cobaltstrike | 0b12443366be85c6d87481bd3cc9bd3943bf30c60f49d4bcd51bab4889e16b89

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-01-2025 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b488d1b212315e9c5b9456723b3af824
SHA1

b3a627efb63b5f4b974cc1a58d4aed63db11984a
SHA256

0b12443366be85c6d87481bd3cc9bd3943bf30c60f49d4bcd51bab4889e16b89
SHA512

55bf92b05850d0f6dd6aba81d8d2b9818fab27d672a836ebf58ffec32ef130b29b1c9f609f32e937fbf705cc649e79de65b1924944e7a13e15050f20e66b784d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUE:T+q56utgpPF8u/7E

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012280-3.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001939f-9.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193d0-11.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193f9-21.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019426-28.dat	cobalt_reflective_dll
behavioral1/files/0x0032000000019354-39.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019428-46.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194d5-64.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194c3-58.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019647-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964f-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019650-76.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197e4-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b16-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c8f-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cc8-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d98-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f62-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f77-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a077-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b4-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a448-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a447-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a444-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a446-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a340-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a30e-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07f-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c91-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c79-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b18-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019a85-97.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2680-0-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x000b000000012280-3.dat	xmrig
behavioral1/memory/2808-8-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x000700000001939f-9.dat	xmrig
behavioral1/memory/2580-13-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/files/0x00070000000193d0-11.dat	xmrig
behavioral1/memory/2852-20-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x00060000000193f9-21.dat	xmrig
behavioral1/memory/2772-26-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x0006000000019426-28.dat	xmrig
behavioral1/files/0x0032000000019354-39.dat	xmrig
behavioral1/memory/2680-35-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2808-44-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2624-43-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2572-41-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/files/0x0006000000019428-46.dat	xmrig
behavioral1/memory/2580-49-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2748-53-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/772-65-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x00060000000194d5-64.dat	xmrig
behavioral1/memory/1416-69-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2772-68-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2680-59-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x00070000000194c3-58.dat	xmrig
behavioral1/memory/2852-57-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0005000000019647-70.dat	xmrig
behavioral1/files/0x000500000001964f-73.dat	xmrig
behavioral1/files/0x0005000000019650-76.dat	xmrig
behavioral1/files/0x00050000000197e4-79.dat	xmrig
behavioral1/memory/2156-94-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2396-90-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2540-89-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2612-88-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/files/0x0005000000019b16-101.dat	xmrig
behavioral1/memory/1036-110-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c8f-117.dat	xmrig
behavioral1/files/0x0005000000019cc8-125.dat	xmrig
behavioral1/files/0x0005000000019d98-129.dat	xmrig
behavioral1/files/0x0005000000019f62-133.dat	xmrig
behavioral1/files/0x0005000000019f77-135.dat	xmrig
behavioral1/files/0x000500000001a077-141.dat	xmrig
behavioral1/files/0x000500000001a0b4-149.dat	xmrig
behavioral1/files/0x000500000001a448-174.dat	xmrig
behavioral1/files/0x000500000001a447-169.dat	xmrig
behavioral1/files/0x000500000001a444-162.dat	xmrig
behavioral1/files/0x000500000001a446-166.dat	xmrig
behavioral1/files/0x000500000001a340-157.dat	xmrig
behavioral1/files/0x000500000001a30e-153.dat	xmrig
behavioral1/files/0x000500000001a07f-145.dat	xmrig
behavioral1/files/0x0005000000019c91-121.dat	xmrig
behavioral1/files/0x0005000000019c79-113.dat	xmrig
behavioral1/files/0x0005000000019b18-108.dat	xmrig
behavioral1/files/0x0005000000019a85-97.dat	xmrig
behavioral1/memory/2156-1592-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2808-3159-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2580-3185-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2772-3322-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2624-3469-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2852-3467-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2572-3466-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/1416-3617-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/772-3621-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2748-3615-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2612-3778-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2808	StJCsob.exe
2580	edLbBuo.exe
2852	ipVtNIj.exe
2772	sfpufqH.exe
2572	rpMKfzJ.exe
2624	qOSetJR.exe
2748	XHKXxxs.exe
772	wdVSjlh.exe
1416	xpHXmuu.exe
2612	djmINkl.exe
2540	kcVnXXX.exe
2396	GOVLcBy.exe
2156	PDDdtUM.exe
1036	EaXOGMU.exe
2480	gxEklVs.exe
2340	JnlePbM.exe
1996	cstSrOu.exe
1880	nIXNpDl.exe
2908	FxVUdmh.exe
2768	WtGkEKI.exe
1720	sBAZTbh.exe
1964	wdiRoTN.exe
1724	uQKurVo.exe
2952	TSFFfwN.exe
2408	YuvdvSb.exe
2248	owVSZdW.exe
2252	fQJjykv.exe
2088	MCwkzTw.exe
2312	KkoPwwG.exe
2440	WdUQzqU.exe
2032	ustyQap.exe
1504	KUwhhcT.exe
552	rqlnVVF.exe
3040	PATcRiH.exe
2180	yBtWljn.exe
2096	RgieXny.exe
1876	WiCWPTi.exe
372	eLcotgB.exe
1536	BLHSJcl.exe
1040	lgrmmXE.exe
1072	xOOSjfd.exe
1484	jBMxHao.exe
1292	OIDxMpe.exe
1656	SkpUEcx.exe
1644	RjTGZib.exe
1872	LcTIqxE.exe
912	DDdjUli.exe
608	kPekvYR.exe
2972	FBenlHX.exe
2368	lfywHFf.exe
2924	niVXQhZ.exe
1616	QiZRXJL.exe
1448	XXyoKog.exe
2304	waVgJKs.exe
572	xbYKdny.exe
1728	VqOGNLH.exe
1420	mbEgAzc.exe
284	qjhJgAG.exe
2508	LDJTvxU.exe
2196	tabMHkb.exe
1900	pZfCOid.exe
1556	hGVIsNA.exe
1520	qWWtpKB.exe
1632	VdUasPW.exe

Loads dropped DLL 64 IoCs

pid	Process
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2680-0-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x000b000000012280-3.dat	upx
behavioral1/memory/2808-8-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x000700000001939f-9.dat	upx
behavioral1/memory/2580-13-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/files/0x00070000000193d0-11.dat	upx
behavioral1/memory/2852-20-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x00060000000193f9-21.dat	upx
behavioral1/memory/2772-26-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x0006000000019426-28.dat	upx
behavioral1/files/0x0032000000019354-39.dat	upx
behavioral1/memory/2680-35-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2808-44-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2624-43-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2572-41-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/files/0x0006000000019428-46.dat	upx
behavioral1/memory/2580-49-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2748-53-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/772-65-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x00060000000194d5-64.dat	upx
behavioral1/memory/1416-69-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2772-68-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x00070000000194c3-58.dat	upx
behavioral1/memory/2852-57-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0005000000019647-70.dat	upx
behavioral1/files/0x000500000001964f-73.dat	upx
behavioral1/files/0x0005000000019650-76.dat	upx
behavioral1/files/0x00050000000197e4-79.dat	upx
behavioral1/memory/2156-94-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2396-90-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2540-89-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2612-88-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/files/0x0005000000019b16-101.dat	upx
behavioral1/memory/1036-110-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x0005000000019c8f-117.dat	upx
behavioral1/files/0x0005000000019cc8-125.dat	upx
behavioral1/files/0x0005000000019d98-129.dat	upx
behavioral1/files/0x0005000000019f62-133.dat	upx
behavioral1/files/0x0005000000019f77-135.dat	upx
behavioral1/files/0x000500000001a077-141.dat	upx
behavioral1/files/0x000500000001a0b4-149.dat	upx
behavioral1/files/0x000500000001a448-174.dat	upx
behavioral1/files/0x000500000001a447-169.dat	upx
behavioral1/files/0x000500000001a444-162.dat	upx
behavioral1/files/0x000500000001a446-166.dat	upx
behavioral1/files/0x000500000001a340-157.dat	upx
behavioral1/files/0x000500000001a30e-153.dat	upx
behavioral1/files/0x000500000001a07f-145.dat	upx
behavioral1/files/0x0005000000019c91-121.dat	upx
behavioral1/files/0x0005000000019c79-113.dat	upx
behavioral1/files/0x0005000000019b18-108.dat	upx
behavioral1/files/0x0005000000019a85-97.dat	upx
behavioral1/memory/2156-1592-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2808-3159-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2580-3185-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2772-3322-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2624-3469-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2852-3467-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2572-3466-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/1416-3617-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/772-3621-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2748-3615-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2612-3778-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2540-3781-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\sRnXGhP.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTtzbqC.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnnXPLi.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UguXPQk.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ONLxDGf.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hhYOvMl.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QHKpdGZ.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yBtWljn.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYoAnwq.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAgzlzO.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XrtpVTI.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nKlruck.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VdUasPW.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\deRXAyG.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dUjDZok.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QGNoxpK.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TjpzPbN.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tIFalos.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MuLECSw.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hZBIcnz.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\raGRpzY.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rubZlUd.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ipVtNIj.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFJeoxF.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cFFSOHg.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MaTQvnV.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dViwZrG.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\veCpdEx.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hpbLVQv.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVtqAJN.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PuKGCPn.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BWZFAqG.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rwjraou.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\raEFxmi.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XXyoKog.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rcpIsYm.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZPwFAvp.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jNUzcLQ.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rUIXDyN.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OAZEbQM.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GFwWXWh.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqbOkwJ.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hVsnhWg.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdUWcxr.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EbJKwxy.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EOeMmwl.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fqDYufk.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ffnEFoH.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqWXNSM.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\phdWOra.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hYOOmzN.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UUeCNLR.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nqJKttf.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FAhwtXK.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IyQurhO.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jUGshBl.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NZdnGSv.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oPxfnUe.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wKKcoea.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DQRKVwF.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ECTjAlQ.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bNnBgps.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wpSmabO.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FsXkhry.exe	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 2808	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2680 wrote to memory of 2808	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2680 wrote to memory of 2808	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2680 wrote to memory of 2580	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2680 wrote to memory of 2580	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2680 wrote to memory of 2580	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2680 wrote to memory of 2852	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2680 wrote to memory of 2852	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2680 wrote to memory of 2852	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2680 wrote to memory of 2772	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2680 wrote to memory of 2772	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2680 wrote to memory of 2772	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2680 wrote to memory of 2572	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2680 wrote to memory of 2572	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2680 wrote to memory of 2572	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2680 wrote to memory of 2624	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2680 wrote to memory of 2624	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2680 wrote to memory of 2624	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2680 wrote to memory of 2748	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2680 wrote to memory of 2748	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2680 wrote to memory of 2748	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2680 wrote to memory of 772	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2680 wrote to memory of 772	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2680 wrote to memory of 772	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2680 wrote to memory of 1416	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2680 wrote to memory of 1416	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2680 wrote to memory of 1416	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2680 wrote to memory of 2612	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2680 wrote to memory of 2612	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2680 wrote to memory of 2612	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2680 wrote to memory of 2396	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2680 wrote to memory of 2396	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2680 wrote to memory of 2396	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2680 wrote to memory of 2540	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2680 wrote to memory of 2540	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2680 wrote to memory of 2540	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2680 wrote to memory of 2156	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2680 wrote to memory of 2156	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2680 wrote to memory of 2156	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2680 wrote to memory of 1036	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2680 wrote to memory of 1036	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2680 wrote to memory of 1036	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2680 wrote to memory of 2480	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2680 wrote to memory of 2480	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2680 wrote to memory of 2480	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2680 wrote to memory of 2340	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2680 wrote to memory of 2340	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2680 wrote to memory of 2340	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2680 wrote to memory of 1996	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2680 wrote to memory of 1996	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2680 wrote to memory of 1996	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2680 wrote to memory of 1880	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2680 wrote to memory of 1880	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2680 wrote to memory of 1880	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2680 wrote to memory of 2908	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2680 wrote to memory of 2908	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2680 wrote to memory of 2908	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2680 wrote to memory of 2768	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2680 wrote to memory of 2768	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2680 wrote to memory of 2768	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2680 wrote to memory of 1720	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2680 wrote to memory of 1720	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2680 wrote to memory of 1720	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2680 wrote to memory of 1964	2680	2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-24_b488d1b212315e9c5b9456723b3af824_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Windows\System\StJCsob.exe
  C:\Windows\System\StJCsob.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\edLbBuo.exe
  C:\Windows\System\edLbBuo.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\ipVtNIj.exe
  C:\Windows\System\ipVtNIj.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\sfpufqH.exe
  C:\Windows\System\sfpufqH.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\rpMKfzJ.exe
  C:\Windows\System\rpMKfzJ.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\qOSetJR.exe
  C:\Windows\System\qOSetJR.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\XHKXxxs.exe
  C:\Windows\System\XHKXxxs.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\wdVSjlh.exe
  C:\Windows\System\wdVSjlh.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\xpHXmuu.exe
  C:\Windows\System\xpHXmuu.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\djmINkl.exe
  C:\Windows\System\djmINkl.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\GOVLcBy.exe
  C:\Windows\System\GOVLcBy.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\kcVnXXX.exe
  C:\Windows\System\kcVnXXX.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\PDDdtUM.exe
  C:\Windows\System\PDDdtUM.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\EaXOGMU.exe
  C:\Windows\System\EaXOGMU.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\gxEklVs.exe
  C:\Windows\System\gxEklVs.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\JnlePbM.exe
  C:\Windows\System\JnlePbM.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\cstSrOu.exe
  C:\Windows\System\cstSrOu.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\nIXNpDl.exe
  C:\Windows\System\nIXNpDl.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\FxVUdmh.exe
  C:\Windows\System\FxVUdmh.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\WtGkEKI.exe
  C:\Windows\System\WtGkEKI.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\sBAZTbh.exe
  C:\Windows\System\sBAZTbh.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\wdiRoTN.exe
  C:\Windows\System\wdiRoTN.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\uQKurVo.exe
  C:\Windows\System\uQKurVo.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\TSFFfwN.exe
  C:\Windows\System\TSFFfwN.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\YuvdvSb.exe
  C:\Windows\System\YuvdvSb.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\owVSZdW.exe
  C:\Windows\System\owVSZdW.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\fQJjykv.exe
  C:\Windows\System\fQJjykv.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\MCwkzTw.exe
  C:\Windows\System\MCwkzTw.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\KkoPwwG.exe
  C:\Windows\System\KkoPwwG.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\WdUQzqU.exe
  C:\Windows\System\WdUQzqU.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\ustyQap.exe
  C:\Windows\System\ustyQap.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\KUwhhcT.exe
  C:\Windows\System\KUwhhcT.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\rqlnVVF.exe
  C:\Windows\System\rqlnVVF.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\PATcRiH.exe
  C:\Windows\System\PATcRiH.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\yBtWljn.exe
  C:\Windows\System\yBtWljn.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\RgieXny.exe
  C:\Windows\System\RgieXny.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\WiCWPTi.exe
  C:\Windows\System\WiCWPTi.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\eLcotgB.exe
  C:\Windows\System\eLcotgB.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\BLHSJcl.exe
  C:\Windows\System\BLHSJcl.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\lgrmmXE.exe
  C:\Windows\System\lgrmmXE.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\xOOSjfd.exe
  C:\Windows\System\xOOSjfd.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\jBMxHao.exe
  C:\Windows\System\jBMxHao.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\OIDxMpe.exe
  C:\Windows\System\OIDxMpe.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\SkpUEcx.exe
  C:\Windows\System\SkpUEcx.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\RjTGZib.exe
  C:\Windows\System\RjTGZib.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\LcTIqxE.exe
  C:\Windows\System\LcTIqxE.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\DDdjUli.exe
  C:\Windows\System\DDdjUli.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\kPekvYR.exe
  C:\Windows\System\kPekvYR.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\FBenlHX.exe
  C:\Windows\System\FBenlHX.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\lfywHFf.exe
  C:\Windows\System\lfywHFf.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\niVXQhZ.exe
  C:\Windows\System\niVXQhZ.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\QiZRXJL.exe
  C:\Windows\System\QiZRXJL.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\XXyoKog.exe
  C:\Windows\System\XXyoKog.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\waVgJKs.exe
  C:\Windows\System\waVgJKs.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\xbYKdny.exe
  C:\Windows\System\xbYKdny.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\VqOGNLH.exe
  C:\Windows\System\VqOGNLH.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\mbEgAzc.exe
  C:\Windows\System\mbEgAzc.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\qjhJgAG.exe
  C:\Windows\System\qjhJgAG.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\LDJTvxU.exe
  C:\Windows\System\LDJTvxU.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\tabMHkb.exe
  C:\Windows\System\tabMHkb.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\pZfCOid.exe
  C:\Windows\System\pZfCOid.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\hGVIsNA.exe
  C:\Windows\System\hGVIsNA.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\qWWtpKB.exe
  C:\Windows\System\qWWtpKB.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\VdUasPW.exe
  C:\Windows\System\VdUasPW.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\CIUAwfr.exe
  C:\Windows\System\CIUAwfr.exe
  2⤵
  PID:2792
- C:\Windows\System\bYkaDxd.exe
  C:\Windows\System\bYkaDxd.exe
  2⤵
  PID:2732
- C:\Windows\System\lWZjKbR.exe
  C:\Windows\System\lWZjKbR.exe
  2⤵
  PID:2840
- C:\Windows\System\ueBDruA.exe
  C:\Windows\System\ueBDruA.exe
  2⤵
  PID:2776
- C:\Windows\System\zjQtdQo.exe
  C:\Windows\System\zjQtdQo.exe
  2⤵
  PID:2692
- C:\Windows\System\rpYnzVU.exe
  C:\Windows\System\rpYnzVU.exe
  2⤵
  PID:2712
- C:\Windows\System\LAwIIUS.exe
  C:\Windows\System\LAwIIUS.exe
  2⤵
  PID:2700
- C:\Windows\System\oPbBluw.exe
  C:\Windows\System\oPbBluw.exe
  2⤵
  PID:2600
- C:\Windows\System\wUfKWtd.exe
  C:\Windows\System\wUfKWtd.exe
  2⤵
  PID:2652
- C:\Windows\System\WijDYYN.exe
  C:\Windows\System\WijDYYN.exe
  2⤵
  PID:3004
- C:\Windows\System\tjFGNtX.exe
  C:\Windows\System\tjFGNtX.exe
  2⤵
  PID:304
- C:\Windows\System\lTyDLJZ.exe
  C:\Windows\System\lTyDLJZ.exe
  2⤵
  PID:1688
- C:\Windows\System\KpinHpR.exe
  C:\Windows\System\KpinHpR.exe
  2⤵
  PID:264
- C:\Windows\System\jQCMrre.exe
  C:\Windows\System\jQCMrre.exe
  2⤵
  PID:2468
- C:\Windows\System\xcRcypR.exe
  C:\Windows\System\xcRcypR.exe
  2⤵
  PID:532
- C:\Windows\System\iNEfnMo.exe
  C:\Windows\System\iNEfnMo.exe
  2⤵
  PID:696
- C:\Windows\System\CFORYre.exe
  C:\Windows\System\CFORYre.exe
  2⤵
  PID:984
- C:\Windows\System\sSECWel.exe
  C:\Windows\System\sSECWel.exe
  2⤵
  PID:2100
- C:\Windows\System\fOQlOtY.exe
  C:\Windows\System\fOQlOtY.exe
  2⤵
  PID:2436
- C:\Windows\System\wvrUnDU.exe
  C:\Windows\System\wvrUnDU.exe
  2⤵
  PID:2160
- C:\Windows\System\DIEgjhW.exe
  C:\Windows\System\DIEgjhW.exe
  2⤵
  PID:2820
- C:\Windows\System\nyvIPxt.exe
  C:\Windows\System\nyvIPxt.exe
  2⤵
  PID:2012
- C:\Windows\System\ScQcMzM.exe
  C:\Windows\System\ScQcMzM.exe
  2⤵
  PID:2004
- C:\Windows\System\TbzkkQE.exe
  C:\Windows\System\TbzkkQE.exe
  2⤵
  PID:2876
- C:\Windows\System\lISGwIx.exe
  C:\Windows\System\lISGwIx.exe
  2⤵
  PID:1576
- C:\Windows\System\aOofwMH.exe
  C:\Windows\System\aOofwMH.exe
  2⤵
  PID:1740
- C:\Windows\System\TBysLkc.exe
  C:\Windows\System\TBysLkc.exe
  2⤵
  PID:2204
- C:\Windows\System\cxEGoEr.exe
  C:\Windows\System\cxEGoEr.exe
  2⤵
  PID:2392
- C:\Windows\System\hpbLVQv.exe
  C:\Windows\System\hpbLVQv.exe
  2⤵
  PID:1628
- C:\Windows\System\sOukBII.exe
  C:\Windows\System\sOukBII.exe
  2⤵
  PID:2200
- C:\Windows\System\SRobxEa.exe
  C:\Windows\System\SRobxEa.exe
  2⤵
  PID:1076
- C:\Windows\System\CyPvHXG.exe
  C:\Windows\System\CyPvHXG.exe
  2⤵
  PID:1132
- C:\Windows\System\RDvRrPg.exe
  C:\Windows\System\RDvRrPg.exe
  2⤵
  PID:916
- C:\Windows\System\SOgATOF.exe
  C:\Windows\System\SOgATOF.exe
  2⤵
  PID:2884
- C:\Windows\System\AQZoxBe.exe
  C:\Windows\System\AQZoxBe.exe
  2⤵
  PID:1200
- C:\Windows\System\xENLCbD.exe
  C:\Windows\System\xENLCbD.exe
  2⤵
  PID:1316
- C:\Windows\System\PwUDAZo.exe
  C:\Windows\System\PwUDAZo.exe
  2⤵
  PID:1000
- C:\Windows\System\hPePtbM.exe
  C:\Windows\System\hPePtbM.exe
  2⤵
  PID:1284
- C:\Windows\System\CgBppfR.exe
  C:\Windows\System\CgBppfR.exe
  2⤵
  PID:2500
- C:\Windows\System\kxQqzVs.exe
  C:\Windows\System\kxQqzVs.exe
  2⤵
  PID:1936
- C:\Windows\System\YUCLcCL.exe
  C:\Windows\System\YUCLcCL.exe
  2⤵
  PID:2976
- C:\Windows\System\FmPPosH.exe
  C:\Windows\System\FmPPosH.exe
  2⤵
  PID:1928
- C:\Windows\System\uHtvLeu.exe
  C:\Windows\System\uHtvLeu.exe
  2⤵
  PID:2356
- C:\Windows\System\njOKdfv.exe
  C:\Windows\System\njOKdfv.exe
  2⤵
  PID:2292
- C:\Windows\System\qEJhnjR.exe
  C:\Windows\System\qEJhnjR.exe
  2⤵
  PID:1860
- C:\Windows\System\FBWpwtd.exe
  C:\Windows\System\FBWpwtd.exe
  2⤵
  PID:1676
- C:\Windows\System\SPULAgi.exe
  C:\Windows\System\SPULAgi.exe
  2⤵
  PID:1992
- C:\Windows\System\iJHoGPb.exe
  C:\Windows\System\iJHoGPb.exe
  2⤵
  PID:2332
- C:\Windows\System\hsGGgTr.exe
  C:\Windows\System\hsGGgTr.exe
  2⤵
  PID:1524
- C:\Windows\System\ZQwLQzo.exe
  C:\Windows\System\ZQwLQzo.exe
  2⤵
  PID:2704
- C:\Windows\System\RBkmBoF.exe
  C:\Windows\System\RBkmBoF.exe
  2⤵
  PID:2828
- C:\Windows\System\cbgmhJX.exe
  C:\Windows\System\cbgmhJX.exe
  2⤵
  PID:2932
- C:\Windows\System\QLDGgNM.exe
  C:\Windows\System\QLDGgNM.exe
  2⤵
  PID:2588
- C:\Windows\System\lxYjinY.exe
  C:\Windows\System\lxYjinY.exe
  2⤵
  PID:2256
- C:\Windows\System\ZHGnjtL.exe
  C:\Windows\System\ZHGnjtL.exe
  2⤵
  PID:2616
- C:\Windows\System\ItrrBXC.exe
  C:\Windows\System\ItrrBXC.exe
  2⤵
  PID:1220
- C:\Windows\System\sRgEHqs.exe
  C:\Windows\System\sRgEHqs.exe
  2⤵
  PID:1108
- C:\Windows\System\ZLpNJNp.exe
  C:\Windows\System\ZLpNJNp.exe
  2⤵
  PID:2460
- C:\Windows\System\QJsTGus.exe
  C:\Windows\System\QJsTGus.exe
  2⤵
  PID:1768
- C:\Windows\System\ZxfFJzY.exe
  C:\Windows\System\ZxfFJzY.exe
  2⤵
  PID:1580
- C:\Windows\System\vsyHTCi.exe
  C:\Windows\System\vsyHTCi.exe
  2⤵
  PID:2816
- C:\Windows\System\nGzTosm.exe
  C:\Windows\System\nGzTosm.exe
  2⤵
  PID:1748
- C:\Windows\System\nMLmtjK.exe
  C:\Windows\System\nMLmtjK.exe
  2⤵
  PID:2236
- C:\Windows\System\HVAnMcL.exe
  C:\Windows\System\HVAnMcL.exe
  2⤵
  PID:2240
- C:\Windows\System\uXgGaky.exe
  C:\Windows\System\uXgGaky.exe
  2⤵
  PID:1796
- C:\Windows\System\SiQkhUz.exe
  C:\Windows\System\SiQkhUz.exe
  2⤵
  PID:2864
- C:\Windows\System\jnxbqMQ.exe
  C:\Windows\System\jnxbqMQ.exe
  2⤵
  PID:1668
- C:\Windows\System\VgWoxMd.exe
  C:\Windows\System\VgWoxMd.exe
  2⤵
  PID:764
- C:\Windows\System\OOTRXcB.exe
  C:\Windows\System\OOTRXcB.exe
  2⤵
  PID:1364
- C:\Windows\System\gnIyPTH.exe
  C:\Windows\System\gnIyPTH.exe
  2⤵
  PID:2536
- C:\Windows\System\YAPlBbH.exe
  C:\Windows\System\YAPlBbH.exe
  2⤵
  PID:2532
- C:\Windows\System\SPflyvk.exe
  C:\Windows\System\SPflyvk.exe
  2⤵
  PID:872
- C:\Windows\System\yPQSEuI.exe
  C:\Windows\System\yPQSEuI.exe
  2⤵
  PID:1528
- C:\Windows\System\gTHkDXL.exe
  C:\Windows\System\gTHkDXL.exe
  2⤵
  PID:2728
- C:\Windows\System\GqwzWBt.exe
  C:\Windows\System\GqwzWBt.exe
  2⤵
  PID:2444
- C:\Windows\System\FvTkZpJ.exe
  C:\Windows\System\FvTkZpJ.exe
  2⤵
  PID:3012
- C:\Windows\System\rIQYNeT.exe
  C:\Windows\System\rIQYNeT.exe
  2⤵
  PID:568
- C:\Windows\System\SdJrqUw.exe
  C:\Windows\System\SdJrqUw.exe
  2⤵
  PID:2176
- C:\Windows\System\SWDAUeA.exe
  C:\Windows\System\SWDAUeA.exe
  2⤵
  PID:336
- C:\Windows\System\OESPLVm.exe
  C:\Windows\System\OESPLVm.exe
  2⤵
  PID:2676
- C:\Windows\System\MitMaud.exe
  C:\Windows\System\MitMaud.exe
  2⤵
  PID:2948
- C:\Windows\System\cxpaPgH.exe
  C:\Windows\System\cxpaPgH.exe
  2⤵
  PID:1276
- C:\Windows\System\zoKRPbN.exe
  C:\Windows\System\zoKRPbN.exe
  2⤵
  PID:1464
- C:\Windows\System\bRkZMew.exe
  C:\Windows\System\bRkZMew.exe
  2⤵
  PID:1604
- C:\Windows\System\REreQLF.exe
  C:\Windows\System\REreQLF.exe
  2⤵
  PID:2548
- C:\Windows\System\eHJIzRQ.exe
  C:\Windows\System\eHJIzRQ.exe
  2⤵
  PID:2604
- C:\Windows\System\ZXWMqir.exe
  C:\Windows\System\ZXWMqir.exe
  2⤵
  PID:2636
- C:\Windows\System\NhErEYr.exe
  C:\Windows\System\NhErEYr.exe
  2⤵
  PID:2068
- C:\Windows\System\HRKokEd.exe
  C:\Windows\System\HRKokEd.exe
  2⤵
  PID:2220
- C:\Windows\System\TjpzPbN.exe
  C:\Windows\System\TjpzPbN.exe
  2⤵
  PID:2268
- C:\Windows\System\WwPkADm.exe
  C:\Windows\System\WwPkADm.exe
  2⤵
  PID:2888
- C:\Windows\System\czRILXJ.exe
  C:\Windows\System\czRILXJ.exe
  2⤵
  PID:3080
- C:\Windows\System\fLeNyQZ.exe
  C:\Windows\System\fLeNyQZ.exe
  2⤵
  PID:3096
- C:\Windows\System\SyUZRAk.exe
  C:\Windows\System\SyUZRAk.exe
  2⤵
  PID:3112
- C:\Windows\System\dFwhIAm.exe
  C:\Windows\System\dFwhIAm.exe
  2⤵
  PID:3128
- C:\Windows\System\ZHZrZRp.exe
  C:\Windows\System\ZHZrZRp.exe
  2⤵
  PID:3144
- C:\Windows\System\bPKfMmv.exe
  C:\Windows\System\bPKfMmv.exe
  2⤵
  PID:3160
- C:\Windows\System\AaXTZFo.exe
  C:\Windows\System\AaXTZFo.exe
  2⤵
  PID:3176
- C:\Windows\System\RQUqxqV.exe
  C:\Windows\System\RQUqxqV.exe
  2⤵
  PID:3192
- C:\Windows\System\KYVVgoj.exe
  C:\Windows\System\KYVVgoj.exe
  2⤵
  PID:3208
- C:\Windows\System\XslXUvX.exe
  C:\Windows\System\XslXUvX.exe
  2⤵
  PID:3224
- C:\Windows\System\MoItpHa.exe
  C:\Windows\System\MoItpHa.exe
  2⤵
  PID:3240
- C:\Windows\System\OAZEbQM.exe
  C:\Windows\System\OAZEbQM.exe
  2⤵
  PID:3256
- C:\Windows\System\dAIABqR.exe
  C:\Windows\System\dAIABqR.exe
  2⤵
  PID:3272
- C:\Windows\System\fzQRvcj.exe
  C:\Windows\System\fzQRvcj.exe
  2⤵
  PID:3288
- C:\Windows\System\tcwoehf.exe
  C:\Windows\System\tcwoehf.exe
  2⤵
  PID:3304
- C:\Windows\System\kOGTyQS.exe
  C:\Windows\System\kOGTyQS.exe
  2⤵
  PID:3320
- C:\Windows\System\UiIJMTd.exe
  C:\Windows\System\UiIJMTd.exe
  2⤵
  PID:3336
- C:\Windows\System\HiqXtrI.exe
  C:\Windows\System\HiqXtrI.exe
  2⤵
  PID:3352
- C:\Windows\System\EeqWMmE.exe
  C:\Windows\System\EeqWMmE.exe
  2⤵
  PID:3368
- C:\Windows\System\mvFwGUV.exe
  C:\Windows\System\mvFwGUV.exe
  2⤵
  PID:3384
- C:\Windows\System\qFOTEBT.exe
  C:\Windows\System\qFOTEBT.exe
  2⤵
  PID:3400
- C:\Windows\System\xyDZOxC.exe
  C:\Windows\System\xyDZOxC.exe
  2⤵
  PID:3416
- C:\Windows\System\cecTxhW.exe
  C:\Windows\System\cecTxhW.exe
  2⤵
  PID:3432
- C:\Windows\System\oqaDWSS.exe
  C:\Windows\System\oqaDWSS.exe
  2⤵
  PID:3448
- C:\Windows\System\FqgPdHO.exe
  C:\Windows\System\FqgPdHO.exe
  2⤵
  PID:3464
- C:\Windows\System\nokPeAF.exe
  C:\Windows\System\nokPeAF.exe
  2⤵
  PID:3480
- C:\Windows\System\mHMvSar.exe
  C:\Windows\System\mHMvSar.exe
  2⤵
  PID:3496
- C:\Windows\System\capVyJU.exe
  C:\Windows\System\capVyJU.exe
  2⤵
  PID:3512
- C:\Windows\System\WGQDmLm.exe
  C:\Windows\System\WGQDmLm.exe
  2⤵
  PID:3528
- C:\Windows\System\yWdcfHG.exe
  C:\Windows\System\yWdcfHG.exe
  2⤵
  PID:3544
- C:\Windows\System\TMFdDmy.exe
  C:\Windows\System\TMFdDmy.exe
  2⤵
  PID:3560
- C:\Windows\System\YcDWxjk.exe
  C:\Windows\System\YcDWxjk.exe
  2⤵
  PID:3576
- C:\Windows\System\RjlSKjc.exe
  C:\Windows\System\RjlSKjc.exe
  2⤵
  PID:3592
- C:\Windows\System\ENUTMNc.exe
  C:\Windows\System\ENUTMNc.exe
  2⤵
  PID:3608
- C:\Windows\System\oGGGGpn.exe
  C:\Windows\System\oGGGGpn.exe
  2⤵
  PID:3624
- C:\Windows\System\puqYrSy.exe
  C:\Windows\System\puqYrSy.exe
  2⤵
  PID:3640
- C:\Windows\System\DecvsAB.exe
  C:\Windows\System\DecvsAB.exe
  2⤵
  PID:3660
- C:\Windows\System\WpthuWA.exe
  C:\Windows\System\WpthuWA.exe
  2⤵
  PID:3676
- C:\Windows\System\mAnAkPS.exe
  C:\Windows\System\mAnAkPS.exe
  2⤵
  PID:3692
- C:\Windows\System\nTbRyuJ.exe
  C:\Windows\System\nTbRyuJ.exe
  2⤵
  PID:3708
- C:\Windows\System\HxFDOMl.exe
  C:\Windows\System\HxFDOMl.exe
  2⤵
  PID:3724
- C:\Windows\System\eiRBFDL.exe
  C:\Windows\System\eiRBFDL.exe
  2⤵
  PID:3740
- C:\Windows\System\FBVtxWJ.exe
  C:\Windows\System\FBVtxWJ.exe
  2⤵
  PID:3756
- C:\Windows\System\JkzbwRA.exe
  C:\Windows\System\JkzbwRA.exe
  2⤵
  PID:3772
- C:\Windows\System\SISMQwS.exe
  C:\Windows\System\SISMQwS.exe
  2⤵
  PID:3788
- C:\Windows\System\RVyOIMW.exe
  C:\Windows\System\RVyOIMW.exe
  2⤵
  PID:3804
- C:\Windows\System\ZmqAfaC.exe
  C:\Windows\System\ZmqAfaC.exe
  2⤵
  PID:3820
- C:\Windows\System\hbyrnQV.exe
  C:\Windows\System\hbyrnQV.exe
  2⤵
  PID:3836
- C:\Windows\System\umaxxCc.exe
  C:\Windows\System\umaxxCc.exe
  2⤵
  PID:3852
- C:\Windows\System\GmdoTOv.exe
  C:\Windows\System\GmdoTOv.exe
  2⤵
  PID:3868
- C:\Windows\System\VymGXuN.exe
  C:\Windows\System\VymGXuN.exe
  2⤵
  PID:3884
- C:\Windows\System\IkWFSCv.exe
  C:\Windows\System\IkWFSCv.exe
  2⤵
  PID:3900
- C:\Windows\System\HpfVwZY.exe
  C:\Windows\System\HpfVwZY.exe
  2⤵
  PID:3916
- C:\Windows\System\SqQsLrc.exe
  C:\Windows\System\SqQsLrc.exe
  2⤵
  PID:3932
- C:\Windows\System\NLpsQyR.exe
  C:\Windows\System\NLpsQyR.exe
  2⤵
  PID:2912
- C:\Windows\System\ujrDtuu.exe
  C:\Windows\System\ujrDtuu.exe
  2⤵
  PID:3700
- C:\Windows\System\tnnXPLi.exe
  C:\Windows\System\tnnXPLi.exe
  2⤵
  PID:3988
- C:\Windows\System\mrhGwgZ.exe
  C:\Windows\System\mrhGwgZ.exe
  2⤵
  PID:2780
- C:\Windows\System\lbEgWnL.exe
  C:\Windows\System\lbEgWnL.exe
  2⤵
  PID:1548
- C:\Windows\System\JqaMHyG.exe
  C:\Windows\System\JqaMHyG.exe
  2⤵
  PID:3092
- C:\Windows\System\ChMAREc.exe
  C:\Windows\System\ChMAREc.exe
  2⤵
  PID:3124
- C:\Windows\System\BaoiNWR.exe
  C:\Windows\System\BaoiNWR.exe
  2⤵
  PID:3156
- C:\Windows\System\JxmmXWY.exe
  C:\Windows\System\JxmmXWY.exe
  2⤵
  PID:3200
- C:\Windows\System\XITyZWe.exe
  C:\Windows\System\XITyZWe.exe
  2⤵
  PID:3232
- C:\Windows\System\IFvwZYf.exe
  C:\Windows\System\IFvwZYf.exe
  2⤵
  PID:3264
- C:\Windows\System\rKkXXHg.exe
  C:\Windows\System\rKkXXHg.exe
  2⤵
  PID:3296
- C:\Windows\System\LucDIqG.exe
  C:\Windows\System\LucDIqG.exe
  2⤵
  PID:1160
- C:\Windows\System\VUmfaSK.exe
  C:\Windows\System\VUmfaSK.exe
  2⤵
  PID:3428
- C:\Windows\System\yBWKQIC.exe
  C:\Windows\System\yBWKQIC.exe
  2⤵
  PID:3412
- C:\Windows\System\dMlqQTg.exe
  C:\Windows\System\dMlqQTg.exe
  2⤵
  PID:3364
- C:\Windows\System\UkGhAjU.exe
  C:\Windows\System\UkGhAjU.exe
  2⤵
  PID:3488
- C:\Windows\System\wymCFDO.exe
  C:\Windows\System\wymCFDO.exe
  2⤵
  PID:3508
- C:\Windows\System\mYiIHOa.exe
  C:\Windows\System\mYiIHOa.exe
  2⤵
  PID:3552
- C:\Windows\System\gxRSoMf.exe
  C:\Windows\System\gxRSoMf.exe
  2⤵
  PID:3600
- C:\Windows\System\ngfhWaj.exe
  C:\Windows\System\ngfhWaj.exe
  2⤵
  PID:3616
- C:\Windows\System\rseEjeS.exe
  C:\Windows\System\rseEjeS.exe
  2⤵
  PID:3672
- C:\Windows\System\EoTATGP.exe
  C:\Windows\System\EoTATGP.exe
  2⤵
  PID:3736
- C:\Windows\System\NRaIlzn.exe
  C:\Windows\System\NRaIlzn.exe
  2⤵
  PID:3780
- C:\Windows\System\TbhPvyY.exe
  C:\Windows\System\TbhPvyY.exe
  2⤵
  PID:3832
- C:\Windows\System\dQpatRU.exe
  C:\Windows\System\dQpatRU.exe
  2⤵
  PID:3844
- C:\Windows\System\RFkcVqC.exe
  C:\Windows\System\RFkcVqC.exe
  2⤵
  PID:3924
- C:\Windows\System\NuHkHro.exe
  C:\Windows\System\NuHkHro.exe
  2⤵
  PID:3944
- C:\Windows\System\zPIYvda.exe
  C:\Windows\System\zPIYvda.exe
  2⤵
  PID:3996
- C:\Windows\System\NzuJmSH.exe
  C:\Windows\System\NzuJmSH.exe
  2⤵
  PID:3964
- C:\Windows\System\JvZVykM.exe
  C:\Windows\System\JvZVykM.exe
  2⤵
  PID:4012
- C:\Windows\System\tIFalos.exe
  C:\Windows\System\tIFalos.exe
  2⤵
  PID:4032
- C:\Windows\System\QuXfLWl.exe
  C:\Windows\System\QuXfLWl.exe
  2⤵
  PID:4052
- C:\Windows\System\BQPmstU.exe
  C:\Windows\System\BQPmstU.exe
  2⤵
  PID:4072
- C:\Windows\System\NGBhLKM.exe
  C:\Windows\System\NGBhLKM.exe
  2⤵
  PID:4092
- C:\Windows\System\QrPeNkc.exe
  C:\Windows\System\QrPeNkc.exe
  2⤵
  PID:1752
- C:\Windows\System\vFikPnp.exe
  C:\Windows\System\vFikPnp.exe
  2⤵
  PID:1308
- C:\Windows\System\ABZfomI.exe
  C:\Windows\System\ABZfomI.exe
  2⤵
  PID:3152
- C:\Windows\System\GNkNCSc.exe
  C:\Windows\System\GNkNCSc.exe
  2⤵
  PID:3172
- C:\Windows\System\gDXUqBH.exe
  C:\Windows\System\gDXUqBH.exe
  2⤵
  PID:1540
- C:\Windows\System\KfzXczr.exe
  C:\Windows\System\KfzXczr.exe
  2⤵
  PID:3332
- C:\Windows\System\WhQIUAb.exe
  C:\Windows\System\WhQIUAb.exe
  2⤵
  PID:2212
- C:\Windows\System\tAkXMAq.exe
  C:\Windows\System\tAkXMAq.exe
  2⤵
  PID:1608
- C:\Windows\System\HnlRFUj.exe
  C:\Windows\System\HnlRFUj.exe
  2⤵
  PID:3456
- C:\Windows\System\mqrWBbs.exe
  C:\Windows\System\mqrWBbs.exe
  2⤵
  PID:3556
- C:\Windows\System\iEunEjd.exe
  C:\Windows\System\iEunEjd.exe
  2⤵
  PID:3604
- C:\Windows\System\FNeVNAU.exe
  C:\Windows\System\FNeVNAU.exe
  2⤵
  PID:3668
- C:\Windows\System\yzXwRyV.exe
  C:\Windows\System\yzXwRyV.exe
  2⤵
  PID:2132
- C:\Windows\System\CFFbWhz.exe
  C:\Windows\System\CFFbWhz.exe
  2⤵
  PID:3768
- C:\Windows\System\pHpXPnq.exe
  C:\Windows\System\pHpXPnq.exe
  2⤵
  PID:3816
- C:\Windows\System\GfcKAKU.exe
  C:\Windows\System\GfcKAKU.exe
  2⤵
  PID:3912
- C:\Windows\System\BVnjoWV.exe
  C:\Windows\System\BVnjoWV.exe
  2⤵
  PID:3952
- C:\Windows\System\GfrViTF.exe
  C:\Windows\System\GfrViTF.exe
  2⤵
  PID:4020
- C:\Windows\System\yIktFjY.exe
  C:\Windows\System\yIktFjY.exe
  2⤵
  PID:4040
- C:\Windows\System\YHleesk.exe
  C:\Windows\System\YHleesk.exe
  2⤵
  PID:4048
- C:\Windows\System\kuFLCoH.exe
  C:\Windows\System\kuFLCoH.exe
  2⤵
  PID:2140
- C:\Windows\System\oPxfnUe.exe
  C:\Windows\System\oPxfnUe.exe
  2⤵
  PID:3140
- C:\Windows\System\jxsFgqN.exe
  C:\Windows\System\jxsFgqN.exe
  2⤵
  PID:3104
- C:\Windows\System\bASPTpv.exe
  C:\Windows\System\bASPTpv.exe
  2⤵
  PID:3184
- C:\Windows\System\jQBWRuc.exe
  C:\Windows\System\jQBWRuc.exe
  2⤵
  PID:3328
- C:\Windows\System\oycrSSl.exe
  C:\Windows\System\oycrSSl.exe
  2⤵
  PID:3300
- C:\Windows\System\KdyXZrJ.exe
  C:\Windows\System\KdyXZrJ.exe
  2⤵
  PID:3392
- C:\Windows\System\PjjeoJz.exe
  C:\Windows\System\PjjeoJz.exe
  2⤵
  PID:3524
- C:\Windows\System\sqJVSdC.exe
  C:\Windows\System\sqJVSdC.exe
  2⤵
  PID:3632
- C:\Windows\System\hqDkKXF.exe
  C:\Windows\System\hqDkKXF.exe
  2⤵
  PID:2472
- C:\Windows\System\ylMQiAZ.exe
  C:\Windows\System\ylMQiAZ.exe
  2⤵
  PID:3764
- C:\Windows\System\oQjJIoM.exe
  C:\Windows\System\oQjJIoM.exe
  2⤵
  PID:3880
- C:\Windows\System\wKKcoea.exe
  C:\Windows\System\wKKcoea.exe
  2⤵
  PID:3956
- C:\Windows\System\QXchrWY.exe
  C:\Windows\System\QXchrWY.exe
  2⤵
  PID:4000
- C:\Windows\System\hhGYFZD.exe
  C:\Windows\System\hhGYFZD.exe
  2⤵
  PID:3136
- C:\Windows\System\xWXPiPe.exe
  C:\Windows\System\xWXPiPe.exe
  2⤵
  PID:4068
- C:\Windows\System\XPqdxdg.exe
  C:\Windows\System\XPqdxdg.exe
  2⤵
  PID:2880
- C:\Windows\System\iNzTzlA.exe
  C:\Windows\System\iNzTzlA.exe
  2⤵
  PID:3284
- C:\Windows\System\CyaHqdG.exe
  C:\Windows\System\CyaHqdG.exe
  2⤵
  PID:2552
- C:\Windows\System\MmeMFWz.exe
  C:\Windows\System\MmeMFWz.exe
  2⤵
  PID:3572
- C:\Windows\System\oDZWUKP.exe
  C:\Windows\System\oDZWUKP.exe
  2⤵
  PID:1048
- C:\Windows\System\JidtpRk.exe
  C:\Windows\System\JidtpRk.exe
  2⤵
  PID:2756
- C:\Windows\System\dwsaChQ.exe
  C:\Windows\System\dwsaChQ.exe
  2⤵
  PID:3784
- C:\Windows\System\GVNMqej.exe
  C:\Windows\System\GVNMqej.exe
  2⤵
  PID:1572
- C:\Windows\System\MTiqRaB.exe
  C:\Windows\System\MTiqRaB.exe
  2⤵
  PID:4004
- C:\Windows\System\qDUpSpV.exe
  C:\Windows\System\qDUpSpV.exe
  2⤵
  PID:4080
- C:\Windows\System\RuDIGcs.exe
  C:\Windows\System\RuDIGcs.exe
  2⤵
  PID:2752
- C:\Windows\System\nzMvNLN.exe
  C:\Windows\System\nzMvNLN.exe
  2⤵
  PID:2352
- C:\Windows\System\gZgjpFh.exe
  C:\Windows\System\gZgjpFh.exe
  2⤵
  PID:3204
- C:\Windows\System\ykUBBlY.exe
  C:\Windows\System\ykUBBlY.exe
  2⤵
  PID:1732
- C:\Windows\System\IgwtGaM.exe
  C:\Windows\System\IgwtGaM.exe
  2⤵
  PID:3380
- C:\Windows\System\deRXAyG.exe
  C:\Windows\System\deRXAyG.exe
  2⤵
  PID:2228
- C:\Windows\System\UWOPEHt.exe
  C:\Windows\System\UWOPEHt.exe
  2⤵
  PID:1232
- C:\Windows\System\fsVZxGO.exe
  C:\Windows\System\fsVZxGO.exe
  2⤵
  PID:672
- C:\Windows\System\nHQQFxb.exe
  C:\Windows\System\nHQQFxb.exe
  2⤵
  PID:1940
- C:\Windows\System\WrgIApa.exe
  C:\Windows\System\WrgIApa.exe
  2⤵
  PID:3828
- C:\Windows\System\lALgNrZ.exe
  C:\Windows\System\lALgNrZ.exe
  2⤵
  PID:2076
- C:\Windows\System\mEyCPSQ.exe
  C:\Windows\System\mEyCPSQ.exe
  2⤵
  PID:1472
- C:\Windows\System\FWlPxiV.exe
  C:\Windows\System\FWlPxiV.exe
  2⤵
  PID:4084
- C:\Windows\System\mCqlZCu.exe
  C:\Windows\System\mCqlZCu.exe
  2⤵
  PID:904
- C:\Windows\System\uWwqbZd.exe
  C:\Windows\System\uWwqbZd.exe
  2⤵
  PID:1412
- C:\Windows\System\vgydsbB.exe
  C:\Windows\System\vgydsbB.exe
  2⤵
  PID:2216
- C:\Windows\System\hNfVJGf.exe
  C:\Windows\System\hNfVJGf.exe
  2⤵
  PID:3536
- C:\Windows\System\yBbrbnS.exe
  C:\Windows\System\yBbrbnS.exe
  2⤵
  PID:3088
- C:\Windows\System\EsWQTTo.exe
  C:\Windows\System\EsWQTTo.exe
  2⤵
  PID:3716
- C:\Windows\System\APphHRK.exe
  C:\Windows\System\APphHRK.exe
  2⤵
  PID:4108
- C:\Windows\System\YDSCXGj.exe
  C:\Windows\System\YDSCXGj.exe
  2⤵
  PID:4128
- C:\Windows\System\jBvqvhm.exe
  C:\Windows\System\jBvqvhm.exe
  2⤵
  PID:4144
- C:\Windows\System\eLaRbZI.exe
  C:\Windows\System\eLaRbZI.exe
  2⤵
  PID:4180
- C:\Windows\System\EElHqHS.exe
  C:\Windows\System\EElHqHS.exe
  2⤵
  PID:4196
- C:\Windows\System\mYBIDRW.exe
  C:\Windows\System\mYBIDRW.exe
  2⤵
  PID:4212
- C:\Windows\System\RWTBJPY.exe
  C:\Windows\System\RWTBJPY.exe
  2⤵
  PID:4232
- C:\Windows\System\gPOSbzQ.exe
  C:\Windows\System\gPOSbzQ.exe
  2⤵
  PID:4256
- C:\Windows\System\sJUDfcn.exe
  C:\Windows\System\sJUDfcn.exe
  2⤵
  PID:4280
- C:\Windows\System\kBPCDZL.exe
  C:\Windows\System\kBPCDZL.exe
  2⤵
  PID:4300
- C:\Windows\System\NasSNAQ.exe
  C:\Windows\System\NasSNAQ.exe
  2⤵
  PID:4320
- C:\Windows\System\uBTApHZ.exe
  C:\Windows\System\uBTApHZ.exe
  2⤵
  PID:4340
- C:\Windows\System\TbqtkTw.exe
  C:\Windows\System\TbqtkTw.exe
  2⤵
  PID:4360
- C:\Windows\System\xiGHjLN.exe
  C:\Windows\System\xiGHjLN.exe
  2⤵
  PID:4376
- C:\Windows\System\NMlhBhC.exe
  C:\Windows\System\NMlhBhC.exe
  2⤵
  PID:4392
- C:\Windows\System\CJcnqph.exe
  C:\Windows\System\CJcnqph.exe
  2⤵
  PID:4408
- C:\Windows\System\MJKFIVJ.exe
  C:\Windows\System\MJKFIVJ.exe
  2⤵
  PID:4428
- C:\Windows\System\HvvAscC.exe
  C:\Windows\System\HvvAscC.exe
  2⤵
  PID:4460
- C:\Windows\System\UguXPQk.exe
  C:\Windows\System\UguXPQk.exe
  2⤵
  PID:4480
- C:\Windows\System\HIxYClg.exe
  C:\Windows\System\HIxYClg.exe
  2⤵
  PID:4500
- C:\Windows\System\tRqUarD.exe
  C:\Windows\System\tRqUarD.exe
  2⤵
  PID:4516
- C:\Windows\System\mZkSSFS.exe
  C:\Windows\System\mZkSSFS.exe
  2⤵
  PID:4540
- C:\Windows\System\sOfRIOE.exe
  C:\Windows\System\sOfRIOE.exe
  2⤵
  PID:4556
- C:\Windows\System\GFwWXWh.exe
  C:\Windows\System\GFwWXWh.exe
  2⤵
  PID:4576
- C:\Windows\System\THLTUYo.exe
  C:\Windows\System\THLTUYo.exe
  2⤵
  PID:4592
- C:\Windows\System\DawumdW.exe
  C:\Windows\System\DawumdW.exe
  2⤵
  PID:4608
- C:\Windows\System\VvTSNBM.exe
  C:\Windows\System\VvTSNBM.exe
  2⤵
  PID:4624
- C:\Windows\System\adzeyFX.exe
  C:\Windows\System\adzeyFX.exe
  2⤵
  PID:4644
- C:\Windows\System\uaqsnku.exe
  C:\Windows\System\uaqsnku.exe
  2⤵
  PID:4664
- C:\Windows\System\xoMIkll.exe
  C:\Windows\System\xoMIkll.exe
  2⤵
  PID:4688
- C:\Windows\System\nVzvHUN.exe
  C:\Windows\System\nVzvHUN.exe
  2⤵
  PID:4708
- C:\Windows\System\AcXWNKc.exe
  C:\Windows\System\AcXWNKc.exe
  2⤵
  PID:4724
- C:\Windows\System\XKxvJHB.exe
  C:\Windows\System\XKxvJHB.exe
  2⤵
  PID:4760
- C:\Windows\System\ZLAymNA.exe
  C:\Windows\System\ZLAymNA.exe
  2⤵
  PID:4780
- C:\Windows\System\qtGuHCF.exe
  C:\Windows\System\qtGuHCF.exe
  2⤵
  PID:4796
- C:\Windows\System\dbiVrma.exe
  C:\Windows\System\dbiVrma.exe
  2⤵
  PID:4812
- C:\Windows\System\EySjKTJ.exe
  C:\Windows\System\EySjKTJ.exe
  2⤵
  PID:4828
- C:\Windows\System\bRljwfM.exe
  C:\Windows\System\bRljwfM.exe
  2⤵
  PID:4844
- C:\Windows\System\UXzgKHa.exe
  C:\Windows\System\UXzgKHa.exe
  2⤵
  PID:4860
- C:\Windows\System\UqlBBIA.exe
  C:\Windows\System\UqlBBIA.exe
  2⤵
  PID:4880
- C:\Windows\System\QZAYMWB.exe
  C:\Windows\System\QZAYMWB.exe
  2⤵
  PID:4900
- C:\Windows\System\wvQKoqu.exe
  C:\Windows\System\wvQKoqu.exe
  2⤵
  PID:4924
- C:\Windows\System\LTNYhHS.exe
  C:\Windows\System\LTNYhHS.exe
  2⤵
  PID:4940
- C:\Windows\System\KTsvIao.exe
  C:\Windows\System\KTsvIao.exe
  2⤵
  PID:4956
- C:\Windows\System\nYcMRTP.exe
  C:\Windows\System\nYcMRTP.exe
  2⤵
  PID:4976
- C:\Windows\System\ArIOHFv.exe
  C:\Windows\System\ArIOHFv.exe
  2⤵
  PID:5016
- C:\Windows\System\YKDfRxm.exe
  C:\Windows\System\YKDfRxm.exe
  2⤵
  PID:5036
- C:\Windows\System\KlWHVmz.exe
  C:\Windows\System\KlWHVmz.exe
  2⤵
  PID:5068
- C:\Windows\System\uTdySjH.exe
  C:\Windows\System\uTdySjH.exe
  2⤵
  PID:5084
- C:\Windows\System\NPTiujs.exe
  C:\Windows\System\NPTiujs.exe
  2⤵
  PID:5104
- C:\Windows\System\pBeZauG.exe
  C:\Windows\System\pBeZauG.exe
  2⤵
  PID:3540
- C:\Windows\System\obXqRlj.exe
  C:\Windows\System\obXqRlj.exe
  2⤵
  PID:1980
- C:\Windows\System\BXIFzKi.exe
  C:\Windows\System\BXIFzKi.exe
  2⤵
  PID:4124
- C:\Windows\System\MoGogNv.exe
  C:\Windows\System\MoGogNv.exe
  2⤵
  PID:4168
- C:\Windows\System\DxWtRLh.exe
  C:\Windows\System\DxWtRLh.exe
  2⤵
  PID:4204
- C:\Windows\System\LTlqUzw.exe
  C:\Windows\System\LTlqUzw.exe
  2⤵
  PID:3896
- C:\Windows\System\xkaVtgN.exe
  C:\Windows\System\xkaVtgN.exe
  2⤵
  PID:4264
- C:\Windows\System\xBVSZfd.exe
  C:\Windows\System\xBVSZfd.exe
  2⤵
  PID:4268
- C:\Windows\System\JrvAYjV.exe
  C:\Windows\System\JrvAYjV.exe
  2⤵
  PID:4276
- C:\Windows\System\aYoAnwq.exe
  C:\Windows\System\aYoAnwq.exe
  2⤵
  PID:4316
- C:\Windows\System\UvXxyAX.exe
  C:\Windows\System\UvXxyAX.exe
  2⤵
  PID:4348
- C:\Windows\System\WmGKjYn.exe
  C:\Windows\System\WmGKjYn.exe
  2⤵
  PID:4420
- C:\Windows\System\TsjOJtq.exe
  C:\Windows\System\TsjOJtq.exe
  2⤵
  PID:4452
- C:\Windows\System\VGENyxo.exe
  C:\Windows\System\VGENyxo.exe
  2⤵
  PID:4472
- C:\Windows\System\mkRrRFa.exe
  C:\Windows\System\mkRrRFa.exe
  2⤵
  PID:4508
- C:\Windows\System\MdkCFSN.exe
  C:\Windows\System\MdkCFSN.exe
  2⤵
  PID:4536
- C:\Windows\System\XvZyUkK.exe
  C:\Windows\System\XvZyUkK.exe
  2⤵
  PID:4604
- C:\Windows\System\UXGjGbT.exe
  C:\Windows\System\UXGjGbT.exe
  2⤵
  PID:4552
- C:\Windows\System\bKheMfi.exe
  C:\Windows\System\bKheMfi.exe
  2⤵
  PID:4680
- C:\Windows\System\UAhnnBW.exe
  C:\Windows\System\UAhnnBW.exe
  2⤵
  PID:4656
- C:\Windows\System\tOQIokN.exe
  C:\Windows\System\tOQIokN.exe
  2⤵
  PID:4716
- C:\Windows\System\CVtqAJN.exe
  C:\Windows\System\CVtqAJN.exe
  2⤵
  PID:4752
- C:\Windows\System\vMXsXpt.exe
  C:\Windows\System\vMXsXpt.exe
  2⤵
  PID:4744
- C:\Windows\System\OFJeoxF.exe
  C:\Windows\System\OFJeoxF.exe
  2⤵
  PID:4776
- C:\Windows\System\zMgimvt.exe
  C:\Windows\System\zMgimvt.exe
  2⤵
  PID:4840
- C:\Windows\System\TOXZLas.exe
  C:\Windows\System\TOXZLas.exe
  2⤵
  PID:4908
- C:\Windows\System\qjXpjJH.exe
  C:\Windows\System\qjXpjJH.exe
  2⤵
  PID:4948
- C:\Windows\System\rKydcQY.exe
  C:\Windows\System\rKydcQY.exe
  2⤵
  PID:4792
- C:\Windows\System\wojZcGP.exe
  C:\Windows\System\wojZcGP.exe
  2⤵
  PID:4856
- C:\Windows\System\dGvrZYa.exe
  C:\Windows\System\dGvrZYa.exe
  2⤵
  PID:5000
- C:\Windows\System\BOWmERh.exe
  C:\Windows\System\BOWmERh.exe
  2⤵
  PID:4788
- C:\Windows\System\MuLECSw.exe
  C:\Windows\System\MuLECSw.exe
  2⤵
  PID:4972
- C:\Windows\System\LeTOBIJ.exe
  C:\Windows\System\LeTOBIJ.exe
  2⤵
  PID:5024
- C:\Windows\System\KVDCVUf.exe
  C:\Windows\System\KVDCVUf.exe
  2⤵
  PID:5032
- C:\Windows\System\JkPkaMp.exe
  C:\Windows\System\JkPkaMp.exe
  2⤵
  PID:5096
- C:\Windows\System\kXomLvt.exe
  C:\Windows\System\kXomLvt.exe
  2⤵
  PID:5116
- C:\Windows\System\uIpYuUF.exe
  C:\Windows\System\uIpYuUF.exe
  2⤵
  PID:4160
- C:\Windows\System\EjXKGhk.exe
  C:\Windows\System\EjXKGhk.exe
  2⤵
  PID:4120
- C:\Windows\System\SGbhTDa.exe
  C:\Windows\System\SGbhTDa.exe
  2⤵
  PID:4288
- C:\Windows\System\dfytWpe.exe
  C:\Windows\System\dfytWpe.exe
  2⤵
  PID:4404
- C:\Windows\System\ZNJoNIt.exe
  C:\Windows\System\ZNJoNIt.exe
  2⤵
  PID:4524
- C:\Windows\System\ZVyMNzP.exe
  C:\Windows\System\ZVyMNzP.exe
  2⤵
  PID:4640
- C:\Windows\System\OsvCtEM.exe
  C:\Windows\System\OsvCtEM.exe
  2⤵
  PID:4704
- C:\Windows\System\hkeGOyW.exe
  C:\Windows\System\hkeGOyW.exe
  2⤵
  PID:4872
- C:\Windows\System\yFOLZhZ.exe
  C:\Windows\System\yFOLZhZ.exe
  2⤵
  PID:4448
- C:\Windows\System\vvKieHc.exe
  C:\Windows\System\vvKieHc.exe
  2⤵
  PID:4572
- C:\Windows\System\vhIRahd.exe
  C:\Windows\System\vhIRahd.exe
  2⤵
  PID:4548
- C:\Windows\System\dlbPlaT.exe
  C:\Windows\System\dlbPlaT.exe
  2⤵
  PID:4740
- C:\Windows\System\tqbOkwJ.exe
  C:\Windows\System\tqbOkwJ.exe
  2⤵
  PID:4984
- C:\Windows\System\PPOdfMv.exe
  C:\Windows\System\PPOdfMv.exe
  2⤵
  PID:4996
- C:\Windows\System\FGAliAI.exe
  C:\Windows\System\FGAliAI.exe
  2⤵
  PID:5060
- C:\Windows\System\GSCBVRf.exe
  C:\Windows\System\GSCBVRf.exe
  2⤵
  PID:3972
- C:\Windows\System\YoklKIh.exe
  C:\Windows\System\YoklKIh.exe
  2⤵
  PID:4100
- C:\Windows\System\qTMSnSP.exe
  C:\Windows\System\qTMSnSP.exe
  2⤵
  PID:4416
- C:\Windows\System\Cjrzldx.exe
  C:\Windows\System\Cjrzldx.exe
  2⤵
  PID:4352
- C:\Windows\System\sdUWcxr.exe
  C:\Windows\System\sdUWcxr.exe
  2⤵
  PID:4400
- C:\Windows\System\WGvDUIe.exe
  C:\Windows\System\WGvDUIe.exe
  2⤵
  PID:4492
- C:\Windows\System\USAcyYz.exe
  C:\Windows\System\USAcyYz.exe
  2⤵
  PID:4852
- C:\Windows\System\VzsqXkG.exe
  C:\Windows\System\VzsqXkG.exe
  2⤵
  PID:3068
- C:\Windows\System\tqXeXJw.exe
  C:\Windows\System\tqXeXJw.exe
  2⤵
  PID:4676
- C:\Windows\System\BwDYrUL.exe
  C:\Windows\System\BwDYrUL.exe
  2⤵
  PID:4140
- C:\Windows\System\qsrGGqn.exe
  C:\Windows\System\qsrGGqn.exe
  2⤵
  PID:4356
- C:\Windows\System\BacfeCi.exe
  C:\Windows\System\BacfeCi.exe
  2⤵
  PID:4876
- C:\Windows\System\bKfUYmT.exe
  C:\Windows\System\bKfUYmT.exe
  2⤵
  PID:4240
- C:\Windows\System\uKSiMNb.exe
  C:\Windows\System\uKSiMNb.exe
  2⤵
  PID:4312
- C:\Windows\System\zEhHZpY.exe
  C:\Windows\System\zEhHZpY.exe
  2⤵
  PID:4636
- C:\Windows\System\VISRZCD.exe
  C:\Windows\System\VISRZCD.exe
  2⤵
  PID:4824
- C:\Windows\System\CaUnMdk.exe
  C:\Windows\System\CaUnMdk.exe
  2⤵
  PID:4892
- C:\Windows\System\ovlyBmg.exe
  C:\Windows\System\ovlyBmg.exe
  2⤵
  PID:5052
- C:\Windows\System\ssPeCCv.exe
  C:\Windows\System\ssPeCCv.exe
  2⤵
  PID:4164
- C:\Windows\System\RvCVGEU.exe
  C:\Windows\System\RvCVGEU.exe
  2⤵
  PID:4968
- C:\Windows\System\RUqZUuN.exe
  C:\Windows\System\RUqZUuN.exe
  2⤵
  PID:5112
- C:\Windows\System\SSbmWIF.exe
  C:\Windows\System\SSbmWIF.exe
  2⤵
  PID:4104
- C:\Windows\System\CJCShYl.exe
  C:\Windows\System\CJCShYl.exe
  2⤵
  PID:4224
- C:\Windows\System\WscJgkF.exe
  C:\Windows\System\WscJgkF.exe
  2⤵
  PID:4188
- C:\Windows\System\CuINtxt.exe
  C:\Windows\System\CuINtxt.exe
  2⤵
  PID:4920
- C:\Windows\System\EyzqyVR.exe
  C:\Windows\System\EyzqyVR.exe
  2⤵
  PID:5128
- C:\Windows\System\FuZQBXa.exe
  C:\Windows\System\FuZQBXa.exe
  2⤵
  PID:5148
- C:\Windows\System\fZydpmi.exe
  C:\Windows\System\fZydpmi.exe
  2⤵
  PID:5164
- C:\Windows\System\RnwiJdy.exe
  C:\Windows\System\RnwiJdy.exe
  2⤵
  PID:5184
- C:\Windows\System\lGCsdeC.exe
  C:\Windows\System\lGCsdeC.exe
  2⤵
  PID:5208
- C:\Windows\System\CrbuDCW.exe
  C:\Windows\System\CrbuDCW.exe
  2⤵
  PID:5224
- C:\Windows\System\NmpsmbP.exe
  C:\Windows\System\NmpsmbP.exe
  2⤵
  PID:5240
- C:\Windows\System\cGQFqUn.exe
  C:\Windows\System\cGQFqUn.exe
  2⤵
  PID:5268
- C:\Windows\System\lLKcVPJ.exe
  C:\Windows\System\lLKcVPJ.exe
  2⤵
  PID:5284
- C:\Windows\System\AwcoaHg.exe
  C:\Windows\System\AwcoaHg.exe
  2⤵
  PID:5300
- C:\Windows\System\BLTedZv.exe
  C:\Windows\System\BLTedZv.exe
  2⤵
  PID:5316
- C:\Windows\System\gOJifCJ.exe
  C:\Windows\System\gOJifCJ.exe
  2⤵
  PID:5332
- C:\Windows\System\QIQQDOM.exe
  C:\Windows\System\QIQQDOM.exe
  2⤵
  PID:5348
- C:\Windows\System\nbVqYTi.exe
  C:\Windows\System\nbVqYTi.exe
  2⤵
  PID:5372
- C:\Windows\System\nkKgiin.exe
  C:\Windows\System\nkKgiin.exe
  2⤵
  PID:5392
- C:\Windows\System\DQRKVwF.exe
  C:\Windows\System\DQRKVwF.exe
  2⤵
  PID:5412
- C:\Windows\System\vtJOFwf.exe
  C:\Windows\System\vtJOFwf.exe
  2⤵
  PID:5432
- C:\Windows\System\mCShkKA.exe
  C:\Windows\System\mCShkKA.exe
  2⤵
  PID:5448
- C:\Windows\System\zXLUHvf.exe
  C:\Windows\System\zXLUHvf.exe
  2⤵
  PID:5464
- C:\Windows\System\ZRbsluV.exe
  C:\Windows\System\ZRbsluV.exe
  2⤵
  PID:5480
- C:\Windows\System\PSbcPvv.exe
  C:\Windows\System\PSbcPvv.exe
  2⤵
  PID:5540
- C:\Windows\System\ZhKdFpO.exe
  C:\Windows\System\ZhKdFpO.exe
  2⤵
  PID:5560
- C:\Windows\System\iOeriuw.exe
  C:\Windows\System\iOeriuw.exe
  2⤵
  PID:5580
- C:\Windows\System\ruywJYQ.exe
  C:\Windows\System\ruywJYQ.exe
  2⤵
  PID:5600
- C:\Windows\System\HqYMqAh.exe
  C:\Windows\System\HqYMqAh.exe
  2⤵
  PID:5616
- C:\Windows\System\kHggQQg.exe
  C:\Windows\System\kHggQQg.exe
  2⤵
  PID:5640
- C:\Windows\System\xqkvxjH.exe
  C:\Windows\System\xqkvxjH.exe
  2⤵
  PID:5656
- C:\Windows\System\THewDzB.exe
  C:\Windows\System\THewDzB.exe
  2⤵
  PID:5672
- C:\Windows\System\DEmhGDk.exe
  C:\Windows\System\DEmhGDk.exe
  2⤵
  PID:5692
- C:\Windows\System\TkaiPWa.exe
  C:\Windows\System\TkaiPWa.exe
  2⤵
  PID:5712
- C:\Windows\System\oYrePwD.exe
  C:\Windows\System\oYrePwD.exe
  2⤵
  PID:5728
- C:\Windows\System\srgHQfM.exe
  C:\Windows\System\srgHQfM.exe
  2⤵
  PID:5744
- C:\Windows\System\xNlLIEw.exe
  C:\Windows\System\xNlLIEw.exe
  2⤵
  PID:5760
- C:\Windows\System\rDhUqzc.exe
  C:\Windows\System\rDhUqzc.exe
  2⤵
  PID:5780
- C:\Windows\System\iwHglmM.exe
  C:\Windows\System\iwHglmM.exe
  2⤵
  PID:5820
- C:\Windows\System\WHHaOKW.exe
  C:\Windows\System\WHHaOKW.exe
  2⤵
  PID:5836
- C:\Windows\System\KcQmVai.exe
  C:\Windows\System\KcQmVai.exe
  2⤵
  PID:5852
- C:\Windows\System\JbsmJgf.exe
  C:\Windows\System\JbsmJgf.exe
  2⤵
  PID:5868
- C:\Windows\System\oedXWKH.exe
  C:\Windows\System\oedXWKH.exe
  2⤵
  PID:5884
- C:\Windows\System\DlPSHXz.exe
  C:\Windows\System\DlPSHXz.exe
  2⤵
  PID:5908
- C:\Windows\System\osDzwjj.exe
  C:\Windows\System\osDzwjj.exe
  2⤵
  PID:5924
- C:\Windows\System\apGNoEW.exe
  C:\Windows\System\apGNoEW.exe
  2⤵
  PID:5948
- C:\Windows\System\ECTjAlQ.exe
  C:\Windows\System\ECTjAlQ.exe
  2⤵
  PID:5964
- C:\Windows\System\trCvWpj.exe
  C:\Windows\System\trCvWpj.exe
  2⤵
  PID:5984
- C:\Windows\System\oaIBTFr.exe
  C:\Windows\System\oaIBTFr.exe
  2⤵
  PID:6020
- C:\Windows\System\DdwhGbB.exe
  C:\Windows\System\DdwhGbB.exe
  2⤵
  PID:6036
- C:\Windows\System\BHDuOBy.exe
  C:\Windows\System\BHDuOBy.exe
  2⤵
  PID:6052
- C:\Windows\System\cXiIIId.exe
  C:\Windows\System\cXiIIId.exe
  2⤵
  PID:6088
- C:\Windows\System\aWJtzmD.exe
  C:\Windows\System\aWJtzmD.exe
  2⤵
  PID:6104
- C:\Windows\System\woULfSL.exe
  C:\Windows\System\woULfSL.exe
  2⤵
  PID:6120
- C:\Windows\System\RQslDaw.exe
  C:\Windows\System\RQslDaw.exe
  2⤵
  PID:6136
- C:\Windows\System\cAgzlzO.exe
  C:\Windows\System\cAgzlzO.exe
  2⤵
  PID:4616
- C:\Windows\System\ChKlfEi.exe
  C:\Windows\System\ChKlfEi.exe
  2⤵
  PID:5140
- C:\Windows\System\aNsUjHs.exe
  C:\Windows\System\aNsUjHs.exe
  2⤵
  PID:5180
- C:\Windows\System\kmHejVs.exe
  C:\Windows\System\kmHejVs.exe
  2⤵
  PID:5260
- C:\Windows\System\fLopzhq.exe
  C:\Windows\System\fLopzhq.exe
  2⤵
  PID:5252
- C:\Windows\System\SUwUDjx.exe
  C:\Windows\System\SUwUDjx.exe
  2⤵
  PID:5364
- C:\Windows\System\HXRSxME.exe
  C:\Windows\System\HXRSxME.exe
  2⤵
  PID:5156
- C:\Windows\System\oCEpMVH.exe
  C:\Windows\System\oCEpMVH.exe
  2⤵
  PID:5204
- C:\Windows\System\NGUJAbf.exe
  C:\Windows\System\NGUJAbf.exe
  2⤵
  PID:5440
- C:\Windows\System\pGiSptK.exe
  C:\Windows\System\pGiSptK.exe
  2⤵
  PID:5520
- C:\Windows\System\vloRxWQ.exe
  C:\Windows\System\vloRxWQ.exe
  2⤵
  PID:5388
- C:\Windows\System\LPcupMt.exe
  C:\Windows\System\LPcupMt.exe
  2⤵
  PID:5496
- C:\Windows\System\ojunfBf.exe
  C:\Windows\System\ojunfBf.exe
  2⤵
  PID:5280
- C:\Windows\System\xYleEDI.exe
  C:\Windows\System\xYleEDI.exe
  2⤵
  PID:5368
- C:\Windows\System\KTpajlF.exe
  C:\Windows\System\KTpajlF.exe
  2⤵
  PID:5592
- C:\Windows\System\NZIEfFk.exe
  C:\Windows\System\NZIEfFk.exe
  2⤵
  PID:5628
- C:\Windows\System\RcoLEhv.exe
  C:\Windows\System\RcoLEhv.exe
  2⤵
  PID:5668
- C:\Windows\System\hTqJKIA.exe
  C:\Windows\System\hTqJKIA.exe
  2⤵
  PID:5608
- C:\Windows\System\MiitWbM.exe
  C:\Windows\System\MiitWbM.exe
  2⤵
  PID:5688
- C:\Windows\System\VDIVIyR.exe
  C:\Windows\System\VDIVIyR.exe
  2⤵
  PID:5724
- C:\Windows\System\jiyZqkm.exe
  C:\Windows\System\jiyZqkm.exe
  2⤵
  PID:5752
- C:\Windows\System\mjFksrd.exe
  C:\Windows\System\mjFksrd.exe
  2⤵
  PID:5648
- C:\Windows\System\TJqVThU.exe
  C:\Windows\System\TJqVThU.exe
  2⤵
  PID:5816
- C:\Windows\System\fpUoRls.exe
  C:\Windows\System\fpUoRls.exe
  2⤵
  PID:5900
- C:\Windows\System\mmJLQhU.exe
  C:\Windows\System\mmJLQhU.exe
  2⤵
  PID:5880
- C:\Windows\System\bNnBgps.exe
  C:\Windows\System\bNnBgps.exe
  2⤵
  PID:5932
- C:\Windows\System\ogwMPlw.exe
  C:\Windows\System\ogwMPlw.exe
  2⤵
  PID:5992
- C:\Windows\System\XrtpVTI.exe
  C:\Windows\System\XrtpVTI.exe
  2⤵
  PID:6000
- C:\Windows\System\BPnmWDf.exe
  C:\Windows\System\BPnmWDf.exe
  2⤵
  PID:6044
- C:\Windows\System\esJkgwG.exe
  C:\Windows\System\esJkgwG.exe
  2⤵
  PID:6076
- C:\Windows\System\JawhjMQ.exe
  C:\Windows\System\JawhjMQ.exe
  2⤵
  PID:4964
- C:\Windows\System\YDWaceE.exe
  C:\Windows\System\YDWaceE.exe
  2⤵
  PID:6100
- C:\Windows\System\vrVJbQW.exe
  C:\Windows\System\vrVJbQW.exe
  2⤵
  PID:5408
- C:\Windows\System\mLSoSmO.exe
  C:\Windows\System\mLSoSmO.exe
  2⤵
  PID:5236
- C:\Windows\System\deVMEHv.exe
  C:\Windows\System\deVMEHv.exe
  2⤵
  PID:6096
- C:\Windows\System\SVRECLc.exe
  C:\Windows\System\SVRECLc.exe
  2⤵
  PID:4684
- C:\Windows\System\FbQRPeZ.exe
  C:\Windows\System\FbQRPeZ.exe
  2⤵
  PID:5328
- C:\Windows\System\ovBQFhc.exe
  C:\Windows\System\ovBQFhc.exe
  2⤵
  PID:5512
- C:\Windows\System\NkZkfid.exe
  C:\Windows\System\NkZkfid.exe
  2⤵
  PID:5456
- C:\Windows\System\NVWNFeU.exe
  C:\Windows\System\NVWNFeU.exe
  2⤵
  PID:5548
- C:\Windows\System\mvCMDCX.exe
  C:\Windows\System\mvCMDCX.exe
  2⤵
  PID:5556
- C:\Windows\System\TpXhXSM.exe
  C:\Windows\System\TpXhXSM.exe
  2⤵
  PID:5680
- C:\Windows\System\uijiuWQ.exe
  C:\Windows\System\uijiuWQ.exe
  2⤵
  PID:5800
- C:\Windows\System\klmxwYj.exe
  C:\Windows\System\klmxwYj.exe
  2⤵
  PID:5624
- C:\Windows\System\JiBGmDP.exe
  C:\Windows\System\JiBGmDP.exe
  2⤵
  PID:5940
- C:\Windows\System\ctdLyUC.exe
  C:\Windows\System\ctdLyUC.exe
  2⤵
  PID:5612
- C:\Windows\System\WufZnGt.exe
  C:\Windows\System\WufZnGt.exe
  2⤵
  PID:5976
- C:\Windows\System\yucvXzK.exe
  C:\Windows\System\yucvXzK.exe
  2⤵
  PID:5740
- C:\Windows\System\iIQtdCU.exe
  C:\Windows\System\iIQtdCU.exe
  2⤵
  PID:5916
- C:\Windows\System\BAgkugQ.exe
  C:\Windows\System\BAgkugQ.exe
  2⤵
  PID:6008
- C:\Windows\System\ICTLFOL.exe
  C:\Windows\System\ICTLFOL.exe
  2⤵
  PID:6060
- C:\Windows\System\RVqWjbg.exe
  C:\Windows\System\RVqWjbg.exe
  2⤵
  PID:6116
- C:\Windows\System\TBOihcs.exe
  C:\Windows\System\TBOihcs.exe
  2⤵
  PID:5360
- C:\Windows\System\tkiaZof.exe
  C:\Windows\System\tkiaZof.exe
  2⤵
  PID:5424
- C:\Windows\System\hQvcuey.exe
  C:\Windows\System\hQvcuey.exe
  2⤵
  PID:5176
- C:\Windows\System\rAFMxnO.exe
  C:\Windows\System\rAFMxnO.exe
  2⤵
  PID:5200
- C:\Windows\System\BxZEmHG.exe
  C:\Windows\System\BxZEmHG.exe
  2⤵
  PID:5552
- C:\Windows\System\UdddKmJ.exe
  C:\Windows\System\UdddKmJ.exe
  2⤵
  PID:5636
- C:\Windows\System\qvRffVq.exe
  C:\Windows\System\qvRffVq.exe
  2⤵
  PID:5892
- C:\Windows\System\gcqdhCA.exe
  C:\Windows\System\gcqdhCA.exe
  2⤵
  PID:5708
- C:\Windows\System\udcxZcn.exe
  C:\Windows\System\udcxZcn.exe
  2⤵
  PID:6084
- C:\Windows\System\fkzrxga.exe
  C:\Windows\System\fkzrxga.exe
  2⤵
  PID:5324
- C:\Windows\System\AVrXsaJ.exe
  C:\Windows\System\AVrXsaJ.exe
  2⤵
  PID:5956
- C:\Windows\System\xLpAfgQ.exe
  C:\Windows\System\xLpAfgQ.exe
  2⤵
  PID:6016
- C:\Windows\System\ReSCsto.exe
  C:\Windows\System\ReSCsto.exe
  2⤵
  PID:5528
- C:\Windows\System\MBcHprN.exe
  C:\Windows\System\MBcHprN.exe
  2⤵
  PID:5536
- C:\Windows\System\yNpdWWb.exe
  C:\Windows\System\yNpdWWb.exe
  2⤵
  PID:5428
- C:\Windows\System\UegLxAP.exe
  C:\Windows\System\UegLxAP.exe
  2⤵
  PID:5596
- C:\Windows\System\uAnNPIC.exe
  C:\Windows\System\uAnNPIC.exe
  2⤵
  PID:5864
- C:\Windows\System\XxNLmZS.exe
  C:\Windows\System\XxNLmZS.exe
  2⤵
  PID:5508
- C:\Windows\System\PnVsfHx.exe
  C:\Windows\System\PnVsfHx.exe
  2⤵
  PID:6160
- C:\Windows\System\ElDWJkZ.exe
  C:\Windows\System\ElDWJkZ.exe
  2⤵
  PID:6184
- C:\Windows\System\tjoeHBt.exe
  C:\Windows\System\tjoeHBt.exe
  2⤵
  PID:6200
- C:\Windows\System\mjFNoxV.exe
  C:\Windows\System\mjFNoxV.exe
  2⤵
  PID:6216
- C:\Windows\System\EqMsoGu.exe
  C:\Windows\System\EqMsoGu.exe
  2⤵
  PID:6232
- C:\Windows\System\uHHLbga.exe
  C:\Windows\System\uHHLbga.exe
  2⤵
  PID:6248
- C:\Windows\System\sBaURav.exe
  C:\Windows\System\sBaURav.exe
  2⤵
  PID:6276
- C:\Windows\System\XhoLBmS.exe
  C:\Windows\System\XhoLBmS.exe
  2⤵
  PID:6292
- C:\Windows\System\SGhKqTt.exe
  C:\Windows\System\SGhKqTt.exe
  2⤵
  PID:6308
- C:\Windows\System\jdbEwVC.exe
  C:\Windows\System\jdbEwVC.exe
  2⤵
  PID:6324
- C:\Windows\System\udWYAae.exe
  C:\Windows\System\udWYAae.exe
  2⤵
  PID:6340
- C:\Windows\System\USVQwGD.exe
  C:\Windows\System\USVQwGD.exe
  2⤵
  PID:6356
- C:\Windows\System\jZVBLhF.exe
  C:\Windows\System\jZVBLhF.exe
  2⤵
  PID:6376
- C:\Windows\System\fSrQShE.exe
  C:\Windows\System\fSrQShE.exe
  2⤵
  PID:6396
- C:\Windows\System\rzTwmna.exe
  C:\Windows\System\rzTwmna.exe
  2⤵
  PID:6416
- C:\Windows\System\aLeFCAT.exe
  C:\Windows\System\aLeFCAT.exe
  2⤵
  PID:6432
- C:\Windows\System\UnbdVCt.exe
  C:\Windows\System\UnbdVCt.exe
  2⤵
  PID:6448
- C:\Windows\System\uTavMMQ.exe
  C:\Windows\System\uTavMMQ.exe
  2⤵
  PID:6464
- C:\Windows\System\gVXdDGb.exe
  C:\Windows\System\gVXdDGb.exe
  2⤵
  PID:6532
- C:\Windows\System\HlRkxXk.exe
  C:\Windows\System\HlRkxXk.exe
  2⤵
  PID:6568
- C:\Windows\System\JUkHExg.exe
  C:\Windows\System\JUkHExg.exe
  2⤵
  PID:6584
- C:\Windows\System\IDGiQfO.exe
  C:\Windows\System\IDGiQfO.exe
  2⤵
  PID:6600
- C:\Windows\System\OEcJDaq.exe
  C:\Windows\System\OEcJDaq.exe
  2⤵
  PID:6628
- C:\Windows\System\GQHmiiB.exe
  C:\Windows\System\GQHmiiB.exe
  2⤵
  PID:6648
- C:\Windows\System\uxxkCFM.exe
  C:\Windows\System\uxxkCFM.exe
  2⤵
  PID:6664
- C:\Windows\System\WTRRerB.exe
  C:\Windows\System\WTRRerB.exe
  2⤵
  PID:6692
- C:\Windows\System\gRczPvB.exe
  C:\Windows\System\gRczPvB.exe
  2⤵
  PID:6716
- C:\Windows\System\fWwvMEu.exe
  C:\Windows\System\fWwvMEu.exe
  2⤵
  PID:6736
- C:\Windows\System\ceqQBLc.exe
  C:\Windows\System\ceqQBLc.exe
  2⤵
  PID:6752
- C:\Windows\System\PxTgbAe.exe
  C:\Windows\System\PxTgbAe.exe
  2⤵
  PID:6772
- C:\Windows\System\NeZhVGz.exe
  C:\Windows\System\NeZhVGz.exe
  2⤵
  PID:6796
- C:\Windows\System\mLiRqNu.exe
  C:\Windows\System\mLiRqNu.exe
  2⤵
  PID:6812
- C:\Windows\System\pLosKlY.exe
  C:\Windows\System\pLosKlY.exe
  2⤵
  PID:6828
- C:\Windows\System\UYWAiWL.exe
  C:\Windows\System\UYWAiWL.exe
  2⤵
  PID:6844
- C:\Windows\System\MDYBlft.exe
  C:\Windows\System\MDYBlft.exe
  2⤵
  PID:6860
- C:\Windows\System\FcXzUch.exe
  C:\Windows\System\FcXzUch.exe
  2⤵
  PID:6876
- C:\Windows\System\hYNNrli.exe
  C:\Windows\System\hYNNrli.exe
  2⤵
  PID:6900
- C:\Windows\System\SwdPCzp.exe
  C:\Windows\System\SwdPCzp.exe
  2⤵
  PID:6920
- C:\Windows\System\IktBEwY.exe
  C:\Windows\System\IktBEwY.exe
  2⤵
  PID:6960
- C:\Windows\System\AkutCvr.exe
  C:\Windows\System\AkutCvr.exe
  2⤵
  PID:6976
- C:\Windows\System\fBMBJGo.exe
  C:\Windows\System\fBMBJGo.exe
  2⤵
  PID:6992
- C:\Windows\System\mEGDafL.exe
  C:\Windows\System\mEGDafL.exe
  2⤵
  PID:7008
- C:\Windows\System\PhapXBF.exe
  C:\Windows\System\PhapXBF.exe
  2⤵
  PID:7024
- C:\Windows\System\OyvlnNk.exe
  C:\Windows\System\OyvlnNk.exe
  2⤵
  PID:7040
- C:\Windows\System\mVsRsZZ.exe
  C:\Windows\System\mVsRsZZ.exe
  2⤵
  PID:7056
- C:\Windows\System\gQORTLt.exe
  C:\Windows\System\gQORTLt.exe
  2⤵
  PID:7072
- C:\Windows\System\AzdoKAe.exe
  C:\Windows\System\AzdoKAe.exe
  2⤵
  PID:7088
- C:\Windows\System\mkbhTLf.exe
  C:\Windows\System\mkbhTLf.exe
  2⤵
  PID:7112
- C:\Windows\System\JyMhQnw.exe
  C:\Windows\System\JyMhQnw.exe
  2⤵
  PID:7128
- C:\Windows\System\ltUuMag.exe
  C:\Windows\System\ltUuMag.exe
  2⤵
  PID:7148
- C:\Windows\System\hbGSQWY.exe
  C:\Windows\System\hbGSQWY.exe
  2⤵
  PID:7164
- C:\Windows\System\qtcIBmp.exe
  C:\Windows\System\qtcIBmp.exe
  2⤵
  PID:6228
- C:\Windows\System\ldQqbzG.exe
  C:\Windows\System\ldQqbzG.exe
  2⤵
  PID:6172
- C:\Windows\System\RoPTIif.exe
  C:\Windows\System\RoPTIif.exe
  2⤵
  PID:6212
- C:\Windows\System\dhllrTH.exe
  C:\Windows\System\dhllrTH.exe
  2⤵
  PID:5356
- C:\Windows\System\Ntzpqtg.exe
  C:\Windows\System\Ntzpqtg.exe
  2⤵
  PID:5192
- C:\Windows\System\vZmJlJg.exe
  C:\Windows\System\vZmJlJg.exe
  2⤵
  PID:5476
- C:\Windows\System\dUjDZok.exe
  C:\Windows\System\dUjDZok.exe
  2⤵
  PID:6284
- C:\Windows\System\XoeiRdF.exe
  C:\Windows\System\XoeiRdF.exe
  2⤵
  PID:6300
- C:\Windows\System\njGPvxK.exe
  C:\Windows\System\njGPvxK.exe
  2⤵
  PID:6368
- C:\Windows\System\BsWPETq.exe
  C:\Windows\System\BsWPETq.exe
  2⤵
  PID:6412
- C:\Windows\System\bPTCPWj.exe
  C:\Windows\System\bPTCPWj.exe
  2⤵
  PID:6384
- C:\Windows\System\DYqsruK.exe
  C:\Windows\System\DYqsruK.exe
  2⤵
  PID:6428
- C:\Windows\System\VBHyolB.exe
  C:\Windows\System\VBHyolB.exe
  2⤵
  PID:6472
- C:\Windows\System\GcgMOck.exe
  C:\Windows\System\GcgMOck.exe
  2⤵
  PID:6504
- C:\Windows\System\LMTwMZe.exe
  C:\Windows\System\LMTwMZe.exe
  2⤵
  PID:6528
- C:\Windows\System\ONQPwFy.exe
  C:\Windows\System\ONQPwFy.exe
  2⤵
  PID:6580
- C:\Windows\System\lDiaolp.exe
  C:\Windows\System\lDiaolp.exe
  2⤵
  PID:6640
- C:\Windows\System\hZBIcnz.exe
  C:\Windows\System\hZBIcnz.exe
  2⤵
  PID:6704
- C:\Windows\System\cFFSOHg.exe
  C:\Windows\System\cFFSOHg.exe
  2⤵
  PID:6744
- C:\Windows\System\iiqsjZw.exe
  C:\Windows\System\iiqsjZw.exe
  2⤵
  PID:6596
- C:\Windows\System\EvUYsnH.exe
  C:\Windows\System\EvUYsnH.exe
  2⤵
  PID:6688
- C:\Windows\System\IXzCGAi.exe
  C:\Windows\System\IXzCGAi.exe
  2⤵
  PID:6824
- C:\Windows\System\dNPYOUj.exe
  C:\Windows\System\dNPYOUj.exe
  2⤵
  PID:6768
- C:\Windows\System\qedWOiB.exe
  C:\Windows\System\qedWOiB.exe
  2⤵
  PID:6888
- C:\Windows\System\gaoWRnP.exe
  C:\Windows\System\gaoWRnP.exe
  2⤵
  PID:6928
- C:\Windows\System\ekeBbix.exe
  C:\Windows\System\ekeBbix.exe
  2⤵
  PID:6948
- C:\Windows\System\orMlFfM.exe
  C:\Windows\System\orMlFfM.exe
  2⤵
  PID:6836
- C:\Windows\System\OpkyuZO.exe
  C:\Windows\System\OpkyuZO.exe
  2⤵
  PID:6932
- C:\Windows\System\DejKdUg.exe
  C:\Windows\System\DejKdUg.exe
  2⤵
  PID:7000
- C:\Windows\System\InvPbXD.exe
  C:\Windows\System\InvPbXD.exe
  2⤵
  PID:6984
- C:\Windows\System\lItLksu.exe
  C:\Windows\System\lItLksu.exe
  2⤵
  PID:7048
- C:\Windows\System\LxyHFQx.exe
  C:\Windows\System\LxyHFQx.exe
  2⤵
  PID:7084
- C:\Windows\System\KVuaylG.exe
  C:\Windows\System\KVuaylG.exe
  2⤵
  PID:7140
- C:\Windows\System\xfpaOrg.exe
  C:\Windows\System\xfpaOrg.exe
  2⤵
  PID:7104
- C:\Windows\System\MaTQvnV.exe
  C:\Windows\System\MaTQvnV.exe
  2⤵
  PID:5256
- C:\Windows\System\EbJKwxy.exe
  C:\Windows\System\EbJKwxy.exe
  2⤵
  PID:5860
- C:\Windows\System\tTpAhVX.exe
  C:\Windows\System\tTpAhVX.exe
  2⤵
  PID:6224
- C:\Windows\System\KJKmdap.exe
  C:\Windows\System\KJKmdap.exe
  2⤵
  PID:6352
- C:\Windows\System\IXelXyI.exe
  C:\Windows\System\IXelXyI.exe
  2⤵
  PID:6484
- C:\Windows\System\eOwhVzn.exe
  C:\Windows\System\eOwhVzn.exe
  2⤵
  PID:6364
- C:\Windows\System\qLGNDCr.exe
  C:\Windows\System\qLGNDCr.exe
  2⤵
  PID:6268
- C:\Windows\System\shsgctI.exe
  C:\Windows\System\shsgctI.exe
  2⤵
  PID:6516
- C:\Windows\System\PrMevcA.exe
  C:\Windows\System\PrMevcA.exe
  2⤵
  PID:6636
- C:\Windows\System\reFDLPK.exe
  C:\Windows\System\reFDLPK.exe
  2⤵
  PID:6548
- C:\Windows\System\sLZuxxb.exe
  C:\Windows\System\sLZuxxb.exe
  2⤵
  PID:6560
- C:\Windows\System\PjLNhOH.exe
  C:\Windows\System\PjLNhOH.exe
  2⤵
  PID:6712
- C:\Windows\System\wCGMeHy.exe
  C:\Windows\System\wCGMeHy.exe
  2⤵
  PID:6732
- C:\Windows\System\eCLXlOB.exe
  C:\Windows\System\eCLXlOB.exe
  2⤵
  PID:6672
- C:\Windows\System\SIqYGtf.exe
  C:\Windows\System\SIqYGtf.exe
  2⤵
  PID:6884
- C:\Windows\System\IyQurhO.exe
  C:\Windows\System\IyQurhO.exe
  2⤵
  PID:6872
- C:\Windows\System\rBDoZGf.exe
  C:\Windows\System\rBDoZGf.exe
  2⤵
  PID:5524
- C:\Windows\System\BrZdaXZ.exe
  C:\Windows\System\BrZdaXZ.exe
  2⤵
  PID:6072
- C:\Windows\System\HDpSkmY.exe
  C:\Windows\System\HDpSkmY.exe
  2⤵
  PID:7016
- C:\Windows\System\irgYyFU.exe
  C:\Windows\System\irgYyFU.exe
  2⤵
  PID:6912
- C:\Windows\System\yRFwIIU.exe
  C:\Windows\System\yRFwIIU.exe
  2⤵
  PID:6760
- C:\Windows\System\sFWlyld.exe
  C:\Windows\System\sFWlyld.exe
  2⤵
  PID:5720
- C:\Windows\System\mFBQZCc.exe
  C:\Windows\System\mFBQZCc.exe
  2⤵
  PID:6320
- C:\Windows\System\NLhAoGf.exe
  C:\Windows\System\NLhAoGf.exe
  2⤵
  PID:6440
- C:\Windows\System\ymJmPQA.exe
  C:\Windows\System\ymJmPQA.exe
  2⤵
  PID:6496
- C:\Windows\System\gufdYJW.exe
  C:\Windows\System\gufdYJW.exe
  2⤵
  PID:6388
- C:\Windows\System\mXpMbzS.exe
  C:\Windows\System\mXpMbzS.exe
  2⤵
  PID:6700
- C:\Windows\System\ItQMifD.exe
  C:\Windows\System\ItQMifD.exe
  2⤵
  PID:7096
- C:\Windows\System\ojQISbM.exe
  C:\Windows\System\ojQISbM.exe
  2⤵
  PID:6764
- C:\Windows\System\eQnBVXJ.exe
  C:\Windows\System\eQnBVXJ.exe
  2⤵
  PID:7036
- C:\Windows\System\CaTpsZt.exe
  C:\Windows\System\CaTpsZt.exe
  2⤵
  PID:6616
- C:\Windows\System\DDbedwC.exe
  C:\Windows\System\DDbedwC.exe
  2⤵
  PID:6788
- C:\Windows\System\fxgLXey.exe
  C:\Windows\System\fxgLXey.exe
  2⤵
  PID:7124
- C:\Windows\System\nLtDIhM.exe
  C:\Windows\System\nLtDIhM.exe
  2⤵
  PID:7160
- C:\Windows\System\qCocUDR.exe
  C:\Windows\System\qCocUDR.exe
  2⤵
  PID:6896
- C:\Windows\System\niUSmQQ.exe
  C:\Windows\System\niUSmQQ.exe
  2⤵
  PID:6192
- C:\Windows\System\xqWXNSM.exe
  C:\Windows\System\xqWXNSM.exe
  2⤵
  PID:6068
- C:\Windows\System\hxjjQKx.exe
  C:\Windows\System\hxjjQKx.exe
  2⤵
  PID:5972
- C:\Windows\System\BDDWujU.exe
  C:\Windows\System\BDDWujU.exe
  2⤵
  PID:7172
- C:\Windows\System\hERaUVb.exe
  C:\Windows\System\hERaUVb.exe
  2⤵
  PID:7188
- C:\Windows\System\EOeMmwl.exe
  C:\Windows\System\EOeMmwl.exe
  2⤵
  PID:7204
- C:\Windows\System\mUQpvVs.exe
  C:\Windows\System\mUQpvVs.exe
  2⤵
  PID:7220
- C:\Windows\System\nhXSYyc.exe
  C:\Windows\System\nhXSYyc.exe
  2⤵
  PID:7240
- C:\Windows\System\bUOTRik.exe
  C:\Windows\System\bUOTRik.exe
  2⤵
  PID:7256
- C:\Windows\System\HWcaFkL.exe
  C:\Windows\System\HWcaFkL.exe
  2⤵
  PID:7276
- C:\Windows\System\CGWVnGu.exe
  C:\Windows\System\CGWVnGu.exe
  2⤵
  PID:7292
- C:\Windows\System\rAqOzxt.exe
  C:\Windows\System\rAqOzxt.exe
  2⤵
  PID:7312
- C:\Windows\System\ONLxDGf.exe
  C:\Windows\System\ONLxDGf.exe
  2⤵
  PID:7328
- C:\Windows\System\DgucwKv.exe
  C:\Windows\System\DgucwKv.exe
  2⤵
  PID:7348
- C:\Windows\System\CQFGthK.exe
  C:\Windows\System\CQFGthK.exe
  2⤵
  PID:7380
- C:\Windows\System\KfZnBxP.exe
  C:\Windows\System\KfZnBxP.exe
  2⤵
  PID:7404
- C:\Windows\System\UhRHNAx.exe
  C:\Windows\System\UhRHNAx.exe
  2⤵
  PID:7432
- C:\Windows\System\TEtpfoD.exe
  C:\Windows\System\TEtpfoD.exe
  2⤵
  PID:7468
- C:\Windows\System\DCplvjb.exe
  C:\Windows\System\DCplvjb.exe
  2⤵
  PID:7520
- C:\Windows\System\TYBjvAk.exe
  C:\Windows\System\TYBjvAk.exe
  2⤵
  PID:7536
- C:\Windows\System\gWouAHo.exe
  C:\Windows\System\gWouAHo.exe
  2⤵
  PID:7552
- C:\Windows\System\WhMGrFu.exe
  C:\Windows\System\WhMGrFu.exe
  2⤵
  PID:7568
- C:\Windows\System\ySPmCns.exe
  C:\Windows\System\ySPmCns.exe
  2⤵
  PID:7616
- C:\Windows\System\sNJESdB.exe
  C:\Windows\System\sNJESdB.exe
  2⤵
  PID:7632
- C:\Windows\System\dViwZrG.exe
  C:\Windows\System\dViwZrG.exe
  2⤵
  PID:7656
- C:\Windows\System\wVGrrGB.exe
  C:\Windows\System\wVGrrGB.exe
  2⤵
  PID:7672
- C:\Windows\System\FwlygYa.exe
  C:\Windows\System\FwlygYa.exe
  2⤵
  PID:7692
- C:\Windows\System\LQCHvjp.exe
  C:\Windows\System\LQCHvjp.exe
  2⤵
  PID:7716
- C:\Windows\System\XXfaISn.exe
  C:\Windows\System\XXfaISn.exe
  2⤵
  PID:7732
- C:\Windows\System\OhLqCrO.exe
  C:\Windows\System\OhLqCrO.exe
  2⤵
  PID:7748
- C:\Windows\System\ZrASOjM.exe
  C:\Windows\System\ZrASOjM.exe
  2⤵
  PID:7768
- C:\Windows\System\lCIgriD.exe
  C:\Windows\System\lCIgriD.exe
  2⤵
  PID:7784
- C:\Windows\System\DLZTkvM.exe
  C:\Windows\System\DLZTkvM.exe
  2⤵
  PID:7800
- C:\Windows\System\KKUtKOD.exe
  C:\Windows\System\KKUtKOD.exe
  2⤵
  PID:7816
- C:\Windows\System\UPRgRWZ.exe
  C:\Windows\System\UPRgRWZ.exe
  2⤵
  PID:7832
- C:\Windows\System\zeqZlsV.exe
  C:\Windows\System\zeqZlsV.exe
  2⤵
  PID:7848
- C:\Windows\System\QoPRZYf.exe
  C:\Windows\System\QoPRZYf.exe
  2⤵
  PID:7864
- C:\Windows\System\lDUbkYE.exe
  C:\Windows\System\lDUbkYE.exe
  2⤵
  PID:7880
- C:\Windows\System\kAZsRHK.exe
  C:\Windows\System\kAZsRHK.exe
  2⤵
  PID:7908
- C:\Windows\System\CXVEOQU.exe
  C:\Windows\System\CXVEOQU.exe
  2⤵
  PID:7924
- C:\Windows\System\ndVyAsM.exe
  C:\Windows\System\ndVyAsM.exe
  2⤵
  PID:7940
- C:\Windows\System\oMIhsqk.exe
  C:\Windows\System\oMIhsqk.exe
  2⤵
  PID:7964
- C:\Windows\System\JdrVXSV.exe
  C:\Windows\System\JdrVXSV.exe
  2⤵
  PID:7984
- C:\Windows\System\Imsnfbz.exe
  C:\Windows\System\Imsnfbz.exe
  2⤵
  PID:8020
- C:\Windows\System\fDZbQKy.exe
  C:\Windows\System\fDZbQKy.exe
  2⤵
  PID:8040
- C:\Windows\System\ZHMTDBX.exe
  C:\Windows\System\ZHMTDBX.exe
  2⤵
  PID:8056
- C:\Windows\System\EUrFsvs.exe
  C:\Windows\System\EUrFsvs.exe
  2⤵
  PID:8092
- C:\Windows\System\niBFgIf.exe
  C:\Windows\System\niBFgIf.exe
  2⤵
  PID:8108
- C:\Windows\System\LCvhXLZ.exe
  C:\Windows\System\LCvhXLZ.exe
  2⤵
  PID:8124
- C:\Windows\System\SuJtrjL.exe
  C:\Windows\System\SuJtrjL.exe
  2⤵
  PID:8144
- C:\Windows\System\MxWegfd.exe
  C:\Windows\System\MxWegfd.exe
  2⤵
  PID:8164
- C:\Windows\System\POWijfG.exe
  C:\Windows\System\POWijfG.exe
  2⤵
  PID:7136
- C:\Windows\System\whfXTdA.exe
  C:\Windows\System\whfXTdA.exe
  2⤵
  PID:6684
- C:\Windows\System\ZNPhUPw.exe
  C:\Windows\System\ZNPhUPw.exe
  2⤵
  PID:6180
- C:\Windows\System\yAksLVa.exe
  C:\Windows\System\yAksLVa.exe
  2⤵
  PID:7216
- C:\Windows\System\nqQZKZc.exe
  C:\Windows\System\nqQZKZc.exe
  2⤵
  PID:7356
- C:\Windows\System\UheWczi.exe
  C:\Windows\System\UheWczi.exe
  2⤵
  PID:7372
- C:\Windows\System\Djsieac.exe
  C:\Windows\System\Djsieac.exe
  2⤵
  PID:5572
- C:\Windows\System\CwtQfSS.exe
  C:\Windows\System\CwtQfSS.exe
  2⤵
  PID:7424
- C:\Windows\System\YOZtsBz.exe
  C:\Windows\System\YOZtsBz.exe
  2⤵
  PID:7340
- C:\Windows\System\zYESpmA.exe
  C:\Windows\System\zYESpmA.exe
  2⤵
  PID:5576
- C:\Windows\System\UfLBvOH.exe
  C:\Windows\System\UfLBvOH.exe
  2⤵
  PID:7268
- C:\Windows\System\vOMgFYe.exe
  C:\Windows\System\vOMgFYe.exe
  2⤵
  PID:7392
- C:\Windows\System\wqisZnl.exe
  C:\Windows\System\wqisZnl.exe
  2⤵
  PID:7400
- C:\Windows\System\eMRGYOx.exe
  C:\Windows\System\eMRGYOx.exe
  2⤵
  PID:7484
- C:\Windows\System\lbGPrVa.exe
  C:\Windows\System\lbGPrVa.exe
  2⤵
  PID:6244
- C:\Windows\System\DiQIBpg.exe
  C:\Windows\System\DiQIBpg.exe
  2⤵
  PID:7512
- C:\Windows\System\twfsodT.exe
  C:\Windows\System\twfsodT.exe
  2⤵
  PID:7576
- C:\Windows\System\BfImidU.exe
  C:\Windows\System\BfImidU.exe
  2⤵
  PID:7600
- C:\Windows\System\jagQkyf.exe
  C:\Windows\System\jagQkyf.exe
  2⤵
  PID:7612
- C:\Windows\System\AvYBrOm.exe
  C:\Windows\System\AvYBrOm.exe
  2⤵
  PID:7564
- C:\Windows\System\ZBzqCty.exe
  C:\Windows\System\ZBzqCty.exe
  2⤵
  PID:7652
- C:\Windows\System\fpQtADx.exe
  C:\Windows\System\fpQtADx.exe
  2⤵
  PID:7668
- C:\Windows\System\noGpkUy.exe
  C:\Windows\System\noGpkUy.exe
  2⤵
  PID:7704
- C:\Windows\System\TOorsSa.exe
  C:\Windows\System\TOorsSa.exe
  2⤵
  PID:7792
- C:\Windows\System\zGyVCkX.exe
  C:\Windows\System\zGyVCkX.exe
  2⤵
  PID:7888
- C:\Windows\System\DgOCfSO.exe
  C:\Windows\System\DgOCfSO.exe
  2⤵
  PID:7904
- C:\Windows\System\BNDUmMf.exe
  C:\Windows\System\BNDUmMf.exe
  2⤵
  PID:7980
- C:\Windows\System\ALfWAgF.exe
  C:\Windows\System\ALfWAgF.exe
  2⤵
  PID:7872
- C:\Windows\System\rorlINm.exe
  C:\Windows\System\rorlINm.exe
  2⤵
  PID:7744
- C:\Windows\System\LpJMYpE.exe
  C:\Windows\System\LpJMYpE.exe
  2⤵
  PID:7992
- C:\Windows\System\lXozBFa.exe
  C:\Windows\System\lXozBFa.exe
  2⤵
  PID:8008
- C:\Windows\System\UWuIxJs.exe
  C:\Windows\System\UWuIxJs.exe
  2⤵
  PID:8036
- C:\Windows\System\zAGyogK.exe
  C:\Windows\System\zAGyogK.exe
  2⤵
  PID:8080
- C:\Windows\System\nkXEYru.exe
  C:\Windows\System\nkXEYru.exe
  2⤵
  PID:8152
- C:\Windows\System\zdEFqDY.exe
  C:\Windows\System\zdEFqDY.exe
  2⤵
  PID:8104
- C:\Windows\System\hAyoWJL.exe
  C:\Windows\System\hAyoWJL.exe
  2⤵
  PID:8172
- C:\Windows\System\FERzOrN.exe
  C:\Windows\System\FERzOrN.exe
  2⤵
  PID:8180
- C:\Windows\System\NlVHnbf.exe
  C:\Windows\System\NlVHnbf.exe
  2⤵
  PID:6336
- C:\Windows\System\WuPsrVS.exe
  C:\Windows\System\WuPsrVS.exe
  2⤵
  PID:7284
- C:\Windows\System\sqKaipK.exe
  C:\Windows\System\sqKaipK.exe
  2⤵
  PID:7416
- C:\Windows\System\noablMt.exe
  C:\Windows\System\noablMt.exe
  2⤵
  PID:6156
- C:\Windows\System\ImLuHDV.exe
  C:\Windows\System\ImLuHDV.exe
  2⤵
  PID:7228
- C:\Windows\System\aXrGJvn.exe
  C:\Windows\System\aXrGJvn.exe
  2⤵
  PID:6608
- C:\Windows\System\cVjIfOm.exe
  C:\Windows\System\cVjIfOm.exe
  2⤵
  PID:6456
- C:\Windows\System\ckdYSZv.exe
  C:\Windows\System\ckdYSZv.exe
  2⤵
  PID:7532
- C:\Windows\System\LSfWEvs.exe
  C:\Windows\System\LSfWEvs.exe
  2⤵
  PID:7664
- C:\Windows\System\olrJYwN.exe
  C:\Windows\System\olrJYwN.exe
  2⤵
  PID:7544
- C:\Windows\System\mkUHLSq.exe
  C:\Windows\System\mkUHLSq.exe
  2⤵
  PID:7760
- C:\Windows\System\mSekABl.exe
  C:\Windows\System\mSekABl.exe
  2⤵
  PID:7608
- C:\Windows\System\ADgDAxd.exe
  C:\Windows\System\ADgDAxd.exe
  2⤵
  PID:7824
- C:\Windows\System\dwIWgnt.exe
  C:\Windows\System\dwIWgnt.exe
  2⤵
  PID:7976
- C:\Windows\System\qTXLDTY.exe
  C:\Windows\System\qTXLDTY.exe
  2⤵
  PID:7948
- C:\Windows\System\AHSPZMr.exe
  C:\Windows\System\AHSPZMr.exe
  2⤵
  PID:8004
- C:\Windows\System\lpuhTJN.exe
  C:\Windows\System\lpuhTJN.exe
  2⤵
  PID:8032
- C:\Windows\System\UNvGhbR.exe
  C:\Windows\System\UNvGhbR.exe
  2⤵
  PID:8068
- C:\Windows\System\ovZgbAc.exe
  C:\Windows\System\ovZgbAc.exe
  2⤵
  PID:6592
- C:\Windows\System\hBBdlor.exe
  C:\Windows\System\hBBdlor.exe
  2⤵
  PID:7288
- C:\Windows\System\CUaIkeR.exe
  C:\Windows\System\CUaIkeR.exe
  2⤵
  PID:8184
- C:\Windows\System\CDXwNHQ.exe
  C:\Windows\System\CDXwNHQ.exe
  2⤵
  PID:5344
- C:\Windows\System\aOALDVD.exe
  C:\Windows\System\aOALDVD.exe
  2⤵
  PID:7396
- C:\Windows\System\TsREODG.exe
  C:\Windows\System\TsREODG.exe
  2⤵
  PID:7508
- C:\Windows\System\eXBgEVn.exe
  C:\Windows\System\eXBgEVn.exe
  2⤵
  PID:7728
- C:\Windows\System\iPSnlPe.exe
  C:\Windows\System\iPSnlPe.exe
  2⤵
  PID:7856
- C:\Windows\System\hlkkcyr.exe
  C:\Windows\System\hlkkcyr.exe
  2⤵
  PID:7700
- C:\Windows\System\XYauQXd.exe
  C:\Windows\System\XYauQXd.exe
  2⤵
  PID:7548
- C:\Windows\System\vLzTUNs.exe
  C:\Windows\System\vLzTUNs.exe
  2⤵
  PID:7780
- C:\Windows\System\POQkBnx.exe
  C:\Windows\System\POQkBnx.exe
  2⤵
  PID:7324
- C:\Windows\System\NmMKpls.exe
  C:\Windows\System\NmMKpls.exe
  2⤵
  PID:7368
- C:\Windows\System\kYwqrgu.exe
  C:\Windows\System\kYwqrgu.exe
  2⤵
  PID:6196
- C:\Windows\System\XDIrWLL.exe
  C:\Windows\System\XDIrWLL.exe
  2⤵
  PID:6500
- C:\Windows\System\ioLxfqT.exe
  C:\Windows\System\ioLxfqT.exe
  2⤵
  PID:7596
- C:\Windows\System\TlFEgOK.exe
  C:\Windows\System\TlFEgOK.exe
  2⤵
  PID:7592
- C:\Windows\System\oOqArwB.exe
  C:\Windows\System\oOqArwB.exe
  2⤵
  PID:7956
- C:\Windows\System\yxufYpi.exe
  C:\Windows\System\yxufYpi.exe
  2⤵
  PID:7740
- C:\Windows\System\DYqnmVF.exe
  C:\Windows\System\DYqnmVF.exe
  2⤵
  PID:8016
- C:\Windows\System\NKOsHZR.exe
  C:\Windows\System\NKOsHZR.exe
  2⤵
  PID:6332
- C:\Windows\System\qKhcfIF.exe
  C:\Windows\System\qKhcfIF.exe
  2⤵
  PID:8116
- C:\Windows\System\LsVBNMs.exe
  C:\Windows\System\LsVBNMs.exe
  2⤵
  PID:7624
- C:\Windows\System\dQgIklX.exe
  C:\Windows\System\dQgIklX.exe
  2⤵
  PID:7724
- C:\Windows\System\VGbhMCW.exe
  C:\Windows\System\VGbhMCW.exe
  2⤵
  PID:7860
- C:\Windows\System\AzuMDWf.exe
  C:\Windows\System\AzuMDWf.exe
  2⤵
  PID:8208
- C:\Windows\System\hJRSbbD.exe
  C:\Windows\System\hJRSbbD.exe
  2⤵
  PID:8236
- C:\Windows\System\UFMHXoa.exe
  C:\Windows\System\UFMHXoa.exe
  2⤵
  PID:8256
- C:\Windows\System\DzQwcYm.exe
  C:\Windows\System\DzQwcYm.exe
  2⤵
  PID:8284
- C:\Windows\System\rNhriqL.exe
  C:\Windows\System\rNhriqL.exe
  2⤵
  PID:8332
- C:\Windows\System\gvdSEAj.exe
  C:\Windows\System\gvdSEAj.exe
  2⤵
  PID:8348
- C:\Windows\System\DxtkaZd.exe
  C:\Windows\System\DxtkaZd.exe
  2⤵
  PID:8372
- C:\Windows\System\XfsSDOM.exe
  C:\Windows\System\XfsSDOM.exe
  2⤵
  PID:8392
- C:\Windows\System\MrViujC.exe
  C:\Windows\System\MrViujC.exe
  2⤵
  PID:8412
- C:\Windows\System\MzyEqsd.exe
  C:\Windows\System\MzyEqsd.exe
  2⤵
  PID:8428
- C:\Windows\System\UIqrVKQ.exe
  C:\Windows\System\UIqrVKQ.exe
  2⤵
  PID:8444
- C:\Windows\System\JAUSKDq.exe
  C:\Windows\System\JAUSKDq.exe
  2⤵
  PID:8472
- C:\Windows\System\RcvdVzE.exe
  C:\Windows\System\RcvdVzE.exe
  2⤵
  PID:8488
- C:\Windows\System\vrtDYRF.exe
  C:\Windows\System\vrtDYRF.exe
  2⤵
  PID:8520
- C:\Windows\System\zmfNWIU.exe
  C:\Windows\System\zmfNWIU.exe
  2⤵
  PID:8536
- C:\Windows\System\ZBwwCJE.exe
  C:\Windows\System\ZBwwCJE.exe
  2⤵
  PID:8552
- C:\Windows\System\SpuMWIR.exe
  C:\Windows\System\SpuMWIR.exe
  2⤵
  PID:8576
- C:\Windows\System\SdLaeMg.exe
  C:\Windows\System\SdLaeMg.exe
  2⤵
  PID:8592
- C:\Windows\System\dXSSkcs.exe
  C:\Windows\System\dXSSkcs.exe
  2⤵
  PID:8612
- C:\Windows\System\ujraXHv.exe
  C:\Windows\System\ujraXHv.exe
  2⤵
  PID:8632
- C:\Windows\System\OqmmUfs.exe
  C:\Windows\System\OqmmUfs.exe
  2⤵
  PID:8660
- C:\Windows\System\raGRpzY.exe
  C:\Windows\System\raGRpzY.exe
  2⤵
  PID:8676
- C:\Windows\System\eqiGmHW.exe
  C:\Windows\System\eqiGmHW.exe
  2⤵
  PID:8696
- C:\Windows\System\zMIGmkp.exe
  C:\Windows\System\zMIGmkp.exe
  2⤵
  PID:8712
- C:\Windows\System\IyAMyNf.exe
  C:\Windows\System\IyAMyNf.exe
  2⤵
  PID:8744
- C:\Windows\System\dNjPAtO.exe
  C:\Windows\System\dNjPAtO.exe
  2⤵
  PID:8764
- C:\Windows\System\QGNoxpK.exe
  C:\Windows\System\QGNoxpK.exe
  2⤵
  PID:8780
- C:\Windows\System\JthBxrm.exe
  C:\Windows\System\JthBxrm.exe
  2⤵
  PID:8796
- C:\Windows\System\UiOUYha.exe
  C:\Windows\System\UiOUYha.exe
  2⤵
  PID:8820
- C:\Windows\System\RTNzzXN.exe
  C:\Windows\System\RTNzzXN.exe
  2⤵
  PID:8840
- C:\Windows\System\TfvnTou.exe
  C:\Windows\System\TfvnTou.exe
  2⤵
  PID:8856
- C:\Windows\System\ApfjfHB.exe
  C:\Windows\System\ApfjfHB.exe
  2⤵
  PID:8880
- C:\Windows\System\jHsSjmV.exe
  C:\Windows\System\jHsSjmV.exe
  2⤵
  PID:8896
- C:\Windows\System\gNNeaPe.exe
  C:\Windows\System\gNNeaPe.exe
  2⤵
  PID:8928
- C:\Windows\System\rHuthnb.exe
  C:\Windows\System\rHuthnb.exe
  2⤵
  PID:8944
- C:\Windows\System\HAwxxuq.exe
  C:\Windows\System\HAwxxuq.exe
  2⤵
  PID:8964
- C:\Windows\System\CWwLCJi.exe
  C:\Windows\System\CWwLCJi.exe
  2⤵
  PID:8988
- C:\Windows\System\mXzbihk.exe
  C:\Windows\System\mXzbihk.exe
  2⤵
  PID:9008
- C:\Windows\System\YnXTbCV.exe
  C:\Windows\System\YnXTbCV.exe
  2⤵
  PID:9024
- C:\Windows\System\SxXrpcy.exe
  C:\Windows\System\SxXrpcy.exe
  2⤵
  PID:9044
- C:\Windows\System\cmRaONI.exe
  C:\Windows\System\cmRaONI.exe
  2⤵
  PID:9072
- C:\Windows\System\phdWOra.exe
  C:\Windows\System\phdWOra.exe
  2⤵
  PID:9092
- C:\Windows\System\YgbJAJV.exe
  C:\Windows\System\YgbJAJV.exe
  2⤵
  PID:9108
- C:\Windows\System\BChTKoU.exe
  C:\Windows\System\BChTKoU.exe
  2⤵
  PID:9128
- C:\Windows\System\fqDYufk.exe
  C:\Windows\System\fqDYufk.exe
  2⤵
  PID:9144
- C:\Windows\System\wlqvSfy.exe
  C:\Windows\System\wlqvSfy.exe
  2⤵
  PID:9160
- C:\Windows\System\TYEaBlY.exe
  C:\Windows\System\TYEaBlY.exe
  2⤵
  PID:9184
- C:\Windows\System\mQTqhHZ.exe
  C:\Windows\System\mQTqhHZ.exe
  2⤵
  PID:9204
- C:\Windows\System\hYOOmzN.exe
  C:\Windows\System\hYOOmzN.exe
  2⤵
  PID:7708
- C:\Windows\System\WsPgPLH.exe
  C:\Windows\System\WsPgPLH.exe
  2⤵
  PID:8140
- C:\Windows\System\eEglteQ.exe
  C:\Windows\System\eEglteQ.exe
  2⤵
  PID:7580
- C:\Windows\System\cvzrvsS.exe
  C:\Windows\System\cvzrvsS.exe
  2⤵
  PID:8232
- C:\Windows\System\NuSHydm.exe
  C:\Windows\System\NuSHydm.exe
  2⤵
  PID:8264
- C:\Windows\System\AjJOFTd.exe
  C:\Windows\System\AjJOFTd.exe
  2⤵
  PID:8276
- C:\Windows\System\NoqRDks.exe
  C:\Windows\System\NoqRDks.exe
  2⤵
  PID:8328
- C:\Windows\System\cFRVzcM.exe
  C:\Windows\System\cFRVzcM.exe
  2⤵
  PID:8344
- C:\Windows\System\CNSZTql.exe
  C:\Windows\System\CNSZTql.exe
  2⤵
  PID:8384
- C:\Windows\System\NJBsQXO.exe
  C:\Windows\System\NJBsQXO.exe
  2⤵
  PID:8252
- C:\Windows\System\RuQzyAo.exe
  C:\Windows\System\RuQzyAo.exe
  2⤵
  PID:8436
- C:\Windows\System\BBsCZjp.exe
  C:\Windows\System\BBsCZjp.exe
  2⤵
  PID:8480
- C:\Windows\System\wOtBUfT.exe
  C:\Windows\System\wOtBUfT.exe
  2⤵
  PID:8512
- C:\Windows\System\KeAqbCb.exe
  C:\Windows\System\KeAqbCb.exe
  2⤵
  PID:8600
- C:\Windows\System\eofuKkQ.exe
  C:\Windows\System\eofuKkQ.exe
  2⤵
  PID:8548
- C:\Windows\System\ffnEFoH.exe
  C:\Windows\System\ffnEFoH.exe
  2⤵
  PID:8588
- C:\Windows\System\ofsjSPY.exe
  C:\Windows\System\ofsjSPY.exe
  2⤵
  PID:8648
- C:\Windows\System\tHDqpuG.exe
  C:\Windows\System\tHDqpuG.exe
  2⤵
  PID:8688
- C:\Windows\System\fRYMKIn.exe
  C:\Windows\System\fRYMKIn.exe
  2⤵
  PID:8708
- C:\Windows\System\xVbGcVT.exe
  C:\Windows\System\xVbGcVT.exe
  2⤵
  PID:8732
- C:\Windows\System\pALhNBk.exe
  C:\Windows\System\pALhNBk.exe
  2⤵
  PID:8776
- C:\Windows\System\TvpRXkX.exe
  C:\Windows\System\TvpRXkX.exe
  2⤵
  PID:8816
- C:\Windows\System\XiycBpa.exe
  C:\Windows\System\XiycBpa.exe
  2⤵
  PID:8832
- C:\Windows\System\EuNOVdu.exe
  C:\Windows\System\EuNOVdu.exe
  2⤵
  PID:8888
- C:\Windows\System\MhbyOli.exe
  C:\Windows\System\MhbyOli.exe
  2⤵
  PID:8924
- C:\Windows\System\VpYjTki.exe
  C:\Windows\System\VpYjTki.exe
  2⤵
  PID:8952
- C:\Windows\System\SkZZnMn.exe
  C:\Windows\System\SkZZnMn.exe
  2⤵
  PID:8980
- C:\Windows\System\fvgwhJH.exe
  C:\Windows\System\fvgwhJH.exe
  2⤵
  PID:9004
- C:\Windows\System\PzPVNOp.exe
  C:\Windows\System\PzPVNOp.exe
  2⤵
  PID:9052
- C:\Windows\System\hWgoPwK.exe
  C:\Windows\System\hWgoPwK.exe
  2⤵
  PID:9060
- C:\Windows\System\yscoltp.exe
  C:\Windows\System\yscoltp.exe
  2⤵
  PID:9084
- C:\Windows\System\usfdBHf.exe
  C:\Windows\System\usfdBHf.exe
  2⤵
  PID:9124
- C:\Windows\System\rcpIsYm.exe
  C:\Windows\System\rcpIsYm.exe
  2⤵
  PID:9180
- C:\Windows\System\BiEFayp.exe
  C:\Windows\System\BiEFayp.exe
  2⤵
  PID:8100
- C:\Windows\System\iCMLLBN.exe
  C:\Windows\System\iCMLLBN.exe
  2⤵
  PID:8136
- C:\Windows\System\hhYOvMl.exe
  C:\Windows\System\hhYOvMl.exe
  2⤵
  PID:8304
- C:\Windows\System\fMAKMpK.exe
  C:\Windows\System\fMAKMpK.exe
  2⤵
  PID:8296
- C:\Windows\System\vUzGEOz.exe
  C:\Windows\System\vUzGEOz.exe
  2⤵
  PID:8316
- C:\Windows\System\JiukDhC.exe
  C:\Windows\System\JiukDhC.exe
  2⤵
  PID:8424
- C:\Windows\System\qSsPEFv.exe
  C:\Windows\System\qSsPEFv.exe
  2⤵
  PID:8468
- C:\Windows\System\rlitYdF.exe
  C:\Windows\System\rlitYdF.exe
  2⤵
  PID:8460
- C:\Windows\System\mPxVope.exe
  C:\Windows\System\mPxVope.exe
  2⤵
  PID:8560
- C:\Windows\System\lPmadIN.exe
  C:\Windows\System\lPmadIN.exe
  2⤵
  PID:8568
- C:\Windows\System\EuWIWgi.exe
  C:\Windows\System\EuWIWgi.exe
  2⤵
  PID:8772
- C:\Windows\System\kTRVAXM.exe
  C:\Windows\System\kTRVAXM.exe
  2⤵
  PID:8792
- C:\Windows\System\NhujXCX.exe
  C:\Windows\System\NhujXCX.exe
  2⤵
  PID:8464
- C:\Windows\System\hZohIhm.exe
  C:\Windows\System\hZohIhm.exe
  2⤵
  PID:8728
- C:\Windows\System\qccAyqc.exe
  C:\Windows\System\qccAyqc.exe
  2⤵
  PID:8668
- C:\Windows\System\PuKGCPn.exe
  C:\Windows\System\PuKGCPn.exe
  2⤵
  PID:8912
- C:\Windows\System\EDLFxDL.exe
  C:\Windows\System\EDLFxDL.exe
  2⤵
  PID:8940
- C:\Windows\System\HAMSeFO.exe
  C:\Windows\System\HAMSeFO.exe
  2⤵
  PID:9088
- C:\Windows\System\FPNyMNS.exe
  C:\Windows\System\FPNyMNS.exe
  2⤵
  PID:9104
- C:\Windows\System\kRvPatw.exe
  C:\Windows\System\kRvPatw.exe
  2⤵
  PID:9176
- C:\Windows\System\YSmfipo.exe
  C:\Windows\System\YSmfipo.exe
  2⤵
  PID:7496
- C:\Windows\System\EYomIyE.exe
  C:\Windows\System\EYomIyE.exe
  2⤵
  PID:7876
- C:\Windows\System\RLjfapb.exe
  C:\Windows\System\RLjfapb.exe
  2⤵
  PID:8244
- C:\Windows\System\pVVdsBn.exe
  C:\Windows\System\pVVdsBn.exe
  2⤵
  PID:8220
- C:\Windows\System\pJNNOVP.exe
  C:\Windows\System\pJNNOVP.exe
  2⤵
  PID:9192
- C:\Windows\System\VPdoTnU.exe
  C:\Windows\System\VPdoTnU.exe
  2⤵
  PID:8400
- C:\Windows\System\noleQyG.exe
  C:\Windows\System\noleQyG.exe
  2⤵
  PID:8572
- C:\Windows\System\jUGshBl.exe
  C:\Windows\System\jUGshBl.exe
  2⤵
  PID:8692
- C:\Windows\System\TVDoMZq.exe
  C:\Windows\System\TVDoMZq.exe
  2⤵
  PID:8756
- C:\Windows\System\joAFjEg.exe
  C:\Windows\System\joAFjEg.exe
  2⤵
  PID:8904
- C:\Windows\System\QHKpdGZ.exe
  C:\Windows\System\QHKpdGZ.exe
  2⤵
  PID:8976
- C:\Windows\System\JSEToTC.exe
  C:\Windows\System\JSEToTC.exe
  2⤵
  PID:9120
- C:\Windows\System\Rlhpcqt.exe
  C:\Windows\System\Rlhpcqt.exe
  2⤵
  PID:8920
- C:\Windows\System\EgzkyhD.exe
  C:\Windows\System\EgzkyhD.exe
  2⤵
  PID:8984
- C:\Windows\System\YZWOerq.exe
  C:\Windows\System\YZWOerq.exe
  2⤵
  PID:8500
- C:\Windows\System\DUMlWki.exe
  C:\Windows\System\DUMlWki.exe
  2⤵
  PID:8564
- C:\Windows\System\XBWATaB.exe
  C:\Windows\System\XBWATaB.exe
  2⤵
  PID:8864
- C:\Windows\System\UUeCNLR.exe
  C:\Windows\System\UUeCNLR.exe
  2⤵
  PID:9056
- C:\Windows\System\pEHyIIy.exe
  C:\Windows\System\pEHyIIy.exe
  2⤵
  PID:8892
- C:\Windows\System\bhBdOwS.exe
  C:\Windows\System\bhBdOwS.exe
  2⤵
  PID:8248
- C:\Windows\System\FVNafqS.exe
  C:\Windows\System\FVNafqS.exe
  2⤵
  PID:8380
- C:\Windows\System\IVRZBWh.exe
  C:\Windows\System\IVRZBWh.exe
  2⤵
  PID:9020
- C:\Windows\System\nZILaMC.exe
  C:\Windows\System\nZILaMC.exe
  2⤵
  PID:7300
- C:\Windows\System\CySuDwB.exe
  C:\Windows\System\CySuDwB.exe
  2⤵
  PID:8996
- C:\Windows\System\LZipIXQ.exe
  C:\Windows\System\LZipIXQ.exe
  2⤵
  PID:8360
- C:\Windows\System\CUicmgv.exe
  C:\Windows\System\CUicmgv.exe
  2⤵
  PID:8704
- C:\Windows\System\pyxjtUQ.exe
  C:\Windows\System\pyxjtUQ.exe
  2⤵
  PID:8684
- C:\Windows\System\PxJwNvP.exe
  C:\Windows\System\PxJwNvP.exe
  2⤵
  PID:8624
- C:\Windows\System\ltmQGzw.exe
  C:\Windows\System\ltmQGzw.exe
  2⤵
  PID:8752
- C:\Windows\System\AazBhNM.exe
  C:\Windows\System\AazBhNM.exe
  2⤵
  PID:9236
- C:\Windows\System\YlaZNKl.exe
  C:\Windows\System\YlaZNKl.exe
  2⤵
  PID:9256
- C:\Windows\System\zyzPphj.exe
  C:\Windows\System\zyzPphj.exe
  2⤵
  PID:9272
- C:\Windows\System\JtruCsH.exe
  C:\Windows\System\JtruCsH.exe
  2⤵
  PID:9296
- C:\Windows\System\jnoNbmH.exe
  C:\Windows\System\jnoNbmH.exe
  2⤵
  PID:9316
- C:\Windows\System\VuDigdi.exe
  C:\Windows\System\VuDigdi.exe
  2⤵
  PID:9332
- C:\Windows\System\ucIdpzr.exe
  C:\Windows\System\ucIdpzr.exe
  2⤵
  PID:9352
- C:\Windows\System\HvCCutH.exe
  C:\Windows\System\HvCCutH.exe
  2⤵
  PID:9376
- C:\Windows\System\iuuxONO.exe
  C:\Windows\System\iuuxONO.exe
  2⤵
  PID:9396
- C:\Windows\System\UvrcoXJ.exe
  C:\Windows\System\UvrcoXJ.exe
  2⤵
  PID:9416
- C:\Windows\System\tXhSSDa.exe
  C:\Windows\System\tXhSSDa.exe
  2⤵
  PID:9432
- C:\Windows\System\WfmFvUV.exe
  C:\Windows\System\WfmFvUV.exe
  2⤵
  PID:9452
- C:\Windows\System\MKqESzm.exe
  C:\Windows\System\MKqESzm.exe
  2⤵
  PID:9472
- C:\Windows\System\DvoKODN.exe
  C:\Windows\System\DvoKODN.exe
  2⤵
  PID:9492
- C:\Windows\System\aVjPmjw.exe
  C:\Windows\System\aVjPmjw.exe
  2⤵
  PID:9512
- C:\Windows\System\BHbkovM.exe
  C:\Windows\System\BHbkovM.exe
  2⤵
  PID:9536
- C:\Windows\System\JnpZqdH.exe
  C:\Windows\System\JnpZqdH.exe
  2⤵
  PID:9552
- C:\Windows\System\HPwZIkv.exe
  C:\Windows\System\HPwZIkv.exe
  2⤵
  PID:9572
- C:\Windows\System\EtfGWdj.exe
  C:\Windows\System\EtfGWdj.exe
  2⤵
  PID:9592
- C:\Windows\System\pYSJmhz.exe
  C:\Windows\System\pYSJmhz.exe
  2⤵
  PID:9612
- C:\Windows\System\YBPzutY.exe
  C:\Windows\System\YBPzutY.exe
  2⤵
  PID:9636
- C:\Windows\System\ZPwFAvp.exe
  C:\Windows\System\ZPwFAvp.exe
  2⤵
  PID:9656
- C:\Windows\System\livoqhJ.exe
  C:\Windows\System\livoqhJ.exe
  2⤵
  PID:9676
- C:\Windows\System\stnnRbe.exe
  C:\Windows\System\stnnRbe.exe
  2⤵
  PID:9692
- C:\Windows\System\rBHqUqS.exe
  C:\Windows\System\rBHqUqS.exe
  2⤵
  PID:9712
- C:\Windows\System\xhyrsZc.exe
  C:\Windows\System\xhyrsZc.exe
  2⤵
  PID:9736
- C:\Windows\System\ApVzmeq.exe
  C:\Windows\System\ApVzmeq.exe
  2⤵
  PID:9752
- C:\Windows\System\TmeivVC.exe
  C:\Windows\System\TmeivVC.exe
  2⤵
  PID:9776
- C:\Windows\System\krmnoEV.exe
  C:\Windows\System\krmnoEV.exe
  2⤵
  PID:9792
- C:\Windows\System\IICNmnW.exe
  C:\Windows\System\IICNmnW.exe
  2⤵
  PID:9816
- C:\Windows\System\cjfdlXy.exe
  C:\Windows\System\cjfdlXy.exe
  2⤵
  PID:9840
- C:\Windows\System\wlrYfJq.exe
  C:\Windows\System\wlrYfJq.exe
  2⤵
  PID:9856
- C:\Windows\System\WuoFHAS.exe
  C:\Windows\System\WuoFHAS.exe
  2⤵
  PID:9876
- C:\Windows\System\WDFJeEi.exe
  C:\Windows\System\WDFJeEi.exe
  2⤵
  PID:9900
- C:\Windows\System\GvnrHJN.exe
  C:\Windows\System\GvnrHJN.exe
  2⤵
  PID:9916
- C:\Windows\System\JSRCFRp.exe
  C:\Windows\System\JSRCFRp.exe
  2⤵
  PID:9932
- C:\Windows\System\lACtawb.exe
  C:\Windows\System\lACtawb.exe
  2⤵
  PID:9956
- C:\Windows\System\YUTUkob.exe
  C:\Windows\System\YUTUkob.exe
  2⤵
  PID:9980
- C:\Windows\System\sRnXGhP.exe
  C:\Windows\System\sRnXGhP.exe
  2⤵
  PID:9996
- C:\Windows\System\cZmJkZU.exe
  C:\Windows\System\cZmJkZU.exe
  2⤵
  PID:10020
- C:\Windows\System\YoyFtwx.exe
  C:\Windows\System\YoyFtwx.exe
  2⤵
  PID:10036
- C:\Windows\System\LjQAXoV.exe
  C:\Windows\System\LjQAXoV.exe
  2⤵
  PID:10052
- C:\Windows\System\DFbJddV.exe
  C:\Windows\System\DFbJddV.exe
  2⤵
  PID:10076
- C:\Windows\System\prHHuuQ.exe
  C:\Windows\System\prHHuuQ.exe
  2⤵
  PID:10092
- C:\Windows\System\AzItbyI.exe
  C:\Windows\System\AzItbyI.exe
  2⤵
  PID:10112
- C:\Windows\System\xxXMfCd.exe
  C:\Windows\System\xxXMfCd.exe
  2⤵
  PID:10128
- C:\Windows\System\bJqUOmA.exe
  C:\Windows\System\bJqUOmA.exe
  2⤵
  PID:10152
- C:\Windows\System\MhMbHrm.exe
  C:\Windows\System\MhMbHrm.exe
  2⤵
  PID:10172
- C:\Windows\System\guOavTU.exe
  C:\Windows\System\guOavTU.exe
  2⤵
  PID:10196
- C:\Windows\System\aUDoNVn.exe
  C:\Windows\System\aUDoNVn.exe
  2⤵
  PID:10212
- C:\Windows\System\oRAUaEk.exe
  C:\Windows\System\oRAUaEk.exe
  2⤵
  PID:10228
- C:\Windows\System\IMtZeBx.exe
  C:\Windows\System\IMtZeBx.exe
  2⤵
  PID:8544
- C:\Windows\System\AHwTBgu.exe
  C:\Windows\System\AHwTBgu.exe
  2⤵
  PID:9244
- C:\Windows\System\uzKcPhT.exe
  C:\Windows\System\uzKcPhT.exe
  2⤵
  PID:9280
- C:\Windows\System\VTbzqqY.exe
  C:\Windows\System\VTbzqqY.exe
  2⤵
  PID:9292
- C:\Windows\System\UxTdXyt.exe
  C:\Windows\System\UxTdXyt.exe
  2⤵
  PID:9328
- C:\Windows\System\BqlXNkS.exe
  C:\Windows\System\BqlXNkS.exe
  2⤵
  PID:9360
- C:\Windows\System\feIjMxk.exe
  C:\Windows\System\feIjMxk.exe
  2⤵
  PID:9392
- C:\Windows\System\YNhYEaC.exe
  C:\Windows\System\YNhYEaC.exe
  2⤵
  PID:9440
- C:\Windows\System\amQrWcx.exe
  C:\Windows\System\amQrWcx.exe
  2⤵
  PID:9468
- C:\Windows\System\znPzpVG.exe
  C:\Windows\System\znPzpVG.exe
  2⤵
  PID:9508
- C:\Windows\System\raPCnmP.exe
  C:\Windows\System\raPCnmP.exe
  2⤵
  PID:9544
- C:\Windows\System\DRqkwLy.exe
  C:\Windows\System\DRqkwLy.exe
  2⤵
  PID:9564
- C:\Windows\System\NfGmsZl.exe
  C:\Windows\System\NfGmsZl.exe
  2⤵
  PID:9608
- C:\Windows\System\gpergln.exe
  C:\Windows\System\gpergln.exe
  2⤵
  PID:9628
- C:\Windows\System\GSbkpap.exe
  C:\Windows\System\GSbkpap.exe
  2⤵
  PID:9672
- C:\Windows\System\OEgqEaN.exe
  C:\Windows\System\OEgqEaN.exe
  2⤵
  PID:9700
- C:\Windows\System\JlujSoR.exe
  C:\Windows\System\JlujSoR.exe
  2⤵
  PID:9720
- C:\Windows\System\wfaaeEn.exe
  C:\Windows\System\wfaaeEn.exe
  2⤵
  PID:9784
- C:\Windows\System\qxSTKmy.exe
  C:\Windows\System\qxSTKmy.exe
  2⤵
  PID:9812
- C:\Windows\System\itUGpFW.exe
  C:\Windows\System\itUGpFW.exe
  2⤵
  PID:9836
- C:\Windows\System\UlCevMu.exe
  C:\Windows\System\UlCevMu.exe
  2⤵
  PID:9868
- C:\Windows\System\EaXkdyj.exe
  C:\Windows\System\EaXkdyj.exe
  2⤵
  PID:9896
- C:\Windows\System\LFOzjxd.exe
  C:\Windows\System\LFOzjxd.exe
  2⤵
  PID:9940
- C:\Windows\System\bCwPSyZ.exe
  C:\Windows\System\bCwPSyZ.exe
  2⤵
  PID:9964
- C:\Windows\System\NZILjWR.exe
  C:\Windows\System\NZILjWR.exe
  2⤵
  PID:9992
- C:\Windows\System\TThAJHR.exe
  C:\Windows\System\TThAJHR.exe
  2⤵
  PID:10028
- C:\Windows\System\JRlEdoK.exe
  C:\Windows\System\JRlEdoK.exe
  2⤵
  PID:10068
- C:\Windows\System\fzsNMWK.exe
  C:\Windows\System\fzsNMWK.exe
  2⤵
  PID:10108
- C:\Windows\System\gDKAckr.exe
  C:\Windows\System\gDKAckr.exe
  2⤵
  PID:10144
- C:\Windows\System\SCxDxBi.exe
  C:\Windows\System\SCxDxBi.exe
  2⤵
  PID:10188
- C:\Windows\System\mELCodv.exe
  C:\Windows\System\mELCodv.exe
  2⤵
  PID:10220
- C:\Windows\System\iHzPaWT.exe
  C:\Windows\System\iHzPaWT.exe
  2⤵
  PID:9220
- C:\Windows\System\pidvxET.exe
  C:\Windows\System\pidvxET.exe
  2⤵
  PID:9368
- C:\Windows\System\flRmbvG.exe
  C:\Windows\System\flRmbvG.exe
  2⤵
  PID:9408
- C:\Windows\System\MwNrCvN.exe
  C:\Windows\System\MwNrCvN.exe
  2⤵
  PID:9268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EaXOGMU.exe

Filesize
6.0MB

MD5
9a600fdc7575c43a3e6e0ff6a295f62a

SHA1
37d9f55396d0e6e41e65a6b0d02731ca5061f518

SHA256
50a0468d8b43ee15110e4d80fb820edef990f35c210621c11fec1163b31dba29

SHA512
a11d7beb548aa4c3e2e571300f8209d9416be2dae4ce7bd47ced048593770ab137c2aa502c2619bdf9d13127cde6934d59926bcf3bbe73e12937d90ff3fd9c1e

Download Submit
C:\Windows\system\FxVUdmh.exe

Filesize
6.0MB

MD5
29e92fa35b22d2883c1c0ec677c69e81

SHA1
ec02b73c2277dfaf9c933a66d5468bce26881070

SHA256
2ab0fe24fad933b62ed37ac96b2958790e863e506f5cafd7d8c8c6cdbdff047e

SHA512
4061b773a4a2174ab3fbb2cfca6afd7b6016d977cb9bf7f9bd2a012130769e2a1d31b8bb3a4aa96230a1a986ade184d8738ef897d8f0da8427a6616095347871

Download Submit
C:\Windows\system\JnlePbM.exe

Filesize
6.0MB

MD5
4d32a4c7a6bff0174b1cca52b9c05131

SHA1
86615d142b904a8371c4ffe9af060cb7e4e56eec

SHA256
89b776ee3025f1ea19942ceb08fae8eb63298e3cb8f686b8309c15fb0b1dbb12

SHA512
51bcb192e4d2dd937adf94a89cd35c80bdc63fe0f8abdb80412ba38ce42227d9de1f762cf1ef789a927794ae184693fb42bd5f895648d7a46cf6721118a20372

Download Submit
C:\Windows\system\KUwhhcT.exe

Filesize
6.0MB

MD5
83422e38409be2d607ec82ab5e65e564

SHA1
a203b20c95da20b77b940b41d5b3bc8979c9d8a2

SHA256
f7aa2f15fb9fe13de83dbe5b6462710b23831daf9ca40bdc5628f1d9fa4cdf43

SHA512
1ac5af397fad4a9e5f8970101af2bf52137c0243a26b4e0044beab58c04a6cc6deed12e5f308c9adee9a8a4bd511de0debf6794e8cb0e8058e167f53f7e742a8

Download Submit
C:\Windows\system\KkoPwwG.exe

Filesize
6.0MB

MD5
38783e1bd70a78f390d374ff1b7eca30

SHA1
848a842ee00cd8391218f8d1efead0e867392dff

SHA256
4c6f7ad65b7e3ee6e6dda91f6eb145d85a3ad3ca3f96332cd46db971f2cb69d2

SHA512
454bd261380b66d83e7d1f64a6b9b61432a97087fc65850d705344eaa0e9c54a6e695430af64479363889ae5a158154758b90d4f2711024d14447a3cc165b8f5

Download Submit
C:\Windows\system\MCwkzTw.exe

Filesize
6.0MB

MD5
37777c01b0f3bbfb736c8eb91d2390e8

SHA1
331ae2863a4f24fbd2e472b7a465f26d2d763d0d

SHA256
268f75cd9abc35c521bc228052026902f80b3d6d4f6c4c84e978e1e1fd24934a

SHA512
5d76464953976c186fdcd972b9073e1d27899602bb621b5ae433e7aae93fbcfb94bd9d57d031ce7d397fa17d2493243f7e2842ab29057acc20407d1074261a6a

Download Submit
C:\Windows\system\TSFFfwN.exe

Filesize
6.0MB

MD5
059ca096ec1ee95d42f947d42c36413d

SHA1
f53bb2020712f62b18aa338add0623c2fcaa0a00

SHA256
368248786c9cba7976deb5639814d4f4bc3777415ad9004dc4e83380c6724180

SHA512
5c44245adae36bb6b1114fe45abce494b9a35f327ba9361dd24227be321ee0b07ca9ee7f93c24ace41c487d9f033f64f74d0c1e165e415a22d5a036e90700acd

Download Submit
C:\Windows\system\WdUQzqU.exe

Filesize
6.0MB

MD5
ad18c1bbcacd4f2925ba3a19adcdc65a

SHA1
9c57a39c3d8650f05dd21b920e4e8717509820c2

SHA256
a7cee15113e99e0042b862a5b1a38ada315d017bf88d1554ada85b8bc97259d5

SHA512
90dc9f018ea339a66784df9557595dfa09422ed6fadf8851c3ec2873ac21141ad3129b8054b9a486d8af54155951330120c1d1d000ec9d3ac14566b2ebb1b212

Download Submit
C:\Windows\system\WtGkEKI.exe

Filesize
6.0MB

MD5
3f1fe70166914db559c1d89d793c2a66

SHA1
b15b79805713cb1970bbe6b2f16cd48e034a2418

SHA256
61c31752462bf973cdb8efa0a353d7994e789505be9e2378f2bf92ae34effd92

SHA512
ab357947c46a8f364c6e1a79c824b221ca9462e3dfc5c9b61a1b4d5c6618163a6104466ba8f0cb8d470427e6962c3fb0222d76083b4574719ebaf0d13b3c8662

Download Submit
C:\Windows\system\YuvdvSb.exe

Filesize
6.0MB

MD5
51bf25a3b65a8590cf99ecbd3d78e39c

SHA1
4046044331c9e8ab9f196c29e5bdf1f84bae2550

SHA256
f4992230c4d328cc569defba75baa8d0fd595a8cf663a43738bb07f33326f412

SHA512
e01b481b37ea1cdaddf9e18c9f1ed6e9d9655bd86afd6a7b35add078e8485f397fc6a6eddf121b88b4993d8a5626f58d4aed378bba20545ea5a2442724623ae1

Download Submit
C:\Windows\system\cstSrOu.exe

Filesize
6.0MB

MD5
046c97131b72b45fe57bb98b818241d4

SHA1
28c7d32be84985775b0d3e897a3771a5165d2213

SHA256
864e4127462522fea9aa975a0a079ab594fc11e022f1e8d3d65cfe231cf06001

SHA512
82b2c8e7a8d76b1056ba8ac0922cd82f75fb0c99f405adb5602f5635163b9b29263ccf0baab7ca5f8331f23c5e9e3b662fae2812f60c48f7441cf0e39517c145

Download Submit
C:\Windows\system\fQJjykv.exe

Filesize
6.0MB

MD5
46673591ddcc425c267c7cc86d2c7320

SHA1
85d5a701597815ebe599a080348a44def00db225

SHA256
3710f0d1fadecd4ae5c0300595adc27bc01970ef02e4f61ef7a98fa4d1bc2c57

SHA512
ad9baff3d1870c739d47e1b855680c215d7f0ea093293d1cc8141172d5a2666bd9052e1c1c4f61d6d3f2800a4340ed97310bdf1f13f5ff51af21f3cd66c07618

Download Submit
C:\Windows\system\ipVtNIj.exe

Filesize
6.0MB

MD5
222536a4c373fe0543b981ef1790e977

SHA1
a1909bae62107044649c2f6ac3341e23f3637043

SHA256
f69a95d6c4bd1a4eae4fcb833e877a415b9f047d3a0b64638c3158ca6d1c5bad

SHA512
12832d548f52a585fa86c8f82bb719bf9f357bfe420ce591916331b7277bd21966cd2848132313b2e1dd98e5bf6db63d49b5b6b1d47f0440e2f566c712282d38

Download Submit
C:\Windows\system\nIXNpDl.exe

Filesize
6.0MB

MD5
ce10d5b08f2406ed397991256d225aef

SHA1
1d2f760a2602ea8585defabd6c77194ccd12cb65

SHA256
deec6a5485d8ee524063a5089c2eddd351e7430cc506d53375c65bea98f91dd3

SHA512
4d87ecf9b06623bdc292e9a64a1131237bf2b5439e6268539f28304c642e029068ea65168cefbfff34870f2a8a4884cda438513564acc4a7368946d6c2a0ab3e

Download Submit
C:\Windows\system\owVSZdW.exe

Filesize
6.0MB

MD5
00507ed04534c48c9abf612149c5d12a

SHA1
77f4816b2613c3b936f10b4a479b3bb8b691df1a

SHA256
c6632356e870437318a1036172235f95d40b4ff206aede40f3df88184facd880

SHA512
cf27b05269a7ffd5f72554b32722a35b7b3db9131a226ab8738e9438c25abd0e92285f5a15d17e9e9d462a4bb5dafdad3658787bc2f743902df3d7581d101bac

Download Submit
C:\Windows\system\qOSetJR.exe

Filesize
6.0MB

MD5
467eed0a1b300de363f35945bd72262e

SHA1
044bf093436bdfbcbd3533f7014d0616c53301a2

SHA256
e1c315cc678d47344c0df68b9a1aa5ea80303801166df632b1125f9570b7d800

SHA512
819685e187c7270d4ec666a4665a46970c35f6d6a7b15554edb955b7b98fac1fc044877108bd3523e3ac182efae1275bee10dd4084f6ac0f608407781236684a

Download Submit
C:\Windows\system\sBAZTbh.exe

Filesize
6.0MB

MD5
cdbee79bfa8e5c74a7a54bd04ac65406

SHA1
7035c47ef17becca85a491584cf07c62ddaaf2bc

SHA256
9c183bcdba5d4bc1efb32eae97b36ddcce682e854d8364d24ec0647110042076

SHA512
caf6e7651f55f224018bf310253bbab624580b0d9df8a6147f6966beccc6f2916e21a6aa29d365d66939a7e6e02525b3f1f1afbce092cefe42b5a13f79e7ab78

Download Submit
C:\Windows\system\ustyQap.exe

Filesize
6.0MB

MD5
a7e7ca00037c6b388aaa713c25052350

SHA1
5a1a9e8cd5cc25d6edace1d0cc2d28b30972eda6

SHA256
015cec8dc16ae33f7494eafa7243233c49a663649443ec074b3092fcb66680b5

SHA512
803eec451ec738bd295e7338caf59a94455aed04d9ac01194ffee8920d66341a2ac56a99833cd65eaa378203510abf992dd79fcec6a47f65157614e12ef1e751

Download Submit
C:\Windows\system\wdVSjlh.exe

Filesize
6.0MB

MD5
dcd01a7f3a6061e246974db06e0d9ff6

SHA1
de9f153ee1b2067ab0f6bd5c65de0ac6a63f30cc

SHA256
61cc3887295e9d8a4bcbe32c12015dbe7d407ed498a66ab1b6e12acebaf74641

SHA512
c13f2ea8bde8a5f59b7697cb4efd247670ee12f22d194758ae54da287e71326166a966d8c0d37fc6ec1e91b1cac59051da7f91e3936b0503a4ddd1d535844820

Download Submit
C:\Windows\system\wdiRoTN.exe

Filesize
6.0MB

MD5
9195758dd37814406b5700a4fd92b329

SHA1
e0a058b7bfa063f5dcc19ab46d75dcee29936461

SHA256
633e4ebf2a158c00e67b1a08abcf5f95c982625fe5bb8a5a35a97ef968129db3

SHA512
af11e2838ce3a6728683827aae9d650136675f9f9277490a5452cf3981a0d651b653dc00dc44ffc3c2ca74e9592ce0e99fee3f561ae610d1a21ab2804ee19c3b

Download Submit
C:\Windows\system\xpHXmuu.exe

Filesize
6.0MB

MD5
b954eba4abd59d19756396f1335840c8

SHA1
d362450965db6abc9ceb0947552190d3a1f598d1

SHA256
4a0c63866cff5cd9384ec655ba86b77827074e67aa7dcb94822b79da865b6088

SHA512
269c3345aae096b3b356e1174c99833cec2af589b9d981aa5b0ddac043ca928c2a0ef998773e744acf8c09227dc79b9bea1d999d04d5b0b04f1ec0015782aacc

Download Submit
\Windows\system\GOVLcBy.exe

Filesize
6.0MB

MD5
b9dae493a057f81a6a016c89bedba36f

SHA1
e370885ff38926a6af759e68ec2b45316ff50967

SHA256
8c806fe4e349326230d4c48657ed0792e3db63849000325e0d979616a8afb8e7

SHA512
ef3e018438704ab492875ffa7c940dd54bdb2aa5fb5d91292d2d811e94f7909dfa670c1a7929152fb2c5634a5ea6b9260b95baf62bd3ef08a3bdb5567692d342

Download Submit
\Windows\system\PDDdtUM.exe

Filesize
6.0MB

MD5
5c4ce5771869cd1bbb8f7f469eb824da

SHA1
7faa29dfc460d652a70d03b70a44f50da06e31be

SHA256
180991123a5bea0a4b0e70972fd47019af76d1800d368f96d0e85a1a070caaf7

SHA512
40101392c17e2d988fa62e7ce1f6604d9e5e010983fee7d6e72283e841d1ebd3ecb13d2d8fbe371e9f38300dc61d9e494704f600ff2d5aa6080391fda805cd05

Download Submit
\Windows\system\StJCsob.exe

Filesize
6.0MB

MD5
6eafc1784b9628db42c6de975f8a08b9

SHA1
85738abc0dbbac89b9c05b81c1a7b9a7629b33e0

SHA256
2f7a37d437a87a620d0710fdc92586173b8f0af7338a42c84fb3e812affbd2e8

SHA512
263db09048531dfe5a0fbc30850345651f2887c06c20429d3d829890ffc922159cb7cb1630aebd3e06fe0703cdad744d998e7057c173578356acdd86cc71d54d

Download Submit
\Windows\system\XHKXxxs.exe

Filesize
6.0MB

MD5
df9cb08bafaf83ae77e538a7f2069448

SHA1
39da40e77d5679a5b334401e0770860fa7d1bb7e

SHA256
e65136d1a9de79fae86b67bcad2558cc385e7438bcc9ae71bb4ba37224eb63cd

SHA512
57565ffd37702f1cd7f6d3035f88c2d2f8c6d8e78b2cffdacc710a0059b1aedd083a29ad7ec79e88d5dede0efbd94fdd331fa22ba5ef657ab2bbd4e212408a64

Download Submit
\Windows\system\djmINkl.exe

Filesize
6.0MB

MD5
63f9fde5abe3777f914032d95dbe8203

SHA1
3a315433dc1c584e66a2a7fa2f868cfc258cd72f

SHA256
576b9581a966c1a2f1cd06d433385a642bdf0a30486cd3f8a7b9fc96fb8951e3

SHA512
b57783be0f9181afcd107dc6698170060ec52ad9d6af5acde7dfd66929f9597b6cfa5e59ce41cfd7e02f8d8be3bbe997e5da27fc4393a55300cf635c054a11e9

Download Submit
\Windows\system\edLbBuo.exe

Filesize
6.0MB

MD5
229c3f69c0c4318b4bd50f7938cca302

SHA1
4a15aef8e4d0ac31da78ed8246d995e4643cc3b9

SHA256
a9fdd4c210456aac2f24a87cd1ccab03e2921c2553e472538b7862787e130cea

SHA512
d15aaefbbb2ee4364f6f92a585a84f11be6a8b3b82b22d18a2086031c2d237b3e4003575c1d174562c2b074a5659e64d159221d9e4dca5ec7c9e38e816750a30

Download Submit
\Windows\system\gxEklVs.exe

Filesize
6.0MB

MD5
bba8b890065ba9746de7be334c4aabc2

SHA1
62d682ae25dc0f55840f149726e25238fbc63d40

SHA256
e16b376a3b1f659508562ffe9d70b813e7f311ca4b8b7e20e685cdb3563d9b61

SHA512
805217b56ea09cc43ce94de0941837739f4ef7043a18ce72ced45e0f4557f282bb7c7292a272cd4cc4f034eba04f2ca5d3b1403c279df18cf000f02f7df84ffe

Download Submit
\Windows\system\kcVnXXX.exe

Filesize
6.0MB

MD5
7c9d0df537b09dc828d503b722a2a263

SHA1
d118fa6d22da28a899826231135c49c95044a42e

SHA256
53114d2d42c5fde551a49bf9f7cb236fca15bfefe0bc3b6cfcd2cc0ba8fa4d1c

SHA512
a2fbe768b65cff36a1aa7b10182814da694887273dae4ced4025664f5386733b74c223a527958a92ed99504c7b812d8cec4624c5f62272d82aa6ca4b25567fd8

Download Submit
\Windows\system\rpMKfzJ.exe

Filesize
6.0MB

MD5
097b47ec4a6add21d28a1d8c03818036

SHA1
d55a571a490c8d8be66dd4dd369144d2a38e6234

SHA256
ff48b37335b4a8371ca549813561110385123d13e0b11672b7b5b60e1d559167

SHA512
6a265c70f4550cf8cbd1639ff6ebf8914a8fc4e848e949ffb42174efa6f40d1fe9c577daa07199c70ab8cec2c4c4ebb925f963dadbf736874ac2a1f56cf13739

Download Submit
\Windows\system\sfpufqH.exe

Filesize
6.0MB

MD5
fd469ac8bd0d3b712ebbcf8a8c6f6bbf

SHA1
2b77e5d59c832daba10552dd2305fe144dc8a7d1

SHA256
d385fdd8d19ceedd4bbc93bad0ae35f494e9c5c40e812499d680958cc1f5f795

SHA512
9f54e6b4de9a18e4b78b0bd73f3581e88db016529993d280a2a3e26c1cb5ea5e460f1b8ec4899de2c0dabe20b9791d3bc734e6240f768d2143dd430618a692d0

Download Submit
\Windows\system\uQKurVo.exe

Filesize
6.0MB

MD5
4ef1df1401f11e357db4fdc5feb3003e

SHA1
7ae72319c42c33615953caf78c1ac6ff44c0d52e

SHA256
a24dbed6378dbe7f98dd413c93cc4a2944574eaaa61b8fc9c465a6fecadb2c6d

SHA512
2d604cd572042249d238708ec5804b2e0012578d556444f621725b66c0bab16ffe9c427f5cf9a983b23894428285d1cc1781a0773627467da2bf84943681edd7

Download Submit
memory/772-3621-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/772-65-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1036-3856-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1036-110-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1416-3617-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/1416-69-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2156-1592-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-94-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-3861-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3840-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2396-90-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2540-3781-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-89-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-3466-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2572-41-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2580-49-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2580-13-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3185-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2612-88-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2612-3778-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2624-43-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3469-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2680-1434-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-2136-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-67-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-50-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2680-0-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2680-45-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2680-42-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-59-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-91-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2680-100-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-35-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2680-104-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-38-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2680-1593-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-22-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2680-18-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-790-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-527-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3615-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-53-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3322-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2772-68-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2772-26-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3159-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2808-44-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2808-8-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3467-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2852-57-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2852-20-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download