cobaltstrike | 87e10966f7674ba6a812771c4f4ee43995abcf632fffa6942d557fa14cd28fcf

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

540be226060f45b01fff916880802b63
SHA1

6302aaf4bd11308615ff3b4d543ddccb767fc7a1
SHA256

87e10966f7674ba6a812771c4f4ee43995abcf632fffa6942d557fa14cd28fcf
SHA512

30817b9b0ad283eb539ec3c302446ce495fa5f80ee54e4faf4dc0a9cff5989aa13983e22957fdd1e6fbb9333d65f89f5788dfbf7230a0a9e49ab6b133854f11d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUA:T+q56utgpPF8u/7A

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017409-11.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001747b-10.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001748f-17.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174ac-22.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173fb-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-88.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e4-131.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196be-188.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196f6-191.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019639-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967d-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019620-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d8-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019539-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947e-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942f-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-95.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000190d6-68.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-76.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001879b-61.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001752f-30.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000018678-41.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1684-0-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0009000000017409-11.dat	xmrig
behavioral1/files/0x000800000001747b-10.dat	xmrig
behavioral1/files/0x000800000001748f-17.dat	xmrig
behavioral1/files/0x00070000000174ac-22.dat	xmrig
behavioral1/memory/1684-48-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2768-51-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/files/0x00080000000173fb-55.dat	xmrig
behavioral1/memory/2224-70-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019401-88.dat	xmrig
behavioral1/memory/2708-97-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2720-109-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x00050000000195e4-131.dat	xmrig
behavioral1/memory/1684-1320-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2960-1008-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2708-1007-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2224-550-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000196be-188.dat	xmrig
behavioral1/files/0x00050000000196f6-191.dat	xmrig
behavioral1/files/0x0005000000019639-180.dat	xmrig
behavioral1/files/0x0005000000019627-179.dat	xmrig
behavioral1/files/0x0005000000019629-176.dat	xmrig
behavioral1/files/0x000500000001967d-186.dat	xmrig
behavioral1/files/0x0005000000019625-166.dat	xmrig
behavioral1/files/0x0005000000019623-161.dat	xmrig
behavioral1/files/0x0005000000019620-148.dat	xmrig
behavioral1/files/0x000500000001961d-138.dat	xmrig
behavioral1/files/0x0005000000019621-155.dat	xmrig
behavioral1/files/0x000500000001961f-143.dat	xmrig
behavioral1/files/0x00050000000194d8-121.dat	xmrig
behavioral1/files/0x000500000001961b-135.dat	xmrig
behavioral1/files/0x0005000000019539-125.dat	xmrig
behavioral1/files/0x000500000001947e-116.dat	xmrig
behavioral1/files/0x0005000000019441-112.dat	xmrig
behavioral1/memory/1684-110-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x000500000001942f-103.dat	xmrig
behavioral1/memory/2960-98-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x0005000000019403-96.dat	xmrig
behavioral1/files/0x00050000000193df-95.dat	xmrig
behavioral1/memory/1316-93-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2196-87-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/1684-86-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/1684-81-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/files/0x00080000000190d6-68.dat	xmrig
behavioral1/files/0x00050000000193d9-76.dat	xmrig
behavioral1/memory/2624-65-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2720-57-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x000600000001879b-61.dat	xmrig
behavioral1/memory/3040-47-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2756-46-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2264-45-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2896-44-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x000800000001752f-30.dat	xmrig
behavioral1/files/0x000a000000018678-41.dat	xmrig
behavioral1/memory/1312-26-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2916-39-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2720-3824-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2768-3821-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2196-3819-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2896-3826-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2916-3825-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/3040-3823-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2756-3822-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3040	qEnOxYw.exe
1312	pCporgc.exe
2916	JYogxso.exe
2896	udRyOsC.exe
2264	PyeQOUD.exe
2756	hvmrcOk.exe
2768	XCMSOfy.exe
2720	DuHKSaF.exe
2624	gjtMHAF.exe
2224	kqyZVwL.exe
2196	eqqhrPF.exe
1316	jlbtEtf.exe
2708	xAqTEEQ.exe
2960	nCdJoHv.exe
2812	Kheqtxh.exe
3068	STvBAug.exe
1712	ndGHrCq.exe
2948	sOTQwuo.exe
1936	XcHHoxA.exe
840	GeWnyCV.exe
1772	SRllUee.exe
600	oGQdLNe.exe
2440	stxUzWU.exe
1636	wHGnxcF.exe
2052	LtGxQIE.exe
2152	UUCYIKe.exe
2996	UujFOnZ.exe
1156	vrhVoTi.exe
1296	JyqJYRl.exe
1044	FRYYwLK.exe
956	WrVlFqr.exe
1764	fKqpkCn.exe
636	PFrxoQR.exe
1732	PHknbKq.exe
984	mVQpmGQ.exe
1564	XvwkfKC.exe
1780	bexvpxR.exe
2004	xqkJxzp.exe
908	udhaJpD.exe
2444	jptERMK.exe
1260	dyOaAmG.exe
2320	BITCzdm.exe
2032	BcAsoOu.exe
2156	EMpTjxa.exe
2524	szYWaVX.exe
1648	LcKYfGv.exe
2420	DrZYEeX.exe
1164	sbRSOvH.exe
1280	mtrrdeW.exe
1760	mZjQgbf.exe
2544	ZwAVhNu.exe
1804	OxoppWe.exe
1576	ueFoqIT.exe
1608	ezqfMaL.exe
2332	ypgOWcB.exe
2284	CuVDYBO.exe
2760	WTAvwxB.exe
3044	bMmReGP.exe
2876	BaxFDha.exe
2604	JUuOhJb.exe
2668	QvMhmuy.exe
2900	vbArDID.exe
676	sPCAMca.exe
2784	PxTrYUL.exe

Loads dropped DLL 64 IoCs

pid	Process
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1684-0-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0009000000017409-11.dat	upx
behavioral1/files/0x000800000001747b-10.dat	upx
behavioral1/files/0x000800000001748f-17.dat	upx
behavioral1/files/0x00070000000174ac-22.dat	upx
behavioral1/memory/2768-51-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/files/0x00080000000173fb-55.dat	upx
behavioral1/memory/2224-70-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x0005000000019401-88.dat	upx
behavioral1/memory/2708-97-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2720-109-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x00050000000195e4-131.dat	upx
behavioral1/memory/2960-1008-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2708-1007-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2224-550-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x00050000000196be-188.dat	upx
behavioral1/files/0x00050000000196f6-191.dat	upx
behavioral1/files/0x0005000000019639-180.dat	upx
behavioral1/files/0x0005000000019627-179.dat	upx
behavioral1/files/0x0005000000019629-176.dat	upx
behavioral1/files/0x000500000001967d-186.dat	upx
behavioral1/files/0x0005000000019625-166.dat	upx
behavioral1/files/0x0005000000019623-161.dat	upx
behavioral1/files/0x0005000000019620-148.dat	upx
behavioral1/files/0x000500000001961d-138.dat	upx
behavioral1/files/0x0005000000019621-155.dat	upx
behavioral1/files/0x000500000001961f-143.dat	upx
behavioral1/files/0x00050000000194d8-121.dat	upx
behavioral1/files/0x000500000001961b-135.dat	upx
behavioral1/files/0x0005000000019539-125.dat	upx
behavioral1/files/0x000500000001947e-116.dat	upx
behavioral1/files/0x0005000000019441-112.dat	upx
behavioral1/files/0x000500000001942f-103.dat	upx
behavioral1/memory/2960-98-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x0005000000019403-96.dat	upx
behavioral1/files/0x00050000000193df-95.dat	upx
behavioral1/memory/1316-93-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2196-87-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/1684-81-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/files/0x00080000000190d6-68.dat	upx
behavioral1/files/0x00050000000193d9-76.dat	upx
behavioral1/memory/2624-65-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2720-57-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x000600000001879b-61.dat	upx
behavioral1/memory/3040-47-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2756-46-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2264-45-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2896-44-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x000800000001752f-30.dat	upx
behavioral1/files/0x000a000000018678-41.dat	upx
behavioral1/memory/1312-26-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2916-39-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2720-3824-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2768-3821-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2196-3819-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2896-3826-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2916-3825-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/3040-3823-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2756-3822-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2624-3820-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2224-3882-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2708-3878-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2960-3938-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dapSmkH.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vrhVoTi.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sIHclNQ.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\slmGkfk.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jVfEcTA.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\awyzMWQ.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bUSkocK.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OTUTTkL.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UfZmjAi.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MCdhbiy.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MfHxDbM.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QaYHIhD.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MaBjuHq.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\csEnEtw.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VQSILyN.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xmWkSwQ.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WyvocOM.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LuCsCCC.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mTWisGD.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QNmYlPa.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DuHKSaF.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fbnRdxD.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\djijySA.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DOdlIuO.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EaWSYQX.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxWXcvc.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDbDasN.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PkmrglV.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uNhOtAv.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzJxfaq.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkubMyS.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YInmuZb.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TJgQtiY.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezqfMaL.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\udDGRhj.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oXQEtnG.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sjBIkRz.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UddUrQn.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LnNxyba.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VuPWWJu.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OiFkwxb.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MUocPAc.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OaPhpZR.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fkdUqUT.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OQaYPZs.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yICZEap.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ClColXH.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MZrmiqW.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hdOUmtJ.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yJyIvNg.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gYKgxau.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTdHtTb.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UPaNyOs.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\udRyOsC.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HQrjsXJ.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ufCnnPC.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nEFfGsH.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OkLOEZA.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxGfkCB.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HPmAonB.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkhKZxZ.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QzmjwOX.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kMnsruo.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvpaYPQ.exe	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 3040	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1684 wrote to memory of 3040	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1684 wrote to memory of 3040	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1684 wrote to memory of 1312	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1684 wrote to memory of 1312	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1684 wrote to memory of 1312	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1684 wrote to memory of 2916	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1684 wrote to memory of 2916	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1684 wrote to memory of 2916	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1684 wrote to memory of 2264	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1684 wrote to memory of 2264	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1684 wrote to memory of 2264	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1684 wrote to memory of 2896	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1684 wrote to memory of 2896	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1684 wrote to memory of 2896	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1684 wrote to memory of 2756	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1684 wrote to memory of 2756	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1684 wrote to memory of 2756	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1684 wrote to memory of 2768	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1684 wrote to memory of 2768	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1684 wrote to memory of 2768	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1684 wrote to memory of 2720	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1684 wrote to memory of 2720	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1684 wrote to memory of 2720	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1684 wrote to memory of 2624	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1684 wrote to memory of 2624	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1684 wrote to memory of 2624	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1684 wrote to memory of 2224	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1684 wrote to memory of 2224	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1684 wrote to memory of 2224	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1684 wrote to memory of 2196	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1684 wrote to memory of 2196	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1684 wrote to memory of 2196	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1684 wrote to memory of 2708	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1684 wrote to memory of 2708	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1684 wrote to memory of 2708	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1684 wrote to memory of 1316	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1684 wrote to memory of 1316	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1684 wrote to memory of 1316	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1684 wrote to memory of 2960	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1684 wrote to memory of 2960	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1684 wrote to memory of 2960	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1684 wrote to memory of 2812	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1684 wrote to memory of 2812	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1684 wrote to memory of 2812	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1684 wrote to memory of 3068	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1684 wrote to memory of 3068	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1684 wrote to memory of 3068	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1684 wrote to memory of 1712	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1684 wrote to memory of 1712	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1684 wrote to memory of 1712	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1684 wrote to memory of 2948	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1684 wrote to memory of 2948	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1684 wrote to memory of 2948	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1684 wrote to memory of 1936	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1684 wrote to memory of 1936	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1684 wrote to memory of 1936	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1684 wrote to memory of 840	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1684 wrote to memory of 840	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1684 wrote to memory of 840	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1684 wrote to memory of 1772	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1684 wrote to memory of 1772	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1684 wrote to memory of 1772	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1684 wrote to memory of 2440	1684	2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_540be226060f45b01fff916880802b63_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\System\qEnOxYw.exe
  C:\Windows\System\qEnOxYw.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\pCporgc.exe
  C:\Windows\System\pCporgc.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\JYogxso.exe
  C:\Windows\System\JYogxso.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\PyeQOUD.exe
  C:\Windows\System\PyeQOUD.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\udRyOsC.exe
  C:\Windows\System\udRyOsC.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\hvmrcOk.exe
  C:\Windows\System\hvmrcOk.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\XCMSOfy.exe
  C:\Windows\System\XCMSOfy.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\DuHKSaF.exe
  C:\Windows\System\DuHKSaF.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\gjtMHAF.exe
  C:\Windows\System\gjtMHAF.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\kqyZVwL.exe
  C:\Windows\System\kqyZVwL.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\eqqhrPF.exe
  C:\Windows\System\eqqhrPF.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\xAqTEEQ.exe
  C:\Windows\System\xAqTEEQ.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\jlbtEtf.exe
  C:\Windows\System\jlbtEtf.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\nCdJoHv.exe
  C:\Windows\System\nCdJoHv.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\Kheqtxh.exe
  C:\Windows\System\Kheqtxh.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\STvBAug.exe
  C:\Windows\System\STvBAug.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\ndGHrCq.exe
  C:\Windows\System\ndGHrCq.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\sOTQwuo.exe
  C:\Windows\System\sOTQwuo.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\XcHHoxA.exe
  C:\Windows\System\XcHHoxA.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\GeWnyCV.exe
  C:\Windows\System\GeWnyCV.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\SRllUee.exe
  C:\Windows\System\SRllUee.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\stxUzWU.exe
  C:\Windows\System\stxUzWU.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\oGQdLNe.exe
  C:\Windows\System\oGQdLNe.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\LtGxQIE.exe
  C:\Windows\System\LtGxQIE.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\wHGnxcF.exe
  C:\Windows\System\wHGnxcF.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\UUCYIKe.exe
  C:\Windows\System\UUCYIKe.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\UujFOnZ.exe
  C:\Windows\System\UujFOnZ.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\JyqJYRl.exe
  C:\Windows\System\JyqJYRl.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\vrhVoTi.exe
  C:\Windows\System\vrhVoTi.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\FRYYwLK.exe
  C:\Windows\System\FRYYwLK.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\WrVlFqr.exe
  C:\Windows\System\WrVlFqr.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\mVQpmGQ.exe
  C:\Windows\System\mVQpmGQ.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\fKqpkCn.exe
  C:\Windows\System\fKqpkCn.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\XvwkfKC.exe
  C:\Windows\System\XvwkfKC.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\PFrxoQR.exe
  C:\Windows\System\PFrxoQR.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\bexvpxR.exe
  C:\Windows\System\bexvpxR.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\PHknbKq.exe
  C:\Windows\System\PHknbKq.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\xqkJxzp.exe
  C:\Windows\System\xqkJxzp.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\udhaJpD.exe
  C:\Windows\System\udhaJpD.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\jptERMK.exe
  C:\Windows\System\jptERMK.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\dyOaAmG.exe
  C:\Windows\System\dyOaAmG.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\BITCzdm.exe
  C:\Windows\System\BITCzdm.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\BcAsoOu.exe
  C:\Windows\System\BcAsoOu.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\EMpTjxa.exe
  C:\Windows\System\EMpTjxa.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\szYWaVX.exe
  C:\Windows\System\szYWaVX.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\LcKYfGv.exe
  C:\Windows\System\LcKYfGv.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\DrZYEeX.exe
  C:\Windows\System\DrZYEeX.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\sbRSOvH.exe
  C:\Windows\System\sbRSOvH.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\mtrrdeW.exe
  C:\Windows\System\mtrrdeW.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\mZjQgbf.exe
  C:\Windows\System\mZjQgbf.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\ZwAVhNu.exe
  C:\Windows\System\ZwAVhNu.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\OxoppWe.exe
  C:\Windows\System\OxoppWe.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\ueFoqIT.exe
  C:\Windows\System\ueFoqIT.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\ezqfMaL.exe
  C:\Windows\System\ezqfMaL.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\ypgOWcB.exe
  C:\Windows\System\ypgOWcB.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\CuVDYBO.exe
  C:\Windows\System\CuVDYBO.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\WTAvwxB.exe
  C:\Windows\System\WTAvwxB.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\bMmReGP.exe
  C:\Windows\System\bMmReGP.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\BaxFDha.exe
  C:\Windows\System\BaxFDha.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\JUuOhJb.exe
  C:\Windows\System\JUuOhJb.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\QvMhmuy.exe
  C:\Windows\System\QvMhmuy.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\vbArDID.exe
  C:\Windows\System\vbArDID.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\sPCAMca.exe
  C:\Windows\System\sPCAMca.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\PxTrYUL.exe
  C:\Windows\System\PxTrYUL.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\hdOUmtJ.exe
  C:\Windows\System\hdOUmtJ.exe
  2⤵
  PID:2804
- C:\Windows\System\ROyZouL.exe
  C:\Windows\System\ROyZouL.exe
  2⤵
  PID:1332
- C:\Windows\System\xwpXmLM.exe
  C:\Windows\System\xwpXmLM.exe
  2⤵
  PID:1744
- C:\Windows\System\lzuWaXH.exe
  C:\Windows\System\lzuWaXH.exe
  2⤵
  PID:2272
- C:\Windows\System\bRmhuQX.exe
  C:\Windows\System\bRmhuQX.exe
  2⤵
  PID:568
- C:\Windows\System\GDVfCGH.exe
  C:\Windows\System\GDVfCGH.exe
  2⤵
  PID:1064
- C:\Windows\System\VTrqDTD.exe
  C:\Windows\System\VTrqDTD.exe
  2⤵
  PID:2108
- C:\Windows\System\wMJpMKU.exe
  C:\Windows\System\wMJpMKU.exe
  2⤵
  PID:2700
- C:\Windows\System\gyLpWHs.exe
  C:\Windows\System\gyLpWHs.exe
  2⤵
  PID:920
- C:\Windows\System\GIJEhJg.exe
  C:\Windows\System\GIJEhJg.exe
  2⤵
  PID:1244
- C:\Windows\System\TpAHylB.exe
  C:\Windows\System\TpAHylB.exe
  2⤵
  PID:1788
- C:\Windows\System\wgoVlSC.exe
  C:\Windows\System\wgoVlSC.exe
  2⤵
  PID:1884
- C:\Windows\System\ZjweOjZ.exe
  C:\Windows\System\ZjweOjZ.exe
  2⤵
  PID:2588
- C:\Windows\System\xTGQjIL.exe
  C:\Windows\System\xTGQjIL.exe
  2⤵
  PID:1784
- C:\Windows\System\LvLDmJe.exe
  C:\Windows\System\LvLDmJe.exe
  2⤵
  PID:584
- C:\Windows\System\HuIFHQS.exe
  C:\Windows\System\HuIFHQS.exe
  2⤵
  PID:2956
- C:\Windows\System\ovTlwCs.exe
  C:\Windows\System\ovTlwCs.exe
  2⤵
  PID:1964
- C:\Windows\System\BEAmskn.exe
  C:\Windows\System\BEAmskn.exe
  2⤵
  PID:988
- C:\Windows\System\RICGGBF.exe
  C:\Windows\System\RICGGBF.exe
  2⤵
  PID:1336
- C:\Windows\System\BTCsBVd.exe
  C:\Windows\System\BTCsBVd.exe
  2⤵
  PID:1952
- C:\Windows\System\WmGFWYO.exe
  C:\Windows\System\WmGFWYO.exe
  2⤵
  PID:1344
- C:\Windows\System\grmhSVs.exe
  C:\Windows\System\grmhSVs.exe
  2⤵
  PID:884
- C:\Windows\System\RarLqBc.exe
  C:\Windows\System\RarLqBc.exe
  2⤵
  PID:1708
- C:\Windows\System\oJNyBzC.exe
  C:\Windows\System\oJNyBzC.exe
  2⤵
  PID:868
- C:\Windows\System\XUPGhrx.exe
  C:\Windows\System\XUPGhrx.exe
  2⤵
  PID:3024
- C:\Windows\System\EhSBBin.exe
  C:\Windows\System\EhSBBin.exe
  2⤵
  PID:2724
- C:\Windows\System\SULeaFW.exe
  C:\Windows\System\SULeaFW.exe
  2⤵
  PID:2348
- C:\Windows\System\HtQFDiJ.exe
  C:\Windows\System\HtQFDiJ.exe
  2⤵
  PID:2680
- C:\Windows\System\BjMjgtS.exe
  C:\Windows\System\BjMjgtS.exe
  2⤵
  PID:1632
- C:\Windows\System\uZwBcUw.exe
  C:\Windows\System\uZwBcUw.exe
  2⤵
  PID:1092
- C:\Windows\System\gHAkOgp.exe
  C:\Windows\System\gHAkOgp.exe
  2⤵
  PID:2944
- C:\Windows\System\SaSKfyg.exe
  C:\Windows\System\SaSKfyg.exe
  2⤵
  PID:2120
- C:\Windows\System\gkvKXyH.exe
  C:\Windows\System\gkvKXyH.exe
  2⤵
  PID:2068
- C:\Windows\System\nCnaoFe.exe
  C:\Windows\System\nCnaoFe.exe
  2⤵
  PID:1808
- C:\Windows\System\KcbWtnx.exe
  C:\Windows\System\KcbWtnx.exe
  2⤵
  PID:1868
- C:\Windows\System\cBMlTuZ.exe
  C:\Windows\System\cBMlTuZ.exe
  2⤵
  PID:3004
- C:\Windows\System\pTLyFXG.exe
  C:\Windows\System\pTLyFXG.exe
  2⤵
  PID:2184
- C:\Windows\System\xAOqiWQ.exe
  C:\Windows\System\xAOqiWQ.exe
  2⤵
  PID:2088
- C:\Windows\System\UGdpTdi.exe
  C:\Windows\System\UGdpTdi.exe
  2⤵
  PID:2252
- C:\Windows\System\HmScHAW.exe
  C:\Windows\System\HmScHAW.exe
  2⤵
  PID:2392
- C:\Windows\System\xIhFMeK.exe
  C:\Windows\System\xIhFMeK.exe
  2⤵
  PID:2076
- C:\Windows\System\NDbDasN.exe
  C:\Windows\System\NDbDasN.exe
  2⤵
  PID:1960
- C:\Windows\System\rQwGSWV.exe
  C:\Windows\System\rQwGSWV.exe
  2⤵
  PID:1056
- C:\Windows\System\LsULhEG.exe
  C:\Windows\System\LsULhEG.exe
  2⤵
  PID:2064
- C:\Windows\System\JoBMYnx.exe
  C:\Windows\System\JoBMYnx.exe
  2⤵
  PID:3032
- C:\Windows\System\FYYtDMM.exe
  C:\Windows\System\FYYtDMM.exe
  2⤵
  PID:2864
- C:\Windows\System\paoFoof.exe
  C:\Windows\System\paoFoof.exe
  2⤵
  PID:2640
- C:\Windows\System\mjACSPs.exe
  C:\Windows\System\mjACSPs.exe
  2⤵
  PID:1488
- C:\Windows\System\udDGRhj.exe
  C:\Windows\System\udDGRhj.exe
  2⤵
  PID:3084
- C:\Windows\System\OOHrEcv.exe
  C:\Windows\System\OOHrEcv.exe
  2⤵
  PID:3104
- C:\Windows\System\XYXKPFw.exe
  C:\Windows\System\XYXKPFw.exe
  2⤵
  PID:3124
- C:\Windows\System\zMrxujV.exe
  C:\Windows\System\zMrxujV.exe
  2⤵
  PID:3144
- C:\Windows\System\zsrXxvh.exe
  C:\Windows\System\zsrXxvh.exe
  2⤵
  PID:3164
- C:\Windows\System\AeWqZnO.exe
  C:\Windows\System\AeWqZnO.exe
  2⤵
  PID:3184
- C:\Windows\System\KiAeOMx.exe
  C:\Windows\System\KiAeOMx.exe
  2⤵
  PID:3204
- C:\Windows\System\jNUNIoB.exe
  C:\Windows\System\jNUNIoB.exe
  2⤵
  PID:3224
- C:\Windows\System\FoqMJds.exe
  C:\Windows\System\FoqMJds.exe
  2⤵
  PID:3244
- C:\Windows\System\AiQBUkD.exe
  C:\Windows\System\AiQBUkD.exe
  2⤵
  PID:3264
- C:\Windows\System\lZahVhu.exe
  C:\Windows\System\lZahVhu.exe
  2⤵
  PID:3284
- C:\Windows\System\fPIpNbk.exe
  C:\Windows\System\fPIpNbk.exe
  2⤵
  PID:3304
- C:\Windows\System\RvGdybL.exe
  C:\Windows\System\RvGdybL.exe
  2⤵
  PID:3324
- C:\Windows\System\QaYHIhD.exe
  C:\Windows\System\QaYHIhD.exe
  2⤵
  PID:3344
- C:\Windows\System\NknPMZL.exe
  C:\Windows\System\NknPMZL.exe
  2⤵
  PID:3364
- C:\Windows\System\ArCwbBC.exe
  C:\Windows\System\ArCwbBC.exe
  2⤵
  PID:3384
- C:\Windows\System\thmKQst.exe
  C:\Windows\System\thmKQst.exe
  2⤵
  PID:3404
- C:\Windows\System\cjJshhw.exe
  C:\Windows\System\cjJshhw.exe
  2⤵
  PID:3424
- C:\Windows\System\rBlenZI.exe
  C:\Windows\System\rBlenZI.exe
  2⤵
  PID:3444
- C:\Windows\System\QQvUUbj.exe
  C:\Windows\System\QQvUUbj.exe
  2⤵
  PID:3464
- C:\Windows\System\eaqyxHu.exe
  C:\Windows\System\eaqyxHu.exe
  2⤵
  PID:3484
- C:\Windows\System\QHRdWAB.exe
  C:\Windows\System\QHRdWAB.exe
  2⤵
  PID:3504
- C:\Windows\System\TVMuqkz.exe
  C:\Windows\System\TVMuqkz.exe
  2⤵
  PID:3524
- C:\Windows\System\szuHCOs.exe
  C:\Windows\System\szuHCOs.exe
  2⤵
  PID:3544
- C:\Windows\System\kXOWGIe.exe
  C:\Windows\System\kXOWGIe.exe
  2⤵
  PID:3564
- C:\Windows\System\PPKBpmu.exe
  C:\Windows\System\PPKBpmu.exe
  2⤵
  PID:3584
- C:\Windows\System\yaCZPEH.exe
  C:\Windows\System\yaCZPEH.exe
  2⤵
  PID:3604
- C:\Windows\System\XUcwEVE.exe
  C:\Windows\System\XUcwEVE.exe
  2⤵
  PID:3624
- C:\Windows\System\sjRqXlP.exe
  C:\Windows\System\sjRqXlP.exe
  2⤵
  PID:3644
- C:\Windows\System\yggfwja.exe
  C:\Windows\System\yggfwja.exe
  2⤵
  PID:3664
- C:\Windows\System\vksZNbm.exe
  C:\Windows\System\vksZNbm.exe
  2⤵
  PID:3684
- C:\Windows\System\SvRodRN.exe
  C:\Windows\System\SvRodRN.exe
  2⤵
  PID:3704
- C:\Windows\System\uZWgbDw.exe
  C:\Windows\System\uZWgbDw.exe
  2⤵
  PID:3724
- C:\Windows\System\gQwTUVT.exe
  C:\Windows\System\gQwTUVT.exe
  2⤵
  PID:3744
- C:\Windows\System\Ruxwkpj.exe
  C:\Windows\System\Ruxwkpj.exe
  2⤵
  PID:3764
- C:\Windows\System\wUElpJL.exe
  C:\Windows\System\wUElpJL.exe
  2⤵
  PID:3784
- C:\Windows\System\VtWfoND.exe
  C:\Windows\System\VtWfoND.exe
  2⤵
  PID:3800
- C:\Windows\System\kpJICRK.exe
  C:\Windows\System\kpJICRK.exe
  2⤵
  PID:3824
- C:\Windows\System\WznyuSi.exe
  C:\Windows\System\WznyuSi.exe
  2⤵
  PID:3844
- C:\Windows\System\QHrZuui.exe
  C:\Windows\System\QHrZuui.exe
  2⤵
  PID:3868
- C:\Windows\System\jIVSszF.exe
  C:\Windows\System\jIVSszF.exe
  2⤵
  PID:3888
- C:\Windows\System\moZZVDt.exe
  C:\Windows\System\moZZVDt.exe
  2⤵
  PID:3908
- C:\Windows\System\XJHWWEE.exe
  C:\Windows\System\XJHWWEE.exe
  2⤵
  PID:3928
- C:\Windows\System\OkLOEZA.exe
  C:\Windows\System\OkLOEZA.exe
  2⤵
  PID:3948
- C:\Windows\System\ldaNZKM.exe
  C:\Windows\System\ldaNZKM.exe
  2⤵
  PID:3968
- C:\Windows\System\ukNDiGF.exe
  C:\Windows\System\ukNDiGF.exe
  2⤵
  PID:3988
- C:\Windows\System\amoPmYy.exe
  C:\Windows\System\amoPmYy.exe
  2⤵
  PID:4008
- C:\Windows\System\tkytcFu.exe
  C:\Windows\System\tkytcFu.exe
  2⤵
  PID:4028
- C:\Windows\System\iCCBFsO.exe
  C:\Windows\System\iCCBFsO.exe
  2⤵
  PID:4048
- C:\Windows\System\YOyPZrU.exe
  C:\Windows\System\YOyPZrU.exe
  2⤵
  PID:4068
- C:\Windows\System\HUvSjpu.exe
  C:\Windows\System\HUvSjpu.exe
  2⤵
  PID:4084
- C:\Windows\System\VDMnEdE.exe
  C:\Windows\System\VDMnEdE.exe
  2⤵
  PID:2952
- C:\Windows\System\KBFWDdf.exe
  C:\Windows\System\KBFWDdf.exe
  2⤵
  PID:1200
- C:\Windows\System\dyZrFjB.exe
  C:\Windows\System\dyZrFjB.exe
  2⤵
  PID:892
- C:\Windows\System\ibvvfsv.exe
  C:\Windows\System\ibvvfsv.exe
  2⤵
  PID:2000
- C:\Windows\System\WAXUBEf.exe
  C:\Windows\System\WAXUBEf.exe
  2⤵
  PID:1088
- C:\Windows\System\NBdBxwy.exe
  C:\Windows\System\NBdBxwy.exe
  2⤵
  PID:2480
- C:\Windows\System\CXaEMqe.exe
  C:\Windows\System\CXaEMqe.exe
  2⤵
  PID:2192
- C:\Windows\System\PRDbUqN.exe
  C:\Windows\System\PRDbUqN.exe
  2⤵
  PID:1768
- C:\Windows\System\foksSME.exe
  C:\Windows\System\foksSME.exe
  2⤵
  PID:824
- C:\Windows\System\rrhVFFg.exe
  C:\Windows\System\rrhVFFg.exe
  2⤵
  PID:1272
- C:\Windows\System\SpWXRAx.exe
  C:\Windows\System\SpWXRAx.exe
  2⤵
  PID:2144
- C:\Windows\System\wlcfqpX.exe
  C:\Windows\System\wlcfqpX.exe
  2⤵
  PID:3100
- C:\Windows\System\iVDQLqO.exe
  C:\Windows\System\iVDQLqO.exe
  2⤵
  PID:3140
- C:\Windows\System\xdIprhT.exe
  C:\Windows\System\xdIprhT.exe
  2⤵
  PID:3160
- C:\Windows\System\kBbGAxn.exe
  C:\Windows\System\kBbGAxn.exe
  2⤵
  PID:3212
- C:\Windows\System\ewFxaYm.exe
  C:\Windows\System\ewFxaYm.exe
  2⤵
  PID:3196
- C:\Windows\System\QnHLlzL.exe
  C:\Windows\System\QnHLlzL.exe
  2⤵
  PID:3256
- C:\Windows\System\HYVFFSw.exe
  C:\Windows\System\HYVFFSw.exe
  2⤵
  PID:3300
- C:\Windows\System\WyvocOM.exe
  C:\Windows\System\WyvocOM.exe
  2⤵
  PID:3316
- C:\Windows\System\niQzvOY.exe
  C:\Windows\System\niQzvOY.exe
  2⤵
  PID:3376
- C:\Windows\System\iyBKxSd.exe
  C:\Windows\System\iyBKxSd.exe
  2⤵
  PID:3392
- C:\Windows\System\AdReMmJ.exe
  C:\Windows\System\AdReMmJ.exe
  2⤵
  PID:3416
- C:\Windows\System\bWFMPWg.exe
  C:\Windows\System\bWFMPWg.exe
  2⤵
  PID:3436
- C:\Windows\System\eaTVTFS.exe
  C:\Windows\System\eaTVTFS.exe
  2⤵
  PID:3472
- C:\Windows\System\CyswDyB.exe
  C:\Windows\System\CyswDyB.exe
  2⤵
  PID:3540
- C:\Windows\System\kgDbjwF.exe
  C:\Windows\System\kgDbjwF.exe
  2⤵
  PID:3556
- C:\Windows\System\tWqzfcR.exe
  C:\Windows\System\tWqzfcR.exe
  2⤵
  PID:3600
- C:\Windows\System\JIiqbUA.exe
  C:\Windows\System\JIiqbUA.exe
  2⤵
  PID:3660
- C:\Windows\System\MaBjuHq.exe
  C:\Windows\System\MaBjuHq.exe
  2⤵
  PID:3636
- C:\Windows\System\sIHclNQ.exe
  C:\Windows\System\sIHclNQ.exe
  2⤵
  PID:3700
- C:\Windows\System\xiruujO.exe
  C:\Windows\System\xiruujO.exe
  2⤵
  PID:3716
- C:\Windows\System\SAAjYXW.exe
  C:\Windows\System\SAAjYXW.exe
  2⤵
  PID:3772
- C:\Windows\System\fESGcMC.exe
  C:\Windows\System\fESGcMC.exe
  2⤵
  PID:3808
- C:\Windows\System\vJOCpmF.exe
  C:\Windows\System\vJOCpmF.exe
  2⤵
  PID:3792
- C:\Windows\System\miGiYkW.exe
  C:\Windows\System\miGiYkW.exe
  2⤵
  PID:3856
- C:\Windows\System\wyCYXjS.exe
  C:\Windows\System\wyCYXjS.exe
  2⤵
  PID:3904
- C:\Windows\System\lcaXAhy.exe
  C:\Windows\System\lcaXAhy.exe
  2⤵
  PID:3944
- C:\Windows\System\wlWIFPv.exe
  C:\Windows\System\wlWIFPv.exe
  2⤵
  PID:3920
- C:\Windows\System\KYXsqmR.exe
  C:\Windows\System\KYXsqmR.exe
  2⤵
  PID:3956
- C:\Windows\System\XdHBHWd.exe
  C:\Windows\System\XdHBHWd.exe
  2⤵
  PID:4016
- C:\Windows\System\igdzSyk.exe
  C:\Windows\System\igdzSyk.exe
  2⤵
  PID:4020
- C:\Windows\System\ioJotLD.exe
  C:\Windows\System\ioJotLD.exe
  2⤵
  PID:4060
- C:\Windows\System\ogLbbbV.exe
  C:\Windows\System\ogLbbbV.exe
  2⤵
  PID:2932
- C:\Windows\System\sEjTGiR.exe
  C:\Windows\System\sEjTGiR.exe
  2⤵
  PID:4076
- C:\Windows\System\DelFouh.exe
  C:\Windows\System\DelFouh.exe
  2⤵
  PID:2116
- C:\Windows\System\HLhUAyY.exe
  C:\Windows\System\HLhUAyY.exe
  2⤵
  PID:480
- C:\Windows\System\ihEfIWk.exe
  C:\Windows\System\ihEfIWk.exe
  2⤵
  PID:836
- C:\Windows\System\kSXRDwW.exe
  C:\Windows\System\kSXRDwW.exe
  2⤵
  PID:1100
- C:\Windows\System\zgiLDno.exe
  C:\Windows\System\zgiLDno.exe
  2⤵
  PID:1956
- C:\Windows\System\eFRkCKl.exe
  C:\Windows\System\eFRkCKl.exe
  2⤵
  PID:2436
- C:\Windows\System\gSovlHU.exe
  C:\Windows\System\gSovlHU.exe
  2⤵
  PID:1596
- C:\Windows\System\XGEFFwz.exe
  C:\Windows\System\XGEFFwz.exe
  2⤵
  PID:3112
- C:\Windows\System\mOgLLkW.exe
  C:\Windows\System\mOgLLkW.exe
  2⤵
  PID:3180
- C:\Windows\System\WJZSYpQ.exe
  C:\Windows\System\WJZSYpQ.exe
  2⤵
  PID:3252
- C:\Windows\System\vEkjSPQ.exe
  C:\Windows\System\vEkjSPQ.exe
  2⤵
  PID:3360
- C:\Windows\System\yfpZTtz.exe
  C:\Windows\System\yfpZTtz.exe
  2⤵
  PID:3192
- C:\Windows\System\EunHPay.exe
  C:\Windows\System\EunHPay.exe
  2⤵
  PID:3420
- C:\Windows\System\UlfxROH.exe
  C:\Windows\System\UlfxROH.exe
  2⤵
  PID:3412
- C:\Windows\System\vnAxPuh.exe
  C:\Windows\System\vnAxPuh.exe
  2⤵
  PID:3632
- C:\Windows\System\RQtOUte.exe
  C:\Windows\System\RQtOUte.exe
  2⤵
  PID:3780
- C:\Windows\System\VQiYIgc.exe
  C:\Windows\System\VQiYIgc.exe
  2⤵
  PID:3936
- C:\Windows\System\cAKsRTt.exe
  C:\Windows\System\cAKsRTt.exe
  2⤵
  PID:3532
- C:\Windows\System\IUYiWka.exe
  C:\Windows\System\IUYiWka.exe
  2⤵
  PID:4040
- C:\Windows\System\iWVYsrh.exe
  C:\Windows\System\iWVYsrh.exe
  2⤵
  PID:3560
- C:\Windows\System\qpJOnNz.exe
  C:\Windows\System\qpJOnNz.exe
  2⤵
  PID:3616
- C:\Windows\System\IJGGhhp.exe
  C:\Windows\System\IJGGhhp.exe
  2⤵
  PID:3120
- C:\Windows\System\FTwSCNW.exe
  C:\Windows\System\FTwSCNW.exe
  2⤵
  PID:3236
- C:\Windows\System\HUZLmzA.exe
  C:\Windows\System\HUZLmzA.exe
  2⤵
  PID:3336
- C:\Windows\System\SobxDDl.exe
  C:\Windows\System\SobxDDl.exe
  2⤵
  PID:3536
- C:\Windows\System\iihRVPA.exe
  C:\Windows\System\iihRVPA.exe
  2⤵
  PID:3492
- C:\Windows\System\iAQvnIT.exe
  C:\Windows\System\iAQvnIT.exe
  2⤵
  PID:4112
- C:\Windows\System\eBdPWCX.exe
  C:\Windows\System\eBdPWCX.exe
  2⤵
  PID:4128
- C:\Windows\System\mjFmMuK.exe
  C:\Windows\System\mjFmMuK.exe
  2⤵
  PID:4152
- C:\Windows\System\QnNoTaQ.exe
  C:\Windows\System\QnNoTaQ.exe
  2⤵
  PID:4172
- C:\Windows\System\YdiNBxh.exe
  C:\Windows\System\YdiNBxh.exe
  2⤵
  PID:4196
- C:\Windows\System\nzxinKy.exe
  C:\Windows\System\nzxinKy.exe
  2⤵
  PID:4256
- C:\Windows\System\AssFExA.exe
  C:\Windows\System\AssFExA.exe
  2⤵
  PID:4276
- C:\Windows\System\hcalzez.exe
  C:\Windows\System\hcalzez.exe
  2⤵
  PID:4296
- C:\Windows\System\JxGfkCB.exe
  C:\Windows\System\JxGfkCB.exe
  2⤵
  PID:4312
- C:\Windows\System\PLvTALS.exe
  C:\Windows\System\PLvTALS.exe
  2⤵
  PID:4328
- C:\Windows\System\dpUdfzA.exe
  C:\Windows\System\dpUdfzA.exe
  2⤵
  PID:4344
- C:\Windows\System\hxuBRxJ.exe
  C:\Windows\System\hxuBRxJ.exe
  2⤵
  PID:4360
- C:\Windows\System\kNpEWnu.exe
  C:\Windows\System\kNpEWnu.exe
  2⤵
  PID:4376
- C:\Windows\System\URqUThb.exe
  C:\Windows\System\URqUThb.exe
  2⤵
  PID:4392
- C:\Windows\System\jAeJnUi.exe
  C:\Windows\System\jAeJnUi.exe
  2⤵
  PID:4416
- C:\Windows\System\kVxNqBN.exe
  C:\Windows\System\kVxNqBN.exe
  2⤵
  PID:4440
- C:\Windows\System\VPxyxQC.exe
  C:\Windows\System\VPxyxQC.exe
  2⤵
  PID:4460
- C:\Windows\System\eNkbVpA.exe
  C:\Windows\System\eNkbVpA.exe
  2⤵
  PID:4492
- C:\Windows\System\MUocPAc.exe
  C:\Windows\System\MUocPAc.exe
  2⤵
  PID:4508
- C:\Windows\System\JycBIIt.exe
  C:\Windows\System\JycBIIt.exe
  2⤵
  PID:4528
- C:\Windows\System\ShhLtBP.exe
  C:\Windows\System\ShhLtBP.exe
  2⤵
  PID:4548
- C:\Windows\System\qlhGksH.exe
  C:\Windows\System\qlhGksH.exe
  2⤵
  PID:4576
- C:\Windows\System\hfOUYPH.exe
  C:\Windows\System\hfOUYPH.exe
  2⤵
  PID:4592
- C:\Windows\System\EkivAXq.exe
  C:\Windows\System\EkivAXq.exe
  2⤵
  PID:4616
- C:\Windows\System\MjlHoox.exe
  C:\Windows\System\MjlHoox.exe
  2⤵
  PID:4632
- C:\Windows\System\ktzmixN.exe
  C:\Windows\System\ktzmixN.exe
  2⤵
  PID:4652
- C:\Windows\System\esVJKAz.exe
  C:\Windows\System\esVJKAz.exe
  2⤵
  PID:4676
- C:\Windows\System\DOkhlRy.exe
  C:\Windows\System\DOkhlRy.exe
  2⤵
  PID:4692
- C:\Windows\System\JZsNYxC.exe
  C:\Windows\System\JZsNYxC.exe
  2⤵
  PID:4712
- C:\Windows\System\GmppHcJ.exe
  C:\Windows\System\GmppHcJ.exe
  2⤵
  PID:4732
- C:\Windows\System\RzemCwE.exe
  C:\Windows\System\RzemCwE.exe
  2⤵
  PID:4752
- C:\Windows\System\tiLzCHH.exe
  C:\Windows\System\tiLzCHH.exe
  2⤵
  PID:4768
- C:\Windows\System\fXaPaBh.exe
  C:\Windows\System\fXaPaBh.exe
  2⤵
  PID:4792
- C:\Windows\System\bhTAjDB.exe
  C:\Windows\System\bhTAjDB.exe
  2⤵
  PID:4808
- C:\Windows\System\aTiXVVT.exe
  C:\Windows\System\aTiXVVT.exe
  2⤵
  PID:4832
- C:\Windows\System\yrdhPkX.exe
  C:\Windows\System\yrdhPkX.exe
  2⤵
  PID:4852
- C:\Windows\System\aDzgIlq.exe
  C:\Windows\System\aDzgIlq.exe
  2⤵
  PID:4872
- C:\Windows\System\xZjbxyw.exe
  C:\Windows\System\xZjbxyw.exe
  2⤵
  PID:4892
- C:\Windows\System\yCcunbf.exe
  C:\Windows\System\yCcunbf.exe
  2⤵
  PID:4916
- C:\Windows\System\dEWlTez.exe
  C:\Windows\System\dEWlTez.exe
  2⤵
  PID:4936
- C:\Windows\System\dseOdSS.exe
  C:\Windows\System\dseOdSS.exe
  2⤵
  PID:4952
- C:\Windows\System\oXQEtnG.exe
  C:\Windows\System\oXQEtnG.exe
  2⤵
  PID:4972
- C:\Windows\System\yYqRcTJ.exe
  C:\Windows\System\yYqRcTJ.exe
  2⤵
  PID:4992
- C:\Windows\System\EHXbUqo.exe
  C:\Windows\System\EHXbUqo.exe
  2⤵
  PID:5008
- C:\Windows\System\sLFStfN.exe
  C:\Windows\System\sLFStfN.exe
  2⤵
  PID:5036
- C:\Windows\System\UeytWYX.exe
  C:\Windows\System\UeytWYX.exe
  2⤵
  PID:5052
- C:\Windows\System\GkIEgCI.exe
  C:\Windows\System\GkIEgCI.exe
  2⤵
  PID:5072
- C:\Windows\System\qpxSaki.exe
  C:\Windows\System\qpxSaki.exe
  2⤵
  PID:5096
- C:\Windows\System\xiVwquJ.exe
  C:\Windows\System\xiVwquJ.exe
  2⤵
  PID:3840
- C:\Windows\System\TGrmfHD.exe
  C:\Windows\System\TGrmfHD.exe
  2⤵
  PID:4000
- C:\Windows\System\WIAhMwz.exe
  C:\Windows\System\WIAhMwz.exe
  2⤵
  PID:3652
- C:\Windows\System\czGzqCb.exe
  C:\Windows\System\czGzqCb.exe
  2⤵
  PID:3476
- C:\Windows\System\kWzsarM.exe
  C:\Windows\System\kWzsarM.exe
  2⤵
  PID:3816
- C:\Windows\System\AmbeLNJ.exe
  C:\Windows\System\AmbeLNJ.exe
  2⤵
  PID:3852
- C:\Windows\System\cOhERbM.exe
  C:\Windows\System\cOhERbM.exe
  2⤵
  PID:3960
- C:\Windows\System\tdDjOYq.exe
  C:\Windows\System\tdDjOYq.exe
  2⤵
  PID:2084
- C:\Windows\System\yLtNviN.exe
  C:\Windows\System\yLtNviN.exe
  2⤵
  PID:1688
- C:\Windows\System\vmvdOBs.exe
  C:\Windows\System\vmvdOBs.exe
  2⤵
  PID:3076
- C:\Windows\System\UDfFQLY.exe
  C:\Windows\System\UDfFQLY.exe
  2⤵
  PID:3720
- C:\Windows\System\MvOQDal.exe
  C:\Windows\System\MvOQDal.exe
  2⤵
  PID:4188
- C:\Windows\System\FoJIZJy.exe
  C:\Windows\System\FoJIZJy.exe
  2⤵
  PID:3276
- C:\Windows\System\mYgXiFs.exe
  C:\Windows\System\mYgXiFs.exe
  2⤵
  PID:4268
- C:\Windows\System\hhKSBSc.exe
  C:\Windows\System\hhKSBSc.exe
  2⤵
  PID:4336
- C:\Windows\System\CrDOrMq.exe
  C:\Windows\System\CrDOrMq.exe
  2⤵
  PID:3440
- C:\Windows\System\gsZodGC.exe
  C:\Windows\System\gsZodGC.exe
  2⤵
  PID:4120
- C:\Windows\System\OaPhpZR.exe
  C:\Windows\System\OaPhpZR.exe
  2⤵
  PID:3320
- C:\Windows\System\yiMgltf.exe
  C:\Windows\System\yiMgltf.exe
  2⤵
  PID:1752
- C:\Windows\System\nJMXlrh.exe
  C:\Windows\System\nJMXlrh.exe
  2⤵
  PID:3712
- C:\Windows\System\OUXYQoU.exe
  C:\Windows\System\OUXYQoU.exe
  2⤵
  PID:4208
- C:\Windows\System\hFfdBKE.exe
  C:\Windows\System\hFfdBKE.exe
  2⤵
  PID:4220
- C:\Windows\System\sRRstYE.exe
  C:\Windows\System\sRRstYE.exe
  2⤵
  PID:4372
- C:\Windows\System\NXhuJuh.exe
  C:\Windows\System\NXhuJuh.exe
  2⤵
  PID:4408
- C:\Windows\System\XDwDRWv.exe
  C:\Windows\System\XDwDRWv.exe
  2⤵
  PID:4284
- C:\Windows\System\HDHQDGf.exe
  C:\Windows\System\HDHQDGf.exe
  2⤵
  PID:4424
- C:\Windows\System\GjfXfCo.exe
  C:\Windows\System\GjfXfCo.exe
  2⤵
  PID:4480
- C:\Windows\System\ZYmotHT.exe
  C:\Windows\System\ZYmotHT.exe
  2⤵
  PID:4488
- C:\Windows\System\DYwbaJr.exe
  C:\Windows\System\DYwbaJr.exe
  2⤵
  PID:4516
- C:\Windows\System\FMBbxeY.exe
  C:\Windows\System\FMBbxeY.exe
  2⤵
  PID:4556
- C:\Windows\System\mIuDkKY.exe
  C:\Windows\System\mIuDkKY.exe
  2⤵
  PID:4604
- C:\Windows\System\fFWktht.exe
  C:\Windows\System\fFWktht.exe
  2⤵
  PID:4644
- C:\Windows\System\UiMCAmx.exe
  C:\Windows\System\UiMCAmx.exe
  2⤵
  PID:4688
- C:\Windows\System\kijkQku.exe
  C:\Windows\System\kijkQku.exe
  2⤵
  PID:4780
- C:\Windows\System\nqGYxWv.exe
  C:\Windows\System\nqGYxWv.exe
  2⤵
  PID:4828
- C:\Windows\System\EPvAtQZ.exe
  C:\Windows\System\EPvAtQZ.exe
  2⤵
  PID:4728
- C:\Windows\System\vzJYFDg.exe
  C:\Windows\System\vzJYFDg.exe
  2⤵
  PID:4804
- C:\Windows\System\jliHfSO.exe
  C:\Windows\System\jliHfSO.exe
  2⤵
  PID:4848
- C:\Windows\System\FBmwbYV.exe
  C:\Windows\System\FBmwbYV.exe
  2⤵
  PID:4888
- C:\Windows\System\Qzpvlnr.exe
  C:\Windows\System\Qzpvlnr.exe
  2⤵
  PID:4928
- C:\Windows\System\tpqrhZB.exe
  C:\Windows\System\tpqrhZB.exe
  2⤵
  PID:5020
- C:\Windows\System\AbARcHx.exe
  C:\Windows\System\AbARcHx.exe
  2⤵
  PID:4964
- C:\Windows\System\KcqVqsg.exe
  C:\Windows\System\KcqVqsg.exe
  2⤵
  PID:5064
- C:\Windows\System\kYCflnM.exe
  C:\Windows\System\kYCflnM.exe
  2⤵
  PID:5112
- C:\Windows\System\nAUkWje.exe
  C:\Windows\System\nAUkWje.exe
  2⤵
  PID:3736
- C:\Windows\System\hydgcSq.exe
  C:\Windows\System\hydgcSq.exe
  2⤵
  PID:3924
- C:\Windows\System\fHQAFjM.exe
  C:\Windows\System\fHQAFjM.exe
  2⤵
  PID:2744
- C:\Windows\System\GfWqZUm.exe
  C:\Windows\System\GfWqZUm.exe
  2⤵
  PID:5048
- C:\Windows\System\GPtUPxf.exe
  C:\Windows\System\GPtUPxf.exe
  2⤵
  PID:5084
- C:\Windows\System\cTCpLwe.exe
  C:\Windows\System\cTCpLwe.exe
  2⤵
  PID:2772
- C:\Windows\System\pOBYHBe.exe
  C:\Windows\System\pOBYHBe.exe
  2⤵
  PID:2056
- C:\Windows\System\YkXVRJR.exe
  C:\Windows\System\YkXVRJR.exe
  2⤵
  PID:2656
- C:\Windows\System\MjJRQRG.exe
  C:\Windows\System\MjJRQRG.exe
  2⤵
  PID:3372
- C:\Windows\System\hEfuKtB.exe
  C:\Windows\System\hEfuKtB.exe
  2⤵
  PID:4236
- C:\Windows\System\rEjwiTd.exe
  C:\Windows\System\rEjwiTd.exe
  2⤵
  PID:3092
- C:\Windows\System\vpsKllN.exe
  C:\Windows\System\vpsKllN.exe
  2⤵
  PID:4400
- C:\Windows\System\PRjnpeR.exe
  C:\Windows\System\PRjnpeR.exe
  2⤵
  PID:4452
- C:\Windows\System\vaUiYRM.exe
  C:\Windows\System\vaUiYRM.exe
  2⤵
  PID:3796
- C:\Windows\System\mcTkjQJ.exe
  C:\Windows\System\mcTkjQJ.exe
  2⤵
  PID:4272
- C:\Windows\System\pPRKirc.exe
  C:\Windows\System\pPRKirc.exe
  2⤵
  PID:4432
- C:\Windows\System\UcXToYq.exe
  C:\Windows\System\UcXToYq.exe
  2⤵
  PID:4324
- C:\Windows\System\dhBmlSe.exe
  C:\Windows\System\dhBmlSe.exe
  2⤵
  PID:4540
- C:\Windows\System\FavzdsD.exe
  C:\Windows\System\FavzdsD.exe
  2⤵
  PID:4524
- C:\Windows\System\hYjcnWn.exe
  C:\Windows\System\hYjcnWn.exe
  2⤵
  PID:4668
- C:\Windows\System\CSqwPqX.exe
  C:\Windows\System\CSqwPqX.exe
  2⤵
  PID:4600
- C:\Windows\System\WHUuLwp.exe
  C:\Windows\System\WHUuLwp.exe
  2⤵
  PID:4640
- C:\Windows\System\VOmkjwk.exe
  C:\Windows\System\VOmkjwk.exe
  2⤵
  PID:4748
- C:\Windows\System\WKGAvSo.exe
  C:\Windows\System\WKGAvSo.exe
  2⤵
  PID:4868
- C:\Windows\System\hIcAKze.exe
  C:\Windows\System\hIcAKze.exe
  2⤵
  PID:4840
- C:\Windows\System\bcybxFf.exe
  C:\Windows\System\bcybxFf.exe
  2⤵
  PID:4880
- C:\Windows\System\wpDsLZx.exe
  C:\Windows\System\wpDsLZx.exe
  2⤵
  PID:4948
- C:\Windows\System\LGhvSPb.exe
  C:\Windows\System\LGhvSPb.exe
  2⤵
  PID:5060
- C:\Windows\System\LcuZVHi.exe
  C:\Windows\System\LcuZVHi.exe
  2⤵
  PID:5116
- C:\Windows\System\qfYNMyh.exe
  C:\Windows\System\qfYNMyh.exe
  2⤵
  PID:3916
- C:\Windows\System\RtuFYDN.exe
  C:\Windows\System\RtuFYDN.exe
  2⤵
  PID:2528
- C:\Windows\System\zKRdVml.exe
  C:\Windows\System\zKRdVml.exe
  2⤵
  PID:5080
- C:\Windows\System\SUDMyHl.exe
  C:\Windows\System\SUDMyHl.exe
  2⤵
  PID:4160
- C:\Windows\System\gwNgkET.exe
  C:\Windows\System\gwNgkET.exe
  2⤵
  PID:3260
- C:\Windows\System\GVctAAg.exe
  C:\Windows\System\GVctAAg.exe
  2⤵
  PID:4064
- C:\Windows\System\fMirzDj.exe
  C:\Windows\System\fMirzDj.exe
  2⤵
  PID:4248
- C:\Windows\System\UZGMsTC.exe
  C:\Windows\System\UZGMsTC.exe
  2⤵
  PID:4292
- C:\Windows\System\hkAxvwd.exe
  C:\Windows\System\hkAxvwd.exe
  2⤵
  PID:4168
- C:\Windows\System\ZBXvEWP.exe
  C:\Windows\System\ZBXvEWP.exe
  2⤵
  PID:4436
- C:\Windows\System\gRCsLMI.exe
  C:\Windows\System\gRCsLMI.exe
  2⤵
  PID:4476
- C:\Windows\System\knFkkAm.exe
  C:\Windows\System\knFkkAm.exe
  2⤵
  PID:5124
- C:\Windows\System\kXzBRLd.exe
  C:\Windows\System\kXzBRLd.exe
  2⤵
  PID:5144
- C:\Windows\System\OwdOyWp.exe
  C:\Windows\System\OwdOyWp.exe
  2⤵
  PID:5164
- C:\Windows\System\BeaDuji.exe
  C:\Windows\System\BeaDuji.exe
  2⤵
  PID:5184
- C:\Windows\System\YGBphGD.exe
  C:\Windows\System\YGBphGD.exe
  2⤵
  PID:5204
- C:\Windows\System\kkvHmsN.exe
  C:\Windows\System\kkvHmsN.exe
  2⤵
  PID:5224
- C:\Windows\System\IoeKcWT.exe
  C:\Windows\System\IoeKcWT.exe
  2⤵
  PID:5244
- C:\Windows\System\TJlVhRV.exe
  C:\Windows\System\TJlVhRV.exe
  2⤵
  PID:5264
- C:\Windows\System\dmgUkpG.exe
  C:\Windows\System\dmgUkpG.exe
  2⤵
  PID:5284
- C:\Windows\System\fvhyNZB.exe
  C:\Windows\System\fvhyNZB.exe
  2⤵
  PID:5304
- C:\Windows\System\baJEVAw.exe
  C:\Windows\System\baJEVAw.exe
  2⤵
  PID:5328
- C:\Windows\System\rMIjrDg.exe
  C:\Windows\System\rMIjrDg.exe
  2⤵
  PID:5348
- C:\Windows\System\uGuJvbK.exe
  C:\Windows\System\uGuJvbK.exe
  2⤵
  PID:5368
- C:\Windows\System\ocVXOHm.exe
  C:\Windows\System\ocVXOHm.exe
  2⤵
  PID:5388
- C:\Windows\System\tAtBxLB.exe
  C:\Windows\System\tAtBxLB.exe
  2⤵
  PID:5408
- C:\Windows\System\mNaniUf.exe
  C:\Windows\System\mNaniUf.exe
  2⤵
  PID:5428
- C:\Windows\System\EBrOTrQ.exe
  C:\Windows\System\EBrOTrQ.exe
  2⤵
  PID:5448
- C:\Windows\System\csEcIKw.exe
  C:\Windows\System\csEcIKw.exe
  2⤵
  PID:5468
- C:\Windows\System\zRqvrkF.exe
  C:\Windows\System\zRqvrkF.exe
  2⤵
  PID:5488
- C:\Windows\System\ctOooQL.exe
  C:\Windows\System\ctOooQL.exe
  2⤵
  PID:5512
- C:\Windows\System\QZhpbWG.exe
  C:\Windows\System\QZhpbWG.exe
  2⤵
  PID:5532
- C:\Windows\System\KTsqicT.exe
  C:\Windows\System\KTsqicT.exe
  2⤵
  PID:5552
- C:\Windows\System\dPfNhXc.exe
  C:\Windows\System\dPfNhXc.exe
  2⤵
  PID:5572
- C:\Windows\System\EgvPqBP.exe
  C:\Windows\System\EgvPqBP.exe
  2⤵
  PID:5588
- C:\Windows\System\teUYWUQ.exe
  C:\Windows\System\teUYWUQ.exe
  2⤵
  PID:5612
- C:\Windows\System\LKaLnuS.exe
  C:\Windows\System\LKaLnuS.exe
  2⤵
  PID:5632
- C:\Windows\System\yJyIvNg.exe
  C:\Windows\System\yJyIvNg.exe
  2⤵
  PID:5652
- C:\Windows\System\CLNeiYB.exe
  C:\Windows\System\CLNeiYB.exe
  2⤵
  PID:5672
- C:\Windows\System\PJvbwUZ.exe
  C:\Windows\System\PJvbwUZ.exe
  2⤵
  PID:5692
- C:\Windows\System\IOkhUlk.exe
  C:\Windows\System\IOkhUlk.exe
  2⤵
  PID:5712
- C:\Windows\System\BgaJHzQ.exe
  C:\Windows\System\BgaJHzQ.exe
  2⤵
  PID:5732
- C:\Windows\System\MqwHXxw.exe
  C:\Windows\System\MqwHXxw.exe
  2⤵
  PID:5752
- C:\Windows\System\SiHwVKu.exe
  C:\Windows\System\SiHwVKu.exe
  2⤵
  PID:5772
- C:\Windows\System\ScmXGlG.exe
  C:\Windows\System\ScmXGlG.exe
  2⤵
  PID:5792
- C:\Windows\System\mfAiJfR.exe
  C:\Windows\System\mfAiJfR.exe
  2⤵
  PID:5812
- C:\Windows\System\lWHXsgi.exe
  C:\Windows\System\lWHXsgi.exe
  2⤵
  PID:5832
- C:\Windows\System\vTYWKGC.exe
  C:\Windows\System\vTYWKGC.exe
  2⤵
  PID:5852
- C:\Windows\System\DOgifze.exe
  C:\Windows\System\DOgifze.exe
  2⤵
  PID:5872
- C:\Windows\System\BztDsPU.exe
  C:\Windows\System\BztDsPU.exe
  2⤵
  PID:5892
- C:\Windows\System\kAdesie.exe
  C:\Windows\System\kAdesie.exe
  2⤵
  PID:5912
- C:\Windows\System\pQFLtKJ.exe
  C:\Windows\System\pQFLtKJ.exe
  2⤵
  PID:5932
- C:\Windows\System\uwSPeFM.exe
  C:\Windows\System\uwSPeFM.exe
  2⤵
  PID:5956
- C:\Windows\System\FnWhLRf.exe
  C:\Windows\System\FnWhLRf.exe
  2⤵
  PID:5976
- C:\Windows\System\VbimdIj.exe
  C:\Windows\System\VbimdIj.exe
  2⤵
  PID:5996
- C:\Windows\System\ZDVakxy.exe
  C:\Windows\System\ZDVakxy.exe
  2⤵
  PID:6016
- C:\Windows\System\bqsRYVr.exe
  C:\Windows\System\bqsRYVr.exe
  2⤵
  PID:6036
- C:\Windows\System\sjBIkRz.exe
  C:\Windows\System\sjBIkRz.exe
  2⤵
  PID:6056
- C:\Windows\System\XzIAotK.exe
  C:\Windows\System\XzIAotK.exe
  2⤵
  PID:6076
- C:\Windows\System\WWeUFHA.exe
  C:\Windows\System\WWeUFHA.exe
  2⤵
  PID:6096
- C:\Windows\System\eFmBZkQ.exe
  C:\Windows\System\eFmBZkQ.exe
  2⤵
  PID:6116
- C:\Windows\System\rdQaYHe.exe
  C:\Windows\System\rdQaYHe.exe
  2⤵
  PID:6136
- C:\Windows\System\BmIgcjD.exe
  C:\Windows\System\BmIgcjD.exe
  2⤵
  PID:4664
- C:\Windows\System\pDlcPng.exe
  C:\Windows\System\pDlcPng.exe
  2⤵
  PID:4744
- C:\Windows\System\rWcjhjn.exe
  C:\Windows\System\rWcjhjn.exe
  2⤵
  PID:4724
- C:\Windows\System\WqGCxws.exe
  C:\Windows\System\WqGCxws.exe
  2⤵
  PID:4884
- C:\Windows\System\fDzEXBr.exe
  C:\Windows\System\fDzEXBr.exe
  2⤵
  PID:4980
- C:\Windows\System\ywfMOaT.exe
  C:\Windows\System\ywfMOaT.exe
  2⤵
  PID:5032
- C:\Windows\System\OUXZdtF.exe
  C:\Windows\System\OUXZdtF.exe
  2⤵
  PID:1984
- C:\Windows\System\ZddbeKV.exe
  C:\Windows\System\ZddbeKV.exe
  2⤵
  PID:2780
- C:\Windows\System\MceSxnf.exe
  C:\Windows\System\MceSxnf.exe
  2⤵
  PID:2832
- C:\Windows\System\HcRTDcb.exe
  C:\Windows\System\HcRTDcb.exe
  2⤵
  PID:4056
- C:\Windows\System\mhHJePN.exe
  C:\Windows\System\mhHJePN.exe
  2⤵
  PID:4448
- C:\Windows\System\ZXMGVRf.exe
  C:\Windows\System\ZXMGVRf.exe
  2⤵
  PID:4384
- C:\Windows\System\LmTjBQf.exe
  C:\Windows\System\LmTjBQf.exe
  2⤵
  PID:4472
- C:\Windows\System\aGMoGCj.exe
  C:\Windows\System\aGMoGCj.exe
  2⤵
  PID:5136
- C:\Windows\System\MonuwWF.exe
  C:\Windows\System\MonuwWF.exe
  2⤵
  PID:5180
- C:\Windows\System\DcIPjTz.exe
  C:\Windows\System\DcIPjTz.exe
  2⤵
  PID:5212
- C:\Windows\System\xYHBYVv.exe
  C:\Windows\System\xYHBYVv.exe
  2⤵
  PID:5236
- C:\Windows\System\nPtymlg.exe
  C:\Windows\System\nPtymlg.exe
  2⤵
  PID:5280
- C:\Windows\System\InWFIuE.exe
  C:\Windows\System\InWFIuE.exe
  2⤵
  PID:5320
- C:\Windows\System\llvCUkS.exe
  C:\Windows\System\llvCUkS.exe
  2⤵
  PID:5360
- C:\Windows\System\HjjNemt.exe
  C:\Windows\System\HjjNemt.exe
  2⤵
  PID:5380
- C:\Windows\System\nYqZAXZ.exe
  C:\Windows\System\nYqZAXZ.exe
  2⤵
  PID:5420
- C:\Windows\System\gmiFbtJ.exe
  C:\Windows\System\gmiFbtJ.exe
  2⤵
  PID:5464
- C:\Windows\System\PFHrvRU.exe
  C:\Windows\System\PFHrvRU.exe
  2⤵
  PID:5496
- C:\Windows\System\TTooaqN.exe
  C:\Windows\System\TTooaqN.exe
  2⤵
  PID:5524
- C:\Windows\System\OwvKmfX.exe
  C:\Windows\System\OwvKmfX.exe
  2⤵
  PID:5548
- C:\Windows\System\fbnRdxD.exe
  C:\Windows\System\fbnRdxD.exe
  2⤵
  PID:5580
- C:\Windows\System\IxdzQxS.exe
  C:\Windows\System\IxdzQxS.exe
  2⤵
  PID:5624
- C:\Windows\System\yUMAjLK.exe
  C:\Windows\System\yUMAjLK.exe
  2⤵
  PID:5668
- C:\Windows\System\hzdFfIr.exe
  C:\Windows\System\hzdFfIr.exe
  2⤵
  PID:5700
- C:\Windows\System\lTuaXTJ.exe
  C:\Windows\System\lTuaXTJ.exe
  2⤵
  PID:5724
- C:\Windows\System\jLNEOkN.exe
  C:\Windows\System\jLNEOkN.exe
  2⤵
  PID:5744
- C:\Windows\System\sMgBlTH.exe
  C:\Windows\System\sMgBlTH.exe
  2⤵
  PID:5788
- C:\Windows\System\ZbYxUzE.exe
  C:\Windows\System\ZbYxUzE.exe
  2⤵
  PID:5824
- C:\Windows\System\TRsdrZt.exe
  C:\Windows\System\TRsdrZt.exe
  2⤵
  PID:5860
- C:\Windows\System\RquKZPk.exe
  C:\Windows\System\RquKZPk.exe
  2⤵
  PID:5884
- C:\Windows\System\VBLZqun.exe
  C:\Windows\System\VBLZqun.exe
  2⤵
  PID:5928
- C:\Windows\System\gYKgxau.exe
  C:\Windows\System\gYKgxau.exe
  2⤵
  PID:5964
- C:\Windows\System\RhoiNEa.exe
  C:\Windows\System\RhoiNEa.exe
  2⤵
  PID:6004
- C:\Windows\System\EdPjGjG.exe
  C:\Windows\System\EdPjGjG.exe
  2⤵
  PID:6032
- C:\Windows\System\zfSaNxq.exe
  C:\Windows\System\zfSaNxq.exe
  2⤵
  PID:6064
- C:\Windows\System\jAsxlqB.exe
  C:\Windows\System\jAsxlqB.exe
  2⤵
  PID:6088
- C:\Windows\System\ajNINaM.exe
  C:\Windows\System\ajNINaM.exe
  2⤵
  PID:6108
- C:\Windows\System\linjFbd.exe
  C:\Windows\System\linjFbd.exe
  2⤵
  PID:4672
- C:\Windows\System\KqtQNiE.exe
  C:\Windows\System\KqtQNiE.exe
  2⤵
  PID:4760
- C:\Windows\System\dcvasdN.exe
  C:\Windows\System\dcvasdN.exe
  2⤵
  PID:5016
- C:\Windows\System\YDNkwmq.exe
  C:\Windows\System\YDNkwmq.exe
  2⤵
  PID:3620
- C:\Windows\System\YAUqJHB.exe
  C:\Windows\System\YAUqJHB.exe
  2⤵
  PID:5004
- C:\Windows\System\nGTdmKG.exe
  C:\Windows\System\nGTdmKG.exe
  2⤵
  PID:2352
- C:\Windows\System\xTMcmRD.exe
  C:\Windows\System\xTMcmRD.exe
  2⤵
  PID:3592
- C:\Windows\System\SoeWKZy.exe
  C:\Windows\System\SoeWKZy.exe
  2⤵
  PID:4352
- C:\Windows\System\FSIcbcm.exe
  C:\Windows\System\FSIcbcm.exe
  2⤵
  PID:5132
- C:\Windows\System\KDNeqqc.exe
  C:\Windows\System\KDNeqqc.exe
  2⤵
  PID:5176
- C:\Windows\System\hwBhAPH.exe
  C:\Windows\System\hwBhAPH.exe
  2⤵
  PID:5232
- C:\Windows\System\AeIsRqm.exe
  C:\Windows\System\AeIsRqm.exe
  2⤵
  PID:5364
- C:\Windows\System\oJjOkKk.exe
  C:\Windows\System\oJjOkKk.exe
  2⤵
  PID:5384
- C:\Windows\System\xKuUuNe.exe
  C:\Windows\System\xKuUuNe.exe
  2⤵
  PID:5444
- C:\Windows\System\CqADxDi.exe
  C:\Windows\System\CqADxDi.exe
  2⤵
  PID:5484
- C:\Windows\System\TDPmJRe.exe
  C:\Windows\System\TDPmJRe.exe
  2⤵
  PID:5520
- C:\Windows\System\bUSkocK.exe
  C:\Windows\System\bUSkocK.exe
  2⤵
  PID:5600
- C:\Windows\System\SFpTFwt.exe
  C:\Windows\System\SFpTFwt.exe
  2⤵
  PID:5688
- C:\Windows\System\MkkpuJM.exe
  C:\Windows\System\MkkpuJM.exe
  2⤵
  PID:5768
- C:\Windows\System\xqsLIwx.exe
  C:\Windows\System\xqsLIwx.exe
  2⤵
  PID:5780
- C:\Windows\System\wgELFNd.exe
  C:\Windows\System\wgELFNd.exe
  2⤵
  PID:5820
- C:\Windows\System\bORaxVC.exe
  C:\Windows\System\bORaxVC.exe
  2⤵
  PID:5888
- C:\Windows\System\pvIugUv.exe
  C:\Windows\System\pvIugUv.exe
  2⤵
  PID:5940
- C:\Windows\System\qKIQXwC.exe
  C:\Windows\System\qKIQXwC.exe
  2⤵
  PID:5992
- C:\Windows\System\gTcjRLH.exe
  C:\Windows\System\gTcjRLH.exe
  2⤵
  PID:6084
- C:\Windows\System\KFlKyxp.exe
  C:\Windows\System\KFlKyxp.exe
  2⤵
  PID:6112
- C:\Windows\System\jQDojjY.exe
  C:\Windows\System\jQDojjY.exe
  2⤵
  PID:4468
- C:\Windows\System\srOnQvu.exe
  C:\Windows\System\srOnQvu.exe
  2⤵
  PID:4900
- C:\Windows\System\qkKDVwX.exe
  C:\Windows\System\qkKDVwX.exe
  2⤵
  PID:4104
- C:\Windows\System\hMUEBle.exe
  C:\Windows\System\hMUEBle.exe
  2⤵
  PID:2740
- C:\Windows\System\vUkFyQm.exe
  C:\Windows\System\vUkFyQm.exe
  2⤵
  PID:4544
- C:\Windows\System\VvGCRtz.exe
  C:\Windows\System\VvGCRtz.exe
  2⤵
  PID:4368
- C:\Windows\System\tBaXkdZ.exe
  C:\Windows\System\tBaXkdZ.exe
  2⤵
  PID:5240
- C:\Windows\System\MVTZfkE.exe
  C:\Windows\System\MVTZfkE.exe
  2⤵
  PID:5340
- C:\Windows\System\VhERnGU.exe
  C:\Windows\System\VhERnGU.exe
  2⤵
  PID:5400
- C:\Windows\System\DtRblyU.exe
  C:\Windows\System\DtRblyU.exe
  2⤵
  PID:6152
- C:\Windows\System\NCKSFRj.exe
  C:\Windows\System\NCKSFRj.exe
  2⤵
  PID:6172
- C:\Windows\System\NCisNST.exe
  C:\Windows\System\NCisNST.exe
  2⤵
  PID:6192
- C:\Windows\System\sugCHhy.exe
  C:\Windows\System\sugCHhy.exe
  2⤵
  PID:6212
- C:\Windows\System\eYslbfg.exe
  C:\Windows\System\eYslbfg.exe
  2⤵
  PID:6236
- C:\Windows\System\jqMbyPT.exe
  C:\Windows\System\jqMbyPT.exe
  2⤵
  PID:6256
- C:\Windows\System\hScAOEa.exe
  C:\Windows\System\hScAOEa.exe
  2⤵
  PID:6276
- C:\Windows\System\iaMvySf.exe
  C:\Windows\System\iaMvySf.exe
  2⤵
  PID:6296
- C:\Windows\System\hYAVrzU.exe
  C:\Windows\System\hYAVrzU.exe
  2⤵
  PID:6316
- C:\Windows\System\kGMRItq.exe
  C:\Windows\System\kGMRItq.exe
  2⤵
  PID:6336
- C:\Windows\System\XWQgQQW.exe
  C:\Windows\System\XWQgQQW.exe
  2⤵
  PID:6356
- C:\Windows\System\cMsTtkB.exe
  C:\Windows\System\cMsTtkB.exe
  2⤵
  PID:6376
- C:\Windows\System\ntbeQPx.exe
  C:\Windows\System\ntbeQPx.exe
  2⤵
  PID:6396
- C:\Windows\System\XSuVoZK.exe
  C:\Windows\System\XSuVoZK.exe
  2⤵
  PID:6416
- C:\Windows\System\DdEogWm.exe
  C:\Windows\System\DdEogWm.exe
  2⤵
  PID:6436
- C:\Windows\System\uMUQxnN.exe
  C:\Windows\System\uMUQxnN.exe
  2⤵
  PID:6456
- C:\Windows\System\eiOkICJ.exe
  C:\Windows\System\eiOkICJ.exe
  2⤵
  PID:6476
- C:\Windows\System\dGXBhPD.exe
  C:\Windows\System\dGXBhPD.exe
  2⤵
  PID:6496
- C:\Windows\System\opDTksV.exe
  C:\Windows\System\opDTksV.exe
  2⤵
  PID:6516
- C:\Windows\System\xCPcuPz.exe
  C:\Windows\System\xCPcuPz.exe
  2⤵
  PID:6536
- C:\Windows\System\BojzWBE.exe
  C:\Windows\System\BojzWBE.exe
  2⤵
  PID:6556
- C:\Windows\System\IAmQghK.exe
  C:\Windows\System\IAmQghK.exe
  2⤵
  PID:6576
- C:\Windows\System\xZGLOzt.exe
  C:\Windows\System\xZGLOzt.exe
  2⤵
  PID:6596
- C:\Windows\System\OlVJqRT.exe
  C:\Windows\System\OlVJqRT.exe
  2⤵
  PID:6616
- C:\Windows\System\UUHzlbV.exe
  C:\Windows\System\UUHzlbV.exe
  2⤵
  PID:6636
- C:\Windows\System\VKbVYlR.exe
  C:\Windows\System\VKbVYlR.exe
  2⤵
  PID:6656
- C:\Windows\System\IuonCrP.exe
  C:\Windows\System\IuonCrP.exe
  2⤵
  PID:6676
- C:\Windows\System\UqlemJO.exe
  C:\Windows\System\UqlemJO.exe
  2⤵
  PID:6696
- C:\Windows\System\qiSVSiE.exe
  C:\Windows\System\qiSVSiE.exe
  2⤵
  PID:6716
- C:\Windows\System\ZQJBRcB.exe
  C:\Windows\System\ZQJBRcB.exe
  2⤵
  PID:6736
- C:\Windows\System\eotnvZl.exe
  C:\Windows\System\eotnvZl.exe
  2⤵
  PID:6756
- C:\Windows\System\rfwBmab.exe
  C:\Windows\System\rfwBmab.exe
  2⤵
  PID:6776
- C:\Windows\System\FOBVvet.exe
  C:\Windows\System\FOBVvet.exe
  2⤵
  PID:6796
- C:\Windows\System\wPQVQmP.exe
  C:\Windows\System\wPQVQmP.exe
  2⤵
  PID:6816
- C:\Windows\System\VeAwuRN.exe
  C:\Windows\System\VeAwuRN.exe
  2⤵
  PID:6836
- C:\Windows\System\dZbRLwe.exe
  C:\Windows\System\dZbRLwe.exe
  2⤵
  PID:6856
- C:\Windows\System\jYYvhqH.exe
  C:\Windows\System\jYYvhqH.exe
  2⤵
  PID:6876
- C:\Windows\System\cUgwwaj.exe
  C:\Windows\System\cUgwwaj.exe
  2⤵
  PID:6896
- C:\Windows\System\FsskNRs.exe
  C:\Windows\System\FsskNRs.exe
  2⤵
  PID:6916
- C:\Windows\System\ODffVtp.exe
  C:\Windows\System\ODffVtp.exe
  2⤵
  PID:6940
- C:\Windows\System\BgWDadq.exe
  C:\Windows\System\BgWDadq.exe
  2⤵
  PID:6960
- C:\Windows\System\ccwhKGS.exe
  C:\Windows\System\ccwhKGS.exe
  2⤵
  PID:6980
- C:\Windows\System\NNDYhbF.exe
  C:\Windows\System\NNDYhbF.exe
  2⤵
  PID:7000
- C:\Windows\System\xnmGCNz.exe
  C:\Windows\System\xnmGCNz.exe
  2⤵
  PID:7020
- C:\Windows\System\oBtCKlT.exe
  C:\Windows\System\oBtCKlT.exe
  2⤵
  PID:7040
- C:\Windows\System\FJYgxsY.exe
  C:\Windows\System\FJYgxsY.exe
  2⤵
  PID:7060
- C:\Windows\System\TpSkuPq.exe
  C:\Windows\System\TpSkuPq.exe
  2⤵
  PID:7080
- C:\Windows\System\JFouSpE.exe
  C:\Windows\System\JFouSpE.exe
  2⤵
  PID:7100
- C:\Windows\System\onueYtd.exe
  C:\Windows\System\onueYtd.exe
  2⤵
  PID:7120
- C:\Windows\System\AMQaTui.exe
  C:\Windows\System\AMQaTui.exe
  2⤵
  PID:7140
- C:\Windows\System\mWKcLMk.exe
  C:\Windows\System\mWKcLMk.exe
  2⤵
  PID:7156
- C:\Windows\System\wpBTWva.exe
  C:\Windows\System\wpBTWva.exe
  2⤵
  PID:5564
- C:\Windows\System\AkaXKEu.exe
  C:\Windows\System\AkaXKEu.exe
  2⤵
  PID:5704
- C:\Windows\System\CDmxuAZ.exe
  C:\Windows\System\CDmxuAZ.exe
  2⤵
  PID:5804
- C:\Windows\System\zxBncXR.exe
  C:\Windows\System\zxBncXR.exe
  2⤵
  PID:2828
- C:\Windows\System\TgcOfBR.exe
  C:\Windows\System\TgcOfBR.exe
  2⤵
  PID:5908
- C:\Windows\System\XWCtcAC.exe
  C:\Windows\System\XWCtcAC.exe
  2⤵
  PID:5984
- C:\Windows\System\hoVWExn.exe
  C:\Windows\System\hoVWExn.exe
  2⤵
  PID:6048
- C:\Windows\System\WfCYYkg.exe
  C:\Windows\System\WfCYYkg.exe
  2⤵
  PID:4960
- C:\Windows\System\qaOZhsV.exe
  C:\Windows\System\qaOZhsV.exe
  2⤵
  PID:3740
- C:\Windows\System\qSYbkva.exe
  C:\Windows\System\qSYbkva.exe
  2⤵
  PID:5140
- C:\Windows\System\ZTdHtTb.exe
  C:\Windows\System\ZTdHtTb.exe
  2⤵
  PID:5156
- C:\Windows\System\rRyWNwt.exe
  C:\Windows\System\rRyWNwt.exe
  2⤵
  PID:5456
- C:\Windows\System\vfJfGXP.exe
  C:\Windows\System\vfJfGXP.exe
  2⤵
  PID:5440
- C:\Windows\System\OZkpbkX.exe
  C:\Windows\System\OZkpbkX.exe
  2⤵
  PID:6188
- C:\Windows\System\aNjQiOD.exe
  C:\Windows\System\aNjQiOD.exe
  2⤵
  PID:6224
- C:\Windows\System\hEhbIEu.exe
  C:\Windows\System\hEhbIEu.exe
  2⤵
  PID:6272
- C:\Windows\System\LnTssXu.exe
  C:\Windows\System\LnTssXu.exe
  2⤵
  PID:6304
- C:\Windows\System\SrdEPQx.exe
  C:\Windows\System\SrdEPQx.exe
  2⤵
  PID:6328
- C:\Windows\System\FerInks.exe
  C:\Windows\System\FerInks.exe
  2⤵
  PID:6372
- C:\Windows\System\FYlBTos.exe
  C:\Windows\System\FYlBTos.exe
  2⤵
  PID:6404
- C:\Windows\System\lbYBifw.exe
  C:\Windows\System\lbYBifw.exe
  2⤵
  PID:6444
- C:\Windows\System\LSPGZem.exe
  C:\Windows\System\LSPGZem.exe
  2⤵
  PID:6484
- C:\Windows\System\AcQqSpV.exe
  C:\Windows\System\AcQqSpV.exe
  2⤵
  PID:6488
- C:\Windows\System\nIGGgGG.exe
  C:\Windows\System\nIGGgGG.exe
  2⤵
  PID:6524
- C:\Windows\System\IFYZIkN.exe
  C:\Windows\System\IFYZIkN.exe
  2⤵
  PID:6564
- C:\Windows\System\aQblbdU.exe
  C:\Windows\System\aQblbdU.exe
  2⤵
  PID:1972
- C:\Windows\System\Gicsfuu.exe
  C:\Windows\System\Gicsfuu.exe
  2⤵
  PID:6612
- C:\Windows\System\vUJeRwf.exe
  C:\Windows\System\vUJeRwf.exe
  2⤵
  PID:2024
- C:\Windows\System\ctNwhAS.exe
  C:\Windows\System\ctNwhAS.exe
  2⤵
  PID:6652
- C:\Windows\System\DpkHjKE.exe
  C:\Windows\System\DpkHjKE.exe
  2⤵
  PID:6684
- C:\Windows\System\dbbvNGN.exe
  C:\Windows\System\dbbvNGN.exe
  2⤵
  PID:6724
- C:\Windows\System\wfzxVef.exe
  C:\Windows\System\wfzxVef.exe
  2⤵
  PID:6744
- C:\Windows\System\SaoiMeo.exe
  C:\Windows\System\SaoiMeo.exe
  2⤵
  PID:6772
- C:\Windows\System\KBFAIRt.exe
  C:\Windows\System\KBFAIRt.exe
  2⤵
  PID:6792
- C:\Windows\System\sSvGkEr.exe
  C:\Windows\System\sSvGkEr.exe
  2⤵
  PID:6824
- C:\Windows\System\XtEHvsn.exe
  C:\Windows\System\XtEHvsn.exe
  2⤵
  PID:6884
- C:\Windows\System\VXFDUKG.exe
  C:\Windows\System\VXFDUKG.exe
  2⤵
  PID:6868
- C:\Windows\System\OTUTTkL.exe
  C:\Windows\System\OTUTTkL.exe
  2⤵
  PID:6912
- C:\Windows\System\vJGVHqN.exe
  C:\Windows\System\vJGVHqN.exe
  2⤵
  PID:6972
- C:\Windows\System\lOrJWcH.exe
  C:\Windows\System\lOrJWcH.exe
  2⤵
  PID:7016
- C:\Windows\System\gQYKTHj.exe
  C:\Windows\System\gQYKTHj.exe
  2⤵
  PID:2148
- C:\Windows\System\IShBbhB.exe
  C:\Windows\System\IShBbhB.exe
  2⤵
  PID:7056
- C:\Windows\System\NdhwDns.exe
  C:\Windows\System\NdhwDns.exe
  2⤵
  PID:7076
- C:\Windows\System\ILXBllU.exe
  C:\Windows\System\ILXBllU.exe
  2⤵
  PID:7116
- C:\Windows\System\qtpZKEg.exe
  C:\Windows\System\qtpZKEg.exe
  2⤵
  PID:5540
- C:\Windows\System\OgSrpWr.exe
  C:\Windows\System\OgSrpWr.exe
  2⤵
  PID:5584
- C:\Windows\System\lXXOIxq.exe
  C:\Windows\System\lXXOIxq.exe
  2⤵
  PID:5684
- C:\Windows\System\ABOcwaA.exe
  C:\Windows\System\ABOcwaA.exe
  2⤵
  PID:5800
- C:\Windows\System\vYNVkrG.exe
  C:\Windows\System\vYNVkrG.exe
  2⤵
  PID:4624
- C:\Windows\System\WtQYofo.exe
  C:\Windows\System\WtQYofo.exe
  2⤵
  PID:4984
- C:\Windows\System\YOaOnBT.exe
  C:\Windows\System\YOaOnBT.exe
  2⤵
  PID:5424
- C:\Windows\System\quGscXQ.exe
  C:\Windows\System\quGscXQ.exe
  2⤵
  PID:5336
- C:\Windows\System\DORSkUi.exe
  C:\Windows\System\DORSkUi.exe
  2⤵
  PID:6160
- C:\Windows\System\LtCWRdO.exe
  C:\Windows\System\LtCWRdO.exe
  2⤵
  PID:6228
- C:\Windows\System\PVAvMui.exe
  C:\Windows\System\PVAvMui.exe
  2⤵
  PID:6288
- C:\Windows\System\tjdPWSa.exe
  C:\Windows\System\tjdPWSa.exe
  2⤵
  PID:6248
- C:\Windows\System\elzErbp.exe
  C:\Windows\System\elzErbp.exe
  2⤵
  PID:6324
- C:\Windows\System\URyxzIB.exe
  C:\Windows\System\URyxzIB.exe
  2⤵
  PID:6452
- C:\Windows\System\xpilVXM.exe
  C:\Windows\System\xpilVXM.exe
  2⤵
  PID:6532
- C:\Windows\System\GfZPktw.exe
  C:\Windows\System\GfZPktw.exe
  2⤵
  PID:6592
- C:\Windows\System\TZSYPbL.exe
  C:\Windows\System\TZSYPbL.exe
  2⤵
  PID:6504
- C:\Windows\System\wHaxiQj.exe
  C:\Windows\System\wHaxiQj.exe
  2⤵
  PID:6644
- C:\Windows\System\dKqAEnv.exe
  C:\Windows\System\dKqAEnv.exe
  2⤵
  PID:6704
- C:\Windows\System\sNRKXdR.exe
  C:\Windows\System\sNRKXdR.exe
  2⤵
  PID:6752
- C:\Windows\System\slmGkfk.exe
  C:\Windows\System\slmGkfk.exe
  2⤵
  PID:2592
- C:\Windows\System\joLxsov.exe
  C:\Windows\System\joLxsov.exe
  2⤵
  PID:6804
- C:\Windows\System\wHqsuOG.exe
  C:\Windows\System\wHqsuOG.exe
  2⤵
  PID:6852
- C:\Windows\System\eGxqrKC.exe
  C:\Windows\System\eGxqrKC.exe
  2⤵
  PID:6976
- C:\Windows\System\cnHIFZc.exe
  C:\Windows\System\cnHIFZc.exe
  2⤵
  PID:6992
- C:\Windows\System\iAfFzdK.exe
  C:\Windows\System\iAfFzdK.exe
  2⤵
  PID:7068
- C:\Windows\System\KVsHeKc.exe
  C:\Windows\System\KVsHeKc.exe
  2⤵
  PID:7092
- C:\Windows\System\HCxUEdW.exe
  C:\Windows\System\HCxUEdW.exe
  2⤵
  PID:7108
- C:\Windows\System\aFbQwkl.exe
  C:\Windows\System\aFbQwkl.exe
  2⤵
  PID:7152
- C:\Windows\System\VPJSbEG.exe
  C:\Windows\System\VPJSbEG.exe
  2⤵
  PID:6092
- C:\Windows\System\xQBtgrj.exe
  C:\Windows\System\xQBtgrj.exe
  2⤵
  PID:5216
- C:\Windows\System\lXYpzbM.exe
  C:\Windows\System\lXYpzbM.exe
  2⤵
  PID:4536
- C:\Windows\System\SIUJXqa.exe
  C:\Windows\System\SIUJXqa.exe
  2⤵
  PID:4252
- C:\Windows\System\ZGYowgA.exe
  C:\Windows\System\ZGYowgA.exe
  2⤵
  PID:6180
- C:\Windows\System\NrjVkHZ.exe
  C:\Windows\System\NrjVkHZ.exe
  2⤵
  PID:6308
- C:\Windows\System\mxunJns.exe
  C:\Windows\System\mxunJns.exe
  2⤵
  PID:6468
- C:\Windows\System\IRANtOa.exe
  C:\Windows\System\IRANtOa.exe
  2⤵
  PID:6512
- C:\Windows\System\AvxGaVs.exe
  C:\Windows\System\AvxGaVs.exe
  2⤵
  PID:6552
- C:\Windows\System\SyDWFWI.exe
  C:\Windows\System\SyDWFWI.exe
  2⤵
  PID:6632
- C:\Windows\System\ErwZfJw.exe
  C:\Windows\System\ErwZfJw.exe
  2⤵
  PID:3048
- C:\Windows\System\MgRgUdF.exe
  C:\Windows\System\MgRgUdF.exe
  2⤵
  PID:6788
- C:\Windows\System\VPDLSnH.exe
  C:\Windows\System\VPDLSnH.exe
  2⤵
  PID:2868
- C:\Windows\System\GAkRAdZ.exe
  C:\Windows\System\GAkRAdZ.exe
  2⤵
  PID:7048
- C:\Windows\System\DGxsSzx.exe
  C:\Windows\System\DGxsSzx.exe
  2⤵
  PID:7008
- C:\Windows\System\ecCbfri.exe
  C:\Windows\System\ecCbfri.exe
  2⤵
  PID:7164
- C:\Windows\System\Sgujqvp.exe
  C:\Windows\System\Sgujqvp.exe
  2⤵
  PID:6124
- C:\Windows\System\tSnAcxc.exe
  C:\Windows\System\tSnAcxc.exe
  2⤵
  PID:7180
- C:\Windows\System\BRsDTqF.exe
  C:\Windows\System\BRsDTqF.exe
  2⤵
  PID:7200
- C:\Windows\System\aynAfeG.exe
  C:\Windows\System\aynAfeG.exe
  2⤵
  PID:7216
- C:\Windows\System\pranpca.exe
  C:\Windows\System\pranpca.exe
  2⤵
  PID:7236
- C:\Windows\System\vRgUcot.exe
  C:\Windows\System\vRgUcot.exe
  2⤵
  PID:7260
- C:\Windows\System\lggklGc.exe
  C:\Windows\System\lggklGc.exe
  2⤵
  PID:7280
- C:\Windows\System\uxILSmO.exe
  C:\Windows\System\uxILSmO.exe
  2⤵
  PID:7300
- C:\Windows\System\sQWjysn.exe
  C:\Windows\System\sQWjysn.exe
  2⤵
  PID:7320
- C:\Windows\System\YcRJTZg.exe
  C:\Windows\System\YcRJTZg.exe
  2⤵
  PID:7340
- C:\Windows\System\rwFlMAb.exe
  C:\Windows\System\rwFlMAb.exe
  2⤵
  PID:7360
- C:\Windows\System\MbiFJFl.exe
  C:\Windows\System\MbiFJFl.exe
  2⤵
  PID:7380
- C:\Windows\System\phKVjDI.exe
  C:\Windows\System\phKVjDI.exe
  2⤵
  PID:7400
- C:\Windows\System\vRAYWDK.exe
  C:\Windows\System\vRAYWDK.exe
  2⤵
  PID:7420
- C:\Windows\System\WoHTjpC.exe
  C:\Windows\System\WoHTjpC.exe
  2⤵
  PID:7440
- C:\Windows\System\VFukRYz.exe
  C:\Windows\System\VFukRYz.exe
  2⤵
  PID:7460
- C:\Windows\System\csEnEtw.exe
  C:\Windows\System\csEnEtw.exe
  2⤵
  PID:7480
- C:\Windows\System\hGREozW.exe
  C:\Windows\System\hGREozW.exe
  2⤵
  PID:7500
- C:\Windows\System\dANWsQj.exe
  C:\Windows\System\dANWsQj.exe
  2⤵
  PID:7520
- C:\Windows\System\EOgiETg.exe
  C:\Windows\System\EOgiETg.exe
  2⤵
  PID:7540
- C:\Windows\System\EmtWZFU.exe
  C:\Windows\System\EmtWZFU.exe
  2⤵
  PID:7560
- C:\Windows\System\JFxuvnC.exe
  C:\Windows\System\JFxuvnC.exe
  2⤵
  PID:7580
- C:\Windows\System\ewSUEUx.exe
  C:\Windows\System\ewSUEUx.exe
  2⤵
  PID:7600
- C:\Windows\System\nRCzltX.exe
  C:\Windows\System\nRCzltX.exe
  2⤵
  PID:7624
- C:\Windows\System\gowDgbz.exe
  C:\Windows\System\gowDgbz.exe
  2⤵
  PID:7644
- C:\Windows\System\IkAkMTG.exe
  C:\Windows\System\IkAkMTG.exe
  2⤵
  PID:7664
- C:\Windows\System\eaLESBm.exe
  C:\Windows\System\eaLESBm.exe
  2⤵
  PID:7684
- C:\Windows\System\wpMBumd.exe
  C:\Windows\System\wpMBumd.exe
  2⤵
  PID:7704
- C:\Windows\System\IbXmHXp.exe
  C:\Windows\System\IbXmHXp.exe
  2⤵
  PID:7728
- C:\Windows\System\YQHIqyO.exe
  C:\Windows\System\YQHIqyO.exe
  2⤵
  PID:7752
- C:\Windows\System\FREYJMz.exe
  C:\Windows\System\FREYJMz.exe
  2⤵
  PID:7772
- C:\Windows\System\psARhwA.exe
  C:\Windows\System\psARhwA.exe
  2⤵
  PID:7788
- C:\Windows\System\xirCYMo.exe
  C:\Windows\System\xirCYMo.exe
  2⤵
  PID:7812
- C:\Windows\System\cFWnvSk.exe
  C:\Windows\System\cFWnvSk.exe
  2⤵
  PID:7828
- C:\Windows\System\TSwWBLu.exe
  C:\Windows\System\TSwWBLu.exe
  2⤵
  PID:7848
- C:\Windows\System\sCcveeJ.exe
  C:\Windows\System\sCcveeJ.exe
  2⤵
  PID:7872
- C:\Windows\System\PnnpDBB.exe
  C:\Windows\System\PnnpDBB.exe
  2⤵
  PID:7892
- C:\Windows\System\MtwJabh.exe
  C:\Windows\System\MtwJabh.exe
  2⤵
  PID:7912
- C:\Windows\System\nwQWuoe.exe
  C:\Windows\System\nwQWuoe.exe
  2⤵
  PID:7928
- C:\Windows\System\LuCsCCC.exe
  C:\Windows\System\LuCsCCC.exe
  2⤵
  PID:7952
- C:\Windows\System\RBYiWDF.exe
  C:\Windows\System\RBYiWDF.exe
  2⤵
  PID:7972
- C:\Windows\System\iCavYuW.exe
  C:\Windows\System\iCavYuW.exe
  2⤵
  PID:7992
- C:\Windows\System\LCAAOwg.exe
  C:\Windows\System\LCAAOwg.exe
  2⤵
  PID:8012
- C:\Windows\System\thSiZXv.exe
  C:\Windows\System\thSiZXv.exe
  2⤵
  PID:8028
- C:\Windows\System\oWlssxM.exe
  C:\Windows\System\oWlssxM.exe
  2⤵
  PID:8048
- C:\Windows\System\WNCodnp.exe
  C:\Windows\System\WNCodnp.exe
  2⤵
  PID:8068
- C:\Windows\System\ERasrAi.exe
  C:\Windows\System\ERasrAi.exe
  2⤵
  PID:8092
- C:\Windows\System\tKPRcrD.exe
  C:\Windows\System\tKPRcrD.exe
  2⤵
  PID:8112
- C:\Windows\System\GWOsWST.exe
  C:\Windows\System\GWOsWST.exe
  2⤵
  PID:8128
- C:\Windows\System\xxuregT.exe
  C:\Windows\System\xxuregT.exe
  2⤵
  PID:8152
- C:\Windows\System\djijySA.exe
  C:\Windows\System\djijySA.exe
  2⤵
  PID:8172
- C:\Windows\System\JCrIuXT.exe
  C:\Windows\System\JCrIuXT.exe
  2⤵
  PID:5292
- C:\Windows\System\NBFzTNt.exe
  C:\Windows\System\NBFzTNt.exe
  2⤵
  PID:5356
- C:\Windows\System\qBvwqjr.exe
  C:\Windows\System\qBvwqjr.exe
  2⤵
  PID:6348
- C:\Windows\System\aCsHMEp.exe
  C:\Windows\System\aCsHMEp.exe
  2⤵
  PID:2848
- C:\Windows\System\fkdUqUT.exe
  C:\Windows\System\fkdUqUT.exe
  2⤵
  PID:6628
- C:\Windows\System\ccBuNdH.exe
  C:\Windows\System\ccBuNdH.exe
  2⤵
  PID:6548
- C:\Windows\System\UFAgpPT.exe
  C:\Windows\System\UFAgpPT.exe
  2⤵
  PID:6668
- C:\Windows\System\onXcAJM.exe
  C:\Windows\System\onXcAJM.exe
  2⤵
  PID:6864
- C:\Windows\System\nJHEdBI.exe
  C:\Windows\System\nJHEdBI.exe
  2⤵
  PID:7088
- C:\Windows\System\aMlpJWP.exe
  C:\Windows\System\aMlpJWP.exe
  2⤵
  PID:5864
- C:\Windows\System\WGefGVW.exe
  C:\Windows\System\WGefGVW.exe
  2⤵
  PID:5828
- C:\Windows\System\vjEfuNo.exe
  C:\Windows\System\vjEfuNo.exe
  2⤵
  PID:7212
- C:\Windows\System\CBIjzek.exe
  C:\Windows\System\CBIjzek.exe
  2⤵
  PID:7224
- C:\Windows\System\ZOYbVMa.exe
  C:\Windows\System\ZOYbVMa.exe
  2⤵
  PID:7288
- C:\Windows\System\gqoIriS.exe
  C:\Windows\System\gqoIriS.exe
  2⤵
  PID:7316
- C:\Windows\System\FnCTEgg.exe
  C:\Windows\System\FnCTEgg.exe
  2⤵
  PID:7332
- C:\Windows\System\DOdlIuO.exe
  C:\Windows\System\DOdlIuO.exe
  2⤵
  PID:7376
- C:\Windows\System\PkhrggU.exe
  C:\Windows\System\PkhrggU.exe
  2⤵
  PID:7396
- C:\Windows\System\UpzQALa.exe
  C:\Windows\System\UpzQALa.exe
  2⤵
  PID:7428
- C:\Windows\System\dhmUrTg.exe
  C:\Windows\System\dhmUrTg.exe
  2⤵
  PID:7468
- C:\Windows\System\shgqMgk.exe
  C:\Windows\System\shgqMgk.exe
  2⤵
  PID:7536
- C:\Windows\System\poapMoa.exe
  C:\Windows\System\poapMoa.exe
  2⤵
  PID:7512
- C:\Windows\System\YiZpYEA.exe
  C:\Windows\System\YiZpYEA.exe
  2⤵
  PID:7576
- C:\Windows\System\tAqfRQH.exe
  C:\Windows\System\tAqfRQH.exe
  2⤵
  PID:7596
- C:\Windows\System\DgwwQuY.exe
  C:\Windows\System\DgwwQuY.exe
  2⤵
  PID:7640
- C:\Windows\System\QrEzhnA.exe
  C:\Windows\System\QrEzhnA.exe
  2⤵
  PID:7700
- C:\Windows\System\WbRWhPl.exe
  C:\Windows\System\WbRWhPl.exe
  2⤵
  PID:7748
- C:\Windows\System\QnAObxk.exe
  C:\Windows\System\QnAObxk.exe
  2⤵
  PID:7780
- C:\Windows\System\tvwcuBT.exe
  C:\Windows\System\tvwcuBT.exe
  2⤵
  PID:7796
- C:\Windows\System\ikWwRnI.exe
  C:\Windows\System\ikWwRnI.exe
  2⤵
  PID:7808
- C:\Windows\System\NvTxKlP.exe
  C:\Windows\System\NvTxKlP.exe
  2⤵
  PID:7840
- C:\Windows\System\UPaNyOs.exe
  C:\Windows\System\UPaNyOs.exe
  2⤵
  PID:7936
- C:\Windows\System\TnpLQJD.exe
  C:\Windows\System\TnpLQJD.exe
  2⤵
  PID:7944
- C:\Windows\System\xwROftc.exe
  C:\Windows\System\xwROftc.exe
  2⤵
  PID:7968
- C:\Windows\System\vIKszJc.exe
  C:\Windows\System\vIKszJc.exe
  2⤵
  PID:8008
- C:\Windows\System\JHyFicO.exe
  C:\Windows\System\JHyFicO.exe
  2⤵
  PID:8060
- C:\Windows\System\RzWkrbt.exe
  C:\Windows\System\RzWkrbt.exe
  2⤵
  PID:8040
- C:\Windows\System\bMPVfvk.exe
  C:\Windows\System\bMPVfvk.exe
  2⤵
  PID:8084
- C:\Windows\System\clUOwGN.exe
  C:\Windows\System\clUOwGN.exe
  2⤵
  PID:8136
- C:\Windows\System\gjvBhLh.exe
  C:\Windows\System\gjvBhLh.exe
  2⤵
  PID:8124
- C:\Windows\System\JzhFJsk.exe
  C:\Windows\System\JzhFJsk.exe
  2⤵
  PID:8168
- C:\Windows\System\KvlSXHn.exe
  C:\Windows\System\KvlSXHn.exe
  2⤵
  PID:6264
- C:\Windows\System\vVlfYds.exe
  C:\Windows\System\vVlfYds.exe
  2⤵
  PID:6432
- C:\Windows\System\eqlpCPb.exe
  C:\Windows\System\eqlpCPb.exe
  2⤵
  PID:6252
- C:\Windows\System\CenYCJV.exe
  C:\Windows\System\CenYCJV.exe
  2⤵
  PID:2672
- C:\Windows\System\Vhmelac.exe
  C:\Windows\System\Vhmelac.exe
  2⤵
  PID:6996
- C:\Windows\System\LZnWXUj.exe
  C:\Windows\System\LZnWXUj.exe
  2⤵
  PID:6232
- C:\Windows\System\ebuHPBa.exe
  C:\Windows\System\ebuHPBa.exe
  2⤵
  PID:7248
- C:\Windows\System\SeziAbO.exe
  C:\Windows\System\SeziAbO.exe
  2⤵
  PID:7192
- C:\Windows\System\TjZaaom.exe
  C:\Windows\System\TjZaaom.exe
  2⤵
  PID:7268
- C:\Windows\System\yaZUkrN.exe
  C:\Windows\System\yaZUkrN.exe
  2⤵
  PID:7368
- C:\Windows\System\BGdGPQt.exe
  C:\Windows\System\BGdGPQt.exe
  2⤵
  PID:7328
- C:\Windows\System\YJxMNhl.exe
  C:\Windows\System\YJxMNhl.exe
  2⤵
  PID:1372
- C:\Windows\System\lIYllWA.exe
  C:\Windows\System\lIYllWA.exe
  2⤵
  PID:7496
- C:\Windows\System\YaAnkXZ.exe
  C:\Windows\System\YaAnkXZ.exe
  2⤵
  PID:7556
- C:\Windows\System\KquJtuU.exe
  C:\Windows\System\KquJtuU.exe
  2⤵
  PID:7660
- C:\Windows\System\WnTxfaw.exe
  C:\Windows\System\WnTxfaw.exe
  2⤵
  PID:7672
- C:\Windows\System\LUQNoVe.exe
  C:\Windows\System\LUQNoVe.exe
  2⤵
  PID:7784
- C:\Windows\System\ThXmlnQ.exe
  C:\Windows\System\ThXmlnQ.exe
  2⤵
  PID:7856
- C:\Windows\System\inEmUou.exe
  C:\Windows\System\inEmUou.exe
  2⤵
  PID:7860
- C:\Windows\System\SdatvSS.exe
  C:\Windows\System\SdatvSS.exe
  2⤵
  PID:4988
- C:\Windows\System\JmFYJKK.exe
  C:\Windows\System\JmFYJKK.exe
  2⤵
  PID:5952
- C:\Windows\System\xBgdNny.exe
  C:\Windows\System\xBgdNny.exe
  2⤵
  PID:1612
- C:\Windows\System\ucLsBtG.exe
  C:\Windows\System\ucLsBtG.exe
  2⤵
  PID:1640
- C:\Windows\System\YvYjPpg.exe
  C:\Windows\System\YvYjPpg.exe
  2⤵
  PID:2516
- C:\Windows\System\xlrLRIN.exe
  C:\Windows\System\xlrLRIN.exe
  2⤵
  PID:2160
- C:\Windows\System\hOFKAXr.exe
  C:\Windows\System\hOFKAXr.exe
  2⤵
  PID:3008
- C:\Windows\System\HqrIBrN.exe
  C:\Windows\System\HqrIBrN.exe
  2⤵
  PID:8188
- C:\Windows\System\pBVavlW.exe
  C:\Windows\System\pBVavlW.exe
  2⤵
  PID:1396
- C:\Windows\System\fcntdtw.exe
  C:\Windows\System\fcntdtw.exe
  2⤵
  PID:6528
- C:\Windows\System\PkmrglV.exe
  C:\Windows\System\PkmrglV.exe
  2⤵
  PID:7188
- C:\Windows\System\PuVVtRi.exe
  C:\Windows\System\PuVVtRi.exe
  2⤵
  PID:7408
- C:\Windows\System\KVKkbDS.exe
  C:\Windows\System\KVKkbDS.exe
  2⤵
  PID:7436
- C:\Windows\System\cZccdCD.exe
  C:\Windows\System\cZccdCD.exe
  2⤵
  PID:7492
- C:\Windows\System\kdIPEUM.exe
  C:\Windows\System\kdIPEUM.exe
  2⤵
  PID:1796
- C:\Windows\System\wYtWAdl.exe
  C:\Windows\System\wYtWAdl.exe
  2⤵
  PID:6828
- C:\Windows\System\pjtBCJz.exe
  C:\Windows\System\pjtBCJz.exe
  2⤵
  PID:1652
- C:\Windows\System\CKRCccd.exe
  C:\Windows\System\CKRCccd.exe
  2⤵
  PID:3580
- C:\Windows\System\ENhxoUG.exe
  C:\Windows\System\ENhxoUG.exe
  2⤵
  PID:7252
- C:\Windows\System\sCHRuiA.exe
  C:\Windows\System\sCHRuiA.exe
  2⤵
  PID:876
- C:\Windows\System\FeNbrAF.exe
  C:\Windows\System\FeNbrAF.exe
  2⤵
  PID:780
- C:\Windows\System\guyImNN.exe
  C:\Windows\System\guyImNN.exe
  2⤵
  PID:3060
- C:\Windows\System\mnVvgEk.exe
  C:\Windows\System\mnVvgEk.exe
  2⤵
  PID:7712
- C:\Windows\System\eFWMeaD.exe
  C:\Windows\System\eFWMeaD.exe
  2⤵
  PID:7824
- C:\Windows\System\QzyLvHI.exe
  C:\Windows\System\QzyLvHI.exe
  2⤵
  PID:2616
- C:\Windows\System\ERVOray.exe
  C:\Windows\System\ERVOray.exe
  2⤵
  PID:8020
- C:\Windows\System\wXpNHga.exe
  C:\Windows\System\wXpNHga.exe
  2⤵
  PID:8000
- C:\Windows\System\JlVGmUV.exe
  C:\Windows\System\JlVGmUV.exe
  2⤵
  PID:1692
- C:\Windows\System\mQwDJkp.exe
  C:\Windows\System\mQwDJkp.exe
  2⤵
  PID:8180
- C:\Windows\System\DlUaRFX.exe
  C:\Windows\System\DlUaRFX.exe
  2⤵
  PID:7272
- C:\Windows\System\ODCigLE.exe
  C:\Windows\System\ODCigLE.exe
  2⤵
  PID:8108
- C:\Windows\System\xRmGhCh.exe
  C:\Windows\System\xRmGhCh.exe
  2⤵
  PID:6364
- C:\Windows\System\TqxUUyY.exe
  C:\Windows\System\TqxUUyY.exe
  2⤵
  PID:7980
- C:\Windows\System\HxTAaGJ.exe
  C:\Windows\System\HxTAaGJ.exe
  2⤵
  PID:1628
- C:\Windows\System\GLGNTVA.exe
  C:\Windows\System\GLGNTVA.exe
  2⤵
  PID:7032
- C:\Windows\System\MrTnFVa.exe
  C:\Windows\System\MrTnFVa.exe
  2⤵
  PID:2924
- C:\Windows\System\ewOhaEy.exe
  C:\Windows\System\ewOhaEy.exe
  2⤵
  PID:7276
- C:\Windows\System\DZySAbv.exe
  C:\Windows\System\DZySAbv.exe
  2⤵
  PID:2728
- C:\Windows\System\nlaWfze.exe
  C:\Windows\System\nlaWfze.exe
  2⤵
  PID:6464
- C:\Windows\System\AtQmuFW.exe
  C:\Windows\System\AtQmuFW.exe
  2⤵
  PID:2676
- C:\Windows\System\urhzYQw.exe
  C:\Windows\System\urhzYQw.exe
  2⤵
  PID:5104
- C:\Windows\System\YXxBrPd.exe
  C:\Windows\System\YXxBrPd.exe
  2⤵
  PID:2368
- C:\Windows\System\YacimXW.exe
  C:\Windows\System\YacimXW.exe
  2⤵
  PID:1124
- C:\Windows\System\HavawZp.exe
  C:\Windows\System\HavawZp.exe
  2⤵
  PID:7716
- C:\Windows\System\SpOmbhi.exe
  C:\Windows\System\SpOmbhi.exe
  2⤵
  PID:2232
- C:\Windows\System\cwwXgEo.exe
  C:\Windows\System\cwwXgEo.exe
  2⤵
  PID:7864
- C:\Windows\System\YHSFmMu.exe
  C:\Windows\System\YHSFmMu.exe
  2⤵
  PID:8148
- C:\Windows\System\eXqvpny.exe
  C:\Windows\System\eXqvpny.exe
  2⤵
  PID:1340
- C:\Windows\System\itOCQui.exe
  C:\Windows\System\itOCQui.exe
  2⤵
  PID:7516
- C:\Windows\System\fhVIWNB.exe
  C:\Windows\System\fhVIWNB.exe
  2⤵
  PID:2636
- C:\Windows\System\vMpVRbu.exe
  C:\Windows\System\vMpVRbu.exe
  2⤵
  PID:7888
- C:\Windows\System\LlTmlWP.exe
  C:\Windows\System\LlTmlWP.exe
  2⤵
  PID:7680
- C:\Windows\System\UigysVy.exe
  C:\Windows\System\UigysVy.exe
  2⤵
  PID:7528
- C:\Windows\System\rSMbCsX.exe
  C:\Windows\System\rSMbCsX.exe
  2⤵
  PID:8204
- C:\Windows\System\RwYmCHd.exe
  C:\Windows\System\RwYmCHd.exe
  2⤵
  PID:8220
- C:\Windows\System\cxjyuKc.exe
  C:\Windows\System\cxjyuKc.exe
  2⤵
  PID:8236
- C:\Windows\System\bZrzjbG.exe
  C:\Windows\System\bZrzjbG.exe
  2⤵
  PID:8252
- C:\Windows\System\vQHTXpN.exe
  C:\Windows\System\vQHTXpN.exe
  2⤵
  PID:8268
- C:\Windows\System\ekDzWeE.exe
  C:\Windows\System\ekDzWeE.exe
  2⤵
  PID:8284
- C:\Windows\System\HhjkwfU.exe
  C:\Windows\System\HhjkwfU.exe
  2⤵
  PID:8360
- C:\Windows\System\jtRpLfJ.exe
  C:\Windows\System\jtRpLfJ.exe
  2⤵
  PID:8376
- C:\Windows\System\uNhOtAv.exe
  C:\Windows\System\uNhOtAv.exe
  2⤵
  PID:8392
- C:\Windows\System\rAXEQvE.exe
  C:\Windows\System\rAXEQvE.exe
  2⤵
  PID:8408
- C:\Windows\System\zBvnKCZ.exe
  C:\Windows\System\zBvnKCZ.exe
  2⤵
  PID:8428
- C:\Windows\System\lSwkjVC.exe
  C:\Windows\System\lSwkjVC.exe
  2⤵
  PID:8464
- C:\Windows\System\HQrjsXJ.exe
  C:\Windows\System\HQrjsXJ.exe
  2⤵
  PID:8480
- C:\Windows\System\KdMpzsA.exe
  C:\Windows\System\KdMpzsA.exe
  2⤵
  PID:8496
- C:\Windows\System\ynufszM.exe
  C:\Windows\System\ynufszM.exe
  2⤵
  PID:8520
- C:\Windows\System\ynCbuhU.exe
  C:\Windows\System\ynCbuhU.exe
  2⤵
  PID:8536
- C:\Windows\System\RQLjIBs.exe
  C:\Windows\System\RQLjIBs.exe
  2⤵
  PID:8552
- C:\Windows\System\CDrPVyU.exe
  C:\Windows\System\CDrPVyU.exe
  2⤵
  PID:8572
- C:\Windows\System\IPYSBHZ.exe
  C:\Windows\System\IPYSBHZ.exe
  2⤵
  PID:8588
- C:\Windows\System\UkQXVPy.exe
  C:\Windows\System\UkQXVPy.exe
  2⤵
  PID:8608
- C:\Windows\System\fdNzMJy.exe
  C:\Windows\System\fdNzMJy.exe
  2⤵
  PID:8644
- C:\Windows\System\hrKPtUa.exe
  C:\Windows\System\hrKPtUa.exe
  2⤵
  PID:8660
- C:\Windows\System\kyBdaIU.exe
  C:\Windows\System\kyBdaIU.exe
  2⤵
  PID:8676
- C:\Windows\System\BNelgOc.exe
  C:\Windows\System\BNelgOc.exe
  2⤵
  PID:8692
- C:\Windows\System\WhrbUMt.exe
  C:\Windows\System\WhrbUMt.exe
  2⤵
  PID:8708
- C:\Windows\System\kehLOTz.exe
  C:\Windows\System\kehLOTz.exe
  2⤵
  PID:8724
- C:\Windows\System\QJYKhCi.exe
  C:\Windows\System\QJYKhCi.exe
  2⤵
  PID:8744
- C:\Windows\System\xjZbKov.exe
  C:\Windows\System\xjZbKov.exe
  2⤵
  PID:8760
- C:\Windows\System\xLpIEZg.exe
  C:\Windows\System\xLpIEZg.exe
  2⤵
  PID:8776
- C:\Windows\System\rsgWXom.exe
  C:\Windows\System\rsgWXom.exe
  2⤵
  PID:8792
- C:\Windows\System\YMYeIvS.exe
  C:\Windows\System\YMYeIvS.exe
  2⤵
  PID:8808
- C:\Windows\System\rZyVbHS.exe
  C:\Windows\System\rZyVbHS.exe
  2⤵
  PID:8824
- C:\Windows\System\OXfOmcw.exe
  C:\Windows\System\OXfOmcw.exe
  2⤵
  PID:8844
- C:\Windows\System\nKnocOw.exe
  C:\Windows\System\nKnocOw.exe
  2⤵
  PID:8860
- C:\Windows\System\vlOVoDF.exe
  C:\Windows\System\vlOVoDF.exe
  2⤵
  PID:8932
- C:\Windows\System\SOgwplh.exe
  C:\Windows\System\SOgwplh.exe
  2⤵
  PID:8948
- C:\Windows\System\xtgVChz.exe
  C:\Windows\System\xtgVChz.exe
  2⤵
  PID:8964
- C:\Windows\System\BXvipGg.exe
  C:\Windows\System\BXvipGg.exe
  2⤵
  PID:8980
- C:\Windows\System\MNcVLzA.exe
  C:\Windows\System\MNcVLzA.exe
  2⤵
  PID:8996
- C:\Windows\System\SMUzdvh.exe
  C:\Windows\System\SMUzdvh.exe
  2⤵
  PID:9012
- C:\Windows\System\iWddjEZ.exe
  C:\Windows\System\iWddjEZ.exe
  2⤵
  PID:9032
- C:\Windows\System\JspobHV.exe
  C:\Windows\System\JspobHV.exe
  2⤵
  PID:9048
- C:\Windows\System\nnamVZF.exe
  C:\Windows\System\nnamVZF.exe
  2⤵
  PID:9064
- C:\Windows\System\vHRZtqG.exe
  C:\Windows\System\vHRZtqG.exe
  2⤵
  PID:9080
- C:\Windows\System\lsXysMH.exe
  C:\Windows\System\lsXysMH.exe
  2⤵
  PID:9096
- C:\Windows\System\GfKzKmX.exe
  C:\Windows\System\GfKzKmX.exe
  2⤵
  PID:9112
- C:\Windows\System\PcCsoWc.exe
  C:\Windows\System\PcCsoWc.exe
  2⤵
  PID:9128
- C:\Windows\System\RcEHSlX.exe
  C:\Windows\System\RcEHSlX.exe
  2⤵
  PID:9144
- C:\Windows\System\ZWnmmaO.exe
  C:\Windows\System\ZWnmmaO.exe
  2⤵
  PID:9160
- C:\Windows\System\KoZpjoN.exe
  C:\Windows\System\KoZpjoN.exe
  2⤵
  PID:9176
- C:\Windows\System\XfrcpNd.exe
  C:\Windows\System\XfrcpNd.exe
  2⤵
  PID:9192
- C:\Windows\System\UZIhxlc.exe
  C:\Windows\System\UZIhxlc.exe
  2⤵
  PID:9208
- C:\Windows\System\seawSrH.exe
  C:\Windows\System\seawSrH.exe
  2⤵
  PID:8212
- C:\Windows\System\lvGqBdr.exe
  C:\Windows\System\lvGqBdr.exe
  2⤵
  PID:8276
- C:\Windows\System\xDZFHeP.exe
  C:\Windows\System\xDZFHeP.exe
  2⤵
  PID:7148
- C:\Windows\System\bHVTDnc.exe
  C:\Windows\System\bHVTDnc.exe
  2⤵
  PID:7800
- C:\Windows\System\PopMADA.exe
  C:\Windows\System\PopMADA.exe
  2⤵
  PID:8312
- C:\Windows\System\jWnRAjm.exe
  C:\Windows\System\jWnRAjm.exe
  2⤵
  PID:8104
- C:\Windows\System\nwZVPVY.exe
  C:\Windows\System\nwZVPVY.exe
  2⤵
  PID:8232
- C:\Windows\System\zhPTxuJ.exe
  C:\Windows\System\zhPTxuJ.exe
  2⤵
  PID:8296
- C:\Windows\System\DAvdQnn.exe
  C:\Windows\System\DAvdQnn.exe
  2⤵
  PID:8320
- C:\Windows\System\ejdtOQX.exe
  C:\Windows\System\ejdtOQX.exe
  2⤵
  PID:8340
- C:\Windows\System\nCHgjvV.exe
  C:\Windows\System\nCHgjvV.exe
  2⤵
  PID:3000
- C:\Windows\System\upprpRB.exe
  C:\Windows\System\upprpRB.exe
  2⤵
  PID:8488
- C:\Windows\System\vVghZeC.exe
  C:\Windows\System\vVghZeC.exe
  2⤵
  PID:8532
- C:\Windows\System\PhXaQST.exe
  C:\Windows\System\PhXaQST.exe
  2⤵
  PID:8624
- C:\Windows\System\nyOzzam.exe
  C:\Windows\System\nyOzzam.exe
  2⤵
  PID:8640
- C:\Windows\System\McwRuhH.exe
  C:\Windows\System\McwRuhH.exe
  2⤵
  PID:8656
- C:\Windows\System\nDZgSzP.exe
  C:\Windows\System\nDZgSzP.exe
  2⤵
  PID:8720
- C:\Windows\System\gHskWzF.exe
  C:\Windows\System\gHskWzF.exe
  2⤵
  PID:8736
- C:\Windows\System\bVLCPwy.exe
  C:\Windows\System\bVLCPwy.exe
  2⤵
  PID:8756
- C:\Windows\System\ZPIRyJh.exe
  C:\Windows\System\ZPIRyJh.exe
  2⤵
  PID:8816
- C:\Windows\System\imisMcT.exe
  C:\Windows\System\imisMcT.exe
  2⤵
  PID:8788
- C:\Windows\System\VQSILyN.exe
  C:\Windows\System\VQSILyN.exe
  2⤵
  PID:8872
- C:\Windows\System\tCneHSr.exe
  C:\Windows\System\tCneHSr.exe
  2⤵
  PID:8888
- C:\Windows\System\uAOxvXT.exe
  C:\Windows\System\uAOxvXT.exe
  2⤵
  PID:8904
- C:\Windows\System\yYpRAPm.exe
  C:\Windows\System\yYpRAPm.exe
  2⤵
  PID:8920
- C:\Windows\System\HxUFzCl.exe
  C:\Windows\System\HxUFzCl.exe
  2⤵
  PID:8944
- C:\Windows\System\QXFJygz.exe
  C:\Windows\System\QXFJygz.exe
  2⤵
  PID:9020
- C:\Windows\System\CzFkzWH.exe
  C:\Windows\System\CzFkzWH.exe
  2⤵
  PID:8976
- C:\Windows\System\MrDIpvy.exe
  C:\Windows\System\MrDIpvy.exe
  2⤵
  PID:9044
- C:\Windows\System\lzUyElC.exe
  C:\Windows\System\lzUyElC.exe
  2⤵
  PID:9108
- C:\Windows\System\ladwmlb.exe
  C:\Windows\System\ladwmlb.exe
  2⤵
  PID:9172
- C:\Windows\System\WVmeyrb.exe
  C:\Windows\System\WVmeyrb.exe
  2⤵
  PID:9056
- C:\Windows\System\GDyjwwN.exe
  C:\Windows\System\GDyjwwN.exe
  2⤵
  PID:9120
- C:\Windows\System\bxybfVO.exe
  C:\Windows\System\bxybfVO.exe
  2⤵
  PID:9156
- C:\Windows\System\vbZHnjI.exe
  C:\Windows\System\vbZHnjI.exe
  2⤵
  PID:1880
- C:\Windows\System\wgbHbHB.exe
  C:\Windows\System\wgbHbHB.exe
  2⤵
  PID:2664
- C:\Windows\System\pRUzlgb.exe
  C:\Windows\System\pRUzlgb.exe
  2⤵
  PID:8332
- C:\Windows\System\CYtgFJM.exe
  C:\Windows\System\CYtgFJM.exe
  2⤵
  PID:2576
- C:\Windows\System\VSrXLNN.exe
  C:\Windows\System\VSrXLNN.exe
  2⤵
  PID:8328
- C:\Windows\System\ccsvGec.exe
  C:\Windows\System\ccsvGec.exe
  2⤵
  PID:8352
- C:\Windows\System\yylQrsx.exe
  C:\Windows\System\yylQrsx.exe
  2⤵
  PID:8372
- C:\Windows\System\HPYkcql.exe
  C:\Windows\System\HPYkcql.exe
  2⤵
  PID:8400
- C:\Windows\System\LXUeqHZ.exe
  C:\Windows\System\LXUeqHZ.exe
  2⤵
  PID:8444
- C:\Windows\System\VgJkmMP.exe
  C:\Windows\System\VgJkmMP.exe
  2⤵
  PID:8504
- C:\Windows\System\wbCoEJH.exe
  C:\Windows\System\wbCoEJH.exe
  2⤵
  PID:8548
- C:\Windows\System\uffEgvc.exe
  C:\Windows\System\uffEgvc.exe
  2⤵
  PID:8584
- C:\Windows\System\gdEeMGG.exe
  C:\Windows\System\gdEeMGG.exe
  2⤵
  PID:8604
- C:\Windows\System\ivtLkDb.exe
  C:\Windows\System\ivtLkDb.exe
  2⤵
  PID:8636
- C:\Windows\System\UypHIfJ.exe
  C:\Windows\System\UypHIfJ.exe
  2⤵
  PID:8704
- C:\Windows\System\hLpLkpm.exe
  C:\Windows\System\hLpLkpm.exe
  2⤵
  PID:8868
- C:\Windows\System\QqOmsKc.exe
  C:\Windows\System\QqOmsKc.exe
  2⤵
  PID:8688
- C:\Windows\System\ZbGoeVF.exe
  C:\Windows\System\ZbGoeVF.exe
  2⤵
  PID:8856
- C:\Windows\System\pfcNcdP.exe
  C:\Windows\System\pfcNcdP.exe
  2⤵
  PID:8916
- C:\Windows\System\qzMqviq.exe
  C:\Windows\System\qzMqviq.exe
  2⤵
  PID:8456
- C:\Windows\System\ZoGzjNJ.exe
  C:\Windows\System\ZoGzjNJ.exe
  2⤵
  PID:9104
- C:\Windows\System\yOkKXmm.exe
  C:\Windows\System\yOkKXmm.exe
  2⤵
  PID:8248
- C:\Windows\System\iIyHBeW.exe
  C:\Windows\System\iIyHBeW.exe
  2⤵
  PID:9168
- C:\Windows\System\rGjhKRK.exe
  C:\Windows\System\rGjhKRK.exe
  2⤵
  PID:7768
- C:\Windows\System\skMTbwI.exe
  C:\Windows\System\skMTbwI.exe
  2⤵
  PID:8912
- C:\Windows\System\YwASxbQ.exe
  C:\Windows\System\YwASxbQ.exe
  2⤵
  PID:8304
- C:\Windows\System\zmeIWrj.exe
  C:\Windows\System\zmeIWrj.exe
  2⤵
  PID:8200
- C:\Windows\System\CIPYzNe.exe
  C:\Windows\System\CIPYzNe.exe
  2⤵
  PID:8424
- C:\Windows\System\eQTLNRr.exe
  C:\Windows\System\eQTLNRr.exe
  2⤵
  PID:8436
- C:\Windows\System\tQyqTaK.exe
  C:\Windows\System\tQyqTaK.exe
  2⤵
  PID:8516
- C:\Windows\System\eUXJCev.exe
  C:\Windows\System\eUXJCev.exe
  2⤵
  PID:8568
- C:\Windows\System\xrJOPNz.exe
  C:\Windows\System\xrJOPNz.exe
  2⤵
  PID:8832
- C:\Windows\System\xlbTDvd.exe
  C:\Windows\System\xlbTDvd.exe
  2⤵
  PID:8900
- C:\Windows\System\BwVdBfU.exe
  C:\Windows\System\BwVdBfU.exe
  2⤵
  PID:8940
- C:\Windows\System\dAGmmDT.exe
  C:\Windows\System\dAGmmDT.exe
  2⤵
  PID:8992
- C:\Windows\System\dMKEbJn.exe
  C:\Windows\System\dMKEbJn.exe
  2⤵
  PID:8972
- C:\Windows\System\gIpUyVN.exe
  C:\Windows\System\gIpUyVN.exe
  2⤵
  PID:8044
- C:\Windows\System\HwYijad.exe
  C:\Windows\System\HwYijad.exe
  2⤵
  PID:8356
- C:\Windows\System\WokVxxb.exe
  C:\Windows\System\WokVxxb.exe
  2⤵
  PID:8600
- C:\Windows\System\SJtNkag.exe
  C:\Windows\System\SJtNkag.exe
  2⤵
  PID:8896
- C:\Windows\System\QzutxbU.exe
  C:\Windows\System\QzutxbU.exe
  2⤵
  PID:8388
- C:\Windows\System\AkEQxDk.exe
  C:\Windows\System\AkEQxDk.exe
  2⤵
  PID:9236
- C:\Windows\System\vPGPSVw.exe
  C:\Windows\System\vPGPSVw.exe
  2⤵
  PID:9336
- C:\Windows\System\rKOVWJa.exe
  C:\Windows\System\rKOVWJa.exe
  2⤵
  PID:9352
- C:\Windows\System\CgzRiHW.exe
  C:\Windows\System\CgzRiHW.exe
  2⤵
  PID:9368
- C:\Windows\System\znFpAzy.exe
  C:\Windows\System\znFpAzy.exe
  2⤵
  PID:9400
- C:\Windows\System\xKKbpFZ.exe
  C:\Windows\System\xKKbpFZ.exe
  2⤵
  PID:9428
- C:\Windows\System\rxhONlS.exe
  C:\Windows\System\rxhONlS.exe
  2⤵
  PID:9448
- C:\Windows\System\oTraGZA.exe
  C:\Windows\System\oTraGZA.exe
  2⤵
  PID:9472
- C:\Windows\System\KQouqCo.exe
  C:\Windows\System\KQouqCo.exe
  2⤵
  PID:9492
- C:\Windows\System\RDFqiCe.exe
  C:\Windows\System\RDFqiCe.exe
  2⤵
  PID:9512
- C:\Windows\System\lmEurds.exe
  C:\Windows\System\lmEurds.exe
  2⤵
  PID:9532
- C:\Windows\System\XPsdCfs.exe
  C:\Windows\System\XPsdCfs.exe
  2⤵
  PID:9548
- C:\Windows\System\eLupzRd.exe
  C:\Windows\System\eLupzRd.exe
  2⤵
  PID:9568
- C:\Windows\System\IxKlXCL.exe
  C:\Windows\System\IxKlXCL.exe
  2⤵
  PID:9592
- C:\Windows\System\bgGpVRt.exe
  C:\Windows\System\bgGpVRt.exe
  2⤵
  PID:9608
- C:\Windows\System\AOXZGaw.exe
  C:\Windows\System\AOXZGaw.exe
  2⤵
  PID:9628
- C:\Windows\System\JzJxfaq.exe
  C:\Windows\System\JzJxfaq.exe
  2⤵
  PID:9644
- C:\Windows\System\FNleVDf.exe
  C:\Windows\System\FNleVDf.exe
  2⤵
  PID:9660
- C:\Windows\System\zgQEiAF.exe
  C:\Windows\System\zgQEiAF.exe
  2⤵
  PID:9676
- C:\Windows\System\uWQviZR.exe
  C:\Windows\System\uWQviZR.exe
  2⤵
  PID:9692
- C:\Windows\System\aDvAowR.exe
  C:\Windows\System\aDvAowR.exe
  2⤵
  PID:9708
- C:\Windows\System\TQeGMrR.exe
  C:\Windows\System\TQeGMrR.exe
  2⤵
  PID:9724
- C:\Windows\System\GnsAcEh.exe
  C:\Windows\System\GnsAcEh.exe
  2⤵
  PID:9740
- C:\Windows\System\kGVcRRl.exe
  C:\Windows\System\kGVcRRl.exe
  2⤵
  PID:9756
- C:\Windows\System\sPmtYWF.exe
  C:\Windows\System\sPmtYWF.exe
  2⤵
  PID:9772
- C:\Windows\System\fkebIJw.exe
  C:\Windows\System\fkebIJw.exe
  2⤵
  PID:9788
- C:\Windows\System\TdgFvXt.exe
  C:\Windows\System\TdgFvXt.exe
  2⤵
  PID:9804
- C:\Windows\System\GejokhE.exe
  C:\Windows\System\GejokhE.exe
  2⤵
  PID:9820
- C:\Windows\System\BfvhiIC.exe
  C:\Windows\System\BfvhiIC.exe
  2⤵
  PID:9836
- C:\Windows\System\pHPPfIr.exe
  C:\Windows\System\pHPPfIr.exe
  2⤵
  PID:9852
- C:\Windows\System\PhxnQRn.exe
  C:\Windows\System\PhxnQRn.exe
  2⤵
  PID:9872
- C:\Windows\System\HPmAonB.exe
  C:\Windows\System\HPmAonB.exe
  2⤵
  PID:9888
- C:\Windows\System\APoDzDH.exe
  C:\Windows\System\APoDzDH.exe
  2⤵
  PID:9904
- C:\Windows\System\GgCTQvp.exe
  C:\Windows\System\GgCTQvp.exe
  2⤵
  PID:9920
- C:\Windows\System\XmTKlYl.exe
  C:\Windows\System\XmTKlYl.exe
  2⤵
  PID:9940
- C:\Windows\System\NUHUXyn.exe
  C:\Windows\System\NUHUXyn.exe
  2⤵
  PID:9956
- C:\Windows\System\UddUrQn.exe
  C:\Windows\System\UddUrQn.exe
  2⤵
  PID:9980
- C:\Windows\System\OQaYPZs.exe
  C:\Windows\System\OQaYPZs.exe
  2⤵
  PID:9996
- C:\Windows\System\aDhhpma.exe
  C:\Windows\System\aDhhpma.exe
  2⤵
  PID:10012
- C:\Windows\System\ngnqdcV.exe
  C:\Windows\System\ngnqdcV.exe
  2⤵
  PID:10028
- C:\Windows\System\AaQtiUz.exe
  C:\Windows\System\AaQtiUz.exe
  2⤵
  PID:10044
- C:\Windows\System\tbTCOUf.exe
  C:\Windows\System\tbTCOUf.exe
  2⤵
  PID:10064
- C:\Windows\System\lsuWetF.exe
  C:\Windows\System\lsuWetF.exe
  2⤵
  PID:10088
- C:\Windows\System\SNgIDvD.exe
  C:\Windows\System\SNgIDvD.exe
  2⤵
  PID:10112
- C:\Windows\System\yDuZxyv.exe
  C:\Windows\System\yDuZxyv.exe
  2⤵
  PID:10132
- C:\Windows\System\ZzEbLPq.exe
  C:\Windows\System\ZzEbLPq.exe
  2⤵
  PID:10148
- C:\Windows\System\kVRwBis.exe
  C:\Windows\System\kVRwBis.exe
  2⤵
  PID:10164
- C:\Windows\System\ExCJCNN.exe
  C:\Windows\System\ExCJCNN.exe
  2⤵
  PID:10180
- C:\Windows\System\DcoKBjo.exe
  C:\Windows\System\DcoKBjo.exe
  2⤵
  PID:10196
- C:\Windows\System\dOvSFpA.exe
  C:\Windows\System\dOvSFpA.exe
  2⤵
  PID:10212
- C:\Windows\System\QKdxYqg.exe
  C:\Windows\System\QKdxYqg.exe
  2⤵
  PID:10228
- C:\Windows\System\hWEuAsM.exe
  C:\Windows\System\hWEuAsM.exe
  2⤵
  PID:8852
- C:\Windows\System\MRGhFOU.exe
  C:\Windows\System\MRGhFOU.exe
  2⤵
  PID:8120
- C:\Windows\System\hvySmcH.exe
  C:\Windows\System\hvySmcH.exe
  2⤵
  PID:7352
- C:\Windows\System\iDtTnie.exe
  C:\Windows\System\iDtTnie.exe
  2⤵
  PID:392
- C:\Windows\System\oZzLmrs.exe
  C:\Windows\System\oZzLmrs.exe
  2⤵
  PID:9232
- C:\Windows\System\qxOfRcL.exe
  C:\Windows\System\qxOfRcL.exe
  2⤵
  PID:9304
- C:\Windows\System\vrdBmdN.exe
  C:\Windows\System\vrdBmdN.exe
  2⤵
  PID:9264
- C:\Windows\System\IbxqZbF.exe
  C:\Windows\System\IbxqZbF.exe
  2⤵
  PID:9280
- C:\Windows\System\woKUcGK.exe
  C:\Windows\System\woKUcGK.exe
  2⤵
  PID:9296
- C:\Windows\System\FYYExGy.exe
  C:\Windows\System\FYYExGy.exe
  2⤵
  PID:9316
- C:\Windows\System\yNoHrqX.exe
  C:\Windows\System\yNoHrqX.exe
  2⤵
  PID:9332
- C:\Windows\System\mTWisGD.exe
  C:\Windows\System\mTWisGD.exe
  2⤵
  PID:9384
- C:\Windows\System\oPwxfjF.exe
  C:\Windows\System\oPwxfjF.exe
  2⤵
  PID:9380
- C:\Windows\System\HWgOXSp.exe
  C:\Windows\System\HWgOXSp.exe
  2⤵
  PID:9416
- C:\Windows\System\zZoyRKq.exe
  C:\Windows\System\zZoyRKq.exe
  2⤵
  PID:9468
- C:\Windows\System\lezbIHe.exe
  C:\Windows\System\lezbIHe.exe
  2⤵
  PID:9484
- C:\Windows\System\ddUgvya.exe
  C:\Windows\System\ddUgvya.exe
  2⤵
  PID:9520
- C:\Windows\System\NtAgTQG.exe
  C:\Windows\System\NtAgTQG.exe
  2⤵
  PID:9544
- C:\Windows\System\yICZEap.exe
  C:\Windows\System\yICZEap.exe
  2⤵
  PID:9584
- C:\Windows\System\hLXkZFV.exe
  C:\Windows\System\hLXkZFV.exe
  2⤵
  PID:9604
- C:\Windows\System\oeZRFtU.exe
  C:\Windows\System\oeZRFtU.exe
  2⤵
  PID:9656
- C:\Windows\System\QNmYlPa.exe
  C:\Windows\System\QNmYlPa.exe
  2⤵
  PID:9716
- C:\Windows\System\kPdZOKI.exe
  C:\Windows\System\kPdZOKI.exe
  2⤵
  PID:9780
- C:\Windows\System\LJaQywj.exe
  C:\Windows\System\LJaQywj.exe
  2⤵
  PID:9640
- C:\Windows\System\QIyFgOg.exe
  C:\Windows\System\QIyFgOg.exe
  2⤵
  PID:9704
- C:\Windows\System\XZOTviw.exe
  C:\Windows\System\XZOTviw.exe
  2⤵
  PID:9848
- C:\Windows\System\QYikjxy.exe
  C:\Windows\System\QYikjxy.exe
  2⤵
  PID:9832
- C:\Windows\System\cDFyRbd.exe
  C:\Windows\System\cDFyRbd.exe
  2⤵
  PID:9896
- C:\Windows\System\zxskZPR.exe
  C:\Windows\System\zxskZPR.exe
  2⤵
  PID:9912
- C:\Windows\System\QzmjwOX.exe
  C:\Windows\System\QzmjwOX.exe
  2⤵
  PID:9948
- C:\Windows\System\ZHgEjcj.exe
  C:\Windows\System\ZHgEjcj.exe
  2⤵
  PID:9976
- C:\Windows\System\SPfYAnx.exe
  C:\Windows\System\SPfYAnx.exe
  2⤵
  PID:10040
- C:\Windows\System\rlbfkCq.exe
  C:\Windows\System\rlbfkCq.exe
  2⤵
  PID:10024
- C:\Windows\System\ETvFWIk.exe
  C:\Windows\System\ETvFWIk.exe
  2⤵
  PID:10072
- C:\Windows\System\alhwkJq.exe
  C:\Windows\System\alhwkJq.exe
  2⤵
  PID:10120
- C:\Windows\System\IRWlXUo.exe
  C:\Windows\System\IRWlXUo.exe
  2⤵
  PID:10192
- C:\Windows\System\bvfUSDX.exe
  C:\Windows\System\bvfUSDX.exe
  2⤵
  PID:10224
- C:\Windows\System\UCZwvWs.exe
  C:\Windows\System\UCZwvWs.exe
  2⤵
  PID:8668
- C:\Windows\System\xvhklUY.exe
  C:\Windows\System\xvhklUY.exe
  2⤵
  PID:9272
- C:\Windows\System\xmWkSwQ.exe
  C:\Windows\System\xmWkSwQ.exe
  2⤵
  PID:10104
- C:\Windows\System\fBJqLci.exe
  C:\Windows\System\fBJqLci.exe
  2⤵
  PID:10140
- C:\Windows\System\YEUiOVG.exe
  C:\Windows\System\YEUiOVG.exe
  2⤵
  PID:10204
- C:\Windows\System\PRtFHfO.exe
  C:\Windows\System\PRtFHfO.exe
  2⤵
  PID:8440
- C:\Windows\System\rbbWFyE.exe
  C:\Windows\System\rbbWFyE.exe
  2⤵
  PID:9288
- C:\Windows\System\SlgoyzZ.exe
  C:\Windows\System\SlgoyzZ.exe
  2⤵
  PID:9392
- C:\Windows\System\qpAbaTm.exe
  C:\Windows\System\qpAbaTm.exe
  2⤵
  PID:9480
- C:\Windows\System\IHzCazi.exe
  C:\Windows\System\IHzCazi.exe
  2⤵
  PID:9488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DuHKSaF.exe

Filesize
6.0MB

MD5
696c1806e2df81df937b1016af62a76b

SHA1
e0fcd6e4ad4f9e79b598fa94c1cf4fd2663ecc6c

SHA256
0cb6fc36a0d3077d46d842fb44a1770aa7eb23eb14f29031bf12f368d9c3a263

SHA512
e8e3bcb0d91a5abe3315fd99bfc8fed8ad07fedbe1567517f08edd7a94c8d6dc96948ea87fc1ba15929e841376c4e45293bbac8614e3abd15737f735057abae2

Download Submit
C:\Windows\system\FRYYwLK.exe

Filesize
6.0MB

MD5
a24b9c88dbc199520cec689e3a749d8b

SHA1
79112e988880d3dffff25500ac227d8869650c81

SHA256
c826ea883280fee41634b830fd995cd36b9a710718223c7b4216493bc886cfe4

SHA512
58ece3426d71fd3c00185afd6848c3d0d7383a6825106e05d063b35bd2fad48da319cf9607bd72a10687145ec65c475d70974a79d26e82f41200a7e16322017f

Download Submit
C:\Windows\system\GeWnyCV.exe

Filesize
6.0MB

MD5
07294ac8c9c76a70676ca3834c74d8e9

SHA1
9de206b39ae3a9aac0ac88747f36ff34e3c2fc13

SHA256
a925fbbb3e298abe3af02f9cd8f827c61805a7c347dd5315125e1cbd05aba518

SHA512
4e4c1fce9e1546855ae0c2b5b8f66318ec7b24df1569640caa6f417f50c166674827b22e99081aead874fddef470ce9a188d49d7f92f950d6e747bc88c079c5c

Download Submit
C:\Windows\system\JYogxso.exe

Filesize
6.0MB

MD5
a6ecf3be76c058b4c545385a3eee3c3e

SHA1
3cd9975d15e494e6544c7fd928b9a683a554e312

SHA256
77f5d6e5099296d762790d04a0538db8b9bc2de427aff5ac852eb6bfa799395e

SHA512
b52a0e29cd95afe54a98be708872a1080662716d9e37c1d1e04534e0d1b3c328f96ef9034712cdfe3a0cf54616a5079a4b3dfbc2c1239bc81e47d4512b6d0ab8

Download Submit
C:\Windows\system\JyqJYRl.exe

Filesize
6.0MB

MD5
0e35539148ed4f02e64dbff6b808722f

SHA1
38d4066eef4cd859566db581ee754a93da45a049

SHA256
0f49241c41cc09a5965bd519c5112d51779dd29a424f68a1e6350246fddc1c11

SHA512
ad1aaef3fc4688c15c76d3d8a8e233be94c244610a90728f4c7ee5356a754e2a455451d8957aec722286ce9c68fbf4fb323f9016258f4d430a823cc57b03cd76

Download Submit
C:\Windows\system\Kheqtxh.exe

Filesize
6.0MB

MD5
549744fe7a2e021ce9a053c7720287e6

SHA1
6ef28e0f641f3347b2f4d1f98d8487e209abd21e

SHA256
c900151626847b957edce0cdab774a0836da788197634002e5b021037bf04ccb

SHA512
f33f0136c4d7a7f4dd663074f4483efff6cf2099e3de2eb5ca05ba6fa35bacd916ec50577499ae84dfb58fa68b3d5a45a736ca47855fcd0f14f34168a59dddbc

Download Submit
C:\Windows\system\SRllUee.exe

Filesize
6.0MB

MD5
153aaa56116cf343890b8f0164041c58

SHA1
412c5b61a2726ddbb23a66b67ff5e405b04497af

SHA256
238e33d776a867f8c3256057aad4afbe415eab168e367effd9516898b03d80b8

SHA512
e1fbe41e94c6c5b16ad546ae74959b3beec4a286933da9c25a8a6a9207498ecb2ca29bcd3d28233b1059825bffe1a0362843abbe160e25a93b2a400874ead4e1

Download Submit
C:\Windows\system\STvBAug.exe

Filesize
6.0MB

MD5
58132e611241cf1de88b77b11c7bf9b1

SHA1
0d08e815a42832bdb82342f01783343ddfef5331

SHA256
0d27ac3ee4bb48bf188d17f1d95381f82885925b0f1f0e857e7499f53af84d70

SHA512
2193c5a5f2d3e3d708d0a81ce8293622a831c955237c24e2976116a1b54570bca5c272849ca2ef5d9d1b12fff6567fa391f4be56fe8d7fceaf657875fbf90a9a

Download Submit
C:\Windows\system\UUCYIKe.exe

Filesize
6.0MB

MD5
e90acea13b7ce18e0d416d72d379742e

SHA1
6452cff9d9174f4c1d1ec58077733934214c878a

SHA256
62cef098c245a6b67b21fa377ce436f6325a1a0f273b2576226a3dca7dc17e1d

SHA512
0899de9dc04626d85fffd833239930c5342b825d9e8915d07dea70d2e3d7771b80bde922d6b83516d2a5c789111b387c53aeeb8c0c0084e0e1520008fa465c32

Download Submit
C:\Windows\system\UujFOnZ.exe

Filesize
6.0MB

MD5
be9234536560f4bb6b6534d8d1707f22

SHA1
a924904ef8c1b091d4d716f26ef8f4c66948399a

SHA256
88dd232e0a4ec43faacb9b562ced23ed93bfe5fa1add3822ea9430504add6978

SHA512
5a78df99652e321981df6c885366a9226c3e7c28f174a4015f6779cd505815ca97044ff66646cebb98db8392b6e79bd2d8a628356df22b6871398d983042ea0d

Download Submit
C:\Windows\system\WrVlFqr.exe

Filesize
6.0MB

MD5
6b7e5bee84effacd8b73f0ae605837cb

SHA1
2b2b98985223739e0dc6137ff13cde8cfc2a67be

SHA256
3296a960504b12f8164823bb89b927f5d8f4b92e31666e1d9c0afc2d091aca15

SHA512
921e48a298b70cbbc5e9089bc3caee6bf08140ba08c1676a4f84dc12f02ff5816671392d3f2c9f8a75fbf53ec79bd19f06e727d76de679b59a61223d8251b0a8

Download Submit
C:\Windows\system\XCMSOfy.exe

Filesize
6.0MB

MD5
f806a2b447e50c7a80fa06ff092a9ed9

SHA1
afdb220b4b1d47dcdb1270398e71b9baeaa0cc39

SHA256
8e551e053e050be93b3acf8b0a10f5a00d04475ae9a1f89bc5753358e3fe40f2

SHA512
06b9c21fd86c65494134dc671d2328b72903ebab5c81740b74257dd081637e7b62f48dd28112e1f693204ef28e779b922fe0fe900750e391efb4ce25954c1728

Download Submit
C:\Windows\system\XcHHoxA.exe

Filesize
6.0MB

MD5
e679f20eba8a8de6f2e6432b43dc2ad0

SHA1
43db1d21cf225df627b0b534852bcf4cbe3d2ac0

SHA256
41c363db0bd5722d8c63487d641fbd84972f285df3640a9fe7a0791b6fb58c30

SHA512
c1b174721267a548244b90a80e3bc717c73d9b0323f883e6f068992100b04dfcbf94bc33e30a0de341bfa2e7678b91c221580f9fbaeee8471da0b4efc822ff5b

Download Submit
C:\Windows\system\eqqhrPF.exe

Filesize
6.0MB

MD5
2eed574099164637aa43e47db8a07bbc

SHA1
37bb7b2db504943f4577b6955414cfa435ebf0dd

SHA256
51d3dc5922b25de0bf0d890113e6455545bdeb146d22fcd706f9e45f2a2a7dcd

SHA512
859a3786d0680090fad86d205450c0b7f2be99830c6a9f82149cc7a30acd1977c1d5468c929013d29371a3bda5b9169b119b0f09b1cca67f2a58e64dce5b243e

Download Submit
C:\Windows\system\gjtMHAF.exe

Filesize
6.0MB

MD5
b4376485551c6cb9e5a31534cc9ad420

SHA1
c597644d616350d1094511682a4bf99024da1cc3

SHA256
f50287fdce8ada4c538e6b7defc30855d61aaaef61663aad224025e063564bf8

SHA512
d1146531b36a7ea0f8dc888a86e0d8fae0e87c14a0a612f8e9168ba79dcb3711a8c4a840cb4ebb268b7248a879ee5dbe58ef8928bbb560bba8e31e7f522222ac

Download Submit
C:\Windows\system\hvmrcOk.exe

Filesize
6.0MB

MD5
ca62d1c635143daa2d9bd3556a4c0265

SHA1
9fffdc6dc986c593b56abfa7340612d7aa663e98

SHA256
bc0ad3b111a2cea8200f959ce49dc74fa40da7e0c2f33f9218e02529331ec363

SHA512
1fafe35c6d1901aa088e9101fdc2f0a663e6eba7092264bf6f21ce1a5b7cd579c59d1185eb1baa42badaa45d2cd13c03d3cc0cff9ccad50b5ee2e10c8e95d937

Download Submit
C:\Windows\system\jlbtEtf.exe

Filesize
6.0MB

MD5
ef475c73309c5c0cfcfeb09cf332958e

SHA1
227c218c1022f8c87f509d2fcdf521cfedf22de2

SHA256
f24e690515395a433002722309e803bc375ad3c31404881dc12be26caf4c3fca

SHA512
f2ffb33fa400491743ad495f24a5d68f75cd53dd3b32c1a4b26f9ba7d53ba06fd37065e425fcb2efb03e14df28e6ec41acafbc3285acc7215652b2f59767c268

Download Submit
C:\Windows\system\kqyZVwL.exe

Filesize
6.0MB

MD5
279cb00142521b29e640493bdc885788

SHA1
4fe7b92c40efa18de9dcd8c172954ac9c1a5ce48

SHA256
b475cf984759dd4b1ad3382422e234fe058387096d09ba371f6f13c9305de457

SHA512
9d574e1b4af2af4e127b92f2905950cc1732ce4ae665683b9d0adf55b4ea407f8df514746776e912b963a854e9e6ec5dcdb68f85695e8970dca88dbfae249421

Download Submit
C:\Windows\system\nCdJoHv.exe

Filesize
6.0MB

MD5
7d43b49d80f6bbc80c1fb68920d33c23

SHA1
b5f505bda7f683b5f73d97fb2663129a9b2631ab

SHA256
ddc703d8ce17aadc984bf5531d864ab96317a28391c66c2bcea7ca37f1d7601d

SHA512
f7db04f0bfca9015d9f126c58717cb6475bff68d5a72232a84ce27771b1ad6031fbeaf59abfe9a6e555690083c4fb3d42a53c5ea71f3a08fdb1fa3bd9b83291d

Download Submit
C:\Windows\system\ndGHrCq.exe

Filesize
6.0MB

MD5
ee2e2ca62d419f3eb5a0481d2ba2d719

SHA1
e7b7c9d99bc2516fc1291a3313bb49fcb4ff7c60

SHA256
f2631817d26d738841f34b58671dec2b0772b232ac156fb31dcb5e3c1b507f2c

SHA512
b96348392403c8504ed9158338402c0035b8e1a476f45191517c59cad3eba9424cf0b398ece833a2dea32b40da74ac5cc54e1376ef76f9f3b7dff7ace38af3de

Download Submit
C:\Windows\system\oGQdLNe.exe

Filesize
6.0MB

MD5
3c8d3ca7cf2ae0f88d669cd629868fd3

SHA1
bd25f65670ed06a9a215ba04af45965bd63e9933

SHA256
00131af9d3690e34c0c23474ecda6d13556ba98c0b8471bf9b9eca577cdea2a2

SHA512
21eb968afd6c34b16155ad62ab04e6b3a902156a33c74e3c09354a1ef780e51276659830c86df4f2157ab85398343e2974471b5768c59476319601b6338e5362

Download Submit
C:\Windows\system\pCporgc.exe

Filesize
6.0MB

MD5
27d203fe89683b121602a7724df219e4

SHA1
4cd4838712ca02378059f2b0c17516f601767173

SHA256
012fc7d3105c9c6b326cbeb8014dbbbf6ff8a65b03d6b792feaef28d2d359b98

SHA512
8a064af768fa41dc621ea2fc706ca7eb780a253602b0d4a5aac96f7dc67600eacdd3e71daa27be1fef49c1311aa9bbccc5177bd4f1a0ea28798f0423cbaf201c

Download Submit
C:\Windows\system\qEnOxYw.exe

Filesize
6.0MB

MD5
a18118219d1e6408cf4995599fc5856e

SHA1
79bae54b67c692d6f5605d35c73e9491fb6609c3

SHA256
4683084ce0f9fba105bf5b9cdb1568adbc375376e424f35bb88b27dd98b31c01

SHA512
03c41691f4a2c2ad27a35d664293b998dd17b915bb78f92f3d1aca0fa82cddba0aa6743fb75400465dcabe1e0a1a73981f9e7d673a076264477c0b83921716ad

Download Submit
C:\Windows\system\sOTQwuo.exe

Filesize
6.0MB

MD5
67e456a4fa3c2891884bb2924d7eea39

SHA1
d5c26b96455a684be24bc68e2394bf51c0959837

SHA256
5b9f16d81a36adc399f6927fb8de21950a05e6ac2cccd9350e92ab710849ea4e

SHA512
e722f23089d4f4a51103c975be75cf14162b05dc9ab51b1c7ff820b421343d0d84ebe34a92c93b68d54acb729211665b75fe9acb429d4266b2e5df9fd5e3322b

Download Submit
C:\Windows\system\vrhVoTi.exe

Filesize
6.0MB

MD5
485af5c51719b4d61e9d16fa0214893f

SHA1
3e11980d4588e7ca4edce3edfaec79eaaf91e63b

SHA256
cb5d4af623d16168bc1fafdd2e0dee78000e5ebe497a4d62e0deb9a224c43542

SHA512
c1619450a6f7016ee0a6ad93cde1a908a6211d4a97405a5f08d2749a650cacff4daf735bbf6b516747ac9d5c5a9c96782145b9c2c8f7fb3dc7b5d1ae67c5aec1

Download Submit
C:\Windows\system\wHGnxcF.exe

Filesize
6.0MB

MD5
0bac337083e7b3b585635881e6ca15ea

SHA1
87542ac12f11f741cfe0ba8896025060b7cdcfc2

SHA256
f119ec7a870a6a8e35940ad2716a7d5ecab9069073f6018477727429556ee362

SHA512
e7c4fa4f3cfd2fac6f71e0a26be19833af70652fad008115705fd328a723b2916d8f34a20b4e9e7590d1ca624c0293d2b19966a99bfea3d2ae48d3da0fd68963

Download Submit
C:\Windows\system\xAqTEEQ.exe

Filesize
6.0MB

MD5
4309e503869ae8e0b288fcc7c59b411a

SHA1
19240677660a5365bc9d37f5a963eb833bdf4a46

SHA256
232a5f9966b584ab30135e50ab42f0cb22a10766208a60e8b4d02040150ecfa6

SHA512
2c07f581ac19148565cea025e07b302c2eb10cd811e2cd387a24398ff67dcef43786e48e130422e9514f88c4b9a4cc1853a06c9fd502ee18d15c9c5d9b56045b

Download Submit
\Windows\system\LtGxQIE.exe

Filesize
6.0MB

MD5
26f896a4e29555209f895c07c58054fe

SHA1
8a66a88fb573a55934eb08243066316637ce627c

SHA256
772dcfaf5a7519e7da003d9a996c120231c0fa2bcebae2f755ebe21ae661a9eb

SHA512
20b9743e5079afc0ba953b6e2da6844cd6fbfaa76bbd8c83d7ee2808a8eb6de283553c54ac9edb5bdc3d4fb724ddf08ea3fa165d09d8485d2b0c3c31e0d8c523

Download Submit
\Windows\system\PyeQOUD.exe

Filesize
6.0MB

MD5
f9de5e1deef3e63845966fd685b99d3c

SHA1
a87f6fafb64e99664f45cf3229256fd85e2cd000

SHA256
072e6f0c8bffb261cd749ee677b8e669ce32ab54f0d41beb375528538742ab89

SHA512
7cf51223ab1e3e01f06ee80c92f6084568f02d6d57025e93da666a6a6a2eac44a6d1c870f19d7f059ad885ca92e664f0384c5dfbe0d9d4f4e0e331d3975d28ec

Download Submit
\Windows\system\fKqpkCn.exe

Filesize
6.0MB

MD5
4863f5fe7efcaea2d188e21366f93bf6

SHA1
7b442013d414a3b10e314d08160f941e96aea4fd

SHA256
d40e7d4409c5a4cf016763518b2a957e4c2b9f2be55a19ab90ae78b37bf0d19d

SHA512
139569e45a6a952329ae6fcada986ba4a6b14de3aad037f4e583eca112369ddfe1c2b3b96886c15b408ab4937f9c00d16c4c5e1441aa6336f8965ea46c137a11

Download Submit
\Windows\system\mVQpmGQ.exe

Filesize
6.0MB

MD5
9cf3cd6093a0e38c433150d54bafd897

SHA1
af36a51925218241f048b41bd0ebe2b79ad9755c

SHA256
50bdd99eb2b159a44b3acbd3e08ab2dd257a9776248fc4a9cd9124c96f620f5f

SHA512
cbfb5d5875544b1594b09066217afebf7494ca0710078b096078bd0b1251764f568e093dea0cb1d5b00826e7d3391f56af68fbf98ad21682055d8274d1978454

Download Submit
\Windows\system\stxUzWU.exe

Filesize
6.0MB

MD5
660dd3db64e4fb4536e4a9c39c4c7de1

SHA1
2f76c23b63ab58a9c3e7a9e9e85874e03fe9dd34

SHA256
344d38e1a82440fe0b53a0a8808a4ef41ecb27bf65cc7d49c0454c77cdfcafd7

SHA512
1e0ed706237fa325c2c71f268f8b49268809ea727a78848c1a1c4907b966162ac8930ee0d50de05374cc4861237858a791a07a351288e460bba9a483f86a8c1b

Download Submit
\Windows\system\udRyOsC.exe

Filesize
6.0MB

MD5
32020abd1bd4a6a88f85fa710ecb3256

SHA1
16796c162488fafaee89e43eaa67c2f54e69fb45

SHA256
1d4683d491fe8520d40e8e9200d675767abfb4cfc8d79412c99f2a728446ba94

SHA512
bc9fde4a1f46ef0696eacd98ef079c975d891f9db7428087105481184e4bc62ab8c5ad30cbb7c7a37775b362c3be32cf604a8b6412166c2e0bbbdc4c0c670b2e

Download Submit
memory/1312-26-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1312-3869-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1316-93-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/1316-3854-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/1684-662-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-33-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1684-0-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-110-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1684-797-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1684-40-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-21-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-1320-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1684-92-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-91-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-90-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-48-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1684-86-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-81-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-69-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-922-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1684-42-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-49-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-64-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-50-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1684-56-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-3819-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2196-87-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2224-550-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-3882-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-70-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-3932-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2264-45-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2624-65-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3820-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2708-97-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1007-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3878-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3824-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2720-57-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2720-109-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3822-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2756-46-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3821-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2768-51-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2896-44-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2896-3826-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2916-3825-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2916-39-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2960-3938-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1008-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2960-98-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/3040-3823-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-47-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download