cobaltstrike | c56c67c9bf50d313e74d4c457874ac97c877b4b655869db311a22d7e212113b6

Analysis

max time kernel
150s
max time network
26s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0b89c56d335c26a462daedc3ca1834c7
SHA1

bfa571ea512b64cc2c3d39ac552ac837b066e23c
SHA256

c56c67c9bf50d313e74d4c457874ac97c877b4b655869db311a22d7e212113b6
SHA512

c44ee3e65b8483735c55785e828e1076dfbd4e21497352f9c1dd31357f2d081d7abefc0c59aeef5f2afe07ba9ea4e6552eb616dd8763f933ddf3ed3abdffafd9
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUr:T+q56utgpPF8u/7r

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00070000000120fc-5.dat	cobalt_reflective_dll
behavioral1/files/0x0003000000018334-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019394-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019470-34.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b8-28.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194eb-63.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019490-55.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-98.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44d-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a473-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a479-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a475-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46b-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a469-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a459-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a457-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44f-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a438-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a404-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-76.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195bb-68.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001948c-40.dat	cobalt_reflective_dll
behavioral1/files/0x0031000000018bbf-48.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2936-0-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x00070000000120fc-5.dat	xmrig
behavioral1/files/0x0003000000018334-8.dat	xmrig
behavioral1/files/0x0008000000019394-15.dat	xmrig
behavioral1/memory/2964-20-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2776-36-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2756-30-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x0007000000019470-34.dat	xmrig
behavioral1/files/0x00070000000193b8-28.dat	xmrig
behavioral1/files/0x00080000000194eb-63.dat	xmrig
behavioral1/files/0x0006000000019490-55.dat	xmrig
behavioral1/memory/432-91-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3f8-98.dat	xmrig
behavioral1/memory/2936-109-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a400-110.dat	xmrig
behavioral1/files/0x000500000001a44d-128.dat	xmrig
behavioral1/files/0x000500000001a46d-163.dat	xmrig
behavioral1/files/0x000500000001a473-178.dat	xmrig
behavioral1/memory/432-382-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/1480-1654-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2776-1705-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2800-1721-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2360-1808-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/984-1807-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/432-1803-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2080-1787-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/1660-1776-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2732-1761-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2612-1737-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2588-1718-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2756-1675-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2964-1673-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/640-1663-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2936-516-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/1660-222-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2936-221-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a479-194.dat	xmrig
behavioral1/files/0x000500000001a475-184.dat	xmrig
behavioral1/files/0x000500000001a477-187.dat	xmrig
behavioral1/files/0x000500000001a471-174.dat	xmrig
behavioral1/files/0x000500000001a46f-168.dat	xmrig
behavioral1/memory/2732-165-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46b-157.dat	xmrig
behavioral1/files/0x000500000001a469-153.dat	xmrig
behavioral1/files/0x000500000001a463-147.dat	xmrig
behavioral1/files/0x000500000001a459-142.dat	xmrig
behavioral1/files/0x000500000001a457-137.dat	xmrig
behavioral1/files/0x000500000001a44f-133.dat	xmrig
behavioral1/files/0x000500000001a438-123.dat	xmrig
behavioral1/files/0x000500000001a404-116.dat	xmrig
behavioral1/memory/2936-108-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/2360-102-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/984-101-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3ab-95.dat	xmrig
behavioral1/files/0x000500000001a3fd-105.dat	xmrig
behavioral1/memory/2776-71-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/1660-70-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2588-89-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3f6-88.dat	xmrig
behavioral1/memory/2080-85-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/files/0x000500000001a309-76.dat	xmrig
behavioral1/files/0x00070000000195bb-68.dat	xmrig
behavioral1/memory/2612-59-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2936-57-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1480	FKtpxFZ.exe
2964	NFpFkzp.exe
640	lRNZFxG.exe
2756	sXBtVVt.exe
2776	szTmeCo.exe
2588	VqhbKsE.exe
2800	AtLrekx.exe
2612	fAHbVsJ.exe
2732	rKXFiRK.exe
1660	PHiOlgc.exe
2080	NjsimfH.exe
432	pbiIIfs.exe
984	rmlEsZG.exe
2360	qqWTLdv.exe
2340	rqEbZJz.exe
3032	NgmuVaW.exe
2188	fQkUXni.exe
1972	WVIpYnC.exe
2528	ViQQMCG.exe
1468	vpBcJrd.exe
324	yumBTuy.exe
1536	ZFlEOKx.exe
2292	voZgDOo.exe
2112	IBzIbrE.exe
2228	nbOrtPc.exe
2564	ONJRIAx.exe
2124	rTveOUJ.exe
1076	aGJTWcg.exe
2312	ibLWLBI.exe
1388	ZimYRDl.exe
2428	EUqXkzH.exe
1668	isVWACL.exe
948	gHMNALr.exe
2644	hyXKJAi.exe
1752	DTBPALp.exe
1504	bYWACfl.exe
1812	eduCFWB.exe
776	PECdUcM.exe
1216	hlhlZeu.exe
2680	iOqggRg.exe
1088	qygwrHz.exe
1068	zsQOyGo.exe
2660	PMMWbUp.exe
1384	pPLvFKA.exe
2000	sZaMCMD.exe
332	LQWqqyG.exe
2412	CiRygot.exe
1152	DaXlKkE.exe
1200	KwBQjbg.exe
2148	iAVbjhh.exe
1720	DROuAIH.exe
2448	AtvexLW.exe
2032	GMciVay.exe
2236	MNSEeNp.exe
2904	JBBTIJY.exe
3012	Vmgozfw.exe
2372	FmsBDRN.exe
2868	IUJbtCu.exe
868	tjSLfTn.exe
592	NSYxNhp.exe
3036	uXPQQFp.exe
3024	mfZRRQC.exe
2256	CsWydjn.exe
2076	blvkOBl.exe

Loads dropped DLL 64 IoCs

pid	Process
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2936-0-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x00070000000120fc-5.dat	upx
behavioral1/files/0x0003000000018334-8.dat	upx
behavioral1/files/0x0008000000019394-15.dat	upx
behavioral1/memory/2964-20-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2776-36-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2756-30-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x0007000000019470-34.dat	upx
behavioral1/files/0x00070000000193b8-28.dat	upx
behavioral1/files/0x00080000000194eb-63.dat	upx
behavioral1/files/0x0006000000019490-55.dat	upx
behavioral1/memory/432-91-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x000500000001a3f8-98.dat	upx
behavioral1/files/0x000500000001a400-110.dat	upx
behavioral1/files/0x000500000001a44d-128.dat	upx
behavioral1/files/0x000500000001a46d-163.dat	upx
behavioral1/files/0x000500000001a473-178.dat	upx
behavioral1/memory/432-382-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/1480-1654-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2776-1705-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2800-1721-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2360-1808-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/984-1807-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/432-1803-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2080-1787-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/1660-1776-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2732-1761-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2612-1737-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2588-1718-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2756-1675-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2964-1673-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/640-1663-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/1660-222-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x000500000001a479-194.dat	upx
behavioral1/files/0x000500000001a475-184.dat	upx
behavioral1/files/0x000500000001a477-187.dat	upx
behavioral1/files/0x000500000001a471-174.dat	upx
behavioral1/files/0x000500000001a46f-168.dat	upx
behavioral1/memory/2732-165-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x000500000001a46b-157.dat	upx
behavioral1/files/0x000500000001a469-153.dat	upx
behavioral1/files/0x000500000001a463-147.dat	upx
behavioral1/files/0x000500000001a459-142.dat	upx
behavioral1/files/0x000500000001a457-137.dat	upx
behavioral1/files/0x000500000001a44f-133.dat	upx
behavioral1/files/0x000500000001a438-123.dat	upx
behavioral1/files/0x000500000001a404-116.dat	upx
behavioral1/memory/2360-102-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/984-101-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x000500000001a3ab-95.dat	upx
behavioral1/files/0x000500000001a3fd-105.dat	upx
behavioral1/memory/2776-71-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/1660-70-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2588-89-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x000500000001a3f6-88.dat	upx
behavioral1/memory/2080-85-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/files/0x000500000001a309-76.dat	upx
behavioral1/files/0x00070000000195bb-68.dat	upx
behavioral1/memory/2612-59-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2936-57-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2732-64-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2800-51-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2588-42-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x000600000001948c-40.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\Vmgozfw.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cZgkdzm.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EKwjeen.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oXKdJlI.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hpyPUVz.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ymPMjjo.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bISJtFo.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RnrQPMu.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HmedldG.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aZlqnkB.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rQPFJPk.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FhEmvBv.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFpFkzp.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iKOPLZQ.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAxriht.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ssETUIE.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xMrezZD.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\arpNtMh.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YqiZCdz.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\npNyajd.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bOUMCeI.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxVPJXG.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sFgnLHm.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nbOrtPc.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ndrcBcG.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZNyAbOC.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FxHqHgI.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pqDgdvl.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wwCejht.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AukqvwH.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FuEHfah.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BbHoaKQ.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kXPqgiQ.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CZdcsbw.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UtJpwQu.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pChCRvb.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rOfNLBH.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UOzuxrP.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UbavddY.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lodmuSK.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xvsBHoo.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAiFNeh.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSAhqWb.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OHayKvn.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XZtogFZ.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EUqXkzH.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ObnXkrs.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zKEkqjW.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EbdNqrX.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NYKqOeN.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYpsije.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NRVfVKL.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JYPwYDe.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGEONOm.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zsHfmPf.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DEKSfnA.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KoTYWUF.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GMciVay.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFpeuYB.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mvACsGB.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iqYPRCK.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nknSUlj.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyfyLDs.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VATxVIz.exe	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 1480	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2936 wrote to memory of 1480	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2936 wrote to memory of 1480	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2936 wrote to memory of 2964	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2936 wrote to memory of 2964	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2936 wrote to memory of 2964	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2936 wrote to memory of 640	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2936 wrote to memory of 640	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2936 wrote to memory of 640	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2936 wrote to memory of 2756	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2936 wrote to memory of 2756	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2936 wrote to memory of 2756	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2936 wrote to memory of 2776	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2936 wrote to memory of 2776	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2936 wrote to memory of 2776	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2936 wrote to memory of 2588	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2936 wrote to memory of 2588	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2936 wrote to memory of 2588	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2936 wrote to memory of 2800	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2936 wrote to memory of 2800	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2936 wrote to memory of 2800	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2936 wrote to memory of 2612	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2936 wrote to memory of 2612	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2936 wrote to memory of 2612	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2936 wrote to memory of 2732	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2936 wrote to memory of 2732	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2936 wrote to memory of 2732	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2936 wrote to memory of 1660	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2936 wrote to memory of 1660	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2936 wrote to memory of 1660	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2936 wrote to memory of 2080	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2936 wrote to memory of 2080	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2936 wrote to memory of 2080	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2936 wrote to memory of 984	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2936 wrote to memory of 984	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2936 wrote to memory of 984	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2936 wrote to memory of 432	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2936 wrote to memory of 432	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2936 wrote to memory of 432	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2936 wrote to memory of 2360	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2936 wrote to memory of 2360	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2936 wrote to memory of 2360	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2936 wrote to memory of 2340	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2936 wrote to memory of 2340	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2936 wrote to memory of 2340	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2936 wrote to memory of 2188	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2936 wrote to memory of 2188	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2936 wrote to memory of 2188	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2936 wrote to memory of 3032	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2936 wrote to memory of 3032	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2936 wrote to memory of 3032	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2936 wrote to memory of 1972	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2936 wrote to memory of 1972	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2936 wrote to memory of 1972	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2936 wrote to memory of 2528	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2936 wrote to memory of 2528	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2936 wrote to memory of 2528	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2936 wrote to memory of 1468	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2936 wrote to memory of 1468	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2936 wrote to memory of 1468	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2936 wrote to memory of 324	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2936 wrote to memory of 324	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2936 wrote to memory of 324	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2936 wrote to memory of 1536	2936	2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_0b89c56d335c26a462daedc3ca1834c7_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\System\FKtpxFZ.exe
  C:\Windows\System\FKtpxFZ.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\NFpFkzp.exe
  C:\Windows\System\NFpFkzp.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\lRNZFxG.exe
  C:\Windows\System\lRNZFxG.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\sXBtVVt.exe
  C:\Windows\System\sXBtVVt.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\szTmeCo.exe
  C:\Windows\System\szTmeCo.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\VqhbKsE.exe
  C:\Windows\System\VqhbKsE.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\AtLrekx.exe
  C:\Windows\System\AtLrekx.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\fAHbVsJ.exe
  C:\Windows\System\fAHbVsJ.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\rKXFiRK.exe
  C:\Windows\System\rKXFiRK.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\PHiOlgc.exe
  C:\Windows\System\PHiOlgc.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\NjsimfH.exe
  C:\Windows\System\NjsimfH.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\rmlEsZG.exe
  C:\Windows\System\rmlEsZG.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\pbiIIfs.exe
  C:\Windows\System\pbiIIfs.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\qqWTLdv.exe
  C:\Windows\System\qqWTLdv.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\rqEbZJz.exe
  C:\Windows\System\rqEbZJz.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\fQkUXni.exe
  C:\Windows\System\fQkUXni.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\NgmuVaW.exe
  C:\Windows\System\NgmuVaW.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\WVIpYnC.exe
  C:\Windows\System\WVIpYnC.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\ViQQMCG.exe
  C:\Windows\System\ViQQMCG.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\vpBcJrd.exe
  C:\Windows\System\vpBcJrd.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\yumBTuy.exe
  C:\Windows\System\yumBTuy.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\ZFlEOKx.exe
  C:\Windows\System\ZFlEOKx.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\voZgDOo.exe
  C:\Windows\System\voZgDOo.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\IBzIbrE.exe
  C:\Windows\System\IBzIbrE.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\nbOrtPc.exe
  C:\Windows\System\nbOrtPc.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\ONJRIAx.exe
  C:\Windows\System\ONJRIAx.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\rTveOUJ.exe
  C:\Windows\System\rTveOUJ.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\aGJTWcg.exe
  C:\Windows\System\aGJTWcg.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\ibLWLBI.exe
  C:\Windows\System\ibLWLBI.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\ZimYRDl.exe
  C:\Windows\System\ZimYRDl.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\EUqXkzH.exe
  C:\Windows\System\EUqXkzH.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\isVWACL.exe
  C:\Windows\System\isVWACL.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\gHMNALr.exe
  C:\Windows\System\gHMNALr.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\hyXKJAi.exe
  C:\Windows\System\hyXKJAi.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\DTBPALp.exe
  C:\Windows\System\DTBPALp.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\bYWACfl.exe
  C:\Windows\System\bYWACfl.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\eduCFWB.exe
  C:\Windows\System\eduCFWB.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\PECdUcM.exe
  C:\Windows\System\PECdUcM.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\hlhlZeu.exe
  C:\Windows\System\hlhlZeu.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\qygwrHz.exe
  C:\Windows\System\qygwrHz.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\iOqggRg.exe
  C:\Windows\System\iOqggRg.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\pPLvFKA.exe
  C:\Windows\System\pPLvFKA.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\zsQOyGo.exe
  C:\Windows\System\zsQOyGo.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\sZaMCMD.exe
  C:\Windows\System\sZaMCMD.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\PMMWbUp.exe
  C:\Windows\System\PMMWbUp.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\LQWqqyG.exe
  C:\Windows\System\LQWqqyG.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\CiRygot.exe
  C:\Windows\System\CiRygot.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\DaXlKkE.exe
  C:\Windows\System\DaXlKkE.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\KwBQjbg.exe
  C:\Windows\System\KwBQjbg.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\DROuAIH.exe
  C:\Windows\System\DROuAIH.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\iAVbjhh.exe
  C:\Windows\System\iAVbjhh.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\AtvexLW.exe
  C:\Windows\System\AtvexLW.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\GMciVay.exe
  C:\Windows\System\GMciVay.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\MNSEeNp.exe
  C:\Windows\System\MNSEeNp.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\JBBTIJY.exe
  C:\Windows\System\JBBTIJY.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\FmsBDRN.exe
  C:\Windows\System\FmsBDRN.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\Vmgozfw.exe
  C:\Windows\System\Vmgozfw.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\IUJbtCu.exe
  C:\Windows\System\IUJbtCu.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\tjSLfTn.exe
  C:\Windows\System\tjSLfTn.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\CsWydjn.exe
  C:\Windows\System\CsWydjn.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\NSYxNhp.exe
  C:\Windows\System\NSYxNhp.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\blvkOBl.exe
  C:\Windows\System\blvkOBl.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\uXPQQFp.exe
  C:\Windows\System\uXPQQFp.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\sRPRaDD.exe
  C:\Windows\System\sRPRaDD.exe
  2⤵
  PID:2508
- C:\Windows\System\mfZRRQC.exe
  C:\Windows\System\mfZRRQC.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\dqmNSEf.exe
  C:\Windows\System\dqmNSEf.exe
  2⤵
  PID:856
- C:\Windows\System\lHCWaFn.exe
  C:\Windows\System\lHCWaFn.exe
  2⤵
  PID:836
- C:\Windows\System\xrpodKR.exe
  C:\Windows\System\xrpodKR.exe
  2⤵
  PID:2116
- C:\Windows\System\AUgySDE.exe
  C:\Windows\System\AUgySDE.exe
  2⤵
  PID:2524
- C:\Windows\System\fwYJCfO.exe
  C:\Windows\System\fwYJCfO.exe
  2⤵
  PID:2276
- C:\Windows\System\rudmvBq.exe
  C:\Windows\System\rudmvBq.exe
  2⤵
  PID:320
- C:\Windows\System\fdsmhGT.exe
  C:\Windows\System\fdsmhGT.exe
  2⤵
  PID:1960
- C:\Windows\System\wiwVPaz.exe
  C:\Windows\System\wiwVPaz.exe
  2⤵
  PID:2084
- C:\Windows\System\kqLrsUX.exe
  C:\Windows\System\kqLrsUX.exe
  2⤵
  PID:2724
- C:\Windows\System\pChCRvb.exe
  C:\Windows\System\pChCRvb.exe
  2⤵
  PID:2640
- C:\Windows\System\adVYMGb.exe
  C:\Windows\System\adVYMGb.exe
  2⤵
  PID:2712
- C:\Windows\System\NnWytIy.exe
  C:\Windows\System\NnWytIy.exe
  2⤵
  PID:1828
- C:\Windows\System\DVuvyqc.exe
  C:\Windows\System\DVuvyqc.exe
  2⤵
  PID:1380
- C:\Windows\System\oKWwZDv.exe
  C:\Windows\System\oKWwZDv.exe
  2⤵
  PID:676
- C:\Windows\System\hDXsJkK.exe
  C:\Windows\System\hDXsJkK.exe
  2⤵
  PID:2600
- C:\Windows\System\mwMYTkI.exe
  C:\Windows\System\mwMYTkI.exe
  2⤵
  PID:1852
- C:\Windows\System\LiHvSBx.exe
  C:\Windows\System\LiHvSBx.exe
  2⤵
  PID:1652
- C:\Windows\System\deAuHoJ.exe
  C:\Windows\System\deAuHoJ.exe
  2⤵
  PID:596
- C:\Windows\System\liaTgJy.exe
  C:\Windows\System\liaTgJy.exe
  2⤵
  PID:1524
- C:\Windows\System\PqsavWi.exe
  C:\Windows\System\PqsavWi.exe
  2⤵
  PID:2240
- C:\Windows\System\rJLjzFE.exe
  C:\Windows\System\rJLjzFE.exe
  2⤵
  PID:2824
- C:\Windows\System\uhAHPrn.exe
  C:\Windows\System\uhAHPrn.exe
  2⤵
  PID:896
- C:\Windows\System\uCJlCCH.exe
  C:\Windows\System\uCJlCCH.exe
  2⤵
  PID:1120
- C:\Windows\System\EnTyIcD.exe
  C:\Windows\System\EnTyIcD.exe
  2⤵
  PID:2504
- C:\Windows\System\hNVekqh.exe
  C:\Windows\System\hNVekqh.exe
  2⤵
  PID:1824
- C:\Windows\System\lWDOJxy.exe
  C:\Windows\System\lWDOJxy.exe
  2⤵
  PID:2768
- C:\Windows\System\aCmGphz.exe
  C:\Windows\System\aCmGphz.exe
  2⤵
  PID:2260
- C:\Windows\System\zqwzLWT.exe
  C:\Windows\System\zqwzLWT.exe
  2⤵
  PID:2208
- C:\Windows\System\qlNUWlh.exe
  C:\Windows\System\qlNUWlh.exe
  2⤵
  PID:2100
- C:\Windows\System\rInzNAI.exe
  C:\Windows\System\rInzNAI.exe
  2⤵
  PID:1144
- C:\Windows\System\pVpgiSq.exe
  C:\Windows\System\pVpgiSq.exe
  2⤵
  PID:1284
- C:\Windows\System\WVIzNHx.exe
  C:\Windows\System\WVIzNHx.exe
  2⤵
  PID:908
- C:\Windows\System\KMWthHs.exe
  C:\Windows\System\KMWthHs.exe
  2⤵
  PID:1696
- C:\Windows\System\UCzPjtg.exe
  C:\Windows\System\UCzPjtg.exe
  2⤵
  PID:2832
- C:\Windows\System\YQaQQYP.exe
  C:\Windows\System\YQaQQYP.exe
  2⤵
  PID:1724
- C:\Windows\System\CtWrxvK.exe
  C:\Windows\System\CtWrxvK.exe
  2⤵
  PID:2492
- C:\Windows\System\eZddwgf.exe
  C:\Windows\System\eZddwgf.exe
  2⤵
  PID:1168
- C:\Windows\System\SXqMdye.exe
  C:\Windows\System\SXqMdye.exe
  2⤵
  PID:1944
- C:\Windows\System\fAuWszh.exe
  C:\Windows\System\fAuWszh.exe
  2⤵
  PID:1584
- C:\Windows\System\JsRNLZU.exe
  C:\Windows\System\JsRNLZU.exe
  2⤵
  PID:2648
- C:\Windows\System\sBAucqD.exe
  C:\Windows\System\sBAucqD.exe
  2⤵
  PID:1608
- C:\Windows\System\ydEcROI.exe
  C:\Windows\System\ydEcROI.exe
  2⤵
  PID:2856
- C:\Windows\System\tPdsucL.exe
  C:\Windows\System\tPdsucL.exe
  2⤵
  PID:2308
- C:\Windows\System\zNlUevn.exe
  C:\Windows\System\zNlUevn.exe
  2⤵
  PID:2460
- C:\Windows\System\aQsWgar.exe
  C:\Windows\System\aQsWgar.exe
  2⤵
  PID:760
- C:\Windows\System\ivLKNSn.exe
  C:\Windows\System\ivLKNSn.exe
  2⤵
  PID:2700
- C:\Windows\System\EjxyFlV.exe
  C:\Windows\System\EjxyFlV.exe
  2⤵
  PID:840
- C:\Windows\System\uwgUhOo.exe
  C:\Windows\System\uwgUhOo.exe
  2⤵
  PID:3092
- C:\Windows\System\KiqYoHA.exe
  C:\Windows\System\KiqYoHA.exe
  2⤵
  PID:3108
- C:\Windows\System\WFGAgJe.exe
  C:\Windows\System\WFGAgJe.exe
  2⤵
  PID:3128
- C:\Windows\System\myNPWPM.exe
  C:\Windows\System\myNPWPM.exe
  2⤵
  PID:3152
- C:\Windows\System\aKdlZii.exe
  C:\Windows\System\aKdlZii.exe
  2⤵
  PID:3168
- C:\Windows\System\aFMGMZm.exe
  C:\Windows\System\aFMGMZm.exe
  2⤵
  PID:3188
- C:\Windows\System\egaGYxM.exe
  C:\Windows\System\egaGYxM.exe
  2⤵
  PID:3212
- C:\Windows\System\zLQGBqD.exe
  C:\Windows\System\zLQGBqD.exe
  2⤵
  PID:3236
- C:\Windows\System\EwXQtDf.exe
  C:\Windows\System\EwXQtDf.exe
  2⤵
  PID:3256
- C:\Windows\System\qLNqlDy.exe
  C:\Windows\System\qLNqlDy.exe
  2⤵
  PID:3276
- C:\Windows\System\blVUvIV.exe
  C:\Windows\System\blVUvIV.exe
  2⤵
  PID:3300
- C:\Windows\System\gmKhHnq.exe
  C:\Windows\System\gmKhHnq.exe
  2⤵
  PID:3320
- C:\Windows\System\DXstrrT.exe
  C:\Windows\System\DXstrrT.exe
  2⤵
  PID:3336
- C:\Windows\System\aJJoGBM.exe
  C:\Windows\System\aJJoGBM.exe
  2⤵
  PID:3360
- C:\Windows\System\CHdaLPs.exe
  C:\Windows\System\CHdaLPs.exe
  2⤵
  PID:3384
- C:\Windows\System\VqmUgPX.exe
  C:\Windows\System\VqmUgPX.exe
  2⤵
  PID:3400
- C:\Windows\System\UJJWnUJ.exe
  C:\Windows\System\UJJWnUJ.exe
  2⤵
  PID:3420
- C:\Windows\System\UAWLbKv.exe
  C:\Windows\System\UAWLbKv.exe
  2⤵
  PID:3440
- C:\Windows\System\nclCHZQ.exe
  C:\Windows\System\nclCHZQ.exe
  2⤵
  PID:3460
- C:\Windows\System\ByOnbFt.exe
  C:\Windows\System\ByOnbFt.exe
  2⤵
  PID:3480
- C:\Windows\System\rTkNnsq.exe
  C:\Windows\System\rTkNnsq.exe
  2⤵
  PID:3496
- C:\Windows\System\eRIbLYi.exe
  C:\Windows\System\eRIbLYi.exe
  2⤵
  PID:3524
- C:\Windows\System\jGkbrYC.exe
  C:\Windows\System\jGkbrYC.exe
  2⤵
  PID:3544
- C:\Windows\System\tbgjllD.exe
  C:\Windows\System\tbgjllD.exe
  2⤵
  PID:3560
- C:\Windows\System\BVOGRZv.exe
  C:\Windows\System\BVOGRZv.exe
  2⤵
  PID:3580
- C:\Windows\System\PXnUDEj.exe
  C:\Windows\System\PXnUDEj.exe
  2⤵
  PID:3604
- C:\Windows\System\rekGjjw.exe
  C:\Windows\System\rekGjjw.exe
  2⤵
  PID:3628
- C:\Windows\System\BhToXYv.exe
  C:\Windows\System\BhToXYv.exe
  2⤵
  PID:3648
- C:\Windows\System\CFVoCku.exe
  C:\Windows\System\CFVoCku.exe
  2⤵
  PID:3668
- C:\Windows\System\cLikXMw.exe
  C:\Windows\System\cLikXMw.exe
  2⤵
  PID:3688
- C:\Windows\System\EfFWQKR.exe
  C:\Windows\System\EfFWQKR.exe
  2⤵
  PID:3708
- C:\Windows\System\FHprgpz.exe
  C:\Windows\System\FHprgpz.exe
  2⤵
  PID:3728
- C:\Windows\System\HwcLmUm.exe
  C:\Windows\System\HwcLmUm.exe
  2⤵
  PID:3748
- C:\Windows\System\LIFAriF.exe
  C:\Windows\System\LIFAriF.exe
  2⤵
  PID:3768
- C:\Windows\System\aEbqOuV.exe
  C:\Windows\System\aEbqOuV.exe
  2⤵
  PID:3784
- C:\Windows\System\KyIKCxi.exe
  C:\Windows\System\KyIKCxi.exe
  2⤵
  PID:3800
- C:\Windows\System\WzdrOOb.exe
  C:\Windows\System\WzdrOOb.exe
  2⤵
  PID:3820
- C:\Windows\System\BNKIOVK.exe
  C:\Windows\System\BNKIOVK.exe
  2⤵
  PID:3844
- C:\Windows\System\lxjzymi.exe
  C:\Windows\System\lxjzymi.exe
  2⤵
  PID:3864
- C:\Windows\System\ePHxOZT.exe
  C:\Windows\System\ePHxOZT.exe
  2⤵
  PID:3880
- C:\Windows\System\VqRGVsm.exe
  C:\Windows\System\VqRGVsm.exe
  2⤵
  PID:3900
- C:\Windows\System\ayMioiG.exe
  C:\Windows\System\ayMioiG.exe
  2⤵
  PID:3924
- C:\Windows\System\KTxtcaY.exe
  C:\Windows\System\KTxtcaY.exe
  2⤵
  PID:3948
- C:\Windows\System\FhIWeQq.exe
  C:\Windows\System\FhIWeQq.exe
  2⤵
  PID:3968
- C:\Windows\System\eYtLAen.exe
  C:\Windows\System\eYtLAen.exe
  2⤵
  PID:3988
- C:\Windows\System\rzqUivM.exe
  C:\Windows\System\rzqUivM.exe
  2⤵
  PID:4004
- C:\Windows\System\vLhbRTg.exe
  C:\Windows\System\vLhbRTg.exe
  2⤵
  PID:4024
- C:\Windows\System\qoscESP.exe
  C:\Windows\System\qoscESP.exe
  2⤵
  PID:4048
- C:\Windows\System\wOtqxwW.exe
  C:\Windows\System\wOtqxwW.exe
  2⤵
  PID:4068
- C:\Windows\System\WPriImK.exe
  C:\Windows\System\WPriImK.exe
  2⤵
  PID:4088
- C:\Windows\System\vfYCuXU.exe
  C:\Windows\System\vfYCuXU.exe
  2⤵
  PID:1552
- C:\Windows\System\NDYaXYV.exe
  C:\Windows\System\NDYaXYV.exe
  2⤵
  PID:1156
- C:\Windows\System\fKGnuQE.exe
  C:\Windows\System\fKGnuQE.exe
  2⤵
  PID:1700
- C:\Windows\System\QWBNXit.exe
  C:\Windows\System\QWBNXit.exe
  2⤵
  PID:2664
- C:\Windows\System\suohEQu.exe
  C:\Windows\System\suohEQu.exe
  2⤵
  PID:2968
- C:\Windows\System\OTcXCsT.exe
  C:\Windows\System\OTcXCsT.exe
  2⤵
  PID:1768
- C:\Windows\System\wxymBLE.exe
  C:\Windows\System\wxymBLE.exe
  2⤵
  PID:1760
- C:\Windows\System\Kdkkfer.exe
  C:\Windows\System\Kdkkfer.exe
  2⤵
  PID:3148
- C:\Windows\System\TYMIXqm.exe
  C:\Windows\System\TYMIXqm.exe
  2⤵
  PID:3184
- C:\Windows\System\TsuoXxP.exe
  C:\Windows\System\TsuoXxP.exe
  2⤵
  PID:2780
- C:\Windows\System\OvuBZlZ.exe
  C:\Windows\System\OvuBZlZ.exe
  2⤵
  PID:3076
- C:\Windows\System\BhnQonW.exe
  C:\Windows\System\BhnQonW.exe
  2⤵
  PID:3232
- C:\Windows\System\vbjeVOr.exe
  C:\Windows\System\vbjeVOr.exe
  2⤵
  PID:3124
- C:\Windows\System\gGDTMJq.exe
  C:\Windows\System\gGDTMJq.exe
  2⤵
  PID:3160
- C:\Windows\System\zIUNWvO.exe
  C:\Windows\System\zIUNWvO.exe
  2⤵
  PID:3244
- C:\Windows\System\vlVMnmL.exe
  C:\Windows\System\vlVMnmL.exe
  2⤵
  PID:3288
- C:\Windows\System\BTXQpQV.exe
  C:\Windows\System\BTXQpQV.exe
  2⤵
  PID:3348
- C:\Windows\System\rmQwtja.exe
  C:\Windows\System\rmQwtja.exe
  2⤵
  PID:3392
- C:\Windows\System\wveHkGH.exe
  C:\Windows\System\wveHkGH.exe
  2⤵
  PID:3428
- C:\Windows\System\QRgQgme.exe
  C:\Windows\System\QRgQgme.exe
  2⤵
  PID:3412
- C:\Windows\System\sOYRpzO.exe
  C:\Windows\System\sOYRpzO.exe
  2⤵
  PID:3472
- C:\Windows\System\YmbVKuW.exe
  C:\Windows\System\YmbVKuW.exe
  2⤵
  PID:3552
- C:\Windows\System\rdQwpNV.exe
  C:\Windows\System\rdQwpNV.exe
  2⤵
  PID:3492
- C:\Windows\System\aTozhoc.exe
  C:\Windows\System\aTozhoc.exe
  2⤵
  PID:3536
- C:\Windows\System\OYLNqEs.exe
  C:\Windows\System\OYLNqEs.exe
  2⤵
  PID:3596
- C:\Windows\System\pTOtqtg.exe
  C:\Windows\System\pTOtqtg.exe
  2⤵
  PID:3676
- C:\Windows\System\UdmZixB.exe
  C:\Windows\System\UdmZixB.exe
  2⤵
  PID:3716
- C:\Windows\System\NNUUZbn.exe
  C:\Windows\System\NNUUZbn.exe
  2⤵
  PID:3656
- C:\Windows\System\mSMxQOq.exe
  C:\Windows\System\mSMxQOq.exe
  2⤵
  PID:3744
- C:\Windows\System\hHFOuLk.exe
  C:\Windows\System\hHFOuLk.exe
  2⤵
  PID:3740
- C:\Windows\System\iyPkDCw.exe
  C:\Windows\System\iyPkDCw.exe
  2⤵
  PID:3840
- C:\Windows\System\EExTpSY.exe
  C:\Windows\System\EExTpSY.exe
  2⤵
  PID:3812
- C:\Windows\System\becpUYD.exe
  C:\Windows\System\becpUYD.exe
  2⤵
  PID:3920
- C:\Windows\System\makWExI.exe
  C:\Windows\System\makWExI.exe
  2⤵
  PID:3892
- C:\Windows\System\wzPaDNw.exe
  C:\Windows\System\wzPaDNw.exe
  2⤵
  PID:3956
- C:\Windows\System\JepZreW.exe
  C:\Windows\System\JepZreW.exe
  2⤵
  PID:3996
- C:\Windows\System\CypPxBd.exe
  C:\Windows\System\CypPxBd.exe
  2⤵
  PID:4040
- C:\Windows\System\ObnXkrs.exe
  C:\Windows\System\ObnXkrs.exe
  2⤵
  PID:4016
- C:\Windows\System\aYdDqJL.exe
  C:\Windows\System\aYdDqJL.exe
  2⤵
  PID:4080
- C:\Windows\System\gOfyvvc.exe
  C:\Windows\System\gOfyvvc.exe
  2⤵
  PID:2676
- C:\Windows\System\zofUxXm.exe
  C:\Windows\System\zofUxXm.exe
  2⤵
  PID:1716
- C:\Windows\System\JEqRrou.exe
  C:\Windows\System\JEqRrou.exe
  2⤵
  PID:2056
- C:\Windows\System\KYgDjMj.exe
  C:\Windows\System\KYgDjMj.exe
  2⤵
  PID:3100
- C:\Windows\System\thvxulP.exe
  C:\Windows\System\thvxulP.exe
  2⤵
  PID:112
- C:\Windows\System\pnttUHT.exe
  C:\Windows\System\pnttUHT.exe
  2⤵
  PID:1444
- C:\Windows\System\cZjVXdK.exe
  C:\Windows\System\cZjVXdK.exe
  2⤵
  PID:2120
- C:\Windows\System\UMNTAiW.exe
  C:\Windows\System\UMNTAiW.exe
  2⤵
  PID:3268
- C:\Windows\System\JjNLJjG.exe
  C:\Windows\System\JjNLJjG.exe
  2⤵
  PID:3308
- C:\Windows\System\mLiVBDq.exe
  C:\Windows\System\mLiVBDq.exe
  2⤵
  PID:3296
- C:\Windows\System\UmvCOew.exe
  C:\Windows\System\UmvCOew.exe
  2⤵
  PID:3316
- C:\Windows\System\EmEumSg.exe
  C:\Windows\System\EmEumSg.exe
  2⤵
  PID:3396
- C:\Windows\System\HNGoLvs.exe
  C:\Windows\System\HNGoLvs.exe
  2⤵
  PID:3516
- C:\Windows\System\JxAjeLQ.exe
  C:\Windows\System\JxAjeLQ.exe
  2⤵
  PID:3568
- C:\Windows\System\sDMnmrI.exe
  C:\Windows\System\sDMnmrI.exe
  2⤵
  PID:3640
- C:\Windows\System\ONdWQlo.exe
  C:\Windows\System\ONdWQlo.exe
  2⤵
  PID:3620
- C:\Windows\System\WZnsgTk.exe
  C:\Windows\System\WZnsgTk.exe
  2⤵
  PID:3664
- C:\Windows\System\BdLrEyT.exe
  C:\Windows\System\BdLrEyT.exe
  2⤵
  PID:3736
- C:\Windows\System\NorWRlE.exe
  C:\Windows\System\NorWRlE.exe
  2⤵
  PID:3828
- C:\Windows\System\EWhiJpB.exe
  C:\Windows\System\EWhiJpB.exe
  2⤵
  PID:3856
- C:\Windows\System\klrAHUG.exe
  C:\Windows\System\klrAHUG.exe
  2⤵
  PID:3936
- C:\Windows\System\nWoArrU.exe
  C:\Windows\System\nWoArrU.exe
  2⤵
  PID:3964
- C:\Windows\System\NcmXuJs.exe
  C:\Windows\System\NcmXuJs.exe
  2⤵
  PID:4120
- C:\Windows\System\CfjquPC.exe
  C:\Windows\System\CfjquPC.exe
  2⤵
  PID:4140
- C:\Windows\System\rUPKcBG.exe
  C:\Windows\System\rUPKcBG.exe
  2⤵
  PID:4160
- C:\Windows\System\gSdgVox.exe
  C:\Windows\System\gSdgVox.exe
  2⤵
  PID:4180
- C:\Windows\System\ROSIhNp.exe
  C:\Windows\System\ROSIhNp.exe
  2⤵
  PID:4200
- C:\Windows\System\XikyjkX.exe
  C:\Windows\System\XikyjkX.exe
  2⤵
  PID:4220
- C:\Windows\System\PfTOMVf.exe
  C:\Windows\System\PfTOMVf.exe
  2⤵
  PID:4240
- C:\Windows\System\ZHXCOns.exe
  C:\Windows\System\ZHXCOns.exe
  2⤵
  PID:4260
- C:\Windows\System\gwtqgwL.exe
  C:\Windows\System\gwtqgwL.exe
  2⤵
  PID:4280
- C:\Windows\System\zWrXRKv.exe
  C:\Windows\System\zWrXRKv.exe
  2⤵
  PID:4300
- C:\Windows\System\WnbUiNt.exe
  C:\Windows\System\WnbUiNt.exe
  2⤵
  PID:4320
- C:\Windows\System\SJCUphs.exe
  C:\Windows\System\SJCUphs.exe
  2⤵
  PID:4340
- C:\Windows\System\IIfGLQm.exe
  C:\Windows\System\IIfGLQm.exe
  2⤵
  PID:4360
- C:\Windows\System\vUKokyp.exe
  C:\Windows\System\vUKokyp.exe
  2⤵
  PID:4380
- C:\Windows\System\FNjdGmR.exe
  C:\Windows\System\FNjdGmR.exe
  2⤵
  PID:4400
- C:\Windows\System\UzfTiIW.exe
  C:\Windows\System\UzfTiIW.exe
  2⤵
  PID:4416
- C:\Windows\System\hDcRLlN.exe
  C:\Windows\System\hDcRLlN.exe
  2⤵
  PID:4436
- C:\Windows\System\kYGPlBo.exe
  C:\Windows\System\kYGPlBo.exe
  2⤵
  PID:4460
- C:\Windows\System\WyImHcH.exe
  C:\Windows\System\WyImHcH.exe
  2⤵
  PID:4484
- C:\Windows\System\KYzTyfA.exe
  C:\Windows\System\KYzTyfA.exe
  2⤵
  PID:4504
- C:\Windows\System\xqbqiOK.exe
  C:\Windows\System\xqbqiOK.exe
  2⤵
  PID:4524
- C:\Windows\System\dEtrURa.exe
  C:\Windows\System\dEtrURa.exe
  2⤵
  PID:4544
- C:\Windows\System\SJVLaBN.exe
  C:\Windows\System\SJVLaBN.exe
  2⤵
  PID:4564
- C:\Windows\System\VQQmRzw.exe
  C:\Windows\System\VQQmRzw.exe
  2⤵
  PID:4584
- C:\Windows\System\DCCzcWh.exe
  C:\Windows\System\DCCzcWh.exe
  2⤵
  PID:4604
- C:\Windows\System\OeCJnRf.exe
  C:\Windows\System\OeCJnRf.exe
  2⤵
  PID:4620
- C:\Windows\System\txubtIu.exe
  C:\Windows\System\txubtIu.exe
  2⤵
  PID:4656
- C:\Windows\System\IdAUhJQ.exe
  C:\Windows\System\IdAUhJQ.exe
  2⤵
  PID:4672
- C:\Windows\System\vrAlZgm.exe
  C:\Windows\System\vrAlZgm.exe
  2⤵
  PID:4696
- C:\Windows\System\egESBHd.exe
  C:\Windows\System\egESBHd.exe
  2⤵
  PID:4716
- C:\Windows\System\wxEdFCQ.exe
  C:\Windows\System\wxEdFCQ.exe
  2⤵
  PID:4736
- C:\Windows\System\KFDoDPL.exe
  C:\Windows\System\KFDoDPL.exe
  2⤵
  PID:4756
- C:\Windows\System\fODuAiK.exe
  C:\Windows\System\fODuAiK.exe
  2⤵
  PID:4772
- C:\Windows\System\gmGCJyx.exe
  C:\Windows\System\gmGCJyx.exe
  2⤵
  PID:4792
- C:\Windows\System\bqXHOPO.exe
  C:\Windows\System\bqXHOPO.exe
  2⤵
  PID:4816
- C:\Windows\System\CpGiFjm.exe
  C:\Windows\System\CpGiFjm.exe
  2⤵
  PID:4836
- C:\Windows\System\zsHfmPf.exe
  C:\Windows\System\zsHfmPf.exe
  2⤵
  PID:4852
- C:\Windows\System\OKJWslc.exe
  C:\Windows\System\OKJWslc.exe
  2⤵
  PID:4868
- C:\Windows\System\oKfMdbQ.exe
  C:\Windows\System\oKfMdbQ.exe
  2⤵
  PID:4884
- C:\Windows\System\maXVdTr.exe
  C:\Windows\System\maXVdTr.exe
  2⤵
  PID:4900
- C:\Windows\System\YZZZUBm.exe
  C:\Windows\System\YZZZUBm.exe
  2⤵
  PID:4928
- C:\Windows\System\bjBlBnl.exe
  C:\Windows\System\bjBlBnl.exe
  2⤵
  PID:4948
- C:\Windows\System\rGmMaCW.exe
  C:\Windows\System\rGmMaCW.exe
  2⤵
  PID:4976
- C:\Windows\System\ZMVooat.exe
  C:\Windows\System\ZMVooat.exe
  2⤵
  PID:4992
- C:\Windows\System\RWyPSKF.exe
  C:\Windows\System\RWyPSKF.exe
  2⤵
  PID:5012
- C:\Windows\System\MhxewXJ.exe
  C:\Windows\System\MhxewXJ.exe
  2⤵
  PID:5032
- C:\Windows\System\bvOXMSZ.exe
  C:\Windows\System\bvOXMSZ.exe
  2⤵
  PID:5052
- C:\Windows\System\qzqkDlU.exe
  C:\Windows\System\qzqkDlU.exe
  2⤵
  PID:5072
- C:\Windows\System\ghDduVt.exe
  C:\Windows\System\ghDduVt.exe
  2⤵
  PID:5096
- C:\Windows\System\ZYPXElq.exe
  C:\Windows\System\ZYPXElq.exe
  2⤵
  PID:5116
- C:\Windows\System\hENByjB.exe
  C:\Windows\System\hENByjB.exe
  2⤵
  PID:4000
- C:\Windows\System\ssETUIE.exe
  C:\Windows\System\ssETUIE.exe
  2⤵
  PID:2576
- C:\Windows\System\KuESwye.exe
  C:\Windows\System\KuESwye.exe
  2⤵
  PID:1844
- C:\Windows\System\DqPPCBb.exe
  C:\Windows\System\DqPPCBb.exe
  2⤵
  PID:2300
- C:\Windows\System\JMwaPbs.exe
  C:\Windows\System\JMwaPbs.exe
  2⤵
  PID:932
- C:\Windows\System\kVOTNaR.exe
  C:\Windows\System\kVOTNaR.exe
  2⤵
  PID:2980
- C:\Windows\System\gYAJqMC.exe
  C:\Windows\System\gYAJqMC.exe
  2⤵
  PID:3284
- C:\Windows\System\HQNLuLx.exe
  C:\Windows\System\HQNLuLx.exe
  2⤵
  PID:3204
- C:\Windows\System\UasZhPL.exe
  C:\Windows\System\UasZhPL.exe
  2⤵
  PID:3520
- C:\Windows\System\NFUvnCo.exe
  C:\Windows\System\NFUvnCo.exe
  2⤵
  PID:3448
- C:\Windows\System\QCkvSDp.exe
  C:\Windows\System\QCkvSDp.exe
  2⤵
  PID:3572
- C:\Windows\System\TfwbClz.exe
  C:\Windows\System\TfwbClz.exe
  2⤵
  PID:3720
- C:\Windows\System\GyyGPir.exe
  C:\Windows\System\GyyGPir.exe
  2⤵
  PID:3792
- C:\Windows\System\jRhNMJv.exe
  C:\Windows\System\jRhNMJv.exe
  2⤵
  PID:3860
- C:\Windows\System\mijhUYL.exe
  C:\Windows\System\mijhUYL.exe
  2⤵
  PID:4104
- C:\Windows\System\AfvKFPd.exe
  C:\Windows\System\AfvKFPd.exe
  2⤵
  PID:3932
- C:\Windows\System\XbThAna.exe
  C:\Windows\System\XbThAna.exe
  2⤵
  PID:4152
- C:\Windows\System\sLcFIpr.exe
  C:\Windows\System\sLcFIpr.exe
  2⤵
  PID:4196
- C:\Windows\System\eBWKgLx.exe
  C:\Windows\System\eBWKgLx.exe
  2⤵
  PID:4168
- C:\Windows\System\lPaPLgb.exe
  C:\Windows\System\lPaPLgb.exe
  2⤵
  PID:4268
- C:\Windows\System\qTWIyin.exe
  C:\Windows\System\qTWIyin.exe
  2⤵
  PID:4216
- C:\Windows\System\ndrcBcG.exe
  C:\Windows\System\ndrcBcG.exe
  2⤵
  PID:4288
- C:\Windows\System\LrlgSvL.exe
  C:\Windows\System\LrlgSvL.exe
  2⤵
  PID:4328
- C:\Windows\System\eTOFLDV.exe
  C:\Windows\System\eTOFLDV.exe
  2⤵
  PID:4352
- C:\Windows\System\omyeCUb.exe
  C:\Windows\System\omyeCUb.exe
  2⤵
  PID:4392
- C:\Windows\System\wMEWAgc.exe
  C:\Windows\System\wMEWAgc.exe
  2⤵
  PID:4428
- C:\Windows\System\ahlsolr.exe
  C:\Windows\System\ahlsolr.exe
  2⤵
  PID:4412
- C:\Windows\System\aZlqnkB.exe
  C:\Windows\System\aZlqnkB.exe
  2⤵
  PID:4492
- C:\Windows\System\sYYsDeT.exe
  C:\Windows\System\sYYsDeT.exe
  2⤵
  PID:4516
- C:\Windows\System\xXdVuXt.exe
  C:\Windows\System\xXdVuXt.exe
  2⤵
  PID:4556
- C:\Windows\System\VCYnSFx.exe
  C:\Windows\System\VCYnSFx.exe
  2⤵
  PID:4600
- C:\Windows\System\hvVKydB.exe
  C:\Windows\System\hvVKydB.exe
  2⤵
  PID:4616
- C:\Windows\System\HYJELTc.exe
  C:\Windows\System\HYJELTc.exe
  2⤵
  PID:4664
- C:\Windows\System\ktGEEyl.exe
  C:\Windows\System\ktGEEyl.exe
  2⤵
  PID:4732
- C:\Windows\System\fCcdxum.exe
  C:\Windows\System\fCcdxum.exe
  2⤵
  PID:4768
- C:\Windows\System\nksiwwt.exe
  C:\Windows\System\nksiwwt.exe
  2⤵
  PID:4804
- C:\Windows\System\kUrnutT.exe
  C:\Windows\System\kUrnutT.exe
  2⤵
  PID:4780
- C:\Windows\System\PBALeco.exe
  C:\Windows\System\PBALeco.exe
  2⤵
  PID:4876
- C:\Windows\System\pUHEmeG.exe
  C:\Windows\System\pUHEmeG.exe
  2⤵
  PID:4908
- C:\Windows\System\VuxmUGo.exe
  C:\Windows\System\VuxmUGo.exe
  2⤵
  PID:4960
- C:\Windows\System\WUjVWAO.exe
  C:\Windows\System\WUjVWAO.exe
  2⤵
  PID:4972
- C:\Windows\System\YEFNNod.exe
  C:\Windows\System\YEFNNod.exe
  2⤵
  PID:5004
- C:\Windows\System\BwLClJH.exe
  C:\Windows\System\BwLClJH.exe
  2⤵
  PID:4892
- C:\Windows\System\auILUga.exe
  C:\Windows\System\auILUga.exe
  2⤵
  PID:4988
- C:\Windows\System\glFuQHJ.exe
  C:\Windows\System\glFuQHJ.exe
  2⤵
  PID:5080
- C:\Windows\System\CDkTwCX.exe
  C:\Windows\System\CDkTwCX.exe
  2⤵
  PID:5084
- C:\Windows\System\MXTVSYO.exe
  C:\Windows\System\MXTVSYO.exe
  2⤵
  PID:4056
- C:\Windows\System\GSyAyvy.exe
  C:\Windows\System\GSyAyvy.exe
  2⤵
  PID:5108
- C:\Windows\System\jmYcYLK.exe
  C:\Windows\System\jmYcYLK.exe
  2⤵
  PID:664
- C:\Windows\System\mOfheJL.exe
  C:\Windows\System\mOfheJL.exe
  2⤵
  PID:2684
- C:\Windows\System\EnbQzCk.exe
  C:\Windows\System\EnbQzCk.exe
  2⤵
  PID:3252
- C:\Windows\System\TZvdFth.exe
  C:\Windows\System\TZvdFth.exe
  2⤵
  PID:3504
- C:\Windows\System\XmecxFW.exe
  C:\Windows\System\XmecxFW.exe
  2⤵
  PID:3660
- C:\Windows\System\RxNTEuV.exe
  C:\Windows\System\RxNTEuV.exe
  2⤵
  PID:3432
- C:\Windows\System\BhzTUyt.exe
  C:\Windows\System\BhzTUyt.exe
  2⤵
  PID:3908
- C:\Windows\System\BxfIivK.exe
  C:\Windows\System\BxfIivK.exe
  2⤵
  PID:4148
- C:\Windows\System\EwMgCdN.exe
  C:\Windows\System\EwMgCdN.exe
  2⤵
  PID:4132
- C:\Windows\System\WFWUudB.exe
  C:\Windows\System\WFWUudB.exe
  2⤵
  PID:4208
- C:\Windows\System\owvtuBi.exe
  C:\Windows\System\owvtuBi.exe
  2⤵
  PID:1580
- C:\Windows\System\sIFnhzQ.exe
  C:\Windows\System\sIFnhzQ.exe
  2⤵
  PID:4248
- C:\Windows\System\AoZWPaL.exe
  C:\Windows\System\AoZWPaL.exe
  2⤵
  PID:4308
- C:\Windows\System\vGQYsRo.exe
  C:\Windows\System\vGQYsRo.exe
  2⤵
  PID:4480
- C:\Windows\System\nOvsaZC.exe
  C:\Windows\System\nOvsaZC.exe
  2⤵
  PID:4496
- C:\Windows\System\KXWgGVU.exe
  C:\Windows\System\KXWgGVU.exe
  2⤵
  PID:4576
- C:\Windows\System\YHEeEDI.exe
  C:\Windows\System\YHEeEDI.exe
  2⤵
  PID:4252
- C:\Windows\System\oLYsAMr.exe
  C:\Windows\System\oLYsAMr.exe
  2⤵
  PID:4372
- C:\Windows\System\YBFDlGE.exe
  C:\Windows\System\YBFDlGE.exe
  2⤵
  PID:4448
- C:\Windows\System\MYqfGQs.exe
  C:\Windows\System\MYqfGQs.exe
  2⤵
  PID:5024
- C:\Windows\System\HHyoIsM.exe
  C:\Windows\System\HHyoIsM.exe
  2⤵
  PID:2128
- C:\Windows\System\ksdQyaZ.exe
  C:\Windows\System\ksdQyaZ.exe
  2⤵
  PID:3084
- C:\Windows\System\KrjAWCq.exe
  C:\Windows\System\KrjAWCq.exe
  2⤵
  PID:3468
- C:\Windows\System\wGLlRrC.exe
  C:\Windows\System\wGLlRrC.exe
  2⤵
  PID:3576
- C:\Windows\System\zoVNhfw.exe
  C:\Windows\System\zoVNhfw.exe
  2⤵
  PID:4552
- C:\Windows\System\YTreTuF.exe
  C:\Windows\System\YTreTuF.exe
  2⤵
  PID:2864
- C:\Windows\System\EExYVXq.exe
  C:\Windows\System\EExYVXq.exe
  2⤵
  PID:1476
- C:\Windows\System\gdLfLED.exe
  C:\Windows\System\gdLfLED.exe
  2⤵
  PID:4788
- C:\Windows\System\zkGDBGf.exe
  C:\Windows\System\zkGDBGf.exe
  2⤵
  PID:4824
- C:\Windows\System\vveDiVw.exe
  C:\Windows\System\vveDiVw.exe
  2⤵
  PID:4924
- C:\Windows\System\RarOCXz.exe
  C:\Windows\System\RarOCXz.exe
  2⤵
  PID:5008
- C:\Windows\System\evjbrNo.exe
  C:\Windows\System\evjbrNo.exe
  2⤵
  PID:5064
- C:\Windows\System\kXmGLtk.exe
  C:\Windows\System\kXmGLtk.exe
  2⤵
  PID:1704
- C:\Windows\System\BhyEbRj.exe
  C:\Windows\System\BhyEbRj.exe
  2⤵
  PID:4764
- C:\Windows\System\XfPSWkQ.exe
  C:\Windows\System\XfPSWkQ.exe
  2⤵
  PID:2876
- C:\Windows\System\txfrIww.exe
  C:\Windows\System\txfrIww.exe
  2⤵
  PID:3344
- C:\Windows\System\GHtCDJS.exe
  C:\Windows\System\GHtCDJS.exe
  2⤵
  PID:4272
- C:\Windows\System\hypyKab.exe
  C:\Windows\System\hypyKab.exe
  2⤵
  PID:4236
- C:\Windows\System\lbcRkbV.exe
  C:\Windows\System\lbcRkbV.exe
  2⤵
  PID:4256
- C:\Windows\System\SbGkTOi.exe
  C:\Windows\System\SbGkTOi.exe
  2⤵
  PID:4692
- C:\Windows\System\xKjgJWX.exe
  C:\Windows\System\xKjgJWX.exe
  2⤵
  PID:3984
- C:\Windows\System\bncKGrx.exe
  C:\Windows\System\bncKGrx.exe
  2⤵
  PID:4936
- C:\Windows\System\wtVqQvE.exe
  C:\Windows\System\wtVqQvE.exe
  2⤵
  PID:4076
- C:\Windows\System\bBvaqYT.exe
  C:\Windows\System\bBvaqYT.exe
  2⤵
  PID:4060
- C:\Windows\System\jHqPRIk.exe
  C:\Windows\System\jHqPRIk.exe
  2⤵
  PID:4684
- C:\Windows\System\yKEfIou.exe
  C:\Windows\System\yKEfIou.exe
  2⤵
  PID:2320
- C:\Windows\System\XuHrpla.exe
  C:\Windows\System\XuHrpla.exe
  2⤵
  PID:5136
- C:\Windows\System\myIVdCi.exe
  C:\Windows\System\myIVdCi.exe
  2⤵
  PID:5152
- C:\Windows\System\CbKXfQW.exe
  C:\Windows\System\CbKXfQW.exe
  2⤵
  PID:5176
- C:\Windows\System\phxbxgC.exe
  C:\Windows\System\phxbxgC.exe
  2⤵
  PID:5196
- C:\Windows\System\pZiFjHY.exe
  C:\Windows\System\pZiFjHY.exe
  2⤵
  PID:5216
- C:\Windows\System\LohzIja.exe
  C:\Windows\System\LohzIja.exe
  2⤵
  PID:5248
- C:\Windows\System\ivOIRsQ.exe
  C:\Windows\System\ivOIRsQ.exe
  2⤵
  PID:5272
- C:\Windows\System\ByeYyDo.exe
  C:\Windows\System\ByeYyDo.exe
  2⤵
  PID:5292
- C:\Windows\System\kYUjcxA.exe
  C:\Windows\System\kYUjcxA.exe
  2⤵
  PID:5308
- C:\Windows\System\tTBgalj.exe
  C:\Windows\System\tTBgalj.exe
  2⤵
  PID:5332
- C:\Windows\System\chDSzrf.exe
  C:\Windows\System\chDSzrf.exe
  2⤵
  PID:5352
- C:\Windows\System\iBgadof.exe
  C:\Windows\System\iBgadof.exe
  2⤵
  PID:5368
- C:\Windows\System\zYvIDwq.exe
  C:\Windows\System\zYvIDwq.exe
  2⤵
  PID:5384
- C:\Windows\System\dBgeDJg.exe
  C:\Windows\System\dBgeDJg.exe
  2⤵
  PID:5400
- C:\Windows\System\DEYpRKJ.exe
  C:\Windows\System\DEYpRKJ.exe
  2⤵
  PID:5420
- C:\Windows\System\miaEYuT.exe
  C:\Windows\System\miaEYuT.exe
  2⤵
  PID:5448
- C:\Windows\System\OKPjBry.exe
  C:\Windows\System\OKPjBry.exe
  2⤵
  PID:5476
- C:\Windows\System\MKrYAua.exe
  C:\Windows\System\MKrYAua.exe
  2⤵
  PID:5492
- C:\Windows\System\SHwtybq.exe
  C:\Windows\System\SHwtybq.exe
  2⤵
  PID:5516
- C:\Windows\System\dNDQQXB.exe
  C:\Windows\System\dNDQQXB.exe
  2⤵
  PID:5536
- C:\Windows\System\xFoVmTA.exe
  C:\Windows\System\xFoVmTA.exe
  2⤵
  PID:5552
- C:\Windows\System\KnvqKpj.exe
  C:\Windows\System\KnvqKpj.exe
  2⤵
  PID:5572
- C:\Windows\System\aOXFDkH.exe
  C:\Windows\System\aOXFDkH.exe
  2⤵
  PID:5588
- C:\Windows\System\NEhqMQh.exe
  C:\Windows\System\NEhqMQh.exe
  2⤵
  PID:5608
- C:\Windows\System\QqrWYsi.exe
  C:\Windows\System\QqrWYsi.exe
  2⤵
  PID:5624
- C:\Windows\System\yXZPtUL.exe
  C:\Windows\System\yXZPtUL.exe
  2⤵
  PID:5648
- C:\Windows\System\HsVmVQR.exe
  C:\Windows\System\HsVmVQR.exe
  2⤵
  PID:5676
- C:\Windows\System\gAKGdPD.exe
  C:\Windows\System\gAKGdPD.exe
  2⤵
  PID:5692
- C:\Windows\System\wmdIxSn.exe
  C:\Windows\System\wmdIxSn.exe
  2⤵
  PID:5712
- C:\Windows\System\OstviVp.exe
  C:\Windows\System\OstviVp.exe
  2⤵
  PID:5732
- C:\Windows\System\eZyKRqE.exe
  C:\Windows\System\eZyKRqE.exe
  2⤵
  PID:5752
- C:\Windows\System\EZcZbLj.exe
  C:\Windows\System\EZcZbLj.exe
  2⤵
  PID:5772
- C:\Windows\System\INdJREX.exe
  C:\Windows\System\INdJREX.exe
  2⤵
  PID:5796
- C:\Windows\System\DFzJmHu.exe
  C:\Windows\System\DFzJmHu.exe
  2⤵
  PID:5816
- C:\Windows\System\YEqlSXR.exe
  C:\Windows\System\YEqlSXR.exe
  2⤵
  PID:5836
- C:\Windows\System\CjQbHRj.exe
  C:\Windows\System\CjQbHRj.exe
  2⤵
  PID:5856
- C:\Windows\System\qIYFDtc.exe
  C:\Windows\System\qIYFDtc.exe
  2⤵
  PID:5876
- C:\Windows\System\soPCOSN.exe
  C:\Windows\System\soPCOSN.exe
  2⤵
  PID:5896
- C:\Windows\System\xuqKwLX.exe
  C:\Windows\System\xuqKwLX.exe
  2⤵
  PID:5916
- C:\Windows\System\UvNqdQA.exe
  C:\Windows\System\UvNqdQA.exe
  2⤵
  PID:5936
- C:\Windows\System\CLaLyHG.exe
  C:\Windows\System\CLaLyHG.exe
  2⤵
  PID:5956
- C:\Windows\System\GUhzrNh.exe
  C:\Windows\System\GUhzrNh.exe
  2⤵
  PID:5972
- C:\Windows\System\BshPOaV.exe
  C:\Windows\System\BshPOaV.exe
  2⤵
  PID:5996
- C:\Windows\System\SyuQbRM.exe
  C:\Windows\System\SyuQbRM.exe
  2⤵
  PID:6012
- C:\Windows\System\wWTyqcZ.exe
  C:\Windows\System\wWTyqcZ.exe
  2⤵
  PID:6036
- C:\Windows\System\YNkdlev.exe
  C:\Windows\System\YNkdlev.exe
  2⤵
  PID:6056
- C:\Windows\System\pwbmZPf.exe
  C:\Windows\System\pwbmZPf.exe
  2⤵
  PID:6076
- C:\Windows\System\bVByCOl.exe
  C:\Windows\System\bVByCOl.exe
  2⤵
  PID:6096
- C:\Windows\System\qnzVths.exe
  C:\Windows\System\qnzVths.exe
  2⤵
  PID:6116
- C:\Windows\System\AjtpCRp.exe
  C:\Windows\System\AjtpCRp.exe
  2⤵
  PID:6136
- C:\Windows\System\MJsiDjL.exe
  C:\Windows\System\MJsiDjL.exe
  2⤵
  PID:2168
- C:\Windows\System\VcEhjlf.exe
  C:\Windows\System\VcEhjlf.exe
  2⤵
  PID:4628
- C:\Windows\System\RlkGaZC.exe
  C:\Windows\System\RlkGaZC.exe
  2⤵
  PID:4920
- C:\Windows\System\XhbBNDX.exe
  C:\Windows\System\XhbBNDX.exe
  2⤵
  PID:3208
- C:\Windows\System\NHKRqFR.exe
  C:\Windows\System\NHKRqFR.exe
  2⤵
  PID:2368
- C:\Windows\System\jSnNhuX.exe
  C:\Windows\System\jSnNhuX.exe
  2⤵
  PID:4232
- C:\Windows\System\NpmgOhk.exe
  C:\Windows\System\NpmgOhk.exe
  2⤵
  PID:4452
- C:\Windows\System\ZDTclSm.exe
  C:\Windows\System\ZDTclSm.exe
  2⤵
  PID:3328
- C:\Windows\System\fZMvJpQ.exe
  C:\Windows\System\fZMvJpQ.exe
  2⤵
  PID:2900
- C:\Windows\System\FJgSlZH.exe
  C:\Windows\System\FJgSlZH.exe
  2⤵
  PID:5160
- C:\Windows\System\CAahGnR.exe
  C:\Windows\System\CAahGnR.exe
  2⤵
  PID:5204
- C:\Windows\System\WCshVFu.exe
  C:\Windows\System\WCshVFu.exe
  2⤵
  PID:4940
- C:\Windows\System\TGZSqYx.exe
  C:\Windows\System\TGZSqYx.exe
  2⤵
  PID:5208
- C:\Windows\System\vxQGMHv.exe
  C:\Windows\System\vxQGMHv.exe
  2⤵
  PID:5264
- C:\Windows\System\rwpSBoJ.exe
  C:\Windows\System\rwpSBoJ.exe
  2⤵
  PID:5340
- C:\Windows\System\IRdNqlF.exe
  C:\Windows\System\IRdNqlF.exe
  2⤵
  PID:2908
- C:\Windows\System\gxFqTKR.exe
  C:\Windows\System\gxFqTKR.exe
  2⤵
  PID:5236
- C:\Windows\System\BOKCGux.exe
  C:\Windows\System\BOKCGux.exe
  2⤵
  PID:5376
- C:\Windows\System\vwCpqTa.exe
  C:\Windows\System\vwCpqTa.exe
  2⤵
  PID:5288
- C:\Windows\System\aLSwgNw.exe
  C:\Windows\System\aLSwgNw.exe
  2⤵
  PID:5472
- C:\Windows\System\EhWtdXw.exe
  C:\Windows\System\EhWtdXw.exe
  2⤵
  PID:5328
- C:\Windows\System\DWYGYIX.exe
  C:\Windows\System\DWYGYIX.exe
  2⤵
  PID:1744
- C:\Windows\System\RFYpLnM.exe
  C:\Windows\System\RFYpLnM.exe
  2⤵
  PID:5432
- C:\Windows\System\AaHXXeq.exe
  C:\Windows\System\AaHXXeq.exe
  2⤵
  PID:5444
- C:\Windows\System\VkuhXeR.exe
  C:\Windows\System\VkuhXeR.exe
  2⤵
  PID:5484
- C:\Windows\System\yXjVgvO.exe
  C:\Windows\System\yXjVgvO.exe
  2⤵
  PID:5616
- C:\Windows\System\BHEbrgt.exe
  C:\Windows\System\BHEbrgt.exe
  2⤵
  PID:5568
- C:\Windows\System\GRXoLZP.exe
  C:\Windows\System\GRXoLZP.exe
  2⤵
  PID:5596
- C:\Windows\System\PKnbUeY.exe
  C:\Windows\System\PKnbUeY.exe
  2⤵
  PID:5640
- C:\Windows\System\ijJhNwd.exe
  C:\Windows\System\ijJhNwd.exe
  2⤵
  PID:5704
- C:\Windows\System\iKOPLZQ.exe
  C:\Windows\System\iKOPLZQ.exe
  2⤵
  PID:5728
- C:\Windows\System\iulcdeF.exe
  C:\Windows\System\iulcdeF.exe
  2⤵
  PID:1692
- C:\Windows\System\XFQsAqn.exe
  C:\Windows\System\XFQsAqn.exe
  2⤵
  PID:5760
- C:\Windows\System\dCehRVE.exe
  C:\Windows\System\dCehRVE.exe
  2⤵
  PID:5804
- C:\Windows\System\OjTfXyY.exe
  C:\Windows\System\OjTfXyY.exe
  2⤵
  PID:5872
- C:\Windows\System\XOPJzAa.exe
  C:\Windows\System\XOPJzAa.exe
  2⤵
  PID:5904
- C:\Windows\System\KRwinlH.exe
  C:\Windows\System\KRwinlH.exe
  2⤵
  PID:5888
- C:\Windows\System\lqGhbrl.exe
  C:\Windows\System\lqGhbrl.exe
  2⤵
  PID:5928
- C:\Windows\System\dsLBFUT.exe
  C:\Windows\System\dsLBFUT.exe
  2⤵
  PID:5984
- C:\Windows\System\IBJrCbb.exe
  C:\Windows\System\IBJrCbb.exe
  2⤵
  PID:6020
- C:\Windows\System\NRVfVKL.exe
  C:\Windows\System\NRVfVKL.exe
  2⤵
  PID:2184
- C:\Windows\System\NgqugFl.exe
  C:\Windows\System\NgqugFl.exe
  2⤵
  PID:6048
- C:\Windows\System\obkrmpa.exe
  C:\Windows\System\obkrmpa.exe
  2⤵
  PID:6088
- C:\Windows\System\mmgNUsS.exe
  C:\Windows\System\mmgNUsS.exe
  2⤵
  PID:5000
- C:\Windows\System\baMhMJb.exe
  C:\Windows\System\baMhMJb.exe
  2⤵
  PID:1544
- C:\Windows\System\moYGcXV.exe
  C:\Windows\System\moYGcXV.exe
  2⤵
  PID:4808
- C:\Windows\System\DSzBZzG.exe
  C:\Windows\System\DSzBZzG.exe
  2⤵
  PID:2348
- C:\Windows\System\cMcoozb.exe
  C:\Windows\System\cMcoozb.exe
  2⤵
  PID:2108
- C:\Windows\System\WiTnoCr.exe
  C:\Windows\System\WiTnoCr.exe
  2⤵
  PID:4388
- C:\Windows\System\SBvELAB.exe
  C:\Windows\System\SBvELAB.exe
  2⤵
  PID:4864
- C:\Windows\System\pbIHTtP.exe
  C:\Windows\System\pbIHTtP.exe
  2⤵
  PID:5164
- C:\Windows\System\OtTEGgv.exe
  C:\Windows\System\OtTEGgv.exe
  2⤵
  PID:4348
- C:\Windows\System\DonyZEl.exe
  C:\Windows\System\DonyZEl.exe
  2⤵
  PID:2912
- C:\Windows\System\MRnhOjX.exe
  C:\Windows\System\MRnhOjX.exe
  2⤵
  PID:2144
- C:\Windows\System\ZdTMKnY.exe
  C:\Windows\System\ZdTMKnY.exe
  2⤵
  PID:5144
- C:\Windows\System\QRBuXkL.exe
  C:\Windows\System\QRBuXkL.exe
  2⤵
  PID:5284
- C:\Windows\System\dCgQzBc.exe
  C:\Windows\System\dCgQzBc.exe
  2⤵
  PID:5456
- C:\Windows\System\JHkMeUM.exe
  C:\Windows\System\JHkMeUM.exe
  2⤵
  PID:944
- C:\Windows\System\QHvhKDr.exe
  C:\Windows\System\QHvhKDr.exe
  2⤵
  PID:5428
- C:\Windows\System\CulqihZ.exe
  C:\Windows\System\CulqihZ.exe
  2⤵
  PID:5584
- C:\Windows\System\KZJlLWF.exe
  C:\Windows\System\KZJlLWF.exe
  2⤵
  PID:5564
- C:\Windows\System\jTodJhh.exe
  C:\Windows\System\jTodJhh.exe
  2⤵
  PID:5660
- C:\Windows\System\qWqqznO.exe
  C:\Windows\System\qWqqznO.exe
  2⤵
  PID:5720
- C:\Windows\System\XygXAeO.exe
  C:\Windows\System\XygXAeO.exe
  2⤵
  PID:5748
- C:\Windows\System\OIlEAEH.exe
  C:\Windows\System\OIlEAEH.exe
  2⤵
  PID:5792
- C:\Windows\System\ShROPpB.exe
  C:\Windows\System\ShROPpB.exe
  2⤵
  PID:5808
- C:\Windows\System\imPakJP.exe
  C:\Windows\System\imPakJP.exe
  2⤵
  PID:5848
- C:\Windows\System\frKmrib.exe
  C:\Windows\System\frKmrib.exe
  2⤵
  PID:5980
- C:\Windows\System\ceskMvX.exe
  C:\Windows\System\ceskMvX.exe
  2⤵
  PID:6028
- C:\Windows\System\ZPbFPES.exe
  C:\Windows\System\ZPbFPES.exe
  2⤵
  PID:6072
- C:\Windows\System\XAnlkgY.exe
  C:\Windows\System\XAnlkgY.exe
  2⤵
  PID:6084
- C:\Windows\System\JSdkxUl.exe
  C:\Windows\System\JSdkxUl.exe
  2⤵
  PID:6132
- C:\Windows\System\EZnqxni.exe
  C:\Windows\System\EZnqxni.exe
  2⤵
  PID:4812
- C:\Windows\System\JYPwYDe.exe
  C:\Windows\System\JYPwYDe.exe
  2⤵
  PID:4192
- C:\Windows\System\UHcpugs.exe
  C:\Windows\System\UHcpugs.exe
  2⤵
  PID:4012
- C:\Windows\System\LxMTFFu.exe
  C:\Windows\System\LxMTFFu.exe
  2⤵
  PID:5212
- C:\Windows\System\nMGXAts.exe
  C:\Windows\System\nMGXAts.exe
  2⤵
  PID:4592
- C:\Windows\System\EbdNqrX.exe
  C:\Windows\System\EbdNqrX.exe
  2⤵
  PID:5192
- C:\Windows\System\hDXHkWE.exe
  C:\Windows\System\hDXHkWE.exe
  2⤵
  PID:5280
- C:\Windows\System\xLDpxCb.exe
  C:\Windows\System\xLDpxCb.exe
  2⤵
  PID:5464
- C:\Windows\System\XjcDDbB.exe
  C:\Windows\System\XjcDDbB.exe
  2⤵
  PID:5532
- C:\Windows\System\ShPjwPl.exe
  C:\Windows\System\ShPjwPl.exe
  2⤵
  PID:5488
- C:\Windows\System\qCiRILL.exe
  C:\Windows\System\qCiRILL.exe
  2⤵
  PID:5636
- C:\Windows\System\rryWkLT.exe
  C:\Windows\System\rryWkLT.exe
  2⤵
  PID:5788
- C:\Windows\System\LnvOwxU.exe
  C:\Windows\System\LnvOwxU.exe
  2⤵
  PID:5768
- C:\Windows\System\lrYVEmZ.exe
  C:\Windows\System\lrYVEmZ.exe
  2⤵
  PID:5932
- C:\Windows\System\pgfJZOg.exe
  C:\Windows\System\pgfJZOg.exe
  2⤵
  PID:6052
- C:\Windows\System\YypGmko.exe
  C:\Windows\System\YypGmko.exe
  2⤵
  PID:3040
- C:\Windows\System\QgdkQRJ.exe
  C:\Windows\System\QgdkQRJ.exe
  2⤵
  PID:6148
- C:\Windows\System\pukGsuK.exe
  C:\Windows\System\pukGsuK.exe
  2⤵
  PID:6168
- C:\Windows\System\bWGuWeP.exe
  C:\Windows\System\bWGuWeP.exe
  2⤵
  PID:6188
- C:\Windows\System\EzNwidc.exe
  C:\Windows\System\EzNwidc.exe
  2⤵
  PID:6208
- C:\Windows\System\rYwTaUa.exe
  C:\Windows\System\rYwTaUa.exe
  2⤵
  PID:6228
- C:\Windows\System\eFmCxMT.exe
  C:\Windows\System\eFmCxMT.exe
  2⤵
  PID:6248
- C:\Windows\System\lodmuSK.exe
  C:\Windows\System\lodmuSK.exe
  2⤵
  PID:6268
- C:\Windows\System\JVYcMhr.exe
  C:\Windows\System\JVYcMhr.exe
  2⤵
  PID:6288
- C:\Windows\System\CqOWGZW.exe
  C:\Windows\System\CqOWGZW.exe
  2⤵
  PID:6308
- C:\Windows\System\YQQsDvd.exe
  C:\Windows\System\YQQsDvd.exe
  2⤵
  PID:6328
- C:\Windows\System\AsuSumX.exe
  C:\Windows\System\AsuSumX.exe
  2⤵
  PID:6348
- C:\Windows\System\HiRMkTe.exe
  C:\Windows\System\HiRMkTe.exe
  2⤵
  PID:6368
- C:\Windows\System\tcrYtkv.exe
  C:\Windows\System\tcrYtkv.exe
  2⤵
  PID:6392
- C:\Windows\System\JodRHjo.exe
  C:\Windows\System\JodRHjo.exe
  2⤵
  PID:6412
- C:\Windows\System\IMmOdVG.exe
  C:\Windows\System\IMmOdVG.exe
  2⤵
  PID:6428
- C:\Windows\System\FudvJQK.exe
  C:\Windows\System\FudvJQK.exe
  2⤵
  PID:6456
- C:\Windows\System\oEYjlfp.exe
  C:\Windows\System\oEYjlfp.exe
  2⤵
  PID:6480
- C:\Windows\System\oesJDrJ.exe
  C:\Windows\System\oesJDrJ.exe
  2⤵
  PID:6512
- C:\Windows\System\EkxnxRx.exe
  C:\Windows\System\EkxnxRx.exe
  2⤵
  PID:6536
- C:\Windows\System\gepuhyN.exe
  C:\Windows\System\gepuhyN.exe
  2⤵
  PID:6556
- C:\Windows\System\dmPqKxy.exe
  C:\Windows\System\dmPqKxy.exe
  2⤵
  PID:6576
- C:\Windows\System\fGCUXUv.exe
  C:\Windows\System\fGCUXUv.exe
  2⤵
  PID:6596
- C:\Windows\System\UQUwsOK.exe
  C:\Windows\System\UQUwsOK.exe
  2⤵
  PID:6616
- C:\Windows\System\CaXukNj.exe
  C:\Windows\System\CaXukNj.exe
  2⤵
  PID:6636
- C:\Windows\System\HFoDOtC.exe
  C:\Windows\System\HFoDOtC.exe
  2⤵
  PID:6656
- C:\Windows\System\AohxXIv.exe
  C:\Windows\System\AohxXIv.exe
  2⤵
  PID:6676
- C:\Windows\System\zlICyaS.exe
  C:\Windows\System\zlICyaS.exe
  2⤵
  PID:6696
- C:\Windows\System\CwXkyuD.exe
  C:\Windows\System\CwXkyuD.exe
  2⤵
  PID:6720
- C:\Windows\System\SmESVmG.exe
  C:\Windows\System\SmESVmG.exe
  2⤵
  PID:6740
- C:\Windows\System\onRoNUo.exe
  C:\Windows\System\onRoNUo.exe
  2⤵
  PID:6760
- C:\Windows\System\iVcYvPv.exe
  C:\Windows\System\iVcYvPv.exe
  2⤵
  PID:6776
- C:\Windows\System\hHGWkpN.exe
  C:\Windows\System\hHGWkpN.exe
  2⤵
  PID:6792
- C:\Windows\System\PlKAkDs.exe
  C:\Windows\System\PlKAkDs.exe
  2⤵
  PID:6816
- C:\Windows\System\WRSTGPt.exe
  C:\Windows\System\WRSTGPt.exe
  2⤵
  PID:6836
- C:\Windows\System\AsswMwp.exe
  C:\Windows\System\AsswMwp.exe
  2⤵
  PID:6864
- C:\Windows\System\ZJYyEbY.exe
  C:\Windows\System\ZJYyEbY.exe
  2⤵
  PID:6888
- C:\Windows\System\QpwtYXf.exe
  C:\Windows\System\QpwtYXf.exe
  2⤵
  PID:6908
- C:\Windows\System\osBxKZd.exe
  C:\Windows\System\osBxKZd.exe
  2⤵
  PID:6932
- C:\Windows\System\vzLjOMZ.exe
  C:\Windows\System\vzLjOMZ.exe
  2⤵
  PID:6952
- C:\Windows\System\xtXGEZS.exe
  C:\Windows\System\xtXGEZS.exe
  2⤵
  PID:6972
- C:\Windows\System\SFtNgxo.exe
  C:\Windows\System\SFtNgxo.exe
  2⤵
  PID:7000
- C:\Windows\System\WkVVOsA.exe
  C:\Windows\System\WkVVOsA.exe
  2⤵
  PID:7016
- C:\Windows\System\brkXQSL.exe
  C:\Windows\System\brkXQSL.exe
  2⤵
  PID:7040
- C:\Windows\System\CPIKIZn.exe
  C:\Windows\System\CPIKIZn.exe
  2⤵
  PID:7060
- C:\Windows\System\sNDUbnE.exe
  C:\Windows\System\sNDUbnE.exe
  2⤵
  PID:7076
- C:\Windows\System\LfAFHIl.exe
  C:\Windows\System\LfAFHIl.exe
  2⤵
  PID:7100
- C:\Windows\System\zlbWzqZ.exe
  C:\Windows\System\zlbWzqZ.exe
  2⤵
  PID:7124
- C:\Windows\System\hJdwjjU.exe
  C:\Windows\System\hJdwjjU.exe
  2⤵
  PID:7144
- C:\Windows\System\OKePRUx.exe
  C:\Windows\System\OKePRUx.exe
  2⤵
  PID:7164
- C:\Windows\System\HdRUjMG.exe
  C:\Windows\System\HdRUjMG.exe
  2⤵
  PID:3836
- C:\Windows\System\WaTyEzS.exe
  C:\Windows\System\WaTyEzS.exe
  2⤵
  PID:4536
- C:\Windows\System\CFIDMBP.exe
  C:\Windows\System\CFIDMBP.exe
  2⤵
  PID:5316
- C:\Windows\System\auDIlMq.exe
  C:\Windows\System\auDIlMq.exe
  2⤵
  PID:5320
- C:\Windows\System\uxflWta.exe
  C:\Windows\System\uxflWta.exe
  2⤵
  PID:5504
- C:\Windows\System\FwrfsJJ.exe
  C:\Windows\System\FwrfsJJ.exe
  2⤵
  PID:5744
- C:\Windows\System\jdzWyIV.exe
  C:\Windows\System\jdzWyIV.exe
  2⤵
  PID:5832
- C:\Windows\System\hcCrLLr.exe
  C:\Windows\System\hcCrLLr.exe
  2⤵
  PID:5988
- C:\Windows\System\FheWOdK.exe
  C:\Windows\System\FheWOdK.exe
  2⤵
  PID:2156
- C:\Windows\System\UcjCTiT.exe
  C:\Windows\System\UcjCTiT.exe
  2⤵
  PID:6164
- C:\Windows\System\WFFEocD.exe
  C:\Windows\System\WFFEocD.exe
  2⤵
  PID:6220
- C:\Windows\System\RJCUxcr.exe
  C:\Windows\System\RJCUxcr.exe
  2⤵
  PID:6204
- C:\Windows\System\TqxpnOC.exe
  C:\Windows\System\TqxpnOC.exe
  2⤵
  PID:6296
- C:\Windows\System\XwZYzAx.exe
  C:\Windows\System\XwZYzAx.exe
  2⤵
  PID:6344
- C:\Windows\System\YtlubAe.exe
  C:\Windows\System\YtlubAe.exe
  2⤵
  PID:6320
- C:\Windows\System\KyyIFkt.exe
  C:\Windows\System\KyyIFkt.exe
  2⤵
  PID:6364
- C:\Windows\System\hHtiEYk.exe
  C:\Windows\System\hHtiEYk.exe
  2⤵
  PID:2928
- C:\Windows\System\VhtpzJI.exe
  C:\Windows\System\VhtpzJI.exe
  2⤵
  PID:6436
- C:\Windows\System\lveXmld.exe
  C:\Windows\System\lveXmld.exe
  2⤵
  PID:6488
- C:\Windows\System\XeSfhjL.exe
  C:\Windows\System\XeSfhjL.exe
  2⤵
  PID:6532
- C:\Windows\System\rOfNLBH.exe
  C:\Windows\System\rOfNLBH.exe
  2⤵
  PID:6544
- C:\Windows\System\CjGsEIa.exe
  C:\Windows\System\CjGsEIa.exe
  2⤵
  PID:6608
- C:\Windows\System\HPhlNox.exe
  C:\Windows\System\HPhlNox.exe
  2⤵
  PID:6588
- C:\Windows\System\HQESJzK.exe
  C:\Windows\System\HQESJzK.exe
  2⤵
  PID:6648
- C:\Windows\System\FnajJsq.exe
  C:\Windows\System\FnajJsq.exe
  2⤵
  PID:6688
- C:\Windows\System\pJzODAc.exe
  C:\Windows\System\pJzODAc.exe
  2⤵
  PID:6664
- C:\Windows\System\wkHBetP.exe
  C:\Windows\System\wkHBetP.exe
  2⤵
  PID:6712
- C:\Windows\System\dHSGJUt.exe
  C:\Windows\System\dHSGJUt.exe
  2⤵
  PID:6848
- C:\Windows\System\SeUiSpt.exe
  C:\Windows\System\SeUiSpt.exe
  2⤵
  PID:6756
- C:\Windows\System\BCEFCUB.exe
  C:\Windows\System\BCEFCUB.exe
  2⤵
  PID:6900
- C:\Windows\System\PTHcTar.exe
  C:\Windows\System\PTHcTar.exe
  2⤵
  PID:6876
- C:\Windows\System\WUCytZd.exe
  C:\Windows\System\WUCytZd.exe
  2⤵
  PID:6980
- C:\Windows\System\FGCXCMF.exe
  C:\Windows\System\FGCXCMF.exe
  2⤵
  PID:6916
- C:\Windows\System\BVucrbn.exe
  C:\Windows\System\BVucrbn.exe
  2⤵
  PID:7024
- C:\Windows\System\lHiqTfF.exe
  C:\Windows\System\lHiqTfF.exe
  2⤵
  PID:6504
- C:\Windows\System\vinfezg.exe
  C:\Windows\System\vinfezg.exe
  2⤵
  PID:7112
- C:\Windows\System\dosSIiT.exe
  C:\Windows\System\dosSIiT.exe
  2⤵
  PID:7096
- C:\Windows\System\LUExUgj.exe
  C:\Windows\System\LUExUgj.exe
  2⤵
  PID:7156
- C:\Windows\System\AXjqLQW.exe
  C:\Windows\System\AXjqLQW.exe
  2⤵
  PID:6992
- C:\Windows\System\yfTahzC.exe
  C:\Windows\System\yfTahzC.exe
  2⤵
  PID:5632
- C:\Windows\System\ZWWXiLr.exe
  C:\Windows\System\ZWWXiLr.exe
  2⤵
  PID:3612
- C:\Windows\System\ivaOneb.exe
  C:\Windows\System\ivaOneb.exe
  2⤵
  PID:5548
- C:\Windows\System\EVZGOrj.exe
  C:\Windows\System\EVZGOrj.exe
  2⤵
  PID:5908
- C:\Windows\System\BofKDKK.exe
  C:\Windows\System\BofKDKK.exe
  2⤵
  PID:6008
- C:\Windows\System\VxRsanZ.exe
  C:\Windows\System\VxRsanZ.exe
  2⤵
  PID:6108
- C:\Windows\System\keQWrfv.exe
  C:\Windows\System\keQWrfv.exe
  2⤵
  PID:6200
- C:\Windows\System\fnUCUUm.exe
  C:\Windows\System\fnUCUUm.exe
  2⤵
  PID:6240
- C:\Windows\System\MCvuxSx.exe
  C:\Windows\System\MCvuxSx.exe
  2⤵
  PID:6340
- C:\Windows\System\SZmAGBr.exe
  C:\Windows\System\SZmAGBr.exe
  2⤵
  PID:6284
- C:\Windows\System\ZNyAbOC.exe
  C:\Windows\System\ZNyAbOC.exe
  2⤵
  PID:6464
- C:\Windows\System\ryrIpcY.exe
  C:\Windows\System\ryrIpcY.exe
  2⤵
  PID:6424
- C:\Windows\System\mZdhSdg.exe
  C:\Windows\System\mZdhSdg.exe
  2⤵
  PID:6568
- C:\Windows\System\ANTWAAf.exe
  C:\Windows\System\ANTWAAf.exe
  2⤵
  PID:6548
- C:\Windows\System\PJYBdVi.exe
  C:\Windows\System\PJYBdVi.exe
  2⤵
  PID:6628
- C:\Windows\System\kLEuKKB.exe
  C:\Windows\System\kLEuKKB.exe
  2⤵
  PID:6804
- C:\Windows\System\BQEtsJz.exe
  C:\Windows\System\BQEtsJz.exe
  2⤵
  PID:6704
- C:\Windows\System\wNsSOzc.exe
  C:\Windows\System\wNsSOzc.exe
  2⤵
  PID:6860
- C:\Windows\System\xIRdeBj.exe
  C:\Windows\System\xIRdeBj.exe
  2⤵
  PID:6948
- C:\Windows\System\OEuAdDJ.exe
  C:\Windows\System\OEuAdDJ.exe
  2⤵
  PID:2784
- C:\Windows\System\oLExIwM.exe
  C:\Windows\System\oLExIwM.exe
  2⤵
  PID:6964
- C:\Windows\System\NiCaBBW.exe
  C:\Windows\System\NiCaBBW.exe
  2⤵
  PID:7008
- C:\Windows\System\KwDVVoH.exe
  C:\Windows\System\KwDVVoH.exe
  2⤵
  PID:7084
- C:\Windows\System\lkdyAEZ.exe
  C:\Windows\System\lkdyAEZ.exe
  2⤵
  PID:5172
- C:\Windows\System\zlwbJdR.exe
  C:\Windows\System\zlwbJdR.exe
  2⤵
  PID:5824
- C:\Windows\System\PYiDGBP.exe
  C:\Windows\System\PYiDGBP.exe
  2⤵
  PID:2988
- C:\Windows\System\cxLLEQk.exe
  C:\Windows\System\cxLLEQk.exe
  2⤵
  PID:6004
- C:\Windows\System\wzOqMAh.exe
  C:\Windows\System\wzOqMAh.exe
  2⤵
  PID:6092
- C:\Windows\System\WomlExU.exe
  C:\Windows\System\WomlExU.exe
  2⤵
  PID:2652
- C:\Windows\System\vnyqlEU.exe
  C:\Windows\System\vnyqlEU.exe
  2⤵
  PID:964
- C:\Windows\System\rLzZIPe.exe
  C:\Windows\System\rLzZIPe.exe
  2⤵
  PID:2092
- C:\Windows\System\EuPsiQd.exe
  C:\Windows\System\EuPsiQd.exe
  2⤵
  PID:2884
- C:\Windows\System\dKjlPkO.exe
  C:\Windows\System\dKjlPkO.exe
  2⤵
  PID:6604
- C:\Windows\System\LPlwwBQ.exe
  C:\Windows\System\LPlwwBQ.exe
  2⤵
  PID:6772
- C:\Windows\System\buyMxGu.exe
  C:\Windows\System\buyMxGu.exe
  2⤵
  PID:2844
- C:\Windows\System\TpfwxBo.exe
  C:\Windows\System\TpfwxBo.exe
  2⤵
  PID:6748
- C:\Windows\System\QutPkIY.exe
  C:\Windows\System\QutPkIY.exe
  2⤵
  PID:6884
- C:\Windows\System\pyQRLTe.exe
  C:\Windows\System\pyQRLTe.exe
  2⤵
  PID:7116
- C:\Windows\System\CyLSiWE.exe
  C:\Windows\System\CyLSiWE.exe
  2⤵
  PID:7012
- C:\Windows\System\InVOCVi.exe
  C:\Windows\System\InVOCVi.exe
  2⤵
  PID:7160
- C:\Windows\System\xSXYDmu.exe
  C:\Windows\System\xSXYDmu.exe
  2⤵
  PID:2948
- C:\Windows\System\AudBRuO.exe
  C:\Windows\System\AudBRuO.exe
  2⤵
  PID:5784
- C:\Windows\System\vHmpWSl.exe
  C:\Windows\System\vHmpWSl.exe
  2⤵
  PID:2024
- C:\Windows\System\wYuxqMc.exe
  C:\Windows\System\wYuxqMc.exe
  2⤵
  PID:6276
- C:\Windows\System\XEVIXUs.exe
  C:\Windows\System\XEVIXUs.exe
  2⤵
  PID:6356
- C:\Windows\System\LOegrwH.exe
  C:\Windows\System\LOegrwH.exe
  2⤵
  PID:2736
- C:\Windows\System\wsCcPUj.exe
  C:\Windows\System\wsCcPUj.exe
  2⤵
  PID:7188
- C:\Windows\System\uKmPoOR.exe
  C:\Windows\System\uKmPoOR.exe
  2⤵
  PID:7212
- C:\Windows\System\XPBFXWT.exe
  C:\Windows\System\XPBFXWT.exe
  2⤵
  PID:7232
- C:\Windows\System\wpSHjEx.exe
  C:\Windows\System\wpSHjEx.exe
  2⤵
  PID:7256
- C:\Windows\System\rFpeuYB.exe
  C:\Windows\System\rFpeuYB.exe
  2⤵
  PID:7276
- C:\Windows\System\MEcljPy.exe
  C:\Windows\System\MEcljPy.exe
  2⤵
  PID:7292
- C:\Windows\System\NtDlICr.exe
  C:\Windows\System\NtDlICr.exe
  2⤵
  PID:7316
- C:\Windows\System\WbMfXdq.exe
  C:\Windows\System\WbMfXdq.exe
  2⤵
  PID:7336
- C:\Windows\System\MCVQiEm.exe
  C:\Windows\System\MCVQiEm.exe
  2⤵
  PID:7356
- C:\Windows\System\NYKqOeN.exe
  C:\Windows\System\NYKqOeN.exe
  2⤵
  PID:7376
- C:\Windows\System\iqYPRCK.exe
  C:\Windows\System\iqYPRCK.exe
  2⤵
  PID:7396
- C:\Windows\System\YbeYhBP.exe
  C:\Windows\System\YbeYhBP.exe
  2⤵
  PID:7416
- C:\Windows\System\Bptpmyo.exe
  C:\Windows\System\Bptpmyo.exe
  2⤵
  PID:7436
- C:\Windows\System\DiLkMwx.exe
  C:\Windows\System\DiLkMwx.exe
  2⤵
  PID:7456
- C:\Windows\System\JdElITZ.exe
  C:\Windows\System\JdElITZ.exe
  2⤵
  PID:7476
- C:\Windows\System\WegtITL.exe
  C:\Windows\System\WegtITL.exe
  2⤵
  PID:7492
- C:\Windows\System\ZFQVsmW.exe
  C:\Windows\System\ZFQVsmW.exe
  2⤵
  PID:7520
- C:\Windows\System\JVLSPVk.exe
  C:\Windows\System\JVLSPVk.exe
  2⤵
  PID:7540
- C:\Windows\System\XKGoLVz.exe
  C:\Windows\System\XKGoLVz.exe
  2⤵
  PID:7560
- C:\Windows\System\jAfJKdf.exe
  C:\Windows\System\jAfJKdf.exe
  2⤵
  PID:7580
- C:\Windows\System\EQtOmDs.exe
  C:\Windows\System\EQtOmDs.exe
  2⤵
  PID:7600
- C:\Windows\System\QTnkvkB.exe
  C:\Windows\System\QTnkvkB.exe
  2⤵
  PID:7616
- C:\Windows\System\bZcrLXN.exe
  C:\Windows\System\bZcrLXN.exe
  2⤵
  PID:7640
- C:\Windows\System\dCacNTB.exe
  C:\Windows\System\dCacNTB.exe
  2⤵
  PID:7660
- C:\Windows\System\RdvPgPc.exe
  C:\Windows\System\RdvPgPc.exe
  2⤵
  PID:7680
- C:\Windows\System\BYYbSsG.exe
  C:\Windows\System\BYYbSsG.exe
  2⤵
  PID:7700
- C:\Windows\System\aMbTeXr.exe
  C:\Windows\System\aMbTeXr.exe
  2⤵
  PID:7716
- C:\Windows\System\zfesDbq.exe
  C:\Windows\System\zfesDbq.exe
  2⤵
  PID:7736
- C:\Windows\System\ZVdFpqa.exe
  C:\Windows\System\ZVdFpqa.exe
  2⤵
  PID:7760
- C:\Windows\System\wkdpTpt.exe
  C:\Windows\System\wkdpTpt.exe
  2⤵
  PID:7780
- C:\Windows\System\IsiWfNE.exe
  C:\Windows\System\IsiWfNE.exe
  2⤵
  PID:7800
- C:\Windows\System\VSuLlrk.exe
  C:\Windows\System\VSuLlrk.exe
  2⤵
  PID:7820
- C:\Windows\System\dNQzcSr.exe
  C:\Windows\System\dNQzcSr.exe
  2⤵
  PID:7836
- C:\Windows\System\HevOuEP.exe
  C:\Windows\System\HevOuEP.exe
  2⤵
  PID:7852
- C:\Windows\System\tJTHVJq.exe
  C:\Windows\System\tJTHVJq.exe
  2⤵
  PID:7880
- C:\Windows\System\QvyWiZZ.exe
  C:\Windows\System\QvyWiZZ.exe
  2⤵
  PID:7900
- C:\Windows\System\rxDLrVZ.exe
  C:\Windows\System\rxDLrVZ.exe
  2⤵
  PID:7928
- C:\Windows\System\tCmBvVU.exe
  C:\Windows\System\tCmBvVU.exe
  2⤵
  PID:7948
- C:\Windows\System\LFlGYHf.exe
  C:\Windows\System\LFlGYHf.exe
  2⤵
  PID:7964
- C:\Windows\System\stRwBnv.exe
  C:\Windows\System\stRwBnv.exe
  2⤵
  PID:7984
- C:\Windows\System\uEVKARf.exe
  C:\Windows\System\uEVKARf.exe
  2⤵
  PID:8004
- C:\Windows\System\JWGoari.exe
  C:\Windows\System\JWGoari.exe
  2⤵
  PID:8024
- C:\Windows\System\eeVRGKK.exe
  C:\Windows\System\eeVRGKK.exe
  2⤵
  PID:8048
- C:\Windows\System\FgyVWie.exe
  C:\Windows\System\FgyVWie.exe
  2⤵
  PID:8068
- C:\Windows\System\nHosDqU.exe
  C:\Windows\System\nHosDqU.exe
  2⤵
  PID:8088
- C:\Windows\System\rnwwQbl.exe
  C:\Windows\System\rnwwQbl.exe
  2⤵
  PID:8108
- C:\Windows\System\jNOPpLt.exe
  C:\Windows\System\jNOPpLt.exe
  2⤵
  PID:8128
- C:\Windows\System\ZJmLpJt.exe
  C:\Windows\System\ZJmLpJt.exe
  2⤵
  PID:8156
- C:\Windows\System\onKzYIx.exe
  C:\Windows\System\onKzYIx.exe
  2⤵
  PID:8176
- C:\Windows\System\mvACsGB.exe
  C:\Windows\System\mvACsGB.exe
  2⤵
  PID:6880
- C:\Windows\System\TyLKgEV.exe
  C:\Windows\System\TyLKgEV.exe
  2⤵
  PID:6564
- C:\Windows\System\fKbJOGk.exe
  C:\Windows\System\fKbJOGk.exe
  2⤵
  PID:7036
- C:\Windows\System\iTBjVQk.exe
  C:\Windows\System\iTBjVQk.exe
  2⤵
  PID:7056
- C:\Windows\System\eGEONOm.exe
  C:\Windows\System\eGEONOm.exe
  2⤵
  PID:1532
- C:\Windows\System\jLyrhuN.exe
  C:\Windows\System\jLyrhuN.exe
  2⤵
  PID:5968
- C:\Windows\System\QRrBBSB.exe
  C:\Windows\System\QRrBBSB.exe
  2⤵
  PID:7180
- C:\Windows\System\UOzuxrP.exe
  C:\Windows\System\UOzuxrP.exe
  2⤵
  PID:1932
- C:\Windows\System\glzPHot.exe
  C:\Windows\System\glzPHot.exe
  2⤵
  PID:6184
- C:\Windows\System\GPTygfN.exe
  C:\Windows\System\GPTygfN.exe
  2⤵
  PID:7228
- C:\Windows\System\IXUuRYS.exe
  C:\Windows\System\IXUuRYS.exe
  2⤵
  PID:7200
- C:\Windows\System\iBvuedA.exe
  C:\Windows\System\iBvuedA.exe
  2⤵
  PID:7264
- C:\Windows\System\hvWlljL.exe
  C:\Windows\System\hvWlljL.exe
  2⤵
  PID:7308
- C:\Windows\System\DRdlaPD.exe
  C:\Windows\System\DRdlaPD.exe
  2⤵
  PID:2212
- C:\Windows\System\cDlvVtK.exe
  C:\Windows\System\cDlvVtK.exe
  2⤵
  PID:7332
- C:\Windows\System\djKXGNN.exe
  C:\Windows\System\djKXGNN.exe
  2⤵
  PID:7392
- C:\Windows\System\xcZqdJN.exe
  C:\Windows\System\xcZqdJN.exe
  2⤵
  PID:7368
- C:\Windows\System\kkxHWvp.exe
  C:\Windows\System\kkxHWvp.exe
  2⤵
  PID:7404
- C:\Windows\System\VMCjJpM.exe
  C:\Windows\System\VMCjJpM.exe
  2⤵
  PID:7452
- C:\Windows\System\paYigRJ.exe
  C:\Windows\System\paYigRJ.exe
  2⤵
  PID:7500
- C:\Windows\System\dKIrFdZ.exe
  C:\Windows\System\dKIrFdZ.exe
  2⤵
  PID:7488
- C:\Windows\System\ATxNQeH.exe
  C:\Windows\System\ATxNQeH.exe
  2⤵
  PID:1556
- C:\Windows\System\DESxGPP.exe
  C:\Windows\System\DESxGPP.exe
  2⤵
  PID:7588
- C:\Windows\System\eDVBXXE.exe
  C:\Windows\System\eDVBXXE.exe
  2⤵
  PID:7624
- C:\Windows\System\zUSYsbt.exe
  C:\Windows\System\zUSYsbt.exe
  2⤵
  PID:7612
- C:\Windows\System\EKwjeen.exe
  C:\Windows\System\EKwjeen.exe
  2⤵
  PID:7676
- C:\Windows\System\dCGDwhS.exe
  C:\Windows\System\dCGDwhS.exe
  2⤵
  PID:7652
- C:\Windows\System\qpRgfzU.exe
  C:\Windows\System\qpRgfzU.exe
  2⤵
  PID:7756
- C:\Windows\System\YqiZCdz.exe
  C:\Windows\System\YqiZCdz.exe
  2⤵
  PID:7796
- C:\Windows\System\DwaoUgm.exe
  C:\Windows\System\DwaoUgm.exe
  2⤵
  PID:7732
- C:\Windows\System\svtlVFO.exe
  C:\Windows\System\svtlVFO.exe
  2⤵
  PID:7728
- C:\Windows\System\YYCXkvx.exe
  C:\Windows\System\YYCXkvx.exe
  2⤵
  PID:7776
- C:\Windows\System\npNyajd.exe
  C:\Windows\System\npNyajd.exe
  2⤵
  PID:2408
- C:\Windows\System\dmAwuvd.exe
  C:\Windows\System\dmAwuvd.exe
  2⤵
  PID:2516
- C:\Windows\System\AlitibR.exe
  C:\Windows\System\AlitibR.exe
  2⤵
  PID:692
- C:\Windows\System\LuqPzZs.exe
  C:\Windows\System\LuqPzZs.exe
  2⤵
  PID:7972
- C:\Windows\System\yDUsswo.exe
  C:\Windows\System\yDUsswo.exe
  2⤵
  PID:8012
- C:\Windows\System\ClVZBaY.exe
  C:\Windows\System\ClVZBaY.exe
  2⤵
  PID:8076
- C:\Windows\System\GTLRrdY.exe
  C:\Windows\System\GTLRrdY.exe
  2⤵
  PID:2544
- C:\Windows\System\UqQudya.exe
  C:\Windows\System\UqQudya.exe
  2⤵
  PID:8100
- C:\Windows\System\MsQwfiF.exe
  C:\Windows\System\MsQwfiF.exe
  2⤵
  PID:2272
- C:\Windows\System\msaioxu.exe
  C:\Windows\System\msaioxu.exe
  2⤵
  PID:8168
- C:\Windows\System\DecfjYG.exe
  C:\Windows\System\DecfjYG.exe
  2⤵
  PID:6520
- C:\Windows\System\uNxGBPN.exe
  C:\Windows\System\uNxGBPN.exe
  2⤵
  PID:2960
- C:\Windows\System\eIiohSz.exe
  C:\Windows\System\eIiohSz.exe
  2⤵
  PID:6768
- C:\Windows\System\GLZkNeP.exe
  C:\Windows\System\GLZkNeP.exe
  2⤵
  PID:1992
- C:\Windows\System\yKrJYdp.exe
  C:\Windows\System\yKrJYdp.exe
  2⤵
  PID:7176
- C:\Windows\System\VujTveK.exe
  C:\Windows\System\VujTveK.exe
  2⤵
  PID:6376
- C:\Windows\System\VzeHggI.exe
  C:\Windows\System\VzeHggI.exe
  2⤵
  PID:2284
- C:\Windows\System\UjUoFdn.exe
  C:\Windows\System\UjUoFdn.exe
  2⤵
  PID:7240
- C:\Windows\System\bvnpOPn.exe
  C:\Windows\System\bvnpOPn.exe
  2⤵
  PID:7208
- C:\Windows\System\BhbqNXD.exe
  C:\Windows\System\BhbqNXD.exe
  2⤵
  PID:7284
- C:\Windows\System\CvCxZSE.exe
  C:\Windows\System\CvCxZSE.exe
  2⤵
  PID:560
- C:\Windows\System\fbAgiTF.exe
  C:\Windows\System\fbAgiTF.exe
  2⤵
  PID:7344
- C:\Windows\System\qgJWPIa.exe
  C:\Windows\System\qgJWPIa.exe
  2⤵
  PID:1896
- C:\Windows\System\oqPPnqL.exe
  C:\Windows\System\oqPPnqL.exe
  2⤵
  PID:7448
- C:\Windows\System\tQZaPDC.exe
  C:\Windows\System\tQZaPDC.exe
  2⤵
  PID:7444
- C:\Windows\System\DlJOmGZ.exe
  C:\Windows\System\DlJOmGZ.exe
  2⤵
  PID:7556
- C:\Windows\System\BlalFyx.exe
  C:\Windows\System\BlalFyx.exe
  2⤵
  PID:7512
- C:\Windows\System\xBrDvWI.exe
  C:\Windows\System\xBrDvWI.exe
  2⤵
  PID:7568
- C:\Windows\System\JgwocSJ.exe
  C:\Windows\System\JgwocSJ.exe
  2⤵
  PID:7648
- C:\Windows\System\vOrqoPV.exe
  C:\Windows\System\vOrqoPV.exe
  2⤵
  PID:3028
- C:\Windows\System\HuMhEsB.exe
  C:\Windows\System\HuMhEsB.exe
  2⤵
  PID:7688
- C:\Windows\System\SVAeIKp.exe
  C:\Windows\System\SVAeIKp.exe
  2⤵
  PID:7828
- C:\Windows\System\MErZPdg.exe
  C:\Windows\System\MErZPdg.exe
  2⤵
  PID:7868
- C:\Windows\System\vTLmVnW.exe
  C:\Windows\System\vTLmVnW.exe
  2⤵
  PID:7788
- C:\Windows\System\onMZICA.exe
  C:\Windows\System\onMZICA.exe
  2⤵
  PID:7872
- C:\Windows\System\ZUmmvPG.exe
  C:\Windows\System\ZUmmvPG.exe
  2⤵
  PID:7812
- C:\Windows\System\zYpsije.exe
  C:\Windows\System\zYpsije.exe
  2⤵
  PID:6524
- C:\Windows\System\uQAfISt.exe
  C:\Windows\System\uQAfISt.exe
  2⤵
  PID:6440
- C:\Windows\System\WYjrmbo.exe
  C:\Windows\System\WYjrmbo.exe
  2⤵
  PID:2792
- C:\Windows\System\UbXlAII.exe
  C:\Windows\System\UbXlAII.exe
  2⤵
  PID:7960
- C:\Windows\System\knyVmRU.exe
  C:\Windows\System\knyVmRU.exe
  2⤵
  PID:7992
- C:\Windows\System\mOiDhEl.exe
  C:\Windows\System\mOiDhEl.exe
  2⤵
  PID:2620
- C:\Windows\System\DBaPBlv.exe
  C:\Windows\System\DBaPBlv.exe
  2⤵
  PID:8044
- C:\Windows\System\dXqUeRP.exe
  C:\Windows\System\dXqUeRP.exe
  2⤵
  PID:1776
- C:\Windows\System\RUYAtyY.exe
  C:\Windows\System\RUYAtyY.exe
  2⤵
  PID:8096
- C:\Windows\System\bGqLkzu.exe
  C:\Windows\System\bGqLkzu.exe
  2⤵
  PID:8104
- C:\Windows\System\VTmbhHo.exe
  C:\Windows\System\VTmbhHo.exe
  2⤵
  PID:8136
- C:\Windows\System\ErJMRRk.exe
  C:\Windows\System\ErJMRRk.exe
  2⤵
  PID:8140
- C:\Windows\System\QlFVgFP.exe
  C:\Windows\System\QlFVgFP.exe
  2⤵
  PID:704
- C:\Windows\System\cnEvYNc.exe
  C:\Windows\System\cnEvYNc.exe
  2⤵
  PID:6872
- C:\Windows\System\pkFJfpN.exe
  C:\Windows\System\pkFJfpN.exe
  2⤵
  PID:6692
- C:\Windows\System\jtIUHwx.exe
  C:\Windows\System\jtIUHwx.exe
  2⤵
  PID:7196
- C:\Windows\System\RZrguCC.exe
  C:\Windows\System\RZrguCC.exe
  2⤵
  PID:6584
- C:\Windows\System\IFIpvfj.exe
  C:\Windows\System\IFIpvfj.exe
  2⤵
  PID:7268
- C:\Windows\System\LVxTXKG.exe
  C:\Windows\System\LVxTXKG.exe
  2⤵
  PID:7472
- C:\Windows\System\iGEYMqj.exe
  C:\Windows\System\iGEYMqj.exe
  2⤵
  PID:7432
- C:\Windows\System\ugXLgWA.exe
  C:\Windows\System\ugXLgWA.exe
  2⤵
  PID:7352
- C:\Windows\System\YDEZaKu.exe
  C:\Windows\System\YDEZaKu.exe
  2⤵
  PID:2160
- C:\Windows\System\EiZsQhr.exe
  C:\Windows\System\EiZsQhr.exe
  2⤵
  PID:7628
- C:\Windows\System\qROajyI.exe
  C:\Windows\System\qROajyI.exe
  2⤵
  PID:7712
- C:\Windows\System\bgsgAeG.exe
  C:\Windows\System\bgsgAeG.exe
  2⤵
  PID:7848
- C:\Windows\System\FnmzqiF.exe
  C:\Windows\System\FnmzqiF.exe
  2⤵
  PID:6716
- C:\Windows\System\OAvVlQA.exe
  C:\Windows\System\OAvVlQA.exe
  2⤵
  PID:8040
- C:\Windows\System\yxbAUwN.exe
  C:\Windows\System\yxbAUwN.exe
  2⤵
  PID:8124
- C:\Windows\System\ZeQHjzi.exe
  C:\Windows\System\ZeQHjzi.exe
  2⤵
  PID:3064
- C:\Windows\System\zJkjhAs.exe
  C:\Windows\System\zJkjhAs.exe
  2⤵
  PID:7724
- C:\Windows\System\rndwrRY.exe
  C:\Windows\System\rndwrRY.exe
  2⤵
  PID:8036
- C:\Windows\System\CmHkuhL.exe
  C:\Windows\System\CmHkuhL.exe
  2⤵
  PID:7996
- C:\Windows\System\aRIqElc.exe
  C:\Windows\System\aRIqElc.exe
  2⤵
  PID:2744
- C:\Windows\System\pqDgdvl.exe
  C:\Windows\System\pqDgdvl.exe
  2⤵
  PID:2764
- C:\Windows\System\OLmXbYa.exe
  C:\Windows\System\OLmXbYa.exe
  2⤵
  PID:7324
- C:\Windows\System\dUapGVC.exe
  C:\Windows\System\dUapGVC.exe
  2⤵
  PID:1956
- C:\Windows\System\eoNGpFj.exe
  C:\Windows\System\eoNGpFj.exe
  2⤵
  PID:7692
- C:\Windows\System\RyVspGK.exe
  C:\Windows\System\RyVspGK.exe
  2⤵
  PID:6380
- C:\Windows\System\tHWxwZE.exe
  C:\Windows\System\tHWxwZE.exe
  2⤵
  PID:7536
- C:\Windows\System\OYGgnSL.exe
  C:\Windows\System\OYGgnSL.exe
  2⤵
  PID:7372
- C:\Windows\System\SdezzmL.exe
  C:\Windows\System\SdezzmL.exe
  2⤵
  PID:5396
- C:\Windows\System\xmliqJF.exe
  C:\Windows\System\xmliqJF.exe
  2⤵
  PID:2748
- C:\Windows\System\nVADazx.exe
  C:\Windows\System\nVADazx.exe
  2⤵
  PID:7300
- C:\Windows\System\PxCCmiJ.exe
  C:\Windows\System\PxCCmiJ.exe
  2⤵
  PID:7528
- C:\Windows\System\tZCoYFQ.exe
  C:\Windows\System\tZCoYFQ.exe
  2⤵
  PID:2760
- C:\Windows\System\guFsyko.exe
  C:\Windows\System\guFsyko.exe
  2⤵
  PID:7936
- C:\Windows\System\fcfXzNi.exe
  C:\Windows\System\fcfXzNi.exe
  2⤵
  PID:2252
- C:\Windows\System\HULqWOL.exe
  C:\Windows\System\HULqWOL.exe
  2⤵
  PID:8144
- C:\Windows\System\IxdDqbW.exe
  C:\Windows\System\IxdDqbW.exe
  2⤵
  PID:6224
- C:\Windows\System\PEjfhJa.exe
  C:\Windows\System\PEjfhJa.exe
  2⤵
  PID:7468
- C:\Windows\System\BjKBzpl.exe
  C:\Windows\System\BjKBzpl.exe
  2⤵
  PID:8208
- C:\Windows\System\VJIxKrt.exe
  C:\Windows\System\VJIxKrt.exe
  2⤵
  PID:8224
- C:\Windows\System\NilySFU.exe
  C:\Windows\System\NilySFU.exe
  2⤵
  PID:8240
- C:\Windows\System\eZgKGyI.exe
  C:\Windows\System\eZgKGyI.exe
  2⤵
  PID:8256
- C:\Windows\System\fNsAsCG.exe
  C:\Windows\System\fNsAsCG.exe
  2⤵
  PID:8272
- C:\Windows\System\QuueiIL.exe
  C:\Windows\System\QuueiIL.exe
  2⤵
  PID:8288
- C:\Windows\System\pbQnkkT.exe
  C:\Windows\System\pbQnkkT.exe
  2⤵
  PID:8304
- C:\Windows\System\DKRFKNw.exe
  C:\Windows\System\DKRFKNw.exe
  2⤵
  PID:8320
- C:\Windows\System\hqfYQgN.exe
  C:\Windows\System\hqfYQgN.exe
  2⤵
  PID:8336
- C:\Windows\System\LEBxgKu.exe
  C:\Windows\System\LEBxgKu.exe
  2⤵
  PID:8352
- C:\Windows\System\acmxVSC.exe
  C:\Windows\System\acmxVSC.exe
  2⤵
  PID:8368
- C:\Windows\System\xeJgdmQ.exe
  C:\Windows\System\xeJgdmQ.exe
  2⤵
  PID:8384
- C:\Windows\System\gmgjeti.exe
  C:\Windows\System\gmgjeti.exe
  2⤵
  PID:8400
- C:\Windows\System\QlIGrsu.exe
  C:\Windows\System\QlIGrsu.exe
  2⤵
  PID:8416
- C:\Windows\System\DtIbvvC.exe
  C:\Windows\System\DtIbvvC.exe
  2⤵
  PID:8432
- C:\Windows\System\xArfpYI.exe
  C:\Windows\System\xArfpYI.exe
  2⤵
  PID:8448
- C:\Windows\System\NOplpBR.exe
  C:\Windows\System\NOplpBR.exe
  2⤵
  PID:8464
- C:\Windows\System\TCFyPYq.exe
  C:\Windows\System\TCFyPYq.exe
  2⤵
  PID:8480
- C:\Windows\System\IdGTkHm.exe
  C:\Windows\System\IdGTkHm.exe
  2⤵
  PID:8496
- C:\Windows\System\oLgiLJK.exe
  C:\Windows\System\oLgiLJK.exe
  2⤵
  PID:8512
- C:\Windows\System\ExPVaSp.exe
  C:\Windows\System\ExPVaSp.exe
  2⤵
  PID:8528
- C:\Windows\System\DEKSfnA.exe
  C:\Windows\System\DEKSfnA.exe
  2⤵
  PID:8548
- C:\Windows\System\mKqtyMu.exe
  C:\Windows\System\mKqtyMu.exe
  2⤵
  PID:8564
- C:\Windows\System\HyMJEFo.exe
  C:\Windows\System\HyMJEFo.exe
  2⤵
  PID:8580
- C:\Windows\System\SyQYvbC.exe
  C:\Windows\System\SyQYvbC.exe
  2⤵
  PID:8596
- C:\Windows\System\SZqIxlF.exe
  C:\Windows\System\SZqIxlF.exe
  2⤵
  PID:8612
- C:\Windows\System\vqiUlnF.exe
  C:\Windows\System\vqiUlnF.exe
  2⤵
  PID:8628
- C:\Windows\System\BUCWjWU.exe
  C:\Windows\System\BUCWjWU.exe
  2⤵
  PID:8644
- C:\Windows\System\WCnetML.exe
  C:\Windows\System\WCnetML.exe
  2⤵
  PID:8660
- C:\Windows\System\lllllMf.exe
  C:\Windows\System\lllllMf.exe
  2⤵
  PID:8676
- C:\Windows\System\XOKbcXU.exe
  C:\Windows\System\XOKbcXU.exe
  2⤵
  PID:8692
- C:\Windows\System\lioSUCW.exe
  C:\Windows\System\lioSUCW.exe
  2⤵
  PID:8708
- C:\Windows\System\ARsKuXQ.exe
  C:\Windows\System\ARsKuXQ.exe
  2⤵
  PID:8724
- C:\Windows\System\DKbWlUv.exe
  C:\Windows\System\DKbWlUv.exe
  2⤵
  PID:8740
- C:\Windows\System\wPqmuDH.exe
  C:\Windows\System\wPqmuDH.exe
  2⤵
  PID:8756
- C:\Windows\System\SyTebKX.exe
  C:\Windows\System\SyTebKX.exe
  2⤵
  PID:8780
- C:\Windows\System\iILVnRw.exe
  C:\Windows\System\iILVnRw.exe
  2⤵
  PID:8796
- C:\Windows\System\XMsZdqe.exe
  C:\Windows\System\XMsZdqe.exe
  2⤵
  PID:8812
- C:\Windows\System\skejuST.exe
  C:\Windows\System\skejuST.exe
  2⤵
  PID:8828
- C:\Windows\System\oJPybfU.exe
  C:\Windows\System\oJPybfU.exe
  2⤵
  PID:8844
- C:\Windows\System\wwCejht.exe
  C:\Windows\System\wwCejht.exe
  2⤵
  PID:8860
- C:\Windows\System\VHIkNlP.exe
  C:\Windows\System\VHIkNlP.exe
  2⤵
  PID:8876
- C:\Windows\System\LyNxCdd.exe
  C:\Windows\System\LyNxCdd.exe
  2⤵
  PID:8892
- C:\Windows\System\GIQpvRJ.exe
  C:\Windows\System\GIQpvRJ.exe
  2⤵
  PID:8908
- C:\Windows\System\YimxDrt.exe
  C:\Windows\System\YimxDrt.exe
  2⤵
  PID:8924
- C:\Windows\System\RPyKTbJ.exe
  C:\Windows\System\RPyKTbJ.exe
  2⤵
  PID:8940
- C:\Windows\System\lInLRwB.exe
  C:\Windows\System\lInLRwB.exe
  2⤵
  PID:8956
- C:\Windows\System\VWHHwZG.exe
  C:\Windows\System\VWHHwZG.exe
  2⤵
  PID:8976
- C:\Windows\System\zgKRMNr.exe
  C:\Windows\System\zgKRMNr.exe
  2⤵
  PID:8992
- C:\Windows\System\VrONPXa.exe
  C:\Windows\System\VrONPXa.exe
  2⤵
  PID:9008
- C:\Windows\System\UfQpyWc.exe
  C:\Windows\System\UfQpyWc.exe
  2⤵
  PID:9024
- C:\Windows\System\aFGJvbw.exe
  C:\Windows\System\aFGJvbw.exe
  2⤵
  PID:9040
- C:\Windows\System\tuTcYOC.exe
  C:\Windows\System\tuTcYOC.exe
  2⤵
  PID:9056
- C:\Windows\System\LXMusbQ.exe
  C:\Windows\System\LXMusbQ.exe
  2⤵
  PID:9072
- C:\Windows\System\hIlThGT.exe
  C:\Windows\System\hIlThGT.exe
  2⤵
  PID:9088
- C:\Windows\System\nURJNKO.exe
  C:\Windows\System\nURJNKO.exe
  2⤵
  PID:9104
- C:\Windows\System\EpWmlMP.exe
  C:\Windows\System\EpWmlMP.exe
  2⤵
  PID:9120
- C:\Windows\System\omHndlq.exe
  C:\Windows\System\omHndlq.exe
  2⤵
  PID:9136
- C:\Windows\System\AukqvwH.exe
  C:\Windows\System\AukqvwH.exe
  2⤵
  PID:9152
- C:\Windows\System\jroennH.exe
  C:\Windows\System\jroennH.exe
  2⤵
  PID:9168
- C:\Windows\System\evPDLGD.exe
  C:\Windows\System\evPDLGD.exe
  2⤵
  PID:9184
- C:\Windows\System\tXRKdgL.exe
  C:\Windows\System\tXRKdgL.exe
  2⤵
  PID:9200
- C:\Windows\System\RwekokE.exe
  C:\Windows\System\RwekokE.exe
  2⤵
  PID:6260
- C:\Windows\System\oxkWPVv.exe
  C:\Windows\System\oxkWPVv.exe
  2⤵
  PID:8236
- C:\Windows\System\cNYgBJj.exe
  C:\Windows\System\cNYgBJj.exe
  2⤵
  PID:8296
- C:\Windows\System\QvsfRXf.exe
  C:\Windows\System\QvsfRXf.exe
  2⤵
  PID:8248
- C:\Windows\System\uzuBXse.exe
  C:\Windows\System\uzuBXse.exe
  2⤵
  PID:8300
- C:\Windows\System\XKrgryx.exe
  C:\Windows\System\XKrgryx.exe
  2⤵
  PID:8312
- C:\Windows\System\MeKOsOc.exe
  C:\Windows\System\MeKOsOc.exe
  2⤵
  PID:8344
- C:\Windows\System\fXnRDrp.exe
  C:\Windows\System\fXnRDrp.exe
  2⤵
  PID:8348
- C:\Windows\System\DHXskGa.exe
  C:\Windows\System\DHXskGa.exe
  2⤵
  PID:8412
- C:\Windows\System\YrcNtIi.exe
  C:\Windows\System\YrcNtIi.exe
  2⤵
  PID:8488
- C:\Windows\System\fSebruT.exe
  C:\Windows\System\fSebruT.exe
  2⤵
  PID:8524
- C:\Windows\System\aVRiNLg.exe
  C:\Windows\System\aVRiNLg.exe
  2⤵
  PID:8440
- C:\Windows\System\JsPpZEr.exe
  C:\Windows\System\JsPpZEr.exe
  2⤵
  PID:7108
- C:\Windows\System\VjnlGFr.exe
  C:\Windows\System\VjnlGFr.exe
  2⤵
  PID:8592
- C:\Windows\System\WDrXRdF.exe
  C:\Windows\System\WDrXRdF.exe
  2⤵
  PID:8656
- C:\Windows\System\LZzitbK.exe
  C:\Windows\System\LZzitbK.exe
  2⤵
  PID:8636
- C:\Windows\System\kXPqgiQ.exe
  C:\Windows\System\kXPqgiQ.exe
  2⤵
  PID:8720
- C:\Windows\System\UITBljm.exe
  C:\Windows\System\UITBljm.exe
  2⤵
  PID:8768
- C:\Windows\System\wsvzKlm.exe
  C:\Windows\System\wsvzKlm.exe
  2⤵
  PID:8232
- C:\Windows\System\DXreqgZ.exe
  C:\Windows\System\DXreqgZ.exe
  2⤵
  PID:8280
- C:\Windows\System\tKjGfvm.exe
  C:\Windows\System\tKjGfvm.exe
  2⤵
  PID:8520
- C:\Windows\System\PVxkUaM.exe
  C:\Windows\System\PVxkUaM.exe
  2⤵
  PID:8476
- C:\Windows\System\nGsqneM.exe
  C:\Windows\System\nGsqneM.exe
  2⤵
  PID:8456
- C:\Windows\System\ytOlePN.exe
  C:\Windows\System\ytOlePN.exe
  2⤵
  PID:8716
- C:\Windows\System\Kyfhuat.exe
  C:\Windows\System\Kyfhuat.exe
  2⤵
  PID:8560
- C:\Windows\System\QiEEGxR.exe
  C:\Windows\System\QiEEGxR.exe
  2⤵
  PID:2468
- C:\Windows\System\fZvFbQC.exe
  C:\Windows\System\fZvFbQC.exe
  2⤵
  PID:8752
- C:\Windows\System\RVPrcQm.exe
  C:\Windows\System\RVPrcQm.exe
  2⤵
  PID:2720
- C:\Windows\System\mzMlVLG.exe
  C:\Windows\System\mzMlVLG.exe
  2⤵
  PID:2164
- C:\Windows\System\BazsCDB.exe
  C:\Windows\System\BazsCDB.exe
  2⤵
  PID:7920
- C:\Windows\System\KeQhALW.exe
  C:\Windows\System\KeQhALW.exe
  2⤵
  PID:8792
- C:\Windows\System\nAHgZSY.exe
  C:\Windows\System\nAHgZSY.exe
  2⤵
  PID:8884
- C:\Windows\System\HYPGynT.exe
  C:\Windows\System\HYPGynT.exe
  2⤵
  PID:8952
- C:\Windows\System\tSeTXDk.exe
  C:\Windows\System\tSeTXDk.exe
  2⤵
  PID:8936
- C:\Windows\System\RBdyYpq.exe
  C:\Windows\System\RBdyYpq.exe
  2⤵
  PID:8840
- C:\Windows\System\HMcDWHN.exe
  C:\Windows\System\HMcDWHN.exe
  2⤵
  PID:9064
- C:\Windows\System\uaNTKFU.exe
  C:\Windows\System\uaNTKFU.exe
  2⤵
  PID:9020
- C:\Windows\System\OyJRPJg.exe
  C:\Windows\System\OyJRPJg.exe
  2⤵
  PID:9100
- C:\Windows\System\CcoAXoG.exe
  C:\Windows\System\CcoAXoG.exe
  2⤵
  PID:9068
- C:\Windows\System\snvlRsY.exe
  C:\Windows\System\snvlRsY.exe
  2⤵
  PID:9096
- C:\Windows\System\nhSjZdQ.exe
  C:\Windows\System\nhSjZdQ.exe
  2⤵
  PID:9132
- C:\Windows\System\CLojpJF.exe
  C:\Windows\System\CLojpJF.exe
  2⤵
  PID:9160
- C:\Windows\System\KoTYWUF.exe
  C:\Windows\System\KoTYWUF.exe
  2⤵
  PID:9196
- C:\Windows\System\zPsSVZu.exe
  C:\Windows\System\zPsSVZu.exe
  2⤵
  PID:8268
- C:\Windows\System\mqWwzso.exe
  C:\Windows\System\mqWwzso.exe
  2⤵
  PID:8380
- C:\Windows\System\bSAhqWb.exe
  C:\Windows\System\bSAhqWb.exe
  2⤵
  PID:8652
- C:\Windows\System\LTvtDEC.exe
  C:\Windows\System\LTvtDEC.exe
  2⤵
  PID:8216
- C:\Windows\System\ofpFizO.exe
  C:\Windows\System\ofpFizO.exe
  2⤵
  PID:3008
- C:\Windows\System\BBpLGsj.exe
  C:\Windows\System\BBpLGsj.exe
  2⤵
  PID:8824
- C:\Windows\System\AVvCEhS.exe
  C:\Windows\System\AVvCEhS.exe
  2⤵
  PID:8776
- C:\Windows\System\wLowwgf.exe
  C:\Windows\System\wLowwgf.exe
  2⤵
  PID:9016
- C:\Windows\System\OtNZUZc.exe
  C:\Windows\System\OtNZUZc.exe
  2⤵
  PID:8748
- C:\Windows\System\fyQUIVM.exe
  C:\Windows\System\fyQUIVM.exe
  2⤵
  PID:8704
- C:\Windows\System\NuHcIze.exe
  C:\Windows\System\NuHcIze.exe
  2⤵
  PID:8932
- C:\Windows\System\jSnbBGq.exe
  C:\Windows\System\jSnbBGq.exe
  2⤵
  PID:9036
- C:\Windows\System\QyIxKCI.exe
  C:\Windows\System\QyIxKCI.exe
  2⤵
  PID:9032
- C:\Windows\System\xFbXzid.exe
  C:\Windows\System\xFbXzid.exe
  2⤵
  PID:6784
- C:\Windows\System\yurIqMn.exe
  C:\Windows\System\yurIqMn.exe
  2⤵
  PID:8688
- C:\Windows\System\hoeieil.exe
  C:\Windows\System\hoeieil.exe
  2⤵
  PID:2028
- C:\Windows\System\qAzjZNc.exe
  C:\Windows\System\qAzjZNc.exe
  2⤵
  PID:8604
- C:\Windows\System\zGWBstS.exe
  C:\Windows\System\zGWBstS.exe
  2⤵
  PID:2400
- C:\Windows\System\kGzDUxP.exe
  C:\Windows\System\kGzDUxP.exe
  2⤵
  PID:8804
- C:\Windows\System\GsphofA.exe
  C:\Windows\System\GsphofA.exe
  2⤵
  PID:8332
- C:\Windows\System\TmcvCDO.exe
  C:\Windows\System\TmcvCDO.exe
  2⤵
  PID:8856
- C:\Windows\System\ZpnUuUw.exe
  C:\Windows\System\ZpnUuUw.exe
  2⤵
  PID:8408
- C:\Windows\System\AeGWPOy.exe
  C:\Windows\System\AeGWPOy.exe
  2⤵
  PID:1636
- C:\Windows\System\bOUMCeI.exe
  C:\Windows\System\bOUMCeI.exe
  2⤵
  PID:8916
- C:\Windows\System\BpbrUvP.exe
  C:\Windows\System\BpbrUvP.exe
  2⤵
  PID:8820
- C:\Windows\System\ukoGmNw.exe
  C:\Windows\System\ukoGmNw.exe
  2⤵
  PID:2328
- C:\Windows\System\nGohsln.exe
  C:\Windows\System\nGohsln.exe
  2⤵
  PID:9232
- C:\Windows\System\nknSUlj.exe
  C:\Windows\System\nknSUlj.exe
  2⤵
  PID:9248
- C:\Windows\System\KfJtyUG.exe
  C:\Windows\System\KfJtyUG.exe
  2⤵
  PID:9264
- C:\Windows\System\TSSEIYu.exe
  C:\Windows\System\TSSEIYu.exe
  2⤵
  PID:9284
- C:\Windows\System\oKIanhz.exe
  C:\Windows\System\oKIanhz.exe
  2⤵
  PID:9300
- C:\Windows\System\dOPfQml.exe
  C:\Windows\System\dOPfQml.exe
  2⤵
  PID:9316
- C:\Windows\System\ioExFHH.exe
  C:\Windows\System\ioExFHH.exe
  2⤵
  PID:9332
- C:\Windows\System\zvtWvwc.exe
  C:\Windows\System\zvtWvwc.exe
  2⤵
  PID:9348
- C:\Windows\System\kpnIvcn.exe
  C:\Windows\System\kpnIvcn.exe
  2⤵
  PID:9364
- C:\Windows\System\iRGrzIQ.exe
  C:\Windows\System\iRGrzIQ.exe
  2⤵
  PID:9380
- C:\Windows\System\icPrOjZ.exe
  C:\Windows\System\icPrOjZ.exe
  2⤵
  PID:9396
- C:\Windows\System\EyZjdlX.exe
  C:\Windows\System\EyZjdlX.exe
  2⤵
  PID:9412
- C:\Windows\System\sfELmQM.exe
  C:\Windows\System\sfELmQM.exe
  2⤵
  PID:9428
- C:\Windows\System\XqvaZXO.exe
  C:\Windows\System\XqvaZXO.exe
  2⤵
  PID:9456
- C:\Windows\System\ppIRdgJ.exe
  C:\Windows\System\ppIRdgJ.exe
  2⤵
  PID:9472
- C:\Windows\System\yHOStYy.exe
  C:\Windows\System\yHOStYy.exe
  2⤵
  PID:9492
- C:\Windows\System\xwlEWmT.exe
  C:\Windows\System\xwlEWmT.exe
  2⤵
  PID:9508
- C:\Windows\System\MlHuXyk.exe
  C:\Windows\System\MlHuXyk.exe
  2⤵
  PID:9528
- C:\Windows\System\NVlAngZ.exe
  C:\Windows\System\NVlAngZ.exe
  2⤵
  PID:9544
- C:\Windows\System\zofcCTB.exe
  C:\Windows\System\zofcCTB.exe
  2⤵
  PID:9560
- C:\Windows\System\UycYqyh.exe
  C:\Windows\System\UycYqyh.exe
  2⤵
  PID:9596
- C:\Windows\System\oMzfibR.exe
  C:\Windows\System\oMzfibR.exe
  2⤵
  PID:9616
- C:\Windows\System\eCzMsHd.exe
  C:\Windows\System\eCzMsHd.exe
  2⤵
  PID:9632
- C:\Windows\System\mEvePFy.exe
  C:\Windows\System\mEvePFy.exe
  2⤵
  PID:9648
- C:\Windows\System\LlAIdbA.exe
  C:\Windows\System\LlAIdbA.exe
  2⤵
  PID:9664
- C:\Windows\System\TAYHiCu.exe
  C:\Windows\System\TAYHiCu.exe
  2⤵
  PID:9680
- C:\Windows\System\lXrrjut.exe
  C:\Windows\System\lXrrjut.exe
  2⤵
  PID:9696
- C:\Windows\System\JQomQXf.exe
  C:\Windows\System\JQomQXf.exe
  2⤵
  PID:9712
- C:\Windows\System\NLMdQVN.exe
  C:\Windows\System\NLMdQVN.exe
  2⤵
  PID:9732
- C:\Windows\System\KQTqDNa.exe
  C:\Windows\System\KQTqDNa.exe
  2⤵
  PID:9748
- C:\Windows\System\ZHVvvcD.exe
  C:\Windows\System\ZHVvvcD.exe
  2⤵
  PID:9764
- C:\Windows\System\ZRajkxZ.exe
  C:\Windows\System\ZRajkxZ.exe
  2⤵
  PID:9780
- C:\Windows\System\VoOssIu.exe
  C:\Windows\System\VoOssIu.exe
  2⤵
  PID:9796
- C:\Windows\System\PORRPzO.exe
  C:\Windows\System\PORRPzO.exe
  2⤵
  PID:9812
- C:\Windows\System\FxHqHgI.exe
  C:\Windows\System\FxHqHgI.exe
  2⤵
  PID:9828
- C:\Windows\System\UkqHTda.exe
  C:\Windows\System\UkqHTda.exe
  2⤵
  PID:9844
- C:\Windows\System\ZVjcKQq.exe
  C:\Windows\System\ZVjcKQq.exe
  2⤵
  PID:9860
- C:\Windows\System\MgESxcE.exe
  C:\Windows\System\MgESxcE.exe
  2⤵
  PID:9876
- C:\Windows\System\zhGTJNp.exe
  C:\Windows\System\zhGTJNp.exe
  2⤵
  PID:9892
- C:\Windows\System\EhUfmdu.exe
  C:\Windows\System\EhUfmdu.exe
  2⤵
  PID:9908
- C:\Windows\System\PxWAVOp.exe
  C:\Windows\System\PxWAVOp.exe
  2⤵
  PID:9924
- C:\Windows\System\AWPIAoQ.exe
  C:\Windows\System\AWPIAoQ.exe
  2⤵
  PID:9940
- C:\Windows\System\IqesUwe.exe
  C:\Windows\System\IqesUwe.exe
  2⤵
  PID:9956
- C:\Windows\System\wjqasru.exe
  C:\Windows\System\wjqasru.exe
  2⤵
  PID:9972
- C:\Windows\System\zRpGnex.exe
  C:\Windows\System\zRpGnex.exe
  2⤵
  PID:9988
- C:\Windows\System\xDKLeUX.exe
  C:\Windows\System\xDKLeUX.exe
  2⤵
  PID:10004
- C:\Windows\System\dYAjFGi.exe
  C:\Windows\System\dYAjFGi.exe
  2⤵
  PID:10020
- C:\Windows\System\RAxcVRY.exe
  C:\Windows\System\RAxcVRY.exe
  2⤵
  PID:10036
- C:\Windows\System\WsHeOny.exe
  C:\Windows\System\WsHeOny.exe
  2⤵
  PID:10052
- C:\Windows\System\bsaMCGj.exe
  C:\Windows\System\bsaMCGj.exe
  2⤵
  PID:10068
- C:\Windows\System\hAktySM.exe
  C:\Windows\System\hAktySM.exe
  2⤵
  PID:10084
- C:\Windows\System\cbNxGNf.exe
  C:\Windows\System\cbNxGNf.exe
  2⤵
  PID:10100
- C:\Windows\System\QTjgpYm.exe
  C:\Windows\System\QTjgpYm.exe
  2⤵
  PID:10116
- C:\Windows\System\yiLSSiy.exe
  C:\Windows\System\yiLSSiy.exe
  2⤵
  PID:9704
- C:\Windows\System\ykbiczf.exe
  C:\Windows\System\ykbiczf.exe
  2⤵
  PID:9568
- C:\Windows\System\STCwGTH.exe
  C:\Windows\System\STCwGTH.exe
  2⤵
  PID:9624
- C:\Windows\System\bXpCNQU.exe
  C:\Windows\System\bXpCNQU.exe
  2⤵
  PID:9592
- C:\Windows\System\lWjXsIr.exe
  C:\Windows\System\lWjXsIr.exe
  2⤵
  PID:9628
- C:\Windows\System\BNUJhvo.exe
  C:\Windows\System\BNUJhvo.exe
  2⤵
  PID:9692
- C:\Windows\System\aEwudIA.exe
  C:\Windows\System\aEwudIA.exe
  2⤵
  PID:9808
- C:\Windows\System\MyhSeJl.exe
  C:\Windows\System\MyhSeJl.exe
  2⤵
  PID:9840
- C:\Windows\System\qUgZshU.exe
  C:\Windows\System\qUgZshU.exe
  2⤵
  PID:9900
- C:\Windows\System\ouWGwKU.exe
  C:\Windows\System\ouWGwKU.exe
  2⤵
  PID:9824
- C:\Windows\System\bwzDbIM.exe
  C:\Windows\System\bwzDbIM.exe
  2⤵
  PID:9888
- C:\Windows\System\kbBpRQu.exe
  C:\Windows\System\kbBpRQu.exe
  2⤵
  PID:9964
- C:\Windows\System\nAWxUYn.exe
  C:\Windows\System\nAWxUYn.exe
  2⤵
  PID:10028
- C:\Windows\System\tsDujyO.exe
  C:\Windows\System\tsDujyO.exe
  2⤵
  PID:9948
- C:\Windows\System\plvjtRX.exe
  C:\Windows\System\plvjtRX.exe
  2⤵
  PID:10096
- C:\Windows\System\NytnWXv.exe
  C:\Windows\System\NytnWXv.exe
  2⤵
  PID:9984
- C:\Windows\System\XSFUTju.exe
  C:\Windows\System\XSFUTju.exe
  2⤵
  PID:10048
- C:\Windows\System\msTEyfk.exe
  C:\Windows\System\msTEyfk.exe
  2⤵
  PID:10112
- C:\Windows\System\xnsrseT.exe
  C:\Windows\System\xnsrseT.exe
  2⤵
  PID:10144
- C:\Windows\System\QlfrUyp.exe
  C:\Windows\System\QlfrUyp.exe
  2⤵
  PID:10164
- C:\Windows\System\VITByyd.exe
  C:\Windows\System\VITByyd.exe
  2⤵
  PID:10188
- C:\Windows\System\dkJFkxn.exe
  C:\Windows\System\dkJFkxn.exe
  2⤵
  PID:10200
- C:\Windows\System\qbSTucz.exe
  C:\Windows\System\qbSTucz.exe
  2⤵
  PID:10208
- C:\Windows\System\XmahWic.exe
  C:\Windows\System\XmahWic.exe
  2⤵
  PID:10224
- C:\Windows\System\mDQeOCt.exe
  C:\Windows\System\mDQeOCt.exe
  2⤵
  PID:8888
- C:\Windows\System\eJoScgj.exe
  C:\Windows\System\eJoScgj.exe
  2⤵
  PID:9224
- C:\Windows\System\OvpuEYp.exe
  C:\Windows\System\OvpuEYp.exe
  2⤵
  PID:2828
- C:\Windows\System\FaVgYKD.exe
  C:\Windows\System\FaVgYKD.exe
  2⤵
  PID:9240
- C:\Windows\System\sKutUeC.exe
  C:\Windows\System\sKutUeC.exe
  2⤵
  PID:9276
- C:\Windows\System\cFUMXzI.exe
  C:\Windows\System\cFUMXzI.exe
  2⤵
  PID:9228
- C:\Windows\System\PHSxToP.exe
  C:\Windows\System\PHSxToP.exe
  2⤵
  PID:9260
- C:\Windows\System\lZqZUJU.exe
  C:\Windows\System\lZqZUJU.exe
  2⤵
  PID:10132
- C:\Windows\System\mipWSgQ.exe
  C:\Windows\System\mipWSgQ.exe
  2⤵
  PID:9420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AtLrekx.exe

Filesize
6.0MB

MD5
d84c7ef00292dc47aa0548ec796418dd

SHA1
576d3014ef4148c944a3151614f210f6114fb085

SHA256
697f7931f9fbe5c19e75c1618f2c9eb7e468e6f149a08d0cc9e393d7603de9e2

SHA512
51e1b53113e93e0367d7c52a5d6821863ffc96b71ca60b1e2c41dcc3053c10be4b2b285d90b00e9d4cca900291e1cc0b9bd44cb9d27f3df662dec3ba2ddfed46

Download Submit
C:\Windows\system\EUqXkzH.exe

Filesize
6.0MB

MD5
4c6efff7cb72778753ddaf1c6718749b

SHA1
22e50cb6233ebb5da2414a52917b2dc554c1cfa6

SHA256
1655ce456eee9569235a64b3f99a6b02501ed784a7d971af66da8343443a931c

SHA512
5c21df1db39ec2b49235eeab38102fdd8bd6458c07db7aaf6f16217cad7d23bbebd48c06d4414c563f7f5f1fc4f9ccb02c55c41525783190dce9dfb6918aa78b

Download Submit
C:\Windows\system\FKtpxFZ.exe

Filesize
6.0MB

MD5
df981a1478d4f12305bca7f5baa7ed77

SHA1
4c0eba6cc1ab17cdc032fbfbfe807abdb5e142f4

SHA256
d6b8abf5f94dcd85e7e5bbb62d6c136eb15c4afb73dd92c016ef846433bb632c

SHA512
8044a7d5fe2b69761f2c8f73cd3aba68f719a70479df1e735df8365c54583c43e0c5f68229a431e87734f117f67583ce09d47a26154746af6e5d94466e86f659

Download Submit
C:\Windows\system\IBzIbrE.exe

Filesize
6.0MB

MD5
99aa9135dd69feb82a0a1ab39b7278d5

SHA1
fb4550c75cf99fd723dd01cc363ffbd7b69db86d

SHA256
7f3dfda85f9b515d1a57d0a8a1a4cba4418f86e2824e0400aab77bf6eda5482a

SHA512
e4d45b2543553fdae19e2bea8839d5f3b4bc90a5e45ed56c2df1a75974bc6937990543ebda2e066c9fa4f3a7453f2179ee93add200e4552d4bd66244f832f025

Download Submit
C:\Windows\system\NgmuVaW.exe

Filesize
6.0MB

MD5
c4bfb647be57d70b44e2f69e43da6233

SHA1
42d935dd5df6d75326dd0f05deaf9f38961431e0

SHA256
5831feaade4c50630f416ad55dbbaefcbbff7fd0a2afab58e6e3cfe3fb79ca21

SHA512
3016b31833274f7c39e188121ca3938045f83ea07adf371da660fe332a6d8000534d2811f2f2dbe42426df5166d4cf44014975f9d274ea3c5088763b5bd9c924

Download Submit
C:\Windows\system\NjsimfH.exe

Filesize
6.0MB

MD5
af69c637df8c5f9bcad52fc83b87fa0a

SHA1
c94dccf69773623fe79c2857cef8901313612be8

SHA256
19bfeee1cc546db23edffde431cc16c4ae52cb4082aed3316f58e100e08d485d

SHA512
5027c3861ce1baf43e357fa18163ec7b87e0d0727bd4c485c3b2f20469731ac778402fdc47eb89ae46c45997066a71efb85bdcb441f921268239569e202606b9

Download Submit
C:\Windows\system\ONJRIAx.exe

Filesize
6.0MB

MD5
72f052497864d781bce451213012d323

SHA1
a652d34d6725d235b333cd15e54c2fdab41da3c6

SHA256
43ba1504e4d63e14cc802eaf04fb2eada31a3d33ff94402b069fb04afb91b2c9

SHA512
a53ce46945b59964df4ceeac6d32b4c415745bc5f3bfe6cf00edd4a0cc1e69deba0926e8716d1e4047a80c485bb74a4e4bf8bff929d5a1c0de95068a1464e84c

Download Submit
C:\Windows\system\PHiOlgc.exe

Filesize
6.0MB

MD5
b884b46a58cff69336909babe1cf0502

SHA1
b5a22ecd25126de121fbf36ce3bd4c8e4f1924e9

SHA256
c03434afd5ada52c45358faa5738b0c9ea884ec98b4a6d7ad0b10fad20f5bb2d

SHA512
27981c54bcae4b744ba3ebedea6407bd42717f8c30f975447c7f653489a3bd63f6c157e149e5b0c3f5040b7467d2b33171ad0fd66d77b638699bce982975e372

Download Submit
C:\Windows\system\ViQQMCG.exe

Filesize
6.0MB

MD5
181e7d29746fa9b6a906ceaa07db1b86

SHA1
2a6d2f0700cb22344cc6384ed9d3c6920e8bc5a6

SHA256
9ba6646497c94a6d9deae3b588471222e56b6a9fe901c8f0b38c45b0c10c3f4d

SHA512
b53a8104b644ce76994fefa0621f95dbc0ac04ea964946e4ac19ae9e2a8c8ab89fe49a030fde38a9787ba61cb71d62fff6fb23802a59372eef2e1f07e7fe1f25

Download Submit
C:\Windows\system\VqhbKsE.exe

Filesize
6.0MB

MD5
9cb809d0f4e9515467e2a62d106bb957

SHA1
445a4c75d5c3c6b85f64d61bc520180d9e6953f3

SHA256
93ea69413f90449cd061dcdcb1d4a5eebe0d93bba57a99e60d4fb22b31ecf128

SHA512
ae7ecedc7db02035c5758aa83a9cf2ab47510d616303e444e24f4cb51aabbb799f03f12a64559984e6b320b9be515005cf48ebd3e0130ab2e32ca5f1269c6db3

Download Submit
C:\Windows\system\WVIpYnC.exe

Filesize
6.0MB

MD5
270de1bb221333483eb0718cc1cffc59

SHA1
08f4ec228f269e3430ec85e5f5264ed1dd35063b

SHA256
a6db506b9f833eccbff51239fea66ed2ede1c89b3df2e2ed991f1a188563e1b1

SHA512
d5b5378a57df6983ccdf48a66cc0a8a3cda234b2fb00ce7969b682e94da00337cb9510e667751c374234a0d2846733b5803c5ca3446ee2441d81b7229ebbd73f

Download Submit
C:\Windows\system\ZFlEOKx.exe

Filesize
6.0MB

MD5
6f14dce17d5db60e7deb709d01350e48

SHA1
cef8b50cdbf963f0b3d20470e472f807c9bcf5a0

SHA256
2fa87d5c1af39aa5c2eb92004cef6e4f8060df9a68ef26b1f651b4066304a51c

SHA512
bed6e6bce8fd4666c89c43f879860eeceb2dc5f0241ae74c58380dd0258987999d62e50c3fd0487b40988b5ed0fb2acdf9f748e39621249f1c35ee4b325c6869

Download Submit
C:\Windows\system\ZimYRDl.exe

Filesize
6.0MB

MD5
751a0cf029f3c9236478f6850b8134c4

SHA1
049c3aca2f2c2287ad2f1984fd945f605954d3d3

SHA256
2149c0edbd9c80d974a73689aa982b2ad277012c15e274d84909e98ce2a5dae0

SHA512
c9c10d94e3f278df67883e775a6e5ea5127bcbf269a259266efa14447cac0d8ffad0c4b203952cd2810ba98f740b856e3e040ed0e7a732d91f7c493f3c6becc0

Download Submit
C:\Windows\system\aGJTWcg.exe

Filesize
6.0MB

MD5
84d695ed56c00973708c2af5a0805f02

SHA1
91e93aa7b62e564303be9565c443b0d9af40ab45

SHA256
006ce1f1ef88e32e28904e90f79d418c1a1e3a7a2cbc1501864bd5d4adea75de

SHA512
50191ebad927362a565d83f6a54ce7b8a5ec9f4523e1334bc1f7b820bd17f47e77dd0819729222785bd9d1ca7b87f38a660bb9c6eb40d0d737b7b27d13640cbd

Download Submit
C:\Windows\system\fAHbVsJ.exe

Filesize
6.0MB

MD5
ff67b1751132b9b060efed57c14efe3d

SHA1
21b5740bc6df602da0a9d64572bb0b7a073cf9e5

SHA256
313d24babf660673a538a22b248a08e0267f3b67713913070693750c638f0ca5

SHA512
1eeb133f0f919ead65eb183f5c3616cfa537a8e05ef25457215a845837760993f390617e8afae802b0c9f801392acc323e9d0573eb440d7f640e08563f9a3690

Download Submit
C:\Windows\system\ibLWLBI.exe

Filesize
6.0MB

MD5
5984424083282d5b6a8d790c371a9c69

SHA1
8d8f3666f4ad5b4d0bbf5f68807030cf4129f039

SHA256
6e53eae1e67cd25115997b19a8f50cef6fd0e023b82a1ebb3fc5d6430d24f2a8

SHA512
e67b1e6e3c2d8e6838bc5b4a5fe905aba56aa8e7c77e915b6dcd5bab9e71055cc51bd88597b9ffade0cef885de9dc4491993900dcb5bb2163595ed10fcb65125

Download Submit
C:\Windows\system\isVWACL.exe

Filesize
6.0MB

MD5
792f520a754bb23a6e22b9153cb8e7e1

SHA1
8cf4ca63414401f0d4ca017c7c5f010e12ac8675

SHA256
89c3007aa2962464caebaf7775fac69819ee23dc15b764c7054fe1a41e285eb1

SHA512
948351f25b50b884e0f6d1383a493a5aacb354826ff84144b53dfc5959a9b82a4836d76dcc317f2fac10b6c8c4bc9d5205dc5bd4c8f6a72269c479da250b13d8

Download Submit
C:\Windows\system\lRNZFxG.exe

Filesize
6.0MB

MD5
b22d602d59ab933df49441e16f9b5b74

SHA1
6699d89f98b2890a6287fa5afb6d99e3651376fa

SHA256
81d5db849bbf22df9942cecfe8f69e8fcf819047abf2477f30586c61d73778ed

SHA512
a3b9ff91555fbb19a16d473f8a85666f874031eb59fcfac97e99ab3b26d699575277f9f3a4d5288c48732726417d285d742612044f2dd9897f29f4bc1631a38a

Download Submit
C:\Windows\system\nbOrtPc.exe

Filesize
6.0MB

MD5
94fc8936043de6e816b88816fbd3455c

SHA1
8fc0186de5fde7ed4650beb8c51d70994aff2927

SHA256
a8a4192df51d0b37e937e167d833d87f8a55822f0985c9a04badf308f5219a7e

SHA512
77266a93f2d843cfd7c88986393b1fd10d77959c43ca1dcfad4d5f9a9564b25cf90574482aa849515eead317eb7abd74e1aa96ffa7af7de5c30a77f71387146a

Download Submit
C:\Windows\system\pbiIIfs.exe

Filesize
6.0MB

MD5
8488c68f4b4216c4853ce5579d3fe1ff

SHA1
edad602712fdf3027bf7ec92149f9242134f8847

SHA256
59eab1e7545248bbe586fc06d4af5ae5c86a79ba55dc4abb3fa50405e09dc2ab

SHA512
af5dd3875b73ee71608249d938c016340eef900e3843c0ee440dab4db584e6404947ee3d3661a25ec341bc1c7c8a29e99ce2022a91181346f7a4bc2c078404e5

Download Submit
C:\Windows\system\qqWTLdv.exe

Filesize
6.0MB

MD5
fa22bacf4edc112a90d713259b944b62

SHA1
a7849f14f85309c633aa52fb4762e98abf5f5af7

SHA256
d2e0f3188356c9b320f0cd0657447a74c13ace599bc04267102fdfc85dbc4bdc

SHA512
64febff63570087dfa3e769d215a01bb5981f2cf1cbf543890fea3da2d5b332733aa0be854a3fd996ae748127f7ae3ee1053fb8fd9bd79d878dcbcf623cf2719

Download Submit
C:\Windows\system\rKXFiRK.exe

Filesize
6.0MB

MD5
0e7bb9986a811eda162bc1dcfa3068e4

SHA1
f4572d6665a88de23505a00f6044baae1ea1ab6f

SHA256
39ad1c4909be44026f5514a0135f8c31c7a9efbb05b705728f5ed746c8a7fd6f

SHA512
3ee07602c3ca973be15278d70f0369590c17e31c28ca76f1ab961176b143040ce0a7e432e786228ab22fcac0ae8cbabcc80709690f12626cc09def1a53d84bd2

Download Submit
C:\Windows\system\rTveOUJ.exe

Filesize
6.0MB

MD5
c9ca93fb945db99614b55663c11547d5

SHA1
2c30486ceee7c5a4e5d68e2894fce88f262f1c5b

SHA256
42005a78db172d58e8f5585bd2b7538271b50134d00a40fa6f533143cd531f76

SHA512
55c52deaba092ee2a673c01b4286951823743a9be6f4ed90303ec203fd976980280bc959da8d7140401b31c45e47ee0c62795850ba8ca7c08e05f0137aece390

Download Submit
C:\Windows\system\rmlEsZG.exe

Filesize
6.0MB

MD5
a4a3427bbbf3a30c61554d664b4c6553

SHA1
93f3414cc460bd417008abb96271835cc87e3a13

SHA256
ccd45fcd5453c2162e989dfad3c9934a8a2b61448cda1d570aab2283554ba060

SHA512
5ab39111a6df8b22b2b3fb70c75249636d8a573a31effcf9eca2392d995c89ca174ae7146b6dc15d14b1721c609db5a65871b185fe5ba3e79d5c6c928262f134

Download Submit
C:\Windows\system\rqEbZJz.exe

Filesize
6.0MB

MD5
b45b118fe3d398eb64d02d8467d58a59

SHA1
40f431df8114f86a8edd52ffcd1f8a4000855a26

SHA256
ad177325a5d0adf9056ad56119c76c0212565e237fe9026ba8b632e6e82f81e5

SHA512
a832cbd94920454cf75c560d9517513b4760531eca10ee7032a183fe492dcb882ae96c2a725a694ac01abd5636f6701270ea3251f57340e6858968db4620901d

Download Submit
C:\Windows\system\sXBtVVt.exe

Filesize
6.0MB

MD5
80f6ecb8a5a36f9f690a92562164c52a

SHA1
ad2239b910dc7b3582e1aff10a210bd88e8670eb

SHA256
cd34faad8b6c46b76a7c03098a4ddf42236cf5e50ff350f7ad0d6d03e3813fea

SHA512
8aa9f321ac654b3c526d991e8aaf45bda49f76be4fa3383ecc27c0fbf9b514dbb20ee43c0955f865a9a6b21fb4f3419ab8258cebd30fdb1d17a1745e047841a8

Download Submit
C:\Windows\system\szTmeCo.exe

Filesize
6.0MB

MD5
c8cc31470fcdc456e47895f862bec562

SHA1
13b10ae2e1f77ada29a8c783e568297a78aa3bfa

SHA256
2a55dd6b83ed550ef6b6bf24ee182cec06ea865594de3c5d246c503a0161d585

SHA512
83208f91fa75722aaac5dae8e558c5d98e52c849926f4d2f90800d0bba565c9db734de4794d85d17c65307c866b5bc83432216dac2bb3cb3d8678bbf03560f0b

Download Submit
C:\Windows\system\voZgDOo.exe

Filesize
6.0MB

MD5
2bbbe2dd5ba027d9b73b84181c25e095

SHA1
489ac96ca779d90ab84f1a5e2798e4bc96073c6d

SHA256
f3cb739bad35d7bad45f7921b8fb148df237cb608ef0fb0e69d996ad57e6a739

SHA512
da099984f29b417d576b1ea082c26b61c0af8e20ebb8857ccc48b799ec4c145fa64cdd6b2181274fc69a2d665713f9b60e06051a4476aadc797fda753d484bda

Download Submit
C:\Windows\system\vpBcJrd.exe

Filesize
6.0MB

MD5
1113919c18ec1c6a3c80be277e0f126c

SHA1
64711bb62e66f0b9e8c7b6675e54b84eee3bcbe6

SHA256
6cc53d0332fde4fa29fc0436692bb23e207e6512e8870502626c19d0c780cdb1

SHA512
2303c7fa840a428c76386eaafe0b2714e519d89d306594bf7cf13c7ed407983d105a678931e7ae956031fc74ff8c3d3cd78f1601327994b322d2a31dfb111ba6

Download Submit
C:\Windows\system\yumBTuy.exe

Filesize
6.0MB

MD5
17c863e09def087a2b154bfb86b38356

SHA1
3e9172470762d13ae257083e74253f0a5e259c18

SHA256
70ae30f7bc8c4f843fba202a63697b6b8c57721fa1fed8374153cc4379886637

SHA512
39330f6d9eb326b619812d11a4f716253f4350a828e579f3c836ff06533572d26242f99558cac74b5414969428814636fa3b54829c0f78bdbd1de6a011c51e4b

Download Submit
\Windows\system\NFpFkzp.exe

Filesize
6.0MB

MD5
866bd41931c7c842f7b698c8b79c3527

SHA1
bcc1cb0157baf5b0fdd8dc293753905cc5896753

SHA256
bd7dabb45ee0b912326dedf1824cabbcb58f7db9d41524361b3bd5d1dda530b1

SHA512
6831f719034c663f9bf56ecc90addcbf840fcbce34f5032e232563b0684c27be380fb26039c613a29903f7ef3bb52d37165a8c13ff35ed10bce487611aeb3c04

Download Submit
\Windows\system\fQkUXni.exe

Filesize
6.0MB

MD5
12ac8e8a36570c353d103977b9131c63

SHA1
7bd262f3dbe1eebc40e595915ab80ea3e7149b74

SHA256
55bf1650bde1963be6092d0632f530b493b9e4b325cc62a6d2fb79001a75dd7e

SHA512
fed0a9413fd99a2e3768c936e8b4c79babd476376ba633edd0ca81f033df789e8185cefe605bbc7dc47070c3192fbe36dcfae0e0f7e42050be4e61581c958843

Download Submit
memory/432-382-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/432-1803-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/432-91-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/640-1663-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/640-25-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/984-101-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/984-1807-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/1480-1654-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1480-19-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1660-70-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1660-1776-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1660-222-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2080-85-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1787-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2360-1808-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-102-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-42-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2588-1718-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2588-89-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2612-59-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2612-1737-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2732-165-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2732-1761-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2732-64-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2756-30-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1675-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2776-36-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2776-1705-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2776-71-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1721-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2800-51-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2936-100-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-57-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-69-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-41-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-87-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-108-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-79-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2936-109-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-35-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-369-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-58-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-90-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-0-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-221-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-414-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-17-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2936-50-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2936-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2936-27-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2936-26-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2936-516-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-24-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2964-1673-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2964-20-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download