cobaltstrike | 7212e8d19961e28345be0da4b88774fbf44a1635090858da7dcbf8d97556cfe8

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 01:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0221ebdfbf3fd33eca2da642e864d186
SHA1

dad67e288aea84c885c3326ca262f87a7d785756
SHA256

7212e8d19961e28345be0da4b88774fbf44a1635090858da7dcbf8d97556cfe8
SHA512

bc3a4f02b4b063ef2a60e3cd554971f862b31e900e7c91c76550341249ba2541d8b58aead3f3c97e53b191d8e5cca0ccc8a4dc1053895ac696a30d384e433365
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU+:T+q56utgpPF8u/7+

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016855-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd1-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c84-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cfc-31.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fc-46.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017525-66.dat	cobalt_reflective_dll
behavioral1/files/0x000d00000001866e-76.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019353-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019256-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001928c-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-126.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-111.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-116.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-106.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-101.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-96.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-91.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018792-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018687-81.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018663-71.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a2-61.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017487-56.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017472-51.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d36-41.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d25-37.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c62-9.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 56 IoCs

miner

resource	yara_rule
behavioral1/memory/2268-0-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x0008000000012117-3.dat	xmrig
behavioral1/files/0x0008000000016855-11.dat	xmrig
behavioral1/memory/2852-16-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cd1-27.dat	xmrig
behavioral1/files/0x0007000000016c84-23.dat	xmrig
behavioral1/files/0x0007000000016cfc-31.dat	xmrig
behavioral1/files/0x00060000000173fc-46.dat	xmrig
behavioral1/files/0x0006000000017525-66.dat	xmrig
behavioral1/files/0x000d00000001866e-76.dat	xmrig
behavioral1/files/0x00050000000191d4-121.dat	xmrig
behavioral1/files/0x0005000000019353-162.dat	xmrig
behavioral1/files/0x0005000000019284-153.dat	xmrig
behavioral1/files/0x0005000000019263-145.dat	xmrig
behavioral1/files/0x000500000001922c-139.dat	xmrig
behavioral1/files/0x0005000000019244-136.dat	xmrig
behavioral1/files/0x0005000000019256-135.dat	xmrig
behavioral1/files/0x000500000001928c-159.dat	xmrig
behavioral1/files/0x0005000000019266-151.dat	xmrig
behavioral1/files/0x0005000000019259-144.dat	xmrig
behavioral1/files/0x00050000000191ff-126.dat	xmrig
behavioral1/files/0x00060000000190ce-111.dat	xmrig
behavioral1/files/0x00060000000190e0-116.dat	xmrig
behavioral1/files/0x000600000001903b-106.dat	xmrig
behavioral1/files/0x0006000000018f53-101.dat	xmrig
behavioral1/files/0x0006000000018c26-96.dat	xmrig
behavioral1/files/0x0006000000018c1a-91.dat	xmrig
behavioral1/files/0x0005000000018792-86.dat	xmrig
behavioral1/files/0x0005000000018687-81.dat	xmrig
behavioral1/files/0x0014000000018663-71.dat	xmrig
behavioral1/files/0x00060000000174a2-61.dat	xmrig
behavioral1/files/0x0006000000017487-56.dat	xmrig
behavioral1/files/0x0006000000017472-51.dat	xmrig
behavioral1/files/0x0008000000016d36-41.dat	xmrig
behavioral1/files/0x0009000000016d25-37.dat	xmrig
behavioral1/memory/2984-21-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c62-9.dat	xmrig
behavioral1/memory/2496-2036-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/540-2044-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2288-2041-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/1128-2380-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2268-2383-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2688-2446-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2780-2466-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2716-2469-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/1128-3977-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2716-3978-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2984-3973-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2496-3958-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/540-3951-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2780-3948-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2268-3972-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2852-3938-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2688-3931-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2788-3979-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2288-4160-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2852	LTbrHhm.exe
2984	YtPYmyZ.exe
2496	pFgWmGK.exe
2288	cwdYrbK.exe
540	rilgwzY.exe
1128	vpeSOtY.exe
2688	ahAMcAw.exe
2788	RFzbQbE.exe
2780	cTVGgmb.exe
2716	qElHVUD.exe
2920	hQsNIFH.exe
2240	Nenqztr.exe
2608	ZPAKAHt.exe
2696	xxBiCYr.exe
2592	qxviOGU.exe
2656	fUMjKbn.exe
2632	MeFXtMU.exe
2520	glWDCes.exe
1972	hJJXjEt.exe
1656	YEHGBgh.exe
2324	znoAvLE.exe
1244	oZfGSnH.exe
1856	ZAHeUNj.exe
1792	BkwJdEz.exe
2400	WQRZpAy.exe
2332	BSzWfWr.exe
1424	tXaTzJe.exe
2892	GFRRGIP.exe
2820	hZJoXJb.exe
1444	ZHSgVpz.exe
1536	eCkoqCb.exe
2876	BivWCYb.exe
1304	fqSHIvE.exe
2236	uNwyPDV.exe
1932	siOKUdb.exe
1752	CzMZXiJ.exe
2456	KvLwYlx.exe
1732	gPznlsT.exe
1124	nKCNsaN.exe
2284	TGxabhz.exe
296	lxschEk.exe
680	wUgblST.exe
552	fTlgwwJ.exe
2680	BAYKuGr.exe
2312	ORtPHeV.exe
2340	jERMMgh.exe
2544	PxEZKcH.exe
2676	lNuTrPx.exe
684	akuGgPI.exe
1748	QhXzKkU.exe
1628	juaCJUL.exe
376	nyfVQmG.exe
864	zTRypDb.exe
1580	FStIAkJ.exe
2660	TBfqfFO.exe
2004	PLrOlVu.exe
1700	mfQfXTO.exe
2672	bALjcAs.exe
2776	XiHkbmi.exe
2252	hIfDAim.exe
2480	OXVpbuQ.exe
1044	HTgGQtK.exe
2840	TtqKDsU.exe
2604	ehcAoxX.exe

Loads dropped DLL 64 IoCs

pid	Process
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 55 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2268-0-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x0008000000012117-3.dat	upx
behavioral1/files/0x0008000000016855-11.dat	upx
behavioral1/memory/2852-16-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x0007000000016cd1-27.dat	upx
behavioral1/files/0x0007000000016c84-23.dat	upx
behavioral1/files/0x0007000000016cfc-31.dat	upx
behavioral1/files/0x00060000000173fc-46.dat	upx
behavioral1/files/0x0006000000017525-66.dat	upx
behavioral1/files/0x000d00000001866e-76.dat	upx
behavioral1/files/0x00050000000191d4-121.dat	upx
behavioral1/files/0x0005000000019353-162.dat	upx
behavioral1/files/0x0005000000019284-153.dat	upx
behavioral1/files/0x0005000000019263-145.dat	upx
behavioral1/files/0x000500000001922c-139.dat	upx
behavioral1/files/0x0005000000019244-136.dat	upx
behavioral1/files/0x0005000000019256-135.dat	upx
behavioral1/files/0x000500000001928c-159.dat	upx
behavioral1/files/0x0005000000019266-151.dat	upx
behavioral1/files/0x0005000000019259-144.dat	upx
behavioral1/files/0x00050000000191ff-126.dat	upx
behavioral1/files/0x00060000000190ce-111.dat	upx
behavioral1/files/0x00060000000190e0-116.dat	upx
behavioral1/files/0x000600000001903b-106.dat	upx
behavioral1/files/0x0006000000018f53-101.dat	upx
behavioral1/files/0x0006000000018c26-96.dat	upx
behavioral1/files/0x0006000000018c1a-91.dat	upx
behavioral1/files/0x0005000000018792-86.dat	upx
behavioral1/files/0x0005000000018687-81.dat	upx
behavioral1/files/0x0014000000018663-71.dat	upx
behavioral1/files/0x00060000000174a2-61.dat	upx
behavioral1/files/0x0006000000017487-56.dat	upx
behavioral1/files/0x0006000000017472-51.dat	upx
behavioral1/files/0x0008000000016d36-41.dat	upx
behavioral1/files/0x0009000000016d25-37.dat	upx
behavioral1/memory/2984-21-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x0008000000016c62-9.dat	upx
behavioral1/memory/2496-2036-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/540-2044-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2288-2041-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/1128-2380-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2688-2446-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2780-2466-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2716-2469-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/1128-3977-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2716-3978-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2984-3973-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2496-3958-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/540-3951-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2780-3948-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2268-3972-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2852-3938-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2688-3931-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2788-3979-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2288-4160-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EESeedJ.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XPlUNQj.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ndFSgKT.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uyMtZFo.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgGEXxx.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zDjvBND.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRDnYrm.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYsSCoJ.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fbuvanW.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YdTBHAA.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ctiAmxj.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SOCstrl.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lWWMmRg.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QrjCCKv.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xpLBzEe.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TGxabhz.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KnHxGeG.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\alkURuB.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nYMHxvd.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZboBiA.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uQToDtO.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rnVEbIm.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QvZSCVu.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpaOaQZ.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqSrruj.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwkjYhB.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kSIhnMC.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FStksOI.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MzssWan.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ALguqss.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFeeEZU.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aeztBRX.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGIESWY.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESKozqm.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JevMKEO.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UWPGDaW.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ENhTuwO.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gdQwpZj.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mAxYlyq.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XFyRgbv.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RwdbRHG.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AsTNFYn.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CWUWNAn.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HAhQrJQ.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\afLpXuG.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VETSJlj.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lSsKRKs.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eCkoqCb.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lBAzGiC.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eCOERvm.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOAIiyU.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OengwtX.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zAbeCJj.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FZJzYzL.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRiWoyt.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMHyrNc.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pzIwJnU.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BvcYrcU.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QHiJiyr.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCXkfdL.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ztgDsIt.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CvRGdIg.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lqSzuHI.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FLgwmGV.exe	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2852	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2268 wrote to memory of 2852	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2268 wrote to memory of 2852	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2268 wrote to memory of 2984	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2268 wrote to memory of 2984	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2268 wrote to memory of 2984	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2268 wrote to memory of 2496	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2268 wrote to memory of 2496	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2268 wrote to memory of 2496	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2268 wrote to memory of 2288	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2268 wrote to memory of 2288	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2268 wrote to memory of 2288	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2268 wrote to memory of 540	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2268 wrote to memory of 540	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2268 wrote to memory of 540	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2268 wrote to memory of 1128	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2268 wrote to memory of 1128	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2268 wrote to memory of 1128	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2268 wrote to memory of 2688	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2268 wrote to memory of 2688	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2268 wrote to memory of 2688	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2268 wrote to memory of 2788	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2268 wrote to memory of 2788	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2268 wrote to memory of 2788	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2268 wrote to memory of 2780	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2268 wrote to memory of 2780	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2268 wrote to memory of 2780	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2268 wrote to memory of 2716	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2268 wrote to memory of 2716	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2268 wrote to memory of 2716	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2268 wrote to memory of 2920	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2268 wrote to memory of 2920	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2268 wrote to memory of 2920	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2268 wrote to memory of 2240	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2268 wrote to memory of 2240	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2268 wrote to memory of 2240	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2268 wrote to memory of 2608	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2268 wrote to memory of 2608	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2268 wrote to memory of 2608	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2268 wrote to memory of 2696	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2268 wrote to memory of 2696	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2268 wrote to memory of 2696	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2268 wrote to memory of 2592	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2268 wrote to memory of 2592	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2268 wrote to memory of 2592	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2268 wrote to memory of 2656	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2268 wrote to memory of 2656	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2268 wrote to memory of 2656	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2268 wrote to memory of 2632	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2268 wrote to memory of 2632	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2268 wrote to memory of 2632	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2268 wrote to memory of 2520	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2268 wrote to memory of 2520	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2268 wrote to memory of 2520	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2268 wrote to memory of 1972	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2268 wrote to memory of 1972	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2268 wrote to memory of 1972	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2268 wrote to memory of 1656	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2268 wrote to memory of 1656	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2268 wrote to memory of 1656	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2268 wrote to memory of 2324	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2268 wrote to memory of 2324	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2268 wrote to memory of 2324	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2268 wrote to memory of 1244	2268	2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_0221ebdfbf3fd33eca2da642e864d186_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\System\LTbrHhm.exe
  C:\Windows\System\LTbrHhm.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\YtPYmyZ.exe
  C:\Windows\System\YtPYmyZ.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\pFgWmGK.exe
  C:\Windows\System\pFgWmGK.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\cwdYrbK.exe
  C:\Windows\System\cwdYrbK.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\rilgwzY.exe
  C:\Windows\System\rilgwzY.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\vpeSOtY.exe
  C:\Windows\System\vpeSOtY.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\ahAMcAw.exe
  C:\Windows\System\ahAMcAw.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\RFzbQbE.exe
  C:\Windows\System\RFzbQbE.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\cTVGgmb.exe
  C:\Windows\System\cTVGgmb.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\qElHVUD.exe
  C:\Windows\System\qElHVUD.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\hQsNIFH.exe
  C:\Windows\System\hQsNIFH.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\Nenqztr.exe
  C:\Windows\System\Nenqztr.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\ZPAKAHt.exe
  C:\Windows\System\ZPAKAHt.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\xxBiCYr.exe
  C:\Windows\System\xxBiCYr.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\qxviOGU.exe
  C:\Windows\System\qxviOGU.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\fUMjKbn.exe
  C:\Windows\System\fUMjKbn.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\MeFXtMU.exe
  C:\Windows\System\MeFXtMU.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\glWDCes.exe
  C:\Windows\System\glWDCes.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\hJJXjEt.exe
  C:\Windows\System\hJJXjEt.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\YEHGBgh.exe
  C:\Windows\System\YEHGBgh.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\znoAvLE.exe
  C:\Windows\System\znoAvLE.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\oZfGSnH.exe
  C:\Windows\System\oZfGSnH.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\ZAHeUNj.exe
  C:\Windows\System\ZAHeUNj.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\BkwJdEz.exe
  C:\Windows\System\BkwJdEz.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\WQRZpAy.exe
  C:\Windows\System\WQRZpAy.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\tXaTzJe.exe
  C:\Windows\System\tXaTzJe.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\BSzWfWr.exe
  C:\Windows\System\BSzWfWr.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\BivWCYb.exe
  C:\Windows\System\BivWCYb.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\GFRRGIP.exe
  C:\Windows\System\GFRRGIP.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\uNwyPDV.exe
  C:\Windows\System\uNwyPDV.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\hZJoXJb.exe
  C:\Windows\System\hZJoXJb.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\siOKUdb.exe
  C:\Windows\System\siOKUdb.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\ZHSgVpz.exe
  C:\Windows\System\ZHSgVpz.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\KvLwYlx.exe
  C:\Windows\System\KvLwYlx.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\eCkoqCb.exe
  C:\Windows\System\eCkoqCb.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\nKCNsaN.exe
  C:\Windows\System\nKCNsaN.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\fqSHIvE.exe
  C:\Windows\System\fqSHIvE.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\TGxabhz.exe
  C:\Windows\System\TGxabhz.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\CzMZXiJ.exe
  C:\Windows\System\CzMZXiJ.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\lxschEk.exe
  C:\Windows\System\lxschEk.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\gPznlsT.exe
  C:\Windows\System\gPznlsT.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\wUgblST.exe
  C:\Windows\System\wUgblST.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\fTlgwwJ.exe
  C:\Windows\System\fTlgwwJ.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\BAYKuGr.exe
  C:\Windows\System\BAYKuGr.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\ORtPHeV.exe
  C:\Windows\System\ORtPHeV.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\jERMMgh.exe
  C:\Windows\System\jERMMgh.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\PxEZKcH.exe
  C:\Windows\System\PxEZKcH.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\akuGgPI.exe
  C:\Windows\System\akuGgPI.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\lNuTrPx.exe
  C:\Windows\System\lNuTrPx.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\juaCJUL.exe
  C:\Windows\System\juaCJUL.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\QhXzKkU.exe
  C:\Windows\System\QhXzKkU.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\nyfVQmG.exe
  C:\Windows\System\nyfVQmG.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\zTRypDb.exe
  C:\Windows\System\zTRypDb.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\TBfqfFO.exe
  C:\Windows\System\TBfqfFO.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\FStIAkJ.exe
  C:\Windows\System\FStIAkJ.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\mfQfXTO.exe
  C:\Windows\System\mfQfXTO.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\PLrOlVu.exe
  C:\Windows\System\PLrOlVu.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\OXVpbuQ.exe
  C:\Windows\System\OXVpbuQ.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\bALjcAs.exe
  C:\Windows\System\bALjcAs.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\HTgGQtK.exe
  C:\Windows\System\HTgGQtK.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\XiHkbmi.exe
  C:\Windows\System\XiHkbmi.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\TtqKDsU.exe
  C:\Windows\System\TtqKDsU.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\hIfDAim.exe
  C:\Windows\System\hIfDAim.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\ehcAoxX.exe
  C:\Windows\System\ehcAoxX.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\qdaQNvW.exe
  C:\Windows\System\qdaQNvW.exe
  2⤵
  PID:2756
- C:\Windows\System\TjMuWrC.exe
  C:\Windows\System\TjMuWrC.exe
  2⤵
  PID:528
- C:\Windows\System\pZCXeFG.exe
  C:\Windows\System\pZCXeFG.exe
  2⤵
  PID:1616
- C:\Windows\System\VNTHXXW.exe
  C:\Windows\System\VNTHXXW.exe
  2⤵
  PID:316
- C:\Windows\System\leJKEwc.exe
  C:\Windows\System\leJKEwc.exe
  2⤵
  PID:1692
- C:\Windows\System\CxzCtnb.exe
  C:\Windows\System\CxzCtnb.exe
  2⤵
  PID:1992
- C:\Windows\System\dBXxTli.exe
  C:\Windows\System\dBXxTli.exe
  2⤵
  PID:2428
- C:\Windows\System\ptwXkUF.exe
  C:\Windows\System\ptwXkUF.exe
  2⤵
  PID:2020
- C:\Windows\System\JXKdZOk.exe
  C:\Windows\System\JXKdZOk.exe
  2⤵
  PID:2900
- C:\Windows\System\ognRSnZ.exe
  C:\Windows\System\ognRSnZ.exe
  2⤵
  PID:688
- C:\Windows\System\bLHWwYb.exe
  C:\Windows\System\bLHWwYb.exe
  2⤵
  PID:348
- C:\Windows\System\HDzxmps.exe
  C:\Windows\System\HDzxmps.exe
  2⤵
  PID:2668
- C:\Windows\System\VysZPLd.exe
  C:\Windows\System\VysZPLd.exe
  2⤵
  PID:1720
- C:\Windows\System\tGKbOTW.exe
  C:\Windows\System\tGKbOTW.exe
  2⤵
  PID:892
- C:\Windows\System\WdrCWKq.exe
  C:\Windows\System\WdrCWKq.exe
  2⤵
  PID:788
- C:\Windows\System\nWIKwSS.exe
  C:\Windows\System\nWIKwSS.exe
  2⤵
  PID:1228
- C:\Windows\System\zSJWKdi.exe
  C:\Windows\System\zSJWKdi.exe
  2⤵
  PID:1984
- C:\Windows\System\aKqsXCy.exe
  C:\Windows\System\aKqsXCy.exe
  2⤵
  PID:2504
- C:\Windows\System\ahZjjJB.exe
  C:\Windows\System\ahZjjJB.exe
  2⤵
  PID:2224
- C:\Windows\System\QXcGrES.exe
  C:\Windows\System\QXcGrES.exe
  2⤵
  PID:868
- C:\Windows\System\bFKfwCl.exe
  C:\Windows\System\bFKfwCl.exe
  2⤵
  PID:2056
- C:\Windows\System\HHsUQfl.exe
  C:\Windows\System\HHsUQfl.exe
  2⤵
  PID:772
- C:\Windows\System\mvkxPaq.exe
  C:\Windows\System\mvkxPaq.exe
  2⤵
  PID:1532
- C:\Windows\System\gHsPeYm.exe
  C:\Windows\System\gHsPeYm.exe
  2⤵
  PID:2996
- C:\Windows\System\ALguqss.exe
  C:\Windows\System\ALguqss.exe
  2⤵
  PID:2032
- C:\Windows\System\rnVEbIm.exe
  C:\Windows\System\rnVEbIm.exe
  2⤵
  PID:2352
- C:\Windows\System\MZKLSxa.exe
  C:\Windows\System\MZKLSxa.exe
  2⤵
  PID:3052
- C:\Windows\System\FSxAtAg.exe
  C:\Windows\System\FSxAtAg.exe
  2⤵
  PID:2924
- C:\Windows\System\VzUSTMQ.exe
  C:\Windows\System\VzUSTMQ.exe
  2⤵
  PID:2612
- C:\Windows\System\XVPxUyR.exe
  C:\Windows\System\XVPxUyR.exe
  2⤵
  PID:3036
- C:\Windows\System\twdSrFM.exe
  C:\Windows\System\twdSrFM.exe
  2⤵
  PID:2152
- C:\Windows\System\mhTWnff.exe
  C:\Windows\System\mhTWnff.exe
  2⤵
  PID:1944
- C:\Windows\System\TYZqbHX.exe
  C:\Windows\System\TYZqbHX.exe
  2⤵
  PID:2552
- C:\Windows\System\pVcBZvc.exe
  C:\Windows\System\pVcBZvc.exe
  2⤵
  PID:1708
- C:\Windows\System\upaWvqZ.exe
  C:\Windows\System\upaWvqZ.exe
  2⤵
  PID:900
- C:\Windows\System\regaJFN.exe
  C:\Windows\System\regaJFN.exe
  2⤵
  PID:2488
- C:\Windows\System\wIIqofU.exe
  C:\Windows\System\wIIqofU.exe
  2⤵
  PID:1696
- C:\Windows\System\ZxBfdCK.exe
  C:\Windows\System\ZxBfdCK.exe
  2⤵
  PID:1892
- C:\Windows\System\aMxwoVO.exe
  C:\Windows\System\aMxwoVO.exe
  2⤵
  PID:1464
- C:\Windows\System\gBZumJG.exe
  C:\Windows\System\gBZumJG.exe
  2⤵
  PID:3048
- C:\Windows\System\SIudgqr.exe
  C:\Windows\System\SIudgqr.exe
  2⤵
  PID:1316
- C:\Windows\System\PKVZZgw.exe
  C:\Windows\System\PKVZZgw.exe
  2⤵
  PID:328
- C:\Windows\System\AwrFPRR.exe
  C:\Windows\System\AwrFPRR.exe
  2⤵
  PID:1436
- C:\Windows\System\QyNMfAm.exe
  C:\Windows\System\QyNMfAm.exe
  2⤵
  PID:1660
- C:\Windows\System\yAWQwLi.exe
  C:\Windows\System\yAWQwLi.exe
  2⤵
  PID:836
- C:\Windows\System\gVYwHNe.exe
  C:\Windows\System\gVYwHNe.exe
  2⤵
  PID:1504
- C:\Windows\System\akbOntN.exe
  C:\Windows\System\akbOntN.exe
  2⤵
  PID:1048
- C:\Windows\System\wnExRMP.exe
  C:\Windows\System\wnExRMP.exe
  2⤵
  PID:2896
- C:\Windows\System\TUqfEbo.exe
  C:\Windows\System\TUqfEbo.exe
  2⤵
  PID:1800
- C:\Windows\System\IDbtsdX.exe
  C:\Windows\System\IDbtsdX.exe
  2⤵
  PID:3080
- C:\Windows\System\chzOulO.exe
  C:\Windows\System\chzOulO.exe
  2⤵
  PID:3096
- C:\Windows\System\mTXpNjz.exe
  C:\Windows\System\mTXpNjz.exe
  2⤵
  PID:3112
- C:\Windows\System\FzqPthJ.exe
  C:\Windows\System\FzqPthJ.exe
  2⤵
  PID:3128
- C:\Windows\System\WqnpspU.exe
  C:\Windows\System\WqnpspU.exe
  2⤵
  PID:3144
- C:\Windows\System\nPQvpqi.exe
  C:\Windows\System\nPQvpqi.exe
  2⤵
  PID:3160
- C:\Windows\System\AFFbmkH.exe
  C:\Windows\System\AFFbmkH.exe
  2⤵
  PID:3176
- C:\Windows\System\TLYykbu.exe
  C:\Windows\System\TLYykbu.exe
  2⤵
  PID:3204
- C:\Windows\System\OxGzRcM.exe
  C:\Windows\System\OxGzRcM.exe
  2⤵
  PID:3228
- C:\Windows\System\zBIwBKL.exe
  C:\Windows\System\zBIwBKL.exe
  2⤵
  PID:3244
- C:\Windows\System\cIHDRil.exe
  C:\Windows\System\cIHDRil.exe
  2⤵
  PID:3284
- C:\Windows\System\avSPRSR.exe
  C:\Windows\System\avSPRSR.exe
  2⤵
  PID:3304
- C:\Windows\System\eSDVWZW.exe
  C:\Windows\System\eSDVWZW.exe
  2⤵
  PID:3320
- C:\Windows\System\opLOYWE.exe
  C:\Windows\System\opLOYWE.exe
  2⤵
  PID:3340
- C:\Windows\System\PuoQldb.exe
  C:\Windows\System\PuoQldb.exe
  2⤵
  PID:3356
- C:\Windows\System\bMQknoq.exe
  C:\Windows\System\bMQknoq.exe
  2⤵
  PID:3380
- C:\Windows\System\RRrxgdK.exe
  C:\Windows\System\RRrxgdK.exe
  2⤵
  PID:3408
- C:\Windows\System\RsdjgJa.exe
  C:\Windows\System\RsdjgJa.exe
  2⤵
  PID:3432
- C:\Windows\System\VdQxYeP.exe
  C:\Windows\System\VdQxYeP.exe
  2⤵
  PID:3448
- C:\Windows\System\jaGmLzA.exe
  C:\Windows\System\jaGmLzA.exe
  2⤵
  PID:3464
- C:\Windows\System\QqWBIMT.exe
  C:\Windows\System\QqWBIMT.exe
  2⤵
  PID:3484
- C:\Windows\System\KzmAXGG.exe
  C:\Windows\System\KzmAXGG.exe
  2⤵
  PID:3500
- C:\Windows\System\kECgbLl.exe
  C:\Windows\System\kECgbLl.exe
  2⤵
  PID:3524
- C:\Windows\System\EESeedJ.exe
  C:\Windows\System\EESeedJ.exe
  2⤵
  PID:3544
- C:\Windows\System\iIHEhgl.exe
  C:\Windows\System\iIHEhgl.exe
  2⤵
  PID:3568
- C:\Windows\System\KSTpScv.exe
  C:\Windows\System\KSTpScv.exe
  2⤵
  PID:3600
- C:\Windows\System\UKSaeMl.exe
  C:\Windows\System\UKSaeMl.exe
  2⤵
  PID:3628
- C:\Windows\System\lItlNxI.exe
  C:\Windows\System\lItlNxI.exe
  2⤵
  PID:3652
- C:\Windows\System\YYvbryO.exe
  C:\Windows\System\YYvbryO.exe
  2⤵
  PID:3668
- C:\Windows\System\rntRTDJ.exe
  C:\Windows\System\rntRTDJ.exe
  2⤵
  PID:3684
- C:\Windows\System\XjYWMCF.exe
  C:\Windows\System\XjYWMCF.exe
  2⤵
  PID:3704
- C:\Windows\System\VIULjtS.exe
  C:\Windows\System\VIULjtS.exe
  2⤵
  PID:3724
- C:\Windows\System\jDkNvAg.exe
  C:\Windows\System\jDkNvAg.exe
  2⤵
  PID:3748
- C:\Windows\System\LhJkoCt.exe
  C:\Windows\System\LhJkoCt.exe
  2⤵
  PID:3772
- C:\Windows\System\iOgwMhA.exe
  C:\Windows\System\iOgwMhA.exe
  2⤵
  PID:3788
- C:\Windows\System\bbBUnky.exe
  C:\Windows\System\bbBUnky.exe
  2⤵
  PID:3804
- C:\Windows\System\pzIwJnU.exe
  C:\Windows\System\pzIwJnU.exe
  2⤵
  PID:3836
- C:\Windows\System\lBAzGiC.exe
  C:\Windows\System\lBAzGiC.exe
  2⤵
  PID:3852
- C:\Windows\System\SdlhmKE.exe
  C:\Windows\System\SdlhmKE.exe
  2⤵
  PID:3872
- C:\Windows\System\hwqSDzK.exe
  C:\Windows\System\hwqSDzK.exe
  2⤵
  PID:3896
- C:\Windows\System\BTwqceB.exe
  C:\Windows\System\BTwqceB.exe
  2⤵
  PID:3912
- C:\Windows\System\KQCwqmh.exe
  C:\Windows\System\KQCwqmh.exe
  2⤵
  PID:3932
- C:\Windows\System\sJhIcjK.exe
  C:\Windows\System\sJhIcjK.exe
  2⤵
  PID:3952
- C:\Windows\System\QUlgKJV.exe
  C:\Windows\System\QUlgKJV.exe
  2⤵
  PID:3972
- C:\Windows\System\LTmTVkB.exe
  C:\Windows\System\LTmTVkB.exe
  2⤵
  PID:3992
- C:\Windows\System\zIsCXga.exe
  C:\Windows\System\zIsCXga.exe
  2⤵
  PID:4016
- C:\Windows\System\cQOLQyu.exe
  C:\Windows\System\cQOLQyu.exe
  2⤵
  PID:4032
- C:\Windows\System\jmzTVcI.exe
  C:\Windows\System\jmzTVcI.exe
  2⤵
  PID:4048
- C:\Windows\System\znjaQOF.exe
  C:\Windows\System\znjaQOF.exe
  2⤵
  PID:4068
- C:\Windows\System\yQuWija.exe
  C:\Windows\System\yQuWija.exe
  2⤵
  PID:4088
- C:\Windows\System\WlEaFFv.exe
  C:\Windows\System\WlEaFFv.exe
  2⤵
  PID:1292
- C:\Windows\System\IlsShkU.exe
  C:\Windows\System\IlsShkU.exe
  2⤵
  PID:1584
- C:\Windows\System\pRAAQPy.exe
  C:\Windows\System\pRAAQPy.exe
  2⤵
  PID:2576
- C:\Windows\System\lDFPGHn.exe
  C:\Windows\System\lDFPGHn.exe
  2⤵
  PID:1332
- C:\Windows\System\UEzAuBQ.exe
  C:\Windows\System\UEzAuBQ.exe
  2⤵
  PID:1668
- C:\Windows\System\yGEdHfz.exe
  C:\Windows\System\yGEdHfz.exe
  2⤵
  PID:2436
- C:\Windows\System\HQDAbEE.exe
  C:\Windows\System\HQDAbEE.exe
  2⤵
  PID:920
- C:\Windows\System\NNxYNYk.exe
  C:\Windows\System\NNxYNYk.exe
  2⤵
  PID:3076
- C:\Windows\System\CCZBBNS.exe
  C:\Windows\System\CCZBBNS.exe
  2⤵
  PID:1680
- C:\Windows\System\amPGWCP.exe
  C:\Windows\System\amPGWCP.exe
  2⤵
  PID:2200
- C:\Windows\System\YtPDSRp.exe
  C:\Windows\System\YtPDSRp.exe
  2⤵
  PID:2792
- C:\Windows\System\OZZSABl.exe
  C:\Windows\System\OZZSABl.exe
  2⤵
  PID:3212
- C:\Windows\System\ypHdtHk.exe
  C:\Windows\System\ypHdtHk.exe
  2⤵
  PID:2568
- C:\Windows\System\ssRKpXN.exe
  C:\Windows\System\ssRKpXN.exe
  2⤵
  PID:3260
- C:\Windows\System\CXtcNrn.exe
  C:\Windows\System\CXtcNrn.exe
  2⤵
  PID:3152
- C:\Windows\System\BpItlQm.exe
  C:\Windows\System\BpItlQm.exe
  2⤵
  PID:3196
- C:\Windows\System\XVSFHvS.exe
  C:\Windows\System\XVSFHvS.exe
  2⤵
  PID:3240
- C:\Windows\System\AKUXHhZ.exe
  C:\Windows\System\AKUXHhZ.exe
  2⤵
  PID:3416
- C:\Windows\System\HIDXuZw.exe
  C:\Windows\System\HIDXuZw.exe
  2⤵
  PID:3456
- C:\Windows\System\jNlUbYV.exe
  C:\Windows\System\jNlUbYV.exe
  2⤵
  PID:3328
- C:\Windows\System\enukneW.exe
  C:\Windows\System\enukneW.exe
  2⤵
  PID:3372
- C:\Windows\System\BpoFrUT.exe
  C:\Windows\System\BpoFrUT.exe
  2⤵
  PID:3532
- C:\Windows\System\pmEpKxG.exe
  C:\Windows\System\pmEpKxG.exe
  2⤵
  PID:3480
- C:\Windows\System\MaTqxhB.exe
  C:\Windows\System\MaTqxhB.exe
  2⤵
  PID:3576
- C:\Windows\System\YgRaLbS.exe
  C:\Windows\System\YgRaLbS.exe
  2⤵
  PID:3552
- C:\Windows\System\BVbgpUE.exe
  C:\Windows\System\BVbgpUE.exe
  2⤵
  PID:3472
- C:\Windows\System\fFPCpJR.exe
  C:\Windows\System\fFPCpJR.exe
  2⤵
  PID:3640
- C:\Windows\System\mNaLTRe.exe
  C:\Windows\System\mNaLTRe.exe
  2⤵
  PID:3712
- C:\Windows\System\nDeJZfB.exe
  C:\Windows\System\nDeJZfB.exe
  2⤵
  PID:3700
- C:\Windows\System\aFeeEZU.exe
  C:\Windows\System\aFeeEZU.exe
  2⤵
  PID:3740
- C:\Windows\System\ATSVJul.exe
  C:\Windows\System\ATSVJul.exe
  2⤵
  PID:3800
- C:\Windows\System\tGuNcPk.exe
  C:\Windows\System\tGuNcPk.exe
  2⤵
  PID:3820
- C:\Windows\System\qOgqBVl.exe
  C:\Windows\System\qOgqBVl.exe
  2⤵
  PID:3880
- C:\Windows\System\taoWgDz.exe
  C:\Windows\System\taoWgDz.exe
  2⤵
  PID:3924
- C:\Windows\System\fRJLOtg.exe
  C:\Windows\System\fRJLOtg.exe
  2⤵
  PID:4000
- C:\Windows\System\KnHxGeG.exe
  C:\Windows\System\KnHxGeG.exe
  2⤵
  PID:4040
- C:\Windows\System\gDpNfXV.exe
  C:\Windows\System\gDpNfXV.exe
  2⤵
  PID:2420
- C:\Windows\System\tTSSXgV.exe
  C:\Windows\System\tTSSXgV.exe
  2⤵
  PID:3864
- C:\Windows\System\cQrvqvx.exe
  C:\Windows\System\cQrvqvx.exe
  2⤵
  PID:2248
- C:\Windows\System\sFkjKiq.exe
  C:\Windows\System\sFkjKiq.exe
  2⤵
  PID:3948
- C:\Windows\System\PHIWFbs.exe
  C:\Windows\System\PHIWFbs.exe
  2⤵
  PID:3980
- C:\Windows\System\hzbhlFi.exe
  C:\Windows\System\hzbhlFi.exe
  2⤵
  PID:4060
- C:\Windows\System\ksXFZgM.exe
  C:\Windows\System\ksXFZgM.exe
  2⤵
  PID:984
- C:\Windows\System\XvfOgzN.exe
  C:\Windows\System\XvfOgzN.exe
  2⤵
  PID:2664
- C:\Windows\System\kbSzrcK.exe
  C:\Windows\System\kbSzrcK.exe
  2⤵
  PID:2992
- C:\Windows\System\NYHbLFL.exe
  C:\Windows\System\NYHbLFL.exe
  2⤵
  PID:3252
- C:\Windows\System\xHOXpbQ.exe
  C:\Windows\System\xHOXpbQ.exe
  2⤵
  PID:1880
- C:\Windows\System\YlHWQGj.exe
  C:\Windows\System\YlHWQGj.exe
  2⤵
  PID:3348
- C:\Windows\System\WYfYmpT.exe
  C:\Windows\System\WYfYmpT.exe
  2⤵
  PID:3224
- C:\Windows\System\XwCJVPm.exe
  C:\Windows\System\XwCJVPm.exe
  2⤵
  PID:3272
- C:\Windows\System\RxYcDXg.exe
  C:\Windows\System\RxYcDXg.exe
  2⤵
  PID:3296
- C:\Windows\System\mAcTqqT.exe
  C:\Windows\System\mAcTqqT.exe
  2⤵
  PID:3516
- C:\Windows\System\tPbBwFF.exe
  C:\Windows\System\tPbBwFF.exe
  2⤵
  PID:3428
- C:\Windows\System\TaAoEGd.exe
  C:\Windows\System\TaAoEGd.exe
  2⤵
  PID:3612
- C:\Windows\System\HThxvBz.exe
  C:\Windows\System\HThxvBz.exe
  2⤵
  PID:3364
- C:\Windows\System\xCcSpIr.exe
  C:\Windows\System\xCcSpIr.exe
  2⤵
  PID:3660
- C:\Windows\System\sppGsKh.exe
  C:\Windows\System\sppGsKh.exe
  2⤵
  PID:3716
- C:\Windows\System\HNyuDst.exe
  C:\Windows\System\HNyuDst.exe
  2⤵
  PID:3636
- C:\Windows\System\BOYATCz.exe
  C:\Windows\System\BOYATCz.exe
  2⤵
  PID:3796
- C:\Windows\System\fuHRSfZ.exe
  C:\Windows\System\fuHRSfZ.exe
  2⤵
  PID:3928
- C:\Windows\System\OCywPOA.exe
  C:\Windows\System\OCywPOA.exe
  2⤵
  PID:3848
- C:\Windows\System\pSMGysu.exe
  C:\Windows\System\pSMGysu.exe
  2⤵
  PID:4084
- C:\Windows\System\iUTQaLO.exe
  C:\Windows\System\iUTQaLO.exe
  2⤵
  PID:3860
- C:\Windows\System\qzXZfFr.exe
  C:\Windows\System\qzXZfFr.exe
  2⤵
  PID:3940
- C:\Windows\System\SVgwmAF.exe
  C:\Windows\System\SVgwmAF.exe
  2⤵
  PID:3008
- C:\Windows\System\kjxexQH.exe
  C:\Windows\System\kjxexQH.exe
  2⤵
  PID:2760
- C:\Windows\System\EzCWbEU.exe
  C:\Windows\System\EzCWbEU.exe
  2⤵
  PID:3140
- C:\Windows\System\ajsQkRn.exe
  C:\Windows\System\ajsQkRn.exe
  2⤵
  PID:3316
- C:\Windows\System\vuSkzeA.exe
  C:\Windows\System\vuSkzeA.exe
  2⤵
  PID:660
- C:\Windows\System\UmtwuEJ.exe
  C:\Windows\System\UmtwuEJ.exe
  2⤵
  PID:3104
- C:\Windows\System\jCXkfdL.exe
  C:\Windows\System\jCXkfdL.exe
  2⤵
  PID:3276
- C:\Windows\System\JhFTwpP.exe
  C:\Windows\System\JhFTwpP.exe
  2⤵
  PID:3236
- C:\Windows\System\ikZYymz.exe
  C:\Windows\System\ikZYymz.exe
  2⤵
  PID:3088
- C:\Windows\System\yoiRXun.exe
  C:\Windows\System\yoiRXun.exe
  2⤵
  PID:3736
- C:\Windows\System\FNcgSZp.exe
  C:\Windows\System\FNcgSZp.exe
  2⤵
  PID:3768
- C:\Windows\System\dnXwkZd.exe
  C:\Windows\System\dnXwkZd.exe
  2⤵
  PID:4076
- C:\Windows\System\IYsSCoJ.exe
  C:\Windows\System\IYsSCoJ.exe
  2⤵
  PID:3760
- C:\Windows\System\fbuvanW.exe
  C:\Windows\System\fbuvanW.exe
  2⤵
  PID:3844
- C:\Windows\System\QDcEgkl.exe
  C:\Windows\System\QDcEgkl.exe
  2⤵
  PID:1428
- C:\Windows\System\ixGtNEq.exe
  C:\Windows\System\ixGtNEq.exe
  2⤵
  PID:4112
- C:\Windows\System\uKRHFfh.exe
  C:\Windows\System\uKRHFfh.exe
  2⤵
  PID:4136
- C:\Windows\System\KRPVoTo.exe
  C:\Windows\System\KRPVoTo.exe
  2⤵
  PID:4156
- C:\Windows\System\aoGTcFZ.exe
  C:\Windows\System\aoGTcFZ.exe
  2⤵
  PID:4176
- C:\Windows\System\OxCbwyo.exe
  C:\Windows\System\OxCbwyo.exe
  2⤵
  PID:4192
- C:\Windows\System\dtxmKjt.exe
  C:\Windows\System\dtxmKjt.exe
  2⤵
  PID:4212
- C:\Windows\System\ggSnuNh.exe
  C:\Windows\System\ggSnuNh.exe
  2⤵
  PID:4228
- C:\Windows\System\mQscIPQ.exe
  C:\Windows\System\mQscIPQ.exe
  2⤵
  PID:4248
- C:\Windows\System\dKEYHii.exe
  C:\Windows\System\dKEYHii.exe
  2⤵
  PID:4268
- C:\Windows\System\pQGAEkL.exe
  C:\Windows\System\pQGAEkL.exe
  2⤵
  PID:4292
- C:\Windows\System\JZNUfoF.exe
  C:\Windows\System\JZNUfoF.exe
  2⤵
  PID:4316
- C:\Windows\System\KdCGJxJ.exe
  C:\Windows\System\KdCGJxJ.exe
  2⤵
  PID:4332
- C:\Windows\System\pFwAXMm.exe
  C:\Windows\System\pFwAXMm.exe
  2⤵
  PID:4352
- C:\Windows\System\DnkvHyz.exe
  C:\Windows\System\DnkvHyz.exe
  2⤵
  PID:4372
- C:\Windows\System\jUevCaX.exe
  C:\Windows\System\jUevCaX.exe
  2⤵
  PID:4392
- C:\Windows\System\fciBYDn.exe
  C:\Windows\System\fciBYDn.exe
  2⤵
  PID:4412
- C:\Windows\System\JBDfaGS.exe
  C:\Windows\System\JBDfaGS.exe
  2⤵
  PID:4428
- C:\Windows\System\KpEKako.exe
  C:\Windows\System\KpEKako.exe
  2⤵
  PID:4456
- C:\Windows\System\oxjmmNq.exe
  C:\Windows\System\oxjmmNq.exe
  2⤵
  PID:4476
- C:\Windows\System\VOXriZy.exe
  C:\Windows\System\VOXriZy.exe
  2⤵
  PID:4496
- C:\Windows\System\AcAGaJQ.exe
  C:\Windows\System\AcAGaJQ.exe
  2⤵
  PID:4516
- C:\Windows\System\XeUCiBT.exe
  C:\Windows\System\XeUCiBT.exe
  2⤵
  PID:4536
- C:\Windows\System\YnhQwHV.exe
  C:\Windows\System\YnhQwHV.exe
  2⤵
  PID:4556
- C:\Windows\System\qXVDBvH.exe
  C:\Windows\System\qXVDBvH.exe
  2⤵
  PID:4572
- C:\Windows\System\jXjDVVQ.exe
  C:\Windows\System\jXjDVVQ.exe
  2⤵
  PID:4592
- C:\Windows\System\ghARBJY.exe
  C:\Windows\System\ghARBJY.exe
  2⤵
  PID:4608
- C:\Windows\System\hwDOSeA.exe
  C:\Windows\System\hwDOSeA.exe
  2⤵
  PID:4636
- C:\Windows\System\rpmSiVu.exe
  C:\Windows\System\rpmSiVu.exe
  2⤵
  PID:4656
- C:\Windows\System\tkMeVPO.exe
  C:\Windows\System\tkMeVPO.exe
  2⤵
  PID:4676
- C:\Windows\System\oTJzLES.exe
  C:\Windows\System\oTJzLES.exe
  2⤵
  PID:4696
- C:\Windows\System\HhoRskJ.exe
  C:\Windows\System\HhoRskJ.exe
  2⤵
  PID:4716
- C:\Windows\System\bnClJRc.exe
  C:\Windows\System\bnClJRc.exe
  2⤵
  PID:4736
- C:\Windows\System\FIyMmTp.exe
  C:\Windows\System\FIyMmTp.exe
  2⤵
  PID:4756
- C:\Windows\System\QnVbwxw.exe
  C:\Windows\System\QnVbwxw.exe
  2⤵
  PID:4776
- C:\Windows\System\YtXbcnl.exe
  C:\Windows\System\YtXbcnl.exe
  2⤵
  PID:4796
- C:\Windows\System\QwWFNea.exe
  C:\Windows\System\QwWFNea.exe
  2⤵
  PID:4812
- C:\Windows\System\OVieaBV.exe
  C:\Windows\System\OVieaBV.exe
  2⤵
  PID:4832
- C:\Windows\System\vgeIYDh.exe
  C:\Windows\System\vgeIYDh.exe
  2⤵
  PID:4852
- C:\Windows\System\EGEOBJC.exe
  C:\Windows\System\EGEOBJC.exe
  2⤵
  PID:4872
- C:\Windows\System\RGPAZax.exe
  C:\Windows\System\RGPAZax.exe
  2⤵
  PID:4892
- C:\Windows\System\MsXkSYf.exe
  C:\Windows\System\MsXkSYf.exe
  2⤵
  PID:4908
- C:\Windows\System\rGYQYYJ.exe
  C:\Windows\System\rGYQYYJ.exe
  2⤵
  PID:4928
- C:\Windows\System\SagxmEc.exe
  C:\Windows\System\SagxmEc.exe
  2⤵
  PID:4952
- C:\Windows\System\GXAEEch.exe
  C:\Windows\System\GXAEEch.exe
  2⤵
  PID:4972
- C:\Windows\System\uSxnWCO.exe
  C:\Windows\System\uSxnWCO.exe
  2⤵
  PID:4996
- C:\Windows\System\FNbygIl.exe
  C:\Windows\System\FNbygIl.exe
  2⤵
  PID:5016
- C:\Windows\System\JLoEoRa.exe
  C:\Windows\System\JLoEoRa.exe
  2⤵
  PID:5036
- C:\Windows\System\NVULKeB.exe
  C:\Windows\System\NVULKeB.exe
  2⤵
  PID:5056
- C:\Windows\System\GxJGSSe.exe
  C:\Windows\System\GxJGSSe.exe
  2⤵
  PID:5076
- C:\Windows\System\dSDxnmF.exe
  C:\Windows\System\dSDxnmF.exe
  2⤵
  PID:5092
- C:\Windows\System\hofnzho.exe
  C:\Windows\System\hofnzho.exe
  2⤵
  PID:5116
- C:\Windows\System\JevMKEO.exe
  C:\Windows\System\JevMKEO.exe
  2⤵
  PID:3192
- C:\Windows\System\gZOjFyL.exe
  C:\Windows\System\gZOjFyL.exe
  2⤵
  PID:264
- C:\Windows\System\PVbYjsw.exe
  C:\Windows\System\PVbYjsw.exe
  2⤵
  PID:1160
- C:\Windows\System\tLdmehk.exe
  C:\Windows\System\tLdmehk.exe
  2⤵
  PID:3584
- C:\Windows\System\YHndNUZ.exe
  C:\Windows\System\YHndNUZ.exe
  2⤵
  PID:3404
- C:\Windows\System\qxizRrw.exe
  C:\Windows\System\qxizRrw.exe
  2⤵
  PID:3292
- C:\Windows\System\VnbSUqy.exe
  C:\Windows\System\VnbSUqy.exe
  2⤵
  PID:4004
- C:\Windows\System\GyOgeEN.exe
  C:\Windows\System\GyOgeEN.exe
  2⤵
  PID:4108
- C:\Windows\System\NAIEVVO.exe
  C:\Windows\System\NAIEVVO.exe
  2⤵
  PID:2404
- C:\Windows\System\yzzulVv.exe
  C:\Windows\System\yzzulVv.exe
  2⤵
  PID:4148
- C:\Windows\System\XaBDOzh.exe
  C:\Windows\System\XaBDOzh.exe
  2⤵
  PID:4184
- C:\Windows\System\YmjzTix.exe
  C:\Windows\System\YmjzTix.exe
  2⤵
  PID:4220
- C:\Windows\System\GjwxRSq.exe
  C:\Windows\System\GjwxRSq.exe
  2⤵
  PID:4240
- C:\Windows\System\UAlSIWS.exe
  C:\Windows\System\UAlSIWS.exe
  2⤵
  PID:4236
- C:\Windows\System\XYaLjCK.exe
  C:\Windows\System\XYaLjCK.exe
  2⤵
  PID:4280
- C:\Windows\System\hQLHOuP.exe
  C:\Windows\System\hQLHOuP.exe
  2⤵
  PID:4340
- C:\Windows\System\DaUWWcP.exe
  C:\Windows\System\DaUWWcP.exe
  2⤵
  PID:4384
- C:\Windows\System\WmbauXg.exe
  C:\Windows\System\WmbauXg.exe
  2⤵
  PID:4424
- C:\Windows\System\wCFEvRe.exe
  C:\Windows\System\wCFEvRe.exe
  2⤵
  PID:4404
- C:\Windows\System\apYIumk.exe
  C:\Windows\System\apYIumk.exe
  2⤵
  PID:4444
- C:\Windows\System\alkURuB.exe
  C:\Windows\System\alkURuB.exe
  2⤵
  PID:4508
- C:\Windows\System\myBXnhO.exe
  C:\Windows\System\myBXnhO.exe
  2⤵
  PID:4524
- C:\Windows\System\lrGxKwS.exe
  C:\Windows\System\lrGxKwS.exe
  2⤵
  PID:4532
- C:\Windows\System\EOsyItO.exe
  C:\Windows\System\EOsyItO.exe
  2⤵
  PID:4616
- C:\Windows\System\MeBdoEz.exe
  C:\Windows\System\MeBdoEz.exe
  2⤵
  PID:4564
- C:\Windows\System\ysxOHiX.exe
  C:\Windows\System\ysxOHiX.exe
  2⤵
  PID:4664
- C:\Windows\System\QvcSgns.exe
  C:\Windows\System\QvcSgns.exe
  2⤵
  PID:4668
- C:\Windows\System\nsiuFqH.exe
  C:\Windows\System\nsiuFqH.exe
  2⤵
  PID:4688
- C:\Windows\System\akseozI.exe
  C:\Windows\System\akseozI.exe
  2⤵
  PID:4752
- C:\Windows\System\RzeSrgf.exe
  C:\Windows\System\RzeSrgf.exe
  2⤵
  PID:4784
- C:\Windows\System\zRuonqc.exe
  C:\Windows\System\zRuonqc.exe
  2⤵
  PID:4820
- C:\Windows\System\LbgjfxH.exe
  C:\Windows\System\LbgjfxH.exe
  2⤵
  PID:4808
- C:\Windows\System\cUUaRRx.exe
  C:\Windows\System\cUUaRRx.exe
  2⤵
  PID:4864
- C:\Windows\System\QHMtmIf.exe
  C:\Windows\System\QHMtmIf.exe
  2⤵
  PID:4900
- C:\Windows\System\zQCkLQg.exe
  C:\Windows\System\zQCkLQg.exe
  2⤵
  PID:4916
- C:\Windows\System\uWilGKW.exe
  C:\Windows\System\uWilGKW.exe
  2⤵
  PID:4880
- C:\Windows\System\gCwweNN.exe
  C:\Windows\System\gCwweNN.exe
  2⤵
  PID:4964
- C:\Windows\System\yYijRHd.exe
  C:\Windows\System\yYijRHd.exe
  2⤵
  PID:5044
- C:\Windows\System\TpFeRXZ.exe
  C:\Windows\System\TpFeRXZ.exe
  2⤵
  PID:5112
- C:\Windows\System\aCfHeos.exe
  C:\Windows\System\aCfHeos.exe
  2⤵
  PID:4028
- C:\Windows\System\osYdDXK.exe
  C:\Windows\System\osYdDXK.exe
  2⤵
  PID:3300
- C:\Windows\System\cTgciOg.exe
  C:\Windows\System\cTgciOg.exe
  2⤵
  PID:3696
- C:\Windows\System\lTFtqZi.exe
  C:\Windows\System\lTFtqZi.exe
  2⤵
  PID:3832
- C:\Windows\System\qncyKTk.exe
  C:\Windows\System\qncyKTk.exe
  2⤵
  PID:4152
- C:\Windows\System\pHPMDAz.exe
  C:\Windows\System\pHPMDAz.exe
  2⤵
  PID:4172
- C:\Windows\System\ODFvWVN.exe
  C:\Windows\System\ODFvWVN.exe
  2⤵
  PID:4360
- C:\Windows\System\owyZqcx.exe
  C:\Windows\System\owyZqcx.exe
  2⤵
  PID:4440
- C:\Windows\System\VKuJtBj.exe
  C:\Windows\System\VKuJtBj.exe
  2⤵
  PID:4588
- C:\Windows\System\ocEyXxU.exe
  C:\Windows\System\ocEyXxU.exe
  2⤵
  PID:3188
- C:\Windows\System\rvoHJUM.exe
  C:\Windows\System\rvoHJUM.exe
  2⤵
  PID:4684
- C:\Windows\System\ihOhHZg.exe
  C:\Windows\System\ihOhHZg.exe
  2⤵
  PID:4724
- C:\Windows\System\joARXPb.exe
  C:\Windows\System\joARXPb.exe
  2⤵
  PID:4732
- C:\Windows\System\vULwtgK.exe
  C:\Windows\System\vULwtgK.exe
  2⤵
  PID:4276
- C:\Windows\System\zOKgBtL.exe
  C:\Windows\System\zOKgBtL.exe
  2⤵
  PID:4472
- C:\Windows\System\MqOUrqf.exe
  C:\Windows\System\MqOUrqf.exe
  2⤵
  PID:4948
- C:\Windows\System\yqMhsiu.exe
  C:\Windows\System\yqMhsiu.exe
  2⤵
  PID:5024
- C:\Windows\System\MuECZFx.exe
  C:\Windows\System\MuECZFx.exe
  2⤵
  PID:5012
- C:\Windows\System\aDNHCRf.exe
  C:\Windows\System\aDNHCRf.exe
  2⤵
  PID:4936
- C:\Windows\System\IKyRLQK.exe
  C:\Windows\System\IKyRLQK.exe
  2⤵
  PID:4988
- C:\Windows\System\wqblPdW.exe
  C:\Windows\System\wqblPdW.exe
  2⤵
  PID:4744
- C:\Windows\System\MxOibOg.exe
  C:\Windows\System\MxOibOg.exe
  2⤵
  PID:4568
- C:\Windows\System\SysnMcp.exe
  C:\Windows\System\SysnMcp.exe
  2⤵
  PID:2644
- C:\Windows\System\utdIgpi.exe
  C:\Windows\System\utdIgpi.exe
  2⤵
  PID:5104
- C:\Windows\System\loCYvTF.exe
  C:\Windows\System\loCYvTF.exe
  2⤵
  PID:3608
- C:\Windows\System\oHksBUK.exe
  C:\Windows\System\oHksBUK.exe
  2⤵
  PID:4284
- C:\Windows\System\VxISTDk.exe
  C:\Windows\System\VxISTDk.exe
  2⤵
  PID:3268
- C:\Windows\System\XPlUNQj.exe
  C:\Windows\System\XPlUNQj.exe
  2⤵
  PID:4164
- C:\Windows\System\HShuhtE.exe
  C:\Windows\System\HShuhtE.exe
  2⤵
  PID:4420
- C:\Windows\System\wXoudFv.exe
  C:\Windows\System\wXoudFv.exe
  2⤵
  PID:4128
- C:\Windows\System\nYMHxvd.exe
  C:\Windows\System\nYMHxvd.exe
  2⤵
  PID:3944
- C:\Windows\System\lXxSOyy.exe
  C:\Windows\System\lXxSOyy.exe
  2⤵
  PID:4264
- C:\Windows\System\PPaEXDA.exe
  C:\Windows\System\PPaEXDA.exe
  2⤵
  PID:5124
- C:\Windows\System\ngszZUE.exe
  C:\Windows\System\ngszZUE.exe
  2⤵
  PID:5144
- C:\Windows\System\ZhDFOwW.exe
  C:\Windows\System\ZhDFOwW.exe
  2⤵
  PID:5164
- C:\Windows\System\usQJoXs.exe
  C:\Windows\System\usQJoXs.exe
  2⤵
  PID:5184
- C:\Windows\System\nArNohc.exe
  C:\Windows\System\nArNohc.exe
  2⤵
  PID:5204
- C:\Windows\System\kParcqX.exe
  C:\Windows\System\kParcqX.exe
  2⤵
  PID:5224
- C:\Windows\System\tamLxxU.exe
  C:\Windows\System\tamLxxU.exe
  2⤵
  PID:5244
- C:\Windows\System\zTXyJKo.exe
  C:\Windows\System\zTXyJKo.exe
  2⤵
  PID:5264
- C:\Windows\System\TvMBKfZ.exe
  C:\Windows\System\TvMBKfZ.exe
  2⤵
  PID:5284
- C:\Windows\System\eCOERvm.exe
  C:\Windows\System\eCOERvm.exe
  2⤵
  PID:5304
- C:\Windows\System\IKyDgoy.exe
  C:\Windows\System\IKyDgoy.exe
  2⤵
  PID:5324
- C:\Windows\System\PbOzzEr.exe
  C:\Windows\System\PbOzzEr.exe
  2⤵
  PID:5344
- C:\Windows\System\unePVyk.exe
  C:\Windows\System\unePVyk.exe
  2⤵
  PID:5364
- C:\Windows\System\eFqYUjm.exe
  C:\Windows\System\eFqYUjm.exe
  2⤵
  PID:5384
- C:\Windows\System\zNLulVu.exe
  C:\Windows\System\zNLulVu.exe
  2⤵
  PID:5404
- C:\Windows\System\PTygcEm.exe
  C:\Windows\System\PTygcEm.exe
  2⤵
  PID:5424
- C:\Windows\System\DWEkGUq.exe
  C:\Windows\System\DWEkGUq.exe
  2⤵
  PID:5444
- C:\Windows\System\LaKKUXB.exe
  C:\Windows\System\LaKKUXB.exe
  2⤵
  PID:5464
- C:\Windows\System\SgpcfZF.exe
  C:\Windows\System\SgpcfZF.exe
  2⤵
  PID:5484
- C:\Windows\System\UfVVqSA.exe
  C:\Windows\System\UfVVqSA.exe
  2⤵
  PID:5504
- C:\Windows\System\YKhVjig.exe
  C:\Windows\System\YKhVjig.exe
  2⤵
  PID:5524
- C:\Windows\System\dJaMngt.exe
  C:\Windows\System\dJaMngt.exe
  2⤵
  PID:5544
- C:\Windows\System\BMVpVyj.exe
  C:\Windows\System\BMVpVyj.exe
  2⤵
  PID:5564
- C:\Windows\System\PLcxIBp.exe
  C:\Windows\System\PLcxIBp.exe
  2⤵
  PID:5584
- C:\Windows\System\JeNhKHP.exe
  C:\Windows\System\JeNhKHP.exe
  2⤵
  PID:5604
- C:\Windows\System\yQIXYpm.exe
  C:\Windows\System\yQIXYpm.exe
  2⤵
  PID:5624
- C:\Windows\System\CgTChPv.exe
  C:\Windows\System\CgTChPv.exe
  2⤵
  PID:5644
- C:\Windows\System\HZozhBN.exe
  C:\Windows\System\HZozhBN.exe
  2⤵
  PID:5664
- C:\Windows\System\BOfxzwN.exe
  C:\Windows\System\BOfxzwN.exe
  2⤵
  PID:5684
- C:\Windows\System\yYkeGFC.exe
  C:\Windows\System\yYkeGFC.exe
  2⤵
  PID:5704
- C:\Windows\System\ZCjPsNV.exe
  C:\Windows\System\ZCjPsNV.exe
  2⤵
  PID:5724
- C:\Windows\System\tGcedRr.exe
  C:\Windows\System\tGcedRr.exe
  2⤵
  PID:5744
- C:\Windows\System\yfUJodA.exe
  C:\Windows\System\yfUJodA.exe
  2⤵
  PID:5764
- C:\Windows\System\rltjZYS.exe
  C:\Windows\System\rltjZYS.exe
  2⤵
  PID:5784
- C:\Windows\System\CHDlDiH.exe
  C:\Windows\System\CHDlDiH.exe
  2⤵
  PID:5804
- C:\Windows\System\ZrCrrwh.exe
  C:\Windows\System\ZrCrrwh.exe
  2⤵
  PID:5824
- C:\Windows\System\RAUSvSd.exe
  C:\Windows\System\RAUSvSd.exe
  2⤵
  PID:5844
- C:\Windows\System\vmFsYMR.exe
  C:\Windows\System\vmFsYMR.exe
  2⤵
  PID:5864
- C:\Windows\System\feXSYNB.exe
  C:\Windows\System\feXSYNB.exe
  2⤵
  PID:5884
- C:\Windows\System\LKCSsfE.exe
  C:\Windows\System\LKCSsfE.exe
  2⤵
  PID:5904
- C:\Windows\System\VKeQFZY.exe
  C:\Windows\System\VKeQFZY.exe
  2⤵
  PID:5924
- C:\Windows\System\aWltmYk.exe
  C:\Windows\System\aWltmYk.exe
  2⤵
  PID:5944
- C:\Windows\System\CXtUhzw.exe
  C:\Windows\System\CXtUhzw.exe
  2⤵
  PID:5964
- C:\Windows\System\NewqTKf.exe
  C:\Windows\System\NewqTKf.exe
  2⤵
  PID:5984
- C:\Windows\System\kLSAIZy.exe
  C:\Windows\System\kLSAIZy.exe
  2⤵
  PID:6004
- C:\Windows\System\Gfvwrwp.exe
  C:\Windows\System\Gfvwrwp.exe
  2⤵
  PID:6024
- C:\Windows\System\OPbHiBW.exe
  C:\Windows\System\OPbHiBW.exe
  2⤵
  PID:6044
- C:\Windows\System\eajibwx.exe
  C:\Windows\System\eajibwx.exe
  2⤵
  PID:6064
- C:\Windows\System\xKpBjSI.exe
  C:\Windows\System\xKpBjSI.exe
  2⤵
  PID:6084
- C:\Windows\System\UWPGDaW.exe
  C:\Windows\System\UWPGDaW.exe
  2⤵
  PID:6104
- C:\Windows\System\NGNuHyK.exe
  C:\Windows\System\NGNuHyK.exe
  2⤵
  PID:6124
- C:\Windows\System\GMtsANZ.exe
  C:\Windows\System\GMtsANZ.exe
  2⤵
  PID:4940
- C:\Windows\System\QjeNtcc.exe
  C:\Windows\System\QjeNtcc.exe
  2⤵
  PID:4624
- C:\Windows\System\jyVGXAi.exe
  C:\Windows\System\jyVGXAi.exe
  2⤵
  PID:5004
- C:\Windows\System\PoVkgXK.exe
  C:\Windows\System\PoVkgXK.exe
  2⤵
  PID:4788
- C:\Windows\System\wOaKdyb.exe
  C:\Windows\System\wOaKdyb.exe
  2⤵
  PID:4644
- C:\Windows\System\KMGClbN.exe
  C:\Windows\System\KMGClbN.exe
  2⤵
  PID:3092
- C:\Windows\System\ZunHxcf.exe
  C:\Windows\System\ZunHxcf.exe
  2⤵
  PID:3644
- C:\Windows\System\sWIitYz.exe
  C:\Windows\System\sWIitYz.exe
  2⤵
  PID:3756
- C:\Windows\System\zMrNJuR.exe
  C:\Windows\System\zMrNJuR.exe
  2⤵
  PID:4704
- C:\Windows\System\grLNJxh.exe
  C:\Windows\System\grLNJxh.exe
  2⤵
  PID:4344
- C:\Windows\System\MgTjrzb.exe
  C:\Windows\System\MgTjrzb.exe
  2⤵
  PID:4132
- C:\Windows\System\wYHMyVh.exe
  C:\Windows\System\wYHMyVh.exe
  2⤵
  PID:5152
- C:\Windows\System\jdeKwRG.exe
  C:\Windows\System\jdeKwRG.exe
  2⤵
  PID:5156
- C:\Windows\System\LcAYKwB.exe
  C:\Windows\System\LcAYKwB.exe
  2⤵
  PID:5176
- C:\Windows\System\TpPwgGs.exe
  C:\Windows\System\TpPwgGs.exe
  2⤵
  PID:5240
- C:\Windows\System\SsJYIDV.exe
  C:\Windows\System\SsJYIDV.exe
  2⤵
  PID:5260
- C:\Windows\System\EBvMohf.exe
  C:\Windows\System\EBvMohf.exe
  2⤵
  PID:5312
- C:\Windows\System\sPSWmTV.exe
  C:\Windows\System\sPSWmTV.exe
  2⤵
  PID:5332
- C:\Windows\System\iaUtePr.exe
  C:\Windows\System\iaUtePr.exe
  2⤵
  PID:5336
- C:\Windows\System\iFnNJWN.exe
  C:\Windows\System\iFnNJWN.exe
  2⤵
  PID:5376
- C:\Windows\System\MQzIjgE.exe
  C:\Windows\System\MQzIjgE.exe
  2⤵
  PID:5420
- C:\Windows\System\SpvBFmN.exe
  C:\Windows\System\SpvBFmN.exe
  2⤵
  PID:5456
- C:\Windows\System\EfGdvhq.exe
  C:\Windows\System\EfGdvhq.exe
  2⤵
  PID:5512
- C:\Windows\System\RiUCCxN.exe
  C:\Windows\System\RiUCCxN.exe
  2⤵
  PID:5532
- C:\Windows\System\ibASwpn.exe
  C:\Windows\System\ibASwpn.exe
  2⤵
  PID:5556
- C:\Windows\System\wMWAtBJ.exe
  C:\Windows\System\wMWAtBJ.exe
  2⤵
  PID:5576
- C:\Windows\System\KFVpRqt.exe
  C:\Windows\System\KFVpRqt.exe
  2⤵
  PID:5616
- C:\Windows\System\koTTpDk.exe
  C:\Windows\System\koTTpDk.exe
  2⤵
  PID:5660
- C:\Windows\System\LMUCCjD.exe
  C:\Windows\System\LMUCCjD.exe
  2⤵
  PID:5692
- C:\Windows\System\rGiaXRN.exe
  C:\Windows\System\rGiaXRN.exe
  2⤵
  PID:5732
- C:\Windows\System\grLazmZ.exe
  C:\Windows\System\grLazmZ.exe
  2⤵
  PID:5740
- C:\Windows\System\jeJQkmM.exe
  C:\Windows\System\jeJQkmM.exe
  2⤵
  PID:5780
- C:\Windows\System\FSbcSmD.exe
  C:\Windows\System\FSbcSmD.exe
  2⤵
  PID:5840
- C:\Windows\System\UyrVxpe.exe
  C:\Windows\System\UyrVxpe.exe
  2⤵
  PID:5860
- C:\Windows\System\wQamIbA.exe
  C:\Windows\System\wQamIbA.exe
  2⤵
  PID:5912
- C:\Windows\System\GFqNajS.exe
  C:\Windows\System\GFqNajS.exe
  2⤵
  PID:5916
- C:\Windows\System\FPxsNmI.exe
  C:\Windows\System\FPxsNmI.exe
  2⤵
  PID:5936
- C:\Windows\System\ccoMjpr.exe
  C:\Windows\System\ccoMjpr.exe
  2⤵
  PID:5980
- C:\Windows\System\WZLjfEf.exe
  C:\Windows\System\WZLjfEf.exe
  2⤵
  PID:6032
- C:\Windows\System\auxmJSE.exe
  C:\Windows\System\auxmJSE.exe
  2⤵
  PID:6060
- C:\Windows\System\TPnLaAx.exe
  C:\Windows\System\TPnLaAx.exe
  2⤵
  PID:6100
- C:\Windows\System\vDXjBRg.exe
  C:\Windows\System\vDXjBRg.exe
  2⤵
  PID:4448
- C:\Windows\System\heNorCC.exe
  C:\Windows\System\heNorCC.exe
  2⤵
  PID:4400
- C:\Windows\System\Qmtlpaw.exe
  C:\Windows\System\Qmtlpaw.exe
  2⤵
  PID:4512
- C:\Windows\System\wBSZVrX.exe
  C:\Windows\System\wBSZVrX.exe
  2⤵
  PID:4600
- C:\Windows\System\LTPcZDq.exe
  C:\Windows\System\LTPcZDq.exe
  2⤵
  PID:4104
- C:\Windows\System\UgFcacE.exe
  C:\Windows\System\UgFcacE.exe
  2⤵
  PID:4364
- C:\Windows\System\HVJNAcQ.exe
  C:\Windows\System\HVJNAcQ.exe
  2⤵
  PID:4436
- C:\Windows\System\iKIuatv.exe
  C:\Windows\System\iKIuatv.exe
  2⤵
  PID:4312
- C:\Windows\System\NCTlYwC.exe
  C:\Windows\System\NCTlYwC.exe
  2⤵
  PID:5136
- C:\Windows\System\BhMUqaD.exe
  C:\Windows\System\BhMUqaD.exe
  2⤵
  PID:5232
- C:\Windows\System\JgtSsTM.exe
  C:\Windows\System\JgtSsTM.exe
  2⤵
  PID:5296
- C:\Windows\System\vOGxuKI.exe
  C:\Windows\System\vOGxuKI.exe
  2⤵
  PID:5340
- C:\Windows\System\CajYPOc.exe
  C:\Windows\System\CajYPOc.exe
  2⤵
  PID:5412
- C:\Windows\System\DuFrUul.exe
  C:\Windows\System\DuFrUul.exe
  2⤵
  PID:5432
- C:\Windows\System\UkEaRWR.exe
  C:\Windows\System\UkEaRWR.exe
  2⤵
  PID:5516
- C:\Windows\System\IqmPJUA.exe
  C:\Windows\System\IqmPJUA.exe
  2⤵
  PID:5600
- C:\Windows\System\fMgtGjO.exe
  C:\Windows\System\fMgtGjO.exe
  2⤵
  PID:5632
- C:\Windows\System\sBoqfts.exe
  C:\Windows\System\sBoqfts.exe
  2⤵
  PID:5720
- C:\Windows\System\xkhgVNo.exe
  C:\Windows\System\xkhgVNo.exe
  2⤵
  PID:5772
- C:\Windows\System\DZXnrtB.exe
  C:\Windows\System\DZXnrtB.exe
  2⤵
  PID:5800
- C:\Windows\System\RhjmNTo.exe
  C:\Windows\System\RhjmNTo.exe
  2⤵
  PID:5852
- C:\Windows\System\zoxSQag.exe
  C:\Windows\System\zoxSQag.exe
  2⤵
  PID:5896
- C:\Windows\System\VmAjzcl.exe
  C:\Windows\System\VmAjzcl.exe
  2⤵
  PID:5972
- C:\Windows\System\BFxoQAI.exe
  C:\Windows\System\BFxoQAI.exe
  2⤵
  PID:5996
- C:\Windows\System\Pmzfjcr.exe
  C:\Windows\System\Pmzfjcr.exe
  2⤵
  PID:6036
- C:\Windows\System\yFOnJkH.exe
  C:\Windows\System\yFOnJkH.exe
  2⤵
  PID:6116
- C:\Windows\System\zVaXVFX.exe
  C:\Windows\System\zVaXVFX.exe
  2⤵
  PID:4888
- C:\Windows\System\NFfPLMK.exe
  C:\Windows\System\NFfPLMK.exe
  2⤵
  PID:5088
- C:\Windows\System\jkvVFlk.exe
  C:\Windows\System\jkvVFlk.exe
  2⤵
  PID:4628
- C:\Windows\System\oKysMPF.exe
  C:\Windows\System\oKysMPF.exe
  2⤵
  PID:4804
- C:\Windows\System\mNIyTIi.exe
  C:\Windows\System\mNIyTIi.exe
  2⤵
  PID:5180
- C:\Windows\System\bVrDnpb.exe
  C:\Windows\System\bVrDnpb.exe
  2⤵
  PID:5316
- C:\Windows\System\OJJbYEv.exe
  C:\Windows\System\OJJbYEv.exe
  2⤵
  PID:5300
- C:\Windows\System\JIvqEzH.exe
  C:\Windows\System\JIvqEzH.exe
  2⤵
  PID:5472
- C:\Windows\System\WCgOSAs.exe
  C:\Windows\System\WCgOSAs.exe
  2⤵
  PID:5536
- C:\Windows\System\QxlzKZA.exe
  C:\Windows\System\QxlzKZA.exe
  2⤵
  PID:5652
- C:\Windows\System\MRIZHDR.exe
  C:\Windows\System\MRIZHDR.exe
  2⤵
  PID:5676
- C:\Windows\System\VYpIkRI.exe
  C:\Windows\System\VYpIkRI.exe
  2⤵
  PID:5756
- C:\Windows\System\JZLdRZL.exe
  C:\Windows\System\JZLdRZL.exe
  2⤵
  PID:6156
- C:\Windows\System\rCQziIs.exe
  C:\Windows\System\rCQziIs.exe
  2⤵
  PID:6176
- C:\Windows\System\vIFyzOH.exe
  C:\Windows\System\vIFyzOH.exe
  2⤵
  PID:6196
- C:\Windows\System\kkAftaN.exe
  C:\Windows\System\kkAftaN.exe
  2⤵
  PID:6216
- C:\Windows\System\MHaLaRq.exe
  C:\Windows\System\MHaLaRq.exe
  2⤵
  PID:6236
- C:\Windows\System\ELaIKTc.exe
  C:\Windows\System\ELaIKTc.exe
  2⤵
  PID:6256
- C:\Windows\System\BayVKmZ.exe
  C:\Windows\System\BayVKmZ.exe
  2⤵
  PID:6276
- C:\Windows\System\LlxYFbj.exe
  C:\Windows\System\LlxYFbj.exe
  2⤵
  PID:6296
- C:\Windows\System\cNWwIhd.exe
  C:\Windows\System\cNWwIhd.exe
  2⤵
  PID:6316
- C:\Windows\System\JvDaHwe.exe
  C:\Windows\System\JvDaHwe.exe
  2⤵
  PID:6336
- C:\Windows\System\NVZFkBA.exe
  C:\Windows\System\NVZFkBA.exe
  2⤵
  PID:6356
- C:\Windows\System\ndFSgKT.exe
  C:\Windows\System\ndFSgKT.exe
  2⤵
  PID:6376
- C:\Windows\System\drvLbPS.exe
  C:\Windows\System\drvLbPS.exe
  2⤵
  PID:6396
- C:\Windows\System\NguGESJ.exe
  C:\Windows\System\NguGESJ.exe
  2⤵
  PID:6416
- C:\Windows\System\bxAuqHT.exe
  C:\Windows\System\bxAuqHT.exe
  2⤵
  PID:6436
- C:\Windows\System\odiBzwl.exe
  C:\Windows\System\odiBzwl.exe
  2⤵
  PID:6456
- C:\Windows\System\ztgDsIt.exe
  C:\Windows\System\ztgDsIt.exe
  2⤵
  PID:6480
- C:\Windows\System\CRuhtMx.exe
  C:\Windows\System\CRuhtMx.exe
  2⤵
  PID:6500
- C:\Windows\System\GnoVMMJ.exe
  C:\Windows\System\GnoVMMJ.exe
  2⤵
  PID:6520
- C:\Windows\System\TYvxbbX.exe
  C:\Windows\System\TYvxbbX.exe
  2⤵
  PID:6540
- C:\Windows\System\uyMtZFo.exe
  C:\Windows\System\uyMtZFo.exe
  2⤵
  PID:6560
- C:\Windows\System\hgUyzkL.exe
  C:\Windows\System\hgUyzkL.exe
  2⤵
  PID:6580
- C:\Windows\System\zRsXnue.exe
  C:\Windows\System\zRsXnue.exe
  2⤵
  PID:6600
- C:\Windows\System\gMpGjzi.exe
  C:\Windows\System\gMpGjzi.exe
  2⤵
  PID:6620
- C:\Windows\System\kNGxyEq.exe
  C:\Windows\System\kNGxyEq.exe
  2⤵
  PID:6640
- C:\Windows\System\fQQvlAY.exe
  C:\Windows\System\fQQvlAY.exe
  2⤵
  PID:6660
- C:\Windows\System\zqTwLSR.exe
  C:\Windows\System\zqTwLSR.exe
  2⤵
  PID:6680
- C:\Windows\System\cYkeHYy.exe
  C:\Windows\System\cYkeHYy.exe
  2⤵
  PID:6700
- C:\Windows\System\sXQLvgP.exe
  C:\Windows\System\sXQLvgP.exe
  2⤵
  PID:6720
- C:\Windows\System\CWUWNAn.exe
  C:\Windows\System\CWUWNAn.exe
  2⤵
  PID:6740
- C:\Windows\System\jQDwXug.exe
  C:\Windows\System\jQDwXug.exe
  2⤵
  PID:6760
- C:\Windows\System\TopvsIT.exe
  C:\Windows\System\TopvsIT.exe
  2⤵
  PID:6780
- C:\Windows\System\NxnDWrd.exe
  C:\Windows\System\NxnDWrd.exe
  2⤵
  PID:6800
- C:\Windows\System\vlDmvDr.exe
  C:\Windows\System\vlDmvDr.exe
  2⤵
  PID:6820
- C:\Windows\System\XxEeOWR.exe
  C:\Windows\System\XxEeOWR.exe
  2⤵
  PID:6840
- C:\Windows\System\njsdLKP.exe
  C:\Windows\System\njsdLKP.exe
  2⤵
  PID:6860
- C:\Windows\System\bRAbmPO.exe
  C:\Windows\System\bRAbmPO.exe
  2⤵
  PID:6880
- C:\Windows\System\OIoCVEI.exe
  C:\Windows\System\OIoCVEI.exe
  2⤵
  PID:6900
- C:\Windows\System\PJNcrNA.exe
  C:\Windows\System\PJNcrNA.exe
  2⤵
  PID:6920
- C:\Windows\System\pUIffcu.exe
  C:\Windows\System\pUIffcu.exe
  2⤵
  PID:6940
- C:\Windows\System\UfDcyQY.exe
  C:\Windows\System\UfDcyQY.exe
  2⤵
  PID:6960
- C:\Windows\System\DimqCXd.exe
  C:\Windows\System\DimqCXd.exe
  2⤵
  PID:6980
- C:\Windows\System\pbNMYIv.exe
  C:\Windows\System\pbNMYIv.exe
  2⤵
  PID:7000
- C:\Windows\System\jCrfltC.exe
  C:\Windows\System\jCrfltC.exe
  2⤵
  PID:7020
- C:\Windows\System\AYIhvwx.exe
  C:\Windows\System\AYIhvwx.exe
  2⤵
  PID:7040
- C:\Windows\System\vJmXsGN.exe
  C:\Windows\System\vJmXsGN.exe
  2⤵
  PID:7060
- C:\Windows\System\pNmoBWc.exe
  C:\Windows\System\pNmoBWc.exe
  2⤵
  PID:7080
- C:\Windows\System\ovOfamk.exe
  C:\Windows\System\ovOfamk.exe
  2⤵
  PID:7100
- C:\Windows\System\kBGPzNa.exe
  C:\Windows\System\kBGPzNa.exe
  2⤵
  PID:7120
- C:\Windows\System\EBjduJy.exe
  C:\Windows\System\EBjduJy.exe
  2⤵
  PID:7140
- C:\Windows\System\cdUfqfy.exe
  C:\Windows\System\cdUfqfy.exe
  2⤵
  PID:7160
- C:\Windows\System\yRjspdf.exe
  C:\Windows\System\yRjspdf.exe
  2⤵
  PID:2768
- C:\Windows\System\sGdhpMT.exe
  C:\Windows\System\sGdhpMT.exe
  2⤵
  PID:5992
- C:\Windows\System\BxSWgRX.exe
  C:\Windows\System\BxSWgRX.exe
  2⤵
  PID:6140
- C:\Windows\System\wPxgwdP.exe
  C:\Windows\System\wPxgwdP.exe
  2⤵
  PID:4868
- C:\Windows\System\BYYEguo.exe
  C:\Windows\System\BYYEguo.exe
  2⤵
  PID:5048
- C:\Windows\System\pKHoBUz.exe
  C:\Windows\System\pKHoBUz.exe
  2⤵
  PID:5200
- C:\Windows\System\jWQmHez.exe
  C:\Windows\System\jWQmHez.exe
  2⤵
  PID:5272
- C:\Windows\System\TBZHoLe.exe
  C:\Windows\System\TBZHoLe.exe
  2⤵
  PID:5452
- C:\Windows\System\FjIFLVe.exe
  C:\Windows\System\FjIFLVe.exe
  2⤵
  PID:5680
- C:\Windows\System\LZlQExO.exe
  C:\Windows\System\LZlQExO.exe
  2⤵
  PID:5820
- C:\Windows\System\SzoEMzP.exe
  C:\Windows\System\SzoEMzP.exe
  2⤵
  PID:6148
- C:\Windows\System\ZBEjXAs.exe
  C:\Windows\System\ZBEjXAs.exe
  2⤵
  PID:6168
- C:\Windows\System\VtyjUje.exe
  C:\Windows\System\VtyjUje.exe
  2⤵
  PID:6208
- C:\Windows\System\qsIxKMV.exe
  C:\Windows\System\qsIxKMV.exe
  2⤵
  PID:6252
- C:\Windows\System\uKmvKFl.exe
  C:\Windows\System\uKmvKFl.exe
  2⤵
  PID:6292
- C:\Windows\System\BCCodnD.exe
  C:\Windows\System\BCCodnD.exe
  2⤵
  PID:6324
- C:\Windows\System\rSNvzKX.exe
  C:\Windows\System\rSNvzKX.exe
  2⤵
  PID:6352
- C:\Windows\System\toKelNN.exe
  C:\Windows\System\toKelNN.exe
  2⤵
  PID:6392
- C:\Windows\System\FwkjYhB.exe
  C:\Windows\System\FwkjYhB.exe
  2⤵
  PID:6424
- C:\Windows\System\QcrdtoE.exe
  C:\Windows\System\QcrdtoE.exe
  2⤵
  PID:6444
- C:\Windows\System\xqEdctG.exe
  C:\Windows\System\xqEdctG.exe
  2⤵
  PID:6488
- C:\Windows\System\NBadaNq.exe
  C:\Windows\System\NBadaNq.exe
  2⤵
  PID:6528
- C:\Windows\System\srrHVNk.exe
  C:\Windows\System\srrHVNk.exe
  2⤵
  PID:764
- C:\Windows\System\zxMXQwr.exe
  C:\Windows\System\zxMXQwr.exe
  2⤵
  PID:6588
- C:\Windows\System\oNKllUZ.exe
  C:\Windows\System\oNKllUZ.exe
  2⤵
  PID:6616
- C:\Windows\System\LpRBfkj.exe
  C:\Windows\System\LpRBfkj.exe
  2⤵
  PID:6632
- C:\Windows\System\FVPxmVZ.exe
  C:\Windows\System\FVPxmVZ.exe
  2⤵
  PID:6676
- C:\Windows\System\bcsJrmk.exe
  C:\Windows\System\bcsJrmk.exe
  2⤵
  PID:6716
- C:\Windows\System\CGpSPOj.exe
  C:\Windows\System\CGpSPOj.exe
  2⤵
  PID:6748
- C:\Windows\System\Zadslhe.exe
  C:\Windows\System\Zadslhe.exe
  2⤵
  PID:6776
- C:\Windows\System\zreuqXq.exe
  C:\Windows\System\zreuqXq.exe
  2⤵
  PID:6816
- C:\Windows\System\emQzSby.exe
  C:\Windows\System\emQzSby.exe
  2⤵
  PID:6856
- C:\Windows\System\jrhIUlU.exe
  C:\Windows\System\jrhIUlU.exe
  2⤵
  PID:6888
- C:\Windows\System\HbrbaVi.exe
  C:\Windows\System\HbrbaVi.exe
  2⤵
  PID:6912
- C:\Windows\System\YrbDkwQ.exe
  C:\Windows\System\YrbDkwQ.exe
  2⤵
  PID:6932
- C:\Windows\System\KCRqEAf.exe
  C:\Windows\System\KCRqEAf.exe
  2⤵
  PID:6988
- C:\Windows\System\xlPvGmF.exe
  C:\Windows\System\xlPvGmF.exe
  2⤵
  PID:7028
- C:\Windows\System\kbCHiGl.exe
  C:\Windows\System\kbCHiGl.exe
  2⤵
  PID:7048
- C:\Windows\System\rBdITaR.exe
  C:\Windows\System\rBdITaR.exe
  2⤵
  PID:7088
- C:\Windows\System\pDtQtXz.exe
  C:\Windows\System\pDtQtXz.exe
  2⤵
  PID:7112
- C:\Windows\System\CFfZsJE.exe
  C:\Windows\System\CFfZsJE.exe
  2⤵
  PID:7152
- C:\Windows\System\DPQVAjg.exe
  C:\Windows\System\DPQVAjg.exe
  2⤵
  PID:2784
- C:\Windows\System\WQYRpId.exe
  C:\Windows\System\WQYRpId.exe
  2⤵
  PID:5900
- C:\Windows\System\cnLMDrx.exe
  C:\Windows\System\cnLMDrx.exe
  2⤵
  PID:6112
- C:\Windows\System\MxTRmob.exe
  C:\Windows\System\MxTRmob.exe
  2⤵
  PID:2176
- C:\Windows\System\NiPQPAA.exe
  C:\Windows\System\NiPQPAA.exe
  2⤵
  PID:5216
- C:\Windows\System\wvYWyno.exe
  C:\Windows\System\wvYWyno.exe
  2⤵
  PID:5592
- C:\Windows\System\TKZhXot.exe
  C:\Windows\System\TKZhXot.exe
  2⤵
  PID:6172
- C:\Windows\System\ShRDCHW.exe
  C:\Windows\System\ShRDCHW.exe
  2⤵
  PID:5476
- C:\Windows\System\IDcYfYD.exe
  C:\Windows\System\IDcYfYD.exe
  2⤵
  PID:6264
- C:\Windows\System\zzSXXWO.exe
  C:\Windows\System\zzSXXWO.exe
  2⤵
  PID:6224
- C:\Windows\System\URQtxSW.exe
  C:\Windows\System\URQtxSW.exe
  2⤵
  PID:6372
- C:\Windows\System\SveeNut.exe
  C:\Windows\System\SveeNut.exe
  2⤵
  PID:2912
- C:\Windows\System\yMCUuNn.exe
  C:\Windows\System\yMCUuNn.exe
  2⤵
  PID:6516
- C:\Windows\System\HOjBxVc.exe
  C:\Windows\System\HOjBxVc.exe
  2⤵
  PID:6404
- C:\Windows\System\cXlSiFZ.exe
  C:\Windows\System\cXlSiFZ.exe
  2⤵
  PID:6636
- C:\Windows\System\mcDqJtL.exe
  C:\Windows\System\mcDqJtL.exe
  2⤵
  PID:6556
- C:\Windows\System\ENhTuwO.exe
  C:\Windows\System\ENhTuwO.exe
  2⤵
  PID:6708
- C:\Windows\System\EXsNkjX.exe
  C:\Windows\System\EXsNkjX.exe
  2⤵
  PID:6752
- C:\Windows\System\JfuSzbn.exe
  C:\Windows\System\JfuSzbn.exe
  2⤵
  PID:6728
- C:\Windows\System\uEbwMqM.exe
  C:\Windows\System\uEbwMqM.exe
  2⤵
  PID:2800
- C:\Windows\System\RcYmMKA.exe
  C:\Windows\System\RcYmMKA.exe
  2⤵
  PID:6916
- C:\Windows\System\zWWCJTe.exe
  C:\Windows\System\zWWCJTe.exe
  2⤵
  PID:2624
- C:\Windows\System\HnUHFdb.exe
  C:\Windows\System\HnUHFdb.exe
  2⤵
  PID:6968
- C:\Windows\System\hASWgLq.exe
  C:\Windows\System\hASWgLq.exe
  2⤵
  PID:6876
- C:\Windows\System\kSIhnMC.exe
  C:\Windows\System\kSIhnMC.exe
  2⤵
  PID:7012
- C:\Windows\System\mOAIiyU.exe
  C:\Windows\System\mOAIiyU.exe
  2⤵
  PID:7092
- C:\Windows\System\FStksOI.exe
  C:\Windows\System\FStksOI.exe
  2⤵
  PID:6052
- C:\Windows\System\IvtPzMt.exe
  C:\Windows\System\IvtPzMt.exe
  2⤵
  PID:7156
- C:\Windows\System\ecBFUAR.exe
  C:\Windows\System\ecBFUAR.exe
  2⤵
  PID:4764
- C:\Windows\System\YTKJJVL.exe
  C:\Windows\System\YTKJJVL.exe
  2⤵
  PID:6136
- C:\Windows\System\mbtmwau.exe
  C:\Windows\System\mbtmwau.exe
  2⤵
  PID:5372
- C:\Windows\System\WGOMzsM.exe
  C:\Windows\System\WGOMzsM.exe
  2⤵
  PID:6204
- C:\Windows\System\AfYvIDb.exe
  C:\Windows\System\AfYvIDb.exe
  2⤵
  PID:6384
- C:\Windows\System\jmvjfCT.exe
  C:\Windows\System\jmvjfCT.exe
  2⤵
  PID:2384
- C:\Windows\System\OItZwuH.exe
  C:\Windows\System\OItZwuH.exe
  2⤵
  PID:6692
- C:\Windows\System\PEmsQkY.exe
  C:\Windows\System\PEmsQkY.exe
  2⤵
  PID:6732
- C:\Windows\System\ygYDkZc.exe
  C:\Windows\System\ygYDkZc.exe
  2⤵
  PID:6808
- C:\Windows\System\dGZjIks.exe
  C:\Windows\System\dGZjIks.exe
  2⤵
  PID:5540
- C:\Windows\System\QWXhCtr.exe
  C:\Windows\System\QWXhCtr.exe
  2⤵
  PID:6312
- C:\Windows\System\BsGGzEY.exe
  C:\Windows\System\BsGGzEY.exe
  2⤵
  PID:6428
- C:\Windows\System\rNHiPLE.exe
  C:\Windows\System\rNHiPLE.exe
  2⤵
  PID:6512
- C:\Windows\System\dWiBbaU.exe
  C:\Windows\System\dWiBbaU.exe
  2⤵
  PID:6472
- C:\Windows\System\cIpmunm.exe
  C:\Windows\System\cIpmunm.exe
  2⤵
  PID:1816
- C:\Windows\System\dfyRTyt.exe
  C:\Windows\System\dfyRTyt.exe
  2⤵
  PID:7096
- C:\Windows\System\IuKwtQs.exe
  C:\Windows\System\IuKwtQs.exe
  2⤵
  PID:6848
- C:\Windows\System\LDhAxjR.exe
  C:\Windows\System\LDhAxjR.exe
  2⤵
  PID:2024
- C:\Windows\System\oZiJsOE.exe
  C:\Windows\System\oZiJsOE.exe
  2⤵
  PID:2732
- C:\Windows\System\kcEjIIC.exe
  C:\Windows\System\kcEjIIC.exe
  2⤵
  PID:5360
- C:\Windows\System\EbAHSHL.exe
  C:\Windows\System\EbAHSHL.exe
  2⤵
  PID:6272
- C:\Windows\System\DTLLNTh.exe
  C:\Windows\System\DTLLNTh.exe
  2⤵
  PID:6688
- C:\Windows\System\rXIaeMk.exe
  C:\Windows\System\rXIaeMk.exe
  2⤵
  PID:3032
- C:\Windows\System\KAPeDXK.exe
  C:\Windows\System\KAPeDXK.exe
  2⤵
  PID:6908
- C:\Windows\System\xAqAhVB.exe
  C:\Windows\System\xAqAhVB.exe
  2⤵
  PID:6228
- C:\Windows\System\EZHfgQn.exe
  C:\Windows\System\EZHfgQn.exe
  2⤵
  PID:5672
- C:\Windows\System\MWHrZNX.exe
  C:\Windows\System\MWHrZNX.exe
  2⤵
  PID:7068
- C:\Windows\System\KGcMowB.exe
  C:\Windows\System\KGcMowB.exe
  2⤵
  PID:2864
- C:\Windows\System\gjsQlim.exe
  C:\Windows\System\gjsQlim.exe
  2⤵
  PID:7008
- C:\Windows\System\QvZSCVu.exe
  C:\Windows\System\QvZSCVu.exe
  2⤵
  PID:7056
- C:\Windows\System\VbXPEAw.exe
  C:\Windows\System\VbXPEAw.exe
  2⤵
  PID:6992
- C:\Windows\System\rvLjiEK.exe
  C:\Windows\System\rvLjiEK.exe
  2⤵
  PID:2108
- C:\Windows\System\zyqHanO.exe
  C:\Windows\System\zyqHanO.exe
  2⤵
  PID:5580
- C:\Windows\System\cpsFatL.exe
  C:\Windows\System\cpsFatL.exe
  2⤵
  PID:6468
- C:\Windows\System\xNyeLYu.exe
  C:\Windows\System\xNyeLYu.exe
  2⤵
  PID:6388
- C:\Windows\System\BybVQLd.exe
  C:\Windows\System\BybVQLd.exe
  2⤵
  PID:3020
- C:\Windows\System\zzBYPBB.exe
  C:\Windows\System\zzBYPBB.exe
  2⤵
  PID:1652
- C:\Windows\System\DEAIZZz.exe
  C:\Windows\System\DEAIZZz.exe
  2⤵
  PID:7180
- C:\Windows\System\xvVwGOh.exe
  C:\Windows\System\xvVwGOh.exe
  2⤵
  PID:7204
- C:\Windows\System\jdVNgAR.exe
  C:\Windows\System\jdVNgAR.exe
  2⤵
  PID:7232
- C:\Windows\System\wZboBiA.exe
  C:\Windows\System\wZboBiA.exe
  2⤵
  PID:7256
- C:\Windows\System\FZpOYgv.exe
  C:\Windows\System\FZpOYgv.exe
  2⤵
  PID:7272
- C:\Windows\System\WhJbNlZ.exe
  C:\Windows\System\WhJbNlZ.exe
  2⤵
  PID:7292
- C:\Windows\System\JToNamV.exe
  C:\Windows\System\JToNamV.exe
  2⤵
  PID:7316
- C:\Windows\System\OgmKRHo.exe
  C:\Windows\System\OgmKRHo.exe
  2⤵
  PID:7352
- C:\Windows\System\NAPSSXC.exe
  C:\Windows\System\NAPSSXC.exe
  2⤵
  PID:7368
- C:\Windows\System\CvRGdIg.exe
  C:\Windows\System\CvRGdIg.exe
  2⤵
  PID:7388
- C:\Windows\System\lgLUALB.exe
  C:\Windows\System\lgLUALB.exe
  2⤵
  PID:7408
- C:\Windows\System\mTDDWfs.exe
  C:\Windows\System\mTDDWfs.exe
  2⤵
  PID:7424
- C:\Windows\System\mVNMebv.exe
  C:\Windows\System\mVNMebv.exe
  2⤵
  PID:7440
- C:\Windows\System\yZBvUVY.exe
  C:\Windows\System\yZBvUVY.exe
  2⤵
  PID:7456
- C:\Windows\System\YdTBHAA.exe
  C:\Windows\System\YdTBHAA.exe
  2⤵
  PID:7472
- C:\Windows\System\gceNEWt.exe
  C:\Windows\System\gceNEWt.exe
  2⤵
  PID:7488
- C:\Windows\System\bqqeQXm.exe
  C:\Windows\System\bqqeQXm.exe
  2⤵
  PID:7508
- C:\Windows\System\tWzNjFJ.exe
  C:\Windows\System\tWzNjFJ.exe
  2⤵
  PID:7524
- C:\Windows\System\vjavKCu.exe
  C:\Windows\System\vjavKCu.exe
  2⤵
  PID:7540
- C:\Windows\System\YOUHAPX.exe
  C:\Windows\System\YOUHAPX.exe
  2⤵
  PID:7576
- C:\Windows\System\OVSYLzK.exe
  C:\Windows\System\OVSYLzK.exe
  2⤵
  PID:7596
- C:\Windows\System\QiegfzC.exe
  C:\Windows\System\QiegfzC.exe
  2⤵
  PID:7640
- C:\Windows\System\hedYgop.exe
  C:\Windows\System\hedYgop.exe
  2⤵
  PID:7684
- C:\Windows\System\tihxnmM.exe
  C:\Windows\System\tihxnmM.exe
  2⤵
  PID:7700
- C:\Windows\System\VayxUSS.exe
  C:\Windows\System\VayxUSS.exe
  2⤵
  PID:7720
- C:\Windows\System\zFSJHcs.exe
  C:\Windows\System\zFSJHcs.exe
  2⤵
  PID:7736
- C:\Windows\System\iZNkjyS.exe
  C:\Windows\System\iZNkjyS.exe
  2⤵
  PID:7764
- C:\Windows\System\iwmICDk.exe
  C:\Windows\System\iwmICDk.exe
  2⤵
  PID:7780
- C:\Windows\System\QfaVtdh.exe
  C:\Windows\System\QfaVtdh.exe
  2⤵
  PID:7800
- C:\Windows\System\XuITcYk.exe
  C:\Windows\System\XuITcYk.exe
  2⤵
  PID:7816
- C:\Windows\System\PFhgyJl.exe
  C:\Windows\System\PFhgyJl.exe
  2⤵
  PID:7836
- C:\Windows\System\WAjymrX.exe
  C:\Windows\System\WAjymrX.exe
  2⤵
  PID:7856
- C:\Windows\System\uDQAFYh.exe
  C:\Windows\System\uDQAFYh.exe
  2⤵
  PID:7872
- C:\Windows\System\XwkMYRx.exe
  C:\Windows\System\XwkMYRx.exe
  2⤵
  PID:7888
- C:\Windows\System\kshUoas.exe
  C:\Windows\System\kshUoas.exe
  2⤵
  PID:7904
- C:\Windows\System\LSLAqHA.exe
  C:\Windows\System\LSLAqHA.exe
  2⤵
  PID:7928
- C:\Windows\System\BmJchwv.exe
  C:\Windows\System\BmJchwv.exe
  2⤵
  PID:7960
- C:\Windows\System\WcyNsyw.exe
  C:\Windows\System\WcyNsyw.exe
  2⤵
  PID:7980
- C:\Windows\System\ESJjtYF.exe
  C:\Windows\System\ESJjtYF.exe
  2⤵
  PID:7996
- C:\Windows\System\JmZCOrW.exe
  C:\Windows\System\JmZCOrW.exe
  2⤵
  PID:8032
- C:\Windows\System\LSeRpkP.exe
  C:\Windows\System\LSeRpkP.exe
  2⤵
  PID:8048
- C:\Windows\System\zZEEZhE.exe
  C:\Windows\System\zZEEZhE.exe
  2⤵
  PID:8064
- C:\Windows\System\nTzUSPa.exe
  C:\Windows\System\nTzUSPa.exe
  2⤵
  PID:8080
- C:\Windows\System\RpBebUb.exe
  C:\Windows\System\RpBebUb.exe
  2⤵
  PID:8096
- C:\Windows\System\XRjuTvm.exe
  C:\Windows\System\XRjuTvm.exe
  2⤵
  PID:8112
- C:\Windows\System\GguFMBy.exe
  C:\Windows\System\GguFMBy.exe
  2⤵
  PID:8128
- C:\Windows\System\BucbKtt.exe
  C:\Windows\System\BucbKtt.exe
  2⤵
  PID:8144
- C:\Windows\System\yUIZDgm.exe
  C:\Windows\System\yUIZDgm.exe
  2⤵
  PID:8160
- C:\Windows\System\kbifDBv.exe
  C:\Windows\System\kbifDBv.exe
  2⤵
  PID:8176
- C:\Windows\System\btaPzHg.exe
  C:\Windows\System\btaPzHg.exe
  2⤵
  PID:6608
- C:\Windows\System\cfIsrdO.exe
  C:\Windows\System\cfIsrdO.exe
  2⤵
  PID:6284
- C:\Windows\System\bEyeuOU.exe
  C:\Windows\System\bEyeuOU.exe
  2⤵
  PID:6668
- C:\Windows\System\pbixRTe.exe
  C:\Windows\System\pbixRTe.exe
  2⤵
  PID:4984
- C:\Windows\System\AYpCAvC.exe
  C:\Windows\System\AYpCAvC.exe
  2⤵
  PID:6152
- C:\Windows\System\icBRNqZ.exe
  C:\Windows\System\icBRNqZ.exe
  2⤵
  PID:2988
- C:\Windows\System\tPJzudK.exe
  C:\Windows\System\tPJzudK.exe
  2⤵
  PID:7176
- C:\Windows\System\mxPMTpF.exe
  C:\Windows\System\mxPMTpF.exe
  2⤵
  PID:2808
- C:\Windows\System\JwKkVGY.exe
  C:\Windows\System\JwKkVGY.exe
  2⤵
  PID:828
- C:\Windows\System\YHvFaaU.exe
  C:\Windows\System\YHvFaaU.exe
  2⤵
  PID:3060
- C:\Windows\System\cvZNzQr.exe
  C:\Windows\System\cvZNzQr.exe
  2⤵
  PID:7216
- C:\Windows\System\sBcfDiH.exe
  C:\Windows\System\sBcfDiH.exe
  2⤵
  PID:7288
- C:\Windows\System\TtDHtoS.exe
  C:\Windows\System\TtDHtoS.exe
  2⤵
  PID:7328
- C:\Windows\System\Yntaymq.exe
  C:\Windows\System\Yntaymq.exe
  2⤵
  PID:2580
- C:\Windows\System\SajURAF.exe
  C:\Windows\System\SajURAF.exe
  2⤵
  PID:7384
- C:\Windows\System\TarVSsj.exe
  C:\Windows\System\TarVSsj.exe
  2⤵
  PID:7484
- C:\Windows\System\meIlTnw.exe
  C:\Windows\System\meIlTnw.exe
  2⤵
  PID:7552
- C:\Windows\System\hBOMSHz.exe
  C:\Windows\System\hBOMSHz.exe
  2⤵
  PID:7264
- C:\Windows\System\AuWGjHF.exe
  C:\Windows\System\AuWGjHF.exe
  2⤵
  PID:7500
- C:\Windows\System\TegQHbV.exe
  C:\Windows\System\TegQHbV.exe
  2⤵
  PID:7360
- C:\Windows\System\naRkjWD.exe
  C:\Windows\System\naRkjWD.exe
  2⤵
  PID:7432
- C:\Windows\System\DYzUFrT.exe
  C:\Windows\System\DYzUFrT.exe
  2⤵
  PID:7632
- C:\Windows\System\YYIRSPD.exe
  C:\Windows\System\YYIRSPD.exe
  2⤵
  PID:1508
- C:\Windows\System\qiXXJEO.exe
  C:\Windows\System\qiXXJEO.exe
  2⤵
  PID:7660
- C:\Windows\System\PyGMfMt.exe
  C:\Windows\System\PyGMfMt.exe
  2⤵
  PID:7676
- C:\Windows\System\GSEUrjv.exe
  C:\Windows\System\GSEUrjv.exe
  2⤵
  PID:7712
- C:\Windows\System\MvPAnnG.exe
  C:\Windows\System\MvPAnnG.exe
  2⤵
  PID:7808
- C:\Windows\System\uQUopYp.exe
  C:\Windows\System\uQUopYp.exe
  2⤵
  PID:7304
- C:\Windows\System\BgHXOls.exe
  C:\Windows\System\BgHXOls.exe
  2⤵
  PID:7756
- C:\Windows\System\LxdlUEr.exe
  C:\Windows\System\LxdlUEr.exe
  2⤵
  PID:7796
- C:\Windows\System\HAhQrJQ.exe
  C:\Windows\System\HAhQrJQ.exe
  2⤵
  PID:7924
- C:\Windows\System\xvmmVLW.exe
  C:\Windows\System\xvmmVLW.exe
  2⤵
  PID:7900
- C:\Windows\System\FUhgFha.exe
  C:\Windows\System\FUhgFha.exe
  2⤵
  PID:7968
- C:\Windows\System\mLVFokI.exe
  C:\Windows\System\mLVFokI.exe
  2⤵
  PID:7976
- C:\Windows\System\FZcTBXw.exe
  C:\Windows\System\FZcTBXw.exe
  2⤵
  PID:8012
- C:\Windows\System\uJrPPcK.exe
  C:\Windows\System\uJrPPcK.exe
  2⤵
  PID:8056
- C:\Windows\System\rnYtupt.exe
  C:\Windows\System\rnYtupt.exe
  2⤵
  PID:8124
- C:\Windows\System\tQibWiK.exe
  C:\Windows\System\tQibWiK.exe
  2⤵
  PID:8136
- C:\Windows\System\GBDWmGp.exe
  C:\Windows\System\GBDWmGp.exe
  2⤵
  PID:7344
- C:\Windows\System\HiHkhOa.exe
  C:\Windows\System\HiHkhOa.exe
  2⤵
  PID:7192
- C:\Windows\System\kPjqYEk.exe
  C:\Windows\System\kPjqYEk.exe
  2⤵
  PID:7116
- C:\Windows\System\BvcYrcU.exe
  C:\Windows\System\BvcYrcU.exe
  2⤵
  PID:1176
- C:\Windows\System\QRaihyU.exe
  C:\Windows\System\QRaihyU.exe
  2⤵
  PID:2836
- C:\Windows\System\ViypEjX.exe
  C:\Windows\System\ViypEjX.exe
  2⤵
  PID:6796
- C:\Windows\System\DLmXgCn.exe
  C:\Windows\System\DLmXgCn.exe
  2⤵
  PID:6972
- C:\Windows\System\sURprHJ.exe
  C:\Windows\System\sURprHJ.exe
  2⤵
  PID:7348
- C:\Windows\System\MlQuCFO.exe
  C:\Windows\System\MlQuCFO.exe
  2⤵
  PID:7220
- C:\Windows\System\TZcZAuP.exe
  C:\Windows\System\TZcZAuP.exe
  2⤵
  PID:7548
- C:\Windows\System\sfPAmGZ.exe
  C:\Windows\System\sfPAmGZ.exe
  2⤵
  PID:7280
- C:\Windows\System\HxDCYXB.exe
  C:\Windows\System\HxDCYXB.exe
  2⤵
  PID:8040
- C:\Windows\System\nlqDEMi.exe
  C:\Windows\System\nlqDEMi.exe
  2⤵
  PID:7420
- C:\Windows\System\sOqinyN.exe
  C:\Windows\System\sOqinyN.exe
  2⤵
  PID:7480
- C:\Windows\System\BPJXmqn.exe
  C:\Windows\System\BPJXmqn.exe
  2⤵
  PID:7532
- C:\Windows\System\vnZwpCA.exe
  C:\Windows\System\vnZwpCA.exe
  2⤵
  PID:7628
- C:\Windows\System\fzQfUgT.exe
  C:\Windows\System\fzQfUgT.exe
  2⤵
  PID:7396
- C:\Windows\System\zHmcABY.exe
  C:\Windows\System\zHmcABY.exe
  2⤵
  PID:7656
- C:\Windows\System\GlsXWDQ.exe
  C:\Windows\System\GlsXWDQ.exe
  2⤵
  PID:7844
- C:\Windows\System\XsLmdkc.exe
  C:\Windows\System\XsLmdkc.exe
  2⤵
  PID:7884
- C:\Windows\System\MKrbuSY.exe
  C:\Windows\System\MKrbuSY.exe
  2⤵
  PID:7792
- C:\Windows\System\fwzInYZ.exe
  C:\Windows\System\fwzInYZ.exe
  2⤵
  PID:7896
- C:\Windows\System\bwOEYOt.exe
  C:\Windows\System\bwOEYOt.exe
  2⤵
  PID:7588
- C:\Windows\System\alknpAo.exe
  C:\Windows\System\alknpAo.exe
  2⤵
  PID:8028
- C:\Windows\System\cGpRhqE.exe
  C:\Windows\System\cGpRhqE.exe
  2⤵
  PID:8108
- C:\Windows\System\qNQWWbR.exe
  C:\Windows\System\qNQWWbR.exe
  2⤵
  PID:2412
- C:\Windows\System\HHdViYm.exe
  C:\Windows\System\HHdViYm.exe
  2⤵
  PID:7672
- C:\Windows\System\gAcNbFL.exe
  C:\Windows\System\gAcNbFL.exe
  2⤵
  PID:7560
- C:\Windows\System\felInON.exe
  C:\Windows\System\felInON.exe
  2⤵
  PID:7452
- C:\Windows\System\PYRQwHF.exe
  C:\Windows\System\PYRQwHF.exe
  2⤵
  PID:7652
- C:\Windows\System\uQToDtO.exe
  C:\Windows\System\uQToDtO.exe
  2⤵
  PID:7696
- C:\Windows\System\KiqqZAs.exe
  C:\Windows\System\KiqqZAs.exe
  2⤵
  PID:8212
- C:\Windows\System\uyrCNKB.exe
  C:\Windows\System\uyrCNKB.exe
  2⤵
  PID:8232
- C:\Windows\System\TlLttRx.exe
  C:\Windows\System\TlLttRx.exe
  2⤵
  PID:8248
- C:\Windows\System\cMKBJxY.exe
  C:\Windows\System\cMKBJxY.exe
  2⤵
  PID:8268
- C:\Windows\System\Sxijyob.exe
  C:\Windows\System\Sxijyob.exe
  2⤵
  PID:8284
- C:\Windows\System\mZWCDEa.exe
  C:\Windows\System\mZWCDEa.exe
  2⤵
  PID:8300
- C:\Windows\System\xkFuTtW.exe
  C:\Windows\System\xkFuTtW.exe
  2⤵
  PID:8316
- C:\Windows\System\bPjinsj.exe
  C:\Windows\System\bPjinsj.exe
  2⤵
  PID:8340
- C:\Windows\System\zLETCIe.exe
  C:\Windows\System\zLETCIe.exe
  2⤵
  PID:8356
- C:\Windows\System\yFCIMYk.exe
  C:\Windows\System\yFCIMYk.exe
  2⤵
  PID:8376
- C:\Windows\System\uBREbEY.exe
  C:\Windows\System\uBREbEY.exe
  2⤵
  PID:8396
- C:\Windows\System\gdpjVVj.exe
  C:\Windows\System\gdpjVVj.exe
  2⤵
  PID:8412
- C:\Windows\System\dQiWRBC.exe
  C:\Windows\System\dQiWRBC.exe
  2⤵
  PID:8428
- C:\Windows\System\DYgzUAn.exe
  C:\Windows\System\DYgzUAn.exe
  2⤵
  PID:8444
- C:\Windows\System\MAEWRwD.exe
  C:\Windows\System\MAEWRwD.exe
  2⤵
  PID:8460
- C:\Windows\System\eEbMZHW.exe
  C:\Windows\System\eEbMZHW.exe
  2⤵
  PID:8476
- C:\Windows\System\CRAjqBk.exe
  C:\Windows\System\CRAjqBk.exe
  2⤵
  PID:8492
- C:\Windows\System\atssJJC.exe
  C:\Windows\System\atssJJC.exe
  2⤵
  PID:8508
- C:\Windows\System\GHqvwRT.exe
  C:\Windows\System\GHqvwRT.exe
  2⤵
  PID:8524
- C:\Windows\System\VERjrWx.exe
  C:\Windows\System\VERjrWx.exe
  2⤵
  PID:8540
- C:\Windows\System\RGvvGIJ.exe
  C:\Windows\System\RGvvGIJ.exe
  2⤵
  PID:8556
- C:\Windows\System\kIXwvox.exe
  C:\Windows\System\kIXwvox.exe
  2⤵
  PID:8572
- C:\Windows\System\pSYBWGG.exe
  C:\Windows\System\pSYBWGG.exe
  2⤵
  PID:8736
- C:\Windows\System\jNMVUJG.exe
  C:\Windows\System\jNMVUJG.exe
  2⤵
  PID:8760
- C:\Windows\System\bJYJGJF.exe
  C:\Windows\System\bJYJGJF.exe
  2⤵
  PID:8784
- C:\Windows\System\DzgTZuK.exe
  C:\Windows\System\DzgTZuK.exe
  2⤵
  PID:8804
- C:\Windows\System\weSImqk.exe
  C:\Windows\System\weSImqk.exe
  2⤵
  PID:8820
- C:\Windows\System\diVsyiK.exe
  C:\Windows\System\diVsyiK.exe
  2⤵
  PID:8880
- C:\Windows\System\kpixXzY.exe
  C:\Windows\System\kpixXzY.exe
  2⤵
  PID:8900
- C:\Windows\System\JFCNSeN.exe
  C:\Windows\System\JFCNSeN.exe
  2⤵
  PID:8924
- C:\Windows\System\BQlqVvk.exe
  C:\Windows\System\BQlqVvk.exe
  2⤵
  PID:8944
- C:\Windows\System\EuREdOV.exe
  C:\Windows\System\EuREdOV.exe
  2⤵
  PID:8960
- C:\Windows\System\disfzZz.exe
  C:\Windows\System\disfzZz.exe
  2⤵
  PID:8976
- C:\Windows\System\DcanubF.exe
  C:\Windows\System\DcanubF.exe
  2⤵
  PID:8992
- C:\Windows\System\mNXaveq.exe
  C:\Windows\System\mNXaveq.exe
  2⤵
  PID:9028
- C:\Windows\System\OpGEmSf.exe
  C:\Windows\System\OpGEmSf.exe
  2⤵
  PID:9056
- C:\Windows\System\jInSTlQ.exe
  C:\Windows\System\jInSTlQ.exe
  2⤵
  PID:9076
- C:\Windows\System\jwBTbwt.exe
  C:\Windows\System\jwBTbwt.exe
  2⤵
  PID:9096
- C:\Windows\System\degGJHw.exe
  C:\Windows\System\degGJHw.exe
  2⤵
  PID:9116
- C:\Windows\System\QhAyZUW.exe
  C:\Windows\System\QhAyZUW.exe
  2⤵
  PID:9132
- C:\Windows\System\lqSzuHI.exe
  C:\Windows\System\lqSzuHI.exe
  2⤵
  PID:9148
- C:\Windows\System\SCaftQp.exe
  C:\Windows\System\SCaftQp.exe
  2⤵
  PID:9164
- C:\Windows\System\eFIcynf.exe
  C:\Windows\System\eFIcynf.exe
  2⤵
  PID:9188
- C:\Windows\System\ZpMAWZN.exe
  C:\Windows\System\ZpMAWZN.exe
  2⤵
  PID:9204
- C:\Windows\System\rJZjQnf.exe
  C:\Windows\System\rJZjQnf.exe
  2⤵
  PID:8020
- C:\Windows\System\xOfSlIE.exe
  C:\Windows\System\xOfSlIE.exe
  2⤵
  PID:2040
- C:\Windows\System\ntJIYNS.exe
  C:\Windows\System\ntJIYNS.exe
  2⤵
  PID:8220
- C:\Windows\System\vIzUgPW.exe
  C:\Windows\System\vIzUgPW.exe
  2⤵
  PID:8092
- C:\Windows\System\uwDyTpW.exe
  C:\Windows\System\uwDyTpW.exe
  2⤵
  PID:7916
- C:\Windows\System\VrUgQCb.exe
  C:\Windows\System\VrUgQCb.exe
  2⤵
  PID:8152
- C:\Windows\System\BSkuPxG.exe
  C:\Windows\System\BSkuPxG.exe
  2⤵
  PID:2816
- C:\Windows\System\qdBmSEo.exe
  C:\Windows\System\qdBmSEo.exe
  2⤵
  PID:7380
- C:\Windows\System\FzaqsIX.exe
  C:\Windows\System\FzaqsIX.exe
  2⤵
  PID:7228
- C:\Windows\System\ltwqIhF.exe
  C:\Windows\System\ltwqIhF.exe
  2⤵
  PID:7496
- C:\Windows\System\SigLNrI.exe
  C:\Windows\System\SigLNrI.exe
  2⤵
  PID:7952
- C:\Windows\System\KWRlRwl.exe
  C:\Windows\System\KWRlRwl.exe
  2⤵
  PID:1388
- C:\Windows\System\crOnHgC.exe
  C:\Windows\System\crOnHgC.exe
  2⤵
  PID:8292
- C:\Windows\System\aWncidx.exe
  C:\Windows\System\aWncidx.exe
  2⤵
  PID:8336
- C:\Windows\System\zIBQZsJ.exe
  C:\Windows\System\zIBQZsJ.exe
  2⤵
  PID:576
- C:\Windows\System\nUlnMis.exe
  C:\Windows\System\nUlnMis.exe
  2⤵
  PID:2276
- C:\Windows\System\afLpXuG.exe
  C:\Windows\System\afLpXuG.exe
  2⤵
  PID:8200
- C:\Windows\System\OengwtX.exe
  C:\Windows\System\OengwtX.exe
  2⤵
  PID:8208
- C:\Windows\System\ctiAmxj.exe
  C:\Windows\System\ctiAmxj.exe
  2⤵
  PID:8404
- C:\Windows\System\iRMZeCL.exe
  C:\Windows\System\iRMZeCL.exe
  2⤵
  PID:8436
- C:\Windows\System\OEwUitm.exe
  C:\Windows\System\OEwUitm.exe
  2⤵
  PID:8408
- C:\Windows\System\bFTKDwr.exe
  C:\Windows\System\bFTKDwr.exe
  2⤵
  PID:8536
- C:\Windows\System\WKyUnwO.exe
  C:\Windows\System\WKyUnwO.exe
  2⤵
  PID:8552
- C:\Windows\System\gbQvfZq.exe
  C:\Windows\System\gbQvfZq.exe
  2⤵
  PID:8452
- C:\Windows\System\zAbeCJj.exe
  C:\Windows\System\zAbeCJj.exe
  2⤵
  PID:8596
- C:\Windows\System\vtzaQFO.exe
  C:\Windows\System\vtzaQFO.exe
  2⤵
  PID:8604
- C:\Windows\System\azfFRZQ.exe
  C:\Windows\System\azfFRZQ.exe
  2⤵
  PID:8624
- C:\Windows\System\SOCstrl.exe
  C:\Windows\System\SOCstrl.exe
  2⤵
  PID:8640
- C:\Windows\System\aPAtgHI.exe
  C:\Windows\System\aPAtgHI.exe
  2⤵
  PID:8668
- C:\Windows\System\SozxRSK.exe
  C:\Windows\System\SozxRSK.exe
  2⤵
  PID:8688
- C:\Windows\System\quWLbPi.exe
  C:\Windows\System\quWLbPi.exe
  2⤵
  PID:8704
- C:\Windows\System\VnKOucY.exe
  C:\Windows\System\VnKOucY.exe
  2⤵
  PID:8720
- C:\Windows\System\OkRuPIL.exe
  C:\Windows\System\OkRuPIL.exe
  2⤵
  PID:8752
- C:\Windows\System\YctneAG.exe
  C:\Windows\System\YctneAG.exe
  2⤵
  PID:8744
- C:\Windows\System\iRVMoej.exe
  C:\Windows\System\iRVMoej.exe
  2⤵
  PID:8772
- C:\Windows\System\DjgaTfX.exe
  C:\Windows\System\DjgaTfX.exe
  2⤵
  PID:8816
- C:\Windows\System\lWWMmRg.exe
  C:\Windows\System\lWWMmRg.exe
  2⤵
  PID:8852
- C:\Windows\System\oxJgyQA.exe
  C:\Windows\System\oxJgyQA.exe
  2⤵
  PID:8888
- C:\Windows\System\zocuLtm.exe
  C:\Windows\System\zocuLtm.exe
  2⤵
  PID:8860
- C:\Windows\System\eBIOuVc.exe
  C:\Windows\System\eBIOuVc.exe
  2⤵
  PID:8916
- C:\Windows\System\jPakZoZ.exe
  C:\Windows\System\jPakZoZ.exe
  2⤵
  PID:8956
- C:\Windows\System\fwVOcgR.exe
  C:\Windows\System\fwVOcgR.exe
  2⤵
  PID:8984
- C:\Windows\System\Bcyntun.exe
  C:\Windows\System\Bcyntun.exe
  2⤵
  PID:9012
- C:\Windows\System\fIBFCsF.exe
  C:\Windows\System\fIBFCsF.exe
  2⤵
  PID:9036
- C:\Windows\System\eNReflD.exe
  C:\Windows\System\eNReflD.exe
  2⤵
  PID:9064
- C:\Windows\System\LRFYZQy.exe
  C:\Windows\System\LRFYZQy.exe
  2⤵
  PID:9088
- C:\Windows\System\KaZZyha.exe
  C:\Windows\System\KaZZyha.exe
  2⤵
  PID:9124
- C:\Windows\System\BrdtYOF.exe
  C:\Windows\System\BrdtYOF.exe
  2⤵
  PID:9156
- C:\Windows\System\PRLARlx.exe
  C:\Windows\System\PRLARlx.exe
  2⤵
  PID:9144
- C:\Windows\System\eIQaXKf.exe
  C:\Windows\System\eIQaXKf.exe
  2⤵
  PID:7748
- C:\Windows\System\hDoOWUp.exe
  C:\Windows\System\hDoOWUp.exe
  2⤵
  PID:8104
- C:\Windows\System\EWKiIzn.exe
  C:\Windows\System\EWKiIzn.exe
  2⤵
  PID:7732
- C:\Windows\System\VULDyfP.exe
  C:\Windows\System\VULDyfP.exe
  2⤵
  PID:7868
- C:\Windows\System\NTGJwCx.exe
  C:\Windows\System\NTGJwCx.exe
  2⤵
  PID:7832
- C:\Windows\System\ApyethA.exe
  C:\Windows\System\ApyethA.exe
  2⤵
  PID:8120
- C:\Windows\System\rXibLqd.exe
  C:\Windows\System\rXibLqd.exe
  2⤵
  PID:8076
- C:\Windows\System\nqsLvqJ.exe
  C:\Windows\System\nqsLvqJ.exe
  2⤵
  PID:8332
- C:\Windows\System\BdgGqmM.exe
  C:\Windows\System\BdgGqmM.exe
  2⤵
  PID:8244
- C:\Windows\System\iFmjrIo.exe
  C:\Windows\System\iFmjrIo.exe
  2⤵
  PID:8372
- C:\Windows\System\gdQwpZj.exe
  C:\Windows\System\gdQwpZj.exe
  2⤵
  PID:8520
- C:\Windows\System\OXVVgZP.exe
  C:\Windows\System\OXVVgZP.exe
  2⤵
  PID:8932
- C:\Windows\System\gbNcJdq.exe
  C:\Windows\System\gbNcJdq.exe
  2⤵
  PID:8388
- C:\Windows\System\ovuJFoP.exe
  C:\Windows\System\ovuJFoP.exe
  2⤵
  PID:472
- C:\Windows\System\fvWFwGQ.exe
  C:\Windows\System\fvWFwGQ.exe
  2⤵
  PID:8364
- C:\Windows\System\OyJvZLi.exe
  C:\Windows\System\OyJvZLi.exe
  2⤵
  PID:2160
- C:\Windows\System\BFoioBg.exe
  C:\Windows\System\BFoioBg.exe
  2⤵
  PID:8384
- C:\Windows\System\vToHvme.exe
  C:\Windows\System\vToHvme.exe
  2⤵
  PID:7244
- C:\Windows\System\XawryLL.exe
  C:\Windows\System\XawryLL.exe
  2⤵
  PID:7920
- C:\Windows\System\totkbFA.exe
  C:\Windows\System\totkbFA.exe
  2⤵
  PID:8756
- C:\Windows\System\numzKjT.exe
  C:\Windows\System\numzKjT.exe
  2⤵
  PID:8548
- C:\Windows\System\WSeuCxp.exe
  C:\Windows\System\WSeuCxp.exe
  2⤵
  PID:8620
- C:\Windows\System\KAXdrhq.exe
  C:\Windows\System\KAXdrhq.exe
  2⤵
  PID:8972
- C:\Windows\System\eDIJfcb.exe
  C:\Windows\System\eDIJfcb.exe
  2⤵
  PID:8652
- C:\Windows\System\lxEYbqc.exe
  C:\Windows\System\lxEYbqc.exe
  2⤵
  PID:8696
- C:\Windows\System\GcObhXe.exe
  C:\Windows\System\GcObhXe.exe
  2⤵
  PID:8732
- C:\Windows\System\XivhRlW.exe
  C:\Windows\System\XivhRlW.exe
  2⤵
  PID:8840
- C:\Windows\System\pYJQzuU.exe
  C:\Windows\System\pYJQzuU.exe
  2⤵
  PID:8908
- C:\Windows\System\sDGpZPx.exe
  C:\Windows\System\sDGpZPx.exe
  2⤵
  PID:9020
- C:\Windows\System\mViIHhS.exe
  C:\Windows\System\mViIHhS.exe
  2⤵
  PID:9108
- C:\Windows\System\gNayzKF.exe
  C:\Windows\System\gNayzKF.exe
  2⤵
  PID:8952
- C:\Windows\System\aHODQqt.exe
  C:\Windows\System\aHODQqt.exe
  2⤵
  PID:9104
- C:\Windows\System\aXFihsO.exe
  C:\Windows\System\aXFihsO.exe
  2⤵
  PID:7400
- C:\Windows\System\eSIYNMw.exe
  C:\Windows\System\eSIYNMw.exe
  2⤵
  PID:8256
- C:\Windows\System\BgQgVnx.exe
  C:\Windows\System\BgQgVnx.exe
  2⤵
  PID:6832
- C:\Windows\System\aRMnSDQ.exe
  C:\Windows\System\aRMnSDQ.exe
  2⤵
  PID:8172
- C:\Windows\System\cPkaGcU.exe
  C:\Windows\System\cPkaGcU.exe
  2⤵
  PID:8280
- C:\Windows\System\CpdWmgM.exe
  C:\Windows\System\CpdWmgM.exe
  2⤵
  PID:8592
- C:\Windows\System\YvqqnAv.exe
  C:\Windows\System\YvqqnAv.exe
  2⤵
  PID:8716
- C:\Windows\System\iJgRqJx.exe
  C:\Windows\System\iJgRqJx.exe
  2⤵
  PID:8420
- C:\Windows\System\aeztBRX.exe
  C:\Windows\System\aeztBRX.exe
  2⤵
  PID:8352
- C:\Windows\System\TaKVNfi.exe
  C:\Windows\System\TaKVNfi.exe
  2⤵
  PID:8812
- C:\Windows\System\qPjRIqh.exe
  C:\Windows\System\qPjRIqh.exe
  2⤵
  PID:9008
- C:\Windows\System\GXJXVfq.exe
  C:\Windows\System\GXJXVfq.exe
  2⤵
  PID:7752
- C:\Windows\System\COsPNST.exe
  C:\Windows\System\COsPNST.exe
  2⤵
  PID:8660
- C:\Windows\System\cQaUUey.exe
  C:\Windows\System\cQaUUey.exe
  2⤵
  PID:8616
- C:\Windows\System\jVkZFGJ.exe
  C:\Windows\System\jVkZFGJ.exe
  2⤵
  PID:7944
- C:\Windows\System\CyXpxCx.exe
  C:\Windows\System\CyXpxCx.exe
  2⤵
  PID:8876
- C:\Windows\System\rNNBhcW.exe
  C:\Windows\System\rNNBhcW.exe
  2⤵
  PID:9176
- C:\Windows\System\TNfoaWL.exe
  C:\Windows\System\TNfoaWL.exe
  2⤵
  PID:9180
- C:\Windows\System\yNFTFGQ.exe
  C:\Windows\System\yNFTFGQ.exe
  2⤵
  PID:8240
- C:\Windows\System\AqBEnKP.exe
  C:\Windows\System\AqBEnKP.exe
  2⤵
  PID:8664
- C:\Windows\System\zEnYByg.exe
  C:\Windows\System\zEnYByg.exe
  2⤵
  PID:8308
- C:\Windows\System\eUCICZl.exe
  C:\Windows\System\eUCICZl.exe
  2⤵
  PID:7188
- C:\Windows\System\YuFOKyW.exe
  C:\Windows\System\YuFOKyW.exe
  2⤵
  PID:9072
- C:\Windows\System\SnUExMN.exe
  C:\Windows\System\SnUExMN.exe
  2⤵
  PID:8680
- C:\Windows\System\nZrYpQe.exe
  C:\Windows\System\nZrYpQe.exe
  2⤵
  PID:8968
- C:\Windows\System\puwNanO.exe
  C:\Windows\System\puwNanO.exe
  2⤵
  PID:9024
- C:\Windows\System\dYBpZjo.exe
  C:\Windows\System\dYBpZjo.exe
  2⤵
  PID:8532
- C:\Windows\System\NImDiOs.exe
  C:\Windows\System\NImDiOs.exe
  2⤵
  PID:8584
- C:\Windows\System\DfjMXtm.exe
  C:\Windows\System\DfjMXtm.exe
  2⤵
  PID:8912
- C:\Windows\System\KQjxPYt.exe
  C:\Windows\System\KQjxPYt.exe
  2⤵
  PID:9212
- C:\Windows\System\ukTiJmL.exe
  C:\Windows\System\ukTiJmL.exe
  2⤵
  PID:9232
- C:\Windows\System\guXGkDn.exe
  C:\Windows\System\guXGkDn.exe
  2⤵
  PID:9248
- C:\Windows\System\uvNiItX.exe
  C:\Windows\System\uvNiItX.exe
  2⤵
  PID:9264
- C:\Windows\System\ohAOIuS.exe
  C:\Windows\System\ohAOIuS.exe
  2⤵
  PID:9280
- C:\Windows\System\KzJWAAp.exe
  C:\Windows\System\KzJWAAp.exe
  2⤵
  PID:9296
- C:\Windows\System\VZnQnex.exe
  C:\Windows\System\VZnQnex.exe
  2⤵
  PID:9312
- C:\Windows\System\ayQEtjQ.exe
  C:\Windows\System\ayQEtjQ.exe
  2⤵
  PID:9328
- C:\Windows\System\YTIGAUD.exe
  C:\Windows\System\YTIGAUD.exe
  2⤵
  PID:9344
- C:\Windows\System\NcbKzrS.exe
  C:\Windows\System\NcbKzrS.exe
  2⤵
  PID:9360
- C:\Windows\System\FZJzYzL.exe
  C:\Windows\System\FZJzYzL.exe
  2⤵
  PID:9376
- C:\Windows\System\NMlUpYz.exe
  C:\Windows\System\NMlUpYz.exe
  2⤵
  PID:9392
- C:\Windows\System\bzCuQnX.exe
  C:\Windows\System\bzCuQnX.exe
  2⤵
  PID:9408
- C:\Windows\System\FLgwmGV.exe
  C:\Windows\System\FLgwmGV.exe
  2⤵
  PID:9424
- C:\Windows\System\olUADkA.exe
  C:\Windows\System\olUADkA.exe
  2⤵
  PID:9440
- C:\Windows\System\ePZqcIn.exe
  C:\Windows\System\ePZqcIn.exe
  2⤵
  PID:9464
- C:\Windows\System\DmQZwtR.exe
  C:\Windows\System\DmQZwtR.exe
  2⤵
  PID:9484
- C:\Windows\System\ARNqoky.exe
  C:\Windows\System\ARNqoky.exe
  2⤵
  PID:9500
- C:\Windows\System\HYxpxnu.exe
  C:\Windows\System\HYxpxnu.exe
  2⤵
  PID:9516
- C:\Windows\System\zlniukh.exe
  C:\Windows\System\zlniukh.exe
  2⤵
  PID:9532
- C:\Windows\System\HWFCMpx.exe
  C:\Windows\System\HWFCMpx.exe
  2⤵
  PID:9548
- C:\Windows\System\pOgdlCp.exe
  C:\Windows\System\pOgdlCp.exe
  2⤵
  PID:9564
- C:\Windows\System\kAlDqcs.exe
  C:\Windows\System\kAlDqcs.exe
  2⤵
  PID:9580
- C:\Windows\System\umlRyRp.exe
  C:\Windows\System\umlRyRp.exe
  2⤵
  PID:9612
- C:\Windows\System\ARzcOdd.exe
  C:\Windows\System\ARzcOdd.exe
  2⤵
  PID:9628
- C:\Windows\System\FjnqTdY.exe
  C:\Windows\System\FjnqTdY.exe
  2⤵
  PID:9644
- C:\Windows\System\wtZWWbk.exe
  C:\Windows\System\wtZWWbk.exe
  2⤵
  PID:9660
- C:\Windows\System\GLTxqIY.exe
  C:\Windows\System\GLTxqIY.exe
  2⤵
  PID:9676
- C:\Windows\System\yutvMOP.exe
  C:\Windows\System\yutvMOP.exe
  2⤵
  PID:9696
- C:\Windows\System\KDdEOGE.exe
  C:\Windows\System\KDdEOGE.exe
  2⤵
  PID:9716
- C:\Windows\System\OStqNuA.exe
  C:\Windows\System\OStqNuA.exe
  2⤵
  PID:9744
- C:\Windows\System\CXTqPad.exe
  C:\Windows\System\CXTqPad.exe
  2⤵
  PID:9800
- C:\Windows\System\PcVbOig.exe
  C:\Windows\System\PcVbOig.exe
  2⤵
  PID:9816
- C:\Windows\System\oGkCNHN.exe
  C:\Windows\System\oGkCNHN.exe
  2⤵
  PID:9832
- C:\Windows\System\JdDgJxK.exe
  C:\Windows\System\JdDgJxK.exe
  2⤵
  PID:9848
- C:\Windows\System\BVRfSba.exe
  C:\Windows\System\BVRfSba.exe
  2⤵
  PID:9864
- C:\Windows\System\MKzwSqM.exe
  C:\Windows\System\MKzwSqM.exe
  2⤵
  PID:9880
- C:\Windows\System\WgyVgrM.exe
  C:\Windows\System\WgyVgrM.exe
  2⤵
  PID:9900
- C:\Windows\System\WuJycXg.exe
  C:\Windows\System\WuJycXg.exe
  2⤵
  PID:9916
- C:\Windows\System\miqboFE.exe
  C:\Windows\System\miqboFE.exe
  2⤵
  PID:9932
- C:\Windows\System\ROTKAmE.exe
  C:\Windows\System\ROTKAmE.exe
  2⤵
  PID:9948
- C:\Windows\System\jmeWdco.exe
  C:\Windows\System\jmeWdco.exe
  2⤵
  PID:9964
- C:\Windows\System\nbpGvqb.exe
  C:\Windows\System\nbpGvqb.exe
  2⤵
  PID:9980
- C:\Windows\System\fpaOaQZ.exe
  C:\Windows\System\fpaOaQZ.exe
  2⤵
  PID:9996
- C:\Windows\System\MgiBXzL.exe
  C:\Windows\System\MgiBXzL.exe
  2⤵
  PID:10012
- C:\Windows\System\llNsOtx.exe
  C:\Windows\System\llNsOtx.exe
  2⤵
  PID:10028
- C:\Windows\System\ZuvyrNg.exe
  C:\Windows\System\ZuvyrNg.exe
  2⤵
  PID:10044
- C:\Windows\System\SYnlTLD.exe
  C:\Windows\System\SYnlTLD.exe
  2⤵
  PID:10060
- C:\Windows\System\tgZrRkK.exe
  C:\Windows\System\tgZrRkK.exe
  2⤵
  PID:10076
- C:\Windows\System\oLEVTRN.exe
  C:\Windows\System\oLEVTRN.exe
  2⤵
  PID:10092
- C:\Windows\System\YNcnAjs.exe
  C:\Windows\System\YNcnAjs.exe
  2⤵
  PID:10108
- C:\Windows\System\AEgebUg.exe
  C:\Windows\System\AEgebUg.exe
  2⤵
  PID:10124
- C:\Windows\System\JRmDqHu.exe
  C:\Windows\System\JRmDqHu.exe
  2⤵
  PID:10140
- C:\Windows\System\zshGEGn.exe
  C:\Windows\System\zshGEGn.exe
  2⤵
  PID:10156
- C:\Windows\System\XaBCnBV.exe
  C:\Windows\System\XaBCnBV.exe
  2⤵
  PID:10172
- C:\Windows\System\pHeWOJA.exe
  C:\Windows\System\pHeWOJA.exe
  2⤵
  PID:10188
- C:\Windows\System\YxGEtZW.exe
  C:\Windows\System\YxGEtZW.exe
  2⤵
  PID:10204
- C:\Windows\System\ybDrNss.exe
  C:\Windows\System\ybDrNss.exe
  2⤵
  PID:10220
- C:\Windows\System\QkNjIDn.exe
  C:\Windows\System\QkNjIDn.exe
  2⤵
  PID:10236
- C:\Windows\System\ezMXKbY.exe
  C:\Windows\System\ezMXKbY.exe
  2⤵
  PID:9256
- C:\Windows\System\JPcDmmM.exe
  C:\Windows\System\JPcDmmM.exe
  2⤵
  PID:9240
- C:\Windows\System\Fewjcal.exe
  C:\Windows\System\Fewjcal.exe
  2⤵
  PID:9304
- C:\Windows\System\tgkRfUQ.exe
  C:\Windows\System\tgkRfUQ.exe
  2⤵
  PID:9128
- C:\Windows\System\LRiWoyt.exe
  C:\Windows\System\LRiWoyt.exe
  2⤵
  PID:9356
- C:\Windows\System\sHQTFOa.exe
  C:\Windows\System\sHQTFOa.exe
  2⤵
  PID:9420
- C:\Windows\System\fgGEXxx.exe
  C:\Windows\System\fgGEXxx.exe
  2⤵
  PID:9224
- C:\Windows\System\IFmiWVi.exe
  C:\Windows\System\IFmiWVi.exe
  2⤵
  PID:9436
- C:\Windows\System\nllFevU.exe
  C:\Windows\System\nllFevU.exe
  2⤵
  PID:9448
- C:\Windows\System\wvmHISF.exe
  C:\Windows\System\wvmHISF.exe
  2⤵
  PID:9492
- C:\Windows\System\FXQtHgZ.exe
  C:\Windows\System\FXQtHgZ.exe
  2⤵
  PID:9588
- C:\Windows\System\tuJliyv.exe
  C:\Windows\System\tuJliyv.exe
  2⤵
  PID:9592
- C:\Windows\System\sQGrIRl.exe
  C:\Windows\System\sQGrIRl.exe
  2⤵
  PID:9472
- C:\Windows\System\mmhLaqb.exe
  C:\Windows\System\mmhLaqb.exe
  2⤵
  PID:9512
- C:\Windows\System\TBWOoiq.exe
  C:\Windows\System\TBWOoiq.exe
  2⤵
  PID:9636
- C:\Windows\System\xTotETG.exe
  C:\Windows\System\xTotETG.exe
  2⤵
  PID:9624
- C:\Windows\System\MfGcYds.exe
  C:\Windows\System\MfGcYds.exe
  2⤵
  PID:9668
- C:\Windows\System\cKrgzDB.exe
  C:\Windows\System\cKrgzDB.exe
  2⤵
  PID:9692
- C:\Windows\System\RmGuamM.exe
  C:\Windows\System\RmGuamM.exe
  2⤵
  PID:9732
- C:\Windows\System\tSpbJhl.exe
  C:\Windows\System\tSpbJhl.exe
  2⤵
  PID:9672
- C:\Windows\System\snilVQT.exe
  C:\Windows\System\snilVQT.exe
  2⤵
  PID:9764
- C:\Windows\System\VbBUnZg.exe
  C:\Windows\System\VbBUnZg.exe
  2⤵
  PID:9828
- C:\Windows\System\yvtUuss.exe
  C:\Windows\System\yvtUuss.exe
  2⤵
  PID:9784
- C:\Windows\System\GRIyaGs.exe
  C:\Windows\System\GRIyaGs.exe
  2⤵
  PID:9844
- C:\Windows\System\TvKIQIT.exe
  C:\Windows\System\TvKIQIT.exe
  2⤵
  PID:9876
- C:\Windows\System\HobCnpU.exe
  C:\Windows\System\HobCnpU.exe
  2⤵
  PID:9780
- C:\Windows\System\aMHyrNc.exe
  C:\Windows\System\aMHyrNc.exe
  2⤵
  PID:9972
- C:\Windows\System\HwBzeXU.exe
  C:\Windows\System\HwBzeXU.exe
  2⤵
  PID:9928
- C:\Windows\System\cpMVNNC.exe
  C:\Windows\System\cpMVNNC.exe
  2⤵
  PID:10020
- C:\Windows\System\VETSJlj.exe
  C:\Windows\System\VETSJlj.exe
  2⤵
  PID:10004
- C:\Windows\System\FKniNuh.exe
  C:\Windows\System\FKniNuh.exe
  2⤵
  PID:10068
- C:\Windows\System\pdeiqqC.exe
  C:\Windows\System\pdeiqqC.exe
  2⤵
  PID:10196
- C:\Windows\System\qSSwFxl.exe
  C:\Windows\System\qSSwFxl.exe
  2⤵
  PID:8896
- C:\Windows\System\yfpgIpz.exe
  C:\Windows\System\yfpgIpz.exe
  2⤵
  PID:9416
- C:\Windows\System\fNxdbyQ.exe
  C:\Windows\System\fNxdbyQ.exe
  2⤵
  PID:10152
- C:\Windows\System\YautJYv.exe
  C:\Windows\System\YautJYv.exe
  2⤵
  PID:10120
- C:\Windows\System\IGIESWY.exe
  C:\Windows\System\IGIESWY.exe
  2⤵
  PID:10216
- C:\Windows\System\CQAwiWf.exe
  C:\Windows\System\CQAwiWf.exe
  2⤵
  PID:8844
- C:\Windows\System\lSsKRKs.exe
  C:\Windows\System\lSsKRKs.exe
  2⤵
  PID:9352
- C:\Windows\System\mZgUhpo.exe
  C:\Windows\System\mZgUhpo.exe
  2⤵
  PID:10084
- C:\Windows\System\teVzDRw.exe
  C:\Windows\System\teVzDRw.exe
  2⤵
  PID:9544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BSzWfWr.exe

Filesize
6.0MB

MD5
0f69b5d327f34b98c1a7bcaf70afa1b6

SHA1
8cc5e7dede5104d530dc79cddd1c5e33c9c164cb

SHA256
1b12317ab487d25ba6a423b283353080082b83ed7b5b93a4deba223251c98af5

SHA512
5a30a41ece83e0d9e2af089713e5f7056f2dc02cf3055ca8986d9aa1a472137f27e7d91207adf9ab4164bfbf617ee7e00ddc469cfeddecfba0382f48b1b3bea5

Download Submit
C:\Windows\system\BkwJdEz.exe

Filesize
6.0MB

MD5
77946f39c52741f6965b6e5d3bc1f82e

SHA1
6156deb8422e4c8ca77ef29277e14180704b72bd

SHA256
01435f82b6c93fc54e27d01daf75d027eb5be005b0d7e161db6064ce0568e501

SHA512
f78af12cce7e6b5eb55d578a949a204fd1397e627c01a628953ed880ac03454db0ad8a0cc408ec69e3d58ae028998419bac76cc8e6fbd72ec031fe8d7aca1f66

Download Submit
C:\Windows\system\GFRRGIP.exe

Filesize
6.0MB

MD5
bab866d60f084b404c7b36677c9e3a23

SHA1
f029171c225b57909f892a446c4c40801d32dfd3

SHA256
b9026049355c253f372db11127f1ac550e6b643ceedd9dd844d393c4a4ab095f

SHA512
eafd32552589d2280484f34a1b77d86ffc29e28c9cdbf93f8bcb7b2e90c5db2cf908bf4b0389439763fd030fbbcf1f25bf184afb411a9b27fc031f39aeb1a0d7

Download Submit
C:\Windows\system\MeFXtMU.exe

Filesize
6.0MB

MD5
1b4255f4add187a137ce7d2172b5baa1

SHA1
c8d5b473b2bbbd2d7d785b5cf11112fa7fbb4f20

SHA256
52bb5003e91017aa5d2a3999642fccbafa6e228538642d5bab4557c789282bf7

SHA512
af67795f2754bd4c1c642cc79da0dcf5ecdc8f3d533745502b14c2692bf8f74f4b5a8073588b64eb323d0b06abf6e4682033e426632837235a17347ae7c37818

Download Submit
C:\Windows\system\Nenqztr.exe

Filesize
6.0MB

MD5
5f77d53eb6e2ba8fc48335f50c4260af

SHA1
a55d44036c012740995e4e67259278bff92d6977

SHA256
3e0fbc23286fc64313e155e0f6072be813f18565804227a2ea8e4a5ff93ff108

SHA512
e139600c4c9fdebf3f7d7b7877e40b2069f125ebf4820ceb3c316c049cf675f458452265dd0d76f2210059c581f1759f47bbf22e960a03de89dbae07cb4b3044

Download Submit
C:\Windows\system\RFzbQbE.exe

Filesize
6.0MB

MD5
2839e621ed62a54ee666ad84b0f13698

SHA1
05c8a46346dde2ff84601b761311cdb728c5d778

SHA256
095683c5b8e7ac4fdc30757234384315a0b36736a4532be1c44d09f1d03171bb

SHA512
311cc4a84cb148e1a3f9daeaf6f7ca2e5ffc1077d352376d716364ee12073af489a80e4e5fa6acdff0234e9c45d47762bed775e86e1a1f5261ec0a8b776d305f

Download Submit
C:\Windows\system\WQRZpAy.exe

Filesize
6.0MB

MD5
313b122e5f819cc796fd5c92a449a4a2

SHA1
5c695cef6c8db1ff35703abf272566b07a3e01f5

SHA256
23f7dd7c4f619924f3f6f1f762b34b70b864271eeb01a21761732ab8d7fce3c5

SHA512
596289c3ca981379ac4c339b12ad318924c26b71263475e2375c670ad41ca9632c299c1d0019f5aec52239322585fd80ee1192fc62085d72b6c12cf3b9bf66ac

Download Submit
C:\Windows\system\YEHGBgh.exe

Filesize
6.0MB

MD5
d2ccb89a00f07d3b3f11de78a5d83649

SHA1
774c40a64800e01db0d7e36b5f78ab01e541c80e

SHA256
b97e4f90c922f860611fdc7141b5b599000ade4e717f319e1f2259812a182d20

SHA512
d44bc6f4fd5f044046f3fee9f34249bbfc315286cd79ff276a66fcff386a8ec4cf20fadd3c56f6e2a95aa95308d64d469094c28c0fe3e66569f0c5a5bf41f474

Download Submit
C:\Windows\system\YtPYmyZ.exe

Filesize
6.0MB

MD5
f47227c486ecf36bf526dfc6db8aaaaf

SHA1
94df0ca400a8220f0b8df9e21ed37c3b290dc3e6

SHA256
b66411f5c09128642b024ca000d06dfa8d1ede4a22521ad8db30582da456644e

SHA512
37be8b1ad96f0011ca4c1281d356a62a4d03b21af0a264d09a48e1e5f6a6767b9f3304dde01a14629cde6840f1b992d05cdd5b12f568b65a1e344458ace3497e

Download Submit
C:\Windows\system\ZAHeUNj.exe

Filesize
6.0MB

MD5
2c7d8db0f073b7e728786450c90c2e31

SHA1
a3d8a7885bb35498ccf0f5e649d89839646a5c24

SHA256
06ab2579c1e993f3f5524a3c6159ef8ddf37844bffcca68e394e50da0b20d671

SHA512
2a2898e0304ea5a70a5f4cc43d4fee88a399bfd359d59059b2438858ca9410ac1cc1b776376de741b43a29aaaa3d6af822da43e1e8850b6740d09c309adad764

Download Submit
C:\Windows\system\ZHSgVpz.exe

Filesize
6.0MB

MD5
4170e025d899cd021113bfd11e8e3efb

SHA1
797247abe720ecd50d5d96fb1aebcd6bd3aaada3

SHA256
8a015371079516419189b56fa6b564bf71431bc9076f614b1d71d0645d712c0f

SHA512
bfeb1db3653dff36878781a24802a38109e0c62ca4a8e200b68af165351fab7abb8cb28451dedd49d3d3e504b36b5165a43b834efa0eb928eace39a706ed3c98

Download Submit
C:\Windows\system\ZPAKAHt.exe

Filesize
6.0MB

MD5
9ff7219ac75532b3fbcf5254839a0a7f

SHA1
eb98967b235ee9f8bb879b273c79d7760fea7db4

SHA256
5ee37ffeea15a6526db831a0ba8e4a6401c4f986ba796b437cedda4c23ae5b00

SHA512
3365096fd64874a90c268aa6c003871f25da528d75043569d13ace198345e26eef0057c793673ceb2ed7f3a195e5c71661c8ebffa1592667276a4d0628151b9e

Download Submit
C:\Windows\system\ahAMcAw.exe

Filesize
6.0MB

MD5
ce221e336500dcfb798e776df110ee05

SHA1
ed07088850fe024c8df04cf34e9df1094f777d4e

SHA256
10fbbe06ac59458fd0bc16a7b77f0b23d0e7d826bf29986ed64cdfa9d11e452f

SHA512
973888fb3a050c4110fd1dfb49f8b3073dc92001acba5d5fdac3d5c7786e4a449b83864472ee447907a84ef66dbc8983c4cc97a5476bde1b192d5c2889e6f793

Download Submit
C:\Windows\system\cTVGgmb.exe

Filesize
6.0MB

MD5
98550b0c31ab5f4d5587583951771b0e

SHA1
6b84fdf19eff7593d78974f57b922a33656f5c49

SHA256
1e0775cb9b1cdfc57d294f83f0db2047537068d800eb1cbc606f4a11728e2191

SHA512
cf6e668576b2e595aec42ab5452d9b37414ab7484f54a42cf97d984da2cc5e3d38ec0c60a8ee86348fac993d833be84107a777d72b4b6718b511b825c78b1d32

Download Submit
C:\Windows\system\cwdYrbK.exe

Filesize
6.0MB

MD5
1032ed8b385be8db7fdc7efbc8249d33

SHA1
450b49a8365b79a79ceacdd4514a1fc09bb5ddb5

SHA256
a00c3546e95df75c1ea7fd249c1ce0d2827611798d867b0702ec244cde68cb15

SHA512
82e0dbfc49b091c556a7a2dc3026a35d2231316aef32c594a307ffedd2d07f3c39eaf8712aab739ca8e86cba493cdf956891ab5ef7053ae6909f97306a022c71

Download Submit
C:\Windows\system\fUMjKbn.exe

Filesize
6.0MB

MD5
7733a308d30af84611b5ace780979598

SHA1
6124b6bbba05557a10aed7e0d7af1941581e14ef

SHA256
2620baa6628e758071b312d3e2aa9f54d3672da342a7e6c35a2ba7d218e14101

SHA512
5dc508ab7f5e9617a17881a8038e5abee824d888bc880a8c222df844793af5c14abd69c9177de4defe462cf2d51069740ae8e53aea313fdeef8cf83de78c6033

Download Submit
C:\Windows\system\glWDCes.exe

Filesize
6.0MB

MD5
7f015957dde9a756ec0d04a6db28bbdd

SHA1
8f0ac08196538e8dedd5489d432f8e2063bf531a

SHA256
9cc51bed31ac69c686ae530897916aaf9dba4eb0aef589c16159c679a106fe13

SHA512
8ce89c174718fb816a5334d14f5c5d51d7d9f940b0d3f0780177674733f5910e9cd0ed2524e8fc96d8a6fdd8d0b0abd81df041f5cb320ca5a2b0d2d47fe4def0

Download Submit
C:\Windows\system\hJJXjEt.exe

Filesize
6.0MB

MD5
1df8279104e89ad4e97a82f4102f79ae

SHA1
80c71dfb8e5fd17f32c17e870a5cb66d533117c7

SHA256
b4fd1b3796ab2ef1510008d5ee6bb822be7de33017a56b0cb9950430a6a7dc66

SHA512
f40ed26eb74d3cde6a8a3894fc382c8fe1d0535e7691a9b5f5969834a5e9df35f9196788b0b54fcdf7f863eddb8dcdae07d5e2ef4d5ccbc0d5844ddbf19c39d2

Download Submit
C:\Windows\system\hQsNIFH.exe

Filesize
6.0MB

MD5
1cc892af1b842931be30c3eac80f8d60

SHA1
e19e0a74768f4aecf2726ff5d83d114c5e1ac217

SHA256
0f144e7ff2668f6fe78588008c2257cc2c28e66b5b8ee4d609296dcfe8423d11

SHA512
b82a186add8093fd3178dc6c01f35da8137a1c6b931c100bf0ab4cc754a546c3be6f8374dde8f5e9850a8a2c71eb0353b00828bea23c5a9ed4a927f304786f66

Download Submit
C:\Windows\system\hZJoXJb.exe

Filesize
6.0MB

MD5
59b07278a10391ec02c1efee4cf3ec48

SHA1
b3976d2dd1c918b0c8bec9621f80e597d802ddcc

SHA256
93f3782a823331f5869df49a4b3f95a8ce22e61c95a7b8bbb6ce911dab157618

SHA512
b72a9e96cafe02ab488225988dae1481f5fdf5bf00b6acd4fae2c9fb8238bdc5f6e5ddfbef25dd33b8d7efa3aa037210de9a3879a8413be96d3981a45c3aebfd

Download Submit
C:\Windows\system\oZfGSnH.exe

Filesize
6.0MB

MD5
abd9b9d3ef8be4b8dbc4a3731d49b20a

SHA1
b91074b135370e4fc0e0be2fa41f5ebc247540a6

SHA256
d8c059a8650a1c0182a3de4041135f4389f4044e4b6b8e8ceb224905257261c7

SHA512
3c441a1e13992ea4aaf62a68d7bb4ec5bd540a1cfb0ccd269c5336ba81602dfd26cf0968d9a238c69d74db2b31654e21053eb1d152833f415a4aa8a03cbd59c6

Download Submit
C:\Windows\system\pFgWmGK.exe

Filesize
6.0MB

MD5
aa38d0eddc3d6146463616da8d41b7ac

SHA1
51351736e89076b20568203bdf8728aa568b2b54

SHA256
71b5d552c389eeb2e5dc9a81266db24820befa61820445e4976b75ad9d7a4b96

SHA512
f1896c2108f6a9f77e6fa9529c52857423e8aed96ba0236997148e5b7e79d3d68cfebabe2f75e70b4ecd9ca27645c7a29f7402ed7cae54c68b9c887eee77f298

Download Submit
C:\Windows\system\qElHVUD.exe

Filesize
6.0MB

MD5
a80c331bdb149c6e90e00e82a78eed78

SHA1
2561197323b1201adc45fb225a425847fd77c3b9

SHA256
3d414e30d9f680607bd5669faf742ef42bf9c48100a0737dcae153b567fee31f

SHA512
e045204422840ace6ebd70cda9026509eb812c0a710165d53af96f7216413989128017b475c4bdb6218331c5f0b5170588f8ab1517710a35d1a6ad0ad11b2449

Download Submit
C:\Windows\system\qxviOGU.exe

Filesize
6.0MB

MD5
a4b59734f00ec9ff478bf0f14301dd0f

SHA1
08ac82db7125bc191048894690ead7ee4c56a947

SHA256
ad7b84843e3b60997ba8c85a3bb3649b530b54d86fd1cd79e299e4f139cf408a

SHA512
569b6d1fc7094820d74ce6dfaf65e709b9a936176e763becc161fe0862edcf98c7cfc8d8cecaf8cc964ef197b541514479355ff02760ea7047ec3ae6142e5016

Download Submit
C:\Windows\system\rilgwzY.exe

Filesize
6.0MB

MD5
107658d32bc65848c89bd959b0e9cd5e

SHA1
302de59514f82d4ee7314463551df23a7f5d8a09

SHA256
013ccf7a92a759b1087c8d3b542d166ccaeb67bb35a0eef54a3cdce26199fa20

SHA512
63a814d0541342ba088b3918f023dd333743ffb39683ce13d81e22b83b8ac537ea260a64fbe03f2fb06a837654040882bcb318f965de569718461e80e074bc19

Download Submit
C:\Windows\system\tXaTzJe.exe

Filesize
6.0MB

MD5
8cdc3dfdbde91cff243694599e81c271

SHA1
9516c7a781881055fdee11e25019513a76fdd5ad

SHA256
7056e6f47a258c9611e918dfe8f08398cfd52ab9bf4bf566c09c6ba8e8459cf7

SHA512
75616170481d47c03bad0bea7874df8726a10e99325cd2b67401f0643b329195422a5d7fb9491bda94a7bb71bc893b7d53a86a332b6b6263b2364cb3b250c02a

Download Submit
C:\Windows\system\vpeSOtY.exe

Filesize
6.0MB

MD5
ab94be94909544329cce3d208dd7e602

SHA1
1ef0bce33a94ce31071e1a0aab74809dacf6e785

SHA256
26d3d0daebaf86dd63f6856dbc5260562c67a9424a371b9e1c54cc74e3845aa2

SHA512
88752c0da9a6fd00128141876e13a960ea6a007e2020d7b4c50a85e2e3007e62751959ce4944c196bc8c8ed7c3501edcc5d8f25425471ddad2fc595f62ee0513

Download Submit
C:\Windows\system\xxBiCYr.exe

Filesize
6.0MB

MD5
28536e83d8f3a3ce07b53a61c6877266

SHA1
0b9fc80fe71c0ea31b84a33c7c84813b9b3756fb

SHA256
8e1e6a9fd1df1ae977bfbfd7d5d428d71afaa81a4699f33dc00da0f1e45d956f

SHA512
086adef13a20ee3070bb72f93687656fb1fba6fe4f852427e976969bd73c43c909922f114539ebe49a90ae231c1e184ec90da5d9a36383aa611e1a9be050c92d

Download Submit
C:\Windows\system\znoAvLE.exe

Filesize
6.0MB

MD5
fc4f1c549216008d0bb378c3e9bff9b3

SHA1
d89c4ec6200a951ef0cc04be4ff85d9930419451

SHA256
c12871af931b1455b511b0ee215e2039b8ae23fc96a16f0be87ca2c6d0d5cfc3

SHA512
d8b90455022e4648bdf52d3b45d7551f7a516adb6d55407808d5abce02cab290b2474d1edfe1b3dba071ec0f0bc967debb940f5414a62cde90b4bed2c7cbf14f

Download Submit
\Windows\system\BivWCYb.exe

Filesize
6.0MB

MD5
f45c8b76881a5a59ae0db97afed35723

SHA1
3cb5624aa26c0997d2f7a03baa221ef5a87fce71

SHA256
537c71f236e3cf73625a985d3677bd264fd1787e579fe0580d6444b96b25c6cf

SHA512
f0adee95af65dbcfda076ca0796a4e3892f3d123ee7ef0622dcadb20a6d5a26e29a349c9f05191e49fee241af66d968ba3a82f5877248c7f3c46184bda27af16

Download Submit
\Windows\system\KvLwYlx.exe

Filesize
6.0MB

MD5
1f91665d6e4f23de22023acd84d5d6d8

SHA1
b1d1d971d2a4e04cc24cc12a847dd2844895fba3

SHA256
bd9bfa3a745b803c96529164c113551164e14048279293a021aa6f6ca6a0980d

SHA512
f7648d1ffdfec0f9f5e44ba41196bc7fa99b97223f4c23f36632249699863c233c1197e0d8064d1035f75d0deb68d2b89af0a8279ec492e495dcc081cf6b56a7

Download Submit
\Windows\system\LTbrHhm.exe

Filesize
6.0MB

MD5
ff49ad4b0995433caadfa244faa10c74

SHA1
c169d04af6edd82c7184ced062088164817d4827

SHA256
13bafdb2aff0c51f3b0b73eb174ead6cc209286ea4363263304894024009b554

SHA512
9433af390f853b259c95ca45f24798334a3985d2048bbed67f3c9d205a26db678d086f75404a806d38ab4a43ab019dbe88b2cb690b096efdf87c93da366c712d

Download Submit
\Windows\system\siOKUdb.exe

Filesize
6.0MB

MD5
8a6920574ff92d6c1baf3e65818858ce

SHA1
b79be8cd6f38680e4d595e72670b582cf2672dd1

SHA256
f0e0e07a79137c97ccf1a0e439883a4afadf34e242e4622ffbaf969031e8edff

SHA512
34b89d678161059d8567ccc77f7e43cd44d758961ff15e9ae539a836196341eae718711c5636311c58a7bc442cec39145d5725030bfdc5060afb00f8ec1aa444

Download Submit
\Windows\system\uNwyPDV.exe

Filesize
6.0MB

MD5
78fb8f425a03926e4318d90a8880e556

SHA1
b99136481ea2b5252311420c0567006c8812ed4e

SHA256
195e32086c6d03c68f1e93af734acbfc01b767b28c8c8e57f2023a08edebf9c8

SHA512
9723d4d9323b747602520ad2c93f92e4efdaace1ef055999b7b4005eb1c365abd7bfe101bcf984bf083c20734e896d0b5508736ef5a59805341cd173f061db88

Download Submit
memory/540-2044-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/540-3951-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/1128-2380-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/1128-3977-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2268-2468-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2268-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2268-2455-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2268-2462-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2268-2043-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-2027-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-2477-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2268-2383-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2268-0-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2268-2052-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2268-2472-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-3972-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2288-4160-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2041-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3958-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-2036-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3931-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2688-2446-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2716-2469-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3978-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3948-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2780-2466-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3979-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3938-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2852-16-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2984-3973-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-21-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download