cobaltstrike | 6a4b7716a1334188ce580171c02568dbe26ca6e9dff2b623d5f4e5bbd3c837e8

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/01/2025, 12:00 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

f5cdd26659427062264a29b86f7635c0
SHA1

5424f9e2dcbb44e5c164ef13e0ef9a4aae0ff5ed
SHA256

6a4b7716a1334188ce580171c02568dbe26ca6e9dff2b623d5f4e5bbd3c837e8
SHA512

04ea68a618b7703e039ec5de41dcdb736fe0cf5ecdda5c1c25dd619e7eaceecf2cbe73a96f799646c5c0664e3c17662b18424fd20e928ed42fed7d6e88a5ce96
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU3:T+q56utgpPF8u/73

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001225c-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d33-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d46-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d4a-27.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016db3-29.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-38.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-78.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-48.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c81-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019501-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019503-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f6-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f2-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ea-103.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c50-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019aee-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019aec-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019aea-167.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197c1-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019589-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953a-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-92.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-47.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3020-0-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/files/0x000a00000001225c-6.dat	xmrig
behavioral1/memory/2364-9-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d33-10.dat	xmrig
behavioral1/files/0x0007000000016d46-20.dat	xmrig
behavioral1/memory/2756-24-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d4a-27.dat	xmrig
behavioral1/memory/2736-28-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016db3-29.dat	xmrig
behavioral1/memory/3020-35-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2912-37-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2812-18-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/files/0x00050000000193fa-38.dat	xmrig
behavioral1/memory/2812-58-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/3020-71-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/memory/3020-82-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/memory/3020-86-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/1808-88-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2652-85-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/1860-83-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2672-79-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x00050000000194da-78.dat	xmrig
behavioral1/files/0x00050000000194d4-77.dat	xmrig
behavioral1/memory/2920-70-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x00050000000194b4-69.dat	xmrig
behavioral1/memory/2612-63-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019494-48.dat	xmrig
behavioral1/memory/2756-94-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2864-96-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x0009000000016c81-99.dat	xmrig
behavioral1/files/0x0005000000019501-119.dat	xmrig
behavioral1/files/0x0005000000019503-121.dat	xmrig
behavioral1/files/0x0005000000019515-125.dat	xmrig
behavioral1/files/0x00050000000194f6-115.dat	xmrig
behavioral1/files/0x00050000000194f2-109.dat	xmrig
behavioral1/files/0x00050000000194ea-103.dat	xmrig
behavioral1/files/0x000500000001961b-147.dat	xmrig
behavioral1/files/0x000500000001961f-151.dat	xmrig
behavioral1/files/0x0005000000019625-160.dat	xmrig
behavioral1/memory/2612-638-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2912-514-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2888-311-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2736-286-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c50-179.dat	xmrig
behavioral1/files/0x0005000000019aee-175.dat	xmrig
behavioral1/files/0x0005000000019aec-172.dat	xmrig
behavioral1/files/0x0005000000019aea-167.dat	xmrig
behavioral1/files/0x00050000000197c1-163.dat	xmrig
behavioral1/files/0x0005000000019624-156.dat	xmrig
behavioral1/files/0x0005000000019589-143.dat	xmrig
behavioral1/files/0x000500000001953a-135.dat	xmrig
behavioral1/files/0x000500000001957c-138.dat	xmrig
behavioral1/files/0x00050000000194e2-92.dat	xmrig
behavioral1/files/0x00050000000194a7-56.dat	xmrig
behavioral1/memory/2640-54-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x0005000000019408-47.dat	xmrig
behavioral1/memory/2812-3894-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2736-3902-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2364-3919-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2612-3948-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2640-3941-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2912-3979-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/1860-3953-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2652-3966-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2364	GkreDKN.exe
2812	zwrOEfX.exe
2756	BiqDJQF.exe
2736	JlZElVg.exe
2912	LCOmYqw.exe
2640	sZOZExc.exe
2920	qEVnrwR.exe
2672	UXyVulI.exe
2612	qsWZXCY.exe
2652	vBeuTOy.exe
1808	ATkpUxU.exe
1860	fWdkBvw.exe
2864	VYLeGDY.exe
2888	dZEGckH.exe
2960	sjSWaOt.exe
1052	IKZUweI.exe
1508	hnzSvIc.exe
1784	FtIbosz.exe
1980	sdPeDYh.exe
1916	EtDpKoI.exe
1300	wKHvYSE.exe
772	pIQCKtV.exe
380	oWcpOso.exe
2312	HZkrwqu.exe
3064	iaUteWt.exe
2476	CBZzNJn.exe
3056	NvLYsQy.exe
2268	OyCaFLi.exe
1416	EWriSDU.exe
1136	ZARgvTV.exe
2180	EtOMLMa.exe
2508	HgYVsAX.exe
1364	kRPlVZD.exe
1756	TtpGlMm.exe
1488	lKBXAPP.exe
2160	rTJEejQ.exe
1776	HUfLRtL.exe
836	pOMVnKp.exe
1352	MKChMsK.exe
1532	yKRUiOC.exe
956	vWybkjW.exe
1616	GFhfSlP.exe
1536	VNAIXFb.exe
2320	LykMDsJ.exe
932	ejFrfqs.exe
704	lFyUUxn.exe
1960	qmEBEEp.exe
1836	BzGigQg.exe
2568	lvfHeEl.exe
1772	CIxNxTf.exe
2404	iofiyrc.exe
1056	VEHRZIc.exe
1948	zxhIRYw.exe
2080	kNhsvIN.exe
832	bNzByPj.exe
1692	gkCgGJo.exe
888	JgvYNEX.exe
2680	pyIJodo.exe
1728	DhbnWVR.exe
2072	pJYDwju.exe
1596	KqZZCYY.exe
2308	TwBJzhP.exe
2824	XitsklQ.exe
2200	ZqXTBry.exe

Loads dropped DLL 64 IoCs

pid	Process
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3020-0-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/files/0x000a00000001225c-6.dat	upx
behavioral1/memory/2364-9-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x0007000000016d33-10.dat	upx
behavioral1/files/0x0007000000016d46-20.dat	upx
behavioral1/memory/2756-24-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x0007000000016d4a-27.dat	upx
behavioral1/memory/2736-28-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x0009000000016db3-29.dat	upx
behavioral1/memory/3020-35-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2912-37-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2812-18-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x00050000000193fa-38.dat	upx
behavioral1/memory/2812-58-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/1808-88-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2652-85-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/1860-83-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2672-79-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x00050000000194da-78.dat	upx
behavioral1/files/0x00050000000194d4-77.dat	upx
behavioral1/memory/2920-70-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x00050000000194b4-69.dat	upx
behavioral1/memory/2612-63-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x0005000000019494-48.dat	upx
behavioral1/memory/2756-94-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2864-96-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x0009000000016c81-99.dat	upx
behavioral1/files/0x0005000000019501-119.dat	upx
behavioral1/files/0x0005000000019503-121.dat	upx
behavioral1/files/0x0005000000019515-125.dat	upx
behavioral1/files/0x00050000000194f6-115.dat	upx
behavioral1/files/0x00050000000194f2-109.dat	upx
behavioral1/files/0x00050000000194ea-103.dat	upx
behavioral1/files/0x000500000001961b-147.dat	upx
behavioral1/files/0x000500000001961f-151.dat	upx
behavioral1/files/0x0005000000019625-160.dat	upx
behavioral1/memory/2612-638-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2912-514-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2888-311-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2736-286-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x0005000000019c50-179.dat	upx
behavioral1/files/0x0005000000019aee-175.dat	upx
behavioral1/files/0x0005000000019aec-172.dat	upx
behavioral1/files/0x0005000000019aea-167.dat	upx
behavioral1/files/0x00050000000197c1-163.dat	upx
behavioral1/files/0x0005000000019624-156.dat	upx
behavioral1/files/0x0005000000019589-143.dat	upx
behavioral1/files/0x000500000001953a-135.dat	upx
behavioral1/files/0x000500000001957c-138.dat	upx
behavioral1/files/0x00050000000194e2-92.dat	upx
behavioral1/files/0x00050000000194a7-56.dat	upx
behavioral1/memory/2640-54-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x0005000000019408-47.dat	upx
behavioral1/memory/2812-3894-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2736-3902-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2364-3919-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2612-3948-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2640-3941-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2912-3979-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/1860-3953-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2652-3966-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2756-3982-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2920-4025-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/1808-4018-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BbMhppi.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WLpCacP.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZBxjXbD.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sTyHSIh.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VakwAcP.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpGJJOF.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MOVPeWP.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PTtMNgz.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\giQxQdm.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uRFseOs.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CNiRmHc.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GRJGyuY.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cnaBzRt.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HiIyxxY.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mscMqDy.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mSPXpKk.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zJNSepq.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FiPijeO.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ITvimqs.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iCEPCvd.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BqmdKFp.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mzoNibV.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QzCXDmh.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JSPlXHO.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uoPtbKu.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CnyWDeL.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ScVkZMa.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lJetUjY.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hUtNKoS.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\laDaQSu.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FtIbosz.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AWeCcpV.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CihQZBM.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DRwRnhT.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cmTuFea.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yzmzoZb.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IyPpcRv.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYoquRw.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FLCjIqk.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZlwpWNn.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RfJIZpz.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AqruMRT.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZARgvTV.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FCKThmc.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UvrpkMQ.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wGAkkys.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ytptgGY.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gfedXtn.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LmKwIkJ.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YJGVCQG.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SbowStd.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IvIzIpZ.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KKUzOgr.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pxSMpQF.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sjSWaOt.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hAfzQlw.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUupqJV.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\skNMcxc.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTAPGIl.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NwjSaVZ.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdpIXfL.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZRyqXbK.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HVPjSQg.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nalMsCx.exe	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 2364	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3020 wrote to memory of 2364	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3020 wrote to memory of 2364	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3020 wrote to memory of 2812	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3020 wrote to memory of 2812	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3020 wrote to memory of 2812	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3020 wrote to memory of 2756	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3020 wrote to memory of 2756	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3020 wrote to memory of 2756	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3020 wrote to memory of 2736	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3020 wrote to memory of 2736	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3020 wrote to memory of 2736	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3020 wrote to memory of 2912	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3020 wrote to memory of 2912	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3020 wrote to memory of 2912	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3020 wrote to memory of 2640	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3020 wrote to memory of 2640	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3020 wrote to memory of 2640	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3020 wrote to memory of 2920	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3020 wrote to memory of 2920	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3020 wrote to memory of 2920	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3020 wrote to memory of 2612	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3020 wrote to memory of 2612	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3020 wrote to memory of 2612	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3020 wrote to memory of 2672	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3020 wrote to memory of 2672	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3020 wrote to memory of 2672	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3020 wrote to memory of 2652	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3020 wrote to memory of 2652	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3020 wrote to memory of 2652	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3020 wrote to memory of 1808	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3020 wrote to memory of 1808	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3020 wrote to memory of 1808	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3020 wrote to memory of 1860	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3020 wrote to memory of 1860	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3020 wrote to memory of 1860	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3020 wrote to memory of 2864	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3020 wrote to memory of 2864	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3020 wrote to memory of 2864	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3020 wrote to memory of 2888	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3020 wrote to memory of 2888	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3020 wrote to memory of 2888	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3020 wrote to memory of 2960	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3020 wrote to memory of 2960	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3020 wrote to memory of 2960	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3020 wrote to memory of 1052	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3020 wrote to memory of 1052	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3020 wrote to memory of 1052	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3020 wrote to memory of 1508	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3020 wrote to memory of 1508	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3020 wrote to memory of 1508	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3020 wrote to memory of 1784	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3020 wrote to memory of 1784	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3020 wrote to memory of 1784	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3020 wrote to memory of 1980	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3020 wrote to memory of 1980	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3020 wrote to memory of 1980	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3020 wrote to memory of 1916	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3020 wrote to memory of 1916	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3020 wrote to memory of 1916	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3020 wrote to memory of 1300	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3020 wrote to memory of 1300	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3020 wrote to memory of 1300	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3020 wrote to memory of 772	3020	2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_f5cdd26659427062264a29b86f7635c0_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Windows\System\GkreDKN.exe
  C:\Windows\System\GkreDKN.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\zwrOEfX.exe
  C:\Windows\System\zwrOEfX.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\BiqDJQF.exe
  C:\Windows\System\BiqDJQF.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\JlZElVg.exe
  C:\Windows\System\JlZElVg.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\LCOmYqw.exe
  C:\Windows\System\LCOmYqw.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\sZOZExc.exe
  C:\Windows\System\sZOZExc.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\qEVnrwR.exe
  C:\Windows\System\qEVnrwR.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\qsWZXCY.exe
  C:\Windows\System\qsWZXCY.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\UXyVulI.exe
  C:\Windows\System\UXyVulI.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\vBeuTOy.exe
  C:\Windows\System\vBeuTOy.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\ATkpUxU.exe
  C:\Windows\System\ATkpUxU.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\fWdkBvw.exe
  C:\Windows\System\fWdkBvw.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\VYLeGDY.exe
  C:\Windows\System\VYLeGDY.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\dZEGckH.exe
  C:\Windows\System\dZEGckH.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\sjSWaOt.exe
  C:\Windows\System\sjSWaOt.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\IKZUweI.exe
  C:\Windows\System\IKZUweI.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\hnzSvIc.exe
  C:\Windows\System\hnzSvIc.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\FtIbosz.exe
  C:\Windows\System\FtIbosz.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\sdPeDYh.exe
  C:\Windows\System\sdPeDYh.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\EtDpKoI.exe
  C:\Windows\System\EtDpKoI.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\wKHvYSE.exe
  C:\Windows\System\wKHvYSE.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\pIQCKtV.exe
  C:\Windows\System\pIQCKtV.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\oWcpOso.exe
  C:\Windows\System\oWcpOso.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\HZkrwqu.exe
  C:\Windows\System\HZkrwqu.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\iaUteWt.exe
  C:\Windows\System\iaUteWt.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\CBZzNJn.exe
  C:\Windows\System\CBZzNJn.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\NvLYsQy.exe
  C:\Windows\System\NvLYsQy.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\OyCaFLi.exe
  C:\Windows\System\OyCaFLi.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\EWriSDU.exe
  C:\Windows\System\EWriSDU.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\ZARgvTV.exe
  C:\Windows\System\ZARgvTV.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\EtOMLMa.exe
  C:\Windows\System\EtOMLMa.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\HgYVsAX.exe
  C:\Windows\System\HgYVsAX.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\kRPlVZD.exe
  C:\Windows\System\kRPlVZD.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\TtpGlMm.exe
  C:\Windows\System\TtpGlMm.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\lKBXAPP.exe
  C:\Windows\System\lKBXAPP.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\rTJEejQ.exe
  C:\Windows\System\rTJEejQ.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\HUfLRtL.exe
  C:\Windows\System\HUfLRtL.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\pOMVnKp.exe
  C:\Windows\System\pOMVnKp.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\MKChMsK.exe
  C:\Windows\System\MKChMsK.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\yKRUiOC.exe
  C:\Windows\System\yKRUiOC.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\vWybkjW.exe
  C:\Windows\System\vWybkjW.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\GFhfSlP.exe
  C:\Windows\System\GFhfSlP.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\VNAIXFb.exe
  C:\Windows\System\VNAIXFb.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\LykMDsJ.exe
  C:\Windows\System\LykMDsJ.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\ejFrfqs.exe
  C:\Windows\System\ejFrfqs.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\lFyUUxn.exe
  C:\Windows\System\lFyUUxn.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\qmEBEEp.exe
  C:\Windows\System\qmEBEEp.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\BzGigQg.exe
  C:\Windows\System\BzGigQg.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\lvfHeEl.exe
  C:\Windows\System\lvfHeEl.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\CIxNxTf.exe
  C:\Windows\System\CIxNxTf.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\iofiyrc.exe
  C:\Windows\System\iofiyrc.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\VEHRZIc.exe
  C:\Windows\System\VEHRZIc.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\zxhIRYw.exe
  C:\Windows\System\zxhIRYw.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\kNhsvIN.exe
  C:\Windows\System\kNhsvIN.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\bNzByPj.exe
  C:\Windows\System\bNzByPj.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\gkCgGJo.exe
  C:\Windows\System\gkCgGJo.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\JgvYNEX.exe
  C:\Windows\System\JgvYNEX.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\pyIJodo.exe
  C:\Windows\System\pyIJodo.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\DhbnWVR.exe
  C:\Windows\System\DhbnWVR.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\pJYDwju.exe
  C:\Windows\System\pJYDwju.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\KqZZCYY.exe
  C:\Windows\System\KqZZCYY.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\TwBJzhP.exe
  C:\Windows\System\TwBJzhP.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\gIMtqQS.exe
  C:\Windows\System\gIMtqQS.exe
  2⤵
  PID:2224
- C:\Windows\System\XitsklQ.exe
  C:\Windows\System\XitsklQ.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\oGHCnrY.exe
  C:\Windows\System\oGHCnrY.exe
  2⤵
  PID:2128
- C:\Windows\System\ZqXTBry.exe
  C:\Windows\System\ZqXTBry.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\UqAsOlV.exe
  C:\Windows\System\UqAsOlV.exe
  2⤵
  PID:2036
- C:\Windows\System\aHgmhiz.exe
  C:\Windows\System\aHgmhiz.exe
  2⤵
  PID:2056
- C:\Windows\System\BUvDgmp.exe
  C:\Windows\System\BUvDgmp.exe
  2⤵
  PID:1328
- C:\Windows\System\EQOORHK.exe
  C:\Windows\System\EQOORHK.exe
  2⤵
  PID:1448
- C:\Windows\System\rMmPvYu.exe
  C:\Windows\System\rMmPvYu.exe
  2⤵
  PID:2012
- C:\Windows\System\DRqKiDT.exe
  C:\Windows\System\DRqKiDT.exe
  2⤵
  PID:2796
- C:\Windows\System\uUKoVmO.exe
  C:\Windows\System\uUKoVmO.exe
  2⤵
  PID:2296
- C:\Windows\System\sfJxBbt.exe
  C:\Windows\System\sfJxBbt.exe
  2⤵
  PID:2488
- C:\Windows\System\nKvxYjZ.exe
  C:\Windows\System\nKvxYjZ.exe
  2⤵
  PID:992
- C:\Windows\System\dnBByUk.exe
  C:\Windows\System\dnBByUk.exe
  2⤵
  PID:408
- C:\Windows\System\SNkwjAo.exe
  C:\Windows\System\SNkwjAo.exe
  2⤵
  PID:2204
- C:\Windows\System\EuxFEOs.exe
  C:\Windows\System\EuxFEOs.exe
  2⤵
  PID:1608
- C:\Windows\System\wcQvbFH.exe
  C:\Windows\System\wcQvbFH.exe
  2⤵
  PID:1660
- C:\Windows\System\DZLMUWJ.exe
  C:\Windows\System\DZLMUWJ.exe
  2⤵
  PID:2428
- C:\Windows\System\GLoxGyH.exe
  C:\Windows\System\GLoxGyH.exe
  2⤵
  PID:848
- C:\Windows\System\TAsBqzM.exe
  C:\Windows\System\TAsBqzM.exe
  2⤵
  PID:2624
- C:\Windows\System\dgBfybp.exe
  C:\Windows\System\dgBfybp.exe
  2⤵
  PID:616
- C:\Windows\System\avRkpfW.exe
  C:\Windows\System\avRkpfW.exe
  2⤵
  PID:588
- C:\Windows\System\JsMMjat.exe
  C:\Windows\System\JsMMjat.exe
  2⤵
  PID:2216
- C:\Windows\System\UeQCQkU.exe
  C:\Windows\System\UeQCQkU.exe
  2⤵
  PID:1612
- C:\Windows\System\GOfkyjS.exe
  C:\Windows\System\GOfkyjS.exe
  2⤵
  PID:572
- C:\Windows\System\vPcREiq.exe
  C:\Windows\System\vPcREiq.exe
  2⤵
  PID:2688
- C:\Windows\System\NyoERKx.exe
  C:\Windows\System\NyoERKx.exe
  2⤵
  PID:1068
- C:\Windows\System\LdeNBbd.exe
  C:\Windows\System\LdeNBbd.exe
  2⤵
  PID:1744
- C:\Windows\System\JlUOpql.exe
  C:\Windows\System\JlUOpql.exe
  2⤵
  PID:1812
- C:\Windows\System\EebKbRr.exe
  C:\Windows\System\EebKbRr.exe
  2⤵
  PID:1520
- C:\Windows\System\hrZJTju.exe
  C:\Windows\System\hrZJTju.exe
  2⤵
  PID:2144
- C:\Windows\System\FNATzOX.exe
  C:\Windows\System\FNATzOX.exe
  2⤵
  PID:2948
- C:\Windows\System\PFdUfId.exe
  C:\Windows\System\PFdUfId.exe
  2⤵
  PID:2100
- C:\Windows\System\oaSCzvx.exe
  C:\Windows\System\oaSCzvx.exe
  2⤵
  PID:1956
- C:\Windows\System\eCbcmKN.exe
  C:\Windows\System\eCbcmKN.exe
  2⤵
  PID:2388
- C:\Windows\System\CbwgFQn.exe
  C:\Windows\System\CbwgFQn.exe
  2⤵
  PID:2908
- C:\Windows\System\RajOcxI.exe
  C:\Windows\System\RajOcxI.exe
  2⤵
  PID:476
- C:\Windows\System\HYvBMkO.exe
  C:\Windows\System\HYvBMkO.exe
  2⤵
  PID:1752
- C:\Windows\System\ofKqFte.exe
  C:\Windows\System\ofKqFte.exe
  2⤵
  PID:1100
- C:\Windows\System\lUvlqJQ.exe
  C:\Windows\System\lUvlqJQ.exe
  2⤵
  PID:1720
- C:\Windows\System\HLJeUzY.exe
  C:\Windows\System\HLJeUzY.exe
  2⤵
  PID:2408
- C:\Windows\System\cqJuTQu.exe
  C:\Windows\System\cqJuTQu.exe
  2⤵
  PID:1564
- C:\Windows\System\IMKYVDy.exe
  C:\Windows\System\IMKYVDy.exe
  2⤵
  PID:2968
- C:\Windows\System\helNlBd.exe
  C:\Windows\System\helNlBd.exe
  2⤵
  PID:2648
- C:\Windows\System\LXVqjuD.exe
  C:\Windows\System\LXVqjuD.exe
  2⤵
  PID:2632
- C:\Windows\System\cYdubPi.exe
  C:\Windows\System\cYdubPi.exe
  2⤵
  PID:2432
- C:\Windows\System\lzuRzsB.exe
  C:\Windows\System\lzuRzsB.exe
  2⤵
  PID:1732
- C:\Windows\System\qjBZLIy.exe
  C:\Windows\System\qjBZLIy.exe
  2⤵
  PID:1036
- C:\Windows\System\aOWlirr.exe
  C:\Windows\System\aOWlirr.exe
  2⤵
  PID:2996
- C:\Windows\System\UoyVkQM.exe
  C:\Windows\System\UoyVkQM.exe
  2⤵
  PID:2228
- C:\Windows\System\LruxzXA.exe
  C:\Windows\System\LruxzXA.exe
  2⤵
  PID:2016
- C:\Windows\System\JLZEkTg.exe
  C:\Windows\System\JLZEkTg.exe
  2⤵
  PID:2356
- C:\Windows\System\EDwDono.exe
  C:\Windows\System\EDwDono.exe
  2⤵
  PID:840
- C:\Windows\System\baAiloW.exe
  C:\Windows\System\baAiloW.exe
  2⤵
  PID:3024
- C:\Windows\System\vFMEFiM.exe
  C:\Windows\System\vFMEFiM.exe
  2⤵
  PID:2900
- C:\Windows\System\AOgMVrN.exe
  C:\Windows\System\AOgMVrN.exe
  2⤵
  PID:1572
- C:\Windows\System\TubyKLT.exe
  C:\Windows\System\TubyKLT.exe
  2⤵
  PID:2780
- C:\Windows\System\KCDukOl.exe
  C:\Windows\System\KCDukOl.exe
  2⤵
  PID:2332
- C:\Windows\System\ClQMrKV.exe
  C:\Windows\System\ClQMrKV.exe
  2⤵
  PID:1996
- C:\Windows\System\SoiFgKZ.exe
  C:\Windows\System\SoiFgKZ.exe
  2⤵
  PID:2240
- C:\Windows\System\exqrjqL.exe
  C:\Windows\System\exqrjqL.exe
  2⤵
  PID:2664
- C:\Windows\System\yKOMZoR.exe
  C:\Windows\System\yKOMZoR.exe
  2⤵
  PID:2972
- C:\Windows\System\AfDMKCf.exe
  C:\Windows\System\AfDMKCf.exe
  2⤵
  PID:2480
- C:\Windows\System\EuRqCbH.exe
  C:\Windows\System\EuRqCbH.exe
  2⤵
  PID:3048
- C:\Windows\System\YXOQrgU.exe
  C:\Windows\System\YXOQrgU.exe
  2⤵
  PID:1484
- C:\Windows\System\kyOfMqB.exe
  C:\Windows\System\kyOfMqB.exe
  2⤵
  PID:2696
- C:\Windows\System\afBhNxu.exe
  C:\Windows\System\afBhNxu.exe
  2⤵
  PID:900
- C:\Windows\System\KIWOzkc.exe
  C:\Windows\System\KIWOzkc.exe
  2⤵
  PID:1796
- C:\Windows\System\WySHQUz.exe
  C:\Windows\System\WySHQUz.exe
  2⤵
  PID:1792
- C:\Windows\System\DjNDpPK.exe
  C:\Windows\System\DjNDpPK.exe
  2⤵
  PID:2644
- C:\Windows\System\CqEpJZn.exe
  C:\Windows\System\CqEpJZn.exe
  2⤵
  PID:2232
- C:\Windows\System\tuLriKJ.exe
  C:\Windows\System\tuLriKJ.exe
  2⤵
  PID:1928
- C:\Windows\System\JbOliJm.exe
  C:\Windows\System\JbOliJm.exe
  2⤵
  PID:2396
- C:\Windows\System\TyNQOKj.exe
  C:\Windows\System\TyNQOKj.exe
  2⤵
  PID:3032
- C:\Windows\System\lfWSKoj.exe
  C:\Windows\System\lfWSKoj.exe
  2⤵
  PID:2584
- C:\Windows\System\HBvyQWW.exe
  C:\Windows\System\HBvyQWW.exe
  2⤵
  PID:2316
- C:\Windows\System\wmxCMzM.exe
  C:\Windows\System\wmxCMzM.exe
  2⤵
  PID:2604
- C:\Windows\System\QlSsWRv.exe
  C:\Windows\System\QlSsWRv.exe
  2⤵
  PID:3100
- C:\Windows\System\qucWBmH.exe
  C:\Windows\System\qucWBmH.exe
  2⤵
  PID:3132
- C:\Windows\System\MSwUhgV.exe
  C:\Windows\System\MSwUhgV.exe
  2⤵
  PID:3152
- C:\Windows\System\Ighfqgs.exe
  C:\Windows\System\Ighfqgs.exe
  2⤵
  PID:3172
- C:\Windows\System\sLdKhoU.exe
  C:\Windows\System\sLdKhoU.exe
  2⤵
  PID:3188
- C:\Windows\System\IeySwBD.exe
  C:\Windows\System\IeySwBD.exe
  2⤵
  PID:3204
- C:\Windows\System\XrgpEcT.exe
  C:\Windows\System\XrgpEcT.exe
  2⤵
  PID:3224
- C:\Windows\System\gbxCufa.exe
  C:\Windows\System\gbxCufa.exe
  2⤵
  PID:3260
- C:\Windows\System\EksxyDT.exe
  C:\Windows\System\EksxyDT.exe
  2⤵
  PID:3276
- C:\Windows\System\xutqTvM.exe
  C:\Windows\System\xutqTvM.exe
  2⤵
  PID:3292
- C:\Windows\System\IypVQoA.exe
  C:\Windows\System\IypVQoA.exe
  2⤵
  PID:3308
- C:\Windows\System\YYoquRw.exe
  C:\Windows\System\YYoquRw.exe
  2⤵
  PID:3328
- C:\Windows\System\bEVogFb.exe
  C:\Windows\System\bEVogFb.exe
  2⤵
  PID:3344
- C:\Windows\System\cpjNXZY.exe
  C:\Windows\System\cpjNXZY.exe
  2⤵
  PID:3364
- C:\Windows\System\jSyZxOA.exe
  C:\Windows\System\jSyZxOA.exe
  2⤵
  PID:3380
- C:\Windows\System\DbxNumi.exe
  C:\Windows\System\DbxNumi.exe
  2⤵
  PID:3396
- C:\Windows\System\fRKxXwk.exe
  C:\Windows\System\fRKxXwk.exe
  2⤵
  PID:3412
- C:\Windows\System\wNTOxJe.exe
  C:\Windows\System\wNTOxJe.exe
  2⤵
  PID:3428
- C:\Windows\System\RoIhOia.exe
  C:\Windows\System\RoIhOia.exe
  2⤵
  PID:3464
- C:\Windows\System\jWWSuQb.exe
  C:\Windows\System\jWWSuQb.exe
  2⤵
  PID:3488
- C:\Windows\System\dxAgPbU.exe
  C:\Windows\System\dxAgPbU.exe
  2⤵
  PID:3512
- C:\Windows\System\xlnLefv.exe
  C:\Windows\System\xlnLefv.exe
  2⤵
  PID:3528
- C:\Windows\System\MlbHljN.exe
  C:\Windows\System\MlbHljN.exe
  2⤵
  PID:3544
- C:\Windows\System\giQxQdm.exe
  C:\Windows\System\giQxQdm.exe
  2⤵
  PID:3560
- C:\Windows\System\BYnGJFR.exe
  C:\Windows\System\BYnGJFR.exe
  2⤵
  PID:3580
- C:\Windows\System\ZPNPeXX.exe
  C:\Windows\System\ZPNPeXX.exe
  2⤵
  PID:3604
- C:\Windows\System\KtDdsHO.exe
  C:\Windows\System\KtDdsHO.exe
  2⤵
  PID:3624
- C:\Windows\System\wrhityO.exe
  C:\Windows\System\wrhityO.exe
  2⤵
  PID:3656
- C:\Windows\System\hrgEaJy.exe
  C:\Windows\System\hrgEaJy.exe
  2⤵
  PID:3676
- C:\Windows\System\uoMvymZ.exe
  C:\Windows\System\uoMvymZ.exe
  2⤵
  PID:3692
- C:\Windows\System\QitRkLt.exe
  C:\Windows\System\QitRkLt.exe
  2⤵
  PID:3708
- C:\Windows\System\sNZpLxo.exe
  C:\Windows\System\sNZpLxo.exe
  2⤵
  PID:3728
- C:\Windows\System\pIXniiv.exe
  C:\Windows\System\pIXniiv.exe
  2⤵
  PID:3748
- C:\Windows\System\qcrwfww.exe
  C:\Windows\System\qcrwfww.exe
  2⤵
  PID:3764
- C:\Windows\System\RgIZYAE.exe
  C:\Windows\System\RgIZYAE.exe
  2⤵
  PID:3780
- C:\Windows\System\uRFseOs.exe
  C:\Windows\System\uRFseOs.exe
  2⤵
  PID:3796
- C:\Windows\System\poVBhpG.exe
  C:\Windows\System\poVBhpG.exe
  2⤵
  PID:3844
- C:\Windows\System\xhrGyxH.exe
  C:\Windows\System\xhrGyxH.exe
  2⤵
  PID:3868
- C:\Windows\System\CihQZBM.exe
  C:\Windows\System\CihQZBM.exe
  2⤵
  PID:3884
- C:\Windows\System\YqNGuAe.exe
  C:\Windows\System\YqNGuAe.exe
  2⤵
  PID:3904
- C:\Windows\System\aCuTzwD.exe
  C:\Windows\System\aCuTzwD.exe
  2⤵
  PID:3928
- C:\Windows\System\akqxZDN.exe
  C:\Windows\System\akqxZDN.exe
  2⤵
  PID:3944
- C:\Windows\System\IFMKvGw.exe
  C:\Windows\System\IFMKvGw.exe
  2⤵
  PID:3976
- C:\Windows\System\ohpCFAr.exe
  C:\Windows\System\ohpCFAr.exe
  2⤵
  PID:3992
- C:\Windows\System\CnyWDeL.exe
  C:\Windows\System\CnyWDeL.exe
  2⤵
  PID:4008
- C:\Windows\System\ohHLAEi.exe
  C:\Windows\System\ohHLAEi.exe
  2⤵
  PID:4032
- C:\Windows\System\tPsfIkf.exe
  C:\Windows\System\tPsfIkf.exe
  2⤵
  PID:4048
- C:\Windows\System\EtExFuL.exe
  C:\Windows\System\EtExFuL.exe
  2⤵
  PID:4064
- C:\Windows\System\YKeptFE.exe
  C:\Windows\System\YKeptFE.exe
  2⤵
  PID:4080
- C:\Windows\System\BpshCRr.exe
  C:\Windows\System\BpshCRr.exe
  2⤵
  PID:2368
- C:\Windows\System\LCCOsIg.exe
  C:\Windows\System\LCCOsIg.exe
  2⤵
  PID:2304
- C:\Windows\System\bkRWzoG.exe
  C:\Windows\System\bkRWzoG.exe
  2⤵
  PID:3124
- C:\Windows\System\TPFQkqP.exe
  C:\Windows\System\TPFQkqP.exe
  2⤵
  PID:3164
- C:\Windows\System\GRJGyuY.exe
  C:\Windows\System\GRJGyuY.exe
  2⤵
  PID:2104
- C:\Windows\System\ligVakb.exe
  C:\Windows\System\ligVakb.exe
  2⤵
  PID:3248
- C:\Windows\System\aSvHHZS.exe
  C:\Windows\System\aSvHHZS.exe
  2⤵
  PID:2788
- C:\Windows\System\RWkqHcQ.exe
  C:\Windows\System\RWkqHcQ.exe
  2⤵
  PID:3088
- C:\Windows\System\xcNAqOH.exe
  C:\Windows\System\xcNAqOH.exe
  2⤵
  PID:3144
- C:\Windows\System\KReKxsj.exe
  C:\Windows\System\KReKxsj.exe
  2⤵
  PID:3252
- C:\Windows\System\QzCXDmh.exe
  C:\Windows\System\QzCXDmh.exe
  2⤵
  PID:3220
- C:\Windows\System\FPwLjQk.exe
  C:\Windows\System\FPwLjQk.exe
  2⤵
  PID:2668
- C:\Windows\System\dUlHNKg.exe
  C:\Windows\System\dUlHNKg.exe
  2⤵
  PID:3300
- C:\Windows\System\YsZggzo.exe
  C:\Windows\System\YsZggzo.exe
  2⤵
  PID:3324
- C:\Windows\System\FuQsFBI.exe
  C:\Windows\System\FuQsFBI.exe
  2⤵
  PID:3360
- C:\Windows\System\EupmkKO.exe
  C:\Windows\System\EupmkKO.exe
  2⤵
  PID:3424
- C:\Windows\System\NWJSQrP.exe
  C:\Windows\System\NWJSQrP.exe
  2⤵
  PID:3480
- C:\Windows\System\JkBSOZR.exe
  C:\Windows\System\JkBSOZR.exe
  2⤵
  PID:3456
- C:\Windows\System\NhWWsvN.exe
  C:\Windows\System\NhWWsvN.exe
  2⤵
  PID:3460
- C:\Windows\System\oSLtWlI.exe
  C:\Windows\System\oSLtWlI.exe
  2⤵
  PID:3552
- C:\Windows\System\SXuHpfu.exe
  C:\Windows\System\SXuHpfu.exe
  2⤵
  PID:3436
- C:\Windows\System\ybAqrPH.exe
  C:\Windows\System\ybAqrPH.exe
  2⤵
  PID:3600
- C:\Windows\System\JXyNXiA.exe
  C:\Windows\System\JXyNXiA.exe
  2⤵
  PID:3568
- C:\Windows\System\XPZSVgs.exe
  C:\Windows\System\XPZSVgs.exe
  2⤵
  PID:3640
- C:\Windows\System\PcZpzKk.exe
  C:\Windows\System\PcZpzKk.exe
  2⤵
  PID:3652
- C:\Windows\System\UkMLyDr.exe
  C:\Windows\System\UkMLyDr.exe
  2⤵
  PID:3536
- C:\Windows\System\DwOIPoW.exe
  C:\Windows\System\DwOIPoW.exe
  2⤵
  PID:3620
- C:\Windows\System\NqEoVuO.exe
  C:\Windows\System\NqEoVuO.exe
  2⤵
  PID:3716
- C:\Windows\System\YufCbZL.exe
  C:\Windows\System\YufCbZL.exe
  2⤵
  PID:3760
- C:\Windows\System\NSBdVYh.exe
  C:\Windows\System\NSBdVYh.exe
  2⤵
  PID:3664
- C:\Windows\System\otheMNt.exe
  C:\Windows\System\otheMNt.exe
  2⤵
  PID:3740
- C:\Windows\System\npOXGPB.exe
  C:\Windows\System\npOXGPB.exe
  2⤵
  PID:3804
- C:\Windows\System\SjkjcBv.exe
  C:\Windows\System\SjkjcBv.exe
  2⤵
  PID:3828
- C:\Windows\System\qVOPfiU.exe
  C:\Windows\System\qVOPfiU.exe
  2⤵
  PID:3820
- C:\Windows\System\vDQcvUB.exe
  C:\Windows\System\vDQcvUB.exe
  2⤵
  PID:3856
- C:\Windows\System\gYVfrSt.exe
  C:\Windows\System\gYVfrSt.exe
  2⤵
  PID:3876
- C:\Windows\System\tGGcslt.exe
  C:\Windows\System\tGGcslt.exe
  2⤵
  PID:2728
- C:\Windows\System\gkJDGTJ.exe
  C:\Windows\System\gkJDGTJ.exe
  2⤵
  PID:3956
- C:\Windows\System\OrSiRPS.exe
  C:\Windows\System\OrSiRPS.exe
  2⤵
  PID:3984
- C:\Windows\System\fpsRYXP.exe
  C:\Windows\System\fpsRYXP.exe
  2⤵
  PID:3044
- C:\Windows\System\XXPAoaq.exe
  C:\Windows\System\XXPAoaq.exe
  2⤵
  PID:4028
- C:\Windows\System\oLowEqg.exe
  C:\Windows\System\oLowEqg.exe
  2⤵
  PID:4056
- C:\Windows\System\ZcKNGZQ.exe
  C:\Windows\System\ZcKNGZQ.exe
  2⤵
  PID:4072
- C:\Windows\System\dQqLpfl.exe
  C:\Windows\System\dQqLpfl.exe
  2⤵
  PID:532
- C:\Windows\System\sHrKRyo.exe
  C:\Windows\System\sHrKRyo.exe
  2⤵
  PID:3112
- C:\Windows\System\pDBBYji.exe
  C:\Windows\System\pDBBYji.exe
  2⤵
  PID:316
- C:\Windows\System\jDxmEyb.exe
  C:\Windows\System\jDxmEyb.exe
  2⤵
  PID:3096
- C:\Windows\System\nJnvMhI.exe
  C:\Windows\System\nJnvMhI.exe
  2⤵
  PID:3140
- C:\Windows\System\GVeFYSV.exe
  C:\Windows\System\GVeFYSV.exe
  2⤵
  PID:3216
- C:\Windows\System\saeEwEe.exe
  C:\Windows\System\saeEwEe.exe
  2⤵
  PID:2168
- C:\Windows\System\MRBnpyF.exe
  C:\Windows\System\MRBnpyF.exe
  2⤵
  PID:3320
- C:\Windows\System\kJdWqcF.exe
  C:\Windows\System\kJdWqcF.exe
  2⤵
  PID:3472
- C:\Windows\System\cIGXUky.exe
  C:\Windows\System\cIGXUky.exe
  2⤵
  PID:3340
- C:\Windows\System\alUWKxd.exe
  C:\Windows\System\alUWKxd.exe
  2⤵
  PID:3524
- C:\Windows\System\DllShsN.exe
  C:\Windows\System\DllShsN.exe
  2⤵
  PID:3632
- C:\Windows\System\VQaQctU.exe
  C:\Windows\System\VQaQctU.exe
  2⤵
  PID:3648
- C:\Windows\System\bhwTdNB.exe
  C:\Windows\System\bhwTdNB.exe
  2⤵
  PID:3612
- C:\Windows\System\tiWonaD.exe
  C:\Windows\System\tiWonaD.exe
  2⤵
  PID:3688
- C:\Windows\System\VCANKNe.exe
  C:\Windows\System\VCANKNe.exe
  2⤵
  PID:3672
- C:\Windows\System\dpqiewm.exe
  C:\Windows\System\dpqiewm.exe
  2⤵
  PID:4092
- C:\Windows\System\aDIukyT.exe
  C:\Windows\System\aDIukyT.exe
  2⤵
  PID:3636
- C:\Windows\System\mhqOlhW.exe
  C:\Windows\System\mhqOlhW.exe
  2⤵
  PID:2928
- C:\Windows\System\MVSwjQk.exe
  C:\Windows\System\MVSwjQk.exe
  2⤵
  PID:3736
- C:\Windows\System\GnDNHiP.exe
  C:\Windows\System\GnDNHiP.exe
  2⤵
  PID:3236
- C:\Windows\System\FrVbDCd.exe
  C:\Windows\System\FrVbDCd.exe
  2⤵
  PID:3476
- C:\Windows\System\ytptgGY.exe
  C:\Windows\System\ytptgGY.exe
  2⤵
  PID:3520
- C:\Windows\System\EPikuMI.exe
  C:\Windows\System\EPikuMI.exe
  2⤵
  PID:3588
- C:\Windows\System\CvQtMIL.exe
  C:\Windows\System\CvQtMIL.exe
  2⤵
  PID:2880
- C:\Windows\System\yxaPmYq.exe
  C:\Windows\System\yxaPmYq.exe
  2⤵
  PID:3700
- C:\Windows\System\SFiWFBb.exe
  C:\Windows\System\SFiWFBb.exe
  2⤵
  PID:1868
- C:\Windows\System\ELMheEv.exe
  C:\Windows\System\ELMheEv.exe
  2⤵
  PID:3916
- C:\Windows\System\vagZUFq.exe
  C:\Windows\System\vagZUFq.exe
  2⤵
  PID:2092
- C:\Windows\System\jaBUQRd.exe
  C:\Windows\System\jaBUQRd.exe
  2⤵
  PID:4020
- C:\Windows\System\snSZCXR.exe
  C:\Windows\System\snSZCXR.exe
  2⤵
  PID:3352
- C:\Windows\System\XylIvLd.exe
  C:\Windows\System\XylIvLd.exe
  2⤵
  PID:3772
- C:\Windows\System\KMPbgDv.exe
  C:\Windows\System\KMPbgDv.exe
  2⤵
  PID:2804
- C:\Windows\System\lgVzDod.exe
  C:\Windows\System\lgVzDod.exe
  2⤵
  PID:3968
- C:\Windows\System\FLCjIqk.exe
  C:\Windows\System\FLCjIqk.exe
  2⤵
  PID:3372
- C:\Windows\System\njBjOdO.exe
  C:\Windows\System\njBjOdO.exe
  2⤵
  PID:3816
- C:\Windows\System\ktaQBDM.exe
  C:\Windows\System\ktaQBDM.exe
  2⤵
  PID:2776
- C:\Windows\System\STksnyo.exe
  C:\Windows\System\STksnyo.exe
  2⤵
  PID:4120
- C:\Windows\System\aXbiVvZ.exe
  C:\Windows\System\aXbiVvZ.exe
  2⤵
  PID:4140
- C:\Windows\System\HJKMAWG.exe
  C:\Windows\System\HJKMAWG.exe
  2⤵
  PID:4160
- C:\Windows\System\jVYxXrj.exe
  C:\Windows\System\jVYxXrj.exe
  2⤵
  PID:4180
- C:\Windows\System\aKgOoGE.exe
  C:\Windows\System\aKgOoGE.exe
  2⤵
  PID:4200
- C:\Windows\System\TSHkGkV.exe
  C:\Windows\System\TSHkGkV.exe
  2⤵
  PID:4220
- C:\Windows\System\qqSloDh.exe
  C:\Windows\System\qqSloDh.exe
  2⤵
  PID:4240
- C:\Windows\System\zQIZQoF.exe
  C:\Windows\System\zQIZQoF.exe
  2⤵
  PID:4260
- C:\Windows\System\cCBuMAW.exe
  C:\Windows\System\cCBuMAW.exe
  2⤵
  PID:4280
- C:\Windows\System\JUxlsrJ.exe
  C:\Windows\System\JUxlsrJ.exe
  2⤵
  PID:4300
- C:\Windows\System\uqSsYPP.exe
  C:\Windows\System\uqSsYPP.exe
  2⤵
  PID:4320
- C:\Windows\System\FwoBTxf.exe
  C:\Windows\System\FwoBTxf.exe
  2⤵
  PID:4340
- C:\Windows\System\NBoWyhe.exe
  C:\Windows\System\NBoWyhe.exe
  2⤵
  PID:4360
- C:\Windows\System\qLVqrUT.exe
  C:\Windows\System\qLVqrUT.exe
  2⤵
  PID:4380
- C:\Windows\System\PDsDLyt.exe
  C:\Windows\System\PDsDLyt.exe
  2⤵
  PID:4400
- C:\Windows\System\HMoFTyq.exe
  C:\Windows\System\HMoFTyq.exe
  2⤵
  PID:4420
- C:\Windows\System\LVAZzkS.exe
  C:\Windows\System\LVAZzkS.exe
  2⤵
  PID:4436
- C:\Windows\System\bdOnviS.exe
  C:\Windows\System\bdOnviS.exe
  2⤵
  PID:4456
- C:\Windows\System\DRwRnhT.exe
  C:\Windows\System\DRwRnhT.exe
  2⤵
  PID:4472
- C:\Windows\System\hGmvUTE.exe
  C:\Windows\System\hGmvUTE.exe
  2⤵
  PID:4488
- C:\Windows\System\lqqERXL.exe
  C:\Windows\System\lqqERXL.exe
  2⤵
  PID:4528
- C:\Windows\System\vGjJIiS.exe
  C:\Windows\System\vGjJIiS.exe
  2⤵
  PID:4544
- C:\Windows\System\WfvoOcc.exe
  C:\Windows\System\WfvoOcc.exe
  2⤵
  PID:4560
- C:\Windows\System\FBfvKkU.exe
  C:\Windows\System\FBfvKkU.exe
  2⤵
  PID:4576
- C:\Windows\System\hMRriQf.exe
  C:\Windows\System\hMRriQf.exe
  2⤵
  PID:4592
- C:\Windows\System\mcPXzEN.exe
  C:\Windows\System\mcPXzEN.exe
  2⤵
  PID:4624
- C:\Windows\System\SYaMdIV.exe
  C:\Windows\System\SYaMdIV.exe
  2⤵
  PID:4640
- C:\Windows\System\rplslcx.exe
  C:\Windows\System\rplslcx.exe
  2⤵
  PID:4656
- C:\Windows\System\WPArWWz.exe
  C:\Windows\System\WPArWWz.exe
  2⤵
  PID:4672
- C:\Windows\System\IvIzIpZ.exe
  C:\Windows\System\IvIzIpZ.exe
  2⤵
  PID:4688
- C:\Windows\System\FtlXeZw.exe
  C:\Windows\System\FtlXeZw.exe
  2⤵
  PID:4704
- C:\Windows\System\ShcWQkk.exe
  C:\Windows\System\ShcWQkk.exe
  2⤵
  PID:4720
- C:\Windows\System\FCKThmc.exe
  C:\Windows\System\FCKThmc.exe
  2⤵
  PID:4740
- C:\Windows\System\nbNzuMM.exe
  C:\Windows\System\nbNzuMM.exe
  2⤵
  PID:4788
- C:\Windows\System\isYIzpJ.exe
  C:\Windows\System\isYIzpJ.exe
  2⤵
  PID:4804
- C:\Windows\System\OWghkKS.exe
  C:\Windows\System\OWghkKS.exe
  2⤵
  PID:4820
- C:\Windows\System\DirSFKM.exe
  C:\Windows\System\DirSFKM.exe
  2⤵
  PID:4844
- C:\Windows\System\pVbxwTk.exe
  C:\Windows\System\pVbxwTk.exe
  2⤵
  PID:4860
- C:\Windows\System\ZBFHJqi.exe
  C:\Windows\System\ZBFHJqi.exe
  2⤵
  PID:4876
- C:\Windows\System\hAfzQlw.exe
  C:\Windows\System\hAfzQlw.exe
  2⤵
  PID:4900
- C:\Windows\System\kBuSjma.exe
  C:\Windows\System\kBuSjma.exe
  2⤵
  PID:4916
- C:\Windows\System\COdtxyx.exe
  C:\Windows\System\COdtxyx.exe
  2⤵
  PID:4932
- C:\Windows\System\PJcLGPh.exe
  C:\Windows\System\PJcLGPh.exe
  2⤵
  PID:4952
- C:\Windows\System\nXdUSAE.exe
  C:\Windows\System\nXdUSAE.exe
  2⤵
  PID:4976
- C:\Windows\System\dnLTWAD.exe
  C:\Windows\System\dnLTWAD.exe
  2⤵
  PID:4992
- C:\Windows\System\HoTqOcn.exe
  C:\Windows\System\HoTqOcn.exe
  2⤵
  PID:5008
- C:\Windows\System\KKUzOgr.exe
  C:\Windows\System\KKUzOgr.exe
  2⤵
  PID:5024
- C:\Windows\System\onazQLx.exe
  C:\Windows\System\onazQLx.exe
  2⤵
  PID:5040
- C:\Windows\System\fdOqZeZ.exe
  C:\Windows\System\fdOqZeZ.exe
  2⤵
  PID:5064
- C:\Windows\System\SJlLswr.exe
  C:\Windows\System\SJlLswr.exe
  2⤵
  PID:5088
- C:\Windows\System\VYBAvJh.exe
  C:\Windows\System\VYBAvJh.exe
  2⤵
  PID:5104
- C:\Windows\System\KIXsFkw.exe
  C:\Windows\System\KIXsFkw.exe
  2⤵
  PID:4004
- C:\Windows\System\XUhvcCX.exe
  C:\Windows\System\XUhvcCX.exe
  2⤵
  PID:3756
- C:\Windows\System\fTwURVp.exe
  C:\Windows\System\fTwURVp.exe
  2⤵
  PID:4152
- C:\Windows\System\OTFfBpt.exe
  C:\Windows\System\OTFfBpt.exe
  2⤵
  PID:4156
- C:\Windows\System\mtGrPnT.exe
  C:\Windows\System\mtGrPnT.exe
  2⤵
  PID:4168
- C:\Windows\System\cghVOWg.exe
  C:\Windows\System\cghVOWg.exe
  2⤵
  PID:4228
- C:\Windows\System\inkqvqK.exe
  C:\Windows\System\inkqvqK.exe
  2⤵
  PID:4212
- C:\Windows\System\fXJkZwE.exe
  C:\Windows\System\fXJkZwE.exe
  2⤵
  PID:4256
- C:\Windows\System\NBNYOhM.exe
  C:\Windows\System\NBNYOhM.exe
  2⤵
  PID:4308
- C:\Windows\System\iVPeUmK.exe
  C:\Windows\System\iVPeUmK.exe
  2⤵
  PID:4312
- C:\Windows\System\MxzoAUK.exe
  C:\Windows\System\MxzoAUK.exe
  2⤵
  PID:4356
- C:\Windows\System\JfHDsTZ.exe
  C:\Windows\System\JfHDsTZ.exe
  2⤵
  PID:1544
- C:\Windows\System\ZCQhgwz.exe
  C:\Windows\System\ZCQhgwz.exe
  2⤵
  PID:4432
- C:\Windows\System\KYQyXTP.exe
  C:\Windows\System\KYQyXTP.exe
  2⤵
  PID:4504
- C:\Windows\System\MFHiflw.exe
  C:\Windows\System\MFHiflw.exe
  2⤵
  PID:4376
- C:\Windows\System\JvXBHmS.exe
  C:\Windows\System\JvXBHmS.exe
  2⤵
  PID:4452
- C:\Windows\System\VYhOqYC.exe
  C:\Windows\System\VYhOqYC.exe
  2⤵
  PID:4512
- C:\Windows\System\hXLBOdK.exe
  C:\Windows\System\hXLBOdK.exe
  2⤵
  PID:2004
- C:\Windows\System\HeNvuzh.exe
  C:\Windows\System\HeNvuzh.exe
  2⤵
  PID:4588
- C:\Windows\System\ReZPuKO.exe
  C:\Windows\System\ReZPuKO.exe
  2⤵
  PID:4568
- C:\Windows\System\TjYsNIl.exe
  C:\Windows\System\TjYsNIl.exe
  2⤵
  PID:2768
- C:\Windows\System\LIlLSDm.exe
  C:\Windows\System\LIlLSDm.exe
  2⤵
  PID:4668
- C:\Windows\System\jDftUjT.exe
  C:\Windows\System\jDftUjT.exe
  2⤵
  PID:4768
- C:\Windows\System\WzTcTnY.exe
  C:\Windows\System\WzTcTnY.exe
  2⤵
  PID:4712
- C:\Windows\System\IDnIFuZ.exe
  C:\Windows\System\IDnIFuZ.exe
  2⤵
  PID:4520
- C:\Windows\System\eqHlAhM.exe
  C:\Windows\System\eqHlAhM.exe
  2⤵
  PID:4832
- C:\Windows\System\Jcoxwpn.exe
  C:\Windows\System\Jcoxwpn.exe
  2⤵
  PID:4872
- C:\Windows\System\ZlwpWNn.exe
  C:\Windows\System\ZlwpWNn.exe
  2⤵
  PID:4912
- C:\Windows\System\IoEFnxm.exe
  C:\Windows\System\IoEFnxm.exe
  2⤵
  PID:4948
- C:\Windows\System\jfJRbgb.exe
  C:\Windows\System\jfJRbgb.exe
  2⤵
  PID:5052
- C:\Windows\System\hSPrmuv.exe
  C:\Windows\System\hSPrmuv.exe
  2⤵
  PID:4968
- C:\Windows\System\tddBGhk.exe
  C:\Windows\System\tddBGhk.exe
  2⤵
  PID:5036
- C:\Windows\System\VJfkpes.exe
  C:\Windows\System\VJfkpes.exe
  2⤵
  PID:4896
- C:\Windows\System\KjjcdgU.exe
  C:\Windows\System\KjjcdgU.exe
  2⤵
  PID:5096
- C:\Windows\System\BBBfuTd.exe
  C:\Windows\System\BBBfuTd.exe
  2⤵
  PID:2808
- C:\Windows\System\QwDucCX.exe
  C:\Windows\System\QwDucCX.exe
  2⤵
  PID:4116
- C:\Windows\System\ZewlDVx.exe
  C:\Windows\System\ZewlDVx.exe
  2⤵
  PID:4016
- C:\Windows\System\BQrztxd.exe
  C:\Windows\System\BQrztxd.exe
  2⤵
  PID:5080
- C:\Windows\System\RzkIpfq.exe
  C:\Windows\System\RzkIpfq.exe
  2⤵
  PID:4196
- C:\Windows\System\JSPlXHO.exe
  C:\Windows\System\JSPlXHO.exe
  2⤵
  PID:4272
- C:\Windows\System\cmTuFea.exe
  C:\Windows\System\cmTuFea.exe
  2⤵
  PID:2424
- C:\Windows\System\ZKWkKKh.exe
  C:\Windows\System\ZKWkKKh.exe
  2⤵
  PID:4448
- C:\Windows\System\ikfKxWR.exe
  C:\Windows\System\ikfKxWR.exe
  2⤵
  PID:4480
- C:\Windows\System\acAicrS.exe
  C:\Windows\System\acAicrS.exe
  2⤵
  PID:4636
- C:\Windows\System\FUPwfLM.exe
  C:\Windows\System\FUPwfLM.exe
  2⤵
  PID:2940
- C:\Windows\System\OvNZfUw.exe
  C:\Windows\System\OvNZfUw.exe
  2⤵
  PID:2724
- C:\Windows\System\LmKwIkJ.exe
  C:\Windows\System\LmKwIkJ.exe
  2⤵
  PID:4188
- C:\Windows\System\EpYZgct.exe
  C:\Windows\System\EpYZgct.exe
  2⤵
  PID:4608
- C:\Windows\System\nLeUrJY.exe
  C:\Windows\System\nLeUrJY.exe
  2⤵
  PID:4604
- C:\Windows\System\DjdgsxW.exe
  C:\Windows\System\DjdgsxW.exe
  2⤵
  PID:4800
- C:\Windows\System\OleEmMg.exe
  C:\Windows\System\OleEmMg.exe
  2⤵
  PID:4856
- C:\Windows\System\RJMNheN.exe
  C:\Windows\System\RJMNheN.exe
  2⤵
  PID:4756
- C:\Windows\System\JuSxONM.exe
  C:\Windows\System\JuSxONM.exe
  2⤵
  PID:4816
- C:\Windows\System\atAipwY.exe
  C:\Windows\System\atAipwY.exe
  2⤵
  PID:4960
- C:\Windows\System\gfedXtn.exe
  C:\Windows\System\gfedXtn.exe
  2⤵
  PID:5112
- C:\Windows\System\xSTkUQU.exe
  C:\Windows\System\xSTkUQU.exe
  2⤵
  PID:4136
- C:\Windows\System\wSQnKiX.exe
  C:\Windows\System\wSQnKiX.exe
  2⤵
  PID:4172
- C:\Windows\System\sFbkfOs.exe
  C:\Windows\System\sFbkfOs.exe
  2⤵
  PID:4288
- C:\Windows\System\efgvBVm.exe
  C:\Windows\System\efgvBVm.exe
  2⤵
  PID:4388
- C:\Windows\System\siBwKNA.exe
  C:\Windows\System\siBwKNA.exe
  2⤵
  PID:4040
- C:\Windows\System\LoTdTIz.exe
  C:\Windows\System\LoTdTIz.exe
  2⤵
  PID:4464
- C:\Windows\System\IHeCTQn.exe
  C:\Windows\System\IHeCTQn.exe
  2⤵
  PID:4412
- C:\Windows\System\WEfElmK.exe
  C:\Windows\System\WEfElmK.exe
  2⤵
  PID:4540
- C:\Windows\System\DMhXLZm.exe
  C:\Windows\System\DMhXLZm.exe
  2⤵
  PID:4684
- C:\Windows\System\SBaUveP.exe
  C:\Windows\System\SBaUveP.exe
  2⤵
  PID:4556
- C:\Windows\System\kpNPRno.exe
  C:\Windows\System\kpNPRno.exe
  2⤵
  PID:2536
- C:\Windows\System\mWuTerZ.exe
  C:\Windows\System\mWuTerZ.exe
  2⤵
  PID:1292
- C:\Windows\System\RstmSZh.exe
  C:\Windows\System\RstmSZh.exe
  2⤵
  PID:4680
- C:\Windows\System\SRxARIM.exe
  C:\Windows\System\SRxARIM.exe
  2⤵
  PID:556
- C:\Windows\System\TzoYNpl.exe
  C:\Windows\System\TzoYNpl.exe
  2⤵
  PID:1992
- C:\Windows\System\WRfvmAD.exe
  C:\Windows\System\WRfvmAD.exe
  2⤵
  PID:5048
- C:\Windows\System\jSnrGlq.exe
  C:\Windows\System\jSnrGlq.exe
  2⤵
  PID:2252
- C:\Windows\System\jOKKBEL.exe
  C:\Windows\System\jOKKBEL.exe
  2⤵
  PID:4248
- C:\Windows\System\IJahgUC.exe
  C:\Windows\System\IJahgUC.exe
  2⤵
  PID:5072
- C:\Windows\System\FAQNyDl.exe
  C:\Windows\System\FAQNyDl.exe
  2⤵
  PID:3084
- C:\Windows\System\lYsMXIy.exe
  C:\Windows\System\lYsMXIy.exe
  2⤵
  PID:4268
- C:\Windows\System\ulQQSVI.exe
  C:\Windows\System\ulQQSVI.exe
  2⤵
  PID:4728
- C:\Windows\System\UJndbfI.exe
  C:\Windows\System\UJndbfI.exe
  2⤵
  PID:4368
- C:\Windows\System\qxtpQbD.exe
  C:\Windows\System\qxtpQbD.exe
  2⤵
  PID:4348
- C:\Windows\System\kXapRBe.exe
  C:\Windows\System\kXapRBe.exe
  2⤵
  PID:4428
- C:\Windows\System\tXxUxKM.exe
  C:\Windows\System\tXxUxKM.exe
  2⤵
  PID:492
- C:\Windows\System\aWkDisY.exe
  C:\Windows\System\aWkDisY.exe
  2⤵
  PID:2596
- C:\Windows\System\OVcQvlK.exe
  C:\Windows\System\OVcQvlK.exe
  2⤵
  PID:4780
- C:\Windows\System\OydZpTi.exe
  C:\Windows\System\OydZpTi.exe
  2⤵
  PID:5032
- C:\Windows\System\QcGuBBl.exe
  C:\Windows\System\QcGuBBl.exe
  2⤵
  PID:3924
- C:\Windows\System\drMKwVb.exe
  C:\Windows\System\drMKwVb.exe
  2⤵
  PID:4500
- C:\Windows\System\aDbByWV.exe
  C:\Windows\System\aDbByWV.exe
  2⤵
  PID:396
- C:\Windows\System\rRHPxSV.exe
  C:\Windows\System\rRHPxSV.exe
  2⤵
  PID:5132
- C:\Windows\System\uZxTPJV.exe
  C:\Windows\System\uZxTPJV.exe
  2⤵
  PID:5152
- C:\Windows\System\PlUvgxS.exe
  C:\Windows\System\PlUvgxS.exe
  2⤵
  PID:5180
- C:\Windows\System\ntGsrNx.exe
  C:\Windows\System\ntGsrNx.exe
  2⤵
  PID:5196
- C:\Windows\System\ugLxySC.exe
  C:\Windows\System\ugLxySC.exe
  2⤵
  PID:5212
- C:\Windows\System\STNBuQV.exe
  C:\Windows\System\STNBuQV.exe
  2⤵
  PID:5228
- C:\Windows\System\FphxgHx.exe
  C:\Windows\System\FphxgHx.exe
  2⤵
  PID:5256
- C:\Windows\System\kGimjKQ.exe
  C:\Windows\System\kGimjKQ.exe
  2⤵
  PID:5280
- C:\Windows\System\vEFEvOY.exe
  C:\Windows\System\vEFEvOY.exe
  2⤵
  PID:5300
- C:\Windows\System\UcEnnIi.exe
  C:\Windows\System\UcEnnIi.exe
  2⤵
  PID:5324
- C:\Windows\System\gHPHDCM.exe
  C:\Windows\System\gHPHDCM.exe
  2⤵
  PID:5344
- C:\Windows\System\ZrGvliS.exe
  C:\Windows\System\ZrGvliS.exe
  2⤵
  PID:5360
- C:\Windows\System\xIjarqA.exe
  C:\Windows\System\xIjarqA.exe
  2⤵
  PID:5376
- C:\Windows\System\VuyiCPy.exe
  C:\Windows\System\VuyiCPy.exe
  2⤵
  PID:5392
- C:\Windows\System\scMQAzU.exe
  C:\Windows\System\scMQAzU.exe
  2⤵
  PID:5408
- C:\Windows\System\kUuQRuD.exe
  C:\Windows\System\kUuQRuD.exe
  2⤵
  PID:5428
- C:\Windows\System\PmBiDzO.exe
  C:\Windows\System\PmBiDzO.exe
  2⤵
  PID:5444
- C:\Windows\System\HUItCLK.exe
  C:\Windows\System\HUItCLK.exe
  2⤵
  PID:5460
- C:\Windows\System\JbnAJrr.exe
  C:\Windows\System\JbnAJrr.exe
  2⤵
  PID:5512
- C:\Windows\System\TBKCjAn.exe
  C:\Windows\System\TBKCjAn.exe
  2⤵
  PID:5528
- C:\Windows\System\FiPijeO.exe
  C:\Windows\System\FiPijeO.exe
  2⤵
  PID:5556
- C:\Windows\System\cIsSwSQ.exe
  C:\Windows\System\cIsSwSQ.exe
  2⤵
  PID:5572
- C:\Windows\System\KgcdaYx.exe
  C:\Windows\System\KgcdaYx.exe
  2⤵
  PID:5596
- C:\Windows\System\IDwVbom.exe
  C:\Windows\System\IDwVbom.exe
  2⤵
  PID:5612
- C:\Windows\System\bgpxCgp.exe
  C:\Windows\System\bgpxCgp.exe
  2⤵
  PID:5632
- C:\Windows\System\fARFmzN.exe
  C:\Windows\System\fARFmzN.exe
  2⤵
  PID:5652
- C:\Windows\System\EFIWOgE.exe
  C:\Windows\System\EFIWOgE.exe
  2⤵
  PID:5676
- C:\Windows\System\CEIBFaO.exe
  C:\Windows\System\CEIBFaO.exe
  2⤵
  PID:5692
- C:\Windows\System\EYncmYF.exe
  C:\Windows\System\EYncmYF.exe
  2⤵
  PID:5708
- C:\Windows\System\CKPPXKE.exe
  C:\Windows\System\CKPPXKE.exe
  2⤵
  PID:5724
- C:\Windows\System\oeJrzZI.exe
  C:\Windows\System\oeJrzZI.exe
  2⤵
  PID:5740
- C:\Windows\System\TfVwudZ.exe
  C:\Windows\System\TfVwudZ.exe
  2⤵
  PID:5772
- C:\Windows\System\MGbpZVS.exe
  C:\Windows\System\MGbpZVS.exe
  2⤵
  PID:5788
- C:\Windows\System\zorjkzc.exe
  C:\Windows\System\zorjkzc.exe
  2⤵
  PID:5804
- C:\Windows\System\YukHSoj.exe
  C:\Windows\System\YukHSoj.exe
  2⤵
  PID:5824
- C:\Windows\System\fSMBnUX.exe
  C:\Windows\System\fSMBnUX.exe
  2⤵
  PID:5840
- C:\Windows\System\ULCvyuK.exe
  C:\Windows\System\ULCvyuK.exe
  2⤵
  PID:5856
- C:\Windows\System\LMtvxOI.exe
  C:\Windows\System\LMtvxOI.exe
  2⤵
  PID:5872
- C:\Windows\System\vVyzCPi.exe
  C:\Windows\System\vVyzCPi.exe
  2⤵
  PID:5892
- C:\Windows\System\nIPAykl.exe
  C:\Windows\System\nIPAykl.exe
  2⤵
  PID:5908
- C:\Windows\System\tdzuCGn.exe
  C:\Windows\System\tdzuCGn.exe
  2⤵
  PID:5924
- C:\Windows\System\oSgJhSw.exe
  C:\Windows\System\oSgJhSw.exe
  2⤵
  PID:5940
- C:\Windows\System\KDvlkBU.exe
  C:\Windows\System\KDvlkBU.exe
  2⤵
  PID:5960
- C:\Windows\System\vxnjLPy.exe
  C:\Windows\System\vxnjLPy.exe
  2⤵
  PID:6020
- C:\Windows\System\wdtznjr.exe
  C:\Windows\System\wdtznjr.exe
  2⤵
  PID:6036
- C:\Windows\System\WcqZCit.exe
  C:\Windows\System\WcqZCit.exe
  2⤵
  PID:6056
- C:\Windows\System\NtHrJKT.exe
  C:\Windows\System\NtHrJKT.exe
  2⤵
  PID:6076
- C:\Windows\System\ZBxjXbD.exe
  C:\Windows\System\ZBxjXbD.exe
  2⤵
  PID:6100
- C:\Windows\System\dPmBizF.exe
  C:\Windows\System\dPmBizF.exe
  2⤵
  PID:6116
- C:\Windows\System\kDcpoGL.exe
  C:\Windows\System\kDcpoGL.exe
  2⤵
  PID:6136
- C:\Windows\System\eDfSWqN.exe
  C:\Windows\System\eDfSWqN.exe
  2⤵
  PID:1672
- C:\Windows\System\hXwMExG.exe
  C:\Windows\System\hXwMExG.exe
  2⤵
  PID:5128
- C:\Windows\System\PcBbqPR.exe
  C:\Windows\System\PcBbqPR.exe
  2⤵
  PID:5168
- C:\Windows\System\kHqHDSW.exe
  C:\Windows\System\kHqHDSW.exe
  2⤵
  PID:5208
- C:\Windows\System\pbFekcj.exe
  C:\Windows\System\pbFekcj.exe
  2⤵
  PID:5252
- C:\Windows\System\xDUHXqO.exe
  C:\Windows\System\xDUHXqO.exe
  2⤵
  PID:5292
- C:\Windows\System\TpuhVhO.exe
  C:\Windows\System\TpuhVhO.exe
  2⤵
  PID:1256
- C:\Windows\System\UWhHsTP.exe
  C:\Windows\System\UWhHsTP.exe
  2⤵
  PID:5140
- C:\Windows\System\DzmgGzJ.exe
  C:\Windows\System\DzmgGzJ.exe
  2⤵
  PID:5188
- C:\Windows\System\DVCpEsd.exe
  C:\Windows\System\DVCpEsd.exe
  2⤵
  PID:5320
- C:\Windows\System\LZoxYur.exe
  C:\Windows\System\LZoxYur.exe
  2⤵
  PID:5340
- C:\Windows\System\VrpfzZh.exe
  C:\Windows\System\VrpfzZh.exe
  2⤵
  PID:5468
- C:\Windows\System\CZXarhu.exe
  C:\Windows\System\CZXarhu.exe
  2⤵
  PID:5484
- C:\Windows\System\YCFgnSf.exe
  C:\Windows\System\YCFgnSf.exe
  2⤵
  PID:5500
- C:\Windows\System\MCTZJld.exe
  C:\Windows\System\MCTZJld.exe
  2⤵
  PID:5540
- C:\Windows\System\OboADPP.exe
  C:\Windows\System\OboADPP.exe
  2⤵
  PID:5552
- C:\Windows\System\CTvAqyw.exe
  C:\Windows\System\CTvAqyw.exe
  2⤵
  PID:5416
- C:\Windows\System\MWtBWzg.exe
  C:\Windows\System\MWtBWzg.exe
  2⤵
  PID:5520
- C:\Windows\System\ROdSeFE.exe
  C:\Windows\System\ROdSeFE.exe
  2⤵
  PID:5584
- C:\Windows\System\AAonMEJ.exe
  C:\Windows\System\AAonMEJ.exe
  2⤵
  PID:5628
- C:\Windows\System\OHsjVMR.exe
  C:\Windows\System\OHsjVMR.exe
  2⤵
  PID:5640
- C:\Windows\System\zvakOWp.exe
  C:\Windows\System\zvakOWp.exe
  2⤵
  PID:5720
- C:\Windows\System\tUBObCV.exe
  C:\Windows\System\tUBObCV.exe
  2⤵
  PID:5752
- C:\Windows\System\GAjCmfN.exe
  C:\Windows\System\GAjCmfN.exe
  2⤵
  PID:5732
- C:\Windows\System\WZjNQNJ.exe
  C:\Windows\System\WZjNQNJ.exe
  2⤵
  PID:5948
- C:\Windows\System\MKbPArg.exe
  C:\Windows\System\MKbPArg.exe
  2⤵
  PID:5852
- C:\Windows\System\dBrzalb.exe
  C:\Windows\System\dBrzalb.exe
  2⤵
  PID:5920
- C:\Windows\System\tgOOQVj.exe
  C:\Windows\System\tgOOQVj.exe
  2⤵
  PID:5988
- C:\Windows\System\BppWoTq.exe
  C:\Windows\System\BppWoTq.exe
  2⤵
  PID:5864
- C:\Windows\System\xraYkRY.exe
  C:\Windows\System\xraYkRY.exe
  2⤵
  PID:5968
- C:\Windows\System\vAuiaWq.exe
  C:\Windows\System\vAuiaWq.exe
  2⤵
  PID:6000
- C:\Windows\System\RRxNPmu.exe
  C:\Windows\System\RRxNPmu.exe
  2⤵
  PID:6016
- C:\Windows\System\iCEPCvd.exe
  C:\Windows\System\iCEPCvd.exe
  2⤵
  PID:6064
- C:\Windows\System\TOMPJBX.exe
  C:\Windows\System\TOMPJBX.exe
  2⤵
  PID:6092
- C:\Windows\System\rRFvrcn.exe
  C:\Windows\System\rRFvrcn.exe
  2⤵
  PID:6128
- C:\Windows\System\BaGyYiD.exe
  C:\Windows\System\BaGyYiD.exe
  2⤵
  PID:5160
- C:\Windows\System\QBXCVGh.exe
  C:\Windows\System\QBXCVGh.exe
  2⤵
  PID:5244
- C:\Windows\System\uiQZqwv.exe
  C:\Windows\System\uiQZqwv.exe
  2⤵
  PID:4732
- C:\Windows\System\fBwcocc.exe
  C:\Windows\System\fBwcocc.exe
  2⤵
  PID:5204
- C:\Windows\System\FJXTuvC.exe
  C:\Windows\System\FJXTuvC.exe
  2⤵
  PID:2748
- C:\Windows\System\WhmLmLV.exe
  C:\Windows\System\WhmLmLV.exe
  2⤵
  PID:5276
- C:\Windows\System\JYivpLS.exe
  C:\Windows\System\JYivpLS.exe
  2⤵
  PID:5332
- C:\Windows\System\SkKdXEb.exe
  C:\Windows\System\SkKdXEb.exe
  2⤵
  PID:5436
- C:\Windows\System\scRLPHg.exe
  C:\Windows\System\scRLPHg.exe
  2⤵
  PID:2000
- C:\Windows\System\YGRSCMi.exe
  C:\Windows\System\YGRSCMi.exe
  2⤵
  PID:5400
- C:\Windows\System\KsqHFRO.exe
  C:\Windows\System\KsqHFRO.exe
  2⤵
  PID:1440
- C:\Windows\System\UkgQpfo.exe
  C:\Windows\System\UkgQpfo.exe
  2⤵
  PID:5440
- C:\Windows\System\knZlthK.exe
  C:\Windows\System\knZlthK.exe
  2⤵
  PID:5760
- C:\Windows\System\NIDOAGP.exe
  C:\Windows\System\NIDOAGP.exe
  2⤵
  PID:5452
- C:\Windows\System\fBsRDdN.exe
  C:\Windows\System\fBsRDdN.exe
  2⤵
  PID:5888
- C:\Windows\System\iDqOHkS.exe
  C:\Windows\System\iDqOHkS.exe
  2⤵
  PID:5992
- C:\Windows\System\sWMDqfC.exe
  C:\Windows\System\sWMDqfC.exe
  2⤵
  PID:5764
- C:\Windows\System\FwBttpy.exe
  C:\Windows\System\FwBttpy.exe
  2⤵
  PID:5456
- C:\Windows\System\NXMcpLU.exe
  C:\Windows\System\NXMcpLU.exe
  2⤵
  PID:5780
- C:\Windows\System\odHQLnT.exe
  C:\Windows\System\odHQLnT.exe
  2⤵
  PID:5956
- C:\Windows\System\dAWLABm.exe
  C:\Windows\System\dAWLABm.exe
  2⤵
  PID:5932
- C:\Windows\System\UwviCcJ.exe
  C:\Windows\System\UwviCcJ.exe
  2⤵
  PID:6084
- C:\Windows\System\HocsBdx.exe
  C:\Windows\System\HocsBdx.exe
  2⤵
  PID:3836
- C:\Windows\System\ZyhQgaz.exe
  C:\Windows\System\ZyhQgaz.exe
  2⤵
  PID:5076
- C:\Windows\System\zBNMhfd.exe
  C:\Windows\System\zBNMhfd.exe
  2⤵
  PID:5268
- C:\Windows\System\aMBwpGf.exe
  C:\Windows\System\aMBwpGf.exe
  2⤵
  PID:6132
- C:\Windows\System\SfTePKA.exe
  C:\Windows\System\SfTePKA.exe
  2⤵
  PID:3052
- C:\Windows\System\yGnbcAT.exe
  C:\Windows\System\yGnbcAT.exe
  2⤵
  PID:804
- C:\Windows\System\fBdOcyU.exe
  C:\Windows\System\fBdOcyU.exe
  2⤵
  PID:5288
- C:\Windows\System\hzaPjJR.exe
  C:\Windows\System\hzaPjJR.exe
  2⤵
  PID:5564
- C:\Windows\System\oTAPGIl.exe
  C:\Windows\System\oTAPGIl.exe
  2⤵
  PID:5660
- C:\Windows\System\BFNmuLF.exe
  C:\Windows\System\BFNmuLF.exe
  2⤵
  PID:5748
- C:\Windows\System\fOpdScD.exe
  C:\Windows\System\fOpdScD.exe
  2⤵
  PID:6012
- C:\Windows\System\pwobuPD.exe
  C:\Windows\System\pwobuPD.exe
  2⤵
  PID:5240
- C:\Windows\System\xkMpYMJ.exe
  C:\Windows\System\xkMpYMJ.exe
  2⤵
  PID:5220
- C:\Windows\System\DZYXAdt.exe
  C:\Windows\System\DZYXAdt.exe
  2⤵
  PID:6052
- C:\Windows\System\xBNYwGX.exe
  C:\Windows\System\xBNYwGX.exe
  2⤵
  PID:5620
- C:\Windows\System\YbOpLmC.exe
  C:\Windows\System\YbOpLmC.exe
  2⤵
  PID:5916
- C:\Windows\System\bdYruWp.exe
  C:\Windows\System\bdYruWp.exe
  2⤵
  PID:5832
- C:\Windows\System\ZRyqXbK.exe
  C:\Windows\System\ZRyqXbK.exe
  2⤵
  PID:2964
- C:\Windows\System\XVjXkiM.exe
  C:\Windows\System\XVjXkiM.exe
  2⤵
  PID:2008
- C:\Windows\System\RopLOnr.exe
  C:\Windows\System\RopLOnr.exe
  2⤵
  PID:4076
- C:\Windows\System\UGYezTg.exe
  C:\Windows\System\UGYezTg.exe
  2⤵
  PID:4748
- C:\Windows\System\KEKqcVx.exe
  C:\Windows\System\KEKqcVx.exe
  2⤵
  PID:2852
- C:\Windows\System\dSmOPaC.exe
  C:\Windows\System\dSmOPaC.exe
  2⤵
  PID:5508
- C:\Windows\System\VeftUyh.exe
  C:\Windows\System\VeftUyh.exe
  2⤵
  PID:2460
- C:\Windows\System\sTyHSIh.exe
  C:\Windows\System\sTyHSIh.exe
  2⤵
  PID:5312
- C:\Windows\System\vNEDnqS.exe
  C:\Windows\System\vNEDnqS.exe
  2⤵
  PID:1108
- C:\Windows\System\PXBVAzb.exe
  C:\Windows\System\PXBVAzb.exe
  2⤵
  PID:5580
- C:\Windows\System\JCEGzDS.exe
  C:\Windows\System\JCEGzDS.exe
  2⤵
  PID:592
- C:\Windows\System\PTBBtaF.exe
  C:\Windows\System\PTBBtaF.exe
  2⤵
  PID:1172
- C:\Windows\System\FzEjWXZ.exe
  C:\Windows\System\FzEjWXZ.exe
  2⤵
  PID:5716
- C:\Windows\System\yXHvlgW.exe
  C:\Windows\System\yXHvlgW.exe
  2⤵
  PID:5384
- C:\Windows\System\dxuGnbo.exe
  C:\Windows\System\dxuGnbo.exe
  2⤵
  PID:1932
- C:\Windows\System\JZspcqQ.exe
  C:\Windows\System\JZspcqQ.exe
  2⤵
  PID:6108
- C:\Windows\System\UivOaKX.exe
  C:\Windows\System\UivOaKX.exe
  2⤵
  PID:5784
- C:\Windows\System\CQDhxej.exe
  C:\Windows\System\CQDhxej.exe
  2⤵
  PID:3776
- C:\Windows\System\lGtJNmp.exe
  C:\Windows\System\lGtJNmp.exe
  2⤵
  PID:6124
- C:\Windows\System\dhQvtUI.exe
  C:\Windows\System\dhQvtUI.exe
  2⤵
  PID:6152
- C:\Windows\System\LgHVYqG.exe
  C:\Windows\System\LgHVYqG.exe
  2⤵
  PID:6168
- C:\Windows\System\SDCeeXd.exe
  C:\Windows\System\SDCeeXd.exe
  2⤵
  PID:6184
- C:\Windows\System\zrIpyrq.exe
  C:\Windows\System\zrIpyrq.exe
  2⤵
  PID:6200
- C:\Windows\System\FAGpAjY.exe
  C:\Windows\System\FAGpAjY.exe
  2⤵
  PID:6216
- C:\Windows\System\YYPhbMr.exe
  C:\Windows\System\YYPhbMr.exe
  2⤵
  PID:6232
- C:\Windows\System\yvmezhp.exe
  C:\Windows\System\yvmezhp.exe
  2⤵
  PID:6248
- C:\Windows\System\hfhsFbp.exe
  C:\Windows\System\hfhsFbp.exe
  2⤵
  PID:6272
- C:\Windows\System\swlrbFj.exe
  C:\Windows\System\swlrbFj.exe
  2⤵
  PID:6288
- C:\Windows\System\AUpecoX.exe
  C:\Windows\System\AUpecoX.exe
  2⤵
  PID:6308
- C:\Windows\System\heAWHhW.exe
  C:\Windows\System\heAWHhW.exe
  2⤵
  PID:6332
- C:\Windows\System\UYAyhHu.exe
  C:\Windows\System\UYAyhHu.exe
  2⤵
  PID:6348
- C:\Windows\System\eETaVqX.exe
  C:\Windows\System\eETaVqX.exe
  2⤵
  PID:6364
- C:\Windows\System\GEIuZSn.exe
  C:\Windows\System\GEIuZSn.exe
  2⤵
  PID:6416
- C:\Windows\System\aJxzdoD.exe
  C:\Windows\System\aJxzdoD.exe
  2⤵
  PID:6440
- C:\Windows\System\WfKdqZx.exe
  C:\Windows\System\WfKdqZx.exe
  2⤵
  PID:6460
- C:\Windows\System\OwEAeOj.exe
  C:\Windows\System\OwEAeOj.exe
  2⤵
  PID:6488
- C:\Windows\System\wLQzHcK.exe
  C:\Windows\System\wLQzHcK.exe
  2⤵
  PID:6504
- C:\Windows\System\FdWXwmm.exe
  C:\Windows\System\FdWXwmm.exe
  2⤵
  PID:6520
- C:\Windows\System\mFswZJm.exe
  C:\Windows\System\mFswZJm.exe
  2⤵
  PID:6540
- C:\Windows\System\ygARnAw.exe
  C:\Windows\System\ygARnAw.exe
  2⤵
  PID:6556
- C:\Windows\System\wUiycoI.exe
  C:\Windows\System\wUiycoI.exe
  2⤵
  PID:6572
- C:\Windows\System\peyyJpO.exe
  C:\Windows\System\peyyJpO.exe
  2⤵
  PID:6588
- C:\Windows\System\qSQJOdF.exe
  C:\Windows\System\qSQJOdF.exe
  2⤵
  PID:6612
- C:\Windows\System\PQzjmtS.exe
  C:\Windows\System\PQzjmtS.exe
  2⤵
  PID:6644
- C:\Windows\System\oiMtrMf.exe
  C:\Windows\System\oiMtrMf.exe
  2⤵
  PID:6668
- C:\Windows\System\ghregxy.exe
  C:\Windows\System\ghregxy.exe
  2⤵
  PID:6684
- C:\Windows\System\bPMzTaQ.exe
  C:\Windows\System\bPMzTaQ.exe
  2⤵
  PID:6700
- C:\Windows\System\ObYzTuS.exe
  C:\Windows\System\ObYzTuS.exe
  2⤵
  PID:6716
- C:\Windows\System\JnAXvwE.exe
  C:\Windows\System\JnAXvwE.exe
  2⤵
  PID:6740
- C:\Windows\System\oUdXHRN.exe
  C:\Windows\System\oUdXHRN.exe
  2⤵
  PID:6756
- C:\Windows\System\NbEeiHB.exe
  C:\Windows\System\NbEeiHB.exe
  2⤵
  PID:6780
- C:\Windows\System\TwQJeOz.exe
  C:\Windows\System\TwQJeOz.exe
  2⤵
  PID:6796
- C:\Windows\System\RTizByo.exe
  C:\Windows\System\RTizByo.exe
  2⤵
  PID:6828
- C:\Windows\System\VXdEQsM.exe
  C:\Windows\System\VXdEQsM.exe
  2⤵
  PID:6844
- C:\Windows\System\QFSaqLI.exe
  C:\Windows\System\QFSaqLI.exe
  2⤵
  PID:6860
- C:\Windows\System\NesIWul.exe
  C:\Windows\System\NesIWul.exe
  2⤵
  PID:6884
- C:\Windows\System\giFHrGD.exe
  C:\Windows\System\giFHrGD.exe
  2⤵
  PID:6904
- C:\Windows\System\yMSDABf.exe
  C:\Windows\System\yMSDABf.exe
  2⤵
  PID:6920
- C:\Windows\System\AWeCcpV.exe
  C:\Windows\System\AWeCcpV.exe
  2⤵
  PID:6936
- C:\Windows\System\JizVJeH.exe
  C:\Windows\System\JizVJeH.exe
  2⤵
  PID:6952
- C:\Windows\System\APYpxJj.exe
  C:\Windows\System\APYpxJj.exe
  2⤵
  PID:6968
- C:\Windows\System\ZBEJZXC.exe
  C:\Windows\System\ZBEJZXC.exe
  2⤵
  PID:6984
- C:\Windows\System\bsgoYZP.exe
  C:\Windows\System\bsgoYZP.exe
  2⤵
  PID:7004
- C:\Windows\System\RhVXhaD.exe
  C:\Windows\System\RhVXhaD.exe
  2⤵
  PID:7020
- C:\Windows\System\LywYgaK.exe
  C:\Windows\System\LywYgaK.exe
  2⤵
  PID:7040
- C:\Windows\System\SlBHHbj.exe
  C:\Windows\System\SlBHHbj.exe
  2⤵
  PID:7056
- C:\Windows\System\jHvJCnl.exe
  C:\Windows\System\jHvJCnl.exe
  2⤵
  PID:7072
- C:\Windows\System\ottPaXJ.exe
  C:\Windows\System\ottPaXJ.exe
  2⤵
  PID:7096
- C:\Windows\System\BdufuFI.exe
  C:\Windows\System\BdufuFI.exe
  2⤵
  PID:7124
- C:\Windows\System\bwrJjsS.exe
  C:\Windows\System\bwrJjsS.exe
  2⤵
  PID:7140
- C:\Windows\System\ZsQIMnq.exe
  C:\Windows\System\ZsQIMnq.exe
  2⤵
  PID:7164
- C:\Windows\System\qJcWuuD.exe
  C:\Windows\System\qJcWuuD.exe
  2⤵
  PID:6256
- C:\Windows\System\QcVmxyD.exe
  C:\Windows\System\QcVmxyD.exe
  2⤵
  PID:6300
- C:\Windows\System\GMDmenW.exe
  C:\Windows\System\GMDmenW.exe
  2⤵
  PID:6176
- C:\Windows\System\TISONQZ.exe
  C:\Windows\System\TISONQZ.exe
  2⤵
  PID:6244
- C:\Windows\System\EhAdivR.exe
  C:\Windows\System\EhAdivR.exe
  2⤵
  PID:6088
- C:\Windows\System\pQgsrgU.exe
  C:\Windows\System\pQgsrgU.exe
  2⤵
  PID:6208
- C:\Windows\System\Eaetdgl.exe
  C:\Windows\System\Eaetdgl.exe
  2⤵
  PID:6424
- C:\Windows\System\UjuiBdw.exe
  C:\Windows\System\UjuiBdw.exe
  2⤵
  PID:6428
- C:\Windows\System\OEgMVzB.exe
  C:\Windows\System\OEgMVzB.exe
  2⤵
  PID:6452
- C:\Windows\System\ZcipCtp.exe
  C:\Windows\System\ZcipCtp.exe
  2⤵
  PID:6468
- C:\Windows\System\saTbsQz.exe
  C:\Windows\System\saTbsQz.exe
  2⤵
  PID:6528
- C:\Windows\System\XSZuCaN.exe
  C:\Windows\System\XSZuCaN.exe
  2⤵
  PID:6604
- C:\Windows\System\jgnoJvn.exe
  C:\Windows\System\jgnoJvn.exe
  2⤵
  PID:6516
- C:\Windows\System\EnzXspN.exe
  C:\Windows\System\EnzXspN.exe
  2⤵
  PID:6580
- C:\Windows\System\ZIvsEaB.exe
  C:\Windows\System\ZIvsEaB.exe
  2⤵
  PID:6628
- C:\Windows\System\ViBmlES.exe
  C:\Windows\System\ViBmlES.exe
  2⤵
  PID:6656
- C:\Windows\System\iJrUjMT.exe
  C:\Windows\System\iJrUjMT.exe
  2⤵
  PID:6696
- C:\Windows\System\DDNwICj.exe
  C:\Windows\System\DDNwICj.exe
  2⤵
  PID:6764
- C:\Windows\System\HtkQcdY.exe
  C:\Windows\System\HtkQcdY.exe
  2⤵
  PID:6772
- C:\Windows\System\VQrImKw.exe
  C:\Windows\System\VQrImKw.exe
  2⤵
  PID:6708
- C:\Windows\System\undByBD.exe
  C:\Windows\System\undByBD.exe
  2⤵
  PID:6804
- C:\Windows\System\JucrjAi.exe
  C:\Windows\System\JucrjAi.exe
  2⤵
  PID:6824
- C:\Windows\System\twxeAhj.exe
  C:\Windows\System\twxeAhj.exe
  2⤵
  PID:584
- C:\Windows\System\CEBlPKK.exe
  C:\Windows\System\CEBlPKK.exe
  2⤵
  PID:6852
- C:\Windows\System\BYUeOLO.exe
  C:\Windows\System\BYUeOLO.exe
  2⤵
  PID:6896
- C:\Windows\System\lJetUjY.exe
  C:\Windows\System\lJetUjY.exe
  2⤵
  PID:6916
- C:\Windows\System\NwjSaVZ.exe
  C:\Windows\System\NwjSaVZ.exe
  2⤵
  PID:6964
- C:\Windows\System\HkmijwC.exe
  C:\Windows\System\HkmijwC.exe
  2⤵
  PID:7012
- C:\Windows\System\jKHJiWk.exe
  C:\Windows\System\jKHJiWk.exe
  2⤵
  PID:7032
- C:\Windows\System\xtZNgSL.exe
  C:\Windows\System\xtZNgSL.exe
  2⤵
  PID:7048
- C:\Windows\System\UEcXTIv.exe
  C:\Windows\System\UEcXTIv.exe
  2⤵
  PID:7112
- C:\Windows\System\UvrpkMQ.exe
  C:\Windows\System\UvrpkMQ.exe
  2⤵
  PID:5568
- C:\Windows\System\fwzrMFC.exe
  C:\Windows\System\fwzrMFC.exe
  2⤵
  PID:6192
- C:\Windows\System\TBysWzL.exe
  C:\Windows\System\TBysWzL.exe
  2⤵
  PID:6268
- C:\Windows\System\vAVdfeL.exe
  C:\Windows\System\vAVdfeL.exe
  2⤵
  PID:6148
- C:\Windows\System\BNDGScV.exe
  C:\Windows\System\BNDGScV.exe
  2⤵
  PID:6356
- C:\Windows\System\absIfkQ.exe
  C:\Windows\System\absIfkQ.exe
  2⤵
  PID:6360
- C:\Windows\System\gmvhVty.exe
  C:\Windows\System\gmvhVty.exe
  2⤵
  PID:6344
- C:\Windows\System\GrMHgsH.exe
  C:\Windows\System\GrMHgsH.exe
  2⤵
  PID:6448
- C:\Windows\System\HVPjSQg.exe
  C:\Windows\System\HVPjSQg.exe
  2⤵
  PID:6536
- C:\Windows\System\IqMSmgs.exe
  C:\Windows\System\IqMSmgs.exe
  2⤵
  PID:6500
- C:\Windows\System\zQLXhca.exe
  C:\Windows\System\zQLXhca.exe
  2⤵
  PID:6564
- C:\Windows\System\etLEzvk.exe
  C:\Windows\System\etLEzvk.exe
  2⤵
  PID:6632
- C:\Windows\System\XlStAnx.exe
  C:\Windows\System\XlStAnx.exe
  2⤵
  PID:6736
- C:\Windows\System\dqeyTZL.exe
  C:\Windows\System\dqeyTZL.exe
  2⤵
  PID:6868
- C:\Windows\System\MTePdwR.exe
  C:\Windows\System\MTePdwR.exe
  2⤵
  PID:6992
- C:\Windows\System\KwSSlsZ.exe
  C:\Windows\System\KwSSlsZ.exe
  2⤵
  PID:7064
- C:\Windows\System\FBsFgiq.exe
  C:\Windows\System\FBsFgiq.exe
  2⤵
  PID:7028
- C:\Windows\System\dVXCdee.exe
  C:\Windows\System\dVXCdee.exe
  2⤵
  PID:6792
- C:\Windows\System\DDIBMLX.exe
  C:\Windows\System\DDIBMLX.exe
  2⤵
  PID:6692
- C:\Windows\System\ycEnVfP.exe
  C:\Windows\System\ycEnVfP.exe
  2⤵
  PID:6932
- C:\Windows\System\UzjaLpU.exe
  C:\Windows\System\UzjaLpU.exe
  2⤵
  PID:7052
- C:\Windows\System\iijIUZY.exe
  C:\Windows\System\iijIUZY.exe
  2⤵
  PID:7132
- C:\Windows\System\BUNSOpu.exe
  C:\Windows\System\BUNSOpu.exe
  2⤵
  PID:6224
- C:\Windows\System\QsXozKu.exe
  C:\Windows\System\QsXozKu.exe
  2⤵
  PID:6392
- C:\Windows\System\WgXiLBT.exe
  C:\Windows\System\WgXiLBT.exe
  2⤵
  PID:6728
- C:\Windows\System\SFmswkH.exe
  C:\Windows\System\SFmswkH.exe
  2⤵
  PID:6496
- C:\Windows\System\XqirJUc.exe
  C:\Windows\System\XqirJUc.exe
  2⤵
  PID:5548
- C:\Windows\System\hWGhpsR.exe
  C:\Windows\System\hWGhpsR.exe
  2⤵
  PID:6944
- C:\Windows\System\juJszhR.exe
  C:\Windows\System\juJszhR.exe
  2⤵
  PID:5768
- C:\Windows\System\pCjXLzN.exe
  C:\Windows\System\pCjXLzN.exe
  2⤵
  PID:6388
- C:\Windows\System\owEOSMn.exe
  C:\Windows\System\owEOSMn.exe
  2⤵
  PID:4148
- C:\Windows\System\HHUZhfx.exe
  C:\Windows\System\HHUZhfx.exe
  2⤵
  PID:6328
- C:\Windows\System\pzoPmne.exe
  C:\Windows\System\pzoPmne.exe
  2⤵
  PID:6380
- C:\Windows\System\SWNSryE.exe
  C:\Windows\System\SWNSryE.exe
  2⤵
  PID:7120
- C:\Windows\System\XfbKfnV.exe
  C:\Windows\System\XfbKfnV.exe
  2⤵
  PID:6412
- C:\Windows\System\ezbarzI.exe
  C:\Windows\System\ezbarzI.exe
  2⤵
  PID:6432
- C:\Windows\System\ovtnUri.exe
  C:\Windows\System\ovtnUri.exe
  2⤵
  PID:7104
- C:\Windows\System\pxSMpQF.exe
  C:\Windows\System\pxSMpQF.exe
  2⤵
  PID:700
- C:\Windows\System\NnJvDFA.exe
  C:\Windows\System\NnJvDFA.exe
  2⤵
  PID:6712
- C:\Windows\System\aSZcCOF.exe
  C:\Windows\System\aSZcCOF.exe
  2⤵
  PID:6284
- C:\Windows\System\YogpiTH.exe
  C:\Windows\System\YogpiTH.exe
  2⤵
  PID:6620
- C:\Windows\System\ErAkKvs.exe
  C:\Windows\System\ErAkKvs.exe
  2⤵
  PID:4416
- C:\Windows\System\NdQNEGA.exe
  C:\Windows\System\NdQNEGA.exe
  2⤵
  PID:6976
- C:\Windows\System\LyHsWWG.exe
  C:\Windows\System\LyHsWWG.exe
  2⤵
  PID:6160
- C:\Windows\System\JfhvAtr.exe
  C:\Windows\System\JfhvAtr.exe
  2⤵
  PID:6436
- C:\Windows\System\ZKQJgPy.exe
  C:\Windows\System\ZKQJgPy.exe
  2⤵
  PID:6872
- C:\Windows\System\dfMoLRY.exe
  C:\Windows\System\dfMoLRY.exe
  2⤵
  PID:2792
- C:\Windows\System\nyfPovH.exe
  C:\Windows\System\nyfPovH.exe
  2⤵
  PID:7176
- C:\Windows\System\XXkDClr.exe
  C:\Windows\System\XXkDClr.exe
  2⤵
  PID:7196
- C:\Windows\System\RzgtojD.exe
  C:\Windows\System\RzgtojD.exe
  2⤵
  PID:7220
- C:\Windows\System\FGjoGOu.exe
  C:\Windows\System\FGjoGOu.exe
  2⤵
  PID:7256
- C:\Windows\System\qeDKUNq.exe
  C:\Windows\System\qeDKUNq.exe
  2⤵
  PID:7276
- C:\Windows\System\Tuokjyw.exe
  C:\Windows\System\Tuokjyw.exe
  2⤵
  PID:7292
- C:\Windows\System\qZJidCe.exe
  C:\Windows\System\qZJidCe.exe
  2⤵
  PID:7308
- C:\Windows\System\apgMFoI.exe
  C:\Windows\System\apgMFoI.exe
  2⤵
  PID:7328
- C:\Windows\System\LdOvFfG.exe
  C:\Windows\System\LdOvFfG.exe
  2⤵
  PID:7348
- C:\Windows\System\hjHXrhu.exe
  C:\Windows\System\hjHXrhu.exe
  2⤵
  PID:7364
- C:\Windows\System\IhtIjSq.exe
  C:\Windows\System\IhtIjSq.exe
  2⤵
  PID:7380
- C:\Windows\System\GxwsTlX.exe
  C:\Windows\System\GxwsTlX.exe
  2⤵
  PID:7396
- C:\Windows\System\pAeMqGD.exe
  C:\Windows\System\pAeMqGD.exe
  2⤵
  PID:7412
- C:\Windows\System\LZFkUmd.exe
  C:\Windows\System\LZFkUmd.exe
  2⤵
  PID:7428
- C:\Windows\System\wGAkkys.exe
  C:\Windows\System\wGAkkys.exe
  2⤵
  PID:7476
- C:\Windows\System\qlHmMIM.exe
  C:\Windows\System\qlHmMIM.exe
  2⤵
  PID:7496
- C:\Windows\System\RHVrOJr.exe
  C:\Windows\System\RHVrOJr.exe
  2⤵
  PID:7512
- C:\Windows\System\HYHVaqD.exe
  C:\Windows\System\HYHVaqD.exe
  2⤵
  PID:7532
- C:\Windows\System\njSxBll.exe
  C:\Windows\System\njSxBll.exe
  2⤵
  PID:7556
- C:\Windows\System\OCtuJfU.exe
  C:\Windows\System\OCtuJfU.exe
  2⤵
  PID:7572
- C:\Windows\System\pQxWUIz.exe
  C:\Windows\System\pQxWUIz.exe
  2⤵
  PID:7592
- C:\Windows\System\PrdjsQu.exe
  C:\Windows\System\PrdjsQu.exe
  2⤵
  PID:7608
- C:\Windows\System\xEKZuCx.exe
  C:\Windows\System\xEKZuCx.exe
  2⤵
  PID:7624
- C:\Windows\System\lAXUnGJ.exe
  C:\Windows\System\lAXUnGJ.exe
  2⤵
  PID:7640
- C:\Windows\System\fwRolpe.exe
  C:\Windows\System\fwRolpe.exe
  2⤵
  PID:7656
- C:\Windows\System\wAsmgDD.exe
  C:\Windows\System\wAsmgDD.exe
  2⤵
  PID:7672
- C:\Windows\System\QdojCQE.exe
  C:\Windows\System\QdojCQE.exe
  2⤵
  PID:7712
- C:\Windows\System\FqygxuO.exe
  C:\Windows\System\FqygxuO.exe
  2⤵
  PID:7728
- C:\Windows\System\hhHljJL.exe
  C:\Windows\System\hhHljJL.exe
  2⤵
  PID:7744
- C:\Windows\System\sQTZWVm.exe
  C:\Windows\System\sQTZWVm.exe
  2⤵
  PID:7760
- C:\Windows\System\HvNzbdq.exe
  C:\Windows\System\HvNzbdq.exe
  2⤵
  PID:7776
- C:\Windows\System\DUUmvqC.exe
  C:\Windows\System\DUUmvqC.exe
  2⤵
  PID:7792
- C:\Windows\System\dqyOTnT.exe
  C:\Windows\System\dqyOTnT.exe
  2⤵
  PID:7808
- C:\Windows\System\dXEPANQ.exe
  C:\Windows\System\dXEPANQ.exe
  2⤵
  PID:7824
- C:\Windows\System\YJGVCQG.exe
  C:\Windows\System\YJGVCQG.exe
  2⤵
  PID:7844
- C:\Windows\System\gYAcOWc.exe
  C:\Windows\System\gYAcOWc.exe
  2⤵
  PID:7860
- C:\Windows\System\LFAqEJP.exe
  C:\Windows\System\LFAqEJP.exe
  2⤵
  PID:7888
- C:\Windows\System\MJsLHDB.exe
  C:\Windows\System\MJsLHDB.exe
  2⤵
  PID:7908
- C:\Windows\System\QpkbBoN.exe
  C:\Windows\System\QpkbBoN.exe
  2⤵
  PID:7928
- C:\Windows\System\vWUdodg.exe
  C:\Windows\System\vWUdodg.exe
  2⤵
  PID:7944
- C:\Windows\System\lsOEZUf.exe
  C:\Windows\System\lsOEZUf.exe
  2⤵
  PID:7964
- C:\Windows\System\VakwAcP.exe
  C:\Windows\System\VakwAcP.exe
  2⤵
  PID:7984
- C:\Windows\System\Gamagcs.exe
  C:\Windows\System\Gamagcs.exe
  2⤵
  PID:8004
- C:\Windows\System\GOfEizE.exe
  C:\Windows\System\GOfEizE.exe
  2⤵
  PID:8020
- C:\Windows\System\JCkjWZP.exe
  C:\Windows\System\JCkjWZP.exe
  2⤵
  PID:8036
- C:\Windows\System\TRixgyO.exe
  C:\Windows\System\TRixgyO.exe
  2⤵
  PID:8052
- C:\Windows\System\jyXSqwx.exe
  C:\Windows\System\jyXSqwx.exe
  2⤵
  PID:8068
- C:\Windows\System\gJLpZsC.exe
  C:\Windows\System\gJLpZsC.exe
  2⤵
  PID:8084
- C:\Windows\System\qiJCvZN.exe
  C:\Windows\System\qiJCvZN.exe
  2⤵
  PID:8168
- C:\Windows\System\KBkpYYa.exe
  C:\Windows\System\KBkpYYa.exe
  2⤵
  PID:8184
- C:\Windows\System\GEmoZZF.exe
  C:\Windows\System\GEmoZZF.exe
  2⤵
  PID:6636
- C:\Windows\System\dSosmHM.exe
  C:\Windows\System\dSosmHM.exe
  2⤵
  PID:1828
- C:\Windows\System\LMEJvve.exe
  C:\Windows\System\LMEJvve.exe
  2⤵
  PID:7216
- C:\Windows\System\bafxYRx.exe
  C:\Windows\System\bafxYRx.exe
  2⤵
  PID:7000
- C:\Windows\System\PLdzEoI.exe
  C:\Windows\System\PLdzEoI.exe
  2⤵
  PID:7248
- C:\Windows\System\OMtCBib.exe
  C:\Windows\System\OMtCBib.exe
  2⤵
  PID:7240
- C:\Windows\System\WmEAPan.exe
  C:\Windows\System\WmEAPan.exe
  2⤵
  PID:7284
- C:\Windows\System\xuLYBCC.exe
  C:\Windows\System\xuLYBCC.exe
  2⤵
  PID:7268
- C:\Windows\System\OLLhsVp.exe
  C:\Windows\System\OLLhsVp.exe
  2⤵
  PID:7336
- C:\Windows\System\XqbXZJp.exe
  C:\Windows\System\XqbXZJp.exe
  2⤵
  PID:7404
- C:\Windows\System\idSUiFd.exe
  C:\Windows\System\idSUiFd.exe
  2⤵
  PID:7456
- C:\Windows\System\AxEeLOv.exe
  C:\Windows\System\AxEeLOv.exe
  2⤵
  PID:7436
- C:\Windows\System\vpGJJOF.exe
  C:\Windows\System\vpGJJOF.exe
  2⤵
  PID:7488
- C:\Windows\System\bqnIRlT.exe
  C:\Windows\System\bqnIRlT.exe
  2⤵
  PID:7504
- C:\Windows\System\UgSwgaa.exe
  C:\Windows\System\UgSwgaa.exe
  2⤵
  PID:7528
- C:\Windows\System\ySIqSuD.exe
  C:\Windows\System\ySIqSuD.exe
  2⤵
  PID:7580
- C:\Windows\System\fIJSQAy.exe
  C:\Windows\System\fIJSQAy.exe
  2⤵
  PID:7616
- C:\Windows\System\JpYuYMS.exe
  C:\Windows\System\JpYuYMS.exe
  2⤵
  PID:7664
- C:\Windows\System\pFgjaBI.exe
  C:\Windows\System\pFgjaBI.exe
  2⤵
  PID:7684
- C:\Windows\System\kAxCdVC.exe
  C:\Windows\System\kAxCdVC.exe
  2⤵
  PID:7756
- C:\Windows\System\iokLWTx.exe
  C:\Windows\System\iokLWTx.exe
  2⤵
  PID:7820
- C:\Windows\System\JDRHRkG.exe
  C:\Windows\System\JDRHRkG.exe
  2⤵
  PID:7900
- C:\Windows\System\DviWYES.exe
  C:\Windows\System\DviWYES.exe
  2⤵
  PID:8012
- C:\Windows\System\lIzlKBO.exe
  C:\Windows\System\lIzlKBO.exe
  2⤵
  PID:7836
- C:\Windows\System\lBdGiLp.exe
  C:\Windows\System\lBdGiLp.exe
  2⤵
  PID:8060
- C:\Windows\System\ClFxrij.exe
  C:\Windows\System\ClFxrij.exe
  2⤵
  PID:7876
- C:\Windows\System\NHHNQTR.exe
  C:\Windows\System\NHHNQTR.exe
  2⤵
  PID:7992
- C:\Windows\System\CCMjFVV.exe
  C:\Windows\System\CCMjFVV.exe
  2⤵
  PID:8032
- C:\Windows\System\xkHjlHU.exe
  C:\Windows\System\xkHjlHU.exe
  2⤵
  PID:7916
- C:\Windows\System\ITvimqs.exe
  C:\Windows\System\ITvimqs.exe
  2⤵
  PID:7804
- C:\Windows\System\FOFBykz.exe
  C:\Windows\System\FOFBykz.exe
  2⤵
  PID:7736
- C:\Windows\System\ejYBfNl.exe
  C:\Windows\System\ejYBfNl.exe
  2⤵
  PID:8132
- C:\Windows\System\KHxNLHZ.exe
  C:\Windows\System\KHxNLHZ.exe
  2⤵
  PID:8160
- C:\Windows\System\bDYukGq.exe
  C:\Windows\System\bDYukGq.exe
  2⤵
  PID:8148
- C:\Windows\System\wjEvjOy.exe
  C:\Windows\System\wjEvjOy.exe
  2⤵
  PID:6484
- C:\Windows\System\jazqGaB.exe
  C:\Windows\System\jazqGaB.exe
  2⤵
  PID:7236
- C:\Windows\System\FTuJvBq.exe
  C:\Windows\System\FTuJvBq.exe
  2⤵
  PID:7372
- C:\Windows\System\aNtqKTo.exe
  C:\Windows\System\aNtqKTo.exe
  2⤵
  PID:7324
- C:\Windows\System\yKNTjAP.exe
  C:\Windows\System\yKNTjAP.exe
  2⤵
  PID:7356
- C:\Windows\System\RJurFpJ.exe
  C:\Windows\System\RJurFpJ.exe
  2⤵
  PID:7392
- C:\Windows\System\WRfQuXe.exe
  C:\Windows\System\WRfQuXe.exe
  2⤵
  PID:7212
- C:\Windows\System\IbAqVaI.exe
  C:\Windows\System\IbAqVaI.exe
  2⤵
  PID:7520
- C:\Windows\System\gmcBMMu.exe
  C:\Windows\System\gmcBMMu.exe
  2⤵
  PID:7448
- C:\Windows\System\XQkKFxw.exe
  C:\Windows\System\XQkKFxw.exe
  2⤵
  PID:7604
- C:\Windows\System\qhfiOIh.exe
  C:\Windows\System\qhfiOIh.exe
  2⤵
  PID:7564
- C:\Windows\System\skwEMgm.exe
  C:\Windows\System\skwEMgm.exe
  2⤵
  PID:7724
- C:\Windows\System\TExbqfg.exe
  C:\Windows\System\TExbqfg.exe
  2⤵
  PID:8044
- C:\Windows\System\HAJckTC.exe
  C:\Windows\System\HAJckTC.exe
  2⤵
  PID:7940
- C:\Windows\System\FpEFrgf.exe
  C:\Windows\System\FpEFrgf.exe
  2⤵
  PID:8076
- C:\Windows\System\wZWoEfX.exe
  C:\Windows\System\wZWoEfX.exe
  2⤵
  PID:7872
- C:\Windows\System\IZaNunX.exe
  C:\Windows\System\IZaNunX.exe
  2⤵
  PID:7832
- C:\Windows\System\ezlNvvn.exe
  C:\Windows\System\ezlNvvn.exe
  2⤵
  PID:8128
- C:\Windows\System\WCAFhTq.exe
  C:\Windows\System\WCAFhTq.exe
  2⤵
  PID:7740
- C:\Windows\System\SbowStd.exe
  C:\Windows\System\SbowStd.exe
  2⤵
  PID:7768
- C:\Windows\System\hXgNvbW.exe
  C:\Windows\System\hXgNvbW.exe
  2⤵
  PID:6732
- C:\Windows\System\RGzZtMP.exe
  C:\Windows\System\RGzZtMP.exe
  2⤵
  PID:7232
- C:\Windows\System\IuyVAuH.exe
  C:\Windows\System\IuyVAuH.exe
  2⤵
  PID:1560
- C:\Windows\System\HvItRhR.exe
  C:\Windows\System\HvItRhR.exe
  2⤵
  PID:7376
- C:\Windows\System\VgDvGnt.exe
  C:\Windows\System\VgDvGnt.exe
  2⤵
  PID:7424
- C:\Windows\System\wIjmucZ.exe
  C:\Windows\System\wIjmucZ.exe
  2⤵
  PID:7696
- C:\Windows\System\tHNIxUE.exe
  C:\Windows\System\tHNIxUE.exe
  2⤵
  PID:7452
- C:\Windows\System\YUYKWYc.exe
  C:\Windows\System\YUYKWYc.exe
  2⤵
  PID:7852
- C:\Windows\System\PJVgZJu.exe
  C:\Windows\System\PJVgZJu.exe
  2⤵
  PID:7788
- C:\Windows\System\zZXCjla.exe
  C:\Windows\System\zZXCjla.exe
  2⤵
  PID:7960
- C:\Windows\System\IxqKrqJ.exe
  C:\Windows\System\IxqKrqJ.exe
  2⤵
  PID:448
- C:\Windows\System\VtpyqER.exe
  C:\Windows\System\VtpyqER.exe
  2⤵
  PID:7228
- C:\Windows\System\tAzUWHf.exe
  C:\Windows\System\tAzUWHf.exe
  2⤵
  PID:7552
- C:\Windows\System\RJBRlAt.exe
  C:\Windows\System\RJBRlAt.exe
  2⤵
  PID:7544
- C:\Windows\System\RfJIZpz.exe
  C:\Windows\System\RfJIZpz.exe
  2⤵
  PID:8116
- C:\Windows\System\ALuAugZ.exe
  C:\Windows\System\ALuAugZ.exe
  2⤵
  PID:7192
- C:\Windows\System\YhOVtsH.exe
  C:\Windows\System\YhOVtsH.exe
  2⤵
  PID:7956
- C:\Windows\System\GysFXVo.exe
  C:\Windows\System\GysFXVo.exe
  2⤵
  PID:7680
- C:\Windows\System\GiOgrEf.exe
  C:\Windows\System\GiOgrEf.exe
  2⤵
  PID:6912
- C:\Windows\System\sIJywCI.exe
  C:\Windows\System\sIJywCI.exe
  2⤵
  PID:7648
- C:\Windows\System\BdegtjY.exe
  C:\Windows\System\BdegtjY.exe
  2⤵
  PID:7304
- C:\Windows\System\rOfyetR.exe
  C:\Windows\System\rOfyetR.exe
  2⤵
  PID:7980
- C:\Windows\System\uXaRdmA.exe
  C:\Windows\System\uXaRdmA.exe
  2⤵
  PID:7472
- C:\Windows\System\OiTUVxt.exe
  C:\Windows\System\OiTUVxt.exe
  2⤵
  PID:7704
- C:\Windows\System\HOuZsAf.exe
  C:\Windows\System\HOuZsAf.exe
  2⤵
  PID:1684
- C:\Windows\System\WgShJSq.exe
  C:\Windows\System\WgShJSq.exe
  2⤵
  PID:6820
- C:\Windows\System\vyVdmkR.exe
  C:\Windows\System\vyVdmkR.exe
  2⤵
  PID:7772
- C:\Windows\System\gAIQWkf.exe
  C:\Windows\System\gAIQWkf.exe
  2⤵
  PID:8108
- C:\Windows\System\weSXvdd.exe
  C:\Windows\System\weSXvdd.exe
  2⤵
  PID:5820
- C:\Windows\System\nalMsCx.exe
  C:\Windows\System\nalMsCx.exe
  2⤵
  PID:8176
- C:\Windows\System\KOsWhEc.exe
  C:\Windows\System\KOsWhEc.exe
  2⤵
  PID:7264
- C:\Windows\System\UWdWPoT.exe
  C:\Windows\System\UWdWPoT.exe
  2⤵
  PID:8204
- C:\Windows\System\bteBnCo.exe
  C:\Windows\System\bteBnCo.exe
  2⤵
  PID:8224
- C:\Windows\System\WrsRINR.exe
  C:\Windows\System\WrsRINR.exe
  2⤵
  PID:8244
- C:\Windows\System\tVReQSs.exe
  C:\Windows\System\tVReQSs.exe
  2⤵
  PID:8268
- C:\Windows\System\hOyPIxZ.exe
  C:\Windows\System\hOyPIxZ.exe
  2⤵
  PID:8284
- C:\Windows\System\yEJtQwL.exe
  C:\Windows\System\yEJtQwL.exe
  2⤵
  PID:8308
- C:\Windows\System\jfvTEbj.exe
  C:\Windows\System\jfvTEbj.exe
  2⤵
  PID:8324
- C:\Windows\System\IJkxxAr.exe
  C:\Windows\System\IJkxxAr.exe
  2⤵
  PID:8348
- C:\Windows\System\LcxNaMt.exe
  C:\Windows\System\LcxNaMt.exe
  2⤵
  PID:8368
- C:\Windows\System\MRtAXBG.exe
  C:\Windows\System\MRtAXBG.exe
  2⤵
  PID:8388
- C:\Windows\System\eMgrOoK.exe
  C:\Windows\System\eMgrOoK.exe
  2⤵
  PID:8424
- C:\Windows\System\rzryuGL.exe
  C:\Windows\System\rzryuGL.exe
  2⤵
  PID:8440
- C:\Windows\System\DpWHMXC.exe
  C:\Windows\System\DpWHMXC.exe
  2⤵
  PID:8456
- C:\Windows\System\cbgnMwx.exe
  C:\Windows\System\cbgnMwx.exe
  2⤵
  PID:8472
- C:\Windows\System\TBwagfO.exe
  C:\Windows\System\TBwagfO.exe
  2⤵
  PID:8488
- C:\Windows\System\mQHgDYX.exe
  C:\Windows\System\mQHgDYX.exe
  2⤵
  PID:8516
- C:\Windows\System\UHZnNcq.exe
  C:\Windows\System\UHZnNcq.exe
  2⤵
  PID:8532
- C:\Windows\System\UAZDxlK.exe
  C:\Windows\System\UAZDxlK.exe
  2⤵
  PID:8608
- C:\Windows\System\qNydkQn.exe
  C:\Windows\System\qNydkQn.exe
  2⤵
  PID:8624
- C:\Windows\System\gwCXngh.exe
  C:\Windows\System\gwCXngh.exe
  2⤵
  PID:8644
- C:\Windows\System\KdBxidI.exe
  C:\Windows\System\KdBxidI.exe
  2⤵
  PID:8668
- C:\Windows\System\cSPcVmp.exe
  C:\Windows\System\cSPcVmp.exe
  2⤵
  PID:8688
- C:\Windows\System\ZjZdxjM.exe
  C:\Windows\System\ZjZdxjM.exe
  2⤵
  PID:8704
- C:\Windows\System\Zmihzgj.exe
  C:\Windows\System\Zmihzgj.exe
  2⤵
  PID:8720
- C:\Windows\System\pJlFXeq.exe
  C:\Windows\System\pJlFXeq.exe
  2⤵
  PID:8736
- C:\Windows\System\HuQONCl.exe
  C:\Windows\System\HuQONCl.exe
  2⤵
  PID:8752
- C:\Windows\System\BCPohbE.exe
  C:\Windows\System\BCPohbE.exe
  2⤵
  PID:8768
- C:\Windows\System\pgqiNuZ.exe
  C:\Windows\System\pgqiNuZ.exe
  2⤵
  PID:8792
- C:\Windows\System\OuthbfP.exe
  C:\Windows\System\OuthbfP.exe
  2⤵
  PID:8824
- C:\Windows\System\SrJDOli.exe
  C:\Windows\System\SrJDOli.exe
  2⤵
  PID:8840
- C:\Windows\System\PpqwMxU.exe
  C:\Windows\System\PpqwMxU.exe
  2⤵
  PID:8860
- C:\Windows\System\RVgOkuf.exe
  C:\Windows\System\RVgOkuf.exe
  2⤵
  PID:8880
- C:\Windows\System\FiiTSam.exe
  C:\Windows\System\FiiTSam.exe
  2⤵
  PID:8900
- C:\Windows\System\sbKrPJf.exe
  C:\Windows\System\sbKrPJf.exe
  2⤵
  PID:8920
- C:\Windows\System\akzpoYG.exe
  C:\Windows\System\akzpoYG.exe
  2⤵
  PID:8940
- C:\Windows\System\tfOxFmM.exe
  C:\Windows\System\tfOxFmM.exe
  2⤵
  PID:8960
- C:\Windows\System\PTpAMxA.exe
  C:\Windows\System\PTpAMxA.exe
  2⤵
  PID:8984
- C:\Windows\System\igYvUQe.exe
  C:\Windows\System\igYvUQe.exe
  2⤵
  PID:9000
- C:\Windows\System\BbMhppi.exe
  C:\Windows\System\BbMhppi.exe
  2⤵
  PID:9024
- C:\Windows\System\HiIyxxY.exe
  C:\Windows\System\HiIyxxY.exe
  2⤵
  PID:9040
- C:\Windows\System\BJyTOty.exe
  C:\Windows\System\BJyTOty.exe
  2⤵
  PID:9068
- C:\Windows\System\oMZYojq.exe
  C:\Windows\System\oMZYojq.exe
  2⤵
  PID:9092
- C:\Windows\System\pTTymGd.exe
  C:\Windows\System\pTTymGd.exe
  2⤵
  PID:9108
- C:\Windows\System\Mfqyuxe.exe
  C:\Windows\System\Mfqyuxe.exe
  2⤵
  PID:9128
- C:\Windows\System\EtptSok.exe
  C:\Windows\System\EtptSok.exe
  2⤵
  PID:9144
- C:\Windows\System\yhkdHXs.exe
  C:\Windows\System\yhkdHXs.exe
  2⤵
  PID:9172
- C:\Windows\System\FkKFNeG.exe
  C:\Windows\System\FkKFNeG.exe
  2⤵
  PID:9188
- C:\Windows\System\QioZgSB.exe
  C:\Windows\System\QioZgSB.exe
  2⤵
  PID:9208
- C:\Windows\System\CMItGRH.exe
  C:\Windows\System\CMItGRH.exe
  2⤵
  PID:8236
- C:\Windows\System\ZNvkrwI.exe
  C:\Windows\System\ZNvkrwI.exe
  2⤵
  PID:8212
- C:\Windows\System\wVPaMcu.exe
  C:\Windows\System\wVPaMcu.exe
  2⤵
  PID:8260
- C:\Windows\System\MOVPeWP.exe
  C:\Windows\System\MOVPeWP.exe
  2⤵
  PID:8304
- C:\Windows\System\ENehzCY.exe
  C:\Windows\System\ENehzCY.exe
  2⤵
  PID:8344
- C:\Windows\System\acbGbRi.exe
  C:\Windows\System\acbGbRi.exe
  2⤵
  PID:8360
- C:\Windows\System\creLyaw.exe
  C:\Windows\System\creLyaw.exe
  2⤵
  PID:8384
- C:\Windows\System\uTQfoKK.exe
  C:\Windows\System\uTQfoKK.exe
  2⤵
  PID:8452
- C:\Windows\System\ZdhavyX.exe
  C:\Windows\System\ZdhavyX.exe
  2⤵
  PID:8528
- C:\Windows\System\swRsOEi.exe
  C:\Windows\System\swRsOEi.exe
  2⤵
  PID:8496
- C:\Windows\System\eolHqIK.exe
  C:\Windows\System\eolHqIK.exe
  2⤵
  PID:8552
- C:\Windows\System\PYBVoxX.exe
  C:\Windows\System\PYBVoxX.exe
  2⤵
  PID:8616
- C:\Windows\System\mscMqDy.exe
  C:\Windows\System\mscMqDy.exe
  2⤵
  PID:8652
- C:\Windows\System\khiTLRG.exe
  C:\Windows\System\khiTLRG.exe
  2⤵
  PID:8680
- C:\Windows\System\RoSMnNa.exe
  C:\Windows\System\RoSMnNa.exe
  2⤵
  PID:8748
- C:\Windows\System\TmuADRm.exe
  C:\Windows\System\TmuADRm.exe
  2⤵
  PID:8728
- C:\Windows\System\HEOLVdg.exe
  C:\Windows\System\HEOLVdg.exe
  2⤵
  PID:8700
- C:\Windows\System\kzyGefo.exe
  C:\Windows\System\kzyGefo.exe
  2⤵
  PID:8836
- C:\Windows\System\DQHscdY.exe
  C:\Windows\System\DQHscdY.exe
  2⤵
  PID:8816
- C:\Windows\System\DmpKcTO.exe
  C:\Windows\System\DmpKcTO.exe
  2⤵
  PID:8916
- C:\Windows\System\ObOWFaV.exe
  C:\Windows\System\ObOWFaV.exe
  2⤵
  PID:8896
- C:\Windows\System\rbxloqI.exe
  C:\Windows\System\rbxloqI.exe
  2⤵
  PID:8952
- C:\Windows\System\WhigbeS.exe
  C:\Windows\System\WhigbeS.exe
  2⤵
  PID:8996
- C:\Windows\System\HzaKLlW.exe
  C:\Windows\System\HzaKLlW.exe
  2⤵
  PID:8976
- C:\Windows\System\PmEkaKs.exe
  C:\Windows\System\PmEkaKs.exe
  2⤵
  PID:9036
- C:\Windows\System\ScVkZMa.exe
  C:\Windows\System\ScVkZMa.exe
  2⤵
  PID:8604
- C:\Windows\System\iXBxILD.exe
  C:\Windows\System\iXBxILD.exe
  2⤵
  PID:9084
- C:\Windows\System\PTtMNgz.exe
  C:\Windows\System\PTtMNgz.exe
  2⤵
  PID:9104
- C:\Windows\System\ZelRkqw.exe
  C:\Windows\System\ZelRkqw.exe
  2⤵
  PID:9156
- C:\Windows\System\AepyRXE.exe
  C:\Windows\System\AepyRXE.exe
  2⤵
  PID:9196
- C:\Windows\System\IopLMmB.exe
  C:\Windows\System\IopLMmB.exe
  2⤵
  PID:8200
- C:\Windows\System\rMaiSLD.exe
  C:\Windows\System\rMaiSLD.exe
  2⤵
  PID:8100
- C:\Windows\System\rLqcGyc.exe
  C:\Windows\System\rLqcGyc.exe
  2⤵
  PID:8276
- C:\Windows\System\cOpkEka.exe
  C:\Windows\System\cOpkEka.exe
  2⤵
  PID:8320
- C:\Windows\System\QHrNWrx.exe
  C:\Windows\System\QHrNWrx.exe
  2⤵
  PID:8480
- C:\Windows\System\UcoLFXa.exe
  C:\Windows\System\UcoLFXa.exe
  2⤵
  PID:8504
- C:\Windows\System\fibqXRl.exe
  C:\Windows\System\fibqXRl.exe
  2⤵
  PID:8548
- C:\Windows\System\tvDqcJD.exe
  C:\Windows\System\tvDqcJD.exe
  2⤵
  PID:8640
- C:\Windows\System\dOZAtPy.exe
  C:\Windows\System\dOZAtPy.exe
  2⤵
  PID:8684
- C:\Windows\System\lxazfUR.exe
  C:\Windows\System\lxazfUR.exe
  2⤵
  PID:8760
- C:\Windows\System\mBYZNoO.exe
  C:\Windows\System\mBYZNoO.exe
  2⤵
  PID:8872
- C:\Windows\System\SNTlIaZ.exe
  C:\Windows\System\SNTlIaZ.exe
  2⤵
  PID:8800
- C:\Windows\System\TnMYmuV.exe
  C:\Windows\System\TnMYmuV.exe
  2⤵
  PID:8932
- C:\Windows\System\kMMdzXq.exe
  C:\Windows\System\kMMdzXq.exe
  2⤵
  PID:9124
- C:\Windows\System\HUHznkt.exe
  C:\Windows\System\HUHznkt.exe
  2⤵
  PID:8888
- C:\Windows\System\AsCvCXl.exe
  C:\Windows\System\AsCvCXl.exe
  2⤵
  PID:7720
- C:\Windows\System\DHqtRRF.exe
  C:\Windows\System\DHqtRRF.exe
  2⤵
  PID:9076
- C:\Windows\System\BiTOeRv.exe
  C:\Windows\System\BiTOeRv.exe
  2⤵
  PID:8936
- C:\Windows\System\ViaUQOr.exe
  C:\Windows\System\ViaUQOr.exe
  2⤵
  PID:8252
- C:\Windows\System\JTriXth.exe
  C:\Windows\System\JTriXth.exe
  2⤵
  PID:8380
- C:\Windows\System\ckxQhwg.exe
  C:\Windows\System\ckxQhwg.exe
  2⤵
  PID:8292
- C:\Windows\System\ZnCuftm.exe
  C:\Windows\System\ZnCuftm.exe
  2⤵
  PID:8632
- C:\Windows\System\CAlvPHB.exe
  C:\Windows\System\CAlvPHB.exe
  2⤵
  PID:8676
- C:\Windows\System\AqruMRT.exe
  C:\Windows\System\AqruMRT.exe
  2⤵
  PID:8876
- C:\Windows\System\oPwpsLY.exe
  C:\Windows\System\oPwpsLY.exe
  2⤵
  PID:8808
- C:\Windows\System\TsFjRan.exe
  C:\Windows\System\TsFjRan.exe
  2⤵
  PID:8968
- C:\Windows\System\DlfHtBs.exe
  C:\Windows\System\DlfHtBs.exe
  2⤵
  PID:9052
- C:\Windows\System\uENQcTa.exe
  C:\Windows\System\uENQcTa.exe
  2⤵
  PID:8336
- C:\Windows\System\colxbDM.exe
  C:\Windows\System\colxbDM.exe
  2⤵
  PID:8196
- C:\Windows\System\rZGKqtA.exe
  C:\Windows\System\rZGKqtA.exe
  2⤵
  PID:8404
- C:\Windows\System\uAxyjap.exe
  C:\Windows\System\uAxyjap.exe
  2⤵
  PID:8540
- C:\Windows\System\JBKmfPt.exe
  C:\Windows\System\JBKmfPt.exe
  2⤵
  PID:8912
- C:\Windows\System\QPTXbGJ.exe
  C:\Windows\System\QPTXbGJ.exe
  2⤵
  PID:8812
- C:\Windows\System\cGcNCjP.exe
  C:\Windows\System\cGcNCjP.exe
  2⤵
  PID:8232
- C:\Windows\System\FUgBkDl.exe
  C:\Windows\System\FUgBkDl.exe
  2⤵
  PID:9120
- C:\Windows\System\tlBrqyL.exe
  C:\Windows\System\tlBrqyL.exe
  2⤵
  PID:1004
- C:\Windows\System\XyXqzHQ.exe
  C:\Windows\System\XyXqzHQ.exe
  2⤵
  PID:8508
- C:\Windows\System\iWzsGqZ.exe
  C:\Windows\System\iWzsGqZ.exe
  2⤵
  PID:8832
- C:\Windows\System\mnTmGnC.exe
  C:\Windows\System\mnTmGnC.exe
  2⤵
  PID:9204
- C:\Windows\System\aYfMjIg.exe
  C:\Windows\System\aYfMjIg.exe
  2⤵
  PID:9056
- C:\Windows\System\YEsxmCI.exe
  C:\Windows\System\YEsxmCI.exe
  2⤵
  PID:7184
- C:\Windows\System\rJkItWU.exe
  C:\Windows\System\rJkItWU.exe
  2⤵
  PID:8256
- C:\Windows\System\hOxUpKc.exe
  C:\Windows\System\hOxUpKc.exe
  2⤵
  PID:8484
- C:\Windows\System\xXPgQNS.exe
  C:\Windows\System\xXPgQNS.exe
  2⤵
  PID:9232
- C:\Windows\System\bdHwWtk.exe
  C:\Windows\System\bdHwWtk.exe
  2⤵
  PID:9256
- C:\Windows\System\sqgKbke.exe
  C:\Windows\System\sqgKbke.exe
  2⤵
  PID:9272
- C:\Windows\System\qzkhibr.exe
  C:\Windows\System\qzkhibr.exe
  2⤵
  PID:9288
- C:\Windows\System\lOQNSdq.exe
  C:\Windows\System\lOQNSdq.exe
  2⤵
  PID:9304
- C:\Windows\System\mKyxaHB.exe
  C:\Windows\System\mKyxaHB.exe
  2⤵
  PID:9320
- C:\Windows\System\JsNSgaw.exe
  C:\Windows\System\JsNSgaw.exe
  2⤵
  PID:9336
- C:\Windows\System\LMYAFhV.exe
  C:\Windows\System\LMYAFhV.exe
  2⤵
  PID:9356
- C:\Windows\System\RtloPWR.exe
  C:\Windows\System\RtloPWR.exe
  2⤵
  PID:9380
- C:\Windows\System\VQoTvdX.exe
  C:\Windows\System\VQoTvdX.exe
  2⤵
  PID:9396
- C:\Windows\System\YjgcAvB.exe
  C:\Windows\System\YjgcAvB.exe
  2⤵
  PID:9416
- C:\Windows\System\SzunnVm.exe
  C:\Windows\System\SzunnVm.exe
  2⤵
  PID:9456
- C:\Windows\System\xpvvWft.exe
  C:\Windows\System\xpvvWft.exe
  2⤵
  PID:9472
- C:\Windows\System\RKQCOsH.exe
  C:\Windows\System\RKQCOsH.exe
  2⤵
  PID:9492
- C:\Windows\System\HgWLQFN.exe
  C:\Windows\System\HgWLQFN.exe
  2⤵
  PID:9508
- C:\Windows\System\XmZpoNQ.exe
  C:\Windows\System\XmZpoNQ.exe
  2⤵
  PID:9528
- C:\Windows\System\uHlxzRn.exe
  C:\Windows\System\uHlxzRn.exe
  2⤵
  PID:9548
- C:\Windows\System\PJLdQik.exe
  C:\Windows\System\PJLdQik.exe
  2⤵
  PID:9568
- C:\Windows\System\tXGoxsh.exe
  C:\Windows\System\tXGoxsh.exe
  2⤵
  PID:9588
- C:\Windows\System\ewyctnr.exe
  C:\Windows\System\ewyctnr.exe
  2⤵
  PID:9616
- C:\Windows\System\RXEsQZv.exe
  C:\Windows\System\RXEsQZv.exe
  2⤵
  PID:9636
- C:\Windows\System\tMypICR.exe
  C:\Windows\System\tMypICR.exe
  2⤵
  PID:9660
- C:\Windows\System\RhLwADv.exe
  C:\Windows\System\RhLwADv.exe
  2⤵
  PID:9676
- C:\Windows\System\WOBopIS.exe
  C:\Windows\System\WOBopIS.exe
  2⤵
  PID:9700
- C:\Windows\System\cwcWPBf.exe
  C:\Windows\System\cwcWPBf.exe
  2⤵
  PID:9720
- C:\Windows\System\TqqYrKP.exe
  C:\Windows\System\TqqYrKP.exe
  2⤵
  PID:9736
- C:\Windows\System\qwqsvQA.exe
  C:\Windows\System\qwqsvQA.exe
  2⤵
  PID:9760
- C:\Windows\System\vkAvpwb.exe
  C:\Windows\System\vkAvpwb.exe
  2⤵
  PID:9776
- C:\Windows\System\SXpwFDM.exe
  C:\Windows\System\SXpwFDM.exe
  2⤵
  PID:9796
- C:\Windows\System\IiRxBxm.exe
  C:\Windows\System\IiRxBxm.exe
  2⤵
  PID:9816
- C:\Windows\System\OmwMasO.exe
  C:\Windows\System\OmwMasO.exe
  2⤵
  PID:9836
- C:\Windows\System\gfcwGTJ.exe
  C:\Windows\System\gfcwGTJ.exe
  2⤵
  PID:9856
- C:\Windows\System\QjdtUZK.exe
  C:\Windows\System\QjdtUZK.exe
  2⤵
  PID:9880
- C:\Windows\System\SSmKtZd.exe
  C:\Windows\System\SSmKtZd.exe
  2⤵
  PID:9896
- C:\Windows\System\hYZEKls.exe
  C:\Windows\System\hYZEKls.exe
  2⤵
  PID:9920
- C:\Windows\System\LRJKXAB.exe
  C:\Windows\System\LRJKXAB.exe
  2⤵
  PID:9936
- C:\Windows\System\XagTDuP.exe
  C:\Windows\System\XagTDuP.exe
  2⤵
  PID:9960
- C:\Windows\System\pNlKzLZ.exe
  C:\Windows\System\pNlKzLZ.exe
  2⤵
  PID:9980
- C:\Windows\System\pVzVeov.exe
  C:\Windows\System\pVzVeov.exe
  2⤵
  PID:9996
- C:\Windows\System\eqcciDE.exe
  C:\Windows\System\eqcciDE.exe
  2⤵
  PID:10016
- C:\Windows\System\JsAzrqB.exe
  C:\Windows\System\JsAzrqB.exe
  2⤵
  PID:10032
- C:\Windows\System\KDYaVcT.exe
  C:\Windows\System\KDYaVcT.exe
  2⤵
  PID:10048
- C:\Windows\System\vINNRtC.exe
  C:\Windows\System\vINNRtC.exe
  2⤵
  PID:10068
- C:\Windows\System\rdpIXfL.exe
  C:\Windows\System\rdpIXfL.exe
  2⤵
  PID:10084
- C:\Windows\System\rTYMsLA.exe
  C:\Windows\System\rTYMsLA.exe
  2⤵
  PID:10108
- C:\Windows\System\lysGAwE.exe
  C:\Windows\System\lysGAwE.exe
  2⤵
  PID:10128
- C:\Windows\System\XTkOPbd.exe
  C:\Windows\System\XTkOPbd.exe
  2⤵
  PID:10152
- C:\Windows\System\FKQGyhd.exe
  C:\Windows\System\FKQGyhd.exe
  2⤵
  PID:10172
- C:\Windows\System\YDsGMat.exe
  C:\Windows\System\YDsGMat.exe
  2⤵
  PID:10200
- C:\Windows\System\naofPBn.exe
  C:\Windows\System\naofPBn.exe
  2⤵
  PID:10216
- C:\Windows\System\dvlYONR.exe
  C:\Windows\System\dvlYONR.exe
  2⤵
  PID:10232
- C:\Windows\System\moZkACH.exe
  C:\Windows\System\moZkACH.exe
  2⤵
  PID:9020
- C:\Windows\System\ULmCRYR.exe
  C:\Windows\System\ULmCRYR.exe
  2⤵
  PID:9228
- C:\Windows\System\amLWdsa.exe
  C:\Windows\System\amLWdsa.exe
  2⤵
  PID:9268
- C:\Windows\System\URdoTVF.exe
  C:\Windows\System\URdoTVF.exe
  2⤵
  PID:9296
- C:\Windows\System\pxmQFoy.exe
  C:\Windows\System\pxmQFoy.exe
  2⤵
  PID:9408
- C:\Windows\System\UdCgKWH.exe
  C:\Windows\System\UdCgKWH.exe
  2⤵
  PID:9464
- C:\Windows\System\KltYxaJ.exe
  C:\Windows\System\KltYxaJ.exe
  2⤵
  PID:9316
- C:\Windows\System\hxxNCgc.exe
  C:\Windows\System\hxxNCgc.exe
  2⤵
  PID:9488
- C:\Windows\System\HFkkjPZ.exe
  C:\Windows\System\HFkkjPZ.exe
  2⤵
  PID:9516
- C:\Windows\System\QvMFezx.exe
  C:\Windows\System\QvMFezx.exe
  2⤵
  PID:9544
- C:\Windows\System\eqVIrHz.exe
  C:\Windows\System\eqVIrHz.exe
  2⤵
  PID:9556
- C:\Windows\System\AJBxteF.exe
  C:\Windows\System\AJBxteF.exe
  2⤵
  PID:9600
- C:\Windows\System\pNilRip.exe
  C:\Windows\System\pNilRip.exe
  2⤵
  PID:9632
- C:\Windows\System\QZNJKxM.exe
  C:\Windows\System\QZNJKxM.exe
  2⤵
  PID:9668
- C:\Windows\System\hlxQECn.exe
  C:\Windows\System\hlxQECn.exe
  2⤵
  PID:9688
- C:\Windows\System\ZAXwmqr.exe
  C:\Windows\System\ZAXwmqr.exe
  2⤵
  PID:9728
- C:\Windows\System\lPUXOWa.exe
  C:\Windows\System\lPUXOWa.exe
  2⤵
  PID:9772
- C:\Windows\System\KqXSTWL.exe
  C:\Windows\System\KqXSTWL.exe
  2⤵
  PID:9792
- C:\Windows\System\iJdHPuN.exe
  C:\Windows\System\iJdHPuN.exe
  2⤵
  PID:9844
- C:\Windows\System\AcuvzjC.exe
  C:\Windows\System\AcuvzjC.exe
  2⤵
  PID:9868
- C:\Windows\System\YacsXSV.exe
  C:\Windows\System\YacsXSV.exe
  2⤵
  PID:9904
- C:\Windows\System\YXcDUfo.exe
  C:\Windows\System\YXcDUfo.exe
  2⤵
  PID:9948
- C:\Windows\System\bVuVkhN.exe
  C:\Windows\System\bVuVkhN.exe
  2⤵
  PID:9976
- C:\Windows\System\DwzbUBd.exe
  C:\Windows\System\DwzbUBd.exe
  2⤵
  PID:10024
- C:\Windows\System\kUOMtal.exe
  C:\Windows\System\kUOMtal.exe
  2⤵
  PID:10092
- C:\Windows\System\kUupqJV.exe
  C:\Windows\System\kUupqJV.exe
  2⤵
  PID:10136
- C:\Windows\System\OgBCCca.exe
  C:\Windows\System\OgBCCca.exe
  2⤵
  PID:10080
- C:\Windows\System\PGPevzD.exe
  C:\Windows\System\PGPevzD.exe
  2⤵
  PID:10012
- C:\Windows\System\bNsShvT.exe
  C:\Windows\System\bNsShvT.exe
  2⤵
  PID:10168
- C:\Windows\System\UbUbZFj.exe
  C:\Windows\System\UbUbZFj.exe
  2⤵
  PID:10148
- C:\Windows\System\pUIRPqk.exe
  C:\Windows\System\pUIRPqk.exe
  2⤵
  PID:10192
- C:\Windows\System\TPrgtqw.exe
  C:\Windows\System\TPrgtqw.exe
  2⤵
  PID:9300
- C:\Windows\System\yFcMLWY.exe
  C:\Windows\System\yFcMLWY.exe
  2⤵
  PID:8908
- C:\Windows\System\jChWKTJ.exe
  C:\Windows\System\jChWKTJ.exe
  2⤵
  PID:9252
- C:\Windows\System\EPHVIBK.exe
  C:\Windows\System\EPHVIBK.exe
  2⤵
  PID:9448
- C:\Windows\System\oZKskOu.exe
  C:\Windows\System\oZKskOu.exe
  2⤵
  PID:9280
- C:\Windows\System\iOiSUJr.exe
  C:\Windows\System\iOiSUJr.exe
  2⤵
  PID:9432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ATkpUxU.exe

Filesize
6.0MB

MD5
9902fdb3600a8dfcae5bb543bbd81817

SHA1
db83a9f7583bc3eb176d7cec20f3b5df34c893d5

SHA256
57fb832b493e89d1c03e3b7be078c395c4d0794acccd54725c095fb68570380b

SHA512
133bb8b9a30b5ee1e1a607e066b6574c5a6abc72ce3f62cd173aee78f3261a1815f9c6930846b7bfb58ab115b0e33682f09f2360ca0ffe845f1b1e0c64bd5d3f

Download Submit
C:\Windows\system\BiqDJQF.exe

Filesize
6.0MB

MD5
c9d5e66a042ccc9ed5d1d8e6afc5af7e

SHA1
71e2e970847058024cca95cfa81b303c56db1774

SHA256
a7b5fbc6435b7595fc4baad18a13fb984618f23cf6dbb934e7b48e86259b72a3

SHA512
5d5bac4e449030bf6e9f9357d28125a72b0d983869bafa649b0912dd9b47df557af2cc508a9e91feb672ada53ab3dfcdc96902e9b2814a992ec24278a3959e14

Download Submit
C:\Windows\system\CBZzNJn.exe

Filesize
6.0MB

MD5
a21844200b086288dd253cef822374da

SHA1
7897f01fcf425e306885aca42f37f7b215e24192

SHA256
dca8f852c6086fb47221d95e0267c96a0d242c0d7ffb60b9612d1b1e0b343760

SHA512
e049847e7e9e20ecfe3f28cdaa346520874b99eb7129c56088b66d3fa782eb70bb94b1525797ea0b1eaaf14620bfe604302715a230fac3ad72468cae618f6a8e

Download Submit
C:\Windows\system\EWriSDU.exe

Filesize
6.0MB

MD5
97763d3a9152df115c6f4d7a0acb5678

SHA1
06025b49909244bad0bacdc1f527a25958f51d41

SHA256
969cfde4412fc9308059e7225f8dbe7df03fe36071079c66db363d5576653c68

SHA512
cd206fad3da6197d3f7789a321a08fc6151c0983deb0cb7b252d4924abed21b2fbe228c517ca4c172666fe76977f5bfae953b79bcb90491886d03ff165682262

Download Submit
C:\Windows\system\EtOMLMa.exe

Filesize
6.0MB

MD5
95217c995de3807801ff1b2be989d259

SHA1
7b08f1db929621d87ef9e865b71e84fc45d1fc1d

SHA256
5eca864cab6fd73b975ed0d2231dd90f10b35f806b9a73f37b6bd0d7b1cc70b7

SHA512
0e46a0a8faf705dd7239b82be215005096a83d2bf703b95d9a178e148854de8ee615e9bb6724a9d83099031a73d44995b1ca49504ae18e28e54f926620c9e77d

Download Submit
C:\Windows\system\FtIbosz.exe

Filesize
6.0MB

MD5
932ee922a09f06daee87d5fe886fbf1f

SHA1
d78b53c52dd470dc4f389b67e601d098b3eed5d5

SHA256
45fd15708fe152d5483c0f853e243754945e298464a9084f2239f22ae803ac02

SHA512
b4959c13cea8ceba49e8c42ab594f7d30018ac71be734e5400e7aa1e3db20b5c12019f78a0aa380106c77c39d1b9d5ac5f48f186e6323822ee1b9b9c96846964

Download Submit
C:\Windows\system\GkreDKN.exe

Filesize
6.0MB

MD5
61d82f04641506908fac958b64d7d78b

SHA1
02bd697fd27b64ecac702ede09b13f936c6c8106

SHA256
ebcfe702de58e38b4cefbdf6e49c5bf68cb025e8dcf4b8164f09b50b60da3ac1

SHA512
7a1e10a823a94625228ca4fd140ebd30b0a56546d6a5806dfbee4c4d14a65ea47f2db3751f458234ba24e18975db967504492af0b018f3bc6f4668d490a113b3

Download Submit
C:\Windows\system\HZkrwqu.exe

Filesize
6.0MB

MD5
78fbd8ee6325d5049e4aa8cb2f213c3b

SHA1
f4b0de0fa561900e8439074df7dfc697d44de920

SHA256
f3a027c0052cf559b3bc2b2b60b2a3e2d0a7b3a28217c297ff4a772f1b164215

SHA512
1127aee999cf85948ebb7ff446b0adf9507131b08a16d35f1a6d6c53eda80cf2ec1a1ae823aa8a34b0d84a53d295ddab25bb31d18bbae88ad3a0f51fbd9752a7

Download Submit
C:\Windows\system\HgYVsAX.exe

Filesize
6.0MB

MD5
7492eccc884e3fbc9ed8bad671b990a2

SHA1
a712634807e15bcf76528772e790eeb8ae1e3041

SHA256
347cc9c25e4a9afabe41c5052666991867a3a44e2b453e296800772b46e507c2

SHA512
ebf1d3920aae0aedcc61d88c3b74d777604dbd486aedf333de75949015d0b469355a1a165053e65ebddd30dbae961ec218cef550c4ef7e7e65ac4b20ac6608cc

Download Submit
C:\Windows\system\IKZUweI.exe

Filesize
6.0MB

MD5
3358114d92329d41b8e3da9c0d76a6a0

SHA1
367b28cea5059e1cf61942f2e8ee87d5e531db0e

SHA256
3a77e54005f8bbd54ece6fed2506de5ab3e72275f7e6553defd29be7ca1e5875

SHA512
d87e83c2d5f9d78d1716056b4b549882a8b66288d4ef736058fdef33ce989658552ba67f1e71788018eae7643c321a55eee2dcdea089baf53984265fe1944935

Download Submit
C:\Windows\system\JlZElVg.exe

Filesize
6.0MB

MD5
501341003311bac7c5d643981c520177

SHA1
c1a95c361b3a8770cb3af463525428b9803cc69f

SHA256
9ee83387b7ea6d4f70d520af5cb92864ca81b4f94d661bf08e8ee47822b4a186

SHA512
0a3e569e2c661e7d6e0b3eb153e59a7703676da47e1b0d4f99bf2aeff9d0407a9b19a31deb95813aec9f0cd377dab2a280261675c83feea2da92aa68880c4f40

Download Submit
C:\Windows\system\NvLYsQy.exe

Filesize
6.0MB

MD5
04009b9a52f76b8f0cb90597435d1bf5

SHA1
ebe91c67b23fb6a7ca0863f77476c8904d537faa

SHA256
3b68a7cf506beaa46c81f123b6e2ca8fcf416d671540301fd665cceea2b14716

SHA512
60ced1255479f8145ed710a9934f82165579a0297006f09d6b21e775986fc398531d54a28ecb7e67594af7f5ef4b67a8432e624247e40a9e697577b259c9414d

Download Submit
C:\Windows\system\OyCaFLi.exe

Filesize
6.0MB

MD5
0a34362400966604af78cd65c272692a

SHA1
c7e51ab31d1dafbb064db160773ca072dd3e44ab

SHA256
05dadd6c7f86dbcd7de4f478a6d44b19adb62b713c1a4983ec163eeafbdcc4c9

SHA512
2389fc993b41d69adca688ef8e6184a0c56ee2fb99bde80d46013ff12c6eb848eb04aaed6f7034c346def35d9effeb8c3a438871c9b5e404b74064d9f7d3c1b7

Download Submit
C:\Windows\system\UXyVulI.exe

Filesize
6.0MB

MD5
b4af30f03b97307f1f4966ef44e6b3c9

SHA1
2c83503469e83784d89d0e64732ebf6cbba7ea10

SHA256
3593e3f4ab5a40603763a935f1b4a16b1671ea45e455883be3e2f8a45dab8591

SHA512
1b5dae796c252fa70e0a877dcd0b8ea8b5f204641b477f2efc09dff6b93af9644f2c470612e1fc2ed798a0e091d3493aa100633b52e90fd1401e42159ddbe94d

Download Submit
C:\Windows\system\VYLeGDY.exe

Filesize
6.0MB

MD5
16f6532feaf905d640240fd6b628b037

SHA1
3ad4f1799c3c71dd4481bc3070ba4cbdeb04183c

SHA256
64a0e1a3ef66b0b34f7c258a19b7c64e42e59140cad187e9604e941f710814fe

SHA512
4804f6f41662121b3ffa0fd1fff900b00760cd99af1a8543b18be2ac0e27c11465fe70250bb27ef335af6cedccc8354bbd40205fc32f395f96a182a61f7217ad

Download Submit
C:\Windows\system\ZARgvTV.exe

Filesize
6.0MB

MD5
f17ae48c4922f45a91e90059e67466c8

SHA1
51338172b9c93b06888882c6b21279f4c3ee2a92

SHA256
0a31184c5646c214e00fe68b7581d08cfdbf827e51e39bf4a4ff4cdd5f7afc02

SHA512
fdf4e247f1f74613022d202e91570b56f26663ba6c1895d52b90acde1bd8aa672bd6ec8e414d07620eac1fb0451ceef618881c7ef44b796f8ab8b2377f9db97c

Download Submit
C:\Windows\system\dZEGckH.exe

Filesize
6.0MB

MD5
001ae349e0976c765c9ea815539c5f95

SHA1
f72225ccbe36900446138d0f04884ded806223e9

SHA256
71919072641a37e3ca395b6f18911f5350e11a1a64b6cb08a6a427181a53d5d6

SHA512
4600956383276fae3d2a065e26411247bee7c7c9a67b273181b65a5e2af13ea9672a82277dca2e5a8ff2d665232c807d605ce7c02a9212e425095889b4164419

Download Submit
C:\Windows\system\fWdkBvw.exe

Filesize
6.0MB

MD5
f11e3707dc66981d11902cd7defaa4be

SHA1
57ae5dc950da65dcb00d9d94f33e903f1d88d186

SHA256
1f51b65ea38f51e9635dd23991fd185e07a3c1d11a0d634d168b246b586adfbd

SHA512
a15303ea89345030fb2d9690c6beab9a1fd134f9a10315ea233c28b4906b3ee0b5f19071e09796ceb875f1d18e3e18115bfc8a17beff4dc64458f4b7d74025d9

Download Submit
C:\Windows\system\hnzSvIc.exe

Filesize
6.0MB

MD5
f33902b092dd2be9a484d4d3423f6329

SHA1
4951679db6b91eb1be5def7e50d84dae2a032078

SHA256
b9980b74d064bc96f724d2cb27b17fee62ae0df36341bdf597f5c15bf6f93111

SHA512
2b2aea0a86cfc3880ad00e781cd2e98488df90a1d80153d7f3c9bc56332f67d1e1a3313d07a0540f8becfe32993e4d5b6bbe4cde0f03abfc844cb7df966c1b21

Download Submit
C:\Windows\system\iaUteWt.exe

Filesize
6.0MB

MD5
ca231d1f598d1b6aa49e8a59c92eeee2

SHA1
910cf7c7aa9ec6d6dac4ae4a2299791a889a7ec3

SHA256
2a1bbb942cef6905c6f8cb21dedd3269411b904db64fbc560fc40d9d783f733d

SHA512
61d369e390c58b699d3b91e9a7c8d5c916435577ceb613589d2fe658ed9991d469f4798784b4d156a2bff3429fa918febc0f52809c310f04578aa0c36f9b7d98

Download Submit
C:\Windows\system\oWcpOso.exe

Filesize
6.0MB

MD5
100ac044c25f8f479097af43edaaddbc

SHA1
397eba78d53a39e5842806021aaeb9c63ddabfed

SHA256
1feff3d5bae5ebcede8811a8032a7a997fca4f3c9f863cd3ab5a56536704e90e

SHA512
45a93b522d4b1cfe87e06b36061b226c196ac772f78a4ce9faf1dcf10498fe12c834c0e501eb1286ef84c3c63cbfc42ce9e81d102eb5a89c9604223e0ef51053

Download Submit
C:\Windows\system\pIQCKtV.exe

Filesize
6.0MB

MD5
661f9c7bc0a2a63b47e6e0dbbbf4a904

SHA1
3cb0cfc3ccfd8c07ceb6c8b9cfb489e23ea01f02

SHA256
9599bd132afa145003c565f6e96f6c5745ecf0f55cdbba2375d51e4af2e71bb0

SHA512
41fa7c4e2d485e3cebda97261b65446f4ea36a7c564d8f7c2ffef2352885950ffb2dfc6b0bee9f0e3593d25e1d6b7c7c52d851632aa726d60d87e351a843ed61

Download Submit
C:\Windows\system\qEVnrwR.exe

Filesize
6.0MB

MD5
84efefe2d4124e85f8fc681d49b46edf

SHA1
12a4eaf64f5ed23c934927edd868abf782f48e15

SHA256
afd0422dc6ba071796702a8acef1b0718d29820443713154a3056619a9a6b7cc

SHA512
05b2ab21a170a99e4eb33609059fb25af9442c05860c265499e7249059d11bdf2898f34023bd808c60b50dd57e3c0a8049e88da186ded92d180c30d6590edd44

Download Submit
C:\Windows\system\sjSWaOt.exe

Filesize
6.0MB

MD5
3332657a27407f8869ea0de27843a36b

SHA1
9e9bea66629b4d054ccf6e31c59bfaa6a0223925

SHA256
784ffe72f152de39b78d973287a178b0b72d22b71bc30511306c78b4058045fb

SHA512
3015214f96d89ac51d556caeee4914d2a38846820a1dd7d841200b7f4559e0f9848008bfbf3d50b55b572fbfef68feca658c30cbc2ee15163decc2c7f19f1110

Download Submit
C:\Windows\system\vBeuTOy.exe

Filesize
6.0MB

MD5
abd617b27155408f6364cbc80fcdfb20

SHA1
199655500561aa572e8d65051bd187a6fd56ebb9

SHA256
53ca57f2084565d930d5944129bd783a569b8b0c5a09a08132f8266bdd594d82

SHA512
3a1f2d1a47ab821298ddf167d3effb51fc0bf8889944ec0c62e4bb4037560e438114db1d26bfcde1c770340c71b9f2b155c492d58d8716ef0bbc872618972cce

Download Submit
C:\Windows\system\wKHvYSE.exe

Filesize
6.0MB

MD5
7af6dcf5b7c9225fe9b8246f27d3d3a8

SHA1
d5e3bcfb6a742d73fc7e705a3289cec7242805f5

SHA256
a66f4b910245fa13601abc2e64d803f59ed86980f8924fed4ef54eb479be0862

SHA512
3b0813e093d97ac735aaa8308d612cba11bf33b0ae3c2d9ad123cbe64a1225a4e4708ef8e55f656f561d5433823197d5097fae7b3bf318bda1cf3c58b0b65fe7

Download Submit
\Windows\system\EtDpKoI.exe

Filesize
6.0MB

MD5
0b94db87afdb71243916f191d1821569

SHA1
55508025c4ab710eb0cf0d01767800213f675897

SHA256
28fd65e46aa1364226a6e9714ba627e2210567126348b2345b9f960c402e2e82

SHA512
1768be8312eaf017326e64e134b9fde345791f14a0f252684cd88ffcffe5bae380e9dc40dd6cf5d97491c9ea306c9755c4902188508babae1f0edb4ce1080535

Download Submit
\Windows\system\LCOmYqw.exe

Filesize
6.0MB

MD5
f9688c106452509a189022899dcde098

SHA1
8dc5730a8731849dc6b68518e51ab8f117ee1555

SHA256
c173d6a5b59a8f75412bc3040430c88d630522b1c0d81c9b4dd04dfb40f3545e

SHA512
975deadd344f5d99d14c5679661fe8d55da55d92396125d73f97ad57d161f08533394ceb3e2216600aea05f82e99df3bff454a085d53b6f97d44e5798fede115

Download Submit
\Windows\system\qsWZXCY.exe

Filesize
6.0MB

MD5
09ff5f8031631b54e4e74131b3b67844

SHA1
9cbd8d91eb21b0ad32464204fc92a690a9e7334a

SHA256
c018a3c120f465d1795d5a7877d9b54aab8b2b064cea9386618ea074552714d6

SHA512
70d17d744c8f112260f6c327a477427558c7ef6478284d5c33b87453c569aac7063ee7e7523140c1011634b4e13721b0c39fbf433639304453897ec219a4423b

Download Submit
\Windows\system\sZOZExc.exe

Filesize
6.0MB

MD5
31a93ba3389fe035d28c8df87d395c22

SHA1
d7982fabb18382a2c3a02fd8ef0a5975dba0b5a8

SHA256
b821e2ac65306b7656b8aee25b1039c2879d39b30db2cf9bf0d0913a75416958

SHA512
95c279ccef87925b36b3b03b74c35493ebeb8566beadde7782900cf3b8eedf5354a70fd7ae98e3f090c27f4d907dac76e18d58edb841c0c6fcd3d3f187073670

Download Submit
\Windows\system\sdPeDYh.exe

Filesize
6.0MB

MD5
a7e86318b8b61b6a28feb63bc2234e68

SHA1
df3a8d9ecd69b2d65aaf851955dd064705e0afb4

SHA256
343bc692824b05f8a6109fa665e7f0fcf34d28accb50a057632e00b87d602f27

SHA512
53240b22ec949e9c3f8473920e1729ce49b5fd7150c0efe420844907b0639e429444f094b226ad1b38759dfb6d3959f2ff448a86891874ad3275a7152a3ae4f7

Download Submit
\Windows\system\zwrOEfX.exe

Filesize
6.0MB

MD5
5d3c0b4d2e20e961cd8cb8fe3d856c34

SHA1
9166c22b5945f773de10dd2622531ea4c7d9eb07

SHA256
47ef5de5ff91235833bdd83f5402f8d97eccc5a505a3496df94f5209aedcde30

SHA512
c734ee23e25d474bc836946e20b8a1d34cdc8e5694447837c01170859bd87da90eebe28587fb85db89e089f1b1daed8c7d18f50780d445b623d61ca91e93556a

Download Submit
memory/1808-88-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/1808-4018-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/1860-83-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-3953-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-9-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-3919-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-3948-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2612-638-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2612-63-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3941-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2640-54-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3966-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2652-85-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2672-79-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2672-4007-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2736-286-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3902-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-28-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-94-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3982-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2756-24-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3894-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2812-58-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2812-18-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2864-96-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2864-4038-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2888-311-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-4039-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-37-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-514-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-3979-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-4025-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2920-70-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/3020-952-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-95-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-802-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-7-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-635-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-242-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/3020-35-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/3020-1548-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/3020-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/3020-33-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-0-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/3020-43-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-21-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/3020-14-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/3020-71-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-68-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/3020-1007-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-1176-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-76-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-84-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-87-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/3020-241-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-86-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-82-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-1362-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-778-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download