cobaltstrike | 399f15e9abb85ec86c2a0e0a394b0763229e09d1509c8f480efe9f08860cd164

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/02/2025, 16:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

bda281369d96f9c4951f266905163ef6
SHA1

fd16d4ff03b2ead48e43f01b0bdf4236175cb2b9
SHA256

399f15e9abb85ec86c2a0e0a394b0763229e09d1509c8f480efe9f08860cd164
SHA512

dfa2d7225488d45030274172cf52fd6f67a03abc8b3795fba569eedb0718e104ceb101e789f5b35bf47fca309636f2ce2e7af1555fcc336b770240d45e4837e1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUh:T+q56utgpPF8u/7h

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0012000000015ccc-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd0-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016de4-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016eb8-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017403-32.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000190e1-35.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-39.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-43.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-63.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019479-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-99.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-103.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-83.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-71.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-59.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-51.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-47.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001707c-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016edb-24.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2512-0-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x0012000000015ccc-3.dat	xmrig
behavioral1/files/0x0008000000016dd0-11.dat	xmrig
behavioral1/files/0x0008000000016de4-15.dat	xmrig
behavioral1/files/0x0007000000016eb8-20.dat	xmrig
behavioral1/files/0x0007000000017403-32.dat	xmrig
behavioral1/files/0x00080000000190e1-35.dat	xmrig
behavioral1/files/0x00050000000191d2-39.dat	xmrig
behavioral1/files/0x00050000000191f6-43.dat	xmrig
behavioral1/files/0x000500000001926c-63.dat	xmrig
behavioral1/files/0x0005000000019319-79.dat	xmrig
behavioral1/files/0x0005000000019387-91.dat	xmrig
behavioral1/files/0x000500000001945b-121.dat	xmrig
behavioral1/memory/1628-709-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2616-731-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2816-1068-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2236-1228-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2784-1593-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2708-1551-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/3068-1488-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2564-1415-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2812-1292-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2640-1128-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2740-1026-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2644-986-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2072-964-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2176-926-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x0005000000019479-132.dat	xmrig
behavioral1/files/0x0005000000019465-119.dat	xmrig
behavioral1/files/0x0005000000019433-114.dat	xmrig
behavioral1/files/0x0005000000019450-112.dat	xmrig
behavioral1/files/0x000500000001946a-125.dat	xmrig
behavioral1/files/0x0005000000019446-110.dat	xmrig
behavioral1/files/0x00050000000193b3-99.dat	xmrig
behavioral1/files/0x00050000000193c1-103.dat	xmrig
behavioral1/files/0x00050000000193a4-95.dat	xmrig
behavioral1/files/0x0005000000019377-87.dat	xmrig
behavioral1/files/0x0005000000019365-83.dat	xmrig
behavioral1/files/0x000500000001929a-75.dat	xmrig
behavioral1/files/0x0005000000019278-71.dat	xmrig
behavioral1/files/0x0005000000019275-67.dat	xmrig
behavioral1/files/0x0005000000019268-59.dat	xmrig
behavioral1/files/0x0005000000019259-55.dat	xmrig
behavioral1/files/0x0005000000019240-51.dat	xmrig
behavioral1/files/0x0005000000019217-47.dat	xmrig
behavioral1/files/0x000700000001707c-27.dat	xmrig
behavioral1/files/0x0007000000016edb-24.dat	xmrig
behavioral1/memory/2512-2389-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/1628-2441-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2072-2519-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2512-2517-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2616-2516-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2740-2522-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2512-2529-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2512-2528-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2512-2577-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2176-3859-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/3068-3863-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2816-3868-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2708-3867-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2236-3866-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2740-3873-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2616-3876-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2072-3872-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1628	QvsxWsf.exe
2616	lKIHOnQ.exe
2176	NmQcEVn.exe
2072	tfoJGEZ.exe
2644	dlOWsMu.exe
2740	DLGSumR.exe
2816	CoYOKat.exe
2640	IffLAQt.exe
2236	eaoyDHz.exe
2812	rvzLiYr.exe
2564	LgbniFc.exe
3068	uZupnQA.exe
2708	PVEQUFC.exe
2784	OVYFDFx.exe
2556	TpyfjUT.exe
2656	CzzxtYV.exe
2088	GWZUzcA.exe
1368	hGEJaaj.exe
1656	nXneeDM.exe
1560	HIiGSSn.exe
1252	JaRmhNZ.exe
2860	FEejUAT.exe
1880	CJCmsfQ.exe
988	pYXlLJK.exe
664	wTqfmiX.exe
1784	cCDdYlD.exe
1272	MIdvHCt.exe
3012	EQrdOVK.exe
3020	ShvYCqY.exe
396	xrVgKHf.exe
2128	GmdQFNj.exe
676	RVNXAmV.exe
2632	nDcZFby.exe
2136	NvMbusI.exe
1672	MHbssIN.exe
1720	trhpaHB.exe
1140	gEDaZGj.exe
2728	ACfqdhK.exe
2912	LvrGloC.exe
792	ZzfHqaV.exe
1364	bywUxxO.exe
1636	KTvlsOj.exe
1088	pFwoTfM.exe
2224	cuZupvC.exe
1312	xQfYOMO.exe
860	jkyXvUM.exe
1020	IejDnDW.exe
1644	OFPTtpb.exe
844	XCEeJTH.exe
1184	AXAEVKK.exe
1984	dAAOSDy.exe
1964	SOPCSOc.exe
2380	kxPRSuC.exe
2168	YsNlCQZ.exe
1080	IdVokFg.exe
2144	VQjJEJo.exe
2412	gKxevPD.exe
1812	WDDPvto.exe
2908	JdljAZK.exe
2184	fHvyklW.exe
2496	gCesDvc.exe
3032	UGDwusV.exe
1012	GPJqBRj.exe
1072	yKCkAen.exe

Loads dropped DLL 64 IoCs

pid	Process
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2512-0-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x0012000000015ccc-3.dat	upx
behavioral1/files/0x0008000000016dd0-11.dat	upx
behavioral1/files/0x0008000000016de4-15.dat	upx
behavioral1/files/0x0007000000016eb8-20.dat	upx
behavioral1/files/0x0007000000017403-32.dat	upx
behavioral1/files/0x00080000000190e1-35.dat	upx
behavioral1/files/0x00050000000191d2-39.dat	upx
behavioral1/files/0x00050000000191f6-43.dat	upx
behavioral1/files/0x000500000001926c-63.dat	upx
behavioral1/files/0x0005000000019319-79.dat	upx
behavioral1/files/0x0005000000019387-91.dat	upx
behavioral1/files/0x000500000001945b-121.dat	upx
behavioral1/memory/1628-709-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2616-731-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2816-1068-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2236-1228-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2784-1593-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2708-1551-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/3068-1488-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2564-1415-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2812-1292-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2640-1128-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2740-1026-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2644-986-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2072-964-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2176-926-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x0005000000019479-132.dat	upx
behavioral1/files/0x0005000000019465-119.dat	upx
behavioral1/files/0x0005000000019433-114.dat	upx
behavioral1/files/0x0005000000019450-112.dat	upx
behavioral1/files/0x000500000001946a-125.dat	upx
behavioral1/files/0x0005000000019446-110.dat	upx
behavioral1/files/0x00050000000193b3-99.dat	upx
behavioral1/files/0x00050000000193c1-103.dat	upx
behavioral1/files/0x00050000000193a4-95.dat	upx
behavioral1/files/0x0005000000019377-87.dat	upx
behavioral1/files/0x0005000000019365-83.dat	upx
behavioral1/files/0x000500000001929a-75.dat	upx
behavioral1/files/0x0005000000019278-71.dat	upx
behavioral1/files/0x0005000000019275-67.dat	upx
behavioral1/files/0x0005000000019268-59.dat	upx
behavioral1/files/0x0005000000019259-55.dat	upx
behavioral1/files/0x0005000000019240-51.dat	upx
behavioral1/files/0x0005000000019217-47.dat	upx
behavioral1/files/0x000700000001707c-27.dat	upx
behavioral1/files/0x0007000000016edb-24.dat	upx
behavioral1/memory/2512-2389-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/1628-2441-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2072-2519-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2616-2516-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2740-2522-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2176-3859-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/3068-3863-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2816-3868-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2708-3867-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2236-3866-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2740-3873-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2616-3876-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2072-3872-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2564-3865-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2644-3864-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2784-3862-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2640-3861-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\xAcNqHn.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZVqPlc.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wsIRzqw.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ikhCEUq.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HLYVXqw.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iRFwBtG.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uIyeMTf.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCDdYlD.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VOwmaWd.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yIBtvds.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jfLEFBP.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xFmaWlZ.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IAKGaQf.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJIyAHf.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PEtqvRh.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mAKVKDv.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YKOKqYO.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xPeUGfT.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bmtPRoN.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PTrVWSl.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\omZMWxW.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zgeStwQ.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xObGxYn.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nDcZFby.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SISfkXQ.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bKiZDYM.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qvfYcBE.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ctdPqKb.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IiSRxRN.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kRJAekx.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpEgeUd.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkMAFBS.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bMipjad.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\usddEkw.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MHbssIN.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLbIUWV.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ordMwLs.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BhkXuKe.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eRnCJQn.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PlmKHCj.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\trZaklX.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AwoevIb.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RVNXAmV.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxPRSuC.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WLbgZYR.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\agVbGCD.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jQrUoOQ.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CPuxmmX.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVKEdxN.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RsAFOLA.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHqMzae.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HYaFxvf.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aifJniu.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LvCSPtk.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\csrpuyJ.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iFZAGiT.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtWIqBf.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eklwlJE.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nmwMJlk.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BudbUuf.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PUsBqQa.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHMuGOS.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fXvaJCQ.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ppNioBq.exe	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 1628	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2512 wrote to memory of 1628	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2512 wrote to memory of 1628	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2512 wrote to memory of 2616	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2512 wrote to memory of 2616	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2512 wrote to memory of 2616	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2512 wrote to memory of 2176	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2512 wrote to memory of 2176	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2512 wrote to memory of 2176	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2512 wrote to memory of 2072	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2512 wrote to memory of 2072	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2512 wrote to memory of 2072	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2512 wrote to memory of 2644	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2512 wrote to memory of 2644	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2512 wrote to memory of 2644	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2512 wrote to memory of 2740	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2512 wrote to memory of 2740	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2512 wrote to memory of 2740	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2512 wrote to memory of 2816	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2512 wrote to memory of 2816	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2512 wrote to memory of 2816	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2512 wrote to memory of 2640	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2512 wrote to memory of 2640	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2512 wrote to memory of 2640	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2512 wrote to memory of 2236	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2512 wrote to memory of 2236	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2512 wrote to memory of 2236	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2512 wrote to memory of 2812	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2512 wrote to memory of 2812	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2512 wrote to memory of 2812	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2512 wrote to memory of 2564	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2512 wrote to memory of 2564	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2512 wrote to memory of 2564	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2512 wrote to memory of 3068	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2512 wrote to memory of 3068	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2512 wrote to memory of 3068	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2512 wrote to memory of 2708	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2512 wrote to memory of 2708	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2512 wrote to memory of 2708	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2512 wrote to memory of 2784	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2512 wrote to memory of 2784	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2512 wrote to memory of 2784	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2512 wrote to memory of 2556	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2512 wrote to memory of 2556	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2512 wrote to memory of 2556	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2512 wrote to memory of 2656	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2512 wrote to memory of 2656	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2512 wrote to memory of 2656	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2512 wrote to memory of 2088	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2512 wrote to memory of 2088	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2512 wrote to memory of 2088	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2512 wrote to memory of 1368	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2512 wrote to memory of 1368	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2512 wrote to memory of 1368	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2512 wrote to memory of 1656	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2512 wrote to memory of 1656	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2512 wrote to memory of 1656	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2512 wrote to memory of 1560	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2512 wrote to memory of 1560	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2512 wrote to memory of 1560	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2512 wrote to memory of 1252	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2512 wrote to memory of 1252	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2512 wrote to memory of 1252	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2512 wrote to memory of 2860	2512	2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-02_bda281369d96f9c4951f266905163ef6_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\System\QvsxWsf.exe
  C:\Windows\System\QvsxWsf.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\lKIHOnQ.exe
  C:\Windows\System\lKIHOnQ.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\NmQcEVn.exe
  C:\Windows\System\NmQcEVn.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\tfoJGEZ.exe
  C:\Windows\System\tfoJGEZ.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\dlOWsMu.exe
  C:\Windows\System\dlOWsMu.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\DLGSumR.exe
  C:\Windows\System\DLGSumR.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\CoYOKat.exe
  C:\Windows\System\CoYOKat.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\IffLAQt.exe
  C:\Windows\System\IffLAQt.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\eaoyDHz.exe
  C:\Windows\System\eaoyDHz.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\rvzLiYr.exe
  C:\Windows\System\rvzLiYr.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\LgbniFc.exe
  C:\Windows\System\LgbniFc.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\uZupnQA.exe
  C:\Windows\System\uZupnQA.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\PVEQUFC.exe
  C:\Windows\System\PVEQUFC.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\OVYFDFx.exe
  C:\Windows\System\OVYFDFx.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\TpyfjUT.exe
  C:\Windows\System\TpyfjUT.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\CzzxtYV.exe
  C:\Windows\System\CzzxtYV.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\GWZUzcA.exe
  C:\Windows\System\GWZUzcA.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\hGEJaaj.exe
  C:\Windows\System\hGEJaaj.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\nXneeDM.exe
  C:\Windows\System\nXneeDM.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\HIiGSSn.exe
  C:\Windows\System\HIiGSSn.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\JaRmhNZ.exe
  C:\Windows\System\JaRmhNZ.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\FEejUAT.exe
  C:\Windows\System\FEejUAT.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\CJCmsfQ.exe
  C:\Windows\System\CJCmsfQ.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\pYXlLJK.exe
  C:\Windows\System\pYXlLJK.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\wTqfmiX.exe
  C:\Windows\System\wTqfmiX.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\MIdvHCt.exe
  C:\Windows\System\MIdvHCt.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\cCDdYlD.exe
  C:\Windows\System\cCDdYlD.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\xrVgKHf.exe
  C:\Windows\System\xrVgKHf.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\EQrdOVK.exe
  C:\Windows\System\EQrdOVK.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\GmdQFNj.exe
  C:\Windows\System\GmdQFNj.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\ShvYCqY.exe
  C:\Windows\System\ShvYCqY.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\RVNXAmV.exe
  C:\Windows\System\RVNXAmV.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\nDcZFby.exe
  C:\Windows\System\nDcZFby.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\NvMbusI.exe
  C:\Windows\System\NvMbusI.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\MHbssIN.exe
  C:\Windows\System\MHbssIN.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\trhpaHB.exe
  C:\Windows\System\trhpaHB.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\gEDaZGj.exe
  C:\Windows\System\gEDaZGj.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\ACfqdhK.exe
  C:\Windows\System\ACfqdhK.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\LvrGloC.exe
  C:\Windows\System\LvrGloC.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\ZzfHqaV.exe
  C:\Windows\System\ZzfHqaV.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\bywUxxO.exe
  C:\Windows\System\bywUxxO.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\KTvlsOj.exe
  C:\Windows\System\KTvlsOj.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\pFwoTfM.exe
  C:\Windows\System\pFwoTfM.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\cuZupvC.exe
  C:\Windows\System\cuZupvC.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\xQfYOMO.exe
  C:\Windows\System\xQfYOMO.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\jkyXvUM.exe
  C:\Windows\System\jkyXvUM.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\IejDnDW.exe
  C:\Windows\System\IejDnDW.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\OFPTtpb.exe
  C:\Windows\System\OFPTtpb.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\XCEeJTH.exe
  C:\Windows\System\XCEeJTH.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\AXAEVKK.exe
  C:\Windows\System\AXAEVKK.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\dAAOSDy.exe
  C:\Windows\System\dAAOSDy.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\SOPCSOc.exe
  C:\Windows\System\SOPCSOc.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\kxPRSuC.exe
  C:\Windows\System\kxPRSuC.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\YsNlCQZ.exe
  C:\Windows\System\YsNlCQZ.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\IdVokFg.exe
  C:\Windows\System\IdVokFg.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\VQjJEJo.exe
  C:\Windows\System\VQjJEJo.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\gKxevPD.exe
  C:\Windows\System\gKxevPD.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\WDDPvto.exe
  C:\Windows\System\WDDPvto.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\JdljAZK.exe
  C:\Windows\System\JdljAZK.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\fHvyklW.exe
  C:\Windows\System\fHvyklW.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\gCesDvc.exe
  C:\Windows\System\gCesDvc.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\UGDwusV.exe
  C:\Windows\System\UGDwusV.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\GPJqBRj.exe
  C:\Windows\System\GPJqBRj.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\yKCkAen.exe
  C:\Windows\System\yKCkAen.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\PFmryHK.exe
  C:\Windows\System\PFmryHK.exe
  2⤵
  PID:1744
- C:\Windows\System\AAqHFAX.exe
  C:\Windows\System\AAqHFAX.exe
  2⤵
  PID:900
- C:\Windows\System\JcPHmDy.exe
  C:\Windows\System\JcPHmDy.exe
  2⤵
  PID:2056
- C:\Windows\System\rBQrVnO.exe
  C:\Windows\System\rBQrVnO.exe
  2⤵
  PID:2340
- C:\Windows\System\EDwJsrV.exe
  C:\Windows\System\EDwJsrV.exe
  2⤵
  PID:1592
- C:\Windows\System\KstLXxc.exe
  C:\Windows\System\KstLXxc.exe
  2⤵
  PID:1776
- C:\Windows\System\dseaqFz.exe
  C:\Windows\System\dseaqFz.exe
  2⤵
  PID:2880
- C:\Windows\System\nevcFZo.exe
  C:\Windows\System\nevcFZo.exe
  2⤵
  PID:1544
- C:\Windows\System\AtygySd.exe
  C:\Windows\System\AtygySd.exe
  2⤵
  PID:2628
- C:\Windows\System\guGIxgK.exe
  C:\Windows\System\guGIxgK.exe
  2⤵
  PID:2112
- C:\Windows\System\UaOfFDJ.exe
  C:\Windows\System\UaOfFDJ.exe
  2⤵
  PID:2736
- C:\Windows\System\jkcrezY.exe
  C:\Windows\System\jkcrezY.exe
  2⤵
  PID:2544
- C:\Windows\System\WrALvaj.exe
  C:\Windows\System\WrALvaj.exe
  2⤵
  PID:2804
- C:\Windows\System\LGCeCYa.exe
  C:\Windows\System\LGCeCYa.exe
  2⤵
  PID:2796
- C:\Windows\System\yoehjRd.exe
  C:\Windows\System\yoehjRd.exe
  2⤵
  PID:2600
- C:\Windows\System\qsaZsOU.exe
  C:\Windows\System\qsaZsOU.exe
  2⤵
  PID:2588
- C:\Windows\System\hHOHHcu.exe
  C:\Windows\System\hHOHHcu.exe
  2⤵
  PID:636
- C:\Windows\System\TjwklPh.exe
  C:\Windows\System\TjwklPh.exe
  2⤵
  PID:760
- C:\Windows\System\JRLPSEc.exe
  C:\Windows\System\JRLPSEc.exe
  2⤵
  PID:2440
- C:\Windows\System\ZbXAfww.exe
  C:\Windows\System\ZbXAfww.exe
  2⤵
  PID:1780
- C:\Windows\System\GSpojva.exe
  C:\Windows\System\GSpojva.exe
  2⤵
  PID:1620
- C:\Windows\System\bQQuAeN.exe
  C:\Windows\System\bQQuAeN.exe
  2⤵
  PID:2972
- C:\Windows\System\pBbAEtO.exe
  C:\Windows\System\pBbAEtO.exe
  2⤵
  PID:1740
- C:\Windows\System\rVWfcdB.exe
  C:\Windows\System\rVWfcdB.exe
  2⤵
  PID:2156
- C:\Windows\System\JbXMOkw.exe
  C:\Windows\System\JbXMOkw.exe
  2⤵
  PID:856
- C:\Windows\System\mKUVGYY.exe
  C:\Windows\System\mKUVGYY.exe
  2⤵
  PID:764
- C:\Windows\System\BnKiLQR.exe
  C:\Windows\System\BnKiLQR.exe
  2⤵
  PID:3024
- C:\Windows\System\HWylpFf.exe
  C:\Windows\System\HWylpFf.exe
  2⤵
  PID:964
- C:\Windows\System\JUmEtKK.exe
  C:\Windows\System\JUmEtKK.exe
  2⤵
  PID:1296
- C:\Windows\System\rDCUwTv.exe
  C:\Windows\System\rDCUwTv.exe
  2⤵
  PID:2228
- C:\Windows\System\swUQtRE.exe
  C:\Windows\System\swUQtRE.exe
  2⤵
  PID:916
- C:\Windows\System\MnxLGMq.exe
  C:\Windows\System\MnxLGMq.exe
  2⤵
  PID:1008
- C:\Windows\System\CZdUWHx.exe
  C:\Windows\System\CZdUWHx.exe
  2⤵
  PID:944
- C:\Windows\System\JbNZgvw.exe
  C:\Windows\System\JbNZgvw.exe
  2⤵
  PID:2368
- C:\Windows\System\NnddrZx.exe
  C:\Windows\System\NnddrZx.exe
  2⤵
  PID:2196
- C:\Windows\System\fhstybN.exe
  C:\Windows\System\fhstybN.exe
  2⤵
  PID:2104
- C:\Windows\System\eHmxMZp.exe
  C:\Windows\System\eHmxMZp.exe
  2⤵
  PID:2200
- C:\Windows\System\fYxlbas.exe
  C:\Windows\System\fYxlbas.exe
  2⤵
  PID:2244
- C:\Windows\System\LaNBnWV.exe
  C:\Windows\System\LaNBnWV.exe
  2⤵
  PID:2076
- C:\Windows\System\lTHLVhk.exe
  C:\Windows\System\lTHLVhk.exe
  2⤵
  PID:1076
- C:\Windows\System\vbvtXQZ.exe
  C:\Windows\System\vbvtXQZ.exe
  2⤵
  PID:2404
- C:\Windows\System\amkqSnJ.exe
  C:\Windows\System\amkqSnJ.exe
  2⤵
  PID:2204
- C:\Windows\System\lLAsFZv.exe
  C:\Windows\System\lLAsFZv.exe
  2⤵
  PID:2504
- C:\Windows\System\LzLzzeE.exe
  C:\Windows\System\LzLzzeE.exe
  2⤵
  PID:1400
- C:\Windows\System\wLblmvi.exe
  C:\Windows\System\wLblmvi.exe
  2⤵
  PID:2752
- C:\Windows\System\CsMroGe.exe
  C:\Windows\System\CsMroGe.exe
  2⤵
  PID:2572
- C:\Windows\System\zzMyYiw.exe
  C:\Windows\System\zzMyYiw.exe
  2⤵
  PID:2532
- C:\Windows\System\GlzgQMU.exe
  C:\Windows\System\GlzgQMU.exe
  2⤵
  PID:1404
- C:\Windows\System\mrinKYF.exe
  C:\Windows\System\mrinKYF.exe
  2⤵
  PID:1380
- C:\Windows\System\rFLVHZh.exe
  C:\Windows\System\rFLVHZh.exe
  2⤵
  PID:2976
- C:\Windows\System\IQXMrKX.exe
  C:\Windows\System\IQXMrKX.exe
  2⤵
  PID:1836
- C:\Windows\System\RZOJPql.exe
  C:\Windows\System\RZOJPql.exe
  2⤵
  PID:2508
- C:\Windows\System\QIsXMkS.exe
  C:\Windows\System\QIsXMkS.exe
  2⤵
  PID:3008
- C:\Windows\System\uRlFzSq.exe
  C:\Windows\System\uRlFzSq.exe
  2⤵
  PID:1876
- C:\Windows\System\IkmqnOf.exe
  C:\Windows\System\IkmqnOf.exe
  2⤵
  PID:1300
- C:\Windows\System\APSgTxz.exe
  C:\Windows\System\APSgTxz.exe
  2⤵
  PID:1540
- C:\Windows\System\wgaWRtO.exe
  C:\Windows\System\wgaWRtO.exe
  2⤵
  PID:1536
- C:\Windows\System\fITdeYy.exe
  C:\Windows\System\fITdeYy.exe
  2⤵
  PID:1760
- C:\Windows\System\FKtsLwa.exe
  C:\Windows\System\FKtsLwa.exe
  2⤵
  PID:1028
- C:\Windows\System\eVQGCiL.exe
  C:\Windows\System\eVQGCiL.exe
  2⤵
  PID:820
- C:\Windows\System\bQhJTWY.exe
  C:\Windows\System\bQhJTWY.exe
  2⤵
  PID:2344
- C:\Windows\System\WmNbopC.exe
  C:\Windows\System\WmNbopC.exe
  2⤵
  PID:3044
- C:\Windows\System\jrlWNin.exe
  C:\Windows\System\jrlWNin.exe
  2⤵
  PID:3084
- C:\Windows\System\IkwUKoq.exe
  C:\Windows\System\IkwUKoq.exe
  2⤵
  PID:3100
- C:\Windows\System\LDhTNUV.exe
  C:\Windows\System\LDhTNUV.exe
  2⤵
  PID:3116
- C:\Windows\System\wyGqhaD.exe
  C:\Windows\System\wyGqhaD.exe
  2⤵
  PID:3132
- C:\Windows\System\AaxyQXG.exe
  C:\Windows\System\AaxyQXG.exe
  2⤵
  PID:3148
- C:\Windows\System\IIVDxke.exe
  C:\Windows\System\IIVDxke.exe
  2⤵
  PID:3164
- C:\Windows\System\VdlfTim.exe
  C:\Windows\System\VdlfTim.exe
  2⤵
  PID:3180
- C:\Windows\System\GapLegu.exe
  C:\Windows\System\GapLegu.exe
  2⤵
  PID:3196
- C:\Windows\System\zpEsmjr.exe
  C:\Windows\System\zpEsmjr.exe
  2⤵
  PID:3212
- C:\Windows\System\DIzmRDU.exe
  C:\Windows\System\DIzmRDU.exe
  2⤵
  PID:3228
- C:\Windows\System\VlxdnsR.exe
  C:\Windows\System\VlxdnsR.exe
  2⤵
  PID:3244
- C:\Windows\System\XRQVnOa.exe
  C:\Windows\System\XRQVnOa.exe
  2⤵
  PID:3260
- C:\Windows\System\yInHnCn.exe
  C:\Windows\System\yInHnCn.exe
  2⤵
  PID:3276
- C:\Windows\System\dDiLKFX.exe
  C:\Windows\System\dDiLKFX.exe
  2⤵
  PID:3292
- C:\Windows\System\xkgmNYw.exe
  C:\Windows\System\xkgmNYw.exe
  2⤵
  PID:3308
- C:\Windows\System\MEFhOCh.exe
  C:\Windows\System\MEFhOCh.exe
  2⤵
  PID:3324
- C:\Windows\System\YpmqMKi.exe
  C:\Windows\System\YpmqMKi.exe
  2⤵
  PID:3340
- C:\Windows\System\RgfivCU.exe
  C:\Windows\System\RgfivCU.exe
  2⤵
  PID:3356
- C:\Windows\System\HYaFxvf.exe
  C:\Windows\System\HYaFxvf.exe
  2⤵
  PID:3372
- C:\Windows\System\bWeHBFR.exe
  C:\Windows\System\bWeHBFR.exe
  2⤵
  PID:3388
- C:\Windows\System\QOCTaCt.exe
  C:\Windows\System\QOCTaCt.exe
  2⤵
  PID:3404
- C:\Windows\System\EDsYVCl.exe
  C:\Windows\System\EDsYVCl.exe
  2⤵
  PID:3420
- C:\Windows\System\lUzlhex.exe
  C:\Windows\System\lUzlhex.exe
  2⤵
  PID:3436
- C:\Windows\System\dlSPLam.exe
  C:\Windows\System\dlSPLam.exe
  2⤵
  PID:3452
- C:\Windows\System\bzcVBSu.exe
  C:\Windows\System\bzcVBSu.exe
  2⤵
  PID:3468
- C:\Windows\System\zpERgMQ.exe
  C:\Windows\System\zpERgMQ.exe
  2⤵
  PID:3484
- C:\Windows\System\zfZTvZM.exe
  C:\Windows\System\zfZTvZM.exe
  2⤵
  PID:3500
- C:\Windows\System\RHybFTF.exe
  C:\Windows\System\RHybFTF.exe
  2⤵
  PID:3516
- C:\Windows\System\QbHPmZD.exe
  C:\Windows\System\QbHPmZD.exe
  2⤵
  PID:3532
- C:\Windows\System\kqowSqS.exe
  C:\Windows\System\kqowSqS.exe
  2⤵
  PID:3548
- C:\Windows\System\pmIaDUW.exe
  C:\Windows\System\pmIaDUW.exe
  2⤵
  PID:3564
- C:\Windows\System\PSINdYG.exe
  C:\Windows\System\PSINdYG.exe
  2⤵
  PID:3580
- C:\Windows\System\VATOSjv.exe
  C:\Windows\System\VATOSjv.exe
  2⤵
  PID:3596
- C:\Windows\System\JwPzLWE.exe
  C:\Windows\System\JwPzLWE.exe
  2⤵
  PID:3612
- C:\Windows\System\dUWhhSG.exe
  C:\Windows\System\dUWhhSG.exe
  2⤵
  PID:3628
- C:\Windows\System\KqciZwQ.exe
  C:\Windows\System\KqciZwQ.exe
  2⤵
  PID:3644
- C:\Windows\System\QGLGXTh.exe
  C:\Windows\System\QGLGXTh.exe
  2⤵
  PID:3660
- C:\Windows\System\AIUerjw.exe
  C:\Windows\System\AIUerjw.exe
  2⤵
  PID:3676
- C:\Windows\System\qQgTjdb.exe
  C:\Windows\System\qQgTjdb.exe
  2⤵
  PID:3692
- C:\Windows\System\aifJniu.exe
  C:\Windows\System\aifJniu.exe
  2⤵
  PID:3708
- C:\Windows\System\oaDmHQL.exe
  C:\Windows\System\oaDmHQL.exe
  2⤵
  PID:3724
- C:\Windows\System\WLSmjhN.exe
  C:\Windows\System\WLSmjhN.exe
  2⤵
  PID:3740
- C:\Windows\System\bGWFntT.exe
  C:\Windows\System\bGWFntT.exe
  2⤵
  PID:3756
- C:\Windows\System\AYjQfhP.exe
  C:\Windows\System\AYjQfhP.exe
  2⤵
  PID:3772
- C:\Windows\System\KAboycT.exe
  C:\Windows\System\KAboycT.exe
  2⤵
  PID:3788
- C:\Windows\System\bFirKYM.exe
  C:\Windows\System\bFirKYM.exe
  2⤵
  PID:3804
- C:\Windows\System\tCGOSQI.exe
  C:\Windows\System\tCGOSQI.exe
  2⤵
  PID:3820
- C:\Windows\System\MUPNYwO.exe
  C:\Windows\System\MUPNYwO.exe
  2⤵
  PID:3836
- C:\Windows\System\xofAqsP.exe
  C:\Windows\System\xofAqsP.exe
  2⤵
  PID:3852
- C:\Windows\System\fdtBygD.exe
  C:\Windows\System\fdtBygD.exe
  2⤵
  PID:3868
- C:\Windows\System\IiSRxRN.exe
  C:\Windows\System\IiSRxRN.exe
  2⤵
  PID:3884
- C:\Windows\System\kKhXXmQ.exe
  C:\Windows\System\kKhXXmQ.exe
  2⤵
  PID:3900
- C:\Windows\System\NnVYhPI.exe
  C:\Windows\System\NnVYhPI.exe
  2⤵
  PID:3916
- C:\Windows\System\nOhBuRk.exe
  C:\Windows\System\nOhBuRk.exe
  2⤵
  PID:3932
- C:\Windows\System\CbkwSAK.exe
  C:\Windows\System\CbkwSAK.exe
  2⤵
  PID:3948
- C:\Windows\System\YGirXsC.exe
  C:\Windows\System\YGirXsC.exe
  2⤵
  PID:3964
- C:\Windows\System\ENodXLs.exe
  C:\Windows\System\ENodXLs.exe
  2⤵
  PID:3980
- C:\Windows\System\gcvIFCT.exe
  C:\Windows\System\gcvIFCT.exe
  2⤵
  PID:3996
- C:\Windows\System\DrksdtD.exe
  C:\Windows\System\DrksdtD.exe
  2⤵
  PID:4012
- C:\Windows\System\BBiHlck.exe
  C:\Windows\System\BBiHlck.exe
  2⤵
  PID:4028
- C:\Windows\System\GCYmRtW.exe
  C:\Windows\System\GCYmRtW.exe
  2⤵
  PID:4044
- C:\Windows\System\BviEZbj.exe
  C:\Windows\System\BviEZbj.exe
  2⤵
  PID:4060
- C:\Windows\System\fYadHHM.exe
  C:\Windows\System\fYadHHM.exe
  2⤵
  PID:4076
- C:\Windows\System\gLrHLuS.exe
  C:\Windows\System\gLrHLuS.exe
  2⤵
  PID:4092
- C:\Windows\System\lfplWOF.exe
  C:\Windows\System\lfplWOF.exe
  2⤵
  PID:2164
- C:\Windows\System\fcrgrjP.exe
  C:\Windows\System\fcrgrjP.exe
  2⤵
  PID:1512
- C:\Windows\System\GXAVlhJ.exe
  C:\Windows\System\GXAVlhJ.exe
  2⤵
  PID:1712
- C:\Windows\System\CHguvJH.exe
  C:\Windows\System\CHguvJH.exe
  2⤵
  PID:2904
- C:\Windows\System\YyudJnj.exe
  C:\Windows\System\YyudJnj.exe
  2⤵
  PID:1096
- C:\Windows\System\qErSnhI.exe
  C:\Windows\System\qErSnhI.exe
  2⤵
  PID:1004
- C:\Windows\System\gCUCNva.exe
  C:\Windows\System\gCUCNva.exe
  2⤵
  PID:2280
- C:\Windows\System\hpywzCP.exe
  C:\Windows\System\hpywzCP.exe
  2⤵
  PID:1596
- C:\Windows\System\lYrEtkK.exe
  C:\Windows\System\lYrEtkK.exe
  2⤵
  PID:3092
- C:\Windows\System\lJAApqd.exe
  C:\Windows\System\lJAApqd.exe
  2⤵
  PID:3124
- C:\Windows\System\rOcHiRc.exe
  C:\Windows\System\rOcHiRc.exe
  2⤵
  PID:3160
- C:\Windows\System\kSRSQNn.exe
  C:\Windows\System\kSRSQNn.exe
  2⤵
  PID:3188
- C:\Windows\System\OxTrIOx.exe
  C:\Windows\System\OxTrIOx.exe
  2⤵
  PID:3204
- C:\Windows\System\RsViAGF.exe
  C:\Windows\System\RsViAGF.exe
  2⤵
  PID:3256
- C:\Windows\System\jQCsHLV.exe
  C:\Windows\System\jQCsHLV.exe
  2⤵
  PID:3268
- C:\Windows\System\cYQKowi.exe
  C:\Windows\System\cYQKowi.exe
  2⤵
  PID:3316
- C:\Windows\System\KnHAntB.exe
  C:\Windows\System\KnHAntB.exe
  2⤵
  PID:3332
- C:\Windows\System\RMuPNCY.exe
  C:\Windows\System\RMuPNCY.exe
  2⤵
  PID:3364
- C:\Windows\System\BLocoiO.exe
  C:\Windows\System\BLocoiO.exe
  2⤵
  PID:3396
- C:\Windows\System\tpUHbck.exe
  C:\Windows\System\tpUHbck.exe
  2⤵
  PID:3428
- C:\Windows\System\OvTNNFn.exe
  C:\Windows\System\OvTNNFn.exe
  2⤵
  PID:3480
- C:\Windows\System\mVmKMPw.exe
  C:\Windows\System\mVmKMPw.exe
  2⤵
  PID:3492
- C:\Windows\System\GeAreaX.exe
  C:\Windows\System\GeAreaX.exe
  2⤵
  PID:3544
- C:\Windows\System\PEtqvRh.exe
  C:\Windows\System\PEtqvRh.exe
  2⤵
  PID:3556
- C:\Windows\System\ZSyPguJ.exe
  C:\Windows\System\ZSyPguJ.exe
  2⤵
  PID:3588
- C:\Windows\System\EUIPYLI.exe
  C:\Windows\System\EUIPYLI.exe
  2⤵
  PID:3636
- C:\Windows\System\AkEcSxP.exe
  C:\Windows\System\AkEcSxP.exe
  2⤵
  PID:3624
- C:\Windows\System\qTnZbLK.exe
  C:\Windows\System\qTnZbLK.exe
  2⤵
  PID:3704
- C:\Windows\System\UzTIout.exe
  C:\Windows\System\UzTIout.exe
  2⤵
  PID:3688
- C:\Windows\System\RDipsds.exe
  C:\Windows\System\RDipsds.exe
  2⤵
  PID:3752
- C:\Windows\System\tYoRtvD.exe
  C:\Windows\System\tYoRtvD.exe
  2⤵
  PID:3796
- C:\Windows\System\DBPpbIb.exe
  C:\Windows\System\DBPpbIb.exe
  2⤵
  PID:3816
- C:\Windows\System\eBtOMlp.exe
  C:\Windows\System\eBtOMlp.exe
  2⤵
  PID:3864
- C:\Windows\System\fUcLFeP.exe
  C:\Windows\System\fUcLFeP.exe
  2⤵
  PID:3876
- C:\Windows\System\QUwhmEC.exe
  C:\Windows\System\QUwhmEC.exe
  2⤵
  PID:3924
- C:\Windows\System\VdWkBVV.exe
  C:\Windows\System\VdWkBVV.exe
  2⤵
  PID:3960
- C:\Windows\System\lYqriHa.exe
  C:\Windows\System\lYqriHa.exe
  2⤵
  PID:3944
- C:\Windows\System\hZsiiZS.exe
  C:\Windows\System\hZsiiZS.exe
  2⤵
  PID:4024
- C:\Windows\System\TBluuqu.exe
  C:\Windows\System\TBluuqu.exe
  2⤵
  PID:4040
- C:\Windows\System\VmCcAiq.exe
  C:\Windows\System\VmCcAiq.exe
  2⤵
  PID:4036
- C:\Windows\System\rPOpkAH.exe
  C:\Windows\System\rPOpkAH.exe
  2⤵
  PID:2848
- C:\Windows\System\hOvatje.exe
  C:\Windows\System\hOvatje.exe
  2⤵
  PID:2856
- C:\Windows\System\BudbUuf.exe
  C:\Windows\System\BudbUuf.exe
  2⤵
  PID:1580
- C:\Windows\System\DqRBVpi.exe
  C:\Windows\System\DqRBVpi.exe
  2⤵
  PID:904
- C:\Windows\System\kpkAols.exe
  C:\Windows\System\kpkAols.exe
  2⤵
  PID:3076
- C:\Windows\System\FcBMnAz.exe
  C:\Windows\System\FcBMnAz.exe
  2⤵
  PID:3128
- C:\Windows\System\nLrqqtB.exe
  C:\Windows\System\nLrqqtB.exe
  2⤵
  PID:3176
- C:\Windows\System\euzdEhR.exe
  C:\Windows\System\euzdEhR.exe
  2⤵
  PID:3288
- C:\Windows\System\bvifVqW.exe
  C:\Windows\System\bvifVqW.exe
  2⤵
  PID:3304
- C:\Windows\System\qoOSYsh.exe
  C:\Windows\System\qoOSYsh.exe
  2⤵
  PID:3400
- C:\Windows\System\OFiCpdA.exe
  C:\Windows\System\OFiCpdA.exe
  2⤵
  PID:3476
- C:\Windows\System\mrikUoE.exe
  C:\Windows\System\mrikUoE.exe
  2⤵
  PID:3512
- C:\Windows\System\XhFrWwi.exe
  C:\Windows\System\XhFrWwi.exe
  2⤵
  PID:3608
- C:\Windows\System\NMukrcf.exe
  C:\Windows\System\NMukrcf.exe
  2⤵
  PID:3656
- C:\Windows\System\SgmirAo.exe
  C:\Windows\System\SgmirAo.exe
  2⤵
  PID:3736
- C:\Windows\System\WRvkwNQ.exe
  C:\Windows\System\WRvkwNQ.exe
  2⤵
  PID:3828
- C:\Windows\System\EmiLBuY.exe
  C:\Windows\System\EmiLBuY.exe
  2⤵
  PID:3896
- C:\Windows\System\TQvIzvj.exe
  C:\Windows\System\TQvIzvj.exe
  2⤵
  PID:3908
- C:\Windows\System\WzDAvdr.exe
  C:\Windows\System\WzDAvdr.exe
  2⤵
  PID:3992
- C:\Windows\System\NpMGPEk.exe
  C:\Windows\System\NpMGPEk.exe
  2⤵
  PID:4052
- C:\Windows\System\VJVXbjr.exe
  C:\Windows\System\VJVXbjr.exe
  2⤵
  PID:2552
- C:\Windows\System\AjAczOq.exe
  C:\Windows\System\AjAczOq.exe
  2⤵
  PID:2080
- C:\Windows\System\wQaizZd.exe
  C:\Windows\System\wQaizZd.exe
  2⤵
  PID:4104
- C:\Windows\System\OpKuxSV.exe
  C:\Windows\System\OpKuxSV.exe
  2⤵
  PID:4120
- C:\Windows\System\uNnPxdn.exe
  C:\Windows\System\uNnPxdn.exe
  2⤵
  PID:4136
- C:\Windows\System\NQOggjs.exe
  C:\Windows\System\NQOggjs.exe
  2⤵
  PID:4152
- C:\Windows\System\oUEBWUZ.exe
  C:\Windows\System\oUEBWUZ.exe
  2⤵
  PID:4168
- C:\Windows\System\GbmJqth.exe
  C:\Windows\System\GbmJqth.exe
  2⤵
  PID:4184
- C:\Windows\System\lWhgypQ.exe
  C:\Windows\System\lWhgypQ.exe
  2⤵
  PID:4200
- C:\Windows\System\utBSTON.exe
  C:\Windows\System\utBSTON.exe
  2⤵
  PID:4216
- C:\Windows\System\YHiBsQk.exe
  C:\Windows\System\YHiBsQk.exe
  2⤵
  PID:4232
- C:\Windows\System\PFLcZqm.exe
  C:\Windows\System\PFLcZqm.exe
  2⤵
  PID:4248
- C:\Windows\System\zgeStwQ.exe
  C:\Windows\System\zgeStwQ.exe
  2⤵
  PID:4264
- C:\Windows\System\RRBytGS.exe
  C:\Windows\System\RRBytGS.exe
  2⤵
  PID:4280
- C:\Windows\System\DwUQaJt.exe
  C:\Windows\System\DwUQaJt.exe
  2⤵
  PID:4296
- C:\Windows\System\KzEIxFJ.exe
  C:\Windows\System\KzEIxFJ.exe
  2⤵
  PID:4312
- C:\Windows\System\ExCIpTg.exe
  C:\Windows\System\ExCIpTg.exe
  2⤵
  PID:4328
- C:\Windows\System\uGNWQiK.exe
  C:\Windows\System\uGNWQiK.exe
  2⤵
  PID:4344
- C:\Windows\System\SISfkXQ.exe
  C:\Windows\System\SISfkXQ.exe
  2⤵
  PID:4360
- C:\Windows\System\LkICswr.exe
  C:\Windows\System\LkICswr.exe
  2⤵
  PID:4376
- C:\Windows\System\omcVMwr.exe
  C:\Windows\System\omcVMwr.exe
  2⤵
  PID:4392
- C:\Windows\System\TiAoXbe.exe
  C:\Windows\System\TiAoXbe.exe
  2⤵
  PID:4408
- C:\Windows\System\WzWWVPk.exe
  C:\Windows\System\WzWWVPk.exe
  2⤵
  PID:4424
- C:\Windows\System\MToLepo.exe
  C:\Windows\System\MToLepo.exe
  2⤵
  PID:4440
- C:\Windows\System\JaDughd.exe
  C:\Windows\System\JaDughd.exe
  2⤵
  PID:4456
- C:\Windows\System\kHUGFHB.exe
  C:\Windows\System\kHUGFHB.exe
  2⤵
  PID:4472
- C:\Windows\System\xnPBwvr.exe
  C:\Windows\System\xnPBwvr.exe
  2⤵
  PID:4488
- C:\Windows\System\pzMEtwX.exe
  C:\Windows\System\pzMEtwX.exe
  2⤵
  PID:4504
- C:\Windows\System\uepgNNe.exe
  C:\Windows\System\uepgNNe.exe
  2⤵
  PID:4520
- C:\Windows\System\IKAAELQ.exe
  C:\Windows\System\IKAAELQ.exe
  2⤵
  PID:4536
- C:\Windows\System\RDjDqsY.exe
  C:\Windows\System\RDjDqsY.exe
  2⤵
  PID:4552
- C:\Windows\System\JTmkxAT.exe
  C:\Windows\System\JTmkxAT.exe
  2⤵
  PID:4568
- C:\Windows\System\mipeCgs.exe
  C:\Windows\System\mipeCgs.exe
  2⤵
  PID:4584
- C:\Windows\System\FeNQcxE.exe
  C:\Windows\System\FeNQcxE.exe
  2⤵
  PID:4600
- C:\Windows\System\YyrIKLI.exe
  C:\Windows\System\YyrIKLI.exe
  2⤵
  PID:4616
- C:\Windows\System\CWWrbzn.exe
  C:\Windows\System\CWWrbzn.exe
  2⤵
  PID:4632
- C:\Windows\System\bnhoICy.exe
  C:\Windows\System\bnhoICy.exe
  2⤵
  PID:4648
- C:\Windows\System\fTIMKTK.exe
  C:\Windows\System\fTIMKTK.exe
  2⤵
  PID:4664
- C:\Windows\System\ahOapNl.exe
  C:\Windows\System\ahOapNl.exe
  2⤵
  PID:4680
- C:\Windows\System\qODyWIC.exe
  C:\Windows\System\qODyWIC.exe
  2⤵
  PID:4696
- C:\Windows\System\bxJEFrc.exe
  C:\Windows\System\bxJEFrc.exe
  2⤵
  PID:4712
- C:\Windows\System\WrYPrXy.exe
  C:\Windows\System\WrYPrXy.exe
  2⤵
  PID:4728
- C:\Windows\System\SMsNUpu.exe
  C:\Windows\System\SMsNUpu.exe
  2⤵
  PID:4744
- C:\Windows\System\bKiZDYM.exe
  C:\Windows\System\bKiZDYM.exe
  2⤵
  PID:4760
- C:\Windows\System\ndyyzYO.exe
  C:\Windows\System\ndyyzYO.exe
  2⤵
  PID:4776
- C:\Windows\System\aEnejqP.exe
  C:\Windows\System\aEnejqP.exe
  2⤵
  PID:4792
- C:\Windows\System\syJvHuC.exe
  C:\Windows\System\syJvHuC.exe
  2⤵
  PID:4808
- C:\Windows\System\YuWHWWm.exe
  C:\Windows\System\YuWHWWm.exe
  2⤵
  PID:4824
- C:\Windows\System\pMYRhfx.exe
  C:\Windows\System\pMYRhfx.exe
  2⤵
  PID:4840
- C:\Windows\System\kRJAekx.exe
  C:\Windows\System\kRJAekx.exe
  2⤵
  PID:4856
- C:\Windows\System\fIrcdQI.exe
  C:\Windows\System\fIrcdQI.exe
  2⤵
  PID:4872
- C:\Windows\System\MtbsrhD.exe
  C:\Windows\System\MtbsrhD.exe
  2⤵
  PID:4888
- C:\Windows\System\tuVpfqv.exe
  C:\Windows\System\tuVpfqv.exe
  2⤵
  PID:4904
- C:\Windows\System\PuBDeSd.exe
  C:\Windows\System\PuBDeSd.exe
  2⤵
  PID:4920
- C:\Windows\System\POWRDoJ.exe
  C:\Windows\System\POWRDoJ.exe
  2⤵
  PID:4936
- C:\Windows\System\SyhqIvx.exe
  C:\Windows\System\SyhqIvx.exe
  2⤵
  PID:4952
- C:\Windows\System\zagGyXR.exe
  C:\Windows\System\zagGyXR.exe
  2⤵
  PID:4968
- C:\Windows\System\SjOaxxE.exe
  C:\Windows\System\SjOaxxE.exe
  2⤵
  PID:4984
- C:\Windows\System\PszYQtm.exe
  C:\Windows\System\PszYQtm.exe
  2⤵
  PID:5000
- C:\Windows\System\btxiOhu.exe
  C:\Windows\System\btxiOhu.exe
  2⤵
  PID:5016
- C:\Windows\System\XlBHkFf.exe
  C:\Windows\System\XlBHkFf.exe
  2⤵
  PID:5032
- C:\Windows\System\XEGAIyE.exe
  C:\Windows\System\XEGAIyE.exe
  2⤵
  PID:5048
- C:\Windows\System\wwzaKjF.exe
  C:\Windows\System\wwzaKjF.exe
  2⤵
  PID:5064
- C:\Windows\System\ekwQpaA.exe
  C:\Windows\System\ekwQpaA.exe
  2⤵
  PID:5080
- C:\Windows\System\aEIJtON.exe
  C:\Windows\System\aEIJtON.exe
  2⤵
  PID:5096
- C:\Windows\System\GAbGaZE.exe
  C:\Windows\System\GAbGaZE.exe
  2⤵
  PID:5112
- C:\Windows\System\oOgviIb.exe
  C:\Windows\System\oOgviIb.exe
  2⤵
  PID:3144
- C:\Windows\System\cgGfXcu.exe
  C:\Windows\System\cgGfXcu.exe
  2⤵
  PID:3172
- C:\Windows\System\CcEeaDS.exe
  C:\Windows\System\CcEeaDS.exe
  2⤵
  PID:3412
- C:\Windows\System\sfrxVEl.exe
  C:\Windows\System\sfrxVEl.exe
  2⤵
  PID:3448
- C:\Windows\System\uKNfZbL.exe
  C:\Windows\System\uKNfZbL.exe
  2⤵
  PID:3560
- C:\Windows\System\UqRBUWK.exe
  C:\Windows\System\UqRBUWK.exe
  2⤵
  PID:4292
- C:\Windows\System\EJafuku.exe
  C:\Windows\System\EJafuku.exe
  2⤵
  PID:4720
- C:\Windows\System\PXUVdxc.exe
  C:\Windows\System\PXUVdxc.exe
  2⤵
  PID:5044
- C:\Windows\System\pSKjuDu.exe
  C:\Windows\System\pSKjuDu.exe
  2⤵
  PID:3844
- C:\Windows\System\hWhepKA.exe
  C:\Windows\System\hWhepKA.exe
  2⤵
  PID:4324
- C:\Windows\System\skeKfoh.exe
  C:\Windows\System\skeKfoh.exe
  2⤵
  PID:4432
- C:\Windows\System\WRAcdnU.exe
  C:\Windows\System\WRAcdnU.exe
  2⤵
  PID:4452
- C:\Windows\System\EoVPHZp.exe
  C:\Windows\System\EoVPHZp.exe
  2⤵
  PID:4500
- C:\Windows\System\CPuxmmX.exe
  C:\Windows\System\CPuxmmX.exe
  2⤵
  PID:4564
- C:\Windows\System\bQrsuhY.exe
  C:\Windows\System\bQrsuhY.exe
  2⤵
  PID:4596
- C:\Windows\System\OFxFFup.exe
  C:\Windows\System\OFxFFup.exe
  2⤵
  PID:4656
- C:\Windows\System\iSZHFMy.exe
  C:\Windows\System\iSZHFMy.exe
  2⤵
  PID:4676
- C:\Windows\System\bmtPRoN.exe
  C:\Windows\System\bmtPRoN.exe
  2⤵
  PID:4740
- C:\Windows\System\CWSUmez.exe
  C:\Windows\System\CWSUmez.exe
  2⤵
  PID:4772
- C:\Windows\System\ysJSZSr.exe
  C:\Windows\System\ysJSZSr.exe
  2⤵
  PID:4852
- C:\Windows\System\TlZmAkF.exe
  C:\Windows\System\TlZmAkF.exe
  2⤵
  PID:4868
- C:\Windows\System\VAmXsKF.exe
  C:\Windows\System\VAmXsKF.exe
  2⤵
  PID:4948
- C:\Windows\System\hJNfiul.exe
  C:\Windows\System\hJNfiul.exe
  2⤵
  PID:5040
- C:\Windows\System\NnDowKq.exe
  C:\Windows\System\NnDowKq.exe
  2⤵
  PID:304
- C:\Windows\System\djWnYlL.exe
  C:\Windows\System\djWnYlL.exe
  2⤵
  PID:4964
- C:\Windows\System\yHQnkGs.exe
  C:\Windows\System\yHQnkGs.exe
  2⤵
  PID:5028
- C:\Windows\System\jfcrzva.exe
  C:\Windows\System\jfcrzva.exe
  2⤵
  PID:3380
- C:\Windows\System\YzFWvtR.exe
  C:\Windows\System\YzFWvtR.exe
  2⤵
  PID:3748
- C:\Windows\System\FeSJYGg.exe
  C:\Windows\System\FeSJYGg.exe
  2⤵
  PID:3956
- C:\Windows\System\tFvHbiF.exe
  C:\Windows\System\tFvHbiF.exe
  2⤵
  PID:2680
- C:\Windows\System\JwmjIIQ.exe
  C:\Windows\System\JwmjIIQ.exe
  2⤵
  PID:4128
- C:\Windows\System\JNolSvr.exe
  C:\Windows\System\JNolSvr.exe
  2⤵
  PID:4192
- C:\Windows\System\IqFQjNq.exe
  C:\Windows\System\IqFQjNq.exe
  2⤵
  PID:4224
- C:\Windows\System\SoirNRC.exe
  C:\Windows\System\SoirNRC.exe
  2⤵
  PID:4304
- C:\Windows\System\fPNoOxp.exe
  C:\Windows\System\fPNoOxp.exe
  2⤵
  PID:4320
- C:\Windows\System\dmGQeca.exe
  C:\Windows\System\dmGQeca.exe
  2⤵
  PID:4448
- C:\Windows\System\gIBRxCG.exe
  C:\Windows\System\gIBRxCG.exe
  2⤵
  PID:4496
- C:\Windows\System\YbmHBYA.exe
  C:\Windows\System\YbmHBYA.exe
  2⤵
  PID:4624
- C:\Windows\System\DWKNnUW.exe
  C:\Windows\System\DWKNnUW.exe
  2⤵
  PID:4592
- C:\Windows\System\qhJTpsV.exe
  C:\Windows\System\qhJTpsV.exe
  2⤵
  PID:4704
- C:\Windows\System\enOEBgW.exe
  C:\Windows\System\enOEBgW.exe
  2⤵
  PID:4788
- C:\Windows\System\VwuMUFF.exe
  C:\Windows\System\VwuMUFF.exe
  2⤵
  PID:4912
- C:\Windows\System\SJOWcLQ.exe
  C:\Windows\System\SJOWcLQ.exe
  2⤵
  PID:5012
- C:\Windows\System\IVReEtu.exe
  C:\Windows\System\IVReEtu.exe
  2⤵
  PID:3240
- C:\Windows\System\mUGVfFP.exe
  C:\Windows\System\mUGVfFP.exe
  2⤵
  PID:3976
- C:\Windows\System\XlVMGzy.exe
  C:\Windows\System\XlVMGzy.exe
  2⤵
  PID:4928
- C:\Windows\System\fXvaJCQ.exe
  C:\Windows\System\fXvaJCQ.exe
  2⤵
  PID:5088
- C:\Windows\System\eXGOWja.exe
  C:\Windows\System\eXGOWja.exe
  2⤵
  PID:3880
- C:\Windows\System\IAZNEgX.exe
  C:\Windows\System\IAZNEgX.exe
  2⤵
  PID:4260
- C:\Windows\System\BZYAbMz.exe
  C:\Windows\System\BZYAbMz.exe
  2⤵
  PID:5132
- C:\Windows\System\yPxpyyH.exe
  C:\Windows\System\yPxpyyH.exe
  2⤵
  PID:5152
- C:\Windows\System\tLbIUWV.exe
  C:\Windows\System\tLbIUWV.exe
  2⤵
  PID:5172
- C:\Windows\System\cYjeWuN.exe
  C:\Windows\System\cYjeWuN.exe
  2⤵
  PID:5200
- C:\Windows\System\shbUoXW.exe
  C:\Windows\System\shbUoXW.exe
  2⤵
  PID:5216
- C:\Windows\System\IXmJbac.exe
  C:\Windows\System\IXmJbac.exe
  2⤵
  PID:5236
- C:\Windows\System\gDwRAqj.exe
  C:\Windows\System\gDwRAqj.exe
  2⤵
  PID:5252
- C:\Windows\System\GEjKtks.exe
  C:\Windows\System\GEjKtks.exe
  2⤵
  PID:5276
- C:\Windows\System\cGfGuNd.exe
  C:\Windows\System\cGfGuNd.exe
  2⤵
  PID:5296
- C:\Windows\System\uYlkVDQ.exe
  C:\Windows\System\uYlkVDQ.exe
  2⤵
  PID:5316
- C:\Windows\System\UDHgVCV.exe
  C:\Windows\System\UDHgVCV.exe
  2⤵
  PID:5340
- C:\Windows\System\GyuDbtv.exe
  C:\Windows\System\GyuDbtv.exe
  2⤵
  PID:5356
- C:\Windows\System\xavnTtQ.exe
  C:\Windows\System\xavnTtQ.exe
  2⤵
  PID:5376
- C:\Windows\System\MdLiLaT.exe
  C:\Windows\System\MdLiLaT.exe
  2⤵
  PID:5396
- C:\Windows\System\keLaWPU.exe
  C:\Windows\System\keLaWPU.exe
  2⤵
  PID:5416
- C:\Windows\System\hAGhNoe.exe
  C:\Windows\System\hAGhNoe.exe
  2⤵
  PID:5436
- C:\Windows\System\NdGqIKe.exe
  C:\Windows\System\NdGqIKe.exe
  2⤵
  PID:5456
- C:\Windows\System\mArzIgx.exe
  C:\Windows\System\mArzIgx.exe
  2⤵
  PID:5476
- C:\Windows\System\MxnphHk.exe
  C:\Windows\System\MxnphHk.exe
  2⤵
  PID:5500
- C:\Windows\System\slKEmdo.exe
  C:\Windows\System\slKEmdo.exe
  2⤵
  PID:5524
- C:\Windows\System\XxsZupp.exe
  C:\Windows\System\XxsZupp.exe
  2⤵
  PID:5544
- C:\Windows\System\NXLzPkE.exe
  C:\Windows\System\NXLzPkE.exe
  2⤵
  PID:5564
- C:\Windows\System\vmYmYvL.exe
  C:\Windows\System\vmYmYvL.exe
  2⤵
  PID:5584
- C:\Windows\System\JIqOXno.exe
  C:\Windows\System\JIqOXno.exe
  2⤵
  PID:5604
- C:\Windows\System\fgoaWdo.exe
  C:\Windows\System\fgoaWdo.exe
  2⤵
  PID:5624
- C:\Windows\System\FOXNGmM.exe
  C:\Windows\System\FOXNGmM.exe
  2⤵
  PID:5640
- C:\Windows\System\lTCKApj.exe
  C:\Windows\System\lTCKApj.exe
  2⤵
  PID:5660
- C:\Windows\System\AUicTXo.exe
  C:\Windows\System\AUicTXo.exe
  2⤵
  PID:5688
- C:\Windows\System\DuTjbZZ.exe
  C:\Windows\System\DuTjbZZ.exe
  2⤵
  PID:5712
- C:\Windows\System\MCrReYI.exe
  C:\Windows\System\MCrReYI.exe
  2⤵
  PID:5728
- C:\Windows\System\iduqYwH.exe
  C:\Windows\System\iduqYwH.exe
  2⤵
  PID:5748
- C:\Windows\System\ZcXqGHS.exe
  C:\Windows\System\ZcXqGHS.exe
  2⤵
  PID:5768
- C:\Windows\System\CouLUCn.exe
  C:\Windows\System\CouLUCn.exe
  2⤵
  PID:5784
- C:\Windows\System\PUsBqQa.exe
  C:\Windows\System\PUsBqQa.exe
  2⤵
  PID:5808
- C:\Windows\System\PYQLqOS.exe
  C:\Windows\System\PYQLqOS.exe
  2⤵
  PID:5832
- C:\Windows\System\ordMwLs.exe
  C:\Windows\System\ordMwLs.exe
  2⤵
  PID:5848
- C:\Windows\System\vEXrhVT.exe
  C:\Windows\System\vEXrhVT.exe
  2⤵
  PID:5864
- C:\Windows\System\kriJckM.exe
  C:\Windows\System\kriJckM.exe
  2⤵
  PID:5888
- C:\Windows\System\WLbgZYR.exe
  C:\Windows\System\WLbgZYR.exe
  2⤵
  PID:5908
- C:\Windows\System\DvmxdQQ.exe
  C:\Windows\System\DvmxdQQ.exe
  2⤵
  PID:5932
- C:\Windows\System\exJEtiP.exe
  C:\Windows\System\exJEtiP.exe
  2⤵
  PID:5960
- C:\Windows\System\EpEgeUd.exe
  C:\Windows\System\EpEgeUd.exe
  2⤵
  PID:5980
- C:\Windows\System\jfepezn.exe
  C:\Windows\System\jfepezn.exe
  2⤵
  PID:5996
- C:\Windows\System\BTTsQEm.exe
  C:\Windows\System\BTTsQEm.exe
  2⤵
  PID:6020
- C:\Windows\System\fzXFQGU.exe
  C:\Windows\System\fzXFQGU.exe
  2⤵
  PID:6036
- C:\Windows\System\LMidRQJ.exe
  C:\Windows\System\LMidRQJ.exe
  2⤵
  PID:6056
- C:\Windows\System\NBYlOAI.exe
  C:\Windows\System\NBYlOAI.exe
  2⤵
  PID:6076
- C:\Windows\System\eFGnsAt.exe
  C:\Windows\System\eFGnsAt.exe
  2⤵
  PID:6100
- C:\Windows\System\kPGNgDT.exe
  C:\Windows\System\kPGNgDT.exe
  2⤵
  PID:6116
- C:\Windows\System\TPebBAD.exe
  C:\Windows\System\TPebBAD.exe
  2⤵
  PID:6136
- C:\Windows\System\ITjwqbn.exe
  C:\Windows\System\ITjwqbn.exe
  2⤵
  PID:4420
- C:\Windows\System\yEJfaRu.exe
  C:\Windows\System\yEJfaRu.exe
  2⤵
  PID:4336
- C:\Windows\System\wvgxBBj.exe
  C:\Windows\System\wvgxBBj.exe
  2⤵
  PID:4484
- C:\Windows\System\NxhvNrl.exe
  C:\Windows\System\NxhvNrl.exe
  2⤵
  PID:5104
- C:\Windows\System\iJPRdIu.exe
  C:\Windows\System\iJPRdIu.exe
  2⤵
  PID:4612
- C:\Windows\System\FtGHHlH.exe
  C:\Windows\System\FtGHHlH.exe
  2⤵
  PID:4800
- C:\Windows\System\PTrVWSl.exe
  C:\Windows\System\PTrVWSl.exe
  2⤵
  PID:3108
- C:\Windows\System\gljbuxk.exe
  C:\Windows\System\gljbuxk.exe
  2⤵
  PID:3064
- C:\Windows\System\sRiqVqs.exe
  C:\Windows\System\sRiqVqs.exe
  2⤵
  PID:5168
- C:\Windows\System\crshBXr.exe
  C:\Windows\System\crshBXr.exe
  2⤵
  PID:5060
- C:\Windows\System\Xcfyvab.exe
  C:\Windows\System\Xcfyvab.exe
  2⤵
  PID:5212
- C:\Windows\System\SdwSFqa.exe
  C:\Windows\System\SdwSFqa.exe
  2⤵
  PID:5284
- C:\Windows\System\DlHiANR.exe
  C:\Windows\System\DlHiANR.exe
  2⤵
  PID:3620
- C:\Windows\System\MsWiPJb.exe
  C:\Windows\System\MsWiPJb.exe
  2⤵
  PID:5324
- C:\Windows\System\xLWDBKm.exe
  C:\Windows\System\xLWDBKm.exe
  2⤵
  PID:5328
- C:\Windows\System\zFGvqYV.exe
  C:\Windows\System\zFGvqYV.exe
  2⤵
  PID:5268
- C:\Windows\System\srMylWi.exe
  C:\Windows\System\srMylWi.exe
  2⤵
  PID:5372
- C:\Windows\System\sPRFPvA.exe
  C:\Windows\System\sPRFPvA.exe
  2⤵
  PID:5408
- C:\Windows\System\rWLazoM.exe
  C:\Windows\System\rWLazoM.exe
  2⤵
  PID:5312
- C:\Windows\System\TCCtbvE.exe
  C:\Windows\System\TCCtbvE.exe
  2⤵
  PID:5352
- C:\Windows\System\YcSKRaB.exe
  C:\Windows\System\YcSKRaB.exe
  2⤵
  PID:5392
- C:\Windows\System\LjtElYP.exe
  C:\Windows\System\LjtElYP.exe
  2⤵
  PID:5468
- C:\Windows\System\cMCJYnI.exe
  C:\Windows\System\cMCJYnI.exe
  2⤵
  PID:5576
- C:\Windows\System\VRJEvrQ.exe
  C:\Windows\System\VRJEvrQ.exe
  2⤵
  PID:5648
- C:\Windows\System\EdbEiTP.exe
  C:\Windows\System\EdbEiTP.exe
  2⤵
  PID:5520
- C:\Windows\System\kpPySea.exe
  C:\Windows\System\kpPySea.exe
  2⤵
  PID:5632
- C:\Windows\System\SEBKQZd.exe
  C:\Windows\System\SEBKQZd.exe
  2⤵
  PID:5700
- C:\Windows\System\cujAYDe.exe
  C:\Windows\System\cujAYDe.exe
  2⤵
  PID:5744
- C:\Windows\System\xVbtcEr.exe
  C:\Windows\System\xVbtcEr.exe
  2⤵
  PID:5776
- C:\Windows\System\rZVqPlc.exe
  C:\Windows\System\rZVqPlc.exe
  2⤵
  PID:5756
- C:\Windows\System\VSbfWXI.exe
  C:\Windows\System\VSbfWXI.exe
  2⤵
  PID:5856
- C:\Windows\System\SJCXQle.exe
  C:\Windows\System\SJCXQle.exe
  2⤵
  PID:5904
- C:\Windows\System\OiNOpiX.exe
  C:\Windows\System\OiNOpiX.exe
  2⤵
  PID:5940
- C:\Windows\System\WNUztuj.exe
  C:\Windows\System\WNUztuj.exe
  2⤵
  PID:5876
- C:\Windows\System\LSBhLEg.exe
  C:\Windows\System\LSBhLEg.exe
  2⤵
  PID:5988
- C:\Windows\System\ksOiutg.exe
  C:\Windows\System\ksOiutg.exe
  2⤵
  PID:6072
- C:\Windows\System\TLEZwdL.exe
  C:\Windows\System\TLEZwdL.exe
  2⤵
  PID:6012
- C:\Windows\System\CqXaEwQ.exe
  C:\Windows\System\CqXaEwQ.exe
  2⤵
  PID:6112
- C:\Windows\System\sITwpfj.exe
  C:\Windows\System\sITwpfj.exe
  2⤵
  PID:4144
- C:\Windows\System\ZlUxHkF.exe
  C:\Windows\System\ZlUxHkF.exe
  2⤵
  PID:6096
- C:\Windows\System\KJmUilO.exe
  C:\Windows\System\KJmUilO.exe
  2⤵
  PID:4400
- C:\Windows\System\rusXgRl.exe
  C:\Windows\System\rusXgRl.exe
  2⤵
  PID:320
- C:\Windows\System\vYiNDsl.exe
  C:\Windows\System\vYiNDsl.exe
  2⤵
  PID:6132
- C:\Windows\System\CvqGypF.exe
  C:\Windows\System\CvqGypF.exe
  2⤵
  PID:4708
- C:\Windows\System\tPgpRGD.exe
  C:\Windows\System\tPgpRGD.exe
  2⤵
  PID:5208
- C:\Windows\System\hwnRyCW.exe
  C:\Windows\System\hwnRyCW.exe
  2⤵
  PID:5196
- C:\Windows\System\scIcdcH.exe
  C:\Windows\System\scIcdcH.exe
  2⤵
  PID:4752
- C:\Windows\System\LCXYbEI.exe
  C:\Windows\System\LCXYbEI.exe
  2⤵
  PID:5024
- C:\Windows\System\xsuhDGR.exe
  C:\Windows\System\xsuhDGR.exe
  2⤵
  PID:5140
- C:\Windows\System\EjNoGOy.exe
  C:\Windows\System\EjNoGOy.exe
  2⤵
  PID:5384
- C:\Windows\System\LDnbStN.exe
  C:\Windows\System\LDnbStN.exe
  2⤵
  PID:5292
- C:\Windows\System\vYqimEV.exe
  C:\Windows\System\vYqimEV.exe
  2⤵
  PID:5512
- C:\Windows\System\nBXvfWy.exe
  C:\Windows\System\nBXvfWy.exe
  2⤵
  PID:5264
- C:\Windows\System\eBenZIB.exe
  C:\Windows\System\eBenZIB.exe
  2⤵
  PID:5348
- C:\Windows\System\Gkikras.exe
  C:\Windows\System\Gkikras.exe
  2⤵
  PID:5532
- C:\Windows\System\VkYvAMy.exe
  C:\Windows\System\VkYvAMy.exe
  2⤵
  PID:5620
- C:\Windows\System\PTlrZnt.exe
  C:\Windows\System\PTlrZnt.exe
  2⤵
  PID:5600
- C:\Windows\System\IBcKNYf.exe
  C:\Windows\System\IBcKNYf.exe
  2⤵
  PID:5760
- C:\Windows\System\jouMZvc.exe
  C:\Windows\System\jouMZvc.exe
  2⤵
  PID:5872
- C:\Windows\System\BhkXuKe.exe
  C:\Windows\System\BhkXuKe.exe
  2⤵
  PID:5792
- C:\Windows\System\cbBarxI.exe
  C:\Windows\System\cbBarxI.exe
  2⤵
  PID:5976
- C:\Windows\System\NYVqcTI.exe
  C:\Windows\System\NYVqcTI.exe
  2⤵
  PID:5916
- C:\Windows\System\DrfhJnz.exe
  C:\Windows\System\DrfhJnz.exe
  2⤵
  PID:4404
- C:\Windows\System\TRvfmeP.exe
  C:\Windows\System\TRvfmeP.exe
  2⤵
  PID:4436
- C:\Windows\System\VQXpuwU.exe
  C:\Windows\System\VQXpuwU.exe
  2⤵
  PID:6088
- C:\Windows\System\fUBnOQx.exe
  C:\Windows\System\fUBnOQx.exe
  2⤵
  PID:4276
- C:\Windows\System\xWMsQvy.exe
  C:\Windows\System\xWMsQvy.exe
  2⤵
  PID:5364
- C:\Windows\System\wsIRzqw.exe
  C:\Windows\System\wsIRzqw.exe
  2⤵
  PID:5592
- C:\Windows\System\teatKLy.exe
  C:\Windows\System\teatKLy.exe
  2⤵
  PID:5248
- C:\Windows\System\IulmQCd.exe
  C:\Windows\System\IulmQCd.exe
  2⤵
  PID:5452
- C:\Windows\System\MzYkaGz.exe
  C:\Windows\System\MzYkaGz.exe
  2⤵
  PID:5696
- C:\Windows\System\PrRLGyH.exe
  C:\Windows\System\PrRLGyH.exe
  2⤵
  PID:5228
- C:\Windows\System\ZQqvVII.exe
  C:\Windows\System\ZQqvVII.exe
  2⤵
  PID:5684
- C:\Windows\System\yPOPhIC.exe
  C:\Windows\System\yPOPhIC.exe
  2⤵
  PID:2160
- C:\Windows\System\VxYsmKd.exe
  C:\Windows\System\VxYsmKd.exe
  2⤵
  PID:5804
- C:\Windows\System\TdIXlrl.exe
  C:\Windows\System\TdIXlrl.exe
  2⤵
  PID:1500
- C:\Windows\System\ctRUrPO.exe
  C:\Windows\System\ctRUrPO.exe
  2⤵
  PID:4560
- C:\Windows\System\QiyIdrL.exe
  C:\Windows\System\QiyIdrL.exe
  2⤵
  PID:4368
- C:\Windows\System\epEbAAL.exe
  C:\Windows\System\epEbAAL.exe
  2⤵
  PID:4256
- C:\Windows\System\gwUPAmy.exe
  C:\Windows\System\gwUPAmy.exe
  2⤵
  PID:6160
- C:\Windows\System\CnPPFbj.exe
  C:\Windows\System\CnPPFbj.exe
  2⤵
  PID:6184
- C:\Windows\System\gDHGGgJ.exe
  C:\Windows\System\gDHGGgJ.exe
  2⤵
  PID:6204
- C:\Windows\System\YzrUarm.exe
  C:\Windows\System\YzrUarm.exe
  2⤵
  PID:6224
- C:\Windows\System\gsBRCFJ.exe
  C:\Windows\System\gsBRCFJ.exe
  2⤵
  PID:6244
- C:\Windows\System\xOEmYEe.exe
  C:\Windows\System\xOEmYEe.exe
  2⤵
  PID:6264
- C:\Windows\System\BZeqlpD.exe
  C:\Windows\System\BZeqlpD.exe
  2⤵
  PID:6284
- C:\Windows\System\kUZqDQh.exe
  C:\Windows\System\kUZqDQh.exe
  2⤵
  PID:6300
- C:\Windows\System\jLqGIPT.exe
  C:\Windows\System\jLqGIPT.exe
  2⤵
  PID:6320
- C:\Windows\System\ESJRPqK.exe
  C:\Windows\System\ESJRPqK.exe
  2⤵
  PID:6340
- C:\Windows\System\VOwmaWd.exe
  C:\Windows\System\VOwmaWd.exe
  2⤵
  PID:6360
- C:\Windows\System\loxFJmr.exe
  C:\Windows\System\loxFJmr.exe
  2⤵
  PID:6380
- C:\Windows\System\OpDWRuV.exe
  C:\Windows\System\OpDWRuV.exe
  2⤵
  PID:6404
- C:\Windows\System\iBUdAMo.exe
  C:\Windows\System\iBUdAMo.exe
  2⤵
  PID:6420
- C:\Windows\System\jJkYhHc.exe
  C:\Windows\System\jJkYhHc.exe
  2⤵
  PID:6436
- C:\Windows\System\VxcGSvy.exe
  C:\Windows\System\VxcGSvy.exe
  2⤵
  PID:6460
- C:\Windows\System\FDdMCxO.exe
  C:\Windows\System\FDdMCxO.exe
  2⤵
  PID:6476
- C:\Windows\System\yGaOxXq.exe
  C:\Windows\System\yGaOxXq.exe
  2⤵
  PID:6516
- C:\Windows\System\fSzPpmV.exe
  C:\Windows\System\fSzPpmV.exe
  2⤵
  PID:6536
- C:\Windows\System\KnptoJP.exe
  C:\Windows\System\KnptoJP.exe
  2⤵
  PID:6556
- C:\Windows\System\YtbKuDr.exe
  C:\Windows\System\YtbKuDr.exe
  2⤵
  PID:6576
- C:\Windows\System\Kgtemyb.exe
  C:\Windows\System\Kgtemyb.exe
  2⤵
  PID:6600
- C:\Windows\System\AXslRTM.exe
  C:\Windows\System\AXslRTM.exe
  2⤵
  PID:6616
- C:\Windows\System\BwjMypF.exe
  C:\Windows\System\BwjMypF.exe
  2⤵
  PID:6636
- C:\Windows\System\FuWkeFJ.exe
  C:\Windows\System\FuWkeFJ.exe
  2⤵
  PID:6660
- C:\Windows\System\QSpehVG.exe
  C:\Windows\System\QSpehVG.exe
  2⤵
  PID:6680
- C:\Windows\System\jsytWmt.exe
  C:\Windows\System\jsytWmt.exe
  2⤵
  PID:6696
- C:\Windows\System\LVEvCoJ.exe
  C:\Windows\System\LVEvCoJ.exe
  2⤵
  PID:6716
- C:\Windows\System\GcLTunb.exe
  C:\Windows\System\GcLTunb.exe
  2⤵
  PID:6736
- C:\Windows\System\ABOujPu.exe
  C:\Windows\System\ABOujPu.exe
  2⤵
  PID:6756
- C:\Windows\System\mAKVKDv.exe
  C:\Windows\System\mAKVKDv.exe
  2⤵
  PID:6772
- C:\Windows\System\eBbYjBK.exe
  C:\Windows\System\eBbYjBK.exe
  2⤵
  PID:6800
- C:\Windows\System\suHVyzY.exe
  C:\Windows\System\suHVyzY.exe
  2⤵
  PID:6820
- C:\Windows\System\ejfSgco.exe
  C:\Windows\System\ejfSgco.exe
  2⤵
  PID:6844
- C:\Windows\System\YjhzuMX.exe
  C:\Windows\System\YjhzuMX.exe
  2⤵
  PID:6864
- C:\Windows\System\dWiXHys.exe
  C:\Windows\System\dWiXHys.exe
  2⤵
  PID:6884
- C:\Windows\System\lgMYDop.exe
  C:\Windows\System\lgMYDop.exe
  2⤵
  PID:6904
- C:\Windows\System\bAkviCW.exe
  C:\Windows\System\bAkviCW.exe
  2⤵
  PID:6920
- C:\Windows\System\PWwpRKr.exe
  C:\Windows\System\PWwpRKr.exe
  2⤵
  PID:6940
- C:\Windows\System\ScUOflt.exe
  C:\Windows\System\ScUOflt.exe
  2⤵
  PID:6964
- C:\Windows\System\lhdIrIm.exe
  C:\Windows\System\lhdIrIm.exe
  2⤵
  PID:6980
- C:\Windows\System\cqLhzkI.exe
  C:\Windows\System\cqLhzkI.exe
  2⤵
  PID:7000
- C:\Windows\System\HIluMYz.exe
  C:\Windows\System\HIluMYz.exe
  2⤵
  PID:7020
- C:\Windows\System\ggwfqkk.exe
  C:\Windows\System\ggwfqkk.exe
  2⤵
  PID:7040
- C:\Windows\System\yIBtvds.exe
  C:\Windows\System\yIBtvds.exe
  2⤵
  PID:7064
- C:\Windows\System\TaWapEz.exe
  C:\Windows\System\TaWapEz.exe
  2⤵
  PID:7084
- C:\Windows\System\mpmagwY.exe
  C:\Windows\System\mpmagwY.exe
  2⤵
  PID:7104
- C:\Windows\System\BUZDAvl.exe
  C:\Windows\System\BUZDAvl.exe
  2⤵
  PID:7120
- C:\Windows\System\ikhCEUq.exe
  C:\Windows\System\ikhCEUq.exe
  2⤵
  PID:7140
- C:\Windows\System\gAVupFl.exe
  C:\Windows\System\gAVupFl.exe
  2⤵
  PID:7164
- C:\Windows\System\QaaxHGi.exe
  C:\Windows\System\QaaxHGi.exe
  2⤵
  PID:5192
- C:\Windows\System\EgXevOq.exe
  C:\Windows\System\EgXevOq.exe
  2⤵
  PID:5260
- C:\Windows\System\lyJyMzh.exe
  C:\Windows\System\lyJyMzh.exe
  2⤵
  PID:3684
- C:\Windows\System\EgdPRRh.exe
  C:\Windows\System\EgdPRRh.exe
  2⤵
  PID:5680
- C:\Windows\System\ubrJgdD.exe
  C:\Windows\System\ubrJgdD.exe
  2⤵
  PID:5492
- C:\Windows\System\JsuZwpo.exe
  C:\Windows\System\JsuZwpo.exe
  2⤵
  PID:5800
- C:\Windows\System\BeTwXvp.exe
  C:\Windows\System\BeTwXvp.exe
  2⤵
  PID:6128
- C:\Windows\System\wWUzRbM.exe
  C:\Windows\System\wWUzRbM.exe
  2⤵
  PID:6172
- C:\Windows\System\fJQznlP.exe
  C:\Windows\System\fJQznlP.exe
  2⤵
  PID:5676
- C:\Windows\System\RqrOKjn.exe
  C:\Windows\System\RqrOKjn.exe
  2⤵
  PID:5780
- C:\Windows\System\OVKEdxN.exe
  C:\Windows\System\OVKEdxN.exe
  2⤵
  PID:6252
- C:\Windows\System\henUcnj.exe
  C:\Windows\System\henUcnj.exe
  2⤵
  PID:6156
- C:\Windows\System\HLYVXqw.exe
  C:\Windows\System\HLYVXqw.exe
  2⤵
  PID:6192
- C:\Windows\System\eRnCJQn.exe
  C:\Windows\System\eRnCJQn.exe
  2⤵
  PID:6236
- C:\Windows\System\kceRkvy.exe
  C:\Windows\System\kceRkvy.exe
  2⤵
  PID:6416
- C:\Windows\System\RtFRSiN.exe
  C:\Windows\System\RtFRSiN.exe
  2⤵
  PID:6456
- C:\Windows\System\QwTaurR.exe
  C:\Windows\System\QwTaurR.exe
  2⤵
  PID:6400
- C:\Windows\System\SHwDxmJ.exe
  C:\Windows\System\SHwDxmJ.exe
  2⤵
  PID:6496
- C:\Windows\System\qWXIVoe.exe
  C:\Windows\System\qWXIVoe.exe
  2⤵
  PID:6388
- C:\Windows\System\VOQwRaW.exe
  C:\Windows\System\VOQwRaW.exe
  2⤵
  PID:6504
- C:\Windows\System\dGZYATD.exe
  C:\Windows\System\dGZYATD.exe
  2⤵
  PID:6552
- C:\Windows\System\oAGtwdR.exe
  C:\Windows\System\oAGtwdR.exe
  2⤵
  PID:2692
- C:\Windows\System\NSvndes.exe
  C:\Windows\System\NSvndes.exe
  2⤵
  PID:6572
- C:\Windows\System\vOeFzFp.exe
  C:\Windows\System\vOeFzFp.exe
  2⤵
  PID:6644
- C:\Windows\System\WfClMdW.exe
  C:\Windows\System\WfClMdW.exe
  2⤵
  PID:6652
- C:\Windows\System\tkMAFBS.exe
  C:\Windows\System\tkMAFBS.exe
  2⤵
  PID:6712
- C:\Windows\System\BAJEVxx.exe
  C:\Windows\System\BAJEVxx.exe
  2⤵
  PID:6748
- C:\Windows\System\zGKwSPc.exe
  C:\Windows\System\zGKwSPc.exe
  2⤵
  PID:6784
- C:\Windows\System\xoJlnPY.exe
  C:\Windows\System\xoJlnPY.exe
  2⤵
  PID:6796
- C:\Windows\System\FVKEzTZ.exe
  C:\Windows\System\FVKEzTZ.exe
  2⤵
  PID:6808
- C:\Windows\System\UzSMVTo.exe
  C:\Windows\System\UzSMVTo.exe
  2⤵
  PID:6840
- C:\Windows\System\LJSngZG.exe
  C:\Windows\System\LJSngZG.exe
  2⤵
  PID:6880
- C:\Windows\System\ntKerSV.exe
  C:\Windows\System\ntKerSV.exe
  2⤵
  PID:6892
- C:\Windows\System\xCvBtGv.exe
  C:\Windows\System\xCvBtGv.exe
  2⤵
  PID:6900
- C:\Windows\System\tsEGJzA.exe
  C:\Windows\System\tsEGJzA.exe
  2⤵
  PID:6960
- C:\Windows\System\xHOJKBR.exe
  C:\Windows\System\xHOJKBR.exe
  2⤵
  PID:6988
- C:\Windows\System\BGnQhGM.exe
  C:\Windows\System\BGnQhGM.exe
  2⤵
  PID:6972
- C:\Windows\System\KCHTYNR.exe
  C:\Windows\System\KCHTYNR.exe
  2⤵
  PID:7076
- C:\Windows\System\FThcqtY.exe
  C:\Windows\System\FThcqtY.exe
  2⤵
  PID:7112
- C:\Windows\System\smfxPDC.exe
  C:\Windows\System\smfxPDC.exe
  2⤵
  PID:7056
- C:\Windows\System\pwJkCWw.exe
  C:\Windows\System\pwJkCWw.exe
  2⤵
  PID:7096
- C:\Windows\System\SRgxymZ.exe
  C:\Windows\System\SRgxymZ.exe
  2⤵
  PID:7160
- C:\Windows\System\IfrUNBh.exe
  C:\Windows\System\IfrUNBh.exe
  2⤵
  PID:7128
- C:\Windows\System\bVBJfHw.exe
  C:\Windows\System\bVBJfHw.exe
  2⤵
  PID:5432
- C:\Windows\System\BPwUawc.exe
  C:\Windows\System\BPwUawc.exe
  2⤵
  PID:5124
- C:\Windows\System\cbCSzJP.exe
  C:\Windows\System\cbCSzJP.exe
  2⤵
  PID:1128
- C:\Windows\System\cGAwLOD.exe
  C:\Windows\System\cGAwLOD.exe
  2⤵
  PID:6052
- C:\Windows\System\bNSQsnV.exe
  C:\Windows\System\bNSQsnV.exe
  2⤵
  PID:6176
- C:\Windows\System\ItXDnBC.exe
  C:\Windows\System\ItXDnBC.exe
  2⤵
  PID:1980
- C:\Windows\System\ELbLEYr.exe
  C:\Windows\System\ELbLEYr.exe
  2⤵
  PID:6152
- C:\Windows\System\cLRWAWb.exe
  C:\Windows\System\cLRWAWb.exe
  2⤵
  PID:5540
- C:\Windows\System\vAmuQSJ.exe
  C:\Windows\System\vAmuQSJ.exe
  2⤵
  PID:1152
- C:\Windows\System\iHBMYkO.exe
  C:\Windows\System\iHBMYkO.exe
  2⤵
  PID:6472
- C:\Windows\System\edDKZHU.exe
  C:\Windows\System\edDKZHU.exe
  2⤵
  PID:2020
- C:\Windows\System\ImPLjnx.exe
  C:\Windows\System\ImPLjnx.exe
  2⤵
  PID:6432
- C:\Windows\System\YLPkNyk.exe
  C:\Windows\System\YLPkNyk.exe
  2⤵
  PID:6272
- C:\Windows\System\iUTkpbN.exe
  C:\Windows\System\iUTkpbN.exe
  2⤵
  PID:6584
- C:\Windows\System\PvEeGHU.exe
  C:\Windows\System\PvEeGHU.exe
  2⤵
  PID:6612
- C:\Windows\System\MmorbNG.exe
  C:\Windows\System\MmorbNG.exe
  2⤵
  PID:6728
- C:\Windows\System\mWQfhjY.exe
  C:\Windows\System\mWQfhjY.exe
  2⤵
  PID:6568
- C:\Windows\System\AGzZjWF.exe
  C:\Windows\System\AGzZjWF.exe
  2⤵
  PID:2560
- C:\Windows\System\DfbcseK.exe
  C:\Windows\System\DfbcseK.exe
  2⤵
  PID:4148
- C:\Windows\System\ZIvDNAz.exe
  C:\Windows\System\ZIvDNAz.exe
  2⤵
  PID:2608
- C:\Windows\System\szyKRvs.exe
  C:\Windows\System\szyKRvs.exe
  2⤵
  PID:7048
- C:\Windows\System\VVbhxDm.exe
  C:\Windows\System\VVbhxDm.exe
  2⤵
  PID:6752
- C:\Windows\System\pFFMVyj.exe
  C:\Windows\System\pFFMVyj.exe
  2⤵
  PID:6836
- C:\Windows\System\QjswdpB.exe
  C:\Windows\System\QjswdpB.exe
  2⤵
  PID:2212
- C:\Windows\System\HgVPOTL.exe
  C:\Windows\System\HgVPOTL.exe
  2⤵
  PID:6860
- C:\Windows\System\JSTpQxO.exe
  C:\Windows\System\JSTpQxO.exe
  2⤵
  PID:6948
- C:\Windows\System\BahVrKI.exe
  C:\Windows\System\BahVrKI.exe
  2⤵
  PID:6220
- C:\Windows\System\KiaUqSt.exe
  C:\Windows\System\KiaUqSt.exe
  2⤵
  PID:7116
- C:\Windows\System\JsVUtQh.exe
  C:\Windows\System\JsVUtQh.exe
  2⤵
  PID:2960
- C:\Windows\System\XHcyKIf.exe
  C:\Windows\System\XHcyKIf.exe
  2⤵
  PID:5764
- C:\Windows\System\GatUxNO.exe
  C:\Windows\System\GatUxNO.exe
  2⤵
  PID:5948
- C:\Windows\System\LtbBgUW.exe
  C:\Windows\System\LtbBgUW.exe
  2⤵
  PID:5536
- C:\Windows\System\qMyePTW.exe
  C:\Windows\System\qMyePTW.exe
  2⤵
  PID:5652
- C:\Windows\System\jUBbEay.exe
  C:\Windows\System\jUBbEay.exe
  2⤵
  PID:6296
- C:\Windows\System\ZhjnokW.exe
  C:\Windows\System\ZhjnokW.exe
  2⤵
  PID:2900
- C:\Windows\System\oBtZuHQ.exe
  C:\Windows\System\oBtZuHQ.exe
  2⤵
  PID:1568
- C:\Windows\System\FvOnmxr.exe
  C:\Windows\System\FvOnmxr.exe
  2⤵
  PID:6508
- C:\Windows\System\wKyHsmP.exe
  C:\Windows\System\wKyHsmP.exe
  2⤵
  PID:6372
- C:\Windows\System\CiRhzTx.exe
  C:\Windows\System\CiRhzTx.exe
  2⤵
  PID:6524
- C:\Windows\System\qvfYcBE.exe
  C:\Windows\System\qvfYcBE.exe
  2⤵
  PID:6564
- C:\Windows\System\QCYvbkw.exe
  C:\Windows\System\QCYvbkw.exe
  2⤵
  PID:6872
- C:\Windows\System\mebXvqg.exe
  C:\Windows\System\mebXvqg.exe
  2⤵
  PID:2132
- C:\Windows\System\vSzGHxv.exe
  C:\Windows\System\vSzGHxv.exe
  2⤵
  PID:2696
- C:\Windows\System\aOllpRc.exe
  C:\Windows\System\aOllpRc.exe
  2⤵
  PID:6936
- C:\Windows\System\nNeuCqJ.exe
  C:\Windows\System\nNeuCqJ.exe
  2⤵
  PID:6124
- C:\Windows\System\zaRyHIJ.exe
  C:\Windows\System\zaRyHIJ.exe
  2⤵
  PID:2720
- C:\Windows\System\GyVPhQd.exe
  C:\Windows\System\GyVPhQd.exe
  2⤵
  PID:3700
- C:\Windows\System\SKKyFOO.exe
  C:\Windows\System\SKKyFOO.exe
  2⤵
  PID:7016
- C:\Windows\System\QNglhZH.exe
  C:\Windows\System\QNglhZH.exe
  2⤵
  PID:2800
- C:\Windows\System\AnoHMHt.exe
  C:\Windows\System\AnoHMHt.exe
  2⤵
  PID:6308
- C:\Windows\System\tmlTGBo.exe
  C:\Windows\System\tmlTGBo.exe
  2⤵
  PID:6816
- C:\Windows\System\PrmKCVh.exe
  C:\Windows\System\PrmKCVh.exe
  2⤵
  PID:2540
- C:\Windows\System\ywkYbMj.exe
  C:\Windows\System\ywkYbMj.exe
  2⤵
  PID:2992
- C:\Windows\System\sIOzaoY.exe
  C:\Windows\System\sIOzaoY.exe
  2⤵
  PID:5952
- C:\Windows\System\bBkeVNM.exe
  C:\Windows\System\bBkeVNM.exe
  2⤵
  PID:1668
- C:\Windows\System\BnWmQjZ.exe
  C:\Windows\System\BnWmQjZ.exe
  2⤵
  PID:1440
- C:\Windows\System\vTUmIcC.exe
  C:\Windows\System\vTUmIcC.exe
  2⤵
  PID:2660
- C:\Windows\System\OdgMhil.exe
  C:\Windows\System\OdgMhil.exe
  2⤵
  PID:5880
- C:\Windows\System\ORInwNo.exe
  C:\Windows\System\ORInwNo.exe
  2⤵
  PID:7032
- C:\Windows\System\wpArgoW.exe
  C:\Windows\System\wpArgoW.exe
  2⤵
  PID:4848
- C:\Windows\System\CZnYIWX.exe
  C:\Windows\System\CZnYIWX.exe
  2⤵
  PID:2648
- C:\Windows\System\MVNGwRB.exe
  C:\Windows\System\MVNGwRB.exe
  2⤵
  PID:7136
- C:\Windows\System\iNQDYVu.exe
  C:\Windows\System\iNQDYVu.exe
  2⤵
  PID:4176
- C:\Windows\System\Xapxodc.exe
  C:\Windows\System\Xapxodc.exe
  2⤵
  PID:7184
- C:\Windows\System\NdoDIaE.exe
  C:\Windows\System\NdoDIaE.exe
  2⤵
  PID:7200
- C:\Windows\System\WhYMRfq.exe
  C:\Windows\System\WhYMRfq.exe
  2⤵
  PID:7216
- C:\Windows\System\arOGAAv.exe
  C:\Windows\System\arOGAAv.exe
  2⤵
  PID:7232
- C:\Windows\System\HABJBHR.exe
  C:\Windows\System\HABJBHR.exe
  2⤵
  PID:7248
- C:\Windows\System\bagOgUF.exe
  C:\Windows\System\bagOgUF.exe
  2⤵
  PID:7324
- C:\Windows\System\nMZaqmc.exe
  C:\Windows\System\nMZaqmc.exe
  2⤵
  PID:7372
- C:\Windows\System\BcCUsrz.exe
  C:\Windows\System\BcCUsrz.exe
  2⤵
  PID:7396
- C:\Windows\System\ZVgsxlJ.exe
  C:\Windows\System\ZVgsxlJ.exe
  2⤵
  PID:7412
- C:\Windows\System\WBArjsi.exe
  C:\Windows\System\WBArjsi.exe
  2⤵
  PID:7428
- C:\Windows\System\mbQKPgd.exe
  C:\Windows\System\mbQKPgd.exe
  2⤵
  PID:7448
- C:\Windows\System\xjyEZpN.exe
  C:\Windows\System\xjyEZpN.exe
  2⤵
  PID:7468
- C:\Windows\System\cpuJCge.exe
  C:\Windows\System\cpuJCge.exe
  2⤵
  PID:7484
- C:\Windows\System\JsOfWhM.exe
  C:\Windows\System\JsOfWhM.exe
  2⤵
  PID:7500
- C:\Windows\System\xJWAPgy.exe
  C:\Windows\System\xJWAPgy.exe
  2⤵
  PID:7516
- C:\Windows\System\vdnBCLa.exe
  C:\Windows\System\vdnBCLa.exe
  2⤵
  PID:7532
- C:\Windows\System\bMipjad.exe
  C:\Windows\System\bMipjad.exe
  2⤵
  PID:7548
- C:\Windows\System\knXvnxM.exe
  C:\Windows\System\knXvnxM.exe
  2⤵
  PID:7564
- C:\Windows\System\VKhZiFe.exe
  C:\Windows\System\VKhZiFe.exe
  2⤵
  PID:7620
- C:\Windows\System\YKOKqYO.exe
  C:\Windows\System\YKOKqYO.exe
  2⤵
  PID:7636
- C:\Windows\System\nhzWunk.exe
  C:\Windows\System\nhzWunk.exe
  2⤵
  PID:7652
- C:\Windows\System\KlCHTnz.exe
  C:\Windows\System\KlCHTnz.exe
  2⤵
  PID:7668
- C:\Windows\System\VRhbxzR.exe
  C:\Windows\System\VRhbxzR.exe
  2⤵
  PID:7684
- C:\Windows\System\HKdDbMY.exe
  C:\Windows\System\HKdDbMY.exe
  2⤵
  PID:7700
- C:\Windows\System\IXqWpgL.exe
  C:\Windows\System\IXqWpgL.exe
  2⤵
  PID:7716
- C:\Windows\System\OsFmUrH.exe
  C:\Windows\System\OsFmUrH.exe
  2⤵
  PID:7732
- C:\Windows\System\mhKcUyu.exe
  C:\Windows\System\mhKcUyu.exe
  2⤵
  PID:7748
- C:\Windows\System\liYWEUS.exe
  C:\Windows\System\liYWEUS.exe
  2⤵
  PID:7764
- C:\Windows\System\LvCSPtk.exe
  C:\Windows\System\LvCSPtk.exe
  2⤵
  PID:7784
- C:\Windows\System\TJFwcxe.exe
  C:\Windows\System\TJFwcxe.exe
  2⤵
  PID:7804
- C:\Windows\System\UWEjCry.exe
  C:\Windows\System\UWEjCry.exe
  2⤵
  PID:7828
- C:\Windows\System\ppNioBq.exe
  C:\Windows\System\ppNioBq.exe
  2⤵
  PID:7844
- C:\Windows\System\pfXvOpD.exe
  C:\Windows\System\pfXvOpD.exe
  2⤵
  PID:7860
- C:\Windows\System\OUqPXhP.exe
  C:\Windows\System\OUqPXhP.exe
  2⤵
  PID:7876
- C:\Windows\System\cXplxAY.exe
  C:\Windows\System\cXplxAY.exe
  2⤵
  PID:7896
- C:\Windows\System\lfHaQGn.exe
  C:\Windows\System\lfHaQGn.exe
  2⤵
  PID:7912
- C:\Windows\System\TwoENSl.exe
  C:\Windows\System\TwoENSl.exe
  2⤵
  PID:7932
- C:\Windows\System\UQxFhCz.exe
  C:\Windows\System\UQxFhCz.exe
  2⤵
  PID:7952
- C:\Windows\System\jdivoQM.exe
  C:\Windows\System\jdivoQM.exe
  2⤵
  PID:7968
- C:\Windows\System\QYIfhQF.exe
  C:\Windows\System\QYIfhQF.exe
  2⤵
  PID:7984
- C:\Windows\System\MXSgOOO.exe
  C:\Windows\System\MXSgOOO.exe
  2⤵
  PID:8000
- C:\Windows\System\IoYdfMo.exe
  C:\Windows\System\IoYdfMo.exe
  2⤵
  PID:8016
- C:\Windows\System\pJIhaSW.exe
  C:\Windows\System\pJIhaSW.exe
  2⤵
  PID:8032
- C:\Windows\System\OgEJfAc.exe
  C:\Windows\System\OgEJfAc.exe
  2⤵
  PID:8056
- C:\Windows\System\zHMuGOS.exe
  C:\Windows\System\zHMuGOS.exe
  2⤵
  PID:8072
- C:\Windows\System\tkMPqjh.exe
  C:\Windows\System\tkMPqjh.exe
  2⤵
  PID:8088
- C:\Windows\System\PSoZMZz.exe
  C:\Windows\System\PSoZMZz.exe
  2⤵
  PID:8104
- C:\Windows\System\RslyhpM.exe
  C:\Windows\System\RslyhpM.exe
  2⤵
  PID:8120
- C:\Windows\System\kjpdsXX.exe
  C:\Windows\System\kjpdsXX.exe
  2⤵
  PID:8136
- C:\Windows\System\kYbwBmY.exe
  C:\Windows\System\kYbwBmY.exe
  2⤵
  PID:8152
- C:\Windows\System\NISdJZO.exe
  C:\Windows\System\NISdJZO.exe
  2⤵
  PID:8172
- C:\Windows\System\wgwhret.exe
  C:\Windows\System\wgwhret.exe
  2⤵
  PID:8188
- C:\Windows\System\dtcmBug.exe
  C:\Windows\System\dtcmBug.exe
  2⤵
  PID:6628
- C:\Windows\System\fJRtpMs.exe
  C:\Windows\System\fJRtpMs.exe
  2⤵
  PID:1112
- C:\Windows\System\ApmPvqq.exe
  C:\Windows\System\ApmPvqq.exe
  2⤵
  PID:2192
- C:\Windows\System\aLoGtVW.exe
  C:\Windows\System\aLoGtVW.exe
  2⤵
  PID:6732
- C:\Windows\System\mkkSmRS.exe
  C:\Windows\System\mkkSmRS.exe
  2⤵
  PID:3444
- C:\Windows\System\GQvGjOR.exe
  C:\Windows\System\GQvGjOR.exe
  2⤵
  PID:5928
- C:\Windows\System\qstjFwP.exe
  C:\Windows\System\qstjFwP.exe
  2⤵
  PID:1640
- C:\Windows\System\uheyezO.exe
  C:\Windows\System\uheyezO.exe
  2⤵
  PID:7196
- C:\Windows\System\LFIUnae.exe
  C:\Windows\System\LFIUnae.exe
  2⤵
  PID:1524
- C:\Windows\System\VHOOdKV.exe
  C:\Windows\System\VHOOdKV.exe
  2⤵
  PID:6992
- C:\Windows\System\KfVlgnh.exe
  C:\Windows\System\KfVlgnh.exe
  2⤵
  PID:536
- C:\Windows\System\XjxJXtc.exe
  C:\Windows\System\XjxJXtc.exe
  2⤵
  PID:6688
- C:\Windows\System\oceWviH.exe
  C:\Windows\System\oceWviH.exe
  2⤵
  PID:2140
- C:\Windows\System\fzgebwv.exe
  C:\Windows\System\fzgebwv.exe
  2⤵
  PID:7176
- C:\Windows\System\hGDQQTN.exe
  C:\Windows\System\hGDQQTN.exe
  2⤵
  PID:7256
- C:\Windows\System\XHqMzae.exe
  C:\Windows\System\XHqMzae.exe
  2⤵
  PID:2700
- C:\Windows\System\uTiJBgd.exe
  C:\Windows\System\uTiJBgd.exe
  2⤵
  PID:7284
- C:\Windows\System\MvMkDhL.exe
  C:\Windows\System\MvMkDhL.exe
  2⤵
  PID:7300
- C:\Windows\System\OwvjSVg.exe
  C:\Windows\System\OwvjSVg.exe
  2⤵
  PID:7316
- C:\Windows\System\MThgUnU.exe
  C:\Windows\System\MThgUnU.exe
  2⤵
  PID:2472
- C:\Windows\System\rvvCRkU.exe
  C:\Windows\System\rvvCRkU.exe
  2⤵
  PID:4900
- C:\Windows\System\dXnSzWq.exe
  C:\Windows\System\dXnSzWq.exe
  2⤵
  PID:6332
- C:\Windows\System\oeGdFpB.exe
  C:\Windows\System\oeGdFpB.exe
  2⤵
  PID:496
- C:\Windows\System\omZMWxW.exe
  C:\Windows\System\omZMWxW.exe
  2⤵
  PID:7344
- C:\Windows\System\iRFwBtG.exe
  C:\Windows\System\iRFwBtG.exe
  2⤵
  PID:5308
- C:\Windows\System\fcHxQlF.exe
  C:\Windows\System\fcHxQlF.exe
  2⤵
  PID:6312
- C:\Windows\System\fjGejhF.exe
  C:\Windows\System\fjGejhF.exe
  2⤵
  PID:7444
- C:\Windows\System\RvQxxZk.exe
  C:\Windows\System\RvQxxZk.exe
  2⤵
  PID:7508
- C:\Windows\System\FIbcCNB.exe
  C:\Windows\System\FIbcCNB.exe
  2⤵
  PID:7544
- C:\Windows\System\mhCtDqD.exe
  C:\Windows\System\mhCtDqD.exe
  2⤵
  PID:7556
- C:\Windows\System\rtTJZWr.exe
  C:\Windows\System\rtTJZWr.exe
  2⤵
  PID:7496
- C:\Windows\System\lPmraFM.exe
  C:\Windows\System\lPmraFM.exe
  2⤵
  PID:7576
- C:\Windows\System\VLaPumz.exe
  C:\Windows\System\VLaPumz.exe
  2⤵
  PID:7592
- C:\Windows\System\RWocRPz.exe
  C:\Windows\System\RWocRPz.exe
  2⤵
  PID:7608
- C:\Windows\System\orkDDem.exe
  C:\Windows\System\orkDDem.exe
  2⤵
  PID:7648
- C:\Windows\System\fNMJdaa.exe
  C:\Windows\System\fNMJdaa.exe
  2⤵
  PID:7856
- C:\Windows\System\iWvIBkN.exe
  C:\Windows\System\iWvIBkN.exe
  2⤵
  PID:7792
- C:\Windows\System\ERaqQnh.exe
  C:\Windows\System\ERaqQnh.exe
  2⤵
  PID:8052
- C:\Windows\System\cikgAQe.exe
  C:\Windows\System\cikgAQe.exe
  2⤵
  PID:8168
- C:\Windows\System\dWEyawH.exe
  C:\Windows\System\dWEyawH.exe
  2⤵
  PID:6216
- C:\Windows\System\QZCWhGB.exe
  C:\Windows\System\QZCWhGB.exe
  2⤵
  PID:5924
- C:\Windows\System\fUDhrTc.exe
  C:\Windows\System\fUDhrTc.exe
  2⤵
  PID:5496
- C:\Windows\System\QXEJwRH.exe
  C:\Windows\System\QXEJwRH.exe
  2⤵
  PID:4644
- C:\Windows\System\hrIdiJm.exe
  C:\Windows\System\hrIdiJm.exe
  2⤵
  PID:7228
- C:\Windows\System\UsWUdOJ.exe
  C:\Windows\System\UsWUdOJ.exe
  2⤵
  PID:7212
- C:\Windows\System\NwmdxPI.exe
  C:\Windows\System\NwmdxPI.exe
  2⤵
  PID:7280
- C:\Windows\System\cGXDqaz.exe
  C:\Windows\System\cGXDqaz.exe
  2⤵
  PID:5336
- C:\Windows\System\IawvuEr.exe
  C:\Windows\System\IawvuEr.exe
  2⤵
  PID:7336
- C:\Windows\System\mTYZShN.exe
  C:\Windows\System\mTYZShN.exe
  2⤵
  PID:7340
- C:\Windows\System\zwbvQYm.exe
  C:\Windows\System\zwbvQYm.exe
  2⤵
  PID:7380
- C:\Windows\System\ZKLdhVg.exe
  C:\Windows\System\ZKLdhVg.exe
  2⤵
  PID:7156
- C:\Windows\System\UFBCPDW.exe
  C:\Windows\System\UFBCPDW.exe
  2⤵
  PID:3036
- C:\Windows\System\fOHYMci.exe
  C:\Windows\System\fOHYMci.exe
  2⤵
  PID:7352
- C:\Windows\System\PidloDQ.exe
  C:\Windows\System\PidloDQ.exe
  2⤵
  PID:7404
- C:\Windows\System\yYnAAYs.exe
  C:\Windows\System\yYnAAYs.exe
  2⤵
  PID:7480
- C:\Windows\System\JcuWFOf.exe
  C:\Windows\System\JcuWFOf.exe
  2⤵
  PID:7560
- C:\Windows\System\wOLQlqv.exe
  C:\Windows\System\wOLQlqv.exe
  2⤵
  PID:7492
- C:\Windows\System\UJRnIqT.exe
  C:\Windows\System\UJRnIqT.exe
  2⤵
  PID:7708
- C:\Windows\System\TTkDvGs.exe
  C:\Windows\System\TTkDvGs.exe
  2⤵
  PID:7772
- C:\Windows\System\alchATB.exe
  C:\Windows\System\alchATB.exe
  2⤵
  PID:7776
- C:\Windows\System\ZvbvoOV.exe
  C:\Windows\System\ZvbvoOV.exe
  2⤵
  PID:7816
- C:\Windows\System\PJbRMHY.exe
  C:\Windows\System\PJbRMHY.exe
  2⤵
  PID:7888
- C:\Windows\System\sZnLqQZ.exe
  C:\Windows\System\sZnLqQZ.exe
  2⤵
  PID:7928
- C:\Windows\System\TjQcdLo.exe
  C:\Windows\System\TjQcdLo.exe
  2⤵
  PID:8024
- C:\Windows\System\HYykZyG.exe
  C:\Windows\System\HYykZyG.exe
  2⤵
  PID:7632
- C:\Windows\System\pmomDxm.exe
  C:\Windows\System\pmomDxm.exe
  2⤵
  PID:7660
- C:\Windows\System\nHnYSSH.exe
  C:\Windows\System\nHnYSSH.exe
  2⤵
  PID:7836
- C:\Windows\System\nIefsqE.exe
  C:\Windows\System\nIefsqE.exe
  2⤵
  PID:7940
- C:\Windows\System\odwmAfV.exe
  C:\Windows\System\odwmAfV.exe
  2⤵
  PID:7944
- C:\Windows\System\vGSfMsj.exe
  C:\Windows\System\vGSfMsj.exe
  2⤵
  PID:8064
- C:\Windows\System\XZsPcDp.exe
  C:\Windows\System\XZsPcDp.exe
  2⤵
  PID:8040
- C:\Windows\System\ZGYLBRm.exe
  C:\Windows\System\ZGYLBRm.exe
  2⤵
  PID:8096
- C:\Windows\System\qywIIDV.exe
  C:\Windows\System\qywIIDV.exe
  2⤵
  PID:8132
- C:\Windows\System\xAcNqHn.exe
  C:\Windows\System\xAcNqHn.exe
  2⤵
  PID:8148
- C:\Windows\System\QiCDpIU.exe
  C:\Windows\System\QiCDpIU.exe
  2⤵
  PID:2744
- C:\Windows\System\jFGEdmT.exe
  C:\Windows\System\jFGEdmT.exe
  2⤵
  PID:7292
- C:\Windows\System\etSwBAL.exe
  C:\Windows\System\etSwBAL.exe
  2⤵
  PID:1940
- C:\Windows\System\BqFswxp.exe
  C:\Windows\System\BqFswxp.exe
  2⤵
  PID:7740
- C:\Windows\System\xnscKAE.exe
  C:\Windows\System\xnscKAE.exe
  2⤵
  PID:7992
- C:\Windows\System\bALEAQH.exe
  C:\Windows\System\bALEAQH.exe
  2⤵
  PID:8008
- C:\Windows\System\BLhzrIs.exe
  C:\Windows\System\BLhzrIs.exe
  2⤵
  PID:1168
- C:\Windows\System\PCYCGTd.exe
  C:\Windows\System\PCYCGTd.exe
  2⤵
  PID:7780
- C:\Windows\System\EhTNEbs.exe
  C:\Windows\System\EhTNEbs.exe
  2⤵
  PID:7296
- C:\Windows\System\YWaNTJF.exe
  C:\Windows\System\YWaNTJF.exe
  2⤵
  PID:7644
- C:\Windows\System\jfLEFBP.exe
  C:\Windows\System\jfLEFBP.exe
  2⤵
  PID:7964
- C:\Windows\System\wyTPRnB.exe
  C:\Windows\System\wyTPRnB.exe
  2⤵
  PID:7408
- C:\Windows\System\fEjPMrq.exe
  C:\Windows\System\fEjPMrq.exe
  2⤵
  PID:7524
- C:\Windows\System\CWquAdN.exe
  C:\Windows\System\CWquAdN.exe
  2⤵
  PID:7996
- C:\Windows\System\JWQCHtc.exe
  C:\Windows\System\JWQCHtc.exe
  2⤵
  PID:7976
- C:\Windows\System\bTAooya.exe
  C:\Windows\System\bTAooya.exe
  2⤵
  PID:7692
- C:\Windows\System\YDqTgmA.exe
  C:\Windows\System\YDqTgmA.exe
  2⤵
  PID:8100
- C:\Windows\System\ZPsEYra.exe
  C:\Windows\System\ZPsEYra.exe
  2⤵
  PID:8180
- C:\Windows\System\QQCGNIJ.exe
  C:\Windows\System\QQCGNIJ.exe
  2⤵
  PID:8012
- C:\Windows\System\HMqtIKQ.exe
  C:\Windows\System\HMqtIKQ.exe
  2⤵
  PID:5508
- C:\Windows\System\SnnFIfi.exe
  C:\Windows\System\SnnFIfi.exe
  2⤵
  PID:7244
- C:\Windows\System\ilOujph.exe
  C:\Windows\System\ilOujph.exe
  2⤵
  PID:7364
- C:\Windows\System\TvfKWPs.exe
  C:\Windows\System\TvfKWPs.exe
  2⤵
  PID:4356
- C:\Windows\System\zOdivhb.exe
  C:\Windows\System\zOdivhb.exe
  2⤵
  PID:7796
- C:\Windows\System\QFAROsl.exe
  C:\Windows\System\QFAROsl.exe
  2⤵
  PID:7924
- C:\Windows\System\pMSgKaM.exe
  C:\Windows\System\pMSgKaM.exe
  2⤵
  PID:7464
- C:\Windows\System\xlPzNSv.exe
  C:\Windows\System\xlPzNSv.exe
  2⤵
  PID:6852
- C:\Windows\System\lEYVKRO.exe
  C:\Windows\System\lEYVKRO.exe
  2⤵
  PID:7308
- C:\Windows\System\gLYcXPi.exe
  C:\Windows\System\gLYcXPi.exe
  2⤵
  PID:8208
- C:\Windows\System\QQhgqff.exe
  C:\Windows\System\QQhgqff.exe
  2⤵
  PID:8224
- C:\Windows\System\lIjQZHt.exe
  C:\Windows\System\lIjQZHt.exe
  2⤵
  PID:8244
- C:\Windows\System\gHYSavb.exe
  C:\Windows\System\gHYSavb.exe
  2⤵
  PID:8284
- C:\Windows\System\LFCicqL.exe
  C:\Windows\System\LFCicqL.exe
  2⤵
  PID:8364
- C:\Windows\System\TlqfEXn.exe
  C:\Windows\System\TlqfEXn.exe
  2⤵
  PID:8380
- C:\Windows\System\iVHuDFP.exe
  C:\Windows\System\iVHuDFP.exe
  2⤵
  PID:8400
- C:\Windows\System\xOTOxca.exe
  C:\Windows\System\xOTOxca.exe
  2⤵
  PID:8420
- C:\Windows\System\scwhCaz.exe
  C:\Windows\System\scwhCaz.exe
  2⤵
  PID:8436
- C:\Windows\System\SyJfWRC.exe
  C:\Windows\System\SyJfWRC.exe
  2⤵
  PID:8452
- C:\Windows\System\VckfkKH.exe
  C:\Windows\System\VckfkKH.exe
  2⤵
  PID:8468
- C:\Windows\System\tvLlfHf.exe
  C:\Windows\System\tvLlfHf.exe
  2⤵
  PID:8484
- C:\Windows\System\UYNRsdT.exe
  C:\Windows\System\UYNRsdT.exe
  2⤵
  PID:8500
- C:\Windows\System\dyGJwXs.exe
  C:\Windows\System\dyGJwXs.exe
  2⤵
  PID:8516
- C:\Windows\System\UIjBGoZ.exe
  C:\Windows\System\UIjBGoZ.exe
  2⤵
  PID:8532
- C:\Windows\System\RWPobSq.exe
  C:\Windows\System\RWPobSq.exe
  2⤵
  PID:8548
- C:\Windows\System\ctdPqKb.exe
  C:\Windows\System\ctdPqKb.exe
  2⤵
  PID:8564
- C:\Windows\System\fVNNUnF.exe
  C:\Windows\System\fVNNUnF.exe
  2⤵
  PID:8580
- C:\Windows\System\FVjhtaz.exe
  C:\Windows\System\FVjhtaz.exe
  2⤵
  PID:8596
- C:\Windows\System\ZGUYTqE.exe
  C:\Windows\System\ZGUYTqE.exe
  2⤵
  PID:8612
- C:\Windows\System\DZsavJU.exe
  C:\Windows\System\DZsavJU.exe
  2⤵
  PID:8628
- C:\Windows\System\JVphniZ.exe
  C:\Windows\System\JVphniZ.exe
  2⤵
  PID:8644
- C:\Windows\System\iOMOqGg.exe
  C:\Windows\System\iOMOqGg.exe
  2⤵
  PID:8660
- C:\Windows\System\yXLgQfi.exe
  C:\Windows\System\yXLgQfi.exe
  2⤵
  PID:8676
- C:\Windows\System\oYfxGEX.exe
  C:\Windows\System\oYfxGEX.exe
  2⤵
  PID:8692
- C:\Windows\System\djkKpDf.exe
  C:\Windows\System\djkKpDf.exe
  2⤵
  PID:8712
- C:\Windows\System\hYRATOP.exe
  C:\Windows\System\hYRATOP.exe
  2⤵
  PID:8728
- C:\Windows\System\tGOLFfZ.exe
  C:\Windows\System\tGOLFfZ.exe
  2⤵
  PID:8744
- C:\Windows\System\CWhHqCe.exe
  C:\Windows\System\CWhHqCe.exe
  2⤵
  PID:8760
- C:\Windows\System\VIHUTNj.exe
  C:\Windows\System\VIHUTNj.exe
  2⤵
  PID:8776
- C:\Windows\System\sNvWdnk.exe
  C:\Windows\System\sNvWdnk.exe
  2⤵
  PID:8792
- C:\Windows\System\xhKnikk.exe
  C:\Windows\System\xhKnikk.exe
  2⤵
  PID:8812
- C:\Windows\System\yxtHbyw.exe
  C:\Windows\System\yxtHbyw.exe
  2⤵
  PID:8828
- C:\Windows\System\csrpuyJ.exe
  C:\Windows\System\csrpuyJ.exe
  2⤵
  PID:8844
- C:\Windows\System\AvZlHPG.exe
  C:\Windows\System\AvZlHPG.exe
  2⤵
  PID:8860
- C:\Windows\System\ktQwrhK.exe
  C:\Windows\System\ktQwrhK.exe
  2⤵
  PID:8888
- C:\Windows\System\VvHXflh.exe
  C:\Windows\System\VvHXflh.exe
  2⤵
  PID:8920
- C:\Windows\System\PGRGbsa.exe
  C:\Windows\System\PGRGbsa.exe
  2⤵
  PID:8976
- C:\Windows\System\btwlesc.exe
  C:\Windows\System\btwlesc.exe
  2⤵
  PID:9000
- C:\Windows\System\aKCXXiB.exe
  C:\Windows\System\aKCXXiB.exe
  2⤵
  PID:9016
- C:\Windows\System\aGdskjg.exe
  C:\Windows\System\aGdskjg.exe
  2⤵
  PID:9036
- C:\Windows\System\EHhfGgr.exe
  C:\Windows\System\EHhfGgr.exe
  2⤵
  PID:9060
- C:\Windows\System\wAbCuLR.exe
  C:\Windows\System\wAbCuLR.exe
  2⤵
  PID:9092
- C:\Windows\System\Pxlpdjw.exe
  C:\Windows\System\Pxlpdjw.exe
  2⤵
  PID:9124
- C:\Windows\System\HvuiMBR.exe
  C:\Windows\System\HvuiMBR.exe
  2⤵
  PID:9140
- C:\Windows\System\WgBWObn.exe
  C:\Windows\System\WgBWObn.exe
  2⤵
  PID:9168
- C:\Windows\System\lzrSUcT.exe
  C:\Windows\System\lzrSUcT.exe
  2⤵
  PID:9184
- C:\Windows\System\eHjOlDy.exe
  C:\Windows\System\eHjOlDy.exe
  2⤵
  PID:9200
- C:\Windows\System\NleGder.exe
  C:\Windows\System\NleGder.exe
  2⤵
  PID:1588
- C:\Windows\System\YMzrxjS.exe
  C:\Windows\System\YMzrxjS.exe
  2⤵
  PID:8220
- C:\Windows\System\nUUCKZB.exe
  C:\Windows\System\nUUCKZB.exe
  2⤵
  PID:7440
- C:\Windows\System\ZJebNxc.exe
  C:\Windows\System\ZJebNxc.exe
  2⤵
  PID:8200
- C:\Windows\System\yQaxrVs.exe
  C:\Windows\System\yQaxrVs.exe
  2⤵
  PID:8272
- C:\Windows\System\uHPErOK.exe
  C:\Windows\System\uHPErOK.exe
  2⤵
  PID:8280
- C:\Windows\System\wrYxkFu.exe
  C:\Windows\System\wrYxkFu.exe
  2⤵
  PID:8236
- C:\Windows\System\AcewfBk.exe
  C:\Windows\System\AcewfBk.exe
  2⤵
  PID:8496
- C:\Windows\System\LMuZShV.exe
  C:\Windows\System\LMuZShV.exe
  2⤵
  PID:8528
- C:\Windows\System\WPvbZQp.exe
  C:\Windows\System\WPvbZQp.exe
  2⤵
  PID:8556
- C:\Windows\System\wrwvNYw.exe
  C:\Windows\System\wrwvNYw.exe
  2⤵
  PID:8608
- C:\Windows\System\lZQjFQU.exe
  C:\Windows\System\lZQjFQU.exe
  2⤵
  PID:8672
- C:\Windows\System\LMAiARs.exe
  C:\Windows\System\LMAiARs.exe
  2⤵
  PID:8720
- C:\Windows\System\AeGHfnr.exe
  C:\Windows\System\AeGHfnr.exe
  2⤵
  PID:8752
- C:\Windows\System\OChhMMy.exe
  C:\Windows\System\OChhMMy.exe
  2⤵
  PID:8800
- C:\Windows\System\WEWWdPe.exe
  C:\Windows\System\WEWWdPe.exe
  2⤵
  PID:8836
- C:\Windows\System\tnjAhIY.exe
  C:\Windows\System\tnjAhIY.exe
  2⤵
  PID:8880
- C:\Windows\System\zLasciR.exe
  C:\Windows\System\zLasciR.exe
  2⤵
  PID:8936
- C:\Windows\System\RsAFOLA.exe
  C:\Windows\System\RsAFOLA.exe
  2⤵
  PID:8952
- C:\Windows\System\IxrfYQW.exe
  C:\Windows\System\IxrfYQW.exe
  2⤵
  PID:8968
- C:\Windows\System\GYPtOmV.exe
  C:\Windows\System\GYPtOmV.exe
  2⤵
  PID:9052
- C:\Windows\System\Xhmuepw.exe
  C:\Windows\System\Xhmuepw.exe
  2⤵
  PID:8300
- C:\Windows\System\xEujgRO.exe
  C:\Windows\System\xEujgRO.exe
  2⤵
  PID:9044
- C:\Windows\System\sQpQyok.exe
  C:\Windows\System\sQpQyok.exe
  2⤵
  PID:9120
- C:\Windows\System\LFrDubf.exe
  C:\Windows\System\LFrDubf.exe
  2⤵
  PID:8856
- C:\Windows\System\wLbEHFr.exe
  C:\Windows\System\wLbEHFr.exe
  2⤵
  PID:8912
- C:\Windows\System\zJqYsLz.exe
  C:\Windows\System\zJqYsLz.exe
  2⤵
  PID:8992
- C:\Windows\System\ghugqzE.exe
  C:\Windows\System\ghugqzE.exe
  2⤵
  PID:9032
- C:\Windows\System\lSzrQgs.exe
  C:\Windows\System\lSzrQgs.exe
  2⤵
  PID:9080
- C:\Windows\System\npUchUG.exe
  C:\Windows\System\npUchUG.exe
  2⤵
  PID:9148
- C:\Windows\System\yNylTdG.exe
  C:\Windows\System\yNylTdG.exe
  2⤵
  PID:8296
- C:\Windows\System\nPpskjS.exe
  C:\Windows\System\nPpskjS.exe
  2⤵
  PID:9192
- C:\Windows\System\cSBOEmy.exe
  C:\Windows\System\cSBOEmy.exe
  2⤵
  PID:8160
- C:\Windows\System\FbYHxfG.exe
  C:\Windows\System\FbYHxfG.exe
  2⤵
  PID:7420
- C:\Windows\System\kaMIXZe.exe
  C:\Windows\System\kaMIXZe.exe
  2⤵
  PID:8268
- C:\Windows\System\XiGVFXn.exe
  C:\Windows\System\XiGVFXn.exe
  2⤵
  PID:8360
- C:\Windows\System\OgRgNMq.exe
  C:\Windows\System\OgRgNMq.exe
  2⤵
  PID:8392
- C:\Windows\System\JwdRRSb.exe
  C:\Windows\System\JwdRRSb.exe
  2⤵
  PID:8416
- C:\Windows\System\adHQFbr.exe
  C:\Windows\System\adHQFbr.exe
  2⤵
  PID:8444
- C:\Windows\System\ZBrVltn.exe
  C:\Windows\System\ZBrVltn.exe
  2⤵
  PID:8492
- C:\Windows\System\GPBbGRn.exe
  C:\Windows\System\GPBbGRn.exe
  2⤵
  PID:8292
- C:\Windows\System\PlmKHCj.exe
  C:\Windows\System\PlmKHCj.exe
  2⤵
  PID:7756
- C:\Windows\System\qRsXqsb.exe
  C:\Windows\System\qRsXqsb.exe
  2⤵
  PID:8652
- C:\Windows\System\HpfZXLg.exe
  C:\Windows\System\HpfZXLg.exe
  2⤵
  PID:8324
- C:\Windows\System\JePJURP.exe
  C:\Windows\System\JePJURP.exe
  2⤵
  PID:8588
- C:\Windows\System\CUfZCMC.exe
  C:\Windows\System\CUfZCMC.exe
  2⤵
  PID:8348
- C:\Windows\System\WEkrawj.exe
  C:\Windows\System\WEkrawj.exe
  2⤵
  PID:8788
- C:\Windows\System\SlntCHH.exe
  C:\Windows\System\SlntCHH.exe
  2⤵
  PID:8932
- C:\Windows\System\GoZjKLA.exe
  C:\Windows\System\GoZjKLA.exe
  2⤵
  PID:8772
- C:\Windows\System\TfGmhiL.exe
  C:\Windows\System\TfGmhiL.exe
  2⤵
  PID:8876
- C:\Windows\System\aWboXHC.exe
  C:\Windows\System\aWboXHC.exe
  2⤵
  PID:9012
- C:\Windows\System\kknzjAa.exe
  C:\Windows\System\kknzjAa.exe
  2⤵
  PID:8820
- C:\Windows\System\usddEkw.exe
  C:\Windows\System\usddEkw.exe
  2⤵
  PID:8328
- C:\Windows\System\GqGBMPV.exe
  C:\Windows\System\GqGBMPV.exe
  2⤵
  PID:9088
- C:\Windows\System\UAZzkgm.exe
  C:\Windows\System\UAZzkgm.exe
  2⤵
  PID:9104
- C:\Windows\System\WsghTVo.exe
  C:\Windows\System\WsghTVo.exe
  2⤵
  PID:9076
- C:\Windows\System\GxLsSqc.exe
  C:\Windows\System\GxLsSqc.exe
  2⤵
  PID:9176
- C:\Windows\System\ozXTOca.exe
  C:\Windows\System\ozXTOca.exe
  2⤵
  PID:8336
- C:\Windows\System\aznUjtp.exe
  C:\Windows\System\aznUjtp.exe
  2⤵
  PID:9160
- C:\Windows\System\ZKCvvcL.exe
  C:\Windows\System\ZKCvvcL.exe
  2⤵
  PID:8656
- C:\Windows\System\MODVNCe.exe
  C:\Windows\System\MODVNCe.exe
  2⤵
  PID:8928
- C:\Windows\System\lNzThbx.exe
  C:\Windows\System\lNzThbx.exe
  2⤵
  PID:8768
- C:\Windows\System\kmBdHfw.exe
  C:\Windows\System\kmBdHfw.exe
  2⤵
  PID:8216
- C:\Windows\System\osjkrmi.exe
  C:\Windows\System\osjkrmi.exe
  2⤵
  PID:8356
- C:\Windows\System\zNQdLKB.exe
  C:\Windows\System\zNQdLKB.exe
  2⤵
  PID:8396
- C:\Windows\System\KnBJelW.exe
  C:\Windows\System\KnBJelW.exe
  2⤵
  PID:8576
- C:\Windows\System\VTtbDzN.exe
  C:\Windows\System\VTtbDzN.exe
  2⤵
  PID:9196
- C:\Windows\System\IfoLtcb.exe
  C:\Windows\System\IfoLtcb.exe
  2⤵
  PID:9164
- C:\Windows\System\jVcGwTQ.exe
  C:\Windows\System\jVcGwTQ.exe
  2⤵
  PID:8344
- C:\Windows\System\BWsgBbF.exe
  C:\Windows\System\BWsgBbF.exe
  2⤵
  PID:9072
- C:\Windows\System\iFZAGiT.exe
  C:\Windows\System\iFZAGiT.exe
  2⤵
  PID:9048
- C:\Windows\System\xWjwfvu.exe
  C:\Windows\System\xWjwfvu.exe
  2⤵
  PID:8524
- C:\Windows\System\mprebZg.exe
  C:\Windows\System\mprebZg.exe
  2⤵
  PID:8704
- C:\Windows\System\CbkiePn.exe
  C:\Windows\System\CbkiePn.exe
  2⤵
  PID:8900
- C:\Windows\System\BJyndwD.exe
  C:\Windows\System\BJyndwD.exe
  2⤵
  PID:8308
- C:\Windows\System\CoSAawJ.exe
  C:\Windows\System\CoSAawJ.exe
  2⤵
  PID:8736
- C:\Windows\System\lRwEGWR.exe
  C:\Windows\System\lRwEGWR.exe
  2⤵
  PID:9236
- C:\Windows\System\trZaklX.exe
  C:\Windows\System\trZaklX.exe
  2⤵
  PID:9256
- C:\Windows\System\RfpfTYS.exe
  C:\Windows\System\RfpfTYS.exe
  2⤵
  PID:9280
- C:\Windows\System\ztJcact.exe
  C:\Windows\System\ztJcact.exe
  2⤵
  PID:9296
- C:\Windows\System\UmssAJS.exe
  C:\Windows\System\UmssAJS.exe
  2⤵
  PID:9316
- C:\Windows\System\JbACLvW.exe
  C:\Windows\System\JbACLvW.exe
  2⤵
  PID:9332
- C:\Windows\System\EGebROp.exe
  C:\Windows\System\EGebROp.exe
  2⤵
  PID:9348
- C:\Windows\System\AyyFyOC.exe
  C:\Windows\System\AyyFyOC.exe
  2⤵
  PID:9364
- C:\Windows\System\pQyilFW.exe
  C:\Windows\System\pQyilFW.exe
  2⤵
  PID:9380
- C:\Windows\System\wpZdPtq.exe
  C:\Windows\System\wpZdPtq.exe
  2⤵
  PID:9396
- C:\Windows\System\VXcNtqa.exe
  C:\Windows\System\VXcNtqa.exe
  2⤵
  PID:9412
- C:\Windows\System\KkbVxDQ.exe
  C:\Windows\System\KkbVxDQ.exe
  2⤵
  PID:9428
- C:\Windows\System\XhlNhcc.exe
  C:\Windows\System\XhlNhcc.exe
  2⤵
  PID:9444
- C:\Windows\System\qZiQhxv.exe
  C:\Windows\System\qZiQhxv.exe
  2⤵
  PID:9460
- C:\Windows\System\tMTnuqL.exe
  C:\Windows\System\tMTnuqL.exe
  2⤵
  PID:9476
- C:\Windows\System\hyMqcge.exe
  C:\Windows\System\hyMqcge.exe
  2⤵
  PID:9492
- C:\Windows\System\XyGPKin.exe
  C:\Windows\System\XyGPKin.exe
  2⤵
  PID:9512
- C:\Windows\System\IYKPNal.exe
  C:\Windows\System\IYKPNal.exe
  2⤵
  PID:9528
- C:\Windows\System\iijaUCj.exe
  C:\Windows\System\iijaUCj.exe
  2⤵
  PID:9548
- C:\Windows\System\xaMeiUJ.exe
  C:\Windows\System\xaMeiUJ.exe
  2⤵
  PID:9564
- C:\Windows\System\mCsVNjv.exe
  C:\Windows\System\mCsVNjv.exe
  2⤵
  PID:9580
- C:\Windows\System\ayMmUeS.exe
  C:\Windows\System\ayMmUeS.exe
  2⤵
  PID:9596
- C:\Windows\System\kMNxWvn.exe
  C:\Windows\System\kMNxWvn.exe
  2⤵
  PID:9612
- C:\Windows\System\kBrvLBK.exe
  C:\Windows\System\kBrvLBK.exe
  2⤵
  PID:9628
- C:\Windows\System\YsrfZqL.exe
  C:\Windows\System\YsrfZqL.exe
  2⤵
  PID:9644
- C:\Windows\System\nLgEfzl.exe
  C:\Windows\System\nLgEfzl.exe
  2⤵
  PID:9660
- C:\Windows\System\jupLfiT.exe
  C:\Windows\System\jupLfiT.exe
  2⤵
  PID:9676
- C:\Windows\System\QCxpIPD.exe
  C:\Windows\System\QCxpIPD.exe
  2⤵
  PID:9692
- C:\Windows\System\iduhVby.exe
  C:\Windows\System\iduhVby.exe
  2⤵
  PID:9708
- C:\Windows\System\RfPUmMj.exe
  C:\Windows\System\RfPUmMj.exe
  2⤵
  PID:9724
- C:\Windows\System\zjcrzph.exe
  C:\Windows\System\zjcrzph.exe
  2⤵
  PID:9740
- C:\Windows\System\azeqYrE.exe
  C:\Windows\System\azeqYrE.exe
  2⤵
  PID:9756
- C:\Windows\System\sbytbrM.exe
  C:\Windows\System\sbytbrM.exe
  2⤵
  PID:9772
- C:\Windows\System\nKxmUZa.exe
  C:\Windows\System\nKxmUZa.exe
  2⤵
  PID:9788
- C:\Windows\System\CCwvryH.exe
  C:\Windows\System\CCwvryH.exe
  2⤵
  PID:9804
- C:\Windows\System\TDMtQal.exe
  C:\Windows\System\TDMtQal.exe
  2⤵
  PID:9820
- C:\Windows\System\AHMTAdg.exe
  C:\Windows\System\AHMTAdg.exe
  2⤵
  PID:9836
- C:\Windows\System\FECGtBT.exe
  C:\Windows\System\FECGtBT.exe
  2⤵
  PID:9852
- C:\Windows\System\QyBmNZF.exe
  C:\Windows\System\QyBmNZF.exe
  2⤵
  PID:9868
- C:\Windows\System\lfUrKhO.exe
  C:\Windows\System\lfUrKhO.exe
  2⤵
  PID:9884
- C:\Windows\System\jjMdmHH.exe
  C:\Windows\System\jjMdmHH.exe
  2⤵
  PID:9900
- C:\Windows\System\yVuolsG.exe
  C:\Windows\System\yVuolsG.exe
  2⤵
  PID:9916
- C:\Windows\System\sekRJKD.exe
  C:\Windows\System\sekRJKD.exe
  2⤵
  PID:9932
- C:\Windows\System\feeVUQp.exe
  C:\Windows\System\feeVUQp.exe
  2⤵
  PID:9948
- C:\Windows\System\HqRRQGN.exe
  C:\Windows\System\HqRRQGN.exe
  2⤵
  PID:9964
- C:\Windows\System\PIiGEvD.exe
  C:\Windows\System\PIiGEvD.exe
  2⤵
  PID:9980
- C:\Windows\System\juPMBiw.exe
  C:\Windows\System\juPMBiw.exe
  2⤵
  PID:9996
- C:\Windows\System\EThdter.exe
  C:\Windows\System\EThdter.exe
  2⤵
  PID:10012
- C:\Windows\System\OPUPISR.exe
  C:\Windows\System\OPUPISR.exe
  2⤵
  PID:10032
- C:\Windows\System\mCgAXbR.exe
  C:\Windows\System\mCgAXbR.exe
  2⤵
  PID:10048
- C:\Windows\System\RwlkKjp.exe
  C:\Windows\System\RwlkKjp.exe
  2⤵
  PID:10068
- C:\Windows\System\ibBHeBk.exe
  C:\Windows\System\ibBHeBk.exe
  2⤵
  PID:10084
- C:\Windows\System\wEwRkMv.exe
  C:\Windows\System\wEwRkMv.exe
  2⤵
  PID:10100
- C:\Windows\System\XCjiSqR.exe
  C:\Windows\System\XCjiSqR.exe
  2⤵
  PID:10124
- C:\Windows\System\qzfclsT.exe
  C:\Windows\System\qzfclsT.exe
  2⤵
  PID:10140
- C:\Windows\System\lHwiYBz.exe
  C:\Windows\System\lHwiYBz.exe
  2⤵
  PID:10172
- C:\Windows\System\vEisCJK.exe
  C:\Windows\System\vEisCJK.exe
  2⤵
  PID:10188
- C:\Windows\System\eAsvHZS.exe
  C:\Windows\System\eAsvHZS.exe
  2⤵
  PID:10204
- C:\Windows\System\aSIfYJR.exe
  C:\Windows\System\aSIfYJR.exe
  2⤵
  PID:10220
- C:\Windows\System\NsBnhZb.exe
  C:\Windows\System\NsBnhZb.exe
  2⤵
  PID:10236
- C:\Windows\System\uYDeQyZ.exe
  C:\Windows\System\uYDeQyZ.exe
  2⤵
  PID:8448
- C:\Windows\System\BJLvwMc.exe
  C:\Windows\System\BJLvwMc.exe
  2⤵
  PID:9248
- C:\Windows\System\iAUMXXU.exe
  C:\Windows\System\iAUMXXU.exe
  2⤵
  PID:9288
- C:\Windows\System\ItTmDtY.exe
  C:\Windows\System\ItTmDtY.exe
  2⤵
  PID:9276
- C:\Windows\System\IPthyZI.exe
  C:\Windows\System\IPthyZI.exe
  2⤵
  PID:9224
- C:\Windows\System\EDSFocD.exe
  C:\Windows\System\EDSFocD.exe
  2⤵
  PID:7728
- C:\Windows\System\JuRGOYL.exe
  C:\Windows\System\JuRGOYL.exe
  2⤵
  PID:9272
- C:\Windows\System\cPwNIgm.exe
  C:\Windows\System\cPwNIgm.exe
  2⤵
  PID:9340
- C:\Windows\System\VAxQKYE.exe
  C:\Windows\System\VAxQKYE.exe
  2⤵
  PID:9388
- C:\Windows\System\wwuyMEd.exe
  C:\Windows\System\wwuyMEd.exe
  2⤵
  PID:9404
- C:\Windows\System\gYJQGct.exe
  C:\Windows\System\gYJQGct.exe
  2⤵
  PID:9468
- C:\Windows\System\bnyCAlS.exe
  C:\Windows\System\bnyCAlS.exe
  2⤵
  PID:9484
- C:\Windows\System\sdBiCne.exe
  C:\Windows\System\sdBiCne.exe
  2⤵
  PID:9536
- C:\Windows\System\zbPnoGJ.exe
  C:\Windows\System\zbPnoGJ.exe
  2⤵
  PID:9520
- C:\Windows\System\ANZTKUS.exe
  C:\Windows\System\ANZTKUS.exe
  2⤵
  PID:9572
- C:\Windows\System\YZOsRZX.exe
  C:\Windows\System\YZOsRZX.exe
  2⤵
  PID:9608
- C:\Windows\System\tUqURcd.exe
  C:\Windows\System\tUqURcd.exe
  2⤵
  PID:9684
- C:\Windows\System\vxBtmjO.exe
  C:\Windows\System\vxBtmjO.exe
  2⤵
  PID:9752
- C:\Windows\System\qUGUBRx.exe
  C:\Windows\System\qUGUBRx.exe
  2⤵
  PID:9764
- C:\Windows\System\fOYNeHc.exe
  C:\Windows\System\fOYNeHc.exe
  2⤵
  PID:9812
- C:\Windows\System\kzZtCUx.exe
  C:\Windows\System\kzZtCUx.exe
  2⤵
  PID:9908
- C:\Windows\System\iSCuViE.exe
  C:\Windows\System\iSCuViE.exe
  2⤵
  PID:9940
- C:\Windows\System\MVTmJhI.exe
  C:\Windows\System\MVTmJhI.exe
  2⤵
  PID:9960
- C:\Windows\System\GFcHuIr.exe
  C:\Windows\System\GFcHuIr.exe
  2⤵
  PID:10064
- C:\Windows\System\BtWIqBf.exe
  C:\Windows\System\BtWIqBf.exe
  2⤵
  PID:10112
- C:\Windows\System\TrdYkxk.exe
  C:\Windows\System\TrdYkxk.exe
  2⤵
  PID:10164
- C:\Windows\System\TPbwbsm.exe
  C:\Windows\System\TPbwbsm.exe
  2⤵
  PID:10212
- C:\Windows\System\FDqgIQp.exe
  C:\Windows\System\FDqgIQp.exe
  2⤵
  PID:8988
- C:\Windows\System\LiBFSPO.exe
  C:\Windows\System\LiBFSPO.exe
  2⤵
  PID:10200
- C:\Windows\System\eklwlJE.exe
  C:\Windows\System\eklwlJE.exe
  2⤵
  PID:8276
- C:\Windows\System\NHGGhhr.exe
  C:\Windows\System\NHGGhhr.exe
  2⤵
  PID:9420
- C:\Windows\System\GvbStgC.exe
  C:\Windows\System\GvbStgC.exe
  2⤵
  PID:9372
- C:\Windows\System\vGFwouf.exe
  C:\Windows\System\vGFwouf.exe
  2⤵
  PID:9228
- C:\Windows\System\WvKBnBN.exe
  C:\Windows\System\WvKBnBN.exe
  2⤵
  PID:9524
- C:\Windows\System\XeRWCqt.exe
  C:\Windows\System\XeRWCqt.exe
  2⤵
  PID:9592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CJCmsfQ.exe

Filesize
6.0MB

MD5
61840ae20b1fd99995cac6e048b69a44

SHA1
a8815599765db3d4d41fd64c5ee359cff78d965d

SHA256
cc02d53a8436347ac114a0b10a095d70ddc614f890156a968ff7b2c28f6bace5

SHA512
6b8f8035f5f16ca777bc2f5daab2248c92318af1f58c7af2c2feaef02681719af7214f9036a4d6e2b5ab2970fb5c2facb8f74d07d3d6d579f9768278d58ca115

Download Submit
C:\Windows\system\CoYOKat.exe

Filesize
6.0MB

MD5
954fc3e762584097ef228a0277cdaeb1

SHA1
3adc9f76ede86279b2cd23f2cb83fde29ca1371e

SHA256
4f3304d21fda6dcfb4fde6736ca02d32355d80ed671722889b4ef3a31c2a8825

SHA512
77cc9b551a1c6c2f21136fe35fe79788d80acea476a53188d0e1e50dff1a133ae5765481fef245a64b90154b516d6428a18a1ed2dc9a672d0acdee61e51230df

Download Submit
C:\Windows\system\CzzxtYV.exe

Filesize
6.0MB

MD5
fa502fe2111ead0d7c4f8d821b8536f7

SHA1
a905ad9d18147504601d9289c52612a61b57d781

SHA256
7f257b5a8ca5aafcf5967def53a5961c429604213b1fd17ebaad5fe4581ffd9e

SHA512
eb047180903561fd2a8a048dbab1c6b1e6624b06982910326837961fe3e8e3fa5572b04a726920d1774eb8372ec122fc7c930b1532422af9337a2402a9b0c9ba

Download Submit
C:\Windows\system\DLGSumR.exe

Filesize
6.0MB

MD5
5ec66afca3dc71da88a5ed9588c77641

SHA1
9598f74b42ed4dca32ad10b18c92c3afa138ed83

SHA256
ee4432874b90484287aadc40eb954e332beb00ce940fc28720985f6f0a647eaa

SHA512
ccff14482cbc7c4181a3a02298b7801a705ed2c9e7fc020acffccb2afbd145bc6fc3ec3e95e6447ce6baabf3353d068009604f7c44ba525bfb8749ca52985467

Download Submit
C:\Windows\system\EQrdOVK.exe

Filesize
6.0MB

MD5
cab0372167183e656bfa3e212210ad5a

SHA1
f2a716a89884e9c55073d298df5805be1ae8ed13

SHA256
1fd2fca624d517b5137fb65ed87bcbc96b7ed9882839d478d9cfd61f616d1d11

SHA512
949e44c228b23acc0f73db4a85ab68a97ea80d0cb185d6b77b227c8893cf86a01eb71bdfc78de9ec288ffeba98d85023679a4bc8533910f6293569f8202f5860

Download Submit
C:\Windows\system\FEejUAT.exe

Filesize
6.0MB

MD5
975a5139432b5e2f58404e1ca5a7b7d5

SHA1
145ec66f3079dbd30a32d71b873c664985fb0df7

SHA256
a868dab29bf9db1897c9d434b5eb38d41145a12010bd54856067bff02df186b3

SHA512
a2b247609b047a0ab9a938492f2c0fd1d61d2421df6d811d1930220528cdb51ad7e1b92700b22525410f8349120797100970280f7d4ce7f37150cc8def3ce106

Download Submit
C:\Windows\system\GWZUzcA.exe

Filesize
6.0MB

MD5
8a0011a9910ec48669f767a1e02356e3

SHA1
2fe16939b32112786db959288e9c991b43c5d330

SHA256
db63ea2214a00b283419a1eddbffd12abbe10c284ff5ff4e99af4031a5357df4

SHA512
1e4fd35de7185584c16895b73b145bc4e014467daf72d0fd465e5c6a12f793917b12b037cd8be3096826d7119f0061d913c0b1693ff45ff3c218353d68716d0a

Download Submit
C:\Windows\system\HIiGSSn.exe

Filesize
6.0MB

MD5
2ea0c67a21939d226fbc9ed4414aa900

SHA1
542143dbf9c754383269d32eea8530bebdbd1620

SHA256
f09c2cfbfa84bfa8d57db28011137ec4c48298d1e48f01adb5dba90ea70e84d0

SHA512
3a9fa7ee03c0e989593a1e25509f4198a9f3be6e20be44b4bc52a1223a197a222bcc4ba944cd95ddd0b2b5d2004bc284c060986f4ce15aa17df8a713c7b50277

Download Submit
C:\Windows\system\IffLAQt.exe

Filesize
6.0MB

MD5
701ec38731562241e57b12d883032684

SHA1
e51c8f57523784d81e6100a28b1924b7919b28fb

SHA256
11db9fb2c8536c3f29acbf7206a1c5d39614f12a90ac69788988e82481fce347

SHA512
2cec3c7ab0c5f254ee8a077ecf0ad9f566b65dc68b96168fd652e110c5d26011c517d729116334d900b037a49c2d6022e07bf71456dc6517f042ad7a28098cde

Download Submit
C:\Windows\system\JaRmhNZ.exe

Filesize
6.0MB

MD5
c5e09b811f86c98ddff314948cbddcbe

SHA1
60ff687130f722d72e20c518a3714646f37783df

SHA256
d5568f2971922c41178c13cc095beb38ac18d6346d0a78bb7f3b9a9917cf9361

SHA512
f703eb33992340b96b50cdd0669cd23e545571d90c5617511fb3675f8b3c2bdcb47fd4b1eecaa8cfe961102e0b929c6b18ea7c8f888f63a5fa65de6ccc8fb04f

Download Submit
C:\Windows\system\LgbniFc.exe

Filesize
6.0MB

MD5
07bc9fc7f9eaec8ab9b5739f16ee182e

SHA1
1f9cdc31bb9240cb6b4e72651679d6f4db45583f

SHA256
2193cf4f6a3eaa9fba4978c21fa0b4397e19d6e907e81b17a62394d76b948270

SHA512
742c50322fde2a3c850f3713c5d206a19fdba469a0e5858a413000ba6060cb7a5834a64e94532a4d924cfe73b84d4bcdb9c5ae0e174e87f61b308bdd9891acc8

Download Submit
C:\Windows\system\MIdvHCt.exe

Filesize
6.0MB

MD5
2e1ec0a9e98f30123d03931c6daca425

SHA1
4352c431b9a609acfc1eb22ad75623282238c068

SHA256
49183afb98fbc9d5b7627e3b7608d25bf8c48d92a5da83114a54845eb3999965

SHA512
e27b17d815f197b4ff7f713a158d68cec6c559fcaf8d6a62ed4b00853e622ca60c7666a3eae0fb4641db1f859be69445b25741723bba5a1886e4cbb2ecea4d24

Download Submit
C:\Windows\system\NmQcEVn.exe

Filesize
6.0MB

MD5
2b009fa58fa6014ec651d1114e7da3d2

SHA1
f4816304c182c78b092b4647980ad19635fcdcf2

SHA256
7e7fceb34c6547b7b29edccaaa29e0f27004e3e33ef2de5d995c78f1ca4a0d1b

SHA512
a74941081dca08280603d755932646072262b5c3c8c3d7b4eb469fdb7b9df5bb82caa8309de50ef7da5dcc2b6defeb828f6e6a901a1c24fba95631cb4043cab0

Download Submit
C:\Windows\system\OVYFDFx.exe

Filesize
6.0MB

MD5
4f666bbc09409380bccd3fc7bf21030f

SHA1
e7b23ae7b979393ef518612da4d5823d8b5b0a5d

SHA256
bf1df82759df96fd954b190b45d35b9f68193399c6506eb0b56fd3922aa7513f

SHA512
8fe740e800fa3338cb1b1c31d68776eb6378be3606017178ab03bb350509c92bd0a4fef7575ca9b2da59ead4046c2878d1d0872f438fdb6c8832049a6d258c05

Download Submit
C:\Windows\system\PVEQUFC.exe

Filesize
6.0MB

MD5
9193675cf71f66217258d211575b2733

SHA1
58b01da63e27f76e6c7f59f645e272113cf5c911

SHA256
020e35536e706664e05188a0453bf7b1b626191baceb2995f1b656eeb83e87ca

SHA512
dc61075c4a09f0b071bac0a1f39d72267c9e6ed29c64135854d2151b4f75b5a9eed1b5b9595c0403d89ccb6a7d84fe077a777d34c35adb208f5bcc83b142784e

Download Submit
C:\Windows\system\RVNXAmV.exe

Filesize
6.0MB

MD5
08d9527eb7d15fadd8c77384b58dd7ff

SHA1
58760b7c50be0aa7c9a21643f58744ea304c5bf5

SHA256
095bcff52cfc7fa391754cb7aec29cb315da8bbdbf9f0fde0731b3477497af27

SHA512
f8719245c84b34c3f681ee1b06eeea3e6d6ac07f84ebf40676c5f762aded6ccad748f22c865cd0d9bd9eb7fb413c6adbf718931ee8bf48a58e2ae455582cf2bb

Download Submit
C:\Windows\system\ShvYCqY.exe

Filesize
6.0MB

MD5
2a9e465350aeab2b06a8dba4ffa64780

SHA1
7c4e49b4f2955eba34887c37038bb3d69617ce84

SHA256
91723aa220e9922916ab2fd17284dfabe1b4b62aba1e3bb5a68d71df7bed8dcd

SHA512
565cb85d775ef3182ec0e9a67bb7e6f3f11e449790838912a223dbc386f68773ff5ed0cfd2520f63fe13909ee59a99e1b3a4f347da78aaa24cc76e32814c22c9

Download Submit
C:\Windows\system\TpyfjUT.exe

Filesize
6.0MB

MD5
a9aea7ad13d7c8724db78f044fad4083

SHA1
972945975204e6e257deca1fe7b76ba7f3e5ffea

SHA256
ad59c95590751a20303d4b14e1e276a668bbb683356c909e2700ba00500a9c1a

SHA512
b21261a890e106ecc19ec5af72d8cb5ce8fd032e66336866ee9c45487775165cdee02c1f0b96c2de35f58b97359a01a427c558f6ee443030aa86ff1aa61c60d8

Download Submit
C:\Windows\system\cCDdYlD.exe

Filesize
6.0MB

MD5
db680503aba3729bb2c2aa296806e5e1

SHA1
49b0a49ef2460145f8d035ea120de5ecf7f45a31

SHA256
dcbfddf2cc12fb213169ed28fbb240ed1594ba0471175a12f94bc0865bfd415b

SHA512
ad5aa6baf96f1ec0f2960787330df42d70e6284b33552a026c164b420fbf32aba528b5f6696a3d1406de4594f1cb4e5e7e3b2829b4ffa646302d06c85fffd639

Download Submit
C:\Windows\system\dlOWsMu.exe

Filesize
6.0MB

MD5
810e14b06ad2368351a1389d6153fb4a

SHA1
b440920852d7f19eec6b701cc1d640ab59887efd

SHA256
7c51167dba4d6ad22afeb2b0b0d2cd767c59042be4dd11d745967dfd0c929812

SHA512
ab75b9f69622f6a08f0327863b7d6b76402dfaee1c86b5ec335d7b3c32410e3e08a70a190e1f576a2f468dfc980b714f85c5eb5d7e3b08a7902302ae9ea10147

Download Submit
C:\Windows\system\eaoyDHz.exe

Filesize
6.0MB

MD5
64407b0e4a3946db919e5cb356472520

SHA1
179cbd49cc387cef82ae3acd2538f2445cfac9de

SHA256
26a65dbb93f742599a2105e857d79bd05aeea3038e186763452e4fe96cdc580c

SHA512
cd404894c4827b4021de32c30730fbd4024b13a065a4fab5aea56a662ea6e2a530ccfe6d0c5ce429047090effbbe0b34df57920fe20463c1ca0f533be39b5519

Download Submit
C:\Windows\system\hGEJaaj.exe

Filesize
6.0MB

MD5
7b434eb20020ec5b1ca98cbd6d353451

SHA1
5290d95af25620c401b0e83e32134dceadc8dd23

SHA256
1e7e301419592a421f689d5565cfcf0e10e4a5b65b7020b3644b12522dd849f4

SHA512
e81798b88da74ca7a8f2453370dadec474aec2ed5353f79e28bc5855339f5c6e5712686233ce64c2d3c3dda9bedc1fce1452606ce863074e7eabf926f974ba0c

Download Submit
C:\Windows\system\lKIHOnQ.exe

Filesize
6.0MB

MD5
14935e7bf25991c4393e92828c75dac0

SHA1
32d2d14b7006c27c6ba41e530e20d447a93aaa78

SHA256
4bd09d3d846dbb679c120d417732e24c486db66f0c30073e5def08e6f7845851

SHA512
cca031216d0a75b8449ec2737c45b1919ba407e82a1dcf58e5dbaac288b0fc06e9c658c5f9e21ed57901ca392c96bfd71d1d81782f6e34041455e8778a75f8f9

Download Submit
C:\Windows\system\nXneeDM.exe

Filesize
6.0MB

MD5
29dfa93517b10d7e767a9ec85340ae4b

SHA1
8f827887d676c944654f7aa1b15b873c646c83fc

SHA256
91f3ee9e938a1dd5d312f8c0e10e6b558d4352b8e5b57769ca3f1beac4f9e2d9

SHA512
254f49807190104ee21b0ff374bc83b0a0d2bb9bb34c222ca6113320222b47365f6039dbafe956385cd20a810f01660d1076c8963a2c5a09eec39819c4683f22

Download Submit
C:\Windows\system\pYXlLJK.exe

Filesize
6.0MB

MD5
eebca7dcabb51d59897aa65daab16cb7

SHA1
a2e0aede1e431c7efd838538358dec74f9d402a4

SHA256
e06b51192c9ca414add42a468617f4a73f528223d9f0af2a30cc097fd6453af3

SHA512
0f35e6f755c283e39e0cc4706137d4d17bfde8f4512defff0e277f9b97de05453ca80036a0b1eb1e14d79f1651c14eba4b055585fc6c7ad253e87b63e265dd93

Download Submit
C:\Windows\system\rvzLiYr.exe

Filesize
6.0MB

MD5
cb4f3ed05b9e5f920c3b6c6aec3811a9

SHA1
a83ff8c16f315658f78edb2992a27732e83399c0

SHA256
9089c887a434468a50387aa795ff889ed0034cfad0c40b07fa50fdf19784bea4

SHA512
c7f9afdd18b395aae349d933ad73dc7fc02067ac7cfcee9abb2c2148824bcc72f1c618ee5c19796c3ef9630405058f235d750e3596919a492097f72dc0b3af70

Download Submit
C:\Windows\system\tfoJGEZ.exe

Filesize
6.0MB

MD5
333f0a0e7f1e1c8270678eda6c92e7d9

SHA1
01d300c22481df637be3cff721d91fa889a4eeca

SHA256
4de4f18525d0acd8c6bd4cf23346b83b60395f71b71d4497745b1b780d47f24d

SHA512
eceb3f8a300582ad6daa04c897c4a15a6900e12aae92691a5751a6a10b6397d6871792f3166ac70949cb6336792bf0a20e016b486c5beebee285227b032b1f14

Download Submit
C:\Windows\system\uZupnQA.exe

Filesize
6.0MB

MD5
0f42d611b1e4ec56b3875dbd56967f1f

SHA1
c9b2f0b1e8a224ea42fe9622dec014833e25571e

SHA256
e3080637e35423b006cd8d1515af45bce8a36faccc7bb654e02baa074e98e23e

SHA512
659d5ff46c44c41315e7c5fd0d0f4f6c55f0f48d217b1b7a55fda23941ad61bd32dd6baf31f0e3d6924254a8b48d68228eea82e4215301324195b7c341c245a1

Download Submit
C:\Windows\system\wTqfmiX.exe

Filesize
6.0MB

MD5
820dcd9f5f22e5e12686d9924d9cf242

SHA1
387818fd8ec5df83584c2f85c4c80dc3bb88c8c1

SHA256
3782348cad13906677f9b950255dd8c232f2002a8e1481d799a95b374ab23c6e

SHA512
a44e2611ef2bb1be2f16ae65565f8f74463995fd29605d0eebc35f768affbc16ed60a698159959901e478a8b6ccf3bae4c2480958ee267ccd955ca69fd49eca2

Download Submit
\Windows\system\GmdQFNj.exe

Filesize
6.0MB

MD5
9109a3cc6d1f05deeb56fd0a52bca7c5

SHA1
e3559abcbc142f0dccbe6e37e835a44660aba353

SHA256
51fe30a01a17996dbd066af0dc8b2658da38ede8d12ee43173e784b29ac8e281

SHA512
55dbde57112b84b9c8d2f5ed30c7e9cd002bae39d026d77b76d192f360b2bf552bec07df2fedfd1cb14ad645536ac2a68ff4f288aa0099b4a0daad1b8faaebc5

Download Submit
\Windows\system\QvsxWsf.exe

Filesize
6.0MB

MD5
2cfe103e998d43c910b55fa7b55c3a17

SHA1
d7e4ac2fa3a8ff08e6b60a003826e951e81050b8

SHA256
1c4506f97253f07370933b69f02e44673c855f40dfc27c1b0f76129373903a5b

SHA512
6ec2bb33933986d92f19073222528c4bef0da9a3a7c574bb521007c9c61758efa8e67e255474da78caaec3e7da859077ef319f9feb89f0ecf4aa79c2cc75c111

Download Submit
\Windows\system\xrVgKHf.exe

Filesize
6.0MB

MD5
ea5c0c459954ad2bb0a7df42b9bbc17b

SHA1
01a37127263730b16f7c2e2a2d9505731ce3d95d

SHA256
2ad9a39805ddc7c1da1937b36403b03c0bc245a11463cadef55072b1e01c468e

SHA512
ed11ebb2396a4757a894b4e4c2de98cbed172830e57577537439e1799dd2a12a410b3e9b9f41e92a1f3305ab626dbc8dcbbc9fa69b61042e83c89a893a1e85fc

Download Submit
memory/1628-709-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/1628-2441-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/1628-3852-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2072-3872-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2072-2519-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2072-964-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2176-3859-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2176-926-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2236-3866-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2236-1228-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1552-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2526-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2512-987-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-732-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2512-965-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1129-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1229-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2577-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1293-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2527-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1416-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2528-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1489-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2529-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2512-0-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1596-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2530-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1600-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2531-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2389-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2391-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1069-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2520-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1027-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2518-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2517-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2521-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-927-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2525-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2524-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2523-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2564-1415-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3865-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2616-2516-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3876-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2616-731-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1128-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3861-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-986-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3864-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3867-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1551-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2740-2522-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-3873-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-1026-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3862-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2784-1593-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3860-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1292-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3868-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1068-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/3068-3863-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1488-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download