cobaltstrike | de0f4013cbcbf67137e83dafb8989858da00352a5e0f3295441e356d0b512625

Analysis

max time kernel
149s
max time network
126s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
21-01-2025 11:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

9a111ff7266aef3783b6e3e62f93a351
SHA1

e8dd6a342f106e617b42883ef16d4b340ed27f7f
SHA256

de0f4013cbcbf67137e83dafb8989858da00352a5e0f3295441e356d0b512625
SHA512

cdd651dbba70f17933312460133eac8355cff0c6296d6efa3d56b5e850a7bd73dcd2c212add9abbde40ea942c730461e390c3746a22a9e3d09d84decb984823d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUh:T+q56utgpPF8u/7h

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000016875-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c66-17.dat	cobalt_reflective_dll
behavioral1/files/0x000c00000001202c-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c80-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c88-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd7-33.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016332-54.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001749c-64.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-78.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-94.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-110.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-185.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a6-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-150.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-89.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-74.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d3a-61.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf5-47.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/692-0-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016875-8.dat	xmrig
behavioral1/memory/2328-18-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/1616-20-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2720-21-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c66-17.dat	xmrig
behavioral1/files/0x000c00000001202c-6.dat	xmrig
behavioral1/files/0x0007000000016c80-23.dat	xmrig
behavioral1/files/0x0007000000016c88-27.dat	xmrig
behavioral1/memory/1716-37-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cd7-33.dat	xmrig
behavioral1/memory/3064-42-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2300-32-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x0008000000016332-54.dat	xmrig
behavioral1/memory/2900-56-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/files/0x000800000001749c-64.dat	xmrig
behavioral1/files/0x0005000000018686-78.dat	xmrig
behavioral1/memory/2692-83-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ed-94.dat	xmrig
behavioral1/memory/836-98-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2656-91-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x00050000000186f4-110.dat	xmrig
behavioral1/files/0x0006000000018b4e-140.dat	xmrig
behavioral1/files/0x0005000000019360-185.dat	xmrig
behavioral1/memory/2968-353-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/1616-3250-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2900-3341-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2648-3350-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2068-3368-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2692-3375-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/836-3405-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2656-3398-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2968-3363-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2580-3329-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/3064-3311-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/1716-3310-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2300-3304-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2328-3262-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2720-3237-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/836-831-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2656-699-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2692-525-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2068-207-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a6-190.dat	xmrig
behavioral1/files/0x000500000001933f-180.dat	xmrig
behavioral1/files/0x0005000000019297-175.dat	xmrig
behavioral1/files/0x0005000000019284-170.dat	xmrig
behavioral1/files/0x0005000000019278-165.dat	xmrig
behavioral1/files/0x0005000000019269-160.dat	xmrig
behavioral1/files/0x0005000000019250-155.dat	xmrig
behavioral1/files/0x0005000000019246-150.dat	xmrig
behavioral1/files/0x0006000000018c16-145.dat	xmrig
behavioral1/files/0x00050000000187a8-135.dat	xmrig
behavioral1/files/0x000500000001878e-130.dat	xmrig
behavioral1/files/0x0005000000018744-125.dat	xmrig
behavioral1/files/0x0005000000018739-120.dat	xmrig
behavioral1/files/0x0005000000018704-115.dat	xmrig
behavioral1/files/0x00050000000186f1-105.dat	xmrig
behavioral1/memory/2648-97-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2900-90-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/files/0x00050000000186e7-89.dat	xmrig
behavioral1/memory/2580-82-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2968-75-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x000600000001755b-74.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2328	SXhpPoH.exe
1616	OyqxzUu.exe
2720	BhyewqY.exe
2300	zMyWTXG.exe
1716	zdmMRaH.exe
3064	XCABQyp.exe
2580	DdFIZDZ.exe
2900	xSwcWZs.exe
2648	dZKSNYu.exe
2068	vWbIYtb.exe
2968	yXDACwX.exe
2692	lxbwSVN.exe
2656	bDrGwYe.exe
836	XFHNUMi.exe
2296	gNsffHS.exe
1424	DaYPZfN.exe
2816	nPVEthI.exe
536	pTQwdBt.exe
3048	PLGdyIX.exe
3028	avqLicf.exe
1180	vgJuxDk.exe
1288	vhVejUU.exe
1796	aKWSLmF.exe
1136	IMgwvPI.exe
2280	axCKpsr.exe
1904	INNbjIA.exe
2052	alxtzEr.exe
2100	yoHsHHI.exe
1460	alFVsNx.exe
448	cUPhiIw.exe
1728	rtQxDWp.exe
2044	cVOCari.exe
1488	xYzCOuq.exe
1524	PIGWKme.exe
1712	yTWtxPi.exe
2008	EiDTmHS.exe
1732	TdEThCV.exe
744	LUSRnkS.exe
1760	FuLqOJb.exe
864	kGiTxtu.exe
284	rMoezKG.exe
1464	KydJTjb.exe
1968	PGQiNpw.exe
2212	dDLQJLe.exe
2556	dtEhAti.exe
2588	qHxYZXA.exe
1544	mGpYpHz.exe
2144	aoTjyYT.exe
1496	gASOGSV.exe
1468	XjxqVAA.exe
624	DXMRNio.exe
1696	mCvnsbV.exe
2340	UEcPNxc.exe
2724	aPOyIgi.exe
2464	CiJTWpw.exe
1244	pTSQAPQ.exe
2836	owenDhv.exe
2864	bBeVKLl.exe
2668	PzhFKGd.exe
2704	sPZkaLI.exe
3004	aZKxZzj.exe
1372	KpxLpRA.exe
2888	EeNbbkb.exe
3040	xPpIcmS.exe

Loads dropped DLL 64 IoCs

pid	Process
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/692-0-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/files/0x0008000000016875-8.dat	upx
behavioral1/memory/2328-18-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/1616-20-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2720-21-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x0008000000016c66-17.dat	upx
behavioral1/files/0x000c00000001202c-6.dat	upx
behavioral1/files/0x0007000000016c80-23.dat	upx
behavioral1/files/0x0007000000016c88-27.dat	upx
behavioral1/memory/1716-37-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x0007000000016cd7-33.dat	upx
behavioral1/memory/3064-42-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2300-32-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x0008000000016332-54.dat	upx
behavioral1/memory/2900-56-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/files/0x000800000001749c-64.dat	upx
behavioral1/files/0x0005000000018686-78.dat	upx
behavioral1/memory/2692-83-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x00050000000186ed-94.dat	upx
behavioral1/memory/836-98-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2656-91-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x00050000000186f4-110.dat	upx
behavioral1/files/0x0006000000018b4e-140.dat	upx
behavioral1/files/0x0005000000019360-185.dat	upx
behavioral1/memory/2968-353-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/1616-3250-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2900-3341-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2648-3350-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2068-3368-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2692-3375-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/836-3405-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2656-3398-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2968-3363-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2580-3329-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/3064-3311-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/1716-3310-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2300-3304-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2328-3262-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2720-3237-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/836-831-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2656-699-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2692-525-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2068-207-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x00050000000193a6-190.dat	upx
behavioral1/files/0x000500000001933f-180.dat	upx
behavioral1/files/0x0005000000019297-175.dat	upx
behavioral1/files/0x0005000000019284-170.dat	upx
behavioral1/files/0x0005000000019278-165.dat	upx
behavioral1/files/0x0005000000019269-160.dat	upx
behavioral1/files/0x0005000000019250-155.dat	upx
behavioral1/files/0x0005000000019246-150.dat	upx
behavioral1/files/0x0006000000018c16-145.dat	upx
behavioral1/files/0x00050000000187a8-135.dat	upx
behavioral1/files/0x000500000001878e-130.dat	upx
behavioral1/files/0x0005000000018744-125.dat	upx
behavioral1/files/0x0005000000018739-120.dat	upx
behavioral1/files/0x0005000000018704-115.dat	upx
behavioral1/files/0x00050000000186f1-105.dat	upx
behavioral1/memory/2648-97-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2900-90-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/files/0x00050000000186e7-89.dat	upx
behavioral1/memory/2580-82-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2968-75-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x000600000001755b-74.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kkbwWnY.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ptYqMdM.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HklwCDT.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aVCmJVl.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mydXzlo.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZnpoTaU.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HPFqBBH.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyfTamT.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qlNYcFt.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftQOXRP.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLsFYcd.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FccgRfH.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEteZDw.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hniFYHP.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZpWtUpn.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CPdscHl.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BZGgyus.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqfRntf.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FrsTygl.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AiDREqq.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UOrHdFy.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AAVyZpJ.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqxSnYx.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sOozLyv.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ddYIciT.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MDxZCtV.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iJRoiVR.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\svnbuon.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XlGvopw.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gDVtQIR.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oUoSBUJ.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KgTUZYM.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OMpHXhS.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TeVmXvP.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZJjwqGB.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mYzJYFC.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gTKAWYE.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jHmuGPS.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGtrkvm.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CKwhfGZ.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ejXhlOg.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dHkCuOd.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGbNChG.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CtIsHqJ.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQGneSs.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gDbABvy.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVaGGqj.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nNqgrwX.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUnrMaR.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KdsHRqe.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AQQmitV.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EzgXSXA.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\etVNXqO.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCpvqPY.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VodnSHN.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OYDzubY.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XvKBazR.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ANbZFhl.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GEDbrCp.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ydRuHSe.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MpDsLTI.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFDDtej.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IHcVGZF.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\voWpgSr.exe	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 692 wrote to memory of 2328	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 692 wrote to memory of 2328	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 692 wrote to memory of 2328	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 692 wrote to memory of 1616	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 692 wrote to memory of 1616	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 692 wrote to memory of 1616	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 692 wrote to memory of 2720	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 692 wrote to memory of 2720	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 692 wrote to memory of 2720	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 692 wrote to memory of 2300	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 692 wrote to memory of 2300	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 692 wrote to memory of 2300	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 692 wrote to memory of 1716	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 692 wrote to memory of 1716	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 692 wrote to memory of 1716	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 692 wrote to memory of 3064	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 692 wrote to memory of 3064	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 692 wrote to memory of 3064	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 692 wrote to memory of 2580	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 692 wrote to memory of 2580	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 692 wrote to memory of 2580	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 692 wrote to memory of 2900	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 692 wrote to memory of 2900	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 692 wrote to memory of 2900	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 692 wrote to memory of 2648	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 692 wrote to memory of 2648	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 692 wrote to memory of 2648	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 692 wrote to memory of 2068	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 692 wrote to memory of 2068	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 692 wrote to memory of 2068	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 692 wrote to memory of 2968	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 692 wrote to memory of 2968	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 692 wrote to memory of 2968	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 692 wrote to memory of 2692	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 692 wrote to memory of 2692	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 692 wrote to memory of 2692	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 692 wrote to memory of 2656	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 692 wrote to memory of 2656	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 692 wrote to memory of 2656	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 692 wrote to memory of 836	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 692 wrote to memory of 836	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 692 wrote to memory of 836	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 692 wrote to memory of 2296	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 692 wrote to memory of 2296	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 692 wrote to memory of 2296	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 692 wrote to memory of 1424	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 692 wrote to memory of 1424	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 692 wrote to memory of 1424	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 692 wrote to memory of 2816	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 692 wrote to memory of 2816	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 692 wrote to memory of 2816	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 692 wrote to memory of 536	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 692 wrote to memory of 536	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 692 wrote to memory of 536	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 692 wrote to memory of 3048	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 692 wrote to memory of 3048	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 692 wrote to memory of 3048	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 692 wrote to memory of 3028	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 692 wrote to memory of 3028	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 692 wrote to memory of 3028	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 692 wrote to memory of 1180	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 692 wrote to memory of 1180	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 692 wrote to memory of 1180	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 692 wrote to memory of 1288	692	2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_9a111ff7266aef3783b6e3e62f93a351_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:692
- C:\Windows\System\SXhpPoH.exe
  C:\Windows\System\SXhpPoH.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\OyqxzUu.exe
  C:\Windows\System\OyqxzUu.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\BhyewqY.exe
  C:\Windows\System\BhyewqY.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\zMyWTXG.exe
  C:\Windows\System\zMyWTXG.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\zdmMRaH.exe
  C:\Windows\System\zdmMRaH.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\XCABQyp.exe
  C:\Windows\System\XCABQyp.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\DdFIZDZ.exe
  C:\Windows\System\DdFIZDZ.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\xSwcWZs.exe
  C:\Windows\System\xSwcWZs.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\dZKSNYu.exe
  C:\Windows\System\dZKSNYu.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\vWbIYtb.exe
  C:\Windows\System\vWbIYtb.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\yXDACwX.exe
  C:\Windows\System\yXDACwX.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\lxbwSVN.exe
  C:\Windows\System\lxbwSVN.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\bDrGwYe.exe
  C:\Windows\System\bDrGwYe.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\XFHNUMi.exe
  C:\Windows\System\XFHNUMi.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\gNsffHS.exe
  C:\Windows\System\gNsffHS.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\DaYPZfN.exe
  C:\Windows\System\DaYPZfN.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\nPVEthI.exe
  C:\Windows\System\nPVEthI.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\pTQwdBt.exe
  C:\Windows\System\pTQwdBt.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\PLGdyIX.exe
  C:\Windows\System\PLGdyIX.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\avqLicf.exe
  C:\Windows\System\avqLicf.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\vgJuxDk.exe
  C:\Windows\System\vgJuxDk.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\vhVejUU.exe
  C:\Windows\System\vhVejUU.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\aKWSLmF.exe
  C:\Windows\System\aKWSLmF.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\IMgwvPI.exe
  C:\Windows\System\IMgwvPI.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\axCKpsr.exe
  C:\Windows\System\axCKpsr.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\INNbjIA.exe
  C:\Windows\System\INNbjIA.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\alxtzEr.exe
  C:\Windows\System\alxtzEr.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\yoHsHHI.exe
  C:\Windows\System\yoHsHHI.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\alFVsNx.exe
  C:\Windows\System\alFVsNx.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\cUPhiIw.exe
  C:\Windows\System\cUPhiIw.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\rtQxDWp.exe
  C:\Windows\System\rtQxDWp.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\cVOCari.exe
  C:\Windows\System\cVOCari.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\xYzCOuq.exe
  C:\Windows\System\xYzCOuq.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\PIGWKme.exe
  C:\Windows\System\PIGWKme.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\yTWtxPi.exe
  C:\Windows\System\yTWtxPi.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\EiDTmHS.exe
  C:\Windows\System\EiDTmHS.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\TdEThCV.exe
  C:\Windows\System\TdEThCV.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\LUSRnkS.exe
  C:\Windows\System\LUSRnkS.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\FuLqOJb.exe
  C:\Windows\System\FuLqOJb.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\kGiTxtu.exe
  C:\Windows\System\kGiTxtu.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\rMoezKG.exe
  C:\Windows\System\rMoezKG.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\KydJTjb.exe
  C:\Windows\System\KydJTjb.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\PGQiNpw.exe
  C:\Windows\System\PGQiNpw.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\dDLQJLe.exe
  C:\Windows\System\dDLQJLe.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\dtEhAti.exe
  C:\Windows\System\dtEhAti.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\qHxYZXA.exe
  C:\Windows\System\qHxYZXA.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\mGpYpHz.exe
  C:\Windows\System\mGpYpHz.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\aoTjyYT.exe
  C:\Windows\System\aoTjyYT.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\gASOGSV.exe
  C:\Windows\System\gASOGSV.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\XjxqVAA.exe
  C:\Windows\System\XjxqVAA.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\DXMRNio.exe
  C:\Windows\System\DXMRNio.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\mCvnsbV.exe
  C:\Windows\System\mCvnsbV.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\UEcPNxc.exe
  C:\Windows\System\UEcPNxc.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\aPOyIgi.exe
  C:\Windows\System\aPOyIgi.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\CiJTWpw.exe
  C:\Windows\System\CiJTWpw.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\pTSQAPQ.exe
  C:\Windows\System\pTSQAPQ.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\owenDhv.exe
  C:\Windows\System\owenDhv.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\bBeVKLl.exe
  C:\Windows\System\bBeVKLl.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\PzhFKGd.exe
  C:\Windows\System\PzhFKGd.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\sPZkaLI.exe
  C:\Windows\System\sPZkaLI.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\aZKxZzj.exe
  C:\Windows\System\aZKxZzj.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\KpxLpRA.exe
  C:\Windows\System\KpxLpRA.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\EeNbbkb.exe
  C:\Windows\System\EeNbbkb.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\xPpIcmS.exe
  C:\Windows\System\xPpIcmS.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\dpAuyyY.exe
  C:\Windows\System\dpAuyyY.exe
  2⤵
  PID:2988
- C:\Windows\System\EzVmcHw.exe
  C:\Windows\System\EzVmcHw.exe
  2⤵
  PID:2488
- C:\Windows\System\katnqJG.exe
  C:\Windows\System\katnqJG.exe
  2⤵
  PID:2484
- C:\Windows\System\otgjGZG.exe
  C:\Windows\System\otgjGZG.exe
  2⤵
  PID:1788
- C:\Windows\System\mZcIvLE.exe
  C:\Windows\System\mZcIvLE.exe
  2⤵
  PID:2568
- C:\Windows\System\iPUzzAS.exe
  C:\Windows\System\iPUzzAS.exe
  2⤵
  PID:1852
- C:\Windows\System\LjAlLgG.exe
  C:\Windows\System\LjAlLgG.exe
  2⤵
  PID:1484
- C:\Windows\System\tiMrRlA.exe
  C:\Windows\System\tiMrRlA.exe
  2⤵
  PID:1104
- C:\Windows\System\jlEwLjX.exe
  C:\Windows\System\jlEwLjX.exe
  2⤵
  PID:1604
- C:\Windows\System\LemWbvm.exe
  C:\Windows\System\LemWbvm.exe
  2⤵
  PID:976
- C:\Windows\System\TRSfyXx.exe
  C:\Windows\System\TRSfyXx.exe
  2⤵
  PID:832
- C:\Windows\System\ElnkPpV.exe
  C:\Windows\System\ElnkPpV.exe
  2⤵
  PID:1332
- C:\Windows\System\skziCYX.exe
  C:\Windows\System\skziCYX.exe
  2⤵
  PID:1040
- C:\Windows\System\orRKkBC.exe
  C:\Windows\System\orRKkBC.exe
  2⤵
  PID:1936
- C:\Windows\System\dHkCuOd.exe
  C:\Windows\System\dHkCuOd.exe
  2⤵
  PID:2148
- C:\Windows\System\vqBiIpk.exe
  C:\Windows\System\vqBiIpk.exe
  2⤵
  PID:1476
- C:\Windows\System\BLaByuq.exe
  C:\Windows\System\BLaByuq.exe
  2⤵
  PID:2168
- C:\Windows\System\QCXFunW.exe
  C:\Windows\System\QCXFunW.exe
  2⤵
  PID:2236
- C:\Windows\System\qojjSZd.exe
  C:\Windows\System\qojjSZd.exe
  2⤵
  PID:1592
- C:\Windows\System\PUbvkHF.exe
  C:\Windows\System\PUbvkHF.exe
  2⤵
  PID:1628
- C:\Windows\System\DSmkyGK.exe
  C:\Windows\System\DSmkyGK.exe
  2⤵
  PID:3068
- C:\Windows\System\NgeLvkh.exe
  C:\Windows\System\NgeLvkh.exe
  2⤵
  PID:2928
- C:\Windows\System\eDQcPTr.exe
  C:\Windows\System\eDQcPTr.exe
  2⤵
  PID:2808
- C:\Windows\System\mfwDjKz.exe
  C:\Windows\System\mfwDjKz.exe
  2⤵
  PID:2760
- C:\Windows\System\MkCppeO.exe
  C:\Windows\System\MkCppeO.exe
  2⤵
  PID:2756
- C:\Windows\System\PZVRbyn.exe
  C:\Windows\System\PZVRbyn.exe
  2⤵
  PID:2936
- C:\Windows\System\GTBpQMp.exe
  C:\Windows\System\GTBpQMp.exe
  2⤵
  PID:552
- C:\Windows\System\hIIcPWA.exe
  C:\Windows\System\hIIcPWA.exe
  2⤵
  PID:1404
- C:\Windows\System\MRVKnVc.exe
  C:\Windows\System\MRVKnVc.exe
  2⤵
  PID:2480
- C:\Windows\System\qxrWNpl.exe
  C:\Windows\System\qxrWNpl.exe
  2⤵
  PID:564
- C:\Windows\System\cAZkMkI.exe
  C:\Windows\System\cAZkMkI.exe
  2⤵
  PID:632
- C:\Windows\System\ySmwQDO.exe
  C:\Windows\System\ySmwQDO.exe
  2⤵
  PID:1860
- C:\Windows\System\gkXhSwS.exe
  C:\Windows\System\gkXhSwS.exe
  2⤵
  PID:2272
- C:\Windows\System\yDzRhKL.exe
  C:\Windows\System\yDzRhKL.exe
  2⤵
  PID:1656
- C:\Windows\System\fqnEuOz.exe
  C:\Windows\System\fqnEuOz.exe
  2⤵
  PID:764
- C:\Windows\System\hZxKqNN.exe
  C:\Windows\System\hZxKqNN.exe
  2⤵
  PID:1976
- C:\Windows\System\hXGejuj.exe
  C:\Windows\System\hXGejuj.exe
  2⤵
  PID:380
- C:\Windows\System\fDbXjGF.exe
  C:\Windows\System\fDbXjGF.exe
  2⤵
  PID:1632
- C:\Windows\System\wQVWAIQ.exe
  C:\Windows\System\wQVWAIQ.exe
  2⤵
  PID:2824
- C:\Windows\System\mtfsLxh.exe
  C:\Windows\System\mtfsLxh.exe
  2⤵
  PID:2848
- C:\Windows\System\nQJzkKg.exe
  C:\Windows\System\nQJzkKg.exe
  2⤵
  PID:2024
- C:\Windows\System\CgHGKWk.exe
  C:\Windows\System\CgHGKWk.exe
  2⤵
  PID:2636
- C:\Windows\System\cZylpmz.exe
  C:\Windows\System\cZylpmz.exe
  2⤵
  PID:292
- C:\Windows\System\bomqVsq.exe
  C:\Windows\System\bomqVsq.exe
  2⤵
  PID:3084
- C:\Windows\System\DJOHAFR.exe
  C:\Windows\System\DJOHAFR.exe
  2⤵
  PID:3100
- C:\Windows\System\iFaIVqk.exe
  C:\Windows\System\iFaIVqk.exe
  2⤵
  PID:3120
- C:\Windows\System\cKOwlRw.exe
  C:\Windows\System\cKOwlRw.exe
  2⤵
  PID:3140
- C:\Windows\System\CdQdSgL.exe
  C:\Windows\System\CdQdSgL.exe
  2⤵
  PID:3164
- C:\Windows\System\LKwsQeI.exe
  C:\Windows\System\LKwsQeI.exe
  2⤵
  PID:3188
- C:\Windows\System\gVOVNKs.exe
  C:\Windows\System\gVOVNKs.exe
  2⤵
  PID:3208
- C:\Windows\System\cYIepvy.exe
  C:\Windows\System\cYIepvy.exe
  2⤵
  PID:3228
- C:\Windows\System\hpxzTyq.exe
  C:\Windows\System\hpxzTyq.exe
  2⤵
  PID:3248
- C:\Windows\System\gbVSvjL.exe
  C:\Windows\System\gbVSvjL.exe
  2⤵
  PID:3264
- C:\Windows\System\pVpUFgF.exe
  C:\Windows\System\pVpUFgF.exe
  2⤵
  PID:3284
- C:\Windows\System\NflfWnS.exe
  C:\Windows\System\NflfWnS.exe
  2⤵
  PID:3304
- C:\Windows\System\dxcVamm.exe
  C:\Windows\System\dxcVamm.exe
  2⤵
  PID:3324
- C:\Windows\System\hkJsDke.exe
  C:\Windows\System\hkJsDke.exe
  2⤵
  PID:3344
- C:\Windows\System\yyygKix.exe
  C:\Windows\System\yyygKix.exe
  2⤵
  PID:3364
- C:\Windows\System\zydJrsT.exe
  C:\Windows\System\zydJrsT.exe
  2⤵
  PID:3380
- C:\Windows\System\aCOHNUl.exe
  C:\Windows\System\aCOHNUl.exe
  2⤵
  PID:3408
- C:\Windows\System\ahRPeqZ.exe
  C:\Windows\System\ahRPeqZ.exe
  2⤵
  PID:3428
- C:\Windows\System\OKArMDZ.exe
  C:\Windows\System\OKArMDZ.exe
  2⤵
  PID:3448
- C:\Windows\System\JQPHdJM.exe
  C:\Windows\System\JQPHdJM.exe
  2⤵
  PID:3468
- C:\Windows\System\OSZaaBr.exe
  C:\Windows\System\OSZaaBr.exe
  2⤵
  PID:3488
- C:\Windows\System\pUxKoDm.exe
  C:\Windows\System\pUxKoDm.exe
  2⤵
  PID:3508
- C:\Windows\System\tqgTGzE.exe
  C:\Windows\System\tqgTGzE.exe
  2⤵
  PID:3528
- C:\Windows\System\flYTdqt.exe
  C:\Windows\System\flYTdqt.exe
  2⤵
  PID:3548
- C:\Windows\System\lyHvrCT.exe
  C:\Windows\System\lyHvrCT.exe
  2⤵
  PID:3568
- C:\Windows\System\FFijxNr.exe
  C:\Windows\System\FFijxNr.exe
  2⤵
  PID:3588
- C:\Windows\System\examshr.exe
  C:\Windows\System\examshr.exe
  2⤵
  PID:3608
- C:\Windows\System\NFiAUgg.exe
  C:\Windows\System\NFiAUgg.exe
  2⤵
  PID:3624
- C:\Windows\System\ZEgxKNi.exe
  C:\Windows\System\ZEgxKNi.exe
  2⤵
  PID:3648
- C:\Windows\System\XRHUzUZ.exe
  C:\Windows\System\XRHUzUZ.exe
  2⤵
  PID:3668
- C:\Windows\System\XBRnLJE.exe
  C:\Windows\System\XBRnLJE.exe
  2⤵
  PID:3688
- C:\Windows\System\sSwhHzV.exe
  C:\Windows\System\sSwhHzV.exe
  2⤵
  PID:3708
- C:\Windows\System\kyABLAx.exe
  C:\Windows\System\kyABLAx.exe
  2⤵
  PID:3728
- C:\Windows\System\TUkjexJ.exe
  C:\Windows\System\TUkjexJ.exe
  2⤵
  PID:3744
- C:\Windows\System\mxMdzBa.exe
  C:\Windows\System\mxMdzBa.exe
  2⤵
  PID:3764
- C:\Windows\System\oVCPIQw.exe
  C:\Windows\System\oVCPIQw.exe
  2⤵
  PID:3796
- C:\Windows\System\TceJIns.exe
  C:\Windows\System\TceJIns.exe
  2⤵
  PID:3816
- C:\Windows\System\EEMIlGk.exe
  C:\Windows\System\EEMIlGk.exe
  2⤵
  PID:3836
- C:\Windows\System\vUCpEWx.exe
  C:\Windows\System\vUCpEWx.exe
  2⤵
  PID:3856
- C:\Windows\System\cXdJAyK.exe
  C:\Windows\System\cXdJAyK.exe
  2⤵
  PID:3876
- C:\Windows\System\COirtdb.exe
  C:\Windows\System\COirtdb.exe
  2⤵
  PID:3896
- C:\Windows\System\ybAPsKz.exe
  C:\Windows\System\ybAPsKz.exe
  2⤵
  PID:3912
- C:\Windows\System\IQWeeYW.exe
  C:\Windows\System\IQWeeYW.exe
  2⤵
  PID:3932
- C:\Windows\System\MFQfPaK.exe
  C:\Windows\System\MFQfPaK.exe
  2⤵
  PID:3956
- C:\Windows\System\scABQpw.exe
  C:\Windows\System\scABQpw.exe
  2⤵
  PID:3976
- C:\Windows\System\gjwJlfo.exe
  C:\Windows\System\gjwJlfo.exe
  2⤵
  PID:3996
- C:\Windows\System\lIZgkQk.exe
  C:\Windows\System\lIZgkQk.exe
  2⤵
  PID:4016
- C:\Windows\System\ynBEvsl.exe
  C:\Windows\System\ynBEvsl.exe
  2⤵
  PID:4036
- C:\Windows\System\ivsyNph.exe
  C:\Windows\System\ivsyNph.exe
  2⤵
  PID:4056
- C:\Windows\System\mQeyKAx.exe
  C:\Windows\System\mQeyKAx.exe
  2⤵
  PID:4076
- C:\Windows\System\UTpGTNi.exe
  C:\Windows\System\UTpGTNi.exe
  2⤵
  PID:2504
- C:\Windows\System\eZtkrMn.exe
  C:\Windows\System\eZtkrMn.exe
  2⤵
  PID:1344
- C:\Windows\System\qyWeDrh.exe
  C:\Windows\System\qyWeDrh.exe
  2⤵
  PID:2572
- C:\Windows\System\NZJNeUW.exe
  C:\Windows\System\NZJNeUW.exe
  2⤵
  PID:1688
- C:\Windows\System\UlIDuSb.exe
  C:\Windows\System\UlIDuSb.exe
  2⤵
  PID:2408
- C:\Windows\System\PpMuorO.exe
  C:\Windows\System\PpMuorO.exe
  2⤵
  PID:800
- C:\Windows\System\fxaONZv.exe
  C:\Windows\System\fxaONZv.exe
  2⤵
  PID:2576
- C:\Windows\System\LzVlSqL.exe
  C:\Windows\System\LzVlSqL.exe
  2⤵
  PID:1948
- C:\Windows\System\PbKMSeA.exe
  C:\Windows\System\PbKMSeA.exe
  2⤵
  PID:1076
- C:\Windows\System\juaroZJ.exe
  C:\Windows\System\juaroZJ.exe
  2⤵
  PID:3116
- C:\Windows\System\zTdoGmj.exe
  C:\Windows\System\zTdoGmj.exe
  2⤵
  PID:2876
- C:\Windows\System\tFfiQsm.exe
  C:\Windows\System\tFfiQsm.exe
  2⤵
  PID:3096
- C:\Windows\System\BUWQDjS.exe
  C:\Windows\System\BUWQDjS.exe
  2⤵
  PID:776
- C:\Windows\System\EHBjfRE.exe
  C:\Windows\System\EHBjfRE.exe
  2⤵
  PID:3236
- C:\Windows\System\WRGaMMW.exe
  C:\Windows\System\WRGaMMW.exe
  2⤵
  PID:3220
- C:\Windows\System\ckxRKOH.exe
  C:\Windows\System\ckxRKOH.exe
  2⤵
  PID:3260
- C:\Windows\System\vgouEPg.exe
  C:\Windows\System\vgouEPg.exe
  2⤵
  PID:3360
- C:\Windows\System\IrZGYaS.exe
  C:\Windows\System\IrZGYaS.exe
  2⤵
  PID:3300
- C:\Windows\System\iJRoiVR.exe
  C:\Windows\System\iJRoiVR.exe
  2⤵
  PID:3336
- C:\Windows\System\LVjcZxM.exe
  C:\Windows\System\LVjcZxM.exe
  2⤵
  PID:3376
- C:\Windows\System\RyjPWRO.exe
  C:\Windows\System\RyjPWRO.exe
  2⤵
  PID:3476
- C:\Windows\System\EPvmRpV.exe
  C:\Windows\System\EPvmRpV.exe
  2⤵
  PID:3420
- C:\Windows\System\YNNUejS.exe
  C:\Windows\System\YNNUejS.exe
  2⤵
  PID:3520
- C:\Windows\System\iufXGhV.exe
  C:\Windows\System\iufXGhV.exe
  2⤵
  PID:3564
- C:\Windows\System\QnmYGPs.exe
  C:\Windows\System\QnmYGPs.exe
  2⤵
  PID:3596
- C:\Windows\System\ddYBNsN.exe
  C:\Windows\System\ddYBNsN.exe
  2⤵
  PID:3632
- C:\Windows\System\UJCZRWC.exe
  C:\Windows\System\UJCZRWC.exe
  2⤵
  PID:3616
- C:\Windows\System\AfqEqyd.exe
  C:\Windows\System\AfqEqyd.exe
  2⤵
  PID:3656
- C:\Windows\System\UOmJUfn.exe
  C:\Windows\System\UOmJUfn.exe
  2⤵
  PID:3752
- C:\Windows\System\mDpkabU.exe
  C:\Windows\System\mDpkabU.exe
  2⤵
  PID:3772
- C:\Windows\System\pbBsjsO.exe
  C:\Windows\System\pbBsjsO.exe
  2⤵
  PID:3696
- C:\Windows\System\QfYlwnJ.exe
  C:\Windows\System\QfYlwnJ.exe
  2⤵
  PID:3780
- C:\Windows\System\EcVRNwS.exe
  C:\Windows\System\EcVRNwS.exe
  2⤵
  PID:3828
- C:\Windows\System\kTvIypl.exe
  C:\Windows\System\kTvIypl.exe
  2⤵
  PID:3920
- C:\Windows\System\mvRvmzD.exe
  C:\Windows\System\mvRvmzD.exe
  2⤵
  PID:3924
- C:\Windows\System\iLoDlnI.exe
  C:\Windows\System\iLoDlnI.exe
  2⤵
  PID:3904
- C:\Windows\System\lvPHpjn.exe
  C:\Windows\System\lvPHpjn.exe
  2⤵
  PID:3952
- C:\Windows\System\pKAneGH.exe
  C:\Windows\System\pKAneGH.exe
  2⤵
  PID:4044
- C:\Windows\System\EoBswqL.exe
  C:\Windows\System\EoBswqL.exe
  2⤵
  PID:4028
- C:\Windows\System\OHROtYc.exe
  C:\Windows\System\OHROtYc.exe
  2⤵
  PID:4084
- C:\Windows\System\LjLfhMF.exe
  C:\Windows\System\LjLfhMF.exe
  2⤵
  PID:2524
- C:\Windows\System\DUNAMKR.exe
  C:\Windows\System\DUNAMKR.exe
  2⤵
  PID:880
- C:\Windows\System\sOozLyv.exe
  C:\Windows\System\sOozLyv.exe
  2⤵
  PID:328
- C:\Windows\System\TeVmXvP.exe
  C:\Windows\System\TeVmXvP.exe
  2⤵
  PID:668
- C:\Windows\System\JCAwrfv.exe
  C:\Windows\System\JCAwrfv.exe
  2⤵
  PID:2540
- C:\Windows\System\wpHYhYs.exe
  C:\Windows\System\wpHYhYs.exe
  2⤵
  PID:3076
- C:\Windows\System\ZHUYNNh.exe
  C:\Windows\System\ZHUYNNh.exe
  2⤵
  PID:3128
- C:\Windows\System\KXBriiC.exe
  C:\Windows\System\KXBriiC.exe
  2⤵
  PID:3216
- C:\Windows\System\mRaZurK.exe
  C:\Windows\System\mRaZurK.exe
  2⤵
  PID:3200
- C:\Windows\System\goWuwgc.exe
  C:\Windows\System\goWuwgc.exe
  2⤵
  PID:3292
- C:\Windows\System\GZXvlWr.exe
  C:\Windows\System\GZXvlWr.exe
  2⤵
  PID:3400
- C:\Windows\System\BJFNQAC.exe
  C:\Windows\System\BJFNQAC.exe
  2⤵
  PID:3372
- C:\Windows\System\FwBFMNe.exe
  C:\Windows\System\FwBFMNe.exe
  2⤵
  PID:3524
- C:\Windows\System\GKqTnoM.exe
  C:\Windows\System\GKqTnoM.exe
  2⤵
  PID:3536
- C:\Windows\System\uYfyade.exe
  C:\Windows\System\uYfyade.exe
  2⤵
  PID:3580
- C:\Windows\System\FTysYra.exe
  C:\Windows\System\FTysYra.exe
  2⤵
  PID:3576
- C:\Windows\System\RZEWhaY.exe
  C:\Windows\System\RZEWhaY.exe
  2⤵
  PID:3660
- C:\Windows\System\DLmfqAc.exe
  C:\Windows\System\DLmfqAc.exe
  2⤵
  PID:3756
- C:\Windows\System\gcjTRtb.exe
  C:\Windows\System\gcjTRtb.exe
  2⤵
  PID:3844
- C:\Windows\System\tYEPXKf.exe
  C:\Windows\System\tYEPXKf.exe
  2⤵
  PID:3792
- C:\Windows\System\ihlByvz.exe
  C:\Windows\System\ihlByvz.exe
  2⤵
  PID:3892
- C:\Windows\System\IeYAGhb.exe
  C:\Windows\System\IeYAGhb.exe
  2⤵
  PID:3968
- C:\Windows\System\vQOlniK.exe
  C:\Windows\System\vQOlniK.exe
  2⤵
  PID:2288
- C:\Windows\System\GhnKzdc.exe
  C:\Windows\System\GhnKzdc.exe
  2⤵
  PID:4052
- C:\Windows\System\kiViITb.exe
  C:\Windows\System\kiViITb.exe
  2⤵
  PID:1148
- C:\Windows\System\JuemZfK.exe
  C:\Windows\System\JuemZfK.exe
  2⤵
  PID:2400
- C:\Windows\System\CBuPfMx.exe
  C:\Windows\System\CBuPfMx.exe
  2⤵
  PID:2804
- C:\Windows\System\WGtrkvm.exe
  C:\Windows\System\WGtrkvm.exe
  2⤵
  PID:3132
- C:\Windows\System\uqlNvaR.exe
  C:\Windows\System\uqlNvaR.exe
  2⤵
  PID:3204
- C:\Windows\System\bOCoPcD.exe
  C:\Windows\System\bOCoPcD.exe
  2⤵
  PID:3152
- C:\Windows\System\mNkcbYC.exe
  C:\Windows\System\mNkcbYC.exe
  2⤵
  PID:3276
- C:\Windows\System\crDYLPZ.exe
  C:\Windows\System\crDYLPZ.exe
  2⤵
  PID:3444
- C:\Windows\System\ZkTlVEs.exe
  C:\Windows\System\ZkTlVEs.exe
  2⤵
  PID:3540
- C:\Windows\System\NSQOsQD.exe
  C:\Windows\System\NSQOsQD.exe
  2⤵
  PID:3724
- C:\Windows\System\bIDwmfP.exe
  C:\Windows\System\bIDwmfP.exe
  2⤵
  PID:3808
- C:\Windows\System\oKkSTxA.exe
  C:\Windows\System\oKkSTxA.exe
  2⤵
  PID:3872
- C:\Windows\System\TrVUoMr.exe
  C:\Windows\System\TrVUoMr.exe
  2⤵
  PID:2284
- C:\Windows\System\fwYxVUo.exe
  C:\Windows\System\fwYxVUo.exe
  2⤵
  PID:3636
- C:\Windows\System\GuNsyvu.exe
  C:\Windows\System\GuNsyvu.exe
  2⤵
  PID:4008
- C:\Windows\System\sCgLNAa.exe
  C:\Windows\System\sCgLNAa.exe
  2⤵
  PID:2392
- C:\Windows\System\JQBxyvw.exe
  C:\Windows\System\JQBxyvw.exe
  2⤵
  PID:572
- C:\Windows\System\cgqZHuv.exe
  C:\Windows\System\cgqZHuv.exe
  2⤵
  PID:3352
- C:\Windows\System\cvaezSZ.exe
  C:\Windows\System\cvaezSZ.exe
  2⤵
  PID:3240
- C:\Windows\System\bMJqeCJ.exe
  C:\Windows\System\bMJqeCJ.exe
  2⤵
  PID:3556
- C:\Windows\System\YhYRXxm.exe
  C:\Windows\System\YhYRXxm.exe
  2⤵
  PID:4108
- C:\Windows\System\jgPOSnj.exe
  C:\Windows\System\jgPOSnj.exe
  2⤵
  PID:4128
- C:\Windows\System\kqvEcib.exe
  C:\Windows\System\kqvEcib.exe
  2⤵
  PID:4156
- C:\Windows\System\wTYFiIl.exe
  C:\Windows\System\wTYFiIl.exe
  2⤵
  PID:4172
- C:\Windows\System\NKotCEc.exe
  C:\Windows\System\NKotCEc.exe
  2⤵
  PID:4196
- C:\Windows\System\HLRNkzc.exe
  C:\Windows\System\HLRNkzc.exe
  2⤵
  PID:4216
- C:\Windows\System\OAsFljE.exe
  C:\Windows\System\OAsFljE.exe
  2⤵
  PID:4236
- C:\Windows\System\PYZxkXY.exe
  C:\Windows\System\PYZxkXY.exe
  2⤵
  PID:4256
- C:\Windows\System\NImTTEj.exe
  C:\Windows\System\NImTTEj.exe
  2⤵
  PID:4276
- C:\Windows\System\QjsDOmX.exe
  C:\Windows\System\QjsDOmX.exe
  2⤵
  PID:4296
- C:\Windows\System\VrOaQKb.exe
  C:\Windows\System\VrOaQKb.exe
  2⤵
  PID:4316
- C:\Windows\System\OHPHTDn.exe
  C:\Windows\System\OHPHTDn.exe
  2⤵
  PID:4332
- C:\Windows\System\CbIdKrf.exe
  C:\Windows\System\CbIdKrf.exe
  2⤵
  PID:4356
- C:\Windows\System\AuSzubb.exe
  C:\Windows\System\AuSzubb.exe
  2⤵
  PID:4372
- C:\Windows\System\ZnpoTaU.exe
  C:\Windows\System\ZnpoTaU.exe
  2⤵
  PID:4396
- C:\Windows\System\FfOyFtT.exe
  C:\Windows\System\FfOyFtT.exe
  2⤵
  PID:4416
- C:\Windows\System\wLmyJsE.exe
  C:\Windows\System\wLmyJsE.exe
  2⤵
  PID:4436
- C:\Windows\System\tvHrQEM.exe
  C:\Windows\System\tvHrQEM.exe
  2⤵
  PID:4456
- C:\Windows\System\XzQywgU.exe
  C:\Windows\System\XzQywgU.exe
  2⤵
  PID:4480
- C:\Windows\System\znwMrvj.exe
  C:\Windows\System\znwMrvj.exe
  2⤵
  PID:4500
- C:\Windows\System\RilWByq.exe
  C:\Windows\System\RilWByq.exe
  2⤵
  PID:4520
- C:\Windows\System\fsDqXff.exe
  C:\Windows\System\fsDqXff.exe
  2⤵
  PID:4540
- C:\Windows\System\iZLBuYO.exe
  C:\Windows\System\iZLBuYO.exe
  2⤵
  PID:4560
- C:\Windows\System\BQhZOhR.exe
  C:\Windows\System\BQhZOhR.exe
  2⤵
  PID:4580
- C:\Windows\System\fbLAOzh.exe
  C:\Windows\System\fbLAOzh.exe
  2⤵
  PID:4600
- C:\Windows\System\DLqFoJl.exe
  C:\Windows\System\DLqFoJl.exe
  2⤵
  PID:4616
- C:\Windows\System\cpJdvpR.exe
  C:\Windows\System\cpJdvpR.exe
  2⤵
  PID:4636
- C:\Windows\System\XUaWkEN.exe
  C:\Windows\System\XUaWkEN.exe
  2⤵
  PID:4656
- C:\Windows\System\WtqXzlG.exe
  C:\Windows\System\WtqXzlG.exe
  2⤵
  PID:4680
- C:\Windows\System\xTYuUnb.exe
  C:\Windows\System\xTYuUnb.exe
  2⤵
  PID:4700
- C:\Windows\System\wQENTVx.exe
  C:\Windows\System\wQENTVx.exe
  2⤵
  PID:4720
- C:\Windows\System\uXQHeVs.exe
  C:\Windows\System\uXQHeVs.exe
  2⤵
  PID:4740
- C:\Windows\System\iKEBgZG.exe
  C:\Windows\System\iKEBgZG.exe
  2⤵
  PID:4764
- C:\Windows\System\uXQtrLN.exe
  C:\Windows\System\uXQtrLN.exe
  2⤵
  PID:4780
- C:\Windows\System\PLGutwR.exe
  C:\Windows\System\PLGutwR.exe
  2⤵
  PID:4804
- C:\Windows\System\iRnOsUi.exe
  C:\Windows\System\iRnOsUi.exe
  2⤵
  PID:4824
- C:\Windows\System\maMIrnN.exe
  C:\Windows\System\maMIrnN.exe
  2⤵
  PID:4844
- C:\Windows\System\euWhMAr.exe
  C:\Windows\System\euWhMAr.exe
  2⤵
  PID:4860
- C:\Windows\System\UWPhkmA.exe
  C:\Windows\System\UWPhkmA.exe
  2⤵
  PID:4884
- C:\Windows\System\bsOPdAe.exe
  C:\Windows\System\bsOPdAe.exe
  2⤵
  PID:4904
- C:\Windows\System\DZxTRec.exe
  C:\Windows\System\DZxTRec.exe
  2⤵
  PID:4924
- C:\Windows\System\yDUOuqX.exe
  C:\Windows\System\yDUOuqX.exe
  2⤵
  PID:4944
- C:\Windows\System\KdXyXFv.exe
  C:\Windows\System\KdXyXFv.exe
  2⤵
  PID:4964
- C:\Windows\System\KBYphmV.exe
  C:\Windows\System\KBYphmV.exe
  2⤵
  PID:4984
- C:\Windows\System\dxXpEoZ.exe
  C:\Windows\System\dxXpEoZ.exe
  2⤵
  PID:5004
- C:\Windows\System\lDuyXdy.exe
  C:\Windows\System\lDuyXdy.exe
  2⤵
  PID:5024
- C:\Windows\System\hyKTMWI.exe
  C:\Windows\System\hyKTMWI.exe
  2⤵
  PID:5044
- C:\Windows\System\hEzbysC.exe
  C:\Windows\System\hEzbysC.exe
  2⤵
  PID:5060
- C:\Windows\System\DuCfigw.exe
  C:\Windows\System\DuCfigw.exe
  2⤵
  PID:5084
- C:\Windows\System\dpMVjCa.exe
  C:\Windows\System\dpMVjCa.exe
  2⤵
  PID:5104
- C:\Windows\System\qWJbFWx.exe
  C:\Windows\System\qWJbFWx.exe
  2⤵
  PID:3700
- C:\Windows\System\JpWKJQh.exe
  C:\Windows\System\JpWKJQh.exe
  2⤵
  PID:3480
- C:\Windows\System\DOrJKGv.exe
  C:\Windows\System\DOrJKGv.exe
  2⤵
  PID:3184
- C:\Windows\System\TWlXLGF.exe
  C:\Windows\System\TWlXLGF.exe
  2⤵
  PID:4072
- C:\Windows\System\HrhzfBo.exe
  C:\Windows\System\HrhzfBo.exe
  2⤵
  PID:3988
- C:\Windows\System\hMTMeke.exe
  C:\Windows\System\hMTMeke.exe
  2⤵
  PID:3092
- C:\Windows\System\tNkYnxK.exe
  C:\Windows\System\tNkYnxK.exe
  2⤵
  PID:1784
- C:\Windows\System\irvPdXG.exe
  C:\Windows\System\irvPdXG.exe
  2⤵
  PID:3388
- C:\Windows\System\nwtzgEG.exe
  C:\Windows\System\nwtzgEG.exe
  2⤵
  PID:4148
- C:\Windows\System\gbTVxOY.exe
  C:\Windows\System\gbTVxOY.exe
  2⤵
  PID:4124
- C:\Windows\System\cMAqXds.exe
  C:\Windows\System\cMAqXds.exe
  2⤵
  PID:4164
- C:\Windows\System\WelSoMd.exe
  C:\Windows\System\WelSoMd.exe
  2⤵
  PID:4204
- C:\Windows\System\uYLgyAz.exe
  C:\Windows\System\uYLgyAz.exe
  2⤵
  PID:4268
- C:\Windows\System\WxZBhPV.exe
  C:\Windows\System\WxZBhPV.exe
  2⤵
  PID:4304
- C:\Windows\System\jLNaOht.exe
  C:\Windows\System\jLNaOht.exe
  2⤵
  PID:4340
- C:\Windows\System\tQKdByO.exe
  C:\Windows\System\tQKdByO.exe
  2⤵
  PID:4328
- C:\Windows\System\iToIZNU.exe
  C:\Windows\System\iToIZNU.exe
  2⤵
  PID:4364
- C:\Windows\System\RGySfDD.exe
  C:\Windows\System\RGySfDD.exe
  2⤵
  PID:4428
- C:\Windows\System\nxZoJUr.exe
  C:\Windows\System\nxZoJUr.exe
  2⤵
  PID:4472
- C:\Windows\System\VLoaNty.exe
  C:\Windows\System\VLoaNty.exe
  2⤵
  PID:4508
- C:\Windows\System\XayMjoZ.exe
  C:\Windows\System\XayMjoZ.exe
  2⤵
  PID:4556
- C:\Windows\System\zJPTpKj.exe
  C:\Windows\System\zJPTpKj.exe
  2⤵
  PID:4592
- C:\Windows\System\xBiIreW.exe
  C:\Windows\System\xBiIreW.exe
  2⤵
  PID:4568
- C:\Windows\System\CKwhfGZ.exe
  C:\Windows\System\CKwhfGZ.exe
  2⤵
  PID:4664
- C:\Windows\System\SZZeIjo.exe
  C:\Windows\System\SZZeIjo.exe
  2⤵
  PID:2132
- C:\Windows\System\gOaZAtL.exe
  C:\Windows\System\gOaZAtL.exe
  2⤵
  PID:4652
- C:\Windows\System\dKqSaxU.exe
  C:\Windows\System\dKqSaxU.exe
  2⤵
  PID:4748
- C:\Windows\System\ZyrrhYc.exe
  C:\Windows\System\ZyrrhYc.exe
  2⤵
  PID:4760
- C:\Windows\System\MlthRaY.exe
  C:\Windows\System\MlthRaY.exe
  2⤵
  PID:4788
- C:\Windows\System\EHdKoeN.exe
  C:\Windows\System\EHdKoeN.exe
  2⤵
  PID:4772
- C:\Windows\System\aumKqFb.exe
  C:\Windows\System\aumKqFb.exe
  2⤵
  PID:4840
- C:\Windows\System\dGvCOyG.exe
  C:\Windows\System\dGvCOyG.exe
  2⤵
  PID:4880
- C:\Windows\System\gOajnpN.exe
  C:\Windows\System\gOajnpN.exe
  2⤵
  PID:4892
- C:\Windows\System\GzKitbM.exe
  C:\Windows\System\GzKitbM.exe
  2⤵
  PID:4916
- C:\Windows\System\AqpKgDo.exe
  C:\Windows\System\AqpKgDo.exe
  2⤵
  PID:4992
- C:\Windows\System\csupuzV.exe
  C:\Windows\System\csupuzV.exe
  2⤵
  PID:5012
- C:\Windows\System\HQcmdCi.exe
  C:\Windows\System\HQcmdCi.exe
  2⤵
  PID:5036
- C:\Windows\System\YaieIiX.exe
  C:\Windows\System\YaieIiX.exe
  2⤵
  PID:5076
- C:\Windows\System\wxWgVDd.exe
  C:\Windows\System\wxWgVDd.exe
  2⤵
  PID:5056
- C:\Windows\System\dftvUvX.exe
  C:\Windows\System\dftvUvX.exe
  2⤵
  PID:5096
- C:\Windows\System\QghvsfZ.exe
  C:\Windows\System\QghvsfZ.exe
  2⤵
  PID:2788
- C:\Windows\System\MQDGaud.exe
  C:\Windows\System\MQDGaud.exe
  2⤵
  PID:3464
- C:\Windows\System\ApcvkED.exe
  C:\Windows\System\ApcvkED.exe
  2⤵
  PID:2096
- C:\Windows\System\Lfwkzhf.exe
  C:\Windows\System\Lfwkzhf.exe
  2⤵
  PID:3280
- C:\Windows\System\ZWKuKVg.exe
  C:\Windows\System\ZWKuKVg.exe
  2⤵
  PID:4104
- C:\Windows\System\hGITTwD.exe
  C:\Windows\System\hGITTwD.exe
  2⤵
  PID:4188
- C:\Windows\System\mogIquX.exe
  C:\Windows\System\mogIquX.exe
  2⤵
  PID:4208
- C:\Windows\System\WGCiAOE.exe
  C:\Windows\System\WGCiAOE.exe
  2⤵
  PID:4308
- C:\Windows\System\VuXnIZQ.exe
  C:\Windows\System\VuXnIZQ.exe
  2⤵
  PID:4232
- C:\Windows\System\SeVTuKx.exe
  C:\Windows\System\SeVTuKx.exe
  2⤵
  PID:4464
- C:\Windows\System\JcxUbuP.exe
  C:\Windows\System\JcxUbuP.exe
  2⤵
  PID:4392
- C:\Windows\System\TlQRNoK.exe
  C:\Windows\System\TlQRNoK.exe
  2⤵
  PID:4548
- C:\Windows\System\rgjGgvX.exe
  C:\Windows\System\rgjGgvX.exe
  2⤵
  PID:4448
- C:\Windows\System\qCvIhMp.exe
  C:\Windows\System\qCvIhMp.exe
  2⤵
  PID:4532
- C:\Windows\System\DvRsSCY.exe
  C:\Windows\System\DvRsSCY.exe
  2⤵
  PID:2740
- C:\Windows\System\fgwtMwR.exe
  C:\Windows\System\fgwtMwR.exe
  2⤵
  PID:4632
- C:\Windows\System\eLxNnTQ.exe
  C:\Windows\System\eLxNnTQ.exe
  2⤵
  PID:4644
- C:\Windows\System\gDVtQIR.exe
  C:\Windows\System\gDVtQIR.exe
  2⤵
  PID:4736
- C:\Windows\System\HgwRvHu.exe
  C:\Windows\System\HgwRvHu.exe
  2⤵
  PID:2796
- C:\Windows\System\CSMbMhG.exe
  C:\Windows\System\CSMbMhG.exe
  2⤵
  PID:4476
- C:\Windows\System\LJOojER.exe
  C:\Windows\System\LJOojER.exe
  2⤵
  PID:4856
- C:\Windows\System\RPDQHQT.exe
  C:\Windows\System\RPDQHQT.exe
  2⤵
  PID:4960
- C:\Windows\System\GYAcuxy.exe
  C:\Windows\System\GYAcuxy.exe
  2⤵
  PID:5040
- C:\Windows\System\qMueNwD.exe
  C:\Windows\System\qMueNwD.exe
  2⤵
  PID:5052
- C:\Windows\System\YQQwpuI.exe
  C:\Windows\System\YQQwpuI.exe
  2⤵
  PID:1584
- C:\Windows\System\ENRUnGk.exe
  C:\Windows\System\ENRUnGk.exe
  2⤵
  PID:5092
- C:\Windows\System\HssCySX.exe
  C:\Windows\System\HssCySX.exe
  2⤵
  PID:4140
- C:\Windows\System\aGQdBXr.exe
  C:\Windows\System\aGQdBXr.exe
  2⤵
  PID:2080
- C:\Windows\System\BBjaZHA.exe
  C:\Windows\System\BBjaZHA.exe
  2⤵
  PID:4244
- C:\Windows\System\muEsXzk.exe
  C:\Windows\System\muEsXzk.exe
  2⤵
  PID:2640
- C:\Windows\System\hJnEvLT.exe
  C:\Windows\System\hJnEvLT.exe
  2⤵
  PID:4228
- C:\Windows\System\zUyMVfO.exe
  C:\Windows\System\zUyMVfO.exe
  2⤵
  PID:2712
- C:\Windows\System\lDUQQEW.exe
  C:\Windows\System\lDUQQEW.exe
  2⤵
  PID:4248
- C:\Windows\System\KGOiiZs.exe
  C:\Windows\System\KGOiiZs.exe
  2⤵
  PID:4624
- C:\Windows\System\MNVgfqR.exe
  C:\Windows\System\MNVgfqR.exe
  2⤵
  PID:2064
- C:\Windows\System\UQClFRe.exe
  C:\Windows\System\UQClFRe.exe
  2⤵
  PID:4676
- C:\Windows\System\mfFhiaP.exe
  C:\Windows\System\mfFhiaP.exe
  2⤵
  PID:892
- C:\Windows\System\ZmzdgtJ.exe
  C:\Windows\System\ZmzdgtJ.exe
  2⤵
  PID:4872
- C:\Windows\System\osrLLqt.exe
  C:\Windows\System\osrLLqt.exe
  2⤵
  PID:1956
- C:\Windows\System\WnmoUGM.exe
  C:\Windows\System\WnmoUGM.exe
  2⤵
  PID:4832
- C:\Windows\System\IxuLxCN.exe
  C:\Windows\System\IxuLxCN.exe
  2⤵
  PID:3716
- C:\Windows\System\xAAPVYn.exe
  C:\Windows\System\xAAPVYn.exe
  2⤵
  PID:5016
- C:\Windows\System\eVYssbX.exe
  C:\Windows\System\eVYssbX.exe
  2⤵
  PID:4996
- C:\Windows\System\JeaEqVd.exe
  C:\Windows\System\JeaEqVd.exe
  2⤵
  PID:3740
- C:\Windows\System\DbUTxpv.exe
  C:\Windows\System\DbUTxpv.exe
  2⤵
  PID:4184
- C:\Windows\System\FHCrtPa.exe
  C:\Windows\System\FHCrtPa.exe
  2⤵
  PID:4380
- C:\Windows\System\cNyhsse.exe
  C:\Windows\System\cNyhsse.exe
  2⤵
  PID:4352
- C:\Windows\System\WkRchiM.exe
  C:\Windows\System\WkRchiM.exe
  2⤵
  PID:4512
- C:\Windows\System\RbCTQqN.exe
  C:\Windows\System\RbCTQqN.exe
  2⤵
  PID:4612
- C:\Windows\System\YcpGRDe.exe
  C:\Windows\System\YcpGRDe.exe
  2⤵
  PID:4752
- C:\Windows\System\mGxVVSa.exe
  C:\Windows\System\mGxVVSa.exe
  2⤵
  PID:2852
- C:\Windows\System\XWRpjYy.exe
  C:\Windows\System\XWRpjYy.exe
  2⤵
  PID:4896
- C:\Windows\System\xKWZYPi.exe
  C:\Windows\System\xKWZYPi.exe
  2⤵
  PID:4152
- C:\Windows\System\NwnAWhH.exe
  C:\Windows\System\NwnAWhH.exe
  2⤵
  PID:3948
- C:\Windows\System\cLBdFwc.exe
  C:\Windows\System\cLBdFwc.exe
  2⤵
  PID:4952
- C:\Windows\System\onXBmdO.exe
  C:\Windows\System\onXBmdO.exe
  2⤵
  PID:4384
- C:\Windows\System\COKshNK.exe
  C:\Windows\System\COKshNK.exe
  2⤵
  PID:4912
- C:\Windows\System\VcNoIzE.exe
  C:\Windows\System\VcNoIzE.exe
  2⤵
  PID:2832
- C:\Windows\System\RGgouKx.exe
  C:\Windows\System\RGgouKx.exe
  2⤵
  PID:4412
- C:\Windows\System\udoarxz.exe
  C:\Windows\System\udoarxz.exe
  2⤵
  PID:4712
- C:\Windows\System\jRwzylB.exe
  C:\Windows\System\jRwzylB.exe
  2⤵
  PID:2520
- C:\Windows\System\EhyJJON.exe
  C:\Windows\System\EhyJJON.exe
  2⤵
  PID:3884
- C:\Windows\System\EbdktHr.exe
  C:\Windows\System\EbdktHr.exe
  2⤵
  PID:2612
- C:\Windows\System\iiEYthI.exe
  C:\Windows\System\iiEYthI.exe
  2⤵
  PID:4348
- C:\Windows\System\sPfTUdp.exe
  C:\Windows\System\sPfTUdp.exe
  2⤵
  PID:3012
- C:\Windows\System\USwxaCx.exe
  C:\Windows\System\USwxaCx.exe
  2⤵
  PID:2224
- C:\Windows\System\vuIskDf.exe
  C:\Windows\System\vuIskDf.exe
  2⤵
  PID:2216
- C:\Windows\System\uYDTRpz.exe
  C:\Windows\System\uYDTRpz.exe
  2⤵
  PID:1084
- C:\Windows\System\xXDzWiZ.exe
  C:\Windows\System\xXDzWiZ.exe
  2⤵
  PID:1804
- C:\Windows\System\BlvcjCR.exe
  C:\Windows\System\BlvcjCR.exe
  2⤵
  PID:2112
- C:\Windows\System\tsnTlbq.exe
  C:\Windows\System\tsnTlbq.exe
  2⤵
  PID:2592
- C:\Windows\System\lcgTOqB.exe
  C:\Windows\System\lcgTOqB.exe
  2⤵
  PID:4688
- C:\Windows\System\Minjaxr.exe
  C:\Windows\System\Minjaxr.exe
  2⤵
  PID:1212
- C:\Windows\System\OSnnIwy.exe
  C:\Windows\System\OSnnIwy.exe
  2⤵
  PID:1316
- C:\Windows\System\cyeBnsk.exe
  C:\Windows\System\cyeBnsk.exe
  2⤵
  PID:2856
- C:\Windows\System\mlBXVVR.exe
  C:\Windows\System\mlBXVVR.exe
  2⤵
  PID:4976
- C:\Windows\System\VrkPehg.exe
  C:\Windows\System\VrkPehg.exe
  2⤵
  PID:1272
- C:\Windows\System\yYNbhzF.exe
  C:\Windows\System\yYNbhzF.exe
  2⤵
  PID:2468
- C:\Windows\System\SQZwobN.exe
  C:\Windows\System\SQZwobN.exe
  2⤵
  PID:3180
- C:\Windows\System\LGlDyTa.exe
  C:\Windows\System\LGlDyTa.exe
  2⤵
  PID:2772
- C:\Windows\System\TlpJaQR.exe
  C:\Windows\System\TlpJaQR.exe
  2⤵
  PID:2916
- C:\Windows\System\CEyLMmK.exe
  C:\Windows\System\CEyLMmK.exe
  2⤵
  PID:2336
- C:\Windows\System\Ktazupj.exe
  C:\Windows\System\Ktazupj.exe
  2⤵
  PID:1556
- C:\Windows\System\RwoWcIt.exe
  C:\Windows\System\RwoWcIt.exe
  2⤵
  PID:2680
- C:\Windows\System\goDcCPM.exe
  C:\Windows\System\goDcCPM.exe
  2⤵
  PID:4820
- C:\Windows\System\qqOHzXr.exe
  C:\Windows\System\qqOHzXr.exe
  2⤵
  PID:5140
- C:\Windows\System\BgtZHAC.exe
  C:\Windows\System\BgtZHAC.exe
  2⤵
  PID:5156
- C:\Windows\System\DEULHbb.exe
  C:\Windows\System\DEULHbb.exe
  2⤵
  PID:5176
- C:\Windows\System\GitDxlr.exe
  C:\Windows\System\GitDxlr.exe
  2⤵
  PID:5200
- C:\Windows\System\asYSPRg.exe
  C:\Windows\System\asYSPRg.exe
  2⤵
  PID:5228
- C:\Windows\System\UiYMmwT.exe
  C:\Windows\System\UiYMmwT.exe
  2⤵
  PID:5244
- C:\Windows\System\unllmXJ.exe
  C:\Windows\System\unllmXJ.exe
  2⤵
  PID:5260
- C:\Windows\System\LxdpFLG.exe
  C:\Windows\System\LxdpFLG.exe
  2⤵
  PID:5276
- C:\Windows\System\UVnxMXK.exe
  C:\Windows\System\UVnxMXK.exe
  2⤵
  PID:5292
- C:\Windows\System\xPzAUeS.exe
  C:\Windows\System\xPzAUeS.exe
  2⤵
  PID:5308
- C:\Windows\System\oRJNvMM.exe
  C:\Windows\System\oRJNvMM.exe
  2⤵
  PID:5348
- C:\Windows\System\BjVHoCm.exe
  C:\Windows\System\BjVHoCm.exe
  2⤵
  PID:5368
- C:\Windows\System\EYVCBUK.exe
  C:\Windows\System\EYVCBUK.exe
  2⤵
  PID:5384
- C:\Windows\System\xegUWOR.exe
  C:\Windows\System\xegUWOR.exe
  2⤵
  PID:5404
- C:\Windows\System\MbSdEhA.exe
  C:\Windows\System\MbSdEhA.exe
  2⤵
  PID:5420
- C:\Windows\System\yxaKDBu.exe
  C:\Windows\System\yxaKDBu.exe
  2⤵
  PID:5440
- C:\Windows\System\hfffyHG.exe
  C:\Windows\System\hfffyHG.exe
  2⤵
  PID:5460
- C:\Windows\System\BzcgEwQ.exe
  C:\Windows\System\BzcgEwQ.exe
  2⤵
  PID:5480
- C:\Windows\System\ShmydKA.exe
  C:\Windows\System\ShmydKA.exe
  2⤵
  PID:5504
- C:\Windows\System\UjaXVpm.exe
  C:\Windows\System\UjaXVpm.exe
  2⤵
  PID:5520
- C:\Windows\System\VpSfQoV.exe
  C:\Windows\System\VpSfQoV.exe
  2⤵
  PID:5536
- C:\Windows\System\zaBqVUr.exe
  C:\Windows\System\zaBqVUr.exe
  2⤵
  PID:5564
- C:\Windows\System\iHlEKsM.exe
  C:\Windows\System\iHlEKsM.exe
  2⤵
  PID:5592
- C:\Windows\System\nWiNdcT.exe
  C:\Windows\System\nWiNdcT.exe
  2⤵
  PID:5608
- C:\Windows\System\oBcJtYZ.exe
  C:\Windows\System\oBcJtYZ.exe
  2⤵
  PID:5624
- C:\Windows\System\DgWhCTp.exe
  C:\Windows\System\DgWhCTp.exe
  2⤵
  PID:5640
- C:\Windows\System\dUxFYzG.exe
  C:\Windows\System\dUxFYzG.exe
  2⤵
  PID:5656
- C:\Windows\System\sKyWWoW.exe
  C:\Windows\System\sKyWWoW.exe
  2⤵
  PID:5684
- C:\Windows\System\DsMmIZT.exe
  C:\Windows\System\DsMmIZT.exe
  2⤵
  PID:5704
- C:\Windows\System\bLvNzlb.exe
  C:\Windows\System\bLvNzlb.exe
  2⤵
  PID:5720
- C:\Windows\System\CEuFNWY.exe
  C:\Windows\System\CEuFNWY.exe
  2⤵
  PID:5736
- C:\Windows\System\uyWxcsO.exe
  C:\Windows\System\uyWxcsO.exe
  2⤵
  PID:5772
- C:\Windows\System\maKQozq.exe
  C:\Windows\System\maKQozq.exe
  2⤵
  PID:5788
- C:\Windows\System\ojRvgWT.exe
  C:\Windows\System\ojRvgWT.exe
  2⤵
  PID:5804
- C:\Windows\System\OHjnXIF.exe
  C:\Windows\System\OHjnXIF.exe
  2⤵
  PID:5824
- C:\Windows\System\JXkIivz.exe
  C:\Windows\System\JXkIivz.exe
  2⤵
  PID:5852
- C:\Windows\System\PFsVZsK.exe
  C:\Windows\System\PFsVZsK.exe
  2⤵
  PID:5868
- C:\Windows\System\GjdbDQv.exe
  C:\Windows\System\GjdbDQv.exe
  2⤵
  PID:5884
- C:\Windows\System\xmQdMix.exe
  C:\Windows\System\xmQdMix.exe
  2⤵
  PID:5908
- C:\Windows\System\CBoMYEe.exe
  C:\Windows\System\CBoMYEe.exe
  2⤵
  PID:5928
- C:\Windows\System\pYNhlIz.exe
  C:\Windows\System\pYNhlIz.exe
  2⤵
  PID:5944
- C:\Windows\System\DPsUbsb.exe
  C:\Windows\System\DPsUbsb.exe
  2⤵
  PID:5960
- C:\Windows\System\OoIpskT.exe
  C:\Windows\System\OoIpskT.exe
  2⤵
  PID:5976
- C:\Windows\System\SXHYEcl.exe
  C:\Windows\System\SXHYEcl.exe
  2⤵
  PID:6008
- C:\Windows\System\sTlPLxO.exe
  C:\Windows\System\sTlPLxO.exe
  2⤵
  PID:6024
- C:\Windows\System\LcyHioo.exe
  C:\Windows\System\LcyHioo.exe
  2⤵
  PID:6040
- C:\Windows\System\DJvsiAq.exe
  C:\Windows\System\DJvsiAq.exe
  2⤵
  PID:6060
- C:\Windows\System\tiNIrvl.exe
  C:\Windows\System\tiNIrvl.exe
  2⤵
  PID:6084
- C:\Windows\System\icNrDzg.exe
  C:\Windows\System\icNrDzg.exe
  2⤵
  PID:6100
- C:\Windows\System\HiPyEJw.exe
  C:\Windows\System\HiPyEJw.exe
  2⤵
  PID:6136
- C:\Windows\System\DRiTBik.exe
  C:\Windows\System\DRiTBik.exe
  2⤵
  PID:2512
- C:\Windows\System\YjMTnQe.exe
  C:\Windows\System\YjMTnQe.exe
  2⤵
  PID:5184
- C:\Windows\System\NkZDMIt.exe
  C:\Windows\System\NkZDMIt.exe
  2⤵
  PID:5196
- C:\Windows\System\Fpwcisu.exe
  C:\Windows\System\Fpwcisu.exe
  2⤵
  PID:5128
- C:\Windows\System\hiDeYKA.exe
  C:\Windows\System\hiDeYKA.exe
  2⤵
  PID:5224
- C:\Windows\System\SWALgEo.exe
  C:\Windows\System\SWALgEo.exe
  2⤵
  PID:5304
- C:\Windows\System\DCmIYVw.exe
  C:\Windows\System\DCmIYVw.exe
  2⤵
  PID:5332
- C:\Windows\System\zQSJukp.exe
  C:\Windows\System\zQSJukp.exe
  2⤵
  PID:5356
- C:\Windows\System\ispomSU.exe
  C:\Windows\System\ispomSU.exe
  2⤵
  PID:5396
- C:\Windows\System\JMQTYvb.exe
  C:\Windows\System\JMQTYvb.exe
  2⤵
  PID:5468
- C:\Windows\System\rYbelti.exe
  C:\Windows\System\rYbelti.exe
  2⤵
  PID:5416
- C:\Windows\System\imzycyt.exe
  C:\Windows\System\imzycyt.exe
  2⤵
  PID:5456
- C:\Windows\System\RQmqrSd.exe
  C:\Windows\System\RQmqrSd.exe
  2⤵
  PID:5528
- C:\Windows\System\QRYbfah.exe
  C:\Windows\System\QRYbfah.exe
  2⤵
  PID:5532
- C:\Windows\System\EazXyEA.exe
  C:\Windows\System\EazXyEA.exe
  2⤵
  PID:5512
- C:\Windows\System\LgPlxvl.exe
  C:\Windows\System\LgPlxvl.exe
  2⤵
  PID:5576
- C:\Windows\System\fQmvPHM.exe
  C:\Windows\System\fQmvPHM.exe
  2⤵
  PID:5632
- C:\Windows\System\ONEDLTC.exe
  C:\Windows\System\ONEDLTC.exe
  2⤵
  PID:1600
- C:\Windows\System\QujzAMP.exe
  C:\Windows\System\QujzAMP.exe
  2⤵
  PID:1152
- C:\Windows\System\aBmVpOz.exe
  C:\Windows\System\aBmVpOz.exe
  2⤵
  PID:1348
- C:\Windows\System\EtQyWhX.exe
  C:\Windows\System\EtQyWhX.exe
  2⤵
  PID:5748
- C:\Windows\System\okUXlyq.exe
  C:\Windows\System\okUXlyq.exe
  2⤵
  PID:5768
- C:\Windows\System\QNMsPnI.exe
  C:\Windows\System\QNMsPnI.exe
  2⤵
  PID:5700
- C:\Windows\System\sBmXmWr.exe
  C:\Windows\System\sBmXmWr.exe
  2⤵
  PID:5796
- C:\Windows\System\cIoOSWw.exe
  C:\Windows\System\cIoOSWw.exe
  2⤵
  PID:5812
- C:\Windows\System\lPAvzvm.exe
  C:\Windows\System\lPAvzvm.exe
  2⤵
  PID:5844
- C:\Windows\System\IAVXEAj.exe
  C:\Windows\System\IAVXEAj.exe
  2⤵
  PID:944
- C:\Windows\System\sgVGFgW.exe
  C:\Windows\System\sgVGFgW.exe
  2⤵
  PID:5860
- C:\Windows\System\JTLDvve.exe
  C:\Windows\System\JTLDvve.exe
  2⤵
  PID:5920
- C:\Windows\System\RCwqwhu.exe
  C:\Windows\System\RCwqwhu.exe
  2⤵
  PID:2868
- C:\Windows\System\TlNHOuy.exe
  C:\Windows\System\TlNHOuy.exe
  2⤵
  PID:6032
- C:\Windows\System\BZGgyus.exe
  C:\Windows\System\BZGgyus.exe
  2⤵
  PID:5940
- C:\Windows\System\aJCRTDS.exe
  C:\Windows\System\aJCRTDS.exe
  2⤵
  PID:6052
- C:\Windows\System\BudALLr.exe
  C:\Windows\System\BudALLr.exe
  2⤵
  PID:6096
- C:\Windows\System\fNoHIKB.exe
  C:\Windows\System\fNoHIKB.exe
  2⤵
  PID:6120
- C:\Windows\System\YgVKqAH.exe
  C:\Windows\System\YgVKqAH.exe
  2⤵
  PID:1664
- C:\Windows\System\jgniJyv.exe
  C:\Windows\System\jgniJyv.exe
  2⤵
  PID:5168
- C:\Windows\System\SzZsqzu.exe
  C:\Windows\System\SzZsqzu.exe
  2⤵
  PID:5164
- C:\Windows\System\AAXITjR.exe
  C:\Windows\System\AAXITjR.exe
  2⤵
  PID:4696
- C:\Windows\System\gRHiNPx.exe
  C:\Windows\System\gRHiNPx.exe
  2⤵
  PID:5288
- C:\Windows\System\gCBrkxp.exe
  C:\Windows\System\gCBrkxp.exe
  2⤵
  PID:5344
- C:\Windows\System\ZJYjYlD.exe
  C:\Windows\System\ZJYjYlD.exe
  2⤵
  PID:5432
- C:\Windows\System\GLUqztV.exe
  C:\Windows\System\GLUqztV.exe
  2⤵
  PID:5380
- C:\Windows\System\GkDIUrZ.exe
  C:\Windows\System\GkDIUrZ.exe
  2⤵
  PID:5500
- C:\Windows\System\SdNKlDq.exe
  C:\Windows\System\SdNKlDq.exe
  2⤵
  PID:5560
- C:\Windows\System\usnoNyM.exe
  C:\Windows\System\usnoNyM.exe
  2⤵
  PID:5680
- C:\Windows\System\dUkxRAM.exe
  C:\Windows\System\dUkxRAM.exe
  2⤵
  PID:5712
- C:\Windows\System\EGICFyc.exe
  C:\Windows\System\EGICFyc.exe
  2⤵
  PID:5744
- C:\Windows\System\EejuGgp.exe
  C:\Windows\System\EejuGgp.exe
  2⤵
  PID:5780
- C:\Windows\System\ZAQFWYQ.exe
  C:\Windows\System\ZAQFWYQ.exe
  2⤵
  PID:5904
- C:\Windows\System\AQQmitV.exe
  C:\Windows\System\AQQmitV.exe
  2⤵
  PID:5816
- C:\Windows\System\VBbQTFl.exe
  C:\Windows\System\VBbQTFl.exe
  2⤵
  PID:5956
- C:\Windows\System\ZcyRHVP.exe
  C:\Windows\System\ZcyRHVP.exe
  2⤵
  PID:5652
- C:\Windows\System\YDBEnxh.exe
  C:\Windows\System\YDBEnxh.exe
  2⤵
  PID:6056
- C:\Windows\System\jUZLAMO.exe
  C:\Windows\System\jUZLAMO.exe
  2⤵
  PID:6092
- C:\Windows\System\eFInVSl.exe
  C:\Windows\System\eFInVSl.exe
  2⤵
  PID:5996
- C:\Windows\System\dQfRzMw.exe
  C:\Windows\System\dQfRzMw.exe
  2⤵
  PID:5192
- C:\Windows\System\VrpzuDa.exe
  C:\Windows\System\VrpzuDa.exe
  2⤵
  PID:5236
- C:\Windows\System\yPTldat.exe
  C:\Windows\System\yPTldat.exe
  2⤵
  PID:5256
- C:\Windows\System\AeuwMHY.exe
  C:\Windows\System\AeuwMHY.exe
  2⤵
  PID:5324
- C:\Windows\System\wXyvjay.exe
  C:\Windows\System\wXyvjay.exe
  2⤵
  PID:5572
- C:\Windows\System\LQnAiBP.exe
  C:\Windows\System\LQnAiBP.exe
  2⤵
  PID:5516
- C:\Windows\System\IpEgtOW.exe
  C:\Windows\System\IpEgtOW.exe
  2⤵
  PID:5648
- C:\Windows\System\tQrYRYw.exe
  C:\Windows\System\tQrYRYw.exe
  2⤵
  PID:5716
- C:\Windows\System\chcPCkt.exe
  C:\Windows\System\chcPCkt.exe
  2⤵
  PID:5836
- C:\Windows\System\Ocounad.exe
  C:\Windows\System\Ocounad.exe
  2⤵
  PID:5892
- C:\Windows\System\fQPjtPz.exe
  C:\Windows\System\fQPjtPz.exe
  2⤵
  PID:5972
- C:\Windows\System\bxUUccY.exe
  C:\Windows\System\bxUUccY.exe
  2⤵
  PID:5916
- C:\Windows\System\RvsCvhr.exe
  C:\Windows\System\RvsCvhr.exe
  2⤵
  PID:5924
- C:\Windows\System\yXJHvLK.exe
  C:\Windows\System\yXJHvLK.exe
  2⤵
  PID:5984
- C:\Windows\System\mSBeeRz.exe
  C:\Windows\System\mSBeeRz.exe
  2⤵
  PID:5284
- C:\Windows\System\JGGMOiT.exe
  C:\Windows\System\JGGMOiT.exe
  2⤵
  PID:5252
- C:\Windows\System\kcVBHip.exe
  C:\Windows\System\kcVBHip.exe
  2⤵
  PID:5760
- C:\Windows\System\YkJCJxY.exe
  C:\Windows\System\YkJCJxY.exe
  2⤵
  PID:6036
- C:\Windows\System\fGRcLoQ.exe
  C:\Windows\System\fGRcLoQ.exe
  2⤵
  PID:1184
- C:\Windows\System\nDSrkhz.exe
  C:\Windows\System\nDSrkhz.exe
  2⤵
  PID:5968
- C:\Windows\System\xUuNlKV.exe
  C:\Windows\System\xUuNlKV.exe
  2⤵
  PID:5208
- C:\Windows\System\bUMfRfA.exe
  C:\Windows\System\bUMfRfA.exe
  2⤵
  PID:5216
- C:\Windows\System\IDCOkII.exe
  C:\Windows\System\IDCOkII.exe
  2⤵
  PID:5580
- C:\Windows\System\NRBRwjh.exe
  C:\Windows\System\NRBRwjh.exe
  2⤵
  PID:5148
- C:\Windows\System\xeUfgvg.exe
  C:\Windows\System\xeUfgvg.exe
  2⤵
  PID:6112
- C:\Windows\System\uYxRhXp.exe
  C:\Windows\System\uYxRhXp.exe
  2⤵
  PID:2728
- C:\Windows\System\dnakTME.exe
  C:\Windows\System\dnakTME.exe
  2⤵
  PID:6048
- C:\Windows\System\yRyqfZr.exe
  C:\Windows\System\yRyqfZr.exe
  2⤵
  PID:5676
- C:\Windows\System\voRFJuR.exe
  C:\Windows\System\voRFJuR.exe
  2⤵
  PID:5552
- C:\Windows\System\cWKFfXw.exe
  C:\Windows\System\cWKFfXw.exe
  2⤵
  PID:5320
- C:\Windows\System\ZWXNWZP.exe
  C:\Windows\System\ZWXNWZP.exe
  2⤵
  PID:3044
- C:\Windows\System\RtmKtyO.exe
  C:\Windows\System\RtmKtyO.exe
  2⤵
  PID:6168
- C:\Windows\System\DGwmeUG.exe
  C:\Windows\System\DGwmeUG.exe
  2⤵
  PID:6188
- C:\Windows\System\bwiBZXT.exe
  C:\Windows\System\bwiBZXT.exe
  2⤵
  PID:6208
- C:\Windows\System\gnATJBR.exe
  C:\Windows\System\gnATJBR.exe
  2⤵
  PID:6228
- C:\Windows\System\LPhZCJr.exe
  C:\Windows\System\LPhZCJr.exe
  2⤵
  PID:6244
- C:\Windows\System\nTrnhsw.exe
  C:\Windows\System\nTrnhsw.exe
  2⤵
  PID:6264
- C:\Windows\System\TFyiQFR.exe
  C:\Windows\System\TFyiQFR.exe
  2⤵
  PID:6280
- C:\Windows\System\FcdVKNv.exe
  C:\Windows\System\FcdVKNv.exe
  2⤵
  PID:6296
- C:\Windows\System\wikESJH.exe
  C:\Windows\System\wikESJH.exe
  2⤵
  PID:6328
- C:\Windows\System\gYyWSMj.exe
  C:\Windows\System\gYyWSMj.exe
  2⤵
  PID:6344
- C:\Windows\System\vZGglAQ.exe
  C:\Windows\System\vZGglAQ.exe
  2⤵
  PID:6360
- C:\Windows\System\svnbuon.exe
  C:\Windows\System\svnbuon.exe
  2⤵
  PID:6388
- C:\Windows\System\nCabJPn.exe
  C:\Windows\System\nCabJPn.exe
  2⤵
  PID:6404
- C:\Windows\System\yRmOjzf.exe
  C:\Windows\System\yRmOjzf.exe
  2⤵
  PID:6420
- C:\Windows\System\Xcbqcir.exe
  C:\Windows\System\Xcbqcir.exe
  2⤵
  PID:6444
- C:\Windows\System\pbNlBNU.exe
  C:\Windows\System\pbNlBNU.exe
  2⤵
  PID:6464
- C:\Windows\System\tIXZmng.exe
  C:\Windows\System\tIXZmng.exe
  2⤵
  PID:6480
- C:\Windows\System\WgyESbf.exe
  C:\Windows\System\WgyESbf.exe
  2⤵
  PID:6504
- C:\Windows\System\PRDNoMR.exe
  C:\Windows\System\PRDNoMR.exe
  2⤵
  PID:6520
- C:\Windows\System\bhPaIwG.exe
  C:\Windows\System\bhPaIwG.exe
  2⤵
  PID:6544
- C:\Windows\System\GuZXYUX.exe
  C:\Windows\System\GuZXYUX.exe
  2⤵
  PID:6560
- C:\Windows\System\PcvBprY.exe
  C:\Windows\System\PcvBprY.exe
  2⤵
  PID:6584
- C:\Windows\System\tlovDUA.exe
  C:\Windows\System\tlovDUA.exe
  2⤵
  PID:6600
- C:\Windows\System\dvwogbL.exe
  C:\Windows\System\dvwogbL.exe
  2⤵
  PID:6620
- C:\Windows\System\yjsYDav.exe
  C:\Windows\System\yjsYDav.exe
  2⤵
  PID:6648
- C:\Windows\System\ELjvNVE.exe
  C:\Windows\System\ELjvNVE.exe
  2⤵
  PID:6664
- C:\Windows\System\ySCotfZ.exe
  C:\Windows\System\ySCotfZ.exe
  2⤵
  PID:6684
- C:\Windows\System\JObvJMH.exe
  C:\Windows\System\JObvJMH.exe
  2⤵
  PID:6704
- C:\Windows\System\pvcTrIj.exe
  C:\Windows\System\pvcTrIj.exe
  2⤵
  PID:6724
- C:\Windows\System\WffXyDV.exe
  C:\Windows\System\WffXyDV.exe
  2⤵
  PID:6744
- C:\Windows\System\eUtggpP.exe
  C:\Windows\System\eUtggpP.exe
  2⤵
  PID:6760
- C:\Windows\System\axLCGII.exe
  C:\Windows\System\axLCGII.exe
  2⤵
  PID:6776
- C:\Windows\System\TDYRZwq.exe
  C:\Windows\System\TDYRZwq.exe
  2⤵
  PID:6804
- C:\Windows\System\MjvxAxs.exe
  C:\Windows\System\MjvxAxs.exe
  2⤵
  PID:6820
- C:\Windows\System\RUJEEoG.exe
  C:\Windows\System\RUJEEoG.exe
  2⤵
  PID:6836
- C:\Windows\System\TlQjwnK.exe
  C:\Windows\System\TlQjwnK.exe
  2⤵
  PID:6852
- C:\Windows\System\GVJuCth.exe
  C:\Windows\System\GVJuCth.exe
  2⤵
  PID:6884
- C:\Windows\System\TuCPCeq.exe
  C:\Windows\System\TuCPCeq.exe
  2⤵
  PID:6900
- C:\Windows\System\VIwEuMK.exe
  C:\Windows\System\VIwEuMK.exe
  2⤵
  PID:6920
- C:\Windows\System\zSNGjgx.exe
  C:\Windows\System\zSNGjgx.exe
  2⤵
  PID:6936
- C:\Windows\System\dbeKsjW.exe
  C:\Windows\System\dbeKsjW.exe
  2⤵
  PID:6960
- C:\Windows\System\gfiTYFM.exe
  C:\Windows\System\gfiTYFM.exe
  2⤵
  PID:6976
- C:\Windows\System\AaWuSOA.exe
  C:\Windows\System\AaWuSOA.exe
  2⤵
  PID:7004
- C:\Windows\System\IEmHzMO.exe
  C:\Windows\System\IEmHzMO.exe
  2⤵
  PID:7020
- C:\Windows\System\yFHCRFm.exe
  C:\Windows\System\yFHCRFm.exe
  2⤵
  PID:7036
- C:\Windows\System\nVzJxra.exe
  C:\Windows\System\nVzJxra.exe
  2⤵
  PID:7060
- C:\Windows\System\JGdnUzp.exe
  C:\Windows\System\JGdnUzp.exe
  2⤵
  PID:7088
- C:\Windows\System\BlSKfUf.exe
  C:\Windows\System\BlSKfUf.exe
  2⤵
  PID:7104
- C:\Windows\System\tTTkrZX.exe
  C:\Windows\System\tTTkrZX.exe
  2⤵
  PID:7120
- C:\Windows\System\pyWelLE.exe
  C:\Windows\System\pyWelLE.exe
  2⤵
  PID:7136
- C:\Windows\System\dYjXdKe.exe
  C:\Windows\System\dYjXdKe.exe
  2⤵
  PID:7152
- C:\Windows\System\WbPeDNg.exe
  C:\Windows\System\WbPeDNg.exe
  2⤵
  PID:5364
- C:\Windows\System\SpXpALF.exe
  C:\Windows\System\SpXpALF.exe
  2⤵
  PID:6156
- C:\Windows\System\XJMUGxx.exe
  C:\Windows\System\XJMUGxx.exe
  2⤵
  PID:6176
- C:\Windows\System\uLlBQfx.exe
  C:\Windows\System\uLlBQfx.exe
  2⤵
  PID:6220
- C:\Windows\System\AwahZXV.exe
  C:\Windows\System\AwahZXV.exe
  2⤵
  PID:6256
- C:\Windows\System\RmXRxfr.exe
  C:\Windows\System\RmXRxfr.exe
  2⤵
  PID:6304
- C:\Windows\System\LrqWxsa.exe
  C:\Windows\System\LrqWxsa.exe
  2⤵
  PID:6292
- C:\Windows\System\YksheBA.exe
  C:\Windows\System\YksheBA.exe
  2⤵
  PID:6336
- C:\Windows\System\gKSAOEr.exe
  C:\Windows\System\gKSAOEr.exe
  2⤵
  PID:6396
- C:\Windows\System\SOQyUcz.exe
  C:\Windows\System\SOQyUcz.exe
  2⤵
  PID:6412
- C:\Windows\System\ibwCjFE.exe
  C:\Windows\System\ibwCjFE.exe
  2⤵
  PID:6472
- C:\Windows\System\XGxHCIt.exe
  C:\Windows\System\XGxHCIt.exe
  2⤵
  PID:6492
- C:\Windows\System\mzxLktB.exe
  C:\Windows\System\mzxLktB.exe
  2⤵
  PID:6460
- C:\Windows\System\GvdIxGQ.exe
  C:\Windows\System\GvdIxGQ.exe
  2⤵
  PID:6536
- C:\Windows\System\pevWUnK.exe
  C:\Windows\System\pevWUnK.exe
  2⤵
  PID:6616
- C:\Windows\System\ZlFMiRI.exe
  C:\Windows\System\ZlFMiRI.exe
  2⤵
  PID:6636
- C:\Windows\System\jhsWTDt.exe
  C:\Windows\System\jhsWTDt.exe
  2⤵
  PID:6672
- C:\Windows\System\IyyaLJU.exe
  C:\Windows\System\IyyaLJU.exe
  2⤵
  PID:6700
- C:\Windows\System\rkdIubC.exe
  C:\Windows\System\rkdIubC.exe
  2⤵
  PID:6720
- C:\Windows\System\kfTKoWC.exe
  C:\Windows\System\kfTKoWC.exe
  2⤵
  PID:6796
- C:\Windows\System\RHYkuGk.exe
  C:\Windows\System\RHYkuGk.exe
  2⤵
  PID:6828
- C:\Windows\System\GBWgvVg.exe
  C:\Windows\System\GBWgvVg.exe
  2⤵
  PID:6772
- C:\Windows\System\ClfIOGJ.exe
  C:\Windows\System\ClfIOGJ.exe
  2⤵
  PID:6844
- C:\Windows\System\euppqPd.exe
  C:\Windows\System\euppqPd.exe
  2⤵
  PID:6912
- C:\Windows\System\xHdKYPo.exe
  C:\Windows\System\xHdKYPo.exe
  2⤵
  PID:6956
- C:\Windows\System\GAquMwf.exe
  C:\Windows\System\GAquMwf.exe
  2⤵
  PID:6928
- C:\Windows\System\yvgToui.exe
  C:\Windows\System\yvgToui.exe
  2⤵
  PID:7000
- C:\Windows\System\YfCrDSm.exe
  C:\Windows\System\YfCrDSm.exe
  2⤵
  PID:7012
- C:\Windows\System\bkRUGxM.exe
  C:\Windows\System\bkRUGxM.exe
  2⤵
  PID:7048
- C:\Windows\System\UuUhDEh.exe
  C:\Windows\System\UuUhDEh.exe
  2⤵
  PID:7076
- C:\Windows\System\LkuAwmj.exe
  C:\Windows\System\LkuAwmj.exe
  2⤵
  PID:7144
- C:\Windows\System\iFtJIez.exe
  C:\Windows\System\iFtJIez.exe
  2⤵
  PID:7128
- C:\Windows\System\AlvuClt.exe
  C:\Windows\System\AlvuClt.exe
  2⤵
  PID:2260
- C:\Windows\System\HRRVsjB.exe
  C:\Windows\System\HRRVsjB.exe
  2⤵
  PID:6224
- C:\Windows\System\eDiKwNy.exe
  C:\Windows\System\eDiKwNy.exe
  2⤵
  PID:6324
- C:\Windows\System\TBBKTrv.exe
  C:\Windows\System\TBBKTrv.exe
  2⤵
  PID:6428
- C:\Windows\System\uiudnlG.exe
  C:\Windows\System\uiudnlG.exe
  2⤵
  PID:6368
- C:\Windows\System\wDkZOuh.exe
  C:\Windows\System\wDkZOuh.exe
  2⤵
  PID:6372
- C:\Windows\System\LEAZZSF.exe
  C:\Windows\System\LEAZZSF.exe
  2⤵
  PID:6488
- C:\Windows\System\pYTgYhv.exe
  C:\Windows\System\pYTgYhv.exe
  2⤵
  PID:6516
- C:\Windows\System\keiHdWD.exe
  C:\Windows\System\keiHdWD.exe
  2⤵
  PID:6500
- C:\Windows\System\JeHvVuR.exe
  C:\Windows\System\JeHvVuR.exe
  2⤵
  PID:6644
- C:\Windows\System\QfFjcww.exe
  C:\Windows\System\QfFjcww.exe
  2⤵
  PID:6732
- C:\Windows\System\PQyTlvi.exe
  C:\Windows\System\PQyTlvi.exe
  2⤵
  PID:6792
- C:\Windows\System\myYrkWj.exe
  C:\Windows\System\myYrkWj.exe
  2⤵
  PID:6868
- C:\Windows\System\oTDvWPo.exe
  C:\Windows\System\oTDvWPo.exe
  2⤵
  PID:6848
- C:\Windows\System\CFKwayt.exe
  C:\Windows\System\CFKwayt.exe
  2⤵
  PID:6896
- C:\Windows\System\PqAOQDr.exe
  C:\Windows\System\PqAOQDr.exe
  2⤵
  PID:7052
- C:\Windows\System\gaKREYu.exe
  C:\Windows\System\gaKREYu.exe
  2⤵
  PID:6996
- C:\Windows\System\NtZWOmy.exe
  C:\Windows\System\NtZWOmy.exe
  2⤵
  PID:7100
- C:\Windows\System\bZNhFQj.exe
  C:\Windows\System\bZNhFQj.exe
  2⤵
  PID:7116
- C:\Windows\System\yUKwCPY.exe
  C:\Windows\System\yUKwCPY.exe
  2⤵
  PID:6072
- C:\Windows\System\XINKjYk.exe
  C:\Windows\System\XINKjYk.exe
  2⤵
  PID:6272
- C:\Windows\System\ZOOLLfu.exe
  C:\Windows\System\ZOOLLfu.exe
  2⤵
  PID:6568
- C:\Windows\System\fDJeqgJ.exe
  C:\Windows\System\fDJeqgJ.exe
  2⤵
  PID:2228
- C:\Windows\System\MpesosE.exe
  C:\Windows\System\MpesosE.exe
  2⤵
  PID:6440
- C:\Windows\System\EmAGKZo.exe
  C:\Windows\System\EmAGKZo.exe
  2⤵
  PID:6608
- C:\Windows\System\mSPqemw.exe
  C:\Windows\System\mSPqemw.exe
  2⤵
  PID:6680
- C:\Windows\System\VEHNxPy.exe
  C:\Windows\System\VEHNxPy.exe
  2⤵
  PID:6756
- C:\Windows\System\AZeKtAn.exe
  C:\Windows\System\AZeKtAn.exe
  2⤵
  PID:6812
- C:\Windows\System\WaVXkaz.exe
  C:\Windows\System\WaVXkaz.exe
  2⤵
  PID:7016
- C:\Windows\System\ArMvtUN.exe
  C:\Windows\System\ArMvtUN.exe
  2⤵
  PID:7096
- C:\Windows\System\yozHkEx.exe
  C:\Windows\System\yozHkEx.exe
  2⤵
  PID:7112
- C:\Windows\System\OxwuVls.exe
  C:\Windows\System\OxwuVls.exe
  2⤵
  PID:6660
- C:\Windows\System\ZTgvjpu.exe
  C:\Windows\System\ZTgvjpu.exe
  2⤵
  PID:6204
- C:\Windows\System\dgKpDTb.exe
  C:\Windows\System\dgKpDTb.exe
  2⤵
  PID:6944
- C:\Windows\System\aWYqWWK.exe
  C:\Windows\System\aWYqWWK.exe
  2⤵
  PID:6432
- C:\Windows\System\PLSoMJh.exe
  C:\Windows\System\PLSoMJh.exe
  2⤵
  PID:6628
- C:\Windows\System\KCFLiQm.exe
  C:\Windows\System\KCFLiQm.exe
  2⤵
  PID:6164
- C:\Windows\System\gdNgSMg.exe
  C:\Windows\System\gdNgSMg.exe
  2⤵
  PID:6436
- C:\Windows\System\UyFKkya.exe
  C:\Windows\System\UyFKkya.exe
  2⤵
  PID:6512
- C:\Windows\System\rNaOebU.exe
  C:\Windows\System\rNaOebU.exe
  2⤵
  PID:7200
- C:\Windows\System\Pblweyw.exe
  C:\Windows\System\Pblweyw.exe
  2⤵
  PID:7220
- C:\Windows\System\fvAzMNf.exe
  C:\Windows\System\fvAzMNf.exe
  2⤵
  PID:7248
- C:\Windows\System\zfFUNXq.exe
  C:\Windows\System\zfFUNXq.exe
  2⤵
  PID:7264
- C:\Windows\System\tdUMGKH.exe
  C:\Windows\System\tdUMGKH.exe
  2⤵
  PID:7280
- C:\Windows\System\ZsQvBRM.exe
  C:\Windows\System\ZsQvBRM.exe
  2⤵
  PID:7296
- C:\Windows\System\GdlazIH.exe
  C:\Windows\System\GdlazIH.exe
  2⤵
  PID:7312
- C:\Windows\System\GZbJKWB.exe
  C:\Windows\System\GZbJKWB.exe
  2⤵
  PID:7332
- C:\Windows\System\dXalCWU.exe
  C:\Windows\System\dXalCWU.exe
  2⤵
  PID:7352
- C:\Windows\System\tVMOZcU.exe
  C:\Windows\System\tVMOZcU.exe
  2⤵
  PID:7368
- C:\Windows\System\eGCVrfx.exe
  C:\Windows\System\eGCVrfx.exe
  2⤵
  PID:7384
- C:\Windows\System\zOIHiJA.exe
  C:\Windows\System\zOIHiJA.exe
  2⤵
  PID:7404
- C:\Windows\System\lTJBlHB.exe
  C:\Windows\System\lTJBlHB.exe
  2⤵
  PID:7424
- C:\Windows\System\KvEJgmJ.exe
  C:\Windows\System\KvEJgmJ.exe
  2⤵
  PID:7440
- C:\Windows\System\DXUvIlT.exe
  C:\Windows\System\DXUvIlT.exe
  2⤵
  PID:7456
- C:\Windows\System\ftjxYNt.exe
  C:\Windows\System\ftjxYNt.exe
  2⤵
  PID:7472
- C:\Windows\System\eXabhdL.exe
  C:\Windows\System\eXabhdL.exe
  2⤵
  PID:7488
- C:\Windows\System\lXjVUeC.exe
  C:\Windows\System\lXjVUeC.exe
  2⤵
  PID:7512
- C:\Windows\System\Lsbjebr.exe
  C:\Windows\System\Lsbjebr.exe
  2⤵
  PID:7528
- C:\Windows\System\gaQiQDm.exe
  C:\Windows\System\gaQiQDm.exe
  2⤵
  PID:7544
- C:\Windows\System\swNMXTP.exe
  C:\Windows\System\swNMXTP.exe
  2⤵
  PID:7572
- C:\Windows\System\ucrUFkg.exe
  C:\Windows\System\ucrUFkg.exe
  2⤵
  PID:7608
- C:\Windows\System\vrFHexQ.exe
  C:\Windows\System\vrFHexQ.exe
  2⤵
  PID:7648
- C:\Windows\System\PCrtEFx.exe
  C:\Windows\System\PCrtEFx.exe
  2⤵
  PID:7668
- C:\Windows\System\iWVSbHd.exe
  C:\Windows\System\iWVSbHd.exe
  2⤵
  PID:7692
- C:\Windows\System\IEXRZCu.exe
  C:\Windows\System\IEXRZCu.exe
  2⤵
  PID:7708
- C:\Windows\System\tsHEWxT.exe
  C:\Windows\System\tsHEWxT.exe
  2⤵
  PID:7732
- C:\Windows\System\BnvIeZc.exe
  C:\Windows\System\BnvIeZc.exe
  2⤵
  PID:7748
- C:\Windows\System\QDCQXjL.exe
  C:\Windows\System\QDCQXjL.exe
  2⤵
  PID:7764
- C:\Windows\System\weGnxtV.exe
  C:\Windows\System\weGnxtV.exe
  2⤵
  PID:7780
- C:\Windows\System\FxwieAY.exe
  C:\Windows\System\FxwieAY.exe
  2⤵
  PID:7804
- C:\Windows\System\SyYijIQ.exe
  C:\Windows\System\SyYijIQ.exe
  2⤵
  PID:7824
- C:\Windows\System\oLRapKc.exe
  C:\Windows\System\oLRapKc.exe
  2⤵
  PID:7852
- C:\Windows\System\nFKLOGN.exe
  C:\Windows\System\nFKLOGN.exe
  2⤵
  PID:7868
- C:\Windows\System\cZdJnmo.exe
  C:\Windows\System\cZdJnmo.exe
  2⤵
  PID:7884
- C:\Windows\System\AzxgRDO.exe
  C:\Windows\System\AzxgRDO.exe
  2⤵
  PID:7904
- C:\Windows\System\uqDKUtU.exe
  C:\Windows\System\uqDKUtU.exe
  2⤵
  PID:7920
- C:\Windows\System\IwGihmm.exe
  C:\Windows\System\IwGihmm.exe
  2⤵
  PID:7948
- C:\Windows\System\PFDBwnx.exe
  C:\Windows\System\PFDBwnx.exe
  2⤵
  PID:7972
- C:\Windows\System\WZecZjp.exe
  C:\Windows\System\WZecZjp.exe
  2⤵
  PID:7992
- C:\Windows\System\NwcKANQ.exe
  C:\Windows\System\NwcKANQ.exe
  2⤵
  PID:8008
- C:\Windows\System\juYuOTv.exe
  C:\Windows\System\juYuOTv.exe
  2⤵
  PID:8028
- C:\Windows\System\KtkTJOr.exe
  C:\Windows\System\KtkTJOr.exe
  2⤵
  PID:8056
- C:\Windows\System\zVKNWuj.exe
  C:\Windows\System\zVKNWuj.exe
  2⤵
  PID:8072
- C:\Windows\System\ypFbsTg.exe
  C:\Windows\System\ypFbsTg.exe
  2⤵
  PID:8092
- C:\Windows\System\duWcrHr.exe
  C:\Windows\System\duWcrHr.exe
  2⤵
  PID:8108
- C:\Windows\System\wzvcHLs.exe
  C:\Windows\System\wzvcHLs.exe
  2⤵
  PID:8132
- C:\Windows\System\dTLJuPt.exe
  C:\Windows\System\dTLJuPt.exe
  2⤵
  PID:8148
- C:\Windows\System\RUILeGT.exe
  C:\Windows\System\RUILeGT.exe
  2⤵
  PID:8164
- C:\Windows\System\fWTNWiP.exe
  C:\Windows\System\fWTNWiP.exe
  2⤵
  PID:6880
- C:\Windows\System\ooOjhZP.exe
  C:\Windows\System\ooOjhZP.exe
  2⤵
  PID:6572
- C:\Windows\System\RTuOhSi.exe
  C:\Windows\System\RTuOhSi.exe
  2⤵
  PID:6972
- C:\Windows\System\BKfhAFr.exe
  C:\Windows\System\BKfhAFr.exe
  2⤵
  PID:7172
- C:\Windows\System\cHySPCf.exe
  C:\Windows\System\cHySPCf.exe
  2⤵
  PID:7196
- C:\Windows\System\KxIyNAt.exe
  C:\Windows\System\KxIyNAt.exe
  2⤵
  PID:7208
- C:\Windows\System\NUTzMeM.exe
  C:\Windows\System\NUTzMeM.exe
  2⤵
  PID:7236
- C:\Windows\System\xGDCnTh.exe
  C:\Windows\System\xGDCnTh.exe
  2⤵
  PID:7308
- C:\Windows\System\iVGEprO.exe
  C:\Windows\System\iVGEprO.exe
  2⤵
  PID:7376
- C:\Windows\System\uAvvpnx.exe
  C:\Windows\System\uAvvpnx.exe
  2⤵
  PID:7452
- C:\Windows\System\XATBSGy.exe
  C:\Windows\System\XATBSGy.exe
  2⤵
  PID:7524
- C:\Windows\System\offmtHa.exe
  C:\Windows\System\offmtHa.exe
  2⤵
  PID:7436
- C:\Windows\System\kIfyBQL.exe
  C:\Windows\System\kIfyBQL.exe
  2⤵
  PID:7508
- C:\Windows\System\zfnvFeC.exe
  C:\Windows\System\zfnvFeC.exe
  2⤵
  PID:7364
- C:\Windows\System\gEncZoE.exe
  C:\Windows\System\gEncZoE.exe
  2⤵
  PID:7320
- C:\Windows\System\jWphRfU.exe
  C:\Windows\System\jWphRfU.exe
  2⤵
  PID:7616
- C:\Windows\System\FYdwMTf.exe
  C:\Windows\System\FYdwMTf.exe
  2⤵
  PID:7360
- C:\Windows\System\GNauHdj.exe
  C:\Windows\System\GNauHdj.exe
  2⤵
  PID:7596
- C:\Windows\System\xXxoBcd.exe
  C:\Windows\System\xXxoBcd.exe
  2⤵
  PID:7660
- C:\Windows\System\eTzdbUA.exe
  C:\Windows\System\eTzdbUA.exe
  2⤵
  PID:7700
- C:\Windows\System\WnyQKiv.exe
  C:\Windows\System\WnyQKiv.exe
  2⤵
  PID:7724
- C:\Windows\System\qUFIliJ.exe
  C:\Windows\System\qUFIliJ.exe
  2⤵
  PID:7740
- C:\Windows\System\OmroCud.exe
  C:\Windows\System\OmroCud.exe
  2⤵
  PID:7800
- C:\Windows\System\GKiAtuh.exe
  C:\Windows\System\GKiAtuh.exe
  2⤵
  PID:7836
- C:\Windows\System\ygXwZvF.exe
  C:\Windows\System\ygXwZvF.exe
  2⤵
  PID:7892
- C:\Windows\System\JHIttbe.exe
  C:\Windows\System\JHIttbe.exe
  2⤵
  PID:7880
- C:\Windows\System\cErnReX.exe
  C:\Windows\System\cErnReX.exe
  2⤵
  PID:7936
- C:\Windows\System\UiIkomi.exe
  C:\Windows\System\UiIkomi.exe
  2⤵
  PID:7960
- C:\Windows\System\kULDVFq.exe
  C:\Windows\System\kULDVFq.exe
  2⤵
  PID:8000
- C:\Windows\System\LXiOXWg.exe
  C:\Windows\System\LXiOXWg.exe
  2⤵
  PID:8036
- C:\Windows\System\DsEaWkE.exe
  C:\Windows\System\DsEaWkE.exe
  2⤵
  PID:8040
- C:\Windows\System\zIVzAmZ.exe
  C:\Windows\System\zIVzAmZ.exe
  2⤵
  PID:8088
- C:\Windows\System\opOkBSz.exe
  C:\Windows\System\opOkBSz.exe
  2⤵
  PID:8124
- C:\Windows\System\NYvxHiH.exe
  C:\Windows\System\NYvxHiH.exe
  2⤵
  PID:8160
- C:\Windows\System\ieaeILN.exe
  C:\Windows\System\ieaeILN.exe
  2⤵
  PID:6216
- C:\Windows\System\rsUpBNe.exe
  C:\Windows\System\rsUpBNe.exe
  2⤵
  PID:8188
- C:\Windows\System\eiAaIBM.exe
  C:\Windows\System\eiAaIBM.exe
  2⤵
  PID:6712
- C:\Windows\System\pvKSKLy.exe
  C:\Windows\System\pvKSKLy.exe
  2⤵
  PID:6696
- C:\Windows\System\askRxRh.exe
  C:\Windows\System\askRxRh.exe
  2⤵
  PID:6276
- C:\Windows\System\LcHxhei.exe
  C:\Windows\System\LcHxhei.exe
  2⤵
  PID:7304
- C:\Windows\System\DWLcusV.exe
  C:\Windows\System\DWLcusV.exe
  2⤵
  PID:7412
- C:\Windows\System\kbHMYht.exe
  C:\Windows\System\kbHMYht.exe
  2⤵
  PID:7256
- C:\Windows\System\qjrMjxj.exe
  C:\Windows\System\qjrMjxj.exe
  2⤵
  PID:7484
- C:\Windows\System\EkveNTO.exe
  C:\Windows\System\EkveNTO.exe
  2⤵
  PID:7464
- C:\Windows\System\TnYfWEg.exe
  C:\Windows\System\TnYfWEg.exe
  2⤵
  PID:7500
- C:\Windows\System\JuZzTaS.exe
  C:\Windows\System\JuZzTaS.exe
  2⤵
  PID:7564
- C:\Windows\System\ADtmaqp.exe
  C:\Windows\System\ADtmaqp.exe
  2⤵
  PID:7632
- C:\Windows\System\xjepCJa.exe
  C:\Windows\System\xjepCJa.exe
  2⤵
  PID:7684
- C:\Windows\System\ETyGcuO.exe
  C:\Windows\System\ETyGcuO.exe
  2⤵
  PID:7832
- C:\Windows\System\btEFwhO.exe
  C:\Windows\System\btEFwhO.exe
  2⤵
  PID:7876
- C:\Windows\System\oHIehFd.exe
  C:\Windows\System\oHIehFd.exe
  2⤵
  PID:7864
- C:\Windows\System\RjoNzbX.exe
  C:\Windows\System\RjoNzbX.exe
  2⤵
  PID:8068
- C:\Windows\System\KfDGkFJ.exe
  C:\Windows\System\KfDGkFJ.exe
  2⤵
  PID:8176
- C:\Windows\System\KKbHXrE.exe
  C:\Windows\System\KKbHXrE.exe
  2⤵
  PID:7188
- C:\Windows\System\GoOuhqq.exe
  C:\Windows\System\GoOuhqq.exe
  2⤵
  PID:7448
- C:\Windows\System\MvvYDSZ.exe
  C:\Windows\System\MvvYDSZ.exe
  2⤵
  PID:7496
- C:\Windows\System\yIGOgqP.exe
  C:\Windows\System\yIGOgqP.exe
  2⤵
  PID:8128
- C:\Windows\System\TyVyowA.exe
  C:\Windows\System\TyVyowA.exe
  2⤵
  PID:7232
- C:\Windows\System\VBVWPKw.exe
  C:\Windows\System\VBVWPKw.exe
  2⤵
  PID:7396
- C:\Windows\System\FCjSDra.exe
  C:\Windows\System\FCjSDra.exe
  2⤵
  PID:8024
- C:\Windows\System\PVWTatO.exe
  C:\Windows\System\PVWTatO.exe
  2⤵
  PID:7756
- C:\Windows\System\mfvNJkk.exe
  C:\Windows\System\mfvNJkk.exe
  2⤵
  PID:7720
- C:\Windows\System\XtWzHaD.exe
  C:\Windows\System\XtWzHaD.exe
  2⤵
  PID:7860
- C:\Windows\System\rPUUGKv.exe
  C:\Windows\System\rPUUGKv.exe
  2⤵
  PID:7820
- C:\Windows\System\uCtzcxd.exe
  C:\Windows\System\uCtzcxd.exe
  2⤵
  PID:2980
- C:\Windows\System\OObqkTx.exe
  C:\Windows\System\OObqkTx.exe
  2⤵
  PID:7984
- C:\Windows\System\qLsFYcd.exe
  C:\Windows\System\qLsFYcd.exe
  2⤵
  PID:1568
- C:\Windows\System\OJMIgju.exe
  C:\Windows\System\OJMIgju.exe
  2⤵
  PID:7640
- C:\Windows\System\qFVzWdL.exe
  C:\Windows\System\qFVzWdL.exe
  2⤵
  PID:7788
- C:\Windows\System\IKxUtMX.exe
  C:\Windows\System\IKxUtMX.exe
  2⤵
  PID:7928
- C:\Windows\System\AOkaZgd.exe
  C:\Windows\System\AOkaZgd.exe
  2⤵
  PID:7260
- C:\Windows\System\VYJAFAr.exe
  C:\Windows\System\VYJAFAr.exe
  2⤵
  PID:8004
- C:\Windows\System\rWMwkFw.exe
  C:\Windows\System\rWMwkFw.exe
  2⤵
  PID:6180
- C:\Windows\System\EQHDnQP.exe
  C:\Windows\System\EQHDnQP.exe
  2⤵
  PID:7644
- C:\Windows\System\kTLVABb.exe
  C:\Windows\System\kTLVABb.exe
  2⤵
  PID:6948
- C:\Windows\System\UNhQntO.exe
  C:\Windows\System\UNhQntO.exe
  2⤵
  PID:7180
- C:\Windows\System\gHaGwmV.exe
  C:\Windows\System\gHaGwmV.exe
  2⤵
  PID:7520
- C:\Windows\System\hPFqJsv.exe
  C:\Windows\System\hPFqJsv.exe
  2⤵
  PID:7916
- C:\Windows\System\khSXmGY.exe
  C:\Windows\System\khSXmGY.exe
  2⤵
  PID:7344
- C:\Windows\System\AsXpwlb.exe
  C:\Windows\System\AsXpwlb.exe
  2⤵
  PID:7620
- C:\Windows\System\LmEvvew.exe
  C:\Windows\System\LmEvvew.exe
  2⤵
  PID:7848
- C:\Windows\System\ufyqGzA.exe
  C:\Windows\System\ufyqGzA.exe
  2⤵
  PID:7588
- C:\Windows\System\pMCSxnc.exe
  C:\Windows\System\pMCSxnc.exe
  2⤵
  PID:8200
- C:\Windows\System\zTiNRfi.exe
  C:\Windows\System\zTiNRfi.exe
  2⤵
  PID:8216
- C:\Windows\System\vhKbhLm.exe
  C:\Windows\System\vhKbhLm.exe
  2⤵
  PID:8236
- C:\Windows\System\kjNNpcN.exe
  C:\Windows\System\kjNNpcN.exe
  2⤵
  PID:8252
- C:\Windows\System\WXLvqvY.exe
  C:\Windows\System\WXLvqvY.exe
  2⤵
  PID:8272
- C:\Windows\System\gREQEQC.exe
  C:\Windows\System\gREQEQC.exe
  2⤵
  PID:8288
- C:\Windows\System\bprzmSD.exe
  C:\Windows\System\bprzmSD.exe
  2⤵
  PID:8316
- C:\Windows\System\xssHDrn.exe
  C:\Windows\System\xssHDrn.exe
  2⤵
  PID:8332
- C:\Windows\System\vCTVUpZ.exe
  C:\Windows\System\vCTVUpZ.exe
  2⤵
  PID:8348
- C:\Windows\System\PMyfzgp.exe
  C:\Windows\System\PMyfzgp.exe
  2⤵
  PID:8372
- C:\Windows\System\zlsHOSQ.exe
  C:\Windows\System\zlsHOSQ.exe
  2⤵
  PID:8396
- C:\Windows\System\rmhVvbM.exe
  C:\Windows\System\rmhVvbM.exe
  2⤵
  PID:8416
- C:\Windows\System\CFRyNkd.exe
  C:\Windows\System\CFRyNkd.exe
  2⤵
  PID:8452
- C:\Windows\System\SiWduBi.exe
  C:\Windows\System\SiWduBi.exe
  2⤵
  PID:8468
- C:\Windows\System\ydRuHSe.exe
  C:\Windows\System\ydRuHSe.exe
  2⤵
  PID:8484
- C:\Windows\System\QkVYHfI.exe
  C:\Windows\System\QkVYHfI.exe
  2⤵
  PID:8516
- C:\Windows\System\xaukmOh.exe
  C:\Windows\System\xaukmOh.exe
  2⤵
  PID:8532
- C:\Windows\System\dLLVrnj.exe
  C:\Windows\System\dLLVrnj.exe
  2⤵
  PID:8548
- C:\Windows\System\cIqdHxc.exe
  C:\Windows\System\cIqdHxc.exe
  2⤵
  PID:8564
- C:\Windows\System\aFnQHmh.exe
  C:\Windows\System\aFnQHmh.exe
  2⤵
  PID:8596
- C:\Windows\System\MbdYDqX.exe
  C:\Windows\System\MbdYDqX.exe
  2⤵
  PID:8612
- C:\Windows\System\GjoGHMs.exe
  C:\Windows\System\GjoGHMs.exe
  2⤵
  PID:8636
- C:\Windows\System\ZqPKvWL.exe
  C:\Windows\System\ZqPKvWL.exe
  2⤵
  PID:8652
- C:\Windows\System\pUqqZsz.exe
  C:\Windows\System\pUqqZsz.exe
  2⤵
  PID:8668
- C:\Windows\System\kkddXfJ.exe
  C:\Windows\System\kkddXfJ.exe
  2⤵
  PID:8692
- C:\Windows\System\rbknEEm.exe
  C:\Windows\System\rbknEEm.exe
  2⤵
  PID:8712
- C:\Windows\System\gBIgreo.exe
  C:\Windows\System\gBIgreo.exe
  2⤵
  PID:8732
- C:\Windows\System\pWJbtwi.exe
  C:\Windows\System\pWJbtwi.exe
  2⤵
  PID:8748
- C:\Windows\System\xfGqddg.exe
  C:\Windows\System\xfGqddg.exe
  2⤵
  PID:8780
- C:\Windows\System\iPBzSHw.exe
  C:\Windows\System\iPBzSHw.exe
  2⤵
  PID:8800
- C:\Windows\System\djNdbHA.exe
  C:\Windows\System\djNdbHA.exe
  2⤵
  PID:8816
- C:\Windows\System\HuFeIvB.exe
  C:\Windows\System\HuFeIvB.exe
  2⤵
  PID:8836
- C:\Windows\System\GVpDliA.exe
  C:\Windows\System\GVpDliA.exe
  2⤵
  PID:8852
- C:\Windows\System\PqdHAPJ.exe
  C:\Windows\System\PqdHAPJ.exe
  2⤵
  PID:8876
- C:\Windows\System\CuCwTrw.exe
  C:\Windows\System\CuCwTrw.exe
  2⤵
  PID:8892
- C:\Windows\System\gWzYHUE.exe
  C:\Windows\System\gWzYHUE.exe
  2⤵
  PID:8912
- C:\Windows\System\BmyFety.exe
  C:\Windows\System\BmyFety.exe
  2⤵
  PID:8928
- C:\Windows\System\pbMfleC.exe
  C:\Windows\System\pbMfleC.exe
  2⤵
  PID:8948
- C:\Windows\System\QhYTMVR.exe
  C:\Windows\System\QhYTMVR.exe
  2⤵
  PID:8968
- C:\Windows\System\CwwPZxi.exe
  C:\Windows\System\CwwPZxi.exe
  2⤵
  PID:8996
- C:\Windows\System\JrfhDoI.exe
  C:\Windows\System\JrfhDoI.exe
  2⤵
  PID:9020
- C:\Windows\System\rdBAjgT.exe
  C:\Windows\System\rdBAjgT.exe
  2⤵
  PID:9036
- C:\Windows\System\rAAAICC.exe
  C:\Windows\System\rAAAICC.exe
  2⤵
  PID:9056
- C:\Windows\System\PFntfCX.exe
  C:\Windows\System\PFntfCX.exe
  2⤵
  PID:9072
- C:\Windows\System\MNJqNKS.exe
  C:\Windows\System\MNJqNKS.exe
  2⤵
  PID:9092
- C:\Windows\System\iIuXiUH.exe
  C:\Windows\System\iIuXiUH.exe
  2⤵
  PID:9108
- C:\Windows\System\zQgVerx.exe
  C:\Windows\System\zQgVerx.exe
  2⤵
  PID:9140
- C:\Windows\System\ipKnKrY.exe
  C:\Windows\System\ipKnKrY.exe
  2⤵
  PID:9156
- C:\Windows\System\YnzemIp.exe
  C:\Windows\System\YnzemIp.exe
  2⤵
  PID:9172
- C:\Windows\System\untqtBC.exe
  C:\Windows\System\untqtBC.exe
  2⤵
  PID:9204
- C:\Windows\System\OvaFLCj.exe
  C:\Windows\System\OvaFLCj.exe
  2⤵
  PID:8208
- C:\Windows\System\NljqKdr.exe
  C:\Windows\System\NljqKdr.exe
  2⤵
  PID:8280
- C:\Windows\System\afJScLc.exe
  C:\Windows\System\afJScLc.exe
  2⤵
  PID:8232
- C:\Windows\System\KfwUuDK.exe
  C:\Windows\System\KfwUuDK.exe
  2⤵
  PID:8364
- C:\Windows\System\uFuZogd.exe
  C:\Windows\System\uFuZogd.exe
  2⤵
  PID:6816
- C:\Windows\System\bAMAfNJ.exe
  C:\Windows\System\bAMAfNJ.exe
  2⤵
  PID:8308
- C:\Windows\System\uKeoCOX.exe
  C:\Windows\System\uKeoCOX.exe
  2⤵
  PID:8388
- C:\Windows\System\zGOhTAM.exe
  C:\Windows\System\zGOhTAM.exe
  2⤵
  PID:8424
- C:\Windows\System\pbPguvC.exe
  C:\Windows\System\pbPguvC.exe
  2⤵
  PID:8460
- C:\Windows\System\CqUkFDK.exe
  C:\Windows\System\CqUkFDK.exe
  2⤵
  PID:8504
- C:\Windows\System\KURxceu.exe
  C:\Windows\System\KURxceu.exe
  2⤵
  PID:8476
- C:\Windows\System\TvDnVCP.exe
  C:\Windows\System\TvDnVCP.exe
  2⤵
  PID:8528
- C:\Windows\System\zAMiDVA.exe
  C:\Windows\System\zAMiDVA.exe
  2⤵
  PID:8584
- C:\Windows\System\uipYnAY.exe
  C:\Windows\System\uipYnAY.exe
  2⤵
  PID:8620
- C:\Windows\System\ZVOdMtK.exe
  C:\Windows\System\ZVOdMtK.exe
  2⤵
  PID:8644
- C:\Windows\System\ChVNwmL.exe
  C:\Windows\System\ChVNwmL.exe
  2⤵
  PID:8700
- C:\Windows\System\tdEsjmV.exe
  C:\Windows\System\tdEsjmV.exe
  2⤵
  PID:8704
- C:\Windows\System\CslGlPj.exe
  C:\Windows\System\CslGlPj.exe
  2⤵
  PID:8744
- C:\Windows\System\cJbBQgZ.exe
  C:\Windows\System\cJbBQgZ.exe
  2⤵
  PID:8772
- C:\Windows\System\zlTiBgb.exe
  C:\Windows\System\zlTiBgb.exe
  2⤵
  PID:8832
- C:\Windows\System\GdcxBCM.exe
  C:\Windows\System\GdcxBCM.exe
  2⤵
  PID:8908
- C:\Windows\System\KaCOtNA.exe
  C:\Windows\System\KaCOtNA.exe
  2⤵
  PID:8808
- C:\Windows\System\PedJVPM.exe
  C:\Windows\System\PedJVPM.exe
  2⤵
  PID:8984
- C:\Windows\System\wwwdkMj.exe
  C:\Windows\System\wwwdkMj.exe
  2⤵
  PID:8848
- C:\Windows\System\vTXVtxx.exe
  C:\Windows\System\vTXVtxx.exe
  2⤵
  PID:8920
- C:\Windows\System\FcXHoBZ.exe
  C:\Windows\System\FcXHoBZ.exe
  2⤵
  PID:9012
- C:\Windows\System\UVBmyBM.exe
  C:\Windows\System\UVBmyBM.exe
  2⤵
  PID:9068
- C:\Windows\System\dVVdgHk.exe
  C:\Windows\System\dVVdgHk.exe
  2⤵
  PID:9080
- C:\Windows\System\PNsIigL.exe
  C:\Windows\System\PNsIigL.exe
  2⤵
  PID:9052
- C:\Windows\System\EZVKzWh.exe
  C:\Windows\System\EZVKzWh.exe
  2⤵
  PID:9132
- C:\Windows\System\CDFssEp.exe
  C:\Windows\System\CDFssEp.exe
  2⤵
  PID:9180
- C:\Windows\System\zxqRnSi.exe
  C:\Windows\System\zxqRnSi.exe
  2⤵
  PID:9200
- C:\Windows\System\OSKGQYo.exe
  C:\Windows\System\OSKGQYo.exe
  2⤵
  PID:8356
- C:\Windows\System\vmsCNtm.exe
  C:\Windows\System\vmsCNtm.exe
  2⤵
  PID:8412
- C:\Windows\System\xWirKwM.exe
  C:\Windows\System\xWirKwM.exe
  2⤵
  PID:8340
- C:\Windows\System\FqGxPkX.exe
  C:\Windows\System\FqGxPkX.exe
  2⤵
  PID:8432
- C:\Windows\System\KlrEaRS.exe
  C:\Windows\System\KlrEaRS.exe
  2⤵
  PID:8448
- C:\Windows\System\eBiOpWJ.exe
  C:\Windows\System\eBiOpWJ.exe
  2⤵
  PID:8496
- C:\Windows\System\ntYgmLI.exe
  C:\Windows\System\ntYgmLI.exe
  2⤵
  PID:8556
- C:\Windows\System\yBSxcKp.exe
  C:\Windows\System\yBSxcKp.exe
  2⤵
  PID:8592
- C:\Windows\System\tTDrCuv.exe
  C:\Windows\System\tTDrCuv.exe
  2⤵
  PID:8660
- C:\Windows\System\TwCPprE.exe
  C:\Windows\System\TwCPprE.exe
  2⤵
  PID:8444
- C:\Windows\System\JWfmKFa.exe
  C:\Windows\System\JWfmKFa.exe
  2⤵
  PID:8740
- C:\Windows\System\hopCBfO.exe
  C:\Windows\System\hopCBfO.exe
  2⤵
  PID:8792
- C:\Windows\System\xSpAAwc.exe
  C:\Windows\System\xSpAAwc.exe
  2⤵
  PID:8868
- C:\Windows\System\sXBdHPn.exe
  C:\Windows\System\sXBdHPn.exe
  2⤵
  PID:8936
- C:\Windows\System\xqfRntf.exe
  C:\Windows\System\xqfRntf.exe
  2⤵
  PID:8884
- C:\Windows\System\kompSmd.exe
  C:\Windows\System\kompSmd.exe
  2⤵
  PID:9084
- C:\Windows\System\rSfHxAL.exe
  C:\Windows\System\rSfHxAL.exe
  2⤵
  PID:9164
- C:\Windows\System\ddYIciT.exe
  C:\Windows\System\ddYIciT.exe
  2⤵
  PID:9064
- C:\Windows\System\nGiHgEw.exe
  C:\Windows\System\nGiHgEw.exe
  2⤵
  PID:9136
- C:\Windows\System\vbncmkP.exe
  C:\Windows\System\vbncmkP.exe
  2⤵
  PID:8020
- C:\Windows\System\hUaGNZd.exe
  C:\Windows\System\hUaGNZd.exe
  2⤵
  PID:8228
- C:\Windows\System\myFlaYH.exe
  C:\Windows\System\myFlaYH.exe
  2⤵
  PID:8440
- C:\Windows\System\xsKdOed.exe
  C:\Windows\System\xsKdOed.exe
  2⤵
  PID:8560
- C:\Windows\System\cDMmBut.exe
  C:\Windows\System\cDMmBut.exe
  2⤵
  PID:8684
- C:\Windows\System\sIgytJB.exe
  C:\Windows\System\sIgytJB.exe
  2⤵
  PID:8632
- C:\Windows\System\vGsRvMb.exe
  C:\Windows\System\vGsRvMb.exe
  2⤵
  PID:9004
- C:\Windows\System\fMjPAPA.exe
  C:\Windows\System\fMjPAPA.exe
  2⤵
  PID:8988
- C:\Windows\System\mtnjEhf.exe
  C:\Windows\System\mtnjEhf.exe
  2⤵
  PID:8980
- C:\Windows\System\osbDGzP.exe
  C:\Windows\System\osbDGzP.exe
  2⤵
  PID:1508
- C:\Windows\System\mpjhmuv.exe
  C:\Windows\System\mpjhmuv.exe
  2⤵
  PID:9212
- C:\Windows\System\TwAcjXF.exe
  C:\Windows\System\TwAcjXF.exe
  2⤵
  PID:6152
- C:\Windows\System\loyHPYY.exe
  C:\Windows\System\loyHPYY.exe
  2⤵
  PID:8264
- C:\Windows\System\MyStMzD.exe
  C:\Windows\System\MyStMzD.exe
  2⤵
  PID:8576
- C:\Windows\System\FrsYNfi.exe
  C:\Windows\System\FrsYNfi.exe
  2⤵
  PID:384
- C:\Windows\System\jbLNszW.exe
  C:\Windows\System\jbLNszW.exe
  2⤵
  PID:9016
- C:\Windows\System\ImFtuRs.exe
  C:\Windows\System\ImFtuRs.exe
  2⤵
  PID:8992
- C:\Windows\System\FccgRfH.exe
  C:\Windows\System\FccgRfH.exe
  2⤵
  PID:8864
- C:\Windows\System\fKcCqMQ.exe
  C:\Windows\System\fKcCqMQ.exe
  2⤵
  PID:8296
- C:\Windows\System\WaTXTeY.exe
  C:\Windows\System\WaTXTeY.exe
  2⤵
  PID:8300
- C:\Windows\System\tJbmvsL.exe
  C:\Windows\System\tJbmvsL.exe
  2⤵
  PID:8900
- C:\Windows\System\znDQvnj.exe
  C:\Windows\System\znDQvnj.exe
  2⤵
  PID:8244
- C:\Windows\System\JgaKrGf.exe
  C:\Windows\System\JgaKrGf.exe
  2⤵
  PID:2940
- C:\Windows\System\AyArISb.exe
  C:\Windows\System\AyArISb.exe
  2⤵
  PID:8304
- C:\Windows\System\GyBTuqv.exe
  C:\Windows\System\GyBTuqv.exe
  2⤵
  PID:9032
- C:\Windows\System\WgoALAt.exe
  C:\Windows\System\WgoALAt.exe
  2⤵
  PID:8764
- C:\Windows\System\gudckIZ.exe
  C:\Windows\System\gudckIZ.exe
  2⤵
  PID:8524
- C:\Windows\System\CsseOFV.exe
  C:\Windows\System\CsseOFV.exe
  2⤵
  PID:8544
- C:\Windows\System\JrshFHe.exe
  C:\Windows\System\JrshFHe.exe
  2⤵
  PID:8404
- C:\Windows\System\tNoeFAJ.exe
  C:\Windows\System\tNoeFAJ.exe
  2⤵
  PID:9236
- C:\Windows\System\GsynDTv.exe
  C:\Windows\System\GsynDTv.exe
  2⤵
  PID:9252
- C:\Windows\System\eXDbLKs.exe
  C:\Windows\System\eXDbLKs.exe
  2⤵
  PID:9268
- C:\Windows\System\shFCaUN.exe
  C:\Windows\System\shFCaUN.exe
  2⤵
  PID:9288
- C:\Windows\System\toMPszL.exe
  C:\Windows\System\toMPszL.exe
  2⤵
  PID:9312
- C:\Windows\System\kwCbJae.exe
  C:\Windows\System\kwCbJae.exe
  2⤵
  PID:9340
- C:\Windows\System\belOKAn.exe
  C:\Windows\System\belOKAn.exe
  2⤵
  PID:9356
- C:\Windows\System\dHnLqQa.exe
  C:\Windows\System\dHnLqQa.exe
  2⤵
  PID:9372
- C:\Windows\System\INcMEsq.exe
  C:\Windows\System\INcMEsq.exe
  2⤵
  PID:9392
- C:\Windows\System\vEWkzgt.exe
  C:\Windows\System\vEWkzgt.exe
  2⤵
  PID:9412
- C:\Windows\System\JLaqkuZ.exe
  C:\Windows\System\JLaqkuZ.exe
  2⤵
  PID:9428
- C:\Windows\System\mgrysDe.exe
  C:\Windows\System\mgrysDe.exe
  2⤵
  PID:9448
- C:\Windows\System\XGbNChG.exe
  C:\Windows\System\XGbNChG.exe
  2⤵
  PID:9476
- C:\Windows\System\BLPlpZx.exe
  C:\Windows\System\BLPlpZx.exe
  2⤵
  PID:9496
- C:\Windows\System\UQNddwt.exe
  C:\Windows\System\UQNddwt.exe
  2⤵
  PID:9512
- C:\Windows\System\vRxVTtg.exe
  C:\Windows\System\vRxVTtg.exe
  2⤵
  PID:9536
- C:\Windows\System\uCtpESU.exe
  C:\Windows\System\uCtpESU.exe
  2⤵
  PID:9552
- C:\Windows\System\SxaYMBq.exe
  C:\Windows\System\SxaYMBq.exe
  2⤵
  PID:9568
- C:\Windows\System\iLzCquO.exe
  C:\Windows\System\iLzCquO.exe
  2⤵
  PID:9584
- C:\Windows\System\qVmtmnR.exe
  C:\Windows\System\qVmtmnR.exe
  2⤵
  PID:9608
- C:\Windows\System\TGfyBxg.exe
  C:\Windows\System\TGfyBxg.exe
  2⤵
  PID:9624
- C:\Windows\System\tyFUUGs.exe
  C:\Windows\System\tyFUUGs.exe
  2⤵
  PID:9644
- C:\Windows\System\TECxdrL.exe
  C:\Windows\System\TECxdrL.exe
  2⤵
  PID:9668
- C:\Windows\System\XCDRhIG.exe
  C:\Windows\System\XCDRhIG.exe
  2⤵
  PID:9696
- C:\Windows\System\kNoMtJT.exe
  C:\Windows\System\kNoMtJT.exe
  2⤵
  PID:9712
- C:\Windows\System\JRSDFHg.exe
  C:\Windows\System\JRSDFHg.exe
  2⤵
  PID:9728
- C:\Windows\System\cvIWwhV.exe
  C:\Windows\System\cvIWwhV.exe
  2⤵
  PID:9752
- C:\Windows\System\VZsKvnM.exe
  C:\Windows\System\VZsKvnM.exe
  2⤵
  PID:9772
- C:\Windows\System\YfNCFej.exe
  C:\Windows\System\YfNCFej.exe
  2⤵
  PID:9788
- C:\Windows\System\PVHZtqO.exe
  C:\Windows\System\PVHZtqO.exe
  2⤵
  PID:9804
- C:\Windows\System\ZVYVhSC.exe
  C:\Windows\System\ZVYVhSC.exe
  2⤵
  PID:9820
- C:\Windows\System\xxfeBnX.exe
  C:\Windows\System\xxfeBnX.exe
  2⤵
  PID:9840
- C:\Windows\System\tyScmbi.exe
  C:\Windows\System\tyScmbi.exe
  2⤵
  PID:9860
- C:\Windows\System\FKMZfQh.exe
  C:\Windows\System\FKMZfQh.exe
  2⤵
  PID:9892
- C:\Windows\System\JNqpYcY.exe
  C:\Windows\System\JNqpYcY.exe
  2⤵
  PID:9920
- C:\Windows\System\ygAmSdw.exe
  C:\Windows\System\ygAmSdw.exe
  2⤵
  PID:9936
- C:\Windows\System\pSFufGr.exe
  C:\Windows\System\pSFufGr.exe
  2⤵
  PID:9956
- C:\Windows\System\XlcRKeN.exe
  C:\Windows\System\XlcRKeN.exe
  2⤵
  PID:9980
- C:\Windows\System\erLbMqS.exe
  C:\Windows\System\erLbMqS.exe
  2⤵
  PID:10000
- C:\Windows\System\kXCEnQq.exe
  C:\Windows\System\kXCEnQq.exe
  2⤵
  PID:10024
- C:\Windows\System\tFKaNWp.exe
  C:\Windows\System\tFKaNWp.exe
  2⤵
  PID:10040
- C:\Windows\System\eictIHe.exe
  C:\Windows\System\eictIHe.exe
  2⤵
  PID:10060
- C:\Windows\System\KKqxBlk.exe
  C:\Windows\System\KKqxBlk.exe
  2⤵
  PID:10080
- C:\Windows\System\HjxhaJv.exe
  C:\Windows\System\HjxhaJv.exe
  2⤵
  PID:10104
- C:\Windows\System\ALKgnrb.exe
  C:\Windows\System\ALKgnrb.exe
  2⤵
  PID:10120
- C:\Windows\System\QJmlerl.exe
  C:\Windows\System\QJmlerl.exe
  2⤵
  PID:10136
- C:\Windows\System\EGUVUER.exe
  C:\Windows\System\EGUVUER.exe
  2⤵
  PID:10160
- C:\Windows\System\nXXRvUt.exe
  C:\Windows\System\nXXRvUt.exe
  2⤵
  PID:10180
- C:\Windows\System\qOMigFv.exe
  C:\Windows\System\qOMigFv.exe
  2⤵
  PID:10200
- C:\Windows\System\bUhhFhr.exe
  C:\Windows\System\bUhhFhr.exe
  2⤵
  PID:10224
- C:\Windows\System\XJETUnd.exe
  C:\Windows\System\XJETUnd.exe
  2⤵
  PID:9196
- C:\Windows\System\rONsxty.exe
  C:\Windows\System\rONsxty.exe
  2⤵
  PID:9248
- C:\Windows\System\TQLIPHU.exe
  C:\Windows\System\TQLIPHU.exe
  2⤵
  PID:9324
- C:\Windows\System\YruztVm.exe
  C:\Windows\System\YruztVm.exe
  2⤵
  PID:9296
- C:\Windows\System\rqCNvxp.exe
  C:\Windows\System\rqCNvxp.exe
  2⤵
  PID:9348
- C:\Windows\System\ujVLlZi.exe
  C:\Windows\System\ujVLlZi.exe
  2⤵
  PID:9404
- C:\Windows\System\eQNuTRh.exe
  C:\Windows\System\eQNuTRh.exe
  2⤵
  PID:9384
- C:\Windows\System\RsZbbWW.exe
  C:\Windows\System\RsZbbWW.exe
  2⤵
  PID:9424
- C:\Windows\System\ISXAcjJ.exe
  C:\Windows\System\ISXAcjJ.exe
  2⤵
  PID:9468
- C:\Windows\System\ruhkVNT.exe
  C:\Windows\System\ruhkVNT.exe
  2⤵
  PID:9532
- C:\Windows\System\hzYqmJJ.exe
  C:\Windows\System\hzYqmJJ.exe
  2⤵
  PID:9564
- C:\Windows\System\IaolXWe.exe
  C:\Windows\System\IaolXWe.exe
  2⤵
  PID:9604
- C:\Windows\System\xicUDgl.exe
  C:\Windows\System\xicUDgl.exe
  2⤵
  PID:9548
- C:\Windows\System\TDzEKfj.exe
  C:\Windows\System\TDzEKfj.exe
  2⤵
  PID:9620
- C:\Windows\System\hyKaecs.exe
  C:\Windows\System\hyKaecs.exe
  2⤵
  PID:9664
- C:\Windows\System\yqGXGEJ.exe
  C:\Windows\System\yqGXGEJ.exe
  2⤵
  PID:9692
- C:\Windows\System\HzPcvEN.exe
  C:\Windows\System\HzPcvEN.exe
  2⤵
  PID:9740
- C:\Windows\System\hXeTyyy.exe
  C:\Windows\System\hXeTyyy.exe
  2⤵
  PID:9828
- C:\Windows\System\KGoYMwx.exe
  C:\Windows\System\KGoYMwx.exe
  2⤵
  PID:9784
- C:\Windows\System\MvcqMtD.exe
  C:\Windows\System\MvcqMtD.exe
  2⤵
  PID:9884
- C:\Windows\System\xPkJWvu.exe
  C:\Windows\System\xPkJWvu.exe
  2⤵
  PID:8768
- C:\Windows\System\thWtZQk.exe
  C:\Windows\System\thWtZQk.exe
  2⤵
  PID:9908
- C:\Windows\System\HQfVWVM.exe
  C:\Windows\System\HQfVWVM.exe
  2⤵
  PID:9932
- C:\Windows\System\EXAGSHG.exe
  C:\Windows\System\EXAGSHG.exe
  2⤵
  PID:9976
- C:\Windows\System\ClANLoI.exe
  C:\Windows\System\ClANLoI.exe
  2⤵
  PID:10016
- C:\Windows\System\YsSYnHE.exe
  C:\Windows\System\YsSYnHE.exe
  2⤵
  PID:10036
- C:\Windows\System\WfCGMUr.exe
  C:\Windows\System\WfCGMUr.exe
  2⤵
  PID:10072
- C:\Windows\System\XZTavaS.exe
  C:\Windows\System\XZTavaS.exe
  2⤵
  PID:10092
- C:\Windows\System\feocdTt.exe
  C:\Windows\System\feocdTt.exe
  2⤵
  PID:10132
- C:\Windows\System\HTNgdFH.exe
  C:\Windows\System\HTNgdFH.exe
  2⤵
  PID:10156
- C:\Windows\System\HWWdYSR.exe
  C:\Windows\System\HWWdYSR.exe
  2⤵
  PID:10172
- C:\Windows\System\ZnbFsuA.exe
  C:\Windows\System\ZnbFsuA.exe
  2⤵
  PID:10192
- C:\Windows\System\lLlhXwT.exe
  C:\Windows\System\lLlhXwT.exe
  2⤵
  PID:10232
- C:\Windows\System\UyRuZpr.exe
  C:\Windows\System\UyRuZpr.exe
  2⤵
  PID:9284
- C:\Windows\System\CGnnGdY.exe
  C:\Windows\System\CGnnGdY.exe
  2⤵
  PID:9364
- C:\Windows\System\ltWXShf.exe
  C:\Windows\System\ltWXShf.exe
  2⤵
  PID:9436
- C:\Windows\System\UmWjKAS.exe
  C:\Windows\System\UmWjKAS.exe
  2⤵
  PID:9440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BhyewqY.exe

Filesize
6.0MB

MD5
29d1da11b3cc1f2f788a84aba57dae34

SHA1
1fdb75006e9b9ec672e772bcf55a48eca48aa230

SHA256
c4fbb760f2e38b65f9c8ce7dbd49e6e17f7f18e50dc9149133d79d880dded221

SHA512
203d51eff7e8afaaecdc81a32e2e3418156a80165a9c7bc521950c53abc4c4fb857189bbfd57db6267e2cb3830c2d692ad49e7e0f6756cf3dd41792032a9cb99

Download Submit
C:\Windows\system\DaYPZfN.exe

Filesize
6.0MB

MD5
e2b9b4263d47507ea763bc342f1cb01b

SHA1
ad5b1824ab0ab15f60a4bd193cb7d04b765d9cde

SHA256
fe2dcd12184fe79aed8eaa8e3e63e3888d1dd8afacfbac1c0ab8f388a73ba865

SHA512
0fba8c34bb876019213865c0cb5a4f16d2b6d5a437d20c670a16576f3c959b3e82134ef112fedd8fbcd5c091ddf7a1d572fe9c975cc6cf7d089526a14ada7e24

Download Submit
C:\Windows\system\DdFIZDZ.exe

Filesize
6.0MB

MD5
3dd5c970467c58f796126d7eae18ef1f

SHA1
9f29d38f426807662fd119f29184663b63056388

SHA256
2ed883eb0feb06e4f4e0d2a80a3ab035abb77c9669ece95f4d06248a7cd778fb

SHA512
d35d142433e57868656c4ce7e163166840a2e5be09279c1b445cbf79184cf20e8131df8644292b5cb923eb2ba57e4fb597a4dea777934cd487039f3fd3b2f0b6

Download Submit
C:\Windows\system\IMgwvPI.exe

Filesize
6.0MB

MD5
8e33ce6c0528ab7d45edd9273369577b

SHA1
0a3b2960e76ebcbe07a3603fd52694ed285ce878

SHA256
94d0e65c111a6ae4831ad410e7ef1e256e33b2a85d9d2edaa576ed895c3a36f0

SHA512
232897472e45138346f28c22dbe943c2ffa6e669faf07c526b272a08c6cd1e38e0ad752eef263809f795175954189a9fecf87f86cedf7804366525943f9184ea

Download Submit
C:\Windows\system\INNbjIA.exe

Filesize
6.0MB

MD5
9fd80a0eb2e2806c82029f8ebc6e05d2

SHA1
4c1563f9417c96a5c8de34d39bbd5cbb55951fa1

SHA256
aba9b580be9e652356a3958df1b642f86d92b42f3d49f1fa67941683a2653a8c

SHA512
36ac520505617f0b82619fbb956e575646e07008d24d204e88d601a5f13070ffa6c53bc46b5804248f5cfda276443b612e50051d6552bdad9c61d55f49bc29da

Download Submit
C:\Windows\system\PLGdyIX.exe

Filesize
6.0MB

MD5
0af773c2a62524f905dbe2166cb425b3

SHA1
d0a4ed911cae939de3d276b9f4d3d0164672d088

SHA256
86a9f08cfab4459579a389d52abb59d66455f947e0fd54899e73470a49688449

SHA512
90ff612445a576a30b330f4219536fbdd4f278d61949c9fc9e7eda363bd60cfdcbd5caccfd71af63b18c3e2cca3d5f1526e4e4d01e99f93ca4895ad9024bfa4d

Download Submit
C:\Windows\system\SXhpPoH.exe

Filesize
6.0MB

MD5
bfbabc2980b467ae5af5a33c96592b67

SHA1
087b6208747e6576727117b457274efa54b777aa

SHA256
36b3cc70c7ce52208a7fa0cd606d9f61156aca8b41446ece37565b29bb13fc69

SHA512
186e4e240d0da5957d8e1acf5d92d7124dba129623043c4e47217ccb5c95f7f40d047d0014c657bfb4a0da3be83b8157e5d5950da9fc3b2361918e64fff76552

Download Submit
C:\Windows\system\aKWSLmF.exe

Filesize
6.0MB

MD5
f7eb7852411fe900a38be133b4015265

SHA1
ebcf4401f49887c4220bae43e56a2ea7ab3d0c33

SHA256
7970740f58fb1b836d4438df9112fe55a67497179311c9a15ff5640d1a3f15a2

SHA512
f4f3f870c98290718038963c645859cd31c4f2778eec19898daadbbaa56ec2a68a1f3e1415a994f0adfb744b8364ee2e7b2f251d43c0cb3af50e94508efb8fd5

Download Submit
C:\Windows\system\alFVsNx.exe

Filesize
6.0MB

MD5
c8ece80be719dbefa294df6f984066cc

SHA1
88ec6e06d3c6f5db02b8aaae2af633f952e62937

SHA256
ee7de3e61af265491451c28ad1ebaa47e7982109ec573849d4ebd4c45dee6dfd

SHA512
82f1e2b9bcb139cfdac2e14fe1897e9d72deded4110d3f424a92fde5c1af9f19d18793ded2010ebc1d9f0b3788fd3fd8660908fa021d707e06c438c05dd303d5

Download Submit
C:\Windows\system\alxtzEr.exe

Filesize
6.0MB

MD5
01fa1d05bbb9413048e4f7c2a59e04fd

SHA1
39f9b025d8a75168d8a2e37c753307993ee99eea

SHA256
8129a33fade0463585cf0f0213bebb93c613ef1d5afbe7006e4a3dc749f56be0

SHA512
582dba19dd81179a6730f53588c698b56945a8e6d3ec0aab8f6ad1497823903aeca6b5d09b54b0be0476dc0415f3b696fd9537be3626d448582c288ff63c9fb9

Download Submit
C:\Windows\system\avqLicf.exe

Filesize
6.0MB

MD5
38d829327d58a90a5c462ec4fa4caec2

SHA1
5ac94ada368f0d11055436b053ba8b5c78fb5e51

SHA256
65d314c21a199083750758148ed8a05eb13952185e5346e1928733078933569e

SHA512
3d28c18fe6ecfb814c6d2f508aa173c825151ffe3a13dc4b930facae019533bab265b2c27cf8eab61a21860aa68c005c878f7f9863655f05b099f0be1cbe9e06

Download Submit
C:\Windows\system\axCKpsr.exe

Filesize
6.0MB

MD5
542c78ebd52e9e735399a01ab9069a49

SHA1
0ee4d082208f04c7f229c6a0f3f218fbc914ab04

SHA256
89ac3667f6c69bb1cee966e7656960752ce1694065151230fc4621d679f19138

SHA512
f9ded711638f9f049ed7f77020400bd94304525abfa70132daa510809f67ee1f71f53a334614cb825ed711cc5db35a0701847aa1193b52c6a61fbcca02536443

Download Submit
C:\Windows\system\bDrGwYe.exe

Filesize
6.0MB

MD5
b39f3cc30b3cb1ebdeb155d6c519ff2d

SHA1
b5cb0c0d53d81f767f1eaf7e2bbdf4a5e0731288

SHA256
b58009f833afcc9b5f99bfc00dfb54c5609c1a4b9b2f35f031880b465652ddf3

SHA512
f473be1629fb24db4c559f44d7592633d58adec7bba9938510a6b3d0399b9642dbb0249adad1747caccf2076e64a04f3de90d68c80bbcd371742d0c1e63305f8

Download Submit
C:\Windows\system\cUPhiIw.exe

Filesize
6.0MB

MD5
fd0389ca4d853af3e21512294457ec45

SHA1
113df67006067ad99602382c1439c65aa4bff647

SHA256
fd4db8551a9d9b76375f19d36235a44c4bce88938bbf5b95f22ab12106fb139a

SHA512
b8fe40a85fa6b77df18657d63132d25bc8434bee33e76197d637a5b59050f1cec56738430cfa99f5c2410f4336097c6d2c8a402ff8d8c7fc7644c1ad43b5c98a

Download Submit
C:\Windows\system\cVOCari.exe

Filesize
6.0MB

MD5
471c6ba19c4be823f03bd29579d8f7c8

SHA1
3f3796a41a21d996f41ee358c5f83243d0039f51

SHA256
68622c1f19a50796320ca234bbe4b7377e949c06b9950bbfede82686887bced8

SHA512
0b88330b9690b6e2ba636a366985ce36a5fee06df3581341312fa25edb20aa9ebe4a128390df23106b4b73ad999f5911029df6b82d034c25607fa8b2fec0ac0c

Download Submit
C:\Windows\system\dZKSNYu.exe

Filesize
6.0MB

MD5
4670e107926acd907860d5fb095e5eb8

SHA1
836bed753c2df05809b38474281194685636a644

SHA256
9fbcc14c2f51fe9e36875c7ac949fa56f9b08963cd4984cd13b6c27e78e7de93

SHA512
509da6708db7835107debbfda16dcf2b8e10978d21b42892e86a41c2c205a9fcda0271a392de71df46989cef186bc70d925f485b58eea28dc61368db0049c567

Download Submit
C:\Windows\system\gNsffHS.exe

Filesize
6.0MB

MD5
2a8c819950f2031bb7a81802728da586

SHA1
678707d92052276e0635ee22663fa6fc612ce2de

SHA256
541111c3ca919a194c38cda0b8218d1d9d6fdb31be3f7c7335cc7db8cedf92d9

SHA512
dc9a526f86a51e379b00f9d391ad3fd3a5eaac678b6176cf9c82893d002532d11e943ea82faa266e9756bfcd1f591e2cdf3b7ee390ddc7494a206bbc2f97ea16

Download Submit
C:\Windows\system\nPVEthI.exe

Filesize
6.0MB

MD5
a167fac181f576cf3bfe00cb40ce11bd

SHA1
45796e3e90b08f94891fbe0491d4d949f1dc76d6

SHA256
36ee569ddf57ee6de55c0138e93290b79f2573ef84c6efd489a62a70caca4a3a

SHA512
544890a8b7fe3ebb9b6586fccce7c74cad4f3e542a50546424b809a42d920261bfc4a4c1a72f634a13e0cf21263b64d3feb943a4c1d8ff9945e5175eb5e79419

Download Submit
C:\Windows\system\obNMrnH.exe

Filesize
8B

MD5
9920045222b50c89d75563658bf0f266

SHA1
1f2cb8a9a32725254cd9765d731ea91ac586fcd7

SHA256
d238157f2403a3ef3612de235537440e1c579ba34b4b8a85d0e36dd232f16cee

SHA512
acbfe5412b69f5c5dbe7c8f9f14122eeaa64cee2dec2fddfc64c1745ca8ac7063bc07ff2e2d7845bbca813e637b54b41ccc8bf0e20179937b5d993c7dbfaa092

Download Submit
C:\Windows\system\pTQwdBt.exe

Filesize
6.0MB

MD5
7bdff07d822415292e4c1f03f97c1c7b

SHA1
90b74ee13745cf4e3fcfeb3ee7129b69b646104a

SHA256
1cae5b4ecf030a52009720d3e4d2a78cf87e03d580ef974af35961ad72a18b32

SHA512
45a114e2021e4938eecf750dc5a771b6015443e28df4e9a62cb84b31101d19d1fc30f895ef7a6d7a91bf7b11b12dd0262e179e64d6303e7115ef53299d465833

Download Submit
C:\Windows\system\rtQxDWp.exe

Filesize
6.0MB

MD5
92186a9a09a647234f2000dc5b87567f

SHA1
0de6a0569212bbec86f4c21ce0ec52ada01b8eda

SHA256
da43322b5f951f4f94f541607efb36b623708d3a12691c69a271f52bac65276c

SHA512
9e398d524c886e4204ec1595b1432e3be6a4fe4f49f2a3377fdc165d79e3adc421af8998c3c6ea266a485093130614b9c712dad5a93adccae67b99c6188607c7

Download Submit
C:\Windows\system\vgJuxDk.exe

Filesize
6.0MB

MD5
b4580b1eec13bd70ce5f884655758694

SHA1
8292c49f4f61b66b83d95d8804339ce7de2a6c0d

SHA256
e7a49a9f858dfdce4f7cfde795d05da6ce30ab3af533c7faaa8b32bacb8a9fc1

SHA512
f3b9a538977763fe6fb3e4d09ea2b309834602a1cf3290dfff0fe2bdd49dca7aa9ebfb9197abbaecff765e8e1a4f2fa6e85e06d4d717b2c5ca4746540d1ee3c9

Download Submit
C:\Windows\system\vhVejUU.exe

Filesize
6.0MB

MD5
2ca62a2a1df09644095c1cf1008307fc

SHA1
2c7829d7559217410c6d362dfb2f8b6a7c0c2092

SHA256
bc86b6629ada477d6d0ddf8b30d13721e2af4a94c2c3a2d55b1046ba87a7d6be

SHA512
0a7ec4c871416f534fa48737a046a6242cc8d423afdc3ba55621491fa386d2e6aef5c67501f4a7e8c9f0eb3d7d244f44156b64b19c8f806a45f4fef4056e6429

Download Submit
C:\Windows\system\xSwcWZs.exe

Filesize
6.0MB

MD5
d42e70b4ee35687d718ec717f139b55c

SHA1
e690b8d281b6544665d251219b4166bd995d6e5c

SHA256
1562ce12b26617245fc4e5e29fbf3389e2dc0263662d1b57dd13301e380745aa

SHA512
a3fdb6ebb52f5d4118805c7d3f5d671823aca5a21cdc0cd0079315d6aea43055d14f8458d61d77bdd176cc57221f05e80bc3b4eb509fdfdaa33ca75a13147dde

Download Submit
C:\Windows\system\yXDACwX.exe

Filesize
6.0MB

MD5
0d02d2c7e9278610217eaa5f7815e9d9

SHA1
7896e9d783c5dd185df4daa2b2306f5254f0bfde

SHA256
c0fde1567beeaddd3d3a7945040d37b5ef0d08d47f03f75e168999faf916f37a

SHA512
b4d93f21c5111045994ca597997135bd612b230d9b282a037b9d2acd48828e1cf6275e2380c72e15f20abc4c51c82957277337ab893d1e59c1d16030439f0f5a

Download Submit
C:\Windows\system\yoHsHHI.exe

Filesize
6.0MB

MD5
5dd566cad13e513a4c40f38291f8ff45

SHA1
0e9d94b59ff4abdef769d0f5d9d7a6ed8c0473e2

SHA256
8e220bd1cfb72db589b8bf1dd53b1d40660a67488307dfb13463d46f156c1a85

SHA512
1d6a5c13bf9f48f5768292755bd752ec71cec321d52be11a99787cdcacdce25e7addf148f87bc815ef13bcdd1547820294f195a65cfaeb22196050add6279cfc

Download Submit
\Windows\system\OyqxzUu.exe

Filesize
6.0MB

MD5
e94db04fffecbcd3a4837ca8ed179ad2

SHA1
ced2ebd284a2ed4c92c5ace0bf0a4fd9d65bf20f

SHA256
c95d048c2d881f23dd0e06b7e23d890306293eb703c4c1ee9457bb8b10b91705

SHA512
1503401b5ff9d55a1650fff29c307fc3d16cce9437490aca7c23970f41e92d230ae57783c9982a9d17c6b7e77a4df836e5819d1528fdb373b203733d45ce118d

Download Submit
\Windows\system\XCABQyp.exe

Filesize
6.0MB

MD5
650d591d49556158a17c068be9637380

SHA1
19814f680ff4c0c79881de2e6059204c9993883c

SHA256
c9518cda3306721ff06f04688b1dd6d7142b2d0ef301eef2044693676caffb34

SHA512
4f7a8937fcca15cf8bcc3be0caa53c060f493d1d0f0712379fbc1339ad8cd28cdd51f35200e42668b9a128ff1b2a2da0cd2108dd33adaa1cf35525699852ba00

Download Submit
\Windows\system\XFHNUMi.exe

Filesize
6.0MB

MD5
8f48e73f72eb8cb642a96e51c2d28345

SHA1
a6471625b14b41d82061f76be0c1b9ef633375b1

SHA256
510a382672b3a42200f106ef98a498a5f9f72d9561480ff023b510b841151786

SHA512
76ae9e98453050dc503324c31f12d27f56b7782eb3033f9a93dcc83b11f25cd5093e83e6c89f4b4b209743db1bc8532737c91fdda86a37b785470c2c5b41a9a7

Download Submit
\Windows\system\lxbwSVN.exe

Filesize
6.0MB

MD5
cc22152886cb0d6fe7105d20cfc23db8

SHA1
a09689654a583b034a22b3efd38f02f8471d2407

SHA256
f95adac456042d03634b8e04c19044d29c00fcb195fff9716a3c599911a27432

SHA512
8c7efabf88b464c7a7afa292f5e29c44d20d7955407a3486a0440498115456ed9f83128b0134821a3ce7e1cf611d18fae291df59d149b3ff3c8f604e1ddb2df0

Download Submit
\Windows\system\vWbIYtb.exe

Filesize
6.0MB

MD5
d2521cd1d20dc90b48abb2a387d0065b

SHA1
f36d4f5aa4123876efa32de9b01832e7c3af463d

SHA256
f69ad8b353a6c35b0e6083b32a17d49eae31d3fa3ecadcb422826e50ac8738e1

SHA512
5ca3b422329eeefde5aa1861de3a0d044b6d88da0ebef38c3e5a7eb6d01e6cab2797398047c58f2216724040a497ac99ad5415ad04e1c42c689b3891aea1d2c5

Download Submit
\Windows\system\zMyWTXG.exe

Filesize
6.0MB

MD5
6310797de23502f7f74d456c1e5697cd

SHA1
df0fca26991ac138fd99dd0ca54859c2f8993c1b

SHA256
a35583c6e28b49d23d2d8770f1742cfff7165438366ce9affbeb26b30096cdde

SHA512
8a7da923c8e2a47249c8f30ac528caa0265d15a3efc9f0d4900140722b5c5ae877ad098783c34f92e9e5a57fa655ac51b4acee0b117bb8828fc6da5f11d5d3ea

Download Submit
\Windows\system\zdmMRaH.exe

Filesize
6.0MB

MD5
d7d29b54531617dc27dec53bcccdfadb

SHA1
008a5b8796dd368753a67ee842c0d039dbac081e

SHA256
362d1b78e946f56e2ca6400e4a4d05109aba1e0816c205983ca7e4cda698da3f

SHA512
509b03cd4065cc01893699fc6948c61cc95f676ab042b944da40e78abac438351bedb2c6cc80e7f9c60f149300630deafbed18baf4ec2dae2c7d5a2bc0a11ff2

Download Submit
memory/692-72-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/692-7-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/692-39-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/692-44-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/692-65-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/692-51-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/692-0-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/692-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/692-103-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/692-55-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/692-914-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/692-79-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/692-41-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/692-87-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/692-613-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/692-102-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/692-433-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/692-295-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/692-22-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/836-98-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/836-831-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/836-3405-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/1616-20-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/1616-3250-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/1716-3310-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1716-68-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1716-37-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2068-207-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2068-3368-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2300-32-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2300-3304-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2328-18-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2328-3262-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2580-48-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3329-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2580-82-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2648-3350-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2648-97-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2648-62-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2656-3398-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2656-91-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2656-699-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2692-525-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3375-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2692-83-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3237-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2720-21-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2900-90-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2900-3341-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2900-56-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2968-75-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2968-3363-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2968-353-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/3064-3311-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-42-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download