cobaltstrike | 6d722c643222250e2cdd4058eae4e5861a2580440d8cf83742f4af260c3ea0d7

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

08608d550a8093635899cf98df025bf5
SHA1

91c2e36eaf6b823558b3bfcc0cccbb3ee299102d
SHA256

6d722c643222250e2cdd4058eae4e5861a2580440d8cf83742f4af260c3ea0d7
SHA512

74a5250e5c6eb9930887157773c4780feb27f1e877fa565e8e5a512d4ec80b0f2be4c956f1e0107de3d30d8da9c1e3488536945757f06d7aeb6ff5c8df6f4fa2
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUX:T+q56utgpPF8u/7X

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120f9-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016141-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000162e4-26.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000160da-19.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016890-58.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017570-67.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016b86-47.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707f-53.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f38-57.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-98.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174f8-97.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016689-78.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174b4-74.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c89-73.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016399-33.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-107.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-135.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-173.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-162.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-157.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-152.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-130.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2532-1-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x00080000000120f9-6.dat	xmrig
behavioral1/files/0x0008000000016141-11.dat	xmrig
behavioral1/files/0x00070000000162e4-26.dat	xmrig
behavioral1/memory/2476-27-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/3044-25-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2356-20-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/files/0x00080000000160da-19.dat	xmrig
behavioral1/memory/2532-17-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/1192-16-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x0007000000016890-58.dat	xmrig
behavioral1/files/0x0006000000017570-67.dat	xmrig
behavioral1/files/0x0008000000016b86-47.dat	xmrig
behavioral1/files/0x000600000001707f-53.dat	xmrig
behavioral1/memory/2736-39-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015f38-57.dat	xmrig
behavioral1/files/0x00060000000175f1-98.dat	xmrig
behavioral1/files/0x00060000000174f8-97.dat	xmrig
behavioral1/memory/1772-95-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2712-94-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2532-93-0x00000000023F0000-0x0000000002744000-memory.dmp	xmrig
behavioral1/memory/2532-92-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/3032-88-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2660-87-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2820-86-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2532-84-0x00000000023F0000-0x0000000002744000-memory.dmp	xmrig
behavioral1/memory/2920-83-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2456-82-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016689-78.dat	xmrig
behavioral1/files/0x00060000000174b4-74.dat	xmrig
behavioral1/files/0x0008000000016c89-73.dat	xmrig
behavioral1/memory/2532-64-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2532-46-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x0008000000016399-33.dat	xmrig
behavioral1/files/0x00060000000175f7-107.dat	xmrig
behavioral1/memory/2648-106-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2592-103-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x000d000000018683-110.dat	xmrig
behavioral1/files/0x0005000000018697-116.dat	xmrig
behavioral1/files/0x0005000000018706-119.dat	xmrig
behavioral1/files/0x000500000001870c-125.dat	xmrig
behavioral1/files/0x0005000000018745-135.dat	xmrig
behavioral1/memory/2356-138-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/files/0x0006000000018be7-148.dat	xmrig
behavioral1/files/0x0005000000019203-168.dat	xmrig
behavioral1/files/0x0005000000019261-183.dat	xmrig
behavioral1/memory/2736-729-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2476-412-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019274-188.dat	xmrig
behavioral1/files/0x000500000001924f-178.dat	xmrig
behavioral1/files/0x0005000000019237-173.dat	xmrig
behavioral1/files/0x0006000000019056-162.dat	xmrig
behavioral1/files/0x0006000000018fdf-157.dat	xmrig
behavioral1/files/0x0006000000018d83-152.dat	xmrig
behavioral1/memory/3044-143-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x0006000000018d7b-147.dat	xmrig
behavioral1/files/0x000500000001871c-130.dat	xmrig
behavioral1/memory/2592-1124-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/1192-3502-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/3044-3506-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2356-3507-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2476-3607-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2736-3686-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2920-3688-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1192	WajoURg.exe
2356	fogBebC.exe
3044	wZDAVVB.exe
2476	MsFgByw.exe
2736	LyIdiiy.exe
2456	MwASyTP.exe
2920	qOQRxLR.exe
2820	xUYqTrD.exe
2660	TjiLcBf.exe
3032	FfwIDKT.exe
2712	WJAtdLO.exe
1772	mmGVsTf.exe
2592	TPXRECo.exe
2648	hfqpmpK.exe
2644	OzGjxBp.exe
2076	fqRGPTW.exe
1248	Nriscxo.exe
1996	pIHzniT.exe
1692	RbqPzYs.exe
2916	ekITJYT.exe
2144	pMmxUWE.exe
1432	XvVgZCl.exe
2256	MbgItKT.exe
1752	bmGplIp.exe
476	BnEiIjd.exe
868	KgeoSyH.exe
2924	GWXRapH.exe
2964	TKsTdkq.exe
2316	uCXfyWo.exe
448	uMnjcej.exe
2120	LSPbVjQ.exe
1948	OMGqfWl.exe
1580	QqzgCdA.exe
1736	UHbBKrI.exe
2956	TNwlhWD.exe
1372	vlgesFA.exe
1760	wylfnUG.exe
1808	jkKSJXq.exe
896	DVKUixh.exe
940	TuAvWWC.exe
2296	ISKlBfu.exe
2156	VXfnmhv.exe
1796	PUGxKiP.exe
2096	ANdcvls.exe
556	enhEhIs.exe
2508	arGknKW.exe
1056	Jyccgpu.exe
1052	dAfESuE.exe
1728	QTkabVq.exe
872	nfdntmZ.exe
2876	zZzVmGw.exe
2020	LvwFmYG.exe
1568	xAMlHMY.exe
2524	jUUPOey.exe
2688	YMnzbPy.exe
2744	vQzRLUg.exe
1708	gfJXLSI.exe
2788	RCYvyOl.exe
2332	XOpsKHw.exe
2600	vwMlFnr.exe
2764	lyJNmRL.exe
2852	SCZtNjs.exe
2472	SlOTCwg.exe
2940	nqwDJDZ.exe

Loads dropped DLL 64 IoCs

pid	Process
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2532-1-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x00080000000120f9-6.dat	upx
behavioral1/files/0x0008000000016141-11.dat	upx
behavioral1/files/0x00070000000162e4-26.dat	upx
behavioral1/memory/2476-27-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/3044-25-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2356-20-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/files/0x00080000000160da-19.dat	upx
behavioral1/memory/1192-16-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x0007000000016890-58.dat	upx
behavioral1/files/0x0006000000017570-67.dat	upx
behavioral1/files/0x0008000000016b86-47.dat	upx
behavioral1/files/0x000600000001707f-53.dat	upx
behavioral1/memory/2736-39-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x0008000000015f38-57.dat	upx
behavioral1/files/0x00060000000175f1-98.dat	upx
behavioral1/files/0x00060000000174f8-97.dat	upx
behavioral1/memory/1772-95-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2712-94-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/3032-88-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2660-87-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2820-86-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2920-83-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2456-82-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x0007000000016689-78.dat	upx
behavioral1/files/0x00060000000174b4-74.dat	upx
behavioral1/files/0x0008000000016c89-73.dat	upx
behavioral1/memory/2532-46-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x0008000000016399-33.dat	upx
behavioral1/files/0x00060000000175f7-107.dat	upx
behavioral1/memory/2648-106-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2592-103-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x000d000000018683-110.dat	upx
behavioral1/files/0x0005000000018697-116.dat	upx
behavioral1/files/0x0005000000018706-119.dat	upx
behavioral1/files/0x000500000001870c-125.dat	upx
behavioral1/files/0x0005000000018745-135.dat	upx
behavioral1/memory/2356-138-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/files/0x0006000000018be7-148.dat	upx
behavioral1/files/0x0005000000019203-168.dat	upx
behavioral1/files/0x0005000000019261-183.dat	upx
behavioral1/memory/2736-729-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2476-412-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/files/0x0005000000019274-188.dat	upx
behavioral1/files/0x000500000001924f-178.dat	upx
behavioral1/files/0x0005000000019237-173.dat	upx
behavioral1/files/0x0006000000019056-162.dat	upx
behavioral1/files/0x0006000000018fdf-157.dat	upx
behavioral1/files/0x0006000000018d83-152.dat	upx
behavioral1/memory/3044-143-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x0006000000018d7b-147.dat	upx
behavioral1/files/0x000500000001871c-130.dat	upx
behavioral1/memory/2592-1124-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/1192-3502-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/3044-3506-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2356-3507-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2476-3607-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2736-3686-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2920-3688-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2456-3687-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2660-3691-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2820-3693-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/1772-3696-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/3032-3698-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ggWcqyD.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lsRbcDR.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvVpcus.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IyHvYDe.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZcvqyAR.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\obScEAL.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPZXZkq.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZllGwl.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nOvENZJ.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dufxkDC.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FJoIWWY.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pOJHeSj.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INyodAR.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IiqRIdY.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jvNONTr.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XWWwnaH.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pndsWAZ.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XzNrtvk.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hKnbbWj.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JhNoymw.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XrcKWNY.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MQAXZif.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RzfWBxs.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rRJvFkj.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MXfAjtc.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RviwxQi.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RVcysfT.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXDVCzh.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ndFQLRl.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BnsdTSp.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gPgdBIz.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jJZXdzk.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EwlITzt.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jkKSJXq.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MgWYkxq.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gTGwmVp.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PaOWDKo.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SubdQVs.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iPJdZxR.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lJhXESC.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uLsvsPm.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uJMLemt.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SIzRAUy.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IyBnplr.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kuWzWSb.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LcBCnKz.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FfjcQNb.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NTVaBcN.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rcTKXod.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JsXWfNH.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uBhIBuj.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tXtKMor.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IhSPRZT.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lPaiZwz.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EwfMMwg.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mRwwQIV.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rioEyto.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zNqNJaq.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XuSqRMb.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SDGtSXo.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ajhQAjv.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wYWFdfi.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nqwDJDZ.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OPdXkOn.exe	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 1192	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2532 wrote to memory of 1192	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2532 wrote to memory of 1192	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2532 wrote to memory of 2356	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2532 wrote to memory of 2356	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2532 wrote to memory of 2356	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2532 wrote to memory of 3044	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2532 wrote to memory of 3044	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2532 wrote to memory of 3044	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2532 wrote to memory of 2476	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2532 wrote to memory of 2476	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2532 wrote to memory of 2476	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2532 wrote to memory of 2736	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2532 wrote to memory of 2736	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2532 wrote to memory of 2736	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2532 wrote to memory of 2456	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2532 wrote to memory of 2456	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2532 wrote to memory of 2456	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2532 wrote to memory of 2712	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2532 wrote to memory of 2712	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2532 wrote to memory of 2712	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2532 wrote to memory of 2920	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2532 wrote to memory of 2920	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2532 wrote to memory of 2920	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2532 wrote to memory of 1772	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2532 wrote to memory of 1772	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2532 wrote to memory of 1772	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2532 wrote to memory of 2820	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2532 wrote to memory of 2820	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2532 wrote to memory of 2820	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2532 wrote to memory of 2592	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2532 wrote to memory of 2592	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2532 wrote to memory of 2592	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2532 wrote to memory of 2660	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2532 wrote to memory of 2660	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2532 wrote to memory of 2660	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2532 wrote to memory of 2648	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2532 wrote to memory of 2648	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2532 wrote to memory of 2648	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2532 wrote to memory of 3032	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2532 wrote to memory of 3032	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2532 wrote to memory of 3032	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2532 wrote to memory of 2644	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2532 wrote to memory of 2644	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2532 wrote to memory of 2644	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2532 wrote to memory of 2076	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2532 wrote to memory of 2076	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2532 wrote to memory of 2076	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2532 wrote to memory of 1248	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2532 wrote to memory of 1248	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2532 wrote to memory of 1248	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2532 wrote to memory of 1996	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2532 wrote to memory of 1996	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2532 wrote to memory of 1996	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2532 wrote to memory of 1692	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2532 wrote to memory of 1692	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2532 wrote to memory of 1692	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2532 wrote to memory of 2916	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2532 wrote to memory of 2916	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2532 wrote to memory of 2916	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2532 wrote to memory of 2144	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2532 wrote to memory of 2144	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2532 wrote to memory of 2144	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2532 wrote to memory of 1432	2532	2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_08608d550a8093635899cf98df025bf5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\System\WajoURg.exe
  C:\Windows\System\WajoURg.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\fogBebC.exe
  C:\Windows\System\fogBebC.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\wZDAVVB.exe
  C:\Windows\System\wZDAVVB.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\MsFgByw.exe
  C:\Windows\System\MsFgByw.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\LyIdiiy.exe
  C:\Windows\System\LyIdiiy.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\MwASyTP.exe
  C:\Windows\System\MwASyTP.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\WJAtdLO.exe
  C:\Windows\System\WJAtdLO.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\qOQRxLR.exe
  C:\Windows\System\qOQRxLR.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\mmGVsTf.exe
  C:\Windows\System\mmGVsTf.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\xUYqTrD.exe
  C:\Windows\System\xUYqTrD.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\TPXRECo.exe
  C:\Windows\System\TPXRECo.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\TjiLcBf.exe
  C:\Windows\System\TjiLcBf.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\hfqpmpK.exe
  C:\Windows\System\hfqpmpK.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\FfwIDKT.exe
  C:\Windows\System\FfwIDKT.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\OzGjxBp.exe
  C:\Windows\System\OzGjxBp.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\fqRGPTW.exe
  C:\Windows\System\fqRGPTW.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\Nriscxo.exe
  C:\Windows\System\Nriscxo.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\pIHzniT.exe
  C:\Windows\System\pIHzniT.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\RbqPzYs.exe
  C:\Windows\System\RbqPzYs.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\ekITJYT.exe
  C:\Windows\System\ekITJYT.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\pMmxUWE.exe
  C:\Windows\System\pMmxUWE.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\XvVgZCl.exe
  C:\Windows\System\XvVgZCl.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\bmGplIp.exe
  C:\Windows\System\bmGplIp.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\MbgItKT.exe
  C:\Windows\System\MbgItKT.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\BnEiIjd.exe
  C:\Windows\System\BnEiIjd.exe
  2⤵
  - Executes dropped EXE
  PID:476
- C:\Windows\System\KgeoSyH.exe
  C:\Windows\System\KgeoSyH.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\GWXRapH.exe
  C:\Windows\System\GWXRapH.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\TKsTdkq.exe
  C:\Windows\System\TKsTdkq.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\uCXfyWo.exe
  C:\Windows\System\uCXfyWo.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\uMnjcej.exe
  C:\Windows\System\uMnjcej.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\LSPbVjQ.exe
  C:\Windows\System\LSPbVjQ.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\OMGqfWl.exe
  C:\Windows\System\OMGqfWl.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\QqzgCdA.exe
  C:\Windows\System\QqzgCdA.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\UHbBKrI.exe
  C:\Windows\System\UHbBKrI.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\TNwlhWD.exe
  C:\Windows\System\TNwlhWD.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\vlgesFA.exe
  C:\Windows\System\vlgesFA.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\wylfnUG.exe
  C:\Windows\System\wylfnUG.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\jkKSJXq.exe
  C:\Windows\System\jkKSJXq.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\DVKUixh.exe
  C:\Windows\System\DVKUixh.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\TuAvWWC.exe
  C:\Windows\System\TuAvWWC.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\ISKlBfu.exe
  C:\Windows\System\ISKlBfu.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\VXfnmhv.exe
  C:\Windows\System\VXfnmhv.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\PUGxKiP.exe
  C:\Windows\System\PUGxKiP.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\ANdcvls.exe
  C:\Windows\System\ANdcvls.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\enhEhIs.exe
  C:\Windows\System\enhEhIs.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\arGknKW.exe
  C:\Windows\System\arGknKW.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\Jyccgpu.exe
  C:\Windows\System\Jyccgpu.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\dAfESuE.exe
  C:\Windows\System\dAfESuE.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\QTkabVq.exe
  C:\Windows\System\QTkabVq.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\nfdntmZ.exe
  C:\Windows\System\nfdntmZ.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\zZzVmGw.exe
  C:\Windows\System\zZzVmGw.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\LvwFmYG.exe
  C:\Windows\System\LvwFmYG.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\xAMlHMY.exe
  C:\Windows\System\xAMlHMY.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\jUUPOey.exe
  C:\Windows\System\jUUPOey.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\YMnzbPy.exe
  C:\Windows\System\YMnzbPy.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\vQzRLUg.exe
  C:\Windows\System\vQzRLUg.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\gfJXLSI.exe
  C:\Windows\System\gfJXLSI.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\RCYvyOl.exe
  C:\Windows\System\RCYvyOl.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\XOpsKHw.exe
  C:\Windows\System\XOpsKHw.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\vwMlFnr.exe
  C:\Windows\System\vwMlFnr.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\lyJNmRL.exe
  C:\Windows\System\lyJNmRL.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\SCZtNjs.exe
  C:\Windows\System\SCZtNjs.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\SlOTCwg.exe
  C:\Windows\System\SlOTCwg.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\nqwDJDZ.exe
  C:\Windows\System\nqwDJDZ.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\MpyhrKm.exe
  C:\Windows\System\MpyhrKm.exe
  2⤵
  PID:2604
- C:\Windows\System\wYUVKUB.exe
  C:\Windows\System\wYUVKUB.exe
  2⤵
  PID:2584
- C:\Windows\System\iDcOqzV.exe
  C:\Windows\System\iDcOqzV.exe
  2⤵
  PID:1636
- C:\Windows\System\wBgyXmb.exe
  C:\Windows\System\wBgyXmb.exe
  2⤵
  PID:2632
- C:\Windows\System\UsRfOBl.exe
  C:\Windows\System\UsRfOBl.exe
  2⤵
  PID:2740
- C:\Windows\System\FfjcQNb.exe
  C:\Windows\System\FfjcQNb.exe
  2⤵
  PID:988
- C:\Windows\System\yMJUKAu.exe
  C:\Windows\System\yMJUKAu.exe
  2⤵
  PID:1244
- C:\Windows\System\iCQPAHD.exe
  C:\Windows\System\iCQPAHD.exe
  2⤵
  PID:1648
- C:\Windows\System\RuYPbpu.exe
  C:\Windows\System\RuYPbpu.exe
  2⤵
  PID:1236
- C:\Windows\System\LhNpVMA.exe
  C:\Windows\System\LhNpVMA.exe
  2⤵
  PID:2024
- C:\Windows\System\ABmMHIQ.exe
  C:\Windows\System\ABmMHIQ.exe
  2⤵
  PID:2664
- C:\Windows\System\ItRiYiH.exe
  C:\Windows\System\ItRiYiH.exe
  2⤵
  PID:2424
- C:\Windows\System\jMgAfDx.exe
  C:\Windows\System\jMgAfDx.exe
  2⤵
  PID:1280
- C:\Windows\System\ercWJgG.exe
  C:\Windows\System\ercWJgG.exe
  2⤵
  PID:1156
- C:\Windows\System\kVChtxT.exe
  C:\Windows\System\kVChtxT.exe
  2⤵
  PID:1428
- C:\Windows\System\rpdoGVT.exe
  C:\Windows\System\rpdoGVT.exe
  2⤵
  PID:2052
- C:\Windows\System\LhJXPVq.exe
  C:\Windows\System\LhJXPVq.exe
  2⤵
  PID:568
- C:\Windows\System\WCDBxMp.exe
  C:\Windows\System\WCDBxMp.exe
  2⤵
  PID:768
- C:\Windows\System\Oexsbii.exe
  C:\Windows\System\Oexsbii.exe
  2⤵
  PID:888
- C:\Windows\System\wfRCosX.exe
  C:\Windows\System\wfRCosX.exe
  2⤵
  PID:2252
- C:\Windows\System\OPdXkOn.exe
  C:\Windows\System\OPdXkOn.exe
  2⤵
  PID:1380
- C:\Windows\System\wrPxszI.exe
  C:\Windows\System\wrPxszI.exe
  2⤵
  PID:844
- C:\Windows\System\UeDkwpm.exe
  C:\Windows\System\UeDkwpm.exe
  2⤵
  PID:2108
- C:\Windows\System\sbcHorB.exe
  C:\Windows\System\sbcHorB.exe
  2⤵
  PID:2376
- C:\Windows\System\hZfEZtV.exe
  C:\Windows\System\hZfEZtV.exe
  2⤵
  PID:688
- C:\Windows\System\OYDBKqe.exe
  C:\Windows\System\OYDBKqe.exe
  2⤵
  PID:2460
- C:\Windows\System\cNTzHih.exe
  C:\Windows\System\cNTzHih.exe
  2⤵
  PID:2384
- C:\Windows\System\aqjGqZf.exe
  C:\Windows\System\aqjGqZf.exe
  2⤵
  PID:2512
- C:\Windows\System\teUaJGf.exe
  C:\Windows\System\teUaJGf.exe
  2⤵
  PID:2492
- C:\Windows\System\weQZkgb.exe
  C:\Windows\System\weQZkgb.exe
  2⤵
  PID:344
- C:\Windows\System\lsTUauD.exe
  C:\Windows\System\lsTUauD.exe
  2⤵
  PID:2400
- C:\Windows\System\GRRkaYk.exe
  C:\Windows\System\GRRkaYk.exe
  2⤵
  PID:2996
- C:\Windows\System\kXDcfaL.exe
  C:\Windows\System\kXDcfaL.exe
  2⤵
  PID:1292
- C:\Windows\System\gOMaDxV.exe
  C:\Windows\System\gOMaDxV.exe
  2⤵
  PID:2188
- C:\Windows\System\YOXjeJi.exe
  C:\Windows\System\YOXjeJi.exe
  2⤵
  PID:2724
- C:\Windows\System\EwfMMwg.exe
  C:\Windows\System\EwfMMwg.exe
  2⤵
  PID:2704
- C:\Windows\System\KSmDxKu.exe
  C:\Windows\System\KSmDxKu.exe
  2⤵
  PID:3020
- C:\Windows\System\iOmIyVX.exe
  C:\Windows\System\iOmIyVX.exe
  2⤵
  PID:2616
- C:\Windows\System\yUhscnB.exe
  C:\Windows\System\yUhscnB.exe
  2⤵
  PID:2840
- C:\Windows\System\qiCBcuq.exe
  C:\Windows\System\qiCBcuq.exe
  2⤵
  PID:2760
- C:\Windows\System\mbmkSrx.exe
  C:\Windows\System\mbmkSrx.exe
  2⤵
  PID:2696
- C:\Windows\System\BtGAaRR.exe
  C:\Windows\System\BtGAaRR.exe
  2⤵
  PID:2224
- C:\Windows\System\cEYnbWY.exe
  C:\Windows\System\cEYnbWY.exe
  2⤵
  PID:1848
- C:\Windows\System\aMWMUTM.exe
  C:\Windows\System\aMWMUTM.exe
  2⤵
  PID:2124
- C:\Windows\System\zIBDifp.exe
  C:\Windows\System\zIBDifp.exe
  2⤵
  PID:2716
- C:\Windows\System\rAZLSZd.exe
  C:\Windows\System\rAZLSZd.exe
  2⤵
  PID:2720
- C:\Windows\System\JSFdzde.exe
  C:\Windows\System\JSFdzde.exe
  2⤵
  PID:1644
- C:\Windows\System\eEzJDux.exe
  C:\Windows\System\eEzJDux.exe
  2⤵
  PID:1160
- C:\Windows\System\ENLpRtq.exe
  C:\Windows\System\ENLpRtq.exe
  2⤵
  PID:2220
- C:\Windows\System\vVWQXUS.exe
  C:\Windows\System\vVWQXUS.exe
  2⤵
  PID:1608
- C:\Windows\System\ebvCtsZ.exe
  C:\Windows\System\ebvCtsZ.exe
  2⤵
  PID:2328
- C:\Windows\System\KYxvoYg.exe
  C:\Windows\System\KYxvoYg.exe
  2⤵
  PID:1812
- C:\Windows\System\KdCaReD.exe
  C:\Windows\System\KdCaReD.exe
  2⤵
  PID:1628
- C:\Windows\System\SDefXLz.exe
  C:\Windows\System\SDefXLz.exe
  2⤵
  PID:1576
- C:\Windows\System\sQmDmtm.exe
  C:\Windows\System\sQmDmtm.exe
  2⤵
  PID:2268
- C:\Windows\System\ODQNaqZ.exe
  C:\Windows\System\ODQNaqZ.exe
  2⤵
  PID:2036
- C:\Windows\System\YRqSFWz.exe
  C:\Windows\System\YRqSFWz.exe
  2⤵
  PID:1700
- C:\Windows\System\xQIeABU.exe
  C:\Windows\System\xQIeABU.exe
  2⤵
  PID:1820
- C:\Windows\System\eGYXhKq.exe
  C:\Windows\System\eGYXhKq.exe
  2⤵
  PID:1548
- C:\Windows\System\dMJpnZn.exe
  C:\Windows\System\dMJpnZn.exe
  2⤵
  PID:2928
- C:\Windows\System\qusVVtQ.exe
  C:\Windows\System\qusVVtQ.exe
  2⤵
  PID:2860
- C:\Windows\System\scQRNmI.exe
  C:\Windows\System\scQRNmI.exe
  2⤵
  PID:1932
- C:\Windows\System\qujClOk.exe
  C:\Windows\System\qujClOk.exe
  2⤵
  PID:2612
- C:\Windows\System\vIzLGkR.exe
  C:\Windows\System\vIzLGkR.exe
  2⤵
  PID:1264
- C:\Windows\System\KAndXXf.exe
  C:\Windows\System\KAndXXf.exe
  2⤵
  PID:2856
- C:\Windows\System\PCmuzqQ.exe
  C:\Windows\System\PCmuzqQ.exe
  2⤵
  PID:3000
- C:\Windows\System\yEsweOq.exe
  C:\Windows\System\yEsweOq.exe
  2⤵
  PID:1224
- C:\Windows\System\DXkvNks.exe
  C:\Windows\System\DXkvNks.exe
  2⤵
  PID:2272
- C:\Windows\System\PxARCKd.exe
  C:\Windows\System\PxARCKd.exe
  2⤵
  PID:2960
- C:\Windows\System\ukihjCF.exe
  C:\Windows\System\ukihjCF.exe
  2⤵
  PID:2116
- C:\Windows\System\tfqRhcB.exe
  C:\Windows\System\tfqRhcB.exe
  2⤵
  PID:1136
- C:\Windows\System\HuHuaYO.exe
  C:\Windows\System\HuHuaYO.exe
  2⤵
  PID:1520
- C:\Windows\System\vwLcIvX.exe
  C:\Windows\System\vwLcIvX.exe
  2⤵
  PID:1540
- C:\Windows\System\ngfnjfG.exe
  C:\Windows\System\ngfnjfG.exe
  2⤵
  PID:2828
- C:\Windows\System\WLYgiAW.exe
  C:\Windows\System\WLYgiAW.exe
  2⤵
  PID:292
- C:\Windows\System\axkzply.exe
  C:\Windows\System\axkzply.exe
  2⤵
  PID:2536
- C:\Windows\System\DFUfprB.exe
  C:\Windows\System\DFUfprB.exe
  2⤵
  PID:1784
- C:\Windows\System\zZprEZk.exe
  C:\Windows\System\zZprEZk.exe
  2⤵
  PID:2768
- C:\Windows\System\WEwVTIY.exe
  C:\Windows\System\WEwVTIY.exe
  2⤵
  PID:2340
- C:\Windows\System\FfkGZsj.exe
  C:\Windows\System\FfkGZsj.exe
  2⤵
  PID:1584
- C:\Windows\System\VxpOYoO.exe
  C:\Windows\System\VxpOYoO.exe
  2⤵
  PID:1388
- C:\Windows\System\urNmWvw.exe
  C:\Windows\System\urNmWvw.exe
  2⤵
  PID:2576
- C:\Windows\System\gAOROwh.exe
  C:\Windows\System\gAOROwh.exe
  2⤵
  PID:1080
- C:\Windows\System\pndsWAZ.exe
  C:\Windows\System\pndsWAZ.exe
  2⤵
  PID:1604
- C:\Windows\System\rynRMnS.exe
  C:\Windows\System\rynRMnS.exe
  2⤵
  PID:1040
- C:\Windows\System\xkGQruO.exe
  C:\Windows\System\xkGQruO.exe
  2⤵
  PID:2816
- C:\Windows\System\QqUhEJd.exe
  C:\Windows\System\QqUhEJd.exe
  2⤵
  PID:668
- C:\Windows\System\ulrynVs.exe
  C:\Windows\System\ulrynVs.exe
  2⤵
  PID:2656
- C:\Windows\System\YLVozXD.exe
  C:\Windows\System\YLVozXD.exe
  2⤵
  PID:2232
- C:\Windows\System\HsTGFfN.exe
  C:\Windows\System\HsTGFfN.exe
  2⤵
  PID:2972
- C:\Windows\System\wCpZEfX.exe
  C:\Windows\System\wCpZEfX.exe
  2⤵
  PID:3088
- C:\Windows\System\weKjBcr.exe
  C:\Windows\System\weKjBcr.exe
  2⤵
  PID:3108
- C:\Windows\System\lexyHzz.exe
  C:\Windows\System\lexyHzz.exe
  2⤵
  PID:3128
- C:\Windows\System\hslNgBS.exe
  C:\Windows\System\hslNgBS.exe
  2⤵
  PID:3148
- C:\Windows\System\PTkLQkz.exe
  C:\Windows\System\PTkLQkz.exe
  2⤵
  PID:3168
- C:\Windows\System\zdqetPc.exe
  C:\Windows\System\zdqetPc.exe
  2⤵
  PID:3188
- C:\Windows\System\PVMriqx.exe
  C:\Windows\System\PVMriqx.exe
  2⤵
  PID:3208
- C:\Windows\System\uIEqPQO.exe
  C:\Windows\System\uIEqPQO.exe
  2⤵
  PID:3228
- C:\Windows\System\PPbRmsh.exe
  C:\Windows\System\PPbRmsh.exe
  2⤵
  PID:3252
- C:\Windows\System\hpLsqXO.exe
  C:\Windows\System\hpLsqXO.exe
  2⤵
  PID:3272
- C:\Windows\System\NUUjWFL.exe
  C:\Windows\System\NUUjWFL.exe
  2⤵
  PID:3292
- C:\Windows\System\hVJMUBi.exe
  C:\Windows\System\hVJMUBi.exe
  2⤵
  PID:3312
- C:\Windows\System\pAsLoZa.exe
  C:\Windows\System\pAsLoZa.exe
  2⤵
  PID:3332
- C:\Windows\System\KxGIiIL.exe
  C:\Windows\System\KxGIiIL.exe
  2⤵
  PID:3352
- C:\Windows\System\MZrOXeh.exe
  C:\Windows\System\MZrOXeh.exe
  2⤵
  PID:3372
- C:\Windows\System\pKkQRin.exe
  C:\Windows\System\pKkQRin.exe
  2⤵
  PID:3392
- C:\Windows\System\zrphEUh.exe
  C:\Windows\System\zrphEUh.exe
  2⤵
  PID:3412
- C:\Windows\System\PAoDSga.exe
  C:\Windows\System\PAoDSga.exe
  2⤵
  PID:3432
- C:\Windows\System\qMSiETD.exe
  C:\Windows\System\qMSiETD.exe
  2⤵
  PID:3452
- C:\Windows\System\LuYJuoy.exe
  C:\Windows\System\LuYJuoy.exe
  2⤵
  PID:3468
- C:\Windows\System\wgjEUzk.exe
  C:\Windows\System\wgjEUzk.exe
  2⤵
  PID:3492
- C:\Windows\System\NYpxwLy.exe
  C:\Windows\System\NYpxwLy.exe
  2⤵
  PID:3508
- C:\Windows\System\LTPigLH.exe
  C:\Windows\System\LTPigLH.exe
  2⤵
  PID:3532
- C:\Windows\System\GtNakYQ.exe
  C:\Windows\System\GtNakYQ.exe
  2⤵
  PID:3548
- C:\Windows\System\gIKzsHP.exe
  C:\Windows\System\gIKzsHP.exe
  2⤵
  PID:3572
- C:\Windows\System\hfGkgow.exe
  C:\Windows\System\hfGkgow.exe
  2⤵
  PID:3592
- C:\Windows\System\ZSkSnGe.exe
  C:\Windows\System\ZSkSnGe.exe
  2⤵
  PID:3612
- C:\Windows\System\ImudZua.exe
  C:\Windows\System\ImudZua.exe
  2⤵
  PID:3628
- C:\Windows\System\AVFFDbY.exe
  C:\Windows\System\AVFFDbY.exe
  2⤵
  PID:3652
- C:\Windows\System\uBMkJBS.exe
  C:\Windows\System\uBMkJBS.exe
  2⤵
  PID:3668
- C:\Windows\System\DAvXIht.exe
  C:\Windows\System\DAvXIht.exe
  2⤵
  PID:3692
- C:\Windows\System\QsDAVcj.exe
  C:\Windows\System\QsDAVcj.exe
  2⤵
  PID:3712
- C:\Windows\System\uBqboiJ.exe
  C:\Windows\System\uBqboiJ.exe
  2⤵
  PID:3732
- C:\Windows\System\vZfvfeG.exe
  C:\Windows\System\vZfvfeG.exe
  2⤵
  PID:3752
- C:\Windows\System\OxyhXHS.exe
  C:\Windows\System\OxyhXHS.exe
  2⤵
  PID:3772
- C:\Windows\System\BPPaOlZ.exe
  C:\Windows\System\BPPaOlZ.exe
  2⤵
  PID:3792
- C:\Windows\System\KYwQCMK.exe
  C:\Windows\System\KYwQCMK.exe
  2⤵
  PID:3812
- C:\Windows\System\leAEzGZ.exe
  C:\Windows\System\leAEzGZ.exe
  2⤵
  PID:3832
- C:\Windows\System\rMErYuH.exe
  C:\Windows\System\rMErYuH.exe
  2⤵
  PID:3852
- C:\Windows\System\MAzKPaP.exe
  C:\Windows\System\MAzKPaP.exe
  2⤵
  PID:3872
- C:\Windows\System\bECOqvD.exe
  C:\Windows\System\bECOqvD.exe
  2⤵
  PID:3892
- C:\Windows\System\WWoCySn.exe
  C:\Windows\System\WWoCySn.exe
  2⤵
  PID:3912
- C:\Windows\System\HhSsCgy.exe
  C:\Windows\System\HhSsCgy.exe
  2⤵
  PID:3932
- C:\Windows\System\nSvQAim.exe
  C:\Windows\System\nSvQAim.exe
  2⤵
  PID:3952
- C:\Windows\System\nXvwBDC.exe
  C:\Windows\System\nXvwBDC.exe
  2⤵
  PID:3972
- C:\Windows\System\OEloQuN.exe
  C:\Windows\System\OEloQuN.exe
  2⤵
  PID:3992
- C:\Windows\System\pSCiXIz.exe
  C:\Windows\System\pSCiXIz.exe
  2⤵
  PID:4012
- C:\Windows\System\kDZmUKg.exe
  C:\Windows\System\kDZmUKg.exe
  2⤵
  PID:4032
- C:\Windows\System\qEYwFAf.exe
  C:\Windows\System\qEYwFAf.exe
  2⤵
  PID:4052
- C:\Windows\System\nBorwcA.exe
  C:\Windows\System\nBorwcA.exe
  2⤵
  PID:4072
- C:\Windows\System\MVbCOQR.exe
  C:\Windows\System\MVbCOQR.exe
  2⤵
  PID:4092
- C:\Windows\System\LvPKVmc.exe
  C:\Windows\System\LvPKVmc.exe
  2⤵
  PID:2280
- C:\Windows\System\zRqnyKg.exe
  C:\Windows\System\zRqnyKg.exe
  2⤵
  PID:3016
- C:\Windows\System\FculQgF.exe
  C:\Windows\System\FculQgF.exe
  2⤵
  PID:2844
- C:\Windows\System\eSpiuLh.exe
  C:\Windows\System\eSpiuLh.exe
  2⤵
  PID:3076
- C:\Windows\System\TTuoHAk.exe
  C:\Windows\System\TTuoHAk.exe
  2⤵
  PID:3096
- C:\Windows\System\IpOGxoV.exe
  C:\Windows\System\IpOGxoV.exe
  2⤵
  PID:3120
- C:\Windows\System\SdPTwfj.exe
  C:\Windows\System\SdPTwfj.exe
  2⤵
  PID:3160
- C:\Windows\System\LYsUTKq.exe
  C:\Windows\System\LYsUTKq.exe
  2⤵
  PID:3200
- C:\Windows\System\xepillv.exe
  C:\Windows\System\xepillv.exe
  2⤵
  PID:3240
- C:\Windows\System\AAGzanH.exe
  C:\Windows\System\AAGzanH.exe
  2⤵
  PID:3268
- C:\Windows\System\aOQKmtv.exe
  C:\Windows\System\aOQKmtv.exe
  2⤵
  PID:3324
- C:\Windows\System\zfZmDns.exe
  C:\Windows\System\zfZmDns.exe
  2⤵
  PID:3340
- C:\Windows\System\WGBqgBU.exe
  C:\Windows\System\WGBqgBU.exe
  2⤵
  PID:3364
- C:\Windows\System\ZLuDxKG.exe
  C:\Windows\System\ZLuDxKG.exe
  2⤵
  PID:3384
- C:\Windows\System\SYSeNOd.exe
  C:\Windows\System\SYSeNOd.exe
  2⤵
  PID:3424
- C:\Windows\System\vovPtBr.exe
  C:\Windows\System\vovPtBr.exe
  2⤵
  PID:3488
- C:\Windows\System\mMTjvhD.exe
  C:\Windows\System\mMTjvhD.exe
  2⤵
  PID:3464
- C:\Windows\System\gARHEpb.exe
  C:\Windows\System\gARHEpb.exe
  2⤵
  PID:3564
- C:\Windows\System\CczIvUl.exe
  C:\Windows\System\CczIvUl.exe
  2⤵
  PID:3540
- C:\Windows\System\eoxIGVa.exe
  C:\Windows\System\eoxIGVa.exe
  2⤵
  PID:3636
- C:\Windows\System\hFGrnEI.exe
  C:\Windows\System\hFGrnEI.exe
  2⤵
  PID:3584
- C:\Windows\System\XTbDylB.exe
  C:\Windows\System\XTbDylB.exe
  2⤵
  PID:3688
- C:\Windows\System\ieLeBsv.exe
  C:\Windows\System\ieLeBsv.exe
  2⤵
  PID:3700
- C:\Windows\System\SeeHkmI.exe
  C:\Windows\System\SeeHkmI.exe
  2⤵
  PID:3724
- C:\Windows\System\QeuqYBZ.exe
  C:\Windows\System\QeuqYBZ.exe
  2⤵
  PID:3740
- C:\Windows\System\MQAXZif.exe
  C:\Windows\System\MQAXZif.exe
  2⤵
  PID:3780
- C:\Windows\System\YbprInk.exe
  C:\Windows\System\YbprInk.exe
  2⤵
  PID:3840
- C:\Windows\System\KsNOjQt.exe
  C:\Windows\System\KsNOjQt.exe
  2⤵
  PID:3888
- C:\Windows\System\MmdJAgK.exe
  C:\Windows\System\MmdJAgK.exe
  2⤵
  PID:3860
- C:\Windows\System\cRpDJLQ.exe
  C:\Windows\System\cRpDJLQ.exe
  2⤵
  PID:2284
- C:\Windows\System\QhSTaof.exe
  C:\Windows\System\QhSTaof.exe
  2⤵
  PID:3944
- C:\Windows\System\OTbaJoG.exe
  C:\Windows\System\OTbaJoG.exe
  2⤵
  PID:3980
- C:\Windows\System\jpgtgOi.exe
  C:\Windows\System\jpgtgOi.exe
  2⤵
  PID:4040
- C:\Windows\System\TLBOWtx.exe
  C:\Windows\System\TLBOWtx.exe
  2⤵
  PID:4060
- C:\Windows\System\lrCtUyQ.exe
  C:\Windows\System\lrCtUyQ.exe
  2⤵
  PID:4084
- C:\Windows\System\yablptU.exe
  C:\Windows\System\yablptU.exe
  2⤵
  PID:2676
- C:\Windows\System\NtffQCO.exe
  C:\Windows\System\NtffQCO.exe
  2⤵
  PID:2596
- C:\Windows\System\apnsHLN.exe
  C:\Windows\System\apnsHLN.exe
  2⤵
  PID:3100
- C:\Windows\System\XDzWOOG.exe
  C:\Windows\System\XDzWOOG.exe
  2⤵
  PID:3164
- C:\Windows\System\RVcysfT.exe
  C:\Windows\System\RVcysfT.exe
  2⤵
  PID:3136
- C:\Windows\System\fTdqehU.exe
  C:\Windows\System\fTdqehU.exe
  2⤵
  PID:3216
- C:\Windows\System\TraFGTN.exe
  C:\Windows\System\TraFGTN.exe
  2⤵
  PID:3284
- C:\Windows\System\kiLwfJP.exe
  C:\Windows\System\kiLwfJP.exe
  2⤵
  PID:3344
- C:\Windows\System\FIIStDN.exe
  C:\Windows\System\FIIStDN.exe
  2⤵
  PID:3484
- C:\Windows\System\YcdHOVX.exe
  C:\Windows\System\YcdHOVX.exe
  2⤵
  PID:3528
- C:\Windows\System\EzyHDnI.exe
  C:\Windows\System\EzyHDnI.exe
  2⤵
  PID:3520
- C:\Windows\System\RbRLgGg.exe
  C:\Windows\System\RbRLgGg.exe
  2⤵
  PID:3560
- C:\Windows\System\eLyGlFN.exe
  C:\Windows\System\eLyGlFN.exe
  2⤵
  PID:3588
- C:\Windows\System\qcHVmOC.exe
  C:\Windows\System\qcHVmOC.exe
  2⤵
  PID:3660
- C:\Windows\System\JjhAZkb.exe
  C:\Windows\System\JjhAZkb.exe
  2⤵
  PID:1992
- C:\Windows\System\haLwvdS.exe
  C:\Windows\System\haLwvdS.exe
  2⤵
  PID:3844
- C:\Windows\System\UWVasxJ.exe
  C:\Windows\System\UWVasxJ.exe
  2⤵
  PID:3848
- C:\Windows\System\eQXfnCc.exe
  C:\Windows\System\eQXfnCc.exe
  2⤵
  PID:3928
- C:\Windows\System\iHboqAa.exe
  C:\Windows\System\iHboqAa.exe
  2⤵
  PID:4008
- C:\Windows\System\smpnsMl.exe
  C:\Windows\System\smpnsMl.exe
  2⤵
  PID:4044
- C:\Windows\System\sEDCFrQ.exe
  C:\Windows\System\sEDCFrQ.exe
  2⤵
  PID:4080
- C:\Windows\System\DZDRLCu.exe
  C:\Windows\System\DZDRLCu.exe
  2⤵
  PID:2980
- C:\Windows\System\GEiiTlW.exe
  C:\Windows\System\GEiiTlW.exe
  2⤵
  PID:3028
- C:\Windows\System\TmtLpJR.exe
  C:\Windows\System\TmtLpJR.exe
  2⤵
  PID:3176
- C:\Windows\System\TWyrfQq.exe
  C:\Windows\System\TWyrfQq.exe
  2⤵
  PID:3280
- C:\Windows\System\sBNhtXP.exe
  C:\Windows\System\sBNhtXP.exe
  2⤵
  PID:3348
- C:\Windows\System\cUfoHlG.exe
  C:\Windows\System\cUfoHlG.exe
  2⤵
  PID:3476
- C:\Windows\System\bzdQROo.exe
  C:\Windows\System\bzdQROo.exe
  2⤵
  PID:3600
- C:\Windows\System\AsJFzRC.exe
  C:\Windows\System\AsJFzRC.exe
  2⤵
  PID:3604
- C:\Windows\System\DLtXMBT.exe
  C:\Windows\System\DLtXMBT.exe
  2⤵
  PID:3704
- C:\Windows\System\QmcALEX.exe
  C:\Windows\System\QmcALEX.exe
  2⤵
  PID:3824
- C:\Windows\System\qQivGNj.exe
  C:\Windows\System\qQivGNj.exe
  2⤵
  PID:3940
- C:\Windows\System\XYqopYT.exe
  C:\Windows\System\XYqopYT.exe
  2⤵
  PID:3864
- C:\Windows\System\SvVpcus.exe
  C:\Windows\System\SvVpcus.exe
  2⤵
  PID:2000
- C:\Windows\System\mRwwQIV.exe
  C:\Windows\System\mRwwQIV.exe
  2⤵
  PID:3204
- C:\Windows\System\OnkJdZG.exe
  C:\Windows\System\OnkJdZG.exe
  2⤵
  PID:1964
- C:\Windows\System\UNLSqpv.exe
  C:\Windows\System\UNLSqpv.exe
  2⤵
  PID:1768
- C:\Windows\System\FtJdMTK.exe
  C:\Windows\System\FtJdMTK.exe
  2⤵
  PID:576
- C:\Windows\System\rioEyto.exe
  C:\Windows\System\rioEyto.exe
  2⤵
  PID:3236
- C:\Windows\System\qHEOFRT.exe
  C:\Windows\System\qHEOFRT.exe
  2⤵
  PID:828
- C:\Windows\System\uoVCxvz.exe
  C:\Windows\System\uoVCxvz.exe
  2⤵
  PID:1300
- C:\Windows\System\PUebvIg.exe
  C:\Windows\System\PUebvIg.exe
  2⤵
  PID:1836
- C:\Windows\System\oSxFdJu.exe
  C:\Windows\System\oSxFdJu.exe
  2⤵
  PID:1792
- C:\Windows\System\kbDXzAq.exe
  C:\Windows\System\kbDXzAq.exe
  2⤵
  PID:532
- C:\Windows\System\LWlHjgo.exe
  C:\Windows\System\LWlHjgo.exe
  2⤵
  PID:1072
- C:\Windows\System\LJlMfgD.exe
  C:\Windows\System\LJlMfgD.exe
  2⤵
  PID:3804
- C:\Windows\System\NpXeZBp.exe
  C:\Windows\System\NpXeZBp.exe
  2⤵
  PID:3184
- C:\Windows\System\SOmrJNC.exe
  C:\Windows\System\SOmrJNC.exe
  2⤵
  PID:3380
- C:\Windows\System\FonygXq.exe
  C:\Windows\System\FonygXq.exe
  2⤵
  PID:3408
- C:\Windows\System\eZfrCpG.exe
  C:\Windows\System\eZfrCpG.exe
  2⤵
  PID:3988
- C:\Windows\System\xNNuWTx.exe
  C:\Windows\System\xNNuWTx.exe
  2⤵
  PID:3620
- C:\Windows\System\eZkumhC.exe
  C:\Windows\System\eZkumhC.exe
  2⤵
  PID:3924
- C:\Windows\System\dfqQZLB.exe
  C:\Windows\System\dfqQZLB.exe
  2⤵
  PID:928
- C:\Windows\System\SrviRsF.exe
  C:\Windows\System\SrviRsF.exe
  2⤵
  PID:4108
- C:\Windows\System\aSBhcdG.exe
  C:\Windows\System\aSBhcdG.exe
  2⤵
  PID:4132
- C:\Windows\System\zNqNJaq.exe
  C:\Windows\System\zNqNJaq.exe
  2⤵
  PID:4152
- C:\Windows\System\sgnPkqD.exe
  C:\Windows\System\sgnPkqD.exe
  2⤵
  PID:4168
- C:\Windows\System\sKhKnXZ.exe
  C:\Windows\System\sKhKnXZ.exe
  2⤵
  PID:4184
- C:\Windows\System\WHHVdHm.exe
  C:\Windows\System\WHHVdHm.exe
  2⤵
  PID:4200
- C:\Windows\System\AndKTsD.exe
  C:\Windows\System\AndKTsD.exe
  2⤵
  PID:4216
- C:\Windows\System\kueBBLF.exe
  C:\Windows\System\kueBBLF.exe
  2⤵
  PID:4244
- C:\Windows\System\vJxzAjU.exe
  C:\Windows\System\vJxzAjU.exe
  2⤵
  PID:4272
- C:\Windows\System\eCUFOWN.exe
  C:\Windows\System\eCUFOWN.exe
  2⤵
  PID:4296
- C:\Windows\System\HVqWoOy.exe
  C:\Windows\System\HVqWoOy.exe
  2⤵
  PID:4320
- C:\Windows\System\xrkynDD.exe
  C:\Windows\System\xrkynDD.exe
  2⤵
  PID:4336
- C:\Windows\System\vQUFpUI.exe
  C:\Windows\System\vQUFpUI.exe
  2⤵
  PID:4380
- C:\Windows\System\uYiVqkj.exe
  C:\Windows\System\uYiVqkj.exe
  2⤵
  PID:4408
- C:\Windows\System\FoqbZvv.exe
  C:\Windows\System\FoqbZvv.exe
  2⤵
  PID:4424
- C:\Windows\System\DYKLVVX.exe
  C:\Windows\System\DYKLVVX.exe
  2⤵
  PID:4440
- C:\Windows\System\hpCQcud.exe
  C:\Windows\System\hpCQcud.exe
  2⤵
  PID:4460
- C:\Windows\System\WSWzSLx.exe
  C:\Windows\System\WSWzSLx.exe
  2⤵
  PID:4492
- C:\Windows\System\UawUKqC.exe
  C:\Windows\System\UawUKqC.exe
  2⤵
  PID:4508
- C:\Windows\System\gCvPnoT.exe
  C:\Windows\System\gCvPnoT.exe
  2⤵
  PID:4524
- C:\Windows\System\lwRaHCk.exe
  C:\Windows\System\lwRaHCk.exe
  2⤵
  PID:4540
- C:\Windows\System\QMNHVNM.exe
  C:\Windows\System\QMNHVNM.exe
  2⤵
  PID:4572
- C:\Windows\System\WbkRndE.exe
  C:\Windows\System\WbkRndE.exe
  2⤵
  PID:4588
- C:\Windows\System\FlBarxY.exe
  C:\Windows\System\FlBarxY.exe
  2⤵
  PID:4604
- C:\Windows\System\zFgnrDt.exe
  C:\Windows\System\zFgnrDt.exe
  2⤵
  PID:4620
- C:\Windows\System\InbSJge.exe
  C:\Windows\System\InbSJge.exe
  2⤵
  PID:4636
- C:\Windows\System\euOdjdU.exe
  C:\Windows\System\euOdjdU.exe
  2⤵
  PID:4652
- C:\Windows\System\thfYkre.exe
  C:\Windows\System\thfYkre.exe
  2⤵
  PID:4680
- C:\Windows\System\OUFoWoE.exe
  C:\Windows\System\OUFoWoE.exe
  2⤵
  PID:4704
- C:\Windows\System\fdujBjg.exe
  C:\Windows\System\fdujBjg.exe
  2⤵
  PID:4720
- C:\Windows\System\eMyDQYS.exe
  C:\Windows\System\eMyDQYS.exe
  2⤵
  PID:4736
- C:\Windows\System\YCSVnzy.exe
  C:\Windows\System\YCSVnzy.exe
  2⤵
  PID:4756
- C:\Windows\System\bJhQLkM.exe
  C:\Windows\System\bJhQLkM.exe
  2⤵
  PID:4780
- C:\Windows\System\cfVqTiE.exe
  C:\Windows\System\cfVqTiE.exe
  2⤵
  PID:4804
- C:\Windows\System\lPgeWud.exe
  C:\Windows\System\lPgeWud.exe
  2⤵
  PID:4824
- C:\Windows\System\kSrWFrb.exe
  C:\Windows\System\kSrWFrb.exe
  2⤵
  PID:4840
- C:\Windows\System\RasUulD.exe
  C:\Windows\System\RasUulD.exe
  2⤵
  PID:4860
- C:\Windows\System\PPUcFwJ.exe
  C:\Windows\System\PPUcFwJ.exe
  2⤵
  PID:4876
- C:\Windows\System\siSozDb.exe
  C:\Windows\System\siSozDb.exe
  2⤵
  PID:4892
- C:\Windows\System\MChpsdj.exe
  C:\Windows\System\MChpsdj.exe
  2⤵
  PID:4908
- C:\Windows\System\PMsCQUR.exe
  C:\Windows\System\PMsCQUR.exe
  2⤵
  PID:4924
- C:\Windows\System\ZcMjCoI.exe
  C:\Windows\System\ZcMjCoI.exe
  2⤵
  PID:4940
- C:\Windows\System\AUpGoLm.exe
  C:\Windows\System\AUpGoLm.exe
  2⤵
  PID:4992
- C:\Windows\System\MXfAjtc.exe
  C:\Windows\System\MXfAjtc.exe
  2⤵
  PID:5016
- C:\Windows\System\mBjDMEJ.exe
  C:\Windows\System\mBjDMEJ.exe
  2⤵
  PID:5032
- C:\Windows\System\RENtuCy.exe
  C:\Windows\System\RENtuCy.exe
  2⤵
  PID:5052
- C:\Windows\System\yrzdLip.exe
  C:\Windows\System\yrzdLip.exe
  2⤵
  PID:5072
- C:\Windows\System\bVBBVVQ.exe
  C:\Windows\System\bVBBVVQ.exe
  2⤵
  PID:5092
- C:\Windows\System\VFCfRdM.exe
  C:\Windows\System\VFCfRdM.exe
  2⤵
  PID:908
- C:\Windows\System\SiDonfz.exe
  C:\Windows\System\SiDonfz.exe
  2⤵
  PID:4160
- C:\Windows\System\ZOPxiPw.exe
  C:\Windows\System\ZOPxiPw.exe
  2⤵
  PID:4224
- C:\Windows\System\kumlwiN.exe
  C:\Windows\System\kumlwiN.exe
  2⤵
  PID:1892
- C:\Windows\System\tYdoSQB.exe
  C:\Windows\System\tYdoSQB.exe
  2⤵
  PID:1196
- C:\Windows\System\UhAXVKy.exe
  C:\Windows\System\UhAXVKy.exe
  2⤵
  PID:3868
- C:\Windows\System\VbsqvYu.exe
  C:\Windows\System\VbsqvYu.exe
  2⤵
  PID:3764
- C:\Windows\System\AHFTBgq.exe
  C:\Windows\System\AHFTBgq.exe
  2⤵
  PID:4284
- C:\Windows\System\ggAiFXp.exe
  C:\Windows\System\ggAiFXp.exe
  2⤵
  PID:4004
- C:\Windows\System\mgFoYkm.exe
  C:\Windows\System\mgFoYkm.exe
  2⤵
  PID:4328
- C:\Windows\System\kDLybwo.exe
  C:\Windows\System\kDLybwo.exe
  2⤵
  PID:4104
- C:\Windows\System\vBubIVg.exe
  C:\Windows\System\vBubIVg.exe
  2⤵
  PID:4176
- C:\Windows\System\lVmoRLm.exe
  C:\Windows\System\lVmoRLm.exe
  2⤵
  PID:4264
- C:\Windows\System\VruwpGO.exe
  C:\Windows\System\VruwpGO.exe
  2⤵
  PID:4344
- C:\Windows\System\WxKhlll.exe
  C:\Windows\System\WxKhlll.exe
  2⤵
  PID:4400
- C:\Windows\System\JvsltKk.exe
  C:\Windows\System\JvsltKk.exe
  2⤵
  PID:4364
- C:\Windows\System\XONwVOd.exe
  C:\Windows\System\XONwVOd.exe
  2⤵
  PID:4352
- C:\Windows\System\IxWmxcc.exe
  C:\Windows\System\IxWmxcc.exe
  2⤵
  PID:4416
- C:\Windows\System\odbkmbp.exe
  C:\Windows\System\odbkmbp.exe
  2⤵
  PID:4420
- C:\Windows\System\FNKDuKQ.exe
  C:\Windows\System\FNKDuKQ.exe
  2⤵
  PID:4536
- C:\Windows\System\GYHfRwh.exe
  C:\Windows\System\GYHfRwh.exe
  2⤵
  PID:4520
- C:\Windows\System\WHUnFwG.exe
  C:\Windows\System\WHUnFwG.exe
  2⤵
  PID:4552
- C:\Windows\System\EOwDWGV.exe
  C:\Windows\System\EOwDWGV.exe
  2⤵
  PID:4556
- C:\Windows\System\EzQMmyE.exe
  C:\Windows\System\EzQMmyE.exe
  2⤵
  PID:4672
- C:\Windows\System\WPSnxHu.exe
  C:\Windows\System\WPSnxHu.exe
  2⤵
  PID:4716
- C:\Windows\System\hbwzEmf.exe
  C:\Windows\System\hbwzEmf.exe
  2⤵
  PID:4788
- C:\Windows\System\eukCQCl.exe
  C:\Windows\System\eukCQCl.exe
  2⤵
  PID:4644
- C:\Windows\System\rouurPp.exe
  C:\Windows\System\rouurPp.exe
  2⤵
  PID:4648
- C:\Windows\System\qSrfZbQ.exe
  C:\Windows\System\qSrfZbQ.exe
  2⤵
  PID:4868
- C:\Windows\System\wjBLsfm.exe
  C:\Windows\System\wjBLsfm.exe
  2⤵
  PID:4948
- C:\Windows\System\XKBSuQH.exe
  C:\Windows\System\XKBSuQH.exe
  2⤵
  PID:4776
- C:\Windows\System\zGAfZQR.exe
  C:\Windows\System\zGAfZQR.exe
  2⤵
  PID:4988
- C:\Windows\System\WrepDXc.exe
  C:\Windows\System\WrepDXc.exe
  2⤵
  PID:4972
- C:\Windows\System\RKcbwNI.exe
  C:\Windows\System\RKcbwNI.exe
  2⤵
  PID:4884
- C:\Windows\System\qlYrnwx.exe
  C:\Windows\System\qlYrnwx.exe
  2⤵
  PID:5000
- C:\Windows\System\Ksevvch.exe
  C:\Windows\System\Ksevvch.exe
  2⤵
  PID:5028
- C:\Windows\System\ACopnxN.exe
  C:\Windows\System\ACopnxN.exe
  2⤵
  PID:5060
- C:\Windows\System\pVScGsV.exe
  C:\Windows\System\pVScGsV.exe
  2⤵
  PID:5112
- C:\Windows\System\TzYWXTz.exe
  C:\Windows\System\TzYWXTz.exe
  2⤵
  PID:2236
- C:\Windows\System\pJaqcaU.exe
  C:\Windows\System\pJaqcaU.exe
  2⤵
  PID:4128
- C:\Windows\System\PIVOhTj.exe
  C:\Windows\System\PIVOhTj.exe
  2⤵
  PID:4240
- C:\Windows\System\asKGfbg.exe
  C:\Windows\System\asKGfbg.exe
  2⤵
  PID:692
- C:\Windows\System\FtzxSCW.exe
  C:\Windows\System\FtzxSCW.exe
  2⤵
  PID:4280
- C:\Windows\System\VRCgnwh.exe
  C:\Windows\System\VRCgnwh.exe
  2⤵
  PID:3676
- C:\Windows\System\AbGcZSC.exe
  C:\Windows\System\AbGcZSC.exe
  2⤵
  PID:4252
- C:\Windows\System\KDUJYqg.exe
  C:\Windows\System\KDUJYqg.exe
  2⤵
  PID:2620
- C:\Windows\System\MSsAxPm.exe
  C:\Windows\System\MSsAxPm.exe
  2⤵
  PID:4308
- C:\Windows\System\pcccaQM.exe
  C:\Windows\System\pcccaQM.exe
  2⤵
  PID:4392
- C:\Windows\System\qGHxhiF.exe
  C:\Windows\System\qGHxhiF.exe
  2⤵
  PID:3420
- C:\Windows\System\BSYfIjB.exe
  C:\Windows\System\BSYfIjB.exe
  2⤵
  PID:4532
- C:\Windows\System\djeNbXu.exe
  C:\Windows\System\djeNbXu.exe
  2⤵
  PID:4632
- C:\Windows\System\xUkPwBD.exe
  C:\Windows\System\xUkPwBD.exe
  2⤵
  PID:4668
- C:\Windows\System\nSKLWQb.exe
  C:\Windows\System\nSKLWQb.exe
  2⤵
  PID:4768
- C:\Windows\System\sRMpLDJ.exe
  C:\Windows\System\sRMpLDJ.exe
  2⤵
  PID:4568
- C:\Windows\System\DBECPDV.exe
  C:\Windows\System\DBECPDV.exe
  2⤵
  PID:4712
- C:\Windows\System\bjsMcxZ.exe
  C:\Windows\System\bjsMcxZ.exe
  2⤵
  PID:4616
- C:\Windows\System\aWvrypK.exe
  C:\Windows\System\aWvrypK.exe
  2⤵
  PID:4888
- C:\Windows\System\VQMjiww.exe
  C:\Windows\System\VQMjiww.exe
  2⤵
  PID:4812
- C:\Windows\System\ZjfsNDF.exe
  C:\Windows\System\ZjfsNDF.exe
  2⤵
  PID:4960
- C:\Windows\System\UflDZVb.exe
  C:\Windows\System\UflDZVb.exe
  2⤵
  PID:4856
- C:\Windows\System\cfrBUoP.exe
  C:\Windows\System\cfrBUoP.exe
  2⤵
  PID:4848
- C:\Windows\System\hSxfQJU.exe
  C:\Windows\System\hSxfQJU.exe
  2⤵
  PID:1352
- C:\Windows\System\dbyvDau.exe
  C:\Windows\System\dbyvDau.exe
  2⤵
  PID:3116
- C:\Windows\System\LNOjfHW.exe
  C:\Windows\System\LNOjfHW.exe
  2⤵
  PID:1664
- C:\Windows\System\AnDrfVY.exe
  C:\Windows\System\AnDrfVY.exe
  2⤵
  PID:4208
- C:\Windows\System\YXDVCzh.exe
  C:\Windows\System\YXDVCzh.exe
  2⤵
  PID:4304
- C:\Windows\System\tJwJQep.exe
  C:\Windows\System\tJwJQep.exe
  2⤵
  PID:3460
- C:\Windows\System\CNPJlwi.exe
  C:\Windows\System\CNPJlwi.exe
  2⤵
  PID:4480
- C:\Windows\System\BMTVwRT.exe
  C:\Windows\System\BMTVwRT.exe
  2⤵
  PID:4452
- C:\Windows\System\LzAFJgf.exe
  C:\Windows\System\LzAFJgf.exe
  2⤵
  PID:4688
- C:\Windows\System\SMucEAE.exe
  C:\Windows\System\SMucEAE.exe
  2⤵
  PID:4372
- C:\Windows\System\jPEkGyI.exe
  C:\Windows\System\jPEkGyI.exe
  2⤵
  PID:4376
- C:\Windows\System\gvUTIAi.exe
  C:\Windows\System\gvUTIAi.exe
  2⤵
  PID:4832
- C:\Windows\System\OQJrVfR.exe
  C:\Windows\System\OQJrVfR.exe
  2⤵
  PID:4964
- C:\Windows\System\wgAwMnq.exe
  C:\Windows\System\wgAwMnq.exe
  2⤵
  PID:5080
- C:\Windows\System\ZIZOpNp.exe
  C:\Windows\System\ZIZOpNp.exe
  2⤵
  PID:4124
- C:\Windows\System\VHRtgyl.exe
  C:\Windows\System\VHRtgyl.exe
  2⤵
  PID:4148
- C:\Windows\System\SoxjvDc.exe
  C:\Windows\System\SoxjvDc.exe
  2⤵
  PID:2240
- C:\Windows\System\dyUNljt.exe
  C:\Windows\System\dyUNljt.exe
  2⤵
  PID:5044
- C:\Windows\System\LeBBNKL.exe
  C:\Windows\System\LeBBNKL.exe
  2⤵
  PID:4448
- C:\Windows\System\AtbAZDX.exe
  C:\Windows\System\AtbAZDX.exe
  2⤵
  PID:5124
- C:\Windows\System\NmAlLiV.exe
  C:\Windows\System\NmAlLiV.exe
  2⤵
  PID:5176
- C:\Windows\System\rJeTuho.exe
  C:\Windows\System\rJeTuho.exe
  2⤵
  PID:5196
- C:\Windows\System\inFBnyT.exe
  C:\Windows\System\inFBnyT.exe
  2⤵
  PID:5216
- C:\Windows\System\xCkErSC.exe
  C:\Windows\System\xCkErSC.exe
  2⤵
  PID:5232
- C:\Windows\System\YbvFcWe.exe
  C:\Windows\System\YbvFcWe.exe
  2⤵
  PID:5248
- C:\Windows\System\YzhirYG.exe
  C:\Windows\System\YzhirYG.exe
  2⤵
  PID:5264
- C:\Windows\System\BccQqPt.exe
  C:\Windows\System\BccQqPt.exe
  2⤵
  PID:5280
- C:\Windows\System\FZsZoGl.exe
  C:\Windows\System\FZsZoGl.exe
  2⤵
  PID:5300
- C:\Windows\System\HBkTHpY.exe
  C:\Windows\System\HBkTHpY.exe
  2⤵
  PID:5320
- C:\Windows\System\rudvLQJ.exe
  C:\Windows\System\rudvLQJ.exe
  2⤵
  PID:5336
- C:\Windows\System\JbYrdat.exe
  C:\Windows\System\JbYrdat.exe
  2⤵
  PID:5352
- C:\Windows\System\Ljthtcg.exe
  C:\Windows\System\Ljthtcg.exe
  2⤵
  PID:5376
- C:\Windows\System\MFWpJqm.exe
  C:\Windows\System\MFWpJqm.exe
  2⤵
  PID:5396
- C:\Windows\System\dGwzJwN.exe
  C:\Windows\System\dGwzJwN.exe
  2⤵
  PID:5420
- C:\Windows\System\AuQkicz.exe
  C:\Windows\System\AuQkicz.exe
  2⤵
  PID:5444
- C:\Windows\System\zrIktbq.exe
  C:\Windows\System\zrIktbq.exe
  2⤵
  PID:5460
- C:\Windows\System\LwKlInt.exe
  C:\Windows\System\LwKlInt.exe
  2⤵
  PID:5496
- C:\Windows\System\FbWExnE.exe
  C:\Windows\System\FbWExnE.exe
  2⤵
  PID:5512
- C:\Windows\System\PcNEpQl.exe
  C:\Windows\System\PcNEpQl.exe
  2⤵
  PID:5528
- C:\Windows\System\RvFJjJb.exe
  C:\Windows\System\RvFJjJb.exe
  2⤵
  PID:5548
- C:\Windows\System\MgWYkxq.exe
  C:\Windows\System\MgWYkxq.exe
  2⤵
  PID:5564
- C:\Windows\System\khcEdIE.exe
  C:\Windows\System\khcEdIE.exe
  2⤵
  PID:5580
- C:\Windows\System\ehKPFEM.exe
  C:\Windows\System\ehKPFEM.exe
  2⤵
  PID:5600
- C:\Windows\System\DsPgFmb.exe
  C:\Windows\System\DsPgFmb.exe
  2⤵
  PID:5624
- C:\Windows\System\ozlJXNN.exe
  C:\Windows\System\ozlJXNN.exe
  2⤵
  PID:5640
- C:\Windows\System\mTWWZct.exe
  C:\Windows\System\mTWWZct.exe
  2⤵
  PID:5656
- C:\Windows\System\pOuavQz.exe
  C:\Windows\System\pOuavQz.exe
  2⤵
  PID:5672
- C:\Windows\System\jJKVrmY.exe
  C:\Windows\System\jJKVrmY.exe
  2⤵
  PID:5696
- C:\Windows\System\pkRIvXs.exe
  C:\Windows\System\pkRIvXs.exe
  2⤵
  PID:5712
- C:\Windows\System\pynowmE.exe
  C:\Windows\System\pynowmE.exe
  2⤵
  PID:5732
- C:\Windows\System\XRhKozr.exe
  C:\Windows\System\XRhKozr.exe
  2⤵
  PID:5776
- C:\Windows\System\BAeYFCk.exe
  C:\Windows\System\BAeYFCk.exe
  2⤵
  PID:5792
- C:\Windows\System\nfprHqB.exe
  C:\Windows\System\nfprHqB.exe
  2⤵
  PID:5812
- C:\Windows\System\OeKsHGY.exe
  C:\Windows\System\OeKsHGY.exe
  2⤵
  PID:5832
- C:\Windows\System\yXaSJKq.exe
  C:\Windows\System\yXaSJKq.exe
  2⤵
  PID:5848
- C:\Windows\System\jpuGNEY.exe
  C:\Windows\System\jpuGNEY.exe
  2⤵
  PID:5864
- C:\Windows\System\KObZgcl.exe
  C:\Windows\System\KObZgcl.exe
  2⤵
  PID:5892
- C:\Windows\System\HayWtyl.exe
  C:\Windows\System\HayWtyl.exe
  2⤵
  PID:5908
- C:\Windows\System\rLeoYqY.exe
  C:\Windows\System\rLeoYqY.exe
  2⤵
  PID:5928
- C:\Windows\System\JNDuqSV.exe
  C:\Windows\System\JNDuqSV.exe
  2⤵
  PID:5948
- C:\Windows\System\dUISQey.exe
  C:\Windows\System\dUISQey.exe
  2⤵
  PID:5964
- C:\Windows\System\fgnDSvt.exe
  C:\Windows\System\fgnDSvt.exe
  2⤵
  PID:5980
- C:\Windows\System\LEkIiUQ.exe
  C:\Windows\System\LEkIiUQ.exe
  2⤵
  PID:5996
- C:\Windows\System\rQmrXxZ.exe
  C:\Windows\System\rQmrXxZ.exe
  2⤵
  PID:6032
- C:\Windows\System\kUrspdq.exe
  C:\Windows\System\kUrspdq.exe
  2⤵
  PID:6052
- C:\Windows\System\xZeTYlq.exe
  C:\Windows\System\xZeTYlq.exe
  2⤵
  PID:6072
- C:\Windows\System\lTJGJis.exe
  C:\Windows\System\lTJGJis.exe
  2⤵
  PID:6088
- C:\Windows\System\XxlkbEb.exe
  C:\Windows\System\XxlkbEb.exe
  2⤵
  PID:6108
- C:\Windows\System\WpYYyux.exe
  C:\Windows\System\WpYYyux.exe
  2⤵
  PID:6124
- C:\Windows\System\LjMOpiP.exe
  C:\Windows\System\LjMOpiP.exe
  2⤵
  PID:6140
- C:\Windows\System\ndFQLRl.exe
  C:\Windows\System\ndFQLRl.exe
  2⤵
  PID:4348
- C:\Windows\System\DPMvVQp.exe
  C:\Windows\System\DPMvVQp.exe
  2⤵
  PID:4596
- C:\Windows\System\TgssATd.exe
  C:\Windows\System\TgssATd.exe
  2⤵
  PID:5132
- C:\Windows\System\WyRHPTh.exe
  C:\Windows\System\WyRHPTh.exe
  2⤵
  PID:5152
- C:\Windows\System\LmRYSYm.exe
  C:\Windows\System\LmRYSYm.exe
  2⤵
  PID:5168
- C:\Windows\System\ffgWtdy.exe
  C:\Windows\System\ffgWtdy.exe
  2⤵
  PID:4732
- C:\Windows\System\GRUYDgb.exe
  C:\Windows\System\GRUYDgb.exe
  2⤵
  PID:5068
- C:\Windows\System\mLPjxgm.exe
  C:\Windows\System\mLPjxgm.exe
  2⤵
  PID:5212
- C:\Windows\System\jvdIQBA.exe
  C:\Windows\System\jvdIQBA.exe
  2⤵
  PID:5276
- C:\Windows\System\zdNSnWC.exe
  C:\Windows\System\zdNSnWC.exe
  2⤵
  PID:5344
- C:\Windows\System\NdXRuEW.exe
  C:\Windows\System\NdXRuEW.exe
  2⤵
  PID:5192
- C:\Windows\System\gUfAXuR.exe
  C:\Windows\System\gUfAXuR.exe
  2⤵
  PID:5224
- C:\Windows\System\OwdihzC.exe
  C:\Windows\System\OwdihzC.exe
  2⤵
  PID:5332
- C:\Windows\System\FauqQvg.exe
  C:\Windows\System\FauqQvg.exe
  2⤵
  PID:5404
- C:\Windows\System\uXWyDzA.exe
  C:\Windows\System\uXWyDzA.exe
  2⤵
  PID:5260
- C:\Windows\System\nDvCego.exe
  C:\Windows\System\nDvCego.exe
  2⤵
  PID:5440
- C:\Windows\System\CzpWNNF.exe
  C:\Windows\System\CzpWNNF.exe
  2⤵
  PID:5484
- C:\Windows\System\aeDiVwT.exe
  C:\Windows\System\aeDiVwT.exe
  2⤵
  PID:5452
- C:\Windows\System\ryFgPBr.exe
  C:\Windows\System\ryFgPBr.exe
  2⤵
  PID:5560
- C:\Windows\System\vQpvpkZ.exe
  C:\Windows\System\vQpvpkZ.exe
  2⤵
  PID:5632
- C:\Windows\System\wgbTdtW.exe
  C:\Windows\System\wgbTdtW.exe
  2⤵
  PID:5704
- C:\Windows\System\IRmSwVI.exe
  C:\Windows\System\IRmSwVI.exe
  2⤵
  PID:5764
- C:\Windows\System\tlBdPfU.exe
  C:\Windows\System\tlBdPfU.exe
  2⤵
  PID:5544
- C:\Windows\System\WNpAabJ.exe
  C:\Windows\System\WNpAabJ.exe
  2⤵
  PID:5612
- C:\Windows\System\fDfHApc.exe
  C:\Windows\System\fDfHApc.exe
  2⤵
  PID:5692
- C:\Windows\System\dcNnsBM.exe
  C:\Windows\System\dcNnsBM.exe
  2⤵
  PID:5800
- C:\Windows\System\ZqZWjPr.exe
  C:\Windows\System\ZqZWjPr.exe
  2⤵
  PID:5844
- C:\Windows\System\CiIqlKn.exe
  C:\Windows\System\CiIqlKn.exe
  2⤵
  PID:5916
- C:\Windows\System\TGCltNy.exe
  C:\Windows\System\TGCltNy.exe
  2⤵
  PID:5904
- C:\Windows\System\kNeZXSC.exe
  C:\Windows\System\kNeZXSC.exe
  2⤵
  PID:5956
- C:\Windows\System\NTVaBcN.exe
  C:\Windows\System\NTVaBcN.exe
  2⤵
  PID:6048
- C:\Windows\System\JFUUKII.exe
  C:\Windows\System\JFUUKII.exe
  2⤵
  PID:6020
- C:\Windows\System\ptKAETv.exe
  C:\Windows\System\ptKAETv.exe
  2⤵
  PID:1312
- C:\Windows\System\XMVEKqJ.exe
  C:\Windows\System\XMVEKqJ.exe
  2⤵
  PID:5976
- C:\Windows\System\lHJtNOQ.exe
  C:\Windows\System\lHJtNOQ.exe
  2⤵
  PID:6004
- C:\Windows\System\AAhtZNZ.exe
  C:\Windows\System\AAhtZNZ.exe
  2⤵
  PID:6068
- C:\Windows\System\mTMgJfS.exe
  C:\Windows\System\mTMgJfS.exe
  2⤵
  PID:4312
- C:\Windows\System\mVSQzUq.exe
  C:\Windows\System\mVSQzUq.exe
  2⤵
  PID:4660
- C:\Windows\System\muVtsGk.exe
  C:\Windows\System\muVtsGk.exe
  2⤵
  PID:4584
- C:\Windows\System\YEczoLY.exe
  C:\Windows\System\YEczoLY.exe
  2⤵
  PID:4836
- C:\Windows\System\gEufhvA.exe
  C:\Windows\System\gEufhvA.exe
  2⤵
  PID:5136
- C:\Windows\System\UWQrabP.exe
  C:\Windows\System\UWQrabP.exe
  2⤵
  PID:3444
- C:\Windows\System\zvovVNA.exe
  C:\Windows\System\zvovVNA.exe
  2⤵
  PID:5244
- C:\Windows\System\iuixxjc.exe
  C:\Windows\System\iuixxjc.exe
  2⤵
  PID:5504
- C:\Windows\System\wokNquH.exe
  C:\Windows\System\wokNquH.exe
  2⤵
  PID:5412
- C:\Windows\System\kPZKCaS.exe
  C:\Windows\System\kPZKCaS.exe
  2⤵
  PID:5480
- C:\Windows\System\jpZpsZE.exe
  C:\Windows\System\jpZpsZE.exe
  2⤵
  PID:5664
- C:\Windows\System\dEBXbJa.exe
  C:\Windows\System\dEBXbJa.exe
  2⤵
  PID:5436
- C:\Windows\System\iXgYYLf.exe
  C:\Windows\System\iXgYYLf.exe
  2⤵
  PID:5596
- C:\Windows\System\tzkGpGS.exe
  C:\Windows\System\tzkGpGS.exe
  2⤵
  PID:5360
- C:\Windows\System\iXZyFmC.exe
  C:\Windows\System\iXZyFmC.exe
  2⤵
  PID:5744
- C:\Windows\System\KhWQkgE.exe
  C:\Windows\System\KhWQkgE.exe
  2⤵
  PID:5536
- C:\Windows\System\JCyLLkn.exe
  C:\Windows\System\JCyLLkn.exe
  2⤵
  PID:5648
- C:\Windows\System\fhcsHie.exe
  C:\Windows\System\fhcsHie.exe
  2⤵
  PID:5760
- C:\Windows\System\lWlToIP.exe
  C:\Windows\System\lWlToIP.exe
  2⤵
  PID:5740
- C:\Windows\System\CJCqzJi.exe
  C:\Windows\System\CJCqzJi.exe
  2⤵
  PID:5988
- C:\Windows\System\rvryoax.exe
  C:\Windows\System\rvryoax.exe
  2⤵
  PID:5576
- C:\Windows\System\RgwVGsM.exe
  C:\Windows\System\RgwVGsM.exe
  2⤵
  PID:5728
- C:\Windows\System\cEYCiXF.exe
  C:\Windows\System\cEYCiXF.exe
  2⤵
  PID:5876
- C:\Windows\System\fkftTbc.exe
  C:\Windows\System\fkftTbc.exe
  2⤵
  PID:6008
- C:\Windows\System\FpDRDdn.exe
  C:\Windows\System\FpDRDdn.exe
  2⤵
  PID:6096
- C:\Windows\System\mpcUlbd.exe
  C:\Windows\System\mpcUlbd.exe
  2⤵
  PID:6104
- C:\Windows\System\IgJGcBw.exe
  C:\Windows\System\IgJGcBw.exe
  2⤵
  PID:6060
- C:\Windows\System\bMaauvN.exe
  C:\Windows\System\bMaauvN.exe
  2⤵
  PID:6024
- C:\Windows\System\UyodLZL.exe
  C:\Windows\System\UyodLZL.exe
  2⤵
  PID:4120
- C:\Windows\System\CNEszsL.exe
  C:\Windows\System\CNEszsL.exe
  2⤵
  PID:5084
- C:\Windows\System\MMKWHDn.exe
  C:\Windows\System\MMKWHDn.exe
  2⤵
  PID:5204
- C:\Windows\System\OaohTVY.exe
  C:\Windows\System\OaohTVY.exe
  2⤵
  PID:5328
- C:\Windows\System\xsZVeoW.exe
  C:\Windows\System\xsZVeoW.exe
  2⤵
  PID:5476
- C:\Windows\System\zBtPAxg.exe
  C:\Windows\System\zBtPAxg.exe
  2⤵
  PID:5492
- C:\Windows\System\RXhgTRs.exe
  C:\Windows\System\RXhgTRs.exe
  2⤵
  PID:5432
- C:\Windows\System\UGEOuWJ.exe
  C:\Windows\System\UGEOuWJ.exe
  2⤵
  PID:5652
- C:\Windows\System\cgJHtsm.exe
  C:\Windows\System\cgJHtsm.exe
  2⤵
  PID:5840
- C:\Windows\System\DlJTBAf.exe
  C:\Windows\System\DlJTBAf.exe
  2⤵
  PID:5860
- C:\Windows\System\JYfAsbR.exe
  C:\Windows\System\JYfAsbR.exe
  2⤵
  PID:5724
- C:\Windows\System\nwXQOnz.exe
  C:\Windows\System\nwXQOnz.exe
  2⤵
  PID:5924
- C:\Windows\System\XtcrBhL.exe
  C:\Windows\System\XtcrBhL.exe
  2⤵
  PID:4916
- C:\Windows\System\GoaTwbb.exe
  C:\Windows\System\GoaTwbb.exe
  2⤵
  PID:5040
- C:\Windows\System\zRmdsEN.exe
  C:\Windows\System\zRmdsEN.exe
  2⤵
  PID:5524
- C:\Windows\System\hhziSJt.exe
  C:\Windows\System\hhziSJt.exe
  2⤵
  PID:308
- C:\Windows\System\unukgvR.exe
  C:\Windows\System\unukgvR.exe
  2⤵
  PID:5756
- C:\Windows\System\sSlXOoB.exe
  C:\Windows\System\sSlXOoB.exe
  2⤵
  PID:6040
- C:\Windows\System\gEueqaA.exe
  C:\Windows\System\gEueqaA.exe
  2⤵
  PID:5668
- C:\Windows\System\GnTiNUX.exe
  C:\Windows\System\GnTiNUX.exe
  2⤵
  PID:3820
- C:\Windows\System\lnQPIoP.exe
  C:\Windows\System\lnQPIoP.exe
  2⤵
  PID:5888
- C:\Windows\System\qOBUmah.exe
  C:\Windows\System\qOBUmah.exe
  2⤵
  PID:5288
- C:\Windows\System\WtahOxy.exe
  C:\Windows\System\WtahOxy.exe
  2⤵
  PID:6136
- C:\Windows\System\SIzRAUy.exe
  C:\Windows\System\SIzRAUy.exe
  2⤵
  PID:6152
- C:\Windows\System\oMXJZCC.exe
  C:\Windows\System\oMXJZCC.exe
  2⤵
  PID:6168
- C:\Windows\System\xLgpfkZ.exe
  C:\Windows\System\xLgpfkZ.exe
  2⤵
  PID:6184
- C:\Windows\System\IOrQwBk.exe
  C:\Windows\System\IOrQwBk.exe
  2⤵
  PID:6200
- C:\Windows\System\eYFXrYq.exe
  C:\Windows\System\eYFXrYq.exe
  2⤵
  PID:6216
- C:\Windows\System\XJbuhbt.exe
  C:\Windows\System\XJbuhbt.exe
  2⤵
  PID:6232
- C:\Windows\System\dXpUEEN.exe
  C:\Windows\System\dXpUEEN.exe
  2⤵
  PID:6248
- C:\Windows\System\PqUEcEr.exe
  C:\Windows\System\PqUEcEr.exe
  2⤵
  PID:6264
- C:\Windows\System\AJrweCB.exe
  C:\Windows\System\AJrweCB.exe
  2⤵
  PID:6280
- C:\Windows\System\emveBQd.exe
  C:\Windows\System\emveBQd.exe
  2⤵
  PID:6296
- C:\Windows\System\DvonmsY.exe
  C:\Windows\System\DvonmsY.exe
  2⤵
  PID:6312
- C:\Windows\System\vBGxFBm.exe
  C:\Windows\System\vBGxFBm.exe
  2⤵
  PID:6328
- C:\Windows\System\gYXTqgj.exe
  C:\Windows\System\gYXTqgj.exe
  2⤵
  PID:6348
- C:\Windows\System\XxSAhLT.exe
  C:\Windows\System\XxSAhLT.exe
  2⤵
  PID:6364
- C:\Windows\System\hvJWKCA.exe
  C:\Windows\System\hvJWKCA.exe
  2⤵
  PID:6380
- C:\Windows\System\fTSsjuy.exe
  C:\Windows\System\fTSsjuy.exe
  2⤵
  PID:6396
- C:\Windows\System\woRYqoM.exe
  C:\Windows\System\woRYqoM.exe
  2⤵
  PID:6412
- C:\Windows\System\vDadYin.exe
  C:\Windows\System\vDadYin.exe
  2⤵
  PID:6428
- C:\Windows\System\CKBILFy.exe
  C:\Windows\System\CKBILFy.exe
  2⤵
  PID:6444
- C:\Windows\System\aeuunAS.exe
  C:\Windows\System\aeuunAS.exe
  2⤵
  PID:6460
- C:\Windows\System\fsqNvkA.exe
  C:\Windows\System\fsqNvkA.exe
  2⤵
  PID:6476
- C:\Windows\System\ubaQrng.exe
  C:\Windows\System\ubaQrng.exe
  2⤵
  PID:6492
- C:\Windows\System\ngdNxxr.exe
  C:\Windows\System\ngdNxxr.exe
  2⤵
  PID:6508
- C:\Windows\System\sELtqTZ.exe
  C:\Windows\System\sELtqTZ.exe
  2⤵
  PID:6524
- C:\Windows\System\WeWyLex.exe
  C:\Windows\System\WeWyLex.exe
  2⤵
  PID:6540
- C:\Windows\System\SInLwKf.exe
  C:\Windows\System\SInLwKf.exe
  2⤵
  PID:6556
- C:\Windows\System\kEGhgAQ.exe
  C:\Windows\System\kEGhgAQ.exe
  2⤵
  PID:6572
- C:\Windows\System\oaIyqpg.exe
  C:\Windows\System\oaIyqpg.exe
  2⤵
  PID:6588
- C:\Windows\System\hgdsYdl.exe
  C:\Windows\System\hgdsYdl.exe
  2⤵
  PID:6604
- C:\Windows\System\QJNPOoH.exe
  C:\Windows\System\QJNPOoH.exe
  2⤵
  PID:6620
- C:\Windows\System\FrZrGVW.exe
  C:\Windows\System\FrZrGVW.exe
  2⤵
  PID:6636
- C:\Windows\System\QtvyhJa.exe
  C:\Windows\System\QtvyhJa.exe
  2⤵
  PID:6652
- C:\Windows\System\jBDBLkP.exe
  C:\Windows\System\jBDBLkP.exe
  2⤵
  PID:6668
- C:\Windows\System\ymPzsns.exe
  C:\Windows\System\ymPzsns.exe
  2⤵
  PID:6684
- C:\Windows\System\XzNrtvk.exe
  C:\Windows\System\XzNrtvk.exe
  2⤵
  PID:6700
- C:\Windows\System\JgUkzdM.exe
  C:\Windows\System\JgUkzdM.exe
  2⤵
  PID:6716
- C:\Windows\System\ugkdEJN.exe
  C:\Windows\System\ugkdEJN.exe
  2⤵
  PID:6732
- C:\Windows\System\SNLgwWb.exe
  C:\Windows\System\SNLgwWb.exe
  2⤵
  PID:6748
- C:\Windows\System\MSbiQZB.exe
  C:\Windows\System\MSbiQZB.exe
  2⤵
  PID:6764
- C:\Windows\System\epWlgGa.exe
  C:\Windows\System\epWlgGa.exe
  2⤵
  PID:6780
- C:\Windows\System\wEvSrhw.exe
  C:\Windows\System\wEvSrhw.exe
  2⤵
  PID:6796
- C:\Windows\System\dtvQdkg.exe
  C:\Windows\System\dtvQdkg.exe
  2⤵
  PID:6812
- C:\Windows\System\HiyiDgb.exe
  C:\Windows\System\HiyiDgb.exe
  2⤵
  PID:6828
- C:\Windows\System\HcWNdMy.exe
  C:\Windows\System\HcWNdMy.exe
  2⤵
  PID:6844
- C:\Windows\System\myQhdOm.exe
  C:\Windows\System\myQhdOm.exe
  2⤵
  PID:6860
- C:\Windows\System\ZazWqVu.exe
  C:\Windows\System\ZazWqVu.exe
  2⤵
  PID:6876
- C:\Windows\System\iQmiIrh.exe
  C:\Windows\System\iQmiIrh.exe
  2⤵
  PID:6892
- C:\Windows\System\sCCtFdD.exe
  C:\Windows\System\sCCtFdD.exe
  2⤵
  PID:6908
- C:\Windows\System\dQMZOBq.exe
  C:\Windows\System\dQMZOBq.exe
  2⤵
  PID:6924
- C:\Windows\System\leyQbOX.exe
  C:\Windows\System\leyQbOX.exe
  2⤵
  PID:6940
- C:\Windows\System\gxrwSrA.exe
  C:\Windows\System\gxrwSrA.exe
  2⤵
  PID:6956
- C:\Windows\System\XCzjdmh.exe
  C:\Windows\System\XCzjdmh.exe
  2⤵
  PID:6972
- C:\Windows\System\JcjHbXL.exe
  C:\Windows\System\JcjHbXL.exe
  2⤵
  PID:6988
- C:\Windows\System\GWVYAgn.exe
  C:\Windows\System\GWVYAgn.exe
  2⤵
  PID:7004
- C:\Windows\System\GfCRmBt.exe
  C:\Windows\System\GfCRmBt.exe
  2⤵
  PID:7020
- C:\Windows\System\PxVizDa.exe
  C:\Windows\System\PxVizDa.exe
  2⤵
  PID:7036
- C:\Windows\System\cuaxlea.exe
  C:\Windows\System\cuaxlea.exe
  2⤵
  PID:7052
- C:\Windows\System\JhPgpwN.exe
  C:\Windows\System\JhPgpwN.exe
  2⤵
  PID:7068
- C:\Windows\System\lpGNHtL.exe
  C:\Windows\System\lpGNHtL.exe
  2⤵
  PID:7084
- C:\Windows\System\ahZFYza.exe
  C:\Windows\System\ahZFYza.exe
  2⤵
  PID:7100
- C:\Windows\System\ZfNTKTU.exe
  C:\Windows\System\ZfNTKTU.exe
  2⤵
  PID:7116
- C:\Windows\System\jthnbkF.exe
  C:\Windows\System\jthnbkF.exe
  2⤵
  PID:7132
- C:\Windows\System\YgBNKjM.exe
  C:\Windows\System\YgBNKjM.exe
  2⤵
  PID:7148
- C:\Windows\System\zWsbCdH.exe
  C:\Windows\System\zWsbCdH.exe
  2⤵
  PID:7164
- C:\Windows\System\gxQmSZI.exe
  C:\Windows\System\gxQmSZI.exe
  2⤵
  PID:6100
- C:\Windows\System\dufxkDC.exe
  C:\Windows\System\dufxkDC.exe
  2⤵
  PID:6176
- C:\Windows\System\bmeTtwT.exe
  C:\Windows\System\bmeTtwT.exe
  2⤵
  PID:5688
- C:\Windows\System\oZoSYUS.exe
  C:\Windows\System\oZoSYUS.exe
  2⤵
  PID:6272
- C:\Windows\System\uSOHiBA.exe
  C:\Windows\System\uSOHiBA.exe
  2⤵
  PID:6196
- C:\Windows\System\eEHfUTt.exe
  C:\Windows\System\eEHfUTt.exe
  2⤵
  PID:6304
- C:\Windows\System\xqhhGBj.exe
  C:\Windows\System\xqhhGBj.exe
  2⤵
  PID:5164
- C:\Windows\System\ALQBUjo.exe
  C:\Windows\System\ALQBUjo.exe
  2⤵
  PID:6292
- C:\Windows\System\nhGIjEW.exe
  C:\Windows\System\nhGIjEW.exe
  2⤵
  PID:6404
- C:\Windows\System\ypkiDpk.exe
  C:\Windows\System\ypkiDpk.exe
  2⤵
  PID:6392
- C:\Windows\System\pWFHEAo.exe
  C:\Windows\System\pWFHEAo.exe
  2⤵
  PID:6324
- C:\Windows\System\XNyqGVh.exe
  C:\Windows\System\XNyqGVh.exe
  2⤵
  PID:6424
- C:\Windows\System\ENNkNPd.exe
  C:\Windows\System\ENNkNPd.exe
  2⤵
  PID:6484
- C:\Windows\System\tyWtxBe.exe
  C:\Windows\System\tyWtxBe.exe
  2⤵
  PID:6520
- C:\Windows\System\wCleLGo.exe
  C:\Windows\System\wCleLGo.exe
  2⤵
  PID:6532
- C:\Windows\System\QwbdPRz.exe
  C:\Windows\System\QwbdPRz.exe
  2⤵
  PID:6552
- C:\Windows\System\lsBtoJV.exe
  C:\Windows\System\lsBtoJV.exe
  2⤵
  PID:6660
- C:\Windows\System\uUIdhzN.exe
  C:\Windows\System\uUIdhzN.exe
  2⤵
  PID:6724
- C:\Windows\System\eishVAW.exe
  C:\Windows\System\eishVAW.exe
  2⤵
  PID:6820
- C:\Windows\System\DwOBAsE.exe
  C:\Windows\System\DwOBAsE.exe
  2⤵
  PID:6852
- C:\Windows\System\fbzXrsK.exe
  C:\Windows\System\fbzXrsK.exe
  2⤵
  PID:6612
- C:\Windows\System\VpuMsZN.exe
  C:\Windows\System\VpuMsZN.exe
  2⤵
  PID:6644
- C:\Windows\System\EuCnqvG.exe
  C:\Windows\System\EuCnqvG.exe
  2⤵
  PID:6884
- C:\Windows\System\oMhzOoo.exe
  C:\Windows\System\oMhzOoo.exe
  2⤵
  PID:6948
- C:\Windows\System\gieCSIE.exe
  C:\Windows\System\gieCSIE.exe
  2⤵
  PID:6740
- C:\Windows\System\BCDQytG.exe
  C:\Windows\System\BCDQytG.exe
  2⤵
  PID:6772
- C:\Windows\System\JJWpHgr.exe
  C:\Windows\System\JJWpHgr.exe
  2⤵
  PID:6804
- C:\Windows\System\zVjfSdS.exe
  C:\Windows\System\zVjfSdS.exe
  2⤵
  PID:7048
- C:\Windows\System\jsezraJ.exe
  C:\Windows\System\jsezraJ.exe
  2⤵
  PID:6868
- C:\Windows\System\JjLjUNT.exe
  C:\Windows\System\JjLjUNT.exe
  2⤵
  PID:6836
- C:\Windows\System\rhjpuXl.exe
  C:\Windows\System\rhjpuXl.exe
  2⤵
  PID:7108
- C:\Windows\System\rZyXkpZ.exe
  C:\Windows\System\rZyXkpZ.exe
  2⤵
  PID:7060
- C:\Windows\System\GETQLUJ.exe
  C:\Windows\System\GETQLUJ.exe
  2⤵
  PID:5188
- C:\Windows\System\oXzuVrN.exe
  C:\Windows\System\oXzuVrN.exe
  2⤵
  PID:4752
- C:\Windows\System\whEqDPA.exe
  C:\Windows\System\whEqDPA.exe
  2⤵
  PID:7160
- C:\Windows\System\Vbqifww.exe
  C:\Windows\System\Vbqifww.exe
  2⤵
  PID:6276
- C:\Windows\System\wONEGud.exe
  C:\Windows\System\wONEGud.exe
  2⤵
  PID:6164
- C:\Windows\System\ZBezZkn.exe
  C:\Windows\System\ZBezZkn.exe
  2⤵
  PID:6260
- C:\Windows\System\iYvfhio.exe
  C:\Windows\System\iYvfhio.exe
  2⤵
  PID:6356
- C:\Windows\System\PqkvBjC.exe
  C:\Windows\System\PqkvBjC.exe
  2⤵
  PID:6456
- C:\Windows\System\vkjjHww.exe
  C:\Windows\System\vkjjHww.exe
  2⤵
  PID:6596
- C:\Windows\System\dwDlIXH.exe
  C:\Windows\System\dwDlIXH.exe
  2⤵
  PID:6760
- C:\Windows\System\VfqTcKP.exe
  C:\Windows\System\VfqTcKP.exe
  2⤵
  PID:6712
- C:\Windows\System\AOFITPp.exe
  C:\Windows\System\AOFITPp.exe
  2⤵
  PID:7180
- C:\Windows\System\JkRHhHH.exe
  C:\Windows\System\JkRHhHH.exe
  2⤵
  PID:7196
- C:\Windows\System\DOUDajm.exe
  C:\Windows\System\DOUDajm.exe
  2⤵
  PID:7212
- C:\Windows\System\ITonytx.exe
  C:\Windows\System\ITonytx.exe
  2⤵
  PID:7228
- C:\Windows\System\XKXxsPN.exe
  C:\Windows\System\XKXxsPN.exe
  2⤵
  PID:7244
- C:\Windows\System\HlzNytn.exe
  C:\Windows\System\HlzNytn.exe
  2⤵
  PID:7260
- C:\Windows\System\KFgMTHK.exe
  C:\Windows\System\KFgMTHK.exe
  2⤵
  PID:7276
- C:\Windows\System\PMUyvCv.exe
  C:\Windows\System\PMUyvCv.exe
  2⤵
  PID:7296
- C:\Windows\System\HEwSfrd.exe
  C:\Windows\System\HEwSfrd.exe
  2⤵
  PID:7312
- C:\Windows\System\zasgaGn.exe
  C:\Windows\System\zasgaGn.exe
  2⤵
  PID:7328
- C:\Windows\System\qRVyjBh.exe
  C:\Windows\System\qRVyjBh.exe
  2⤵
  PID:7344
- C:\Windows\System\CvzixDi.exe
  C:\Windows\System\CvzixDi.exe
  2⤵
  PID:7360
- C:\Windows\System\XOipkOR.exe
  C:\Windows\System\XOipkOR.exe
  2⤵
  PID:7376
- C:\Windows\System\SubdQVs.exe
  C:\Windows\System\SubdQVs.exe
  2⤵
  PID:7392
- C:\Windows\System\hYVbgAu.exe
  C:\Windows\System\hYVbgAu.exe
  2⤵
  PID:7408
- C:\Windows\System\qvlGDDK.exe
  C:\Windows\System\qvlGDDK.exe
  2⤵
  PID:7424
- C:\Windows\System\WtrUWmI.exe
  C:\Windows\System\WtrUWmI.exe
  2⤵
  PID:7440
- C:\Windows\System\XsQnRtA.exe
  C:\Windows\System\XsQnRtA.exe
  2⤵
  PID:7456
- C:\Windows\System\bKzXeFQ.exe
  C:\Windows\System\bKzXeFQ.exe
  2⤵
  PID:7472
- C:\Windows\System\tHFoXLO.exe
  C:\Windows\System\tHFoXLO.exe
  2⤵
  PID:7488
- C:\Windows\System\IRzLrlT.exe
  C:\Windows\System\IRzLrlT.exe
  2⤵
  PID:7504
- C:\Windows\System\IyHvYDe.exe
  C:\Windows\System\IyHvYDe.exe
  2⤵
  PID:7520
- C:\Windows\System\dlATAPl.exe
  C:\Windows\System\dlATAPl.exe
  2⤵
  PID:7536
- C:\Windows\System\KAWyjZK.exe
  C:\Windows\System\KAWyjZK.exe
  2⤵
  PID:7552
- C:\Windows\System\ScgogAQ.exe
  C:\Windows\System\ScgogAQ.exe
  2⤵
  PID:7568
- C:\Windows\System\OScIYuB.exe
  C:\Windows\System\OScIYuB.exe
  2⤵
  PID:7584
- C:\Windows\System\ltNZKjS.exe
  C:\Windows\System\ltNZKjS.exe
  2⤵
  PID:7600
- C:\Windows\System\MvVUaiX.exe
  C:\Windows\System\MvVUaiX.exe
  2⤵
  PID:7616
- C:\Windows\System\FJoIWWY.exe
  C:\Windows\System\FJoIWWY.exe
  2⤵
  PID:7632
- C:\Windows\System\ZMbFHwk.exe
  C:\Windows\System\ZMbFHwk.exe
  2⤵
  PID:7648
- C:\Windows\System\GimAUhf.exe
  C:\Windows\System\GimAUhf.exe
  2⤵
  PID:7664
- C:\Windows\System\sgRDjQI.exe
  C:\Windows\System\sgRDjQI.exe
  2⤵
  PID:7680
- C:\Windows\System\lVpndSl.exe
  C:\Windows\System\lVpndSl.exe
  2⤵
  PID:7696
- C:\Windows\System\XXkPhVV.exe
  C:\Windows\System\XXkPhVV.exe
  2⤵
  PID:7712
- C:\Windows\System\JSgGsrV.exe
  C:\Windows\System\JSgGsrV.exe
  2⤵
  PID:7728
- C:\Windows\System\WjFZiyP.exe
  C:\Windows\System\WjFZiyP.exe
  2⤵
  PID:7744
- C:\Windows\System\RPtDVAu.exe
  C:\Windows\System\RPtDVAu.exe
  2⤵
  PID:7760
- C:\Windows\System\UubnukD.exe
  C:\Windows\System\UubnukD.exe
  2⤵
  PID:7776
- C:\Windows\System\ARasYsq.exe
  C:\Windows\System\ARasYsq.exe
  2⤵
  PID:7792
- C:\Windows\System\IQKPqVH.exe
  C:\Windows\System\IQKPqVH.exe
  2⤵
  PID:7808
- C:\Windows\System\GdxcJae.exe
  C:\Windows\System\GdxcJae.exe
  2⤵
  PID:7824
- C:\Windows\System\TXknkTu.exe
  C:\Windows\System\TXknkTu.exe
  2⤵
  PID:7840
- C:\Windows\System\iuNHkQX.exe
  C:\Windows\System\iuNHkQX.exe
  2⤵
  PID:7856
- C:\Windows\System\qgXPwMA.exe
  C:\Windows\System\qgXPwMA.exe
  2⤵
  PID:7872
- C:\Windows\System\IZcgQIf.exe
  C:\Windows\System\IZcgQIf.exe
  2⤵
  PID:7896
- C:\Windows\System\omZxNrZ.exe
  C:\Windows\System\omZxNrZ.exe
  2⤵
  PID:7916
- C:\Windows\System\omPwSCL.exe
  C:\Windows\System\omPwSCL.exe
  2⤵
  PID:7932
- C:\Windows\System\ctwZZYm.exe
  C:\Windows\System\ctwZZYm.exe
  2⤵
  PID:7948
- C:\Windows\System\MmoMOWV.exe
  C:\Windows\System\MmoMOWV.exe
  2⤵
  PID:7964
- C:\Windows\System\RWLjLpI.exe
  C:\Windows\System\RWLjLpI.exe
  2⤵
  PID:7984
- C:\Windows\System\IjHDHOA.exe
  C:\Windows\System\IjHDHOA.exe
  2⤵
  PID:8000
- C:\Windows\System\YFqhQpr.exe
  C:\Windows\System\YFqhQpr.exe
  2⤵
  PID:8016
- C:\Windows\System\ViBjUhp.exe
  C:\Windows\System\ViBjUhp.exe
  2⤵
  PID:8032
- C:\Windows\System\GDKYiFn.exe
  C:\Windows\System\GDKYiFn.exe
  2⤵
  PID:8048
- C:\Windows\System\jdIzMHG.exe
  C:\Windows\System\jdIzMHG.exe
  2⤵
  PID:8064
- C:\Windows\System\uaxIlNB.exe
  C:\Windows\System\uaxIlNB.exe
  2⤵
  PID:8080
- C:\Windows\System\ukqkXNt.exe
  C:\Windows\System\ukqkXNt.exe
  2⤵
  PID:8096
- C:\Windows\System\yYYMedb.exe
  C:\Windows\System\yYYMedb.exe
  2⤵
  PID:8112
- C:\Windows\System\GsMXJoo.exe
  C:\Windows\System\GsMXJoo.exe
  2⤵
  PID:8128
- C:\Windows\System\EzrtkuG.exe
  C:\Windows\System\EzrtkuG.exe
  2⤵
  PID:8144
- C:\Windows\System\vAbrIDZ.exe
  C:\Windows\System\vAbrIDZ.exe
  2⤵
  PID:8160
- C:\Windows\System\byNnGoE.exe
  C:\Windows\System\byNnGoE.exe
  2⤵
  PID:8176
- C:\Windows\System\ptnAFsJ.exe
  C:\Windows\System\ptnAFsJ.exe
  2⤵
  PID:6980
- C:\Windows\System\dSNJUBL.exe
  C:\Windows\System\dSNJUBL.exe
  2⤵
  PID:6208
- C:\Windows\System\ionrVal.exe
  C:\Windows\System\ionrVal.exe
  2⤵
  PID:7112
- C:\Windows\System\MbineiO.exe
  C:\Windows\System\MbineiO.exe
  2⤵
  PID:4792
- C:\Windows\System\CCgwtyY.exe
  C:\Windows\System\CCgwtyY.exe
  2⤵
  PID:6376
- C:\Windows\System\yYfDljL.exe
  C:\Windows\System\yYfDljL.exe
  2⤵
  PID:6708
- C:\Windows\System\BUlvxRB.exe
  C:\Windows\System\BUlvxRB.exe
  2⤵
  PID:7252
- C:\Windows\System\jRYAFaU.exe
  C:\Windows\System\jRYAFaU.exe
  2⤵
  PID:7128
- C:\Windows\System\SJyicrU.exe
  C:\Windows\System\SJyicrU.exe
  2⤵
  PID:6472
- C:\Windows\System\wqXToXe.exe
  C:\Windows\System\wqXToXe.exe
  2⤵
  PID:6548
- C:\Windows\System\EBlRkFC.exe
  C:\Windows\System\EBlRkFC.exe
  2⤵
  PID:6756
- C:\Windows\System\JYajOpl.exe
  C:\Windows\System\JYajOpl.exe
  2⤵
  PID:7236
- C:\Windows\System\sIDnNqb.exe
  C:\Windows\System\sIDnNqb.exe
  2⤵
  PID:6792
- C:\Windows\System\ZdVhikF.exe
  C:\Windows\System\ZdVhikF.exe
  2⤵
  PID:7032
- C:\Windows\System\LgLvCXu.exe
  C:\Windows\System\LgLvCXu.exe
  2⤵
  PID:7016
- C:\Windows\System\sRrofoy.exe
  C:\Windows\System\sRrofoy.exe
  2⤵
  PID:6968
- C:\Windows\System\IQEIosD.exe
  C:\Windows\System\IQEIosD.exe
  2⤵
  PID:6648
- C:\Windows\System\uxbYXPu.exe
  C:\Windows\System\uxbYXPu.exe
  2⤵
  PID:6344
- C:\Windows\System\wJjzopL.exe
  C:\Windows\System\wJjzopL.exe
  2⤵
  PID:7388
- C:\Windows\System\BiDwWWF.exe
  C:\Windows\System\BiDwWWF.exe
  2⤵
  PID:7452
- C:\Windows\System\ITZnAkI.exe
  C:\Windows\System\ITZnAkI.exe
  2⤵
  PID:7340
- C:\Windows\System\GTOgKOT.exe
  C:\Windows\System\GTOgKOT.exe
  2⤵
  PID:7484
- C:\Windows\System\oFyeTEV.exe
  C:\Windows\System\oFyeTEV.exe
  2⤵
  PID:7528
- C:\Windows\System\dGVdlPh.exe
  C:\Windows\System\dGVdlPh.exe
  2⤵
  PID:7432
- C:\Windows\System\pOJHeSj.exe
  C:\Windows\System\pOJHeSj.exe
  2⤵
  PID:7468
- C:\Windows\System\johxZLh.exe
  C:\Windows\System\johxZLh.exe
  2⤵
  PID:7576
- C:\Windows\System\GJSHoJH.exe
  C:\Windows\System\GJSHoJH.exe
  2⤵
  PID:7596
- C:\Windows\System\mfLgqtJ.exe
  C:\Windows\System\mfLgqtJ.exe
  2⤵
  PID:7644
- C:\Windows\System\rOCeZJD.exe
  C:\Windows\System\rOCeZJD.exe
  2⤵
  PID:7628
- C:\Windows\System\sIpJPJa.exe
  C:\Windows\System\sIpJPJa.exe
  2⤵
  PID:7704
- C:\Windows\System\FciFCbe.exe
  C:\Windows\System\FciFCbe.exe
  2⤵
  PID:7740
- C:\Windows\System\IaOWOpT.exe
  C:\Windows\System\IaOWOpT.exe
  2⤵
  PID:7784
- C:\Windows\System\yfFItIw.exe
  C:\Windows\System\yfFItIw.exe
  2⤵
  PID:7800
- C:\Windows\System\lNwiJFd.exe
  C:\Windows\System\lNwiJFd.exe
  2⤵
  PID:7864
- C:\Windows\System\INyodAR.exe
  C:\Windows\System\INyodAR.exe
  2⤵
  PID:7848
- C:\Windows\System\tPjEQir.exe
  C:\Windows\System\tPjEQir.exe
  2⤵
  PID:7904
- C:\Windows\System\zNhkPPA.exe
  C:\Windows\System\zNhkPPA.exe
  2⤵
  PID:7924
- C:\Windows\System\IMWZiog.exe
  C:\Windows\System\IMWZiog.exe
  2⤵
  PID:7956
- C:\Windows\System\lXwYVVI.exe
  C:\Windows\System\lXwYVVI.exe
  2⤵
  PID:7976
- C:\Windows\System\JIzobsQ.exe
  C:\Windows\System\JIzobsQ.exe
  2⤵
  PID:8040
- C:\Windows\System\OocVwkt.exe
  C:\Windows\System\OocVwkt.exe
  2⤵
  PID:8104
- C:\Windows\System\zOPErOE.exe
  C:\Windows\System\zOPErOE.exe
  2⤵
  PID:6936
- C:\Windows\System\uaDHiAp.exe
  C:\Windows\System\uaDHiAp.exe
  2⤵
  PID:7144
- C:\Windows\System\iBGhYtZ.exe
  C:\Windows\System\iBGhYtZ.exe
  2⤵
  PID:7204
- C:\Windows\System\xvTeIsp.exe
  C:\Windows\System\xvTeIsp.exe
  2⤵
  PID:6628
- C:\Windows\System\bcdtzhB.exe
  C:\Windows\System\bcdtzhB.exe
  2⤵
  PID:6564
- C:\Windows\System\bMHGzfr.exe
  C:\Windows\System\bMHGzfr.exe
  2⤵
  PID:8024
- C:\Windows\System\GFKZrYJ.exe
  C:\Windows\System\GFKZrYJ.exe
  2⤵
  PID:8188
- C:\Windows\System\LaEeLPz.exe
  C:\Windows\System\LaEeLPz.exe
  2⤵
  PID:6288
- C:\Windows\System\wHhlvuK.exe
  C:\Windows\System\wHhlvuK.exe
  2⤵
  PID:7240
- C:\Windows\System\zvMlBcU.exe
  C:\Windows\System\zvMlBcU.exe
  2⤵
  PID:8184
- C:\Windows\System\XMUuscx.exe
  C:\Windows\System\XMUuscx.exe
  2⤵
  PID:8156
- C:\Windows\System\wzWrtpe.exe
  C:\Windows\System\wzWrtpe.exe
  2⤵
  PID:7320
- C:\Windows\System\JqhbEtD.exe
  C:\Windows\System\JqhbEtD.exe
  2⤵
  PID:6920
- C:\Windows\System\ENAAKXt.exe
  C:\Windows\System\ENAAKXt.exe
  2⤵
  PID:7308
- C:\Windows\System\oMzDJXL.exe
  C:\Windows\System\oMzDJXL.exe
  2⤵
  PID:7404
- C:\Windows\System\UYabZRU.exe
  C:\Windows\System\UYabZRU.exe
  2⤵
  PID:7436
- C:\Windows\System\uuqLTce.exe
  C:\Windows\System\uuqLTce.exe
  2⤵
  PID:7564
- C:\Windows\System\MaiPLzW.exe
  C:\Windows\System\MaiPLzW.exe
  2⤵
  PID:7660
- C:\Windows\System\fUvTgAk.exe
  C:\Windows\System\fUvTgAk.exe
  2⤵
  PID:7820
- C:\Windows\System\IysiZgG.exe
  C:\Windows\System\IysiZgG.exe
  2⤵
  PID:7788
- C:\Windows\System\lTwtQJW.exe
  C:\Windows\System\lTwtQJW.exe
  2⤵
  PID:7832
- C:\Windows\System\wAnJsiu.exe
  C:\Windows\System\wAnJsiu.exe
  2⤵
  PID:7756
- C:\Windows\System\BnyQqOp.exe
  C:\Windows\System\BnyQqOp.exe
  2⤵
  PID:8012
- C:\Windows\System\RfsRwxd.exe
  C:\Windows\System\RfsRwxd.exe
  2⤵
  PID:8060
- C:\Windows\System\bwvLQNY.exe
  C:\Windows\System\bwvLQNY.exe
  2⤵
  PID:8076
- C:\Windows\System\CcICGvu.exe
  C:\Windows\System\CcICGvu.exe
  2⤵
  PID:5372
- C:\Windows\System\vfQBplw.exe
  C:\Windows\System\vfQBplw.exe
  2⤵
  PID:7192
- C:\Windows\System\OMHNAGO.exe
  C:\Windows\System\OMHNAGO.exe
  2⤵
  PID:6872
- C:\Windows\System\IqecuXo.exe
  C:\Windows\System\IqecuXo.exe
  2⤵
  PID:8124
- C:\Windows\System\vWUbzfY.exe
  C:\Windows\System\vWUbzfY.exe
  2⤵
  PID:7420
- C:\Windows\System\AwsLIVr.exe
  C:\Windows\System\AwsLIVr.exe
  2⤵
  PID:7352
- C:\Windows\System\aiBqPuk.exe
  C:\Windows\System\aiBqPuk.exe
  2⤵
  PID:7356
- C:\Windows\System\iPJdZxR.exe
  C:\Windows\System\iPJdZxR.exe
  2⤵
  PID:7768
- C:\Windows\System\DUElEMQ.exe
  C:\Windows\System\DUElEMQ.exe
  2⤵
  PID:7640
- C:\Windows\System\WcwAgHd.exe
  C:\Windows\System\WcwAgHd.exe
  2⤵
  PID:7288
- C:\Windows\System\kaUFXpy.exe
  C:\Windows\System\kaUFXpy.exe
  2⤵
  PID:8072
- C:\Windows\System\UbPGYAb.exe
  C:\Windows\System\UbPGYAb.exe
  2⤵
  PID:6692
- C:\Windows\System\ueMWGki.exe
  C:\Windows\System\ueMWGki.exe
  2⤵
  PID:8140
- C:\Windows\System\tIyMZpa.exe
  C:\Windows\System\tIyMZpa.exe
  2⤵
  PID:7548
- C:\Windows\System\mlHDuGG.exe
  C:\Windows\System\mlHDuGG.exe
  2⤵
  PID:8120
- C:\Windows\System\DRcGDzK.exe
  C:\Windows\System\DRcGDzK.exe
  2⤵
  PID:7908
- C:\Windows\System\fzaKRaD.exe
  C:\Windows\System\fzaKRaD.exe
  2⤵
  PID:7284
- C:\Windows\System\eBzQpzS.exe
  C:\Windows\System\eBzQpzS.exe
  2⤵
  PID:7676
- C:\Windows\System\LWFEhfs.exe
  C:\Windows\System\LWFEhfs.exe
  2⤵
  PID:7720
- C:\Windows\System\ztvXOgT.exe
  C:\Windows\System\ztvXOgT.exe
  2⤵
  PID:6240
- C:\Windows\System\IeeKjiW.exe
  C:\Windows\System\IeeKjiW.exe
  2⤵
  PID:6696
- C:\Windows\System\cVyuaUw.exe
  C:\Windows\System\cVyuaUw.exe
  2⤵
  PID:8196
- C:\Windows\System\xvrSdkb.exe
  C:\Windows\System\xvrSdkb.exe
  2⤵
  PID:8212
- C:\Windows\System\mwLbzrU.exe
  C:\Windows\System\mwLbzrU.exe
  2⤵
  PID:8228
- C:\Windows\System\DOPVLXT.exe
  C:\Windows\System\DOPVLXT.exe
  2⤵
  PID:8244
- C:\Windows\System\xpCZvrv.exe
  C:\Windows\System\xpCZvrv.exe
  2⤵
  PID:8260
- C:\Windows\System\yJSkKQZ.exe
  C:\Windows\System\yJSkKQZ.exe
  2⤵
  PID:8276
- C:\Windows\System\rDzVWsT.exe
  C:\Windows\System\rDzVWsT.exe
  2⤵
  PID:8292
- C:\Windows\System\WsTIfrL.exe
  C:\Windows\System\WsTIfrL.exe
  2⤵
  PID:8308
- C:\Windows\System\NfAOVPa.exe
  C:\Windows\System\NfAOVPa.exe
  2⤵
  PID:8324
- C:\Windows\System\NpAXhbk.exe
  C:\Windows\System\NpAXhbk.exe
  2⤵
  PID:8340
- C:\Windows\System\PNZGSou.exe
  C:\Windows\System\PNZGSou.exe
  2⤵
  PID:8356
- C:\Windows\System\JTmZUDe.exe
  C:\Windows\System\JTmZUDe.exe
  2⤵
  PID:8372
- C:\Windows\System\UTfMbeo.exe
  C:\Windows\System\UTfMbeo.exe
  2⤵
  PID:8388
- C:\Windows\System\TnlhqwQ.exe
  C:\Windows\System\TnlhqwQ.exe
  2⤵
  PID:8404
- C:\Windows\System\qTUEcip.exe
  C:\Windows\System\qTUEcip.exe
  2⤵
  PID:8420
- C:\Windows\System\ZsPviuY.exe
  C:\Windows\System\ZsPviuY.exe
  2⤵
  PID:8436
- C:\Windows\System\DhrKMtn.exe
  C:\Windows\System\DhrKMtn.exe
  2⤵
  PID:8452
- C:\Windows\System\MjXIGjT.exe
  C:\Windows\System\MjXIGjT.exe
  2⤵
  PID:8468
- C:\Windows\System\waKqXBu.exe
  C:\Windows\System\waKqXBu.exe
  2⤵
  PID:8484
- C:\Windows\System\jpfqycZ.exe
  C:\Windows\System\jpfqycZ.exe
  2⤵
  PID:8504
- C:\Windows\System\pPMRUGj.exe
  C:\Windows\System\pPMRUGj.exe
  2⤵
  PID:8520
- C:\Windows\System\tiLWAZQ.exe
  C:\Windows\System\tiLWAZQ.exe
  2⤵
  PID:8536
- C:\Windows\System\shnJJAo.exe
  C:\Windows\System\shnJJAo.exe
  2⤵
  PID:8552
- C:\Windows\System\OfvnLKj.exe
  C:\Windows\System\OfvnLKj.exe
  2⤵
  PID:8568
- C:\Windows\System\ZrahBJb.exe
  C:\Windows\System\ZrahBJb.exe
  2⤵
  PID:8584
- C:\Windows\System\BkqOyHN.exe
  C:\Windows\System\BkqOyHN.exe
  2⤵
  PID:8600
- C:\Windows\System\GFtJMJv.exe
  C:\Windows\System\GFtJMJv.exe
  2⤵
  PID:8616
- C:\Windows\System\rXaSQMg.exe
  C:\Windows\System\rXaSQMg.exe
  2⤵
  PID:8632
- C:\Windows\System\wMrPzyB.exe
  C:\Windows\System\wMrPzyB.exe
  2⤵
  PID:8648
- C:\Windows\System\aOzUCRk.exe
  C:\Windows\System\aOzUCRk.exe
  2⤵
  PID:8664
- C:\Windows\System\hUljJxq.exe
  C:\Windows\System\hUljJxq.exe
  2⤵
  PID:8680
- C:\Windows\System\pEhoOQH.exe
  C:\Windows\System\pEhoOQH.exe
  2⤵
  PID:8696
- C:\Windows\System\gIfPcyu.exe
  C:\Windows\System\gIfPcyu.exe
  2⤵
  PID:8712
- C:\Windows\System\Wsswjjy.exe
  C:\Windows\System\Wsswjjy.exe
  2⤵
  PID:8728
- C:\Windows\System\nStmcIU.exe
  C:\Windows\System\nStmcIU.exe
  2⤵
  PID:8744
- C:\Windows\System\keUZims.exe
  C:\Windows\System\keUZims.exe
  2⤵
  PID:8760
- C:\Windows\System\QUazTGf.exe
  C:\Windows\System\QUazTGf.exe
  2⤵
  PID:8776
- C:\Windows\System\sTHaRRk.exe
  C:\Windows\System\sTHaRRk.exe
  2⤵
  PID:8792
- C:\Windows\System\pUKURXt.exe
  C:\Windows\System\pUKURXt.exe
  2⤵
  PID:8808
- C:\Windows\System\nBndKYv.exe
  C:\Windows\System\nBndKYv.exe
  2⤵
  PID:8824
- C:\Windows\System\VQCBxxj.exe
  C:\Windows\System\VQCBxxj.exe
  2⤵
  PID:8840
- C:\Windows\System\IiqRIdY.exe
  C:\Windows\System\IiqRIdY.exe
  2⤵
  PID:8856
- C:\Windows\System\qWMFXOu.exe
  C:\Windows\System\qWMFXOu.exe
  2⤵
  PID:8872
- C:\Windows\System\kkjVbcv.exe
  C:\Windows\System\kkjVbcv.exe
  2⤵
  PID:8888
- C:\Windows\System\doCVCiR.exe
  C:\Windows\System\doCVCiR.exe
  2⤵
  PID:8904
- C:\Windows\System\wOYjebc.exe
  C:\Windows\System\wOYjebc.exe
  2⤵
  PID:8920
- C:\Windows\System\amuYZmX.exe
  C:\Windows\System\amuYZmX.exe
  2⤵
  PID:8936
- C:\Windows\System\dGIhAPe.exe
  C:\Windows\System\dGIhAPe.exe
  2⤵
  PID:8952
- C:\Windows\System\AuLTTgC.exe
  C:\Windows\System\AuLTTgC.exe
  2⤵
  PID:8968
- C:\Windows\System\FcUPsdX.exe
  C:\Windows\System\FcUPsdX.exe
  2⤵
  PID:8984
- C:\Windows\System\JcVTFUZ.exe
  C:\Windows\System\JcVTFUZ.exe
  2⤵
  PID:9000
- C:\Windows\System\nPGkMAq.exe
  C:\Windows\System\nPGkMAq.exe
  2⤵
  PID:9016
- C:\Windows\System\jFOMsrM.exe
  C:\Windows\System\jFOMsrM.exe
  2⤵
  PID:9032
- C:\Windows\System\NnUOcol.exe
  C:\Windows\System\NnUOcol.exe
  2⤵
  PID:9048
- C:\Windows\System\DzuBYrj.exe
  C:\Windows\System\DzuBYrj.exe
  2⤵
  PID:9064
- C:\Windows\System\pXTwbUJ.exe
  C:\Windows\System\pXTwbUJ.exe
  2⤵
  PID:9080
- C:\Windows\System\rdXoLXl.exe
  C:\Windows\System\rdXoLXl.exe
  2⤵
  PID:9096
- C:\Windows\System\EvLAOEE.exe
  C:\Windows\System\EvLAOEE.exe
  2⤵
  PID:9112
- C:\Windows\System\CUvUGcD.exe
  C:\Windows\System\CUvUGcD.exe
  2⤵
  PID:9128
- C:\Windows\System\sBEJuEo.exe
  C:\Windows\System\sBEJuEo.exe
  2⤵
  PID:9144
- C:\Windows\System\vZbuxmR.exe
  C:\Windows\System\vZbuxmR.exe
  2⤵
  PID:9160
- C:\Windows\System\MlUojMc.exe
  C:\Windows\System\MlUojMc.exe
  2⤵
  PID:9176
- C:\Windows\System\EflVURJ.exe
  C:\Windows\System\EflVURJ.exe
  2⤵
  PID:9192
- C:\Windows\System\HMnVKDt.exe
  C:\Windows\System\HMnVKDt.exe
  2⤵
  PID:9208
- C:\Windows\System\hfpQzJo.exe
  C:\Windows\System\hfpQzJo.exe
  2⤵
  PID:7884
- C:\Windows\System\wuGKCZa.exe
  C:\Windows\System\wuGKCZa.exe
  2⤵
  PID:8204
- C:\Windows\System\CrPuYnR.exe
  C:\Windows\System\CrPuYnR.exe
  2⤵
  PID:8252
- C:\Windows\System\GRGvmmL.exe
  C:\Windows\System\GRGvmmL.exe
  2⤵
  PID:8288
- C:\Windows\System\cRylNZQ.exe
  C:\Windows\System\cRylNZQ.exe
  2⤵
  PID:8320
- C:\Windows\System\SQENUoA.exe
  C:\Windows\System\SQENUoA.exe
  2⤵
  PID:8332
- C:\Windows\System\FjBLaiA.exe
  C:\Windows\System\FjBLaiA.exe
  2⤵
  PID:8384
- C:\Windows\System\VWilqTK.exe
  C:\Windows\System\VWilqTK.exe
  2⤵
  PID:8412
- C:\Windows\System\rDtLoaW.exe
  C:\Windows\System\rDtLoaW.exe
  2⤵
  PID:8448
- C:\Windows\System\sdkLaMK.exe
  C:\Windows\System\sdkLaMK.exe
  2⤵
  PID:8432
- C:\Windows\System\DIRKvso.exe
  C:\Windows\System\DIRKvso.exe
  2⤵
  PID:8576
- C:\Windows\System\fQAyzXs.exe
  C:\Windows\System\fQAyzXs.exe
  2⤵
  PID:8464
- C:\Windows\System\mhARlto.exe
  C:\Windows\System\mhARlto.exe
  2⤵
  PID:8532
- C:\Windows\System\klHWMJF.exe
  C:\Windows\System\klHWMJF.exe
  2⤵
  PID:8608
- C:\Windows\System\DPWEgfj.exe
  C:\Windows\System\DPWEgfj.exe
  2⤵
  PID:8640
- C:\Windows\System\cXbNNCP.exe
  C:\Windows\System\cXbNNCP.exe
  2⤵
  PID:8676
- C:\Windows\System\jUxTQPG.exe
  C:\Windows\System\jUxTQPG.exe
  2⤵
  PID:8656
- C:\Windows\System\hgPxpxj.exe
  C:\Windows\System\hgPxpxj.exe
  2⤵
  PID:8740
- C:\Windows\System\emIUvEc.exe
  C:\Windows\System\emIUvEc.exe
  2⤵
  PID:8800
- C:\Windows\System\nbeCuEV.exe
  C:\Windows\System\nbeCuEV.exe
  2⤵
  PID:8864
- C:\Windows\System\YarsTCQ.exe
  C:\Windows\System\YarsTCQ.exe
  2⤵
  PID:8756
- C:\Windows\System\bNSSgTU.exe
  C:\Windows\System\bNSSgTU.exe
  2⤵
  PID:8820
- C:\Windows\System\Vrqbsza.exe
  C:\Windows\System\Vrqbsza.exe
  2⤵
  PID:8928
- C:\Windows\System\hgEqinJ.exe
  C:\Windows\System\hgEqinJ.exe
  2⤵
  PID:8992
- C:\Windows\System\mwEdbkJ.exe
  C:\Windows\System\mwEdbkJ.exe
  2⤵
  PID:9056
- C:\Windows\System\vPIwajm.exe
  C:\Windows\System\vPIwajm.exe
  2⤵
  PID:9092
- C:\Windows\System\yqIZVtk.exe
  C:\Windows\System\yqIZVtk.exe
  2⤵
  PID:8912
- C:\Windows\System\haEfzUF.exe
  C:\Windows\System\haEfzUF.exe
  2⤵
  PID:8976
- C:\Windows\System\VJJKoHX.exe
  C:\Windows\System\VJJKoHX.exe
  2⤵
  PID:9040
- C:\Windows\System\ZBHorrD.exe
  C:\Windows\System\ZBHorrD.exe
  2⤵
  PID:9076
- C:\Windows\System\ODRtADL.exe
  C:\Windows\System\ODRtADL.exe
  2⤵
  PID:9140
- C:\Windows\System\foiynxk.exe
  C:\Windows\System\foiynxk.exe
  2⤵
  PID:9204
- C:\Windows\System\hsOezGX.exe
  C:\Windows\System\hsOezGX.exe
  2⤵
  PID:7980
- C:\Windows\System\HZTsvMO.exe
  C:\Windows\System\HZTsvMO.exe
  2⤵
  PID:8272
- C:\Windows\System\eFCgRpy.exe
  C:\Windows\System\eFCgRpy.exe
  2⤵
  PID:8304
- C:\Windows\System\uBhIBuj.exe
  C:\Windows\System\uBhIBuj.exe
  2⤵
  PID:8352
- C:\Windows\System\ISSWgbd.exe
  C:\Windows\System\ISSWgbd.exe
  2⤵
  PID:8396
- C:\Windows\System\tXtKMor.exe
  C:\Windows\System\tXtKMor.exe
  2⤵
  PID:8428
- C:\Windows\System\OzEdZYr.exe
  C:\Windows\System\OzEdZYr.exe
  2⤵
  PID:8528
- C:\Windows\System\XzEPWhd.exe
  C:\Windows\System\XzEPWhd.exe
  2⤵
  PID:8564
- C:\Windows\System\SIUmvUt.exe
  C:\Windows\System\SIUmvUt.exe
  2⤵
  PID:8672
- C:\Windows\System\zycqeca.exe
  C:\Windows\System\zycqeca.exe
  2⤵
  PID:8852
- C:\Windows\System\vXbnult.exe
  C:\Windows\System\vXbnult.exe
  2⤵
  PID:8692
- C:\Windows\System\TTNInTZ.exe
  C:\Windows\System\TTNInTZ.exe
  2⤵
  PID:8816
- C:\Windows\System\zehzgTA.exe
  C:\Windows\System\zehzgTA.exe
  2⤵
  PID:9028
- C:\Windows\System\YfzoouP.exe
  C:\Windows\System\YfzoouP.exe
  2⤵
  PID:9104
- C:\Windows\System\XSfNZVV.exe
  C:\Windows\System\XSfNZVV.exe
  2⤵
  PID:8948
- C:\Windows\System\ebMZFGX.exe
  C:\Windows\System\ebMZFGX.exe
  2⤵
  PID:9156
- C:\Windows\System\UrAnhht.exe
  C:\Windows\System\UrAnhht.exe
  2⤵
  PID:9200
- C:\Windows\System\UUsUSCx.exe
  C:\Windows\System\UUsUSCx.exe
  2⤵
  PID:8316
- C:\Windows\System\TvRptsu.exe
  C:\Windows\System\TvRptsu.exe
  2⤵
  PID:8368
- C:\Windows\System\pBmkMJg.exe
  C:\Windows\System\pBmkMJg.exe
  2⤵
  PID:8512
- C:\Windows\System\DDitJny.exe
  C:\Windows\System\DDitJny.exe
  2⤵
  PID:8708
- C:\Windows\System\gTGwmVp.exe
  C:\Windows\System\gTGwmVp.exe
  2⤵
  PID:8724
- C:\Windows\System\FjtqGJX.exe
  C:\Windows\System\FjtqGJX.exe
  2⤵
  PID:8788
- C:\Windows\System\DcOoDbv.exe
  C:\Windows\System\DcOoDbv.exe
  2⤵
  PID:9012
- C:\Windows\System\GSnshiu.exe
  C:\Windows\System\GSnshiu.exe
  2⤵
  PID:9072
- C:\Windows\System\GjMTPwE.exe
  C:\Windows\System\GjMTPwE.exe
  2⤵
  PID:8400
- C:\Windows\System\iTYeFbx.exe
  C:\Windows\System\iTYeFbx.exe
  2⤵
  PID:9184
- C:\Windows\System\rZllGwl.exe
  C:\Windows\System\rZllGwl.exe
  2⤵
  PID:9152
- C:\Windows\System\IDpmGhX.exe
  C:\Windows\System\IDpmGhX.exe
  2⤵
  PID:8772
- C:\Windows\System\mGdokmq.exe
  C:\Windows\System\mGdokmq.exe
  2⤵
  PID:8500
- C:\Windows\System\AvgsExJ.exe
  C:\Windows\System\AvgsExJ.exe
  2⤵
  PID:8236
- C:\Windows\System\XTomyvn.exe
  C:\Windows\System\XTomyvn.exe
  2⤵
  PID:8460
- C:\Windows\System\rcTKXod.exe
  C:\Windows\System\rcTKXod.exe
  2⤵
  PID:9496
- C:\Windows\System\vVZZpuX.exe
  C:\Windows\System\vVZZpuX.exe
  2⤵
  PID:9564
- C:\Windows\System\nGmtIYq.exe
  C:\Windows\System\nGmtIYq.exe
  2⤵
  PID:9952
- C:\Windows\System\zIkWRLw.exe
  C:\Windows\System\zIkWRLw.exe
  2⤵
  PID:10000
- C:\Windows\System\iJTrQSf.exe
  C:\Windows\System\iJTrQSf.exe
  2⤵
  PID:10032
- C:\Windows\System\IyBnplr.exe
  C:\Windows\System\IyBnplr.exe
  2⤵
  PID:10180
- C:\Windows\System\fETOZXm.exe
  C:\Windows\System\fETOZXm.exe
  2⤵
  PID:9628
- C:\Windows\System\JkhAXWs.exe
  C:\Windows\System\JkhAXWs.exe
  2⤵
  PID:9844
- C:\Windows\System\QKVoefz.exe
  C:\Windows\System\QKVoefz.exe
  2⤵
  PID:10088
- C:\Windows\System\HBRqlJT.exe
  C:\Windows\System\HBRqlJT.exe
  2⤵
  PID:10168
- C:\Windows\System\hTvPQZH.exe
  C:\Windows\System\hTvPQZH.exe
  2⤵
  PID:10152
- C:\Windows\System\bBlgRRC.exe
  C:\Windows\System\bBlgRRC.exe
  2⤵
  PID:10100
- C:\Windows\System\TjJMowT.exe
  C:\Windows\System\TjJMowT.exe
  2⤵
  PID:10132
- C:\Windows\System\atgsmgb.exe
  C:\Windows\System\atgsmgb.exe
  2⤵
  PID:10128
- C:\Windows\System\YTdLdPR.exe
  C:\Windows\System\YTdLdPR.exe
  2⤵
  PID:10196
- C:\Windows\System\nOvENZJ.exe
  C:\Windows\System\nOvENZJ.exe
  2⤵
  PID:10220
- C:\Windows\System\QfpdEmu.exe
  C:\Windows\System\QfpdEmu.exe
  2⤵
  PID:8960
- C:\Windows\System\SekUiya.exe
  C:\Windows\System\SekUiya.exe
  2⤵
  PID:9240
- C:\Windows\System\rJoCShD.exe
  C:\Windows\System\rJoCShD.exe
  2⤵
  PID:9272
- C:\Windows\System\odkmOeS.exe
  C:\Windows\System\odkmOeS.exe
  2⤵
  PID:9292
- C:\Windows\System\WnzEXyH.exe
  C:\Windows\System\WnzEXyH.exe
  2⤵
  PID:9304
- C:\Windows\System\PSkdbWE.exe
  C:\Windows\System\PSkdbWE.exe
  2⤵
  PID:9328
- C:\Windows\System\Rnibswi.exe
  C:\Windows\System\Rnibswi.exe
  2⤵
  PID:9348
- C:\Windows\System\juZGKQK.exe
  C:\Windows\System\juZGKQK.exe
  2⤵
  PID:9368
- C:\Windows\System\IQaVIPU.exe
  C:\Windows\System\IQaVIPU.exe
  2⤵
  PID:9384
- C:\Windows\System\JPHsIVC.exe
  C:\Windows\System\JPHsIVC.exe
  2⤵
  PID:9420
- C:\Windows\System\DyZNGWG.exe
  C:\Windows\System\DyZNGWG.exe
  2⤵
  PID:9436
- C:\Windows\System\QNbdNGq.exe
  C:\Windows\System\QNbdNGq.exe
  2⤵
  PID:9448
- C:\Windows\System\VbZPDrg.exe
  C:\Windows\System\VbZPDrg.exe
  2⤵
  PID:9468
- C:\Windows\System\imWFQhT.exe
  C:\Windows\System\imWFQhT.exe
  2⤵
  PID:9480
- C:\Windows\System\lTmdwxD.exe
  C:\Windows\System\lTmdwxD.exe
  2⤵
  PID:9516
- C:\Windows\System\HynFqZj.exe
  C:\Windows\System\HynFqZj.exe
  2⤵
  PID:9592
- C:\Windows\System\ArnGBIQ.exe
  C:\Windows\System\ArnGBIQ.exe
  2⤵
  PID:9548
- C:\Windows\System\gvHVRDF.exe
  C:\Windows\System\gvHVRDF.exe
  2⤵
  PID:9580
- C:\Windows\System\SOWQODu.exe
  C:\Windows\System\SOWQODu.exe
  2⤵
  PID:9620
- C:\Windows\System\tPIynTi.exe
  C:\Windows\System\tPIynTi.exe
  2⤵
  PID:9636
- C:\Windows\System\FZHnGcu.exe
  C:\Windows\System\FZHnGcu.exe
  2⤵
  PID:9688
- C:\Windows\System\EnRWvkC.exe
  C:\Windows\System\EnRWvkC.exe
  2⤵
  PID:9756
- C:\Windows\System\CqHwWhr.exe
  C:\Windows\System\CqHwWhr.exe
  2⤵
  PID:9712
- C:\Windows\System\GCpMvqD.exe
  C:\Windows\System\GCpMvqD.exe
  2⤵
  PID:9716
- C:\Windows\System\hvBrFZo.exe
  C:\Windows\System\hvBrFZo.exe
  2⤵
  PID:9728
- C:\Windows\System\BfzWRmm.exe
  C:\Windows\System\BfzWRmm.exe
  2⤵
  PID:9768
- C:\Windows\System\BjxVRkU.exe
  C:\Windows\System\BjxVRkU.exe
  2⤵
  PID:9800
- C:\Windows\System\QVZsMLn.exe
  C:\Windows\System\QVZsMLn.exe
  2⤵
  PID:9836
- C:\Windows\System\QlREEvq.exe
  C:\Windows\System\QlREEvq.exe
  2⤵
  PID:9868
- C:\Windows\System\yPKSmxL.exe
  C:\Windows\System\yPKSmxL.exe
  2⤵
  PID:9888
- C:\Windows\System\QPkVDeu.exe
  C:\Windows\System\QPkVDeu.exe
  2⤵
  PID:9908
- C:\Windows\System\rJAkZNm.exe
  C:\Windows\System\rJAkZNm.exe
  2⤵
  PID:9928
- C:\Windows\System\zAcLrDN.exe
  C:\Windows\System\zAcLrDN.exe
  2⤵
  PID:9948
- C:\Windows\System\PsxuSPO.exe
  C:\Windows\System\PsxuSPO.exe
  2⤵
  PID:996
- C:\Windows\System\WJnXMWc.exe
  C:\Windows\System\WJnXMWc.exe
  2⤵
  PID:10020
- C:\Windows\System\VXVALYM.exe
  C:\Windows\System\VXVALYM.exe
  2⤵
  PID:9828
- C:\Windows\System\YSGVcGO.exe
  C:\Windows\System\YSGVcGO.exe
  2⤵
  PID:10056
- C:\Windows\System\YOLSDLu.exe
  C:\Windows\System\YOLSDLu.exe
  2⤵
  PID:10080
- C:\Windows\System\rttSCSc.exe
  C:\Windows\System\rttSCSc.exe
  2⤵
  PID:10160
- C:\Windows\System\tmNOPND.exe
  C:\Windows\System\tmNOPND.exe
  2⤵
  PID:10136
- C:\Windows\System\QlBQmGv.exe
  C:\Windows\System\QlBQmGv.exe
  2⤵
  PID:10200
- C:\Windows\System\PLFgKof.exe
  C:\Windows\System\PLFgKof.exe
  2⤵
  PID:10236
- C:\Windows\System\QJhxELX.exe
  C:\Windows\System\QJhxELX.exe
  2⤵
  PID:10232
- C:\Windows\System\vtkIqIa.exe
  C:\Windows\System\vtkIqIa.exe
  2⤵
  PID:9316
- C:\Windows\System\kFOsaew.exe
  C:\Windows\System\kFOsaew.exe
  2⤵
  PID:9376
- C:\Windows\System\ebhRwsz.exe
  C:\Windows\System\ebhRwsz.exe
  2⤵
  PID:9320
- C:\Windows\System\DbXldYl.exe
  C:\Windows\System\DbXldYl.exe
  2⤵
  PID:9356
- C:\Windows\System\lLmdwOU.exe
  C:\Windows\System\lLmdwOU.exe
  2⤵
  PID:9408
- C:\Windows\System\ukXYrcC.exe
  C:\Windows\System\ukXYrcC.exe
  2⤵
  PID:9432
- C:\Windows\System\lWtNhtT.exe
  C:\Windows\System\lWtNhtT.exe
  2⤵
  PID:9460
- C:\Windows\System\XvTcVLT.exe
  C:\Windows\System\XvTcVLT.exe
  2⤵
  PID:9488
- C:\Windows\System\NeklndV.exe
  C:\Windows\System\NeklndV.exe
  2⤵
  PID:9584
- C:\Windows\System\AOMflxh.exe
  C:\Windows\System\AOMflxh.exe
  2⤵
  PID:9616
- C:\Windows\System\MbBhCTy.exe
  C:\Windows\System\MbBhCTy.exe
  2⤵
  PID:9656
- C:\Windows\System\NyiIQzM.exe
  C:\Windows\System\NyiIQzM.exe
  2⤵
  PID:9540
- C:\Windows\System\gglulMB.exe
  C:\Windows\System\gglulMB.exe
  2⤵
  PID:9680
- C:\Windows\System\tpbRMQU.exe
  C:\Windows\System\tpbRMQU.exe
  2⤵
  PID:9732
- C:\Windows\System\lnKOZIP.exe
  C:\Windows\System\lnKOZIP.exe
  2⤵
  PID:9772
- C:\Windows\System\kQEvxjP.exe
  C:\Windows\System\kQEvxjP.exe
  2⤵
  PID:9896
- C:\Windows\System\pwhNLjF.exe
  C:\Windows\System\pwhNLjF.exe
  2⤵
  PID:9916
- C:\Windows\System\RzfWBxs.exe
  C:\Windows\System\RzfWBxs.exe
  2⤵
  PID:10016
- C:\Windows\System\HpcSLFh.exe
  C:\Windows\System\HpcSLFh.exe
  2⤵
  PID:9940
- C:\Windows\System\NhooMaB.exe
  C:\Windows\System\NhooMaB.exe
  2⤵
  PID:9964
- C:\Windows\System\WKkBfXN.exe
  C:\Windows\System\WKkBfXN.exe
  2⤵
  PID:10048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BnEiIjd.exe

Filesize
6.0MB

MD5
3fa95f3f0fbe47088095ebc7328c8d3a

SHA1
93b0ad9b120689fef561ee319465733be784e098

SHA256
6783ea353ddf5f0ac6a309664f4f26bff92e81016774acae0113e58740770301

SHA512
bc97d18c03c3bd5682a11fd5dcce4001e8b576e6cdafc8774230d38e44816340de27f01ed3aae84e16f235506db7b102e82bd8d489a28144465fc3f75dace76e

Download Submit
C:\Windows\system\GWXRapH.exe

Filesize
6.0MB

MD5
77391bfbad06701d2969a587e518a0b0

SHA1
50afde537176a4ddda35fa7845a8ae56067edcec

SHA256
83da60b6e9b32fa220b71c71783603451cb49486363eb0c9a5178ede40ba5e54

SHA512
d0e42bbaf8fe85124e3426e120da1ed33dd07810c167006b8ece75032ed6361d0725bb0e3ac38afe8b668d4d68e5b3b0cf0a904c142db1c2f7767146a1e35b71

Download Submit
C:\Windows\system\KgeoSyH.exe

Filesize
6.0MB

MD5
6ee075d698c62eb814b962919e6631f4

SHA1
1d2c653e82645b05ac5ab43c58804f7d2f087e29

SHA256
22be0a35bba468d240fdd75aea38580bfbe6d20f01f8a203226f5c1aca4a0689

SHA512
2154907a0b48b388f75b583eeadae2cd801c2a17a60ac4881eece910726eb64eecb25b586f4e73655b4021c938876b6de88eab6454d8d0bd958574f4a4f154a2

Download Submit
C:\Windows\system\LSPbVjQ.exe

Filesize
6.0MB

MD5
4587c17cfa21c4019b457a28887530b5

SHA1
a24e4df6b3039be9e20a5ef5e0d698894f58999f

SHA256
3f875fca4ca3d4dce085a21aa6619dbb8aebc5dc63aaf31e5e01db35db4a03e9

SHA512
b08abe5e1752975bd01814ce2870bb42fb765489b7dff1542298b24c3be7b0482791c61908af62ebfb35826a47779227b0f0508c667908e18fd40914a3f48bba

Download Submit
C:\Windows\system\LyIdiiy.exe

Filesize
6.0MB

MD5
7be989e37bb4a0ee7b286962263d956b

SHA1
7a87a548dd15a8d17eba7a78e02a424a619e20b4

SHA256
3d18fd1ce4c056f4dc9f93cff1734aec5b32505d347f9f0d4a6c141cf0572168

SHA512
9685f6f72028389753bbf03733364303e1f73a454c2e61345b7525889fbebad7780f387e8409d93e0bca208ad4d11cc45f4eafaaa5b671a1fc0091b1ae6cd3c6

Download Submit
C:\Windows\system\MbgItKT.exe

Filesize
6.0MB

MD5
be63c1ac3adc60d427ab13318b755bbd

SHA1
29d91db7bd4be298fd105ef0ac1bf0cba36b2223

SHA256
2321ea113ad16a89f0d96491aead86b0dc0f0a1ce7c0b81702b873061a796323

SHA512
f40aa8981cc657fa7cea5666f7766c1f12459d2faccdb4ce317ca28a5862ce8109d9d10462d5eca3b384c534f759ab1d2eb09bb21dd6ef81711d9d0391742271

Download Submit
C:\Windows\system\MsFgByw.exe

Filesize
6.0MB

MD5
4c67b919d01e133c6f81a5e7238eeb2d

SHA1
f63c3744115d884df54a643ed98543c7916d349b

SHA256
b4ab84703372b656a8398250914a493e88e8cf609b5d8beadcc44e2fda245fff

SHA512
efbe4dabedafc0598312384dfd370be1b2574e73b5fdda6e44bbde39be86f3c2b0aa442aba78847ecf31ce08f6104706cb341c707702059c3e47387c22665ed3

Download Submit
C:\Windows\system\MwASyTP.exe

Filesize
6.0MB

MD5
7c9af5ff8ab1cc99a77cd6890d61459b

SHA1
379d7b98f268459414aa2297bf48cb4fceee7b25

SHA256
536edc7a30b09ce213bef209069363b69005598fa46bd78cd8fa13664f47f216

SHA512
f2a8f429a2262800075b71e009b2e95a93a678d6088d5760db65cb4ba0169b69381708734e577f2439ddbd0ae451dce9608a9c037acb1a34c03d124b7eb81518

Download Submit
C:\Windows\system\Nriscxo.exe

Filesize
6.0MB

MD5
b345810ad7eeaf543c81642c7891b314

SHA1
7e6516576e71ca5146435ae652f022dd5eee057b

SHA256
c855ff7f0238cacd5343213f0fa0b2656ab9acfa0d32e643451544a8a1611d2e

SHA512
979fcc261a9e5a8164e9752c33d16a83ca25f04728cdc8938db6ceadd7649c25baa02ada528c36f5f41309f4b3bd58464341e93ed8758bc1197b1615b67a73a6

Download Submit
C:\Windows\system\OMGqfWl.exe

Filesize
6.0MB

MD5
2e8dc5b7f9057e5d8b374ce4fe23af24

SHA1
4d1f9a2609a2ab1a6c54f8330aa22fdae57e96b1

SHA256
f309441146f0fae9ec028f5e43637964f7c54fcb64daedb17cb7cce1201bbc26

SHA512
d78179e6808df21a9ae3fa62873e17b4e77d734997103587470d52a52170ed193ec3acd344d959926d21a263111e7ef04de4a06311bec01b8bd19deb86640494

Download Submit
C:\Windows\system\OzGjxBp.exe

Filesize
6.0MB

MD5
dbd28b6ca76a49924c28de7d034af136

SHA1
c4922a329ab04f7a4a2867740ed1818dc09809e4

SHA256
cdaca662214c0647a466c261aeac3b566207e29fb341e42f3a4e6555065bb3c0

SHA512
600b0eef30e3410f156e1fcb465b8c621b91c9f1e4a96cc192b5693d376ec8ce5dbd6bff7bc9aa64cdaa70da2b2eac12d66315284be5c43c98a96365c276f070

Download Submit
C:\Windows\system\TKsTdkq.exe

Filesize
6.0MB

MD5
8e7ba180e7bd81e2195acb13d120d7ef

SHA1
0026a085247786004337ce5aa588941e91a0a1bb

SHA256
f00fb9c644d5f8490c43f2ca3e6f618b073746108ad6de74e19650241de517a3

SHA512
75174bbc97f5a0cd5c9fc7d7d64a0d5eb0095ccad8ea9ce64988f81334f8ffe9910e6923041b08b0263338e7a92a35c14bb4316e519fa724a48885f1f01d9d10

Download Submit
C:\Windows\system\TjiLcBf.exe

Filesize
6.0MB

MD5
7fd748017a9038d58b1099f47ec4c549

SHA1
788ed9595b16fbebdb0bc9b4be6ced8286476465

SHA256
89b6c0c38f03ddc51fe184d40eccc618ec0ecea6fc45a7f96a3448ef2893fd6a

SHA512
5c776cf9e462ddd3a495e3f3455e64d9b036887818cb0ee9a2a181412d9cccc9422b8edb4661bfa5078c6aa2955817728d84f4c33bbe3cd7d331f142cc8d28c6

Download Submit
C:\Windows\system\WJAtdLO.exe

Filesize
6.0MB

MD5
6ada7dbc83e4aa1e66bd2fb9fd795dc9

SHA1
32b65926303a0548c350a58257f8a2d4471a13b3

SHA256
e3db77c343195fc5e774c285d784d2673edbc828e231aea29e32b04c808c15a4

SHA512
fd75d04c52617865d98a9e4f20d35f6060b1ee137a2e8744b23adb4aced593823472b7a9f6221e8b876c2c3af70987e1d279e0ce41843316f05a132d6fd006b4

Download Submit
C:\Windows\system\WajoURg.exe

Filesize
6.0MB

MD5
55197a0bd591c6a3c74b25b0b3296dfe

SHA1
96af2f6f9e61c2ad38f6e6ce48d8c1e3fcad9b17

SHA256
e67b74c41276ce507fa6949e4b201fcec74d9015da57e1eb45ba9874991c3812

SHA512
0c95a1bf7ca789bb5407a790adefede790c6788c4f51a216ebd806979b00438fe2c02bf0c3effcea4c11f201d05cbc44a630fc3edccca575765bf476b0d194b4

Download Submit
C:\Windows\system\XvVgZCl.exe

Filesize
6.0MB

MD5
457ab2bd5336845f65ff6e7aafa1577e

SHA1
3c62344caab08da004b260d3b6a9243e85375e0b

SHA256
7121a9cf6cce24b82a4028a95483f3498063765bca9c01ec9b1b55d64137ae2b

SHA512
b5fd4da580db3d03f39286ad13395f71d53bc271b6899232da14cb80dc116207bf9219b780a72c98c644598f6752db0edde2f999e9baceabe2d71ab42db0e891

Download Submit
C:\Windows\system\bmGplIp.exe

Filesize
6.0MB

MD5
e504dbb2096cf37eb0ea52ca31e3ae8d

SHA1
91f77a44ff6b747b4d003ddbb681eaa2648e7e67

SHA256
4e5ab3904e0476d6ec77ee9e01f78296065fc04aa65e661b73b1f72b50ea16d5

SHA512
3791de00601619fa5aa1805160ef98b5d61879f6532f0b37c02ad2317cfda68fe4ef162fd90c9684bb4951cfd6703c7243f61468c98d7c597766d840ba5541da

Download Submit
C:\Windows\system\ekITJYT.exe

Filesize
6.0MB

MD5
e2f8b027382270ec4547120370538439

SHA1
03a02eb7816194494be9d026fac541b766312d57

SHA256
7438d8dcb1f53b8a80d186ab7af0a656e665d06ce872f66679bbb34ef9e174e5

SHA512
99802bc7c89691fcec5659def63e0e57e7d8941aa6c81d5b3139a771ae8c185f135d1450b30fa4105de2c87f9b1ddf0a7c2311c4c95a8305012d5ac64c384ef1

Download Submit
C:\Windows\system\fogBebC.exe

Filesize
6.0MB

MD5
2b85f861002f8e0caf149c3be1e201d1

SHA1
d1bf84708c886a7d7a4c69e4ec80de23a1d14b8a

SHA256
5b292c644ee7f1f34a19fcaea2d5046949ca57a4bb5170db5a020551198be1bc

SHA512
519d9c9e82ddf3b6b022f2fb38f3c873c007917c5c34dac69287548e0d7484acba1291659682503085e7723c9378af0eeb6c181f2b9c04986bd08cdb1377460c

Download Submit
C:\Windows\system\fqRGPTW.exe

Filesize
6.0MB

MD5
d258025717137e13c139231e62d7d4be

SHA1
ef73489adb4b96e953e793570a8c5bbe39e3e8dd

SHA256
f36c558a14f84d4ecd8de1c22d4e3e4a5d32680a3c3a32ab45d750df788e1de2

SHA512
d8ad75c7ad1d4d23de2026abfa802510a8aef6bcabe42850447935618b602b8ff307cd745f7e5d3bd69eb57b7a719d3dddaf35148b4aafc04f787ccd07215d02

Download Submit
C:\Windows\system\hfqpmpK.exe

Filesize
6.0MB

MD5
2478640df9d672bf77b35221b127243d

SHA1
a63684bdf4b92802c2d6bec07053be485e95e00d

SHA256
6e1e94817fd1672591b405d28e33903e9a1ea0bc99d5f38275aecd06280dd1be

SHA512
e5b16aceeddde257d1a8652233c31fab7159f25de53ea92d27849d7aa3b572b1e718d83d3fd740d75d9de2be15f38afd9be0923724991b8d1c3cba50d46e0ffc

Download Submit
C:\Windows\system\pIHzniT.exe

Filesize
6.0MB

MD5
279386280da8fa87fd28d56fe3c14840

SHA1
753dc56ce18d5e2edea40d2bdaa177e4626b7f0e

SHA256
20dc2c2f69189de469f0592af34543b915d55a160bec80451e29f0d1b0a3313e

SHA512
31b3d886b455fafedcb9fbe2a8b37a8ceca2027b9d5018584c98a4a42386a50141cc9cac11e0bdc8cbc8a2c989f00e85d912f1fc59e87d619e8ca9f050d0d72c

Download Submit
C:\Windows\system\pMmxUWE.exe

Filesize
6.0MB

MD5
97800287ca86e218ebd43acd9ed9e273

SHA1
c68b8d6fe9c56ab7aac93af11e72941e827c84b0

SHA256
4867b54abc10ad4dd4d4b893ba9567f2823f21211e078c44862d13bbcfe0b44a

SHA512
9e6cf0b63e6014908d1122d48c59f4df81c83f075eba2b2d740d269dc20f38d1721a8f25db0b59e4cf64c992eddf0c72b2a26a532716038ae253f5e9645e0763

Download Submit
C:\Windows\system\qOQRxLR.exe

Filesize
6.0MB

MD5
76f4624ae8f3bb555fd08b4f3fbfed6f

SHA1
1c2f9e9b85c50b67cc6e4d710269dba7f327c2e3

SHA256
b87a0102cef46c04bc4d5aad6d8cfce41cce6d9b5612324147f3c9568fb563b0

SHA512
4ed93c7cead7774067f4a3ce9abebb74d51344dc8646deb18187dee2ecdf5c9a7131ad6fef449aea2ad93172e06033862abc2e1f7317ae49aa320233d02b0b9e

Download Submit
C:\Windows\system\uCXfyWo.exe

Filesize
6.0MB

MD5
c8e373a8522ede99b94eed1fc771bfb9

SHA1
73a1b0f5e62cb994e32ddaa5499ae22ccbb31ed4

SHA256
0c026166689a52b2a0cd7ec3426338aa76860ebf988dd10700cad7a2e0174746

SHA512
66a7f5c0956903f3602953c64fcb14bb059eacc6d9ad56a6248ec112b4553202dca4d21a98d067901ddfcf687ee2a6682589c2b0d79062c6eed50bf5d2967699

Download Submit
C:\Windows\system\uMnjcej.exe

Filesize
6.0MB

MD5
fe5e921dfde9ab044c405177587f05b9

SHA1
cbc4197f88c1587f717a18bd9ca6ed63536acd95

SHA256
2cc2b2f52b2015dae4bd311583ef7aa82438e3c2e94375f1fa2f40743339e687

SHA512
3f8d04d807300fed8b6e1b7d6eaaff7b8485bc66769df470e4c24904d980e7fe98da4de1c55f46e594a6c44e24cf860d6808c474f88539c043d4bdeed44701fd

Download Submit
C:\Windows\system\xUYqTrD.exe

Filesize
6.0MB

MD5
c6384760a67e5bc6dfebe3c778793702

SHA1
bb1edfdb61ec4c040a49478b9e916a443bba28b0

SHA256
9fb622a83e1efbac10b914f60dfbfe1b26033537b72f1b59517c41a4beb4ee70

SHA512
0ed6a9df561532bc2cc71b996f04470edf584b73df78eaa4f36868fd940fa609cb3f41738be44af0537f782b208dbf149ebe727b2e4bec2ea760ca81999a6be8

Download Submit
\Windows\system\FfwIDKT.exe

Filesize
6.0MB

MD5
7f7b96841fd536b08c4c546ea81cb307

SHA1
1710c960abd2f5f994bd08aaaf8f0d1d262cf568

SHA256
6b634642d7d6dbf5ffcdbf0a0579d0ba33a929b8572259665f54a78658ebbb86

SHA512
401cfa617e77b23896b14440b387d2c1e548eaa280516c6bdcf7a07c8b19d9a69ef406d9192d92e4c57fbfb397b7b2fb359dc933c5e553d64e23872acc621bb7

Download Submit
\Windows\system\RbqPzYs.exe

Filesize
6.0MB

MD5
1322937d2ea25aac40c842dde95d0104

SHA1
e5c8ba9eb06ef908b3ee045bf56fcc1f0740f4f5

SHA256
c7c224a53cd35bd08007f3f58dd034b944f87266603f0e689a2b285a82d09cca

SHA512
dd89d544b83e841b0a8244b4491a0754eddfe7fa7ea02b6a2f03e722a8d44c1a7c0bf0c9ccaa0ad763ce986f12f6a72033312c12ef2dd4c6abcc1a891239f1f0

Download Submit
\Windows\system\TPXRECo.exe

Filesize
6.0MB

MD5
b820c194ee11099be0f0d9af405b9b52

SHA1
800a280c3fa71645acf661a71415decbb301a3e2

SHA256
0fd96ae5209d5999582ae51013423b349b1b3f4af32006515c7ef43bd522c2ea

SHA512
f685eeb37ae354d9c082484f6761503fb670a3f16b89d47627130ced93cbe5b9096ed5a7b0beb61307cd66fe254d6e44b5fb0736b0384de8662e4dac5dc436e2

Download Submit
\Windows\system\mmGVsTf.exe

Filesize
6.0MB

MD5
6a7adbbc77b24b24e166f23195e529f5

SHA1
7429edc05d8eac788f3d9d3c3806fb292486fef0

SHA256
5d7d1680436622adbd5f396c085a2fcc962013db0e76e74d803373e06f14628a

SHA512
d825bf0c7df0b0ed6ee58c056e4ae295916cccda19fb0e0fcf8bde289fda2152e09b14e7e9b1fd5641050eaa1138737e479d2feeed8515453547292934681c73

Download Submit
\Windows\system\wZDAVVB.exe

Filesize
6.0MB

MD5
b1f357fc25bbde0ddd906aee49ebdd00

SHA1
89da415836b3ee55b91e62f4dec3a146c8789a86

SHA256
289077a8b42bd3f2e813f5c094bef18ea62aad0ded071825495c43291a5895de

SHA512
814055351161393c4c69c0c08ab4427cff63466be5e189e5011748fcbb5ad2af32a5e162a28a688aab3ab09fd62efabe4b10cc8e46be15233776ab917c8bbe7e

Download Submit
memory/1192-16-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/1192-3502-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/1772-95-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/1772-3696-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2356-138-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2356-3507-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2356-20-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2456-3687-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-82-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-3607-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-27-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-412-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-17-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2532-91-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2532-93-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2532-42-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-10-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2532-46-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2532-64-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2532-18-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-413-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-891-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-92-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-945-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2532-90-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2532-80-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1123-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-84-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1122-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2532-0-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2592-4030-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2592-1124-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2592-103-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2648-106-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-4029-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-87-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2660-3691-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3710-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-94-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-39-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-729-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3686-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3693-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2820-86-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2920-3688-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2920-83-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/3032-3698-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-88-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-3506-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/3044-25-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/3044-143-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download