cobaltstrike | a43accf1d49209e0bc921235b3b6206285a8491ec6babb7f65f8adc6292dbc00

Analysis

max time kernel
150s
max time network
127s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 10:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ab4296e69089e796621d5be1048ec652
SHA1

4c3ba7ea9921073fc40c0b92abea0f87c0c4ec45
SHA256

a43accf1d49209e0bc921235b3b6206285a8491ec6babb7f65f8adc6292dbc00
SHA512

0c0ea25beb0f260fbb4574f00e8b59bf9901de15532fa06eebf5098a372ac0e55220132c6d770fbeaeeb385ec86596555cbcac92195eadaf87f9138982d03852
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU8:T+q56utgpPF8u/78

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0009000000016ace-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cf0-8.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b64-72.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019489-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948c-162.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-189.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-179.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019480-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019470-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c7-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a0-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b8-144.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f85-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019394-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019326-124.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018bbf-99.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b89-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b59-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b54-66.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018bd7-108.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018baf-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b71-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b28-53.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b50-58.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d3f-31.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ccc-21.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d1c-29.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0c-18.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1952-0-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/files/0x0009000000016ace-3.dat	xmrig
behavioral1/files/0x0008000000016cf0-8.dat	xmrig
behavioral1/memory/1952-40-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2244-55-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x0006000000018b64-72.dat	xmrig
behavioral1/files/0x000500000001932a-126.dat	xmrig
behavioral1/files/0x0005000000019490-169.dat	xmrig
behavioral1/files/0x0005000000019489-164.dat	xmrig
behavioral1/files/0x000500000001948c-162.dat	xmrig
behavioral1/files/0x00050000000194ef-186.dat	xmrig
behavioral1/memory/2256-405-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2140-2197-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2780-2196-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2844-2199-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2872-2198-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2728-2200-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/1408-2157-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/1064-2201-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/568-2202-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/1952-499-0x0000000002420000-0x0000000002774000-memory.dmp	xmrig
behavioral1/memory/568-452-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/files/0x000500000001950f-189.dat	xmrig
behavioral1/files/0x00050000000194a3-179.dat	xmrig
behavioral1/files/0x00050000000194eb-183.dat	xmrig
behavioral1/files/0x0005000000019480-156.dat	xmrig
behavioral1/files/0x0005000000019470-154.dat	xmrig
behavioral1/files/0x00050000000193c7-149.dat	xmrig
behavioral1/files/0x00050000000193a0-138.dat	xmrig
behavioral1/files/0x00050000000193b8-144.dat	xmrig
behavioral1/files/0x0006000000018f85-119.dat	xmrig
behavioral1/files/0x0005000000019394-131.dat	xmrig
behavioral1/files/0x0005000000019326-124.dat	xmrig
behavioral1/files/0x0006000000018bbf-99.dat	xmrig
behavioral1/memory/2872-91-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/1064-90-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2256-87-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/files/0x0006000000018b89-81.dat	xmrig
behavioral1/files/0x0006000000018b59-75.dat	xmrig
behavioral1/memory/2728-115-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/files/0x0006000000018b54-66.dat	xmrig
behavioral1/files/0x0006000000018bd7-108.dat	xmrig
behavioral1/memory/568-98-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2844-96-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x0006000000018baf-95.dat	xmrig
behavioral1/files/0x0006000000018b71-80.dat	xmrig
behavioral1/memory/2672-79-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018b28-53.dat	xmrig
behavioral1/memory/2728-50-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2812-49-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2596-63-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/1952-61-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/files/0x0006000000018b50-58.dat	xmrig
behavioral1/files/0x0009000000016d3f-31.dat	xmrig
behavioral1/memory/1952-24-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x0009000000016ccc-21.dat	xmrig
behavioral1/memory/2844-41-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2872-39-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-38.dat	xmrig
behavioral1/files/0x0007000000016d1c-29.dat	xmrig
behavioral1/memory/2140-28-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2780-20-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d0c-18.dat	xmrig
behavioral1/memory/1408-17-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1408	rUteHTh.exe
2780	JSCYGlt.exe
2140	DcIfuhC.exe
2872	eaJrCYD.exe
2844	kgyFeHL.exe
2812	nGUMppp.exe
2728	xzvrYHy.exe
2244	vkaCgmh.exe
2596	BBtlLtC.exe
2672	CJrMLVD.exe
2256	geIXMHs.exe
1064	zCYtEhX.exe
568	umeyGbz.exe
2372	QySoDPy.exe
2976	fWVaeok.exe
2944	fnAGhOf.exe
2920	dLdfKxZ.exe
2164	lcrniLW.exe
804	gexlCaM.exe
1072	CUOZLPP.exe
1360	QuWjDUT.exe
1924	iGDcluV.exe
2216	WngDFka.exe
2340	gKaQgWG.exe
2000	rJtqOJL.exe
2204	iUURKtz.exe
1248	vswUKpj.exe
1980	SeOQXhZ.exe
3024	XGsoOiE.exe
808	MFJOdWd.exe
1180	eTKkRUD.exe
1720	HItfWyB.exe
1152	fZZrYpr.exe
1264	DDWxprz.exe
2264	RBzSYzw.exe
764	lpKBRUj.exe
1808	dFwqecp.exe
3032	fdWLweT.exe
1712	zzTvFiO.exe
2012	GzvWdwS.exe
1132	tMCKbVJ.exe
836	gwqVdWq.exe
2468	StLmgCl.exe
2480	ncEUbhA.exe
2252	XKoqDMt.exe
1500	uTfVAmb.exe
1784	rgEGgLb.exe
884	SmGhAmt.exe
276	SqfSyAS.exe
2524	doZJYUd.exe
556	dRzDUsm.exe
1068	vjYHulG.exe
1724	SSefrSl.exe
2740	WXPoSYs.exe
2884	aldFBVO.exe
1716	SwPiDql.exe
2824	aCkztLn.exe
2576	nJpJixb.exe
2932	WgIXkAc.exe
852	iuGeCTG.exe
2608	znFigEb.exe
2592	xIkkFHf.exe
2236	FaUwGDk.exe
2452	hKdEQlo.exe

Loads dropped DLL 64 IoCs

pid	Process
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1952-0-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/files/0x0009000000016ace-3.dat	upx
behavioral1/files/0x0008000000016cf0-8.dat	upx
behavioral1/memory/2244-55-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x0006000000018b64-72.dat	upx
behavioral1/files/0x000500000001932a-126.dat	upx
behavioral1/files/0x0005000000019490-169.dat	upx
behavioral1/files/0x0005000000019489-164.dat	upx
behavioral1/files/0x000500000001948c-162.dat	upx
behavioral1/files/0x00050000000194ef-186.dat	upx
behavioral1/memory/2256-405-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2140-2197-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2780-2196-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2844-2199-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2872-2198-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2728-2200-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/1408-2157-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/1064-2201-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/568-2202-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/568-452-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/files/0x000500000001950f-189.dat	upx
behavioral1/files/0x00050000000194a3-179.dat	upx
behavioral1/files/0x00050000000194eb-183.dat	upx
behavioral1/files/0x0005000000019480-156.dat	upx
behavioral1/files/0x0005000000019470-154.dat	upx
behavioral1/files/0x00050000000193c7-149.dat	upx
behavioral1/files/0x00050000000193a0-138.dat	upx
behavioral1/files/0x00050000000193b8-144.dat	upx
behavioral1/files/0x0006000000018f85-119.dat	upx
behavioral1/files/0x0005000000019394-131.dat	upx
behavioral1/files/0x0005000000019326-124.dat	upx
behavioral1/files/0x0006000000018bbf-99.dat	upx
behavioral1/memory/2872-91-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/1064-90-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2256-87-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/files/0x0006000000018b89-81.dat	upx
behavioral1/files/0x0006000000018b59-75.dat	upx
behavioral1/memory/2728-115-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/files/0x0006000000018b54-66.dat	upx
behavioral1/files/0x0006000000018bd7-108.dat	upx
behavioral1/memory/568-98-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2844-96-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x0006000000018baf-95.dat	upx
behavioral1/files/0x0006000000018b71-80.dat	upx
behavioral1/memory/2672-79-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x0006000000018b28-53.dat	upx
behavioral1/memory/2728-50-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2812-49-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2596-63-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/1952-61-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/files/0x0006000000018b50-58.dat	upx
behavioral1/files/0x0009000000016d3f-31.dat	upx
behavioral1/files/0x0009000000016ccc-21.dat	upx
behavioral1/memory/2844-41-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2872-39-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x0002000000018334-38.dat	upx
behavioral1/files/0x0007000000016d1c-29.dat	upx
behavioral1/memory/2140-28-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2780-20-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x0007000000016d0c-18.dat	upx
behavioral1/memory/1408-17-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2596-2203-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2672-2206-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2244-2205-0x000000013F620000-0x000000013F974000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\RdIQsVr.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ahlVzIu.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uLGfIof.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NvXhLhO.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FcauOsR.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WWYnIFG.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yZltGXL.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lstEjMd.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZpCPIqn.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjaOAZg.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rSmOMXl.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\igZLLtt.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vmpuruc.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SsneCfM.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PbqQTck.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mjmIgnc.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVghEKS.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iTxovnP.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wroYxxy.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kZbxSiv.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UCVIoif.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ODXTIee.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fdWLweT.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMCKbVJ.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\skMZmbh.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ItfRGfy.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uczzcUh.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HkUoBeG.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fXAPDKh.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AoalGVt.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hZrKnGW.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IDutWHc.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkckTvq.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HHOvxur.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tCJBbXc.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dgMChHs.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FxwqPsF.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sIXNxpn.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CkcFfuZ.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HPLxTxP.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rKBQqyN.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KimhRpe.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TSOdKBG.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VUbDyfP.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hOCbiwq.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DvnNpOz.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aiBDsri.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JnvNIDj.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MLGRamr.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\csMJsvX.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pJwqjyz.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oDnkbel.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VZFAbfH.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eamFcMZ.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTnUQuX.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbhsPhy.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qkxyhfK.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nsgWmel.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ERqHmKw.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JyphvYr.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MDybyuj.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pSEnXog.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YmkiDxx.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xGHZQUx.exe	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 1408	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1952 wrote to memory of 1408	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1952 wrote to memory of 1408	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1952 wrote to memory of 2780	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1952 wrote to memory of 2780	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1952 wrote to memory of 2780	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1952 wrote to memory of 2140	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1952 wrote to memory of 2140	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1952 wrote to memory of 2140	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1952 wrote to memory of 2812	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1952 wrote to memory of 2812	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1952 wrote to memory of 2812	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1952 wrote to memory of 2872	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1952 wrote to memory of 2872	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1952 wrote to memory of 2872	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1952 wrote to memory of 2728	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1952 wrote to memory of 2728	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1952 wrote to memory of 2728	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1952 wrote to memory of 2844	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1952 wrote to memory of 2844	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1952 wrote to memory of 2844	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1952 wrote to memory of 2244	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1952 wrote to memory of 2244	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1952 wrote to memory of 2244	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1952 wrote to memory of 2596	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1952 wrote to memory of 2596	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1952 wrote to memory of 2596	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1952 wrote to memory of 2672	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1952 wrote to memory of 2672	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1952 wrote to memory of 2672	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1952 wrote to memory of 2256	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1952 wrote to memory of 2256	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1952 wrote to memory of 2256	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1952 wrote to memory of 2372	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1952 wrote to memory of 2372	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1952 wrote to memory of 2372	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1952 wrote to memory of 1064	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1952 wrote to memory of 1064	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1952 wrote to memory of 1064	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1952 wrote to memory of 2944	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1952 wrote to memory of 2944	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1952 wrote to memory of 2944	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1952 wrote to memory of 568	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1952 wrote to memory of 568	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1952 wrote to memory of 568	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1952 wrote to memory of 2920	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1952 wrote to memory of 2920	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1952 wrote to memory of 2920	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1952 wrote to memory of 2976	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1952 wrote to memory of 2976	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1952 wrote to memory of 2976	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1952 wrote to memory of 2164	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1952 wrote to memory of 2164	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1952 wrote to memory of 2164	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1952 wrote to memory of 804	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1952 wrote to memory of 804	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1952 wrote to memory of 804	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1952 wrote to memory of 1360	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1952 wrote to memory of 1360	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1952 wrote to memory of 1360	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1952 wrote to memory of 1072	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1952 wrote to memory of 1072	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1952 wrote to memory of 1072	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1952 wrote to memory of 1924	1952	2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_ab4296e69089e796621d5be1048ec652_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Windows\System\rUteHTh.exe
  C:\Windows\System\rUteHTh.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\JSCYGlt.exe
  C:\Windows\System\JSCYGlt.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\DcIfuhC.exe
  C:\Windows\System\DcIfuhC.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\nGUMppp.exe
  C:\Windows\System\nGUMppp.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\eaJrCYD.exe
  C:\Windows\System\eaJrCYD.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\xzvrYHy.exe
  C:\Windows\System\xzvrYHy.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\kgyFeHL.exe
  C:\Windows\System\kgyFeHL.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\vkaCgmh.exe
  C:\Windows\System\vkaCgmh.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\BBtlLtC.exe
  C:\Windows\System\BBtlLtC.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\CJrMLVD.exe
  C:\Windows\System\CJrMLVD.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\geIXMHs.exe
  C:\Windows\System\geIXMHs.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\QySoDPy.exe
  C:\Windows\System\QySoDPy.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\zCYtEhX.exe
  C:\Windows\System\zCYtEhX.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\fnAGhOf.exe
  C:\Windows\System\fnAGhOf.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\umeyGbz.exe
  C:\Windows\System\umeyGbz.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\dLdfKxZ.exe
  C:\Windows\System\dLdfKxZ.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\fWVaeok.exe
  C:\Windows\System\fWVaeok.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\lcrniLW.exe
  C:\Windows\System\lcrniLW.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\gexlCaM.exe
  C:\Windows\System\gexlCaM.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\QuWjDUT.exe
  C:\Windows\System\QuWjDUT.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\CUOZLPP.exe
  C:\Windows\System\CUOZLPP.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\iGDcluV.exe
  C:\Windows\System\iGDcluV.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\WngDFka.exe
  C:\Windows\System\WngDFka.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\gKaQgWG.exe
  C:\Windows\System\gKaQgWG.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\rJtqOJL.exe
  C:\Windows\System\rJtqOJL.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\SeOQXhZ.exe
  C:\Windows\System\SeOQXhZ.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\iUURKtz.exe
  C:\Windows\System\iUURKtz.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\XGsoOiE.exe
  C:\Windows\System\XGsoOiE.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\vswUKpj.exe
  C:\Windows\System\vswUKpj.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\MFJOdWd.exe
  C:\Windows\System\MFJOdWd.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\eTKkRUD.exe
  C:\Windows\System\eTKkRUD.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\fZZrYpr.exe
  C:\Windows\System\fZZrYpr.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\HItfWyB.exe
  C:\Windows\System\HItfWyB.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\DDWxprz.exe
  C:\Windows\System\DDWxprz.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\RBzSYzw.exe
  C:\Windows\System\RBzSYzw.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\lpKBRUj.exe
  C:\Windows\System\lpKBRUj.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\dFwqecp.exe
  C:\Windows\System\dFwqecp.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\fdWLweT.exe
  C:\Windows\System\fdWLweT.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\zzTvFiO.exe
  C:\Windows\System\zzTvFiO.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\GzvWdwS.exe
  C:\Windows\System\GzvWdwS.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\tMCKbVJ.exe
  C:\Windows\System\tMCKbVJ.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\gwqVdWq.exe
  C:\Windows\System\gwqVdWq.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\StLmgCl.exe
  C:\Windows\System\StLmgCl.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\ncEUbhA.exe
  C:\Windows\System\ncEUbhA.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\XKoqDMt.exe
  C:\Windows\System\XKoqDMt.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\uTfVAmb.exe
  C:\Windows\System\uTfVAmb.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\rgEGgLb.exe
  C:\Windows\System\rgEGgLb.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\SqfSyAS.exe
  C:\Windows\System\SqfSyAS.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\SmGhAmt.exe
  C:\Windows\System\SmGhAmt.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\dRzDUsm.exe
  C:\Windows\System\dRzDUsm.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\doZJYUd.exe
  C:\Windows\System\doZJYUd.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\vjYHulG.exe
  C:\Windows\System\vjYHulG.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\SSefrSl.exe
  C:\Windows\System\SSefrSl.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\aldFBVO.exe
  C:\Windows\System\aldFBVO.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\WXPoSYs.exe
  C:\Windows\System\WXPoSYs.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\SwPiDql.exe
  C:\Windows\System\SwPiDql.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\aCkztLn.exe
  C:\Windows\System\aCkztLn.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\znFigEb.exe
  C:\Windows\System\znFigEb.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\nJpJixb.exe
  C:\Windows\System\nJpJixb.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\xIkkFHf.exe
  C:\Windows\System\xIkkFHf.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\WgIXkAc.exe
  C:\Windows\System\WgIXkAc.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\FaUwGDk.exe
  C:\Windows\System\FaUwGDk.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\iuGeCTG.exe
  C:\Windows\System\iuGeCTG.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\AnQNdKl.exe
  C:\Windows\System\AnQNdKl.exe
  2⤵
  PID:2936
- C:\Windows\System\hKdEQlo.exe
  C:\Windows\System\hKdEQlo.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\bRnlqIS.exe
  C:\Windows\System\bRnlqIS.exe
  2⤵
  PID:896
- C:\Windows\System\OOMQclw.exe
  C:\Windows\System\OOMQclw.exe
  2⤵
  PID:2304
- C:\Windows\System\KWHnclW.exe
  C:\Windows\System\KWHnclW.exe
  2⤵
  PID:2052
- C:\Windows\System\xDXnrbs.exe
  C:\Windows\System\xDXnrbs.exe
  2⤵
  PID:848
- C:\Windows\System\GKUkouR.exe
  C:\Windows\System\GKUkouR.exe
  2⤵
  PID:3016
- C:\Windows\System\mWBJuNV.exe
  C:\Windows\System\mWBJuNV.exe
  2⤵
  PID:1168
- C:\Windows\System\Kogmfqn.exe
  C:\Windows\System\Kogmfqn.exe
  2⤵
  PID:288
- C:\Windows\System\pRhDTzf.exe
  C:\Windows\System\pRhDTzf.exe
  2⤵
  PID:2040
- C:\Windows\System\SsneCfM.exe
  C:\Windows\System\SsneCfM.exe
  2⤵
  PID:2108
- C:\Windows\System\WwPSKnv.exe
  C:\Windows\System\WwPSKnv.exe
  2⤵
  PID:1804
- C:\Windows\System\rwGHFrv.exe
  C:\Windows\System\rwGHFrv.exe
  2⤵
  PID:1708
- C:\Windows\System\xjQqlvJ.exe
  C:\Windows\System\xjQqlvJ.exe
  2⤵
  PID:1092
- C:\Windows\System\UmwavNb.exe
  C:\Windows\System\UmwavNb.exe
  2⤵
  PID:268
- C:\Windows\System\QnUlnFm.exe
  C:\Windows\System\QnUlnFm.exe
  2⤵
  PID:2424
- C:\Windows\System\auwaKWD.exe
  C:\Windows\System\auwaKWD.exe
  2⤵
  PID:2544
- C:\Windows\System\YfDGyDt.exe
  C:\Windows\System\YfDGyDt.exe
  2⤵
  PID:2148
- C:\Windows\System\KguLjye.exe
  C:\Windows\System\KguLjye.exe
  2⤵
  PID:2496
- C:\Windows\System\bYtlGEi.exe
  C:\Windows\System\bYtlGEi.exe
  2⤵
  PID:1748
- C:\Windows\System\hwFZbEZ.exe
  C:\Windows\System\hwFZbEZ.exe
  2⤵
  PID:1604
- C:\Windows\System\oThZfJe.exe
  C:\Windows\System\oThZfJe.exe
  2⤵
  PID:2796
- C:\Windows\System\uMmihrT.exe
  C:\Windows\System\uMmihrT.exe
  2⤵
  PID:2868
- C:\Windows\System\kyjGahU.exe
  C:\Windows\System\kyjGahU.exe
  2⤵
  PID:2240
- C:\Windows\System\unyDimX.exe
  C:\Windows\System\unyDimX.exe
  2⤵
  PID:2368
- C:\Windows\System\TFfzGZY.exe
  C:\Windows\System\TFfzGZY.exe
  2⤵
  PID:2260
- C:\Windows\System\yMJvSdr.exe
  C:\Windows\System\yMJvSdr.exe
  2⤵
  PID:2760
- C:\Windows\System\sZHFFyu.exe
  C:\Windows\System\sZHFFyu.exe
  2⤵
  PID:1920
- C:\Windows\System\iMDlwtV.exe
  C:\Windows\System\iMDlwtV.exe
  2⤵
  PID:2092
- C:\Windows\System\dLHcPDs.exe
  C:\Windows\System\dLHcPDs.exe
  2⤵
  PID:520
- C:\Windows\System\qlYxvoo.exe
  C:\Windows\System\qlYxvoo.exe
  2⤵
  PID:2508
- C:\Windows\System\DQypifM.exe
  C:\Windows\System\DQypifM.exe
  2⤵
  PID:1796
- C:\Windows\System\aMRZXyY.exe
  C:\Windows\System\aMRZXyY.exe
  2⤵
  PID:776
- C:\Windows\System\NyHOkgA.exe
  C:\Windows\System\NyHOkgA.exe
  2⤵
  PID:548
- C:\Windows\System\lbifnIw.exe
  C:\Windows\System\lbifnIw.exe
  2⤵
  PID:1532
- C:\Windows\System\klWaDeG.exe
  C:\Windows\System\klWaDeG.exe
  2⤵
  PID:2540
- C:\Windows\System\JCwphiU.exe
  C:\Windows\System\JCwphiU.exe
  2⤵
  PID:2116
- C:\Windows\System\XGyurEI.exe
  C:\Windows\System\XGyurEI.exe
  2⤵
  PID:2328
- C:\Windows\System\TgehxfV.exe
  C:\Windows\System\TgehxfV.exe
  2⤵
  PID:1480
- C:\Windows\System\LXcvdgR.exe
  C:\Windows\System\LXcvdgR.exe
  2⤵
  PID:3088
- C:\Windows\System\qYIPVWc.exe
  C:\Windows\System\qYIPVWc.exe
  2⤵
  PID:3112
- C:\Windows\System\jmGrGDr.exe
  C:\Windows\System\jmGrGDr.exe
  2⤵
  PID:3128
- C:\Windows\System\TfubTVZ.exe
  C:\Windows\System\TfubTVZ.exe
  2⤵
  PID:3148
- C:\Windows\System\DvnNpOz.exe
  C:\Windows\System\DvnNpOz.exe
  2⤵
  PID:3172
- C:\Windows\System\UJFpBlr.exe
  C:\Windows\System\UJFpBlr.exe
  2⤵
  PID:3188
- C:\Windows\System\qEbtewz.exe
  C:\Windows\System\qEbtewz.exe
  2⤵
  PID:3204
- C:\Windows\System\FdrEwdh.exe
  C:\Windows\System\FdrEwdh.exe
  2⤵
  PID:3220
- C:\Windows\System\dKgaGlk.exe
  C:\Windows\System\dKgaGlk.exe
  2⤵
  PID:3240
- C:\Windows\System\JnfhHpO.exe
  C:\Windows\System\JnfhHpO.exe
  2⤵
  PID:3256
- C:\Windows\System\XsbRpOl.exe
  C:\Windows\System\XsbRpOl.exe
  2⤵
  PID:3276
- C:\Windows\System\LTWleOy.exe
  C:\Windows\System\LTWleOy.exe
  2⤵
  PID:3292
- C:\Windows\System\OPoCJpQ.exe
  C:\Windows\System\OPoCJpQ.exe
  2⤵
  PID:3308
- C:\Windows\System\jFxmPCM.exe
  C:\Windows\System\jFxmPCM.exe
  2⤵
  PID:3324
- C:\Windows\System\ucHybVL.exe
  C:\Windows\System\ucHybVL.exe
  2⤵
  PID:3340
- C:\Windows\System\FcDwJgP.exe
  C:\Windows\System\FcDwJgP.exe
  2⤵
  PID:3424
- C:\Windows\System\hUKamRb.exe
  C:\Windows\System\hUKamRb.exe
  2⤵
  PID:3448
- C:\Windows\System\wsmIsJX.exe
  C:\Windows\System\wsmIsJX.exe
  2⤵
  PID:3468
- C:\Windows\System\whPrQvZ.exe
  C:\Windows\System\whPrQvZ.exe
  2⤵
  PID:3488
- C:\Windows\System\uVJuvQT.exe
  C:\Windows\System\uVJuvQT.exe
  2⤵
  PID:3508
- C:\Windows\System\kKRJYDV.exe
  C:\Windows\System\kKRJYDV.exe
  2⤵
  PID:3532
- C:\Windows\System\eQsknVl.exe
  C:\Windows\System\eQsknVl.exe
  2⤵
  PID:3552
- C:\Windows\System\douKSEh.exe
  C:\Windows\System\douKSEh.exe
  2⤵
  PID:3572
- C:\Windows\System\IAgpSYF.exe
  C:\Windows\System\IAgpSYF.exe
  2⤵
  PID:3592
- C:\Windows\System\fkUcfEr.exe
  C:\Windows\System\fkUcfEr.exe
  2⤵
  PID:3612
- C:\Windows\System\SpqjAPb.exe
  C:\Windows\System\SpqjAPb.exe
  2⤵
  PID:3632
- C:\Windows\System\DdRcrNJ.exe
  C:\Windows\System\DdRcrNJ.exe
  2⤵
  PID:3652
- C:\Windows\System\evDtSEg.exe
  C:\Windows\System\evDtSEg.exe
  2⤵
  PID:3672
- C:\Windows\System\hkyeRqy.exe
  C:\Windows\System\hkyeRqy.exe
  2⤵
  PID:3692
- C:\Windows\System\hYWLoMT.exe
  C:\Windows\System\hYWLoMT.exe
  2⤵
  PID:3708
- C:\Windows\System\HAfwdfq.exe
  C:\Windows\System\HAfwdfq.exe
  2⤵
  PID:3728
- C:\Windows\System\BOVbFtq.exe
  C:\Windows\System\BOVbFtq.exe
  2⤵
  PID:3748
- C:\Windows\System\sqmQVPO.exe
  C:\Windows\System\sqmQVPO.exe
  2⤵
  PID:3772
- C:\Windows\System\qjAiVfi.exe
  C:\Windows\System\qjAiVfi.exe
  2⤵
  PID:3792
- C:\Windows\System\Ryhcsgr.exe
  C:\Windows\System\Ryhcsgr.exe
  2⤵
  PID:3816
- C:\Windows\System\zLIklTG.exe
  C:\Windows\System\zLIklTG.exe
  2⤵
  PID:3836
- C:\Windows\System\JyphvYr.exe
  C:\Windows\System\JyphvYr.exe
  2⤵
  PID:3856
- C:\Windows\System\OfPfpmP.exe
  C:\Windows\System\OfPfpmP.exe
  2⤵
  PID:3872
- C:\Windows\System\JDbWNpX.exe
  C:\Windows\System\JDbWNpX.exe
  2⤵
  PID:3900
- C:\Windows\System\hPlgCzG.exe
  C:\Windows\System\hPlgCzG.exe
  2⤵
  PID:3920
- C:\Windows\System\aevqGhe.exe
  C:\Windows\System\aevqGhe.exe
  2⤵
  PID:3944
- C:\Windows\System\crdFjVZ.exe
  C:\Windows\System\crdFjVZ.exe
  2⤵
  PID:3964
- C:\Windows\System\pSxfwFd.exe
  C:\Windows\System\pSxfwFd.exe
  2⤵
  PID:3984
- C:\Windows\System\hkVEyPP.exe
  C:\Windows\System\hkVEyPP.exe
  2⤵
  PID:4004
- C:\Windows\System\khgJBoi.exe
  C:\Windows\System\khgJBoi.exe
  2⤵
  PID:4024
- C:\Windows\System\JHlZIXe.exe
  C:\Windows\System\JHlZIXe.exe
  2⤵
  PID:4044
- C:\Windows\System\oErgspa.exe
  C:\Windows\System\oErgspa.exe
  2⤵
  PID:4064
- C:\Windows\System\oYGSqUT.exe
  C:\Windows\System\oYGSqUT.exe
  2⤵
  PID:4084
- C:\Windows\System\yWXPtKh.exe
  C:\Windows\System\yWXPtKh.exe
  2⤵
  PID:2876
- C:\Windows\System\BgUPgDF.exe
  C:\Windows\System\BgUPgDF.exe
  2⤵
  PID:2120
- C:\Windows\System\vmyiElf.exe
  C:\Windows\System\vmyiElf.exe
  2⤵
  PID:1652
- C:\Windows\System\cxuuGGl.exe
  C:\Windows\System\cxuuGGl.exe
  2⤵
  PID:2692
- C:\Windows\System\AptpDYX.exe
  C:\Windows\System\AptpDYX.exe
  2⤵
  PID:2344
- C:\Windows\System\tnrcVzp.exe
  C:\Windows\System\tnrcVzp.exe
  2⤵
  PID:572
- C:\Windows\System\BlYBDKO.exe
  C:\Windows\System\BlYBDKO.exe
  2⤵
  PID:2484
- C:\Windows\System\rNbSrRz.exe
  C:\Windows\System\rNbSrRz.exe
  2⤵
  PID:3180
- C:\Windows\System\EmTjsqb.exe
  C:\Windows\System\EmTjsqb.exe
  2⤵
  PID:1600
- C:\Windows\System\meUTLno.exe
  C:\Windows\System\meUTLno.exe
  2⤵
  PID:3212
- C:\Windows\System\bidDceU.exe
  C:\Windows\System\bidDceU.exe
  2⤵
  PID:3252
- C:\Windows\System\xPRCFru.exe
  C:\Windows\System\xPRCFru.exe
  2⤵
  PID:2896
- C:\Windows\System\tcLSGmR.exe
  C:\Windows\System\tcLSGmR.exe
  2⤵
  PID:3348
- C:\Windows\System\cluWRGT.exe
  C:\Windows\System\cluWRGT.exe
  2⤵
  PID:1552
- C:\Windows\System\PmIfgRk.exe
  C:\Windows\System\PmIfgRk.exe
  2⤵
  PID:3356
- C:\Windows\System\WBmtsnW.exe
  C:\Windows\System\WBmtsnW.exe
  2⤵
  PID:3076
- C:\Windows\System\qplNeaH.exe
  C:\Windows\System\qplNeaH.exe
  2⤵
  PID:3124
- C:\Windows\System\vdHphuX.exe
  C:\Windows\System\vdHphuX.exe
  2⤵
  PID:3164
- C:\Windows\System\lFeSCXs.exe
  C:\Windows\System\lFeSCXs.exe
  2⤵
  PID:3388
- C:\Windows\System\jBlxiKy.exe
  C:\Windows\System\jBlxiKy.exe
  2⤵
  PID:3268
- C:\Windows\System\hcWseIJ.exe
  C:\Windows\System\hcWseIJ.exe
  2⤵
  PID:3400
- C:\Windows\System\VKiNHfQ.exe
  C:\Windows\System\VKiNHfQ.exe
  2⤵
  PID:2152
- C:\Windows\System\POhTYiN.exe
  C:\Windows\System\POhTYiN.exe
  2⤵
  PID:3456
- C:\Windows\System\skMZmbh.exe
  C:\Windows\System\skMZmbh.exe
  2⤵
  PID:3496
- C:\Windows\System\zepJVkc.exe
  C:\Windows\System\zepJVkc.exe
  2⤵
  PID:3480
- C:\Windows\System\uEConcj.exe
  C:\Windows\System\uEConcj.exe
  2⤵
  PID:3544
- C:\Windows\System\DMHYYGV.exe
  C:\Windows\System\DMHYYGV.exe
  2⤵
  PID:3568
- C:\Windows\System\rYvUcRT.exe
  C:\Windows\System\rYvUcRT.exe
  2⤵
  PID:3604
- C:\Windows\System\ouzElsg.exe
  C:\Windows\System\ouzElsg.exe
  2⤵
  PID:3640
- C:\Windows\System\jhDDdKI.exe
  C:\Windows\System\jhDDdKI.exe
  2⤵
  PID:3664
- C:\Windows\System\pyKKUlx.exe
  C:\Windows\System\pyKKUlx.exe
  2⤵
  PID:3684
- C:\Windows\System\UAlubur.exe
  C:\Windows\System\UAlubur.exe
  2⤵
  PID:3780
- C:\Windows\System\RSimzFB.exe
  C:\Windows\System\RSimzFB.exe
  2⤵
  PID:3756
- C:\Windows\System\JaEOQUl.exe
  C:\Windows\System\JaEOQUl.exe
  2⤵
  PID:3824
- C:\Windows\System\uwydhrF.exe
  C:\Windows\System\uwydhrF.exe
  2⤵
  PID:3828
- C:\Windows\System\HekRnab.exe
  C:\Windows\System\HekRnab.exe
  2⤵
  PID:3868
- C:\Windows\System\bObxGCI.exe
  C:\Windows\System\bObxGCI.exe
  2⤵
  PID:3916
- C:\Windows\System\vCBqWPW.exe
  C:\Windows\System\vCBqWPW.exe
  2⤵
  PID:3928
- C:\Windows\System\JoSFBCv.exe
  C:\Windows\System\JoSFBCv.exe
  2⤵
  PID:3996
- C:\Windows\System\KgcJVph.exe
  C:\Windows\System\KgcJVph.exe
  2⤵
  PID:4012
- C:\Windows\System\PiLguQW.exe
  C:\Windows\System\PiLguQW.exe
  2⤵
  PID:4052
- C:\Windows\System\NvXhLhO.exe
  C:\Windows\System\NvXhLhO.exe
  2⤵
  PID:4092
- C:\Windows\System\guWmzgp.exe
  C:\Windows\System\guWmzgp.exe
  2⤵
  PID:1216
- C:\Windows\System\bYxGWtq.exe
  C:\Windows\System\bYxGWtq.exe
  2⤵
  PID:1508
- C:\Windows\System\TULQJtB.exe
  C:\Windows\System\TULQJtB.exe
  2⤵
  PID:2276
- C:\Windows\System\cjfGumC.exe
  C:\Windows\System\cjfGumC.exe
  2⤵
  PID:3104
- C:\Windows\System\BYlwqhg.exe
  C:\Windows\System\BYlwqhg.exe
  2⤵
  PID:2784
- C:\Windows\System\BvjTobH.exe
  C:\Windows\System\BvjTobH.exe
  2⤵
  PID:856
- C:\Windows\System\xGHZQUx.exe
  C:\Windows\System\xGHZQUx.exe
  2⤵
  PID:988
- C:\Windows\System\MNOerNN.exe
  C:\Windows\System\MNOerNN.exe
  2⤵
  PID:2924
- C:\Windows\System\EgiOvwV.exe
  C:\Windows\System\EgiOvwV.exe
  2⤵
  PID:844
- C:\Windows\System\jBZmDAI.exe
  C:\Windows\System\jBZmDAI.exe
  2⤵
  PID:1744
- C:\Windows\System\vmlkYmI.exe
  C:\Windows\System\vmlkYmI.exe
  2⤵
  PID:3392
- C:\Windows\System\YnlOnIh.exe
  C:\Windows\System\YnlOnIh.exe
  2⤵
  PID:3404
- C:\Windows\System\DacLuti.exe
  C:\Windows\System\DacLuti.exe
  2⤵
  PID:3304
- C:\Windows\System\msSYqRH.exe
  C:\Windows\System\msSYqRH.exe
  2⤵
  PID:3524
- C:\Windows\System\QSimeZK.exe
  C:\Windows\System\QSimeZK.exe
  2⤵
  PID:3444
- C:\Windows\System\PbqQTck.exe
  C:\Windows\System\PbqQTck.exe
  2⤵
  PID:3644
- C:\Windows\System\FCEfISM.exe
  C:\Windows\System\FCEfISM.exe
  2⤵
  PID:3580
- C:\Windows\System\tHOVeEA.exe
  C:\Windows\System\tHOVeEA.exe
  2⤵
  PID:3716
- C:\Windows\System\vWdJbFW.exe
  C:\Windows\System\vWdJbFW.exe
  2⤵
  PID:3788
- C:\Windows\System\ZbxfHhu.exe
  C:\Windows\System\ZbxfHhu.exe
  2⤵
  PID:3852
- C:\Windows\System\pFTgXiS.exe
  C:\Windows\System\pFTgXiS.exe
  2⤵
  PID:3764
- C:\Windows\System\vkyQhjW.exe
  C:\Windows\System\vkyQhjW.exe
  2⤵
  PID:3892
- C:\Windows\System\zijjxuo.exe
  C:\Windows\System\zijjxuo.exe
  2⤵
  PID:3880
- C:\Windows\System\PFNLOtT.exe
  C:\Windows\System\PFNLOtT.exe
  2⤵
  PID:3992
- C:\Windows\System\WomrPUJ.exe
  C:\Windows\System\WomrPUJ.exe
  2⤵
  PID:4080
- C:\Windows\System\YmSqxdv.exe
  C:\Windows\System\YmSqxdv.exe
  2⤵
  PID:4072
- C:\Windows\System\KtlZxfU.exe
  C:\Windows\System\KtlZxfU.exe
  2⤵
  PID:1700
- C:\Windows\System\HQsBTMX.exe
  C:\Windows\System\HQsBTMX.exe
  2⤵
  PID:3044
- C:\Windows\System\WmcKHuc.exe
  C:\Windows\System\WmcKHuc.exe
  2⤵
  PID:2648
- C:\Windows\System\rTcMoRA.exe
  C:\Windows\System\rTcMoRA.exe
  2⤵
  PID:1476
- C:\Windows\System\JpkcLjZ.exe
  C:\Windows\System\JpkcLjZ.exe
  2⤵
  PID:1904
- C:\Windows\System\hjeRWaV.exe
  C:\Windows\System\hjeRWaV.exe
  2⤵
  PID:3368
- C:\Windows\System\cAMqNLM.exe
  C:\Windows\System\cAMqNLM.exe
  2⤵
  PID:3120
- C:\Windows\System\PeLZGyc.exe
  C:\Windows\System\PeLZGyc.exe
  2⤵
  PID:3440
- C:\Windows\System\ryACIPM.exe
  C:\Windows\System\ryACIPM.exe
  2⤵
  PID:3540
- C:\Windows\System\CUEaUiS.exe
  C:\Windows\System\CUEaUiS.exe
  2⤵
  PID:3864
- C:\Windows\System\xaUfZbl.exe
  C:\Windows\System\xaUfZbl.exe
  2⤵
  PID:4040
- C:\Windows\System\GHqSALN.exe
  C:\Windows\System\GHqSALN.exe
  2⤵
  PID:3896
- C:\Windows\System\RomBtec.exe
  C:\Windows\System\RomBtec.exe
  2⤵
  PID:4108
- C:\Windows\System\RdVTtyH.exe
  C:\Windows\System\RdVTtyH.exe
  2⤵
  PID:4128
- C:\Windows\System\GOHkXPU.exe
  C:\Windows\System\GOHkXPU.exe
  2⤵
  PID:4148
- C:\Windows\System\lubAYDO.exe
  C:\Windows\System\lubAYDO.exe
  2⤵
  PID:4168
- C:\Windows\System\NYkTXeg.exe
  C:\Windows\System\NYkTXeg.exe
  2⤵
  PID:4188
- C:\Windows\System\JYcWYhY.exe
  C:\Windows\System\JYcWYhY.exe
  2⤵
  PID:4208
- C:\Windows\System\KqRqKYh.exe
  C:\Windows\System\KqRqKYh.exe
  2⤵
  PID:4224
- C:\Windows\System\foeoCYT.exe
  C:\Windows\System\foeoCYT.exe
  2⤵
  PID:4248
- C:\Windows\System\xCKxbZX.exe
  C:\Windows\System\xCKxbZX.exe
  2⤵
  PID:4268
- C:\Windows\System\EQMDHkV.exe
  C:\Windows\System\EQMDHkV.exe
  2⤵
  PID:4288
- C:\Windows\System\bMAIspL.exe
  C:\Windows\System\bMAIspL.exe
  2⤵
  PID:4308
- C:\Windows\System\QYQitJl.exe
  C:\Windows\System\QYQitJl.exe
  2⤵
  PID:4324
- C:\Windows\System\LUTWCzl.exe
  C:\Windows\System\LUTWCzl.exe
  2⤵
  PID:4348
- C:\Windows\System\CeiuNej.exe
  C:\Windows\System\CeiuNej.exe
  2⤵
  PID:4372
- C:\Windows\System\hazVPGT.exe
  C:\Windows\System\hazVPGT.exe
  2⤵
  PID:4392
- C:\Windows\System\eJHtSzZ.exe
  C:\Windows\System\eJHtSzZ.exe
  2⤵
  PID:4412
- C:\Windows\System\geDJCQx.exe
  C:\Windows\System\geDJCQx.exe
  2⤵
  PID:4428
- C:\Windows\System\bscwzRs.exe
  C:\Windows\System\bscwzRs.exe
  2⤵
  PID:4452
- C:\Windows\System\LtmpnRh.exe
  C:\Windows\System\LtmpnRh.exe
  2⤵
  PID:4468
- C:\Windows\System\CeFddxs.exe
  C:\Windows\System\CeFddxs.exe
  2⤵
  PID:4492
- C:\Windows\System\ElNJAFz.exe
  C:\Windows\System\ElNJAFz.exe
  2⤵
  PID:4508
- C:\Windows\System\blyOPHO.exe
  C:\Windows\System\blyOPHO.exe
  2⤵
  PID:4532
- C:\Windows\System\jGhvfEZ.exe
  C:\Windows\System\jGhvfEZ.exe
  2⤵
  PID:4548
- C:\Windows\System\lAQHNVr.exe
  C:\Windows\System\lAQHNVr.exe
  2⤵
  PID:4572
- C:\Windows\System\QiOqzzf.exe
  C:\Windows\System\QiOqzzf.exe
  2⤵
  PID:4596
- C:\Windows\System\usqvOBK.exe
  C:\Windows\System\usqvOBK.exe
  2⤵
  PID:4616
- C:\Windows\System\dgMChHs.exe
  C:\Windows\System\dgMChHs.exe
  2⤵
  PID:4632
- C:\Windows\System\doOvRzo.exe
  C:\Windows\System\doOvRzo.exe
  2⤵
  PID:4648
- C:\Windows\System\FcauOsR.exe
  C:\Windows\System\FcauOsR.exe
  2⤵
  PID:4676
- C:\Windows\System\fkvKxHL.exe
  C:\Windows\System\fkvKxHL.exe
  2⤵
  PID:4700
- C:\Windows\System\abfFirP.exe
  C:\Windows\System\abfFirP.exe
  2⤵
  PID:4720
- C:\Windows\System\ExSuxUd.exe
  C:\Windows\System\ExSuxUd.exe
  2⤵
  PID:4740
- C:\Windows\System\iMlcmkL.exe
  C:\Windows\System\iMlcmkL.exe
  2⤵
  PID:4756
- C:\Windows\System\XPPiwIR.exe
  C:\Windows\System\XPPiwIR.exe
  2⤵
  PID:4772
- C:\Windows\System\THnLXfq.exe
  C:\Windows\System\THnLXfq.exe
  2⤵
  PID:4796
- C:\Windows\System\HVwJdiL.exe
  C:\Windows\System\HVwJdiL.exe
  2⤵
  PID:4812
- C:\Windows\System\mmkAABG.exe
  C:\Windows\System\mmkAABG.exe
  2⤵
  PID:4832
- C:\Windows\System\aILHqyP.exe
  C:\Windows\System\aILHqyP.exe
  2⤵
  PID:4856
- C:\Windows\System\HkUoBeG.exe
  C:\Windows\System\HkUoBeG.exe
  2⤵
  PID:4876
- C:\Windows\System\ijoyBNH.exe
  C:\Windows\System\ijoyBNH.exe
  2⤵
  PID:4896
- C:\Windows\System\ljZHwcM.exe
  C:\Windows\System\ljZHwcM.exe
  2⤵
  PID:4912
- C:\Windows\System\VbQDbJs.exe
  C:\Windows\System\VbQDbJs.exe
  2⤵
  PID:4944
- C:\Windows\System\RvYxJOO.exe
  C:\Windows\System\RvYxJOO.exe
  2⤵
  PID:4964
- C:\Windows\System\vRxBlzC.exe
  C:\Windows\System\vRxBlzC.exe
  2⤵
  PID:4984
- C:\Windows\System\TJNxZHf.exe
  C:\Windows\System\TJNxZHf.exe
  2⤵
  PID:5000
- C:\Windows\System\AxiXciU.exe
  C:\Windows\System\AxiXciU.exe
  2⤵
  PID:5020
- C:\Windows\System\MtCbHfL.exe
  C:\Windows\System\MtCbHfL.exe
  2⤵
  PID:5040
- C:\Windows\System\paQYJmn.exe
  C:\Windows\System\paQYJmn.exe
  2⤵
  PID:5056
- C:\Windows\System\Usckjdi.exe
  C:\Windows\System\Usckjdi.exe
  2⤵
  PID:5076
- C:\Windows\System\JcNXfde.exe
  C:\Windows\System\JcNXfde.exe
  2⤵
  PID:5100
- C:\Windows\System\hEzfQut.exe
  C:\Windows\System\hEzfQut.exe
  2⤵
  PID:5116
- C:\Windows\System\BhRpUsi.exe
  C:\Windows\System\BhRpUsi.exe
  2⤵
  PID:2848
- C:\Windows\System\BTsmGsl.exe
  C:\Windows\System\BTsmGsl.exe
  2⤵
  PID:872
- C:\Windows\System\xRyAnIM.exe
  C:\Windows\System\xRyAnIM.exe
  2⤵
  PID:2720
- C:\Windows\System\VGmqnEj.exe
  C:\Windows\System\VGmqnEj.exe
  2⤵
  PID:2488
- C:\Windows\System\TWxRfov.exe
  C:\Windows\System\TWxRfov.exe
  2⤵
  PID:2172
- C:\Windows\System\dZarhwO.exe
  C:\Windows\System\dZarhwO.exe
  2⤵
  PID:3396
- C:\Windows\System\QAeMMmj.exe
  C:\Windows\System\QAeMMmj.exe
  2⤵
  PID:1740
- C:\Windows\System\lmQXMnq.exe
  C:\Windows\System\lmQXMnq.exe
  2⤵
  PID:3680
- C:\Windows\System\SbLgfzD.exe
  C:\Windows\System\SbLgfzD.exe
  2⤵
  PID:3600
- C:\Windows\System\TbKCalE.exe
  C:\Windows\System\TbKCalE.exe
  2⤵
  PID:4124
- C:\Windows\System\RdIQsVr.exe
  C:\Windows\System\RdIQsVr.exe
  2⤵
  PID:4156
- C:\Windows\System\wJiIeiq.exe
  C:\Windows\System\wJiIeiq.exe
  2⤵
  PID:4200
- C:\Windows\System\MFjmhFr.exe
  C:\Windows\System\MFjmhFr.exe
  2⤵
  PID:4240
- C:\Windows\System\gYMTBKc.exe
  C:\Windows\System\gYMTBKc.exe
  2⤵
  PID:4284
- C:\Windows\System\pkFJQIv.exe
  C:\Windows\System\pkFJQIv.exe
  2⤵
  PID:4220
- C:\Windows\System\vsFMXeu.exe
  C:\Windows\System\vsFMXeu.exe
  2⤵
  PID:4256
- C:\Windows\System\dGbOxmM.exe
  C:\Windows\System\dGbOxmM.exe
  2⤵
  PID:4356
- C:\Windows\System\joJGfWg.exe
  C:\Windows\System\joJGfWg.exe
  2⤵
  PID:4400
- C:\Windows\System\pUHiWie.exe
  C:\Windows\System\pUHiWie.exe
  2⤵
  PID:4440
- C:\Windows\System\WONpMMV.exe
  C:\Windows\System\WONpMMV.exe
  2⤵
  PID:4484
- C:\Windows\System\FxwqPsF.exe
  C:\Windows\System\FxwqPsF.exe
  2⤵
  PID:4344
- C:\Windows\System\OkUMNNd.exe
  C:\Windows\System\OkUMNNd.exe
  2⤵
  PID:4520
- C:\Windows\System\krMvOJD.exe
  C:\Windows\System\krMvOJD.exe
  2⤵
  PID:4460
- C:\Windows\System\TGGbnLI.exe
  C:\Windows\System\TGGbnLI.exe
  2⤵
  PID:4500
- C:\Windows\System\akWRGCz.exe
  C:\Windows\System\akWRGCz.exe
  2⤵
  PID:4612
- C:\Windows\System\MBXtWvC.exe
  C:\Windows\System\MBXtWvC.exe
  2⤵
  PID:4580
- C:\Windows\System\uYlLPFd.exe
  C:\Windows\System\uYlLPFd.exe
  2⤵
  PID:4688
- C:\Windows\System\HtQxTNj.exe
  C:\Windows\System\HtQxTNj.exe
  2⤵
  PID:4764
- C:\Windows\System\UvHqkYq.exe
  C:\Windows\System\UvHqkYq.exe
  2⤵
  PID:4716
- C:\Windows\System\nGsBLXt.exe
  C:\Windows\System\nGsBLXt.exe
  2⤵
  PID:4752
- C:\Windows\System\etfmevj.exe
  C:\Windows\System\etfmevj.exe
  2⤵
  PID:4884
- C:\Windows\System\IDvfGrv.exe
  C:\Windows\System\IDvfGrv.exe
  2⤵
  PID:4784
- C:\Windows\System\uFJAopS.exe
  C:\Windows\System\uFJAopS.exe
  2⤵
  PID:4924
- C:\Windows\System\ybxWtOH.exe
  C:\Windows\System\ybxWtOH.exe
  2⤵
  PID:4972
- C:\Windows\System\fJMUuTM.exe
  C:\Windows\System\fJMUuTM.exe
  2⤵
  PID:4980
- C:\Windows\System\DQvuQUw.exe
  C:\Windows\System\DQvuQUw.exe
  2⤵
  PID:4960
- C:\Windows\System\fhRfKPk.exe
  C:\Windows\System\fhRfKPk.exe
  2⤵
  PID:5052
- C:\Windows\System\bzjyxlP.exe
  C:\Windows\System\bzjyxlP.exe
  2⤵
  PID:4000
- C:\Windows\System\swQOUNK.exe
  C:\Windows\System\swQOUNK.exe
  2⤵
  PID:2416
- C:\Windows\System\KimhRpe.exe
  C:\Windows\System\KimhRpe.exe
  2⤵
  PID:5028
- C:\Windows\System\mjmIgnc.exe
  C:\Windows\System\mjmIgnc.exe
  2⤵
  PID:2360
- C:\Windows\System\ejEsKRV.exe
  C:\Windows\System\ejEsKRV.exe
  2⤵
  PID:5072
- C:\Windows\System\JxtRWcz.exe
  C:\Windows\System\JxtRWcz.exe
  2⤵
  PID:3232
- C:\Windows\System\USDdvrW.exe
  C:\Windows\System\USDdvrW.exe
  2⤵
  PID:4120
- C:\Windows\System\LUyLwsb.exe
  C:\Windows\System\LUyLwsb.exe
  2⤵
  PID:3336
- C:\Windows\System\fmENtIw.exe
  C:\Windows\System\fmENtIw.exe
  2⤵
  PID:3800
- C:\Windows\System\cPHCpBC.exe
  C:\Windows\System\cPHCpBC.exe
  2⤵
  PID:4216
- C:\Windows\System\mDBiZah.exe
  C:\Windows\System\mDBiZah.exe
  2⤵
  PID:3688
- C:\Windows\System\aNVoKmH.exe
  C:\Windows\System\aNVoKmH.exe
  2⤵
  PID:4204
- C:\Windows\System\apKbItw.exe
  C:\Windows\System\apKbItw.exe
  2⤵
  PID:4336
- C:\Windows\System\sOONbGq.exe
  C:\Windows\System\sOONbGq.exe
  2⤵
  PID:4528
- C:\Windows\System\MZHNhQq.exe
  C:\Windows\System\MZHNhQq.exe
  2⤵
  PID:4360
- C:\Windows\System\iyqnxdt.exe
  C:\Windows\System\iyqnxdt.exe
  2⤵
  PID:4604
- C:\Windows\System\GharbtR.exe
  C:\Windows\System\GharbtR.exe
  2⤵
  PID:4584
- C:\Windows\System\MGKOiGZ.exe
  C:\Windows\System\MGKOiGZ.exe
  2⤵
  PID:4692
- C:\Windows\System\oJUwQmK.exe
  C:\Windows\System\oJUwQmK.exe
  2⤵
  PID:4384
- C:\Windows\System\GebqTys.exe
  C:\Windows\System\GebqTys.exe
  2⤵
  PID:4708
- C:\Windows\System\tsEZLaM.exe
  C:\Windows\System\tsEZLaM.exe
  2⤵
  PID:4848
- C:\Windows\System\nbIyGiV.exe
  C:\Windows\System\nbIyGiV.exe
  2⤵
  PID:4788
- C:\Windows\System\ZYIfSCt.exe
  C:\Windows\System\ZYIfSCt.exe
  2⤵
  PID:4748
- C:\Windows\System\ysNzrQU.exe
  C:\Windows\System\ysNzrQU.exe
  2⤵
  PID:4936
- C:\Windows\System\wPiMaja.exe
  C:\Windows\System\wPiMaja.exe
  2⤵
  PID:4076
- C:\Windows\System\WWYnIFG.exe
  C:\Windows\System\WWYnIFG.exe
  2⤵
  PID:4996
- C:\Windows\System\IswQuXI.exe
  C:\Windows\System\IswQuXI.exe
  2⤵
  PID:5088
- C:\Windows\System\YAyJiAe.exe
  C:\Windows\System\YAyJiAe.exe
  2⤵
  PID:3320
- C:\Windows\System\OpFqnJw.exe
  C:\Windows\System\OpFqnJw.exe
  2⤵
  PID:5108
- C:\Windows\System\znwqkIP.exe
  C:\Windows\System\znwqkIP.exe
  2⤵
  PID:4056
- C:\Windows\System\BNQzOGe.exe
  C:\Windows\System\BNQzOGe.exe
  2⤵
  PID:3376
- C:\Windows\System\HiOIPbd.exe
  C:\Windows\System\HiOIPbd.exe
  2⤵
  PID:4136
- C:\Windows\System\IfwZErW.exe
  C:\Windows\System\IfwZErW.exe
  2⤵
  PID:4264
- C:\Windows\System\uvNCWXi.exe
  C:\Windows\System\uvNCWXi.exe
  2⤵
  PID:4236
- C:\Windows\System\VZoTUPD.exe
  C:\Windows\System\VZoTUPD.exe
  2⤵
  PID:4364
- C:\Windows\System\bIqXThz.exe
  C:\Windows\System\bIqXThz.exe
  2⤵
  PID:2652
- C:\Windows\System\AfQekgN.exe
  C:\Windows\System\AfQekgN.exe
  2⤵
  PID:4668
- C:\Windows\System\CjAMWLe.exe
  C:\Windows\System\CjAMWLe.exe
  2⤵
  PID:4516
- C:\Windows\System\dykZSaU.exe
  C:\Windows\System\dykZSaU.exe
  2⤵
  PID:4888
- C:\Windows\System\rVVUlLA.exe
  C:\Windows\System\rVVUlLA.exe
  2⤵
  PID:4956
- C:\Windows\System\DePzfVa.exe
  C:\Windows\System\DePzfVa.exe
  2⤵
  PID:1888
- C:\Windows\System\XycbTHg.exe
  C:\Windows\System\XycbTHg.exe
  2⤵
  PID:2660
- C:\Windows\System\IGvWvsX.exe
  C:\Windows\System\IGvWvsX.exe
  2⤵
  PID:5012
- C:\Windows\System\CCilTGu.exe
  C:\Windows\System\CCilTGu.exe
  2⤵
  PID:4104
- C:\Windows\System\nCYeTmJ.exe
  C:\Windows\System\nCYeTmJ.exe
  2⤵
  PID:5132
- C:\Windows\System\MZiISKP.exe
  C:\Windows\System\MZiISKP.exe
  2⤵
  PID:5148
- C:\Windows\System\EdKQpkF.exe
  C:\Windows\System\EdKQpkF.exe
  2⤵
  PID:5172
- C:\Windows\System\yjeyOPx.exe
  C:\Windows\System\yjeyOPx.exe
  2⤵
  PID:5196
- C:\Windows\System\aeypqRh.exe
  C:\Windows\System\aeypqRh.exe
  2⤵
  PID:5216
- C:\Windows\System\OKqeFsO.exe
  C:\Windows\System\OKqeFsO.exe
  2⤵
  PID:5236
- C:\Windows\System\awdMWYP.exe
  C:\Windows\System\awdMWYP.exe
  2⤵
  PID:5256
- C:\Windows\System\vfkYmMa.exe
  C:\Windows\System\vfkYmMa.exe
  2⤵
  PID:5280
- C:\Windows\System\zFpXilj.exe
  C:\Windows\System\zFpXilj.exe
  2⤵
  PID:5296
- C:\Windows\System\EXuLGiZ.exe
  C:\Windows\System\EXuLGiZ.exe
  2⤵
  PID:5312
- C:\Windows\System\ysrNqoC.exe
  C:\Windows\System\ysrNqoC.exe
  2⤵
  PID:5336
- C:\Windows\System\tCreyHV.exe
  C:\Windows\System\tCreyHV.exe
  2⤵
  PID:5360
- C:\Windows\System\NbyoVgK.exe
  C:\Windows\System\NbyoVgK.exe
  2⤵
  PID:5380
- C:\Windows\System\XIxQFjH.exe
  C:\Windows\System\XIxQFjH.exe
  2⤵
  PID:5404
- C:\Windows\System\JiFIAbj.exe
  C:\Windows\System\JiFIAbj.exe
  2⤵
  PID:5424
- C:\Windows\System\kjUIaes.exe
  C:\Windows\System\kjUIaes.exe
  2⤵
  PID:5444
- C:\Windows\System\tMQGyUs.exe
  C:\Windows\System\tMQGyUs.exe
  2⤵
  PID:5460
- C:\Windows\System\qqSFGCp.exe
  C:\Windows\System\qqSFGCp.exe
  2⤵
  PID:5476
- C:\Windows\System\YsIattY.exe
  C:\Windows\System\YsIattY.exe
  2⤵
  PID:5496
- C:\Windows\System\sIXNxpn.exe
  C:\Windows\System\sIXNxpn.exe
  2⤵
  PID:5512
- C:\Windows\System\LlnIdSC.exe
  C:\Windows\System\LlnIdSC.exe
  2⤵
  PID:5532
- C:\Windows\System\ELQgezP.exe
  C:\Windows\System\ELQgezP.exe
  2⤵
  PID:5556
- C:\Windows\System\SiMdady.exe
  C:\Windows\System\SiMdady.exe
  2⤵
  PID:5572
- C:\Windows\System\nuAFGbY.exe
  C:\Windows\System\nuAFGbY.exe
  2⤵
  PID:5604
- C:\Windows\System\IlZjhLK.exe
  C:\Windows\System\IlZjhLK.exe
  2⤵
  PID:5620
- C:\Windows\System\enjWtbu.exe
  C:\Windows\System\enjWtbu.exe
  2⤵
  PID:5640
- C:\Windows\System\IjJibkS.exe
  C:\Windows\System\IjJibkS.exe
  2⤵
  PID:5664
- C:\Windows\System\xBqWknH.exe
  C:\Windows\System\xBqWknH.exe
  2⤵
  PID:5684
- C:\Windows\System\DGTMiiA.exe
  C:\Windows\System\DGTMiiA.exe
  2⤵
  PID:5704
- C:\Windows\System\fnlCOuf.exe
  C:\Windows\System\fnlCOuf.exe
  2⤵
  PID:5724
- C:\Windows\System\phPLVPr.exe
  C:\Windows\System\phPLVPr.exe
  2⤵
  PID:5744
- C:\Windows\System\aQBfzyn.exe
  C:\Windows\System\aQBfzyn.exe
  2⤵
  PID:5764
- C:\Windows\System\EHiTgKa.exe
  C:\Windows\System\EHiTgKa.exe
  2⤵
  PID:5788
- C:\Windows\System\adiKaSt.exe
  C:\Windows\System\adiKaSt.exe
  2⤵
  PID:5812
- C:\Windows\System\aWUGoTz.exe
  C:\Windows\System\aWUGoTz.exe
  2⤵
  PID:5832
- C:\Windows\System\WnNaCkm.exe
  C:\Windows\System\WnNaCkm.exe
  2⤵
  PID:5848
- C:\Windows\System\SgbNsKl.exe
  C:\Windows\System\SgbNsKl.exe
  2⤵
  PID:5872
- C:\Windows\System\Icuuhdi.exe
  C:\Windows\System\Icuuhdi.exe
  2⤵
  PID:5892
- C:\Windows\System\zEFylsA.exe
  C:\Windows\System\zEFylsA.exe
  2⤵
  PID:5908
- C:\Windows\System\TmIDaPX.exe
  C:\Windows\System\TmIDaPX.exe
  2⤵
  PID:5932
- C:\Windows\System\RlexNeq.exe
  C:\Windows\System\RlexNeq.exe
  2⤵
  PID:5952
- C:\Windows\System\OzCGvJM.exe
  C:\Windows\System\OzCGvJM.exe
  2⤵
  PID:5968
- C:\Windows\System\jCMLtrf.exe
  C:\Windows\System\jCMLtrf.exe
  2⤵
  PID:5992
- C:\Windows\System\cgjcKZS.exe
  C:\Windows\System\cgjcKZS.exe
  2⤵
  PID:6012
- C:\Windows\System\gvkaoAB.exe
  C:\Windows\System\gvkaoAB.exe
  2⤵
  PID:6032
- C:\Windows\System\gsZodvW.exe
  C:\Windows\System\gsZodvW.exe
  2⤵
  PID:6052
- C:\Windows\System\OilniHi.exe
  C:\Windows\System\OilniHi.exe
  2⤵
  PID:6072
- C:\Windows\System\pyClAqn.exe
  C:\Windows\System\pyClAqn.exe
  2⤵
  PID:6092
- C:\Windows\System\EOpvYAj.exe
  C:\Windows\System\EOpvYAj.exe
  2⤵
  PID:6112
- C:\Windows\System\ofaFfOF.exe
  C:\Windows\System\ofaFfOF.exe
  2⤵
  PID:6132
- C:\Windows\System\bjjJdaS.exe
  C:\Windows\System\bjjJdaS.exe
  2⤵
  PID:4300
- C:\Windows\System\bDAZlAO.exe
  C:\Windows\System\bDAZlAO.exe
  2⤵
  PID:3740
- C:\Windows\System\UtLcUSw.exe
  C:\Windows\System\UtLcUSw.exe
  2⤵
  PID:2656
- C:\Windows\System\dCvRwlV.exe
  C:\Windows\System\dCvRwlV.exe
  2⤵
  PID:4524
- C:\Windows\System\FupYSle.exe
  C:\Windows\System\FupYSle.exe
  2⤵
  PID:4444
- C:\Windows\System\ycfmnwH.exe
  C:\Windows\System\ycfmnwH.exe
  2⤵
  PID:1996
- C:\Windows\System\LzYedVq.exe
  C:\Windows\System\LzYedVq.exe
  2⤵
  PID:4828
- C:\Windows\System\YCsmqww.exe
  C:\Windows\System\YCsmqww.exe
  2⤵
  PID:5092
- C:\Windows\System\YbcaVfK.exe
  C:\Windows\System\YbcaVfK.exe
  2⤵
  PID:5192
- C:\Windows\System\dqMdOvM.exe
  C:\Windows\System\dqMdOvM.exe
  2⤵
  PID:4864
- C:\Windows\System\twipKXe.exe
  C:\Windows\System\twipKXe.exe
  2⤵
  PID:5164
- C:\Windows\System\eHyOBDK.exe
  C:\Windows\System\eHyOBDK.exe
  2⤵
  PID:5264
- C:\Windows\System\YeSaKpG.exe
  C:\Windows\System\YeSaKpG.exe
  2⤵
  PID:2888
- C:\Windows\System\pJkkLrk.exe
  C:\Windows\System\pJkkLrk.exe
  2⤵
  PID:5244
- C:\Windows\System\TQBirYW.exe
  C:\Windows\System\TQBirYW.exe
  2⤵
  PID:2836
- C:\Windows\System\wPOUXGr.exe
  C:\Windows\System\wPOUXGr.exe
  2⤵
  PID:5432
- C:\Windows\System\bTXjOmi.exe
  C:\Windows\System\bTXjOmi.exe
  2⤵
  PID:5368
- C:\Windows\System\MDybyuj.exe
  C:\Windows\System\MDybyuj.exe
  2⤵
  PID:5436
- C:\Windows\System\KWCXsXc.exe
  C:\Windows\System\KWCXsXc.exe
  2⤵
  PID:5472
- C:\Windows\System\ZrQScfN.exe
  C:\Windows\System\ZrQScfN.exe
  2⤵
  PID:5548
- C:\Windows\System\NgELggl.exe
  C:\Windows\System\NgELggl.exe
  2⤵
  PID:5456
- C:\Windows\System\JcooGvV.exe
  C:\Windows\System\JcooGvV.exe
  2⤵
  PID:5492
- C:\Windows\System\DoONtsO.exe
  C:\Windows\System\DoONtsO.exe
  2⤵
  PID:5600
- C:\Windows\System\rDuUfvs.exe
  C:\Windows\System\rDuUfvs.exe
  2⤵
  PID:5632
- C:\Windows\System\PGEBotf.exe
  C:\Windows\System\PGEBotf.exe
  2⤵
  PID:5660
- C:\Windows\System\eCHcnRT.exe
  C:\Windows\System\eCHcnRT.exe
  2⤵
  PID:5676
- C:\Windows\System\jydNhxT.exe
  C:\Windows\System\jydNhxT.exe
  2⤵
  PID:5760
- C:\Windows\System\iXqWHLs.exe
  C:\Windows\System\iXqWHLs.exe
  2⤵
  PID:5740
- C:\Windows\System\FOLaeLW.exe
  C:\Windows\System\FOLaeLW.exe
  2⤵
  PID:5772
- C:\Windows\System\fZBEAED.exe
  C:\Windows\System\fZBEAED.exe
  2⤵
  PID:5820
- C:\Windows\System\HZJfuTB.exe
  C:\Windows\System\HZJfuTB.exe
  2⤵
  PID:5880
- C:\Windows\System\xsRTYcM.exe
  C:\Windows\System\xsRTYcM.exe
  2⤵
  PID:5916
- C:\Windows\System\bEPhOjE.exe
  C:\Windows\System\bEPhOjE.exe
  2⤵
  PID:5900
- C:\Windows\System\OodpSTC.exe
  C:\Windows\System\OodpSTC.exe
  2⤵
  PID:5964
- C:\Windows\System\OoJsmXf.exe
  C:\Windows\System\OoJsmXf.exe
  2⤵
  PID:6000
- C:\Windows\System\GVHfAdA.exe
  C:\Windows\System\GVHfAdA.exe
  2⤵
  PID:5980
- C:\Windows\System\OvcsRhY.exe
  C:\Windows\System\OvcsRhY.exe
  2⤵
  PID:6044
- C:\Windows\System\TPJWMFE.exe
  C:\Windows\System\TPJWMFE.exe
  2⤵
  PID:6024
- C:\Windows\System\kqghUyE.exe
  C:\Windows\System\kqghUyE.exe
  2⤵
  PID:6120
- C:\Windows\System\APmJZKo.exe
  C:\Windows\System\APmJZKo.exe
  2⤵
  PID:1900
- C:\Windows\System\dbCLKef.exe
  C:\Windows\System\dbCLKef.exe
  2⤵
  PID:6140
- C:\Windows\System\PerQGla.exe
  C:\Windows\System\PerQGla.exe
  2⤵
  PID:4728
- C:\Windows\System\TnSuAwi.exe
  C:\Windows\System\TnSuAwi.exe
  2⤵
  PID:4732
- C:\Windows\System\HuuSaRF.exe
  C:\Windows\System\HuuSaRF.exe
  2⤵
  PID:2700
- C:\Windows\System\zLeeycE.exe
  C:\Windows\System\zLeeycE.exe
  2⤵
  PID:5224
- C:\Windows\System\wLcSQUo.exe
  C:\Windows\System\wLcSQUo.exe
  2⤵
  PID:5232
- C:\Windows\System\kMVWzYG.exe
  C:\Windows\System\kMVWzYG.exe
  2⤵
  PID:5128
- C:\Windows\System\TSOdKBG.exe
  C:\Windows\System\TSOdKBG.exe
  2⤵
  PID:5352
- C:\Windows\System\nRATPcc.exe
  C:\Windows\System\nRATPcc.exe
  2⤵
  PID:5292
- C:\Windows\System\BlgmhJC.exe
  C:\Windows\System\BlgmhJC.exe
  2⤵
  PID:5272
- C:\Windows\System\aQYNjDj.exe
  C:\Windows\System\aQYNjDj.exe
  2⤵
  PID:5540
- C:\Windows\System\aoECflb.exe
  C:\Windows\System\aoECflb.exe
  2⤵
  PID:5420
- C:\Windows\System\KMqCnaK.exe
  C:\Windows\System\KMqCnaK.exe
  2⤵
  PID:5584
- C:\Windows\System\utglvdr.exe
  C:\Windows\System\utglvdr.exe
  2⤵
  PID:5580
- C:\Windows\System\CSayunx.exe
  C:\Windows\System\CSayunx.exe
  2⤵
  PID:5612
- C:\Windows\System\IANlUEG.exe
  C:\Windows\System\IANlUEG.exe
  2⤵
  PID:5756
- C:\Windows\System\GjbHfsi.exe
  C:\Windows\System\GjbHfsi.exe
  2⤵
  PID:5720
- C:\Windows\System\kleSbhU.exe
  C:\Windows\System\kleSbhU.exe
  2⤵
  PID:5860
- C:\Windows\System\EwrqmYH.exe
  C:\Windows\System\EwrqmYH.exe
  2⤵
  PID:5864
- C:\Windows\System\DwAoNiz.exe
  C:\Windows\System\DwAoNiz.exe
  2⤵
  PID:5988
- C:\Windows\System\csMJsvX.exe
  C:\Windows\System\csMJsvX.exe
  2⤵
  PID:5948
- C:\Windows\System\vfchCBg.exe
  C:\Windows\System\vfchCBg.exe
  2⤵
  PID:2664
- C:\Windows\System\VCHnEvG.exe
  C:\Windows\System\VCHnEvG.exe
  2⤵
  PID:6048
- C:\Windows\System\hQqDsgW.exe
  C:\Windows\System\hQqDsgW.exe
  2⤵
  PID:4480
- C:\Windows\System\vIeywej.exe
  C:\Windows\System\vIeywej.exe
  2⤵
  PID:3248
- C:\Windows\System\ehjJlJu.exe
  C:\Windows\System\ehjJlJu.exe
  2⤵
  PID:5144
- C:\Windows\System\jtDtOwl.exe
  C:\Windows\System\jtDtOwl.exe
  2⤵
  PID:4952
- C:\Windows\System\doznGcF.exe
  C:\Windows\System\doznGcF.exe
  2⤵
  PID:5328
- C:\Windows\System\pLfAazM.exe
  C:\Windows\System\pLfAazM.exe
  2⤵
  PID:5388
- C:\Windows\System\CHvxncg.exe
  C:\Windows\System\CHvxncg.exe
  2⤵
  PID:5412
- C:\Windows\System\UJrnCOs.exe
  C:\Windows\System\UJrnCOs.exe
  2⤵
  PID:5376
- C:\Windows\System\RiVWfMF.exe
  C:\Windows\System\RiVWfMF.exe
  2⤵
  PID:2956
- C:\Windows\System\UvSXBmt.exe
  C:\Windows\System\UvSXBmt.exe
  2⤵
  PID:5552
- C:\Windows\System\HULbMXC.exe
  C:\Windows\System\HULbMXC.exe
  2⤵
  PID:5616
- C:\Windows\System\WrOWfAm.exe
  C:\Windows\System\WrOWfAm.exe
  2⤵
  PID:5712
- C:\Windows\System\zMycgAM.exe
  C:\Windows\System\zMycgAM.exe
  2⤵
  PID:2900
- C:\Windows\System\kbxgaxg.exe
  C:\Windows\System\kbxgaxg.exe
  2⤵
  PID:5804
- C:\Windows\System\qucDYVg.exe
  C:\Windows\System\qucDYVg.exe
  2⤵
  PID:5920
- C:\Windows\System\yZltGXL.exe
  C:\Windows\System\yZltGXL.exe
  2⤵
  PID:6100
- C:\Windows\System\CuOGiol.exe
  C:\Windows\System\CuOGiol.exe
  2⤵
  PID:4712
- C:\Windows\System\hseDahk.exe
  C:\Windows\System\hseDahk.exe
  2⤵
  PID:5396
- C:\Windows\System\RHljkrA.exe
  C:\Windows\System\RHljkrA.exe
  2⤵
  PID:1760
- C:\Windows\System\evuwvlJ.exe
  C:\Windows\System\evuwvlJ.exe
  2⤵
  PID:6156
- C:\Windows\System\qgwuyAV.exe
  C:\Windows\System\qgwuyAV.exe
  2⤵
  PID:6176
- C:\Windows\System\fNUITfG.exe
  C:\Windows\System\fNUITfG.exe
  2⤵
  PID:6196
- C:\Windows\System\YRvLegd.exe
  C:\Windows\System\YRvLegd.exe
  2⤵
  PID:6212
- C:\Windows\System\tPJYcAx.exe
  C:\Windows\System\tPJYcAx.exe
  2⤵
  PID:6232
- C:\Windows\System\ZBHMifN.exe
  C:\Windows\System\ZBHMifN.exe
  2⤵
  PID:6260
- C:\Windows\System\lycdWvI.exe
  C:\Windows\System\lycdWvI.exe
  2⤵
  PID:6280
- C:\Windows\System\XcpYBjQ.exe
  C:\Windows\System\XcpYBjQ.exe
  2⤵
  PID:6300
- C:\Windows\System\weckTpi.exe
  C:\Windows\System\weckTpi.exe
  2⤵
  PID:6316
- C:\Windows\System\DKpFhoR.exe
  C:\Windows\System\DKpFhoR.exe
  2⤵
  PID:6340
- C:\Windows\System\IEhbDGk.exe
  C:\Windows\System\IEhbDGk.exe
  2⤵
  PID:6360
- C:\Windows\System\IpVIxIa.exe
  C:\Windows\System\IpVIxIa.exe
  2⤵
  PID:6380
- C:\Windows\System\yUVwmjX.exe
  C:\Windows\System\yUVwmjX.exe
  2⤵
  PID:6400
- C:\Windows\System\IbhsPhy.exe
  C:\Windows\System\IbhsPhy.exe
  2⤵
  PID:6420
- C:\Windows\System\ADwgzWh.exe
  C:\Windows\System\ADwgzWh.exe
  2⤵
  PID:6440
- C:\Windows\System\jdUsEDO.exe
  C:\Windows\System\jdUsEDO.exe
  2⤵
  PID:6460
- C:\Windows\System\ZkXfxWT.exe
  C:\Windows\System\ZkXfxWT.exe
  2⤵
  PID:6480
- C:\Windows\System\aGYaFhP.exe
  C:\Windows\System\aGYaFhP.exe
  2⤵
  PID:6500
- C:\Windows\System\dmcUBcW.exe
  C:\Windows\System\dmcUBcW.exe
  2⤵
  PID:6520
- C:\Windows\System\HowHhoG.exe
  C:\Windows\System\HowHhoG.exe
  2⤵
  PID:6540
- C:\Windows\System\pqucjGq.exe
  C:\Windows\System\pqucjGq.exe
  2⤵
  PID:6560
- C:\Windows\System\hkBnfsw.exe
  C:\Windows\System\hkBnfsw.exe
  2⤵
  PID:6580
- C:\Windows\System\cLKUVdU.exe
  C:\Windows\System\cLKUVdU.exe
  2⤵
  PID:6600
- C:\Windows\System\hpAzBCf.exe
  C:\Windows\System\hpAzBCf.exe
  2⤵
  PID:6620
- C:\Windows\System\qlXdUgS.exe
  C:\Windows\System\qlXdUgS.exe
  2⤵
  PID:6640
- C:\Windows\System\JICHqET.exe
  C:\Windows\System\JICHqET.exe
  2⤵
  PID:6660
- C:\Windows\System\sLajZfD.exe
  C:\Windows\System\sLajZfD.exe
  2⤵
  PID:6680
- C:\Windows\System\LgeBYSu.exe
  C:\Windows\System\LgeBYSu.exe
  2⤵
  PID:6700
- C:\Windows\System\hFfOaUK.exe
  C:\Windows\System\hFfOaUK.exe
  2⤵
  PID:6720
- C:\Windows\System\bfzvkjq.exe
  C:\Windows\System\bfzvkjq.exe
  2⤵
  PID:6744
- C:\Windows\System\BAaBBNK.exe
  C:\Windows\System\BAaBBNK.exe
  2⤵
  PID:6764
- C:\Windows\System\soVpuWl.exe
  C:\Windows\System\soVpuWl.exe
  2⤵
  PID:6784
- C:\Windows\System\GumDgKX.exe
  C:\Windows\System\GumDgKX.exe
  2⤵
  PID:6804
- C:\Windows\System\WpJZReG.exe
  C:\Windows\System\WpJZReG.exe
  2⤵
  PID:6824
- C:\Windows\System\cewdDbS.exe
  C:\Windows\System\cewdDbS.exe
  2⤵
  PID:6844
- C:\Windows\System\KoCiNoA.exe
  C:\Windows\System\KoCiNoA.exe
  2⤵
  PID:6864
- C:\Windows\System\piEXKhM.exe
  C:\Windows\System\piEXKhM.exe
  2⤵
  PID:6880
- C:\Windows\System\uGZlUtP.exe
  C:\Windows\System\uGZlUtP.exe
  2⤵
  PID:6904
- C:\Windows\System\QLIPFix.exe
  C:\Windows\System\QLIPFix.exe
  2⤵
  PID:6924
- C:\Windows\System\dnSfWYM.exe
  C:\Windows\System\dnSfWYM.exe
  2⤵
  PID:6944
- C:\Windows\System\QnvYvfT.exe
  C:\Windows\System\QnvYvfT.exe
  2⤵
  PID:6964
- C:\Windows\System\BgXFZWJ.exe
  C:\Windows\System\BgXFZWJ.exe
  2⤵
  PID:6984
- C:\Windows\System\uULJzpm.exe
  C:\Windows\System\uULJzpm.exe
  2⤵
  PID:7004
- C:\Windows\System\ibqRPRi.exe
  C:\Windows\System\ibqRPRi.exe
  2⤵
  PID:7024
- C:\Windows\System\mBJgUEy.exe
  C:\Windows\System\mBJgUEy.exe
  2⤵
  PID:7044
- C:\Windows\System\eCaKewZ.exe
  C:\Windows\System\eCaKewZ.exe
  2⤵
  PID:7064
- C:\Windows\System\IdDzqcE.exe
  C:\Windows\System\IdDzqcE.exe
  2⤵
  PID:7084
- C:\Windows\System\kRGuqNk.exe
  C:\Windows\System\kRGuqNk.exe
  2⤵
  PID:7104
- C:\Windows\System\NFTJGVo.exe
  C:\Windows\System\NFTJGVo.exe
  2⤵
  PID:7120
- C:\Windows\System\LwumjtF.exe
  C:\Windows\System\LwumjtF.exe
  2⤵
  PID:7144
- C:\Windows\System\UqVOLrl.exe
  C:\Windows\System\UqVOLrl.exe
  2⤵
  PID:5332
- C:\Windows\System\gqKYLON.exe
  C:\Windows\System\gqKYLON.exe
  2⤵
  PID:5156
- C:\Windows\System\ivUUPNO.exe
  C:\Windows\System\ivUUPNO.exe
  2⤵
  PID:1620
- C:\Windows\System\ibjgxkY.exe
  C:\Windows\System\ibjgxkY.exe
  2⤵
  PID:5504
- C:\Windows\System\eOHwkOE.exe
  C:\Windows\System\eOHwkOE.exe
  2⤵
  PID:5808
- C:\Windows\System\wkOzMqu.exe
  C:\Windows\System\wkOzMqu.exe
  2⤵
  PID:5888
- C:\Windows\System\AgXceMf.exe
  C:\Windows\System\AgXceMf.exe
  2⤵
  PID:2132
- C:\Windows\System\eblvlOf.exe
  C:\Windows\System\eblvlOf.exe
  2⤵
  PID:5944
- C:\Windows\System\LxNAwUx.exe
  C:\Windows\System\LxNAwUx.exe
  2⤵
  PID:6084
- C:\Windows\System\MjiqYUn.exe
  C:\Windows\System\MjiqYUn.exe
  2⤵
  PID:6164
- C:\Windows\System\yYApBTN.exe
  C:\Windows\System\yYApBTN.exe
  2⤵
  PID:6152
- C:\Windows\System\pSHTHei.exe
  C:\Windows\System\pSHTHei.exe
  2⤵
  PID:6188
- C:\Windows\System\jUoOjxu.exe
  C:\Windows\System\jUoOjxu.exe
  2⤵
  PID:6220
- C:\Windows\System\NFGhgIc.exe
  C:\Windows\System\NFGhgIc.exe
  2⤵
  PID:6268
- C:\Windows\System\uZWrkax.exe
  C:\Windows\System\uZWrkax.exe
  2⤵
  PID:6324
- C:\Windows\System\VjmVcZt.exe
  C:\Windows\System\VjmVcZt.exe
  2⤵
  PID:6252
- C:\Windows\System\SPIUIuJ.exe
  C:\Windows\System\SPIUIuJ.exe
  2⤵
  PID:6352
- C:\Windows\System\JVQqthq.exe
  C:\Windows\System\JVQqthq.exe
  2⤵
  PID:6388
- C:\Windows\System\BUTmSlY.exe
  C:\Windows\System\BUTmSlY.exe
  2⤵
  PID:6428
- C:\Windows\System\qjBiuCl.exe
  C:\Windows\System\qjBiuCl.exe
  2⤵
  PID:6468
- C:\Windows\System\uibNUCW.exe
  C:\Windows\System\uibNUCW.exe
  2⤵
  PID:6496
- C:\Windows\System\LmSSQoz.exe
  C:\Windows\System\LmSSQoz.exe
  2⤵
  PID:6532
- C:\Windows\System\WPotWcr.exe
  C:\Windows\System\WPotWcr.exe
  2⤵
  PID:6572
- C:\Windows\System\pvevjjH.exe
  C:\Windows\System\pvevjjH.exe
  2⤵
  PID:6588
- C:\Windows\System\ACEyVss.exe
  C:\Windows\System\ACEyVss.exe
  2⤵
  PID:6628
- C:\Windows\System\adTwOge.exe
  C:\Windows\System\adTwOge.exe
  2⤵
  PID:6668
- C:\Windows\System\qTTRatt.exe
  C:\Windows\System\qTTRatt.exe
  2⤵
  PID:6728
- C:\Windows\System\OwBLANL.exe
  C:\Windows\System\OwBLANL.exe
  2⤵
  PID:6716
- C:\Windows\System\WFpwfrT.exe
  C:\Windows\System\WFpwfrT.exe
  2⤵
  PID:6752
- C:\Windows\System\TaccdWi.exe
  C:\Windows\System\TaccdWi.exe
  2⤵
  PID:6792
- C:\Windows\System\fZdwihi.exe
  C:\Windows\System\fZdwihi.exe
  2⤵
  PID:6820
- C:\Windows\System\jLtxqGF.exe
  C:\Windows\System\jLtxqGF.exe
  2⤵
  PID:6856
- C:\Windows\System\wNgvbHK.exe
  C:\Windows\System\wNgvbHK.exe
  2⤵
  PID:6832
- C:\Windows\System\aQSkXnn.exe
  C:\Windows\System\aQSkXnn.exe
  2⤵
  PID:6912
- C:\Windows\System\JpvmqnJ.exe
  C:\Windows\System\JpvmqnJ.exe
  2⤵
  PID:6936
- C:\Windows\System\NpeqSxr.exe
  C:\Windows\System\NpeqSxr.exe
  2⤵
  PID:6976
- C:\Windows\System\peZmoRu.exe
  C:\Windows\System\peZmoRu.exe
  2⤵
  PID:2860
- C:\Windows\System\aBWsyHL.exe
  C:\Windows\System\aBWsyHL.exe
  2⤵
  PID:7052
- C:\Windows\System\WAUfmMZ.exe
  C:\Windows\System\WAUfmMZ.exe
  2⤵
  PID:7036
- C:\Windows\System\ARwwGlO.exe
  C:\Windows\System\ARwwGlO.exe
  2⤵
  PID:7096
- C:\Windows\System\RTreimx.exe
  C:\Windows\System\RTreimx.exe
  2⤵
  PID:7140
- C:\Windows\System\AouwcGI.exe
  C:\Windows\System\AouwcGI.exe
  2⤵
  PID:7152
- C:\Windows\System\UwLCpBq.exe
  C:\Windows\System\UwLCpBq.exe
  2⤵
  PID:2996
- C:\Windows\System\ciQiUkM.exe
  C:\Windows\System\ciQiUkM.exe
  2⤵
  PID:3000
- C:\Windows\System\kWTCfIp.exe
  C:\Windows\System\kWTCfIp.exe
  2⤵
  PID:2828
- C:\Windows\System\qkxyhfK.exe
  C:\Windows\System\qkxyhfK.exe
  2⤵
  PID:5824
- C:\Windows\System\NwxzGoD.exe
  C:\Windows\System\NwxzGoD.exe
  2⤵
  PID:5392
- C:\Windows\System\rUhVvVQ.exe
  C:\Windows\System\rUhVvVQ.exe
  2⤵
  PID:4260
- C:\Windows\System\CknJxXk.exe
  C:\Windows\System\CknJxXk.exe
  2⤵
  PID:2744
- C:\Windows\System\EGeXCYh.exe
  C:\Windows\System\EGeXCYh.exe
  2⤵
  PID:6168
- C:\Windows\System\uFFfTxk.exe
  C:\Windows\System\uFFfTxk.exe
  2⤵
  PID:6336
- C:\Windows\System\jdVYAyO.exe
  C:\Windows\System\jdVYAyO.exe
  2⤵
  PID:6292
- C:\Windows\System\fXAPDKh.exe
  C:\Windows\System\fXAPDKh.exe
  2⤵
  PID:6376
- C:\Windows\System\BGyObGG.exe
  C:\Windows\System\BGyObGG.exe
  2⤵
  PID:6536
- C:\Windows\System\XSnUxOK.exe
  C:\Windows\System\XSnUxOK.exe
  2⤵
  PID:6516
- C:\Windows\System\rXMBgfn.exe
  C:\Windows\System\rXMBgfn.exe
  2⤵
  PID:6548
- C:\Windows\System\fZejEPb.exe
  C:\Windows\System\fZejEPb.exe
  2⤵
  PID:6656
- C:\Windows\System\kmpxwyQ.exe
  C:\Windows\System\kmpxwyQ.exe
  2⤵
  PID:6732
- C:\Windows\System\ubMtoun.exe
  C:\Windows\System\ubMtoun.exe
  2⤵
  PID:6776
- C:\Windows\System\qheMaQP.exe
  C:\Windows\System\qheMaQP.exe
  2⤵
  PID:2516
- C:\Windows\System\nAuVQfS.exe
  C:\Windows\System\nAuVQfS.exe
  2⤵
  PID:6872
- C:\Windows\System\jtWOVgw.exe
  C:\Windows\System\jtWOVgw.exe
  2⤵
  PID:2892
- C:\Windows\System\PnsTYRm.exe
  C:\Windows\System\PnsTYRm.exe
  2⤵
  PID:6996
- C:\Windows\System\jocRfCi.exe
  C:\Windows\System\jocRfCi.exe
  2⤵
  PID:6696
- C:\Windows\System\jigZqnI.exe
  C:\Windows\System\jigZqnI.exe
  2⤵
  PID:6940
- C:\Windows\System\nDPsqUs.exe
  C:\Windows\System\nDPsqUs.exe
  2⤵
  PID:2500
- C:\Windows\System\GosoDZl.exe
  C:\Windows\System\GosoDZl.exe
  2⤵
  PID:5628
- C:\Windows\System\iaxwWau.exe
  C:\Windows\System\iaxwWau.exe
  2⤵
  PID:7040
- C:\Windows\System\BdrlOSh.exe
  C:\Windows\System\BdrlOSh.exe
  2⤵
  PID:5188
- C:\Windows\System\JkDKmIC.exe
  C:\Windows\System\JkDKmIC.exe
  2⤵
  PID:2704
- C:\Windows\System\QqoNXXI.exe
  C:\Windows\System\QqoNXXI.exe
  2⤵
  PID:6296
- C:\Windows\System\CufKPaS.exe
  C:\Windows\System\CufKPaS.exe
  2⤵
  PID:6272
- C:\Windows\System\atGSniU.exe
  C:\Windows\System\atGSniU.exe
  2⤵
  PID:6288
- C:\Windows\System\gDkdAEg.exe
  C:\Windows\System\gDkdAEg.exe
  2⤵
  PID:6256
- C:\Windows\System\wPedDcM.exe
  C:\Windows\System\wPedDcM.exe
  2⤵
  PID:6452
- C:\Windows\System\rfNJduq.exe
  C:\Windows\System\rfNJduq.exe
  2⤵
  PID:6472
- C:\Windows\System\QYMKayK.exe
  C:\Windows\System\QYMKayK.exe
  2⤵
  PID:3108
- C:\Windows\System\CYjtdzi.exe
  C:\Windows\System\CYjtdzi.exe
  2⤵
  PID:6688
- C:\Windows\System\RorZPiQ.exe
  C:\Windows\System\RorZPiQ.exe
  2⤵
  PID:6980
- C:\Windows\System\RODZGgb.exe
  C:\Windows\System\RODZGgb.exe
  2⤵
  PID:6960
- C:\Windows\System\DSldiDL.exe
  C:\Windows\System\DSldiDL.exe
  2⤵
  PID:7092
- C:\Windows\System\YRMiYYr.exe
  C:\Windows\System\YRMiYYr.exe
  2⤵
  PID:6900
- C:\Windows\System\mxsBgHl.exe
  C:\Windows\System\mxsBgHl.exe
  2⤵
  PID:7032
- C:\Windows\System\AfspItg.exe
  C:\Windows\System\AfspItg.exe
  2⤵
  PID:7164
- C:\Windows\System\PZUGeSQ.exe
  C:\Windows\System\PZUGeSQ.exe
  2⤵
  PID:7128
- C:\Windows\System\HKVmRYd.exe
  C:\Windows\System\HKVmRYd.exe
  2⤵
  PID:7136
- C:\Windows\System\mJsoPSD.exe
  C:\Windows\System\mJsoPSD.exe
  2⤵
  PID:6204
- C:\Windows\System\ZXemEGe.exe
  C:\Windows\System\ZXemEGe.exe
  2⤵
  PID:6456
- C:\Windows\System\vKsTdBv.exe
  C:\Windows\System\vKsTdBv.exe
  2⤵
  PID:664
- C:\Windows\System\nsEljOb.exe
  C:\Windows\System\nsEljOb.exe
  2⤵
  PID:7180
- C:\Windows\System\ZRgaVHo.exe
  C:\Windows\System\ZRgaVHo.exe
  2⤵
  PID:7204
- C:\Windows\System\MxmwnJy.exe
  C:\Windows\System\MxmwnJy.exe
  2⤵
  PID:7224
- C:\Windows\System\JiMzaId.exe
  C:\Windows\System\JiMzaId.exe
  2⤵
  PID:7240
- C:\Windows\System\LqUfWJg.exe
  C:\Windows\System\LqUfWJg.exe
  2⤵
  PID:7264
- C:\Windows\System\FYxGIzb.exe
  C:\Windows\System\FYxGIzb.exe
  2⤵
  PID:7280
- C:\Windows\System\pGfwaYZ.exe
  C:\Windows\System\pGfwaYZ.exe
  2⤵
  PID:7296
- C:\Windows\System\DhhAzos.exe
  C:\Windows\System\DhhAzos.exe
  2⤵
  PID:7320
- C:\Windows\System\urjmzYy.exe
  C:\Windows\System\urjmzYy.exe
  2⤵
  PID:7344
- C:\Windows\System\dwehASE.exe
  C:\Windows\System\dwehASE.exe
  2⤵
  PID:7368
- C:\Windows\System\lYGjbxU.exe
  C:\Windows\System\lYGjbxU.exe
  2⤵
  PID:7388
- C:\Windows\System\zvanSqw.exe
  C:\Windows\System\zvanSqw.exe
  2⤵
  PID:7408
- C:\Windows\System\zeZsZTK.exe
  C:\Windows\System\zeZsZTK.exe
  2⤵
  PID:7428
- C:\Windows\System\AxVzRDL.exe
  C:\Windows\System\AxVzRDL.exe
  2⤵
  PID:7448
- C:\Windows\System\VdlMpTW.exe
  C:\Windows\System\VdlMpTW.exe
  2⤵
  PID:7464
- C:\Windows\System\upowMAS.exe
  C:\Windows\System\upowMAS.exe
  2⤵
  PID:7484
- C:\Windows\System\PAhjLbz.exe
  C:\Windows\System\PAhjLbz.exe
  2⤵
  PID:7508
- C:\Windows\System\FjGmnqI.exe
  C:\Windows\System\FjGmnqI.exe
  2⤵
  PID:7528
- C:\Windows\System\vSmvFQl.exe
  C:\Windows\System\vSmvFQl.exe
  2⤵
  PID:7548
- C:\Windows\System\hDvAZog.exe
  C:\Windows\System\hDvAZog.exe
  2⤵
  PID:7568
- C:\Windows\System\kmXRtyF.exe
  C:\Windows\System\kmXRtyF.exe
  2⤵
  PID:7588
- C:\Windows\System\sEQBZSN.exe
  C:\Windows\System\sEQBZSN.exe
  2⤵
  PID:7608
- C:\Windows\System\bSQFcsY.exe
  C:\Windows\System\bSQFcsY.exe
  2⤵
  PID:7628
- C:\Windows\System\gMXzoqa.exe
  C:\Windows\System\gMXzoqa.exe
  2⤵
  PID:7648
- C:\Windows\System\MWOFnVO.exe
  C:\Windows\System\MWOFnVO.exe
  2⤵
  PID:7668
- C:\Windows\System\gbZQHCh.exe
  C:\Windows\System\gbZQHCh.exe
  2⤵
  PID:7688
- C:\Windows\System\glKZzmU.exe
  C:\Windows\System\glKZzmU.exe
  2⤵
  PID:7708
- C:\Windows\System\MtHwgae.exe
  C:\Windows\System\MtHwgae.exe
  2⤵
  PID:7728
- C:\Windows\System\liTQFUk.exe
  C:\Windows\System\liTQFUk.exe
  2⤵
  PID:7748
- C:\Windows\System\JDfiAgH.exe
  C:\Windows\System\JDfiAgH.exe
  2⤵
  PID:7768
- C:\Windows\System\MRbeTFK.exe
  C:\Windows\System\MRbeTFK.exe
  2⤵
  PID:7788
- C:\Windows\System\cDeqHIs.exe
  C:\Windows\System\cDeqHIs.exe
  2⤵
  PID:7808
- C:\Windows\System\bhcqIUn.exe
  C:\Windows\System\bhcqIUn.exe
  2⤵
  PID:7832
- C:\Windows\System\LonSjNQ.exe
  C:\Windows\System\LonSjNQ.exe
  2⤵
  PID:7852
- C:\Windows\System\ONbUkDU.exe
  C:\Windows\System\ONbUkDU.exe
  2⤵
  PID:7872
- C:\Windows\System\gDxjqXg.exe
  C:\Windows\System\gDxjqXg.exe
  2⤵
  PID:7892
- C:\Windows\System\drnnBOo.exe
  C:\Windows\System\drnnBOo.exe
  2⤵
  PID:7912
- C:\Windows\System\lWOObtH.exe
  C:\Windows\System\lWOObtH.exe
  2⤵
  PID:7932
- C:\Windows\System\lIMwkBo.exe
  C:\Windows\System\lIMwkBo.exe
  2⤵
  PID:7952
- C:\Windows\System\pvMbHKK.exe
  C:\Windows\System\pvMbHKK.exe
  2⤵
  PID:7972
- C:\Windows\System\AbbDUYm.exe
  C:\Windows\System\AbbDUYm.exe
  2⤵
  PID:7992
- C:\Windows\System\vwKdfmx.exe
  C:\Windows\System\vwKdfmx.exe
  2⤵
  PID:8008
- C:\Windows\System\OVILwET.exe
  C:\Windows\System\OVILwET.exe
  2⤵
  PID:8028
- C:\Windows\System\WetPEUN.exe
  C:\Windows\System\WetPEUN.exe
  2⤵
  PID:8052
- C:\Windows\System\WeYfSOX.exe
  C:\Windows\System\WeYfSOX.exe
  2⤵
  PID:8072
- C:\Windows\System\ZRWIxWD.exe
  C:\Windows\System\ZRWIxWD.exe
  2⤵
  PID:8092
- C:\Windows\System\MXToAiO.exe
  C:\Windows\System\MXToAiO.exe
  2⤵
  PID:8112
- C:\Windows\System\tFHfUcm.exe
  C:\Windows\System\tFHfUcm.exe
  2⤵
  PID:8132
- C:\Windows\System\NXENXaZ.exe
  C:\Windows\System\NXENXaZ.exe
  2⤵
  PID:8152
- C:\Windows\System\kCeZJfc.exe
  C:\Windows\System\kCeZJfc.exe
  2⤵
  PID:8172
- C:\Windows\System\Fmzqlqw.exe
  C:\Windows\System\Fmzqlqw.exe
  2⤵
  PID:6592
- C:\Windows\System\OqvZioB.exe
  C:\Windows\System\OqvZioB.exe
  2⤵
  PID:6780
- C:\Windows\System\aHJrUqz.exe
  C:\Windows\System\aHJrUqz.exe
  2⤵
  PID:6892
- C:\Windows\System\sAlcMZh.exe
  C:\Windows\System\sAlcMZh.exe
  2⤵
  PID:5488
- C:\Windows\System\zcPJXkc.exe
  C:\Windows\System\zcPJXkc.exe
  2⤵
  PID:6916
- C:\Windows\System\hCbkOgI.exe
  C:\Windows\System\hCbkOgI.exe
  2⤵
  PID:6508
- C:\Windows\System\MzXRiQR.exe
  C:\Windows\System\MzXRiQR.exe
  2⤵
  PID:7132
- C:\Windows\System\JhzwCmF.exe
  C:\Windows\System\JhzwCmF.exe
  2⤵
  PID:7172
- C:\Windows\System\tkfgjCl.exe
  C:\Windows\System\tkfgjCl.exe
  2⤵
  PID:7216
- C:\Windows\System\bToSbjH.exe
  C:\Windows\System\bToSbjH.exe
  2⤵
  PID:7260
- C:\Windows\System\bfUcYHq.exe
  C:\Windows\System\bfUcYHq.exe
  2⤵
  PID:7232
- C:\Windows\System\HgJhRby.exe
  C:\Windows\System\HgJhRby.exe
  2⤵
  PID:7276
- C:\Windows\System\uTdtdHh.exe
  C:\Windows\System\uTdtdHh.exe
  2⤵
  PID:7304
- C:\Windows\System\xSVSyeR.exe
  C:\Windows\System\xSVSyeR.exe
  2⤵
  PID:7376
- C:\Windows\System\BSUpvVk.exe
  C:\Windows\System\BSUpvVk.exe
  2⤵
  PID:2684
- C:\Windows\System\pWUfsHw.exe
  C:\Windows\System\pWUfsHw.exe
  2⤵
  PID:7556
- C:\Windows\System\acHjTrU.exe
  C:\Windows\System\acHjTrU.exe
  2⤵
  PID:7560
- C:\Windows\System\nvtjOzw.exe
  C:\Windows\System\nvtjOzw.exe
  2⤵
  PID:2984
- C:\Windows\System\vCdgpOs.exe
  C:\Windows\System\vCdgpOs.exe
  2⤵
  PID:7600
- C:\Windows\System\fLUDozz.exe
  C:\Windows\System\fLUDozz.exe
  2⤵
  PID:7640
- C:\Windows\System\GxtfnfJ.exe
  C:\Windows\System\GxtfnfJ.exe
  2⤵
  PID:7676
- C:\Windows\System\NvnLoAN.exe
  C:\Windows\System\NvnLoAN.exe
  2⤵
  PID:7736
- C:\Windows\System\cRaYEDF.exe
  C:\Windows\System\cRaYEDF.exe
  2⤵
  PID:7724
- C:\Windows\System\MBkUdlI.exe
  C:\Windows\System\MBkUdlI.exe
  2⤵
  PID:7784
- C:\Windows\System\lMYPKIQ.exe
  C:\Windows\System\lMYPKIQ.exe
  2⤵
  PID:7816
- C:\Windows\System\fgNQkdo.exe
  C:\Windows\System\fgNQkdo.exe
  2⤵
  PID:7804
- C:\Windows\System\XoEyxNr.exe
  C:\Windows\System\XoEyxNr.exe
  2⤵
  PID:7864
- C:\Windows\System\XyzhSJY.exe
  C:\Windows\System\XyzhSJY.exe
  2⤵
  PID:2124
- C:\Windows\System\IhphEWO.exe
  C:\Windows\System\IhphEWO.exe
  2⤵
  PID:7944
- C:\Windows\System\DMtnchJ.exe
  C:\Windows\System\DMtnchJ.exe
  2⤵
  PID:2632
- C:\Windows\System\rXGLXVe.exe
  C:\Windows\System\rXGLXVe.exe
  2⤵
  PID:7960
- C:\Windows\System\DIHHdhx.exe
  C:\Windows\System\DIHHdhx.exe
  2⤵
  PID:8016
- C:\Windows\System\XTtzjXA.exe
  C:\Windows\System\XTtzjXA.exe
  2⤵
  PID:2280
- C:\Windows\System\sXZmCIQ.exe
  C:\Windows\System\sXZmCIQ.exe
  2⤵
  PID:8000
- C:\Windows\System\WUFrWQY.exe
  C:\Windows\System\WUFrWQY.exe
  2⤵
  PID:8100
- C:\Windows\System\HtQVDqB.exe
  C:\Windows\System\HtQVDqB.exe
  2⤵
  PID:940
- C:\Windows\System\HEdexck.exe
  C:\Windows\System\HEdexck.exe
  2⤵
  PID:8140
- C:\Windows\System\BZncRAt.exe
  C:\Windows\System\BZncRAt.exe
  2⤵
  PID:8088
- C:\Windows\System\pSEnXog.exe
  C:\Windows\System\pSEnXog.exe
  2⤵
  PID:3012
- C:\Windows\System\rtsdSTK.exe
  C:\Windows\System\rtsdSTK.exe
  2⤵
  PID:8168
- C:\Windows\System\trXMDNx.exe
  C:\Windows\System\trXMDNx.exe
  2⤵
  PID:2208
- C:\Windows\System\SHIgdMb.exe
  C:\Windows\System\SHIgdMb.exe
  2⤵
  PID:2136
- C:\Windows\System\UTUfokP.exe
  C:\Windows\System\UTUfokP.exe
  2⤵
  PID:7020
- C:\Windows\System\UgRGpMc.exe
  C:\Windows\System\UgRGpMc.exe
  2⤵
  PID:7076
- C:\Windows\System\aqVnCJC.exe
  C:\Windows\System\aqVnCJC.exe
  2⤵
  PID:1568
- C:\Windows\System\gfDlLzG.exe
  C:\Windows\System\gfDlLzG.exe
  2⤵
  PID:5844
- C:\Windows\System\YylKsnG.exe
  C:\Windows\System\YylKsnG.exe
  2⤵
  PID:7196
- C:\Windows\System\KtwUKJm.exe
  C:\Windows\System\KtwUKJm.exe
  2⤵
  PID:6392
- C:\Windows\System\FOhSvFT.exe
  C:\Windows\System\FOhSvFT.exe
  2⤵
  PID:7340
- C:\Windows\System\GtWozIP.exe
  C:\Windows\System\GtWozIP.exe
  2⤵
  PID:7384
- C:\Windows\System\qmkvnjO.exe
  C:\Windows\System\qmkvnjO.exe
  2⤵
  PID:576
- C:\Windows\System\jmAwbfm.exe
  C:\Windows\System\jmAwbfm.exe
  2⤵
  PID:2764
- C:\Windows\System\MqbfTsO.exe
  C:\Windows\System\MqbfTsO.exe
  2⤵
  PID:4592
- C:\Windows\System\zVsfdgu.exe
  C:\Windows\System\zVsfdgu.exe
  2⤵
  PID:7492
- C:\Windows\System\PDefCdu.exe
  C:\Windows\System\PDefCdu.exe
  2⤵
  PID:1612
- C:\Windows\System\qfrGroV.exe
  C:\Windows\System\qfrGroV.exe
  2⤵
  PID:2612
- C:\Windows\System\iyUvnZi.exe
  C:\Windows\System\iyUvnZi.exe
  2⤵
  PID:812
- C:\Windows\System\VGGMmTb.exe
  C:\Windows\System\VGGMmTb.exe
  2⤵
  PID:1608
- C:\Windows\System\eEhJTuU.exe
  C:\Windows\System\eEhJTuU.exe
  2⤵
  PID:7544
- C:\Windows\System\FRtFETh.exe
  C:\Windows\System\FRtFETh.exe
  2⤵
  PID:7660
- C:\Windows\System\QgaLMUL.exe
  C:\Windows\System\QgaLMUL.exe
  2⤵
  PID:7604
- C:\Windows\System\biFWDND.exe
  C:\Windows\System\biFWDND.exe
  2⤵
  PID:7860
- C:\Windows\System\UVrEisT.exe
  C:\Windows\System\UVrEisT.exe
  2⤵
  PID:7888
- C:\Windows\System\hvVqfuc.exe
  C:\Windows\System\hvVqfuc.exe
  2⤵
  PID:7360
- C:\Windows\System\KRCILNx.exe
  C:\Windows\System\KRCILNx.exe
  2⤵
  PID:7780
- C:\Windows\System\Fgwlhcd.exe
  C:\Windows\System\Fgwlhcd.exe
  2⤵
  PID:7680
- C:\Windows\System\Zozggkn.exe
  C:\Windows\System\Zozggkn.exe
  2⤵
  PID:7988
- C:\Windows\System\KWnpeXN.exe
  C:\Windows\System\KWnpeXN.exe
  2⤵
  PID:7824
- C:\Windows\System\vlZOQpX.exe
  C:\Windows\System\vlZOQpX.exe
  2⤵
  PID:2060
- C:\Windows\System\GshCPsn.exe
  C:\Windows\System\GshCPsn.exe
  2⤵
  PID:8124
- C:\Windows\System\asAlhNk.exe
  C:\Windows\System\asAlhNk.exe
  2⤵
  PID:6756
- C:\Windows\System\eEpzXWb.exe
  C:\Windows\System\eEpzXWb.exe
  2⤵
  PID:8068
- C:\Windows\System\RKLoEvJ.exe
  C:\Windows\System\RKLoEvJ.exe
  2⤵
  PID:2332
- C:\Windows\System\cZHjoxf.exe
  C:\Windows\System\cZHjoxf.exe
  2⤵
  PID:8036
- C:\Windows\System\ONUwFxd.exe
  C:\Windows\System\ONUwFxd.exe
  2⤵
  PID:8180
- C:\Windows\System\vgTNdzc.exe
  C:\Windows\System\vgTNdzc.exe
  2⤵
  PID:7336
- C:\Windows\System\lSTsmhl.exe
  C:\Windows\System\lSTsmhl.exe
  2⤵
  PID:7220
- C:\Windows\System\wMaPpZl.exe
  C:\Windows\System\wMaPpZl.exe
  2⤵
  PID:828
- C:\Windows\System\wfyNDdC.exe
  C:\Windows\System\wfyNDdC.exe
  2⤵
  PID:7496
- C:\Windows\System\ySDwvkY.exe
  C:\Windows\System\ySDwvkY.exe
  2⤵
  PID:7416
- C:\Windows\System\nYFYFtw.exe
  C:\Windows\System\nYFYFtw.exe
  2⤵
  PID:7440
- C:\Windows\System\GWmPdez.exe
  C:\Windows\System\GWmPdez.exe
  2⤵
  PID:7584
- C:\Windows\System\OzHKuTk.exe
  C:\Windows\System\OzHKuTk.exe
  2⤵
  PID:7624
- C:\Windows\System\MkBWhTO.exe
  C:\Windows\System\MkBWhTO.exe
  2⤵
  PID:7760
- C:\Windows\System\jHtGiMZ.exe
  C:\Windows\System\jHtGiMZ.exe
  2⤵
  PID:7636
- C:\Windows\System\rueszwd.exe
  C:\Windows\System\rueszwd.exe
  2⤵
  PID:680
- C:\Windows\System\XyweECp.exe
  C:\Windows\System\XyweECp.exe
  2⤵
  PID:7716
- C:\Windows\System\YSdPzGd.exe
  C:\Windows\System\YSdPzGd.exe
  2⤵
  PID:7756
- C:\Windows\System\tyxhvWy.exe
  C:\Windows\System\tyxhvWy.exe
  2⤵
  PID:7900
- C:\Windows\System\wcgiiIj.exe
  C:\Windows\System\wcgiiIj.exe
  2⤵
  PID:8128
- C:\Windows\System\rbYunPj.exe
  C:\Windows\System\rbYunPj.exe
  2⤵
  PID:7516
- C:\Windows\System\dBCZMGT.exe
  C:\Windows\System\dBCZMGT.exe
  2⤵
  PID:7984
- C:\Windows\System\wLTiGub.exe
  C:\Windows\System\wLTiGub.exe
  2⤵
  PID:6816
- C:\Windows\System\LQHNVOr.exe
  C:\Windows\System\LQHNVOr.exe
  2⤵
  PID:6416
- C:\Windows\System\BJqStku.exe
  C:\Windows\System\BJqStku.exe
  2⤵
  PID:8188
- C:\Windows\System\HxrHHtc.exe
  C:\Windows\System\HxrHHtc.exe
  2⤵
  PID:7288
- C:\Windows\System\OVghEKS.exe
  C:\Windows\System\OVghEKS.exe
  2⤵
  PID:7364
- C:\Windows\System\FCCgbWN.exe
  C:\Windows\System\FCCgbWN.exe
  2⤵
  PID:2804
- C:\Windows\System\nsgWmel.exe
  C:\Windows\System\nsgWmel.exe
  2⤵
  PID:7472
- C:\Windows\System\djtwiSA.exe
  C:\Windows\System\djtwiSA.exe
  2⤵
  PID:7564
- C:\Windows\System\eIByWSF.exe
  C:\Windows\System\eIByWSF.exe
  2⤵
  PID:7436
- C:\Windows\System\GvDXLOA.exe
  C:\Windows\System\GvDXLOA.exe
  2⤵
  PID:7704
- C:\Windows\System\YBstXDD.exe
  C:\Windows\System\YBstXDD.exe
  2⤵
  PID:7744
- C:\Windows\System\BlZyiWE.exe
  C:\Windows\System\BlZyiWE.exe
  2⤵
  PID:8048
- C:\Windows\System\Npxqlfs.exe
  C:\Windows\System\Npxqlfs.exe
  2⤵
  PID:1752
- C:\Windows\System\qYwlafp.exe
  C:\Windows\System\qYwlafp.exe
  2⤵
  PID:5204
- C:\Windows\System\beismoy.exe
  C:\Windows\System\beismoy.exe
  2⤵
  PID:2604
- C:\Windows\System\trzJIEG.exe
  C:\Windows\System\trzJIEG.exe
  2⤵
  PID:2188
- C:\Windows\System\ySqMMFS.exe
  C:\Windows\System\ySqMMFS.exe
  2⤵
  PID:6184
- C:\Windows\System\YztBFyg.exe
  C:\Windows\System\YztBFyg.exe
  2⤵
  PID:7012
- C:\Windows\System\KnsbwQX.exe
  C:\Windows\System\KnsbwQX.exe
  2⤵
  PID:2864
- C:\Windows\System\CEAdoSd.exe
  C:\Windows\System\CEAdoSd.exe
  2⤵
  PID:2756
- C:\Windows\System\UkYDjXB.exe
  C:\Windows\System\UkYDjXB.exe
  2⤵
  PID:7112
- C:\Windows\System\iiNerOX.exe
  C:\Windows\System\iiNerOX.exe
  2⤵
  PID:7948
- C:\Windows\System\UuGZrXO.exe
  C:\Windows\System\UuGZrXO.exe
  2⤵
  PID:5228
- C:\Windows\System\YELMeJo.exe
  C:\Windows\System\YELMeJo.exe
  2⤵
  PID:2580
- C:\Windows\System\oXgHLJF.exe
  C:\Windows\System\oXgHLJF.exe
  2⤵
  PID:7964
- C:\Windows\System\BswWURR.exe
  C:\Windows\System\BswWURR.exe
  2⤵
  PID:7904
- C:\Windows\System\zKPvoyK.exe
  C:\Windows\System\zKPvoyK.exe
  2⤵
  PID:2852
- C:\Windows\System\TtPryPe.exe
  C:\Windows\System\TtPryPe.exe
  2⤵
  PID:8200
- C:\Windows\System\BUAWgok.exe
  C:\Windows\System\BUAWgok.exe
  2⤵
  PID:8216
- C:\Windows\System\tequQDp.exe
  C:\Windows\System\tequQDp.exe
  2⤵
  PID:8236
- C:\Windows\System\mIbCxlj.exe
  C:\Windows\System\mIbCxlj.exe
  2⤵
  PID:8260
- C:\Windows\System\pigYBAF.exe
  C:\Windows\System\pigYBAF.exe
  2⤵
  PID:8276
- C:\Windows\System\tcMeZKk.exe
  C:\Windows\System\tcMeZKk.exe
  2⤵
  PID:8296
- C:\Windows\System\VpEGDUC.exe
  C:\Windows\System\VpEGDUC.exe
  2⤵
  PID:8312
- C:\Windows\System\lqEYBwN.exe
  C:\Windows\System\lqEYBwN.exe
  2⤵
  PID:8332
- C:\Windows\System\XfmOwTp.exe
  C:\Windows\System\XfmOwTp.exe
  2⤵
  PID:8376
- C:\Windows\System\rCeZeHM.exe
  C:\Windows\System\rCeZeHM.exe
  2⤵
  PID:8396
- C:\Windows\System\ahlVzIu.exe
  C:\Windows\System\ahlVzIu.exe
  2⤵
  PID:8412
- C:\Windows\System\cXeOHdp.exe
  C:\Windows\System\cXeOHdp.exe
  2⤵
  PID:8428
- C:\Windows\System\IselOoD.exe
  C:\Windows\System\IselOoD.exe
  2⤵
  PID:8452
- C:\Windows\System\ERzyMDK.exe
  C:\Windows\System\ERzyMDK.exe
  2⤵
  PID:8468
- C:\Windows\System\OeIevCc.exe
  C:\Windows\System\OeIevCc.exe
  2⤵
  PID:8488
- C:\Windows\System\mpcRqPH.exe
  C:\Windows\System\mpcRqPH.exe
  2⤵
  PID:8512
- C:\Windows\System\oeRWMIh.exe
  C:\Windows\System\oeRWMIh.exe
  2⤵
  PID:8528
- C:\Windows\System\dBnCbOj.exe
  C:\Windows\System\dBnCbOj.exe
  2⤵
  PID:8544
- C:\Windows\System\rdsPYdf.exe
  C:\Windows\System\rdsPYdf.exe
  2⤵
  PID:8568
- C:\Windows\System\lwkXHSP.exe
  C:\Windows\System\lwkXHSP.exe
  2⤵
  PID:8588
- C:\Windows\System\zSpnbrM.exe
  C:\Windows\System\zSpnbrM.exe
  2⤵
  PID:8604
- C:\Windows\System\RPjbKQV.exe
  C:\Windows\System\RPjbKQV.exe
  2⤵
  PID:8624
- C:\Windows\System\FbUSqUQ.exe
  C:\Windows\System\FbUSqUQ.exe
  2⤵
  PID:8640
- C:\Windows\System\ZbbCmpg.exe
  C:\Windows\System\ZbbCmpg.exe
  2⤵
  PID:8660
- C:\Windows\System\NBUWFBd.exe
  C:\Windows\System\NBUWFBd.exe
  2⤵
  PID:8696
- C:\Windows\System\MAMbdek.exe
  C:\Windows\System\MAMbdek.exe
  2⤵
  PID:8752
- C:\Windows\System\bpIbrLD.exe
  C:\Windows\System\bpIbrLD.exe
  2⤵
  PID:8772
- C:\Windows\System\BtFnpTh.exe
  C:\Windows\System\BtFnpTh.exe
  2⤵
  PID:8796
- C:\Windows\System\ZWaTpzv.exe
  C:\Windows\System\ZWaTpzv.exe
  2⤵
  PID:8812
- C:\Windows\System\DgUJeNO.exe
  C:\Windows\System\DgUJeNO.exe
  2⤵
  PID:8828
- C:\Windows\System\BxBIwDT.exe
  C:\Windows\System\BxBIwDT.exe
  2⤵
  PID:8844
- C:\Windows\System\kicfQiF.exe
  C:\Windows\System\kicfQiF.exe
  2⤵
  PID:8860
- C:\Windows\System\RSoGcsm.exe
  C:\Windows\System\RSoGcsm.exe
  2⤵
  PID:8876
- C:\Windows\System\YsYoRok.exe
  C:\Windows\System\YsYoRok.exe
  2⤵
  PID:8892
- C:\Windows\System\TEJsbtk.exe
  C:\Windows\System\TEJsbtk.exe
  2⤵
  PID:8908
- C:\Windows\System\LDEkywJ.exe
  C:\Windows\System\LDEkywJ.exe
  2⤵
  PID:8924
- C:\Windows\System\mYeLIWV.exe
  C:\Windows\System\mYeLIWV.exe
  2⤵
  PID:8956
- C:\Windows\System\WxQLUsF.exe
  C:\Windows\System\WxQLUsF.exe
  2⤵
  PID:8972
- C:\Windows\System\jhCRoxs.exe
  C:\Windows\System\jhCRoxs.exe
  2⤵
  PID:8988
- C:\Windows\System\ZylaAsz.exe
  C:\Windows\System\ZylaAsz.exe
  2⤵
  PID:9004
- C:\Windows\System\ZpCPIqn.exe
  C:\Windows\System\ZpCPIqn.exe
  2⤵
  PID:9020
- C:\Windows\System\pAUtmPH.exe
  C:\Windows\System\pAUtmPH.exe
  2⤵
  PID:9068
- C:\Windows\System\zEdCDBS.exe
  C:\Windows\System\zEdCDBS.exe
  2⤵
  PID:9096
- C:\Windows\System\AdvsXWk.exe
  C:\Windows\System\AdvsXWk.exe
  2⤵
  PID:9112
- C:\Windows\System\DiGVWxW.exe
  C:\Windows\System\DiGVWxW.exe
  2⤵
  PID:9136
- C:\Windows\System\xszqWVG.exe
  C:\Windows\System\xszqWVG.exe
  2⤵
  PID:9156
- C:\Windows\System\HSgMjiR.exe
  C:\Windows\System\HSgMjiR.exe
  2⤵
  PID:9176
- C:\Windows\System\FjHjrEj.exe
  C:\Windows\System\FjHjrEj.exe
  2⤵
  PID:9192
- C:\Windows\System\cxJzcGO.exe
  C:\Windows\System\cxJzcGO.exe
  2⤵
  PID:9208
- C:\Windows\System\ddMZYkK.exe
  C:\Windows\System\ddMZYkK.exe
  2⤵
  PID:6636
- C:\Windows\System\TQjSyXM.exe
  C:\Windows\System\TQjSyXM.exe
  2⤵
  PID:8272
- C:\Windows\System\eKtQEHv.exe
  C:\Windows\System\eKtQEHv.exe
  2⤵
  PID:8340
- C:\Windows\System\vTNmZbU.exe
  C:\Windows\System\vTNmZbU.exe
  2⤵
  PID:8324
- C:\Windows\System\jBmtePW.exe
  C:\Windows\System\jBmtePW.exe
  2⤵
  PID:952
- C:\Windows\System\gkXTQVM.exe
  C:\Windows\System\gkXTQVM.exe
  2⤵
  PID:7884
- C:\Windows\System\WbjATpj.exe
  C:\Windows\System\WbjATpj.exe
  2⤵
  PID:8368
- C:\Windows\System\oHmqSlk.exe
  C:\Windows\System\oHmqSlk.exe
  2⤵
  PID:8372
- C:\Windows\System\LoLtWjN.exe
  C:\Windows\System\LoLtWjN.exe
  2⤵
  PID:8440
- C:\Windows\System\TOHwAWT.exe
  C:\Windows\System\TOHwAWT.exe
  2⤵
  PID:8476
- C:\Windows\System\kXYFAiV.exe
  C:\Windows\System\kXYFAiV.exe
  2⤵
  PID:8520
- C:\Windows\System\FyWTWFc.exe
  C:\Windows\System\FyWTWFc.exe
  2⤵
  PID:8556
- C:\Windows\System\TcsWmDt.exe
  C:\Windows\System\TcsWmDt.exe
  2⤵
  PID:8564
- C:\Windows\System\uxmmqJT.exe
  C:\Windows\System\uxmmqJT.exe
  2⤵
  PID:8496
- C:\Windows\System\VkLDCdP.exe
  C:\Windows\System\VkLDCdP.exe
  2⤵
  PID:8676
- C:\Windows\System\RvGtIbg.exe
  C:\Windows\System\RvGtIbg.exe
  2⤵
  PID:8684
- C:\Windows\System\YKBLXDd.exe
  C:\Windows\System\YKBLXDd.exe
  2⤵
  PID:8652
- C:\Windows\System\nlkUJZk.exe
  C:\Windows\System\nlkUJZk.exe
  2⤵
  PID:8616
- C:\Windows\System\qRyxOQp.exe
  C:\Windows\System\qRyxOQp.exe
  2⤵
  PID:8760
- C:\Windows\System\AwYlwAx.exe
  C:\Windows\System\AwYlwAx.exe
  2⤵
  PID:8920
- C:\Windows\System\AIgWAeS.exe
  C:\Windows\System\AIgWAeS.exe
  2⤵
  PID:8884
- C:\Windows\System\jJnVNvU.exe
  C:\Windows\System\jJnVNvU.exe
  2⤵
  PID:8804
- C:\Windows\System\PDIsblA.exe
  C:\Windows\System\PDIsblA.exe
  2⤵
  PID:8904
- C:\Windows\System\UzOnFQC.exe
  C:\Windows\System\UzOnFQC.exe
  2⤵
  PID:9036
- C:\Windows\System\MIKEnMb.exe
  C:\Windows\System\MIKEnMb.exe
  2⤵
  PID:9048
- C:\Windows\System\hVHhCaY.exe
  C:\Windows\System\hVHhCaY.exe
  2⤵
  PID:8808
- C:\Windows\System\vySzGdS.exe
  C:\Windows\System\vySzGdS.exe
  2⤵
  PID:8952
- C:\Windows\System\agmrLdN.exe
  C:\Windows\System\agmrLdN.exe
  2⤵
  PID:9088
- C:\Windows\System\HQmnwOu.exe
  C:\Windows\System\HQmnwOu.exe
  2⤵
  PID:9104
- C:\Windows\System\zeEUQMV.exe
  C:\Windows\System\zeEUQMV.exe
  2⤵
  PID:9128
- C:\Windows\System\nkqRYGD.exe
  C:\Windows\System\nkqRYGD.exe
  2⤵
  PID:9188
- C:\Windows\System\UbIeFuY.exe
  C:\Windows\System\UbIeFuY.exe
  2⤵
  PID:9164
- C:\Windows\System\VFoGLJl.exe
  C:\Windows\System\VFoGLJl.exe
  2⤵
  PID:8360
- C:\Windows\System\HBAQUNY.exe
  C:\Windows\System\HBAQUNY.exe
  2⤵
  PID:8268
- C:\Windows\System\HcNPzOT.exe
  C:\Windows\System\HcNPzOT.exe
  2⤵
  PID:8208
- C:\Windows\System\qUQiueW.exe
  C:\Windows\System\qUQiueW.exe
  2⤵
  PID:8248
- C:\Windows\System\MEyeKou.exe
  C:\Windows\System\MEyeKou.exe
  2⤵
  PID:8384
- C:\Windows\System\vfmowFR.exe
  C:\Windows\System\vfmowFR.exe
  2⤵
  PID:8408
- C:\Windows\System\AOPrKoM.exe
  C:\Windows\System\AOPrKoM.exe
  2⤵
  PID:8436
- C:\Windows\System\WvfHfwT.exe
  C:\Windows\System\WvfHfwT.exe
  2⤵
  PID:8536
- C:\Windows\System\NrzteGl.exe
  C:\Windows\System\NrzteGl.exe
  2⤵
  PID:8448
- C:\Windows\System\BOqLldQ.exe
  C:\Windows\System\BOqLldQ.exe
  2⤵
  PID:8712
- C:\Windows\System\MlkbNSu.exe
  C:\Windows\System\MlkbNSu.exe
  2⤵
  PID:8748
- C:\Windows\System\CNgTtNj.exe
  C:\Windows\System\CNgTtNj.exe
  2⤵
  PID:8824
- C:\Windows\System\UcVhNMg.exe
  C:\Windows\System\UcVhNMg.exe
  2⤵
  PID:8580
- C:\Windows\System\uGQVyAZ.exe
  C:\Windows\System\uGQVyAZ.exe
  2⤵
  PID:8940
- C:\Windows\System\zuzKzUS.exe
  C:\Windows\System\zuzKzUS.exe
  2⤵
  PID:9040
- C:\Windows\System\ABhycCA.exe
  C:\Windows\System\ABhycCA.exe
  2⤵
  PID:8584
- C:\Windows\System\KHzOwIv.exe
  C:\Windows\System\KHzOwIv.exe
  2⤵
  PID:8764
- C:\Windows\System\AmUOgzB.exe
  C:\Windows\System\AmUOgzB.exe
  2⤵
  PID:8968
- C:\Windows\System\KxBUjMO.exe
  C:\Windows\System\KxBUjMO.exe
  2⤵
  PID:8836
- C:\Windows\System\bJiTqWd.exe
  C:\Windows\System\bJiTqWd.exe
  2⤵
  PID:9076
- C:\Windows\System\qJfdSGf.exe
  C:\Windows\System\qJfdSGf.exe
  2⤵
  PID:9124
- C:\Windows\System\OkCzNHL.exe
  C:\Windows\System\OkCzNHL.exe
  2⤵
  PID:8224
- C:\Windows\System\eiaGKWY.exe
  C:\Windows\System\eiaGKWY.exe
  2⤵
  PID:6412
- C:\Windows\System\QArQVpD.exe
  C:\Windows\System\QArQVpD.exe
  2⤵
  PID:9172
- C:\Windows\System\vcAXZUb.exe
  C:\Windows\System\vcAXZUb.exe
  2⤵
  PID:9152
- C:\Windows\System\CenMrSo.exe
  C:\Windows\System\CenMrSo.exe
  2⤵
  PID:8304
- C:\Windows\System\pGrrxme.exe
  C:\Windows\System\pGrrxme.exe
  2⤵
  PID:8500
- C:\Windows\System\wGsTELD.exe
  C:\Windows\System\wGsTELD.exe
  2⤵
  PID:8596
- C:\Windows\System\DPczuUw.exe
  C:\Windows\System\DPczuUw.exe
  2⤵
  PID:8740
- C:\Windows\System\jOWKxOx.exe
  C:\Windows\System\jOWKxOx.exe
  2⤵
  PID:9148
- C:\Windows\System\vMZVOOj.exe
  C:\Windows\System\vMZVOOj.exe
  2⤵
  PID:9056
- C:\Windows\System\konBbbR.exe
  C:\Windows\System\konBbbR.exe
  2⤵
  PID:9060
- C:\Windows\System\VtjCdZr.exe
  C:\Windows\System\VtjCdZr.exe
  2⤵
  PID:8944
- C:\Windows\System\yfAraAD.exe
  C:\Windows\System\yfAraAD.exe
  2⤵
  PID:9012
- C:\Windows\System\kWYllhj.exe
  C:\Windows\System\kWYllhj.exe
  2⤵
  PID:8256
- C:\Windows\System\AwhwPNw.exe
  C:\Windows\System\AwhwPNw.exe
  2⤵
  PID:8212
- C:\Windows\System\uIsColA.exe
  C:\Windows\System\uIsColA.exe
  2⤵
  PID:8288
- C:\Windows\System\fDlgeWz.exe
  C:\Windows\System\fDlgeWz.exe
  2⤵
  PID:8692
- C:\Windows\System\bKbYaMV.exe
  C:\Windows\System\bKbYaMV.exe
  2⤵
  PID:8424
- C:\Windows\System\XxLcgkU.exe
  C:\Windows\System\XxLcgkU.exe
  2⤵
  PID:8612
- C:\Windows\System\lAuOmyw.exe
  C:\Windows\System\lAuOmyw.exe
  2⤵
  PID:9184
- C:\Windows\System\fpoiEGY.exe
  C:\Windows\System\fpoiEGY.exe
  2⤵
  PID:9200
- C:\Windows\System\FhAPLtj.exe
  C:\Windows\System\FhAPLtj.exe
  2⤵
  PID:8388
- C:\Windows\System\tNSPzpz.exe
  C:\Windows\System\tNSPzpz.exe
  2⤵
  PID:8648
- C:\Windows\System\rnvGpaV.exe
  C:\Windows\System\rnvGpaV.exe
  2⤵
  PID:8888
- C:\Windows\System\PKgpJRI.exe
  C:\Windows\System\PKgpJRI.exe
  2⤵
  PID:9228
- C:\Windows\System\wlCnjdo.exe
  C:\Windows\System\wlCnjdo.exe
  2⤵
  PID:9244
- C:\Windows\System\NLLKjNq.exe
  C:\Windows\System\NLLKjNq.exe
  2⤵
  PID:9260
- C:\Windows\System\OinakqE.exe
  C:\Windows\System\OinakqE.exe
  2⤵
  PID:9276
- C:\Windows\System\mfhuCTv.exe
  C:\Windows\System\mfhuCTv.exe
  2⤵
  PID:9292
- C:\Windows\System\NPWvQil.exe
  C:\Windows\System\NPWvQil.exe
  2⤵
  PID:9308
- C:\Windows\System\LDYIhjK.exe
  C:\Windows\System\LDYIhjK.exe
  2⤵
  PID:9324
- C:\Windows\System\EWGRwnQ.exe
  C:\Windows\System\EWGRwnQ.exe
  2⤵
  PID:9340
- C:\Windows\System\kKrOkFM.exe
  C:\Windows\System\kKrOkFM.exe
  2⤵
  PID:9356
- C:\Windows\System\zCeMFfQ.exe
  C:\Windows\System\zCeMFfQ.exe
  2⤵
  PID:9372
- C:\Windows\System\ipFLePU.exe
  C:\Windows\System\ipFLePU.exe
  2⤵
  PID:9388
- C:\Windows\System\sOzRZQn.exe
  C:\Windows\System\sOzRZQn.exe
  2⤵
  PID:9404
- C:\Windows\System\qklpwBe.exe
  C:\Windows\System\qklpwBe.exe
  2⤵
  PID:9424
- C:\Windows\System\NKOxIVN.exe
  C:\Windows\System\NKOxIVN.exe
  2⤵
  PID:9440
- C:\Windows\System\TRSbKgU.exe
  C:\Windows\System\TRSbKgU.exe
  2⤵
  PID:9460
- C:\Windows\System\jLlTMPO.exe
  C:\Windows\System\jLlTMPO.exe
  2⤵
  PID:9476
- C:\Windows\System\fzMAOOY.exe
  C:\Windows\System\fzMAOOY.exe
  2⤵
  PID:9496
- C:\Windows\System\CLzZRrT.exe
  C:\Windows\System\CLzZRrT.exe
  2⤵
  PID:9512
- C:\Windows\System\VzalNKb.exe
  C:\Windows\System\VzalNKb.exe
  2⤵
  PID:9528
- C:\Windows\System\xCyBFPA.exe
  C:\Windows\System\xCyBFPA.exe
  2⤵
  PID:9544
- C:\Windows\System\lnnxAPR.exe
  C:\Windows\System\lnnxAPR.exe
  2⤵
  PID:9560
- C:\Windows\System\lZviMqW.exe
  C:\Windows\System\lZviMqW.exe
  2⤵
  PID:9580
- C:\Windows\System\VsHonDY.exe
  C:\Windows\System\VsHonDY.exe
  2⤵
  PID:9596
- C:\Windows\System\TIjeFek.exe
  C:\Windows\System\TIjeFek.exe
  2⤵
  PID:9612
- C:\Windows\System\MkVbIGp.exe
  C:\Windows\System\MkVbIGp.exe
  2⤵
  PID:9628
- C:\Windows\System\QNhoMrP.exe
  C:\Windows\System\QNhoMrP.exe
  2⤵
  PID:9644
- C:\Windows\System\sdRhEFt.exe
  C:\Windows\System\sdRhEFt.exe
  2⤵
  PID:9660
- C:\Windows\System\xCPUVpC.exe
  C:\Windows\System\xCPUVpC.exe
  2⤵
  PID:9676
- C:\Windows\System\BPqLPkx.exe
  C:\Windows\System\BPqLPkx.exe
  2⤵
  PID:9692
- C:\Windows\System\eSnoLQZ.exe
  C:\Windows\System\eSnoLQZ.exe
  2⤵
  PID:9708
- C:\Windows\System\CBeggGF.exe
  C:\Windows\System\CBeggGF.exe
  2⤵
  PID:9724
- C:\Windows\System\zjhBDnH.exe
  C:\Windows\System\zjhBDnH.exe
  2⤵
  PID:9740
- C:\Windows\System\PYJVSBM.exe
  C:\Windows\System\PYJVSBM.exe
  2⤵
  PID:9756
- C:\Windows\System\LQdoGuY.exe
  C:\Windows\System\LQdoGuY.exe
  2⤵
  PID:9772
- C:\Windows\System\VXKRsyK.exe
  C:\Windows\System\VXKRsyK.exe
  2⤵
  PID:9788
- C:\Windows\System\lMrCCQe.exe
  C:\Windows\System\lMrCCQe.exe
  2⤵
  PID:9816
- C:\Windows\System\anyABeO.exe
  C:\Windows\System\anyABeO.exe
  2⤵
  PID:9832
- C:\Windows\System\lHnGiQW.exe
  C:\Windows\System\lHnGiQW.exe
  2⤵
  PID:9848
- C:\Windows\System\AzqlJUI.exe
  C:\Windows\System\AzqlJUI.exe
  2⤵
  PID:9864
- C:\Windows\System\jNBeLae.exe
  C:\Windows\System\jNBeLae.exe
  2⤵
  PID:9880
- C:\Windows\System\NnajbRl.exe
  C:\Windows\System\NnajbRl.exe
  2⤵
  PID:9896
- C:\Windows\System\IxKiDgG.exe
  C:\Windows\System\IxKiDgG.exe
  2⤵
  PID:9912
- C:\Windows\System\FGnZVsH.exe
  C:\Windows\System\FGnZVsH.exe
  2⤵
  PID:9928
- C:\Windows\System\peZDXMZ.exe
  C:\Windows\System\peZDXMZ.exe
  2⤵
  PID:9944
- C:\Windows\System\smkWXLa.exe
  C:\Windows\System\smkWXLa.exe
  2⤵
  PID:9960
- C:\Windows\System\NhsdRZn.exe
  C:\Windows\System\NhsdRZn.exe
  2⤵
  PID:9976
- C:\Windows\System\prvYQwG.exe
  C:\Windows\System\prvYQwG.exe
  2⤵
  PID:9992
- C:\Windows\System\idgHCRn.exe
  C:\Windows\System\idgHCRn.exe
  2⤵
  PID:10008
- C:\Windows\System\uMxYIAL.exe
  C:\Windows\System\uMxYIAL.exe
  2⤵
  PID:10028
- C:\Windows\System\mBVvtRQ.exe
  C:\Windows\System\mBVvtRQ.exe
  2⤵
  PID:10044
- C:\Windows\System\fpkmpix.exe
  C:\Windows\System\fpkmpix.exe
  2⤵
  PID:10068
- C:\Windows\System\gTfaQcW.exe
  C:\Windows\System\gTfaQcW.exe
  2⤵
  PID:10084
- C:\Windows\System\rRwsNyX.exe
  C:\Windows\System\rRwsNyX.exe
  2⤵
  PID:10100
- C:\Windows\System\CkcFfuZ.exe
  C:\Windows\System\CkcFfuZ.exe
  2⤵
  PID:10116
- C:\Windows\System\djoZrPe.exe
  C:\Windows\System\djoZrPe.exe
  2⤵
  PID:10140
- C:\Windows\System\HyoYJRO.exe
  C:\Windows\System\HyoYJRO.exe
  2⤵
  PID:10156
- C:\Windows\System\mTxuICc.exe
  C:\Windows\System\mTxuICc.exe
  2⤵
  PID:10172
- C:\Windows\System\LEjNBAX.exe
  C:\Windows\System\LEjNBAX.exe
  2⤵
  PID:10188
- C:\Windows\System\xGLehtd.exe
  C:\Windows\System\xGLehtd.exe
  2⤵
  PID:10204
- C:\Windows\System\fibgfJe.exe
  C:\Windows\System\fibgfJe.exe
  2⤵
  PID:10220
- C:\Windows\System\LgnZfcy.exe
  C:\Windows\System\LgnZfcy.exe
  2⤵
  PID:10236
- C:\Windows\System\tcPIMfU.exe
  C:\Windows\System\tcPIMfU.exe
  2⤵
  PID:9220
- C:\Windows\System\ZeLpmcN.exe
  C:\Windows\System\ZeLpmcN.exe
  2⤵
  PID:9284
- C:\Windows\System\EyAprfi.exe
  C:\Windows\System\EyAprfi.exe
  2⤵
  PID:8636
- C:\Windows\System\ItfRGfy.exe
  C:\Windows\System\ItfRGfy.exe
  2⤵
  PID:9316
- C:\Windows\System\txzrIPO.exe
  C:\Windows\System\txzrIPO.exe
  2⤵
  PID:9320
- C:\Windows\System\PnygZXB.exe
  C:\Windows\System\PnygZXB.exe
  2⤵
  PID:9384
- C:\Windows\System\BspPKnO.exe
  C:\Windows\System\BspPKnO.exe
  2⤵
  PID:9364
- C:\Windows\System\kcsECzz.exe
  C:\Windows\System\kcsECzz.exe
  2⤵
  PID:9416
- C:\Windows\System\ACmGnaw.exe
  C:\Windows\System\ACmGnaw.exe
  2⤵
  PID:9452
- C:\Windows\System\mYpCrpu.exe
  C:\Windows\System\mYpCrpu.exe
  2⤵
  PID:9484
- C:\Windows\System\qzQUXtr.exe
  C:\Windows\System\qzQUXtr.exe
  2⤵
  PID:9436
- C:\Windows\System\dEfFumb.exe
  C:\Windows\System\dEfFumb.exe
  2⤵
  PID:9524
- C:\Windows\System\NZLUGak.exe
  C:\Windows\System\NZLUGak.exe
  2⤵
  PID:928
- C:\Windows\System\JLesGbv.exe
  C:\Windows\System\JLesGbv.exe
  2⤵
  PID:2080
- C:\Windows\System\keAEZkf.exe
  C:\Windows\System\keAEZkf.exe
  2⤵
  PID:9552
- C:\Windows\System\ECpylVR.exe
  C:\Windows\System\ECpylVR.exe
  2⤵
  PID:9508
- C:\Windows\System\jQXeHjH.exe
  C:\Windows\System\jQXeHjH.exe
  2⤵
  PID:9576
- C:\Windows\System\UmbxzzT.exe
  C:\Windows\System\UmbxzzT.exe
  2⤵
  PID:9064
- C:\Windows\System\xoRYnkT.exe
  C:\Windows\System\xoRYnkT.exe
  2⤵
  PID:9652
- C:\Windows\System\uRNKiGK.exe
  C:\Windows\System\uRNKiGK.exe
  2⤵
  PID:9672
- C:\Windows\System\zRjeKcA.exe
  C:\Windows\System\zRjeKcA.exe
  2⤵
  PID:9700
- C:\Windows\System\QOOpxrL.exe
  C:\Windows\System\QOOpxrL.exe
  2⤵
  PID:9732
- C:\Windows\System\ohoWAIj.exe
  C:\Windows\System\ohoWAIj.exe
  2⤵
  PID:9764
- C:\Windows\System\pJwqjyz.exe
  C:\Windows\System\pJwqjyz.exe
  2⤵
  PID:9804
- C:\Windows\System\nYVLzoc.exe
  C:\Windows\System\nYVLzoc.exe
  2⤵
  PID:9876
- C:\Windows\System\MpIcSYc.exe
  C:\Windows\System\MpIcSYc.exe
  2⤵
  PID:9888
- C:\Windows\System\BDLtwIW.exe
  C:\Windows\System\BDLtwIW.exe
  2⤵
  PID:9952
- C:\Windows\System\dDBVeys.exe
  C:\Windows\System\dDBVeys.exe
  2⤵
  PID:9844
- C:\Windows\System\WayJHTg.exe
  C:\Windows\System\WayJHTg.exe
  2⤵
  PID:9968
- C:\Windows\System\kRSvlKw.exe
  C:\Windows\System\kRSvlKw.exe
  2⤵
  PID:10016
- C:\Windows\System\UGkypPZ.exe
  C:\Windows\System\UGkypPZ.exe
  2⤵
  PID:10036
- C:\Windows\System\izdnxYn.exe
  C:\Windows\System\izdnxYn.exe
  2⤵
  PID:10056
- C:\Windows\System\AEvLOxP.exe
  C:\Windows\System\AEvLOxP.exe
  2⤵
  PID:10092
- C:\Windows\System\aiBDsri.exe
  C:\Windows\System\aiBDsri.exe
  2⤵
  PID:10112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BBtlLtC.exe

Filesize
6.0MB

MD5
b705aedf3b996682592bb0a6efae77f8

SHA1
8b550f45a56070264a82e865608abec2d4db8967

SHA256
eda2a28e16368719ed80a6b0cdfb64528a89c33df51809287f608b102ff56827

SHA512
cfc1d4035ae577279cc3f2a1411c467fd28bc302872ea3c1996884af3e48b1ffb1d0697df58f1dc1a2e3841874958df38949d98e1e56bbe374847546dea51ebf

Download Submit
C:\Windows\system\CJrMLVD.exe

Filesize
6.0MB

MD5
bfb47bf6ee221ed64bcc98b9614cebb4

SHA1
66e1d48da2146105ede5e32621bc1333149c652a

SHA256
a926d41e1c2ff2a2258e3bed70dc718b2301a19d62534c6bb1c76dec1fbddd4b

SHA512
2b0e19ae4a3dad1f798e530bab6c1b2b7dc3c809e46495003f1fcb748072e4c81925efa9efaeca5531f71553ca19ae8915e41aaaa3ce07f69a8c7ae5ea0d5369

Download Submit
C:\Windows\system\CUOZLPP.exe

Filesize
6.0MB

MD5
f96503bb9db2dc142f3ec8a81e4c5718

SHA1
303a7d00e76beb5006ba9926fe95c977411b2e30

SHA256
8027ae97f88d576812bf5deab2111f521be3eb48d0e4cdf2363e8ae9a34c267e

SHA512
3e26d3678034b42d09b970826b5b75d34d00e71440363bafd42eb384ba90a470eb4994cad8428c530c2e5e90f9b28ebebc70b131b0ff1176039d398b0fcc6aa6

Download Submit
C:\Windows\system\DcIfuhC.exe

Filesize
6.0MB

MD5
6b1e0a157462bf8b58a70a92d6ddc202

SHA1
e7b9233e5b1129a6f375fb10b55337760269945b

SHA256
777313c06e8704d74ed098e0c279e0283df196354e3a8a591287368400c1bb0e

SHA512
eaed4cd91e5100b273682a8382b12653e3a7509cc01f0a121bda4ee91088652e9a45532b7928212cb462c3cddb0a70cc822b2f2e5b48834c98b45e1f469e0bdd

Download Submit
C:\Windows\system\MFJOdWd.exe

Filesize
6.0MB

MD5
eaaa5c5eac301dabd67a6f9fc1a279f3

SHA1
ee16299d4d284c2b660377c414f5418b4e667ba9

SHA256
7a5de79a895390fcdee0eeceaf5a15f95ffcd45c09dd04dc6ca4c4fe8656b010

SHA512
a9c3926e4deefa5b2cd7f4bced4c4cec7060ff1c3d8ec292e9a3bea41442e09c073e998a2b64cf0e78e963c4beaa31cb9ee2e17119edd7f5eda8e2d8c5e74202

Download Submit
C:\Windows\system\WngDFka.exe

Filesize
6.0MB

MD5
6be167928c97a21666ad52e28854f9c8

SHA1
ac8f3e8d7b7420ddac9f9152af6e84e79cab3a4c

SHA256
f8d31c79df95d0ad6dcf5027ece223c413fc68cb5934f1a39414917aed95ea9b

SHA512
90157ad78f9ff1aaacc46a5e2ddbbea7ecd6725502da36621a3546a8aa44a85ea16dc4c27994be0ad773ebbff184c7735324904867768ead3cb5dcb5baaee7ac

Download Submit
C:\Windows\system\eTKkRUD.exe

Filesize
6.0MB

MD5
1a5512db47a38cf69dc37c379eb58e61

SHA1
46286e7588f8f56e08a2ecf6fea20c8070a6b7e4

SHA256
206aebb6523d7d89311f86ee95f2596e942b22be637d170310cd5296256c8012

SHA512
b2bb85f50bbbed5e40cc33787f57276c8ebbcb0150065a2951de1815f54e46213cfd91482424db951efb35eccf6da6b2d27e74c137df012527ca48e150c46b6d

Download Submit
C:\Windows\system\eaJrCYD.exe

Filesize
6.0MB

MD5
baa575ebe47ee142cb0c3781a3612561

SHA1
e5459383430561b822aac2ef2fc41fecd03511f4

SHA256
bf5d37311d758d223a89e0a9f413ca2f80569c38bc5dad1f0e72db013bec948a

SHA512
55d7299cbffe5e9c55e2e1eecfe4eed47e65db3115a04cf403ca0f30a585788ab529249534b3fc0a1dee1e508a750a3b8907317f4e40d5ccacb31d15ccacb5d7

Download Submit
C:\Windows\system\fWVaeok.exe

Filesize
6.0MB

MD5
472540142c702082135d8a506645b0b6

SHA1
d25ab32acd367e9016abe5c616fd6b5b7e7b99c3

SHA256
631c8448e3f589059b40bd24a889af9be487002ccd60f3ddd9cc7dd8df9a9d1e

SHA512
5f263963e416cd7f3cb4c61b177965a34cab8b400502bf4e596a49e8ee7a16191e335f0ce7aa8ac2ba8e105e03d076caa6cec146e6afe9d5189058dbf13c7b22

Download Submit
C:\Windows\system\gKaQgWG.exe

Filesize
6.0MB

MD5
20f2dc0ca205d2c81ae268dd71d31921

SHA1
bed5892d10301ef917c42477cc36b6639e7a2585

SHA256
11561d779b8d5c963418d2d7da69a6c7804d01aa34684fb6894882339032c50c

SHA512
9397270c11ff0735ee610294a451361be7cd3ce73f9c875d9a54095fb4b3256a03a55cc518cd63e49401ce989149922ba02b31287264618a7fbcda8aea971c76

Download Submit
C:\Windows\system\geIXMHs.exe

Filesize
6.0MB

MD5
d95bcafd240ec5cf93899b5f92fd988e

SHA1
f3508394d96b6b322312ac00b732a0354184cf2a

SHA256
f03a93b329c8a41a4290c64b2d6f2c99b443997c229795da6e7416589fb3dfba

SHA512
71f753142262d5bae8b77177efe3893eb9f220c03b9e408bc1cdbe38ab3648757df73ea1075bc27ee51e16af82bcc8fa561e3061ca534f10950dbc7164285257

Download Submit
C:\Windows\system\gexlCaM.exe

Filesize
6.0MB

MD5
7b25fe08ebfcd88ae88e754983dbe889

SHA1
15b4efc26a65254f87ed15dbe4f952943a398359

SHA256
471c757e41b27316add066b011363ede24a24fff0c4937e80f6386b074cf21c5

SHA512
62d3da3566f327394b9f45689d6afd88ff7ab68b25322744689040c85649d91cdfaf2a21e7daeaa1466fe924a9baa43a7247c2acaac21c38dd392b8e1817760f

Download Submit
C:\Windows\system\iGDcluV.exe

Filesize
6.0MB

MD5
6f09498c7aa3003ad00f9917ece4cde7

SHA1
f35688efe0f2bc974303d3f5d9f22f41b8988f9f

SHA256
09732db3945ca342f27a10ee29b0db345982bf82e70f904a869157b03c522216

SHA512
55859bf1962e4ae826c65950d1a43d25986c4e05a026ef2e17d2ebaf0df2f7d11e5402f7f5be855660ca1c9f9fdaad8793060b5026d19995801da5cb7c6bdc0c

Download Submit
C:\Windows\system\iUURKtz.exe

Filesize
6.0MB

MD5
d8e35bfa4c858520b6af5ef7f13d8e9f

SHA1
4e41d9e9b33cefcffb2795c396244294dace97fe

SHA256
30951b55104ef4b5eb04a35d03b09a4748eae7a26ed63a26713d16833d19d79b

SHA512
6e0347b46e9754b210cd8eb23b09c512e3c45cf59835c1d8bc7fe1f23f4322083a415c2e691a55e3e474169fca866f15f681af27b5ce353103ac5fbd5b2450a6

Download Submit
C:\Windows\system\kgyFeHL.exe

Filesize
6.0MB

MD5
ab878e441da5bd72c1c726099dad9376

SHA1
9a2b9a5c86418cd57a8e9f906867b4b5f56bfb40

SHA256
8c445c4e2be9811d5922bc7e0652b2f39a0bdb6666d3e540ccf480d0ab653271

SHA512
e1e5fce8bf95de5f834fc54916065bd9f92116ab1061a1e7f79397700210bbf90c827244f8c673894d08bb9842782ffc7709ce40c3c8d65511bcc16aa46d2336

Download Submit
C:\Windows\system\lcrniLW.exe

Filesize
6.0MB

MD5
e9d06916401bd9fc7d9bac597ecb9f3a

SHA1
b22498c834c90f605fdf4c3971e9d3b709b7c398

SHA256
52262cd2df663baffa5ffb3e23a2975a431385d1ac1462852a542fe1bd960c30

SHA512
6176245f2bb1b62ce81ee20248c44ab2cdd37d52c8da4962204ce2b58431e35f41f0215b22534d1f644a33763bfa268e5420709cf629844c6f0bbf7e9c8757ce

Download Submit
C:\Windows\system\rJtqOJL.exe

Filesize
6.0MB

MD5
288f94dcf06cfbfda0032145d16fc588

SHA1
ec9c8fe6b9be2aa64e7f0909eb4fbdf786b66dee

SHA256
28da495ac68a3299c3ef38f3bd553a14b1c899e64d6af18a56103b50cf49a5b8

SHA512
cbc0e5b5b7d64b7a65c17102cc6cbc92df093d20e8714f28974fd66d61693f243fb68a27e39a52b6b17e9eba60fc11319eb62e52684e6b3a693810d5e6b61250

Download Submit
C:\Windows\system\umeyGbz.exe

Filesize
6.0MB

MD5
121b16142ce23b61d647dc5326a160a0

SHA1
6bddcaadc7f82b37c487eb7d3538928975e9f076

SHA256
25af5271fd2b5f98cb5e472865752f5d0db31641415116f8a383d489c713ae36

SHA512
00637ab62e7b47e8061be8171e3644c8292b2dd8c659d444c1df1062fe382a29e2b2ae892a345518b2e1ece96053ccbbb13ea9039c19eef8aabbef1b08a18355

Download Submit
C:\Windows\system\vkaCgmh.exe

Filesize
6.0MB

MD5
58073c3eb554682fee1739a5823d41ed

SHA1
4209d106b66edb9594abd413ea3274998f614912

SHA256
112ba620b2af37c9eaa95b00dc457540270545bc3299eb3dc83edd65b684da08

SHA512
2c91364f34534a7537896dd391f1e4861e789906a606a161f3a1a82360d6e85b3f6ef82132b545a79e31c692caf3bf4f706db54aa06a7521ccc5119ebbda8724

Download Submit
C:\Windows\system\vswUKpj.exe

Filesize
6.0MB

MD5
b1d9f3d5a5e133604578d27604c6e323

SHA1
851a2bbd860f3978b6182aafc8bd250ec6aba815

SHA256
138df65cf15df7a9b4cd7b2d5502ee22ac09459c923f80c1b18fedd9d6a94178

SHA512
17f784bd641127212f95735d273d6b72b96b6271e28ba9a2b0ad92b6c3f3f69731483e986acc0a57abb3d98c950973f220c064185707e7c42edec42a2157ec1f

Download Submit
C:\Windows\system\zCYtEhX.exe

Filesize
6.0MB

MD5
eda792c1d9ba7d1f8baa136eb14d2881

SHA1
e9380f1b489f46cd6cf65ec7899803009a557225

SHA256
14ca22d5a4cd5071655d69115af20e1bbf0fa1529f2e1debe1f9cc24739a1861

SHA512
8a83f61a37bc932852ffd65a348ce332f17cadff66ef633cbaadb18960873238b134027fa94bda5a7417a5b92ffc19913040e57fc1e5846ba1d18ab860bc5c90

Download Submit
\Windows\system\HItfWyB.exe

Filesize
6.0MB

MD5
e8cfd8a94be6186e83476b323b95d47a

SHA1
4e413b6299b0b95e95750bd833e7908109765407

SHA256
1f16db706a887a9af7f8b83ba0674e50b6922916dbec1deffd6cd3ca6740ab8a

SHA512
46e7f45f4a487953da14727649b2029f1fc32cb529a36d9176af1077f4e24a10002af447bb897ec3444b2e85cef4d119a8aaf4d03e3f9fa945349fc02ce251f1

Download Submit
\Windows\system\JSCYGlt.exe

Filesize
6.0MB

MD5
ad5fd5f536d7a476fed45320120f884d

SHA1
7d0ccdefb9b530f88576a41293c1477dc7db9dfb

SHA256
0cad55e13e7a86b998d300355a448bb9c6481c50d614f3a4f737e665dd08ec67

SHA512
62234479f4a7a59cf25c0d831cb39ec68d53ebb3b3d536700e6c947603933cfa0ce0d233b677551fe063751388a898d8e82721cbf8eec8bb1e50c0ca624debef

Download Submit
\Windows\system\QuWjDUT.exe

Filesize
6.0MB

MD5
06ccae8d23d49f6c014f462d9d15d514

SHA1
3f098aa6124201aa396b91746a7f9d5395fdade6

SHA256
502d78f5dc49d852fa619b1aa8da940ed677f12f842a960efc99440235aa5cc1

SHA512
50b786d98bf4cef145035349a22fedecb59dd7f4ee84db5d61a6edf989f40983ca6d7e03e98fe70b6ccf8af052922416ef89884d3b51dda36d9646e38435043a

Download Submit
\Windows\system\QySoDPy.exe

Filesize
6.0MB

MD5
4d2b703387cf50f4cec1e396c97df23c

SHA1
a906509fe22de73e98d11545b1264f40649f5a78

SHA256
79dcb6b7fc5648c0cf0d0308ee6f7c89af2ac26410aa752bb470bbfdb1eb9d95

SHA512
e5d9a06902b3c3646f92ef57aafc5ff9c5ef1f51a3878a6394a41017c422a0cb20b6706e9f04a5b5435d83e26ed5ece7d221a8c3700fe565351be1de4d14e555

Download Submit
\Windows\system\SeOQXhZ.exe

Filesize
6.0MB

MD5
ee285914a21a5af1ea509d701082c055

SHA1
1c0988a9e7802c02dc16ea46188005b9ffcd1425

SHA256
a9d3e7fd69e6d5a625ae7a2d310a56e4c69584db2fd0bfe18abdaeb4a5657a86

SHA512
dbed962e354cc2acbc8e3ef37971c5faa9fffc9fd5ea60932f31bc4eccecf7194d9248fa86f6b82e1987e3b2fd1484af54cb6d8f494bb4192f4dffdf6a8e85ed

Download Submit
\Windows\system\XGsoOiE.exe

Filesize
6.0MB

MD5
45a645e47de94e28462f671d0ad86e3c

SHA1
bfb5418ac233df74b3048b7e3f01c18a8fa8b7ae

SHA256
2bc6ff2c1c04747c555443063404be90b8a70274bee2fefffffadbc0a5dc0a74

SHA512
bc312b17dc6beb66afe37eef6dee2a46047ecb683252bc60720a89ea10d164e35d8fdc6e91d5e207460a708daa23de329472b9e87213331f561ecb4d41423807

Download Submit
\Windows\system\dLdfKxZ.exe

Filesize
6.0MB

MD5
4dd6a9913a5cf289cac1362d90835858

SHA1
a917ae31e80927e72ac754b3269d7b42209ad515

SHA256
9e3d83e1fb32480a44669d21fcfd890da39ef18cbb93300ba2350f6085d264ce

SHA512
c51a1c785a811204c1269821c43deaabc3c70117e4469ecb2e9a882b0d523aed134aa9bb1600b26f6601c35227d5cd18d21a476b534b30ca0c3c48bf534922ae

Download Submit
\Windows\system\fZZrYpr.exe

Filesize
6.0MB

MD5
85a3946b28da6a2bcdf3efb98bf0a80f

SHA1
193894fe27bc6ef906d9275c1b9dc3c9f9d6192b

SHA256
e251fc5ce280cb17c3c22fd9a192b853ab0b378cf4c4ae84b9648bd6ffd8abb1

SHA512
c719e8f17e158f08c5927919cc562d01a98dd7d833a410ed55e6d9f1b8b6dba4506ce7646db03ea6c035296c3329e9cc1803f14f9d1554a0d5e4261a659816f4

Download Submit
\Windows\system\fnAGhOf.exe

Filesize
6.0MB

MD5
60cab7dd2af68780154db2660ebf3940

SHA1
9e3220f1944eefa162c98745b8ba94fb0eddbc68

SHA256
3e89a4cb2b89ecd3d3669204de5afc9a0a8711d742866c0f2a7b934f5f327802

SHA512
c448901d60a398d2f7586fb4ef54d574d352b16362aab7c47889c86288b1a025518d435e7cd1aae8cb480a3d673a32bf9fdb9c9f732fd3a4642c145e871d4358

Download Submit
\Windows\system\nGUMppp.exe

Filesize
6.0MB

MD5
2967ad4133e2446e9485ba3e15e8dc4a

SHA1
8a9ef22a95ae3e05d3ae2e89a89edc65afadc7fa

SHA256
ff6329d836b228a2560f265680c87b84b96dcbca43b93a6ca05ad37250a8c2ef

SHA512
9253b28dbdd19c3f05a70861ce0e6df6f2ef5f06192019f934bd68b2a1807629b4b72951bf82d93db36a81328f890bfe3b95057b24ccd9dc356262ab00884f76

Download Submit
\Windows\system\rUteHTh.exe

Filesize
6.0MB

MD5
49d6d1902902526e3575c332fae503e7

SHA1
47087fa1d55f89d64e79ef6cf00e475d19371fc7

SHA256
eb2ce80b2280bf30eecc80e452ce8330f781bf5f06a17b670d3c6807c75aca95

SHA512
69b0fccc2b3484efecc3e8473a935e913eb3d8e3a862d1e1f0dbd74cb31d723cf4391ffdb024168d8ee68ecab496ff006a860439391e4833c28bcf16efe22a31

Download Submit
\Windows\system\xzvrYHy.exe

Filesize
6.0MB

MD5
e15fd67afc9b3bed958d0307bd89911b

SHA1
c4f2acd766a7077d84a68686667a20c3da43cec3

SHA256
7c99d1681e1ca8b9fdc9e3108bb48a7aa2c6453e3ed0dae2ba2f3dc448992c71

SHA512
cada5c79bfe6613220955636b6d240284cd5c916af71237f14b20b9a2a9fc52e3f4d6bbbd74963d994c0b1f5e8ac46dfb689ecc16190fe8cc4c3d716b54c1fa1

Download Submit
memory/568-98-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/568-452-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/568-2202-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1064-90-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1064-2201-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1408-17-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/1408-2157-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/1952-51-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1952-12-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1952-499-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1952-89-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1952-88-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1952-30-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1952-86-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1952-85-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1952-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/1952-40-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1952-116-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1952-62-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/1952-24-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1952-0-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/1952-451-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1952-97-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1952-402-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1952-34-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1952-410-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1952-61-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/1952-249-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/1952-300-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2140-2197-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2140-28-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2244-2205-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2244-55-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2256-405-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2256-2204-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2256-87-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2596-63-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2596-2203-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2672-79-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2206-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-50-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2728-115-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2728-2200-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2780-20-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-2196-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-49-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3240-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2844-41-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2844-96-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2844-2199-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2872-39-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2872-91-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2872-2198-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download