cobaltstrike | 7610d31cb298db55fdfe8de0764007dedfc4de9ed996ec675e0e93caf69b896f

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
26/01/2025, 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

1d046d072792b2ba1f0347fae05f91cc
SHA1

07f247260b974a75992c58b254856e3fbd779f20
SHA256

7610d31cb298db55fdfe8de0764007dedfc4de9ed996ec675e0e93caf69b896f
SHA512

fb189c5669bf57b12af2ef58ab7f52610c0d1bc71bf4f0984dc265359108b33c6ee283a7be9455e965d565fb0f07514c93e3a4c9265e39972f79259bac897cc1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUj:T+q56utgpPF8u/7j

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012280-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d41-7.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d59-14.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d79-18.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d81-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f25-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f7b-34.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001610d-41.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d67-53.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6b-57.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d77-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-69.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ecf-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-120.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-119.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-118.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-108.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-101.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-93.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df3-85.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d18-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-78.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-74.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-61.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d54-49.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4b-45.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001604c-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ec4-25.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1968-0-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x000b000000012280-6.dat	xmrig
behavioral1/files/0x0009000000015d41-7.dat	xmrig
behavioral1/files/0x0008000000015d59-14.dat	xmrig
behavioral1/files/0x0008000000015d79-18.dat	xmrig
behavioral1/files/0x0008000000015d81-22.dat	xmrig
behavioral1/files/0x0007000000015f25-30.dat	xmrig
behavioral1/files/0x0007000000015f7b-34.dat	xmrig
behavioral1/files/0x000800000001610d-41.dat	xmrig
behavioral1/files/0x0006000000016d67-53.dat	xmrig
behavioral1/files/0x0006000000016d6b-57.dat	xmrig
behavioral1/files/0x0006000000016d77-65.dat	xmrig
behavioral1/files/0x0006000000016d9f-69.dat	xmrig
behavioral1/files/0x0006000000016ecf-89.dat	xmrig
behavioral1/files/0x0005000000018704-129.dat	xmrig
behavioral1/memory/844-1617-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/1968-1665-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/memory/2096-1716-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/1968-1790-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2768-1850-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2752-1780-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2352-1733-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/1652-1662-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/1968-1620-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2808-1894-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2884-1968-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/files/0x00050000000186f4-125.dat	xmrig
behavioral1/memory/1968-1983-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x00050000000186f1-121.dat	xmrig
behavioral1/files/0x00050000000186e7-120.dat	xmrig
behavioral1/files/0x000600000001755b-119.dat	xmrig
behavioral1/files/0x00050000000186ed-118.dat	xmrig
behavioral1/files/0x0006000000017497-97.dat	xmrig
behavioral1/files/0x0005000000018686-108.dat	xmrig
behavioral1/files/0x000600000001749c-101.dat	xmrig
behavioral1/files/0x0006000000017049-93.dat	xmrig
behavioral1/files/0x0006000000016df3-85.dat	xmrig
behavioral1/files/0x0009000000015d18-81.dat	xmrig
behavioral1/files/0x0006000000016dea-78.dat	xmrig
behavioral1/files/0x0006000000016de8-74.dat	xmrig
behavioral1/files/0x0006000000016d6f-61.dat	xmrig
behavioral1/files/0x0006000000016d54-49.dat	xmrig
behavioral1/files/0x0006000000016d4b-45.dat	xmrig
behavioral1/files/0x000800000001604c-38.dat	xmrig
behavioral1/files/0x0007000000015ec4-25.dat	xmrig
behavioral1/memory/2812-2018-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2668-2040-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/1752-2126-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/1968-2127-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2900-2132-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/1256-2208-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2352-3917-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2768-3919-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/1652-3918-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2884-3920-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2812-3931-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/1752-3930-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2808-3929-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2096-3928-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/1256-3927-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2752-3926-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/844-3925-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2900-3922-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2668-3921-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2092	cbjVutC.exe
844	yyQpMpW.exe
1652	RXGGRsz.exe
2096	LvVdksm.exe
2352	JxiFmDt.exe
2752	lJVDwwT.exe
2768	iZcOMRk.exe
2808	UyuCOBh.exe
2884	NOiUbgk.exe
2812	pzWyYeY.exe
2668	tfDykQY.exe
1752	zuNFdRI.exe
2900	RNbIxRd.exe
1256	sfMNAxG.exe
2832	MRrqPpm.exe
1832	pYaVFQU.exe
2676	LxdYwgM.exe
2732	XlstkhM.exe
1732	taQZCWM.exe
2152	CKajTyN.exe
1512	EHNTYDr.exe
2420	FjMrREE.exe
1504	vFYeapa.exe
2136	oZrdvXB.exe
752	levXXAY.exe
836	IbBcBUT.exe
1348	icydaUY.exe
1704	ovkXJxs.exe
1784	KimzsZJ.exe
2976	XOstzWK.exe
2036	mlGdwDs.exe
2248	xkUjrkK.exe
2084	KhSGoER.exe
2412	mtzrXbn.exe
2756	vooSMAg.exe
108	JbijLUo.exe
3000	OFmxJzn.exe
1724	dYrxNfF.exe
1084	QPiiGKo.exe
2988	HNTAPXc.exe
2272	xozXSXt.exe
1500	ayULiqX.exe
676	XJBYiLV.exe
1420	LnNwuHX.exe
1996	EAdNDXw.exe
1916	HiFewYU.exe
352	uyijEAH.exe
1244	eRulypY.exe
1864	xgvUNUQ.exe
2476	LFgnffg.exe
1896	ntnymct.exe
1692	FNzBjFq.exe
988	nfZbUPm.exe
568	AYJsGUA.exe
2232	QxEBvLN.exe
2516	fUKowRj.exe
2432	cIkYHGL.exe
2392	JVoDMfH.exe
1612	DwFMcGz.exe
1452	KMuAxGZ.exe
2132	VEZiRRq.exe
972	DHKdVHJ.exe
3056	rfnlUOe.exe
584	TQyfNJr.exe

Loads dropped DLL 64 IoCs

pid	Process
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 60 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1968-0-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x000b000000012280-6.dat	upx
behavioral1/files/0x0009000000015d41-7.dat	upx
behavioral1/files/0x0008000000015d59-14.dat	upx
behavioral1/files/0x0008000000015d79-18.dat	upx
behavioral1/files/0x0008000000015d81-22.dat	upx
behavioral1/files/0x0007000000015f25-30.dat	upx
behavioral1/files/0x0007000000015f7b-34.dat	upx
behavioral1/files/0x000800000001610d-41.dat	upx
behavioral1/files/0x0006000000016d67-53.dat	upx
behavioral1/files/0x0006000000016d6b-57.dat	upx
behavioral1/files/0x0006000000016d77-65.dat	upx
behavioral1/files/0x0006000000016d9f-69.dat	upx
behavioral1/files/0x0006000000016ecf-89.dat	upx
behavioral1/files/0x0005000000018704-129.dat	upx
behavioral1/memory/844-1617-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2096-1716-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2768-1850-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2752-1780-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2352-1733-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/1652-1662-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2808-1894-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2884-1968-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/files/0x00050000000186f4-125.dat	upx
behavioral1/files/0x00050000000186f1-121.dat	upx
behavioral1/files/0x00050000000186e7-120.dat	upx
behavioral1/files/0x000600000001755b-119.dat	upx
behavioral1/files/0x00050000000186ed-118.dat	upx
behavioral1/files/0x0006000000017497-97.dat	upx
behavioral1/files/0x0005000000018686-108.dat	upx
behavioral1/files/0x000600000001749c-101.dat	upx
behavioral1/files/0x0006000000017049-93.dat	upx
behavioral1/files/0x0006000000016df3-85.dat	upx
behavioral1/files/0x0009000000015d18-81.dat	upx
behavioral1/files/0x0006000000016dea-78.dat	upx
behavioral1/files/0x0006000000016de8-74.dat	upx
behavioral1/files/0x0006000000016d6f-61.dat	upx
behavioral1/files/0x0006000000016d54-49.dat	upx
behavioral1/files/0x0006000000016d4b-45.dat	upx
behavioral1/files/0x000800000001604c-38.dat	upx
behavioral1/files/0x0007000000015ec4-25.dat	upx
behavioral1/memory/2812-2018-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2668-2040-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/1752-2126-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2900-2132-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/1256-2208-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2352-3917-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2768-3919-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/1652-3918-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2884-3920-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2812-3931-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/1752-3930-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2808-3929-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2096-3928-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/1256-3927-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2752-3926-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/844-3925-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2900-3922-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2668-3921-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/1968-4212-0x000000013F520000-0x000000013F874000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\IrafxtW.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hMZCUvf.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FkCFQHu.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMNxQFU.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQUWQGX.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wpoYQuc.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ebDEbAH.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DcMhKHZ.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZFrtwJW.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tgIzFcF.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LvVdksm.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pqGonMw.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MFtCGau.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fMiGwtD.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dBsHvCG.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnNvuXa.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vkgWQgB.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btszkzw.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AAFBfFX.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HqoFegc.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iFZofnx.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lJVDwwT.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zNYvBPB.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PxktNJi.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iClMqjC.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mtTqTJJ.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HNTAPXc.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zVteskH.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXHEvOr.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEIETTb.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wmStEHa.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dRkrgrQ.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vUlrmSg.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VaUsHzz.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIPfdVX.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EGKguZr.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oKYNhSM.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GuBemAQ.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wmoHSxk.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FMeVLDx.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uoMFsae.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDFwUDK.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\baGswlN.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWVJxxk.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CXnvhjo.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NKpYtHH.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PtduTHL.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MbODfBQ.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HTSOiwC.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xDwAWmW.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aDNUpxc.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ylqBoOm.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QNDmJob.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eHIJvMv.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WXrCgep.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RwQszsT.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCXnDYX.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEpjrUd.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SdKMxCA.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iHuDtBB.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GYfSBrx.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LZdNIgD.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vFYeapa.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwFMcGz.exe	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2092	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1968 wrote to memory of 2092	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1968 wrote to memory of 2092	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1968 wrote to memory of 844	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1968 wrote to memory of 844	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1968 wrote to memory of 844	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1968 wrote to memory of 1652	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1968 wrote to memory of 1652	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1968 wrote to memory of 1652	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1968 wrote to memory of 2096	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1968 wrote to memory of 2096	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1968 wrote to memory of 2096	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1968 wrote to memory of 2352	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1968 wrote to memory of 2352	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1968 wrote to memory of 2352	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1968 wrote to memory of 2752	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1968 wrote to memory of 2752	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1968 wrote to memory of 2752	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1968 wrote to memory of 2768	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1968 wrote to memory of 2768	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1968 wrote to memory of 2768	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1968 wrote to memory of 2808	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1968 wrote to memory of 2808	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1968 wrote to memory of 2808	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1968 wrote to memory of 2884	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1968 wrote to memory of 2884	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1968 wrote to memory of 2884	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1968 wrote to memory of 2812	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1968 wrote to memory of 2812	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1968 wrote to memory of 2812	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1968 wrote to memory of 2668	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1968 wrote to memory of 2668	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1968 wrote to memory of 2668	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1968 wrote to memory of 1752	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1968 wrote to memory of 1752	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1968 wrote to memory of 1752	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1968 wrote to memory of 2900	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1968 wrote to memory of 2900	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1968 wrote to memory of 2900	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1968 wrote to memory of 1256	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1968 wrote to memory of 1256	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1968 wrote to memory of 1256	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1968 wrote to memory of 2832	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1968 wrote to memory of 2832	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1968 wrote to memory of 2832	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1968 wrote to memory of 1832	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1968 wrote to memory of 1832	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1968 wrote to memory of 1832	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1968 wrote to memory of 2676	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1968 wrote to memory of 2676	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1968 wrote to memory of 2676	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1968 wrote to memory of 2732	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1968 wrote to memory of 2732	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1968 wrote to memory of 2732	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1968 wrote to memory of 1732	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1968 wrote to memory of 1732	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1968 wrote to memory of 1732	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1968 wrote to memory of 2152	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1968 wrote to memory of 2152	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1968 wrote to memory of 2152	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1968 wrote to memory of 1512	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1968 wrote to memory of 1512	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1968 wrote to memory of 1512	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1968 wrote to memory of 2420	1968	2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-26_1d046d072792b2ba1f0347fae05f91cc_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\System\cbjVutC.exe
  C:\Windows\System\cbjVutC.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\yyQpMpW.exe
  C:\Windows\System\yyQpMpW.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\RXGGRsz.exe
  C:\Windows\System\RXGGRsz.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\LvVdksm.exe
  C:\Windows\System\LvVdksm.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\JxiFmDt.exe
  C:\Windows\System\JxiFmDt.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\lJVDwwT.exe
  C:\Windows\System\lJVDwwT.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\iZcOMRk.exe
  C:\Windows\System\iZcOMRk.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\UyuCOBh.exe
  C:\Windows\System\UyuCOBh.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\NOiUbgk.exe
  C:\Windows\System\NOiUbgk.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\pzWyYeY.exe
  C:\Windows\System\pzWyYeY.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\tfDykQY.exe
  C:\Windows\System\tfDykQY.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\zuNFdRI.exe
  C:\Windows\System\zuNFdRI.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\RNbIxRd.exe
  C:\Windows\System\RNbIxRd.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\sfMNAxG.exe
  C:\Windows\System\sfMNAxG.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\MRrqPpm.exe
  C:\Windows\System\MRrqPpm.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\pYaVFQU.exe
  C:\Windows\System\pYaVFQU.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\LxdYwgM.exe
  C:\Windows\System\LxdYwgM.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\XlstkhM.exe
  C:\Windows\System\XlstkhM.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\taQZCWM.exe
  C:\Windows\System\taQZCWM.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\CKajTyN.exe
  C:\Windows\System\CKajTyN.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\EHNTYDr.exe
  C:\Windows\System\EHNTYDr.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\FjMrREE.exe
  C:\Windows\System\FjMrREE.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\vFYeapa.exe
  C:\Windows\System\vFYeapa.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\oZrdvXB.exe
  C:\Windows\System\oZrdvXB.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\levXXAY.exe
  C:\Windows\System\levXXAY.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\ovkXJxs.exe
  C:\Windows\System\ovkXJxs.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\IbBcBUT.exe
  C:\Windows\System\IbBcBUT.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\KimzsZJ.exe
  C:\Windows\System\KimzsZJ.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\icydaUY.exe
  C:\Windows\System\icydaUY.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\XOstzWK.exe
  C:\Windows\System\XOstzWK.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\mlGdwDs.exe
  C:\Windows\System\mlGdwDs.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\xkUjrkK.exe
  C:\Windows\System\xkUjrkK.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\KhSGoER.exe
  C:\Windows\System\KhSGoER.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\mtzrXbn.exe
  C:\Windows\System\mtzrXbn.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\vooSMAg.exe
  C:\Windows\System\vooSMAg.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\JbijLUo.exe
  C:\Windows\System\JbijLUo.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\OFmxJzn.exe
  C:\Windows\System\OFmxJzn.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\dYrxNfF.exe
  C:\Windows\System\dYrxNfF.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\QPiiGKo.exe
  C:\Windows\System\QPiiGKo.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\HNTAPXc.exe
  C:\Windows\System\HNTAPXc.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\xozXSXt.exe
  C:\Windows\System\xozXSXt.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\ayULiqX.exe
  C:\Windows\System\ayULiqX.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\XJBYiLV.exe
  C:\Windows\System\XJBYiLV.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\LnNwuHX.exe
  C:\Windows\System\LnNwuHX.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\EAdNDXw.exe
  C:\Windows\System\EAdNDXw.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\HiFewYU.exe
  C:\Windows\System\HiFewYU.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\uyijEAH.exe
  C:\Windows\System\uyijEAH.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\eRulypY.exe
  C:\Windows\System\eRulypY.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\xgvUNUQ.exe
  C:\Windows\System\xgvUNUQ.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\LFgnffg.exe
  C:\Windows\System\LFgnffg.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\ntnymct.exe
  C:\Windows\System\ntnymct.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\FNzBjFq.exe
  C:\Windows\System\FNzBjFq.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\nfZbUPm.exe
  C:\Windows\System\nfZbUPm.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\AYJsGUA.exe
  C:\Windows\System\AYJsGUA.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\QxEBvLN.exe
  C:\Windows\System\QxEBvLN.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\fUKowRj.exe
  C:\Windows\System\fUKowRj.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\cIkYHGL.exe
  C:\Windows\System\cIkYHGL.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\JVoDMfH.exe
  C:\Windows\System\JVoDMfH.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\DwFMcGz.exe
  C:\Windows\System\DwFMcGz.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\KMuAxGZ.exe
  C:\Windows\System\KMuAxGZ.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\VEZiRRq.exe
  C:\Windows\System\VEZiRRq.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\DHKdVHJ.exe
  C:\Windows\System\DHKdVHJ.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\rfnlUOe.exe
  C:\Windows\System\rfnlUOe.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\TQyfNJr.exe
  C:\Windows\System\TQyfNJr.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\sShSOFL.exe
  C:\Windows\System\sShSOFL.exe
  2⤵
  PID:880
- C:\Windows\System\CeWGXns.exe
  C:\Windows\System\CeWGXns.exe
  2⤵
  PID:2324
- C:\Windows\System\VERbBRJ.exe
  C:\Windows\System\VERbBRJ.exe
  2⤵
  PID:1988
- C:\Windows\System\MjmIrsd.exe
  C:\Windows\System\MjmIrsd.exe
  2⤵
  PID:2220
- C:\Windows\System\DSROPEo.exe
  C:\Windows\System\DSROPEo.exe
  2⤵
  PID:2044
- C:\Windows\System\EjEbywL.exe
  C:\Windows\System\EjEbywL.exe
  2⤵
  PID:1712
- C:\Windows\System\WJPUvYi.exe
  C:\Windows\System\WJPUvYi.exe
  2⤵
  PID:1524
- C:\Windows\System\kgSdWEW.exe
  C:\Windows\System\kgSdWEW.exe
  2⤵
  PID:1532
- C:\Windows\System\pXMabCc.exe
  C:\Windows\System\pXMabCc.exe
  2⤵
  PID:2620
- C:\Windows\System\QNDmJob.exe
  C:\Windows\System\QNDmJob.exe
  2⤵
  PID:2572
- C:\Windows\System\xVqNEGI.exe
  C:\Windows\System\xVqNEGI.exe
  2⤵
  PID:908
- C:\Windows\System\ZYshiHF.exe
  C:\Windows\System\ZYshiHF.exe
  2⤵
  PID:2788
- C:\Windows\System\LOWDTeb.exe
  C:\Windows\System\LOWDTeb.exe
  2⤵
  PID:3024
- C:\Windows\System\GXTCJOU.exe
  C:\Windows\System\GXTCJOU.exe
  2⤵
  PID:2928
- C:\Windows\System\ldWIkny.exe
  C:\Windows\System\ldWIkny.exe
  2⤵
  PID:2980
- C:\Windows\System\NZBYQtu.exe
  C:\Windows\System\NZBYQtu.exe
  2⤵
  PID:2716
- C:\Windows\System\Ypeddkm.exe
  C:\Windows\System\Ypeddkm.exe
  2⤵
  PID:2672
- C:\Windows\System\cNqwkAn.exe
  C:\Windows\System\cNqwkAn.exe
  2⤵
  PID:2428
- C:\Windows\System\QRljBwE.exe
  C:\Windows\System\QRljBwE.exe
  2⤵
  PID:764
- C:\Windows\System\qJBYCpc.exe
  C:\Windows\System\qJBYCpc.exe
  2⤵
  PID:672
- C:\Windows\System\vDYmite.exe
  C:\Windows\System\vDYmite.exe
  2⤵
  PID:980
- C:\Windows\System\lzDetwR.exe
  C:\Windows\System\lzDetwR.exe
  2⤵
  PID:2120
- C:\Windows\System\JjtFcRZ.exe
  C:\Windows\System\JjtFcRZ.exe
  2⤵
  PID:620
- C:\Windows\System\miwPxMu.exe
  C:\Windows\System\miwPxMu.exe
  2⤵
  PID:2748
- C:\Windows\System\SSKGNTe.exe
  C:\Windows\System\SSKGNTe.exe
  2⤵
  PID:2628
- C:\Windows\System\BtfaSWN.exe
  C:\Windows\System\BtfaSWN.exe
  2⤵
  PID:852
- C:\Windows\System\juuCxuh.exe
  C:\Windows\System\juuCxuh.exe
  2⤵
  PID:976
- C:\Windows\System\CKmwHUn.exe
  C:\Windows\System\CKmwHUn.exe
  2⤵
  PID:688
- C:\Windows\System\GFNqOOS.exe
  C:\Windows\System\GFNqOOS.exe
  2⤵
  PID:2580
- C:\Windows\System\GEvyigK.exe
  C:\Windows\System\GEvyigK.exe
  2⤵
  PID:888
- C:\Windows\System\wmoHSxk.exe
  C:\Windows\System\wmoHSxk.exe
  2⤵
  PID:2076
- C:\Windows\System\lvznbTD.exe
  C:\Windows\System\lvznbTD.exe
  2⤵
  PID:2032
- C:\Windows\System\LMuIpSF.exe
  C:\Windows\System\LMuIpSF.exe
  2⤵
  PID:680
- C:\Windows\System\faEGHrI.exe
  C:\Windows\System\faEGHrI.exe
  2⤵
  PID:1172
- C:\Windows\System\DDNJWAh.exe
  C:\Windows\System\DDNJWAh.exe
  2⤵
  PID:3080
- C:\Windows\System\evyXYLG.exe
  C:\Windows\System\evyXYLG.exe
  2⤵
  PID:3100
- C:\Windows\System\PGPzqtx.exe
  C:\Windows\System\PGPzqtx.exe
  2⤵
  PID:3120
- C:\Windows\System\UuweoRw.exe
  C:\Windows\System\UuweoRw.exe
  2⤵
  PID:3140
- C:\Windows\System\GteEwQj.exe
  C:\Windows\System\GteEwQj.exe
  2⤵
  PID:3156
- C:\Windows\System\YczlJQp.exe
  C:\Windows\System\YczlJQp.exe
  2⤵
  PID:3180
- C:\Windows\System\WINIVhP.exe
  C:\Windows\System\WINIVhP.exe
  2⤵
  PID:3200
- C:\Windows\System\MbODfBQ.exe
  C:\Windows\System\MbODfBQ.exe
  2⤵
  PID:3220
- C:\Windows\System\HzOTHRX.exe
  C:\Windows\System\HzOTHRX.exe
  2⤵
  PID:3240
- C:\Windows\System\GzWbNIJ.exe
  C:\Windows\System\GzWbNIJ.exe
  2⤵
  PID:3260
- C:\Windows\System\POLineN.exe
  C:\Windows\System\POLineN.exe
  2⤵
  PID:3280
- C:\Windows\System\WholEYI.exe
  C:\Windows\System\WholEYI.exe
  2⤵
  PID:3300
- C:\Windows\System\HTSOiwC.exe
  C:\Windows\System\HTSOiwC.exe
  2⤵
  PID:3320
- C:\Windows\System\gpmJRfM.exe
  C:\Windows\System\gpmJRfM.exe
  2⤵
  PID:3340
- C:\Windows\System\mVGOfWF.exe
  C:\Windows\System\mVGOfWF.exe
  2⤵
  PID:3360
- C:\Windows\System\VGOEZBX.exe
  C:\Windows\System\VGOEZBX.exe
  2⤵
  PID:3380
- C:\Windows\System\racarci.exe
  C:\Windows\System\racarci.exe
  2⤵
  PID:3400
- C:\Windows\System\NgJTTNj.exe
  C:\Windows\System\NgJTTNj.exe
  2⤵
  PID:3420
- C:\Windows\System\tGNmiWg.exe
  C:\Windows\System\tGNmiWg.exe
  2⤵
  PID:3440
- C:\Windows\System\coKNzJk.exe
  C:\Windows\System\coKNzJk.exe
  2⤵
  PID:3460
- C:\Windows\System\ImhDTCe.exe
  C:\Windows\System\ImhDTCe.exe
  2⤵
  PID:3480
- C:\Windows\System\GPCTEJJ.exe
  C:\Windows\System\GPCTEJJ.exe
  2⤵
  PID:3500
- C:\Windows\System\jKbiTZG.exe
  C:\Windows\System\jKbiTZG.exe
  2⤵
  PID:3520
- C:\Windows\System\dfIeoJP.exe
  C:\Windows\System\dfIeoJP.exe
  2⤵
  PID:3540
- C:\Windows\System\pnPzPoI.exe
  C:\Windows\System\pnPzPoI.exe
  2⤵
  PID:3560
- C:\Windows\System\vCrXbVw.exe
  C:\Windows\System\vCrXbVw.exe
  2⤵
  PID:3580
- C:\Windows\System\iGcBSvx.exe
  C:\Windows\System\iGcBSvx.exe
  2⤵
  PID:3600
- C:\Windows\System\osShHAa.exe
  C:\Windows\System\osShHAa.exe
  2⤵
  PID:3620
- C:\Windows\System\dBsHvCG.exe
  C:\Windows\System\dBsHvCG.exe
  2⤵
  PID:3640
- C:\Windows\System\ewOzxxf.exe
  C:\Windows\System\ewOzxxf.exe
  2⤵
  PID:3660
- C:\Windows\System\FTGlIlL.exe
  C:\Windows\System\FTGlIlL.exe
  2⤵
  PID:3680
- C:\Windows\System\otzropO.exe
  C:\Windows\System\otzropO.exe
  2⤵
  PID:3696
- C:\Windows\System\ipOwUoG.exe
  C:\Windows\System\ipOwUoG.exe
  2⤵
  PID:3720
- C:\Windows\System\pYYZIof.exe
  C:\Windows\System\pYYZIof.exe
  2⤵
  PID:3736
- C:\Windows\System\LjbwYiE.exe
  C:\Windows\System\LjbwYiE.exe
  2⤵
  PID:3756
- C:\Windows\System\DSbgygl.exe
  C:\Windows\System\DSbgygl.exe
  2⤵
  PID:3780
- C:\Windows\System\elvxIGz.exe
  C:\Windows\System\elvxIGz.exe
  2⤵
  PID:3800
- C:\Windows\System\LNZUSoX.exe
  C:\Windows\System\LNZUSoX.exe
  2⤵
  PID:3820
- C:\Windows\System\AGzSAjr.exe
  C:\Windows\System\AGzSAjr.exe
  2⤵
  PID:3840
- C:\Windows\System\pJnyjgr.exe
  C:\Windows\System\pJnyjgr.exe
  2⤵
  PID:3860
- C:\Windows\System\sbwNtJB.exe
  C:\Windows\System\sbwNtJB.exe
  2⤵
  PID:3880
- C:\Windows\System\rztHccX.exe
  C:\Windows\System\rztHccX.exe
  2⤵
  PID:3900
- C:\Windows\System\HusuofR.exe
  C:\Windows\System\HusuofR.exe
  2⤵
  PID:3920
- C:\Windows\System\jUGQQWp.exe
  C:\Windows\System\jUGQQWp.exe
  2⤵
  PID:3940
- C:\Windows\System\nTYcOlD.exe
  C:\Windows\System\nTYcOlD.exe
  2⤵
  PID:3960
- C:\Windows\System\aNzoDcf.exe
  C:\Windows\System\aNzoDcf.exe
  2⤵
  PID:3980
- C:\Windows\System\BbYbAEa.exe
  C:\Windows\System\BbYbAEa.exe
  2⤵
  PID:4000
- C:\Windows\System\XMQvYhy.exe
  C:\Windows\System\XMQvYhy.exe
  2⤵
  PID:4020
- C:\Windows\System\pHlUgEN.exe
  C:\Windows\System\pHlUgEN.exe
  2⤵
  PID:4040
- C:\Windows\System\iamXSeM.exe
  C:\Windows\System\iamXSeM.exe
  2⤵
  PID:4060
- C:\Windows\System\UFeUMAT.exe
  C:\Windows\System\UFeUMAT.exe
  2⤵
  PID:4080
- C:\Windows\System\RUXMmbk.exe
  C:\Windows\System\RUXMmbk.exe
  2⤵
  PID:2376
- C:\Windows\System\HaCuTws.exe
  C:\Windows\System\HaCuTws.exe
  2⤵
  PID:2640
- C:\Windows\System\KPPMfng.exe
  C:\Windows\System\KPPMfng.exe
  2⤵
  PID:1016
- C:\Windows\System\PeKThhe.exe
  C:\Windows\System\PeKThhe.exe
  2⤵
  PID:2304
- C:\Windows\System\VPIVKdH.exe
  C:\Windows\System\VPIVKdH.exe
  2⤵
  PID:1000
- C:\Windows\System\EgJhwdU.exe
  C:\Windows\System\EgJhwdU.exe
  2⤵
  PID:2532
- C:\Windows\System\hcMDItv.exe
  C:\Windows\System\hcMDItv.exe
  2⤵
  PID:1972
- C:\Windows\System\QVAXhah.exe
  C:\Windows\System\QVAXhah.exe
  2⤵
  PID:2196
- C:\Windows\System\hDvJvBk.exe
  C:\Windows\System\hDvJvBk.exe
  2⤵
  PID:1980
- C:\Windows\System\uVHalqr.exe
  C:\Windows\System\uVHalqr.exe
  2⤵
  PID:1528
- C:\Windows\System\rmUvbHx.exe
  C:\Windows\System\rmUvbHx.exe
  2⤵
  PID:2296
- C:\Windows\System\yVmUDTY.exe
  C:\Windows\System\yVmUDTY.exe
  2⤵
  PID:2448
- C:\Windows\System\tPFZqwL.exe
  C:\Windows\System\tPFZqwL.exe
  2⤵
  PID:1296
- C:\Windows\System\xVOQPOQ.exe
  C:\Windows\System\xVOQPOQ.exe
  2⤵
  PID:1240
- C:\Windows\System\fxSiWEo.exe
  C:\Windows\System\fxSiWEo.exe
  2⤵
  PID:1456
- C:\Windows\System\GZChKHn.exe
  C:\Windows\System\GZChKHn.exe
  2⤵
  PID:2664
- C:\Windows\System\OultxGS.exe
  C:\Windows\System\OultxGS.exe
  2⤵
  PID:1560
- C:\Windows\System\wNGrcRR.exe
  C:\Windows\System\wNGrcRR.exe
  2⤵
  PID:2944
- C:\Windows\System\TnNvuXa.exe
  C:\Windows\System\TnNvuXa.exe
  2⤵
  PID:2920
- C:\Windows\System\nhEAcxH.exe
  C:\Windows\System\nhEAcxH.exe
  2⤵
  PID:3112
- C:\Windows\System\njQPYBe.exe
  C:\Windows\System\njQPYBe.exe
  2⤵
  PID:3152
- C:\Windows\System\cwFSnlW.exe
  C:\Windows\System\cwFSnlW.exe
  2⤵
  PID:3208
- C:\Windows\System\etqhmRp.exe
  C:\Windows\System\etqhmRp.exe
  2⤵
  PID:3236
- C:\Windows\System\cQELNmQ.exe
  C:\Windows\System\cQELNmQ.exe
  2⤵
  PID:3268
- C:\Windows\System\csUidMK.exe
  C:\Windows\System\csUidMK.exe
  2⤵
  PID:3292
- C:\Windows\System\IRwzVLT.exe
  C:\Windows\System\IRwzVLT.exe
  2⤵
  PID:3332
- C:\Windows\System\wpoYQuc.exe
  C:\Windows\System\wpoYQuc.exe
  2⤵
  PID:3376
- C:\Windows\System\HDjlbih.exe
  C:\Windows\System\HDjlbih.exe
  2⤵
  PID:3396
- C:\Windows\System\caDSycT.exe
  C:\Windows\System\caDSycT.exe
  2⤵
  PID:3432
- C:\Windows\System\BBPRAOP.exe
  C:\Windows\System\BBPRAOP.exe
  2⤵
  PID:3476
- C:\Windows\System\NpXnEQH.exe
  C:\Windows\System\NpXnEQH.exe
  2⤵
  PID:3508
- C:\Windows\System\cdIRjyX.exe
  C:\Windows\System\cdIRjyX.exe
  2⤵
  PID:3532
- C:\Windows\System\DtgfByX.exe
  C:\Windows\System\DtgfByX.exe
  2⤵
  PID:3576
- C:\Windows\System\ADzQJdi.exe
  C:\Windows\System\ADzQJdi.exe
  2⤵
  PID:3596
- C:\Windows\System\OiUubCI.exe
  C:\Windows\System\OiUubCI.exe
  2⤵
  PID:3628
- C:\Windows\System\WCbSyiY.exe
  C:\Windows\System\WCbSyiY.exe
  2⤵
  PID:3676
- C:\Windows\System\QYnNYdG.exe
  C:\Windows\System\QYnNYdG.exe
  2⤵
  PID:3732
- C:\Windows\System\kpIlDPh.exe
  C:\Windows\System\kpIlDPh.exe
  2⤵
  PID:3764
- C:\Windows\System\Nuhtyyi.exe
  C:\Windows\System\Nuhtyyi.exe
  2⤵
  PID:3744
- C:\Windows\System\sAWUmNU.exe
  C:\Windows\System\sAWUmNU.exe
  2⤵
  PID:3796
- C:\Windows\System\VNHTiVK.exe
  C:\Windows\System\VNHTiVK.exe
  2⤵
  PID:3852
- C:\Windows\System\TcFwMtP.exe
  C:\Windows\System\TcFwMtP.exe
  2⤵
  PID:3888
- C:\Windows\System\OmAAxFD.exe
  C:\Windows\System\OmAAxFD.exe
  2⤵
  PID:3908
- C:\Windows\System\MUhGnvJ.exe
  C:\Windows\System\MUhGnvJ.exe
  2⤵
  PID:3932
- C:\Windows\System\XPCpGVE.exe
  C:\Windows\System\XPCpGVE.exe
  2⤵
  PID:3976
- C:\Windows\System\xUFlDQt.exe
  C:\Windows\System\xUFlDQt.exe
  2⤵
  PID:4012
- C:\Windows\System\BWDlvDg.exe
  C:\Windows\System\BWDlvDg.exe
  2⤵
  PID:4036
- C:\Windows\System\tScKUtl.exe
  C:\Windows\System\tScKUtl.exe
  2⤵
  PID:4076
- C:\Windows\System\hvLcETL.exe
  C:\Windows\System\hvLcETL.exe
  2⤵
  PID:4092
- C:\Windows\System\FfDYXDy.exe
  C:\Windows\System\FfDYXDy.exe
  2⤵
  PID:2952
- C:\Windows\System\OBKktJo.exe
  C:\Windows\System\OBKktJo.exe
  2⤵
  PID:768
- C:\Windows\System\DyGtWLk.exe
  C:\Windows\System\DyGtWLk.exe
  2⤵
  PID:2336
- C:\Windows\System\zVteskH.exe
  C:\Windows\System\zVteskH.exe
  2⤵
  PID:1808
- C:\Windows\System\rHkkVWW.exe
  C:\Windows\System\rHkkVWW.exe
  2⤵
  PID:2360
- C:\Windows\System\IbaoQkh.exe
  C:\Windows\System\IbaoQkh.exe
  2⤵
  PID:2388
- C:\Windows\System\xpwtEiT.exe
  C:\Windows\System\xpwtEiT.exe
  2⤵
  PID:628
- C:\Windows\System\zWZcgaM.exe
  C:\Windows\System\zWZcgaM.exe
  2⤵
  PID:3028
- C:\Windows\System\PlICWqU.exe
  C:\Windows\System\PlICWqU.exe
  2⤵
  PID:1552
- C:\Windows\System\IEmryrO.exe
  C:\Windows\System\IEmryrO.exe
  2⤵
  PID:2496
- C:\Windows\System\edXIdGl.exe
  C:\Windows\System\edXIdGl.exe
  2⤵
  PID:2800
- C:\Windows\System\sdoDXTm.exe
  C:\Windows\System\sdoDXTm.exe
  2⤵
  PID:3108
- C:\Windows\System\XJPdHoX.exe
  C:\Windows\System\XJPdHoX.exe
  2⤵
  PID:3196
- C:\Windows\System\ZDWYBfc.exe
  C:\Windows\System\ZDWYBfc.exe
  2⤵
  PID:3296
- C:\Windows\System\OXLIlZU.exe
  C:\Windows\System\OXLIlZU.exe
  2⤵
  PID:3316
- C:\Windows\System\oFDbRKe.exe
  C:\Windows\System\oFDbRKe.exe
  2⤵
  PID:3368
- C:\Windows\System\puMVklF.exe
  C:\Windows\System\puMVklF.exe
  2⤵
  PID:3412
- C:\Windows\System\HfdtISz.exe
  C:\Windows\System\HfdtISz.exe
  2⤵
  PID:3416
- C:\Windows\System\oJjyGuZ.exe
  C:\Windows\System\oJjyGuZ.exe
  2⤵
  PID:3468
- C:\Windows\System\irQoSdJ.exe
  C:\Windows\System\irQoSdJ.exe
  2⤵
  PID:3556
- C:\Windows\System\SCXnDYX.exe
  C:\Windows\System\SCXnDYX.exe
  2⤵
  PID:3616
- C:\Windows\System\VemMeqC.exe
  C:\Windows\System\VemMeqC.exe
  2⤵
  PID:3588
- C:\Windows\System\XwZtPHp.exe
  C:\Windows\System\XwZtPHp.exe
  2⤵
  PID:3728
- C:\Windows\System\YLsOZeN.exe
  C:\Windows\System\YLsOZeN.exe
  2⤵
  PID:3776
- C:\Windows\System\IMvgjes.exe
  C:\Windows\System\IMvgjes.exe
  2⤵
  PID:3812
- C:\Windows\System\eMXoiAU.exe
  C:\Windows\System\eMXoiAU.exe
  2⤵
  PID:3848
- C:\Windows\System\OzTqLXq.exe
  C:\Windows\System\OzTqLXq.exe
  2⤵
  PID:3872
- C:\Windows\System\lCzBqfO.exe
  C:\Windows\System\lCzBqfO.exe
  2⤵
  PID:3912
- C:\Windows\System\FSRLLcC.exe
  C:\Windows\System\FSRLLcC.exe
  2⤵
  PID:3968
- C:\Windows\System\jYnzJws.exe
  C:\Windows\System\jYnzJws.exe
  2⤵
  PID:4068
- C:\Windows\System\zUtHCTK.exe
  C:\Windows\System\zUtHCTK.exe
  2⤵
  PID:1668
- C:\Windows\System\UQDWPWX.exe
  C:\Windows\System\UQDWPWX.exe
  2⤵
  PID:2600
- C:\Windows\System\pFHlVCG.exe
  C:\Windows\System\pFHlVCG.exe
  2⤵
  PID:3176
- C:\Windows\System\QoFUzPY.exe
  C:\Windows\System\QoFUzPY.exe
  2⤵
  PID:3076
- C:\Windows\System\orgSCFu.exe
  C:\Windows\System\orgSCFu.exe
  2⤵
  PID:3312
- C:\Windows\System\hHPztWg.exe
  C:\Windows\System\hHPztWg.exe
  2⤵
  PID:3512
- C:\Windows\System\fAiSfGa.exe
  C:\Windows\System\fAiSfGa.exe
  2⤵
  PID:3712
- C:\Windows\System\lMvtRob.exe
  C:\Windows\System\lMvtRob.exe
  2⤵
  PID:3856
- C:\Windows\System\SdclATj.exe
  C:\Windows\System\SdclATj.exe
  2⤵
  PID:3836
- C:\Windows\System\DUcugHj.exe
  C:\Windows\System\DUcugHj.exe
  2⤵
  PID:3188
- C:\Windows\System\oABeixf.exe
  C:\Windows\System\oABeixf.exe
  2⤵
  PID:3896
- C:\Windows\System\mrFEurl.exe
  C:\Windows\System\mrFEurl.exe
  2⤵
  PID:4048
- C:\Windows\System\XCwftXH.exe
  C:\Windows\System\XCwftXH.exe
  2⤵
  PID:848
- C:\Windows\System\mmCbrhL.exe
  C:\Windows\System\mmCbrhL.exe
  2⤵
  PID:3456
- C:\Windows\System\IsFYRVJ.exe
  C:\Windows\System\IsFYRVJ.exe
  2⤵
  PID:2528
- C:\Windows\System\oAOdvXe.exe
  C:\Windows\System\oAOdvXe.exe
  2⤵
  PID:3192
- C:\Windows\System\dyaAFfm.exe
  C:\Windows\System\dyaAFfm.exe
  2⤵
  PID:3472
- C:\Windows\System\yIqMdOE.exe
  C:\Windows\System\yIqMdOE.exe
  2⤵
  PID:3668
- C:\Windows\System\nahOtCU.exe
  C:\Windows\System\nahOtCU.exe
  2⤵
  PID:2236
- C:\Windows\System\YHSyekv.exe
  C:\Windows\System\YHSyekv.exe
  2⤵
  PID:2964
- C:\Windows\System\lyAgBDV.exe
  C:\Windows\System\lyAgBDV.exe
  2⤵
  PID:3128
- C:\Windows\System\fIgkARH.exe
  C:\Windows\System\fIgkARH.exe
  2⤵
  PID:4112
- C:\Windows\System\OyjodXD.exe
  C:\Windows\System\OyjodXD.exe
  2⤵
  PID:4128
- C:\Windows\System\lfnuDim.exe
  C:\Windows\System\lfnuDim.exe
  2⤵
  PID:4148
- C:\Windows\System\QoCQTYA.exe
  C:\Windows\System\QoCQTYA.exe
  2⤵
  PID:4164
- C:\Windows\System\RwAfUUg.exe
  C:\Windows\System\RwAfUUg.exe
  2⤵
  PID:4188
- C:\Windows\System\hdnzCLw.exe
  C:\Windows\System\hdnzCLw.exe
  2⤵
  PID:4208
- C:\Windows\System\wsVIoGc.exe
  C:\Windows\System\wsVIoGc.exe
  2⤵
  PID:4228
- C:\Windows\System\AGwZMxe.exe
  C:\Windows\System\AGwZMxe.exe
  2⤵
  PID:4248
- C:\Windows\System\oUIeayc.exe
  C:\Windows\System\oUIeayc.exe
  2⤵
  PID:4268
- C:\Windows\System\KPIPVCk.exe
  C:\Windows\System\KPIPVCk.exe
  2⤵
  PID:4292
- C:\Windows\System\RymDclA.exe
  C:\Windows\System\RymDclA.exe
  2⤵
  PID:4312
- C:\Windows\System\MMggkWP.exe
  C:\Windows\System\MMggkWP.exe
  2⤵
  PID:4332
- C:\Windows\System\zZjeXdC.exe
  C:\Windows\System\zZjeXdC.exe
  2⤵
  PID:4356
- C:\Windows\System\kXpYTDc.exe
  C:\Windows\System\kXpYTDc.exe
  2⤵
  PID:4372
- C:\Windows\System\YgSHAsT.exe
  C:\Windows\System\YgSHAsT.exe
  2⤵
  PID:4416
- C:\Windows\System\aSCuzjo.exe
  C:\Windows\System\aSCuzjo.exe
  2⤵
  PID:4432
- C:\Windows\System\MEOysCf.exe
  C:\Windows\System\MEOysCf.exe
  2⤵
  PID:4452
- C:\Windows\System\tnXkYHA.exe
  C:\Windows\System\tnXkYHA.exe
  2⤵
  PID:4468
- C:\Windows\System\YcXnlnh.exe
  C:\Windows\System\YcXnlnh.exe
  2⤵
  PID:4484
- C:\Windows\System\MwbpkWy.exe
  C:\Windows\System\MwbpkWy.exe
  2⤵
  PID:4508
- C:\Windows\System\rtOHxsO.exe
  C:\Windows\System\rtOHxsO.exe
  2⤵
  PID:4524
- C:\Windows\System\cxArURj.exe
  C:\Windows\System\cxArURj.exe
  2⤵
  PID:4548
- C:\Windows\System\BuxTcoN.exe
  C:\Windows\System\BuxTcoN.exe
  2⤵
  PID:4564
- C:\Windows\System\apmivwH.exe
  C:\Windows\System\apmivwH.exe
  2⤵
  PID:4584
- C:\Windows\System\aqTmSmC.exe
  C:\Windows\System\aqTmSmC.exe
  2⤵
  PID:4608
- C:\Windows\System\TBomqtJ.exe
  C:\Windows\System\TBomqtJ.exe
  2⤵
  PID:4628
- C:\Windows\System\gOEbgDu.exe
  C:\Windows\System\gOEbgDu.exe
  2⤵
  PID:4652
- C:\Windows\System\aVmXifZ.exe
  C:\Windows\System\aVmXifZ.exe
  2⤵
  PID:4668
- C:\Windows\System\PIbpecj.exe
  C:\Windows\System\PIbpecj.exe
  2⤵
  PID:4684
- C:\Windows\System\yoOibSd.exe
  C:\Windows\System\yoOibSd.exe
  2⤵
  PID:4700
- C:\Windows\System\SeebNDP.exe
  C:\Windows\System\SeebNDP.exe
  2⤵
  PID:4716
- C:\Windows\System\tYInpaf.exe
  C:\Windows\System\tYInpaf.exe
  2⤵
  PID:4736
- C:\Windows\System\QfPUmOw.exe
  C:\Windows\System\QfPUmOw.exe
  2⤵
  PID:4764
- C:\Windows\System\OKkSuVz.exe
  C:\Windows\System\OKkSuVz.exe
  2⤵
  PID:4784
- C:\Windows\System\ryhTOWU.exe
  C:\Windows\System\ryhTOWU.exe
  2⤵
  PID:4800
- C:\Windows\System\nKNOFRi.exe
  C:\Windows\System\nKNOFRi.exe
  2⤵
  PID:4816
- C:\Windows\System\KAClpBp.exe
  C:\Windows\System\KAClpBp.exe
  2⤵
  PID:4832
- C:\Windows\System\xNbUSyY.exe
  C:\Windows\System\xNbUSyY.exe
  2⤵
  PID:4848
- C:\Windows\System\XtNxmun.exe
  C:\Windows\System\XtNxmun.exe
  2⤵
  PID:4864
- C:\Windows\System\NaIDFeq.exe
  C:\Windows\System\NaIDFeq.exe
  2⤵
  PID:4892
- C:\Windows\System\vBEUgGm.exe
  C:\Windows\System\vBEUgGm.exe
  2⤵
  PID:4924
- C:\Windows\System\rGLbEke.exe
  C:\Windows\System\rGLbEke.exe
  2⤵
  PID:4948
- C:\Windows\System\HsNBDIr.exe
  C:\Windows\System\HsNBDIr.exe
  2⤵
  PID:4968
- C:\Windows\System\dWhqKku.exe
  C:\Windows\System\dWhqKku.exe
  2⤵
  PID:4996
- C:\Windows\System\eemZXmm.exe
  C:\Windows\System\eemZXmm.exe
  2⤵
  PID:5016
- C:\Windows\System\SzFdAap.exe
  C:\Windows\System\SzFdAap.exe
  2⤵
  PID:5032
- C:\Windows\System\uZhKwoX.exe
  C:\Windows\System\uZhKwoX.exe
  2⤵
  PID:5052
- C:\Windows\System\cLYhpoX.exe
  C:\Windows\System\cLYhpoX.exe
  2⤵
  PID:5076
- C:\Windows\System\IpicCgz.exe
  C:\Windows\System\IpicCgz.exe
  2⤵
  PID:5096
- C:\Windows\System\bYPmyca.exe
  C:\Windows\System\bYPmyca.exe
  2⤵
  PID:5112
- C:\Windows\System\nwRmNbV.exe
  C:\Windows\System\nwRmNbV.exe
  2⤵
  PID:3992
- C:\Windows\System\yFmuKla.exe
  C:\Windows\System\yFmuKla.exe
  2⤵
  PID:448
- C:\Windows\System\ZGQkola.exe
  C:\Windows\System\ZGQkola.exe
  2⤵
  PID:4104
- C:\Windows\System\lkQoUyx.exe
  C:\Windows\System\lkQoUyx.exe
  2⤵
  PID:4144
- C:\Windows\System\xdJgcsu.exe
  C:\Windows\System\xdJgcsu.exe
  2⤵
  PID:4216
- C:\Windows\System\radjAmY.exe
  C:\Windows\System\radjAmY.exe
  2⤵
  PID:2636
- C:\Windows\System\xQQVEms.exe
  C:\Windows\System\xQQVEms.exe
  2⤵
  PID:3656
- C:\Windows\System\lGJIRlz.exe
  C:\Windows\System\lGJIRlz.exe
  2⤵
  PID:3716
- C:\Windows\System\nPGJoor.exe
  C:\Windows\System\nPGJoor.exe
  2⤵
  PID:4008
- C:\Windows\System\IrafxtW.exe
  C:\Windows\System\IrafxtW.exe
  2⤵
  PID:3408
- C:\Windows\System\ZnhOeGo.exe
  C:\Windows\System\ZnhOeGo.exe
  2⤵
  PID:1312
- C:\Windows\System\CCMeWWR.exe
  C:\Windows\System\CCMeWWR.exe
  2⤵
  PID:4352
- C:\Windows\System\kMalJTP.exe
  C:\Windows\System\kMalJTP.exe
  2⤵
  PID:4288
- C:\Windows\System\PgmgHnE.exe
  C:\Windows\System\PgmgHnE.exe
  2⤵
  PID:4392
- C:\Windows\System\hjczHKY.exe
  C:\Windows\System\hjczHKY.exe
  2⤵
  PID:4440
- C:\Windows\System\sOVSoBh.exe
  C:\Windows\System\sOVSoBh.exe
  2⤵
  PID:4120
- C:\Windows\System\qdOUGuB.exe
  C:\Windows\System\qdOUGuB.exe
  2⤵
  PID:4204
- C:\Windows\System\xQtzTpZ.exe
  C:\Windows\System\xQtzTpZ.exe
  2⤵
  PID:4448
- C:\Windows\System\FMeVLDx.exe
  C:\Windows\System\FMeVLDx.exe
  2⤵
  PID:4520
- C:\Windows\System\mSSgOsz.exe
  C:\Windows\System\mSSgOsz.exe
  2⤵
  PID:4604
- C:\Windows\System\AgcBrdK.exe
  C:\Windows\System\AgcBrdK.exe
  2⤵
  PID:4644
- C:\Windows\System\rGkHGuS.exe
  C:\Windows\System\rGkHGuS.exe
  2⤵
  PID:4708
- C:\Windows\System\CMFkTbs.exe
  C:\Windows\System\CMFkTbs.exe
  2⤵
  PID:4756
- C:\Windows\System\UFdQDkQ.exe
  C:\Windows\System\UFdQDkQ.exe
  2⤵
  PID:4792
- C:\Windows\System\ZueaKCm.exe
  C:\Windows\System\ZueaKCm.exe
  2⤵
  PID:4504
- C:\Windows\System\RSiDoLR.exe
  C:\Windows\System\RSiDoLR.exe
  2⤵
  PID:4620
- C:\Windows\System\hrwzEKN.exe
  C:\Windows\System\hrwzEKN.exe
  2⤵
  PID:4856
- C:\Windows\System\DHPPxit.exe
  C:\Windows\System\DHPPxit.exe
  2⤵
  PID:4872
- C:\Windows\System\nvZvLbR.exe
  C:\Windows\System\nvZvLbR.exe
  2⤵
  PID:4844
- C:\Windows\System\MAPRBWP.exe
  C:\Windows\System\MAPRBWP.exe
  2⤵
  PID:4772
- C:\Windows\System\GuCjhdl.exe
  C:\Windows\System\GuCjhdl.exe
  2⤵
  PID:4900
- C:\Windows\System\MSRvYSj.exe
  C:\Windows\System\MSRvYSj.exe
  2⤵
  PID:4920
- C:\Windows\System\lyevpVX.exe
  C:\Windows\System\lyevpVX.exe
  2⤵
  PID:4964
- C:\Windows\System\hpdUYii.exe
  C:\Windows\System\hpdUYii.exe
  2⤵
  PID:5008
- C:\Windows\System\bZPslaD.exe
  C:\Windows\System\bZPslaD.exe
  2⤵
  PID:4992
- C:\Windows\System\IhtdLUR.exe
  C:\Windows\System\IhtdLUR.exe
  2⤵
  PID:5060
- C:\Windows\System\ncunaeR.exe
  C:\Windows\System\ncunaeR.exe
  2⤵
  PID:5068
- C:\Windows\System\WaSbrVj.exe
  C:\Windows\System\WaSbrVj.exe
  2⤵
  PID:3436
- C:\Windows\System\yiwqgaH.exe
  C:\Windows\System\yiwqgaH.exe
  2⤵
  PID:3568
- C:\Windows\System\llQEwEA.exe
  C:\Windows\System\llQEwEA.exe
  2⤵
  PID:3232
- C:\Windows\System\nKOIqKL.exe
  C:\Windows\System\nKOIqKL.exe
  2⤵
  PID:4136
- C:\Windows\System\fFkKTBT.exe
  C:\Windows\System\fFkKTBT.exe
  2⤵
  PID:828
- C:\Windows\System\FcMlcYK.exe
  C:\Windows\System\FcMlcYK.exe
  2⤵
  PID:4240
- C:\Windows\System\KmNSTmH.exe
  C:\Windows\System\KmNSTmH.exe
  2⤵
  PID:4404
- C:\Windows\System\mQdoyZv.exe
  C:\Windows\System\mQdoyZv.exe
  2⤵
  PID:4236
- C:\Windows\System\dAaLpVb.exe
  C:\Windows\System\dAaLpVb.exe
  2⤵
  PID:4476
- C:\Windows\System\BlsfpUP.exe
  C:\Windows\System\BlsfpUP.exe
  2⤵
  PID:4160
- C:\Windows\System\kKfRIbU.exe
  C:\Windows\System\kKfRIbU.exe
  2⤵
  PID:4636
- C:\Windows\System\xWMQrNo.exe
  C:\Windows\System\xWMQrNo.exe
  2⤵
  PID:4428
- C:\Windows\System\ebDEbAH.exe
  C:\Windows\System\ebDEbAH.exe
  2⤵
  PID:4500
- C:\Windows\System\HLsKPDz.exe
  C:\Windows\System\HLsKPDz.exe
  2⤵
  PID:4572
- C:\Windows\System\qXEiehi.exe
  C:\Windows\System\qXEiehi.exe
  2⤵
  PID:4532
- C:\Windows\System\RtWmAhj.exe
  C:\Windows\System\RtWmAhj.exe
  2⤵
  PID:4728
- C:\Windows\System\YiShEhZ.exe
  C:\Windows\System\YiShEhZ.exe
  2⤵
  PID:4808
- C:\Windows\System\GzMYHCa.exe
  C:\Windows\System\GzMYHCa.exe
  2⤵
  PID:4696
- C:\Windows\System\SmHOgNC.exe
  C:\Windows\System\SmHOgNC.exe
  2⤵
  PID:5012
- C:\Windows\System\bpLSWrw.exe
  C:\Windows\System\bpLSWrw.exe
  2⤵
  PID:4988
- C:\Windows\System\BnBcqam.exe
  C:\Windows\System\BnBcqam.exe
  2⤵
  PID:5084
- C:\Windows\System\bZeXpcI.exe
  C:\Windows\System\bZeXpcI.exe
  2⤵
  PID:1880
- C:\Windows\System\LCrnRUX.exe
  C:\Windows\System\LCrnRUX.exe
  2⤵
  PID:4140
- C:\Windows\System\aZjzZKG.exe
  C:\Windows\System\aZjzZKG.exe
  2⤵
  PID:5140
- C:\Windows\System\sLVHqrD.exe
  C:\Windows\System\sLVHqrD.exe
  2⤵
  PID:5164
- C:\Windows\System\djfEWTf.exe
  C:\Windows\System\djfEWTf.exe
  2⤵
  PID:5184
- C:\Windows\System\FuGBRUP.exe
  C:\Windows\System\FuGBRUP.exe
  2⤵
  PID:5204
- C:\Windows\System\ZZgmXVB.exe
  C:\Windows\System\ZZgmXVB.exe
  2⤵
  PID:5224
- C:\Windows\System\kEbkIxS.exe
  C:\Windows\System\kEbkIxS.exe
  2⤵
  PID:5244
- C:\Windows\System\SltnWGc.exe
  C:\Windows\System\SltnWGc.exe
  2⤵
  PID:5264
- C:\Windows\System\wRXvorO.exe
  C:\Windows\System\wRXvorO.exe
  2⤵
  PID:5284
- C:\Windows\System\OSkUSjg.exe
  C:\Windows\System\OSkUSjg.exe
  2⤵
  PID:5304
- C:\Windows\System\jIgpccn.exe
  C:\Windows\System\jIgpccn.exe
  2⤵
  PID:5324
- C:\Windows\System\dKFCoFp.exe
  C:\Windows\System\dKFCoFp.exe
  2⤵
  PID:5344
- C:\Windows\System\LUQzZar.exe
  C:\Windows\System\LUQzZar.exe
  2⤵
  PID:5364
- C:\Windows\System\ZfLUSYf.exe
  C:\Windows\System\ZfLUSYf.exe
  2⤵
  PID:5384
- C:\Windows\System\ADxTaQi.exe
  C:\Windows\System\ADxTaQi.exe
  2⤵
  PID:5404
- C:\Windows\System\HsJHxYS.exe
  C:\Windows\System\HsJHxYS.exe
  2⤵
  PID:5424
- C:\Windows\System\YrjVViN.exe
  C:\Windows\System\YrjVViN.exe
  2⤵
  PID:5444
- C:\Windows\System\xHkpjMb.exe
  C:\Windows\System\xHkpjMb.exe
  2⤵
  PID:5464
- C:\Windows\System\tXYfKGd.exe
  C:\Windows\System\tXYfKGd.exe
  2⤵
  PID:5484
- C:\Windows\System\IqnrWde.exe
  C:\Windows\System\IqnrWde.exe
  2⤵
  PID:5504
- C:\Windows\System\ZGuVqTs.exe
  C:\Windows\System\ZGuVqTs.exe
  2⤵
  PID:5524
- C:\Windows\System\qpWsaAD.exe
  C:\Windows\System\qpWsaAD.exe
  2⤵
  PID:5544
- C:\Windows\System\dbHbKbe.exe
  C:\Windows\System\dbHbKbe.exe
  2⤵
  PID:5564
- C:\Windows\System\FZAFfFU.exe
  C:\Windows\System\FZAFfFU.exe
  2⤵
  PID:5584
- C:\Windows\System\mEpjrUd.exe
  C:\Windows\System\mEpjrUd.exe
  2⤵
  PID:5604
- C:\Windows\System\tAXyydE.exe
  C:\Windows\System\tAXyydE.exe
  2⤵
  PID:5624
- C:\Windows\System\JvIyaas.exe
  C:\Windows\System\JvIyaas.exe
  2⤵
  PID:5644
- C:\Windows\System\SAoiXWM.exe
  C:\Windows\System\SAoiXWM.exe
  2⤵
  PID:5664
- C:\Windows\System\AqBOVXk.exe
  C:\Windows\System\AqBOVXk.exe
  2⤵
  PID:5684
- C:\Windows\System\wYfAyui.exe
  C:\Windows\System\wYfAyui.exe
  2⤵
  PID:5704
- C:\Windows\System\YSitziv.exe
  C:\Windows\System\YSitziv.exe
  2⤵
  PID:5724
- C:\Windows\System\evKJymK.exe
  C:\Windows\System\evKJymK.exe
  2⤵
  PID:5744
- C:\Windows\System\uEdEQVU.exe
  C:\Windows\System\uEdEQVU.exe
  2⤵
  PID:5764
- C:\Windows\System\IECTVoN.exe
  C:\Windows\System\IECTVoN.exe
  2⤵
  PID:5784
- C:\Windows\System\OzACgHY.exe
  C:\Windows\System\OzACgHY.exe
  2⤵
  PID:5804
- C:\Windows\System\RfsjtBW.exe
  C:\Windows\System\RfsjtBW.exe
  2⤵
  PID:5824
- C:\Windows\System\lQRLbqK.exe
  C:\Windows\System\lQRLbqK.exe
  2⤵
  PID:5844
- C:\Windows\System\ZOYKtrl.exe
  C:\Windows\System\ZOYKtrl.exe
  2⤵
  PID:5864
- C:\Windows\System\cuhQUwz.exe
  C:\Windows\System\cuhQUwz.exe
  2⤵
  PID:5884
- C:\Windows\System\SSAHqeO.exe
  C:\Windows\System\SSAHqeO.exe
  2⤵
  PID:5904
- C:\Windows\System\jvyKsmx.exe
  C:\Windows\System\jvyKsmx.exe
  2⤵
  PID:5924
- C:\Windows\System\vEGTbFh.exe
  C:\Windows\System\vEGTbFh.exe
  2⤵
  PID:5944
- C:\Windows\System\acmyoge.exe
  C:\Windows\System\acmyoge.exe
  2⤵
  PID:5964
- C:\Windows\System\jWgmTzt.exe
  C:\Windows\System\jWgmTzt.exe
  2⤵
  PID:5984
- C:\Windows\System\MfetVQH.exe
  C:\Windows\System\MfetVQH.exe
  2⤵
  PID:6004
- C:\Windows\System\pfUMFgW.exe
  C:\Windows\System\pfUMFgW.exe
  2⤵
  PID:6024
- C:\Windows\System\WcMtXxG.exe
  C:\Windows\System\WcMtXxG.exe
  2⤵
  PID:6044
- C:\Windows\System\XCaSIcs.exe
  C:\Windows\System\XCaSIcs.exe
  2⤵
  PID:6064
- C:\Windows\System\LalDFWA.exe
  C:\Windows\System\LalDFWA.exe
  2⤵
  PID:6084
- C:\Windows\System\tRHiqYn.exe
  C:\Windows\System\tRHiqYn.exe
  2⤵
  PID:6104
- C:\Windows\System\ctskrAK.exe
  C:\Windows\System\ctskrAK.exe
  2⤵
  PID:6124
- C:\Windows\System\HLwHQrj.exe
  C:\Windows\System\HLwHQrj.exe
  2⤵
  PID:2592
- C:\Windows\System\LBVMWKh.exe
  C:\Windows\System\LBVMWKh.exe
  2⤵
  PID:4260
- C:\Windows\System\vQIUejD.exe
  C:\Windows\System\vQIUejD.exe
  2⤵
  PID:4200
- C:\Windows\System\mIURQBA.exe
  C:\Windows\System\mIURQBA.exe
  2⤵
  PID:4244
- C:\Windows\System\ZLmiCNQ.exe
  C:\Windows\System\ZLmiCNQ.exe
  2⤵
  PID:4368
- C:\Windows\System\amJqVvz.exe
  C:\Windows\System\amJqVvz.exe
  2⤵
  PID:4592
- C:\Windows\System\pFqXnBA.exe
  C:\Windows\System\pFqXnBA.exe
  2⤵
  PID:4748
- C:\Windows\System\icxupnX.exe
  C:\Windows\System\icxupnX.exe
  2⤵
  PID:4828
- C:\Windows\System\PofkNYr.exe
  C:\Windows\System\PofkNYr.exe
  2⤵
  PID:4780
- C:\Windows\System\iIuurrG.exe
  C:\Windows\System\iIuurrG.exe
  2⤵
  PID:4912
- C:\Windows\System\ebqFidE.exe
  C:\Windows\System\ebqFidE.exe
  2⤵
  PID:4976
- C:\Windows\System\izrihhH.exe
  C:\Windows\System\izrihhH.exe
  2⤵
  PID:3552
- C:\Windows\System\wOCWwGo.exe
  C:\Windows\System\wOCWwGo.exe
  2⤵
  PID:5128
- C:\Windows\System\ruifbWc.exe
  C:\Windows\System\ruifbWc.exe
  2⤵
  PID:5152
- C:\Windows\System\UQvZVRu.exe
  C:\Windows\System\UQvZVRu.exe
  2⤵
  PID:5200
- C:\Windows\System\UtrzgQO.exe
  C:\Windows\System\UtrzgQO.exe
  2⤵
  PID:5216
- C:\Windows\System\HXihVQr.exe
  C:\Windows\System\HXihVQr.exe
  2⤵
  PID:5280
- C:\Windows\System\cQHdkcU.exe
  C:\Windows\System\cQHdkcU.exe
  2⤵
  PID:5300
- C:\Windows\System\TXHEvOr.exe
  C:\Windows\System\TXHEvOr.exe
  2⤵
  PID:5332
- C:\Windows\System\kfHdBNz.exe
  C:\Windows\System\kfHdBNz.exe
  2⤵
  PID:5356
- C:\Windows\System\YhPtirk.exe
  C:\Windows\System\YhPtirk.exe
  2⤵
  PID:5400
- C:\Windows\System\AHmxiPq.exe
  C:\Windows\System\AHmxiPq.exe
  2⤵
  PID:5416
- C:\Windows\System\cSJsDWj.exe
  C:\Windows\System\cSJsDWj.exe
  2⤵
  PID:5476
- C:\Windows\System\eGiljea.exe
  C:\Windows\System\eGiljea.exe
  2⤵
  PID:5512
- C:\Windows\System\AqssQhX.exe
  C:\Windows\System\AqssQhX.exe
  2⤵
  PID:5532
- C:\Windows\System\zkWzYAK.exe
  C:\Windows\System\zkWzYAK.exe
  2⤵
  PID:5556
- C:\Windows\System\jtMkSEa.exe
  C:\Windows\System\jtMkSEa.exe
  2⤵
  PID:5576
- C:\Windows\System\GaPGWtH.exe
  C:\Windows\System\GaPGWtH.exe
  2⤵
  PID:5620
- C:\Windows\System\lapWixb.exe
  C:\Windows\System\lapWixb.exe
  2⤵
  PID:5672
- C:\Windows\System\aRXNKNb.exe
  C:\Windows\System\aRXNKNb.exe
  2⤵
  PID:5692
- C:\Windows\System\sSKthhM.exe
  C:\Windows\System\sSKthhM.exe
  2⤵
  PID:5716
- C:\Windows\System\rXmLroF.exe
  C:\Windows\System\rXmLroF.exe
  2⤵
  PID:5760
- C:\Windows\System\RHcmZBI.exe
  C:\Windows\System\RHcmZBI.exe
  2⤵
  PID:5776
- C:\Windows\System\bchwfvQ.exe
  C:\Windows\System\bchwfvQ.exe
  2⤵
  PID:5840
- C:\Windows\System\ORuLQGf.exe
  C:\Windows\System\ORuLQGf.exe
  2⤵
  PID:5880
- C:\Windows\System\pxLzqKY.exe
  C:\Windows\System\pxLzqKY.exe
  2⤵
  PID:5892
- C:\Windows\System\MzvURar.exe
  C:\Windows\System\MzvURar.exe
  2⤵
  PID:5916
- C:\Windows\System\ncxwast.exe
  C:\Windows\System\ncxwast.exe
  2⤵
  PID:5960
- C:\Windows\System\ELnLYKr.exe
  C:\Windows\System\ELnLYKr.exe
  2⤵
  PID:5976
- C:\Windows\System\fdhAseh.exe
  C:\Windows\System\fdhAseh.exe
  2⤵
  PID:6040
- C:\Windows\System\saWjHLR.exe
  C:\Windows\System\saWjHLR.exe
  2⤵
  PID:6072
- C:\Windows\System\lqTnWkd.exe
  C:\Windows\System\lqTnWkd.exe
  2⤵
  PID:6092
- C:\Windows\System\vvYEvyW.exe
  C:\Windows\System\vvYEvyW.exe
  2⤵
  PID:6096
- C:\Windows\System\EGKguZr.exe
  C:\Windows\System\EGKguZr.exe
  2⤵
  PID:4308
- C:\Windows\System\DwYhqhe.exe
  C:\Windows\System\DwYhqhe.exe
  2⤵
  PID:4348
- C:\Windows\System\UjUvRey.exe
  C:\Windows\System\UjUvRey.exe
  2⤵
  PID:4516
- C:\Windows\System\mRibjeB.exe
  C:\Windows\System\mRibjeB.exe
  2⤵
  PID:4544
- C:\Windows\System\XkqhiMY.exe
  C:\Windows\System\XkqhiMY.exe
  2⤵
  PID:4860
- C:\Windows\System\ibhoQWx.exe
  C:\Windows\System\ibhoQWx.exe
  2⤵
  PID:4888
- C:\Windows\System\zNYvBPB.exe
  C:\Windows\System\zNYvBPB.exe
  2⤵
  PID:4960
- C:\Windows\System\YvwXoTI.exe
  C:\Windows\System\YvwXoTI.exe
  2⤵
  PID:4176
- C:\Windows\System\ImgsDAU.exe
  C:\Windows\System\ImgsDAU.exe
  2⤵
  PID:5180
- C:\Windows\System\ZRqcgmw.exe
  C:\Windows\System\ZRqcgmw.exe
  2⤵
  PID:5272
- C:\Windows\System\qqIQKEE.exe
  C:\Windows\System\qqIQKEE.exe
  2⤵
  PID:5320
- C:\Windows\System\gElXNVe.exe
  C:\Windows\System\gElXNVe.exe
  2⤵
  PID:5336
- C:\Windows\System\FfTzgLj.exe
  C:\Windows\System\FfTzgLj.exe
  2⤵
  PID:5420
- C:\Windows\System\ucGqkeg.exe
  C:\Windows\System\ucGqkeg.exe
  2⤵
  PID:5472
- C:\Windows\System\pRXnOsj.exe
  C:\Windows\System\pRXnOsj.exe
  2⤵
  PID:5516
- C:\Windows\System\LNQpeNU.exe
  C:\Windows\System\LNQpeNU.exe
  2⤵
  PID:5592
- C:\Windows\System\PXThjmC.exe
  C:\Windows\System\PXThjmC.exe
  2⤵
  PID:5612
- C:\Windows\System\NUdKCfV.exe
  C:\Windows\System\NUdKCfV.exe
  2⤵
  PID:5636
- C:\Windows\System\LuNzgov.exe
  C:\Windows\System\LuNzgov.exe
  2⤵
  PID:5736
- C:\Windows\System\MdIQiYB.exe
  C:\Windows\System\MdIQiYB.exe
  2⤵
  PID:5792
- C:\Windows\System\wQjkHmI.exe
  C:\Windows\System\wQjkHmI.exe
  2⤵
  PID:5872
- C:\Windows\System\GAzyOvA.exe
  C:\Windows\System\GAzyOvA.exe
  2⤵
  PID:5856
- C:\Windows\System\ULhDHSP.exe
  C:\Windows\System\ULhDHSP.exe
  2⤵
  PID:5940
- C:\Windows\System\pLtFLpA.exe
  C:\Windows\System\pLtFLpA.exe
  2⤵
  PID:5996
- C:\Windows\System\HMnzVGH.exe
  C:\Windows\System\HMnzVGH.exe
  2⤵
  PID:6052
- C:\Windows\System\ajqrTJQ.exe
  C:\Windows\System\ajqrTJQ.exe
  2⤵
  PID:6100
- C:\Windows\System\XmfYgcX.exe
  C:\Windows\System\XmfYgcX.exe
  2⤵
  PID:1788
- C:\Windows\System\TfYMZXx.exe
  C:\Windows\System\TfYMZXx.exe
  2⤵
  PID:2576
- C:\Windows\System\AiMYcXP.exe
  C:\Windows\System\AiMYcXP.exe
  2⤵
  PID:4364
- C:\Windows\System\hEssGqQ.exe
  C:\Windows\System\hEssGqQ.exe
  2⤵
  PID:4908
- C:\Windows\System\AKLKKWU.exe
  C:\Windows\System\AKLKKWU.exe
  2⤵
  PID:5136
- C:\Windows\System\YPBawOP.exe
  C:\Windows\System\YPBawOP.exe
  2⤵
  PID:5236
- C:\Windows\System\VqHRgKh.exe
  C:\Windows\System\VqHRgKh.exe
  2⤵
  PID:5360
- C:\Windows\System\BPaQhXT.exe
  C:\Windows\System\BPaQhXT.exe
  2⤵
  PID:5316
- C:\Windows\System\rPpdPMz.exe
  C:\Windows\System\rPpdPMz.exe
  2⤵
  PID:5436
- C:\Windows\System\bOqLMJC.exe
  C:\Windows\System\bOqLMJC.exe
  2⤵
  PID:5536
- C:\Windows\System\jYVNIwD.exe
  C:\Windows\System\jYVNIwD.exe
  2⤵
  PID:5676
- C:\Windows\System\jDpFBpQ.exe
  C:\Windows\System\jDpFBpQ.exe
  2⤵
  PID:6160
- C:\Windows\System\KFDhiBS.exe
  C:\Windows\System\KFDhiBS.exe
  2⤵
  PID:6180
- C:\Windows\System\hCvEsqE.exe
  C:\Windows\System\hCvEsqE.exe
  2⤵
  PID:6200
- C:\Windows\System\tIBrWTl.exe
  C:\Windows\System\tIBrWTl.exe
  2⤵
  PID:6220
- C:\Windows\System\QieZkeU.exe
  C:\Windows\System\QieZkeU.exe
  2⤵
  PID:6240
- C:\Windows\System\PbftlpM.exe
  C:\Windows\System\PbftlpM.exe
  2⤵
  PID:6260
- C:\Windows\System\FixAcju.exe
  C:\Windows\System\FixAcju.exe
  2⤵
  PID:6280
- C:\Windows\System\lGSznim.exe
  C:\Windows\System\lGSznim.exe
  2⤵
  PID:6300
- C:\Windows\System\PuqifiK.exe
  C:\Windows\System\PuqifiK.exe
  2⤵
  PID:6320
- C:\Windows\System\NjGjfgD.exe
  C:\Windows\System\NjGjfgD.exe
  2⤵
  PID:6340
- C:\Windows\System\lrlnMnP.exe
  C:\Windows\System\lrlnMnP.exe
  2⤵
  PID:6360
- C:\Windows\System\xEDyBKF.exe
  C:\Windows\System\xEDyBKF.exe
  2⤵
  PID:6380
- C:\Windows\System\PhWXMir.exe
  C:\Windows\System\PhWXMir.exe
  2⤵
  PID:6400
- C:\Windows\System\gpXEQLY.exe
  C:\Windows\System\gpXEQLY.exe
  2⤵
  PID:6420
- C:\Windows\System\hotNDYO.exe
  C:\Windows\System\hotNDYO.exe
  2⤵
  PID:6440
- C:\Windows\System\ooOGVZM.exe
  C:\Windows\System\ooOGVZM.exe
  2⤵
  PID:6460
- C:\Windows\System\fTsKTeb.exe
  C:\Windows\System\fTsKTeb.exe
  2⤵
  PID:6480
- C:\Windows\System\ievnJwY.exe
  C:\Windows\System\ievnJwY.exe
  2⤵
  PID:6500
- C:\Windows\System\xvbPjfy.exe
  C:\Windows\System\xvbPjfy.exe
  2⤵
  PID:6520
- C:\Windows\System\ULGHkqr.exe
  C:\Windows\System\ULGHkqr.exe
  2⤵
  PID:6540
- C:\Windows\System\ubzgJeA.exe
  C:\Windows\System\ubzgJeA.exe
  2⤵
  PID:6560
- C:\Windows\System\qFFrTes.exe
  C:\Windows\System\qFFrTes.exe
  2⤵
  PID:6580
- C:\Windows\System\RlXtGoe.exe
  C:\Windows\System\RlXtGoe.exe
  2⤵
  PID:6600
- C:\Windows\System\tYfrzAk.exe
  C:\Windows\System\tYfrzAk.exe
  2⤵
  PID:6620
- C:\Windows\System\fsSpeED.exe
  C:\Windows\System\fsSpeED.exe
  2⤵
  PID:6640
- C:\Windows\System\sBYdLBe.exe
  C:\Windows\System\sBYdLBe.exe
  2⤵
  PID:6660
- C:\Windows\System\afyjuMn.exe
  C:\Windows\System\afyjuMn.exe
  2⤵
  PID:6676
- C:\Windows\System\WlQKFyn.exe
  C:\Windows\System\WlQKFyn.exe
  2⤵
  PID:6700
- C:\Windows\System\fnbgIzY.exe
  C:\Windows\System\fnbgIzY.exe
  2⤵
  PID:6736
- C:\Windows\System\xSgtAjC.exe
  C:\Windows\System\xSgtAjC.exe
  2⤵
  PID:6756
- C:\Windows\System\OEUXlhy.exe
  C:\Windows\System\OEUXlhy.exe
  2⤵
  PID:6776
- C:\Windows\System\ktQSwwG.exe
  C:\Windows\System\ktQSwwG.exe
  2⤵
  PID:6796
- C:\Windows\System\RKZVbIM.exe
  C:\Windows\System\RKZVbIM.exe
  2⤵
  PID:6816
- C:\Windows\System\jSVXzZi.exe
  C:\Windows\System\jSVXzZi.exe
  2⤵
  PID:6836
- C:\Windows\System\EBsPYvT.exe
  C:\Windows\System\EBsPYvT.exe
  2⤵
  PID:6856
- C:\Windows\System\iheoOom.exe
  C:\Windows\System\iheoOom.exe
  2⤵
  PID:6876
- C:\Windows\System\woRzMBE.exe
  C:\Windows\System\woRzMBE.exe
  2⤵
  PID:6896
- C:\Windows\System\xSCZmUm.exe
  C:\Windows\System\xSCZmUm.exe
  2⤵
  PID:6916
- C:\Windows\System\LPivNvw.exe
  C:\Windows\System\LPivNvw.exe
  2⤵
  PID:6936
- C:\Windows\System\rbJjUqH.exe
  C:\Windows\System\rbJjUqH.exe
  2⤵
  PID:6956
- C:\Windows\System\vNHGCBW.exe
  C:\Windows\System\vNHGCBW.exe
  2⤵
  PID:6976
- C:\Windows\System\AKWhHOk.exe
  C:\Windows\System\AKWhHOk.exe
  2⤵
  PID:6996
- C:\Windows\System\AoslkBx.exe
  C:\Windows\System\AoslkBx.exe
  2⤵
  PID:7016
- C:\Windows\System\ZwZxWUi.exe
  C:\Windows\System\ZwZxWUi.exe
  2⤵
  PID:7040
- C:\Windows\System\ezcxxZE.exe
  C:\Windows\System\ezcxxZE.exe
  2⤵
  PID:7060
- C:\Windows\System\eEWppFu.exe
  C:\Windows\System\eEWppFu.exe
  2⤵
  PID:7084
- C:\Windows\System\SdzmRBb.exe
  C:\Windows\System\SdzmRBb.exe
  2⤵
  PID:7104
- C:\Windows\System\jLCWsaM.exe
  C:\Windows\System\jLCWsaM.exe
  2⤵
  PID:7124
- C:\Windows\System\vkgWQgB.exe
  C:\Windows\System\vkgWQgB.exe
  2⤵
  PID:7144
- C:\Windows\System\akVqUIe.exe
  C:\Windows\System\akVqUIe.exe
  2⤵
  PID:7164
- C:\Windows\System\KPuxZZd.exe
  C:\Windows\System\KPuxZZd.exe
  2⤵
  PID:5772
- C:\Windows\System\niWpakl.exe
  C:\Windows\System\niWpakl.exe
  2⤵
  PID:5896
- C:\Windows\System\KRKXuJG.exe
  C:\Windows\System\KRKXuJG.exe
  2⤵
  PID:6016
- C:\Windows\System\KraxqQF.exe
  C:\Windows\System\KraxqQF.exe
  2⤵
  PID:6076
- C:\Windows\System\CFZFCRX.exe
  C:\Windows\System\CFZFCRX.exe
  2⤵
  PID:6120
- C:\Windows\System\axcNkPV.exe
  C:\Windows\System\axcNkPV.exe
  2⤵
  PID:4556
- C:\Windows\System\xTUkTim.exe
  C:\Windows\System\xTUkTim.exe
  2⤵
  PID:5088
- C:\Windows\System\wfgKNuZ.exe
  C:\Windows\System\wfgKNuZ.exe
  2⤵
  PID:5232
- C:\Windows\System\DPhlMmc.exe
  C:\Windows\System\DPhlMmc.exe
  2⤵
  PID:5376
- C:\Windows\System\SdnIOrb.exe
  C:\Windows\System\SdnIOrb.exe
  2⤵
  PID:5496
- C:\Windows\System\ZeQPbbB.exe
  C:\Windows\System\ZeQPbbB.exe
  2⤵
  PID:6168
- C:\Windows\System\KZdmYEx.exe
  C:\Windows\System\KZdmYEx.exe
  2⤵
  PID:6172
- C:\Windows\System\EfsdkDv.exe
  C:\Windows\System\EfsdkDv.exe
  2⤵
  PID:6216
- C:\Windows\System\KszqeoD.exe
  C:\Windows\System\KszqeoD.exe
  2⤵
  PID:6236
- C:\Windows\System\QyuGIEN.exe
  C:\Windows\System\QyuGIEN.exe
  2⤵
  PID:6276
- C:\Windows\System\pBuKgUd.exe
  C:\Windows\System\pBuKgUd.exe
  2⤵
  PID:6328
- C:\Windows\System\aaDibVQ.exe
  C:\Windows\System\aaDibVQ.exe
  2⤵
  PID:2452
- C:\Windows\System\HlCxeSL.exe
  C:\Windows\System\HlCxeSL.exe
  2⤵
  PID:6352
- C:\Windows\System\dcJIPRJ.exe
  C:\Windows\System\dcJIPRJ.exe
  2⤵
  PID:6396
- C:\Windows\System\JXHuifZ.exe
  C:\Windows\System\JXHuifZ.exe
  2⤵
  PID:6432
- C:\Windows\System\ScPspVG.exe
  C:\Windows\System\ScPspVG.exe
  2⤵
  PID:6468
- C:\Windows\System\YbCnkKm.exe
  C:\Windows\System\YbCnkKm.exe
  2⤵
  PID:6492
- C:\Windows\System\BhGgDkN.exe
  C:\Windows\System\BhGgDkN.exe
  2⤵
  PID:6512
- C:\Windows\System\AKJbGYY.exe
  C:\Windows\System\AKJbGYY.exe
  2⤵
  PID:6552
- C:\Windows\System\ezzYPtv.exe
  C:\Windows\System\ezzYPtv.exe
  2⤵
  PID:6616
- C:\Windows\System\OZuyphk.exe
  C:\Windows\System\OZuyphk.exe
  2⤵
  PID:6612
- C:\Windows\System\oxfWMqq.exe
  C:\Windows\System\oxfWMqq.exe
  2⤵
  PID:6656
- C:\Windows\System\pVlBssQ.exe
  C:\Windows\System\pVlBssQ.exe
  2⤵
  PID:6692
- C:\Windows\System\TdYpEgI.exe
  C:\Windows\System\TdYpEgI.exe
  2⤵
  PID:6672
- C:\Windows\System\lWJPRJy.exe
  C:\Windows\System\lWJPRJy.exe
  2⤵
  PID:2960
- C:\Windows\System\jnriVfL.exe
  C:\Windows\System\jnriVfL.exe
  2⤵
  PID:2724
- C:\Windows\System\kuvaxWx.exe
  C:\Windows\System\kuvaxWx.exe
  2⤵
  PID:544
- C:\Windows\System\QVxCZLc.exe
  C:\Windows\System\QVxCZLc.exe
  2⤵
  PID:2332
- C:\Windows\System\YjrDHXW.exe
  C:\Windows\System\YjrDHXW.exe
  2⤵
  PID:2256
- C:\Windows\System\tPjHOWv.exe
  C:\Windows\System\tPjHOWv.exe
  2⤵
  PID:2876
- C:\Windows\System\mOiUlwt.exe
  C:\Windows\System\mOiUlwt.exe
  2⤵
  PID:6752
- C:\Windows\System\vepqznW.exe
  C:\Windows\System\vepqznW.exe
  2⤵
  PID:6784
- C:\Windows\System\PkZBAFS.exe
  C:\Windows\System\PkZBAFS.exe
  2⤵
  PID:6804
- C:\Windows\System\QZJIJaK.exe
  C:\Windows\System\QZJIJaK.exe
  2⤵
  PID:3020
- C:\Windows\System\hPjLwwt.exe
  C:\Windows\System\hPjLwwt.exe
  2⤵
  PID:6848
- C:\Windows\System\AYsHPOE.exe
  C:\Windows\System\AYsHPOE.exe
  2⤵
  PID:2784
- C:\Windows\System\eHIJvMv.exe
  C:\Windows\System\eHIJvMv.exe
  2⤵
  PID:6952
- C:\Windows\System\XSDtrRN.exe
  C:\Windows\System\XSDtrRN.exe
  2⤵
  PID:6932
- C:\Windows\System\yXAwAXK.exe
  C:\Windows\System\yXAwAXK.exe
  2⤵
  PID:7028
- C:\Windows\System\PTSrapn.exe
  C:\Windows\System\PTSrapn.exe
  2⤵
  PID:7004
- C:\Windows\System\JonpNXM.exe
  C:\Windows\System\JonpNXM.exe
  2⤵
  PID:2696
- C:\Windows\System\plfGqrk.exe
  C:\Windows\System\plfGqrk.exe
  2⤵
  PID:6720
- C:\Windows\System\ZxBwRgb.exe
  C:\Windows\System\ZxBwRgb.exe
  2⤵
  PID:7120
- C:\Windows\System\uvpEhik.exe
  C:\Windows\System\uvpEhik.exe
  2⤵
  PID:7152
- C:\Windows\System\RbOwUtM.exe
  C:\Windows\System\RbOwUtM.exe
  2⤵
  PID:5752
- C:\Windows\System\iZZwWjf.exe
  C:\Windows\System\iZZwWjf.exe
  2⤵
  PID:5832
- C:\Windows\System\QjSwMrW.exe
  C:\Windows\System\QjSwMrW.exe
  2⤵
  PID:5980
- C:\Windows\System\nppsqZy.exe
  C:\Windows\System\nppsqZy.exe
  2⤵
  PID:6136
- C:\Windows\System\CdsknzW.exe
  C:\Windows\System\CdsknzW.exe
  2⤵
  PID:2052
- C:\Windows\System\pSLKnye.exe
  C:\Windows\System\pSLKnye.exe
  2⤵
  PID:4676
- C:\Windows\System\MmNLshV.exe
  C:\Windows\System\MmNLshV.exe
  2⤵
  PID:4984
- C:\Windows\System\xwYfQFU.exe
  C:\Windows\System\xwYfQFU.exe
  2⤵
  PID:5220
- C:\Windows\System\NFJoVAT.exe
  C:\Windows\System\NFJoVAT.exe
  2⤵
  PID:5192
- C:\Windows\System\DcMhKHZ.exe
  C:\Windows\System\DcMhKHZ.exe
  2⤵
  PID:5600
- C:\Windows\System\dTbdUuK.exe
  C:\Windows\System\dTbdUuK.exe
  2⤵
  PID:5720
- C:\Windows\System\ZXdYofB.exe
  C:\Windows\System\ZXdYofB.exe
  2⤵
  PID:6148
- C:\Windows\System\psTtryX.exe
  C:\Windows\System\psTtryX.exe
  2⤵
  PID:2168
- C:\Windows\System\qIYWOfb.exe
  C:\Windows\System\qIYWOfb.exe
  2⤵
  PID:6192
- C:\Windows\System\ixKVRyt.exe
  C:\Windows\System\ixKVRyt.exe
  2⤵
  PID:6252
- C:\Windows\System\HkgHBBf.exe
  C:\Windows\System\HkgHBBf.exe
  2⤵
  PID:2840
- C:\Windows\System\oYijOcV.exe
  C:\Windows\System\oYijOcV.exe
  2⤵
  PID:6368
- C:\Windows\System\WoqlCIr.exe
  C:\Windows\System\WoqlCIr.exe
  2⤵
  PID:6476
- C:\Windows\System\eChfhni.exe
  C:\Windows\System\eChfhni.exe
  2⤵
  PID:6568
- C:\Windows\System\XJcLoFJ.exe
  C:\Windows\System\XJcLoFJ.exe
  2⤵
  PID:6508
- C:\Windows\System\naNQuyL.exe
  C:\Windows\System\naNQuyL.exe
  2⤵
  PID:6652
- C:\Windows\System\HxCEkLl.exe
  C:\Windows\System\HxCEkLl.exe
  2⤵
  PID:2632
- C:\Windows\System\SDqaXrk.exe
  C:\Windows\System\SDqaXrk.exe
  2⤵
  PID:2720
- C:\Windows\System\NhmjaNA.exe
  C:\Windows\System\NhmjaNA.exe
  2⤵
  PID:2504
- C:\Windows\System\AeZqQay.exe
  C:\Windows\System\AeZqQay.exe
  2⤵
  PID:2772
- C:\Windows\System\dWalvOu.exe
  C:\Windows\System\dWalvOu.exe
  2⤵
  PID:6728
- C:\Windows\System\NQCIvLB.exe
  C:\Windows\System\NQCIvLB.exe
  2⤵
  PID:6768
- C:\Windows\System\igdvDqd.exe
  C:\Windows\System\igdvDqd.exe
  2⤵
  PID:6864
- C:\Windows\System\wJDclvl.exe
  C:\Windows\System\wJDclvl.exe
  2⤵
  PID:6888
- C:\Windows\System\kkJTigI.exe
  C:\Windows\System\kkJTigI.exe
  2⤵
  PID:6912
- C:\Windows\System\hMrWukM.exe
  C:\Windows\System\hMrWukM.exe
  2⤵
  PID:6992
- C:\Windows\System\yEcznYD.exe
  C:\Windows\System\yEcznYD.exe
  2⤵
  PID:6972
- C:\Windows\System\wgdDveN.exe
  C:\Windows\System\wgdDveN.exe
  2⤵
  PID:7080
- C:\Windows\System\VHFwTuS.exe
  C:\Windows\System\VHFwTuS.exe
  2⤵
  PID:2204
- C:\Windows\System\EVZGAMo.exe
  C:\Windows\System\EVZGAMo.exe
  2⤵
  PID:7112
- C:\Windows\System\mhQNpsH.exe
  C:\Windows\System\mhQNpsH.exe
  2⤵
  PID:7096
- C:\Windows\System\mtHdctI.exe
  C:\Windows\System\mtHdctI.exe
  2⤵
  PID:5876
- C:\Windows\System\obeTpbd.exe
  C:\Windows\System\obeTpbd.exe
  2⤵
  PID:5836
- C:\Windows\System\BImHAGJ.exe
  C:\Windows\System\BImHAGJ.exe
  2⤵
  PID:6732
- C:\Windows\System\foyWEqK.exe
  C:\Windows\System\foyWEqK.exe
  2⤵
  PID:1104
- C:\Windows\System\BJUJQtn.exe
  C:\Windows\System\BJUJQtn.exe
  2⤵
  PID:6308
- C:\Windows\System\hyZYKNj.exe
  C:\Windows\System\hyZYKNj.exe
  2⤵
  PID:6556
- C:\Windows\System\SDqgBgu.exe
  C:\Windows\System\SDqgBgu.exe
  2⤵
  PID:6312
- C:\Windows\System\vZhBpwT.exe
  C:\Windows\System\vZhBpwT.exe
  2⤵
  PID:6708
- C:\Windows\System\tOyuDRe.exe
  C:\Windows\System\tOyuDRe.exe
  2⤵
  PID:2820
- C:\Windows\System\ImESiDD.exe
  C:\Windows\System\ImESiDD.exe
  2⤵
  PID:6496
- C:\Windows\System\Pemyipe.exe
  C:\Windows\System\Pemyipe.exe
  2⤵
  PID:6588
- C:\Windows\System\uxvrXCc.exe
  C:\Windows\System\uxvrXCc.exe
  2⤵
  PID:2904
- C:\Windows\System\qaPLVpu.exe
  C:\Windows\System\qaPLVpu.exe
  2⤵
  PID:6764
- C:\Windows\System\vsMwFol.exe
  C:\Windows\System\vsMwFol.exe
  2⤵
  PID:6808
- C:\Windows\System\FpwkBhG.exe
  C:\Windows\System\FpwkBhG.exe
  2⤵
  PID:2480
- C:\Windows\System\fGiHQHP.exe
  C:\Windows\System\fGiHQHP.exe
  2⤵
  PID:6908
- C:\Windows\System\kJsJTSj.exe
  C:\Windows\System\kJsJTSj.exe
  2⤵
  PID:7024
- C:\Windows\System\nNjiECB.exe
  C:\Windows\System\nNjiECB.exe
  2⤵
  PID:7092
- C:\Windows\System\LZdNIgD.exe
  C:\Windows\System\LZdNIgD.exe
  2⤵
  PID:6844
- C:\Windows\System\OeLpRPn.exe
  C:\Windows\System\OeLpRPn.exe
  2⤵
  PID:2660
- C:\Windows\System\bIXQVjE.exe
  C:\Windows\System\bIXQVjE.exe
  2⤵
  PID:5992
- C:\Windows\System\zSjkwZd.exe
  C:\Windows\System\zSjkwZd.exe
  2⤵
  PID:6428
- C:\Windows\System\LtxSuNb.exe
  C:\Windows\System\LtxSuNb.exe
  2⤵
  PID:6632
- C:\Windows\System\bZhfLyR.exe
  C:\Windows\System\bZhfLyR.exe
  2⤵
  PID:6832
- C:\Windows\System\tzzvLmb.exe
  C:\Windows\System\tzzvLmb.exe
  2⤵
  PID:1868
- C:\Windows\System\HiQHcnY.exe
  C:\Windows\System\HiQHcnY.exe
  2⤵
  PID:5652
- C:\Windows\System\sAcAmQY.exe
  C:\Windows\System\sAcAmQY.exe
  2⤵
  PID:2408
- C:\Windows\System\pfeHMzQ.exe
  C:\Windows\System\pfeHMzQ.exe
  2⤵
  PID:2896
- C:\Windows\System\iUVgyEr.exe
  C:\Windows\System\iUVgyEr.exe
  2⤵
  PID:2780
- C:\Windows\System\UfdDqVN.exe
  C:\Windows\System\UfdDqVN.exe
  2⤵
  PID:4400
- C:\Windows\System\yFZNzCt.exe
  C:\Windows\System\yFZNzCt.exe
  2⤵
  PID:876
- C:\Windows\System\ZCMAWVN.exe
  C:\Windows\System\ZCMAWVN.exe
  2⤵
  PID:5380
- C:\Windows\System\ETnzLDP.exe
  C:\Windows\System\ETnzLDP.exe
  2⤵
  PID:1556
- C:\Windows\System\NGmeDnG.exe
  C:\Windows\System\NGmeDnG.exe
  2⤵
  PID:6208
- C:\Windows\System\xeFRsOH.exe
  C:\Windows\System\xeFRsOH.exe
  2⤵
  PID:6456
- C:\Windows\System\quxPaLa.exe
  C:\Windows\System\quxPaLa.exe
  2⤵
  PID:6572
- C:\Windows\System\qxIAoMg.exe
  C:\Windows\System\qxIAoMg.exe
  2⤵
  PID:1600
- C:\Windows\System\QuYLUHC.exe
  C:\Windows\System\QuYLUHC.exe
  2⤵
  PID:6924
- C:\Windows\System\wzyPomm.exe
  C:\Windows\System\wzyPomm.exe
  2⤵
  PID:6272
- C:\Windows\System\dxlbnHI.exe
  C:\Windows\System\dxlbnHI.exe
  2⤵
  PID:7180
- C:\Windows\System\DaHrPdU.exe
  C:\Windows\System\DaHrPdU.exe
  2⤵
  PID:7200
- C:\Windows\System\eWbCfnO.exe
  C:\Windows\System\eWbCfnO.exe
  2⤵
  PID:7216
- C:\Windows\System\IYjgJCN.exe
  C:\Windows\System\IYjgJCN.exe
  2⤵
  PID:7232
- C:\Windows\System\rXLjbrJ.exe
  C:\Windows\System\rXLjbrJ.exe
  2⤵
  PID:7248
- C:\Windows\System\KNSFCdJ.exe
  C:\Windows\System\KNSFCdJ.exe
  2⤵
  PID:7264
- C:\Windows\System\uoMFsae.exe
  C:\Windows\System\uoMFsae.exe
  2⤵
  PID:7280
- C:\Windows\System\RJlUadB.exe
  C:\Windows\System\RJlUadB.exe
  2⤵
  PID:7296
- C:\Windows\System\SdKMxCA.exe
  C:\Windows\System\SdKMxCA.exe
  2⤵
  PID:7312
- C:\Windows\System\MUWhllr.exe
  C:\Windows\System\MUWhllr.exe
  2⤵
  PID:7328
- C:\Windows\System\abDdVFs.exe
  C:\Windows\System\abDdVFs.exe
  2⤵
  PID:7344
- C:\Windows\System\pqACtWT.exe
  C:\Windows\System\pqACtWT.exe
  2⤵
  PID:7360
- C:\Windows\System\SvbKRXm.exe
  C:\Windows\System\SvbKRXm.exe
  2⤵
  PID:7376
- C:\Windows\System\ULtRmVK.exe
  C:\Windows\System\ULtRmVK.exe
  2⤵
  PID:7392
- C:\Windows\System\JXMdNgB.exe
  C:\Windows\System\JXMdNgB.exe
  2⤵
  PID:7408
- C:\Windows\System\kpLlsKM.exe
  C:\Windows\System\kpLlsKM.exe
  2⤵
  PID:7424
- C:\Windows\System\aLkKhtw.exe
  C:\Windows\System\aLkKhtw.exe
  2⤵
  PID:7440
- C:\Windows\System\frbBaUO.exe
  C:\Windows\System\frbBaUO.exe
  2⤵
  PID:7456
- C:\Windows\System\QRzcYFm.exe
  C:\Windows\System\QRzcYFm.exe
  2⤵
  PID:7476
- C:\Windows\System\TOfurFY.exe
  C:\Windows\System\TOfurFY.exe
  2⤵
  PID:7492
- C:\Windows\System\viOhVJw.exe
  C:\Windows\System\viOhVJw.exe
  2⤵
  PID:7508
- C:\Windows\System\RjDKCjZ.exe
  C:\Windows\System\RjDKCjZ.exe
  2⤵
  PID:7524
- C:\Windows\System\JHpWdHR.exe
  C:\Windows\System\JHpWdHR.exe
  2⤵
  PID:7540
- C:\Windows\System\uAflIMv.exe
  C:\Windows\System\uAflIMv.exe
  2⤵
  PID:7556
- C:\Windows\System\XqEJgkM.exe
  C:\Windows\System\XqEJgkM.exe
  2⤵
  PID:7572
- C:\Windows\System\kkoOonA.exe
  C:\Windows\System\kkoOonA.exe
  2⤵
  PID:7588
- C:\Windows\System\hVPpMnK.exe
  C:\Windows\System\hVPpMnK.exe
  2⤵
  PID:7604
- C:\Windows\System\YIWXKxA.exe
  C:\Windows\System\YIWXKxA.exe
  2⤵
  PID:7620
- C:\Windows\System\biOPKOj.exe
  C:\Windows\System\biOPKOj.exe
  2⤵
  PID:7648
- C:\Windows\System\BlMlGCi.exe
  C:\Windows\System\BlMlGCi.exe
  2⤵
  PID:7756
- C:\Windows\System\pIgbRqG.exe
  C:\Windows\System\pIgbRqG.exe
  2⤵
  PID:7776
- C:\Windows\System\HdhFwfe.exe
  C:\Windows\System\HdhFwfe.exe
  2⤵
  PID:7796
- C:\Windows\System\EMBpGCu.exe
  C:\Windows\System\EMBpGCu.exe
  2⤵
  PID:7812
- C:\Windows\System\RybfWLl.exe
  C:\Windows\System\RybfWLl.exe
  2⤵
  PID:7828
- C:\Windows\System\QQoKHvg.exe
  C:\Windows\System\QQoKHvg.exe
  2⤵
  PID:7844
- C:\Windows\System\DxQBuRk.exe
  C:\Windows\System\DxQBuRk.exe
  2⤵
  PID:7860
- C:\Windows\System\heaWMUq.exe
  C:\Windows\System\heaWMUq.exe
  2⤵
  PID:7884
- C:\Windows\System\BNOLzom.exe
  C:\Windows\System\BNOLzom.exe
  2⤵
  PID:7924
- C:\Windows\System\wDFTiSO.exe
  C:\Windows\System\wDFTiSO.exe
  2⤵
  PID:7944
- C:\Windows\System\kxGKvRo.exe
  C:\Windows\System\kxGKvRo.exe
  2⤵
  PID:7972
- C:\Windows\System\QGFZxVQ.exe
  C:\Windows\System\QGFZxVQ.exe
  2⤵
  PID:7992
- C:\Windows\System\JjDjDCW.exe
  C:\Windows\System\JjDjDCW.exe
  2⤵
  PID:8008
- C:\Windows\System\fUrEuSI.exe
  C:\Windows\System\fUrEuSI.exe
  2⤵
  PID:8024
- C:\Windows\System\rJSzgZP.exe
  C:\Windows\System\rJSzgZP.exe
  2⤵
  PID:8040
- C:\Windows\System\DdnutrF.exe
  C:\Windows\System\DdnutrF.exe
  2⤵
  PID:8056
- C:\Windows\System\GQFjqIG.exe
  C:\Windows\System\GQFjqIG.exe
  2⤵
  PID:8072
- C:\Windows\System\GUwhrhD.exe
  C:\Windows\System\GUwhrhD.exe
  2⤵
  PID:8088
- C:\Windows\System\ocnRBcQ.exe
  C:\Windows\System\ocnRBcQ.exe
  2⤵
  PID:8104
- C:\Windows\System\UOAznQQ.exe
  C:\Windows\System\UOAznQQ.exe
  2⤵
  PID:8120
- C:\Windows\System\tQjGDje.exe
  C:\Windows\System\tQjGDje.exe
  2⤵
  PID:6548
- C:\Windows\System\bfjgCRh.exe
  C:\Windows\System\bfjgCRh.exe
  2⤵
  PID:2908
- C:\Windows\System\lahFzez.exe
  C:\Windows\System\lahFzez.exe
  2⤵
  PID:1892
- C:\Windows\System\PxktNJi.exe
  C:\Windows\System\PxktNJi.exe
  2⤵
  PID:6408
- C:\Windows\System\tZiAIjL.exe
  C:\Windows\System\tZiAIjL.exe
  2⤵
  PID:7224
- C:\Windows\System\qaRZPRB.exe
  C:\Windows\System\qaRZPRB.exe
  2⤵
  PID:7292
- C:\Windows\System\PkuIYLG.exe
  C:\Windows\System\PkuIYLG.exe
  2⤵
  PID:7272
- C:\Windows\System\xWVJxxk.exe
  C:\Windows\System\xWVJxxk.exe
  2⤵
  PID:7308
- C:\Windows\System\BLSxQTz.exe
  C:\Windows\System\BLSxQTz.exe
  2⤵
  PID:2972
- C:\Windows\System\bFDXTir.exe
  C:\Windows\System\bFDXTir.exe
  2⤵
  PID:7368
- C:\Windows\System\VIVzkHy.exe
  C:\Windows\System\VIVzkHy.exe
  2⤵
  PID:7420
- C:\Windows\System\WwjNBVS.exe
  C:\Windows\System\WwjNBVS.exe
  2⤵
  PID:7400
- C:\Windows\System\uUNoimy.exe
  C:\Windows\System\uUNoimy.exe
  2⤵
  PID:7464
- C:\Windows\System\EpBEUvd.exe
  C:\Windows\System\EpBEUvd.exe
  2⤵
  PID:7500
- C:\Windows\System\nBcreAg.exe
  C:\Windows\System\nBcreAg.exe
  2⤵
  PID:7564
- C:\Windows\System\ruINhnY.exe
  C:\Windows\System\ruINhnY.exe
  2⤵
  PID:7548
- C:\Windows\System\NNVYtfs.exe
  C:\Windows\System\NNVYtfs.exe
  2⤵
  PID:7484
- C:\Windows\System\wPwykfl.exe
  C:\Windows\System\wPwykfl.exe
  2⤵
  PID:7612
- C:\Windows\System\vKmspap.exe
  C:\Windows\System\vKmspap.exe
  2⤵
  PID:7644
- C:\Windows\System\vSyZutF.exe
  C:\Windows\System\vSyZutF.exe
  2⤵
  PID:7672
- C:\Windows\System\CdkUOLe.exe
  C:\Windows\System\CdkUOLe.exe
  2⤵
  PID:7688
- C:\Windows\System\OFRvXDI.exe
  C:\Windows\System\OFRvXDI.exe
  2⤵
  PID:7704
- C:\Windows\System\vuKWgnn.exe
  C:\Windows\System\vuKWgnn.exe
  2⤵
  PID:7720
- C:\Windows\System\ycLmpwU.exe
  C:\Windows\System\ycLmpwU.exe
  2⤵
  PID:7740
- C:\Windows\System\xDwAWmW.exe
  C:\Windows\System\xDwAWmW.exe
  2⤵
  PID:7744
- C:\Windows\System\HjjdJAR.exe
  C:\Windows\System\HjjdJAR.exe
  2⤵
  PID:7856
- C:\Windows\System\mYQKrhn.exe
  C:\Windows\System\mYQKrhn.exe
  2⤵
  PID:7788
- C:\Windows\System\LDBwlZr.exe
  C:\Windows\System\LDBwlZr.exe
  2⤵
  PID:7912
- C:\Windows\System\qbUlXKq.exe
  C:\Windows\System\qbUlXKq.exe
  2⤵
  PID:7968
- C:\Windows\System\MlPLtxG.exe
  C:\Windows\System\MlPLtxG.exe
  2⤵
  PID:7824
- C:\Windows\System\iClMqjC.exe
  C:\Windows\System\iClMqjC.exe
  2⤵
  PID:7876
- C:\Windows\System\kOtocSz.exe
  C:\Windows\System\kOtocSz.exe
  2⤵
  PID:7940
- C:\Windows\System\giXrNlO.exe
  C:\Windows\System\giXrNlO.exe
  2⤵
  PID:7836
- C:\Windows\System\zZMiyfS.exe
  C:\Windows\System\zZMiyfS.exe
  2⤵
  PID:8064
- C:\Windows\System\jDWfYPR.exe
  C:\Windows\System\jDWfYPR.exe
  2⤵
  PID:8036
- C:\Windows\System\KCgKNqL.exe
  C:\Windows\System\KCgKNqL.exe
  2⤵
  PID:8048
- C:\Windows\System\VpkQSJV.exe
  C:\Windows\System\VpkQSJV.exe
  2⤵
  PID:8128
- C:\Windows\System\odSLZTD.exe
  C:\Windows\System\odSLZTD.exe
  2⤵
  PID:8132
- C:\Windows\System\bIGBKDD.exe
  C:\Windows\System\bIGBKDD.exe
  2⤵
  PID:7668
- C:\Windows\System\RaWCMlG.exe
  C:\Windows\System\RaWCMlG.exe
  2⤵
  PID:8172
- C:\Windows\System\tEGNjEo.exe
  C:\Windows\System\tEGNjEo.exe
  2⤵
  PID:8188
- C:\Windows\System\LZoISFv.exe
  C:\Windows\System\LZoISFv.exe
  2⤵
  PID:7012
- C:\Windows\System\oMVrkUa.exe
  C:\Windows\System\oMVrkUa.exe
  2⤵
  PID:1492
- C:\Windows\System\XpOLGJr.exe
  C:\Windows\System\XpOLGJr.exe
  2⤵
  PID:7452
- C:\Windows\System\rTTSoMn.exe
  C:\Windows\System\rTTSoMn.exe
  2⤵
  PID:7700
- C:\Windows\System\VHrZmQZ.exe
  C:\Windows\System\VHrZmQZ.exe
  2⤵
  PID:7580
- C:\Windows\System\rlgoRRq.exe
  C:\Windows\System\rlgoRRq.exe
  2⤵
  PID:7908
- C:\Windows\System\jXvieSe.exe
  C:\Windows\System\jXvieSe.exe
  2⤵
  PID:7896
- C:\Windows\System\xExWbRm.exe
  C:\Windows\System\xExWbRm.exe
  2⤵
  PID:7820
- C:\Windows\System\UlmKgsF.exe
  C:\Windows\System\UlmKgsF.exe
  2⤵
  PID:7920
- C:\Windows\System\VbUdmSH.exe
  C:\Windows\System\VbUdmSH.exe
  2⤵
  PID:7636
- C:\Windows\System\yEFLiSc.exe
  C:\Windows\System\yEFLiSc.exe
  2⤵
  PID:7784
- C:\Windows\System\ifPTYFE.exe
  C:\Windows\System\ifPTYFE.exe
  2⤵
  PID:7712
- C:\Windows\System\OTMwMzl.exe
  C:\Windows\System\OTMwMzl.exe
  2⤵
  PID:7956
- C:\Windows\System\ibNtScC.exe
  C:\Windows\System\ibNtScC.exe
  2⤵
  PID:7804
- C:\Windows\System\PcXXJLu.exe
  C:\Windows\System\PcXXJLu.exe
  2⤵
  PID:8152
- C:\Windows\System\tzHjZRQ.exe
  C:\Windows\System\tzHjZRQ.exe
  2⤵
  PID:8020
- C:\Windows\System\Jayrggp.exe
  C:\Windows\System\Jayrggp.exe
  2⤵
  PID:7676
- C:\Windows\System\JBFmvTf.exe
  C:\Windows\System\JBFmvTf.exe
  2⤵
  PID:8164
- C:\Windows\System\AJPsmGF.exe
  C:\Windows\System\AJPsmGF.exe
  2⤵
  PID:7188
- C:\Windows\System\GTumzVl.exe
  C:\Windows\System\GTumzVl.exe
  2⤵
  PID:7172
- C:\Windows\System\pqGonMw.exe
  C:\Windows\System\pqGonMw.exe
  2⤵
  PID:6964
- C:\Windows\System\MYpnyVj.exe
  C:\Windows\System\MYpnyVj.exe
  2⤵
  PID:1072
- C:\Windows\System\KmZELPL.exe
  C:\Windows\System\KmZELPL.exe
  2⤵
  PID:7352
- C:\Windows\System\ZSQMQDn.exe
  C:\Windows\System\ZSQMQDn.exe
  2⤵
  PID:7520
- C:\Windows\System\AfJlEPv.exe
  C:\Windows\System\AfJlEPv.exe
  2⤵
  PID:7852
- C:\Windows\System\UGVhgom.exe
  C:\Windows\System\UGVhgom.exe
  2⤵
  PID:8004
- C:\Windows\System\tnfVkNb.exe
  C:\Windows\System\tnfVkNb.exe
  2⤵
  PID:7628
- C:\Windows\System\JIShFQL.exe
  C:\Windows\System\JIShFQL.exe
  2⤵
  PID:7752
- C:\Windows\System\XejoBFE.exe
  C:\Windows\System\XejoBFE.exe
  2⤵
  PID:5500
- C:\Windows\System\plrCroC.exe
  C:\Windows\System\plrCroC.exe
  2⤵
  PID:8080
- C:\Windows\System\zpIxcjw.exe
  C:\Windows\System\zpIxcjw.exe
  2⤵
  PID:2244
- C:\Windows\System\DHyBktK.exe
  C:\Windows\System\DHyBktK.exe
  2⤵
  PID:7072
- C:\Windows\System\qTWTPyh.exe
  C:\Windows\System\qTWTPyh.exe
  2⤵
  PID:7728
- C:\Windows\System\mtTqTJJ.exe
  C:\Windows\System\mtTqTJJ.exe
  2⤵
  PID:7584
- C:\Windows\System\KMudeGR.exe
  C:\Windows\System\KMudeGR.exe
  2⤵
  PID:7660
- C:\Windows\System\WOphIYw.exe
  C:\Windows\System\WOphIYw.exe
  2⤵
  PID:7868
- C:\Windows\System\UtXCqFW.exe
  C:\Windows\System\UtXCqFW.exe
  2⤵
  PID:8084
- C:\Windows\System\hHUNtWE.exe
  C:\Windows\System\hHUNtWE.exe
  2⤵
  PID:8156
- C:\Windows\System\HaiLzlR.exe
  C:\Windows\System\HaiLzlR.exe
  2⤵
  PID:7748
- C:\Windows\System\DNnCVdL.exe
  C:\Windows\System\DNnCVdL.exe
  2⤵
  PID:7260
- C:\Windows\System\gorvkVB.exe
  C:\Windows\System\gorvkVB.exe
  2⤵
  PID:7176
- C:\Windows\System\ooPwhMW.exe
  C:\Windows\System\ooPwhMW.exe
  2⤵
  PID:8116
- C:\Windows\System\rPZVvWb.exe
  C:\Windows\System\rPZVvWb.exe
  2⤵
  PID:8200
- C:\Windows\System\gtJGBeL.exe
  C:\Windows\System\gtJGBeL.exe
  2⤵
  PID:8216
- C:\Windows\System\FYkDBkV.exe
  C:\Windows\System\FYkDBkV.exe
  2⤵
  PID:8232
- C:\Windows\System\qwvXEDY.exe
  C:\Windows\System\qwvXEDY.exe
  2⤵
  PID:8248
- C:\Windows\System\kSeclvg.exe
  C:\Windows\System\kSeclvg.exe
  2⤵
  PID:8264
- C:\Windows\System\hPuNFyv.exe
  C:\Windows\System\hPuNFyv.exe
  2⤵
  PID:8280
- C:\Windows\System\mDxWtRd.exe
  C:\Windows\System\mDxWtRd.exe
  2⤵
  PID:8296
- C:\Windows\System\cBDjMGf.exe
  C:\Windows\System\cBDjMGf.exe
  2⤵
  PID:8312
- C:\Windows\System\wkEUwZj.exe
  C:\Windows\System\wkEUwZj.exe
  2⤵
  PID:8328
- C:\Windows\System\tSSgwMz.exe
  C:\Windows\System\tSSgwMz.exe
  2⤵
  PID:8344
- C:\Windows\System\rYjHeqG.exe
  C:\Windows\System\rYjHeqG.exe
  2⤵
  PID:8360
- C:\Windows\System\sBbQKsq.exe
  C:\Windows\System\sBbQKsq.exe
  2⤵
  PID:8376
- C:\Windows\System\LjaPxcO.exe
  C:\Windows\System\LjaPxcO.exe
  2⤵
  PID:8392
- C:\Windows\System\aDNUpxc.exe
  C:\Windows\System\aDNUpxc.exe
  2⤵
  PID:8408
- C:\Windows\System\vtTPouO.exe
  C:\Windows\System\vtTPouO.exe
  2⤵
  PID:8476
- C:\Windows\System\QgjksSe.exe
  C:\Windows\System\QgjksSe.exe
  2⤵
  PID:8500
- C:\Windows\System\azXdeVC.exe
  C:\Windows\System\azXdeVC.exe
  2⤵
  PID:8524
- C:\Windows\System\meAOVMN.exe
  C:\Windows\System\meAOVMN.exe
  2⤵
  PID:8556
- C:\Windows\System\bIUhfKj.exe
  C:\Windows\System\bIUhfKj.exe
  2⤵
  PID:8572
- C:\Windows\System\wVtPZSX.exe
  C:\Windows\System\wVtPZSX.exe
  2⤵
  PID:8588
- C:\Windows\System\Vdvbrnk.exe
  C:\Windows\System\Vdvbrnk.exe
  2⤵
  PID:8604
- C:\Windows\System\SFwCLES.exe
  C:\Windows\System\SFwCLES.exe
  2⤵
  PID:8620
- C:\Windows\System\PdryDfZ.exe
  C:\Windows\System\PdryDfZ.exe
  2⤵
  PID:8636
- C:\Windows\System\iniIFBK.exe
  C:\Windows\System\iniIFBK.exe
  2⤵
  PID:8652
- C:\Windows\System\vJzocvV.exe
  C:\Windows\System\vJzocvV.exe
  2⤵
  PID:8668
- C:\Windows\System\DNMaGfz.exe
  C:\Windows\System\DNMaGfz.exe
  2⤵
  PID:8684
- C:\Windows\System\xsLMgYV.exe
  C:\Windows\System\xsLMgYV.exe
  2⤵
  PID:8700
- C:\Windows\System\XOISrbY.exe
  C:\Windows\System\XOISrbY.exe
  2⤵
  PID:8720
- C:\Windows\System\YgkqJWv.exe
  C:\Windows\System\YgkqJWv.exe
  2⤵
  PID:8736
- C:\Windows\System\UyDfyqm.exe
  C:\Windows\System\UyDfyqm.exe
  2⤵
  PID:8752
- C:\Windows\System\blPbobM.exe
  C:\Windows\System\blPbobM.exe
  2⤵
  PID:8768
- C:\Windows\System\plvUZMu.exe
  C:\Windows\System\plvUZMu.exe
  2⤵
  PID:8784
- C:\Windows\System\oDCLqCQ.exe
  C:\Windows\System\oDCLqCQ.exe
  2⤵
  PID:8800
- C:\Windows\System\UfnANKR.exe
  C:\Windows\System\UfnANKR.exe
  2⤵
  PID:8820
- C:\Windows\System\aMenUyP.exe
  C:\Windows\System\aMenUyP.exe
  2⤵
  PID:8872
- C:\Windows\System\hdFHbyi.exe
  C:\Windows\System\hdFHbyi.exe
  2⤵
  PID:8888
- C:\Windows\System\cKbZRvx.exe
  C:\Windows\System\cKbZRvx.exe
  2⤵
  PID:8904
- C:\Windows\System\xbMWxLJ.exe
  C:\Windows\System\xbMWxLJ.exe
  2⤵
  PID:8924
- C:\Windows\System\AfEturS.exe
  C:\Windows\System\AfEturS.exe
  2⤵
  PID:8944
- C:\Windows\System\IMDUeOv.exe
  C:\Windows\System\IMDUeOv.exe
  2⤵
  PID:8960
- C:\Windows\System\pDQRlEk.exe
  C:\Windows\System\pDQRlEk.exe
  2⤵
  PID:8980
- C:\Windows\System\QeJVwXI.exe
  C:\Windows\System\QeJVwXI.exe
  2⤵
  PID:9004
- C:\Windows\System\oKYNhSM.exe
  C:\Windows\System\oKYNhSM.exe
  2⤵
  PID:9036
- C:\Windows\System\kJEXpJU.exe
  C:\Windows\System\kJEXpJU.exe
  2⤵
  PID:9052
- C:\Windows\System\CFcYrgP.exe
  C:\Windows\System\CFcYrgP.exe
  2⤵
  PID:9068
- C:\Windows\System\kNhEHbS.exe
  C:\Windows\System\kNhEHbS.exe
  2⤵
  PID:9084
- C:\Windows\System\HWOThHZ.exe
  C:\Windows\System\HWOThHZ.exe
  2⤵
  PID:9100
- C:\Windows\System\EyEywcd.exe
  C:\Windows\System\EyEywcd.exe
  2⤵
  PID:9116
- C:\Windows\System\yuSiQIr.exe
  C:\Windows\System\yuSiQIr.exe
  2⤵
  PID:9132
- C:\Windows\System\XTxZmyQ.exe
  C:\Windows\System\XTxZmyQ.exe
  2⤵
  PID:9148
- C:\Windows\System\kTRiqXG.exe
  C:\Windows\System\kTRiqXG.exe
  2⤵
  PID:9164
- C:\Windows\System\iiVZDMx.exe
  C:\Windows\System\iiVZDMx.exe
  2⤵
  PID:9180
- C:\Windows\System\KMWizWR.exe
  C:\Windows\System\KMWizWR.exe
  2⤵
  PID:9196
- C:\Windows\System\sNbfJnv.exe
  C:\Windows\System\sNbfJnv.exe
  2⤵
  PID:9212
- C:\Windows\System\vwhILUz.exe
  C:\Windows\System\vwhILUz.exe
  2⤵
  PID:7304
- C:\Windows\System\syfsOBN.exe
  C:\Windows\System\syfsOBN.exe
  2⤵
  PID:7936
- C:\Windows\System\mxljlSP.exe
  C:\Windows\System\mxljlSP.exe
  2⤵
  PID:6828
- C:\Windows\System\NDMFSYA.exe
  C:\Windows\System\NDMFSYA.exe
  2⤵
  PID:8228
- C:\Windows\System\saJPJfS.exe
  C:\Windows\System\saJPJfS.exe
  2⤵
  PID:8260
- C:\Windows\System\ajYuHjg.exe
  C:\Windows\System\ajYuHjg.exe
  2⤵
  PID:8208
- C:\Windows\System\RhSaxUC.exe
  C:\Windows\System\RhSaxUC.exe
  2⤵
  PID:8308
- C:\Windows\System\kPyWONI.exe
  C:\Windows\System\kPyWONI.exe
  2⤵
  PID:8352
- C:\Windows\System\REOPtop.exe
  C:\Windows\System\REOPtop.exe
  2⤵
  PID:8388
- C:\Windows\System\btszkzw.exe
  C:\Windows\System\btszkzw.exe
  2⤵
  PID:8368
- C:\Windows\System\ixuMGGl.exe
  C:\Windows\System\ixuMGGl.exe
  2⤵
  PID:8404
- C:\Windows\System\PjgZkaV.exe
  C:\Windows\System\PjgZkaV.exe
  2⤵
  PID:8432
- C:\Windows\System\frnZDrE.exe
  C:\Windows\System\frnZDrE.exe
  2⤵
  PID:8436
- C:\Windows\System\HbtSOPT.exe
  C:\Windows\System\HbtSOPT.exe
  2⤵
  PID:8452
- C:\Windows\System\jQAmNnN.exe
  C:\Windows\System\jQAmNnN.exe
  2⤵
  PID:8492
- C:\Windows\System\xchdRqD.exe
  C:\Windows\System\xchdRqD.exe
  2⤵
  PID:8516
- C:\Windows\System\SCGKsiW.exe
  C:\Windows\System\SCGKsiW.exe
  2⤵
  PID:8540
- C:\Windows\System\UdMPxQs.exe
  C:\Windows\System\UdMPxQs.exe
  2⤵
  PID:8552
- C:\Windows\System\FGXJcZe.exe
  C:\Windows\System\FGXJcZe.exe
  2⤵
  PID:8616
- C:\Windows\System\igGXkbE.exe
  C:\Windows\System\igGXkbE.exe
  2⤵
  PID:8660
- C:\Windows\System\llrRchl.exe
  C:\Windows\System\llrRchl.exe
  2⤵
  PID:8568
- C:\Windows\System\qwzXvIB.exe
  C:\Windows\System\qwzXvIB.exe
  2⤵
  PID:8680
- C:\Windows\System\wsxZfTm.exe
  C:\Windows\System\wsxZfTm.exe
  2⤵
  PID:8728
- C:\Windows\System\fUCzLkV.exe
  C:\Windows\System\fUCzLkV.exe
  2⤵
  PID:8744
- C:\Windows\System\MjlUNqy.exe
  C:\Windows\System\MjlUNqy.exe
  2⤵
  PID:8796
- C:\Windows\System\jvPEsmI.exe
  C:\Windows\System\jvPEsmI.exe
  2⤵
  PID:8828
- C:\Windows\System\ZFDyNgn.exe
  C:\Windows\System\ZFDyNgn.exe
  2⤵
  PID:8860
- C:\Windows\System\ViWhIFa.exe
  C:\Windows\System\ViWhIFa.exe
  2⤵
  PID:8848
- C:\Windows\System\tryKKcq.exe
  C:\Windows\System\tryKKcq.exe
  2⤵
  PID:8884
- C:\Windows\System\BnZsyzF.exe
  C:\Windows\System\BnZsyzF.exe
  2⤵
  PID:8912
- C:\Windows\System\XzXsePX.exe
  C:\Windows\System\XzXsePX.exe
  2⤵
  PID:8932
- C:\Windows\System\fsYkNja.exe
  C:\Windows\System\fsYkNja.exe
  2⤵
  PID:9000
- C:\Windows\System\BXgldnb.exe
  C:\Windows\System\BXgldnb.exe
  2⤵
  PID:8976
- C:\Windows\System\VRKUOMa.exe
  C:\Windows\System\VRKUOMa.exe
  2⤵
  PID:7340
- C:\Windows\System\fzUzMNK.exe
  C:\Windows\System\fzUzMNK.exe
  2⤵
  PID:9024
- C:\Windows\System\QasyfDZ.exe
  C:\Windows\System\QasyfDZ.exe
  2⤵
  PID:9096
- C:\Windows\System\cqoyoTV.exe
  C:\Windows\System\cqoyoTV.exe
  2⤵
  PID:9160
- C:\Windows\System\aYctLIE.exe
  C:\Windows\System\aYctLIE.exe
  2⤵
  PID:9048
- C:\Windows\System\aFYbxTI.exe
  C:\Windows\System\aFYbxTI.exe
  2⤵
  PID:8276
- C:\Windows\System\XKmHuat.exe
  C:\Windows\System\XKmHuat.exe
  2⤵
  PID:8464
- C:\Windows\System\bQHXMSu.exe
  C:\Windows\System\bQHXMSu.exe
  2⤵
  PID:8400
- C:\Windows\System\GpBAEYi.exe
  C:\Windows\System\GpBAEYi.exe
  2⤵
  PID:9060
- C:\Windows\System\FPOwPyK.exe
  C:\Windows\System\FPOwPyK.exe
  2⤵
  PID:9140
- C:\Windows\System\VzWNeZU.exe
  C:\Windows\System\VzWNeZU.exe
  2⤵
  PID:8324
- C:\Windows\System\zmOEGxA.exe
  C:\Windows\System\zmOEGxA.exe
  2⤵
  PID:8424
- C:\Windows\System\eQhfVfh.exe
  C:\Windows\System\eQhfVfh.exe
  2⤵
  PID:8336
- C:\Windows\System\CXnvhjo.exe
  C:\Windows\System\CXnvhjo.exe
  2⤵
  PID:8384
- C:\Windows\System\QxFemkQ.exe
  C:\Windows\System\QxFemkQ.exe
  2⤵
  PID:8664
- C:\Windows\System\FEIETTb.exe
  C:\Windows\System\FEIETTb.exe
  2⤵
  PID:8564
- C:\Windows\System\ZKATpHJ.exe
  C:\Windows\System\ZKATpHJ.exe
  2⤵
  PID:8612
- C:\Windows\System\piVYGpy.exe
  C:\Windows\System\piVYGpy.exe
  2⤵
  PID:8600
- C:\Windows\System\oESJMfv.exe
  C:\Windows\System\oESJMfv.exe
  2⤵
  PID:8832
- C:\Windows\System\qbGoUDO.exe
  C:\Windows\System\qbGoUDO.exe
  2⤵
  PID:8864
- C:\Windows\System\PPjJdgJ.exe
  C:\Windows\System\PPjJdgJ.exe
  2⤵
  PID:8936
- C:\Windows\System\AcnFemQ.exe
  C:\Windows\System\AcnFemQ.exe
  2⤵
  PID:9012
- C:\Windows\System\fhoWcil.exe
  C:\Windows\System\fhoWcil.exe
  2⤵
  PID:8896
- C:\Windows\System\roNYiMY.exe
  C:\Windows\System\roNYiMY.exe
  2⤵
  PID:9092
- C:\Windows\System\SCdzQBJ.exe
  C:\Windows\System\SCdzQBJ.exe
  2⤵
  PID:9156
- C:\Windows\System\rfKadqV.exe
  C:\Windows\System\rfKadqV.exe
  2⤵
  PID:9108
- C:\Windows\System\zRaGGxx.exe
  C:\Windows\System\zRaGGxx.exe
  2⤵
  PID:8472
- C:\Windows\System\wBzifhO.exe
  C:\Windows\System\wBzifhO.exe
  2⤵
  PID:8508
- C:\Windows\System\SVXbRDi.exe
  C:\Windows\System\SVXbRDi.exe
  2⤵
  PID:9208
- C:\Windows\System\CVznSOy.exe
  C:\Windows\System\CVznSOy.exe
  2⤵
  PID:8580
- C:\Windows\System\YYVrHsX.exe
  C:\Windows\System\YYVrHsX.exe
  2⤵
  PID:8840
- C:\Windows\System\RolBeOS.exe
  C:\Windows\System\RolBeOS.exe
  2⤵
  PID:8844
- C:\Windows\System\pmbLNiZ.exe
  C:\Windows\System\pmbLNiZ.exe
  2⤵
  PID:9032
- C:\Windows\System\tvYkBpb.exe
  C:\Windows\System\tvYkBpb.exe
  2⤵
  PID:8512
- C:\Windows\System\pQxtfVH.exe
  C:\Windows\System\pQxtfVH.exe
  2⤵
  PID:8272
- C:\Windows\System\fwYOiAN.exe
  C:\Windows\System\fwYOiAN.exe
  2⤵
  PID:8900
- C:\Windows\System\kfUkFEq.exe
  C:\Windows\System\kfUkFEq.exe
  2⤵
  PID:7404
- C:\Windows\System\ALxhysX.exe
  C:\Windows\System\ALxhysX.exe
  2⤵
  PID:8212
- C:\Windows\System\hJFFxtk.exe
  C:\Windows\System\hJFFxtk.exe
  2⤵
  PID:8448
- C:\Windows\System\MHnoQsu.exe
  C:\Windows\System\MHnoQsu.exe
  2⤵
  PID:8732
- C:\Windows\System\jdGTWbu.exe
  C:\Windows\System\jdGTWbu.exe
  2⤵
  PID:8748
- C:\Windows\System\RbrYCNN.exe
  C:\Windows\System\RbrYCNN.exe
  2⤵
  PID:9224
- C:\Windows\System\sReXGnc.exe
  C:\Windows\System\sReXGnc.exe
  2⤵
  PID:9240
- C:\Windows\System\KMnRgeW.exe
  C:\Windows\System\KMnRgeW.exe
  2⤵
  PID:9256
- C:\Windows\System\xLPXhih.exe
  C:\Windows\System\xLPXhih.exe
  2⤵
  PID:9272
- C:\Windows\System\MQUkkIS.exe
  C:\Windows\System\MQUkkIS.exe
  2⤵
  PID:9288
- C:\Windows\System\sOFmTkd.exe
  C:\Windows\System\sOFmTkd.exe
  2⤵
  PID:9304
- C:\Windows\System\ckyXHtM.exe
  C:\Windows\System\ckyXHtM.exe
  2⤵
  PID:9320
- C:\Windows\System\SJccmDW.exe
  C:\Windows\System\SJccmDW.exe
  2⤵
  PID:9336
- C:\Windows\System\VxvdlYa.exe
  C:\Windows\System\VxvdlYa.exe
  2⤵
  PID:9352
- C:\Windows\System\cBhvQPC.exe
  C:\Windows\System\cBhvQPC.exe
  2⤵
  PID:9368
- C:\Windows\System\TWYSZgL.exe
  C:\Windows\System\TWYSZgL.exe
  2⤵
  PID:9384
- C:\Windows\System\vJeRLjv.exe
  C:\Windows\System\vJeRLjv.exe
  2⤵
  PID:9436
- C:\Windows\System\WkSQYzT.exe
  C:\Windows\System\WkSQYzT.exe
  2⤵
  PID:9552
- C:\Windows\System\rDtkyHR.exe
  C:\Windows\System\rDtkyHR.exe
  2⤵
  PID:9572
- C:\Windows\System\UlWCVoP.exe
  C:\Windows\System\UlWCVoP.exe
  2⤵
  PID:9732
- C:\Windows\System\wmStEHa.exe
  C:\Windows\System\wmStEHa.exe
  2⤵
  PID:9756
- C:\Windows\System\MADlRau.exe
  C:\Windows\System\MADlRau.exe
  2⤵
  PID:9772
- C:\Windows\System\haOEqmA.exe
  C:\Windows\System\haOEqmA.exe
  2⤵
  PID:9788
- C:\Windows\System\AAFBfFX.exe
  C:\Windows\System\AAFBfFX.exe
  2⤵
  PID:9804
- C:\Windows\System\FCKCdMK.exe
  C:\Windows\System\FCKCdMK.exe
  2⤵
  PID:9820
- C:\Windows\System\LQJVgcD.exe
  C:\Windows\System\LQJVgcD.exe
  2⤵
  PID:9836
- C:\Windows\System\zDvpkaN.exe
  C:\Windows\System\zDvpkaN.exe
  2⤵
  PID:9852
- C:\Windows\System\YdAUGMS.exe
  C:\Windows\System\YdAUGMS.exe
  2⤵
  PID:9868
- C:\Windows\System\WztJKnn.exe
  C:\Windows\System\WztJKnn.exe
  2⤵
  PID:9884
- C:\Windows\System\ylqBoOm.exe
  C:\Windows\System\ylqBoOm.exe
  2⤵
  PID:9900
- C:\Windows\System\TCHDARP.exe
  C:\Windows\System\TCHDARP.exe
  2⤵
  PID:9916
- C:\Windows\System\TcNiGmT.exe
  C:\Windows\System\TcNiGmT.exe
  2⤵
  PID:9932
- C:\Windows\System\OrBzFzI.exe
  C:\Windows\System\OrBzFzI.exe
  2⤵
  PID:9948
- C:\Windows\System\aNaAgau.exe
  C:\Windows\System\aNaAgau.exe
  2⤵
  PID:9964
- C:\Windows\System\drWwklO.exe
  C:\Windows\System\drWwklO.exe
  2⤵
  PID:9980
- C:\Windows\System\ZDFwUDK.exe
  C:\Windows\System\ZDFwUDK.exe
  2⤵
  PID:9996
- C:\Windows\System\dgZkrZr.exe
  C:\Windows\System\dgZkrZr.exe
  2⤵
  PID:10012
- C:\Windows\System\WxYMyVQ.exe
  C:\Windows\System\WxYMyVQ.exe
  2⤵
  PID:10028
- C:\Windows\System\qizFeFf.exe
  C:\Windows\System\qizFeFf.exe
  2⤵
  PID:10044
- C:\Windows\System\rVqAFrv.exe
  C:\Windows\System\rVqAFrv.exe
  2⤵
  PID:10060
- C:\Windows\System\kpZGtnW.exe
  C:\Windows\System\kpZGtnW.exe
  2⤵
  PID:10080
- C:\Windows\System\WvcJAlw.exe
  C:\Windows\System\WvcJAlw.exe
  2⤵
  PID:10096
- C:\Windows\System\oMrdNgS.exe
  C:\Windows\System\oMrdNgS.exe
  2⤵
  PID:10112
- C:\Windows\System\cbLLUAR.exe
  C:\Windows\System\cbLLUAR.exe
  2⤵
  PID:10128
- C:\Windows\System\XLrunMH.exe
  C:\Windows\System\XLrunMH.exe
  2⤵
  PID:10144
- C:\Windows\System\ZFrtwJW.exe
  C:\Windows\System\ZFrtwJW.exe
  2⤵
  PID:10160
- C:\Windows\System\RMvQUcU.exe
  C:\Windows\System\RMvQUcU.exe
  2⤵
  PID:10176
- C:\Windows\System\cFCehTr.exe
  C:\Windows\System\cFCehTr.exe
  2⤵
  PID:10192
- C:\Windows\System\iPgdLrw.exe
  C:\Windows\System\iPgdLrw.exe
  2⤵
  PID:10208
- C:\Windows\System\DFHWpIx.exe
  C:\Windows\System\DFHWpIx.exe
  2⤵
  PID:10224
- C:\Windows\System\xauqeom.exe
  C:\Windows\System\xauqeom.exe
  2⤵
  PID:8468
- C:\Windows\System\hBHWjiw.exe
  C:\Windows\System\hBHWjiw.exe
  2⤵
  PID:9112
- C:\Windows\System\NQFEEuG.exe
  C:\Windows\System\NQFEEuG.exe
  2⤵
  PID:9236
- C:\Windows\System\UVGkRsG.exe
  C:\Windows\System\UVGkRsG.exe
  2⤵
  PID:9128
- C:\Windows\System\MhOvipb.exe
  C:\Windows\System\MhOvipb.exe
  2⤵
  PID:9264
- C:\Windows\System\MJyMfKp.exe
  C:\Windows\System\MJyMfKp.exe
  2⤵
  PID:9312
- C:\Windows\System\TlCiIda.exe
  C:\Windows\System\TlCiIda.exe
  2⤵
  PID:9284
- C:\Windows\System\oyjUsvg.exe
  C:\Windows\System\oyjUsvg.exe
  2⤵
  PID:9344
- C:\Windows\System\UkHxbsd.exe
  C:\Windows\System\UkHxbsd.exe
  2⤵
  PID:9392
- C:\Windows\System\NjhaIFZ.exe
  C:\Windows\System\NjhaIFZ.exe
  2⤵
  PID:9404
- C:\Windows\System\PtduTHL.exe
  C:\Windows\System\PtduTHL.exe
  2⤵
  PID:9420
- C:\Windows\System\QqheTfa.exe
  C:\Windows\System\QqheTfa.exe
  2⤵
  PID:9444
- C:\Windows\System\WPtKEXg.exe
  C:\Windows\System\WPtKEXg.exe
  2⤵
  PID:9464
- C:\Windows\System\RPfLoEj.exe
  C:\Windows\System\RPfLoEj.exe
  2⤵
  PID:9480
- C:\Windows\System\gJmxyjq.exe
  C:\Windows\System\gJmxyjq.exe
  2⤵
  PID:9484
- C:\Windows\System\hhScrhG.exe
  C:\Windows\System\hhScrhG.exe
  2⤵
  PID:9512
- C:\Windows\System\tclNeLO.exe
  C:\Windows\System\tclNeLO.exe
  2⤵
  PID:9532
- C:\Windows\System\txGUkeQ.exe
  C:\Windows\System\txGUkeQ.exe
  2⤵
  PID:9540
- C:\Windows\System\tgIzFcF.exe
  C:\Windows\System\tgIzFcF.exe
  2⤵
  PID:9568
- C:\Windows\System\znsnzkz.exe
  C:\Windows\System\znsnzkz.exe
  2⤵
  PID:9744
- C:\Windows\System\HdaCASb.exe
  C:\Windows\System\HdaCASb.exe
  2⤵
  PID:9628
- C:\Windows\System\DWrAKzD.exe
  C:\Windows\System\DWrAKzD.exe
  2⤵
  PID:9668
- C:\Windows\System\aIbeOsi.exe
  C:\Windows\System\aIbeOsi.exe
  2⤵
  PID:9704
- C:\Windows\System\rLvqTnE.exe
  C:\Windows\System\rLvqTnE.exe
  2⤵
  PID:9580
- C:\Windows\System\fiZyneG.exe
  C:\Windows\System\fiZyneG.exe
  2⤵
  PID:9624
- C:\Windows\System\ohUcagb.exe
  C:\Windows\System\ohUcagb.exe
  2⤵
  PID:9644
- C:\Windows\System\VkqRGXw.exe
  C:\Windows\System\VkqRGXw.exe
  2⤵
  PID:9672
- C:\Windows\System\NSrkkGO.exe
  C:\Windows\System\NSrkkGO.exe
  2⤵
  PID:9816
- C:\Windows\System\VJDCoVA.exe
  C:\Windows\System\VJDCoVA.exe
  2⤵
  PID:9880
- C:\Windows\System\VNuoLqz.exe
  C:\Windows\System\VNuoLqz.exe
  2⤵
  PID:9696
- C:\Windows\System\sfjsrhf.exe
  C:\Windows\System\sfjsrhf.exe
  2⤵
  PID:9716
- C:\Windows\System\iHuDtBB.exe
  C:\Windows\System\iHuDtBB.exe
  2⤵
  PID:9604
- C:\Windows\System\czgjLkT.exe
  C:\Windows\System\czgjLkT.exe
  2⤵
  PID:9832
- C:\Windows\System\JhpEiKN.exe
  C:\Windows\System\JhpEiKN.exe
  2⤵
  PID:9924
- C:\Windows\System\WUfWTiN.exe
  C:\Windows\System\WUfWTiN.exe
  2⤵
  PID:9988
- C:\Windows\System\asECHbo.exe
  C:\Windows\System\asECHbo.exe
  2⤵
  PID:10052
- C:\Windows\System\HUFzENH.exe
  C:\Windows\System\HUFzENH.exe
  2⤵
  PID:10068
- C:\Windows\System\CKcCheM.exe
  C:\Windows\System\CKcCheM.exe
  2⤵
  PID:10120
- C:\Windows\System\yCPXtwR.exe
  C:\Windows\System\yCPXtwR.exe
  2⤵
  PID:10184
- C:\Windows\System\EcxWOFn.exe
  C:\Windows\System\EcxWOFn.exe
  2⤵
  PID:10008
- C:\Windows\System\vUIpJPH.exe
  C:\Windows\System\vUIpJPH.exe
  2⤵
  PID:10004
- C:\Windows\System\BqjDeeW.exe
  C:\Windows\System\BqjDeeW.exe
  2⤵
  PID:10140
- C:\Windows\System\tDKWmPo.exe
  C:\Windows\System\tDKWmPo.exe
  2⤵
  PID:10204
- C:\Windows\System\QVRcnVk.exe
  C:\Windows\System\QVRcnVk.exe
  2⤵
  PID:8764
- C:\Windows\System\nlsLVzG.exe
  C:\Windows\System\nlsLVzG.exe
  2⤵
  PID:9220
- C:\Windows\System\WULMVbg.exe
  C:\Windows\System\WULMVbg.exe
  2⤵
  PID:9300
- C:\Windows\System\McfbYqu.exe
  C:\Windows\System\McfbYqu.exe
  2⤵
  PID:9296
- C:\Windows\System\YDLJGdJ.exe
  C:\Windows\System\YDLJGdJ.exe
  2⤵
  PID:9280
- C:\Windows\System\HxukrrW.exe
  C:\Windows\System\HxukrrW.exe
  2⤵
  PID:9416
- C:\Windows\System\EcWJjdC.exe
  C:\Windows\System\EcWJjdC.exe
  2⤵
  PID:9500
- C:\Windows\System\CXYsRaE.exe
  C:\Windows\System\CXYsRaE.exe
  2⤵
  PID:9476
- C:\Windows\System\mfqtKTX.exe
  C:\Windows\System\mfqtKTX.exe
  2⤵
  PID:9548
- C:\Windows\System\mtzeWOO.exe
  C:\Windows\System\mtzeWOO.exe
  2⤵
  PID:9616
- C:\Windows\System\DxyZuJt.exe
  C:\Windows\System\DxyZuJt.exe
  2⤵
  PID:9700
- C:\Windows\System\orvSnbm.exe
  C:\Windows\System\orvSnbm.exe
  2⤵
  PID:9876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CKajTyN.exe

Filesize
6.0MB

MD5
59af107701665062ac09cdcdfa4ca583

SHA1
de79eda7f368a25ff99434b51b34f231717d3181

SHA256
e9f8164998d71f7b244cbb9e3fa8e711622f0171a5feb52dc747cea9f8729119

SHA512
40037fcfd90404e8048dc8f7347460779154bf98d86f343988ae90c4ba38b69a5025c2cb8bd7be464b50693f71f1392671d447787dbe859f66e7a94af83017aa

Download Submit
C:\Windows\system\EHNTYDr.exe

Filesize
6.0MB

MD5
83566448c76d4c1e4c27444f9a71c3bf

SHA1
65cfc2ca22a78c45bca312be6e7b8eec3380cace

SHA256
637fd3c048df2d6c110f227cc52e09c95605e58ca81c229d2add29f061f9727b

SHA512
3bd986a1cd8c1063599748413accfce86e630f383567b38e234735405ea181fb124c6bed658fd3785f53733844ff70093e33a14108703279c96d4c801a57b5b1

Download Submit
C:\Windows\system\FjMrREE.exe

Filesize
6.0MB

MD5
0c1ba74203d7de7489d8cf46c91ebf56

SHA1
f96e754483410adec397a602960b92ccf52ec6c2

SHA256
bc08a47f3df74001b6d699fa5131a7ec79a2e4bf23f0f2ce3495dbd2bc71c142

SHA512
cd383cac9cd6283f2e2f73fb3aa313ce2056d92df62faf0643903c98f8da2f0351edbcc2685a1a1961f3daa3ae2c87cc6a57ce07259572e24eb6efcb499005d0

Download Submit
C:\Windows\system\IbBcBUT.exe

Filesize
6.0MB

MD5
375aab9a5889a919b383eeadea3df328

SHA1
72c07b30dca6300534b21550a16f188ca4bf9c98

SHA256
69ed0e949a7b73e254876ce8cec733e1eef2011f712cac4bc9b966ffd1e80e1e

SHA512
262651a85f3394e837cb1164c0ff22274c874556c1e4cf394bcfa551fd4652a2e0ec2fc6925a61949a133644b289d222ffeebd896b224589bea8e0841fe7cbd0

Download Submit
C:\Windows\system\JxiFmDt.exe

Filesize
6.0MB

MD5
48b6b4f9b1e71d41ca0e099e03be3119

SHA1
644d5cbdabfafc8aa8d97e6f7b52e663e2e2ef4c

SHA256
c90b3bd12a15818afef5ddcc1d022dc36046ace01c4020d04c6edd505d813775

SHA512
5c7d94101d1d6f1e8d12d157064d595f3ea4fed247b2e572e648637deadfb04f38e2731cf57070566e1fbd8ece78d0f416d580c2ebe7a98c6e3ad9b0fb65b33d

Download Submit
C:\Windows\system\KimzsZJ.exe

Filesize
6.0MB

MD5
434459fff8df46e0845bc8c40e31c4da

SHA1
1f056d0c738ae06a5db1085de129b37bc4ce0a12

SHA256
f7a331ccdb5889fe360f9c3bbe1dbeb37cf9e5fe60782616fba9447422368d3f

SHA512
3e7a872e37c78afca5f35ceebf30f2b802fbdcf081e96fcad2e4533a487be8de3f578ea61ad23f773adcab44b1924317acc63a28f20b618472be5b6580c8b64b

Download Submit
C:\Windows\system\LvVdksm.exe

Filesize
6.0MB

MD5
ae9a1eb44f099f24087685b9c002ae00

SHA1
b6d41794db421554a141c98c3b0ee24bb26503c5

SHA256
00d423622bf115b2e005b9952810b8acee811f690fb22a20f42d1ce85ec52f42

SHA512
042d6af59fc5588b17e630f92070adcba9495f216f1f562fd3b3443908de4dca06c7dadffc52a9bac4bb577963baceed35f873cd64ae83fc4a11c2e12376d9cd

Download Submit
C:\Windows\system\LxdYwgM.exe

Filesize
6.0MB

MD5
c6f06a6f75cd5f6d9900a5a31fd276a6

SHA1
8c92d71706871029937f40968d3f8c1c826f223f

SHA256
388209b2f4f88c2e45e39980399e22d8af21f522921971bcfee3a329787d498f

SHA512
2639701b272402863c1a8c779da376a309934eadc314508f9bf791784630bb6555d6393df257d8c4109606198455193bc403b1deca0c3b11c875cdbc157407a5

Download Submit
C:\Windows\system\MRrqPpm.exe

Filesize
6.0MB

MD5
7812fd9cfa11434e1f18a93e4ee93376

SHA1
a208cd49516e439a798c60c961341c4af26b8ce9

SHA256
6ad10d598b613bbf84f68ee05a31d152aeeab947956d165d6019515144256318

SHA512
022fe577888879bd31d7055e27fff8856e851b0a7ae034e7f0affd1ece64691a9b4aafeec15d6894cb647fc65319bb0eb672c5b9cbaa9858df57a1e11e5a54ff

Download Submit
C:\Windows\system\NOiUbgk.exe

Filesize
6.0MB

MD5
20c4f726ada685a1519b38be76d301a1

SHA1
d4194d01308eadef7213a2ca9c3abfa6ec9308b4

SHA256
8003c722945575cb3d91442275fa1c05b71858fe3af524d5055ddea9fd932080

SHA512
38f532a2d01fb89febbdbf89c65175bc1c768de6c017793b6fe8bef4d8e3d2577d00529d91ea068ccb0fcf9ca7f252b58c4216e97bea9771deb7902117e36be4

Download Submit
C:\Windows\system\RNbIxRd.exe

Filesize
6.0MB

MD5
2e048f3549872ce8a97dd7842d02d791

SHA1
b977af59efe70bdd4da4d975a139c4a8eed053f9

SHA256
145878f71635da8ea61edc5f3852690f625d4c0969abeb3420d6a62bcd23cf0d

SHA512
0b903a2ec07e5c4cc9fc07165446b65a19caa99a976261805608c6cffbb59862ea56507e051992dc6e1851fa6319af7f5b8f837dfb9536f9b259be2e62f8c853

Download Submit
C:\Windows\system\RXGGRsz.exe

Filesize
6.0MB

MD5
5a59dab58f244e0506e9b72c3f6bd289

SHA1
c8990ee0f3df4115f80f0cfcb18bd37bf176f813

SHA256
31e3c8a1056a54a9dce635722b45196ef0494a6d398ccd09175539b787f6e36c

SHA512
fb68bc043e4e205f7eb8646256f8aeaccaa0293d28e289e3410a296bd7a9ebfb4bc2056cf0188a5846a58c60a9762e7fc3961f57da4b8f736ac243c6b60831e8

Download Submit
C:\Windows\system\UyuCOBh.exe

Filesize
6.0MB

MD5
ef60da31bff1391d632792db0a669f99

SHA1
f5fe0951406720516246d07f757483f88f73962f

SHA256
ec64f46059fc4da6f27b2ebd3a8859c164fa6c6ea8a982d7093801235293b436

SHA512
f1f4e71236a34fc4df464e81823e79f05c27212ef45dcaff3fe68968b040c1771a7e21a0e4fcce046cf0eed0f7e478178a3352241e21ca344e61a1ba16ffa85c

Download Submit
C:\Windows\system\XOstzWK.exe

Filesize
6.0MB

MD5
8752d32a9a3353996a9aee8eff8634c2

SHA1
e5c228239e70fa0296529e71672bab8f7266b53d

SHA256
3d1d8f872e44403cb4affcc3ca9f2d74396521d8c683594b2ebcb6f1743e822e

SHA512
0ae2a06b98660a7d12cf55070b5619871df42a3820925d3380037dfc82f3061366c10aa19d884146c2d40ca4dc01e7d0520dfe2b97d8e1f6c0c8cf135ba7aead

Download Submit
C:\Windows\system\XlstkhM.exe

Filesize
6.0MB

MD5
fc2a17409e1404c8c5d5821fe6e86333

SHA1
263245eea4e66b84b6e8d96f79ef220e5076cf6e

SHA256
a57e7e26d713f5af5430dbd7041b48438e85ca3b68283d1706ea8cbf0f1d8822

SHA512
6dfded3491e09a92075afc45e32fc7d7b34cbd36f41d25fb032dc401ee594c37063a03baa27b71618daa14e7faca0682cb0a4a1fe7d1a468a2b5f161ec7e66d2

Download Submit
C:\Windows\system\cbjVutC.exe

Filesize
6.0MB

MD5
e31ab1cdd46a63639a5c547b2f2ae5d5

SHA1
b188417f2b2678777e45fdc88a596e7dce1e360c

SHA256
0cd9e5f417a4d4c195e025bff31837bef172ff94476d2baa1daabf3855da9bea

SHA512
f99e51426840ae5b959725366b9088cd16ad0224886b6b66bc7b942f52e68c3d1c8ec047ef504b9b20a34c0e1d5928d8dfc9d9a923d917f14d91439a32286b19

Download Submit
C:\Windows\system\iZcOMRk.exe

Filesize
6.0MB

MD5
c6a7d3477402fc2b02aba2c36c65458b

SHA1
d1c248be5a6c48f6f6afb16a8a2884ac133d1242

SHA256
bc36396a800329cfbc6afb1daa7aedf8c32bcff225e24eeee158ec32400d03b1

SHA512
100055de47c9a2601111776a3e7fc201d897c1769a503eca64a4ee68c70c34195d355f81a9d336cc23bab164622ae26a33a0cc7c10e3f469e5121268d916c787

Download Submit
C:\Windows\system\icydaUY.exe

Filesize
6.0MB

MD5
5498e07d0220cd9c42e733f7981e5d64

SHA1
1b4580b5dcc5c7fa84a9e0c8b2a9d0670a4d9815

SHA256
98b468f00e1828e6515e5d1bade1abf11c20aa46fde6740efb03d6b3c2d976e9

SHA512
74fbda4b31c46e1d9df89fe126306198d3301d40eefd0fab21128ff3bbca1e96940bd1faabf8df8496a035f6824639a29c2e3e56505793fc79d10b37383a06cc

Download Submit
C:\Windows\system\lJVDwwT.exe

Filesize
6.0MB

MD5
72b42a4471090ead5480a2b2dd7c7438

SHA1
7e20657934add6dcba306ada1406ffe9cdde0596

SHA256
d173d291fef01d294e0c887ba153d5954d491f8e9a721f45e14bc411397e3d2f

SHA512
6eea5dd9f5f18bfcf0f1f044f36a7570b13f36405131067e958dc1bc9222b3cf706e09e5aa933902e6cf7ba3a293188c7d51c7d7c9282768f130d6fccdb7a8e6

Download Submit
C:\Windows\system\levXXAY.exe

Filesize
6.0MB

MD5
bf5a0d8bef53a89cb02f4d7321fbb4da

SHA1
b1614477e3044278f2252592a2e6999c292c0368

SHA256
1201929cd4d92aabe214695f3b3e74249606bf0dbdf54a6fb67bb8d211b74665

SHA512
2a707b0b53972b1b9a6bf3ea5e935049c843a1fbf2047d0148d48eda0ad17383c6c991aa1a040766fa38d0a1447b26f24d239b587e8fd8e6e13101de43c3ae1e

Download Submit
C:\Windows\system\mlGdwDs.exe

Filesize
6.0MB

MD5
96c2edd425643e3778da869278046154

SHA1
ee426e92fed74377807bda1445bb85ad9054674a

SHA256
46b310c733295271be29ab2306b3a2168c265e0becfe7d39d17b44e8ce9941c8

SHA512
23ede1a68bf4ee65fe696708029d1b171ce157724f96ce551c8f946436ed42a24fc2e9045447e2867f414d880d4d41548256ebc9b86967cd9188ed5e0b388504

Download Submit
C:\Windows\system\oZrdvXB.exe

Filesize
6.0MB

MD5
3407e53d4175c3dc1de7a5523b73266e

SHA1
c8406d6ac36120b2ba0e69ef283a4db84bd0bc1c

SHA256
e05522d4c82151b3451615a267bf29cbef6c4e39e08079595da0fce2dc79cc2a

SHA512
833e9d359f1e66c0b86fd8dc7126fe2c2785a407c10edc361c30fce5ddf842e97ef75aa143ffc7f118b34a4dee07a40b16dcae73582879d956c9e694a885c614

Download Submit
C:\Windows\system\ovkXJxs.exe

Filesize
6.0MB

MD5
7b254474109c802a994a14ec696ff3b5

SHA1
bbe1051a6db3f070637ab0bab8d9935476652f1b

SHA256
7d24252da2968bca008d654a2dedc5e4e2a41a41f4fa6027336acfbb6fc62add

SHA512
4326582ae845e5b1ec9b74e7694033d386a766ff19efcd36fc174aee22e6a446dc8eb158c8c23c424f1cbaf0c2611d76d295a41708f6c83a54dd1cc2f67aa5fa

Download Submit
C:\Windows\system\pYaVFQU.exe

Filesize
6.0MB

MD5
fd521648dd79d6a8fdc7785921a595fe

SHA1
97c5c30e988a9e4a4025837a4aeeefc90fbc76d6

SHA256
6d5ffdf209116ef5ce51c3f8fdb0fa7c6cf132d2da2543596ac821e488b46656

SHA512
4f2196707df6002c9c25997717a9aa70f74db5b0e0ba8e7b8dd84e022d3c37f173cd201616dfc32744c283fa4e48f7d15ad01820be251550b71cc072ac52e62a

Download Submit
C:\Windows\system\pzWyYeY.exe

Filesize
6.0MB

MD5
72c2559a07464908179a831af28166aa

SHA1
4d31a7f5346e7027f6d26eb73ab98c3fea59d3d0

SHA256
997bb8ce3bced0a3b579eeca8b21cd8ec15de75bb3d25a17d1886b3074f7e53a

SHA512
424214b87459b427ca06b69b3018609c8f2638c59bde631e518540f12ef8fe5ed9fae889f947601fabfd364f0cc0b94fb47c85dc8d619010e7f8b5d6c3f93964

Download Submit
C:\Windows\system\sfMNAxG.exe

Filesize
6.0MB

MD5
dcf40800f489ab16e87756af457617a2

SHA1
49fe3356836dbc4f2cf5dd6dadf729ccd037ea8d

SHA256
348ab7dc841fd9de3e6b42e02fbf720f08496db62def5e50a3882e9061231481

SHA512
dc814793e9b4a930f54f9e429a9de7a79337c0c28dd7c681e2379a68b71fd35888bb2fd0851eb5300536567cbe5a0301c63f95911537fce42da50eb8b0a18d94

Download Submit
C:\Windows\system\taQZCWM.exe

Filesize
6.0MB

MD5
5ebea71e947d8af7634feec3a24bdf31

SHA1
f3f2661bbbe20667c880dc2767c85c817128dae2

SHA256
2b6a999416a167c1db0a684c6d2f7ae63442879ad07abe2df613f1fba64346fb

SHA512
332df1694d7a246629efc2717b7555faa5cf94eed8405d03ef17235b1bf8da0407e5b14352cf025631c9cac1624ec245ce794b836b5f667e953f7a2631a9381a

Download Submit
C:\Windows\system\tfDykQY.exe

Filesize
6.0MB

MD5
bc25296893fa0b145b41b2c0005159e5

SHA1
d725c788a691a277a038a852da5f45d6097e9660

SHA256
e1695d77ca1c4eff93ee341bb773d82031ed9f8b20c03c978cada7957077e04d

SHA512
c4c7635b839e11b5c5a97e4f55fb86ae4c46e60403212ee9d45f5f78e57a0ac527b5521ae6ef2dd9563d521a8e7e01d603736f4bc1ec70c29701efda85b27cca

Download Submit
C:\Windows\system\vFYeapa.exe

Filesize
6.0MB

MD5
a67a02ce1a930444983bbacb357951d9

SHA1
a99fc939f231ed85563c86a480702a008d5b7004

SHA256
013211f549fe0f75b68e9a1a9baca94e9164e781d0e86aacea8b31372322000b

SHA512
49d8ba3a57ec81a628ac1ff4ec2759715834608f4412f0e91e97ef250e1229c4f17546883438afab0c5c1c91d35959ec23465ce481b24890722b64e5dca9feea

Download Submit
C:\Windows\system\xkUjrkK.exe

Filesize
6.0MB

MD5
aef787e9f43bca22098328619975ca37

SHA1
76818fa013384a5c47b041b48283ba57df84a77e

SHA256
b77eb78bdfc873f081f7bde27e3264168a01bf7ca2b96f53ed6f468141347a7c

SHA512
6fa14672e88b0ca0a0713aa2d608200bd57d0ca92ee0a6b2104ecfa24bed698265be5d6511d4da6e65694c0572c29d7b46eb65fc9986be2c967c61be72ecd25d

Download Submit
C:\Windows\system\zuNFdRI.exe

Filesize
6.0MB

MD5
9a18f425012575e938f1889f973298dc

SHA1
e26711e63bf006a2e666f96aa189d3be5333e2d1

SHA256
afea021e74e14d30cb2e2e27d3e2840a11bb0bd8ced527bc9086a9a9c43b453e

SHA512
29550480c5d54021d6442823884dc66e70adde1f46bb78f9ccf06b82c58a8090ab4a8a85bb5b8d850ed143fc841a7fcddf6e3a61d26992078bfa88da0088464e

Download Submit
\Windows\system\yyQpMpW.exe

Filesize
6.0MB

MD5
ccd0523912b2497444fd4762e354b597

SHA1
2e448c604642e3307d9f876c4b8b9dc3949c25db

SHA256
8816a3c7f2a94490402dfc668653a66a1f9da7514a8f1f6a0b7ab76415885c9b

SHA512
c78216d25959bb55562b972800b0cf9666c084e6fb7d9f39402a0bf1dc629ad8dab8628d80657a84b285075df195e5b24ba6b2e0f86f47c4c6ffbfd1817a8236

Download Submit
memory/844-3925-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/844-1617-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1256-2208-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1256-3927-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1652-1662-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1652-3918-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1752-2126-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/1752-3930-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/1968-1665-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-1-0x0000000000190000-0x00000000001A0000-memory.dmp

Filesize
64KB

Download
memory/1968-4212-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1968-712-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1968-0-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1968-1924-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/1968-1620-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-2134-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-1734-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-1983-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1968-1851-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/1968-1718-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-2035-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-732-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-2127-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-2055-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-1790-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-3928-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-1716-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-1733-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2352-3917-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2668-2040-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3921-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1780-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3926-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3919-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-1850-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3929-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1894-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3931-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2812-2018-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3920-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2884-1968-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2900-2132-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-3922-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download