cobaltstrike | 4e9681016790ca1cf662effdb3e7a0a4bd5fd3db05ef165a840c45f4503ab1f4

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31-01-2025 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0f801fadb92ed590f199c723a10adc04
SHA1

70a9d1635e7a4c09b7050fa9416a05b61224a86c
SHA256

4e9681016790ca1cf662effdb3e7a0a4bd5fd3db05ef165a840c45f4503ab1f4
SHA512

bc880545a1bc893b94d7f68c24439a42e2a5c8efb6dbb271d490d432d90d5e651bc6843cbf259d708a73e8508ce3bfbf2efb701bb9f363c834044292b5b992d0
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUW:T+q56utgpPF8u/7W

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-6.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001686c-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c73-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c95-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0d-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ce1-26.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174c3-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018696-76.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-115.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-110.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-100.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-80.dat	cobalt_reflective_dll
behavioral1/files/0x0015000000018676-70.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001757f-65.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a6-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-50.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001746a-45.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017403-40.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d47-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2412-0-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-6.dat	xmrig
behavioral1/files/0x000800000001686c-11.dat	xmrig
behavioral1/files/0x0008000000016c73-16.dat	xmrig
behavioral1/files/0x0007000000016c95-21.dat	xmrig
behavioral1/files/0x0007000000016d0d-30.dat	xmrig
behavioral1/files/0x0007000000016ce1-26.dat	xmrig
behavioral1/files/0x00060000000174c3-60.dat	xmrig
behavioral1/files/0x0005000000018696-76.dat	xmrig
behavioral1/files/0x00050000000187a2-85.dat	xmrig
behavioral1/files/0x0005000000019268-150.dat	xmrig
behavioral1/memory/2412-1138-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x0005000000019275-186.dat	xmrig
behavioral1/files/0x000500000001929a-184.dat	xmrig
behavioral1/files/0x0005000000019319-189.dat	xmrig
behavioral1/files/0x0005000000019240-148.dat	xmrig
behavioral1/files/0x0005000000019259-138.dat	xmrig
behavioral1/memory/1944-137-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2708-178-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2600-176-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2712-174-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2412-173-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2640-172-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/3052-170-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2412-169-0x00000000024C0000-0x0000000002814000-memory.dmp	xmrig
behavioral1/memory/2688-168-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/908-166-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2060-164-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2412-163-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/3004-162-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2952-160-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2412-159-0x00000000024C0000-0x0000000002814000-memory.dmp	xmrig
behavioral1/memory/2296-158-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2788-156-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2436-154-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x0005000000019278-153.dat	xmrig
behavioral1/files/0x000500000001926c-141.dat	xmrig
behavioral1/files/0x00050000000191f6-120.dat	xmrig
behavioral1/files/0x0005000000019217-125.dat	xmrig
behavioral1/files/0x00050000000191d2-115.dat	xmrig
behavioral1/files/0x00060000000190e1-110.dat	xmrig
behavioral1/files/0x000600000001904c-105.dat	xmrig
behavioral1/files/0x0006000000018f65-100.dat	xmrig
behavioral1/files/0x0006000000018c44-95.dat	xmrig
behavioral1/files/0x0006000000018c34-90.dat	xmrig
behavioral1/files/0x0005000000018697-80.dat	xmrig
behavioral1/files/0x0015000000018676-70.dat	xmrig
behavioral1/files/0x000600000001757f-65.dat	xmrig
behavioral1/files/0x00060000000174a6-55.dat	xmrig
behavioral1/files/0x0006000000017488-50.dat	xmrig
behavioral1/files/0x000600000001746a-45.dat	xmrig
behavioral1/files/0x0008000000017403-40.dat	xmrig
behavioral1/files/0x0009000000016d47-36.dat	xmrig
behavioral1/memory/2640-3809-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2712-3811-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2952-3812-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2688-3810-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/3052-3821-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/908-3820-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/3004-3819-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2436-3818-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2600-3817-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2708-3816-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2788-3815-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1944	OSeZhXj.exe
2436	SbYwRdp.exe
2788	jUmetqO.exe
2296	JocNiCA.exe
2952	REArPdS.exe
3004	BDEENoM.exe
2060	QDCJxLK.exe
908	xWOYyRN.exe
2688	aTdhalp.exe
3052	wxQVMmZ.exe
2640	IUQVIxw.exe
2712	RjGTnDA.exe
2600	aFUYFek.exe
2708	gtBljif.exe
2896	qWpBUvW.exe
2804	gpalQuo.exe
2236	hQXsWVZ.exe
2560	EKiNCqa.exe
2512	BFmoxTI.exe
2616	AWpjVRU.exe
2692	ILPrrme.exe
1864	IZEuxdN.exe
1532	vfliIuQ.exe
2020	ywLslHS.exe
1652	HSiEBvr.exe
1952	WRcvsEM.exe
1948	WGrXBLG.exe
1632	QUAiBDg.exe
1992	pHeYXtd.exe
1292	GHKfcct.exe
2840	lagPlci.exe
2256	nNxWUBq.exe
2480	pFzIKYE.exe
536	XfEitwl.exe
2264	AJEhTtL.exe
688	kuJlxtA.exe
2744	vZTmTMg.exe
1260	hAXlNzl.exe
1808	jBfmOea.exe
1052	FkZhsjF.exe
1780	uAlbbZT.exe
920	qNxwKcT.exe
2104	YNWZRpX.exe
2812	hiYfDiD.exe
1036	hmsHPpf.exe
2348	OVomyuY.exe
1636	pYjHaat.exe
2112	vzVliSO.exe
2056	gjoOlHf.exe
764	VCrqGRN.exe
2148	ToNcJwi.exe
2372	aOmHbkj.exe
1192	ySryFSe.exe
1728	SIOSafs.exe
2204	ndsoNAl.exe
2904	HCJOTkS.exe
316	qZiOLDQ.exe
3000	zAJNtfT.exe
2996	nGLahbh.exe
2184	ejritNS.exe
2064	FngFYSk.exe
2620	YACizUd.exe
2652	uvpsIDg.exe
2656	ihbnVoV.exe

Loads dropped DLL 64 IoCs

pid	Process
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2412-0-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x0007000000012118-6.dat	upx
behavioral1/files/0x000800000001686c-11.dat	upx
behavioral1/files/0x0008000000016c73-16.dat	upx
behavioral1/files/0x0007000000016c95-21.dat	upx
behavioral1/files/0x0007000000016d0d-30.dat	upx
behavioral1/files/0x0007000000016ce1-26.dat	upx
behavioral1/files/0x00060000000174c3-60.dat	upx
behavioral1/files/0x0005000000018696-76.dat	upx
behavioral1/files/0x00050000000187a2-85.dat	upx
behavioral1/files/0x0005000000019268-150.dat	upx
behavioral1/memory/2412-1138-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x0005000000019275-186.dat	upx
behavioral1/files/0x000500000001929a-184.dat	upx
behavioral1/files/0x0005000000019319-189.dat	upx
behavioral1/files/0x0005000000019240-148.dat	upx
behavioral1/files/0x0005000000019259-138.dat	upx
behavioral1/memory/1944-137-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2708-178-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2600-176-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2712-174-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2640-172-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/3052-170-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2688-168-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/908-166-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2060-164-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/3004-162-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2952-160-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2296-158-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2788-156-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2436-154-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x0005000000019278-153.dat	upx
behavioral1/files/0x000500000001926c-141.dat	upx
behavioral1/files/0x00050000000191f6-120.dat	upx
behavioral1/files/0x0005000000019217-125.dat	upx
behavioral1/files/0x00050000000191d2-115.dat	upx
behavioral1/files/0x00060000000190e1-110.dat	upx
behavioral1/files/0x000600000001904c-105.dat	upx
behavioral1/files/0x0006000000018f65-100.dat	upx
behavioral1/files/0x0006000000018c44-95.dat	upx
behavioral1/files/0x0006000000018c34-90.dat	upx
behavioral1/files/0x0005000000018697-80.dat	upx
behavioral1/files/0x0015000000018676-70.dat	upx
behavioral1/files/0x000600000001757f-65.dat	upx
behavioral1/files/0x00060000000174a6-55.dat	upx
behavioral1/files/0x0006000000017488-50.dat	upx
behavioral1/files/0x000600000001746a-45.dat	upx
behavioral1/files/0x0008000000017403-40.dat	upx
behavioral1/files/0x0009000000016d47-36.dat	upx
behavioral1/memory/2640-3809-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2712-3811-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2952-3812-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2688-3810-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/3052-3821-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/908-3820-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/3004-3819-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2436-3818-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2600-3817-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2708-3816-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2788-3815-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2296-3814-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2060-3813-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/1944-3900-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vxkqtOD.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EUQEVti.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qTgOEPO.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbbsGxH.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vyzwLhN.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GSoTGaT.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tXWAoVJ.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WvmyBML.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GBIZAGi.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GtbGHNW.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lmeBkSQ.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nNxWUBq.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UnnVZLA.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RMTBlMx.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BuvjIMb.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jFIyxMr.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WnoiRAU.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KcvNuHj.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OuoRZYG.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nqUVadz.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IhxmXBt.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wufWNQX.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vIdQVWc.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVooSEv.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PogfkZB.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KyATlsa.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JuZtLdo.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GgiLAJD.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AWpjVRU.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VYgdmAo.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\giikWSE.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IEfDpiM.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oGUjidr.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ihpxTBl.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYCoYqN.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GPRGsBp.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\svzxSry.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DrpYlWF.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGJbGdf.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pQEhxtG.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nuGSRVz.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HtuLlcd.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hgLYuDQ.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cIsEJnD.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxQVMmZ.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvIZIfo.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fCGIMJd.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RlerwLF.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GcjYMUo.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ulIHYQn.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QgaWgZs.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uYjpeAQ.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vheybPa.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CoqFHtJ.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TbAbqxC.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wqiXkzm.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CArTwLB.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnyDLKy.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XSTdPld.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dkrIHTy.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vggcIIh.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mJBwZKh.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SgAWBbI.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HZjkeOB.exe	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 1944	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2412 wrote to memory of 1944	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2412 wrote to memory of 1944	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2412 wrote to memory of 2436	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2412 wrote to memory of 2436	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2412 wrote to memory of 2436	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2412 wrote to memory of 2788	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2412 wrote to memory of 2788	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2412 wrote to memory of 2788	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2412 wrote to memory of 2296	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2412 wrote to memory of 2296	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2412 wrote to memory of 2296	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2412 wrote to memory of 2952	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2412 wrote to memory of 2952	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2412 wrote to memory of 2952	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2412 wrote to memory of 3004	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2412 wrote to memory of 3004	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2412 wrote to memory of 3004	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2412 wrote to memory of 2060	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2412 wrote to memory of 2060	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2412 wrote to memory of 2060	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2412 wrote to memory of 908	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2412 wrote to memory of 908	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2412 wrote to memory of 908	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2412 wrote to memory of 2688	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2412 wrote to memory of 2688	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2412 wrote to memory of 2688	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2412 wrote to memory of 3052	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2412 wrote to memory of 3052	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2412 wrote to memory of 3052	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2412 wrote to memory of 2640	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2412 wrote to memory of 2640	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2412 wrote to memory of 2640	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2412 wrote to memory of 2712	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2412 wrote to memory of 2712	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2412 wrote to memory of 2712	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2412 wrote to memory of 2600	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2412 wrote to memory of 2600	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2412 wrote to memory of 2600	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2412 wrote to memory of 2708	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2412 wrote to memory of 2708	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2412 wrote to memory of 2708	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2412 wrote to memory of 2896	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2412 wrote to memory of 2896	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2412 wrote to memory of 2896	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2412 wrote to memory of 2804	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2412 wrote to memory of 2804	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2412 wrote to memory of 2804	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2412 wrote to memory of 2236	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2412 wrote to memory of 2236	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2412 wrote to memory of 2236	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2412 wrote to memory of 2560	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2412 wrote to memory of 2560	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2412 wrote to memory of 2560	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2412 wrote to memory of 2512	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2412 wrote to memory of 2512	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2412 wrote to memory of 2512	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2412 wrote to memory of 2616	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2412 wrote to memory of 2616	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2412 wrote to memory of 2616	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2412 wrote to memory of 2692	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2412 wrote to memory of 2692	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2412 wrote to memory of 2692	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2412 wrote to memory of 1864	2412	2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_0f801fadb92ed590f199c723a10adc04_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Windows\System\OSeZhXj.exe
  C:\Windows\System\OSeZhXj.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\SbYwRdp.exe
  C:\Windows\System\SbYwRdp.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\jUmetqO.exe
  C:\Windows\System\jUmetqO.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\JocNiCA.exe
  C:\Windows\System\JocNiCA.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\REArPdS.exe
  C:\Windows\System\REArPdS.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\BDEENoM.exe
  C:\Windows\System\BDEENoM.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\QDCJxLK.exe
  C:\Windows\System\QDCJxLK.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\xWOYyRN.exe
  C:\Windows\System\xWOYyRN.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\aTdhalp.exe
  C:\Windows\System\aTdhalp.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\wxQVMmZ.exe
  C:\Windows\System\wxQVMmZ.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\IUQVIxw.exe
  C:\Windows\System\IUQVIxw.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\RjGTnDA.exe
  C:\Windows\System\RjGTnDA.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\aFUYFek.exe
  C:\Windows\System\aFUYFek.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\gtBljif.exe
  C:\Windows\System\gtBljif.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\qWpBUvW.exe
  C:\Windows\System\qWpBUvW.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\gpalQuo.exe
  C:\Windows\System\gpalQuo.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\hQXsWVZ.exe
  C:\Windows\System\hQXsWVZ.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\EKiNCqa.exe
  C:\Windows\System\EKiNCqa.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\BFmoxTI.exe
  C:\Windows\System\BFmoxTI.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\AWpjVRU.exe
  C:\Windows\System\AWpjVRU.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\ILPrrme.exe
  C:\Windows\System\ILPrrme.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\IZEuxdN.exe
  C:\Windows\System\IZEuxdN.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\vfliIuQ.exe
  C:\Windows\System\vfliIuQ.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\ywLslHS.exe
  C:\Windows\System\ywLslHS.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\HSiEBvr.exe
  C:\Windows\System\HSiEBvr.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\QUAiBDg.exe
  C:\Windows\System\QUAiBDg.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\WRcvsEM.exe
  C:\Windows\System\WRcvsEM.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\pHeYXtd.exe
  C:\Windows\System\pHeYXtd.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\WGrXBLG.exe
  C:\Windows\System\WGrXBLG.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\lagPlci.exe
  C:\Windows\System\lagPlci.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\GHKfcct.exe
  C:\Windows\System\GHKfcct.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\pFzIKYE.exe
  C:\Windows\System\pFzIKYE.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\nNxWUBq.exe
  C:\Windows\System\nNxWUBq.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\XfEitwl.exe
  C:\Windows\System\XfEitwl.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\AJEhTtL.exe
  C:\Windows\System\AJEhTtL.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\kuJlxtA.exe
  C:\Windows\System\kuJlxtA.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\vZTmTMg.exe
  C:\Windows\System\vZTmTMg.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\hAXlNzl.exe
  C:\Windows\System\hAXlNzl.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\jBfmOea.exe
  C:\Windows\System\jBfmOea.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\uAlbbZT.exe
  C:\Windows\System\uAlbbZT.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\FkZhsjF.exe
  C:\Windows\System\FkZhsjF.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\YNWZRpX.exe
  C:\Windows\System\YNWZRpX.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\qNxwKcT.exe
  C:\Windows\System\qNxwKcT.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\hiYfDiD.exe
  C:\Windows\System\hiYfDiD.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\hmsHPpf.exe
  C:\Windows\System\hmsHPpf.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\OVomyuY.exe
  C:\Windows\System\OVomyuY.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\pYjHaat.exe
  C:\Windows\System\pYjHaat.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\vzVliSO.exe
  C:\Windows\System\vzVliSO.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\gjoOlHf.exe
  C:\Windows\System\gjoOlHf.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\VCrqGRN.exe
  C:\Windows\System\VCrqGRN.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\ToNcJwi.exe
  C:\Windows\System\ToNcJwi.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\ySryFSe.exe
  C:\Windows\System\ySryFSe.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\aOmHbkj.exe
  C:\Windows\System\aOmHbkj.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\ndsoNAl.exe
  C:\Windows\System\ndsoNAl.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\SIOSafs.exe
  C:\Windows\System\SIOSafs.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\qZiOLDQ.exe
  C:\Windows\System\qZiOLDQ.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\HCJOTkS.exe
  C:\Windows\System\HCJOTkS.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\zAJNtfT.exe
  C:\Windows\System\zAJNtfT.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\nGLahbh.exe
  C:\Windows\System\nGLahbh.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\ejritNS.exe
  C:\Windows\System\ejritNS.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\FngFYSk.exe
  C:\Windows\System\FngFYSk.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\uvpsIDg.exe
  C:\Windows\System\uvpsIDg.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\YACizUd.exe
  C:\Windows\System\YACizUd.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\MopJFbU.exe
  C:\Windows\System\MopJFbU.exe
  2⤵
  PID:2764
- C:\Windows\System\ihbnVoV.exe
  C:\Windows\System\ihbnVoV.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\KpKbThp.exe
  C:\Windows\System\KpKbThp.exe
  2⤵
  PID:2544
- C:\Windows\System\BXbBTFD.exe
  C:\Windows\System\BXbBTFD.exe
  2⤵
  PID:2540
- C:\Windows\System\tNgsQiZ.exe
  C:\Windows\System\tNgsQiZ.exe
  2⤵
  PID:1296
- C:\Windows\System\yXqTJMx.exe
  C:\Windows\System\yXqTJMx.exe
  2⤵
  PID:1276
- C:\Windows\System\EBJOnny.exe
  C:\Windows\System\EBJOnny.exe
  2⤵
  PID:2972
- C:\Windows\System\kGFSwEV.exe
  C:\Windows\System\kGFSwEV.exe
  2⤵
  PID:2792
- C:\Windows\System\VoEUxBr.exe
  C:\Windows\System\VoEUxBr.exe
  2⤵
  PID:1744
- C:\Windows\System\vBNhJaf.exe
  C:\Windows\System\vBNhJaf.exe
  2⤵
  PID:1988
- C:\Windows\System\ajTGyuF.exe
  C:\Windows\System\ajTGyuF.exe
  2⤵
  PID:2732
- C:\Windows\System\IteninV.exe
  C:\Windows\System\IteninV.exe
  2⤵
  PID:380
- C:\Windows\System\GtfODJW.exe
  C:\Windows\System\GtfODJW.exe
  2⤵
  PID:1388
- C:\Windows\System\whJOxCZ.exe
  C:\Windows\System\whJOxCZ.exe
  2⤵
  PID:1692
- C:\Windows\System\PiKNGjw.exe
  C:\Windows\System\PiKNGjw.exe
  2⤵
  PID:1320
- C:\Windows\System\ZTKCURL.exe
  C:\Windows\System\ZTKCURL.exe
  2⤵
  PID:968
- C:\Windows\System\kSuacxU.exe
  C:\Windows\System\kSuacxU.exe
  2⤵
  PID:1916
- C:\Windows\System\owFGIjp.exe
  C:\Windows\System\owFGIjp.exe
  2⤵
  PID:2336
- C:\Windows\System\SWXBkMb.exe
  C:\Windows\System\SWXBkMb.exe
  2⤵
  PID:340
- C:\Windows\System\zJvOeUE.exe
  C:\Windows\System\zJvOeUE.exe
  2⤵
  PID:2928
- C:\Windows\System\dPuhjJG.exe
  C:\Windows\System\dPuhjJG.exe
  2⤵
  PID:2152
- C:\Windows\System\aYPjLLZ.exe
  C:\Windows\System\aYPjLLZ.exe
  2⤵
  PID:2156
- C:\Windows\System\qodoBap.exe
  C:\Windows\System\qodoBap.exe
  2⤵
  PID:900
- C:\Windows\System\IJTEKhS.exe
  C:\Windows\System\IJTEKhS.exe
  2⤵
  PID:3024
- C:\Windows\System\IsXNQxJ.exe
  C:\Windows\System\IsXNQxJ.exe
  2⤵
  PID:388
- C:\Windows\System\NiiWEuF.exe
  C:\Windows\System\NiiWEuF.exe
  2⤵
  PID:1312
- C:\Windows\System\acWEwOK.exe
  C:\Windows\System\acWEwOK.exe
  2⤵
  PID:2432
- C:\Windows\System\edVzvgi.exe
  C:\Windows\System\edVzvgi.exe
  2⤵
  PID:284
- C:\Windows\System\TwTliKC.exe
  C:\Windows\System\TwTliKC.exe
  2⤵
  PID:3008
- C:\Windows\System\enfuRZE.exe
  C:\Windows\System\enfuRZE.exe
  2⤵
  PID:2772
- C:\Windows\System\tlbEbxf.exe
  C:\Windows\System\tlbEbxf.exe
  2⤵
  PID:2748
- C:\Windows\System\tpchuNV.exe
  C:\Windows\System\tpchuNV.exe
  2⤵
  PID:2760
- C:\Windows\System\aDYWCSb.exe
  C:\Windows\System\aDYWCSb.exe
  2⤵
  PID:2572
- C:\Windows\System\coMbPge.exe
  C:\Windows\System\coMbPge.exe
  2⤵
  PID:1804
- C:\Windows\System\hDVRCDU.exe
  C:\Windows\System\hDVRCDU.exe
  2⤵
  PID:2040
- C:\Windows\System\AvIZIfo.exe
  C:\Windows\System\AvIZIfo.exe
  2⤵
  PID:924
- C:\Windows\System\ldKjwcE.exe
  C:\Windows\System\ldKjwcE.exe
  2⤵
  PID:1628
- C:\Windows\System\kViAFIh.exe
  C:\Windows\System\kViAFIh.exe
  2⤵
  PID:1620
- C:\Windows\System\RPmLNoF.exe
  C:\Windows\System\RPmLNoF.exe
  2⤵
  PID:3084
- C:\Windows\System\aXUIied.exe
  C:\Windows\System\aXUIied.exe
  2⤵
  PID:3100
- C:\Windows\System\YzBAFUZ.exe
  C:\Windows\System\YzBAFUZ.exe
  2⤵
  PID:3116
- C:\Windows\System\ZEcCcPw.exe
  C:\Windows\System\ZEcCcPw.exe
  2⤵
  PID:3132
- C:\Windows\System\XGmkoKN.exe
  C:\Windows\System\XGmkoKN.exe
  2⤵
  PID:3148
- C:\Windows\System\HVLFQmt.exe
  C:\Windows\System\HVLFQmt.exe
  2⤵
  PID:3164
- C:\Windows\System\VkMUPMZ.exe
  C:\Windows\System\VkMUPMZ.exe
  2⤵
  PID:3184
- C:\Windows\System\lwMFywg.exe
  C:\Windows\System\lwMFywg.exe
  2⤵
  PID:3216
- C:\Windows\System\AANnJnH.exe
  C:\Windows\System\AANnJnH.exe
  2⤵
  PID:3236
- C:\Windows\System\RlerwLF.exe
  C:\Windows\System\RlerwLF.exe
  2⤵
  PID:3260
- C:\Windows\System\bXVYbLP.exe
  C:\Windows\System\bXVYbLP.exe
  2⤵
  PID:3280
- C:\Windows\System\dYzAmXi.exe
  C:\Windows\System\dYzAmXi.exe
  2⤵
  PID:3304
- C:\Windows\System\lkCmMzu.exe
  C:\Windows\System\lkCmMzu.exe
  2⤵
  PID:3328
- C:\Windows\System\bdFvlvZ.exe
  C:\Windows\System\bdFvlvZ.exe
  2⤵
  PID:3344
- C:\Windows\System\tXyXUUe.exe
  C:\Windows\System\tXyXUUe.exe
  2⤵
  PID:3364
- C:\Windows\System\oXitoVD.exe
  C:\Windows\System\oXitoVD.exe
  2⤵
  PID:3384
- C:\Windows\System\eNfurrs.exe
  C:\Windows\System\eNfurrs.exe
  2⤵
  PID:3404
- C:\Windows\System\NEEuAqD.exe
  C:\Windows\System\NEEuAqD.exe
  2⤵
  PID:3432
- C:\Windows\System\GztItdv.exe
  C:\Windows\System\GztItdv.exe
  2⤵
  PID:3460
- C:\Windows\System\gdANdQs.exe
  C:\Windows\System\gdANdQs.exe
  2⤵
  PID:3476
- C:\Windows\System\VMfOevn.exe
  C:\Windows\System\VMfOevn.exe
  2⤵
  PID:3496
- C:\Windows\System\rtcFFwN.exe
  C:\Windows\System\rtcFFwN.exe
  2⤵
  PID:3516
- C:\Windows\System\HSclwRM.exe
  C:\Windows\System\HSclwRM.exe
  2⤵
  PID:3532
- C:\Windows\System\baiErXS.exe
  C:\Windows\System\baiErXS.exe
  2⤵
  PID:3552
- C:\Windows\System\NRvLffe.exe
  C:\Windows\System\NRvLffe.exe
  2⤵
  PID:3576
- C:\Windows\System\obpEDOr.exe
  C:\Windows\System\obpEDOr.exe
  2⤵
  PID:3596
- C:\Windows\System\ZGntmlZ.exe
  C:\Windows\System\ZGntmlZ.exe
  2⤵
  PID:3620
- C:\Windows\System\QYMrasU.exe
  C:\Windows\System\QYMrasU.exe
  2⤵
  PID:3636
- C:\Windows\System\GOpHjis.exe
  C:\Windows\System\GOpHjis.exe
  2⤵
  PID:3660
- C:\Windows\System\MzBFIbY.exe
  C:\Windows\System\MzBFIbY.exe
  2⤵
  PID:3680
- C:\Windows\System\zcqimXU.exe
  C:\Windows\System\zcqimXU.exe
  2⤵
  PID:3700
- C:\Windows\System\rGGsYlP.exe
  C:\Windows\System\rGGsYlP.exe
  2⤵
  PID:3716
- C:\Windows\System\sVubFex.exe
  C:\Windows\System\sVubFex.exe
  2⤵
  PID:3740
- C:\Windows\System\OYClvUh.exe
  C:\Windows\System\OYClvUh.exe
  2⤵
  PID:3756
- C:\Windows\System\RiKpOzU.exe
  C:\Windows\System\RiKpOzU.exe
  2⤵
  PID:3780
- C:\Windows\System\XUPQUKH.exe
  C:\Windows\System\XUPQUKH.exe
  2⤵
  PID:3800
- C:\Windows\System\xcnPWIF.exe
  C:\Windows\System\xcnPWIF.exe
  2⤵
  PID:3820
- C:\Windows\System\ZOkqqZh.exe
  C:\Windows\System\ZOkqqZh.exe
  2⤵
  PID:3840
- C:\Windows\System\hVCZHPh.exe
  C:\Windows\System\hVCZHPh.exe
  2⤵
  PID:3860
- C:\Windows\System\fkAUfba.exe
  C:\Windows\System\fkAUfba.exe
  2⤵
  PID:3880
- C:\Windows\System\UUXbKdT.exe
  C:\Windows\System\UUXbKdT.exe
  2⤵
  PID:3900
- C:\Windows\System\mKjSETu.exe
  C:\Windows\System\mKjSETu.exe
  2⤵
  PID:3920
- C:\Windows\System\oLfHDLT.exe
  C:\Windows\System\oLfHDLT.exe
  2⤵
  PID:3940
- C:\Windows\System\WFBbPSm.exe
  C:\Windows\System\WFBbPSm.exe
  2⤵
  PID:3960
- C:\Windows\System\sJAKtEf.exe
  C:\Windows\System\sJAKtEf.exe
  2⤵
  PID:3980
- C:\Windows\System\OFexFFj.exe
  C:\Windows\System\OFexFFj.exe
  2⤵
  PID:4000
- C:\Windows\System\VufSFuJ.exe
  C:\Windows\System\VufSFuJ.exe
  2⤵
  PID:4020
- C:\Windows\System\QbbsGxH.exe
  C:\Windows\System\QbbsGxH.exe
  2⤵
  PID:4036
- C:\Windows\System\OhVFJrS.exe
  C:\Windows\System\OhVFJrS.exe
  2⤵
  PID:4056
- C:\Windows\System\WRpwsQZ.exe
  C:\Windows\System\WRpwsQZ.exe
  2⤵
  PID:4076
- C:\Windows\System\KbUXWKU.exe
  C:\Windows\System\KbUXWKU.exe
  2⤵
  PID:1676
- C:\Windows\System\NYJDGdY.exe
  C:\Windows\System\NYJDGdY.exe
  2⤵
  PID:1288
- C:\Windows\System\kYFMuTj.exe
  C:\Windows\System\kYFMuTj.exe
  2⤵
  PID:2144
- C:\Windows\System\FsWEIzA.exe
  C:\Windows\System\FsWEIzA.exe
  2⤵
  PID:1688
- C:\Windows\System\HyUmVqg.exe
  C:\Windows\System\HyUmVqg.exe
  2⤵
  PID:1512
- C:\Windows\System\zZoxLVi.exe
  C:\Windows\System\zZoxLVi.exe
  2⤵
  PID:2956
- C:\Windows\System\WVlYGFN.exe
  C:\Windows\System\WVlYGFN.exe
  2⤵
  PID:1612
- C:\Windows\System\yZEOJBe.exe
  C:\Windows\System\yZEOJBe.exe
  2⤵
  PID:2188
- C:\Windows\System\ThXjING.exe
  C:\Windows\System\ThXjING.exe
  2⤵
  PID:2340
- C:\Windows\System\DBDmyeH.exe
  C:\Windows\System\DBDmyeH.exe
  2⤵
  PID:3068
- C:\Windows\System\HybBxHn.exe
  C:\Windows\System\HybBxHn.exe
  2⤵
  PID:2508
- C:\Windows\System\gIkdXIv.exe
  C:\Windows\System\gIkdXIv.exe
  2⤵
  PID:2324
- C:\Windows\System\YYicUeh.exe
  C:\Windows\System\YYicUeh.exe
  2⤵
  PID:1724
- C:\Windows\System\lPiyleA.exe
  C:\Windows\System\lPiyleA.exe
  2⤵
  PID:580
- C:\Windows\System\mDcSCha.exe
  C:\Windows\System\mDcSCha.exe
  2⤵
  PID:3044
- C:\Windows\System\DrpYlWF.exe
  C:\Windows\System\DrpYlWF.exe
  2⤵
  PID:2880
- C:\Windows\System\Ovfxlda.exe
  C:\Windows\System\Ovfxlda.exe
  2⤵
  PID:3144
- C:\Windows\System\wSWrDPI.exe
  C:\Windows\System\wSWrDPI.exe
  2⤵
  PID:3276
- C:\Windows\System\mjLDVcW.exe
  C:\Windows\System\mjLDVcW.exe
  2⤵
  PID:3124
- C:\Windows\System\nuGSRVz.exe
  C:\Windows\System\nuGSRVz.exe
  2⤵
  PID:3320
- C:\Windows\System\vyzwLhN.exe
  C:\Windows\System\vyzwLhN.exe
  2⤵
  PID:3200
- C:\Windows\System\hBVfzwM.exe
  C:\Windows\System\hBVfzwM.exe
  2⤵
  PID:3356
- C:\Windows\System\URWDhli.exe
  C:\Windows\System\URWDhli.exe
  2⤵
  PID:3256
- C:\Windows\System\ARNTXGO.exe
  C:\Windows\System\ARNTXGO.exe
  2⤵
  PID:3300
- C:\Windows\System\cEnsHhw.exe
  C:\Windows\System\cEnsHhw.exe
  2⤵
  PID:3416
- C:\Windows\System\wyxbbgB.exe
  C:\Windows\System\wyxbbgB.exe
  2⤵
  PID:3340
- C:\Windows\System\pNOArhp.exe
  C:\Windows\System\pNOArhp.exe
  2⤵
  PID:3424
- C:\Windows\System\DXWWbLw.exe
  C:\Windows\System\DXWWbLw.exe
  2⤵
  PID:3468
- C:\Windows\System\ZOwXYCr.exe
  C:\Windows\System\ZOwXYCr.exe
  2⤵
  PID:3512
- C:\Windows\System\WSzEkkT.exe
  C:\Windows\System\WSzEkkT.exe
  2⤵
  PID:3568
- C:\Windows\System\rvYuKSQ.exe
  C:\Windows\System\rvYuKSQ.exe
  2⤵
  PID:3540
- C:\Windows\System\KPmsrVm.exe
  C:\Windows\System\KPmsrVm.exe
  2⤵
  PID:3592
- C:\Windows\System\WMNuKUx.exe
  C:\Windows\System\WMNuKUx.exe
  2⤵
  PID:3632
- C:\Windows\System\YmPXwvE.exe
  C:\Windows\System\YmPXwvE.exe
  2⤵
  PID:3692
- C:\Windows\System\jMbYkcG.exe
  C:\Windows\System\jMbYkcG.exe
  2⤵
  PID:3736
- C:\Windows\System\KdbJEvQ.exe
  C:\Windows\System\KdbJEvQ.exe
  2⤵
  PID:3772
- C:\Windows\System\GLobfGi.exe
  C:\Windows\System\GLobfGi.exe
  2⤵
  PID:3856
- C:\Windows\System\RZOswZH.exe
  C:\Windows\System\RZOswZH.exe
  2⤵
  PID:3928
- C:\Windows\System\NJIcyLE.exe
  C:\Windows\System\NJIcyLE.exe
  2⤵
  PID:3752
- C:\Windows\System\eUXYDgj.exe
  C:\Windows\System\eUXYDgj.exe
  2⤵
  PID:3976
- C:\Windows\System\KsGdxFK.exe
  C:\Windows\System\KsGdxFK.exe
  2⤵
  PID:3876
- C:\Windows\System\YmkFbJk.exe
  C:\Windows\System\YmkFbJk.exe
  2⤵
  PID:4008
- C:\Windows\System\uviouZe.exe
  C:\Windows\System\uviouZe.exe
  2⤵
  PID:4048
- C:\Windows\System\WyRmiGT.exe
  C:\Windows\System\WyRmiGT.exe
  2⤵
  PID:4088
- C:\Windows\System\oNcjoLz.exe
  C:\Windows\System\oNcjoLz.exe
  2⤵
  PID:3912
- C:\Windows\System\IRmNJIE.exe
  C:\Windows\System\IRmNJIE.exe
  2⤵
  PID:3988
- C:\Windows\System\nGJarJd.exe
  C:\Windows\System\nGJarJd.exe
  2⤵
  PID:1580
- C:\Windows\System\iWmSTgK.exe
  C:\Windows\System\iWmSTgK.exe
  2⤵
  PID:4072
- C:\Windows\System\xzSPuvt.exe
  C:\Windows\System\xzSPuvt.exe
  2⤵
  PID:2724
- C:\Windows\System\FBRSQiI.exe
  C:\Windows\System\FBRSQiI.exe
  2⤵
  PID:2208
- C:\Windows\System\UdAZITL.exe
  C:\Windows\System\UdAZITL.exe
  2⤵
  PID:1100
- C:\Windows\System\GSAlgio.exe
  C:\Windows\System\GSAlgio.exe
  2⤵
  PID:1152
- C:\Windows\System\OPtOvEt.exe
  C:\Windows\System\OPtOvEt.exe
  2⤵
  PID:2872
- C:\Windows\System\RPAreSi.exe
  C:\Windows\System\RPAreSi.exe
  2⤵
  PID:2428
- C:\Windows\System\AsoMzST.exe
  C:\Windows\System\AsoMzST.exe
  2⤵
  PID:2976
- C:\Windows\System\WKXVkty.exe
  C:\Windows\System\WKXVkty.exe
  2⤵
  PID:1384
- C:\Windows\System\pbyWwOm.exe
  C:\Windows\System\pbyWwOm.exe
  2⤵
  PID:2752
- C:\Windows\System\ywlGygE.exe
  C:\Windows\System\ywlGygE.exe
  2⤵
  PID:3196
- C:\Windows\System\uIHUgSu.exe
  C:\Windows\System\uIHUgSu.exe
  2⤵
  PID:3380
- C:\Windows\System\sTltSlZ.exe
  C:\Windows\System\sTltSlZ.exe
  2⤵
  PID:3420
- C:\Windows\System\ziCJeVZ.exe
  C:\Windows\System\ziCJeVZ.exe
  2⤵
  PID:3212
- C:\Windows\System\mvZJrlj.exe
  C:\Windows\System\mvZJrlj.exe
  2⤵
  PID:3484
- C:\Windows\System\UEkJxDZ.exe
  C:\Windows\System\UEkJxDZ.exe
  2⤵
  PID:3472
- C:\Windows\System\eiKcLHG.exe
  C:\Windows\System\eiKcLHG.exe
  2⤵
  PID:3644
- C:\Windows\System\YCCNiAN.exe
  C:\Windows\System\YCCNiAN.exe
  2⤵
  PID:3608
- C:\Windows\System\AjrmNMI.exe
  C:\Windows\System\AjrmNMI.exe
  2⤵
  PID:3724
- C:\Windows\System\msmcaqb.exe
  C:\Windows\System\msmcaqb.exe
  2⤵
  PID:3932
- C:\Windows\System\FLxOcjd.exe
  C:\Windows\System\FLxOcjd.exe
  2⤵
  PID:3768
- C:\Windows\System\ASTYkXP.exe
  C:\Windows\System\ASTYkXP.exe
  2⤵
  PID:3836
- C:\Windows\System\DlatbeG.exe
  C:\Windows\System\DlatbeG.exe
  2⤵
  PID:4012
- C:\Windows\System\WfmLuBQ.exe
  C:\Windows\System\WfmLuBQ.exe
  2⤵
  PID:3796
- C:\Windows\System\lXstfQd.exe
  C:\Windows\System\lXstfQd.exe
  2⤵
  PID:3868
- C:\Windows\System\NeqWFlk.exe
  C:\Windows\System\NeqWFlk.exe
  2⤵
  PID:4092
- C:\Windows\System\obokBsu.exe
  C:\Windows\System\obokBsu.exe
  2⤵
  PID:4068
- C:\Windows\System\yBWCKdV.exe
  C:\Windows\System\yBWCKdV.exe
  2⤵
  PID:1700
- C:\Windows\System\FpWqdym.exe
  C:\Windows\System\FpWqdym.exe
  2⤵
  PID:2036
- C:\Windows\System\eiJcwgz.exe
  C:\Windows\System\eiJcwgz.exe
  2⤵
  PID:716
- C:\Windows\System\jyzOMZr.exe
  C:\Windows\System\jyzOMZr.exe
  2⤵
  PID:3080
- C:\Windows\System\qxxRKpl.exe
  C:\Windows\System\qxxRKpl.exe
  2⤵
  PID:2668
- C:\Windows\System\CdpPpqj.exe
  C:\Windows\System\CdpPpqj.exe
  2⤵
  PID:1092
- C:\Windows\System\UipKMvi.exe
  C:\Windows\System\UipKMvi.exe
  2⤵
  PID:3248
- C:\Windows\System\tqvarLK.exe
  C:\Windows\System\tqvarLK.exe
  2⤵
  PID:3352
- C:\Windows\System\YoEnAAC.exe
  C:\Windows\System\YoEnAAC.exe
  2⤵
  PID:3528
- C:\Windows\System\cGSgQjn.exe
  C:\Windows\System\cGSgQjn.exe
  2⤵
  PID:3648
- C:\Windows\System\rPFzPOB.exe
  C:\Windows\System\rPFzPOB.exe
  2⤵
  PID:3712
- C:\Windows\System\GSoTGaT.exe
  C:\Windows\System\GSoTGaT.exe
  2⤵
  PID:4100
- C:\Windows\System\XQNmGuK.exe
  C:\Windows\System\XQNmGuK.exe
  2⤵
  PID:4120
- C:\Windows\System\QiyNJyV.exe
  C:\Windows\System\QiyNJyV.exe
  2⤵
  PID:4140
- C:\Windows\System\YoCUdVk.exe
  C:\Windows\System\YoCUdVk.exe
  2⤵
  PID:4160
- C:\Windows\System\hFCaIXi.exe
  C:\Windows\System\hFCaIXi.exe
  2⤵
  PID:4180
- C:\Windows\System\mWTSRtc.exe
  C:\Windows\System\mWTSRtc.exe
  2⤵
  PID:4200
- C:\Windows\System\kDUCnWJ.exe
  C:\Windows\System\kDUCnWJ.exe
  2⤵
  PID:4220
- C:\Windows\System\kzFVAoy.exe
  C:\Windows\System\kzFVAoy.exe
  2⤵
  PID:4244
- C:\Windows\System\UepbmRF.exe
  C:\Windows\System\UepbmRF.exe
  2⤵
  PID:4260
- C:\Windows\System\ufxdQwx.exe
  C:\Windows\System\ufxdQwx.exe
  2⤵
  PID:4280
- C:\Windows\System\KrXwNjr.exe
  C:\Windows\System\KrXwNjr.exe
  2⤵
  PID:4300
- C:\Windows\System\XphdlhK.exe
  C:\Windows\System\XphdlhK.exe
  2⤵
  PID:4324
- C:\Windows\System\hwBoKBJ.exe
  C:\Windows\System\hwBoKBJ.exe
  2⤵
  PID:4340
- C:\Windows\System\ZnoCFoj.exe
  C:\Windows\System\ZnoCFoj.exe
  2⤵
  PID:4364
- C:\Windows\System\eEiUcIW.exe
  C:\Windows\System\eEiUcIW.exe
  2⤵
  PID:4384
- C:\Windows\System\DGPLWNO.exe
  C:\Windows\System\DGPLWNO.exe
  2⤵
  PID:4400
- C:\Windows\System\AYyYcir.exe
  C:\Windows\System\AYyYcir.exe
  2⤵
  PID:4420
- C:\Windows\System\ceNZZrU.exe
  C:\Windows\System\ceNZZrU.exe
  2⤵
  PID:4440
- C:\Windows\System\uCMHsls.exe
  C:\Windows\System\uCMHsls.exe
  2⤵
  PID:4464
- C:\Windows\System\spPqWSK.exe
  C:\Windows\System\spPqWSK.exe
  2⤵
  PID:4480
- C:\Windows\System\fpTyAMd.exe
  C:\Windows\System\fpTyAMd.exe
  2⤵
  PID:4496
- C:\Windows\System\CkTBSmr.exe
  C:\Windows\System\CkTBSmr.exe
  2⤵
  PID:4520
- C:\Windows\System\ptlzbXC.exe
  C:\Windows\System\ptlzbXC.exe
  2⤵
  PID:4540
- C:\Windows\System\SnJKSKY.exe
  C:\Windows\System\SnJKSKY.exe
  2⤵
  PID:4564
- C:\Windows\System\WnoiRAU.exe
  C:\Windows\System\WnoiRAU.exe
  2⤵
  PID:4580
- C:\Windows\System\sdsTKXu.exe
  C:\Windows\System\sdsTKXu.exe
  2⤵
  PID:4600
- C:\Windows\System\IftXPvA.exe
  C:\Windows\System\IftXPvA.exe
  2⤵
  PID:4620
- C:\Windows\System\SsQdLox.exe
  C:\Windows\System\SsQdLox.exe
  2⤵
  PID:4636
- C:\Windows\System\xAeysyy.exe
  C:\Windows\System\xAeysyy.exe
  2⤵
  PID:4660
- C:\Windows\System\zpvLBHp.exe
  C:\Windows\System\zpvLBHp.exe
  2⤵
  PID:4676
- C:\Windows\System\DalRMoa.exe
  C:\Windows\System\DalRMoa.exe
  2⤵
  PID:4696
- C:\Windows\System\CajeoZC.exe
  C:\Windows\System\CajeoZC.exe
  2⤵
  PID:4720
- C:\Windows\System\IlFGoPJ.exe
  C:\Windows\System\IlFGoPJ.exe
  2⤵
  PID:4736
- C:\Windows\System\VZXInHQ.exe
  C:\Windows\System\VZXInHQ.exe
  2⤵
  PID:4764
- C:\Windows\System\vkeKByX.exe
  C:\Windows\System\vkeKByX.exe
  2⤵
  PID:4780
- C:\Windows\System\JHJpvLb.exe
  C:\Windows\System\JHJpvLb.exe
  2⤵
  PID:4800
- C:\Windows\System\AJIwVGP.exe
  C:\Windows\System\AJIwVGP.exe
  2⤵
  PID:4820
- C:\Windows\System\wqXigxo.exe
  C:\Windows\System\wqXigxo.exe
  2⤵
  PID:4836
- C:\Windows\System\jSOSFyn.exe
  C:\Windows\System\jSOSFyn.exe
  2⤵
  PID:4852
- C:\Windows\System\rvcLkda.exe
  C:\Windows\System\rvcLkda.exe
  2⤵
  PID:4868
- C:\Windows\System\ZKsDyXD.exe
  C:\Windows\System\ZKsDyXD.exe
  2⤵
  PID:4892
- C:\Windows\System\VcPDGXI.exe
  C:\Windows\System\VcPDGXI.exe
  2⤵
  PID:4916
- C:\Windows\System\lVzWGhb.exe
  C:\Windows\System\lVzWGhb.exe
  2⤵
  PID:4936
- C:\Windows\System\iVaZgbC.exe
  C:\Windows\System\iVaZgbC.exe
  2⤵
  PID:4964
- C:\Windows\System\MshsoGB.exe
  C:\Windows\System\MshsoGB.exe
  2⤵
  PID:4980
- C:\Windows\System\IrTIbqe.exe
  C:\Windows\System\IrTIbqe.exe
  2⤵
  PID:5000
- C:\Windows\System\dOZYWsl.exe
  C:\Windows\System\dOZYWsl.exe
  2⤵
  PID:5020
- C:\Windows\System\skqePew.exe
  C:\Windows\System\skqePew.exe
  2⤵
  PID:5040
- C:\Windows\System\IWeWyxe.exe
  C:\Windows\System\IWeWyxe.exe
  2⤵
  PID:5060
- C:\Windows\System\wXmJdBp.exe
  C:\Windows\System\wXmJdBp.exe
  2⤵
  PID:5080
- C:\Windows\System\iCXvpfM.exe
  C:\Windows\System\iCXvpfM.exe
  2⤵
  PID:5096
- C:\Windows\System\iXfFjPS.exe
  C:\Windows\System\iXfFjPS.exe
  2⤵
  PID:5112
- C:\Windows\System\kDRlome.exe
  C:\Windows\System\kDRlome.exe
  2⤵
  PID:3832
- C:\Windows\System\kMakZYC.exe
  C:\Windows\System\kMakZYC.exe
  2⤵
  PID:3612
- C:\Windows\System\GBVQdxA.exe
  C:\Windows\System\GBVQdxA.exe
  2⤵
  PID:320
- C:\Windows\System\dBvLoZW.exe
  C:\Windows\System\dBvLoZW.exe
  2⤵
  PID:3952
- C:\Windows\System\EAluYid.exe
  C:\Windows\System\EAluYid.exe
  2⤵
  PID:4028
- C:\Windows\System\IhxmXBt.exe
  C:\Windows\System\IhxmXBt.exe
  2⤵
  PID:2984
- C:\Windows\System\TAcBchV.exe
  C:\Windows\System\TAcBchV.exe
  2⤵
  PID:3224
- C:\Windows\System\eYhZsjx.exe
  C:\Windows\System\eYhZsjx.exe
  2⤵
  PID:1548
- C:\Windows\System\AHgvWqc.exe
  C:\Windows\System\AHgvWqc.exe
  2⤵
  PID:2108
- C:\Windows\System\Qczcaht.exe
  C:\Windows\System\Qczcaht.exe
  2⤵
  PID:3376
- C:\Windows\System\FmAiSST.exe
  C:\Windows\System\FmAiSST.exe
  2⤵
  PID:3456
- C:\Windows\System\qNTgYvr.exe
  C:\Windows\System\qNTgYvr.exe
  2⤵
  PID:3296
- C:\Windows\System\zafOHhC.exe
  C:\Windows\System\zafOHhC.exe
  2⤵
  PID:3584
- C:\Windows\System\DEUnWGw.exe
  C:\Windows\System\DEUnWGw.exe
  2⤵
  PID:3572
- C:\Windows\System\TgTaTBo.exe
  C:\Windows\System\TgTaTBo.exe
  2⤵
  PID:4116
- C:\Windows\System\lwOKlnf.exe
  C:\Windows\System\lwOKlnf.exe
  2⤵
  PID:4136
- C:\Windows\System\kLLjtLA.exe
  C:\Windows\System\kLLjtLA.exe
  2⤵
  PID:4188
- C:\Windows\System\KeNUlHa.exe
  C:\Windows\System\KeNUlHa.exe
  2⤵
  PID:4176
- C:\Windows\System\xMzvJqS.exe
  C:\Windows\System\xMzvJqS.exe
  2⤵
  PID:4228
- C:\Windows\System\VOdycVt.exe
  C:\Windows\System\VOdycVt.exe
  2⤵
  PID:4216
- C:\Windows\System\zFFwCjn.exe
  C:\Windows\System\zFFwCjn.exe
  2⤵
  PID:4272
- C:\Windows\System\scxXnqf.exe
  C:\Windows\System\scxXnqf.exe
  2⤵
  PID:4312
- C:\Windows\System\MYCoYqN.exe
  C:\Windows\System\MYCoYqN.exe
  2⤵
  PID:4360
- C:\Windows\System\LaTUGTa.exe
  C:\Windows\System\LaTUGTa.exe
  2⤵
  PID:4288
- C:\Windows\System\VoinxDn.exe
  C:\Windows\System\VoinxDn.exe
  2⤵
  PID:4396
- C:\Windows\System\zizlwEo.exe
  C:\Windows\System\zizlwEo.exe
  2⤵
  PID:4436
- C:\Windows\System\qurxzGw.exe
  C:\Windows\System\qurxzGw.exe
  2⤵
  PID:4412
- C:\Windows\System\WHdVmtH.exe
  C:\Windows\System\WHdVmtH.exe
  2⤵
  PID:4448
- C:\Windows\System\rqMVVnz.exe
  C:\Windows\System\rqMVVnz.exe
  2⤵
  PID:4488
- C:\Windows\System\NcgvZbd.exe
  C:\Windows\System\NcgvZbd.exe
  2⤵
  PID:4612
- C:\Windows\System\waAsgKx.exe
  C:\Windows\System\waAsgKx.exe
  2⤵
  PID:4704
- C:\Windows\System\BlkbWtw.exe
  C:\Windows\System\BlkbWtw.exe
  2⤵
  PID:4652
- C:\Windows\System\XONWVAD.exe
  C:\Windows\System\XONWVAD.exe
  2⤵
  PID:4760
- C:\Windows\System\PwiuYEQ.exe
  C:\Windows\System\PwiuYEQ.exe
  2⤵
  PID:5108
- C:\Windows\System\bLfFqVf.exe
  C:\Windows\System\bLfFqVf.exe
  2⤵
  PID:2496
- C:\Windows\System\rHZIQJy.exe
  C:\Windows\System\rHZIQJy.exe
  2⤵
  PID:3252
- C:\Windows\System\LVeJOtY.exe
  C:\Windows\System\LVeJOtY.exe
  2⤵
  PID:4132
- C:\Windows\System\XqpUQBo.exe
  C:\Windows\System\XqpUQBo.exe
  2⤵
  PID:4688
- C:\Windows\System\YtEumvX.exe
  C:\Windows\System\YtEumvX.exe
  2⤵
  PID:4236
- C:\Windows\System\OgervLw.exe
  C:\Windows\System\OgervLw.exe
  2⤵
  PID:4808
- C:\Windows\System\zoJhrlt.exe
  C:\Windows\System\zoJhrlt.exe
  2⤵
  PID:4884
- C:\Windows\System\aNmeHut.exe
  C:\Windows\System\aNmeHut.exe
  2⤵
  PID:4888
- C:\Windows\System\wRfaGIn.exe
  C:\Windows\System\wRfaGIn.exe
  2⤵
  PID:4928
- C:\Windows\System\rjsgYNg.exe
  C:\Windows\System\rjsgYNg.exe
  2⤵
  PID:4972
- C:\Windows\System\vvrDAtT.exe
  C:\Windows\System\vvrDAtT.exe
  2⤵
  PID:5048
- C:\Windows\System\holSLbO.exe
  C:\Windows\System\holSLbO.exe
  2⤵
  PID:4556
- C:\Windows\System\rjMSBax.exe
  C:\Windows\System\rjMSBax.exe
  2⤵
  PID:4628
- C:\Windows\System\WHOoEVI.exe
  C:\Windows\System\WHOoEVI.exe
  2⤵
  PID:4648
- C:\Windows\System\wjagwbA.exe
  C:\Windows\System\wjagwbA.exe
  2⤵
  PID:5088
- C:\Windows\System\ndoZLdJ.exe
  C:\Windows\System\ndoZLdJ.exe
  2⤵
  PID:4372
- C:\Windows\System\KwAzilD.exe
  C:\Windows\System\KwAzilD.exe
  2⤵
  PID:4456
- C:\Windows\System\xnygvEA.exe
  C:\Windows\System\xnygvEA.exe
  2⤵
  PID:4668
- C:\Windows\System\DpwhTiz.exe
  C:\Windows\System\DpwhTiz.exe
  2⤵
  PID:3968
- C:\Windows\System\DuIoyTt.exe
  C:\Windows\System\DuIoyTt.exe
  2⤵
  PID:4168
- C:\Windows\System\GtOWVvt.exe
  C:\Windows\System\GtOWVvt.exe
  2⤵
  PID:3812
- C:\Windows\System\tXWAoVJ.exe
  C:\Windows\System\tXWAoVJ.exe
  2⤵
  PID:2216
- C:\Windows\System\TbuFmII.exe
  C:\Windows\System\TbuFmII.exe
  2⤵
  PID:3996
- C:\Windows\System\eaylbrN.exe
  C:\Windows\System\eaylbrN.exe
  2⤵
  PID:4948
- C:\Windows\System\RtXXRPM.exe
  C:\Windows\System\RtXXRPM.exe
  2⤵
  PID:4996
- C:\Windows\System\ejIaSCJ.exe
  C:\Windows\System\ejIaSCJ.exe
  2⤵
  PID:5068
- C:\Windows\System\VOGDulJ.exe
  C:\Windows\System\VOGDulJ.exe
  2⤵
  PID:3956
- C:\Windows\System\khJFAZW.exe
  C:\Windows\System\khJFAZW.exe
  2⤵
  PID:4776
- C:\Windows\System\lLpEYSU.exe
  C:\Windows\System\lLpEYSU.exe
  2⤵
  PID:3848
- C:\Windows\System\swdMsrS.exe
  C:\Windows\System\swdMsrS.exe
  2⤵
  PID:4428
- C:\Windows\System\yFhQrnO.exe
  C:\Windows\System\yFhQrnO.exe
  2⤵
  PID:4876
- C:\Windows\System\OyLGLim.exe
  C:\Windows\System\OyLGLim.exe
  2⤵
  PID:4516
- C:\Windows\System\idxyqOW.exe
  C:\Windows\System\idxyqOW.exe
  2⤵
  PID:4504
- C:\Windows\System\DidUUmr.exe
  C:\Windows\System\DidUUmr.exe
  2⤵
  PID:4716
- C:\Windows\System\qqIazty.exe
  C:\Windows\System\qqIazty.exe
  2⤵
  PID:4788
- C:\Windows\System\EPVFrxa.exe
  C:\Windows\System\EPVFrxa.exe
  2⤵
  PID:4408
- C:\Windows\System\KFaNgQh.exe
  C:\Windows\System\KFaNgQh.exe
  2⤵
  PID:4572
- C:\Windows\System\hLScXlQ.exe
  C:\Windows\System\hLScXlQ.exe
  2⤵
  PID:4268
- C:\Windows\System\RmHcqVY.exe
  C:\Windows\System\RmHcqVY.exe
  2⤵
  PID:3676
- C:\Windows\System\zkXNFYT.exe
  C:\Windows\System\zkXNFYT.exe
  2⤵
  PID:3112
- C:\Windows\System\utaddSq.exe
  C:\Windows\System\utaddSq.exe
  2⤵
  PID:4988
- C:\Windows\System\KMjDkrK.exe
  C:\Windows\System\KMjDkrK.exe
  2⤵
  PID:5104
- C:\Windows\System\EOIzaiz.exe
  C:\Windows\System\EOIzaiz.exe
  2⤵
  PID:4728
- C:\Windows\System\uyKDyHX.exe
  C:\Windows\System\uyKDyHX.exe
  2⤵
  PID:4732
- C:\Windows\System\QRTJqrt.exe
  C:\Windows\System\QRTJqrt.exe
  2⤵
  PID:4316
- C:\Windows\System\pjnjbCB.exe
  C:\Windows\System\pjnjbCB.exe
  2⤵
  PID:5012
- C:\Windows\System\lqSPWST.exe
  C:\Windows\System\lqSPWST.exe
  2⤵
  PID:4536
- C:\Windows\System\SOVnPLz.exe
  C:\Windows\System\SOVnPLz.exe
  2⤵
  PID:5124
- C:\Windows\System\FYfZdve.exe
  C:\Windows\System\FYfZdve.exe
  2⤵
  PID:5140
- C:\Windows\System\ICUCQCu.exe
  C:\Windows\System\ICUCQCu.exe
  2⤵
  PID:5156
- C:\Windows\System\GLpowXb.exe
  C:\Windows\System\GLpowXb.exe
  2⤵
  PID:5172
- C:\Windows\System\zbUjlLS.exe
  C:\Windows\System\zbUjlLS.exe
  2⤵
  PID:5188
- C:\Windows\System\LrtuTLA.exe
  C:\Windows\System\LrtuTLA.exe
  2⤵
  PID:5204
- C:\Windows\System\XibNZfZ.exe
  C:\Windows\System\XibNZfZ.exe
  2⤵
  PID:5220
- C:\Windows\System\uNLVghy.exe
  C:\Windows\System\uNLVghy.exe
  2⤵
  PID:5236
- C:\Windows\System\hVeNZPs.exe
  C:\Windows\System\hVeNZPs.exe
  2⤵
  PID:5252
- C:\Windows\System\KxRSIaQ.exe
  C:\Windows\System\KxRSIaQ.exe
  2⤵
  PID:5296
- C:\Windows\System\HtuLlcd.exe
  C:\Windows\System\HtuLlcd.exe
  2⤵
  PID:5316
- C:\Windows\System\qofbtfB.exe
  C:\Windows\System\qofbtfB.exe
  2⤵
  PID:5336
- C:\Windows\System\ggfRgCX.exe
  C:\Windows\System\ggfRgCX.exe
  2⤵
  PID:5352
- C:\Windows\System\YooYtCU.exe
  C:\Windows\System\YooYtCU.exe
  2⤵
  PID:5372
- C:\Windows\System\DWWBQNy.exe
  C:\Windows\System\DWWBQNy.exe
  2⤵
  PID:5392
- C:\Windows\System\SIDhinz.exe
  C:\Windows\System\SIDhinz.exe
  2⤵
  PID:5408
- C:\Windows\System\vgudNso.exe
  C:\Windows\System\vgudNso.exe
  2⤵
  PID:5460
- C:\Windows\System\mBRrLFY.exe
  C:\Windows\System\mBRrLFY.exe
  2⤵
  PID:5484
- C:\Windows\System\llsYWAh.exe
  C:\Windows\System\llsYWAh.exe
  2⤵
  PID:5500
- C:\Windows\System\RCOnCJu.exe
  C:\Windows\System\RCOnCJu.exe
  2⤵
  PID:5516
- C:\Windows\System\MgWbLac.exe
  C:\Windows\System\MgWbLac.exe
  2⤵
  PID:5536
- C:\Windows\System\aQqTaNE.exe
  C:\Windows\System\aQqTaNE.exe
  2⤵
  PID:5552
- C:\Windows\System\aAxWUzS.exe
  C:\Windows\System\aAxWUzS.exe
  2⤵
  PID:5568
- C:\Windows\System\jKETDnR.exe
  C:\Windows\System\jKETDnR.exe
  2⤵
  PID:5592
- C:\Windows\System\ttLyACl.exe
  C:\Windows\System\ttLyACl.exe
  2⤵
  PID:5612
- C:\Windows\System\hFqoKtH.exe
  C:\Windows\System\hFqoKtH.exe
  2⤵
  PID:5640
- C:\Windows\System\bVshMpU.exe
  C:\Windows\System\bVshMpU.exe
  2⤵
  PID:5656
- C:\Windows\System\ypynTQg.exe
  C:\Windows\System\ypynTQg.exe
  2⤵
  PID:5680
- C:\Windows\System\utbXYgW.exe
  C:\Windows\System\utbXYgW.exe
  2⤵
  PID:5700
- C:\Windows\System\BIOVOLE.exe
  C:\Windows\System\BIOVOLE.exe
  2⤵
  PID:5716
- C:\Windows\System\rOIoLdb.exe
  C:\Windows\System\rOIoLdb.exe
  2⤵
  PID:5736
- C:\Windows\System\mzXbHEa.exe
  C:\Windows\System\mzXbHEa.exe
  2⤵
  PID:5760
- C:\Windows\System\diCQkAy.exe
  C:\Windows\System\diCQkAy.exe
  2⤵
  PID:5776
- C:\Windows\System\MGnwWlP.exe
  C:\Windows\System\MGnwWlP.exe
  2⤵
  PID:5800
- C:\Windows\System\dnXTdrX.exe
  C:\Windows\System\dnXTdrX.exe
  2⤵
  PID:5820
- C:\Windows\System\CEVUSuR.exe
  C:\Windows\System\CEVUSuR.exe
  2⤵
  PID:5840
- C:\Windows\System\MyhoLmS.exe
  C:\Windows\System\MyhoLmS.exe
  2⤵
  PID:5860
- C:\Windows\System\orUhAJF.exe
  C:\Windows\System\orUhAJF.exe
  2⤵
  PID:5880
- C:\Windows\System\XZgdeUo.exe
  C:\Windows\System\XZgdeUo.exe
  2⤵
  PID:5900
- C:\Windows\System\HPdQtqv.exe
  C:\Windows\System\HPdQtqv.exe
  2⤵
  PID:5920
- C:\Windows\System\YAKvlzG.exe
  C:\Windows\System\YAKvlzG.exe
  2⤵
  PID:5936
- C:\Windows\System\JPxrPQe.exe
  C:\Windows\System\JPxrPQe.exe
  2⤵
  PID:5956
- C:\Windows\System\fslgCwg.exe
  C:\Windows\System\fslgCwg.exe
  2⤵
  PID:5976
- C:\Windows\System\GhEtBor.exe
  C:\Windows\System\GhEtBor.exe
  2⤵
  PID:6004
- C:\Windows\System\CArTwLB.exe
  C:\Windows\System\CArTwLB.exe
  2⤵
  PID:6020
- C:\Windows\System\alyLzkm.exe
  C:\Windows\System\alyLzkm.exe
  2⤵
  PID:6036
- C:\Windows\System\SIUhqoR.exe
  C:\Windows\System\SIUhqoR.exe
  2⤵
  PID:6052
- C:\Windows\System\VYgdmAo.exe
  C:\Windows\System\VYgdmAo.exe
  2⤵
  PID:6068
- C:\Windows\System\FndIawF.exe
  C:\Windows\System\FndIawF.exe
  2⤵
  PID:6088
- C:\Windows\System\DRndulS.exe
  C:\Windows\System\DRndulS.exe
  2⤵
  PID:6104
- C:\Windows\System\GUNUdrQ.exe
  C:\Windows\System\GUNUdrQ.exe
  2⤵
  PID:6120
- C:\Windows\System\MvdoQpC.exe
  C:\Windows\System\MvdoQpC.exe
  2⤵
  PID:6136
- C:\Windows\System\qeDDkAL.exe
  C:\Windows\System\qeDDkAL.exe
  2⤵
  PID:4748
- C:\Windows\System\MDnEomO.exe
  C:\Windows\System\MDnEomO.exe
  2⤵
  PID:3504
- C:\Windows\System\XswbvAe.exe
  C:\Windows\System\XswbvAe.exe
  2⤵
  PID:3764
- C:\Windows\System\EnGiWcJ.exe
  C:\Windows\System\EnGiWcJ.exe
  2⤵
  PID:4592
- C:\Windows\System\mLJLjFw.exe
  C:\Windows\System\mLJLjFw.exe
  2⤵
  PID:4460
- C:\Windows\System\zAWhqMs.exe
  C:\Windows\System\zAWhqMs.exe
  2⤵
  PID:4152
- C:\Windows\System\JazCpHi.exe
  C:\Windows\System\JazCpHi.exe
  2⤵
  PID:4904
- C:\Windows\System\pBWQjYo.exe
  C:\Windows\System\pBWQjYo.exe
  2⤵
  PID:5312
- C:\Windows\System\uVnRjuz.exe
  C:\Windows\System\uVnRjuz.exe
  2⤵
  PID:4172
- C:\Windows\System\yjSXhFn.exe
  C:\Windows\System\yjSXhFn.exe
  2⤵
  PID:5348
- C:\Windows\System\yuuWPfy.exe
  C:\Windows\System\yuuWPfy.exe
  2⤵
  PID:5416
- C:\Windows\System\UGNlDlL.exe
  C:\Windows\System\UGNlDlL.exe
  2⤵
  PID:5432
- C:\Windows\System\bWhvjcj.exe
  C:\Windows\System\bWhvjcj.exe
  2⤵
  PID:5272
- C:\Windows\System\aLdDIWV.exe
  C:\Windows\System\aLdDIWV.exe
  2⤵
  PID:5292
- C:\Windows\System\WnTBJOY.exe
  C:\Windows\System\WnTBJOY.exe
  2⤵
  PID:5324
- C:\Windows\System\wufWNQX.exe
  C:\Windows\System\wufWNQX.exe
  2⤵
  PID:5200
- C:\Windows\System\BPPqMEi.exe
  C:\Windows\System\BPPqMEi.exe
  2⤵
  PID:5404
- C:\Windows\System\xMLuupY.exe
  C:\Windows\System\xMLuupY.exe
  2⤵
  PID:5496
- C:\Windows\System\wtTxSZr.exe
  C:\Windows\System\wtTxSZr.exe
  2⤵
  PID:5564
- C:\Windows\System\uYilnXG.exe
  C:\Windows\System\uYilnXG.exe
  2⤵
  PID:5608
- C:\Windows\System\UcGBkvr.exe
  C:\Windows\System\UcGBkvr.exe
  2⤵
  PID:5580
- C:\Windows\System\aSfIXgc.exe
  C:\Windows\System\aSfIXgc.exe
  2⤵
  PID:5508
- C:\Windows\System\KIXrNrJ.exe
  C:\Windows\System\KIXrNrJ.exe
  2⤵
  PID:5732
- C:\Windows\System\NSLBLoS.exe
  C:\Windows\System\NSLBLoS.exe
  2⤵
  PID:5628
- C:\Windows\System\VqVZItS.exe
  C:\Windows\System\VqVZItS.exe
  2⤵
  PID:5668
- C:\Windows\System\jjznefc.exe
  C:\Windows\System\jjznefc.exe
  2⤵
  PID:5712
- C:\Windows\System\FWqjHrX.exe
  C:\Windows\System\FWqjHrX.exe
  2⤵
  PID:5848
- C:\Windows\System\DsnKDaL.exe
  C:\Windows\System\DsnKDaL.exe
  2⤵
  PID:5792
- C:\Windows\System\MwysbOC.exe
  C:\Windows\System\MwysbOC.exe
  2⤵
  PID:5892
- C:\Windows\System\FqNrVGk.exe
  C:\Windows\System\FqNrVGk.exe
  2⤵
  PID:5964
- C:\Windows\System\OImjEDJ.exe
  C:\Windows\System\OImjEDJ.exe
  2⤵
  PID:1852
- C:\Windows\System\CIvzkWE.exe
  C:\Windows\System\CIvzkWE.exe
  2⤵
  PID:6080
- C:\Windows\System\PoGsyjg.exe
  C:\Windows\System\PoGsyjg.exe
  2⤵
  PID:5008
- C:\Windows\System\fKWjWQt.exe
  C:\Windows\System\fKWjWQt.exe
  2⤵
  PID:2868
- C:\Windows\System\jgiikZT.exe
  C:\Windows\System\jgiikZT.exe
  2⤵
  PID:5836
- C:\Windows\System\lhXTDaT.exe
  C:\Windows\System\lhXTDaT.exe
  2⤵
  PID:2200
- C:\Windows\System\psFOazQ.exe
  C:\Windows\System\psFOazQ.exe
  2⤵
  PID:4960
- C:\Windows\System\WvmyBML.exe
  C:\Windows\System\WvmyBML.exe
  2⤵
  PID:5388
- C:\Windows\System\BdgpVZo.exe
  C:\Windows\System\BdgpVZo.exe
  2⤵
  PID:5908
- C:\Windows\System\BDnxbyo.exe
  C:\Windows\System\BDnxbyo.exe
  2⤵
  PID:5988
- C:\Windows\System\qnbTwbm.exe
  C:\Windows\System\qnbTwbm.exe
  2⤵
  PID:5400
- C:\Windows\System\JzWqTfN.exe
  C:\Windows\System\JzWqTfN.exe
  2⤵
  PID:4644
- C:\Windows\System\sFyFoHK.exe
  C:\Windows\System\sFyFoHK.exe
  2⤵
  PID:2844
- C:\Windows\System\jkrluNE.exe
  C:\Windows\System\jkrluNE.exe
  2⤵
  PID:4032
- C:\Windows\System\EUtgzgh.exe
  C:\Windows\System\EUtgzgh.exe
  2⤵
  PID:5032
- C:\Windows\System\DInbfTx.exe
  C:\Windows\System\DInbfTx.exe
  2⤵
  PID:6032
- C:\Windows\System\jOrMzlI.exe
  C:\Windows\System\jOrMzlI.exe
  2⤵
  PID:6100
- C:\Windows\System\hKHUoha.exe
  C:\Windows\System\hKHUoha.exe
  2⤵
  PID:5152
- C:\Windows\System\ffZCwhl.exe
  C:\Windows\System\ffZCwhl.exe
  2⤵
  PID:4416
- C:\Windows\System\pnyDLKy.exe
  C:\Windows\System\pnyDLKy.exe
  2⤵
  PID:1800
- C:\Windows\System\SnfSKAi.exe
  C:\Windows\System\SnfSKAi.exe
  2⤵
  PID:5648
- C:\Windows\System\iJMGEXM.exe
  C:\Windows\System\iJMGEXM.exe
  2⤵
  PID:5288
- C:\Windows\System\vHfCWwL.exe
  C:\Windows\System\vHfCWwL.exe
  2⤵
  PID:5472
- C:\Windows\System\tEILvaz.exe
  C:\Windows\System\tEILvaz.exe
  2⤵
  PID:5548
- C:\Windows\System\RShKCro.exe
  C:\Windows\System\RShKCro.exe
  2⤵
  PID:5280
- C:\Windows\System\zlyveDM.exe
  C:\Windows\System\zlyveDM.exe
  2⤵
  PID:5260
- C:\Windows\System\SExZvyw.exe
  C:\Windows\System\SExZvyw.exe
  2⤵
  PID:5772
- C:\Windows\System\eiilyio.exe
  C:\Windows\System\eiilyio.exe
  2⤵
  PID:5636
- C:\Windows\System\MYklzDA.exe
  C:\Windows\System\MYklzDA.exe
  2⤵
  PID:5756
- C:\Windows\System\DFKSxEz.exe
  C:\Windows\System\DFKSxEz.exe
  2⤵
  PID:5676
- C:\Windows\System\ABxrANj.exe
  C:\Windows\System\ABxrANj.exe
  2⤵
  PID:5896
- C:\Windows\System\UttkENN.exe
  C:\Windows\System\UttkENN.exe
  2⤵
  PID:4348
- C:\Windows\System\Egtydnf.exe
  C:\Windows\System\Egtydnf.exe
  2⤵
  PID:5916
- C:\Windows\System\dgWqGzl.exe
  C:\Windows\System\dgWqGzl.exe
  2⤵
  PID:6048
- C:\Windows\System\GakAJrb.exe
  C:\Windows\System\GakAJrb.exe
  2⤵
  PID:5992
- C:\Windows\System\bjTZMBk.exe
  C:\Windows\System\bjTZMBk.exe
  2⤵
  PID:5872
- C:\Windows\System\KezQqta.exe
  C:\Windows\System\KezQqta.exe
  2⤵
  PID:5364
- C:\Windows\System\ORjcCOn.exe
  C:\Windows\System\ORjcCOn.exe
  2⤵
  PID:5036
- C:\Windows\System\OKnOKbJ.exe
  C:\Windows\System\OKnOKbJ.exe
  2⤵
  PID:5184
- C:\Windows\System\FzOZegx.exe
  C:\Windows\System\FzOZegx.exe
  2⤵
  PID:4656
- C:\Windows\System\ORmjdDn.exe
  C:\Windows\System\ORmjdDn.exe
  2⤵
  PID:5456
- C:\Windows\System\qZRajBA.exe
  C:\Windows\System\qZRajBA.exe
  2⤵
  PID:5284
- C:\Windows\System\ZODKkig.exe
  C:\Windows\System\ZODKkig.exe
  2⤵
  PID:5748
- C:\Windows\System\XWIDMTq.exe
  C:\Windows\System\XWIDMTq.exe
  2⤵
  PID:5588
- C:\Windows\System\PRFxyVb.exe
  C:\Windows\System\PRFxyVb.exe
  2⤵
  PID:5136
- C:\Windows\System\JhryEbl.exe
  C:\Windows\System\JhryEbl.exe
  2⤵
  PID:2368
- C:\Windows\System\oVTQpvy.exe
  C:\Windows\System\oVTQpvy.exe
  2⤵
  PID:2672
- C:\Windows\System\LDsponD.exe
  C:\Windows\System\LDsponD.exe
  2⤵
  PID:2864
- C:\Windows\System\lzMelrv.exe
  C:\Windows\System\lzMelrv.exe
  2⤵
  PID:5828
- C:\Windows\System\vIOQzgm.exe
  C:\Windows\System\vIOQzgm.exe
  2⤵
  PID:5368
- C:\Windows\System\JpQcPRD.exe
  C:\Windows\System\JpQcPRD.exe
  2⤵
  PID:6112
- C:\Windows\System\FPIJBaW.exe
  C:\Windows\System\FPIJBaW.exe
  2⤵
  PID:5816
- C:\Windows\System\lxsPyht.exe
  C:\Windows\System\lxsPyht.exe
  2⤵
  PID:5944
- C:\Windows\System\MZcQKAL.exe
  C:\Windows\System\MZcQKAL.exe
  2⤵
  PID:5532
- C:\Windows\System\ORkqhVq.exe
  C:\Windows\System\ORkqhVq.exe
  2⤵
  PID:5768
- C:\Windows\System\jwEvMbv.exe
  C:\Windows\System\jwEvMbv.exe
  2⤵
  PID:2808
- C:\Windows\System\jOTpcFV.exe
  C:\Windows\System\jOTpcFV.exe
  2⤵
  PID:5248
- C:\Windows\System\srRcvaP.exe
  C:\Windows\System\srRcvaP.exe
  2⤵
  PID:5832
- C:\Windows\System\xSeLTfX.exe
  C:\Windows\System\xSeLTfX.exe
  2⤵
  PID:6164
- C:\Windows\System\fwUMHim.exe
  C:\Windows\System\fwUMHim.exe
  2⤵
  PID:6184
- C:\Windows\System\PFnntjn.exe
  C:\Windows\System\PFnntjn.exe
  2⤵
  PID:6204
- C:\Windows\System\OODJUIF.exe
  C:\Windows\System\OODJUIF.exe
  2⤵
  PID:6224
- C:\Windows\System\RDoXUZA.exe
  C:\Windows\System\RDoXUZA.exe
  2⤵
  PID:6244
- C:\Windows\System\QYCanen.exe
  C:\Windows\System\QYCanen.exe
  2⤵
  PID:6260
- C:\Windows\System\lcDhvNW.exe
  C:\Windows\System\lcDhvNW.exe
  2⤵
  PID:6284
- C:\Windows\System\cENfwYJ.exe
  C:\Windows\System\cENfwYJ.exe
  2⤵
  PID:6304
- C:\Windows\System\MtJMJcq.exe
  C:\Windows\System\MtJMJcq.exe
  2⤵
  PID:6324
- C:\Windows\System\dESKCuQ.exe
  C:\Windows\System\dESKCuQ.exe
  2⤵
  PID:6344
- C:\Windows\System\EfkXyNT.exe
  C:\Windows\System\EfkXyNT.exe
  2⤵
  PID:6364
- C:\Windows\System\mXcmHcp.exe
  C:\Windows\System\mXcmHcp.exe
  2⤵
  PID:6384
- C:\Windows\System\oPrPvmS.exe
  C:\Windows\System\oPrPvmS.exe
  2⤵
  PID:6404
- C:\Windows\System\zuHQxBJ.exe
  C:\Windows\System\zuHQxBJ.exe
  2⤵
  PID:6424
- C:\Windows\System\tDmLKwG.exe
  C:\Windows\System\tDmLKwG.exe
  2⤵
  PID:6444
- C:\Windows\System\QcwLWpE.exe
  C:\Windows\System\QcwLWpE.exe
  2⤵
  PID:6464
- C:\Windows\System\UnnVZLA.exe
  C:\Windows\System\UnnVZLA.exe
  2⤵
  PID:6484
- C:\Windows\System\vjaigTy.exe
  C:\Windows\System\vjaigTy.exe
  2⤵
  PID:6504
- C:\Windows\System\JHDWUWI.exe
  C:\Windows\System\JHDWUWI.exe
  2⤵
  PID:6524
- C:\Windows\System\dzLxGRg.exe
  C:\Windows\System\dzLxGRg.exe
  2⤵
  PID:6544
- C:\Windows\System\PdNlJtQ.exe
  C:\Windows\System\PdNlJtQ.exe
  2⤵
  PID:6564
- C:\Windows\System\zdYeTWT.exe
  C:\Windows\System\zdYeTWT.exe
  2⤵
  PID:6584
- C:\Windows\System\EaaBOjN.exe
  C:\Windows\System\EaaBOjN.exe
  2⤵
  PID:6604
- C:\Windows\System\MHTcfJz.exe
  C:\Windows\System\MHTcfJz.exe
  2⤵
  PID:6624
- C:\Windows\System\vKwvNkZ.exe
  C:\Windows\System\vKwvNkZ.exe
  2⤵
  PID:6644
- C:\Windows\System\hgLYuDQ.exe
  C:\Windows\System\hgLYuDQ.exe
  2⤵
  PID:6664
- C:\Windows\System\hArIhyv.exe
  C:\Windows\System\hArIhyv.exe
  2⤵
  PID:6684
- C:\Windows\System\DcCGEQK.exe
  C:\Windows\System\DcCGEQK.exe
  2⤵
  PID:6704
- C:\Windows\System\VchxouL.exe
  C:\Windows\System\VchxouL.exe
  2⤵
  PID:6724
- C:\Windows\System\iWtwpes.exe
  C:\Windows\System\iWtwpes.exe
  2⤵
  PID:6744
- C:\Windows\System\RiwShZt.exe
  C:\Windows\System\RiwShZt.exe
  2⤵
  PID:6764
- C:\Windows\System\AEWjpFI.exe
  C:\Windows\System\AEWjpFI.exe
  2⤵
  PID:6784
- C:\Windows\System\NPJoHwt.exe
  C:\Windows\System\NPJoHwt.exe
  2⤵
  PID:6804
- C:\Windows\System\zXtWdMk.exe
  C:\Windows\System\zXtWdMk.exe
  2⤵
  PID:6824
- C:\Windows\System\enuLygy.exe
  C:\Windows\System\enuLygy.exe
  2⤵
  PID:6844
- C:\Windows\System\HXjFJkM.exe
  C:\Windows\System\HXjFJkM.exe
  2⤵
  PID:6864
- C:\Windows\System\rGNjIzB.exe
  C:\Windows\System\rGNjIzB.exe
  2⤵
  PID:6884
- C:\Windows\System\dowtkTY.exe
  C:\Windows\System\dowtkTY.exe
  2⤵
  PID:6904
- C:\Windows\System\AFoDCTT.exe
  C:\Windows\System\AFoDCTT.exe
  2⤵
  PID:6924
- C:\Windows\System\DFBYTeT.exe
  C:\Windows\System\DFBYTeT.exe
  2⤵
  PID:6944
- C:\Windows\System\JRdESln.exe
  C:\Windows\System\JRdESln.exe
  2⤵
  PID:6964
- C:\Windows\System\dtLdVCH.exe
  C:\Windows\System\dtLdVCH.exe
  2⤵
  PID:6984
- C:\Windows\System\hXLgvMi.exe
  C:\Windows\System\hXLgvMi.exe
  2⤵
  PID:7004
- C:\Windows\System\xdIUroy.exe
  C:\Windows\System\xdIUroy.exe
  2⤵
  PID:7024
- C:\Windows\System\dxCNIDs.exe
  C:\Windows\System\dxCNIDs.exe
  2⤵
  PID:7044
- C:\Windows\System\uNMWwmF.exe
  C:\Windows\System\uNMWwmF.exe
  2⤵
  PID:7064
- C:\Windows\System\RtUOaml.exe
  C:\Windows\System\RtUOaml.exe
  2⤵
  PID:7084
- C:\Windows\System\DndQwPv.exe
  C:\Windows\System\DndQwPv.exe
  2⤵
  PID:7104
- C:\Windows\System\OdHJcxS.exe
  C:\Windows\System\OdHJcxS.exe
  2⤵
  PID:7124
- C:\Windows\System\LLhejBm.exe
  C:\Windows\System\LLhejBm.exe
  2⤵
  PID:7144
- C:\Windows\System\AnSVqdK.exe
  C:\Windows\System\AnSVqdK.exe
  2⤵
  PID:7164
- C:\Windows\System\pAUSWlj.exe
  C:\Windows\System\pAUSWlj.exe
  2⤵
  PID:5216
- C:\Windows\System\tACxKzQ.exe
  C:\Windows\System\tACxKzQ.exe
  2⤵
  PID:6064
- C:\Windows\System\RGzcPdl.exe
  C:\Windows\System\RGzcPdl.exe
  2⤵
  PID:5752
- C:\Windows\System\TMZJiKb.exe
  C:\Windows\System\TMZJiKb.exe
  2⤵
  PID:5620
- C:\Windows\System\KVSSsME.exe
  C:\Windows\System\KVSSsME.exe
  2⤵
  PID:2852
- C:\Windows\System\nRoEqlO.exe
  C:\Windows\System\nRoEqlO.exe
  2⤵
  PID:6128
- C:\Windows\System\DHpnIvQ.exe
  C:\Windows\System\DHpnIvQ.exe
  2⤵
  PID:2800
- C:\Windows\System\tczlDhp.exe
  C:\Windows\System\tczlDhp.exe
  2⤵
  PID:4944
- C:\Windows\System\UPmOZxx.exe
  C:\Windows\System\UPmOZxx.exe
  2⤵
  PID:6172
- C:\Windows\System\tvfTBAn.exe
  C:\Windows\System\tvfTBAn.exe
  2⤵
  PID:6196
- C:\Windows\System\DJhybcF.exe
  C:\Windows\System\DJhybcF.exe
  2⤵
  PID:6216
- C:\Windows\System\XFhPIzX.exe
  C:\Windows\System\XFhPIzX.exe
  2⤵
  PID:6256
- C:\Windows\System\XzvDxjv.exe
  C:\Windows\System\XzvDxjv.exe
  2⤵
  PID:6300
- C:\Windows\System\mvaIPdw.exe
  C:\Windows\System\mvaIPdw.exe
  2⤵
  PID:6332
- C:\Windows\System\aLVMIWw.exe
  C:\Windows\System\aLVMIWw.exe
  2⤵
  PID:6356
- C:\Windows\System\hgFadJf.exe
  C:\Windows\System\hgFadJf.exe
  2⤵
  PID:6396
- C:\Windows\System\fVKAqKc.exe
  C:\Windows\System\fVKAqKc.exe
  2⤵
  PID:6420
- C:\Windows\System\WarTXed.exe
  C:\Windows\System\WarTXed.exe
  2⤵
  PID:6472
- C:\Windows\System\IAEbyeJ.exe
  C:\Windows\System\IAEbyeJ.exe
  2⤵
  PID:6496
- C:\Windows\System\ybQZpWp.exe
  C:\Windows\System\ybQZpWp.exe
  2⤵
  PID:6552
- C:\Windows\System\GdNEyYU.exe
  C:\Windows\System\GdNEyYU.exe
  2⤵
  PID:6572
- C:\Windows\System\gkEHccZ.exe
  C:\Windows\System\gkEHccZ.exe
  2⤵
  PID:6576
- C:\Windows\System\KxVbHbH.exe
  C:\Windows\System\KxVbHbH.exe
  2⤵
  PID:6640
- C:\Windows\System\JKWkaOD.exe
  C:\Windows\System\JKWkaOD.exe
  2⤵
  PID:6680
- C:\Windows\System\odkrktp.exe
  C:\Windows\System\odkrktp.exe
  2⤵
  PID:6700
- C:\Windows\System\IFPwCTf.exe
  C:\Windows\System\IFPwCTf.exe
  2⤵
  PID:6752
- C:\Windows\System\JAaLILj.exe
  C:\Windows\System\JAaLILj.exe
  2⤵
  PID:6772
- C:\Windows\System\bickXrl.exe
  C:\Windows\System\bickXrl.exe
  2⤵
  PID:6796
- C:\Windows\System\LcPJOuK.exe
  C:\Windows\System\LcPJOuK.exe
  2⤵
  PID:6840
- C:\Windows\System\AdiKahy.exe
  C:\Windows\System\AdiKahy.exe
  2⤵
  PID:6872
- C:\Windows\System\LxkVVmx.exe
  C:\Windows\System\LxkVVmx.exe
  2⤵
  PID:6900
- C:\Windows\System\GlMQJTF.exe
  C:\Windows\System\GlMQJTF.exe
  2⤵
  PID:6952
- C:\Windows\System\acNoBNN.exe
  C:\Windows\System\acNoBNN.exe
  2⤵
  PID:6940
- C:\Windows\System\iWWmoty.exe
  C:\Windows\System\iWWmoty.exe
  2⤵
  PID:6992
- C:\Windows\System\WFSFlsA.exe
  C:\Windows\System\WFSFlsA.exe
  2⤵
  PID:7040
- C:\Windows\System\eUQEcVo.exe
  C:\Windows\System\eUQEcVo.exe
  2⤵
  PID:7072
- C:\Windows\System\vtDlNWG.exe
  C:\Windows\System\vtDlNWG.exe
  2⤵
  PID:7092
- C:\Windows\System\KXauKqS.exe
  C:\Windows\System\KXauKqS.exe
  2⤵
  PID:7160
- C:\Windows\System\WDaLxUj.exe
  C:\Windows\System\WDaLxUj.exe
  2⤵
  PID:7140
- C:\Windows\System\vxkqtOD.exe
  C:\Windows\System\vxkqtOD.exe
  2⤵
  PID:6000
- C:\Windows\System\XSTdPld.exe
  C:\Windows\System\XSTdPld.exe
  2⤵
  PID:6012
- C:\Windows\System\cKhIkWm.exe
  C:\Windows\System\cKhIkWm.exe
  2⤵
  PID:956
- C:\Windows\System\KjzVCAP.exe
  C:\Windows\System\KjzVCAP.exe
  2⤵
  PID:5344
- C:\Windows\System\gkeMNLP.exe
  C:\Windows\System\gkeMNLP.exe
  2⤵
  PID:5028
- C:\Windows\System\lazSegH.exe
  C:\Windows\System\lazSegH.exe
  2⤵
  PID:6176
- C:\Windows\System\JHNHXij.exe
  C:\Windows\System\JHNHXij.exe
  2⤵
  PID:6220
- C:\Windows\System\TnENsNF.exe
  C:\Windows\System\TnENsNF.exe
  2⤵
  PID:6312
- C:\Windows\System\QWUBrGu.exe
  C:\Windows\System\QWUBrGu.exe
  2⤵
  PID:6400
- C:\Windows\System\xbjGcEx.exe
  C:\Windows\System\xbjGcEx.exe
  2⤵
  PID:6336
- C:\Windows\System\KqbcSmW.exe
  C:\Windows\System\KqbcSmW.exe
  2⤵
  PID:6412
- C:\Windows\System\PGphbnJ.exe
  C:\Windows\System\PGphbnJ.exe
  2⤵
  PID:6492
- C:\Windows\System\uJiLqzQ.exe
  C:\Windows\System\uJiLqzQ.exe
  2⤵
  PID:6596
- C:\Windows\System\pFlTXDp.exe
  C:\Windows\System\pFlTXDp.exe
  2⤵
  PID:6632
- C:\Windows\System\ZkRijjI.exe
  C:\Windows\System\ZkRijjI.exe
  2⤵
  PID:6720
- C:\Windows\System\sMNIdIo.exe
  C:\Windows\System\sMNIdIo.exe
  2⤵
  PID:6692
- C:\Windows\System\oUNyWQZ.exe
  C:\Windows\System\oUNyWQZ.exe
  2⤵
  PID:6776
- C:\Windows\System\rLkvDJm.exe
  C:\Windows\System\rLkvDJm.exe
  2⤵
  PID:2308
- C:\Windows\System\FvfBgVL.exe
  C:\Windows\System\FvfBgVL.exe
  2⤵
  PID:6876
- C:\Windows\System\cDXovtc.exe
  C:\Windows\System\cDXovtc.exe
  2⤵
  PID:6972
- C:\Windows\System\GDdEHko.exe
  C:\Windows\System\GDdEHko.exe
  2⤵
  PID:6932
- C:\Windows\System\wKCfYix.exe
  C:\Windows\System\wKCfYix.exe
  2⤵
  PID:7036
- C:\Windows\System\NGlgtAJ.exe
  C:\Windows\System\NGlgtAJ.exe
  2⤵
  PID:7152
- C:\Windows\System\wiVoGer.exe
  C:\Windows\System\wiVoGer.exe
  2⤵
  PID:5164
- C:\Windows\System\ltwpBzx.exe
  C:\Windows\System\ltwpBzx.exe
  2⤵
  PID:6076
- C:\Windows\System\DacYTHP.exe
  C:\Windows\System\DacYTHP.exe
  2⤵
  PID:5984
- C:\Windows\System\iGiycld.exe
  C:\Windows\System\iGiycld.exe
  2⤵
  PID:5812
- C:\Windows\System\aQYIQZJ.exe
  C:\Windows\System\aQYIQZJ.exe
  2⤵
  PID:6160
- C:\Windows\System\WasAGCA.exe
  C:\Windows\System\WasAGCA.exe
  2⤵
  PID:6380
- C:\Windows\System\paHqaPN.exe
  C:\Windows\System\paHqaPN.exe
  2⤵
  PID:6416
- C:\Windows\System\nSgXNBO.exe
  C:\Windows\System\nSgXNBO.exe
  2⤵
  PID:2992
- C:\Windows\System\QoojMrM.exe
  C:\Windows\System\QoojMrM.exe
  2⤵
  PID:6560
- C:\Windows\System\uKannwx.exe
  C:\Windows\System\uKannwx.exe
  2⤵
  PID:6620
- C:\Windows\System\uXnzRVR.exe
  C:\Windows\System\uXnzRVR.exe
  2⤵
  PID:6676
- C:\Windows\System\XcjZiBD.exe
  C:\Windows\System\XcjZiBD.exe
  2⤵
  PID:6816
- C:\Windows\System\sufdpfC.exe
  C:\Windows\System\sufdpfC.exe
  2⤵
  PID:6892
- C:\Windows\System\pZPuARd.exe
  C:\Windows\System\pZPuARd.exe
  2⤵
  PID:7184
- C:\Windows\System\eomkZNK.exe
  C:\Windows\System\eomkZNK.exe
  2⤵
  PID:7204
- C:\Windows\System\eehAPDe.exe
  C:\Windows\System\eehAPDe.exe
  2⤵
  PID:7224
- C:\Windows\System\LvNGpVD.exe
  C:\Windows\System\LvNGpVD.exe
  2⤵
  PID:7244
- C:\Windows\System\HfgjAsJ.exe
  C:\Windows\System\HfgjAsJ.exe
  2⤵
  PID:7264
- C:\Windows\System\eqrRgnb.exe
  C:\Windows\System\eqrRgnb.exe
  2⤵
  PID:7280
- C:\Windows\System\DIwkUct.exe
  C:\Windows\System\DIwkUct.exe
  2⤵
  PID:7304
- C:\Windows\System\DRrQHFK.exe
  C:\Windows\System\DRrQHFK.exe
  2⤵
  PID:7324
- C:\Windows\System\xnvAUYE.exe
  C:\Windows\System\xnvAUYE.exe
  2⤵
  PID:7344
- C:\Windows\System\hNBxmSX.exe
  C:\Windows\System\hNBxmSX.exe
  2⤵
  PID:7364
- C:\Windows\System\hNVVnkR.exe
  C:\Windows\System\hNVVnkR.exe
  2⤵
  PID:7384
- C:\Windows\System\VDvobEY.exe
  C:\Windows\System\VDvobEY.exe
  2⤵
  PID:7404
- C:\Windows\System\GguOsth.exe
  C:\Windows\System\GguOsth.exe
  2⤵
  PID:7424
- C:\Windows\System\RegjADt.exe
  C:\Windows\System\RegjADt.exe
  2⤵
  PID:7444
- C:\Windows\System\cDcrndc.exe
  C:\Windows\System\cDcrndc.exe
  2⤵
  PID:7464
- C:\Windows\System\etRvFXM.exe
  C:\Windows\System\etRvFXM.exe
  2⤵
  PID:7484
- C:\Windows\System\TvQIMml.exe
  C:\Windows\System\TvQIMml.exe
  2⤵
  PID:7504
- C:\Windows\System\iUOVBIo.exe
  C:\Windows\System\iUOVBIo.exe
  2⤵
  PID:7524
- C:\Windows\System\WAsmPQC.exe
  C:\Windows\System\WAsmPQC.exe
  2⤵
  PID:7544
- C:\Windows\System\xJuqypo.exe
  C:\Windows\System\xJuqypo.exe
  2⤵
  PID:7564
- C:\Windows\System\LPyDhRt.exe
  C:\Windows\System\LPyDhRt.exe
  2⤵
  PID:7584
- C:\Windows\System\syTKNEz.exe
  C:\Windows\System\syTKNEz.exe
  2⤵
  PID:7604
- C:\Windows\System\hSJcGuf.exe
  C:\Windows\System\hSJcGuf.exe
  2⤵
  PID:7624
- C:\Windows\System\JSSGMCw.exe
  C:\Windows\System\JSSGMCw.exe
  2⤵
  PID:7644
- C:\Windows\System\bDhNXeA.exe
  C:\Windows\System\bDhNXeA.exe
  2⤵
  PID:7664
- C:\Windows\System\eOBfcqx.exe
  C:\Windows\System\eOBfcqx.exe
  2⤵
  PID:7680
- C:\Windows\System\AdDQrXw.exe
  C:\Windows\System\AdDQrXw.exe
  2⤵
  PID:7704
- C:\Windows\System\VvdEBgj.exe
  C:\Windows\System\VvdEBgj.exe
  2⤵
  PID:7720
- C:\Windows\System\GlatwTn.exe
  C:\Windows\System\GlatwTn.exe
  2⤵
  PID:7744
- C:\Windows\System\wcozORx.exe
  C:\Windows\System\wcozORx.exe
  2⤵
  PID:7764
- C:\Windows\System\fPpdXQw.exe
  C:\Windows\System\fPpdXQw.exe
  2⤵
  PID:7784
- C:\Windows\System\TbRjIPC.exe
  C:\Windows\System\TbRjIPC.exe
  2⤵
  PID:7804
- C:\Windows\System\NbQRtkq.exe
  C:\Windows\System\NbQRtkq.exe
  2⤵
  PID:7824
- C:\Windows\System\HMxbuBi.exe
  C:\Windows\System\HMxbuBi.exe
  2⤵
  PID:7844
- C:\Windows\System\kknoXMy.exe
  C:\Windows\System\kknoXMy.exe
  2⤵
  PID:7864
- C:\Windows\System\dAtDvOD.exe
  C:\Windows\System\dAtDvOD.exe
  2⤵
  PID:7880
- C:\Windows\System\CtQgCOq.exe
  C:\Windows\System\CtQgCOq.exe
  2⤵
  PID:7904
- C:\Windows\System\yNbjIjf.exe
  C:\Windows\System\yNbjIjf.exe
  2⤵
  PID:7920
- C:\Windows\System\BjOpyoJ.exe
  C:\Windows\System\BjOpyoJ.exe
  2⤵
  PID:7936
- C:\Windows\System\UdjDvkK.exe
  C:\Windows\System\UdjDvkK.exe
  2⤵
  PID:7960
- C:\Windows\System\bBvNbKa.exe
  C:\Windows\System\bBvNbKa.exe
  2⤵
  PID:7980
- C:\Windows\System\ktOzUSJ.exe
  C:\Windows\System\ktOzUSJ.exe
  2⤵
  PID:8000
- C:\Windows\System\sCAXYtn.exe
  C:\Windows\System\sCAXYtn.exe
  2⤵
  PID:8024
- C:\Windows\System\yFzuVNB.exe
  C:\Windows\System\yFzuVNB.exe
  2⤵
  PID:8044
- C:\Windows\System\vEXAsaL.exe
  C:\Windows\System\vEXAsaL.exe
  2⤵
  PID:8064
- C:\Windows\System\bWzcvGr.exe
  C:\Windows\System\bWzcvGr.exe
  2⤵
  PID:8092
- C:\Windows\System\ZFQxakR.exe
  C:\Windows\System\ZFQxakR.exe
  2⤵
  PID:8112
- C:\Windows\System\hkPiNNf.exe
  C:\Windows\System\hkPiNNf.exe
  2⤵
  PID:8132
- C:\Windows\System\pjVtovl.exe
  C:\Windows\System\pjVtovl.exe
  2⤵
  PID:8152
- C:\Windows\System\ikAnGnK.exe
  C:\Windows\System\ikAnGnK.exe
  2⤵
  PID:8172
- C:\Windows\System\qgXsOud.exe
  C:\Windows\System\qgXsOud.exe
  2⤵
  PID:1960
- C:\Windows\System\ruMBxrV.exe
  C:\Windows\System\ruMBxrV.exe
  2⤵
  PID:7060
- C:\Windows\System\bvXiCKO.exe
  C:\Windows\System\bvXiCKO.exe
  2⤵
  PID:2884
- C:\Windows\System\TlXVdID.exe
  C:\Windows\System\TlXVdID.exe
  2⤵
  PID:5268
- C:\Windows\System\zVfVBZO.exe
  C:\Windows\System\zVfVBZO.exe
  2⤵
  PID:6252
- C:\Windows\System\nqeZXbl.exe
  C:\Windows\System\nqeZXbl.exe
  2⤵
  PID:6452
- C:\Windows\System\EHjEjRa.exe
  C:\Windows\System\EHjEjRa.exe
  2⤵
  PID:6652
- C:\Windows\System\cvBibHy.exe
  C:\Windows\System\cvBibHy.exe
  2⤵
  PID:6852
- C:\Windows\System\dJnwRdi.exe
  C:\Windows\System\dJnwRdi.exe
  2⤵
  PID:6800
- C:\Windows\System\qUOGDrc.exe
  C:\Windows\System\qUOGDrc.exe
  2⤵
  PID:7180
- C:\Windows\System\kNzjpQU.exe
  C:\Windows\System\kNzjpQU.exe
  2⤵
  PID:7216
- C:\Windows\System\LdGygpt.exe
  C:\Windows\System\LdGygpt.exe
  2⤵
  PID:7256
- C:\Windows\System\CBAouMj.exe
  C:\Windows\System\CBAouMj.exe
  2⤵
  PID:7360
- C:\Windows\System\kWSiobK.exe
  C:\Windows\System\kWSiobK.exe
  2⤵
  PID:7392
- C:\Windows\System\czsNYah.exe
  C:\Windows\System\czsNYah.exe
  2⤵
  PID:7452
- C:\Windows\System\GcjYMUo.exe
  C:\Windows\System\GcjYMUo.exe
  2⤵
  PID:7440
- C:\Windows\System\neQLrMW.exe
  C:\Windows\System\neQLrMW.exe
  2⤵
  PID:7496
- C:\Windows\System\OVELePM.exe
  C:\Windows\System\OVELePM.exe
  2⤵
  PID:7472
- C:\Windows\System\RaAYgsL.exe
  C:\Windows\System\RaAYgsL.exe
  2⤵
  PID:2912
- C:\Windows\System\cUMYhpc.exe
  C:\Windows\System\cUMYhpc.exe
  2⤵
  PID:7552
- C:\Windows\System\UCJOnAZ.exe
  C:\Windows\System\UCJOnAZ.exe
  2⤵
  PID:7620
- C:\Windows\System\GtHmTxG.exe
  C:\Windows\System\GtHmTxG.exe
  2⤵
  PID:7600
- C:\Windows\System\PYSNPxd.exe
  C:\Windows\System\PYSNPxd.exe
  2⤵
  PID:7632
- C:\Windows\System\vpqHIKW.exe
  C:\Windows\System\vpqHIKW.exe
  2⤵
  PID:7700
- C:\Windows\System\FHdJHHa.exe
  C:\Windows\System\FHdJHHa.exe
  2⤵
  PID:7728
- C:\Windows\System\mLRSExq.exe
  C:\Windows\System\mLRSExq.exe
  2⤵
  PID:7732
- C:\Windows\System\Lnjktyb.exe
  C:\Windows\System\Lnjktyb.exe
  2⤵
  PID:7752
- C:\Windows\System\QwemBsn.exe
  C:\Windows\System\QwemBsn.exe
  2⤵
  PID:7812
- C:\Windows\System\sxDdiVz.exe
  C:\Windows\System\sxDdiVz.exe
  2⤵
  PID:7796
- C:\Windows\System\ALWQcMc.exe
  C:\Windows\System\ALWQcMc.exe
  2⤵
  PID:7840
- C:\Windows\System\laUGNMq.exe
  C:\Windows\System\laUGNMq.exe
  2⤵
  PID:7892
- C:\Windows\System\uYjpeAQ.exe
  C:\Windows\System\uYjpeAQ.exe
  2⤵
  PID:7932
- C:\Windows\System\qpVoAKv.exe
  C:\Windows\System\qpVoAKv.exe
  2⤵
  PID:7976
- C:\Windows\System\mmvlPvF.exe
  C:\Windows\System\mmvlPvF.exe
  2⤵
  PID:8008
- C:\Windows\System\QhhivBk.exe
  C:\Windows\System\QhhivBk.exe
  2⤵
  PID:7992
- C:\Windows\System\VegSJrL.exe
  C:\Windows\System\VegSJrL.exe
  2⤵
  PID:8040
- C:\Windows\System\gOQPJsr.exe
  C:\Windows\System\gOQPJsr.exe
  2⤵
  PID:8072
- C:\Windows\System\ZeayDHD.exe
  C:\Windows\System\ZeayDHD.exe
  2⤵
  PID:8120
- C:\Windows\System\mEmVybZ.exe
  C:\Windows\System\mEmVybZ.exe
  2⤵
  PID:8100
- C:\Windows\System\BuExmrr.exe
  C:\Windows\System\BuExmrr.exe
  2⤵
  PID:8168
- C:\Windows\System\TEvNhNU.exe
  C:\Windows\System\TEvNhNU.exe
  2⤵
  PID:8144
- C:\Windows\System\KCjZwUg.exe
  C:\Windows\System\KCjZwUg.exe
  2⤵
  PID:2836
- C:\Windows\System\mJBwZKh.exe
  C:\Windows\System\mJBwZKh.exe
  2⤵
  PID:7116
- C:\Windows\System\HBfTKVG.exe
  C:\Windows\System\HBfTKVG.exe
  2⤵
  PID:6276
- C:\Windows\System\KPKiMoR.exe
  C:\Windows\System\KPKiMoR.exe
  2⤵
  PID:6532
- C:\Windows\System\YDJmRoQ.exe
  C:\Windows\System\YDJmRoQ.exe
  2⤵
  PID:7232
- C:\Windows\System\UIotdCi.exe
  C:\Windows\System\UIotdCi.exe
  2⤵
  PID:7252
- C:\Windows\System\QqUAfbn.exe
  C:\Windows\System\QqUAfbn.exe
  2⤵
  PID:7292
- C:\Windows\System\tLJcfla.exe
  C:\Windows\System\tLJcfla.exe
  2⤵
  PID:7396
- C:\Windows\System\pSaPmGa.exe
  C:\Windows\System\pSaPmGa.exe
  2⤵
  PID:7540
- C:\Windows\System\lLgrcTF.exe
  C:\Windows\System\lLgrcTF.exe
  2⤵
  PID:7572
- C:\Windows\System\YcZiAaT.exe
  C:\Windows\System\YcZiAaT.exe
  2⤵
  PID:7592
- C:\Windows\System\MzOjISU.exe
  C:\Windows\System\MzOjISU.exe
  2⤵
  PID:604
- C:\Windows\System\KyKVOfq.exe
  C:\Windows\System\KyKVOfq.exe
  2⤵
  PID:7652
- C:\Windows\System\dEvKcNh.exe
  C:\Windows\System\dEvKcNh.exe
  2⤵
  PID:7672
- C:\Windows\System\iwEzzit.exe
  C:\Windows\System\iwEzzit.exe
  2⤵
  PID:2444
- C:\Windows\System\lNmSqGa.exe
  C:\Windows\System\lNmSqGa.exe
  2⤵
  PID:7860
- C:\Windows\System\CMIdaZM.exe
  C:\Windows\System\CMIdaZM.exe
  2⤵
  PID:4848
- C:\Windows\System\CMHrLpQ.exe
  C:\Windows\System\CMHrLpQ.exe
  2⤵
  PID:7856
- C:\Windows\System\dPBYUTe.exe
  C:\Windows\System\dPBYUTe.exe
  2⤵
  PID:2584
- C:\Windows\System\pHLnjJq.exe
  C:\Windows\System\pHLnjJq.exe
  2⤵
  PID:8164
- C:\Windows\System\PNNNxoU.exe
  C:\Windows\System\PNNNxoU.exe
  2⤵
  PID:8188
- C:\Windows\System\rcxZhpu.exe
  C:\Windows\System\rcxZhpu.exe
  2⤵
  PID:1956
- C:\Windows\System\raETeKi.exe
  C:\Windows\System\raETeKi.exe
  2⤵
  PID:7988
- C:\Windows\System\BfzoPsf.exe
  C:\Windows\System\BfzoPsf.exe
  2⤵
  PID:1764
- C:\Windows\System\lMToVHV.exe
  C:\Windows\System\lMToVHV.exe
  2⤵
  PID:6316
- C:\Windows\System\kIvPcvj.exe
  C:\Windows\System\kIvPcvj.exe
  2⤵
  PID:2536
- C:\Windows\System\sSVlrdt.exe
  C:\Windows\System\sSVlrdt.exe
  2⤵
  PID:2248
- C:\Windows\System\IeZwEmB.exe
  C:\Windows\System\IeZwEmB.exe
  2⤵
  PID:5708
- C:\Windows\System\lUdKwqX.exe
  C:\Windows\System\lUdKwqX.exe
  2⤵
  PID:7200
- C:\Windows\System\MIxsgYm.exe
  C:\Windows\System\MIxsgYm.exe
  2⤵
  PID:7420
- C:\Windows\System\QvJOOZZ.exe
  C:\Windows\System\QvJOOZZ.exe
  2⤵
  PID:6780
- C:\Windows\System\RGkccow.exe
  C:\Windows\System\RGkccow.exe
  2⤵
  PID:7460
- C:\Windows\System\HpYcTOG.exe
  C:\Windows\System\HpYcTOG.exe
  2⤵
  PID:7636
- C:\Windows\System\Vrtmpiy.exe
  C:\Windows\System\Vrtmpiy.exe
  2⤵
  PID:1928
- C:\Windows\System\dExTMAH.exe
  C:\Windows\System\dExTMAH.exe
  2⤵
  PID:7172
- C:\Windows\System\dKKbYou.exe
  C:\Windows\System\dKKbYou.exe
  2⤵
  PID:1432
- C:\Windows\System\lGPXOwO.exe
  C:\Windows\System\lGPXOwO.exe
  2⤵
  PID:2604
- C:\Windows\System\uTsWAHi.exe
  C:\Windows\System\uTsWAHi.exe
  2⤵
  PID:7576
- C:\Windows\System\GPRGsBp.exe
  C:\Windows\System\GPRGsBp.exe
  2⤵
  PID:7716
- C:\Windows\System\zAVAnxP.exe
  C:\Windows\System\zAVAnxP.exe
  2⤵
  PID:7792
- C:\Windows\System\vELPIiq.exe
  C:\Windows\System\vELPIiq.exe
  2⤵
  PID:848
- C:\Windows\System\oclKKbH.exe
  C:\Windows\System\oclKKbH.exe
  2⤵
  PID:7800
- C:\Windows\System\rhZnTBn.exe
  C:\Windows\System\rhZnTBn.exe
  2⤵
  PID:7676
- C:\Windows\System\lwQIcin.exe
  C:\Windows\System\lwQIcin.exe
  2⤵
  PID:2316
- C:\Windows\System\uRdMYCq.exe
  C:\Windows\System\uRdMYCq.exe
  2⤵
  PID:5132
- C:\Windows\System\CQoSqJP.exe
  C:\Windows\System\CQoSqJP.exe
  2⤵
  PID:3056
- C:\Windows\System\xgRyRLz.exe
  C:\Windows\System\xgRyRLz.exe
  2⤵
  PID:6920
- C:\Windows\System\zTxHqeA.exe
  C:\Windows\System\zTxHqeA.exe
  2⤵
  PID:7896
- C:\Windows\System\VclDUaJ.exe
  C:\Windows\System\VclDUaJ.exe
  2⤵
  PID:2740
- C:\Windows\System\IUpnTYg.exe
  C:\Windows\System\IUpnTYg.exe
  2⤵
  PID:7656
- C:\Windows\System\tnAXlUq.exe
  C:\Windows\System\tnAXlUq.exe
  2⤵
  PID:8184
- C:\Windows\System\YCiZLPm.exe
  C:\Windows\System\YCiZLPm.exe
  2⤵
  PID:6272
- C:\Windows\System\aoUZlEv.exe
  C:\Windows\System\aoUZlEv.exe
  2⤵
  PID:2820
- C:\Windows\System\imnOOSI.exe
  C:\Windows\System\imnOOSI.exe
  2⤵
  PID:7780
- C:\Windows\System\iIZFlVg.exe
  C:\Windows\System\iIZFlVg.exe
  2⤵
  PID:7912
- C:\Windows\System\cHtltId.exe
  C:\Windows\System\cHtltId.exe
  2⤵
  PID:2832
- C:\Windows\System\slTMNuz.exe
  C:\Windows\System\slTMNuz.exe
  2⤵
  PID:7500
- C:\Windows\System\yOOijPH.exe
  C:\Windows\System\yOOijPH.exe
  2⤵
  PID:8084
- C:\Windows\System\cEMtpuf.exe
  C:\Windows\System\cEMtpuf.exe
  2⤵
  PID:7212
- C:\Windows\System\rmNangO.exe
  C:\Windows\System\rmNangO.exe
  2⤵
  PID:2680
- C:\Windows\System\sJAUTxl.exe
  C:\Windows\System\sJAUTxl.exe
  2⤵
  PID:7816
- C:\Windows\System\TThIljD.exe
  C:\Windows\System\TThIljD.exe
  2⤵
  PID:2484
- C:\Windows\System\RWkwSZQ.exe
  C:\Windows\System\RWkwSZQ.exe
  2⤵
  PID:2936
- C:\Windows\System\giikWSE.exe
  C:\Windows\System\giikWSE.exe
  2⤵
  PID:7456
- C:\Windows\System\yNhUgzf.exe
  C:\Windows\System\yNhUgzf.exe
  2⤵
  PID:7412
- C:\Windows\System\BVeJwrv.exe
  C:\Windows\System\BVeJwrv.exe
  2⤵
  PID:7612
- C:\Windows\System\xTymGUc.exe
  C:\Windows\System\xTymGUc.exe
  2⤵
  PID:7688
- C:\Windows\System\NgBbCNB.exe
  C:\Windows\System\NgBbCNB.exe
  2⤵
  PID:8196
- C:\Windows\System\dzWdbbU.exe
  C:\Windows\System\dzWdbbU.exe
  2⤵
  PID:8212
- C:\Windows\System\hzcLKSY.exe
  C:\Windows\System\hzcLKSY.exe
  2⤵
  PID:8228
- C:\Windows\System\iTYGSPo.exe
  C:\Windows\System\iTYGSPo.exe
  2⤵
  PID:8244
- C:\Windows\System\jYeKfJc.exe
  C:\Windows\System\jYeKfJc.exe
  2⤵
  PID:8260
- C:\Windows\System\bGaiCCX.exe
  C:\Windows\System\bGaiCCX.exe
  2⤵
  PID:8276
- C:\Windows\System\npOnXKw.exe
  C:\Windows\System\npOnXKw.exe
  2⤵
  PID:8292
- C:\Windows\System\pNfLAxD.exe
  C:\Windows\System\pNfLAxD.exe
  2⤵
  PID:8308
- C:\Windows\System\byzdMfy.exe
  C:\Windows\System\byzdMfy.exe
  2⤵
  PID:8324
- C:\Windows\System\PUJjWXV.exe
  C:\Windows\System\PUJjWXV.exe
  2⤵
  PID:8340
- C:\Windows\System\iIfhRTh.exe
  C:\Windows\System\iIfhRTh.exe
  2⤵
  PID:8356
- C:\Windows\System\QHPgJkE.exe
  C:\Windows\System\QHPgJkE.exe
  2⤵
  PID:8372
- C:\Windows\System\YmfUfXT.exe
  C:\Windows\System\YmfUfXT.exe
  2⤵
  PID:8388
- C:\Windows\System\MYskzSv.exe
  C:\Windows\System\MYskzSv.exe
  2⤵
  PID:8404
- C:\Windows\System\BQbusid.exe
  C:\Windows\System\BQbusid.exe
  2⤵
  PID:8420
- C:\Windows\System\dljfRnl.exe
  C:\Windows\System\dljfRnl.exe
  2⤵
  PID:8436
- C:\Windows\System\lMzgxzS.exe
  C:\Windows\System\lMzgxzS.exe
  2⤵
  PID:8452
- C:\Windows\System\lmPEQYJ.exe
  C:\Windows\System\lmPEQYJ.exe
  2⤵
  PID:8468
- C:\Windows\System\uvPvvKh.exe
  C:\Windows\System\uvPvvKh.exe
  2⤵
  PID:8484
- C:\Windows\System\dzgocCO.exe
  C:\Windows\System\dzgocCO.exe
  2⤵
  PID:8500
- C:\Windows\System\nYfeBqZ.exe
  C:\Windows\System\nYfeBqZ.exe
  2⤵
  PID:8516
- C:\Windows\System\UAYFoPB.exe
  C:\Windows\System\UAYFoPB.exe
  2⤵
  PID:8532
- C:\Windows\System\uNwutdT.exe
  C:\Windows\System\uNwutdT.exe
  2⤵
  PID:8548
- C:\Windows\System\IEfDpiM.exe
  C:\Windows\System\IEfDpiM.exe
  2⤵
  PID:8564
- C:\Windows\System\pAgToBs.exe
  C:\Windows\System\pAgToBs.exe
  2⤵
  PID:8580
- C:\Windows\System\jmacXvd.exe
  C:\Windows\System\jmacXvd.exe
  2⤵
  PID:8596
- C:\Windows\System\WEGalCL.exe
  C:\Windows\System\WEGalCL.exe
  2⤵
  PID:8612
- C:\Windows\System\nnZnroc.exe
  C:\Windows\System\nnZnroc.exe
  2⤵
  PID:8628
- C:\Windows\System\cIJXEHX.exe
  C:\Windows\System\cIJXEHX.exe
  2⤵
  PID:8644
- C:\Windows\System\BjVEDWF.exe
  C:\Windows\System\BjVEDWF.exe
  2⤵
  PID:8660
- C:\Windows\System\iIszTWX.exe
  C:\Windows\System\iIszTWX.exe
  2⤵
  PID:8676
- C:\Windows\System\GdfjXES.exe
  C:\Windows\System\GdfjXES.exe
  2⤵
  PID:8692
- C:\Windows\System\EqFLYWU.exe
  C:\Windows\System\EqFLYWU.exe
  2⤵
  PID:8708
- C:\Windows\System\SKUkFkg.exe
  C:\Windows\System\SKUkFkg.exe
  2⤵
  PID:8724
- C:\Windows\System\SgAWBbI.exe
  C:\Windows\System\SgAWBbI.exe
  2⤵
  PID:8744
- C:\Windows\System\xvTYLUd.exe
  C:\Windows\System\xvTYLUd.exe
  2⤵
  PID:8760
- C:\Windows\System\JgSkoSZ.exe
  C:\Windows\System\JgSkoSZ.exe
  2⤵
  PID:8776
- C:\Windows\System\GlEZxkh.exe
  C:\Windows\System\GlEZxkh.exe
  2⤵
  PID:8792
- C:\Windows\System\PWIsnvr.exe
  C:\Windows\System\PWIsnvr.exe
  2⤵
  PID:8808
- C:\Windows\System\RugDBay.exe
  C:\Windows\System\RugDBay.exe
  2⤵
  PID:8824
- C:\Windows\System\qRLfcFl.exe
  C:\Windows\System\qRLfcFl.exe
  2⤵
  PID:8840
- C:\Windows\System\SQbboig.exe
  C:\Windows\System\SQbboig.exe
  2⤵
  PID:8856
- C:\Windows\System\EUQEVti.exe
  C:\Windows\System\EUQEVti.exe
  2⤵
  PID:8872
- C:\Windows\System\IzRVzOf.exe
  C:\Windows\System\IzRVzOf.exe
  2⤵
  PID:8888
- C:\Windows\System\LxkJSlv.exe
  C:\Windows\System\LxkJSlv.exe
  2⤵
  PID:8904
- C:\Windows\System\CLRvxym.exe
  C:\Windows\System\CLRvxym.exe
  2⤵
  PID:8920
- C:\Windows\System\xSlffwY.exe
  C:\Windows\System\xSlffwY.exe
  2⤵
  PID:8936
- C:\Windows\System\oYtLCEe.exe
  C:\Windows\System\oYtLCEe.exe
  2⤵
  PID:8952
- C:\Windows\System\wHftzyT.exe
  C:\Windows\System\wHftzyT.exe
  2⤵
  PID:8968
- C:\Windows\System\ggnLQQZ.exe
  C:\Windows\System\ggnLQQZ.exe
  2⤵
  PID:8984
- C:\Windows\System\AoVibXX.exe
  C:\Windows\System\AoVibXX.exe
  2⤵
  PID:9000
- C:\Windows\System\lrYmmkf.exe
  C:\Windows\System\lrYmmkf.exe
  2⤵
  PID:9016
- C:\Windows\System\dfFAiRg.exe
  C:\Windows\System\dfFAiRg.exe
  2⤵
  PID:9032
- C:\Windows\System\BZulmfi.exe
  C:\Windows\System\BZulmfi.exe
  2⤵
  PID:9048
- C:\Windows\System\jeMaFmM.exe
  C:\Windows\System\jeMaFmM.exe
  2⤵
  PID:9064
- C:\Windows\System\lTHrBAt.exe
  C:\Windows\System\lTHrBAt.exe
  2⤵
  PID:9080
- C:\Windows\System\XtDuDyY.exe
  C:\Windows\System\XtDuDyY.exe
  2⤵
  PID:9096
- C:\Windows\System\IRLmBNX.exe
  C:\Windows\System\IRLmBNX.exe
  2⤵
  PID:9112
- C:\Windows\System\qTgOEPO.exe
  C:\Windows\System\qTgOEPO.exe
  2⤵
  PID:9128
- C:\Windows\System\oKVMgNY.exe
  C:\Windows\System\oKVMgNY.exe
  2⤵
  PID:9144
- C:\Windows\System\QhVmgCO.exe
  C:\Windows\System\QhVmgCO.exe
  2⤵
  PID:9160
- C:\Windows\System\EXBJIey.exe
  C:\Windows\System\EXBJIey.exe
  2⤵
  PID:9176
- C:\Windows\System\gYnNxFn.exe
  C:\Windows\System\gYnNxFn.exe
  2⤵
  PID:9192
- C:\Windows\System\ouLARPU.exe
  C:\Windows\System\ouLARPU.exe
  2⤵
  PID:9208
- C:\Windows\System\sMhlLHB.exe
  C:\Windows\System\sMhlLHB.exe
  2⤵
  PID:7076
- C:\Windows\System\eupBcbQ.exe
  C:\Windows\System\eupBcbQ.exe
  2⤵
  PID:2968
- C:\Windows\System\svzxSry.exe
  C:\Windows\System\svzxSry.exe
  2⤵
  PID:8268
- C:\Windows\System\cFGgwgw.exe
  C:\Windows\System\cFGgwgw.exe
  2⤵
  PID:8332
- C:\Windows\System\IbjfcGW.exe
  C:\Windows\System\IbjfcGW.exe
  2⤵
  PID:8396
- C:\Windows\System\vIdQVWc.exe
  C:\Windows\System\vIdQVWc.exe
  2⤵
  PID:8432
- C:\Windows\System\iKNIFjJ.exe
  C:\Windows\System\iKNIFjJ.exe
  2⤵
  PID:8492
- C:\Windows\System\fosDIfB.exe
  C:\Windows\System\fosDIfB.exe
  2⤵
  PID:8012
- C:\Windows\System\DppcjRn.exe
  C:\Windows\System\DppcjRn.exe
  2⤵
  PID:8220
- C:\Windows\System\ptTnBSn.exe
  C:\Windows\System\ptTnBSn.exe
  2⤵
  PID:8448
- C:\Windows\System\IGJbGdf.exe
  C:\Windows\System\IGJbGdf.exe
  2⤵
  PID:8588
- C:\Windows\System\XqHCdHq.exe
  C:\Windows\System\XqHCdHq.exe
  2⤵
  PID:8284
- C:\Windows\System\RMTBlMx.exe
  C:\Windows\System\RMTBlMx.exe
  2⤵
  PID:8348
- C:\Windows\System\pWnRIyQ.exe
  C:\Windows\System\pWnRIyQ.exe
  2⤵
  PID:8412
- C:\Windows\System\lvhCMdM.exe
  C:\Windows\System\lvhCMdM.exe
  2⤵
  PID:8656
- C:\Windows\System\XlHQeTG.exe
  C:\Windows\System\XlHQeTG.exe
  2⤵
  PID:8720
- C:\Windows\System\FBcrhwB.exe
  C:\Windows\System\FBcrhwB.exe
  2⤵
  PID:8508
- C:\Windows\System\fCGIMJd.exe
  C:\Windows\System\fCGIMJd.exe
  2⤵
  PID:8608
- C:\Windows\System\IkRXQwt.exe
  C:\Windows\System\IkRXQwt.exe
  2⤵
  PID:8864
- C:\Windows\System\PQaZkcc.exe
  C:\Windows\System\PQaZkcc.exe
  2⤵
  PID:8668
- C:\Windows\System\qfmzmTp.exe
  C:\Windows\System\qfmzmTp.exe
  2⤵
  PID:8604
- C:\Windows\System\OJVKoLz.exe
  C:\Windows\System\OJVKoLz.exe
  2⤵
  PID:8848
- C:\Windows\System\jhuodha.exe
  C:\Windows\System\jhuodha.exe
  2⤵
  PID:8772
- C:\Windows\System\HUrYrqU.exe
  C:\Windows\System\HUrYrqU.exe
  2⤵
  PID:8868
- C:\Windows\System\zNNPLKG.exe
  C:\Windows\System\zNNPLKG.exe
  2⤵
  PID:8900
- C:\Windows\System\JfTCcGO.exe
  C:\Windows\System\JfTCcGO.exe
  2⤵
  PID:8964
- C:\Windows\System\eJDbGco.exe
  C:\Windows\System\eJDbGco.exe
  2⤵
  PID:8948
- C:\Windows\System\fjrVeZG.exe
  C:\Windows\System\fjrVeZG.exe
  2⤵
  PID:8996
- C:\Windows\System\MIhILZv.exe
  C:\Windows\System\MIhILZv.exe
  2⤵
  PID:9012
- C:\Windows\System\SgBvXQF.exe
  C:\Windows\System\SgBvXQF.exe
  2⤵
  PID:9072
- C:\Windows\System\oRwQrLj.exe
  C:\Windows\System\oRwQrLj.exe
  2⤵
  PID:9140
- C:\Windows\System\ovBqzjK.exe
  C:\Windows\System\ovBqzjK.exe
  2⤵
  PID:9120
- C:\Windows\System\AVFzOlx.exe
  C:\Windows\System\AVFzOlx.exe
  2⤵
  PID:9184
- C:\Windows\System\HprDrFm.exe
  C:\Windows\System\HprDrFm.exe
  2⤵
  PID:9168
- C:\Windows\System\ofaohwz.exe
  C:\Windows\System\ofaohwz.exe
  2⤵
  PID:2564
- C:\Windows\System\tFryjkg.exe
  C:\Windows\System\tFryjkg.exe
  2⤵
  PID:8208
- C:\Windows\System\xRpSYyo.exe
  C:\Windows\System\xRpSYyo.exe
  2⤵
  PID:8428
- C:\Windows\System\ncNeLxJ.exe
  C:\Windows\System\ncNeLxJ.exe
  2⤵
  PID:640
- C:\Windows\System\pzfjBEW.exe
  C:\Windows\System\pzfjBEW.exe
  2⤵
  PID:8556
- C:\Windows\System\MWmzneK.exe
  C:\Windows\System\MWmzneK.exe
  2⤵
  PID:8380
- C:\Windows\System\wCEiZmZ.exe
  C:\Windows\System\wCEiZmZ.exe
  2⤵
  PID:8476
- C:\Windows\System\avLWejC.exe
  C:\Windows\System\avLWejC.exe
  2⤵
  PID:8756
- C:\Windows\System\PjsqwxW.exe
  C:\Windows\System\PjsqwxW.exe
  2⤵
  PID:8688
- C:\Windows\System\KNadYiz.exe
  C:\Windows\System\KNadYiz.exe
  2⤵
  PID:8816
- C:\Windows\System\BsyYZTY.exe
  C:\Windows\System\BsyYZTY.exe
  2⤵
  PID:8768
- C:\Windows\System\pUHiOdD.exe
  C:\Windows\System\pUHiOdD.exe
  2⤵
  PID:8836
- C:\Windows\System\PLxnySL.exe
  C:\Windows\System\PLxnySL.exe
  2⤵
  PID:8912
- C:\Windows\System\dHVFbII.exe
  C:\Windows\System\dHVFbII.exe
  2⤵
  PID:9056
- C:\Windows\System\cEYtIbw.exe
  C:\Windows\System\cEYtIbw.exe
  2⤵
  PID:9008
- C:\Windows\System\KcvNuHj.exe
  C:\Windows\System\KcvNuHj.exe
  2⤵
  PID:9156
- C:\Windows\System\tzCIpQD.exe
  C:\Windows\System\tzCIpQD.exe
  2⤵
  PID:448
- C:\Windows\System\dyBMVJt.exe
  C:\Windows\System\dyBMVJt.exe
  2⤵
  PID:8368
- C:\Windows\System\IdTuUPA.exe
  C:\Windows\System\IdTuUPA.exe
  2⤵
  PID:8528
- C:\Windows\System\QjloMtH.exe
  C:\Windows\System\QjloMtH.exe
  2⤵
  PID:8304
- C:\Windows\System\lmKTlzd.exe
  C:\Windows\System\lmKTlzd.exe
  2⤵
  PID:8544
- C:\Windows\System\BwNPJaL.exe
  C:\Windows\System\BwNPJaL.exe
  2⤵
  PID:8784
- C:\Windows\System\WMmrRVq.exe
  C:\Windows\System\WMmrRVq.exe
  2⤵
  PID:8740
- C:\Windows\System\soCVJmz.exe
  C:\Windows\System\soCVJmz.exe
  2⤵
  PID:8832
- C:\Windows\System\vheybPa.exe
  C:\Windows\System\vheybPa.exe
  2⤵
  PID:7952
- C:\Windows\System\sajwRnA.exe
  C:\Windows\System\sajwRnA.exe
  2⤵
  PID:8624
- C:\Windows\System\RpbvqbY.exe
  C:\Windows\System\RpbvqbY.exe
  2⤵
  PID:8320
- C:\Windows\System\YyUlERX.exe
  C:\Windows\System\YyUlERX.exe
  2⤵
  PID:9220
- C:\Windows\System\UXOzglb.exe
  C:\Windows\System\UXOzglb.exe
  2⤵
  PID:9236
- C:\Windows\System\CYQEhKE.exe
  C:\Windows\System\CYQEhKE.exe
  2⤵
  PID:9252
- C:\Windows\System\rLOIKYX.exe
  C:\Windows\System\rLOIKYX.exe
  2⤵
  PID:9268
- C:\Windows\System\vaEhPBQ.exe
  C:\Windows\System\vaEhPBQ.exe
  2⤵
  PID:9284
- C:\Windows\System\hVZInKq.exe
  C:\Windows\System\hVZInKq.exe
  2⤵
  PID:9300
- C:\Windows\System\ulIHYQn.exe
  C:\Windows\System\ulIHYQn.exe
  2⤵
  PID:9316
- C:\Windows\System\UrGvkeK.exe
  C:\Windows\System\UrGvkeK.exe
  2⤵
  PID:9332
- C:\Windows\System\SgHYJZe.exe
  C:\Windows\System\SgHYJZe.exe
  2⤵
  PID:9352
- C:\Windows\System\djBtxCl.exe
  C:\Windows\System\djBtxCl.exe
  2⤵
  PID:9368
- C:\Windows\System\McDygZo.exe
  C:\Windows\System\McDygZo.exe
  2⤵
  PID:9384
- C:\Windows\System\qcwcjZX.exe
  C:\Windows\System\qcwcjZX.exe
  2⤵
  PID:9400
- C:\Windows\System\DyJOiNZ.exe
  C:\Windows\System\DyJOiNZ.exe
  2⤵
  PID:9416
- C:\Windows\System\VtXMvrl.exe
  C:\Windows\System\VtXMvrl.exe
  2⤵
  PID:9432
- C:\Windows\System\KcwMepr.exe
  C:\Windows\System\KcwMepr.exe
  2⤵
  PID:9448
- C:\Windows\System\gcvozQw.exe
  C:\Windows\System\gcvozQw.exe
  2⤵
  PID:9464
- C:\Windows\System\PhlxFRG.exe
  C:\Windows\System\PhlxFRG.exe
  2⤵
  PID:9480
- C:\Windows\System\oGUjidr.exe
  C:\Windows\System\oGUjidr.exe
  2⤵
  PID:9496
- C:\Windows\System\jHPIbHU.exe
  C:\Windows\System\jHPIbHU.exe
  2⤵
  PID:9512
- C:\Windows\System\FdCWkxQ.exe
  C:\Windows\System\FdCWkxQ.exe
  2⤵
  PID:9528
- C:\Windows\System\NuLtaMs.exe
  C:\Windows\System\NuLtaMs.exe
  2⤵
  PID:9544
- C:\Windows\System\IutnusK.exe
  C:\Windows\System\IutnusK.exe
  2⤵
  PID:9560
- C:\Windows\System\pgFHGce.exe
  C:\Windows\System\pgFHGce.exe
  2⤵
  PID:9576
- C:\Windows\System\AUcmQIa.exe
  C:\Windows\System\AUcmQIa.exe
  2⤵
  PID:9592
- C:\Windows\System\qQhpfKW.exe
  C:\Windows\System\qQhpfKW.exe
  2⤵
  PID:9620
- C:\Windows\System\FlVoOLJ.exe
  C:\Windows\System\FlVoOLJ.exe
  2⤵
  PID:9636
- C:\Windows\System\bOzrVxt.exe
  C:\Windows\System\bOzrVxt.exe
  2⤵
  PID:9652
- C:\Windows\System\NBXEFYv.exe
  C:\Windows\System\NBXEFYv.exe
  2⤵
  PID:9716
- C:\Windows\System\eLBpsSC.exe
  C:\Windows\System\eLBpsSC.exe
  2⤵
  PID:9732
- C:\Windows\System\MkWCoRb.exe
  C:\Windows\System\MkWCoRb.exe
  2⤵
  PID:9748
- C:\Windows\System\vaNnYbO.exe
  C:\Windows\System\vaNnYbO.exe
  2⤵
  PID:9764
- C:\Windows\System\LxlsLHB.exe
  C:\Windows\System\LxlsLHB.exe
  2⤵
  PID:9780
- C:\Windows\System\xNskLDu.exe
  C:\Windows\System\xNskLDu.exe
  2⤵
  PID:9800
- C:\Windows\System\luRihVz.exe
  C:\Windows\System\luRihVz.exe
  2⤵
  PID:9832
- C:\Windows\System\dfFsPtX.exe
  C:\Windows\System\dfFsPtX.exe
  2⤵
  PID:9872
- C:\Windows\System\HZjkeOB.exe
  C:\Windows\System\HZjkeOB.exe
  2⤵
  PID:9888
- C:\Windows\System\pkTFnjW.exe
  C:\Windows\System\pkTFnjW.exe
  2⤵
  PID:9904
- C:\Windows\System\dEXpqLj.exe
  C:\Windows\System\dEXpqLj.exe
  2⤵
  PID:9920
- C:\Windows\System\pkVNaGP.exe
  C:\Windows\System\pkVNaGP.exe
  2⤵
  PID:9936
- C:\Windows\System\zwYztaU.exe
  C:\Windows\System\zwYztaU.exe
  2⤵
  PID:9952
- C:\Windows\System\nQgOQSe.exe
  C:\Windows\System\nQgOQSe.exe
  2⤵
  PID:10052
- C:\Windows\System\scAPmXQ.exe
  C:\Windows\System\scAPmXQ.exe
  2⤵
  PID:10068
- C:\Windows\System\WbYlqtI.exe
  C:\Windows\System\WbYlqtI.exe
  2⤵
  PID:10168
- C:\Windows\System\WXuGhlJ.exe
  C:\Windows\System\WXuGhlJ.exe
  2⤵
  PID:10188
- C:\Windows\System\GOAryBD.exe
  C:\Windows\System\GOAryBD.exe
  2⤵
  PID:10204
- C:\Windows\System\dTMiAlb.exe
  C:\Windows\System\dTMiAlb.exe
  2⤵
  PID:10220
- C:\Windows\System\ZYQubkF.exe
  C:\Windows\System\ZYQubkF.exe
  2⤵
  PID:10236
- C:\Windows\System\xpTvNxt.exe
  C:\Windows\System\xpTvNxt.exe
  2⤵
  PID:8364
- C:\Windows\System\mCJHPFN.exe
  C:\Windows\System\mCJHPFN.exe
  2⤵
  PID:9276
- C:\Windows\System\kLzIrlV.exe
  C:\Windows\System\kLzIrlV.exe
  2⤵
  PID:9340
- C:\Windows\System\JgIHofu.exe
  C:\Windows\System\JgIHofu.exe
  2⤵
  PID:9376
- C:\Windows\System\ZYPbwWQ.exe
  C:\Windows\System\ZYPbwWQ.exe
  2⤵
  PID:9324
- C:\Windows\System\cIsEJnD.exe
  C:\Windows\System\cIsEJnD.exe
  2⤵
  PID:8672
- C:\Windows\System\wIaUGNl.exe
  C:\Windows\System\wIaUGNl.exe
  2⤵
  PID:9260
- C:\Windows\System\xAmuuED.exe
  C:\Windows\System\xAmuuED.exe
  2⤵
  PID:9364
- C:\Windows\System\swJrmba.exe
  C:\Windows\System\swJrmba.exe
  2⤵
  PID:9408
- C:\Windows\System\JLSqeOk.exe
  C:\Windows\System\JLSqeOk.exe
  2⤵
  PID:9508
- C:\Windows\System\XCOpLWV.exe
  C:\Windows\System\XCOpLWV.exe
  2⤵
  PID:9428
- C:\Windows\System\mWaNtEn.exe
  C:\Windows\System\mWaNtEn.exe
  2⤵
  PID:9488
- C:\Windows\System\eyiAdmm.exe
  C:\Windows\System\eyiAdmm.exe
  2⤵
  PID:9520
- C:\Windows\System\kqsYIBr.exe
  C:\Windows\System\kqsYIBr.exe
  2⤵
  PID:9588
- C:\Windows\System\uNPoPqQ.exe
  C:\Windows\System\uNPoPqQ.exe
  2⤵
  PID:9612
- C:\Windows\System\AdWAjaS.exe
  C:\Windows\System\AdWAjaS.exe
  2⤵
  PID:9632
- C:\Windows\System\ZwjGrfQ.exe
  C:\Windows\System\ZwjGrfQ.exe
  2⤵
  PID:9664
- C:\Windows\System\GKXEELI.exe
  C:\Windows\System\GKXEELI.exe
  2⤵
  PID:9680
- C:\Windows\System\fSmZZHy.exe
  C:\Windows\System\fSmZZHy.exe
  2⤵
  PID:9696
- C:\Windows\System\KyATlsa.exe
  C:\Windows\System\KyATlsa.exe
  2⤵
  PID:9712
- C:\Windows\System\DWEEMyx.exe
  C:\Windows\System\DWEEMyx.exe
  2⤵
  PID:9744
- C:\Windows\System\cwwzQUq.exe
  C:\Windows\System\cwwzQUq.exe
  2⤵
  PID:9776
- C:\Windows\System\clOizGP.exe
  C:\Windows\System\clOizGP.exe
  2⤵
  PID:9812
- C:\Windows\System\wRUaOMZ.exe
  C:\Windows\System\wRUaOMZ.exe
  2⤵
  PID:9840
- C:\Windows\System\pQEhxtG.exe
  C:\Windows\System\pQEhxtG.exe
  2⤵
  PID:9856
- C:\Windows\System\WJkXJIK.exe
  C:\Windows\System\WJkXJIK.exe
  2⤵
  PID:9896
- C:\Windows\System\ooXHyNR.exe
  C:\Windows\System\ooXHyNR.exe
  2⤵
  PID:9960
- C:\Windows\System\LCHbUHI.exe
  C:\Windows\System\LCHbUHI.exe
  2⤵
  PID:9912
- C:\Windows\System\uulYaur.exe
  C:\Windows\System\uulYaur.exe
  2⤵
  PID:9972
- C:\Windows\System\FOwHVzx.exe
  C:\Windows\System\FOwHVzx.exe
  2⤵
  PID:10040
- C:\Windows\System\oCHPhEZ.exe
  C:\Windows\System\oCHPhEZ.exe
  2⤵
  PID:9992
- C:\Windows\System\BOPPuvP.exe
  C:\Windows\System\BOPPuvP.exe
  2⤵
  PID:10032
- C:\Windows\System\BetyBwk.exe
  C:\Windows\System\BetyBwk.exe
  2⤵
  PID:10024
- C:\Windows\System\nWDYeYp.exe
  C:\Windows\System\nWDYeYp.exe
  2⤵
  PID:10048
- C:\Windows\System\oIYMeTQ.exe
  C:\Windows\System\oIYMeTQ.exe
  2⤵
  PID:10092
- C:\Windows\System\SWJGIeT.exe
  C:\Windows\System\SWJGIeT.exe
  2⤵
  PID:10108
- C:\Windows\System\SBSRBtR.exe
  C:\Windows\System\SBSRBtR.exe
  2⤵
  PID:10128
- C:\Windows\System\rmtCzZW.exe
  C:\Windows\System\rmtCzZW.exe
  2⤵
  PID:10144
- C:\Windows\System\JuZtLdo.exe
  C:\Windows\System\JuZtLdo.exe
  2⤵
  PID:10160
- C:\Windows\System\TlFKaRX.exe
  C:\Windows\System\TlFKaRX.exe
  2⤵
  PID:10228
- C:\Windows\System\oWpkpwE.exe
  C:\Windows\System\oWpkpwE.exe
  2⤵
  PID:10180
- C:\Windows\System\QdwCfJS.exe
  C:\Windows\System\QdwCfJS.exe
  2⤵
  PID:9152
- C:\Windows\System\XJmIlaS.exe
  C:\Windows\System\XJmIlaS.exe
  2⤵
  PID:9348
- C:\Windows\System\tVepoVg.exe
  C:\Windows\System\tVepoVg.exe
  2⤵
  PID:9308
- C:\Windows\System\OyRNckD.exe
  C:\Windows\System\OyRNckD.exe
  2⤵
  PID:8916
- C:\Windows\System\pENJxoB.exe
  C:\Windows\System\pENJxoB.exe
  2⤵
  PID:9232
- C:\Windows\System\lUNABSr.exe
  C:\Windows\System\lUNABSr.exe
  2⤵
  PID:9568
- C:\Windows\System\LVJCLQS.exe
  C:\Windows\System\LVJCLQS.exe
  2⤵
  PID:9552
- C:\Windows\System\gEzmjpL.exe
  C:\Windows\System\gEzmjpL.exe
  2⤵
  PID:9708
- C:\Windows\System\WtupHlt.exe
  C:\Windows\System\WtupHlt.exe
  2⤵
  PID:9848
- C:\Windows\System\bywchet.exe
  C:\Windows\System\bywchet.exe
  2⤵
  PID:9944
- C:\Windows\System\EZogQrJ.exe
  C:\Windows\System\EZogQrJ.exe
  2⤵
  PID:10012
- C:\Windows\System\zUxashQ.exe
  C:\Windows\System\zUxashQ.exe
  2⤵
  PID:10212
- C:\Windows\System\OuoRZYG.exe
  C:\Windows\System\OuoRZYG.exe
  2⤵
  PID:9248
- C:\Windows\System\LSUdbfZ.exe
  C:\Windows\System\LSUdbfZ.exe
  2⤵
  PID:8300
- C:\Windows\System\hCvdLiw.exe
  C:\Windows\System\hCvdLiw.exe
  2⤵
  PID:9396
- C:\Windows\System\UcGShZd.exe
  C:\Windows\System\UcGShZd.exe
  2⤵
  PID:10084
- C:\Windows\System\kqTAGzM.exe
  C:\Windows\System\kqTAGzM.exe
  2⤵
  PID:9740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AWpjVRU.exe

Filesize
6.0MB

MD5
67d83c07ccff6d860af48a4fa280e7f3

SHA1
a8411cb1e43d7850ed50fd4580a59ca8cdb05e98

SHA256
b50019569f6ee55de6d570e0a95641f8d35ea41af1800cd61723a82454a1a258

SHA512
0c6d7db6d8be3f41adc3e7a61978c5d4340f8fb16ef686b7cd793efe5b3a1cdf951c3b0cdb84e6aa413678ffe0c72ebe2de77fdcc5bbd32b91098ec5a5bbfca4

Download Submit
C:\Windows\system\BDEENoM.exe

Filesize
6.0MB

MD5
70fdd03f0023eae8e2d15607e95ffb0b

SHA1
9d71cf4a6e4d6af020bd53cc2c47cf2d50a4f155

SHA256
6a6454adf071868f9041e8942762a9422e2656b0ef20c4123730cec2ed07cecb

SHA512
6056ea9fe7af9c900e178c456c119f4626315044963fc5a8aa56818d5a39562ea439e50a9659af1f63aeb3d317e4e2626795a7e718c21db4da249739b39519cf

Download Submit
C:\Windows\system\BFmoxTI.exe

Filesize
6.0MB

MD5
b48f40f1d628ea81ddb234f122511587

SHA1
d29cb3294c5f6692515abcdd44439474f498a614

SHA256
fa10940b5a1ef9915eeff212003806f3c76e48922f44018e1d21af7cee88e862

SHA512
c22e045493efe721e618bb9c3857782f195faf77ce3835bd4c33af5595bb317552294053c1180dac380f3b0a5a765487b4aaf9b2fbf217fd122bfd0fb0076b35

Download Submit
C:\Windows\system\EKiNCqa.exe

Filesize
6.0MB

MD5
d0f8ef34cfae79144ea9d2c6762b8277

SHA1
8238cde8732b09b7760f8c0c0eb7a65f7171b713

SHA256
4dd1209fb80eb5af7d74a80f84827e22f52753328406da45500f93b16f999704

SHA512
c3682b59ad122d6f26c6a5608d4f962486d8389e55755a51099ed3fa861dd3f576f2e32f9d8ef4572e786d31d5f5fb4f785cddbc894af3e5623c3b90f3b0984e

Download Submit
C:\Windows\system\GHKfcct.exe

Filesize
6.0MB

MD5
19c7d1c849316e214b48fede86009752

SHA1
2b2b991ce7a6c7ad6b77134708089044a8bcac16

SHA256
c2f40f06054700073c49b124713231a5824b15f43718d47b8f525bcba534bcf5

SHA512
b2ed6bbb6fdd684742b3c3161896a244131767aad5b55722913878814aabb80b14c5766209415ad03519700c27118a41a0aec0ead9b42e12f0a72c0478a962b0

Download Submit
C:\Windows\system\HSiEBvr.exe

Filesize
6.0MB

MD5
cd8ac869813cd918caba8857e2a584a4

SHA1
9518690660a51680e4c45ba9f6401bead2a063e1

SHA256
89579a3ff952aa5c5bf97f813b2aa264e113230cf55397058bb4317239a8a8e4

SHA512
d74f77d9ea7ce173ba41921ff0548fb786a2b641d3c37fb84d1bd5d0254af3ef8ef320b8c4b5af854e1e892171fe95fdb68df3c69da90f7aa104bc1522a2f7d2

Download Submit
C:\Windows\system\ILPrrme.exe

Filesize
6.0MB

MD5
9f5b9aac20a6db9d292370d14646ddcf

SHA1
4c8e67848d49433bf713c7a63bbf05f16da7fb3b

SHA256
f7e9609af15515683079cc1aa4c2688e7651d85da374599e9058670bf78c1e39

SHA512
a862b6d2072a98a4265f4eddcca948bc1ee0f5d2dc0e0d2ec65ff8ddd070f9a152cb95c6e0b05a5d30e55ef4fc3e15d520e984f19a6f962db9729a91ff7b0492

Download Submit
C:\Windows\system\IUQVIxw.exe

Filesize
6.0MB

MD5
e1bf215bdac05b6aa24c09089a41e6b7

SHA1
352b2ea95f84fc5d864047eb5661d6cd8a6f7fd7

SHA256
2518d1c69887c99493918cbb6aaa3a52db00bc5951bbeed3042deeb63d4a6135

SHA512
78255493a9143d51d10fbad4303ff461de246e49eddfa80729982bce38bdd4814425f431cf15dbb764b93457ec561317fbbc042532e16811a282e80084e294f7

Download Submit
C:\Windows\system\IZEuxdN.exe

Filesize
6.0MB

MD5
586520120bb459147064f039b6242e27

SHA1
4931142f723a1e050ad6f4edc9f73aa1143110fc

SHA256
4e45a6ef6d1bc4e95e9204ce97016a83814f3dcc5a0fffe45224e6565d91f820

SHA512
ec290884f77dd48659fc35c4c81bb031d4e9dfcf2dcafaa6feed0b30275963fd4472adbdc396794b7ebf6228c1a9a412fe64eeaa7f1b474de94c1808ae0a8304

Download Submit
C:\Windows\system\JocNiCA.exe

Filesize
6.0MB

MD5
b0cf335613204df5a3c92ac4094c77b5

SHA1
e2b336220dfcb15de5ef7cc039443671e8e2518e

SHA256
2e9eefe924ec2c5f5e71f1580831ea473c5e67c78659d1808afa09600ab14616

SHA512
9ce28504cdc45458985f9c1d16dc639107c9383326e48ce2bc01dbb629a728747df68c51a1ebb327defe4001e47cedf2c78a400991ea8935819380dc79a962a5

Download Submit
C:\Windows\system\OSeZhXj.exe

Filesize
6.0MB

MD5
f4e0ab98a787df923675938364515032

SHA1
c17817879ddfae5e1ee061cdea1fa4152bd9f5ff

SHA256
cb24d1a17bd2c7c52a836d6c2052b132dc6f1bd7e43b1a611f45a7144972ad11

SHA512
c53be3d28a17be97ffc75035b7fc2a36442e85cb3fa86ecbd4d77cf570443a5d7f15275ddd903828bb95a62adfc2ceb5518e544b47d6f52b6e8dcd257e9192e9

Download Submit
C:\Windows\system\QDCJxLK.exe

Filesize
6.0MB

MD5
262ac165420c2b6e1298389798bb794e

SHA1
1be0f077326cdde55ffc784ed4ec5cc083621ae2

SHA256
9eb1f655e63306cfde7898f23ca2437da817e968dd054d913903204b0da727ac

SHA512
0a86c206f8175d77c3c064d4ffe2012d78f63d932ec66e6fd27de4936e22838b4ea950a9d049818b7f32cb1550e3ba6e2dacd6430544e7d445b8511a37454e97

Download Submit
C:\Windows\system\QUAiBDg.exe

Filesize
6.0MB

MD5
44e422b88affa1fd5c6139489d0855b5

SHA1
ba3ad8ee13b637ee5ccc32d7b620c01be9bc44c8

SHA256
4135e6e51b8836fc28165f4e54f80d4fe8afd026555c7064831f91ee56b65e16

SHA512
4645cca7989a38642d6f9c538cb7a0a8d455269d08f1e9fcf1e7977292ad27521513e4dcd7501148cb4ea69d59ad8284a96c0fb64e1acee85356c2825d51bd60

Download Submit
C:\Windows\system\REArPdS.exe

Filesize
6.0MB

MD5
3e4826ecae2126eaa79f161c296cd7ee

SHA1
6ba20e12745bb780b2debdd8e67199bb6b3ac002

SHA256
194e5cccd8a07a9194de31c6aadba9afd4db9c93d7294e6212cf0c0b125f0d87

SHA512
2b21ebd6a1e1ba730fac9663765f74980ab29014a01bb1150ef0acc99f4f27916d107bbacda1668989329d57b127cadc911e45ec3589f0cd1411b1c950e2ed69

Download Submit
C:\Windows\system\RjGTnDA.exe

Filesize
6.0MB

MD5
280d0fc4bb5018ea97158a98441f6d12

SHA1
45b3ea062eb8a5a47c546c99ba0f96670fa78b5c

SHA256
e2682bb99bc9a8338f2da145e314f6b33809993bc991ad0881eff7da94be01e2

SHA512
bd429ad4f9736387db5604ab41cb7eb8cdab7ec9ab3a15475bc785ce042a5e50ca8fa931ef3c0700d9691c07e95751b7af3d2c3842e7694f449e6209d6829fc2

Download Submit
C:\Windows\system\SbYwRdp.exe

Filesize
6.0MB

MD5
d6c6bd5990af3aadb862686ac7e0fd84

SHA1
e906bc54d0bb748139467327f180a503fd087442

SHA256
ef1699d979cdd15e66e179be2ea83e3a9f5d3e44eb17363078ef0c0f278c5ecf

SHA512
c537e56f37730b82a040878acf762b36e998fc019f6ff67b2630abda8235b43cf5da27ca9e960ebb5f66b3c12237e86f872fa0e83a0b0389c07fccc06ef5a42d

Download Submit
C:\Windows\system\WGrXBLG.exe

Filesize
6.0MB

MD5
7b31ce9a54fa09789a82b067e513f209

SHA1
d3840699bd7847eac2239e15c79b638a76cb2f70

SHA256
66721b8d1951ffad007ed098224409ef8f37bad035c1105802e396a3818b7bed

SHA512
fcd1f3dce42232d327f26a3ae467fe67896d40b3cb31eaa4b9e09dfea3517d8a998a69a6b90826d26fdae95944e55f922ad29cde806a656725ace39bb0a98c67

Download Submit
C:\Windows\system\WRcvsEM.exe

Filesize
6.0MB

MD5
a5ea81f6c3f8ee44adc901005c1ee14a

SHA1
398d344ad3fc7356d6187a5b84f3242582983a87

SHA256
4db9373e5a8afc0f90f48c5eaec03992a0d7584fd8c221780d8353aeb3617ea8

SHA512
264a54f87bd1adff395cd668ee9c18fb163a301108dcbd08c6aae04943941491b0d1c9f07a0e97688559cfa6789c2ac7dbdfd130b7f7350fd96df2736efb3eff

Download Submit
C:\Windows\system\aFUYFek.exe

Filesize
6.0MB

MD5
da90d65c6f1712df57c63f83b432ac4b

SHA1
69f2b88e41599ef2cfaaa49805d49412ba251963

SHA256
0d6073a450ddf44ad2e1f2d83d688475e62e0ce04fb1bd9027267ad36eee3a02

SHA512
b0f67e9bf0921ad9ad07e35797d47138548feaee98ac1ffcd52193ae0bc0edfdc9cd001cbf424e465dcf86b879bacc76caad7ce9e06fec81496eda69b60c3e37

Download Submit
C:\Windows\system\aTdhalp.exe

Filesize
6.0MB

MD5
2f615d5cc993d0790cd672e23acbe813

SHA1
9ba90b2e4b898752c476e6e24c34edfee6fd4a9d

SHA256
dbb8784b46513ee41b42c924313985b20b595a6fc28e364d0710a48d8a0bae25

SHA512
b5527e5ea64e3eb597d2b3539f7c3d8782532b60687cb3c1559f2854b5a44b419c4653e6e06578f65d6b5422cd096cb896aef4b4c29e60cd64c0266e077be015

Download Submit
C:\Windows\system\gpalQuo.exe

Filesize
6.0MB

MD5
8874ba8d5561a8e874fa10a74483e33d

SHA1
a92cd7111356d83eca677c934dcfc6c31accb85f

SHA256
44dfb932987f0c938c35d467df844d370c12e86e3a380f008ea285d518817701

SHA512
401edbf4dde076057c345903f16d4afbde7bf1a1d8443e35baa98cff8c984ef1835cd159c7b28aef26f70b7c2a4e8b05fcfeea9553a5a825e436f98d16a6677d

Download Submit
C:\Windows\system\gtBljif.exe

Filesize
6.0MB

MD5
7e3796c137e05ed275e05a408a443890

SHA1
3d93e31fa58d0e2fa0819f1f1f282453f20ab9c3

SHA256
d885657a836e0cce81ce369d870a144f0c8c4b34cb7b6460f0ef5256b87c3b8e

SHA512
5ba8f659e8cf26580a2caad3d00ad3f80216c4a228f6ad6d7ea6afcf8b32339e5349ff7387c09d1bf35c7a727c9da14f32277e4bf55afcabd32221d0df823313

Download Submit
C:\Windows\system\hQXsWVZ.exe

Filesize
6.0MB

MD5
69fe51fe16fcaf7ca6175242c57d9eb2

SHA1
0307abe1d94bf0b2b70d5ce5b915214189bf28de

SHA256
5db7be8e34a2b16a9223426715ea787ab38c69e95dc8fa4f9b5cecb8aba9c565

SHA512
34a32bfb44899bfb168f852c7c9169066b6642bd59a9cce9f29504ceab82d1b4c6e7dbff6c7683aac1eb33dd5a2a943f99354b159940a3e641db57758311d885

Download Submit
C:\Windows\system\jUmetqO.exe

Filesize
6.0MB

MD5
9f2b2e085348da0447243f1c7ba137a3

SHA1
d5f112308511d450a027a8c38a7703f3b44e1fea

SHA256
d839557cee7ea28b9faa17b7c6e55e76feede4a1970755e757f2839bf3dfd97a

SHA512
8a88c13665bad4e5a8818b3e49fb5de2d86613a3b1fd17bf090c489a76820a75749549a74116cd2222e4b3bdb26695b7f93348090c2ccbdd2bb69035220740bd

Download Submit
C:\Windows\system\lagPlci.exe

Filesize
6.0MB

MD5
e2908263bfab3feb48a6cc19911556ac

SHA1
3c30b688ff4a124d5c0046fccb0a4c09e862247f

SHA256
12e2bd5f95cfe5480fac72fe081e2a9a041e86c4c337b7a252340218bdfe4cc5

SHA512
432f4aeead9d8317f132ae024302dc57c89d54b3722dd6f9ab7aef6f29a691f7469d3dab52e7becf8998b1f4c4b6e6149567738b485a7b6a88bb26fde9a5281b

Download Submit
C:\Windows\system\pHeYXtd.exe

Filesize
6.0MB

MD5
653308f8a4e3cc6f36693dc7168564cd

SHA1
bfe29754f03270327e362bcd7fe21c4ec4d21da7

SHA256
f4c1cfb1d393688727fc6f951b80911ad57a0a3e13bc2e1cec62698824d0566d

SHA512
476c8412a14b5554f7d391773b7890fb3800cc55eba8e30f05c99c883c7b925efba5d46c81dee0283c3f362fe71907b5b3011830bec61c89b90cfe4a0ba93258

Download Submit
C:\Windows\system\qWpBUvW.exe

Filesize
6.0MB

MD5
48cc4b0b28d2d64ca382e3763d04ae77

SHA1
cb3d8cfc5f28c12c27eba76c07ffb1dcd1072e55

SHA256
75133041454a5d0bbdeadae90570e95be8e440294ba3deb7a8dbe1a5fde6fc67

SHA512
12326a462eb1707325744627886551faf2579424cff76420d1621795c895b2324056e94ca03ad3075e467a80666f75fbf22c674309836050ed093f5c81e7ae58

Download Submit
C:\Windows\system\vfliIuQ.exe

Filesize
6.0MB

MD5
8270b6d0d37e01a6eb44683f41dc503f

SHA1
eedc1bc3dbae0f91a693a2addf28da1afec036d7

SHA256
30dabcf99b15e6b1f3a21f96dbe75749a5715e19eda1e5f34e7e94a223627dd8

SHA512
8f0620f0ffeb50e2a4c3d9fbe824b3b97650c3d8f2fd993a432034cc37f315f47c399a9df17be8609790c6520f04a74e7d38e86c00ded5730db65ddb3815392d

Download Submit
C:\Windows\system\wxQVMmZ.exe

Filesize
6.0MB

MD5
3dc48055c36eda531aaab5dce9957736

SHA1
e79c296e942e36fdd7f5d17de8e3415c1e903b58

SHA256
567bb98fb21aeaac5de697e59a9a5d98763f4acb50cc324b10f853c664fd1df6

SHA512
e65d3dbfc0d09e87cbb5df6fc304ad5f10516fc9bad4c3ec0d54f4c3dd1070c003d2776a22a99aef900821283013e77d84f4cf8f1d7a20a66037720b5a75d547

Download Submit
C:\Windows\system\xWOYyRN.exe

Filesize
6.0MB

MD5
3e27570dc57eb8c1640dbbd6f119d2bd

SHA1
2993093930634d3a2e1748624464fb269d851d0e

SHA256
c9de5adbf3f9e8e5f6f22ccae3dc8ac94e0d27ed216c1e2e25ef0b3bdbafb87c

SHA512
c02716a5979da99b8de63aeb410eb9c37fef43461b8bcef4d811e5f7c33240309af0e2001443b37fd9ba9391832328e5185d2d428280c2dd2a2d8bc7c79afa97

Download Submit
C:\Windows\system\ywLslHS.exe

Filesize
6.0MB

MD5
50121a1f1cc013d51f245f8043c02d4a

SHA1
98baa57167cec5b5735d07beb1bd36640f613d01

SHA256
12480c7a3b07cb6b5a67a842751f129e3c5cd8fbb6078597db37fdf97cc6e0d0

SHA512
3e63a9046dcbad1f2e0c23e5cc22b9f5b440bebed7b3a7a94aa90facfc7fcff8c3c5bed8037115fcda13b06902fd5c2756a3a459da3cbd57e6e87a9810b82c8b

Download Submit
\Windows\system\nNxWUBq.exe

Filesize
6.0MB

MD5
8b52d16071960fa175c045a241edfea7

SHA1
fe90c18188cc55de967e06514decd65a19ed1331

SHA256
e4f506b29a1f2062e83cd7794f508811ea122eb97fd3c1cedf210be843d1f8a0

SHA512
d9fababd8d692f9a8c7e19113790e9d124c4ef3e36dfbfd13f043015efd0a3a76665426b277ba291cbdb528161badbc7cf5c3e1e84b8c0ff1644dba5e862d3e8

Download Submit
\Windows\system\pFzIKYE.exe

Filesize
6.0MB

MD5
fdfe713fdba1ca23ef279a4844d78043

SHA1
9b0497e2ac58415f41ae20f349def5e06c91555d

SHA256
3ba3448fa583d1db7121f673862ac0786161d3124b58c5d442d3c7e207733798

SHA512
374c75e52dafb0d571e8ba725b47cbccd7b524cf4dafcbbe275794ff6e73f6c0c898b181e7fce16bd7144c26b6285d66d21db0bc475f6bd0c1a99d69e5330bab

Download Submit
memory/908-166-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/908-3820-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-3900-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-137-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-3813-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2060-164-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2296-158-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2296-3814-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2412-179-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2412-0-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2412-169-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2412-157-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2412-167-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2412-155-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2412-165-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-171-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1194-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2412-161-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1138-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2412-1139-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2412-173-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2412-163-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2412-180-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2412-175-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-159-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2412-177-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-3818-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2436-154-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2600-176-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3817-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-172-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3809-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3810-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2688-168-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3816-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-178-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3811-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2712-174-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3815-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2788-156-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2952-3812-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2952-160-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/3004-3819-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/3004-162-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/3052-3821-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-170-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download