cobaltstrike | 67f4667c997e978b1a49b04d9c12096d38b86decd032051b644dc97a02403bfc

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
31-01-2025 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

926e8dc088c760663306efa97ccef554
SHA1

e0d86ed738298e508f54d2ca3637cc3d45184f89
SHA256

67f4667c997e978b1a49b04d9c12096d38b86decd032051b644dc97a02403bfc
SHA512

5c84870071aba8b6af77faeab6f8350cbbbf0a102a57a7424da5337b88e3a51e210597f7b5ec560c6df30b138518299305efd7e348f9c83ac84bc678afc01f97
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUe:T+q56utgpPF8u/7e

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000164b1-11.dat	cobalt_reflective_dll
behavioral1/files/0x000a00000001225f-10.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000169f5-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016be6-38.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c4b-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019214-66.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-182.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e6-180.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f0-139.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d1-131.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a8-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019371-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019345-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019232-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948d-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019369-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019329-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001921d-75.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c03-54.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016bf7-45.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001678f-23.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001653a-8.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2680-0-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/files/0x00080000000164b1-11.dat	xmrig
behavioral1/files/0x000a00000001225f-10.dat	xmrig
behavioral1/memory/2940-15-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/files/0x00070000000169f5-32.dat	xmrig
behavioral1/memory/2688-39-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/files/0x0007000000016be6-38.dat	xmrig
behavioral1/files/0x0009000000016c4b-60.dat	xmrig
behavioral1/files/0x0006000000019214-66.dat	xmrig
behavioral1/memory/2616-70-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2672-837-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/644-739-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/484-642-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/files/0x000500000001945c-182.dat	xmrig
behavioral1/files/0x00050000000193e6-180.dat	xmrig
behavioral1/files/0x00050000000195c8-176.dat	xmrig
behavioral1/files/0x0005000000019382-168.dat	xmrig
behavioral1/files/0x00050000000195c6-164.dat	xmrig
behavioral1/files/0x000500000001958b-155.dat	xmrig
behavioral1/files/0x00050000000195c2-154.dat	xmrig
behavioral1/files/0x00050000000194e2-145.dat	xmrig
behavioral1/files/0x00050000000193f0-139.dat	xmrig
behavioral1/files/0x00050000000193d1-131.dat	xmrig
behavioral1/files/0x00050000000193a8-123.dat	xmrig
behavioral1/files/0x00050000000195ca-185.dat	xmrig
behavioral1/files/0x0005000000019371-109.dat	xmrig
behavioral1/files/0x00050000000195c7-171.dat	xmrig
behavioral1/memory/2156-106-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c4-162.dat	xmrig
behavioral1/files/0x0005000000019345-96.dat	xmrig
behavioral1/files/0x0005000000019232-94.dat	xmrig
behavioral1/files/0x000500000001948d-143.dat	xmrig
behavioral1/files/0x000500000001938e-121.dat	xmrig
behavioral1/files/0x000500000001937b-113.dat	xmrig
behavioral1/memory/3028-104-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2688-103-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/files/0x0005000000019369-99.dat	xmrig
behavioral1/memory/2752-69-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/484-68-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2680-87-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2672-86-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/644-85-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/files/0x0005000000019329-84.dat	xmrig
behavioral1/files/0x000500000001921d-75.dat	xmrig
behavioral1/memory/1076-63-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2808-62-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/3060-56-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x0009000000016c03-54.dat	xmrig
behavioral1/memory/2608-53-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2680-36-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2616-34-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2680-49-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016bf7-45.dat	xmrig
behavioral1/files/0x000700000001678f-23.dat	xmrig
behavioral1/memory/2752-31-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2692-22-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2808-14-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x000800000001653a-8.dat	xmrig
behavioral1/memory/2752-3801-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/644-3804-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2940-3805-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/3028-3803-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/484-3802-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2156-3806-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2808	GtjQWSv.exe
2940	XzCmVEf.exe
2692	PODJYkT.exe
2752	TryWxXc.exe
2616	OlVkMMB.exe
2688	ApBpZJm.exe
2608	OthyJeG.exe
3060	ooXaGhe.exe
1076	cjjpfIc.exe
484	ZuqBbWM.exe
644	uyOiAWm.exe
2672	jTWLUZE.exe
3028	cxBqPUH.exe
2156	ctYjRZp.exe
1952	QRuMvLx.exe
1976	Rztaprc.exe
2484	uEgDNBp.exe
2884	bMSpdpt.exe
2908	LatcgvE.exe
1708	UHcwNLG.exe
1972	BtuNqBe.exe
2556	fbipoSU.exe
2480	nmHrQyl.exe
1420	NtPlrjW.exe
2276	wLzCpya.exe
540	kLFmtYR.exe
1604	KpViJrM.exe
1936	SBfnpMv.exe
820	cPUzQzJ.exe
2956	bxeKDBh.exe
2224	VDUTMUq.exe
2476	aFOVCjz.exe
448	jQFDfuR.exe
1624	UzeSVto.exe
2368	AwhHZge.exe
1720	xaBrZXk.exe
1016	GudPEWv.exe
1364	OYrDgqj.exe
2320	cRyRcik.exe
1392	snrcHaz.exe
1728	ZQoEhPj.exe
1228	CmGTcJv.exe
1716	hzTvoFP.exe
904	abZGNHZ.exe
2400	Jhdcyfx.exe
2996	TyzFEJJ.exe
2656	gaYlezn.exe
1520	iGRZEWb.exe
1064	sYlkrzg.exe
744	SXHVmLY.exe
2248	MAOnVwU.exe
2764	rVsXhVS.exe
2088	ProXapA.exe
2072	gBabnCn.exe
2792	stGiVAg.exe
1688	StkVBZj.exe
1764	yyWtgPz.exe
2812	QtPhcXY.exe
2872	SrhFYfk.exe
2772	nOElddR.exe
536	xSrUuNh.exe
3004	PNWaTwD.exe
2404	fyJWgrF.exe
1860	mTNMSIR.exe

Loads dropped DLL 64 IoCs

pid	Process
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2680-0-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/files/0x00080000000164b1-11.dat	upx
behavioral1/files/0x000a00000001225f-10.dat	upx
behavioral1/memory/2940-15-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/files/0x00070000000169f5-32.dat	upx
behavioral1/memory/2688-39-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/files/0x0007000000016be6-38.dat	upx
behavioral1/files/0x0009000000016c4b-60.dat	upx
behavioral1/files/0x0006000000019214-66.dat	upx
behavioral1/memory/2616-70-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2672-837-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/644-739-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/484-642-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/files/0x000500000001945c-182.dat	upx
behavioral1/files/0x00050000000193e6-180.dat	upx
behavioral1/files/0x00050000000195c8-176.dat	upx
behavioral1/files/0x0005000000019382-168.dat	upx
behavioral1/files/0x00050000000195c6-164.dat	upx
behavioral1/files/0x000500000001958b-155.dat	upx
behavioral1/files/0x00050000000195c2-154.dat	upx
behavioral1/files/0x00050000000194e2-145.dat	upx
behavioral1/files/0x00050000000193f0-139.dat	upx
behavioral1/files/0x00050000000193d1-131.dat	upx
behavioral1/files/0x00050000000193a8-123.dat	upx
behavioral1/files/0x00050000000195ca-185.dat	upx
behavioral1/files/0x0005000000019371-109.dat	upx
behavioral1/files/0x00050000000195c7-171.dat	upx
behavioral1/memory/2156-106-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x00050000000195c4-162.dat	upx
behavioral1/files/0x0005000000019345-96.dat	upx
behavioral1/files/0x0005000000019232-94.dat	upx
behavioral1/files/0x000500000001948d-143.dat	upx
behavioral1/files/0x000500000001938e-121.dat	upx
behavioral1/files/0x000500000001937b-113.dat	upx
behavioral1/memory/3028-104-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2688-103-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/files/0x0005000000019369-99.dat	upx
behavioral1/memory/2752-69-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/484-68-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2672-86-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/644-85-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/files/0x0005000000019329-84.dat	upx
behavioral1/files/0x000500000001921d-75.dat	upx
behavioral1/memory/1076-63-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2808-62-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/3060-56-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x0009000000016c03-54.dat	upx
behavioral1/memory/2608-53-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2616-34-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2680-49-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/files/0x0007000000016bf7-45.dat	upx
behavioral1/files/0x000700000001678f-23.dat	upx
behavioral1/memory/2752-31-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2692-22-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2808-14-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x000800000001653a-8.dat	upx
behavioral1/memory/2752-3801-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/644-3804-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2940-3805-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/3028-3803-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/484-3802-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2156-3806-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2616-3812-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2608-3814-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NJcYGEr.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SnCUqEw.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfJZJCw.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LDFthpb.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JfzGVng.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wEEJzhT.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\juoGYyb.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KlxXolS.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zToiZio.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IPunEOp.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwJTKou.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AZQOjGm.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JiohQcL.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\shBiElA.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jDTGuZZ.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XqvrHhs.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMapDJI.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xdztfXj.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JwIPLMl.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uEMbJOm.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fdXIjgU.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXZZfgc.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jusiQgb.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wsDGBgw.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WjDHmLR.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DIgLFtI.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uGAbKzg.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yMylnqe.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OaTGikh.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gxqAyIi.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZaiUpPz.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZpaPMvj.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LizpDUp.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lPHCxsj.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eqbfYzo.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LrEKeVE.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZQoEhPj.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZsRNQi.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iNGivMe.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pNyjTnF.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OPmaXMx.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfPzLsJ.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QtPhcXY.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSWcyzz.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kriAOhk.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bGhqpaR.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBjCRBz.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eFThumh.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ooXaGhe.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AwhHZge.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xrlgPCl.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iIWiNpu.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\REwnhQL.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FDqoLAq.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AOGrAUp.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QGisMwP.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yhFhcic.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQrrZFB.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CQynzci.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XTqJDqS.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EgETHco.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NCsjXMf.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CATiMpr.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EBSYhSn.exe	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 2808	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2680 wrote to memory of 2808	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2680 wrote to memory of 2808	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2680 wrote to memory of 2940	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2680 wrote to memory of 2940	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2680 wrote to memory of 2940	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2680 wrote to memory of 2692	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2680 wrote to memory of 2692	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2680 wrote to memory of 2692	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2680 wrote to memory of 2752	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2680 wrote to memory of 2752	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2680 wrote to memory of 2752	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2680 wrote to memory of 2616	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2680 wrote to memory of 2616	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2680 wrote to memory of 2616	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2680 wrote to memory of 2688	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2680 wrote to memory of 2688	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2680 wrote to memory of 2688	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2680 wrote to memory of 2608	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2680 wrote to memory of 2608	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2680 wrote to memory of 2608	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2680 wrote to memory of 3060	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2680 wrote to memory of 3060	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2680 wrote to memory of 3060	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2680 wrote to memory of 1076	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2680 wrote to memory of 1076	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2680 wrote to memory of 1076	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2680 wrote to memory of 484	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2680 wrote to memory of 484	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2680 wrote to memory of 484	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2680 wrote to memory of 644	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2680 wrote to memory of 644	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2680 wrote to memory of 644	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2680 wrote to memory of 3028	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2680 wrote to memory of 3028	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2680 wrote to memory of 3028	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2680 wrote to memory of 2672	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2680 wrote to memory of 2672	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2680 wrote to memory of 2672	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2680 wrote to memory of 2156	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2680 wrote to memory of 2156	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2680 wrote to memory of 2156	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2680 wrote to memory of 1952	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2680 wrote to memory of 1952	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2680 wrote to memory of 1952	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2680 wrote to memory of 1976	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2680 wrote to memory of 1976	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2680 wrote to memory of 1976	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2680 wrote to memory of 2484	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2680 wrote to memory of 2484	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2680 wrote to memory of 2484	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2680 wrote to memory of 1420	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2680 wrote to memory of 1420	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2680 wrote to memory of 1420	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2680 wrote to memory of 2884	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2680 wrote to memory of 2884	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2680 wrote to memory of 2884	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2680 wrote to memory of 540	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2680 wrote to memory of 540	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2680 wrote to memory of 540	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2680 wrote to memory of 2908	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2680 wrote to memory of 2908	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2680 wrote to memory of 2908	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2680 wrote to memory of 1604	2680	2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_926e8dc088c760663306efa97ccef554_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Windows\System\GtjQWSv.exe
  C:\Windows\System\GtjQWSv.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\XzCmVEf.exe
  C:\Windows\System\XzCmVEf.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\PODJYkT.exe
  C:\Windows\System\PODJYkT.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\TryWxXc.exe
  C:\Windows\System\TryWxXc.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\OlVkMMB.exe
  C:\Windows\System\OlVkMMB.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\ApBpZJm.exe
  C:\Windows\System\ApBpZJm.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\OthyJeG.exe
  C:\Windows\System\OthyJeG.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\ooXaGhe.exe
  C:\Windows\System\ooXaGhe.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\cjjpfIc.exe
  C:\Windows\System\cjjpfIc.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\ZuqBbWM.exe
  C:\Windows\System\ZuqBbWM.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\uyOiAWm.exe
  C:\Windows\System\uyOiAWm.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\cxBqPUH.exe
  C:\Windows\System\cxBqPUH.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\jTWLUZE.exe
  C:\Windows\System\jTWLUZE.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\ctYjRZp.exe
  C:\Windows\System\ctYjRZp.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\QRuMvLx.exe
  C:\Windows\System\QRuMvLx.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\Rztaprc.exe
  C:\Windows\System\Rztaprc.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\uEgDNBp.exe
  C:\Windows\System\uEgDNBp.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\NtPlrjW.exe
  C:\Windows\System\NtPlrjW.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\bMSpdpt.exe
  C:\Windows\System\bMSpdpt.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\kLFmtYR.exe
  C:\Windows\System\kLFmtYR.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\LatcgvE.exe
  C:\Windows\System\LatcgvE.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\KpViJrM.exe
  C:\Windows\System\KpViJrM.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\UHcwNLG.exe
  C:\Windows\System\UHcwNLG.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\SBfnpMv.exe
  C:\Windows\System\SBfnpMv.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\BtuNqBe.exe
  C:\Windows\System\BtuNqBe.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\bxeKDBh.exe
  C:\Windows\System\bxeKDBh.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\fbipoSU.exe
  C:\Windows\System\fbipoSU.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\VDUTMUq.exe
  C:\Windows\System\VDUTMUq.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\nmHrQyl.exe
  C:\Windows\System\nmHrQyl.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\aFOVCjz.exe
  C:\Windows\System\aFOVCjz.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\wLzCpya.exe
  C:\Windows\System\wLzCpya.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\UzeSVto.exe
  C:\Windows\System\UzeSVto.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\cPUzQzJ.exe
  C:\Windows\System\cPUzQzJ.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\AwhHZge.exe
  C:\Windows\System\AwhHZge.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\jQFDfuR.exe
  C:\Windows\System\jQFDfuR.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\GudPEWv.exe
  C:\Windows\System\GudPEWv.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\xaBrZXk.exe
  C:\Windows\System\xaBrZXk.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\OYrDgqj.exe
  C:\Windows\System\OYrDgqj.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\cRyRcik.exe
  C:\Windows\System\cRyRcik.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\snrcHaz.exe
  C:\Windows\System\snrcHaz.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\ZQoEhPj.exe
  C:\Windows\System\ZQoEhPj.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\CmGTcJv.exe
  C:\Windows\System\CmGTcJv.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\hzTvoFP.exe
  C:\Windows\System\hzTvoFP.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\abZGNHZ.exe
  C:\Windows\System\abZGNHZ.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\Jhdcyfx.exe
  C:\Windows\System\Jhdcyfx.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\TyzFEJJ.exe
  C:\Windows\System\TyzFEJJ.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\gaYlezn.exe
  C:\Windows\System\gaYlezn.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\iGRZEWb.exe
  C:\Windows\System\iGRZEWb.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\sYlkrzg.exe
  C:\Windows\System\sYlkrzg.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\SXHVmLY.exe
  C:\Windows\System\SXHVmLY.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\MAOnVwU.exe
  C:\Windows\System\MAOnVwU.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\rVsXhVS.exe
  C:\Windows\System\rVsXhVS.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\ProXapA.exe
  C:\Windows\System\ProXapA.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\gBabnCn.exe
  C:\Windows\System\gBabnCn.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\stGiVAg.exe
  C:\Windows\System\stGiVAg.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\StkVBZj.exe
  C:\Windows\System\StkVBZj.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\yyWtgPz.exe
  C:\Windows\System\yyWtgPz.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\QtPhcXY.exe
  C:\Windows\System\QtPhcXY.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\SrhFYfk.exe
  C:\Windows\System\SrhFYfk.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\nOElddR.exe
  C:\Windows\System\nOElddR.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\xSrUuNh.exe
  C:\Windows\System\xSrUuNh.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\PNWaTwD.exe
  C:\Windows\System\PNWaTwD.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\fyJWgrF.exe
  C:\Windows\System\fyJWgrF.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\mTNMSIR.exe
  C:\Windows\System\mTNMSIR.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\aFYvfSK.exe
  C:\Windows\System\aFYvfSK.exe
  2⤵
  PID:2004
- C:\Windows\System\KRXUBNB.exe
  C:\Windows\System\KRXUBNB.exe
  2⤵
  PID:1336
- C:\Windows\System\vBPpyyc.exe
  C:\Windows\System\vBPpyyc.exe
  2⤵
  PID:2196
- C:\Windows\System\JabffxZ.exe
  C:\Windows\System\JabffxZ.exe
  2⤵
  PID:2360
- C:\Windows\System\LRbqtvp.exe
  C:\Windows\System\LRbqtvp.exe
  2⤵
  PID:2644
- C:\Windows\System\QvYEbLI.exe
  C:\Windows\System\QvYEbLI.exe
  2⤵
  PID:1212
- C:\Windows\System\BNEptrl.exe
  C:\Windows\System\BNEptrl.exe
  2⤵
  PID:2216
- C:\Windows\System\rSBprrl.exe
  C:\Windows\System\rSBprrl.exe
  2⤵
  PID:1452
- C:\Windows\System\bmOOFZX.exe
  C:\Windows\System\bmOOFZX.exe
  2⤵
  PID:2960
- C:\Windows\System\EieSyQf.exe
  C:\Windows\System\EieSyQf.exe
  2⤵
  PID:792
- C:\Windows\System\wiPsYEO.exe
  C:\Windows\System\wiPsYEO.exe
  2⤵
  PID:1140
- C:\Windows\System\GpcIeTZ.exe
  C:\Windows\System\GpcIeTZ.exe
  2⤵
  PID:2456
- C:\Windows\System\jPsuBay.exe
  C:\Windows\System\jPsuBay.exe
  2⤵
  PID:1528
- C:\Windows\System\PozCVYh.exe
  C:\Windows\System\PozCVYh.exe
  2⤵
  PID:1444
- C:\Windows\System\lRgTQcK.exe
  C:\Windows\System\lRgTQcK.exe
  2⤵
  PID:1376
- C:\Windows\System\HBVVZjM.exe
  C:\Windows\System\HBVVZjM.exe
  2⤵
  PID:1712
- C:\Windows\System\LRulght.exe
  C:\Windows\System\LRulght.exe
  2⤵
  PID:1324
- C:\Windows\System\eCgxMHV.exe
  C:\Windows\System\eCgxMHV.exe
  2⤵
  PID:2972
- C:\Windows\System\HlMRvHB.exe
  C:\Windows\System\HlMRvHB.exe
  2⤵
  PID:568
- C:\Windows\System\YhMZqjR.exe
  C:\Windows\System\YhMZqjR.exe
  2⤵
  PID:3056
- C:\Windows\System\ERjvSKV.exe
  C:\Windows\System\ERjvSKV.exe
  2⤵
  PID:1540
- C:\Windows\System\UEUQURL.exe
  C:\Windows\System\UEUQURL.exe
  2⤵
  PID:1192
- C:\Windows\System\dVQIbZH.exe
  C:\Windows\System\dVQIbZH.exe
  2⤵
  PID:2504
- C:\Windows\System\yclQTkE.exe
  C:\Windows\System\yclQTkE.exe
  2⤵
  PID:868
- C:\Windows\System\eWNKxzC.exe
  C:\Windows\System\eWNKxzC.exe
  2⤵
  PID:112
- C:\Windows\System\QeTNRyW.exe
  C:\Windows\System\QeTNRyW.exe
  2⤵
  PID:2744
- C:\Windows\System\zsdqiPi.exe
  C:\Windows\System\zsdqiPi.exe
  2⤵
  PID:2836
- C:\Windows\System\BaJeBvN.exe
  C:\Windows\System\BaJeBvN.exe
  2⤵
  PID:2596
- C:\Windows\System\kOpNHqo.exe
  C:\Windows\System\kOpNHqo.exe
  2⤵
  PID:3020
- C:\Windows\System\jbhUMed.exe
  C:\Windows\System\jbhUMed.exe
  2⤵
  PID:304
- C:\Windows\System\hRdFUiA.exe
  C:\Windows\System\hRdFUiA.exe
  2⤵
  PID:2768
- C:\Windows\System\LsOiqjd.exe
  C:\Windows\System\LsOiqjd.exe
  2⤵
  PID:2308
- C:\Windows\System\EgETHco.exe
  C:\Windows\System\EgETHco.exe
  2⤵
  PID:768
- C:\Windows\System\swRvKAI.exe
  C:\Windows\System\swRvKAI.exe
  2⤵
  PID:2676
- C:\Windows\System\gNotzfa.exe
  C:\Windows\System\gNotzfa.exe
  2⤵
  PID:948
- C:\Windows\System\buMhPyv.exe
  C:\Windows\System\buMhPyv.exe
  2⤵
  PID:2108
- C:\Windows\System\sWAlZSa.exe
  C:\Windows\System\sWAlZSa.exe
  2⤵
  PID:2296
- C:\Windows\System\TTMjyyt.exe
  C:\Windows\System\TTMjyyt.exe
  2⤵
  PID:3084
- C:\Windows\System\NPRbeWl.exe
  C:\Windows\System\NPRbeWl.exe
  2⤵
  PID:3104
- C:\Windows\System\EfQNFfP.exe
  C:\Windows\System\EfQNFfP.exe
  2⤵
  PID:3120
- C:\Windows\System\KZzLtDj.exe
  C:\Windows\System\KZzLtDj.exe
  2⤵
  PID:3140
- C:\Windows\System\fdXIjgU.exe
  C:\Windows\System\fdXIjgU.exe
  2⤵
  PID:3160
- C:\Windows\System\ebVmToZ.exe
  C:\Windows\System\ebVmToZ.exe
  2⤵
  PID:3184
- C:\Windows\System\CrZHDxU.exe
  C:\Windows\System\CrZHDxU.exe
  2⤵
  PID:3204
- C:\Windows\System\GnGtpzD.exe
  C:\Windows\System\GnGtpzD.exe
  2⤵
  PID:3220
- C:\Windows\System\skfzngP.exe
  C:\Windows\System\skfzngP.exe
  2⤵
  PID:3240
- C:\Windows\System\LjUNwBD.exe
  C:\Windows\System\LjUNwBD.exe
  2⤵
  PID:3260
- C:\Windows\System\eQeEQre.exe
  C:\Windows\System\eQeEQre.exe
  2⤵
  PID:3276
- C:\Windows\System\pipbXQE.exe
  C:\Windows\System\pipbXQE.exe
  2⤵
  PID:3296
- C:\Windows\System\wKjbNFD.exe
  C:\Windows\System\wKjbNFD.exe
  2⤵
  PID:3320
- C:\Windows\System\orcldhk.exe
  C:\Windows\System\orcldhk.exe
  2⤵
  PID:3340
- C:\Windows\System\bjdXXCR.exe
  C:\Windows\System\bjdXXCR.exe
  2⤵
  PID:3360
- C:\Windows\System\iqDiUlK.exe
  C:\Windows\System\iqDiUlK.exe
  2⤵
  PID:3384
- C:\Windows\System\dtHSfRF.exe
  C:\Windows\System\dtHSfRF.exe
  2⤵
  PID:3400
- C:\Windows\System\DaKBKxD.exe
  C:\Windows\System\DaKBKxD.exe
  2⤵
  PID:3420
- C:\Windows\System\XpuQOwh.exe
  C:\Windows\System\XpuQOwh.exe
  2⤵
  PID:3440
- C:\Windows\System\xGThGUk.exe
  C:\Windows\System\xGThGUk.exe
  2⤵
  PID:3460
- C:\Windows\System\MEqlqlr.exe
  C:\Windows\System\MEqlqlr.exe
  2⤵
  PID:3484
- C:\Windows\System\tspiyCQ.exe
  C:\Windows\System\tspiyCQ.exe
  2⤵
  PID:3500
- C:\Windows\System\hTtzqgi.exe
  C:\Windows\System\hTtzqgi.exe
  2⤵
  PID:3520
- C:\Windows\System\LcVcnLQ.exe
  C:\Windows\System\LcVcnLQ.exe
  2⤵
  PID:3540
- C:\Windows\System\FRvENfq.exe
  C:\Windows\System\FRvENfq.exe
  2⤵
  PID:3564
- C:\Windows\System\nwJOoNq.exe
  C:\Windows\System\nwJOoNq.exe
  2⤵
  PID:3584
- C:\Windows\System\PnOwimU.exe
  C:\Windows\System\PnOwimU.exe
  2⤵
  PID:3608
- C:\Windows\System\uvrYXtF.exe
  C:\Windows\System\uvrYXtF.exe
  2⤵
  PID:3624
- C:\Windows\System\btyWIkY.exe
  C:\Windows\System\btyWIkY.exe
  2⤵
  PID:3644
- C:\Windows\System\dICqgFd.exe
  C:\Windows\System\dICqgFd.exe
  2⤵
  PID:3664
- C:\Windows\System\SaciLdY.exe
  C:\Windows\System\SaciLdY.exe
  2⤵
  PID:3684
- C:\Windows\System\wUMgCaG.exe
  C:\Windows\System\wUMgCaG.exe
  2⤵
  PID:3704
- C:\Windows\System\tLjtCIt.exe
  C:\Windows\System\tLjtCIt.exe
  2⤵
  PID:3728
- C:\Windows\System\bJwvrPo.exe
  C:\Windows\System\bJwvrPo.exe
  2⤵
  PID:3744
- C:\Windows\System\XEpUzmS.exe
  C:\Windows\System\XEpUzmS.exe
  2⤵
  PID:3768
- C:\Windows\System\OhtMjeI.exe
  C:\Windows\System\OhtMjeI.exe
  2⤵
  PID:3788
- C:\Windows\System\UggzJDH.exe
  C:\Windows\System\UggzJDH.exe
  2⤵
  PID:3804
- C:\Windows\System\HSWrDUW.exe
  C:\Windows\System\HSWrDUW.exe
  2⤵
  PID:3824
- C:\Windows\System\EHrgDZR.exe
  C:\Windows\System\EHrgDZR.exe
  2⤵
  PID:3844
- C:\Windows\System\tKkGOhM.exe
  C:\Windows\System\tKkGOhM.exe
  2⤵
  PID:3864
- C:\Windows\System\ZlKbXLt.exe
  C:\Windows\System\ZlKbXLt.exe
  2⤵
  PID:3888
- C:\Windows\System\cfuQfnZ.exe
  C:\Windows\System\cfuQfnZ.exe
  2⤵
  PID:3908
- C:\Windows\System\PuUxpdV.exe
  C:\Windows\System\PuUxpdV.exe
  2⤵
  PID:3928
- C:\Windows\System\AkhmIrY.exe
  C:\Windows\System\AkhmIrY.exe
  2⤵
  PID:3944
- C:\Windows\System\AvoBBTc.exe
  C:\Windows\System\AvoBBTc.exe
  2⤵
  PID:3968
- C:\Windows\System\UqKlpCG.exe
  C:\Windows\System\UqKlpCG.exe
  2⤵
  PID:3988
- C:\Windows\System\wcPGxGX.exe
  C:\Windows\System\wcPGxGX.exe
  2⤵
  PID:4008
- C:\Windows\System\ubPyPeB.exe
  C:\Windows\System\ubPyPeB.exe
  2⤵
  PID:4028
- C:\Windows\System\NtwRduF.exe
  C:\Windows\System\NtwRduF.exe
  2⤵
  PID:4048
- C:\Windows\System\OIZWzBr.exe
  C:\Windows\System\OIZWzBr.exe
  2⤵
  PID:4068
- C:\Windows\System\IZmlVZm.exe
  C:\Windows\System\IZmlVZm.exe
  2⤵
  PID:4088
- C:\Windows\System\boGpvAR.exe
  C:\Windows\System\boGpvAR.exe
  2⤵
  PID:2436
- C:\Windows\System\XFfBCtk.exe
  C:\Windows\System\XFfBCtk.exe
  2⤵
  PID:1876
- C:\Windows\System\IIWQMmA.exe
  C:\Windows\System\IIWQMmA.exe
  2⤵
  PID:1736
- C:\Windows\System\ZSOHYiz.exe
  C:\Windows\System\ZSOHYiz.exe
  2⤵
  PID:1384
- C:\Windows\System\cVKmuXj.exe
  C:\Windows\System\cVKmuXj.exe
  2⤵
  PID:1848
- C:\Windows\System\rKOaJVS.exe
  C:\Windows\System\rKOaJVS.exe
  2⤵
  PID:2488
- C:\Windows\System\yUwWImo.exe
  C:\Windows\System\yUwWImo.exe
  2⤵
  PID:1800
- C:\Windows\System\yIMHixu.exe
  C:\Windows\System\yIMHixu.exe
  2⤵
  PID:1592
- C:\Windows\System\wWtRjAp.exe
  C:\Windows\System\wWtRjAp.exe
  2⤵
  PID:1256
- C:\Windows\System\qyLfvlX.exe
  C:\Windows\System\qyLfvlX.exe
  2⤵
  PID:1368
- C:\Windows\System\TBOTmho.exe
  C:\Windows\System\TBOTmho.exe
  2⤵
  PID:2880
- C:\Windows\System\YqoCboW.exe
  C:\Windows\System\YqoCboW.exe
  2⤵
  PID:2176
- C:\Windows\System\gAGDKqx.exe
  C:\Windows\System\gAGDKqx.exe
  2⤵
  PID:2952
- C:\Windows\System\GfutSJF.exe
  C:\Windows\System\GfutSJF.exe
  2⤵
  PID:3068
- C:\Windows\System\xrlgPCl.exe
  C:\Windows\System\xrlgPCl.exe
  2⤵
  PID:1968
- C:\Windows\System\NCsjXMf.exe
  C:\Windows\System\NCsjXMf.exe
  2⤵
  PID:3116
- C:\Windows\System\frvFnTG.exe
  C:\Windows\System\frvFnTG.exe
  2⤵
  PID:3152
- C:\Windows\System\bTCtZEa.exe
  C:\Windows\System\bTCtZEa.exe
  2⤵
  PID:3128
- C:\Windows\System\HLKkOUH.exe
  C:\Windows\System\HLKkOUH.exe
  2⤵
  PID:3176
- C:\Windows\System\tXJHmCR.exe
  C:\Windows\System\tXJHmCR.exe
  2⤵
  PID:3212
- C:\Windows\System\EEGfoQy.exe
  C:\Windows\System\EEGfoQy.exe
  2⤵
  PID:3304
- C:\Windows\System\ITCvohP.exe
  C:\Windows\System\ITCvohP.exe
  2⤵
  PID:3312
- C:\Windows\System\jZVwYOy.exe
  C:\Windows\System\jZVwYOy.exe
  2⤵
  PID:3352
- C:\Windows\System\FYSQbJm.exe
  C:\Windows\System\FYSQbJm.exe
  2⤵
  PID:3328
- C:\Windows\System\FpehYsG.exe
  C:\Windows\System\FpehYsG.exe
  2⤵
  PID:3436
- C:\Windows\System\LcOJggP.exe
  C:\Windows\System\LcOJggP.exe
  2⤵
  PID:3416
- C:\Windows\System\XhhYEfd.exe
  C:\Windows\System\XhhYEfd.exe
  2⤵
  PID:3456
- C:\Windows\System\vTjZLGy.exe
  C:\Windows\System\vTjZLGy.exe
  2⤵
  PID:3508
- C:\Windows\System\fLNVVOC.exe
  C:\Windows\System\fLNVVOC.exe
  2⤵
  PID:3548
- C:\Windows\System\ubtUwsq.exe
  C:\Windows\System\ubtUwsq.exe
  2⤵
  PID:3556
- C:\Windows\System\xQzfJCk.exe
  C:\Windows\System\xQzfJCk.exe
  2⤵
  PID:3632
- C:\Windows\System\uMCPhMH.exe
  C:\Windows\System\uMCPhMH.exe
  2⤵
  PID:3656
- C:\Windows\System\UuXLyZN.exe
  C:\Windows\System\UuXLyZN.exe
  2⤵
  PID:3676
- C:\Windows\System\SHDZnZk.exe
  C:\Windows\System\SHDZnZk.exe
  2⤵
  PID:3700
- C:\Windows\System\JIbYgpN.exe
  C:\Windows\System\JIbYgpN.exe
  2⤵
  PID:3756
- C:\Windows\System\WOerLDB.exe
  C:\Windows\System\WOerLDB.exe
  2⤵
  PID:3784
- C:\Windows\System\XQpXIaJ.exe
  C:\Windows\System\XQpXIaJ.exe
  2⤵
  PID:3836
- C:\Windows\System\rPINEFY.exe
  C:\Windows\System\rPINEFY.exe
  2⤵
  PID:3840
- C:\Windows\System\ATmAFaK.exe
  C:\Windows\System\ATmAFaK.exe
  2⤵
  PID:3884
- C:\Windows\System\OeJluhs.exe
  C:\Windows\System\OeJluhs.exe
  2⤵
  PID:3916
- C:\Windows\System\iRusMye.exe
  C:\Windows\System\iRusMye.exe
  2⤵
  PID:3940
- C:\Windows\System\NZcdKDz.exe
  C:\Windows\System\NZcdKDz.exe
  2⤵
  PID:3996
- C:\Windows\System\lFTuRlD.exe
  C:\Windows\System\lFTuRlD.exe
  2⤵
  PID:3984
- C:\Windows\System\bXWkgNv.exe
  C:\Windows\System\bXWkgNv.exe
  2⤵
  PID:4040
- C:\Windows\System\wKDaOSn.exe
  C:\Windows\System\wKDaOSn.exe
  2⤵
  PID:4060
- C:\Windows\System\QvbPvhd.exe
  C:\Windows\System\QvbPvhd.exe
  2⤵
  PID:3044
- C:\Windows\System\OgsvqCt.exe
  C:\Windows\System\OgsvqCt.exe
  2⤵
  PID:892
- C:\Windows\System\alsEDWX.exe
  C:\Windows\System\alsEDWX.exe
  2⤵
  PID:1308
- C:\Windows\System\RqFZkZM.exe
  C:\Windows\System\RqFZkZM.exe
  2⤵
  PID:2600
- C:\Windows\System\CyBMDrb.exe
  C:\Windows\System\CyBMDrb.exe
  2⤵
  PID:2064
- C:\Windows\System\PloiGkX.exe
  C:\Windows\System\PloiGkX.exe
  2⤵
  PID:1104
- C:\Windows\System\JagzNic.exe
  C:\Windows\System\JagzNic.exe
  2⤵
  PID:2168
- C:\Windows\System\gZzZWZc.exe
  C:\Windows\System\gZzZWZc.exe
  2⤵
  PID:2864
- C:\Windows\System\XDqHqYO.exe
  C:\Windows\System\XDqHqYO.exe
  2⤵
  PID:3112
- C:\Windows\System\YlhgnSz.exe
  C:\Windows\System\YlhgnSz.exe
  2⤵
  PID:1608
- C:\Windows\System\AihUwHT.exe
  C:\Windows\System\AihUwHT.exe
  2⤵
  PID:3148
- C:\Windows\System\gsYpXVW.exe
  C:\Windows\System\gsYpXVW.exe
  2⤵
  PID:3232
- C:\Windows\System\gmmtZVU.exe
  C:\Windows\System\gmmtZVU.exe
  2⤵
  PID:3316
- C:\Windows\System\nByRHDn.exe
  C:\Windows\System\nByRHDn.exe
  2⤵
  PID:3332
- C:\Windows\System\QhohWvQ.exe
  C:\Windows\System\QhohWvQ.exe
  2⤵
  PID:3396
- C:\Windows\System\qQmBUQP.exe
  C:\Windows\System\qQmBUQP.exe
  2⤵
  PID:3372
- C:\Windows\System\tvwHPbR.exe
  C:\Windows\System\tvwHPbR.exe
  2⤵
  PID:3528
- C:\Windows\System\iIWiNpu.exe
  C:\Windows\System\iIWiNpu.exe
  2⤵
  PID:3604
- C:\Windows\System\sWVCrIM.exe
  C:\Windows\System\sWVCrIM.exe
  2⤵
  PID:3572
- C:\Windows\System\oPDDdIr.exe
  C:\Windows\System\oPDDdIr.exe
  2⤵
  PID:3696
- C:\Windows\System\DnmZEsj.exe
  C:\Windows\System\DnmZEsj.exe
  2⤵
  PID:3740
- C:\Windows\System\vcVBtaD.exe
  C:\Windows\System\vcVBtaD.exe
  2⤵
  PID:3832
- C:\Windows\System\wHjiIDj.exe
  C:\Windows\System\wHjiIDj.exe
  2⤵
  PID:3904
- C:\Windows\System\kQmTEhQ.exe
  C:\Windows\System\kQmTEhQ.exe
  2⤵
  PID:3900
- C:\Windows\System\zyLuHzV.exe
  C:\Windows\System\zyLuHzV.exe
  2⤵
  PID:3936
- C:\Windows\System\CbTUmdv.exe
  C:\Windows\System\CbTUmdv.exe
  2⤵
  PID:3976
- C:\Windows\System\geZHeRw.exe
  C:\Windows\System\geZHeRw.exe
  2⤵
  PID:1612
- C:\Windows\System\bFKxNDu.exe
  C:\Windows\System\bFKxNDu.exe
  2⤵
  PID:2512
- C:\Windows\System\NYYrfDL.exe
  C:\Windows\System\NYYrfDL.exe
  2⤵
  PID:2696
- C:\Windows\System\DYPidTC.exe
  C:\Windows\System\DYPidTC.exe
  2⤵
  PID:1820
- C:\Windows\System\JQEgKtD.exe
  C:\Windows\System\JQEgKtD.exe
  2⤵
  PID:2720
- C:\Windows\System\LyPRSfN.exe
  C:\Windows\System\LyPRSfN.exe
  2⤵
  PID:3080
- C:\Windows\System\qUghkAA.exe
  C:\Windows\System\qUghkAA.exe
  2⤵
  PID:2016
- C:\Windows\System\lEdjVkb.exe
  C:\Windows\System\lEdjVkb.exe
  2⤵
  PID:3228
- C:\Windows\System\gJOMxDh.exe
  C:\Windows\System\gJOMxDh.exe
  2⤵
  PID:3256
- C:\Windows\System\fbjpCOH.exe
  C:\Windows\System\fbjpCOH.exe
  2⤵
  PID:3476
- C:\Windows\System\rUQOXFR.exe
  C:\Windows\System\rUQOXFR.exe
  2⤵
  PID:3452
- C:\Windows\System\PRhjRtm.exe
  C:\Windows\System\PRhjRtm.exe
  2⤵
  PID:4104
- C:\Windows\System\ZBhAnfJ.exe
  C:\Windows\System\ZBhAnfJ.exe
  2⤵
  PID:4120
- C:\Windows\System\kQssieq.exe
  C:\Windows\System\kQssieq.exe
  2⤵
  PID:4140
- C:\Windows\System\bobCuCu.exe
  C:\Windows\System\bobCuCu.exe
  2⤵
  PID:4160
- C:\Windows\System\OMqwxfT.exe
  C:\Windows\System\OMqwxfT.exe
  2⤵
  PID:4180
- C:\Windows\System\FwJTKou.exe
  C:\Windows\System\FwJTKou.exe
  2⤵
  PID:4204
- C:\Windows\System\xdztfXj.exe
  C:\Windows\System\xdztfXj.exe
  2⤵
  PID:4224
- C:\Windows\System\HBcMexM.exe
  C:\Windows\System\HBcMexM.exe
  2⤵
  PID:4244
- C:\Windows\System\KqEuUiX.exe
  C:\Windows\System\KqEuUiX.exe
  2⤵
  PID:4268
- C:\Windows\System\zQhpQlr.exe
  C:\Windows\System\zQhpQlr.exe
  2⤵
  PID:4288
- C:\Windows\System\WAtwCAm.exe
  C:\Windows\System\WAtwCAm.exe
  2⤵
  PID:4308
- C:\Windows\System\SJYfYqG.exe
  C:\Windows\System\SJYfYqG.exe
  2⤵
  PID:4328
- C:\Windows\System\LPBaRRo.exe
  C:\Windows\System\LPBaRRo.exe
  2⤵
  PID:4356
- C:\Windows\System\aaAGVRh.exe
  C:\Windows\System\aaAGVRh.exe
  2⤵
  PID:4376
- C:\Windows\System\ugNrkhI.exe
  C:\Windows\System\ugNrkhI.exe
  2⤵
  PID:4392
- C:\Windows\System\dlbxQtt.exe
  C:\Windows\System\dlbxQtt.exe
  2⤵
  PID:4416
- C:\Windows\System\vAQdJVu.exe
  C:\Windows\System\vAQdJVu.exe
  2⤵
  PID:4436
- C:\Windows\System\zOYJLIO.exe
  C:\Windows\System\zOYJLIO.exe
  2⤵
  PID:4456
- C:\Windows\System\IQIvgPt.exe
  C:\Windows\System\IQIvgPt.exe
  2⤵
  PID:4476
- C:\Windows\System\NBVERfx.exe
  C:\Windows\System\NBVERfx.exe
  2⤵
  PID:4492
- C:\Windows\System\YYbQQSo.exe
  C:\Windows\System\YYbQQSo.exe
  2⤵
  PID:4512
- C:\Windows\System\WEAtmpY.exe
  C:\Windows\System\WEAtmpY.exe
  2⤵
  PID:4532
- C:\Windows\System\kpGhiHR.exe
  C:\Windows\System\kpGhiHR.exe
  2⤵
  PID:4552
- C:\Windows\System\REwnhQL.exe
  C:\Windows\System\REwnhQL.exe
  2⤵
  PID:4576
- C:\Windows\System\uenuGbq.exe
  C:\Windows\System\uenuGbq.exe
  2⤵
  PID:4592
- C:\Windows\System\rJVDvwn.exe
  C:\Windows\System\rJVDvwn.exe
  2⤵
  PID:4616
- C:\Windows\System\NcFcBsG.exe
  C:\Windows\System\NcFcBsG.exe
  2⤵
  PID:4636
- C:\Windows\System\ElEoitX.exe
  C:\Windows\System\ElEoitX.exe
  2⤵
  PID:4652
- C:\Windows\System\bXZZfgc.exe
  C:\Windows\System\bXZZfgc.exe
  2⤵
  PID:4676
- C:\Windows\System\pNhzaTV.exe
  C:\Windows\System\pNhzaTV.exe
  2⤵
  PID:4696
- C:\Windows\System\XAWciwz.exe
  C:\Windows\System\XAWciwz.exe
  2⤵
  PID:4716
- C:\Windows\System\OSsJBlg.exe
  C:\Windows\System\OSsJBlg.exe
  2⤵
  PID:4736
- C:\Windows\System\NrxIUqJ.exe
  C:\Windows\System\NrxIUqJ.exe
  2⤵
  PID:4756
- C:\Windows\System\fHtnlKd.exe
  C:\Windows\System\fHtnlKd.exe
  2⤵
  PID:4776
- C:\Windows\System\pmFJeGk.exe
  C:\Windows\System\pmFJeGk.exe
  2⤵
  PID:4796
- C:\Windows\System\RyrYPAP.exe
  C:\Windows\System\RyrYPAP.exe
  2⤵
  PID:4812
- C:\Windows\System\fRVBaMM.exe
  C:\Windows\System\fRVBaMM.exe
  2⤵
  PID:4836
- C:\Windows\System\bldEeby.exe
  C:\Windows\System\bldEeby.exe
  2⤵
  PID:4856
- C:\Windows\System\AZQOjGm.exe
  C:\Windows\System\AZQOjGm.exe
  2⤵
  PID:4872
- C:\Windows\System\txvVWkB.exe
  C:\Windows\System\txvVWkB.exe
  2⤵
  PID:4896
- C:\Windows\System\wYIagoh.exe
  C:\Windows\System\wYIagoh.exe
  2⤵
  PID:4916
- C:\Windows\System\jusiQgb.exe
  C:\Windows\System\jusiQgb.exe
  2⤵
  PID:4936
- C:\Windows\System\XsEFtbl.exe
  C:\Windows\System\XsEFtbl.exe
  2⤵
  PID:4956
- C:\Windows\System\CddQLKY.exe
  C:\Windows\System\CddQLKY.exe
  2⤵
  PID:4976
- C:\Windows\System\JiohQcL.exe
  C:\Windows\System\JiohQcL.exe
  2⤵
  PID:5000
- C:\Windows\System\NyLUcXL.exe
  C:\Windows\System\NyLUcXL.exe
  2⤵
  PID:5016
- C:\Windows\System\wwBamDD.exe
  C:\Windows\System\wwBamDD.exe
  2⤵
  PID:5036
- C:\Windows\System\VBTyJhO.exe
  C:\Windows\System\VBTyJhO.exe
  2⤵
  PID:5056
- C:\Windows\System\QTALvjP.exe
  C:\Windows\System\QTALvjP.exe
  2⤵
  PID:5076
- C:\Windows\System\nydbrIS.exe
  C:\Windows\System\nydbrIS.exe
  2⤵
  PID:5096
- C:\Windows\System\PtgFyEl.exe
  C:\Windows\System\PtgFyEl.exe
  2⤵
  PID:5112
- C:\Windows\System\OkRUCwT.exe
  C:\Windows\System\OkRUCwT.exe
  2⤵
  PID:3776
- C:\Windows\System\ewrNuOU.exe
  C:\Windows\System\ewrNuOU.exe
  2⤵
  PID:3736
- C:\Windows\System\DMlgKST.exe
  C:\Windows\System\DMlgKST.exe
  2⤵
  PID:3752
- C:\Windows\System\WtUbMWM.exe
  C:\Windows\System\WtUbMWM.exe
  2⤵
  PID:3920
- C:\Windows\System\qYYADCD.exe
  C:\Windows\System\qYYADCD.exe
  2⤵
  PID:4036
- C:\Windows\System\ZHSowPZ.exe
  C:\Windows\System\ZHSowPZ.exe
  2⤵
  PID:2932
- C:\Windows\System\dLthtyn.exe
  C:\Windows\System\dLthtyn.exe
  2⤵
  PID:804
- C:\Windows\System\qfOsZdB.exe
  C:\Windows\System\qfOsZdB.exe
  2⤵
  PID:2524
- C:\Windows\System\FuPvYBa.exe
  C:\Windows\System\FuPvYBa.exe
  2⤵
  PID:1948
- C:\Windows\System\xJzIAyc.exe
  C:\Windows\System\xJzIAyc.exe
  2⤵
  PID:3132
- C:\Windows\System\NeqdSfP.exe
  C:\Windows\System\NeqdSfP.exe
  2⤵
  PID:3536
- C:\Windows\System\HjAPDJL.exe
  C:\Windows\System\HjAPDJL.exe
  2⤵
  PID:4116
- C:\Windows\System\OgtPRng.exe
  C:\Windows\System\OgtPRng.exe
  2⤵
  PID:4132
- C:\Windows\System\InLKjru.exe
  C:\Windows\System\InLKjru.exe
  2⤵
  PID:4128
- C:\Windows\System\jkHEqak.exe
  C:\Windows\System\jkHEqak.exe
  2⤵
  PID:4196
- C:\Windows\System\STZGjeO.exe
  C:\Windows\System\STZGjeO.exe
  2⤵
  PID:4220
- C:\Windows\System\DpYCSuU.exe
  C:\Windows\System\DpYCSuU.exe
  2⤵
  PID:4252
- C:\Windows\System\JIsXAyr.exe
  C:\Windows\System\JIsXAyr.exe
  2⤵
  PID:4296
- C:\Windows\System\WfGTUcj.exe
  C:\Windows\System\WfGTUcj.exe
  2⤵
  PID:4336
- C:\Windows\System\BjyTQZH.exe
  C:\Windows\System\BjyTQZH.exe
  2⤵
  PID:4368
- C:\Windows\System\OuUqUeN.exe
  C:\Windows\System\OuUqUeN.exe
  2⤵
  PID:4388
- C:\Windows\System\QGWNWCB.exe
  C:\Windows\System\QGWNWCB.exe
  2⤵
  PID:4432
- C:\Windows\System\OCtrHQJ.exe
  C:\Windows\System\OCtrHQJ.exe
  2⤵
  PID:4464
- C:\Windows\System\CAsXWce.exe
  C:\Windows\System\CAsXWce.exe
  2⤵
  PID:4500
- C:\Windows\System\vEHVkPA.exe
  C:\Windows\System\vEHVkPA.exe
  2⤵
  PID:4560
- C:\Windows\System\ofjrPwX.exe
  C:\Windows\System\ofjrPwX.exe
  2⤵
  PID:4544
- C:\Windows\System\gcumoLo.exe
  C:\Windows\System\gcumoLo.exe
  2⤵
  PID:4604
- C:\Windows\System\gzDuTId.exe
  C:\Windows\System\gzDuTId.exe
  2⤵
  PID:4632
- C:\Windows\System\OKhCxGC.exe
  C:\Windows\System\OKhCxGC.exe
  2⤵
  PID:4692
- C:\Windows\System\uGAbKzg.exe
  C:\Windows\System\uGAbKzg.exe
  2⤵
  PID:4704
- C:\Windows\System\krmlUoX.exe
  C:\Windows\System\krmlUoX.exe
  2⤵
  PID:4764
- C:\Windows\System\knSabhb.exe
  C:\Windows\System\knSabhb.exe
  2⤵
  PID:4768
- C:\Windows\System\ehXBXIo.exe
  C:\Windows\System\ehXBXIo.exe
  2⤵
  PID:4788
- C:\Windows\System\shBiElA.exe
  C:\Windows\System\shBiElA.exe
  2⤵
  PID:4848
- C:\Windows\System\QmpORvB.exe
  C:\Windows\System\QmpORvB.exe
  2⤵
  PID:4824
- C:\Windows\System\bSWcyzz.exe
  C:\Windows\System\bSWcyzz.exe
  2⤵
  PID:4904
- C:\Windows\System\vHnCTBD.exe
  C:\Windows\System\vHnCTBD.exe
  2⤵
  PID:4964
- C:\Windows\System\NqqPDlF.exe
  C:\Windows\System\NqqPDlF.exe
  2⤵
  PID:4972
- C:\Windows\System\TBQVUCL.exe
  C:\Windows\System\TBQVUCL.exe
  2⤵
  PID:4996
- C:\Windows\System\HlSHhGs.exe
  C:\Windows\System\HlSHhGs.exe
  2⤵
  PID:5092
- C:\Windows\System\SnCUqEw.exe
  C:\Windows\System\SnCUqEw.exe
  2⤵
  PID:5088
- C:\Windows\System\pLqdNCX.exe
  C:\Windows\System\pLqdNCX.exe
  2⤵
  PID:5104
- C:\Windows\System\rYJnNij.exe
  C:\Windows\System\rYJnNij.exe
  2⤵
  PID:3652
- C:\Windows\System\FHbVZpA.exe
  C:\Windows\System\FHbVZpA.exe
  2⤵
  PID:3820
- C:\Windows\System\buKvbXe.exe
  C:\Windows\System\buKvbXe.exe
  2⤵
  PID:844
- C:\Windows\System\JIAbCtb.exe
  C:\Windows\System\JIAbCtb.exe
  2⤵
  PID:1668
- C:\Windows\System\rEKWett.exe
  C:\Windows\System\rEKWett.exe
  2⤵
  PID:1804
- C:\Windows\System\AnJYyIw.exe
  C:\Windows\System\AnJYyIw.exe
  2⤵
  PID:3172
- C:\Windows\System\qOoIyUW.exe
  C:\Windows\System\qOoIyUW.exe
  2⤵
  PID:3272
- C:\Windows\System\NRpdRZU.exe
  C:\Windows\System\NRpdRZU.exe
  2⤵
  PID:4156
- C:\Windows\System\zkokEEl.exe
  C:\Windows\System\zkokEEl.exe
  2⤵
  PID:4276
- C:\Windows\System\HPctYFB.exe
  C:\Windows\System\HPctYFB.exe
  2⤵
  PID:4236
- C:\Windows\System\lPHCxsj.exe
  C:\Windows\System\lPHCxsj.exe
  2⤵
  PID:4324
- C:\Windows\System\iuOjsDn.exe
  C:\Windows\System\iuOjsDn.exe
  2⤵
  PID:4400
- C:\Windows\System\ClyJswp.exe
  C:\Windows\System\ClyJswp.exe
  2⤵
  PID:4424
- C:\Windows\System\ucxYNzc.exe
  C:\Windows\System\ucxYNzc.exe
  2⤵
  PID:4428
- C:\Windows\System\pdnKwlG.exe
  C:\Windows\System\pdnKwlG.exe
  2⤵
  PID:4468
- C:\Windows\System\tRnKgzb.exe
  C:\Windows\System\tRnKgzb.exe
  2⤵
  PID:4612
- C:\Windows\System\gZsRNQi.exe
  C:\Windows\System\gZsRNQi.exe
  2⤵
  PID:4684
- C:\Windows\System\TVTHwSa.exe
  C:\Windows\System\TVTHwSa.exe
  2⤵
  PID:1748
- C:\Windows\System\RdraBPy.exe
  C:\Windows\System\RdraBPy.exe
  2⤵
  PID:4712
- C:\Windows\System\qRJdTtz.exe
  C:\Windows\System\qRJdTtz.exe
  2⤵
  PID:4888
- C:\Windows\System\KBcmHgA.exe
  C:\Windows\System\KBcmHgA.exe
  2⤵
  PID:4852
- C:\Windows\System\byJTLxj.exe
  C:\Windows\System\byJTLxj.exe
  2⤵
  PID:4924
- C:\Windows\System\VqscvZI.exe
  C:\Windows\System\VqscvZI.exe
  2⤵
  PID:4884
- C:\Windows\System\VSHhDLA.exe
  C:\Windows\System\VSHhDLA.exe
  2⤵
  PID:5052
- C:\Windows\System\kZzZtIG.exe
  C:\Windows\System\kZzZtIG.exe
  2⤵
  PID:5048
- C:\Windows\System\kabINQe.exe
  C:\Windows\System\kabINQe.exe
  2⤵
  PID:5072
- C:\Windows\System\dsuYrmn.exe
  C:\Windows\System\dsuYrmn.exe
  2⤵
  PID:3680
- C:\Windows\System\JwIPLMl.exe
  C:\Windows\System\JwIPLMl.exe
  2⤵
  PID:3196
- C:\Windows\System\RjPDvVK.exe
  C:\Windows\System\RjPDvVK.exe
  2⤵
  PID:3336
- C:\Windows\System\sXEWQYG.exe
  C:\Windows\System\sXEWQYG.exe
  2⤵
  PID:3348
- C:\Windows\System\EVPXNlu.exe
  C:\Windows\System\EVPXNlu.exe
  2⤵
  PID:4152
- C:\Windows\System\kownVHQ.exe
  C:\Windows\System\kownVHQ.exe
  2⤵
  PID:5132
- C:\Windows\System\jDybfot.exe
  C:\Windows\System\jDybfot.exe
  2⤵
  PID:5160
- C:\Windows\System\LBSLZyq.exe
  C:\Windows\System\LBSLZyq.exe
  2⤵
  PID:5176
- C:\Windows\System\uEoYzaI.exe
  C:\Windows\System\uEoYzaI.exe
  2⤵
  PID:5200
- C:\Windows\System\qbrVBPn.exe
  C:\Windows\System\qbrVBPn.exe
  2⤵
  PID:5216
- C:\Windows\System\CXQFOFR.exe
  C:\Windows\System\CXQFOFR.exe
  2⤵
  PID:5232
- C:\Windows\System\ViFkxyX.exe
  C:\Windows\System\ViFkxyX.exe
  2⤵
  PID:5264
- C:\Windows\System\KAdBfBI.exe
  C:\Windows\System\KAdBfBI.exe
  2⤵
  PID:5280
- C:\Windows\System\zJbfFBy.exe
  C:\Windows\System\zJbfFBy.exe
  2⤵
  PID:5304
- C:\Windows\System\GJavCiw.exe
  C:\Windows\System\GJavCiw.exe
  2⤵
  PID:5324
- C:\Windows\System\whITLTJ.exe
  C:\Windows\System\whITLTJ.exe
  2⤵
  PID:5344
- C:\Windows\System\CVHdapH.exe
  C:\Windows\System\CVHdapH.exe
  2⤵
  PID:5364
- C:\Windows\System\fmLDhrY.exe
  C:\Windows\System\fmLDhrY.exe
  2⤵
  PID:5380
- C:\Windows\System\lyAjAJb.exe
  C:\Windows\System\lyAjAJb.exe
  2⤵
  PID:5404
- C:\Windows\System\UjaviMX.exe
  C:\Windows\System\UjaviMX.exe
  2⤵
  PID:5424
- C:\Windows\System\yVjkLHN.exe
  C:\Windows\System\yVjkLHN.exe
  2⤵
  PID:5444
- C:\Windows\System\uISLnRw.exe
  C:\Windows\System\uISLnRw.exe
  2⤵
  PID:5464
- C:\Windows\System\AAyBniM.exe
  C:\Windows\System\AAyBniM.exe
  2⤵
  PID:5484
- C:\Windows\System\qHJzYyq.exe
  C:\Windows\System\qHJzYyq.exe
  2⤵
  PID:5504
- C:\Windows\System\ECmSlJM.exe
  C:\Windows\System\ECmSlJM.exe
  2⤵
  PID:5524
- C:\Windows\System\vTuBXZj.exe
  C:\Windows\System\vTuBXZj.exe
  2⤵
  PID:5544
- C:\Windows\System\JxOLnwy.exe
  C:\Windows\System\JxOLnwy.exe
  2⤵
  PID:5564
- C:\Windows\System\YFWSCMN.exe
  C:\Windows\System\YFWSCMN.exe
  2⤵
  PID:5584
- C:\Windows\System\XiaMnjm.exe
  C:\Windows\System\XiaMnjm.exe
  2⤵
  PID:5604
- C:\Windows\System\rAIiygQ.exe
  C:\Windows\System\rAIiygQ.exe
  2⤵
  PID:5624
- C:\Windows\System\HfYfsCC.exe
  C:\Windows\System\HfYfsCC.exe
  2⤵
  PID:5644
- C:\Windows\System\ZnnCoHI.exe
  C:\Windows\System\ZnnCoHI.exe
  2⤵
  PID:5664
- C:\Windows\System\PgRIcwA.exe
  C:\Windows\System\PgRIcwA.exe
  2⤵
  PID:5684
- C:\Windows\System\tVrkzoF.exe
  C:\Windows\System\tVrkzoF.exe
  2⤵
  PID:5704
- C:\Windows\System\vpYNKvt.exe
  C:\Windows\System\vpYNKvt.exe
  2⤵
  PID:5724
- C:\Windows\System\gApBYeg.exe
  C:\Windows\System\gApBYeg.exe
  2⤵
  PID:5744
- C:\Windows\System\VbsxwGg.exe
  C:\Windows\System\VbsxwGg.exe
  2⤵
  PID:5764
- C:\Windows\System\mhInxOg.exe
  C:\Windows\System\mhInxOg.exe
  2⤵
  PID:5784
- C:\Windows\System\SmcacFW.exe
  C:\Windows\System\SmcacFW.exe
  2⤵
  PID:5804
- C:\Windows\System\GQhgaCM.exe
  C:\Windows\System\GQhgaCM.exe
  2⤵
  PID:5824
- C:\Windows\System\uljEoTg.exe
  C:\Windows\System\uljEoTg.exe
  2⤵
  PID:5844
- C:\Windows\System\nUymjlC.exe
  C:\Windows\System\nUymjlC.exe
  2⤵
  PID:5864
- C:\Windows\System\IeVbtbc.exe
  C:\Windows\System\IeVbtbc.exe
  2⤵
  PID:5884
- C:\Windows\System\cjkcFTJ.exe
  C:\Windows\System\cjkcFTJ.exe
  2⤵
  PID:5904
- C:\Windows\System\mDitWOn.exe
  C:\Windows\System\mDitWOn.exe
  2⤵
  PID:5924
- C:\Windows\System\vfiujFJ.exe
  C:\Windows\System\vfiujFJ.exe
  2⤵
  PID:5944
- C:\Windows\System\NhdMuOp.exe
  C:\Windows\System\NhdMuOp.exe
  2⤵
  PID:5964
- C:\Windows\System\fSCKbIC.exe
  C:\Windows\System\fSCKbIC.exe
  2⤵
  PID:5984
- C:\Windows\System\xwpPlVd.exe
  C:\Windows\System\xwpPlVd.exe
  2⤵
  PID:6004
- C:\Windows\System\uquXkXy.exe
  C:\Windows\System\uquXkXy.exe
  2⤵
  PID:6024
- C:\Windows\System\pRoquDi.exe
  C:\Windows\System\pRoquDi.exe
  2⤵
  PID:6044
- C:\Windows\System\LKYIlkU.exe
  C:\Windows\System\LKYIlkU.exe
  2⤵
  PID:6064
- C:\Windows\System\ZCZPojK.exe
  C:\Windows\System\ZCZPojK.exe
  2⤵
  PID:6084
- C:\Windows\System\AkikLoy.exe
  C:\Windows\System\AkikLoy.exe
  2⤵
  PID:6104
- C:\Windows\System\EXbjyKG.exe
  C:\Windows\System\EXbjyKG.exe
  2⤵
  PID:6124
- C:\Windows\System\TkinLYY.exe
  C:\Windows\System\TkinLYY.exe
  2⤵
  PID:2904
- C:\Windows\System\CpVuxWa.exe
  C:\Windows\System\CpVuxWa.exe
  2⤵
  PID:4404
- C:\Windows\System\aCEvQwQ.exe
  C:\Windows\System\aCEvQwQ.exe
  2⤵
  PID:4280
- C:\Windows\System\UWbcsXM.exe
  C:\Windows\System\UWbcsXM.exe
  2⤵
  PID:4264
- C:\Windows\System\UZNwYmR.exe
  C:\Windows\System\UZNwYmR.exe
  2⤵
  PID:4644
- C:\Windows\System\UxPiCkn.exe
  C:\Windows\System\UxPiCkn.exe
  2⤵
  PID:4624
- C:\Windows\System\MBEKeHn.exe
  C:\Windows\System\MBEKeHn.exe
  2⤵
  PID:4784
- C:\Windows\System\iyoiIHq.exe
  C:\Windows\System\iyoiIHq.exe
  2⤵
  PID:4804
- C:\Windows\System\iNGivMe.exe
  C:\Windows\System\iNGivMe.exe
  2⤵
  PID:4844
- C:\Windows\System\pPzxaYp.exe
  C:\Windows\System\pPzxaYp.exe
  2⤵
  PID:5008
- C:\Windows\System\CBxClWB.exe
  C:\Windows\System\CBxClWB.exe
  2⤵
  PID:4020
- C:\Windows\System\AcZcpgD.exe
  C:\Windows\System\AcZcpgD.exe
  2⤵
  PID:5064
- C:\Windows\System\XjFNzkw.exe
  C:\Windows\System\XjFNzkw.exe
  2⤵
  PID:4044
- C:\Windows\System\qVgpDBF.exe
  C:\Windows\System\qVgpDBF.exe
  2⤵
  PID:3292
- C:\Windows\System\DwjkMTe.exe
  C:\Windows\System\DwjkMTe.exe
  2⤵
  PID:5156
- C:\Windows\System\DvklLiU.exe
  C:\Windows\System\DvklLiU.exe
  2⤵
  PID:5188
- C:\Windows\System\KUYVNmH.exe
  C:\Windows\System\KUYVNmH.exe
  2⤵
  PID:5224
- C:\Windows\System\EiyKIKd.exe
  C:\Windows\System\EiyKIKd.exe
  2⤵
  PID:5244
- C:\Windows\System\GPrMSXQ.exe
  C:\Windows\System\GPrMSXQ.exe
  2⤵
  PID:5276
- C:\Windows\System\IYLxgTh.exe
  C:\Windows\System\IYLxgTh.exe
  2⤵
  PID:5312
- C:\Windows\System\enPdmMY.exe
  C:\Windows\System\enPdmMY.exe
  2⤵
  PID:5340
- C:\Windows\System\IMXemzj.exe
  C:\Windows\System\IMXemzj.exe
  2⤵
  PID:5392
- C:\Windows\System\dQearSP.exe
  C:\Windows\System\dQearSP.exe
  2⤵
  PID:5372
- C:\Windows\System\emIDQAC.exe
  C:\Windows\System\emIDQAC.exe
  2⤵
  PID:5440
- C:\Windows\System\zdoBbnq.exe
  C:\Windows\System\zdoBbnq.exe
  2⤵
  PID:5476
- C:\Windows\System\roFMzkN.exe
  C:\Windows\System\roFMzkN.exe
  2⤵
  PID:5496
- C:\Windows\System\sIqSruP.exe
  C:\Windows\System\sIqSruP.exe
  2⤵
  PID:5540
- C:\Windows\System\XOxauFf.exe
  C:\Windows\System\XOxauFf.exe
  2⤵
  PID:5580
- C:\Windows\System\AVaTqWN.exe
  C:\Windows\System\AVaTqWN.exe
  2⤵
  PID:5620
- C:\Windows\System\ZGAqDTl.exe
  C:\Windows\System\ZGAqDTl.exe
  2⤵
  PID:5652
- C:\Windows\System\euGpIuM.exe
  C:\Windows\System\euGpIuM.exe
  2⤵
  PID:5676
- C:\Windows\System\lkERBLw.exe
  C:\Windows\System\lkERBLw.exe
  2⤵
  PID:5696
- C:\Windows\System\TYdRyLZ.exe
  C:\Windows\System\TYdRyLZ.exe
  2⤵
  PID:5736
- C:\Windows\System\MFGfZAj.exe
  C:\Windows\System\MFGfZAj.exe
  2⤵
  PID:5800
- C:\Windows\System\aIzLHpy.exe
  C:\Windows\System\aIzLHpy.exe
  2⤵
  PID:5812
- C:\Windows\System\VYRErOf.exe
  C:\Windows\System\VYRErOf.exe
  2⤵
  PID:5836
- C:\Windows\System\fOBepAn.exe
  C:\Windows\System\fOBepAn.exe
  2⤵
  PID:5856
- C:\Windows\System\gwlicmD.exe
  C:\Windows\System\gwlicmD.exe
  2⤵
  PID:5920
- C:\Windows\System\yfUUKlq.exe
  C:\Windows\System\yfUUKlq.exe
  2⤵
  PID:5952
- C:\Windows\System\NSusLdZ.exe
  C:\Windows\System\NSusLdZ.exe
  2⤵
  PID:5980
- C:\Windows\System\zyhavVE.exe
  C:\Windows\System\zyhavVE.exe
  2⤵
  PID:6012
- C:\Windows\System\QgFLNUZ.exe
  C:\Windows\System\QgFLNUZ.exe
  2⤵
  PID:6036
- C:\Windows\System\wLXJTtW.exe
  C:\Windows\System\wLXJTtW.exe
  2⤵
  PID:6080
- C:\Windows\System\eTRfOHi.exe
  C:\Windows\System\eTRfOHi.exe
  2⤵
  PID:6096
- C:\Windows\System\aXLYWLD.exe
  C:\Windows\System\aXLYWLD.exe
  2⤵
  PID:4300
- C:\Windows\System\PoLIvPK.exe
  C:\Windows\System\PoLIvPK.exe
  2⤵
  PID:4508
- C:\Windows\System\SHvnXGL.exe
  C:\Windows\System\SHvnXGL.exe
  2⤵
  PID:4540
- C:\Windows\System\nchOSqB.exe
  C:\Windows\System\nchOSqB.exe
  2⤵
  PID:4448
- C:\Windows\System\XFvJVmv.exe
  C:\Windows\System\XFvJVmv.exe
  2⤵
  PID:4672
- C:\Windows\System\jzKVxsf.exe
  C:\Windows\System\jzKVxsf.exe
  2⤵
  PID:4820
- C:\Windows\System\GomtQOZ.exe
  C:\Windows\System\GomtQOZ.exe
  2⤵
  PID:3764
- C:\Windows\System\kOsKypx.exe
  C:\Windows\System\kOsKypx.exe
  2⤵
  PID:4192
- C:\Windows\System\iWeUznX.exe
  C:\Windows\System\iWeUznX.exe
  2⤵
  PID:5140
- C:\Windows\System\rFNlYsA.exe
  C:\Windows\System\rFNlYsA.exe
  2⤵
  PID:5148
- C:\Windows\System\NqAquxq.exe
  C:\Windows\System\NqAquxq.exe
  2⤵
  PID:5240
- C:\Windows\System\NmBMoZR.exe
  C:\Windows\System\NmBMoZR.exe
  2⤵
  PID:5272
- C:\Windows\System\VKvpEHD.exe
  C:\Windows\System\VKvpEHD.exe
  2⤵
  PID:5388
- C:\Windows\System\kcyYUXI.exe
  C:\Windows\System\kcyYUXI.exe
  2⤵
  PID:5412
- C:\Windows\System\MqAMIky.exe
  C:\Windows\System\MqAMIky.exe
  2⤵
  PID:5456
- C:\Windows\System\HGfqNVN.exe
  C:\Windows\System\HGfqNVN.exe
  2⤵
  PID:5512
- C:\Windows\System\VoBzsWw.exe
  C:\Windows\System\VoBzsWw.exe
  2⤵
  PID:5592
- C:\Windows\System\kJMWtXR.exe
  C:\Windows\System\kJMWtXR.exe
  2⤵
  PID:5616
- C:\Windows\System\GdmpvMT.exe
  C:\Windows\System\GdmpvMT.exe
  2⤵
  PID:5712
- C:\Windows\System\qolAyJD.exe
  C:\Windows\System\qolAyJD.exe
  2⤵
  PID:5740
- C:\Windows\System\KTKJdks.exe
  C:\Windows\System\KTKJdks.exe
  2⤵
  PID:5840
- C:\Windows\System\NQWzZub.exe
  C:\Windows\System\NQWzZub.exe
  2⤵
  PID:5860
- C:\Windows\System\TSWtoUG.exe
  C:\Windows\System\TSWtoUG.exe
  2⤵
  PID:5912
- C:\Windows\System\KonvjRP.exe
  C:\Windows\System\KonvjRP.exe
  2⤵
  PID:5932
- C:\Windows\System\wsDGBgw.exe
  C:\Windows\System\wsDGBgw.exe
  2⤵
  PID:5996
- C:\Windows\System\mSWveXN.exe
  C:\Windows\System\mSWveXN.exe
  2⤵
  PID:6092
- C:\Windows\System\XSKJvOw.exe
  C:\Windows\System\XSKJvOw.exe
  2⤵
  PID:6116
- C:\Windows\System\qBnnKIG.exe
  C:\Windows\System\qBnnKIG.exe
  2⤵
  PID:6164
- C:\Windows\System\AUmrgYB.exe
  C:\Windows\System\AUmrgYB.exe
  2⤵
  PID:6184
- C:\Windows\System\ftHeZSO.exe
  C:\Windows\System\ftHeZSO.exe
  2⤵
  PID:6204
- C:\Windows\System\RxEZTZW.exe
  C:\Windows\System\RxEZTZW.exe
  2⤵
  PID:6224
- C:\Windows\System\MScnayb.exe
  C:\Windows\System\MScnayb.exe
  2⤵
  PID:6244
- C:\Windows\System\gJwzFuK.exe
  C:\Windows\System\gJwzFuK.exe
  2⤵
  PID:6264
- C:\Windows\System\MzJacXG.exe
  C:\Windows\System\MzJacXG.exe
  2⤵
  PID:6284
- C:\Windows\System\xBuYFnL.exe
  C:\Windows\System\xBuYFnL.exe
  2⤵
  PID:6304
- C:\Windows\System\dCMyUlg.exe
  C:\Windows\System\dCMyUlg.exe
  2⤵
  PID:6324
- C:\Windows\System\tPnRrWn.exe
  C:\Windows\System\tPnRrWn.exe
  2⤵
  PID:6344
- C:\Windows\System\XAnvUwO.exe
  C:\Windows\System\XAnvUwO.exe
  2⤵
  PID:6364
- C:\Windows\System\cuYPvFl.exe
  C:\Windows\System\cuYPvFl.exe
  2⤵
  PID:6384
- C:\Windows\System\uXWbsoA.exe
  C:\Windows\System\uXWbsoA.exe
  2⤵
  PID:6404
- C:\Windows\System\JwMfmvS.exe
  C:\Windows\System\JwMfmvS.exe
  2⤵
  PID:6424
- C:\Windows\System\GpiNDVt.exe
  C:\Windows\System\GpiNDVt.exe
  2⤵
  PID:6444
- C:\Windows\System\DTKnLTz.exe
  C:\Windows\System\DTKnLTz.exe
  2⤵
  PID:6464
- C:\Windows\System\hiCHBQh.exe
  C:\Windows\System\hiCHBQh.exe
  2⤵
  PID:6484
- C:\Windows\System\uqodQXR.exe
  C:\Windows\System\uqodQXR.exe
  2⤵
  PID:6504
- C:\Windows\System\rKdSQJE.exe
  C:\Windows\System\rKdSQJE.exe
  2⤵
  PID:6524
- C:\Windows\System\maQdpdD.exe
  C:\Windows\System\maQdpdD.exe
  2⤵
  PID:6544
- C:\Windows\System\BbGKKFx.exe
  C:\Windows\System\BbGKKFx.exe
  2⤵
  PID:6564
- C:\Windows\System\taxelIv.exe
  C:\Windows\System\taxelIv.exe
  2⤵
  PID:6584
- C:\Windows\System\oJNGpVz.exe
  C:\Windows\System\oJNGpVz.exe
  2⤵
  PID:6604
- C:\Windows\System\bZChvmy.exe
  C:\Windows\System\bZChvmy.exe
  2⤵
  PID:6624
- C:\Windows\System\QXaVbQZ.exe
  C:\Windows\System\QXaVbQZ.exe
  2⤵
  PID:6644
- C:\Windows\System\XqdWGTq.exe
  C:\Windows\System\XqdWGTq.exe
  2⤵
  PID:6664
- C:\Windows\System\KowHJRu.exe
  C:\Windows\System\KowHJRu.exe
  2⤵
  PID:6684
- C:\Windows\System\yMylnqe.exe
  C:\Windows\System\yMylnqe.exe
  2⤵
  PID:6704
- C:\Windows\System\pNOuVMg.exe
  C:\Windows\System\pNOuVMg.exe
  2⤵
  PID:6724
- C:\Windows\System\PfqiMZO.exe
  C:\Windows\System\PfqiMZO.exe
  2⤵
  PID:6744
- C:\Windows\System\kvZJjRS.exe
  C:\Windows\System\kvZJjRS.exe
  2⤵
  PID:6764
- C:\Windows\System\wQgFzSW.exe
  C:\Windows\System\wQgFzSW.exe
  2⤵
  PID:6784
- C:\Windows\System\EFvlhGL.exe
  C:\Windows\System\EFvlhGL.exe
  2⤵
  PID:6808
- C:\Windows\System\RmLDgWO.exe
  C:\Windows\System\RmLDgWO.exe
  2⤵
  PID:6828
- C:\Windows\System\WoMeKlc.exe
  C:\Windows\System\WoMeKlc.exe
  2⤵
  PID:6848
- C:\Windows\System\PRZWDLn.exe
  C:\Windows\System\PRZWDLn.exe
  2⤵
  PID:6868
- C:\Windows\System\pNyjTnF.exe
  C:\Windows\System\pNyjTnF.exe
  2⤵
  PID:6888
- C:\Windows\System\VZMvcho.exe
  C:\Windows\System\VZMvcho.exe
  2⤵
  PID:6908
- C:\Windows\System\xmGGQDj.exe
  C:\Windows\System\xmGGQDj.exe
  2⤵
  PID:6928
- C:\Windows\System\jDTGuZZ.exe
  C:\Windows\System\jDTGuZZ.exe
  2⤵
  PID:6948
- C:\Windows\System\VURKcQV.exe
  C:\Windows\System\VURKcQV.exe
  2⤵
  PID:6968
- C:\Windows\System\kriAOhk.exe
  C:\Windows\System\kriAOhk.exe
  2⤵
  PID:6988
- C:\Windows\System\pYMTFqu.exe
  C:\Windows\System\pYMTFqu.exe
  2⤵
  PID:7008
- C:\Windows\System\SCJAFkx.exe
  C:\Windows\System\SCJAFkx.exe
  2⤵
  PID:7028
- C:\Windows\System\PLLjYhF.exe
  C:\Windows\System\PLLjYhF.exe
  2⤵
  PID:7048
- C:\Windows\System\lkmsOUx.exe
  C:\Windows\System\lkmsOUx.exe
  2⤵
  PID:7068
- C:\Windows\System\fxcPbVW.exe
  C:\Windows\System\fxcPbVW.exe
  2⤵
  PID:7088
- C:\Windows\System\XGKgLPt.exe
  C:\Windows\System\XGKgLPt.exe
  2⤵
  PID:7108
- C:\Windows\System\uRLcFtm.exe
  C:\Windows\System\uRLcFtm.exe
  2⤵
  PID:7128
- C:\Windows\System\oviWvgl.exe
  C:\Windows\System\oviWvgl.exe
  2⤵
  PID:7148
- C:\Windows\System\QEuIfPj.exe
  C:\Windows\System\QEuIfPj.exe
  2⤵
  PID:6140
- C:\Windows\System\fSxVoyO.exe
  C:\Windows\System\fSxVoyO.exe
  2⤵
  PID:4216
- C:\Windows\System\FQCnmKv.exe
  C:\Windows\System\FQCnmKv.exe
  2⤵
  PID:4600
- C:\Windows\System\RENbIdM.exe
  C:\Windows\System\RENbIdM.exe
  2⤵
  PID:5012
- C:\Windows\System\vAjHTvO.exe
  C:\Windows\System\vAjHTvO.exe
  2⤵
  PID:5032
- C:\Windows\System\MLjgdAf.exe
  C:\Windows\System\MLjgdAf.exe
  2⤵
  PID:5184
- C:\Windows\System\WgGimNw.exe
  C:\Windows\System\WgGimNw.exe
  2⤵
  PID:5168
- C:\Windows\System\swORXcD.exe
  C:\Windows\System\swORXcD.exe
  2⤵
  PID:5296
- C:\Windows\System\WGlYpgJ.exe
  C:\Windows\System\WGlYpgJ.exe
  2⤵
  PID:5396
- C:\Windows\System\CpDEQuk.exe
  C:\Windows\System\CpDEQuk.exe
  2⤵
  PID:5436
- C:\Windows\System\kHMhgjV.exe
  C:\Windows\System\kHMhgjV.exe
  2⤵
  PID:5552
- C:\Windows\System\cawcpkL.exe
  C:\Windows\System\cawcpkL.exe
  2⤵
  PID:5680
- C:\Windows\System\sMrZUcS.exe
  C:\Windows\System\sMrZUcS.exe
  2⤵
  PID:5792
- C:\Windows\System\dHoTJsM.exe
  C:\Windows\System\dHoTJsM.exe
  2⤵
  PID:5776
- C:\Windows\System\wHBMINQ.exe
  C:\Windows\System\wHBMINQ.exe
  2⤵
  PID:5936
- C:\Windows\System\xBbaNvK.exe
  C:\Windows\System\xBbaNvK.exe
  2⤵
  PID:6040
- C:\Windows\System\ieVPoat.exe
  C:\Windows\System\ieVPoat.exe
  2⤵
  PID:6056
- C:\Windows\System\aoSEQOE.exe
  C:\Windows\System\aoSEQOE.exe
  2⤵
  PID:6172
- C:\Windows\System\OFTYIjK.exe
  C:\Windows\System\OFTYIjK.exe
  2⤵
  PID:6212
- C:\Windows\System\OPmaXMx.exe
  C:\Windows\System\OPmaXMx.exe
  2⤵
  PID:6236
- C:\Windows\System\WhiARdf.exe
  C:\Windows\System\WhiARdf.exe
  2⤵
  PID:6280
- C:\Windows\System\rwCBHJS.exe
  C:\Windows\System\rwCBHJS.exe
  2⤵
  PID:6296
- C:\Windows\System\EAbIDCR.exe
  C:\Windows\System\EAbIDCR.exe
  2⤵
  PID:6340
- C:\Windows\System\TRWTCZZ.exe
  C:\Windows\System\TRWTCZZ.exe
  2⤵
  PID:6392
- C:\Windows\System\MpmFROg.exe
  C:\Windows\System\MpmFROg.exe
  2⤵
  PID:6416
- C:\Windows\System\wUFGjLk.exe
  C:\Windows\System\wUFGjLk.exe
  2⤵
  PID:6452
- C:\Windows\System\nKeDRIV.exe
  C:\Windows\System\nKeDRIV.exe
  2⤵
  PID:6476
- C:\Windows\System\pPPiuPB.exe
  C:\Windows\System\pPPiuPB.exe
  2⤵
  PID:6496
- C:\Windows\System\kzCOJll.exe
  C:\Windows\System\kzCOJll.exe
  2⤵
  PID:6536
- C:\Windows\System\IArKdfd.exe
  C:\Windows\System\IArKdfd.exe
  2⤵
  PID:6580
- C:\Windows\System\RdlDiYk.exe
  C:\Windows\System\RdlDiYk.exe
  2⤵
  PID:6612
- C:\Windows\System\MYNkvir.exe
  C:\Windows\System\MYNkvir.exe
  2⤵
  PID:6636
- C:\Windows\System\UHcRwHU.exe
  C:\Windows\System\UHcRwHU.exe
  2⤵
  PID:6680
- C:\Windows\System\uuwgSyY.exe
  C:\Windows\System\uuwgSyY.exe
  2⤵
  PID:6696
- C:\Windows\System\biHZMIz.exe
  C:\Windows\System\biHZMIz.exe
  2⤵
  PID:6740
- C:\Windows\System\PKOKEgG.exe
  C:\Windows\System\PKOKEgG.exe
  2⤵
  PID:6772
- C:\Windows\System\PRjsATQ.exe
  C:\Windows\System\PRjsATQ.exe
  2⤵
  PID:6796
- C:\Windows\System\XqvrHhs.exe
  C:\Windows\System\XqvrHhs.exe
  2⤵
  PID:6844
- C:\Windows\System\hVZdlbf.exe
  C:\Windows\System\hVZdlbf.exe
  2⤵
  PID:6860
- C:\Windows\System\QddJcfC.exe
  C:\Windows\System\QddJcfC.exe
  2⤵
  PID:6924
- C:\Windows\System\tpBYQDW.exe
  C:\Windows\System\tpBYQDW.exe
  2⤵
  PID:6936
- C:\Windows\System\keUgiAe.exe
  C:\Windows\System\keUgiAe.exe
  2⤵
  PID:332
- C:\Windows\System\EGznYZi.exe
  C:\Windows\System\EGznYZi.exe
  2⤵
  PID:6980
- C:\Windows\System\UqKCeXG.exe
  C:\Windows\System\UqKCeXG.exe
  2⤵
  PID:7024
- C:\Windows\System\AMajAec.exe
  C:\Windows\System\AMajAec.exe
  2⤵
  PID:7076
- C:\Windows\System\rykvWGJ.exe
  C:\Windows\System\rykvWGJ.exe
  2⤵
  PID:7104
- C:\Windows\System\EbyObwr.exe
  C:\Windows\System\EbyObwr.exe
  2⤵
  PID:7136
- C:\Windows\System\SciHbDW.exe
  C:\Windows\System\SciHbDW.exe
  2⤵
  PID:7160
- C:\Windows\System\vLlxHDm.exe
  C:\Windows\System\vLlxHDm.exe
  2⤵
  PID:4316
- C:\Windows\System\lhGzSON.exe
  C:\Windows\System\lhGzSON.exe
  2⤵
  PID:4984
- C:\Windows\System\PJoZStn.exe
  C:\Windows\System\PJoZStn.exe
  2⤵
  PID:3092
- C:\Windows\System\OaTGikh.exe
  C:\Windows\System\OaTGikh.exe
  2⤵
  PID:3640
- C:\Windows\System\GFGFvSO.exe
  C:\Windows\System\GFGFvSO.exe
  2⤵
  PID:5336
- C:\Windows\System\SgfGfnO.exe
  C:\Windows\System\SgfGfnO.exe
  2⤵
  PID:5500
- C:\Windows\System\RQrqlLe.exe
  C:\Windows\System\RQrqlLe.exe
  2⤵
  PID:5640
- C:\Windows\System\kPaGkUo.exe
  C:\Windows\System\kPaGkUo.exe
  2⤵
  PID:5896
- C:\Windows\System\oxFdWVf.exe
  C:\Windows\System\oxFdWVf.exe
  2⤵
  PID:5956
- C:\Windows\System\hwnkmzS.exe
  C:\Windows\System\hwnkmzS.exe
  2⤵
  PID:6072
- C:\Windows\System\CATiMpr.exe
  C:\Windows\System\CATiMpr.exe
  2⤵
  PID:6196
- C:\Windows\System\WNJgUzg.exe
  C:\Windows\System\WNJgUzg.exe
  2⤵
  PID:6216
- C:\Windows\System\XFQPxto.exe
  C:\Windows\System\XFQPxto.exe
  2⤵
  PID:6312
- C:\Windows\System\IXNslED.exe
  C:\Windows\System\IXNslED.exe
  2⤵
  PID:6380
- C:\Windows\System\VIIMeif.exe
  C:\Windows\System\VIIMeif.exe
  2⤵
  PID:6436
- C:\Windows\System\KeJCzIv.exe
  C:\Windows\System\KeJCzIv.exe
  2⤵
  PID:2700
- C:\Windows\System\WioulnP.exe
  C:\Windows\System\WioulnP.exe
  2⤵
  PID:6532
- C:\Windows\System\HUlGjhP.exe
  C:\Windows\System\HUlGjhP.exe
  2⤵
  PID:6556
- C:\Windows\System\ajungSc.exe
  C:\Windows\System\ajungSc.exe
  2⤵
  PID:6672
- C:\Windows\System\nYQfymO.exe
  C:\Windows\System\nYQfymO.exe
  2⤵
  PID:6720
- C:\Windows\System\NYIuXnv.exe
  C:\Windows\System\NYIuXnv.exe
  2⤵
  PID:6756
- C:\Windows\System\uucVArJ.exe
  C:\Windows\System\uucVArJ.exe
  2⤵
  PID:6776
- C:\Windows\System\IwFEhCy.exe
  C:\Windows\System\IwFEhCy.exe
  2⤵
  PID:6836
- C:\Windows\System\eqbfYzo.exe
  C:\Windows\System\eqbfYzo.exe
  2⤵
  PID:6956
- C:\Windows\System\UfQoMSv.exe
  C:\Windows\System\UfQoMSv.exe
  2⤵
  PID:6920
- C:\Windows\System\jIiejUW.exe
  C:\Windows\System\jIiejUW.exe
  2⤵
  PID:7004
- C:\Windows\System\JzxUGzV.exe
  C:\Windows\System\JzxUGzV.exe
  2⤵
  PID:7044
- C:\Windows\System\LzHLZxT.exe
  C:\Windows\System\LzHLZxT.exe
  2⤵
  PID:7064
- C:\Windows\System\OnwCgpZ.exe
  C:\Windows\System\OnwCgpZ.exe
  2⤵
  PID:2824
- C:\Windows\System\rdTecCy.exe
  C:\Windows\System\rdTecCy.exe
  2⤵
  PID:2928
- C:\Windows\System\vNKdqIp.exe
  C:\Windows\System\vNKdqIp.exe
  2⤵
  PID:6132
- C:\Windows\System\yXwzRqS.exe
  C:\Windows\System\yXwzRqS.exe
  2⤵
  PID:5084
- C:\Windows\System\vGtkubM.exe
  C:\Windows\System\vGtkubM.exe
  2⤵
  PID:5316
- C:\Windows\System\oqGDZXq.exe
  C:\Windows\System\oqGDZXq.exe
  2⤵
  PID:5596
- C:\Windows\System\lujwgbr.exe
  C:\Windows\System\lujwgbr.exe
  2⤵
  PID:5820
- C:\Windows\System\SXvRNEc.exe
  C:\Windows\System\SXvRNEc.exe
  2⤵
  PID:6032
- C:\Windows\System\HxtZhiJ.exe
  C:\Windows\System\HxtZhiJ.exe
  2⤵
  PID:6156
- C:\Windows\System\hfGpSSc.exe
  C:\Windows\System\hfGpSSc.exe
  2⤵
  PID:2056
- C:\Windows\System\kVVGDnC.exe
  C:\Windows\System\kVVGDnC.exe
  2⤵
  PID:6412
- C:\Windows\System\Nrasrij.exe
  C:\Windows\System\Nrasrij.exe
  2⤵
  PID:6372
- C:\Windows\System\uEMbJOm.exe
  C:\Windows\System\uEMbJOm.exe
  2⤵
  PID:6420
- C:\Windows\System\dlkWYDL.exe
  C:\Windows\System\dlkWYDL.exe
  2⤵
  PID:6572
- C:\Windows\System\kOCCbbZ.exe
  C:\Windows\System\kOCCbbZ.exe
  2⤵
  PID:6752
- C:\Windows\System\byOUGQE.exe
  C:\Windows\System\byOUGQE.exe
  2⤵
  PID:6824
- C:\Windows\System\auGVNBQ.exe
  C:\Windows\System\auGVNBQ.exe
  2⤵
  PID:1832
- C:\Windows\System\dyATkCv.exe
  C:\Windows\System\dyATkCv.exe
  2⤵
  PID:6900
- C:\Windows\System\TrErHmo.exe
  C:\Windows\System\TrErHmo.exe
  2⤵
  PID:6964
- C:\Windows\System\qfqQAYE.exe
  C:\Windows\System\qfqQAYE.exe
  2⤵
  PID:1320
- C:\Windows\System\SfJZJCw.exe
  C:\Windows\System\SfJZJCw.exe
  2⤵
  PID:2580
- C:\Windows\System\jKYPzEl.exe
  C:\Windows\System\jKYPzEl.exe
  2⤵
  PID:7140
- C:\Windows\System\MeWyHer.exe
  C:\Windows\System\MeWyHer.exe
  2⤵
  PID:4648
- C:\Windows\System\wiLqadG.exe
  C:\Windows\System\wiLqadG.exe
  2⤵
  PID:5172
- C:\Windows\System\ByxQxHP.exe
  C:\Windows\System\ByxQxHP.exe
  2⤵
  PID:5756
- C:\Windows\System\yAwTOAf.exe
  C:\Windows\System\yAwTOAf.exe
  2⤵
  PID:7180
- C:\Windows\System\rOMFGHh.exe
  C:\Windows\System\rOMFGHh.exe
  2⤵
  PID:7200
- C:\Windows\System\IymmvtR.exe
  C:\Windows\System\IymmvtR.exe
  2⤵
  PID:7220
- C:\Windows\System\WKVljKL.exe
  C:\Windows\System\WKVljKL.exe
  2⤵
  PID:7240
- C:\Windows\System\AgFqlDQ.exe
  C:\Windows\System\AgFqlDQ.exe
  2⤵
  PID:7260
- C:\Windows\System\XRAplVY.exe
  C:\Windows\System\XRAplVY.exe
  2⤵
  PID:7280
- C:\Windows\System\oxpmbyP.exe
  C:\Windows\System\oxpmbyP.exe
  2⤵
  PID:7300
- C:\Windows\System\zpriaGx.exe
  C:\Windows\System\zpriaGx.exe
  2⤵
  PID:7320
- C:\Windows\System\sBecfUz.exe
  C:\Windows\System\sBecfUz.exe
  2⤵
  PID:7340
- C:\Windows\System\aNdMsXj.exe
  C:\Windows\System\aNdMsXj.exe
  2⤵
  PID:7360
- C:\Windows\System\GqdVnHC.exe
  C:\Windows\System\GqdVnHC.exe
  2⤵
  PID:7380
- C:\Windows\System\IIdYXjq.exe
  C:\Windows\System\IIdYXjq.exe
  2⤵
  PID:7400
- C:\Windows\System\EBSYhSn.exe
  C:\Windows\System\EBSYhSn.exe
  2⤵
  PID:7424
- C:\Windows\System\WaGxebv.exe
  C:\Windows\System\WaGxebv.exe
  2⤵
  PID:7444
- C:\Windows\System\JiBdUAb.exe
  C:\Windows\System\JiBdUAb.exe
  2⤵
  PID:7464
- C:\Windows\System\gtKjndQ.exe
  C:\Windows\System\gtKjndQ.exe
  2⤵
  PID:7484
- C:\Windows\System\iufpdgJ.exe
  C:\Windows\System\iufpdgJ.exe
  2⤵
  PID:7504
- C:\Windows\System\qbNObLE.exe
  C:\Windows\System\qbNObLE.exe
  2⤵
  PID:7524
- C:\Windows\System\cYiFLVW.exe
  C:\Windows\System\cYiFLVW.exe
  2⤵
  PID:7540
- C:\Windows\System\mMELRJv.exe
  C:\Windows\System\mMELRJv.exe
  2⤵
  PID:7564
- C:\Windows\System\twPvSEH.exe
  C:\Windows\System\twPvSEH.exe
  2⤵
  PID:7584
- C:\Windows\System\VHgTqUw.exe
  C:\Windows\System\VHgTqUw.exe
  2⤵
  PID:7604
- C:\Windows\System\FaOUdyg.exe
  C:\Windows\System\FaOUdyg.exe
  2⤵
  PID:7624
- C:\Windows\System\mvwGzgA.exe
  C:\Windows\System\mvwGzgA.exe
  2⤵
  PID:7644
- C:\Windows\System\EeUmRdA.exe
  C:\Windows\System\EeUmRdA.exe
  2⤵
  PID:7664
- C:\Windows\System\iGcAutG.exe
  C:\Windows\System\iGcAutG.exe
  2⤵
  PID:7680
- C:\Windows\System\vGkLcwD.exe
  C:\Windows\System\vGkLcwD.exe
  2⤵
  PID:7704
- C:\Windows\System\lQUPnxw.exe
  C:\Windows\System\lQUPnxw.exe
  2⤵
  PID:7728
- C:\Windows\System\iRAcqpN.exe
  C:\Windows\System\iRAcqpN.exe
  2⤵
  PID:7748
- C:\Windows\System\PXaxoGb.exe
  C:\Windows\System\PXaxoGb.exe
  2⤵
  PID:7768
- C:\Windows\System\GnmftPs.exe
  C:\Windows\System\GnmftPs.exe
  2⤵
  PID:7788
- C:\Windows\System\DWIjpdF.exe
  C:\Windows\System\DWIjpdF.exe
  2⤵
  PID:7808
- C:\Windows\System\nytEZEi.exe
  C:\Windows\System\nytEZEi.exe
  2⤵
  PID:7828
- C:\Windows\System\DaHXoUF.exe
  C:\Windows\System\DaHXoUF.exe
  2⤵
  PID:7848
- C:\Windows\System\sRYXCts.exe
  C:\Windows\System\sRYXCts.exe
  2⤵
  PID:7868
- C:\Windows\System\QTBdiGm.exe
  C:\Windows\System\QTBdiGm.exe
  2⤵
  PID:7888
- C:\Windows\System\ddgoOYC.exe
  C:\Windows\System\ddgoOYC.exe
  2⤵
  PID:7904
- C:\Windows\System\awTyibQ.exe
  C:\Windows\System\awTyibQ.exe
  2⤵
  PID:7928
- C:\Windows\System\PXpNZHw.exe
  C:\Windows\System\PXpNZHw.exe
  2⤵
  PID:7948
- C:\Windows\System\LDFthpb.exe
  C:\Windows\System\LDFthpb.exe
  2⤵
  PID:7968
- C:\Windows\System\JNHMeqU.exe
  C:\Windows\System\JNHMeqU.exe
  2⤵
  PID:7988
- C:\Windows\System\AaOKLno.exe
  C:\Windows\System\AaOKLno.exe
  2⤵
  PID:8008
- C:\Windows\System\DyCySnt.exe
  C:\Windows\System\DyCySnt.exe
  2⤵
  PID:8028
- C:\Windows\System\ulRRUck.exe
  C:\Windows\System\ulRRUck.exe
  2⤵
  PID:8048
- C:\Windows\System\AfBqeiI.exe
  C:\Windows\System\AfBqeiI.exe
  2⤵
  PID:8068
- C:\Windows\System\HTIdpmr.exe
  C:\Windows\System\HTIdpmr.exe
  2⤵
  PID:8088
- C:\Windows\System\LjSkSJx.exe
  C:\Windows\System\LjSkSJx.exe
  2⤵
  PID:8108
- C:\Windows\System\kSQQWKb.exe
  C:\Windows\System\kSQQWKb.exe
  2⤵
  PID:8128
- C:\Windows\System\ikHDwPx.exe
  C:\Windows\System\ikHDwPx.exe
  2⤵
  PID:8148
- C:\Windows\System\zFWUOqQ.exe
  C:\Windows\System\zFWUOqQ.exe
  2⤵
  PID:8168
- C:\Windows\System\fCOzpPu.exe
  C:\Windows\System\fCOzpPu.exe
  2⤵
  PID:8188
- C:\Windows\System\irlVUHp.exe
  C:\Windows\System\irlVUHp.exe
  2⤵
  PID:6240
- C:\Windows\System\stVJDkq.exe
  C:\Windows\System\stVJDkq.exe
  2⤵
  PID:2636
- C:\Windows\System\lMLywWb.exe
  C:\Windows\System\lMLywWb.exe
  2⤵
  PID:3024
- C:\Windows\System\fEOaaOM.exe
  C:\Windows\System\fEOaaOM.exe
  2⤵
  PID:6640
- C:\Windows\System\TCvSfrB.exe
  C:\Windows\System\TCvSfrB.exe
  2⤵
  PID:6692
- C:\Windows\System\GQSmhBu.exe
  C:\Windows\System\GQSmhBu.exe
  2⤵
  PID:6916
- C:\Windows\System\WZRETdR.exe
  C:\Windows\System\WZRETdR.exe
  2⤵
  PID:6960
- C:\Windows\System\HzQzjZD.exe
  C:\Windows\System\HzQzjZD.exe
  2⤵
  PID:7096
- C:\Windows\System\iGREQCB.exe
  C:\Windows\System\iGREQCB.exe
  2⤵
  PID:7156
- C:\Windows\System\fJxXLeD.exe
  C:\Windows\System\fJxXLeD.exe
  2⤵
  PID:5560
- C:\Windows\System\BDARYvx.exe
  C:\Windows\System\BDARYvx.exe
  2⤵
  PID:7196
- C:\Windows\System\iYFmhzi.exe
  C:\Windows\System\iYFmhzi.exe
  2⤵
  PID:7208
- C:\Windows\System\HwsLTXt.exe
  C:\Windows\System\HwsLTXt.exe
  2⤵
  PID:7248
- C:\Windows\System\ejHhpBi.exe
  C:\Windows\System\ejHhpBi.exe
  2⤵
  PID:7288
- C:\Windows\System\TCxBPEw.exe
  C:\Windows\System\TCxBPEw.exe
  2⤵
  PID:7312
- C:\Windows\System\zLUtwLi.exe
  C:\Windows\System\zLUtwLi.exe
  2⤵
  PID:7352
- C:\Windows\System\ZKXyheQ.exe
  C:\Windows\System\ZKXyheQ.exe
  2⤵
  PID:7368
- C:\Windows\System\hdYRsDh.exe
  C:\Windows\System\hdYRsDh.exe
  2⤵
  PID:7432
- C:\Windows\System\VleOEEQ.exe
  C:\Windows\System\VleOEEQ.exe
  2⤵
  PID:7436
- C:\Windows\System\BOXvxTs.exe
  C:\Windows\System\BOXvxTs.exe
  2⤵
  PID:7476
- C:\Windows\System\qIBwmKY.exe
  C:\Windows\System\qIBwmKY.exe
  2⤵
  PID:7512
- C:\Windows\System\OVnLVOU.exe
  C:\Windows\System\OVnLVOU.exe
  2⤵
  PID:7560
- C:\Windows\System\uhBhFgM.exe
  C:\Windows\System\uhBhFgM.exe
  2⤵
  PID:7580
- C:\Windows\System\PuBqlak.exe
  C:\Windows\System\PuBqlak.exe
  2⤵
  PID:7632
- C:\Windows\System\ANgvmHm.exe
  C:\Windows\System\ANgvmHm.exe
  2⤵
  PID:7616
- C:\Windows\System\YzsJDry.exe
  C:\Windows\System\YzsJDry.exe
  2⤵
  PID:7660
- C:\Windows\System\bhZvtcD.exe
  C:\Windows\System\bhZvtcD.exe
  2⤵
  PID:7724
- C:\Windows\System\xKhcZNF.exe
  C:\Windows\System\xKhcZNF.exe
  2⤵
  PID:7688
- C:\Windows\System\kLQDZSd.exe
  C:\Windows\System\kLQDZSd.exe
  2⤵
  PID:7760
- C:\Windows\System\NlYaxED.exe
  C:\Windows\System\NlYaxED.exe
  2⤵
  PID:7780
- C:\Windows\System\atUqXYq.exe
  C:\Windows\System\atUqXYq.exe
  2⤵
  PID:7824
- C:\Windows\System\HibbNJf.exe
  C:\Windows\System\HibbNJf.exe
  2⤵
  PID:7884
- C:\Windows\System\tfildTx.exe
  C:\Windows\System\tfildTx.exe
  2⤵
  PID:7920
- C:\Windows\System\ekqjJVx.exe
  C:\Windows\System\ekqjJVx.exe
  2⤵
  PID:7936
- C:\Windows\System\MvBLFyI.exe
  C:\Windows\System\MvBLFyI.exe
  2⤵
  PID:7960
- C:\Windows\System\JlGtTvY.exe
  C:\Windows\System\JlGtTvY.exe
  2⤵
  PID:7984
- C:\Windows\System\dqJSsKj.exe
  C:\Windows\System\dqJSsKj.exe
  2⤵
  PID:8020
- C:\Windows\System\htYXrFv.exe
  C:\Windows\System\htYXrFv.exe
  2⤵
  PID:8056
- C:\Windows\System\gnGpqEh.exe
  C:\Windows\System\gnGpqEh.exe
  2⤵
  PID:8104
- C:\Windows\System\NGpncmx.exe
  C:\Windows\System\NGpncmx.exe
  2⤵
  PID:8136
- C:\Windows\System\KgkgNft.exe
  C:\Windows\System\KgkgNft.exe
  2⤵
  PID:8140
- C:\Windows\System\yqxVIfb.exe
  C:\Windows\System\yqxVIfb.exe
  2⤵
  PID:8180
- C:\Windows\System\oNYNGwF.exe
  C:\Windows\System\oNYNGwF.exe
  2⤵
  PID:6440
- C:\Windows\System\rFenrOK.exe
  C:\Windows\System\rFenrOK.exe
  2⤵
  PID:6660
- C:\Windows\System\RlmDMGf.exe
  C:\Windows\System\RlmDMGf.exe
  2⤵
  PID:860
- C:\Windows\System\EIYyjhW.exe
  C:\Windows\System\EIYyjhW.exe
  2⤵
  PID:4444
- C:\Windows\System\PATlHoo.exe
  C:\Windows\System\PATlHoo.exe
  2⤵
  PID:6984
- C:\Windows\System\aZSFSLn.exe
  C:\Windows\System\aZSFSLn.exe
  2⤵
  PID:7188
- C:\Windows\System\lmMmBGi.exe
  C:\Windows\System\lmMmBGi.exe
  2⤵
  PID:7236
- C:\Windows\System\NmRrktS.exe
  C:\Windows\System\NmRrktS.exe
  2⤵
  PID:7272
- C:\Windows\System\CHGWoZl.exe
  C:\Windows\System\CHGWoZl.exe
  2⤵
  PID:7336
- C:\Windows\System\JyijEyy.exe
  C:\Windows\System\JyijEyy.exe
  2⤵
  PID:7420
- C:\Windows\System\goTSIof.exe
  C:\Windows\System\goTSIof.exe
  2⤵
  PID:7372
- C:\Windows\System\yOHEVGf.exe
  C:\Windows\System\yOHEVGf.exe
  2⤵
  PID:7456
- C:\Windows\System\DqQAwQP.exe
  C:\Windows\System\DqQAwQP.exe
  2⤵
  PID:7548
- C:\Windows\System\Huggdje.exe
  C:\Windows\System\Huggdje.exe
  2⤵
  PID:7596
- C:\Windows\System\SkjmarE.exe
  C:\Windows\System\SkjmarE.exe
  2⤵
  PID:7676
- C:\Windows\System\dbrBStI.exe
  C:\Windows\System\dbrBStI.exe
  2⤵
  PID:7652
- C:\Windows\System\siFgAou.exe
  C:\Windows\System\siFgAou.exe
  2⤵
  PID:7800
- C:\Windows\System\vWUPfrN.exe
  C:\Windows\System\vWUPfrN.exe
  2⤵
  PID:7844
- C:\Windows\System\sIPEFxr.exe
  C:\Windows\System\sIPEFxr.exe
  2⤵
  PID:7876
- C:\Windows\System\TxoGizo.exe
  C:\Windows\System\TxoGizo.exe
  2⤵
  PID:7956
- C:\Windows\System\fFZrUte.exe
  C:\Windows\System\fFZrUte.exe
  2⤵
  PID:8036
- C:\Windows\System\lCUfqzF.exe
  C:\Windows\System\lCUfqzF.exe
  2⤵
  PID:8040
- C:\Windows\System\MmIfnZp.exe
  C:\Windows\System\MmIfnZp.exe
  2⤵
  PID:8080
- C:\Windows\System\ExytzGu.exe
  C:\Windows\System\ExytzGu.exe
  2⤵
  PID:8124
- C:\Windows\System\ZWFtmjw.exe
  C:\Windows\System\ZWFtmjw.exe
  2⤵
  PID:6480
- C:\Windows\System\kNmFtFt.exe
  C:\Windows\System\kNmFtFt.exe
  2⤵
  PID:2268
- C:\Windows\System\YrAZKtp.exe
  C:\Windows\System\YrAZKtp.exe
  2⤵
  PID:6896
- C:\Windows\System\CowgDOd.exe
  C:\Windows\System\CowgDOd.exe
  2⤵
  PID:5416
- C:\Windows\System\HBMgTRq.exe
  C:\Windows\System\HBMgTRq.exe
  2⤵
  PID:7176
- C:\Windows\System\IMWILZR.exe
  C:\Windows\System\IMWILZR.exe
  2⤵
  PID:7252
- C:\Windows\System\sYcDUEz.exe
  C:\Windows\System\sYcDUEz.exe
  2⤵
  PID:7356
- C:\Windows\System\jfuebWm.exe
  C:\Windows\System\jfuebWm.exe
  2⤵
  PID:7460
- C:\Windows\System\hBEuiHy.exe
  C:\Windows\System\hBEuiHy.exe
  2⤵
  PID:7576
- C:\Windows\System\BqfXiSn.exe
  C:\Windows\System\BqfXiSn.exe
  2⤵
  PID:7756
- C:\Windows\System\gTEfwOa.exe
  C:\Windows\System\gTEfwOa.exe
  2⤵
  PID:7740
- C:\Windows\System\kmlmHuH.exe
  C:\Windows\System\kmlmHuH.exe
  2⤵
  PID:7776
- C:\Windows\System\QpNRTiY.exe
  C:\Windows\System\QpNRTiY.exe
  2⤵
  PID:8212
- C:\Windows\System\jeWfTQi.exe
  C:\Windows\System\jeWfTQi.exe
  2⤵
  PID:8232
- C:\Windows\System\BtIPcHi.exe
  C:\Windows\System\BtIPcHi.exe
  2⤵
  PID:8252
- C:\Windows\System\nOmHDhw.exe
  C:\Windows\System\nOmHDhw.exe
  2⤵
  PID:8272
- C:\Windows\System\oSJttmH.exe
  C:\Windows\System\oSJttmH.exe
  2⤵
  PID:8288
- C:\Windows\System\vjjLyAW.exe
  C:\Windows\System\vjjLyAW.exe
  2⤵
  PID:8312
- C:\Windows\System\YHAYUsp.exe
  C:\Windows\System\YHAYUsp.exe
  2⤵
  PID:8332
- C:\Windows\System\jDuDRoz.exe
  C:\Windows\System\jDuDRoz.exe
  2⤵
  PID:8352
- C:\Windows\System\LAgnedh.exe
  C:\Windows\System\LAgnedh.exe
  2⤵
  PID:8372
- C:\Windows\System\rCeQJsY.exe
  C:\Windows\System\rCeQJsY.exe
  2⤵
  PID:8388
- C:\Windows\System\VhdnOpb.exe
  C:\Windows\System\VhdnOpb.exe
  2⤵
  PID:8416
- C:\Windows\System\iJRLeZO.exe
  C:\Windows\System\iJRLeZO.exe
  2⤵
  PID:8436
- C:\Windows\System\lgJkRYo.exe
  C:\Windows\System\lgJkRYo.exe
  2⤵
  PID:8456
- C:\Windows\System\PMEbRgQ.exe
  C:\Windows\System\PMEbRgQ.exe
  2⤵
  PID:8476
- C:\Windows\System\JtWllnk.exe
  C:\Windows\System\JtWllnk.exe
  2⤵
  PID:8492
- C:\Windows\System\UFmBXvU.exe
  C:\Windows\System\UFmBXvU.exe
  2⤵
  PID:8516
- C:\Windows\System\WOzyoSM.exe
  C:\Windows\System\WOzyoSM.exe
  2⤵
  PID:8536
- C:\Windows\System\LtxrUtb.exe
  C:\Windows\System\LtxrUtb.exe
  2⤵
  PID:8556
- C:\Windows\System\pginsNf.exe
  C:\Windows\System\pginsNf.exe
  2⤵
  PID:8576
- C:\Windows\System\dLAvVAT.exe
  C:\Windows\System\dLAvVAT.exe
  2⤵
  PID:8592
- C:\Windows\System\mwTEqDn.exe
  C:\Windows\System\mwTEqDn.exe
  2⤵
  PID:8608
- C:\Windows\System\fYlxgFN.exe
  C:\Windows\System\fYlxgFN.exe
  2⤵
  PID:8624
- C:\Windows\System\rmzAagg.exe
  C:\Windows\System\rmzAagg.exe
  2⤵
  PID:8640
- C:\Windows\System\ZKxxycM.exe
  C:\Windows\System\ZKxxycM.exe
  2⤵
  PID:8660
- C:\Windows\System\orTxyJE.exe
  C:\Windows\System\orTxyJE.exe
  2⤵
  PID:8676
- C:\Windows\System\Bcdpwsa.exe
  C:\Windows\System\Bcdpwsa.exe
  2⤵
  PID:8716
- C:\Windows\System\EcGBCXH.exe
  C:\Windows\System\EcGBCXH.exe
  2⤵
  PID:8732
- C:\Windows\System\cNoyStC.exe
  C:\Windows\System\cNoyStC.exe
  2⤵
  PID:8752
- C:\Windows\System\Ertjxmd.exe
  C:\Windows\System\Ertjxmd.exe
  2⤵
  PID:8768
- C:\Windows\System\VvtgACF.exe
  C:\Windows\System\VvtgACF.exe
  2⤵
  PID:8784
- C:\Windows\System\mhEoJjr.exe
  C:\Windows\System\mhEoJjr.exe
  2⤵
  PID:8800
- C:\Windows\System\NmrdrZs.exe
  C:\Windows\System\NmrdrZs.exe
  2⤵
  PID:8816
- C:\Windows\System\lxCnBsU.exe
  C:\Windows\System\lxCnBsU.exe
  2⤵
  PID:8832
- C:\Windows\System\DWZBvjU.exe
  C:\Windows\System\DWZBvjU.exe
  2⤵
  PID:8848
- C:\Windows\System\gxqAyIi.exe
  C:\Windows\System\gxqAyIi.exe
  2⤵
  PID:8872
- C:\Windows\System\LNIuDnX.exe
  C:\Windows\System\LNIuDnX.exe
  2⤵
  PID:8908
- C:\Windows\System\OKlcTrd.exe
  C:\Windows\System\OKlcTrd.exe
  2⤵
  PID:8928
- C:\Windows\System\AddKfCY.exe
  C:\Windows\System\AddKfCY.exe
  2⤵
  PID:8944
- C:\Windows\System\sqyNsOG.exe
  C:\Windows\System\sqyNsOG.exe
  2⤵
  PID:8972
- C:\Windows\System\jsUGVkm.exe
  C:\Windows\System\jsUGVkm.exe
  2⤵
  PID:8988
- C:\Windows\System\vBEWweO.exe
  C:\Windows\System\vBEWweO.exe
  2⤵
  PID:9004
- C:\Windows\System\HTjHVDq.exe
  C:\Windows\System\HTjHVDq.exe
  2⤵
  PID:9020
- C:\Windows\System\UlUMnQp.exe
  C:\Windows\System\UlUMnQp.exe
  2⤵
  PID:9036
- C:\Windows\System\AuHtCiI.exe
  C:\Windows\System\AuHtCiI.exe
  2⤵
  PID:9052
- C:\Windows\System\lqPyFWz.exe
  C:\Windows\System\lqPyFWz.exe
  2⤵
  PID:9072
- C:\Windows\System\bEUDXaD.exe
  C:\Windows\System\bEUDXaD.exe
  2⤵
  PID:9092
- C:\Windows\System\pPLIRQV.exe
  C:\Windows\System\pPLIRQV.exe
  2⤵
  PID:9108
- C:\Windows\System\EwCUXSm.exe
  C:\Windows\System\EwCUXSm.exe
  2⤵
  PID:9132
- C:\Windows\System\AweZyml.exe
  C:\Windows\System\AweZyml.exe
  2⤵
  PID:9184
- C:\Windows\System\youqLfi.exe
  C:\Windows\System\youqLfi.exe
  2⤵
  PID:9200
- C:\Windows\System\kPWpWQV.exe
  C:\Windows\System\kPWpWQV.exe
  2⤵
  PID:7860
- C:\Windows\System\CzBdmuz.exe
  C:\Windows\System\CzBdmuz.exe
  2⤵
  PID:7900
- C:\Windows\System\pyHplkE.exe
  C:\Windows\System\pyHplkE.exe
  2⤵
  PID:3552
- C:\Windows\System\zJkrTSe.exe
  C:\Windows\System\zJkrTSe.exe
  2⤵
  PID:6016
- C:\Windows\System\EWWfDOA.exe
  C:\Windows\System\EWWfDOA.exe
  2⤵
  PID:8160
- C:\Windows\System\uKDLrvi.exe
  C:\Windows\System\uKDLrvi.exe
  2⤵
  PID:6352
- C:\Windows\System\yJjhiLY.exe
  C:\Windows\System\yJjhiLY.exe
  2⤵
  PID:2948
- C:\Windows\System\hHSTZES.exe
  C:\Windows\System\hHSTZES.exe
  2⤵
  PID:7268
- C:\Windows\System\rZhTbux.exe
  C:\Windows\System\rZhTbux.exe
  2⤵
  PID:7496
- C:\Windows\System\yAtSzwZ.exe
  C:\Windows\System\yAtSzwZ.exe
  2⤵
  PID:7692
- C:\Windows\System\twwtCqy.exe
  C:\Windows\System\twwtCqy.exe
  2⤵
  PID:8208
- C:\Windows\System\ePTvADx.exe
  C:\Windows\System\ePTvADx.exe
  2⤵
  PID:8204
- C:\Windows\System\RgMyJwx.exe
  C:\Windows\System\RgMyJwx.exe
  2⤵
  PID:8244
- C:\Windows\System\TodoidW.exe
  C:\Windows\System\TodoidW.exe
  2⤵
  PID:8264
- C:\Windows\System\LrPCUZo.exe
  C:\Windows\System\LrPCUZo.exe
  2⤵
  PID:8304
- C:\Windows\System\GypKvsN.exe
  C:\Windows\System\GypKvsN.exe
  2⤵
  PID:8300
- C:\Windows\System\TLnUVZR.exe
  C:\Windows\System\TLnUVZR.exe
  2⤵
  PID:8348
- C:\Windows\System\AdHmxfX.exe
  C:\Windows\System\AdHmxfX.exe
  2⤵
  PID:8396
- C:\Windows\System\xYxTnQs.exe
  C:\Windows\System\xYxTnQs.exe
  2⤵
  PID:8384
- C:\Windows\System\bXFkafA.exe
  C:\Windows\System\bXFkafA.exe
  2⤵
  PID:8428
- C:\Windows\System\Hozybym.exe
  C:\Windows\System\Hozybym.exe
  2⤵
  PID:8500
- C:\Windows\System\PpJyOAI.exe
  C:\Windows\System\PpJyOAI.exe
  2⤵
  PID:8504
- C:\Windows\System\inSZjEP.exe
  C:\Windows\System\inSZjEP.exe
  2⤵
  PID:8552
- C:\Windows\System\GIvMGdf.exe
  C:\Windows\System\GIvMGdf.exe
  2⤵
  PID:8588
- C:\Windows\System\YAxaRkc.exe
  C:\Windows\System\YAxaRkc.exe
  2⤵
  PID:8656
- C:\Windows\System\uuZoPZa.exe
  C:\Windows\System\uuZoPZa.exe
  2⤵
  PID:8692
- C:\Windows\System\OcpPSHh.exe
  C:\Windows\System\OcpPSHh.exe
  2⤵
  PID:3516
- C:\Windows\System\remjKQI.exe
  C:\Windows\System\remjKQI.exe
  2⤵
  PID:8724
- C:\Windows\System\AFARKLi.exe
  C:\Windows\System\AFARKLi.exe
  2⤵
  PID:8744
- C:\Windows\System\OiBamuj.exe
  C:\Windows\System\OiBamuj.exe
  2⤵
  PID:8780
- C:\Windows\System\JWoHotw.exe
  C:\Windows\System\JWoHotw.exe
  2⤵
  PID:8812
- C:\Windows\System\NFLlYod.exe
  C:\Windows\System\NFLlYod.exe
  2⤵
  PID:8844
- C:\Windows\System\wZFheVh.exe
  C:\Windows\System\wZFheVh.exe
  2⤵
  PID:8924
- C:\Windows\System\StkTnwe.exe
  C:\Windows\System\StkTnwe.exe
  2⤵
  PID:8884
- C:\Windows\System\kDSUwDc.exe
  C:\Windows\System\kDSUwDc.exe
  2⤵
  PID:8960
- C:\Windows\System\fdmSgwH.exe
  C:\Windows\System\fdmSgwH.exe
  2⤵
  PID:8956
- C:\Windows\System\pDpRqAw.exe
  C:\Windows\System\pDpRqAw.exe
  2⤵
  PID:9000
- C:\Windows\System\skiSTSF.exe
  C:\Windows\System\skiSTSF.exe
  2⤵
  PID:9032
- C:\Windows\System\JfzGVng.exe
  C:\Windows\System\JfzGVng.exe
  2⤵
  PID:9064
- C:\Windows\System\SrbxHNW.exe
  C:\Windows\System\SrbxHNW.exe
  2⤵
  PID:9100
- C:\Windows\System\lfPzLsJ.exe
  C:\Windows\System\lfPzLsJ.exe
  2⤵
  PID:9124
- C:\Windows\System\DoTQMVl.exe
  C:\Windows\System\DoTQMVl.exe
  2⤵
  PID:9140
- C:\Windows\System\AbUjWzw.exe
  C:\Windows\System\AbUjWzw.exe
  2⤵
  PID:9156
- C:\Windows\System\tHOwJOt.exe
  C:\Windows\System\tHOwJOt.exe
  2⤵
  PID:9172
- C:\Windows\System\PpuIYWJ.exe
  C:\Windows\System\PpuIYWJ.exe
  2⤵
  PID:6792
- C:\Windows\System\JSGjBFl.exe
  C:\Windows\System\JSGjBFl.exe
  2⤵
  PID:2896
- C:\Windows\System\xpwmnqI.exe
  C:\Windows\System\xpwmnqI.exe
  2⤵
  PID:1640
- C:\Windows\System\HJkASHk.exe
  C:\Windows\System\HJkASHk.exe
  2⤵
  PID:576
- C:\Windows\System\FCzlITP.exe
  C:\Windows\System\FCzlITP.exe
  2⤵
  PID:1644
- C:\Windows\System\aoKVgqs.exe
  C:\Windows\System\aoKVgqs.exe
  2⤵
  PID:2572
- C:\Windows\System\CzlMwYo.exe
  C:\Windows\System\CzlMwYo.exe
  2⤵
  PID:8360
- C:\Windows\System\NGLpxnG.exe
  C:\Windows\System\NGLpxnG.exe
  2⤵
  PID:8328
- C:\Windows\System\UVmuqXM.exe
  C:\Windows\System\UVmuqXM.exe
  2⤵
  PID:8412
- C:\Windows\System\UrhCXyX.exe
  C:\Windows\System\UrhCXyX.exe
  2⤵
  PID:1856
- C:\Windows\System\JffzFhf.exe
  C:\Windows\System\JffzFhf.exe
  2⤵
  PID:8472
- C:\Windows\System\uVLdnZB.exe
  C:\Windows\System\uVLdnZB.exe
  2⤵
  PID:2612
- C:\Windows\System\gKLyvxr.exe
  C:\Windows\System\gKLyvxr.exe
  2⤵
  PID:8524
- C:\Windows\System\FdexFwc.exe
  C:\Windows\System\FdexFwc.exe
  2⤵
  PID:1768
- C:\Windows\System\iDiqXGe.exe
  C:\Windows\System\iDiqXGe.exe
  2⤵
  PID:8636
- C:\Windows\System\WNfCkCN.exe
  C:\Windows\System\WNfCkCN.exe
  2⤵
  PID:8700
- C:\Windows\System\wHUtjpb.exe
  C:\Windows\System\wHUtjpb.exe
  2⤵
  PID:1944
- C:\Windows\System\osJgxYD.exe
  C:\Windows\System\osJgxYD.exe
  2⤵
  PID:8600
- C:\Windows\System\klXoAwM.exe
  C:\Windows\System\klXoAwM.exe
  2⤵
  PID:2712
- C:\Windows\System\ePQXjVV.exe
  C:\Windows\System\ePQXjVV.exe
  2⤵
  PID:1160
- C:\Windows\System\lzioRQi.exe
  C:\Windows\System\lzioRQi.exe
  2⤵
  PID:8840
- C:\Windows\System\CtOJpuJ.exe
  C:\Windows\System\CtOJpuJ.exe
  2⤵
  PID:8892
- C:\Windows\System\FDqoLAq.exe
  C:\Windows\System\FDqoLAq.exe
  2⤵
  PID:8936
- C:\Windows\System\vYQqSvM.exe
  C:\Windows\System\vYQqSvM.exe
  2⤵
  PID:9028
- C:\Windows\System\oVhjuip.exe
  C:\Windows\System\oVhjuip.exe
  2⤵
  PID:1360
- C:\Windows\System\lArhJWV.exe
  C:\Windows\System\lArhJWV.exe
  2⤵
  PID:9080
- C:\Windows\System\yAsytNa.exe
  C:\Windows\System\yAsytNa.exe
  2⤵
  PID:9116
- C:\Windows\System\FGhokft.exe
  C:\Windows\System\FGhokft.exe
  2⤵
  PID:9148
- C:\Windows\System\ACtqFSM.exe
  C:\Windows\System\ACtqFSM.exe
  2⤵
  PID:9168
- C:\Windows\System\apaJnuU.exe
  C:\Windows\System\apaJnuU.exe
  2⤵
  PID:2236
- C:\Windows\System\VMtmIYo.exe
  C:\Windows\System\VMtmIYo.exe
  2⤵
  PID:2420
- C:\Windows\System\pPqHZsr.exe
  C:\Windows\System\pPqHZsr.exe
  2⤵
  PID:7896
- C:\Windows\System\qlVOZJL.exe
  C:\Windows\System\qlVOZJL.exe
  2⤵
  PID:2756
- C:\Windows\System\tOVROAc.exe
  C:\Windows\System\tOVROAc.exe
  2⤵
  PID:1128
- C:\Windows\System\YhQjLdQ.exe
  C:\Windows\System\YhQjLdQ.exe
  2⤵
  PID:2464
- C:\Windows\System\gzBUdby.exe
  C:\Windows\System\gzBUdby.exe
  2⤵
  PID:2428
- C:\Windows\System\KwZOfJg.exe
  C:\Windows\System\KwZOfJg.exe
  2⤵
  PID:1560
- C:\Windows\System\KTetCDi.exe
  C:\Windows\System\KTetCDi.exe
  2⤵
  PID:2716
- C:\Windows\System\bHpeicA.exe
  C:\Windows\System\bHpeicA.exe
  2⤵
  PID:7516
- C:\Windows\System\lyuBTLz.exe
  C:\Windows\System\lyuBTLz.exe
  2⤵
  PID:2760
- C:\Windows\System\RiPTsrx.exe
  C:\Windows\System\RiPTsrx.exe
  2⤵
  PID:8240
- C:\Windows\System\gJFQVfN.exe
  C:\Windows\System\gJFQVfN.exe
  2⤵
  PID:1760
- C:\Windows\System\rkLmezq.exe
  C:\Windows\System\rkLmezq.exe
  2⤵
  PID:8364
- C:\Windows\System\aTRHURp.exe
  C:\Windows\System\aTRHURp.exe
  2⤵
  PID:8120
- C:\Windows\System\srQujDi.exe
  C:\Windows\System\srQujDi.exe
  2⤵
  PID:8616
- C:\Windows\System\IabutRf.exe
  C:\Windows\System\IabutRf.exe
  2⤵
  PID:8704
- C:\Windows\System\maujlxA.exe
  C:\Windows\System\maujlxA.exe
  2⤵
  PID:8652
- C:\Windows\System\IDKiRgY.exe
  C:\Windows\System\IDKiRgY.exe
  2⤵
  PID:8488
- C:\Windows\System\kOvHFaz.exe
  C:\Windows\System\kOvHFaz.exe
  2⤵
  PID:8776
- C:\Windows\System\ABAJbLF.exe
  C:\Windows\System\ABAJbLF.exe
  2⤵
  PID:8864
- C:\Windows\System\VpLkgyn.exe
  C:\Windows\System\VpLkgyn.exe
  2⤵
  PID:2560
- C:\Windows\System\wKqtvum.exe
  C:\Windows\System\wKqtvum.exe
  2⤵
  PID:8828
- C:\Windows\System\TVjspBd.exe
  C:\Windows\System\TVjspBd.exe
  2⤵
  PID:8888
- C:\Windows\System\VnHnGxu.exe
  C:\Windows\System\VnHnGxu.exe
  2⤵
  PID:9088
- C:\Windows\System\xWpWEab.exe
  C:\Windows\System\xWpWEab.exe
  2⤵
  PID:1652
- C:\Windows\System\AOGrAUp.exe
  C:\Windows\System\AOGrAUp.exe
  2⤵
  PID:1928
- C:\Windows\System\vJkMXQH.exe
  C:\Windows\System\vJkMXQH.exe
  2⤵
  PID:988
- C:\Windows\System\kjEwJHQ.exe
  C:\Windows\System\kjEwJHQ.exe
  2⤵
  PID:1628
- C:\Windows\System\wZtTkSx.exe
  C:\Windows\System\wZtTkSx.exe
  2⤵
  PID:668
- C:\Windows\System\iPNLTtV.exe
  C:\Windows\System\iPNLTtV.exe
  2⤵
  PID:2140
- C:\Windows\System\iBiFHfs.exe
  C:\Windows\System\iBiFHfs.exe
  2⤵
  PID:7636
- C:\Windows\System\keveViS.exe
  C:\Windows\System\keveViS.exe
  2⤵
  PID:8544
- C:\Windows\System\QoXGgzG.exe
  C:\Windows\System\QoXGgzG.exe
  2⤵
  PID:8248
- C:\Windows\System\jvmxOEe.exe
  C:\Windows\System\jvmxOEe.exe
  2⤵
  PID:2832
- C:\Windows\System\bQOVIlG.exe
  C:\Windows\System\bQOVIlG.exe
  2⤵
  PID:8568
- C:\Windows\System\NnfmZLl.exe
  C:\Windows\System\NnfmZLl.exe
  2⤵
  PID:8796
- C:\Windows\System\DwIAVtV.exe
  C:\Windows\System\DwIAVtV.exe
  2⤵
  PID:8952
- C:\Windows\System\wEEJzhT.exe
  C:\Windows\System\wEEJzhT.exe
  2⤵
  PID:1984
- C:\Windows\System\HLGSNHM.exe
  C:\Windows\System\HLGSNHM.exe
  2⤵
  PID:2288
- C:\Windows\System\PiLYKqa.exe
  C:\Windows\System\PiLYKqa.exe
  2⤵
  PID:1964
- C:\Windows\System\tgxrGQR.exe
  C:\Windows\System\tgxrGQR.exe
  2⤵
  PID:1416
- C:\Windows\System\cLLjbWK.exe
  C:\Windows\System\cLLjbWK.exe
  2⤵
  PID:8728
- C:\Windows\System\YeWpOYs.exe
  C:\Windows\System\YeWpOYs.exe
  2⤵
  PID:6820
- C:\Windows\System\kDggnna.exe
  C:\Windows\System\kDggnna.exe
  2⤵
  PID:8584
- C:\Windows\System\oEVlQqg.exe
  C:\Windows\System\oEVlQqg.exe
  2⤵
  PID:8968
- C:\Windows\System\xsLwqHO.exe
  C:\Windows\System\xsLwqHO.exe
  2⤵
  PID:8464
- C:\Windows\System\xWJHUPV.exe
  C:\Windows\System\xWJHUPV.exe
  2⤵
  PID:8712
- C:\Windows\System\jfQQxzW.exe
  C:\Windows\System\jfQQxzW.exe
  2⤵
  PID:9060
- C:\Windows\System\rBdsTah.exe
  C:\Windows\System\rBdsTah.exe
  2⤵
  PID:8320
- C:\Windows\System\iuJabDH.exe
  C:\Windows\System\iuJabDH.exe
  2⤵
  PID:7480
- C:\Windows\System\QNVQbeq.exe
  C:\Windows\System\QNVQbeq.exe
  2⤵
  PID:9220
- C:\Windows\System\QJtrddG.exe
  C:\Windows\System\QJtrddG.exe
  2⤵
  PID:9236
- C:\Windows\System\lOyuWnx.exe
  C:\Windows\System\lOyuWnx.exe
  2⤵
  PID:9252
- C:\Windows\System\CCLyAWT.exe
  C:\Windows\System\CCLyAWT.exe
  2⤵
  PID:9268
- C:\Windows\System\DHVyHFw.exe
  C:\Windows\System\DHVyHFw.exe
  2⤵
  PID:9284
- C:\Windows\System\jWOVTXj.exe
  C:\Windows\System\jWOVTXj.exe
  2⤵
  PID:9300
- C:\Windows\System\wZKVmiP.exe
  C:\Windows\System\wZKVmiP.exe
  2⤵
  PID:9320
- C:\Windows\System\NrPxkSS.exe
  C:\Windows\System\NrPxkSS.exe
  2⤵
  PID:9336
- C:\Windows\System\LWYMaxt.exe
  C:\Windows\System\LWYMaxt.exe
  2⤵
  PID:9352
- C:\Windows\System\orDsYdo.exe
  C:\Windows\System\orDsYdo.exe
  2⤵
  PID:9368
- C:\Windows\System\cKrXYIF.exe
  C:\Windows\System\cKrXYIF.exe
  2⤵
  PID:9384
- C:\Windows\System\FTOfZYi.exe
  C:\Windows\System\FTOfZYi.exe
  2⤵
  PID:9400
- C:\Windows\System\juoGYyb.exe
  C:\Windows\System\juoGYyb.exe
  2⤵
  PID:9416
- C:\Windows\System\AUyJmNF.exe
  C:\Windows\System\AUyJmNF.exe
  2⤵
  PID:9432
- C:\Windows\System\gVyNfSx.exe
  C:\Windows\System\gVyNfSx.exe
  2⤵
  PID:9448
- C:\Windows\System\yWrQVre.exe
  C:\Windows\System\yWrQVre.exe
  2⤵
  PID:9464
- C:\Windows\System\uoDhGGn.exe
  C:\Windows\System\uoDhGGn.exe
  2⤵
  PID:9484
- C:\Windows\System\vdxfwyV.exe
  C:\Windows\System\vdxfwyV.exe
  2⤵
  PID:9500
- C:\Windows\System\KKMLHSW.exe
  C:\Windows\System\KKMLHSW.exe
  2⤵
  PID:9516
- C:\Windows\System\KlxXolS.exe
  C:\Windows\System\KlxXolS.exe
  2⤵
  PID:9532
- C:\Windows\System\rouLAVX.exe
  C:\Windows\System\rouLAVX.exe
  2⤵
  PID:9548
- C:\Windows\System\qBQgzEW.exe
  C:\Windows\System\qBQgzEW.exe
  2⤵
  PID:9564
- C:\Windows\System\cXpzMUH.exe
  C:\Windows\System\cXpzMUH.exe
  2⤵
  PID:9584
- C:\Windows\System\JMWVKkr.exe
  C:\Windows\System\JMWVKkr.exe
  2⤵
  PID:9600
- C:\Windows\System\utXpPvm.exe
  C:\Windows\System\utXpPvm.exe
  2⤵
  PID:9624
- C:\Windows\System\EpdbSag.exe
  C:\Windows\System\EpdbSag.exe
  2⤵
  PID:9652
- C:\Windows\System\hNOICwZ.exe
  C:\Windows\System\hNOICwZ.exe
  2⤵
  PID:9676
- C:\Windows\System\UTIYhMa.exe
  C:\Windows\System\UTIYhMa.exe
  2⤵
  PID:9724
- C:\Windows\System\ukBmhox.exe
  C:\Windows\System\ukBmhox.exe
  2⤵
  PID:9764
- C:\Windows\System\jGsUGHw.exe
  C:\Windows\System\jGsUGHw.exe
  2⤵
  PID:9880
- C:\Windows\System\bErOmGB.exe
  C:\Windows\System\bErOmGB.exe
  2⤵
  PID:9896
- C:\Windows\System\bGhqpaR.exe
  C:\Windows\System\bGhqpaR.exe
  2⤵
  PID:9916
- C:\Windows\System\vEfvlsG.exe
  C:\Windows\System\vEfvlsG.exe
  2⤵
  PID:9932
- C:\Windows\System\SUAGKQu.exe
  C:\Windows\System\SUAGKQu.exe
  2⤵
  PID:9948
- C:\Windows\System\PwmcvoU.exe
  C:\Windows\System\PwmcvoU.exe
  2⤵
  PID:9964
- C:\Windows\System\SkprWvR.exe
  C:\Windows\System\SkprWvR.exe
  2⤵
  PID:9980
- C:\Windows\System\NQLWznN.exe
  C:\Windows\System\NQLWznN.exe
  2⤵
  PID:9996
- C:\Windows\System\xrIfEvO.exe
  C:\Windows\System\xrIfEvO.exe
  2⤵
  PID:10012
- C:\Windows\System\uDteWYB.exe
  C:\Windows\System\uDteWYB.exe
  2⤵
  PID:10028
- C:\Windows\System\bOJgsVQ.exe
  C:\Windows\System\bOJgsVQ.exe
  2⤵
  PID:10048
- C:\Windows\System\xEktOfA.exe
  C:\Windows\System\xEktOfA.exe
  2⤵
  PID:10064
- C:\Windows\System\SKftJzF.exe
  C:\Windows\System\SKftJzF.exe
  2⤵
  PID:10080
- C:\Windows\System\dniQiGq.exe
  C:\Windows\System\dniQiGq.exe
  2⤵
  PID:10096
- C:\Windows\System\yNsvZMm.exe
  C:\Windows\System\yNsvZMm.exe
  2⤵
  PID:10112
- C:\Windows\System\yXkevaA.exe
  C:\Windows\System\yXkevaA.exe
  2⤵
  PID:10128
- C:\Windows\System\yjjwyga.exe
  C:\Windows\System\yjjwyga.exe
  2⤵
  PID:10144
- C:\Windows\System\juPWtSK.exe
  C:\Windows\System\juPWtSK.exe
  2⤵
  PID:10160
- C:\Windows\System\OBtVzAX.exe
  C:\Windows\System\OBtVzAX.exe
  2⤵
  PID:10176
- C:\Windows\System\HjtpiTe.exe
  C:\Windows\System\HjtpiTe.exe
  2⤵
  PID:10196
- C:\Windows\System\NJcYGEr.exe
  C:\Windows\System\NJcYGEr.exe
  2⤵
  PID:10212
- C:\Windows\System\ySHHKBr.exe
  C:\Windows\System\ySHHKBr.exe
  2⤵
  PID:7228
- C:\Windows\System\oJdHJvU.exe
  C:\Windows\System\oJdHJvU.exe
  2⤵
  PID:8940
- C:\Windows\System\bHIUeMC.exe
  C:\Windows\System\bHIUeMC.exe
  2⤵
  PID:9308
- C:\Windows\System\pHWXvMg.exe
  C:\Windows\System\pHWXvMg.exe
  2⤵
  PID:9344
- C:\Windows\System\UzuDCzF.exe
  C:\Windows\System\UzuDCzF.exe
  2⤵
  PID:9292
- C:\Windows\System\wnvmlVq.exe
  C:\Windows\System\wnvmlVq.exe
  2⤵
  PID:9380
- C:\Windows\System\LPmufvz.exe
  C:\Windows\System\LPmufvz.exe
  2⤵
  PID:9440
- C:\Windows\System\wQCAdLp.exe
  C:\Windows\System\wQCAdLp.exe
  2⤵
  PID:9328
- C:\Windows\System\hEyPcHV.exe
  C:\Windows\System\hEyPcHV.exe
  2⤵
  PID:9460
- C:\Windows\System\odoqEQh.exe
  C:\Windows\System\odoqEQh.exe
  2⤵
  PID:9476
- C:\Windows\System\UVtlgHE.exe
  C:\Windows\System\UVtlgHE.exe
  2⤵
  PID:9492
- C:\Windows\System\nvowbMQ.exe
  C:\Windows\System\nvowbMQ.exe
  2⤵
  PID:9556
- C:\Windows\System\LgtsldC.exe
  C:\Windows\System\LgtsldC.exe
  2⤵
  PID:9572
- C:\Windows\System\gNpuTyf.exe
  C:\Windows\System\gNpuTyf.exe
  2⤵
  PID:9596
- C:\Windows\System\nffZwhd.exe
  C:\Windows\System\nffZwhd.exe
  2⤵
  PID:9632
- C:\Windows\System\zvBrqZs.exe
  C:\Windows\System\zvBrqZs.exe
  2⤵
  PID:9644
- C:\Windows\System\XmXxrnp.exe
  C:\Windows\System\XmXxrnp.exe
  2⤵
  PID:9672
- C:\Windows\System\CznEmTI.exe
  C:\Windows\System\CznEmTI.exe
  2⤵
  PID:9692
- C:\Windows\System\IFTZYsm.exe
  C:\Windows\System\IFTZYsm.exe
  2⤵
  PID:9708
- C:\Windows\System\iONFZOd.exe
  C:\Windows\System\iONFZOd.exe
  2⤵
  PID:9732
- C:\Windows\System\TYykSwP.exe
  C:\Windows\System\TYykSwP.exe
  2⤵
  PID:9752
- C:\Windows\System\dEdQZql.exe
  C:\Windows\System\dEdQZql.exe
  2⤵
  PID:9784
- C:\Windows\System\PkwwfUw.exe
  C:\Windows\System\PkwwfUw.exe
  2⤵
  PID:9836
- C:\Windows\System\rgcWNfh.exe
  C:\Windows\System\rgcWNfh.exe
  2⤵
  PID:9908
- C:\Windows\System\TLZoitp.exe
  C:\Windows\System\TLZoitp.exe
  2⤵
  PID:9856
- C:\Windows\System\xRfsrtX.exe
  C:\Windows\System\xRfsrtX.exe
  2⤵
  PID:9904
- C:\Windows\System\DIdmiMr.exe
  C:\Windows\System\DIdmiMr.exe
  2⤵
  PID:9892
- C:\Windows\System\LqdloiS.exe
  C:\Windows\System\LqdloiS.exe
  2⤵
  PID:9924
- C:\Windows\System\zYoPArx.exe
  C:\Windows\System\zYoPArx.exe
  2⤵
  PID:9928
- C:\Windows\System\AEHFWHt.exe
  C:\Windows\System\AEHFWHt.exe
  2⤵
  PID:9960
- C:\Windows\System\yYVqVNX.exe
  C:\Windows\System\yYVqVNX.exe
  2⤵
  PID:10024
- C:\Windows\System\gxiokrB.exe
  C:\Windows\System\gxiokrB.exe
  2⤵
  PID:10088
- C:\Windows\System\CFKoidQ.exe
  C:\Windows\System\CFKoidQ.exe
  2⤵
  PID:10152
- C:\Windows\System\gQChtjl.exe
  C:\Windows\System\gQChtjl.exe
  2⤵
  PID:10172
- C:\Windows\System\aEttIjA.exe
  C:\Windows\System\aEttIjA.exe
  2⤵
  PID:10140
- C:\Windows\System\LKwcsKn.exe
  C:\Windows\System\LKwcsKn.exe
  2⤵
  PID:10192
- C:\Windows\System\RBbrHPs.exe
  C:\Windows\System\RBbrHPs.exe
  2⤵
  PID:4988
- C:\Windows\System\KSpWeSr.exe
  C:\Windows\System\KSpWeSr.exe
  2⤵
  PID:9276
- C:\Windows\System\TZQFnyb.exe
  C:\Windows\System\TZQFnyb.exe
  2⤵
  PID:9228
- C:\Windows\System\XHuQMvF.exe
  C:\Windows\System\XHuQMvF.exe
  2⤵
  PID:9472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ApBpZJm.exe

Filesize
6.0MB

MD5
ebce506359c698af57715c8f18296848

SHA1
ce3d25357c11a2f5cbf7b392346e9b74aaa37a35

SHA256
58a8c917a7e6a2c0e08c0ef48fa242073047819bb70dd4ee8b955153cb3965fb

SHA512
67be6328fdc8c615f9cbcb11972185a421de4e33950a977f676779b9305c953766a8316811dae91903c473d740fe05cccf005bea40f3903decc61a8d5c742c68

Download Submit
C:\Windows\system\BtuNqBe.exe

Filesize
6.0MB

MD5
ac9bdb66fbcb8b38f4f538678ce7f8a8

SHA1
a7f65a8edabf916c48168c4c19180824bbc5cb00

SHA256
b2256b838a90e6ea2a88ad7df4ef07d77ee5d6d4ecaec90c9682ea4c885b450d

SHA512
9f501302047d53ddc9c6b2348bffaf8924c41c44ae88fd6d025de55ec56e9a90a01ad1a49317f382a9d81b0e8ce338050febe9ff84e8fbbe2653044866148c3e

Download Submit
C:\Windows\system\GtjQWSv.exe

Filesize
6.0MB

MD5
cd13741a5292ce4d04cacac9c403cf26

SHA1
8c28dd01638833f43426c1ef361ac29f7a19229b

SHA256
5f1eb17b6297988373c894b791681b28c8b8e7efa11d8aa634ee2693f4e205f9

SHA512
ec2fae428a9e0ecde7813af0334f7fcb3d3ec64a5783b2fca94b806fdb69752fba7f0f72432e811db70564d7aae6c1beae23f83cf4f1800b2bf1345d34df02aa

Download Submit
C:\Windows\system\KpViJrM.exe

Filesize
6.0MB

MD5
c093b9882ce89714b9db5e23f295b4a2

SHA1
1e92beb6689aa7966d129128e00dfff002d5b35a

SHA256
dec663edf380f15fc9505d7a2e714e31c007f9786755214539339488e75427ab

SHA512
208a3815000dbb1be5caa7b1063f4d9373e8db40fb6966daebf6a5ca74757db0d90c882ea6243b5d5c8b82a016faf060c5cdbda1a4d392d20204aaa0bcb918e8

Download Submit
C:\Windows\system\LatcgvE.exe

Filesize
6.0MB

MD5
283ca3dcac240658d89989d139b4e614

SHA1
5aed6cd129958fc745c1e77e4db2990d6c770abb

SHA256
2b8a383ff84ce08cf7051bc9fa6ea729c65fbfd04d120ea1a58bda18dda37b05

SHA512
b151d40780ff99a40308c23f8f5f5730058b2b2899a51bf7ad5a12b46ebe46529d375644c662345507dc3e8fd9430c67cc348395e508f6768e230ec525045df1

Download Submit
C:\Windows\system\NtPlrjW.exe

Filesize
6.0MB

MD5
0620960c8076f718fadf97e0df89b707

SHA1
c3444654bbafc7e8387d6de85e9bbfbd6ba59191

SHA256
aa9dd8778892560be8fff9cd702d4fca7162f5ead5e31760227554eea259cba8

SHA512
1a5b07e4e2fc843765c97f97067cced501b6388cedd00ee28c4f04027dc2acb4335e937354690fa0659f6b956607f5bd74c23e93971b3748eb8383bfdcfbf2d6

Download Submit
C:\Windows\system\OlVkMMB.exe

Filesize
6.0MB

MD5
d4d45c250a8376ab432d42a9ec290385

SHA1
8dd8191d8707bf0c71e91754121bdc04318a210f

SHA256
df6de256ae317f25f7e56a515a2a5309d4a33c718e62c9f04e036962451ea1ad

SHA512
4157ff33850ca6e2364384e3d8689953a89ee258496f4f937110174be5363cfb67ed3d3bfd3274e4fbccc4edcfafe541220776cbed17be14ebf090116f5c3528

Download Submit
C:\Windows\system\OthyJeG.exe

Filesize
6.0MB

MD5
25e86d576d79b317875b1531726d6405

SHA1
f3a7af6dec82a3183bff0e3ffc639edbe475d6e6

SHA256
9dbad0d369cfa5526f5b6205a967d6a0d624dcf319826fedd2fd9c304f2e3cb8

SHA512
9ee816982d80ae66ef57aa7806e1987f6d6f7ce35f9ef358a7d0043d50b4ed68355e1d6cff14a9852cd772533390601851a9da81d5dd8d5660accce39db16de9

Download Submit
C:\Windows\system\PODJYkT.exe

Filesize
6.0MB

MD5
f72ee7e0d139fd56550a3ac866c228ac

SHA1
9b97d2ccd4eb1bb2d2a802dac826e471c2298789

SHA256
9bebbbc82bdc28dfa41e680d2890f19cad4d8e783339947f6ef5d4adea42d930

SHA512
f7557617463ca26694fbcd0f0cb8494e7a49a8af58b65938f97b1a78d2990492c552411a95db79e1b7fa79914338e6f1d0936cb718147cf69dad16a1b32b36a0

Download Submit
C:\Windows\system\QRuMvLx.exe

Filesize
6.0MB

MD5
90a906e40345303c854045e50da14457

SHA1
3b1bff43a4b319792cfa5ace90d2b5435bf41a2a

SHA256
4d0a9149ef0cd5976f1a2b6476a2603c2b30637ba133b5a2dd5268654a669957

SHA512
7ac0e4848b78754de8d02f69dbab7f762de33ded56fafa9eed74c1907ff2c2877587a93528cbcc6ec5406af6fa5de03753e40059271a49605d011840f3405dbe

Download Submit
C:\Windows\system\Rztaprc.exe

Filesize
6.0MB

MD5
865e2b4555e0ecfa7146d2022968e477

SHA1
c160f4b7a976c378327b534df0d6dcfb85290c42

SHA256
b79c69f8f636de857ef6f52c778dac3e30a2c2611ea4b9ab2180eb69a8b500f8

SHA512
2cec50cb07dc0018dcf5f025dd6a6feb8ce72da4144269bbdc84b5879b420aaad014fbaf46b79f403c77298b9d84bc48cb0ed536e757e71c7464a779dc409c57

Download Submit
C:\Windows\system\SBfnpMv.exe

Filesize
6.0MB

MD5
7a6218ffac4dfcaf7026f4f587b3c9ec

SHA1
08b6401d0ba4de537996928d3a20ce7786b539a8

SHA256
4d21800341aecc2e161930fbd26760209f2c56d99d4c21d3127298664084d01c

SHA512
46e54337d043ad2f4fa32112190c4f71426d8bbecb5a28b4a9cf74386657f8621087b21c433b7303bf43dff55eaf3aa5efdc8c4100c3add3e78962c5a4e78bf3

Download Submit
C:\Windows\system\UHcwNLG.exe

Filesize
6.0MB

MD5
26eafb38bf741d09871e2f0411f911f1

SHA1
40e75b67c34507726ea9903da5df8d0077229ce3

SHA256
af0b82355973d9e1c64b9dd79d9c7c8bd9d6b2b10f27c277299e6a4fad706dad

SHA512
16368d25ceaba2e92d052557a379628c2aa5e328aa63c3940941050cdc7d497b576125fa325e3974befc168a63fcea358f369325c7478db46337b2397c0975e4

Download Submit
C:\Windows\system\XzCmVEf.exe

Filesize
6.0MB

MD5
a77500b99bc1ba225ccc295448328ce2

SHA1
6e4b146d00d40dc8dc840b8a6aa8a82e77259f66

SHA256
587c42bf863d7955e3caef658dc3274a5afc07e21a709c264f48c92824f359de

SHA512
6c831d396ce62403d1c9b037f3a63a09f46a3a1cae2d775cb0f754b9247d59930f25134a98e9290c08f725deadadd496a816a44ea9ffac34cfa9f7f2084ffc3b

Download Submit
C:\Windows\system\ZuqBbWM.exe

Filesize
6.0MB

MD5
243810cf611bc1cd0a0629b795fb5ff9

SHA1
0e4d91dedcf108ca128e870a6254f63766bcc2f6

SHA256
a9022bbeb543b57819427654ec669f27b47ec6ee2f2f545c807c37dcce6bba56

SHA512
bcd8f0bf5fd8332340bf16e799d59b11d17b2160ae0b2ad3cbc878afcc4ff45b3a95165118763db49179c89857e4f7f086b33675ae4b8652b347f0c15d1ac03f

Download Submit
C:\Windows\system\bMSpdpt.exe

Filesize
6.0MB

MD5
5d7dcf1af2cdb17f3119cf8372ca731f

SHA1
c8ce90bccdb482d5d723271e951ae187fb11e0f6

SHA256
909e332b0883f7e28f51923ea9b6e085d624e66cd85a71bbb634d10d5215977e

SHA512
6ccf8982e7c59518a676cc54710613fee85b914d9aba0a133ce11f6c8b151980d6ffc2dd7e44016753c61abd4d9bc9adceba5d768184abf2a74736bd4b9e98ba

Download Submit
C:\Windows\system\cPUzQzJ.exe

Filesize
6.0MB

MD5
3f70bbb5d98e01d6631d45459960ff71

SHA1
dc5c5e93a48ba6ce9bb57d3f1c43fe0f31661c5d

SHA256
d99b683a0a2aca2ff2c222ed29e4f6ef3830dd92a071c9aaa2bd8834cbfdf9d3

SHA512
25d803bfb5884ed1e927f7eb001cfc4800e90d6a47a4799253870ff9bcd2a08bbdf1f87b9957fa2a2ba40fe88329ae2324a0367dd78ea8d006eebb04e8d8e287

Download Submit
C:\Windows\system\cjjpfIc.exe

Filesize
6.0MB

MD5
0707ad2a0c617890c4482f67a9e4882d

SHA1
8589ba54a5d7f617caca3c65cdfd8f9c5408dba9

SHA256
f511db3fd38a1ce1fae1e9fe0d4897b9dbe0c027af7039697a5b85fef2acd10c

SHA512
ea0b279274c2d015fbdeb0bdd8544b9c2c727dc57561629eb1fc47249ff6e012cf3a42223f3c5978b92153523357831103c5bc49e02abd9cb2adc733290f8e84

Download Submit
C:\Windows\system\ctYjRZp.exe

Filesize
6.0MB

MD5
9f3e489e0e1eae27381189378ccd8ce8

SHA1
3ec8c6ee29eacfd193f245e019da35f0283c6a9c

SHA256
eb7d5a438e54b314e2547418d837d106f088d89548c89cb73513e743e677d597

SHA512
3b2139b2cd10a95a1001ce902ce7de669549771744e78eafad97bf03e8ef9aae1e4e0ab3817ea84ad89c3101733250dca301942cc131a37cac86f3713ac0a511

Download Submit
C:\Windows\system\cxBqPUH.exe

Filesize
6.0MB

MD5
b357c59d63c39e3ca53f1e93c800d32e

SHA1
363c0df3aaaac9ac3493e0125f4714b6fb59eea3

SHA256
93deec577f022dc9da5b506e1eb176f68bed9c95a974aa2ff25c75e1f049a683

SHA512
681a7ca6a9086624284b2a330eac2991a8e79a67c6195d060a8b70d5c2e884338f0aa1591e9fcfb3b7b5fbde1b7f1fe1e900a70d5b8806ecf959f5cd9e76aea7

Download Submit
C:\Windows\system\fbipoSU.exe

Filesize
6.0MB

MD5
cc570d7cc9cca45bd7646f3f2d6bd882

SHA1
46db2a2a95ab97603819f8cbc1ca619d9f952209

SHA256
038ef987fcb0e7847ea19e31d3d1d94845114d260f7d689c655f21bc01e0d904

SHA512
4cfcecda19c2f79baa97aa66e936ec652a2a36371d9ce6c989d2d63b44a3c88b62e9cfe2514ff0f8d413e5e4cf247a2bc9fbb9bd160dbd2d31854b80011bc469

Download Submit
C:\Windows\system\jTWLUZE.exe

Filesize
6.0MB

MD5
c2c74e5752536630bdb7fc6626e8d155

SHA1
d32ccae7d8bc528607452d5dfbd4cedaa392812b

SHA256
5b18dbb02a26d122f27d6876765fdd6bb80cb4aa41e33561aaf54105d31b772a

SHA512
fa89be0bf3280480230499a3f74771e921e47987705d613c8d79882715399f0f91ff2d61541259c86adc65e3dcea15bc086c04c9e2b542dec97889843e55e90f

Download Submit
C:\Windows\system\nmHrQyl.exe

Filesize
6.0MB

MD5
8d9604c0d19cc6838255f44c89df1a5a

SHA1
fae1f04b6ef66ef444ae14fb3ae9732c602583e3

SHA256
7d44d22dfbe8a197da73163f6679162dda8967ebb4019643e045ef8715baac16

SHA512
62809e45801ea5cb58cb7fc87e5ae42ef481c627d84322ea8f2e9ba5dee8f7def98f542428ff1407954067e4ca1951544f059791603808ac3f451f90a4f715ec

Download Submit
C:\Windows\system\ooXaGhe.exe

Filesize
6.0MB

MD5
3b4a79609af709c76704cc057841b127

SHA1
32d7fa8b8a3a2f70784aa0c23382ecd6f7bf4747

SHA256
ff14b8501acfafbdf9aad9bb4e1e0059738c6f189e7cb08d3dc4dff177d770f5

SHA512
af461e68d5d8aef355faf23e1c939d97bab6f913e05a7553f766b9c99abd1472e416b4d8acdea820a99424b53711ea546ea896ba9ebcd3c4a62d56c6a58463b2

Download Submit
C:\Windows\system\uEgDNBp.exe

Filesize
6.0MB

MD5
f7b9031b03dee8da8662c74de0e6aa1a

SHA1
a0282a3ca68bc65f9de871e71f61a27005a0fe81

SHA256
ecc112bd0e713e58ac8bede3702cea20246ca5d61b7d4b003eefc4b5bc4b901a

SHA512
c621ca17f7673d6551232c56ad46a8b214c53d4668c910661fd7b5c8b7adc83a6a9ac983b60fa5a098d44be47308c063085ab92686522ad5a2e5c925dfa7bdb3

Download Submit
C:\Windows\system\uyOiAWm.exe

Filesize
6.0MB

MD5
9b52c5817932e826b19195757dd0fac0

SHA1
6236ab1ee6ac8d382a67febd41b1b8cf17cc36fd

SHA256
1522032277ba1c865efc0f9c7846ec46d0838b2393b729dff04e71fd3c5c3532

SHA512
7cacaec6daba2d1030c9735ffe609fdd27e6689cfd332b1bff114b863c4eb15a4d6263e48d8991461db353c032e6debc438db110cdd1b1ab32c0f5257ed9baec

Download Submit
C:\Windows\system\wLzCpya.exe

Filesize
6.0MB

MD5
dd4f42d3ba6a9cef7637fdedb6ace86c

SHA1
fff685d08a322a06a0fede9eba85ce4e1166706b

SHA256
774f0b91d14656a121f1958083ace5b3f678f546a26f50d4277129bbba08f367

SHA512
10e5dfeebf2568faba111798fd80183e9890dcee9e5b37dafd1226a12f195dcff13d267897d472edc9f0fa31f07585d8b5861024ecf4163275725ddbde9cd8fb

Download Submit
\Windows\system\TryWxXc.exe

Filesize
6.0MB

MD5
385654fb5c32226945843520ccd1a008

SHA1
3f929cdd6852c15969a61ce8b0b93c3f864fe5fa

SHA256
75b03ba46826eb2e1d562dd5593fa09cca9c8cda3e8789b105bb20771ba93ba8

SHA512
201d2907201fecd0991aa73848a966cc6ff3ab84b5f4d58fe75175e8a6539d091be4ab053ef22c570133ef10e8837af8563b104c452ab354a98b4f5930dcca11

Download Submit
\Windows\system\UzeSVto.exe

Filesize
6.0MB

MD5
4a5773153df326e50444c9407f13782f

SHA1
146ddab5335c58e465c545d4eda386addc1a74e3

SHA256
322e73959d3f29d3d78fa0e8e634d284c4996828cf026ad5337fef0950cf8596

SHA512
fd493998081824c57765a4ec1cd173a824ad6883041f528c961fd40e274c3e428b028707c96d56d2339c052acdf113edf578c55431c48e47aa15f2c54842d290

Download Submit
\Windows\system\VDUTMUq.exe

Filesize
6.0MB

MD5
0d0d166d1f1b39d866142d2ab191cc3e

SHA1
8c6e95effb40049358543b391e9b028f1fdbe3c1

SHA256
ce476b8aff0ae3e32bc1721d8bfe16183484ab11182f664a2f2ad5f18af1d5f5

SHA512
a304d68e283c60f83906ef9a0b640a07686339da91d7ba2ad10ad991fe54b7d839fdec41fb6247846d55011678ba7a45ff7e95b1333e5a55ea4f0c68fc63ff42

Download Submit
\Windows\system\aFOVCjz.exe

Filesize
6.0MB

MD5
1e10868e43991a2596571761bfda7cd9

SHA1
db0ae0f4fd8430877cc994e80b1d7ba548261edf

SHA256
9bdc9feae0e3b82477609466601f7db839c1e25d646ed57f0fb201e4318b3e56

SHA512
cdb8fda4ddc4aac4e4622bd35c0df136b764abbd11a1ad40cdfc0d32454befe9822d4620300bbaf8ad1e9d00d91474e15e97356fbe8b08ef4e3a8e702205d6a8

Download Submit
\Windows\system\bxeKDBh.exe

Filesize
6.0MB

MD5
50b63a8392b6ea56bf5dc0f875b86ede

SHA1
3a07ac2c73e6a34e168431b06cefdb7a8b8c0dfe

SHA256
d27eebdc27c4d831eb4209440a3980914e9490548a8f6c2c1fae029afda76b50

SHA512
87450f2f30e1f9204054fe179bac38bfa914579c8aa6139bdeef39e8b48f9c6ce080b2f55a9f1674511d8509132000c16a2770ca4b2ed2c1bc7271e0a424482b

Download Submit
\Windows\system\kLFmtYR.exe

Filesize
6.0MB

MD5
8c31e3108bce94ede2f72a614451b350

SHA1
9e0618407647c76bfb4660600dee8b9548da0d3a

SHA256
b8ec32a22d35e2d7abe0d5135df9eada567f145d5d45086169349ab246d8c525

SHA512
2ff47d81b1c24c744b50e1cda49448aa11b403585960f0e8d987f212a428e6d715e465cfa58b9e32bdb4809ae5cdb8252239194afec04f96ef6320fbf82e5bfe

Download Submit
memory/484-68-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/484-642-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/484-3802-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/644-85-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/644-739-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/644-3804-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/1076-63-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-3806-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2156-106-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2608-53-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3814-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-70-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2616-34-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3812-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2672-837-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-86-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3811-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-80-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2680-21-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2680-67-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-27-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2680-468-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-88-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2680-641-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-107-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-836-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2680-87-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2680-37-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2680-36-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2680-934-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2680-49-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-9-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-0-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2688-39-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3807-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2688-103-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3810-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-22-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-31-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3801-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2752-69-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2808-62-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2808-14-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3813-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2940-15-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-3805-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-3803-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/3028-104-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/3060-56-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3808-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download