cobaltstrike | e7c0cd18f34a3d111ebd7aa9802a2ed500c094bb26ac6744dec5c3358ba596bd

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a6938a141f61ec34f38dfa147aa2d6f3
SHA1

5fd37bda9d32e5cef5ef8c2547a501604e304ba4
SHA256

e7c0cd18f34a3d111ebd7aa9802a2ed500c094bb26ac6744dec5c3358ba596bd
SHA512

0890f5e7f7414d8a65a674eb7738f9f1e9dab53b0fe9367239960c3139b2334aee9489a739a05d76780cb39e7b1d246bc3ac5f6408c04a4550907b6bd4425d11
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUL:T+q56utgpPF8u/7L

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015baa-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015c67-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015c80-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015c9f-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cb9-54.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016814-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016a66-83.dat	cobalt_reflective_dll
behavioral1/files/0x003500000001543d-99.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c4a-106.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cc8-118.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d64-179.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000165c2-67.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6d-191.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d68-186.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d5e-176.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4a-171.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d42-166.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3a-161.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d31-155.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d29-151.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d18-138.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d21-144.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d06-131.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d0e-136.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cec-124.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c51-111.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c9d-116.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c3a-92.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cd0-62.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cb1-47.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015c6d-38.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2816-0-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x0008000000015baa-8.dat	xmrig
behavioral1/files/0x0008000000015c67-12.dat	xmrig
behavioral1/memory/2124-24-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x0008000000015c80-23.dat	xmrig
behavioral1/files/0x0007000000015c9f-39.dat	xmrig
behavioral1/memory/2576-43-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2544-49-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/1984-57-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015cb9-54.dat	xmrig
behavioral1/files/0x0006000000016814-76.dat	xmrig
behavioral1/files/0x0006000000016a66-83.dat	xmrig
behavioral1/memory/1984-96-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/files/0x003500000001543d-99.dat	xmrig
behavioral1/files/0x0006000000016c4a-106.dat	xmrig
behavioral1/files/0x0006000000016cc8-118.dat	xmrig
behavioral1/files/0x0006000000016d64-179.dat	xmrig
behavioral1/memory/1448-1083-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x00070000000165c2-67.dat	xmrig
behavioral1/memory/2372-548-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/1852-356-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2816-355-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d6d-191.dat	xmrig
behavioral1/files/0x0006000000016d68-186.dat	xmrig
behavioral1/files/0x0006000000016d5e-176.dat	xmrig
behavioral1/files/0x0006000000016d4a-171.dat	xmrig
behavioral1/files/0x0006000000016d42-166.dat	xmrig
behavioral1/files/0x0006000000016d3a-161.dat	xmrig
behavioral1/files/0x0006000000016d31-155.dat	xmrig
behavioral1/files/0x0006000000016d29-151.dat	xmrig
behavioral1/files/0x0006000000016d18-138.dat	xmrig
behavioral1/files/0x0006000000016d21-144.dat	xmrig
behavioral1/files/0x0006000000016d06-131.dat	xmrig
behavioral1/files/0x0006000000016d0e-136.dat	xmrig
behavioral1/files/0x0006000000016cec-124.dat	xmrig
behavioral1/files/0x0006000000016c51-111.dat	xmrig
behavioral1/files/0x0006000000016c9d-116.dat	xmrig
behavioral1/memory/1448-101-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2436-95-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c3a-92.dat	xmrig
behavioral1/memory/2544-86-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2372-85-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/1852-79-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2528-73-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2884-72-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2816-70-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/568-64-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015cd0-62.dat	xmrig
behavioral1/memory/2816-58-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/memory/2808-42-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x0007000000015cb1-47.dat	xmrig
behavioral1/files/0x0008000000015c6d-38.dat	xmrig
behavioral1/memory/2816-35-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2908-34-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2528-33-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2556-31-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2528-3693-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2544-3699-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2556-3707-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/1852-3709-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/568-3711-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2908-3708-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2576-3715-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2908	hCgLMJB.exe
2124	VLyVLWz.exe
2556	vrFygVv.exe
2528	sKbwosR.exe
2808	OsGXBkD.exe
2576	QPHbEWE.exe
2544	rIAyULt.exe
1984	lHfzVOd.exe
568	ctosqsS.exe
2884	rLnptcN.exe
1852	GyVjNud.exe
2372	erHnOlg.exe
2436	lrQVdji.exe
1448	OksHpbQ.exe
2032	nJgaRSx.exe
2728	MgwEjbo.exe
620	EgNzvuQ.exe
1832	EqsJrAZ.exe
1900	qfeLsYg.exe
2484	gNPwYCP.exe
2136	VdocYTk.exe
1960	nlZukRY.exe
2164	kUWaVeW.exe
1616	mgjsDJC.exe
2244	QwfFZQd.exe
2708	tnMVGaK.exe
1720	ijdNFue.exe
1692	GObngtF.exe
656	QVxUArL.exe
1076	WbYiwVP.exe
1624	zgiqooi.exe
1964	xYAHCeF.exe
1536	njjemMA.exe
744	DUUIzAJ.exe
1208	PRMbLML.exe
1656	NefOJsw.exe
1956	GdxygtK.exe
1968	ndFqZSu.exe
932	wPmaabu.exe
1988	bHgiTfM.exe
2476	QwcDIlp.exe
328	uDAmlNX.exe
1856	yDhqsNb.exe
2152	bICkGwG.exe
288	ExDjiiB.exe
2964	livxvqH.exe
2332	ALXAxzq.exe
336	gZGNqwa.exe
896	csAtTbd.exe
2264	WKGNeDO.exe
2104	vrWTFFR.exe
1528	KHAhHhP.exe
2632	TithLBq.exe
2836	QxDfYdu.exe
2840	wLEJSgZ.exe
2700	LqVKXaN.exe
480	vIyqeCy.exe
1772	NLCNZah.exe
1416	AOTdPIY.exe
2220	BctwWNt.exe
2008	AcdEnfC.exe
1420	AtFnbaG.exe
1732	edZmrkV.exe
1932	IqWQIQI.exe

Loads dropped DLL 64 IoCs

pid	Process
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2816-0-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/files/0x0008000000015baa-8.dat	upx
behavioral1/files/0x0008000000015c67-12.dat	upx
behavioral1/memory/2124-24-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x0008000000015c80-23.dat	upx
behavioral1/files/0x0007000000015c9f-39.dat	upx
behavioral1/memory/2576-43-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2544-49-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/1984-57-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/files/0x0007000000015cb9-54.dat	upx
behavioral1/files/0x0006000000016814-76.dat	upx
behavioral1/files/0x0006000000016a66-83.dat	upx
behavioral1/memory/1984-96-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/files/0x003500000001543d-99.dat	upx
behavioral1/files/0x0006000000016c4a-106.dat	upx
behavioral1/files/0x0006000000016cc8-118.dat	upx
behavioral1/files/0x0006000000016d64-179.dat	upx
behavioral1/memory/1448-1083-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x00070000000165c2-67.dat	upx
behavioral1/memory/2372-548-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/1852-356-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x0006000000016d6d-191.dat	upx
behavioral1/files/0x0006000000016d68-186.dat	upx
behavioral1/files/0x0006000000016d5e-176.dat	upx
behavioral1/files/0x0006000000016d4a-171.dat	upx
behavioral1/files/0x0006000000016d42-166.dat	upx
behavioral1/files/0x0006000000016d3a-161.dat	upx
behavioral1/files/0x0006000000016d31-155.dat	upx
behavioral1/files/0x0006000000016d29-151.dat	upx
behavioral1/files/0x0006000000016d18-138.dat	upx
behavioral1/files/0x0006000000016d21-144.dat	upx
behavioral1/files/0x0006000000016d06-131.dat	upx
behavioral1/files/0x0006000000016d0e-136.dat	upx
behavioral1/files/0x0006000000016cec-124.dat	upx
behavioral1/files/0x0006000000016c51-111.dat	upx
behavioral1/files/0x0006000000016c9d-116.dat	upx
behavioral1/memory/1448-101-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2436-95-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/files/0x0006000000016c3a-92.dat	upx
behavioral1/memory/2544-86-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2372-85-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/1852-79-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2528-73-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2884-72-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2816-70-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/568-64-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/files/0x0008000000015cd0-62.dat	upx
behavioral1/memory/2808-42-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x0007000000015cb1-47.dat	upx
behavioral1/files/0x0008000000015c6d-38.dat	upx
behavioral1/memory/2908-34-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2528-33-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2556-31-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2528-3693-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2544-3699-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2556-3707-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/1852-3709-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/568-3711-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/2908-3708-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2576-3715-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2124-3717-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2884-3718-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2372-3720-0x000000013F830000-0x000000013FB84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YbgDVrO.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPGlRyh.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VodOiBj.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OvaQVCB.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WbYiwVP.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wPmaabu.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lRTmUQw.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vASakRG.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKLDvdf.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FLvdxsh.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zJzNqOl.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCAzdaL.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bcJmVYM.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KjHOCEn.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nZEAKnH.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ctosqsS.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QPkmYfa.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JeGZCRb.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gemoJgk.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HHugLGx.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MIVGUyQ.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xRvfbgI.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qKcVOsn.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kcniehJ.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kTClzLM.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\htviwTC.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AcdEnfC.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YecRMTy.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qyGKARM.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VeTjCvM.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KaWUXSn.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\edcVOdT.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IqlSbrk.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPBWURA.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nlZukRY.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ijdNFue.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TaWNhmk.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKwenMg.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rqvCHBf.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EzkJaVA.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ABpLpIB.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\khbqOSI.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XuhbMMF.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GuGBmEU.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntsnLsL.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLAHQHX.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lhzOVkN.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wjrQsIo.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kbpzicD.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnLQXnW.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SGaCVwP.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPHVAwI.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zvSrtgY.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VmEXyPG.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DFNxFtE.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNNDnns.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RTEYyMd.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QlhVYMR.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VHytmQU.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYMMISr.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TwRLOEm.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CwIamvd.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mzwUKkU.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AcfRkmQ.exe	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2908	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2816 wrote to memory of 2908	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2816 wrote to memory of 2908	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2816 wrote to memory of 2124	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2816 wrote to memory of 2124	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2816 wrote to memory of 2124	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2816 wrote to memory of 2556	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2816 wrote to memory of 2556	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2816 wrote to memory of 2556	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2816 wrote to memory of 2808	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2816 wrote to memory of 2808	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2816 wrote to memory of 2808	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2816 wrote to memory of 2528	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2816 wrote to memory of 2528	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2816 wrote to memory of 2528	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2816 wrote to memory of 2576	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2816 wrote to memory of 2576	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2816 wrote to memory of 2576	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2816 wrote to memory of 2544	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2816 wrote to memory of 2544	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2816 wrote to memory of 2544	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2816 wrote to memory of 1984	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2816 wrote to memory of 1984	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2816 wrote to memory of 1984	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2816 wrote to memory of 568	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2816 wrote to memory of 568	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2816 wrote to memory of 568	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2816 wrote to memory of 2884	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2816 wrote to memory of 2884	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2816 wrote to memory of 2884	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2816 wrote to memory of 1852	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2816 wrote to memory of 1852	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2816 wrote to memory of 1852	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2816 wrote to memory of 2372	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2816 wrote to memory of 2372	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2816 wrote to memory of 2372	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2816 wrote to memory of 2436	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2816 wrote to memory of 2436	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2816 wrote to memory of 2436	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2816 wrote to memory of 1448	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2816 wrote to memory of 1448	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2816 wrote to memory of 1448	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2816 wrote to memory of 2032	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2816 wrote to memory of 2032	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2816 wrote to memory of 2032	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2816 wrote to memory of 2728	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2816 wrote to memory of 2728	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2816 wrote to memory of 2728	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2816 wrote to memory of 620	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2816 wrote to memory of 620	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2816 wrote to memory of 620	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2816 wrote to memory of 1900	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2816 wrote to memory of 1900	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2816 wrote to memory of 1900	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2816 wrote to memory of 1832	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2816 wrote to memory of 1832	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2816 wrote to memory of 1832	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2816 wrote to memory of 2484	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2816 wrote to memory of 2484	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2816 wrote to memory of 2484	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2816 wrote to memory of 2136	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2816 wrote to memory of 2136	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2816 wrote to memory of 2136	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2816 wrote to memory of 2164	2816	2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_a6938a141f61ec34f38dfa147aa2d6f3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Windows\System\hCgLMJB.exe
  C:\Windows\System\hCgLMJB.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\VLyVLWz.exe
  C:\Windows\System\VLyVLWz.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\vrFygVv.exe
  C:\Windows\System\vrFygVv.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\OsGXBkD.exe
  C:\Windows\System\OsGXBkD.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\sKbwosR.exe
  C:\Windows\System\sKbwosR.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\QPHbEWE.exe
  C:\Windows\System\QPHbEWE.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\rIAyULt.exe
  C:\Windows\System\rIAyULt.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\lHfzVOd.exe
  C:\Windows\System\lHfzVOd.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\ctosqsS.exe
  C:\Windows\System\ctosqsS.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\rLnptcN.exe
  C:\Windows\System\rLnptcN.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\GyVjNud.exe
  C:\Windows\System\GyVjNud.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\erHnOlg.exe
  C:\Windows\System\erHnOlg.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\lrQVdji.exe
  C:\Windows\System\lrQVdji.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\OksHpbQ.exe
  C:\Windows\System\OksHpbQ.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\nJgaRSx.exe
  C:\Windows\System\nJgaRSx.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\MgwEjbo.exe
  C:\Windows\System\MgwEjbo.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\EgNzvuQ.exe
  C:\Windows\System\EgNzvuQ.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\qfeLsYg.exe
  C:\Windows\System\qfeLsYg.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\EqsJrAZ.exe
  C:\Windows\System\EqsJrAZ.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\gNPwYCP.exe
  C:\Windows\System\gNPwYCP.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\VdocYTk.exe
  C:\Windows\System\VdocYTk.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\kUWaVeW.exe
  C:\Windows\System\kUWaVeW.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\nlZukRY.exe
  C:\Windows\System\nlZukRY.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\mgjsDJC.exe
  C:\Windows\System\mgjsDJC.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\QwfFZQd.exe
  C:\Windows\System\QwfFZQd.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\tnMVGaK.exe
  C:\Windows\System\tnMVGaK.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\ijdNFue.exe
  C:\Windows\System\ijdNFue.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\GObngtF.exe
  C:\Windows\System\GObngtF.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\QVxUArL.exe
  C:\Windows\System\QVxUArL.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\WbYiwVP.exe
  C:\Windows\System\WbYiwVP.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\zgiqooi.exe
  C:\Windows\System\zgiqooi.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\xYAHCeF.exe
  C:\Windows\System\xYAHCeF.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\njjemMA.exe
  C:\Windows\System\njjemMA.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\DUUIzAJ.exe
  C:\Windows\System\DUUIzAJ.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\PRMbLML.exe
  C:\Windows\System\PRMbLML.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\NefOJsw.exe
  C:\Windows\System\NefOJsw.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\GdxygtK.exe
  C:\Windows\System\GdxygtK.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\ndFqZSu.exe
  C:\Windows\System\ndFqZSu.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\wPmaabu.exe
  C:\Windows\System\wPmaabu.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\bHgiTfM.exe
  C:\Windows\System\bHgiTfM.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\QwcDIlp.exe
  C:\Windows\System\QwcDIlp.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\uDAmlNX.exe
  C:\Windows\System\uDAmlNX.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\yDhqsNb.exe
  C:\Windows\System\yDhqsNb.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\bICkGwG.exe
  C:\Windows\System\bICkGwG.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\ExDjiiB.exe
  C:\Windows\System\ExDjiiB.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\livxvqH.exe
  C:\Windows\System\livxvqH.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\ALXAxzq.exe
  C:\Windows\System\ALXAxzq.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\gZGNqwa.exe
  C:\Windows\System\gZGNqwa.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\csAtTbd.exe
  C:\Windows\System\csAtTbd.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\WKGNeDO.exe
  C:\Windows\System\WKGNeDO.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\vrWTFFR.exe
  C:\Windows\System\vrWTFFR.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\KHAhHhP.exe
  C:\Windows\System\KHAhHhP.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\TithLBq.exe
  C:\Windows\System\TithLBq.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\QxDfYdu.exe
  C:\Windows\System\QxDfYdu.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\wLEJSgZ.exe
  C:\Windows\System\wLEJSgZ.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\LqVKXaN.exe
  C:\Windows\System\LqVKXaN.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\vIyqeCy.exe
  C:\Windows\System\vIyqeCy.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\NLCNZah.exe
  C:\Windows\System\NLCNZah.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\AOTdPIY.exe
  C:\Windows\System\AOTdPIY.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\BctwWNt.exe
  C:\Windows\System\BctwWNt.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\AcdEnfC.exe
  C:\Windows\System\AcdEnfC.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\AtFnbaG.exe
  C:\Windows\System\AtFnbaG.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\edZmrkV.exe
  C:\Windows\System\edZmrkV.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\IqWQIQI.exe
  C:\Windows\System\IqWQIQI.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\KTazFQs.exe
  C:\Windows\System\KTazFQs.exe
  2⤵
  PID:1948
- C:\Windows\System\qyGKARM.exe
  C:\Windows\System\qyGKARM.exe
  2⤵
  PID:2096
- C:\Windows\System\wsUxWDr.exe
  C:\Windows\System\wsUxWDr.exe
  2⤵
  PID:1360
- C:\Windows\System\knQtudq.exe
  C:\Windows\System\knQtudq.exe
  2⤵
  PID:2116
- C:\Windows\System\gldHExm.exe
  C:\Windows\System\gldHExm.exe
  2⤵
  PID:236
- C:\Windows\System\CaKuusk.exe
  C:\Windows\System\CaKuusk.exe
  2⤵
  PID:324
- C:\Windows\System\FvWLgAO.exe
  C:\Windows\System\FvWLgAO.exe
  2⤵
  PID:1660
- C:\Windows\System\tKrrbpa.exe
  C:\Windows\System\tKrrbpa.exe
  2⤵
  PID:2364
- C:\Windows\System\aOYNQhN.exe
  C:\Windows\System\aOYNQhN.exe
  2⤵
  PID:1284
- C:\Windows\System\ywyYQFD.exe
  C:\Windows\System\ywyYQFD.exe
  2⤵
  PID:1776
- C:\Windows\System\GZxjzKQ.exe
  C:\Windows\System\GZxjzKQ.exe
  2⤵
  PID:2612
- C:\Windows\System\bSrpSwY.exe
  C:\Windows\System\bSrpSwY.exe
  2⤵
  PID:2272
- C:\Windows\System\jLmYQop.exe
  C:\Windows\System\jLmYQop.exe
  2⤵
  PID:1436
- C:\Windows\System\ZsHJbTn.exe
  C:\Windows\System\ZsHJbTn.exe
  2⤵
  PID:2384
- C:\Windows\System\YecRMTy.exe
  C:\Windows\System\YecRMTy.exe
  2⤵
  PID:1572
- C:\Windows\System\OQqzuCy.exe
  C:\Windows\System\OQqzuCy.exe
  2⤵
  PID:1884
- C:\Windows\System\PRgeuPl.exe
  C:\Windows\System\PRgeuPl.exe
  2⤵
  PID:1920
- C:\Windows\System\tEHtYYK.exe
  C:\Windows\System\tEHtYYK.exe
  2⤵
  PID:2324
- C:\Windows\System\RnbDeZt.exe
  C:\Windows\System\RnbDeZt.exe
  2⤵
  PID:2912
- C:\Windows\System\Oekthcm.exe
  C:\Windows\System\Oekthcm.exe
  2⤵
  PID:996
- C:\Windows\System\OZKypze.exe
  C:\Windows\System\OZKypze.exe
  2⤵
  PID:1520
- C:\Windows\System\TeSGtCc.exe
  C:\Windows\System\TeSGtCc.exe
  2⤵
  PID:2780
- C:\Windows\System\bVnOWBz.exe
  C:\Windows\System\bVnOWBz.exe
  2⤵
  PID:2696
- C:\Windows\System\MdskHkt.exe
  C:\Windows\System\MdskHkt.exe
  2⤵
  PID:2616
- C:\Windows\System\VWkeOFC.exe
  C:\Windows\System\VWkeOFC.exe
  2⤵
  PID:2568
- C:\Windows\System\ejgOBZb.exe
  C:\Windows\System\ejgOBZb.exe
  2⤵
  PID:1192
- C:\Windows\System\VeTjCvM.exe
  C:\Windows\System\VeTjCvM.exe
  2⤵
  PID:2756
- C:\Windows\System\SadHnkr.exe
  C:\Windows\System\SadHnkr.exe
  2⤵
  PID:1728
- C:\Windows\System\LfojxcY.exe
  C:\Windows\System\LfojxcY.exe
  2⤵
  PID:1864
- C:\Windows\System\KAdfpsI.exe
  C:\Windows\System\KAdfpsI.exe
  2⤵
  PID:1764
- C:\Windows\System\ahzgiUx.exe
  C:\Windows\System\ahzgiUx.exe
  2⤵
  PID:2940
- C:\Windows\System\DEjqHwE.exe
  C:\Windows\System\DEjqHwE.exe
  2⤵
  PID:1180
- C:\Windows\System\tOJRspo.exe
  C:\Windows\System\tOJRspo.exe
  2⤵
  PID:1296
- C:\Windows\System\tMEoXOP.exe
  C:\Windows\System\tMEoXOP.exe
  2⤵
  PID:1456
- C:\Windows\System\usYdcGI.exe
  C:\Windows\System\usYdcGI.exe
  2⤵
  PID:2944
- C:\Windows\System\gzgtgMY.exe
  C:\Windows\System\gzgtgMY.exe
  2⤵
  PID:1460
- C:\Windows\System\FdxuZri.exe
  C:\Windows\System\FdxuZri.exe
  2⤵
  PID:3008
- C:\Windows\System\lxfXFaa.exe
  C:\Windows\System\lxfXFaa.exe
  2⤵
  PID:600
- C:\Windows\System\tGkXKRQ.exe
  C:\Windows\System\tGkXKRQ.exe
  2⤵
  PID:1580
- C:\Windows\System\xFgpHxC.exe
  C:\Windows\System\xFgpHxC.exe
  2⤵
  PID:2660
- C:\Windows\System\eIZRqHW.exe
  C:\Windows\System\eIZRqHW.exe
  2⤵
  PID:3084
- C:\Windows\System\oMljSTc.exe
  C:\Windows\System\oMljSTc.exe
  2⤵
  PID:3104
- C:\Windows\System\moDvWGt.exe
  C:\Windows\System\moDvWGt.exe
  2⤵
  PID:3124
- C:\Windows\System\rCwaCwQ.exe
  C:\Windows\System\rCwaCwQ.exe
  2⤵
  PID:3144
- C:\Windows\System\HDCEjSm.exe
  C:\Windows\System\HDCEjSm.exe
  2⤵
  PID:3164
- C:\Windows\System\yGEICGc.exe
  C:\Windows\System\yGEICGc.exe
  2⤵
  PID:3184
- C:\Windows\System\neKmPjU.exe
  C:\Windows\System\neKmPjU.exe
  2⤵
  PID:3204
- C:\Windows\System\tVbuGoI.exe
  C:\Windows\System\tVbuGoI.exe
  2⤵
  PID:3224
- C:\Windows\System\AeziryG.exe
  C:\Windows\System\AeziryG.exe
  2⤵
  PID:3244
- C:\Windows\System\edbitGV.exe
  C:\Windows\System\edbitGV.exe
  2⤵
  PID:3264
- C:\Windows\System\ibJgSyK.exe
  C:\Windows\System\ibJgSyK.exe
  2⤵
  PID:3284
- C:\Windows\System\VGYkSlS.exe
  C:\Windows\System\VGYkSlS.exe
  2⤵
  PID:3304
- C:\Windows\System\GnVghbv.exe
  C:\Windows\System\GnVghbv.exe
  2⤵
  PID:3324
- C:\Windows\System\wgSFhnI.exe
  C:\Windows\System\wgSFhnI.exe
  2⤵
  PID:3344
- C:\Windows\System\XPIhdte.exe
  C:\Windows\System\XPIhdte.exe
  2⤵
  PID:3364
- C:\Windows\System\DymuVOh.exe
  C:\Windows\System\DymuVOh.exe
  2⤵
  PID:3384
- C:\Windows\System\aVFGXbK.exe
  C:\Windows\System\aVFGXbK.exe
  2⤵
  PID:3404
- C:\Windows\System\CAeDlqB.exe
  C:\Windows\System\CAeDlqB.exe
  2⤵
  PID:3424
- C:\Windows\System\XJEMMnF.exe
  C:\Windows\System\XJEMMnF.exe
  2⤵
  PID:3444
- C:\Windows\System\MXxJldO.exe
  C:\Windows\System\MXxJldO.exe
  2⤵
  PID:3464
- C:\Windows\System\SJlvbEk.exe
  C:\Windows\System\SJlvbEk.exe
  2⤵
  PID:3484
- C:\Windows\System\AqvckeB.exe
  C:\Windows\System\AqvckeB.exe
  2⤵
  PID:3504
- C:\Windows\System\SvRmSSw.exe
  C:\Windows\System\SvRmSSw.exe
  2⤵
  PID:3524
- C:\Windows\System\iPnsCAX.exe
  C:\Windows\System\iPnsCAX.exe
  2⤵
  PID:3544
- C:\Windows\System\lnTgtrZ.exe
  C:\Windows\System\lnTgtrZ.exe
  2⤵
  PID:3564
- C:\Windows\System\KRCWDPT.exe
  C:\Windows\System\KRCWDPT.exe
  2⤵
  PID:3584
- C:\Windows\System\xqcyOoG.exe
  C:\Windows\System\xqcyOoG.exe
  2⤵
  PID:3604
- C:\Windows\System\FmBDjXK.exe
  C:\Windows\System\FmBDjXK.exe
  2⤵
  PID:3624
- C:\Windows\System\CJUHmEa.exe
  C:\Windows\System\CJUHmEa.exe
  2⤵
  PID:3644
- C:\Windows\System\RHIpgLN.exe
  C:\Windows\System\RHIpgLN.exe
  2⤵
  PID:3664
- C:\Windows\System\wmqEjyy.exe
  C:\Windows\System\wmqEjyy.exe
  2⤵
  PID:3684
- C:\Windows\System\YfHNOvN.exe
  C:\Windows\System\YfHNOvN.exe
  2⤵
  PID:3704
- C:\Windows\System\CyyOCPY.exe
  C:\Windows\System\CyyOCPY.exe
  2⤵
  PID:3720
- C:\Windows\System\XSteBSv.exe
  C:\Windows\System\XSteBSv.exe
  2⤵
  PID:3744
- C:\Windows\System\eSJmuVu.exe
  C:\Windows\System\eSJmuVu.exe
  2⤵
  PID:3764
- C:\Windows\System\CEjruYI.exe
  C:\Windows\System\CEjruYI.exe
  2⤵
  PID:3784
- C:\Windows\System\ghBYogH.exe
  C:\Windows\System\ghBYogH.exe
  2⤵
  PID:3804
- C:\Windows\System\hgBkyUq.exe
  C:\Windows\System\hgBkyUq.exe
  2⤵
  PID:3824
- C:\Windows\System\juvJwms.exe
  C:\Windows\System\juvJwms.exe
  2⤵
  PID:3844
- C:\Windows\System\WZCdnPj.exe
  C:\Windows\System\WZCdnPj.exe
  2⤵
  PID:3864
- C:\Windows\System\DpGQUcS.exe
  C:\Windows\System\DpGQUcS.exe
  2⤵
  PID:3884
- C:\Windows\System\DlEZdqn.exe
  C:\Windows\System\DlEZdqn.exe
  2⤵
  PID:3904
- C:\Windows\System\BmCKyRf.exe
  C:\Windows\System\BmCKyRf.exe
  2⤵
  PID:3924
- C:\Windows\System\yLDbxyQ.exe
  C:\Windows\System\yLDbxyQ.exe
  2⤵
  PID:3944
- C:\Windows\System\BSlKMfC.exe
  C:\Windows\System\BSlKMfC.exe
  2⤵
  PID:3964
- C:\Windows\System\YbgDVrO.exe
  C:\Windows\System\YbgDVrO.exe
  2⤵
  PID:3984
- C:\Windows\System\NohGRqa.exe
  C:\Windows\System\NohGRqa.exe
  2⤵
  PID:4012
- C:\Windows\System\SIxTZvK.exe
  C:\Windows\System\SIxTZvK.exe
  2⤵
  PID:4032
- C:\Windows\System\XDouPWY.exe
  C:\Windows\System\XDouPWY.exe
  2⤵
  PID:4052
- C:\Windows\System\qVOtGLy.exe
  C:\Windows\System\qVOtGLy.exe
  2⤵
  PID:4072
- C:\Windows\System\cieSRoU.exe
  C:\Windows\System\cieSRoU.exe
  2⤵
  PID:4092
- C:\Windows\System\LYacNby.exe
  C:\Windows\System\LYacNby.exe
  2⤵
  PID:772
- C:\Windows\System\WHDYLdP.exe
  C:\Windows\System\WHDYLdP.exe
  2⤵
  PID:2320
- C:\Windows\System\FlcxXEm.exe
  C:\Windows\System\FlcxXEm.exe
  2⤵
  PID:2416
- C:\Windows\System\GkzdPRE.exe
  C:\Windows\System\GkzdPRE.exe
  2⤵
  PID:2224
- C:\Windows\System\ximEVmp.exe
  C:\Windows\System\ximEVmp.exe
  2⤵
  PID:856
- C:\Windows\System\VgCMzTd.exe
  C:\Windows\System\VgCMzTd.exe
  2⤵
  PID:2452
- C:\Windows\System\beMHhgA.exe
  C:\Windows\System\beMHhgA.exe
  2⤵
  PID:1576
- C:\Windows\System\pRwtGXM.exe
  C:\Windows\System\pRwtGXM.exe
  2⤵
  PID:884
- C:\Windows\System\pIYVvEw.exe
  C:\Windows\System\pIYVvEw.exe
  2⤵
  PID:2092
- C:\Windows\System\gJOHMEh.exe
  C:\Windows\System\gJOHMEh.exe
  2⤵
  PID:2680
- C:\Windows\System\qsUbskU.exe
  C:\Windows\System\qsUbskU.exe
  2⤵
  PID:3092
- C:\Windows\System\PPhUhTn.exe
  C:\Windows\System\PPhUhTn.exe
  2⤵
  PID:3096
- C:\Windows\System\XElmhPf.exe
  C:\Windows\System\XElmhPf.exe
  2⤵
  PID:3116
- C:\Windows\System\MIVGUyQ.exe
  C:\Windows\System\MIVGUyQ.exe
  2⤵
  PID:3180
- C:\Windows\System\NrzVQlA.exe
  C:\Windows\System\NrzVQlA.exe
  2⤵
  PID:3200
- C:\Windows\System\GlGDiLi.exe
  C:\Windows\System\GlGDiLi.exe
  2⤵
  PID:3260
- C:\Windows\System\NIMgKhX.exe
  C:\Windows\System\NIMgKhX.exe
  2⤵
  PID:3292
- C:\Windows\System\aLooSOJ.exe
  C:\Windows\System\aLooSOJ.exe
  2⤵
  PID:3296
- C:\Windows\System\lKLeQoF.exe
  C:\Windows\System\lKLeQoF.exe
  2⤵
  PID:3316
- C:\Windows\System\evZYAZH.exe
  C:\Windows\System\evZYAZH.exe
  2⤵
  PID:3372
- C:\Windows\System\GaFNfzw.exe
  C:\Windows\System\GaFNfzw.exe
  2⤵
  PID:3396
- C:\Windows\System\hYQOfmU.exe
  C:\Windows\System\hYQOfmU.exe
  2⤵
  PID:3440
- C:\Windows\System\WdgBdcw.exe
  C:\Windows\System\WdgBdcw.exe
  2⤵
  PID:3492
- C:\Windows\System\osFqlSu.exe
  C:\Windows\System\osFqlSu.exe
  2⤵
  PID:3496
- C:\Windows\System\RBPkkCR.exe
  C:\Windows\System\RBPkkCR.exe
  2⤵
  PID:3540
- C:\Windows\System\WcHFhYz.exe
  C:\Windows\System\WcHFhYz.exe
  2⤵
  PID:3572
- C:\Windows\System\CHMkDvG.exe
  C:\Windows\System\CHMkDvG.exe
  2⤵
  PID:3596
- C:\Windows\System\AlzhfSz.exe
  C:\Windows\System\AlzhfSz.exe
  2⤵
  PID:3640
- C:\Windows\System\mzwUKkU.exe
  C:\Windows\System\mzwUKkU.exe
  2⤵
  PID:3672
- C:\Windows\System\YOOTwCC.exe
  C:\Windows\System\YOOTwCC.exe
  2⤵
  PID:3696
- C:\Windows\System\XydnOik.exe
  C:\Windows\System\XydnOik.exe
  2⤵
  PID:3740
- C:\Windows\System\edJlgtl.exe
  C:\Windows\System\edJlgtl.exe
  2⤵
  PID:3756
- C:\Windows\System\QeXmkRn.exe
  C:\Windows\System\QeXmkRn.exe
  2⤵
  PID:3812
- C:\Windows\System\KkhrIZN.exe
  C:\Windows\System\KkhrIZN.exe
  2⤵
  PID:3832
- C:\Windows\System\FCsCtyF.exe
  C:\Windows\System\FCsCtyF.exe
  2⤵
  PID:3872
- C:\Windows\System\rkoaBGM.exe
  C:\Windows\System\rkoaBGM.exe
  2⤵
  PID:3900
- C:\Windows\System\sKBuVWP.exe
  C:\Windows\System\sKBuVWP.exe
  2⤵
  PID:3916
- C:\Windows\System\FLvdxsh.exe
  C:\Windows\System\FLvdxsh.exe
  2⤵
  PID:3956
- C:\Windows\System\OVrrAEJ.exe
  C:\Windows\System\OVrrAEJ.exe
  2⤵
  PID:4008
- C:\Windows\System\txAZPNj.exe
  C:\Windows\System\txAZPNj.exe
  2⤵
  PID:4048
- C:\Windows\System\GQYIfyS.exe
  C:\Windows\System\GQYIfyS.exe
  2⤵
  PID:4080
- C:\Windows\System\VCrNdDE.exe
  C:\Windows\System\VCrNdDE.exe
  2⤵
  PID:2828
- C:\Windows\System\OzMrBLS.exe
  C:\Windows\System\OzMrBLS.exe
  2⤵
  PID:2684
- C:\Windows\System\CTkFaFg.exe
  C:\Windows\System\CTkFaFg.exe
  2⤵
  PID:2184
- C:\Windows\System\ocQNbwr.exe
  C:\Windows\System\ocQNbwr.exe
  2⤵
  PID:2248
- C:\Windows\System\gdPgYWE.exe
  C:\Windows\System\gdPgYWE.exe
  2⤵
  PID:912
- C:\Windows\System\FWhJgtP.exe
  C:\Windows\System\FWhJgtP.exe
  2⤵
  PID:2308
- C:\Windows\System\aATiPXO.exe
  C:\Windows\System\aATiPXO.exe
  2⤵
  PID:2676
- C:\Windows\System\jNQNxmR.exe
  C:\Windows\System\jNQNxmR.exe
  2⤵
  PID:3076
- C:\Windows\System\NjALOYA.exe
  C:\Windows\System\NjALOYA.exe
  2⤵
  PID:3160
- C:\Windows\System\uDtKHqm.exe
  C:\Windows\System\uDtKHqm.exe
  2⤵
  PID:3252
- C:\Windows\System\kFYZbCr.exe
  C:\Windows\System\kFYZbCr.exe
  2⤵
  PID:3340
- C:\Windows\System\fipFZUS.exe
  C:\Windows\System\fipFZUS.exe
  2⤵
  PID:3352
- C:\Windows\System\lAnjGzU.exe
  C:\Windows\System\lAnjGzU.exe
  2⤵
  PID:3360
- C:\Windows\System\cYyPoMD.exe
  C:\Windows\System\cYyPoMD.exe
  2⤵
  PID:3432
- C:\Windows\System\qVxobUM.exe
  C:\Windows\System\qVxobUM.exe
  2⤵
  PID:3500
- C:\Windows\System\jDtNRdk.exe
  C:\Windows\System\jDtNRdk.exe
  2⤵
  PID:3592
- C:\Windows\System\dlJQdpq.exe
  C:\Windows\System\dlJQdpq.exe
  2⤵
  PID:3656
- C:\Windows\System\qTxYMON.exe
  C:\Windows\System\qTxYMON.exe
  2⤵
  PID:3712
- C:\Windows\System\AOJebpN.exe
  C:\Windows\System\AOJebpN.exe
  2⤵
  PID:3716
- C:\Windows\System\ngAAwZy.exe
  C:\Windows\System\ngAAwZy.exe
  2⤵
  PID:3800
- C:\Windows\System\crTzQBq.exe
  C:\Windows\System\crTzQBq.exe
  2⤵
  PID:3816
- C:\Windows\System\XnkSokp.exe
  C:\Windows\System\XnkSokp.exe
  2⤵
  PID:3932
- C:\Windows\System\WLZtVEr.exe
  C:\Windows\System\WLZtVEr.exe
  2⤵
  PID:4020
- C:\Windows\System\nHlVccl.exe
  C:\Windows\System\nHlVccl.exe
  2⤵
  PID:4028
- C:\Windows\System\NwEkQip.exe
  C:\Windows\System\NwEkQip.exe
  2⤵
  PID:4068
- C:\Windows\System\ExCSjlQ.exe
  C:\Windows\System\ExCSjlQ.exe
  2⤵
  PID:1740
- C:\Windows\System\MDhzYIY.exe
  C:\Windows\System\MDhzYIY.exe
  2⤵
  PID:2156
- C:\Windows\System\rSOrdKh.exe
  C:\Windows\System\rSOrdKh.exe
  2⤵
  PID:1540
- C:\Windows\System\qpRvoee.exe
  C:\Windows\System\qpRvoee.exe
  2⤵
  PID:1412
- C:\Windows\System\BFhAUtz.exe
  C:\Windows\System\BFhAUtz.exe
  2⤵
  PID:3172
- C:\Windows\System\TfpLafP.exe
  C:\Windows\System\TfpLafP.exe
  2⤵
  PID:3256
- C:\Windows\System\AcfRkmQ.exe
  C:\Windows\System\AcfRkmQ.exe
  2⤵
  PID:3280
- C:\Windows\System\ybkikRP.exe
  C:\Windows\System\ybkikRP.exe
  2⤵
  PID:3356
- C:\Windows\System\rOPsjWq.exe
  C:\Windows\System\rOPsjWq.exe
  2⤵
  PID:3476
- C:\Windows\System\nEJdMnP.exe
  C:\Windows\System\nEJdMnP.exe
  2⤵
  PID:3560
- C:\Windows\System\EkKdFTL.exe
  C:\Windows\System\EkKdFTL.exe
  2⤵
  PID:3700
- C:\Windows\System\FKHAKmO.exe
  C:\Windows\System\FKHAKmO.exe
  2⤵
  PID:4104
- C:\Windows\System\SfJGjiH.exe
  C:\Windows\System\SfJGjiH.exe
  2⤵
  PID:4120
- C:\Windows\System\ZnyosmK.exe
  C:\Windows\System\ZnyosmK.exe
  2⤵
  PID:4140
- C:\Windows\System\wtraBLD.exe
  C:\Windows\System\wtraBLD.exe
  2⤵
  PID:4160
- C:\Windows\System\IUAyDVz.exe
  C:\Windows\System\IUAyDVz.exe
  2⤵
  PID:4180
- C:\Windows\System\VxEhNiz.exe
  C:\Windows\System\VxEhNiz.exe
  2⤵
  PID:4200
- C:\Windows\System\owRWUXi.exe
  C:\Windows\System\owRWUXi.exe
  2⤵
  PID:4224
- C:\Windows\System\OhrpaKz.exe
  C:\Windows\System\OhrpaKz.exe
  2⤵
  PID:4240
- C:\Windows\System\PNELzgO.exe
  C:\Windows\System\PNELzgO.exe
  2⤵
  PID:4256
- C:\Windows\System\mWymzmA.exe
  C:\Windows\System\mWymzmA.exe
  2⤵
  PID:4276
- C:\Windows\System\uesHpwQ.exe
  C:\Windows\System\uesHpwQ.exe
  2⤵
  PID:4300
- C:\Windows\System\TaskScJ.exe
  C:\Windows\System\TaskScJ.exe
  2⤵
  PID:4320
- C:\Windows\System\pvgAjIW.exe
  C:\Windows\System\pvgAjIW.exe
  2⤵
  PID:4340
- C:\Windows\System\ttsXgYp.exe
  C:\Windows\System\ttsXgYp.exe
  2⤵
  PID:4356
- C:\Windows\System\aHsJdNB.exe
  C:\Windows\System\aHsJdNB.exe
  2⤵
  PID:4380
- C:\Windows\System\FqrPIZB.exe
  C:\Windows\System\FqrPIZB.exe
  2⤵
  PID:4396
- C:\Windows\System\nlizgBm.exe
  C:\Windows\System\nlizgBm.exe
  2⤵
  PID:4412
- C:\Windows\System\rZCttwd.exe
  C:\Windows\System\rZCttwd.exe
  2⤵
  PID:4428
- C:\Windows\System\sffQZXD.exe
  C:\Windows\System\sffQZXD.exe
  2⤵
  PID:4444
- C:\Windows\System\arwPOaw.exe
  C:\Windows\System\arwPOaw.exe
  2⤵
  PID:4460
- C:\Windows\System\vTxeLYV.exe
  C:\Windows\System\vTxeLYV.exe
  2⤵
  PID:4476
- C:\Windows\System\IJTDqUN.exe
  C:\Windows\System\IJTDqUN.exe
  2⤵
  PID:4492
- C:\Windows\System\adxqojw.exe
  C:\Windows\System\adxqojw.exe
  2⤵
  PID:4508
- C:\Windows\System\BOnKxdq.exe
  C:\Windows\System\BOnKxdq.exe
  2⤵
  PID:4528
- C:\Windows\System\LmOCZxn.exe
  C:\Windows\System\LmOCZxn.exe
  2⤵
  PID:4544
- C:\Windows\System\hScDKNW.exe
  C:\Windows\System\hScDKNW.exe
  2⤵
  PID:4568
- C:\Windows\System\VmOmWkP.exe
  C:\Windows\System\VmOmWkP.exe
  2⤵
  PID:4596
- C:\Windows\System\eKKezfv.exe
  C:\Windows\System\eKKezfv.exe
  2⤵
  PID:4620
- C:\Windows\System\DArWuFu.exe
  C:\Windows\System\DArWuFu.exe
  2⤵
  PID:4668
- C:\Windows\System\xXPumId.exe
  C:\Windows\System\xXPumId.exe
  2⤵
  PID:4684
- C:\Windows\System\wLNadNC.exe
  C:\Windows\System\wLNadNC.exe
  2⤵
  PID:4700
- C:\Windows\System\zvSrtgY.exe
  C:\Windows\System\zvSrtgY.exe
  2⤵
  PID:4716
- C:\Windows\System\LbDCVLR.exe
  C:\Windows\System\LbDCVLR.exe
  2⤵
  PID:4732
- C:\Windows\System\mKezhch.exe
  C:\Windows\System\mKezhch.exe
  2⤵
  PID:4748
- C:\Windows\System\hzlFZsF.exe
  C:\Windows\System\hzlFZsF.exe
  2⤵
  PID:4764
- C:\Windows\System\JGhvkZX.exe
  C:\Windows\System\JGhvkZX.exe
  2⤵
  PID:4780
- C:\Windows\System\dDwANmX.exe
  C:\Windows\System\dDwANmX.exe
  2⤵
  PID:4796
- C:\Windows\System\dGsxdZW.exe
  C:\Windows\System\dGsxdZW.exe
  2⤵
  PID:4812
- C:\Windows\System\GzcFZju.exe
  C:\Windows\System\GzcFZju.exe
  2⤵
  PID:4840
- C:\Windows\System\bRevBYU.exe
  C:\Windows\System\bRevBYU.exe
  2⤵
  PID:4856
- C:\Windows\System\YrqOXvv.exe
  C:\Windows\System\YrqOXvv.exe
  2⤵
  PID:4872
- C:\Windows\System\eXYbpGl.exe
  C:\Windows\System\eXYbpGl.exe
  2⤵
  PID:4892
- C:\Windows\System\KaWUXSn.exe
  C:\Windows\System\KaWUXSn.exe
  2⤵
  PID:4912
- C:\Windows\System\aOlfxOE.exe
  C:\Windows\System\aOlfxOE.exe
  2⤵
  PID:4932
- C:\Windows\System\oIRcLXn.exe
  C:\Windows\System\oIRcLXn.exe
  2⤵
  PID:4952
- C:\Windows\System\XPEtOxQ.exe
  C:\Windows\System\XPEtOxQ.exe
  2⤵
  PID:4968
- C:\Windows\System\tboCdAl.exe
  C:\Windows\System\tboCdAl.exe
  2⤵
  PID:4988
- C:\Windows\System\YVSPxKI.exe
  C:\Windows\System\YVSPxKI.exe
  2⤵
  PID:5004
- C:\Windows\System\VmgkYhd.exe
  C:\Windows\System\VmgkYhd.exe
  2⤵
  PID:5024
- C:\Windows\System\jTzSzol.exe
  C:\Windows\System\jTzSzol.exe
  2⤵
  PID:5040
- C:\Windows\System\wVxVjTh.exe
  C:\Windows\System\wVxVjTh.exe
  2⤵
  PID:5056
- C:\Windows\System\ncnjKCp.exe
  C:\Windows\System\ncnjKCp.exe
  2⤵
  PID:5072
- C:\Windows\System\XhFZxpG.exe
  C:\Windows\System\XhFZxpG.exe
  2⤵
  PID:5088
- C:\Windows\System\mgPcEjG.exe
  C:\Windows\System\mgPcEjG.exe
  2⤵
  PID:5104
- C:\Windows\System\kledEjM.exe
  C:\Windows\System\kledEjM.exe
  2⤵
  PID:3860
- C:\Windows\System\EankOGs.exe
  C:\Windows\System\EankOGs.exe
  2⤵
  PID:3992
- C:\Windows\System\plnCKic.exe
  C:\Windows\System\plnCKic.exe
  2⤵
  PID:4060
- C:\Windows\System\WlbOqtp.exe
  C:\Windows\System\WlbOqtp.exe
  2⤵
  PID:2288
- C:\Windows\System\pmisAaA.exe
  C:\Windows\System\pmisAaA.exe
  2⤵
  PID:3760
- C:\Windows\System\sWwRWhd.exe
  C:\Windows\System\sWwRWhd.exe
  2⤵
  PID:4148
- C:\Windows\System\gemoJgk.exe
  C:\Windows\System\gemoJgk.exe
  2⤵
  PID:3196
- C:\Windows\System\briBCac.exe
  C:\Windows\System\briBCac.exe
  2⤵
  PID:3652
- C:\Windows\System\hkQvikL.exe
  C:\Windows\System\hkQvikL.exe
  2⤵
  PID:4100
- C:\Windows\System\VRwDKXR.exe
  C:\Windows\System\VRwDKXR.exe
  2⤵
  PID:4128
- C:\Windows\System\nEoiDLx.exe
  C:\Windows\System\nEoiDLx.exe
  2⤵
  PID:4272
- C:\Windows\System\XsElQac.exe
  C:\Windows\System\XsElQac.exe
  2⤵
  PID:4352
- C:\Windows\System\IymQLJo.exe
  C:\Windows\System\IymQLJo.exe
  2⤵
  PID:4452
- C:\Windows\System\edtkTir.exe
  C:\Windows\System\edtkTir.exe
  2⤵
  PID:4520
- C:\Windows\System\OqQKZLH.exe
  C:\Windows\System\OqQKZLH.exe
  2⤵
  PID:4564
- C:\Windows\System\vmVLney.exe
  C:\Windows\System\vmVLney.exe
  2⤵
  PID:4680
- C:\Windows\System\qHdUpHR.exe
  C:\Windows\System\qHdUpHR.exe
  2⤵
  PID:4772
- C:\Windows\System\SsycDDc.exe
  C:\Windows\System\SsycDDc.exe
  2⤵
  PID:4852
- C:\Windows\System\vtykOel.exe
  C:\Windows\System\vtykOel.exe
  2⤵
  PID:4888
- C:\Windows\System\BEFRDXc.exe
  C:\Windows\System\BEFRDXc.exe
  2⤵
  PID:4996
- C:\Windows\System\YBZaYiF.exe
  C:\Windows\System\YBZaYiF.exe
  2⤵
  PID:4212
- C:\Windows\System\XrQQvzN.exe
  C:\Windows\System\XrQQvzN.exe
  2⤵
  PID:4216
- C:\Windows\System\onPdijj.exe
  C:\Windows\System\onPdijj.exe
  2⤵
  PID:5036
- C:\Windows\System\CSnical.exe
  C:\Windows\System\CSnical.exe
  2⤵
  PID:4336
- C:\Windows\System\CYUJeBz.exe
  C:\Windows\System\CYUJeBz.exe
  2⤵
  PID:5096
- C:\Windows\System\QxilzCJ.exe
  C:\Windows\System\QxilzCJ.exe
  2⤵
  PID:3952
- C:\Windows\System\foNUcZA.exe
  C:\Windows\System\foNUcZA.exe
  2⤵
  PID:4588
- C:\Windows\System\zJzNqOl.exe
  C:\Windows\System\zJzNqOl.exe
  2⤵
  PID:4472
- C:\Windows\System\yGVibDE.exe
  C:\Windows\System\yGVibDE.exe
  2⤵
  PID:4404
- C:\Windows\System\yILYnYm.exe
  C:\Windows\System\yILYnYm.exe
  2⤵
  PID:4640
- C:\Windows\System\jfHKbbD.exe
  C:\Windows\System\jfHKbbD.exe
  2⤵
  PID:4828
- C:\Windows\System\kQxtyrC.exe
  C:\Windows\System\kQxtyrC.exe
  2⤵
  PID:4948
- C:\Windows\System\aMOOCAt.exe
  C:\Windows\System\aMOOCAt.exe
  2⤵
  PID:3692
- C:\Windows\System\qKKdrKw.exe
  C:\Windows\System\qKKdrKw.exe
  2⤵
  PID:4660
- C:\Windows\System\frLLIMh.exe
  C:\Windows\System\frLLIMh.exe
  2⤵
  PID:5084
- C:\Windows\System\kBGZqsd.exe
  C:\Windows\System\kBGZqsd.exe
  2⤵
  PID:5016
- C:\Windows\System\RHPpTXl.exe
  C:\Windows\System\RHPpTXl.exe
  2⤵
  PID:4940
- C:\Windows\System\feaIqow.exe
  C:\Windows\System\feaIqow.exe
  2⤵
  PID:4824
- C:\Windows\System\tjAxJqx.exe
  C:\Windows\System\tjAxJqx.exe
  2⤵
  PID:4760
- C:\Windows\System\xJUBKiI.exe
  C:\Windows\System\xJUBKiI.exe
  2⤵
  PID:3980
- C:\Windows\System\IrlnYCU.exe
  C:\Windows\System\IrlnYCU.exe
  2⤵
  PID:3132
- C:\Windows\System\pmokxkw.exe
  C:\Windows\System\pmokxkw.exe
  2⤵
  PID:3276
- C:\Windows\System\pRtMOhv.exe
  C:\Windows\System\pRtMOhv.exe
  2⤵
  PID:3616
- C:\Windows\System\HLjzvdW.exe
  C:\Windows\System\HLjzvdW.exe
  2⤵
  PID:4132
- C:\Windows\System\kDPiJBj.exe
  C:\Windows\System\kDPiJBj.exe
  2⤵
  PID:3212
- C:\Windows\System\tBMezwd.exe
  C:\Windows\System\tBMezwd.exe
  2⤵
  PID:4188
- C:\Windows\System\RTEYyMd.exe
  C:\Windows\System\RTEYyMd.exe
  2⤵
  PID:4484
- C:\Windows\System\qnaMGtz.exe
  C:\Windows\System\qnaMGtz.exe
  2⤵
  PID:4424
- C:\Windows\System\WYDdrZG.exe
  C:\Windows\System\WYDdrZG.exe
  2⤵
  PID:4556
- C:\Windows\System\zuTzLfl.exe
  C:\Windows\System\zuTzLfl.exe
  2⤵
  PID:4740
- C:\Windows\System\xEExAoW.exe
  C:\Windows\System\xEExAoW.exe
  2⤵
  PID:4960
- C:\Windows\System\fMrJDeK.exe
  C:\Windows\System\fMrJDeK.exe
  2⤵
  PID:4168
- C:\Windows\System\porxgsm.exe
  C:\Windows\System\porxgsm.exe
  2⤵
  PID:4328
- C:\Windows\System\CQcZozt.exe
  C:\Windows\System\CQcZozt.exe
  2⤵
  PID:4296
- C:\Windows\System\WhaqfAM.exe
  C:\Windows\System\WhaqfAM.exe
  2⤵
  PID:4368
- C:\Windows\System\IBvaZNM.exe
  C:\Windows\System\IBvaZNM.exe
  2⤵
  PID:4364
- C:\Windows\System\gwdXiJy.exe
  C:\Windows\System\gwdXiJy.exe
  2⤵
  PID:4632
- C:\Windows\System\hPiEnWi.exe
  C:\Windows\System\hPiEnWi.exe
  2⤵
  PID:3920
- C:\Windows\System\NosxgiR.exe
  C:\Windows\System\NosxgiR.exe
  2⤵
  PID:4024
- C:\Windows\System\KruvtTt.exe
  C:\Windows\System\KruvtTt.exe
  2⤵
  PID:1876
- C:\Windows\System\yYOHetN.exe
  C:\Windows\System\yYOHetN.exe
  2⤵
  PID:4980
- C:\Windows\System\SIgYTth.exe
  C:\Windows\System\SIgYTth.exe
  2⤵
  PID:4944
- C:\Windows\System\FMORFDy.exe
  C:\Windows\System\FMORFDy.exe
  2⤵
  PID:4692
- C:\Windows\System\tqCOQCK.exe
  C:\Windows\System\tqCOQCK.exe
  2⤵
  PID:3036
- C:\Windows\System\NiZjgLh.exe
  C:\Windows\System\NiZjgLh.exe
  2⤵
  PID:3532
- C:\Windows\System\AzAQJVd.exe
  C:\Windows\System\AzAQJVd.exe
  2⤵
  PID:3456
- C:\Windows\System\VArFrvO.exe
  C:\Windows\System\VArFrvO.exe
  2⤵
  PID:4236
- C:\Windows\System\XuhbMMF.exe
  C:\Windows\System\XuhbMMF.exe
  2⤵
  PID:4312
- C:\Windows\System\OaMOzIw.exe
  C:\Windows\System\OaMOzIw.exe
  2⤵
  PID:1896
- C:\Windows\System\KQUtTMn.exe
  C:\Windows\System\KQUtTMn.exe
  2⤵
  PID:4488
- C:\Windows\System\pWpEhqn.exe
  C:\Windows\System\pWpEhqn.exe
  2⤵
  PID:4928
- C:\Windows\System\kXquULf.exe
  C:\Windows\System\kXquULf.exe
  2⤵
  PID:5128
- C:\Windows\System\gzZkRtI.exe
  C:\Windows\System\gzZkRtI.exe
  2⤵
  PID:5144
- C:\Windows\System\dPzypaC.exe
  C:\Windows\System\dPzypaC.exe
  2⤵
  PID:5172
- C:\Windows\System\DpvYgxF.exe
  C:\Windows\System\DpvYgxF.exe
  2⤵
  PID:5192
- C:\Windows\System\kWvOzdc.exe
  C:\Windows\System\kWvOzdc.exe
  2⤵
  PID:5220
- C:\Windows\System\DXfyobd.exe
  C:\Windows\System\DXfyobd.exe
  2⤵
  PID:5240
- C:\Windows\System\EIxTyzD.exe
  C:\Windows\System\EIxTyzD.exe
  2⤵
  PID:5256
- C:\Windows\System\YSJswUT.exe
  C:\Windows\System\YSJswUT.exe
  2⤵
  PID:5272
- C:\Windows\System\iPDaICC.exe
  C:\Windows\System\iPDaICC.exe
  2⤵
  PID:5288
- C:\Windows\System\zCbStLi.exe
  C:\Windows\System\zCbStLi.exe
  2⤵
  PID:5304
- C:\Windows\System\SBFpFEM.exe
  C:\Windows\System\SBFpFEM.exe
  2⤵
  PID:5324
- C:\Windows\System\FwjJNyN.exe
  C:\Windows\System\FwjJNyN.exe
  2⤵
  PID:5340
- C:\Windows\System\LzUzgzm.exe
  C:\Windows\System\LzUzgzm.exe
  2⤵
  PID:5356
- C:\Windows\System\FOSHrHl.exe
  C:\Windows\System\FOSHrHl.exe
  2⤵
  PID:5384
- C:\Windows\System\kKqgsPy.exe
  C:\Windows\System\kKqgsPy.exe
  2⤵
  PID:5400
- C:\Windows\System\boSczBC.exe
  C:\Windows\System\boSczBC.exe
  2⤵
  PID:5416
- C:\Windows\System\ReoBgNl.exe
  C:\Windows\System\ReoBgNl.exe
  2⤵
  PID:5436
- C:\Windows\System\bEfGPWe.exe
  C:\Windows\System\bEfGPWe.exe
  2⤵
  PID:5460
- C:\Windows\System\queFdSH.exe
  C:\Windows\System\queFdSH.exe
  2⤵
  PID:5480
- C:\Windows\System\qWilwXa.exe
  C:\Windows\System\qWilwXa.exe
  2⤵
  PID:5524
- C:\Windows\System\yCVEgLo.exe
  C:\Windows\System\yCVEgLo.exe
  2⤵
  PID:5540
- C:\Windows\System\EmApsPM.exe
  C:\Windows\System\EmApsPM.exe
  2⤵
  PID:5560
- C:\Windows\System\jAhqBst.exe
  C:\Windows\System\jAhqBst.exe
  2⤵
  PID:5580
- C:\Windows\System\edcVOdT.exe
  C:\Windows\System\edcVOdT.exe
  2⤵
  PID:5600
- C:\Windows\System\Wqmnqvw.exe
  C:\Windows\System\Wqmnqvw.exe
  2⤵
  PID:5620
- C:\Windows\System\QPkmYfa.exe
  C:\Windows\System\QPkmYfa.exe
  2⤵
  PID:5640
- C:\Windows\System\fQiNbyZ.exe
  C:\Windows\System\fQiNbyZ.exe
  2⤵
  PID:5656
- C:\Windows\System\scrsTAY.exe
  C:\Windows\System\scrsTAY.exe
  2⤵
  PID:5672
- C:\Windows\System\nRQhEru.exe
  C:\Windows\System\nRQhEru.exe
  2⤵
  PID:5688
- C:\Windows\System\IeWrBJO.exe
  C:\Windows\System\IeWrBJO.exe
  2⤵
  PID:5708
- C:\Windows\System\tlVqRiS.exe
  C:\Windows\System\tlVqRiS.exe
  2⤵
  PID:5724
- C:\Windows\System\yQRNROY.exe
  C:\Windows\System\yQRNROY.exe
  2⤵
  PID:5752
- C:\Windows\System\vLckmRT.exe
  C:\Windows\System\vLckmRT.exe
  2⤵
  PID:5776
- C:\Windows\System\yKDladE.exe
  C:\Windows\System\yKDladE.exe
  2⤵
  PID:5792
- C:\Windows\System\UXLSrCS.exe
  C:\Windows\System\UXLSrCS.exe
  2⤵
  PID:5824
- C:\Windows\System\DVGSrsp.exe
  C:\Windows\System\DVGSrsp.exe
  2⤵
  PID:5840
- C:\Windows\System\jKpJyWp.exe
  C:\Windows\System\jKpJyWp.exe
  2⤵
  PID:5860
- C:\Windows\System\OsClzcz.exe
  C:\Windows\System\OsClzcz.exe
  2⤵
  PID:5880
- C:\Windows\System\fwmoltU.exe
  C:\Windows\System\fwmoltU.exe
  2⤵
  PID:5900
- C:\Windows\System\QlhVYMR.exe
  C:\Windows\System\QlhVYMR.exe
  2⤵
  PID:5920
- C:\Windows\System\gjivHGt.exe
  C:\Windows\System\gjivHGt.exe
  2⤵
  PID:5940
- C:\Windows\System\XFlZdZL.exe
  C:\Windows\System\XFlZdZL.exe
  2⤵
  PID:5960
- C:\Windows\System\SXdZCZw.exe
  C:\Windows\System\SXdZCZw.exe
  2⤵
  PID:5980
- C:\Windows\System\QRohhWS.exe
  C:\Windows\System\QRohhWS.exe
  2⤵
  PID:6000
- C:\Windows\System\TmXeIpp.exe
  C:\Windows\System\TmXeIpp.exe
  2⤵
  PID:6020
- C:\Windows\System\cLsBCAa.exe
  C:\Windows\System\cLsBCAa.exe
  2⤵
  PID:6040
- C:\Windows\System\QJCXnSu.exe
  C:\Windows\System\QJCXnSu.exe
  2⤵
  PID:6060
- C:\Windows\System\pOjuEzv.exe
  C:\Windows\System\pOjuEzv.exe
  2⤵
  PID:6076
- C:\Windows\System\UzjbvXV.exe
  C:\Windows\System\UzjbvXV.exe
  2⤵
  PID:6104
- C:\Windows\System\QzFvLOA.exe
  C:\Windows\System\QzFvLOA.exe
  2⤵
  PID:6124
- C:\Windows\System\tWSDHZt.exe
  C:\Windows\System\tWSDHZt.exe
  2⤵
  PID:4540
- C:\Windows\System\OZyOjAR.exe
  C:\Windows\System\OZyOjAR.exe
  2⤵
  PID:4880
- C:\Windows\System\yliXEyr.exe
  C:\Windows\System\yliXEyr.exe
  2⤵
  PID:4332
- C:\Windows\System\LJXEMCQ.exe
  C:\Windows\System\LJXEMCQ.exe
  2⤵
  PID:5064
- C:\Windows\System\GfndIlW.exe
  C:\Windows\System\GfndIlW.exe
  2⤵
  PID:4408
- C:\Windows\System\vxtLOlE.exe
  C:\Windows\System\vxtLOlE.exe
  2⤵
  PID:5048
- C:\Windows\System\mLUcorm.exe
  C:\Windows\System\mLUcorm.exe
  2⤵
  PID:4792
- C:\Windows\System\YSriUVj.exe
  C:\Windows\System\YSriUVj.exe
  2⤵
  PID:3400
- C:\Windows\System\puGFdKh.exe
  C:\Windows\System\puGFdKh.exe
  2⤵
  PID:1568
- C:\Windows\System\HHugLGx.exe
  C:\Windows\System\HHugLGx.exe
  2⤵
  PID:5052
- C:\Windows\System\HQwWhOs.exe
  C:\Windows\System\HQwWhOs.exe
  2⤵
  PID:4728
- C:\Windows\System\rvzbZNW.exe
  C:\Windows\System\rvzbZNW.exe
  2⤵
  PID:1780
- C:\Windows\System\VJiZklG.exe
  C:\Windows\System\VJiZklG.exe
  2⤵
  PID:4152
- C:\Windows\System\nfRtyUI.exe
  C:\Windows\System\nfRtyUI.exe
  2⤵
  PID:5216
- C:\Windows\System\vSGsCFf.exe
  C:\Windows\System\vSGsCFf.exe
  2⤵
  PID:4316
- C:\Windows\System\oGESXYq.exe
  C:\Windows\System\oGESXYq.exe
  2⤵
  PID:5180
- C:\Windows\System\VrigBwF.exe
  C:\Windows\System\VrigBwF.exe
  2⤵
  PID:4804
- C:\Windows\System\dpNGQUF.exe
  C:\Windows\System\dpNGQUF.exe
  2⤵
  PID:5320
- C:\Windows\System\ANXJMfH.exe
  C:\Windows\System\ANXJMfH.exe
  2⤵
  PID:5396
- C:\Windows\System\JtNCPIV.exe
  C:\Windows\System\JtNCPIV.exe
  2⤵
  PID:5468
- C:\Windows\System\puAdMAV.exe
  C:\Windows\System\puAdMAV.exe
  2⤵
  PID:5372
- C:\Windows\System\GuGBmEU.exe
  C:\Windows\System\GuGBmEU.exe
  2⤵
  PID:5472
- C:\Windows\System\TvJtAoq.exe
  C:\Windows\System\TvJtAoq.exe
  2⤵
  PID:5576
- C:\Windows\System\REMUwRy.exe
  C:\Windows\System\REMUwRy.exe
  2⤵
  PID:5456
- C:\Windows\System\lfOVFXK.exe
  C:\Windows\System\lfOVFXK.exe
  2⤵
  PID:5336
- C:\Windows\System\VDrfAmt.exe
  C:\Windows\System\VDrfAmt.exe
  2⤵
  PID:5492
- C:\Windows\System\WUwqnBz.exe
  C:\Windows\System\WUwqnBz.exe
  2⤵
  PID:5512
- C:\Windows\System\aTAOpTn.exe
  C:\Windows\System\aTAOpTn.exe
  2⤵
  PID:5592
- C:\Windows\System\rtrgJEo.exe
  C:\Windows\System\rtrgJEo.exe
  2⤵
  PID:5616
- C:\Windows\System\hPGlRyh.exe
  C:\Windows\System\hPGlRyh.exe
  2⤵
  PID:5652
- C:\Windows\System\JtIYgNu.exe
  C:\Windows\System\JtIYgNu.exe
  2⤵
  PID:5720
- C:\Windows\System\njMGsde.exe
  C:\Windows\System\njMGsde.exe
  2⤵
  PID:5628
- C:\Windows\System\cHWMYsg.exe
  C:\Windows\System\cHWMYsg.exe
  2⤵
  PID:5740
- C:\Windows\System\iDyCTtk.exe
  C:\Windows\System\iDyCTtk.exe
  2⤵
  PID:5704
- C:\Windows\System\NZPworZ.exe
  C:\Windows\System\NZPworZ.exe
  2⤵
  PID:5804
- C:\Windows\System\dKsXiaG.exe
  C:\Windows\System\dKsXiaG.exe
  2⤵
  PID:5816
- C:\Windows\System\mzaXyVd.exe
  C:\Windows\System\mzaXyVd.exe
  2⤵
  PID:5852
- C:\Windows\System\SIHqBmL.exe
  C:\Windows\System\SIHqBmL.exe
  2⤵
  PID:5836
- C:\Windows\System\dSRlxUe.exe
  C:\Windows\System\dSRlxUe.exe
  2⤵
  PID:5868
- C:\Windows\System\wMKWZcc.exe
  C:\Windows\System\wMKWZcc.exe
  2⤵
  PID:5912
- C:\Windows\System\nHOEgOA.exe
  C:\Windows\System\nHOEgOA.exe
  2⤵
  PID:5948
- C:\Windows\System\PMRxNBb.exe
  C:\Windows\System\PMRxNBb.exe
  2⤵
  PID:6056
- C:\Windows\System\JtnjHlv.exe
  C:\Windows\System\JtnjHlv.exe
  2⤵
  PID:2148
- C:\Windows\System\TiRixWO.exe
  C:\Windows\System\TiRixWO.exe
  2⤵
  PID:6028
- C:\Windows\System\KkjdIWt.exe
  C:\Windows\System\KkjdIWt.exe
  2⤵
  PID:6096
- C:\Windows\System\zJvkfhV.exe
  C:\Windows\System\zJvkfhV.exe
  2⤵
  PID:4288
- C:\Windows\System\XIDEimj.exe
  C:\Windows\System\XIDEimj.exe
  2⤵
  PID:5116
- C:\Windows\System\egUfrkL.exe
  C:\Windows\System\egUfrkL.exe
  2⤵
  PID:6120
- C:\Windows\System\BxzbCoz.exe
  C:\Windows\System\BxzbCoz.exe
  2⤵
  PID:1836
- C:\Windows\System\vhKwDjX.exe
  C:\Windows\System\vhKwDjX.exe
  2⤵
  PID:1648
- C:\Windows\System\rmfZjOD.exe
  C:\Windows\System\rmfZjOD.exe
  2⤵
  PID:576
- C:\Windows\System\gCmqGfu.exe
  C:\Windows\System\gCmqGfu.exe
  2⤵
  PID:4616
- C:\Windows\System\ytaHTDY.exe
  C:\Windows\System\ytaHTDY.exe
  2⤵
  PID:5232
- C:\Windows\System\gUrIhMQ.exe
  C:\Windows\System\gUrIhMQ.exe
  2⤵
  PID:5264
- C:\Windows\System\ALNSvgI.exe
  C:\Windows\System\ALNSvgI.exe
  2⤵
  PID:5500
- C:\Windows\System\ikFmaxw.exe
  C:\Windows\System\ikFmaxw.exe
  2⤵
  PID:5608
- C:\Windows\System\BFnNzCm.exe
  C:\Windows\System\BFnNzCm.exe
  2⤵
  PID:4788
- C:\Windows\System\MFPcmCy.exe
  C:\Windows\System\MFPcmCy.exe
  2⤵
  PID:2864
- C:\Windows\System\DNTBtAr.exe
  C:\Windows\System\DNTBtAr.exe
  2⤵
  PID:3020
- C:\Windows\System\vLuHjkS.exe
  C:\Windows\System\vLuHjkS.exe
  2⤵
  PID:5636
- C:\Windows\System\UCmFayg.exe
  C:\Windows\System\UCmFayg.exe
  2⤵
  PID:5800
- C:\Windows\System\jJpdkms.exe
  C:\Windows\System\jJpdkms.exe
  2⤵
  PID:5188
- C:\Windows\System\gbHwAiO.exe
  C:\Windows\System\gbHwAiO.exe
  2⤵
  PID:5812
- C:\Windows\System\WecAfhm.exe
  C:\Windows\System\WecAfhm.exe
  2⤵
  PID:5476
- C:\Windows\System\UejYpng.exe
  C:\Windows\System\UejYpng.exe
  2⤵
  PID:2580
- C:\Windows\System\VmEXyPG.exe
  C:\Windows\System\VmEXyPG.exe
  2⤵
  PID:5296
- C:\Windows\System\gEnYcbL.exe
  C:\Windows\System\gEnYcbL.exe
  2⤵
  PID:5764
- C:\Windows\System\YityemO.exe
  C:\Windows\System\YityemO.exe
  2⤵
  PID:5992
- C:\Windows\System\vSprhWU.exe
  C:\Windows\System\vSprhWU.exe
  2⤵
  PID:4628
- C:\Windows\System\UaXPQZx.exe
  C:\Windows\System\UaXPQZx.exe
  2⤵
  PID:796
- C:\Windows\System\kjZKrlW.exe
  C:\Windows\System\kjZKrlW.exe
  2⤵
  PID:5976
- C:\Windows\System\MtIYrYW.exe
  C:\Windows\System\MtIYrYW.exe
  2⤵
  PID:4908
- C:\Windows\System\JtlVcXz.exe
  C:\Windows\System\JtlVcXz.exe
  2⤵
  PID:6048
- C:\Windows\System\ztcnwlR.exe
  C:\Windows\System\ztcnwlR.exe
  2⤵
  PID:1368
- C:\Windows\System\nEbHTbm.exe
  C:\Windows\System\nEbHTbm.exe
  2⤵
  PID:2492
- C:\Windows\System\USWtjen.exe
  C:\Windows\System\USWtjen.exe
  2⤵
  PID:5068
- C:\Windows\System\zKfJhEp.exe
  C:\Windows\System\zKfJhEp.exe
  2⤵
  PID:4900
- C:\Windows\System\PJRJsth.exe
  C:\Windows\System\PJRJsth.exe
  2⤵
  PID:4420
- C:\Windows\System\bFoJHMD.exe
  C:\Windows\System\bFoJHMD.exe
  2⤵
  PID:5392
- C:\Windows\System\bjfvUxE.exe
  C:\Windows\System\bjfvUxE.exe
  2⤵
  PID:4648
- C:\Windows\System\BnGgrdr.exe
  C:\Windows\System\BnGgrdr.exe
  2⤵
  PID:5736
- C:\Windows\System\cxSUAhS.exe
  C:\Windows\System\cxSUAhS.exe
  2⤵
  PID:3460
- C:\Windows\System\MpQOSlg.exe
  C:\Windows\System\MpQOSlg.exe
  2⤵
  PID:5208
- C:\Windows\System\ffbQnkf.exe
  C:\Windows\System\ffbQnkf.exe
  2⤵
  PID:5448
- C:\Windows\System\TbWIaOC.exe
  C:\Windows\System\TbWIaOC.exe
  2⤵
  PID:6152
- C:\Windows\System\XrEfFkN.exe
  C:\Windows\System\XrEfFkN.exe
  2⤵
  PID:6172
- C:\Windows\System\CCZMcvr.exe
  C:\Windows\System\CCZMcvr.exe
  2⤵
  PID:6192
- C:\Windows\System\xRvfbgI.exe
  C:\Windows\System\xRvfbgI.exe
  2⤵
  PID:6212
- C:\Windows\System\EGqubSj.exe
  C:\Windows\System\EGqubSj.exe
  2⤵
  PID:6232
- C:\Windows\System\SktwSwu.exe
  C:\Windows\System\SktwSwu.exe
  2⤵
  PID:6252
- C:\Windows\System\MapwrMa.exe
  C:\Windows\System\MapwrMa.exe
  2⤵
  PID:6272
- C:\Windows\System\PazLIPE.exe
  C:\Windows\System\PazLIPE.exe
  2⤵
  PID:6292
- C:\Windows\System\vnndxri.exe
  C:\Windows\System\vnndxri.exe
  2⤵
  PID:6312
- C:\Windows\System\CqWltTK.exe
  C:\Windows\System\CqWltTK.exe
  2⤵
  PID:6332
- C:\Windows\System\vzXoPqE.exe
  C:\Windows\System\vzXoPqE.exe
  2⤵
  PID:6352
- C:\Windows\System\PlsXdwu.exe
  C:\Windows\System\PlsXdwu.exe
  2⤵
  PID:6372
- C:\Windows\System\emfEQWc.exe
  C:\Windows\System\emfEQWc.exe
  2⤵
  PID:6392
- C:\Windows\System\TTUTKhD.exe
  C:\Windows\System\TTUTKhD.exe
  2⤵
  PID:6412
- C:\Windows\System\gMCfJmR.exe
  C:\Windows\System\gMCfJmR.exe
  2⤵
  PID:6432
- C:\Windows\System\ONkGdID.exe
  C:\Windows\System\ONkGdID.exe
  2⤵
  PID:6452
- C:\Windows\System\eNthCvN.exe
  C:\Windows\System\eNthCvN.exe
  2⤵
  PID:6472
- C:\Windows\System\xLSpDOZ.exe
  C:\Windows\System\xLSpDOZ.exe
  2⤵
  PID:6492
- C:\Windows\System\bGXzciR.exe
  C:\Windows\System\bGXzciR.exe
  2⤵
  PID:6512
- C:\Windows\System\RNezOtz.exe
  C:\Windows\System\RNezOtz.exe
  2⤵
  PID:6532
- C:\Windows\System\PAHtjkG.exe
  C:\Windows\System\PAHtjkG.exe
  2⤵
  PID:6552
- C:\Windows\System\XPeHzfn.exe
  C:\Windows\System\XPeHzfn.exe
  2⤵
  PID:6572
- C:\Windows\System\jLDnotW.exe
  C:\Windows\System\jLDnotW.exe
  2⤵
  PID:6592
- C:\Windows\System\SLAwfiB.exe
  C:\Windows\System\SLAwfiB.exe
  2⤵
  PID:6612
- C:\Windows\System\IOjrGDp.exe
  C:\Windows\System\IOjrGDp.exe
  2⤵
  PID:6632
- C:\Windows\System\sUaFirs.exe
  C:\Windows\System\sUaFirs.exe
  2⤵
  PID:6652
- C:\Windows\System\sYwLFTs.exe
  C:\Windows\System\sYwLFTs.exe
  2⤵
  PID:6672
- C:\Windows\System\LtMIpRM.exe
  C:\Windows\System\LtMIpRM.exe
  2⤵
  PID:6692
- C:\Windows\System\rYXOXgu.exe
  C:\Windows\System\rYXOXgu.exe
  2⤵
  PID:6712
- C:\Windows\System\lAEyLtb.exe
  C:\Windows\System\lAEyLtb.exe
  2⤵
  PID:6732
- C:\Windows\System\yyyryJD.exe
  C:\Windows\System\yyyryJD.exe
  2⤵
  PID:6752
- C:\Windows\System\KdPhfUL.exe
  C:\Windows\System\KdPhfUL.exe
  2⤵
  PID:6772
- C:\Windows\System\niptoyE.exe
  C:\Windows\System\niptoyE.exe
  2⤵
  PID:6792
- C:\Windows\System\CgWenLO.exe
  C:\Windows\System\CgWenLO.exe
  2⤵
  PID:6812
- C:\Windows\System\aWGBnQr.exe
  C:\Windows\System\aWGBnQr.exe
  2⤵
  PID:6832
- C:\Windows\System\nHnybri.exe
  C:\Windows\System\nHnybri.exe
  2⤵
  PID:6852
- C:\Windows\System\QBGzprK.exe
  C:\Windows\System\QBGzprK.exe
  2⤵
  PID:6872
- C:\Windows\System\awRPuWf.exe
  C:\Windows\System\awRPuWf.exe
  2⤵
  PID:6892
- C:\Windows\System\HRklohQ.exe
  C:\Windows\System\HRklohQ.exe
  2⤵
  PID:6912
- C:\Windows\System\pIJgBbg.exe
  C:\Windows\System\pIJgBbg.exe
  2⤵
  PID:6932
- C:\Windows\System\JBOkkPS.exe
  C:\Windows\System\JBOkkPS.exe
  2⤵
  PID:6952
- C:\Windows\System\wJQVcQV.exe
  C:\Windows\System\wJQVcQV.exe
  2⤵
  PID:6972
- C:\Windows\System\PjNiduE.exe
  C:\Windows\System\PjNiduE.exe
  2⤵
  PID:6992
- C:\Windows\System\eQhxotA.exe
  C:\Windows\System\eQhxotA.exe
  2⤵
  PID:7012
- C:\Windows\System\oPcrtFF.exe
  C:\Windows\System\oPcrtFF.exe
  2⤵
  PID:7032
- C:\Windows\System\pljcRXU.exe
  C:\Windows\System\pljcRXU.exe
  2⤵
  PID:7052
- C:\Windows\System\bUoYrAa.exe
  C:\Windows\System\bUoYrAa.exe
  2⤵
  PID:7072
- C:\Windows\System\NJkvnCe.exe
  C:\Windows\System\NJkvnCe.exe
  2⤵
  PID:7092
- C:\Windows\System\rbGlpdm.exe
  C:\Windows\System\rbGlpdm.exe
  2⤵
  PID:7112
- C:\Windows\System\AIvdVxc.exe
  C:\Windows\System\AIvdVxc.exe
  2⤵
  PID:7132
- C:\Windows\System\IjUAmPD.exe
  C:\Windows\System\IjUAmPD.exe
  2⤵
  PID:7152
- C:\Windows\System\aQXTOfU.exe
  C:\Windows\System\aQXTOfU.exe
  2⤵
  PID:2516
- C:\Windows\System\EugbfIM.exe
  C:\Windows\System\EugbfIM.exe
  2⤵
  PID:5552
- C:\Windows\System\sRkfMCZ.exe
  C:\Windows\System\sRkfMCZ.exe
  2⤵
  PID:5892
- C:\Windows\System\DoTXfES.exe
  C:\Windows\System\DoTXfES.exe
  2⤵
  PID:2392
- C:\Windows\System\gVeGQVP.exe
  C:\Windows\System\gVeGQVP.exe
  2⤵
  PID:5596
- C:\Windows\System\tBjCxHh.exe
  C:\Windows\System\tBjCxHh.exe
  2⤵
  PID:5772
- C:\Windows\System\gUKAAtn.exe
  C:\Windows\System\gUKAAtn.exe
  2⤵
  PID:6012
- C:\Windows\System\FqhCkgg.exe
  C:\Windows\System\FqhCkgg.exe
  2⤵
  PID:6068
- C:\Windows\System\XgTlxKT.exe
  C:\Windows\System\XgTlxKT.exe
  2⤵
  PID:6140
- C:\Windows\System\AROOPJg.exe
  C:\Windows\System\AROOPJg.exe
  2⤵
  PID:6116
- C:\Windows\System\AbSqgWs.exe
  C:\Windows\System\AbSqgWs.exe
  2⤵
  PID:5368
- C:\Windows\System\zmOttds.exe
  C:\Windows\System\zmOttds.exe
  2⤵
  PID:5732
- C:\Windows\System\BnykgHc.exe
  C:\Windows\System\BnykgHc.exe
  2⤵
  PID:5432
- C:\Windows\System\vrCDHSF.exe
  C:\Windows\System\vrCDHSF.exe
  2⤵
  PID:6148
- C:\Windows\System\PyTkGKo.exe
  C:\Windows\System\PyTkGKo.exe
  2⤵
  PID:6188
- C:\Windows\System\LhwvADc.exe
  C:\Windows\System\LhwvADc.exe
  2⤵
  PID:6200
- C:\Windows\System\nJdpSYW.exe
  C:\Windows\System\nJdpSYW.exe
  2⤵
  PID:6224
- C:\Windows\System\qKcVOsn.exe
  C:\Windows\System\qKcVOsn.exe
  2⤵
  PID:6248
- C:\Windows\System\MAuGkDn.exe
  C:\Windows\System\MAuGkDn.exe
  2⤵
  PID:6284
- C:\Windows\System\tguMhJM.exe
  C:\Windows\System\tguMhJM.exe
  2⤵
  PID:6328
- C:\Windows\System\zSSyRxP.exe
  C:\Windows\System\zSSyRxP.exe
  2⤵
  PID:6360
- C:\Windows\System\FwiphGl.exe
  C:\Windows\System\FwiphGl.exe
  2⤵
  PID:1980
- C:\Windows\System\kbTGCzB.exe
  C:\Windows\System\kbTGCzB.exe
  2⤵
  PID:6428
- C:\Windows\System\GAcXGFm.exe
  C:\Windows\System\GAcXGFm.exe
  2⤵
  PID:2564
- C:\Windows\System\aSnkNkH.exe
  C:\Windows\System\aSnkNkH.exe
  2⤵
  PID:6480
- C:\Windows\System\fKdWSjS.exe
  C:\Windows\System\fKdWSjS.exe
  2⤵
  PID:6520
- C:\Windows\System\CmphoOz.exe
  C:\Windows\System\CmphoOz.exe
  2⤵
  PID:6544
- C:\Windows\System\KZRgIhn.exe
  C:\Windows\System\KZRgIhn.exe
  2⤵
  PID:6564
- C:\Windows\System\OoRQGFS.exe
  C:\Windows\System\OoRQGFS.exe
  2⤵
  PID:6604
- C:\Windows\System\VGHbOpN.exe
  C:\Windows\System\VGHbOpN.exe
  2⤵
  PID:6644
- C:\Windows\System\rkmGeth.exe
  C:\Windows\System\rkmGeth.exe
  2⤵
  PID:6700
- C:\Windows\System\RlTJfFF.exe
  C:\Windows\System\RlTJfFF.exe
  2⤵
  PID:6720
- C:\Windows\System\UhQDzHS.exe
  C:\Windows\System\UhQDzHS.exe
  2⤵
  PID:6748
- C:\Windows\System\apswwiG.exe
  C:\Windows\System\apswwiG.exe
  2⤵
  PID:2844
- C:\Windows\System\FyeEpuU.exe
  C:\Windows\System\FyeEpuU.exe
  2⤵
  PID:6808
- C:\Windows\System\QujirFn.exe
  C:\Windows\System\QujirFn.exe
  2⤵
  PID:6848
- C:\Windows\System\EFIcSlq.exe
  C:\Windows\System\EFIcSlq.exe
  2⤵
  PID:6880
- C:\Windows\System\XjiKwUN.exe
  C:\Windows\System\XjiKwUN.exe
  2⤵
  PID:6904
- C:\Windows\System\wwxojdy.exe
  C:\Windows\System\wwxojdy.exe
  2⤵
  PID:6948
- C:\Windows\System\fjQDwOB.exe
  C:\Windows\System\fjQDwOB.exe
  2⤵
  PID:6964
- C:\Windows\System\iBaOJfh.exe
  C:\Windows\System\iBaOJfh.exe
  2⤵
  PID:7008
- C:\Windows\System\shsHSkE.exe
  C:\Windows\System\shsHSkE.exe
  2⤵
  PID:7060
- C:\Windows\System\NqEsKvT.exe
  C:\Windows\System\NqEsKvT.exe
  2⤵
  PID:7080
- C:\Windows\System\OQOgjDj.exe
  C:\Windows\System\OQOgjDj.exe
  2⤵
  PID:7104
- C:\Windows\System\DCsiqlz.exe
  C:\Windows\System\DCsiqlz.exe
  2⤵
  PID:7124
- C:\Windows\System\aCmgBSl.exe
  C:\Windows\System\aCmgBSl.exe
  2⤵
  PID:5452
- C:\Windows\System\hNMiqZi.exe
  C:\Windows\System\hNMiqZi.exe
  2⤵
  PID:5300
- C:\Windows\System\xDuwrIq.exe
  C:\Windows\System\xDuwrIq.exe
  2⤵
  PID:5848
- C:\Windows\System\dRJrAJA.exe
  C:\Windows\System\dRJrAJA.exe
  2⤵
  PID:6092
- C:\Windows\System\SpKMlWh.exe
  C:\Windows\System\SpKMlWh.exe
  2⤵
  PID:5956
- C:\Windows\System\NmZPVIJ.exe
  C:\Windows\System\NmZPVIJ.exe
  2⤵
  PID:6136
- C:\Windows\System\WLKoluT.exe
  C:\Windows\System\WLKoluT.exe
  2⤵
  PID:5156
- C:\Windows\System\MnEmkxV.exe
  C:\Windows\System\MnEmkxV.exe
  2⤵
  PID:5160
- C:\Windows\System\kcniehJ.exe
  C:\Windows\System\kcniehJ.exe
  2⤵
  PID:5316
- C:\Windows\System\JuLoXuj.exe
  C:\Windows\System\JuLoXuj.exe
  2⤵
  PID:6180
- C:\Windows\System\neVPuvq.exe
  C:\Windows\System\neVPuvq.exe
  2⤵
  PID:6204
- C:\Windows\System\LZVlnSg.exe
  C:\Windows\System\LZVlnSg.exe
  2⤵
  PID:6280
- C:\Windows\System\TaWNhmk.exe
  C:\Windows\System\TaWNhmk.exe
  2⤵
  PID:6368
- C:\Windows\System\zAaBsFe.exe
  C:\Windows\System\zAaBsFe.exe
  2⤵
  PID:6380
- C:\Windows\System\JhamSAA.exe
  C:\Windows\System\JhamSAA.exe
  2⤵
  PID:6440
- C:\Windows\System\lhzOVkN.exe
  C:\Windows\System\lhzOVkN.exe
  2⤵
  PID:6464
- C:\Windows\System\YYxvBgt.exe
  C:\Windows\System\YYxvBgt.exe
  2⤵
  PID:6580
- C:\Windows\System\NMvtHMi.exe
  C:\Windows\System\NMvtHMi.exe
  2⤵
  PID:6624
- C:\Windows\System\CpxXUbJ.exe
  C:\Windows\System\CpxXUbJ.exe
  2⤵
  PID:6640
- C:\Windows\System\uJxpdkU.exe
  C:\Windows\System\uJxpdkU.exe
  2⤵
  PID:6708
- C:\Windows\System\TQUXZvE.exe
  C:\Windows\System\TQUXZvE.exe
  2⤵
  PID:6764
- C:\Windows\System\btfXPMi.exe
  C:\Windows\System\btfXPMi.exe
  2⤵
  PID:6840
- C:\Windows\System\WGgEkLx.exe
  C:\Windows\System\WGgEkLx.exe
  2⤵
  PID:6908
- C:\Windows\System\AOzJVQx.exe
  C:\Windows\System\AOzJVQx.exe
  2⤵
  PID:6960
- C:\Windows\System\qjRKgvd.exe
  C:\Windows\System\qjRKgvd.exe
  2⤵
  PID:6924
- C:\Windows\System\IkTYmYt.exe
  C:\Windows\System\IkTYmYt.exe
  2⤵
  PID:7000
- C:\Windows\System\ljgAdVi.exe
  C:\Windows\System\ljgAdVi.exe
  2⤵
  PID:7048
- C:\Windows\System\wPPXSIy.exe
  C:\Windows\System\wPPXSIy.exe
  2⤵
  PID:7120
- C:\Windows\System\LEwugZT.exe
  C:\Windows\System\LEwugZT.exe
  2⤵
  PID:5856
- C:\Windows\System\jFsJvxK.exe
  C:\Windows\System\jFsJvxK.exe
  2⤵
  PID:7164
- C:\Windows\System\GZgfylj.exe
  C:\Windows\System\GZgfylj.exe
  2⤵
  PID:2276
- C:\Windows\System\mYNvYCD.exe
  C:\Windows\System\mYNvYCD.exe
  2⤵
  PID:5252
- C:\Windows\System\AflGEnU.exe
  C:\Windows\System\AflGEnU.exe
  2⤵
  PID:5428
- C:\Windows\System\riyvYAl.exe
  C:\Windows\System\riyvYAl.exe
  2⤵
  PID:2172
- C:\Windows\System\VChfQsa.exe
  C:\Windows\System\VChfQsa.exe
  2⤵
  PID:6340
- C:\Windows\System\SBqcEGZ.exe
  C:\Windows\System\SBqcEGZ.exe
  2⤵
  PID:6268
- C:\Windows\System\gvmDnFd.exe
  C:\Windows\System\gvmDnFd.exe
  2⤵
  PID:6504
- C:\Windows\System\FYWzxHd.exe
  C:\Windows\System\FYWzxHd.exe
  2⤵
  PID:6364
- C:\Windows\System\KYIOdNN.exe
  C:\Windows\System\KYIOdNN.exe
  2⤵
  PID:6444
- C:\Windows\System\vjJPPuF.exe
  C:\Windows\System\vjJPPuF.exe
  2⤵
  PID:6588
- C:\Windows\System\VkSWFrA.exe
  C:\Windows\System\VkSWFrA.exe
  2⤵
  PID:6824
- C:\Windows\System\VodOiBj.exe
  C:\Windows\System\VodOiBj.exe
  2⤵
  PID:6828
- C:\Windows\System\rJAnVQl.exe
  C:\Windows\System\rJAnVQl.exe
  2⤵
  PID:7108
- C:\Windows\System\yrYtEuF.exe
  C:\Windows\System\yrYtEuF.exe
  2⤵
  PID:7020
- C:\Windows\System\oLPHGAf.exe
  C:\Windows\System\oLPHGAf.exe
  2⤵
  PID:7044
- C:\Windows\System\rcBanIr.exe
  C:\Windows\System\rcBanIr.exe
  2⤵
  PID:3000
- C:\Windows\System\ofmjRCF.exe
  C:\Windows\System\ofmjRCF.exe
  2⤵
  PID:5100
- C:\Windows\System\WUCYRtI.exe
  C:\Windows\System\WUCYRtI.exe
  2⤵
  PID:6304
- C:\Windows\System\UmstmWb.exe
  C:\Windows\System\UmstmWb.exe
  2⤵
  PID:5364
- C:\Windows\System\xGiVXQl.exe
  C:\Windows\System\xGiVXQl.exe
  2⤵
  PID:6460
- C:\Windows\System\OvaQVCB.exe
  C:\Windows\System\OvaQVCB.exe
  2⤵
  PID:6344
- C:\Windows\System\oYOUfLi.exe
  C:\Windows\System\oYOUfLi.exe
  2⤵
  PID:7188
- C:\Windows\System\BbXVazV.exe
  C:\Windows\System\BbXVazV.exe
  2⤵
  PID:7208
- C:\Windows\System\dXEGyDx.exe
  C:\Windows\System\dXEGyDx.exe
  2⤵
  PID:7228
- C:\Windows\System\FKwenMg.exe
  C:\Windows\System\FKwenMg.exe
  2⤵
  PID:7252
- C:\Windows\System\poZlTHR.exe
  C:\Windows\System\poZlTHR.exe
  2⤵
  PID:7272
- C:\Windows\System\ALYECHB.exe
  C:\Windows\System\ALYECHB.exe
  2⤵
  PID:7292
- C:\Windows\System\ElgOGlD.exe
  C:\Windows\System\ElgOGlD.exe
  2⤵
  PID:7308
- C:\Windows\System\bSfOPuj.exe
  C:\Windows\System\bSfOPuj.exe
  2⤵
  PID:7328
- C:\Windows\System\qgfYuib.exe
  C:\Windows\System\qgfYuib.exe
  2⤵
  PID:7348
- C:\Windows\System\paBCSHN.exe
  C:\Windows\System\paBCSHN.exe
  2⤵
  PID:7372
- C:\Windows\System\SPAPRaT.exe
  C:\Windows\System\SPAPRaT.exe
  2⤵
  PID:7392
- C:\Windows\System\gruiFEk.exe
  C:\Windows\System\gruiFEk.exe
  2⤵
  PID:7412
- C:\Windows\System\UXRiele.exe
  C:\Windows\System\UXRiele.exe
  2⤵
  PID:7428
- C:\Windows\System\WRbPuMW.exe
  C:\Windows\System\WRbPuMW.exe
  2⤵
  PID:7452
- C:\Windows\System\jMADLmB.exe
  C:\Windows\System\jMADLmB.exe
  2⤵
  PID:7472
- C:\Windows\System\mkNYyCz.exe
  C:\Windows\System\mkNYyCz.exe
  2⤵
  PID:7492
- C:\Windows\System\xtdYYlL.exe
  C:\Windows\System\xtdYYlL.exe
  2⤵
  PID:7508
- C:\Windows\System\wPebHFL.exe
  C:\Windows\System\wPebHFL.exe
  2⤵
  PID:7532
- C:\Windows\System\KvwTlCw.exe
  C:\Windows\System\KvwTlCw.exe
  2⤵
  PID:7552
- C:\Windows\System\VBoBYGd.exe
  C:\Windows\System\VBoBYGd.exe
  2⤵
  PID:7572
- C:\Windows\System\hGUOFiY.exe
  C:\Windows\System\hGUOFiY.exe
  2⤵
  PID:7592
- C:\Windows\System\RefFnIh.exe
  C:\Windows\System\RefFnIh.exe
  2⤵
  PID:7612
- C:\Windows\System\CsXFPSh.exe
  C:\Windows\System\CsXFPSh.exe
  2⤵
  PID:7628
- C:\Windows\System\xAhlXhl.exe
  C:\Windows\System\xAhlXhl.exe
  2⤵
  PID:7652
- C:\Windows\System\qhnKTQv.exe
  C:\Windows\System\qhnKTQv.exe
  2⤵
  PID:7672
- C:\Windows\System\pWdxgZn.exe
  C:\Windows\System\pWdxgZn.exe
  2⤵
  PID:7692
- C:\Windows\System\uqHHGcI.exe
  C:\Windows\System\uqHHGcI.exe
  2⤵
  PID:7708
- C:\Windows\System\vwEKUjt.exe
  C:\Windows\System\vwEKUjt.exe
  2⤵
  PID:7732
- C:\Windows\System\VKXnImW.exe
  C:\Windows\System\VKXnImW.exe
  2⤵
  PID:7752
- C:\Windows\System\GAPddlN.exe
  C:\Windows\System\GAPddlN.exe
  2⤵
  PID:7772
- C:\Windows\System\JYEfOWu.exe
  C:\Windows\System\JYEfOWu.exe
  2⤵
  PID:7792
- C:\Windows\System\VHytmQU.exe
  C:\Windows\System\VHytmQU.exe
  2⤵
  PID:7812
- C:\Windows\System\PiiMjvw.exe
  C:\Windows\System\PiiMjvw.exe
  2⤵
  PID:7832
- C:\Windows\System\mfYJIVu.exe
  C:\Windows\System\mfYJIVu.exe
  2⤵
  PID:7852
- C:\Windows\System\zYFuKPA.exe
  C:\Windows\System\zYFuKPA.exe
  2⤵
  PID:7872
- C:\Windows\System\BgdYriP.exe
  C:\Windows\System\BgdYriP.exe
  2⤵
  PID:7892
- C:\Windows\System\MgIeVaa.exe
  C:\Windows\System\MgIeVaa.exe
  2⤵
  PID:7908
- C:\Windows\System\UlifExS.exe
  C:\Windows\System\UlifExS.exe
  2⤵
  PID:7928
- C:\Windows\System\siJOiyR.exe
  C:\Windows\System\siJOiyR.exe
  2⤵
  PID:7948
- C:\Windows\System\OfWStUQ.exe
  C:\Windows\System\OfWStUQ.exe
  2⤵
  PID:7972
- C:\Windows\System\QGNBKkO.exe
  C:\Windows\System\QGNBKkO.exe
  2⤵
  PID:7992
- C:\Windows\System\BnBQjLV.exe
  C:\Windows\System\BnBQjLV.exe
  2⤵
  PID:8012
- C:\Windows\System\HRYjWFl.exe
  C:\Windows\System\HRYjWFl.exe
  2⤵
  PID:8032
- C:\Windows\System\FYiSlwg.exe
  C:\Windows\System\FYiSlwg.exe
  2⤵
  PID:8052
- C:\Windows\System\fzhfdPl.exe
  C:\Windows\System\fzhfdPl.exe
  2⤵
  PID:8072
- C:\Windows\System\LyDhQdE.exe
  C:\Windows\System\LyDhQdE.exe
  2⤵
  PID:8092
- C:\Windows\System\jLiIQZV.exe
  C:\Windows\System\jLiIQZV.exe
  2⤵
  PID:8112
- C:\Windows\System\IqlSbrk.exe
  C:\Windows\System\IqlSbrk.exe
  2⤵
  PID:8132
- C:\Windows\System\aPhnzUE.exe
  C:\Windows\System\aPhnzUE.exe
  2⤵
  PID:8156
- C:\Windows\System\Kdwbpda.exe
  C:\Windows\System\Kdwbpda.exe
  2⤵
  PID:8176
- C:\Windows\System\GvABHVk.exe
  C:\Windows\System\GvABHVk.exe
  2⤵
  PID:6488
- C:\Windows\System\XFSCusI.exe
  C:\Windows\System\XFSCusI.exe
  2⤵
  PID:6760
- C:\Windows\System\OxePjja.exe
  C:\Windows\System\OxePjja.exe
  2⤵
  PID:7084
- C:\Windows\System\vAKrsdM.exe
  C:\Windows\System\vAKrsdM.exe
  2⤵
  PID:7088
- C:\Windows\System\BXzYvzo.exe
  C:\Windows\System\BXzYvzo.exe
  2⤵
  PID:1860
- C:\Windows\System\CoPWXNI.exe
  C:\Windows\System\CoPWXNI.exe
  2⤵
  PID:264
- C:\Windows\System\jCASXVD.exe
  C:\Windows\System\jCASXVD.exe
  2⤵
  PID:4064
- C:\Windows\System\MtKKXjb.exe
  C:\Windows\System\MtKKXjb.exe
  2⤵
  PID:4636
- C:\Windows\System\FtrYczI.exe
  C:\Windows\System\FtrYczI.exe
  2⤵
  PID:7196
- C:\Windows\System\BpWgjPY.exe
  C:\Windows\System\BpWgjPY.exe
  2⤵
  PID:7176
- C:\Windows\System\SFRiWoR.exe
  C:\Windows\System\SFRiWoR.exe
  2⤵
  PID:7244
- C:\Windows\System\CyHbCDF.exe
  C:\Windows\System\CyHbCDF.exe
  2⤵
  PID:7280
- C:\Windows\System\LFPXhFX.exe
  C:\Windows\System\LFPXhFX.exe
  2⤵
  PID:7268
- C:\Windows\System\ExAmbXC.exe
  C:\Windows\System\ExAmbXC.exe
  2⤵
  PID:7304
- C:\Windows\System\CimVzrj.exe
  C:\Windows\System\CimVzrj.exe
  2⤵
  PID:7368
- C:\Windows\System\oPNAmnD.exe
  C:\Windows\System\oPNAmnD.exe
  2⤵
  PID:7408
- C:\Windows\System\aAtozMf.exe
  C:\Windows\System\aAtozMf.exe
  2⤵
  PID:7440
- C:\Windows\System\aQqxVzq.exe
  C:\Windows\System\aQqxVzq.exe
  2⤵
  PID:7420
- C:\Windows\System\bdLBldg.exe
  C:\Windows\System\bdLBldg.exe
  2⤵
  PID:7484
- C:\Windows\System\PqcvnzK.exe
  C:\Windows\System\PqcvnzK.exe
  2⤵
  PID:7528
- C:\Windows\System\zXZdeBD.exe
  C:\Windows\System\zXZdeBD.exe
  2⤵
  PID:7548
- C:\Windows\System\xHwedHq.exe
  C:\Windows\System\xHwedHq.exe
  2⤵
  PID:7580
- C:\Windows\System\YaqSmOV.exe
  C:\Windows\System\YaqSmOV.exe
  2⤵
  PID:7636
- C:\Windows\System\RMHLUJI.exe
  C:\Windows\System\RMHLUJI.exe
  2⤵
  PID:7680
- C:\Windows\System\tfeBAmc.exe
  C:\Windows\System\tfeBAmc.exe
  2⤵
  PID:7664
- C:\Windows\System\DcTHEYl.exe
  C:\Windows\System\DcTHEYl.exe
  2⤵
  PID:7700
- C:\Windows\System\FmgjswU.exe
  C:\Windows\System\FmgjswU.exe
  2⤵
  PID:7744
- C:\Windows\System\IQtuuCh.exe
  C:\Windows\System\IQtuuCh.exe
  2⤵
  PID:7800
- C:\Windows\System\xTQLmHX.exe
  C:\Windows\System\xTQLmHX.exe
  2⤵
  PID:4000
- C:\Windows\System\MYSLBlo.exe
  C:\Windows\System\MYSLBlo.exe
  2⤵
  PID:7840
- C:\Windows\System\OJDdQWX.exe
  C:\Windows\System\OJDdQWX.exe
  2⤵
  PID:7864
- C:\Windows\System\OGnDCPz.exe
  C:\Windows\System\OGnDCPz.exe
  2⤵
  PID:7920
- C:\Windows\System\VTCvTaL.exe
  C:\Windows\System\VTCvTaL.exe
  2⤵
  PID:7960
- C:\Windows\System\gpvgsxB.exe
  C:\Windows\System\gpvgsxB.exe
  2⤵
  PID:7964
- C:\Windows\System\KDRpkeu.exe
  C:\Windows\System\KDRpkeu.exe
  2⤵
  PID:8008
- C:\Windows\System\rimsUJO.exe
  C:\Windows\System\rimsUJO.exe
  2⤵
  PID:8028
- C:\Windows\System\ukwchVl.exe
  C:\Windows\System\ukwchVl.exe
  2⤵
  PID:8080
- C:\Windows\System\wtjPLYZ.exe
  C:\Windows\System\wtjPLYZ.exe
  2⤵
  PID:8100
- C:\Windows\System\KkEgSoM.exe
  C:\Windows\System\KkEgSoM.exe
  2⤵
  PID:8140
- C:\Windows\System\UaYqAIw.exe
  C:\Windows\System\UaYqAIw.exe
  2⤵
  PID:8144
- C:\Windows\System\kTClzLM.exe
  C:\Windows\System\kTClzLM.exe
  2⤵
  PID:6600
- C:\Windows\System\grsETxU.exe
  C:\Windows\System\grsETxU.exe
  2⤵
  PID:6784
- C:\Windows\System\RcPalTy.exe
  C:\Windows\System\RcPalTy.exe
  2⤵
  PID:5928
- C:\Windows\System\mHXDULt.exe
  C:\Windows\System\mHXDULt.exe
  2⤵
  PID:6300
- C:\Windows\System\ACdoTjG.exe
  C:\Windows\System\ACdoTjG.exe
  2⤵
  PID:4264
- C:\Windows\System\CEFksKD.exe
  C:\Windows\System\CEFksKD.exe
  2⤵
  PID:1260
- C:\Windows\System\KKZfYiR.exe
  C:\Windows\System\KKZfYiR.exe
  2⤵
  PID:7200
- C:\Windows\System\JztWMzH.exe
  C:\Windows\System\JztWMzH.exe
  2⤵
  PID:7300
- C:\Windows\System\hGJqlLS.exe
  C:\Windows\System\hGJqlLS.exe
  2⤵
  PID:7380
- C:\Windows\System\woLFoXz.exe
  C:\Windows\System\woLFoXz.exe
  2⤵
  PID:7424
- C:\Windows\System\nDaBuPK.exe
  C:\Windows\System\nDaBuPK.exe
  2⤵
  PID:7384
- C:\Windows\System\nhSgLnL.exe
  C:\Windows\System\nhSgLnL.exe
  2⤵
  PID:7464
- C:\Windows\System\DMsHrHE.exe
  C:\Windows\System\DMsHrHE.exe
  2⤵
  PID:7504
- C:\Windows\System\BiqcBPj.exe
  C:\Windows\System\BiqcBPj.exe
  2⤵
  PID:7624
- C:\Windows\System\ZUWvOgP.exe
  C:\Windows\System\ZUWvOgP.exe
  2⤵
  PID:7716
- C:\Windows\System\oFAcghN.exe
  C:\Windows\System\oFAcghN.exe
  2⤵
  PID:7724
- C:\Windows\System\UFoacmh.exe
  C:\Windows\System\UFoacmh.exe
  2⤵
  PID:2316
- C:\Windows\System\zduUqaU.exe
  C:\Windows\System\zduUqaU.exe
  2⤵
  PID:7804
- C:\Windows\System\nSKOXwu.exe
  C:\Windows\System\nSKOXwu.exe
  2⤵
  PID:2584
- C:\Windows\System\wjrQsIo.exe
  C:\Windows\System\wjrQsIo.exe
  2⤵
  PID:7860
- C:\Windows\System\vlLfpss.exe
  C:\Windows\System\vlLfpss.exe
  2⤵
  PID:7940
- C:\Windows\System\uGIaFaU.exe
  C:\Windows\System\uGIaFaU.exe
  2⤵
  PID:7980
- C:\Windows\System\lRTmUQw.exe
  C:\Windows\System\lRTmUQw.exe
  2⤵
  PID:8084
- C:\Windows\System\AFnAVNa.exe
  C:\Windows\System\AFnAVNa.exe
  2⤵
  PID:8124
- C:\Windows\System\ORxnvbz.exe
  C:\Windows\System\ORxnvbz.exe
  2⤵
  PID:8108
- C:\Windows\System\QzystPm.exe
  C:\Windows\System\QzystPm.exe
  2⤵
  PID:6724
- C:\Windows\System\FsPRZLJ.exe
  C:\Windows\System\FsPRZLJ.exe
  2⤵
  PID:2648
- C:\Windows\System\CWYYTAF.exe
  C:\Windows\System\CWYYTAF.exe
  2⤵
  PID:6800
- C:\Windows\System\JXmsRMw.exe
  C:\Windows\System\JXmsRMw.exe
  2⤵
  PID:824
- C:\Windows\System\uboKVfg.exe
  C:\Windows\System\uboKVfg.exe
  2⤵
  PID:2768
- C:\Windows\System\HtWDSJa.exe
  C:\Windows\System\HtWDSJa.exe
  2⤵
  PID:7220
- C:\Windows\System\wtmnipd.exe
  C:\Windows\System\wtmnipd.exe
  2⤵
  PID:7340
- C:\Windows\System\NyAJesW.exe
  C:\Windows\System\NyAJesW.exe
  2⤵
  PID:2236
- C:\Windows\System\XFcLrjn.exe
  C:\Windows\System\XFcLrjn.exe
  2⤵
  PID:7436
- C:\Windows\System\lIHGMyA.exe
  C:\Windows\System\lIHGMyA.exe
  2⤵
  PID:7600
- C:\Windows\System\hoZFBBr.exe
  C:\Windows\System\hoZFBBr.exe
  2⤵
  PID:7564
- C:\Windows\System\Quhihmn.exe
  C:\Windows\System\Quhihmn.exe
  2⤵
  PID:7620
- C:\Windows\System\chENpGH.exe
  C:\Windows\System\chENpGH.exe
  2⤵
  PID:2228
- C:\Windows\System\uoEGzRc.exe
  C:\Windows\System\uoEGzRc.exe
  2⤵
  PID:7820
- C:\Windows\System\WoxdLGL.exe
  C:\Windows\System\WoxdLGL.exe
  2⤵
  PID:7888
- C:\Windows\System\BLIuwPh.exe
  C:\Windows\System\BLIuwPh.exe
  2⤵
  PID:8048
- C:\Windows\System\KOYdwoE.exe
  C:\Windows\System\KOYdwoE.exe
  2⤵
  PID:7936
- C:\Windows\System\sylgVxQ.exe
  C:\Windows\System\sylgVxQ.exe
  2⤵
  PID:7988
- C:\Windows\System\QoTifZg.exe
  C:\Windows\System\QoTifZg.exe
  2⤵
  PID:2404
- C:\Windows\System\euaDQgd.exe
  C:\Windows\System\euaDQgd.exe
  2⤵
  PID:6940
- C:\Windows\System\dUcmfpl.exe
  C:\Windows\System\dUcmfpl.exe
  2⤵
  PID:8152
- C:\Windows\System\MAsFWrE.exe
  C:\Windows\System\MAsFWrE.exe
  2⤵
  PID:6072
- C:\Windows\System\FoqPrTW.exe
  C:\Windows\System\FoqPrTW.exe
  2⤵
  PID:6704
- C:\Windows\System\FqiEGIC.exe
  C:\Windows\System\FqiEGIC.exe
  2⤵
  PID:6400
- C:\Windows\System\ZNZZyAU.exe
  C:\Windows\System\ZNZZyAU.exe
  2⤵
  PID:1700
- C:\Windows\System\tiHzHOw.exe
  C:\Windows\System\tiHzHOw.exe
  2⤵
  PID:7180
- C:\Windows\System\TFnZmyj.exe
  C:\Windows\System\TFnZmyj.exe
  2⤵
  PID:1484
- C:\Windows\System\aARxKCT.exe
  C:\Windows\System\aARxKCT.exe
  2⤵
  PID:2732
- C:\Windows\System\kMuTkht.exe
  C:\Windows\System\kMuTkht.exe
  2⤵
  PID:7320
- C:\Windows\System\FwoCvYn.exe
  C:\Windows\System\FwoCvYn.exe
  2⤵
  PID:1736
- C:\Windows\System\vaNWnnm.exe
  C:\Windows\System\vaNWnnm.exe
  2⤵
  PID:7660
- C:\Windows\System\JDufCnK.exe
  C:\Windows\System\JDufCnK.exe
  2⤵
  PID:7740
- C:\Windows\System\CdKtajI.exe
  C:\Windows\System\CdKtajI.exe
  2⤵
  PID:2788
- C:\Windows\System\vASakRG.exe
  C:\Windows\System\vASakRG.exe
  2⤵
  PID:2740
- C:\Windows\System\jCAzdaL.exe
  C:\Windows\System\jCAzdaL.exe
  2⤵
  PID:1712
- C:\Windows\System\GgZFAAM.exe
  C:\Windows\System\GgZFAAM.exe
  2⤵
  PID:876
- C:\Windows\System\ieTZjNt.exe
  C:\Windows\System\ieTZjNt.exe
  2⤵
  PID:1100
- C:\Windows\System\kyAVRAF.exe
  C:\Windows\System\kyAVRAF.exe
  2⤵
  PID:2600
- C:\Windows\System\KkAiSGX.exe
  C:\Windows\System\KkAiSGX.exe
  2⤵
  PID:1408
- C:\Windows\System\KPRqsQA.exe
  C:\Windows\System\KPRqsQA.exe
  2⤵
  PID:2024
- C:\Windows\System\ZMnEUnN.exe
  C:\Windows\System\ZMnEUnN.exe
  2⤵
  PID:7524
- C:\Windows\System\cfhHcTl.exe
  C:\Windows\System\cfhHcTl.exe
  2⤵
  PID:5896
- C:\Windows\System\UtvdLKq.exe
  C:\Windows\System\UtvdLKq.exe
  2⤵
  PID:3332
- C:\Windows\System\YtnWyvj.exe
  C:\Windows\System\YtnWyvj.exe
  2⤵
  PID:7604
- C:\Windows\System\tgqCKSS.exe
  C:\Windows\System\tgqCKSS.exe
  2⤵
  PID:1552
- C:\Windows\System\CUzyqCr.exe
  C:\Windows\System\CUzyqCr.exe
  2⤵
  PID:2920
- C:\Windows\System\foPAjzr.exe
  C:\Windows\System\foPAjzr.exe
  2⤵
  PID:1012
- C:\Windows\System\xrQyssZ.exe
  C:\Windows\System\xrQyssZ.exe
  2⤵
  PID:7900
- C:\Windows\System\GlmJaMq.exe
  C:\Windows\System\GlmJaMq.exe
  2⤵
  PID:836
- C:\Windows\System\ivMyNbI.exe
  C:\Windows\System\ivMyNbI.exe
  2⤵
  PID:8120
- C:\Windows\System\YtoJBDK.exe
  C:\Windows\System\YtoJBDK.exe
  2⤵
  PID:2892
- C:\Windows\System\ScXdSPd.exe
  C:\Windows\System\ScXdSPd.exe
  2⤵
  PID:1908
- C:\Windows\System\lMRxdcn.exe
  C:\Windows\System\lMRxdcn.exe
  2⤵
  PID:2396
- C:\Windows\System\DVVGKOM.exe
  C:\Windows\System\DVVGKOM.exe
  2⤵
  PID:8208
- C:\Windows\System\BLPXKCB.exe
  C:\Windows\System\BLPXKCB.exe
  2⤵
  PID:8224
- C:\Windows\System\HgOBuQh.exe
  C:\Windows\System\HgOBuQh.exe
  2⤵
  PID:8240
- C:\Windows\System\VPGcYjS.exe
  C:\Windows\System\VPGcYjS.exe
  2⤵
  PID:8256
- C:\Windows\System\fCXaAgx.exe
  C:\Windows\System\fCXaAgx.exe
  2⤵
  PID:8272
- C:\Windows\System\mwWXQgF.exe
  C:\Windows\System\mwWXQgF.exe
  2⤵
  PID:8288
- C:\Windows\System\eQYsBbq.exe
  C:\Windows\System\eQYsBbq.exe
  2⤵
  PID:8304
- C:\Windows\System\pNVmIuM.exe
  C:\Windows\System\pNVmIuM.exe
  2⤵
  PID:8320
- C:\Windows\System\NBjBdQZ.exe
  C:\Windows\System\NBjBdQZ.exe
  2⤵
  PID:8336
- C:\Windows\System\hZjgLfI.exe
  C:\Windows\System\hZjgLfI.exe
  2⤵
  PID:8352
- C:\Windows\System\LesZEff.exe
  C:\Windows\System\LesZEff.exe
  2⤵
  PID:8368
- C:\Windows\System\cHNISVW.exe
  C:\Windows\System\cHNISVW.exe
  2⤵
  PID:8384
- C:\Windows\System\YYMMISr.exe
  C:\Windows\System\YYMMISr.exe
  2⤵
  PID:8400
- C:\Windows\System\aAFliQu.exe
  C:\Windows\System\aAFliQu.exe
  2⤵
  PID:8416
- C:\Windows\System\RgdWFgS.exe
  C:\Windows\System\RgdWFgS.exe
  2⤵
  PID:8432
- C:\Windows\System\wZoePaN.exe
  C:\Windows\System\wZoePaN.exe
  2⤵
  PID:8448
- C:\Windows\System\APvBJed.exe
  C:\Windows\System\APvBJed.exe
  2⤵
  PID:8464
- C:\Windows\System\wpKSTbW.exe
  C:\Windows\System\wpKSTbW.exe
  2⤵
  PID:8480
- C:\Windows\System\PWYzvpE.exe
  C:\Windows\System\PWYzvpE.exe
  2⤵
  PID:8496
- C:\Windows\System\rTGwRNE.exe
  C:\Windows\System\rTGwRNE.exe
  2⤵
  PID:8512
- C:\Windows\System\AAzUrIe.exe
  C:\Windows\System\AAzUrIe.exe
  2⤵
  PID:8528
- C:\Windows\System\duZXLAW.exe
  C:\Windows\System\duZXLAW.exe
  2⤵
  PID:8544
- C:\Windows\System\GnvcamS.exe
  C:\Windows\System\GnvcamS.exe
  2⤵
  PID:8560
- C:\Windows\System\VtfsCWh.exe
  C:\Windows\System\VtfsCWh.exe
  2⤵
  PID:8576
- C:\Windows\System\TwRLOEm.exe
  C:\Windows\System\TwRLOEm.exe
  2⤵
  PID:8592
- C:\Windows\System\kexpCkW.exe
  C:\Windows\System\kexpCkW.exe
  2⤵
  PID:8608
- C:\Windows\System\eujAcnk.exe
  C:\Windows\System\eujAcnk.exe
  2⤵
  PID:8624
- C:\Windows\System\aCvwlFo.exe
  C:\Windows\System\aCvwlFo.exe
  2⤵
  PID:8640
- C:\Windows\System\YxUgKtI.exe
  C:\Windows\System\YxUgKtI.exe
  2⤵
  PID:8656
- C:\Windows\System\OVBdMzr.exe
  C:\Windows\System\OVBdMzr.exe
  2⤵
  PID:8672
- C:\Windows\System\RWTWzCd.exe
  C:\Windows\System\RWTWzCd.exe
  2⤵
  PID:8688
- C:\Windows\System\KHHuosp.exe
  C:\Windows\System\KHHuosp.exe
  2⤵
  PID:8704
- C:\Windows\System\NcVLRdw.exe
  C:\Windows\System\NcVLRdw.exe
  2⤵
  PID:8720
- C:\Windows\System\lFiIUnW.exe
  C:\Windows\System\lFiIUnW.exe
  2⤵
  PID:8736
- C:\Windows\System\jppnArZ.exe
  C:\Windows\System\jppnArZ.exe
  2⤵
  PID:8752
- C:\Windows\System\PnfqFPq.exe
  C:\Windows\System\PnfqFPq.exe
  2⤵
  PID:8768
- C:\Windows\System\ZDuVEoW.exe
  C:\Windows\System\ZDuVEoW.exe
  2⤵
  PID:8784
- C:\Windows\System\QBjhmrv.exe
  C:\Windows\System\QBjhmrv.exe
  2⤵
  PID:8800
- C:\Windows\System\vxmJgRR.exe
  C:\Windows\System\vxmJgRR.exe
  2⤵
  PID:8832
- C:\Windows\System\KmlXqKf.exe
  C:\Windows\System\KmlXqKf.exe
  2⤵
  PID:8852
- C:\Windows\System\iHcDCfI.exe
  C:\Windows\System\iHcDCfI.exe
  2⤵
  PID:8868
- C:\Windows\System\kLrbBzQ.exe
  C:\Windows\System\kLrbBzQ.exe
  2⤵
  PID:8884
- C:\Windows\System\LdRbwBL.exe
  C:\Windows\System\LdRbwBL.exe
  2⤵
  PID:8900
- C:\Windows\System\MzytxkS.exe
  C:\Windows\System\MzytxkS.exe
  2⤵
  PID:8916
- C:\Windows\System\gjUkrgy.exe
  C:\Windows\System\gjUkrgy.exe
  2⤵
  PID:8932
- C:\Windows\System\EOkKBtw.exe
  C:\Windows\System\EOkKBtw.exe
  2⤵
  PID:8948
- C:\Windows\System\myaolaN.exe
  C:\Windows\System\myaolaN.exe
  2⤵
  PID:8964
- C:\Windows\System\kFaXSym.exe
  C:\Windows\System\kFaXSym.exe
  2⤵
  PID:8980
- C:\Windows\System\IXnOfaj.exe
  C:\Windows\System\IXnOfaj.exe
  2⤵
  PID:8996
- C:\Windows\System\PXQMazp.exe
  C:\Windows\System\PXQMazp.exe
  2⤵
  PID:9012
- C:\Windows\System\bqRQBqY.exe
  C:\Windows\System\bqRQBqY.exe
  2⤵
  PID:9028
- C:\Windows\System\WiILODi.exe
  C:\Windows\System\WiILODi.exe
  2⤵
  PID:9044
- C:\Windows\System\vbaelCS.exe
  C:\Windows\System\vbaelCS.exe
  2⤵
  PID:9060
- C:\Windows\System\wekzGeA.exe
  C:\Windows\System\wekzGeA.exe
  2⤵
  PID:9076
- C:\Windows\System\qZuHKqw.exe
  C:\Windows\System\qZuHKqw.exe
  2⤵
  PID:9092
- C:\Windows\System\JvaFTuT.exe
  C:\Windows\System\JvaFTuT.exe
  2⤵
  PID:9108
- C:\Windows\System\BTvRDIt.exe
  C:\Windows\System\BTvRDIt.exe
  2⤵
  PID:9124
- C:\Windows\System\xLSYjnJ.exe
  C:\Windows\System\xLSYjnJ.exe
  2⤵
  PID:9140
- C:\Windows\System\LIVfOvI.exe
  C:\Windows\System\LIVfOvI.exe
  2⤵
  PID:9156
- C:\Windows\System\kbpzicD.exe
  C:\Windows\System\kbpzicD.exe
  2⤵
  PID:9172
- C:\Windows\System\EsflpGR.exe
  C:\Windows\System\EsflpGR.exe
  2⤵
  PID:9188
- C:\Windows\System\fodaToE.exe
  C:\Windows\System\fodaToE.exe
  2⤵
  PID:9204
- C:\Windows\System\kdzqSnR.exe
  C:\Windows\System\kdzqSnR.exe
  2⤵
  PID:1544
- C:\Windows\System\zZHUAqP.exe
  C:\Windows\System\zZHUAqP.exe
  2⤵
  PID:8232
- C:\Windows\System\LFnkFNi.exe
  C:\Windows\System\LFnkFNi.exe
  2⤵
  PID:8296
- C:\Windows\System\faSbKqy.exe
  C:\Windows\System\faSbKqy.exe
  2⤵
  PID:348
- C:\Windows\System\IOyvYrO.exe
  C:\Windows\System\IOyvYrO.exe
  2⤵
  PID:8360
- C:\Windows\System\GyaxETv.exe
  C:\Windows\System\GyaxETv.exe
  2⤵
  PID:8396
- C:\Windows\System\HYBFWOr.exe
  C:\Windows\System\HYBFWOr.exe
  2⤵
  PID:8312
- C:\Windows\System\akLGQdf.exe
  C:\Windows\System\akLGQdf.exe
  2⤵
  PID:8252
- C:\Windows\System\doZLtyu.exe
  C:\Windows\System\doZLtyu.exe
  2⤵
  PID:8348
- C:\Windows\System\hHRWyQY.exe
  C:\Windows\System\hHRWyQY.exe
  2⤵
  PID:8536
- C:\Windows\System\ehucOaG.exe
  C:\Windows\System\ehucOaG.exe
  2⤵
  PID:1560
- C:\Windows\System\RTUeqtl.exe
  C:\Windows\System\RTUeqtl.exe
  2⤵
  PID:8600
- C:\Windows\System\qajfojs.exe
  C:\Windows\System\qajfojs.exe
  2⤵
  PID:8200
- C:\Windows\System\kfuDcWl.exe
  C:\Windows\System\kfuDcWl.exe
  2⤵
  PID:8524
- C:\Windows\System\LOuCVoH.exe
  C:\Windows\System\LOuCVoH.exe
  2⤵
  PID:8616
- C:\Windows\System\tIZmMBc.exe
  C:\Windows\System\tIZmMBc.exe
  2⤵
  PID:8664
- C:\Windows\System\lmhCLcO.exe
  C:\Windows\System\lmhCLcO.exe
  2⤵
  PID:8668
- C:\Windows\System\rOKKMyG.exe
  C:\Windows\System\rOKKMyG.exe
  2⤵
  PID:8764
- C:\Windows\System\GoDmPge.exe
  C:\Windows\System\GoDmPge.exe
  2⤵
  PID:8780
- C:\Windows\System\XLrrhoh.exe
  C:\Windows\System\XLrrhoh.exe
  2⤵
  PID:8716
- C:\Windows\System\CQKxrDD.exe
  C:\Windows\System\CQKxrDD.exe
  2⤵
  PID:8364
- C:\Windows\System\ERNIgrz.exe
  C:\Windows\System\ERNIgrz.exe
  2⤵
  PID:8824
- C:\Windows\System\XpbxxpD.exe
  C:\Windows\System\XpbxxpD.exe
  2⤵
  PID:8896
- C:\Windows\System\XzklGJa.exe
  C:\Windows\System\XzklGJa.exe
  2⤵
  PID:8908
- C:\Windows\System\uyeEaNg.exe
  C:\Windows\System\uyeEaNg.exe
  2⤵
  PID:8956
- C:\Windows\System\IDZCbfU.exe
  C:\Windows\System\IDZCbfU.exe
  2⤵
  PID:9020
- C:\Windows\System\CYdYFQw.exe
  C:\Windows\System\CYdYFQw.exe
  2⤵
  PID:8840
- C:\Windows\System\dEZLnJw.exe
  C:\Windows\System\dEZLnJw.exe
  2⤵
  PID:8976
- C:\Windows\System\kwLqAYA.exe
  C:\Windows\System\kwLqAYA.exe
  2⤵
  PID:9004
- C:\Windows\System\qerRwQP.exe
  C:\Windows\System\qerRwQP.exe
  2⤵
  PID:8876
- C:\Windows\System\JwzGGEa.exe
  C:\Windows\System\JwzGGEa.exe
  2⤵
  PID:9084
- C:\Windows\System\hudQMeO.exe
  C:\Windows\System\hudQMeO.exe
  2⤵
  PID:9120
- C:\Windows\System\fUmwZXZ.exe
  C:\Windows\System\fUmwZXZ.exe
  2⤵
  PID:9184
- C:\Windows\System\dCoWhtZ.exe
  C:\Windows\System\dCoWhtZ.exe
  2⤵
  PID:6980
- C:\Windows\System\QMsZkZE.exe
  C:\Windows\System\QMsZkZE.exe
  2⤵
  PID:8264
- C:\Windows\System\UrZQTmd.exe
  C:\Windows\System\UrZQTmd.exe
  2⤵
  PID:8428
- C:\Windows\System\HOPWSbE.exe
  C:\Windows\System\HOPWSbE.exe
  2⤵
  PID:952
- C:\Windows\System\MbSJRca.exe
  C:\Windows\System\MbSJRca.exe
  2⤵
  PID:7684
- C:\Windows\System\YZuNDUr.exe
  C:\Windows\System\YZuNDUr.exe
  2⤵
  PID:8248
- C:\Windows\System\vxKMRYn.exe
  C:\Windows\System\vxKMRYn.exe
  2⤵
  PID:8476
- C:\Windows\System\HMRYQCn.exe
  C:\Windows\System\HMRYQCn.exe
  2⤵
  PID:8520
- C:\Windows\System\yvuCfES.exe
  C:\Windows\System\yvuCfES.exe
  2⤵
  PID:8732
- C:\Windows\System\QEGYxoW.exe
  C:\Windows\System\QEGYxoW.exe
  2⤵
  PID:8632
- C:\Windows\System\oJGOhWE.exe
  C:\Windows\System\oJGOhWE.exe
  2⤵
  PID:8796
- C:\Windows\System\fraDOlr.exe
  C:\Windows\System\fraDOlr.exe
  2⤵
  PID:8860
- C:\Windows\System\uujaaxH.exe
  C:\Windows\System\uujaaxH.exe
  2⤵
  PID:9052
- C:\Windows\System\QPvlWhj.exe
  C:\Windows\System\QPvlWhj.exe
  2⤵
  PID:9132
- C:\Windows\System\HMzxFET.exe
  C:\Windows\System\HMzxFET.exe
  2⤵
  PID:8928
- C:\Windows\System\JpZVLTd.exe
  C:\Windows\System\JpZVLTd.exe
  2⤵
  PID:8972
- C:\Windows\System\sQgdVFM.exe
  C:\Windows\System\sQgdVFM.exe
  2⤵
  PID:8220
- C:\Windows\System\NowYhIt.exe
  C:\Windows\System\NowYhIt.exe
  2⤵
  PID:8880
- C:\Windows\System\kTaIfIG.exe
  C:\Windows\System\kTaIfIG.exe
  2⤵
  PID:8700
- C:\Windows\System\xUxiqlh.exe
  C:\Windows\System\xUxiqlh.exe
  2⤵
  PID:8684
- C:\Windows\System\GkdnyOx.exe
  C:\Windows\System\GkdnyOx.exe
  2⤵
  PID:9068
- C:\Windows\System\JItEbYe.exe
  C:\Windows\System\JItEbYe.exe
  2⤵
  PID:9100
- C:\Windows\System\BzNKUHG.exe
  C:\Windows\System\BzNKUHG.exe
  2⤵
  PID:8440
- C:\Windows\System\daxyURH.exe
  C:\Windows\System\daxyURH.exe
  2⤵
  PID:8636
- C:\Windows\System\eVhgrYM.exe
  C:\Windows\System\eVhgrYM.exe
  2⤵
  PID:8392
- C:\Windows\System\MgqMnqE.exe
  C:\Windows\System\MgqMnqE.exe
  2⤵
  PID:9152
- C:\Windows\System\OqQToSG.exe
  C:\Windows\System\OqQToSG.exe
  2⤵
  PID:8284
- C:\Windows\System\qndXXug.exe
  C:\Windows\System\qndXXug.exe
  2⤵
  PID:7780
- C:\Windows\System\JPNfvEv.exe
  C:\Windows\System\JPNfvEv.exe
  2⤵
  PID:8472
- C:\Windows\System\GyjTntA.exe
  C:\Windows\System\GyjTntA.exe
  2⤵
  PID:8944
- C:\Windows\System\AOsLBOU.exe
  C:\Windows\System\AOsLBOU.exe
  2⤵
  PID:9072
- C:\Windows\System\fDzdchQ.exe
  C:\Windows\System\fDzdchQ.exe
  2⤵
  PID:8988
- C:\Windows\System\fOgGfVI.exe
  C:\Windows\System\fOgGfVI.exe
  2⤵
  PID:9220
- C:\Windows\System\NVwHgxh.exe
  C:\Windows\System\NVwHgxh.exe
  2⤵
  PID:9236
- C:\Windows\System\kOXqAFz.exe
  C:\Windows\System\kOXqAFz.exe
  2⤵
  PID:9252
- C:\Windows\System\vPBXhIr.exe
  C:\Windows\System\vPBXhIr.exe
  2⤵
  PID:9268
- C:\Windows\System\QunGVCH.exe
  C:\Windows\System\QunGVCH.exe
  2⤵
  PID:9284
- C:\Windows\System\OqHWVUn.exe
  C:\Windows\System\OqHWVUn.exe
  2⤵
  PID:9300
- C:\Windows\System\fITiTEh.exe
  C:\Windows\System\fITiTEh.exe
  2⤵
  PID:9316
- C:\Windows\System\rFEsEjx.exe
  C:\Windows\System\rFEsEjx.exe
  2⤵
  PID:9332
- C:\Windows\System\jsLBrjZ.exe
  C:\Windows\System\jsLBrjZ.exe
  2⤵
  PID:9348
- C:\Windows\System\dcEnvxI.exe
  C:\Windows\System\dcEnvxI.exe
  2⤵
  PID:9364
- C:\Windows\System\Repjfhl.exe
  C:\Windows\System\Repjfhl.exe
  2⤵
  PID:9380
- C:\Windows\System\iRfGzJp.exe
  C:\Windows\System\iRfGzJp.exe
  2⤵
  PID:9396
- C:\Windows\System\TsrDIhD.exe
  C:\Windows\System\TsrDIhD.exe
  2⤵
  PID:9412
- C:\Windows\System\FElabNK.exe
  C:\Windows\System\FElabNK.exe
  2⤵
  PID:9428
- C:\Windows\System\cEHflzr.exe
  C:\Windows\System\cEHflzr.exe
  2⤵
  PID:9444
- C:\Windows\System\ABCVeaK.exe
  C:\Windows\System\ABCVeaK.exe
  2⤵
  PID:9460
- C:\Windows\System\QWDLhnE.exe
  C:\Windows\System\QWDLhnE.exe
  2⤵
  PID:9476
- C:\Windows\System\aodQFPC.exe
  C:\Windows\System\aodQFPC.exe
  2⤵
  PID:9492
- C:\Windows\System\qVketLb.exe
  C:\Windows\System\qVketLb.exe
  2⤵
  PID:9508
- C:\Windows\System\nGvLEXn.exe
  C:\Windows\System\nGvLEXn.exe
  2⤵
  PID:9524
- C:\Windows\System\cgkVxkS.exe
  C:\Windows\System\cgkVxkS.exe
  2⤵
  PID:9540
- C:\Windows\System\JngDzIi.exe
  C:\Windows\System\JngDzIi.exe
  2⤵
  PID:9556
- C:\Windows\System\nPaQADb.exe
  C:\Windows\System\nPaQADb.exe
  2⤵
  PID:9572
- C:\Windows\System\OZieGLQ.exe
  C:\Windows\System\OZieGLQ.exe
  2⤵
  PID:9588
- C:\Windows\System\MtNynhr.exe
  C:\Windows\System\MtNynhr.exe
  2⤵
  PID:9604
- C:\Windows\System\rqvCHBf.exe
  C:\Windows\System\rqvCHBf.exe
  2⤵
  PID:9620
- C:\Windows\System\qxTCKKI.exe
  C:\Windows\System\qxTCKKI.exe
  2⤵
  PID:9636
- C:\Windows\System\opXMsqF.exe
  C:\Windows\System\opXMsqF.exe
  2⤵
  PID:9652
- C:\Windows\System\VIvAYLA.exe
  C:\Windows\System\VIvAYLA.exe
  2⤵
  PID:9672
- C:\Windows\System\RRnDXCn.exe
  C:\Windows\System\RRnDXCn.exe
  2⤵
  PID:9688
- C:\Windows\System\fZHzrbe.exe
  C:\Windows\System\fZHzrbe.exe
  2⤵
  PID:9704
- C:\Windows\System\xGAgvvD.exe
  C:\Windows\System\xGAgvvD.exe
  2⤵
  PID:9720
- C:\Windows\System\BozWOGu.exe
  C:\Windows\System\BozWOGu.exe
  2⤵
  PID:9736
- C:\Windows\System\VXuUDtx.exe
  C:\Windows\System\VXuUDtx.exe
  2⤵
  PID:9752
- C:\Windows\System\LZOaDFz.exe
  C:\Windows\System\LZOaDFz.exe
  2⤵
  PID:9772
- C:\Windows\System\MrglDHL.exe
  C:\Windows\System\MrglDHL.exe
  2⤵
  PID:9796
- C:\Windows\System\lMqWolN.exe
  C:\Windows\System\lMqWolN.exe
  2⤵
  PID:9812
- C:\Windows\System\HkrzjwD.exe
  C:\Windows\System\HkrzjwD.exe
  2⤵
  PID:9828
- C:\Windows\System\zAncgfr.exe
  C:\Windows\System\zAncgfr.exe
  2⤵
  PID:9844
- C:\Windows\System\UUbctDv.exe
  C:\Windows\System\UUbctDv.exe
  2⤵
  PID:9860
- C:\Windows\System\nQejZAF.exe
  C:\Windows\System\nQejZAF.exe
  2⤵
  PID:9876
- C:\Windows\System\AlLJchE.exe
  C:\Windows\System\AlLJchE.exe
  2⤵
  PID:9892
- C:\Windows\System\EchoHxr.exe
  C:\Windows\System\EchoHxr.exe
  2⤵
  PID:9908
- C:\Windows\System\wAmzTVJ.exe
  C:\Windows\System\wAmzTVJ.exe
  2⤵
  PID:9940
- C:\Windows\System\DaIadce.exe
  C:\Windows\System\DaIadce.exe
  2⤵
  PID:9956
- C:\Windows\System\UQSBDuo.exe
  C:\Windows\System\UQSBDuo.exe
  2⤵
  PID:9984
- C:\Windows\System\QRoEBtm.exe
  C:\Windows\System\QRoEBtm.exe
  2⤵
  PID:10000
- C:\Windows\System\oEstYqI.exe
  C:\Windows\System\oEstYqI.exe
  2⤵
  PID:10016
- C:\Windows\System\WysfTkC.exe
  C:\Windows\System\WysfTkC.exe
  2⤵
  PID:10032
- C:\Windows\System\AjXdmkc.exe
  C:\Windows\System\AjXdmkc.exe
  2⤵
  PID:10048
- C:\Windows\System\NhrvFvZ.exe
  C:\Windows\System\NhrvFvZ.exe
  2⤵
  PID:10064
- C:\Windows\System\RyPUWBr.exe
  C:\Windows\System\RyPUWBr.exe
  2⤵
  PID:10080
- C:\Windows\System\SUyaQRy.exe
  C:\Windows\System\SUyaQRy.exe
  2⤵
  PID:10100
- C:\Windows\System\DfYHDto.exe
  C:\Windows\System\DfYHDto.exe
  2⤵
  PID:10116
- C:\Windows\System\XOUwtZJ.exe
  C:\Windows\System\XOUwtZJ.exe
  2⤵
  PID:10136
- C:\Windows\System\PYhrgid.exe
  C:\Windows\System\PYhrgid.exe
  2⤵
  PID:10152
- C:\Windows\System\eLHbwOd.exe
  C:\Windows\System\eLHbwOd.exe
  2⤵
  PID:10168
- C:\Windows\System\CIIgIun.exe
  C:\Windows\System\CIIgIun.exe
  2⤵
  PID:10188
- C:\Windows\System\njgoHoh.exe
  C:\Windows\System\njgoHoh.exe
  2⤵
  PID:8828
- C:\Windows\System\iKQftTt.exe
  C:\Windows\System\iKQftTt.exe
  2⤵
  PID:8380
- C:\Windows\System\Krhxeyy.exe
  C:\Windows\System\Krhxeyy.exe
  2⤵
  PID:9248
- C:\Windows\System\YNDOHea.exe
  C:\Windows\System\YNDOHea.exe
  2⤵
  PID:9168
- C:\Windows\System\qfuVPhA.exe
  C:\Windows\System\qfuVPhA.exe
  2⤵
  PID:9296
- C:\Windows\System\gmderHN.exe
  C:\Windows\System\gmderHN.exe
  2⤵
  PID:9308
- C:\Windows\System\khvkmZx.exe
  C:\Windows\System\khvkmZx.exe
  2⤵
  PID:9344
- C:\Windows\System\YHXdmek.exe
  C:\Windows\System\YHXdmek.exe
  2⤵
  PID:9408
- C:\Windows\System\IYYLHbG.exe
  C:\Windows\System\IYYLHbG.exe
  2⤵
  PID:9468
- C:\Windows\System\nvbyCNF.exe
  C:\Windows\System\nvbyCNF.exe
  2⤵
  PID:9328
- C:\Windows\System\sfdosVF.exe
  C:\Windows\System\sfdosVF.exe
  2⤵
  PID:9536
- C:\Windows\System\JeGZCRb.exe
  C:\Windows\System\JeGZCRb.exe
  2⤵
  PID:9600
- C:\Windows\System\qGCptfU.exe
  C:\Windows\System\qGCptfU.exe
  2⤵
  PID:9660
- C:\Windows\System\toDggzK.exe
  C:\Windows\System\toDggzK.exe
  2⤵
  PID:9728
- C:\Windows\System\bEhOMDD.exe
  C:\Windows\System\bEhOMDD.exe
  2⤵
  PID:9780
- C:\Windows\System\aCULnZb.exe
  C:\Windows\System\aCULnZb.exe
  2⤵
  PID:9808
- C:\Windows\System\heTpGBH.exe
  C:\Windows\System\heTpGBH.exe
  2⤵
  PID:9820
- C:\Windows\System\onLwakj.exe
  C:\Windows\System\onLwakj.exe
  2⤵
  PID:9936
- C:\Windows\System\qLMupVP.exe
  C:\Windows\System\qLMupVP.exe
  2⤵
  PID:9764
- C:\Windows\System\aIBUfFc.exe
  C:\Windows\System\aIBUfFc.exe
  2⤵
  PID:10040
- C:\Windows\System\mnLQXnW.exe
  C:\Windows\System\mnLQXnW.exe
  2⤵
  PID:10088
- C:\Windows\System\eGzRPYg.exe
  C:\Windows\System\eGzRPYg.exe
  2⤵
  PID:10164
- C:\Windows\System\viXzRFD.exe
  C:\Windows\System\viXzRFD.exe
  2⤵
  PID:10176
- C:\Windows\System\krKtiEY.exe
  C:\Windows\System\krKtiEY.exe
  2⤵
  PID:9276
- C:\Windows\System\txqHniM.exe
  C:\Windows\System\txqHniM.exe
  2⤵
  PID:10228
- C:\Windows\System\ufKtkkj.exe
  C:\Windows\System\ufKtkkj.exe
  2⤵
  PID:9260
- C:\Windows\System\bpMlfNj.exe
  C:\Windows\System\bpMlfNj.exe
  2⤵
  PID:9292
- C:\Windows\System\fyFckjw.exe
  C:\Windows\System\fyFckjw.exe
  2⤵
  PID:9340
- C:\Windows\System\lSmTFak.exe
  C:\Windows\System\lSmTFak.exe
  2⤵
  PID:9376
- C:\Windows\System\SGaCVwP.exe
  C:\Windows\System\SGaCVwP.exe
  2⤵
  PID:9500
- C:\Windows\System\rikdIkD.exe
  C:\Windows\System\rikdIkD.exe
  2⤵
  PID:8588
- C:\Windows\System\hMAfZUz.exe
  C:\Windows\System\hMAfZUz.exe
  2⤵
  PID:9568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EgNzvuQ.exe

Filesize
6.0MB

MD5
719710ccb28a0df55ddedc4f2560e4aa

SHA1
1a310a4247949b073dea8cce4da86107a58e2b1c

SHA256
23dac0df482599fd9e0e4e68baafda9eaa2ad4a75d24548535c05e4cdbf3a326

SHA512
982398e4da822260b3f6e1ed44138e3699862a9fad75a2ac1049bf01ae3604da352659e25e8ca161c61ba6a2fe6fca2186160051face6764000230ba1b0187ab

Download Submit
C:\Windows\system\EqsJrAZ.exe

Filesize
6.0MB

MD5
da8a949b91d72aeddb558d0652926a20

SHA1
c05e4352230ddbf37d685d8717e6923864f4973f

SHA256
9a239f1220679107ed39aa84d9d39046346664b1be1e607b429e349e3cc3c7c1

SHA512
bff0dba5b57065dfa22e62df24beac7aafd0823bf1e3e550c8819bea5f18c3749e96ce98cb1e00da57072bb20d07f58b23fc315f70f15cf786e97f928576d73a

Download Submit
C:\Windows\system\GObngtF.exe

Filesize
6.0MB

MD5
3e1f692f5aa5ab75c77066373e171ed4

SHA1
e580be7cace67397af39aa6c81805d7f2fdf3099

SHA256
ccdb61e9e660be9fd0f6513793412a120a00172f7a0f3a9ed5d0f0b8946ea96e

SHA512
10f7896e79be6e4d6330d6c62fd19c10925cf277d40fbb621209adddee4de221675e55c6e8be141e51b5588d4a3d53ee8713628e3ba43845a0c683d0b4f1e9ee

Download Submit
C:\Windows\system\GyVjNud.exe

Filesize
6.0MB

MD5
b98c85ad89acf2152f05df4f7f2aefe4

SHA1
b48a9223914a82931d922cc1440c1c2f6a00e328

SHA256
4cf4b6fb12c2408777f2fc33ef5743a4dc7733a6b8344ee4aa7f51939fbb4a87

SHA512
cb56a5834fc894ab66537fc65b2c27da9b6151e94dc58327dafd81e1d780846b4ed4d3789b134df078825300376b5f5d59512f993f7aa9270a81c2172e033dd4

Download Submit
C:\Windows\system\MgwEjbo.exe

Filesize
6.0MB

MD5
824c85c86eefd18247086397faa98e9e

SHA1
07dc4f82c1cf351cbf670612e8eeb9f3b155ef8d

SHA256
9d3ff2f2265a94992393c2745d0f5482107e76f48561102e450988181d96dabb

SHA512
268dabee8ef18ee4529f1441233bfdc0c83bbf8929cb1a24bfadf42452da4e6ad231a0a2d0e3acc904fc254cf32f56c7e7d2c682723604833af17897377b0438

Download Submit
C:\Windows\system\OksHpbQ.exe

Filesize
6.0MB

MD5
b890546a653c58fc4a1756cf73b9bb73

SHA1
d1c463865cc81389633ab83e996021b42235b1a3

SHA256
d37edeab18b73f0c862c1c586d7f1cac48c2731a2abdf080bc61817e6a681e8d

SHA512
57f95de887562b769a6e508183b5a62fd37fd5c7a1b2a0073c8ed1a431beb8f22d5255e03cc9b36e5fc135e26bb6d9fec63c224e2875696f9c22f6e38ca97bb4

Download Submit
C:\Windows\system\OsGXBkD.exe

Filesize
6.0MB

MD5
be45ed2d6f0de00ae5c857846cc5d1bb

SHA1
9082e641e187d38841fff243d47b2b9e5b870a50

SHA256
17a67aefb3b73ceb8c41c25d9d2a268e4da2a8d2cedebb1f6e4ca77e73952611

SHA512
447898869d05ad8e08b744b7f5e550dc5cfe2541cc8a84a1201e6c029afb70188d142385c5e346b161161eebbdc6ebc26b264eb78631acfb00acf962cf3f7345

Download Submit
C:\Windows\system\QPHbEWE.exe

Filesize
6.0MB

MD5
ddcecd72ecdba21e9e318e77b439fc0c

SHA1
c4f36a1108b5146c8024651fcbd80ffba787f72b

SHA256
60e8ff9de72ec0017579531b14b7447b8f601a7609504960294bd3db96dbe1bf

SHA512
6d7a273d372d6317e38dfe1177032748ddf18b8bcc37280176604083efbbed661b5a33e9d50dfc8ea37e179593111e3e24f99135c12d5d9d54123fb9ee92d95c

Download Submit
C:\Windows\system\QVxUArL.exe

Filesize
6.0MB

MD5
6c77f08f1c960335ef8e41be314f2df9

SHA1
8920700550f5639094ef1886c1203850324bada8

SHA256
4a69d664756f514c35ed4741ddf0d5b7f4a6cdbe71ea7fcae9c6477363444a8a

SHA512
50efcf319f9eac012a57c6c13ee489f9a7952f33f4cda496f6b54f781b3f429f48c45d49b3df4c12873054fc47a3468a426db7739d280372407a5573aa17cbaf

Download Submit
C:\Windows\system\QwfFZQd.exe

Filesize
6.0MB

MD5
2bbd4cf294001167429eccf0a3f1c44a

SHA1
1882b6c9b56669439eea91489c04cfc66d542d1e

SHA256
34e2f1925eca8167c7c4af8b3abc82d22fdd4841736c5ceed220c0b0833e6a82

SHA512
34071800b4cdeeef46f5242c385b951b60bf99bc4480cf268d041d0857ec7d25c26eaa502bee3521a6a3ab562cfa6b3f6b9ef2eaa81e056ddf7759f21d117952

Download Submit
C:\Windows\system\VdocYTk.exe

Filesize
6.0MB

MD5
022374183a25bc545e058e41cc51933e

SHA1
0337dd8819a713b1e71d43c15aafe34656070d12

SHA256
3b50c15c67d3f43bb4923f91f2562bc195f589eb988e0a9b0edbc82f8500d7b5

SHA512
1628fb567031b5f4056654ad32bc13d41c4d39de62db314a96256b40f115e353fd86998fb6bdeb533dc4d0f7f02364ef49ca6962aa8a93cb230ba96ba9e64c0c

Download Submit
C:\Windows\system\ctosqsS.exe

Filesize
6.0MB

MD5
ca5f7dc78927d4549761f58af36523d0

SHA1
af3ab2ec82b6d89df62fa493b18a08e899a3b57d

SHA256
d0fa50c6daa466c6bc9f789b1848214d60cba40ead173463b49eab4b7e3163c8

SHA512
49a8aa3cd10a712add76a34170a7139f589cf00a362e0c65011eacfcd37bc26b4f9ba391cbc5e6c5d3c9100ec1bd8d100e8c02c60f16a855dad8821234122b4b

Download Submit
C:\Windows\system\erHnOlg.exe

Filesize
6.0MB

MD5
6b3c69dc4e931a4c001f8a6f8012975f

SHA1
3ad6265119d687055d74f8006a33d01079b9870e

SHA256
a0724e8611358fb1871d126fbb9e35d51f0d6a4a1eb79fef1606d93ecb208156

SHA512
57b57a585dca03a318158c53271c44042a8b7ff8eeb66f70e0816d6a50ea508353be4760efb3954e79d3bfdb743846f612a02c1251545c1eb0f96cd1e6d97486

Download Submit
C:\Windows\system\gNPwYCP.exe

Filesize
6.0MB

MD5
989b6183d5f52a52910d9425455f268f

SHA1
71ba1fcdc894eb020d622cf2af8cb809d6ee0293

SHA256
27d5c4824e1fdba571e852d6374d531d5c9dfaba20f1c4125dbe91a19b62b156

SHA512
dbcfe83c4fdf126ef30b7bd034f394010c1b7c184fe1db517022c5924a357cd2d7fafb4ddb60a56098277bd662db3729b3c122a9e437dfee336d515608dcffe6

Download Submit
C:\Windows\system\ijdNFue.exe

Filesize
6.0MB

MD5
4f62ac3ca4938a9ffd0a7d70a55e3361

SHA1
0f6974c24054c500b7641d59b245e80890d19d82

SHA256
c1bee48fd0f6a06b0755978474cf3a036f017867ac1dac3af0da1d20f7b128dd

SHA512
ac4abc75ca44ba7a41b017468e2cde82d277992b017c11b6e62dfd5e6f10b4543e6381011a5634fc6dda4efcb93046889becf2d461ed9e422e126f0b1ed15112

Download Submit
C:\Windows\system\lHfzVOd.exe

Filesize
6.0MB

MD5
9bf12ba4b02d40a5f00e5088f56283a5

SHA1
e24d77ef72f620a6060d28f6ed5b682940cbf1e8

SHA256
5dba8fcfdb507ed77d6009dbfa78ad187c83f2191bb437a14db1ed5d7691f55c

SHA512
a04537c4ae7d237f16150e27fc18521dd1c729fad581768b3e582b1e4c3fddae62157f0cb064d95371915e616b8f1bc41e8465d3cc4ad676f97dd3a8d29cc8b8

Download Submit
C:\Windows\system\lrQVdji.exe

Filesize
6.0MB

MD5
0bff04a3e05e7ff56d51f16eb14c1fbf

SHA1
2141a07e5287337c34b29bdc019da8cfa15dee11

SHA256
99046fcd6025917ebdcab2953c09f993ea97ef74bcdc8ef317f0365740de879b

SHA512
de10272dbc9fefa3332eee4a2ee72bfdd2503897202acc76ccd5d930373acb64748b9784a45549ff3b52ea605ab5ad13597dad93054dfa2a7f6aa7710ef41203

Download Submit
C:\Windows\system\mgjsDJC.exe

Filesize
6.0MB

MD5
251302958217f5f4eb3a7566a46f5e6d

SHA1
fa94bff8413dd82fc8dd9124bd4ca2119845b778

SHA256
972f9b1b02c569692ad948037396e050485d62673323e16bd0e2bcf2c6a449be

SHA512
8400774b2bce410ca9351c249612b6f733f004455d22cb0fce4550d3f03f10811b3f84a7c4968680586ac384b10a52fb84be1165aba39a2de1f813c505333d98

Download Submit
C:\Windows\system\nJgaRSx.exe

Filesize
6.0MB

MD5
4da3dc9f642aa87bdf5a0aef3e9069ee

SHA1
47747881970ef8c6ed74795d9191df5613c55b7d

SHA256
a3d4fec60b92a4db8f59ccda1666c8a80725e0f92c155a23896b519176b5d5be

SHA512
c76d5d0ff090d42ab40e57823c0501548f73db829bfaa13b8ebdfe5f24b0d20985b1ce68bf3f577b1df43762978731df800354fec0636cb68b83e89e2296a19d

Download Submit
C:\Windows\system\nlZukRY.exe

Filesize
6.0MB

MD5
94689abdf65641df520e816fabc78f73

SHA1
45af6121d9c75868197086f5d1cd837da1df79cb

SHA256
1b23d203aeec7e69c952d9e34ff3b35d8ce8216f9a97c68391e1a0c5a9158e13

SHA512
e44ee2081cca67009a4337f54a7b839ab3e94b1ced6e10b5e273e7130b9726b2a4f768a3bd37e94d1cd5ffb989cbd6366c1ce60c7c40dba1e9e742fc070e2b41

Download Submit
C:\Windows\system\rIAyULt.exe

Filesize
6.0MB

MD5
5d150ac125cabcfdd14c6dcec3b5f099

SHA1
4d0546e6f8f34195feb96f4eade234985ccbaaaf

SHA256
8e707015ad56024679d1659ab12c10307752434397b70b23b92f49df0e015b91

SHA512
b6c2e15321198915854e034e04b895dc852acf076a858efdcbf0aa5479bf35a577aaea854995cfc755c9de15f3277289068eb551cc3b514e09296aec92ed3372

Download Submit
C:\Windows\system\rLnptcN.exe

Filesize
6.0MB

MD5
1f2482cdbe9d7a28d98e9267eef6d833

SHA1
b13e83a845260f7a55d3d8a6f068363b31056c5c

SHA256
0ba5c12d15465d47eb5aa2b6f0b20249962be37a6aff30400130e15a16e35285

SHA512
86c86b25f4c7f44a99918eac11aeb19f6477dd824dcaa40a915e2b9ab7ec9648ef3d9c743f61b6aeb6eb90c7d507408771ae98e71b0ae199c365c840c279cacf

Download Submit
C:\Windows\system\tnMVGaK.exe

Filesize
6.0MB

MD5
920e4b6b7dd07393883d07150bb50358

SHA1
13e084364f165b30c1230c722c599539f44cc0ae

SHA256
84a7333d31dd7435d3405d220a2975ecca71f2792350aa7ae407297f506be85f

SHA512
23eecb3a3dda484befd07382a6d0ea3bdaf49c43bc0eab5a37f5c7abca0fd88ea846ec94262eb4a52e98d7d47e447602931684d1696e2e72285dedd333a2a60c

Download Submit
C:\Windows\system\xYAHCeF.exe

Filesize
6.0MB

MD5
bac8b4d8751d172bcb57ec50b81ef9d4

SHA1
8860d953e1fc6a32b08de61fa09724f7f9e642f6

SHA256
553df0aecdba67593e158452547698354007afa42647983ccbbc1c0121946f76

SHA512
803039ced32f5db6c172997684dd838879ae7507cb39229c2a688c13e085ad346b5b1c365abcaae9d61750a94a0d007982226baedb641320efd536b646b403fd

Download Submit
C:\Windows\system\zgiqooi.exe

Filesize
6.0MB

MD5
89c2111c92c5e5098433672545aa649e

SHA1
a88c9cf19d04c2c4093c821a4d984278068b3863

SHA256
f6b3af48351832922b0d139ccbe5aad6eff086922daaae72532d878a633ef428

SHA512
4e4eeda5756a26c8770cf4359d67c4fef49b6c81f338ddb7da9a5a342b6c90cf4282e422027cf05c4a35e3ba98e499a90ee74ef6abd05698da693f814e6432a8

Download Submit
\Windows\system\VLyVLWz.exe

Filesize
6.0MB

MD5
f1f85b703a44017c01ed8aeb67f72704

SHA1
f6301453a8b5b103743fff02ff929f29301664de

SHA256
5e35c09511444e0420f775db26c516f7123ea2719bd5ed13db7c1210ec7a8f66

SHA512
c95c704141a5967adaa4242d95892dfe7e5847cd317c3738cf9cdb91b8629327c82e465293e9cce3c9cdb4027562e882792b1d9e6d3ea58ee8f0a5bb252954a9

Download Submit
\Windows\system\WbYiwVP.exe

Filesize
6.0MB

MD5
f636b20c066540ca7e4fc1d5deb8490d

SHA1
a285441a643e98dbce3a24b6a7bae3071d3ae3d9

SHA256
77a813e3f08c687faf41a5110cbeeee7d74cf4d504d16802d48df9e9040e89b5

SHA512
c04d506d22301006dad0dc18174e8ee67531a53b3337bac5d9adb3a4a310c4a0f377a6442534035b902275de9b6228c08e0c76d21332a18eff2c488da129f099

Download Submit
\Windows\system\hCgLMJB.exe

Filesize
6.0MB

MD5
ab918391cb8a2414edf59763e6fba7ba

SHA1
54246593b87927f5534977749523090a76882961

SHA256
a29cee447b7b4910f7fab9deea420ac7f49c5a30eb0b7df19cacad8f3557b09d

SHA512
7d3807a9ac2ea3e3f6b9a004b69e782e7d42035bac16989d8be38e221ad25a56ca9fcc355a3b1fa3cdffbf28fc973c5b33dc7e11d43d6f16001b87595eb41f01

Download Submit
\Windows\system\kUWaVeW.exe

Filesize
6.0MB

MD5
2e205b927f0ebf2dcfb7f2c04b90c51b

SHA1
f967b04cd3491d262b971a959c462ca8db561815

SHA256
fae8ed7438bcf8d26226c6ac1286191eda821623f9222e3b8a18e03dbf7aae22

SHA512
7a7fc070a78ca48685855a0a2cdb035c98e9ae06e3241ff3c7a2f54025c22b956cd178ba16749ddc172e5492ebfd17ce9a981c8f2c9ab67d5d3f0ade3d2303da

Download Submit
\Windows\system\qfeLsYg.exe

Filesize
6.0MB

MD5
ddf835c2b25d9d7f23cd5eb2a91571cc

SHA1
4d7e12514dd3c99ccad7250fad75e0110de76d3a

SHA256
95b0ab7fd805d793ba075545dac8a0b9a1dbb493c8b7c2054940677d1d93bb63

SHA512
94930fd5db73e14925df3d2985be5c3be1af70cb6a779faf37f2e6cfbcbd50b6b51ed8521984b4489917380bd43d390f8633f935f4e99015b4691d9570adc0ce

Download Submit
\Windows\system\sKbwosR.exe

Filesize
6.0MB

MD5
477be85d02abf9db05f9a34b1419382b

SHA1
76c50766e0e9459507e5ecf4ff85eb7a305cfa02

SHA256
eed253242dfb8f1960d4e09502ae0cd807ae729e76c834d88f9c2a6db9ddff73

SHA512
ce4147ce8749309a1f232ca4055c48411c8e09056dddea56dc00846cd2b854d864d2f00b47d93008b446068d4bf39343a177a16d50dca6d3715e4f3d929db3b6

Download Submit
\Windows\system\vrFygVv.exe

Filesize
6.0MB

MD5
a6906bbb259d8a4a729c4f01aa860af3

SHA1
f050d7ff78c1b8662afb761d12e344209f0c23d4

SHA256
8c46a07a155afde240af3b329c0eca6468d22f3229fb96c08a516edc6a2862c5

SHA512
8d45f7cdd30ea9d1bed229d93d1c4f2fea609696c6d74134625176cf453a9d0e8628917163b8ea4e777e323d97efd4304394e3403b5a5a26074aaa12772d5b3c

Download Submit
memory/568-64-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/568-3711-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/1448-101-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1448-3719-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1448-1083-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1852-356-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-3709-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-79-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-3723-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-57-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-96-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-3717-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2124-24-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2372-3720-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2372-85-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2372-548-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2436-95-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2436-3714-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2528-33-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2528-3693-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2528-73-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2544-86-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-3699-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-49-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-3707-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2556-31-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3715-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2576-43-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3716-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2808-42-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2816-56-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-71-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2816-37-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2816-36-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2816-35-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2816-547-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2816-355-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2816-58-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2816-19-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2816-17-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2816-70-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2816-48-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2816-773-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2816-78-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2816-1082-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2816-84-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2816-94-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2816-0-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2816-100-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3718-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2884-72-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2908-3708-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2908-34-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download