY.exe
  2⤵
  PID:444
- C:\Windows\System\nHIIOPq.exe
  C:\Windows\System\nHIIOPq.exe
  2⤵
  PID:4796
- C:\Windows\System\QseXcdD.exe
  C:\Windows\System\QseXcdD.exe
  2⤵
  PID:4860
- C:\Windows\System\WTxOdsi.exe
  C:\Windows\System\WTxOdsi.exe
  2⤵
  PID:5244
- C:\Windows\System\PGJqHvb.exe
  C:\Windows\System\PGJqHvb.exe
  2⤵
  PID:5020
- C:\Windows\System\TIPbWTW.exe
  C:\Windows\System\TIPbWTW.exe
  2⤵
  PID:3172
- C:\Windows\System\aTtIOpB.exe
  C:\Windows\System\aTtIOpB.exe
  2⤵
  PID:3972
- C:\Windows\System\atjeZkP.exe
  C:\Windows\System\atjeZkP.exe
  2⤵
  PID:4404
- C:\Windows\System\JUHpvUe.exe
  C:\Windows\System\JUHpvUe.exe
  2⤵
  PID:5128
- C:\Windows\System\qPeSBZP.exe
  C:\Windows\System\qPeSBZP.exe
  2⤵
  PID:4764
- C:\Windows\System\unIythL.exe
  C:\Windows\System\unIythL.exe
  2⤵
  PID:4136
- C:\Windows\System\PxvnklP.exe
  C:\Windows\System\PxvnklP.exe
  2⤵
  PID:4524
- C:\Windows\System\DHdUFSa.exe
  C:\Windows\System\DHdUFSa.exe
  2⤵
  PID:4680
- C:\Windows\System\xHRlbGf.exe
  C:\Windows\System\xHRlbGf.exe
  2⤵
  PID:4392
- C:\Windows\System\fAxZlph.exe
  C:\Windows\System\fAxZlph.exe
  2⤵
  PID:5400
- C:\Windows\System\ImFQJuQ.exe
  C:\Windows\System\ImFQJuQ.exe
  2⤵
  PID:2748
- C:\Windows\System\gNgCxyk.exe
  C:\Windows\System\gNgCxyk.exe
  2⤵
  PID:5540
- C:\Windows\System\FpeXQDy.exe
  C:\Windows\System\FpeXQDy.exe
  2⤵
  PID:5588
- C:\Windows\System\glMmIkm.exe
  C:\Windows\System\glMmIkm.exe
  2⤵
  PID:5672
- C:\Windows\System\fDQuCOz.exe
  C:\Windows\System\fDQuCOz.exe
  2⤵
  PID:5608
- C:\Windows\System\eBHWFVL.exe
  C:\Windows\System\eBHWFVL.exe
  2⤵
  PID:5296
- C:\Windows\System\OVLyCwy.exe
  C:\Windows\System\OVLyCwy.exe
  2⤵
  PID:5656
- C:\Windows\System\jGEFvaa.exe
  C:\Windows\System\jGEFvaa.exe
  2⤵
  PID:5896
- C:\Windows\System\TwRhlXl.exe
  C:\Windows\System\TwRhlXl.exe
  2⤵
  PID:5884
- C:\Windows\System\veiAhgf.exe
  C:\Windows\System\veiAhgf.exe
  2⤵
  PID:6044
- C:\Windows\System\PvIpoXF.exe
  C:\Windows\System\PvIpoXF.exe
  2⤵
  PID:5928
- C:\Windows\System\mWdwlMy.exe
  C:\Windows\System\mWdwlMy.exe
  2⤵
  PID:6080
- C:\Windows\System\ejukLFx.exe
  C:\Windows\System\ejukLFx.exe
  2⤵
  PID:1148
- C:\Windows\System\uIFmsTY.exe
  C:\Windows\System\uIFmsTY.exe
  2⤵
  PID:5176
- C:\Windows\System\rdJdEBf.exe
  C:\Windows\System\rdJdEBf.exe
  2⤵
  PID:5276
- C:\Windows\System\gZNWlMZ.exe
  C:\Windows\System\gZNWlMZ.exe
  2⤵
  PID:5192
- C:\Windows\System\oOSbkJf.exe
  C:\Windows\System\oOSbkJf.exe
  2⤵
  PID:2472
- C:\Windows\System\gacBqXY.exe
  C:\Windows\System\gacBqXY.exe
  2⤵
  PID:4924
- C:\Windows\System\ItvNPYI.exe
  C:\Windows\System\ItvNPYI.exe
  2⤵
  PID:5256
- C:\Windows\System\DeRrCxA.exe
  C:\Windows\System\DeRrCxA.exe
  2⤵
  PID:5576
- C:\Windows\System\uDJHwod.exe
  C:\Windows\System\uDJHwod.exe
  2⤵
  PID:4376
- C:\Windows\System\MUSeduz.exe
  C:\Windows\System\MUSeduz.exe
  2⤵
  PID:4928
- C:\Windows\System\cczUwWz.exe
  C:\Windows\System\cczUwWz.exe
  2⤵
  PID:5740
- C:\Windows\System\xONpbwy.exe
  C:\Windows\System\xONpbwy.exe
  2⤵
  PID:5976
- C:\Windows\System\qaLRXBl.exe
  C:\Windows\System\qaLRXBl.exe
  2⤵
  PID:6160
- C:\Windows\System\rkQFnkU.exe
  C:\Windows\System\rkQFnkU.exe
  2⤵
  PID:6176
- C:\Windows\System\hMKgnHY.exe
  C:\Windows\System\hMKgnHY.exe
  2⤵
  PID:6192
- C:\Windows\System\GslqtFI.exe
  C:\Windows\System\GslqtFI.exe
  2⤵
  PID:6208
- C:\Windows\System\mODNOgQ.exe
  C:\Windows\System\mODNOgQ.exe
  2⤵
  PID:6224
- C:\Windows\System\oYLWuEi.exe
  C:\Windows\System\oYLWuEi.exe
  2⤵
  PID:6240
- C:\Windows\System\KTbzFul.exe
  C:\Windows\System\KTbzFul.exe
  2⤵
  PID:6256
- C:\Windows\System\ynKZQmO.exe
  C:\Windows\System\ynKZQmO.exe
  2⤵
  PID:6272
- C:\Windows\System\MBYqeLm.exe
  C:\Windows\System\MBYqeLm.exe
  2⤵
  PID:6288
- C:\Windows\System\VzeAHMa.exe
  C:\Windows\System\VzeAHMa.exe
  2⤵
  PID:6304
- C:\Windows\System\pBJxFiZ.exe
  C:\Windows\System\pBJxFiZ.exe
  2⤵
  PID:6320
- C:\Windows\System\mgCMnJr.exe
  C:\Windows\System\mgCMnJr.exe
  2⤵
  PID:6336
- C:\Windows\System\bmGALvr.exe
  C:\Windows\System\bmGALvr.exe
  2⤵
  PID:6352
- C:\Windows\System\LcejiuO.exe
  C:\Windows\System\LcejiuO.exe
  2⤵
  PID:6368
- C:\Windows\System\liYNPSd.exe
  C:\Windows\System\liYNPSd.exe
  2⤵
  PID:6384
- C:\Windows\System\ZfuAlgJ.exe
  C:\Windows\System\ZfuAlgJ.exe
  2⤵
  PID:6400
- C:\Windows\System\damVzlF.exe
  C:\Windows\System\damVzlF.exe
  2⤵
  PID:6416
- C:\Windows\System\lCsyoJD.exe
  C:\Windows\System\lCsyoJD.exe
  2⤵
  PID:6432
- C:\Windows\System\vgNEdny.exe
  C:\Windows\System\vgNEdny.exe
  2⤵
  PID:6448
- C:\Windows\System\OsEmBWN.exe
  C:\Windows\System\OsEmBWN.exe
  2⤵
  PID:6464
- C:\Windows\System\CbcItfA.exe
  C:\Windows\System\CbcItfA.exe
  2⤵
  PID:6480
- C:\Windows\System\dxSttOR.exe
  C:\Windows\System\dxSttOR.exe
  2⤵
  PID:6496
- C:\Windows\System\lAmwiaM.exe
  C:\Windows\System\lAmwiaM.exe
  2⤵
  PID:6512
- C:\Windows\System\rYAOTDq.exe
  C:\Windows\System\rYAOTDq.exe
  2⤵
  PID:6528
- C:\Windows\System\OLRTONl.exe
  C:\Windows\System\OLRTONl.exe
  2⤵
  PID:6544
- C:\Windows\System\dsemRPq.exe
  C:\Windows\System\dsemRPq.exe
  2⤵
  PID:6564
- C:\Windows\System\jmoZRrS.exe
  C:\Windows\System\jmoZRrS.exe
  2⤵
  PID:6580
- C:\Windows\System\sdkpoAR.exe
  C:\Windows\System\sdkpoAR.exe
  2⤵
  PID:6600
- C:\Windows\System\pFqnGRB.exe
  C:\Windows\System\pFqnGRB.exe
  2⤵
  PID:6616
- C:\Windows\System\MuTquUA.exe
  C:\Windows\System\MuTquUA.exe
  2⤵
  PID:6632
- C:\Windows\System\eDATGPG.exe
  C:\Windows\System\eDATGPG.exe
  2⤵
  PID:6648
- C:\Windows\System\oiCXvql.exe
  C:\Windows\System\oiCXvql.exe
  2⤵
  PID:6664
- C:\Windows\System\xwUdUox.exe
  C:\Windows\System\xwUdUox.exe
  2⤵
  PID:6680
- C:\Windows\System\vbSovhw.exe
  C:\Windows\System\vbSovhw.exe
  2⤵
  PID:6696
- C:\Windows\System\nozXQPC.exe
  C:\Windows\System\nozXQPC.exe
  2⤵
  PID:6712
- C:\Windows\System\skiwpCO.exe
  C:\Windows\System\skiwpCO.exe
  2⤵
  PID:6728
- C:\Windows\System\aMahbKM.exe
  C:\Windows\System\aMahbKM.exe
  2⤵
  PID:6744
- C:\Windows\System\rlDYuXb.exe
  C:\Windows\System\rlDYuXb.exe
  2⤵
  PID:6760
- C:\Windows\System\XWfkQAB.exe
  C:\Windows\System\XWfkQAB.exe
  2⤵
  PID:6776
- C:\Windows\System\CIFLRMq.exe
  C:\Windows\System\CIFLRMq.exe
  2⤵
  PID:6792
- C:\Windows\System\bcPzyWk.exe
  C:\Windows\System\bcPzyWk.exe
  2⤵
  PID:6808
- C:\Windows\System\ZuLSDxT.exe
  C:\Windows\System\ZuLSDxT.exe
  2⤵
  PID:6824
- C:\Windows\System\UVNMOly.exe
  C:\Windows\System\UVNMOly.exe
  2⤵
  PID:6840
- C:\Windows\System\oxuOXtV.exe
  C:\Windows\System\oxuOXtV.exe
  2⤵
  PID:6856
- C:\Windows\System\smxQurO.exe
  C:\Windows\System\smxQurO.exe
  2⤵
  PID:6872
- C:\Windows\System\RgItboL.exe
  C:\Windows\System\RgItboL.exe
  2⤵
  PID:6888
- C:\Windows\System\dwANGfn.exe
  C:\Windows\System\dwANGfn.exe
  2⤵
  PID:6904
- C:\Windows\System\ZXnuFDU.exe
  C:\Windows\System\ZXnuFDU.exe
  2⤵
  PID:6928
- C:\Windows\System\FLyAjRX.exe
  C:\Windows\System\FLyAjRX.exe
  2⤵
  PID:6784
- C:\Windows\System\sXsZEOJ.exe
  C:\Windows\System\sXsZEOJ.exe
  2⤵
  PID:6672
- C:\Windows\System\AIvODkV.exe
  C:\Windows\System\AIvODkV.exe
  2⤵
  PID:6816
- C:\Windows\System\AXkGqnX.exe
  C:\Windows\System\AXkGqnX.exe
  2⤵
  PID:6900
- C:\Windows\System\WHQzcQF.exe
  C:\Windows\System\WHQzcQF.exe
  2⤵
  PID:6924
- C:\Windows\System\rUtRChj.exe
  C:\Windows\System\rUtRChj.exe
  2⤵
  PID:6936
- C:\Windows\System\KRllXSA.exe
  C:\Windows\System\KRllXSA.exe
  2⤵
  PID:6960
- C:\Windows\System\RrDHMsy.exe
  C:\Windows\System\RrDHMsy.exe
  2⤵
  PID:6984
- C:\Windows\System\hPvFYqq.exe
  C:\Windows\System\hPvFYqq.exe
  2⤵
  PID:7016
- C:\Windows\System\aXuWRhf.exe
  C:\Windows\System\aXuWRhf.exe
  2⤵
  PID:7040
- C:\Windows\System\sPMVyvz.exe
  C:\Windows\System\sPMVyvz.exe
  2⤵
  PID:7060
- C:\Windows\System\cuqEvwP.exe
  C:\Windows\System\cuqEvwP.exe
  2⤵
  PID:2800
- C:\Windows\System\kSPdRjm.exe
  C:\Windows\System\kSPdRjm.exe
  2⤵
  PID:7084
- C:\Windows\System\jIVKjxJ.exe
  C:\Windows\System\jIVKjxJ.exe
  2⤵
  PID:7112
- C:\Windows\System\GcgNzZJ.exe
  C:\Windows\System\GcgNzZJ.exe
  2⤵
  PID:7140
- C:\Windows\System\SvwvcYJ.exe
  C:\Windows\System\SvwvcYJ.exe
  2⤵
  PID:7156
- C:\Windows\System\IDyGmYi.exe
  C:\Windows\System\IDyGmYi.exe
  2⤵
  PID:6028
- C:\Windows\System\DhURjHc.exe
  C:\Windows\System\DhURjHc.exe
  2⤵
  PID:5088
- C:\Windows\System\UIMtIVA.exe
  C:\Windows\System\UIMtIVA.exe
  2⤵
  PID:4216
- C:\Windows\System\umPJooR.exe
  C:\Windows\System\umPJooR.exe
  2⤵
  PID:1976
- C:\Windows\System\VoNnqoJ.exe
  C:\Windows\System\VoNnqoJ.exe
  2⤵
  PID:2188
- C:\Windows\System\ApHtrUu.exe
  C:\Windows\System\ApHtrUu.exe
  2⤵
  PID:6076
- C:\Windows\System\IJcVccf.exe
  C:\Windows\System\IJcVccf.exe
  2⤵
  PID:6204
- C:\Windows\System\aOhXbeF.exe
  C:\Windows\System\aOhXbeF.exe
  2⤵
  PID:4312
- C:\Windows\System\tvGVyQq.exe
  C:\Windows\System\tvGVyQq.exe
  2⤵
  PID:6560
- C:\Windows\System\HacfJbl.exe
  C:\Windows\System\HacfJbl.exe
  2⤵
  PID:4812
- C:\Windows\System\HOCVrrh.exe
  C:\Windows\System\HOCVrrh.exe
  2⤵
  PID:6236
- C:\Windows\System\WekQUiO.exe
  C:\Windows\System\WekQUiO.exe
  2⤵
  PID:6300
- C:\Windows\System\TuTQGGU.exe
  C:\Windows\System\TuTQGGU.exe
  2⤵
  PID:6364
- C:\Windows\System\jiQWJGL.exe
  C:\Windows\System\jiQWJGL.exe
  2⤵
  PID:6428
- C:\Windows\System\uSnybzp.exe
  C:\Windows\System\uSnybzp.exe
  2⤵
  PID:6520
- C:\Windows\System\HqkovcO.exe
  C:\Windows\System\HqkovcO.exe
  2⤵
  PID:6588
- C:\Windows\System\PLsaxfq.exe
  C:\Windows\System\PLsaxfq.exe
  2⤵
  PID:2228
- C:\Windows\System\YwXdWlD.exe
  C:\Windows\System\YwXdWlD.exe
  2⤵
  PID:3568
- C:\Windows\System\VqDemxy.exe
  C:\Windows\System\VqDemxy.exe
  2⤵
  PID:2460
- C:\Windows\System\nuwWAfI.exe
  C:\Windows\System\nuwWAfI.exe
  2⤵
  PID:6944
- C:\Windows\System\uGdDbLg.exe
  C:\Windows\System\uGdDbLg.exe
  2⤵
  PID:5688
- C:\Windows\System\dQcCbLz.exe
  C:\Windows\System\dQcCbLz.exe
  2⤵
  PID:7012
- C:\Windows\System\ETlXyKs.exe
  C:\Windows\System\ETlXyKs.exe
  2⤵
  PID:1540
- C:\Windows\System\RiaQccf.exe
  C:\Windows\System\RiaQccf.exe
  2⤵
  PID:6692
- C:\Windows\System\ZISucrN.exe
  C:\Windows\System\ZISucrN.exe
  2⤵
  PID:6172
- C:\Windows\System\IxHKVSJ.exe
  C:\Windows\System\IxHKVSJ.exe
  2⤵
  PID:2492
- C:\Windows\System\yqQMlEw.exe
  C:\Windows\System\yqQMlEw.exe
  2⤵
  PID:6460
- C:\Windows\System\aNzyOEo.exe
  C:\Windows\System\aNzyOEo.exe
  2⤵
  PID:6156
- C:\Windows\System\xhVmqeA.exe
  C:\Windows\System\xhVmqeA.exe
  2⤵
  PID:6216
- C:\Windows\System\YmqKaMK.exe
  C:\Windows\System\YmqKaMK.exe
  2⤵
  PID:6252
- C:\Windows\System\BkypAoF.exe
  C:\Windows\System\BkypAoF.exe
  2⤵
  PID:6344
- C:\Windows\System\kpznZpa.exe
  C:\Windows\System\kpznZpa.exe
  2⤵
  PID:6408
- C:\Windows\System\LPQsvrE.exe
  C:\Windows\System\LPQsvrE.exe
  2⤵
  PID:6444
- C:\Windows\System\nJqynSC.exe
  C:\Windows\System\nJqynSC.exe
  2⤵
  PID:6536
- C:\Windows\System\XswgjKW.exe
  C:\Windows\System\XswgjKW.exe
  2⤵
  PID:7164
- C:\Windows\System\znJdzzl.exe
  C:\Windows\System\znJdzzl.exe
  2⤵
  PID:7076
- C:\Windows\System\WenrkmN.exe
  C:\Windows\System\WenrkmN.exe
  2⤵
  PID:2508
- C:\Windows\System\OvNKTrJ.exe
  C:\Windows\System\OvNKTrJ.exe
  2⤵
  PID:6624
- C:\Windows\System\ZjqPkuC.exe
  C:\Windows\System\ZjqPkuC.exe
  2⤵
  PID:7120
- C:\Windows\System\TTDGGct.exe
  C:\Windows\System\TTDGGct.exe
  2⤵
  PID:6724
- C:\Windows\System\GaQLIUk.exe
  C:\Windows\System\GaQLIUk.exe
  2⤵
  PID:6772
- C:\Windows\System\jVFmjBv.exe
  C:\Windows\System\jVFmjBv.exe
  2⤵
  PID:6656
- C:\Windows\System\CtlfBVx.exe
  C:\Windows\System\CtlfBVx.exe
  2⤵
  PID:6736
- C:\Windows\System\UvSWuNl.exe
  C:\Windows\System\UvSWuNl.exe
  2⤵
  PID:1052
- C:\Windows\System\fTwtAkR.exe
  C:\Windows\System\fTwtAkR.exe
  2⤵
  PID:6612
- C:\Windows\System\uzptZNF.exe
  C:\Windows\System\uzptZNF.exe
  2⤵
  PID:6640
- C:\Windows\System\VBgMCqF.exe
  C:\Windows\System\VBgMCqF.exe
  2⤵
  PID:6704
- C:\Windows\System\aIDRYWk.exe
  C:\Windows\System\aIDRYWk.exe
  2⤵
  PID:6916
- C:\Windows\System\qXWQeun.exe
  C:\Windows\System\qXWQeun.exe
  2⤵
  PID:6912
- C:\Windows\System\pywlGXv.exe
  C:\Windows\System\pywlGXv.exe
  2⤵
  PID:6976
- C:\Windows\System\vutQSHG.exe
  C:\Windows\System\vutQSHG.exe
  2⤵
  PID:7036
- C:\Windows\System\LddPoCo.exe
  C:\Windows\System\LddPoCo.exe
  2⤵
  PID:7048
- C:\Windows\System\zFjezUN.exe
  C:\Windows\System\zFjezUN.exe
  2⤵
  PID:7068
- C:\Windows\System\rdJZgtk.exe
  C:\Windows\System\rdJZgtk.exe
  2⤵
  PID:1800
- C:\Windows\System\hWDwIfg.exe
  C:\Windows\System\hWDwIfg.exe
  2⤵
  PID:7108
- C:\Windows\System\MCJdLPN.exe
  C:\Windows\System\MCJdLPN.exe
  2⤵
  PID:6140
- C:\Windows\System\xLvddBi.exe
  C:\Windows\System\xLvddBi.exe
  2⤵
  PID:5428
- C:\Windows\System\RCeqzoM.exe
  C:\Windows\System\RCeqzoM.exe
  2⤵
  PID:1752
- C:\Windows\System\SsGSOrg.exe
  C:\Windows\System\SsGSOrg.exe
  2⤵
  PID:5628
- C:\Windows\System\CcQpbAJ.exe
  C:\Windows\System\CcQpbAJ.exe
  2⤵
  PID:6396
- C:\Windows\System\WvjKIqj.exe
  C:\Windows\System\WvjKIqj.exe
  2⤵
  PID:6556
- C:\Windows\System\goXzVqM.exe
  C:\Windows\System\goXzVqM.exe
  2⤵
  PID:5864
- C:\Windows\System\ITDRZwC.exe
  C:\Windows\System\ITDRZwC.exe
  2⤵
  PID:3564
- C:\Windows\System\GQHxqhh.exe
  C:\Windows\System\GQHxqhh.exe
  2⤵
  PID:6280
- C:\Windows\System\tdYMJRY.exe
  C:\Windows\System\tdYMJRY.exe
  2⤵
  PID:6508
- C:\Windows\System\RbtNmqU.exe
  C:\Windows\System\RbtNmqU.exe
  2⤵
  PID:6592
- C:\Windows\System\JkVLZaI.exe
  C:\Windows\System\JkVLZaI.exe
  2⤵
  PID:2732
- C:\Windows\System\LzsMxXt.exe
  C:\Windows\System\LzsMxXt.exe
  2⤵
  PID:2596
- C:\Windows\System\JdMohxW.exe
  C:\Windows\System\JdMohxW.exe
  2⤵
  PID:6188
- C:\Windows\System\CJXhtPv.exe
  C:\Windows\System\CJXhtPv.exe
  2⤵
  PID:6472
- C:\Windows\System\bBCzRGE.exe
  C:\Windows\System\bBCzRGE.exe
  2⤵
  PID:2948
- C:\Windows\System\BeozSsl.exe
  C:\Windows\System\BeozSsl.exe
  2⤵
  PID:6768
- C:\Windows\System\tsTSKjT.exe
  C:\Windows\System\tsTSKjT.exe
  2⤵
  PID:6740
- C:\Windows\System\BwhifPE.exe
  C:\Windows\System\BwhifPE.exe
  2⤵
  PID:4244
- C:\Windows\System\okseiKS.exe
  C:\Windows\System\okseiKS.exe
  2⤵
  PID:4472
- C:\Windows\System\HvSEQvp.exe
  C:\Windows\System\HvSEQvp.exe
  2⤵
  PID:6896
- C:\Windows\System\sJmbcZN.exe
  C:\Windows\System\sJmbcZN.exe
  2⤵
  PID:6980
- C:\Windows\System\qJdaicK.exe
  C:\Windows\System\qJdaicK.exe
  2⤵
  PID:7096
- C:\Windows\System\QwzqaIU.exe
  C:\Windows\System\QwzqaIU.exe
  2⤵
  PID:5944
- C:\Windows\System\vdExCCw.exe
  C:\Windows\System\vdExCCw.exe
  2⤵
  PID:5344
- C:\Windows\System\WdGxETA.exe
  C:\Windows\System\WdGxETA.exe
  2⤵
  PID:3144
- C:\Windows\System\wYIaQsu.exe
  C:\Windows\System\wYIaQsu.exe
  2⤵
  PID:4604
- C:\Windows\System\mzFlvJY.exe
  C:\Windows\System\mzFlvJY.exe
  2⤵
  PID:5228
- C:\Windows\System\AepQmcK.exe
  C:\Windows\System\AepQmcK.exe
  2⤵
  PID:2840
- C:\Windows\System\jYzRjXw.exe
  C:\Windows\System\jYzRjXw.exe
  2⤵
  PID:3008
- C:\Windows\System\sOOkdHf.exe
  C:\Windows\System\sOOkdHf.exe
  2⤵
  PID:2772
- C:\Windows\System\czRCMbc.exe
  C:\Windows\System\czRCMbc.exe
  2⤵
  PID:6376
- C:\Windows\System\xRrrFkH.exe
  C:\Windows\System\xRrrFkH.exe
  2⤵
  PID:6688
- C:\Windows\System\mZCaqcS.exe
  C:\Windows\System\mZCaqcS.exe
  2⤵
  PID:2284
- C:\Windows\System\XHOBccm.exe
  C:\Windows\System\XHOBccm.exe
  2⤵
  PID:2036
- C:\Windows\System\AanDdEr.exe
  C:\Windows\System\AanDdEr.exe
  2⤵
  PID:2632
- C:\Windows\System\wONOvkK.exe
  C:\Windows\System\wONOvkK.exe
  2⤵
  PID:2064
- C:\Windows\System\mrZJZji.exe
  C:\Windows\System\mrZJZji.exe
  2⤵
  PID:6956
- C:\Windows\System\XagkDKm.exe
  C:\Windows\System\XagkDKm.exe
  2⤵
  PID:332
- C:\Windows\System\Jwtfylo.exe
  C:\Windows\System\Jwtfylo.exe
  2⤵
  PID:6788
- C:\Windows\System\fIYwjCZ.exe
  C:\Windows\System\fIYwjCZ.exe
  2⤵
  PID:572
- C:\Windows\System\LXwZvzx.exe
  C:\Windows\System\LXwZvzx.exe
  2⤵
  PID:6488
- C:\Windows\System\bpxbVzL.exe
  C:\Windows\System\bpxbVzL.exe
  2⤵
  PID:6504
- C:\Windows\System\CRxuKgX.exe
  C:\Windows\System\CRxuKgX.exe
  2⤵
  PID:6756
- C:\Windows\System\eRHGIcP.exe
  C:\Windows\System\eRHGIcP.exe
  2⤵
  PID:1036
- C:\Windows\System\mmlIcvm.exe
  C:\Windows\System\mmlIcvm.exe
  2⤵
  PID:7152
- C:\Windows\System\ImfkZdd.exe
  C:\Windows\System\ImfkZdd.exe
  2⤵
  PID:3024
- C:\Windows\System\gWjYGcj.exe
  C:\Windows\System\gWjYGcj.exe
  2⤵
  PID:7080
- C:\Windows\System\DDGCbTW.exe
  C:\Windows\System\DDGCbTW.exe
  2⤵
  PID:6184
- C:\Windows\System\qLRdPMv.exe
  C:\Windows\System\qLRdPMv.exe
  2⤵
  PID:476
- C:\Windows\System\RpAMhgp.exe
  C:\Windows\System\RpAMhgp.exe
  2⤵
  PID:6832
- C:\Windows\System\WYTrwjZ.exe
  C:\Windows\System\WYTrwjZ.exe
  2⤵
  PID:7032
- C:\Windows\System\tDMpzCM.exe
  C:\Windows\System\tDMpzCM.exe
  2⤵
  PID:7092
- C:\Windows\System\mrEmJhL.exe
  C:\Windows\System\mrEmJhL.exe
  2⤵
  PID:5460
- C:\Windows\System\SCOmMEN.exe
  C:\Windows\System\SCOmMEN.exe
  2⤵
  PID:2252
- C:\Windows\System\FMJVbVK.exe
  C:\Windows\System\FMJVbVK.exe
  2⤵
  PID:2008
- C:\Windows\System\BRFQLQN.exe
  C:\Windows\System\BRFQLQN.exe
  2⤵
  PID:7180
- C:\Windows\System\lOylltQ.exe
  C:\Windows\System\lOylltQ.exe
  2⤵
  PID:7196
- C:\Windows\System\DfKcPQs.exe
  C:\Windows\System\DfKcPQs.exe
  2⤵
  PID:7212
- C:\Windows\System\mzuIakR.exe
  C:\Windows\System\mzuIakR.exe
  2⤵
  PID:7228
- C:\Windows\System\iWcjKhM.exe
  C:\Windows\System\iWcjKhM.exe
  2⤵
  PID:7244
- C:\Windows\System\AWEvAvg.exe
  C:\Windows\System\AWEvAvg.exe
  2⤵
  PID:7260
- C:\Windows\System\ltIlrfb.exe
  C:\Windows\System\ltIlrfb.exe
  2⤵
  PID:7276
- C:\Windows\System\hufKYAU.exe
  C:\Windows\System\hufKYAU.exe
  2⤵
  PID:7292
- C:\Windows\System\xcOFzHZ.exe
  C:\Windows\System\xcOFzHZ.exe
  2⤵
  PID:7308
- C:\Windows\System\UAjNKHM.exe
  C:\Windows\System\UAjNKHM.exe
  2⤵
  PID:7324
- C:\Windows\System\YXLRTvq.exe
  C:\Windows\System\YXLRTvq.exe
  2⤵
  PID:7340
- C:\Windows\System\rOjgvuC.exe
  C:\Windows\System\rOjgvuC.exe
  2⤵
  PID:7356
- C:\Windows\System\stwkmUn.exe
  C:\Windows\System\stwkmUn.exe
  2⤵
  PID:7372
- C:\Windows\System\ZGguVlr.exe
  C:\Windows\System\ZGguVlr.exe
  2⤵
  PID:7388
- C:\Windows\System\UAsxohV.exe
  C:\Windows\System\UAsxohV.exe
  2⤵
  PID:7404
- C:\Windows\System\WckICAL.exe
  C:\Windows\System\WckICAL.exe
  2⤵
  PID:7420
- C:\Windows\System\IpGdQpq.exe
  C:\Windows\System\IpGdQpq.exe
  2⤵
  PID:7436
- C:\Windows\System\hSpIaFo.exe
  C:\Windows\System\hSpIaFo.exe
  2⤵
  PID:7456
- C:\Windows\System\foAoriH.exe
  C:\Windows\System\foAoriH.exe
  2⤵
  PID:7472
- C:\Windows\System\BBBqXxj.exe
  C:\Windows\System\BBBqXxj.exe
  2⤵
  PID:7488
- C:\Windows\System\hpyimqW.exe
  C:\Windows\System\hpyimqW.exe
  2⤵
  PID:7504
- C:\Windows\System\BkapGJa.exe
  C:\Windows\System\BkapGJa.exe
  2⤵
  PID:7520
- C:\Windows\System\famWvgK.exe
  C:\Windows\System\famWvgK.exe
  2⤵
  PID:7536
- C:\Windows\System\KnGUwEk.exe
  C:\Windows\System\KnGUwEk.exe
  2⤵
  PID:7552
- C:\Windows\System\qaSfKEu.exe
  C:\Windows\System\qaSfKEu.exe
  2⤵
  PID:7568
- C:\Windows\System\zSgAfcG.exe
  C:\Windows\System\zSgAfcG.exe
  2⤵
  PID:7584
- C:\Windows\System\PMSkLay.exe
  C:\Windows\System\PMSkLay.exe
  2⤵
  PID:7600
- C:\Windows\System\keYQqTR.exe
  C:\Windows\System\keYQqTR.exe
  2⤵
  PID:7616
- C:\Windows\System\cajOygE.exe
  C:\Windows\System\cajOygE.exe
  2⤵
  PID:7632
- C:\Windows\System\VpzlUdh.exe
  C:\Windows\System\VpzlUdh.exe
  2⤵
  PID:7648
- C:\Windows\System\kEiUDxu.exe
  C:\Windows\System\kEiUDxu.exe
  2⤵
  PID:7664
- C:\Windows\System\PQtdTdb.exe
  C:\Windows\System\PQtdTdb.exe
  2⤵
  PID:7680
- C:\Windows\System\uYBDKPk.exe
  C:\Windows\System\uYBDKPk.exe
  2⤵
  PID:7696
- C:\Windows\System\YycRbFg.exe
  C:\Windows\System\YycRbFg.exe
  2⤵
  PID:7712
- C:\Windows\System\kTWuQLt.exe
  C:\Windows\System\kTWuQLt.exe
  2⤵
  PID:7728
- C:\Windows\System\GJGJFUk.exe
  C:\Windows\System\GJGJFUk.exe
  2⤵
  PID:7744
- C:\Windows\System\mEhWnBc.exe
  C:\Windows\System\mEhWnBc.exe
  2⤵
  PID:7760
- C:\Windows\System\ZfCmCCD.exe
  C:\Windows\System\ZfCmCCD.exe
  2⤵
  PID:7776
- C:\Windows\System\dxkoNwk.exe
  C:\Windows\System\dxkoNwk.exe
  2⤵
  PID:7792
- C:\Windows\System\pKbAeEE.exe
  C:\Windows\System\pKbAeEE.exe
  2⤵
  PID:7808
- C:\Windows\System\AwFnXhI.exe
  C:\Windows\System\AwFnXhI.exe
  2⤵
  PID:7824
- C:\Windows\System\meWrenk.exe
  C:\Windows\System\meWrenk.exe
  2⤵
  PID:7840
- C:\Windows\System\uTSUKTY.exe
  C:\Windows\System\uTSUKTY.exe
  2⤵
  PID:7856
- C:\Windows\System\cadEWSR.exe
  C:\Windows\System\cadEWSR.exe
  2⤵
  PID:7872
- C:\Windows\System\HmjxnMA.exe
  C:\Windows\System\HmjxnMA.exe
  2⤵
  PID:7888
- C:\Windows\System\cXQHOFY.exe
  C:\Windows\System\cXQHOFY.exe
  2⤵
  PID:7908
- C:\Windows\System\YKNfQOI.exe
  C:\Windows\System\YKNfQOI.exe
  2⤵
  PID:7924
- C:\Windows\System\yyyUpjT.exe
  C:\Windows\System\yyyUpjT.exe
  2⤵
  PID:7940
- C:\Windows\System\pHJjiJh.exe
  C:\Windows\System\pHJjiJh.exe
  2⤵
  PID:7956
- C:\Windows\System\yHwzUmk.exe
  C:\Windows\System\yHwzUmk.exe
  2⤵
  PID:7972
- C:\Windows\System\jPYXtxY.exe
  C:\Windows\System\jPYXtxY.exe
  2⤵
  PID:7988
- C:\Windows\System\byllCEy.exe
  C:\Windows\System\byllCEy.exe
  2⤵
  PID:8004
- C:\Windows\System\mIRRfJp.exe
  C:\Windows\System\mIRRfJp.exe
  2⤵
  PID:8020
- C:\Windows\System\TMewHoe.exe
  C:\Windows\System\TMewHoe.exe
  2⤵
  PID:8036
- C:\Windows\System\glsUkND.exe
  C:\Windows\System\glsUkND.exe
  2⤵
  PID:8052
- C:\Windows\System\sjCobqk.exe
  C:\Windows\System\sjCobqk.exe
  2⤵
  PID:8068
- C:\Windows\System\qLkDBQl.exe
  C:\Windows\System\qLkDBQl.exe
  2⤵
  PID:8084
- C:\Windows\System\uhOvHGm.exe
  C:\Windows\System\uhOvHGm.exe
  2⤵
  PID:8100
- C:\Windows\System\wkNVzgP.exe
  C:\Windows\System\wkNVzgP.exe
  2⤵
  PID:8116
- C:\Windows\System\BsSrEjq.exe
  C:\Windows\System\BsSrEjq.exe
  2⤵
  PID:8132
- C:\Windows\System\LNzjCHW.exe
  C:\Windows\System\LNzjCHW.exe
  2⤵
  PID:8148
- C:\Windows\System\dQVBZHJ.exe
  C:\Windows\System\dQVBZHJ.exe
  2⤵
  PID:8164
- C:\Windows\System\tVPsLeq.exe
  C:\Windows\System\tVPsLeq.exe
  2⤵
  PID:8180
- C:\Windows\System\OVDickz.exe
  C:\Windows\System\OVDickz.exe
  2⤵
  PID:956
- C:\Windows\System\EqQJvPg.exe
  C:\Windows\System\EqQJvPg.exe
  2⤵
  PID:6248
- C:\Windows\System\iWlXUbX.exe
  C:\Windows\System\iWlXUbX.exe
  2⤵
  PID:6572
- C:\Windows\System\ufFyKGx.exe
  C:\Windows\System\ufFyKGx.exe
  2⤵
  PID:1988
- C:\Windows\System\axcNeAm.exe
  C:\Windows\System\axcNeAm.exe
  2⤵
  PID:2256
- C:\Windows\System\eSYCSEQ.exe
  C:\Windows\System\eSYCSEQ.exe
  2⤵
  PID:7208
- C:\Windows\System\mMuwlTA.exe
  C:\Windows\System\mMuwlTA.exe
  2⤵
  PID:7220
- C:\Windows\System\GeITXsD.exe
  C:\Windows\System\GeITXsD.exe
  2⤵
  PID:7252
- C:\Windows\System\WgAzWNX.exe
  C:\Windows\System\WgAzWNX.exe
  2⤵
  PID:7304
- C:\Windows\System\pbrJzKv.exe
  C:\Windows\System\pbrJzKv.exe
  2⤵
  PID:7348
- C:\Windows\System\RZXDPDr.exe
  C:\Windows\System\RZXDPDr.exe
  2⤵
  PID:7380
- C:\Windows\System\YLzjGtf.exe
  C:\Windows\System\YLzjGtf.exe
  2⤵
  PID:7416
- C:\Windows\System\jkTbwzy.exe
  C:\Windows\System\jkTbwzy.exe
  2⤵
  PID:7448
- C:\Windows\System\fseDjcA.exe
  C:\Windows\System\fseDjcA.exe
  2⤵
  PID:7512
- C:\Windows\System\ZfjOCpP.exe
  C:\Windows\System\ZfjOCpP.exe
  2⤵
  PID:7576
- C:\Windows\System\zoKBzeE.exe
  C:\Windows\System\zoKBzeE.exe
  2⤵
  PID:7640
- C:\Windows\System\CbGfJrE.exe
  C:\Windows\System\CbGfJrE.exe
  2⤵
  PID:7704
- C:\Windows\System\lGsmoAG.exe
  C:\Windows\System\lGsmoAG.exe
  2⤵
  PID:2512
- C:\Windows\System\jgHIabF.exe
  C:\Windows\System\jgHIabF.exe
  2⤵
  PID:7496
- C:\Windows\System\aPFqTJO.exe
  C:\Windows\System\aPFqTJO.exe
  2⤵
  PID:7692
- C:\Windows\System\IaRWxxr.exe
  C:\Windows\System\IaRWxxr.exe
  2⤵
  PID:7804
- C:\Windows\System\niNvAxB.exe
  C:\Windows\System\niNvAxB.exe
  2⤵
  PID:7464
- C:\Windows\System\aqZwmWG.exe
  C:\Windows\System\aqZwmWG.exe
  2⤵
  PID:7624
- C:\Windows\System\GPNIyLL.exe
  C:\Windows\System\GPNIyLL.exe
  2⤵
  PID:7720
- C:\Windows\System\OzfYWSx.exe
  C:\Windows\System\OzfYWSx.exe
  2⤵
  PID:7848
- C:\Windows\System\umwVeWR.exe
  C:\Windows\System\umwVeWR.exe
  2⤵
  PID:7816
- C:\Windows\System\QwgqJvz.exe
  C:\Windows\System\QwgqJvz.exe
  2⤵
  PID:7896
- C:\Windows\System\iiSxhOY.exe
  C:\Windows\System\iiSxhOY.exe
  2⤵
  PID:7964
- C:\Windows\System\OEBwmzt.exe
  C:\Windows\System\OEBwmzt.exe
  2⤵
  PID:8000
- C:\Windows\System\WQFULda.exe
  C:\Windows\System\WQFULda.exe
  2⤵
  PID:7980
- C:\Windows\System\DICWTMx.exe
  C:\Windows\System\DICWTMx.exe
  2⤵
  PID:7984
- C:\Windows\System\IDSmQDY.exe
  C:\Windows\System\IDSmQDY.exe
  2⤵
  PID:8064
- C:\Windows\System\fvgjWHm.exe
  C:\Windows\System\fvgjWHm.exe
  2⤵
  PID:8128
- C:\Windows\System\HHtSmlK.exe
  C:\Windows\System\HHtSmlK.exe
  2⤵
  PID:8140
- C:\Windows\System\lkthoKi.exe
  C:\Windows\System\lkthoKi.exe
  2⤵
  PID:8080
- C:\Windows\System\tTyayLM.exe
  C:\Windows\System\tTyayLM.exe
  2⤵
  PID:8172
- C:\Windows\System\IDLuQQa.exe
  C:\Windows\System\IDLuQQa.exe
  2⤵
  PID:2268
- C:\Windows\System\kUmSyma.exe
  C:\Windows\System\kUmSyma.exe
  2⤵
  PID:7288
- C:\Windows\System\ztsSUCK.exe
  C:\Windows\System\ztsSUCK.exe
  2⤵
  PID:7268
- C:\Windows\System\eclEBTz.exe
  C:\Windows\System\eclEBTz.exe
  2⤵
  PID:7204
- C:\Windows\System\ybHRhFX.exe
  C:\Windows\System\ybHRhFX.exe
  2⤵
  PID:7352
- C:\Windows\System\GvFUqNC.exe
  C:\Windows\System\GvFUqNC.exe
  2⤵
  PID:7544
- C:\Windows\System\AHFtiHE.exe
  C:\Windows\System\AHFtiHE.exe
  2⤵
  PID:7676
- C:\Windows\System\XSAiGCh.exe
  C:\Windows\System\XSAiGCh.exe
  2⤵
  PID:7772
- C:\Windows\System\fikxweP.exe
  C:\Windows\System\fikxweP.exe
  2⤵
  PID:7752
- C:\Windows\System\SDELyUd.exe
  C:\Windows\System\SDELyUd.exe
  2⤵
  PID:7400
- C:\Windows\System\uxgIBiK.exe
  C:\Windows\System\uxgIBiK.exe
  2⤵
  PID:7608
- C:\Windows\System\oSaXGYz.exe
  C:\Windows\System\oSaXGYz.exe
  2⤵
  PID:7528
- C:\Windows\System\wStYQUK.exe
  C:\Windows\System\wStYQUK.exe
  2⤵
  PID:7864
- C:\Windows\System\NmVWhWX.exe
  C:\Windows\System\NmVWhWX.exe
  2⤵
  PID:7784
- C:\Windows\System\vmfGlHc.exe
  C:\Windows\System\vmfGlHc.exe
  2⤵
  PID:7920
- C:\Windows\System\srWfFjt.exe
  C:\Windows\System\srWfFjt.exe
  2⤵
  PID:8096
- C:\Windows\System\zadaniP.exe
  C:\Windows\System\zadaniP.exe
  2⤵
  PID:2580
- C:\Windows\System\XeCvtWO.exe
  C:\Windows\System\XeCvtWO.exe
  2⤵
  PID:7900
- C:\Windows\System\sgvvIhm.exe
  C:\Windows\System\sgvvIhm.exe
  2⤵
  PID:8032
- C:\Windows\System\DUdMjri.exe
  C:\Windows\System\DUdMjri.exe
  2⤵
  PID:8144
- C:\Windows\System\YbSEqAU.exe
  C:\Windows\System\YbSEqAU.exe
  2⤵
  PID:7336
- C:\Windows\System\fHupowR.exe
  C:\Windows\System\fHupowR.exe
  2⤵
  PID:7480
- C:\Windows\System\EPPeDHY.exe
  C:\Windows\System\EPPeDHY.exe
  2⤵
  PID:7932
- C:\Windows\System\TJbKOIt.exe
  C:\Windows\System\TJbKOIt.exe
  2⤵
  PID:6884
- C:\Windows\System\qsApZat.exe
  C:\Windows\System\qsApZat.exe
  2⤵
  PID:7916
- C:\Windows\System\adoAAIg.exe
  C:\Windows\System\adoAAIg.exe
  2⤵
  PID:8160
- C:\Windows\System\SwgMvtf.exe
  C:\Windows\System\SwgMvtf.exe
  2⤵
  PID:7432
- C:\Windows\System\XArDHZp.exe
  C:\Windows\System\XArDHZp.exe
  2⤵
  PID:7736
- C:\Windows\System\spDCDof.exe
  C:\Windows\System\spDCDof.exe
  2⤵
  PID:7948
- C:\Windows\System\gPqeQtY.exe
  C:\Windows\System\gPqeQtY.exe
  2⤵
  PID:1240
- C:\Windows\System\WKwzpSU.exe
  C:\Windows\System\WKwzpSU.exe
  2⤵
  PID:7660
- C:\Windows\System\JUljYjC.exe
  C:\Windows\System\JUljYjC.exe
  2⤵
  PID:8208
- C:\Windows\System\mjNrvxQ.exe
  C:\Windows\System\mjNrvxQ.exe
  2⤵
  PID:8224
- C:\Windows\System\HbmURkz.exe
  C:\Windows\System\HbmURkz.exe
  2⤵
  PID:8240
- C:\Windows\System\hJfsLPW.exe
  C:\Windows\System\hJfsLPW.exe
  2⤵
  PID:8256
- C:\Windows\System\hXCifHF.exe
  C:\Windows\System\hXCifHF.exe
  2⤵
  PID:8272
- C:\Windows\System\EQuQLOq.exe
  C:\Windows\System\EQuQLOq.exe
  2⤵
  PID:8288
- C:\Windows\System\cKMyMGK.exe
  C:\Windows\System\cKMyMGK.exe
  2⤵
  PID:8304
- C:\Windows\System\BaayFVc.exe
  C:\Windows\System\BaayFVc.exe
  2⤵
  PID:8320
- C:\Windows\System\BQTMXYg.exe
  C:\Windows\System\BQTMXYg.exe
  2⤵
  PID:8336
- C:\Windows\System\hSHPqeI.exe
  C:\Windows\System\hSHPqeI.exe
  2⤵
  PID:8352
- C:\Windows\System\rMJVvgN.exe
  C:\Windows\System\rMJVvgN.exe
  2⤵
  PID:8368
- C:\Windows\System\iaAgBRK.exe
  C:\Windows\System\iaAgBRK.exe
  2⤵
  PID:8384
- C:\Windows\System\YcXlsxM.exe
  C:\Windows\System\YcXlsxM.exe
  2⤵
  PID:8400
- C:\Windows\System\ZcxsWas.exe
  C:\Windows\System\ZcxsWas.exe
  2⤵
  PID:8416
- C:\Windows\System\sLGzjYj.exe
  C:\Windows\System\sLGzjYj.exe
  2⤵
  PID:8432
- C:\Windows\System\UiMiwbM.exe
  C:\Windows\System\UiMiwbM.exe
  2⤵
  PID:8448
- C:\Windows\System\yQzHCZp.exe
  C:\Windows\System\yQzHCZp.exe
  2⤵
  PID:8464
- C:\Windows\System\hrdLAgM.exe
  C:\Windows\System\hrdLAgM.exe
  2⤵
  PID:8480
- C:\Windows\System\yVKfqJJ.exe
  C:\Windows\System\yVKfqJJ.exe
  2⤵
  PID:8496
- C:\Windows\System\QdZPBbW.exe
  C:\Windows\System\QdZPBbW.exe
  2⤵
  PID:8512
- C:\Windows\System\xwUEWgJ.exe
  C:\Windows\System\xwUEWgJ.exe
  2⤵
  PID:8528
- C:\Windows\System\POCgLEx.exe
  C:\Windows\System\POCgLEx.exe
  2⤵
  PID:8544
- C:\Windows\System\oKWUfSq.exe
  C:\Windows\System\oKWUfSq.exe
  2⤵
  PID:8560
- C:\Windows\System\nqRHvpx.exe
  C:\Windows\System\nqRHvpx.exe
  2⤵
  PID:8576
- C:\Windows\System\GmLZKmW.exe
  C:\Windows\System\GmLZKmW.exe
  2⤵
  PID:8592
- C:\Windows\System\qaBEHoP.exe
  C:\Windows\System\qaBEHoP.exe
  2⤵
  PID:8608
- C:\Windows\System\lrogiCI.exe
  C:\Windows\System\lrogiCI.exe
  2⤵
  PID:8624
- C:\Windows\System\FliSxso.exe
  C:\Windows\System\FliSxso.exe
  2⤵
  PID:8640
- C:\Windows\System\mjuKDMU.exe
  C:\Windows\System\mjuKDMU.exe
  2⤵
  PID:8656
- C:\Windows\System\fXlZZco.exe
  C:\Windows\System\fXlZZco.exe
  2⤵
  PID:8672
- C:\Windows\System\nqVqfWp.exe
  C:\Windows\System\nqVqfWp.exe
  2⤵
  PID:8688
- C:\Windows\System\JGSHYYt.exe
  C:\Windows\System\JGSHYYt.exe
  2⤵
  PID:8704
- C:\Windows\System\rKjFQPn.exe
  C:\Windows\System\rKjFQPn.exe
  2⤵
  PID:8720
- C:\Windows\System\RtwdYXJ.exe
  C:\Windows\System\RtwdYXJ.exe
  2⤵
  PID:8736
- C:\Windows\System\PekuxED.exe
  C:\Windows\System\PekuxED.exe
  2⤵
  PID:8752
- C:\Windows\System\OxzeEit.exe
  C:\Windows\System\OxzeEit.exe
  2⤵
  PID:8768
- C:\Windows\System\gzNOlxo.exe
  C:\Windows\System\gzNOlxo.exe
  2⤵
  PID:8788
- C:\Windows\System\syNRQuK.exe
  C:\Windows\System\syNRQuK.exe
  2⤵
  PID:8804
- C:\Windows\System\eiiOVHP.exe
  C:\Windows\System\eiiOVHP.exe
  2⤵
  PID:8820
- C:\Windows\System\pQYAKum.exe
  C:\Windows\System\pQYAKum.exe
  2⤵
  PID:8836
- C:\Windows\System\AqcjtdZ.exe
  C:\Windows\System\AqcjtdZ.exe
  2⤵
  PID:8852
- C:\Windows\System\kiuQSQg.exe
  C:\Windows\System\kiuQSQg.exe
  2⤵
  PID:8868
- C:\Windows\System\uzKpHIG.exe
  C:\Windows\System\uzKpHIG.exe
  2⤵
  PID:8884
- C:\Windows\System\dRtEgQH.exe
  C:\Windows\System\dRtEgQH.exe
  2⤵
  PID:8900
- C:\Windows\System\GivMkEM.exe
  C:\Windows\System\GivMkEM.exe
  2⤵
  PID:8916
- C:\Windows\System\uIGXNFo.exe
  C:\Windows\System\uIGXNFo.exe
  2⤵
  PID:8932
- C:\Windows\System\AFUiaJn.exe
  C:\Windows\System\AFUiaJn.exe
  2⤵
  PID:8948
- C:\Windows\System\EiJDfeR.exe
  C:\Windows\System\EiJDfeR.exe
  2⤵
  PID:8964
- C:\Windows\System\GBJRrEB.exe
  C:\Windows\System\GBJRrEB.exe
  2⤵
  PID:8980
- C:\Windows\System\mHxkVOK.exe
  C:\Windows\System\mHxkVOK.exe
  2⤵
  PID:8996
- C:\Windows\System\QGwlWsw.exe
  C:\Windows\System\QGwlWsw.exe
  2⤵
  PID:9012
- C:\Windows\System\aDDJUCO.exe
  C:\Windows\System\aDDJUCO.exe
  2⤵
  PID:9028
- C:\Windows\System\UPWKanT.exe
  C:\Windows\System\UPWKanT.exe
  2⤵
  PID:9044
- C:\Windows\System\Fwwnkao.exe
  C:\Windows\System\Fwwnkao.exe
  2⤵
  PID:9060
- C:\Windows\System\XXjNwlu.exe
  C:\Windows\System\XXjNwlu.exe
  2⤵
  PID:9076
- C:\Windows\System\BtqPrZT.exe
  C:\Windows\System\BtqPrZT.exe
  2⤵
  PID:9092
- C:\Windows\System\nBnqRwb.exe
  C:\Windows\System\nBnqRwb.exe
  2⤵
  PID:9108
- C:\Windows\System\CxCYaqa.exe
  C:\Windows\System\CxCYaqa.exe
  2⤵
  PID:9124
- C:\Windows\System\NwKQBFy.exe
  C:\Windows\System\NwKQBFy.exe
  2⤵
  PID:9140
- C:\Windows\System\mSdmceE.exe
  C:\Windows\System\mSdmceE.exe
  2⤵
  PID:9156
- C:\Windows\System\HPDPUPF.exe
  C:\Windows\System\HPDPUPF.exe
  2⤵
  PID:9172
- C:\Windows\System\KSZNhvf.exe
  C:\Windows\System\KSZNhvf.exe
  2⤵
  PID:9188
- C:\Windows\System\cMbRhFe.exe
  C:\Windows\System\cMbRhFe.exe
  2⤵
  PID:9204
- C:\Windows\System\danXmLO.exe
  C:\Windows\System\danXmLO.exe
  2⤵
  PID:7656
- C:\Windows\System\hoAbBFi.exe
  C:\Windows\System\hoAbBFi.exe
  2⤵
  PID:8216
- C:\Windows\System\URhtRtU.exe
  C:\Windows\System\URhtRtU.exe
  2⤵
  PID:7868
- C:\Windows\System\VKllGnO.exe
  C:\Windows\System\VKllGnO.exe
  2⤵
  PID:8220
- C:\Windows\System\wsFTZDl.exe
  C:\Windows\System\wsFTZDl.exe
  2⤵
  PID:8280
- C:\Windows\System\jsNDkPs.exe
  C:\Windows\System\jsNDkPs.exe
  2⤵
  PID:8344
- C:\Windows\System\mezzjnV.exe
  C:\Windows\System\mezzjnV.exe
  2⤵
  PID:8236
- C:\Windows\System\CZgVJZX.exe
  C:\Windows\System\CZgVJZX.exe
  2⤵
  PID:8392
- C:\Windows\System\jTpmUdD.exe
  C:\Windows\System\jTpmUdD.exe
  2⤵
  PID:8412
- C:\Windows\System\mIKtnDw.exe
  C:\Windows\System\mIKtnDw.exe
  2⤵
  PID:8296
- C:\Windows\System\tNboczL.exe
  C:\Windows\System\tNboczL.exe
  2⤵
  PID:8396
- C:\Windows\System\HjSmlcy.exe
  C:\Windows\System\HjSmlcy.exe
  2⤵
  PID:8508
- C:\Windows\System\HDqaqIJ.exe
  C:\Windows\System\HDqaqIJ.exe
  2⤵
  PID:8456
- C:\Windows\System\IwTHQWC.exe
  C:\Windows\System\IwTHQWC.exe
  2⤵
  PID:8524
- C:\Windows\System\yfORzms.exe
  C:\Windows\System\yfORzms.exe
  2⤵
  PID:8572
- C:\Windows\System\KggPYmd.exe
  C:\Windows\System\KggPYmd.exe
  2⤵
  PID:8636
- C:\Windows\System\bEodGxM.exe
  C:\Windows\System\bEodGxM.exe
  2⤵
  PID:8700
- C:\Windows\System\KAfLPxv.exe
  C:\Windows\System\KAfLPxv.exe
  2⤵
  PID:8732
- C:\Windows\System\hMVpgur.exe
  C:\Windows\System\hMVpgur.exe
  2⤵
  PID:8716
- C:\Windows\System\NGxqeQP.exe
  C:\Windows\System\NGxqeQP.exe
  2⤵
  PID:8616
- C:\Windows\System\aaAFGsF.exe
  C:\Windows\System\aaAFGsF.exe
  2⤵
  PID:8680
- C:\Windows\System\dFyoCbJ.exe
  C:\Windows\System\dFyoCbJ.exe
  2⤵
  PID:8800
- C:\Windows\System\wubSyuM.exe
  C:\Windows\System\wubSyuM.exe
  2⤵
  PID:8744
- C:\Windows\System\aavURot.exe
  C:\Windows\System\aavURot.exe
  2⤵
  PID:8844
- C:\Windows\System\pRQAaQJ.exe
  C:\Windows\System\pRQAaQJ.exe
  2⤵
  PID:8908
- C:\Windows\System\HkiMWis.exe
  C:\Windows\System\HkiMWis.exe
  2⤵
  PID:8864
- C:\Windows\System\asQyVwb.exe
  C:\Windows\System\asQyVwb.exe
  2⤵
  PID:8928
- C:\Windows\System\sYBcsXW.exe
  C:\Windows\System\sYBcsXW.exe
  2⤵
  PID:8992
- C:\Windows\System\FAPqZMT.exe
  C:\Windows\System\FAPqZMT.exe
  2⤵
  PID:9008
- C:\Windows\System\UWhzGvV.exe
  C:\Windows\System\UWhzGvV.exe
  2⤵
  PID:9040
- C:\Windows\System\bCAdeWG.exe
  C:\Windows\System\bCAdeWG.exe
  2⤵
  PID:9056
- C:\Windows\System\SCAPlRq.exe
  C:\Windows\System\SCAPlRq.exe
  2⤵
  PID:9120
- C:\Windows\System\HEneywi.exe
  C:\Windows\System\HEneywi.exe
  2⤵
  PID:9136
- C:\Windows\System\lPLPQyd.exe
  C:\Windows\System\lPLPQyd.exe
  2⤵
  PID:9180
- C:\Windows\System\APwYHbB.exe
  C:\Windows\System\APwYHbB.exe
  2⤵
  PID:7592
- C:\Windows\System\XXkFFhc.exe
  C:\Windows\System\XXkFFhc.exe
  2⤵
  PID:8312
- C:\Windows\System\mDUcnqL.exe
  C:\Windows\System\mDUcnqL.exe
  2⤵
  PID:7596
- C:\Windows\System\SCtJPFK.exe
  C:\Windows\System\SCtJPFK.exe
  2⤵
  PID:8200
- C:\Windows\System\SvwctME.exe
  C:\Windows\System\SvwctME.exe
  2⤵
  PID:8328
- C:\Windows\System\dNWRJKN.exe
  C:\Windows\System\dNWRJKN.exe
  2⤵
  PID:8444
- C:\Windows\System\BtHBnvF.exe
  C:\Windows\System\BtHBnvF.exe
  2⤵
  PID:8632
- C:\Windows\System\NBZrzQG.exe
  C:\Windows\System\NBZrzQG.exe
  2⤵
  PID:8360
- C:\Windows\System\ouzcVgy.exe
  C:\Windows\System\ouzcVgy.exe
  2⤵
  PID:8540
- C:\Windows\System\adhxGQe.exe
  C:\Windows\System\adhxGQe.exe
  2⤵
  PID:8764
- C:\Windows\System\UUALUqw.exe
  C:\Windows\System\UUALUqw.exe
  2⤵
  PID:8832
- C:\Windows\System\rasCziT.exe
  C:\Windows\System\rasCziT.exe
  2⤵
  PID:8588
- C:\Windows\System\lgEakPS.exe
  C:\Windows\System\lgEakPS.exe
  2⤵
  PID:8812
- C:\Windows\System\dlQoWOs.exe
  C:\Windows\System\dlQoWOs.exe
  2⤵
  PID:8988
- C:\Windows\System\muAIent.exe
  C:\Windows\System\muAIent.exe
  2⤵
  PID:8924
- C:\Windows\System\sthbPSx.exe
  C:\Windows\System\sthbPSx.exe
  2⤵
  PID:9072
- C:\Windows\System\vYoSXIu.exe
  C:\Windows\System\vYoSXIu.exe
  2⤵
  PID:9088
- C:\Windows\System\ScDKJeY.exe
  C:\Windows\System\ScDKJeY.exe
  2⤵
  PID:9152
- C:\Windows\System\BjQOjTp.exe
  C:\Windows\System\BjQOjTp.exe
  2⤵
  PID:8300
- C:\Windows\System\oiOxrhy.exe
  C:\Windows\System\oiOxrhy.exe
  2⤵
  PID:8204
- C:\Windows\System\jsYJJov.exe
  C:\Windows\System\jsYJJov.exe
  2⤵
  PID:9104
- C:\Windows\System\lLspgkm.exe
  C:\Windows\System\lLspgkm.exe
  2⤵
  PID:8492
- C:\Windows\System\gceNFuU.exe
  C:\Windows\System\gceNFuU.exe
  2⤵
  PID:8728
- C:\Windows\System\oGMIawY.exe
  C:\Windows\System\oGMIawY.exe
  2⤵
  PID:8976
- C:\Windows\System\RpXVMBt.exe
  C:\Windows\System\RpXVMBt.exe
  2⤵
  PID:9184
- C:\Windows\System\UAyIITY.exe
  C:\Windows\System\UAyIITY.exe
  2⤵
  PID:8652
- C:\Windows\System\AWgXUwd.exe
  C:\Windows\System\AWgXUwd.exe
  2⤵
  PID:8896
- C:\Windows\System\WnudNHT.exe
  C:\Windows\System\WnudNHT.exe
  2⤵
  PID:8252
- C:\Windows\System\BmtTtLv.exe
  C:\Windows\System\BmtTtLv.exe
  2⤵
  PID:7560
- C:\Windows\System\qWYBbby.exe
  C:\Windows\System\qWYBbby.exe
  2⤵
  PID:9212
- C:\Windows\System\jGpFTnS.exe
  C:\Windows\System\jGpFTnS.exe
  2⤵
  PID:8696
- C:\Windows\System\WmwnUnm.exe
  C:\Windows\System\WmwnUnm.exe
  2⤵
  PID:7996
- C:\Windows\System\dThKDSl.exe
  C:\Windows\System\dThKDSl.exe
  2⤵
  PID:9036
- C:\Windows\System\TcaCiTR.exe
  C:\Windows\System\TcaCiTR.exe
  2⤵
  PID:8776
- C:\Windows\System\YFIZZrf.exe
  C:\Windows\System\YFIZZrf.exe
  2⤵
  PID:8668
- C:\Windows\System\YFXQieB.exe
  C:\Windows\System\YFXQieB.exe
  2⤵
  PID:8960
- C:\Windows\System\NOxCVAr.exe
  C:\Windows\System\NOxCVAr.exe
  2⤵
  PID:9224
- C:\Windows\System\mMMdcWK.exe
  C:\Windows\System\mMMdcWK.exe
  2⤵
  PID:9244
- C:\Windows\System\ktzHwbP.exe
  C:\Windows\System\ktzHwbP.exe
  2⤵
  PID:9264
- C:\Windows\System\MOmgmWR.exe
  C:\Windows\System\MOmgmWR.exe
  2⤵
  PID:9280
- C:\Windows\System\xXuDLaM.exe
  C:\Windows\System\xXuDLaM.exe
  2⤵
  PID:9296
- C:\Windows\System\wscCKNq.exe
  C:\Windows\System\wscCKNq.exe
  2⤵
  PID:9312
- C:\Windows\System\IbyzWcU.exe
  C:\Windows\System\IbyzWcU.exe
  2⤵
  PID:9332
- C:\Windows\System\CUgRitx.exe
  C:\Windows\System\CUgRitx.exe
  2⤵
  PID:9348
- C:\Windows\System\nwRNGNw.exe
  C:\Windows\System\nwRNGNw.exe
  2⤵
  PID:9364
- C:\Windows\System\jCFfhyh.exe
  C:\Windows\System\jCFfhyh.exe
  2⤵
  PID:9380
- C:\Windows\System\JWUtRhX.exe
  C:\Windows\System\JWUtRhX.exe
  2⤵
  PID:9396
- C:\Windows\System\elkaPtN.exe
  C:\Windows\System\elkaPtN.exe
  2⤵
  PID:9412
- C:\Windows\System\bNIAlps.exe
  C:\Windows\System\bNIAlps.exe
  2⤵
  PID:9428
- C:\Windows\System\KdyMAoC.exe
  C:\Windows\System\KdyMAoC.exe
  2⤵
  PID:9444
- C:\Windows\System\xyzKyZk.exe
  C:\Windows\System\xyzKyZk.exe
  2⤵
  PID:9460
- C:\Windows\System\xmQSOJS.exe
  C:\Windows\System\xmQSOJS.exe
  2⤵
  PID:9480
- C:\Windows\System\qFuwspY.exe
  C:\Windows\System\qFuwspY.exe
  2⤵
  PID:9496
- C:\Windows\System\duARbhx.exe
  C:\Windows\System\duARbhx.exe
  2⤵
  PID:9512
- C:\Windows\System\KXUKymj.exe
  C:\Windows\System\KXUKymj.exe
  2⤵
  PID:9528
- C:\Windows\System\YxWyNWI.exe
  C:\Windows\System\YxWyNWI.exe
  2⤵
  PID:9544
- C:\Windows\System\szMZreo.exe
  C:\Windows\System\szMZreo.exe
  2⤵
  PID:9560
- C:\Windows\System\EAkzxJL.exe
  C:\Windows\System\EAkzxJL.exe
  2⤵
  PID:9576
- C:\Windows\System\INnMQIK.exe
  C:\Windows\System\INnMQIK.exe
  2⤵
  PID:9592
- C:\Windows\System\MlwdlTg.exe
  C:\Windows\System\MlwdlTg.exe
  2⤵
  PID:9608
- C:\Windows\System\dyspNPP.exe
  C:\Windows\System\dyspNPP.exe
  2⤵
  PID:9624
- C:\Windows\System\rhHuzOR.exe
  C:\Windows\System\rhHuzOR.exe
  2⤵
  PID:9640
- C:\Windows\System\YCPzoLZ.exe
  C:\Windows\System\YCPzoLZ.exe
  2⤵
  PID:9656
- C:\Windows\System\UKTUmGC.exe
  C:\Windows\System\UKTUmGC.exe
  2⤵
  PID:9672
- C:\Windows\System\yVkBUeP.exe
  C:\Windows\System\yVkBUeP.exe
  2⤵
  PID:9688
- C:\Windows\System\DpujsnQ.exe
  C:\Windows\System\DpujsnQ.exe
  2⤵
  PID:9704
- C:\Windows\System\ybaOYah.exe
  C:\Windows\System\ybaOYah.exe
  2⤵
  PID:9720
- C:\Windows\System\OhVFRXa.exe
  C:\Windows\System\OhVFRXa.exe
  2⤵
  PID:9736
- C:\Windows\System\tKJGFVO.exe
  C:\Windows\System\tKJGFVO.exe
  2⤵
  PID:9752
- C:\Windows\System\KsCBJso.exe
  C:\Windows\System\KsCBJso.exe
  2⤵
  PID:9768
- C:\Windows\System\EWRmJiO.exe
  C:\Windows\System\EWRmJiO.exe
  2⤵
  PID:9784
- C:\Windows\System\veYaPrx.exe
  C:\Windows\System\veYaPrx.exe
  2⤵
  PID:9800
- C:\Windows\System\jncFkCq.exe
  C:\Windows\System\jncFkCq.exe
  2⤵
  PID:9816
- C:\Windows\System\LNDBNRK.exe
  C:\Windows\System\LNDBNRK.exe
  2⤵
  PID:9836
- C:\Windows\System\ktJRUId.exe
  C:\Windows\System\ktJRUId.exe
  2⤵
  PID:9852
- C:\Windows\System\fPQJzLH.exe
  C:\Windows\System\fPQJzLH.exe
  2⤵
  PID:9868
- C:\Windows\System\IabnbtT.exe
  C:\Windows\System\IabnbtT.exe
  2⤵
  PID:9884
- C:\Windows\System\poTbkuX.exe
  C:\Windows\System\poTbkuX.exe
  2⤵
  PID:9900
- C:\Windows\System\YmGSlqy.exe
  C:\Windows\System\YmGSlqy.exe
  2⤵
  PID:9920
- C:\Windows\System\njrcSMB.exe
  C:\Windows\System\njrcSMB.exe
  2⤵
  PID:9936
- C:\Windows\System\fiPqWEv.exe
  C:\Windows\System\fiPqWEv.exe
  2⤵
  PID:9952
- C:\Windows\System\kQkiPXN.exe
  C:\Windows\System\kQkiPXN.exe
  2⤵
  PID:9968
- C:\Windows\System\MmSvQwo.exe
  C:\Windows\System\MmSvQwo.exe
  2⤵
  PID:9984
- C:\Windows\System\vleeYia.exe
  C:\Windows\System\vleeYia.exe
  2⤵
  PID:10000
- C:\Windows\System\BideMDG.exe
  C:\Windows\System\BideMDG.exe
  2⤵
  PID:10016
- C:\Windows\System\GrVDcKe.exe
  C:\Windows\System\GrVDcKe.exe
  2⤵
  PID:10032
- C:\Windows\System\KeJovQS.exe
  C:\Windows\System\KeJovQS.exe
  2⤵
  PID:10048
- C:\Windows\System\NpsCScJ.exe
  C:\Windows\System\NpsCScJ.exe
  2⤵
  PID:10064
- C:\Windows\System\yWtSzCV.exe
  C:\Windows\System\yWtSzCV.exe
  2⤵
  PID:10080
- C:\Windows\System\RLMiqUN.exe
  C:\Windows\System\RLMiqUN.exe
  2⤵
  PID:10096
- C:\Windows\System\awIbCep.exe
  C:\Windows\System\awIbCep.exe
  2⤵
  PID:10112
- C:\Windows\System\PaNPvZP.exe
  C:\Windows\System\PaNPvZP.exe
  2⤵
  PID:10128
- C:\Windows\System\ZoGgUby.exe
  C:\Windows\System\ZoGgUby.exe
  2⤵
  PID:10144
- C:\Windows\System\qnNStrD.exe
  C:\Windows\System\qnNStrD.exe
  2⤵
  PID:10164
- C:\Windows\System\revkOVP.exe
  C:\Windows\System\revkOVP.exe
  2⤵
  PID:10180
- C:\Windows\System\zKSBWVO.exe
  C:\Windows\System\zKSBWVO.exe
  2⤵
  PID:10200
- C:\Windows\System\sFxvmWU.exe
  C:\Windows\System\sFxvmWU.exe
  2⤵
  PID:10216
- C:\Windows\System\hvJdpPr.exe
  C:\Windows\System\hvJdpPr.exe
  2⤵
  PID:9220
- C:\Windows\System\YANqsXl.exe
  C:\Windows\System\YANqsXl.exe
  2⤵
  PID:9328
- C:\Windows\System\gGhWgTo.exe
  C:\Windows\System\gGhWgTo.exe
  2⤵
  PID:9392
- C:\Windows\System\McUIKWx.exe
  C:\Windows\System\McUIKWx.exe
  2⤵
  PID:9648
- C:\Windows\System\ZQvGGVC.exe
  C:\Windows\System\ZQvGGVC.exe
  2⤵
  PID:9716
- C:\Windows\System\kCtdQPp.exe
  C:\Windows\System\kCtdQPp.exe
  2⤵
  PID:9748
- C:\Windows\System\XmLvsig.exe
  C:\Windows\System\XmLvsig.exe
  2⤵
  PID:9696
- C:\Windows\System\falyfPv.exe
  C:\Windows\System\falyfPv.exe
  2⤵
  PID:9732
- C:\Windows\System\RrUWKdy.exe
  C:\Windows\System\RrUWKdy.exe
  2⤵
  PID:9808
- C:\Windows\System\XlkDtMH.exe
  C:\Windows\System\XlkDtMH.exe
  2⤵
  PID:9764
- C:\Windows\System\bxUFozK.exe
  C:\Windows\System\bxUFozK.exe
  2⤵
  PID:9912
- C:\Windows\System\ZTWknpH.exe
  C:\Windows\System\ZTWknpH.exe
  2⤵
  PID:9828
- C:\Windows\System\unpoGZr.exe
  C:\Windows\System\unpoGZr.exe
  2⤵
  PID:9860
- C:\Windows\System\OogWEvC.exe
  C:\Windows\System\OogWEvC.exe
  2⤵
  PID:9976
- C:\Windows\System\YQrgGpy.exe
  C:\Windows\System\YQrgGpy.exe
  2⤵
  PID:10040
- C:\Windows\System\UyOJeyH.exe
  C:\Windows\System\UyOJeyH.exe
  2⤵
  PID:9992
- C:\Windows\System\OmEelAc.exe
  C:\Windows\System\OmEelAc.exe
  2⤵
  PID:10028
- C:\Windows\System\NEZOcPD.exe
  C:\Windows\System\NEZOcPD.exe
  2⤵
  PID:10076
- C:\Windows\System\LLKxUwd.exe
  C:\Windows\System\LLKxUwd.exe
  2⤵
  PID:10088
- C:\Windows\System\FCxcJDD.exe
  C:\Windows\System\FCxcJDD.exe
  2⤵
  PID:10120
- C:\Windows\System\UuwjOnP.exe
  C:\Windows\System\UuwjOnP.exe
  2⤵
  PID:10172
- C:\Windows\System\VxjBqFO.exe
  C:\Windows\System\VxjBqFO.exe
  2⤵
  PID:10196
- C:\Windows\System\JvQoqyJ.exe
  C:\Windows\System\JvQoqyJ.exe
  2⤵
  PID:10228
- C:\Windows\System\RlaxmBv.exe
  C:\Windows\System\RlaxmBv.exe
  2⤵
  PID:9488
- C:\Windows\System\FVpVQSI.exe
  C:\Windows\System\FVpVQSI.exe
  2⤵
  PID:9568
- C:\Windows\System\VMAepUI.exe
  C:\Windows\System\VMAepUI.exe
  2⤵
  PID:9408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AWUMyIQ.exe

Filesize
6.0MB

MD5
82260f4c9e8fa84e865671e6f5a04a95

SHA1
08b4bcce62f955441b0c64b7b2a8772d69b0abe3

SHA256
33684cb87f63c04f550ae18442858373cbce0f8cc485c1a3fa44a4137be45c86

SHA512
f8ae79dff70d57f564773e9d3fcbd8168b5da2ef37a519945c344102b3debaf87136549f033fbcc242ed70403a2735f2219446ca9b7c32c20e1ac380fe349fe0

Download Submit
C:\Windows\system\CtfQDjV.exe

Filesize
6.0MB

MD5
2df0481cb58f11dbbc1589058ad61878

SHA1
a037752c5fcf52bfb95a46e7a720a6b602320bf8

SHA256
78e62ae06e9be6f09a315311657b0a28fc3d69b6deefa472b88d9a294b4aaafa

SHA512
e2403f03b15a2a23f8c15196ba9af6ca86537a2b6677188afccb828425acef40d0801de03de2b7dce6adf84fe0b4822c1b8fdb5135fb1cd4b250d8683e03c48a

Download Submit
C:\Windows\system\EzjVkOm.exe

Filesize
6.0MB

MD5
486fa881ef3e190cd126a00f87975f59

SHA1
35169fd301c286f43d93e6bef70873178fb948f0

SHA256
3434c5c8cd27bffbcec40c1be2a90ed1b638ec43457fb5799b6dd697ef86ce9f

SHA512
d8fe4f5b60ef98b236e196624d204bd3c7ef4f2cea6ed431ea84ec85e921cdcd166393abad4de328d7625a0bd78594fc6a35c8a1a0769aa364485aec88930fdb

Download Submit
C:\Windows\system\FiGSKTd.exe

Filesize
6.0MB

MD5
37f926177a5ecb15b2d6e9bfccedd4a1

SHA1
a56fd54e7c6601b8b53a2466915709f4ae417786

SHA256
323c6f38e036c3b3ef4d78d460ff9725992223e15a86d3a784d4a2e26f519b01

SHA512
f04b70e5346acbebda7343237cbe54c6ff011eaca6c85ae85f74b98545088cc9fbfacc7c72b52f096c064ad148e6c554da6c274df34e2b767e1c14558b71cc7e

Download Submit
C:\Windows\system\HnvCgUj.exe

Filesize
6.0MB

MD5
2a26d68759bfd9aec2bbf8d0852b8bc7

SHA1
7f09ae19965b07f444a4a516532fb4c1ff32b7dd

SHA256
8a02048d9b819fd300a942f0c0f0f4cc03f03b710cfea72f732c699f6b7fc943

SHA512
7c7956e3fb117ab0751d80f4e4e644191fbf8a13da5843faaab6ef6ce6d29a70eedc3af2d28dc3eea48041e88d0781dfca9d20c2cd13bc8428d651f5cf813fbd

Download Submit
C:\Windows\system\ISdoDqD.exe

Filesize
6.0MB

MD5
cf0c206762a0bcdd267730921550b34a

SHA1
9956c23cd23ac87515efd88595aafd9fde55e953

SHA256
f500a28fb940dd25b1537655ccf96a0b92c6b98f28d01efabfc49e4227e79601

SHA512
b75274b3b14fa00130e352b4e0d7d2955030a36c6273f3ba499d84edf7645fb359cd13987bdf4473c4fdccf5cddbee7f565a8a8c90e8f59c49b5a5700720099f

Download Submit
C:\Windows\system\IvSbjjA.exe

Filesize
6.0MB

MD5
579a0c0b1901336db539420dc15a2432

SHA1
65e3be0dcc4c94c909a41b0f674dc3865f831bdb

SHA256
088799bf7163451c860cc31bd9c3e1ce71f298204e96f31cd33a0e7ea3218d43

SHA512
eb67788bf5b7d06cc2bf8fef3fadb940088eecf321b20f9c0bf24df127073e2279d6bd08196662e8d62fa220bdfe0802aeeda2edcafd04bd3dee035ff9770519

Download Submit
C:\Windows\system\JJoYBZD.exe

Filesize
6.0MB

MD5
22c9660834961a94b9924aee97fbc66e

SHA1
899fb8a65a2c877e7fab2017c00cf0f0aa66e009

SHA256
6f62877e4c168515f0c786d1c688ee5f882a56cc2d2c381f89775b7723124e07

SHA512
99e7d7d95e7f609c8ab3c64ab610728b62d96b894276dca3040e908a5541dbacfd5dde3b66b3163a5d9bfd2d0f564db04c7a029078e071d0a17605b3d875cee3

Download Submit
C:\Windows\system\JsTQxMW.exe

Filesize
6.0MB

MD5
a32cb03f821cb7975a2477a1de22fa0f

SHA1
ad0a4c81cc04c90d4993c0fe54f9e6bf5dde738e

SHA256
32f7c8ef2c3d41458c42c25bc7dbbcd619d98bc750d4dca94a0806716fcc4fc5

SHA512
970a24e33069d350426c5486deeec27eb40d38bea0d917961e1c765b7f86238dfe713d0c8fcf53ec24d26a8659fa38b9cc7e90b8a81afb8f2ac3d3cf81015783

Download Submit
C:\Windows\system\KhMggSO.exe

Filesize
6.0MB

MD5
036bb394c265baf14cb4ae5152a604fe

SHA1
2efc985d01278b401519c97610abef72fd3703e6

SHA256
a85d0fe3c4f6d8dceec70e38fc6a2ce05488cecc1a70611d852f0e3779bea29b

SHA512
a2ad3010a73df3f27b7d4e966a65cc2061ea71a00c1e35a109c6f556b60b8321dbcbd2f607b4ba674eac5f8310cf391ba249674d9f710b9cb800ac2290e4e0f6

Download Submit
C:\Windows\system\LXpzRDm.exe

Filesize
6.0MB

MD5
ca699c55b0725b6962f360172531ee9c

SHA1
2b6e70a03ec78ef505fa8e6f96ca86e19a4a2dfb

SHA256
f950ed0f2f3a3545b7d8fff68a5e0b9e97749f65f691463ee279d0d27582a8bd

SHA512
3a809e6038b86f72ab03b06cbcab500a2891aef4e6c2ec8d5e56bbe2a245e8a9b480a0e4c7cc424f2fa594def37f0f2e8d3b3e8c3d4ed8dfb352fed272a20016

Download Submit
C:\Windows\system\PfyKrPa.exe

Filesize
6.0MB

MD5
bcaec30b2f97d069e2847466f0598f63

SHA1
0e0232799c4b7d1fbab08015a3d962a56ea57edc

SHA256
d5b59057dc5e54be4734baed13f858588d610a1be8222a6213284252383c8050

SHA512
c41cde26b251ca50548a647c90d0ea8f76cc8a9e3260dda20cfca376bf1aa9e5d31bc88390f59a89decf5bb639abaccbd533b7fef8a3d90fb80288370e76b8ce

Download Submit
C:\Windows\system\RxBlmbd.exe

Filesize
6.0MB

MD5
d579749d9c32a4ab5f4be33586d0278b

SHA1
bc0a1a52c7b2145902a44f8e538dbbce59775321

SHA256
4bbe4e93021c2c69f88c9fc0b1c2cf74192c2da31ed0d1a4b5c90adf4a9fcc39

SHA512
73920ebd99016134b12401ad24411b1a81d0c7af3c209660e35bbbbdd1130299bf52f53f572db531046a0aad5f48f68162740514e87ce5230f0cebdb969e911c

Download Submit
C:\Windows\system\UgSSctm.exe

Filesize
6.0MB

MD5
205e01c1143f493476fa6d3968a904f7

SHA1
89b33126089df080d61a566bf9d2327d23a84c3c

SHA256
29a60bc4850b1b597d56e1edd0600c988c9fdde4346399f170367fe5550c1013

SHA512
4b4380ff9e39763e57c107301b20e86b3c34f41bd6cc2e1b5bdc447fceef91b03ea5ce7af3b5b2f78649974cfe55e88ce0663233f1afb1cef8e92ed0faf827c5

Download Submit
C:\Windows\system\YPhBVBz.exe

Filesize
6.0MB

MD5
9357403aed6a5d1365aa7798caee2d1f

SHA1
e74d46ee3b11ac475597ead365990b4f76227dfe

SHA256
be8c8547c3a178e47315bd859d0b39f25059555899763114cfc66847278689d5

SHA512
641b48b1835553b5784a6beb98088723923a3fec16c81d633abfcad8ed699686bcc283016ba9a471bf2cf37ac7291be9faaf73b46a72f994656fd2ff2127e7a4

Download Submit
C:\Windows\system\dWpIyrM.exe

Filesize
6.0MB

MD5
a7c7e9072514de1cbb682099a2dc2e60

SHA1
91bc05159f2dc4da2068cdc64b9f080a44c685b5

SHA256
c526f7bf3ff01aaad1371d8b722cb9f743b48d34c9f1012a73ea1a156fc29d44

SHA512
b9b77e724288938ebe4fd2c6b0038f4580f155b006bd9ad164f3ad2460cda7ab1e793f022a8b7eee5c1814f67836bdd9c023fc337cbb2e79df1d7cd2396cd05c

Download Submit
C:\Windows\system\eTJFIXh.exe

Filesize
6.0MB

MD5
681de32e3ffb53609ce65c7ef8fd3ef6

SHA1
5d1e7650a52eada851e929afcaeea62eb725ed25

SHA256
57d454aa001aaaeb0796dd718b9f8e6ed79f0586bdf98f794b8abf091d7f24a9

SHA512
672a9c71c14464574b714db3d6847bc5e1bf1d0d09f3652610d592ac317e95b6089216c06fe566cb4369b27b6c23d95edc98bf68a97f24c726ed018a14bc21e3

Download Submit
C:\Windows\system\eXFCTfx.exe

Filesize
6.0MB

MD5
452f9d8629f31a1045ec8c4afa9ce7cc

SHA1
a9de732ff38ebe4ae0812981d9892f290ab16b20

SHA256
2a7ca50b366ee3323ba773c5af5185a1bfcf68ab0e7eba93dec09aa3143e4df2

SHA512
b47fa82a4b46d6aa85217ebd6c34dea0ade3f0f5c98020123c64b979e11586c7f8bcc3007062e71fd206681181a1b8c7220d6e35539df9d82ecb45f20b520594

Download Submit
C:\Windows\system\hhSNiEF.exe

Filesize
6.0MB

MD5
483602143f3d4ff2a9cd7e7b190353f0

SHA1
81b38ed73879d4b3f6107f773ff00b31c550b197

SHA256
a3eb3273c07addca0347c8711cf4a53c41b13824b8acb76a64d1d1178e9493f1

SHA512
2f71cb69a291b76ff1f561b90f02382bcf890f87035924254b6d12ffaddf43bd5b5dea93d3c5933268dfb44b17317fad5cf08b6e901b8ecfbe46ce6f5487296d

Download Submit
C:\Windows\system\kKuIDrG.exe

Filesize
6.0MB

MD5
1efbddc1572b22825577ea85cf8e65c5

SHA1
839dcce708e21d8b8c44f45e1cb354b9c8f15d72

SHA256
6c9765e10674cf6314289d41101077383dbe91c1cd2d792be1a9bcbb2152919d

SHA512
8332fc5db9c5a717797f15f1cb82a9c2e189a051e86045203e906aec46eaf328701a499d16d1d6bc4ed6efcf515a33fbf5d0330167860b58d640400f27c00827

Download Submit
C:\Windows\system\ksxTZow.exe

Filesize
6.0MB

MD5
1bcc5bbb427f23d687ee3489f7254a33

SHA1
cb05af418fa4943afb6a38f9084a3edf9219a405

SHA256
6e2ca2f1cb0ca9f91e3849305e2bd3c5b3b62a35741d1764bb386a983e3f76de

SHA512
214253ac5076c0ef9c396a70ad41aec31330228cb7a772056488b7ab789c63347c0fe43968aa7e25235df31bc07e20050ff1a8ba0021ae74eba0b47925b590d0

Download Submit
C:\Windows\system\rNyKxuG.exe

Filesize
6.0MB

MD5
e588c0b5cb9471e39f7940dc36dd2aeb

SHA1
031b62165cd0ca33a726bdb1ded388f22e17c8c5

SHA256
d30464aae858bc3f96f75dbdc9ebd27db8fbaa1bacfb12f1f59ecaf6569a7eb6

SHA512
2932e42e6de1363663b431d297edad7534af2b2d45f8434313d8a70cbc57b3cce8a8eac2dab46a17edb99f78764bb27c19891069f7200c33ef0dbed75f713dcf

Download Submit
C:\Windows\system\uMdYOBK.exe

Filesize
6.0MB

MD5
64225ea24492a22329877adb4d24395e

SHA1
8d841de28a32fbdcff833ed6031e53ba65b47435

SHA256
dc2d11b09eb96421cc8b380c4e2c375d876eb769a2c32a925374ada2a3604ae9

SHA512
d49a413bf6a01e0d8a3dd9063b95989c0345d81c74fd21cee86247b29f09ab27ae56325088c93efddc278f7cc3a482533064b50dc47445b2e6f553bbf899c3c4

Download Submit
C:\Windows\system\yEApQCg.exe

Filesize
6.0MB

MD5
3ea8143fbf1c0aaec2e47640d3f128e7

SHA1
91355574f26e88a379815f59ec29f301af1d0e0c

SHA256
e31856c55428bc6b2ea370f4629d6981ddce8e9c117ea540f1ca630354d6a06f

SHA512
2636a6ebdd38fdafff7841a32fa8b999d72bd06d9db568fa53f17c7803253216670b23ff7f975f186a2175ab4236d41f95c3a62a4e3eda0a0a6abce79990e700

Download Submit
C:\Windows\system\yFlKyjB.exe

Filesize
6.0MB

MD5
bd24d0589869414edd7ea348ed5bcace

SHA1
06c85b54a112a895fc9aa36ac430410eef62e967

SHA256
e1314ca9f09e5479c9b3b7458ba49ccc9d413e0c041b3a45897a241a9df42537

SHA512
519207d9202f2d2764d70cb98a9f047bca496837b262f201896c2a8722239182870dff98f5eb676d7344b48cd47f7bda00d18a4391694fa475d1dccaab362ee3

Download Submit
\Windows\system\AeohCKz.exe

Filesize
6.0MB

MD5
37aaa65971d78c79c640b1e515bc7879

SHA1
6b414ba44fa6865360cd404337facd3fed213dd9

SHA256
3a7a2b1572fe302fe071bd20101863709d24bffaf4ceb8fb7bbf0771e8179e28

SHA512
32464cc1ccd8fc4903fcc550f0cc82dc79871ea3f1a50d9a11ecb481efe6da2dedac1708949d5fd8a194febb163ce9170e6ab3fb0cf3bc0a74f2f888d5a4d65a

Download Submit
\Windows\system\QnSOIDR.exe

Filesize
6.0MB

MD5
dbe69bb72f5c2511fd71d2c53705752f

SHA1
f8a1af7d754702195163d9d41dd19a8ba35b9483

SHA256
caae92d1f5bd866d87298cb97c87c82da2c3c02b5c99a73d1adc8657eb78b861

SHA512
8454e1d5342dfc977eb1d294a523cbe2feab1f6d5372f061bf97b3c3cca69b898a00bf47c53984ed6e05d74f6f75664173e8a82e18061f65207b8ed29cc36580

Download Submit
\Windows\system\SpSNgQW.exe

Filesize
6.0MB

MD5
f918e44b66e4a428c4ceb3ef4aa50941

SHA1
79557be4ca83c9a1eb0d1b721b6b146fe6d06d04

SHA256
11d44ee4849fc593cdaa5dbb8e4827760daa3f43f003d7137ba5d008f622265a

SHA512
ae44ea747763292d8015e191a2cffe30005c18ebd95f54d97a2d4d76e124f16bf745a98a19757a377cbc433861acef544e02c4b4d2b7ae8309fee45e792fe910

Download Submit
\Windows\system\UpPqZwm.exe

Filesize
6.0MB

MD5
5110daf44532395b67050ee959aa795d

SHA1
679cb3968f8ee5cc3ef52da95065ea40eb2c16d0

SHA256
a65a68acccb5e1dd146dcb38334859ecf3d2b6923f1867fd1ff6eba2eebd3a97

SHA512
aaacd03fbc414bf215a23256bfabec7d6bd8456622eca7db75885165b86ecda000eb127e35cca80623d37b211b159a489204b95a25a9eb2cee4a4612b1a0ad3b

Download Submit
\Windows\system\XinPwqB.exe

Filesize
6.0MB

MD5
42b0fcb5faa92282bea700cb40bc5a8a

SHA1
688bf0387491eb0265733efc9c01abb1ac349d22

SHA256
1425472cbca78a33cb92b0a22648228384afc1503f9a51077d7d42f93bd9bd12

SHA512
1aa9c2406eb0d75b43116989f0dd2268b8bb5d6307a0c9feffab25dec674951141f69642e4d2803e457a8a0897bd490c49e8cb880a852e0049a9b1b782a68be5

Download Submit
\Windows\system\aVFCxgg.exe

Filesize
6.0MB

MD5
f3b550b98ee9480a996494ab987a2a7a

SHA1
ba51528cbe45782db7de624bcecab7b20eade4ef

SHA256
5ad87197559bd80a45b656367d886d8327deb18a695d06c06b2345291aea3a8a

SHA512
5c7851de782e4bef85a32b7e8ae4b596efc6bbcb2399186356815976d848a29d818f7ea7471d3c5eea4a53927a02138b5ed4a0d087ca6c33e814be08b2ec986f

Download Submit
\Windows\system\gHGFFXh.exe

Filesize
6.0MB

MD5
b2000f00bff40ae7787694135200ebaf

SHA1
8d531fd4c237321d55e21d67befce09faec5c14a

SHA256
cf7eb12b567e4a31690f5045eaae25d95d0b44cb09fdf361b9278db44a4c4b6d

SHA512
b7281d2d6350ba226175b58c72100866965b4cbdced981d8bf15fe37436f7364077160d0212edd4de9e84c90b8f4eca0ae068f5da4b6b1df1ba7f1e5430404b8

Download Submit
memory/536-3540-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/536-98-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/876-410-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/876-68-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/876-3543-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2032-208-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2032-3527-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2032-62-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2504-657-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2504-80-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2504-3542-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2552-3539-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2552-75-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2572-48-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-34-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2592-3526-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3525-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2616-52-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2672-15-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2684-33-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3528-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2688-55-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2712-22-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2712-74-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2712-79-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2712-61-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2712-103-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2712-51-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2712-60-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2712-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2712-49-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2712-106-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-113-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2712-13-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2712-32-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2712-0-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2712-91-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2712-858-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2712-207-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2712-409-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2712-558-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2836-35-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2952-3524-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-14-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download