cobaltstrike | ba3d0a10bb3cf9c1935cc8fc6ef5f70d9ecad5c156159354f217ff7b836c0e33

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22/01/2025, 18:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

eca601ab6a3041806d41e27ce155a094
SHA1

2c5eb5eadb7488041800a12a919cbfd5c98d4e0f
SHA256

ba3d0a10bb3cf9c1935cc8fc6ef5f70d9ecad5c156159354f217ff7b836c0e33
SHA512

348cdf9b65913b27f98f1de7d67a803d834ca9a6182cbf5451c85581dad632dcb455e03699a656a1bcd514fdfab08a65e68f1145a27af99711d361b0809d4fa8
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUg:T+q56utgpPF8u/7g

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120f6-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d88-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d90-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015da1-21.dat	cobalt_reflective_dll
behavioral1/files/0x0036000000015d48-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015df1-34.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e4f-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f38-55.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015f4e-62.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d22-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4c-73.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d73-93.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-102.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd5-108.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd9-113.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df5-123.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df8-128.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edc-133.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f02-138.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707f-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-184.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-174.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-169.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-164.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017570-159.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174f8-154.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174b4-148.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de9-118.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d68-81.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2228-0-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x00080000000120f6-3.dat	xmrig
behavioral1/memory/2228-6-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d88-9.dat	xmrig
behavioral1/files/0x0008000000015d90-11.dat	xmrig
behavioral1/memory/2720-20-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2740-18-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/files/0x0008000000015da1-21.dat	xmrig
behavioral1/memory/2748-29-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/files/0x0036000000015d48-38.dat	xmrig
behavioral1/memory/2088-36-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2228-35-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x0007000000015df1-34.dat	xmrig
behavioral1/memory/2820-39-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2608-45-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x0007000000015e4f-46.dat	xmrig
behavioral1/memory/2740-50-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2720-54-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/3048-53-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f38-55.dat	xmrig
behavioral1/memory/2036-61-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2748-60-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/files/0x0009000000015f4e-62.dat	xmrig
behavioral1/memory/2088-68-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2944-69-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d22-70.dat	xmrig
behavioral1/files/0x0006000000016d4c-73.dat	xmrig
behavioral1/files/0x0006000000016d73-93.dat	xmrig
behavioral1/memory/2228-98-0x0000000002400000-0x0000000002754000-memory.dmp	xmrig
behavioral1/memory/2608-101-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d6f-102.dat	xmrig
behavioral1/memory/1032-104-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/files/0x0006000000016dd5-108.dat	xmrig
behavioral1/files/0x0006000000016dd9-113.dat	xmrig
behavioral1/files/0x0006000000016df5-123.dat	xmrig
behavioral1/files/0x0006000000016df8-128.dat	xmrig
behavioral1/files/0x0006000000016edc-133.dat	xmrig
behavioral1/files/0x0006000000016f02-138.dat	xmrig
behavioral1/files/0x000600000001707f-143.dat	xmrig
behavioral1/files/0x0005000000018697-179.dat	xmrig
behavioral1/files/0x000500000001871c-194.dat	xmrig
behavioral1/memory/576-629-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/files/0x000500000001870c-189.dat	xmrig
behavioral1/files/0x0005000000018706-184.dat	xmrig
behavioral1/files/0x000d000000018683-174.dat	xmrig
behavioral1/files/0x00060000000175f7-169.dat	xmrig
behavioral1/files/0x00060000000175f1-164.dat	xmrig
behavioral1/files/0x0006000000017570-159.dat	xmrig
behavioral1/files/0x00060000000174f8-154.dat	xmrig
behavioral1/files/0x00060000000174b4-148.dat	xmrig
behavioral1/files/0x0006000000016de9-118.dat	xmrig
behavioral1/memory/2228-103-0x0000000002400000-0x0000000002754000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d68-81.dat	xmrig
behavioral1/memory/2432-100-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/1432-99-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/3068-97-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/576-90-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2820-3207-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2748-3245-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2740-3250-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2720-3255-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2088-3267-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2608-3466-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/3048-3515-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2820	tcauIeb.exe
2740	WsiQvsF.exe
2720	OESpTVu.exe
2748	oOymNpI.exe
2088	EmtcGSW.exe
2608	lwQwpYl.exe
3048	WmguUuE.exe
2036	BTSlsTX.exe
2944	grFWmou.exe
3068	CjlgOFS.exe
576	PspfJMS.exe
2432	pYdLStl.exe
1432	bKvpdEF.exe
1032	vDBIJuV.exe
1524	PlerhNk.exe
2008	ILHpmgq.exe
804	MHLHZPt.exe
2916	bqoIrMn.exe
2912	tMMdpOv.exe
1360	UeIfEGu.exe
620	uRNLJtH.exe
1764	EalSvmP.exe
2572	IBNtdOO.exe
2768	vKZcpQT.exe
1920	jdJzekR.exe
1660	HwRLMqy.exe
2064	uUoxWKu.exe
1308	IQHXrwW.exe
1048	wPXtAXA.exe
1136	iWykYOk.exe
2516	GUxNjWH.exe
1960	NaMoaZy.exe
2172	eGuPWvJ.exe
980	JKEflhd.exe
1620	ovjstVE.exe
1888	JQmSwdF.exe
2236	fUeQwDh.exe
856	LyOiRne.exe
1156	cgiSYuU.exe
2376	BQAdvjx.exe
892	HnQDwFN.exe
552	xicfPMY.exe
1808	DBGJgoU.exe
3008	PVzvwzQ.exe
3004	lUZwCEc.exe
1652	CXTAzdj.exe
2372	Sqtxjvs.exe
2252	JwqjHlz.exe
2136	HYbZfMM.exe
1748	pYDpTow.exe
2116	whfmHiA.exe
2120	OwJOfgl.exe
1576	MhSClPA.exe
2732	eXbhKTB.exe
2856	zYIAWJY.exe
2240	jtIyjDc.exe
2852	aMCeCCo.exe
2968	McfwOVA.exe
2960	nORmGxy.exe
1700	ORvJxtH.exe
2772	WdriXsU.exe
2644	OVGIrnc.exe
2632	FYMwlmk.exe
1956	WFHEdjg.exe

Loads dropped DLL 64 IoCs

pid	Process
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2228-0-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x00080000000120f6-3.dat	upx
behavioral1/memory/2228-6-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x0008000000015d88-9.dat	upx
behavioral1/files/0x0008000000015d90-11.dat	upx
behavioral1/memory/2720-20-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2740-18-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x0008000000015da1-21.dat	upx
behavioral1/memory/2748-29-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/files/0x0036000000015d48-38.dat	upx
behavioral1/memory/2088-36-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2228-35-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x0007000000015df1-34.dat	upx
behavioral1/memory/2820-39-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2608-45-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x0007000000015e4f-46.dat	upx
behavioral1/memory/2740-50-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2720-54-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/3048-53-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/files/0x0007000000015f38-55.dat	upx
behavioral1/memory/2036-61-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2748-60-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/files/0x0009000000015f4e-62.dat	upx
behavioral1/memory/2088-68-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2944-69-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x0007000000016d22-70.dat	upx
behavioral1/files/0x0006000000016d4c-73.dat	upx
behavioral1/files/0x0006000000016d73-93.dat	upx
behavioral1/memory/2608-101-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x0006000000016d6f-102.dat	upx
behavioral1/memory/1032-104-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x0006000000016dd5-108.dat	upx
behavioral1/files/0x0006000000016dd9-113.dat	upx
behavioral1/files/0x0006000000016df5-123.dat	upx
behavioral1/files/0x0006000000016df8-128.dat	upx
behavioral1/files/0x0006000000016edc-133.dat	upx
behavioral1/files/0x0006000000016f02-138.dat	upx
behavioral1/files/0x000600000001707f-143.dat	upx
behavioral1/files/0x0005000000018697-179.dat	upx
behavioral1/files/0x000500000001871c-194.dat	upx
behavioral1/memory/576-629-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/files/0x000500000001870c-189.dat	upx
behavioral1/files/0x0005000000018706-184.dat	upx
behavioral1/files/0x000d000000018683-174.dat	upx
behavioral1/files/0x00060000000175f7-169.dat	upx
behavioral1/files/0x00060000000175f1-164.dat	upx
behavioral1/files/0x0006000000017570-159.dat	upx
behavioral1/files/0x00060000000174f8-154.dat	upx
behavioral1/files/0x00060000000174b4-148.dat	upx
behavioral1/files/0x0006000000016de9-118.dat	upx
behavioral1/files/0x0006000000016d68-81.dat	upx
behavioral1/memory/2432-100-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/1432-99-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/3068-97-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/576-90-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2820-3207-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2748-3245-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2740-3250-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2720-3255-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2088-3267-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2608-3466-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/3048-3515-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2036-3599-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2944-3723-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MgheWZZ.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZPjXtVs.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FFqpAxb.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PvSuQLr.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WFHEdjg.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wvfeAkn.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RzWFidT.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QrnGGhh.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBHLpld.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhVuNkO.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FAJtGQR.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZWLKHGL.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fdlsFwg.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJixwtD.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EoKLCkH.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HuORQHn.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KVLkmDT.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FoWRAme.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFAQcmp.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JtyYQmh.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NRaazpT.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QLWdIYp.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MOMPphO.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jBINPig.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UHOFgdh.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ddTSyrS.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UypLJfX.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYTavEF.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PvarnCS.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kvcOmZD.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPPlAKP.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzAQzcs.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gDEdvym.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\onBIOVA.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrxFoBu.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oqSMoxp.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXmrxIn.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ACFcvsP.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lxNIvOl.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HiQoffN.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ziUeyXs.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TrcAwuI.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iwTIoMB.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\azlNjwq.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ROXVzCR.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kQnnoxk.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WVWBkLI.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YeVtfBj.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IKrCYnn.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AcsTmzT.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DvAvGoG.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpqrtKi.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OnxKJgv.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pgNrEye.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DWvdwBX.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PoTlFAD.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFfsPHg.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FkRlLwa.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aaqdIKQ.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAKsBXh.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PYJyaEI.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nokwOWN.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JCiZPMv.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TVGLKxh.exe	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2820	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2228 wrote to memory of 2820	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2228 wrote to memory of 2820	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2228 wrote to memory of 2740	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2228 wrote to memory of 2740	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2228 wrote to memory of 2740	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2228 wrote to memory of 2720	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2228 wrote to memory of 2720	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2228 wrote to memory of 2720	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2228 wrote to memory of 2748	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2228 wrote to memory of 2748	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2228 wrote to memory of 2748	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2228 wrote to memory of 2088	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2228 wrote to memory of 2088	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2228 wrote to memory of 2088	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2228 wrote to memory of 2608	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2228 wrote to memory of 2608	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2228 wrote to memory of 2608	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2228 wrote to memory of 3048	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2228 wrote to memory of 3048	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2228 wrote to memory of 3048	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2228 wrote to memory of 2036	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2228 wrote to memory of 2036	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2228 wrote to memory of 2036	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2228 wrote to memory of 2944	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2228 wrote to memory of 2944	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2228 wrote to memory of 2944	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2228 wrote to memory of 3068	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2228 wrote to memory of 3068	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2228 wrote to memory of 3068	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2228 wrote to memory of 2432	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2228 wrote to memory of 2432	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2228 wrote to memory of 2432	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2228 wrote to memory of 576	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2228 wrote to memory of 576	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2228 wrote to memory of 576	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2228 wrote to memory of 1032	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2228 wrote to memory of 1032	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2228 wrote to memory of 1032	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2228 wrote to memory of 1432	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2228 wrote to memory of 1432	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2228 wrote to memory of 1432	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2228 wrote to memory of 1524	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2228 wrote to memory of 1524	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2228 wrote to memory of 1524	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2228 wrote to memory of 2008	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2228 wrote to memory of 2008	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2228 wrote to memory of 2008	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2228 wrote to memory of 804	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2228 wrote to memory of 804	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2228 wrote to memory of 804	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2228 wrote to memory of 2916	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2228 wrote to memory of 2916	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2228 wrote to memory of 2916	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2228 wrote to memory of 2912	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2228 wrote to memory of 2912	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2228 wrote to memory of 2912	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2228 wrote to memory of 1360	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2228 wrote to memory of 1360	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2228 wrote to memory of 1360	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2228 wrote to memory of 620	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2228 wrote to memory of 620	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2228 wrote to memory of 620	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2228 wrote to memory of 1764	2228	2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_eca601ab6a3041806d41e27ce155a094_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\System\tcauIeb.exe
  C:\Windows\System\tcauIeb.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\WsiQvsF.exe
  C:\Windows\System\WsiQvsF.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\OESpTVu.exe
  C:\Windows\System\OESpTVu.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\oOymNpI.exe
  C:\Windows\System\oOymNpI.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\EmtcGSW.exe
  C:\Windows\System\EmtcGSW.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\lwQwpYl.exe
  C:\Windows\System\lwQwpYl.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\WmguUuE.exe
  C:\Windows\System\WmguUuE.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\BTSlsTX.exe
  C:\Windows\System\BTSlsTX.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\grFWmou.exe
  C:\Windows\System\grFWmou.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\CjlgOFS.exe
  C:\Windows\System\CjlgOFS.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\pYdLStl.exe
  C:\Windows\System\pYdLStl.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\PspfJMS.exe
  C:\Windows\System\PspfJMS.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\vDBIJuV.exe
  C:\Windows\System\vDBIJuV.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\bKvpdEF.exe
  C:\Windows\System\bKvpdEF.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\PlerhNk.exe
  C:\Windows\System\PlerhNk.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\ILHpmgq.exe
  C:\Windows\System\ILHpmgq.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\MHLHZPt.exe
  C:\Windows\System\MHLHZPt.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\bqoIrMn.exe
  C:\Windows\System\bqoIrMn.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\tMMdpOv.exe
  C:\Windows\System\tMMdpOv.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\UeIfEGu.exe
  C:\Windows\System\UeIfEGu.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\uRNLJtH.exe
  C:\Windows\System\uRNLJtH.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\EalSvmP.exe
  C:\Windows\System\EalSvmP.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\IBNtdOO.exe
  C:\Windows\System\IBNtdOO.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\vKZcpQT.exe
  C:\Windows\System\vKZcpQT.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\jdJzekR.exe
  C:\Windows\System\jdJzekR.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\HwRLMqy.exe
  C:\Windows\System\HwRLMqy.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\uUoxWKu.exe
  C:\Windows\System\uUoxWKu.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\IQHXrwW.exe
  C:\Windows\System\IQHXrwW.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\wPXtAXA.exe
  C:\Windows\System\wPXtAXA.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\iWykYOk.exe
  C:\Windows\System\iWykYOk.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\GUxNjWH.exe
  C:\Windows\System\GUxNjWH.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\NaMoaZy.exe
  C:\Windows\System\NaMoaZy.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\eGuPWvJ.exe
  C:\Windows\System\eGuPWvJ.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\JKEflhd.exe
  C:\Windows\System\JKEflhd.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\ovjstVE.exe
  C:\Windows\System\ovjstVE.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\JQmSwdF.exe
  C:\Windows\System\JQmSwdF.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\fUeQwDh.exe
  C:\Windows\System\fUeQwDh.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\LyOiRne.exe
  C:\Windows\System\LyOiRne.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\cgiSYuU.exe
  C:\Windows\System\cgiSYuU.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\BQAdvjx.exe
  C:\Windows\System\BQAdvjx.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\HnQDwFN.exe
  C:\Windows\System\HnQDwFN.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\xicfPMY.exe
  C:\Windows\System\xicfPMY.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\DBGJgoU.exe
  C:\Windows\System\DBGJgoU.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\PVzvwzQ.exe
  C:\Windows\System\PVzvwzQ.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\lUZwCEc.exe
  C:\Windows\System\lUZwCEc.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\CXTAzdj.exe
  C:\Windows\System\CXTAzdj.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\Sqtxjvs.exe
  C:\Windows\System\Sqtxjvs.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\JwqjHlz.exe
  C:\Windows\System\JwqjHlz.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\HYbZfMM.exe
  C:\Windows\System\HYbZfMM.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\pYDpTow.exe
  C:\Windows\System\pYDpTow.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\whfmHiA.exe
  C:\Windows\System\whfmHiA.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\OwJOfgl.exe
  C:\Windows\System\OwJOfgl.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\MhSClPA.exe
  C:\Windows\System\MhSClPA.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\eXbhKTB.exe
  C:\Windows\System\eXbhKTB.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\zYIAWJY.exe
  C:\Windows\System\zYIAWJY.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\jtIyjDc.exe
  C:\Windows\System\jtIyjDc.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\aMCeCCo.exe
  C:\Windows\System\aMCeCCo.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\McfwOVA.exe
  C:\Windows\System\McfwOVA.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\nORmGxy.exe
  C:\Windows\System\nORmGxy.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\ORvJxtH.exe
  C:\Windows\System\ORvJxtH.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\WdriXsU.exe
  C:\Windows\System\WdriXsU.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\OVGIrnc.exe
  C:\Windows\System\OVGIrnc.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\FYMwlmk.exe
  C:\Windows\System\FYMwlmk.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\WFHEdjg.exe
  C:\Windows\System\WFHEdjg.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\qGyzRil.exe
  C:\Windows\System\qGyzRil.exe
  2⤵
  PID:1852
- C:\Windows\System\QPxaqmK.exe
  C:\Windows\System\QPxaqmK.exe
  2⤵
  PID:2920
- C:\Windows\System\zIzbiAs.exe
  C:\Windows\System\zIzbiAs.exe
  2⤵
  PID:2180
- C:\Windows\System\HArvTUO.exe
  C:\Windows\System\HArvTUO.exe
  2⤵
  PID:3064
- C:\Windows\System\BEMucLs.exe
  C:\Windows\System\BEMucLs.exe
  2⤵
  PID:480
- C:\Windows\System\OWxQZCv.exe
  C:\Windows\System\OWxQZCv.exe
  2⤵
  PID:2076
- C:\Windows\System\HjkEsYu.exe
  C:\Windows\System\HjkEsYu.exe
  2⤵
  PID:1672
- C:\Windows\System\zTLfPQL.exe
  C:\Windows\System\zTLfPQL.exe
  2⤵
  PID:2328
- C:\Windows\System\OOAJfuj.exe
  C:\Windows\System\OOAJfuj.exe
  2⤵
  PID:2896
- C:\Windows\System\NFnDkQv.exe
  C:\Windows\System\NFnDkQv.exe
  2⤵
  PID:1684
- C:\Windows\System\GINoAyT.exe
  C:\Windows\System\GINoAyT.exe
  2⤵
  PID:1280
- C:\Windows\System\wQIePXD.exe
  C:\Windows\System\wQIePXD.exe
  2⤵
  PID:2320
- C:\Windows\System\XgmoRpr.exe
  C:\Windows\System\XgmoRpr.exe
  2⤵
  PID:2220
- C:\Windows\System\AEFtwTR.exe
  C:\Windows\System\AEFtwTR.exe
  2⤵
  PID:2488
- C:\Windows\System\sVmsnnw.exe
  C:\Windows\System\sVmsnnw.exe
  2⤵
  PID:2196
- C:\Windows\System\oVxhCeN.exe
  C:\Windows\System\oVxhCeN.exe
  2⤵
  PID:1384
- C:\Windows\System\QiMVbiD.exe
  C:\Windows\System\QiMVbiD.exe
  2⤵
  PID:2444
- C:\Windows\System\SpGwxTp.exe
  C:\Windows\System\SpGwxTp.exe
  2⤵
  PID:1756
- C:\Windows\System\ZiDeJPJ.exe
  C:\Windows\System\ZiDeJPJ.exe
  2⤵
  PID:2484
- C:\Windows\System\ASMahrx.exe
  C:\Windows\System\ASMahrx.exe
  2⤵
  PID:1352
- C:\Windows\System\IymiJJb.exe
  C:\Windows\System\IymiJJb.exe
  2⤵
  PID:1616
- C:\Windows\System\EInLwQE.exe
  C:\Windows\System\EInLwQE.exe
  2⤵
  PID:1968
- C:\Windows\System\xXEMMBp.exe
  C:\Windows\System\xXEMMBp.exe
  2⤵
  PID:692
- C:\Windows\System\iGpoApG.exe
  C:\Windows\System\iGpoApG.exe
  2⤵
  PID:2020
- C:\Windows\System\VgiLenM.exe
  C:\Windows\System\VgiLenM.exe
  2⤵
  PID:2084
- C:\Windows\System\IbMoOTa.exe
  C:\Windows\System\IbMoOTa.exe
  2⤵
  PID:2464
- C:\Windows\System\WNOsNZE.exe
  C:\Windows\System\WNOsNZE.exe
  2⤵
  PID:1976
- C:\Windows\System\wBBAPFg.exe
  C:\Windows\System\wBBAPFg.exe
  2⤵
  PID:2092
- C:\Windows\System\mRQSPKv.exe
  C:\Windows\System\mRQSPKv.exe
  2⤵
  PID:1572
- C:\Windows\System\LpumVrB.exe
  C:\Windows\System\LpumVrB.exe
  2⤵
  PID:2808
- C:\Windows\System\hnuTXhb.exe
  C:\Windows\System\hnuTXhb.exe
  2⤵
  PID:2860
- C:\Windows\System\JXowVba.exe
  C:\Windows\System\JXowVba.exe
  2⤵
  PID:2728
- C:\Windows\System\zOSEIAs.exe
  C:\Windows\System\zOSEIAs.exe
  2⤵
  PID:2804
- C:\Windows\System\gvcJVPL.exe
  C:\Windows\System\gvcJVPL.exe
  2⤵
  PID:2704
- C:\Windows\System\iFaTJWY.exe
  C:\Windows\System\iFaTJWY.exe
  2⤵
  PID:3040
- C:\Windows\System\snADWDE.exe
  C:\Windows\System\snADWDE.exe
  2⤵
  PID:2564
- C:\Windows\System\TGYVtBb.exe
  C:\Windows\System\TGYVtBb.exe
  2⤵
  PID:2148
- C:\Windows\System\wBTqZDh.exe
  C:\Windows\System\wBTqZDh.exe
  2⤵
  PID:1876
- C:\Windows\System\rEVJnEe.exe
  C:\Windows\System\rEVJnEe.exe
  2⤵
  PID:3020
- C:\Windows\System\raKcbfY.exe
  C:\Windows\System\raKcbfY.exe
  2⤵
  PID:2000
- C:\Windows\System\LtRvQfS.exe
  C:\Windows\System\LtRvQfS.exe
  2⤵
  PID:1740
- C:\Windows\System\qIFJJNB.exe
  C:\Windows\System\qIFJJNB.exe
  2⤵
  PID:1712
- C:\Windows\System\TFGxlWL.exe
  C:\Windows\System\TFGxlWL.exe
  2⤵
  PID:2156
- C:\Windows\System\NIgohzs.exe
  C:\Windows\System\NIgohzs.exe
  2⤵
  PID:2568
- C:\Windows\System\CsalEBr.exe
  C:\Windows\System\CsalEBr.exe
  2⤵
  PID:1884
- C:\Windows\System\NsfmFVn.exe
  C:\Windows\System\NsfmFVn.exe
  2⤵
  PID:1480
- C:\Windows\System\mMWFCxx.exe
  C:\Windows\System\mMWFCxx.exe
  2⤵
  PID:1084
- C:\Windows\System\MmrJaYK.exe
  C:\Windows\System\MmrJaYK.exe
  2⤵
  PID:1304
- C:\Windows\System\OgIjtmD.exe
  C:\Windows\System\OgIjtmD.exe
  2⤵
  PID:1368
- C:\Windows\System\aCaNDXh.exe
  C:\Windows\System\aCaNDXh.exe
  2⤵
  PID:2400
- C:\Windows\System\dRHQxic.exe
  C:\Windows\System\dRHQxic.exe
  2⤵
  PID:1372
- C:\Windows\System\yRetlkm.exe
  C:\Windows\System\yRetlkm.exe
  2⤵
  PID:1340
- C:\Windows\System\FuWXRoz.exe
  C:\Windows\System\FuWXRoz.exe
  2⤵
  PID:1676
- C:\Windows\System\leAqkbQ.exe
  C:\Windows\System\leAqkbQ.exe
  2⤵
  PID:872
- C:\Windows\System\GOQNrFO.exe
  C:\Windows\System\GOQNrFO.exe
  2⤵
  PID:2812
- C:\Windows\System\KvpHzQI.exe
  C:\Windows\System\KvpHzQI.exe
  2⤵
  PID:2796
- C:\Windows\System\BvNAtGN.exe
  C:\Windows\System\BvNAtGN.exe
  2⤵
  PID:2724
- C:\Windows\System\noFgYos.exe
  C:\Windows\System\noFgYos.exe
  2⤵
  PID:3056
- C:\Windows\System\VTxMMBX.exe
  C:\Windows\System\VTxMMBX.exe
  2⤵
  PID:2684
- C:\Windows\System\QZXUrOM.exe
  C:\Windows\System\QZXUrOM.exe
  2⤵
  PID:1932
- C:\Windows\System\sJpBACK.exe
  C:\Windows\System\sJpBACK.exe
  2⤵
  PID:2072
- C:\Windows\System\tWkAbsY.exe
  C:\Windows\System\tWkAbsY.exe
  2⤵
  PID:2244
- C:\Windows\System\MBFeKbU.exe
  C:\Windows\System\MBFeKbU.exe
  2⤵
  PID:2256
- C:\Windows\System\UjLzjhc.exe
  C:\Windows\System\UjLzjhc.exe
  2⤵
  PID:1804
- C:\Windows\System\KobMTmu.exe
  C:\Windows\System\KobMTmu.exe
  2⤵
  PID:328
- C:\Windows\System\cfalrEm.exe
  C:\Windows\System\cfalrEm.exe
  2⤵
  PID:2132
- C:\Windows\System\FkLbjke.exe
  C:\Windows\System\FkLbjke.exe
  2⤵
  PID:876
- C:\Windows\System\KBVTeMJ.exe
  C:\Windows\System\KBVTeMJ.exe
  2⤵
  PID:1736
- C:\Windows\System\snRKJWC.exe
  C:\Windows\System\snRKJWC.exe
  2⤵
  PID:1548
- C:\Windows\System\TnxcOEv.exe
  C:\Windows\System\TnxcOEv.exe
  2⤵
  PID:2664
- C:\Windows\System\szktBLX.exe
  C:\Windows\System\szktBLX.exe
  2⤵
  PID:2780
- C:\Windows\System\ODGkNjo.exe
  C:\Windows\System\ODGkNjo.exe
  2⤵
  PID:1716
- C:\Windows\System\wQzfClT.exe
  C:\Windows\System\wQzfClT.exe
  2⤵
  PID:3052
- C:\Windows\System\UUropSw.exe
  C:\Windows\System\UUropSw.exe
  2⤵
  PID:2900
- C:\Windows\System\TRoadxe.exe
  C:\Windows\System\TRoadxe.exe
  2⤵
  PID:3088
- C:\Windows\System\UDAdqIG.exe
  C:\Windows\System\UDAdqIG.exe
  2⤵
  PID:3108
- C:\Windows\System\NyRKFaR.exe
  C:\Windows\System\NyRKFaR.exe
  2⤵
  PID:3128
- C:\Windows\System\BsXUkIM.exe
  C:\Windows\System\BsXUkIM.exe
  2⤵
  PID:3144
- C:\Windows\System\cLPQTDm.exe
  C:\Windows\System\cLPQTDm.exe
  2⤵
  PID:3168
- C:\Windows\System\FEZLOes.exe
  C:\Windows\System\FEZLOes.exe
  2⤵
  PID:3188
- C:\Windows\System\QjivebD.exe
  C:\Windows\System\QjivebD.exe
  2⤵
  PID:3208
- C:\Windows\System\HgXoiUz.exe
  C:\Windows\System\HgXoiUz.exe
  2⤵
  PID:3228
- C:\Windows\System\zNIdpzT.exe
  C:\Windows\System\zNIdpzT.exe
  2⤵
  PID:3248
- C:\Windows\System\IAhZwJX.exe
  C:\Windows\System\IAhZwJX.exe
  2⤵
  PID:3268
- C:\Windows\System\jbSSdgW.exe
  C:\Windows\System\jbSSdgW.exe
  2⤵
  PID:3288
- C:\Windows\System\vZgbuTQ.exe
  C:\Windows\System\vZgbuTQ.exe
  2⤵
  PID:3308
- C:\Windows\System\WgWzflC.exe
  C:\Windows\System\WgWzflC.exe
  2⤵
  PID:3328
- C:\Windows\System\bOMaiKs.exe
  C:\Windows\System\bOMaiKs.exe
  2⤵
  PID:3348
- C:\Windows\System\Obnnbjk.exe
  C:\Windows\System\Obnnbjk.exe
  2⤵
  PID:3368
- C:\Windows\System\eekHELa.exe
  C:\Windows\System\eekHELa.exe
  2⤵
  PID:3384
- C:\Windows\System\yiRpvmt.exe
  C:\Windows\System\yiRpvmt.exe
  2⤵
  PID:3408
- C:\Windows\System\bISBNuj.exe
  C:\Windows\System\bISBNuj.exe
  2⤵
  PID:3428
- C:\Windows\System\pvStmkD.exe
  C:\Windows\System\pvStmkD.exe
  2⤵
  PID:3448
- C:\Windows\System\jauQMII.exe
  C:\Windows\System\jauQMII.exe
  2⤵
  PID:3468
- C:\Windows\System\EuIwsgs.exe
  C:\Windows\System\EuIwsgs.exe
  2⤵
  PID:3488
- C:\Windows\System\bxrOHWr.exe
  C:\Windows\System\bxrOHWr.exe
  2⤵
  PID:3508
- C:\Windows\System\PgrQHPa.exe
  C:\Windows\System\PgrQHPa.exe
  2⤵
  PID:3528
- C:\Windows\System\UBuJkMO.exe
  C:\Windows\System\UBuJkMO.exe
  2⤵
  PID:3548
- C:\Windows\System\tDDDNqs.exe
  C:\Windows\System\tDDDNqs.exe
  2⤵
  PID:3568
- C:\Windows\System\TVGLKxh.exe
  C:\Windows\System\TVGLKxh.exe
  2⤵
  PID:3588
- C:\Windows\System\MxIvWCt.exe
  C:\Windows\System\MxIvWCt.exe
  2⤵
  PID:3608
- C:\Windows\System\roYZnoK.exe
  C:\Windows\System\roYZnoK.exe
  2⤵
  PID:3624
- C:\Windows\System\uEzEzzN.exe
  C:\Windows\System\uEzEzzN.exe
  2⤵
  PID:3648
- C:\Windows\System\PVuqDeH.exe
  C:\Windows\System\PVuqDeH.exe
  2⤵
  PID:3664
- C:\Windows\System\fSiHxjt.exe
  C:\Windows\System\fSiHxjt.exe
  2⤵
  PID:3688
- C:\Windows\System\oXtNuNy.exe
  C:\Windows\System\oXtNuNy.exe
  2⤵
  PID:3704
- C:\Windows\System\PuzWafp.exe
  C:\Windows\System\PuzWafp.exe
  2⤵
  PID:3728
- C:\Windows\System\nWOpbjO.exe
  C:\Windows\System\nWOpbjO.exe
  2⤵
  PID:3744
- C:\Windows\System\MwCokuv.exe
  C:\Windows\System\MwCokuv.exe
  2⤵
  PID:3768
- C:\Windows\System\XoDYgOw.exe
  C:\Windows\System\XoDYgOw.exe
  2⤵
  PID:3788
- C:\Windows\System\eMKVOyI.exe
  C:\Windows\System\eMKVOyI.exe
  2⤵
  PID:3808
- C:\Windows\System\jJOFxlp.exe
  C:\Windows\System\jJOFxlp.exe
  2⤵
  PID:3828
- C:\Windows\System\heqsZtA.exe
  C:\Windows\System\heqsZtA.exe
  2⤵
  PID:3856
- C:\Windows\System\nEkeGAV.exe
  C:\Windows\System\nEkeGAV.exe
  2⤵
  PID:3880
- C:\Windows\System\LSmwCJl.exe
  C:\Windows\System\LSmwCJl.exe
  2⤵
  PID:3900
- C:\Windows\System\uMzUAoo.exe
  C:\Windows\System\uMzUAoo.exe
  2⤵
  PID:3916
- C:\Windows\System\qsVqlpH.exe
  C:\Windows\System\qsVqlpH.exe
  2⤵
  PID:3940
- C:\Windows\System\QUuSHYo.exe
  C:\Windows\System\QUuSHYo.exe
  2⤵
  PID:3960
- C:\Windows\System\kexCdle.exe
  C:\Windows\System\kexCdle.exe
  2⤵
  PID:3980
- C:\Windows\System\PBFOTnB.exe
  C:\Windows\System\PBFOTnB.exe
  2⤵
  PID:4000
- C:\Windows\System\YJolkOV.exe
  C:\Windows\System\YJolkOV.exe
  2⤵
  PID:4020
- C:\Windows\System\kvduWdY.exe
  C:\Windows\System\kvduWdY.exe
  2⤵
  PID:4036
- C:\Windows\System\MGEkxzt.exe
  C:\Windows\System\MGEkxzt.exe
  2⤵
  PID:4060
- C:\Windows\System\xPnbDDG.exe
  C:\Windows\System\xPnbDDG.exe
  2⤵
  PID:4080
- C:\Windows\System\YhQFhnX.exe
  C:\Windows\System\YhQFhnX.exe
  2⤵
  PID:752
- C:\Windows\System\HvefYiS.exe
  C:\Windows\System\HvefYiS.exe
  2⤵
  PID:604
- C:\Windows\System\uFDvzVD.exe
  C:\Windows\System\uFDvzVD.exe
  2⤵
  PID:1924
- C:\Windows\System\ANoApiV.exe
  C:\Windows\System\ANoApiV.exe
  2⤵
  PID:2276
- C:\Windows\System\aPvtHbw.exe
  C:\Windows\System\aPvtHbw.exe
  2⤵
  PID:884
- C:\Windows\System\MnYqYPu.exe
  C:\Windows\System\MnYqYPu.exe
  2⤵
  PID:2248
- C:\Windows\System\wNFMZgs.exe
  C:\Windows\System\wNFMZgs.exe
  2⤵
  PID:3080
- C:\Windows\System\ZsTumtw.exe
  C:\Windows\System\ZsTumtw.exe
  2⤵
  PID:3116
- C:\Windows\System\YKAcBJp.exe
  C:\Windows\System\YKAcBJp.exe
  2⤵
  PID:3100
- C:\Windows\System\ubmDcLV.exe
  C:\Windows\System\ubmDcLV.exe
  2⤵
  PID:3156
- C:\Windows\System\QuRyAKR.exe
  C:\Windows\System\QuRyAKR.exe
  2⤵
  PID:3236
- C:\Windows\System\OQPCaOJ.exe
  C:\Windows\System\OQPCaOJ.exe
  2⤵
  PID:3216
- C:\Windows\System\wcqMBkh.exe
  C:\Windows\System\wcqMBkh.exe
  2⤵
  PID:3284
- C:\Windows\System\NDaCaHZ.exe
  C:\Windows\System\NDaCaHZ.exe
  2⤵
  PID:3264
- C:\Windows\System\PutipLE.exe
  C:\Windows\System\PutipLE.exe
  2⤵
  PID:3300
- C:\Windows\System\KkbYaYj.exe
  C:\Windows\System\KkbYaYj.exe
  2⤵
  PID:3344
- C:\Windows\System\bBGBrZC.exe
  C:\Windows\System\bBGBrZC.exe
  2⤵
  PID:3396
- C:\Windows\System\onBIOVA.exe
  C:\Windows\System\onBIOVA.exe
  2⤵
  PID:3436
- C:\Windows\System\PUIwMXq.exe
  C:\Windows\System\PUIwMXq.exe
  2⤵
  PID:3424
- C:\Windows\System\fHLyQdL.exe
  C:\Windows\System\fHLyQdL.exe
  2⤵
  PID:3456
- C:\Windows\System\WGskHXZ.exe
  C:\Windows\System\WGskHXZ.exe
  2⤵
  PID:3556
- C:\Windows\System\ZlFrelm.exe
  C:\Windows\System\ZlFrelm.exe
  2⤵
  PID:3560
- C:\Windows\System\RAwtkVN.exe
  C:\Windows\System\RAwtkVN.exe
  2⤵
  PID:3544
- C:\Windows\System\bFmEjEm.exe
  C:\Windows\System\bFmEjEm.exe
  2⤵
  PID:3584
- C:\Windows\System\TmrMkyu.exe
  C:\Windows\System\TmrMkyu.exe
  2⤵
  PID:3636
- C:\Windows\System\xgKzdKF.exe
  C:\Windows\System\xgKzdKF.exe
  2⤵
  PID:3620
- C:\Windows\System\OvNiYVd.exe
  C:\Windows\System\OvNiYVd.exe
  2⤵
  PID:3716
- C:\Windows\System\EPluuwz.exe
  C:\Windows\System\EPluuwz.exe
  2⤵
  PID:3760
- C:\Windows\System\zYkbNoH.exe
  C:\Windows\System\zYkbNoH.exe
  2⤵
  PID:3796
- C:\Windows\System\NrzIRqm.exe
  C:\Windows\System\NrzIRqm.exe
  2⤵
  PID:3780
- C:\Windows\System\XtKcElW.exe
  C:\Windows\System\XtKcElW.exe
  2⤵
  PID:3816
- C:\Windows\System\Oqcxzwp.exe
  C:\Windows\System\Oqcxzwp.exe
  2⤵
  PID:3892
- C:\Windows\System\tBTOQkv.exe
  C:\Windows\System\tBTOQkv.exe
  2⤵
  PID:2764
- C:\Windows\System\biOJIOx.exe
  C:\Windows\System\biOJIOx.exe
  2⤵
  PID:3908
- C:\Windows\System\KaWBSpA.exe
  C:\Windows\System\KaWBSpA.exe
  2⤵
  PID:3948
- C:\Windows\System\dzLyspX.exe
  C:\Windows\System\dzLyspX.exe
  2⤵
  PID:4016
- C:\Windows\System\mFcJTmV.exe
  C:\Windows\System\mFcJTmV.exe
  2⤵
  PID:4028
- C:\Windows\System\FUWPeHw.exe
  C:\Windows\System\FUWPeHw.exe
  2⤵
  PID:4048
- C:\Windows\System\QSdFflM.exe
  C:\Windows\System\QSdFflM.exe
  2⤵
  PID:4072
- C:\Windows\System\stUSLwA.exe
  C:\Windows\System\stUSLwA.exe
  2⤵
  PID:1516
- C:\Windows\System\mxuUiOk.exe
  C:\Windows\System\mxuUiOk.exe
  2⤵
  PID:2588
- C:\Windows\System\OgNAZCF.exe
  C:\Windows\System\OgNAZCF.exe
  2⤵
  PID:664
- C:\Windows\System\DtaiIrj.exe
  C:\Windows\System\DtaiIrj.exe
  2⤵
  PID:2660
- C:\Windows\System\AkchurK.exe
  C:\Windows\System\AkchurK.exe
  2⤵
  PID:2404
- C:\Windows\System\RiXrDyy.exe
  C:\Windows\System\RiXrDyy.exe
  2⤵
  PID:3204
- C:\Windows\System\zGGCVzr.exe
  C:\Windows\System\zGGCVzr.exe
  2⤵
  PID:3276
- C:\Windows\System\dUDBaSv.exe
  C:\Windows\System\dUDBaSv.exe
  2⤵
  PID:3320
- C:\Windows\System\njkdFYu.exe
  C:\Windows\System\njkdFYu.exe
  2⤵
  PID:3260
- C:\Windows\System\jAlggsf.exe
  C:\Windows\System\jAlggsf.exe
  2⤵
  PID:3360
- C:\Windows\System\gqjRsXM.exe
  C:\Windows\System\gqjRsXM.exe
  2⤵
  PID:1936
- C:\Windows\System\ASXtIll.exe
  C:\Windows\System\ASXtIll.exe
  2⤵
  PID:3484
- C:\Windows\System\QNnDnVs.exe
  C:\Windows\System\QNnDnVs.exe
  2⤵
  PID:3596
- C:\Windows\System\bDYBnUb.exe
  C:\Windows\System\bDYBnUb.exe
  2⤵
  PID:3600
- C:\Windows\System\FPPGIvm.exe
  C:\Windows\System\FPPGIvm.exe
  2⤵
  PID:3580
- C:\Windows\System\ibKlCuh.exe
  C:\Windows\System\ibKlCuh.exe
  2⤵
  PID:3660
- C:\Windows\System\IPMWVFp.exe
  C:\Windows\System\IPMWVFp.exe
  2⤵
  PID:3756
- C:\Windows\System\xjSjHga.exe
  C:\Windows\System\xjSjHga.exe
  2⤵
  PID:3740
- C:\Windows\System\pRYGuez.exe
  C:\Windows\System\pRYGuez.exe
  2⤵
  PID:3804
- C:\Windows\System\WAazwWM.exe
  C:\Windows\System\WAazwWM.exe
  2⤵
  PID:3824
- C:\Windows\System\GUvOxBS.exe
  C:\Windows\System\GUvOxBS.exe
  2⤵
  PID:3936
- C:\Windows\System\axTTRDm.exe
  C:\Windows\System\axTTRDm.exe
  2⤵
  PID:3992
- C:\Windows\System\toXKuNw.exe
  C:\Windows\System\toXKuNw.exe
  2⤵
  PID:4068
- C:\Windows\System\AIkBmgq.exe
  C:\Windows\System\AIkBmgq.exe
  2⤵
  PID:1588
- C:\Windows\System\JcWdQpH.exe
  C:\Windows\System\JcWdQpH.exe
  2⤵
  PID:2964
- C:\Windows\System\cCqKZDp.exe
  C:\Windows\System\cCqKZDp.exe
  2⤵
  PID:1692
- C:\Windows\System\TWoqGhO.exe
  C:\Windows\System\TWoqGhO.exe
  2⤵
  PID:3200
- C:\Windows\System\MDxrWzL.exe
  C:\Windows\System\MDxrWzL.exe
  2⤵
  PID:3180
- C:\Windows\System\VXkeVOR.exe
  C:\Windows\System\VXkeVOR.exe
  2⤵
  PID:3404
- C:\Windows\System\cmIZfQF.exe
  C:\Windows\System\cmIZfQF.exe
  2⤵
  PID:3416
- C:\Windows\System\iYRdjuP.exe
  C:\Windows\System\iYRdjuP.exe
  2⤵
  PID:3524
- C:\Windows\System\tbRjpiC.exe
  C:\Windows\System\tbRjpiC.exe
  2⤵
  PID:3504
- C:\Windows\System\KCZqEyU.exe
  C:\Windows\System\KCZqEyU.exe
  2⤵
  PID:3656
- C:\Windows\System\lmhvsNX.exe
  C:\Windows\System\lmhvsNX.exe
  2⤵
  PID:3680
- C:\Windows\System\shvtbHh.exe
  C:\Windows\System\shvtbHh.exe
  2⤵
  PID:3852
- C:\Windows\System\TvKereW.exe
  C:\Windows\System\TvKereW.exe
  2⤵
  PID:3888
- C:\Windows\System\zhmmSeC.exe
  C:\Windows\System\zhmmSeC.exe
  2⤵
  PID:3956
- C:\Windows\System\MgheWZZ.exe
  C:\Windows\System\MgheWZZ.exe
  2⤵
  PID:4056
- C:\Windows\System\PaOrFfH.exe
  C:\Windows\System\PaOrFfH.exe
  2⤵
  PID:2176
- C:\Windows\System\nwEEscb.exe
  C:\Windows\System\nwEEscb.exe
  2⤵
  PID:3164
- C:\Windows\System\UkPuAuT.exe
  C:\Windows\System\UkPuAuT.exe
  2⤵
  PID:3160
- C:\Windows\System\DAhWUnI.exe
  C:\Windows\System\DAhWUnI.exe
  2⤵
  PID:3400
- C:\Windows\System\nhPDISX.exe
  C:\Windows\System\nhPDISX.exe
  2⤵
  PID:3540
- C:\Windows\System\ZoZMGAM.exe
  C:\Windows\System\ZoZMGAM.exe
  2⤵
  PID:3616
- C:\Windows\System\SKnaBOj.exe
  C:\Windows\System\SKnaBOj.exe
  2⤵
  PID:3776
- C:\Windows\System\fNONhxJ.exe
  C:\Windows\System\fNONhxJ.exe
  2⤵
  PID:3988
- C:\Windows\System\zWNvCAd.exe
  C:\Windows\System\zWNvCAd.exe
  2⤵
  PID:1088
- C:\Windows\System\pvhUKJT.exe
  C:\Windows\System\pvhUKJT.exe
  2⤵
  PID:3096
- C:\Windows\System\JZrKIvk.exe
  C:\Windows\System\JZrKIvk.exe
  2⤵
  PID:4112
- C:\Windows\System\gRzbOCt.exe
  C:\Windows\System\gRzbOCt.exe
  2⤵
  PID:4132
- C:\Windows\System\KSIfuWt.exe
  C:\Windows\System\KSIfuWt.exe
  2⤵
  PID:4148
- C:\Windows\System\RJUwaaH.exe
  C:\Windows\System\RJUwaaH.exe
  2⤵
  PID:4172
- C:\Windows\System\vdTTame.exe
  C:\Windows\System\vdTTame.exe
  2⤵
  PID:4192
- C:\Windows\System\DsZaQhL.exe
  C:\Windows\System\DsZaQhL.exe
  2⤵
  PID:4212
- C:\Windows\System\tfwvFXX.exe
  C:\Windows\System\tfwvFXX.exe
  2⤵
  PID:4228
- C:\Windows\System\aYFoIEM.exe
  C:\Windows\System\aYFoIEM.exe
  2⤵
  PID:4252
- C:\Windows\System\XTOhPLF.exe
  C:\Windows\System\XTOhPLF.exe
  2⤵
  PID:4268
- C:\Windows\System\ipFpanL.exe
  C:\Windows\System\ipFpanL.exe
  2⤵
  PID:4292
- C:\Windows\System\RMuGAxM.exe
  C:\Windows\System\RMuGAxM.exe
  2⤵
  PID:4316
- C:\Windows\System\rSYtVyS.exe
  C:\Windows\System\rSYtVyS.exe
  2⤵
  PID:4336
- C:\Windows\System\xyqHQSX.exe
  C:\Windows\System\xyqHQSX.exe
  2⤵
  PID:4356
- C:\Windows\System\EphAsxT.exe
  C:\Windows\System\EphAsxT.exe
  2⤵
  PID:4376
- C:\Windows\System\fjgSnEL.exe
  C:\Windows\System\fjgSnEL.exe
  2⤵
  PID:4396
- C:\Windows\System\Ramllyx.exe
  C:\Windows\System\Ramllyx.exe
  2⤵
  PID:4416
- C:\Windows\System\xFmVVrq.exe
  C:\Windows\System\xFmVVrq.exe
  2⤵
  PID:4436
- C:\Windows\System\KJSpknz.exe
  C:\Windows\System\KJSpknz.exe
  2⤵
  PID:4456
- C:\Windows\System\QQObVwH.exe
  C:\Windows\System\QQObVwH.exe
  2⤵
  PID:4476
- C:\Windows\System\ECdcubP.exe
  C:\Windows\System\ECdcubP.exe
  2⤵
  PID:4496
- C:\Windows\System\qfoZfjp.exe
  C:\Windows\System\qfoZfjp.exe
  2⤵
  PID:4512
- C:\Windows\System\KtEeyDN.exe
  C:\Windows\System\KtEeyDN.exe
  2⤵
  PID:4536
- C:\Windows\System\oaipcLI.exe
  C:\Windows\System\oaipcLI.exe
  2⤵
  PID:4556
- C:\Windows\System\gOpCYoq.exe
  C:\Windows\System\gOpCYoq.exe
  2⤵
  PID:4576
- C:\Windows\System\qyyNxmE.exe
  C:\Windows\System\qyyNxmE.exe
  2⤵
  PID:4596
- C:\Windows\System\veNyPmT.exe
  C:\Windows\System\veNyPmT.exe
  2⤵
  PID:4616
- C:\Windows\System\EMQtmxB.exe
  C:\Windows\System\EMQtmxB.exe
  2⤵
  PID:4636
- C:\Windows\System\SvMkugM.exe
  C:\Windows\System\SvMkugM.exe
  2⤵
  PID:4656
- C:\Windows\System\aBmrQsv.exe
  C:\Windows\System\aBmrQsv.exe
  2⤵
  PID:4676
- C:\Windows\System\YrCONDk.exe
  C:\Windows\System\YrCONDk.exe
  2⤵
  PID:4696
- C:\Windows\System\geZSJia.exe
  C:\Windows\System\geZSJia.exe
  2⤵
  PID:4716
- C:\Windows\System\utcEOqh.exe
  C:\Windows\System\utcEOqh.exe
  2⤵
  PID:4736
- C:\Windows\System\OTxkqCQ.exe
  C:\Windows\System\OTxkqCQ.exe
  2⤵
  PID:4756
- C:\Windows\System\RKANZFK.exe
  C:\Windows\System\RKANZFK.exe
  2⤵
  PID:4776
- C:\Windows\System\yYKawAY.exe
  C:\Windows\System\yYKawAY.exe
  2⤵
  PID:4796
- C:\Windows\System\mpzLVTx.exe
  C:\Windows\System\mpzLVTx.exe
  2⤵
  PID:4816
- C:\Windows\System\VUXAHmM.exe
  C:\Windows\System\VUXAHmM.exe
  2⤵
  PID:4836
- C:\Windows\System\jwOYaZe.exe
  C:\Windows\System\jwOYaZe.exe
  2⤵
  PID:4856
- C:\Windows\System\chjvmHR.exe
  C:\Windows\System\chjvmHR.exe
  2⤵
  PID:4876
- C:\Windows\System\VMnUVEw.exe
  C:\Windows\System\VMnUVEw.exe
  2⤵
  PID:4896
- C:\Windows\System\QwCDzIC.exe
  C:\Windows\System\QwCDzIC.exe
  2⤵
  PID:4916
- C:\Windows\System\SQOevVr.exe
  C:\Windows\System\SQOevVr.exe
  2⤵
  PID:4936
- C:\Windows\System\jkjBWsU.exe
  C:\Windows\System\jkjBWsU.exe
  2⤵
  PID:4952
- C:\Windows\System\IwvodzG.exe
  C:\Windows\System\IwvodzG.exe
  2⤵
  PID:4976
- C:\Windows\System\zOquJoh.exe
  C:\Windows\System\zOquJoh.exe
  2⤵
  PID:4996
- C:\Windows\System\CblUhOA.exe
  C:\Windows\System\CblUhOA.exe
  2⤵
  PID:5016
- C:\Windows\System\clAZmyI.exe
  C:\Windows\System\clAZmyI.exe
  2⤵
  PID:5032
- C:\Windows\System\qdXPwnk.exe
  C:\Windows\System\qdXPwnk.exe
  2⤵
  PID:5056
- C:\Windows\System\muzRqbW.exe
  C:\Windows\System\muzRqbW.exe
  2⤵
  PID:5080
- C:\Windows\System\bCQILga.exe
  C:\Windows\System\bCQILga.exe
  2⤵
  PID:5100
- C:\Windows\System\yOIQDPL.exe
  C:\Windows\System\yOIQDPL.exe
  2⤵
  PID:3176
- C:\Windows\System\drXeUyN.exe
  C:\Windows\System\drXeUyN.exe
  2⤵
  PID:2628
- C:\Windows\System\izjfdmH.exe
  C:\Windows\System\izjfdmH.exe
  2⤵
  PID:2788
- C:\Windows\System\vdomwpI.exe
  C:\Windows\System\vdomwpI.exe
  2⤵
  PID:1504
- C:\Windows\System\mPBcfZA.exe
  C:\Windows\System\mPBcfZA.exe
  2⤵
  PID:444
- C:\Windows\System\MCNTmzV.exe
  C:\Windows\System\MCNTmzV.exe
  2⤵
  PID:4120
- C:\Windows\System\hWLbmsQ.exe
  C:\Windows\System\hWLbmsQ.exe
  2⤵
  PID:4100
- C:\Windows\System\wnXxlsi.exe
  C:\Windows\System\wnXxlsi.exe
  2⤵
  PID:4164
- C:\Windows\System\xyxtUBc.exe
  C:\Windows\System\xyxtUBc.exe
  2⤵
  PID:4184
- C:\Windows\System\zPavlNR.exe
  C:\Windows\System\zPavlNR.exe
  2⤵
  PID:4220
- C:\Windows\System\THVxCeS.exe
  C:\Windows\System\THVxCeS.exe
  2⤵
  PID:4276
- C:\Windows\System\YVgdLbf.exe
  C:\Windows\System\YVgdLbf.exe
  2⤵
  PID:4300
- C:\Windows\System\vzcEdZv.exe
  C:\Windows\System\vzcEdZv.exe
  2⤵
  PID:4328
- C:\Windows\System\xsobHVW.exe
  C:\Windows\System\xsobHVW.exe
  2⤵
  PID:4352
- C:\Windows\System\aXRYqTU.exe
  C:\Windows\System\aXRYqTU.exe
  2⤵
  PID:4384
- C:\Windows\System\KEtFbdF.exe
  C:\Windows\System\KEtFbdF.exe
  2⤵
  PID:4448
- C:\Windows\System\aSOeUvr.exe
  C:\Windows\System\aSOeUvr.exe
  2⤵
  PID:4484
- C:\Windows\System\DCjKVou.exe
  C:\Windows\System\DCjKVou.exe
  2⤵
  PID:4520
- C:\Windows\System\PnAeCSm.exe
  C:\Windows\System\PnAeCSm.exe
  2⤵
  PID:4524
- C:\Windows\System\tKmNcTu.exe
  C:\Windows\System\tKmNcTu.exe
  2⤵
  PID:4548
- C:\Windows\System\SRbDRWr.exe
  C:\Windows\System\SRbDRWr.exe
  2⤵
  PID:4584
- C:\Windows\System\hLLxXFC.exe
  C:\Windows\System\hLLxXFC.exe
  2⤵
  PID:4652
- C:\Windows\System\wawRQqO.exe
  C:\Windows\System\wawRQqO.exe
  2⤵
  PID:4688
- C:\Windows\System\gZSBGEP.exe
  C:\Windows\System\gZSBGEP.exe
  2⤵
  PID:4704
- C:\Windows\System\CZivrAq.exe
  C:\Windows\System\CZivrAq.exe
  2⤵
  PID:4712
- C:\Windows\System\TIemGjh.exe
  C:\Windows\System\TIemGjh.exe
  2⤵
  PID:4748
- C:\Windows\System\ZhfdjlU.exe
  C:\Windows\System\ZhfdjlU.exe
  2⤵
  PID:4808
- C:\Windows\System\GkSYGVL.exe
  C:\Windows\System\GkSYGVL.exe
  2⤵
  PID:4844
- C:\Windows\System\mvkXAoO.exe
  C:\Windows\System\mvkXAoO.exe
  2⤵
  PID:4832
- C:\Windows\System\HfNuuOl.exe
  C:\Windows\System\HfNuuOl.exe
  2⤵
  PID:4872
- C:\Windows\System\ZeIkQrx.exe
  C:\Windows\System\ZeIkQrx.exe
  2⤵
  PID:4932
- C:\Windows\System\zxQRqQV.exe
  C:\Windows\System\zxQRqQV.exe
  2⤵
  PID:652
- C:\Windows\System\tGHBSWW.exe
  C:\Windows\System\tGHBSWW.exe
  2⤵
  PID:4964
- C:\Windows\System\oNsCxAN.exe
  C:\Windows\System\oNsCxAN.exe
  2⤵
  PID:4948
- C:\Windows\System\BgvHoGs.exe
  C:\Windows\System\BgvHoGs.exe
  2⤵
  PID:5040
- C:\Windows\System\XSNwfEy.exe
  C:\Windows\System\XSNwfEy.exe
  2⤵
  PID:5088
- C:\Windows\System\uDbNuXW.exe
  C:\Windows\System\uDbNuXW.exe
  2⤵
  PID:5092
- C:\Windows\System\odxsKht.exe
  C:\Windows\System\odxsKht.exe
  2⤵
  PID:5112
- C:\Windows\System\hkEdOgt.exe
  C:\Windows\System\hkEdOgt.exe
  2⤵
  PID:3872
- C:\Windows\System\lIHxxKv.exe
  C:\Windows\System\lIHxxKv.exe
  2⤵
  PID:3972
- C:\Windows\System\IPgiQgF.exe
  C:\Windows\System\IPgiQgF.exe
  2⤵
  PID:4124
- C:\Windows\System\jXenuwu.exe
  C:\Windows\System\jXenuwu.exe
  2⤵
  PID:1868
- C:\Windows\System\tNMggdD.exe
  C:\Windows\System\tNMggdD.exe
  2⤵
  PID:4240
- C:\Windows\System\QJMTAYb.exe
  C:\Windows\System\QJMTAYb.exe
  2⤵
  PID:4244
- C:\Windows\System\hSAZNTH.exe
  C:\Windows\System\hSAZNTH.exe
  2⤵
  PID:4348
- C:\Windows\System\PEdRopq.exe
  C:\Windows\System\PEdRopq.exe
  2⤵
  PID:4388
- C:\Windows\System\aLqGshZ.exe
  C:\Windows\System\aLqGshZ.exe
  2⤵
  PID:1544
- C:\Windows\System\BSBdmSq.exe
  C:\Windows\System\BSBdmSq.exe
  2⤵
  PID:4492
- C:\Windows\System\KOYJCHb.exe
  C:\Windows\System\KOYJCHb.exe
  2⤵
  PID:2108
- C:\Windows\System\ydfaChP.exe
  C:\Windows\System\ydfaChP.exe
  2⤵
  PID:2556
- C:\Windows\System\lxNIvOl.exe
  C:\Windows\System\lxNIvOl.exe
  2⤵
  PID:4624
- C:\Windows\System\MyhMBjQ.exe
  C:\Windows\System\MyhMBjQ.exe
  2⤵
  PID:4632
- C:\Windows\System\IbZSBUh.exe
  C:\Windows\System\IbZSBUh.exe
  2⤵
  PID:4744
- C:\Windows\System\PIHsMyG.exe
  C:\Windows\System\PIHsMyG.exe
  2⤵
  PID:4728
- C:\Windows\System\bXmoOIr.exe
  C:\Windows\System\bXmoOIr.exe
  2⤵
  PID:4864
- C:\Windows\System\deEWhiB.exe
  C:\Windows\System\deEWhiB.exe
  2⤵
  PID:4848
- C:\Windows\System\yARLmXV.exe
  C:\Windows\System\yARLmXV.exe
  2⤵
  PID:4904
- C:\Windows\System\QfdPSzD.exe
  C:\Windows\System\QfdPSzD.exe
  2⤵
  PID:4960
- C:\Windows\System\DGqAIRa.exe
  C:\Windows\System\DGqAIRa.exe
  2⤵
  PID:5024
- C:\Windows\System\zfOsnol.exe
  C:\Windows\System\zfOsnol.exe
  2⤵
  PID:5064
- C:\Windows\System\EvWDECl.exe
  C:\Windows\System\EvWDECl.exe
  2⤵
  PID:2904
- C:\Windows\System\FwvRCSr.exe
  C:\Windows\System\FwvRCSr.exe
  2⤵
  PID:5076
- C:\Windows\System\KBSrSub.exe
  C:\Windows\System\KBSrSub.exe
  2⤵
  PID:3848
- C:\Windows\System\evOukeB.exe
  C:\Windows\System\evOukeB.exe
  2⤵
  PID:4108
- C:\Windows\System\jJJCZxz.exe
  C:\Windows\System\jJJCZxz.exe
  2⤵
  PID:1288
- C:\Windows\System\LtwBqUe.exe
  C:\Windows\System\LtwBqUe.exe
  2⤵
  PID:4208
- C:\Windows\System\GabaQQh.exe
  C:\Windows\System\GabaQQh.exe
  2⤵
  PID:4404
- C:\Windows\System\lGnPvDY.exe
  C:\Windows\System\lGnPvDY.exe
  2⤵
  PID:4308
- C:\Windows\System\aXJrxFW.exe
  C:\Windows\System\aXJrxFW.exe
  2⤵
  PID:4408
- C:\Windows\System\ftMUURI.exe
  C:\Windows\System\ftMUURI.exe
  2⤵
  PID:4528
- C:\Windows\System\JHrxCnj.exe
  C:\Windows\System\JHrxCnj.exe
  2⤵
  PID:4672
- C:\Windows\System\WkahZEc.exe
  C:\Windows\System\WkahZEc.exe
  2⤵
  PID:4664
- C:\Windows\System\VlMvdHz.exe
  C:\Windows\System\VlMvdHz.exe
  2⤵
  PID:4784
- C:\Windows\System\ngPKVXn.exe
  C:\Windows\System\ngPKVXn.exe
  2⤵
  PID:768
- C:\Windows\System\cQKpBtW.exe
  C:\Windows\System\cQKpBtW.exe
  2⤵
  PID:4792
- C:\Windows\System\EZmCTOQ.exe
  C:\Windows\System\EZmCTOQ.exe
  2⤵
  PID:2492
- C:\Windows\System\ZaVoCNG.exe
  C:\Windows\System\ZaVoCNG.exe
  2⤵
  PID:2408
- C:\Windows\System\HZqJXjM.exe
  C:\Windows\System\HZqJXjM.exe
  2⤵
  PID:2224
- C:\Windows\System\mfKedPi.exe
  C:\Windows\System\mfKedPi.exe
  2⤵
  PID:600
- C:\Windows\System\Skxvszd.exe
  C:\Windows\System\Skxvszd.exe
  2⤵
  PID:1820
- C:\Windows\System\SVkRmwr.exe
  C:\Windows\System\SVkRmwr.exe
  2⤵
  PID:2004
- C:\Windows\System\UZCjZnU.exe
  C:\Windows\System\UZCjZnU.exe
  2⤵
  PID:2188
- C:\Windows\System\ICfeMNZ.exe
  C:\Windows\System\ICfeMNZ.exe
  2⤵
  PID:2040
- C:\Windows\System\rjYbZZr.exe
  C:\Windows\System\rjYbZZr.exe
  2⤵
  PID:3496
- C:\Windows\System\tvNUrZM.exe
  C:\Windows\System\tvNUrZM.exe
  2⤵
  PID:4264
- C:\Windows\System\OwbZFEM.exe
  C:\Windows\System\OwbZFEM.exe
  2⤵
  PID:2680
- C:\Windows\System\AMCYayi.exe
  C:\Windows\System\AMCYayi.exe
  2⤵
  PID:1644
- C:\Windows\System\AxVGhRn.exe
  C:\Windows\System\AxVGhRn.exe
  2⤵
  PID:2260
- C:\Windows\System\LFTzKoN.exe
  C:\Windows\System\LFTzKoN.exe
  2⤵
  PID:4444
- C:\Windows\System\WBpBbZo.exe
  C:\Windows\System\WBpBbZo.exe
  2⤵
  PID:584
- C:\Windows\System\zJGSmIA.exe
  C:\Windows\System\zJGSmIA.exe
  2⤵
  PID:4564
- C:\Windows\System\WZbrtal.exe
  C:\Windows\System\WZbrtal.exe
  2⤵
  PID:4608
- C:\Windows\System\yPeefzd.exe
  C:\Windows\System\yPeefzd.exe
  2⤵
  PID:4908
- C:\Windows\System\yIvNSJy.exe
  C:\Windows\System\yIvNSJy.exe
  2⤵
  PID:1724
- C:\Windows\System\wvfeAkn.exe
  C:\Windows\System\wvfeAkn.exe
  2⤵
  PID:1324
- C:\Windows\System\EjRmsDs.exe
  C:\Windows\System\EjRmsDs.exe
  2⤵
  PID:4332
- C:\Windows\System\inkTECr.exe
  C:\Windows\System\inkTECr.exe
  2⤵
  PID:4532
- C:\Windows\System\efnYulx.exe
  C:\Windows\System\efnYulx.exe
  2⤵
  PID:2140
- C:\Windows\System\BlTrUDk.exe
  C:\Windows\System\BlTrUDk.exe
  2⤵
  PID:5132
- C:\Windows\System\qhTHMqu.exe
  C:\Windows\System\qhTHMqu.exe
  2⤵
  PID:5148
- C:\Windows\System\UwXrIVo.exe
  C:\Windows\System\UwXrIVo.exe
  2⤵
  PID:5164
- C:\Windows\System\dYEQDso.exe
  C:\Windows\System\dYEQDso.exe
  2⤵
  PID:5256
- C:\Windows\System\eEWUhHf.exe
  C:\Windows\System\eEWUhHf.exe
  2⤵
  PID:5272
- C:\Windows\System\wHIanFL.exe
  C:\Windows\System\wHIanFL.exe
  2⤵
  PID:5288
- C:\Windows\System\CyNSHHv.exe
  C:\Windows\System\CyNSHHv.exe
  2⤵
  PID:5312
- C:\Windows\System\LxHGGwJ.exe
  C:\Windows\System\LxHGGwJ.exe
  2⤵
  PID:5328
- C:\Windows\System\hjcHfhL.exe
  C:\Windows\System\hjcHfhL.exe
  2⤵
  PID:5348
- C:\Windows\System\naqzJFx.exe
  C:\Windows\System\naqzJFx.exe
  2⤵
  PID:5376
- C:\Windows\System\aaqdIKQ.exe
  C:\Windows\System\aaqdIKQ.exe
  2⤵
  PID:5392
- C:\Windows\System\qzQTqCS.exe
  C:\Windows\System\qzQTqCS.exe
  2⤵
  PID:5408
- C:\Windows\System\mRYXArs.exe
  C:\Windows\System\mRYXArs.exe
  2⤵
  PID:5428
- C:\Windows\System\DvAvGoG.exe
  C:\Windows\System\DvAvGoG.exe
  2⤵
  PID:5444
- C:\Windows\System\JaKLFqQ.exe
  C:\Windows\System\JaKLFqQ.exe
  2⤵
  PID:5460
- C:\Windows\System\QElmNEw.exe
  C:\Windows\System\QElmNEw.exe
  2⤵
  PID:5476
- C:\Windows\System\qSdRTke.exe
  C:\Windows\System\qSdRTke.exe
  2⤵
  PID:5520
- C:\Windows\System\bSBIBOw.exe
  C:\Windows\System\bSBIBOw.exe
  2⤵
  PID:5536
- C:\Windows\System\lteerku.exe
  C:\Windows\System\lteerku.exe
  2⤵
  PID:5552
- C:\Windows\System\OYGHqHw.exe
  C:\Windows\System\OYGHqHw.exe
  2⤵
  PID:5572
- C:\Windows\System\YMDJeEW.exe
  C:\Windows\System\YMDJeEW.exe
  2⤵
  PID:5592
- C:\Windows\System\FVoRuBT.exe
  C:\Windows\System\FVoRuBT.exe
  2⤵
  PID:5612
- C:\Windows\System\FngZgcT.exe
  C:\Windows\System\FngZgcT.exe
  2⤵
  PID:5628
- C:\Windows\System\TFcbQLm.exe
  C:\Windows\System\TFcbQLm.exe
  2⤵
  PID:5648
- C:\Windows\System\bvUzqRv.exe
  C:\Windows\System\bvUzqRv.exe
  2⤵
  PID:5668
- C:\Windows\System\nBHervc.exe
  C:\Windows\System\nBHervc.exe
  2⤵
  PID:5684
- C:\Windows\System\xmFilEq.exe
  C:\Windows\System\xmFilEq.exe
  2⤵
  PID:5716
- C:\Windows\System\MjJNwMe.exe
  C:\Windows\System\MjJNwMe.exe
  2⤵
  PID:5740
- C:\Windows\System\oToJfFR.exe
  C:\Windows\System\oToJfFR.exe
  2⤵
  PID:5756
- C:\Windows\System\ShlCtPg.exe
  C:\Windows\System\ShlCtPg.exe
  2⤵
  PID:5788
- C:\Windows\System\mDfEMSS.exe
  C:\Windows\System\mDfEMSS.exe
  2⤵
  PID:5808
- C:\Windows\System\naNBVVN.exe
  C:\Windows\System\naNBVVN.exe
  2⤵
  PID:5828
- C:\Windows\System\GtRLuRy.exe
  C:\Windows\System\GtRLuRy.exe
  2⤵
  PID:5844
- C:\Windows\System\OxDHDxb.exe
  C:\Windows\System\OxDHDxb.exe
  2⤵
  PID:5864
- C:\Windows\System\MNcsmFs.exe
  C:\Windows\System\MNcsmFs.exe
  2⤵
  PID:5892
- C:\Windows\System\CBhXNKD.exe
  C:\Windows\System\CBhXNKD.exe
  2⤵
  PID:5920
- C:\Windows\System\djXWvyR.exe
  C:\Windows\System\djXWvyR.exe
  2⤵
  PID:5936
- C:\Windows\System\hBoTXuS.exe
  C:\Windows\System\hBoTXuS.exe
  2⤵
  PID:5952
- C:\Windows\System\VCmpHPk.exe
  C:\Windows\System\VCmpHPk.exe
  2⤵
  PID:5968
- C:\Windows\System\PMBgiio.exe
  C:\Windows\System\PMBgiio.exe
  2⤵
  PID:6000
- C:\Windows\System\nJFuQel.exe
  C:\Windows\System\nJFuQel.exe
  2⤵
  PID:6020
- C:\Windows\System\eDsFoZe.exe
  C:\Windows\System\eDsFoZe.exe
  2⤵
  PID:6036
- C:\Windows\System\rlEczUx.exe
  C:\Windows\System\rlEczUx.exe
  2⤵
  PID:6056
- C:\Windows\System\eiGwmPf.exe
  C:\Windows\System\eiGwmPf.exe
  2⤵
  PID:6076
- C:\Windows\System\qLLnlRW.exe
  C:\Windows\System\qLLnlRW.exe
  2⤵
  PID:6092
- C:\Windows\System\aNrgzXh.exe
  C:\Windows\System\aNrgzXh.exe
  2⤵
  PID:6120
- C:\Windows\System\gfzUOKB.exe
  C:\Windows\System\gfzUOKB.exe
  2⤵
  PID:6136
- C:\Windows\System\UrZhCdb.exe
  C:\Windows\System\UrZhCdb.exe
  2⤵
  PID:4788
- C:\Windows\System\alZMJGY.exe
  C:\Windows\System\alZMJGY.exe
  2⤵
  PID:4884
- C:\Windows\System\snFZcli.exe
  C:\Windows\System\snFZcli.exe
  2⤵
  PID:4972
- C:\Windows\System\FesIBmo.exe
  C:\Windows\System\FesIBmo.exe
  2⤵
  PID:5188
- C:\Windows\System\ctZSTCS.exe
  C:\Windows\System\ctZSTCS.exe
  2⤵
  PID:3784
- C:\Windows\System\LAMLtCZ.exe
  C:\Windows\System\LAMLtCZ.exe
  2⤵
  PID:2412
- C:\Windows\System\MemKQPX.exe
  C:\Windows\System\MemKQPX.exe
  2⤵
  PID:4464
- C:\Windows\System\TjjaupH.exe
  C:\Windows\System\TjjaupH.exe
  2⤵
  PID:5228
- C:\Windows\System\JcrBqgc.exe
  C:\Windows\System\JcrBqgc.exe
  2⤵
  PID:5156
- C:\Windows\System\iGnszBV.exe
  C:\Windows\System\iGnszBV.exe
  2⤵
  PID:5004
- C:\Windows\System\qpEapQN.exe
  C:\Windows\System\qpEapQN.exe
  2⤵
  PID:836
- C:\Windows\System\ocXaWxI.exe
  C:\Windows\System\ocXaWxI.exe
  2⤵
  PID:4468
- C:\Windows\System\rGOhBKu.exe
  C:\Windows\System\rGOhBKu.exe
  2⤵
  PID:5176
- C:\Windows\System\GKVQWRq.exe
  C:\Windows\System\GKVQWRq.exe
  2⤵
  PID:5284
- C:\Windows\System\nlHNsdr.exe
  C:\Windows\System\nlHNsdr.exe
  2⤵
  PID:5304
- C:\Windows\System\huhEDmP.exe
  C:\Windows\System\huhEDmP.exe
  2⤵
  PID:5344
- C:\Windows\System\QgmpDgP.exe
  C:\Windows\System\QgmpDgP.exe
  2⤵
  PID:5360
- C:\Windows\System\GOCVkXf.exe
  C:\Windows\System\GOCVkXf.exe
  2⤵
  PID:5400
- C:\Windows\System\howoLsL.exe
  C:\Windows\System\howoLsL.exe
  2⤵
  PID:5452
- C:\Windows\System\syNbkNN.exe
  C:\Windows\System\syNbkNN.exe
  2⤵
  PID:5468
- C:\Windows\System\Xcshgmr.exe
  C:\Windows\System\Xcshgmr.exe
  2⤵
  PID:5492
- C:\Windows\System\DgcuoLA.exe
  C:\Windows\System\DgcuoLA.exe
  2⤵
  PID:5568
- C:\Windows\System\jyWNvuj.exe
  C:\Windows\System\jyWNvuj.exe
  2⤵
  PID:5644
- C:\Windows\System\HLhBUbj.exe
  C:\Windows\System\HLhBUbj.exe
  2⤵
  PID:5620
- C:\Windows\System\iSkAEdv.exe
  C:\Windows\System\iSkAEdv.exe
  2⤵
  PID:5660
- C:\Windows\System\GpZbNUO.exe
  C:\Windows\System\GpZbNUO.exe
  2⤵
  PID:5696
- C:\Windows\System\ZJQqeyo.exe
  C:\Windows\System\ZJQqeyo.exe
  2⤵
  PID:5764
- C:\Windows\System\ZAGunAt.exe
  C:\Windows\System\ZAGunAt.exe
  2⤵
  PID:5780
- C:\Windows\System\VzBLLWr.exe
  C:\Windows\System\VzBLLWr.exe
  2⤵
  PID:5824
- C:\Windows\System\xJFMBfd.exe
  C:\Windows\System\xJFMBfd.exe
  2⤵
  PID:5796
- C:\Windows\System\vUVmhym.exe
  C:\Windows\System\vUVmhym.exe
  2⤵
  PID:5748
- C:\Windows\System\nJdCWyL.exe
  C:\Windows\System\nJdCWyL.exe
  2⤵
  PID:5912
- C:\Windows\System\CZeIdXK.exe
  C:\Windows\System\CZeIdXK.exe
  2⤵
  PID:5916
- C:\Windows\System\FIXISYo.exe
  C:\Windows\System\FIXISYo.exe
  2⤵
  PID:5964
- C:\Windows\System\ilEUyRS.exe
  C:\Windows\System\ilEUyRS.exe
  2⤵
  PID:5976
- C:\Windows\System\fUwZsCb.exe
  C:\Windows\System\fUwZsCb.exe
  2⤵
  PID:6064
- C:\Windows\System\jVjqzCK.exe
  C:\Windows\System\jVjqzCK.exe
  2⤵
  PID:6084
- C:\Windows\System\JwzqslL.exe
  C:\Windows\System\JwzqslL.exe
  2⤵
  PID:6108
- C:\Windows\System\ikmdTPS.exe
  C:\Windows\System\ikmdTPS.exe
  2⤵
  PID:1212
- C:\Windows\System\mxSLLpo.exe
  C:\Windows\System\mxSLLpo.exe
  2⤵
  PID:4168
- C:\Windows\System\BCiCXQc.exe
  C:\Windows\System\BCiCXQc.exe
  2⤵
  PID:4488
- C:\Windows\System\UwokLTj.exe
  C:\Windows\System\UwokLTj.exe
  2⤵
  PID:5172
- C:\Windows\System\CbdFETN.exe
  C:\Windows\System\CbdFETN.exe
  2⤵
  PID:4180
- C:\Windows\System\nNTXCpf.exe
  C:\Windows\System\nNTXCpf.exe
  2⤵
  PID:5204
- C:\Windows\System\JnJGQcA.exe
  C:\Windows\System\JnJGQcA.exe
  2⤵
  PID:2988
- C:\Windows\System\OHXbhUC.exe
  C:\Windows\System\OHXbhUC.exe
  2⤵
  PID:5248
- C:\Windows\System\TDPrlaf.exe
  C:\Windows\System\TDPrlaf.exe
  2⤵
  PID:5128
- C:\Windows\System\NkcpbgL.exe
  C:\Windows\System\NkcpbgL.exe
  2⤵
  PID:5364
- C:\Windows\System\HGmoxYq.exe
  C:\Windows\System\HGmoxYq.exe
  2⤵
  PID:5488
- C:\Windows\System\MtIJOkX.exe
  C:\Windows\System\MtIJOkX.exe
  2⤵
  PID:5356
- C:\Windows\System\SSuXQnr.exe
  C:\Windows\System\SSuXQnr.exe
  2⤵
  PID:5456
- C:\Windows\System\OPJDyeZ.exe
  C:\Windows\System\OPJDyeZ.exe
  2⤵
  PID:5532
- C:\Windows\System\DpUDABO.exe
  C:\Windows\System\DpUDABO.exe
  2⤵
  PID:5600
- C:\Windows\System\HSgGQSV.exe
  C:\Windows\System\HSgGQSV.exe
  2⤵
  PID:5656
- C:\Windows\System\OenPBap.exe
  C:\Windows\System\OenPBap.exe
  2⤵
  PID:5820
- C:\Windows\System\IaJbSTj.exe
  C:\Windows\System\IaJbSTj.exe
  2⤵
  PID:5840
- C:\Windows\System\aiKOppz.exe
  C:\Windows\System\aiKOppz.exe
  2⤵
  PID:5980
- C:\Windows\System\fwNWWCF.exe
  C:\Windows\System\fwNWWCF.exe
  2⤵
  PID:5776
- C:\Windows\System\ogGxfJj.exe
  C:\Windows\System\ogGxfJj.exe
  2⤵
  PID:5856
- C:\Windows\System\qsFzvqg.exe
  C:\Windows\System\qsFzvqg.exe
  2⤵
  PID:5992
- C:\Windows\System\SgUtBvG.exe
  C:\Windows\System\SgUtBvG.exe
  2⤵
  PID:6012
- C:\Windows\System\YRNPuKx.exe
  C:\Windows\System\YRNPuKx.exe
  2⤵
  PID:6072
- C:\Windows\System\oTjqaaB.exe
  C:\Windows\System\oTjqaaB.exe
  2⤵
  PID:2980
- C:\Windows\System\ejJaXAB.exe
  C:\Windows\System\ejJaXAB.exe
  2⤵
  PID:5208
- C:\Windows\System\XnspIpp.exe
  C:\Windows\System\XnspIpp.exe
  2⤵
  PID:5068
- C:\Windows\System\dtoMiCY.exe
  C:\Windows\System\dtoMiCY.exe
  2⤵
  PID:5324
- C:\Windows\System\YRLrnIf.exe
  C:\Windows\System\YRLrnIf.exe
  2⤵
  PID:5216
- C:\Windows\System\FNmNhBF.exe
  C:\Windows\System\FNmNhBF.exe
  2⤵
  PID:5604
- C:\Windows\System\faRxjzc.exe
  C:\Windows\System\faRxjzc.exe
  2⤵
  PID:6132
- C:\Windows\System\dXTpdTt.exe
  C:\Windows\System\dXTpdTt.exe
  2⤵
  PID:5944
- C:\Windows\System\eshPWVr.exe
  C:\Windows\System\eshPWVr.exe
  2⤵
  PID:5900
- C:\Windows\System\qwsGHSb.exe
  C:\Windows\System\qwsGHSb.exe
  2⤵
  PID:5876
- C:\Windows\System\qiRzhfm.exe
  C:\Windows\System\qiRzhfm.exe
  2⤵
  PID:5880
- C:\Windows\System\GMDDMYK.exe
  C:\Windows\System\GMDDMYK.exe
  2⤵
  PID:2216
- C:\Windows\System\ULlUzGX.exe
  C:\Windows\System\ULlUzGX.exe
  2⤵
  PID:5440
- C:\Windows\System\beNoMVX.exe
  C:\Windows\System\beNoMVX.exe
  2⤵
  PID:4140
- C:\Windows\System\kUXrLuj.exe
  C:\Windows\System\kUXrLuj.exe
  2⤵
  PID:6008
- C:\Windows\System\nDUCYHQ.exe
  C:\Windows\System\nDUCYHQ.exe
  2⤵
  PID:6068
- C:\Windows\System\bDcxLem.exe
  C:\Windows\System\bDcxLem.exe
  2⤵
  PID:5340
- C:\Windows\System\zEfJcyF.exe
  C:\Windows\System\zEfJcyF.exe
  2⤵
  PID:6044
- C:\Windows\System\uTFBqaP.exe
  C:\Windows\System\uTFBqaP.exe
  2⤵
  PID:5836
- C:\Windows\System\UpLcqyf.exe
  C:\Windows\System\UpLcqyf.exe
  2⤵
  PID:5948
- C:\Windows\System\rRuuznz.exe
  C:\Windows\System\rRuuznz.exe
  2⤵
  PID:1664
- C:\Windows\System\xINsHQP.exe
  C:\Windows\System\xINsHQP.exe
  2⤵
  PID:5996
- C:\Windows\System\KJOUzuq.exe
  C:\Windows\System\KJOUzuq.exe
  2⤵
  PID:5624
- C:\Windows\System\HVbxwvr.exe
  C:\Windows\System\HVbxwvr.exe
  2⤵
  PID:5732
- C:\Windows\System\caHtWmI.exe
  C:\Windows\System\caHtWmI.exe
  2⤵
  PID:5184
- C:\Windows\System\AiKNSra.exe
  C:\Windows\System\AiKNSra.exe
  2⤵
  PID:5220
- C:\Windows\System\JieqTiL.exe
  C:\Windows\System\JieqTiL.exe
  2⤵
  PID:5692
- C:\Windows\System\cTxNThK.exe
  C:\Windows\System\cTxNThK.exe
  2⤵
  PID:5504
- C:\Windows\System\XDKJVta.exe
  C:\Windows\System\XDKJVta.exe
  2⤵
  PID:5108
- C:\Windows\System\BdgycxW.exe
  C:\Windows\System\BdgycxW.exe
  2⤵
  PID:5736
- C:\Windows\System\afUojBU.exe
  C:\Windows\System\afUojBU.exe
  2⤵
  PID:6164
- C:\Windows\System\zVLtCjU.exe
  C:\Windows\System\zVLtCjU.exe
  2⤵
  PID:6180
- C:\Windows\System\LKkPbWy.exe
  C:\Windows\System\LKkPbWy.exe
  2⤵
  PID:6196
- C:\Windows\System\kLTkvXs.exe
  C:\Windows\System\kLTkvXs.exe
  2⤵
  PID:6216
- C:\Windows\System\jdXrWfD.exe
  C:\Windows\System\jdXrWfD.exe
  2⤵
  PID:6252
- C:\Windows\System\tejcgXl.exe
  C:\Windows\System\tejcgXl.exe
  2⤵
  PID:6268
- C:\Windows\System\bzwsIFm.exe
  C:\Windows\System\bzwsIFm.exe
  2⤵
  PID:6292
- C:\Windows\System\fMtEoPY.exe
  C:\Windows\System\fMtEoPY.exe
  2⤵
  PID:6308
- C:\Windows\System\ATygPUE.exe
  C:\Windows\System\ATygPUE.exe
  2⤵
  PID:6324
- C:\Windows\System\QWXmzWy.exe
  C:\Windows\System\QWXmzWy.exe
  2⤵
  PID:6340
- C:\Windows\System\shuXiIo.exe
  C:\Windows\System\shuXiIo.exe
  2⤵
  PID:6372
- C:\Windows\System\ShZorOH.exe
  C:\Windows\System\ShZorOH.exe
  2⤵
  PID:6388
- C:\Windows\System\OFlRwCv.exe
  C:\Windows\System\OFlRwCv.exe
  2⤵
  PID:6404
- C:\Windows\System\XWaGLgc.exe
  C:\Windows\System\XWaGLgc.exe
  2⤵
  PID:6420
- C:\Windows\System\wuinuIs.exe
  C:\Windows\System\wuinuIs.exe
  2⤵
  PID:6440
- C:\Windows\System\qBCipYc.exe
  C:\Windows\System\qBCipYc.exe
  2⤵
  PID:6460
- C:\Windows\System\bMIFwwD.exe
  C:\Windows\System\bMIFwwD.exe
  2⤵
  PID:6492
- C:\Windows\System\PCNhEAJ.exe
  C:\Windows\System\PCNhEAJ.exe
  2⤵
  PID:6508
- C:\Windows\System\yODjfAe.exe
  C:\Windows\System\yODjfAe.exe
  2⤵
  PID:6524
- C:\Windows\System\vXNCYnN.exe
  C:\Windows\System\vXNCYnN.exe
  2⤵
  PID:6540
- C:\Windows\System\ddTSyrS.exe
  C:\Windows\System\ddTSyrS.exe
  2⤵
  PID:6556
- C:\Windows\System\TFGxaaN.exe
  C:\Windows\System\TFGxaaN.exe
  2⤵
  PID:6572
- C:\Windows\System\OzWmTrC.exe
  C:\Windows\System\OzWmTrC.exe
  2⤵
  PID:6596
- C:\Windows\System\uqYzlDv.exe
  C:\Windows\System\uqYzlDv.exe
  2⤵
  PID:6612
- C:\Windows\System\ZSmVLPt.exe
  C:\Windows\System\ZSmVLPt.exe
  2⤵
  PID:6628
- C:\Windows\System\snYWXSP.exe
  C:\Windows\System\snYWXSP.exe
  2⤵
  PID:6644
- C:\Windows\System\LNVIquT.exe
  C:\Windows\System\LNVIquT.exe
  2⤵
  PID:6664
- C:\Windows\System\zNwcmgg.exe
  C:\Windows\System\zNwcmgg.exe
  2⤵
  PID:6684
- C:\Windows\System\XTwEcFE.exe
  C:\Windows\System\XTwEcFE.exe
  2⤵
  PID:6732
- C:\Windows\System\fDUGLhV.exe
  C:\Windows\System\fDUGLhV.exe
  2⤵
  PID:6752
- C:\Windows\System\pLJoaym.exe
  C:\Windows\System\pLJoaym.exe
  2⤵
  PID:6768
- C:\Windows\System\bMYbCOA.exe
  C:\Windows\System\bMYbCOA.exe
  2⤵
  PID:6788
- C:\Windows\System\YvIXKYB.exe
  C:\Windows\System\YvIXKYB.exe
  2⤵
  PID:6804
- C:\Windows\System\axLUFBx.exe
  C:\Windows\System\axLUFBx.exe
  2⤵
  PID:6820
- C:\Windows\System\HtxtsLx.exe
  C:\Windows\System\HtxtsLx.exe
  2⤵
  PID:6836
- C:\Windows\System\nmYEJPf.exe
  C:\Windows\System\nmYEJPf.exe
  2⤵
  PID:6860
- C:\Windows\System\eWDWwFt.exe
  C:\Windows\System\eWDWwFt.exe
  2⤵
  PID:6876
- C:\Windows\System\lOJlVhM.exe
  C:\Windows\System\lOJlVhM.exe
  2⤵
  PID:6892
- C:\Windows\System\HiEQcZP.exe
  C:\Windows\System\HiEQcZP.exe
  2⤵
  PID:6908
- C:\Windows\System\TtNXlnG.exe
  C:\Windows\System\TtNXlnG.exe
  2⤵
  PID:6924
- C:\Windows\System\bsPNLuy.exe
  C:\Windows\System\bsPNLuy.exe
  2⤵
  PID:6948
- C:\Windows\System\WFdzOxf.exe
  C:\Windows\System\WFdzOxf.exe
  2⤵
  PID:6968
- C:\Windows\System\kePNDNg.exe
  C:\Windows\System\kePNDNg.exe
  2⤵
  PID:6992
- C:\Windows\System\IIZhikA.exe
  C:\Windows\System\IIZhikA.exe
  2⤵
  PID:7032
- C:\Windows\System\fjAeqva.exe
  C:\Windows\System\fjAeqva.exe
  2⤵
  PID:7052
- C:\Windows\System\fiMBcaH.exe
  C:\Windows\System\fiMBcaH.exe
  2⤵
  PID:7068
- C:\Windows\System\qsvixpU.exe
  C:\Windows\System\qsvixpU.exe
  2⤵
  PID:7084
- C:\Windows\System\GwSAhIG.exe
  C:\Windows\System\GwSAhIG.exe
  2⤵
  PID:7100
- C:\Windows\System\bvzDYJg.exe
  C:\Windows\System\bvzDYJg.exe
  2⤵
  PID:7116
- C:\Windows\System\kQnnoxk.exe
  C:\Windows\System\kQnnoxk.exe
  2⤵
  PID:7136
- C:\Windows\System\QnXruNy.exe
  C:\Windows\System\QnXruNy.exe
  2⤵
  PID:7156
- C:\Windows\System\ZtsmBAF.exe
  C:\Windows\System\ZtsmBAF.exe
  2⤵
  PID:6148
- C:\Windows\System\yExKFia.exe
  C:\Windows\System\yExKFia.exe
  2⤵
  PID:6204
- C:\Windows\System\kTWlbHr.exe
  C:\Windows\System\kTWlbHr.exe
  2⤵
  PID:5588
- C:\Windows\System\UEYbcuN.exe
  C:\Windows\System\UEYbcuN.exe
  2⤵
  PID:5584
- C:\Windows\System\PUDbKmF.exe
  C:\Windows\System\PUDbKmF.exe
  2⤵
  PID:6232
- C:\Windows\System\vejZJiR.exe
  C:\Windows\System\vejZJiR.exe
  2⤵
  PID:6284
- C:\Windows\System\CWlXmYw.exe
  C:\Windows\System\CWlXmYw.exe
  2⤵
  PID:6300
- C:\Windows\System\qOWnxRA.exe
  C:\Windows\System\qOWnxRA.exe
  2⤵
  PID:6348
- C:\Windows\System\oQzwYwi.exe
  C:\Windows\System\oQzwYwi.exe
  2⤵
  PID:6396
- C:\Windows\System\mggHvRp.exe
  C:\Windows\System\mggHvRp.exe
  2⤵
  PID:6380
- C:\Windows\System\gOnxXZW.exe
  C:\Windows\System\gOnxXZW.exe
  2⤵
  PID:6472
- C:\Windows\System\QYlcJMi.exe
  C:\Windows\System\QYlcJMi.exe
  2⤵
  PID:6484
- C:\Windows\System\qkgnJUw.exe
  C:\Windows\System\qkgnJUw.exe
  2⤵
  PID:6456
- C:\Windows\System\QEdYGCR.exe
  C:\Windows\System\QEdYGCR.exe
  2⤵
  PID:6584
- C:\Windows\System\cflxVQi.exe
  C:\Windows\System\cflxVQi.exe
  2⤵
  PID:6592
- C:\Windows\System\gEuxQhy.exe
  C:\Windows\System\gEuxQhy.exe
  2⤵
  PID:6656
- C:\Windows\System\RzWFidT.exe
  C:\Windows\System\RzWFidT.exe
  2⤵
  PID:6704
- C:\Windows\System\bPFVIsG.exe
  C:\Windows\System\bPFVIsG.exe
  2⤵
  PID:6680
- C:\Windows\System\SpSKllv.exe
  C:\Windows\System\SpSKllv.exe
  2⤵
  PID:6532
- C:\Windows\System\ErUPXWl.exe
  C:\Windows\System\ErUPXWl.exe
  2⤵
  PID:6636
- C:\Windows\System\jwHyMqp.exe
  C:\Windows\System\jwHyMqp.exe
  2⤵
  PID:6760
- C:\Windows\System\LePrSBC.exe
  C:\Windows\System\LePrSBC.exe
  2⤵
  PID:6800
- C:\Windows\System\HPYODYw.exe
  C:\Windows\System\HPYODYw.exe
  2⤵
  PID:6832
- C:\Windows\System\DtYmYPj.exe
  C:\Windows\System\DtYmYPj.exe
  2⤵
  PID:6932
- C:\Windows\System\mkAFMMs.exe
  C:\Windows\System\mkAFMMs.exe
  2⤵
  PID:6848
- C:\Windows\System\mvfzhck.exe
  C:\Windows\System\mvfzhck.exe
  2⤵
  PID:6884
- C:\Windows\System\TYremQB.exe
  C:\Windows\System\TYremQB.exe
  2⤵
  PID:6956
- C:\Windows\System\qhkRZly.exe
  C:\Windows\System\qhkRZly.exe
  2⤵
  PID:7016
- C:\Windows\System\zyEGzSd.exe
  C:\Windows\System\zyEGzSd.exe
  2⤵
  PID:7076
- C:\Windows\System\ilxqPRG.exe
  C:\Windows\System\ilxqPRG.exe
  2⤵
  PID:6160
- C:\Windows\System\nEEykNe.exe
  C:\Windows\System\nEEykNe.exe
  2⤵
  PID:6228
- C:\Windows\System\KdZrdgd.exe
  C:\Windows\System\KdZrdgd.exe
  2⤵
  PID:7064
- C:\Windows\System\NxzKmbK.exe
  C:\Windows\System\NxzKmbK.exe
  2⤵
  PID:7128
- C:\Windows\System\vCFMkDr.exe
  C:\Windows\System\vCFMkDr.exe
  2⤵
  PID:6212
- C:\Windows\System\fPymVOL.exe
  C:\Windows\System\fPymVOL.exe
  2⤵
  PID:2984
- C:\Windows\System\YueNquj.exe
  C:\Windows\System\YueNquj.exe
  2⤵
  PID:6352
- C:\Windows\System\SVOVnSh.exe
  C:\Windows\System\SVOVnSh.exe
  2⤵
  PID:6244
- C:\Windows\System\cAKsBXh.exe
  C:\Windows\System\cAKsBXh.exe
  2⤵
  PID:6652
- C:\Windows\System\pqFyAQz.exe
  C:\Windows\System\pqFyAQz.exe
  2⤵
  PID:6564
- C:\Windows\System\CDFfnIa.exe
  C:\Windows\System\CDFfnIa.exe
  2⤵
  PID:6872
- C:\Windows\System\kbfsQRf.exe
  C:\Windows\System\kbfsQRf.exe
  2⤵
  PID:6964
- C:\Windows\System\sOhFZlX.exe
  C:\Windows\System\sOhFZlX.exe
  2⤵
  PID:6360
- C:\Windows\System\NCBpDyB.exe
  C:\Windows\System\NCBpDyB.exe
  2⤵
  PID:6468
- C:\Windows\System\yNzjKDb.exe
  C:\Windows\System\yNzjKDb.exe
  2⤵
  PID:6724
- C:\Windows\System\UhRxddv.exe
  C:\Windows\System\UhRxddv.exe
  2⤵
  PID:6744
- C:\Windows\System\mfCnLZs.exe
  C:\Windows\System\mfCnLZs.exe
  2⤵
  PID:6984
- C:\Windows\System\jFgMoQr.exe
  C:\Windows\System\jFgMoQr.exe
  2⤵
  PID:7048
- C:\Windows\System\THqKEfa.exe
  C:\Windows\System\THqKEfa.exe
  2⤵
  PID:7004
- C:\Windows\System\zoilBbQ.exe
  C:\Windows\System\zoilBbQ.exe
  2⤵
  PID:6944
- C:\Windows\System\vEnGQuj.exe
  C:\Windows\System\vEnGQuj.exe
  2⤵
  PID:7012
- C:\Windows\System\mvVggew.exe
  C:\Windows\System\mvVggew.exe
  2⤵
  PID:6192
- C:\Windows\System\yOydqeg.exe
  C:\Windows\System\yOydqeg.exe
  2⤵
  PID:7096
- C:\Windows\System\WuPTwgb.exe
  C:\Windows\System\WuPTwgb.exe
  2⤵
  PID:5244
- C:\Windows\System\MLDvaZU.exe
  C:\Windows\System\MLDvaZU.exe
  2⤵
  PID:6580
- C:\Windows\System\TRMhsrc.exe
  C:\Windows\System\TRMhsrc.exe
  2⤵
  PID:6476
- C:\Windows\System\sRSxTzo.exe
  C:\Windows\System\sRSxTzo.exe
  2⤵
  PID:6608
- C:\Windows\System\BumLOrQ.exe
  C:\Windows\System\BumLOrQ.exe
  2⤵
  PID:6856
- C:\Windows\System\LKLEwMV.exe
  C:\Windows\System\LKLEwMV.exe
  2⤵
  PID:6488
- C:\Windows\System\yMTQTDs.exe
  C:\Windows\System\yMTQTDs.exe
  2⤵
  PID:6784
- C:\Windows\System\nUQAhES.exe
  C:\Windows\System\nUQAhES.exe
  2⤵
  PID:7000
- C:\Windows\System\DbolRxJ.exe
  C:\Windows\System\DbolRxJ.exe
  2⤵
  PID:7040
- C:\Windows\System\mOthtWJ.exe
  C:\Windows\System\mOthtWJ.exe
  2⤵
  PID:7144
- C:\Windows\System\XGxUFwq.exe
  C:\Windows\System\XGxUFwq.exe
  2⤵
  PID:7028
- C:\Windows\System\qqYDDOl.exe
  C:\Windows\System\qqYDDOl.exe
  2⤵
  PID:6280
- C:\Windows\System\CQqWcNT.exe
  C:\Windows\System\CQqWcNT.exe
  2⤵
  PID:6716
- C:\Windows\System\VVIpCOq.exe
  C:\Windows\System\VVIpCOq.exe
  2⤵
  PID:6452
- C:\Windows\System\NXjrkXG.exe
  C:\Windows\System\NXjrkXG.exe
  2⤵
  PID:6748
- C:\Windows\System\wHVguXB.exe
  C:\Windows\System\wHVguXB.exe
  2⤵
  PID:6796
- C:\Windows\System\LHoYUbI.exe
  C:\Windows\System\LHoYUbI.exe
  2⤵
  PID:6336
- C:\Windows\System\wkyXXPw.exe
  C:\Windows\System\wkyXXPw.exe
  2⤵
  PID:6152
- C:\Windows\System\clwsEtn.exe
  C:\Windows\System\clwsEtn.exe
  2⤵
  PID:7172
- C:\Windows\System\VoPLHeZ.exe
  C:\Windows\System\VoPLHeZ.exe
  2⤵
  PID:7188
- C:\Windows\System\DZQyIWB.exe
  C:\Windows\System\DZQyIWB.exe
  2⤵
  PID:7204
- C:\Windows\System\fxdMNDV.exe
  C:\Windows\System\fxdMNDV.exe
  2⤵
  PID:7236
- C:\Windows\System\MKfqHLe.exe
  C:\Windows\System\MKfqHLe.exe
  2⤵
  PID:7252
- C:\Windows\System\zzIPWfs.exe
  C:\Windows\System\zzIPWfs.exe
  2⤵
  PID:7268
- C:\Windows\System\EHPlxSF.exe
  C:\Windows\System\EHPlxSF.exe
  2⤵
  PID:7320
- C:\Windows\System\zaAIseO.exe
  C:\Windows\System\zaAIseO.exe
  2⤵
  PID:7336
- C:\Windows\System\BXmZFhp.exe
  C:\Windows\System\BXmZFhp.exe
  2⤵
  PID:7352
- C:\Windows\System\LfFVgWL.exe
  C:\Windows\System\LfFVgWL.exe
  2⤵
  PID:7368
- C:\Windows\System\IORDCHZ.exe
  C:\Windows\System\IORDCHZ.exe
  2⤵
  PID:7388
- C:\Windows\System\uIafblD.exe
  C:\Windows\System\uIafblD.exe
  2⤵
  PID:7404
- C:\Windows\System\khCqOup.exe
  C:\Windows\System\khCqOup.exe
  2⤵
  PID:7420
- C:\Windows\System\wqwmAXp.exe
  C:\Windows\System\wqwmAXp.exe
  2⤵
  PID:7440
- C:\Windows\System\VJAtaIS.exe
  C:\Windows\System\VJAtaIS.exe
  2⤵
  PID:7456
- C:\Windows\System\XxmkJhI.exe
  C:\Windows\System\XxmkJhI.exe
  2⤵
  PID:7472
- C:\Windows\System\RDgNTzT.exe
  C:\Windows\System\RDgNTzT.exe
  2⤵
  PID:7508
- C:\Windows\System\fbVjyJt.exe
  C:\Windows\System\fbVjyJt.exe
  2⤵
  PID:7524
- C:\Windows\System\otvFqPL.exe
  C:\Windows\System\otvFqPL.exe
  2⤵
  PID:7540
- C:\Windows\System\JkuRMvQ.exe
  C:\Windows\System\JkuRMvQ.exe
  2⤵
  PID:7556
- C:\Windows\System\oTakZiq.exe
  C:\Windows\System\oTakZiq.exe
  2⤵
  PID:7572
- C:\Windows\System\uJJWpqV.exe
  C:\Windows\System\uJJWpqV.exe
  2⤵
  PID:7588
- C:\Windows\System\AHcoJPv.exe
  C:\Windows\System\AHcoJPv.exe
  2⤵
  PID:7604
- C:\Windows\System\GrjUtqK.exe
  C:\Windows\System\GrjUtqK.exe
  2⤵
  PID:7624
- C:\Windows\System\ykjTGXZ.exe
  C:\Windows\System\ykjTGXZ.exe
  2⤵
  PID:7640
- C:\Windows\System\KqRiTfB.exe
  C:\Windows\System\KqRiTfB.exe
  2⤵
  PID:7656
- C:\Windows\System\tGlahvp.exe
  C:\Windows\System\tGlahvp.exe
  2⤵
  PID:7672
- C:\Windows\System\INKSPHz.exe
  C:\Windows\System\INKSPHz.exe
  2⤵
  PID:7716
- C:\Windows\System\UQQejuJ.exe
  C:\Windows\System\UQQejuJ.exe
  2⤵
  PID:7740
- C:\Windows\System\GPSInTC.exe
  C:\Windows\System\GPSInTC.exe
  2⤵
  PID:7756
- C:\Windows\System\cdtMEQI.exe
  C:\Windows\System\cdtMEQI.exe
  2⤵
  PID:7772
- C:\Windows\System\IevGnSM.exe
  C:\Windows\System\IevGnSM.exe
  2⤵
  PID:7788
- C:\Windows\System\BxSBhdd.exe
  C:\Windows\System\BxSBhdd.exe
  2⤵
  PID:7804
- C:\Windows\System\hLXzOAV.exe
  C:\Windows\System\hLXzOAV.exe
  2⤵
  PID:7820
- C:\Windows\System\UPKJCvF.exe
  C:\Windows\System\UPKJCvF.exe
  2⤵
  PID:7836
- C:\Windows\System\ctvyHvk.exe
  C:\Windows\System\ctvyHvk.exe
  2⤵
  PID:7852
- C:\Windows\System\pKAxiaZ.exe
  C:\Windows\System\pKAxiaZ.exe
  2⤵
  PID:7868
- C:\Windows\System\FeChMlC.exe
  C:\Windows\System\FeChMlC.exe
  2⤵
  PID:7892
- C:\Windows\System\XSYkeGq.exe
  C:\Windows\System\XSYkeGq.exe
  2⤵
  PID:7916
- C:\Windows\System\pvaovgf.exe
  C:\Windows\System\pvaovgf.exe
  2⤵
  PID:7948
- C:\Windows\System\PKiXhLg.exe
  C:\Windows\System\PKiXhLg.exe
  2⤵
  PID:7996
- C:\Windows\System\grMxUSC.exe
  C:\Windows\System\grMxUSC.exe
  2⤵
  PID:8012
- C:\Windows\System\ustSRPa.exe
  C:\Windows\System\ustSRPa.exe
  2⤵
  PID:8028
- C:\Windows\System\MsWZSsj.exe
  C:\Windows\System\MsWZSsj.exe
  2⤵
  PID:8044
- C:\Windows\System\RRWtSOs.exe
  C:\Windows\System\RRWtSOs.exe
  2⤵
  PID:8060
- C:\Windows\System\TAsxRrw.exe
  C:\Windows\System\TAsxRrw.exe
  2⤵
  PID:8080
- C:\Windows\System\iDXpuzt.exe
  C:\Windows\System\iDXpuzt.exe
  2⤵
  PID:8108
- C:\Windows\System\XepuQNL.exe
  C:\Windows\System\XepuQNL.exe
  2⤵
  PID:8124
- C:\Windows\System\uIaWAqf.exe
  C:\Windows\System\uIaWAqf.exe
  2⤵
  PID:8140
- C:\Windows\System\dtIrqtB.exe
  C:\Windows\System\dtIrqtB.exe
  2⤵
  PID:8156
- C:\Windows\System\pPrmWai.exe
  C:\Windows\System\pPrmWai.exe
  2⤵
  PID:7164
- C:\Windows\System\iUOyLli.exe
  C:\Windows\System\iUOyLli.exe
  2⤵
  PID:5548
- C:\Windows\System\dolsxnp.exe
  C:\Windows\System\dolsxnp.exe
  2⤵
  PID:6248
- C:\Windows\System\jiyZGEX.exe
  C:\Windows\System\jiyZGEX.exe
  2⤵
  PID:6676
- C:\Windows\System\BHpwcFF.exe
  C:\Windows\System\BHpwcFF.exe
  2⤵
  PID:6696
- C:\Windows\System\DHNwUWf.exe
  C:\Windows\System\DHNwUWf.exe
  2⤵
  PID:7148
- C:\Windows\System\eEElncq.exe
  C:\Windows\System\eEElncq.exe
  2⤵
  PID:7224
- C:\Windows\System\SnvMEnF.exe
  C:\Windows\System\SnvMEnF.exe
  2⤵
  PID:7260
- C:\Windows\System\SGUSLsj.exe
  C:\Windows\System\SGUSLsj.exe
  2⤵
  PID:7288
- C:\Windows\System\UUwlcOl.exe
  C:\Windows\System\UUwlcOl.exe
  2⤵
  PID:7308
- C:\Windows\System\PvarnCS.exe
  C:\Windows\System\PvarnCS.exe
  2⤵
  PID:7348
- C:\Windows\System\XHrAtrD.exe
  C:\Windows\System\XHrAtrD.exe
  2⤵
  PID:7412
- C:\Windows\System\nImiYae.exe
  C:\Windows\System\nImiYae.exe
  2⤵
  PID:7504
- C:\Windows\System\XfTfcsY.exe
  C:\Windows\System\XfTfcsY.exe
  2⤵
  PID:7568
- C:\Windows\System\mqSuYPs.exe
  C:\Windows\System\mqSuYPs.exe
  2⤵
  PID:7364
- C:\Windows\System\RNesoaq.exe
  C:\Windows\System\RNesoaq.exe
  2⤵
  PID:7432
- C:\Windows\System\hltQhQR.exe
  C:\Windows\System\hltQhQR.exe
  2⤵
  PID:7664
- C:\Windows\System\iFLVTTb.exe
  C:\Windows\System\iFLVTTb.exe
  2⤵
  PID:7548
- C:\Windows\System\OnlViAz.exe
  C:\Windows\System\OnlViAz.exe
  2⤵
  PID:7616
- C:\Windows\System\WVWBkLI.exe
  C:\Windows\System\WVWBkLI.exe
  2⤵
  PID:7680
- C:\Windows\System\QLjdMvz.exe
  C:\Windows\System\QLjdMvz.exe
  2⤵
  PID:7832
- C:\Windows\System\vEZzekf.exe
  C:\Windows\System\vEZzekf.exe
  2⤵
  PID:7800
- C:\Windows\System\EaEczTr.exe
  C:\Windows\System\EaEczTr.exe
  2⤵
  PID:7692
- C:\Windows\System\OXTrQKb.exe
  C:\Windows\System\OXTrQKb.exe
  2⤵
  PID:7980
- C:\Windows\System\fXoPLZg.exe
  C:\Windows\System\fXoPLZg.exe
  2⤵
  PID:7696
- C:\Windows\System\lkEEnbq.exe
  C:\Windows\System\lkEEnbq.exe
  2⤵
  PID:7712
- C:\Windows\System\rJVkRxj.exe
  C:\Windows\System\rJVkRxj.exe
  2⤵
  PID:7848
- C:\Windows\System\rMMkhhg.exe
  C:\Windows\System\rMMkhhg.exe
  2⤵
  PID:7876
- C:\Windows\System\TbrBAdr.exe
  C:\Windows\System\TbrBAdr.exe
  2⤵
  PID:7928
- C:\Windows\System\kUcaenb.exe
  C:\Windows\System\kUcaenb.exe
  2⤵
  PID:8004
- C:\Windows\System\GJpwuGd.exe
  C:\Windows\System\GJpwuGd.exe
  2⤵
  PID:8052
- C:\Windows\System\tBfyiGo.exe
  C:\Windows\System\tBfyiGo.exe
  2⤵
  PID:8076
- C:\Windows\System\uuOlyzU.exe
  C:\Windows\System\uuOlyzU.exe
  2⤵
  PID:8136
- C:\Windows\System\AfNTbjS.exe
  C:\Windows\System\AfNTbjS.exe
  2⤵
  PID:7152
- C:\Windows\System\KymrCaI.exe
  C:\Windows\System\KymrCaI.exe
  2⤵
  PID:7212
- C:\Windows\System\qxLfvlT.exe
  C:\Windows\System\qxLfvlT.exe
  2⤵
  PID:8184
- C:\Windows\System\TJqIOiU.exe
  C:\Windows\System\TJqIOiU.exe
  2⤵
  PID:6332
- C:\Windows\System\EJcQiRd.exe
  C:\Windows\System\EJcQiRd.exe
  2⤵
  PID:7196
- C:\Windows\System\cjeDgBm.exe
  C:\Windows\System\cjeDgBm.exe
  2⤵
  PID:7244
- C:\Windows\System\wKvertp.exe
  C:\Windows\System\wKvertp.exe
  2⤵
  PID:7300
- C:\Windows\System\ENHCaES.exe
  C:\Windows\System\ENHCaES.exe
  2⤵
  PID:7220
- C:\Windows\System\osczwId.exe
  C:\Windows\System\osczwId.exe
  2⤵
  PID:7312
- C:\Windows\System\rrpukfr.exe
  C:\Windows\System\rrpukfr.exe
  2⤵
  PID:7488
- C:\Windows\System\TDSGxgT.exe
  C:\Windows\System\TDSGxgT.exe
  2⤵
  PID:7492
- C:\Windows\System\bmvxMwu.exe
  C:\Windows\System\bmvxMwu.exe
  2⤵
  PID:7452
- C:\Windows\System\JFDMXIk.exe
  C:\Windows\System\JFDMXIk.exe
  2⤵
  PID:7612
- C:\Windows\System\ApOtnEt.exe
  C:\Windows\System\ApOtnEt.exe
  2⤵
  PID:7464
- C:\Windows\System\GTTBIMH.exe
  C:\Windows\System\GTTBIMH.exe
  2⤵
  PID:7976
- C:\Windows\System\ASNZuSh.exe
  C:\Windows\System\ASNZuSh.exe
  2⤵
  PID:7736
- C:\Windows\System\AlFeSgr.exe
  C:\Windows\System\AlFeSgr.exe
  2⤵
  PID:7960
- C:\Windows\System\RDePxgK.exe
  C:\Windows\System\RDePxgK.exe
  2⤵
  PID:7816
- C:\Windows\System\TZtDznv.exe
  C:\Windows\System\TZtDznv.exe
  2⤵
  PID:8040
- C:\Windows\System\fsiVCWK.exe
  C:\Windows\System\fsiVCWK.exe
  2⤵
  PID:7924
- C:\Windows\System\OnpYiCf.exe
  C:\Windows\System\OnpYiCf.exe
  2⤵
  PID:8092
- C:\Windows\System\qTADrwb.exe
  C:\Windows\System\qTADrwb.exe
  2⤵
  PID:7184
- C:\Windows\System\KnFWjbb.exe
  C:\Windows\System\KnFWjbb.exe
  2⤵
  PID:7304
- C:\Windows\System\ErcnXgb.exe
  C:\Windows\System\ErcnXgb.exe
  2⤵
  PID:8152
- C:\Windows\System\gbaIJel.exe
  C:\Windows\System\gbaIJel.exe
  2⤵
  PID:8180
- C:\Windows\System\hYirPIY.exe
  C:\Windows\System\hYirPIY.exe
  2⤵
  PID:7564
- C:\Windows\System\IRqlJyq.exe
  C:\Windows\System\IRqlJyq.exe
  2⤵
  PID:7428
- C:\Windows\System\TlJlDNW.exe
  C:\Windows\System\TlJlDNW.exe
  2⤵
  PID:8172
- C:\Windows\System\iiqjhxZ.exe
  C:\Windows\System\iiqjhxZ.exe
  2⤵
  PID:7728
- C:\Windows\System\xlhHNeH.exe
  C:\Windows\System\xlhHNeH.exe
  2⤵
  PID:7828
- C:\Windows\System\ftEjcwu.exe
  C:\Windows\System\ftEjcwu.exe
  2⤵
  PID:8036
- C:\Windows\System\IWcsomj.exe
  C:\Windows\System\IWcsomj.exe
  2⤵
  PID:8120
- C:\Windows\System\UkZDbfU.exe
  C:\Windows\System\UkZDbfU.exe
  2⤵
  PID:7884
- C:\Windows\System\xjtKOdy.exe
  C:\Windows\System\xjtKOdy.exe
  2⤵
  PID:6504
- C:\Windows\System\PrUOQBh.exe
  C:\Windows\System\PrUOQBh.exe
  2⤵
  PID:7480
- C:\Windows\System\wjwAeMh.exe
  C:\Windows\System\wjwAeMh.exe
  2⤵
  PID:7232
- C:\Windows\System\tvfEDEE.exe
  C:\Windows\System\tvfEDEE.exe
  2⤵
  PID:7200
- C:\Windows\System\QIINSlF.exe
  C:\Windows\System\QIINSlF.exe
  2⤵
  PID:7496
- C:\Windows\System\WcMHYqA.exe
  C:\Windows\System\WcMHYqA.exe
  2⤵
  PID:8104
- C:\Windows\System\FmCesvd.exe
  C:\Windows\System\FmCesvd.exe
  2⤵
  PID:8068
- C:\Windows\System\RZgIXve.exe
  C:\Windows\System\RZgIXve.exe
  2⤵
  PID:8088
- C:\Windows\System\tgXUWPD.exe
  C:\Windows\System\tgXUWPD.exe
  2⤵
  PID:7316
- C:\Windows\System\xzKEStD.exe
  C:\Windows\System\xzKEStD.exe
  2⤵
  PID:7956
- C:\Windows\System\JZreYbA.exe
  C:\Windows\System\JZreYbA.exe
  2⤵
  PID:8176
- C:\Windows\System\HuORQHn.exe
  C:\Windows\System\HuORQHn.exe
  2⤵
  PID:7944
- C:\Windows\System\CeRuZST.exe
  C:\Windows\System\CeRuZST.exe
  2⤵
  PID:7600
- C:\Windows\System\bszHMxu.exe
  C:\Windows\System\bszHMxu.exe
  2⤵
  PID:7768
- C:\Windows\System\mHumonE.exe
  C:\Windows\System\mHumonE.exe
  2⤵
  PID:8072
- C:\Windows\System\ZfFeOvr.exe
  C:\Windows\System\ZfFeOvr.exe
  2⤵
  PID:7704
- C:\Windows\System\RUimYwD.exe
  C:\Windows\System\RUimYwD.exe
  2⤵
  PID:7784
- C:\Windows\System\kVdLbUm.exe
  C:\Windows\System\kVdLbUm.exe
  2⤵
  PID:8200
- C:\Windows\System\QDuXqeE.exe
  C:\Windows\System\QDuXqeE.exe
  2⤵
  PID:8216
- C:\Windows\System\YnVbSJl.exe
  C:\Windows\System\YnVbSJl.exe
  2⤵
  PID:8232
- C:\Windows\System\zwfLJNv.exe
  C:\Windows\System\zwfLJNv.exe
  2⤵
  PID:8268
- C:\Windows\System\DTTijdE.exe
  C:\Windows\System\DTTijdE.exe
  2⤵
  PID:8284
- C:\Windows\System\ZkjYBkO.exe
  C:\Windows\System\ZkjYBkO.exe
  2⤵
  PID:8300
- C:\Windows\System\KSuNkZI.exe
  C:\Windows\System\KSuNkZI.exe
  2⤵
  PID:8316
- C:\Windows\System\XCuXUzl.exe
  C:\Windows\System\XCuXUzl.exe
  2⤵
  PID:8344
- C:\Windows\System\NcoiEwd.exe
  C:\Windows\System\NcoiEwd.exe
  2⤵
  PID:8368
- C:\Windows\System\DRYEwct.exe
  C:\Windows\System\DRYEwct.exe
  2⤵
  PID:8384
- C:\Windows\System\utLSDvG.exe
  C:\Windows\System\utLSDvG.exe
  2⤵
  PID:8404
- C:\Windows\System\fqGXtiZ.exe
  C:\Windows\System\fqGXtiZ.exe
  2⤵
  PID:8436
- C:\Windows\System\kvcOmZD.exe
  C:\Windows\System\kvcOmZD.exe
  2⤵
  PID:8456
- C:\Windows\System\LQNdiPf.exe
  C:\Windows\System\LQNdiPf.exe
  2⤵
  PID:8472
- C:\Windows\System\lBsUEfy.exe
  C:\Windows\System\lBsUEfy.exe
  2⤵
  PID:8496
- C:\Windows\System\pDRUzmF.exe
  C:\Windows\System\pDRUzmF.exe
  2⤵
  PID:8512
- C:\Windows\System\hzJodwa.exe
  C:\Windows\System\hzJodwa.exe
  2⤵
  PID:8532
- C:\Windows\System\mIeBOsm.exe
  C:\Windows\System\mIeBOsm.exe
  2⤵
  PID:8556
- C:\Windows\System\SNfFLnc.exe
  C:\Windows\System\SNfFLnc.exe
  2⤵
  PID:8572
- C:\Windows\System\hUVjcMy.exe
  C:\Windows\System\hUVjcMy.exe
  2⤵
  PID:8588
- C:\Windows\System\LMTAmxs.exe
  C:\Windows\System\LMTAmxs.exe
  2⤵
  PID:8608
- C:\Windows\System\HXJBTtO.exe
  C:\Windows\System\HXJBTtO.exe
  2⤵
  PID:8628
- C:\Windows\System\TgawapI.exe
  C:\Windows\System\TgawapI.exe
  2⤵
  PID:8644
- C:\Windows\System\CajJZwt.exe
  C:\Windows\System\CajJZwt.exe
  2⤵
  PID:8664
- C:\Windows\System\vKOUIqr.exe
  C:\Windows\System\vKOUIqr.exe
  2⤵
  PID:8688
- C:\Windows\System\DbOgkvp.exe
  C:\Windows\System\DbOgkvp.exe
  2⤵
  PID:8708
- C:\Windows\System\HNdFusP.exe
  C:\Windows\System\HNdFusP.exe
  2⤵
  PID:8728
- C:\Windows\System\adXTvzj.exe
  C:\Windows\System\adXTvzj.exe
  2⤵
  PID:8748
- C:\Windows\System\owZlWNi.exe
  C:\Windows\System\owZlWNi.exe
  2⤵
  PID:8776
- C:\Windows\System\nTUQndX.exe
  C:\Windows\System\nTUQndX.exe
  2⤵
  PID:8792
- C:\Windows\System\yBTHmjU.exe
  C:\Windows\System\yBTHmjU.exe
  2⤵
  PID:8812
- C:\Windows\System\ycxqeNS.exe
  C:\Windows\System\ycxqeNS.exe
  2⤵
  PID:8832
- C:\Windows\System\hHoAiKq.exe
  C:\Windows\System\hHoAiKq.exe
  2⤵
  PID:8852
- C:\Windows\System\gXeEmgW.exe
  C:\Windows\System\gXeEmgW.exe
  2⤵
  PID:8884
- C:\Windows\System\sFFYMWe.exe
  C:\Windows\System\sFFYMWe.exe
  2⤵
  PID:8904
- C:\Windows\System\UqjWBAc.exe
  C:\Windows\System\UqjWBAc.exe
  2⤵
  PID:8920
- C:\Windows\System\pfEMGXj.exe
  C:\Windows\System\pfEMGXj.exe
  2⤵
  PID:8936
- C:\Windows\System\hZTDZGa.exe
  C:\Windows\System\hZTDZGa.exe
  2⤵
  PID:8964
- C:\Windows\System\PEOXtoC.exe
  C:\Windows\System\PEOXtoC.exe
  2⤵
  PID:8980
- C:\Windows\System\BPQLDNg.exe
  C:\Windows\System\BPQLDNg.exe
  2⤵
  PID:9008
- C:\Windows\System\fAtRqpV.exe
  C:\Windows\System\fAtRqpV.exe
  2⤵
  PID:9024
- C:\Windows\System\eHlCrSk.exe
  C:\Windows\System\eHlCrSk.exe
  2⤵
  PID:9040
- C:\Windows\System\jPAiBmU.exe
  C:\Windows\System\jPAiBmU.exe
  2⤵
  PID:9068
- C:\Windows\System\vyYwqqq.exe
  C:\Windows\System\vyYwqqq.exe
  2⤵
  PID:9084
- C:\Windows\System\SKxctDn.exe
  C:\Windows\System\SKxctDn.exe
  2⤵
  PID:9100
- C:\Windows\System\HICNbOR.exe
  C:\Windows\System\HICNbOR.exe
  2⤵
  PID:9116
- C:\Windows\System\RrEldKZ.exe
  C:\Windows\System\RrEldKZ.exe
  2⤵
  PID:9136
- C:\Windows\System\LsvmGdA.exe
  C:\Windows\System\LsvmGdA.exe
  2⤵
  PID:9152
- C:\Windows\System\ViWSzme.exe
  C:\Windows\System\ViWSzme.exe
  2⤵
  PID:9168
- C:\Windows\System\VwKqoZI.exe
  C:\Windows\System\VwKqoZI.exe
  2⤵
  PID:9184
- C:\Windows\System\YxPuxRh.exe
  C:\Windows\System\YxPuxRh.exe
  2⤵
  PID:9200
- C:\Windows\System\BzLdCix.exe
  C:\Windows\System\BzLdCix.exe
  2⤵
  PID:8248
- C:\Windows\System\MOnIDPM.exe
  C:\Windows\System\MOnIDPM.exe
  2⤵
  PID:8276
- C:\Windows\System\XmYJKTV.exe
  C:\Windows\System\XmYJKTV.exe
  2⤵
  PID:8312
- C:\Windows\System\iRHrPZh.exe
  C:\Windows\System\iRHrPZh.exe
  2⤵
  PID:8352
- C:\Windows\System\NVvEIPD.exe
  C:\Windows\System\NVvEIPD.exe
  2⤵
  PID:8364
- C:\Windows\System\XxMwjfR.exe
  C:\Windows\System\XxMwjfR.exe
  2⤵
  PID:7864
- C:\Windows\System\fqBfnIr.exe
  C:\Windows\System\fqBfnIr.exe
  2⤵
  PID:8432
- C:\Windows\System\LarEPQP.exe
  C:\Windows\System\LarEPQP.exe
  2⤵
  PID:8464
- C:\Windows\System\GZETXqd.exe
  C:\Windows\System\GZETXqd.exe
  2⤵
  PID:8488
- C:\Windows\System\pfKfrqA.exe
  C:\Windows\System\pfKfrqA.exe
  2⤵
  PID:8520
- C:\Windows\System\CHkjrPN.exe
  C:\Windows\System\CHkjrPN.exe
  2⤵
  PID:8596
- C:\Windows\System\DYXJXkW.exe
  C:\Windows\System\DYXJXkW.exe
  2⤵
  PID:8676
- C:\Windows\System\phgwZej.exe
  C:\Windows\System\phgwZej.exe
  2⤵
  PID:8584
- C:\Windows\System\VVQUsFj.exe
  C:\Windows\System\VVQUsFj.exe
  2⤵
  PID:8756
- C:\Windows\System\isenPoC.exe
  C:\Windows\System\isenPoC.exe
  2⤵
  PID:8624
- C:\Windows\System\yHXsahe.exe
  C:\Windows\System\yHXsahe.exe
  2⤵
  PID:8656
- C:\Windows\System\gAtSEFl.exe
  C:\Windows\System\gAtSEFl.exe
  2⤵
  PID:8744
- C:\Windows\System\NMxzEqN.exe
  C:\Windows\System\NMxzEqN.exe
  2⤵
  PID:8840
- C:\Windows\System\OKyAUEG.exe
  C:\Windows\System\OKyAUEG.exe
  2⤵
  PID:8820
- C:\Windows\System\nTwaLYn.exe
  C:\Windows\System\nTwaLYn.exe
  2⤵
  PID:8860
- C:\Windows\System\QDxrhnn.exe
  C:\Windows\System\QDxrhnn.exe
  2⤵
  PID:8872
- C:\Windows\System\iagDkTo.exe
  C:\Windows\System\iagDkTo.exe
  2⤵
  PID:8900
- C:\Windows\System\skTLQuu.exe
  C:\Windows\System\skTLQuu.exe
  2⤵
  PID:8948
- C:\Windows\System\ZqFEDag.exe
  C:\Windows\System\ZqFEDag.exe
  2⤵
  PID:8972
- C:\Windows\System\yBHGhaD.exe
  C:\Windows\System\yBHGhaD.exe
  2⤵
  PID:8996
- C:\Windows\System\PWzMFLO.exe
  C:\Windows\System\PWzMFLO.exe
  2⤵
  PID:9076
- C:\Windows\System\nWtMMYQ.exe
  C:\Windows\System\nWtMMYQ.exe
  2⤵
  PID:9132
- C:\Windows\System\ShINCMb.exe
  C:\Windows\System\ShINCMb.exe
  2⤵
  PID:9180
- C:\Windows\System\pMCTXEL.exe
  C:\Windows\System\pMCTXEL.exe
  2⤵
  PID:9148
- C:\Windows\System\HgrkdPA.exe
  C:\Windows\System\HgrkdPA.exe
  2⤵
  PID:8196
- C:\Windows\System\TbIoBxc.exe
  C:\Windows\System\TbIoBxc.exe
  2⤵
  PID:8208
- C:\Windows\System\aAxEOfU.exe
  C:\Windows\System\aAxEOfU.exe
  2⤵
  PID:8324
- C:\Windows\System\OEUCIXz.exe
  C:\Windows\System\OEUCIXz.exe
  2⤵
  PID:8360
- C:\Windows\System\jCBXZko.exe
  C:\Windows\System\jCBXZko.exe
  2⤵
  PID:8380
- C:\Windows\System\FbPMJff.exe
  C:\Windows\System\FbPMJff.exe
  2⤵
  PID:9000
- C:\Windows\System\KEURwAa.exe
  C:\Windows\System\KEURwAa.exe
  2⤵
  PID:8540
- C:\Windows\System\rufpgLj.exe
  C:\Windows\System\rufpgLj.exe
  2⤵
  PID:8636
- C:\Windows\System\uPnVsMI.exe
  C:\Windows\System\uPnVsMI.exe
  2⤵
  PID:8684
- C:\Windows\System\ApUEnpD.exe
  C:\Windows\System\ApUEnpD.exe
  2⤵
  PID:8696
- C:\Windows\System\rlaHNPb.exe
  C:\Windows\System\rlaHNPb.exe
  2⤵
  PID:8892
- C:\Windows\System\zbYCXGc.exe
  C:\Windows\System\zbYCXGc.exe
  2⤵
  PID:8652
- C:\Windows\System\rJOayyC.exe
  C:\Windows\System\rJOayyC.exe
  2⤵
  PID:8916
- C:\Windows\System\gzEUsVG.exe
  C:\Windows\System\gzEUsVG.exe
  2⤵
  PID:9016
- C:\Windows\System\cLmavuA.exe
  C:\Windows\System\cLmavuA.exe
  2⤵
  PID:9056
- C:\Windows\System\VyTHLlv.exe
  C:\Windows\System\VyTHLlv.exe
  2⤵
  PID:9052
- C:\Windows\System\WnzqjiE.exe
  C:\Windows\System\WnzqjiE.exe
  2⤵
  PID:9124
- C:\Windows\System\aynYZCC.exe
  C:\Windows\System\aynYZCC.exe
  2⤵
  PID:9112
- C:\Windows\System\XbQXhZa.exe
  C:\Windows\System\XbQXhZa.exe
  2⤵
  PID:8244
- C:\Windows\System\RElYxeX.exe
  C:\Windows\System\RElYxeX.exe
  2⤵
  PID:8396
- C:\Windows\System\mItYHyI.exe
  C:\Windows\System\mItYHyI.exe
  2⤵
  PID:8392
- C:\Windows\System\yJevdQj.exe
  C:\Windows\System\yJevdQj.exe
  2⤵
  PID:8508
- C:\Windows\System\FJmqaEE.exe
  C:\Windows\System\FJmqaEE.exe
  2⤵
  PID:8580
- C:\Windows\System\jbwQSxQ.exe
  C:\Windows\System\jbwQSxQ.exe
  2⤵
  PID:8804
- C:\Windows\System\CyXZkET.exe
  C:\Windows\System\CyXZkET.exe
  2⤵
  PID:8740
- C:\Windows\System\ZaPJXZd.exe
  C:\Windows\System\ZaPJXZd.exe
  2⤵
  PID:8928
- C:\Windows\System\gspXkvL.exe
  C:\Windows\System\gspXkvL.exe
  2⤵
  PID:8992
- C:\Windows\System\cgfYFrr.exe
  C:\Windows\System\cgfYFrr.exe
  2⤵
  PID:9164
- C:\Windows\System\PYJyaEI.exe
  C:\Windows\System\PYJyaEI.exe
  2⤵
  PID:8212
- C:\Windows\System\AdraLbB.exe
  C:\Windows\System\AdraLbB.exe
  2⤵
  PID:8376
- C:\Windows\System\dFbdnFA.exe
  C:\Windows\System\dFbdnFA.exe
  2⤵
  PID:8528
- C:\Windows\System\mRHnSld.exe
  C:\Windows\System\mRHnSld.exe
  2⤵
  PID:8552
- C:\Windows\System\eMIifEx.exe
  C:\Windows\System\eMIifEx.exe
  2⤵
  PID:8784
- C:\Windows\System\GJBOAtM.exe
  C:\Windows\System\GJBOAtM.exe
  2⤵
  PID:8988
- C:\Windows\System\ATVKShP.exe
  C:\Windows\System\ATVKShP.exe
  2⤵
  PID:9208
- C:\Windows\System\hAyEzDY.exe
  C:\Windows\System\hAyEzDY.exe
  2⤵
  PID:8264
- C:\Windows\System\ykZGpPc.exe
  C:\Windows\System\ykZGpPc.exe
  2⤵
  PID:8568
- C:\Windows\System\ALWEFnA.exe
  C:\Windows\System\ALWEFnA.exe
  2⤵
  PID:8976
- C:\Windows\System\OMjhVUC.exe
  C:\Windows\System\OMjhVUC.exe
  2⤵
  PID:8328
- C:\Windows\System\nLwYttX.exe
  C:\Windows\System\nLwYttX.exe
  2⤵
  PID:8868
- C:\Windows\System\gqGTeee.exe
  C:\Windows\System\gqGTeee.exe
  2⤵
  PID:8420
- C:\Windows\System\fFGTOnV.exe
  C:\Windows\System\fFGTOnV.exe
  2⤵
  PID:8960
- C:\Windows\System\JmKZFEH.exe
  C:\Windows\System\JmKZFEH.exe
  2⤵
  PID:8772
- C:\Windows\System\UHfPaJc.exe
  C:\Windows\System\UHfPaJc.exe
  2⤵
  PID:9232
- C:\Windows\System\hbYhpml.exe
  C:\Windows\System\hbYhpml.exe
  2⤵
  PID:9252
- C:\Windows\System\OnFoPTE.exe
  C:\Windows\System\OnFoPTE.exe
  2⤵
  PID:9276
- C:\Windows\System\kLuVxFm.exe
  C:\Windows\System\kLuVxFm.exe
  2⤵
  PID:9296
- C:\Windows\System\qQlnlHI.exe
  C:\Windows\System\qQlnlHI.exe
  2⤵
  PID:9320
- C:\Windows\System\SiURtPx.exe
  C:\Windows\System\SiURtPx.exe
  2⤵
  PID:9340
- C:\Windows\System\olhgvNQ.exe
  C:\Windows\System\olhgvNQ.exe
  2⤵
  PID:9360
- C:\Windows\System\FHOItjM.exe
  C:\Windows\System\FHOItjM.exe
  2⤵
  PID:9380
- C:\Windows\System\VsPYdEd.exe
  C:\Windows\System\VsPYdEd.exe
  2⤵
  PID:9400
- C:\Windows\System\EdhuVCK.exe
  C:\Windows\System\EdhuVCK.exe
  2⤵
  PID:9428
- C:\Windows\System\OIJEMdw.exe
  C:\Windows\System\OIJEMdw.exe
  2⤵
  PID:9448
- C:\Windows\System\amCCeUB.exe
  C:\Windows\System\amCCeUB.exe
  2⤵
  PID:9464
- C:\Windows\System\HaeVqOq.exe
  C:\Windows\System\HaeVqOq.exe
  2⤵
  PID:9480
- C:\Windows\System\DkFJRrZ.exe
  C:\Windows\System\DkFJRrZ.exe
  2⤵
  PID:9496
- C:\Windows\System\yzBZrjI.exe
  C:\Windows\System\yzBZrjI.exe
  2⤵
  PID:9516
- C:\Windows\System\RjRXyYr.exe
  C:\Windows\System\RjRXyYr.exe
  2⤵
  PID:9532
- C:\Windows\System\AvIATEz.exe
  C:\Windows\System\AvIATEz.exe
  2⤵
  PID:9576
- C:\Windows\System\MSEPnXZ.exe
  C:\Windows\System\MSEPnXZ.exe
  2⤵
  PID:9592
- C:\Windows\System\yiQDGZk.exe
  C:\Windows\System\yiQDGZk.exe
  2⤵
  PID:9612
- C:\Windows\System\KcLpBts.exe
  C:\Windows\System\KcLpBts.exe
  2⤵
  PID:9636
- C:\Windows\System\KRRvqAE.exe
  C:\Windows\System\KRRvqAE.exe
  2⤵
  PID:9652
- C:\Windows\System\wbVwSHo.exe
  C:\Windows\System\wbVwSHo.exe
  2⤵
  PID:9672
- C:\Windows\System\lmAsPAe.exe
  C:\Windows\System\lmAsPAe.exe
  2⤵
  PID:9696
- C:\Windows\System\yxEpseP.exe
  C:\Windows\System\yxEpseP.exe
  2⤵
  PID:9712
- C:\Windows\System\mvkWajH.exe
  C:\Windows\System\mvkWajH.exe
  2⤵
  PID:9732
- C:\Windows\System\tsCgbtM.exe
  C:\Windows\System\tsCgbtM.exe
  2⤵
  PID:9752
- C:\Windows\System\FGBfZKb.exe
  C:\Windows\System\FGBfZKb.exe
  2⤵
  PID:9772
- C:\Windows\System\vOSJoOb.exe
  C:\Windows\System\vOSJoOb.exe
  2⤵
  PID:9788
- C:\Windows\System\JOWqrVi.exe
  C:\Windows\System\JOWqrVi.exe
  2⤵
  PID:9804
- C:\Windows\System\sPzChbb.exe
  C:\Windows\System\sPzChbb.exe
  2⤵
  PID:9836
- C:\Windows\System\fAwOwpm.exe
  C:\Windows\System\fAwOwpm.exe
  2⤵
  PID:9852
- C:\Windows\System\LtMuusP.exe
  C:\Windows\System\LtMuusP.exe
  2⤵
  PID:9872
- C:\Windows\System\DguDRPD.exe
  C:\Windows\System\DguDRPD.exe
  2⤵
  PID:9888
- C:\Windows\System\XzIJKFB.exe
  C:\Windows\System\XzIJKFB.exe
  2⤵
  PID:9904
- C:\Windows\System\puTuLZU.exe
  C:\Windows\System\puTuLZU.exe
  2⤵
  PID:9920
- C:\Windows\System\EAUexlh.exe
  C:\Windows\System\EAUexlh.exe
  2⤵
  PID:9936
- C:\Windows\System\ktCBLrv.exe
  C:\Windows\System\ktCBLrv.exe
  2⤵
  PID:9952
- C:\Windows\System\NeiypCL.exe
  C:\Windows\System\NeiypCL.exe
  2⤵
  PID:9968
- C:\Windows\System\hWbqjpm.exe
  C:\Windows\System\hWbqjpm.exe
  2⤵
  PID:9984
- C:\Windows\System\bpdvdft.exe
  C:\Windows\System\bpdvdft.exe
  2⤵
  PID:10024
- C:\Windows\System\ZQzKHAE.exe
  C:\Windows\System\ZQzKHAE.exe
  2⤵
  PID:10044
- C:\Windows\System\TWAhfHt.exe
  C:\Windows\System\TWAhfHt.exe
  2⤵
  PID:10060
- C:\Windows\System\tjymmra.exe
  C:\Windows\System\tjymmra.exe
  2⤵
  PID:10076
- C:\Windows\System\CXOEgct.exe
  C:\Windows\System\CXOEgct.exe
  2⤵
  PID:10092
- C:\Windows\System\aDWXRzV.exe
  C:\Windows\System\aDWXRzV.exe
  2⤵
  PID:10116
- C:\Windows\System\ovOkQQL.exe
  C:\Windows\System\ovOkQQL.exe
  2⤵
  PID:10136
- C:\Windows\System\uGwtJXP.exe
  C:\Windows\System\uGwtJXP.exe
  2⤵
  PID:10176
- C:\Windows\System\vCcNjiO.exe
  C:\Windows\System\vCcNjiO.exe
  2⤵
  PID:10200
- C:\Windows\System\weCkJMa.exe
  C:\Windows\System\weCkJMa.exe
  2⤵
  PID:10224
- C:\Windows\System\gyHrlwS.exe
  C:\Windows\System\gyHrlwS.exe
  2⤵
  PID:8356
- C:\Windows\System\lAtrdpU.exe
  C:\Windows\System\lAtrdpU.exe
  2⤵
  PID:8848
- C:\Windows\System\guHSvZN.exe
  C:\Windows\System\guHSvZN.exe
  2⤵
  PID:9264
- C:\Windows\System\GXRmcjj.exe
  C:\Windows\System\GXRmcjj.exe
  2⤵
  PID:9288
- C:\Windows\System\bhXqxyS.exe
  C:\Windows\System\bhXqxyS.exe
  2⤵
  PID:9312
- C:\Windows\System\QLCTMjs.exe
  C:\Windows\System\QLCTMjs.exe
  2⤵
  PID:9388
- C:\Windows\System\lSxwOPp.exe
  C:\Windows\System\lSxwOPp.exe
  2⤵
  PID:9424
- C:\Windows\System\EYCrCqY.exe
  C:\Windows\System\EYCrCqY.exe
  2⤵
  PID:9456
- C:\Windows\System\ijVlaOc.exe
  C:\Windows\System\ijVlaOc.exe
  2⤵
  PID:9524
- C:\Windows\System\cYduxAI.exe
  C:\Windows\System\cYduxAI.exe
  2⤵
  PID:9476
- C:\Windows\System\RqEzjfx.exe
  C:\Windows\System\RqEzjfx.exe
  2⤵
  PID:9508
- C:\Windows\System\tCwvJug.exe
  C:\Windows\System\tCwvJug.exe
  2⤵
  PID:9572
- C:\Windows\System\zZhGWpx.exe
  C:\Windows\System\zZhGWpx.exe
  2⤵
  PID:9600
- C:\Windows\System\ELtDHso.exe
  C:\Windows\System\ELtDHso.exe
  2⤵
  PID:9628
- C:\Windows\System\lTHzCjL.exe
  C:\Windows\System\lTHzCjL.exe
  2⤵
  PID:9648
- C:\Windows\System\SXjnruG.exe
  C:\Windows\System\SXjnruG.exe
  2⤵
  PID:9704
- C:\Windows\System\ePPVGEi.exe
  C:\Windows\System\ePPVGEi.exe
  2⤵
  PID:9740
- C:\Windows\System\IlTRNwt.exe
  C:\Windows\System\IlTRNwt.exe
  2⤵
  PID:9764
- C:\Windows\System\sVMkIHh.exe
  C:\Windows\System\sVMkIHh.exe
  2⤵
  PID:9800
- C:\Windows\System\wqrJMrJ.exe
  C:\Windows\System\wqrJMrJ.exe
  2⤵
  PID:9860
- C:\Windows\System\xrLicuK.exe
  C:\Windows\System\xrLicuK.exe
  2⤵
  PID:9900
- C:\Windows\System\kcaGvUG.exe
  C:\Windows\System\kcaGvUG.exe
  2⤵
  PID:9992
- C:\Windows\System\GEUJqwe.exe
  C:\Windows\System\GEUJqwe.exe
  2⤵
  PID:10016
- C:\Windows\System\NRaazpT.exe
  C:\Windows\System\NRaazpT.exe
  2⤵
  PID:9996
- C:\Windows\System\wPzCJQz.exe
  C:\Windows\System\wPzCJQz.exe
  2⤵
  PID:9944
- C:\Windows\System\tQkHyGI.exe
  C:\Windows\System\tQkHyGI.exe
  2⤵
  PID:9980
- C:\Windows\System\pcAyfMc.exe
  C:\Windows\System\pcAyfMc.exe
  2⤵
  PID:10184
- C:\Windows\System\SwFlqEc.exe
  C:\Windows\System\SwFlqEc.exe
  2⤵
  PID:10172
- C:\Windows\System\mYFBvzk.exe
  C:\Windows\System\mYFBvzk.exe
  2⤵
  PID:10152
- C:\Windows\System\VzQotqK.exe
  C:\Windows\System\VzQotqK.exe
  2⤵
  PID:10196
- C:\Windows\System\jNqIABS.exe
  C:\Windows\System\jNqIABS.exe
  2⤵
  PID:10212
- C:\Windows\System\aQOtRRt.exe
  C:\Windows\System\aQOtRRt.exe
  2⤵
  PID:9228
- C:\Windows\System\OLXkYCx.exe
  C:\Windows\System\OLXkYCx.exe
  2⤵
  PID:9272
- C:\Windows\System\xwEiePO.exe
  C:\Windows\System\xwEiePO.exe
  2⤵
  PID:9356
- C:\Windows\System\RWympnC.exe
  C:\Windows\System\RWympnC.exe
  2⤵
  PID:9352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EalSvmP.exe

Filesize
6.0MB

MD5
457d246fd25907b7ccd57dfad374af1c

SHA1
49efb8e9e68e27886c3dd50e5243c6211e1bd021

SHA256
6b1ca4a9d38a8843050e046c926a0e9559622ba4abaf039bd2909b8d999d3988

SHA512
97cde08ccc7426769518e01e6f8c0d4cf9d2dcd09e19359fcd4ca3bf3c56ef9b30422ea60e13acf0a03701c69e58976de75c2a789f3279b4de51596db6e680af

Download Submit
C:\Windows\system\EmtcGSW.exe

Filesize
6.0MB

MD5
99fc53b11d3d49079862553b07b35ec9

SHA1
546a001c9273abf2e7da85aec2884c7bc392a103

SHA256
8cc4d72fcb09d6b10a1c2ebb1e61c9fb6d9e813b1a1436a16d18a7dcfc26a2bf

SHA512
0387eac56ed1964f6b58d014f3d131f022f7a4fd3ac9d436a6fc272fbf0c2cd183df21b9ed7182740f6ab6f6ac8521aa7b80a34981805db912f9e35ec2100aca

Download Submit
C:\Windows\system\GUxNjWH.exe

Filesize
6.0MB

MD5
c9e6e42864875a13b637671f9597b955

SHA1
56ac64594666ab9f2838e44bf9255a5cb108432e

SHA256
3cb4b5e380c17ed1ab735396bbad9466d1c690ed5768baf8bfcd981edc4695f3

SHA512
8bffa7fa9460e6c727e3274c39cd58b0a09caad768cd536b9f83bc0b89db98a00bb1b16b5eb0248130515eab318f2812f2e787f73f96d96412e5988c84c157a2

Download Submit
C:\Windows\system\HwRLMqy.exe

Filesize
6.0MB

MD5
fc6b1668268a980f5e8e85d0042b6758

SHA1
1bacb7bd7a7cc6e3b591c2c42be6041b6ed42f71

SHA256
5c30203ef07a90d2ec824431d7450da4b8877f044723781d5e1defa6783ffa97

SHA512
3179f3690d64eb034f881d5e129cfff861c9a91f5005f0abf33909f5fe9ee7f91933e5b18ae58a0843611be8efd01f889bcaaf63ddd6a23d1ef660c5cb3bcae2

Download Submit
C:\Windows\system\IBNtdOO.exe

Filesize
6.0MB

MD5
6623f680aba4c59b9ad782d6d3ca0c4a

SHA1
488972c817c3db53e385dd5e96d7284de91d2c1b

SHA256
f9d0ae50aa31c9320c209aa8568fb630569b628b5256dd390a8efaae008851aa

SHA512
870bb540fa906ab9cfd72594f94ef021506bcbf913f8c36588f54a57caf5e72d093241ae70acbfc43b7deacaaa849f2457382994a898b691aa98451dbe55c2f4

Download Submit
C:\Windows\system\ILHpmgq.exe

Filesize
6.0MB

MD5
01323e51db31df432769ba1ee6a0cdeb

SHA1
1c787c2063f2d9b27668b02ce03afc6e649f428b

SHA256
43ac154fb9afbfe1cb920df061c8517fca8843446287b2d868a9566645dca60f

SHA512
d368890229988f2950d2a17db5d533328acc9d70cbe1140b68b21d6e91880f7cb04c945351fbe3dfae8ed3d7ddae64fd932f44f07d4261c459b4d99a7e5e2bfb

Download Submit
C:\Windows\system\IQHXrwW.exe

Filesize
6.0MB

MD5
c493ea893a8664df992ca36f879e243b

SHA1
6a8655bdd4b79e11d5f4231c93e69078e31da100

SHA256
71995bcde36a6f1494b58234616b2d6cec7c8556ddd7075b0b4a8ed1716ad29d

SHA512
e130d64e9d3789312b6775bfc459b46b6daa5b2ac2c2b2b85a5e3491babd66ffd968509a2c0b00d61d45ddd7cb2300d7f75522a5aefcb46f63f4c21251a9f5d6

Download Submit
C:\Windows\system\MHLHZPt.exe

Filesize
6.0MB

MD5
314c880dc597780e18aa91874c9b61b6

SHA1
4c23dbfcdeba7646e86659ddf7580f43f20eca7b

SHA256
79f1a5962c30923956cf7f25d8f1e510b77056f89c9873ddc212267e547d6093

SHA512
69d1809d94d79fe83f9ab3dbc35f4e425133109fb988829523bbec57665aa9ece7f171f48338da344f7c3d1fa4c3ba14940843f7b1a90af12fc96c10fbcefbbc

Download Submit
C:\Windows\system\MUUOtYV.exe

Filesize
8B

MD5
4cff11d7a63b8eda00b8212eb73a61a6

SHA1
55212ccbd9de958423f1cb94b8b389d82140d27f

SHA256
3b12337388462d596724179cdce820569844bbc48886e6121bcf67be780279cb

SHA512
53c56096c560c0ee3c5d21d73a1c1995262abc0ce37d00af3bd2404d0acc56897f05f101b26927846d3f0bfb68c4ead4d47e00ef4f1aa04a15656d0c3c91c15f

Download Submit
C:\Windows\system\NaMoaZy.exe

Filesize
6.0MB

MD5
277fcf7f19cbd9687597064911e1292f

SHA1
9acc11303fe5969788ab84f329e7ec0913bb69ee

SHA256
3237f152fa673015dbb609c62a88758fc4bc923ede9acadd63619fe2a21acf58

SHA512
6f5950fb19b14ff0931603dfb6bdd02687808670a17e3595a8380c92ce336b0cab2545863eb5eea373511a829a0e896edbaa1a24bd21689adf5aa0a0a718b1a8

Download Submit
C:\Windows\system\OESpTVu.exe

Filesize
6.0MB

MD5
c993279902821f1af48804d7765010fc

SHA1
dcf667c155643da252d16808a691127d1f1c2253

SHA256
fa1dbdb530f9109f6b23403313895295f771475f249f1b78a1c99c1739fbb106

SHA512
e4b4b9af87904713885ff1f21885030e86b067beaec54f4b5e6e62177cf1b7947c9227d401f1df3605dafb8292c9e552315a7d4573bbf298c770a099b584c13c

Download Submit
C:\Windows\system\PlerhNk.exe

Filesize
6.0MB

MD5
96fd681ca3a2ba2f28324d12ad9e663b

SHA1
411f396b8a2771cdb4c26695fb3c2d4cb7e4e201

SHA256
5bbcb58882605938a3ba95d163c743e3c2b0baaca608f372006c8167269c4da3

SHA512
ad2c3f628359dc8c50b841573a5a69be8e7bab077727cc2eb38c64603f29f4ef27c356ebb51ebf2ffc351dfffb63021f628d92e6beba4a9d8689407acdd6aaf4

Download Submit
C:\Windows\system\PspfJMS.exe

Filesize
6.0MB

MD5
8b0a1a1515c4c807c29634d753e4c3aa

SHA1
47a79ab05859d0fb42e3105a8ba9df385357ad75

SHA256
c20b5a32a1360e30d4a7d1b8e6cac99113d49b4851da0524cf0c4d19aa300885

SHA512
4b532b75afc6ec7774a1525e7a57c48f3d89f7d7c2303378655745359f0caf6edf263019d7eab655d7c3b1a3a97ced9a825aabd857e0dcb30cb9b2fcb167a004

Download Submit
C:\Windows\system\UeIfEGu.exe

Filesize
6.0MB

MD5
e9b79e1bde0dbcab54ebc3997b234243

SHA1
de4ff32fd7b404a9572dcdf41c022fd96f0ea155

SHA256
83462c4fe5c40a9b0a37c550ab8a9da30174fcfbebe75d5d9072494e49a8d10c

SHA512
0321628ab241ff922f408eecf9e8d5a3f9cb470e4d998033145a8b607919a9690f5f8196f5b61bd59510f56fe3f04aab34a3c6f999ec32240370ac5838019f95

Download Submit
C:\Windows\system\bKvpdEF.exe

Filesize
6.0MB

MD5
6f277ec555c9f6421273da413caa512d

SHA1
d2fba9ca77984284b068a47828ba6c9ca44e478f

SHA256
ae0e5a906c14666f1a619c557b081b8bab1c31542b45f010a73f6021f02b23f8

SHA512
cafa4624b3d51d372e081d9fe0063850a0634da7344e3ba1978e93a26b827c4200c369e5ba02f6be11433dd8e219061a89607abe14b932dd96c0c2aad7802a1f

Download Submit
C:\Windows\system\bqoIrMn.exe

Filesize
6.0MB

MD5
60820311a4c6a2206f856f71177d9c2a

SHA1
91ef534b4c1087e54a4163d0b8b2fefc8ec7a600

SHA256
a599b328da0c581d73d6e6d445a472f2be56a372017c71ca646bdc52dae6c2d0

SHA512
9197d0659cbf11706ac0c3835ee8593313192cbf4248bf3a8ebd82d1f174519b611e20abb18f1f8d8cea8e35d7a01d66d5ef43c6c45bc78eb4247ce9b1929251

Download Submit
C:\Windows\system\iWykYOk.exe

Filesize
6.0MB

MD5
9fa244605c8d4aaf1599a9a2a8f45fe3

SHA1
833c1ab6ab34f5edbdd56253a623192806842a73

SHA256
d44d465384158af897cecc69c85b7ca5969c0fc75b7ebde810cbbc997e341da1

SHA512
6f66115cfadcb455c3937305ce7f130cf167b3597e8258b7ba72a3e7ff589aa47e9a0d27f626d213ed0aac839283b4a2b730adea5fcc0670c76fe312d496df18

Download Submit
C:\Windows\system\jdJzekR.exe

Filesize
6.0MB

MD5
2cbb68bb3a9c1534ef8a8533a55793c5

SHA1
98324a31b6cd355e6b27f5ac9bdcdaa1c50c26e6

SHA256
5780d7ae74aca4b02f6b3122627af7170088f12527ae1002e8070de24f69d563

SHA512
82c8097dda60e781e20d19654efad1c20d86fd8c3aa9d685ea535f8282a4ae3357d612ebb3ce0bb2cc765d167c60f9ef7a298227549c8e2f2ae5c67c587d8efd

Download Submit
C:\Windows\system\tMMdpOv.exe

Filesize
6.0MB

MD5
823b5dd50b8a7a2e36b481d2728e9229

SHA1
9258dfdea2170136a4c131664f1851fd9dd3e823

SHA256
c2dfb3664d75bffe9476f8213a37bfe4c0aa4bc71ac8e219de389b8a0361d83b

SHA512
8ce53275fedb94b1b79401d5ee8463a9582185c66e1246cfd1ed6bc9023c80cde63a81cd64d9983e0a0c919ba91b842c4bef1e703d3b14eeb50362ba8e066023

Download Submit
C:\Windows\system\uRNLJtH.exe

Filesize
6.0MB

MD5
bdd5bd1d5f7171400466645a93aa3b77

SHA1
7b622f0f76f44ebf0fa317634ae72d29012038f9

SHA256
410bf59c9e93bddc73cfab23658bb69caf7be3ec8371e3e9164692e61c2c41c2

SHA512
52d1cbe81a3190a9614af77f0e0dc0710f62adb3a0efae0614420993319196b34b38dab9950cad3fcad95bb363caca702ec0db55ddcc7e002f866007184884f0

Download Submit
C:\Windows\system\uUoxWKu.exe

Filesize
6.0MB

MD5
034a77fbeda7de225f9f78de4f1690ea

SHA1
1fb368ccf7baf9f0810a76786b90fc5ee9392d46

SHA256
7f13313095cf27ab21941dcc3dde1ee625d32b3beeefe9fbff241fee38f0f9dc

SHA512
8a2e8cd26681edda7bf8e89b4e53e9db3a3fb4ee045f66c37949b2f1e07943eba25dd4416795e530bd340611d4d6f228b6466e7de24622222f627d13675380ad

Download Submit
C:\Windows\system\vDBIJuV.exe

Filesize
6.0MB

MD5
7282eec79505c1db4790a5b141bc566a

SHA1
c642a0a4cfecb1da488b7351cf7d413e221aecc0

SHA256
5fea209898b3644bdf52234d044926350468056fea089f2bdade671dd152aab2

SHA512
f9b0963421d1af586a8595d2e091e6e33f8506ad35ba420c364b2c0654ef70c3c859b7172de27bd5d0fcebaef697ee11e85787389cad449c2d3f4a05f5997d68

Download Submit
C:\Windows\system\vKZcpQT.exe

Filesize
6.0MB

MD5
b06667d7993f0870d0bcf67f98c21e25

SHA1
509bf12e5aa1327fa558362031f80b25b6e9d3fe

SHA256
4e9903595a125fda5815b4dea2ca5d9933057e6e55d5631e9672c675ee95d4a0

SHA512
c92619b7b9695215a39873cf779afbd218e71b9dad05637d6b802708cc51b05f1e401c181fd97ba56b8892a17f579e46072576e9fbef127e34ef65bd2273b95a

Download Submit
C:\Windows\system\wPXtAXA.exe

Filesize
6.0MB

MD5
c4374a6c759421f24525f3d7f12c4e90

SHA1
13887184c7f1bbdef44d30f752445166946c7d36

SHA256
4acb1693553273169306710ba4e1358b8d8f2ace387b075374a7075b93649df8

SHA512
245b5eb17673e4af0457011e46700ce2917532c5bf703e28073371227a6b1df99c15d93fa4d5dc6dfedbd03978627c6588f33fbe3b6ae1076927bb5ab2d582e7

Download Submit
\Windows\system\BTSlsTX.exe

Filesize
6.0MB

MD5
96baa9810097112af6551db1509218e2

SHA1
a8abc8251e9b6385a65f891337e191d50cf722f1

SHA256
8102d9208201261e85032a45fe91e62dc7b87fd214069551cca86cb90553b41f

SHA512
fe774e133b4297bde7d3cdff0146833a8d8cd2a435cd2b187563389011510fc83f50b6bb62945cc0ec3ff7047db367c3d965cf39ecf0592ef02ae691f6dabfee

Download Submit
\Windows\system\CjlgOFS.exe

Filesize
6.0MB

MD5
808bd137c2aff26b7cf24570ce2134cf

SHA1
a6a5b0f0c94a2f4e7c2cfbdca74818baba954af2

SHA256
c1f81a9320a2cdf634d83a566c2b90e3f105a9c219ded61c2951874d5aa7d796

SHA512
dbfa9e6af1457307eb58c50ea2682947631a1d92c3a6f12592a3f0ea2aad9103b0651ca20774cadc7d0d5878ea86a1dccac76290f406376210482d1d8d928251

Download Submit
\Windows\system\WmguUuE.exe

Filesize
6.0MB

MD5
b7ca66a69a7f2961f2052293bdb7798e

SHA1
fa532046f32aedd11cf221dd1cd0684c104dfb79

SHA256
7a54cad5a868027e2a13f107557ab901655b20de75e3730db51751ae4c622c06

SHA512
cf954f785d31fbf49fa605afcafdfc9f42d39ef5b9c08d275639a7382886232c67a013010130ab5f57f0060b48b06fcf744895b4908afeac567129c3b0406d0d

Download Submit
\Windows\system\WsiQvsF.exe

Filesize
6.0MB

MD5
9df93534973d640df170fe5c8e7a816f

SHA1
a5367d92fc9271998bb52a4406b87e7c6bf951c3

SHA256
030365caaec3a3a3f8c40f4e4b1e1d739c8a9c5d3c4a3033d6bc85cb0d17da6a

SHA512
60eef9a9b11043b1f8f11335557a88056d086f58a42056375a3c682352a8bd4ed5019f2eff5cc030192f0dcaeb59f1f7696ccc238aaf56569e33a7167ca2c6ca

Download Submit
\Windows\system\grFWmou.exe

Filesize
6.0MB

MD5
7f2b575d9deb5b4bfa4425627084d07e

SHA1
e3263fc339a4aff2605da31663952fd65d0792ea

SHA256
e2792c2b3b35101d03643fafd51610e3d8d757c16da8895c7aafefda788e0c41

SHA512
4c66bf8a034107ab65df007bfe6036badccf9766a709d3db11f80c3e6a4ab3e60237539cb9193a7477f9380441f80d38575b59d534b221e525280d50102b2ae1

Download Submit
\Windows\system\lwQwpYl.exe

Filesize
6.0MB

MD5
eff3ca51bd9957cbda7bf6715d378f75

SHA1
2fc1ebdda0f2a2c73c4e4e1cb48d227cad22790e

SHA256
fd45075b7983f7d4ac4d13178705d932d1c49aaf5349c1dc3fa7a0d0bbbae686

SHA512
400c0b126343d23cd888fc2fd94a3cc51c64aaf13f5c90c0c698d799cff0be845cc7b459ce1a076a72282885e0c7e88798bb32fd78b8c99663a9478e9280ba98

Download Submit
\Windows\system\oOymNpI.exe

Filesize
6.0MB

MD5
4208a48fcb0c3c8a2cb40600da1f1e86

SHA1
5e420b9e55f961e9265be82aabbbd89d4782be1f

SHA256
2425229b0207def624a272288b9115f82043c40130eb9b30ec4d95e6c05a40a5

SHA512
215a20bbb8d2c61c689e9caf8d84196e4c402ca233e352dbccb7cf46168b8b9802a669814355d292da869ca51ee2307b175c7d6d26de66b6fab474166ce3b448

Download Submit
\Windows\system\pYdLStl.exe

Filesize
6.0MB

MD5
b2e933c3a6d6a375e313a6cb5a01086e

SHA1
5436d5bc8663889f3661e33b3dc429a0e469862f

SHA256
604b1011392716e529e04e19909a7a58b1842fef6d07d5e56c79a9aa1ebba782

SHA512
4f03f0f212c69bce780ca11408150cee783efc6bf51e1fa8b1ab8d01479774586c906eb99222bc86129e1e8d2a802edc9ade6b48412f27f971da24af2eab15eb

Download Submit
\Windows\system\tcauIeb.exe

Filesize
6.0MB

MD5
47618c7f22d93483a65b5261e85cb286

SHA1
674981df18bee87166e6225a6a91284a7976b92a

SHA256
8ee3874ab907c6b97bdccf195991647e70b280689153e515c76b3c6316ce6e44

SHA512
32ef20f4c7e2c62151f1aa123092ebce89d3431fc112dd2bfa074fc968f3cc05e378a8b1c35803788ee919cd63102fad932b5522aad539afc1ddc9905d67ffb5

Download Submit
memory/576-629-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/576-90-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/576-3795-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1032-104-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1032-4817-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1432-99-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1432-3800-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2036-3599-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-61-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-3267-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2088-68-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2088-36-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2228-52-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2228-91-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2228-22-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2228-98-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2228-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2228-422-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2228-735-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2228-630-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2228-65-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2228-332-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2228-6-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-106-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2228-76-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2228-12-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2228-0-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2228-96-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2228-16-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2228-151-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-40-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2228-31-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2228-103-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2228-35-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2432-100-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2432-3825-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3466-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2608-45-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2608-101-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2720-20-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2720-54-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3255-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2740-3250-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2740-50-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2740-18-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2748-29-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2748-60-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3245-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2820-39-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3207-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-3723-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2944-69-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3515-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-53-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-3793-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/3068-97-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download