cobaltstrike | 472fbf40f8fd8c1baa2b250b1e04ec15ec570bae87d5ce51d0c93afc6db96740

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-02-2025 08:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

6e570648d315171fe9baa99e7ff2a786
SHA1

ee1d843e80d19b29c03b912654a47cc83af179d0
SHA256

472fbf40f8fd8c1baa2b250b1e04ec15ec570bae87d5ce51d0c93afc6db96740
SHA512

568635c2b51b798ffa3007a3e29400e602d684bd709ded42d3c69b78b641bc31b21fc7f266e670a69b433d11447815e8abf172fb51d97ce7a884cb966c1af688
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU2:T+q56utgpPF8u/72

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001225c-5.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018b05-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b50-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b54-24.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-98.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-71.dat	cobalt_reflective_dll
behavioral1/files/0x0003000000018334-59.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-53.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018b71-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b89-43.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b59-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/392-0-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/files/0x000a00000001225c-5.dat	xmrig
behavioral1/files/0x0009000000018b05-8.dat	xmrig
behavioral1/files/0x0007000000018b50-15.dat	xmrig
behavioral1/files/0x0007000000018b54-24.dat	xmrig
behavioral1/memory/2916-29-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2736-46-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2636-49-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2880-55-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/files/0x0005000000019761-66.dat	xmrig
behavioral1/files/0x0005000000019820-87.dat	xmrig
behavioral1/memory/2692-91-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf6-98.dat	xmrig
behavioral1/files/0x0005000000019d6d-118.dat	xmrig
behavioral1/files/0x0005000000019fd4-127.dat	xmrig
behavioral1/files/0x000500000001a0b6-143.dat	xmrig
behavioral1/files/0x000500000001a309-146.dat	xmrig
behavioral1/files/0x000500000001a03c-134.dat	xmrig
behavioral1/files/0x000500000001a3fd-162.dat	xmrig
behavioral1/memory/2552-1796-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2916-1827-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2456-1828-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2736-1829-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2468-1800-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2856-1794-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2536-2138-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2724-2139-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2636-2461-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/1660-2220-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2440-2221-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2692-2143-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2508-2140-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2880-2137-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2508-367-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/392-184-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a400-166.dat	xmrig
behavioral1/files/0x000500000001a3f8-159.dat	xmrig
behavioral1/files/0x000500000001a3f6-154.dat	xmrig
behavioral1/files/0x000500000001a3ab-150.dat	xmrig
behavioral1/files/0x000500000001a049-138.dat	xmrig
behavioral1/files/0x0005000000019fdd-130.dat	xmrig
behavioral1/files/0x0005000000019e92-123.dat	xmrig
behavioral1/files/0x0005000000019d62-114.dat	xmrig
behavioral1/files/0x0005000000019d61-111.dat	xmrig
behavioral1/files/0x0005000000019c3c-106.dat	xmrig
behavioral1/files/0x0005000000019bf9-102.dat	xmrig
behavioral1/memory/2508-95-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf5-94.dat	xmrig
behavioral1/memory/2880-92-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2440-78-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2536-68-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/392-86-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/1660-85-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2736-83-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x000500000001998d-82.dat	xmrig
behavioral1/memory/392-74-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/memory/2916-73-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x00050000000197fd-71.dat	xmrig
behavioral1/memory/2724-63-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/392-61-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/files/0x0003000000018334-59.dat	xmrig
behavioral1/files/0x000500000001975a-53.dat	xmrig
behavioral1/files/0x0009000000018b71-35.dat	xmrig
behavioral1/memory/392-47-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2552	EjukPOr.exe
2468	MziTCaz.exe
2856	ErKXmII.exe
2916	oQiQbun.exe
2456	ibaiiNT.exe
2736	CIRHlDQ.exe
2636	oLLOaOA.exe
2880	alPEhVs.exe
2724	zQPtoNm.exe
2536	aBDFddO.exe
2440	MaDHKxG.exe
1660	HHDWWDr.exe
2692	NSdfEyC.exe
2508	worxTrg.exe
2092	vroxwsx.exe
1688	TmvjtDO.exe
2224	LkCqJqk.exe
3040	ZLndGSW.exe
2172	YVqFmru.exe
2180	NjeaZAM.exe
1144	TxxZqvq.exe
2972	RtBoOQf.exe
2004	gAlYSpE.exe
1200	agYckag.exe
2900	FYinUiD.exe
1728	liVlLlk.exe
2096	uvpOJDK.exe
2432	zviFUjA.exe
1716	ZRnRmUn.exe
2652	PfZzghE.exe
2484	vqPXaMG.exe
1644	NfIoJDj.exe
2580	TqExiet.exe
2420	JLUzfaZ.exe
1052	FPVudoi.exe
1000	ngPlpiP.exe
456	oLczdSo.exe
1944	LfIfXhR.exe
1816	ahTCjjs.exe
1668	GidYjCE.exe
2436	WWCZJjT.exe
2688	wYidlhN.exe
1372	ygfJhRC.exe
1464	vUTZvEj.exe
1988	YxMeUao.exe
964	aRMmWXo.exe
1656	BZctScD.exe
2060	oeaPpic.exe
572	flUtKwN.exe
1632	vZeYbVT.exe
2392	UBTZQfQ.exe
1940	qepnroB.exe
2656	qpqcPVR.exe
1748	JreDhqA.exe
876	WflbLGh.exe
1620	jfJBFam.exe
1752	GNfOdbz.exe
1708	IomaFtR.exe
1700	MczwKDX.exe
1516	YAjGXck.exe
2820	MKQFLVk.exe
2316	adiRKpl.exe
2388	VvwSWeE.exe
2708	VAELOQH.exe

Loads dropped DLL 64 IoCs

pid	Process
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/392-0-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/files/0x000a00000001225c-5.dat	upx
behavioral1/files/0x0009000000018b05-8.dat	upx
behavioral1/files/0x0007000000018b50-15.dat	upx
behavioral1/files/0x0007000000018b54-24.dat	upx
behavioral1/memory/2916-29-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2736-46-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2636-49-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2880-55-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/files/0x0005000000019761-66.dat	upx
behavioral1/files/0x0005000000019820-87.dat	upx
behavioral1/memory/2692-91-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x0005000000019bf6-98.dat	upx
behavioral1/files/0x0005000000019d6d-118.dat	upx
behavioral1/files/0x0005000000019fd4-127.dat	upx
behavioral1/files/0x000500000001a0b6-143.dat	upx
behavioral1/files/0x000500000001a309-146.dat	upx
behavioral1/files/0x000500000001a03c-134.dat	upx
behavioral1/files/0x000500000001a3fd-162.dat	upx
behavioral1/memory/2552-1796-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2916-1827-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2456-1828-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2736-1829-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2468-1800-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2856-1794-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2536-2138-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2724-2139-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2636-2461-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/1660-2220-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2440-2221-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2692-2143-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2508-2140-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2880-2137-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2508-367-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/files/0x000500000001a400-166.dat	upx
behavioral1/files/0x000500000001a3f8-159.dat	upx
behavioral1/files/0x000500000001a3f6-154.dat	upx
behavioral1/files/0x000500000001a3ab-150.dat	upx
behavioral1/files/0x000500000001a049-138.dat	upx
behavioral1/files/0x0005000000019fdd-130.dat	upx
behavioral1/files/0x0005000000019e92-123.dat	upx
behavioral1/files/0x0005000000019d62-114.dat	upx
behavioral1/files/0x0005000000019d61-111.dat	upx
behavioral1/files/0x0005000000019c3c-106.dat	upx
behavioral1/files/0x0005000000019bf9-102.dat	upx
behavioral1/memory/2508-95-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/files/0x0005000000019bf5-94.dat	upx
behavioral1/memory/2880-92-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2440-78-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2536-68-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/1660-85-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2736-83-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x000500000001998d-82.dat	upx
behavioral1/memory/2916-73-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x00050000000197fd-71.dat	upx
behavioral1/memory/2724-63-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/392-61-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/files/0x0003000000018334-59.dat	upx
behavioral1/files/0x000500000001975a-53.dat	upx
behavioral1/files/0x0009000000018b71-35.dat	upx
behavioral1/memory/2456-44-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x0007000000018b89-43.dat	upx
behavioral1/files/0x0007000000018b59-33.dat	upx
behavioral1/memory/2856-22-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hLaVclI.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XKvsXwd.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YUHYgil.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sOEyfNj.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TxxZqvq.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HFZbFpz.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\svmxwDQ.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QTCMQNs.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WFNdwNM.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tgoUKpl.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJckuIz.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UzOjnRw.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zjeUgvU.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\crBACKB.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\worxTrg.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eXDIrLq.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vGaCdci.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CiapTpL.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XzWRWwP.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCSPbrs.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uYOvXop.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dtQPYnL.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oJBWxTw.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JBBXHPm.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFTtqPi.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ISSdOPR.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LTKRXey.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ujmFBIs.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FCsTNIZ.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lFdROMe.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nISNtJB.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zfDwbpi.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ksnKWFd.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pmenjQW.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mkRLxGP.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xuUbJrG.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FuSuCZb.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lxlyTCE.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZULaBgB.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iJIODkZ.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFZpECt.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IzXSqNR.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IomaFtR.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eJmpexB.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SDOWHaa.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IootgNx.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JUmKCbu.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZdHfiHD.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eyilpCJ.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cEiiWGH.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vRyneVh.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AqeDZAd.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zGeNBfF.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aAJKGzU.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sLvsJxx.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\agPqkuM.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\paPsmib.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\edPdgGo.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aSirfMN.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vJrpCOn.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Lzrukne.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GLlHoBO.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZFNkXj.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uQuWPfW.exe	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 392 wrote to memory of 2552	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 392 wrote to memory of 2552	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 392 wrote to memory of 2552	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 392 wrote to memory of 2468	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 392 wrote to memory of 2468	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 392 wrote to memory of 2468	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 392 wrote to memory of 2856	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 392 wrote to memory of 2856	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 392 wrote to memory of 2856	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 392 wrote to memory of 2916	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 392 wrote to memory of 2916	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 392 wrote to memory of 2916	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 392 wrote to memory of 2456	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 392 wrote to memory of 2456	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 392 wrote to memory of 2456	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 392 wrote to memory of 2636	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 392 wrote to memory of 2636	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 392 wrote to memory of 2636	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 392 wrote to memory of 2736	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 392 wrote to memory of 2736	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 392 wrote to memory of 2736	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 392 wrote to memory of 2880	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 392 wrote to memory of 2880	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 392 wrote to memory of 2880	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 392 wrote to memory of 2724	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 392 wrote to memory of 2724	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 392 wrote to memory of 2724	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 392 wrote to memory of 2536	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 392 wrote to memory of 2536	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 392 wrote to memory of 2536	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 392 wrote to memory of 2440	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 392 wrote to memory of 2440	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 392 wrote to memory of 2440	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 392 wrote to memory of 2692	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 392 wrote to memory of 2692	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 392 wrote to memory of 2692	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 392 wrote to memory of 1660	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 392 wrote to memory of 1660	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 392 wrote to memory of 1660	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 392 wrote to memory of 2508	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 392 wrote to memory of 2508	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 392 wrote to memory of 2508	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 392 wrote to memory of 2092	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 392 wrote to memory of 2092	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 392 wrote to memory of 2092	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 392 wrote to memory of 1688	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 392 wrote to memory of 1688	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 392 wrote to memory of 1688	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 392 wrote to memory of 2224	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 392 wrote to memory of 2224	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 392 wrote to memory of 2224	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 392 wrote to memory of 3040	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 392 wrote to memory of 3040	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 392 wrote to memory of 3040	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 392 wrote to memory of 2172	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 392 wrote to memory of 2172	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 392 wrote to memory of 2172	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 392 wrote to memory of 2180	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 392 wrote to memory of 2180	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 392 wrote to memory of 2180	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 392 wrote to memory of 1144	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 392 wrote to memory of 1144	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 392 wrote to memory of 1144	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 392 wrote to memory of 2972	392	2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-18_6e570648d315171fe9baa99e7ff2a786_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:392
- C:\Windows\System\EjukPOr.exe
  C:\Windows\System\EjukPOr.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\MziTCaz.exe
  C:\Windows\System\MziTCaz.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\ErKXmII.exe
  C:\Windows\System\ErKXmII.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\oQiQbun.exe
  C:\Windows\System\oQiQbun.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\ibaiiNT.exe
  C:\Windows\System\ibaiiNT.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\oLLOaOA.exe
  C:\Windows\System\oLLOaOA.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\CIRHlDQ.exe
  C:\Windows\System\CIRHlDQ.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\alPEhVs.exe
  C:\Windows\System\alPEhVs.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\zQPtoNm.exe
  C:\Windows\System\zQPtoNm.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\aBDFddO.exe
  C:\Windows\System\aBDFddO.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\MaDHKxG.exe
  C:\Windows\System\MaDHKxG.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\NSdfEyC.exe
  C:\Windows\System\NSdfEyC.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\HHDWWDr.exe
  C:\Windows\System\HHDWWDr.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\worxTrg.exe
  C:\Windows\System\worxTrg.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\vroxwsx.exe
  C:\Windows\System\vroxwsx.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\TmvjtDO.exe
  C:\Windows\System\TmvjtDO.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\LkCqJqk.exe
  C:\Windows\System\LkCqJqk.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\ZLndGSW.exe
  C:\Windows\System\ZLndGSW.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\YVqFmru.exe
  C:\Windows\System\YVqFmru.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\NjeaZAM.exe
  C:\Windows\System\NjeaZAM.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\TxxZqvq.exe
  C:\Windows\System\TxxZqvq.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\RtBoOQf.exe
  C:\Windows\System\RtBoOQf.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\gAlYSpE.exe
  C:\Windows\System\gAlYSpE.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\agYckag.exe
  C:\Windows\System\agYckag.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\FYinUiD.exe
  C:\Windows\System\FYinUiD.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\liVlLlk.exe
  C:\Windows\System\liVlLlk.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\uvpOJDK.exe
  C:\Windows\System\uvpOJDK.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\zviFUjA.exe
  C:\Windows\System\zviFUjA.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\ZRnRmUn.exe
  C:\Windows\System\ZRnRmUn.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\PfZzghE.exe
  C:\Windows\System\PfZzghE.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\vqPXaMG.exe
  C:\Windows\System\vqPXaMG.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\NfIoJDj.exe
  C:\Windows\System\NfIoJDj.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\TqExiet.exe
  C:\Windows\System\TqExiet.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\JLUzfaZ.exe
  C:\Windows\System\JLUzfaZ.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\FPVudoi.exe
  C:\Windows\System\FPVudoi.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\ngPlpiP.exe
  C:\Windows\System\ngPlpiP.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\oLczdSo.exe
  C:\Windows\System\oLczdSo.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\LfIfXhR.exe
  C:\Windows\System\LfIfXhR.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\ahTCjjs.exe
  C:\Windows\System\ahTCjjs.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\GidYjCE.exe
  C:\Windows\System\GidYjCE.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\WWCZJjT.exe
  C:\Windows\System\WWCZJjT.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\wYidlhN.exe
  C:\Windows\System\wYidlhN.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\ygfJhRC.exe
  C:\Windows\System\ygfJhRC.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\vUTZvEj.exe
  C:\Windows\System\vUTZvEj.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\YxMeUao.exe
  C:\Windows\System\YxMeUao.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\aRMmWXo.exe
  C:\Windows\System\aRMmWXo.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\BZctScD.exe
  C:\Windows\System\BZctScD.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\oeaPpic.exe
  C:\Windows\System\oeaPpic.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\flUtKwN.exe
  C:\Windows\System\flUtKwN.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\vZeYbVT.exe
  C:\Windows\System\vZeYbVT.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\UBTZQfQ.exe
  C:\Windows\System\UBTZQfQ.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\qepnroB.exe
  C:\Windows\System\qepnroB.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\qpqcPVR.exe
  C:\Windows\System\qpqcPVR.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\JreDhqA.exe
  C:\Windows\System\JreDhqA.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\WflbLGh.exe
  C:\Windows\System\WflbLGh.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\jfJBFam.exe
  C:\Windows\System\jfJBFam.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\GNfOdbz.exe
  C:\Windows\System\GNfOdbz.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\IomaFtR.exe
  C:\Windows\System\IomaFtR.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\MczwKDX.exe
  C:\Windows\System\MczwKDX.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\YAjGXck.exe
  C:\Windows\System\YAjGXck.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\MKQFLVk.exe
  C:\Windows\System\MKQFLVk.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\adiRKpl.exe
  C:\Windows\System\adiRKpl.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\VvwSWeE.exe
  C:\Windows\System\VvwSWeE.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\jzjBffA.exe
  C:\Windows\System\jzjBffA.exe
  2⤵
  PID:3024
- C:\Windows\System\VAELOQH.exe
  C:\Windows\System\VAELOQH.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\RtAsYdi.exe
  C:\Windows\System\RtAsYdi.exe
  2⤵
  PID:2196
- C:\Windows\System\LllDavI.exe
  C:\Windows\System\LllDavI.exe
  2⤵
  PID:2612
- C:\Windows\System\dteEsEh.exe
  C:\Windows\System\dteEsEh.exe
  2⤵
  PID:1484
- C:\Windows\System\yIaBSNL.exe
  C:\Windows\System\yIaBSNL.exe
  2⤵
  PID:2320
- C:\Windows\System\ctbRKPL.exe
  C:\Windows\System\ctbRKPL.exe
  2⤵
  PID:3060
- C:\Windows\System\IMDShnA.exe
  C:\Windows\System\IMDShnA.exe
  2⤵
  PID:2908
- C:\Windows\System\MTJcydk.exe
  C:\Windows\System\MTJcydk.exe
  2⤵
  PID:2036
- C:\Windows\System\zfDwbpi.exe
  C:\Windows\System\zfDwbpi.exe
  2⤵
  PID:3028
- C:\Windows\System\QiKftOZ.exe
  C:\Windows\System\QiKftOZ.exe
  2⤵
  PID:2244
- C:\Windows\System\LkXrPop.exe
  C:\Windows\System\LkXrPop.exe
  2⤵
  PID:2576
- C:\Windows\System\iKmTBkY.exe
  C:\Windows\System\iKmTBkY.exe
  2⤵
  PID:2620
- C:\Windows\System\ZOqspXF.exe
  C:\Windows\System\ZOqspXF.exe
  2⤵
  PID:696
- C:\Windows\System\GYrqixu.exe
  C:\Windows\System\GYrqixu.exe
  2⤵
  PID:112
- C:\Windows\System\GvFNrZr.exe
  C:\Windows\System\GvFNrZr.exe
  2⤵
  PID:2476
- C:\Windows\System\LBXkxhP.exe
  C:\Windows\System\LBXkxhP.exe
  2⤵
  PID:920
- C:\Windows\System\mbDPinV.exe
  C:\Windows\System\mbDPinV.exe
  2⤵
  PID:1740
- C:\Windows\System\IkTAgAq.exe
  C:\Windows\System\IkTAgAq.exe
  2⤵
  PID:2868
- C:\Windows\System\XJOKXIs.exe
  C:\Windows\System\XJOKXIs.exe
  2⤵
  PID:2960
- C:\Windows\System\olEyyUJ.exe
  C:\Windows\System\olEyyUJ.exe
  2⤵
  PID:3100
- C:\Windows\System\vQxSoLc.exe
  C:\Windows\System\vQxSoLc.exe
  2⤵
  PID:3272
- C:\Windows\System\UuAxsQv.exe
  C:\Windows\System\UuAxsQv.exe
  2⤵
  PID:3288
- C:\Windows\System\ukLVBqH.exe
  C:\Windows\System\ukLVBqH.exe
  2⤵
  PID:3308
- C:\Windows\System\dRfvlWQ.exe
  C:\Windows\System\dRfvlWQ.exe
  2⤵
  PID:3328
- C:\Windows\System\Jripaai.exe
  C:\Windows\System\Jripaai.exe
  2⤵
  PID:3348
- C:\Windows\System\CTOHdvB.exe
  C:\Windows\System\CTOHdvB.exe
  2⤵
  PID:3368
- C:\Windows\System\TZnxbLC.exe
  C:\Windows\System\TZnxbLC.exe
  2⤵
  PID:3396
- C:\Windows\System\IootgNx.exe
  C:\Windows\System\IootgNx.exe
  2⤵
  PID:3420
- C:\Windows\System\lUwVJAZ.exe
  C:\Windows\System\lUwVJAZ.exe
  2⤵
  PID:3436
- C:\Windows\System\pnlobfN.exe
  C:\Windows\System\pnlobfN.exe
  2⤵
  PID:3456
- C:\Windows\System\dFjSfID.exe
  C:\Windows\System\dFjSfID.exe
  2⤵
  PID:3476
- C:\Windows\System\dVxbIcf.exe
  C:\Windows\System\dVxbIcf.exe
  2⤵
  PID:3496
- C:\Windows\System\oznfqci.exe
  C:\Windows\System\oznfqci.exe
  2⤵
  PID:3516
- C:\Windows\System\rmkCsuD.exe
  C:\Windows\System\rmkCsuD.exe
  2⤵
  PID:3540
- C:\Windows\System\hJqCTNY.exe
  C:\Windows\System\hJqCTNY.exe
  2⤵
  PID:3556
- C:\Windows\System\NcoDoxz.exe
  C:\Windows\System\NcoDoxz.exe
  2⤵
  PID:3572
- C:\Windows\System\fibrEiw.exe
  C:\Windows\System\fibrEiw.exe
  2⤵
  PID:3596
- C:\Windows\System\fScPFGd.exe
  C:\Windows\System\fScPFGd.exe
  2⤵
  PID:3612
- C:\Windows\System\yLDBjGH.exe
  C:\Windows\System\yLDBjGH.exe
  2⤵
  PID:3628
- C:\Windows\System\QMZzBgW.exe
  C:\Windows\System\QMZzBgW.exe
  2⤵
  PID:3644
- C:\Windows\System\szMNPeP.exe
  C:\Windows\System\szMNPeP.exe
  2⤵
  PID:3660
- C:\Windows\System\xLIAlid.exe
  C:\Windows\System\xLIAlid.exe
  2⤵
  PID:3684
- C:\Windows\System\cBWuTwy.exe
  C:\Windows\System\cBWuTwy.exe
  2⤵
  PID:3700
- C:\Windows\System\FivaXRh.exe
  C:\Windows\System\FivaXRh.exe
  2⤵
  PID:3716
- C:\Windows\System\PtcPCDR.exe
  C:\Windows\System\PtcPCDR.exe
  2⤵
  PID:3732
- C:\Windows\System\emmEZDV.exe
  C:\Windows\System\emmEZDV.exe
  2⤵
  PID:3748
- C:\Windows\System\EpxonSb.exe
  C:\Windows\System\EpxonSb.exe
  2⤵
  PID:3776
- C:\Windows\System\HkqpFgy.exe
  C:\Windows\System\HkqpFgy.exe
  2⤵
  PID:3800
- C:\Windows\System\edPdgGo.exe
  C:\Windows\System\edPdgGo.exe
  2⤵
  PID:3816
- C:\Windows\System\rYHDTdm.exe
  C:\Windows\System\rYHDTdm.exe
  2⤵
  PID:3832
- C:\Windows\System\oZDacZA.exe
  C:\Windows\System\oZDacZA.exe
  2⤵
  PID:3848
- C:\Windows\System\RQnpMcY.exe
  C:\Windows\System\RQnpMcY.exe
  2⤵
  PID:3864
- C:\Windows\System\peCiRoA.exe
  C:\Windows\System\peCiRoA.exe
  2⤵
  PID:3880
- C:\Windows\System\HtiOAue.exe
  C:\Windows\System\HtiOAue.exe
  2⤵
  PID:3896
- C:\Windows\System\GslFRVX.exe
  C:\Windows\System\GslFRVX.exe
  2⤵
  PID:3924
- C:\Windows\System\HZWSYww.exe
  C:\Windows\System\HZWSYww.exe
  2⤵
  PID:3976
- C:\Windows\System\ISSdOPR.exe
  C:\Windows\System\ISSdOPR.exe
  2⤵
  PID:3996
- C:\Windows\System\vQCFOLP.exe
  C:\Windows\System\vQCFOLP.exe
  2⤵
  PID:4020
- C:\Windows\System\AJBhIvE.exe
  C:\Windows\System\AJBhIvE.exe
  2⤵
  PID:4040
- C:\Windows\System\CycTeZY.exe
  C:\Windows\System\CycTeZY.exe
  2⤵
  PID:4060
- C:\Windows\System\paORxbk.exe
  C:\Windows\System\paORxbk.exe
  2⤵
  PID:4076
- C:\Windows\System\GmhOryF.exe
  C:\Windows\System\GmhOryF.exe
  2⤵
  PID:436
- C:\Windows\System\QtBDEzu.exe
  C:\Windows\System\QtBDEzu.exe
  2⤵
  PID:316
- C:\Windows\System\iYDeikB.exe
  C:\Windows\System\iYDeikB.exe
  2⤵
  PID:2296
- C:\Windows\System\ZUobrXp.exe
  C:\Windows\System\ZUobrXp.exe
  2⤵
  PID:1552
- C:\Windows\System\hRsjTzr.exe
  C:\Windows\System\hRsjTzr.exe
  2⤵
  PID:1488
- C:\Windows\System\wUwKOGM.exe
  C:\Windows\System\wUwKOGM.exe
  2⤵
  PID:1772
- C:\Windows\System\rqwQsYS.exe
  C:\Windows\System\rqwQsYS.exe
  2⤵
  PID:2824
- C:\Windows\System\HFZbFpz.exe
  C:\Windows\System\HFZbFpz.exe
  2⤵
  PID:3012
- C:\Windows\System\MYUgwZU.exe
  C:\Windows\System\MYUgwZU.exe
  2⤵
  PID:540
- C:\Windows\System\OzpZMJj.exe
  C:\Windows\System\OzpZMJj.exe
  2⤵
  PID:1844
- C:\Windows\System\zerayYx.exe
  C:\Windows\System\zerayYx.exe
  2⤵
  PID:3092
- C:\Windows\System\vWcMtzp.exe
  C:\Windows\System\vWcMtzp.exe
  2⤵
  PID:952
- C:\Windows\System\Qgrchni.exe
  C:\Windows\System\Qgrchni.exe
  2⤵
  PID:1636
- C:\Windows\System\wrOdgrJ.exe
  C:\Windows\System\wrOdgrJ.exe
  2⤵
  PID:1672
- C:\Windows\System\mfFJAnR.exe
  C:\Windows\System\mfFJAnR.exe
  2⤵
  PID:2132
- C:\Windows\System\ufUgVKA.exe
  C:\Windows\System\ufUgVKA.exe
  2⤵
  PID:1004
- C:\Windows\System\IoJgsZX.exe
  C:\Windows\System\IoJgsZX.exe
  2⤵
  PID:2760
- C:\Windows\System\yzKGBLN.exe
  C:\Windows\System\yzKGBLN.exe
  2⤵
  PID:3112
- C:\Windows\System\oLqcxTt.exe
  C:\Windows\System\oLqcxTt.exe
  2⤵
  PID:3128
- C:\Windows\System\meSNQSq.exe
  C:\Windows\System\meSNQSq.exe
  2⤵
  PID:3152
- C:\Windows\System\hPptvab.exe
  C:\Windows\System\hPptvab.exe
  2⤵
  PID:3168
- C:\Windows\System\zZUVNYv.exe
  C:\Windows\System\zZUVNYv.exe
  2⤵
  PID:3188
- C:\Windows\System\SDLmBJy.exe
  C:\Windows\System\SDLmBJy.exe
  2⤵
  PID:3208
- C:\Windows\System\FgxROiM.exe
  C:\Windows\System\FgxROiM.exe
  2⤵
  PID:3228
- C:\Windows\System\jXEWgtL.exe
  C:\Windows\System\jXEWgtL.exe
  2⤵
  PID:3256
- C:\Windows\System\xvCkGkB.exe
  C:\Windows\System\xvCkGkB.exe
  2⤵
  PID:3316
- C:\Windows\System\GwOgKFR.exe
  C:\Windows\System\GwOgKFR.exe
  2⤵
  PID:3320
- C:\Windows\System\VZXgisk.exe
  C:\Windows\System\VZXgisk.exe
  2⤵
  PID:3340
- C:\Windows\System\EVComFj.exe
  C:\Windows\System\EVComFj.exe
  2⤵
  PID:3408
- C:\Windows\System\nRBktLL.exe
  C:\Windows\System\nRBktLL.exe
  2⤵
  PID:3484
- C:\Windows\System\ksnKWFd.exe
  C:\Windows\System\ksnKWFd.exe
  2⤵
  PID:3528
- C:\Windows\System\zwsoVrh.exe
  C:\Windows\System\zwsoVrh.exe
  2⤵
  PID:3568
- C:\Windows\System\rWDlnfN.exe
  C:\Windows\System\rWDlnfN.exe
  2⤵
  PID:3640
- C:\Windows\System\sYchehC.exe
  C:\Windows\System\sYchehC.exe
  2⤵
  PID:3680
- C:\Windows\System\HpdFTRx.exe
  C:\Windows\System\HpdFTRx.exe
  2⤵
  PID:3712
- C:\Windows\System\RjnBMYW.exe
  C:\Windows\System\RjnBMYW.exe
  2⤵
  PID:3788
- C:\Windows\System\jGCNEyr.exe
  C:\Windows\System\jGCNEyr.exe
  2⤵
  PID:3828
- C:\Windows\System\MBighmL.exe
  C:\Windows\System\MBighmL.exe
  2⤵
  PID:3432
- C:\Windows\System\nBqqIVF.exe
  C:\Windows\System\nBqqIVF.exe
  2⤵
  PID:3464
- C:\Windows\System\XeqCAqR.exe
  C:\Windows\System\XeqCAqR.exe
  2⤵
  PID:3548
- C:\Windows\System\vcONUZY.exe
  C:\Windows\System\vcONUZY.exe
  2⤵
  PID:3588
- C:\Windows\System\LoYhBOa.exe
  C:\Windows\System\LoYhBOa.exe
  2⤵
  PID:3756
- C:\Windows\System\IRPpkSp.exe
  C:\Windows\System\IRPpkSp.exe
  2⤵
  PID:3840
- C:\Windows\System\WXctEnS.exe
  C:\Windows\System\WXctEnS.exe
  2⤵
  PID:3908
- C:\Windows\System\MQxndbv.exe
  C:\Windows\System\MQxndbv.exe
  2⤵
  PID:3952
- C:\Windows\System\oDFJIju.exe
  C:\Windows\System\oDFJIju.exe
  2⤵
  PID:3620
- C:\Windows\System\gQggxPq.exe
  C:\Windows\System\gQggxPq.exe
  2⤵
  PID:3968
- C:\Windows\System\dbQSgQi.exe
  C:\Windows\System\dbQSgQi.exe
  2⤵
  PID:4016
- C:\Windows\System\icuiCyK.exe
  C:\Windows\System\icuiCyK.exe
  2⤵
  PID:4052
- C:\Windows\System\IYkPNZu.exe
  C:\Windows\System\IYkPNZu.exe
  2⤵
  PID:3992
- C:\Windows\System\XhFeJKF.exe
  C:\Windows\System\XhFeJKF.exe
  2⤵
  PID:932
- C:\Windows\System\SYqRYCS.exe
  C:\Windows\System\SYqRYCS.exe
  2⤵
  PID:388
- C:\Windows\System\xPfoYhS.exe
  C:\Windows\System\xPfoYhS.exe
  2⤵
  PID:4072
- C:\Windows\System\lOToAIq.exe
  C:\Windows\System\lOToAIq.exe
  2⤵
  PID:2948
- C:\Windows\System\oVDLMaT.exe
  C:\Windows\System\oVDLMaT.exe
  2⤵
  PID:1792
- C:\Windows\System\GpSXwPw.exe
  C:\Windows\System\GpSXwPw.exe
  2⤵
  PID:2008
- C:\Windows\System\KGzNlBD.exe
  C:\Windows\System\KGzNlBD.exe
  2⤵
  PID:3080
- C:\Windows\System\OlSAhqo.exe
  C:\Windows\System\OlSAhqo.exe
  2⤵
  PID:1168
- C:\Windows\System\lhTWrRc.exe
  C:\Windows\System\lhTWrRc.exe
  2⤵
  PID:2572
- C:\Windows\System\yCCsGUH.exe
  C:\Windows\System\yCCsGUH.exe
  2⤵
  PID:3164
- C:\Windows\System\pZOzzIO.exe
  C:\Windows\System\pZOzzIO.exe
  2⤵
  PID:3248
- C:\Windows\System\LTKRXey.exe
  C:\Windows\System\LTKRXey.exe
  2⤵
  PID:3304
- C:\Windows\System\JElzrIL.exe
  C:\Windows\System\JElzrIL.exe
  2⤵
  PID:2524
- C:\Windows\System\gzgzfsC.exe
  C:\Windows\System\gzgzfsC.exe
  2⤵
  PID:3404
- C:\Windows\System\aspjLxh.exe
  C:\Windows\System\aspjLxh.exe
  2⤵
  PID:2116
- C:\Windows\System\DQCcYGb.exe
  C:\Windows\System\DQCcYGb.exe
  2⤵
  PID:3184
- C:\Windows\System\TfrQZcP.exe
  C:\Windows\System\TfrQZcP.exe
  2⤵
  PID:3608
- C:\Windows\System\aEUUGMj.exe
  C:\Windows\System\aEUUGMj.exe
  2⤵
  PID:3224
- C:\Windows\System\amIUVtN.exe
  C:\Windows\System\amIUVtN.exe
  2⤵
  PID:2640
- C:\Windows\System\vhCIeQa.exe
  C:\Windows\System\vhCIeQa.exe
  2⤵
  PID:3444
- C:\Windows\System\BCfoFlO.exe
  C:\Windows\System\BCfoFlO.exe
  2⤵
  PID:3448
- C:\Windows\System\jJXLFtt.exe
  C:\Windows\System\jJXLFtt.exe
  2⤵
  PID:3016
- C:\Windows\System\AqeDZAd.exe
  C:\Windows\System\AqeDZAd.exe
  2⤵
  PID:3580
- C:\Windows\System\pidVVRh.exe
  C:\Windows\System\pidVVRh.exe
  2⤵
  PID:3428
- C:\Windows\System\QsjDnMb.exe
  C:\Windows\System\QsjDnMb.exe
  2⤵
  PID:3812
- C:\Windows\System\PEGooOs.exe
  C:\Windows\System\PEGooOs.exe
  2⤵
  PID:3728
- C:\Windows\System\KHAclDo.exe
  C:\Windows\System\KHAclDo.exe
  2⤵
  PID:3892
- C:\Windows\System\rwMWRpa.exe
  C:\Windows\System\rwMWRpa.exe
  2⤵
  PID:3916
- C:\Windows\System\XiBzeMG.exe
  C:\Windows\System\XiBzeMG.exe
  2⤵
  PID:4048
- C:\Windows\System\QBFvdJo.exe
  C:\Windows\System\QBFvdJo.exe
  2⤵
  PID:3876
- C:\Windows\System\GvHKZuD.exe
  C:\Windows\System\GvHKZuD.exe
  2⤵
  PID:4032
- C:\Windows\System\eSBMULy.exe
  C:\Windows\System\eSBMULy.exe
  2⤵
  PID:3656
- C:\Windows\System\PSxHlQZ.exe
  C:\Windows\System\PSxHlQZ.exe
  2⤵
  PID:2928
- C:\Windows\System\yxaEZqB.exe
  C:\Windows\System\yxaEZqB.exe
  2⤵
  PID:2968
- C:\Windows\System\sEPqdkt.exe
  C:\Windows\System\sEPqdkt.exe
  2⤵
  PID:2376
- C:\Windows\System\OYhvjAK.exe
  C:\Windows\System\OYhvjAK.exe
  2⤵
  PID:2256
- C:\Windows\System\BcDHaHK.exe
  C:\Windows\System\BcDHaHK.exe
  2⤵
  PID:2848
- C:\Windows\System\FCsTNIZ.exe
  C:\Windows\System\FCsTNIZ.exe
  2⤵
  PID:2304
- C:\Windows\System\GwdUiwl.exe
  C:\Windows\System\GwdUiwl.exe
  2⤵
  PID:1576
- C:\Windows\System\TCabSkK.exe
  C:\Windows\System\TCabSkK.exe
  2⤵
  PID:2832
- C:\Windows\System\xUsfzEv.exe
  C:\Windows\System\xUsfzEv.exe
  2⤵
  PID:3160
- C:\Windows\System\trlcdUN.exe
  C:\Windows\System\trlcdUN.exe
  2⤵
  PID:3808
- C:\Windows\System\FtqfHuq.exe
  C:\Windows\System\FtqfHuq.exe
  2⤵
  PID:1512
- C:\Windows\System\YGdMgyV.exe
  C:\Windows\System\YGdMgyV.exe
  2⤵
  PID:4028
- C:\Windows\System\lUzDSKA.exe
  C:\Windows\System\lUzDSKA.exe
  2⤵
  PID:3220
- C:\Windows\System\oqXGtBd.exe
  C:\Windows\System\oqXGtBd.exe
  2⤵
  PID:3144
- C:\Windows\System\llxCKQs.exe
  C:\Windows\System\llxCKQs.exe
  2⤵
  PID:3536
- C:\Windows\System\TuLVrZN.exe
  C:\Windows\System\TuLVrZN.exe
  2⤵
  PID:3792
- C:\Windows\System\DCYtWtv.exe
  C:\Windows\System\DCYtWtv.exe
  2⤵
  PID:3948
- C:\Windows\System\qfUARuN.exe
  C:\Windows\System\qfUARuN.exe
  2⤵
  PID:2788
- C:\Windows\System\egMmFOz.exe
  C:\Windows\System\egMmFOz.exe
  2⤵
  PID:2940
- C:\Windows\System\kzulHav.exe
  C:\Windows\System\kzulHav.exe
  2⤵
  PID:3676
- C:\Windows\System\BtSVHnP.exe
  C:\Windows\System\BtSVHnP.exe
  2⤵
  PID:976
- C:\Windows\System\qFPoMlf.exe
  C:\Windows\System\qFPoMlf.exe
  2⤵
  PID:2268
- C:\Windows\System\nlcvaqe.exe
  C:\Windows\System\nlcvaqe.exe
  2⤵
  PID:4108
- C:\Windows\System\XhqJFsc.exe
  C:\Windows\System\XhqJFsc.exe
  2⤵
  PID:4132
- C:\Windows\System\PnhlffK.exe
  C:\Windows\System\PnhlffK.exe
  2⤵
  PID:4148
- C:\Windows\System\MTMdTlD.exe
  C:\Windows\System\MTMdTlD.exe
  2⤵
  PID:4172
- C:\Windows\System\leFcyzF.exe
  C:\Windows\System\leFcyzF.exe
  2⤵
  PID:4192
- C:\Windows\System\ajWQZhg.exe
  C:\Windows\System\ajWQZhg.exe
  2⤵
  PID:4212
- C:\Windows\System\WCrSmjZ.exe
  C:\Windows\System\WCrSmjZ.exe
  2⤵
  PID:4232
- C:\Windows\System\lCzVFNU.exe
  C:\Windows\System\lCzVFNU.exe
  2⤵
  PID:4252
- C:\Windows\System\SIDYxFa.exe
  C:\Windows\System\SIDYxFa.exe
  2⤵
  PID:4276
- C:\Windows\System\sjbbamY.exe
  C:\Windows\System\sjbbamY.exe
  2⤵
  PID:4304
- C:\Windows\System\GfqGJbl.exe
  C:\Windows\System\GfqGJbl.exe
  2⤵
  PID:4324
- C:\Windows\System\OGvmVvn.exe
  C:\Windows\System\OGvmVvn.exe
  2⤵
  PID:4344
- C:\Windows\System\RJmjwMv.exe
  C:\Windows\System\RJmjwMv.exe
  2⤵
  PID:4364
- C:\Windows\System\tlemImQ.exe
  C:\Windows\System\tlemImQ.exe
  2⤵
  PID:4384
- C:\Windows\System\eqHSKpU.exe
  C:\Windows\System\eqHSKpU.exe
  2⤵
  PID:4404
- C:\Windows\System\ZuIaCVK.exe
  C:\Windows\System\ZuIaCVK.exe
  2⤵
  PID:4424
- C:\Windows\System\tiIVVIn.exe
  C:\Windows\System\tiIVVIn.exe
  2⤵
  PID:4440
- C:\Windows\System\rKALQdF.exe
  C:\Windows\System\rKALQdF.exe
  2⤵
  PID:4464
- C:\Windows\System\NiKhVeJ.exe
  C:\Windows\System\NiKhVeJ.exe
  2⤵
  PID:4484
- C:\Windows\System\hmjjLyX.exe
  C:\Windows\System\hmjjLyX.exe
  2⤵
  PID:4504
- C:\Windows\System\csFIhWV.exe
  C:\Windows\System\csFIhWV.exe
  2⤵
  PID:4528
- C:\Windows\System\kQeXldR.exe
  C:\Windows\System\kQeXldR.exe
  2⤵
  PID:4544
- C:\Windows\System\zWUNKAi.exe
  C:\Windows\System\zWUNKAi.exe
  2⤵
  PID:4560
- C:\Windows\System\yVMchkJ.exe
  C:\Windows\System\yVMchkJ.exe
  2⤵
  PID:4580
- C:\Windows\System\aATlElb.exe
  C:\Windows\System\aATlElb.exe
  2⤵
  PID:4596
- C:\Windows\System\tKZrSSL.exe
  C:\Windows\System\tKZrSSL.exe
  2⤵
  PID:4616
- C:\Windows\System\uHRCYca.exe
  C:\Windows\System\uHRCYca.exe
  2⤵
  PID:4640
- C:\Windows\System\bTOBoTn.exe
  C:\Windows\System\bTOBoTn.exe
  2⤵
  PID:4656
- C:\Windows\System\iBLVYuw.exe
  C:\Windows\System\iBLVYuw.exe
  2⤵
  PID:4680
- C:\Windows\System\ZQawGyc.exe
  C:\Windows\System\ZQawGyc.exe
  2⤵
  PID:4696
- C:\Windows\System\KCrOtrV.exe
  C:\Windows\System\KCrOtrV.exe
  2⤵
  PID:4724
- C:\Windows\System\lOsqAon.exe
  C:\Windows\System\lOsqAon.exe
  2⤵
  PID:4744
- C:\Windows\System\UXZrsdp.exe
  C:\Windows\System\UXZrsdp.exe
  2⤵
  PID:4764
- C:\Windows\System\fZhlIei.exe
  C:\Windows\System\fZhlIei.exe
  2⤵
  PID:4784
- C:\Windows\System\ECqbMKG.exe
  C:\Windows\System\ECqbMKG.exe
  2⤵
  PID:4800
- C:\Windows\System\AylBWHJ.exe
  C:\Windows\System\AylBWHJ.exe
  2⤵
  PID:4816
- C:\Windows\System\GUbaibj.exe
  C:\Windows\System\GUbaibj.exe
  2⤵
  PID:4836
- C:\Windows\System\ICUqvzc.exe
  C:\Windows\System\ICUqvzc.exe
  2⤵
  PID:4860
- C:\Windows\System\zGeNBfF.exe
  C:\Windows\System\zGeNBfF.exe
  2⤵
  PID:4888
- C:\Windows\System\RRlwFMN.exe
  C:\Windows\System\RRlwFMN.exe
  2⤵
  PID:4908
- C:\Windows\System\RFKlrIn.exe
  C:\Windows\System\RFKlrIn.exe
  2⤵
  PID:4924
- C:\Windows\System\ChRSqlS.exe
  C:\Windows\System\ChRSqlS.exe
  2⤵
  PID:4948
- C:\Windows\System\prqYZZB.exe
  C:\Windows\System\prqYZZB.exe
  2⤵
  PID:4972
- C:\Windows\System\WwnPMof.exe
  C:\Windows\System\WwnPMof.exe
  2⤵
  PID:4992
- C:\Windows\System\BuIxsKR.exe
  C:\Windows\System\BuIxsKR.exe
  2⤵
  PID:5012
- C:\Windows\System\LMKkmoP.exe
  C:\Windows\System\LMKkmoP.exe
  2⤵
  PID:5028
- C:\Windows\System\kNoZJjZ.exe
  C:\Windows\System\kNoZJjZ.exe
  2⤵
  PID:5052
- C:\Windows\System\nZqoYOH.exe
  C:\Windows\System\nZqoYOH.exe
  2⤵
  PID:5072
- C:\Windows\System\BMUKOxH.exe
  C:\Windows\System\BMUKOxH.exe
  2⤵
  PID:5092
- C:\Windows\System\qRCagKy.exe
  C:\Windows\System\qRCagKy.exe
  2⤵
  PID:5112
- C:\Windows\System\qeBBzTe.exe
  C:\Windows\System\qeBBzTe.exe
  2⤵
  PID:3180
- C:\Windows\System\JFNARKN.exe
  C:\Windows\System\JFNARKN.exe
  2⤵
  PID:4092
- C:\Windows\System\bXQxBjf.exe
  C:\Windows\System\bXQxBjf.exe
  2⤵
  PID:2648
- C:\Windows\System\ohdwKBd.exe
  C:\Windows\System\ohdwKBd.exe
  2⤵
  PID:1556
- C:\Windows\System\dncVcFy.exe
  C:\Windows\System\dncVcFy.exe
  2⤵
  PID:1968
- C:\Windows\System\yBNqBMO.exe
  C:\Windows\System\yBNqBMO.exe
  2⤵
  PID:3096
- C:\Windows\System\AAtwjge.exe
  C:\Windows\System\AAtwjge.exe
  2⤵
  PID:900
- C:\Windows\System\WvGZiyG.exe
  C:\Windows\System\WvGZiyG.exe
  2⤵
  PID:2988
- C:\Windows\System\NVeIZhL.exe
  C:\Windows\System\NVeIZhL.exe
  2⤵
  PID:3636
- C:\Windows\System\fyqnTBf.exe
  C:\Windows\System\fyqnTBf.exe
  2⤵
  PID:3824
- C:\Windows\System\SMwpGFp.exe
  C:\Windows\System\SMwpGFp.exe
  2⤵
  PID:4180
- C:\Windows\System\CPgMpJp.exe
  C:\Windows\System\CPgMpJp.exe
  2⤵
  PID:3488
- C:\Windows\System\uAPEnSs.exe
  C:\Windows\System\uAPEnSs.exe
  2⤵
  PID:3324
- C:\Windows\System\rdQsbwG.exe
  C:\Windows\System\rdQsbwG.exe
  2⤵
  PID:4272
- C:\Windows\System\XXwxWkw.exe
  C:\Windows\System\XXwxWkw.exe
  2⤵
  PID:4320
- C:\Windows\System\IpqmzkQ.exe
  C:\Windows\System\IpqmzkQ.exe
  2⤵
  PID:4120
- C:\Windows\System\QaSsaDz.exe
  C:\Windows\System\QaSsaDz.exe
  2⤵
  PID:4156
- C:\Windows\System\SPaKLFU.exe
  C:\Windows\System\SPaKLFU.exe
  2⤵
  PID:4292
- C:\Windows\System\QaMACvV.exe
  C:\Windows\System\QaMACvV.exe
  2⤵
  PID:4288
- C:\Windows\System\CwXRHje.exe
  C:\Windows\System\CwXRHje.exe
  2⤵
  PID:4480
- C:\Windows\System\hLaVclI.exe
  C:\Windows\System\hLaVclI.exe
  2⤵
  PID:4524
- C:\Windows\System\iPhVctM.exe
  C:\Windows\System\iPhVctM.exe
  2⤵
  PID:4340
- C:\Windows\System\iZxYWjJ.exe
  C:\Windows\System\iZxYWjJ.exe
  2⤵
  PID:4372
- C:\Windows\System\AmkYRce.exe
  C:\Windows\System\AmkYRce.exe
  2⤵
  PID:4448
- C:\Windows\System\qGTMtcC.exe
  C:\Windows\System\qGTMtcC.exe
  2⤵
  PID:4628
- C:\Windows\System\ipAfFCn.exe
  C:\Windows\System\ipAfFCn.exe
  2⤵
  PID:4500
- C:\Windows\System\bgJSpQl.exe
  C:\Windows\System\bgJSpQl.exe
  2⤵
  PID:4704
- C:\Windows\System\ziEyUTs.exe
  C:\Windows\System\ziEyUTs.exe
  2⤵
  PID:4752
- C:\Windows\System\JvZqOGw.exe
  C:\Windows\System\JvZqOGw.exe
  2⤵
  PID:4648
- C:\Windows\System\vECAlfE.exe
  C:\Windows\System\vECAlfE.exe
  2⤵
  PID:4652
- C:\Windows\System\EmPaSCu.exe
  C:\Windows\System\EmPaSCu.exe
  2⤵
  PID:4824
- C:\Windows\System\geUbBdk.exe
  C:\Windows\System\geUbBdk.exe
  2⤵
  PID:4736
- C:\Windows\System\Ppdvgrv.exe
  C:\Windows\System\Ppdvgrv.exe
  2⤵
  PID:4808
- C:\Windows\System\jtdoKnD.exe
  C:\Windows\System\jtdoKnD.exe
  2⤵
  PID:4880
- C:\Windows\System\WUDveDG.exe
  C:\Windows\System\WUDveDG.exe
  2⤵
  PID:4844
- C:\Windows\System\eJhfQgF.exe
  C:\Windows\System\eJhfQgF.exe
  2⤵
  PID:4956
- C:\Windows\System\uXszPKg.exe
  C:\Windows\System\uXszPKg.exe
  2⤵
  PID:4964
- C:\Windows\System\hKIzjIx.exe
  C:\Windows\System\hKIzjIx.exe
  2⤵
  PID:5004
- C:\Windows\System\aVBkYbB.exe
  C:\Windows\System\aVBkYbB.exe
  2⤵
  PID:4988
- C:\Windows\System\cDVdvca.exe
  C:\Windows\System\cDVdvca.exe
  2⤵
  PID:5048
- C:\Windows\System\PJTmAkq.exe
  C:\Windows\System\PJTmAkq.exe
  2⤵
  PID:5024
- C:\Windows\System\cPlinXX.exe
  C:\Windows\System\cPlinXX.exe
  2⤵
  PID:3148
- C:\Windows\System\LVewHHd.exe
  C:\Windows\System\LVewHHd.exe
  2⤵
  PID:5100
- C:\Windows\System\wIiTTYc.exe
  C:\Windows\System\wIiTTYc.exe
  2⤵
  PID:884
- C:\Windows\System\cJckuIz.exe
  C:\Windows\System\cJckuIz.exe
  2⤵
  PID:3388
- C:\Windows\System\dNUrkPb.exe
  C:\Windows\System\dNUrkPb.exe
  2⤵
  PID:3936
- C:\Windows\System\AgxUlkz.exe
  C:\Windows\System\AgxUlkz.exe
  2⤵
  PID:3768
- C:\Windows\System\CTHquwP.exe
  C:\Windows\System\CTHquwP.exe
  2⤵
  PID:3492
- C:\Windows\System\qnUdtVu.exe
  C:\Windows\System\qnUdtVu.exe
  2⤵
  PID:4188
- C:\Windows\System\EPmmiyt.exe
  C:\Windows\System\EPmmiyt.exe
  2⤵
  PID:4184
- C:\Windows\System\MXinKLz.exe
  C:\Windows\System\MXinKLz.exe
  2⤵
  PID:4160
- C:\Windows\System\IDpgFpP.exe
  C:\Windows\System\IDpgFpP.exe
  2⤵
  PID:4284
- C:\Windows\System\stAFvjv.exe
  C:\Windows\System\stAFvjv.exe
  2⤵
  PID:4356
- C:\Windows\System\QDxYByb.exe
  C:\Windows\System\QDxYByb.exe
  2⤵
  PID:4588
- C:\Windows\System\PYHtDRR.exe
  C:\Windows\System\PYHtDRR.exe
  2⤵
  PID:4624
- C:\Windows\System\yrzlGEp.exe
  C:\Windows\System\yrzlGEp.exe
  2⤵
  PID:4612
- C:\Windows\System\RJTEpWb.exe
  C:\Windows\System\RJTEpWb.exe
  2⤵
  PID:4540
- C:\Windows\System\uaVDVcV.exe
  C:\Windows\System\uaVDVcV.exe
  2⤵
  PID:4812
- C:\Windows\System\IKkePbx.exe
  C:\Windows\System\IKkePbx.exe
  2⤵
  PID:4552
- C:\Windows\System\edOYcAy.exe
  C:\Windows\System\edOYcAy.exe
  2⤵
  PID:4664
- C:\Windows\System\DxzbeJX.exe
  C:\Windows\System\DxzbeJX.exe
  2⤵
  PID:4900
- C:\Windows\System\YuXTjki.exe
  C:\Windows\System\YuXTjki.exe
  2⤵
  PID:5080
- C:\Windows\System\EQDlhjv.exe
  C:\Windows\System\EQDlhjv.exe
  2⤵
  PID:4572
- C:\Windows\System\hjhmLxF.exe
  C:\Windows\System\hjhmLxF.exe
  2⤵
  PID:4780
- C:\Windows\System\JqeepVP.exe
  C:\Windows\System\JqeepVP.exe
  2⤵
  PID:4088
- C:\Windows\System\eWGEDdY.exe
  C:\Windows\System\eWGEDdY.exe
  2⤵
  PID:4904
- C:\Windows\System\kmeqaow.exe
  C:\Windows\System\kmeqaow.exe
  2⤵
  PID:2288
- C:\Windows\System\KdwSpAF.exe
  C:\Windows\System\KdwSpAF.exe
  2⤵
  PID:2984
- C:\Windows\System\uyTrMOf.exe
  C:\Windows\System\uyTrMOf.exe
  2⤵
  PID:4316
- C:\Windows\System\uDmBJSt.exe
  C:\Windows\System\uDmBJSt.exe
  2⤵
  PID:5060
- C:\Windows\System\mKufqkc.exe
  C:\Windows\System\mKufqkc.exe
  2⤵
  PID:4208
- C:\Windows\System\NNaavkH.exe
  C:\Windows\System\NNaavkH.exe
  2⤵
  PID:3724
- C:\Windows\System\pqEFABY.exe
  C:\Windows\System\pqEFABY.exe
  2⤵
  PID:4360
- C:\Windows\System\QdazgaU.exe
  C:\Windows\System\QdazgaU.exe
  2⤵
  PID:4772
- C:\Windows\System\JtUgjsU.exe
  C:\Windows\System\JtUgjsU.exe
  2⤵
  PID:4124
- C:\Windows\System\TMlOAhf.exe
  C:\Windows\System\TMlOAhf.exe
  2⤵
  PID:4856
- C:\Windows\System\lokEecb.exe
  C:\Windows\System\lokEecb.exe
  2⤵
  PID:1640
- C:\Windows\System\iioTrfb.exe
  C:\Windows\System\iioTrfb.exe
  2⤵
  PID:4300
- C:\Windows\System\ToMcEnY.exe
  C:\Windows\System\ToMcEnY.exe
  2⤵
  PID:4128
- C:\Windows\System\ZVOPcCM.exe
  C:\Windows\System\ZVOPcCM.exe
  2⤵
  PID:3412
- C:\Windows\System\yDmSBnC.exe
  C:\Windows\System\yDmSBnC.exe
  2⤵
  PID:4492
- C:\Windows\System\liJoiSA.exe
  C:\Windows\System\liJoiSA.exe
  2⤵
  PID:5140
- C:\Windows\System\uQuWPfW.exe
  C:\Windows\System\uQuWPfW.exe
  2⤵
  PID:5172
- C:\Windows\System\lfCQIdi.exe
  C:\Windows\System\lfCQIdi.exe
  2⤵
  PID:5192
- C:\Windows\System\gYjYNAO.exe
  C:\Windows\System\gYjYNAO.exe
  2⤵
  PID:5208
- C:\Windows\System\eJmpexB.exe
  C:\Windows\System\eJmpexB.exe
  2⤵
  PID:5236
- C:\Windows\System\rpcYWib.exe
  C:\Windows\System\rpcYWib.exe
  2⤵
  PID:5252
- C:\Windows\System\soCRxUO.exe
  C:\Windows\System\soCRxUO.exe
  2⤵
  PID:5272
- C:\Windows\System\hLEaOQs.exe
  C:\Windows\System\hLEaOQs.exe
  2⤵
  PID:5288
- C:\Windows\System\mvDGnGq.exe
  C:\Windows\System\mvDGnGq.exe
  2⤵
  PID:5312
- C:\Windows\System\rgOayiE.exe
  C:\Windows\System\rgOayiE.exe
  2⤵
  PID:5328
- C:\Windows\System\PFOdxpF.exe
  C:\Windows\System\PFOdxpF.exe
  2⤵
  PID:5348
- C:\Windows\System\BLUaVNc.exe
  C:\Windows\System\BLUaVNc.exe
  2⤵
  PID:5368
- C:\Windows\System\eQyRQxc.exe
  C:\Windows\System\eQyRQxc.exe
  2⤵
  PID:5388
- C:\Windows\System\fqDvyBk.exe
  C:\Windows\System\fqDvyBk.exe
  2⤵
  PID:5416
- C:\Windows\System\BuhgsDr.exe
  C:\Windows\System\BuhgsDr.exe
  2⤵
  PID:5432
- C:\Windows\System\TmbjUjC.exe
  C:\Windows\System\TmbjUjC.exe
  2⤵
  PID:5448
- C:\Windows\System\BgcNgwe.exe
  C:\Windows\System\BgcNgwe.exe
  2⤵
  PID:5476
- C:\Windows\System\OigFQnY.exe
  C:\Windows\System\OigFQnY.exe
  2⤵
  PID:5492
- C:\Windows\System\bBMPyvG.exe
  C:\Windows\System\bBMPyvG.exe
  2⤵
  PID:5516
- C:\Windows\System\dghSaGw.exe
  C:\Windows\System\dghSaGw.exe
  2⤵
  PID:5532
- C:\Windows\System\LIPVlAq.exe
  C:\Windows\System\LIPVlAq.exe
  2⤵
  PID:5556
- C:\Windows\System\HtMHCDq.exe
  C:\Windows\System\HtMHCDq.exe
  2⤵
  PID:5576
- C:\Windows\System\UgKZhfV.exe
  C:\Windows\System\UgKZhfV.exe
  2⤵
  PID:5592
- C:\Windows\System\KMYVPQI.exe
  C:\Windows\System\KMYVPQI.exe
  2⤵
  PID:5612
- C:\Windows\System\aJlJdpe.exe
  C:\Windows\System\aJlJdpe.exe
  2⤵
  PID:5628
- C:\Windows\System\zTPtuAK.exe
  C:\Windows\System\zTPtuAK.exe
  2⤵
  PID:5644
- C:\Windows\System\uelYvpB.exe
  C:\Windows\System\uelYvpB.exe
  2⤵
  PID:5660
- C:\Windows\System\zsjuGWV.exe
  C:\Windows\System\zsjuGWV.exe
  2⤵
  PID:5732
- C:\Windows\System\DhcEsRo.exe
  C:\Windows\System\DhcEsRo.exe
  2⤵
  PID:5748
- C:\Windows\System\QtGukFV.exe
  C:\Windows\System\QtGukFV.exe
  2⤵
  PID:5764
- C:\Windows\System\pVGQRZu.exe
  C:\Windows\System\pVGQRZu.exe
  2⤵
  PID:5780
- C:\Windows\System\CRSOerT.exe
  C:\Windows\System\CRSOerT.exe
  2⤵
  PID:5796
- C:\Windows\System\cMnQoqJ.exe
  C:\Windows\System\cMnQoqJ.exe
  2⤵
  PID:5812
- C:\Windows\System\YAAnjrs.exe
  C:\Windows\System\YAAnjrs.exe
  2⤵
  PID:5828
- C:\Windows\System\hkUhWTP.exe
  C:\Windows\System\hkUhWTP.exe
  2⤵
  PID:5844
- C:\Windows\System\FMLdTBV.exe
  C:\Windows\System\FMLdTBV.exe
  2⤵
  PID:5860
- C:\Windows\System\xuUbJrG.exe
  C:\Windows\System\xuUbJrG.exe
  2⤵
  PID:5896
- C:\Windows\System\NuRhWLH.exe
  C:\Windows\System\NuRhWLH.exe
  2⤵
  PID:5912
- C:\Windows\System\SFpxwBf.exe
  C:\Windows\System\SFpxwBf.exe
  2⤵
  PID:5932
- C:\Windows\System\PlGCmuB.exe
  C:\Windows\System\PlGCmuB.exe
  2⤵
  PID:5952
- C:\Windows\System\mnFjwhi.exe
  C:\Windows\System\mnFjwhi.exe
  2⤵
  PID:5996
- C:\Windows\System\Njzemzj.exe
  C:\Windows\System\Njzemzj.exe
  2⤵
  PID:6016
- C:\Windows\System\vIoSKTh.exe
  C:\Windows\System\vIoSKTh.exe
  2⤵
  PID:6036
- C:\Windows\System\CRqZSNE.exe
  C:\Windows\System\CRqZSNE.exe
  2⤵
  PID:6056
- C:\Windows\System\mhHNSdm.exe
  C:\Windows\System\mhHNSdm.exe
  2⤵
  PID:6076
- C:\Windows\System\bwIBZfT.exe
  C:\Windows\System\bwIBZfT.exe
  2⤵
  PID:6092
- C:\Windows\System\wBQTBBr.exe
  C:\Windows\System\wBQTBBr.exe
  2⤵
  PID:6108
- C:\Windows\System\aAJKGzU.exe
  C:\Windows\System\aAJKGzU.exe
  2⤵
  PID:6124
- C:\Windows\System\ujTuEaT.exe
  C:\Windows\System\ujTuEaT.exe
  2⤵
  PID:6140
- C:\Windows\System\TXrJoMf.exe
  C:\Windows\System\TXrJoMf.exe
  2⤵
  PID:4436
- C:\Windows\System\WbWGYGv.exe
  C:\Windows\System\WbWGYGv.exe
  2⤵
  PID:4412
- C:\Windows\System\TBaCyBP.exe
  C:\Windows\System\TBaCyBP.exe
  2⤵
  PID:4712
- C:\Windows\System\txWCifY.exe
  C:\Windows\System\txWCifY.exe
  2⤵
  PID:4740
- C:\Windows\System\FMMnnHA.exe
  C:\Windows\System\FMMnnHA.exe
  2⤵
  PID:4852
- C:\Windows\System\oWEAzsj.exe
  C:\Windows\System\oWEAzsj.exe
  2⤵
  PID:5000
- C:\Windows\System\PMApIUK.exe
  C:\Windows\System\PMApIUK.exe
  2⤵
  PID:4352
- C:\Windows\System\RUzcCtx.exe
  C:\Windows\System\RUzcCtx.exe
  2⤵
  PID:5160
- C:\Windows\System\GEbIoTQ.exe
  C:\Windows\System\GEbIoTQ.exe
  2⤵
  PID:5040
- C:\Windows\System\NeGXmYb.exe
  C:\Windows\System\NeGXmYb.exe
  2⤵
  PID:5200
- C:\Windows\System\zHTFbOK.exe
  C:\Windows\System\zHTFbOK.exe
  2⤵
  PID:4260
- C:\Windows\System\PNbpXmc.exe
  C:\Windows\System\PNbpXmc.exe
  2⤵
  PID:4520
- C:\Windows\System\fUyoMZA.exe
  C:\Windows\System\fUyoMZA.exe
  2⤵
  PID:4756
- C:\Windows\System\qRrhWVH.exe
  C:\Windows\System\qRrhWVH.exe
  2⤵
  PID:5360
- C:\Windows\System\PSRSgzy.exe
  C:\Windows\System\PSRSgzy.exe
  2⤵
  PID:5184
- C:\Windows\System\LpFfYJj.exe
  C:\Windows\System\LpFfYJj.exe
  2⤵
  PID:5440
- C:\Windows\System\FXYXXWz.exe
  C:\Windows\System\FXYXXWz.exe
  2⤵
  PID:5220
- C:\Windows\System\mXlDyqD.exe
  C:\Windows\System\mXlDyqD.exe
  2⤵
  PID:5484
- C:\Windows\System\XpRZgkj.exe
  C:\Windows\System\XpRZgkj.exe
  2⤵
  PID:5572
- C:\Windows\System\pZSPMNP.exe
  C:\Windows\System\pZSPMNP.exe
  2⤵
  PID:5296
- C:\Windows\System\nhRxnns.exe
  C:\Windows\System\nhRxnns.exe
  2⤵
  PID:5500
- C:\Windows\System\QqdbsWi.exe
  C:\Windows\System\QqdbsWi.exe
  2⤵
  PID:5428
- C:\Windows\System\OCrJikL.exe
  C:\Windows\System\OCrJikL.exe
  2⤵
  PID:5472
- C:\Windows\System\bITkjcc.exe
  C:\Windows\System\bITkjcc.exe
  2⤵
  PID:5684
- C:\Windows\System\OzHWTNc.exe
  C:\Windows\System\OzHWTNc.exe
  2⤵
  PID:5540
- C:\Windows\System\RVOGxGq.exe
  C:\Windows\System\RVOGxGq.exe
  2⤵
  PID:2924
- C:\Windows\System\sTJrdZH.exe
  C:\Windows\System\sTJrdZH.exe
  2⤵
  PID:2716
- C:\Windows\System\MWCMjqd.exe
  C:\Windows\System\MWCMjqd.exe
  2⤵
  PID:3384
- C:\Windows\System\rqJNzqt.exe
  C:\Windows\System\rqJNzqt.exe
  2⤵
  PID:5624
- C:\Windows\System\qiKpxjt.exe
  C:\Windows\System\qiKpxjt.exe
  2⤵
  PID:5728
- C:\Windows\System\uQUavDi.exe
  C:\Windows\System\uQUavDi.exe
  2⤵
  PID:5740
- C:\Windows\System\wLYmMAo.exe
  C:\Windows\System\wLYmMAo.exe
  2⤵
  PID:5820
- C:\Windows\System\nKFmGrn.exe
  C:\Windows\System\nKFmGrn.exe
  2⤵
  PID:5824
- C:\Windows\System\nulohRM.exe
  C:\Windows\System\nulohRM.exe
  2⤵
  PID:5908
- C:\Windows\System\wBvxYjI.exe
  C:\Windows\System\wBvxYjI.exe
  2⤵
  PID:5804
- C:\Windows\System\ezheLEA.exe
  C:\Windows\System\ezheLEA.exe
  2⤵
  PID:6044
- C:\Windows\System\cMZbeUK.exe
  C:\Windows\System\cMZbeUK.exe
  2⤵
  PID:5868
- C:\Windows\System\vFExZMC.exe
  C:\Windows\System\vFExZMC.exe
  2⤵
  PID:5888
- C:\Windows\System\kRoieHq.exe
  C:\Windows\System\kRoieHq.exe
  2⤵
  PID:6088
- C:\Windows\System\TsGkkwU.exe
  C:\Windows\System\TsGkkwU.exe
  2⤵
  PID:5968
- C:\Windows\System\dzjRNUA.exe
  C:\Windows\System\dzjRNUA.exe
  2⤵
  PID:6028
- C:\Windows\System\tJYgcKf.exe
  C:\Windows\System\tJYgcKf.exe
  2⤵
  PID:6072
- C:\Windows\System\ZTilsml.exe
  C:\Windows\System\ZTilsml.exe
  2⤵
  PID:4432
- C:\Windows\System\bvKisYa.exe
  C:\Windows\System\bvKisYa.exe
  2⤵
  PID:6132
- C:\Windows\System\sNJgFzL.exe
  C:\Windows\System\sNJgFzL.exe
  2⤵
  PID:3872
- C:\Windows\System\wKGGzvZ.exe
  C:\Windows\System\wKGGzvZ.exe
  2⤵
  PID:5168
- C:\Windows\System\rwbVbNu.exe
  C:\Windows\System\rwbVbNu.exe
  2⤵
  PID:3960
- C:\Windows\System\BhuPsAI.exe
  C:\Windows\System\BhuPsAI.exe
  2⤵
  PID:5244
- C:\Windows\System\fiNFQeH.exe
  C:\Windows\System\fiNFQeH.exe
  2⤵
  PID:2784
- C:\Windows\System\hkGxYgZ.exe
  C:\Windows\System\hkGxYgZ.exe
  2⤵
  PID:4200
- C:\Windows\System\uKsRhFu.exe
  C:\Windows\System\uKsRhFu.exe
  2⤵
  PID:2952
- C:\Windows\System\QHlgyNj.exe
  C:\Windows\System\QHlgyNj.exe
  2⤵
  PID:2080
- C:\Windows\System\UzQyqqE.exe
  C:\Windows\System\UzQyqqE.exe
  2⤵
  PID:1960
- C:\Windows\System\WHoNcXM.exe
  C:\Windows\System\WHoNcXM.exe
  2⤵
  PID:5232
- C:\Windows\System\vutjSaF.exe
  C:\Windows\System\vutjSaF.exe
  2⤵
  PID:2112
- C:\Windows\System\nJNwZsu.exe
  C:\Windows\System\nJNwZsu.exe
  2⤵
  PID:5264
- C:\Windows\System\xqhxRri.exe
  C:\Windows\System\xqhxRri.exe
  2⤵
  PID:5344
- C:\Windows\System\upmeRxB.exe
  C:\Windows\System\upmeRxB.exe
  2⤵
  PID:5376
- C:\Windows\System\Kofxbms.exe
  C:\Windows\System\Kofxbms.exe
  2⤵
  PID:5468
- C:\Windows\System\PmrBNbj.exe
  C:\Windows\System\PmrBNbj.exe
  2⤵
  PID:5924
- C:\Windows\System\ijixgJe.exe
  C:\Windows\System\ijixgJe.exe
  2⤵
  PID:5552
- C:\Windows\System\PyEZpMs.exe
  C:\Windows\System\PyEZpMs.exe
  2⤵
  PID:2872
- C:\Windows\System\yTfIDRb.exe
  C:\Windows\System\yTfIDRb.exe
  2⤵
  PID:5652
- C:\Windows\System\TgiLPwc.exe
  C:\Windows\System\TgiLPwc.exe
  2⤵
  PID:5788
- C:\Windows\System\ouzfWMW.exe
  C:\Windows\System\ouzfWMW.exe
  2⤵
  PID:5904
- C:\Windows\System\pffFXsK.exe
  C:\Windows\System\pffFXsK.exe
  2⤵
  PID:6052
- C:\Windows\System\AjfeHdn.exe
  C:\Windows\System\AjfeHdn.exe
  2⤵
  PID:5876
- C:\Windows\System\SqSGWBl.exe
  C:\Windows\System\SqSGWBl.exe
  2⤵
  PID:2416
- C:\Windows\System\DmfXKrQ.exe
  C:\Windows\System\DmfXKrQ.exe
  2⤵
  PID:5976
- C:\Windows\System\HqTeYmy.exe
  C:\Windows\System\HqTeYmy.exe
  2⤵
  PID:5964
- C:\Windows\System\UkwADXB.exe
  C:\Windows\System\UkwADXB.exe
  2⤵
  PID:2756
- C:\Windows\System\ractfhd.exe
  C:\Windows\System\ractfhd.exe
  2⤵
  PID:6104
- C:\Windows\System\NwRYtBh.exe
  C:\Windows\System\NwRYtBh.exe
  2⤵
  PID:4916
- C:\Windows\System\WSeStKD.exe
  C:\Windows\System\WSeStKD.exe
  2⤵
  PID:5148
- C:\Windows\System\BBfXGrR.exe
  C:\Windows\System\BBfXGrR.exe
  2⤵
  PID:2912
- C:\Windows\System\eyJpADb.exe
  C:\Windows\System\eyJpADb.exe
  2⤵
  PID:5324
- C:\Windows\System\YEdheIe.exe
  C:\Windows\System\YEdheIe.exe
  2⤵
  PID:5356
- C:\Windows\System\nEGYXKS.exe
  C:\Windows\System\nEGYXKS.exe
  2⤵
  PID:5188
- C:\Windows\System\mnXwvjX.exe
  C:\Windows\System\mnXwvjX.exe
  2⤵
  PID:1572
- C:\Windows\System\SDOWHaa.exe
  C:\Windows\System\SDOWHaa.exe
  2⤵
  PID:5304
- C:\Windows\System\WsdKEda.exe
  C:\Windows\System\WsdKEda.exe
  2⤵
  PID:5260
- C:\Windows\System\AqzIUvN.exe
  C:\Windows\System\AqzIUvN.exe
  2⤵
  PID:5336
- C:\Windows\System\SdsuBvc.exe
  C:\Windows\System\SdsuBvc.exe
  2⤵
  PID:580
- C:\Windows\System\lfJwvQu.exe
  C:\Windows\System\lfJwvQu.exe
  2⤵
  PID:5512
- C:\Windows\System\QASeHpN.exe
  C:\Windows\System\QASeHpN.exe
  2⤵
  PID:1312
- C:\Windows\System\EjdyBpN.exe
  C:\Windows\System\EjdyBpN.exe
  2⤵
  PID:2936
- C:\Windows\System\RSxPDcP.exe
  C:\Windows\System\RSxPDcP.exe
  2⤵
  PID:5772
- C:\Windows\System\vpMgGoy.exe
  C:\Windows\System\vpMgGoy.exe
  2⤵
  PID:5724
- C:\Windows\System\ezDAcvt.exe
  C:\Windows\System\ezDAcvt.exe
  2⤵
  PID:2720
- C:\Windows\System\FeGOWuh.exe
  C:\Windows\System\FeGOWuh.exe
  2⤵
  PID:5944
- C:\Windows\System\zKiZkTF.exe
  C:\Windows\System\zKiZkTF.exe
  2⤵
  PID:5984
- C:\Windows\System\ENNBvvv.exe
  C:\Windows\System\ENNBvvv.exe
  2⤵
  PID:2852
- C:\Windows\System\yJDgvYW.exe
  C:\Windows\System\yJDgvYW.exe
  2⤵
  PID:5064
- C:\Windows\System\zttnIYa.exe
  C:\Windows\System\zttnIYa.exe
  2⤵
  PID:6064
- C:\Windows\System\mswPqaX.exe
  C:\Windows\System\mswPqaX.exe
  2⤵
  PID:2732
- C:\Windows\System\HdKtFpx.exe
  C:\Windows\System\HdKtFpx.exe
  2⤵
  PID:2140
- C:\Windows\System\kDkRozT.exe
  C:\Windows\System\kDkRozT.exe
  2⤵
  PID:1584
- C:\Windows\System\gYWNAPL.exe
  C:\Windows\System\gYWNAPL.exe
  2⤵
  PID:6068
- C:\Windows\System\rVKlLur.exe
  C:\Windows\System\rVKlLur.exe
  2⤵
  PID:5608
- C:\Windows\System\QYiSKDz.exe
  C:\Windows\System\QYiSKDz.exe
  2⤵
  PID:5136
- C:\Windows\System\EUbDdfp.exe
  C:\Windows\System\EUbDdfp.exe
  2⤵
  PID:1524
- C:\Windows\System\mtbpoDT.exe
  C:\Windows\System\mtbpoDT.exe
  2⤵
  PID:2712
- C:\Windows\System\vYjyqxW.exe
  C:\Windows\System\vYjyqxW.exe
  2⤵
  PID:6008
- C:\Windows\System\QOxrahG.exe
  C:\Windows\System\QOxrahG.exe
  2⤵
  PID:5808
- C:\Windows\System\hcPwYUk.exe
  C:\Windows\System\hcPwYUk.exe
  2⤵
  PID:5164
- C:\Windows\System\PuJipiX.exe
  C:\Windows\System\PuJipiX.exe
  2⤵
  PID:5604
- C:\Windows\System\jdHZIXR.exe
  C:\Windows\System\jdHZIXR.exe
  2⤵
  PID:4960
- C:\Windows\System\RbAQNZt.exe
  C:\Windows\System\RbAQNZt.exe
  2⤵
  PID:3000
- C:\Windows\System\dtQPYnL.exe
  C:\Windows\System\dtQPYnL.exe
  2⤵
  PID:5384
- C:\Windows\System\DjHtSGS.exe
  C:\Windows\System\DjHtSGS.exe
  2⤵
  PID:5460
- C:\Windows\System\gBbrReR.exe
  C:\Windows\System\gBbrReR.exe
  2⤵
  PID:2808
- C:\Windows\System\KddjLMm.exe
  C:\Windows\System\KddjLMm.exe
  2⤵
  PID:972
- C:\Windows\System\XGyiZkm.exe
  C:\Windows\System\XGyiZkm.exe
  2⤵
  PID:1916
- C:\Windows\System\fZfzCks.exe
  C:\Windows\System\fZfzCks.exe
  2⤵
  PID:2152
- C:\Windows\System\PchWdmR.exe
  C:\Windows\System\PchWdmR.exe
  2⤵
  PID:5676
- C:\Windows\System\iWGkuWs.exe
  C:\Windows\System\iWGkuWs.exe
  2⤵
  PID:2108
- C:\Windows\System\bkMIVUv.exe
  C:\Windows\System\bkMIVUv.exe
  2⤵
  PID:5408
- C:\Windows\System\OothqXJ.exe
  C:\Windows\System\OothqXJ.exe
  2⤵
  PID:5508
- C:\Windows\System\FajbnSK.exe
  C:\Windows\System\FajbnSK.exe
  2⤵
  PID:2600
- C:\Windows\System\PmDudYZ.exe
  C:\Windows\System\PmDudYZ.exe
  2⤵
  PID:5940
- C:\Windows\System\yzHTkbe.exe
  C:\Windows\System\yzHTkbe.exe
  2⤵
  PID:5128
- C:\Windows\System\zAbtgAv.exe
  C:\Windows\System\zAbtgAv.exe
  2⤵
  PID:5692
- C:\Windows\System\pwRlfAg.exe
  C:\Windows\System\pwRlfAg.exe
  2⤵
  PID:6160
- C:\Windows\System\CQdckXe.exe
  C:\Windows\System\CQdckXe.exe
  2⤵
  PID:6188
- C:\Windows\System\KCIGscY.exe
  C:\Windows\System\KCIGscY.exe
  2⤵
  PID:6208
- C:\Windows\System\OXyfIQB.exe
  C:\Windows\System\OXyfIQB.exe
  2⤵
  PID:6224
- C:\Windows\System\zHFIcGv.exe
  C:\Windows\System\zHFIcGv.exe
  2⤵
  PID:6244
- C:\Windows\System\kAmOMgR.exe
  C:\Windows\System\kAmOMgR.exe
  2⤵
  PID:6276
- C:\Windows\System\XWCwkUz.exe
  C:\Windows\System\XWCwkUz.exe
  2⤵
  PID:6292
- C:\Windows\System\lFHnOFd.exe
  C:\Windows\System\lFHnOFd.exe
  2⤵
  PID:6308
- C:\Windows\System\JdMWxGK.exe
  C:\Windows\System\JdMWxGK.exe
  2⤵
  PID:6328
- C:\Windows\System\RQklbWX.exe
  C:\Windows\System\RQklbWX.exe
  2⤵
  PID:6344
- C:\Windows\System\mPPELIu.exe
  C:\Windows\System\mPPELIu.exe
  2⤵
  PID:6376
- C:\Windows\System\vjjhMSI.exe
  C:\Windows\System\vjjhMSI.exe
  2⤵
  PID:6392
- C:\Windows\System\jiXlXhJ.exe
  C:\Windows\System\jiXlXhJ.exe
  2⤵
  PID:6408
- C:\Windows\System\kInnGHb.exe
  C:\Windows\System\kInnGHb.exe
  2⤵
  PID:6424
- C:\Windows\System\qiCCWTr.exe
  C:\Windows\System\qiCCWTr.exe
  2⤵
  PID:6440
- C:\Windows\System\VAhgPJB.exe
  C:\Windows\System\VAhgPJB.exe
  2⤵
  PID:6456
- C:\Windows\System\EvIlrxu.exe
  C:\Windows\System\EvIlrxu.exe
  2⤵
  PID:6472
- C:\Windows\System\MdXnodS.exe
  C:\Windows\System\MdXnodS.exe
  2⤵
  PID:6488
- C:\Windows\System\YwGKTwg.exe
  C:\Windows\System\YwGKTwg.exe
  2⤵
  PID:6504
- C:\Windows\System\gbSTBYH.exe
  C:\Windows\System\gbSTBYH.exe
  2⤵
  PID:6520
- C:\Windows\System\PhJevmN.exe
  C:\Windows\System\PhJevmN.exe
  2⤵
  PID:6536
- C:\Windows\System\tFwaYgL.exe
  C:\Windows\System\tFwaYgL.exe
  2⤵
  PID:6552
- C:\Windows\System\arAslLe.exe
  C:\Windows\System\arAslLe.exe
  2⤵
  PID:6568
- C:\Windows\System\llMbeTM.exe
  C:\Windows\System\llMbeTM.exe
  2⤵
  PID:6584
- C:\Windows\System\ptMvELj.exe
  C:\Windows\System\ptMvELj.exe
  2⤵
  PID:6600
- C:\Windows\System\TTQbpbu.exe
  C:\Windows\System\TTQbpbu.exe
  2⤵
  PID:6616
- C:\Windows\System\BPckBJw.exe
  C:\Windows\System\BPckBJw.exe
  2⤵
  PID:6632
- C:\Windows\System\BxyRtaD.exe
  C:\Windows\System\BxyRtaD.exe
  2⤵
  PID:6648
- C:\Windows\System\KMDUPzJ.exe
  C:\Windows\System\KMDUPzJ.exe
  2⤵
  PID:6664
- C:\Windows\System\oeywCxa.exe
  C:\Windows\System\oeywCxa.exe
  2⤵
  PID:6680
- C:\Windows\System\twClJFE.exe
  C:\Windows\System\twClJFE.exe
  2⤵
  PID:6696
- C:\Windows\System\MWAZPyx.exe
  C:\Windows\System\MWAZPyx.exe
  2⤵
  PID:6712
- C:\Windows\System\LxInIya.exe
  C:\Windows\System\LxInIya.exe
  2⤵
  PID:6728
- C:\Windows\System\SWTGiTG.exe
  C:\Windows\System\SWTGiTG.exe
  2⤵
  PID:6744
- C:\Windows\System\ibCHFUx.exe
  C:\Windows\System\ibCHFUx.exe
  2⤵
  PID:6760
- C:\Windows\System\wwJhlnC.exe
  C:\Windows\System\wwJhlnC.exe
  2⤵
  PID:6776
- C:\Windows\System\RNzjClK.exe
  C:\Windows\System\RNzjClK.exe
  2⤵
  PID:6792
- C:\Windows\System\ejEAlcN.exe
  C:\Windows\System\ejEAlcN.exe
  2⤵
  PID:6808
- C:\Windows\System\ayTXiad.exe
  C:\Windows\System\ayTXiad.exe
  2⤵
  PID:6824
- C:\Windows\System\jdasfkM.exe
  C:\Windows\System\jdasfkM.exe
  2⤵
  PID:6840
- C:\Windows\System\uwCmNWJ.exe
  C:\Windows\System\uwCmNWJ.exe
  2⤵
  PID:6856
- C:\Windows\System\QTCMQNs.exe
  C:\Windows\System\QTCMQNs.exe
  2⤵
  PID:6876
- C:\Windows\System\daloRDD.exe
  C:\Windows\System\daloRDD.exe
  2⤵
  PID:6892
- C:\Windows\System\aRkjBXO.exe
  C:\Windows\System\aRkjBXO.exe
  2⤵
  PID:6908
- C:\Windows\System\hdKJmPr.exe
  C:\Windows\System\hdKJmPr.exe
  2⤵
  PID:6924
- C:\Windows\System\SkkTKMG.exe
  C:\Windows\System\SkkTKMG.exe
  2⤵
  PID:6948
- C:\Windows\System\fralTgR.exe
  C:\Windows\System\fralTgR.exe
  2⤵
  PID:6964
- C:\Windows\System\HRNsJqT.exe
  C:\Windows\System\HRNsJqT.exe
  2⤵
  PID:6984
- C:\Windows\System\ObcymmA.exe
  C:\Windows\System\ObcymmA.exe
  2⤵
  PID:7000
- C:\Windows\System\ScdgNfO.exe
  C:\Windows\System\ScdgNfO.exe
  2⤵
  PID:7016
- C:\Windows\System\uZZClYK.exe
  C:\Windows\System\uZZClYK.exe
  2⤵
  PID:7032
- C:\Windows\System\mIiJUTf.exe
  C:\Windows\System\mIiJUTf.exe
  2⤵
  PID:7048
- C:\Windows\System\WUCgGLC.exe
  C:\Windows\System\WUCgGLC.exe
  2⤵
  PID:7064
- C:\Windows\System\bZWffdj.exe
  C:\Windows\System\bZWffdj.exe
  2⤵
  PID:7080
- C:\Windows\System\erVdKHz.exe
  C:\Windows\System\erVdKHz.exe
  2⤵
  PID:7096
- C:\Windows\System\fXUMwMT.exe
  C:\Windows\System\fXUMwMT.exe
  2⤵
  PID:7112
- C:\Windows\System\AuEILhY.exe
  C:\Windows\System\AuEILhY.exe
  2⤵
  PID:7128
- C:\Windows\System\tSGnbaj.exe
  C:\Windows\System\tSGnbaj.exe
  2⤵
  PID:7144
- C:\Windows\System\uJNqemb.exe
  C:\Windows\System\uJNqemb.exe
  2⤵
  PID:7160
- C:\Windows\System\ftrDiFo.exe
  C:\Windows\System\ftrDiFo.exe
  2⤵
  PID:5988
- C:\Windows\System\xmQpcxA.exe
  C:\Windows\System\xmQpcxA.exe
  2⤵
  PID:4688
- C:\Windows\System\UayNqCT.exe
  C:\Windows\System\UayNqCT.exe
  2⤵
  PID:6304
- C:\Windows\System\uKbrwrD.exe
  C:\Windows\System\uKbrwrD.exe
  2⤵
  PID:6240
- C:\Windows\System\TwMnvWl.exe
  C:\Windows\System\TwMnvWl.exe
  2⤵
  PID:6340
- C:\Windows\System\MvkFZlT.exe
  C:\Windows\System\MvkFZlT.exe
  2⤵
  PID:6384
- C:\Windows\System\Lzrukne.exe
  C:\Windows\System\Lzrukne.exe
  2⤵
  PID:6452
- C:\Windows\System\ihQDftJ.exe
  C:\Windows\System\ihQDftJ.exe
  2⤵
  PID:6480
- C:\Windows\System\NwMqolh.exe
  C:\Windows\System\NwMqolh.exe
  2⤵
  PID:6368
- C:\Windows\System\PZyYCDs.exe
  C:\Windows\System\PZyYCDs.exe
  2⤵
  PID:6400
- C:\Windows\System\pcDJyVB.exe
  C:\Windows\System\pcDJyVB.exe
  2⤵
  PID:6464
- C:\Windows\System\UMcjqjl.exe
  C:\Windows\System\UMcjqjl.exe
  2⤵
  PID:6528
- C:\Windows\System\PMaEFCu.exe
  C:\Windows\System\PMaEFCu.exe
  2⤵
  PID:6548
- C:\Windows\System\nbvTSlz.exe
  C:\Windows\System\nbvTSlz.exe
  2⤵
  PID:6608
- C:\Windows\System\qfSGvWO.exe
  C:\Windows\System\qfSGvWO.exe
  2⤵
  PID:6672
- C:\Windows\System\VjpNyDI.exe
  C:\Windows\System\VjpNyDI.exe
  2⤵
  PID:6704
- C:\Windows\System\GKnJibV.exe
  C:\Windows\System\GKnJibV.exe
  2⤵
  PID:6800
- C:\Windows\System\XtURPfz.exe
  C:\Windows\System\XtURPfz.exe
  2⤵
  PID:6628
- C:\Windows\System\GBPNTTt.exe
  C:\Windows\System\GBPNTTt.exe
  2⤵
  PID:6692
- C:\Windows\System\pmenjQW.exe
  C:\Windows\System\pmenjQW.exe
  2⤵
  PID:6756
- C:\Windows\System\SUjNimk.exe
  C:\Windows\System\SUjNimk.exe
  2⤵
  PID:6816
- C:\Windows\System\yxTcuZe.exe
  C:\Windows\System\yxTcuZe.exe
  2⤵
  PID:6872
- C:\Windows\System\vFfRomv.exe
  C:\Windows\System\vFfRomv.exe
  2⤵
  PID:6884
- C:\Windows\System\lrzPRGh.exe
  C:\Windows\System\lrzPRGh.exe
  2⤵
  PID:6916
- C:\Windows\System\iKvnuIf.exe
  C:\Windows\System\iKvnuIf.exe
  2⤵
  PID:6980
- C:\Windows\System\HARWCtg.exe
  C:\Windows\System\HARWCtg.exe
  2⤵
  PID:7072
- C:\Windows\System\EDwSkUg.exe
  C:\Windows\System\EDwSkUg.exe
  2⤵
  PID:7076
- C:\Windows\System\EzTNKOM.exe
  C:\Windows\System\EzTNKOM.exe
  2⤵
  PID:7104
- C:\Windows\System\cngJQLF.exe
  C:\Windows\System\cngJQLF.exe
  2⤵
  PID:7028
- C:\Windows\System\JclNuFq.exe
  C:\Windows\System\JclNuFq.exe
  2⤵
  PID:7092
- C:\Windows\System\ofNlgJr.exe
  C:\Windows\System\ofNlgJr.exe
  2⤵
  PID:7152
- C:\Windows\System\qCYilXX.exe
  C:\Windows\System\qCYilXX.exe
  2⤵
  PID:7124
- C:\Windows\System\dVIoyUk.exe
  C:\Windows\System\dVIoyUk.exe
  2⤵
  PID:6868
- C:\Windows\System\hEzMMyk.exe
  C:\Windows\System\hEzMMyk.exe
  2⤵
  PID:6216
- C:\Windows\System\cbdYVAK.exe
  C:\Windows\System\cbdYVAK.exe
  2⤵
  PID:6152
- C:\Windows\System\qrsQXKH.exe
  C:\Windows\System\qrsQXKH.exe
  2⤵
  PID:6200
- C:\Windows\System\ACOCQOH.exe
  C:\Windows\System\ACOCQOH.exe
  2⤵
  PID:6204
- C:\Windows\System\KcMqvfy.exe
  C:\Windows\System\KcMqvfy.exe
  2⤵
  PID:6388
- C:\Windows\System\ycMllky.exe
  C:\Windows\System\ycMllky.exe
  2⤵
  PID:6324
- C:\Windows\System\mCbvhSU.exe
  C:\Windows\System\mCbvhSU.exe
  2⤵
  PID:6432
- C:\Windows\System\laSkEHp.exe
  C:\Windows\System\laSkEHp.exe
  2⤵
  PID:6436
- C:\Windows\System\eYhSJsl.exe
  C:\Windows\System\eYhSJsl.exe
  2⤵
  PID:6544
- C:\Windows\System\lNkjHsA.exe
  C:\Windows\System\lNkjHsA.exe
  2⤵
  PID:6168
- C:\Windows\System\WjEnQZf.exe
  C:\Windows\System\WjEnQZf.exe
  2⤵
  PID:6500
- C:\Windows\System\VaZWupx.exe
  C:\Windows\System\VaZWupx.exe
  2⤵
  PID:6832
- C:\Windows\System\iQIrJMf.exe
  C:\Windows\System\iQIrJMf.exe
  2⤵
  PID:6736
- C:\Windows\System\anFkXgl.exe
  C:\Windows\System\anFkXgl.exe
  2⤵
  PID:6264
- C:\Windows\System\ORpmQVl.exe
  C:\Windows\System\ORpmQVl.exe
  2⤵
  PID:6996
- C:\Windows\System\dVZUgJJ.exe
  C:\Windows\System\dVZUgJJ.exe
  2⤵
  PID:7120
- C:\Windows\System\tbLCGJp.exe
  C:\Windows\System\tbLCGJp.exe
  2⤵
  PID:3068
- C:\Windows\System\gJFsEUJ.exe
  C:\Windows\System\gJFsEUJ.exe
  2⤵
  PID:2516
- C:\Windows\System\Ykgtfzb.exe
  C:\Windows\System\Ykgtfzb.exe
  2⤵
  PID:1220
- C:\Windows\System\lFhUCSB.exe
  C:\Windows\System\lFhUCSB.exe
  2⤵
  PID:6336
- C:\Windows\System\ctLLbOa.exe
  C:\Windows\System\ctLLbOa.exe
  2⤵
  PID:6596
- C:\Windows\System\MTJKqcH.exe
  C:\Windows\System\MTJKqcH.exe
  2⤵
  PID:6496
- C:\Windows\System\aILGJDF.exe
  C:\Windows\System\aILGJDF.exe
  2⤵
  PID:6676
- C:\Windows\System\KUFBUer.exe
  C:\Windows\System\KUFBUer.exe
  2⤵
  PID:6932
- C:\Windows\System\CVUbojY.exe
  C:\Windows\System\CVUbojY.exe
  2⤵
  PID:6836
- C:\Windows\System\UMwzuYX.exe
  C:\Windows\System\UMwzuYX.exe
  2⤵
  PID:6904
- C:\Windows\System\XKvsXwd.exe
  C:\Windows\System\XKvsXwd.exe
  2⤵
  PID:7088
- C:\Windows\System\lEsPewk.exe
  C:\Windows\System\lEsPewk.exe
  2⤵
  PID:6252
- C:\Windows\System\qLnWIey.exe
  C:\Windows\System\qLnWIey.exe
  2⤵
  PID:848
- C:\Windows\System\DYdQwjj.exe
  C:\Windows\System\DYdQwjj.exe
  2⤵
  PID:2412
- C:\Windows\System\xRXpFHd.exe
  C:\Windows\System\xRXpFHd.exe
  2⤵
  PID:6724
- C:\Windows\System\MqJhUIf.exe
  C:\Windows\System\MqJhUIf.exe
  2⤵
  PID:6656
- C:\Windows\System\LRcqhIr.exe
  C:\Windows\System\LRcqhIr.exe
  2⤵
  PID:1096
- C:\Windows\System\NXhjWig.exe
  C:\Windows\System\NXhjWig.exe
  2⤵
  PID:7060
- C:\Windows\System\wandLmd.exe
  C:\Windows\System\wandLmd.exe
  2⤵
  PID:6268
- C:\Windows\System\MyzQSfZ.exe
  C:\Windows\System\MyzQSfZ.exe
  2⤵
  PID:6940
- C:\Windows\System\sxkuYzw.exe
  C:\Windows\System\sxkuYzw.exe
  2⤵
  PID:6260
- C:\Windows\System\ClTyTzm.exe
  C:\Windows\System\ClTyTzm.exe
  2⤵
  PID:7180
- C:\Windows\System\RXSOQHO.exe
  C:\Windows\System\RXSOQHO.exe
  2⤵
  PID:7196
- C:\Windows\System\cckZCxX.exe
  C:\Windows\System\cckZCxX.exe
  2⤵
  PID:7212
- C:\Windows\System\tlOaIfO.exe
  C:\Windows\System\tlOaIfO.exe
  2⤵
  PID:7228
- C:\Windows\System\CXGBwVn.exe
  C:\Windows\System\CXGBwVn.exe
  2⤵
  PID:7244
- C:\Windows\System\vLNFomo.exe
  C:\Windows\System\vLNFomo.exe
  2⤵
  PID:7260
- C:\Windows\System\oAlfEfd.exe
  C:\Windows\System\oAlfEfd.exe
  2⤵
  PID:7276
- C:\Windows\System\woLtlCc.exe
  C:\Windows\System\woLtlCc.exe
  2⤵
  PID:7296
- C:\Windows\System\hkTeAyW.exe
  C:\Windows\System\hkTeAyW.exe
  2⤵
  PID:7312
- C:\Windows\System\MErjQQJ.exe
  C:\Windows\System\MErjQQJ.exe
  2⤵
  PID:7328
- C:\Windows\System\GSONiFK.exe
  C:\Windows\System\GSONiFK.exe
  2⤵
  PID:7344
- C:\Windows\System\KexXHxJ.exe
  C:\Windows\System\KexXHxJ.exe
  2⤵
  PID:7360
- C:\Windows\System\sqcomsm.exe
  C:\Windows\System\sqcomsm.exe
  2⤵
  PID:7376
- C:\Windows\System\jUyyJdj.exe
  C:\Windows\System\jUyyJdj.exe
  2⤵
  PID:7392
- C:\Windows\System\txQsRoo.exe
  C:\Windows\System\txQsRoo.exe
  2⤵
  PID:7408
- C:\Windows\System\pCSPYGW.exe
  C:\Windows\System\pCSPYGW.exe
  2⤵
  PID:7424
- C:\Windows\System\tOSZZPh.exe
  C:\Windows\System\tOSZZPh.exe
  2⤵
  PID:7440
- C:\Windows\System\ieBOaWx.exe
  C:\Windows\System\ieBOaWx.exe
  2⤵
  PID:7456
- C:\Windows\System\DIpDpSz.exe
  C:\Windows\System\DIpDpSz.exe
  2⤵
  PID:7472
- C:\Windows\System\EaBkKDt.exe
  C:\Windows\System\EaBkKDt.exe
  2⤵
  PID:7496
- C:\Windows\System\foQrFCP.exe
  C:\Windows\System\foQrFCP.exe
  2⤵
  PID:7512
- C:\Windows\System\AJFdInq.exe
  C:\Windows\System\AJFdInq.exe
  2⤵
  PID:7528
- C:\Windows\System\xqXuajm.exe
  C:\Windows\System\xqXuajm.exe
  2⤵
  PID:7556
- C:\Windows\System\gXjwtgn.exe
  C:\Windows\System\gXjwtgn.exe
  2⤵
  PID:7576
- C:\Windows\System\eGqpPfi.exe
  C:\Windows\System\eGqpPfi.exe
  2⤵
  PID:7596
- C:\Windows\System\zgNZvyE.exe
  C:\Windows\System\zgNZvyE.exe
  2⤵
  PID:7616
- C:\Windows\System\CaTlZYY.exe
  C:\Windows\System\CaTlZYY.exe
  2⤵
  PID:7636
- C:\Windows\System\HdTiVVn.exe
  C:\Windows\System\HdTiVVn.exe
  2⤵
  PID:7656
- C:\Windows\System\NjKOttB.exe
  C:\Windows\System\NjKOttB.exe
  2⤵
  PID:7672
- C:\Windows\System\xANOEjs.exe
  C:\Windows\System\xANOEjs.exe
  2⤵
  PID:7688
- C:\Windows\System\rxDGBpZ.exe
  C:\Windows\System\rxDGBpZ.exe
  2⤵
  PID:7712
- C:\Windows\System\uysmsyN.exe
  C:\Windows\System\uysmsyN.exe
  2⤵
  PID:7728
- C:\Windows\System\IsAyZfb.exe
  C:\Windows\System\IsAyZfb.exe
  2⤵
  PID:7744
- C:\Windows\System\VAUnzdq.exe
  C:\Windows\System\VAUnzdq.exe
  2⤵
  PID:7760
- C:\Windows\System\TklwGFj.exe
  C:\Windows\System\TklwGFj.exe
  2⤵
  PID:7776
- C:\Windows\System\NtHTtKS.exe
  C:\Windows\System\NtHTtKS.exe
  2⤵
  PID:7800
- C:\Windows\System\YuNDTmT.exe
  C:\Windows\System\YuNDTmT.exe
  2⤵
  PID:7816
- C:\Windows\System\sVlamET.exe
  C:\Windows\System\sVlamET.exe
  2⤵
  PID:7832
- C:\Windows\System\xyjqCtY.exe
  C:\Windows\System\xyjqCtY.exe
  2⤵
  PID:7848
- C:\Windows\System\NPWBHYz.exe
  C:\Windows\System\NPWBHYz.exe
  2⤵
  PID:7864
- C:\Windows\System\qKMDOmE.exe
  C:\Windows\System\qKMDOmE.exe
  2⤵
  PID:7884
- C:\Windows\System\fDmoYdF.exe
  C:\Windows\System\fDmoYdF.exe
  2⤵
  PID:7900
- C:\Windows\System\BIAPlsD.exe
  C:\Windows\System\BIAPlsD.exe
  2⤵
  PID:7916
- C:\Windows\System\LeoSeXk.exe
  C:\Windows\System\LeoSeXk.exe
  2⤵
  PID:7936
- C:\Windows\System\auSiwCU.exe
  C:\Windows\System\auSiwCU.exe
  2⤵
  PID:7952
- C:\Windows\System\yCZIWqq.exe
  C:\Windows\System\yCZIWqq.exe
  2⤵
  PID:7968
- C:\Windows\System\hTgijBz.exe
  C:\Windows\System\hTgijBz.exe
  2⤵
  PID:7992
- C:\Windows\System\DmXgBIn.exe
  C:\Windows\System\DmXgBIn.exe
  2⤵
  PID:8016
- C:\Windows\System\FbIYGEe.exe
  C:\Windows\System\FbIYGEe.exe
  2⤵
  PID:8044
- C:\Windows\System\bTqrjoG.exe
  C:\Windows\System\bTqrjoG.exe
  2⤵
  PID:8064
- C:\Windows\System\JUmKCbu.exe
  C:\Windows\System\JUmKCbu.exe
  2⤵
  PID:8080
- C:\Windows\System\VPFVeIf.exe
  C:\Windows\System\VPFVeIf.exe
  2⤵
  PID:8096
- C:\Windows\System\NLTxygq.exe
  C:\Windows\System\NLTxygq.exe
  2⤵
  PID:8112
- C:\Windows\System\aLlIsek.exe
  C:\Windows\System\aLlIsek.exe
  2⤵
  PID:8128
- C:\Windows\System\ZGfRNcO.exe
  C:\Windows\System\ZGfRNcO.exe
  2⤵
  PID:8144
- C:\Windows\System\LgkJGUU.exe
  C:\Windows\System\LgkJGUU.exe
  2⤵
  PID:8160
- C:\Windows\System\qPjoZSs.exe
  C:\Windows\System\qPjoZSs.exe
  2⤵
  PID:8176
- C:\Windows\System\kCmcWpK.exe
  C:\Windows\System\kCmcWpK.exe
  2⤵
  PID:2896
- C:\Windows\System\oGhslNY.exe
  C:\Windows\System\oGhslNY.exe
  2⤵
  PID:6288
- C:\Windows\System\cFkVaWw.exe
  C:\Windows\System\cFkVaWw.exe
  2⤵
  PID:7272
- C:\Windows\System\uSOjfgA.exe
  C:\Windows\System\uSOjfgA.exe
  2⤵
  PID:7340
- C:\Windows\System\UvxzXBo.exe
  C:\Windows\System\UvxzXBo.exe
  2⤵
  PID:7368
- C:\Windows\System\kNRfdcG.exe
  C:\Windows\System\kNRfdcG.exe
  2⤵
  PID:7252
- C:\Windows\System\crBACKB.exe
  C:\Windows\System\crBACKB.exe
  2⤵
  PID:7324
- C:\Windows\System\zrjZDPg.exe
  C:\Windows\System\zrjZDPg.exe
  2⤵
  PID:7432
- C:\Windows\System\VwwEILZ.exe
  C:\Windows\System\VwwEILZ.exe
  2⤵
  PID:7416
- C:\Windows\System\QwdFXOd.exe
  C:\Windows\System\QwdFXOd.exe
  2⤵
  PID:7452
- C:\Windows\System\dPRGZUR.exe
  C:\Windows\System\dPRGZUR.exe
  2⤵
  PID:7508
- C:\Windows\System\vSBtThV.exe
  C:\Windows\System\vSBtThV.exe
  2⤵
  PID:7484
- C:\Windows\System\hUhlWwk.exe
  C:\Windows\System\hUhlWwk.exe
  2⤵
  PID:7548
- C:\Windows\System\zDWYHYQ.exe
  C:\Windows\System\zDWYHYQ.exe
  2⤵
  PID:7588
- C:\Windows\System\OpQXKtY.exe
  C:\Windows\System\OpQXKtY.exe
  2⤵
  PID:7632
- C:\Windows\System\irPApGT.exe
  C:\Windows\System\irPApGT.exe
  2⤵
  PID:7696
- C:\Windows\System\HobSIrN.exe
  C:\Windows\System\HobSIrN.exe
  2⤵
  PID:7564
- C:\Windows\System\WBtKEit.exe
  C:\Windows\System\WBtKEit.exe
  2⤵
  PID:7608
- C:\Windows\System\vQSdjax.exe
  C:\Windows\System\vQSdjax.exe
  2⤵
  PID:7652
- C:\Windows\System\eXDIrLq.exe
  C:\Windows\System\eXDIrLq.exe
  2⤵
  PID:7772
- C:\Windows\System\musEeWI.exe
  C:\Windows\System\musEeWI.exe
  2⤵
  PID:7720
- C:\Windows\System\uwUWAhJ.exe
  C:\Windows\System\uwUWAhJ.exe
  2⤵
  PID:4932
- C:\Windows\System\UzOjnRw.exe
  C:\Windows\System\UzOjnRw.exe
  2⤵
  PID:7788
- C:\Windows\System\pydXdUV.exe
  C:\Windows\System\pydXdUV.exe
  2⤵
  PID:7812
- C:\Windows\System\HpVFMks.exe
  C:\Windows\System\HpVFMks.exe
  2⤵
  PID:7892
- C:\Windows\System\lyQVShy.exe
  C:\Windows\System\lyQVShy.exe
  2⤵
  PID:7872
- C:\Windows\System\skEuSRS.exe
  C:\Windows\System\skEuSRS.exe
  2⤵
  PID:7976
- C:\Windows\System\GtaMxtm.exe
  C:\Windows\System\GtaMxtm.exe
  2⤵
  PID:7924
- C:\Windows\System\qASPBNN.exe
  C:\Windows\System\qASPBNN.exe
  2⤵
  PID:8000
- C:\Windows\System\BPqhVuB.exe
  C:\Windows\System\BPqhVuB.exe
  2⤵
  PID:7880
- C:\Windows\System\wSaDrtw.exe
  C:\Windows\System\wSaDrtw.exe
  2⤵
  PID:2332
- C:\Windows\System\riKhutl.exe
  C:\Windows\System\riKhutl.exe
  2⤵
  PID:1532
- C:\Windows\System\wOLNbrJ.exe
  C:\Windows\System\wOLNbrJ.exe
  2⤵
  PID:8024
- C:\Windows\System\zeoWrGg.exe
  C:\Windows\System\zeoWrGg.exe
  2⤵
  PID:8076
- C:\Windows\System\eAuTSrE.exe
  C:\Windows\System\eAuTSrE.exe
  2⤵
  PID:8136
- C:\Windows\System\uqboEbj.exe
  C:\Windows\System\uqboEbj.exe
  2⤵
  PID:8052
- C:\Windows\System\eqxvmva.exe
  C:\Windows\System\eqxvmva.exe
  2⤵
  PID:8124
- C:\Windows\System\MhnkGQk.exe
  C:\Windows\System\MhnkGQk.exe
  2⤵
  PID:3048
- C:\Windows\System\SoOmnXI.exe
  C:\Windows\System\SoOmnXI.exe
  2⤵
  PID:8188
- C:\Windows\System\cucfdbN.exe
  C:\Windows\System\cucfdbN.exe
  2⤵
  PID:7240
- C:\Windows\System\RdrYjin.exe
  C:\Windows\System\RdrYjin.exe
  2⤵
  PID:7224
- C:\Windows\System\cuMMJhF.exe
  C:\Windows\System\cuMMJhF.exe
  2⤵
  PID:7400
- C:\Windows\System\OXDbNsg.exe
  C:\Windows\System\OXDbNsg.exe
  2⤵
  PID:7544
- C:\Windows\System\rDOYKWI.exe
  C:\Windows\System\rDOYKWI.exe
  2⤵
  PID:7520
- C:\Windows\System\xZtwNSE.exe
  C:\Windows\System\xZtwNSE.exe
  2⤵
  PID:7584
- C:\Windows\System\azclVSE.exe
  C:\Windows\System\azclVSE.exe
  2⤵
  PID:7704
- C:\Windows\System\NBefvxf.exe
  C:\Windows\System\NBefvxf.exe
  2⤵
  PID:7604
- C:\Windows\System\kpVtRXE.exe
  C:\Windows\System\kpVtRXE.exe
  2⤵
  PID:7648
- C:\Windows\System\hFBjzGV.exe
  C:\Windows\System\hFBjzGV.exe
  2⤵
  PID:4380
- C:\Windows\System\RLwCIxw.exe
  C:\Windows\System\RLwCIxw.exe
  2⤵
  PID:7828
- C:\Windows\System\boXomss.exe
  C:\Windows\System\boXomss.exe
  2⤵
  PID:7908
- C:\Windows\System\AKJEfqa.exe
  C:\Windows\System\AKJEfqa.exe
  2⤵
  PID:7988
- C:\Windows\System\fOZtGse.exe
  C:\Windows\System\fOZtGse.exe
  2⤵
  PID:7964
- C:\Windows\System\IvtfJEj.exe
  C:\Windows\System\IvtfJEj.exe
  2⤵
  PID:8032
- C:\Windows\System\yLwLuAL.exe
  C:\Windows\System\yLwLuAL.exe
  2⤵
  PID:8072
- C:\Windows\System\YZiYHhW.exe
  C:\Windows\System\YZiYHhW.exe
  2⤵
  PID:8156
- C:\Windows\System\UlWwGCz.exe
  C:\Windows\System\UlWwGCz.exe
  2⤵
  PID:2888
- C:\Windows\System\VYDLeFh.exe
  C:\Windows\System\VYDLeFh.exe
  2⤵
  PID:2800
- C:\Windows\System\NLRyMLD.exe
  C:\Windows\System\NLRyMLD.exe
  2⤵
  PID:7108
- C:\Windows\System\uuDqVWE.exe
  C:\Windows\System\uuDqVWE.exe
  2⤵
  PID:7464
- C:\Windows\System\rFeUSPs.exe
  C:\Windows\System\rFeUSPs.exe
  2⤵
  PID:7480
- C:\Windows\System\MBQifHp.exe
  C:\Windows\System\MBQifHp.exe
  2⤵
  PID:7504
- C:\Windows\System\tlKxbnM.exe
  C:\Windows\System\tlKxbnM.exe
  2⤵
  PID:7984
- C:\Windows\System\wAJzqyO.exe
  C:\Windows\System\wAJzqyO.exe
  2⤵
  PID:7680
- C:\Windows\System\LdjgFxK.exe
  C:\Windows\System\LdjgFxK.exe
  2⤵
  PID:6936
- C:\Windows\System\dBKTAHl.exe
  C:\Windows\System\dBKTAHl.exe
  2⤵
  PID:8040
- C:\Windows\System\aSirfMN.exe
  C:\Windows\System\aSirfMN.exe
  2⤵
  PID:8172
- C:\Windows\System\DikjbfY.exe
  C:\Windows\System\DikjbfY.exe
  2⤵
  PID:7624
- C:\Windows\System\mSremLh.exe
  C:\Windows\System\mSremLh.exe
  2⤵
  PID:1408
- C:\Windows\System\WubtQhM.exe
  C:\Windows\System\WubtQhM.exe
  2⤵
  PID:7552
- C:\Windows\System\QtwzCHJ.exe
  C:\Windows\System\QtwzCHJ.exe
  2⤵
  PID:7384
- C:\Windows\System\OwKHPyP.exe
  C:\Windows\System\OwKHPyP.exe
  2⤵
  PID:7768
- C:\Windows\System\xqDshpY.exe
  C:\Windows\System\xqDshpY.exe
  2⤵
  PID:7388
- C:\Windows\System\gvbKpsS.exe
  C:\Windows\System\gvbKpsS.exe
  2⤵
  PID:7336
- C:\Windows\System\DOvdLPh.exe
  C:\Windows\System\DOvdLPh.exe
  2⤵
  PID:7736
- C:\Windows\System\wFxHssr.exe
  C:\Windows\System\wFxHssr.exe
  2⤵
  PID:7356
- C:\Windows\System\pjFYlmN.exe
  C:\Windows\System\pjFYlmN.exe
  2⤵
  PID:8208
- C:\Windows\System\ETzFLUI.exe
  C:\Windows\System\ETzFLUI.exe
  2⤵
  PID:8224
- C:\Windows\System\bdTiRxz.exe
  C:\Windows\System\bdTiRxz.exe
  2⤵
  PID:8240
- C:\Windows\System\VoueSVS.exe
  C:\Windows\System\VoueSVS.exe
  2⤵
  PID:8256
- C:\Windows\System\DvshOvE.exe
  C:\Windows\System\DvshOvE.exe
  2⤵
  PID:8272
- C:\Windows\System\WsNXgsU.exe
  C:\Windows\System\WsNXgsU.exe
  2⤵
  PID:8288
- C:\Windows\System\WEBsPjJ.exe
  C:\Windows\System\WEBsPjJ.exe
  2⤵
  PID:8304
- C:\Windows\System\wDCtmfq.exe
  C:\Windows\System\wDCtmfq.exe
  2⤵
  PID:8320
- C:\Windows\System\ELKZEOf.exe
  C:\Windows\System\ELKZEOf.exe
  2⤵
  PID:8336
- C:\Windows\System\agPqkuM.exe
  C:\Windows\System\agPqkuM.exe
  2⤵
  PID:8352
- C:\Windows\System\LoQkhei.exe
  C:\Windows\System\LoQkhei.exe
  2⤵
  PID:8368
- C:\Windows\System\mWXBugR.exe
  C:\Windows\System\mWXBugR.exe
  2⤵
  PID:8480
- C:\Windows\System\MndoRvX.exe
  C:\Windows\System\MndoRvX.exe
  2⤵
  PID:8504
- C:\Windows\System\ebEmNib.exe
  C:\Windows\System\ebEmNib.exe
  2⤵
  PID:8520
- C:\Windows\System\FlxVKfp.exe
  C:\Windows\System\FlxVKfp.exe
  2⤵
  PID:8536
- C:\Windows\System\NqlLLCE.exe
  C:\Windows\System\NqlLLCE.exe
  2⤵
  PID:8552
- C:\Windows\System\iBjzLSu.exe
  C:\Windows\System\iBjzLSu.exe
  2⤵
  PID:8568
- C:\Windows\System\ixPfrRY.exe
  C:\Windows\System\ixPfrRY.exe
  2⤵
  PID:8584
- C:\Windows\System\LUHPuzk.exe
  C:\Windows\System\LUHPuzk.exe
  2⤵
  PID:8600
- C:\Windows\System\mQsGZma.exe
  C:\Windows\System\mQsGZma.exe
  2⤵
  PID:8616
- C:\Windows\System\dDyplOh.exe
  C:\Windows\System\dDyplOh.exe
  2⤵
  PID:8632
- C:\Windows\System\QlZrvtq.exe
  C:\Windows\System\QlZrvtq.exe
  2⤵
  PID:8652
- C:\Windows\System\YscOgxy.exe
  C:\Windows\System\YscOgxy.exe
  2⤵
  PID:8668
- C:\Windows\System\rNWmlbs.exe
  C:\Windows\System\rNWmlbs.exe
  2⤵
  PID:8684
- C:\Windows\System\RXYiwgx.exe
  C:\Windows\System\RXYiwgx.exe
  2⤵
  PID:8700
- C:\Windows\System\nniFnTR.exe
  C:\Windows\System\nniFnTR.exe
  2⤵
  PID:8716
- C:\Windows\System\SmRTcJF.exe
  C:\Windows\System\SmRTcJF.exe
  2⤵
  PID:8732
- C:\Windows\System\CZyaByV.exe
  C:\Windows\System\CZyaByV.exe
  2⤵
  PID:8748
- C:\Windows\System\aerepML.exe
  C:\Windows\System\aerepML.exe
  2⤵
  PID:8764
- C:\Windows\System\SHJRfCe.exe
  C:\Windows\System\SHJRfCe.exe
  2⤵
  PID:8780
- C:\Windows\System\xbzZhtr.exe
  C:\Windows\System\xbzZhtr.exe
  2⤵
  PID:8796
- C:\Windows\System\WYeherF.exe
  C:\Windows\System\WYeherF.exe
  2⤵
  PID:8812
- C:\Windows\System\kWAEfsu.exe
  C:\Windows\System\kWAEfsu.exe
  2⤵
  PID:8828
- C:\Windows\System\SuQjxKh.exe
  C:\Windows\System\SuQjxKh.exe
  2⤵
  PID:8844
- C:\Windows\System\ZULaBgB.exe
  C:\Windows\System\ZULaBgB.exe
  2⤵
  PID:8860
- C:\Windows\System\xmuuIQR.exe
  C:\Windows\System\xmuuIQR.exe
  2⤵
  PID:8876
- C:\Windows\System\iKUzodw.exe
  C:\Windows\System\iKUzodw.exe
  2⤵
  PID:8892
- C:\Windows\System\JSxiJUV.exe
  C:\Windows\System\JSxiJUV.exe
  2⤵
  PID:8908
- C:\Windows\System\huydmJh.exe
  C:\Windows\System\huydmJh.exe
  2⤵
  PID:8924
- C:\Windows\System\SLRPzTG.exe
  C:\Windows\System\SLRPzTG.exe
  2⤵
  PID:8940
- C:\Windows\System\lzEBCyX.exe
  C:\Windows\System\lzEBCyX.exe
  2⤵
  PID:8956
- C:\Windows\System\gMSPWyI.exe
  C:\Windows\System\gMSPWyI.exe
  2⤵
  PID:8972
- C:\Windows\System\RvyyQiS.exe
  C:\Windows\System\RvyyQiS.exe
  2⤵
  PID:8992
- C:\Windows\System\dVrqYte.exe
  C:\Windows\System\dVrqYte.exe
  2⤵
  PID:9012
- C:\Windows\System\xjjWAir.exe
  C:\Windows\System\xjjWAir.exe
  2⤵
  PID:9028
- C:\Windows\System\VfqtYhC.exe
  C:\Windows\System\VfqtYhC.exe
  2⤵
  PID:8404
- C:\Windows\System\EQBhWjM.exe
  C:\Windows\System\EQBhWjM.exe
  2⤵
  PID:8420
- C:\Windows\System\fFlRaaW.exe
  C:\Windows\System\fFlRaaW.exe
  2⤵
  PID:7372
- C:\Windows\System\iliuXwB.exe
  C:\Windows\System\iliuXwB.exe
  2⤵
  PID:8452
- C:\Windows\System\wOmFSSa.exe
  C:\Windows\System\wOmFSSa.exe
  2⤵
  PID:8468
- C:\Windows\System\rZVthhv.exe
  C:\Windows\System\rZVthhv.exe
  2⤵
  PID:8512
- C:\Windows\System\snxwzVh.exe
  C:\Windows\System\snxwzVh.exe
  2⤵
  PID:1048
- C:\Windows\System\XEEJDaS.exe
  C:\Windows\System\XEEJDaS.exe
  2⤵
  PID:8544
- C:\Windows\System\GZhrkAx.exe
  C:\Windows\System\GZhrkAx.exe
  2⤵
  PID:8612
- C:\Windows\System\XKQcUao.exe
  C:\Windows\System\XKQcUao.exe
  2⤵
  PID:8564
- C:\Windows\System\oNQoFze.exe
  C:\Windows\System\oNQoFze.exe
  2⤵
  PID:8624
- C:\Windows\System\WTIZexe.exe
  C:\Windows\System\WTIZexe.exe
  2⤵
  PID:8680
- C:\Windows\System\eckBHuj.exe
  C:\Windows\System\eckBHuj.exe
  2⤵
  PID:8744
- C:\Windows\System\EeDiNyo.exe
  C:\Windows\System\EeDiNyo.exe
  2⤵
  PID:8692
- C:\Windows\System\MOwTmxH.exe
  C:\Windows\System\MOwTmxH.exe
  2⤵
  PID:8756
- C:\Windows\System\uDoQcUV.exe
  C:\Windows\System\uDoQcUV.exe
  2⤵
  PID:8836
- C:\Windows\System\DqOvisj.exe
  C:\Windows\System\DqOvisj.exe
  2⤵
  PID:8792
- C:\Windows\System\nDsPhDD.exe
  C:\Windows\System\nDsPhDD.exe
  2⤵
  PID:8932
- C:\Windows\System\NDDEUkz.exe
  C:\Windows\System\NDDEUkz.exe
  2⤵
  PID:8852
- C:\Windows\System\efjWEco.exe
  C:\Windows\System\efjWEco.exe
  2⤵
  PID:8920
- C:\Windows\System\LczAyfS.exe
  C:\Windows\System\LczAyfS.exe
  2⤵
  PID:9000
- C:\Windows\System\NZKRyjt.exe
  C:\Windows\System\NZKRyjt.exe
  2⤵
  PID:9036
- C:\Windows\System\fCcpLAR.exe
  C:\Windows\System\fCcpLAR.exe
  2⤵
  PID:9020
- C:\Windows\System\qaSVJJn.exe
  C:\Windows\System\qaSVJJn.exe
  2⤵
  PID:9052
- C:\Windows\System\OmPtCDu.exe
  C:\Windows\System\OmPtCDu.exe
  2⤵
  PID:9068
- C:\Windows\System\wKffLoP.exe
  C:\Windows\System\wKffLoP.exe
  2⤵
  PID:9084
- C:\Windows\System\OLeSoNc.exe
  C:\Windows\System\OLeSoNc.exe
  2⤵
  PID:9100
- C:\Windows\System\ERPMWeb.exe
  C:\Windows\System\ERPMWeb.exe
  2⤵
  PID:9132
- C:\Windows\System\TyiBrWf.exe
  C:\Windows\System\TyiBrWf.exe
  2⤵
  PID:9144
- C:\Windows\System\qwHhBEz.exe
  C:\Windows\System\qwHhBEz.exe
  2⤵
  PID:9148
- C:\Windows\System\qRARHfy.exe
  C:\Windows\System\qRARHfy.exe
  2⤵
  PID:9168
- C:\Windows\System\dxXsoPw.exe
  C:\Windows\System\dxXsoPw.exe
  2⤵
  PID:9184
- C:\Windows\System\gwBJfJQ.exe
  C:\Windows\System\gwBJfJQ.exe
  2⤵
  PID:9200
- C:\Windows\System\NvSkWgV.exe
  C:\Windows\System\NvSkWgV.exe
  2⤵
  PID:9044
- C:\Windows\System\VGkxrhh.exe
  C:\Windows\System\VGkxrhh.exe
  2⤵
  PID:8200
- C:\Windows\System\AkqbMew.exe
  C:\Windows\System\AkqbMew.exe
  2⤵
  PID:8248
- C:\Windows\System\WlwoiIt.exe
  C:\Windows\System\WlwoiIt.exe
  2⤵
  PID:8296
- C:\Windows\System\PWZssbH.exe
  C:\Windows\System\PWZssbH.exe
  2⤵
  PID:8364
- C:\Windows\System\zouXsDU.exe
  C:\Windows\System\zouXsDU.exe
  2⤵
  PID:8384
- C:\Windows\System\bwWCSCU.exe
  C:\Windows\System\bwWCSCU.exe
  2⤵
  PID:8284
- C:\Windows\System\RJYxtOg.exe
  C:\Windows\System\RJYxtOg.exe
  2⤵
  PID:8268
- C:\Windows\System\wvtcFKx.exe
  C:\Windows\System\wvtcFKx.exe
  2⤵
  PID:8580
- C:\Windows\System\cMWVEgM.exe
  C:\Windows\System\cMWVEgM.exe
  2⤵
  PID:8560
- C:\Windows\System\OMHMSzN.exe
  C:\Windows\System\OMHMSzN.exe
  2⤵
  PID:8968
- C:\Windows\System\sSElVNr.exe
  C:\Windows\System\sSElVNr.exe
  2⤵
  PID:8916
- C:\Windows\System\yHFoMYW.exe
  C:\Windows\System\yHFoMYW.exe
  2⤵
  PID:9008
- C:\Windows\System\zqUXQEq.exe
  C:\Windows\System\zqUXQEq.exe
  2⤵
  PID:9064
- C:\Windows\System\WvkkGEi.exe
  C:\Windows\System\WvkkGEi.exe
  2⤵
  PID:9096
- C:\Windows\System\wUGHjRF.exe
  C:\Windows\System\wUGHjRF.exe
  2⤵
  PID:9108
- C:\Windows\System\uVurJzv.exe
  C:\Windows\System\uVurJzv.exe
  2⤵
  PID:9192
- C:\Windows\System\yACjByt.exe
  C:\Windows\System\yACjByt.exe
  2⤵
  PID:9176
- C:\Windows\System\sGqvmaF.exe
  C:\Windows\System\sGqvmaF.exe
  2⤵
  PID:6852
- C:\Windows\System\AmELgRL.exe
  C:\Windows\System\AmELgRL.exe
  2⤵
  PID:8252
- C:\Windows\System\JWdqFxL.exe
  C:\Windows\System\JWdqFxL.exe
  2⤵
  PID:8412
- C:\Windows\System\rpaNjZL.exe
  C:\Windows\System\rpaNjZL.exe
  2⤵
  PID:8344
- C:\Windows\System\LXEHXaV.exe
  C:\Windows\System\LXEHXaV.exe
  2⤵
  PID:4604
- C:\Windows\System\pITSMBc.exe
  C:\Windows\System\pITSMBc.exe
  2⤵
  PID:8328
- C:\Windows\System\mngRChE.exe
  C:\Windows\System\mngRChE.exe
  2⤵
  PID:8548
- C:\Windows\System\MKKShqu.exe
  C:\Windows\System\MKKShqu.exe
  2⤵
  PID:9040
- C:\Windows\System\uOGolwF.exe
  C:\Windows\System\uOGolwF.exe
  2⤵
  PID:8460
- C:\Windows\System\nzaRPxK.exe
  C:\Windows\System\nzaRPxK.exe
  2⤵
  PID:8444
- C:\Windows\System\IHOhhJY.exe
  C:\Windows\System\IHOhhJY.exe
  2⤵
  PID:8516
- C:\Windows\System\ISMLtww.exe
  C:\Windows\System\ISMLtww.exe
  2⤵
  PID:8664
- C:\Windows\System\ndpwIDy.exe
  C:\Windows\System\ndpwIDy.exe
  2⤵
  PID:8776
- C:\Windows\System\giGMVmD.exe
  C:\Windows\System\giGMVmD.exe
  2⤵
  PID:8868
- C:\Windows\System\JbPnseW.exe
  C:\Windows\System\JbPnseW.exe
  2⤵
  PID:8820
- C:\Windows\System\BbXEhbG.exe
  C:\Windows\System\BbXEhbG.exe
  2⤵
  PID:9120
- C:\Windows\System\kyhSVkH.exe
  C:\Windows\System\kyhSVkH.exe
  2⤵
  PID:9180
- C:\Windows\System\jBOboEr.exe
  C:\Windows\System\jBOboEr.exe
  2⤵
  PID:9080
- C:\Windows\System\dRBquQa.exe
  C:\Windows\System\dRBquQa.exe
  2⤵
  PID:8900
- C:\Windows\System\Cflcost.exe
  C:\Windows\System\Cflcost.exe
  2⤵
  PID:7944
- C:\Windows\System\KPXemVR.exe
  C:\Windows\System\KPXemVR.exe
  2⤵
  PID:8712
- C:\Windows\System\jAcfbVN.exe
  C:\Windows\System\jAcfbVN.exe
  2⤵
  PID:8440
- C:\Windows\System\qTFTuvX.exe
  C:\Windows\System\qTFTuvX.exe
  2⤵
  PID:8432
- C:\Windows\System\RIgSJxA.exe
  C:\Windows\System\RIgSJxA.exe
  2⤵
  PID:9060
- C:\Windows\System\teUmmnZ.exe
  C:\Windows\System\teUmmnZ.exe
  2⤵
  PID:8872
- C:\Windows\System\gBccfKs.exe
  C:\Windows\System\gBccfKs.exe
  2⤵
  PID:9196
- C:\Windows\System\MncCBbK.exe
  C:\Windows\System\MncCBbK.exe
  2⤵
  PID:9212
- C:\Windows\System\XKaiPXg.exe
  C:\Windows\System\XKaiPXg.exe
  2⤵
  PID:8332
- C:\Windows\System\Kkpgulm.exe
  C:\Windows\System\Kkpgulm.exe
  2⤵
  PID:8204
- C:\Windows\System\zRGRZGy.exe
  C:\Windows\System\zRGRZGy.exe
  2⤵
  PID:8280
- C:\Windows\System\SZgYgaK.exe
  C:\Windows\System\SZgYgaK.exe
  2⤵
  PID:8348
- C:\Windows\System\zBCmRiO.exe
  C:\Windows\System\zBCmRiO.exe
  2⤵
  PID:8724
- C:\Windows\System\ChliKJn.exe
  C:\Windows\System\ChliKJn.exe
  2⤵
  PID:7204
- C:\Windows\System\grqlOvF.exe
  C:\Windows\System\grqlOvF.exe
  2⤵
  PID:8528
- C:\Windows\System\vJrpCOn.exe
  C:\Windows\System\vJrpCOn.exe
  2⤵
  PID:9224
- C:\Windows\System\GpeggLW.exe
  C:\Windows\System\GpeggLW.exe
  2⤵
  PID:9248
- C:\Windows\System\qdplPwk.exe
  C:\Windows\System\qdplPwk.exe
  2⤵
  PID:9264
- C:\Windows\System\yAdEbkL.exe
  C:\Windows\System\yAdEbkL.exe
  2⤵
  PID:9280
- C:\Windows\System\DNVgcEC.exe
  C:\Windows\System\DNVgcEC.exe
  2⤵
  PID:9296
- C:\Windows\System\EHobsVF.exe
  C:\Windows\System\EHobsVF.exe
  2⤵
  PID:9312
- C:\Windows\System\VtiOUNM.exe
  C:\Windows\System\VtiOUNM.exe
  2⤵
  PID:9328
- C:\Windows\System\jOonLqk.exe
  C:\Windows\System\jOonLqk.exe
  2⤵
  PID:9344
- C:\Windows\System\pwfXWwP.exe
  C:\Windows\System\pwfXWwP.exe
  2⤵
  PID:9360
- C:\Windows\System\FtInsDZ.exe
  C:\Windows\System\FtInsDZ.exe
  2⤵
  PID:9376
- C:\Windows\System\yjWZNet.exe
  C:\Windows\System\yjWZNet.exe
  2⤵
  PID:9392
- C:\Windows\System\yFkUGRp.exe
  C:\Windows\System\yFkUGRp.exe
  2⤵
  PID:9408
- C:\Windows\System\rXXJeFu.exe
  C:\Windows\System\rXXJeFu.exe
  2⤵
  PID:9428
- C:\Windows\System\AuVdZNl.exe
  C:\Windows\System\AuVdZNl.exe
  2⤵
  PID:9444
- C:\Windows\System\FMxxqOf.exe
  C:\Windows\System\FMxxqOf.exe
  2⤵
  PID:9460
- C:\Windows\System\XLErhiL.exe
  C:\Windows\System\XLErhiL.exe
  2⤵
  PID:9476
- C:\Windows\System\jkfNMVp.exe
  C:\Windows\System\jkfNMVp.exe
  2⤵
  PID:9492
- C:\Windows\System\qBgmfrb.exe
  C:\Windows\System\qBgmfrb.exe
  2⤵
  PID:9508
- C:\Windows\System\RpXcQDz.exe
  C:\Windows\System\RpXcQDz.exe
  2⤵
  PID:9524
- C:\Windows\System\mzgcNVY.exe
  C:\Windows\System\mzgcNVY.exe
  2⤵
  PID:9540
- C:\Windows\System\WiClSnK.exe
  C:\Windows\System\WiClSnK.exe
  2⤵
  PID:9556
- C:\Windows\System\qrvZNrL.exe
  C:\Windows\System\qrvZNrL.exe
  2⤵
  PID:9624
- C:\Windows\System\avFwsvu.exe
  C:\Windows\System\avFwsvu.exe
  2⤵
  PID:9644
- C:\Windows\System\HvejybC.exe
  C:\Windows\System\HvejybC.exe
  2⤵
  PID:9672
- C:\Windows\System\STqGtFW.exe
  C:\Windows\System\STqGtFW.exe
  2⤵
  PID:9720
- C:\Windows\System\qpFzNub.exe
  C:\Windows\System\qpFzNub.exe
  2⤵
  PID:9736
- C:\Windows\System\mUaDIal.exe
  C:\Windows\System\mUaDIal.exe
  2⤵
  PID:9752
- C:\Windows\System\GVxthSQ.exe
  C:\Windows\System\GVxthSQ.exe
  2⤵
  PID:9768
- C:\Windows\System\WIsytPA.exe
  C:\Windows\System\WIsytPA.exe
  2⤵
  PID:9784
- C:\Windows\System\BAnyBLI.exe
  C:\Windows\System\BAnyBLI.exe
  2⤵
  PID:9804
- C:\Windows\System\TmURRrp.exe
  C:\Windows\System\TmURRrp.exe
  2⤵
  PID:9824
- C:\Windows\System\ZcyWQgO.exe
  C:\Windows\System\ZcyWQgO.exe
  2⤵
  PID:9844
- C:\Windows\System\BHMCUng.exe
  C:\Windows\System\BHMCUng.exe
  2⤵
  PID:9864
- C:\Windows\System\suBqXeC.exe
  C:\Windows\System\suBqXeC.exe
  2⤵
  PID:9880
- C:\Windows\System\doisswG.exe
  C:\Windows\System\doisswG.exe
  2⤵
  PID:9896
- C:\Windows\System\hGyHSXW.exe
  C:\Windows\System\hGyHSXW.exe
  2⤵
  PID:9912
- C:\Windows\System\INxDjNL.exe
  C:\Windows\System\INxDjNL.exe
  2⤵
  PID:9928
- C:\Windows\System\WmcSCeF.exe
  C:\Windows\System\WmcSCeF.exe
  2⤵
  PID:9956
- C:\Windows\System\pnQFiFF.exe
  C:\Windows\System\pnQFiFF.exe
  2⤵
  PID:9972
- C:\Windows\System\zbBSpqJ.exe
  C:\Windows\System\zbBSpqJ.exe
  2⤵
  PID:9988
- C:\Windows\System\UPaBEJu.exe
  C:\Windows\System\UPaBEJu.exe
  2⤵
  PID:10004
- C:\Windows\System\ZdHfiHD.exe
  C:\Windows\System\ZdHfiHD.exe
  2⤵
  PID:10020
- C:\Windows\System\waJHqeY.exe
  C:\Windows\System\waJHqeY.exe
  2⤵
  PID:10040
- C:\Windows\System\UpnwntO.exe
  C:\Windows\System\UpnwntO.exe
  2⤵
  PID:10056
- C:\Windows\System\IfxjuhC.exe
  C:\Windows\System\IfxjuhC.exe
  2⤵
  PID:10088
- C:\Windows\System\PoHUOCC.exe
  C:\Windows\System\PoHUOCC.exe
  2⤵
  PID:10104
- C:\Windows\System\LePtrAy.exe
  C:\Windows\System\LePtrAy.exe
  2⤵
  PID:10120
- C:\Windows\System\LdxEbai.exe
  C:\Windows\System\LdxEbai.exe
  2⤵
  PID:10152
- C:\Windows\System\zADkVIE.exe
  C:\Windows\System\zADkVIE.exe
  2⤵
  PID:10188
- C:\Windows\System\ihnWpOT.exe
  C:\Windows\System\ihnWpOT.exe
  2⤵
  PID:10204
- C:\Windows\System\CKLAsVa.exe
  C:\Windows\System\CKLAsVa.exe
  2⤵
  PID:10220
- C:\Windows\System\VDYkAVz.exe
  C:\Windows\System\VDYkAVz.exe
  2⤵
  PID:8236
- C:\Windows\System\fVstLsE.exe
  C:\Windows\System\fVstLsE.exe
  2⤵
  PID:9160
- C:\Windows\System\WCSEThl.exe
  C:\Windows\System\WCSEThl.exe
  2⤵
  PID:1112
- C:\Windows\System\dSMGeod.exe
  C:\Windows\System\dSMGeod.exe
  2⤵
  PID:556
- C:\Windows\System\IzXSqNR.exe
  C:\Windows\System\IzXSqNR.exe
  2⤵
  PID:9400
- C:\Windows\System\ksdmkVc.exe
  C:\Windows\System\ksdmkVc.exe
  2⤵
  PID:9860
- C:\Windows\System\VXOLPlP.exe
  C:\Windows\System\VXOLPlP.exe
  2⤵
  PID:9888
- C:\Windows\System\WEUWRzW.exe
  C:\Windows\System\WEUWRzW.exe
  2⤵
  PID:9944
- C:\Windows\System\fYzPWZU.exe
  C:\Windows\System\fYzPWZU.exe
  2⤵
  PID:10012
- C:\Windows\System\mlEPWYN.exe
  C:\Windows\System\mlEPWYN.exe
  2⤵
  PID:10000
- C:\Windows\System\FruBNRN.exe
  C:\Windows\System\FruBNRN.exe
  2⤵
  PID:10076
- C:\Windows\System\QRChhCA.exe
  C:\Windows\System\QRChhCA.exe
  2⤵
  PID:10136
- C:\Windows\System\DsUSGKM.exe
  C:\Windows\System\DsUSGKM.exe
  2⤵
  PID:10112
- C:\Windows\System\toEybLD.exe
  C:\Windows\System\toEybLD.exe
  2⤵
  PID:10180
- C:\Windows\System\kDKRihQ.exe
  C:\Windows\System\kDKRihQ.exe
  2⤵
  PID:1920
- C:\Windows\System\pYhOEZh.exe
  C:\Windows\System\pYhOEZh.exe
  2⤵
  PID:9636
- C:\Windows\System\myBftjz.exe
  C:\Windows\System\myBftjz.exe
  2⤵
  PID:9700
- C:\Windows\System\caBvYcq.exe
  C:\Windows\System\caBvYcq.exe
  2⤵
  PID:9716
- C:\Windows\System\eyTpFuS.exe
  C:\Windows\System\eyTpFuS.exe
  2⤵
  PID:9832
- C:\Windows\System\VjNiaQu.exe
  C:\Windows\System\VjNiaQu.exe
  2⤵
  PID:9812
- C:\Windows\System\lzsjuip.exe
  C:\Windows\System\lzsjuip.exe
  2⤵
  PID:2188
- C:\Windows\System\UwEBjVi.exe
  C:\Windows\System\UwEBjVi.exe
  2⤵
  PID:1272
- C:\Windows\System\RPXElKo.exe
  C:\Windows\System\RPXElKo.exe
  2⤵
  PID:1804
- C:\Windows\System\kECfcyM.exe
  C:\Windows\System\kECfcyM.exe
  2⤵
  PID:2348
- C:\Windows\System\ghnPkeY.exe
  C:\Windows\System\ghnPkeY.exe
  2⤵
  PID:2340
- C:\Windows\System\vQeZDVs.exe
  C:\Windows\System\vQeZDVs.exe
  2⤵
  PID:9996
- C:\Windows\System\AloBxDA.exe
  C:\Windows\System\AloBxDA.exe
  2⤵
  PID:10140
- C:\Windows\System\zquZEqu.exe
  C:\Windows\System\zquZEqu.exe
  2⤵
  PID:8808
- C:\Windows\System\vKapUcS.exe
  C:\Windows\System\vKapUcS.exe
  2⤵
  PID:9372
- C:\Windows\System\zJHDqxO.exe
  C:\Windows\System\zJHDqxO.exe
  2⤵
  PID:9356
- C:\Windows\System\fUowLMr.exe
  C:\Windows\System\fUowLMr.exe
  2⤵
  PID:9320
- C:\Windows\System\CWemFzc.exe
  C:\Windows\System\CWemFzc.exe
  2⤵
  PID:9416
- C:\Windows\System\XyRQHZs.exe
  C:\Windows\System\XyRQHZs.exe
  2⤵
  PID:9488
- C:\Windows\System\qspsIAD.exe
  C:\Windows\System\qspsIAD.exe
  2⤵
  PID:9472
- C:\Windows\System\XBVykAJ.exe
  C:\Windows\System\XBVykAJ.exe
  2⤵
  PID:9548
- C:\Windows\System\rclfCyc.exe
  C:\Windows\System\rclfCyc.exe
  2⤵
  PID:8500
- C:\Windows\System\UKeMkRa.exe
  C:\Windows\System\UKeMkRa.exe
  2⤵
  PID:9904
- C:\Windows\System\XklJBIN.exe
  C:\Windows\System\XklJBIN.exe
  2⤵
  PID:10068
- C:\Windows\System\GJlaxgO.exe
  C:\Windows\System\GJlaxgO.exe
  2⤵
  PID:10176
- C:\Windows\System\fUaHRpW.exe
  C:\Windows\System\fUaHRpW.exe
  2⤵
  PID:1304
- C:\Windows\System\AFRIFoi.exe
  C:\Windows\System\AFRIFoi.exe
  2⤵
  PID:10232
- C:\Windows\System\jJJxmAC.exe
  C:\Windows\System\jJJxmAC.exe
  2⤵
  PID:9852
- C:\Windows\System\BPRhwhS.exe
  C:\Windows\System\BPRhwhS.exe
  2⤵
  PID:9584
- C:\Windows\System\gtAxMPe.exe
  C:\Windows\System\gtAxMPe.exe
  2⤵
  PID:9604
- C:\Windows\System\LocsYrr.exe
  C:\Windows\System\LocsYrr.exe
  2⤵
  PID:9656
- C:\Windows\System\pkIDYPk.exe
  C:\Windows\System\pkIDYPk.exe
  2⤵
  PID:9680
- C:\Windows\System\zkPbKaS.exe
  C:\Windows\System\zkPbKaS.exe
  2⤵
  PID:9688
- C:\Windows\System\HgpxLQX.exe
  C:\Windows\System\HgpxLQX.exe
  2⤵
  PID:9748
- C:\Windows\System\mbiFmiw.exe
  C:\Windows\System\mbiFmiw.exe
  2⤵
  PID:10172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CIRHlDQ.exe

Filesize
6.1MB

MD5
20f5ba27637230c03dc1e1392d879842

SHA1
a275137b3d9e929764a3e11fba25b6d46ab6549a

SHA256
419dce8a96af135de1e4064c28be70e13dd5770e02ccbd88cc60e2ec30b6e304

SHA512
00235e73d9a04841236b8e869dc5a130a2ecbbe1f133a746a112c6d9f6267303e318fc6211acacc4312d480a81bc318d1c54ebb73cd5b5dc7c3947e7e282fdec

Download Submit
C:\Windows\system\EjukPOr.exe

Filesize
6.1MB

MD5
bb145eb715763ff28698f6cde3733406

SHA1
ba5782d7870c7db3ded0928b32958eaf63e1daf4

SHA256
cb9801c4479c45bed7b3ed04864ba7cf8228b82951129fb49f8e9c6713aa7062

SHA512
5046a8681c615f404eb7b42c5b97ca6c9bfc4fea158732eac740cfd384cae468f9104df6c723a0d135a971069c958237ed1883fee23f827a051483b28dae0df2

Download Submit
C:\Windows\system\ErKXmII.exe

Filesize
6.1MB

MD5
17d58b9ffe934a04eda46af73b97aa73

SHA1
ee0f7a9c190503143e1d379e0b3fc104b397ef46

SHA256
6b8e6d03803d6acf43c2dc3a35d55230d47e746b4905bb491a7dafec4713d8d1

SHA512
9ae582e376e6ae76715d93ee6eade91b91c2fd3a41d17ebb999eab8ecd95c9bce68ac82573669bf11b936c287dbf05198afa59d730b72f46a8f0b13f9666c053

Download Submit
C:\Windows\system\FYinUiD.exe

Filesize
6.1MB

MD5
105443c0faa6c2eda800488012a59026

SHA1
f434756d4ce26e5acd667067be8c877f081846b7

SHA256
32a31f9ec6311171e0767af86cfe2c220e3391b3a682df099c0b9a18652c5330

SHA512
27053ac6bb238ddf5b06d265fe4385cb28ea047529a9c27f6a02b6b95b5ae9f68278c3464d12965cf7c0386ce2ad39e7eab4f2e07f7e3a2779fe265c91c34892

Download Submit
C:\Windows\system\HHDWWDr.exe

Filesize
6.1MB

MD5
395d25ff3a37016f0d73068ee199419b

SHA1
9592f5118c62b6b692574d54968ace79f6f512a1

SHA256
2a38288f253b7b6796442d2baf2f87dc8782fd9ac8617546d9131ef1e7a280a0

SHA512
d378735b6758973bb78f1cfbccc7c0b068254fd255df9bfe0a2a0ac52ff3450a158b655d786bdd0939b65e5bc2155652f3a626750d083b149c8d397c9e0f7c6a

Download Submit
C:\Windows\system\LkCqJqk.exe

Filesize
6.1MB

MD5
e097fda4b09ccb07df788e8d241b2525

SHA1
5e7628f03e5d3b8ea278af49beb79a5e789d8d8b

SHA256
06afbd1a63f377c839eca67164b29ae3106858e2ce15e74174a5381aaccd3848

SHA512
b6e379f86a01a80a3e9309ec062ca390e0c6bc93fe8d743cec06267a7962567a4ddec6b8a4efb3fea568492614b32dd3d85538f9707601a9e6ff3f6945e86aa8

Download Submit
C:\Windows\system\MaDHKxG.exe

Filesize
6.1MB

MD5
087192ce7a8f551452f078b55aa48e66

SHA1
1ddde5cf92d409044d2c58dcffad78c16801fcc8

SHA256
0192b6b33aa625a5b5f07c8a9969b492728b826be2a9140d7e57e1b8bf28b00d

SHA512
7e6d0b7fb9baf45901548b813d410606fc595b156cf87eab411077ce0b687a18be4bc09a6862bfcd85353e49322ef03fb7330d215a31c83307c21896769f3cd6

Download Submit
C:\Windows\system\NSdfEyC.exe

Filesize
6.1MB

MD5
7f93730b34238cb43d9dc7687fdbd6c7

SHA1
cfa316f776b585b6dfdd2bacaefda9cd84979fa3

SHA256
5f9d88e64ffea0882efa75c7cdbd92b93862a10d528deae7667d2457c0bd96fd

SHA512
5b54cc382a65ec285cd2fbb2620d332374e6a580880d666620782ec6902ec8beaa69102e4066fa0d704ccb8d7b7b014cd1feca7211e6fa8982d0464a9b59468b

Download Submit
C:\Windows\system\NfIoJDj.exe

Filesize
6.1MB

MD5
ebae3ac7ac27468ff5d075604be3df52

SHA1
696e8220f4f9d014d2c6f84c5e2781753c270c75

SHA256
1ad7b59fcb20bd97bccf6c249a160ece71f7e03de3f786d7d81f3db153107b6f

SHA512
fc52be5ea7a58b8d7bdabdea1dfaa574232742f7d55195e812c24c25afd98e1178eeb6c9c8f03e96d8259d193ca6ba61a3c712d546e2c2be6ef5163907da722f

Download Submit
C:\Windows\system\NjeaZAM.exe

Filesize
6.1MB

MD5
d61ac0aa159a96b79367bfd4d6c923a1

SHA1
a17e0cf2b343ef97d72f8892480346c272ef9d64

SHA256
dfe54d24992c89a426541f9038798f863e7a8f924d2d14989fc3ac64b74ea574

SHA512
0b2ca85f60ec920de54b26f63a8c7106ee1bcc9b3b9721b75de7e8e0208c54ba1ae252e6debc9e845e6cf2391dbd8fd337368ab6e8d66820f3137eb4f1938df0

Download Submit
C:\Windows\system\PfZzghE.exe

Filesize
6.1MB

MD5
4d52fedfa4a69a0ca789e0fcb9f1aabf

SHA1
39cca17355f34b833fbc4070c3cbf98a46d745f8

SHA256
cb3e467903c83214ff397ee98aa3f7c57d431b96aa868484f0242ea0c0b57d70

SHA512
0948506da149642caec35a40777b9a77432e81204cdbe0aa7c20fe8a91831cbe4f07fff32a9a5f067c12539871615295dcf35bbc77c45c934c508618be62b3b6

Download Submit
C:\Windows\system\RtBoOQf.exe

Filesize
6.1MB

MD5
b8d0a4f6a26b43e0cf934bef4a496160

SHA1
dfe8286345b9ff6398a119a9cb2f6c6d96373a7e

SHA256
aeaf435ed5453214cdaf0d23f35263e4191d4fdadbcfcc946af1729d5320260a

SHA512
c12b86c1bbb1acfa9a44d3f5aa66ff111c305d7223197b0f87a4c3bbfb933fb6c374a4fd8f15b627c7d0e218ef30a9d056b6329d7e26b6027d9767bb73825439

Download Submit
C:\Windows\system\TmvjtDO.exe

Filesize
6.1MB

MD5
6eca0aa27e16446fbf1840c4e01b9990

SHA1
f45a2edf0adc7816c287c8540fb3e7e33e2141b6

SHA256
600b86ed0e205bc235800b363141b8a9cef817d949f1bd5f059b03f56a40823e

SHA512
81202a6aa4e69234850514c5fed58961168156406a3804d312b3ad7914084985874a19948771f030481fe75bdf0b670b135724df7d9b041a8e8ce97d11f4387e

Download Submit
C:\Windows\system\TxxZqvq.exe

Filesize
6.1MB

MD5
7ad74cf51adb3f8db1f906673389b9b6

SHA1
cb9e97dd4d198a4cc423a41ec553e5f8048d2f05

SHA256
745f34bc7c93385ba60d22f48fd6942226631b1b529839e020ff1188db078722

SHA512
107197befe5ca8260e44b5d57022591756041c745721dbbb66052669f19907a76c868e3de129a2d5647dd85ad52a520342265f19951d717fcbd98e08e553132b

Download Submit
C:\Windows\system\YVqFmru.exe

Filesize
6.1MB

MD5
54f83f2fb6d5b991a4a3a455c4901743

SHA1
5b0dbac9cf93f695e127972876e2a23177ceb253

SHA256
4cb797d5019f928051a1188a80871bc29bd5f451254f42f2fdcf011a3044d036

SHA512
6cb84ebf441ec7c1d6cfc970e4aaba5a943d36622ea308930ccf37fbd31126eb6d61c53858346c784d4cf11affa16e8b512a8468e09cf9ed34270f28ae39134f

Download Submit
C:\Windows\system\ZLndGSW.exe

Filesize
6.1MB

MD5
56dad2724dfdae89bd84d47baffc735d

SHA1
e33624cef3aa3bbcce4ec14e3ac24ded725a39a7

SHA256
51c51e6bbcea43fb9583115922c91c4f1df5a7a09a2a19b8cc650bacdf8c67a6

SHA512
6fff4cb4d25d6afdaab56b14977012105065a6fd5aeda2f071d96d27ab5ec1bf1f1e7129b2a4ad4d8df6f4a764ccf931fbfdf8c4e32e5e4088a273ee17e8eb00

Download Submit
C:\Windows\system\ZRnRmUn.exe

Filesize
6.1MB

MD5
e5bdeb744911eaccc4f0eea3b6744711

SHA1
f7cffa3bb0afbf09a8dcb84db0353cf4a53926c4

SHA256
e960b41af8b66bac6cd2a4bd88fd38eb5a9facd66594ece324e6f044b8789854

SHA512
04a7a2b748b651fb09694652c232f3ac5f2d6f80bd2d2cebae1ead614af690eb73c2569b245847e28127e3fe27e5ebb01eb8d68f19c8ad030abf6e0da521daf0

Download Submit
C:\Windows\system\aBDFddO.exe

Filesize
6.1MB

MD5
03f99a4ef0bca7f3f15a8dd7db41113c

SHA1
b55d21923e06727a44e18d24645c44d0a657deb9

SHA256
a5dccc2d35211e0b61855171dd9189728e336ca06596ce7adc2d2caeb7240e88

SHA512
b2684c05937a4e0e0fff761b49d109b82e10ffd7e4da7d271df2dc6f814faf77c59a4f93a15890351e92c511b5a56efe66cdffa7f11ce303ae363419aabe8081

Download Submit
C:\Windows\system\agYckag.exe

Filesize
6.1MB

MD5
d491551359890dc1161db2b8b870609b

SHA1
9d6d2513031cf0b8e1cdd726f51ede736fad8d7b

SHA256
bfbec25cfce284431c5e741db728252ae86165bb00c2c8727300b8933fa59d3b

SHA512
74b7a07b7db19c7a46a333a34cc8f622313cea45e9efe0c3461c25a5885e2bdf7be22a3d14fa933fe4a868464ad18798053025184e31b838e11bbc9b56140129

Download Submit
C:\Windows\system\alPEhVs.exe

Filesize
6.1MB

MD5
a11a5f3fb281fec340877e89476a57cf

SHA1
6f98670529f153ece43f0d6c6e601bb2d5ac719e

SHA256
ad86f69a9875641a54779d19e93d7bcc1dac493f496f72738c2a1357fd29440f

SHA512
c1e5cf34131f9d482cbd4b8200d4222710016c18809626d3b94c6ddbf48903215f68d509f71d310a9d6e019db333295782dea2a1004d1bf08fedfb3c73021810

Download Submit
C:\Windows\system\gAlYSpE.exe

Filesize
6.1MB

MD5
7df3d5ade191e541114902e8e680a071

SHA1
f540ee427d55ca0cc35dca2d7e608348a8b9fad4

SHA256
5434500001c0b72a198ef12eac858fed430ea155eb56171ee2b5fb9ee327d27a

SHA512
c4f62acc36ee848045ccac53d6bd4687fccbc66f0681fb9756b66541c1477ff266cc0d5ab30d95fba067f3e99fece5f2b7a3cb69bfb855996a2dd0b4f8cc4d7d

Download Submit
C:\Windows\system\ibaiiNT.exe

Filesize
6.1MB

MD5
2f080bac88e36c491c6031da438e37e0

SHA1
4ddfc356a3ab3964d9feb1c65b54f33d863cb828

SHA256
5d76dadbc6dcb260aaedbbc863654a30d2230c23ec4204eb274c4ade11acb393

SHA512
b7dd8741c933dbc8f2cab452bcaa64d61b786edfb9c7cf6ab245d71b638f1674a92b189da59cb38b37e3ea185f307d37221eed9bc375994e56fadb54110320df

Download Submit
C:\Windows\system\liVlLlk.exe

Filesize
6.1MB

MD5
8cf67730def543e48f6c591ecd703233

SHA1
56a92f687462ff9052b094787d49fa5ce391f309

SHA256
505f2d11528ae6ad5e6eea132cd3c7c589da043b09030d8d2915e9b93aac12bb

SHA512
ecbbbfc8708248588f3b1586d61b81f84564dc8a1a20b14226db5ab47a1b593be0fd2150144b71f0c55095823c0ec1a0dfdc67bde3afd11d2efcf250d37c4bb6

Download Submit
C:\Windows\system\uvpOJDK.exe

Filesize
6.1MB

MD5
a73b9b604648c9c74033db1e2875715d

SHA1
b94f3e616f0bc8ffc4fe6d3fbb1be4d78b2d8ec0

SHA256
b162365d7fef1705f86a5a59ee18e986dfd295590fab64e7daf339b9eb875f35

SHA512
2f3150763c342edd553e3d66a5cfaa3d9061986f35b9915f80a3b7a75ef671a9145303053492c08366518e09187b4542524119c38e7d1f19bdc8cbc502907519

Download Submit
C:\Windows\system\vqPXaMG.exe

Filesize
6.1MB

MD5
e3f438625574d28346715d2eab3e2030

SHA1
fb3b80046c3900c2bc0cc685d1aae21f9a2b8dcb

SHA256
0b67c1e5207df83bba710a751391efe05da45c43aaf7df2db9b73492da4214ce

SHA512
c07a0e3f92eaaa7e747ddf93c35dc062ca6c2268804615b4c9a2b777a4b1e7637e40a4e47d68a70774f2b7b25ef78694cbc65266d72bfd9677024b9c3d102aa9

Download Submit
C:\Windows\system\vroxwsx.exe

Filesize
6.1MB

MD5
6cf7e381b765f692d72bbf5b6ad8b298

SHA1
5ec70a6e14260a81068bbb9308c21a345f89e044

SHA256
5dd85001781502fe944b09c5145c406c2b1d968fdd125ce3173e951a686b677c

SHA512
94f3cdb800715bc4fedcdc74e136b628fb9834ba7c80928449b81594e78ff7f03c5c53a343fe5f2a6d62259a562da299d9da4b057baa04cbb2f9d2bfbbcd35f7

Download Submit
C:\Windows\system\worxTrg.exe

Filesize
6.1MB

MD5
deaeb74ed4c055b8c454b709326bb8f1

SHA1
9a9a05a6ec5e2e98407f7fb8d5aa8543cd931946

SHA256
6329a047c495f5d09c0d44aec1ab55083adc39529d5c8d9bd08345d3e0420761

SHA512
790c8f381390d65d62891a251ede03719f51eb1aab15707cfa16c44e6521d30a66ad3b599d08824188dbd76b6b3fdbd445c519df59afe5a67346580dd7823e11

Download Submit
C:\Windows\system\zQPtoNm.exe

Filesize
6.1MB

MD5
3ad17e42c0c0fa2c863fdcdec5c860d3

SHA1
104e8a48f5bec8c181993552b1d0512fb43a3da4

SHA256
8adc063312bc8742da03886cc65c6a769eeee07a1806e8f8dfcdf34e01e63c6e

SHA512
dbd693a0d369bfa74fbce54e498b1661cb37eea80327ebe2b7ce4393c1baffb07a3718664529d4ec31f042520e15cc0271383ecdc6c7074e535316907a801d1a

Download Submit
C:\Windows\system\zviFUjA.exe

Filesize
6.1MB

MD5
d8cf596d641c047a6b26ff12bfc3b0ad

SHA1
d10d278d0ffeb9dac903b0ac7e0be1ba34d266a4

SHA256
2de79f8270a3fe99ee65331e18082338366be9f2c59394e485e0e82022545a6b

SHA512
7d9022008a0b45e2a69a861b29664823be84e72a3ec4360f161d74e0e2f308faec136cec266fa94c640c733622fb44fa88307f769688715e1ff6661e8c1303f2

Download Submit
\Windows\system\MziTCaz.exe

Filesize
6.1MB

MD5
a7f8432bd76dd517104e86c8350ba5b3

SHA1
7b0774a6ed492c5e2055d9570042c45669e87320

SHA256
39ac1473a334e018466ef40c2b7d0815357e8ea401f23b115060089c2437b065

SHA512
dcc30603492087b02ea8bfda850c7b6e0c343becd56b40a6569be9e3a424aecac26bbc972ac64c3c9b3731ebed3f098208fa269f6330ea916e76d9ac8a880e40

Download Submit
\Windows\system\oLLOaOA.exe

Filesize
6.1MB

MD5
8969860f056723ff4e5b889d0829b387

SHA1
ead8c145ddb4c5954ed6871b5df20d19342e7f14

SHA256
2b2490b65ca7133dc914e291f5cdca5b3bb60f160a13ff9aa86fae6df99b35d7

SHA512
23006ffd96bab4244a08cf9965c1c75d2d89fb96eff024a4893bf5be155cf404dfc3f52a30f2ca830b3b389da198c3ae32b3446e425549ff05ac2c1c0b4133f0

Download Submit
\Windows\system\oQiQbun.exe

Filesize
6.1MB

MD5
d8ffbb2e2b7cfdde33699626e4739bbe

SHA1
3ab38c34c7d692b799a6fedd768ee3c02a752856

SHA256
699c31c8b1682d3edb251e7d58e715173892379e33f2f42727aa08f5dc8a06c7

SHA512
ebaf306b9524cc2ad9e870be51ab15dea828a27d55d6ec25c6f295564e3e40b54617bc013cbad89f29f62f841066af7c39b196a43eff3806d3cea77fe65cec77

Download Submit
memory/392-93-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/392-86-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/392-17-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/392-21-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/392-27-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/392-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/392-229-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/392-197-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/392-184-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/392-45-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/392-47-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/392-349-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/392-39-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/392-0-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/392-23-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/392-61-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/392-62-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/392-54-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/392-74-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/392-84-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/1660-2220-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1660-85-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-2221-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-78-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-1828-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2456-44-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2468-1800-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2468-20-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2508-95-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2508-2140-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2508-367-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2536-68-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-2138-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-18-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-1796-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-2461-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-49-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-2143-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2692-91-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2724-63-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2724-2139-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2736-83-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-1829-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-46-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-1794-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2856-22-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2880-55-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2880-2137-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2880-92-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2916-1827-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-73-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-29-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download