cobaltstrike | 1f4544f522f6e1969d278d81740b8a76b88831145a4ef1d0f0600bb8bb2aee13

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
30-01-2025 06:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

7f0dbf0cdf908e85eb702e95512c63a6
SHA1

a416aaed94f07f17674cc1d7cbbd6fefac596005
SHA256

1f4544f522f6e1969d278d81740b8a76b88831145a4ef1d0f0600bb8bb2aee13
SHA512

f6b63c3cde078dcb174a73404971b549245972834c9c8f19807abf117a8dc2ce58420dac740d00336a166a72a7ee9c3e28b46f96f532dad119f36e026ea8ec58
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU7:T+q56utgpPF8u/77

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012281-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c80-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cd7-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d43-26.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d4b-31.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d54-35.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-46.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-63.dat	cobalt_reflective_dll
behavioral1/files/0x002d000000016875-66.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-74.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b6-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a6-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-98.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-86.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-82.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-58.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-50.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-42.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186e7-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d3a-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d2a-19.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 58 IoCs

miner

resource	yara_rule
behavioral1/memory/2520-0-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x000c000000012281-3.dat	xmrig
behavioral1/files/0x0008000000016c80-8.dat	xmrig
behavioral1/files/0x0008000000016cd7-15.dat	xmrig
behavioral1/files/0x0007000000016d43-26.dat	xmrig
behavioral1/files/0x0009000000016d4b-31.dat	xmrig
behavioral1/files/0x0009000000016d54-35.dat	xmrig
behavioral1/files/0x00050000000186f1-46.dat	xmrig
behavioral1/files/0x0005000000018704-54.dat	xmrig
behavioral1/files/0x0005000000018744-63.dat	xmrig
behavioral1/files/0x002d000000016875-66.dat	xmrig
behavioral1/files/0x000500000001878e-70.dat	xmrig
behavioral1/files/0x00050000000187a8-74.dat	xmrig
behavioral1/memory/2416-1124-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x00050000000193df-130.dat	xmrig
behavioral1/files/0x00050000000193c4-126.dat	xmrig
behavioral1/files/0x00050000000193b6-122.dat	xmrig
behavioral1/files/0x00050000000193a6-118.dat	xmrig
behavioral1/files/0x0005000000019360-114.dat	xmrig
behavioral1/files/0x000500000001933f-110.dat	xmrig
behavioral1/files/0x0005000000019297-106.dat	xmrig
behavioral1/files/0x0005000000019284-102.dat	xmrig
behavioral1/files/0x0005000000019278-98.dat	xmrig
behavioral1/files/0x0005000000019269-94.dat	xmrig
behavioral1/files/0x0005000000019250-90.dat	xmrig
behavioral1/files/0x0005000000019246-86.dat	xmrig
behavioral1/files/0x0006000000018c16-82.dat	xmrig
behavioral1/files/0x0006000000018b4e-78.dat	xmrig
behavioral1/files/0x0005000000018739-58.dat	xmrig
behavioral1/files/0x00050000000186f4-50.dat	xmrig
behavioral1/files/0x00050000000186ed-42.dat	xmrig
behavioral1/files/0x00070000000186e7-38.dat	xmrig
behavioral1/files/0x0007000000016d3a-23.dat	xmrig
behavioral1/files/0x0007000000016d2a-19.dat	xmrig
behavioral1/memory/2740-1151-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2844-1403-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2264-1496-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2520-1597-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2760-1596-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2752-1622-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2416-3481-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2520-3675-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2660-4031-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2908-4067-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2856-4068-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2648-4069-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2740-4070-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2844-4071-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2752-4073-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2264-4072-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2760-4074-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2660-4076-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2752-4075-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2264-4077-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2856-4078-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2648-4080-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2844-4081-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2908-4079-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2416	wBdbCgX.exe
2740	nOOxPxn.exe
2844	oUGxvFQ.exe
2264	HNkFiEf.exe
2760	WiKWRTe.exe
2752	MzBSIBY.exe
2672	gmwiWPS.exe
2660	DzsBduR.exe
2908	jJTWTLg.exe
2856	qxsTLEw.exe
2648	iSFuCus.exe
2712	nKBXeTt.exe
2340	qXYWvhw.exe
2492	XhnfklQ.exe
1840	NYirrSM.exe
3036	BeyLOBh.exe
1648	EhhWoVu.exe
2288	fhhJcJz.exe
2112	EZTHpMP.exe
1052	jEUmxqk.exe
2988	tyIBoFF.exe
2392	RmsHwxW.exe
2320	oLXlSgC.exe
2704	RHlRLiH.exe
2984	HSNCVXQ.exe
2544	KTDvWNJ.exe
2896	NNiwCYe.exe
376	sEXxPcf.exe
3000	pjNwFIm.exe
2960	xyJIGXf.exe
2036	WvhzoGj.exe
1028	GVnCuUF.exe
1964	aSgPLYA.exe
1164	hbPZQic.exe
596	puygJyX.exe
768	xaQsJyb.exe
2252	vAGDghA.exe
1640	zFDphVT.exe
2824	HUiFAPD.exe
2196	nEioqlb.exe
1856	AWCxtnr.exe
2616	sdXiTSb.exe
2148	IIxEEmA.exe
400	dxvxtCS.exe
1100	bCCzlKG.exe
612	EBPbESx.exe
288	VIJiDfN.exe
2140	bitdIjV.exe
2096	HipMdwt.exe
1096	KMUAEeb.exe
1316	zNeRfPz.exe
972	wJlUNzv.exe
1836	HjxrrNO.exe
1056	tkugqXH.exe
1916	ejytlIG.exe
1252	puICXMo.exe
1556	fbmkKNn.exe
1584	wufJAMF.exe
2128	zefFadw.exe
2308	SjcdiNY.exe
912	TZOfTWH.exe
568	MAfUbFp.exe
1740	nXogJhu.exe
2408	AYbsAbz.exe

Loads dropped DLL 64 IoCs

pid	Process
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 57 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2520-0-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x000c000000012281-3.dat	upx
behavioral1/files/0x0008000000016c80-8.dat	upx
behavioral1/files/0x0008000000016cd7-15.dat	upx
behavioral1/files/0x0007000000016d43-26.dat	upx
behavioral1/files/0x0009000000016d4b-31.dat	upx
behavioral1/files/0x0009000000016d54-35.dat	upx
behavioral1/files/0x00050000000186f1-46.dat	upx
behavioral1/files/0x0005000000018704-54.dat	upx
behavioral1/files/0x0005000000018744-63.dat	upx
behavioral1/files/0x002d000000016875-66.dat	upx
behavioral1/files/0x000500000001878e-70.dat	upx
behavioral1/files/0x00050000000187a8-74.dat	upx
behavioral1/memory/2416-1124-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x00050000000193df-130.dat	upx
behavioral1/files/0x00050000000193c4-126.dat	upx
behavioral1/files/0x00050000000193b6-122.dat	upx
behavioral1/files/0x00050000000193a6-118.dat	upx
behavioral1/files/0x0005000000019360-114.dat	upx
behavioral1/files/0x000500000001933f-110.dat	upx
behavioral1/files/0x0005000000019297-106.dat	upx
behavioral1/files/0x0005000000019284-102.dat	upx
behavioral1/files/0x0005000000019278-98.dat	upx
behavioral1/files/0x0005000000019269-94.dat	upx
behavioral1/files/0x0005000000019250-90.dat	upx
behavioral1/files/0x0005000000019246-86.dat	upx
behavioral1/files/0x0006000000018c16-82.dat	upx
behavioral1/files/0x0006000000018b4e-78.dat	upx
behavioral1/files/0x0005000000018739-58.dat	upx
behavioral1/files/0x00050000000186f4-50.dat	upx
behavioral1/files/0x00050000000186ed-42.dat	upx
behavioral1/files/0x00070000000186e7-38.dat	upx
behavioral1/files/0x0007000000016d3a-23.dat	upx
behavioral1/files/0x0007000000016d2a-19.dat	upx
behavioral1/memory/2740-1151-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2844-1403-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2264-1496-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2760-1596-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2752-1622-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2416-3481-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2520-3675-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2660-4031-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2908-4067-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2856-4068-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2648-4069-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2740-4070-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2844-4071-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2752-4073-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2264-4072-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2760-4074-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2660-4076-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2752-4075-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2264-4077-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2856-4078-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2648-4080-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2844-4081-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2908-4079-0x000000013F240000-0x000000013F594000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kjYsukO.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uaUbGHL.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ccIjkND.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nUDtFrm.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\czPKMSj.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uCYTcKf.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\erPjTOl.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jvmsMFC.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XVqnBvF.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LprBQLa.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sIAwCqr.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TRJSpBp.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhbgTmc.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XOylfBt.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wufJAMF.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GLfiGLu.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PwutCYt.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pUkAxWA.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fkzmFBs.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDUEFck.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sATbrPk.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dwzDOPW.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uXYPnFc.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mLUyvzC.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNMesDd.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Dseheff.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TMEBbXZ.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GofuhCJ.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FUPpCeN.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qoQwFCn.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VGRkADi.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YEjytNV.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KgXThkw.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jHISoOP.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Yfaykke.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gmwiWPS.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oQElVqI.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\woOwxWF.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fHTmBgW.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ioKJzzf.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YwATyVh.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fldldGo.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HYdKibf.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tAdmpHY.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HjjtdUq.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ALqgaIc.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZluWkpU.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftguVuC.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZhFcfwf.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FSaNdXv.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IaKSgqw.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WLfkoJv.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bkUNtrP.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EYHyWfk.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yzDiItP.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wJlUNzv.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gunfoHj.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qJTZmco.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bZerGWD.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tsELdMP.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bBxksFy.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TWhdrgs.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kHJiDGC.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CNnQEhP.exe	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2416	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2520 wrote to memory of 2416	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2520 wrote to memory of 2416	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2520 wrote to memory of 2740	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2520 wrote to memory of 2740	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2520 wrote to memory of 2740	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2520 wrote to memory of 2844	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2520 wrote to memory of 2844	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2520 wrote to memory of 2844	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2520 wrote to memory of 2264	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2520 wrote to memory of 2264	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2520 wrote to memory of 2264	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2520 wrote to memory of 2760	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2520 wrote to memory of 2760	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2520 wrote to memory of 2760	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2520 wrote to memory of 2752	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2520 wrote to memory of 2752	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2520 wrote to memory of 2752	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2520 wrote to memory of 2672	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2520 wrote to memory of 2672	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2520 wrote to memory of 2672	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2520 wrote to memory of 2660	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2520 wrote to memory of 2660	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2520 wrote to memory of 2660	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2520 wrote to memory of 2908	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2520 wrote to memory of 2908	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2520 wrote to memory of 2908	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2520 wrote to memory of 2856	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2520 wrote to memory of 2856	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2520 wrote to memory of 2856	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2520 wrote to memory of 2648	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2520 wrote to memory of 2648	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2520 wrote to memory of 2648	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2520 wrote to memory of 2712	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2520 wrote to memory of 2712	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2520 wrote to memory of 2712	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2520 wrote to memory of 2340	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2520 wrote to memory of 2340	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2520 wrote to memory of 2340	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2520 wrote to memory of 2492	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2520 wrote to memory of 2492	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2520 wrote to memory of 2492	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2520 wrote to memory of 1840	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2520 wrote to memory of 1840	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2520 wrote to memory of 1840	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2520 wrote to memory of 3036	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2520 wrote to memory of 3036	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2520 wrote to memory of 3036	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2520 wrote to memory of 1648	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2520 wrote to memory of 1648	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2520 wrote to memory of 1648	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2520 wrote to memory of 2288	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2520 wrote to memory of 2288	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2520 wrote to memory of 2288	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2520 wrote to memory of 2112	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2520 wrote to memory of 2112	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2520 wrote to memory of 2112	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2520 wrote to memory of 1052	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2520 wrote to memory of 1052	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2520 wrote to memory of 1052	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2520 wrote to memory of 2988	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2520 wrote to memory of 2988	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2520 wrote to memory of 2988	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2520 wrote to memory of 2392	2520	2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-30_7f0dbf0cdf908e85eb702e95512c63a6_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Windows\System\wBdbCgX.exe
  C:\Windows\System\wBdbCgX.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\nOOxPxn.exe
  C:\Windows\System\nOOxPxn.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\oUGxvFQ.exe
  C:\Windows\System\oUGxvFQ.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\HNkFiEf.exe
  C:\Windows\System\HNkFiEf.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\WiKWRTe.exe
  C:\Windows\System\WiKWRTe.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\MzBSIBY.exe
  C:\Windows\System\MzBSIBY.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\gmwiWPS.exe
  C:\Windows\System\gmwiWPS.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\DzsBduR.exe
  C:\Windows\System\DzsBduR.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\jJTWTLg.exe
  C:\Windows\System\jJTWTLg.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\qxsTLEw.exe
  C:\Windows\System\qxsTLEw.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\iSFuCus.exe
  C:\Windows\System\iSFuCus.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\nKBXeTt.exe
  C:\Windows\System\nKBXeTt.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\qXYWvhw.exe
  C:\Windows\System\qXYWvhw.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\XhnfklQ.exe
  C:\Windows\System\XhnfklQ.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\NYirrSM.exe
  C:\Windows\System\NYirrSM.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\BeyLOBh.exe
  C:\Windows\System\BeyLOBh.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\EhhWoVu.exe
  C:\Windows\System\EhhWoVu.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\fhhJcJz.exe
  C:\Windows\System\fhhJcJz.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\EZTHpMP.exe
  C:\Windows\System\EZTHpMP.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\jEUmxqk.exe
  C:\Windows\System\jEUmxqk.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\tyIBoFF.exe
  C:\Windows\System\tyIBoFF.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\RmsHwxW.exe
  C:\Windows\System\RmsHwxW.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\oLXlSgC.exe
  C:\Windows\System\oLXlSgC.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\RHlRLiH.exe
  C:\Windows\System\RHlRLiH.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\HSNCVXQ.exe
  C:\Windows\System\HSNCVXQ.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\KTDvWNJ.exe
  C:\Windows\System\KTDvWNJ.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\NNiwCYe.exe
  C:\Windows\System\NNiwCYe.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\sEXxPcf.exe
  C:\Windows\System\sEXxPcf.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\pjNwFIm.exe
  C:\Windows\System\pjNwFIm.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\xyJIGXf.exe
  C:\Windows\System\xyJIGXf.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\WvhzoGj.exe
  C:\Windows\System\WvhzoGj.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\GVnCuUF.exe
  C:\Windows\System\GVnCuUF.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\aSgPLYA.exe
  C:\Windows\System\aSgPLYA.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\hbPZQic.exe
  C:\Windows\System\hbPZQic.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\puygJyX.exe
  C:\Windows\System\puygJyX.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\xaQsJyb.exe
  C:\Windows\System\xaQsJyb.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\vAGDghA.exe
  C:\Windows\System\vAGDghA.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\zFDphVT.exe
  C:\Windows\System\zFDphVT.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\HUiFAPD.exe
  C:\Windows\System\HUiFAPD.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\nEioqlb.exe
  C:\Windows\System\nEioqlb.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\AWCxtnr.exe
  C:\Windows\System\AWCxtnr.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\sdXiTSb.exe
  C:\Windows\System\sdXiTSb.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\IIxEEmA.exe
  C:\Windows\System\IIxEEmA.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\dxvxtCS.exe
  C:\Windows\System\dxvxtCS.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\bCCzlKG.exe
  C:\Windows\System\bCCzlKG.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\EBPbESx.exe
  C:\Windows\System\EBPbESx.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\VIJiDfN.exe
  C:\Windows\System\VIJiDfN.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\bitdIjV.exe
  C:\Windows\System\bitdIjV.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\HipMdwt.exe
  C:\Windows\System\HipMdwt.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\KMUAEeb.exe
  C:\Windows\System\KMUAEeb.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\zNeRfPz.exe
  C:\Windows\System\zNeRfPz.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\wJlUNzv.exe
  C:\Windows\System\wJlUNzv.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\HjxrrNO.exe
  C:\Windows\System\HjxrrNO.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\tkugqXH.exe
  C:\Windows\System\tkugqXH.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\ejytlIG.exe
  C:\Windows\System\ejytlIG.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\puICXMo.exe
  C:\Windows\System\puICXMo.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\fbmkKNn.exe
  C:\Windows\System\fbmkKNn.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\wufJAMF.exe
  C:\Windows\System\wufJAMF.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\zefFadw.exe
  C:\Windows\System\zefFadw.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\SjcdiNY.exe
  C:\Windows\System\SjcdiNY.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\TZOfTWH.exe
  C:\Windows\System\TZOfTWH.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\MAfUbFp.exe
  C:\Windows\System\MAfUbFp.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\nXogJhu.exe
  C:\Windows\System\nXogJhu.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\AYbsAbz.exe
  C:\Windows\System\AYbsAbz.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\skhJDSl.exe
  C:\Windows\System\skhJDSl.exe
  2⤵
  PID:2056
- C:\Windows\System\SQZclFc.exe
  C:\Windows\System\SQZclFc.exe
  2⤵
  PID:1984
- C:\Windows\System\lgSNDSR.exe
  C:\Windows\System\lgSNDSR.exe
  2⤵
  PID:548
- C:\Windows\System\sfqNlUI.exe
  C:\Windows\System\sfqNlUI.exe
  2⤵
  PID:2932
- C:\Windows\System\GDZbvpF.exe
  C:\Windows\System\GDZbvpF.exe
  2⤵
  PID:2976
- C:\Windows\System\azfqEmS.exe
  C:\Windows\System\azfqEmS.exe
  2⤵
  PID:2464
- C:\Windows\System\SecofvQ.exe
  C:\Windows\System\SecofvQ.exe
  2⤵
  PID:2356
- C:\Windows\System\PpSKJTe.exe
  C:\Windows\System\PpSKJTe.exe
  2⤵
  PID:1896
- C:\Windows\System\NZnqVJj.exe
  C:\Windows\System\NZnqVJj.exe
  2⤵
  PID:2396
- C:\Windows\System\acAtFen.exe
  C:\Windows\System\acAtFen.exe
  2⤵
  PID:2488
- C:\Windows\System\MnNKtyr.exe
  C:\Windows\System\MnNKtyr.exe
  2⤵
  PID:2312
- C:\Windows\System\SjifVdH.exe
  C:\Windows\System\SjifVdH.exe
  2⤵
  PID:1592
- C:\Windows\System\jjeCrBj.exe
  C:\Windows\System\jjeCrBj.exe
  2⤵
  PID:1704
- C:\Windows\System\WLfkoJv.exe
  C:\Windows\System\WLfkoJv.exe
  2⤵
  PID:920
- C:\Windows\System\TMEBbXZ.exe
  C:\Windows\System\TMEBbXZ.exe
  2⤵
  PID:2744
- C:\Windows\System\gEyqEoB.exe
  C:\Windows\System\gEyqEoB.exe
  2⤵
  PID:2916
- C:\Windows\System\tJlCPlm.exe
  C:\Windows\System\tJlCPlm.exe
  2⤵
  PID:2496
- C:\Windows\System\BGGLQfA.exe
  C:\Windows\System\BGGLQfA.exe
  2⤵
  PID:2828
- C:\Windows\System\CNnQEhP.exe
  C:\Windows\System\CNnQEhP.exe
  2⤵
  PID:2748
- C:\Windows\System\XVqnBvF.exe
  C:\Windows\System\XVqnBvF.exe
  2⤵
  PID:2708
- C:\Windows\System\krTMPYv.exe
  C:\Windows\System\krTMPYv.exe
  2⤵
  PID:2532
- C:\Windows\System\LEleXcj.exe
  C:\Windows\System\LEleXcj.exe
  2⤵
  PID:632
- C:\Windows\System\wtvHzOL.exe
  C:\Windows\System\wtvHzOL.exe
  2⤵
  PID:2200
- C:\Windows\System\orYNRFg.exe
  C:\Windows\System\orYNRFg.exe
  2⤵
  PID:684
- C:\Windows\System\ThVKLUR.exe
  C:\Windows\System\ThVKLUR.exe
  2⤵
  PID:1848
- C:\Windows\System\uVmpvXg.exe
  C:\Windows\System\uVmpvXg.exe
  2⤵
  PID:1868
- C:\Windows\System\rpVtcgx.exe
  C:\Windows\System\rpVtcgx.exe
  2⤵
  PID:2100
- C:\Windows\System\gnMBTtP.exe
  C:\Windows\System\gnMBTtP.exe
  2⤵
  PID:2388
- C:\Windows\System\VGRngzN.exe
  C:\Windows\System\VGRngzN.exe
  2⤵
  PID:3008
- C:\Windows\System\teBtuTL.exe
  C:\Windows\System\teBtuTL.exe
  2⤵
  PID:1284
- C:\Windows\System\dglwgWi.exe
  C:\Windows\System\dglwgWi.exe
  2⤵
  PID:1752
- C:\Windows\System\bMHYBko.exe
  C:\Windows\System\bMHYBko.exe
  2⤵
  PID:780
- C:\Windows\System\ayUgQEf.exe
  C:\Windows\System\ayUgQEf.exe
  2⤵
  PID:2160
- C:\Windows\System\AogVHZj.exe
  C:\Windows\System\AogVHZj.exe
  2⤵
  PID:2436
- C:\Windows\System\bkUNtrP.exe
  C:\Windows\System\bkUNtrP.exe
  2⤵
  PID:2180
- C:\Windows\System\aJGUgpG.exe
  C:\Windows\System\aJGUgpG.exe
  2⤵
  PID:692
- C:\Windows\System\LZAnBEk.exe
  C:\Windows\System\LZAnBEk.exe
  2⤵
  PID:1016
- C:\Windows\System\UrpAuxW.exe
  C:\Windows\System\UrpAuxW.exe
  2⤵
  PID:1656
- C:\Windows\System\HsMdHrZ.exe
  C:\Windows\System\HsMdHrZ.exe
  2⤵
  PID:1852
- C:\Windows\System\TEsKjVS.exe
  C:\Windows\System\TEsKjVS.exe
  2⤵
  PID:2944
- C:\Windows\System\fJnalNN.exe
  C:\Windows\System\fJnalNN.exe
  2⤵
  PID:852
- C:\Windows\System\aYiLlNi.exe
  C:\Windows\System\aYiLlNi.exe
  2⤵
  PID:1532
- C:\Windows\System\cuZznsP.exe
  C:\Windows\System\cuZznsP.exe
  2⤵
  PID:1352
- C:\Windows\System\NdiLfAz.exe
  C:\Windows\System\NdiLfAz.exe
  2⤵
  PID:1992
- C:\Windows\System\cKaYzKH.exe
  C:\Windows\System\cKaYzKH.exe
  2⤵
  PID:1188
- C:\Windows\System\FiFFDey.exe
  C:\Windows\System\FiFFDey.exe
  2⤵
  PID:2380
- C:\Windows\System\jJepEqj.exe
  C:\Windows\System\jJepEqj.exe
  2⤵
  PID:2480
- C:\Windows\System\oswuGLF.exe
  C:\Windows\System\oswuGLF.exe
  2⤵
  PID:1480
- C:\Windows\System\IsIQWeC.exe
  C:\Windows\System\IsIQWeC.exe
  2⤵
  PID:1620
- C:\Windows\System\MfmzGoZ.exe
  C:\Windows\System\MfmzGoZ.exe
  2⤵
  PID:2052
- C:\Windows\System\GAvgjAQ.exe
  C:\Windows\System\GAvgjAQ.exe
  2⤵
  PID:2600
- C:\Windows\System\gUwZiul.exe
  C:\Windows\System\gUwZiul.exe
  2⤵
  PID:2348
- C:\Windows\System\ZBbRkOs.exe
  C:\Windows\System\ZBbRkOs.exe
  2⤵
  PID:772
- C:\Windows\System\LjvzFlw.exe
  C:\Windows\System\LjvzFlw.exe
  2⤵
  PID:2832
- C:\Windows\System\XtktBbi.exe
  C:\Windows\System\XtktBbi.exe
  2⤵
  PID:2936
- C:\Windows\System\hREfTva.exe
  C:\Windows\System\hREfTva.exe
  2⤵
  PID:2632
- C:\Windows\System\pWwJKCM.exe
  C:\Windows\System\pWwJKCM.exe
  2⤵
  PID:2444
- C:\Windows\System\SAMSVaR.exe
  C:\Windows\System\SAMSVaR.exe
  2⤵
  PID:2240
- C:\Windows\System\nKdFwyn.exe
  C:\Windows\System\nKdFwyn.exe
  2⤵
  PID:2736
- C:\Windows\System\gunfoHj.exe
  C:\Windows\System\gunfoHj.exe
  2⤵
  PID:1876
- C:\Windows\System\DCzwzYM.exe
  C:\Windows\System\DCzwzYM.exe
  2⤵
  PID:3028
- C:\Windows\System\ynNTGVZ.exe
  C:\Windows\System\ynNTGVZ.exe
  2⤵
  PID:1280
- C:\Windows\System\iKcmtHe.exe
  C:\Windows\System\iKcmtHe.exe
  2⤵
  PID:2016
- C:\Windows\System\kHeZbFy.exe
  C:\Windows\System\kHeZbFy.exe
  2⤵
  PID:2184
- C:\Windows\System\rJJyoQa.exe
  C:\Windows\System\rJJyoQa.exe
  2⤵
  PID:1716
- C:\Windows\System\lkzRujA.exe
  C:\Windows\System\lkzRujA.exe
  2⤵
  PID:2168
- C:\Windows\System\fxNXxBf.exe
  C:\Windows\System\fxNXxBf.exe
  2⤵
  PID:900
- C:\Windows\System\oQElVqI.exe
  C:\Windows\System\oQElVqI.exe
  2⤵
  PID:1764
- C:\Windows\System\MgDpDVc.exe
  C:\Windows\System\MgDpDVc.exe
  2⤵
  PID:1696
- C:\Windows\System\LHNlVRr.exe
  C:\Windows\System\LHNlVRr.exe
  2⤵
  PID:2076
- C:\Windows\System\fFIWVnR.exe
  C:\Windows\System\fFIWVnR.exe
  2⤵
  PID:1720
- C:\Windows\System\EHFFwjD.exe
  C:\Windows\System\EHFFwjD.exe
  2⤵
  PID:1500
- C:\Windows\System\GsLpwfB.exe
  C:\Windows\System\GsLpwfB.exe
  2⤵
  PID:3076
- C:\Windows\System\aLSozat.exe
  C:\Windows\System\aLSozat.exe
  2⤵
  PID:3092
- C:\Windows\System\blUIolW.exe
  C:\Windows\System\blUIolW.exe
  2⤵
  PID:3108
- C:\Windows\System\oLHzCnq.exe
  C:\Windows\System\oLHzCnq.exe
  2⤵
  PID:3124
- C:\Windows\System\MNaYLUn.exe
  C:\Windows\System\MNaYLUn.exe
  2⤵
  PID:3140
- C:\Windows\System\werdKSH.exe
  C:\Windows\System\werdKSH.exe
  2⤵
  PID:3156
- C:\Windows\System\ASJQhkQ.exe
  C:\Windows\System\ASJQhkQ.exe
  2⤵
  PID:3172
- C:\Windows\System\EybGxpF.exe
  C:\Windows\System\EybGxpF.exe
  2⤵
  PID:3188
- C:\Windows\System\ogwKQKI.exe
  C:\Windows\System\ogwKQKI.exe
  2⤵
  PID:3204
- C:\Windows\System\IEpkGoQ.exe
  C:\Windows\System\IEpkGoQ.exe
  2⤵
  PID:3220
- C:\Windows\System\JKawitX.exe
  C:\Windows\System\JKawitX.exe
  2⤵
  PID:3236
- C:\Windows\System\uZlnHds.exe
  C:\Windows\System\uZlnHds.exe
  2⤵
  PID:3252
- C:\Windows\System\IRJdYCK.exe
  C:\Windows\System\IRJdYCK.exe
  2⤵
  PID:3268
- C:\Windows\System\lhScsdt.exe
  C:\Windows\System\lhScsdt.exe
  2⤵
  PID:3284
- C:\Windows\System\LPnhKGH.exe
  C:\Windows\System\LPnhKGH.exe
  2⤵
  PID:3300
- C:\Windows\System\MUtTGvI.exe
  C:\Windows\System\MUtTGvI.exe
  2⤵
  PID:3316
- C:\Windows\System\xuAFCtV.exe
  C:\Windows\System\xuAFCtV.exe
  2⤵
  PID:3332
- C:\Windows\System\XzaYLDE.exe
  C:\Windows\System\XzaYLDE.exe
  2⤵
  PID:3348
- C:\Windows\System\uCOkBDl.exe
  C:\Windows\System\uCOkBDl.exe
  2⤵
  PID:3364
- C:\Windows\System\kSVopjp.exe
  C:\Windows\System\kSVopjp.exe
  2⤵
  PID:3380
- C:\Windows\System\yOHsldl.exe
  C:\Windows\System\yOHsldl.exe
  2⤵
  PID:3396
- C:\Windows\System\JkKVITC.exe
  C:\Windows\System\JkKVITC.exe
  2⤵
  PID:3412
- C:\Windows\System\TlGlBWe.exe
  C:\Windows\System\TlGlBWe.exe
  2⤵
  PID:3428
- C:\Windows\System\JLdbAPv.exe
  C:\Windows\System\JLdbAPv.exe
  2⤵
  PID:3444
- C:\Windows\System\UhhBWFJ.exe
  C:\Windows\System\UhhBWFJ.exe
  2⤵
  PID:3460
- C:\Windows\System\oBinmih.exe
  C:\Windows\System\oBinmih.exe
  2⤵
  PID:3476
- C:\Windows\System\hLPIhWa.exe
  C:\Windows\System\hLPIhWa.exe
  2⤵
  PID:3492
- C:\Windows\System\eDAvNkm.exe
  C:\Windows\System\eDAvNkm.exe
  2⤵
  PID:3508
- C:\Windows\System\vaxdRyn.exe
  C:\Windows\System\vaxdRyn.exe
  2⤵
  PID:3524
- C:\Windows\System\lrDcnyA.exe
  C:\Windows\System\lrDcnyA.exe
  2⤵
  PID:3540
- C:\Windows\System\quGVAzB.exe
  C:\Windows\System\quGVAzB.exe
  2⤵
  PID:3556
- C:\Windows\System\xdZpMMV.exe
  C:\Windows\System\xdZpMMV.exe
  2⤵
  PID:3572
- C:\Windows\System\uUdbufK.exe
  C:\Windows\System\uUdbufK.exe
  2⤵
  PID:3588
- C:\Windows\System\qMPpfmM.exe
  C:\Windows\System\qMPpfmM.exe
  2⤵
  PID:3604
- C:\Windows\System\OwfwFku.exe
  C:\Windows\System\OwfwFku.exe
  2⤵
  PID:3620
- C:\Windows\System\hMMwbDh.exe
  C:\Windows\System\hMMwbDh.exe
  2⤵
  PID:3636
- C:\Windows\System\LxPugQR.exe
  C:\Windows\System\LxPugQR.exe
  2⤵
  PID:3652
- C:\Windows\System\UtwAzsl.exe
  C:\Windows\System\UtwAzsl.exe
  2⤵
  PID:3668
- C:\Windows\System\URQvyiD.exe
  C:\Windows\System\URQvyiD.exe
  2⤵
  PID:3684
- C:\Windows\System\DSZOjBV.exe
  C:\Windows\System\DSZOjBV.exe
  2⤵
  PID:3700
- C:\Windows\System\bMgMvhh.exe
  C:\Windows\System\bMgMvhh.exe
  2⤵
  PID:3716
- C:\Windows\System\PPrgCcA.exe
  C:\Windows\System\PPrgCcA.exe
  2⤵
  PID:3732
- C:\Windows\System\RzHgbTC.exe
  C:\Windows\System\RzHgbTC.exe
  2⤵
  PID:3748
- C:\Windows\System\nxzSsiV.exe
  C:\Windows\System\nxzSsiV.exe
  2⤵
  PID:3764
- C:\Windows\System\fIcBxZb.exe
  C:\Windows\System\fIcBxZb.exe
  2⤵
  PID:3780
- C:\Windows\System\IVslCAQ.exe
  C:\Windows\System\IVslCAQ.exe
  2⤵
  PID:3796
- C:\Windows\System\UWaVump.exe
  C:\Windows\System\UWaVump.exe
  2⤵
  PID:3812
- C:\Windows\System\OQiiRlx.exe
  C:\Windows\System\OQiiRlx.exe
  2⤵
  PID:3828
- C:\Windows\System\VHyKkMO.exe
  C:\Windows\System\VHyKkMO.exe
  2⤵
  PID:3844
- C:\Windows\System\CDQMxws.exe
  C:\Windows\System\CDQMxws.exe
  2⤵
  PID:3860
- C:\Windows\System\twViROk.exe
  C:\Windows\System\twViROk.exe
  2⤵
  PID:3876
- C:\Windows\System\dXuoEto.exe
  C:\Windows\System\dXuoEto.exe
  2⤵
  PID:3892
- C:\Windows\System\lcxhOJu.exe
  C:\Windows\System\lcxhOJu.exe
  2⤵
  PID:3908
- C:\Windows\System\fRftPlT.exe
  C:\Windows\System\fRftPlT.exe
  2⤵
  PID:3924
- C:\Windows\System\kINvHxY.exe
  C:\Windows\System\kINvHxY.exe
  2⤵
  PID:3940
- C:\Windows\System\MrjjYdK.exe
  C:\Windows\System\MrjjYdK.exe
  2⤵
  PID:3956
- C:\Windows\System\FJGmmLB.exe
  C:\Windows\System\FJGmmLB.exe
  2⤵
  PID:3972
- C:\Windows\System\yUuTbAF.exe
  C:\Windows\System\yUuTbAF.exe
  2⤵
  PID:3988
- C:\Windows\System\SSWLeUt.exe
  C:\Windows\System\SSWLeUt.exe
  2⤵
  PID:4004
- C:\Windows\System\EvCYnUV.exe
  C:\Windows\System\EvCYnUV.exe
  2⤵
  PID:4020
- C:\Windows\System\vZOFXgk.exe
  C:\Windows\System\vZOFXgk.exe
  2⤵
  PID:4036
- C:\Windows\System\ioLkkEm.exe
  C:\Windows\System\ioLkkEm.exe
  2⤵
  PID:4052
- C:\Windows\System\vDFgoXU.exe
  C:\Windows\System\vDFgoXU.exe
  2⤵
  PID:4068
- C:\Windows\System\innVDZE.exe
  C:\Windows\System\innVDZE.exe
  2⤵
  PID:4084
- C:\Windows\System\zhbgTmc.exe
  C:\Windows\System\zhbgTmc.exe
  2⤵
  PID:2516
- C:\Windows\System\EPCdEdE.exe
  C:\Windows\System\EPCdEdE.exe
  2⤵
  PID:2792
- C:\Windows\System\vLRAJfJ.exe
  C:\Windows\System\vLRAJfJ.exe
  2⤵
  PID:572
- C:\Windows\System\lRPywTU.exe
  C:\Windows\System\lRPywTU.exe
  2⤵
  PID:1152
- C:\Windows\System\DrlLOaK.exe
  C:\Windows\System\DrlLOaK.exe
  2⤵
  PID:1712
- C:\Windows\System\hRHRAcJ.exe
  C:\Windows\System\hRHRAcJ.exe
  2⤵
  PID:600
- C:\Windows\System\RTmSsvV.exe
  C:\Windows\System\RTmSsvV.exe
  2⤵
  PID:2028
- C:\Windows\System\pMXBmFJ.exe
  C:\Windows\System\pMXBmFJ.exe
  2⤵
  PID:1536
- C:\Windows\System\fCgmqzN.exe
  C:\Windows\System\fCgmqzN.exe
  2⤵
  PID:2124
- C:\Windows\System\PKKVIEp.exe
  C:\Windows\System\PKKVIEp.exe
  2⤵
  PID:2344
- C:\Windows\System\OnqpLAK.exe
  C:\Windows\System\OnqpLAK.exe
  2⤵
  PID:3088
- C:\Windows\System\lsAkhrt.exe
  C:\Windows\System\lsAkhrt.exe
  2⤵
  PID:3120
- C:\Windows\System\pURMRbo.exe
  C:\Windows\System\pURMRbo.exe
  2⤵
  PID:3152
- C:\Windows\System\GofuhCJ.exe
  C:\Windows\System\GofuhCJ.exe
  2⤵
  PID:3184
- C:\Windows\System\iDArZdM.exe
  C:\Windows\System\iDArZdM.exe
  2⤵
  PID:3216
- C:\Windows\System\ixgHmwx.exe
  C:\Windows\System\ixgHmwx.exe
  2⤵
  PID:3248
- C:\Windows\System\oykwKzz.exe
  C:\Windows\System\oykwKzz.exe
  2⤵
  PID:3280
- C:\Windows\System\iuhqbJj.exe
  C:\Windows\System\iuhqbJj.exe
  2⤵
  PID:3312
- C:\Windows\System\DIiQSoS.exe
  C:\Windows\System\DIiQSoS.exe
  2⤵
  PID:3344
- C:\Windows\System\njZjbJV.exe
  C:\Windows\System\njZjbJV.exe
  2⤵
  PID:3376
- C:\Windows\System\UGLzGpQ.exe
  C:\Windows\System\UGLzGpQ.exe
  2⤵
  PID:3392
- C:\Windows\System\IleGrQz.exe
  C:\Windows\System\IleGrQz.exe
  2⤵
  PID:3440
- C:\Windows\System\ITaWTOh.exe
  C:\Windows\System\ITaWTOh.exe
  2⤵
  PID:3472
- C:\Windows\System\BzJEBQu.exe
  C:\Windows\System\BzJEBQu.exe
  2⤵
  PID:3504
- C:\Windows\System\iqlypbt.exe
  C:\Windows\System\iqlypbt.exe
  2⤵
  PID:3536
- C:\Windows\System\hrviYfI.exe
  C:\Windows\System\hrviYfI.exe
  2⤵
  PID:3568
- C:\Windows\System\VGRkADi.exe
  C:\Windows\System\VGRkADi.exe
  2⤵
  PID:3600
- C:\Windows\System\FvGTDUZ.exe
  C:\Windows\System\FvGTDUZ.exe
  2⤵
  PID:3632
- C:\Windows\System\ZsHIBia.exe
  C:\Windows\System\ZsHIBia.exe
  2⤵
  PID:3664
- C:\Windows\System\IydzWPg.exe
  C:\Windows\System\IydzWPg.exe
  2⤵
  PID:3680
- C:\Windows\System\kjYsukO.exe
  C:\Windows\System\kjYsukO.exe
  2⤵
  PID:3728
- C:\Windows\System\DvMSQis.exe
  C:\Windows\System\DvMSQis.exe
  2⤵
  PID:3760
- C:\Windows\System\UFHYwHk.exe
  C:\Windows\System\UFHYwHk.exe
  2⤵
  PID:3792
- C:\Windows\System\ioKJzzf.exe
  C:\Windows\System\ioKJzzf.exe
  2⤵
  PID:3808
- C:\Windows\System\cTDuSnR.exe
  C:\Windows\System\cTDuSnR.exe
  2⤵
  PID:3856
- C:\Windows\System\LKfBHSO.exe
  C:\Windows\System\LKfBHSO.exe
  2⤵
  PID:3888
- C:\Windows\System\OuzuBNn.exe
  C:\Windows\System\OuzuBNn.exe
  2⤵
  PID:3904
- C:\Windows\System\beyyRar.exe
  C:\Windows\System\beyyRar.exe
  2⤵
  PID:3952
- C:\Windows\System\onJUBPy.exe
  C:\Windows\System\onJUBPy.exe
  2⤵
  PID:3984
- C:\Windows\System\KZHzLjm.exe
  C:\Windows\System\KZHzLjm.exe
  2⤵
  PID:4016
- C:\Windows\System\iboglNz.exe
  C:\Windows\System\iboglNz.exe
  2⤵
  PID:4032
- C:\Windows\System\gjxHWTj.exe
  C:\Windows\System\gjxHWTj.exe
  2⤵
  PID:4064
- C:\Windows\System\eioeSNQ.exe
  C:\Windows\System\eioeSNQ.exe
  2⤵
  PID:2868
- C:\Windows\System\MaWaTqQ.exe
  C:\Windows\System\MaWaTqQ.exe
  2⤵
  PID:2928
- C:\Windows\System\bDnOyfR.exe
  C:\Windows\System\bDnOyfR.exe
  2⤵
  PID:2384
- C:\Windows\System\xuazYLF.exe
  C:\Windows\System\xuazYLF.exe
  2⤵
  PID:1192
- C:\Windows\System\URokgeB.exe
  C:\Windows\System\URokgeB.exe
  2⤵
  PID:616
- C:\Windows\System\ccjLzxd.exe
  C:\Windows\System\ccjLzxd.exe
  2⤵
  PID:2332
- C:\Windows\System\RqsvuHr.exe
  C:\Windows\System\RqsvuHr.exe
  2⤵
  PID:3136
- C:\Windows\System\PGqAlUk.exe
  C:\Windows\System\PGqAlUk.exe
  2⤵
  PID:3212
- C:\Windows\System\oqERVBg.exe
  C:\Windows\System\oqERVBg.exe
  2⤵
  PID:3264
- C:\Windows\System\CkINpob.exe
  C:\Windows\System\CkINpob.exe
  2⤵
  PID:3328
- C:\Windows\System\Ybqpxpg.exe
  C:\Windows\System\Ybqpxpg.exe
  2⤵
  PID:3408
- C:\Windows\System\nhuPgaz.exe
  C:\Windows\System\nhuPgaz.exe
  2⤵
  PID:3456
- C:\Windows\System\NXJghgT.exe
  C:\Windows\System\NXJghgT.exe
  2⤵
  PID:3532
- C:\Windows\System\uXHOpgV.exe
  C:\Windows\System\uXHOpgV.exe
  2⤵
  PID:3584
- C:\Windows\System\LkvLKDy.exe
  C:\Windows\System\LkvLKDy.exe
  2⤵
  PID:3648
- C:\Windows\System\HEQLqbW.exe
  C:\Windows\System\HEQLqbW.exe
  2⤵
  PID:3744
- C:\Windows\System\GUFQzYn.exe
  C:\Windows\System\GUFQzYn.exe
  2⤵
  PID:3824
- C:\Windows\System\WMcntWN.exe
  C:\Windows\System\WMcntWN.exe
  2⤵
  PID:3932
- C:\Windows\System\vUcXuqf.exe
  C:\Windows\System\vUcXuqf.exe
  2⤵
  PID:3936
- C:\Windows\System\RVyTbnz.exe
  C:\Windows\System\RVyTbnz.exe
  2⤵
  PID:4000
- C:\Windows\System\bbhqFtN.exe
  C:\Windows\System\bbhqFtN.exe
  2⤵
  PID:1768
- C:\Windows\System\ZqLrsSB.exe
  C:\Windows\System\ZqLrsSB.exe
  2⤵
  PID:3044
- C:\Windows\System\SVPnwGa.exe
  C:\Windows\System\SVPnwGa.exe
  2⤵
  PID:1320
- C:\Windows\System\rTYAQXO.exe
  C:\Windows\System\rTYAQXO.exe
  2⤵
  PID:2360
- C:\Windows\System\AewlGgY.exe
  C:\Windows\System\AewlGgY.exe
  2⤵
  PID:3232
- C:\Windows\System\VCQBMfU.exe
  C:\Windows\System\VCQBMfU.exe
  2⤵
  PID:3276
- C:\Windows\System\PhFYkqq.exe
  C:\Windows\System\PhFYkqq.exe
  2⤵
  PID:3612
- C:\Windows\System\NOEJoOe.exe
  C:\Windows\System\NOEJoOe.exe
  2⤵
  PID:3548
- C:\Windows\System\oDMLHeI.exe
  C:\Windows\System\oDMLHeI.exe
  2⤵
  PID:3692
- C:\Windows\System\LsJhafu.exe
  C:\Windows\System\LsJhafu.exe
  2⤵
  PID:3872
- C:\Windows\System\iCTRptH.exe
  C:\Windows\System\iCTRptH.exe
  2⤵
  PID:4012
- C:\Windows\System\IUGZGmW.exe
  C:\Windows\System\IUGZGmW.exe
  2⤵
  PID:3968
- C:\Windows\System\PhVQzGa.exe
  C:\Windows\System\PhVQzGa.exe
  2⤵
  PID:708
- C:\Windows\System\KiscFxl.exe
  C:\Windows\System\KiscFxl.exe
  2⤵
  PID:3372
- C:\Windows\System\Mgnooei.exe
  C:\Windows\System\Mgnooei.exe
  2⤵
  PID:4112
- C:\Windows\System\tzkosXs.exe
  C:\Windows\System\tzkosXs.exe
  2⤵
  PID:4128
- C:\Windows\System\DCAUGCb.exe
  C:\Windows\System\DCAUGCb.exe
  2⤵
  PID:4148
- C:\Windows\System\UvOgFMf.exe
  C:\Windows\System\UvOgFMf.exe
  2⤵
  PID:4164
- C:\Windows\System\xBkyreP.exe
  C:\Windows\System\xBkyreP.exe
  2⤵
  PID:4180
- C:\Windows\System\JOmlaDL.exe
  C:\Windows\System\JOmlaDL.exe
  2⤵
  PID:4196
- C:\Windows\System\QGjFxQK.exe
  C:\Windows\System\QGjFxQK.exe
  2⤵
  PID:4212
- C:\Windows\System\xaemKwb.exe
  C:\Windows\System\xaemKwb.exe
  2⤵
  PID:4228
- C:\Windows\System\DbVLmso.exe
  C:\Windows\System\DbVLmso.exe
  2⤵
  PID:4244
- C:\Windows\System\ONrxfdq.exe
  C:\Windows\System\ONrxfdq.exe
  2⤵
  PID:4260
- C:\Windows\System\dEzrKfS.exe
  C:\Windows\System\dEzrKfS.exe
  2⤵
  PID:4276
- C:\Windows\System\RbIqNIG.exe
  C:\Windows\System\RbIqNIG.exe
  2⤵
  PID:4292
- C:\Windows\System\fueuphD.exe
  C:\Windows\System\fueuphD.exe
  2⤵
  PID:4308
- C:\Windows\System\YCmDVab.exe
  C:\Windows\System\YCmDVab.exe
  2⤵
  PID:4324
- C:\Windows\System\mzKKifu.exe
  C:\Windows\System\mzKKifu.exe
  2⤵
  PID:4340
- C:\Windows\System\PyoVCtK.exe
  C:\Windows\System\PyoVCtK.exe
  2⤵
  PID:4356
- C:\Windows\System\zzsAzxa.exe
  C:\Windows\System\zzsAzxa.exe
  2⤵
  PID:4372
- C:\Windows\System\XYkpSFC.exe
  C:\Windows\System\XYkpSFC.exe
  2⤵
  PID:4388
- C:\Windows\System\RqzAdFG.exe
  C:\Windows\System\RqzAdFG.exe
  2⤵
  PID:4404
- C:\Windows\System\fBhFTyL.exe
  C:\Windows\System\fBhFTyL.exe
  2⤵
  PID:4420
- C:\Windows\System\hIFEgfF.exe
  C:\Windows\System\hIFEgfF.exe
  2⤵
  PID:4436
- C:\Windows\System\EgcmPKO.exe
  C:\Windows\System\EgcmPKO.exe
  2⤵
  PID:4452
- C:\Windows\System\kOFuyBR.exe
  C:\Windows\System\kOFuyBR.exe
  2⤵
  PID:4468
- C:\Windows\System\FmuqNTt.exe
  C:\Windows\System\FmuqNTt.exe
  2⤵
  PID:4484
- C:\Windows\System\nnMsoEh.exe
  C:\Windows\System\nnMsoEh.exe
  2⤵
  PID:4500
- C:\Windows\System\wbZUbNm.exe
  C:\Windows\System\wbZUbNm.exe
  2⤵
  PID:4516
- C:\Windows\System\bMzSewO.exe
  C:\Windows\System\bMzSewO.exe
  2⤵
  PID:4532
- C:\Windows\System\zEUKSCe.exe
  C:\Windows\System\zEUKSCe.exe
  2⤵
  PID:4548
- C:\Windows\System\nArfsZv.exe
  C:\Windows\System\nArfsZv.exe
  2⤵
  PID:4564
- C:\Windows\System\RstroUC.exe
  C:\Windows\System\RstroUC.exe
  2⤵
  PID:4580
- C:\Windows\System\oncGEqy.exe
  C:\Windows\System\oncGEqy.exe
  2⤵
  PID:4596
- C:\Windows\System\BMduXvY.exe
  C:\Windows\System\BMduXvY.exe
  2⤵
  PID:4612
- C:\Windows\System\YjEFBco.exe
  C:\Windows\System\YjEFBco.exe
  2⤵
  PID:4628
- C:\Windows\System\MejoUnN.exe
  C:\Windows\System\MejoUnN.exe
  2⤵
  PID:4644
- C:\Windows\System\fbnzrvz.exe
  C:\Windows\System\fbnzrvz.exe
  2⤵
  PID:4660
- C:\Windows\System\bUlNcoY.exe
  C:\Windows\System\bUlNcoY.exe
  2⤵
  PID:4676
- C:\Windows\System\cgKrman.exe
  C:\Windows\System\cgKrman.exe
  2⤵
  PID:4692
- C:\Windows\System\gemCrGo.exe
  C:\Windows\System\gemCrGo.exe
  2⤵
  PID:4708
- C:\Windows\System\IgoxAuw.exe
  C:\Windows\System\IgoxAuw.exe
  2⤵
  PID:4724
- C:\Windows\System\BCfezfp.exe
  C:\Windows\System\BCfezfp.exe
  2⤵
  PID:4740
- C:\Windows\System\LaSSabq.exe
  C:\Windows\System\LaSSabq.exe
  2⤵
  PID:4756
- C:\Windows\System\vsEtngd.exe
  C:\Windows\System\vsEtngd.exe
  2⤵
  PID:4772
- C:\Windows\System\BeawNYV.exe
  C:\Windows\System\BeawNYV.exe
  2⤵
  PID:4788
- C:\Windows\System\FDgHBhw.exe
  C:\Windows\System\FDgHBhw.exe
  2⤵
  PID:4804
- C:\Windows\System\LBQPTQN.exe
  C:\Windows\System\LBQPTQN.exe
  2⤵
  PID:4820
- C:\Windows\System\OZIBcNb.exe
  C:\Windows\System\OZIBcNb.exe
  2⤵
  PID:4836
- C:\Windows\System\PmifvMh.exe
  C:\Windows\System\PmifvMh.exe
  2⤵
  PID:4852
- C:\Windows\System\IhGSgpT.exe
  C:\Windows\System\IhGSgpT.exe
  2⤵
  PID:4868
- C:\Windows\System\ovvPkGv.exe
  C:\Windows\System\ovvPkGv.exe
  2⤵
  PID:4884
- C:\Windows\System\AkIJjTC.exe
  C:\Windows\System\AkIJjTC.exe
  2⤵
  PID:4900
- C:\Windows\System\WxmrSWU.exe
  C:\Windows\System\WxmrSWU.exe
  2⤵
  PID:4916
- C:\Windows\System\prprNBC.exe
  C:\Windows\System\prprNBC.exe
  2⤵
  PID:4932
- C:\Windows\System\ZQzRXWh.exe
  C:\Windows\System\ZQzRXWh.exe
  2⤵
  PID:4948
- C:\Windows\System\fgdUrjt.exe
  C:\Windows\System\fgdUrjt.exe
  2⤵
  PID:4964
- C:\Windows\System\qShEqnP.exe
  C:\Windows\System\qShEqnP.exe
  2⤵
  PID:4980
- C:\Windows\System\MJlHofG.exe
  C:\Windows\System\MJlHofG.exe
  2⤵
  PID:4996
- C:\Windows\System\ItAiFBi.exe
  C:\Windows\System\ItAiFBi.exe
  2⤵
  PID:5012
- C:\Windows\System\MxFNJtk.exe
  C:\Windows\System\MxFNJtk.exe
  2⤵
  PID:5028
- C:\Windows\System\XhCQISm.exe
  C:\Windows\System\XhCQISm.exe
  2⤵
  PID:5044
- C:\Windows\System\WbJCFEa.exe
  C:\Windows\System\WbJCFEa.exe
  2⤵
  PID:5060
- C:\Windows\System\vZvYgwo.exe
  C:\Windows\System\vZvYgwo.exe
  2⤵
  PID:5076
- C:\Windows\System\awzWurb.exe
  C:\Windows\System\awzWurb.exe
  2⤵
  PID:5092
- C:\Windows\System\SHVAzqD.exe
  C:\Windows\System\SHVAzqD.exe
  2⤵
  PID:5108
- C:\Windows\System\LKzzBFy.exe
  C:\Windows\System\LKzzBFy.exe
  2⤵
  PID:3436
- C:\Windows\System\jUvabsV.exe
  C:\Windows\System\jUvabsV.exe
  2⤵
  PID:4044
- C:\Windows\System\EzeJomw.exe
  C:\Windows\System\EzeJomw.exe
  2⤵
  PID:3180
- C:\Windows\System\DTNhEjN.exe
  C:\Windows\System\DTNhEjN.exe
  2⤵
  PID:3696
- C:\Windows\System\oSZToeE.exe
  C:\Windows\System\oSZToeE.exe
  2⤵
  PID:1476
- C:\Windows\System\RbIYGSa.exe
  C:\Windows\System\RbIYGSa.exe
  2⤵
  PID:3084
- C:\Windows\System\VOZlMnX.exe
  C:\Windows\System\VOZlMnX.exe
  2⤵
  PID:4160
- C:\Windows\System\LprBQLa.exe
  C:\Windows\System\LprBQLa.exe
  2⤵
  PID:4192
- C:\Windows\System\yQwYTwI.exe
  C:\Windows\System\yQwYTwI.exe
  2⤵
  PID:4208
- C:\Windows\System\QwxFpWQ.exe
  C:\Windows\System\QwxFpWQ.exe
  2⤵
  PID:4284
- C:\Windows\System\XbLxgPD.exe
  C:\Windows\System\XbLxgPD.exe
  2⤵
  PID:4272
- C:\Windows\System\YwATyVh.exe
  C:\Windows\System\YwATyVh.exe
  2⤵
  PID:4348
- C:\Windows\System\nUIKpnF.exe
  C:\Windows\System\nUIKpnF.exe
  2⤵
  PID:4352
- C:\Windows\System\LMXRiEw.exe
  C:\Windows\System\LMXRiEw.exe
  2⤵
  PID:4412
- C:\Windows\System\jKLxlXK.exe
  C:\Windows\System\jKLxlXK.exe
  2⤵
  PID:4368
- C:\Windows\System\nPMeMua.exe
  C:\Windows\System\nPMeMua.exe
  2⤵
  PID:4432
- C:\Windows\System\ogioSfp.exe
  C:\Windows\System\ogioSfp.exe
  2⤵
  PID:4464
- C:\Windows\System\nWPvVze.exe
  C:\Windows\System\nWPvVze.exe
  2⤵
  PID:4496
- C:\Windows\System\csmPfvG.exe
  C:\Windows\System\csmPfvG.exe
  2⤵
  PID:4528
- C:\Windows\System\tAdmpHY.exe
  C:\Windows\System\tAdmpHY.exe
  2⤵
  PID:4560
- C:\Windows\System\QEMVyUS.exe
  C:\Windows\System\QEMVyUS.exe
  2⤵
  PID:4608
- C:\Windows\System\lCroInI.exe
  C:\Windows\System\lCroInI.exe
  2⤵
  PID:4640
- C:\Windows\System\munpdLZ.exe
  C:\Windows\System\munpdLZ.exe
  2⤵
  PID:4656
- C:\Windows\System\NONYFRk.exe
  C:\Windows\System\NONYFRk.exe
  2⤵
  PID:4704
- C:\Windows\System\qJlywYK.exe
  C:\Windows\System\qJlywYK.exe
  2⤵
  PID:4720
- C:\Windows\System\okgPrPW.exe
  C:\Windows\System\okgPrPW.exe
  2⤵
  PID:4752
- C:\Windows\System\pGnRGsI.exe
  C:\Windows\System\pGnRGsI.exe
  2⤵
  PID:4784
- C:\Windows\System\ZwtzDOt.exe
  C:\Windows\System\ZwtzDOt.exe
  2⤵
  PID:4816
- C:\Windows\System\odbGJRL.exe
  C:\Windows\System\odbGJRL.exe
  2⤵
  PID:4848
- C:\Windows\System\wZzllOU.exe
  C:\Windows\System\wZzllOU.exe
  2⤵
  PID:4880
- C:\Windows\System\ImUpmhh.exe
  C:\Windows\System\ImUpmhh.exe
  2⤵
  PID:4928
- C:\Windows\System\gTtfdmo.exe
  C:\Windows\System\gTtfdmo.exe
  2⤵
  PID:4940
- C:\Windows\System\tCpRghD.exe
  C:\Windows\System\tCpRghD.exe
  2⤵
  PID:4976
- C:\Windows\System\yXsiTnu.exe
  C:\Windows\System\yXsiTnu.exe
  2⤵
  PID:5024
- C:\Windows\System\SQopUcT.exe
  C:\Windows\System\SQopUcT.exe
  2⤵
  PID:5040
- C:\Windows\System\xIdCwYc.exe
  C:\Windows\System\xIdCwYc.exe
  2⤵
  PID:5088
- C:\Windows\System\DJOdYNr.exe
  C:\Windows\System\DJOdYNr.exe
  2⤵
  PID:3776
- C:\Windows\System\mZALXVY.exe
  C:\Windows\System\mZALXVY.exe
  2⤵
  PID:3488
- C:\Windows\System\HaAaILQ.exe
  C:\Windows\System\HaAaILQ.exe
  2⤵
  PID:3724
- C:\Windows\System\xITfmOI.exe
  C:\Windows\System\xITfmOI.exe
  2⤵
  PID:4144
- C:\Windows\System\EYHyWfk.exe
  C:\Windows\System\EYHyWfk.exe
  2⤵
  PID:4176
- C:\Windows\System\AhrETUk.exe
  C:\Windows\System\AhrETUk.exe
  2⤵
  PID:4268
- C:\Windows\System\OeDKuTd.exe
  C:\Windows\System\OeDKuTd.exe
  2⤵
  PID:4336
- C:\Windows\System\ITzIWcK.exe
  C:\Windows\System\ITzIWcK.exe
  2⤵
  PID:2784
- C:\Windows\System\VdQuhNw.exe
  C:\Windows\System\VdQuhNw.exe
  2⤵
  PID:4448
- C:\Windows\System\LhZOQlP.exe
  C:\Windows\System\LhZOQlP.exe
  2⤵
  PID:4492
- C:\Windows\System\uzyYmaU.exe
  C:\Windows\System\uzyYmaU.exe
  2⤵
  PID:4576
- C:\Windows\System\qZychWv.exe
  C:\Windows\System\qZychWv.exe
  2⤵
  PID:4672
- C:\Windows\System\pkRMtNn.exe
  C:\Windows\System\pkRMtNn.exe
  2⤵
  PID:4688
- C:\Windows\System\PiRcdVS.exe
  C:\Windows\System\PiRcdVS.exe
  2⤵
  PID:4800
- C:\Windows\System\tpSPFcv.exe
  C:\Windows\System\tpSPFcv.exe
  2⤵
  PID:4864
- C:\Windows\System\DPOrtNx.exe
  C:\Windows\System\DPOrtNx.exe
  2⤵
  PID:4896
- C:\Windows\System\XgxIVbU.exe
  C:\Windows\System\XgxIVbU.exe
  2⤵
  PID:4960
- C:\Windows\System\eaLeCHL.exe
  C:\Windows\System\eaLeCHL.exe
  2⤵
  PID:5008
- C:\Windows\System\huXSByc.exe
  C:\Windows\System\huXSByc.exe
  2⤵
  PID:5084
- C:\Windows\System\laFFBAj.exe
  C:\Windows\System\laFFBAj.exe
  2⤵
  PID:2440
- C:\Windows\System\HjjtdUq.exe
  C:\Windows\System\HjjtdUq.exe
  2⤵
  PID:2428
- C:\Windows\System\jhteaKS.exe
  C:\Windows\System\jhteaKS.exe
  2⤵
  PID:4240
- C:\Windows\System\DDRUrdd.exe
  C:\Windows\System\DDRUrdd.exe
  2⤵
  PID:4460
- C:\Windows\System\NmUVqOG.exe
  C:\Windows\System\NmUVqOG.exe
  2⤵
  PID:4572
- C:\Windows\System\WInBGUL.exe
  C:\Windows\System\WInBGUL.exe
  2⤵
  PID:4512
- C:\Windows\System\bnHXCTz.exe
  C:\Windows\System\bnHXCTz.exe
  2⤵
  PID:4860
- C:\Windows\System\qkLlheQ.exe
  C:\Windows\System\qkLlheQ.exe
  2⤵
  PID:4988
- C:\Windows\System\KHAqBJD.exe
  C:\Windows\System\KHAqBJD.exe
  2⤵
  PID:3404
- C:\Windows\System\WMGrbFS.exe
  C:\Windows\System\WMGrbFS.exe
  2⤵
  PID:5004
- C:\Windows\System\oMOtRRk.exe
  C:\Windows\System\oMOtRRk.exe
  2⤵
  PID:4332
- C:\Windows\System\yzDiItP.exe
  C:\Windows\System\yzDiItP.exe
  2⤵
  PID:5128
- C:\Windows\System\nftejsR.exe
  C:\Windows\System\nftejsR.exe
  2⤵
  PID:5144
- C:\Windows\System\JNjwhil.exe
  C:\Windows\System\JNjwhil.exe
  2⤵
  PID:5160
- C:\Windows\System\ZjZCdeq.exe
  C:\Windows\System\ZjZCdeq.exe
  2⤵
  PID:5176
- C:\Windows\System\zDmXlJn.exe
  C:\Windows\System\zDmXlJn.exe
  2⤵
  PID:5192
- C:\Windows\System\SsBWqkX.exe
  C:\Windows\System\SsBWqkX.exe
  2⤵
  PID:5208
- C:\Windows\System\KhFSJYK.exe
  C:\Windows\System\KhFSJYK.exe
  2⤵
  PID:5224
- C:\Windows\System\ZibQfOI.exe
  C:\Windows\System\ZibQfOI.exe
  2⤵
  PID:5240
- C:\Windows\System\vssECOH.exe
  C:\Windows\System\vssECOH.exe
  2⤵
  PID:5256
- C:\Windows\System\HDNjrAi.exe
  C:\Windows\System\HDNjrAi.exe
  2⤵
  PID:5272
- C:\Windows\System\FCvAgcp.exe
  C:\Windows\System\FCvAgcp.exe
  2⤵
  PID:5288
- C:\Windows\System\itgVRfa.exe
  C:\Windows\System\itgVRfa.exe
  2⤵
  PID:5304
- C:\Windows\System\fiKNEjO.exe
  C:\Windows\System\fiKNEjO.exe
  2⤵
  PID:5324
- C:\Windows\System\DRYAknP.exe
  C:\Windows\System\DRYAknP.exe
  2⤵
  PID:5340
- C:\Windows\System\RsVuTJy.exe
  C:\Windows\System\RsVuTJy.exe
  2⤵
  PID:5356
- C:\Windows\System\cOTfuHN.exe
  C:\Windows\System\cOTfuHN.exe
  2⤵
  PID:5372
- C:\Windows\System\xDlpNel.exe
  C:\Windows\System\xDlpNel.exe
  2⤵
  PID:5388
- C:\Windows\System\wlsJGqF.exe
  C:\Windows\System\wlsJGqF.exe
  2⤵
  PID:5404
- C:\Windows\System\WfVIbmi.exe
  C:\Windows\System\WfVIbmi.exe
  2⤵
  PID:5420
- C:\Windows\System\ALqgaIc.exe
  C:\Windows\System\ALqgaIc.exe
  2⤵
  PID:5436
- C:\Windows\System\mgxtrHM.exe
  C:\Windows\System\mgxtrHM.exe
  2⤵
  PID:5452
- C:\Windows\System\XHcnIsE.exe
  C:\Windows\System\XHcnIsE.exe
  2⤵
  PID:5468
- C:\Windows\System\GOpeEBx.exe
  C:\Windows\System\GOpeEBx.exe
  2⤵
  PID:5484
- C:\Windows\System\LWaERTx.exe
  C:\Windows\System\LWaERTx.exe
  2⤵
  PID:5500
- C:\Windows\System\JnaODAI.exe
  C:\Windows\System\JnaODAI.exe
  2⤵
  PID:5516
- C:\Windows\System\PWrLmNl.exe
  C:\Windows\System\PWrLmNl.exe
  2⤵
  PID:5532
- C:\Windows\System\TJtAyJj.exe
  C:\Windows\System\TJtAyJj.exe
  2⤵
  PID:5548
- C:\Windows\System\MbPorXI.exe
  C:\Windows\System\MbPorXI.exe
  2⤵
  PID:5564
- C:\Windows\System\IMABHTg.exe
  C:\Windows\System\IMABHTg.exe
  2⤵
  PID:5580
- C:\Windows\System\wNNuRsa.exe
  C:\Windows\System\wNNuRsa.exe
  2⤵
  PID:5596
- C:\Windows\System\VWEsHnz.exe
  C:\Windows\System\VWEsHnz.exe
  2⤵
  PID:5612
- C:\Windows\System\xMpcBNB.exe
  C:\Windows\System\xMpcBNB.exe
  2⤵
  PID:5628
- C:\Windows\System\oEmuFZG.exe
  C:\Windows\System\oEmuFZG.exe
  2⤵
  PID:5644
- C:\Windows\System\SrEoxqD.exe
  C:\Windows\System\SrEoxqD.exe
  2⤵
  PID:5660
- C:\Windows\System\ongKbJr.exe
  C:\Windows\System\ongKbJr.exe
  2⤵
  PID:5676
- C:\Windows\System\XYWKhWj.exe
  C:\Windows\System\XYWKhWj.exe
  2⤵
  PID:5692
- C:\Windows\System\IzUHpPc.exe
  C:\Windows\System\IzUHpPc.exe
  2⤵
  PID:5708
- C:\Windows\System\nPsXvdZ.exe
  C:\Windows\System\nPsXvdZ.exe
  2⤵
  PID:5724
- C:\Windows\System\mgudLIy.exe
  C:\Windows\System\mgudLIy.exe
  2⤵
  PID:5740
- C:\Windows\System\WGeNmvi.exe
  C:\Windows\System\WGeNmvi.exe
  2⤵
  PID:5756
- C:\Windows\System\DauLfOH.exe
  C:\Windows\System\DauLfOH.exe
  2⤵
  PID:5772
- C:\Windows\System\GPMvgtc.exe
  C:\Windows\System\GPMvgtc.exe
  2⤵
  PID:5788
- C:\Windows\System\qPdezQU.exe
  C:\Windows\System\qPdezQU.exe
  2⤵
  PID:5804
- C:\Windows\System\Nvulzii.exe
  C:\Windows\System\Nvulzii.exe
  2⤵
  PID:5820
- C:\Windows\System\vyudXGu.exe
  C:\Windows\System\vyudXGu.exe
  2⤵
  PID:5836
- C:\Windows\System\pJHaTjl.exe
  C:\Windows\System\pJHaTjl.exe
  2⤵
  PID:5852
- C:\Windows\System\JiTqPeZ.exe
  C:\Windows\System\JiTqPeZ.exe
  2⤵
  PID:5868
- C:\Windows\System\qSBXamO.exe
  C:\Windows\System\qSBXamO.exe
  2⤵
  PID:5884
- C:\Windows\System\pilBIpj.exe
  C:\Windows\System\pilBIpj.exe
  2⤵
  PID:5900
- C:\Windows\System\wiPbxEA.exe
  C:\Windows\System\wiPbxEA.exe
  2⤵
  PID:5916
- C:\Windows\System\RWHnwkl.exe
  C:\Windows\System\RWHnwkl.exe
  2⤵
  PID:5932
- C:\Windows\System\nCrYWcb.exe
  C:\Windows\System\nCrYWcb.exe
  2⤵
  PID:5948
- C:\Windows\System\rYAlzLH.exe
  C:\Windows\System\rYAlzLH.exe
  2⤵
  PID:5964
- C:\Windows\System\igaTnNa.exe
  C:\Windows\System\igaTnNa.exe
  2⤵
  PID:5980
- C:\Windows\System\QYMrYmg.exe
  C:\Windows\System\QYMrYmg.exe
  2⤵
  PID:5996
- C:\Windows\System\mJIQJqi.exe
  C:\Windows\System\mJIQJqi.exe
  2⤵
  PID:6012
- C:\Windows\System\wcKPCZA.exe
  C:\Windows\System\wcKPCZA.exe
  2⤵
  PID:6028
- C:\Windows\System\uVOmKzj.exe
  C:\Windows\System\uVOmKzj.exe
  2⤵
  PID:6044
- C:\Windows\System\ApLWAmA.exe
  C:\Windows\System\ApLWAmA.exe
  2⤵
  PID:6060
- C:\Windows\System\TPQpUDU.exe
  C:\Windows\System\TPQpUDU.exe
  2⤵
  PID:6076
- C:\Windows\System\mYJtMwu.exe
  C:\Windows\System\mYJtMwu.exe
  2⤵
  PID:6092
- C:\Windows\System\HPFWTir.exe
  C:\Windows\System\HPFWTir.exe
  2⤵
  PID:6108
- C:\Windows\System\VCmRydA.exe
  C:\Windows\System\VCmRydA.exe
  2⤵
  PID:6124
- C:\Windows\System\OiWaWkD.exe
  C:\Windows\System\OiWaWkD.exe
  2⤵
  PID:6140
- C:\Windows\System\UslCyog.exe
  C:\Windows\System\UslCyog.exe
  2⤵
  PID:4636
- C:\Windows\System\BmOmbGW.exe
  C:\Windows\System\BmOmbGW.exe
  2⤵
  PID:4732
- C:\Windows\System\uJDWOKD.exe
  C:\Windows\System\uJDWOKD.exe
  2⤵
  PID:4944
- C:\Windows\System\vmJjSCM.exe
  C:\Windows\System\vmJjSCM.exe
  2⤵
  PID:5124
- C:\Windows\System\ugZPFyj.exe
  C:\Windows\System\ugZPFyj.exe
  2⤵
  PID:5156
- C:\Windows\System\vtZgSIz.exe
  C:\Windows\System\vtZgSIz.exe
  2⤵
  PID:5172
- C:\Windows\System\SkScQRb.exe
  C:\Windows\System\SkScQRb.exe
  2⤵
  PID:5220
- C:\Windows\System\gNUZklU.exe
  C:\Windows\System\gNUZklU.exe
  2⤵
  PID:5232
- C:\Windows\System\SPhDqZg.exe
  C:\Windows\System\SPhDqZg.exe
  2⤵
  PID:5264
- C:\Windows\System\VUOKuvy.exe
  C:\Windows\System\VUOKuvy.exe
  2⤵
  PID:5296
- C:\Windows\System\BoUzSwV.exe
  C:\Windows\System\BoUzSwV.exe
  2⤵
  PID:5352
- C:\Windows\System\wphccvr.exe
  C:\Windows\System\wphccvr.exe
  2⤵
  PID:5412
- C:\Windows\System\pjrTeqF.exe
  C:\Windows\System\pjrTeqF.exe
  2⤵
  PID:5396
- C:\Windows\System\bHTTfof.exe
  C:\Windows\System\bHTTfof.exe
  2⤵
  PID:5448
- C:\Windows\System\UjwwpAR.exe
  C:\Windows\System\UjwwpAR.exe
  2⤵
  PID:5460
- C:\Windows\System\arCoNKx.exe
  C:\Windows\System\arCoNKx.exe
  2⤵
  PID:5508
- C:\Windows\System\dRzXISV.exe
  C:\Windows\System\dRzXISV.exe
  2⤵
  PID:5540
- C:\Windows\System\PgLnVer.exe
  C:\Windows\System\PgLnVer.exe
  2⤵
  PID:5556
- C:\Windows\System\VcUfPWh.exe
  C:\Windows\System\VcUfPWh.exe
  2⤵
  PID:5604
- C:\Windows\System\HWEDFiL.exe
  C:\Windows\System\HWEDFiL.exe
  2⤵
  PID:5620
- C:\Windows\System\TeJsoSj.exe
  C:\Windows\System\TeJsoSj.exe
  2⤵
  PID:5624
- C:\Windows\System\uYMAlyT.exe
  C:\Windows\System\uYMAlyT.exe
  2⤵
  PID:2644
- C:\Windows\System\NGcFZnv.exe
  C:\Windows\System\NGcFZnv.exe
  2⤵
  PID:5700
- C:\Windows\System\TdyqSfv.exe
  C:\Windows\System\TdyqSfv.exe
  2⤵
  PID:5736
- C:\Windows\System\IvpPYIK.exe
  C:\Windows\System\IvpPYIK.exe
  2⤵
  PID:5764
- C:\Windows\System\jfhsycY.exe
  C:\Windows\System\jfhsycY.exe
  2⤵
  PID:5800
- C:\Windows\System\rPcUbdE.exe
  C:\Windows\System\rPcUbdE.exe
  2⤵
  PID:5812
- C:\Windows\System\ftguVuC.exe
  C:\Windows\System\ftguVuC.exe
  2⤵
  PID:5864
- C:\Windows\System\gPHWbJQ.exe
  C:\Windows\System\gPHWbJQ.exe
  2⤵
  PID:5848
- C:\Windows\System\BLfaIkN.exe
  C:\Windows\System\BLfaIkN.exe
  2⤵
  PID:5876
- C:\Windows\System\bIcLCmy.exe
  C:\Windows\System\bIcLCmy.exe
  2⤵
  PID:5880
- C:\Windows\System\xOxACGo.exe
  C:\Windows\System\xOxACGo.exe
  2⤵
  PID:5960
- C:\Windows\System\VfcmELw.exe
  C:\Windows\System\VfcmELw.exe
  2⤵
  PID:6024
- C:\Windows\System\SFLyMNY.exe
  C:\Windows\System\SFLyMNY.exe
  2⤵
  PID:2860
- C:\Windows\System\LZFNCky.exe
  C:\Windows\System\LZFNCky.exe
  2⤵
  PID:6120
- C:\Windows\System\LOBpMTd.exe
  C:\Windows\System\LOBpMTd.exe
  2⤵
  PID:4684
- C:\Windows\System\JhWxtOQ.exe
  C:\Windows\System\JhWxtOQ.exe
  2⤵
  PID:5976
- C:\Windows\System\OUTEDqK.exe
  C:\Windows\System\OUTEDqK.exe
  2⤵
  PID:2688
- C:\Windows\System\TDZVwVm.exe
  C:\Windows\System\TDZVwVm.exe
  2⤵
  PID:6072
- C:\Windows\System\uzoLJSQ.exe
  C:\Windows\System\uzoLJSQ.exe
  2⤵
  PID:6100
- C:\Windows\System\QFtjtZU.exe
  C:\Windows\System\QFtjtZU.exe
  2⤵
  PID:6136
- C:\Windows\System\jmFavKA.exe
  C:\Windows\System\jmFavKA.exe
  2⤵
  PID:4224
- C:\Windows\System\VJFJUJg.exe
  C:\Windows\System\VJFJUJg.exe
  2⤵
  PID:5248
- C:\Windows\System\PMbAPVo.exe
  C:\Windows\System\PMbAPVo.exe
  2⤵
  PID:5332
- C:\Windows\System\ZhFcfwf.exe
  C:\Windows\System\ZhFcfwf.exe
  2⤵
  PID:2836
- C:\Windows\System\GtjiAWc.exe
  C:\Windows\System\GtjiAWc.exe
  2⤵
  PID:5384
- C:\Windows\System\cuqIdXu.exe
  C:\Windows\System\cuqIdXu.exe
  2⤵
  PID:5480
- C:\Windows\System\bvfjlvW.exe
  C:\Windows\System\bvfjlvW.exe
  2⤵
  PID:5432
- C:\Windows\System\hVkSzno.exe
  C:\Windows\System\hVkSzno.exe
  2⤵
  PID:5572
- C:\Windows\System\MlIficB.exe
  C:\Windows\System\MlIficB.exe
  2⤵
  PID:5576
- C:\Windows\System\ZkcAqHX.exe
  C:\Windows\System\ZkcAqHX.exe
  2⤵
  PID:5608
- C:\Windows\System\DkYpPmh.exe
  C:\Windows\System\DkYpPmh.exe
  2⤵
  PID:5672
- C:\Windows\System\LvjqrrW.exe
  C:\Windows\System\LvjqrrW.exe
  2⤵
  PID:5732
- C:\Windows\System\fBOPcAu.exe
  C:\Windows\System\fBOPcAu.exe
  2⤵
  PID:5784
- C:\Windows\System\loVAQkY.exe
  C:\Windows\System\loVAQkY.exe
  2⤵
  PID:2732
- C:\Windows\System\SytbkdC.exe
  C:\Windows\System\SytbkdC.exe
  2⤵
  PID:5928
- C:\Windows\System\FUPpCeN.exe
  C:\Windows\System\FUPpCeN.exe
  2⤵
  PID:5992
- C:\Windows\System\arsmyMD.exe
  C:\Windows\System\arsmyMD.exe
  2⤵
  PID:1004
- C:\Windows\System\OLOhYvB.exe
  C:\Windows\System\OLOhYvB.exe
  2⤵
  PID:2700
- C:\Windows\System\desWvzj.exe
  C:\Windows\System\desWvzj.exe
  2⤵
  PID:4396
- C:\Windows\System\TusLlZn.exe
  C:\Windows\System\TusLlZn.exe
  2⤵
  PID:6068
- C:\Windows\System\dzoHgus.exe
  C:\Windows\System\dzoHgus.exe
  2⤵
  PID:2000
- C:\Windows\System\jyKUOeP.exe
  C:\Windows\System\jyKUOeP.exe
  2⤵
  PID:5140
- C:\Windows\System\YYVpPum.exe
  C:\Windows\System\YYVpPum.exe
  2⤵
  PID:2092
- C:\Windows\System\QJXmesr.exe
  C:\Windows\System\QJXmesr.exe
  2⤵
  PID:5252
- C:\Windows\System\vHDpslO.exe
  C:\Windows\System\vHDpslO.exe
  2⤵
  PID:2216
- C:\Windows\System\dKsiGoN.exe
  C:\Windows\System\dKsiGoN.exe
  2⤵
  PID:2864
- C:\Windows\System\BTaEAsV.exe
  C:\Windows\System\BTaEAsV.exe
  2⤵
  PID:5444
- C:\Windows\System\hibdQCL.exe
  C:\Windows\System\hibdQCL.exe
  2⤵
  PID:5716
- C:\Windows\System\VRnsGjw.exe
  C:\Windows\System\VRnsGjw.exe
  2⤵
  PID:2924
- C:\Windows\System\gqrVQfm.exe
  C:\Windows\System\gqrVQfm.exe
  2⤵
  PID:5828
- C:\Windows\System\woOwxWF.exe
  C:\Windows\System\woOwxWF.exe
  2⤵
  PID:5684
- C:\Windows\System\pmedqNc.exe
  C:\Windows\System\pmedqNc.exe
  2⤵
  PID:6312
- C:\Windows\System\GgLFCen.exe
  C:\Windows\System\GgLFCen.exe
  2⤵
  PID:6416
- C:\Windows\System\CHrAjGt.exe
  C:\Windows\System\CHrAjGt.exe
  2⤵
  PID:6544
- C:\Windows\System\eELGFUZ.exe
  C:\Windows\System\eELGFUZ.exe
  2⤵
  PID:6600
- C:\Windows\System\QgfvkvM.exe
  C:\Windows\System\QgfvkvM.exe
  2⤵
  PID:6628
- C:\Windows\System\YFjDmWk.exe
  C:\Windows\System\YFjDmWk.exe
  2⤵
  PID:6644
- C:\Windows\System\ntadQPH.exe
  C:\Windows\System\ntadQPH.exe
  2⤵
  PID:6660
- C:\Windows\System\FowPAgB.exe
  C:\Windows\System\FowPAgB.exe
  2⤵
  PID:6680
- C:\Windows\System\YdCMJCk.exe
  C:\Windows\System\YdCMJCk.exe
  2⤵
  PID:6696
- C:\Windows\System\ImCUgGv.exe
  C:\Windows\System\ImCUgGv.exe
  2⤵
  PID:6712
- C:\Windows\System\hAVUXsd.exe
  C:\Windows\System\hAVUXsd.exe
  2⤵
  PID:6728
- C:\Windows\System\YEjytNV.exe
  C:\Windows\System\YEjytNV.exe
  2⤵
  PID:6744
- C:\Windows\System\RlOoIwe.exe
  C:\Windows\System\RlOoIwe.exe
  2⤵
  PID:6760
- C:\Windows\System\GezvOSj.exe
  C:\Windows\System\GezvOSj.exe
  2⤵
  PID:6776
- C:\Windows\System\kdbMfqG.exe
  C:\Windows\System\kdbMfqG.exe
  2⤵
  PID:6792
- C:\Windows\System\IlEGWdZ.exe
  C:\Windows\System\IlEGWdZ.exe
  2⤵
  PID:6808
- C:\Windows\System\PaErbty.exe
  C:\Windows\System\PaErbty.exe
  2⤵
  PID:6824
- C:\Windows\System\fmnofgl.exe
  C:\Windows\System\fmnofgl.exe
  2⤵
  PID:6840
- C:\Windows\System\hxVVrvR.exe
  C:\Windows\System\hxVVrvR.exe
  2⤵
  PID:6856
- C:\Windows\System\hJsntsG.exe
  C:\Windows\System\hJsntsG.exe
  2⤵
  PID:6880
- C:\Windows\System\WLElaBf.exe
  C:\Windows\System\WLElaBf.exe
  2⤵
  PID:6896
- C:\Windows\System\ciYASkz.exe
  C:\Windows\System\ciYASkz.exe
  2⤵
  PID:6912
- C:\Windows\System\MeHlHqn.exe
  C:\Windows\System\MeHlHqn.exe
  2⤵
  PID:6928
- C:\Windows\System\PQmOxpH.exe
  C:\Windows\System\PQmOxpH.exe
  2⤵
  PID:6944
- C:\Windows\System\ZluWkpU.exe
  C:\Windows\System\ZluWkpU.exe
  2⤵
  PID:6960
- C:\Windows\System\peeEoAn.exe
  C:\Windows\System\peeEoAn.exe
  2⤵
  PID:6976
- C:\Windows\System\yAkefBO.exe
  C:\Windows\System\yAkefBO.exe
  2⤵
  PID:6992
- C:\Windows\System\OfLwckh.exe
  C:\Windows\System\OfLwckh.exe
  2⤵
  PID:7008
- C:\Windows\System\XbrlbfE.exe
  C:\Windows\System\XbrlbfE.exe
  2⤵
  PID:7024
- C:\Windows\System\ntATPGK.exe
  C:\Windows\System\ntATPGK.exe
  2⤵
  PID:7040
- C:\Windows\System\TwZcDTM.exe
  C:\Windows\System\TwZcDTM.exe
  2⤵
  PID:7056
- C:\Windows\System\GAcqHyu.exe
  C:\Windows\System\GAcqHyu.exe
  2⤵
  PID:7072
- C:\Windows\System\ImsMsGv.exe
  C:\Windows\System\ImsMsGv.exe
  2⤵
  PID:7088
- C:\Windows\System\Ujyxjkv.exe
  C:\Windows\System\Ujyxjkv.exe
  2⤵
  PID:7104
- C:\Windows\System\IUXghhI.exe
  C:\Windows\System\IUXghhI.exe
  2⤵
  PID:7120
- C:\Windows\System\wQkPlwn.exe
  C:\Windows\System\wQkPlwn.exe
  2⤵
  PID:7136
- C:\Windows\System\IEJUJYZ.exe
  C:\Windows\System\IEJUJYZ.exe
  2⤵
  PID:7156
- C:\Windows\System\cagTBYq.exe
  C:\Windows\System\cagTBYq.exe
  2⤵
  PID:1996
- C:\Windows\System\exFFxEk.exe
  C:\Windows\System\exFFxEk.exe
  2⤵
  PID:2724
- C:\Windows\System\gxjFMdi.exe
  C:\Windows\System\gxjFMdi.exe
  2⤵
  PID:5524
- C:\Windows\System\jyTPgqU.exe
  C:\Windows\System\jyTPgqU.exe
  2⤵
  PID:2656
- C:\Windows\System\TOpXMwB.exe
  C:\Windows\System\TOpXMwB.exe
  2⤵
  PID:5496
- C:\Windows\System\afGuLBh.exe
  C:\Windows\System\afGuLBh.exe
  2⤵
  PID:1880
- C:\Windows\System\GCgOKNV.exe
  C:\Windows\System\GCgOKNV.exe
  2⤵
  PID:2800
- C:\Windows\System\zKcRPuu.exe
  C:\Windows\System\zKcRPuu.exe
  2⤵
  PID:2044
- C:\Windows\System\OPTIQxu.exe
  C:\Windows\System\OPTIQxu.exe
  2⤵
  PID:2900
- C:\Windows\System\xWrFIbb.exe
  C:\Windows\System\xWrFIbb.exe
  2⤵
  PID:5152
- C:\Windows\System\sIAwCqr.exe
  C:\Windows\System\sIAwCqr.exe
  2⤵
  PID:5364
- C:\Windows\System\dmwPEjg.exe
  C:\Windows\System\dmwPEjg.exe
  2⤵
  PID:1968
- C:\Windows\System\FouRPSN.exe
  C:\Windows\System\FouRPSN.exe
  2⤵
  PID:5844
- C:\Windows\System\edKNfCy.exe
  C:\Windows\System\edKNfCy.exe
  2⤵
  PID:6152
- C:\Windows\System\bbscswQ.exe
  C:\Windows\System\bbscswQ.exe
  2⤵
  PID:6168
- C:\Windows\System\SrereAF.exe
  C:\Windows\System\SrereAF.exe
  2⤵
  PID:6184
- C:\Windows\System\EElaQJA.exe
  C:\Windows\System\EElaQJA.exe
  2⤵
  PID:6292
- C:\Windows\System\gAFmMMF.exe
  C:\Windows\System\gAFmMMF.exe
  2⤵
  PID:6440
- C:\Windows\System\IuhOWCF.exe
  C:\Windows\System\IuhOWCF.exe
  2⤵
  PID:6456
- C:\Windows\System\LcNOytM.exe
  C:\Windows\System\LcNOytM.exe
  2⤵
  PID:6472
- C:\Windows\System\MbkRuJg.exe
  C:\Windows\System\MbkRuJg.exe
  2⤵
  PID:6488
- C:\Windows\System\aXAUNUq.exe
  C:\Windows\System\aXAUNUq.exe
  2⤵
  PID:6512
- C:\Windows\System\SnGBDSA.exe
  C:\Windows\System\SnGBDSA.exe
  2⤵
  PID:6528
- C:\Windows\System\mteYicz.exe
  C:\Windows\System\mteYicz.exe
  2⤵
  PID:6608
- C:\Windows\System\objWFQJ.exe
  C:\Windows\System\objWFQJ.exe
  2⤵
  PID:6624
- C:\Windows\System\OrhCtpj.exe
  C:\Windows\System\OrhCtpj.exe
  2⤵
  PID:6568
- C:\Windows\System\EkfsMaB.exe
  C:\Windows\System\EkfsMaB.exe
  2⤵
  PID:6688
- C:\Windows\System\auLzgWx.exe
  C:\Windows\System\auLzgWx.exe
  2⤵
  PID:6752
- C:\Windows\System\uaUbGHL.exe
  C:\Windows\System\uaUbGHL.exe
  2⤵
  PID:6816
- C:\Windows\System\YugeLgp.exe
  C:\Windows\System\YugeLgp.exe
  2⤵
  PID:6800
- C:\Windows\System\WRclnRS.exe
  C:\Windows\System\WRclnRS.exe
  2⤵
  PID:6864
- C:\Windows\System\XOEMEPA.exe
  C:\Windows\System\XOEMEPA.exe
  2⤵
  PID:6868
- C:\Windows\System\eBaBUzk.exe
  C:\Windows\System\eBaBUzk.exe
  2⤵
  PID:7000
- C:\Windows\System\VJVeJLy.exe
  C:\Windows\System\VJVeJLy.exe
  2⤵
  PID:6892
- C:\Windows\System\BSfArou.exe
  C:\Windows\System\BSfArou.exe
  2⤵
  PID:6956
- C:\Windows\System\KkJAmfM.exe
  C:\Windows\System\KkJAmfM.exe
  2⤵
  PID:7032
- C:\Windows\System\NOpOVuG.exe
  C:\Windows\System\NOpOVuG.exe
  2⤵
  PID:7096
- C:\Windows\System\zuVfuGZ.exe
  C:\Windows\System\zuVfuGZ.exe
  2⤵
  PID:7164
- C:\Windows\System\ZBhUGks.exe
  C:\Windows\System\ZBhUGks.exe
  2⤵
  PID:5200
- C:\Windows\System\thOhfwt.exe
  C:\Windows\System\thOhfwt.exe
  2⤵
  PID:1508
- C:\Windows\System\jxsTulj.exe
  C:\Windows\System\jxsTulj.exe
  2⤵
  PID:5492
- C:\Windows\System\ZGvDDxD.exe
  C:\Windows\System\ZGvDDxD.exe
  2⤵
  PID:7084
- C:\Windows\System\KdwwiGI.exe
  C:\Windows\System\KdwwiGI.exe
  2⤵
  PID:7152
- C:\Windows\System\sATbrPk.exe
  C:\Windows\System\sATbrPk.exe
  2⤵
  PID:2840
- C:\Windows\System\uMJXxAA.exe
  C:\Windows\System\uMJXxAA.exe
  2⤵
  PID:2884
- C:\Windows\System\jvZchoK.exe
  C:\Windows\System\jvZchoK.exe
  2⤵
  PID:5640
- C:\Windows\System\GQcQOIV.exe
  C:\Windows\System\GQcQOIV.exe
  2⤵
  PID:5636
- C:\Windows\System\qnPhMPn.exe
  C:\Windows\System\qnPhMPn.exe
  2⤵
  PID:6164
- C:\Windows\System\cxSYICW.exe
  C:\Windows\System\cxSYICW.exe
  2⤵
  PID:6084
- C:\Windows\System\BBTLZSm.exe
  C:\Windows\System\BBTLZSm.exe
  2⤵
  PID:6204
- C:\Windows\System\ZLCJkWX.exe
  C:\Windows\System\ZLCJkWX.exe
  2⤵
  PID:6216
- C:\Windows\System\kaUqEwb.exe
  C:\Windows\System\kaUqEwb.exe
  2⤵
  PID:2120
- C:\Windows\System\spBlJcY.exe
  C:\Windows\System\spBlJcY.exe
  2⤵
  PID:6268
- C:\Windows\System\XPVIEFO.exe
  C:\Windows\System\XPVIEFO.exe
  2⤵
  PID:6280
- C:\Windows\System\ImyKKnm.exe
  C:\Windows\System\ImyKKnm.exe
  2⤵
  PID:6368
- C:\Windows\System\XOlzduJ.exe
  C:\Windows\System\XOlzduJ.exe
  2⤵
  PID:6400
- C:\Windows\System\oDkgudn.exe
  C:\Windows\System\oDkgudn.exe
  2⤵
  PID:6288
- C:\Windows\System\qkQOCpY.exe
  C:\Windows\System\qkQOCpY.exe
  2⤵
  PID:6372
- C:\Windows\System\LLtDIaJ.exe
  C:\Windows\System\LLtDIaJ.exe
  2⤵
  PID:6396
- C:\Windows\System\LmDHIPr.exe
  C:\Windows\System\LmDHIPr.exe
  2⤵
  PID:6572
- C:\Windows\System\faYcojT.exe
  C:\Windows\System\faYcojT.exe
  2⤵
  PID:6584
- C:\Windows\System\tYzhBjA.exe
  C:\Windows\System\tYzhBjA.exe
  2⤵
  PID:6736
- C:\Windows\System\gWqVzbt.exe
  C:\Windows\System\gWqVzbt.exe
  2⤵
  PID:6468
- C:\Windows\System\RVUmwgu.exe
  C:\Windows\System\RVUmwgu.exe
  2⤵
  PID:6640
- C:\Windows\System\bIUiUpp.exe
  C:\Windows\System\bIUiUpp.exe
  2⤵
  PID:6508
- C:\Windows\System\LOEaqzZ.exe
  C:\Windows\System\LOEaqzZ.exe
  2⤵
  PID:6448
- C:\Windows\System\XzuJFPP.exe
  C:\Windows\System\XzuJFPP.exe
  2⤵
  PID:6772
- C:\Windows\System\tuabjxm.exe
  C:\Windows\System\tuabjxm.exe
  2⤵
  PID:6524
- C:\Windows\System\BGKubJb.exe
  C:\Windows\System\BGKubJb.exe
  2⤵
  PID:6484
- C:\Windows\System\oTvVzSa.exe
  C:\Windows\System\oTvVzSa.exe
  2⤵
  PID:6848
- C:\Windows\System\tKhiiZo.exe
  C:\Windows\System\tKhiiZo.exe
  2⤵
  PID:7004
- C:\Windows\System\FmbdNQB.exe
  C:\Windows\System\FmbdNQB.exe
  2⤵
  PID:6596
- C:\Windows\System\eaHbwJa.exe
  C:\Windows\System\eaHbwJa.exe
  2⤵
  PID:6832
- C:\Windows\System\gWgmuvE.exe
  C:\Windows\System\gWgmuvE.exe
  2⤵
  PID:7064
- C:\Windows\System\LydreKH.exe
  C:\Windows\System\LydreKH.exe
  2⤵
  PID:7116
- C:\Windows\System\YXiJyVF.exe
  C:\Windows\System\YXiJyVF.exe
  2⤵
  PID:6988
- C:\Windows\System\oLJBSxi.exe
  C:\Windows\System\oLJBSxi.exe
  2⤵
  PID:1520
- C:\Windows\System\fwdmmUb.exe
  C:\Windows\System\fwdmmUb.exe
  2⤵
  PID:5380
- C:\Windows\System\oThxNak.exe
  C:\Windows\System\oThxNak.exe
  2⤵
  PID:6236
- C:\Windows\System\aarAaGK.exe
  C:\Windows\System\aarAaGK.exe
  2⤵
  PID:6056
- C:\Windows\System\IqpirqN.exe
  C:\Windows\System\IqpirqN.exe
  2⤵
  PID:6356
- C:\Windows\System\gRdsmbp.exe
  C:\Windows\System\gRdsmbp.exe
  2⤵
  PID:6196
- C:\Windows\System\RmswclM.exe
  C:\Windows\System\RmswclM.exe
  2⤵
  PID:6332
- C:\Windows\System\uirmPSc.exe
  C:\Windows\System\uirmPSc.exe
  2⤵
  PID:6320
- C:\Windows\System\QhdsiFg.exe
  C:\Windows\System\QhdsiFg.exe
  2⤵
  PID:6360
- C:\Windows\System\HpfrzfY.exe
  C:\Windows\System\HpfrzfY.exe
  2⤵
  PID:6768
- C:\Windows\System\qJTZmco.exe
  C:\Windows\System\qJTZmco.exe
  2⤵
  PID:6672
- C:\Windows\System\ooEsYNg.exe
  C:\Windows\System\ooEsYNg.exe
  2⤵
  PID:6496
- C:\Windows\System\IxmFEAG.exe
  C:\Windows\System\IxmFEAG.exe
  2⤵
  PID:6520
- C:\Windows\System\bqnOTgi.exe
  C:\Windows\System\bqnOTgi.exe
  2⤵
  PID:872
- C:\Windows\System\uVGafVy.exe
  C:\Windows\System\uVGafVy.exe
  2⤵
  PID:7132
- C:\Windows\System\PqRlCXx.exe
  C:\Windows\System\PqRlCXx.exe
  2⤵
  PID:6252
- C:\Windows\System\ZftaIkA.exe
  C:\Windows\System\ZftaIkA.exe
  2⤵
  PID:6392
- C:\Windows\System\jSPuSvF.exe
  C:\Windows\System\jSPuSvF.exe
  2⤵
  PID:2972
- C:\Windows\System\CESfyLB.exe
  C:\Windows\System\CESfyLB.exe
  2⤵
  PID:1048
- C:\Windows\System\odAqsmc.exe
  C:\Windows\System\odAqsmc.exe
  2⤵
  PID:7128
- C:\Windows\System\GgTZxrp.exe
  C:\Windows\System\GgTZxrp.exe
  2⤵
  PID:7184
- C:\Windows\System\qQIPewo.exe
  C:\Windows\System\qQIPewo.exe
  2⤵
  PID:7200
- C:\Windows\System\DIkqAmO.exe
  C:\Windows\System\DIkqAmO.exe
  2⤵
  PID:7216
- C:\Windows\System\oBoZpdr.exe
  C:\Windows\System\oBoZpdr.exe
  2⤵
  PID:7232
- C:\Windows\System\NNQHjQP.exe
  C:\Windows\System\NNQHjQP.exe
  2⤵
  PID:7248
- C:\Windows\System\hDHQoRh.exe
  C:\Windows\System\hDHQoRh.exe
  2⤵
  PID:7264
- C:\Windows\System\pEkyJgZ.exe
  C:\Windows\System\pEkyJgZ.exe
  2⤵
  PID:7280
- C:\Windows\System\VyhMhGx.exe
  C:\Windows\System\VyhMhGx.exe
  2⤵
  PID:7296
- C:\Windows\System\CkKNpGL.exe
  C:\Windows\System\CkKNpGL.exe
  2⤵
  PID:7312
- C:\Windows\System\xWnZHxH.exe
  C:\Windows\System\xWnZHxH.exe
  2⤵
  PID:7328
- C:\Windows\System\xtPDMZC.exe
  C:\Windows\System\xtPDMZC.exe
  2⤵
  PID:7344
- C:\Windows\System\AsfSIZA.exe
  C:\Windows\System\AsfSIZA.exe
  2⤵
  PID:7360
- C:\Windows\System\UdAaQBV.exe
  C:\Windows\System\UdAaQBV.exe
  2⤵
  PID:7376
- C:\Windows\System\yTWUkbH.exe
  C:\Windows\System\yTWUkbH.exe
  2⤵
  PID:7392
- C:\Windows\System\TBZBkkZ.exe
  C:\Windows\System\TBZBkkZ.exe
  2⤵
  PID:7408
- C:\Windows\System\CUcXWdH.exe
  C:\Windows\System\CUcXWdH.exe
  2⤵
  PID:7424
- C:\Windows\System\NZWVpOB.exe
  C:\Windows\System\NZWVpOB.exe
  2⤵
  PID:7440
- C:\Windows\System\IoLojTb.exe
  C:\Windows\System\IoLojTb.exe
  2⤵
  PID:7456
- C:\Windows\System\lKsuqPq.exe
  C:\Windows\System\lKsuqPq.exe
  2⤵
  PID:7472
- C:\Windows\System\CFihesb.exe
  C:\Windows\System\CFihesb.exe
  2⤵
  PID:7488
- C:\Windows\System\xnoCTYT.exe
  C:\Windows\System\xnoCTYT.exe
  2⤵
  PID:7504
- C:\Windows\System\ZnEYLDi.exe
  C:\Windows\System\ZnEYLDi.exe
  2⤵
  PID:7520
- C:\Windows\System\qgdgYeG.exe
  C:\Windows\System\qgdgYeG.exe
  2⤵
  PID:7540
- C:\Windows\System\rCeLuRp.exe
  C:\Windows\System\rCeLuRp.exe
  2⤵
  PID:7556
- C:\Windows\System\LxxSjmU.exe
  C:\Windows\System\LxxSjmU.exe
  2⤵
  PID:7572
- C:\Windows\System\oWcpToS.exe
  C:\Windows\System\oWcpToS.exe
  2⤵
  PID:7588
- C:\Windows\System\ayRmUAf.exe
  C:\Windows\System\ayRmUAf.exe
  2⤵
  PID:7604
- C:\Windows\System\WRHvCgW.exe
  C:\Windows\System\WRHvCgW.exe
  2⤵
  PID:7620
- C:\Windows\System\aNdOSqG.exe
  C:\Windows\System\aNdOSqG.exe
  2⤵
  PID:7636
- C:\Windows\System\KRisHsc.exe
  C:\Windows\System\KRisHsc.exe
  2⤵
  PID:7652
- C:\Windows\System\HDPmWHx.exe
  C:\Windows\System\HDPmWHx.exe
  2⤵
  PID:7668
- C:\Windows\System\ySwVVlM.exe
  C:\Windows\System\ySwVVlM.exe
  2⤵
  PID:7684
- C:\Windows\System\nOiPSkA.exe
  C:\Windows\System\nOiPSkA.exe
  2⤵
  PID:7700
- C:\Windows\System\ASvGNWH.exe
  C:\Windows\System\ASvGNWH.exe
  2⤵
  PID:7716
- C:\Windows\System\fdiiCTX.exe
  C:\Windows\System\fdiiCTX.exe
  2⤵
  PID:7732
- C:\Windows\System\GFNoKdV.exe
  C:\Windows\System\GFNoKdV.exe
  2⤵
  PID:7748
- C:\Windows\System\bYLtjyy.exe
  C:\Windows\System\bYLtjyy.exe
  2⤵
  PID:7764
- C:\Windows\System\vvdLPlt.exe
  C:\Windows\System\vvdLPlt.exe
  2⤵
  PID:7780
- C:\Windows\System\uImGnlc.exe
  C:\Windows\System\uImGnlc.exe
  2⤵
  PID:7796
- C:\Windows\System\kDYfTsN.exe
  C:\Windows\System\kDYfTsN.exe
  2⤵
  PID:7812
- C:\Windows\System\jCtUSUm.exe
  C:\Windows\System\jCtUSUm.exe
  2⤵
  PID:7828
- C:\Windows\System\SNyaeHG.exe
  C:\Windows\System\SNyaeHG.exe
  2⤵
  PID:7844
- C:\Windows\System\WJNHKdQ.exe
  C:\Windows\System\WJNHKdQ.exe
  2⤵
  PID:7860
- C:\Windows\System\OqTyuYx.exe
  C:\Windows\System\OqTyuYx.exe
  2⤵
  PID:7876
- C:\Windows\System\NxTMutA.exe
  C:\Windows\System\NxTMutA.exe
  2⤵
  PID:7892
- C:\Windows\System\hcKKvtU.exe
  C:\Windows\System\hcKKvtU.exe
  2⤵
  PID:7908
- C:\Windows\System\AyNVwFp.exe
  C:\Windows\System\AyNVwFp.exe
  2⤵
  PID:7924
- C:\Windows\System\mJhTlPk.exe
  C:\Windows\System\mJhTlPk.exe
  2⤵
  PID:7940
- C:\Windows\System\JUWspyO.exe
  C:\Windows\System\JUWspyO.exe
  2⤵
  PID:7956
- C:\Windows\System\fldldGo.exe
  C:\Windows\System\fldldGo.exe
  2⤵
  PID:7972
- C:\Windows\System\QxJvuzE.exe
  C:\Windows\System\QxJvuzE.exe
  2⤵
  PID:7988
- C:\Windows\System\siNZCZh.exe
  C:\Windows\System\siNZCZh.exe
  2⤵
  PID:8072
- C:\Windows\System\DSeXGur.exe
  C:\Windows\System\DSeXGur.exe
  2⤵
  PID:8164
- C:\Windows\System\RHLcURe.exe
  C:\Windows\System\RHLcURe.exe
  2⤵
  PID:6708
- C:\Windows\System\hnEJYPz.exe
  C:\Windows\System\hnEJYPz.exe
  2⤵
  PID:1564
- C:\Windows\System\swjzhJQ.exe
  C:\Windows\System\swjzhJQ.exe
  2⤵
  PID:7144
- C:\Windows\System\NUanZLX.exe
  C:\Windows\System\NUanZLX.exe
  2⤵
  PID:6212
- C:\Windows\System\GsxyuTD.exe
  C:\Windows\System\GsxyuTD.exe
  2⤵
  PID:6176
- C:\Windows\System\KGPmpyS.exe
  C:\Windows\System\KGPmpyS.exe
  2⤵
  PID:6388
- C:\Windows\System\ToSGeVT.exe
  C:\Windows\System\ToSGeVT.exe
  2⤵
  PID:6788
- C:\Windows\System\zTfAPJU.exe
  C:\Windows\System\zTfAPJU.exe
  2⤵
  PID:6308
- C:\Windows\System\jvgsMOF.exe
  C:\Windows\System\jvgsMOF.exe
  2⤵
  PID:7276
- C:\Windows\System\oLTgKpe.exe
  C:\Windows\System\oLTgKpe.exe
  2⤵
  PID:7368
- C:\Windows\System\SceenTw.exe
  C:\Windows\System\SceenTw.exe
  2⤵
  PID:7192
- C:\Windows\System\LtGDhCm.exe
  C:\Windows\System\LtGDhCm.exe
  2⤵
  PID:7400
- C:\Windows\System\yqzLhBs.exe
  C:\Windows\System\yqzLhBs.exe
  2⤵
  PID:7464
- C:\Windows\System\FnUagsO.exe
  C:\Windows\System\FnUagsO.exe
  2⤵
  PID:7496
- C:\Windows\System\YiQIVbw.exe
  C:\Windows\System\YiQIVbw.exe
  2⤵
  PID:7260
- C:\Windows\System\wvjrZRy.exe
  C:\Windows\System\wvjrZRy.exe
  2⤵
  PID:7352
- C:\Windows\System\RCailUp.exe
  C:\Windows\System\RCailUp.exe
  2⤵
  PID:7564
- C:\Windows\System\AmnkYch.exe
  C:\Windows\System\AmnkYch.exe
  2⤵
  PID:7600
- C:\Windows\System\qrxFTQZ.exe
  C:\Windows\System\qrxFTQZ.exe
  2⤵
  PID:7420
- C:\Windows\System\JsvAHzn.exe
  C:\Windows\System\JsvAHzn.exe
  2⤵
  PID:7632
- C:\Windows\System\lwTDBSB.exe
  C:\Windows\System\lwTDBSB.exe
  2⤵
  PID:7692
- C:\Windows\System\mPDwpXR.exe
  C:\Windows\System\mPDwpXR.exe
  2⤵
  PID:7788
- C:\Windows\System\UKSxCon.exe
  C:\Windows\System\UKSxCon.exe
  2⤵
  PID:7824
- C:\Windows\System\FoaFgvV.exe
  C:\Windows\System\FoaFgvV.exe
  2⤵
  PID:7512
- C:\Windows\System\XjqSNhx.exe
  C:\Windows\System\XjqSNhx.exe
  2⤵
  PID:7916
- C:\Windows\System\yFuNoIM.exe
  C:\Windows\System\yFuNoIM.exe
  2⤵
  PID:7548
- C:\Windows\System\PFEfiIn.exe
  C:\Windows\System\PFEfiIn.exe
  2⤵
  PID:7772
- C:\Windows\System\qaJYcJk.exe
  C:\Windows\System\qaJYcJk.exe
  2⤵
  PID:7616
- C:\Windows\System\bhruUAT.exe
  C:\Windows\System\bhruUAT.exe
  2⤵
  PID:7680
- C:\Windows\System\KLIsfyx.exe
  C:\Windows\System\KLIsfyx.exe
  2⤵
  PID:7744
- C:\Windows\System\zHwIxMJ.exe
  C:\Windows\System\zHwIxMJ.exe
  2⤵
  PID:7836
- C:\Windows\System\SjQauFw.exe
  C:\Windows\System\SjQauFw.exe
  2⤵
  PID:7900
- C:\Windows\System\gAeeORa.exe
  C:\Windows\System\gAeeORa.exe
  2⤵
  PID:7936
- C:\Windows\System\PtgOklg.exe
  C:\Windows\System\PtgOklg.exe
  2⤵
  PID:6040
- C:\Windows\System\BeRoLKK.exe
  C:\Windows\System\BeRoLKK.exe
  2⤵
  PID:8032
- C:\Windows\System\XspCYeq.exe
  C:\Windows\System\XspCYeq.exe
  2⤵
  PID:8048
- C:\Windows\System\JMQGJkW.exe
  C:\Windows\System\JMQGJkW.exe
  2⤵
  PID:8060
- C:\Windows\System\uBvmMEq.exe
  C:\Windows\System\uBvmMEq.exe
  2⤵
  PID:8088
- C:\Windows\System\zSuasGn.exe
  C:\Windows\System\zSuasGn.exe
  2⤵
  PID:8096
- C:\Windows\System\UijjCWf.exe
  C:\Windows\System\UijjCWf.exe
  2⤵
  PID:8136
- C:\Windows\System\xOqttwY.exe
  C:\Windows\System\xOqttwY.exe
  2⤵
  PID:7080
- C:\Windows\System\iXFgbUD.exe
  C:\Windows\System\iXFgbUD.exe
  2⤵
  PID:8172
- C:\Windows\System\xjrCpui.exe
  C:\Windows\System\xjrCpui.exe
  2⤵
  PID:7176
- C:\Windows\System\QxOFcKH.exe
  C:\Windows\System\QxOFcKH.exe
  2⤵
  PID:6676
- C:\Windows\System\rFiOYJE.exe
  C:\Windows\System\rFiOYJE.exe
  2⤵
  PID:7212
- C:\Windows\System\wBJhaFs.exe
  C:\Windows\System\wBJhaFs.exe
  2⤵
  PID:6784
- C:\Windows\System\GzIjWan.exe
  C:\Windows\System\GzIjWan.exe
  2⤵
  PID:6740
- C:\Windows\System\PphfBps.exe
  C:\Windows\System\PphfBps.exe
  2⤵
  PID:7256
- C:\Windows\System\HEyKZvf.exe
  C:\Windows\System\HEyKZvf.exe
  2⤵
  PID:7388
- C:\Windows\System\SdLRtNL.exe
  C:\Windows\System\SdLRtNL.exe
  2⤵
  PID:7820
- C:\Windows\System\QVLeIGc.exe
  C:\Windows\System\QVLeIGc.exe
  2⤵
  PID:7580
- C:\Windows\System\VipiMSS.exe
  C:\Windows\System\VipiMSS.exe
  2⤵
  PID:7980
- C:\Windows\System\XrchWcz.exe
  C:\Windows\System\XrchWcz.exe
  2⤵
  PID:6276
- C:\Windows\System\vxmgpOR.exe
  C:\Windows\System\vxmgpOR.exe
  2⤵
  PID:7336
- C:\Windows\System\vENfOPm.exe
  C:\Windows\System\vENfOPm.exe
  2⤵
  PID:7292
- C:\Windows\System\OamGPlY.exe
  C:\Windows\System\OamGPlY.exe
  2⤵
  PID:7452
- C:\Windows\System\MEgrAgy.exe
  C:\Windows\System\MEgrAgy.exe
  2⤵
  PID:7648
- C:\Windows\System\PHOdobB.exe
  C:\Windows\System\PHOdobB.exe
  2⤵
  PID:2232
- C:\Windows\System\AJVDrai.exe
  C:\Windows\System\AJVDrai.exe
  2⤵
  PID:7712
- C:\Windows\System\UnywKoD.exe
  C:\Windows\System\UnywKoD.exe
  2⤵
  PID:7868
- C:\Windows\System\hEBOCiE.exe
  C:\Windows\System\hEBOCiE.exe
  2⤵
  PID:8056
- C:\Windows\System\nyIQPPT.exe
  C:\Windows\System\nyIQPPT.exe
  2⤵
  PID:8100
- C:\Windows\System\QqbXFXJ.exe
  C:\Windows\System\QqbXFXJ.exe
  2⤵
  PID:8184
- C:\Windows\System\dOwRoHP.exe
  C:\Windows\System\dOwRoHP.exe
  2⤵
  PID:8068
- C:\Windows\System\VGZqRmN.exe
  C:\Windows\System\VGZqRmN.exe
  2⤵
  PID:7272
- C:\Windows\System\faNIOTF.exe
  C:\Windows\System\faNIOTF.exe
  2⤵
  PID:7884
- C:\Windows\System\AddSofZ.exe
  C:\Windows\System\AddSofZ.exe
  2⤵
  PID:6284
- C:\Windows\System\IvNNRsY.exe
  C:\Windows\System\IvNNRsY.exe
  2⤵
  PID:6636
- C:\Windows\System\JBuCbjv.exe
  C:\Windows\System\JBuCbjv.exe
  2⤵
  PID:8132
- C:\Windows\System\GQKbROr.exe
  C:\Windows\System\GQKbROr.exe
  2⤵
  PID:7984
- C:\Windows\System\OQsHbon.exe
  C:\Windows\System\OQsHbon.exe
  2⤵
  PID:7536
- C:\Windows\System\EBddPfq.exe
  C:\Windows\System\EBddPfq.exe
  2⤵
  PID:7052
- C:\Windows\System\dwzDOPW.exe
  C:\Windows\System\dwzDOPW.exe
  2⤵
  PID:6480
- C:\Windows\System\ukJJXYp.exe
  C:\Windows\System\ukJJXYp.exe
  2⤵
  PID:6296
- C:\Windows\System\qkFkgrU.exe
  C:\Windows\System\qkFkgrU.exe
  2⤵
  PID:7696
- C:\Windows\System\kKDiobX.exe
  C:\Windows\System\kKDiobX.exe
  2⤵
  PID:7996
- C:\Windows\System\tyGXdXx.exe
  C:\Windows\System\tyGXdXx.exe
  2⤵
  PID:7584
- C:\Windows\System\prFQkor.exe
  C:\Windows\System\prFQkor.exe
  2⤵
  PID:7416
- C:\Windows\System\wcToymb.exe
  C:\Windows\System\wcToymb.exe
  2⤵
  PID:7756
- C:\Windows\System\ufrjlMv.exe
  C:\Windows\System\ufrjlMv.exe
  2⤵
  PID:7436
- C:\Windows\System\qhAaNJl.exe
  C:\Windows\System\qhAaNJl.exe
  2⤵
  PID:8208
- C:\Windows\System\mCKhAtS.exe
  C:\Windows\System\mCKhAtS.exe
  2⤵
  PID:8224
- C:\Windows\System\RtXjTLo.exe
  C:\Windows\System\RtXjTLo.exe
  2⤵
  PID:8240
- C:\Windows\System\ScHJYRn.exe
  C:\Windows\System\ScHJYRn.exe
  2⤵
  PID:8256
- C:\Windows\System\EeTRsbx.exe
  C:\Windows\System\EeTRsbx.exe
  2⤵
  PID:8272
- C:\Windows\System\zZWHmrk.exe
  C:\Windows\System\zZWHmrk.exe
  2⤵
  PID:8288
- C:\Windows\System\TcyICgX.exe
  C:\Windows\System\TcyICgX.exe
  2⤵
  PID:8304
- C:\Windows\System\FuBbdZq.exe
  C:\Windows\System\FuBbdZq.exe
  2⤵
  PID:8320
- C:\Windows\System\onIqtqu.exe
  C:\Windows\System\onIqtqu.exe
  2⤵
  PID:8336
- C:\Windows\System\FfDdMGE.exe
  C:\Windows\System\FfDdMGE.exe
  2⤵
  PID:8352
- C:\Windows\System\qLdgOTv.exe
  C:\Windows\System\qLdgOTv.exe
  2⤵
  PID:8368
- C:\Windows\System\qvhIrrT.exe
  C:\Windows\System\qvhIrrT.exe
  2⤵
  PID:8384
- C:\Windows\System\FFwStuM.exe
  C:\Windows\System\FFwStuM.exe
  2⤵
  PID:8400
- C:\Windows\System\gLiAgft.exe
  C:\Windows\System\gLiAgft.exe
  2⤵
  PID:8416
- C:\Windows\System\PHeWWdi.exe
  C:\Windows\System\PHeWWdi.exe
  2⤵
  PID:8432
- C:\Windows\System\GenyWDc.exe
  C:\Windows\System\GenyWDc.exe
  2⤵
  PID:8448
- C:\Windows\System\URNVcEK.exe
  C:\Windows\System\URNVcEK.exe
  2⤵
  PID:8464
- C:\Windows\System\SIznlls.exe
  C:\Windows\System\SIznlls.exe
  2⤵
  PID:8480
- C:\Windows\System\gvKzCZD.exe
  C:\Windows\System\gvKzCZD.exe
  2⤵
  PID:8496
- C:\Windows\System\MgagIUf.exe
  C:\Windows\System\MgagIUf.exe
  2⤵
  PID:8512
- C:\Windows\System\qfsEYUp.exe
  C:\Windows\System\qfsEYUp.exe
  2⤵
  PID:8528
- C:\Windows\System\idrQSXN.exe
  C:\Windows\System\idrQSXN.exe
  2⤵
  PID:8544
- C:\Windows\System\oueEYNi.exe
  C:\Windows\System\oueEYNi.exe
  2⤵
  PID:8560
- C:\Windows\System\BVdhXuG.exe
  C:\Windows\System\BVdhXuG.exe
  2⤵
  PID:8576
- C:\Windows\System\JzMnqCt.exe
  C:\Windows\System\JzMnqCt.exe
  2⤵
  PID:8592
- C:\Windows\System\XZLJNyn.exe
  C:\Windows\System\XZLJNyn.exe
  2⤵
  PID:8608
- C:\Windows\System\ZBMJFhg.exe
  C:\Windows\System\ZBMJFhg.exe
  2⤵
  PID:8624
- C:\Windows\System\rQstEGa.exe
  C:\Windows\System\rQstEGa.exe
  2⤵
  PID:8640
- C:\Windows\System\anpqUZf.exe
  C:\Windows\System\anpqUZf.exe
  2⤵
  PID:8656
- C:\Windows\System\SRtZRvQ.exe
  C:\Windows\System\SRtZRvQ.exe
  2⤵
  PID:8672
- C:\Windows\System\lzAbETA.exe
  C:\Windows\System\lzAbETA.exe
  2⤵
  PID:8688
- C:\Windows\System\PRmRPXM.exe
  C:\Windows\System\PRmRPXM.exe
  2⤵
  PID:8704
- C:\Windows\System\ZehmPPh.exe
  C:\Windows\System\ZehmPPh.exe
  2⤵
  PID:8720
- C:\Windows\System\uZAUwLP.exe
  C:\Windows\System\uZAUwLP.exe
  2⤵
  PID:8736
- C:\Windows\System\BHFfsvM.exe
  C:\Windows\System\BHFfsvM.exe
  2⤵
  PID:8752
- C:\Windows\System\cPPSJWH.exe
  C:\Windows\System\cPPSJWH.exe
  2⤵
  PID:8768
- C:\Windows\System\LUiNbKC.exe
  C:\Windows\System\LUiNbKC.exe
  2⤵
  PID:8784
- C:\Windows\System\FpWsMyu.exe
  C:\Windows\System\FpWsMyu.exe
  2⤵
  PID:8800
- C:\Windows\System\nNyIEHi.exe
  C:\Windows\System\nNyIEHi.exe
  2⤵
  PID:8816
- C:\Windows\System\aJtApJX.exe
  C:\Windows\System\aJtApJX.exe
  2⤵
  PID:8832
- C:\Windows\System\MVFRwSX.exe
  C:\Windows\System\MVFRwSX.exe
  2⤵
  PID:8852
- C:\Windows\System\BTnFVbC.exe
  C:\Windows\System\BTnFVbC.exe
  2⤵
  PID:8868
- C:\Windows\System\HhIVkMw.exe
  C:\Windows\System\HhIVkMw.exe
  2⤵
  PID:8884
- C:\Windows\System\vHgpfqo.exe
  C:\Windows\System\vHgpfqo.exe
  2⤵
  PID:8900
- C:\Windows\System\bxqHguP.exe
  C:\Windows\System\bxqHguP.exe
  2⤵
  PID:8916
- C:\Windows\System\IbZnbSD.exe
  C:\Windows\System\IbZnbSD.exe
  2⤵
  PID:8932
- C:\Windows\System\QLhVuOi.exe
  C:\Windows\System\QLhVuOi.exe
  2⤵
  PID:8948
- C:\Windows\System\ToVfrxS.exe
  C:\Windows\System\ToVfrxS.exe
  2⤵
  PID:8964
- C:\Windows\System\teKykZz.exe
  C:\Windows\System\teKykZz.exe
  2⤵
  PID:8980
- C:\Windows\System\gBWfVbI.exe
  C:\Windows\System\gBWfVbI.exe
  2⤵
  PID:8996
- C:\Windows\System\duJovkO.exe
  C:\Windows\System\duJovkO.exe
  2⤵
  PID:9012
- C:\Windows\System\HXRJVLa.exe
  C:\Windows\System\HXRJVLa.exe
  2⤵
  PID:9028
- C:\Windows\System\XYFhgYc.exe
  C:\Windows\System\XYFhgYc.exe
  2⤵
  PID:9044
- C:\Windows\System\bqzitoc.exe
  C:\Windows\System\bqzitoc.exe
  2⤵
  PID:9060
- C:\Windows\System\kwtzyPt.exe
  C:\Windows\System\kwtzyPt.exe
  2⤵
  PID:9076
- C:\Windows\System\puGCMWG.exe
  C:\Windows\System\puGCMWG.exe
  2⤵
  PID:9092
- C:\Windows\System\HWBwPqK.exe
  C:\Windows\System\HWBwPqK.exe
  2⤵
  PID:9108
- C:\Windows\System\fHTmBgW.exe
  C:\Windows\System\fHTmBgW.exe
  2⤵
  PID:9124
- C:\Windows\System\qgfEdpQ.exe
  C:\Windows\System\qgfEdpQ.exe
  2⤵
  PID:9140
- C:\Windows\System\zwqfuLY.exe
  C:\Windows\System\zwqfuLY.exe
  2⤵
  PID:9156
- C:\Windows\System\LwaOqtF.exe
  C:\Windows\System\LwaOqtF.exe
  2⤵
  PID:9172
- C:\Windows\System\JjtvWmT.exe
  C:\Windows\System\JjtvWmT.exe
  2⤵
  PID:9188
- C:\Windows\System\TaKbYhU.exe
  C:\Windows\System\TaKbYhU.exe
  2⤵
  PID:9204
- C:\Windows\System\DGmrLrO.exe
  C:\Windows\System\DGmrLrO.exe
  2⤵
  PID:6724
- C:\Windows\System\oxUPARC.exe
  C:\Windows\System\oxUPARC.exe
  2⤵
  PID:8200
- C:\Windows\System\rpReima.exe
  C:\Windows\System\rpReima.exe
  2⤵
  PID:8236
- C:\Windows\System\VvkjLKQ.exe
  C:\Windows\System\VvkjLKQ.exe
  2⤵
  PID:8300
- C:\Windows\System\YJYwBzo.exe
  C:\Windows\System\YJYwBzo.exe
  2⤵
  PID:8252
- C:\Windows\System\CBfmghX.exe
  C:\Windows\System\CBfmghX.exe
  2⤵
  PID:7308
- C:\Windows\System\WrOHKLP.exe
  C:\Windows\System\WrOHKLP.exe
  2⤵
  PID:8044
- C:\Windows\System\JbaGOIW.exe
  C:\Windows\System\JbaGOIW.exe
  2⤵
  PID:8284
- C:\Windows\System\ArgFUsC.exe
  C:\Windows\System\ArgFUsC.exe
  2⤵
  PID:8332
- C:\Windows\System\XosgcNI.exe
  C:\Windows\System\XosgcNI.exe
  2⤵
  PID:8348
- C:\Windows\System\vdTxuAP.exe
  C:\Windows\System\vdTxuAP.exe
  2⤵
  PID:8428
- C:\Windows\System\JelLFMT.exe
  C:\Windows\System\JelLFMT.exe
  2⤵
  PID:8488
- C:\Windows\System\epojBIm.exe
  C:\Windows\System\epojBIm.exe
  2⤵
  PID:8524
- C:\Windows\System\uXYPnFc.exe
  C:\Windows\System\uXYPnFc.exe
  2⤵
  PID:8552
- C:\Windows\System\vpeergN.exe
  C:\Windows\System\vpeergN.exe
  2⤵
  PID:8472
- C:\Windows\System\DupETbR.exe
  C:\Windows\System\DupETbR.exe
  2⤵
  PID:8536
- C:\Windows\System\FUTWzBV.exe
  C:\Windows\System\FUTWzBV.exe
  2⤵
  PID:8572
- C:\Windows\System\tPjidLz.exe
  C:\Windows\System\tPjidLz.exe
  2⤵
  PID:8616
- C:\Windows\System\pKeUrmj.exe
  C:\Windows\System\pKeUrmj.exe
  2⤵
  PID:8632
- C:\Windows\System\QJlvsTj.exe
  C:\Windows\System\QJlvsTj.exe
  2⤵
  PID:8712
- C:\Windows\System\eomLQpU.exe
  C:\Windows\System\eomLQpU.exe
  2⤵
  PID:8748
- C:\Windows\System\OuApMtZ.exe
  C:\Windows\System\OuApMtZ.exe
  2⤵
  PID:8780
- C:\Windows\System\QGyQIRM.exe
  C:\Windows\System\QGyQIRM.exe
  2⤵
  PID:8848
- C:\Windows\System\nhyjsVA.exe
  C:\Windows\System\nhyjsVA.exe
  2⤵
  PID:8824
- C:\Windows\System\ZPKhMLT.exe
  C:\Windows\System\ZPKhMLT.exe
  2⤵
  PID:8796
- C:\Windows\System\amtTbvO.exe
  C:\Windows\System\amtTbvO.exe
  2⤵
  PID:8880
- C:\Windows\System\bKtZvkh.exe
  C:\Windows\System\bKtZvkh.exe
  2⤵
  PID:8972
- C:\Windows\System\CsXxvvu.exe
  C:\Windows\System\CsXxvvu.exe
  2⤵
  PID:8892
- C:\Windows\System\GsRzMZt.exe
  C:\Windows\System\GsRzMZt.exe
  2⤵
  PID:8924
- C:\Windows\System\oHwhiCE.exe
  C:\Windows\System\oHwhiCE.exe
  2⤵
  PID:9040
- C:\Windows\System\WBYLrTd.exe
  C:\Windows\System\WBYLrTd.exe
  2⤵
  PID:8992
- C:\Windows\System\wBvqOQC.exe
  C:\Windows\System\wBvqOQC.exe
  2⤵
  PID:9024
- C:\Windows\System\mLUyvzC.exe
  C:\Windows\System\mLUyvzC.exe
  2⤵
  PID:9100
- C:\Windows\System\PAyVEOP.exe
  C:\Windows\System\PAyVEOP.exe
  2⤵
  PID:9164
- C:\Windows\System\ZYpfAgy.exe
  C:\Windows\System\ZYpfAgy.exe
  2⤵
  PID:9148
- C:\Windows\System\ARsKEbw.exe
  C:\Windows\System\ARsKEbw.exe
  2⤵
  PID:9200
- C:\Windows\System\tsELdMP.exe
  C:\Windows\System\tsELdMP.exe
  2⤵
  PID:8268
- C:\Windows\System\rXcoqQf.exe
  C:\Windows\System\rXcoqQf.exe
  2⤵
  PID:6304
- C:\Windows\System\haAhFxz.exe
  C:\Windows\System\haAhFxz.exe
  2⤵
  PID:7208
- C:\Windows\System\LUgcbQo.exe
  C:\Windows\System\LUgcbQo.exe
  2⤵
  PID:6432
- C:\Windows\System\VbnuUPz.exe
  C:\Windows\System\VbnuUPz.exe
  2⤵
  PID:8456
- C:\Windows\System\uOBtLjN.exe
  C:\Windows\System\uOBtLjN.exe
  2⤵
  PID:8444
- C:\Windows\System\GVENPbq.exe
  C:\Windows\System\GVENPbq.exe
  2⤵
  PID:8424
- C:\Windows\System\bWkNsQD.exe
  C:\Windows\System\bWkNsQD.exe
  2⤵
  PID:8584
- C:\Windows\System\YXvYWJR.exe
  C:\Windows\System\YXvYWJR.exe
  2⤵
  PID:8604
- C:\Windows\System\HsqHXvj.exe
  C:\Windows\System\HsqHXvj.exe
  2⤵
  PID:8652
- C:\Windows\System\lxtEGUf.exe
  C:\Windows\System\lxtEGUf.exe
  2⤵
  PID:8700
- C:\Windows\System\XAkPECa.exe
  C:\Windows\System\XAkPECa.exe
  2⤵
  PID:8876
- C:\Windows\System\PJzATYS.exe
  C:\Windows\System\PJzATYS.exe
  2⤵
  PID:9072
- C:\Windows\System\DeYgDal.exe
  C:\Windows\System\DeYgDal.exe
  2⤵
  PID:9136
- C:\Windows\System\ZWXSaZZ.exe
  C:\Windows\System\ZWXSaZZ.exe
  2⤵
  PID:9152
- C:\Windows\System\ErHvdAz.exe
  C:\Windows\System\ErHvdAz.exe
  2⤵
  PID:9116
- C:\Windows\System\wfgzgyX.exe
  C:\Windows\System\wfgzgyX.exe
  2⤵
  PID:8412
- C:\Windows\System\NKDorxs.exe
  C:\Windows\System\NKDorxs.exe
  2⤵
  PID:8860
- C:\Windows\System\OlPmZix.exe
  C:\Windows\System\OlPmZix.exe
  2⤵
  PID:8960
- C:\Windows\System\FiffFHJ.exe
  C:\Windows\System\FiffFHJ.exe
  2⤵
  PID:8944
- C:\Windows\System\NuMrrSk.exe
  C:\Windows\System\NuMrrSk.exe
  2⤵
  PID:8360
- C:\Windows\System\DVgHKFn.exe
  C:\Windows\System\DVgHKFn.exe
  2⤵
  PID:8392
- C:\Windows\System\rZBOwdp.exe
  C:\Windows\System\rZBOwdp.exe
  2⤵
  PID:8764
- C:\Windows\System\fhIVams.exe
  C:\Windows\System\fhIVams.exe
  2⤵
  PID:9132
- C:\Windows\System\TiYhDtZ.exe
  C:\Windows\System\TiYhDtZ.exe
  2⤵
  PID:7728
- C:\Windows\System\sqRegso.exe
  C:\Windows\System\sqRegso.exe
  2⤵
  PID:8520
- C:\Windows\System\zQjYkEs.exe
  C:\Windows\System\zQjYkEs.exe
  2⤵
  PID:8956
- C:\Windows\System\AKuiLRY.exe
  C:\Windows\System\AKuiLRY.exe
  2⤵
  PID:8864
- C:\Windows\System\zIarVvf.exe
  C:\Windows\System\zIarVvf.exe
  2⤵
  PID:7740
- C:\Windows\System\berGTja.exe
  C:\Windows\System\berGTja.exe
  2⤵
  PID:8248
- C:\Windows\System\nrtbdpA.exe
  C:\Windows\System\nrtbdpA.exe
  2⤵
  PID:8492
- C:\Windows\System\SGaxWjk.exe
  C:\Windows\System\SGaxWjk.exe
  2⤵
  PID:9056
- C:\Windows\System\bvrgwzs.exe
  C:\Windows\System\bvrgwzs.exe
  2⤵
  PID:8568
- C:\Windows\System\vsrfJHX.exe
  C:\Windows\System\vsrfJHX.exe
  2⤵
  PID:8156
- C:\Windows\System\aqhtFIa.exe
  C:\Windows\System\aqhtFIa.exe
  2⤵
  PID:9220
- C:\Windows\System\qadUEBH.exe
  C:\Windows\System\qadUEBH.exe
  2⤵
  PID:9236
- C:\Windows\System\bWDbcsU.exe
  C:\Windows\System\bWDbcsU.exe
  2⤵
  PID:9252
- C:\Windows\System\HOOTrvC.exe
  C:\Windows\System\HOOTrvC.exe
  2⤵
  PID:9268
- C:\Windows\System\UYdkAGQ.exe
  C:\Windows\System\UYdkAGQ.exe
  2⤵
  PID:9284
- C:\Windows\System\WRGfvsv.exe
  C:\Windows\System\WRGfvsv.exe
  2⤵
  PID:9300
- C:\Windows\System\HoNKWnh.exe
  C:\Windows\System\HoNKWnh.exe
  2⤵
  PID:9316
- C:\Windows\System\OosXCkp.exe
  C:\Windows\System\OosXCkp.exe
  2⤵
  PID:9332
- C:\Windows\System\vjpNKvZ.exe
  C:\Windows\System\vjpNKvZ.exe
  2⤵
  PID:9348
- C:\Windows\System\qoLCZVO.exe
  C:\Windows\System\qoLCZVO.exe
  2⤵
  PID:9364
- C:\Windows\System\PwutCYt.exe
  C:\Windows\System\PwutCYt.exe
  2⤵
  PID:9380
- C:\Windows\System\niKQRsf.exe
  C:\Windows\System\niKQRsf.exe
  2⤵
  PID:9396
- C:\Windows\System\LOiNebL.exe
  C:\Windows\System\LOiNebL.exe
  2⤵
  PID:9412
- C:\Windows\System\hTKVqcN.exe
  C:\Windows\System\hTKVqcN.exe
  2⤵
  PID:9428
- C:\Windows\System\BRUnGxG.exe
  C:\Windows\System\BRUnGxG.exe
  2⤵
  PID:9444
- C:\Windows\System\RDcSJnQ.exe
  C:\Windows\System\RDcSJnQ.exe
  2⤵
  PID:9460
- C:\Windows\System\rfKdAin.exe
  C:\Windows\System\rfKdAin.exe
  2⤵
  PID:9476
- C:\Windows\System\WKKxiJT.exe
  C:\Windows\System\WKKxiJT.exe
  2⤵
  PID:9492
- C:\Windows\System\QkYOjZy.exe
  C:\Windows\System\QkYOjZy.exe
  2⤵
  PID:9508
- C:\Windows\System\sZQEyfm.exe
  C:\Windows\System\sZQEyfm.exe
  2⤵
  PID:9528
- C:\Windows\System\DdXZTXW.exe
  C:\Windows\System\DdXZTXW.exe
  2⤵
  PID:9544
- C:\Windows\System\Ygkndfd.exe
  C:\Windows\System\Ygkndfd.exe
  2⤵
  PID:9560
- C:\Windows\System\XtnuDrA.exe
  C:\Windows\System\XtnuDrA.exe
  2⤵
  PID:9576
- C:\Windows\System\VFMUJkj.exe
  C:\Windows\System\VFMUJkj.exe
  2⤵
  PID:9592
- C:\Windows\System\OWxzFpy.exe
  C:\Windows\System\OWxzFpy.exe
  2⤵
  PID:9608
- C:\Windows\System\hnfYajC.exe
  C:\Windows\System\hnfYajC.exe
  2⤵
  PID:9624
- C:\Windows\System\YMRIMvn.exe
  C:\Windows\System\YMRIMvn.exe
  2⤵
  PID:9640
- C:\Windows\System\PyJYUQK.exe
  C:\Windows\System\PyJYUQK.exe
  2⤵
  PID:9656
- C:\Windows\System\WtjZtDn.exe
  C:\Windows\System\WtjZtDn.exe
  2⤵
  PID:9672
- C:\Windows\System\vwmOiOk.exe
  C:\Windows\System\vwmOiOk.exe
  2⤵
  PID:9688
- C:\Windows\System\mqGzguc.exe
  C:\Windows\System\mqGzguc.exe
  2⤵
  PID:9704
- C:\Windows\System\FtTCtPm.exe
  C:\Windows\System\FtTCtPm.exe
  2⤵
  PID:9720
- C:\Windows\System\pUkAxWA.exe
  C:\Windows\System\pUkAxWA.exe
  2⤵
  PID:9736
- C:\Windows\System\lSakPlA.exe
  C:\Windows\System\lSakPlA.exe
  2⤵
  PID:9760
- C:\Windows\System\PkqYUVO.exe
  C:\Windows\System\PkqYUVO.exe
  2⤵
  PID:9776
- C:\Windows\System\sAmDZKX.exe
  C:\Windows\System\sAmDZKX.exe
  2⤵
  PID:9796
- C:\Windows\System\batYCQA.exe
  C:\Windows\System\batYCQA.exe
  2⤵
  PID:9816
- C:\Windows\System\pMjConR.exe
  C:\Windows\System\pMjConR.exe
  2⤵
  PID:9840
- C:\Windows\System\OIVNBQq.exe
  C:\Windows\System\OIVNBQq.exe
  2⤵
  PID:9856
- C:\Windows\System\HHPjycq.exe
  C:\Windows\System\HHPjycq.exe
  2⤵
  PID:9872
- C:\Windows\System\Yfaykke.exe
  C:\Windows\System\Yfaykke.exe
  2⤵
  PID:9888
- C:\Windows\System\KjrlrfQ.exe
  C:\Windows\System\KjrlrfQ.exe
  2⤵
  PID:9904
- C:\Windows\System\jdNZEft.exe
  C:\Windows\System\jdNZEft.exe
  2⤵
  PID:9920
- C:\Windows\System\CfpHIzU.exe
  C:\Windows\System\CfpHIzU.exe
  2⤵
  PID:9936
- C:\Windows\System\ZuVQfWl.exe
  C:\Windows\System\ZuVQfWl.exe
  2⤵
  PID:9952
- C:\Windows\System\oakwSiw.exe
  C:\Windows\System\oakwSiw.exe
  2⤵
  PID:9968
- C:\Windows\System\uAVDiDd.exe
  C:\Windows\System\uAVDiDd.exe
  2⤵
  PID:9988
- C:\Windows\System\JyFKvHm.exe
  C:\Windows\System\JyFKvHm.exe
  2⤵
  PID:10052
- C:\Windows\System\lxEBfxu.exe
  C:\Windows\System\lxEBfxu.exe
  2⤵
  PID:10068
- C:\Windows\System\GitXxvw.exe
  C:\Windows\System\GitXxvw.exe
  2⤵
  PID:10084
- C:\Windows\System\LACPmqt.exe
  C:\Windows\System\LACPmqt.exe
  2⤵
  PID:10100
- C:\Windows\System\HwOrBtw.exe
  C:\Windows\System\HwOrBtw.exe
  2⤵
  PID:10116
- C:\Windows\System\jqXSBOj.exe
  C:\Windows\System\jqXSBOj.exe
  2⤵
  PID:10136
- C:\Windows\System\qLiYVKI.exe
  C:\Windows\System\qLiYVKI.exe
  2⤵
  PID:10152
- C:\Windows\System\BVLxEyr.exe
  C:\Windows\System\BVLxEyr.exe
  2⤵
  PID:10168
- C:\Windows\System\RqxMHcg.exe
  C:\Windows\System\RqxMHcg.exe
  2⤵
  PID:10184
- C:\Windows\System\WVLXxoV.exe
  C:\Windows\System\WVLXxoV.exe
  2⤵
  PID:10200
- C:\Windows\System\lMmUryN.exe
  C:\Windows\System\lMmUryN.exe
  2⤵
  PID:10216
- C:\Windows\System\jAKiMXi.exe
  C:\Windows\System\jAKiMXi.exe
  2⤵
  PID:10232
- C:\Windows\System\nTXLYIP.exe
  C:\Windows\System\nTXLYIP.exe
  2⤵
  PID:9260
- C:\Windows\System\SIgzNXU.exe
  C:\Windows\System\SIgzNXU.exe
  2⤵
  PID:8760
- C:\Windows\System\MZbsQzg.exe
  C:\Windows\System\MZbsQzg.exe
  2⤵
  PID:9244
- C:\Windows\System\vxhODxt.exe
  C:\Windows\System\vxhODxt.exe
  2⤵
  PID:9324
- C:\Windows\System\bRXHLyZ.exe
  C:\Windows\System\bRXHLyZ.exe
  2⤵
  PID:9360
- C:\Windows\System\XOylfBt.exe
  C:\Windows\System\XOylfBt.exe
  2⤵
  PID:9312
- C:\Windows\System\WrhGaXi.exe
  C:\Windows\System\WrhGaXi.exe
  2⤵
  PID:9376
- C:\Windows\System\YIKgIwr.exe
  C:\Windows\System\YIKgIwr.exe
  2⤵
  PID:9424
- C:\Windows\System\AQLTVYT.exe
  C:\Windows\System\AQLTVYT.exe
  2⤵
  PID:9520
- C:\Windows\System\MzynwlD.exe
  C:\Windows\System\MzynwlD.exe
  2⤵
  PID:9584
- C:\Windows\System\EJOiIyU.exe
  C:\Windows\System\EJOiIyU.exe
  2⤵
  PID:9616
- C:\Windows\System\RfMwnEF.exe
  C:\Windows\System\RfMwnEF.exe
  2⤵
  PID:9468
- C:\Windows\System\yQxqvsx.exe
  C:\Windows\System\yQxqvsx.exe
  2⤵
  PID:9684
- C:\Windows\System\MCZCzYw.exe
  C:\Windows\System\MCZCzYw.exe
  2⤵
  PID:9504
- C:\Windows\System\bwWvVYZ.exe
  C:\Windows\System\bwWvVYZ.exe
  2⤵
  PID:9572
- C:\Windows\System\QbSsiwf.exe
  C:\Windows\System\QbSsiwf.exe
  2⤵
  PID:9664
- C:\Windows\System\blEkgfI.exe
  C:\Windows\System\blEkgfI.exe
  2⤵
  PID:9700
- C:\Windows\System\NdpFidS.exe
  C:\Windows\System\NdpFidS.exe
  2⤵
  PID:9784
- C:\Windows\System\TZhUHkq.exe
  C:\Windows\System\TZhUHkq.exe
  2⤵
  PID:9768
- C:\Windows\System\JaAGTPQ.exe
  C:\Windows\System\JaAGTPQ.exe
  2⤵
  PID:9828
- C:\Windows\System\GLZiIxR.exe
  C:\Windows\System\GLZiIxR.exe
  2⤵
  PID:9868
- C:\Windows\System\bBxksFy.exe
  C:\Windows\System\bBxksFy.exe
  2⤵
  PID:9928
- C:\Windows\System\kGiuphE.exe
  C:\Windows\System\kGiuphE.exe
  2⤵
  PID:9912
- C:\Windows\System\aEzmLjc.exe
  C:\Windows\System\aEzmLjc.exe
  2⤵
  PID:9916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BeyLOBh.exe

Filesize
6.0MB

MD5
14225b4fd65913a4ccbe950e56d31f1b

SHA1
abd10cbd34cf11cc52a022551705c8d33eb81a82

SHA256
ad2de4a1bc0f7c8460515d6dbd0be60444402f0f6852da752fa3c1383f94295e

SHA512
0b66d3e245b504d97095d36ea9d8843539a0b89ca4a404c893f5a9b26dd4b81fe49dbf9bc4309676e5d3474d70a49ea82e5a879637524170d0668060c46abd7a

Download Submit
C:\Windows\system\DzsBduR.exe

Filesize
6.0MB

MD5
87b37f48d162dbb69a5358533fcdb248

SHA1
299fd60b15c8bff0699a3fce35137836039b3e13

SHA256
31733f881ad090fa7a6d6d37909f25375bc8affe487f182adbc8daef27738a9a

SHA512
cd8b65989611c913a909204e9f60b740e4e3e774c234f7eba697577ee5ae76606e01322c5bd34ecdddfef8966b8b64d77ab573cbaf3d06aa7a227a40039d5327

Download Submit
C:\Windows\system\EZTHpMP.exe

Filesize
6.0MB

MD5
a935944c44296b5d0cb5b43d5dab08c9

SHA1
ac1307f516e9b442f8beab16e66eee5d0aaa4df8

SHA256
c045e6c82a5cfe00fc6390eb2b3b60435d3608d3fecac6d912ee8415ccde4bcf

SHA512
aa48c50cfbe756bafbc7cc84a4180176aca45a7f1ab568773d35653238deae50773eab557f1147b02279a288651994e8d2b4952bb80731de57cea1efc949a151

Download Submit
C:\Windows\system\EhhWoVu.exe

Filesize
6.0MB

MD5
1320447fc15dcd94b3b8e73495d011b9

SHA1
6ba8bb13dc230c0b4314094b9d872cbda1d1a3d1

SHA256
88dcdafc3e178a44d43885776dd1268a670bda9e9c9849f1dec70cabd2dc6caa

SHA512
239e1be3f0858f80f6fff45eea1599d8db0c251e5d943476cb55be65bc34225f6d26f35620b7bf3c89ed85d5bbe4d02fd6852335c472b32b5fc4d5ff79bbcaea

Download Submit
C:\Windows\system\GVnCuUF.exe

Filesize
6.0MB

MD5
0253c80f9132e815ae46add9c90d5d4e

SHA1
09ac8426701ecda3104c75afcff37991b9016b7d

SHA256
04ce1d8bec19f2b2d24480cd3ba3bb80b2bed1251b53683c263a484e502274fa

SHA512
878cb883eaa87afd9494273d6752735831957f0118329a409931b5d7b6b44d004090c887b22a16f39b247c1e40b0c3b2dc5df1266ae35f7587927b35f3c48efe

Download Submit
C:\Windows\system\HNkFiEf.exe

Filesize
6.0MB

MD5
e998ee6d695f2a31d8de10e957a9681f

SHA1
11e139620dd35546e257851e869a95bafb045146

SHA256
07e78dcb783aae3866b97f24af8f6aca417efafe6414cde389962083e36b4d52

SHA512
5e684b546104db712c4bfe56abe9b85a32d1f4443acae178a6b85863ff608263964aad8a33b3e35281c3be053228154d6f70a7de4ee5890fbd9661c8b841a9a3

Download Submit
C:\Windows\system\HSNCVXQ.exe

Filesize
6.0MB

MD5
663315540e0078d42c5c7510c0ec85dd

SHA1
ae8165fd6d691c99fa6878fd7f0e4030b75b36bf

SHA256
00af9fa3c6cbb9e18efb5e5418b1359692dab53231a302f9ddd9258b2f75b22e

SHA512
9bce322311c6f41a4b7bf90d29181c6ea37b8653c556faeebde34bf19607e7c3e22b8f2d10cb2362c702bd5d8854f1c4dc2a4c61d8a4c29bc4f2c0e67df3a11b

Download Submit
C:\Windows\system\KTDvWNJ.exe

Filesize
6.0MB

MD5
ffa17135186203fa54017c9a98ba59d5

SHA1
f9722cd49e632170b2409962366e73b1e341bc90

SHA256
215beb9d4f18485e8150e03c47766451f970ced6bfbeb3d3fbf8e35678e5af12

SHA512
aa88f9a3073fa37913aef6447c7ec7b41e63a6f0eef0e00e443c052c096778dec1d59baf09a7b8e1efee5767a8c92d1b4f73ba9601e0948461cee5a50733a512

Download Submit
C:\Windows\system\MzBSIBY.exe

Filesize
6.0MB

MD5
cb7fe02e219254cc0aa80904fd08a09e

SHA1
4aa28d17fef5c85ddac2d7568b125edd61233d79

SHA256
404d29f31a9cc56ca68a5de6c11cffb026343a3e7bd90d40c89e0582843c1fff

SHA512
e8a028c0d44dcfa4fa38856769498d0440c429d38331891b9a7d826b3b024da151a2f5850afa100b310927894d3c8178c85d44d552faa6f0d7f7ca4af3de23d6

Download Submit
C:\Windows\system\NNiwCYe.exe

Filesize
6.0MB

MD5
66693be02c8dfb4c70574317c24274b5

SHA1
1f8368581faa25223910258f7d070e5e0b9c571a

SHA256
52be3b2f61a56e7d6f10ba5e78d3f69bdf4f5a92568408e121f26038a7abc418

SHA512
12025a79d7df496a01edbd8cde85dca4f5131306072ddcb1e8f0cbbeaed302f8b1b1ace7df58acc21b46ba3ac16941f912e3246e2718314d4a12b64f516fb15f

Download Submit
C:\Windows\system\NYirrSM.exe

Filesize
6.0MB

MD5
be2f40334ab2f05aa485ed46e5c8c5ea

SHA1
ad6ef35f8c6b935438e0aeea512b445759311327

SHA256
db97ad44b0c2394b97a776e2cd91a396335852def15e059cf3955a9ff7c911f6

SHA512
b8f7520c7a9cdabe269b25cc7c117790de78f4adb6f4729e5a0e304dd61200facf74abc1955a7c6987e3a2db1734e05624a4d4625df4e89cd5aa5893f43897e8

Download Submit
C:\Windows\system\RHlRLiH.exe

Filesize
6.0MB

MD5
1e6426e11c6c0233e916046959bc0ff5

SHA1
7c343cccde1ef00aa74b97f0677a45d57a702741

SHA256
10e381a93c9f47af71c9dbd8571cd75ff48a2c98af0d847110e3bbf21f4a66e0

SHA512
e9d983bec97c62ab952f29774a2aa0f8870a83fd6b5ea3c01cf22a84f7c8752199e925128a6b9894f7b6c6387f659bd268ff1e52ff593a51be9dd98d8ea0c861

Download Submit
C:\Windows\system\RmsHwxW.exe

Filesize
6.0MB

MD5
80ad463a8378e542b998bbeb0f5bf962

SHA1
53892bd8ba8fc008e74d672e69d8a43de0ae4b58

SHA256
08e4caeaa4943f7d0f06680c011caa6c0ccd6f75e620fb43842a65b3c4759b90

SHA512
1b7a8a6a794e1339c6c87f0542a285f2d23d6bd3ec0335776d59c4567efe92a4ab6f9d19cf0a1008de9d3661180375f98b6e767a619d787beba8bb7c3f5f86ab

Download Submit
C:\Windows\system\WiKWRTe.exe

Filesize
6.0MB

MD5
9b2323c9600a37b90259a3d378923603

SHA1
31752104f6858a6f090957543dfd3e464be823e3

SHA256
2ea4f75df3cb16bb25807c90c199ddf05cd7ccad32a771d680f0a535a62a7d4e

SHA512
f3e444e4bf2c10b2d0903bf3a6768d1242718911ba7c544e0549f2d895f2368a4794c56e11debe99a3b8d09ad136a6892c7f1e2b2172d59e925080e5355836b1

Download Submit
C:\Windows\system\WvhzoGj.exe

Filesize
6.0MB

MD5
b40133cbeb7a8023b33b7fb4fa475af9

SHA1
1c41add5428f80a864f4d6770d6c2695547c971a

SHA256
492cf90c1d22326a08da9b7664bfa98126ab13e52908bf8ab40d14d3abf60e9e

SHA512
cde20c89220e7794cf6282372ad9e6af09b582130940de2302f9fbc373b69d7f0f91bf72ba3b91de9df81aafe844da5d681f9565c8061a41be55ff5169a707e2

Download Submit
C:\Windows\system\XhnfklQ.exe

Filesize
6.0MB

MD5
a1e3e7dcd3da86b2005b0f342aaac976

SHA1
3d44f8534a4b52ca8c3e739e9abe58389d7c77fc

SHA256
a76b1bcbfbd907d599d1e1c8cc968d5c807fc4d88754e29c614795003ae39cfe

SHA512
a7d9508b4ecb56644d829026f5d1a0abf6d9ccd33e60936f84034d1ef0dc57bcc4eaf4e415f9a4dd44007709d15d5b8541b887b1b6698eed595397c6359ee6b1

Download Submit
C:\Windows\system\fhhJcJz.exe

Filesize
6.0MB

MD5
ac7516147797951dfc7c215ba34a31ba

SHA1
2522f5e5197a97790610f90f943d07269e44f753

SHA256
3e990fd84cf7b8b184a4410f758fd8cf5dfa839a5da8349923ec4ae35dd57d1c

SHA512
7e3d069659d72996c9a224ce44cda0cffea441986004ddab9c03d241c19b0cae9b9fa3f4baf9a7bda3635f986007fb321dd702f867a2725bf3f9a93134724542

Download Submit
C:\Windows\system\gmwiWPS.exe

Filesize
6.0MB

MD5
367b471e159f7a78d6b17b749ac46ee6

SHA1
7d5c023316cf34c54c2f88ae95c611aec1f39fda

SHA256
64d91bf61b76a4aeac84420896cec0f611e909b224414845af367729d344ec67

SHA512
a17e9a3c9cc09eba2c4a1b32f89df9fcf35fbd85eb5cfede9cea13388bd7b62b2d494f202e39746ebe077d3aece58cb668a31e85bb157b71f11706f438171a45

Download Submit
C:\Windows\system\iSFuCus.exe

Filesize
6.0MB

MD5
01c7026024f5173eded8642ba8d8075e

SHA1
b82ea409357dcde4f665f06b62b730b5f05de684

SHA256
453d0e71e8cb400d5a69364bd0d540f5792bfb16950eef769894ce81942b24a8

SHA512
6ea96e368c3b586de8e49a20a8740963a3384851f3781ba162a12e6b75b1e3bf85210127ff67081414a508857f686768d5f4b9d3e4785737c7b6559c33617180

Download Submit
C:\Windows\system\jEUmxqk.exe

Filesize
6.0MB

MD5
02f97c48a6852217dfb2a49e45b96147

SHA1
2d6dafad290123a6d88f8ffd9b159217a6f02a92

SHA256
c41651af2805385784e93d6d99a25006a4f5c6c853f52b191b7dd53788fa4387

SHA512
3398bcbd726b49ddd443e2e81cc3ab3a4e08ed09e11ed5381bf528504d1b729fe8a0fe7236a5138cbdc4c4b000974ffa2ff1a9e44cbb6af305092c9f3ba792a2

Download Submit
C:\Windows\system\jJTWTLg.exe

Filesize
6.0MB

MD5
c986e9b44e80b2b0a9bc72247d6990a0

SHA1
933ee678deda295d8e98ba04015b296817f049f6

SHA256
8bacce84bdba276804dde1bbb82d494ecc11ae45c79628c0067e5161873527ef

SHA512
e51b067ed33b16f7c35a3078a2115370b1270be699fb10812edcb73759c754c9004def6f0a9f3b143768157448070fe1525e199564a6506833fb145f4bd4f45a

Download Submit
C:\Windows\system\nKBXeTt.exe

Filesize
6.0MB

MD5
b7c03db265f09074504bce189ace0b20

SHA1
40cb089e7ac99b2432ae56a3d2436d16fc8aade5

SHA256
1b41377c7fcf2a1570f96d5a9082e4a55c1690a475c62015f2cba1d64eae21b0

SHA512
400ad0702f6f80142ddef160db7cccc320b3460183cc6f0339e1ab01899640ab1654681575afaa67ad8a65d2ab0845dff356a9423a4747d6afb58a618894bcbd

Download Submit
C:\Windows\system\oLXlSgC.exe

Filesize
6.0MB

MD5
7f90033ef2f17039fbda740d4227ebf3

SHA1
9f34a33b2a12b79f3a13f9cfdc0311ea16ee0a7c

SHA256
5ab2bf449b3089fa71c72c4e0934a2f63c94ff02975ea287d0834b9474013af3

SHA512
6783e8721da0a31bd5dc53f1286ff0682a8977529ea2b0b62e21362f322494067024e33ef7cf8eb26c4abe11073c87ea104e202c7fd867c3906f5b936e21d6f0

Download Submit
C:\Windows\system\oUGxvFQ.exe

Filesize
6.0MB

MD5
39ec973deeaacbb3fec9e8d0f8d92c06

SHA1
2499580ca730c8bbf40f4977b956a2aa885b07ca

SHA256
edc008c0752758592f4eaa87476defa236723635f49e4e15dac3b9f0580074d1

SHA512
a6135a25a3df0aafe5823946494b9792e49cd59e75844c666fd2e3baea409c33e18635ee90886abbb2aa32a0a518158d85b8af24d982fc1c4f4e633670d2d5e9

Download Submit
C:\Windows\system\pjNwFIm.exe

Filesize
6.0MB

MD5
866bc55cf14aef05dde379ba5151d684

SHA1
d214243a47449abd972c932870704053e3e57270

SHA256
45a65648131a438f404cfa7d890565dd4af63ad8d57b782022c63d88d1a6cc54

SHA512
a132479a25cf194b8013e5f3f97b15867713c68f39b73a5e9bb8d01c54acd6313b223c08b3e942e042dd1885369c87de5f3765fbfd4b877c6180315b7a98648b

Download Submit
C:\Windows\system\qXYWvhw.exe

Filesize
6.0MB

MD5
bcecfde6aa0d00f86dd7b60c2e4eb4d9

SHA1
7f620c7b7631ee071d993837e1d6318b767c39f1

SHA256
91fda062ce4b9a8a97845f7da3b5ff0f181f62f2120d00b364838cfad0d8e4e3

SHA512
e02244e495a457a3ef889ebe3c649377d2569eb7f6b42bd3ec7c63e828914fc41f3cc0092a4bf4724faa36ac2b422afabcf9e882e98474a1d7d487b4b4ae3cc3

Download Submit
C:\Windows\system\qxsTLEw.exe

Filesize
6.0MB

MD5
6ada712cfd21100c44b1bf7ef209ea4b

SHA1
765bfad62ca220220f2db3eae658cd32e23aecad

SHA256
1bd200c78d1502d69f55499da3a3097b11742e3bcc618715c25079ef33ea43d7

SHA512
05091c42af24ec31a6b96d56cf0b4cb94d87c571ef4dd14503e6feebe857e0114cf31237861fc3b478347e0651471741142814826dd588f2b02870941b8d991c

Download Submit
C:\Windows\system\sEXxPcf.exe

Filesize
6.0MB

MD5
5fb91fe9d60f80cde180b7a5cfbc078f

SHA1
f312d97355fb79a215c0ef3aedb758a45f7d5d94

SHA256
acf2d0298ee5b1265715442a48c588abe83b67bebcc9e3b82155e08c38e137d5

SHA512
7c25fc9325031eda46284287a3f2deee91cc28b94175cebf48072c83484ad9e5b9d8703462398ee760cd4e05b2ab4b61e2d53220bb4cb248067979d14ebe5332

Download Submit
C:\Windows\system\tyIBoFF.exe

Filesize
6.0MB

MD5
dfd687b0fa257e61e2054b06fc79965f

SHA1
f0e7eb7825862b7a69c79d223be24ed2d9670fad

SHA256
12c30e6a34df6c54706086b131e852d18aef21bafd1ec87d4b57d688b79c8130

SHA512
00c08e884ccd1e6de105aa09f4a0bb71c5793de25584741734dc0be840ab35ddb75fc11614de57d183634443b19a4e9bcd47152f0aa3de0d7aa14a1b34d282ba

Download Submit
C:\Windows\system\xyJIGXf.exe

Filesize
6.0MB

MD5
ca8a47ccff10f629e39cdcee2f5ae62d

SHA1
406ee448a8111015c870304694d22ff006155811

SHA256
f4fd4e07d25726fdf317d8408e56438640952fe3a1849ef75529ae56a2207a01

SHA512
06dc2a222df97dc254e6927a25581375b4b0c77a0a15abfbcb79be0b87b72407e2cec421d5c076c1a63e09b80a59e71c850fe45eca128e5c9d538cbf6cfa83ca

Download Submit
\Windows\system\nOOxPxn.exe

Filesize
6.0MB

MD5
f95c5e4c40618ffec437baa910c744f8

SHA1
a38507670a59118c3727be4a468621cf9b224b88

SHA256
1f3e0af1003c6e0b079a051caed913ef96c2c53210348eef4a2aa334c73909cb

SHA512
1de0a52d562bfc3f72c5bfc7ccb97c7d639e34f8ec1da10075bb2442863e9e100d22728f0c9539e72d4c9b4a608413b917a82e6a02a411e9ec5c514b9e4bf405

Download Submit
\Windows\system\wBdbCgX.exe

Filesize
6.0MB

MD5
1c6be6eab4246aa560c03dcc8a864c3b

SHA1
f4fae5772fd191b68a37ad08816434851790a434

SHA256
74c01c7441990416377eb557976d7e220b2c722b6b10bf2da5300ac8831862c8

SHA512
c1a80e86f0d3d8ab0c4bd260c37d66ddf22efedbc33387f1afb70fab560a2f8b5a49c379e4a61443fc4d3e55075901c330676e1d0d03ef8387fd882279a8ea3c

Download Submit
memory/2264-1496-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2264-4072-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2264-4077-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2416-1124-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2416-3481-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2520-1152-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2520-1410-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2520-1502-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2520-1597-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3675-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2520-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2520-0-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2648-4080-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-4069-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-4076-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2660-4031-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2740-4070-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2740-1151-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2752-4073-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1622-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2752-4075-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2760-4074-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2760-1596-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2844-4071-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1403-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2844-4081-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2856-4068-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-4078-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-4067-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2908-4079-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download