cobaltstrike | 76876de581c05dc7c3e0770616280146dc9d70c0dd8c4ef10c6094401e8dd7aa

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8338dd832668edf3da3ecac62e5a0b07
SHA1

31fde02a23c52026ce2335b7ac9402b03f25a94e
SHA256

76876de581c05dc7c3e0770616280146dc9d70c0dd8c4ef10c6094401e8dd7aa
SHA512

0c58fb4dcc40eca05fb300785cc12e36f1cc17b9c0c7d26c6b93aea2205b333b24c19a008433e954d938e2d8f41486f1f40eac29774d7771e3f5cbb18ae20841
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUU:T+q56utgpPF8u/7U

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001226d-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d9a-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dbe-16.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd1-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ea4-27.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-53.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-64.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019256-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001928c-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019442-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944d-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019423-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a5-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019397-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019356-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936b-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019353-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-72.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-60.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173da-49.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-47.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173f1-45.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001706d-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016eca-31.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 45 IoCs

miner

resource	yara_rule
behavioral1/memory/2224-0-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x000c00000001226d-6.dat	xmrig
behavioral1/files/0x0008000000016d9a-11.dat	xmrig
behavioral1/files/0x0008000000016dbe-16.dat	xmrig
behavioral1/files/0x0008000000016dd1-18.dat	xmrig
behavioral1/files/0x0007000000016ea4-27.dat	xmrig
behavioral1/files/0x00050000000191d4-53.dat	xmrig
behavioral1/files/0x000500000001922c-64.dat	xmrig
behavioral1/files/0x0005000000019256-75.dat	xmrig
behavioral1/files/0x0005000000019263-86.dat	xmrig
behavioral1/files/0x000500000001928c-100.dat	xmrig
behavioral1/files/0x0005000000019426-141.dat	xmrig
behavioral1/files/0x0005000000019458-161.dat	xmrig
behavioral1/files/0x0005000000019442-151.dat	xmrig
behavioral1/files/0x000500000001944d-155.dat	xmrig
behavioral1/files/0x0005000000019438-145.dat	xmrig
behavioral1/files/0x0005000000019423-135.dat	xmrig
behavioral1/files/0x00050000000193a5-131.dat	xmrig
behavioral1/files/0x000500000001937b-121.dat	xmrig
behavioral1/files/0x0005000000019397-125.dat	xmrig
behavioral1/files/0x0005000000019356-112.dat	xmrig
behavioral1/files/0x000500000001936b-115.dat	xmrig
behavioral1/files/0x0005000000019266-99.dat	xmrig
behavioral1/files/0x0005000000019353-104.dat	xmrig
behavioral1/files/0x0005000000019284-94.dat	xmrig
behavioral1/files/0x0005000000019259-82.dat	xmrig
behavioral1/files/0x0005000000019244-72.dat	xmrig
behavioral1/files/0x00050000000191ff-60.dat	xmrig
behavioral1/files/0x00080000000173da-49.dat	xmrig
behavioral1/files/0x00060000000190e0-47.dat	xmrig
behavioral1/files/0x00080000000173f1-45.dat	xmrig
behavioral1/files/0x000700000001706d-36.dat	xmrig
behavioral1/files/0x0007000000016eca-31.dat	xmrig
behavioral1/memory/2912-1698-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2224-1912-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2672-1905-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2224-1987-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2572-1986-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2588-2107-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2224-2602-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2672-3590-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2572-3616-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2588-3620-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2912-3647-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2224-3691-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2760	tJROAPq.exe
2912	EkpobwN.exe
2672	FuBRkVa.exe
2172	wfsgImZ.exe
2572	wtpcwto.exe
2588	KbAeZfs.exe
2540	GkoOfLW.exe
2976	IiIBHhK.exe
2620	kViHdKY.exe
1952	BVnOQVX.exe
2212	zGPfJPD.exe
2644	UqWAlxa.exe
2264	SKbeowE.exe
2408	urSqzgl.exe
2060	NZhGGLx.exe
1536	pegOxlg.exe
2088	OhWhHTd.exe
584	KZOdwpo.exe
356	gDRbHfW.exe
1720	wlrGGEv.exe
2012	VyGsLkV.exe
2732	wlxINnO.exe
1332	chzHnsP.exe
1652	kKoPXFw.exe
1960	suoBCKW.exe
2916	aeYKCAM.exe
1028	crheygf.exe
852	PQrddOl.exe
552	dUXfosV.exe
2208	WBqoxPx.exe
2204	BHVIJlB.exe
408	gXLGPPd.exe
2120	jcEPqBz.exe
1304	xJcDARw.exe
2160	ENcNveF.exe
1836	hEcDuRO.exe
964	lJjqJfK.exe
2500	dJaQOCG.exe
1708	fmLdhkI.exe
2800	qosDTel.exe
3040	HpICkUA.exe
1684	VzaSkyN.exe
1540	gCgVfep.exe
1752	eMAhJEt.exe
1772	USAQGVp.exe
1784	GZQftje.exe
2444	QLjrxQZ.exe
1876	EplowYN.exe
2512	VnXZena.exe
2936	EGjTPbQ.exe
2884	nXuLtUW.exe
2440	SDtcAFp.exe
2336	BDyuUeC.exe
1968	PyVweJg.exe
352	QnSBAkV.exe
2304	bMmjXrP.exe
2260	cmaPMuI.exe
1608	agvbvIs.exe
1584	QibXvSc.exe
1596	awjrWGl.exe
2812	vyNRbud.exe
2840	mepvxsq.exe
2680	yuQICGf.exe
2712	dwJvQzC.exe

Loads dropped DLL 64 IoCs

pid	Process
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 42 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2224-0-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x000c00000001226d-6.dat	upx
behavioral1/files/0x0008000000016d9a-11.dat	upx
behavioral1/files/0x0008000000016dbe-16.dat	upx
behavioral1/files/0x0008000000016dd1-18.dat	upx
behavioral1/files/0x0007000000016ea4-27.dat	upx
behavioral1/files/0x00050000000191d4-53.dat	upx
behavioral1/files/0x000500000001922c-64.dat	upx
behavioral1/files/0x0005000000019256-75.dat	upx
behavioral1/files/0x0005000000019263-86.dat	upx
behavioral1/files/0x000500000001928c-100.dat	upx
behavioral1/files/0x0005000000019426-141.dat	upx
behavioral1/files/0x0005000000019458-161.dat	upx
behavioral1/files/0x0005000000019442-151.dat	upx
behavioral1/files/0x000500000001944d-155.dat	upx
behavioral1/files/0x0005000000019438-145.dat	upx
behavioral1/files/0x0005000000019423-135.dat	upx
behavioral1/files/0x00050000000193a5-131.dat	upx
behavioral1/files/0x000500000001937b-121.dat	upx
behavioral1/files/0x0005000000019397-125.dat	upx
behavioral1/files/0x0005000000019356-112.dat	upx
behavioral1/files/0x000500000001936b-115.dat	upx
behavioral1/files/0x0005000000019266-99.dat	upx
behavioral1/files/0x0005000000019353-104.dat	upx
behavioral1/files/0x0005000000019284-94.dat	upx
behavioral1/files/0x0005000000019259-82.dat	upx
behavioral1/files/0x0005000000019244-72.dat	upx
behavioral1/files/0x00050000000191ff-60.dat	upx
behavioral1/files/0x00080000000173da-49.dat	upx
behavioral1/files/0x00060000000190e0-47.dat	upx
behavioral1/files/0x00080000000173f1-45.dat	upx
behavioral1/files/0x000700000001706d-36.dat	upx
behavioral1/files/0x0007000000016eca-31.dat	upx
behavioral1/memory/2912-1698-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2672-1905-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2572-1986-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2588-2107-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2672-3590-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2572-3616-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2588-3620-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2912-3647-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2224-3691-0x000000013FF00000-0x0000000140254000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TguLVBf.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lxRWjWr.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oitThhJ.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\utBObBd.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AatNWGN.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DQZkqaF.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZyOFEgf.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qlTMKVx.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mlLzRfc.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\StOQzJT.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GUtpkwZ.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAIlBDP.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zvABiVv.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZlzfUns.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kRojnFX.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hmiKtoX.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\upblaYG.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uymTLGH.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PuCKiTD.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iSUMiaT.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uuwATAz.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nTEesAQ.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YmqtkxW.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EtpOFxz.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UQtQVTK.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DXJcLZU.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EHWRbql.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kViHdKY.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XzoObGV.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lFRYMGv.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zopNhlR.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gQtgrEz.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZybAHpL.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MMlHpam.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VSbZaKz.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\chzHnsP.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kFIvkMP.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OKuzfoH.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xgGOWQP.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\USAQGVp.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Zwzpkxz.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IeBUEVo.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nPORzPG.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wkxeZpI.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hzeRPMe.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iEyMWmy.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JSHULyF.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QoRtIez.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYlYzSw.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DOBGmpS.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MvuvAqu.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lLbVsKQ.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\orQHbeJ.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\geqnHcw.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FjZndtL.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GZQftje.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tSOuCDU.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMGVmga.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hIXhzom.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xUPzAFH.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TJmTFDD.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vdcGTwu.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNvKgsO.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hMhXXmq.exe	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2760	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2224 wrote to memory of 2760	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2224 wrote to memory of 2760	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2224 wrote to memory of 2912	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2224 wrote to memory of 2912	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2224 wrote to memory of 2912	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2224 wrote to memory of 2672	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2224 wrote to memory of 2672	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2224 wrote to memory of 2672	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2224 wrote to memory of 2172	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2224 wrote to memory of 2172	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2224 wrote to memory of 2172	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2224 wrote to memory of 2572	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2224 wrote to memory of 2572	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2224 wrote to memory of 2572	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2224 wrote to memory of 2588	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2224 wrote to memory of 2588	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2224 wrote to memory of 2588	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2224 wrote to memory of 2540	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2224 wrote to memory of 2540	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2224 wrote to memory of 2540	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2224 wrote to memory of 2620	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2224 wrote to memory of 2620	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2224 wrote to memory of 2620	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2224 wrote to memory of 2976	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2224 wrote to memory of 2976	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2224 wrote to memory of 2976	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2224 wrote to memory of 2212	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2224 wrote to memory of 2212	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2224 wrote to memory of 2212	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2224 wrote to memory of 1952	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2224 wrote to memory of 1952	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2224 wrote to memory of 1952	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2224 wrote to memory of 2644	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2224 wrote to memory of 2644	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2224 wrote to memory of 2644	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2224 wrote to memory of 2264	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2224 wrote to memory of 2264	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2224 wrote to memory of 2264	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2224 wrote to memory of 2408	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2224 wrote to memory of 2408	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2224 wrote to memory of 2408	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2224 wrote to memory of 2060	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2224 wrote to memory of 2060	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2224 wrote to memory of 2060	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2224 wrote to memory of 1536	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2224 wrote to memory of 1536	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2224 wrote to memory of 1536	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2224 wrote to memory of 2088	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2224 wrote to memory of 2088	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2224 wrote to memory of 2088	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2224 wrote to memory of 356	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2224 wrote to memory of 356	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2224 wrote to memory of 356	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2224 wrote to memory of 584	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2224 wrote to memory of 584	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2224 wrote to memory of 584	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2224 wrote to memory of 1720	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2224 wrote to memory of 1720	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2224 wrote to memory of 1720	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2224 wrote to memory of 2012	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2224 wrote to memory of 2012	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2224 wrote to memory of 2012	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2224 wrote to memory of 2732	2224	2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_8338dd832668edf3da3ecac62e5a0b07_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\System\tJROAPq.exe
  C:\Windows\System\tJROAPq.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\EkpobwN.exe
  C:\Windows\System\EkpobwN.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\FuBRkVa.exe
  C:\Windows\System\FuBRkVa.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\wfsgImZ.exe
  C:\Windows\System\wfsgImZ.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\wtpcwto.exe
  C:\Windows\System\wtpcwto.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\KbAeZfs.exe
  C:\Windows\System\KbAeZfs.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\GkoOfLW.exe
  C:\Windows\System\GkoOfLW.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\kViHdKY.exe
  C:\Windows\System\kViHdKY.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\IiIBHhK.exe
  C:\Windows\System\IiIBHhK.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\zGPfJPD.exe
  C:\Windows\System\zGPfJPD.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\BVnOQVX.exe
  C:\Windows\System\BVnOQVX.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\UqWAlxa.exe
  C:\Windows\System\UqWAlxa.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\SKbeowE.exe
  C:\Windows\System\SKbeowE.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\urSqzgl.exe
  C:\Windows\System\urSqzgl.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\NZhGGLx.exe
  C:\Windows\System\NZhGGLx.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\pegOxlg.exe
  C:\Windows\System\pegOxlg.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\OhWhHTd.exe
  C:\Windows\System\OhWhHTd.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\gDRbHfW.exe
  C:\Windows\System\gDRbHfW.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\KZOdwpo.exe
  C:\Windows\System\KZOdwpo.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\wlrGGEv.exe
  C:\Windows\System\wlrGGEv.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\VyGsLkV.exe
  C:\Windows\System\VyGsLkV.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\wlxINnO.exe
  C:\Windows\System\wlxINnO.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\chzHnsP.exe
  C:\Windows\System\chzHnsP.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\kKoPXFw.exe
  C:\Windows\System\kKoPXFw.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\suoBCKW.exe
  C:\Windows\System\suoBCKW.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\aeYKCAM.exe
  C:\Windows\System\aeYKCAM.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\crheygf.exe
  C:\Windows\System\crheygf.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\PQrddOl.exe
  C:\Windows\System\PQrddOl.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\dUXfosV.exe
  C:\Windows\System\dUXfosV.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\WBqoxPx.exe
  C:\Windows\System\WBqoxPx.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\BHVIJlB.exe
  C:\Windows\System\BHVIJlB.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\gXLGPPd.exe
  C:\Windows\System\gXLGPPd.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\jcEPqBz.exe
  C:\Windows\System\jcEPqBz.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\ENcNveF.exe
  C:\Windows\System\ENcNveF.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\xJcDARw.exe
  C:\Windows\System\xJcDARw.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\lJjqJfK.exe
  C:\Windows\System\lJjqJfK.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\hEcDuRO.exe
  C:\Windows\System\hEcDuRO.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\dJaQOCG.exe
  C:\Windows\System\dJaQOCG.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\fmLdhkI.exe
  C:\Windows\System\fmLdhkI.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\qosDTel.exe
  C:\Windows\System\qosDTel.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\HpICkUA.exe
  C:\Windows\System\HpICkUA.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\VzaSkyN.exe
  C:\Windows\System\VzaSkyN.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\gCgVfep.exe
  C:\Windows\System\gCgVfep.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\eMAhJEt.exe
  C:\Windows\System\eMAhJEt.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\USAQGVp.exe
  C:\Windows\System\USAQGVp.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\QLjrxQZ.exe
  C:\Windows\System\QLjrxQZ.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\GZQftje.exe
  C:\Windows\System\GZQftje.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\EplowYN.exe
  C:\Windows\System\EplowYN.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\VnXZena.exe
  C:\Windows\System\VnXZena.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\EGjTPbQ.exe
  C:\Windows\System\EGjTPbQ.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\nXuLtUW.exe
  C:\Windows\System\nXuLtUW.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\SDtcAFp.exe
  C:\Windows\System\SDtcAFp.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\BDyuUeC.exe
  C:\Windows\System\BDyuUeC.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\PyVweJg.exe
  C:\Windows\System\PyVweJg.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\QnSBAkV.exe
  C:\Windows\System\QnSBAkV.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\bMmjXrP.exe
  C:\Windows\System\bMmjXrP.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\cmaPMuI.exe
  C:\Windows\System\cmaPMuI.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\agvbvIs.exe
  C:\Windows\System\agvbvIs.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\QibXvSc.exe
  C:\Windows\System\QibXvSc.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\awjrWGl.exe
  C:\Windows\System\awjrWGl.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\vyNRbud.exe
  C:\Windows\System\vyNRbud.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\yuQICGf.exe
  C:\Windows\System\yuQICGf.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\mepvxsq.exe
  C:\Windows\System\mepvxsq.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\dwJvQzC.exe
  C:\Windows\System\dwJvQzC.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\GvEmGqJ.exe
  C:\Windows\System\GvEmGqJ.exe
  2⤵
  PID:3060
- C:\Windows\System\NbfCxJH.exe
  C:\Windows\System\NbfCxJH.exe
  2⤵
  PID:1528
- C:\Windows\System\GTFIulk.exe
  C:\Windows\System\GTFIulk.exe
  2⤵
  PID:2216
- C:\Windows\System\vbaGwXZ.exe
  C:\Windows\System\vbaGwXZ.exe
  2⤵
  PID:1044
- C:\Windows\System\ksjAqeg.exe
  C:\Windows\System\ksjAqeg.exe
  2⤵
  PID:2252
- C:\Windows\System\xGdfdzN.exe
  C:\Windows\System\xGdfdzN.exe
  2⤵
  PID:2316
- C:\Windows\System\NzGVXWH.exe
  C:\Windows\System\NzGVXWH.exe
  2⤵
  PID:2532
- C:\Windows\System\ZgZKmVx.exe
  C:\Windows\System\ZgZKmVx.exe
  2⤵
  PID:868
- C:\Windows\System\pUGKdLj.exe
  C:\Windows\System\pUGKdLj.exe
  2⤵
  PID:1328
- C:\Windows\System\DMPijvd.exe
  C:\Windows\System\DMPijvd.exe
  2⤵
  PID:2868
- C:\Windows\System\QNCvrzr.exe
  C:\Windows\System\QNCvrzr.exe
  2⤵
  PID:2924
- C:\Windows\System\AthzesR.exe
  C:\Windows\System\AthzesR.exe
  2⤵
  PID:1068
- C:\Windows\System\IXXvzaY.exe
  C:\Windows\System\IXXvzaY.exe
  2⤵
  PID:2524
- C:\Windows\System\gVZrWLf.exe
  C:\Windows\System\gVZrWLf.exe
  2⤵
  PID:2144
- C:\Windows\System\OiFRwvy.exe
  C:\Windows\System\OiFRwvy.exe
  2⤵
  PID:3048
- C:\Windows\System\GXcMHYc.exe
  C:\Windows\System\GXcMHYc.exe
  2⤵
  PID:2140
- C:\Windows\System\qfukARS.exe
  C:\Windows\System\qfukARS.exe
  2⤵
  PID:2516
- C:\Windows\System\QxRVYqD.exe
  C:\Windows\System\QxRVYqD.exe
  2⤵
  PID:1992
- C:\Windows\System\cieXjdb.exe
  C:\Windows\System\cieXjdb.exe
  2⤵
  PID:2168
- C:\Windows\System\TAJNWmq.exe
  C:\Windows\System\TAJNWmq.exe
  2⤵
  PID:1988
- C:\Windows\System\QoRtIez.exe
  C:\Windows\System\QoRtIez.exe
  2⤵
  PID:2424
- C:\Windows\System\egbovfh.exe
  C:\Windows\System\egbovfh.exe
  2⤵
  PID:2000
- C:\Windows\System\GufPnjc.exe
  C:\Windows\System\GufPnjc.exe
  2⤵
  PID:1456
- C:\Windows\System\QFNbMNf.exe
  C:\Windows\System\QFNbMNf.exe
  2⤵
  PID:696
- C:\Windows\System\sVpvksG.exe
  C:\Windows\System\sVpvksG.exe
  2⤵
  PID:3044
- C:\Windows\System\jcHgJzS.exe
  C:\Windows\System\jcHgJzS.exe
  2⤵
  PID:2628
- C:\Windows\System\zvABiVv.exe
  C:\Windows\System\zvABiVv.exe
  2⤵
  PID:1924
- C:\Windows\System\iSUMiaT.exe
  C:\Windows\System\iSUMiaT.exe
  2⤵
  PID:2456
- C:\Windows\System\xIlJnMI.exe
  C:\Windows\System\xIlJnMI.exe
  2⤵
  PID:3016
- C:\Windows\System\TBEdoGy.exe
  C:\Windows\System\TBEdoGy.exe
  2⤵
  PID:1948
- C:\Windows\System\NFWBztR.exe
  C:\Windows\System\NFWBztR.exe
  2⤵
  PID:900
- C:\Windows\System\vuoxTLP.exe
  C:\Windows\System\vuoxTLP.exe
  2⤵
  PID:2704
- C:\Windows\System\XZkzcMw.exe
  C:\Windows\System\XZkzcMw.exe
  2⤵
  PID:2796
- C:\Windows\System\Uskzmla.exe
  C:\Windows\System\Uskzmla.exe
  2⤵
  PID:1916
- C:\Windows\System\CKfvCju.exe
  C:\Windows\System\CKfvCju.exe
  2⤵
  PID:2764
- C:\Windows\System\yNOowFg.exe
  C:\Windows\System\yNOowFg.exe
  2⤵
  PID:2372
- C:\Windows\System\oJWOAOL.exe
  C:\Windows\System\oJWOAOL.exe
  2⤵
  PID:2780
- C:\Windows\System\uvgIuyK.exe
  C:\Windows\System\uvgIuyK.exe
  2⤵
  PID:2156
- C:\Windows\System\DiRnfeH.exe
  C:\Windows\System\DiRnfeH.exe
  2⤵
  PID:1404
- C:\Windows\System\MsuLBmB.exe
  C:\Windows\System\MsuLBmB.exe
  2⤵
  PID:2872
- C:\Windows\System\xQOZcJZ.exe
  C:\Windows\System\xQOZcJZ.exe
  2⤵
  PID:1736
- C:\Windows\System\cUCMqlg.exe
  C:\Windows\System\cUCMqlg.exe
  2⤵
  PID:3064
- C:\Windows\System\ZwwBdQG.exe
  C:\Windows\System\ZwwBdQG.exe
  2⤵
  PID:1944
- C:\Windows\System\nhKmUmp.exe
  C:\Windows\System\nhKmUmp.exe
  2⤵
  PID:1112
- C:\Windows\System\lTaajZl.exe
  C:\Windows\System\lTaajZl.exe
  2⤵
  PID:1264
- C:\Windows\System\zryyqls.exe
  C:\Windows\System\zryyqls.exe
  2⤵
  PID:916
- C:\Windows\System\OxUSkYa.exe
  C:\Windows\System\OxUSkYa.exe
  2⤵
  PID:896
- C:\Windows\System\fAhygeG.exe
  C:\Windows\System\fAhygeG.exe
  2⤵
  PID:3068
- C:\Windows\System\PFdkvuN.exe
  C:\Windows\System\PFdkvuN.exe
  2⤵
  PID:1912
- C:\Windows\System\TcSLFMk.exe
  C:\Windows\System\TcSLFMk.exe
  2⤵
  PID:1972
- C:\Windows\System\hGNidVx.exe
  C:\Windows\System\hGNidVx.exe
  2⤵
  PID:776
- C:\Windows\System\TaMbczP.exe
  C:\Windows\System\TaMbczP.exe
  2⤵
  PID:2344
- C:\Windows\System\BvdNHfJ.exe
  C:\Windows\System\BvdNHfJ.exe
  2⤵
  PID:1704
- C:\Windows\System\LJpnlVK.exe
  C:\Windows\System\LJpnlVK.exe
  2⤵
  PID:2992
- C:\Windows\System\rKyvmmW.exe
  C:\Windows\System\rKyvmmW.exe
  2⤵
  PID:1236
- C:\Windows\System\vYKwVVK.exe
  C:\Windows\System\vYKwVVK.exe
  2⤵
  PID:2428
- C:\Windows\System\BLjzIbd.exe
  C:\Windows\System\BLjzIbd.exe
  2⤵
  PID:2848
- C:\Windows\System\URLQtyb.exe
  C:\Windows\System\URLQtyb.exe
  2⤵
  PID:2348
- C:\Windows\System\ZYKxJGB.exe
  C:\Windows\System\ZYKxJGB.exe
  2⤵
  PID:596
- C:\Windows\System\eXgEJQb.exe
  C:\Windows\System\eXgEJQb.exe
  2⤵
  PID:2364
- C:\Windows\System\rzdgHwv.exe
  C:\Windows\System\rzdgHwv.exe
  2⤵
  PID:3084
- C:\Windows\System\cfZTLHF.exe
  C:\Windows\System\cfZTLHF.exe
  2⤵
  PID:3108
- C:\Windows\System\VYvJCMl.exe
  C:\Windows\System\VYvJCMl.exe
  2⤵
  PID:3128
- C:\Windows\System\KZDCnzZ.exe
  C:\Windows\System\KZDCnzZ.exe
  2⤵
  PID:3148
- C:\Windows\System\dnKuXFN.exe
  C:\Windows\System\dnKuXFN.exe
  2⤵
  PID:3168
- C:\Windows\System\RTqdJeQ.exe
  C:\Windows\System\RTqdJeQ.exe
  2⤵
  PID:3188
- C:\Windows\System\HgqOloh.exe
  C:\Windows\System\HgqOloh.exe
  2⤵
  PID:3204
- C:\Windows\System\rSDZrBZ.exe
  C:\Windows\System\rSDZrBZ.exe
  2⤵
  PID:3224
- C:\Windows\System\skdGbGm.exe
  C:\Windows\System\skdGbGm.exe
  2⤵
  PID:3240
- C:\Windows\System\pUhAsUP.exe
  C:\Windows\System\pUhAsUP.exe
  2⤵
  PID:3272
- C:\Windows\System\SVXtUmi.exe
  C:\Windows\System\SVXtUmi.exe
  2⤵
  PID:3288
- C:\Windows\System\aZdnVLw.exe
  C:\Windows\System\aZdnVLw.exe
  2⤵
  PID:3308
- C:\Windows\System\nEvAzmA.exe
  C:\Windows\System\nEvAzmA.exe
  2⤵
  PID:3324
- C:\Windows\System\fLswUtG.exe
  C:\Windows\System\fLswUtG.exe
  2⤵
  PID:3344
- C:\Windows\System\KNvKgsO.exe
  C:\Windows\System\KNvKgsO.exe
  2⤵
  PID:3364
- C:\Windows\System\CAHRPxw.exe
  C:\Windows\System\CAHRPxw.exe
  2⤵
  PID:3388
- C:\Windows\System\RVXeUAj.exe
  C:\Windows\System\RVXeUAj.exe
  2⤵
  PID:3412
- C:\Windows\System\IerAhPC.exe
  C:\Windows\System\IerAhPC.exe
  2⤵
  PID:3432
- C:\Windows\System\dCnXjQJ.exe
  C:\Windows\System\dCnXjQJ.exe
  2⤵
  PID:3452
- C:\Windows\System\rEBVOCb.exe
  C:\Windows\System\rEBVOCb.exe
  2⤵
  PID:3468
- C:\Windows\System\DcCzlDM.exe
  C:\Windows\System\DcCzlDM.exe
  2⤵
  PID:3488
- C:\Windows\System\zIaObEa.exe
  C:\Windows\System\zIaObEa.exe
  2⤵
  PID:3512
- C:\Windows\System\qmMorkF.exe
  C:\Windows\System\qmMorkF.exe
  2⤵
  PID:3532
- C:\Windows\System\TVZpmRr.exe
  C:\Windows\System\TVZpmRr.exe
  2⤵
  PID:3552
- C:\Windows\System\WeEPOTP.exe
  C:\Windows\System\WeEPOTP.exe
  2⤵
  PID:3572
- C:\Windows\System\kPNXavR.exe
  C:\Windows\System\kPNXavR.exe
  2⤵
  PID:3588
- C:\Windows\System\yOaeTQy.exe
  C:\Windows\System\yOaeTQy.exe
  2⤵
  PID:3608
- C:\Windows\System\UprpjRZ.exe
  C:\Windows\System\UprpjRZ.exe
  2⤵
  PID:3632
- C:\Windows\System\GMIkqvX.exe
  C:\Windows\System\GMIkqvX.exe
  2⤵
  PID:3648
- C:\Windows\System\TjjgytO.exe
  C:\Windows\System\TjjgytO.exe
  2⤵
  PID:3672
- C:\Windows\System\WQDjIBy.exe
  C:\Windows\System\WQDjIBy.exe
  2⤵
  PID:3688
- C:\Windows\System\DSBXXjO.exe
  C:\Windows\System\DSBXXjO.exe
  2⤵
  PID:3704
- C:\Windows\System\JZcCjDS.exe
  C:\Windows\System\JZcCjDS.exe
  2⤵
  PID:3724
- C:\Windows\System\CElOmGY.exe
  C:\Windows\System\CElOmGY.exe
  2⤵
  PID:3744
- C:\Windows\System\SaWrkKZ.exe
  C:\Windows\System\SaWrkKZ.exe
  2⤵
  PID:3760
- C:\Windows\System\ieWyAug.exe
  C:\Windows\System\ieWyAug.exe
  2⤵
  PID:3780
- C:\Windows\System\MFPkRhm.exe
  C:\Windows\System\MFPkRhm.exe
  2⤵
  PID:3796
- C:\Windows\System\QQhvLby.exe
  C:\Windows\System\QQhvLby.exe
  2⤵
  PID:3828
- C:\Windows\System\bFvdarC.exe
  C:\Windows\System\bFvdarC.exe
  2⤵
  PID:3848
- C:\Windows\System\lzETnvL.exe
  C:\Windows\System\lzETnvL.exe
  2⤵
  PID:3864
- C:\Windows\System\OEMvHNT.exe
  C:\Windows\System\OEMvHNT.exe
  2⤵
  PID:3884
- C:\Windows\System\GdFVtEK.exe
  C:\Windows\System\GdFVtEK.exe
  2⤵
  PID:3904
- C:\Windows\System\xeAgxoF.exe
  C:\Windows\System\xeAgxoF.exe
  2⤵
  PID:3932
- C:\Windows\System\kxoFNCs.exe
  C:\Windows\System\kxoFNCs.exe
  2⤵
  PID:3948
- C:\Windows\System\oaCZEaG.exe
  C:\Windows\System\oaCZEaG.exe
  2⤵
  PID:3980
- C:\Windows\System\mNLFNsW.exe
  C:\Windows\System\mNLFNsW.exe
  2⤵
  PID:4000
- C:\Windows\System\dYZTRZa.exe
  C:\Windows\System\dYZTRZa.exe
  2⤵
  PID:4020
- C:\Windows\System\JhfqjhY.exe
  C:\Windows\System\JhfqjhY.exe
  2⤵
  PID:4044
- C:\Windows\System\auJawTv.exe
  C:\Windows\System\auJawTv.exe
  2⤵
  PID:4060
- C:\Windows\System\TpbxLby.exe
  C:\Windows\System\TpbxLby.exe
  2⤵
  PID:4076
- C:\Windows\System\bhExmir.exe
  C:\Windows\System\bhExmir.exe
  2⤵
  PID:2036
- C:\Windows\System\SUiWOAb.exe
  C:\Windows\System\SUiWOAb.exe
  2⤵
  PID:2124
- C:\Windows\System\fWRLHtC.exe
  C:\Windows\System\fWRLHtC.exe
  2⤵
  PID:1368
- C:\Windows\System\eHlQhvv.exe
  C:\Windows\System\eHlQhvv.exe
  2⤵
  PID:996
- C:\Windows\System\rttoumy.exe
  C:\Windows\System\rttoumy.exe
  2⤵
  PID:2932
- C:\Windows\System\XPRywTa.exe
  C:\Windows\System\XPRywTa.exe
  2⤵
  PID:1272
- C:\Windows\System\lkdnZIX.exe
  C:\Windows\System\lkdnZIX.exe
  2⤵
  PID:2608
- C:\Windows\System\pvLzLyM.exe
  C:\Windows\System\pvLzLyM.exe
  2⤵
  PID:1064
- C:\Windows\System\ojscsNA.exe
  C:\Windows\System\ojscsNA.exe
  2⤵
  PID:2064
- C:\Windows\System\DEyXEGn.exe
  C:\Windows\System\DEyXEGn.exe
  2⤵
  PID:592
- C:\Windows\System\IbGTQJR.exe
  C:\Windows\System\IbGTQJR.exe
  2⤵
  PID:3096
- C:\Windows\System\GvbUMPp.exe
  C:\Windows\System\GvbUMPp.exe
  2⤵
  PID:1604
- C:\Windows\System\FzuSGqx.exe
  C:\Windows\System\FzuSGqx.exe
  2⤵
  PID:3176
- C:\Windows\System\wtHtEIK.exe
  C:\Windows\System\wtHtEIK.exe
  2⤵
  PID:3216
- C:\Windows\System\PVyqEIo.exe
  C:\Windows\System\PVyqEIo.exe
  2⤵
  PID:3200
- C:\Windows\System\goFGvef.exe
  C:\Windows\System\goFGvef.exe
  2⤵
  PID:3196
- C:\Windows\System\BQoPbtb.exe
  C:\Windows\System\BQoPbtb.exe
  2⤵
  PID:3296
- C:\Windows\System\usRSDVn.exe
  C:\Windows\System\usRSDVn.exe
  2⤵
  PID:3340
- C:\Windows\System\ZDmXJCV.exe
  C:\Windows\System\ZDmXJCV.exe
  2⤵
  PID:3376
- C:\Windows\System\gTxeiJn.exe
  C:\Windows\System\gTxeiJn.exe
  2⤵
  PID:3320
- C:\Windows\System\srQhaPt.exe
  C:\Windows\System\srQhaPt.exe
  2⤵
  PID:3424
- C:\Windows\System\VYiPKzu.exe
  C:\Windows\System\VYiPKzu.exe
  2⤵
  PID:3508
- C:\Windows\System\sNTPYxg.exe
  C:\Windows\System\sNTPYxg.exe
  2⤵
  PID:3440
- C:\Windows\System\TJrUnSB.exe
  C:\Windows\System\TJrUnSB.exe
  2⤵
  PID:3480
- C:\Windows\System\ECVcnLV.exe
  C:\Windows\System\ECVcnLV.exe
  2⤵
  PID:3580
- C:\Windows\System\TaNuisj.exe
  C:\Windows\System\TaNuisj.exe
  2⤵
  PID:3628
- C:\Windows\System\wwPJYWz.exe
  C:\Windows\System\wwPJYWz.exe
  2⤵
  PID:3656
- C:\Windows\System\zLpoFUV.exe
  C:\Windows\System\zLpoFUV.exe
  2⤵
  PID:3560
- C:\Windows\System\AvQoDlL.exe
  C:\Windows\System\AvQoDlL.exe
  2⤵
  PID:3644
- C:\Windows\System\dGnATvB.exe
  C:\Windows\System\dGnATvB.exe
  2⤵
  PID:3768
- C:\Windows\System\ZQYLfId.exe
  C:\Windows\System\ZQYLfId.exe
  2⤵
  PID:3788
- C:\Windows\System\tuUJznV.exe
  C:\Windows\System\tuUJznV.exe
  2⤵
  PID:3716
- C:\Windows\System\NObexPk.exe
  C:\Windows\System\NObexPk.exe
  2⤵
  PID:3812
- C:\Windows\System\zTGcenR.exe
  C:\Windows\System\zTGcenR.exe
  2⤵
  PID:3792
- C:\Windows\System\ONXHxvK.exe
  C:\Windows\System\ONXHxvK.exe
  2⤵
  PID:3844
- C:\Windows\System\pogdAJI.exe
  C:\Windows\System\pogdAJI.exe
  2⤵
  PID:3912
- C:\Windows\System\viSzeOe.exe
  C:\Windows\System\viSzeOe.exe
  2⤵
  PID:3928
- C:\Windows\System\mKoIypI.exe
  C:\Windows\System\mKoIypI.exe
  2⤵
  PID:3964
- C:\Windows\System\baEwunh.exe
  C:\Windows\System\baEwunh.exe
  2⤵
  PID:3968
- C:\Windows\System\NVNDoNS.exe
  C:\Windows\System\NVNDoNS.exe
  2⤵
  PID:4032
- C:\Windows\System\MhcuHpU.exe
  C:\Windows\System\MhcuHpU.exe
  2⤵
  PID:1616
- C:\Windows\System\bKBGnIy.exe
  C:\Windows\System\bKBGnIy.exe
  2⤵
  PID:1020
- C:\Windows\System\SVnajXY.exe
  C:\Windows\System\SVnajXY.exe
  2⤵
  PID:1012
- C:\Windows\System\HTbvEdF.exe
  C:\Windows\System\HTbvEdF.exe
  2⤵
  PID:1276
- C:\Windows\System\gmzfrxn.exe
  C:\Windows\System\gmzfrxn.exe
  2⤵
  PID:2132
- C:\Windows\System\WFzWrRF.exe
  C:\Windows\System\WFzWrRF.exe
  2⤵
  PID:2616
- C:\Windows\System\tkjtxli.exe
  C:\Windows\System\tkjtxli.exe
  2⤵
  PID:3100
- C:\Windows\System\eKRroLa.exe
  C:\Windows\System\eKRroLa.exe
  2⤵
  PID:3092
- C:\Windows\System\JyIlRvf.exe
  C:\Windows\System\JyIlRvf.exe
  2⤵
  PID:3180
- C:\Windows\System\cvRirkv.exe
  C:\Windows\System\cvRirkv.exe
  2⤵
  PID:3160
- C:\Windows\System\DQZkqaF.exe
  C:\Windows\System\DQZkqaF.exe
  2⤵
  PID:3332
- C:\Windows\System\vVneRYl.exe
  C:\Windows\System\vVneRYl.exe
  2⤵
  PID:3264
- C:\Windows\System\jQPBwnt.exe
  C:\Windows\System\jQPBwnt.exe
  2⤵
  PID:3464
- C:\Windows\System\KBIZmGy.exe
  C:\Windows\System\KBIZmGy.exe
  2⤵
  PID:3496
- C:\Windows\System\zgTuvYl.exe
  C:\Windows\System\zgTuvYl.exe
  2⤵
  PID:3620
- C:\Windows\System\mtdmoLO.exe
  C:\Windows\System\mtdmoLO.exe
  2⤵
  PID:3660
- C:\Windows\System\oRKqXoV.exe
  C:\Windows\System\oRKqXoV.exe
  2⤵
  PID:3548
- C:\Windows\System\BIWtTht.exe
  C:\Windows\System\BIWtTht.exe
  2⤵
  PID:3700
- C:\Windows\System\VTthvNp.exe
  C:\Windows\System\VTthvNp.exe
  2⤵
  PID:3756
- C:\Windows\System\vQNUhxL.exe
  C:\Windows\System\vQNUhxL.exe
  2⤵
  PID:3640
- C:\Windows\System\JYrQndt.exe
  C:\Windows\System\JYrQndt.exe
  2⤵
  PID:3836
- C:\Windows\System\dtCLVNd.exe
  C:\Windows\System\dtCLVNd.exe
  2⤵
  PID:3896
- C:\Windows\System\OZIJgtQ.exe
  C:\Windows\System\OZIJgtQ.exe
  2⤵
  PID:3960
- C:\Windows\System\ljLkPXW.exe
  C:\Windows\System\ljLkPXW.exe
  2⤵
  PID:4028
- C:\Windows\System\jElwYlw.exe
  C:\Windows\System\jElwYlw.exe
  2⤵
  PID:4092
- C:\Windows\System\oxQwWtK.exe
  C:\Windows\System\oxQwWtK.exe
  2⤵
  PID:1980
- C:\Windows\System\EJQfviy.exe
  C:\Windows\System\EJQfviy.exe
  2⤵
  PID:1380
- C:\Windows\System\YYlYzSw.exe
  C:\Windows\System\YYlYzSw.exe
  2⤵
  PID:2736
- C:\Windows\System\UaZAlFx.exe
  C:\Windows\System\UaZAlFx.exe
  2⤵
  PID:4056
- C:\Windows\System\ADFhAzh.exe
  C:\Windows\System\ADFhAzh.exe
  2⤵
  PID:2640
- C:\Windows\System\MOVHAPz.exe
  C:\Windows\System\MOVHAPz.exe
  2⤵
  PID:3248
- C:\Windows\System\kFIvkMP.exe
  C:\Windows\System\kFIvkMP.exe
  2⤵
  PID:3360
- C:\Windows\System\rTdqFBX.exe
  C:\Windows\System\rTdqFBX.exe
  2⤵
  PID:3336
- C:\Windows\System\eWOJtnz.exe
  C:\Windows\System\eWOJtnz.exe
  2⤵
  PID:3352
- C:\Windows\System\NebCjsj.exe
  C:\Windows\System\NebCjsj.exe
  2⤵
  PID:3820
- C:\Windows\System\odgBJPW.exe
  C:\Windows\System\odgBJPW.exe
  2⤵
  PID:3520
- C:\Windows\System\Zwzpkxz.exe
  C:\Windows\System\Zwzpkxz.exe
  2⤵
  PID:3804
- C:\Windows\System\DOBGmpS.exe
  C:\Windows\System\DOBGmpS.exe
  2⤵
  PID:3876
- C:\Windows\System\CvoKHQg.exe
  C:\Windows\System\CvoKHQg.exe
  2⤵
  PID:3840
- C:\Windows\System\ljcBzNZ.exe
  C:\Windows\System\ljcBzNZ.exe
  2⤵
  PID:2396
- C:\Windows\System\ikYBcYD.exe
  C:\Windows\System\ikYBcYD.exe
  2⤵
  PID:4104
- C:\Windows\System\OrgZJbE.exe
  C:\Windows\System\OrgZJbE.exe
  2⤵
  PID:4124
- C:\Windows\System\vhcPSwa.exe
  C:\Windows\System\vhcPSwa.exe
  2⤵
  PID:4144
- C:\Windows\System\zFdapkh.exe
  C:\Windows\System\zFdapkh.exe
  2⤵
  PID:4164
- C:\Windows\System\YTWmAIf.exe
  C:\Windows\System\YTWmAIf.exe
  2⤵
  PID:4180
- C:\Windows\System\cFIFcXH.exe
  C:\Windows\System\cFIFcXH.exe
  2⤵
  PID:4204
- C:\Windows\System\LsXNgXD.exe
  C:\Windows\System\LsXNgXD.exe
  2⤵
  PID:4224
- C:\Windows\System\fpMFaKA.exe
  C:\Windows\System\fpMFaKA.exe
  2⤵
  PID:4248
- C:\Windows\System\ACjgHmB.exe
  C:\Windows\System\ACjgHmB.exe
  2⤵
  PID:4264
- C:\Windows\System\PJebUEn.exe
  C:\Windows\System\PJebUEn.exe
  2⤵
  PID:4288
- C:\Windows\System\aLxvRTF.exe
  C:\Windows\System\aLxvRTF.exe
  2⤵
  PID:4304
- C:\Windows\System\TQXmhxb.exe
  C:\Windows\System\TQXmhxb.exe
  2⤵
  PID:4328
- C:\Windows\System\OKuzfoH.exe
  C:\Windows\System\OKuzfoH.exe
  2⤵
  PID:4344
- C:\Windows\System\CqSkYFN.exe
  C:\Windows\System\CqSkYFN.exe
  2⤵
  PID:4364
- C:\Windows\System\RJCHTbB.exe
  C:\Windows\System\RJCHTbB.exe
  2⤵
  PID:4388
- C:\Windows\System\QtUGFBl.exe
  C:\Windows\System\QtUGFBl.exe
  2⤵
  PID:4408
- C:\Windows\System\DoWJKPP.exe
  C:\Windows\System\DoWJKPP.exe
  2⤵
  PID:4428
- C:\Windows\System\XfYlhkd.exe
  C:\Windows\System\XfYlhkd.exe
  2⤵
  PID:4448
- C:\Windows\System\mEwrxpd.exe
  C:\Windows\System\mEwrxpd.exe
  2⤵
  PID:4464
- C:\Windows\System\Hxuiilx.exe
  C:\Windows\System\Hxuiilx.exe
  2⤵
  PID:4488
- C:\Windows\System\NbksVPR.exe
  C:\Windows\System\NbksVPR.exe
  2⤵
  PID:4504
- C:\Windows\System\teRXlCa.exe
  C:\Windows\System\teRXlCa.exe
  2⤵
  PID:4524
- C:\Windows\System\lGkDIab.exe
  C:\Windows\System\lGkDIab.exe
  2⤵
  PID:4548
- C:\Windows\System\jmXbZIf.exe
  C:\Windows\System\jmXbZIf.exe
  2⤵
  PID:4568
- C:\Windows\System\YXgBOIf.exe
  C:\Windows\System\YXgBOIf.exe
  2⤵
  PID:4584
- C:\Windows\System\LIIQhOa.exe
  C:\Windows\System\LIIQhOa.exe
  2⤵
  PID:4604
- C:\Windows\System\neUgIFW.exe
  C:\Windows\System\neUgIFW.exe
  2⤵
  PID:4620
- C:\Windows\System\WNcHQdv.exe
  C:\Windows\System\WNcHQdv.exe
  2⤵
  PID:4644
- C:\Windows\System\GVMtcXO.exe
  C:\Windows\System\GVMtcXO.exe
  2⤵
  PID:4668
- C:\Windows\System\CIFtAsV.exe
  C:\Windows\System\CIFtAsV.exe
  2⤵
  PID:4684
- C:\Windows\System\ozXulqB.exe
  C:\Windows\System\ozXulqB.exe
  2⤵
  PID:4704
- C:\Windows\System\lbrtGhF.exe
  C:\Windows\System\lbrtGhF.exe
  2⤵
  PID:4720
- C:\Windows\System\VNJntCg.exe
  C:\Windows\System\VNJntCg.exe
  2⤵
  PID:4744
- C:\Windows\System\WBMzMNF.exe
  C:\Windows\System\WBMzMNF.exe
  2⤵
  PID:4768
- C:\Windows\System\oKIVzkk.exe
  C:\Windows\System\oKIVzkk.exe
  2⤵
  PID:4788
- C:\Windows\System\ufditMi.exe
  C:\Windows\System\ufditMi.exe
  2⤵
  PID:4808
- C:\Windows\System\nBnEvKj.exe
  C:\Windows\System\nBnEvKj.exe
  2⤵
  PID:4828
- C:\Windows\System\sSfPszu.exe
  C:\Windows\System\sSfPszu.exe
  2⤵
  PID:4848
- C:\Windows\System\UBDYWai.exe
  C:\Windows\System\UBDYWai.exe
  2⤵
  PID:4864
- C:\Windows\System\Rljvizj.exe
  C:\Windows\System\Rljvizj.exe
  2⤵
  PID:4888
- C:\Windows\System\pnLQMRd.exe
  C:\Windows\System\pnLQMRd.exe
  2⤵
  PID:4904
- C:\Windows\System\lXlTaGh.exe
  C:\Windows\System\lXlTaGh.exe
  2⤵
  PID:4924
- C:\Windows\System\cTyJuFw.exe
  C:\Windows\System\cTyJuFw.exe
  2⤵
  PID:4948
- C:\Windows\System\xgLJESC.exe
  C:\Windows\System\xgLJESC.exe
  2⤵
  PID:4968
- C:\Windows\System\xxtemcK.exe
  C:\Windows\System\xxtemcK.exe
  2⤵
  PID:4988
- C:\Windows\System\HvsJvDy.exe
  C:\Windows\System\HvsJvDy.exe
  2⤵
  PID:5008
- C:\Windows\System\OeAVdWQ.exe
  C:\Windows\System\OeAVdWQ.exe
  2⤵
  PID:5024
- C:\Windows\System\VIKPuLq.exe
  C:\Windows\System\VIKPuLq.exe
  2⤵
  PID:5048
- C:\Windows\System\fOqjZFO.exe
  C:\Windows\System\fOqjZFO.exe
  2⤵
  PID:5064
- C:\Windows\System\pfzMnhP.exe
  C:\Windows\System\pfzMnhP.exe
  2⤵
  PID:5088
- C:\Windows\System\gEiauUk.exe
  C:\Windows\System\gEiauUk.exe
  2⤵
  PID:5104
- C:\Windows\System\umOCOUw.exe
  C:\Windows\System\umOCOUw.exe
  2⤵
  PID:3956
- C:\Windows\System\ZcOeicM.exe
  C:\Windows\System\ZcOeicM.exe
  2⤵
  PID:3988
- C:\Windows\System\KjEVjht.exe
  C:\Windows\System\KjEVjht.exe
  2⤵
  PID:340
- C:\Windows\System\wWqlIKq.exe
  C:\Windows\System\wWqlIKq.exe
  2⤵
  PID:3120
- C:\Windows\System\ZNQTGvi.exe
  C:\Windows\System\ZNQTGvi.exe
  2⤵
  PID:3380
- C:\Windows\System\znNoqya.exe
  C:\Windows\System\znNoqya.exe
  2⤵
  PID:3524
- C:\Windows\System\FlQAAyy.exe
  C:\Windows\System\FlQAAyy.exe
  2⤵
  PID:3408
- C:\Windows\System\zkEWiUJ.exe
  C:\Windows\System\zkEWiUJ.exe
  2⤵
  PID:3736
- C:\Windows\System\RalhofR.exe
  C:\Windows\System\RalhofR.exe
  2⤵
  PID:848
- C:\Windows\System\VukeDzA.exe
  C:\Windows\System\VukeDzA.exe
  2⤵
  PID:4100
- C:\Windows\System\MvuvAqu.exe
  C:\Windows\System\MvuvAqu.exe
  2⤵
  PID:4140
- C:\Windows\System\JQyUUPq.exe
  C:\Windows\System\JQyUUPq.exe
  2⤵
  PID:4192
- C:\Windows\System\AatNWGN.exe
  C:\Windows\System\AatNWGN.exe
  2⤵
  PID:4240
- C:\Windows\System\hnGDFHj.exe
  C:\Windows\System\hnGDFHj.exe
  2⤵
  PID:4212
- C:\Windows\System\WEodZAv.exe
  C:\Windows\System\WEodZAv.exe
  2⤵
  PID:4280
- C:\Windows\System\Trhgmnj.exe
  C:\Windows\System\Trhgmnj.exe
  2⤵
  PID:4324
- C:\Windows\System\eQCXuZF.exe
  C:\Windows\System\eQCXuZF.exe
  2⤵
  PID:4356
- C:\Windows\System\UBBCUdM.exe
  C:\Windows\System\UBBCUdM.exe
  2⤵
  PID:4372
- C:\Windows\System\daQEipV.exe
  C:\Windows\System\daQEipV.exe
  2⤵
  PID:4400
- C:\Windows\System\KHXGBwK.exe
  C:\Windows\System\KHXGBwK.exe
  2⤵
  PID:4420
- C:\Windows\System\gtziYLA.exe
  C:\Windows\System\gtziYLA.exe
  2⤵
  PID:4480
- C:\Windows\System\KOngeFR.exe
  C:\Windows\System\KOngeFR.exe
  2⤵
  PID:4496
- C:\Windows\System\rBbWQPD.exe
  C:\Windows\System\rBbWQPD.exe
  2⤵
  PID:4544
- C:\Windows\System\VFWhOCp.exe
  C:\Windows\System\VFWhOCp.exe
  2⤵
  PID:4592
- C:\Windows\System\qXhyqRI.exe
  C:\Windows\System\qXhyqRI.exe
  2⤵
  PID:4636
- C:\Windows\System\ASYkJjK.exe
  C:\Windows\System\ASYkJjK.exe
  2⤵
  PID:4576
- C:\Windows\System\ImbzIxj.exe
  C:\Windows\System\ImbzIxj.exe
  2⤵
  PID:4680
- C:\Windows\System\Vucwpec.exe
  C:\Windows\System\Vucwpec.exe
  2⤵
  PID:4712
- C:\Windows\System\skaXngR.exe
  C:\Windows\System\skaXngR.exe
  2⤵
  PID:4716
- C:\Windows\System\biEwovr.exe
  C:\Windows\System\biEwovr.exe
  2⤵
  PID:4736
- C:\Windows\System\jYfUdrE.exe
  C:\Windows\System\jYfUdrE.exe
  2⤵
  PID:4780
- C:\Windows\System\AyaaIzF.exe
  C:\Windows\System\AyaaIzF.exe
  2⤵
  PID:4836
- C:\Windows\System\tbxxmxo.exe
  C:\Windows\System\tbxxmxo.exe
  2⤵
  PID:4880
- C:\Windows\System\VxPnLXn.exe
  C:\Windows\System\VxPnLXn.exe
  2⤵
  PID:4920
- C:\Windows\System\Lphrkds.exe
  C:\Windows\System\Lphrkds.exe
  2⤵
  PID:4896
- C:\Windows\System\xcWAAsP.exe
  C:\Windows\System\xcWAAsP.exe
  2⤵
  PID:4944
- C:\Windows\System\XekXOfF.exe
  C:\Windows\System\XekXOfF.exe
  2⤵
  PID:4984
- C:\Windows\System\hYXhJjz.exe
  C:\Windows\System\hYXhJjz.exe
  2⤵
  PID:5016
- C:\Windows\System\pHkNMbo.exe
  C:\Windows\System\pHkNMbo.exe
  2⤵
  PID:5060
- C:\Windows\System\qRTqBoJ.exe
  C:\Windows\System\qRTqBoJ.exe
  2⤵
  PID:5096
- C:\Windows\System\hPmitcX.exe
  C:\Windows\System\hPmitcX.exe
  2⤵
  PID:3076
- C:\Windows\System\TGyRKoE.exe
  C:\Windows\System\TGyRKoE.exe
  2⤵
  PID:3252
- C:\Windows\System\YONsXYq.exe
  C:\Windows\System\YONsXYq.exe
  2⤵
  PID:1256
- C:\Windows\System\GkMZHWn.exe
  C:\Windows\System\GkMZHWn.exe
  2⤵
  PID:3600
- C:\Windows\System\UAUuMMA.exe
  C:\Windows\System\UAUuMMA.exe
  2⤵
  PID:4012
- C:\Windows\System\nYwtSKj.exe
  C:\Windows\System\nYwtSKj.exe
  2⤵
  PID:3712
- C:\Windows\System\XAMXniK.exe
  C:\Windows\System\XAMXniK.exe
  2⤵
  PID:1588
- C:\Windows\System\PjfxTEQ.exe
  C:\Windows\System\PjfxTEQ.exe
  2⤵
  PID:4136
- C:\Windows\System\JPQRafm.exe
  C:\Windows\System\JPQRafm.exe
  2⤵
  PID:4296
- C:\Windows\System\DnBQcIX.exe
  C:\Windows\System\DnBQcIX.exe
  2⤵
  PID:4472
- C:\Windows\System\kOVOylC.exe
  C:\Windows\System\kOVOylC.exe
  2⤵
  PID:4220
- C:\Windows\System\NzXLBTO.exe
  C:\Windows\System\NzXLBTO.exe
  2⤵
  PID:4516
- C:\Windows\System\FYEUgkN.exe
  C:\Windows\System\FYEUgkN.exe
  2⤵
  PID:4532
- C:\Windows\System\LQjRZzW.exe
  C:\Windows\System\LQjRZzW.exe
  2⤵
  PID:4676
- C:\Windows\System\QoRPXjo.exe
  C:\Windows\System\QoRPXjo.exe
  2⤵
  PID:4444
- C:\Windows\System\lLbVsKQ.exe
  C:\Windows\System\lLbVsKQ.exe
  2⤵
  PID:4616
- C:\Windows\System\OJBsseQ.exe
  C:\Windows\System\OJBsseQ.exe
  2⤵
  PID:2784
- C:\Windows\System\Ukrriiq.exe
  C:\Windows\System\Ukrriiq.exe
  2⤵
  PID:4796
- C:\Windows\System\aNZSRRM.exe
  C:\Windows\System\aNZSRRM.exe
  2⤵
  PID:4840
- C:\Windows\System\ZghoEiG.exe
  C:\Windows\System\ZghoEiG.exe
  2⤵
  PID:2724
- C:\Windows\System\qcrfeZr.exe
  C:\Windows\System\qcrfeZr.exe
  2⤵
  PID:4816
- C:\Windows\System\qLFiGeo.exe
  C:\Windows\System\qLFiGeo.exe
  2⤵
  PID:4996
- C:\Windows\System\rTiqWsM.exe
  C:\Windows\System\rTiqWsM.exe
  2⤵
  PID:5004
- C:\Windows\System\kOiCaiG.exe
  C:\Windows\System\kOiCaiG.exe
  2⤵
  PID:5072
- C:\Windows\System\IEzvXdn.exe
  C:\Windows\System\IEzvXdn.exe
  2⤵
  PID:5100
- C:\Windows\System\tjcCUyh.exe
  C:\Windows\System\tjcCUyh.exe
  2⤵
  PID:1532
- C:\Windows\System\PWNUWwS.exe
  C:\Windows\System\PWNUWwS.exe
  2⤵
  PID:3880
- C:\Windows\System\iqzFvYz.exe
  C:\Windows\System\iqzFvYz.exe
  2⤵
  PID:1580
- C:\Windows\System\UVjfnYe.exe
  C:\Windows\System\UVjfnYe.exe
  2⤵
  PID:3732
- C:\Windows\System\pCzCzQS.exe
  C:\Windows\System\pCzCzQS.exe
  2⤵
  PID:4260
- C:\Windows\System\PEumYNH.exe
  C:\Windows\System\PEumYNH.exe
  2⤵
  PID:4340
- C:\Windows\System\WhSGAhY.exe
  C:\Windows\System\WhSGAhY.exe
  2⤵
  PID:4312
- C:\Windows\System\WTnWkiO.exe
  C:\Windows\System\WTnWkiO.exe
  2⤵
  PID:4628
- C:\Windows\System\AhqxYEs.exe
  C:\Windows\System\AhqxYEs.exe
  2⤵
  PID:2688
- C:\Windows\System\naxkONL.exe
  C:\Windows\System\naxkONL.exe
  2⤵
  PID:4728
- C:\Windows\System\LNxcKof.exe
  C:\Windows\System\LNxcKof.exe
  2⤵
  PID:4776
- C:\Windows\System\JQJIqoE.exe
  C:\Windows\System\JQJIqoE.exe
  2⤵
  PID:4756
- C:\Windows\System\upbxscs.exe
  C:\Windows\System\upbxscs.exe
  2⤵
  PID:4912
- C:\Windows\System\tGQgqfx.exe
  C:\Windows\System\tGQgqfx.exe
  2⤵
  PID:4932
- C:\Windows\System\QQZdSDd.exe
  C:\Windows\System\QQZdSDd.exe
  2⤵
  PID:2808
- C:\Windows\System\pYfnsSl.exe
  C:\Windows\System\pYfnsSl.exe
  2⤵
  PID:3772
- C:\Windows\System\bnZnOIc.exe
  C:\Windows\System\bnZnOIc.exe
  2⤵
  PID:3144
- C:\Windows\System\sdvmIDo.exe
  C:\Windows\System\sdvmIDo.exe
  2⤵
  PID:3528
- C:\Windows\System\pYXgbZf.exe
  C:\Windows\System\pYXgbZf.exe
  2⤵
  PID:4416
- C:\Windows\System\vXJQWIU.exe
  C:\Windows\System\vXJQWIU.exe
  2⤵
  PID:2700
- C:\Windows\System\tYyggFq.exe
  C:\Windows\System\tYyggFq.exe
  2⤵
  PID:4560
- C:\Windows\System\qTKbWaN.exe
  C:\Windows\System\qTKbWaN.exe
  2⤵
  PID:4732
- C:\Windows\System\KWtLaZt.exe
  C:\Windows\System\KWtLaZt.exe
  2⤵
  PID:5136
- C:\Windows\System\YOUwFAT.exe
  C:\Windows\System\YOUwFAT.exe
  2⤵
  PID:5152
- C:\Windows\System\lzTYpVj.exe
  C:\Windows\System\lzTYpVj.exe
  2⤵
  PID:5176
- C:\Windows\System\QCLGjTl.exe
  C:\Windows\System\QCLGjTl.exe
  2⤵
  PID:5196
- C:\Windows\System\cRnYdry.exe
  C:\Windows\System\cRnYdry.exe
  2⤵
  PID:5224
- C:\Windows\System\ehaBslG.exe
  C:\Windows\System\ehaBslG.exe
  2⤵
  PID:5244
- C:\Windows\System\IeBUEVo.exe
  C:\Windows\System\IeBUEVo.exe
  2⤵
  PID:5264
- C:\Windows\System\yynKaOy.exe
  C:\Windows\System\yynKaOy.exe
  2⤵
  PID:5284
- C:\Windows\System\QcweXaB.exe
  C:\Windows\System\QcweXaB.exe
  2⤵
  PID:5304
- C:\Windows\System\KekXcTe.exe
  C:\Windows\System\KekXcTe.exe
  2⤵
  PID:5324
- C:\Windows\System\qFPUCjX.exe
  C:\Windows\System\qFPUCjX.exe
  2⤵
  PID:5344
- C:\Windows\System\qooKzwr.exe
  C:\Windows\System\qooKzwr.exe
  2⤵
  PID:5364
- C:\Windows\System\qfLLpNu.exe
  C:\Windows\System\qfLLpNu.exe
  2⤵
  PID:5380
- C:\Windows\System\kRojnFX.exe
  C:\Windows\System\kRojnFX.exe
  2⤵
  PID:5400
- C:\Windows\System\QwYJwkj.exe
  C:\Windows\System\QwYJwkj.exe
  2⤵
  PID:5424
- C:\Windows\System\cksYSsA.exe
  C:\Windows\System\cksYSsA.exe
  2⤵
  PID:5444
- C:\Windows\System\TsREBLk.exe
  C:\Windows\System\TsREBLk.exe
  2⤵
  PID:5464
- C:\Windows\System\ovwvEnS.exe
  C:\Windows\System\ovwvEnS.exe
  2⤵
  PID:5484
- C:\Windows\System\gzkHSBB.exe
  C:\Windows\System\gzkHSBB.exe
  2⤵
  PID:5504
- C:\Windows\System\ETAnPVf.exe
  C:\Windows\System\ETAnPVf.exe
  2⤵
  PID:5520
- C:\Windows\System\weFmieT.exe
  C:\Windows\System\weFmieT.exe
  2⤵
  PID:5540
- C:\Windows\System\CLvHtBF.exe
  C:\Windows\System\CLvHtBF.exe
  2⤵
  PID:5564
- C:\Windows\System\XNiDdse.exe
  C:\Windows\System\XNiDdse.exe
  2⤵
  PID:5584
- C:\Windows\System\cAJtLBl.exe
  C:\Windows\System\cAJtLBl.exe
  2⤵
  PID:5604
- C:\Windows\System\DsIeXZU.exe
  C:\Windows\System\DsIeXZU.exe
  2⤵
  PID:5624
- C:\Windows\System\fcECdKl.exe
  C:\Windows\System\fcECdKl.exe
  2⤵
  PID:5640
- C:\Windows\System\aNXHOtK.exe
  C:\Windows\System\aNXHOtK.exe
  2⤵
  PID:5664
- C:\Windows\System\GZdMATD.exe
  C:\Windows\System\GZdMATD.exe
  2⤵
  PID:5684
- C:\Windows\System\aWUxfbk.exe
  C:\Windows\System\aWUxfbk.exe
  2⤵
  PID:5704
- C:\Windows\System\fmPtmXE.exe
  C:\Windows\System\fmPtmXE.exe
  2⤵
  PID:5724
- C:\Windows\System\IglbhOT.exe
  C:\Windows\System\IglbhOT.exe
  2⤵
  PID:5744
- C:\Windows\System\IilSWfV.exe
  C:\Windows\System\IilSWfV.exe
  2⤵
  PID:5764
- C:\Windows\System\bBpNHoA.exe
  C:\Windows\System\bBpNHoA.exe
  2⤵
  PID:5784
- C:\Windows\System\GHRqllV.exe
  C:\Windows\System\GHRqllV.exe
  2⤵
  PID:5804
- C:\Windows\System\PIjFBbt.exe
  C:\Windows\System\PIjFBbt.exe
  2⤵
  PID:5824
- C:\Windows\System\TRJrmxm.exe
  C:\Windows\System\TRJrmxm.exe
  2⤵
  PID:5844
- C:\Windows\System\NjSQElT.exe
  C:\Windows\System\NjSQElT.exe
  2⤵
  PID:5860
- C:\Windows\System\AXPGJgo.exe
  C:\Windows\System\AXPGJgo.exe
  2⤵
  PID:5880
- C:\Windows\System\ejDtbln.exe
  C:\Windows\System\ejDtbln.exe
  2⤵
  PID:5904
- C:\Windows\System\skhHKqu.exe
  C:\Windows\System\skhHKqu.exe
  2⤵
  PID:5924
- C:\Windows\System\zQFCJag.exe
  C:\Windows\System\zQFCJag.exe
  2⤵
  PID:5940
- C:\Windows\System\pkgtCZw.exe
  C:\Windows\System\pkgtCZw.exe
  2⤵
  PID:5960
- C:\Windows\System\WLGEMXI.exe
  C:\Windows\System\WLGEMXI.exe
  2⤵
  PID:5980
- C:\Windows\System\tIhIMQj.exe
  C:\Windows\System\tIhIMQj.exe
  2⤵
  PID:6004
- C:\Windows\System\lfmzmMH.exe
  C:\Windows\System\lfmzmMH.exe
  2⤵
  PID:6020
- C:\Windows\System\wsYoTZT.exe
  C:\Windows\System\wsYoTZT.exe
  2⤵
  PID:6040
- C:\Windows\System\xQEgoDm.exe
  C:\Windows\System\xQEgoDm.exe
  2⤵
  PID:6060
- C:\Windows\System\eREiOzT.exe
  C:\Windows\System\eREiOzT.exe
  2⤵
  PID:6080
- C:\Windows\System\cmQTuHD.exe
  C:\Windows\System\cmQTuHD.exe
  2⤵
  PID:6104
- C:\Windows\System\mNRGmfu.exe
  C:\Windows\System\mNRGmfu.exe
  2⤵
  PID:6124
- C:\Windows\System\vdcGTwu.exe
  C:\Windows\System\vdcGTwu.exe
  2⤵
  PID:6140
- C:\Windows\System\HtDWzFZ.exe
  C:\Windows\System\HtDWzFZ.exe
  2⤵
  PID:4760
- C:\Windows\System\tvIaeNH.exe
  C:\Windows\System\tvIaeNH.exe
  2⤵
  PID:5084
- C:\Windows\System\nRMkgfJ.exe
  C:\Windows\System\nRMkgfJ.exe
  2⤵
  PID:4856
- C:\Windows\System\VeSXcWx.exe
  C:\Windows\System\VeSXcWx.exe
  2⤵
  PID:4132
- C:\Windows\System\YclZRuW.exe
  C:\Windows\System\YclZRuW.exe
  2⤵
  PID:4540
- C:\Windows\System\Dosymkw.exe
  C:\Windows\System\Dosymkw.exe
  2⤵
  PID:2568
- C:\Windows\System\nxRtkWW.exe
  C:\Windows\System\nxRtkWW.exe
  2⤵
  PID:5144
- C:\Windows\System\OOZXRvW.exe
  C:\Windows\System\OOZXRvW.exe
  2⤵
  PID:5184
- C:\Windows\System\oMZxWCH.exe
  C:\Windows\System\oMZxWCH.exe
  2⤵
  PID:5204
- C:\Windows\System\PmxdANG.exe
  C:\Windows\System\PmxdANG.exe
  2⤵
  PID:5216
- C:\Windows\System\ghiBgXR.exe
  C:\Windows\System\ghiBgXR.exe
  2⤵
  PID:5280
- C:\Windows\System\yecoDTQ.exe
  C:\Windows\System\yecoDTQ.exe
  2⤵
  PID:5296
- C:\Windows\System\lVsHtop.exe
  C:\Windows\System\lVsHtop.exe
  2⤵
  PID:5332
- C:\Windows\System\luvFSup.exe
  C:\Windows\System\luvFSup.exe
  2⤵
  PID:5336
- C:\Windows\System\zjUltbF.exe
  C:\Windows\System\zjUltbF.exe
  2⤵
  PID:5376
- C:\Windows\System\yOGCaKf.exe
  C:\Windows\System\yOGCaKf.exe
  2⤵
  PID:5416
- C:\Windows\System\yAamWVY.exe
  C:\Windows\System\yAamWVY.exe
  2⤵
  PID:5456
- C:\Windows\System\bwTuSYi.exe
  C:\Windows\System\bwTuSYi.exe
  2⤵
  PID:5492
- C:\Windows\System\layfkWs.exe
  C:\Windows\System\layfkWs.exe
  2⤵
  PID:5528
- C:\Windows\System\bOsrRQi.exe
  C:\Windows\System\bOsrRQi.exe
  2⤵
  PID:5532
- C:\Windows\System\URbdWsq.exe
  C:\Windows\System\URbdWsq.exe
  2⤵
  PID:5576
- C:\Windows\System\xlsSKzm.exe
  C:\Windows\System\xlsSKzm.exe
  2⤵
  PID:5620
- C:\Windows\System\rfgOPJq.exe
  C:\Windows\System\rfgOPJq.exe
  2⤵
  PID:5680
- C:\Windows\System\dujnuda.exe
  C:\Windows\System\dujnuda.exe
  2⤵
  PID:5696
- C:\Windows\System\HVNOJhC.exe
  C:\Windows\System\HVNOJhC.exe
  2⤵
  PID:5732
- C:\Windows\System\uTKtvOX.exe
  C:\Windows\System\uTKtvOX.exe
  2⤵
  PID:5792
- C:\Windows\System\vUCQUbK.exe
  C:\Windows\System\vUCQUbK.exe
  2⤵
  PID:5776
- C:\Windows\System\sMVReOM.exe
  C:\Windows\System\sMVReOM.exe
  2⤵
  PID:5816
- C:\Windows\System\eNdhYLz.exe
  C:\Windows\System\eNdhYLz.exe
  2⤵
  PID:5872
- C:\Windows\System\hmiKtoX.exe
  C:\Windows\System\hmiKtoX.exe
  2⤵
  PID:5888
- C:\Windows\System\KArqJQw.exe
  C:\Windows\System\KArqJQw.exe
  2⤵
  PID:5932
- C:\Windows\System\JynnosR.exe
  C:\Windows\System\JynnosR.exe
  2⤵
  PID:5936
- C:\Windows\System\BDJbqgt.exe
  C:\Windows\System\BDJbqgt.exe
  2⤵
  PID:5996
- C:\Windows\System\upblaYG.exe
  C:\Windows\System\upblaYG.exe
  2⤵
  PID:6012
- C:\Windows\System\ZtVFhmh.exe
  C:\Windows\System\ZtVFhmh.exe
  2⤵
  PID:6052
- C:\Windows\System\IablxCF.exe
  C:\Windows\System\IablxCF.exe
  2⤵
  PID:6088
- C:\Windows\System\ZyOFEgf.exe
  C:\Windows\System\ZyOFEgf.exe
  2⤵
  PID:6132
- C:\Windows\System\orQHbeJ.exe
  C:\Windows\System\orQHbeJ.exe
  2⤵
  PID:4936
- C:\Windows\System\ZRMdejK.exe
  C:\Windows\System\ZRMdejK.exe
  2⤵
  PID:4316
- C:\Windows\System\NdlECFw.exe
  C:\Windows\System\NdlECFw.exe
  2⤵
  PID:4320
- C:\Windows\System\tzUrFfh.exe
  C:\Windows\System\tzUrFfh.exe
  2⤵
  PID:4824
- C:\Windows\System\iuyNOSZ.exe
  C:\Windows\System\iuyNOSZ.exe
  2⤵
  PID:5168
- C:\Windows\System\nrZHnuz.exe
  C:\Windows\System\nrZHnuz.exe
  2⤵
  PID:5192
- C:\Windows\System\ZDimVKN.exe
  C:\Windows\System\ZDimVKN.exe
  2⤵
  PID:5272
- C:\Windows\System\bASuqXp.exe
  C:\Windows\System\bASuqXp.exe
  2⤵
  PID:5256
- C:\Windows\System\ybflQbl.exe
  C:\Windows\System\ybflQbl.exe
  2⤵
  PID:5356
- C:\Windows\System\yWBJsDw.exe
  C:\Windows\System\yWBJsDw.exe
  2⤵
  PID:5452
- C:\Windows\System\ttGOJIS.exe
  C:\Windows\System\ttGOJIS.exe
  2⤵
  PID:5476
- C:\Windows\System\xJPhvCp.exe
  C:\Windows\System\xJPhvCp.exe
  2⤵
  PID:5496
- C:\Windows\System\zDAriEv.exe
  C:\Windows\System\zDAriEv.exe
  2⤵
  PID:5572
- C:\Windows\System\xqqqDzu.exe
  C:\Windows\System\xqqqDzu.exe
  2⤵
  PID:5632
- C:\Windows\System\cnPdrAH.exe
  C:\Windows\System\cnPdrAH.exe
  2⤵
  PID:5660
- C:\Windows\System\sVupkng.exe
  C:\Windows\System\sVupkng.exe
  2⤵
  PID:5772
- C:\Windows\System\fACGvMn.exe
  C:\Windows\System\fACGvMn.exe
  2⤵
  PID:5796
- C:\Windows\System\yRjdqQQ.exe
  C:\Windows\System\yRjdqQQ.exe
  2⤵
  PID:5868
- C:\Windows\System\tRAJdrj.exe
  C:\Windows\System\tRAJdrj.exe
  2⤵
  PID:5912
- C:\Windows\System\wdsAKyh.exe
  C:\Windows\System\wdsAKyh.exe
  2⤵
  PID:5952
- C:\Windows\System\XaszUAN.exe
  C:\Windows\System\XaszUAN.exe
  2⤵
  PID:6076
- C:\Windows\System\uCrIIow.exe
  C:\Windows\System\uCrIIow.exe
  2⤵
  PID:6028
- C:\Windows\System\iVHuQEL.exe
  C:\Windows\System\iVHuQEL.exe
  2⤵
  PID:6096
- C:\Windows\System\DPbkRQK.exe
  C:\Windows\System\DPbkRQK.exe
  2⤵
  PID:2560
- C:\Windows\System\rFAPsHT.exe
  C:\Windows\System\rFAPsHT.exe
  2⤵
  PID:4460
- C:\Windows\System\mgEsdMZ.exe
  C:\Windows\System\mgEsdMZ.exe
  2⤵
  PID:5164
- C:\Windows\System\hmjabPj.exe
  C:\Windows\System\hmjabPj.exe
  2⤵
  PID:5300
- C:\Windows\System\hmEDXaT.exe
  C:\Windows\System\hmEDXaT.exe
  2⤵
  PID:5360
- C:\Windows\System\XzoObGV.exe
  C:\Windows\System\XzoObGV.exe
  2⤵
  PID:5396
- C:\Windows\System\HxFrXXO.exe
  C:\Windows\System\HxFrXXO.exe
  2⤵
  PID:5512
- C:\Windows\System\pKMmrIr.exe
  C:\Windows\System\pKMmrIr.exe
  2⤵
  PID:2248
- C:\Windows\System\aYzQZRF.exe
  C:\Windows\System\aYzQZRF.exe
  2⤵
  PID:5552
- C:\Windows\System\rvxHhLH.exe
  C:\Windows\System\rvxHhLH.exe
  2⤵
  PID:5692
- C:\Windows\System\NAIBSxj.exe
  C:\Windows\System\NAIBSxj.exe
  2⤵
  PID:5760
- C:\Windows\System\xLWhKNz.exe
  C:\Windows\System\xLWhKNz.exe
  2⤵
  PID:5956
- C:\Windows\System\iOVwjbT.exe
  C:\Windows\System\iOVwjbT.exe
  2⤵
  PID:5920
- C:\Windows\System\RMfMmHI.exe
  C:\Windows\System\RMfMmHI.exe
  2⤵
  PID:1436
- C:\Windows\System\mVBqhfS.exe
  C:\Windows\System\mVBqhfS.exe
  2⤵
  PID:6116
- C:\Windows\System\drgoxOy.exe
  C:\Windows\System\drgoxOy.exe
  2⤵
  PID:4352
- C:\Windows\System\AAcsWEI.exe
  C:\Windows\System\AAcsWEI.exe
  2⤵
  PID:5132
- C:\Windows\System\WZIkqAS.exe
  C:\Windows\System\WZIkqAS.exe
  2⤵
  PID:5188
- C:\Windows\System\RMALfxW.exe
  C:\Windows\System\RMALfxW.exe
  2⤵
  PID:2220
- C:\Windows\System\qdfuBip.exe
  C:\Windows\System\qdfuBip.exe
  2⤵
  PID:5472
- C:\Windows\System\FxDBVIH.exe
  C:\Windows\System\FxDBVIH.exe
  2⤵
  PID:5596
- C:\Windows\System\GdnthkF.exe
  C:\Windows\System\GdnthkF.exe
  2⤵
  PID:5716
- C:\Windows\System\DaYEhsK.exe
  C:\Windows\System\DaYEhsK.exe
  2⤵
  PID:5820
- C:\Windows\System\ktheZQw.exe
  C:\Windows\System\ktheZQw.exe
  2⤵
  PID:6048
- C:\Windows\System\LlfrLJZ.exe
  C:\Windows\System\LlfrLJZ.exe
  2⤵
  PID:6120
- C:\Windows\System\oxnuAEE.exe
  C:\Windows\System\oxnuAEE.exe
  2⤵
  PID:6136
- C:\Windows\System\cUJMIKN.exe
  C:\Windows\System\cUJMIKN.exe
  2⤵
  PID:2312
- C:\Windows\System\hUQQdjj.exe
  C:\Windows\System\hUQQdjj.exe
  2⤵
  PID:5236
- C:\Windows\System\tShyPje.exe
  C:\Windows\System\tShyPje.exe
  2⤵
  PID:1716
- C:\Windows\System\ycFocdj.exe
  C:\Windows\System\ycFocdj.exe
  2⤵
  PID:2584
- C:\Windows\System\wVPwIyq.exe
  C:\Windows\System\wVPwIyq.exe
  2⤵
  PID:3260
- C:\Windows\System\ySTKEph.exe
  C:\Windows\System\ySTKEph.exe
  2⤵
  PID:6160
- C:\Windows\System\DEzQRGd.exe
  C:\Windows\System\DEzQRGd.exe
  2⤵
  PID:6176
- C:\Windows\System\NzdcouM.exe
  C:\Windows\System\NzdcouM.exe
  2⤵
  PID:6204
- C:\Windows\System\geqnHcw.exe
  C:\Windows\System\geqnHcw.exe
  2⤵
  PID:6224
- C:\Windows\System\NNiqzPj.exe
  C:\Windows\System\NNiqzPj.exe
  2⤵
  PID:6244
- C:\Windows\System\IyxKkAr.exe
  C:\Windows\System\IyxKkAr.exe
  2⤵
  PID:6260
- C:\Windows\System\YpBCFqP.exe
  C:\Windows\System\YpBCFqP.exe
  2⤵
  PID:6284
- C:\Windows\System\FjZndtL.exe
  C:\Windows\System\FjZndtL.exe
  2⤵
  PID:6304
- C:\Windows\System\zaeoIZi.exe
  C:\Windows\System\zaeoIZi.exe
  2⤵
  PID:6320
- C:\Windows\System\xUPzAFH.exe
  C:\Windows\System\xUPzAFH.exe
  2⤵
  PID:6344
- C:\Windows\System\keDUGpD.exe
  C:\Windows\System\keDUGpD.exe
  2⤵
  PID:6372
- C:\Windows\System\SsNWAQq.exe
  C:\Windows\System\SsNWAQq.exe
  2⤵
  PID:6388
- C:\Windows\System\DawXAtI.exe
  C:\Windows\System\DawXAtI.exe
  2⤵
  PID:6404
- C:\Windows\System\xgGOWQP.exe
  C:\Windows\System\xgGOWQP.exe
  2⤵
  PID:6424
- C:\Windows\System\dAomjQl.exe
  C:\Windows\System\dAomjQl.exe
  2⤵
  PID:6440
- C:\Windows\System\ojuwgXX.exe
  C:\Windows\System\ojuwgXX.exe
  2⤵
  PID:6456
- C:\Windows\System\JlRgpDk.exe
  C:\Windows\System\JlRgpDk.exe
  2⤵
  PID:6472
- C:\Windows\System\JEgZfpA.exe
  C:\Windows\System\JEgZfpA.exe
  2⤵
  PID:6488
- C:\Windows\System\nUjlijG.exe
  C:\Windows\System\nUjlijG.exe
  2⤵
  PID:6504
- C:\Windows\System\CaVXtQq.exe
  C:\Windows\System\CaVXtQq.exe
  2⤵
  PID:6520
- C:\Windows\System\oDrBWvF.exe
  C:\Windows\System\oDrBWvF.exe
  2⤵
  PID:6536
- C:\Windows\System\KEbDrQd.exe
  C:\Windows\System\KEbDrQd.exe
  2⤵
  PID:6552
- C:\Windows\System\qlTMKVx.exe
  C:\Windows\System\qlTMKVx.exe
  2⤵
  PID:6568
- C:\Windows\System\bHvqhgQ.exe
  C:\Windows\System\bHvqhgQ.exe
  2⤵
  PID:6584
- C:\Windows\System\bxiQDhY.exe
  C:\Windows\System\bxiQDhY.exe
  2⤵
  PID:6604
- C:\Windows\System\QAzqYAw.exe
  C:\Windows\System\QAzqYAw.exe
  2⤵
  PID:6620
- C:\Windows\System\Efuqxir.exe
  C:\Windows\System\Efuqxir.exe
  2⤵
  PID:6640
- C:\Windows\System\uoWgPeG.exe
  C:\Windows\System\uoWgPeG.exe
  2⤵
  PID:6656
- C:\Windows\System\hTEnUiA.exe
  C:\Windows\System\hTEnUiA.exe
  2⤵
  PID:6676
- C:\Windows\System\JZpIwQv.exe
  C:\Windows\System\JZpIwQv.exe
  2⤵
  PID:6696
- C:\Windows\System\sawiHYf.exe
  C:\Windows\System\sawiHYf.exe
  2⤵
  PID:6772
- C:\Windows\System\aTetUAG.exe
  C:\Windows\System\aTetUAG.exe
  2⤵
  PID:6788
- C:\Windows\System\ZRtYHxV.exe
  C:\Windows\System\ZRtYHxV.exe
  2⤵
  PID:6804
- C:\Windows\System\NnvsWQL.exe
  C:\Windows\System\NnvsWQL.exe
  2⤵
  PID:6820
- C:\Windows\System\rwPzhPc.exe
  C:\Windows\System\rwPzhPc.exe
  2⤵
  PID:6836
- C:\Windows\System\yZYMjYb.exe
  C:\Windows\System\yZYMjYb.exe
  2⤵
  PID:6856
- C:\Windows\System\zobTGJe.exe
  C:\Windows\System\zobTGJe.exe
  2⤵
  PID:6872
- C:\Windows\System\tnXloQi.exe
  C:\Windows\System\tnXloQi.exe
  2⤵
  PID:6888
- C:\Windows\System\cPJtipS.exe
  C:\Windows\System\cPJtipS.exe
  2⤵
  PID:6904
- C:\Windows\System\sIxPZAc.exe
  C:\Windows\System\sIxPZAc.exe
  2⤵
  PID:6920
- C:\Windows\System\DJlQGYt.exe
  C:\Windows\System\DJlQGYt.exe
  2⤵
  PID:6940
- C:\Windows\System\ZShZDOq.exe
  C:\Windows\System\ZShZDOq.exe
  2⤵
  PID:6960
- C:\Windows\System\lFRYMGv.exe
  C:\Windows\System\lFRYMGv.exe
  2⤵
  PID:6980
- C:\Windows\System\WvHfRHq.exe
  C:\Windows\System\WvHfRHq.exe
  2⤵
  PID:7000
- C:\Windows\System\vAkhEKj.exe
  C:\Windows\System\vAkhEKj.exe
  2⤵
  PID:7020
- C:\Windows\System\KXsLTUQ.exe
  C:\Windows\System\KXsLTUQ.exe
  2⤵
  PID:7036
- C:\Windows\System\zopNhlR.exe
  C:\Windows\System\zopNhlR.exe
  2⤵
  PID:7052
- C:\Windows\System\exHgOYY.exe
  C:\Windows\System\exHgOYY.exe
  2⤵
  PID:7068
- C:\Windows\System\VvGkCCB.exe
  C:\Windows\System\VvGkCCB.exe
  2⤵
  PID:7084
- C:\Windows\System\mNQsJUW.exe
  C:\Windows\System\mNQsJUW.exe
  2⤵
  PID:7100
- C:\Windows\System\gfPGFrg.exe
  C:\Windows\System\gfPGFrg.exe
  2⤵
  PID:7116
- C:\Windows\System\qzxIbdx.exe
  C:\Windows\System\qzxIbdx.exe
  2⤵
  PID:7132
- C:\Windows\System\yifUpFG.exe
  C:\Windows\System\yifUpFG.exe
  2⤵
  PID:7148
- C:\Windows\System\yuvtXVP.exe
  C:\Windows\System\yuvtXVP.exe
  2⤵
  PID:2612
- C:\Windows\System\UbsfCbO.exe
  C:\Windows\System\UbsfCbO.exe
  2⤵
  PID:2596
- C:\Windows\System\SJUSNop.exe
  C:\Windows\System\SJUSNop.exe
  2⤵
  PID:1156
- C:\Windows\System\uHCmVur.exe
  C:\Windows\System\uHCmVur.exe
  2⤵
  PID:1664
- C:\Windows\System\NudyVpa.exe
  C:\Windows\System\NudyVpa.exe
  2⤵
  PID:5916
- C:\Windows\System\skMKuza.exe
  C:\Windows\System\skMKuza.exe
  2⤵
  PID:1500
- C:\Windows\System\ALiLDiL.exe
  C:\Windows\System\ALiLDiL.exe
  2⤵
  PID:5372
- C:\Windows\System\QfCsVEo.exe
  C:\Windows\System\QfCsVEo.exe
  2⤵
  PID:6168
- C:\Windows\System\FRLidZH.exe
  C:\Windows\System\FRLidZH.exe
  2⤵
  PID:6184
- C:\Windows\System\FvxxqUh.exe
  C:\Windows\System\FvxxqUh.exe
  2⤵
  PID:6156
- C:\Windows\System\eunVbya.exe
  C:\Windows\System\eunVbya.exe
  2⤵
  PID:6192
- C:\Windows\System\eYZuJhr.exe
  C:\Windows\System\eYZuJhr.exe
  2⤵
  PID:6196
- C:\Windows\System\YYhVCDG.exe
  C:\Windows\System\YYhVCDG.exe
  2⤵
  PID:324
- C:\Windows\System\CfvfTCF.exe
  C:\Windows\System\CfvfTCF.exe
  2⤵
  PID:6292
- C:\Windows\System\pJeWvUT.exe
  C:\Windows\System\pJeWvUT.exe
  2⤵
  PID:6280
- C:\Windows\System\VmGiQFI.exe
  C:\Windows\System\VmGiQFI.exe
  2⤵
  PID:6316
- C:\Windows\System\csnOCQS.exe
  C:\Windows\System\csnOCQS.exe
  2⤵
  PID:6340
- C:\Windows\System\dekqwLn.exe
  C:\Windows\System\dekqwLn.exe
  2⤵
  PID:2692
- C:\Windows\System\AolBNpx.exe
  C:\Windows\System\AolBNpx.exe
  2⤵
  PID:1792
- C:\Windows\System\AAsTeuq.exe
  C:\Windows\System\AAsTeuq.exe
  2⤵
  PID:3028
- C:\Windows\System\ZweDBWC.exe
  C:\Windows\System\ZweDBWC.exe
  2⤵
  PID:1096
- C:\Windows\System\MUYSBRt.exe
  C:\Windows\System\MUYSBRt.exe
  2⤵
  PID:1932
- C:\Windows\System\kkStgjk.exe
  C:\Windows\System\kkStgjk.exe
  2⤵
  PID:2852
- C:\Windows\System\ZlYMvrn.exe
  C:\Windows\System\ZlYMvrn.exe
  2⤵
  PID:6380
- C:\Windows\System\whitmHK.exe
  C:\Windows\System\whitmHK.exe
  2⤵
  PID:6436
- C:\Windows\System\Vqrflib.exe
  C:\Windows\System\Vqrflib.exe
  2⤵
  PID:6500
- C:\Windows\System\WbZqpcH.exe
  C:\Windows\System\WbZqpcH.exe
  2⤵
  PID:6564
- C:\Windows\System\yvvaYij.exe
  C:\Windows\System\yvvaYij.exe
  2⤵
  PID:6628
- C:\Windows\System\bJWRrmB.exe
  C:\Windows\System\bJWRrmB.exe
  2⤵
  PID:6668
- C:\Windows\System\SAlqLhs.exe
  C:\Windows\System\SAlqLhs.exe
  2⤵
  PID:6712
- C:\Windows\System\JMzSPcG.exe
  C:\Windows\System\JMzSPcG.exe
  2⤵
  PID:6728
- C:\Windows\System\lScimWk.exe
  C:\Windows\System\lScimWk.exe
  2⤵
  PID:6412
- C:\Windows\System\veCoEnN.exe
  C:\Windows\System\veCoEnN.exe
  2⤵
  PID:6480
- C:\Windows\System\EXCPTKF.exe
  C:\Windows\System\EXCPTKF.exe
  2⤵
  PID:6548
- C:\Windows\System\bsrqHGQ.exe
  C:\Windows\System\bsrqHGQ.exe
  2⤵
  PID:6616
- C:\Windows\System\srwQvDh.exe
  C:\Windows\System\srwQvDh.exe
  2⤵
  PID:6688
- C:\Windows\System\IcEYtPv.exe
  C:\Windows\System\IcEYtPv.exe
  2⤵
  PID:6764
- C:\Windows\System\UqZeThA.exe
  C:\Windows\System\UqZeThA.exe
  2⤵
  PID:6736
- C:\Windows\System\erRdjMv.exe
  C:\Windows\System\erRdjMv.exe
  2⤵
  PID:6748
- C:\Windows\System\AOAoFcb.exe
  C:\Windows\System\AOAoFcb.exe
  2⤵
  PID:6868
- C:\Windows\System\UQtQVTK.exe
  C:\Windows\System\UQtQVTK.exe
  2⤵
  PID:6796
- C:\Windows\System\NrUHYuC.exe
  C:\Windows\System\NrUHYuC.exe
  2⤵
  PID:6828
- C:\Windows\System\jnbRDll.exe
  C:\Windows\System\jnbRDll.exe
  2⤵
  PID:6356
- C:\Windows\System\ZcKbPgj.exe
  C:\Windows\System\ZcKbPgj.exe
  2⤵
  PID:7016
- C:\Windows\System\uToWpHP.exe
  C:\Windows\System\uToWpHP.exe
  2⤵
  PID:7108
- C:\Windows\System\KRIQedl.exe
  C:\Windows\System\KRIQedl.exe
  2⤵
  PID:6812
- C:\Windows\System\VvFDNzH.exe
  C:\Windows\System\VvFDNzH.exe
  2⤵
  PID:6948
- C:\Windows\System\JUzvlfk.exe
  C:\Windows\System\JUzvlfk.exe
  2⤵
  PID:6996
- C:\Windows\System\aDpvAEN.exe
  C:\Windows\System\aDpvAEN.exe
  2⤵
  PID:7064
- C:\Windows\System\FNGiDTV.exe
  C:\Windows\System\FNGiDTV.exe
  2⤵
  PID:7156
- C:\Windows\System\zOsrzDe.exe
  C:\Windows\System\zOsrzDe.exe
  2⤵
  PID:6240
- C:\Windows\System\KMMzhSp.exe
  C:\Windows\System\KMMzhSp.exe
  2⤵
  PID:6212
- C:\Windows\System\OwfkXCr.exe
  C:\Windows\System\OwfkXCr.exe
  2⤵
  PID:6328
- C:\Windows\System\lnHpLjE.exe
  C:\Windows\System\lnHpLjE.exe
  2⤵
  PID:2184
- C:\Windows\System\nMmPesM.exe
  C:\Windows\System\nMmPesM.exe
  2⤵
  PID:2148
- C:\Windows\System\JDKLgaF.exe
  C:\Windows\System\JDKLgaF.exe
  2⤵
  PID:6352
- C:\Windows\System\XDFmTzN.exe
  C:\Windows\System\XDFmTzN.exe
  2⤵
  PID:2880
- C:\Windows\System\YSAwquh.exe
  C:\Windows\System\YSAwquh.exe
  2⤵
  PID:6532
- C:\Windows\System\ccYCybf.exe
  C:\Windows\System\ccYCybf.exe
  2⤵
  PID:6704
- C:\Windows\System\zqwBzzp.exe
  C:\Windows\System\zqwBzzp.exe
  2⤵
  PID:6512
- C:\Windows\System\QywWZTz.exe
  C:\Windows\System\QywWZTz.exe
  2⤵
  PID:6752
- C:\Windows\System\jxVhkrH.exe
  C:\Windows\System\jxVhkrH.exe
  2⤵
  PID:6936
- C:\Windows\System\HnfbgNn.exe
  C:\Windows\System\HnfbgNn.exe
  2⤵
  PID:7092
- C:\Windows\System\KjVoknO.exe
  C:\Windows\System\KjVoknO.exe
  2⤵
  PID:6664
- C:\Windows\System\ZZKJpen.exe
  C:\Windows\System\ZZKJpen.exe
  2⤵
  PID:6580
- C:\Windows\System\uCpYglO.exe
  C:\Windows\System\uCpYglO.exe
  2⤵
  PID:6708
- C:\Windows\System\abvYcAJ.exe
  C:\Windows\System\abvYcAJ.exe
  2⤵
  PID:6972
- C:\Windows\System\BAhKEgS.exe
  C:\Windows\System\BAhKEgS.exe
  2⤵
  PID:6720
- C:\Windows\System\btqIBIK.exe
  C:\Windows\System\btqIBIK.exe
  2⤵
  PID:7060
- C:\Windows\System\zOcDULh.exe
  C:\Windows\System\zOcDULh.exe
  2⤵
  PID:7144
- C:\Windows\System\cjMpjJz.exe
  C:\Windows\System\cjMpjJz.exe
  2⤵
  PID:2744
- C:\Windows\System\LnMeCUC.exe
  C:\Windows\System\LnMeCUC.exe
  2⤵
  PID:5440
- C:\Windows\System\WkhqWFl.exe
  C:\Windows\System\WkhqWFl.exe
  2⤵
  PID:3052
- C:\Windows\System\sqNNZei.exe
  C:\Windows\System\sqNNZei.exe
  2⤵
  PID:5836
- C:\Windows\System\uGdOLkf.exe
  C:\Windows\System\uGdOLkf.exe
  2⤵
  PID:296
- C:\Windows\System\vRBWbGa.exe
  C:\Windows\System\vRBWbGa.exe
  2⤵
  PID:6272
- C:\Windows\System\tJXIOkV.exe
  C:\Windows\System\tJXIOkV.exe
  2⤵
  PID:6232
- C:\Windows\System\dmACaCm.exe
  C:\Windows\System\dmACaCm.exe
  2⤵
  PID:1336
- C:\Windows\System\mlLzRfc.exe
  C:\Windows\System\mlLzRfc.exe
  2⤵
  PID:6692
- C:\Windows\System\sETtyWr.exe
  C:\Windows\System\sETtyWr.exe
  2⤵
  PID:6636
- C:\Windows\System\yelyQKe.exe
  C:\Windows\System\yelyQKe.exe
  2⤵
  PID:6992
- C:\Windows\System\OYHYSjm.exe
  C:\Windows\System\OYHYSjm.exe
  2⤵
  PID:2296
- C:\Windows\System\TYarlST.exe
  C:\Windows\System\TYarlST.exe
  2⤵
  PID:6600
- C:\Windows\System\GGFBZcs.exe
  C:\Windows\System\GGFBZcs.exe
  2⤵
  PID:7140
- C:\Windows\System\VNZBbGM.exe
  C:\Windows\System\VNZBbGM.exe
  2⤵
  PID:6928
- C:\Windows\System\XdXPbvw.exe
  C:\Windows\System\XdXPbvw.exe
  2⤵
  PID:2604
- C:\Windows\System\UhsKuiR.exe
  C:\Windows\System\UhsKuiR.exe
  2⤵
  PID:6848
- C:\Windows\System\HoVTYZx.exe
  C:\Windows\System\HoVTYZx.exe
  2⤵
  PID:2928
- C:\Windows\System\cktAqaG.exe
  C:\Windows\System\cktAqaG.exe
  2⤵
  PID:6544
- C:\Windows\System\oyCNZSw.exe
  C:\Windows\System\oyCNZSw.exe
  2⤵
  PID:6312
- C:\Windows\System\bRbAtjU.exe
  C:\Windows\System\bRbAtjU.exe
  2⤵
  PID:6360
- C:\Windows\System\QXoBHJj.exe
  C:\Windows\System\QXoBHJj.exe
  2⤵
  PID:7180
- C:\Windows\System\FsFUUfk.exe
  C:\Windows\System\FsFUUfk.exe
  2⤵
  PID:7196
- C:\Windows\System\TvXfHQL.exe
  C:\Windows\System\TvXfHQL.exe
  2⤵
  PID:7248
- C:\Windows\System\YyBAvMK.exe
  C:\Windows\System\YyBAvMK.exe
  2⤵
  PID:7264
- C:\Windows\System\DOexvIp.exe
  C:\Windows\System\DOexvIp.exe
  2⤵
  PID:7280
- C:\Windows\System\bzgGTni.exe
  C:\Windows\System\bzgGTni.exe
  2⤵
  PID:7304
- C:\Windows\System\hDmgqZd.exe
  C:\Windows\System\hDmgqZd.exe
  2⤵
  PID:7320
- C:\Windows\System\kbxeZqc.exe
  C:\Windows\System\kbxeZqc.exe
  2⤵
  PID:7336
- C:\Windows\System\SjQvSCC.exe
  C:\Windows\System\SjQvSCC.exe
  2⤵
  PID:7352
- C:\Windows\System\YZPhMqs.exe
  C:\Windows\System\YZPhMqs.exe
  2⤵
  PID:7372
- C:\Windows\System\ZcPrsuZ.exe
  C:\Windows\System\ZcPrsuZ.exe
  2⤵
  PID:7388
- C:\Windows\System\yvWwYVD.exe
  C:\Windows\System\yvWwYVD.exe
  2⤵
  PID:7412
- C:\Windows\System\avIeUyp.exe
  C:\Windows\System\avIeUyp.exe
  2⤵
  PID:7440
- C:\Windows\System\cmnkCIS.exe
  C:\Windows\System\cmnkCIS.exe
  2⤵
  PID:7460
- C:\Windows\System\ORUpyrR.exe
  C:\Windows\System\ORUpyrR.exe
  2⤵
  PID:7480
- C:\Windows\System\tSOuCDU.exe
  C:\Windows\System\tSOuCDU.exe
  2⤵
  PID:7496
- C:\Windows\System\nzZdNQa.exe
  C:\Windows\System\nzZdNQa.exe
  2⤵
  PID:7516
- C:\Windows\System\LZdfNeF.exe
  C:\Windows\System\LZdfNeF.exe
  2⤵
  PID:7532
- C:\Windows\System\uuwATAz.exe
  C:\Windows\System\uuwATAz.exe
  2⤵
  PID:7548
- C:\Windows\System\gSqbqCi.exe
  C:\Windows\System\gSqbqCi.exe
  2⤵
  PID:7564
- C:\Windows\System\awMBLHx.exe
  C:\Windows\System\awMBLHx.exe
  2⤵
  PID:7580
- C:\Windows\System\xOaNAQV.exe
  C:\Windows\System\xOaNAQV.exe
  2⤵
  PID:7596
- C:\Windows\System\ikgYptf.exe
  C:\Windows\System\ikgYptf.exe
  2⤵
  PID:7612
- C:\Windows\System\oEpDIKx.exe
  C:\Windows\System\oEpDIKx.exe
  2⤵
  PID:7628
- C:\Windows\System\TxuKnEY.exe
  C:\Windows\System\TxuKnEY.exe
  2⤵
  PID:7644
- C:\Windows\System\gTvaQmC.exe
  C:\Windows\System\gTvaQmC.exe
  2⤵
  PID:7660
- C:\Windows\System\iLcTRxV.exe
  C:\Windows\System\iLcTRxV.exe
  2⤵
  PID:7676
- C:\Windows\System\MZfeIxQ.exe
  C:\Windows\System\MZfeIxQ.exe
  2⤵
  PID:7692
- C:\Windows\System\rfBHexm.exe
  C:\Windows\System\rfBHexm.exe
  2⤵
  PID:7708
- C:\Windows\System\KmNJfvz.exe
  C:\Windows\System\KmNJfvz.exe
  2⤵
  PID:7724
- C:\Windows\System\gUMNhKX.exe
  C:\Windows\System\gUMNhKX.exe
  2⤵
  PID:7744
- C:\Windows\System\fOLwCam.exe
  C:\Windows\System\fOLwCam.exe
  2⤵
  PID:7832
- C:\Windows\System\uAgdUVJ.exe
  C:\Windows\System\uAgdUVJ.exe
  2⤵
  PID:7848
- C:\Windows\System\epVdDZi.exe
  C:\Windows\System\epVdDZi.exe
  2⤵
  PID:7864
- C:\Windows\System\ddyTmsW.exe
  C:\Windows\System\ddyTmsW.exe
  2⤵
  PID:7888
- C:\Windows\System\gQtgrEz.exe
  C:\Windows\System\gQtgrEz.exe
  2⤵
  PID:7904
- C:\Windows\System\lKbCrcg.exe
  C:\Windows\System\lKbCrcg.exe
  2⤵
  PID:7920
- C:\Windows\System\hgrFnhR.exe
  C:\Windows\System\hgrFnhR.exe
  2⤵
  PID:7936
- C:\Windows\System\nOrGfPJ.exe
  C:\Windows\System\nOrGfPJ.exe
  2⤵
  PID:7960
- C:\Windows\System\AkFKcGh.exe
  C:\Windows\System\AkFKcGh.exe
  2⤵
  PID:7976
- C:\Windows\System\LlmpvPm.exe
  C:\Windows\System\LlmpvPm.exe
  2⤵
  PID:7992
- C:\Windows\System\QxVUDaB.exe
  C:\Windows\System\QxVUDaB.exe
  2⤵
  PID:8008
- C:\Windows\System\qrnPFoM.exe
  C:\Windows\System\qrnPFoM.exe
  2⤵
  PID:8024
- C:\Windows\System\cgCZhnm.exe
  C:\Windows\System\cgCZhnm.exe
  2⤵
  PID:8040
- C:\Windows\System\JEftBXA.exe
  C:\Windows\System\JEftBXA.exe
  2⤵
  PID:8056
- C:\Windows\System\eCYyLLf.exe
  C:\Windows\System\eCYyLLf.exe
  2⤵
  PID:8072
- C:\Windows\System\vuqDjuW.exe
  C:\Windows\System\vuqDjuW.exe
  2⤵
  PID:8088
- C:\Windows\System\UQyGSHI.exe
  C:\Windows\System\UQyGSHI.exe
  2⤵
  PID:8104
- C:\Windows\System\utvvbVl.exe
  C:\Windows\System\utvvbVl.exe
  2⤵
  PID:8124
- C:\Windows\System\iDvyvEf.exe
  C:\Windows\System\iDvyvEf.exe
  2⤵
  PID:8140
- C:\Windows\System\WFXkcDJ.exe
  C:\Windows\System\WFXkcDJ.exe
  2⤵
  PID:8156
- C:\Windows\System\nTEesAQ.exe
  C:\Windows\System\nTEesAQ.exe
  2⤵
  PID:8172
- C:\Windows\System\HDweyGx.exe
  C:\Windows\System\HDweyGx.exe
  2⤵
  PID:8188
- C:\Windows\System\OmJOKFq.exe
  C:\Windows\System\OmJOKFq.exe
  2⤵
  PID:7080
- C:\Windows\System\GkEXhKj.exe
  C:\Windows\System\GkEXhKj.exe
  2⤵
  PID:6452
- C:\Windows\System\ZzPBwEL.exe
  C:\Windows\System\ZzPBwEL.exe
  2⤵
  PID:2228
- C:\Windows\System\WLAsnuK.exe
  C:\Windows\System\WLAsnuK.exe
  2⤵
  PID:7188
- C:\Windows\System\IrxOTxI.exe
  C:\Windows\System\IrxOTxI.exe
  2⤵
  PID:6684
- C:\Windows\System\bFeoJNs.exe
  C:\Windows\System\bFeoJNs.exe
  2⤵
  PID:7232
- C:\Windows\System\hcbeNQl.exe
  C:\Windows\System\hcbeNQl.exe
  2⤵
  PID:7256
- C:\Windows\System\cNiEPWN.exe
  C:\Windows\System\cNiEPWN.exe
  2⤵
  PID:7296
- C:\Windows\System\FLecSmi.exe
  C:\Windows\System\FLecSmi.exe
  2⤵
  PID:7364
- C:\Windows\System\eLKdzSj.exe
  C:\Windows\System\eLKdzSj.exe
  2⤵
  PID:7404
- C:\Windows\System\pzUxJfe.exe
  C:\Windows\System\pzUxJfe.exe
  2⤵
  PID:7312
- C:\Windows\System\lHLLKKL.exe
  C:\Windows\System\lHLLKKL.exe
  2⤵
  PID:7456
- C:\Windows\System\mvRtCHj.exe
  C:\Windows\System\mvRtCHj.exe
  2⤵
  PID:7488
- C:\Windows\System\BRzXQvX.exe
  C:\Windows\System\BRzXQvX.exe
  2⤵
  PID:7384
- C:\Windows\System\fKjExKX.exe
  C:\Windows\System\fKjExKX.exe
  2⤵
  PID:7432
- C:\Windows\System\kTUHBRx.exe
  C:\Windows\System\kTUHBRx.exe
  2⤵
  PID:7272
- C:\Windows\System\oktYvBg.exe
  C:\Windows\System\oktYvBg.exe
  2⤵
  PID:7512
- C:\Windows\System\bDicrwj.exe
  C:\Windows\System\bDicrwj.exe
  2⤵
  PID:7560
- C:\Windows\System\TKDeuuo.exe
  C:\Windows\System\TKDeuuo.exe
  2⤵
  PID:7624
- C:\Windows\System\DzXvxiR.exe
  C:\Windows\System\DzXvxiR.exe
  2⤵
  PID:7608
- C:\Windows\System\LDZItAY.exe
  C:\Windows\System\LDZItAY.exe
  2⤵
  PID:7544
- C:\Windows\System\TJmTFDD.exe
  C:\Windows\System\TJmTFDD.exe
  2⤵
  PID:7656
- C:\Windows\System\thqVaoR.exe
  C:\Windows\System\thqVaoR.exe
  2⤵
  PID:7700
- C:\Windows\System\RFNDPOK.exe
  C:\Windows\System\RFNDPOK.exe
  2⤵
  PID:7732
- C:\Windows\System\SsgsXSG.exe
  C:\Windows\System\SsgsXSG.exe
  2⤵
  PID:7756
- C:\Windows\System\HoZaSQG.exe
  C:\Windows\System\HoZaSQG.exe
  2⤵
  PID:7772
- C:\Windows\System\uRUvZiY.exe
  C:\Windows\System\uRUvZiY.exe
  2⤵
  PID:7788
- C:\Windows\System\DkDUQVq.exe
  C:\Windows\System\DkDUQVq.exe
  2⤵
  PID:7804
- C:\Windows\System\nPORzPG.exe
  C:\Windows\System\nPORzPG.exe
  2⤵
  PID:7820
- C:\Windows\System\PeSpDsO.exe
  C:\Windows\System\PeSpDsO.exe
  2⤵
  PID:7844
- C:\Windows\System\PxLRMbf.exe
  C:\Windows\System\PxLRMbf.exe
  2⤵
  PID:7884
- C:\Windows\System\LmmwtPk.exe
  C:\Windows\System\LmmwtPk.exe
  2⤵
  PID:7896
- C:\Windows\System\hMhXXmq.exe
  C:\Windows\System\hMhXXmq.exe
  2⤵
  PID:8000
- C:\Windows\System\eMTdlJA.exe
  C:\Windows\System\eMTdlJA.exe
  2⤵
  PID:7944
- C:\Windows\System\yoNThjN.exe
  C:\Windows\System\yoNThjN.exe
  2⤵
  PID:7984
- C:\Windows\System\GizZUfR.exe
  C:\Windows\System\GizZUfR.exe
  2⤵
  PID:8048
- C:\Windows\System\tYLFjIP.exe
  C:\Windows\System\tYLFjIP.exe
  2⤵
  PID:8116
- C:\Windows\System\RPIIDPb.exe
  C:\Windows\System\RPIIDPb.exe
  2⤵
  PID:8120
- C:\Windows\System\ssYekQz.exe
  C:\Windows\System\ssYekQz.exe
  2⤵
  PID:8184
- C:\Windows\System\kwEiNTl.exe
  C:\Windows\System\kwEiNTl.exe
  2⤵
  PID:6332
- C:\Windows\System\OgUszYW.exe
  C:\Windows\System\OgUszYW.exe
  2⤵
  PID:8100
- C:\Windows\System\pnkUyqk.exe
  C:\Windows\System\pnkUyqk.exe
  2⤵
  PID:2432
- C:\Windows\System\QMtZGbS.exe
  C:\Windows\System\QMtZGbS.exe
  2⤵
  PID:8164
- C:\Windows\System\fNKeloB.exe
  C:\Windows\System\fNKeloB.exe
  2⤵
  PID:6864
- C:\Windows\System\bFrPSPQ.exe
  C:\Windows\System\bFrPSPQ.exe
  2⤵
  PID:7332
- C:\Windows\System\blFqYCF.exe
  C:\Windows\System\blFqYCF.exe
  2⤵
  PID:7348
- C:\Windows\System\YzITziO.exe
  C:\Windows\System\YzITziO.exe
  2⤵
  PID:7400
- C:\Windows\System\AGKbhhd.exe
  C:\Windows\System\AGKbhhd.exe
  2⤵
  PID:7380
- C:\Windows\System\rynNYdO.exe
  C:\Windows\System\rynNYdO.exe
  2⤵
  PID:7540
- C:\Windows\System\IPCqBby.exe
  C:\Windows\System\IPCqBby.exe
  2⤵
  PID:7640
- C:\Windows\System\IZGcLlV.exe
  C:\Windows\System\IZGcLlV.exe
  2⤵
  PID:7556
- C:\Windows\System\uMGVmga.exe
  C:\Windows\System\uMGVmga.exe
  2⤵
  PID:7672
- C:\Windows\System\dxsaGQC.exe
  C:\Windows\System\dxsaGQC.exe
  2⤵
  PID:7768
- C:\Windows\System\EcsURmA.exe
  C:\Windows\System\EcsURmA.exe
  2⤵
  PID:7840
- C:\Windows\System\HmGfoYg.exe
  C:\Windows\System\HmGfoYg.exe
  2⤵
  PID:7716
- C:\Windows\System\keTnSZo.exe
  C:\Windows\System\keTnSZo.exe
  2⤵
  PID:7784
- C:\Windows\System\CbHzHhN.exe
  C:\Windows\System\CbHzHhN.exe
  2⤵
  PID:7816
- C:\Windows\System\dEfLlCI.exe
  C:\Windows\System\dEfLlCI.exe
  2⤵
  PID:8016
- C:\Windows\System\nmqHoKC.exe
  C:\Windows\System\nmqHoKC.exe
  2⤵
  PID:7932
- C:\Windows\System\eYtokct.exe
  C:\Windows\System\eYtokct.exe
  2⤵
  PID:8080
- C:\Windows\System\iKbNCbv.exe
  C:\Windows\System\iKbNCbv.exe
  2⤵
  PID:8132
- C:\Windows\System\oKJzGGb.exe
  C:\Windows\System\oKJzGGb.exe
  2⤵
  PID:8136
- C:\Windows\System\bxyQRJr.exe
  C:\Windows\System\bxyQRJr.exe
  2⤵
  PID:7124
- C:\Windows\System\uACpcGG.exe
  C:\Windows\System\uACpcGG.exe
  2⤵
  PID:7472
- C:\Windows\System\babGDSz.exe
  C:\Windows\System\babGDSz.exe
  2⤵
  PID:7764
- C:\Windows\System\GsdNCYf.exe
  C:\Windows\System\GsdNCYf.exe
  2⤵
  PID:7396
- C:\Windows\System\wNSznnb.exe
  C:\Windows\System\wNSznnb.exe
  2⤵
  PID:7328
- C:\Windows\System\TICHoCh.exe
  C:\Windows\System\TICHoCh.exe
  2⤵
  PID:5392
- C:\Windows\System\reFsBzb.exe
  C:\Windows\System\reFsBzb.exe
  2⤵
  PID:7492
- C:\Windows\System\FQrGvYk.exe
  C:\Windows\System\FQrGvYk.exe
  2⤵
  PID:7668
- C:\Windows\System\ZPqvudz.exe
  C:\Windows\System\ZPqvudz.exe
  2⤵
  PID:7880
- C:\Windows\System\tCzgnCn.exe
  C:\Windows\System\tCzgnCn.exe
  2⤵
  PID:7176
- C:\Windows\System\INGbdQL.exe
  C:\Windows\System\INGbdQL.exe
  2⤵
  PID:7736
- C:\Windows\System\MtXjChd.exe
  C:\Windows\System\MtXjChd.exe
  2⤵
  PID:8208
- C:\Windows\System\cwHrtks.exe
  C:\Windows\System\cwHrtks.exe
  2⤵
  PID:8224
- C:\Windows\System\eCBSAkQ.exe
  C:\Windows\System\eCBSAkQ.exe
  2⤵
  PID:8240
- C:\Windows\System\DXJcLZU.exe
  C:\Windows\System\DXJcLZU.exe
  2⤵
  PID:8256
- C:\Windows\System\dSxsgMn.exe
  C:\Windows\System\dSxsgMn.exe
  2⤵
  PID:8272
- C:\Windows\System\ZvyOkcc.exe
  C:\Windows\System\ZvyOkcc.exe
  2⤵
  PID:8288
- C:\Windows\System\IGzOpBb.exe
  C:\Windows\System\IGzOpBb.exe
  2⤵
  PID:8304
- C:\Windows\System\rLIyCfq.exe
  C:\Windows\System\rLIyCfq.exe
  2⤵
  PID:8320
- C:\Windows\System\QxXhROD.exe
  C:\Windows\System\QxXhROD.exe
  2⤵
  PID:8336
- C:\Windows\System\zwSayol.exe
  C:\Windows\System\zwSayol.exe
  2⤵
  PID:8352
- C:\Windows\System\RqkXvnj.exe
  C:\Windows\System\RqkXvnj.exe
  2⤵
  PID:8368
- C:\Windows\System\Orllblz.exe
  C:\Windows\System\Orllblz.exe
  2⤵
  PID:8384
- C:\Windows\System\jhpoumd.exe
  C:\Windows\System\jhpoumd.exe
  2⤵
  PID:8400
- C:\Windows\System\osMYuXq.exe
  C:\Windows\System\osMYuXq.exe
  2⤵
  PID:8416
- C:\Windows\System\KYTSNWx.exe
  C:\Windows\System\KYTSNWx.exe
  2⤵
  PID:8432
- C:\Windows\System\mswVvoP.exe
  C:\Windows\System\mswVvoP.exe
  2⤵
  PID:8448
- C:\Windows\System\LIfZATS.exe
  C:\Windows\System\LIfZATS.exe
  2⤵
  PID:8464
- C:\Windows\System\IqZsvHg.exe
  C:\Windows\System\IqZsvHg.exe
  2⤵
  PID:8480
- C:\Windows\System\YVQHyDe.exe
  C:\Windows\System\YVQHyDe.exe
  2⤵
  PID:8496
- C:\Windows\System\TPRSPEq.exe
  C:\Windows\System\TPRSPEq.exe
  2⤵
  PID:8512
- C:\Windows\System\KxsGzlF.exe
  C:\Windows\System\KxsGzlF.exe
  2⤵
  PID:8528
- C:\Windows\System\RzuacPP.exe
  C:\Windows\System\RzuacPP.exe
  2⤵
  PID:8544
- C:\Windows\System\IpYCWuO.exe
  C:\Windows\System\IpYCWuO.exe
  2⤵
  PID:8560
- C:\Windows\System\fNbhGVP.exe
  C:\Windows\System\fNbhGVP.exe
  2⤵
  PID:8576
- C:\Windows\System\StOQzJT.exe
  C:\Windows\System\StOQzJT.exe
  2⤵
  PID:8592
- C:\Windows\System\iYLAatl.exe
  C:\Windows\System\iYLAatl.exe
  2⤵
  PID:8608
- C:\Windows\System\OdOoiAG.exe
  C:\Windows\System\OdOoiAG.exe
  2⤵
  PID:8624
- C:\Windows\System\RlPnkOQ.exe
  C:\Windows\System\RlPnkOQ.exe
  2⤵
  PID:8640
- C:\Windows\System\CJKixTa.exe
  C:\Windows\System\CJKixTa.exe
  2⤵
  PID:8656
- C:\Windows\System\YQRdOPJ.exe
  C:\Windows\System\YQRdOPJ.exe
  2⤵
  PID:8672
- C:\Windows\System\lmIeWJb.exe
  C:\Windows\System\lmIeWJb.exe
  2⤵
  PID:8688
- C:\Windows\System\wttIKiN.exe
  C:\Windows\System\wttIKiN.exe
  2⤵
  PID:8704
- C:\Windows\System\NgJKMET.exe
  C:\Windows\System\NgJKMET.exe
  2⤵
  PID:8720
- C:\Windows\System\CERMRwH.exe
  C:\Windows\System\CERMRwH.exe
  2⤵
  PID:8736
- C:\Windows\System\WqkbFYH.exe
  C:\Windows\System\WqkbFYH.exe
  2⤵
  PID:8752
- C:\Windows\System\wiOYjDs.exe
  C:\Windows\System\wiOYjDs.exe
  2⤵
  PID:8768
- C:\Windows\System\QgXFipS.exe
  C:\Windows\System\QgXFipS.exe
  2⤵
  PID:8784
- C:\Windows\System\leLctsw.exe
  C:\Windows\System\leLctsw.exe
  2⤵
  PID:8800
- C:\Windows\System\OvRhEch.exe
  C:\Windows\System\OvRhEch.exe
  2⤵
  PID:8816
- C:\Windows\System\zDZBlqJ.exe
  C:\Windows\System\zDZBlqJ.exe
  2⤵
  PID:8832
- C:\Windows\System\lGlxAOu.exe
  C:\Windows\System\lGlxAOu.exe
  2⤵
  PID:8848
- C:\Windows\System\dolDNNT.exe
  C:\Windows\System\dolDNNT.exe
  2⤵
  PID:8864
- C:\Windows\System\zPZpoGg.exe
  C:\Windows\System\zPZpoGg.exe
  2⤵
  PID:8880
- C:\Windows\System\hDwuXQS.exe
  C:\Windows\System\hDwuXQS.exe
  2⤵
  PID:8896
- C:\Windows\System\DTAAayh.exe
  C:\Windows\System\DTAAayh.exe
  2⤵
  PID:8912
- C:\Windows\System\eRFfNNQ.exe
  C:\Windows\System\eRFfNNQ.exe
  2⤵
  PID:8928
- C:\Windows\System\NqvbMGr.exe
  C:\Windows\System\NqvbMGr.exe
  2⤵
  PID:8944
- C:\Windows\System\JHQLzMp.exe
  C:\Windows\System\JHQLzMp.exe
  2⤵
  PID:8960
- C:\Windows\System\XrJpiSZ.exe
  C:\Windows\System\XrJpiSZ.exe
  2⤵
  PID:8976
- C:\Windows\System\UEIdmrJ.exe
  C:\Windows\System\UEIdmrJ.exe
  2⤵
  PID:8992
- C:\Windows\System\gygJYhe.exe
  C:\Windows\System\gygJYhe.exe
  2⤵
  PID:9008
- C:\Windows\System\uGbHbFW.exe
  C:\Windows\System\uGbHbFW.exe
  2⤵
  PID:9024
- C:\Windows\System\IvWeUmX.exe
  C:\Windows\System\IvWeUmX.exe
  2⤵
  PID:9040
- C:\Windows\System\LdNUDlo.exe
  C:\Windows\System\LdNUDlo.exe
  2⤵
  PID:9056
- C:\Windows\System\hVgWTsF.exe
  C:\Windows\System\hVgWTsF.exe
  2⤵
  PID:9072
- C:\Windows\System\qVEScbR.exe
  C:\Windows\System\qVEScbR.exe
  2⤵
  PID:9088
- C:\Windows\System\WuaBYhm.exe
  C:\Windows\System\WuaBYhm.exe
  2⤵
  PID:9104
- C:\Windows\System\hGYhJsz.exe
  C:\Windows\System\hGYhJsz.exe
  2⤵
  PID:9160
- C:\Windows\System\mDuWJTQ.exe
  C:\Windows\System\mDuWJTQ.exe
  2⤵
  PID:9180
- C:\Windows\System\ZqaBgtd.exe
  C:\Windows\System\ZqaBgtd.exe
  2⤵
  PID:9200
- C:\Windows\System\IuScYZd.exe
  C:\Windows\System\IuScYZd.exe
  2⤵
  PID:7448
- C:\Windows\System\gcuHMVA.exe
  C:\Windows\System\gcuHMVA.exe
  2⤵
  PID:5436
- C:\Windows\System\apKNRNl.exe
  C:\Windows\System\apKNRNl.exe
  2⤵
  PID:7688
- C:\Windows\System\pCVaUDY.exe
  C:\Windows\System\pCVaUDY.exe
  2⤵
  PID:8232
- C:\Windows\System\WcsYPzO.exe
  C:\Windows\System\WcsYPzO.exe
  2⤵
  PID:7344
- C:\Windows\System\NwRuEbP.exe
  C:\Windows\System\NwRuEbP.exe
  2⤵
  PID:7424
- C:\Windows\System\yUaVyaa.exe
  C:\Windows\System\yUaVyaa.exe
  2⤵
  PID:8328
- C:\Windows\System\URyKkPk.exe
  C:\Windows\System\URyKkPk.exe
  2⤵
  PID:8220
- C:\Windows\System\yDWtbuH.exe
  C:\Windows\System\yDWtbuH.exe
  2⤵
  PID:8248
- C:\Windows\System\TguLVBf.exe
  C:\Windows\System\TguLVBf.exe
  2⤵
  PID:8396
- C:\Windows\System\dSTUbUg.exe
  C:\Windows\System\dSTUbUg.exe
  2⤵
  PID:8348
- C:\Windows\System\LOKdAvs.exe
  C:\Windows\System\LOKdAvs.exe
  2⤵
  PID:8412
- C:\Windows\System\oExxBjD.exe
  C:\Windows\System\oExxBjD.exe
  2⤵
  PID:8488
- C:\Windows\System\lxRWjWr.exe
  C:\Windows\System\lxRWjWr.exe
  2⤵
  PID:8552
- C:\Windows\System\AMxMxBP.exe
  C:\Windows\System\AMxMxBP.exe
  2⤵
  PID:8616
- C:\Windows\System\wzRJXNs.exe
  C:\Windows\System\wzRJXNs.exe
  2⤵
  PID:7032
- C:\Windows\System\BsqdSyA.exe
  C:\Windows\System\BsqdSyA.exe
  2⤵
  PID:8472
- C:\Windows\System\TLaBglW.exe
  C:\Windows\System\TLaBglW.exe
  2⤵
  PID:8508
- C:\Windows\System\QYmfAtz.exe
  C:\Windows\System\QYmfAtz.exe
  2⤵
  PID:8600
- C:\Windows\System\zsOBjAx.exe
  C:\Windows\System\zsOBjAx.exe
  2⤵
  PID:8668
- C:\Windows\System\CpuGDus.exe
  C:\Windows\System\CpuGDus.exe
  2⤵
  PID:8716
- C:\Windows\System\zLhJtAt.exe
  C:\Windows\System\zLhJtAt.exe
  2⤵
  PID:8696
- C:\Windows\System\XELaYmD.exe
  C:\Windows\System\XELaYmD.exe
  2⤵
  PID:8732
- C:\Windows\System\acfZEHc.exe
  C:\Windows\System\acfZEHc.exe
  2⤵
  PID:8828
- C:\Windows\System\vUfjqTZ.exe
  C:\Windows\System\vUfjqTZ.exe
  2⤵
  PID:8812
- C:\Windows\System\eRxZhvG.exe
  C:\Windows\System\eRxZhvG.exe
  2⤵
  PID:8876
- C:\Windows\System\UhXKAAn.exe
  C:\Windows\System\UhXKAAn.exe
  2⤵
  PID:8908
- C:\Windows\System\TCPTQch.exe
  C:\Windows\System\TCPTQch.exe
  2⤵
  PID:8968
- C:\Windows\System\FDaxuYd.exe
  C:\Windows\System\FDaxuYd.exe
  2⤵
  PID:9000
- C:\Windows\System\YPAUSwq.exe
  C:\Windows\System\YPAUSwq.exe
  2⤵
  PID:9064
- C:\Windows\System\MwnjPpM.exe
  C:\Windows\System\MwnjPpM.exe
  2⤵
  PID:8952
- C:\Windows\System\SwhbWnr.exe
  C:\Windows\System\SwhbWnr.exe
  2⤵
  PID:8988
- C:\Windows\System\gjLsCNB.exe
  C:\Windows\System\gjLsCNB.exe
  2⤵
  PID:9080
- C:\Windows\System\DNkmBdh.exe
  C:\Windows\System\DNkmBdh.exe
  2⤵
  PID:8112
- C:\Windows\System\NGtFxqs.exe
  C:\Windows\System\NGtFxqs.exe
  2⤵
  PID:9132
- C:\Windows\System\oitThhJ.exe
  C:\Windows\System\oitThhJ.exe
  2⤵
  PID:9148
- C:\Windows\System\wRjinRB.exe
  C:\Windows\System\wRjinRB.exe
  2⤵
  PID:9156
- C:\Windows\System\KrxOUfk.exe
  C:\Windows\System\KrxOUfk.exe
  2⤵
  PID:8152
- C:\Windows\System\SBnUAeJ.exe
  C:\Windows\System\SBnUAeJ.exe
  2⤵
  PID:7952
- C:\Windows\System\cUdeGDn.exe
  C:\Windows\System\cUdeGDn.exe
  2⤵
  PID:8344
- C:\Windows\System\qCbkXOb.exe
  C:\Windows\System\qCbkXOb.exe
  2⤵
  PID:9196
- C:\Windows\System\cuzrBsM.exe
  C:\Windows\System\cuzrBsM.exe
  2⤵
  PID:8364
- C:\Windows\System\kxRaUTv.exe
  C:\Windows\System\kxRaUTv.exe
  2⤵
  PID:8392
- C:\Windows\System\EHCJdkM.exe
  C:\Windows\System\EHCJdkM.exe
  2⤵
  PID:8460
- C:\Windows\System\hRFdAlB.exe
  C:\Windows\System\hRFdAlB.exe
  2⤵
  PID:8568
- C:\Windows\System\EHWRbql.exe
  C:\Windows\System\EHWRbql.exe
  2⤵
  PID:8380
- C:\Windows\System\pgPyOxm.exe
  C:\Windows\System\pgPyOxm.exe
  2⤵
  PID:8684
- C:\Windows\System\pqgVGcx.exe
  C:\Windows\System\pqgVGcx.exe
  2⤵
  PID:8408
- C:\Windows\System\vujZaaG.exe
  C:\Windows\System\vujZaaG.exe
  2⤵
  PID:8808
- C:\Windows\System\kmudgEr.exe
  C:\Windows\System\kmudgEr.exe
  2⤵
  PID:8764
- C:\Windows\System\LqIytSs.exe
  C:\Windows\System\LqIytSs.exe
  2⤵
  PID:8700
- C:\Windows\System\NvzcDNk.exe
  C:\Windows\System\NvzcDNk.exe
  2⤵
  PID:8824
- C:\Windows\System\pLgJgIx.exe
  C:\Windows\System\pLgJgIx.exe
  2⤵
  PID:9032
- C:\Windows\System\aYUOMdE.exe
  C:\Windows\System\aYUOMdE.exe
  2⤵
  PID:9052
- C:\Windows\System\YcnKjLD.exe
  C:\Windows\System\YcnKjLD.exe
  2⤵
  PID:9100
- C:\Windows\System\xQNLJiY.exe
  C:\Windows\System\xQNLJiY.exe
  2⤵
  PID:9140
- C:\Windows\System\aPBltmP.exe
  C:\Windows\System\aPBltmP.exe
  2⤵
  PID:7956
- C:\Windows\System\vKUJIxk.exe
  C:\Windows\System\vKUJIxk.exe
  2⤵
  PID:8216
- C:\Windows\System\bTvdEBr.exe
  C:\Windows\System\bTvdEBr.exe
  2⤵
  PID:8312
- C:\Windows\System\qnQfQRb.exe
  C:\Windows\System\qnQfQRb.exe
  2⤵
  PID:8588
- C:\Windows\System\ppoEopj.exe
  C:\Windows\System\ppoEopj.exe
  2⤵
  PID:8524
- C:\Windows\System\TfwsXdc.exe
  C:\Windows\System\TfwsXdc.exe
  2⤵
  PID:8632
- C:\Windows\System\zedxuVA.exe
  C:\Windows\System\zedxuVA.exe
  2⤵
  PID:9096
- C:\Windows\System\rfTAVZt.exe
  C:\Windows\System\rfTAVZt.exe
  2⤵
  PID:9128
- C:\Windows\System\NkxKFDO.exe
  C:\Windows\System\NkxKFDO.exe
  2⤵
  PID:8888
- C:\Windows\System\kVnxANX.exe
  C:\Windows\System\kVnxANX.exe
  2⤵
  PID:8940
- C:\Windows\System\WJttEbJ.exe
  C:\Windows\System\WJttEbJ.exe
  2⤵
  PID:9192
- C:\Windows\System\IaSOTGO.exe
  C:\Windows\System\IaSOTGO.exe
  2⤵
  PID:8252
- C:\Windows\System\QEafJgB.exe
  C:\Windows\System\QEafJgB.exe
  2⤵
  PID:8456
- C:\Windows\System\UTFcqKe.exe
  C:\Windows\System\UTFcqKe.exe
  2⤵
  PID:9176
- C:\Windows\System\HtxEAno.exe
  C:\Windows\System\HtxEAno.exe
  2⤵
  PID:8920
- C:\Windows\System\MQbVkMS.exe
  C:\Windows\System\MQbVkMS.exe
  2⤵
  PID:8300
- C:\Windows\System\NSaimhg.exe
  C:\Windows\System\NSaimhg.exe
  2⤵
  PID:9016
- C:\Windows\System\kAyJwho.exe
  C:\Windows\System\kAyJwho.exe
  2⤵
  PID:9152
- C:\Windows\System\FejfCyX.exe
  C:\Windows\System\FejfCyX.exe
  2⤵
  PID:9220
- C:\Windows\System\tEyLzzM.exe
  C:\Windows\System\tEyLzzM.exe
  2⤵
  PID:9244
- C:\Windows\System\QgbWOoJ.exe
  C:\Windows\System\QgbWOoJ.exe
  2⤵
  PID:9260
- C:\Windows\System\txCrXuh.exe
  C:\Windows\System\txCrXuh.exe
  2⤵
  PID:9276
- C:\Windows\System\ZybAHpL.exe
  C:\Windows\System\ZybAHpL.exe
  2⤵
  PID:9292
- C:\Windows\System\yFOuIIo.exe
  C:\Windows\System\yFOuIIo.exe
  2⤵
  PID:9308
- C:\Windows\System\FeiiKPT.exe
  C:\Windows\System\FeiiKPT.exe
  2⤵
  PID:9324
- C:\Windows\System\FURsQGE.exe
  C:\Windows\System\FURsQGE.exe
  2⤵
  PID:9340
- C:\Windows\System\NpVupHU.exe
  C:\Windows\System\NpVupHU.exe
  2⤵
  PID:9356
- C:\Windows\System\qnDCjev.exe
  C:\Windows\System\qnDCjev.exe
  2⤵
  PID:9372
- C:\Windows\System\GUtpkwZ.exe
  C:\Windows\System\GUtpkwZ.exe
  2⤵
  PID:9388
- C:\Windows\System\tXzGnrX.exe
  C:\Windows\System\tXzGnrX.exe
  2⤵
  PID:9404
- C:\Windows\System\nntdlvx.exe
  C:\Windows\System\nntdlvx.exe
  2⤵
  PID:9420
- C:\Windows\System\qmHOXGN.exe
  C:\Windows\System\qmHOXGN.exe
  2⤵
  PID:9436
- C:\Windows\System\xVqQpXV.exe
  C:\Windows\System\xVqQpXV.exe
  2⤵
  PID:9452
- C:\Windows\System\kkEuMGv.exe
  C:\Windows\System\kkEuMGv.exe
  2⤵
  PID:9468
- C:\Windows\System\YmqtkxW.exe
  C:\Windows\System\YmqtkxW.exe
  2⤵
  PID:9484
- C:\Windows\System\UVWSvVP.exe
  C:\Windows\System\UVWSvVP.exe
  2⤵
  PID:9500
- C:\Windows\System\ELmULmF.exe
  C:\Windows\System\ELmULmF.exe
  2⤵
  PID:9516
- C:\Windows\System\zNAFqAX.exe
  C:\Windows\System\zNAFqAX.exe
  2⤵
  PID:9532
- C:\Windows\System\beMmvsq.exe
  C:\Windows\System\beMmvsq.exe
  2⤵
  PID:9548
- C:\Windows\System\xYuYqLA.exe
  C:\Windows\System\xYuYqLA.exe
  2⤵
  PID:9564
- C:\Windows\System\IUnCybx.exe
  C:\Windows\System\IUnCybx.exe
  2⤵
  PID:9580
- C:\Windows\System\mIjoCRQ.exe
  C:\Windows\System\mIjoCRQ.exe
  2⤵
  PID:9596
- C:\Windows\System\xiqSVNj.exe
  C:\Windows\System\xiqSVNj.exe
  2⤵
  PID:9612
- C:\Windows\System\phcXDWR.exe
  C:\Windows\System\phcXDWR.exe
  2⤵
  PID:9628
- C:\Windows\System\MMlHpam.exe
  C:\Windows\System\MMlHpam.exe
  2⤵
  PID:9644
- C:\Windows\System\AyGAfjO.exe
  C:\Windows\System\AyGAfjO.exe
  2⤵
  PID:9660
- C:\Windows\System\cMeVQNg.exe
  C:\Windows\System\cMeVQNg.exe
  2⤵
  PID:9676
- C:\Windows\System\YnUSuVl.exe
  C:\Windows\System\YnUSuVl.exe
  2⤵
  PID:9712
- C:\Windows\System\SDXHUkk.exe
  C:\Windows\System\SDXHUkk.exe
  2⤵
  PID:9732
- C:\Windows\System\ccMEmQv.exe
  C:\Windows\System\ccMEmQv.exe
  2⤵
  PID:9748
- C:\Windows\System\KRqYOVI.exe
  C:\Windows\System\KRqYOVI.exe
  2⤵
  PID:9764
- C:\Windows\System\yfeqlEY.exe
  C:\Windows\System\yfeqlEY.exe
  2⤵
  PID:9780
- C:\Windows\System\RqewrLa.exe
  C:\Windows\System\RqewrLa.exe
  2⤵
  PID:9796
- C:\Windows\System\BUTcNpP.exe
  C:\Windows\System\BUTcNpP.exe
  2⤵
  PID:9812
- C:\Windows\System\xBDmXlI.exe
  C:\Windows\System\xBDmXlI.exe
  2⤵
  PID:9828
- C:\Windows\System\RLhNyua.exe
  C:\Windows\System\RLhNyua.exe
  2⤵
  PID:9844
- C:\Windows\System\KEoCigw.exe
  C:\Windows\System\KEoCigw.exe
  2⤵
  PID:9860
- C:\Windows\System\WXzWsbt.exe
  C:\Windows\System\WXzWsbt.exe
  2⤵
  PID:9876
- C:\Windows\System\noJqyeA.exe
  C:\Windows\System\noJqyeA.exe
  2⤵
  PID:9892
- C:\Windows\System\TxakuTt.exe
  C:\Windows\System\TxakuTt.exe
  2⤵
  PID:9908
- C:\Windows\System\aoMfExL.exe
  C:\Windows\System\aoMfExL.exe
  2⤵
  PID:9924
- C:\Windows\System\SLQfSFc.exe
  C:\Windows\System\SLQfSFc.exe
  2⤵
  PID:9940
- C:\Windows\System\tYkXaOZ.exe
  C:\Windows\System\tYkXaOZ.exe
  2⤵
  PID:9956
- C:\Windows\System\YyipYHU.exe
  C:\Windows\System\YyipYHU.exe
  2⤵
  PID:9972
- C:\Windows\System\hCHoKkQ.exe
  C:\Windows\System\hCHoKkQ.exe
  2⤵
  PID:9988
- C:\Windows\System\CAIlBDP.exe
  C:\Windows\System\CAIlBDP.exe
  2⤵
  PID:10036
- C:\Windows\System\oTbmjCY.exe
  C:\Windows\System\oTbmjCY.exe
  2⤵
  PID:10092
- C:\Windows\System\NEqbwFO.exe
  C:\Windows\System\NEqbwFO.exe
  2⤵
  PID:10192
- C:\Windows\System\IhXEqxn.exe
  C:\Windows\System\IhXEqxn.exe
  2⤵
  PID:10208
- C:\Windows\System\fyTONYe.exe
  C:\Windows\System\fyTONYe.exe
  2⤵
  PID:10224
- C:\Windows\System\VfXJSZV.exe
  C:\Windows\System\VfXJSZV.exe
  2⤵
  PID:9316
- C:\Windows\System\BiuNYtI.exe
  C:\Windows\System\BiuNYtI.exe
  2⤵
  PID:9232
- C:\Windows\System\IURASpI.exe
  C:\Windows\System\IURASpI.exe
  2⤵
  PID:9444
- C:\Windows\System\TAsBSrK.exe
  C:\Windows\System\TAsBSrK.exe
  2⤵
  PID:9508
- C:\Windows\System\WeYTRUv.exe
  C:\Windows\System\WeYTRUv.exe
  2⤵
  PID:9572
- C:\Windows\System\ENaaRTN.exe
  C:\Windows\System\ENaaRTN.exe
  2⤵
  PID:9432
- C:\Windows\System\JNVnNQX.exe
  C:\Windows\System\JNVnNQX.exe
  2⤵
  PID:9364
- C:\Windows\System\pZAGFKi.exe
  C:\Windows\System\pZAGFKi.exe
  2⤵
  PID:9396
- C:\Windows\System\GpbXRID.exe
  C:\Windows\System\GpbXRID.exe
  2⤵
  PID:9464
- C:\Windows\System\kDxqZpH.exe
  C:\Windows\System\kDxqZpH.exe
  2⤵
  PID:9528
- C:\Windows\System\ZtBIhxi.exe
  C:\Windows\System\ZtBIhxi.exe
  2⤵
  PID:9608
- C:\Windows\System\uILVAYw.exe
  C:\Windows\System\uILVAYw.exe
  2⤵
  PID:9636
- C:\Windows\System\UgodUAq.exe
  C:\Windows\System\UgodUAq.exe
  2⤵
  PID:9656
- C:\Windows\System\wkxeZpI.exe
  C:\Windows\System\wkxeZpI.exe
  2⤵
  PID:9700
- C:\Windows\System\YyiWVTB.exe
  C:\Windows\System\YyiWVTB.exe
  2⤵
  PID:9708
- C:\Windows\System\XgZcmvQ.exe
  C:\Windows\System\XgZcmvQ.exe
  2⤵
  PID:9756
- C:\Windows\System\AyBMUxQ.exe
  C:\Windows\System\AyBMUxQ.exe
  2⤵
  PID:9820
- C:\Windows\System\XorFbfO.exe
  C:\Windows\System\XorFbfO.exe
  2⤵
  PID:9856
- C:\Windows\System\yPRvRho.exe
  C:\Windows\System\yPRvRho.exe
  2⤵
  PID:9920
- C:\Windows\System\DaMapKx.exe
  C:\Windows\System\DaMapKx.exe
  2⤵
  PID:9808
- C:\Windows\System\uTRYMIv.exe
  C:\Windows\System\uTRYMIv.exe
  2⤵
  PID:9772
- C:\Windows\System\PRrbKkC.exe
  C:\Windows\System\PRrbKkC.exe
  2⤵
  PID:9936
- C:\Windows\System\tDhXzBA.exe
  C:\Windows\System\tDhXzBA.exe
  2⤵
  PID:9904
- C:\Windows\System\nSgwEXR.exe
  C:\Windows\System\nSgwEXR.exe
  2⤵
  PID:10000
- C:\Windows\System\eZNYqwj.exe
  C:\Windows\System\eZNYqwj.exe
  2⤵
  PID:10016
- C:\Windows\System\QpPFMEV.exe
  C:\Windows\System\QpPFMEV.exe
  2⤵
  PID:10032
- C:\Windows\System\FNfdULa.exe
  C:\Windows\System\FNfdULa.exe
  2⤵
  PID:10068
- C:\Windows\System\JxsxwEv.exe
  C:\Windows\System\JxsxwEv.exe
  2⤵
  PID:10072
- C:\Windows\System\HMOhptw.exe
  C:\Windows\System\HMOhptw.exe
  2⤵
  PID:9688
- C:\Windows\System\zMAwgob.exe
  C:\Windows\System\zMAwgob.exe
  2⤵
  PID:10112
- C:\Windows\System\DnDuRPo.exe
  C:\Windows\System\DnDuRPo.exe
  2⤵
  PID:10128
- C:\Windows\System\kyahRlh.exe
  C:\Windows\System\kyahRlh.exe
  2⤵
  PID:10144
- C:\Windows\System\UcLSIgx.exe
  C:\Windows\System\UcLSIgx.exe
  2⤵
  PID:10164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BHVIJlB.exe

Filesize
6.0MB

MD5
20ebfe4eaa5d01651e3a8f34023b7ee7

SHA1
0820d1a051bd88c335c720aadb56e6fdbafb89ba

SHA256
62d6ffaf512e775b567320972181d34c5bb3af2b1e42c2f648958d4e63a8977e

SHA512
5bc01bc094de344fa5b2807b7edded188bb9f805a0bd9eff9b14295523567b7ac3cadd843a1c52cd564e3a2944f8e7532c2ce9ebe7872473f1246e221c05c523

Download Submit
C:\Windows\system\BVnOQVX.exe

Filesize
6.0MB

MD5
a746f63955dd949944d108b6f0c8be0f

SHA1
3404957f9e191af7f2bbd1104835c35434a8ef3c

SHA256
202e719292afc1bbc3cbd75dc512571b16e0fbf3875ad177b9bd7a606d6d1ef5

SHA512
4935cd50c8a39a07c1241a443f6c97e010fd8e96379a6942af8d43521b6adb782e8f915ba9917ef1d6ee751f919dbcc904719459aac3c36fc3e1045ceee9f334

Download Submit
C:\Windows\system\EkpobwN.exe

Filesize
6.0MB

MD5
43411ffc4273153c8e4a8807c8cd0c83

SHA1
2b953055a36ea7be3f15a4693c42b7b6e938043c

SHA256
69834f3ee343370887e221fa535f55e32f32f6d9bad6fd9cefc0d897eb201e57

SHA512
287248e404f3651e17505f5bb69a232011cc4353cdf4f1dd8b2720aab5e8451af8214bb27eb446976edd93c06ddf7d9c4b24f684f2e90c18f39235cd9e407461

Download Submit
C:\Windows\system\FuBRkVa.exe

Filesize
6.0MB

MD5
05074ee89eda6f9365c85d3a6878b48f

SHA1
247982dafd0c12e6bcec838ea82a5f9cf387258b

SHA256
aa0eebefb42a0904e8413d8f83772531bbc3146342ea0090c2c20913f570e28c

SHA512
8efb65f8e0a2fc062b58b7bb6bdf3b8762d088e2cece5ef939e26cd444ad88147fa2f8e15e9763ba6e67172a85ed637c9b7358591e3f5fce54084b9b0e8a791d

Download Submit
C:\Windows\system\GkoOfLW.exe

Filesize
6.0MB

MD5
c110db5cab7c70ac818258cdc3f8554e

SHA1
fbea5f85631733bc8b87851ef4f9e86ad87359e0

SHA256
15f82a16886db60ac692eb00d5bf909b613f8e1423b0d8f49dfa0dccb2286581

SHA512
ab48feddcbc10e72ee67082d97b4357c9f445c52093927752fc8943dfbb3f3f18b6d5ced80799c628eea63c8b35fed53d0777c83c3e5905b3bbbecdd2de6e9ff

Download Submit
C:\Windows\system\IiIBHhK.exe

Filesize
6.0MB

MD5
119723c53dc3cd9645d1da6c99329b70

SHA1
c9a6f1d1cca39f55e27d8dd0e5b313e1e6ab09d4

SHA256
3cfbb71a991326ba4af65ee29962f7e6ad00da7fc1c9263a930c8cac92645396

SHA512
499db1c7c29399a6caed7e761616bb56e611c25ba68f3a22b6596e78d1728e6eff70d7ab99bc02b813475615e4c620c1a474277ffc20fb05e62f9068af762d9f

Download Submit
C:\Windows\system\KZOdwpo.exe

Filesize
6.0MB

MD5
977f4e88e8dc211194dd31afec202ecb

SHA1
324fb6f49c3cf1d4b59f2dec1f876d31e0fb76a9

SHA256
d819bdce7174474b4ea3741fed3562dd0c343ce175ba1fb6ebdf65f218319d77

SHA512
f0017b3e479dd1ebfa42cedc5f117b114391e6187d451d6430989dfabc4e75fc78cbb428ffbe8d80838bdb36a4821b706cd3df2c94348ee4ee630101f0be70c6

Download Submit
C:\Windows\system\KbAeZfs.exe

Filesize
6.0MB

MD5
a05779502473a4e4807e86898cbbd29d

SHA1
d2d6335a807a4df0c3e7c0fc411de03537a9a797

SHA256
d0025a77b460ddc52bd736ff29db32741cdccd09e9c74342f88f9d6b8229e9ec

SHA512
52200b67aa09547463223c0a858cc788bb1f6361ac2492da58e87f4e5099fd865ccdbab7fdbc6b924a4dfcc4022112c4010d39ab6fe81c17a520d901f982b679

Download Submit
C:\Windows\system\NZhGGLx.exe

Filesize
6.0MB

MD5
a15e612f60827eb485a92c7e83f2f8d7

SHA1
a5a31f3c6c12e50b29499331aa75b8b59486b7d5

SHA256
a0d877f20bd2f9ee6f5c54512cdde5b0442160c70158658b012ed00af4d461fd

SHA512
bc2ab12068a5da4b7392d2e074f33bede72cb6d7b9217a2a11ed371d5b9ddb90dafb6e45662aa50d6b1f91dbaa0ff352062bdc3c825ad56a3fc6b1b577d4f84b

Download Submit
C:\Windows\system\OhWhHTd.exe

Filesize
6.0MB

MD5
25ff4c5f97b5da1831d6a17e77a7bbe1

SHA1
e3ed63f5bb6e0ab3e762fa6f99481dd8940d2dd5

SHA256
01bab461850f2ec2e9734d0342ffcfb49b007f4fa1166a1bea036482d11a166e

SHA512
08cbb4ddeca16e77baeac3d536c26861a3c4296e75c242761b1c2ed7a8e38bc18513e070fc7060e377b4e878b63b3f023378b48d72e9197657d45ddbe48e6467

Download Submit
C:\Windows\system\PQrddOl.exe

Filesize
6.0MB

MD5
18265a5da1b9d718cee804b183803cb8

SHA1
abde2008d0607be8d75c9ceedea869f588534209

SHA256
fe74071d911350708304f0bb51935199eda73a0e1d5757d943e8052b70b0d859

SHA512
62fbd39ef99b3db3ca50c679f28a8a75179afa3c7f2d76624e0d55843c1ecbacbc93b8775914cce1a28b1ac028244ceaea80c2b7064fae2557e110cf02c3f0c6

Download Submit
C:\Windows\system\SKbeowE.exe

Filesize
6.0MB

MD5
c0f83cfef43748b32136b0f7f1ab2f53

SHA1
a8ec418bbea201cfa7ed160c439f70e458c76698

SHA256
d4e5baf08c0bc29439bdec487014f58a214f9d40ee2970aa4299b05e7e66a4d4

SHA512
8454ea57c3f08a9f1c6e0e65a4fd482053db215307097b05f16a72b6df90c2bdf3a3761b4e512de72751bfc2a357fcff50e21631a9d821626379663ffb4b162f

Download Submit
C:\Windows\system\UqWAlxa.exe

Filesize
6.0MB

MD5
cbdfd1956e5475e07936cd0dcca95ff1

SHA1
f08987459b8eb26b20bf8595f2fb0604c3ccfe2b

SHA256
eff9d9025bd0c2be8186a5eef4a5c228599ab2db026feca6b32a85f6d034505f

SHA512
90f245f1ebbf0cd1c4c14ef1c86d0b7e221d9abeb7a08d9d4d8db64eb8277f727a7f1e1b894954c64c9e5c7c28c6f6be5ffd61862710710849e1d21aa9e2da42

Download Submit
C:\Windows\system\VyGsLkV.exe

Filesize
6.0MB

MD5
6af5d3644594b18cbde2d0e86af38b70

SHA1
fbc22f8b05577c1febd6e60e261fe89b799e20bf

SHA256
9f905fedc7cd1a60158ccb864730b3e3a94329cbfd4d4377a2c22a904faab4e2

SHA512
ea74944b7be1cb0520b6227ab001186223add3edba281c300d75e0728882137fe8637e7b2855652f9eb3660f8d5eac21d966d94a435a78e62c5b670b40539b87

Download Submit
C:\Windows\system\WBqoxPx.exe

Filesize
6.0MB

MD5
e0b36bcd768e73252593491b68f15df6

SHA1
64be9be309fd61df193860e50dd672abcfcef227

SHA256
5835c1f964cf898008e44df0237ffd48740c5e7295f375edd8bc9544580ea13a

SHA512
496702ae17969db2e2e02ef1d0bfc6e4de6c1a52abea5e887ee68d9eb044cf9ae55e1e2ba614747fe20e709099ac332181eb9db429498fe879d4c76df099bf30

Download Submit
C:\Windows\system\aeYKCAM.exe

Filesize
6.0MB

MD5
05d076c689026946e5bd8213cebd0ab8

SHA1
9365a27c957944d03ecb4a7600db2a68a297456d

SHA256
06b8c8d14d7853ee6957a881c76eca9fb4f8404df04776f8eaf22cf1d6c1d42d

SHA512
de77bd72138ce615dba826674097a4e59b712bda527290f9f75050087ebe7176a05c333a9843c92d45b424ca8512e34bf7a7d37494801669a8827bcf5ccc6616

Download Submit
C:\Windows\system\chzHnsP.exe

Filesize
6.0MB

MD5
b8e9d893101e7b0a96b2e705c6e3d2d7

SHA1
50a4aa34523ecc2791db14d0574a885666d43141

SHA256
fddd05f55207c92981f40db4a0ac1da8a47b5f975c79fce2cc8c0a42e622b809

SHA512
94a77dd5188e7d7387b9be0a5a1f147b3ca57ca7fb550288959b546f0e335e1890c57b03f8ebd4f745651facf25e26d7ad0c32222f651f529764986bfe64c887

Download Submit
C:\Windows\system\crheygf.exe

Filesize
6.0MB

MD5
913e64e9a9aeea8238f78a7a94a4d4ae

SHA1
10354253904fbdf49bad43910f8757e2c8c89b3c

SHA256
0b87ba7a24960b4938f363cba7db5f722a6c285dca6fffb5f37a49f646d1bad7

SHA512
71ec6f404f14dddb79144d773ffb163e2863998d1658d9b981bb8c5b00cb9e9f28e95e203934c356fb73fa439bfa2751e45f21f2ae0a9d2931904add477d0cff

Download Submit
C:\Windows\system\dUXfosV.exe

Filesize
6.0MB

MD5
b859d2ad82fece0a3f87b7bf84ab2bfb

SHA1
1ce65c7edb7b1bd069aa99feed434f30a71fe533

SHA256
9aadb030a06dacf8a186cd41fdea419d4a45fe2ad3edd53d9ffff9a667a2ba9a

SHA512
acde69b1850c07a64f75a8f3661ac9f9ef51e0d5ecb540e3e5e6ddff80a3dc25f9bcc338814acd57158487c8455ee5fcde09a9e82e0483b23c59614cd36d2093

Download Submit
C:\Windows\system\gDRbHfW.exe

Filesize
6.0MB

MD5
cb05111e247f8f6aabf488346b39726c

SHA1
4042d23d1df02c4ecf9e82c066d4352ca0283e60

SHA256
3795564bea8425144fa1b1201e8df8de8930c6b5cbf3ef9395fed5b1c197d870

SHA512
0c7f913d2c230963a19104e710de220afa2536d112997130e90bcd381de7a3ad4a27aba4150be1788a70d6814ddc5ef32298757ed8e9f73f5070fb6c2737aebc

Download Submit
C:\Windows\system\gXLGPPd.exe

Filesize
6.0MB

MD5
79cd3f7a5e69b80139d068941c002fa5

SHA1
1179a0a3d3d2473743c91f626f7311543f4ac5a2

SHA256
7145c7bd1583066671805c275d1d781a34427442ba379365a7e4e0539778c2b3

SHA512
58ee5f9161128a1fe0c7cbb79ae5475e3a680cf8cb610c2f7071cc17e24674b59acc35eb4c2b3ee7c9daea7c43443c419b207f58fee83fc1a1d8485db4d6b608

Download Submit
C:\Windows\system\kKoPXFw.exe

Filesize
6.0MB

MD5
25caa9f71ff246b0f61c766295726d94

SHA1
a07a31d01f4282cb435e5cb5d01c49b0e9fda3ea

SHA256
17d09836e4ee1ee2c0f58544e6fd4e9265e6a61f6df0fbefe7481e5dddc34472

SHA512
656ab765a462df1f45cf3a06bee0ee731be6b02509a6fadd7950db45036e707bf8fa72e6398b2ec1d0f05bded18ffe93b23867cf4206c0c3baf14ab7c2d7e3a2

Download Submit
C:\Windows\system\kViHdKY.exe

Filesize
6.0MB

MD5
c4c0e8d44bab6c0a51f9e6774a2ce37c

SHA1
e1692cbf79cf3ee02f6a4648aad842d0888c75b6

SHA256
246a11df24736ad95550a70a472498d8355b116e1e22b20217ef24241a17bc9d

SHA512
4a9fcb2fb02211bab559a11e2b0db005c54a6debfa4a1b1aa3f103b4d71682d535469fd3d50119b9d84846dbac0c549509fdb0ff1f9c434a6a822cc2e0151968

Download Submit
C:\Windows\system\pegOxlg.exe

Filesize
6.0MB

MD5
415a273fa5e93be33366d105e33b612c

SHA1
0b6b75c470e3e118aa22c1393083a3f7738cd301

SHA256
77744fdec5fb50678fc354e4cf382a3771e3f3e62562a36b1a7a377f75f10e6b

SHA512
91bcd416fbb2ec69f93d004901139716ed419cf6ff3c1e83ef0fc44cbacd9f6d9e86957b1b4ddcc0d948b95de79d6341e9db4584e9cd1373ed2fd4938d47c0b9

Download Submit
C:\Windows\system\suoBCKW.exe

Filesize
6.0MB

MD5
ac0ca487b16f79c56677b38e41eb9074

SHA1
0cf3a0c44753c9dd91fb1e08030afcbf7c3ca7f9

SHA256
efff2319a6736d6bb1e6befeee4847e72ed81bed31978a61145e91d35220b569

SHA512
08b70352812ab5e4c4d9f29fb3b90de772a5503c3f351775bc7fda67a1e6d6f820e094df31bed74f5b29291df06fdcb2324a9f227d8af0164e68169eb0eb41b2

Download Submit
C:\Windows\system\tJROAPq.exe

Filesize
6.0MB

MD5
f6d0dc063a8f68f290eeaa9a923da1d6

SHA1
8b98842bed67bfcfd31ccd599dd136a7222b2978

SHA256
826e4d9283a5e28a68b8c4c550c59cc83971837ef214ecb1c10cd353f1e65872

SHA512
110197b88ff92dfc78a0cfc4dfcd16859edd6f872bad0cf4240e9ac66e034c0be29d705eb4c379e9c4c5763fd3fe2317c1d7c1a1885c9013d7404bdec42d8fdd

Download Submit
C:\Windows\system\urSqzgl.exe

Filesize
6.0MB

MD5
4456f5335c03d8520acdfd902dd09992

SHA1
33283adcfbd2e2057c2c2bc3805767652c6e4a31

SHA256
d9d6805ff922bde4702ec33906e9d395c54c85739eca48faab4a0c7281fcbb83

SHA512
3fb8cab47cf3e5ea055694a84fc618062b7ad3fdbd27e306c1e16096b016cc6b9e497370f164e57e55e64a33dbfe2618d4f77f87a5ad21492dab236b9bf40c13

Download Submit
C:\Windows\system\wlrGGEv.exe

Filesize
6.0MB

MD5
02fdca2690191d19cace05599f033333

SHA1
33fc284a5cf9ee9e576f6569d8beb54cd9b3792c

SHA256
895c20f2f96c47d7312881f8aeded383a5db90c3c8702fd1e0a19ca2b67ede64

SHA512
17db6b931b00af9457a985947a60553205459d3b46e2ed02704d23f971a194aae577cab04d1f1de8e3779877329b0658e83dcd8272d712f9dcde43498e2dcd25

Download Submit
C:\Windows\system\wlxINnO.exe

Filesize
6.0MB

MD5
987b9e03f2d7df7350f407d3fe0c5a97

SHA1
4d3f6ff44cad72ce7029aee6c07dc9f84aa032ec

SHA256
58aa69281f44d97d643a84dad7ea30f75b55aa383e2efa70f1eefe3ca2d88347

SHA512
5c202465455b6e7007ba59303815e1406c3c9cbf5126ab41d451aa974fce5c708c4aaaf2fedb6129e7b8169f8984945430c70713272d076db2970a6aa92d39b0

Download Submit
C:\Windows\system\wtpcwto.exe

Filesize
6.0MB

MD5
db1fcd3118f760cca9b55fb376434ff0

SHA1
32ba44117456deac9e3d6b7702845411a012671d

SHA256
9b89cb393d387ec7c09f7b0e780b72230883aaa7d7838084b5cd126cb61d3b69

SHA512
d201fdbf78e64c47ef11d82cb083c19cd973850b5e4a947b5bbb6b24aaea11c2024a6dfefb8ebf3f437d65481926b495aecddfc9a2f0aec691527b30e3e8c620

Download Submit
\Windows\system\wfsgImZ.exe

Filesize
6.0MB

MD5
d8ca0943f7db82f2e9224c53a0cac221

SHA1
5c0d840af22de6b481a3e614c0bad0219105b1b9

SHA256
0db28f20ab5e4bb84f27a7720620ca2a96e24baa3a28994b7a82ded01d0e349e

SHA512
5f6c4fe10e939dd0467fbcf785b2095a3e2a3367ad69e3fd3c226ecf34c5f5192df5fe94be275d8f424a2b359dc2b25db1835586bcc780c8fb521736d88af5af

Download Submit
\Windows\system\zGPfJPD.exe

Filesize
6.0MB

MD5
f206c68048de1e5ac2373aad040108ad

SHA1
18f523d19bbc953354995ae4e0dbe0e852268cdd

SHA256
0e62767cc1917f6e56588e8f759e1c4e19a49713727afa98e063347633e4176f

SHA512
3022d8e8e350a01af48c9bcb58cce1c5e0626f5522a6eab13c00c785e3788bc7cb85fba483fc2763e9e8611b53a228c5a93e005b9ae1dfb504837626266041fe

Download Submit
memory/2224-1987-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2224-1701-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-0-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2224-3691-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2224-2602-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2224-1912-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2224-1910-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2224-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2224-21-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-1986-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2572-3616-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2588-2107-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2588-3620-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1905-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3590-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2912-3647-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-1698-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download