cobaltstrike | 4e0e6709488a5f7f48d38ede3192bf5f5227a0ed29af1b8a19d568eb075ce9a2

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26/01/2025, 03:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

2dc450e8210c1a982619353ce2a547c1
SHA1

5ab2b9ad3b47d14e27e05072ca147afa72f25d82
SHA256

4e0e6709488a5f7f48d38ede3192bf5f5227a0ed29af1b8a19d568eb075ce9a2
SHA512

ff60fbe61de181bf6ea2ff86f84320eb52fc5bafa6ee091095b5d799ed075324b7c9a1efc3438c1e67ac4b65b5dbd4ab12c437f4aafcafa9a9c9069c0f5aaf19
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUS:T+q56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00070000000120fe-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019273-17.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001925c-18.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000192f0-23.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019346-37.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001933e-32.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019384-43.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193a2-51.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193af-59.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001920f-64.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41c-74.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a455-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a478-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a0-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ac-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4aa-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a8-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a2-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a497-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a486-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48a-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-102.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2012-0-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/files/0x00070000000120fe-6.dat	xmrig
behavioral1/files/0x0007000000019273-17.dat	xmrig
behavioral1/memory/1988-22-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2876-21-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/files/0x000700000001925c-18.dat	xmrig
behavioral1/memory/2356-9-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/files/0x00070000000192f0-23.dat	xmrig
behavioral1/memory/2220-28-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2012-38-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2760-42-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2012-41-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019346-37.dat	xmrig
behavioral1/memory/588-35-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x000600000001933e-32.dat	xmrig
behavioral1/files/0x0006000000019384-43.dat	xmrig
behavioral1/files/0x00070000000193a2-51.dat	xmrig
behavioral1/memory/2616-55-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2012-53-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2764-50-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x00070000000193af-59.dat	xmrig
behavioral1/files/0x000700000001920f-64.dat	xmrig
behavioral1/memory/588-68-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2960-69-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2012-66-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/1224-65-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/1424-75-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41c-74.dat	xmrig
behavioral1/memory/2012-71-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41d-81.dat	xmrig
behavioral1/memory/2200-83-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2764-82-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x000500000001a455-95.dat	xmrig
behavioral1/memory/2948-98-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/1340-91-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2012-89-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41e-88.dat	xmrig
behavioral1/files/0x000500000001a478-107.dat	xmrig
behavioral1/files/0x000500000001a4a0-125.dat	xmrig
behavioral1/files/0x000500000001a4b1-158.dat	xmrig
behavioral1/files/0x000500000001a4b5-165.dat	xmrig
behavioral1/memory/2200-864-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/1340-1249-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2012-1255-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2948-1373-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2012-665-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/1424-487-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4bd-188.dat	xmrig
behavioral1/files/0x000500000001a4bb-182.dat	xmrig
behavioral1/files/0x000500000001a4b9-178.dat	xmrig
behavioral1/files/0x000500000001a4b7-172.dat	xmrig
behavioral1/files/0x000500000001a4b3-162.dat	xmrig
behavioral1/files/0x000500000001a4af-153.dat	xmrig
behavioral1/files/0x000500000001a4ac-148.dat	xmrig
behavioral1/files/0x000500000001a4aa-142.dat	xmrig
behavioral1/files/0x000500000001a4a8-138.dat	xmrig
behavioral1/files/0x000500000001a4a2-132.dat	xmrig
behavioral1/files/0x000500000001a497-122.dat	xmrig
behavioral1/files/0x000500000001a486-112.dat	xmrig
behavioral1/files/0x000500000001a48a-117.dat	xmrig
behavioral1/files/0x000500000001a477-102.dat	xmrig
behavioral1/memory/2356-4004-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/1988-4005-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2876-4006-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2356	jTZMNLp.exe
1988	RkVDJId.exe
2876	yksvZeL.exe
2220	AzSvgPF.exe
588	BUYcnKw.exe
2760	gfoKESm.exe
2764	pvjRnUW.exe
2616	iZHXSvN.exe
1224	TSItBfy.exe
2960	tDgFvoR.exe
1424	yyUWqrQ.exe
2200	SIMjkqL.exe
1340	xnuuXZy.exe
2948	nSsYeYh.exe
2892	phuDzPx.exe
1252	iOHkXhd.exe
1136	pcFhSJL.exe
1072	FKEmtox.exe
2700	xoHmunU.exe
1572	ZHbFOIZ.exe
2076	EsUOEVf.exe
2020	SOwbjRh.exe
1144	PHOmZqT.exe
3064	VSQskEo.exe
3060	ctJKAHT.exe
2128	urvIRkk.exe
2368	jsRFZWZ.exe
2708	vhNJasp.exe
2592	aPhfYQw.exe
1776	yYdrYSZ.exe
1636	MhersUn.exe
2244	qtDJkmf.exe
948	BPQRRnF.exe
1068	dckNMZd.exe
1408	GMkhVQw.exe
540	vGzNIHA.exe
276	hNnNNpX.exe
1784	laayCce.exe
1812	vjnkMlZ.exe
1772	PXPEjPM.exe
696	LojFsod.exe
2492	gNiHRCG.exe
1792	HhRSycV.exe
2280	YfBRIpv.exe
1984	sQlJYqa.exe
1796	SOqRHmT.exe
1248	LVduarc.exe
1272	ooPMNHQ.exe
1944	zgXuqPL.exe
1840	ncwIOws.exe
2088	yfkRJJp.exe
1804	GjRsaTl.exe
2524	nVDQZff.exe
1580	LxUqnmN.exe
2576	tOyyywC.exe
2064	aPFYIxl.exe
2256	XcSCGrp.exe
2824	nfgZHgl.exe
2856	uelWuJr.exe
1640	PpPhJiU.exe
2840	ACAyXFa.exe
1276	tKKdYtx.exe
1536	deEhavT.exe
1692	fTXyAPH.exe

Loads dropped DLL 64 IoCs

pid	Process
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2012-0-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/files/0x00070000000120fe-6.dat	upx
behavioral1/files/0x0007000000019273-17.dat	upx
behavioral1/memory/1988-22-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2876-21-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/files/0x000700000001925c-18.dat	upx
behavioral1/memory/2356-9-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/files/0x00070000000192f0-23.dat	upx
behavioral1/memory/2220-28-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2012-38-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2760-42-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/files/0x0006000000019346-37.dat	upx
behavioral1/memory/588-35-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x000600000001933e-32.dat	upx
behavioral1/files/0x0006000000019384-43.dat	upx
behavioral1/files/0x00070000000193a2-51.dat	upx
behavioral1/memory/2616-55-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2764-50-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x00070000000193af-59.dat	upx
behavioral1/files/0x000700000001920f-64.dat	upx
behavioral1/memory/588-68-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2960-69-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/1224-65-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/1424-75-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/files/0x000500000001a41c-74.dat	upx
behavioral1/files/0x000500000001a41d-81.dat	upx
behavioral1/memory/2200-83-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2764-82-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x000500000001a455-95.dat	upx
behavioral1/memory/2948-98-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/1340-91-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/files/0x000500000001a41e-88.dat	upx
behavioral1/files/0x000500000001a478-107.dat	upx
behavioral1/files/0x000500000001a4a0-125.dat	upx
behavioral1/files/0x000500000001a4b1-158.dat	upx
behavioral1/files/0x000500000001a4b5-165.dat	upx
behavioral1/memory/2200-864-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/1340-1249-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2948-1373-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/1424-487-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/files/0x000500000001a4bd-188.dat	upx
behavioral1/files/0x000500000001a4bb-182.dat	upx
behavioral1/files/0x000500000001a4b9-178.dat	upx
behavioral1/files/0x000500000001a4b7-172.dat	upx
behavioral1/files/0x000500000001a4b3-162.dat	upx
behavioral1/files/0x000500000001a4af-153.dat	upx
behavioral1/files/0x000500000001a4ac-148.dat	upx
behavioral1/files/0x000500000001a4aa-142.dat	upx
behavioral1/files/0x000500000001a4a8-138.dat	upx
behavioral1/files/0x000500000001a4a2-132.dat	upx
behavioral1/files/0x000500000001a497-122.dat	upx
behavioral1/files/0x000500000001a486-112.dat	upx
behavioral1/files/0x000500000001a48a-117.dat	upx
behavioral1/files/0x000500000001a477-102.dat	upx
behavioral1/memory/2356-4004-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/1988-4005-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2876-4006-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2220-4007-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/588-4008-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2760-4009-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2764-4010-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2616-4011-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/1224-4012-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2960-4013-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FKEmtox.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SctgEJH.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CTaKcGf.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rrzzfqb.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjDhIMj.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zXiOkQZ.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMeQPHG.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pUfDaiC.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xtXtoFe.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EuqHjJv.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sYfDbWf.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZnASBXh.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kthKucu.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HPLUoNa.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WegWjFo.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZcXFpIC.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aPhfYQw.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJVmIAT.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AupJDTK.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EoHvHPp.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGyAIYQ.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whWYKJz.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pzYYvhl.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PYeTMTT.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnfddDG.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOyyywC.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zZtJEMR.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ztihCfy.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pOwVZJF.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZudiqFh.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jfmdyxw.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FDQADBY.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TmEEnIP.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vhGavEr.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KmqotRq.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lkJGxOM.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LXgsBtk.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OcOBLQT.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UfYIGBV.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PMwQIXP.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCsxCdY.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sKCVwOq.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSMnWia.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AOGuVTS.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mkFVNQX.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GLiXCvm.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jctWiPi.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TRTkGcf.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tluyGHi.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BPQRRnF.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zyexpLD.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AnJBxCf.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ditUhWM.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yMrTGGa.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJJKoZI.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kTrwHii.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QlCifDu.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QvJXoSo.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OXSmykY.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TobzBIR.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkWUJlM.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MymUShE.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PecmJOu.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RnrYaTc.exe	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 2356	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2012 wrote to memory of 2356	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2012 wrote to memory of 2356	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2012 wrote to memory of 2876	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2012 wrote to memory of 2876	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2012 wrote to memory of 2876	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2012 wrote to memory of 1988	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2012 wrote to memory of 1988	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2012 wrote to memory of 1988	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2012 wrote to memory of 2220	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2012 wrote to memory of 2220	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2012 wrote to memory of 2220	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2012 wrote to memory of 588	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2012 wrote to memory of 588	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2012 wrote to memory of 588	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2012 wrote to memory of 2760	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2012 wrote to memory of 2760	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2012 wrote to memory of 2760	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2012 wrote to memory of 2764	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2012 wrote to memory of 2764	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2012 wrote to memory of 2764	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2012 wrote to memory of 2616	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2012 wrote to memory of 2616	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2012 wrote to memory of 2616	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2012 wrote to memory of 1224	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2012 wrote to memory of 1224	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2012 wrote to memory of 1224	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2012 wrote to memory of 2960	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2012 wrote to memory of 2960	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2012 wrote to memory of 2960	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2012 wrote to memory of 1424	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2012 wrote to memory of 1424	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2012 wrote to memory of 1424	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2012 wrote to memory of 2200	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2012 wrote to memory of 2200	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2012 wrote to memory of 2200	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2012 wrote to memory of 1340	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2012 wrote to memory of 1340	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2012 wrote to memory of 1340	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2012 wrote to memory of 2948	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2012 wrote to memory of 2948	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2012 wrote to memory of 2948	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2012 wrote to memory of 2892	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2012 wrote to memory of 2892	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2012 wrote to memory of 2892	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2012 wrote to memory of 1252	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2012 wrote to memory of 1252	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2012 wrote to memory of 1252	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2012 wrote to memory of 1136	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2012 wrote to memory of 1136	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2012 wrote to memory of 1136	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2012 wrote to memory of 1072	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2012 wrote to memory of 1072	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2012 wrote to memory of 1072	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2012 wrote to memory of 2700	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2012 wrote to memory of 2700	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2012 wrote to memory of 2700	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2012 wrote to memory of 1572	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2012 wrote to memory of 1572	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2012 wrote to memory of 1572	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2012 wrote to memory of 2076	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2012 wrote to memory of 2076	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2012 wrote to memory of 2076	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2012 wrote to memory of 2020	2012	2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-26_2dc450e8210c1a982619353ce2a547c1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Windows\System\jTZMNLp.exe
  C:\Windows\System\jTZMNLp.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\yksvZeL.exe
  C:\Windows\System\yksvZeL.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\RkVDJId.exe
  C:\Windows\System\RkVDJId.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\AzSvgPF.exe
  C:\Windows\System\AzSvgPF.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\BUYcnKw.exe
  C:\Windows\System\BUYcnKw.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\gfoKESm.exe
  C:\Windows\System\gfoKESm.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\pvjRnUW.exe
  C:\Windows\System\pvjRnUW.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\iZHXSvN.exe
  C:\Windows\System\iZHXSvN.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\TSItBfy.exe
  C:\Windows\System\TSItBfy.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\tDgFvoR.exe
  C:\Windows\System\tDgFvoR.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\yyUWqrQ.exe
  C:\Windows\System\yyUWqrQ.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\SIMjkqL.exe
  C:\Windows\System\SIMjkqL.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\xnuuXZy.exe
  C:\Windows\System\xnuuXZy.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\nSsYeYh.exe
  C:\Windows\System\nSsYeYh.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\phuDzPx.exe
  C:\Windows\System\phuDzPx.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\iOHkXhd.exe
  C:\Windows\System\iOHkXhd.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\pcFhSJL.exe
  C:\Windows\System\pcFhSJL.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\FKEmtox.exe
  C:\Windows\System\FKEmtox.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\xoHmunU.exe
  C:\Windows\System\xoHmunU.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\ZHbFOIZ.exe
  C:\Windows\System\ZHbFOIZ.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\EsUOEVf.exe
  C:\Windows\System\EsUOEVf.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\SOwbjRh.exe
  C:\Windows\System\SOwbjRh.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\PHOmZqT.exe
  C:\Windows\System\PHOmZqT.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\VSQskEo.exe
  C:\Windows\System\VSQskEo.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\ctJKAHT.exe
  C:\Windows\System\ctJKAHT.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\urvIRkk.exe
  C:\Windows\System\urvIRkk.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\jsRFZWZ.exe
  C:\Windows\System\jsRFZWZ.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\vhNJasp.exe
  C:\Windows\System\vhNJasp.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\aPhfYQw.exe
  C:\Windows\System\aPhfYQw.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\yYdrYSZ.exe
  C:\Windows\System\yYdrYSZ.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\MhersUn.exe
  C:\Windows\System\MhersUn.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\qtDJkmf.exe
  C:\Windows\System\qtDJkmf.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\BPQRRnF.exe
  C:\Windows\System\BPQRRnF.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\dckNMZd.exe
  C:\Windows\System\dckNMZd.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\GMkhVQw.exe
  C:\Windows\System\GMkhVQw.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\vGzNIHA.exe
  C:\Windows\System\vGzNIHA.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\hNnNNpX.exe
  C:\Windows\System\hNnNNpX.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\laayCce.exe
  C:\Windows\System\laayCce.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\vjnkMlZ.exe
  C:\Windows\System\vjnkMlZ.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\PXPEjPM.exe
  C:\Windows\System\PXPEjPM.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\LojFsod.exe
  C:\Windows\System\LojFsod.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\gNiHRCG.exe
  C:\Windows\System\gNiHRCG.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\HhRSycV.exe
  C:\Windows\System\HhRSycV.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\YfBRIpv.exe
  C:\Windows\System\YfBRIpv.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\sQlJYqa.exe
  C:\Windows\System\sQlJYqa.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\SOqRHmT.exe
  C:\Windows\System\SOqRHmT.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\LVduarc.exe
  C:\Windows\System\LVduarc.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\ooPMNHQ.exe
  C:\Windows\System\ooPMNHQ.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\zgXuqPL.exe
  C:\Windows\System\zgXuqPL.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\ncwIOws.exe
  C:\Windows\System\ncwIOws.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\yfkRJJp.exe
  C:\Windows\System\yfkRJJp.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\GjRsaTl.exe
  C:\Windows\System\GjRsaTl.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\nVDQZff.exe
  C:\Windows\System\nVDQZff.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\LxUqnmN.exe
  C:\Windows\System\LxUqnmN.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\tOyyywC.exe
  C:\Windows\System\tOyyywC.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\aPFYIxl.exe
  C:\Windows\System\aPFYIxl.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\XcSCGrp.exe
  C:\Windows\System\XcSCGrp.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\nfgZHgl.exe
  C:\Windows\System\nfgZHgl.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\uelWuJr.exe
  C:\Windows\System\uelWuJr.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\PpPhJiU.exe
  C:\Windows\System\PpPhJiU.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\ACAyXFa.exe
  C:\Windows\System\ACAyXFa.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\tKKdYtx.exe
  C:\Windows\System\tKKdYtx.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\deEhavT.exe
  C:\Windows\System\deEhavT.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\fTXyAPH.exe
  C:\Windows\System\fTXyAPH.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\UMOxoEf.exe
  C:\Windows\System\UMOxoEf.exe
  2⤵
  PID:1244
- C:\Windows\System\Qeofwjn.exe
  C:\Windows\System\Qeofwjn.exe
  2⤵
  PID:580
- C:\Windows\System\qVZrnvv.exe
  C:\Windows\System\qVZrnvv.exe
  2⤵
  PID:1628
- C:\Windows\System\XGkDApk.exe
  C:\Windows\System\XGkDApk.exe
  2⤵
  PID:1908
- C:\Windows\System\wYCgVft.exe
  C:\Windows\System\wYCgVft.exe
  2⤵
  PID:552
- C:\Windows\System\jfmdyxw.exe
  C:\Windows\System\jfmdyxw.exe
  2⤵
  PID:2228
- C:\Windows\System\YUJQcOQ.exe
  C:\Windows\System\YUJQcOQ.exe
  2⤵
  PID:2420
- C:\Windows\System\uFEGsNa.exe
  C:\Windows\System\uFEGsNa.exe
  2⤵
  PID:2552
- C:\Windows\System\pyaeYNm.exe
  C:\Windows\System\pyaeYNm.exe
  2⤵
  PID:2188
- C:\Windows\System\POjBBUp.exe
  C:\Windows\System\POjBBUp.exe
  2⤵
  PID:1116
- C:\Windows\System\TojiXbq.exe
  C:\Windows\System\TojiXbq.exe
  2⤵
  PID:1608
- C:\Windows\System\Crzovts.exe
  C:\Windows\System\Crzovts.exe
  2⤵
  PID:1596
- C:\Windows\System\zrBtjNW.exe
  C:\Windows\System\zrBtjNW.exe
  2⤵
  PID:1028
- C:\Windows\System\OQDtjLk.exe
  C:\Windows\System\OQDtjLk.exe
  2⤵
  PID:2148
- C:\Windows\System\bCsTmDw.exe
  C:\Windows\System\bCsTmDw.exe
  2⤵
  PID:1960
- C:\Windows\System\TSBJqtE.exe
  C:\Windows\System\TSBJqtE.exe
  2⤵
  PID:1020
- C:\Windows\System\YYVPCdj.exe
  C:\Windows\System\YYVPCdj.exe
  2⤵
  PID:2272
- C:\Windows\System\nDfHnEm.exe
  C:\Windows\System\nDfHnEm.exe
  2⤵
  PID:2052
- C:\Windows\System\MaUsVgE.exe
  C:\Windows\System\MaUsVgE.exe
  2⤵
  PID:1132
- C:\Windows\System\RnbXIis.exe
  C:\Windows\System\RnbXIis.exe
  2⤵
  PID:1696
- C:\Windows\System\XColoNo.exe
  C:\Windows\System\XColoNo.exe
  2⤵
  PID:1864
- C:\Windows\System\PVuaJsx.exe
  C:\Windows\System\PVuaJsx.exe
  2⤵
  PID:880
- C:\Windows\System\BYKaocM.exe
  C:\Windows\System\BYKaocM.exe
  2⤵
  PID:1824
- C:\Windows\System\xhInpCW.exe
  C:\Windows\System\xhInpCW.exe
  2⤵
  PID:1684
- C:\Windows\System\VQMvdUz.exe
  C:\Windows\System\VQMvdUz.exe
  2⤵
  PID:2796
- C:\Windows\System\xNOsaxC.exe
  C:\Windows\System\xNOsaxC.exe
  2⤵
  PID:2860
- C:\Windows\System\NqzfKrN.exe
  C:\Windows\System\NqzfKrN.exe
  2⤵
  PID:2756
- C:\Windows\System\WbBBzQW.exe
  C:\Windows\System\WbBBzQW.exe
  2⤵
  PID:2748
- C:\Windows\System\waXWKPN.exe
  C:\Windows\System\waXWKPN.exe
  2⤵
  PID:2604
- C:\Windows\System\TFxhTxc.exe
  C:\Windows\System\TFxhTxc.exe
  2⤵
  PID:1736
- C:\Windows\System\rYIjIss.exe
  C:\Windows\System\rYIjIss.exe
  2⤵
  PID:1604
- C:\Windows\System\SLSqZdu.exe
  C:\Windows\System\SLSqZdu.exe
  2⤵
  PID:1328
- C:\Windows\System\EAmNzMS.exe
  C:\Windows\System\EAmNzMS.exe
  2⤵
  PID:3052
- C:\Windows\System\ayXMefd.exe
  C:\Windows\System\ayXMefd.exe
  2⤵
  PID:2316
- C:\Windows\System\JkPHvha.exe
  C:\Windows\System\JkPHvha.exe
  2⤵
  PID:1848
- C:\Windows\System\MAvfXJZ.exe
  C:\Windows\System\MAvfXJZ.exe
  2⤵
  PID:2996
- C:\Windows\System\aPCZNdi.exe
  C:\Windows\System\aPCZNdi.exe
  2⤵
  PID:1064
- C:\Windows\System\iqKXWgr.exe
  C:\Windows\System\iqKXWgr.exe
  2⤵
  PID:2168
- C:\Windows\System\edpDWhM.exe
  C:\Windows\System\edpDWhM.exe
  2⤵
  PID:2472
- C:\Windows\System\pHPeFTB.exe
  C:\Windows\System\pHPeFTB.exe
  2⤵
  PID:2160
- C:\Windows\System\dJVmIAT.exe
  C:\Windows\System\dJVmIAT.exe
  2⤵
  PID:2496
- C:\Windows\System\mCDvAtZ.exe
  C:\Windows\System\mCDvAtZ.exe
  2⤵
  PID:3036
- C:\Windows\System\oJVTcfR.exe
  C:\Windows\System\oJVTcfR.exe
  2⤵
  PID:564
- C:\Windows\System\vngwUXp.exe
  C:\Windows\System\vngwUXp.exe
  2⤵
  PID:2560
- C:\Windows\System\VwgLrzS.exe
  C:\Windows\System\VwgLrzS.exe
  2⤵
  PID:1584
- C:\Windows\System\EVxyQvE.exe
  C:\Windows\System\EVxyQvE.exe
  2⤵
  PID:2108
- C:\Windows\System\GdFJAUe.exe
  C:\Windows\System\GdFJAUe.exe
  2⤵
  PID:1964
- C:\Windows\System\mqdjOfQ.exe
  C:\Windows\System\mqdjOfQ.exe
  2⤵
  PID:2984
- C:\Windows\System\ojlpoXL.exe
  C:\Windows\System\ojlpoXL.exe
  2⤵
  PID:384
- C:\Windows\System\ZKOnHqK.exe
  C:\Windows\System\ZKOnHqK.exe
  2⤵
  PID:1432
- C:\Windows\System\gRDlobm.exe
  C:\Windows\System\gRDlobm.exe
  2⤵
  PID:2080
- C:\Windows\System\OLvDHen.exe
  C:\Windows\System\OLvDHen.exe
  2⤵
  PID:1632
- C:\Windows\System\LlcHmyS.exe
  C:\Windows\System\LlcHmyS.exe
  2⤵
  PID:2800
- C:\Windows\System\pQoTIBo.exe
  C:\Windows\System\pQoTIBo.exe
  2⤵
  PID:1288
- C:\Windows\System\DUFblMF.exe
  C:\Windows\System\DUFblMF.exe
  2⤵
  PID:1148
- C:\Windows\System\IWUaRQr.exe
  C:\Windows\System\IWUaRQr.exe
  2⤵
  PID:2880
- C:\Windows\System\wElDmra.exe
  C:\Windows\System\wElDmra.exe
  2⤵
  PID:1688
- C:\Windows\System\vFIOKfS.exe
  C:\Windows\System\vFIOKfS.exe
  2⤵
  PID:2312
- C:\Windows\System\UWHotks.exe
  C:\Windows\System\UWHotks.exe
  2⤵
  PID:1548
- C:\Windows\System\FRnmuMy.exe
  C:\Windows\System\FRnmuMy.exe
  2⤵
  PID:3084
- C:\Windows\System\FSCQdqb.exe
  C:\Windows\System\FSCQdqb.exe
  2⤵
  PID:3104
- C:\Windows\System\asKrTix.exe
  C:\Windows\System\asKrTix.exe
  2⤵
  PID:3124
- C:\Windows\System\OdIPkrT.exe
  C:\Windows\System\OdIPkrT.exe
  2⤵
  PID:3144
- C:\Windows\System\THmcbBI.exe
  C:\Windows\System\THmcbBI.exe
  2⤵
  PID:3164
- C:\Windows\System\BxGLJCv.exe
  C:\Windows\System\BxGLJCv.exe
  2⤵
  PID:3184
- C:\Windows\System\LpLRKaY.exe
  C:\Windows\System\LpLRKaY.exe
  2⤵
  PID:3204
- C:\Windows\System\EqfkMtF.exe
  C:\Windows\System\EqfkMtF.exe
  2⤵
  PID:3224
- C:\Windows\System\uMGmFTk.exe
  C:\Windows\System\uMGmFTk.exe
  2⤵
  PID:3248
- C:\Windows\System\RMDxCev.exe
  C:\Windows\System\RMDxCev.exe
  2⤵
  PID:3268
- C:\Windows\System\VSUceNf.exe
  C:\Windows\System\VSUceNf.exe
  2⤵
  PID:3288
- C:\Windows\System\zLLYzZw.exe
  C:\Windows\System\zLLYzZw.exe
  2⤵
  PID:3308
- C:\Windows\System\yFLjSOn.exe
  C:\Windows\System\yFLjSOn.exe
  2⤵
  PID:3328
- C:\Windows\System\CQMuAOV.exe
  C:\Windows\System\CQMuAOV.exe
  2⤵
  PID:3348
- C:\Windows\System\idlNOyW.exe
  C:\Windows\System\idlNOyW.exe
  2⤵
  PID:3368
- C:\Windows\System\kzbLzlr.exe
  C:\Windows\System\kzbLzlr.exe
  2⤵
  PID:3388
- C:\Windows\System\sYfDbWf.exe
  C:\Windows\System\sYfDbWf.exe
  2⤵
  PID:3408
- C:\Windows\System\SoLdJYy.exe
  C:\Windows\System\SoLdJYy.exe
  2⤵
  PID:3428
- C:\Windows\System\sIuyaey.exe
  C:\Windows\System\sIuyaey.exe
  2⤵
  PID:3448
- C:\Windows\System\QZDHzIh.exe
  C:\Windows\System\QZDHzIh.exe
  2⤵
  PID:3468
- C:\Windows\System\tOkUxMi.exe
  C:\Windows\System\tOkUxMi.exe
  2⤵
  PID:3488
- C:\Windows\System\zaGYjei.exe
  C:\Windows\System\zaGYjei.exe
  2⤵
  PID:3508
- C:\Windows\System\PNkBvsw.exe
  C:\Windows\System\PNkBvsw.exe
  2⤵
  PID:3524
- C:\Windows\System\BguIbIJ.exe
  C:\Windows\System\BguIbIJ.exe
  2⤵
  PID:3548
- C:\Windows\System\ravVXyx.exe
  C:\Windows\System\ravVXyx.exe
  2⤵
  PID:3568
- C:\Windows\System\DEKGTPm.exe
  C:\Windows\System\DEKGTPm.exe
  2⤵
  PID:3588
- C:\Windows\System\rOgdxPb.exe
  C:\Windows\System\rOgdxPb.exe
  2⤵
  PID:3608
- C:\Windows\System\ffZjnzA.exe
  C:\Windows\System\ffZjnzA.exe
  2⤵
  PID:3628
- C:\Windows\System\WYRAuWk.exe
  C:\Windows\System\WYRAuWk.exe
  2⤵
  PID:3648
- C:\Windows\System\uWnkKat.exe
  C:\Windows\System\uWnkKat.exe
  2⤵
  PID:3668
- C:\Windows\System\udLDbPx.exe
  C:\Windows\System\udLDbPx.exe
  2⤵
  PID:3688
- C:\Windows\System\rtbGmCl.exe
  C:\Windows\System\rtbGmCl.exe
  2⤵
  PID:3708
- C:\Windows\System\voeqBEw.exe
  C:\Windows\System\voeqBEw.exe
  2⤵
  PID:3728
- C:\Windows\System\XyQzXOn.exe
  C:\Windows\System\XyQzXOn.exe
  2⤵
  PID:3748
- C:\Windows\System\shNTiYW.exe
  C:\Windows\System\shNTiYW.exe
  2⤵
  PID:3768
- C:\Windows\System\GGefsIc.exe
  C:\Windows\System\GGefsIc.exe
  2⤵
  PID:3788
- C:\Windows\System\XtzApHN.exe
  C:\Windows\System\XtzApHN.exe
  2⤵
  PID:3808
- C:\Windows\System\vfpUCiR.exe
  C:\Windows\System\vfpUCiR.exe
  2⤵
  PID:3828
- C:\Windows\System\oehtocO.exe
  C:\Windows\System\oehtocO.exe
  2⤵
  PID:3848
- C:\Windows\System\iZcPckA.exe
  C:\Windows\System\iZcPckA.exe
  2⤵
  PID:3868
- C:\Windows\System\EhLgaAl.exe
  C:\Windows\System\EhLgaAl.exe
  2⤵
  PID:3888
- C:\Windows\System\HiEzzUi.exe
  C:\Windows\System\HiEzzUi.exe
  2⤵
  PID:3908
- C:\Windows\System\NgabQIi.exe
  C:\Windows\System\NgabQIi.exe
  2⤵
  PID:3928
- C:\Windows\System\AOAyJil.exe
  C:\Windows\System\AOAyJil.exe
  2⤵
  PID:3944
- C:\Windows\System\YjxyOFm.exe
  C:\Windows\System\YjxyOFm.exe
  2⤵
  PID:3964
- C:\Windows\System\uVTWdEP.exe
  C:\Windows\System\uVTWdEP.exe
  2⤵
  PID:3984
- C:\Windows\System\OfyovDM.exe
  C:\Windows\System\OfyovDM.exe
  2⤵
  PID:4004
- C:\Windows\System\OOOdWEN.exe
  C:\Windows\System\OOOdWEN.exe
  2⤵
  PID:4028
- C:\Windows\System\BKDAldR.exe
  C:\Windows\System\BKDAldR.exe
  2⤵
  PID:4048
- C:\Windows\System\vNlDhrP.exe
  C:\Windows\System\vNlDhrP.exe
  2⤵
  PID:4064
- C:\Windows\System\RWweDEf.exe
  C:\Windows\System\RWweDEf.exe
  2⤵
  PID:4088
- C:\Windows\System\ZUhyzRL.exe
  C:\Windows\System\ZUhyzRL.exe
  2⤵
  PID:2820
- C:\Windows\System\QkKbKll.exe
  C:\Windows\System\QkKbKll.exe
  2⤵
  PID:1204
- C:\Windows\System\ltbAncI.exe
  C:\Windows\System\ltbAncI.exe
  2⤵
  PID:2264
- C:\Windows\System\TBusTiT.exe
  C:\Windows\System\TBusTiT.exe
  2⤵
  PID:2004
- C:\Windows\System\Lbkkmtv.exe
  C:\Windows\System\Lbkkmtv.exe
  2⤵
  PID:1860
- C:\Windows\System\SgBDBiP.exe
  C:\Windows\System\SgBDBiP.exe
  2⤵
  PID:2392
- C:\Windows\System\jOPhOzO.exe
  C:\Windows\System\jOPhOzO.exe
  2⤵
  PID:1712
- C:\Windows\System\DNFsSdd.exe
  C:\Windows\System\DNFsSdd.exe
  2⤵
  PID:3092
- C:\Windows\System\IclzqKJ.exe
  C:\Windows\System\IclzqKJ.exe
  2⤵
  PID:3076
- C:\Windows\System\jdkegqh.exe
  C:\Windows\System\jdkegqh.exe
  2⤵
  PID:3116
- C:\Windows\System\LToMpXe.exe
  C:\Windows\System\LToMpXe.exe
  2⤵
  PID:3180
- C:\Windows\System\IOqBplf.exe
  C:\Windows\System\IOqBplf.exe
  2⤵
  PID:3216
- C:\Windows\System\fTkQKnu.exe
  C:\Windows\System\fTkQKnu.exe
  2⤵
  PID:3244
- C:\Windows\System\qrMWkPR.exe
  C:\Windows\System\qrMWkPR.exe
  2⤵
  PID:3296
- C:\Windows\System\TmhImWB.exe
  C:\Windows\System\TmhImWB.exe
  2⤵
  PID:3284
- C:\Windows\System\qRiYrfr.exe
  C:\Windows\System\qRiYrfr.exe
  2⤵
  PID:3340
- C:\Windows\System\zmMZETK.exe
  C:\Windows\System\zmMZETK.exe
  2⤵
  PID:3376
- C:\Windows\System\VMtTsaF.exe
  C:\Windows\System\VMtTsaF.exe
  2⤵
  PID:3360
- C:\Windows\System\lTmoiot.exe
  C:\Windows\System\lTmoiot.exe
  2⤵
  PID:3456
- C:\Windows\System\gJssDRE.exe
  C:\Windows\System\gJssDRE.exe
  2⤵
  PID:3476
- C:\Windows\System\DPHGJKr.exe
  C:\Windows\System\DPHGJKr.exe
  2⤵
  PID:3500
- C:\Windows\System\sgUJDeP.exe
  C:\Windows\System\sgUJDeP.exe
  2⤵
  PID:3516
- C:\Windows\System\bsJwGwI.exe
  C:\Windows\System\bsJwGwI.exe
  2⤵
  PID:3560
- C:\Windows\System\eUHyeZt.exe
  C:\Windows\System\eUHyeZt.exe
  2⤵
  PID:3600
- C:\Windows\System\AliLONe.exe
  C:\Windows\System\AliLONe.exe
  2⤵
  PID:3620
- C:\Windows\System\cCsxCdY.exe
  C:\Windows\System\cCsxCdY.exe
  2⤵
  PID:3660
- C:\Windows\System\HcSZCJq.exe
  C:\Windows\System\HcSZCJq.exe
  2⤵
  PID:3704
- C:\Windows\System\nxNcKHj.exe
  C:\Windows\System\nxNcKHj.exe
  2⤵
  PID:3724
- C:\Windows\System\uOxKSad.exe
  C:\Windows\System\uOxKSad.exe
  2⤵
  PID:3780
- C:\Windows\System\ywavdeU.exe
  C:\Windows\System\ywavdeU.exe
  2⤵
  PID:3820
- C:\Windows\System\vxLfzZX.exe
  C:\Windows\System\vxLfzZX.exe
  2⤵
  PID:3864
- C:\Windows\System\RrRGRiu.exe
  C:\Windows\System\RrRGRiu.exe
  2⤵
  PID:3844
- C:\Windows\System\QvJXoSo.exe
  C:\Windows\System\QvJXoSo.exe
  2⤵
  PID:3900
- C:\Windows\System\QGeBSdh.exe
  C:\Windows\System\QGeBSdh.exe
  2⤵
  PID:3980
- C:\Windows\System\houtIva.exe
  C:\Windows\System\houtIva.exe
  2⤵
  PID:4020
- C:\Windows\System\ocjJjmt.exe
  C:\Windows\System\ocjJjmt.exe
  2⤵
  PID:3992
- C:\Windows\System\yTWJYOf.exe
  C:\Windows\System\yTWJYOf.exe
  2⤵
  PID:4056
- C:\Windows\System\QfjuwmE.exe
  C:\Windows\System\QfjuwmE.exe
  2⤵
  PID:4072
- C:\Windows\System\gzqshcg.exe
  C:\Windows\System\gzqshcg.exe
  2⤵
  PID:2940
- C:\Windows\System\yTDPVfT.exe
  C:\Windows\System\yTDPVfT.exe
  2⤵
  PID:2828
- C:\Windows\System\jgIeYPS.exe
  C:\Windows\System\jgIeYPS.exe
  2⤵
  PID:636
- C:\Windows\System\IgtHlZf.exe
  C:\Windows\System\IgtHlZf.exe
  2⤵
  PID:900
- C:\Windows\System\hmjNdhi.exe
  C:\Windows\System\hmjNdhi.exe
  2⤵
  PID:2784
- C:\Windows\System\gxCnvlg.exe
  C:\Windows\System\gxCnvlg.exe
  2⤵
  PID:1588
- C:\Windows\System\jJtitPZ.exe
  C:\Windows\System\jJtitPZ.exe
  2⤵
  PID:3112
- C:\Windows\System\wguiUlV.exe
  C:\Windows\System\wguiUlV.exe
  2⤵
  PID:3196
- C:\Windows\System\EzqKMbo.exe
  C:\Windows\System\EzqKMbo.exe
  2⤵
  PID:3276
- C:\Windows\System\gnZQugV.exe
  C:\Windows\System\gnZQugV.exe
  2⤵
  PID:3336
- C:\Windows\System\QjdqiNm.exe
  C:\Windows\System\QjdqiNm.exe
  2⤵
  PID:3380
- C:\Windows\System\toqUQzA.exe
  C:\Windows\System\toqUQzA.exe
  2⤵
  PID:3436
- C:\Windows\System\sNvPuAu.exe
  C:\Windows\System\sNvPuAu.exe
  2⤵
  PID:3496
- C:\Windows\System\TawrMgz.exe
  C:\Windows\System\TawrMgz.exe
  2⤵
  PID:3540
- C:\Windows\System\TXzZcGa.exe
  C:\Windows\System\TXzZcGa.exe
  2⤵
  PID:3624
- C:\Windows\System\glHBjHK.exe
  C:\Windows\System\glHBjHK.exe
  2⤵
  PID:3696
- C:\Windows\System\xcTPRWq.exe
  C:\Windows\System\xcTPRWq.exe
  2⤵
  PID:3644
- C:\Windows\System\UpXMrpi.exe
  C:\Windows\System\UpXMrpi.exe
  2⤵
  PID:3744
- C:\Windows\System\JBmxaoU.exe
  C:\Windows\System\JBmxaoU.exe
  2⤵
  PID:3856
- C:\Windows\System\QkRPKCT.exe
  C:\Windows\System\QkRPKCT.exe
  2⤵
  PID:3884
- C:\Windows\System\uPeNbBZ.exe
  C:\Windows\System\uPeNbBZ.exe
  2⤵
  PID:3924
- C:\Windows\System\cCqgYDH.exe
  C:\Windows\System\cCqgYDH.exe
  2⤵
  PID:3972
- C:\Windows\System\VUBRXpp.exe
  C:\Windows\System\VUBRXpp.exe
  2⤵
  PID:2972
- C:\Windows\System\rDTLvcX.exe
  C:\Windows\System\rDTLvcX.exe
  2⤵
  PID:4040
- C:\Windows\System\OLUULKz.exe
  C:\Windows\System\OLUULKz.exe
  2⤵
  PID:2360
- C:\Windows\System\qiriDig.exe
  C:\Windows\System\qiriDig.exe
  2⤵
  PID:2520
- C:\Windows\System\jOSErzp.exe
  C:\Windows\System\jOSErzp.exe
  2⤵
  PID:3152
- C:\Windows\System\rzAghuu.exe
  C:\Windows\System\rzAghuu.exe
  2⤵
  PID:2728
- C:\Windows\System\YuurTGA.exe
  C:\Windows\System\YuurTGA.exe
  2⤵
  PID:3316
- C:\Windows\System\OYMfHOl.exe
  C:\Windows\System\OYMfHOl.exe
  2⤵
  PID:3264
- C:\Windows\System\SGUHPsE.exe
  C:\Windows\System\SGUHPsE.exe
  2⤵
  PID:3444
- C:\Windows\System\ldHpouJ.exe
  C:\Windows\System\ldHpouJ.exe
  2⤵
  PID:3440
- C:\Windows\System\trIgOUW.exe
  C:\Windows\System\trIgOUW.exe
  2⤵
  PID:1948
- C:\Windows\System\TMZsqph.exe
  C:\Windows\System\TMZsqph.exe
  2⤵
  PID:3684
- C:\Windows\System\IToSfLw.exe
  C:\Windows\System\IToSfLw.exe
  2⤵
  PID:3740
- C:\Windows\System\vuXIonk.exe
  C:\Windows\System\vuXIonk.exe
  2⤵
  PID:3816
- C:\Windows\System\uNHwgon.exe
  C:\Windows\System\uNHwgon.exe
  2⤵
  PID:3876
- C:\Windows\System\qZGCCus.exe
  C:\Windows\System\qZGCCus.exe
  2⤵
  PID:2732
- C:\Windows\System\XZTlvLA.exe
  C:\Windows\System\XZTlvLA.exe
  2⤵
  PID:2848
- C:\Windows\System\jkomfWT.exe
  C:\Windows\System\jkomfWT.exe
  2⤵
  PID:3080
- C:\Windows\System\KTLJGsK.exe
  C:\Windows\System\KTLJGsK.exe
  2⤵
  PID:3200
- C:\Windows\System\JJGdICA.exe
  C:\Windows\System\JJGdICA.exe
  2⤵
  PID:1744
- C:\Windows\System\eGQmgtH.exe
  C:\Windows\System\eGQmgtH.exe
  2⤵
  PID:3564
- C:\Windows\System\gRpwFZi.exe
  C:\Windows\System\gRpwFZi.exe
  2⤵
  PID:3356
- C:\Windows\System\EgnxZfl.exe
  C:\Windows\System\EgnxZfl.exe
  2⤵
  PID:3764
- C:\Windows\System\WtqWzyB.exe
  C:\Windows\System\WtqWzyB.exe
  2⤵
  PID:2724
- C:\Windows\System\nlhCtml.exe
  C:\Windows\System\nlhCtml.exe
  2⤵
  PID:4016
- C:\Windows\System\MESICGT.exe
  C:\Windows\System\MESICGT.exe
  2⤵
  PID:3212
- C:\Windows\System\KmqotRq.exe
  C:\Windows\System\KmqotRq.exe
  2⤵
  PID:2216
- C:\Windows\System\PAVAHbt.exe
  C:\Windows\System\PAVAHbt.exe
  2⤵
  PID:3424
- C:\Windows\System\JaktTdT.exe
  C:\Windows\System\JaktTdT.exe
  2⤵
  PID:3260
- C:\Windows\System\aLrxyrp.exe
  C:\Windows\System\aLrxyrp.exe
  2⤵
  PID:4108
- C:\Windows\System\nkxtUYW.exe
  C:\Windows\System\nkxtUYW.exe
  2⤵
  PID:4128
- C:\Windows\System\MdGsKKo.exe
  C:\Windows\System\MdGsKKo.exe
  2⤵
  PID:4144
- C:\Windows\System\GuqHYtv.exe
  C:\Windows\System\GuqHYtv.exe
  2⤵
  PID:4172
- C:\Windows\System\LbehUgf.exe
  C:\Windows\System\LbehUgf.exe
  2⤵
  PID:4192
- C:\Windows\System\wrKDYNk.exe
  C:\Windows\System\wrKDYNk.exe
  2⤵
  PID:4212
- C:\Windows\System\lkJGxOM.exe
  C:\Windows\System\lkJGxOM.exe
  2⤵
  PID:4228
- C:\Windows\System\YcPujQG.exe
  C:\Windows\System\YcPujQG.exe
  2⤵
  PID:4260
- C:\Windows\System\AMJvSGA.exe
  C:\Windows\System\AMJvSGA.exe
  2⤵
  PID:4280
- C:\Windows\System\uYnmPNB.exe
  C:\Windows\System\uYnmPNB.exe
  2⤵
  PID:4300
- C:\Windows\System\iDYGOOz.exe
  C:\Windows\System\iDYGOOz.exe
  2⤵
  PID:4320
- C:\Windows\System\AaVLhvk.exe
  C:\Windows\System\AaVLhvk.exe
  2⤵
  PID:4336
- C:\Windows\System\ZnASBXh.exe
  C:\Windows\System\ZnASBXh.exe
  2⤵
  PID:4360
- C:\Windows\System\zOgcyDd.exe
  C:\Windows\System\zOgcyDd.exe
  2⤵
  PID:4380
- C:\Windows\System\AupJDTK.exe
  C:\Windows\System\AupJDTK.exe
  2⤵
  PID:4400
- C:\Windows\System\ysEaTDq.exe
  C:\Windows\System\ysEaTDq.exe
  2⤵
  PID:4416
- C:\Windows\System\jFDPIzZ.exe
  C:\Windows\System\jFDPIzZ.exe
  2⤵
  PID:4440
- C:\Windows\System\vxmxdoN.exe
  C:\Windows\System\vxmxdoN.exe
  2⤵
  PID:4464
- C:\Windows\System\XaHkuxf.exe
  C:\Windows\System\XaHkuxf.exe
  2⤵
  PID:4484
- C:\Windows\System\MJNkvTp.exe
  C:\Windows\System\MJNkvTp.exe
  2⤵
  PID:4508
- C:\Windows\System\rmfesTQ.exe
  C:\Windows\System\rmfesTQ.exe
  2⤵
  PID:4528
- C:\Windows\System\WszyQWW.exe
  C:\Windows\System\WszyQWW.exe
  2⤵
  PID:4548
- C:\Windows\System\SctgEJH.exe
  C:\Windows\System\SctgEJH.exe
  2⤵
  PID:4572
- C:\Windows\System\dujllOm.exe
  C:\Windows\System\dujllOm.exe
  2⤵
  PID:4592
- C:\Windows\System\dfsGKOf.exe
  C:\Windows\System\dfsGKOf.exe
  2⤵
  PID:4608
- C:\Windows\System\ROutnfh.exe
  C:\Windows\System\ROutnfh.exe
  2⤵
  PID:4632
- C:\Windows\System\keGDAWH.exe
  C:\Windows\System\keGDAWH.exe
  2⤵
  PID:4652
- C:\Windows\System\yqIQDrk.exe
  C:\Windows\System\yqIQDrk.exe
  2⤵
  PID:4672
- C:\Windows\System\qEICpfO.exe
  C:\Windows\System\qEICpfO.exe
  2⤵
  PID:4700
- C:\Windows\System\psREKSC.exe
  C:\Windows\System\psREKSC.exe
  2⤵
  PID:4720
- C:\Windows\System\iFbTrmu.exe
  C:\Windows\System\iFbTrmu.exe
  2⤵
  PID:4740
- C:\Windows\System\lHFDjem.exe
  C:\Windows\System\lHFDjem.exe
  2⤵
  PID:4756
- C:\Windows\System\qyUhCZF.exe
  C:\Windows\System\qyUhCZF.exe
  2⤵
  PID:4772
- C:\Windows\System\VfQcqOB.exe
  C:\Windows\System\VfQcqOB.exe
  2⤵
  PID:4796
- C:\Windows\System\KcBtdCO.exe
  C:\Windows\System\KcBtdCO.exe
  2⤵
  PID:4816
- C:\Windows\System\Bafzqrl.exe
  C:\Windows\System\Bafzqrl.exe
  2⤵
  PID:4832
- C:\Windows\System\PjeqeUI.exe
  C:\Windows\System\PjeqeUI.exe
  2⤵
  PID:4860
- C:\Windows\System\aqBiDXQ.exe
  C:\Windows\System\aqBiDXQ.exe
  2⤵
  PID:4880
- C:\Windows\System\xJWtAFv.exe
  C:\Windows\System\xJWtAFv.exe
  2⤵
  PID:4900
- C:\Windows\System\sKCVwOq.exe
  C:\Windows\System\sKCVwOq.exe
  2⤵
  PID:4920
- C:\Windows\System\MXxHPJD.exe
  C:\Windows\System\MXxHPJD.exe
  2⤵
  PID:4940
- C:\Windows\System\GJdFMYm.exe
  C:\Windows\System\GJdFMYm.exe
  2⤵
  PID:4960
- C:\Windows\System\XrUvRnr.exe
  C:\Windows\System\XrUvRnr.exe
  2⤵
  PID:4976
- C:\Windows\System\fKipTTd.exe
  C:\Windows\System\fKipTTd.exe
  2⤵
  PID:4996
- C:\Windows\System\HwtMAnB.exe
  C:\Windows\System\HwtMAnB.exe
  2⤵
  PID:5020
- C:\Windows\System\cMzkwDm.exe
  C:\Windows\System\cMzkwDm.exe
  2⤵
  PID:5044
- C:\Windows\System\HrubeNS.exe
  C:\Windows\System\HrubeNS.exe
  2⤵
  PID:5064
- C:\Windows\System\LdUFaeR.exe
  C:\Windows\System\LdUFaeR.exe
  2⤵
  PID:5084
- C:\Windows\System\ZSMnWia.exe
  C:\Windows\System\ZSMnWia.exe
  2⤵
  PID:5104
- C:\Windows\System\QmjwEJD.exe
  C:\Windows\System\QmjwEJD.exe
  2⤵
  PID:3784
- C:\Windows\System\CUVszep.exe
  C:\Windows\System\CUVszep.exe
  2⤵
  PID:3916
- C:\Windows\System\FIZUmDO.exe
  C:\Windows\System\FIZUmDO.exe
  2⤵
  PID:2916
- C:\Windows\System\KwtKAuj.exe
  C:\Windows\System\KwtKAuj.exe
  2⤵
  PID:3404
- C:\Windows\System\nprsxVA.exe
  C:\Windows\System\nprsxVA.exe
  2⤵
  PID:4124
- C:\Windows\System\gkqJmtS.exe
  C:\Windows\System\gkqJmtS.exe
  2⤵
  PID:4160
- C:\Windows\System\thVPaiS.exe
  C:\Windows\System\thVPaiS.exe
  2⤵
  PID:4140
- C:\Windows\System\kLDrVIf.exe
  C:\Windows\System\kLDrVIf.exe
  2⤵
  PID:4204
- C:\Windows\System\yEcVsyv.exe
  C:\Windows\System\yEcVsyv.exe
  2⤵
  PID:4268
- C:\Windows\System\heDsDhW.exe
  C:\Windows\System\heDsDhW.exe
  2⤵
  PID:4248
- C:\Windows\System\AIFYvAj.exe
  C:\Windows\System\AIFYvAj.exe
  2⤵
  PID:4296
- C:\Windows\System\AhoSDiG.exe
  C:\Windows\System\AhoSDiG.exe
  2⤵
  PID:4356
- C:\Windows\System\aoRifRc.exe
  C:\Windows\System\aoRifRc.exe
  2⤵
  PID:4388
- C:\Windows\System\CncaeEX.exe
  C:\Windows\System\CncaeEX.exe
  2⤵
  PID:4376
- C:\Windows\System\NlHXFpJ.exe
  C:\Windows\System\NlHXFpJ.exe
  2⤵
  PID:4408
- C:\Windows\System\CxQrtom.exe
  C:\Windows\System\CxQrtom.exe
  2⤵
  PID:4452
- C:\Windows\System\BarQgcf.exe
  C:\Windows\System\BarQgcf.exe
  2⤵
  PID:4496
- C:\Windows\System\zXiOkQZ.exe
  C:\Windows\System\zXiOkQZ.exe
  2⤵
  PID:4568
- C:\Windows\System\CvlxuXZ.exe
  C:\Windows\System\CvlxuXZ.exe
  2⤵
  PID:4604
- C:\Windows\System\fkFwkWl.exe
  C:\Windows\System\fkFwkWl.exe
  2⤵
  PID:4588
- C:\Windows\System\rWWRQow.exe
  C:\Windows\System\rWWRQow.exe
  2⤵
  PID:4684
- C:\Windows\System\YcsRfDc.exe
  C:\Windows\System\YcsRfDc.exe
  2⤵
  PID:4624
- C:\Windows\System\yPeVLjN.exe
  C:\Windows\System\yPeVLjN.exe
  2⤵
  PID:4668
- C:\Windows\System\RpnTCgT.exe
  C:\Windows\System\RpnTCgT.exe
  2⤵
  PID:4804
- C:\Windows\System\uyEajoe.exe
  C:\Windows\System\uyEajoe.exe
  2⤵
  PID:4784
- C:\Windows\System\xHIBwlN.exe
  C:\Windows\System\xHIBwlN.exe
  2⤵
  PID:4856
- C:\Windows\System\YyKcIbh.exe
  C:\Windows\System\YyKcIbh.exe
  2⤵
  PID:4828
- C:\Windows\System\hVciMUh.exe
  C:\Windows\System\hVciMUh.exe
  2⤵
  PID:4928
- C:\Windows\System\SWRRypQ.exe
  C:\Windows\System\SWRRypQ.exe
  2⤵
  PID:4872
- C:\Windows\System\djkjqMD.exe
  C:\Windows\System\djkjqMD.exe
  2⤵
  PID:4972
- C:\Windows\System\xLARKYs.exe
  C:\Windows\System\xLARKYs.exe
  2⤵
  PID:5004
- C:\Windows\System\zyexpLD.exe
  C:\Windows\System\zyexpLD.exe
  2⤵
  PID:4984
- C:\Windows\System\xjmFasy.exe
  C:\Windows\System\xjmFasy.exe
  2⤵
  PID:5036
- C:\Windows\System\LzfDpom.exe
  C:\Windows\System\LzfDpom.exe
  2⤵
  PID:5092
- C:\Windows\System\iBvgkSR.exe
  C:\Windows\System\iBvgkSR.exe
  2⤵
  PID:2152
- C:\Windows\System\uXTaBJs.exe
  C:\Windows\System\uXTaBJs.exe
  2⤵
  PID:3420
- C:\Windows\System\BaGsSMw.exe
  C:\Windows\System\BaGsSMw.exe
  2⤵
  PID:4104
- C:\Windows\System\EkCAvaq.exe
  C:\Windows\System\EkCAvaq.exe
  2⤵
  PID:4200
- C:\Windows\System\BkWUJlM.exe
  C:\Windows\System\BkWUJlM.exe
  2⤵
  PID:3616
- C:\Windows\System\FDfFIXC.exe
  C:\Windows\System\FDfFIXC.exe
  2⤵
  PID:4344
- C:\Windows\System\FNlflTP.exe
  C:\Windows\System\FNlflTP.exe
  2⤵
  PID:4180
- C:\Windows\System\RbyxzHA.exe
  C:\Windows\System\RbyxzHA.exe
  2⤵
  PID:4288
- C:\Windows\System\mpjIxXn.exe
  C:\Windows\System\mpjIxXn.exe
  2⤵
  PID:4328
- C:\Windows\System\kBIesLg.exe
  C:\Windows\System\kBIesLg.exe
  2⤵
  PID:4480
- C:\Windows\System\WUZbOFG.exe
  C:\Windows\System\WUZbOFG.exe
  2⤵
  PID:4564
- C:\Windows\System\jbMrMIj.exe
  C:\Windows\System\jbMrMIj.exe
  2⤵
  PID:4492
- C:\Windows\System\kIUViZx.exe
  C:\Windows\System\kIUViZx.exe
  2⤵
  PID:4736
- C:\Windows\System\IlkeIfu.exe
  C:\Windows\System\IlkeIfu.exe
  2⤵
  PID:4680
- C:\Windows\System\YzzPuQn.exe
  C:\Windows\System\YzzPuQn.exe
  2⤵
  PID:4712
- C:\Windows\System\JoqTlPt.exe
  C:\Windows\System\JoqTlPt.exe
  2⤵
  PID:2564
- C:\Windows\System\SxjmtlF.exe
  C:\Windows\System\SxjmtlF.exe
  2⤵
  PID:4808
- C:\Windows\System\HqOETlK.exe
  C:\Windows\System\HqOETlK.exe
  2⤵
  PID:4892
- C:\Windows\System\TtcDrrR.exe
  C:\Windows\System\TtcDrrR.exe
  2⤵
  PID:4824
- C:\Windows\System\MymUShE.exe
  C:\Windows\System\MymUShE.exe
  2⤵
  PID:5008
- C:\Windows\System\PMrWPJc.exe
  C:\Windows\System\PMrWPJc.exe
  2⤵
  PID:4952
- C:\Windows\System\aLcUgvI.exe
  C:\Windows\System\aLcUgvI.exe
  2⤵
  PID:1616
- C:\Windows\System\gjwvPnO.exe
  C:\Windows\System\gjwvPnO.exe
  2⤵
  PID:3952
- C:\Windows\System\ZYvZfox.exe
  C:\Windows\System\ZYvZfox.exe
  2⤵
  PID:5096
- C:\Windows\System\CaJUqwn.exe
  C:\Windows\System\CaJUqwn.exe
  2⤵
  PID:3300
- C:\Windows\System\dOUyBtc.exe
  C:\Windows\System\dOUyBtc.exe
  2⤵
  PID:4116
- C:\Windows\System\wDpTqgG.exe
  C:\Windows\System\wDpTqgG.exe
  2⤵
  PID:4316
- C:\Windows\System\CovbfnK.exe
  C:\Windows\System\CovbfnK.exe
  2⤵
  PID:4460
- C:\Windows\System\hVYMilg.exe
  C:\Windows\System\hVYMilg.exe
  2⤵
  PID:4516
- C:\Windows\System\EoHvHPp.exe
  C:\Windows\System\EoHvHPp.exe
  2⤵
  PID:4428
- C:\Windows\System\eUGcNkp.exe
  C:\Windows\System\eUGcNkp.exe
  2⤵
  PID:4540
- C:\Windows\System\KsNgbsO.exe
  C:\Windows\System\KsNgbsO.exe
  2⤵
  PID:4708
- C:\Windows\System\LXgsBtk.exe
  C:\Windows\System\LXgsBtk.exe
  2⤵
  PID:2428
- C:\Windows\System\YyOdevx.exe
  C:\Windows\System\YyOdevx.exe
  2⤵
  PID:5016
- C:\Windows\System\oDlZTha.exe
  C:\Windows\System\oDlZTha.exe
  2⤵
  PID:4876
- C:\Windows\System\NxvFaED.exe
  C:\Windows\System\NxvFaED.exe
  2⤵
  PID:4956
- C:\Windows\System\SqyUQFD.exe
  C:\Windows\System\SqyUQFD.exe
  2⤵
  PID:5080
- C:\Windows\System\dlTzMII.exe
  C:\Windows\System\dlTzMII.exe
  2⤵
  PID:3920
- C:\Windows\System\kvVFtyU.exe
  C:\Windows\System\kvVFtyU.exe
  2⤵
  PID:2872
- C:\Windows\System\hzadZfX.exe
  C:\Windows\System\hzadZfX.exe
  2⤵
  PID:4580
- C:\Windows\System\frrINsi.exe
  C:\Windows\System\frrINsi.exe
  2⤵
  PID:4848
- C:\Windows\System\DuDYwrP.exe
  C:\Windows\System\DuDYwrP.exe
  2⤵
  PID:4156
- C:\Windows\System\AOGuVTS.exe
  C:\Windows\System\AOGuVTS.exe
  2⤵
  PID:4852
- C:\Windows\System\tpnHqvU.exe
  C:\Windows\System\tpnHqvU.exe
  2⤵
  PID:4916
- C:\Windows\System\IrqFYrK.exe
  C:\Windows\System\IrqFYrK.exe
  2⤵
  PID:2744
- C:\Windows\System\nYkafjI.exe
  C:\Windows\System\nYkafjI.exe
  2⤵
  PID:2936
- C:\Windows\System\TKGSoMq.exe
  C:\Windows\System\TKGSoMq.exe
  2⤵
  PID:2928
- C:\Windows\System\PwYFmpq.exe
  C:\Windows\System\PwYFmpq.exe
  2⤵
  PID:300
- C:\Windows\System\gcWJyUj.exe
  C:\Windows\System\gcWJyUj.exe
  2⤵
  PID:4644
- C:\Windows\System\iMJCIdE.exe
  C:\Windows\System\iMJCIdE.exe
  2⤵
  PID:1464
- C:\Windows\System\nxEwXdB.exe
  C:\Windows\System\nxEwXdB.exe
  2⤵
  PID:4912
- C:\Windows\System\anvUhBm.exe
  C:\Windows\System\anvUhBm.exe
  2⤵
  PID:5056
- C:\Windows\System\UVIPsrf.exe
  C:\Windows\System\UVIPsrf.exe
  2⤵
  PID:3576
- C:\Windows\System\vMLBVqX.exe
  C:\Windows\System\vMLBVqX.exe
  2⤵
  PID:4520
- C:\Windows\System\RftuYLJ.exe
  C:\Windows\System\RftuYLJ.exe
  2⤵
  PID:3804
- C:\Windows\System\CEVOhXr.exe
  C:\Windows\System\CEVOhXr.exe
  2⤵
  PID:5140
- C:\Windows\System\IKxyDtn.exe
  C:\Windows\System\IKxyDtn.exe
  2⤵
  PID:5156
- C:\Windows\System\PCRCsiG.exe
  C:\Windows\System\PCRCsiG.exe
  2⤵
  PID:5196
- C:\Windows\System\fnvQtui.exe
  C:\Windows\System\fnvQtui.exe
  2⤵
  PID:5212
- C:\Windows\System\esGwKJV.exe
  C:\Windows\System\esGwKJV.exe
  2⤵
  PID:5228
- C:\Windows\System\SlUQupQ.exe
  C:\Windows\System\SlUQupQ.exe
  2⤵
  PID:5244
- C:\Windows\System\QYAtCee.exe
  C:\Windows\System\QYAtCee.exe
  2⤵
  PID:5260
- C:\Windows\System\qLxlcgt.exe
  C:\Windows\System\qLxlcgt.exe
  2⤵
  PID:5276
- C:\Windows\System\sRUYWhB.exe
  C:\Windows\System\sRUYWhB.exe
  2⤵
  PID:5300
- C:\Windows\System\BnzdRcx.exe
  C:\Windows\System\BnzdRcx.exe
  2⤵
  PID:5316
- C:\Windows\System\YDkJDgn.exe
  C:\Windows\System\YDkJDgn.exe
  2⤵
  PID:5332
- C:\Windows\System\RkLcsFu.exe
  C:\Windows\System\RkLcsFu.exe
  2⤵
  PID:5356
- C:\Windows\System\dyOYXwc.exe
  C:\Windows\System\dyOYXwc.exe
  2⤵
  PID:5388
- C:\Windows\System\QdQLHbI.exe
  C:\Windows\System\QdQLHbI.exe
  2⤵
  PID:5416
- C:\Windows\System\PooeIXJ.exe
  C:\Windows\System\PooeIXJ.exe
  2⤵
  PID:5436
- C:\Windows\System\THIBlTO.exe
  C:\Windows\System\THIBlTO.exe
  2⤵
  PID:5456
- C:\Windows\System\oBcEFux.exe
  C:\Windows\System\oBcEFux.exe
  2⤵
  PID:5480
- C:\Windows\System\TotbXdp.exe
  C:\Windows\System\TotbXdp.exe
  2⤵
  PID:5504
- C:\Windows\System\wIJisxM.exe
  C:\Windows\System\wIJisxM.exe
  2⤵
  PID:5520
- C:\Windows\System\cxvvBWy.exe
  C:\Windows\System\cxvvBWy.exe
  2⤵
  PID:5540
- C:\Windows\System\jctWiPi.exe
  C:\Windows\System\jctWiPi.exe
  2⤵
  PID:5560
- C:\Windows\System\LDHvhxz.exe
  C:\Windows\System\LDHvhxz.exe
  2⤵
  PID:5580
- C:\Windows\System\zYTEuog.exe
  C:\Windows\System\zYTEuog.exe
  2⤵
  PID:5604
- C:\Windows\System\NxtdvbQ.exe
  C:\Windows\System\NxtdvbQ.exe
  2⤵
  PID:5620
- C:\Windows\System\GYJfVjE.exe
  C:\Windows\System\GYJfVjE.exe
  2⤵
  PID:5644
- C:\Windows\System\AkVPwdZ.exe
  C:\Windows\System\AkVPwdZ.exe
  2⤵
  PID:5660
- C:\Windows\System\CTaKcGf.exe
  C:\Windows\System\CTaKcGf.exe
  2⤵
  PID:5676
- C:\Windows\System\dQShdCu.exe
  C:\Windows\System\dQShdCu.exe
  2⤵
  PID:5692
- C:\Windows\System\CyFvdVj.exe
  C:\Windows\System\CyFvdVj.exe
  2⤵
  PID:5708
- C:\Windows\System\rOPmapF.exe
  C:\Windows\System\rOPmapF.exe
  2⤵
  PID:5724
- C:\Windows\System\VQVWYoO.exe
  C:\Windows\System\VQVWYoO.exe
  2⤵
  PID:5748
- C:\Windows\System\sffBbnI.exe
  C:\Windows\System\sffBbnI.exe
  2⤵
  PID:5764
- C:\Windows\System\URIFwPf.exe
  C:\Windows\System\URIFwPf.exe
  2⤵
  PID:5780
- C:\Windows\System\FTPRITA.exe
  C:\Windows\System\FTPRITA.exe
  2⤵
  PID:5796
- C:\Windows\System\lGyAIYQ.exe
  C:\Windows\System\lGyAIYQ.exe
  2⤵
  PID:5812
- C:\Windows\System\huErzgS.exe
  C:\Windows\System\huErzgS.exe
  2⤵
  PID:5836
- C:\Windows\System\UPbqWIY.exe
  C:\Windows\System\UPbqWIY.exe
  2⤵
  PID:5852
- C:\Windows\System\SQAXDde.exe
  C:\Windows\System\SQAXDde.exe
  2⤵
  PID:5868
- C:\Windows\System\PuYiPsf.exe
  C:\Windows\System\PuYiPsf.exe
  2⤵
  PID:5884
- C:\Windows\System\euePcWZ.exe
  C:\Windows\System\euePcWZ.exe
  2⤵
  PID:5900
- C:\Windows\System\MsgmOtv.exe
  C:\Windows\System\MsgmOtv.exe
  2⤵
  PID:5924
- C:\Windows\System\nOtvvWP.exe
  C:\Windows\System\nOtvvWP.exe
  2⤵
  PID:5944
- C:\Windows\System\mPGIkYh.exe
  C:\Windows\System\mPGIkYh.exe
  2⤵
  PID:5960
- C:\Windows\System\XapYZvY.exe
  C:\Windows\System\XapYZvY.exe
  2⤵
  PID:5976
- C:\Windows\System\mMTNWRa.exe
  C:\Windows\System\mMTNWRa.exe
  2⤵
  PID:6036
- C:\Windows\System\vGmosEL.exe
  C:\Windows\System\vGmosEL.exe
  2⤵
  PID:6052
- C:\Windows\System\XcWFWoO.exe
  C:\Windows\System\XcWFWoO.exe
  2⤵
  PID:6068
- C:\Windows\System\EMeQPHG.exe
  C:\Windows\System\EMeQPHG.exe
  2⤵
  PID:6084
- C:\Windows\System\ahULXMU.exe
  C:\Windows\System\ahULXMU.exe
  2⤵
  PID:6100
- C:\Windows\System\irwxGkI.exe
  C:\Windows\System\irwxGkI.exe
  2⤵
  PID:6116
- C:\Windows\System\ChpybUe.exe
  C:\Windows\System\ChpybUe.exe
  2⤵
  PID:6132
- C:\Windows\System\ipFvFwF.exe
  C:\Windows\System\ipFvFwF.exe
  2⤵
  PID:264
- C:\Windows\System\LBqgneO.exe
  C:\Windows\System\LBqgneO.exe
  2⤵
  PID:5076
- C:\Windows\System\WTFboUF.exe
  C:\Windows\System\WTFboUF.exe
  2⤵
  PID:5184
- C:\Windows\System\ZjpDoBu.exe
  C:\Windows\System\ZjpDoBu.exe
  2⤵
  PID:5164
- C:\Windows\System\RCRwWtA.exe
  C:\Windows\System\RCRwWtA.exe
  2⤵
  PID:5192
- C:\Windows\System\YDhGihf.exe
  C:\Windows\System\YDhGihf.exe
  2⤵
  PID:5220
- C:\Windows\System\PmJParS.exe
  C:\Windows\System\PmJParS.exe
  2⤵
  PID:2232
- C:\Windows\System\xbFcDIm.exe
  C:\Windows\System\xbFcDIm.exe
  2⤵
  PID:5364
- C:\Windows\System\DBtJddu.exe
  C:\Windows\System\DBtJddu.exe
  2⤵
  PID:5380
- C:\Windows\System\DgfDpYX.exe
  C:\Windows\System\DgfDpYX.exe
  2⤵
  PID:5340
- C:\Windows\System\UKHZCvT.exe
  C:\Windows\System\UKHZCvT.exe
  2⤵
  PID:5272
- C:\Windows\System\rbhESSC.exe
  C:\Windows\System\rbhESSC.exe
  2⤵
  PID:5408
- C:\Windows\System\bTCNWTS.exe
  C:\Windows\System\bTCNWTS.exe
  2⤵
  PID:5476
- C:\Windows\System\TdNtOch.exe
  C:\Windows\System\TdNtOch.exe
  2⤵
  PID:5488
- C:\Windows\System\SAqldOQ.exe
  C:\Windows\System\SAqldOQ.exe
  2⤵
  PID:5512
- C:\Windows\System\RedGJpG.exe
  C:\Windows\System\RedGJpG.exe
  2⤵
  PID:5532
- C:\Windows\System\oggtrWY.exe
  C:\Windows\System\oggtrWY.exe
  2⤵
  PID:5572
- C:\Windows\System\lCdxnAi.exe
  C:\Windows\System\lCdxnAi.exe
  2⤵
  PID:5596
- C:\Windows\System\HxECAvu.exe
  C:\Windows\System\HxECAvu.exe
  2⤵
  PID:5616
- C:\Windows\System\aORWSAM.exe
  C:\Windows\System\aORWSAM.exe
  2⤵
  PID:2680
- C:\Windows\System\mqRAHai.exe
  C:\Windows\System\mqRAHai.exe
  2⤵
  PID:5700
- C:\Windows\System\yAUeCKU.exe
  C:\Windows\System\yAUeCKU.exe
  2⤵
  PID:5740
- C:\Windows\System\FRiwUsy.exe
  C:\Windows\System\FRiwUsy.exe
  2⤵
  PID:5848
- C:\Windows\System\ZhFPmvN.exe
  C:\Windows\System\ZhFPmvN.exe
  2⤵
  PID:5908
- C:\Windows\System\mXORJBM.exe
  C:\Windows\System\mXORJBM.exe
  2⤵
  PID:5952
- C:\Windows\System\OfzcIqY.exe
  C:\Windows\System\OfzcIqY.exe
  2⤵
  PID:5996
- C:\Windows\System\TMfxhvO.exe
  C:\Windows\System\TMfxhvO.exe
  2⤵
  PID:6012
- C:\Windows\System\FJgVYSJ.exe
  C:\Windows\System\FJgVYSJ.exe
  2⤵
  PID:780
- C:\Windows\System\xnvSZIA.exe
  C:\Windows\System\xnvSZIA.exe
  2⤵
  PID:6064
- C:\Windows\System\LXNlKJa.exe
  C:\Windows\System\LXNlKJa.exe
  2⤵
  PID:4448
- C:\Windows\System\pVgPAhg.exe
  C:\Windows\System\pVgPAhg.exe
  2⤵
  PID:5688
- C:\Windows\System\EmFhJSS.exe
  C:\Windows\System\EmFhJSS.exe
  2⤵
  PID:5896
- C:\Windows\System\fzbJruC.exe
  C:\Windows\System\fzbJruC.exe
  2⤵
  PID:5968
- C:\Windows\System\DsqVqzz.exe
  C:\Windows\System\DsqVqzz.exe
  2⤵
  PID:3364
- C:\Windows\System\whWYKJz.exe
  C:\Windows\System\whWYKJz.exe
  2⤵
  PID:5284
- C:\Windows\System\MbjXHnF.exe
  C:\Windows\System\MbjXHnF.exe
  2⤵
  PID:5132
- C:\Windows\System\atMPCGT.exe
  C:\Windows\System\atMPCGT.exe
  2⤵
  PID:5720
- C:\Windows\System\jFPhfan.exe
  C:\Windows\System\jFPhfan.exe
  2⤵
  PID:5892
- C:\Windows\System\IhFtBUm.exe
  C:\Windows\System\IhFtBUm.exe
  2⤵
  PID:5328
- C:\Windows\System\TDiEfjp.exe
  C:\Windows\System\TDiEfjp.exe
  2⤵
  PID:848
- C:\Windows\System\dRCoXDn.exe
  C:\Windows\System\dRCoXDn.exe
  2⤵
  PID:6048
- C:\Windows\System\XtZytJF.exe
  C:\Windows\System\XtZytJF.exe
  2⤵
  PID:6112
- C:\Windows\System\RlIyLic.exe
  C:\Windows\System\RlIyLic.exe
  2⤵
  PID:5372
- C:\Windows\System\hhwTkrP.exe
  C:\Windows\System\hhwTkrP.exe
  2⤵
  PID:5404
- C:\Windows\System\wTyyTjI.exe
  C:\Windows\System\wTyyTjI.exe
  2⤵
  PID:5528
- C:\Windows\System\cOmWkRh.exe
  C:\Windows\System\cOmWkRh.exe
  2⤵
  PID:1932
- C:\Windows\System\pUfDaiC.exe
  C:\Windows\System\pUfDaiC.exe
  2⤵
  PID:5432
- C:\Windows\System\NxhdbKf.exe
  C:\Windows\System\NxhdbKf.exe
  2⤵
  PID:5496
- C:\Windows\System\wJWYrPv.exe
  C:\Windows\System\wJWYrPv.exe
  2⤵
  PID:5628
- C:\Windows\System\hlIUBHc.exe
  C:\Windows\System\hlIUBHc.exe
  2⤵
  PID:6024
- C:\Windows\System\udMlhNJ.exe
  C:\Windows\System\udMlhNJ.exe
  2⤵
  PID:6124
- C:\Windows\System\cNzeHzS.exe
  C:\Windows\System\cNzeHzS.exe
  2⤵
  PID:5804
- C:\Windows\System\deqyImX.exe
  C:\Windows\System\deqyImX.exe
  2⤵
  PID:5788
- C:\Windows\System\zZtJEMR.exe
  C:\Windows\System\zZtJEMR.exe
  2⤵
  PID:5172
- C:\Windows\System\HfpSIJh.exe
  C:\Windows\System\HfpSIJh.exe
  2⤵
  PID:6008
- C:\Windows\System\vGLbYmz.exe
  C:\Windows\System\vGLbYmz.exe
  2⤵
  PID:5828
- C:\Windows\System\SpHAFUi.exe
  C:\Windows\System\SpHAFUi.exe
  2⤵
  PID:2668
- C:\Windows\System\NSIEkdD.exe
  C:\Windows\System\NSIEkdD.exe
  2⤵
  PID:2888
- C:\Windows\System\jMHkpgo.exe
  C:\Windows\System\jMHkpgo.exe
  2⤵
  PID:5152
- C:\Windows\System\iXXsfGj.exe
  C:\Windows\System\iXXsfGj.exe
  2⤵
  PID:5236
- C:\Windows\System\skLDusn.exe
  C:\Windows\System\skLDusn.exe
  2⤵
  PID:5376
- C:\Windows\System\EoTmfIZ.exe
  C:\Windows\System\EoTmfIZ.exe
  2⤵
  PID:1956
- C:\Windows\System\LMGYjtL.exe
  C:\Windows\System\LMGYjtL.exe
  2⤵
  PID:6140
- C:\Windows\System\jCEPTXX.exe
  C:\Windows\System\jCEPTXX.exe
  2⤵
  PID:5464
- C:\Windows\System\WNKGpTz.exe
  C:\Windows\System\WNKGpTz.exe
  2⤵
  PID:5672
- C:\Windows\System\TgBYERi.exe
  C:\Windows\System\TgBYERi.exe
  2⤵
  PID:5992
- C:\Windows\System\viwcqDa.exe
  C:\Windows\System\viwcqDa.exe
  2⤵
  PID:5176
- C:\Windows\System\AnJBxCf.exe
  C:\Windows\System\AnJBxCf.exe
  2⤵
  PID:5448
- C:\Windows\System\NswSZLQ.exe
  C:\Windows\System\NswSZLQ.exe
  2⤵
  PID:1468
- C:\Windows\System\uKbIObJ.exe
  C:\Windows\System\uKbIObJ.exe
  2⤵
  PID:6096
- C:\Windows\System\fEKaJpg.exe
  C:\Windows\System\fEKaJpg.exe
  2⤵
  PID:1080
- C:\Windows\System\GMxReMt.exe
  C:\Windows\System\GMxReMt.exe
  2⤵
  PID:5368
- C:\Windows\System\RqwTHDD.exe
  C:\Windows\System\RqwTHDD.exe
  2⤵
  PID:1620
- C:\Windows\System\kUTpKnJ.exe
  C:\Windows\System\kUTpKnJ.exe
  2⤵
  PID:444
- C:\Windows\System\glyztYA.exe
  C:\Windows\System\glyztYA.exe
  2⤵
  PID:5640
- C:\Windows\System\LbxhfkK.exe
  C:\Windows\System\LbxhfkK.exe
  2⤵
  PID:5940
- C:\Windows\System\sSXEefp.exe
  C:\Windows\System\sSXEefp.exe
  2⤵
  PID:2204
- C:\Windows\System\FnrBdvf.exe
  C:\Windows\System\FnrBdvf.exe
  2⤵
  PID:5424
- C:\Windows\System\hptayKe.exe
  C:\Windows\System\hptayKe.exe
  2⤵
  PID:5936
- C:\Windows\System\OcOBLQT.exe
  C:\Windows\System\OcOBLQT.exe
  2⤵
  PID:1920
- C:\Windows\System\XyyTxYO.exe
  C:\Windows\System\XyyTxYO.exe
  2⤵
  PID:1516
- C:\Windows\System\UEIlpSR.exe
  C:\Windows\System\UEIlpSR.exe
  2⤵
  PID:1120
- C:\Windows\System\rgsQaGD.exe
  C:\Windows\System\rgsQaGD.exe
  2⤵
  PID:5588
- C:\Windows\System\aOfBxoP.exe
  C:\Windows\System\aOfBxoP.exe
  2⤵
  PID:5760
- C:\Windows\System\JjVeHPN.exe
  C:\Windows\System\JjVeHPN.exe
  2⤵
  PID:6080
- C:\Windows\System\OXSmykY.exe
  C:\Windows\System\OXSmykY.exe
  2⤵
  PID:6108
- C:\Windows\System\CPjlXWy.exe
  C:\Windows\System\CPjlXWy.exe
  2⤵
  PID:1420
- C:\Windows\System\mOeOnfs.exe
  C:\Windows\System\mOeOnfs.exe
  2⤵
  PID:1008
- C:\Windows\System\UHPkpnm.exe
  C:\Windows\System\UHPkpnm.exe
  2⤵
  PID:1180
- C:\Windows\System\dTnDmKW.exe
  C:\Windows\System\dTnDmKW.exe
  2⤵
  PID:5864
- C:\Windows\System\seWSEbz.exe
  C:\Windows\System\seWSEbz.exe
  2⤵
  PID:5732
- C:\Windows\System\ZbqdvrU.exe
  C:\Windows\System\ZbqdvrU.exe
  2⤵
  PID:1044
- C:\Windows\System\faOvren.exe
  C:\Windows\System\faOvren.exe
  2⤵
  PID:6156
- C:\Windows\System\gDTHaZH.exe
  C:\Windows\System\gDTHaZH.exe
  2⤵
  PID:6180
- C:\Windows\System\QuSgXAO.exe
  C:\Windows\System\QuSgXAO.exe
  2⤵
  PID:6196
- C:\Windows\System\zziQcJG.exe
  C:\Windows\System\zziQcJG.exe
  2⤵
  PID:6212
- C:\Windows\System\HBNlAdz.exe
  C:\Windows\System\HBNlAdz.exe
  2⤵
  PID:6232
- C:\Windows\System\perfCPD.exe
  C:\Windows\System\perfCPD.exe
  2⤵
  PID:6248
- C:\Windows\System\BttdQSp.exe
  C:\Windows\System\BttdQSp.exe
  2⤵
  PID:6288
- C:\Windows\System\unGICln.exe
  C:\Windows\System\unGICln.exe
  2⤵
  PID:6308
- C:\Windows\System\WwnJVGT.exe
  C:\Windows\System\WwnJVGT.exe
  2⤵
  PID:6332
- C:\Windows\System\yWmokHj.exe
  C:\Windows\System\yWmokHj.exe
  2⤵
  PID:6348
- C:\Windows\System\IVbBFBG.exe
  C:\Windows\System\IVbBFBG.exe
  2⤵
  PID:6364
- C:\Windows\System\seSZbpK.exe
  C:\Windows\System\seSZbpK.exe
  2⤵
  PID:6384
- C:\Windows\System\lBbBcjY.exe
  C:\Windows\System\lBbBcjY.exe
  2⤵
  PID:6400
- C:\Windows\System\fGtUbrY.exe
  C:\Windows\System\fGtUbrY.exe
  2⤵
  PID:6420
- C:\Windows\System\SghFZbl.exe
  C:\Windows\System\SghFZbl.exe
  2⤵
  PID:6440
- C:\Windows\System\iTdsqdl.exe
  C:\Windows\System\iTdsqdl.exe
  2⤵
  PID:6464
- C:\Windows\System\PwRXJvi.exe
  C:\Windows\System\PwRXJvi.exe
  2⤵
  PID:6492
- C:\Windows\System\VQrhbtL.exe
  C:\Windows\System\VQrhbtL.exe
  2⤵
  PID:6516
- C:\Windows\System\LCmryXA.exe
  C:\Windows\System\LCmryXA.exe
  2⤵
  PID:6532
- C:\Windows\System\fCUGAyc.exe
  C:\Windows\System\fCUGAyc.exe
  2⤵
  PID:6552
- C:\Windows\System\vSCHqET.exe
  C:\Windows\System\vSCHqET.exe
  2⤵
  PID:6568
- C:\Windows\System\BqNHuOC.exe
  C:\Windows\System\BqNHuOC.exe
  2⤵
  PID:6584
- C:\Windows\System\aFwfYer.exe
  C:\Windows\System\aFwfYer.exe
  2⤵
  PID:6600
- C:\Windows\System\yEIHKox.exe
  C:\Windows\System\yEIHKox.exe
  2⤵
  PID:6616
- C:\Windows\System\IBmJBqn.exe
  C:\Windows\System\IBmJBqn.exe
  2⤵
  PID:6644
- C:\Windows\System\PecmJOu.exe
  C:\Windows\System\PecmJOu.exe
  2⤵
  PID:6668
- C:\Windows\System\NATckfc.exe
  C:\Windows\System\NATckfc.exe
  2⤵
  PID:6692
- C:\Windows\System\mkFVNQX.exe
  C:\Windows\System\mkFVNQX.exe
  2⤵
  PID:6708
- C:\Windows\System\TBTptvk.exe
  C:\Windows\System\TBTptvk.exe
  2⤵
  PID:6724
- C:\Windows\System\wHlLeHm.exe
  C:\Windows\System\wHlLeHm.exe
  2⤵
  PID:6760
- C:\Windows\System\OScgjYP.exe
  C:\Windows\System\OScgjYP.exe
  2⤵
  PID:6776
- C:\Windows\System\noidrCB.exe
  C:\Windows\System\noidrCB.exe
  2⤵
  PID:6792
- C:\Windows\System\iKEGOWG.exe
  C:\Windows\System\iKEGOWG.exe
  2⤵
  PID:6808
- C:\Windows\System\LDojDey.exe
  C:\Windows\System\LDojDey.exe
  2⤵
  PID:6824
- C:\Windows\System\IhzMOaO.exe
  C:\Windows\System\IhzMOaO.exe
  2⤵
  PID:6840
- C:\Windows\System\PmLksZX.exe
  C:\Windows\System\PmLksZX.exe
  2⤵
  PID:6860
- C:\Windows\System\GVZeARm.exe
  C:\Windows\System\GVZeARm.exe
  2⤵
  PID:6888
- C:\Windows\System\nJwwkip.exe
  C:\Windows\System\nJwwkip.exe
  2⤵
  PID:6904
- C:\Windows\System\DMQkomt.exe
  C:\Windows\System\DMQkomt.exe
  2⤵
  PID:6920
- C:\Windows\System\dMDNUZt.exe
  C:\Windows\System\dMDNUZt.exe
  2⤵
  PID:6936
- C:\Windows\System\kwXYBJa.exe
  C:\Windows\System\kwXYBJa.exe
  2⤵
  PID:6956
- C:\Windows\System\auHdVPW.exe
  C:\Windows\System\auHdVPW.exe
  2⤵
  PID:6972
- C:\Windows\System\obpHjqj.exe
  C:\Windows\System\obpHjqj.exe
  2⤵
  PID:7016
- C:\Windows\System\PUVnisb.exe
  C:\Windows\System\PUVnisb.exe
  2⤵
  PID:7032
- C:\Windows\System\wrpXrgR.exe
  C:\Windows\System\wrpXrgR.exe
  2⤵
  PID:7048
- C:\Windows\System\UDvTgKa.exe
  C:\Windows\System\UDvTgKa.exe
  2⤵
  PID:7068
- C:\Windows\System\THhFNKV.exe
  C:\Windows\System\THhFNKV.exe
  2⤵
  PID:7084
- C:\Windows\System\BPosnSV.exe
  C:\Windows\System\BPosnSV.exe
  2⤵
  PID:7100
- C:\Windows\System\JPkTKgX.exe
  C:\Windows\System\JPkTKgX.exe
  2⤵
  PID:7116
- C:\Windows\System\hKvWARN.exe
  C:\Windows\System\hKvWARN.exe
  2⤵
  PID:7136
- C:\Windows\System\dguxeoo.exe
  C:\Windows\System\dguxeoo.exe
  2⤵
  PID:7160
- C:\Windows\System\TRTkGcf.exe
  C:\Windows\System\TRTkGcf.exe
  2⤵
  PID:5208
- C:\Windows\System\TobzBIR.exe
  C:\Windows\System\TobzBIR.exe
  2⤵
  PID:6168
- C:\Windows\System\CIQFxme.exe
  C:\Windows\System\CIQFxme.exe
  2⤵
  PID:2336
- C:\Windows\System\OJYuehN.exe
  C:\Windows\System\OJYuehN.exe
  2⤵
  PID:2236
- C:\Windows\System\yBLpsnq.exe
  C:\Windows\System\yBLpsnq.exe
  2⤵
  PID:1936
- C:\Windows\System\LsxZsKK.exe
  C:\Windows\System\LsxZsKK.exe
  2⤵
  PID:6224
- C:\Windows\System\yHCYZZv.exe
  C:\Windows\System\yHCYZZv.exe
  2⤵
  PID:6272
- C:\Windows\System\NbxrAwL.exe
  C:\Windows\System\NbxrAwL.exe
  2⤵
  PID:6296
- C:\Windows\System\FpTkkEZ.exe
  C:\Windows\System\FpTkkEZ.exe
  2⤵
  PID:6340
- C:\Windows\System\TkbkpEk.exe
  C:\Windows\System\TkbkpEk.exe
  2⤵
  PID:6380
- C:\Windows\System\zRwGVFK.exe
  C:\Windows\System\zRwGVFK.exe
  2⤵
  PID:6324
- C:\Windows\System\JTZEZbp.exe
  C:\Windows\System\JTZEZbp.exe
  2⤵
  PID:6356
- C:\Windows\System\yuOLVns.exe
  C:\Windows\System\yuOLVns.exe
  2⤵
  PID:6428
- C:\Windows\System\nAxUJMh.exe
  C:\Windows\System\nAxUJMh.exe
  2⤵
  PID:6456
- C:\Windows\System\OSvXqtJ.exe
  C:\Windows\System\OSvXqtJ.exe
  2⤵
  PID:6488
- C:\Windows\System\ormYKiR.exe
  C:\Windows\System\ormYKiR.exe
  2⤵
  PID:6472
- C:\Windows\System\lnXrXoR.exe
  C:\Windows\System\lnXrXoR.exe
  2⤵
  PID:6576
- C:\Windows\System\gHCCpKL.exe
  C:\Windows\System\gHCCpKL.exe
  2⤵
  PID:6652
- C:\Windows\System\DHUxkfp.exe
  C:\Windows\System\DHUxkfp.exe
  2⤵
  PID:6740
- C:\Windows\System\xcQyPbB.exe
  C:\Windows\System\xcQyPbB.exe
  2⤵
  PID:6720
- C:\Windows\System\JUzfNCF.exe
  C:\Windows\System\JUzfNCF.exe
  2⤵
  PID:6640
- C:\Windows\System\MWimCbm.exe
  C:\Windows\System\MWimCbm.exe
  2⤵
  PID:6684
- C:\Windows\System\mYfNhfm.exe
  C:\Windows\System\mYfNhfm.exe
  2⤵
  PID:6788
- C:\Windows\System\yvfjtRX.exe
  C:\Windows\System\yvfjtRX.exe
  2⤵
  PID:6848
- C:\Windows\System\VLieYgV.exe
  C:\Windows\System\VLieYgV.exe
  2⤵
  PID:6832
- C:\Windows\System\jLfckRp.exe
  C:\Windows\System\jLfckRp.exe
  2⤵
  PID:6964
- C:\Windows\System\SepVRFy.exe
  C:\Windows\System\SepVRFy.exe
  2⤵
  PID:6800
- C:\Windows\System\vFaZApQ.exe
  C:\Windows\System\vFaZApQ.exe
  2⤵
  PID:7024
- C:\Windows\System\saFvkaP.exe
  C:\Windows\System\saFvkaP.exe
  2⤵
  PID:7064
- C:\Windows\System\dZgogZr.exe
  C:\Windows\System\dZgogZr.exe
  2⤵
  PID:3040
- C:\Windows\System\XzaNVox.exe
  C:\Windows\System\XzaNVox.exe
  2⤵
  PID:5452
- C:\Windows\System\xZKhGii.exe
  C:\Windows\System\xZKhGii.exe
  2⤵
  PID:6952
- C:\Windows\System\NTvzuuT.exe
  C:\Windows\System\NTvzuuT.exe
  2⤵
  PID:7080
- C:\Windows\System\kGXAgsE.exe
  C:\Windows\System\kGXAgsE.exe
  2⤵
  PID:6164
- C:\Windows\System\puHsguG.exe
  C:\Windows\System\puHsguG.exe
  2⤵
  PID:5612
- C:\Windows\System\YodYgEW.exe
  C:\Windows\System\YodYgEW.exe
  2⤵
  PID:6876
- C:\Windows\System\qIAnvUQ.exe
  C:\Windows\System\qIAnvUQ.exe
  2⤵
  PID:7008
- C:\Windows\System\GLiXCvm.exe
  C:\Windows\System\GLiXCvm.exe
  2⤵
  PID:7076
- C:\Windows\System\wMhMBzA.exe
  C:\Windows\System\wMhMBzA.exe
  2⤵
  PID:6304
- C:\Windows\System\ANWrLkL.exe
  C:\Windows\System\ANWrLkL.exe
  2⤵
  PID:6436
- C:\Windows\System\JJafsHq.exe
  C:\Windows\System\JJafsHq.exe
  2⤵
  PID:6484
- C:\Windows\System\haxIQlv.exe
  C:\Windows\System\haxIQlv.exe
  2⤵
  PID:6580
- C:\Windows\System\ubCyCdb.exe
  C:\Windows\System\ubCyCdb.exe
  2⤵
  PID:6452
- C:\Windows\System\hZFHahl.exe
  C:\Windows\System\hZFHahl.exe
  2⤵
  PID:7004
- C:\Windows\System\cJWknqu.exe
  C:\Windows\System\cJWknqu.exe
  2⤵
  PID:6220
- C:\Windows\System\EPRMwRj.exe
  C:\Windows\System\EPRMwRj.exe
  2⤵
  PID:6188
- C:\Windows\System\cPwiGGc.exe
  C:\Windows\System\cPwiGGc.exe
  2⤵
  PID:6612
- C:\Windows\System\rziOIxh.exe
  C:\Windows\System\rziOIxh.exe
  2⤵
  PID:6284
- C:\Windows\System\LpOEads.exe
  C:\Windows\System\LpOEads.exe
  2⤵
  PID:6392
- C:\Windows\System\kanRaOk.exe
  C:\Windows\System\kanRaOk.exe
  2⤵
  PID:6748
- C:\Windows\System\nWPMsfO.exe
  C:\Windows\System\nWPMsfO.exe
  2⤵
  PID:6628
- C:\Windows\System\KNfdEiu.exe
  C:\Windows\System\KNfdEiu.exe
  2⤵
  PID:6784
- C:\Windows\System\eBjDjjv.exe
  C:\Windows\System\eBjDjjv.exe
  2⤵
  PID:6944
- C:\Windows\System\XnSBrIe.exe
  C:\Windows\System\XnSBrIe.exe
  2⤵
  PID:7112
- C:\Windows\System\eKKGnbY.exe
  C:\Windows\System\eKKGnbY.exe
  2⤵
  PID:6900
- C:\Windows\System\ObGNgBe.exe
  C:\Windows\System\ObGNgBe.exe
  2⤵
  PID:6772
- C:\Windows\System\iWVXjpP.exe
  C:\Windows\System\iWVXjpP.exe
  2⤵
  PID:7124
- C:\Windows\System\FdIhrYe.exe
  C:\Windows\System\FdIhrYe.exe
  2⤵
  PID:6172
- C:\Windows\System\eUfwzCs.exe
  C:\Windows\System\eUfwzCs.exe
  2⤵
  PID:6256
- C:\Windows\System\tLUyTQn.exe
  C:\Windows\System\tLUyTQn.exe
  2⤵
  PID:6680
- C:\Windows\System\EQscTSN.exe
  C:\Windows\System\EQscTSN.exe
  2⤵
  PID:6524
- C:\Windows\System\suZZAeO.exe
  C:\Windows\System\suZZAeO.exe
  2⤵
  PID:6260
- C:\Windows\System\mtlBWlQ.exe
  C:\Windows\System\mtlBWlQ.exe
  2⤵
  PID:6152
- C:\Windows\System\qvVmRJu.exe
  C:\Windows\System\qvVmRJu.exe
  2⤵
  PID:7040
- C:\Windows\System\OMcKXpN.exe
  C:\Windows\System\OMcKXpN.exe
  2⤵
  PID:6328
- C:\Windows\System\owKBJEA.exe
  C:\Windows\System\owKBJEA.exe
  2⤵
  PID:6752
- C:\Windows\System\zDfphaO.exe
  C:\Windows\System\zDfphaO.exe
  2⤵
  PID:6208
- C:\Windows\System\gJZvrhe.exe
  C:\Windows\System\gJZvrhe.exe
  2⤵
  PID:6732
- C:\Windows\System\UCmvFsd.exe
  C:\Windows\System\UCmvFsd.exe
  2⤵
  PID:6636
- C:\Windows\System\YWhLrZy.exe
  C:\Windows\System\YWhLrZy.exe
  2⤵
  PID:6932
- C:\Windows\System\kTknjdP.exe
  C:\Windows\System\kTknjdP.exe
  2⤵
  PID:6372
- C:\Windows\System\gbuHdHD.exe
  C:\Windows\System\gbuHdHD.exe
  2⤵
  PID:6988
- C:\Windows\System\TvQdHxV.exe
  C:\Windows\System\TvQdHxV.exe
  2⤵
  PID:6548
- C:\Windows\System\kFwePrf.exe
  C:\Windows\System\kFwePrf.exe
  2⤵
  PID:6872
- C:\Windows\System\ditUhWM.exe
  C:\Windows\System\ditUhWM.exe
  2⤵
  PID:980
- C:\Windows\System\hOJBHBu.exe
  C:\Windows\System\hOJBHBu.exe
  2⤵
  PID:5684
- C:\Windows\System\IlMHhmg.exe
  C:\Windows\System\IlMHhmg.exe
  2⤵
  PID:6268
- C:\Windows\System\CUFIBXZ.exe
  C:\Windows\System\CUFIBXZ.exe
  2⤵
  PID:6868
- C:\Windows\System\tOqhUzi.exe
  C:\Windows\System\tOqhUzi.exe
  2⤵
  PID:6376
- C:\Windows\System\WtwYsno.exe
  C:\Windows\System\WtwYsno.exe
  2⤵
  PID:2752
- C:\Windows\System\iJsBAYh.exe
  C:\Windows\System\iJsBAYh.exe
  2⤵
  PID:6560
- C:\Windows\System\zzYBAaw.exe
  C:\Windows\System\zzYBAaw.exe
  2⤵
  PID:6448
- C:\Windows\System\XiBqLsI.exe
  C:\Windows\System\XiBqLsI.exe
  2⤵
  PID:7096
- C:\Windows\System\YKkyneH.exe
  C:\Windows\System\YKkyneH.exe
  2⤵
  PID:6476
- C:\Windows\System\hCeAgpb.exe
  C:\Windows\System\hCeAgpb.exe
  2⤵
  PID:6060
- C:\Windows\System\uHZfgMX.exe
  C:\Windows\System\uHZfgMX.exe
  2⤵
  PID:7176
- C:\Windows\System\rjzoUWS.exe
  C:\Windows\System\rjzoUWS.exe
  2⤵
  PID:7192
- C:\Windows\System\VRCCHzf.exe
  C:\Windows\System\VRCCHzf.exe
  2⤵
  PID:7208
- C:\Windows\System\MWDWOQS.exe
  C:\Windows\System\MWDWOQS.exe
  2⤵
  PID:7224
- C:\Windows\System\KRVZbej.exe
  C:\Windows\System\KRVZbej.exe
  2⤵
  PID:7240
- C:\Windows\System\QMJPRjq.exe
  C:\Windows\System\QMJPRjq.exe
  2⤵
  PID:7256
- C:\Windows\System\GdXDQnN.exe
  C:\Windows\System\GdXDQnN.exe
  2⤵
  PID:7272
- C:\Windows\System\kFysUJQ.exe
  C:\Windows\System\kFysUJQ.exe
  2⤵
  PID:7288
- C:\Windows\System\SwAEtjJ.exe
  C:\Windows\System\SwAEtjJ.exe
  2⤵
  PID:7304
- C:\Windows\System\CzzPmew.exe
  C:\Windows\System\CzzPmew.exe
  2⤵
  PID:7320
- C:\Windows\System\ttkktUw.exe
  C:\Windows\System\ttkktUw.exe
  2⤵
  PID:7336
- C:\Windows\System\SNKbdnw.exe
  C:\Windows\System\SNKbdnw.exe
  2⤵
  PID:7360
- C:\Windows\System\NAgiFzQ.exe
  C:\Windows\System\NAgiFzQ.exe
  2⤵
  PID:7388
- C:\Windows\System\fkQGHeh.exe
  C:\Windows\System\fkQGHeh.exe
  2⤵
  PID:7404
- C:\Windows\System\GpRBOiI.exe
  C:\Windows\System\GpRBOiI.exe
  2⤵
  PID:7420
- C:\Windows\System\CJxvsjL.exe
  C:\Windows\System\CJxvsjL.exe
  2⤵
  PID:7436
- C:\Windows\System\uXatCcy.exe
  C:\Windows\System\uXatCcy.exe
  2⤵
  PID:7452
- C:\Windows\System\CrwYpaZ.exe
  C:\Windows\System\CrwYpaZ.exe
  2⤵
  PID:7468
- C:\Windows\System\IjwUyvR.exe
  C:\Windows\System\IjwUyvR.exe
  2⤵
  PID:7484
- C:\Windows\System\bUrQPfK.exe
  C:\Windows\System\bUrQPfK.exe
  2⤵
  PID:7500
- C:\Windows\System\sTiNKOt.exe
  C:\Windows\System\sTiNKOt.exe
  2⤵
  PID:7516
- C:\Windows\System\rtTgPAK.exe
  C:\Windows\System\rtTgPAK.exe
  2⤵
  PID:7532
- C:\Windows\System\GArBvWB.exe
  C:\Windows\System\GArBvWB.exe
  2⤵
  PID:7548
- C:\Windows\System\PWdINjo.exe
  C:\Windows\System\PWdINjo.exe
  2⤵
  PID:7564
- C:\Windows\System\ZrXGOYq.exe
  C:\Windows\System\ZrXGOYq.exe
  2⤵
  PID:7580
- C:\Windows\System\qsuvgeR.exe
  C:\Windows\System\qsuvgeR.exe
  2⤵
  PID:7596
- C:\Windows\System\DmPGSHk.exe
  C:\Windows\System\DmPGSHk.exe
  2⤵
  PID:7612
- C:\Windows\System\mfxxdpw.exe
  C:\Windows\System\mfxxdpw.exe
  2⤵
  PID:7628
- C:\Windows\System\jEOgbdz.exe
  C:\Windows\System\jEOgbdz.exe
  2⤵
  PID:7644
- C:\Windows\System\BEegJIp.exe
  C:\Windows\System\BEegJIp.exe
  2⤵
  PID:7672
- C:\Windows\System\VXvZsGZ.exe
  C:\Windows\System\VXvZsGZ.exe
  2⤵
  PID:7692
- C:\Windows\System\RPVugHN.exe
  C:\Windows\System\RPVugHN.exe
  2⤵
  PID:7708
- C:\Windows\System\kNlaprI.exe
  C:\Windows\System\kNlaprI.exe
  2⤵
  PID:7724
- C:\Windows\System\kbnKEsi.exe
  C:\Windows\System\kbnKEsi.exe
  2⤵
  PID:7744
- C:\Windows\System\ycylIrc.exe
  C:\Windows\System\ycylIrc.exe
  2⤵
  PID:7760
- C:\Windows\System\ZziUGft.exe
  C:\Windows\System\ZziUGft.exe
  2⤵
  PID:7776
- C:\Windows\System\mXVYRnw.exe
  C:\Windows\System\mXVYRnw.exe
  2⤵
  PID:7796
- C:\Windows\System\wcDhjHF.exe
  C:\Windows\System\wcDhjHF.exe
  2⤵
  PID:7812
- C:\Windows\System\iqsetSb.exe
  C:\Windows\System\iqsetSb.exe
  2⤵
  PID:7828
- C:\Windows\System\IWjZtwx.exe
  C:\Windows\System\IWjZtwx.exe
  2⤵
  PID:7844
- C:\Windows\System\PJzLrow.exe
  C:\Windows\System\PJzLrow.exe
  2⤵
  PID:7860
- C:\Windows\System\kthKucu.exe
  C:\Windows\System\kthKucu.exe
  2⤵
  PID:7876
- C:\Windows\System\ljXIAMo.exe
  C:\Windows\System\ljXIAMo.exe
  2⤵
  PID:7892
- C:\Windows\System\pmdcIql.exe
  C:\Windows\System\pmdcIql.exe
  2⤵
  PID:7908
- C:\Windows\System\HPLUoNa.exe
  C:\Windows\System\HPLUoNa.exe
  2⤵
  PID:7924
- C:\Windows\System\PASYXrn.exe
  C:\Windows\System\PASYXrn.exe
  2⤵
  PID:7940
- C:\Windows\System\aoVAJSN.exe
  C:\Windows\System\aoVAJSN.exe
  2⤵
  PID:7956
- C:\Windows\System\PruHVVQ.exe
  C:\Windows\System\PruHVVQ.exe
  2⤵
  PID:7972
- C:\Windows\System\EoqUmMD.exe
  C:\Windows\System\EoqUmMD.exe
  2⤵
  PID:7988
- C:\Windows\System\PIAAIov.exe
  C:\Windows\System\PIAAIov.exe
  2⤵
  PID:8004
- C:\Windows\System\JjJFFWM.exe
  C:\Windows\System\JjJFFWM.exe
  2⤵
  PID:8020
- C:\Windows\System\tMiPvTK.exe
  C:\Windows\System\tMiPvTK.exe
  2⤵
  PID:8048
- C:\Windows\System\OuoCEFl.exe
  C:\Windows\System\OuoCEFl.exe
  2⤵
  PID:8076
- C:\Windows\System\WVzifnd.exe
  C:\Windows\System\WVzifnd.exe
  2⤵
  PID:8096
- C:\Windows\System\knwJqOd.exe
  C:\Windows\System\knwJqOd.exe
  2⤵
  PID:8112
- C:\Windows\System\gUgkOvU.exe
  C:\Windows\System\gUgkOvU.exe
  2⤵
  PID:8128
- C:\Windows\System\pDosqWT.exe
  C:\Windows\System\pDosqWT.exe
  2⤵
  PID:8144
- C:\Windows\System\RnrYaTc.exe
  C:\Windows\System\RnrYaTc.exe
  2⤵
  PID:8164
- C:\Windows\System\cgUXdOY.exe
  C:\Windows\System\cgUXdOY.exe
  2⤵
  PID:8180
- C:\Windows\System\CuRbVck.exe
  C:\Windows\System\CuRbVck.exe
  2⤵
  PID:868
- C:\Windows\System\SLBOfBF.exe
  C:\Windows\System\SLBOfBF.exe
  2⤵
  PID:7184
- C:\Windows\System\vwiIbOu.exe
  C:\Windows\System\vwiIbOu.exe
  2⤵
  PID:7216
- C:\Windows\System\aWfuwEI.exe
  C:\Windows\System\aWfuwEI.exe
  2⤵
  PID:7280
- C:\Windows\System\CknKlyN.exe
  C:\Windows\System\CknKlyN.exe
  2⤵
  PID:7300
- C:\Windows\System\oGBEruu.exe
  C:\Windows\System\oGBEruu.exe
  2⤵
  PID:7348
- C:\Windows\System\ZCtUbrC.exe
  C:\Windows\System\ZCtUbrC.exe
  2⤵
  PID:7264
- C:\Windows\System\RDifdVA.exe
  C:\Windows\System\RDifdVA.exe
  2⤵
  PID:7328
- C:\Windows\System\WZfrpYZ.exe
  C:\Windows\System\WZfrpYZ.exe
  2⤵
  PID:7372
- C:\Windows\System\eclvBis.exe
  C:\Windows\System\eclvBis.exe
  2⤵
  PID:7412
- C:\Windows\System\eaRMFuY.exe
  C:\Windows\System\eaRMFuY.exe
  2⤵
  PID:7432
- C:\Windows\System\ZHJuBqk.exe
  C:\Windows\System\ZHJuBqk.exe
  2⤵
  PID:7476
- C:\Windows\System\EpqPovW.exe
  C:\Windows\System\EpqPovW.exe
  2⤵
  PID:7496
- C:\Windows\System\jJLvmxe.exe
  C:\Windows\System\jJLvmxe.exe
  2⤵
  PID:7544
- C:\Windows\System\rrzzfqb.exe
  C:\Windows\System\rrzzfqb.exe
  2⤵
  PID:7508
- C:\Windows\System\aJFdrdC.exe
  C:\Windows\System\aJFdrdC.exe
  2⤵
  PID:7620
- C:\Windows\System\CPZLtpH.exe
  C:\Windows\System\CPZLtpH.exe
  2⤵
  PID:7636
- C:\Windows\System\EieKqwx.exe
  C:\Windows\System\EieKqwx.exe
  2⤵
  PID:7656
- C:\Windows\System\ZwNfrDJ.exe
  C:\Windows\System\ZwNfrDJ.exe
  2⤵
  PID:7700
- C:\Windows\System\TVSScdc.exe
  C:\Windows\System\TVSScdc.exe
  2⤵
  PID:7716
- C:\Windows\System\XitSQle.exe
  C:\Windows\System\XitSQle.exe
  2⤵
  PID:7732
- C:\Windows\System\yZzCmuh.exe
  C:\Windows\System\yZzCmuh.exe
  2⤵
  PID:7752
- C:\Windows\System\SHByrkj.exe
  C:\Windows\System\SHByrkj.exe
  2⤵
  PID:7820
- C:\Windows\System\WegWjFo.exe
  C:\Windows\System\WegWjFo.exe
  2⤵
  PID:7788
- C:\Windows\System\cONxTbV.exe
  C:\Windows\System\cONxTbV.exe
  2⤵
  PID:7852
- C:\Windows\System\IdpQfdg.exe
  C:\Windows\System\IdpQfdg.exe
  2⤵
  PID:7932
- C:\Windows\System\kiQKBrU.exe
  C:\Windows\System\kiQKBrU.exe
  2⤵
  PID:7968
- C:\Windows\System\OhoggVD.exe
  C:\Windows\System\OhoggVD.exe
  2⤵
  PID:7952
- C:\Windows\System\jIzSjsy.exe
  C:\Windows\System\jIzSjsy.exe
  2⤵
  PID:8012
- C:\Windows\System\VhxIivz.exe
  C:\Windows\System\VhxIivz.exe
  2⤵
  PID:672
- C:\Windows\System\UZltpEj.exe
  C:\Windows\System\UZltpEj.exe
  2⤵
  PID:8056
- C:\Windows\System\MRSvzjb.exe
  C:\Windows\System\MRSvzjb.exe
  2⤵
  PID:8064
- C:\Windows\System\zjQgFpp.exe
  C:\Windows\System\zjQgFpp.exe
  2⤵
  PID:8084
- C:\Windows\System\bekibXa.exe
  C:\Windows\System\bekibXa.exe
  2⤵
  PID:8124
- C:\Windows\System\uWaznWu.exe
  C:\Windows\System\uWaznWu.exe
  2⤵
  PID:8136
- C:\Windows\System\CJSkGTH.exe
  C:\Windows\System\CJSkGTH.exe
  2⤵
  PID:8108
- C:\Windows\System\wlBjRqA.exe
  C:\Windows\System\wlBjRqA.exe
  2⤵
  PID:6512
- C:\Windows\System\VpcmMjg.exe
  C:\Windows\System\VpcmMjg.exe
  2⤵
  PID:7312
- C:\Windows\System\uoNzddz.exe
  C:\Windows\System\uoNzddz.exe
  2⤵
  PID:7368
- C:\Windows\System\ClLXrgH.exe
  C:\Windows\System\ClLXrgH.exe
  2⤵
  PID:7492
- C:\Windows\System\bXezuyB.exe
  C:\Windows\System\bXezuyB.exe
  2⤵
  PID:7356
- C:\Windows\System\MDExbPx.exe
  C:\Windows\System\MDExbPx.exe
  2⤵
  PID:7444
- C:\Windows\System\ZqHqEdY.exe
  C:\Windows\System\ZqHqEdY.exe
  2⤵
  PID:7512
- C:\Windows\System\GcPidOl.exe
  C:\Windows\System\GcPidOl.exe
  2⤵
  PID:7540
- C:\Windows\System\hsUZSFB.exe
  C:\Windows\System\hsUZSFB.exe
  2⤵
  PID:7664
- C:\Windows\System\tyldiHf.exe
  C:\Windows\System\tyldiHf.exe
  2⤵
  PID:7868
- C:\Windows\System\vtUduVZ.exe
  C:\Windows\System\vtUduVZ.exe
  2⤵
  PID:7792
- C:\Windows\System\UnGftqK.exe
  C:\Windows\System\UnGftqK.exe
  2⤵
  PID:7920
- C:\Windows\System\OXiOjHY.exe
  C:\Windows\System\OXiOjHY.exe
  2⤵
  PID:7804
- C:\Windows\System\iMbJeup.exe
  C:\Windows\System\iMbJeup.exe
  2⤵
  PID:7808
- C:\Windows\System\KAyTBwr.exe
  C:\Windows\System\KAyTBwr.exe
  2⤵
  PID:7948
- C:\Windows\System\ytuIIXW.exe
  C:\Windows\System\ytuIIXW.exe
  2⤵
  PID:8032
- C:\Windows\System\HQpktLc.exe
  C:\Windows\System\HQpktLc.exe
  2⤵
  PID:8092
- C:\Windows\System\swiCPlj.exe
  C:\Windows\System\swiCPlj.exe
  2⤵
  PID:8176
- C:\Windows\System\PayCEFv.exe
  C:\Windows\System\PayCEFv.exe
  2⤵
  PID:7344
- C:\Windows\System\fMOcsft.exe
  C:\Windows\System\fMOcsft.exe
  2⤵
  PID:8188
- C:\Windows\System\KTnfAWG.exe
  C:\Windows\System\KTnfAWG.exe
  2⤵
  PID:7736
- C:\Windows\System\YAVLBaU.exe
  C:\Windows\System\YAVLBaU.exe
  2⤵
  PID:6916
- C:\Windows\System\ZXEYKov.exe
  C:\Windows\System\ZXEYKov.exe
  2⤵
  PID:7772
- C:\Windows\System\GMfROpu.exe
  C:\Windows\System\GMfROpu.exe
  2⤵
  PID:7936
- C:\Windows\System\YRKHpHM.exe
  C:\Windows\System\YRKHpHM.exe
  2⤵
  PID:7984
- C:\Windows\System\OxIHcfs.exe
  C:\Windows\System\OxIHcfs.exe
  2⤵
  PID:8044
- C:\Windows\System\ztihCfy.exe
  C:\Windows\System\ztihCfy.exe
  2⤵
  PID:7576
- C:\Windows\System\AUmnWwP.exe
  C:\Windows\System\AUmnWwP.exe
  2⤵
  PID:8068
- C:\Windows\System\ppHpwxJ.exe
  C:\Windows\System\ppHpwxJ.exe
  2⤵
  PID:7464
- C:\Windows\System\jvIUcCC.exe
  C:\Windows\System\jvIUcCC.exe
  2⤵
  PID:7268
- C:\Windows\System\yNgBcZC.exe
  C:\Windows\System\yNgBcZC.exe
  2⤵
  PID:7668
- C:\Windows\System\vRLtLwi.exe
  C:\Windows\System\vRLtLwi.exe
  2⤵
  PID:8104
- C:\Windows\System\wfiZxXU.exe
  C:\Windows\System\wfiZxXU.exe
  2⤵
  PID:8060
- C:\Windows\System\IngMLIw.exe
  C:\Windows\System\IngMLIw.exe
  2⤵
  PID:7252
- C:\Windows\System\YeNixTy.exe
  C:\Windows\System\YeNixTy.exe
  2⤵
  PID:7688
- C:\Windows\System\ajhmWMZ.exe
  C:\Windows\System\ajhmWMZ.exe
  2⤵
  PID:8200
- C:\Windows\System\oWAulJe.exe
  C:\Windows\System\oWAulJe.exe
  2⤵
  PID:8216
- C:\Windows\System\fvcuTsy.exe
  C:\Windows\System\fvcuTsy.exe
  2⤵
  PID:8232
- C:\Windows\System\KZpQfGE.exe
  C:\Windows\System\KZpQfGE.exe
  2⤵
  PID:8252
- C:\Windows\System\DMOgXGK.exe
  C:\Windows\System\DMOgXGK.exe
  2⤵
  PID:8272
- C:\Windows\System\KOwXPjY.exe
  C:\Windows\System\KOwXPjY.exe
  2⤵
  PID:8292
- C:\Windows\System\yaHnoVF.exe
  C:\Windows\System\yaHnoVF.exe
  2⤵
  PID:8336
- C:\Windows\System\UfYIGBV.exe
  C:\Windows\System\UfYIGBV.exe
  2⤵
  PID:8368
- C:\Windows\System\YNsPcpk.exe
  C:\Windows\System\YNsPcpk.exe
  2⤵
  PID:8384
- C:\Windows\System\JPhiKDs.exe
  C:\Windows\System\JPhiKDs.exe
  2⤵
  PID:8400
- C:\Windows\System\ABGAVsW.exe
  C:\Windows\System\ABGAVsW.exe
  2⤵
  PID:8420
- C:\Windows\System\CMXktFM.exe
  C:\Windows\System\CMXktFM.exe
  2⤵
  PID:8440
- C:\Windows\System\zcmioMi.exe
  C:\Windows\System\zcmioMi.exe
  2⤵
  PID:8456
- C:\Windows\System\CMnaTxl.exe
  C:\Windows\System\CMnaTxl.exe
  2⤵
  PID:8472
- C:\Windows\System\ZPzbXUK.exe
  C:\Windows\System\ZPzbXUK.exe
  2⤵
  PID:8488
- C:\Windows\System\uLIBxUZ.exe
  C:\Windows\System\uLIBxUZ.exe
  2⤵
  PID:8504
- C:\Windows\System\AOvycxH.exe
  C:\Windows\System\AOvycxH.exe
  2⤵
  PID:8520
- C:\Windows\System\dXyqdwO.exe
  C:\Windows\System\dXyqdwO.exe
  2⤵
  PID:8536
- C:\Windows\System\qsaUzzO.exe
  C:\Windows\System\qsaUzzO.exe
  2⤵
  PID:8552
- C:\Windows\System\DNuzEDD.exe
  C:\Windows\System\DNuzEDD.exe
  2⤵
  PID:8568
- C:\Windows\System\OMmuDsf.exe
  C:\Windows\System\OMmuDsf.exe
  2⤵
  PID:8584
- C:\Windows\System\gDeqgbY.exe
  C:\Windows\System\gDeqgbY.exe
  2⤵
  PID:8604
- C:\Windows\System\gSWpCcO.exe
  C:\Windows\System\gSWpCcO.exe
  2⤵
  PID:8620
- C:\Windows\System\UrHhGch.exe
  C:\Windows\System\UrHhGch.exe
  2⤵
  PID:8636
- C:\Windows\System\jFDOibO.exe
  C:\Windows\System\jFDOibO.exe
  2⤵
  PID:8652
- C:\Windows\System\sRwEDiN.exe
  C:\Windows\System\sRwEDiN.exe
  2⤵
  PID:8668
- C:\Windows\System\glYpnLZ.exe
  C:\Windows\System\glYpnLZ.exe
  2⤵
  PID:8684
- C:\Windows\System\rupNzxt.exe
  C:\Windows\System\rupNzxt.exe
  2⤵
  PID:8700
- C:\Windows\System\zliXZdi.exe
  C:\Windows\System\zliXZdi.exe
  2⤵
  PID:8716
- C:\Windows\System\ZcXFpIC.exe
  C:\Windows\System\ZcXFpIC.exe
  2⤵
  PID:8732
- C:\Windows\System\JEoyFse.exe
  C:\Windows\System\JEoyFse.exe
  2⤵
  PID:8748
- C:\Windows\System\anWiksq.exe
  C:\Windows\System\anWiksq.exe
  2⤵
  PID:8768
- C:\Windows\System\IaPOWnL.exe
  C:\Windows\System\IaPOWnL.exe
  2⤵
  PID:8784
- C:\Windows\System\kJfPXRs.exe
  C:\Windows\System\kJfPXRs.exe
  2⤵
  PID:8800
- C:\Windows\System\EGFbQTz.exe
  C:\Windows\System\EGFbQTz.exe
  2⤵
  PID:8816
- C:\Windows\System\xDLWjrt.exe
  C:\Windows\System\xDLWjrt.exe
  2⤵
  PID:8832
- C:\Windows\System\uErKuWm.exe
  C:\Windows\System\uErKuWm.exe
  2⤵
  PID:8848
- C:\Windows\System\PDWuHdV.exe
  C:\Windows\System\PDWuHdV.exe
  2⤵
  PID:8868
- C:\Windows\System\iJiuDvF.exe
  C:\Windows\System\iJiuDvF.exe
  2⤵
  PID:8884
- C:\Windows\System\PGUZVaQ.exe
  C:\Windows\System\PGUZVaQ.exe
  2⤵
  PID:8904
- C:\Windows\System\VswNCnx.exe
  C:\Windows\System\VswNCnx.exe
  2⤵
  PID:8920
- C:\Windows\System\bmgzaSc.exe
  C:\Windows\System\bmgzaSc.exe
  2⤵
  PID:8936
- C:\Windows\System\aVAvzho.exe
  C:\Windows\System\aVAvzho.exe
  2⤵
  PID:8952
- C:\Windows\System\UHRCNqA.exe
  C:\Windows\System\UHRCNqA.exe
  2⤵
  PID:8968
- C:\Windows\System\GxXcIlh.exe
  C:\Windows\System\GxXcIlh.exe
  2⤵
  PID:8984
- C:\Windows\System\AGSrsdz.exe
  C:\Windows\System\AGSrsdz.exe
  2⤵
  PID:9000
- C:\Windows\System\mGTzBNt.exe
  C:\Windows\System\mGTzBNt.exe
  2⤵
  PID:9016
- C:\Windows\System\QUvizNL.exe
  C:\Windows\System\QUvizNL.exe
  2⤵
  PID:9032
- C:\Windows\System\yWZhnbm.exe
  C:\Windows\System\yWZhnbm.exe
  2⤵
  PID:9048
- C:\Windows\System\adVkiZI.exe
  C:\Windows\System\adVkiZI.exe
  2⤵
  PID:9064
- C:\Windows\System\EfxWlRP.exe
  C:\Windows\System\EfxWlRP.exe
  2⤵
  PID:9084
- C:\Windows\System\kcBVhzM.exe
  C:\Windows\System\kcBVhzM.exe
  2⤵
  PID:9100
- C:\Windows\System\XzfRDkh.exe
  C:\Windows\System\XzfRDkh.exe
  2⤵
  PID:9116
- C:\Windows\System\FimfTJM.exe
  C:\Windows\System\FimfTJM.exe
  2⤵
  PID:9132
- C:\Windows\System\TBAeUni.exe
  C:\Windows\System\TBAeUni.exe
  2⤵
  PID:9148
- C:\Windows\System\hLroSsX.exe
  C:\Windows\System\hLroSsX.exe
  2⤵
  PID:9164
- C:\Windows\System\JgKBZUK.exe
  C:\Windows\System\JgKBZUK.exe
  2⤵
  PID:9180
- C:\Windows\System\sHMaYuL.exe
  C:\Windows\System\sHMaYuL.exe
  2⤵
  PID:9196
- C:\Windows\System\wARYRCf.exe
  C:\Windows\System\wARYRCf.exe
  2⤵
  PID:9212
- C:\Windows\System\QwmBGUp.exe
  C:\Windows\System\QwmBGUp.exe
  2⤵
  PID:7232
- C:\Windows\System\bSnMWUf.exe
  C:\Windows\System\bSnMWUf.exe
  2⤵
  PID:8228
- C:\Windows\System\giILhOq.exe
  C:\Windows\System\giILhOq.exe
  2⤵
  PID:8268
- C:\Windows\System\PMwQIXP.exe
  C:\Windows\System\PMwQIXP.exe
  2⤵
  PID:8288
- C:\Windows\System\wynKqFe.exe
  C:\Windows\System\wynKqFe.exe
  2⤵
  PID:8312
- C:\Windows\System\MDmWOXD.exe
  C:\Windows\System\MDmWOXD.exe
  2⤵
  PID:8324
- C:\Windows\System\IFYSWai.exe
  C:\Windows\System\IFYSWai.exe
  2⤵
  PID:8356
- C:\Windows\System\FDQADBY.exe
  C:\Windows\System\FDQADBY.exe
  2⤵
  PID:8396
- C:\Windows\System\CQqYCbC.exe
  C:\Windows\System\CQqYCbC.exe
  2⤵
  PID:8432
- C:\Windows\System\EUwyqeG.exe
  C:\Windows\System\EUwyqeG.exe
  2⤵
  PID:8332
- C:\Windows\System\xDQlhvn.exe
  C:\Windows\System\xDQlhvn.exe
  2⤵
  PID:8484
- C:\Windows\System\NBTCUdV.exe
  C:\Windows\System\NBTCUdV.exe
  2⤵
  PID:8560
- C:\Windows\System\zlondXg.exe
  C:\Windows\System\zlondXg.exe
  2⤵
  PID:8600
- C:\Windows\System\vqsXUrD.exe
  C:\Windows\System\vqsXUrD.exe
  2⤵
  PID:8660
- C:\Windows\System\vCMFMlb.exe
  C:\Windows\System\vCMFMlb.exe
  2⤵
  PID:8696
- C:\Windows\System\hcIXsyH.exe
  C:\Windows\System\hcIXsyH.exe
  2⤵
  PID:8740
- C:\Windows\System\ByVYDvQ.exe
  C:\Windows\System\ByVYDvQ.exe
  2⤵
  PID:8776
- C:\Windows\System\qVLCBxa.exe
  C:\Windows\System\qVLCBxa.exe
  2⤵
  PID:8824
- C:\Windows\System\VvXACLN.exe
  C:\Windows\System\VvXACLN.exe
  2⤵
  PID:8840
- C:\Windows\System\vbwkhAR.exe
  C:\Windows\System\vbwkhAR.exe
  2⤵
  PID:8260
- C:\Windows\System\IzuCyHk.exe
  C:\Windows\System\IzuCyHk.exe
  2⤵
  PID:7188
- C:\Windows\System\ruXwoYv.exe
  C:\Windows\System\ruXwoYv.exe
  2⤵
  PID:8348
- C:\Windows\System\cOImPNF.exe
  C:\Windows\System\cOImPNF.exe
  2⤵
  PID:9040
- C:\Windows\System\gDwKOHt.exe
  C:\Windows\System\gDwKOHt.exe
  2⤵
  PID:9096
- C:\Windows\System\RzPdxYR.exe
  C:\Windows\System\RzPdxYR.exe
  2⤵
  PID:8244
- C:\Windows\System\VfbPeHN.exe
  C:\Windows\System\VfbPeHN.exe
  2⤵
  PID:9108
- C:\Windows\System\iCzzwRf.exe
  C:\Windows\System\iCzzwRf.exe
  2⤵
  PID:9092
- C:\Windows\System\bCQSgBs.exe
  C:\Windows\System\bCQSgBs.exe
  2⤵
  PID:9208
- C:\Windows\System\NxzSdrO.exe
  C:\Windows\System\NxzSdrO.exe
  2⤵
  PID:8528
- C:\Windows\System\SRjTRUy.exe
  C:\Windows\System\SRjTRUy.exe
  2⤵
  PID:8680
- C:\Windows\System\ADLDZgH.exe
  C:\Windows\System\ADLDZgH.exe
  2⤵
  PID:8764
- C:\Windows\System\PlmyJWk.exe
  C:\Windows\System\PlmyJWk.exe
  2⤵
  PID:8724
- C:\Windows\System\ukNEchC.exe
  C:\Windows\System\ukNEchC.exe
  2⤵
  PID:8756
- C:\Windows\System\LMmaRfA.exe
  C:\Windows\System\LMmaRfA.exe
  2⤵
  PID:8880
- C:\Windows\System\jEYmokQ.exe
  C:\Windows\System\jEYmokQ.exe
  2⤵
  PID:8964
- C:\Windows\System\oyUiTdP.exe
  C:\Windows\System\oyUiTdP.exe
  2⤵
  PID:9024
- C:\Windows\System\LRZGfyk.exe
  C:\Windows\System\LRZGfyk.exe
  2⤵
  PID:8976
- C:\Windows\System\PwJbThK.exe
  C:\Windows\System\PwJbThK.exe
  2⤵
  PID:8928
- C:\Windows\System\oCAKUAE.exe
  C:\Windows\System\oCAKUAE.exe
  2⤵
  PID:9204
- C:\Windows\System\RHlsUVp.exe
  C:\Windows\System\RHlsUVp.exe
  2⤵
  PID:8392
- C:\Windows\System\tXwCeuJ.exe
  C:\Windows\System\tXwCeuJ.exe
  2⤵
  PID:8468
- C:\Windows\System\EfaeUOR.exe
  C:\Windows\System\EfaeUOR.exe
  2⤵
  PID:8408
- C:\Windows\System\SLzUzcJ.exe
  C:\Windows\System\SLzUzcJ.exe
  2⤵
  PID:8592
- C:\Windows\System\efEHOfR.exe
  C:\Windows\System\efEHOfR.exe
  2⤵
  PID:2548
- C:\Windows\System\AczPcNX.exe
  C:\Windows\System\AczPcNX.exe
  2⤵
  PID:8632
- C:\Windows\System\SxEQdXL.exe
  C:\Windows\System\SxEQdXL.exe
  2⤵
  PID:8796
- C:\Windows\System\XIRADFy.exe
  C:\Windows\System\XIRADFy.exe
  2⤵
  PID:8812
- C:\Windows\System\YvHYHfc.exe
  C:\Windows\System\YvHYHfc.exe
  2⤵
  PID:9028
- C:\Windows\System\uUpkWVA.exe
  C:\Windows\System\uUpkWVA.exe
  2⤵
  PID:8948
- C:\Windows\System\oYwIhHy.exe
  C:\Windows\System\oYwIhHy.exe
  2⤵
  PID:9188
- C:\Windows\System\upJcptz.exe
  C:\Windows\System\upJcptz.exe
  2⤵
  PID:8376
- C:\Windows\System\wEzrILp.exe
  C:\Windows\System\wEzrILp.exe
  2⤵
  PID:8448
- C:\Windows\System\abesZnL.exe
  C:\Windows\System\abesZnL.exe
  2⤵
  PID:8548
- C:\Windows\System\OQnvotg.exe
  C:\Windows\System\OQnvotg.exe
  2⤵
  PID:8280
- C:\Windows\System\FSHEdFc.exe
  C:\Windows\System\FSHEdFc.exe
  2⤵
  PID:8860
- C:\Windows\System\hbfesbm.exe
  C:\Windows\System\hbfesbm.exe
  2⤵
  PID:8932
- C:\Windows\System\eLDOSuT.exe
  C:\Windows\System\eLDOSuT.exe
  2⤵
  PID:9008
- C:\Windows\System\DwTRBgq.exe
  C:\Windows\System\DwTRBgq.exe
  2⤵
  PID:8480
- C:\Windows\System\UMlFdSg.exe
  C:\Windows\System\UMlFdSg.exe
  2⤵
  PID:9176
- C:\Windows\System\TQIhQFT.exe
  C:\Windows\System\TQIhQFT.exe
  2⤵
  PID:8516
- C:\Windows\System\dOqUxVp.exe
  C:\Windows\System\dOqUxVp.exe
  2⤵
  PID:9060
- C:\Windows\System\bJgQnTW.exe
  C:\Windows\System\bJgQnTW.exe
  2⤵
  PID:8304
- C:\Windows\System\GgmnhoU.exe
  C:\Windows\System\GgmnhoU.exe
  2⤵
  PID:8416
- C:\Windows\System\XCcCZEQ.exe
  C:\Windows\System\XCcCZEQ.exe
  2⤵
  PID:8628
- C:\Windows\System\FyEFxQp.exe
  C:\Windows\System\FyEFxQp.exe
  2⤵
  PID:9224
- C:\Windows\System\jfjjnAZ.exe
  C:\Windows\System\jfjjnAZ.exe
  2⤵
  PID:9244
- C:\Windows\System\gufWzgZ.exe
  C:\Windows\System\gufWzgZ.exe
  2⤵
  PID:9264
- C:\Windows\System\SjrXCDB.exe
  C:\Windows\System\SjrXCDB.exe
  2⤵
  PID:9284
- C:\Windows\System\yMrTGGa.exe
  C:\Windows\System\yMrTGGa.exe
  2⤵
  PID:9304
- C:\Windows\System\MHlwtUQ.exe
  C:\Windows\System\MHlwtUQ.exe
  2⤵
  PID:9328
- C:\Windows\System\MkVpZgX.exe
  C:\Windows\System\MkVpZgX.exe
  2⤵
  PID:9352
- C:\Windows\System\sAnDXcq.exe
  C:\Windows\System\sAnDXcq.exe
  2⤵
  PID:9368
- C:\Windows\System\xhiQHIq.exe
  C:\Windows\System\xhiQHIq.exe
  2⤵
  PID:9396
- C:\Windows\System\cqafbvX.exe
  C:\Windows\System\cqafbvX.exe
  2⤵
  PID:9416
- C:\Windows\System\AhGEPIF.exe
  C:\Windows\System\AhGEPIF.exe
  2⤵
  PID:9432
- C:\Windows\System\SePINxY.exe
  C:\Windows\System\SePINxY.exe
  2⤵
  PID:9452
- C:\Windows\System\jDhIOHn.exe
  C:\Windows\System\jDhIOHn.exe
  2⤵
  PID:9476
- C:\Windows\System\LULZbPV.exe
  C:\Windows\System\LULZbPV.exe
  2⤵
  PID:9492
- C:\Windows\System\pzYYvhl.exe
  C:\Windows\System\pzYYvhl.exe
  2⤵
  PID:9508
- C:\Windows\System\LwZsqLF.exe
  C:\Windows\System\LwZsqLF.exe
  2⤵
  PID:9524
- C:\Windows\System\keLQLqj.exe
  C:\Windows\System\keLQLqj.exe
  2⤵
  PID:9540
- C:\Windows\System\kRAGjpE.exe
  C:\Windows\System\kRAGjpE.exe
  2⤵
  PID:9556
- C:\Windows\System\ySRnTpY.exe
  C:\Windows\System\ySRnTpY.exe
  2⤵
  PID:9580
- C:\Windows\System\NtdIpfa.exe
  C:\Windows\System\NtdIpfa.exe
  2⤵
  PID:9600
- C:\Windows\System\qFKImhi.exe
  C:\Windows\System\qFKImhi.exe
  2⤵
  PID:9620
- C:\Windows\System\gWVrPSW.exe
  C:\Windows\System\gWVrPSW.exe
  2⤵
  PID:9636
- C:\Windows\System\zYmyTQm.exe
  C:\Windows\System\zYmyTQm.exe
  2⤵
  PID:9656
- C:\Windows\System\kfFtZDE.exe
  C:\Windows\System\kfFtZDE.exe
  2⤵
  PID:9676
- C:\Windows\System\DohtKBh.exe
  C:\Windows\System\DohtKBh.exe
  2⤵
  PID:9692
- C:\Windows\System\nwVtLHd.exe
  C:\Windows\System\nwVtLHd.exe
  2⤵
  PID:9736
- C:\Windows\System\NmbubFB.exe
  C:\Windows\System\NmbubFB.exe
  2⤵
  PID:9756
- C:\Windows\System\komvLyX.exe
  C:\Windows\System\komvLyX.exe
  2⤵
  PID:9772
- C:\Windows\System\zBuhMFI.exe
  C:\Windows\System\zBuhMFI.exe
  2⤵
  PID:9788
- C:\Windows\System\jCApTZu.exe
  C:\Windows\System\jCApTZu.exe
  2⤵
  PID:9804
- C:\Windows\System\gffxtrL.exe
  C:\Windows\System\gffxtrL.exe
  2⤵
  PID:9832
- C:\Windows\System\WZiIvQn.exe
  C:\Windows\System\WZiIvQn.exe
  2⤵
  PID:9860
- C:\Windows\System\JlVJmlZ.exe
  C:\Windows\System\JlVJmlZ.exe
  2⤵
  PID:9876
- C:\Windows\System\KuCxeKE.exe
  C:\Windows\System\KuCxeKE.exe
  2⤵
  PID:9892
- C:\Windows\System\OIijqbn.exe
  C:\Windows\System\OIijqbn.exe
  2⤵
  PID:9908
- C:\Windows\System\iKzpavl.exe
  C:\Windows\System\iKzpavl.exe
  2⤵
  PID:9924
- C:\Windows\System\FRvUcqe.exe
  C:\Windows\System\FRvUcqe.exe
  2⤵
  PID:9940
- C:\Windows\System\jrBmERt.exe
  C:\Windows\System\jrBmERt.exe
  2⤵
  PID:9956
- C:\Windows\System\EaBZMNb.exe
  C:\Windows\System\EaBZMNb.exe
  2⤵
  PID:9972
- C:\Windows\System\HgqxcOb.exe
  C:\Windows\System\HgqxcOb.exe
  2⤵
  PID:9988
- C:\Windows\System\rZdivFu.exe
  C:\Windows\System\rZdivFu.exe
  2⤵
  PID:10004
- C:\Windows\System\qZaZXMR.exe
  C:\Windows\System\qZaZXMR.exe
  2⤵
  PID:10020
- C:\Windows\System\zbmBCBW.exe
  C:\Windows\System\zbmBCBW.exe
  2⤵
  PID:10036
- C:\Windows\System\loqfpDn.exe
  C:\Windows\System\loqfpDn.exe
  2⤵
  PID:10052
- C:\Windows\System\DSTCBie.exe
  C:\Windows\System\DSTCBie.exe
  2⤵
  PID:10072
- C:\Windows\System\VPqYgUm.exe
  C:\Windows\System\VPqYgUm.exe
  2⤵
  PID:10092
- C:\Windows\System\alPJdIj.exe
  C:\Windows\System\alPJdIj.exe
  2⤵
  PID:10132
- C:\Windows\System\bRlFXTT.exe
  C:\Windows\System\bRlFXTT.exe
  2⤵
  PID:10152
- C:\Windows\System\yUBGYUW.exe
  C:\Windows\System\yUBGYUW.exe
  2⤵
  PID:10168
- C:\Windows\System\GVprEut.exe
  C:\Windows\System\GVprEut.exe
  2⤵
  PID:10184
- C:\Windows\System\tluyGHi.exe
  C:\Windows\System\tluyGHi.exe
  2⤵
  PID:10200
- C:\Windows\System\VgcDwlL.exe
  C:\Windows\System\VgcDwlL.exe
  2⤵
  PID:10216
- C:\Windows\System\FXKvnIY.exe
  C:\Windows\System\FXKvnIY.exe
  2⤵
  PID:10232
- C:\Windows\System\bbOTYKt.exe
  C:\Windows\System\bbOTYKt.exe
  2⤵
  PID:9220
- C:\Windows\System\zVNkxFG.exe
  C:\Windows\System\zVNkxFG.exe
  2⤵
  PID:9232
- C:\Windows\System\PjzxmHF.exe
  C:\Windows\System\PjzxmHF.exe
  2⤵
  PID:9280
- C:\Windows\System\ANRGIZM.exe
  C:\Windows\System\ANRGIZM.exe
  2⤵
  PID:9296
- C:\Windows\System\zNuYQwq.exe
  C:\Windows\System\zNuYQwq.exe
  2⤵
  PID:9324
- C:\Windows\System\UOmdBat.exe
  C:\Windows\System\UOmdBat.exe
  2⤵
  PID:9344
- C:\Windows\System\qOEfCvF.exe
  C:\Windows\System\qOEfCvF.exe
  2⤵
  PID:9364
- C:\Windows\System\BhvqnYY.exe
  C:\Windows\System\BhvqnYY.exe
  2⤵
  PID:9392
- C:\Windows\System\KKlxpFp.exe
  C:\Windows\System\KKlxpFp.exe
  2⤵
  PID:9408
- C:\Windows\System\uTfzMvc.exe
  C:\Windows\System\uTfzMvc.exe
  2⤵
  PID:9444
- C:\Windows\System\LdpxhFC.exe
  C:\Windows\System\LdpxhFC.exe
  2⤵
  PID:9448
- C:\Windows\System\iaFdpIP.exe
  C:\Windows\System\iaFdpIP.exe
  2⤵
  PID:9536
- C:\Windows\System\xtXtoFe.exe
  C:\Windows\System\xtXtoFe.exe
  2⤵
  PID:9576
- C:\Windows\System\yjtaJQH.exe
  C:\Windows\System\yjtaJQH.exe
  2⤵
  PID:9488
- C:\Windows\System\vcbKFXU.exe
  C:\Windows\System\vcbKFXU.exe
  2⤵
  PID:9664
- C:\Windows\System\glJhZSP.exe
  C:\Windows\System\glJhZSP.exe
  2⤵
  PID:9552
- C:\Windows\System\cAGvkIR.exe
  C:\Windows\System\cAGvkIR.exe
  2⤵
  PID:9628
- C:\Windows\System\PYeTMTT.exe
  C:\Windows\System\PYeTMTT.exe
  2⤵
  PID:9688
- C:\Windows\System\MFzTmCI.exe
  C:\Windows\System\MFzTmCI.exe
  2⤵
  PID:9668
- C:\Windows\System\jMLnkJt.exe
  C:\Windows\System\jMLnkJt.exe
  2⤵
  PID:9728
- C:\Windows\System\PDvgFJT.exe
  C:\Windows\System\PDvgFJT.exe
  2⤵
  PID:9752
- C:\Windows\System\RHKlfhT.exe
  C:\Windows\System\RHKlfhT.exe
  2⤵
  PID:9784
- C:\Windows\System\PyLDeui.exe
  C:\Windows\System\PyLDeui.exe
  2⤵
  PID:9840
- C:\Windows\System\wtZOPSm.exe
  C:\Windows\System\wtZOPSm.exe
  2⤵
  PID:10016
- C:\Windows\System\IjYoxSs.exe
  C:\Windows\System\IjYoxSs.exe
  2⤵
  PID:9964
- C:\Windows\System\ZTXKYll.exe
  C:\Windows\System\ZTXKYll.exe
  2⤵
  PID:10032
- C:\Windows\System\LdMjLfi.exe
  C:\Windows\System\LdMjLfi.exe
  2⤵
  PID:9980
- C:\Windows\System\nRtIDKY.exe
  C:\Windows\System\nRtIDKY.exe
  2⤵
  PID:10164
- C:\Windows\System\qjFFOnR.exe
  C:\Windows\System\qjFFOnR.exe
  2⤵
  PID:10196
- C:\Windows\System\ACNIMVU.exe
  C:\Windows\System\ACNIMVU.exe
  2⤵
  PID:9272
- C:\Windows\System\Jjxomwx.exe
  C:\Windows\System\Jjxomwx.exe
  2⤵
  PID:9340
- C:\Windows\System\yyLRtFU.exe
  C:\Windows\System\yyLRtFU.exe
  2⤵
  PID:10148
- C:\Windows\System\mgGQFqF.exe
  C:\Windows\System\mgGQFqF.exe
  2⤵
  PID:9240
- C:\Windows\System\URUFgOJ.exe
  C:\Windows\System\URUFgOJ.exe
  2⤵
  PID:9384
- C:\Windows\System\cLtWiEv.exe
  C:\Windows\System\cLtWiEv.exe
  2⤵
  PID:9412
- C:\Windows\System\UfeaFTH.exe
  C:\Windows\System\UfeaFTH.exe
  2⤵
  PID:9532
- C:\Windows\System\MHPFVEo.exe
  C:\Windows\System\MHPFVEo.exe
  2⤵
  PID:9644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BUYcnKw.exe

Filesize
6.0MB

MD5
7fa3dd9dd723de09440eb666f87c4428

SHA1
b2c6b4f335038da5a42a7444f29b9c6c3a1e4361

SHA256
a5a5af8afe20032e7ffa199ef7da14cbd79bc70eb3e97043872dc9004be8dc40

SHA512
43858762ff1bb24d32e104dbb0ecaa15e30ae307f6a621d3b96f42bf78c9da203cb596f90ab947d96d74f69b08497d981723bc996b95f121101f0e08e4049635

Download Submit
C:\Windows\system\EsUOEVf.exe

Filesize
6.0MB

MD5
5b3f10358572e96eb4a6aeee66a1e035

SHA1
4e66536f98c61bf829cbdbef2620068fd9b89e80

SHA256
cffeef2815c4ae5d17a1faa6dc79bb0b670f57df5f86ecee0edb6c15e644b9d5

SHA512
8ad28965321f6e13e61a5f36a28950f7423b70581a33fd89f479f822c8a7c97437bbee96c86147f06b96cadaeffad915625725ef400f50d66733b8148bf00a9e

Download Submit
C:\Windows\system\FKEmtox.exe

Filesize
6.0MB

MD5
3fdd838605d2aa5a38c9392f69f408f8

SHA1
e6c27e0167dee184f1a3ffce31900dbe3f974b5f

SHA256
222596af49693b8ab67ca0deb016bf7f715733f10100dd87d6bd657bde3c3bb4

SHA512
8d91558e2ed3fe4daeb6c4b234ad57660143270f550a8cb1beabde55e15e9ddcbac31c6ecc06e40fb3324a796dda11f8d50489ee25972309924a1af5f6b241bb

Download Submit
C:\Windows\system\MhersUn.exe

Filesize
6.0MB

MD5
449ac27d5a5ab9fad0afed7c5deada21

SHA1
e726c682697bb490cf29ff1eb99ed928291d4ff0

SHA256
d250db59f25fd39536a35ba174bcfc9c6dcc70e80db7bac939d98dcadfa8b1a5

SHA512
3e444b8bf3cc971f7ff1c25f925aca67ef62a1b58cbad3d21acf8495c32a2c21e90098c6e6218c763ef460b2b210e5a5316f195718bafce6bce230b7c5d3561f

Download Submit
C:\Windows\system\PHOmZqT.exe

Filesize
6.0MB

MD5
ec57ebf0a542db3ddb1c02b5d1377098

SHA1
67a5c98f99b5cbaaf8991f6240995fb5f670c9c5

SHA256
550b1ebd766e34806962ed8c7fa36f38d1edfe724d5b30fce3333f5327e07a79

SHA512
51025c0d80929273acec3cc90e8ceb828a023662fcca3707e610e28826b303c6a10988682b2ea39b4f7feeeda13c3bc5123041c0be31d735c1b4cbfd31540380

Download Submit
C:\Windows\system\RkVDJId.exe

Filesize
6.0MB

MD5
78c1c362912c6949d8cdef5c081dd4c8

SHA1
a05c7256d41bfb4154e140e389f25b8b0f998376

SHA256
2530bddfc501445d6fdf413820461b45fd4f36581cc827aa0513952711a82e42

SHA512
b6f3eca54936f20c54b5f0af567ba9e20e1151e0b1b04b23ba545a06a57d3e819cd19c6612c97b5bf26ee5886e66181c8e8c0a308e54bece73fcff7caf1ea28c

Download Submit
C:\Windows\system\SIMjkqL.exe

Filesize
6.0MB

MD5
c8bd609b31cdd18bba660fe60db6cbc3

SHA1
bc530a2a8b632f4636aca3d2c44c88ee1e621705

SHA256
c828aeb96aa5cadc50ccfb0cbd6188051e4f56be963a7b5c2920fe7c21c63f11

SHA512
b6a6f27475b3f8eeb9f0032118fe003faf19f5153f79c833b8179631b0a42d37d4c6bf5cf8176f6cbca37b228d268e558e78c0d09e86fc2450bbb796bc4f8ca8

Download Submit
C:\Windows\system\SOwbjRh.exe

Filesize
6.0MB

MD5
e9358c155929c3cea3ab1db5c7eb45a9

SHA1
402cb02132645c68aabc930ec04df4db6f27bb04

SHA256
4ae96aa07adc27a3c74757f9a0c0660bcb42e8afb0263ae20a89ea1d264abfa5

SHA512
c0eddc0fc89dedaf2c0d589fd97e82362015f688da1db773185b17d531fc7c3aca7415ecc99f808d76d4bdf236faf4a1898444a59b5d7b01d6621d2a20ab7cf0

Download Submit
C:\Windows\system\TSItBfy.exe

Filesize
6.0MB

MD5
5f77f76eaa33ca8840b8c6abf3ed6c9b

SHA1
59df255d4b1a19d6228dd53513241ea7e3e5642a

SHA256
c109039c39ec4455371fcc71c91767bd15f6998949cad1f1fbf6dba1a6e84ab7

SHA512
a22a6a521ed17c4c0ee2bc4a58d7887c5789d26452cfebfb91d6530dae90d2a972bcacf221488dfb976e98a4f2fc1291d441accc05e5c0658b70e55e7a0bc030

Download Submit
C:\Windows\system\VSQskEo.exe

Filesize
6.0MB

MD5
4f390a7aa18334a7867f8573964685b3

SHA1
faae6f3f32821b8561fd0586dc15c41a28aa9f60

SHA256
e6b3079311bd4458a8e7a4fb7e5f45e5f76c8bc884536abd185ca1521b5fe818

SHA512
0c52245c694c18e70fb4c21a74b786900f8863c57c336e4493510596debb392612451eb0664aec335c9ae28f49e42d84010a3998ca7f75d69c73ab03948bcb33

Download Submit
C:\Windows\system\aPhfYQw.exe

Filesize
6.0MB

MD5
00c9b937015893c91114c3489ca1c1b8

SHA1
51522f8a8c442421f3d70d263d48d36856f14350

SHA256
ff4e4dd32c4024ddda99fb32a55ad470a3c8208e9e4b098bc40a9f9c373e8359

SHA512
e5b0dac597a037ca212a0deb3d7b54990aca2bc27deaf8ae4425ead83ae4e9ad7dc2e735021b8f379c2be8f0b72dd74e09f26d41a65cc4487710e6c96e05c324

Download Submit
C:\Windows\system\ctJKAHT.exe

Filesize
6.0MB

MD5
208920c2b7bf30bc63cbdff3d565bbdd

SHA1
02a61ca0e112092b3bc8d90e714191152479cbfb

SHA256
5a1bcb052fcf1ca74cdefa5a5d95bc82943cf39beb4c17f4917c41aeb6902cbe

SHA512
d0b0cbd79d590c3f778a904bfa3f872d73df5423614af5f0bf9b0eeab1ecf601a47522d1292880f09f1bf4b25f1a51c7543c9b38a36bc1b1edbb9f7412d92c33

Download Submit
C:\Windows\system\gfoKESm.exe

Filesize
6.0MB

MD5
40878a89228284c17e1670efa8c32b08

SHA1
f03df32aa506f49482f5a61740e6ada2ec0b6ce3

SHA256
abd133320a5b45912d8350166f512c02eece0e763c8cc555e9e42ce6da67820e

SHA512
547740318ddb6fb8000e46bce8b267da13e28e76c8ded7c47f9071c7ae8fb86287089749992c9eece03bb604eeab5053a0e4dc24b0384831669e990a8690804c

Download Submit
C:\Windows\system\iOHkXhd.exe

Filesize
6.0MB

MD5
562fc24d14ba9b4b4fc5385fd5b4c965

SHA1
8e12d9730b6b2e580d8afbee650608f7bd101f90

SHA256
d72885d8b2d29dcae9c925365afa7862c876c3b56bf6d340c6b05918c628930c

SHA512
cbfd7f3c5b6de819d3347b2b6c8ff949c13a035bbe926d9a5b920e02673256fab9661c241c240d2549b624cecfb5482de1dc7ba1079a4f41bfaedc4a55b7b3db

Download Submit
C:\Windows\system\iZHXSvN.exe

Filesize
6.0MB

MD5
ffe4125b9252145becb19a495194597b

SHA1
4ea0d0eb7f276c4db3275b7f42e94c4674351edc

SHA256
9391170b36ab13c17933a5d0debc71e72bcbeb535f70810f938df9cae435194a

SHA512
1a2459d589617e8b7a64a7a5d5f33868c64ae50176ff0bb7ae4e99b361d0665993e1cd6d177f8d97ef1858a37d210c96b908f26fb8e1d1eca21f9df302a6bfa1

Download Submit
C:\Windows\system\jTZMNLp.exe

Filesize
6.0MB

MD5
3c247f3a9ac31cbc81edd6e040048f66

SHA1
754dfd8427bd9019aaa82359eff87d90598f758e

SHA256
34eb914fb97796951fb87a95f74eb7d5cacb0924d24839b890003900dd1d5c47

SHA512
d0970bd00c028e0d8887789c3c3aea02b6953d95fb9d96543a026742dc5d45417c3ed5b10bee0cba89a151e3d484d8649a976f41e1e7d59b5499a01ddd88a0f3

Download Submit
C:\Windows\system\jsRFZWZ.exe

Filesize
6.0MB

MD5
a99bbe972bdee3c637c072bb3d8088f6

SHA1
618f8aeef30277b1d77cad4835a2169c4dbf46e1

SHA256
e017759adc0b3ab1aaff5af9e91ed184694e261747cea1250721a2951623a62c

SHA512
0f811c4ca9c07ba9d65794e92a21ad706869e982ab1f46bdea56e36179d421fa4134028aad1bfb0ea4cc6bc557df81be4b568e2481e67e1a71b187c6bc809562

Download Submit
C:\Windows\system\nSsYeYh.exe

Filesize
6.0MB

MD5
0ce31cd84abf0a0375c73eb74acf5b84

SHA1
5f35fc3b7a90d7cee6caa2b6860d65a9f627b57f

SHA256
1499ff6aabeeab10e7109334096a0e5a89d1f160c122d633be347cc3e7a12011

SHA512
fa9b7bddb7a651eb56e0ff83389214be798a9035648b1751a837e03111342701ea80d598058342ee046cebb6d983e8042289577fc754103529310ab54abf19a0

Download Submit
C:\Windows\system\pcFhSJL.exe

Filesize
6.0MB

MD5
3145de90708bada9e4223c7390c425aa

SHA1
aecab7a3d4cd0e33cfe0789e7851b67222719915

SHA256
94ec84ebe71bb3fa11a3bcf2de520975e9813d9f4a8f0eefd4f909ea5e656698

SHA512
ba85d407e26f349aef2b238e9083e180a80c6d3207575dc381b07e74668a244a0a17d860b9ea9902f3c38972ff840c1b63531c11a510e543f8ef1c06385a4e0b

Download Submit
C:\Windows\system\phuDzPx.exe

Filesize
6.0MB

MD5
e1c946a7d185f779b183a3beb9291888

SHA1
bc0668520c77c7962e319fb3ce6ccd5291f11a52

SHA256
ea2daad17c8a7c16b964d9dd9f902510b1a27210247c50079d658ee508b8bf22

SHA512
44fc36a4f93087f0d803b0f3380db16c88024b65d0deadb7f3a441c8babc273526f4ae8e0dd42c3638d001055b9db849eaf3d7e4560a9072e8b50b790f902e3f

Download Submit
C:\Windows\system\qtDJkmf.exe

Filesize
6.0MB

MD5
9e953fdf9a8a245ebe4d0880b4b20158

SHA1
07bc669e52e63b8b21d25c1a8114a59051a61628

SHA256
833020dbfa92fb15604b84f081f9457e21b99e1d72a636d8905e5eb7dbf45ed2

SHA512
2044803935b567e9503bb0d94229d98a49738983e224b0ecf3094b599fca3fb6090f88607b43d4df6118faeabb9ff132002959c87979c6a82014dce45614830d

Download Submit
C:\Windows\system\tDgFvoR.exe

Filesize
6.0MB

MD5
5228f956479cc34c9d70df5c28702225

SHA1
d14a253f8bb713d8043b47b82277dc9b26e1475f

SHA256
88b04b6ceec9a656b63cbd49653564d4d437df9c2a04756ee9e8b2d8bdad7f34

SHA512
8846a2f4d1afb8f6a3e629af0a149dee5abb11852714931363c431d463b8bbfe46e8605b95ac1074ef5fcbadfc04bda7238f7bd59a52ccad065bff8ee3926d33

Download Submit
C:\Windows\system\urvIRkk.exe

Filesize
6.0MB

MD5
270de0934424afc1f8ed0ab71b9afa3d

SHA1
044cd544ad32d40104f056878949b622a0aa5ea2

SHA256
326726ec7c5a172ff4333fb8146ad67b96312649788a7186bb63bd7ccff3b7a5

SHA512
60033702bb37ae6b4b51b4f0e93cd25a68ed5ace7b629a44a0f8139c63c6fbb3f22ec547d4254544ba99fc3af937b464df40a061aa8aed317977876b27768496

Download Submit
C:\Windows\system\xnuuXZy.exe

Filesize
6.0MB

MD5
949d9918b0763be018dfa2d17658716d

SHA1
c461f97441070d5f29418c3ab9a40e678e3b324b

SHA256
5117186cb38e0cab126a4ef00d2768648916e8afb557e9237165a8b45cc0522f

SHA512
bda94b939ca953361f148ee5f2dc3a682b5ff9fd4456812e6adc9199580d6a227c9ec6ec67bb0fcac541307415ad4157b5aa72702649678eecb533b0f25d22fa

Download Submit
C:\Windows\system\xoHmunU.exe

Filesize
6.0MB

MD5
55912765d144d3f478a96b5f99ad578e

SHA1
746486c9be6b96b0c15915985892a55682bc1652

SHA256
a39676a2ed6fb2e26263e1fcd25b919508b29f3037727ea0ccd05fb71b11843e

SHA512
2d92ccb723db1e2857ed4b9c2fd7e66d62fd757cbad3aedf77b0f7baba18792425bb10212c882612e8ccf67c9ea0d4ed0f915dbb80a694b04a98de825e4dd538

Download Submit
C:\Windows\system\yYdrYSZ.exe

Filesize
6.0MB

MD5
6fba2f5146167d6e5f2f34611b12e003

SHA1
f8d47c8276fc6963cbe8e09f5771f8ff5f6512f4

SHA256
c01025e3b1580582fb432f9f2cf29e5644f1189179c4f1d3e0d24326b6c25b4f

SHA512
be418086d89e9cf777c0ccd0ce6a7576c66ea5e89c23fe7dc2fbafad7ba0cca845758e80f0d4a14e9de8e9661bb733657006fdaaf0c32d78226cafc8bd5d3aa9

Download Submit
C:\Windows\system\yksvZeL.exe

Filesize
6.0MB

MD5
dd78c20e93d38fa046293c5fd2ea8d2a

SHA1
12824dd3538137b6e0b9823ec5198f6e052552d8

SHA256
e42c8492e5c90ee9f3332f3098cbf110ed3fb0a9893d9cb6531bccd066cfa56a

SHA512
81814d9e9b0b7827ed8af3b8cc2d4bb12fe01a95be4e8fd364786a1e54da36d86ce4c9f61687a9bc67d56ff177d5801304736000693f8a7797ef76adc01b9afa

Download Submit
C:\Windows\system\yyUWqrQ.exe

Filesize
6.0MB

MD5
eb8b64505b45743a63fad4933fc74904

SHA1
12d336ef7fea71a7d1a65d46cbbd4fd867a79ab8

SHA256
947f931466c9b381fdd836c221e76fee471d181841171cd38f63451dc3813e3b

SHA512
d34cb78168a4f5478c79735687de49a10e84e395d49a093b4a10072615602e7d922c9cdc0cc8893a4326273e532b5a2d4deb86b6d1c90e00f28a212081597416

Download Submit
\Windows\system\AzSvgPF.exe

Filesize
6.0MB

MD5
f7d6cc6e8a5dd52e3ab7fcfe3ca32c8d

SHA1
217ab410214e2e64852500ee8420ab6c9fad0b91

SHA256
8f558d4f2a7aec829d5dfe9cd88121b98f5b2086230e31ff1c6b8287c47ef4b1

SHA512
a4466938491297599bba03c38e8dca74b853e5b3800c7a22193704624ac1bfb7b4230e8a5325bf9f68c1f7ef21e99e084d59ed1a18d478b1710210a7386bb4e9

Download Submit
\Windows\system\ZHbFOIZ.exe

Filesize
6.0MB

MD5
c5e0f1549158c24d5fdc2382e8c70a58

SHA1
5c99c9837407c790195d76a87fd6cc92e19fb2b1

SHA256
f1e18abd32c2f7b7e244dbd5d7a6867a7bc20acf301cedf174adeccd4ea7d58c

SHA512
438f855d8e7ff249828093bac5b1a9882fc0cfdf978ba88e02e51ab9523c1824e5544d6bbc76c6e1d6026ef15a2a333d152ae657ef7e729078152048376ae1f0

Download Submit
\Windows\system\pvjRnUW.exe

Filesize
6.0MB

MD5
c961115508769c8aa7fdd879765c011c

SHA1
1706476b95e404bd587ac3a67dbf371cabc65c8d

SHA256
bfba6eeee94fd84ca5181cf6a2d5d3e61720b496db0228e7b2efea29b43327df

SHA512
680b3116b827b98f784e95121510d2c33d7243873f2b8e33d2ef95e1093ea5854d62f49943d8ed90099bf57cb884d103dfade7c80c7e919b4a18a1de3d088cfd

Download Submit
\Windows\system\vhNJasp.exe

Filesize
6.0MB

MD5
e1a59ba2cd9bcb6d143a689ecf443f4b

SHA1
55248e1e85af16804087ab180bf860ea17266f67

SHA256
6f96fe4bb9202910a14f17149c35e042357ec406ea069c9ab438833551a7316c

SHA512
5239b671737d3ff990dd26e15fe24be8375fbdbb016a4eacfc5c835a782a3779708b5f9cbeb493247ffa67d016865f6f0c42701738f2511a3308e1d2bbbcf07a

Download Submit
memory/588-4008-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/588-35-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/588-68-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/1224-4012-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/1224-65-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/1340-1249-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1340-4017-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1340-91-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1424-75-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1424-487-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1424-4014-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-22-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/1988-4005-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2012-348-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-71-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2012-0-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-1255-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2012-100-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-1585-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-665-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-89-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-66-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-41-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-16-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-94-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2012-38-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-78-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-85-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2012-8-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2012-53-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-83-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-4015-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-864-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-4007-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-28-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-4004-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2356-9-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2616-4011-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-55-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-4009-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2760-42-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4010-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2764-82-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2764-50-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2876-4006-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-21-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-98-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2948-1373-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2948-4016-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2960-4013-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-69-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download