cobaltstrike | f016fa583889ee579e4bdd922827b2b0da6998c4d75984318fe82677b79d9e3c

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 03:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

01a6cc61e2e62540e5c9398909a69442
SHA1

0ff3d6e9833c49faa7849de3b14630bd914ddbfa
SHA256

f016fa583889ee579e4bdd922827b2b0da6998c4d75984318fe82677b79d9e3c
SHA512

ebe22c93e44adb9337a36f2518ed29426dada378c60db10313a09b8b949bcf7dfe98416141a4cf67bb37f307393d88d42f27a373cdead9bca1446b8fc16fddb9
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU+:T+q56utgpPF8u/7+

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d41-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d59-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d81-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ec4-26.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4b-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-135.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-160.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-158.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-125.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ecf-100.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df3-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-86.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d77-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6b-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d67-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d54-55.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d43-45.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001610d-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f7b-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f25-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral1/memory/2592-0-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-6.dat	xmrig
behavioral1/files/0x0008000000015d41-11.dat	xmrig
behavioral1/files/0x0008000000015d59-12.dat	xmrig
behavioral1/files/0x0008000000015d81-21.dat	xmrig
behavioral1/files/0x0007000000015ec4-26.dat	xmrig
behavioral1/files/0x0006000000016d4b-50.dat	xmrig
behavioral1/files/0x0006000000016d6f-70.dat	xmrig
behavioral1/files/0x0006000000017497-110.dat	xmrig
behavioral1/files/0x00050000000186e7-127.dat	xmrig
behavioral1/memory/2768-1871-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2592-2083-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2876-2082-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2904-2105-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2592-2107-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2932-2139-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2504-2034-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2936-2268-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2076-1860-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2388-1848-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/1752-1856-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x00050000000187a8-155.dat	xmrig
behavioral1/files/0x0005000000018739-151.dat	xmrig
behavioral1/files/0x0005000000018744-148.dat	xmrig
behavioral1/files/0x0005000000018704-142.dat	xmrig
behavioral1/files/0x00050000000186f1-135.dat	xmrig
behavioral1/files/0x000600000001755b-120.dat	xmrig
behavioral1/files/0x000500000001878e-160.dat	xmrig
behavioral1/files/0x0006000000018b4e-158.dat	xmrig
behavioral1/files/0x00050000000186f4-141.dat	xmrig
behavioral1/files/0x00050000000186ed-132.dat	xmrig
behavioral1/files/0x0005000000018686-125.dat	xmrig
behavioral1/files/0x000600000001749c-115.dat	xmrig
behavioral1/files/0x0006000000017049-105.dat	xmrig
behavioral1/files/0x0006000000016ecf-100.dat	xmrig
behavioral1/files/0x0006000000016df3-95.dat	xmrig
behavioral1/files/0x0006000000016dea-90.dat	xmrig
behavioral1/files/0x0006000000016de8-86.dat	xmrig
behavioral1/files/0x0006000000016d9f-80.dat	xmrig
behavioral1/files/0x0006000000016d77-75.dat	xmrig
behavioral1/files/0x0006000000016d6b-65.dat	xmrig
behavioral1/files/0x0006000000016d67-60.dat	xmrig
behavioral1/files/0x0006000000016d54-55.dat	xmrig
behavioral1/files/0x0008000000016d43-45.dat	xmrig
behavioral1/files/0x000900000001610d-41.dat	xmrig
behavioral1/files/0x0007000000015f7b-36.dat	xmrig
behavioral1/files/0x0007000000015f25-30.dat	xmrig
behavioral1/memory/2592-2791-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2592-2892-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2592-2897-0x0000000002540000-0x0000000002894000-memory.dmp	xmrig
behavioral1/memory/2388-3786-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2076-3787-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2936-3789-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2504-3788-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/1752-3790-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2876-3791-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2932-3793-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2904-3794-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2768-3792-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2388	ISegblv.exe
1752	rLRiLcV.exe
2076	wLDqWVp.exe
2768	GpFwAJJ.exe
2504	tUbTmpO.exe
2876	EGOnZys.exe
2904	pqamiHa.exe
2932	lPSjfAa.exe
2936	avepTrq.exe
2964	EMyNMcp.exe
2996	pSQNcws.exe
2848	pVHVDOa.exe
2680	gsBNXFB.exe
2740	ezkfqno.exe
2100	qCEGbrv.exe
2312	lhLcaZL.exe
348	MAEPwcO.exe
1480	fPZRLmD.exe
1988	qQPpMXf.exe
1580	LnhqxvA.exe
556	AljPfgB.exe
1644	atfTQJF.exe
2856	YedrVPi.exe
808	nboxdVw.exe
2776	KknIyoh.exe
1504	FVqbxCA.exe
2212	oXVgBFm.exe
1816	vwVFMrI.exe
2580	rQfsiiO.exe
2656	HjFngeP.exe
700	hAiEBAn.exe
2164	aXbCYoj.exe
2300	hAYPGXO.exe
1796	hZNBPYw.exe
2140	sfvpSCX.exe
2268	kzABlml.exe
2116	LfkhZMA.exe
2276	LTUYXWs.exe
1904	uHTqUPc.exe
1944	sHYJCEE.exe
900	nFRdsGn.exe
752	jaPQyIh.exe
2492	IKHrsCA.exe
2272	myDAUyG.exe
2148	BXZZjbP.exe
2108	GjYpwdX.exe
644	ExUREqI.exe
2284	NTTHbMB.exe
1540	rQVpusM.exe
1228	Dzstybs.exe
1056	RHeQxJp.exe
1928	iUslKWf.exe
2644	FXHUIKx.exe
2560	fkMqioG.exe
1596	cBfNAVS.exe
1600	FqtAuxB.exe
2620	ISyxjVJ.exe
2500	pvkFHzP.exe
2784	HOZJaHt.exe
2880	LlMNSca.exe
2832	gtxhOfj.exe
2792	MrHxjlm.exe
2844	FodxBRV.exe
2724	lTENOcK.exe

Loads dropped DLL 64 IoCs

pid	Process
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 55 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2592-0-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/files/0x0007000000012118-6.dat	upx
behavioral1/files/0x0008000000015d41-11.dat	upx
behavioral1/files/0x0008000000015d59-12.dat	upx
behavioral1/files/0x0008000000015d81-21.dat	upx
behavioral1/files/0x0007000000015ec4-26.dat	upx
behavioral1/files/0x0006000000016d4b-50.dat	upx
behavioral1/files/0x0006000000016d6f-70.dat	upx
behavioral1/files/0x0006000000017497-110.dat	upx
behavioral1/files/0x00050000000186e7-127.dat	upx
behavioral1/memory/2768-1871-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2876-2082-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2904-2105-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2932-2139-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2504-2034-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2936-2268-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2076-1860-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2388-1848-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/1752-1856-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x00050000000187a8-155.dat	upx
behavioral1/files/0x0005000000018739-151.dat	upx
behavioral1/files/0x0005000000018744-148.dat	upx
behavioral1/files/0x0005000000018704-142.dat	upx
behavioral1/files/0x00050000000186f1-135.dat	upx
behavioral1/files/0x000600000001755b-120.dat	upx
behavioral1/files/0x000500000001878e-160.dat	upx
behavioral1/files/0x0006000000018b4e-158.dat	upx
behavioral1/files/0x00050000000186f4-141.dat	upx
behavioral1/files/0x00050000000186ed-132.dat	upx
behavioral1/files/0x0005000000018686-125.dat	upx
behavioral1/files/0x000600000001749c-115.dat	upx
behavioral1/files/0x0006000000017049-105.dat	upx
behavioral1/files/0x0006000000016ecf-100.dat	upx
behavioral1/files/0x0006000000016df3-95.dat	upx
behavioral1/files/0x0006000000016dea-90.dat	upx
behavioral1/files/0x0006000000016de8-86.dat	upx
behavioral1/files/0x0006000000016d9f-80.dat	upx
behavioral1/files/0x0006000000016d77-75.dat	upx
behavioral1/files/0x0006000000016d6b-65.dat	upx
behavioral1/files/0x0006000000016d67-60.dat	upx
behavioral1/files/0x0006000000016d54-55.dat	upx
behavioral1/files/0x0008000000016d43-45.dat	upx
behavioral1/files/0x000900000001610d-41.dat	upx
behavioral1/files/0x0007000000015f7b-36.dat	upx
behavioral1/files/0x0007000000015f25-30.dat	upx
behavioral1/memory/2592-2791-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2388-3786-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2076-3787-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2936-3789-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2504-3788-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/1752-3790-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2876-3791-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2932-3793-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2904-3794-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2768-3792-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\AljPfgB.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fkMqioG.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pjKNcLt.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bdIiXbN.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GtuPKbq.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ErldZOM.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lhLcaZL.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qexJHLh.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GflQDDh.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sONcGrm.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SMrihoc.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\beGAoMy.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYTRvoj.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbrijOH.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jnZOLbF.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVtQrOO.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yZGDlMM.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bvelpgo.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TGYGNqd.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QxGnMQX.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nDfLclq.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DvnWsQJ.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rUVEgDr.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gnYMiHM.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ufZZzuc.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rnOkUPr.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sbnKHVw.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgZObJe.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rRRYRLK.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wAzkoRp.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TDnFwYY.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ASnNXGD.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\REqipao.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IsBmzuv.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jIfWRGJ.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MalpxGF.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nDkBBJF.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OSOGXjE.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VumdRYs.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYtPagJ.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NpaPwoL.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NqbIMRA.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YmYEeTn.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qOfTNPQ.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HhYgHnb.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EGOnZys.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxYYNov.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYbKgZI.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhqWRDO.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oWtWedy.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SEgGYpw.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eJZqDdo.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ELnoDBv.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iPuQYdc.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aciJZFp.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ovsRohU.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dMDZdXm.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bcKEUGG.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TmCHFjf.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQcbPQF.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pvkFHzP.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTFYlbX.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IqAYYWT.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tChancK.exe	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2592 wrote to memory of 2388	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2592 wrote to memory of 2388	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2592 wrote to memory of 2388	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2592 wrote to memory of 1752	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2592 wrote to memory of 1752	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2592 wrote to memory of 1752	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2592 wrote to memory of 2076	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2592 wrote to memory of 2076	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2592 wrote to memory of 2076	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2592 wrote to memory of 2768	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2592 wrote to memory of 2768	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2592 wrote to memory of 2768	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2592 wrote to memory of 2504	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2592 wrote to memory of 2504	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2592 wrote to memory of 2504	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2592 wrote to memory of 2876	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2592 wrote to memory of 2876	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2592 wrote to memory of 2876	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2592 wrote to memory of 2904	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2592 wrote to memory of 2904	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2592 wrote to memory of 2904	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2592 wrote to memory of 2932	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2592 wrote to memory of 2932	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2592 wrote to memory of 2932	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2592 wrote to memory of 2936	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2592 wrote to memory of 2936	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2592 wrote to memory of 2936	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2592 wrote to memory of 2964	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2592 wrote to memory of 2964	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2592 wrote to memory of 2964	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2592 wrote to memory of 2996	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2592 wrote to memory of 2996	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2592 wrote to memory of 2996	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2592 wrote to memory of 2848	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2592 wrote to memory of 2848	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2592 wrote to memory of 2848	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2592 wrote to memory of 2680	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2592 wrote to memory of 2680	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2592 wrote to memory of 2680	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2592 wrote to memory of 2740	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2592 wrote to memory of 2740	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2592 wrote to memory of 2740	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2592 wrote to memory of 2100	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2592 wrote to memory of 2100	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2592 wrote to memory of 2100	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2592 wrote to memory of 2312	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2592 wrote to memory of 2312	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2592 wrote to memory of 2312	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2592 wrote to memory of 348	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2592 wrote to memory of 348	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2592 wrote to memory of 348	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2592 wrote to memory of 1480	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2592 wrote to memory of 1480	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2592 wrote to memory of 1480	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2592 wrote to memory of 1988	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2592 wrote to memory of 1988	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2592 wrote to memory of 1988	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2592 wrote to memory of 1580	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2592 wrote to memory of 1580	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2592 wrote to memory of 1580	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2592 wrote to memory of 556	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2592 wrote to memory of 556	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2592 wrote to memory of 556	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2592 wrote to memory of 1644	2592	2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_01a6cc61e2e62540e5c9398909a69442_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Windows\System\ISegblv.exe
  C:\Windows\System\ISegblv.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\rLRiLcV.exe
  C:\Windows\System\rLRiLcV.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\wLDqWVp.exe
  C:\Windows\System\wLDqWVp.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\GpFwAJJ.exe
  C:\Windows\System\GpFwAJJ.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\tUbTmpO.exe
  C:\Windows\System\tUbTmpO.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\EGOnZys.exe
  C:\Windows\System\EGOnZys.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\pqamiHa.exe
  C:\Windows\System\pqamiHa.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\lPSjfAa.exe
  C:\Windows\System\lPSjfAa.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\avepTrq.exe
  C:\Windows\System\avepTrq.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\EMyNMcp.exe
  C:\Windows\System\EMyNMcp.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\pSQNcws.exe
  C:\Windows\System\pSQNcws.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\pVHVDOa.exe
  C:\Windows\System\pVHVDOa.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\gsBNXFB.exe
  C:\Windows\System\gsBNXFB.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\ezkfqno.exe
  C:\Windows\System\ezkfqno.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\qCEGbrv.exe
  C:\Windows\System\qCEGbrv.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\lhLcaZL.exe
  C:\Windows\System\lhLcaZL.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\MAEPwcO.exe
  C:\Windows\System\MAEPwcO.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\fPZRLmD.exe
  C:\Windows\System\fPZRLmD.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\qQPpMXf.exe
  C:\Windows\System\qQPpMXf.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\LnhqxvA.exe
  C:\Windows\System\LnhqxvA.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\AljPfgB.exe
  C:\Windows\System\AljPfgB.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\atfTQJF.exe
  C:\Windows\System\atfTQJF.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\YedrVPi.exe
  C:\Windows\System\YedrVPi.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\nboxdVw.exe
  C:\Windows\System\nboxdVw.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\KknIyoh.exe
  C:\Windows\System\KknIyoh.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\aXbCYoj.exe
  C:\Windows\System\aXbCYoj.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\FVqbxCA.exe
  C:\Windows\System\FVqbxCA.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\hAYPGXO.exe
  C:\Windows\System\hAYPGXO.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\oXVgBFm.exe
  C:\Windows\System\oXVgBFm.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\hZNBPYw.exe
  C:\Windows\System\hZNBPYw.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\vwVFMrI.exe
  C:\Windows\System\vwVFMrI.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\sfvpSCX.exe
  C:\Windows\System\sfvpSCX.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\rQfsiiO.exe
  C:\Windows\System\rQfsiiO.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\kzABlml.exe
  C:\Windows\System\kzABlml.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\HjFngeP.exe
  C:\Windows\System\HjFngeP.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\LfkhZMA.exe
  C:\Windows\System\LfkhZMA.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\hAiEBAn.exe
  C:\Windows\System\hAiEBAn.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\LTUYXWs.exe
  C:\Windows\System\LTUYXWs.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\uHTqUPc.exe
  C:\Windows\System\uHTqUPc.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\sHYJCEE.exe
  C:\Windows\System\sHYJCEE.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\nFRdsGn.exe
  C:\Windows\System\nFRdsGn.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\jaPQyIh.exe
  C:\Windows\System\jaPQyIh.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\IKHrsCA.exe
  C:\Windows\System\IKHrsCA.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\myDAUyG.exe
  C:\Windows\System\myDAUyG.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\BXZZjbP.exe
  C:\Windows\System\BXZZjbP.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\GjYpwdX.exe
  C:\Windows\System\GjYpwdX.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\ExUREqI.exe
  C:\Windows\System\ExUREqI.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\NTTHbMB.exe
  C:\Windows\System\NTTHbMB.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\rQVpusM.exe
  C:\Windows\System\rQVpusM.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\Dzstybs.exe
  C:\Windows\System\Dzstybs.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\RHeQxJp.exe
  C:\Windows\System\RHeQxJp.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\iUslKWf.exe
  C:\Windows\System\iUslKWf.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\FXHUIKx.exe
  C:\Windows\System\FXHUIKx.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\fkMqioG.exe
  C:\Windows\System\fkMqioG.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\cBfNAVS.exe
  C:\Windows\System\cBfNAVS.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\FqtAuxB.exe
  C:\Windows\System\FqtAuxB.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\ISyxjVJ.exe
  C:\Windows\System\ISyxjVJ.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\pvkFHzP.exe
  C:\Windows\System\pvkFHzP.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\HOZJaHt.exe
  C:\Windows\System\HOZJaHt.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\LlMNSca.exe
  C:\Windows\System\LlMNSca.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\gtxhOfj.exe
  C:\Windows\System\gtxhOfj.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\MrHxjlm.exe
  C:\Windows\System\MrHxjlm.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\FodxBRV.exe
  C:\Windows\System\FodxBRV.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\lTENOcK.exe
  C:\Windows\System\lTENOcK.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\AnMRstO.exe
  C:\Windows\System\AnMRstO.exe
  2⤵
  PID:2332
- C:\Windows\System\kCkenYa.exe
  C:\Windows\System\kCkenYa.exe
  2⤵
  PID:568
- C:\Windows\System\VcrXybZ.exe
  C:\Windows\System\VcrXybZ.exe
  2⤵
  PID:1028
- C:\Windows\System\LSPvtxK.exe
  C:\Windows\System\LSPvtxK.exe
  2⤵
  PID:840
- C:\Windows\System\ZtQmCuJ.exe
  C:\Windows\System\ZtQmCuJ.exe
  2⤵
  PID:1200
- C:\Windows\System\xcZKply.exe
  C:\Windows\System\xcZKply.exe
  2⤵
  PID:2360
- C:\Windows\System\pjKNcLt.exe
  C:\Windows\System\pjKNcLt.exe
  2⤵
  PID:2160
- C:\Windows\System\UsUvrcE.exe
  C:\Windows\System\UsUvrcE.exe
  2⤵
  PID:320
- C:\Windows\System\YwgfNRI.exe
  C:\Windows\System\YwgfNRI.exe
  2⤵
  PID:1588
- C:\Windows\System\WZpTTKi.exe
  C:\Windows\System\WZpTTKi.exe
  2⤵
  PID:1204
- C:\Windows\System\xYtPagJ.exe
  C:\Windows\System\xYtPagJ.exe
  2⤵
  PID:2196
- C:\Windows\System\OSOGXjE.exe
  C:\Windows\System\OSOGXjE.exe
  2⤵
  PID:408
- C:\Windows\System\ipWoDDJ.exe
  C:\Windows\System\ipWoDDJ.exe
  2⤵
  PID:1344
- C:\Windows\System\BsdwaeI.exe
  C:\Windows\System\BsdwaeI.exe
  2⤵
  PID:1132
- C:\Windows\System\vNGKLag.exe
  C:\Windows\System\vNGKLag.exe
  2⤵
  PID:1948
- C:\Windows\System\QpcLodE.exe
  C:\Windows\System\QpcLodE.exe
  2⤵
  PID:952
- C:\Windows\System\zyIdaQN.exe
  C:\Windows\System\zyIdaQN.exe
  2⤵
  PID:1556
- C:\Windows\System\BKSxLsT.exe
  C:\Windows\System\BKSxLsT.exe
  2⤵
  PID:1224
- C:\Windows\System\lezDzFr.exe
  C:\Windows\System\lezDzFr.exe
  2⤵
  PID:3036
- C:\Windows\System\iPuQYdc.exe
  C:\Windows\System\iPuQYdc.exe
  2⤵
  PID:2208
- C:\Windows\System\PcpMySC.exe
  C:\Windows\System\PcpMySC.exe
  2⤵
  PID:992
- C:\Windows\System\oJHzlbd.exe
  C:\Windows\System\oJHzlbd.exe
  2⤵
  PID:1980
- C:\Windows\System\gxfwDvk.exe
  C:\Windows\System\gxfwDvk.exe
  2⤵
  PID:2040
- C:\Windows\System\qTLNymQ.exe
  C:\Windows\System\qTLNymQ.exe
  2⤵
  PID:800
- C:\Windows\System\psvFCzp.exe
  C:\Windows\System\psvFCzp.exe
  2⤵
  PID:1720
- C:\Windows\System\VUBdlqw.exe
  C:\Windows\System\VUBdlqw.exe
  2⤵
  PID:1716
- C:\Windows\System\mvNqQqY.exe
  C:\Windows\System\mvNqQqY.exe
  2⤵
  PID:2944
- C:\Windows\System\GzCSjYX.exe
  C:\Windows\System\GzCSjYX.exe
  2⤵
  PID:2416
- C:\Windows\System\mUvHllD.exe
  C:\Windows\System\mUvHllD.exe
  2⤵
  PID:2528
- C:\Windows\System\JxYYNov.exe
  C:\Windows\System\JxYYNov.exe
  2⤵
  PID:2676
- C:\Windows\System\DgMhtem.exe
  C:\Windows\System\DgMhtem.exe
  2⤵
  PID:316
- C:\Windows\System\nyoLBrx.exe
  C:\Windows\System\nyoLBrx.exe
  2⤵
  PID:3000
- C:\Windows\System\MeOFiDR.exe
  C:\Windows\System\MeOFiDR.exe
  2⤵
  PID:1684
- C:\Windows\System\wItPhrZ.exe
  C:\Windows\System\wItPhrZ.exe
  2⤵
  PID:2588
- C:\Windows\System\HkeBoKM.exe
  C:\Windows\System\HkeBoKM.exe
  2⤵
  PID:684
- C:\Windows\System\NkjIRRq.exe
  C:\Windows\System\NkjIRRq.exe
  2⤵
  PID:2660
- C:\Windows\System\GIVpCNb.exe
  C:\Windows\System\GIVpCNb.exe
  2⤵
  PID:2188
- C:\Windows\System\GJfwiqX.exe
  C:\Windows\System\GJfwiqX.exe
  2⤵
  PID:1512
- C:\Windows\System\BKxjqhe.exe
  C:\Windows\System\BKxjqhe.exe
  2⤵
  PID:2540
- C:\Windows\System\ORfjOmo.exe
  C:\Windows\System\ORfjOmo.exe
  2⤵
  PID:1312
- C:\Windows\System\BFwvbXP.exe
  C:\Windows\System\BFwvbXP.exe
  2⤵
  PID:1792
- C:\Windows\System\peRNWDq.exe
  C:\Windows\System\peRNWDq.exe
  2⤵
  PID:1672
- C:\Windows\System\kzPtevZ.exe
  C:\Windows\System\kzPtevZ.exe
  2⤵
  PID:3068
- C:\Windows\System\rhwzACr.exe
  C:\Windows\System\rhwzACr.exe
  2⤵
  PID:1408
- C:\Windows\System\pFvtOAc.exe
  C:\Windows\System\pFvtOAc.exe
  2⤵
  PID:1640
- C:\Windows\System\FrrcwPH.exe
  C:\Windows\System\FrrcwPH.exe
  2⤵
  PID:1524
- C:\Windows\System\ysKlnKq.exe
  C:\Windows\System\ysKlnKq.exe
  2⤵
  PID:2516
- C:\Windows\System\lOPrTAO.exe
  C:\Windows\System\lOPrTAO.exe
  2⤵
  PID:2224
- C:\Windows\System\AWILiUl.exe
  C:\Windows\System\AWILiUl.exe
  2⤵
  PID:3092
- C:\Windows\System\XSqfGjB.exe
  C:\Windows\System\XSqfGjB.exe
  2⤵
  PID:3108
- C:\Windows\System\LmagftD.exe
  C:\Windows\System\LmagftD.exe
  2⤵
  PID:3132
- C:\Windows\System\qQmogUA.exe
  C:\Windows\System\qQmogUA.exe
  2⤵
  PID:3152
- C:\Windows\System\JFncVkJ.exe
  C:\Windows\System\JFncVkJ.exe
  2⤵
  PID:3172
- C:\Windows\System\RXwbBHW.exe
  C:\Windows\System\RXwbBHW.exe
  2⤵
  PID:3188
- C:\Windows\System\YOoxzsD.exe
  C:\Windows\System\YOoxzsD.exe
  2⤵
  PID:3208
- C:\Windows\System\jTSBaNX.exe
  C:\Windows\System\jTSBaNX.exe
  2⤵
  PID:3232
- C:\Windows\System\jYztvqs.exe
  C:\Windows\System\jYztvqs.exe
  2⤵
  PID:3248
- C:\Windows\System\AfVwxFE.exe
  C:\Windows\System\AfVwxFE.exe
  2⤵
  PID:3264
- C:\Windows\System\YILTajJ.exe
  C:\Windows\System\YILTajJ.exe
  2⤵
  PID:3284
- C:\Windows\System\wOUzjVB.exe
  C:\Windows\System\wOUzjVB.exe
  2⤵
  PID:3304
- C:\Windows\System\oSURSKf.exe
  C:\Windows\System\oSURSKf.exe
  2⤵
  PID:3324
- C:\Windows\System\sBQStwM.exe
  C:\Windows\System\sBQStwM.exe
  2⤵
  PID:3348
- C:\Windows\System\zYbKgZI.exe
  C:\Windows\System\zYbKgZI.exe
  2⤵
  PID:3372
- C:\Windows\System\ElInmtk.exe
  C:\Windows\System\ElInmtk.exe
  2⤵
  PID:3392
- C:\Windows\System\qBPiusy.exe
  C:\Windows\System\qBPiusy.exe
  2⤵
  PID:3412
- C:\Windows\System\mYGWSIg.exe
  C:\Windows\System\mYGWSIg.exe
  2⤵
  PID:3428
- C:\Windows\System\zLRTuKk.exe
  C:\Windows\System\zLRTuKk.exe
  2⤵
  PID:3452
- C:\Windows\System\qjiiPzF.exe
  C:\Windows\System\qjiiPzF.exe
  2⤵
  PID:3472
- C:\Windows\System\pEiDYDI.exe
  C:\Windows\System\pEiDYDI.exe
  2⤵
  PID:3488
- C:\Windows\System\KuYqetF.exe
  C:\Windows\System\KuYqetF.exe
  2⤵
  PID:3512
- C:\Windows\System\gvbdOBO.exe
  C:\Windows\System\gvbdOBO.exe
  2⤵
  PID:3532
- C:\Windows\System\pnQjacG.exe
  C:\Windows\System\pnQjacG.exe
  2⤵
  PID:3548
- C:\Windows\System\lKOPIos.exe
  C:\Windows\System\lKOPIos.exe
  2⤵
  PID:3568
- C:\Windows\System\lnOAdVH.exe
  C:\Windows\System\lnOAdVH.exe
  2⤵
  PID:3592
- C:\Windows\System\NccsWRR.exe
  C:\Windows\System\NccsWRR.exe
  2⤵
  PID:3608
- C:\Windows\System\VHJUDjg.exe
  C:\Windows\System\VHJUDjg.exe
  2⤵
  PID:3632
- C:\Windows\System\fnAFlpY.exe
  C:\Windows\System\fnAFlpY.exe
  2⤵
  PID:3648
- C:\Windows\System\rmVpPcP.exe
  C:\Windows\System\rmVpPcP.exe
  2⤵
  PID:3672
- C:\Windows\System\ecvOIfH.exe
  C:\Windows\System\ecvOIfH.exe
  2⤵
  PID:3688
- C:\Windows\System\JjLCJhJ.exe
  C:\Windows\System\JjLCJhJ.exe
  2⤵
  PID:3712
- C:\Windows\System\hVjDoOW.exe
  C:\Windows\System\hVjDoOW.exe
  2⤵
  PID:3728
- C:\Windows\System\rndtaKy.exe
  C:\Windows\System\rndtaKy.exe
  2⤵
  PID:3752
- C:\Windows\System\xzkZVoa.exe
  C:\Windows\System\xzkZVoa.exe
  2⤵
  PID:3768
- C:\Windows\System\rjArgIn.exe
  C:\Windows\System\rjArgIn.exe
  2⤵
  PID:3792
- C:\Windows\System\TmXUoVi.exe
  C:\Windows\System\TmXUoVi.exe
  2⤵
  PID:3808
- C:\Windows\System\MwnUGTS.exe
  C:\Windows\System\MwnUGTS.exe
  2⤵
  PID:3832
- C:\Windows\System\HUhandv.exe
  C:\Windows\System\HUhandv.exe
  2⤵
  PID:3848
- C:\Windows\System\euZJhgL.exe
  C:\Windows\System\euZJhgL.exe
  2⤵
  PID:3872
- C:\Windows\System\CnijCnL.exe
  C:\Windows\System\CnijCnL.exe
  2⤵
  PID:3892
- C:\Windows\System\qkYHYks.exe
  C:\Windows\System\qkYHYks.exe
  2⤵
  PID:3912
- C:\Windows\System\roCouig.exe
  C:\Windows\System\roCouig.exe
  2⤵
  PID:3928
- C:\Windows\System\OifKkch.exe
  C:\Windows\System\OifKkch.exe
  2⤵
  PID:3952
- C:\Windows\System\UODgANN.exe
  C:\Windows\System\UODgANN.exe
  2⤵
  PID:3968
- C:\Windows\System\MEzMbBQ.exe
  C:\Windows\System\MEzMbBQ.exe
  2⤵
  PID:3992
- C:\Windows\System\OoOXSbG.exe
  C:\Windows\System\OoOXSbG.exe
  2⤵
  PID:4012
- C:\Windows\System\zWopdgr.exe
  C:\Windows\System\zWopdgr.exe
  2⤵
  PID:4028
- C:\Windows\System\gnkDinm.exe
  C:\Windows\System\gnkDinm.exe
  2⤵
  PID:4044
- C:\Windows\System\sqbImyY.exe
  C:\Windows\System\sqbImyY.exe
  2⤵
  PID:4064
- C:\Windows\System\jwEvrGS.exe
  C:\Windows\System\jwEvrGS.exe
  2⤵
  PID:4092
- C:\Windows\System\mNtNtka.exe
  C:\Windows\System\mNtNtka.exe
  2⤵
  PID:2508
- C:\Windows\System\fpbSNWK.exe
  C:\Windows\System\fpbSNWK.exe
  2⤵
  PID:968
- C:\Windows\System\ADdgpPg.exe
  C:\Windows\System\ADdgpPg.exe
  2⤵
  PID:2980
- C:\Windows\System\rQLmJWS.exe
  C:\Windows\System\rQLmJWS.exe
  2⤵
  PID:484
- C:\Windows\System\EmQMDYH.exe
  C:\Windows\System\EmQMDYH.exe
  2⤵
  PID:2252
- C:\Windows\System\FokNqiR.exe
  C:\Windows\System\FokNqiR.exe
  2⤵
  PID:2868
- C:\Windows\System\lokStyf.exe
  C:\Windows\System\lokStyf.exe
  2⤵
  PID:1876
- C:\Windows\System\kWElknK.exe
  C:\Windows\System\kWElknK.exe
  2⤵
  PID:2240
- C:\Windows\System\tPBAQtV.exe
  C:\Windows\System\tPBAQtV.exe
  2⤵
  PID:1736
- C:\Windows\System\NsCMPAR.exe
  C:\Windows\System\NsCMPAR.exe
  2⤵
  PID:2800
- C:\Windows\System\ayVcBTQ.exe
  C:\Windows\System\ayVcBTQ.exe
  2⤵
  PID:2200
- C:\Windows\System\abXWidV.exe
  C:\Windows\System\abXWidV.exe
  2⤵
  PID:3104
- C:\Windows\System\RoptlsW.exe
  C:\Windows\System\RoptlsW.exe
  2⤵
  PID:3144
- C:\Windows\System\DFUWPvj.exe
  C:\Windows\System\DFUWPvj.exe
  2⤵
  PID:3128
- C:\Windows\System\AgiEcPf.exe
  C:\Windows\System\AgiEcPf.exe
  2⤵
  PID:3164
- C:\Windows\System\lEQDppA.exe
  C:\Windows\System\lEQDppA.exe
  2⤵
  PID:3256
- C:\Windows\System\RArEuho.exe
  C:\Windows\System\RArEuho.exe
  2⤵
  PID:3204
- C:\Windows\System\BuNwkfo.exe
  C:\Windows\System\BuNwkfo.exe
  2⤵
  PID:3240
- C:\Windows\System\TDnFwYY.exe
  C:\Windows\System\TDnFwYY.exe
  2⤵
  PID:3316
- C:\Windows\System\DXslHmp.exe
  C:\Windows\System\DXslHmp.exe
  2⤵
  PID:3320
- C:\Windows\System\ZTcGoNU.exe
  C:\Windows\System\ZTcGoNU.exe
  2⤵
  PID:3420
- C:\Windows\System\EeYNTNF.exe
  C:\Windows\System\EeYNTNF.exe
  2⤵
  PID:3400
- C:\Windows\System\FWjVavT.exe
  C:\Windows\System\FWjVavT.exe
  2⤵
  PID:3460
- C:\Windows\System\qvLsVSA.exe
  C:\Windows\System\qvLsVSA.exe
  2⤵
  PID:3504
- C:\Windows\System\oXrCRbb.exe
  C:\Windows\System\oXrCRbb.exe
  2⤵
  PID:3540
- C:\Windows\System\wqFgwAa.exe
  C:\Windows\System\wqFgwAa.exe
  2⤵
  PID:3584
- C:\Windows\System\SDVZngD.exe
  C:\Windows\System\SDVZngD.exe
  2⤵
  PID:3564
- C:\Windows\System\PMZgArR.exe
  C:\Windows\System\PMZgArR.exe
  2⤵
  PID:3620
- C:\Windows\System\sJyoATC.exe
  C:\Windows\System\sJyoATC.exe
  2⤵
  PID:3640
- C:\Windows\System\zSplBIr.exe
  C:\Windows\System\zSplBIr.exe
  2⤵
  PID:3700
- C:\Windows\System\ZTMNfUp.exe
  C:\Windows\System\ZTMNfUp.exe
  2⤵
  PID:3684
- C:\Windows\System\qsgJscI.exe
  C:\Windows\System\qsgJscI.exe
  2⤵
  PID:3740
- C:\Windows\System\osEHpTu.exe
  C:\Windows\System\osEHpTu.exe
  2⤵
  PID:3788
- C:\Windows\System\aleDFNP.exe
  C:\Windows\System\aleDFNP.exe
  2⤵
  PID:3828
- C:\Windows\System\dNyTUsb.exe
  C:\Windows\System\dNyTUsb.exe
  2⤵
  PID:3860
- C:\Windows\System\VMCCJZF.exe
  C:\Windows\System\VMCCJZF.exe
  2⤵
  PID:3888
- C:\Windows\System\FAyaPwT.exe
  C:\Windows\System\FAyaPwT.exe
  2⤵
  PID:3904
- C:\Windows\System\dEnYwCk.exe
  C:\Windows\System\dEnYwCk.exe
  2⤵
  PID:3944
- C:\Windows\System\IFsAlQk.exe
  C:\Windows\System\IFsAlQk.exe
  2⤵
  PID:3988
- C:\Windows\System\qecwUKq.exe
  C:\Windows\System\qecwUKq.exe
  2⤵
  PID:4020
- C:\Windows\System\rDUTEQO.exe
  C:\Windows\System\rDUTEQO.exe
  2⤵
  PID:4036
- C:\Windows\System\aQsaRgL.exe
  C:\Windows\System\aQsaRgL.exe
  2⤵
  PID:4080
- C:\Windows\System\sUGIMjC.exe
  C:\Windows\System\sUGIMjC.exe
  2⤵
  PID:1680
- C:\Windows\System\XrUICrX.exe
  C:\Windows\System\XrUICrX.exe
  2⤵
  PID:3056
- C:\Windows\System\mUoMBRR.exe
  C:\Windows\System\mUoMBRR.exe
  2⤵
  PID:868
- C:\Windows\System\inWLvxB.exe
  C:\Windows\System\inWLvxB.exe
  2⤵
  PID:1288
- C:\Windows\System\emlvQgV.exe
  C:\Windows\System\emlvQgV.exe
  2⤵
  PID:1732
- C:\Windows\System\ylSammR.exe
  C:\Windows\System\ylSammR.exe
  2⤵
  PID:3148
- C:\Windows\System\fTpjJaD.exe
  C:\Windows\System\fTpjJaD.exe
  2⤵
  PID:3184
- C:\Windows\System\bJUbxnB.exe
  C:\Windows\System\bJUbxnB.exe
  2⤵
  PID:3200
- C:\Windows\System\aHlLIVp.exe
  C:\Windows\System\aHlLIVp.exe
  2⤵
  PID:3356
- C:\Windows\System\hrnaXiV.exe
  C:\Windows\System\hrnaXiV.exe
  2⤵
  PID:3100
- C:\Windows\System\vHwrzfm.exe
  C:\Windows\System\vHwrzfm.exe
  2⤵
  PID:3500
- C:\Windows\System\ffprqFq.exe
  C:\Windows\System\ffprqFq.exe
  2⤵
  PID:3228
- C:\Windows\System\ChVluGz.exe
  C:\Windows\System\ChVluGz.exe
  2⤵
  PID:3704
- C:\Windows\System\ZeVoOpf.exe
  C:\Windows\System\ZeVoOpf.exe
  2⤵
  PID:3340
- C:\Windows\System\hZojiWF.exe
  C:\Windows\System\hZojiWF.exe
  2⤵
  PID:3368
- C:\Windows\System\auBYFKt.exe
  C:\Windows\System\auBYFKt.exe
  2⤵
  PID:3276
- C:\Windows\System\ZMZdtdy.exe
  C:\Windows\System\ZMZdtdy.exe
  2⤵
  PID:3856
- C:\Windows\System\bFAOQik.exe
  C:\Windows\System\bFAOQik.exe
  2⤵
  PID:3480
- C:\Windows\System\vRFqpFA.exe
  C:\Windows\System\vRFqpFA.exe
  2⤵
  PID:3900
- C:\Windows\System\WlmaTYI.exe
  C:\Windows\System\WlmaTYI.exe
  2⤵
  PID:3604
- C:\Windows\System\lDfcPET.exe
  C:\Windows\System\lDfcPET.exe
  2⤵
  PID:3744
- C:\Windows\System\njwzEnm.exe
  C:\Windows\System\njwzEnm.exe
  2⤵
  PID:3984
- C:\Windows\System\tHXqFVD.exe
  C:\Windows\System\tHXqFVD.exe
  2⤵
  PID:3008
- C:\Windows\System\wRmGgLE.exe
  C:\Windows\System\wRmGgLE.exe
  2⤵
  PID:3820
- C:\Windows\System\cCDKhPS.exe
  C:\Windows\System\cCDKhPS.exe
  2⤵
  PID:3924
- C:\Windows\System\cLJGMRL.exe
  C:\Windows\System\cLJGMRL.exe
  2⤵
  PID:4000
- C:\Windows\System\bwyIwDG.exe
  C:\Windows\System\bwyIwDG.exe
  2⤵
  PID:1552
- C:\Windows\System\YEbRqDZ.exe
  C:\Windows\System\YEbRqDZ.exe
  2⤵
  PID:3440
- C:\Windows\System\kYuKuJb.exe
  C:\Windows\System\kYuKuJb.exe
  2⤵
  PID:3656
- C:\Windows\System\ZEDRkoG.exe
  C:\Windows\System\ZEDRkoG.exe
  2⤵
  PID:3544
- C:\Windows\System\byOhdpy.exe
  C:\Windows\System\byOhdpy.exe
  2⤵
  PID:3724
- C:\Windows\System\yaTqXNG.exe
  C:\Windows\System\yaTqXNG.exe
  2⤵
  PID:1932
- C:\Windows\System\WWjpfqm.exe
  C:\Windows\System\WWjpfqm.exe
  2⤵
  PID:2940
- C:\Windows\System\ZiwkeVS.exe
  C:\Windows\System\ZiwkeVS.exe
  2⤵
  PID:3936
- C:\Windows\System\TvkDWRO.exe
  C:\Windows\System\TvkDWRO.exe
  2⤵
  PID:3088
- C:\Windows\System\dDGrwgu.exe
  C:\Windows\System\dDGrwgu.exe
  2⤵
  PID:3280
- C:\Windows\System\pdLcOgz.exe
  C:\Windows\System\pdLcOgz.exe
  2⤵
  PID:3244
- C:\Windows\System\ALPJpaZ.exe
  C:\Windows\System\ALPJpaZ.exe
  2⤵
  PID:3816
- C:\Windows\System\GtghdQQ.exe
  C:\Windows\System\GtghdQQ.exe
  2⤵
  PID:4072
- C:\Windows\System\usgzyJg.exe
  C:\Windows\System\usgzyJg.exe
  2⤵
  PID:3336
- C:\Windows\System\DGKQUXY.exe
  C:\Windows\System\DGKQUXY.exe
  2⤵
  PID:4104
- C:\Windows\System\QYbMThp.exe
  C:\Windows\System\QYbMThp.exe
  2⤵
  PID:4128
- C:\Windows\System\ppwnJpN.exe
  C:\Windows\System\ppwnJpN.exe
  2⤵
  PID:4148
- C:\Windows\System\PwtjAvH.exe
  C:\Windows\System\PwtjAvH.exe
  2⤵
  PID:4168
- C:\Windows\System\auqGhFz.exe
  C:\Windows\System\auqGhFz.exe
  2⤵
  PID:4188
- C:\Windows\System\oFsIHmX.exe
  C:\Windows\System\oFsIHmX.exe
  2⤵
  PID:4208
- C:\Windows\System\qwJZzYh.exe
  C:\Windows\System\qwJZzYh.exe
  2⤵
  PID:4228
- C:\Windows\System\VvfisbI.exe
  C:\Windows\System\VvfisbI.exe
  2⤵
  PID:4244
- C:\Windows\System\OwsYOXM.exe
  C:\Windows\System\OwsYOXM.exe
  2⤵
  PID:4264
- C:\Windows\System\advkIbv.exe
  C:\Windows\System\advkIbv.exe
  2⤵
  PID:4284
- C:\Windows\System\sLCBUYb.exe
  C:\Windows\System\sLCBUYb.exe
  2⤵
  PID:4308
- C:\Windows\System\bcKEUGG.exe
  C:\Windows\System\bcKEUGG.exe
  2⤵
  PID:4328
- C:\Windows\System\oBlzbse.exe
  C:\Windows\System\oBlzbse.exe
  2⤵
  PID:4348
- C:\Windows\System\NnlLovG.exe
  C:\Windows\System\NnlLovG.exe
  2⤵
  PID:4364
- C:\Windows\System\FdKqcOU.exe
  C:\Windows\System\FdKqcOU.exe
  2⤵
  PID:4388
- C:\Windows\System\UskTNKV.exe
  C:\Windows\System\UskTNKV.exe
  2⤵
  PID:4408
- C:\Windows\System\CnDOatO.exe
  C:\Windows\System\CnDOatO.exe
  2⤵
  PID:4428
- C:\Windows\System\FduFZvd.exe
  C:\Windows\System\FduFZvd.exe
  2⤵
  PID:4448
- C:\Windows\System\PINsPog.exe
  C:\Windows\System\PINsPog.exe
  2⤵
  PID:4468
- C:\Windows\System\XaMCASj.exe
  C:\Windows\System\XaMCASj.exe
  2⤵
  PID:4488
- C:\Windows\System\BgQQILN.exe
  C:\Windows\System\BgQQILN.exe
  2⤵
  PID:4508
- C:\Windows\System\zSuTyDO.exe
  C:\Windows\System\zSuTyDO.exe
  2⤵
  PID:4528
- C:\Windows\System\QMTnNnt.exe
  C:\Windows\System\QMTnNnt.exe
  2⤵
  PID:4548
- C:\Windows\System\JHChlKd.exe
  C:\Windows\System\JHChlKd.exe
  2⤵
  PID:4568
- C:\Windows\System\jyuUKYg.exe
  C:\Windows\System\jyuUKYg.exe
  2⤵
  PID:4588
- C:\Windows\System\YXpTkcJ.exe
  C:\Windows\System\YXpTkcJ.exe
  2⤵
  PID:4608
- C:\Windows\System\kSSxHGl.exe
  C:\Windows\System\kSSxHGl.exe
  2⤵
  PID:4628
- C:\Windows\System\FGswirq.exe
  C:\Windows\System\FGswirq.exe
  2⤵
  PID:4644
- C:\Windows\System\BfTltuY.exe
  C:\Windows\System\BfTltuY.exe
  2⤵
  PID:4664
- C:\Windows\System\vuOhBRY.exe
  C:\Windows\System\vuOhBRY.exe
  2⤵
  PID:4684
- C:\Windows\System\xEitGaQ.exe
  C:\Windows\System\xEitGaQ.exe
  2⤵
  PID:4704
- C:\Windows\System\obuScFU.exe
  C:\Windows\System\obuScFU.exe
  2⤵
  PID:4728
- C:\Windows\System\QLUvaSl.exe
  C:\Windows\System\QLUvaSl.exe
  2⤵
  PID:4748
- C:\Windows\System\umkmLcf.exe
  C:\Windows\System\umkmLcf.exe
  2⤵
  PID:4768
- C:\Windows\System\luMJvJt.exe
  C:\Windows\System\luMJvJt.exe
  2⤵
  PID:4788
- C:\Windows\System\hrAzAaH.exe
  C:\Windows\System\hrAzAaH.exe
  2⤵
  PID:4808
- C:\Windows\System\LlnxGoT.exe
  C:\Windows\System\LlnxGoT.exe
  2⤵
  PID:4828
- C:\Windows\System\nrtINFC.exe
  C:\Windows\System\nrtINFC.exe
  2⤵
  PID:4844
- C:\Windows\System\fksZJGH.exe
  C:\Windows\System\fksZJGH.exe
  2⤵
  PID:4868
- C:\Windows\System\alMYZzm.exe
  C:\Windows\System\alMYZzm.exe
  2⤵
  PID:4888
- C:\Windows\System\toTbkPu.exe
  C:\Windows\System\toTbkPu.exe
  2⤵
  PID:4904
- C:\Windows\System\vptePrb.exe
  C:\Windows\System\vptePrb.exe
  2⤵
  PID:4924
- C:\Windows\System\AiXhrrl.exe
  C:\Windows\System\AiXhrrl.exe
  2⤵
  PID:4948
- C:\Windows\System\vjPDhEU.exe
  C:\Windows\System\vjPDhEU.exe
  2⤵
  PID:4964
- C:\Windows\System\TNUgSyB.exe
  C:\Windows\System\TNUgSyB.exe
  2⤵
  PID:4980
- C:\Windows\System\xzaOkgb.exe
  C:\Windows\System\xzaOkgb.exe
  2⤵
  PID:5004
- C:\Windows\System\oIJZLdu.exe
  C:\Windows\System\oIJZLdu.exe
  2⤵
  PID:5028
- C:\Windows\System\GrKxxRO.exe
  C:\Windows\System\GrKxxRO.exe
  2⤵
  PID:5048
- C:\Windows\System\DtIRCdq.exe
  C:\Windows\System\DtIRCdq.exe
  2⤵
  PID:5068
- C:\Windows\System\viSDkWf.exe
  C:\Windows\System\viSDkWf.exe
  2⤵
  PID:5088
- C:\Windows\System\nsOwLdx.exe
  C:\Windows\System\nsOwLdx.exe
  2⤵
  PID:5108
- C:\Windows\System\tAdhKSG.exe
  C:\Windows\System\tAdhKSG.exe
  2⤵
  PID:3384
- C:\Windows\System\FvMZGAw.exe
  C:\Windows\System\FvMZGAw.exe
  2⤵
  PID:3660
- C:\Windows\System\vXszixR.exe
  C:\Windows\System\vXszixR.exe
  2⤵
  PID:3736
- C:\Windows\System\HxysnXg.exe
  C:\Windows\System\HxysnXg.exe
  2⤵
  PID:3784
- C:\Windows\System\YKRnWta.exe
  C:\Windows\System\YKRnWta.exe
  2⤵
  PID:3580
- C:\Windows\System\IKNMxin.exe
  C:\Windows\System\IKNMxin.exe
  2⤵
  PID:3800
- C:\Windows\System\nZcvLct.exe
  C:\Windows\System\nZcvLct.exe
  2⤵
  PID:3524
- C:\Windows\System\VRJnCpi.exe
  C:\Windows\System\VRJnCpi.exe
  2⤵
  PID:4100
- C:\Windows\System\qKpYaLs.exe
  C:\Windows\System\qKpYaLs.exe
  2⤵
  PID:4116
- C:\Windows\System\nDCfdIk.exe
  C:\Windows\System\nDCfdIk.exe
  2⤵
  PID:4144
- C:\Windows\System\bdIiXbN.exe
  C:\Windows\System\bdIiXbN.exe
  2⤵
  PID:4176
- C:\Windows\System\dlxnQJv.exe
  C:\Windows\System\dlxnQJv.exe
  2⤵
  PID:4196
- C:\Windows\System\vRBhjUb.exe
  C:\Windows\System\vRBhjUb.exe
  2⤵
  PID:4200
- C:\Windows\System\VScMZBJ.exe
  C:\Windows\System\VScMZBJ.exe
  2⤵
  PID:4240
- C:\Windows\System\cZiDoPb.exe
  C:\Windows\System\cZiDoPb.exe
  2⤵
  PID:4280
- C:\Windows\System\YJVexyK.exe
  C:\Windows\System\YJVexyK.exe
  2⤵
  PID:4340
- C:\Windows\System\lqeSaqX.exe
  C:\Windows\System\lqeSaqX.exe
  2⤵
  PID:4380
- C:\Windows\System\Ldvijje.exe
  C:\Windows\System\Ldvijje.exe
  2⤵
  PID:4356
- C:\Windows\System\DlfkPqG.exe
  C:\Windows\System\DlfkPqG.exe
  2⤵
  PID:4424
- C:\Windows\System\vhIqaTi.exe
  C:\Windows\System\vhIqaTi.exe
  2⤵
  PID:4444
- C:\Windows\System\nDfLclq.exe
  C:\Windows\System\nDfLclq.exe
  2⤵
  PID:4476
- C:\Windows\System\xeQxVMn.exe
  C:\Windows\System\xeQxVMn.exe
  2⤵
  PID:4540
- C:\Windows\System\HdEYRhD.exe
  C:\Windows\System\HdEYRhD.exe
  2⤵
  PID:4576
- C:\Windows\System\SjwMEyg.exe
  C:\Windows\System\SjwMEyg.exe
  2⤵
  PID:4616
- C:\Windows\System\VxUNAjn.exe
  C:\Windows\System\VxUNAjn.exe
  2⤵
  PID:4600
- C:\Windows\System\sxfQFFu.exe
  C:\Windows\System\sxfQFFu.exe
  2⤵
  PID:4700
- C:\Windows\System\IZLQwSJ.exe
  C:\Windows\System\IZLQwSJ.exe
  2⤵
  PID:4736
- C:\Windows\System\FfbVkmU.exe
  C:\Windows\System\FfbVkmU.exe
  2⤵
  PID:4712
- C:\Windows\System\vNvCvkj.exe
  C:\Windows\System\vNvCvkj.exe
  2⤵
  PID:4780
- C:\Windows\System\XOdtREe.exe
  C:\Windows\System\XOdtREe.exe
  2⤵
  PID:4816
- C:\Windows\System\bjhkRrD.exe
  C:\Windows\System\bjhkRrD.exe
  2⤵
  PID:4796
- C:\Windows\System\ZJqhhBk.exe
  C:\Windows\System\ZJqhhBk.exe
  2⤵
  PID:4896
- C:\Windows\System\IcsCtUD.exe
  C:\Windows\System\IcsCtUD.exe
  2⤵
  PID:4880
- C:\Windows\System\ZVSjRmp.exe
  C:\Windows\System\ZVSjRmp.exe
  2⤵
  PID:4912
- C:\Windows\System\dpppBkB.exe
  C:\Windows\System\dpppBkB.exe
  2⤵
  PID:4976
- C:\Windows\System\UadEbNS.exe
  C:\Windows\System\UadEbNS.exe
  2⤵
  PID:5024
- C:\Windows\System\NglAHNQ.exe
  C:\Windows\System\NglAHNQ.exe
  2⤵
  PID:4988
- C:\Windows\System\lAdZxoX.exe
  C:\Windows\System\lAdZxoX.exe
  2⤵
  PID:5044
- C:\Windows\System\nKlWbcA.exe
  C:\Windows\System\nKlWbcA.exe
  2⤵
  PID:5080
- C:\Windows\System\OTyFofF.exe
  C:\Windows\System\OTyFofF.exe
  2⤵
  PID:3528
- C:\Windows\System\DpbWaQg.exe
  C:\Windows\System\DpbWaQg.exe
  2⤵
  PID:2244
- C:\Windows\System\NfXmEhS.exe
  C:\Windows\System\NfXmEhS.exe
  2⤵
  PID:2072
- C:\Windows\System\xJcsTgG.exe
  C:\Windows\System\xJcsTgG.exe
  2⤵
  PID:3880
- C:\Windows\System\iEKjAow.exe
  C:\Windows\System\iEKjAow.exe
  2⤵
  PID:3168
- C:\Windows\System\CCNfmIj.exe
  C:\Windows\System\CCNfmIj.exe
  2⤵
  PID:3300
- C:\Windows\System\EXKIhYP.exe
  C:\Windows\System\EXKIhYP.exe
  2⤵
  PID:4160
- C:\Windows\System\RpFUpdg.exe
  C:\Windows\System\RpFUpdg.exe
  2⤵
  PID:4260
- C:\Windows\System\XnfSmfP.exe
  C:\Windows\System\XnfSmfP.exe
  2⤵
  PID:4300
- C:\Windows\System\fHaZKoe.exe
  C:\Windows\System\fHaZKoe.exe
  2⤵
  PID:4316
- C:\Windows\System\ljnUBGJ.exe
  C:\Windows\System\ljnUBGJ.exe
  2⤵
  PID:4372
- C:\Windows\System\vuTfelg.exe
  C:\Windows\System\vuTfelg.exe
  2⤵
  PID:4404
- C:\Windows\System\HfMRYUe.exe
  C:\Windows\System\HfMRYUe.exe
  2⤵
  PID:4504
- C:\Windows\System\uBgqQfK.exe
  C:\Windows\System\uBgqQfK.exe
  2⤵
  PID:4556
- C:\Windows\System\LYIWgPv.exe
  C:\Windows\System\LYIWgPv.exe
  2⤵
  PID:4620
- C:\Windows\System\GZDveyk.exe
  C:\Windows\System\GZDveyk.exe
  2⤵
  PID:4640
- C:\Windows\System\NdbYDRq.exe
  C:\Windows\System\NdbYDRq.exe
  2⤵
  PID:4676
- C:\Windows\System\GYAQLBC.exe
  C:\Windows\System\GYAQLBC.exe
  2⤵
  PID:4760
- C:\Windows\System\JyTSAdz.exe
  C:\Windows\System\JyTSAdz.exe
  2⤵
  PID:4860
- C:\Windows\System\nFFJjkL.exe
  C:\Windows\System\nFFJjkL.exe
  2⤵
  PID:4876
- C:\Windows\System\wtqtZCX.exe
  C:\Windows\System\wtqtZCX.exe
  2⤵
  PID:4920
- C:\Windows\System\FTYYpWA.exe
  C:\Windows\System\FTYYpWA.exe
  2⤵
  PID:5000
- C:\Windows\System\ZzZlnxr.exe
  C:\Windows\System\ZzZlnxr.exe
  2⤵
  PID:5084
- C:\Windows\System\taXJAlT.exe
  C:\Windows\System\taXJAlT.exe
  2⤵
  PID:5116
- C:\Windows\System\nHUKRnX.exe
  C:\Windows\System\nHUKRnX.exe
  2⤵
  PID:3664
- C:\Windows\System\GQUPrji.exe
  C:\Windows\System\GQUPrji.exe
  2⤵
  PID:928
- C:\Windows\System\eTFYlbX.exe
  C:\Windows\System\eTFYlbX.exe
  2⤵
  PID:3464
- C:\Windows\System\NsGNrSl.exe
  C:\Windows\System\NsGNrSl.exe
  2⤵
  PID:4220
- C:\Windows\System\yZGDlMM.exe
  C:\Windows\System\yZGDlMM.exe
  2⤵
  PID:4416
- C:\Windows\System\uVtQrOO.exe
  C:\Windows\System\uVtQrOO.exe
  2⤵
  PID:5132
- C:\Windows\System\ZaWfIdo.exe
  C:\Windows\System\ZaWfIdo.exe
  2⤵
  PID:5156
- C:\Windows\System\nJMwAdt.exe
  C:\Windows\System\nJMwAdt.exe
  2⤵
  PID:5180
- C:\Windows\System\zIcXYyG.exe
  C:\Windows\System\zIcXYyG.exe
  2⤵
  PID:5200
- C:\Windows\System\NpaPwoL.exe
  C:\Windows\System\NpaPwoL.exe
  2⤵
  PID:5220
- C:\Windows\System\FTqNQNA.exe
  C:\Windows\System\FTqNQNA.exe
  2⤵
  PID:5240
- C:\Windows\System\AFbzwIt.exe
  C:\Windows\System\AFbzwIt.exe
  2⤵
  PID:5260
- C:\Windows\System\UZRWIov.exe
  C:\Windows\System\UZRWIov.exe
  2⤵
  PID:5288
- C:\Windows\System\NvTKiqp.exe
  C:\Windows\System\NvTKiqp.exe
  2⤵
  PID:5308
- C:\Windows\System\COGNCgs.exe
  C:\Windows\System\COGNCgs.exe
  2⤵
  PID:5328
- C:\Windows\System\Wmpnyme.exe
  C:\Windows\System\Wmpnyme.exe
  2⤵
  PID:5348
- C:\Windows\System\VTMwPGK.exe
  C:\Windows\System\VTMwPGK.exe
  2⤵
  PID:5368
- C:\Windows\System\uASyAQA.exe
  C:\Windows\System\uASyAQA.exe
  2⤵
  PID:5388
- C:\Windows\System\NWqBHFx.exe
  C:\Windows\System\NWqBHFx.exe
  2⤵
  PID:5408
- C:\Windows\System\qnceieg.exe
  C:\Windows\System\qnceieg.exe
  2⤵
  PID:5428
- C:\Windows\System\CGpoJYI.exe
  C:\Windows\System\CGpoJYI.exe
  2⤵
  PID:5448
- C:\Windows\System\dowHVEA.exe
  C:\Windows\System\dowHVEA.exe
  2⤵
  PID:5468
- C:\Windows\System\PhDzFbH.exe
  C:\Windows\System\PhDzFbH.exe
  2⤵
  PID:5488
- C:\Windows\System\TKJSuFh.exe
  C:\Windows\System\TKJSuFh.exe
  2⤵
  PID:5508
- C:\Windows\System\DdnyysU.exe
  C:\Windows\System\DdnyysU.exe
  2⤵
  PID:5532
- C:\Windows\System\WvUjpyV.exe
  C:\Windows\System\WvUjpyV.exe
  2⤵
  PID:5552
- C:\Windows\System\NqTgidG.exe
  C:\Windows\System\NqTgidG.exe
  2⤵
  PID:5572
- C:\Windows\System\FErNCEf.exe
  C:\Windows\System\FErNCEf.exe
  2⤵
  PID:5592
- C:\Windows\System\jggNAhS.exe
  C:\Windows\System\jggNAhS.exe
  2⤵
  PID:5612
- C:\Windows\System\mQIkABd.exe
  C:\Windows\System\mQIkABd.exe
  2⤵
  PID:5632
- C:\Windows\System\NtCSkRM.exe
  C:\Windows\System\NtCSkRM.exe
  2⤵
  PID:5652
- C:\Windows\System\QwnJpJj.exe
  C:\Windows\System\QwnJpJj.exe
  2⤵
  PID:5672
- C:\Windows\System\vhIRSFQ.exe
  C:\Windows\System\vhIRSFQ.exe
  2⤵
  PID:5692
- C:\Windows\System\DSkCuxB.exe
  C:\Windows\System\DSkCuxB.exe
  2⤵
  PID:5716
- C:\Windows\System\TMBpmqE.exe
  C:\Windows\System\TMBpmqE.exe
  2⤵
  PID:5736
- C:\Windows\System\gFGzstY.exe
  C:\Windows\System\gFGzstY.exe
  2⤵
  PID:5756
- C:\Windows\System\mvTCWRI.exe
  C:\Windows\System\mvTCWRI.exe
  2⤵
  PID:5776
- C:\Windows\System\tzuOzgh.exe
  C:\Windows\System\tzuOzgh.exe
  2⤵
  PID:5796
- C:\Windows\System\VWEPAxA.exe
  C:\Windows\System\VWEPAxA.exe
  2⤵
  PID:5816
- C:\Windows\System\VCxLbix.exe
  C:\Windows\System\VCxLbix.exe
  2⤵
  PID:5836
- C:\Windows\System\xdjUcDc.exe
  C:\Windows\System\xdjUcDc.exe
  2⤵
  PID:5856
- C:\Windows\System\UcYizSs.exe
  C:\Windows\System\UcYizSs.exe
  2⤵
  PID:5876
- C:\Windows\System\uUAitLU.exe
  C:\Windows\System\uUAitLU.exe
  2⤵
  PID:5896
- C:\Windows\System\DmseczI.exe
  C:\Windows\System\DmseczI.exe
  2⤵
  PID:5916
- C:\Windows\System\apWjOMh.exe
  C:\Windows\System\apWjOMh.exe
  2⤵
  PID:5936
- C:\Windows\System\wUXsnPW.exe
  C:\Windows\System\wUXsnPW.exe
  2⤵
  PID:5956
- C:\Windows\System\CrQChFT.exe
  C:\Windows\System\CrQChFT.exe
  2⤵
  PID:5976
- C:\Windows\System\nMenvUm.exe
  C:\Windows\System\nMenvUm.exe
  2⤵
  PID:5996
- C:\Windows\System\qCGysGp.exe
  C:\Windows\System\qCGysGp.exe
  2⤵
  PID:6016
- C:\Windows\System\PHwfoNC.exe
  C:\Windows\System\PHwfoNC.exe
  2⤵
  PID:6036
- C:\Windows\System\AnJrXgg.exe
  C:\Windows\System\AnJrXgg.exe
  2⤵
  PID:6056
- C:\Windows\System\SzeRepy.exe
  C:\Windows\System\SzeRepy.exe
  2⤵
  PID:6076
- C:\Windows\System\WGklDgr.exe
  C:\Windows\System\WGklDgr.exe
  2⤵
  PID:6096
- C:\Windows\System\OAWsZUO.exe
  C:\Windows\System\OAWsZUO.exe
  2⤵
  PID:6116
- C:\Windows\System\toxOBNu.exe
  C:\Windows\System\toxOBNu.exe
  2⤵
  PID:6136
- C:\Windows\System\vKrpVbG.exe
  C:\Windows\System\vKrpVbG.exe
  2⤵
  PID:4460
- C:\Windows\System\LmxKXiO.exe
  C:\Windows\System\LmxKXiO.exe
  2⤵
  PID:4560
- C:\Windows\System\NelXmdZ.exe
  C:\Windows\System\NelXmdZ.exe
  2⤵
  PID:4624
- C:\Windows\System\MZTUADx.exe
  C:\Windows\System\MZTUADx.exe
  2⤵
  PID:4716
- C:\Windows\System\ueiHshD.exe
  C:\Windows\System\ueiHshD.exe
  2⤵
  PID:4720
- C:\Windows\System\UzDyrqt.exe
  C:\Windows\System\UzDyrqt.exe
  2⤵
  PID:4836
- C:\Windows\System\JmgpDwx.exe
  C:\Windows\System\JmgpDwx.exe
  2⤵
  PID:4996
- C:\Windows\System\FWibRzW.exe
  C:\Windows\System\FWibRzW.exe
  2⤵
  PID:3124
- C:\Windows\System\lVHYlvi.exe
  C:\Windows\System\lVHYlvi.exe
  2⤵
  PID:3940
- C:\Windows\System\gEfglWZ.exe
  C:\Windows\System\gEfglWZ.exe
  2⤵
  PID:4224
- C:\Windows\System\kslqtGa.exe
  C:\Windows\System\kslqtGa.exe
  2⤵
  PID:4320
- C:\Windows\System\QtbtHyH.exe
  C:\Windows\System\QtbtHyH.exe
  2⤵
  PID:5140
- C:\Windows\System\wwuKPvA.exe
  C:\Windows\System\wwuKPvA.exe
  2⤵
  PID:5148
- C:\Windows\System\zIyoUft.exe
  C:\Windows\System\zIyoUft.exe
  2⤵
  PID:5216
- C:\Windows\System\UVbHzzq.exe
  C:\Windows\System\UVbHzzq.exe
  2⤵
  PID:5232
- C:\Windows\System\NqbIMRA.exe
  C:\Windows\System\NqbIMRA.exe
  2⤵
  PID:5296
- C:\Windows\System\mcQtasH.exe
  C:\Windows\System\mcQtasH.exe
  2⤵
  PID:5336
- C:\Windows\System\TCAKJDx.exe
  C:\Windows\System\TCAKJDx.exe
  2⤵
  PID:5356
- C:\Windows\System\jUALfcv.exe
  C:\Windows\System\jUALfcv.exe
  2⤵
  PID:5380
- C:\Windows\System\QKgDRBL.exe
  C:\Windows\System\QKgDRBL.exe
  2⤵
  PID:5424
- C:\Windows\System\czPOwtx.exe
  C:\Windows\System\czPOwtx.exe
  2⤵
  PID:5456
- C:\Windows\System\lCdKtlh.exe
  C:\Windows\System\lCdKtlh.exe
  2⤵
  PID:5480
- C:\Windows\System\AoYOQpM.exe
  C:\Windows\System\AoYOQpM.exe
  2⤵
  PID:5520
- C:\Windows\System\GSwwsyE.exe
  C:\Windows\System\GSwwsyE.exe
  2⤵
  PID:5568
- C:\Windows\System\XIPkkgf.exe
  C:\Windows\System\XIPkkgf.exe
  2⤵
  PID:5600
- C:\Windows\System\WYxCUbC.exe
  C:\Windows\System\WYxCUbC.exe
  2⤵
  PID:5624
- C:\Windows\System\yiaXrAT.exe
  C:\Windows\System\yiaXrAT.exe
  2⤵
  PID:5668
- C:\Windows\System\YpffuQX.exe
  C:\Windows\System\YpffuQX.exe
  2⤵
  PID:5688
- C:\Windows\System\fHqATGO.exe
  C:\Windows\System\fHqATGO.exe
  2⤵
  PID:5732
- C:\Windows\System\AznjioH.exe
  C:\Windows\System\AznjioH.exe
  2⤵
  PID:5784
- C:\Windows\System\YATCaXW.exe
  C:\Windows\System\YATCaXW.exe
  2⤵
  PID:5804
- C:\Windows\System\YLGyKEN.exe
  C:\Windows\System\YLGyKEN.exe
  2⤵
  PID:5828
- C:\Windows\System\OSKRowo.exe
  C:\Windows\System\OSKRowo.exe
  2⤵
  PID:5872
- C:\Windows\System\CtHAqlE.exe
  C:\Windows\System\CtHAqlE.exe
  2⤵
  PID:5912
- C:\Windows\System\SZtqqnp.exe
  C:\Windows\System\SZtqqnp.exe
  2⤵
  PID:5944
- C:\Windows\System\KOwrmWt.exe
  C:\Windows\System\KOwrmWt.exe
  2⤵
  PID:5972
- C:\Windows\System\WeBgubo.exe
  C:\Windows\System\WeBgubo.exe
  2⤵
  PID:6004
- C:\Windows\System\Dyhjdmx.exe
  C:\Windows\System\Dyhjdmx.exe
  2⤵
  PID:6028
- C:\Windows\System\iRXVIji.exe
  C:\Windows\System\iRXVIji.exe
  2⤵
  PID:6072
- C:\Windows\System\HAOskcs.exe
  C:\Windows\System\HAOskcs.exe
  2⤵
  PID:6088
- C:\Windows\System\QtuOnOQ.exe
  C:\Windows\System\QtuOnOQ.exe
  2⤵
  PID:4360
- C:\Windows\System\anAkayg.exe
  C:\Windows\System\anAkayg.exe
  2⤵
  PID:4544
- C:\Windows\System\dYcEYjh.exe
  C:\Windows\System\dYcEYjh.exe
  2⤵
  PID:4820
- C:\Windows\System\dqeBYFj.exe
  C:\Windows\System\dqeBYFj.exe
  2⤵
  PID:4672
- C:\Windows\System\nQZHJqn.exe
  C:\Windows\System\nQZHJqn.exe
  2⤵
  PID:4916
- C:\Windows\System\ascCRuB.exe
  C:\Windows\System\ascCRuB.exe
  2⤵
  PID:1436
- C:\Windows\System\uRAfujz.exe
  C:\Windows\System\uRAfujz.exe
  2⤵
  PID:2796
- C:\Windows\System\BcrWkZG.exe
  C:\Windows\System\BcrWkZG.exe
  2⤵
  PID:5124
- C:\Windows\System\NloJPOI.exe
  C:\Windows\System\NloJPOI.exe
  2⤵
  PID:5228
- C:\Windows\System\kWWXGkH.exe
  C:\Windows\System\kWWXGkH.exe
  2⤵
  PID:5236
- C:\Windows\System\vTCKhSV.exe
  C:\Windows\System\vTCKhSV.exe
  2⤵
  PID:5268
- C:\Windows\System\zkjlRKi.exe
  C:\Windows\System\zkjlRKi.exe
  2⤵
  PID:5340
- C:\Windows\System\HtFbfyh.exe
  C:\Windows\System\HtFbfyh.exe
  2⤵
  PID:5400
- C:\Windows\System\kZlAlvX.exe
  C:\Windows\System\kZlAlvX.exe
  2⤵
  PID:5484
- C:\Windows\System\XsaMitg.exe
  C:\Windows\System\XsaMitg.exe
  2⤵
  PID:5548
- C:\Windows\System\bvelpgo.exe
  C:\Windows\System\bvelpgo.exe
  2⤵
  PID:5588
- C:\Windows\System\rkWfNVd.exe
  C:\Windows\System\rkWfNVd.exe
  2⤵
  PID:5644
- C:\Windows\System\RjglYgz.exe
  C:\Windows\System\RjglYgz.exe
  2⤵
  PID:5708
- C:\Windows\System\CwGjPQM.exe
  C:\Windows\System\CwGjPQM.exe
  2⤵
  PID:5748
- C:\Windows\System\PZwNobW.exe
  C:\Windows\System\PZwNobW.exe
  2⤵
  PID:5824
- C:\Windows\System\LyrrtmY.exe
  C:\Windows\System\LyrrtmY.exe
  2⤵
  PID:5884
- C:\Windows\System\TGLvcXR.exe
  C:\Windows\System\TGLvcXR.exe
  2⤵
  PID:5924
- C:\Windows\System\TxSZFJh.exe
  C:\Windows\System\TxSZFJh.exe
  2⤵
  PID:5988
- C:\Windows\System\YEykmBT.exe
  C:\Windows\System\YEykmBT.exe
  2⤵
  PID:6012
- C:\Windows\System\jHExyDe.exe
  C:\Windows\System\jHExyDe.exe
  2⤵
  PID:6108
- C:\Windows\System\aSRsUEm.exe
  C:\Windows\System\aSRsUEm.exe
  2⤵
  PID:4436
- C:\Windows\System\FkhmdPG.exe
  C:\Windows\System\FkhmdPG.exe
  2⤵
  PID:4800
- C:\Windows\System\vOmRPSy.exe
  C:\Windows\System\vOmRPSy.exe
  2⤵
  PID:5096
- C:\Windows\System\VUJgwuO.exe
  C:\Windows\System\VUJgwuO.exe
  2⤵
  PID:3844
- C:\Windows\System\dcHUiQl.exe
  C:\Windows\System\dcHUiQl.exe
  2⤵
  PID:4120
- C:\Windows\System\JahGwCy.exe
  C:\Windows\System\JahGwCy.exe
  2⤵
  PID:5280
- C:\Windows\System\kFORDQP.exe
  C:\Windows\System\kFORDQP.exe
  2⤵
  PID:5376
- C:\Windows\System\kRTYPKa.exe
  C:\Windows\System\kRTYPKa.exe
  2⤵
  PID:5460
- C:\Windows\System\yXIdwsS.exe
  C:\Windows\System\yXIdwsS.exe
  2⤵
  PID:6164
- C:\Windows\System\aFLGDrk.exe
  C:\Windows\System\aFLGDrk.exe
  2⤵
  PID:6184
- C:\Windows\System\GKbWTuC.exe
  C:\Windows\System\GKbWTuC.exe
  2⤵
  PID:6204
- C:\Windows\System\wdbOZBm.exe
  C:\Windows\System\wdbOZBm.exe
  2⤵
  PID:6224
- C:\Windows\System\jDpecYA.exe
  C:\Windows\System\jDpecYA.exe
  2⤵
  PID:6244
- C:\Windows\System\ULqKFkp.exe
  C:\Windows\System\ULqKFkp.exe
  2⤵
  PID:6264
- C:\Windows\System\wPUuMUV.exe
  C:\Windows\System\wPUuMUV.exe
  2⤵
  PID:6284
- C:\Windows\System\IATUtpf.exe
  C:\Windows\System\IATUtpf.exe
  2⤵
  PID:6304
- C:\Windows\System\WOqQUAf.exe
  C:\Windows\System\WOqQUAf.exe
  2⤵
  PID:6324
- C:\Windows\System\PPZAbVe.exe
  C:\Windows\System\PPZAbVe.exe
  2⤵
  PID:6344
- C:\Windows\System\IqAYYWT.exe
  C:\Windows\System\IqAYYWT.exe
  2⤵
  PID:6364
- C:\Windows\System\urFxHek.exe
  C:\Windows\System\urFxHek.exe
  2⤵
  PID:6384
- C:\Windows\System\ArYDDdg.exe
  C:\Windows\System\ArYDDdg.exe
  2⤵
  PID:6404
- C:\Windows\System\nThBxgC.exe
  C:\Windows\System\nThBxgC.exe
  2⤵
  PID:6424
- C:\Windows\System\FepUfyi.exe
  C:\Windows\System\FepUfyi.exe
  2⤵
  PID:6444
- C:\Windows\System\jJlvXoB.exe
  C:\Windows\System\jJlvXoB.exe
  2⤵
  PID:6464
- C:\Windows\System\IGbuovh.exe
  C:\Windows\System\IGbuovh.exe
  2⤵
  PID:6484
- C:\Windows\System\EclCmeI.exe
  C:\Windows\System\EclCmeI.exe
  2⤵
  PID:6504
- C:\Windows\System\kWpQgaN.exe
  C:\Windows\System\kWpQgaN.exe
  2⤵
  PID:6524
- C:\Windows\System\ThKBvTs.exe
  C:\Windows\System\ThKBvTs.exe
  2⤵
  PID:6544
- C:\Windows\System\dRssGJd.exe
  C:\Windows\System\dRssGJd.exe
  2⤵
  PID:6564
- C:\Windows\System\AqchRyj.exe
  C:\Windows\System\AqchRyj.exe
  2⤵
  PID:6584
- C:\Windows\System\TVhmQwg.exe
  C:\Windows\System\TVhmQwg.exe
  2⤵
  PID:6604
- C:\Windows\System\zDONTQt.exe
  C:\Windows\System\zDONTQt.exe
  2⤵
  PID:6624
- C:\Windows\System\pItNZXL.exe
  C:\Windows\System\pItNZXL.exe
  2⤵
  PID:6644
- C:\Windows\System\cbhiQub.exe
  C:\Windows\System\cbhiQub.exe
  2⤵
  PID:6664
- C:\Windows\System\gpXyAnM.exe
  C:\Windows\System\gpXyAnM.exe
  2⤵
  PID:6684
- C:\Windows\System\TGYGNqd.exe
  C:\Windows\System\TGYGNqd.exe
  2⤵
  PID:6704
- C:\Windows\System\iztyvlO.exe
  C:\Windows\System\iztyvlO.exe
  2⤵
  PID:6724
- C:\Windows\System\eVfJSxT.exe
  C:\Windows\System\eVfJSxT.exe
  2⤵
  PID:6744
- C:\Windows\System\PbWPJJa.exe
  C:\Windows\System\PbWPJJa.exe
  2⤵
  PID:6760
- C:\Windows\System\qzHFxEn.exe
  C:\Windows\System\qzHFxEn.exe
  2⤵
  PID:6784
- C:\Windows\System\mvKWcuL.exe
  C:\Windows\System\mvKWcuL.exe
  2⤵
  PID:6800
- C:\Windows\System\yXLOXvS.exe
  C:\Windows\System\yXLOXvS.exe
  2⤵
  PID:6816
- C:\Windows\System\zqhCeZK.exe
  C:\Windows\System\zqhCeZK.exe
  2⤵
  PID:6840
- C:\Windows\System\fVljxLp.exe
  C:\Windows\System\fVljxLp.exe
  2⤵
  PID:6856
- C:\Windows\System\CONOlay.exe
  C:\Windows\System\CONOlay.exe
  2⤵
  PID:6884
- C:\Windows\System\MsIkQiQ.exe
  C:\Windows\System\MsIkQiQ.exe
  2⤵
  PID:6908
- C:\Windows\System\iulicTG.exe
  C:\Windows\System\iulicTG.exe
  2⤵
  PID:6928
- C:\Windows\System\opAFsQs.exe
  C:\Windows\System\opAFsQs.exe
  2⤵
  PID:6948
- C:\Windows\System\hFnEDZt.exe
  C:\Windows\System\hFnEDZt.exe
  2⤵
  PID:6964
- C:\Windows\System\NCLrfJQ.exe
  C:\Windows\System\NCLrfJQ.exe
  2⤵
  PID:6988
- C:\Windows\System\txTDolP.exe
  C:\Windows\System\txTDolP.exe
  2⤵
  PID:7004
- C:\Windows\System\ySsnttW.exe
  C:\Windows\System\ySsnttW.exe
  2⤵
  PID:7028
- C:\Windows\System\pGBCNbn.exe
  C:\Windows\System\pGBCNbn.exe
  2⤵
  PID:7044
- C:\Windows\System\rOOHoId.exe
  C:\Windows\System\rOOHoId.exe
  2⤵
  PID:7068
- C:\Windows\System\nzzZShv.exe
  C:\Windows\System\nzzZShv.exe
  2⤵
  PID:7088
- C:\Windows\System\aryIQEP.exe
  C:\Windows\System\aryIQEP.exe
  2⤵
  PID:7108
- C:\Windows\System\RTXLnTE.exe
  C:\Windows\System\RTXLnTE.exe
  2⤵
  PID:7124
- C:\Windows\System\HwXUfFs.exe
  C:\Windows\System\HwXUfFs.exe
  2⤵
  PID:7148
- C:\Windows\System\DlZKrJY.exe
  C:\Windows\System\DlZKrJY.exe
  2⤵
  PID:5444
- C:\Windows\System\wQaLWOF.exe
  C:\Windows\System\wQaLWOF.exe
  2⤵
  PID:5544
- C:\Windows\System\DhqWRDO.exe
  C:\Windows\System\DhqWRDO.exe
  2⤵
  PID:5648
- C:\Windows\System\lkMlzrE.exe
  C:\Windows\System\lkMlzrE.exe
  2⤵
  PID:5752
- C:\Windows\System\TZOnHUl.exe
  C:\Windows\System\TZOnHUl.exe
  2⤵
  PID:5864
- C:\Windows\System\CwgFzoc.exe
  C:\Windows\System\CwgFzoc.exe
  2⤵
  PID:5904
- C:\Windows\System\OfeIZqx.exe
  C:\Windows\System\OfeIZqx.exe
  2⤵
  PID:6084
- C:\Windows\System\RXdbWHM.exe
  C:\Windows\System\RXdbWHM.exe
  2⤵
  PID:4456
- C:\Windows\System\PFFBQVf.exe
  C:\Windows\System\PFFBQVf.exe
  2⤵
  PID:4580
- C:\Windows\System\lBlkeAZ.exe
  C:\Windows\System\lBlkeAZ.exe
  2⤵
  PID:1616
- C:\Windows\System\OWzHiYX.exe
  C:\Windows\System\OWzHiYX.exe
  2⤵
  PID:5192
- C:\Windows\System\BZkFDIb.exe
  C:\Windows\System\BZkFDIb.exe
  2⤵
  PID:5320
- C:\Windows\System\NgaxKKp.exe
  C:\Windows\System\NgaxKKp.exe
  2⤵
  PID:6160
- C:\Windows\System\SMrihoc.exe
  C:\Windows\System\SMrihoc.exe
  2⤵
  PID:6212
- C:\Windows\System\gEyJRbH.exe
  C:\Windows\System\gEyJRbH.exe
  2⤵
  PID:6232
- C:\Windows\System\idEXanI.exe
  C:\Windows\System\idEXanI.exe
  2⤵
  PID:6256
- C:\Windows\System\VNIhdNR.exe
  C:\Windows\System\VNIhdNR.exe
  2⤵
  PID:6280
- C:\Windows\System\gBKBaac.exe
  C:\Windows\System\gBKBaac.exe
  2⤵
  PID:6320
- C:\Windows\System\iDgZcPQ.exe
  C:\Windows\System\iDgZcPQ.exe
  2⤵
  PID:6352
- C:\Windows\System\QsvQXiM.exe
  C:\Windows\System\QsvQXiM.exe
  2⤵
  PID:6380
- C:\Windows\System\ZHIYlRI.exe
  C:\Windows\System\ZHIYlRI.exe
  2⤵
  PID:6396
- C:\Windows\System\EAuMYcs.exe
  C:\Windows\System\EAuMYcs.exe
  2⤵
  PID:6456
- C:\Windows\System\nkRtStK.exe
  C:\Windows\System\nkRtStK.exe
  2⤵
  PID:6436
- C:\Windows\System\rmOyjht.exe
  C:\Windows\System\rmOyjht.exe
  2⤵
  PID:6532
- C:\Windows\System\wdtvGjd.exe
  C:\Windows\System\wdtvGjd.exe
  2⤵
  PID:6612
- C:\Windows\System\kelnUTP.exe
  C:\Windows\System\kelnUTP.exe
  2⤵
  PID:6520
- C:\Windows\System\vbnWFON.exe
  C:\Windows\System\vbnWFON.exe
  2⤵
  PID:1712
- C:\Windows\System\bcxwcPf.exe
  C:\Windows\System\bcxwcPf.exe
  2⤵
  PID:6600
- C:\Windows\System\iauUeUC.exe
  C:\Windows\System\iauUeUC.exe
  2⤵
  PID:6636
- C:\Windows\System\VDHzqOt.exe
  C:\Windows\System\VDHzqOt.exe
  2⤵
  PID:6680
- C:\Windows\System\CWPeiMM.exe
  C:\Windows\System\CWPeiMM.exe
  2⤵
  PID:6716
- C:\Windows\System\QLEpqya.exe
  C:\Windows\System\QLEpqya.exe
  2⤵
  PID:6808
- C:\Windows\System\YdIZcNn.exe
  C:\Windows\System\YdIZcNn.exe
  2⤵
  PID:6792
- C:\Windows\System\NxcNWbt.exe
  C:\Windows\System\NxcNWbt.exe
  2⤵
  PID:6828
- C:\Windows\System\ofRdkdY.exe
  C:\Windows\System\ofRdkdY.exe
  2⤵
  PID:6836
- C:\Windows\System\EOaKTCM.exe
  C:\Windows\System\EOaKTCM.exe
  2⤵
  PID:6944
- C:\Windows\System\kAffiti.exe
  C:\Windows\System\kAffiti.exe
  2⤵
  PID:6972
- C:\Windows\System\HcGuyLn.exe
  C:\Windows\System\HcGuyLn.exe
  2⤵
  PID:6960
- C:\Windows\System\EERRTBH.exe
  C:\Windows\System\EERRTBH.exe
  2⤵
  PID:7052
- C:\Windows\System\sONcGrm.exe
  C:\Windows\System\sONcGrm.exe
  2⤵
  PID:7040
- C:\Windows\System\mdcLRwb.exe
  C:\Windows\System\mdcLRwb.exe
  2⤵
  PID:7084
- C:\Windows\System\BPJAnOu.exe
  C:\Windows\System\BPJAnOu.exe
  2⤵
  PID:7132
- C:\Windows\System\QJVxluo.exe
  C:\Windows\System\QJVxluo.exe
  2⤵
  PID:7120
- C:\Windows\System\DqporzT.exe
  C:\Windows\System\DqporzT.exe
  2⤵
  PID:7160
- C:\Windows\System\KqyfuNR.exe
  C:\Windows\System\KqyfuNR.exe
  2⤵
  PID:5712
- C:\Windows\System\LMlBvVo.exe
  C:\Windows\System\LMlBvVo.exe
  2⤵
  PID:5932
- C:\Windows\System\rRRYRLK.exe
  C:\Windows\System\rRRYRLK.exe
  2⤵
  PID:6104
- C:\Windows\System\VZGayCI.exe
  C:\Windows\System\VZGayCI.exe
  2⤵
  PID:3696
- C:\Windows\System\ybVxtwJ.exe
  C:\Windows\System\ybVxtwJ.exe
  2⤵
  PID:4464
- C:\Windows\System\nrPtfNn.exe
  C:\Windows\System\nrPtfNn.exe
  2⤵
  PID:4692
- C:\Windows\System\MTSABoq.exe
  C:\Windows\System\MTSABoq.exe
  2⤵
  PID:6180
- C:\Windows\System\CSeLhyo.exe
  C:\Windows\System\CSeLhyo.exe
  2⤵
  PID:6236
- C:\Windows\System\PdjceHb.exe
  C:\Windows\System\PdjceHb.exe
  2⤵
  PID:5404
- C:\Windows\System\ppeBpoC.exe
  C:\Windows\System\ppeBpoC.exe
  2⤵
  PID:6356
- C:\Windows\System\hmZhqew.exe
  C:\Windows\System\hmZhqew.exe
  2⤵
  PID:6300
- C:\Windows\System\JxvKBdF.exe
  C:\Windows\System\JxvKBdF.exe
  2⤵
  PID:6336
- C:\Windows\System\IhNkywD.exe
  C:\Windows\System\IhNkywD.exe
  2⤵
  PID:6392
- C:\Windows\System\zWcvxsz.exe
  C:\Windows\System\zWcvxsz.exe
  2⤵
  PID:6420
- C:\Windows\System\FjPZVyZ.exe
  C:\Windows\System\FjPZVyZ.exe
  2⤵
  PID:6432
- C:\Windows\System\jyQlZLD.exe
  C:\Windows\System\jyQlZLD.exe
  2⤵
  PID:6440
- C:\Windows\System\VbLGHYX.exe
  C:\Windows\System\VbLGHYX.exe
  2⤵
  PID:6736
- C:\Windows\System\QDRyQVC.exe
  C:\Windows\System\QDRyQVC.exe
  2⤵
  PID:6560
- C:\Windows\System\ilAsdqh.exe
  C:\Windows\System\ilAsdqh.exe
  2⤵
  PID:6556
- C:\Windows\System\rNcuAcZ.exe
  C:\Windows\System\rNcuAcZ.exe
  2⤵
  PID:6852
- C:\Windows\System\DvnWsQJ.exe
  C:\Windows\System\DvnWsQJ.exe
  2⤵
  PID:6936
- C:\Windows\System\qPmWeXW.exe
  C:\Windows\System\qPmWeXW.exe
  2⤵
  PID:6848
- C:\Windows\System\mNECCqr.exe
  C:\Windows\System\mNECCqr.exe
  2⤵
  PID:7104
- C:\Windows\System\wNjgcAK.exe
  C:\Windows\System\wNjgcAK.exe
  2⤵
  PID:7164
- C:\Windows\System\gdiiyQR.exe
  C:\Windows\System\gdiiyQR.exe
  2⤵
  PID:6896
- C:\Windows\System\LAXnYIv.exe
  C:\Windows\System\LAXnYIv.exe
  2⤵
  PID:6872
- C:\Windows\System\uLUrghI.exe
  C:\Windows\System\uLUrghI.exe
  2⤵
  PID:7020
- C:\Windows\System\rtIpGVk.exe
  C:\Windows\System\rtIpGVk.exe
  2⤵
  PID:7076
- C:\Windows\System\ATjktkg.exe
  C:\Windows\System\ATjktkg.exe
  2⤵
  PID:7140
- C:\Windows\System\lEiXLRM.exe
  C:\Windows\System\lEiXLRM.exe
  2⤵
  PID:2828
- C:\Windows\System\VUPMjWa.exe
  C:\Windows\System\VUPMjWa.exe
  2⤵
  PID:6152
- C:\Windows\System\bNNMVST.exe
  C:\Windows\System\bNNMVST.exe
  2⤵
  PID:1148
- C:\Windows\System\VAidCuh.exe
  C:\Windows\System\VAidCuh.exe
  2⤵
  PID:5964
- C:\Windows\System\mIWgEob.exe
  C:\Windows\System\mIWgEob.exe
  2⤵
  PID:5724
- C:\Windows\System\rPmkemo.exe
  C:\Windows\System\rPmkemo.exe
  2⤵
  PID:2324
- C:\Windows\System\oWtWedy.exe
  C:\Windows\System\oWtWedy.exe
  2⤵
  PID:6512
- C:\Windows\System\sezIOln.exe
  C:\Windows\System\sezIOln.exe
  2⤵
  PID:6700
- C:\Windows\System\dzjryki.exe
  C:\Windows\System\dzjryki.exe
  2⤵
  PID:6576
- C:\Windows\System\jLqiFkK.exe
  C:\Windows\System\jLqiFkK.exe
  2⤵
  PID:6880
- C:\Windows\System\YGNxyvm.exe
  C:\Windows\System\YGNxyvm.exe
  2⤵
  PID:1844
- C:\Windows\System\wIkkeQg.exe
  C:\Windows\System\wIkkeQg.exe
  2⤵
  PID:2376
- C:\Windows\System\bUsxPNb.exe
  C:\Windows\System\bUsxPNb.exe
  2⤵
  PID:6672
- C:\Windows\System\AgCdTmv.exe
  C:\Windows\System\AgCdTmv.exe
  2⤵
  PID:1744
- C:\Windows\System\MmKBASv.exe
  C:\Windows\System\MmKBASv.exe
  2⤵
  PID:6824
- C:\Windows\System\VKYqHQM.exe
  C:\Windows\System\VKYqHQM.exe
  2⤵
  PID:7036
- C:\Windows\System\beGAoMy.exe
  C:\Windows\System\beGAoMy.exe
  2⤵
  PID:2328
- C:\Windows\System\nQSybWr.exe
  C:\Windows\System\nQSybWr.exe
  2⤵
  PID:1516
- C:\Windows\System\jXShaGw.exe
  C:\Windows\System\jXShaGw.exe
  2⤵
  PID:7096
- C:\Windows\System\ymfeawr.exe
  C:\Windows\System\ymfeawr.exe
  2⤵
  PID:5892
- C:\Windows\System\eAoTqvP.exe
  C:\Windows\System\eAoTqvP.exe
  2⤵
  PID:2956
- C:\Windows\System\hZtxTVr.exe
  C:\Windows\System\hZtxTVr.exe
  2⤵
  PID:7024
- C:\Windows\System\gNvSXUi.exe
  C:\Windows\System\gNvSXUi.exe
  2⤵
  PID:876
- C:\Windows\System\RnGQLcw.exe
  C:\Windows\System\RnGQLcw.exe
  2⤵
  PID:6616
- C:\Windows\System\DgXcvoF.exe
  C:\Windows\System\DgXcvoF.exe
  2⤵
  PID:6732
- C:\Windows\System\aApsaSk.exe
  C:\Windows\System\aApsaSk.exe
  2⤵
  PID:2688
- C:\Windows\System\JIGHvZI.exe
  C:\Windows\System\JIGHvZI.exe
  2⤵
  PID:2696
- C:\Windows\System\Fyttsdc.exe
  C:\Windows\System\Fyttsdc.exe
  2⤵
  PID:6776
- C:\Windows\System\dddAGoA.exe
  C:\Windows\System\dddAGoA.exe
  2⤵
  PID:6552
- C:\Windows\System\FDDAMYx.exe
  C:\Windows\System\FDDAMYx.exe
  2⤵
  PID:6756
- C:\Windows\System\IUIOVOz.exe
  C:\Windows\System\IUIOVOz.exe
  2⤵
  PID:5416
- C:\Windows\System\RrCsoRy.exe
  C:\Windows\System\RrCsoRy.exe
  2⤵
  PID:1800
- C:\Windows\System\YvUdjhn.exe
  C:\Windows\System\YvUdjhn.exe
  2⤵
  PID:3028
- C:\Windows\System\hPBiQpY.exe
  C:\Windows\System\hPBiQpY.exe
  2⤵
  PID:3032
- C:\Windows\System\ICEKShT.exe
  C:\Windows\System\ICEKShT.exe
  2⤵
  PID:6476
- C:\Windows\System\nRCQUrq.exe
  C:\Windows\System\nRCQUrq.exe
  2⤵
  PID:6296
- C:\Windows\System\rmmCPsy.exe
  C:\Windows\System\rmmCPsy.exe
  2⤵
  PID:2860
- C:\Windows\System\AFCJEMp.exe
  C:\Windows\System\AFCJEMp.exe
  2⤵
  PID:7180
- C:\Windows\System\jQtfabh.exe
  C:\Windows\System\jQtfabh.exe
  2⤵
  PID:7196
- C:\Windows\System\ynKrUEn.exe
  C:\Windows\System\ynKrUEn.exe
  2⤵
  PID:7212
- C:\Windows\System\dcXfwDV.exe
  C:\Windows\System\dcXfwDV.exe
  2⤵
  PID:7228
- C:\Windows\System\QhePCxK.exe
  C:\Windows\System\QhePCxK.exe
  2⤵
  PID:7244
- C:\Windows\System\RepVEpJ.exe
  C:\Windows\System\RepVEpJ.exe
  2⤵
  PID:7260
- C:\Windows\System\mzZeHVS.exe
  C:\Windows\System\mzZeHVS.exe
  2⤵
  PID:7276
- C:\Windows\System\hJljbKq.exe
  C:\Windows\System\hJljbKq.exe
  2⤵
  PID:7292
- C:\Windows\System\fBxZlkd.exe
  C:\Windows\System\fBxZlkd.exe
  2⤵
  PID:7312
- C:\Windows\System\wsoesUb.exe
  C:\Windows\System\wsoesUb.exe
  2⤵
  PID:7328
- C:\Windows\System\zrVlKfA.exe
  C:\Windows\System\zrVlKfA.exe
  2⤵
  PID:7344
- C:\Windows\System\snmpQHz.exe
  C:\Windows\System\snmpQHz.exe
  2⤵
  PID:7360
- C:\Windows\System\nEOduro.exe
  C:\Windows\System\nEOduro.exe
  2⤵
  PID:7376
- C:\Windows\System\zgMuIyA.exe
  C:\Windows\System\zgMuIyA.exe
  2⤵
  PID:7392
- C:\Windows\System\eoIdqph.exe
  C:\Windows\System\eoIdqph.exe
  2⤵
  PID:7408
- C:\Windows\System\czcucgG.exe
  C:\Windows\System\czcucgG.exe
  2⤵
  PID:7424
- C:\Windows\System\zcOxxBZ.exe
  C:\Windows\System\zcOxxBZ.exe
  2⤵
  PID:7440
- C:\Windows\System\alltNpP.exe
  C:\Windows\System\alltNpP.exe
  2⤵
  PID:7456
- C:\Windows\System\YknVEDO.exe
  C:\Windows\System\YknVEDO.exe
  2⤵
  PID:7472
- C:\Windows\System\YAwdRvH.exe
  C:\Windows\System\YAwdRvH.exe
  2⤵
  PID:7488
- C:\Windows\System\LdiHhur.exe
  C:\Windows\System\LdiHhur.exe
  2⤵
  PID:7504
- C:\Windows\System\zYQvkdc.exe
  C:\Windows\System\zYQvkdc.exe
  2⤵
  PID:7520
- C:\Windows\System\TmCHFjf.exe
  C:\Windows\System\TmCHFjf.exe
  2⤵
  PID:7536
- C:\Windows\System\bazyDCA.exe
  C:\Windows\System\bazyDCA.exe
  2⤵
  PID:7552
- C:\Windows\System\OdRSWPD.exe
  C:\Windows\System\OdRSWPD.exe
  2⤵
  PID:7568
- C:\Windows\System\sXIEAlm.exe
  C:\Windows\System\sXIEAlm.exe
  2⤵
  PID:7584
- C:\Windows\System\NWaaDzc.exe
  C:\Windows\System\NWaaDzc.exe
  2⤵
  PID:7600
- C:\Windows\System\ixyBLma.exe
  C:\Windows\System\ixyBLma.exe
  2⤵
  PID:7616
- C:\Windows\System\jiWZIiO.exe
  C:\Windows\System\jiWZIiO.exe
  2⤵
  PID:7632
- C:\Windows\System\QsLWGUv.exe
  C:\Windows\System\QsLWGUv.exe
  2⤵
  PID:7648
- C:\Windows\System\kXtDihL.exe
  C:\Windows\System\kXtDihL.exe
  2⤵
  PID:7664
- C:\Windows\System\dsFQbxo.exe
  C:\Windows\System\dsFQbxo.exe
  2⤵
  PID:7680
- C:\Windows\System\SEgGYpw.exe
  C:\Windows\System\SEgGYpw.exe
  2⤵
  PID:7700
- C:\Windows\System\qvdpqAx.exe
  C:\Windows\System\qvdpqAx.exe
  2⤵
  PID:7716
- C:\Windows\System\stnGidJ.exe
  C:\Windows\System\stnGidJ.exe
  2⤵
  PID:7740
- C:\Windows\System\GXyBAJM.exe
  C:\Windows\System\GXyBAJM.exe
  2⤵
  PID:7760
- C:\Windows\System\XKAvCbG.exe
  C:\Windows\System\XKAvCbG.exe
  2⤵
  PID:7776
- C:\Windows\System\yniZVkw.exe
  C:\Windows\System\yniZVkw.exe
  2⤵
  PID:7796
- C:\Windows\System\rQjSFly.exe
  C:\Windows\System\rQjSFly.exe
  2⤵
  PID:7812
- C:\Windows\System\cUfLQAn.exe
  C:\Windows\System\cUfLQAn.exe
  2⤵
  PID:7836
- C:\Windows\System\qexJHLh.exe
  C:\Windows\System\qexJHLh.exe
  2⤵
  PID:7852
- C:\Windows\System\tJjJyye.exe
  C:\Windows\System\tJjJyye.exe
  2⤵
  PID:7872
- C:\Windows\System\eFMwXRi.exe
  C:\Windows\System\eFMwXRi.exe
  2⤵
  PID:7892
- C:\Windows\System\ulNEyuc.exe
  C:\Windows\System\ulNEyuc.exe
  2⤵
  PID:7908
- C:\Windows\System\HmEmKkU.exe
  C:\Windows\System\HmEmKkU.exe
  2⤵
  PID:7924
- C:\Windows\System\AgQaWxB.exe
  C:\Windows\System\AgQaWxB.exe
  2⤵
  PID:7944
- C:\Windows\System\cfnRSiC.exe
  C:\Windows\System\cfnRSiC.exe
  2⤵
  PID:7960
- C:\Windows\System\BKVJvhe.exe
  C:\Windows\System\BKVJvhe.exe
  2⤵
  PID:7984
- C:\Windows\System\ASYnmuV.exe
  C:\Windows\System\ASYnmuV.exe
  2⤵
  PID:8000
- C:\Windows\System\hEtPpQs.exe
  C:\Windows\System\hEtPpQs.exe
  2⤵
  PID:8020
- C:\Windows\System\aiFvkql.exe
  C:\Windows\System\aiFvkql.exe
  2⤵
  PID:8036
- C:\Windows\System\twgebxq.exe
  C:\Windows\System\twgebxq.exe
  2⤵
  PID:8052
- C:\Windows\System\nOVjUGi.exe
  C:\Windows\System\nOVjUGi.exe
  2⤵
  PID:8068
- C:\Windows\System\yFMfaBs.exe
  C:\Windows\System\yFMfaBs.exe
  2⤵
  PID:8084
- C:\Windows\System\MtGYHXd.exe
  C:\Windows\System\MtGYHXd.exe
  2⤵
  PID:8100
- C:\Windows\System\CWszqbh.exe
  C:\Windows\System\CWszqbh.exe
  2⤵
  PID:8124
- C:\Windows\System\SYCWDWY.exe
  C:\Windows\System\SYCWDWY.exe
  2⤵
  PID:8140
- C:\Windows\System\CTbepTS.exe
  C:\Windows\System\CTbepTS.exe
  2⤵
  PID:8156
- C:\Windows\System\BgWsuGE.exe
  C:\Windows\System\BgWsuGE.exe
  2⤵
  PID:8172
- C:\Windows\System\giEoSBf.exe
  C:\Windows\System\giEoSBf.exe
  2⤵
  PID:8188
- C:\Windows\System\EZsEHmW.exe
  C:\Windows\System\EZsEHmW.exe
  2⤵
  PID:7060
- C:\Windows\System\rUVEgDr.exe
  C:\Windows\System\rUVEgDr.exe
  2⤵
  PID:6652
- C:\Windows\System\HFpOHSM.exe
  C:\Windows\System\HFpOHSM.exe
  2⤵
  PID:6496
- C:\Windows\System\lUDIOFp.exe
  C:\Windows\System\lUDIOFp.exe
  2⤵
  PID:7220
- C:\Windows\System\ePlQexj.exe
  C:\Windows\System\ePlQexj.exe
  2⤵
  PID:7256
- C:\Windows\System\ASnNXGD.exe
  C:\Windows\System\ASnNXGD.exe
  2⤵
  PID:7172
- C:\Windows\System\fFyohsR.exe
  C:\Windows\System\fFyohsR.exe
  2⤵
  PID:7240
- C:\Windows\System\OogEDkG.exe
  C:\Windows\System\OogEDkG.exe
  2⤵
  PID:6048
- C:\Windows\System\APWDAXV.exe
  C:\Windows\System\APWDAXV.exe
  2⤵
  PID:7324
- C:\Windows\System\JPGHhxU.exe
  C:\Windows\System\JPGHhxU.exe
  2⤵
  PID:7416
- C:\Windows\System\nCuiyRP.exe
  C:\Windows\System\nCuiyRP.exe
  2⤵
  PID:7432
- C:\Windows\System\spjlSbr.exe
  C:\Windows\System\spjlSbr.exe
  2⤵
  PID:7468
- C:\Windows\System\tzXgFZv.exe
  C:\Windows\System\tzXgFZv.exe
  2⤵
  PID:7480
- C:\Windows\System\mAfXQxv.exe
  C:\Windows\System\mAfXQxv.exe
  2⤵
  PID:7528
- C:\Windows\System\jvSspGc.exe
  C:\Windows\System\jvSspGc.exe
  2⤵
  PID:7516
- C:\Windows\System\pvWjObn.exe
  C:\Windows\System\pvWjObn.exe
  2⤵
  PID:7580
- C:\Windows\System\klcishB.exe
  C:\Windows\System\klcishB.exe
  2⤵
  PID:7612
- C:\Windows\System\REqipao.exe
  C:\Windows\System\REqipao.exe
  2⤵
  PID:2872
- C:\Windows\System\qgAIQMt.exe
  C:\Windows\System\qgAIQMt.exe
  2⤵
  PID:7656
- C:\Windows\System\fnfSNaM.exe
  C:\Windows\System\fnfSNaM.exe
  2⤵
  PID:7696
- C:\Windows\System\huWkUIF.exe
  C:\Windows\System\huWkUIF.exe
  2⤵
  PID:8076
- C:\Windows\System\jOJBXhI.exe
  C:\Windows\System\jOJBXhI.exe
  2⤵
  PID:6640
- C:\Windows\System\eyNbvKv.exe
  C:\Windows\System\eyNbvKv.exe
  2⤵
  PID:7712
- C:\Windows\System\vkwPaQP.exe
  C:\Windows\System\vkwPaQP.exe
  2⤵
  PID:7732
- C:\Windows\System\rxwRQtU.exe
  C:\Windows\System\rxwRQtU.exe
  2⤵
  PID:2972
- C:\Windows\System\feCAefa.exe
  C:\Windows\System\feCAefa.exe
  2⤵
  PID:2788
- C:\Windows\System\mTlZEMW.exe
  C:\Windows\System\mTlZEMW.exe
  2⤵
  PID:7820
- C:\Windows\System\lPtNVir.exe
  C:\Windows\System\lPtNVir.exe
  2⤵
  PID:572
- C:\Windows\System\nAjMedZ.exe
  C:\Windows\System\nAjMedZ.exe
  2⤵
  PID:7824
- C:\Windows\System\DyGcqMx.exe
  C:\Windows\System\DyGcqMx.exe
  2⤵
  PID:7868
- C:\Windows\System\TgnoNic.exe
  C:\Windows\System\TgnoNic.exe
  2⤵
  PID:1492
- C:\Windows\System\AAjHxck.exe
  C:\Windows\System\AAjHxck.exe
  2⤵
  PID:7952
- C:\Windows\System\nkZguRl.exe
  C:\Windows\System\nkZguRl.exe
  2⤵
  PID:7992
- C:\Windows\System\rlzzJLS.exe
  C:\Windows\System\rlzzJLS.exe
  2⤵
  PID:7940
- C:\Windows\System\lfQWnWW.exe
  C:\Windows\System\lfQWnWW.exe
  2⤵
  PID:8060
- C:\Windows\System\GgwEcxu.exe
  C:\Windows\System\GgwEcxu.exe
  2⤵
  PID:8012
- C:\Windows\System\CXoUOcQ.exe
  C:\Windows\System\CXoUOcQ.exe
  2⤵
  PID:7980
- C:\Windows\System\GHJSjiS.exe
  C:\Windows\System\GHJSjiS.exe
  2⤵
  PID:1572
- C:\Windows\System\pWtvxRu.exe
  C:\Windows\System\pWtvxRu.exe
  2⤵
  PID:8120
- C:\Windows\System\NBilNvh.exe
  C:\Windows\System\NBilNvh.exe
  2⤵
  PID:8136
- C:\Windows\System\iiSWIUD.exe
  C:\Windows\System\iiSWIUD.exe
  2⤵
  PID:8164
- C:\Windows\System\rWXUyqK.exe
  C:\Windows\System\rWXUyqK.exe
  2⤵
  PID:6772
- C:\Windows\System\HBqQjRW.exe
  C:\Windows\System\HBqQjRW.exe
  2⤵
  PID:2536
- C:\Windows\System\dwwuJOt.exe
  C:\Windows\System\dwwuJOt.exe
  2⤵
  PID:7404
- C:\Windows\System\AXNTtFK.exe
  C:\Windows\System\AXNTtFK.exe
  2⤵
  PID:7512
- C:\Windows\System\QxGnMQX.exe
  C:\Windows\System\QxGnMQX.exe
  2⤵
  PID:7308
- C:\Windows\System\giWllmw.exe
  C:\Windows\System\giWllmw.exe
  2⤵
  PID:7548
- C:\Windows\System\CxhDvfy.exe
  C:\Windows\System\CxhDvfy.exe
  2⤵
  PID:2808
- C:\Windows\System\BnqImIG.exe
  C:\Windows\System\BnqImIG.exe
  2⤵
  PID:7788
- C:\Windows\System\SEoChgh.exe
  C:\Windows\System\SEoChgh.exe
  2⤵
  PID:2752
- C:\Windows\System\VPfJLaH.exe
  C:\Windows\System\VPfJLaH.exe
  2⤵
  PID:7828
- C:\Windows\System\cgpEouH.exe
  C:\Windows\System\cgpEouH.exe
  2⤵
  PID:7904
- C:\Windows\System\ZhZkAHf.exe
  C:\Windows\System\ZhZkAHf.exe
  2⤵
  PID:6580
- C:\Windows\System\OzLerHL.exe
  C:\Windows\System\OzLerHL.exe
  2⤵
  PID:8096
- C:\Windows\System\cgJdFdx.exe
  C:\Windows\System\cgJdFdx.exe
  2⤵
  PID:7976
- C:\Windows\System\pTSryxe.exe
  C:\Windows\System\pTSryxe.exe
  2⤵
  PID:2104
- C:\Windows\System\iYcozYO.exe
  C:\Windows\System\iYcozYO.exe
  2⤵
  PID:2096
- C:\Windows\System\sjHaosP.exe
  C:\Windows\System\sjHaosP.exe
  2⤵
  PID:7236
- C:\Windows\System\VYnxbKf.exe
  C:\Windows\System\VYnxbKf.exe
  2⤵
  PID:6340
- C:\Windows\System\qbrUIUF.exe
  C:\Windows\System\qbrUIUF.exe
  2⤵
  PID:7272
- C:\Windows\System\nTnTUZK.exe
  C:\Windows\System\nTnTUZK.exe
  2⤵
  PID:7192
- C:\Windows\System\GtuPKbq.exe
  C:\Windows\System\GtuPKbq.exe
  2⤵
  PID:7304
- C:\Windows\System\VuUuvnF.exe
  C:\Windows\System\VuUuvnF.exe
  2⤵
  PID:7420
- C:\Windows\System\MmSDEoO.exe
  C:\Windows\System\MmSDEoO.exe
  2⤵
  PID:7436
- C:\Windows\System\ekPnPqF.exe
  C:\Windows\System\ekPnPqF.exe
  2⤵
  PID:7496
- C:\Windows\System\dAQoZqa.exe
  C:\Windows\System\dAQoZqa.exe
  2⤵
  PID:7628
- C:\Windows\System\GZvqaAo.exe
  C:\Windows\System\GZvqaAo.exe
  2⤵
  PID:7708
- C:\Windows\System\mCjATkf.exe
  C:\Windows\System\mCjATkf.exe
  2⤵
  PID:3016
- C:\Windows\System\UUtrrTt.exe
  C:\Windows\System\UUtrrTt.exe
  2⤵
  PID:7844
- C:\Windows\System\nJJAkzu.exe
  C:\Windows\System\nJJAkzu.exe
  2⤵
  PID:8132
- C:\Windows\System\sGrpJge.exe
  C:\Windows\System\sGrpJge.exe
  2⤵
  PID:7188
- C:\Windows\System\FJvoiGr.exe
  C:\Windows\System\FJvoiGr.exe
  2⤵
  PID:7564
- C:\Windows\System\FJlweDJ.exe
  C:\Windows\System\FJlweDJ.exe
  2⤵
  PID:3060
- C:\Windows\System\BrlQRQk.exe
  C:\Windows\System\BrlQRQk.exe
  2⤵
  PID:7288
- C:\Windows\System\DhLTFYe.exe
  C:\Windows\System\DhLTFYe.exe
  2⤵
  PID:2604
- C:\Windows\System\WSIRhBu.exe
  C:\Windows\System\WSIRhBu.exe
  2⤵
  PID:7748
- C:\Windows\System\MGSOhaI.exe
  C:\Windows\System\MGSOhaI.exe
  2⤵
  PID:7936
- C:\Windows\System\ukrhhwx.exe
  C:\Windows\System\ukrhhwx.exe
  2⤵
  PID:6660
- C:\Windows\System\TlJrCdL.exe
  C:\Windows\System\TlJrCdL.exe
  2⤵
  PID:8148
- C:\Windows\System\EZzAqqb.exe
  C:\Windows\System\EZzAqqb.exe
  2⤵
  PID:7736
- C:\Windows\System\ramBueY.exe
  C:\Windows\System\ramBueY.exe
  2⤵
  PID:8108
- C:\Windows\System\XDxZWVN.exe
  C:\Windows\System\XDxZWVN.exe
  2⤵
  PID:7560
- C:\Windows\System\sNXxIFC.exe
  C:\Windows\System\sNXxIFC.exe
  2⤵
  PID:8200
- C:\Windows\System\ofBAHBE.exe
  C:\Windows\System\ofBAHBE.exe
  2⤵
  PID:8216
- C:\Windows\System\DOEzlAF.exe
  C:\Windows\System\DOEzlAF.exe
  2⤵
  PID:8232
- C:\Windows\System\Tfsnpma.exe
  C:\Windows\System\Tfsnpma.exe
  2⤵
  PID:8248
- C:\Windows\System\sfpsFRf.exe
  C:\Windows\System\sfpsFRf.exe
  2⤵
  PID:8264
- C:\Windows\System\PKhQqNf.exe
  C:\Windows\System\PKhQqNf.exe
  2⤵
  PID:8280
- C:\Windows\System\BdOcvyu.exe
  C:\Windows\System\BdOcvyu.exe
  2⤵
  PID:8296
- C:\Windows\System\bVuYnhw.exe
  C:\Windows\System\bVuYnhw.exe
  2⤵
  PID:8312
- C:\Windows\System\KoYIlXn.exe
  C:\Windows\System\KoYIlXn.exe
  2⤵
  PID:8328
- C:\Windows\System\ykUator.exe
  C:\Windows\System\ykUator.exe
  2⤵
  PID:8344
- C:\Windows\System\BaKZBEv.exe
  C:\Windows\System\BaKZBEv.exe
  2⤵
  PID:8360
- C:\Windows\System\RlFdoMS.exe
  C:\Windows\System\RlFdoMS.exe
  2⤵
  PID:8376
- C:\Windows\System\yEJcdFI.exe
  C:\Windows\System\yEJcdFI.exe
  2⤵
  PID:8392
- C:\Windows\System\rGebShi.exe
  C:\Windows\System\rGebShi.exe
  2⤵
  PID:8408
- C:\Windows\System\zDIXEdF.exe
  C:\Windows\System\zDIXEdF.exe
  2⤵
  PID:8424
- C:\Windows\System\iAMjjdl.exe
  C:\Windows\System\iAMjjdl.exe
  2⤵
  PID:8440
- C:\Windows\System\debyMxa.exe
  C:\Windows\System\debyMxa.exe
  2⤵
  PID:8456
- C:\Windows\System\zYSyIwL.exe
  C:\Windows\System\zYSyIwL.exe
  2⤵
  PID:8472
- C:\Windows\System\nxxIusU.exe
  C:\Windows\System\nxxIusU.exe
  2⤵
  PID:8488
- C:\Windows\System\EExbhqE.exe
  C:\Windows\System\EExbhqE.exe
  2⤵
  PID:8504
- C:\Windows\System\flpPyVo.exe
  C:\Windows\System\flpPyVo.exe
  2⤵
  PID:8524
- C:\Windows\System\PSPtlFm.exe
  C:\Windows\System\PSPtlFm.exe
  2⤵
  PID:8540
- C:\Windows\System\XGDlDIW.exe
  C:\Windows\System\XGDlDIW.exe
  2⤵
  PID:8556
- C:\Windows\System\OTTmpAv.exe
  C:\Windows\System\OTTmpAv.exe
  2⤵
  PID:8572
- C:\Windows\System\HSZfnWj.exe
  C:\Windows\System\HSZfnWj.exe
  2⤵
  PID:8588
- C:\Windows\System\ftmWiBB.exe
  C:\Windows\System\ftmWiBB.exe
  2⤵
  PID:8608
- C:\Windows\System\PBnhBiL.exe
  C:\Windows\System\PBnhBiL.exe
  2⤵
  PID:8628
- C:\Windows\System\phWtbQB.exe
  C:\Windows\System\phWtbQB.exe
  2⤵
  PID:8644
- C:\Windows\System\bBKelYB.exe
  C:\Windows\System\bBKelYB.exe
  2⤵
  PID:8660
- C:\Windows\System\CovFrZD.exe
  C:\Windows\System\CovFrZD.exe
  2⤵
  PID:8676
- C:\Windows\System\mYfPnih.exe
  C:\Windows\System\mYfPnih.exe
  2⤵
  PID:8692
- C:\Windows\System\UJGFLkt.exe
  C:\Windows\System\UJGFLkt.exe
  2⤵
  PID:8708
- C:\Windows\System\pwiHVRx.exe
  C:\Windows\System\pwiHVRx.exe
  2⤵
  PID:8724
- C:\Windows\System\oCBxuMG.exe
  C:\Windows\System\oCBxuMG.exe
  2⤵
  PID:8740
- C:\Windows\System\lWvwZpA.exe
  C:\Windows\System\lWvwZpA.exe
  2⤵
  PID:8756
- C:\Windows\System\hKUaRrI.exe
  C:\Windows\System\hKUaRrI.exe
  2⤵
  PID:8776
- C:\Windows\System\SUbyfJV.exe
  C:\Windows\System\SUbyfJV.exe
  2⤵
  PID:8792
- C:\Windows\System\BkCYnOR.exe
  C:\Windows\System\BkCYnOR.exe
  2⤵
  PID:8812
- C:\Windows\System\IOsyTYs.exe
  C:\Windows\System\IOsyTYs.exe
  2⤵
  PID:8828
- C:\Windows\System\HUQsIMT.exe
  C:\Windows\System\HUQsIMT.exe
  2⤵
  PID:8844
- C:\Windows\System\tDYjwgm.exe
  C:\Windows\System\tDYjwgm.exe
  2⤵
  PID:8860
- C:\Windows\System\ZpdRxrW.exe
  C:\Windows\System\ZpdRxrW.exe
  2⤵
  PID:8876
- C:\Windows\System\pAxkBHM.exe
  C:\Windows\System\pAxkBHM.exe
  2⤵
  PID:8892
- C:\Windows\System\yMsoqkL.exe
  C:\Windows\System\yMsoqkL.exe
  2⤵
  PID:8908
- C:\Windows\System\GXDwutf.exe
  C:\Windows\System\GXDwutf.exe
  2⤵
  PID:8964
- C:\Windows\System\xguCkwy.exe
  C:\Windows\System\xguCkwy.exe
  2⤵
  PID:8996
- C:\Windows\System\qexEIzq.exe
  C:\Windows\System\qexEIzq.exe
  2⤵
  PID:9040
- C:\Windows\System\FCooUcR.exe
  C:\Windows\System\FCooUcR.exe
  2⤵
  PID:9060
- C:\Windows\System\bMWSqAV.exe
  C:\Windows\System\bMWSqAV.exe
  2⤵
  PID:9076
- C:\Windows\System\pUzYgxa.exe
  C:\Windows\System\pUzYgxa.exe
  2⤵
  PID:9108
- C:\Windows\System\LWLJCQG.exe
  C:\Windows\System\LWLJCQG.exe
  2⤵
  PID:9140
- C:\Windows\System\xUCUGCT.exe
  C:\Windows\System\xUCUGCT.exe
  2⤵
  PID:9160
- C:\Windows\System\mgddbEn.exe
  C:\Windows\System\mgddbEn.exe
  2⤵
  PID:9176
- C:\Windows\System\sgPsbso.exe
  C:\Windows\System\sgPsbso.exe
  2⤵
  PID:8168
- C:\Windows\System\yjUqpGb.exe
  C:\Windows\System\yjUqpGb.exe
  2⤵
  PID:8152
- C:\Windows\System\mqRQEsD.exe
  C:\Windows\System\mqRQEsD.exe
  2⤵
  PID:8244
- C:\Windows\System\ycMRxcm.exe
  C:\Windows\System\ycMRxcm.exe
  2⤵
  PID:8352
- C:\Windows\System\WOBWdOa.exe
  C:\Windows\System\WOBWdOa.exe
  2⤵
  PID:8420
- C:\Windows\System\zAmPfYA.exe
  C:\Windows\System\zAmPfYA.exe
  2⤵
  PID:8484
- C:\Windows\System\VzCYyhc.exe
  C:\Windows\System\VzCYyhc.exe
  2⤵
  PID:7804
- C:\Windows\System\oWyBqFa.exe
  C:\Windows\System\oWyBqFa.exe
  2⤵
  PID:8116
- C:\Windows\System\vEOwxme.exe
  C:\Windows\System\vEOwxme.exe
  2⤵
  PID:8400
- C:\Windows\System\BsTUxtM.exe
  C:\Windows\System\BsTUxtM.exe
  2⤵
  PID:8520
- C:\Windows\System\REJUxRk.exe
  C:\Windows\System\REJUxRk.exe
  2⤵
  PID:8340
- C:\Windows\System\FRfvcVN.exe
  C:\Windows\System\FRfvcVN.exe
  2⤵
  PID:8436
- C:\Windows\System\AfjnNfh.exe
  C:\Windows\System\AfjnNfh.exe
  2⤵
  PID:8500
- C:\Windows\System\TkPtJjc.exe
  C:\Windows\System\TkPtJjc.exe
  2⤵
  PID:8552
- C:\Windows\System\RQodQex.exe
  C:\Windows\System\RQodQex.exe
  2⤵
  PID:8596
- C:\Windows\System\PGyllsb.exe
  C:\Windows\System\PGyllsb.exe
  2⤵
  PID:8784
- C:\Windows\System\nigMpqi.exe
  C:\Windows\System\nigMpqi.exe
  2⤵
  PID:8824
- C:\Windows\System\uxrVXtW.exe
  C:\Windows\System\uxrVXtW.exe
  2⤵
  PID:8856
- C:\Windows\System\wLMgzud.exe
  C:\Windows\System\wLMgzud.exe
  2⤵
  PID:8932
- C:\Windows\System\uxeoRAh.exe
  C:\Windows\System\uxeoRAh.exe
  2⤵
  PID:2968
- C:\Windows\System\CGuBxEB.exe
  C:\Windows\System\CGuBxEB.exe
  2⤵
  PID:8984
- C:\Windows\System\sPbhjyw.exe
  C:\Windows\System\sPbhjyw.exe
  2⤵
  PID:9008
- C:\Windows\System\NPnsQfR.exe
  C:\Windows\System\NPnsQfR.exe
  2⤵
  PID:8972
- C:\Windows\System\hdhgAZL.exe
  C:\Windows\System\hdhgAZL.exe
  2⤵
  PID:9056
- C:\Windows\System\OdejajP.exe
  C:\Windows\System\OdejajP.exe
  2⤵
  PID:9092
- C:\Windows\System\wtOEHEH.exe
  C:\Windows\System\wtOEHEH.exe
  2⤵
  PID:9100
- C:\Windows\System\idzjwwI.exe
  C:\Windows\System\idzjwwI.exe
  2⤵
  PID:9132
- C:\Windows\System\UqZXrOV.exe
  C:\Windows\System\UqZXrOV.exe
  2⤵
  PID:9152
- C:\Windows\System\dQQpqwk.exe
  C:\Windows\System\dQQpqwk.exe
  2⤵
  PID:9196
- C:\Windows\System\oMbERjn.exe
  C:\Windows\System\oMbERjn.exe
  2⤵
  PID:9188
- C:\Windows\System\JdQaXlI.exe
  C:\Windows\System\JdQaXlI.exe
  2⤵
  PID:6996
- C:\Windows\System\Zaveqhw.exe
  C:\Windows\System\Zaveqhw.exe
  2⤵
  PID:8240
- C:\Windows\System\DoSMjfO.exe
  C:\Windows\System\DoSMjfO.exe
  2⤵
  PID:8260
- C:\Windows\System\XDESyyr.exe
  C:\Windows\System\XDESyyr.exe
  2⤵
  PID:7300
- C:\Windows\System\pGEknKM.exe
  C:\Windows\System\pGEknKM.exe
  2⤵
  PID:8516
- C:\Windows\System\hXvoXWy.exe
  C:\Windows\System\hXvoXWy.exe
  2⤵
  PID:8208
- C:\Windows\System\FdrwRrS.exe
  C:\Windows\System\FdrwRrS.exe
  2⤵
  PID:8308
- C:\Windows\System\fWHRYUX.exe
  C:\Windows\System\fWHRYUX.exe
  2⤵
  PID:8404
- C:\Windows\System\toMdiqx.exe
  C:\Windows\System\toMdiqx.exe
  2⤵
  PID:8624
- C:\Windows\System\PTgldde.exe
  C:\Windows\System\PTgldde.exe
  2⤵
  PID:8700
- C:\Windows\System\IFfDZfI.exe
  C:\Windows\System\IFfDZfI.exe
  2⤵
  PID:8736
- C:\Windows\System\BegDYqq.exe
  C:\Windows\System\BegDYqq.exe
  2⤵
  PID:8716
- C:\Windows\System\vZuDLkx.exe
  C:\Windows\System\vZuDLkx.exe
  2⤵
  PID:8764
- C:\Windows\System\TptZjZg.exe
  C:\Windows\System\TptZjZg.exe
  2⤵
  PID:8788
- C:\Windows\System\UFVuRJC.exe
  C:\Windows\System\UFVuRJC.exe
  2⤵
  PID:1004
- C:\Windows\System\zBnIRqB.exe
  C:\Windows\System\zBnIRqB.exe
  2⤵
  PID:8936
- C:\Windows\System\jdWTNam.exe
  C:\Windows\System\jdWTNam.exe
  2⤵
  PID:8956
- C:\Windows\System\CuLKtsh.exe
  C:\Windows\System\CuLKtsh.exe
  2⤵
  PID:9016
- C:\Windows\System\RXkrnfV.exe
  C:\Windows\System\RXkrnfV.exe
  2⤵
  PID:9032
- C:\Windows\System\YQWpgWf.exe
  C:\Windows\System\YQWpgWf.exe
  2⤵
  PID:9072
- C:\Windows\System\iSOVLUi.exe
  C:\Windows\System\iSOVLUi.exe
  2⤵
  PID:9096
- C:\Windows\System\ouQpRQo.exe
  C:\Windows\System\ouQpRQo.exe
  2⤵
  PID:9148
- C:\Windows\System\OaPIIMk.exe
  C:\Windows\System\OaPIIMk.exe
  2⤵
  PID:8320
- C:\Windows\System\sPdrLil.exe
  C:\Windows\System\sPdrLil.exe
  2⤵
  PID:9128
- C:\Windows\System\wrencAb.exe
  C:\Windows\System\wrencAb.exe
  2⤵
  PID:9192
- C:\Windows\System\XCsOgqs.exe
  C:\Windows\System\XCsOgqs.exe
  2⤵
  PID:7676
- C:\Windows\System\ShPbLgJ.exe
  C:\Windows\System\ShPbLgJ.exe
  2⤵
  PID:9024
- C:\Windows\System\hgPtFDg.exe
  C:\Windows\System\hgPtFDg.exe
  2⤵
  PID:8368
- C:\Windows\System\tSiXirr.exe
  C:\Windows\System\tSiXirr.exe
  2⤵
  PID:8568
- C:\Windows\System\zUAsyGJ.exe
  C:\Windows\System\zUAsyGJ.exe
  2⤵
  PID:8748
- C:\Windows\System\fLrGCAq.exe
  C:\Windows\System\fLrGCAq.exe
  2⤵
  PID:8868
- C:\Windows\System\rfSXIhD.exe
  C:\Windows\System\rfSXIhD.exe
  2⤵
  PID:9036
- C:\Windows\System\lEbZsjW.exe
  C:\Windows\System\lEbZsjW.exe
  2⤵
  PID:9004
- C:\Windows\System\cYmjFUU.exe
  C:\Windows\System\cYmjFUU.exe
  2⤵
  PID:8992
- C:\Windows\System\UelaquM.exe
  C:\Windows\System\UelaquM.exe
  2⤵
  PID:7932
- C:\Windows\System\RJDBxTi.exe
  C:\Windows\System\RJDBxTi.exe
  2⤵
  PID:8976
- C:\Windows\System\baTnSAi.exe
  C:\Windows\System\baTnSAi.exe
  2⤵
  PID:8668
- C:\Windows\System\AXwoNDH.exe
  C:\Windows\System\AXwoNDH.exe
  2⤵
  PID:8884
- C:\Windows\System\AvyouRQ.exe
  C:\Windows\System\AvyouRQ.exe
  2⤵
  PID:8720
- C:\Windows\System\bHRfbWQ.exe
  C:\Windows\System\bHRfbWQ.exe
  2⤵
  PID:8548
- C:\Windows\System\KvNgYQB.exe
  C:\Windows\System\KvNgYQB.exe
  2⤵
  PID:9084
- C:\Windows\System\CYYSNsp.exe
  C:\Windows\System\CYYSNsp.exe
  2⤵
  PID:7464
- C:\Windows\System\KaKzquB.exe
  C:\Windows\System\KaKzquB.exe
  2⤵
  PID:9116
- C:\Windows\System\qtctMrK.exe
  C:\Windows\System\qtctMrK.exe
  2⤵
  PID:8452
- C:\Windows\System\tSMZGcY.exe
  C:\Windows\System\tSMZGcY.exe
  2⤵
  PID:8288
- C:\Windows\System\BihiEuW.exe
  C:\Windows\System\BihiEuW.exe
  2⤵
  PID:8388
- C:\Windows\System\PfEHQPY.exe
  C:\Windows\System\PfEHQPY.exe
  2⤵
  PID:9236
- C:\Windows\System\eUgKUSr.exe
  C:\Windows\System\eUgKUSr.exe
  2⤵
  PID:9264
- C:\Windows\System\SxvlPkL.exe
  C:\Windows\System\SxvlPkL.exe
  2⤵
  PID:9292
- C:\Windows\System\ejQETYX.exe
  C:\Windows\System\ejQETYX.exe
  2⤵
  PID:9308
- C:\Windows\System\AUgLObJ.exe
  C:\Windows\System\AUgLObJ.exe
  2⤵
  PID:9328
- C:\Windows\System\ipnScus.exe
  C:\Windows\System\ipnScus.exe
  2⤵
  PID:9344
- C:\Windows\System\RTjrtYl.exe
  C:\Windows\System\RTjrtYl.exe
  2⤵
  PID:9368
- C:\Windows\System\IGUuHzl.exe
  C:\Windows\System\IGUuHzl.exe
  2⤵
  PID:9388
- C:\Windows\System\gnYMiHM.exe
  C:\Windows\System\gnYMiHM.exe
  2⤵
  PID:9408
- C:\Windows\System\rxKUDtp.exe
  C:\Windows\System\rxKUDtp.exe
  2⤵
  PID:9428
- C:\Windows\System\ZeAfMgZ.exe
  C:\Windows\System\ZeAfMgZ.exe
  2⤵
  PID:9444
- C:\Windows\System\dJvydEx.exe
  C:\Windows\System\dJvydEx.exe
  2⤵
  PID:9464
- C:\Windows\System\NzAOIRP.exe
  C:\Windows\System\NzAOIRP.exe
  2⤵
  PID:9484
- C:\Windows\System\lwYSCAm.exe
  C:\Windows\System\lwYSCAm.exe
  2⤵
  PID:9504
- C:\Windows\System\aMkNvmf.exe
  C:\Windows\System\aMkNvmf.exe
  2⤵
  PID:9528
- C:\Windows\System\dCfFxtB.exe
  C:\Windows\System\dCfFxtB.exe
  2⤵
  PID:9552
- C:\Windows\System\roFSweU.exe
  C:\Windows\System\roFSweU.exe
  2⤵
  PID:9572
- C:\Windows\System\eufqyfS.exe
  C:\Windows\System\eufqyfS.exe
  2⤵
  PID:9636
- C:\Windows\System\dLzmZhW.exe
  C:\Windows\System\dLzmZhW.exe
  2⤵
  PID:9652
- C:\Windows\System\LSKZASh.exe
  C:\Windows\System\LSKZASh.exe
  2⤵
  PID:9672
- C:\Windows\System\PlLyAdG.exe
  C:\Windows\System\PlLyAdG.exe
  2⤵
  PID:9692
- C:\Windows\System\VjdAWJN.exe
  C:\Windows\System\VjdAWJN.exe
  2⤵
  PID:9708
- C:\Windows\System\RwCQEkJ.exe
  C:\Windows\System\RwCQEkJ.exe
  2⤵
  PID:9724
- C:\Windows\System\eshVjTS.exe
  C:\Windows\System\eshVjTS.exe
  2⤵
  PID:9740
- C:\Windows\System\JynOgHd.exe
  C:\Windows\System\JynOgHd.exe
  2⤵
  PID:9756
- C:\Windows\System\vRUpWmH.exe
  C:\Windows\System\vRUpWmH.exe
  2⤵
  PID:9772
- C:\Windows\System\MsDaOXT.exe
  C:\Windows\System\MsDaOXT.exe
  2⤵
  PID:9788
- C:\Windows\System\XeTQzXf.exe
  C:\Windows\System\XeTQzXf.exe
  2⤵
  PID:9804
- C:\Windows\System\FAArGRx.exe
  C:\Windows\System\FAArGRx.exe
  2⤵
  PID:9820
- C:\Windows\System\rzdNGAR.exe
  C:\Windows\System\rzdNGAR.exe
  2⤵
  PID:9836
- C:\Windows\System\LLLgiHc.exe
  C:\Windows\System\LLLgiHc.exe
  2⤵
  PID:9852
- C:\Windows\System\EWoJeom.exe
  C:\Windows\System\EWoJeom.exe
  2⤵
  PID:9868
- C:\Windows\System\WnVcUoI.exe
  C:\Windows\System\WnVcUoI.exe
  2⤵
  PID:9884
- C:\Windows\System\tChancK.exe
  C:\Windows\System\tChancK.exe
  2⤵
  PID:9900
- C:\Windows\System\HQaSwre.exe
  C:\Windows\System\HQaSwre.exe
  2⤵
  PID:9916
- C:\Windows\System\RaFdZfE.exe
  C:\Windows\System\RaFdZfE.exe
  2⤵
  PID:9932
- C:\Windows\System\aIjCJhc.exe
  C:\Windows\System\aIjCJhc.exe
  2⤵
  PID:9948
- C:\Windows\System\rHBhVOX.exe
  C:\Windows\System\rHBhVOX.exe
  2⤵
  PID:9964
- C:\Windows\System\yDGtAMM.exe
  C:\Windows\System\yDGtAMM.exe
  2⤵
  PID:9984
- C:\Windows\System\KRkxbzP.exe
  C:\Windows\System\KRkxbzP.exe
  2⤵
  PID:10008
- C:\Windows\System\BUNoHAl.exe
  C:\Windows\System\BUNoHAl.exe
  2⤵
  PID:10024
- C:\Windows\System\PAXSddG.exe
  C:\Windows\System\PAXSddG.exe
  2⤵
  PID:10040
- C:\Windows\System\sivYCOI.exe
  C:\Windows\System\sivYCOI.exe
  2⤵
  PID:10068
- C:\Windows\System\mvemJsk.exe
  C:\Windows\System\mvemJsk.exe
  2⤵
  PID:10088
- C:\Windows\System\gTFLhYv.exe
  C:\Windows\System\gTFLhYv.exe
  2⤵
  PID:10104
- C:\Windows\System\vTtEfBQ.exe
  C:\Windows\System\vTtEfBQ.exe
  2⤵
  PID:10120
- C:\Windows\System\CgBxrKC.exe
  C:\Windows\System\CgBxrKC.exe
  2⤵
  PID:10144
- C:\Windows\System\BYBjISe.exe
  C:\Windows\System\BYBjISe.exe
  2⤵
  PID:10160
- C:\Windows\System\wZWZUGN.exe
  C:\Windows\System\wZWZUGN.exe
  2⤵
  PID:10180
- C:\Windows\System\vqvXRvw.exe
  C:\Windows\System\vqvXRvw.exe
  2⤵
  PID:10200
- C:\Windows\System\kLQcbyD.exe
  C:\Windows\System\kLQcbyD.exe
  2⤵
  PID:10220
- C:\Windows\System\rPDhwtU.exe
  C:\Windows\System\rPDhwtU.exe
  2⤵
  PID:8184
- C:\Windows\System\khtTUUY.exe
  C:\Windows\System\khtTUUY.exe
  2⤵
  PID:8980
- C:\Windows\System\XoVCxRc.exe
  C:\Windows\System\XoVCxRc.exe
  2⤵
  PID:9204
- C:\Windows\System\twSBGUg.exe
  C:\Windows\System\twSBGUg.exe
  2⤵
  PID:9272
- C:\Windows\System\YmYEeTn.exe
  C:\Windows\System\YmYEeTn.exe
  2⤵
  PID:9324
- C:\Windows\System\yXbnniE.exe
  C:\Windows\System\yXbnniE.exe
  2⤵
  PID:9352
- C:\Windows\System\npVnSoU.exe
  C:\Windows\System\npVnSoU.exe
  2⤵
  PID:8684
- C:\Windows\System\DTrFmyT.exe
  C:\Windows\System\DTrFmyT.exe
  2⤵
  PID:9304
- C:\Windows\System\cpwauYw.exe
  C:\Windows\System\cpwauYw.exe
  2⤵
  PID:9248
- C:\Windows\System\ufZZzuc.exe
  C:\Windows\System\ufZZzuc.exe
  2⤵
  PID:9456
- C:\Windows\System\prULYSG.exe
  C:\Windows\System\prULYSG.exe
  2⤵
  PID:9496
- C:\Windows\System\hHcajkn.exe
  C:\Windows\System\hHcajkn.exe
  2⤵
  PID:9436
- C:\Windows\System\jjcOCCQ.exe
  C:\Windows\System\jjcOCCQ.exe
  2⤵
  PID:9512
- C:\Windows\System\cQiAwxh.exe
  C:\Windows\System\cQiAwxh.exe
  2⤵
  PID:9536
- C:\Windows\System\nDmeRSq.exe
  C:\Windows\System\nDmeRSq.exe
  2⤵
  PID:9568
- C:\Windows\System\ajtOwMK.exe
  C:\Windows\System\ajtOwMK.exe
  2⤵
  PID:9600
- C:\Windows\System\nuAnBPS.exe
  C:\Windows\System\nuAnBPS.exe
  2⤵
  PID:9648
- C:\Windows\System\dIDxSUQ.exe
  C:\Windows\System\dIDxSUQ.exe
  2⤵
  PID:9660
- C:\Windows\System\ARAlpmI.exe
  C:\Windows\System\ARAlpmI.exe
  2⤵
  PID:9700
- C:\Windows\System\kokxqOi.exe
  C:\Windows\System\kokxqOi.exe
  2⤵
  PID:9732
- C:\Windows\System\RvusRsX.exe
  C:\Windows\System\RvusRsX.exe
  2⤵
  PID:9764
- C:\Windows\System\RpBMTjR.exe
  C:\Windows\System\RpBMTjR.exe
  2⤵
  PID:9784
- C:\Windows\System\advymou.exe
  C:\Windows\System\advymou.exe
  2⤵
  PID:9816
- C:\Windows\System\CBuEsar.exe
  C:\Windows\System\CBuEsar.exe
  2⤵
  PID:9848
- C:\Windows\System\tYSAxUE.exe
  C:\Windows\System\tYSAxUE.exe
  2⤵
  PID:9892
- C:\Windows\System\qOfTNPQ.exe
  C:\Windows\System\qOfTNPQ.exe
  2⤵
  PID:9924
- C:\Windows\System\cKJBrnT.exe
  C:\Windows\System\cKJBrnT.exe
  2⤵
  PID:9956
- C:\Windows\System\juGXlZp.exe
  C:\Windows\System\juGXlZp.exe
  2⤵
  PID:9604
- C:\Windows\System\pWcQBOH.exe
  C:\Windows\System\pWcQBOH.exe
  2⤵
  PID:10048
- C:\Windows\System\ndCTvDN.exe
  C:\Windows\System\ndCTvDN.exe
  2⤵
  PID:10100
- C:\Windows\System\lOZkmGc.exe
  C:\Windows\System\lOZkmGc.exe
  2⤵
  PID:10172
- C:\Windows\System\HchTZjR.exe
  C:\Windows\System\HchTZjR.exe
  2⤵
  PID:9616
- C:\Windows\System\nnmmZyB.exe
  C:\Windows\System\nnmmZyB.exe
  2⤵
  PID:10084
- C:\Windows\System\nHKPjIt.exe
  C:\Windows\System\nHKPjIt.exe
  2⤵
  PID:9224
- C:\Windows\System\ePBvXHV.exe
  C:\Windows\System\ePBvXHV.exe
  2⤵
  PID:10116
- C:\Windows\System\BjDIMGp.exe
  C:\Windows\System\BjDIMGp.exe
  2⤵
  PID:9256
- C:\Windows\System\RiXIRXE.exe
  C:\Windows\System\RiXIRXE.exe
  2⤵
  PID:10188
- C:\Windows\System\bTEKvFh.exe
  C:\Windows\System\bTEKvFh.exe
  2⤵
  PID:10228
- C:\Windows\System\wxjEbcr.exe
  C:\Windows\System\wxjEbcr.exe
  2⤵
  PID:8304
- C:\Windows\System\KMBkPda.exe
  C:\Windows\System\KMBkPda.exe
  2⤵
  PID:9340
- C:\Windows\System\zYTRvoj.exe
  C:\Windows\System\zYTRvoj.exe
  2⤵
  PID:9300
- C:\Windows\System\sJLDBbl.exe
  C:\Windows\System\sJLDBbl.exe
  2⤵
  PID:9452
- C:\Windows\System\kVhnksh.exe
  C:\Windows\System\kVhnksh.exe
  2⤵
  PID:9380
- C:\Windows\System\rnOkUPr.exe
  C:\Windows\System\rnOkUPr.exe
  2⤵
  PID:8564
- C:\Windows\System\XvqNCBN.exe
  C:\Windows\System\XvqNCBN.exe
  2⤵
  PID:9384
- C:\Windows\System\SyYsANH.exe
  C:\Windows\System\SyYsANH.exe
  2⤵
  PID:9548
- C:\Windows\System\EqgETpi.exe
  C:\Windows\System\EqgETpi.exe
  2⤵
  PID:9544
- C:\Windows\System\esHdNuE.exe
  C:\Windows\System\esHdNuE.exe
  2⤵
  PID:9668
- C:\Windows\System\CwovTnz.exe
  C:\Windows\System\CwovTnz.exe
  2⤵
  PID:9588
- C:\Windows\System\QrcMOCm.exe
  C:\Windows\System\QrcMOCm.exe
  2⤵
  PID:9684
- C:\Windows\System\NBTuutC.exe
  C:\Windows\System\NBTuutC.exe
  2⤵
  PID:9752
- C:\Windows\System\SSkttAK.exe
  C:\Windows\System\SSkttAK.exe
  2⤵
  PID:9864
- C:\Windows\System\yMbeJjn.exe
  C:\Windows\System\yMbeJjn.exe
  2⤵
  PID:9832
- C:\Windows\System\HKCFaFD.exe
  C:\Windows\System\HKCFaFD.exe
  2⤵
  PID:9912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AljPfgB.exe

Filesize
6.0MB

MD5
dc5f0f05b9e2faa897f4d9462b38da3f

SHA1
4c4dd00bf1632ff4f8d335a5890035f255b15445

SHA256
3bad7e6d9953fb1c62a07b68767992b29c3355dec11d8e298e388eabbddee569

SHA512
a44aba61106a2b6365469328809ca752f3de09bdc31a5501e6e71e88c69aad5b3b6b54dbd1352ede00b549a60a117ca4211d59193ea8eb9c652b1d361a1e6950

Download Submit
C:\Windows\system\EGOnZys.exe

Filesize
6.0MB

MD5
237dddb14cb6bcc9ac4a51ca6f581617

SHA1
eabf9b18e1d27947cdbb52381c19bdb3e3d706ce

SHA256
37a8f59d74456a9c811b241372569893f94b4adde4dbe4c4c175faf4626be5ab

SHA512
2971ade919c729a1eb666e601f863630db964980985bdb5e23a582e3423c3a32451bc5e5c817d1482980f4e2f912a2ef8ae7407cc82a7096c8a7bd00dc5e3e48

Download Submit
C:\Windows\system\EMyNMcp.exe

Filesize
6.0MB

MD5
684f39ccfa1a36251930de49f7454fc8

SHA1
1585a69762bdab186ac135071e30cf2d7ad00f3a

SHA256
ce3720d22a697deec07a9403c6d214d4d078c72c03a53ccaea344977ab505ac0

SHA512
976fba6ada981ca30ecadbb131f1ff20f7d271dcc70b672f8d7db4c86e9f6e4d117c2f930f895fd9301d51b24fc36769d9f4b14004abff2f477e17cc103d9ae0

Download Submit
C:\Windows\system\FVqbxCA.exe

Filesize
6.0MB

MD5
6176ffe583df3b74548091a9ef6bb1eb

SHA1
fc80a57040ee623813873391cc4cd29121e96a87

SHA256
f3a21338cb62ba349b9358a03510b6af9e229387f4743c9c1a2d1de9edd5efdd

SHA512
0157ab49b3a6b34e7df8554435d6efaa99b4a6cadb51545cc409306b3ee8ec82880fdbc75a8cb4e9ae6a87651491cac2c06fc1cf185b8b940edcfb224f326a95

Download Submit
C:\Windows\system\GpFwAJJ.exe

Filesize
6.0MB

MD5
fbd93be34654ce438ad0e126de69d863

SHA1
551da390026aab64dc413086bb7dbb7a5f2ad4b7

SHA256
b9de516d8500ebae59a9d5ae0151d17d2e01b7c551e5471df2b7e3f417c5154e

SHA512
f6a0a60eecb9a3d4c2875b300a46ce83dc8c7a1b4e09c746a5d5bb2821f9a3bf27f957b503deb6fb4bd7d9a6b2c7c947bd0f75cf4511d1286f07e559ffaea0f6

Download Submit
C:\Windows\system\ISegblv.exe

Filesize
6.0MB

MD5
94d544b1e13a0becf0e366d5035f1e4c

SHA1
71920177e6760a08b7a2a1e85d5bc8e19ab7b1e4

SHA256
9e265863e9d4cd02953764cb8f5923455828e1d40ae9de2b88dd67937e36ca78

SHA512
f18a784a3ea188925f4e1b9c9b165ee0c499ab173f47653a0ad0c444043e0a2689945e0425d92ab9528013e79f7be71f54e942242f5dcdac6821ab74af3fb96d

Download Submit
C:\Windows\system\KknIyoh.exe

Filesize
6.0MB

MD5
398c85f43c807ab2a66984c3e6dc8f01

SHA1
53f0da57889ae20760443fd5f812d8d46cd8c62c

SHA256
2911c470761f33ebb22227857ae913021fd6bcc907830317a0ad8098f7e09730

SHA512
4d521a7758b32bab634161c9e6da882caa0d800b7c5b7cf7d8562e4803b8283239bb2a8b83cc9ba7d06877e33a9e588a184a52d362f4cd87d24b8adcbd5a2e92

Download Submit
C:\Windows\system\LnhqxvA.exe

Filesize
6.0MB

MD5
8946f84608b98397709a1d358a50ee9a

SHA1
54f864ee2325fcd8d703f9d1deda934ae621412b

SHA256
ada7b0e0a792019083050836a132d48d50646fa05349725906c8770b4f956937

SHA512
b629fef288cf46126a50c82f431b37864c6700d5561bf045d92a52c2b899be1888b71d00e4431b990d49c05b6f562f2ad162b74a4ddb7095639873c843d8eeed

Download Submit
C:\Windows\system\MAEPwcO.exe

Filesize
6.0MB

MD5
52dd32a95669df5adc342dda5aa0d369

SHA1
ab3aa0e4dcad541834a9ee869f703124aab409de

SHA256
834b3ea63f1e6ceabaf50c3986ed9647282ed3f8298bc68957f91e870e92e5bb

SHA512
cd639e235c6c8b920d3c1ffc7b614139a76d75b7b0e5dc7f2000a79fd864caf17156da15dce97d56124d4d8544dabf771c5e378e3f8dff7e9ae3d32c86007409

Download Submit
C:\Windows\system\YedrVPi.exe

Filesize
6.0MB

MD5
9ad6466d10b4f3242596ac12fb7fbc79

SHA1
39f41265b134c40b5296e4e2180b635df65b3fda

SHA256
603206333b265a724cf84db140074c1ead45987514e02d8ab82909f57215eb27

SHA512
17aec17f9de30937cba4ba6bff72ea68f78f8640747d5625547300384b3641dc88e0f6a9d7a801e28268678fd1231ad10eec93e73aa254319fdd25e65b5eff1e

Download Submit
C:\Windows\system\atfTQJF.exe

Filesize
6.0MB

MD5
4c2470c82f4d7d2081833a7bf840ad7f

SHA1
4bc25f92b5d6efb022247f00aa2519e844d00c06

SHA256
a4ac84b474687fdedfb506d40d9005b3d5421974498c052c405ac6d12e05013c

SHA512
78266d06c7fc60fa0f62ffcad71ba35234ea99f6c7bbb5d67f844b1ac259c58216c8255cf3881ddc6ef879d3a22feb4264979943525dcb02e6335d6525ef9fcc

Download Submit
C:\Windows\system\avepTrq.exe

Filesize
6.0MB

MD5
261eb7d39672969b0f8f519dba4bd0ce

SHA1
f232589e0d361d7beeedcca5f30393a43172817d

SHA256
cb3129b1552308ddfdb703e9892e207cf91d34867646882d0d548074e37ff5b4

SHA512
3699326f2f13d22576640dce3eb46830d6f51d77163041d96852f112b69490d3eacfa8d8a4663adc1cdbb997c0983488345c761fcd3312957231529aad064ad7

Download Submit
C:\Windows\system\ezkfqno.exe

Filesize
6.0MB

MD5
03774cc3e753674d6c38b23e0bc5a0ff

SHA1
c2c7c5d56dbd10136f64cc2e5ac64fda33ae470e

SHA256
14600cc9d3069816e5b62f86b13a6eb3b583d39e606db7ae98b0f2068b39f11e

SHA512
aa03f1616ec52bbcdc185059bb150fdbc1b67b614b2f7ff125b4a62135dd12e9f0055a2de85c00df0f1ce79503978b93b27a4e8a73123df1d73455ce211212c3

Download Submit
C:\Windows\system\fPZRLmD.exe

Filesize
6.0MB

MD5
f1849185382f479319d2ae057673901e

SHA1
b76b6cd9a761b9964905e65a108d362af9319937

SHA256
ecb0032cd26844db0187199942813f04075f3455107cecc2ba1b18dbbc85993f

SHA512
0caeba580252acd5a7d09cbe2f54dae61f45671bb2954891db2c005907471a0968702b4a5ab04375e1462f2cd9b67ac03c37d62a0dabfcbfb3abe9f27301076d

Download Submit
C:\Windows\system\gsBNXFB.exe

Filesize
6.0MB

MD5
94dd9afbc0d0aa33fbde45b148da9932

SHA1
b34c463098ea09c5388c4ec8d70d0f90f4139df3

SHA256
26c4a6c997647d90d2dad386c95e99cc5b508fa6b8a7e65cb58dabb2b0a8a51b

SHA512
e903abebdecd37c13e8c40cb1b9f778a059aac8e3704a368fbc11d840ba2edfd33e21b91b6eee8468da77531fde32b604a02325970fe2c2ae47a4ad95c279b6a

Download Submit
C:\Windows\system\lPSjfAa.exe

Filesize
6.0MB

MD5
37e0c21b87b4443b010f945151efc366

SHA1
e642ed5dfa27a54c88fce12fade04b89b09b0978

SHA256
2e89cf4ef02fc5671a1a530bfa2806e29c3e9e25ea4f554928fe923e31403a15

SHA512
8345e3878247a1e5c90e0ac96aef246be6e953cfbf2c8292212b9a56547104b40246004c7d80d9aa8b553471bd8a21e7867a9d535315c0eba79d20fe760a7955

Download Submit
C:\Windows\system\lhLcaZL.exe

Filesize
6.0MB

MD5
4296f0e0702f8b6db7c00af2d08ad8a2

SHA1
40f3d6479fcb4a6ad2421ac69577a755a5305597

SHA256
b3015a7fd55d548aba957d83fb864746bd4948aa5cb40ec48dd1496c8bc00dc4

SHA512
c55faa6da73e1e4052d5b14d72fa150109b3840c1c27c505bfbbbe86a57c023a385ac61cbcce91697ca9eaf9331fbb01869e246338e4a5f79bfd7eb7d959dbd5

Download Submit
C:\Windows\system\nboxdVw.exe

Filesize
6.0MB

MD5
12e5375bd2a4a014858235260b79783e

SHA1
712fc96f715c28b9e9f4ef0bb44df476ce7fecb1

SHA256
39afaf460eafa646022cc86331c6542b671b44849123cc37877b72976596bf47

SHA512
59a9f7cd77a85454094e7af2716c9cb2d24083fbe0679e4e87c8cbf020e6224c44f51e7b7d4876cd2a28afa425985a1dd261755d83231086cd3cebecc4226c2c

Download Submit
C:\Windows\system\oXVgBFm.exe

Filesize
6.0MB

MD5
ccbb5912a81814a3e17402f99ca8c1c5

SHA1
d2307d5c2206db6c35941bdafe6aa9bbb2ab08b9

SHA256
e8502771b53d933894fbcc4db81c0dc77de124fc34c795b7056a43522467967f

SHA512
824a8d96f68a196a1cb9e691c3827fc7eb418a7849d271c934abd5639a96101cdf8214c0d23bd805f0373f121ec690c0414ad3d0ff1bd1b593d9ad52d28b17c4

Download Submit
C:\Windows\system\pSQNcws.exe

Filesize
6.0MB

MD5
f55c7325f457bed758f6021629533c42

SHA1
9c3220500a5704e5b0e2b9fb16528d9497430d4e

SHA256
cf0afa7d8ecca111c2058cce3be08cf58ef2938f2560c4693710930ef14ac524

SHA512
b57b5fb6f9ea33a36afaa69ea6add2c5bd46189d82ac5cb3d11d1c8f1ffb74894a335a19d24aa1578d3ecfb7799a228a3a05ba0752a493dc9381915f1ef69972

Download Submit
C:\Windows\system\pVHVDOa.exe

Filesize
6.0MB

MD5
692ab9a65a737a7dab3803a3dc260100

SHA1
43fc3fcccaeb33cbb02f233778a0a985d1ea77c1

SHA256
cae272eaa35a996d4ecd77c7f7a5d250d58e4e4ed04756545061e8cc36736c58

SHA512
083e1128112a8252b193bc8dbb0c954b01bf7627eabfd8e9df23b772972e86de4fcdf2b1da1043052ced759462caed7f8ddf7df252cef10ab8754397a8d9a550

Download Submit
C:\Windows\system\pqamiHa.exe

Filesize
6.0MB

MD5
cdd3325204d3a3846ce12fb791813542

SHA1
67d367d52674b395fce90e0dccf65bc66a680930

SHA256
893346e2291b7ef7405d87ff1959addef8e2b275bc723d32e80b22a49e647366

SHA512
93c35720df755fbaa3e9172614e334b48cc2562580827ee3c61c59a97359e4df9d9ebaf38b8a70db9b8fb863f8b0fdf1de1c2b299cb1f93791be891b4fa56926

Download Submit
C:\Windows\system\qCEGbrv.exe

Filesize
6.0MB

MD5
b55be8000c7207b99bd0604980007c1c

SHA1
dc98e98f0f98bc291030276440c2342478b0c411

SHA256
2ee70aab75f567f00646728f52a8cc17e9eaf22026ea0933ddf8a85d94bbdc6e

SHA512
4b23c8dae3da79da9a52385cf73e6c5407caa2fb6ae4730d1a262c55279d7c4c64be0f4605c403ec7050cd2d03ae6337e88f4b53338954f523dc03037dad5f8a

Download Submit
C:\Windows\system\qQPpMXf.exe

Filesize
6.0MB

MD5
46055d1cf1ad597ffb6478840135aadd

SHA1
9c3d4700d7a3453e9abb8b2d1f18d4cdf265df78

SHA256
d4e3972f2e8b601375b806464633050a64d73f17de6f3c9c7e0c4685a45c365a

SHA512
3b5180136ece482784f3f386a3d80be1cf4c0229378a1f6e10a6fa5ad344fb9dbe423ee069cb20f2387bd1cd35c202eec30b141354ed9a99967b87430e9cd6d6

Download Submit
C:\Windows\system\rLRiLcV.exe

Filesize
6.0MB

MD5
e9136ae09417d1d94d9551c78ce6cfeb

SHA1
b26ac4f5111e58dda5ebfc0e3925effa0048239d

SHA256
3ed3e6d1faac431a0d52d3dd4b8b80751ef172fe22af5dc6daa6e4628c20c999

SHA512
8ab0d80035c9e836fe5275e14c4005de4852d9e1301b6a54ed2054f2488eefa82bf41160e8a0c8c44f3976538111e8d0c67468592dacb9b5e042222b34b49024

Download Submit
C:\Windows\system\rQfsiiO.exe

Filesize
6.0MB

MD5
70d222e70682dbb01ab00cb4d7f65cff

SHA1
8a664572a7232303371bc23fda1fe6cf766fd0d9

SHA256
171f98cdffee07a26c185649311fa7edab5fa502798c63946c99e5d89d064830

SHA512
49a75ec1bcabc779165b543339ae1804d98f17a7989e1b09e34bc26598efc1e3b14c71b3eae25d239aa89f03d0965d7bb859e4f6ad039b357398583238b890b8

Download Submit
C:\Windows\system\tUbTmpO.exe

Filesize
6.0MB

MD5
a3fa8d46588b482f3e79977fc431f6e4

SHA1
70116538bfe2adee01635d63a9e2fe88bb3f1672

SHA256
fb1948a2fb1d9b6ffd82c09855517e15a76cd059dccf935113488692be2b0bf6

SHA512
acf1c7663ab0933b3c34ba49698282af9767034939f682a58c1c6717a0557b5762fc6ac751083439a0a057a49cdabbcf48bffd9b886e0e6400f62417f6d5a7c1

Download Submit
C:\Windows\system\vwVFMrI.exe

Filesize
6.0MB

MD5
e7e914d7d991c6b169389881c5ae2eed

SHA1
27dba6ff83548f2230c5cf7440ab74866de5d42e

SHA256
3f527b96c890e8a53883228d80d982a2d378f167af1774aad42d2e9e44fd46a1

SHA512
a82e5e23a55e78da4311289b70b884435fa797f24e68a56a245bcdfeae602c29318318d3b623e9eb18aa7ffd0ed91691b5a032d165d0dae701f7fb6e5c8f1024

Download Submit
\Windows\system\HjFngeP.exe

Filesize
6.0MB

MD5
b99e9540c0636f7b1a6533e44ebd091f

SHA1
249dd7dddd2cebe99767be746dbbe560506391df

SHA256
a6f2fe1fc484f64db1b8cf54f1a83f92aa65cd979a8897f05eb7b52bae5b7d36

SHA512
fcf22089898a6c6fd5fce396aff2d58632159225495ae49411bd556f667dbe14383e5d97e45edc25e29cb4450c7cb347f34f01a568673744f15d386d28343050

Download Submit
\Windows\system\aXbCYoj.exe

Filesize
6.0MB

MD5
296550405f8ffc99ab86a5b27de1fe01

SHA1
d7559d11327c92d2d2e8327c84ade0a7dc01f324

SHA256
3c8795e2a7ada54c14481168c25aba6f77d061945c72af80f43d435fbe8d480f

SHA512
84422b3f766ca1baf34d7acefbeeeb09517244dbcbb003e9c7a1ed88c59d563e60b21617045fdaff939fd8b9bc8e9d9b9976032592d4e1f35d6bfc2667cafeb8

Download Submit
\Windows\system\hAYPGXO.exe

Filesize
6.0MB

MD5
17cc6ea75b5d4132fed260b9bf56b515

SHA1
000b9f142d272ff966d56abad3111708bfe101d6

SHA256
0795ace442b57424e7200f3c2e9663d642400774751120af98a1a8825061639d

SHA512
d3504a058c24291b50973a2d1fab864a07f6cf50ec5c7a6720d15056410e92a32ea413fb66e56b27f25bcc26261947eb82eb9938af44f61f9aefe7c10f2cd955

Download Submit
\Windows\system\hZNBPYw.exe

Filesize
6.0MB

MD5
d7723a0e016aef06a3f0d8fbe5caa363

SHA1
648955ec4982f53ceef4281e397e0e998beec6c9

SHA256
353b940382a84be9848aeced00ddc7edc567b8a4ceb5404f635be681f1e0f152

SHA512
a23179ba163ba798e3768da25e1f08a8f51ac72ded168f5eaf6faa7a4be0d514df80b12c6c0996f8f001e7d4ae1c8390b821a2ca069ffaa5a42af128cc32bc92

Download Submit
\Windows\system\kzABlml.exe

Filesize
6.0MB

MD5
efc077f35eca3eb400f56f5befa99bf0

SHA1
3aa75470deece2b3b979aef27c364f2f8534b023

SHA256
e871889f9ee74a44129ce7ce20b04d6573e4846769742664fc1142c15f4c5437

SHA512
af1419c516f9864e49ba9505d496f4bf09e316a6883a78e4661f8c40c85c2d91ee8773e8fbfe00951a0d475ebb4e1d4a7718a6927b7fae166326cbba0fef1c0f

Download Submit
\Windows\system\sfvpSCX.exe

Filesize
6.0MB

MD5
2df9267455c274ea4ae46343e6a68b14

SHA1
ba0f568cb5d455ed12c6c58a02a218f04eecc65d

SHA256
82bbcca488838bd49f958fc1e07a9171e99ea14c2d3be2b23ff2d0008a0f38b0

SHA512
2aaf448f8fd523e2b038408c3438bc4c38407f25b4b97e48be46b063275e66b568ed5de2add026459bcdb8bca9a64b7e3a5587c93476367288de779c8f6107cd

Download Submit
\Windows\system\wLDqWVp.exe

Filesize
6.0MB

MD5
e8d269d219a7ea63a64ddbeb12a08c8f

SHA1
fa3dbcb7dff81dbc35a9db161e6609345a125c1b

SHA256
a7e8fa58dda3afc683ed71cb7580084119332f0a3b14f998b474cfeccc329a59

SHA512
d56709199cc9b3ded8d78cf0b41ae7666d1157aab9bc9687bca2b0de0270a2ccedcb1d2fbb76ce086cc0e935ce0942fd35926d3374b602cbcd9669158ef18550

Download Submit
memory/1752-3790-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/1752-1856-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-1860-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2076-3787-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2388-3786-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2388-1848-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2504-2034-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2504-3788-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2898-0x0000000002540000-0x0000000002894000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2893-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2592-1857-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2592-0-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2083-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2592-1912-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2592-1863-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2345-0x0000000002540000-0x0000000002894000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2144-0x0000000002540000-0x0000000002894000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2315-0x0000000002540000-0x0000000002894000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2037-0x0000000002540000-0x0000000002894000-memory.dmp

Filesize
3.3MB

Download
memory/2592-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2592-2794-0x0000000002540000-0x0000000002894000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2791-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2891-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2107-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2892-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2894-0x0000000002540000-0x0000000002894000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2897-0x0000000002540000-0x0000000002894000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2946-0x0000000002540000-0x0000000002894000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2896-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2895-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2768-1871-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3792-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2876-2082-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2876-3791-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2105-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2904-3794-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2139-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3793-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-2268-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3789-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download