cobaltstrike | 2b8497fd0d03449882a0af1f6f57476d30be061f9881e0f9e7de0a5bc2244f82

Analysis

max time kernel
150s
max time network
128s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
02-02-2025 09:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

2a0b3ef9c95e3afbd86f7ce266909c9e
SHA1

3695e55b59618dc9f3b13692c8fdb3b506cda29f
SHA256

2b8497fd0d03449882a0af1f6f57476d30be061f9881e0f9e7de0a5bc2244f82
SHA512

f453eb2e74c084b4fcd471822452cb31fa8cdd210508d8416edc68969c9971e592b15655c30ec09503a808ada16a25d8a2d379efac6fbd9bdeed339c4135df87
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lU5:j+R56utgpPF8u/75

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012263-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018f85-7.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001932a-9.dat	cobalt_reflective_dll
behavioral1/files/0x002e000000018baf-24.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193b8-35.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-83.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a404-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a469-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46b-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a459-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a457-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44f-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44d-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a438-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-89.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-77.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-71.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-59.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019480-53.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019470-48.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193c7-42.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193a0-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2892-0-0x000000013FDB0000-0x00000001400FD000-memory.dmp	xmrig
behavioral1/files/0x000d000000012263-3.dat	xmrig
behavioral1/files/0x0009000000018f85-7.dat	xmrig
behavioral1/memory/2900-12-0x000000013F520000-0x000000013F86D000-memory.dmp	xmrig
behavioral1/memory/2772-11-0x000000013F830000-0x000000013FB7D000-memory.dmp	xmrig
behavioral1/files/0x000700000001932a-9.dat	xmrig
behavioral1/memory/3036-19-0x000000013FCF0000-0x000000014003D000-memory.dmp	xmrig
behavioral1/memory/2172-25-0x000000013F790000-0x000000013FADD000-memory.dmp	xmrig
behavioral1/files/0x002e000000018baf-24.dat	xmrig
behavioral1/memory/2720-31-0x000000013FFA0000-0x00000001402ED000-memory.dmp	xmrig
behavioral1/files/0x00060000000193b8-35.dat	xmrig
behavioral1/memory/2684-37-0x000000013F0E0000-0x000000013F42D000-memory.dmp	xmrig
behavioral1/memory/2408-49-0x000000013F6F0000-0x000000013FA3D000-memory.dmp	xmrig
behavioral1/memory/3020-55-0x000000013F6C0000-0x000000013FA0D000-memory.dmp	xmrig
behavioral1/memory/1992-61-0x000000013FD50000-0x000000014009D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a0b6-83.dat	xmrig
behavioral1/memory/2564-79-0x000000013FE50000-0x000000014019D000-memory.dmp	xmrig
behavioral1/memory/2188-91-0x000000013FFD0000-0x000000014031D000-memory.dmp	xmrig
behavioral1/memory/2572-97-0x000000013F600000-0x000000013F94D000-memory.dmp	xmrig
behavioral1/memory/2396-103-0x000000013FFF0000-0x000000014033D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3fd-111.dat	xmrig
behavioral1/memory/2316-121-0x000000013F2D0000-0x000000013F61D000-memory.dmp	xmrig
behavioral1/memory/2584-127-0x000000013FAA0000-0x000000013FDED000-memory.dmp	xmrig
behavioral1/files/0x000500000001a404-125.dat	xmrig
behavioral1/files/0x000500000001a469-165.dat	xmrig
behavioral1/files/0x000500000001a471-189.dat	xmrig
behavioral1/memory/1848-187-0x000000013F4F0000-0x000000013F83D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46f-185.dat	xmrig
behavioral1/memory/1360-181-0x000000013F5A0000-0x000000013F8ED000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46d-180.dat	xmrig
behavioral1/memory/2420-175-0x000000013F320000-0x000000013F66D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46b-173.dat	xmrig
behavioral1/memory/2056-169-0x000000013FA70000-0x000000013FDBD000-memory.dmp	xmrig
behavioral1/memory/1152-163-0x000000013FFE0000-0x000000014032D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a463-161.dat	xmrig
behavioral1/memory/2380-157-0x000000013F370000-0x000000013F6BD000-memory.dmp	xmrig
behavioral1/files/0x000500000001a459-155.dat	xmrig
behavioral1/memory/1512-151-0x000000013F780000-0x000000013FACD000-memory.dmp	xmrig
behavioral1/files/0x000500000001a457-149.dat	xmrig
behavioral1/memory/772-145-0x000000013F450000-0x000000013F79D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a44f-143.dat	xmrig
behavioral1/memory/1508-139-0x000000013F880000-0x000000013FBCD000-memory.dmp	xmrig
behavioral1/files/0x000500000001a44d-138.dat	xmrig
behavioral1/memory/3048-133-0x000000013F0C0000-0x000000013F40D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a438-131.dat	xmrig
behavioral1/files/0x000500000001a400-119.dat	xmrig
behavioral1/memory/3060-115-0x000000013F2F0000-0x000000013F63D000-memory.dmp	xmrig
behavioral1/memory/1940-109-0x000000013FD90000-0x00000001400DD000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3f8-107.dat	xmrig
behavioral1/files/0x000500000001a3f6-101.dat	xmrig
behavioral1/files/0x000500000001a3ab-95.dat	xmrig
behavioral1/files/0x000500000001a309-89.dat	xmrig
behavioral1/files/0x000500000001a049-77.dat	xmrig
behavioral1/memory/2164-85-0x000000013FD70000-0x00000001400BD000-memory.dmp	xmrig
behavioral1/memory/1060-73-0x000000013F3C0000-0x000000013F70D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a03c-71.dat	xmrig
behavioral1/memory/2116-67-0x000000013FCB0000-0x000000013FFFD000-memory.dmp	xmrig
behavioral1/files/0x0005000000019fdd-65.dat	xmrig
behavioral1/files/0x0005000000019fd4-59.dat	xmrig
behavioral1/files/0x0007000000019480-53.dat	xmrig
behavioral1/files/0x0007000000019470-48.dat	xmrig
behavioral1/memory/1276-43-0x000000013F270000-0x000000013F5BD000-memory.dmp	xmrig
behavioral1/files/0x00060000000193c7-42.dat	xmrig
behavioral1/files/0x00060000000193a0-30.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2772	WLNSTLJ.exe
2900	RUXzRjy.exe
3036	EItJJea.exe
2172	YJGeNGw.exe
2720	KdiaugN.exe
2684	VpjFVen.exe
1276	eEmtIZh.exe
2408	hohIzII.exe
3020	qQpXrtD.exe
1992	xbUtTov.exe
2116	amRsAMi.exe
1060	kPlLMSN.exe
2564	wfKrIoM.exe
2164	QqFOFFW.exe
2188	WISHhIn.exe
2572	bpoyorS.exe
2396	inEsJtS.exe
1940	glfhffO.exe
3060	JzkFddn.exe
2316	KbGNfgH.exe
2584	xBCvKJC.exe
3048	ikLlmtn.exe
1508	DLPdToK.exe
772	tVQSTAd.exe
1512	yocJPSZ.exe
2380	HMdqJit.exe
1152	CFioOKL.exe
2056	glMAVod.exe
2420	hLiYEpN.exe
1360	byreVUV.exe
1848	wpbLVpc.exe
912	qhsENjg.exe
3012	jBiidtm.exe
1744	JzTNjLV.exe
2432	fPpSCzg.exe
1552	lGpyOLX.exe
296	BdnitdW.exe
2332	WjmCPlV.exe
2624	GGsoSys.exe
2244	jhHmznQ.exe
800	dDFXCOt.exe
2992	kZLtcTe.exe
2912	aKqPIdH.exe
1764	Atxpzvx.exe
1296	FxBnSQF.exe
1040	GeGpVNP.exe
2484	xWrSZYJ.exe
2268	nPMDDIP.exe
2120	PtkEJzv.exe
2748	nMPFHdZ.exe
2820	DUhecMV.exe
2792	FtNJQru.exe
2896	xQUFnbd.exe
2756	XppJzNB.exe
2148	NbpyfZt.exe
2716	LxfofOX.exe
1856	cSFQkHv.exe
2776	GnSNqwz.exe
2232	FPzcELY.exe
1716	cNPvbzV.exe
2200	thMnuzh.exe
2452	BWuAWQM.exe
2220	kWTJMWq.exe
756	CvICWdC.exe

Loads dropped DLL 64 IoCs

pid	Process
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\RJHjosl.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TzOivWK.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPNscPA.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWEYnMM.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IjJJUJO.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xoxEGxc.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MjmssVZ.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FeFvwgM.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdpIZeU.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxFmpGx.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFOuDoL.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\boERLCK.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OsdMoVl.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\asanQLS.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pUNDFTJ.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gjcGyJj.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kHVgINd.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTeGxRU.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\akuMwgb.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pZGcFuQ.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\amvdjoq.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxGNcQM.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TALpeIf.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\esJsUpk.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wUrZfol.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Wajmghx.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvkBWiu.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OUBbAod.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aVHSfEb.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WDKlTcC.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PZPFnWH.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SPfsvuV.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QhwyFJd.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NqCOIYb.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XjmDBaA.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FrlCQST.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lYJlVkx.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MkaXoqG.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mcbFRdX.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KdFqdYx.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fqjVSlf.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fFrBMVb.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjPupkI.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lQGukjO.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\seevoGE.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AfUTSkR.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DqBSSiL.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nHpCMmo.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CWPNbgE.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\waKyJtc.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AdPnWZw.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKgAXln.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yiGKgHu.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nhkWqLe.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KasRFEk.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nxdnwjL.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TGpWPLr.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VOSIint.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZRxfAqM.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSVgYon.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GaweqNh.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Jksblpo.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGtmCJM.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pJDtBZc.exe	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 2772	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2892 wrote to memory of 2772	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2892 wrote to memory of 2772	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2892 wrote to memory of 2900	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2892 wrote to memory of 2900	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2892 wrote to memory of 2900	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2892 wrote to memory of 3036	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2892 wrote to memory of 3036	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2892 wrote to memory of 3036	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2892 wrote to memory of 2172	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2892 wrote to memory of 2172	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2892 wrote to memory of 2172	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2892 wrote to memory of 2720	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2892 wrote to memory of 2720	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2892 wrote to memory of 2720	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2892 wrote to memory of 2684	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2892 wrote to memory of 2684	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2892 wrote to memory of 2684	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2892 wrote to memory of 1276	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2892 wrote to memory of 1276	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2892 wrote to memory of 1276	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2892 wrote to memory of 2408	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2892 wrote to memory of 2408	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2892 wrote to memory of 2408	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2892 wrote to memory of 3020	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2892 wrote to memory of 3020	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2892 wrote to memory of 3020	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2892 wrote to memory of 1992	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2892 wrote to memory of 1992	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2892 wrote to memory of 1992	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2892 wrote to memory of 2116	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2892 wrote to memory of 2116	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2892 wrote to memory of 2116	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2892 wrote to memory of 1060	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2892 wrote to memory of 1060	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2892 wrote to memory of 1060	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2892 wrote to memory of 2564	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2892 wrote to memory of 2564	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2892 wrote to memory of 2564	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2892 wrote to memory of 2164	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2892 wrote to memory of 2164	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2892 wrote to memory of 2164	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2892 wrote to memory of 2188	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2892 wrote to memory of 2188	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2892 wrote to memory of 2188	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2892 wrote to memory of 2572	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2892 wrote to memory of 2572	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2892 wrote to memory of 2572	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2892 wrote to memory of 2396	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2892 wrote to memory of 2396	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2892 wrote to memory of 2396	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2892 wrote to memory of 1940	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2892 wrote to memory of 1940	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2892 wrote to memory of 1940	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2892 wrote to memory of 3060	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2892 wrote to memory of 3060	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2892 wrote to memory of 3060	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2892 wrote to memory of 2316	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2892 wrote to memory of 2316	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2892 wrote to memory of 2316	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2892 wrote to memory of 2584	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2892 wrote to memory of 2584	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2892 wrote to memory of 2584	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2892 wrote to memory of 3048	2892	2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-02_2a0b3ef9c95e3afbd86f7ce266909c9e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Windows\System\WLNSTLJ.exe
  C:\Windows\System\WLNSTLJ.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\RUXzRjy.exe
  C:\Windows\System\RUXzRjy.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\EItJJea.exe
  C:\Windows\System\EItJJea.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\YJGeNGw.exe
  C:\Windows\System\YJGeNGw.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\KdiaugN.exe
  C:\Windows\System\KdiaugN.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\VpjFVen.exe
  C:\Windows\System\VpjFVen.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\eEmtIZh.exe
  C:\Windows\System\eEmtIZh.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\hohIzII.exe
  C:\Windows\System\hohIzII.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\qQpXrtD.exe
  C:\Windows\System\qQpXrtD.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\xbUtTov.exe
  C:\Windows\System\xbUtTov.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\amRsAMi.exe
  C:\Windows\System\amRsAMi.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\kPlLMSN.exe
  C:\Windows\System\kPlLMSN.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\wfKrIoM.exe
  C:\Windows\System\wfKrIoM.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\QqFOFFW.exe
  C:\Windows\System\QqFOFFW.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\WISHhIn.exe
  C:\Windows\System\WISHhIn.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\bpoyorS.exe
  C:\Windows\System\bpoyorS.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\inEsJtS.exe
  C:\Windows\System\inEsJtS.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\glfhffO.exe
  C:\Windows\System\glfhffO.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\JzkFddn.exe
  C:\Windows\System\JzkFddn.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\KbGNfgH.exe
  C:\Windows\System\KbGNfgH.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\xBCvKJC.exe
  C:\Windows\System\xBCvKJC.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\ikLlmtn.exe
  C:\Windows\System\ikLlmtn.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\DLPdToK.exe
  C:\Windows\System\DLPdToK.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\tVQSTAd.exe
  C:\Windows\System\tVQSTAd.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\yocJPSZ.exe
  C:\Windows\System\yocJPSZ.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\HMdqJit.exe
  C:\Windows\System\HMdqJit.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\CFioOKL.exe
  C:\Windows\System\CFioOKL.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\glMAVod.exe
  C:\Windows\System\glMAVod.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\hLiYEpN.exe
  C:\Windows\System\hLiYEpN.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\byreVUV.exe
  C:\Windows\System\byreVUV.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\wpbLVpc.exe
  C:\Windows\System\wpbLVpc.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\qhsENjg.exe
  C:\Windows\System\qhsENjg.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\jBiidtm.exe
  C:\Windows\System\jBiidtm.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\JzTNjLV.exe
  C:\Windows\System\JzTNjLV.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\fPpSCzg.exe
  C:\Windows\System\fPpSCzg.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\lGpyOLX.exe
  C:\Windows\System\lGpyOLX.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\BdnitdW.exe
  C:\Windows\System\BdnitdW.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\WjmCPlV.exe
  C:\Windows\System\WjmCPlV.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\GGsoSys.exe
  C:\Windows\System\GGsoSys.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\jhHmznQ.exe
  C:\Windows\System\jhHmznQ.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\kZLtcTe.exe
  C:\Windows\System\kZLtcTe.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\dDFXCOt.exe
  C:\Windows\System\dDFXCOt.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\aKqPIdH.exe
  C:\Windows\System\aKqPIdH.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\Atxpzvx.exe
  C:\Windows\System\Atxpzvx.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\FxBnSQF.exe
  C:\Windows\System\FxBnSQF.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\GeGpVNP.exe
  C:\Windows\System\GeGpVNP.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\xWrSZYJ.exe
  C:\Windows\System\xWrSZYJ.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\nPMDDIP.exe
  C:\Windows\System\nPMDDIP.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\PtkEJzv.exe
  C:\Windows\System\PtkEJzv.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\nMPFHdZ.exe
  C:\Windows\System\nMPFHdZ.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\DUhecMV.exe
  C:\Windows\System\DUhecMV.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\FtNJQru.exe
  C:\Windows\System\FtNJQru.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\xQUFnbd.exe
  C:\Windows\System\xQUFnbd.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\XppJzNB.exe
  C:\Windows\System\XppJzNB.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\LxfofOX.exe
  C:\Windows\System\LxfofOX.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\NbpyfZt.exe
  C:\Windows\System\NbpyfZt.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\cSFQkHv.exe
  C:\Windows\System\cSFQkHv.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\GnSNqwz.exe
  C:\Windows\System\GnSNqwz.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\FPzcELY.exe
  C:\Windows\System\FPzcELY.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\cNPvbzV.exe
  C:\Windows\System\cNPvbzV.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\thMnuzh.exe
  C:\Windows\System\thMnuzh.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\BWuAWQM.exe
  C:\Windows\System\BWuAWQM.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\kWTJMWq.exe
  C:\Windows\System\kWTJMWq.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\CvICWdC.exe
  C:\Windows\System\CvICWdC.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\izTeMfr.exe
  C:\Windows\System\izTeMfr.exe
  2⤵
  PID:748
- C:\Windows\System\MISQYAA.exe
  C:\Windows\System\MISQYAA.exe
  2⤵
  PID:2284
- C:\Windows\System\UNNdybe.exe
  C:\Windows\System\UNNdybe.exe
  2⤵
  PID:980
- C:\Windows\System\IfbNeKR.exe
  C:\Windows\System\IfbNeKR.exe
  2⤵
  PID:956
- C:\Windows\System\eRnfxJi.exe
  C:\Windows\System\eRnfxJi.exe
  2⤵
  PID:976
- C:\Windows\System\YoEPQWb.exe
  C:\Windows\System\YoEPQWb.exe
  2⤵
  PID:1772
- C:\Windows\System\YRMClAS.exe
  C:\Windows\System\YRMClAS.exe
  2⤵
  PID:1264
- C:\Windows\System\cefMbIv.exe
  C:\Windows\System\cefMbIv.exe
  2⤵
  PID:1728
- C:\Windows\System\YHRzYwZ.exe
  C:\Windows\System\YHRzYwZ.exe
  2⤵
  PID:1288
- C:\Windows\System\UqipNFA.exe
  C:\Windows\System\UqipNFA.exe
  2⤵
  PID:2604
- C:\Windows\System\IyOPypW.exe
  C:\Windows\System\IyOPypW.exe
  2⤵
  PID:1636
- C:\Windows\System\YyaynNL.exe
  C:\Windows\System\YyaynNL.exe
  2⤵
  PID:584
- C:\Windows\System\JljNqgi.exe
  C:\Windows\System\JljNqgi.exe
  2⤵
  PID:2436
- C:\Windows\System\neznocc.exe
  C:\Windows\System\neznocc.exe
  2⤵
  PID:2736
- C:\Windows\System\YlpOVgl.exe
  C:\Windows\System\YlpOVgl.exe
  2⤵
  PID:880
- C:\Windows\System\uckuGOc.exe
  C:\Windows\System\uckuGOc.exe
  2⤵
  PID:1612
- C:\Windows\System\lYJlVkx.exe
  C:\Windows\System\lYJlVkx.exe
  2⤵
  PID:2944
- C:\Windows\System\WrLdmpJ.exe
  C:\Windows\System\WrLdmpJ.exe
  2⤵
  PID:2664
- C:\Windows\System\KcTagxZ.exe
  C:\Windows\System\KcTagxZ.exe
  2⤵
  PID:2832
- C:\Windows\System\UPQOFJD.exe
  C:\Windows\System\UPQOFJD.exe
  2⤵
  PID:1804
- C:\Windows\System\AvaWcqQ.exe
  C:\Windows\System\AvaWcqQ.exe
  2⤵
  PID:1964
- C:\Windows\System\XbDbkEM.exe
  C:\Windows\System\XbDbkEM.exe
  2⤵
  PID:1524
- C:\Windows\System\FqDcNXc.exe
  C:\Windows\System\FqDcNXc.exe
  2⤵
  PID:2228
- C:\Windows\System\zKVEGeV.exe
  C:\Windows\System\zKVEGeV.exe
  2⤵
  PID:2448
- C:\Windows\System\bXZuFZE.exe
  C:\Windows\System\bXZuFZE.exe
  2⤵
  PID:1392
- C:\Windows\System\iSNSQWI.exe
  C:\Windows\System\iSNSQWI.exe
  2⤵
  PID:1436
- C:\Windows\System\nYonctF.exe
  C:\Windows\System\nYonctF.exe
  2⤵
  PID:960
- C:\Windows\System\seevoGE.exe
  C:\Windows\System\seevoGE.exe
  2⤵
  PID:2648
- C:\Windows\System\lHjBqin.exe
  C:\Windows\System\lHjBqin.exe
  2⤵
  PID:1568
- C:\Windows\System\HLSsgqN.exe
  C:\Windows\System\HLSsgqN.exe
  2⤵
  PID:2596
- C:\Windows\System\BSuaEEv.exe
  C:\Windows\System\BSuaEEv.exe
  2⤵
  PID:1388
- C:\Windows\System\fiflNCC.exe
  C:\Windows\System\fiflNCC.exe
  2⤵
  PID:3024
- C:\Windows\System\GsexmMI.exe
  C:\Windows\System\GsexmMI.exe
  2⤵
  PID:2256
- C:\Windows\System\wuRlkAj.exe
  C:\Windows\System\wuRlkAj.exe
  2⤵
  PID:1808
- C:\Windows\System\rbgGwYE.exe
  C:\Windows\System\rbgGwYE.exe
  2⤵
  PID:1496
- C:\Windows\System\FGDHsLT.exe
  C:\Windows\System\FGDHsLT.exe
  2⤵
  PID:1608
- C:\Windows\System\nKJckJe.exe
  C:\Windows\System\nKJckJe.exe
  2⤵
  PID:1828
- C:\Windows\System\MUAbnxk.exe
  C:\Windows\System\MUAbnxk.exe
  2⤵
  PID:1616
- C:\Windows\System\SbOqyfC.exe
  C:\Windows\System\SbOqyfC.exe
  2⤵
  PID:1212
- C:\Windows\System\KrUVMcf.exe
  C:\Windows\System\KrUVMcf.exe
  2⤵
  PID:1504
- C:\Windows\System\zoDqoTE.exe
  C:\Windows\System\zoDqoTE.exe
  2⤵
  PID:600
- C:\Windows\System\ajYhAuM.exe
  C:\Windows\System\ajYhAuM.exe
  2⤵
  PID:1312
- C:\Windows\System\GmIYdUN.exe
  C:\Windows\System\GmIYdUN.exe
  2⤵
  PID:2428
- C:\Windows\System\JEFEUjz.exe
  C:\Windows\System\JEFEUjz.exe
  2⤵
  PID:1792
- C:\Windows\System\mygZacS.exe
  C:\Windows\System\mygZacS.exe
  2⤵
  PID:696
- C:\Windows\System\jlUGPJW.exe
  C:\Windows\System\jlUGPJW.exe
  2⤵
  PID:2628
- C:\Windows\System\TSsAZrm.exe
  C:\Windows\System\TSsAZrm.exe
  2⤵
  PID:1120
- C:\Windows\System\UTFlcUX.exe
  C:\Windows\System\UTFlcUX.exe
  2⤵
  PID:1776
- C:\Windows\System\FbXPSUR.exe
  C:\Windows\System\FbXPSUR.exe
  2⤵
  PID:1684
- C:\Windows\System\xdOInvI.exe
  C:\Windows\System\xdOInvI.exe
  2⤵
  PID:2712
- C:\Windows\System\BMSjQgT.exe
  C:\Windows\System\BMSjQgT.exe
  2⤵
  PID:1092
- C:\Windows\System\ybBhiXE.exe
  C:\Windows\System\ybBhiXE.exe
  2⤵
  PID:2000
- C:\Windows\System\pnpBpno.exe
  C:\Windows\System\pnpBpno.exe
  2⤵
  PID:2704
- C:\Windows\System\vSTCeDA.exe
  C:\Windows\System\vSTCeDA.exe
  2⤵
  PID:2980
- C:\Windows\System\WjmYXeq.exe
  C:\Windows\System\WjmYXeq.exe
  2⤵
  PID:2160
- C:\Windows\System\MLdMAzx.exe
  C:\Windows\System\MLdMAzx.exe
  2⤵
  PID:1348
- C:\Windows\System\rVuSwDT.exe
  C:\Windows\System\rVuSwDT.exe
  2⤵
  PID:1740
- C:\Windows\System\XxXrQSQ.exe
  C:\Windows\System\XxXrQSQ.exe
  2⤵
  PID:1796
- C:\Windows\System\NDipxIo.exe
  C:\Windows\System\NDipxIo.exe
  2⤵
  PID:2840
- C:\Windows\System\micLgjs.exe
  C:\Windows\System\micLgjs.exe
  2⤵
  PID:3064
- C:\Windows\System\NRvwmQX.exe
  C:\Windows\System\NRvwmQX.exe
  2⤵
  PID:2060
- C:\Windows\System\qHxHUYA.exe
  C:\Windows\System\qHxHUYA.exe
  2⤵
  PID:3096
- C:\Windows\System\cxgXvTf.exe
  C:\Windows\System\cxgXvTf.exe
  2⤵
  PID:3120
- C:\Windows\System\FthZauF.exe
  C:\Windows\System\FthZauF.exe
  2⤵
  PID:3144
- C:\Windows\System\knknrVY.exe
  C:\Windows\System\knknrVY.exe
  2⤵
  PID:3168
- C:\Windows\System\XdPkyRi.exe
  C:\Windows\System\XdPkyRi.exe
  2⤵
  PID:3192
- C:\Windows\System\IoaBaMx.exe
  C:\Windows\System\IoaBaMx.exe
  2⤵
  PID:3216
- C:\Windows\System\XwCpztc.exe
  C:\Windows\System\XwCpztc.exe
  2⤵
  PID:3240
- C:\Windows\System\iUODQfI.exe
  C:\Windows\System\iUODQfI.exe
  2⤵
  PID:3264
- C:\Windows\System\yrYClpN.exe
  C:\Windows\System\yrYClpN.exe
  2⤵
  PID:3288
- C:\Windows\System\lnKVoNU.exe
  C:\Windows\System\lnKVoNU.exe
  2⤵
  PID:3312
- C:\Windows\System\MvWWtJi.exe
  C:\Windows\System\MvWWtJi.exe
  2⤵
  PID:3336
- C:\Windows\System\BlJdzpk.exe
  C:\Windows\System\BlJdzpk.exe
  2⤵
  PID:3360
- C:\Windows\System\LqrEGHd.exe
  C:\Windows\System\LqrEGHd.exe
  2⤵
  PID:3384
- C:\Windows\System\SvkBWiu.exe
  C:\Windows\System\SvkBWiu.exe
  2⤵
  PID:3408
- C:\Windows\System\DxyRmNa.exe
  C:\Windows\System\DxyRmNa.exe
  2⤵
  PID:3432
- C:\Windows\System\aZxTolX.exe
  C:\Windows\System\aZxTolX.exe
  2⤵
  PID:3456
- C:\Windows\System\iJploIs.exe
  C:\Windows\System\iJploIs.exe
  2⤵
  PID:3480
- C:\Windows\System\BbDHSWB.exe
  C:\Windows\System\BbDHSWB.exe
  2⤵
  PID:3504
- C:\Windows\System\ilixaAu.exe
  C:\Windows\System\ilixaAu.exe
  2⤵
  PID:3528
- C:\Windows\System\KUmXzsO.exe
  C:\Windows\System\KUmXzsO.exe
  2⤵
  PID:3600
- C:\Windows\System\JPNscPA.exe
  C:\Windows\System\JPNscPA.exe
  2⤵
  PID:3620
- C:\Windows\System\UkXjelz.exe
  C:\Windows\System\UkXjelz.exe
  2⤵
  PID:3640
- C:\Windows\System\jbKAoUM.exe
  C:\Windows\System\jbKAoUM.exe
  2⤵
  PID:3656
- C:\Windows\System\uHsYhYB.exe
  C:\Windows\System\uHsYhYB.exe
  2⤵
  PID:3672
- C:\Windows\System\bqPiElO.exe
  C:\Windows\System\bqPiElO.exe
  2⤵
  PID:3688
- C:\Windows\System\mAiQEXA.exe
  C:\Windows\System\mAiQEXA.exe
  2⤵
  PID:3708
- C:\Windows\System\GxtRMMJ.exe
  C:\Windows\System\GxtRMMJ.exe
  2⤵
  PID:3760
- C:\Windows\System\QahlgZZ.exe
  C:\Windows\System\QahlgZZ.exe
  2⤵
  PID:3792
- C:\Windows\System\uiPsxNX.exe
  C:\Windows\System\uiPsxNX.exe
  2⤵
  PID:3808
- C:\Windows\System\KBwBFAb.exe
  C:\Windows\System\KBwBFAb.exe
  2⤵
  PID:3836
- C:\Windows\System\eyrsEKl.exe
  C:\Windows\System\eyrsEKl.exe
  2⤵
  PID:3852
- C:\Windows\System\SyRqPUZ.exe
  C:\Windows\System\SyRqPUZ.exe
  2⤵
  PID:3884
- C:\Windows\System\FkBgkmG.exe
  C:\Windows\System\FkBgkmG.exe
  2⤵
  PID:3900
- C:\Windows\System\dXxLgxn.exe
  C:\Windows\System\dXxLgxn.exe
  2⤵
  PID:3940
- C:\Windows\System\xRgmEdc.exe
  C:\Windows\System\xRgmEdc.exe
  2⤵
  PID:3956
- C:\Windows\System\wuIlVNb.exe
  C:\Windows\System\wuIlVNb.exe
  2⤵
  PID:3988
- C:\Windows\System\gmNofCI.exe
  C:\Windows\System\gmNofCI.exe
  2⤵
  PID:4004
- C:\Windows\System\kpoRSNX.exe
  C:\Windows\System\kpoRSNX.exe
  2⤵
  PID:4020
- C:\Windows\System\LSlOWMw.exe
  C:\Windows\System\LSlOWMw.exe
  2⤵
  PID:4036
- C:\Windows\System\qKtSxFt.exe
  C:\Windows\System\qKtSxFt.exe
  2⤵
  PID:4076
- C:\Windows\System\hByNISp.exe
  C:\Windows\System\hByNISp.exe
  2⤵
  PID:1576
- C:\Windows\System\UpsCzBV.exe
  C:\Windows\System\UpsCzBV.exe
  2⤵
  PID:1352
- C:\Windows\System\GDqDXJy.exe
  C:\Windows\System\GDqDXJy.exe
  2⤵
  PID:1756
- C:\Windows\System\tiGgNFU.exe
  C:\Windows\System\tiGgNFU.exe
  2⤵
  PID:1724
- C:\Windows\System\YEFFMNL.exe
  C:\Windows\System\YEFFMNL.exe
  2⤵
  PID:2152
- C:\Windows\System\jVKYYPb.exe
  C:\Windows\System\jVKYYPb.exe
  2⤵
  PID:2508
- C:\Windows\System\tvFAaFj.exe
  C:\Windows\System\tvFAaFj.exe
  2⤵
  PID:3084
- C:\Windows\System\sNhjspv.exe
  C:\Windows\System\sNhjspv.exe
  2⤵
  PID:3132
- C:\Windows\System\bNeVBzS.exe
  C:\Windows\System\bNeVBzS.exe
  2⤵
  PID:3176
- C:\Windows\System\LZwvugB.exe
  C:\Windows\System\LZwvugB.exe
  2⤵
  PID:3188
- C:\Windows\System\OqHVohW.exe
  C:\Windows\System\OqHVohW.exe
  2⤵
  PID:3256
- C:\Windows\System\iGKzYQw.exe
  C:\Windows\System\iGKzYQw.exe
  2⤵
  PID:3276
- C:\Windows\System\UwmSKdi.exe
  C:\Windows\System\UwmSKdi.exe
  2⤵
  PID:3300
- C:\Windows\System\XjFXjkh.exe
  C:\Windows\System\XjFXjkh.exe
  2⤵
  PID:3328
- C:\Windows\System\FFIhyxM.exe
  C:\Windows\System\FFIhyxM.exe
  2⤵
  PID:3376
- C:\Windows\System\XdoFBzv.exe
  C:\Windows\System\XdoFBzv.exe
  2⤵
  PID:3416
- C:\Windows\System\nXBsmLl.exe
  C:\Windows\System\nXBsmLl.exe
  2⤵
  PID:3452
- C:\Windows\System\oSVgYon.exe
  C:\Windows\System\oSVgYon.exe
  2⤵
  PID:3476
- C:\Windows\System\zxUdLtN.exe
  C:\Windows\System\zxUdLtN.exe
  2⤵
  PID:3512
- C:\Windows\System\JFOaNxx.exe
  C:\Windows\System\JFOaNxx.exe
  2⤵
  PID:3536
- C:\Windows\System\FeFvwgM.exe
  C:\Windows\System\FeFvwgM.exe
  2⤵
  PID:2588
- C:\Windows\System\SVWYtJz.exe
  C:\Windows\System\SVWYtJz.exe
  2⤵
  PID:2296
- C:\Windows\System\VyZVuYJ.exe
  C:\Windows\System\VyZVuYJ.exe
  2⤵
  PID:2372
- C:\Windows\System\eKVYwOx.exe
  C:\Windows\System\eKVYwOx.exe
  2⤵
  PID:2836
- C:\Windows\System\BUHjypm.exe
  C:\Windows\System\BUHjypm.exe
  2⤵
  PID:2780
- C:\Windows\System\rVgXTLe.exe
  C:\Windows\System\rVgXTLe.exe
  2⤵
  PID:1324
- C:\Windows\System\RJCkMXh.exe
  C:\Windows\System\RJCkMXh.exe
  2⤵
  PID:2004
- C:\Windows\System\eQcapaZ.exe
  C:\Windows\System\eQcapaZ.exe
  2⤵
  PID:2472
- C:\Windows\System\TlyPnyL.exe
  C:\Windows\System\TlyPnyL.exe
  2⤵
  PID:2312
- C:\Windows\System\uFWLkKM.exe
  C:\Windows\System\uFWLkKM.exe
  2⤵
  PID:2516
- C:\Windows\System\NWeiads.exe
  C:\Windows\System\NWeiads.exe
  2⤵
  PID:3632
- C:\Windows\System\AxyuFVg.exe
  C:\Windows\System\AxyuFVg.exe
  2⤵
  PID:3696
- C:\Windows\System\aDMeSGk.exe
  C:\Windows\System\aDMeSGk.exe
  2⤵
  PID:3056
- C:\Windows\System\ohcJjtN.exe
  C:\Windows\System\ohcJjtN.exe
  2⤵
  PID:3776
- C:\Windows\System\UCXAqyw.exe
  C:\Windows\System\UCXAqyw.exe
  2⤵
  PID:2052
- C:\Windows\System\AfUTSkR.exe
  C:\Windows\System\AfUTSkR.exe
  2⤵
  PID:3724
- C:\Windows\System\QhwyFJd.exe
  C:\Windows\System\QhwyFJd.exe
  2⤵
  PID:3744
- C:\Windows\System\FnznQne.exe
  C:\Windows\System\FnznQne.exe
  2⤵
  PID:3868
- C:\Windows\System\ogdpHoO.exe
  C:\Windows\System\ogdpHoO.exe
  2⤵
  PID:3848
- C:\Windows\System\svtkElX.exe
  C:\Windows\System\svtkElX.exe
  2⤵
  PID:3908
- C:\Windows\System\flGAAfF.exe
  C:\Windows\System\flGAAfF.exe
  2⤵
  PID:3924
- C:\Windows\System\ZAmcrWK.exe
  C:\Windows\System\ZAmcrWK.exe
  2⤵
  PID:3952
- C:\Windows\System\uRpsNzX.exe
  C:\Windows\System\uRpsNzX.exe
  2⤵
  PID:3980
- C:\Windows\System\WROZZfw.exe
  C:\Windows\System\WROZZfw.exe
  2⤵
  PID:4032
- C:\Windows\System\cNAJwue.exe
  C:\Windows\System\cNAJwue.exe
  2⤵
  PID:4064
- C:\Windows\System\GaweqNh.exe
  C:\Windows\System\GaweqNh.exe
  2⤵
  PID:2592
- C:\Windows\System\WTXUEZu.exe
  C:\Windows\System\WTXUEZu.exe
  2⤵
  PID:4084
- C:\Windows\System\KVYZBiG.exe
  C:\Windows\System\KVYZBiG.exe
  2⤵
  PID:2136
- C:\Windows\System\eaDHoYy.exe
  C:\Windows\System\eaDHoYy.exe
  2⤵
  PID:2956
- C:\Windows\System\xfoRPOS.exe
  C:\Windows\System\xfoRPOS.exe
  2⤵
  PID:2264
- C:\Windows\System\ZPqasWw.exe
  C:\Windows\System\ZPqasWw.exe
  2⤵
  PID:2020
- C:\Windows\System\TKxFLcr.exe
  C:\Windows\System\TKxFLcr.exe
  2⤵
  PID:3140
- C:\Windows\System\eQKedFt.exe
  C:\Windows\System\eQKedFt.exe
  2⤵
  PID:3080
- C:\Windows\System\FsNqYzY.exe
  C:\Windows\System\FsNqYzY.exe
  2⤵
  PID:3280
- C:\Windows\System\zKXKYBX.exe
  C:\Windows\System\zKXKYBX.exe
  2⤵
  PID:3232
- C:\Windows\System\DTqaLeO.exe
  C:\Windows\System\DTqaLeO.exe
  2⤵
  PID:3324
- C:\Windows\System\qpDEdAo.exe
  C:\Windows\System\qpDEdAo.exe
  2⤵
  PID:3372
- C:\Windows\System\TNbhdvg.exe
  C:\Windows\System\TNbhdvg.exe
  2⤵
  PID:3464
- C:\Windows\System\LybyWIZ.exe
  C:\Windows\System\LybyWIZ.exe
  2⤵
  PID:3448
- C:\Windows\System\ptTWMAc.exe
  C:\Windows\System\ptTWMAc.exe
  2⤵
  PID:3348
- C:\Windows\System\wVbflXR.exe
  C:\Windows\System\wVbflXR.exe
  2⤵
  PID:2016
- C:\Windows\System\RxXjZmh.exe
  C:\Windows\System\RxXjZmh.exe
  2⤵
  PID:2356
- C:\Windows\System\NqCOIYb.exe
  C:\Windows\System\NqCOIYb.exe
  2⤵
  PID:2548
- C:\Windows\System\aomfREn.exe
  C:\Windows\System\aomfREn.exe
  2⤵
  PID:1484
- C:\Windows\System\IzQPZGD.exe
  C:\Windows\System\IzQPZGD.exe
  2⤵
  PID:2692
- C:\Windows\System\FCVmkZG.exe
  C:\Windows\System\FCVmkZG.exe
  2⤵
  PID:2724
- C:\Windows\System\qdpIZeU.exe
  C:\Windows\System\qdpIZeU.exe
  2⤵
  PID:2800
- C:\Windows\System\CUBfCVm.exe
  C:\Windows\System\CUBfCVm.exe
  2⤵
  PID:3772
- C:\Windows\System\DoUlWlR.exe
  C:\Windows\System\DoUlWlR.exe
  2⤵
  PID:3788
- C:\Windows\System\oNruyaI.exe
  C:\Windows\System\oNruyaI.exe
  2⤵
  PID:716
- C:\Windows\System\czUpIlM.exe
  C:\Windows\System\czUpIlM.exe
  2⤵
  PID:3740
- C:\Windows\System\DvYHyOv.exe
  C:\Windows\System\DvYHyOv.exe
  2⤵
  PID:3876
- C:\Windows\System\aFTALmU.exe
  C:\Windows\System\aFTALmU.exe
  2⤵
  PID:3804
- C:\Windows\System\iwofYch.exe
  C:\Windows\System\iwofYch.exe
  2⤵
  PID:3968
- C:\Windows\System\UeTVmmt.exe
  C:\Windows\System\UeTVmmt.exe
  2⤵
  PID:2064
- C:\Windows\System\ZJoZuiC.exe
  C:\Windows\System\ZJoZuiC.exe
  2⤵
  PID:1680
- C:\Windows\System\ERwMgcQ.exe
  C:\Windows\System\ERwMgcQ.exe
  2⤵
  PID:4048
- C:\Windows\System\lMVChcv.exe
  C:\Windows\System\lMVChcv.exe
  2⤵
  PID:1652
- C:\Windows\System\DDHXqpO.exe
  C:\Windows\System\DDHXqpO.exe
  2⤵
  PID:1932
- C:\Windows\System\IElbUrW.exe
  C:\Windows\System\IElbUrW.exe
  2⤵
  PID:3152
- C:\Windows\System\VhePeNI.exe
  C:\Windows\System\VhePeNI.exe
  2⤵
  PID:1292
- C:\Windows\System\hUDOVwt.exe
  C:\Windows\System\hUDOVwt.exe
  2⤵
  PID:2880
- C:\Windows\System\OWvplHY.exe
  C:\Windows\System\OWvplHY.exe
  2⤵
  PID:3092
- C:\Windows\System\psiqWEs.exe
  C:\Windows\System\psiqWEs.exe
  2⤵
  PID:3308
- C:\Windows\System\gCRCXpg.exe
  C:\Windows\System\gCRCXpg.exe
  2⤵
  PID:3400
- C:\Windows\System\DZofTqT.exe
  C:\Windows\System\DZofTqT.exe
  2⤵
  PID:3516
- C:\Windows\System\outnlkY.exe
  C:\Windows\System\outnlkY.exe
  2⤵
  PID:1096
- C:\Windows\System\cCETFoq.exe
  C:\Windows\System\cCETFoq.exe
  2⤵
  PID:664
- C:\Windows\System\HVygtUZ.exe
  C:\Windows\System\HVygtUZ.exe
  2⤵
  PID:2104
- C:\Windows\System\tkwHcRq.exe
  C:\Windows\System\tkwHcRq.exe
  2⤵
  PID:1572
- C:\Windows\System\WzSRRTU.exe
  C:\Windows\System\WzSRRTU.exe
  2⤵
  PID:3544
- C:\Windows\System\KFheloh.exe
  C:\Windows\System\KFheloh.exe
  2⤵
  PID:3040
- C:\Windows\System\UeHpmIo.exe
  C:\Windows\System\UeHpmIo.exe
  2⤵
  PID:2560
- C:\Windows\System\LcTldHb.exe
  C:\Windows\System\LcTldHb.exe
  2⤵
  PID:3496
- C:\Windows\System\qVJYFIS.exe
  C:\Windows\System\qVJYFIS.exe
  2⤵
  PID:1784
- C:\Windows\System\qwxssXh.exe
  C:\Windows\System\qwxssXh.exe
  2⤵
  PID:3784
- C:\Windows\System\UWDYXEh.exe
  C:\Windows\System\UWDYXEh.exe
  2⤵
  PID:3748
- C:\Windows\System\DqBSSiL.exe
  C:\Windows\System\DqBSSiL.exe
  2⤵
  PID:2492
- C:\Windows\System\VnNsxHm.exe
  C:\Windows\System\VnNsxHm.exe
  2⤵
  PID:3800
- C:\Windows\System\GWzjahv.exe
  C:\Windows\System\GWzjahv.exe
  2⤵
  PID:3972
- C:\Windows\System\lZsDLaG.exe
  C:\Windows\System\lZsDLaG.exe
  2⤵
  PID:2320
- C:\Windows\System\EEhbtsN.exe
  C:\Windows\System\EEhbtsN.exe
  2⤵
  PID:3204
- C:\Windows\System\UsJbzhd.exe
  C:\Windows\System\UsJbzhd.exe
  2⤵
  PID:2708
- C:\Windows\System\DcKACWP.exe
  C:\Windows\System\DcKACWP.exe
  2⤵
  PID:3208
- C:\Windows\System\bifwlcw.exe
  C:\Windows\System\bifwlcw.exe
  2⤵
  PID:3396
- C:\Windows\System\HeHTlRx.exe
  C:\Windows\System\HeHTlRx.exe
  2⤵
  PID:3648
- C:\Windows\System\SCeRDyM.exe
  C:\Windows\System\SCeRDyM.exe
  2⤵
  PID:2216
- C:\Windows\System\AGHtPwo.exe
  C:\Windows\System\AGHtPwo.exe
  2⤵
  PID:1952
- C:\Windows\System\kBdazYs.exe
  C:\Windows\System\kBdazYs.exe
  2⤵
  PID:3428
- C:\Windows\System\xFohsuO.exe
  C:\Windows\System\xFohsuO.exe
  2⤵
  PID:3832
- C:\Windows\System\fnIgoQq.exe
  C:\Windows\System\fnIgoQq.exe
  2⤵
  PID:3824
- C:\Windows\System\iNuVPwq.exe
  C:\Windows\System\iNuVPwq.exe
  2⤵
  PID:916
- C:\Windows\System\LNSoJen.exe
  C:\Windows\System\LNSoJen.exe
  2⤵
  PID:4028
- C:\Windows\System\DWGTHfR.exe
  C:\Windows\System\DWGTHfR.exe
  2⤵
  PID:3720
- C:\Windows\System\drBlDQL.exe
  C:\Windows\System\drBlDQL.exe
  2⤵
  PID:520
- C:\Windows\System\wBZBvNz.exe
  C:\Windows\System\wBZBvNz.exe
  2⤵
  PID:1944
- C:\Windows\System\DgfzYdb.exe
  C:\Windows\System\DgfzYdb.exe
  2⤵
  PID:3368
- C:\Windows\System\VhrKKaC.exe
  C:\Windows\System\VhrKKaC.exe
  2⤵
  PID:3236
- C:\Windows\System\LiEsVRy.exe
  C:\Windows\System\LiEsVRy.exe
  2⤵
  PID:928
- C:\Windows\System\lRkwpHP.exe
  C:\Windows\System\lRkwpHP.exe
  2⤵
  PID:2424
- C:\Windows\System\lWZRahh.exe
  C:\Windows\System\lWZRahh.exe
  2⤵
  PID:2176
- C:\Windows\System\cGRMKxw.exe
  C:\Windows\System\cGRMKxw.exe
  2⤵
  PID:3752
- C:\Windows\System\utTZaWt.exe
  C:\Windows\System\utTZaWt.exe
  2⤵
  PID:2580
- C:\Windows\System\UUxsExe.exe
  C:\Windows\System\UUxsExe.exe
  2⤵
  PID:3736
- C:\Windows\System\xmWUmFu.exe
  C:\Windows\System\xmWUmFu.exe
  2⤵
  PID:2500
- C:\Windows\System\fYiFwMM.exe
  C:\Windows\System\fYiFwMM.exe
  2⤵
  PID:1844
- C:\Windows\System\gWDeEpM.exe
  C:\Windows\System\gWDeEpM.exe
  2⤵
  PID:3668
- C:\Windows\System\astfMhe.exe
  C:\Windows\System\astfMhe.exe
  2⤵
  PID:3004
- C:\Windows\System\OQNbjoa.exe
  C:\Windows\System\OQNbjoa.exe
  2⤵
  PID:2600
- C:\Windows\System\VcizSgh.exe
  C:\Windows\System\VcizSgh.exe
  2⤵
  PID:3224
- C:\Windows\System\DJKQeDC.exe
  C:\Windows\System\DJKQeDC.exe
  2⤵
  PID:264
- C:\Windows\System\ZzwnQYt.exe
  C:\Windows\System\ZzwnQYt.exe
  2⤵
  PID:3492
- C:\Windows\System\eKgAXln.exe
  C:\Windows\System\eKgAXln.exe
  2⤵
  PID:2528
- C:\Windows\System\SYhIqpJ.exe
  C:\Windows\System\SYhIqpJ.exe
  2⤵
  PID:3996
- C:\Windows\System\FqbrIPP.exe
  C:\Windows\System\FqbrIPP.exe
  2⤵
  PID:2844
- C:\Windows\System\uagHmKz.exe
  C:\Windows\System\uagHmKz.exe
  2⤵
  PID:968
- C:\Windows\System\LWQBCwQ.exe
  C:\Windows\System\LWQBCwQ.exe
  2⤵
  PID:3916
- C:\Windows\System\AkgNuqa.exe
  C:\Windows\System\AkgNuqa.exe
  2⤵
  PID:4104
- C:\Windows\System\zddsrbc.exe
  C:\Windows\System\zddsrbc.exe
  2⤵
  PID:4120
- C:\Windows\System\XjmDBaA.exe
  C:\Windows\System\XjmDBaA.exe
  2⤵
  PID:4176
- C:\Windows\System\kMYUsyS.exe
  C:\Windows\System\kMYUsyS.exe
  2⤵
  PID:4192
- C:\Windows\System\FuYUpNQ.exe
  C:\Windows\System\FuYUpNQ.exe
  2⤵
  PID:4220
- C:\Windows\System\DFKyyTp.exe
  C:\Windows\System\DFKyyTp.exe
  2⤵
  PID:4236
- C:\Windows\System\blPFhng.exe
  C:\Windows\System\blPFhng.exe
  2⤵
  PID:4264
- C:\Windows\System\yiLjDqk.exe
  C:\Windows\System\yiLjDqk.exe
  2⤵
  PID:4280
- C:\Windows\System\sbpVQaG.exe
  C:\Windows\System\sbpVQaG.exe
  2⤵
  PID:4320
- C:\Windows\System\OtlkZFH.exe
  C:\Windows\System\OtlkZFH.exe
  2⤵
  PID:4336
- C:\Windows\System\coubNWM.exe
  C:\Windows\System\coubNWM.exe
  2⤵
  PID:4368
- C:\Windows\System\brvplrw.exe
  C:\Windows\System\brvplrw.exe
  2⤵
  PID:4384
- C:\Windows\System\NMTlkvR.exe
  C:\Windows\System\NMTlkvR.exe
  2⤵
  PID:4416
- C:\Windows\System\FLNWodB.exe
  C:\Windows\System\FLNWodB.exe
  2⤵
  PID:4432
- C:\Windows\System\KQxFxNb.exe
  C:\Windows\System\KQxFxNb.exe
  2⤵
  PID:4452
- C:\Windows\System\QizOseS.exe
  C:\Windows\System\QizOseS.exe
  2⤵
  PID:4484
- C:\Windows\System\tkcZOBg.exe
  C:\Windows\System\tkcZOBg.exe
  2⤵
  PID:4508
- C:\Windows\System\nfeuVwG.exe
  C:\Windows\System\nfeuVwG.exe
  2⤵
  PID:4528
- C:\Windows\System\ICIntwi.exe
  C:\Windows\System\ICIntwi.exe
  2⤵
  PID:4556
- C:\Windows\System\BKhOIGQ.exe
  C:\Windows\System\BKhOIGQ.exe
  2⤵
  PID:4576
- C:\Windows\System\KdFqdYx.exe
  C:\Windows\System\KdFqdYx.exe
  2⤵
  PID:4592
- C:\Windows\System\pDQAUwh.exe
  C:\Windows\System\pDQAUwh.exe
  2⤵
  PID:4608
- C:\Windows\System\MMkiSxd.exe
  C:\Windows\System\MMkiSxd.exe
  2⤵
  PID:4624
- C:\Windows\System\OhKSRpb.exe
  C:\Windows\System\OhKSRpb.exe
  2⤵
  PID:4640
- C:\Windows\System\AMGoTuW.exe
  C:\Windows\System\AMGoTuW.exe
  2⤵
  PID:4700
- C:\Windows\System\mLZMPRc.exe
  C:\Windows\System\mLZMPRc.exe
  2⤵
  PID:4728
- C:\Windows\System\jkpbKVH.exe
  C:\Windows\System\jkpbKVH.exe
  2⤵
  PID:4744
- C:\Windows\System\OUBbAod.exe
  C:\Windows\System\OUBbAod.exe
  2⤵
  PID:4764
- C:\Windows\System\Jksblpo.exe
  C:\Windows\System\Jksblpo.exe
  2⤵
  PID:4788
- C:\Windows\System\jbIiZpc.exe
  C:\Windows\System\jbIiZpc.exe
  2⤵
  PID:4812
- C:\Windows\System\iSdbDDn.exe
  C:\Windows\System\iSdbDDn.exe
  2⤵
  PID:4828
- C:\Windows\System\dqkqDLg.exe
  C:\Windows\System\dqkqDLg.exe
  2⤵
  PID:4844
- C:\Windows\System\oPlnUuh.exe
  C:\Windows\System\oPlnUuh.exe
  2⤵
  PID:4904
- C:\Windows\System\LmoxHdw.exe
  C:\Windows\System\LmoxHdw.exe
  2⤵
  PID:4920
- C:\Windows\System\SievOfS.exe
  C:\Windows\System\SievOfS.exe
  2⤵
  PID:4944
- C:\Windows\System\IDgGhfZ.exe
  C:\Windows\System\IDgGhfZ.exe
  2⤵
  PID:4960
- C:\Windows\System\ELhDqms.exe
  C:\Windows\System\ELhDqms.exe
  2⤵
  PID:4980
- C:\Windows\System\HkRawJs.exe
  C:\Windows\System\HkRawJs.exe
  2⤵
  PID:5000
- C:\Windows\System\XoFMDqy.exe
  C:\Windows\System\XoFMDqy.exe
  2⤵
  PID:5016
- C:\Windows\System\PgtTuZG.exe
  C:\Windows\System\PgtTuZG.exe
  2⤵
  PID:5056
- C:\Windows\System\vBUqLje.exe
  C:\Windows\System\vBUqLje.exe
  2⤵
  PID:5072
- C:\Windows\System\CkNUZeC.exe
  C:\Windows\System\CkNUZeC.exe
  2⤵
  PID:5088
- C:\Windows\System\txxTbIA.exe
  C:\Windows\System\txxTbIA.exe
  2⤵
  PID:5108
- C:\Windows\System\xalvFJd.exe
  C:\Windows\System\xalvFJd.exe
  2⤵
  PID:2476
- C:\Windows\System\ddcaSdC.exe
  C:\Windows\System\ddcaSdC.exe
  2⤵
  PID:3252
- C:\Windows\System\lbDMjkc.exe
  C:\Windows\System\lbDMjkc.exe
  2⤵
  PID:4116
- C:\Windows\System\nWnqadc.exe
  C:\Windows\System\nWnqadc.exe
  2⤵
  PID:4156
- C:\Windows\System\DwjwXbP.exe
  C:\Windows\System\DwjwXbP.exe
  2⤵
  PID:4148
- C:\Windows\System\gsSpoAY.exe
  C:\Windows\System\gsSpoAY.exe
  2⤵
  PID:4168
- C:\Windows\System\pKNApBm.exe
  C:\Windows\System\pKNApBm.exe
  2⤵
  PID:4212
- C:\Windows\System\CrPoMJW.exe
  C:\Windows\System\CrPoMJW.exe
  2⤵
  PID:4188
- C:\Windows\System\DAvxpWW.exe
  C:\Windows\System\DAvxpWW.exe
  2⤵
  PID:4276
- C:\Windows\System\SEQllJG.exe
  C:\Windows\System\SEQllJG.exe
  2⤵
  PID:4260
- C:\Windows\System\zXzcLFS.exe
  C:\Windows\System\zXzcLFS.exe
  2⤵
  PID:4312
- C:\Windows\System\DCGOGBv.exe
  C:\Windows\System\DCGOGBv.exe
  2⤵
  PID:4356
- C:\Windows\System\DKKwOwU.exe
  C:\Windows\System\DKKwOwU.exe
  2⤵
  PID:4540
- C:\Windows\System\zSHCFVq.exe
  C:\Windows\System\zSHCFVq.exe
  2⤵
  PID:4552
- C:\Windows\System\BrtkJEU.exe
  C:\Windows\System\BrtkJEU.exe
  2⤵
  PID:4648
- C:\Windows\System\bKLMLga.exe
  C:\Windows\System\bKLMLga.exe
  2⤵
  PID:4708
- C:\Windows\System\iOuuHRk.exe
  C:\Windows\System\iOuuHRk.exe
  2⤵
  PID:4652
- C:\Windows\System\BtZaFQq.exe
  C:\Windows\System\BtZaFQq.exe
  2⤵
  PID:4736
- C:\Windows\System\ZeOuLvk.exe
  C:\Windows\System\ZeOuLvk.exe
  2⤵
  PID:4772
- C:\Windows\System\dkGZgbL.exe
  C:\Windows\System\dkGZgbL.exe
  2⤵
  PID:4756
- C:\Windows\System\DewPyUV.exe
  C:\Windows\System\DewPyUV.exe
  2⤵
  PID:4824
- C:\Windows\System\oYTXhtq.exe
  C:\Windows\System\oYTXhtq.exe
  2⤵
  PID:4840
- C:\Windows\System\zGoGGUq.exe
  C:\Windows\System\zGoGGUq.exe
  2⤵
  PID:4896
- C:\Windows\System\ACcncQx.exe
  C:\Windows\System\ACcncQx.exe
  2⤵
  PID:4928
- C:\Windows\System\EmdsnZD.exe
  C:\Windows\System\EmdsnZD.exe
  2⤵
  PID:4968
- C:\Windows\System\wzXFzRV.exe
  C:\Windows\System\wzXFzRV.exe
  2⤵
  PID:4996
- C:\Windows\System\yLlOrTB.exe
  C:\Windows\System\yLlOrTB.exe
  2⤵
  PID:4992
- C:\Windows\System\WlzKRDW.exe
  C:\Windows\System\WlzKRDW.exe
  2⤵
  PID:5048
- C:\Windows\System\NUQoJAu.exe
  C:\Windows\System\NUQoJAu.exe
  2⤵
  PID:5068
- C:\Windows\System\aGuIeSn.exe
  C:\Windows\System\aGuIeSn.exe
  2⤵
  PID:2324
- C:\Windows\System\bhEqEgl.exe
  C:\Windows\System\bhEqEgl.exe
  2⤵
  PID:4164
- C:\Windows\System\yIFODOH.exe
  C:\Windows\System\yIFODOH.exe
  2⤵
  PID:4172
- C:\Windows\System\DyqfKNc.exe
  C:\Windows\System\DyqfKNc.exe
  2⤵
  PID:4228
- C:\Windows\System\YAVeUpI.exe
  C:\Windows\System\YAVeUpI.exe
  2⤵
  PID:4232
- C:\Windows\System\YXRPoNT.exe
  C:\Windows\System\YXRPoNT.exe
  2⤵
  PID:4300
- C:\Windows\System\twzbjTb.exe
  C:\Windows\System\twzbjTb.exe
  2⤵
  PID:4348
- C:\Windows\System\HrllIBx.exe
  C:\Windows\System\HrllIBx.exe
  2⤵
  PID:4404
- C:\Windows\System\AwzcIIY.exe
  C:\Windows\System\AwzcIIY.exe
  2⤵
  PID:4428
- C:\Windows\System\wSZWfyU.exe
  C:\Windows\System\wSZWfyU.exe
  2⤵
  PID:5100
- C:\Windows\System\JjYgdXB.exe
  C:\Windows\System\JjYgdXB.exe
  2⤵
  PID:4536
- C:\Windows\System\LApKhbg.exe
  C:\Windows\System\LApKhbg.exe
  2⤵
  PID:4496
- C:\Windows\System\JFlajuf.exe
  C:\Windows\System\JFlajuf.exe
  2⤵
  PID:4548
- C:\Windows\System\KVqURHv.exe
  C:\Windows\System\KVqURHv.exe
  2⤵
  PID:4632
- C:\Windows\System\zspCnPl.exe
  C:\Windows\System\zspCnPl.exe
  2⤵
  PID:4680
- C:\Windows\System\qRBmEsA.exe
  C:\Windows\System\qRBmEsA.exe
  2⤵
  PID:4784
- C:\Windows\System\biWLIQv.exe
  C:\Windows\System\biWLIQv.exe
  2⤵
  PID:4808
- C:\Windows\System\MkaXoqG.exe
  C:\Windows\System\MkaXoqG.exe
  2⤵
  PID:4796
- C:\Windows\System\GfolzyR.exe
  C:\Windows\System\GfolzyR.exe
  2⤵
  PID:4940
- C:\Windows\System\ERAvPKl.exe
  C:\Windows\System\ERAvPKl.exe
  2⤵
  PID:4864
- C:\Windows\System\mGgdnyO.exe
  C:\Windows\System\mGgdnyO.exe
  2⤵
  PID:4144
- C:\Windows\System\YTGJPKm.exe
  C:\Windows\System\YTGJPKm.exe
  2⤵
  PID:4272
- C:\Windows\System\WDKlTcC.exe
  C:\Windows\System\WDKlTcC.exe
  2⤵
  PID:4408
- C:\Windows\System\iWtsNEr.exe
  C:\Windows\System\iWtsNEr.exe
  2⤵
  PID:4468
- C:\Windows\System\cJSgjEz.exe
  C:\Windows\System\cJSgjEz.exe
  2⤵
  PID:4520
- C:\Windows\System\lwYRqUQ.exe
  C:\Windows\System\lwYRqUQ.exe
  2⤵
  PID:4616
- C:\Windows\System\hDeVWgF.exe
  C:\Windows\System\hDeVWgF.exe
  2⤵
  PID:4712
- C:\Windows\System\hoEBZyG.exe
  C:\Windows\System\hoEBZyG.exe
  2⤵
  PID:4604
- C:\Windows\System\hXzzmns.exe
  C:\Windows\System\hXzzmns.exe
  2⤵
  PID:4892
- C:\Windows\System\xoxEGxc.exe
  C:\Windows\System\xoxEGxc.exe
  2⤵
  PID:4872
- C:\Windows\System\EQeeXde.exe
  C:\Windows\System\EQeeXde.exe
  2⤵
  PID:3108
- C:\Windows\System\yMYjYvr.exe
  C:\Windows\System\yMYjYvr.exe
  2⤵
  PID:5104
- C:\Windows\System\jQFDgwd.exe
  C:\Windows\System\jQFDgwd.exe
  2⤵
  PID:4112
- C:\Windows\System\fUDJWVA.exe
  C:\Windows\System\fUDJWVA.exe
  2⤵
  PID:4480
- C:\Windows\System\QRkHltM.exe
  C:\Windows\System\QRkHltM.exe
  2⤵
  PID:4688
- C:\Windows\System\LbtvRhW.exe
  C:\Windows\System\LbtvRhW.exe
  2⤵
  PID:4672
- C:\Windows\System\SmWERZH.exe
  C:\Windows\System\SmWERZH.exe
  2⤵
  PID:4504
- C:\Windows\System\mcbFRdX.exe
  C:\Windows\System\mcbFRdX.exe
  2⤵
  PID:4916
- C:\Windows\System\SacjBzN.exe
  C:\Windows\System\SacjBzN.exe
  2⤵
  PID:4476
- C:\Windows\System\AhkIWAq.exe
  C:\Windows\System\AhkIWAq.exe
  2⤵
  PID:5008
- C:\Windows\System\Serqepb.exe
  C:\Windows\System\Serqepb.exe
  2⤵
  PID:4720
- C:\Windows\System\RGQVydi.exe
  C:\Windows\System\RGQVydi.exe
  2⤵
  PID:4376
- C:\Windows\System\KSwQZjv.exe
  C:\Windows\System\KSwQZjv.exe
  2⤵
  PID:4492
- C:\Windows\System\RtqNfku.exe
  C:\Windows\System\RtqNfku.exe
  2⤵
  PID:4380
- C:\Windows\System\xfPNwLT.exe
  C:\Windows\System\xfPNwLT.exe
  2⤵
  PID:4524
- C:\Windows\System\cfQfUHm.exe
  C:\Windows\System\cfQfUHm.exe
  2⤵
  PID:3704
- C:\Windows\System\QGYoqlR.exe
  C:\Windows\System\QGYoqlR.exe
  2⤵
  PID:4544
- C:\Windows\System\qPKGBCD.exe
  C:\Windows\System\qPKGBCD.exe
  2⤵
  PID:4664
- C:\Windows\System\YgLmcMw.exe
  C:\Windows\System\YgLmcMw.exe
  2⤵
  PID:4308
- C:\Windows\System\bwNmAOh.exe
  C:\Windows\System\bwNmAOh.exe
  2⤵
  PID:4292
- C:\Windows\System\wtZWKTB.exe
  C:\Windows\System\wtZWKTB.exe
  2⤵
  PID:4912
- C:\Windows\System\OcCLCpS.exe
  C:\Windows\System\OcCLCpS.exe
  2⤵
  PID:4760
- C:\Windows\System\MwiaPoC.exe
  C:\Windows\System\MwiaPoC.exe
  2⤵
  PID:5136
- C:\Windows\System\kiUvgta.exe
  C:\Windows\System\kiUvgta.exe
  2⤵
  PID:5152
- C:\Windows\System\mLezRIG.exe
  C:\Windows\System\mLezRIG.exe
  2⤵
  PID:5184
- C:\Windows\System\haRGrbs.exe
  C:\Windows\System\haRGrbs.exe
  2⤵
  PID:5200
- C:\Windows\System\PIOzxfz.exe
  C:\Windows\System\PIOzxfz.exe
  2⤵
  PID:5236
- C:\Windows\System\jFFvhBM.exe
  C:\Windows\System\jFFvhBM.exe
  2⤵
  PID:5256
- C:\Windows\System\vGRUEQP.exe
  C:\Windows\System\vGRUEQP.exe
  2⤵
  PID:5272
- C:\Windows\System\qlUysAM.exe
  C:\Windows\System\qlUysAM.exe
  2⤵
  PID:5296
- C:\Windows\System\ZyNSdqR.exe
  C:\Windows\System\ZyNSdqR.exe
  2⤵
  PID:5320
- C:\Windows\System\UyzAxKU.exe
  C:\Windows\System\UyzAxKU.exe
  2⤵
  PID:5336
- C:\Windows\System\BOFqALL.exe
  C:\Windows\System\BOFqALL.exe
  2⤵
  PID:5384
- C:\Windows\System\LSsjjlN.exe
  C:\Windows\System\LSsjjlN.exe
  2⤵
  PID:5400
- C:\Windows\System\WZkhGcX.exe
  C:\Windows\System\WZkhGcX.exe
  2⤵
  PID:5432
- C:\Windows\System\FsRXyST.exe
  C:\Windows\System\FsRXyST.exe
  2⤵
  PID:5448
- C:\Windows\System\qwwGfcf.exe
  C:\Windows\System\qwwGfcf.exe
  2⤵
  PID:5464
- C:\Windows\System\QMjftvf.exe
  C:\Windows\System\QMjftvf.exe
  2⤵
  PID:5484
- C:\Windows\System\DLDqSuG.exe
  C:\Windows\System\DLDqSuG.exe
  2⤵
  PID:5528
- C:\Windows\System\rwcgJbD.exe
  C:\Windows\System\rwcgJbD.exe
  2⤵
  PID:5544
- C:\Windows\System\cSjDoGo.exe
  C:\Windows\System\cSjDoGo.exe
  2⤵
  PID:5564
- C:\Windows\System\JZOBMrJ.exe
  C:\Windows\System\JZOBMrJ.exe
  2⤵
  PID:5584
- C:\Windows\System\SPqkuEh.exe
  C:\Windows\System\SPqkuEh.exe
  2⤵
  PID:5604
- C:\Windows\System\rKBNQru.exe
  C:\Windows\System\rKBNQru.exe
  2⤵
  PID:5628
- C:\Windows\System\xEjMfsN.exe
  C:\Windows\System\xEjMfsN.exe
  2⤵
  PID:5644
- C:\Windows\System\BwGOgdk.exe
  C:\Windows\System\BwGOgdk.exe
  2⤵
  PID:5660
- C:\Windows\System\ISbRwUQ.exe
  C:\Windows\System\ISbRwUQ.exe
  2⤵
  PID:5676
- C:\Windows\System\LcEqxEZ.exe
  C:\Windows\System\LcEqxEZ.exe
  2⤵
  PID:5692
- C:\Windows\System\XtcOmeE.exe
  C:\Windows\System\XtcOmeE.exe
  2⤵
  PID:5712
- C:\Windows\System\gFXKsGJ.exe
  C:\Windows\System\gFXKsGJ.exe
  2⤵
  PID:5740
- C:\Windows\System\xwOXxwi.exe
  C:\Windows\System\xwOXxwi.exe
  2⤵
  PID:5764
- C:\Windows\System\HTtdAwb.exe
  C:\Windows\System\HTtdAwb.exe
  2⤵
  PID:5780
- C:\Windows\System\cSaslqg.exe
  C:\Windows\System\cSaslqg.exe
  2⤵
  PID:5796
- C:\Windows\System\LEMpQRE.exe
  C:\Windows\System\LEMpQRE.exe
  2⤵
  PID:5868
- C:\Windows\System\XuvvYAZ.exe
  C:\Windows\System\XuvvYAZ.exe
  2⤵
  PID:5888
- C:\Windows\System\IOMquRN.exe
  C:\Windows\System\IOMquRN.exe
  2⤵
  PID:5920
- C:\Windows\System\blpjWhe.exe
  C:\Windows\System\blpjWhe.exe
  2⤵
  PID:5944
- C:\Windows\System\iHFIYPS.exe
  C:\Windows\System\iHFIYPS.exe
  2⤵
  PID:5960
- C:\Windows\System\CDHuTxv.exe
  C:\Windows\System\CDHuTxv.exe
  2⤵
  PID:5984
- C:\Windows\System\wISsLnI.exe
  C:\Windows\System\wISsLnI.exe
  2⤵
  PID:6000
- C:\Windows\System\wNBUDXS.exe
  C:\Windows\System\wNBUDXS.exe
  2⤵
  PID:6040
- C:\Windows\System\jaSzItH.exe
  C:\Windows\System\jaSzItH.exe
  2⤵
  PID:6056
- C:\Windows\System\xlLPkzw.exe
  C:\Windows\System\xlLPkzw.exe
  2⤵
  PID:6072
- C:\Windows\System\ekFAACZ.exe
  C:\Windows\System\ekFAACZ.exe
  2⤵
  PID:6096
- C:\Windows\System\qzwghTN.exe
  C:\Windows\System\qzwghTN.exe
  2⤵
  PID:6136
- C:\Windows\System\XcaomLt.exe
  C:\Windows\System\XcaomLt.exe
  2⤵
  PID:4128
- C:\Windows\System\kXaMKDl.exe
  C:\Windows\System\kXaMKDl.exe
  2⤵
  PID:5144
- C:\Windows\System\VmyKFXm.exe
  C:\Windows\System\VmyKFXm.exe
  2⤵
  PID:4976
- C:\Windows\System\tYjzSoo.exe
  C:\Windows\System\tYjzSoo.exe
  2⤵
  PID:5228
- C:\Windows\System\KtzNHFH.exe
  C:\Windows\System\KtzNHFH.exe
  2⤵
  PID:5268
- C:\Windows\System\wOtuLQr.exe
  C:\Windows\System\wOtuLQr.exe
  2⤵
  PID:5292
- C:\Windows\System\akuMwgb.exe
  C:\Windows\System\akuMwgb.exe
  2⤵
  PID:5252
- C:\Windows\System\KffvnCQ.exe
  C:\Windows\System\KffvnCQ.exe
  2⤵
  PID:5368
- C:\Windows\System\XbxRIDr.exe
  C:\Windows\System\XbxRIDr.exe
  2⤵
  PID:5408
- C:\Windows\System\HsgtdFH.exe
  C:\Windows\System\HsgtdFH.exe
  2⤵
  PID:5428
- C:\Windows\System\GXdFWIV.exe
  C:\Windows\System\GXdFWIV.exe
  2⤵
  PID:5444
- C:\Windows\System\pBJyeKf.exe
  C:\Windows\System\pBJyeKf.exe
  2⤵
  PID:5516
- C:\Windows\System\sVSATqu.exe
  C:\Windows\System\sVSATqu.exe
  2⤵
  PID:5500
- C:\Windows\System\NrznbBY.exe
  C:\Windows\System\NrznbBY.exe
  2⤵
  PID:5636
- C:\Windows\System\zIznNXY.exe
  C:\Windows\System\zIznNXY.exe
  2⤵
  PID:5576
- C:\Windows\System\PkDBkuS.exe
  C:\Windows\System\PkDBkuS.exe
  2⤵
  PID:5672
- C:\Windows\System\YViuQjD.exe
  C:\Windows\System\YViuQjD.exe
  2⤵
  PID:5684
- C:\Windows\System\LmHLckT.exe
  C:\Windows\System\LmHLckT.exe
  2⤵
  PID:5748
- C:\Windows\System\SaXIUnu.exe
  C:\Windows\System\SaXIUnu.exe
  2⤵
  PID:5756
- C:\Windows\System\vfmaSgR.exe
  C:\Windows\System\vfmaSgR.exe
  2⤵
  PID:5816
- C:\Windows\System\fkzjbhO.exe
  C:\Windows\System\fkzjbhO.exe
  2⤵
  PID:5836
- C:\Windows\System\PlldrfS.exe
  C:\Windows\System\PlldrfS.exe
  2⤵
  PID:5820
- C:\Windows\System\NtGwtWi.exe
  C:\Windows\System\NtGwtWi.exe
  2⤵
  PID:5876
- C:\Windows\System\uNfQpmF.exe
  C:\Windows\System\uNfQpmF.exe
  2⤵
  PID:5896
- C:\Windows\System\ubkqovp.exe
  C:\Windows\System\ubkqovp.exe
  2⤵
  PID:5940
- C:\Windows\System\pUNDFTJ.exe
  C:\Windows\System\pUNDFTJ.exe
  2⤵
  PID:5996
- C:\Windows\System\Qmbztap.exe
  C:\Windows\System\Qmbztap.exe
  2⤵
  PID:5992
- C:\Windows\System\ppSqxiu.exe
  C:\Windows\System\ppSqxiu.exe
  2⤵
  PID:6032
- C:\Windows\System\ULJsBvA.exe
  C:\Windows\System\ULJsBvA.exe
  2⤵
  PID:6092
- C:\Windows\System\SEoZJzt.exe
  C:\Windows\System\SEoZJzt.exe
  2⤵
  PID:4288
- C:\Windows\System\gAsuXaP.exe
  C:\Windows\System\gAsuXaP.exe
  2⤵
  PID:4364
- C:\Windows\System\KasRFEk.exe
  C:\Windows\System\KasRFEk.exe
  2⤵
  PID:5160
- C:\Windows\System\jXMuWcu.exe
  C:\Windows\System\jXMuWcu.exe
  2⤵
  PID:5176
- C:\Windows\System\NhgwStY.exe
  C:\Windows\System\NhgwStY.exe
  2⤵
  PID:5220
- C:\Windows\System\HdjzORZ.exe
  C:\Windows\System\HdjzORZ.exe
  2⤵
  PID:5308
- C:\Windows\System\dnPazxM.exe
  C:\Windows\System\dnPazxM.exe
  2⤵
  PID:5312
- C:\Windows\System\hLtvfWR.exe
  C:\Windows\System\hLtvfWR.exe
  2⤵
  PID:5344
- C:\Windows\System\frkpbYI.exe
  C:\Windows\System\frkpbYI.exe
  2⤵
  PID:5376
- C:\Windows\System\jJLjmbE.exe
  C:\Windows\System\jJLjmbE.exe
  2⤵
  PID:5396
- C:\Windows\System\YvxzDEn.exe
  C:\Windows\System\YvxzDEn.exe
  2⤵
  PID:5496
- C:\Windows\System\uCjCCXj.exe
  C:\Windows\System\uCjCCXj.exe
  2⤵
  PID:5420
- C:\Windows\System\urVxqHQ.exe
  C:\Windows\System\urVxqHQ.exe
  2⤵
  PID:5556
- C:\Windows\System\qBTPngf.exe
  C:\Windows\System\qBTPngf.exe
  2⤵
  PID:5592
- C:\Windows\System\gZuIZPn.exe
  C:\Windows\System\gZuIZPn.exe
  2⤵
  PID:5640
- C:\Windows\System\cKxcubA.exe
  C:\Windows\System\cKxcubA.exe
  2⤵
  PID:5540
- C:\Windows\System\VCmoQWt.exe
  C:\Windows\System\VCmoQWt.exe
  2⤵
  PID:5708
- C:\Windows\System\mymczrC.exe
  C:\Windows\System\mymczrC.exe
  2⤵
  PID:5624
- C:\Windows\System\vMVpUIn.exe
  C:\Windows\System\vMVpUIn.exe
  2⤵
  PID:5724
- C:\Windows\System\OZdkcxV.exe
  C:\Windows\System\OZdkcxV.exe
  2⤵
  PID:5776
- C:\Windows\System\CzylDGL.exe
  C:\Windows\System\CzylDGL.exe
  2⤵
  PID:5852
- C:\Windows\System\SNemFxP.exe
  C:\Windows\System\SNemFxP.exe
  2⤵
  PID:5856
- C:\Windows\System\JNbkTgV.exe
  C:\Windows\System\JNbkTgV.exe
  2⤵
  PID:5976
- C:\Windows\System\vNyrpry.exe
  C:\Windows\System\vNyrpry.exe
  2⤵
  PID:5912
- C:\Windows\System\VIiAQRS.exe
  C:\Windows\System\VIiAQRS.exe
  2⤵
  PID:6012
- C:\Windows\System\DaucJvK.exe
  C:\Windows\System\DaucJvK.exe
  2⤵
  PID:6048
- C:\Windows\System\YCRbnGY.exe
  C:\Windows\System\YCRbnGY.exe
  2⤵
  PID:6088
- C:\Windows\System\InkdPFc.exe
  C:\Windows\System\InkdPFc.exe
  2⤵
  PID:5916
- C:\Windows\System\rBrGPEg.exe
  C:\Windows\System\rBrGPEg.exe
  2⤵
  PID:6120
- C:\Windows\System\zyFqPzT.exe
  C:\Windows\System\zyFqPzT.exe
  2⤵
  PID:4620
- C:\Windows\System\JGEVMgQ.exe
  C:\Windows\System\JGEVMgQ.exe
  2⤵
  PID:5168
- C:\Windows\System\hzJpOgz.exe
  C:\Windows\System\hzJpOgz.exe
  2⤵
  PID:5356
- C:\Windows\System\bNpmRAo.exe
  C:\Windows\System\bNpmRAo.exe
  2⤵
  PID:5424
- C:\Windows\System\uFFlCWs.exe
  C:\Windows\System\uFFlCWs.exe
  2⤵
  PID:5212
- C:\Windows\System\okcQyCo.exe
  C:\Windows\System\okcQyCo.exe
  2⤵
  PID:5116
- C:\Windows\System\LosaOtd.exe
  C:\Windows\System\LosaOtd.exe
  2⤵
  PID:5364
- C:\Windows\System\BGjjAZL.exe
  C:\Windows\System\BGjjAZL.exe
  2⤵
  PID:5808
- C:\Windows\System\vuzGWOI.exe
  C:\Windows\System\vuzGWOI.exe
  2⤵
  PID:5380
- C:\Windows\System\RxtQlKf.exe
  C:\Windows\System\RxtQlKf.exe
  2⤵
  PID:5760
- C:\Windows\System\muKWUtP.exe
  C:\Windows\System\muKWUtP.exe
  2⤵
  PID:5980
- C:\Windows\System\uwbbvIm.exe
  C:\Windows\System\uwbbvIm.exe
  2⤵
  PID:5860
- C:\Windows\System\sptbXtt.exe
  C:\Windows\System\sptbXtt.exe
  2⤵
  PID:1628
- C:\Windows\System\DOEvYkQ.exe
  C:\Windows\System\DOEvYkQ.exe
  2⤵
  PID:6016
- C:\Windows\System\dAaTwYi.exe
  C:\Windows\System\dAaTwYi.exe
  2⤵
  PID:1976
- C:\Windows\System\XWgElSl.exe
  C:\Windows\System\XWgElSl.exe
  2⤵
  PID:1532
- C:\Windows\System\PTYlhPc.exe
  C:\Windows\System\PTYlhPc.exe
  2⤵
  PID:6064
- C:\Windows\System\TIKtNgE.exe
  C:\Windows\System\TIKtNgE.exe
  2⤵
  PID:4204
- C:\Windows\System\TGwyrgJ.exe
  C:\Windows\System\TGwyrgJ.exe
  2⤵
  PID:5504
- C:\Windows\System\aKRVLrZ.exe
  C:\Windows\System\aKRVLrZ.exe
  2⤵
  PID:5284
- C:\Windows\System\KUPRTpr.exe
  C:\Windows\System\KUPRTpr.exe
  2⤵
  PID:5828
- C:\Windows\System\BEluWKj.exe
  C:\Windows\System\BEluWKj.exe
  2⤵
  PID:5248
- C:\Windows\System\tzCWhdS.exe
  C:\Windows\System\tzCWhdS.exe
  2⤵
  PID:5288
- C:\Windows\System\lxPhsAQ.exe
  C:\Windows\System\lxPhsAQ.exe
  2⤵
  PID:5932
- C:\Windows\System\GTLVHdy.exe
  C:\Windows\System\GTLVHdy.exe
  2⤵
  PID:1600
- C:\Windows\System\lzkbvTH.exe
  C:\Windows\System\lzkbvTH.exe
  2⤵
  PID:6036
- C:\Windows\System\ZeVKrKj.exe
  C:\Windows\System\ZeVKrKj.exe
  2⤵
  PID:5172
- C:\Windows\System\kQyMSnl.exe
  C:\Windows\System\kQyMSnl.exe
  2⤵
  PID:1676
- C:\Windows\System\xZAXOVs.exe
  C:\Windows\System\xZAXOVs.exe
  2⤵
  PID:6024
- C:\Windows\System\YNWwfzf.exe
  C:\Windows\System\YNWwfzf.exe
  2⤵
  PID:5596
- C:\Windows\System\FYQHRdT.exe
  C:\Windows\System\FYQHRdT.exe
  2⤵
  PID:5456
- C:\Windows\System\VcDdapd.exe
  C:\Windows\System\VcDdapd.exe
  2⤵
  PID:6160
- C:\Windows\System\xdDLpMy.exe
  C:\Windows\System\xdDLpMy.exe
  2⤵
  PID:6176
- C:\Windows\System\ZoadSGk.exe
  C:\Windows\System\ZoadSGk.exe
  2⤵
  PID:6208
- C:\Windows\System\uLfRXKA.exe
  C:\Windows\System\uLfRXKA.exe
  2⤵
  PID:6232
- C:\Windows\System\ojsQrYR.exe
  C:\Windows\System\ojsQrYR.exe
  2⤵
  PID:6252
- C:\Windows\System\nnWWqxR.exe
  C:\Windows\System\nnWWqxR.exe
  2⤵
  PID:6284
- C:\Windows\System\iIQfpot.exe
  C:\Windows\System\iIQfpot.exe
  2⤵
  PID:6308
- C:\Windows\System\Hlszuxt.exe
  C:\Windows\System\Hlszuxt.exe
  2⤵
  PID:6324
- C:\Windows\System\jotbazq.exe
  C:\Windows\System\jotbazq.exe
  2⤵
  PID:6356
- C:\Windows\System\alDflnG.exe
  C:\Windows\System\alDflnG.exe
  2⤵
  PID:6372
- C:\Windows\System\OYdwUTo.exe
  C:\Windows\System\OYdwUTo.exe
  2⤵
  PID:6392
- C:\Windows\System\jBCWLEo.exe
  C:\Windows\System\jBCWLEo.exe
  2⤵
  PID:6416
- C:\Windows\System\ISCnzlx.exe
  C:\Windows\System\ISCnzlx.exe
  2⤵
  PID:6432
- C:\Windows\System\LSmXUdn.exe
  C:\Windows\System\LSmXUdn.exe
  2⤵
  PID:6468
- C:\Windows\System\NtAmFGD.exe
  C:\Windows\System\NtAmFGD.exe
  2⤵
  PID:6488
- C:\Windows\System\hcLZsln.exe
  C:\Windows\System\hcLZsln.exe
  2⤵
  PID:6528
- C:\Windows\System\dMzPWfh.exe
  C:\Windows\System\dMzPWfh.exe
  2⤵
  PID:6556
- C:\Windows\System\pZGcFuQ.exe
  C:\Windows\System\pZGcFuQ.exe
  2⤵
  PID:6576
- C:\Windows\System\hikVfHj.exe
  C:\Windows\System\hikVfHj.exe
  2⤵
  PID:6592
- C:\Windows\System\cbKqmaD.exe
  C:\Windows\System\cbKqmaD.exe
  2⤵
  PID:6640
- C:\Windows\System\GIEFSgq.exe
  C:\Windows\System\GIEFSgq.exe
  2⤵
  PID:6656
- C:\Windows\System\rZfglUz.exe
  C:\Windows\System\rZfglUz.exe
  2⤵
  PID:6684
- C:\Windows\System\UFXrtji.exe
  C:\Windows\System\UFXrtji.exe
  2⤵
  PID:6700
- C:\Windows\System\tdWvArq.exe
  C:\Windows\System\tdWvArq.exe
  2⤵
  PID:6732
- C:\Windows\System\Zthreid.exe
  C:\Windows\System\Zthreid.exe
  2⤵
  PID:6764
- C:\Windows\System\mJFfKnP.exe
  C:\Windows\System\mJFfKnP.exe
  2⤵
  PID:6784
- C:\Windows\System\cwUlekg.exe
  C:\Windows\System\cwUlekg.exe
  2⤵
  PID:6804
- C:\Windows\System\vVREgJg.exe
  C:\Windows\System\vVREgJg.exe
  2⤵
  PID:6828
- C:\Windows\System\sVUkmnA.exe
  C:\Windows\System\sVUkmnA.exe
  2⤵
  PID:6848
- C:\Windows\System\oiAoVTY.exe
  C:\Windows\System\oiAoVTY.exe
  2⤵
  PID:6872
- C:\Windows\System\KxyTmYu.exe
  C:\Windows\System\KxyTmYu.exe
  2⤵
  PID:6900
- C:\Windows\System\dsbKnEL.exe
  C:\Windows\System\dsbKnEL.exe
  2⤵
  PID:6920
- C:\Windows\System\ibDygqL.exe
  C:\Windows\System\ibDygqL.exe
  2⤵
  PID:6948
- C:\Windows\System\fOKGyKq.exe
  C:\Windows\System\fOKGyKq.exe
  2⤵
  PID:6972
- C:\Windows\System\RHGGBgo.exe
  C:\Windows\System\RHGGBgo.exe
  2⤵
  PID:7036
- C:\Windows\System\wiqVGXv.exe
  C:\Windows\System\wiqVGXv.exe
  2⤵
  PID:7060
- C:\Windows\System\dgpxVZc.exe
  C:\Windows\System\dgpxVZc.exe
  2⤵
  PID:5700
- C:\Windows\System\AKErmjI.exe
  C:\Windows\System\AKErmjI.exe
  2⤵
  PID:6192
- C:\Windows\System\sLpcFwa.exe
  C:\Windows\System\sLpcFwa.exe
  2⤵
  PID:6220
- C:\Windows\System\CsVtmBu.exe
  C:\Windows\System\CsVtmBu.exe
  2⤵
  PID:6820
- C:\Windows\System\kOzHvxK.exe
  C:\Windows\System\kOzHvxK.exe
  2⤵
  PID:6796
- C:\Windows\System\CcuVWVx.exe
  C:\Windows\System\CcuVWVx.exe
  2⤵
  PID:6908
- C:\Windows\System\ElzjIBf.exe
  C:\Windows\System\ElzjIBf.exe
  2⤵
  PID:6888
- C:\Windows\System\qtXjwCz.exe
  C:\Windows\System\qtXjwCz.exe
  2⤵
  PID:6940
- C:\Windows\System\FbujCcF.exe
  C:\Windows\System\FbujCcF.exe
  2⤵
  PID:6968
- C:\Windows\System\xajYDcN.exe
  C:\Windows\System\xajYDcN.exe
  2⤵
  PID:6348
- C:\Windows\System\MoWlryL.exe
  C:\Windows\System\MoWlryL.exe
  2⤵
  PID:1468
- C:\Windows\System\yiGKgHu.exe
  C:\Windows\System\yiGKgHu.exe
  2⤵
  PID:2068
- C:\Windows\System\ZgMhhOs.exe
  C:\Windows\System\ZgMhhOs.exe
  2⤵
  PID:7084
- C:\Windows\System\VFogezf.exe
  C:\Windows\System\VFogezf.exe
  2⤵
  PID:7100
- C:\Windows\System\QcCJIcq.exe
  C:\Windows\System\QcCJIcq.exe
  2⤵
  PID:7132
- C:\Windows\System\jlPPQHo.exe
  C:\Windows\System\jlPPQHo.exe
  2⤵
  PID:6152
- C:\Windows\System\vPVSrhm.exe
  C:\Windows\System\vPVSrhm.exe
  2⤵
  PID:5520
- C:\Windows\System\PVyHJVs.exe
  C:\Windows\System\PVyHJVs.exe
  2⤵
  PID:7096
- C:\Windows\System\Rnoxyzv.exe
  C:\Windows\System\Rnoxyzv.exe
  2⤵
  PID:6280
- C:\Windows\System\otdPCKx.exe
  C:\Windows\System\otdPCKx.exe
  2⤵
  PID:6320
- C:\Windows\System\KLewlhz.exe
  C:\Windows\System\KLewlhz.exe
  2⤵
  PID:6400
- C:\Windows\System\KeUsFju.exe
  C:\Windows\System\KeUsFju.exe
  2⤵
  PID:6412
- C:\Windows\System\ZOFQkUG.exe
  C:\Windows\System\ZOFQkUG.exe
  2⤵
  PID:6352
- C:\Windows\System\EyqoRmr.exe
  C:\Windows\System\EyqoRmr.exe
  2⤵
  PID:6460
- C:\Windows\System\NWYFAPh.exe
  C:\Windows\System\NWYFAPh.exe
  2⤵
  PID:6664
- C:\Windows\System\DRZDAln.exe
  C:\Windows\System\DRZDAln.exe
  2⤵
  PID:6508
- C:\Windows\System\KLeDYUF.exe
  C:\Windows\System\KLeDYUF.exe
  2⤵
  PID:6600
- C:\Windows\System\MFnqkmX.exe
  C:\Windows\System\MFnqkmX.exe
  2⤵
  PID:6616
- C:\Windows\System\DsZIjlz.exe
  C:\Windows\System\DsZIjlz.exe
  2⤵
  PID:6668
- C:\Windows\System\naJBrFb.exe
  C:\Windows\System\naJBrFb.exe
  2⤵
  PID:6648
- C:\Windows\System\kkyZclP.exe
  C:\Windows\System\kkyZclP.exe
  2⤵
  PID:6756
- C:\Windows\System\ttnNVdw.exe
  C:\Windows\System\ttnNVdw.exe
  2⤵
  PID:6816
- C:\Windows\System\KYGhwRA.exe
  C:\Windows\System\KYGhwRA.exe
  2⤵
  PID:6792
- C:\Windows\System\ReHCqRs.exe
  C:\Windows\System\ReHCqRs.exe
  2⤵
  PID:6932
- C:\Windows\System\MAbcQJR.exe
  C:\Windows\System\MAbcQJR.exe
  2⤵
  PID:6936
- C:\Windows\System\EzDNWYN.exe
  C:\Windows\System\EzDNWYN.exe
  2⤵
  PID:7000
- C:\Windows\System\zjNXwQj.exe
  C:\Windows\System\zjNXwQj.exe
  2⤵
  PID:2984
- C:\Windows\System\FKRKCKr.exe
  C:\Windows\System\FKRKCKr.exe
  2⤵
  PID:7044
- C:\Windows\System\isPztEs.exe
  C:\Windows\System\isPztEs.exe
  2⤵
  PID:7120
- C:\Windows\System\SZbROHq.exe
  C:\Windows\System\SZbROHq.exe
  2⤵
  PID:304
- C:\Windows\System\pTGBRTe.exe
  C:\Windows\System\pTGBRTe.exe
  2⤵
  PID:7124
- C:\Windows\System\lTkQyiA.exe
  C:\Windows\System\lTkQyiA.exe
  2⤵
  PID:7164
- C:\Windows\System\eOdEaVq.exe
  C:\Windows\System\eOdEaVq.exe
  2⤵
  PID:6292
- C:\Windows\System\nafpeBA.exe
  C:\Windows\System\nafpeBA.exe
  2⤵
  PID:6440
- C:\Windows\System\mcgauuP.exe
  C:\Windows\System\mcgauuP.exe
  2⤵
  PID:6276
- C:\Windows\System\qQkomTZ.exe
  C:\Windows\System\qQkomTZ.exe
  2⤵
  PID:6504
- C:\Windows\System\wsGAyPI.exe
  C:\Windows\System\wsGAyPI.exe
  2⤵
  PID:6384
- C:\Windows\System\ZlIvRUJ.exe
  C:\Windows\System\ZlIvRUJ.exe
  2⤵
  PID:6512
- C:\Windows\System\jAmenam.exe
  C:\Windows\System\jAmenam.exe
  2⤵
  PID:6712
- C:\Windows\System\wgMtIUn.exe
  C:\Windows\System\wgMtIUn.exe
  2⤵
  PID:6568
- C:\Windows\System\GpDcAKg.exe
  C:\Windows\System\GpDcAKg.exe
  2⤵
  PID:6584
- C:\Windows\System\khTTmuN.exe
  C:\Windows\System\khTTmuN.exe
  2⤵
  PID:6724
- C:\Windows\System\LQIbSkw.exe
  C:\Windows\System\LQIbSkw.exe
  2⤵
  PID:6812
- C:\Windows\System\jyJOBRH.exe
  C:\Windows\System\jyJOBRH.exe
  2⤵
  PID:6884
- C:\Windows\System\yTNMFWE.exe
  C:\Windows\System\yTNMFWE.exe
  2⤵
  PID:6988
- C:\Windows\System\HCXwKAK.exe
  C:\Windows\System\HCXwKAK.exe
  2⤵
  PID:6864
- C:\Windows\System\zLvTnpc.exe
  C:\Windows\System\zLvTnpc.exe
  2⤵
  PID:7072
- C:\Windows\System\DzVAFow.exe
  C:\Windows\System\DzVAFow.exe
  2⤵
  PID:6928
- C:\Windows\System\AqqtlNo.exe
  C:\Windows\System\AqqtlNo.exe
  2⤵
  PID:6336
- C:\Windows\System\hteVgWT.exe
  C:\Windows\System\hteVgWT.exe
  2⤵
  PID:6080
- C:\Windows\System\oGnoKFg.exe
  C:\Windows\System\oGnoKFg.exe
  2⤵
  PID:7024
- C:\Windows\System\TQMzvOZ.exe
  C:\Windows\System\TQMzvOZ.exe
  2⤵
  PID:6476
- C:\Windows\System\PFEFApC.exe
  C:\Windows\System\PFEFApC.exe
  2⤵
  PID:6244
- C:\Windows\System\XrdpsWv.exe
  C:\Windows\System\XrdpsWv.exe
  2⤵
  PID:6524
- C:\Windows\System\coSmcCf.exe
  C:\Windows\System\coSmcCf.exe
  2⤵
  PID:6716
- C:\Windows\System\lPrjGXS.exe
  C:\Windows\System\lPrjGXS.exe
  2⤵
  PID:6604
- C:\Windows\System\DQdXzbB.exe
  C:\Windows\System\DQdXzbB.exe
  2⤵
  PID:6844
- C:\Windows\System\vEeJKDt.exe
  C:\Windows\System\vEeJKDt.exe
  2⤵
  PID:6836
- C:\Windows\System\lJLsTGj.exe
  C:\Windows\System\lJLsTGj.exe
  2⤵
  PID:7048
- C:\Windows\System\CdPgpMG.exe
  C:\Windows\System\CdPgpMG.exe
  2⤵
  PID:7148
- C:\Windows\System\htpeHXg.exe
  C:\Windows\System\htpeHXg.exe
  2⤵
  PID:6316
- C:\Windows\System\zWOnGir.exe
  C:\Windows\System\zWOnGir.exe
  2⤵
  PID:7108
- C:\Windows\System\kxGNcQM.exe
  C:\Windows\System\kxGNcQM.exe
  2⤵
  PID:6380
- C:\Windows\System\MIpRciT.exe
  C:\Windows\System\MIpRciT.exe
  2⤵
  PID:6424
- C:\Windows\System\VzVfVlK.exe
  C:\Windows\System\VzVfVlK.exe
  2⤵
  PID:6632
- C:\Windows\System\JkuaZwk.exe
  C:\Windows\System\JkuaZwk.exe
  2⤵
  PID:6980
- C:\Windows\System\NPcXKgp.exe
  C:\Windows\System\NPcXKgp.exe
  2⤵
  PID:6544
- C:\Windows\System\vgCqiTe.exe
  C:\Windows\System\vgCqiTe.exe
  2⤵
  PID:6216
- C:\Windows\System\DrimPSC.exe
  C:\Windows\System\DrimPSC.exe
  2⤵
  PID:6860
- C:\Windows\System\MTscxpe.exe
  C:\Windows\System\MTscxpe.exe
  2⤵
  PID:6368
- C:\Windows\System\dWbapvq.exe
  C:\Windows\System\dWbapvq.exe
  2⤵
  PID:6540
- C:\Windows\System\KCBuQgm.exe
  C:\Windows\System\KCBuQgm.exe
  2⤵
  PID:7028
- C:\Windows\System\tkYgkgj.exe
  C:\Windows\System\tkYgkgj.exe
  2⤵
  PID:6304
- C:\Windows\System\uzkajMr.exe
  C:\Windows\System\uzkajMr.exe
  2⤵
  PID:6636
- C:\Windows\System\hWEYnMM.exe
  C:\Windows\System\hWEYnMM.exe
  2⤵
  PID:6260
- C:\Windows\System\zfrbipO.exe
  C:\Windows\System\zfrbipO.exe
  2⤵
  PID:6720
- C:\Windows\System\UlFzmbL.exe
  C:\Windows\System\UlFzmbL.exe
  2⤵
  PID:6408
- C:\Windows\System\nhkWqLe.exe
  C:\Windows\System\nhkWqLe.exe
  2⤵
  PID:6456
- C:\Windows\System\PtMuweX.exe
  C:\Windows\System\PtMuweX.exe
  2⤵
  PID:6748
- C:\Windows\System\IuGDrMI.exe
  C:\Windows\System\IuGDrMI.exe
  2⤵
  PID:6300
- C:\Windows\System\xXwRoOL.exe
  C:\Windows\System\xXwRoOL.exe
  2⤵
  PID:6896
- C:\Windows\System\NtxBvJk.exe
  C:\Windows\System\NtxBvJk.exe
  2⤵
  PID:7184
- C:\Windows\System\hwqZtkG.exe
  C:\Windows\System\hwqZtkG.exe
  2⤵
  PID:7200
- C:\Windows\System\ehorTLT.exe
  C:\Windows\System\ehorTLT.exe
  2⤵
  PID:7216
- C:\Windows\System\WDGibCT.exe
  C:\Windows\System\WDGibCT.exe
  2⤵
  PID:7268
- C:\Windows\System\FFAcFxT.exe
  C:\Windows\System\FFAcFxT.exe
  2⤵
  PID:7284
- C:\Windows\System\doyKAOD.exe
  C:\Windows\System\doyKAOD.exe
  2⤵
  PID:7300
- C:\Windows\System\tdzwisZ.exe
  C:\Windows\System\tdzwisZ.exe
  2⤵
  PID:7320
- C:\Windows\System\WiPtVqd.exe
  C:\Windows\System\WiPtVqd.exe
  2⤵
  PID:7364
- C:\Windows\System\lCqYaJz.exe
  C:\Windows\System\lCqYaJz.exe
  2⤵
  PID:7388
- C:\Windows\System\eLhthfB.exe
  C:\Windows\System\eLhthfB.exe
  2⤵
  PID:7404
- C:\Windows\System\dZYvPBw.exe
  C:\Windows\System\dZYvPBw.exe
  2⤵
  PID:7420
- C:\Windows\System\NEwkbir.exe
  C:\Windows\System\NEwkbir.exe
  2⤵
  PID:7440
- C:\Windows\System\VPLqQxH.exe
  C:\Windows\System\VPLqQxH.exe
  2⤵
  PID:7460
- C:\Windows\System\fqjVSlf.exe
  C:\Windows\System\fqjVSlf.exe
  2⤵
  PID:7480
- C:\Windows\System\iMeitwW.exe
  C:\Windows\System\iMeitwW.exe
  2⤵
  PID:7496
- C:\Windows\System\AMXRNXg.exe
  C:\Windows\System\AMXRNXg.exe
  2⤵
  PID:7512
- C:\Windows\System\AUaupjP.exe
  C:\Windows\System\AUaupjP.exe
  2⤵
  PID:7576
- C:\Windows\System\KweTPXP.exe
  C:\Windows\System\KweTPXP.exe
  2⤵
  PID:7592
- C:\Windows\System\SBOkBBh.exe
  C:\Windows\System\SBOkBBh.exe
  2⤵
  PID:7608
- C:\Windows\System\nJcnugH.exe
  C:\Windows\System\nJcnugH.exe
  2⤵
  PID:7624
- C:\Windows\System\GGovzCn.exe
  C:\Windows\System\GGovzCn.exe
  2⤵
  PID:7640
- C:\Windows\System\JSyNCQu.exe
  C:\Windows\System\JSyNCQu.exe
  2⤵
  PID:7656
- C:\Windows\System\yrUrLpE.exe
  C:\Windows\System\yrUrLpE.exe
  2⤵
  PID:7672
- C:\Windows\System\kPgkuRK.exe
  C:\Windows\System\kPgkuRK.exe
  2⤵
  PID:7700
- C:\Windows\System\tlYMTUd.exe
  C:\Windows\System\tlYMTUd.exe
  2⤵
  PID:7720
- C:\Windows\System\gqbcOpl.exe
  C:\Windows\System\gqbcOpl.exe
  2⤵
  PID:7736
- C:\Windows\System\EKuFnTz.exe
  C:\Windows\System\EKuFnTz.exe
  2⤵
  PID:7768
- C:\Windows\System\mLFbZyS.exe
  C:\Windows\System\mLFbZyS.exe
  2⤵
  PID:7800
- C:\Windows\System\FKxTODY.exe
  C:\Windows\System\FKxTODY.exe
  2⤵
  PID:7816
- C:\Windows\System\XsUSrPx.exe
  C:\Windows\System\XsUSrPx.exe
  2⤵
  PID:7832
- C:\Windows\System\SXphzgO.exe
  C:\Windows\System\SXphzgO.exe
  2⤵
  PID:7848
- C:\Windows\System\oWejiju.exe
  C:\Windows\System\oWejiju.exe
  2⤵
  PID:7864
- C:\Windows\System\XGVxxSW.exe
  C:\Windows\System\XGVxxSW.exe
  2⤵
  PID:7880
- C:\Windows\System\hQKHIuW.exe
  C:\Windows\System\hQKHIuW.exe
  2⤵
  PID:7904
- C:\Windows\System\EBQOrST.exe
  C:\Windows\System\EBQOrST.exe
  2⤵
  PID:7920
- C:\Windows\System\QGFdHBh.exe
  C:\Windows\System\QGFdHBh.exe
  2⤵
  PID:7936
- C:\Windows\System\XeZjaWu.exe
  C:\Windows\System\XeZjaWu.exe
  2⤵
  PID:7956
- C:\Windows\System\vDULRAq.exe
  C:\Windows\System\vDULRAq.exe
  2⤵
  PID:7984
- C:\Windows\System\ggNbWBd.exe
  C:\Windows\System\ggNbWBd.exe
  2⤵
  PID:8012
- C:\Windows\System\oXGNLWG.exe
  C:\Windows\System\oXGNLWG.exe
  2⤵
  PID:8064
- C:\Windows\System\fIXDbXK.exe
  C:\Windows\System\fIXDbXK.exe
  2⤵
  PID:8148
- C:\Windows\System\mdOCDmi.exe
  C:\Windows\System\mdOCDmi.exe
  2⤵
  PID:8168
- C:\Windows\System\fXdJPHi.exe
  C:\Windows\System\fXdJPHi.exe
  2⤵
  PID:7176
- C:\Windows\System\JNWHkTw.exe
  C:\Windows\System\JNWHkTw.exe
  2⤵
  PID:7212
- C:\Windows\System\MpWybPC.exe
  C:\Windows\System\MpWybPC.exe
  2⤵
  PID:7228
- C:\Windows\System\dSYwswD.exe
  C:\Windows\System\dSYwswD.exe
  2⤵
  PID:7264
- C:\Windows\System\aFDopNe.exe
  C:\Windows\System\aFDopNe.exe
  2⤵
  PID:7312
- C:\Windows\System\jtHzqwJ.exe
  C:\Windows\System\jtHzqwJ.exe
  2⤵
  PID:7328
- C:\Windows\System\rONHinU.exe
  C:\Windows\System\rONHinU.exe
  2⤵
  PID:7400
- C:\Windows\System\BJXejIA.exe
  C:\Windows\System\BJXejIA.exe
  2⤵
  PID:7492
- C:\Windows\System\PKhjZyw.exe
  C:\Windows\System\PKhjZyw.exe
  2⤵
  PID:7564
- C:\Windows\System\gjBUfbk.exe
  C:\Windows\System\gjBUfbk.exe
  2⤵
  PID:6992
- C:\Windows\System\piDnoLI.exe
  C:\Windows\System\piDnoLI.exe
  2⤵
  PID:7588
- C:\Windows\System\rbCaWVt.exe
  C:\Windows\System\rbCaWVt.exe
  2⤵
  PID:7636
- C:\Windows\System\sTrPcYy.exe
  C:\Windows\System\sTrPcYy.exe
  2⤵
  PID:7708
- C:\Windows\System\JCjadFD.exe
  C:\Windows\System\JCjadFD.exe
  2⤵
  PID:7748
- C:\Windows\System\iyvaihm.exe
  C:\Windows\System\iyvaihm.exe
  2⤵
  PID:7808
- C:\Windows\System\PhXiJWy.exe
  C:\Windows\System\PhXiJWy.exe
  2⤵
  PID:7784
- C:\Windows\System\pKridvl.exe
  C:\Windows\System\pKridvl.exe
  2⤵
  PID:7828
- C:\Windows\System\ChdngUW.exe
  C:\Windows\System\ChdngUW.exe
  2⤵
  PID:7560
- C:\Windows\System\SpTDZjO.exe
  C:\Windows\System\SpTDZjO.exe
  2⤵
  PID:7992
- C:\Windows\System\ZPKGHjS.exe
  C:\Windows\System\ZPKGHjS.exe
  2⤵
  PID:7972
- C:\Windows\System\QqXprVu.exe
  C:\Windows\System\QqXprVu.exe
  2⤵
  PID:8020
- C:\Windows\System\EZobywZ.exe
  C:\Windows\System\EZobywZ.exe
  2⤵
  PID:8076
- C:\Windows\System\gjcGyJj.exe
  C:\Windows\System\gjcGyJj.exe
  2⤵
  PID:8060
- C:\Windows\System\lhbGggA.exe
  C:\Windows\System\lhbGggA.exe
  2⤵
  PID:8112
- C:\Windows\System\JDxEqZT.exe
  C:\Windows\System\JDxEqZT.exe
  2⤵
  PID:8140
- C:\Windows\System\OLBZOoZ.exe
  C:\Windows\System\OLBZOoZ.exe
  2⤵
  PID:8180
- C:\Windows\System\izPSfom.exe
  C:\Windows\System\izPSfom.exe
  2⤵
  PID:7068
- C:\Windows\System\BCsueri.exe
  C:\Windows\System\BCsueri.exe
  2⤵
  PID:7280
- C:\Windows\System\kwLTnJD.exe
  C:\Windows\System\kwLTnJD.exe
  2⤵
  PID:7112
- C:\Windows\System\ZnNQVbx.exe
  C:\Windows\System\ZnNQVbx.exe
  2⤵
  PID:7376
- C:\Windows\System\cIRMUki.exe
  C:\Windows\System\cIRMUki.exe
  2⤵
  PID:7372
- C:\Windows\System\gDIcksk.exe
  C:\Windows\System\gDIcksk.exe
  2⤵
  PID:7340
- C:\Windows\System\eDpUNQs.exe
  C:\Windows\System\eDpUNQs.exe
  2⤵
  PID:7360
- C:\Windows\System\adZZtbz.exe
  C:\Windows\System\adZZtbz.exe
  2⤵
  PID:7456
- C:\Windows\System\RvQGkUU.exe
  C:\Windows\System\RvQGkUU.exe
  2⤵
  PID:7488
- C:\Windows\System\RbOBRDX.exe
  C:\Windows\System\RbOBRDX.exe
  2⤵
  PID:7472
- C:\Windows\System\NmvmlxS.exe
  C:\Windows\System\NmvmlxS.exe
  2⤵
  PID:7716
- C:\Windows\System\PZPFnWH.exe
  C:\Windows\System\PZPFnWH.exe
  2⤵
  PID:7756
- C:\Windows\System\jaqbVrE.exe
  C:\Windows\System\jaqbVrE.exe
  2⤵
  PID:7232
- C:\Windows\System\RNXchWI.exe
  C:\Windows\System\RNXchWI.exe
  2⤵
  PID:7872
- C:\Windows\System\MAnePvJ.exe
  C:\Windows\System\MAnePvJ.exe
  2⤵
  PID:7844
- C:\Windows\System\nvtcOHU.exe
  C:\Windows\System\nvtcOHU.exe
  2⤵
  PID:7980
- C:\Windows\System\vodmbRp.exe
  C:\Windows\System\vodmbRp.exe
  2⤵
  PID:8000
- C:\Windows\System\UWsQYud.exe
  C:\Windows\System\UWsQYud.exe
  2⤵
  PID:8092
- C:\Windows\System\QSwSHxX.exe
  C:\Windows\System\QSwSHxX.exe
  2⤵
  PID:7932
- C:\Windows\System\HfPQzcr.exe
  C:\Windows\System\HfPQzcr.exe
  2⤵
  PID:8124
- C:\Windows\System\RltHOMX.exe
  C:\Windows\System\RltHOMX.exe
  2⤵
  PID:7092
- C:\Windows\System\zBNSuzY.exe
  C:\Windows\System\zBNSuzY.exe
  2⤵
  PID:7240
- C:\Windows\System\yUimolK.exe
  C:\Windows\System\yUimolK.exe
  2⤵
  PID:7208
- C:\Windows\System\pyZoONa.exe
  C:\Windows\System\pyZoONa.exe
  2⤵
  PID:7412
- C:\Windows\System\TPqVxBd.exe
  C:\Windows\System\TPqVxBd.exe
  2⤵
  PID:7524
- C:\Windows\System\YzSDhxl.exe
  C:\Windows\System\YzSDhxl.exe
  2⤵
  PID:7448
- C:\Windows\System\HPOooqN.exe
  C:\Windows\System\HPOooqN.exe
  2⤵
  PID:7540
- C:\Windows\System\Ljtgptv.exe
  C:\Windows\System\Ljtgptv.exe
  2⤵
  PID:7568
- C:\Windows\System\QzjLbwB.exe
  C:\Windows\System\QzjLbwB.exe
  2⤵
  PID:7728
- C:\Windows\System\IWlinaW.exe
  C:\Windows\System\IWlinaW.exe
  2⤵
  PID:7900
- C:\Windows\System\GYqcKFd.exe
  C:\Windows\System\GYqcKFd.exe
  2⤵
  PID:8040
- C:\Windows\System\DAnumja.exe
  C:\Windows\System\DAnumja.exe
  2⤵
  PID:8052
- C:\Windows\System\cPfFSVt.exe
  C:\Windows\System\cPfFSVt.exe
  2⤵
  PID:8104
- C:\Windows\System\PUhqpVU.exe
  C:\Windows\System\PUhqpVU.exe
  2⤵
  PID:8072
- C:\Windows\System\OJTMbtb.exe
  C:\Windows\System\OJTMbtb.exe
  2⤵
  PID:7192
- C:\Windows\System\xNMqadY.exe
  C:\Windows\System\xNMqadY.exe
  2⤵
  PID:7436
- C:\Windows\System\pJDtBZc.exe
  C:\Windows\System\pJDtBZc.exe
  2⤵
  PID:7536
- C:\Windows\System\VhplYMi.exe
  C:\Windows\System\VhplYMi.exe
  2⤵
  PID:7616
- C:\Windows\System\boERLCK.exe
  C:\Windows\System\boERLCK.exe
  2⤵
  PID:7668
- C:\Windows\System\AqnNcYV.exe
  C:\Windows\System\AqnNcYV.exe
  2⤵
  PID:7688
- C:\Windows\System\qaQkiEh.exe
  C:\Windows\System\qaQkiEh.exe
  2⤵
  PID:7876
- C:\Windows\System\ZQERXAd.exe
  C:\Windows\System\ZQERXAd.exe
  2⤵
  PID:7896
- C:\Windows\System\zisgbva.exe
  C:\Windows\System\zisgbva.exe
  2⤵
  PID:8164
- C:\Windows\System\KJVPRGv.exe
  C:\Windows\System\KJVPRGv.exe
  2⤵
  PID:8132
- C:\Windows\System\XcseUkp.exe
  C:\Windows\System\XcseUkp.exe
  2⤵
  PID:8096
- C:\Windows\System\PwmmhWM.exe
  C:\Windows\System\PwmmhWM.exe
  2⤵
  PID:7528
- C:\Windows\System\CDmvSiW.exe
  C:\Windows\System\CDmvSiW.exe
  2⤵
  PID:7292
- C:\Windows\System\MnUrkNL.exe
  C:\Windows\System\MnUrkNL.exe
  2⤵
  PID:8044
- C:\Windows\System\TcrOlaG.exe
  C:\Windows\System\TcrOlaG.exe
  2⤵
  PID:7556
- C:\Windows\System\LGqAJLV.exe
  C:\Windows\System\LGqAJLV.exe
  2⤵
  PID:7796
- C:\Windows\System\ZwZBMzk.exe
  C:\Windows\System\ZwZBMzk.exe
  2⤵
  PID:7532
- C:\Windows\System\mbridiW.exe
  C:\Windows\System\mbridiW.exe
  2⤵
  PID:7652
- C:\Windows\System\RYpnhIX.exe
  C:\Windows\System\RYpnhIX.exe
  2⤵
  PID:7620
- C:\Windows\System\kHVgINd.exe
  C:\Windows\System\kHVgINd.exe
  2⤵
  PID:7696
- C:\Windows\System\XbBDHdo.exe
  C:\Windows\System\XbBDHdo.exe
  2⤵
  PID:7356
- C:\Windows\System\SoNdzTO.exe
  C:\Windows\System\SoNdzTO.exe
  2⤵
  PID:7352
- C:\Windows\System\GsFyIsN.exe
  C:\Windows\System\GsFyIsN.exe
  2⤵
  PID:7952
- C:\Windows\System\cPBNozs.exe
  C:\Windows\System\cPBNozs.exe
  2⤵
  PID:8024
- C:\Windows\System\amvdjoq.exe
  C:\Windows\System\amvdjoq.exe
  2⤵
  PID:7504
- C:\Windows\System\USlnDaW.exe
  C:\Windows\System\USlnDaW.exe
  2⤵
  PID:8196
- C:\Windows\System\ScOMiIE.exe
  C:\Windows\System\ScOMiIE.exe
  2⤵
  PID:8236
- C:\Windows\System\AtEQjTy.exe
  C:\Windows\System\AtEQjTy.exe
  2⤵
  PID:8252
- C:\Windows\System\JTTrYTL.exe
  C:\Windows\System\JTTrYTL.exe
  2⤵
  PID:8268
- C:\Windows\System\RbsIGVx.exe
  C:\Windows\System\RbsIGVx.exe
  2⤵
  PID:8288
- C:\Windows\System\XLkctgJ.exe
  C:\Windows\System\XLkctgJ.exe
  2⤵
  PID:8316
- C:\Windows\System\BJzuvRQ.exe
  C:\Windows\System\BJzuvRQ.exe
  2⤵
  PID:8364
- C:\Windows\System\VXfLEZr.exe
  C:\Windows\System\VXfLEZr.exe
  2⤵
  PID:8388
- C:\Windows\System\sVAHbkI.exe
  C:\Windows\System\sVAHbkI.exe
  2⤵
  PID:8404
- C:\Windows\System\eCTFuev.exe
  C:\Windows\System\eCTFuev.exe
  2⤵
  PID:8428
- C:\Windows\System\IjLbzfF.exe
  C:\Windows\System\IjLbzfF.exe
  2⤵
  PID:8444
- C:\Windows\System\TbLYvQM.exe
  C:\Windows\System\TbLYvQM.exe
  2⤵
  PID:8468
- C:\Windows\System\ulCDxqd.exe
  C:\Windows\System\ulCDxqd.exe
  2⤵
  PID:8484
- C:\Windows\System\dyqWrXF.exe
  C:\Windows\System\dyqWrXF.exe
  2⤵
  PID:8508
- C:\Windows\System\gDKYwRj.exe
  C:\Windows\System\gDKYwRj.exe
  2⤵
  PID:8560
- C:\Windows\System\Dbgmpjr.exe
  C:\Windows\System\Dbgmpjr.exe
  2⤵
  PID:8584
- C:\Windows\System\OsdMoVl.exe
  C:\Windows\System\OsdMoVl.exe
  2⤵
  PID:8604
- C:\Windows\System\dMkXxmC.exe
  C:\Windows\System\dMkXxmC.exe
  2⤵
  PID:8632
- C:\Windows\System\OVHXkbY.exe
  C:\Windows\System\OVHXkbY.exe
  2⤵
  PID:8648
- C:\Windows\System\mZVILRF.exe
  C:\Windows\System\mZVILRF.exe
  2⤵
  PID:8672
- C:\Windows\System\zlyuLQu.exe
  C:\Windows\System\zlyuLQu.exe
  2⤵
  PID:8696
- C:\Windows\System\tZQMybL.exe
  C:\Windows\System\tZQMybL.exe
  2⤵
  PID:8712
- C:\Windows\System\TggGVtA.exe
  C:\Windows\System\TggGVtA.exe
  2⤵
  PID:8740
- C:\Windows\System\MRkyYSU.exe
  C:\Windows\System\MRkyYSU.exe
  2⤵
  PID:8776
- C:\Windows\System\rkkyGXQ.exe
  C:\Windows\System\rkkyGXQ.exe
  2⤵
  PID:8792
- C:\Windows\System\vWBqpWe.exe
  C:\Windows\System\vWBqpWe.exe
  2⤵
  PID:8816
- C:\Windows\System\tELJAQF.exe
  C:\Windows\System\tELJAQF.exe
  2⤵
  PID:8848
- C:\Windows\System\AxObrnJ.exe
  C:\Windows\System\AxObrnJ.exe
  2⤵
  PID:8868
- C:\Windows\System\DOtqXNr.exe
  C:\Windows\System\DOtqXNr.exe
  2⤵
  PID:8888
- C:\Windows\System\NPkyqgF.exe
  C:\Windows\System\NPkyqgF.exe
  2⤵
  PID:8920
- C:\Windows\System\RPGgCbZ.exe
  C:\Windows\System\RPGgCbZ.exe
  2⤵
  PID:8944
- C:\Windows\System\fUyorTC.exe
  C:\Windows\System\fUyorTC.exe
  2⤵
  PID:8968
- C:\Windows\System\AShswzc.exe
  C:\Windows\System\AShswzc.exe
  2⤵
  PID:8988
- C:\Windows\System\HUwldIn.exe
  C:\Windows\System\HUwldIn.exe
  2⤵
  PID:9008
- C:\Windows\System\aZgDzvE.exe
  C:\Windows\System\aZgDzvE.exe
  2⤵
  PID:9032
- C:\Windows\System\kMVmHGq.exe
  C:\Windows\System\kMVmHGq.exe
  2⤵
  PID:9060
- C:\Windows\System\uWvAWPx.exe
  C:\Windows\System\uWvAWPx.exe
  2⤵
  PID:9084
- C:\Windows\System\qjqWwlP.exe
  C:\Windows\System\qjqWwlP.exe
  2⤵
  PID:9100
- C:\Windows\System\rbzlTrC.exe
  C:\Windows\System\rbzlTrC.exe
  2⤵
  PID:9120
- C:\Windows\System\TeVzVzG.exe
  C:\Windows\System\TeVzVzG.exe
  2⤵
  PID:9156
- C:\Windows\System\rssSEwZ.exe
  C:\Windows\System\rssSEwZ.exe
  2⤵
  PID:9172
- C:\Windows\System\yNDtbmg.exe
  C:\Windows\System\yNDtbmg.exe
  2⤵
  PID:9188
- C:\Windows\System\KlUCpFM.exe
  C:\Windows\System\KlUCpFM.exe
  2⤵
  PID:7824
- C:\Windows\System\hnuFWBq.exe
  C:\Windows\System\hnuFWBq.exe
  2⤵
  PID:8216
- C:\Windows\System\tDjIycD.exe
  C:\Windows\System\tDjIycD.exe
  2⤵
  PID:8224
- C:\Windows\System\FWLtZRc.exe
  C:\Windows\System\FWLtZRc.exe
  2⤵
  PID:8296
- C:\Windows\System\LElBggj.exe
  C:\Windows\System\LElBggj.exe
  2⤵
  PID:8244
- C:\Windows\System\aEpJGSZ.exe
  C:\Windows\System\aEpJGSZ.exe
  2⤵
  PID:8340
- C:\Windows\System\yryiTlw.exe
  C:\Windows\System\yryiTlw.exe
  2⤵
  PID:8352
- C:\Windows\System\CWPNbgE.exe
  C:\Windows\System\CWPNbgE.exe
  2⤵
  PID:8380
- C:\Windows\System\HuQnUiq.exe
  C:\Windows\System\HuQnUiq.exe
  2⤵
  PID:8424
- C:\Windows\System\zlpeSOP.exe
  C:\Windows\System\zlpeSOP.exe
  2⤵
  PID:8464
- C:\Windows\System\zTrnplI.exe
  C:\Windows\System\zTrnplI.exe
  2⤵
  PID:8496
- C:\Windows\System\eMhwuZr.exe
  C:\Windows\System\eMhwuZr.exe
  2⤵
  PID:8476
- C:\Windows\System\eopmTmw.exe
  C:\Windows\System\eopmTmw.exe
  2⤵
  PID:8540
- C:\Windows\System\MSqYNDz.exe
  C:\Windows\System\MSqYNDz.exe
  2⤵
  PID:8552
- C:\Windows\System\sOUeUjp.exe
  C:\Windows\System\sOUeUjp.exe
  2⤵
  PID:8592
- C:\Windows\System\bDjhURF.exe
  C:\Windows\System\bDjhURF.exe
  2⤵
  PID:8620
- C:\Windows\System\nyWcgPP.exe
  C:\Windows\System\nyWcgPP.exe
  2⤵
  PID:8660
- C:\Windows\System\SKhrfHj.exe
  C:\Windows\System\SKhrfHj.exe
  2⤵
  PID:8720
- C:\Windows\System\tIgfLpA.exe
  C:\Windows\System\tIgfLpA.exe
  2⤵
  PID:8748
- C:\Windows\System\fFrBMVb.exe
  C:\Windows\System\fFrBMVb.exe
  2⤵
  PID:8728
- C:\Windows\System\PFafMrh.exe
  C:\Windows\System\PFafMrh.exe
  2⤵
  PID:8808
- C:\Windows\System\DnbJwqc.exe
  C:\Windows\System\DnbJwqc.exe
  2⤵
  PID:8840
- C:\Windows\System\tcAHPAC.exe
  C:\Windows\System\tcAHPAC.exe
  2⤵
  PID:8912
- C:\Windows\System\fFHPjtO.exe
  C:\Windows\System\fFHPjtO.exe
  2⤵
  PID:8964
- C:\Windows\System\pmggXYf.exe
  C:\Windows\System\pmggXYf.exe
  2⤵
  PID:9044
- C:\Windows\System\OYEWBhC.exe
  C:\Windows\System\OYEWBhC.exe
  2⤵
  PID:9128
- C:\Windows\System\irXhPIC.exe
  C:\Windows\System\irXhPIC.exe
  2⤵
  PID:9068
- C:\Windows\System\wZqAhAD.exe
  C:\Windows\System\wZqAhAD.exe
  2⤵
  PID:9184
- C:\Windows\System\ufcsDSS.exe
  C:\Windows\System\ufcsDSS.exe
  2⤵
  PID:9108
- C:\Windows\System\hLHgyil.exe
  C:\Windows\System\hLHgyil.exe
  2⤵
  PID:7680
- C:\Windows\System\cOxFBln.exe
  C:\Windows\System\cOxFBln.exe
  2⤵
  PID:8264
- C:\Windows\System\extfECS.exe
  C:\Windows\System\extfECS.exe
  2⤵
  PID:8328
- C:\Windows\System\TTRMDYM.exe
  C:\Windows\System\TTRMDYM.exe
  2⤵
  PID:8384
- C:\Windows\System\dIsXbnP.exe
  C:\Windows\System\dIsXbnP.exe
  2⤵
  PID:7452
- C:\Windows\System\ZaifsfQ.exe
  C:\Windows\System\ZaifsfQ.exe
  2⤵
  PID:8456
- C:\Windows\System\eaTEwmu.exe
  C:\Windows\System\eaTEwmu.exe
  2⤵
  PID:8344
- C:\Windows\System\UkJeEoP.exe
  C:\Windows\System\UkJeEoP.exe
  2⤵
  PID:8420
- C:\Windows\System\gNBgKca.exe
  C:\Windows\System\gNBgKca.exe
  2⤵
  PID:8528
- C:\Windows\System\qBoTnUu.exe
  C:\Windows\System\qBoTnUu.exe
  2⤵
  PID:8436
- C:\Windows\System\BjvXmOJ.exe
  C:\Windows\System\BjvXmOJ.exe
  2⤵
  PID:8520
- C:\Windows\System\WCQTHak.exe
  C:\Windows\System\WCQTHak.exe
  2⤵
  PID:8568
- C:\Windows\System\VlcluDA.exe
  C:\Windows\System\VlcluDA.exe
  2⤵
  PID:8628
- C:\Windows\System\ljTRxAm.exe
  C:\Windows\System\ljTRxAm.exe
  2⤵
  PID:8668
- C:\Windows\System\QoVxAOI.exe
  C:\Windows\System\QoVxAOI.exe
  2⤵
  PID:8760
- C:\Windows\System\nxdnwjL.exe
  C:\Windows\System\nxdnwjL.exe
  2⤵
  PID:8692
- C:\Windows\System\ztXotSG.exe
  C:\Windows\System\ztXotSG.exe
  2⤵
  PID:8768
- C:\Windows\System\TJWUbSN.exe
  C:\Windows\System\TJWUbSN.exe
  2⤵
  PID:8784
- C:\Windows\System\EjMrxiT.exe
  C:\Windows\System\EjMrxiT.exe
  2⤵
  PID:8828
- C:\Windows\System\Ojwdxfr.exe
  C:\Windows\System\Ojwdxfr.exe
  2⤵
  PID:8900
- C:\Windows\System\HDNrMuX.exe
  C:\Windows\System\HDNrMuX.exe
  2⤵
  PID:8952
- C:\Windows\System\TSUgRom.exe
  C:\Windows\System\TSUgRom.exe
  2⤵
  PID:8960
- C:\Windows\System\MFwbiji.exe
  C:\Windows\System\MFwbiji.exe
  2⤵
  PID:8504
- C:\Windows\System\rWYotqx.exe
  C:\Windows\System\rWYotqx.exe
  2⤵
  PID:8708
- C:\Windows\System\JQlUSBJ.exe
  C:\Windows\System\JQlUSBJ.exe
  2⤵
  PID:8656
- C:\Windows\System\xwvosBw.exe
  C:\Windows\System\xwvosBw.exe
  2⤵
  PID:8832
- C:\Windows\System\pSWQEmq.exe
  C:\Windows\System\pSWQEmq.exe
  2⤵
  PID:8880
- C:\Windows\System\fkutfTj.exe
  C:\Windows\System\fkutfTj.exe
  2⤵
  PID:8356
- C:\Windows\System\PreCSCr.exe
  C:\Windows\System\PreCSCr.exe
  2⤵
  PID:9024
- C:\Windows\System\CkMzfpp.exe
  C:\Windows\System\CkMzfpp.exe
  2⤵
  PID:9136
- C:\Windows\System\kskeONJ.exe
  C:\Windows\System\kskeONJ.exe
  2⤵
  PID:9096
- C:\Windows\System\sIqHEwc.exe
  C:\Windows\System\sIqHEwc.exe
  2⤵
  PID:9200
- C:\Windows\System\vAyfrcq.exe
  C:\Windows\System\vAyfrcq.exe
  2⤵
  PID:9072
- C:\Windows\System\BmSedHl.exe
  C:\Windows\System\BmSedHl.exe
  2⤵
  PID:8580
- C:\Windows\System\hOLCKxq.exe
  C:\Windows\System\hOLCKxq.exe
  2⤵
  PID:8500
- C:\Windows\System\ahinLbM.exe
  C:\Windows\System\ahinLbM.exe
  2⤵
  PID:8856
- C:\Windows\System\DfVcjBB.exe
  C:\Windows\System\DfVcjBB.exe
  2⤵
  PID:8884
- C:\Windows\System\JfbYYrX.exe
  C:\Windows\System\JfbYYrX.exe
  2⤵
  PID:8736
- C:\Windows\System\QrcFJie.exe
  C:\Windows\System\QrcFJie.exe
  2⤵
  PID:8940
- C:\Windows\System\NDMRkIw.exe
  C:\Windows\System\NDMRkIw.exe
  2⤵
  PID:8228
- C:\Windows\System\EKtXtId.exe
  C:\Windows\System\EKtXtId.exe
  2⤵
  PID:9148
- C:\Windows\System\uHMIjUy.exe
  C:\Windows\System\uHMIjUy.exe
  2⤵
  PID:8416
- C:\Windows\System\AdlOyCx.exe
  C:\Windows\System\AdlOyCx.exe
  2⤵
  PID:8536
- C:\Windows\System\zhaxAgK.exe
  C:\Windows\System\zhaxAgK.exe
  2⤵
  PID:9056
- C:\Windows\System\cxNUkDE.exe
  C:\Windows\System\cxNUkDE.exe
  2⤵
  PID:9132
- C:\Windows\System\NvRVvkf.exe
  C:\Windows\System\NvRVvkf.exe
  2⤵
  PID:8732
- C:\Windows\System\NWModso.exe
  C:\Windows\System\NWModso.exe
  2⤵
  PID:7416
- C:\Windows\System\nfpqkpC.exe
  C:\Windows\System\nfpqkpC.exe
  2⤵
  PID:8860
- C:\Windows\System\GPjAXeo.exe
  C:\Windows\System\GPjAXeo.exe
  2⤵
  PID:8532
- C:\Windows\System\vjPupkI.exe
  C:\Windows\System\vjPupkI.exe
  2⤵
  PID:7508
- C:\Windows\System\zBcUgcZ.exe
  C:\Windows\System\zBcUgcZ.exe
  2⤵
  PID:8836
- C:\Windows\System\BJIIUTu.exe
  C:\Windows\System\BJIIUTu.exe
  2⤵
  PID:9092
- C:\Windows\System\FLuTCul.exe
  C:\Windows\System\FLuTCul.exe
  2⤵
  PID:8260
- C:\Windows\System\HcLSrBg.exe
  C:\Windows\System\HcLSrBg.exe
  2⤵
  PID:9232
- C:\Windows\System\tkkPcyJ.exe
  C:\Windows\System\tkkPcyJ.exe
  2⤵
  PID:9260
- C:\Windows\System\zxAdbfr.exe
  C:\Windows\System\zxAdbfr.exe
  2⤵
  PID:9288
- C:\Windows\System\XQiqJlc.exe
  C:\Windows\System\XQiqJlc.exe
  2⤵
  PID:9316
- C:\Windows\System\KptKdGi.exe
  C:\Windows\System\KptKdGi.exe
  2⤵
  PID:9332
- C:\Windows\System\mSoLhhS.exe
  C:\Windows\System\mSoLhhS.exe
  2⤵
  PID:9360
- C:\Windows\System\pvAkUGE.exe
  C:\Windows\System\pvAkUGE.exe
  2⤵
  PID:9376
- C:\Windows\System\bcRZsnp.exe
  C:\Windows\System\bcRZsnp.exe
  2⤵
  PID:9404
- C:\Windows\System\GTdzsJt.exe
  C:\Windows\System\GTdzsJt.exe
  2⤵
  PID:9420
- C:\Windows\System\DGeUjoF.exe
  C:\Windows\System\DGeUjoF.exe
  2⤵
  PID:9448
- C:\Windows\System\nrWlFks.exe
  C:\Windows\System\nrWlFks.exe
  2⤵
  PID:9488
- C:\Windows\System\waKyJtc.exe
  C:\Windows\System\waKyJtc.exe
  2⤵
  PID:9512
- C:\Windows\System\xQnGkrR.exe
  C:\Windows\System\xQnGkrR.exe
  2⤵
  PID:9528
- C:\Windows\System\lQGukjO.exe
  C:\Windows\System\lQGukjO.exe
  2⤵
  PID:9556
- C:\Windows\System\krvSjwA.exe
  C:\Windows\System\krvSjwA.exe
  2⤵
  PID:9584
- C:\Windows\System\AsJCyme.exe
  C:\Windows\System\AsJCyme.exe
  2⤵
  PID:9608
- C:\Windows\System\avCodml.exe
  C:\Windows\System\avCodml.exe
  2⤵
  PID:9628
- C:\Windows\System\MFpKoJi.exe
  C:\Windows\System\MFpKoJi.exe
  2⤵
  PID:9652
- C:\Windows\System\owInICi.exe
  C:\Windows\System\owInICi.exe
  2⤵
  PID:9680
- C:\Windows\System\TGpWPLr.exe
  C:\Windows\System\TGpWPLr.exe
  2⤵
  PID:9700
- C:\Windows\System\KcBsxPj.exe
  C:\Windows\System\KcBsxPj.exe
  2⤵
  PID:9724
- C:\Windows\System\ApRsIRT.exe
  C:\Windows\System\ApRsIRT.exe
  2⤵
  PID:9748
- C:\Windows\System\xrTofcH.exe
  C:\Windows\System\xrTofcH.exe
  2⤵
  PID:9768
- C:\Windows\System\YeVBEVT.exe
  C:\Windows\System\YeVBEVT.exe
  2⤵
  PID:9796
- C:\Windows\System\uRHNfKz.exe
  C:\Windows\System\uRHNfKz.exe
  2⤵
  PID:9828
- C:\Windows\System\UpfiYxF.exe
  C:\Windows\System\UpfiYxF.exe
  2⤵
  PID:9852
- C:\Windows\System\AjEjyWx.exe
  C:\Windows\System\AjEjyWx.exe
  2⤵
  PID:9868
- C:\Windows\System\wwSOjIp.exe
  C:\Windows\System\wwSOjIp.exe
  2⤵
  PID:9888
- C:\Windows\System\MjmssVZ.exe
  C:\Windows\System\MjmssVZ.exe
  2⤵
  PID:9924
- C:\Windows\System\kjccFkC.exe
  C:\Windows\System\kjccFkC.exe
  2⤵
  PID:9948
- C:\Windows\System\NWZSEnP.exe
  C:\Windows\System\NWZSEnP.exe
  2⤵
  PID:9968
- C:\Windows\System\brJidYR.exe
  C:\Windows\System\brJidYR.exe
  2⤵
  PID:9992
- C:\Windows\System\eSPwsYO.exe
  C:\Windows\System\eSPwsYO.exe
  2⤵
  PID:10012
- C:\Windows\System\YVBupHi.exe
  C:\Windows\System\YVBupHi.exe
  2⤵
  PID:10028
- C:\Windows\System\VrbqjAM.exe
  C:\Windows\System\VrbqjAM.exe
  2⤵
  PID:10068
- C:\Windows\System\axQemRl.exe
  C:\Windows\System\axQemRl.exe
  2⤵
  PID:10092
- C:\Windows\System\GseqIjk.exe
  C:\Windows\System\GseqIjk.exe
  2⤵
  PID:10112
- C:\Windows\System\SjbZIeX.exe
  C:\Windows\System\SjbZIeX.exe
  2⤵
  PID:10136
- C:\Windows\System\GzbFoZc.exe
  C:\Windows\System\GzbFoZc.exe
  2⤵
  PID:10160
- C:\Windows\System\mAZyhGI.exe
  C:\Windows\System\mAZyhGI.exe
  2⤵
  PID:10184
- C:\Windows\System\aiEfQBr.exe
  C:\Windows\System\aiEfQBr.exe
  2⤵
  PID:10204
- C:\Windows\System\iAGWtNb.exe
  C:\Windows\System\iAGWtNb.exe
  2⤵
  PID:10224
- C:\Windows\System\SPfsvuV.exe
  C:\Windows\System\SPfsvuV.exe
  2⤵
  PID:8984
- C:\Windows\System\ZlTfOKY.exe
  C:\Windows\System\ZlTfOKY.exe
  2⤵
  PID:9256
- C:\Windows\System\UddMoDG.exe
  C:\Windows\System\UddMoDG.exe
  2⤵
  PID:8936
- C:\Windows\System\AXOkONR.exe
  C:\Windows\System\AXOkONR.exe
  2⤵
  PID:9304
- C:\Windows\System\hpgiiXl.exe
  C:\Windows\System\hpgiiXl.exe
  2⤵
  PID:9344
- C:\Windows\System\ieNifgM.exe
  C:\Windows\System\ieNifgM.exe
  2⤵
  PID:9392
- C:\Windows\System\IsPFvnR.exe
  C:\Windows\System\IsPFvnR.exe
  2⤵
  PID:9432
- C:\Windows\System\kTXglPU.exe
  C:\Windows\System\kTXglPU.exe
  2⤵
  PID:9372
- C:\Windows\System\znVTbZF.exe
  C:\Windows\System\znVTbZF.exe
  2⤵
  PID:9040
- C:\Windows\System\tvRydgi.exe
  C:\Windows\System\tvRydgi.exe
  2⤵
  PID:9464
- C:\Windows\System\nlshnEP.exe
  C:\Windows\System\nlshnEP.exe
  2⤵
  PID:9504
- C:\Windows\System\IvPQeVv.exe
  C:\Windows\System\IvPQeVv.exe
  2⤵
  PID:9540
- C:\Windows\System\UgoxYtb.exe
  C:\Windows\System\UgoxYtb.exe
  2⤵
  PID:9600
- C:\Windows\System\WAcqNTZ.exe
  C:\Windows\System\WAcqNTZ.exe
  2⤵
  PID:9580
- C:\Windows\System\JLfIuRr.exe
  C:\Windows\System\JLfIuRr.exe
  2⤵
  PID:9688
- C:\Windows\System\VOSIint.exe
  C:\Windows\System\VOSIint.exe
  2⤵
  PID:9676
- C:\Windows\System\AxWmPjA.exe
  C:\Windows\System\AxWmPjA.exe
  2⤵
  PID:9776
- C:\Windows\System\nxsdVzK.exe
  C:\Windows\System\nxsdVzK.exe
  2⤵
  PID:9716
- C:\Windows\System\aXEkMaO.exe
  C:\Windows\System\aXEkMaO.exe
  2⤵
  PID:9836
- C:\Windows\System\CUespGn.exe
  C:\Windows\System\CUespGn.exe
  2⤵
  PID:9876
- C:\Windows\System\xVseVZO.exe
  C:\Windows\System\xVseVZO.exe
  2⤵
  PID:9904
- C:\Windows\System\VnhdgIv.exe
  C:\Windows\System\VnhdgIv.exe
  2⤵
  PID:9912
- C:\Windows\System\XgWnsKF.exe
  C:\Windows\System\XgWnsKF.exe
  2⤵
  PID:9944
- C:\Windows\System\HVSUSIL.exe
  C:\Windows\System\HVSUSIL.exe
  2⤵
  PID:9956
- C:\Windows\System\IzAlAUM.exe
  C:\Windows\System\IzAlAUM.exe
  2⤵
  PID:10036
- C:\Windows\System\lRFBvaY.exe
  C:\Windows\System\lRFBvaY.exe
  2⤵
  PID:9964
- C:\Windows\System\AQHcusK.exe
  C:\Windows\System\AQHcusK.exe
  2⤵
  PID:10080
- C:\Windows\System\MMJsDOc.exe
  C:\Windows\System\MMJsDOc.exe
  2⤵
  PID:10172
- C:\Windows\System\roMudLk.exe
  C:\Windows\System\roMudLk.exe
  2⤵
  PID:10220
- C:\Windows\System\daxqWuM.exe
  C:\Windows\System\daxqWuM.exe
  2⤵
  PID:10156
- C:\Windows\System\drjyZla.exe
  C:\Windows\System\drjyZla.exe
  2⤵
  PID:9168
- C:\Windows\System\ytQTQUa.exe
  C:\Windows\System\ytQTQUa.exe
  2⤵
  PID:9204
- C:\Windows\System\ZtiqquF.exe
  C:\Windows\System\ZtiqquF.exe
  2⤵
  PID:9296
- C:\Windows\System\pWdOgnt.exe
  C:\Windows\System\pWdOgnt.exe
  2⤵
  PID:9272
- C:\Windows\System\aVHSfEb.exe
  C:\Windows\System\aVHSfEb.exe
  2⤵
  PID:9312
- C:\Windows\System\ejDPgTt.exe
  C:\Windows\System\ejDPgTt.exe
  2⤵
  PID:9324
- C:\Windows\System\IjJJUJO.exe
  C:\Windows\System\IjJJUJO.exe
  2⤵
  PID:9368
- C:\Windows\System\DCFTHeF.exe
  C:\Windows\System\DCFTHeF.exe
  2⤵
  PID:9576
- C:\Windows\System\isCFyIA.exe
  C:\Windows\System\isCFyIA.exe
  2⤵
  PID:9564
- C:\Windows\System\qVUTfAl.exe
  C:\Windows\System\qVUTfAl.exe
  2⤵
  PID:9572
- C:\Windows\System\NxWfyJh.exe
  C:\Windows\System\NxWfyJh.exe
  2⤵
  PID:9624
- C:\Windows\System\hoBiqgJ.exe
  C:\Windows\System\hoBiqgJ.exe
  2⤵
  PID:9744
- C:\Windows\System\LaYJVaU.exe
  C:\Windows\System\LaYJVaU.exe
  2⤵
  PID:9764
- C:\Windows\System\uYTyKey.exe
  C:\Windows\System\uYTyKey.exe
  2⤵
  PID:9804
- C:\Windows\System\WArOfHq.exe
  C:\Windows\System\WArOfHq.exe
  2⤵
  PID:9884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CFioOKL.exe

Filesize
5.7MB

MD5
c824f38a3f79b832e516b6b6549d4638

SHA1
c40bc342a4182b6b87b699a86668696e09bd73ca

SHA256
998348c604d4fd3e9e5d6cb01f5c965039349f9603bfbb9002fe4b109e8fe5da

SHA512
73acb52516b92c293dd4bbf7e7c273ecad994189cb538819f5911a7183fad6eed71edac19dacb13e737d417ecd77e623436d447ce5b4e85e86c98af891ec5c42

Download Submit
C:\Windows\system\DLPdToK.exe

Filesize
5.7MB

MD5
6fb295838c3a3d6e5236afe17686aa8c

SHA1
6983b30a9e88c31ba6bcc3281668763896b3f759

SHA256
a6840e2ff33565115e6c2e6b08847cfdc592ea7c501648187eec3f6d536a537e

SHA512
bd877174a90cfb299262b4a9a9e7c60ad6066085a9e2faef4ed7cf14923e7b8422c306c976bd3f23b240671617546ab5e11a1ba2f8a3995d6f5b40f3a1322dda

Download Submit
C:\Windows\system\EItJJea.exe

Filesize
5.7MB

MD5
23c3ae5da1304bbd43eb9ed8b09d0564

SHA1
d35978285a58ba659800520b8bc3a562fedc3027

SHA256
c69d35c1f766f93daeda07d8e2649ae0913b693f6bc10e1d05e36d99a9aa3ec4

SHA512
077026dbd38ff2eec04d91e97fd719d943883a178ef5ea869ad10dc4906aee015ee780cd0dafc1ee097db120e7fcf8eb5ccac27f20698a97cdab1644aee17b25

Download Submit
C:\Windows\system\HMdqJit.exe

Filesize
5.7MB

MD5
231dcf1d69089b0f5a2255bd6543df1b

SHA1
2446306d9283059773ecc353285cc723359a0ffa

SHA256
6b43f01961646e5b7f6336ec0366ba80357e264a1a1a69909c458a364c97763c

SHA512
880ab26778a3d18418856f4975b7a7492ef9f09118cb34259a451cff86622112c8b37735d8d6b46e0fcbf4e41d570e648aef9476e65e757e599ff3f5ba29fcaa

Download Submit
C:\Windows\system\KbGNfgH.exe

Filesize
5.7MB

MD5
50d501e9ee7331da5daf1eb94696f3b2

SHA1
f690bbca3ec952d99f9cd7f628e615ad812b5e11

SHA256
971dd1a8f658274cc7e6a0b45004c7d665b9b0e4c57b991db5d0689525d9a480

SHA512
ab5a1bf303d97e937a74fa3c770d69cdf70b9b952bfaa167cf6ee20a410b814195df976d23af70f470995082fe3b0616f336b74042cb74cade16b2f2f71228a4

Download Submit
C:\Windows\system\KdiaugN.exe

Filesize
5.7MB

MD5
5f836b039509891ed1fea140c18caf16

SHA1
f132a77204447de2dd059effdae57887d10dc25b

SHA256
e1d5d822340bb22a64ac4aa4ffd9ad8deff610f48c8e7296a4523ea357f104c8

SHA512
9abd3c61d1e99aa65f55061aa4964a5aaf6aed4443afc6e0a53e41d5e497dc184ac4a799381c06551aa8646f9b1cc0b4047155b3ba5bd66b5d9ee1e21b982f8c

Download Submit
C:\Windows\system\QqFOFFW.exe

Filesize
5.7MB

MD5
e98d50284059d95363048f8855315dd1

SHA1
18836c5738f012c812072c4f591089cb0a1a2e81

SHA256
ff20503fc75823bb72aee88570ad4231bd530a19ba445368e91b2ff2360b45d8

SHA512
513f3e97b2c3d8fb9ee0289dc57af7585a83448e1a16799dee5c9d6eb9e47f1c14bbf44e6da8f980d5696c9175a56bba43488ac1a2a6bd1fac1eb801120e346b

Download Submit
C:\Windows\system\VpjFVen.exe

Filesize
5.7MB

MD5
8522ef2a3ccbde83ffcf7dfe5411458b

SHA1
2f2ff7424ff71e3aa5c32c21d83dc01ff9906811

SHA256
32e555c1ea01935c48b4897250461dad9a47ff8c17d3bb5b79965083b9cfbd54

SHA512
1a11c5f29c77bfc4f87a2d0b4c4efd41ad82819618d221b7c655af53fd9ee6883f9a70cc6a51baefd484b10b4865b225332ab9d3a9795093a234ac2c2fb92442

Download Submit
C:\Windows\system\WISHhIn.exe

Filesize
5.7MB

MD5
33a3f310471a7dcdb8e6f5ff802079c4

SHA1
e217ac6c6fee0aa0ed69bc7299e1ab4b9cf7eca2

SHA256
f26a830975f2f1c217b9d27dc95ee89d244dbe30fb5ce327f991c783ab3119fa

SHA512
f1a2c32da084d7a245eaffa5660382607c6f7844157200e0dca6536f9102c7075d2b4a893ba9b1ac35726bd62d35b7abe1cb6c204f2a37e23ad2b584f44c258c

Download Submit
C:\Windows\system\YJGeNGw.exe

Filesize
5.7MB

MD5
75328ecad5bec6ed4a81d7ade9b16466

SHA1
07a62f543a5bb1b56dc10aed069b14f6c8ee3255

SHA256
25ec13629eee6495ed896b908fc9b5d963c571ab644535d4bcf135ced7cd8ffb

SHA512
55aa3763255f59eff636e2fe814ceb6003f7abc925b21890a91b36ca8e984ff504a1c3cb280c745ded1df9de7704ab1052e9f400eef292b29031b7b7355dc219

Download Submit
C:\Windows\system\amRsAMi.exe

Filesize
5.7MB

MD5
a0f2583252fda95a82149e825df6807b

SHA1
65563f933cfa8641a380a7d87874d5b5a4e395b7

SHA256
8d2744909d4a24d085c02cd08d1a5083cf9eac3df531c95fa2a7f91194ffb17f

SHA512
b22b850ca29d0bc269b1c15dd506e9e6946cabe34d6dd7c17ca5c62f6d957ff2039416a079c50115dba482e4a160e58ae9eae07a1dcaa5817cda395c2424070c

Download Submit
C:\Windows\system\bpoyorS.exe

Filesize
5.7MB

MD5
0bc8dcb65ad60e4836febd699557f2e7

SHA1
566b7b542815f20456632299f5f2fca3233e2714

SHA256
7f5a2e091b8f4c0027ab0953f154f7d76b32b92ea7d96691278f0882bcc250bd

SHA512
41272a57d193cea3597ef065c9cafc95bfa96586fde385f8d8ce51c2d235c70d5dd7881e9aa71243f357b69b83cec1d92e268a4808da7e86491b17879cb315ec

Download Submit
C:\Windows\system\byreVUV.exe

Filesize
5.7MB

MD5
17e844cb4b88ff86c8e5d2a0ff9e784e

SHA1
8ed08e138d9ce7206dfb9360dd5c22accd2d9a53

SHA256
c43ca8ff73a214573084186f0889fb282413569b184081185ae7d1f26f22a9f2

SHA512
bf0181abf2963a4b8e1ef84395b1c97d504a53ebf6a80d9e540b8c6fa3748337207be028266b20d2f12993c897723fdab725b0fc14af89ffddd2b8066df763b2

Download Submit
C:\Windows\system\eEmtIZh.exe

Filesize
5.7MB

MD5
86dd11cb6f7bd4b34286904db8aa9088

SHA1
fc5e98a548f5accc9ac43464de615cee9fab23c4

SHA256
7ffec71ae15fefb8e907e2bf0e559a3d22d237b3fda431c3b1777ca45f1392b8

SHA512
f6a271ec1454692622a842ac9716bcc90e0f62f9cb9e56b414900644837131ecd30a10f25e39ceb9dd148d6ab18e8cc96088e788fac664ae67b33fccd952a709

Download Submit
C:\Windows\system\glfhffO.exe

Filesize
5.7MB

MD5
fe4a37d681e4f2dd0bf8d67cdd4ca26d

SHA1
e42eec8f6441ad41e843bde84897b8c631b92f53

SHA256
351085859430879f8ba08e8a02f22a80f2a39da3036591490f4cb02a4f46285c

SHA512
5a842b95fa0b3f96b8f4590746618e1a5f24a108b561ce7fdaabae2bb39b15fdaabe0aa814d353aaa670fa201243d769bc322cfe9caac21ceb7d0aac5a663195

Download Submit
C:\Windows\system\hLiYEpN.exe

Filesize
5.7MB

MD5
35ef19e4dc8a22f9c0d254c198c86499

SHA1
e1a3837e72b5a605eec45827e36e55fbe331470c

SHA256
d6e2d0171245be53f038418558a7fa2a06fff328ae66f07c759084d0e59b8993

SHA512
303eaa85e4387a7b8fd07dc6a047a5e7727c90f6cdceb08d77c6b391e61d04fa5c43ea0aa4445f2de5c040338127815ac85dc69e07bf2f29326acfdd60881bbb

Download Submit
C:\Windows\system\hohIzII.exe

Filesize
5.7MB

MD5
5f1c996151f6b7b2b3a08a4e0cc8e3e7

SHA1
b3de4b7c08d0f9342a6a856d5605635efdff0a52

SHA256
8b06bf86d2dcc5461d185a1309e9ebba0600b1c7735beaebd15d8dd012e9513e

SHA512
4d8cdb7149c9ee1b931679e622a902da7b051c49ee589b564662542f946c298f18bbdfb702f4148fa967ddc315c638883a00afef9529b2736e168b32ba077b3b

Download Submit
C:\Windows\system\ikLlmtn.exe

Filesize
5.7MB

MD5
ddb5fdae111940ecdca1f470dce10447

SHA1
b320dcc20810dcdd7aff6ec387dc5f1c37966cd2

SHA256
1397dcb53f1bbda4a5bf5dcb29dbea7c283cbe99c8211adf4efd4defb0f24b66

SHA512
a9949c4f7087bffe18820cd5dba0bf4e160d8ef8de307a0cf771da021bad5a8823e0a8e19bf999d9a901edb17ea535141b67861389ef46fd8fe7eded92a1444c

Download Submit
C:\Windows\system\inEsJtS.exe

Filesize
5.7MB

MD5
36447f32eff97b520eba9a973a6164fa

SHA1
34e5b6d00bf3c98dc0ad066792f206fc62392a8c

SHA256
801ab2282454f6a8e29290c1ae1afa2677b1b81210cf802aea3a46c2f3fdb96e

SHA512
764282c1001d7f608e87a07ac00ab30e46ac371179d0d45a3d446c7131d724f7d013e0e4d34a38489b114d3a53fecabcf0a0fd42a87f48483d3615a0866d268d

Download Submit
C:\Windows\system\kPlLMSN.exe

Filesize
5.7MB

MD5
1141c8be1fe9aae07cc833feadfd9aa2

SHA1
e03bf3643cdb9cc76f5e4b95d8ed192431210a98

SHA256
c9fde77f4329204fc6de029b7171224464f59e72ad8e4bdf4b00d6f07015ff7a

SHA512
5cadbf42eba4e8d9dab3c93596edacf83783a31eb17f5bd74b6541ef6e3188e8f906caaa3b750c860568bebc57e2c385e41c1a7fe5e93607eeba971dd8c7d7e9

Download Submit
C:\Windows\system\qQpXrtD.exe

Filesize
5.7MB

MD5
406814f2a3f35616f2b0a445a5b651ef

SHA1
fdbee9bb7da30e1db37d92866e5150a4227a7e27

SHA256
e921759d7a41c5e591d35f343c2887c5e2dc243f62f01ce8f80bd04905e16df4

SHA512
0d20499327b3ed0bc7f8eb928f3c20de469420bda2f9748c49741229dbf07bb8039f7e761132533396870fa50e1fb21dc52d2db5c0db9017ed919ffafe6ea6ea

Download Submit
C:\Windows\system\tVQSTAd.exe

Filesize
5.7MB

MD5
45c89044f4e3018187cbd2951115270b

SHA1
d5983411bfcafaacad73eaad7de09b3817567d7e

SHA256
3e6987dea7dfdb020e52ee7042031e8a0fa645e6f55a654a1bf839dfb37ad636

SHA512
fd12382f306351a160f5ce6e251578103b0ac137c9ea0f0deb57a99fb9c5e1e79b6041ba7d2455873af22359306a106fbf2bf3112a9627e9bc769f8c6d570ab6

Download Submit
C:\Windows\system\wfKrIoM.exe

Filesize
5.7MB

MD5
de02bd63f6d166bc3b5d9d3ada29f95c

SHA1
e4a09fef3830ae1e19f40a5a7965723447534bc2

SHA256
4594e4b7a0107c8a671a43e78075bf2dd7ad85df8a511d363182b973ac1fe647

SHA512
0beaaeafa96400477294ce896b39b4ca6ff1870abf692a32735b19fb94fe2297dd799b7800693dff41edc655a102eeb91bd7c9f8313cb6c016f87bbcdb5bb93c

Download Submit
C:\Windows\system\wpbLVpc.exe

Filesize
5.7MB

MD5
0bbb234cabe1151e2f2ee1ac666524c1

SHA1
ea256144389e6851d608bad07fd7b3116b234b67

SHA256
99f981f846986a1445024b56ca4e58ae501edf5f5533e5d73dfbee0b59e9a224

SHA512
21564752a75cd4983425e5602ad474360efc08d791a6b86aaf3bf90cacb41fea48f71b3dedb8240d04c1c91defb996f6f516ae2385c2ecc963ac888d08f9219f

Download Submit
C:\Windows\system\xBCvKJC.exe

Filesize
5.7MB

MD5
391823561e0ad5abe00e8744ea53eba2

SHA1
07e01214e91d1938d2934923d79856dcd9baf35f

SHA256
1266851d93ca40182790899dee56a92014178d777713aaef1847dc83230005bb

SHA512
b394e68be1815537c3787d6ceb4f101e5425050bbfb7e6f623fb46979701f11fa49cb7c348ab2a3c922d61d31b37434dd2d34f481d0abcb6c10ec3c1d79b3f8f

Download Submit
C:\Windows\system\xbUtTov.exe

Filesize
5.7MB

MD5
98cf448374b9d6297a258c1fd035477d

SHA1
ddc7b7d23b95bf3dbc51ec0e7781434b0521678c

SHA256
e1e6f91c6c859881e571ee3ad48a4e358e73d04c5cd800a669a56b74f81a375c

SHA512
30a3494dfc75fafb2a81517299708465d88fc47046ff96d8091edce6f0977ae9f36dfd2fb236806e486c1cacfb18730dec718df1082c5c38a619281f177ed7fb

Download Submit
C:\Windows\system\yocJPSZ.exe

Filesize
5.7MB

MD5
4ca00c640efa8bd5e2d2e15ab44dc90f

SHA1
092d70de9fa7b7c125ff78aa1bc85f232753b516

SHA256
7dcb5e839f44f03abde51d2fa92ea760f26dadb41fab9307442496183682b94b

SHA512
1569bf66161ba174da53e4dc7745bf4eb4a3e89107e2e9d2d3b1dad8a093929036fa06c6961930a11d32510b2e39225dd6a6e1a4fdab6c8d4f2172188bb4d110

Download Submit
\Windows\system\JzkFddn.exe

Filesize
5.7MB

MD5
2f658f873ce17e914cf0d00ef9f5cca9

SHA1
441fbafd9cabd9562a1b30516dec0a2884747985

SHA256
816f5834a1007056ef71e20201fcf535c7c6a5d9891b4e0751d1159e720f1940

SHA512
1427db6a22432c96dbbefe06671d867099eea5cc8a9bd55688603657ba381eb7a60ec0aa02683aebbc52e1aaedd45977f70e36c2395476e468ccb46b11f85119

Download Submit
\Windows\system\RUXzRjy.exe

Filesize
5.7MB

MD5
d7671194be7527a9261317de7cf96de8

SHA1
08630d03d8d16bed41682ce34aa36f8d2ab8fc17

SHA256
7be096ec184150a8b77b1653a8e0b294e11d9d3caab960e6b957c8f7cdf7eb3e

SHA512
2f3d615efa481e56d9aa228ca09897009bb4c88dfc9472939e9042bb28ac61439ca7a3846876835379f46c4b19af3820e89f53b903af9a0ab264c975647640d8

Download Submit
\Windows\system\WLNSTLJ.exe

Filesize
5.7MB

MD5
4886ab5202bb5d110123e13c705bc3a3

SHA1
57890d33aea22e1bc6c794879336258da2b89a62

SHA256
34dfdd068a1882ead9f6727040a00682ec5ab61fee845d2d7bb4b643694b8e20

SHA512
132e823da0dafc9fcc7f6fa0d1107c19f515231c451a4b3945b3b23a1ad1768c3ab93f5839d560fba679a2288441321faff4f716efcb38b1b00e0f2243f99004

Download Submit
\Windows\system\glMAVod.exe

Filesize
5.7MB

MD5
bca7a7a8d4194764dbf8e0b571eab07b

SHA1
f0fb61b31fddc05a813a4d360386a1697823cd96

SHA256
f03c571b970804858c745f8f31433c6307f5dfa7768ababac2f7829dfb24a3a9

SHA512
d2b66b7a859421e7a1430e63c7abc9ab7a1532673aaaa8df72cc67b4f2bab6d60a5a8da8b16757f7e03ccd32166390ba7fd135deda054469d147325fa707f935

Download Submit
\Windows\system\qhsENjg.exe

Filesize
5.7MB

MD5
21c90fa3d5eec08bbd2d86664f9440a7

SHA1
749a9d9f560d9e0220e342bd2d3f68abec625f38

SHA256
46b7442a2d6a291e94912f259c273c070b9ccfe5b5283415bc8207463fd2a9cf

SHA512
36868fc4d6e3bec6866b4c840abc56201d1debf40aa8c6790f8c1c4011549d6b263190816134df86fb099c9c45c601564dc7f874a8055bfd3655fd1749a7b552

Download Submit
memory/772-145-0x000000013F450000-0x000000013F79D000-memory.dmp

Filesize
3.3MB

Download
memory/1060-73-0x000000013F3C0000-0x000000013F70D000-memory.dmp

Filesize
3.3MB

Download
memory/1152-163-0x000000013FFE0000-0x000000014032D000-memory.dmp

Filesize
3.3MB

Download
memory/1276-43-0x000000013F270000-0x000000013F5BD000-memory.dmp

Filesize
3.3MB

Download
memory/1360-181-0x000000013F5A0000-0x000000013F8ED000-memory.dmp

Filesize
3.3MB

Download
memory/1508-139-0x000000013F880000-0x000000013FBCD000-memory.dmp

Filesize
3.3MB

Download
memory/1512-151-0x000000013F780000-0x000000013FACD000-memory.dmp

Filesize
3.3MB

Download
memory/1848-187-0x000000013F4F0000-0x000000013F83D000-memory.dmp

Filesize
3.3MB

Download
memory/1940-109-0x000000013FD90000-0x00000001400DD000-memory.dmp

Filesize
3.3MB

Download
memory/1992-61-0x000000013FD50000-0x000000014009D000-memory.dmp

Filesize
3.3MB

Download
memory/2056-169-0x000000013FA70000-0x000000013FDBD000-memory.dmp

Filesize
3.3MB

Download
memory/2116-67-0x000000013FCB0000-0x000000013FFFD000-memory.dmp

Filesize
3.3MB

Download
memory/2164-85-0x000000013FD70000-0x00000001400BD000-memory.dmp

Filesize
3.3MB

Download
memory/2172-25-0x000000013F790000-0x000000013FADD000-memory.dmp

Filesize
3.3MB

Download
memory/2188-91-0x000000013FFD0000-0x000000014031D000-memory.dmp

Filesize
3.3MB

Download
memory/2316-121-0x000000013F2D0000-0x000000013F61D000-memory.dmp

Filesize
3.3MB

Download
memory/2380-157-0x000000013F370000-0x000000013F6BD000-memory.dmp

Filesize
3.3MB

Download
memory/2396-103-0x000000013FFF0000-0x000000014033D000-memory.dmp

Filesize
3.3MB

Download
memory/2408-49-0x000000013F6F0000-0x000000013FA3D000-memory.dmp

Filesize
3.3MB

Download
memory/2420-175-0x000000013F320000-0x000000013F66D000-memory.dmp

Filesize
3.3MB

Download
memory/2564-79-0x000000013FE50000-0x000000014019D000-memory.dmp

Filesize
3.3MB

Download
memory/2572-97-0x000000013F600000-0x000000013F94D000-memory.dmp

Filesize
3.3MB

Download
memory/2584-127-0x000000013FAA0000-0x000000013FDED000-memory.dmp

Filesize
3.3MB

Download
memory/2684-37-0x000000013F0E0000-0x000000013F42D000-memory.dmp

Filesize
3.3MB

Download
memory/2720-31-0x000000013FFA0000-0x00000001402ED000-memory.dmp

Filesize
3.3MB

Download
memory/2772-11-0x000000013F830000-0x000000013FB7D000-memory.dmp

Filesize
3.3MB

Download
memory/2892-0-0x000000013FDB0000-0x00000001400FD000-memory.dmp

Filesize
3.3MB

Download
memory/2892-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2900-12-0x000000013F520000-0x000000013F86D000-memory.dmp

Filesize
3.3MB

Download
memory/3020-55-0x000000013F6C0000-0x000000013FA0D000-memory.dmp

Filesize
3.3MB

Download
memory/3036-19-0x000000013FCF0000-0x000000014003D000-memory.dmp

Filesize
3.3MB

Download
memory/3048-133-0x000000013F0C0000-0x000000013F40D000-memory.dmp

Filesize
3.3MB

Download
memory/3060-115-0x000000013F2F0000-0x000000013F63D000-memory.dmp

Filesize
3.3MB

Download