cobaltstrike | 58d5236bc2ef37ca7cba30f375e75dc7d7d17c5ecbbeabec3ce5f64dfa495570

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

5182be3e93f5b0afd9ea5f5459c04f4d
SHA1

001bcc6d4a349f101f41721ebefa4525f308dfe6
SHA256

58d5236bc2ef37ca7cba30f375e75dc7d7d17c5ecbbeabec3ce5f64dfa495570
SHA512

755e1991695e336d9261be430a2b03eb41e6292207aa7e45ce44607b9ec61e531753b414a4bd4c3c0b5a493904b8592236fc9ae8003849aaa66a010578bbe2e5
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU2:T+q56utgpPF8u/72

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cc9-7.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cd1-13.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ce5-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cf2-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d04-29.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d0e-37.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d2a-39.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c4e-61.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cd3-74.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cfe-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d13-91.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d47-119.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dc8-141.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739c-157.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f9c-149.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173aa-162.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739a-155.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016e74-147.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dad-136.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-131.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d50-126.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3f-116.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d36-111.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d2e-106.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d24-101.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d1b-96.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d0b-86.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ca2-71.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c58-66.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016a47-51.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c3d-56.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000167dc-46.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 46 IoCs

miner

resource	yara_rule
behavioral1/memory/2420-0-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x0008000000015cc9-7.dat	xmrig
behavioral1/memory/3036-12-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015cd1-13.dat	xmrig
behavioral1/files/0x0007000000015ce5-22.dat	xmrig
behavioral1/files/0x0007000000015cf2-27.dat	xmrig
behavioral1/files/0x0007000000015d04-29.dat	xmrig
behavioral1/files/0x0007000000015d0e-37.dat	xmrig
behavioral1/files/0x0009000000015d2a-39.dat	xmrig
behavioral1/files/0x0006000000016c4e-61.dat	xmrig
behavioral1/files/0x0006000000016cd3-74.dat	xmrig
behavioral1/files/0x0006000000016cfe-81.dat	xmrig
behavioral1/files/0x0006000000016d13-91.dat	xmrig
behavioral1/files/0x0006000000016d47-119.dat	xmrig
behavioral1/files/0x0006000000016dc8-141.dat	xmrig
behavioral1/memory/2216-2316-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x000600000001739c-157.dat	xmrig
behavioral1/files/0x0006000000016f9c-149.dat	xmrig
behavioral1/files/0x00060000000173aa-162.dat	xmrig
behavioral1/files/0x000600000001739a-155.dat	xmrig
behavioral1/files/0x0006000000016e74-147.dat	xmrig
behavioral1/files/0x0006000000016dad-136.dat	xmrig
behavioral1/files/0x0006000000016d9f-131.dat	xmrig
behavioral1/files/0x0006000000016d50-126.dat	xmrig
behavioral1/files/0x0006000000016d3f-116.dat	xmrig
behavioral1/files/0x0006000000016d36-111.dat	xmrig
behavioral1/files/0x0006000000016d2e-106.dat	xmrig
behavioral1/files/0x0006000000016d24-101.dat	xmrig
behavioral1/files/0x0006000000016d1b-96.dat	xmrig
behavioral1/files/0x0006000000016d0b-86.dat	xmrig
behavioral1/files/0x0006000000016ca2-71.dat	xmrig
behavioral1/files/0x0006000000016c58-66.dat	xmrig
behavioral1/files/0x0006000000016a47-51.dat	xmrig
behavioral1/files/0x0006000000016c3d-56.dat	xmrig
behavioral1/files/0x00080000000167dc-46.dat	xmrig
behavioral1/memory/2100-2431-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2420-2440-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2228-2466-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2420-2888-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/3036-2982-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2216-2987-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/3036-3649-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2100-3648-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2228-3647-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2216-3661-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3036	aJsfRMm.exe
2216	jIXkEjo.exe
2100	AeBhTzW.exe
2228	QJYxPHv.exe
3068	vvhGCtF.exe
1052	kvdqvHK.exe
2744	yERoKZw.exe
2840	CZIuVjS.exe
2768	AlIDEGl.exe
2740	qxZougt.exe
2872	HFgLxma.exe
1056	LQGXcwm.exe
2860	hOpttFG.exe
1996	rIMBbna.exe
2644	WDAtlAL.exe
3048	JJXVtdv.exe
984	lhvjERN.exe
2160	AqxwQnE.exe
852	yvVbfSt.exe
1284	eAoBXhq.exe
2856	DCHkOUK.exe
1428	FGZKueU.exe
864	muAVIGL.exe
1904	gdMVAQd.exe
2444	xwZJTSS.exe
2940	cCeFIct.exe
2456	kuDEuMJ.exe
2516	VochYWR.exe
1264	GWJBVTx.exe
2176	fFWrgWN.exe
656	rNhxHII.exe
1900	oxymClA.exe
1152	UXlKPOP.exe
1332	YItFeMh.exe
772	VpruukK.exe
1692	yuQiZgM.exe
2300	VsHvQoj.exe
2008	gforqVR.exe
1696	jvsiSdp.exe
1560	NUUOwcM.exe
1012	xKAbUki.exe
2520	EAJAYcI.exe
2072	CWmhRJg.exe
2208	ieyNwna.exe
2272	awiLHDv.exe
1028	UmunryS.exe
2476	syDfyMk.exe
856	QwYrmTC.exe
1980	npvftFN.exe
316	HkIkhPs.exe
108	LSwkrAU.exe
860	DkQVeOQ.exe
2912	KCCtQNM.exe
476	KOHcpfF.exe
1616	ZeRRSvD.exe
3020	fcZjHcz.exe
1752	vkoldSu.exe
2536	zooRLtE.exe
2316	sdwrDgo.exe
2820	JEErhuM.exe
2976	vXAqooP.exe
2092	wCVKtJr.exe
2892	dIVuZFM.exe
2884	hCcWhMn.exe

Loads dropped DLL 64 IoCs

pid	Process
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 45 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2420-0-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/files/0x0008000000015cc9-7.dat	upx
behavioral1/memory/3036-12-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x0008000000015cd1-13.dat	upx
behavioral1/files/0x0007000000015ce5-22.dat	upx
behavioral1/files/0x0007000000015cf2-27.dat	upx
behavioral1/files/0x0007000000015d04-29.dat	upx
behavioral1/files/0x0007000000015d0e-37.dat	upx
behavioral1/files/0x0009000000015d2a-39.dat	upx
behavioral1/files/0x0006000000016c4e-61.dat	upx
behavioral1/files/0x0006000000016cd3-74.dat	upx
behavioral1/files/0x0006000000016cfe-81.dat	upx
behavioral1/files/0x0006000000016d13-91.dat	upx
behavioral1/files/0x0006000000016d47-119.dat	upx
behavioral1/files/0x0006000000016dc8-141.dat	upx
behavioral1/memory/2216-2316-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x000600000001739c-157.dat	upx
behavioral1/files/0x0006000000016f9c-149.dat	upx
behavioral1/files/0x00060000000173aa-162.dat	upx
behavioral1/files/0x000600000001739a-155.dat	upx
behavioral1/files/0x0006000000016e74-147.dat	upx
behavioral1/files/0x0006000000016dad-136.dat	upx
behavioral1/files/0x0006000000016d9f-131.dat	upx
behavioral1/files/0x0006000000016d50-126.dat	upx
behavioral1/files/0x0006000000016d3f-116.dat	upx
behavioral1/files/0x0006000000016d36-111.dat	upx
behavioral1/files/0x0006000000016d2e-106.dat	upx
behavioral1/files/0x0006000000016d24-101.dat	upx
behavioral1/files/0x0006000000016d1b-96.dat	upx
behavioral1/files/0x0006000000016d0b-86.dat	upx
behavioral1/files/0x0006000000016ca2-71.dat	upx
behavioral1/files/0x0006000000016c58-66.dat	upx
behavioral1/files/0x0006000000016a47-51.dat	upx
behavioral1/files/0x0006000000016c3d-56.dat	upx
behavioral1/files/0x00080000000167dc-46.dat	upx
behavioral1/memory/2100-2431-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2228-2466-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2420-2888-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/3036-2982-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2216-2987-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/3036-3649-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2100-3648-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2228-3647-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2216-3661-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CRfoaNq.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QxDSbqU.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ulLjZzY.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xwdQTZp.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\apGvrnh.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CcJWlKo.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AsyuyAA.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AeBhTzW.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EAJAYcI.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\feklglo.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UWkqhbB.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wjubmql.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ldMWrch.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BzBPTiv.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ndNyjnI.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WVpPKwQ.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tUpqSVN.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HLtJBhU.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHDNnOX.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TKuHxhY.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WyPTjPT.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WCFyoCF.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GwUWvtD.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RCwAvMt.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dTKytXQ.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XAtpoHC.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\khOVGfo.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ihvghYq.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\znyODgS.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HcMFqsg.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LeSkREl.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jaOYUbP.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPDOTPr.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QuwqhPB.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JEErhuM.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ahOEnnD.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sHZSDNd.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kVbmMaA.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHLoADA.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vZokPHK.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XQHWemR.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ptOIzWH.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KCCtQNM.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xhIYdyw.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnhgOAn.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IsusxtB.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SlHuwmQ.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dgVEejv.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XNEyYHW.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QaDVoTd.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\isAbGCu.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oKdvysi.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RxJMKjW.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WIqjpva.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GSHExgW.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwSoAEm.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\odaiqbF.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\namiPoi.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWUaFap.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bYiCqWH.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CiXJaBW.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hshpous.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNfxgXi.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RTlQbEr.exe	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 3036	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2420 wrote to memory of 3036	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2420 wrote to memory of 3036	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2420 wrote to memory of 2216	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2420 wrote to memory of 2216	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2420 wrote to memory of 2216	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2420 wrote to memory of 2100	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2420 wrote to memory of 2100	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2420 wrote to memory of 2100	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2420 wrote to memory of 2228	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2420 wrote to memory of 2228	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2420 wrote to memory of 2228	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2420 wrote to memory of 3068	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2420 wrote to memory of 3068	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2420 wrote to memory of 3068	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2420 wrote to memory of 1052	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2420 wrote to memory of 1052	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2420 wrote to memory of 1052	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2420 wrote to memory of 2744	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2420 wrote to memory of 2744	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2420 wrote to memory of 2744	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2420 wrote to memory of 2840	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2420 wrote to memory of 2840	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2420 wrote to memory of 2840	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2420 wrote to memory of 2768	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2420 wrote to memory of 2768	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2420 wrote to memory of 2768	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2420 wrote to memory of 2740	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2420 wrote to memory of 2740	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2420 wrote to memory of 2740	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2420 wrote to memory of 2872	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2420 wrote to memory of 2872	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2420 wrote to memory of 2872	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2420 wrote to memory of 1056	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2420 wrote to memory of 1056	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2420 wrote to memory of 1056	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2420 wrote to memory of 2860	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2420 wrote to memory of 2860	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2420 wrote to memory of 2860	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2420 wrote to memory of 1996	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2420 wrote to memory of 1996	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2420 wrote to memory of 1996	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2420 wrote to memory of 2644	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2420 wrote to memory of 2644	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2420 wrote to memory of 2644	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2420 wrote to memory of 3048	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2420 wrote to memory of 3048	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2420 wrote to memory of 3048	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2420 wrote to memory of 984	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2420 wrote to memory of 984	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2420 wrote to memory of 984	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2420 wrote to memory of 2160	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2420 wrote to memory of 2160	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2420 wrote to memory of 2160	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2420 wrote to memory of 852	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2420 wrote to memory of 852	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2420 wrote to memory of 852	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2420 wrote to memory of 1284	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2420 wrote to memory of 1284	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2420 wrote to memory of 1284	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2420 wrote to memory of 2856	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2420 wrote to memory of 2856	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2420 wrote to memory of 2856	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2420 wrote to memory of 1428	2420	2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_5182be3e93f5b0afd9ea5f5459c04f4d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\System\aJsfRMm.exe
  C:\Windows\System\aJsfRMm.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\jIXkEjo.exe
  C:\Windows\System\jIXkEjo.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\AeBhTzW.exe
  C:\Windows\System\AeBhTzW.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\QJYxPHv.exe
  C:\Windows\System\QJYxPHv.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\vvhGCtF.exe
  C:\Windows\System\vvhGCtF.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\kvdqvHK.exe
  C:\Windows\System\kvdqvHK.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\yERoKZw.exe
  C:\Windows\System\yERoKZw.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\CZIuVjS.exe
  C:\Windows\System\CZIuVjS.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\AlIDEGl.exe
  C:\Windows\System\AlIDEGl.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\qxZougt.exe
  C:\Windows\System\qxZougt.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\HFgLxma.exe
  C:\Windows\System\HFgLxma.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\LQGXcwm.exe
  C:\Windows\System\LQGXcwm.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\hOpttFG.exe
  C:\Windows\System\hOpttFG.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\rIMBbna.exe
  C:\Windows\System\rIMBbna.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\WDAtlAL.exe
  C:\Windows\System\WDAtlAL.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\JJXVtdv.exe
  C:\Windows\System\JJXVtdv.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\lhvjERN.exe
  C:\Windows\System\lhvjERN.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\AqxwQnE.exe
  C:\Windows\System\AqxwQnE.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\yvVbfSt.exe
  C:\Windows\System\yvVbfSt.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\eAoBXhq.exe
  C:\Windows\System\eAoBXhq.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\DCHkOUK.exe
  C:\Windows\System\DCHkOUK.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\FGZKueU.exe
  C:\Windows\System\FGZKueU.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\muAVIGL.exe
  C:\Windows\System\muAVIGL.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\gdMVAQd.exe
  C:\Windows\System\gdMVAQd.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\xwZJTSS.exe
  C:\Windows\System\xwZJTSS.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\cCeFIct.exe
  C:\Windows\System\cCeFIct.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\kuDEuMJ.exe
  C:\Windows\System\kuDEuMJ.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\VochYWR.exe
  C:\Windows\System\VochYWR.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\GWJBVTx.exe
  C:\Windows\System\GWJBVTx.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\UXlKPOP.exe
  C:\Windows\System\UXlKPOP.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\fFWrgWN.exe
  C:\Windows\System\fFWrgWN.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\VpruukK.exe
  C:\Windows\System\VpruukK.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\rNhxHII.exe
  C:\Windows\System\rNhxHII.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\yuQiZgM.exe
  C:\Windows\System\yuQiZgM.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\oxymClA.exe
  C:\Windows\System\oxymClA.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\VsHvQoj.exe
  C:\Windows\System\VsHvQoj.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\YItFeMh.exe
  C:\Windows\System\YItFeMh.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\gforqVR.exe
  C:\Windows\System\gforqVR.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\jvsiSdp.exe
  C:\Windows\System\jvsiSdp.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\NUUOwcM.exe
  C:\Windows\System\NUUOwcM.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\xKAbUki.exe
  C:\Windows\System\xKAbUki.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\EAJAYcI.exe
  C:\Windows\System\EAJAYcI.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\CWmhRJg.exe
  C:\Windows\System\CWmhRJg.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\ieyNwna.exe
  C:\Windows\System\ieyNwna.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\awiLHDv.exe
  C:\Windows\System\awiLHDv.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\UmunryS.exe
  C:\Windows\System\UmunryS.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\syDfyMk.exe
  C:\Windows\System\syDfyMk.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\QwYrmTC.exe
  C:\Windows\System\QwYrmTC.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\npvftFN.exe
  C:\Windows\System\npvftFN.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\HkIkhPs.exe
  C:\Windows\System\HkIkhPs.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\LSwkrAU.exe
  C:\Windows\System\LSwkrAU.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\DkQVeOQ.exe
  C:\Windows\System\DkQVeOQ.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\KCCtQNM.exe
  C:\Windows\System\KCCtQNM.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\KOHcpfF.exe
  C:\Windows\System\KOHcpfF.exe
  2⤵
  - Executes dropped EXE
  PID:476
- C:\Windows\System\ZeRRSvD.exe
  C:\Windows\System\ZeRRSvD.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\fcZjHcz.exe
  C:\Windows\System\fcZjHcz.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\vkoldSu.exe
  C:\Windows\System\vkoldSu.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\zooRLtE.exe
  C:\Windows\System\zooRLtE.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\sdwrDgo.exe
  C:\Windows\System\sdwrDgo.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\JEErhuM.exe
  C:\Windows\System\JEErhuM.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\vXAqooP.exe
  C:\Windows\System\vXAqooP.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\wCVKtJr.exe
  C:\Windows\System\wCVKtJr.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\dIVuZFM.exe
  C:\Windows\System\dIVuZFM.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\hCcWhMn.exe
  C:\Windows\System\hCcWhMn.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\adPstMP.exe
  C:\Windows\System\adPstMP.exe
  2⤵
  PID:2632
- C:\Windows\System\aYdxXTx.exe
  C:\Windows\System\aYdxXTx.exe
  2⤵
  PID:3060
- C:\Windows\System\BDsCSyj.exe
  C:\Windows\System\BDsCSyj.exe
  2⤵
  PID:1712
- C:\Windows\System\ypkAqcn.exe
  C:\Windows\System\ypkAqcn.exe
  2⤵
  PID:1388
- C:\Windows\System\NoVtPFG.exe
  C:\Windows\System\NoVtPFG.exe
  2⤵
  PID:1844
- C:\Windows\System\SdWvquB.exe
  C:\Windows\System\SdWvquB.exe
  2⤵
  PID:1820
- C:\Windows\System\QfyLtEZ.exe
  C:\Windows\System\QfyLtEZ.exe
  2⤵
  PID:1432
- C:\Windows\System\UFlSqVa.exe
  C:\Windows\System\UFlSqVa.exe
  2⤵
  PID:2244
- C:\Windows\System\AeMwEWp.exe
  C:\Windows\System\AeMwEWp.exe
  2⤵
  PID:292
- C:\Windows\System\MdySgbM.exe
  C:\Windows\System\MdySgbM.exe
  2⤵
  PID:1364
- C:\Windows\System\mWPNmgL.exe
  C:\Windows\System\mWPNmgL.exe
  2⤵
  PID:1280
- C:\Windows\System\toVatgP.exe
  C:\Windows\System\toVatgP.exe
  2⤵
  PID:2024
- C:\Windows\System\cCUIzLt.exe
  C:\Windows\System\cCUIzLt.exe
  2⤵
  PID:620
- C:\Windows\System\oyNZBdf.exe
  C:\Windows\System\oyNZBdf.exe
  2⤵
  PID:596
- C:\Windows\System\FxBTCiR.exe
  C:\Windows\System\FxBTCiR.exe
  2⤵
  PID:900
- C:\Windows\System\VXjYZoA.exe
  C:\Windows\System\VXjYZoA.exe
  2⤵
  PID:2204
- C:\Windows\System\PjGceCn.exe
  C:\Windows\System\PjGceCn.exe
  2⤵
  PID:2076
- C:\Windows\System\ZfxECeT.exe
  C:\Windows\System\ZfxECeT.exe
  2⤵
  PID:1036
- C:\Windows\System\zrLRjCG.exe
  C:\Windows\System\zrLRjCG.exe
  2⤵
  PID:2532
- C:\Windows\System\HbrXLAF.exe
  C:\Windows\System\HbrXLAF.exe
  2⤵
  PID:672
- C:\Windows\System\HrmhRqI.exe
  C:\Windows\System\HrmhRqI.exe
  2⤵
  PID:1680
- C:\Windows\System\BWjTYFI.exe
  C:\Windows\System\BWjTYFI.exe
  2⤵
  PID:1508
- C:\Windows\System\TAoyjnG.exe
  C:\Windows\System\TAoyjnG.exe
  2⤵
  PID:1512
- C:\Windows\System\DmnkIWL.exe
  C:\Windows\System\DmnkIWL.exe
  2⤵
  PID:688
- C:\Windows\System\cArzvZZ.exe
  C:\Windows\System\cArzvZZ.exe
  2⤵
  PID:1584
- C:\Windows\System\mICLTvz.exe
  C:\Windows\System\mICLTvz.exe
  2⤵
  PID:2320
- C:\Windows\System\iwCSfyl.exe
  C:\Windows\System\iwCSfyl.exe
  2⤵
  PID:2808
- C:\Windows\System\WfxJAYB.exe
  C:\Windows\System\WfxJAYB.exe
  2⤵
  PID:2828
- C:\Windows\System\kmqfaRn.exe
  C:\Windows\System\kmqfaRn.exe
  2⤵
  PID:2900
- C:\Windows\System\osNcUKm.exe
  C:\Windows\System\osNcUKm.exe
  2⤵
  PID:2656
- C:\Windows\System\cFdNzEd.exe
  C:\Windows\System\cFdNzEd.exe
  2⤵
  PID:1536
- C:\Windows\System\nbwbEiM.exe
  C:\Windows\System\nbwbEiM.exe
  2⤵
  PID:1292
- C:\Windows\System\tHURtoS.exe
  C:\Windows\System\tHURtoS.exe
  2⤵
  PID:1732
- C:\Windows\System\XKDPDVI.exe
  C:\Windows\System\XKDPDVI.exe
  2⤵
  PID:2448
- C:\Windows\System\bOWvhBQ.exe
  C:\Windows\System\bOWvhBQ.exe
  2⤵
  PID:652
- C:\Windows\System\UyglukE.exe
  C:\Windows\System\UyglukE.exe
  2⤵
  PID:1672
- C:\Windows\System\vrIWVbX.exe
  C:\Windows\System\vrIWVbX.exe
  2⤵
  PID:1144
- C:\Windows\System\knlLfft.exe
  C:\Windows\System\knlLfft.exe
  2⤵
  PID:1128
- C:\Windows\System\ZLETOmR.exe
  C:\Windows\System\ZLETOmR.exe
  2⤵
  PID:888
- C:\Windows\System\pMOyMXC.exe
  C:\Windows\System\pMOyMXC.exe
  2⤵
  PID:1548
- C:\Windows\System\JgqlxCW.exe
  C:\Windows\System\JgqlxCW.exe
  2⤵
  PID:1520
- C:\Windows\System\HiCMUKv.exe
  C:\Windows\System\HiCMUKv.exe
  2⤵
  PID:896
- C:\Windows\System\xQwlwRl.exe
  C:\Windows\System\xQwlwRl.exe
  2⤵
  PID:1340
- C:\Windows\System\VevtCsD.exe
  C:\Windows\System\VevtCsD.exe
  2⤵
  PID:784
- C:\Windows\System\PLjqhKp.exe
  C:\Windows\System\PLjqhKp.exe
  2⤵
  PID:1612
- C:\Windows\System\lEJEWxK.exe
  C:\Windows\System\lEJEWxK.exe
  2⤵
  PID:2436
- C:\Windows\System\lGwcdxE.exe
  C:\Windows\System\lGwcdxE.exe
  2⤵
  PID:2268
- C:\Windows\System\BXckoQL.exe
  C:\Windows\System\BXckoQL.exe
  2⤵
  PID:3080
- C:\Windows\System\TlDnmOp.exe
  C:\Windows\System\TlDnmOp.exe
  2⤵
  PID:3100
- C:\Windows\System\iURQqDu.exe
  C:\Windows\System\iURQqDu.exe
  2⤵
  PID:3120
- C:\Windows\System\zWcXrFI.exe
  C:\Windows\System\zWcXrFI.exe
  2⤵
  PID:3140
- C:\Windows\System\mmYaRVd.exe
  C:\Windows\System\mmYaRVd.exe
  2⤵
  PID:3160
- C:\Windows\System\yxhQJXP.exe
  C:\Windows\System\yxhQJXP.exe
  2⤵
  PID:3180
- C:\Windows\System\jNJwFpe.exe
  C:\Windows\System\jNJwFpe.exe
  2⤵
  PID:3200
- C:\Windows\System\CRfoaNq.exe
  C:\Windows\System\CRfoaNq.exe
  2⤵
  PID:3220
- C:\Windows\System\JkJHmej.exe
  C:\Windows\System\JkJHmej.exe
  2⤵
  PID:3240
- C:\Windows\System\xhIYdyw.exe
  C:\Windows\System\xhIYdyw.exe
  2⤵
  PID:3260
- C:\Windows\System\GPcKrby.exe
  C:\Windows\System\GPcKrby.exe
  2⤵
  PID:3280
- C:\Windows\System\WVpPKwQ.exe
  C:\Windows\System\WVpPKwQ.exe
  2⤵
  PID:3300
- C:\Windows\System\WwcoaKT.exe
  C:\Windows\System\WwcoaKT.exe
  2⤵
  PID:3320
- C:\Windows\System\TDfIJmv.exe
  C:\Windows\System\TDfIJmv.exe
  2⤵
  PID:3336
- C:\Windows\System\jHnwriB.exe
  C:\Windows\System\jHnwriB.exe
  2⤵
  PID:3360
- C:\Windows\System\cjoQzbS.exe
  C:\Windows\System\cjoQzbS.exe
  2⤵
  PID:3380
- C:\Windows\System\odAhMYV.exe
  C:\Windows\System\odAhMYV.exe
  2⤵
  PID:3400
- C:\Windows\System\OiKuDom.exe
  C:\Windows\System\OiKuDom.exe
  2⤵
  PID:3420
- C:\Windows\System\OfGmZgX.exe
  C:\Windows\System\OfGmZgX.exe
  2⤵
  PID:3440
- C:\Windows\System\zoNztil.exe
  C:\Windows\System\zoNztil.exe
  2⤵
  PID:3460
- C:\Windows\System\XNEyYHW.exe
  C:\Windows\System\XNEyYHW.exe
  2⤵
  PID:3480
- C:\Windows\System\ZoqIMHI.exe
  C:\Windows\System\ZoqIMHI.exe
  2⤵
  PID:3500
- C:\Windows\System\DngKyrN.exe
  C:\Windows\System\DngKyrN.exe
  2⤵
  PID:3520
- C:\Windows\System\BLVpOzw.exe
  C:\Windows\System\BLVpOzw.exe
  2⤵
  PID:3544
- C:\Windows\System\OYxzWEN.exe
  C:\Windows\System\OYxzWEN.exe
  2⤵
  PID:3564
- C:\Windows\System\YMtWBms.exe
  C:\Windows\System\YMtWBms.exe
  2⤵
  PID:3584
- C:\Windows\System\RoztfoE.exe
  C:\Windows\System\RoztfoE.exe
  2⤵
  PID:3604
- C:\Windows\System\KmpTXPQ.exe
  C:\Windows\System\KmpTXPQ.exe
  2⤵
  PID:3624
- C:\Windows\System\QUUrEzv.exe
  C:\Windows\System\QUUrEzv.exe
  2⤵
  PID:3644
- C:\Windows\System\gUuyxba.exe
  C:\Windows\System\gUuyxba.exe
  2⤵
  PID:3664
- C:\Windows\System\YcLvNWi.exe
  C:\Windows\System\YcLvNWi.exe
  2⤵
  PID:3684
- C:\Windows\System\EnKOUGG.exe
  C:\Windows\System\EnKOUGG.exe
  2⤵
  PID:3704
- C:\Windows\System\vsKDFQJ.exe
  C:\Windows\System\vsKDFQJ.exe
  2⤵
  PID:3724
- C:\Windows\System\BbzwCbs.exe
  C:\Windows\System\BbzwCbs.exe
  2⤵
  PID:3744
- C:\Windows\System\rDEVjPr.exe
  C:\Windows\System\rDEVjPr.exe
  2⤵
  PID:3764
- C:\Windows\System\iLvUSkZ.exe
  C:\Windows\System\iLvUSkZ.exe
  2⤵
  PID:3784
- C:\Windows\System\gIrDNHD.exe
  C:\Windows\System\gIrDNHD.exe
  2⤵
  PID:3804
- C:\Windows\System\EbFekuT.exe
  C:\Windows\System\EbFekuT.exe
  2⤵
  PID:3824
- C:\Windows\System\dbtzPDj.exe
  C:\Windows\System\dbtzPDj.exe
  2⤵
  PID:3844
- C:\Windows\System\zjsOTgg.exe
  C:\Windows\System\zjsOTgg.exe
  2⤵
  PID:3864
- C:\Windows\System\AyAYTcM.exe
  C:\Windows\System\AyAYTcM.exe
  2⤵
  PID:3884
- C:\Windows\System\PqRQUiX.exe
  C:\Windows\System\PqRQUiX.exe
  2⤵
  PID:3904
- C:\Windows\System\OpZepUS.exe
  C:\Windows\System\OpZepUS.exe
  2⤵
  PID:3924
- C:\Windows\System\teekcmy.exe
  C:\Windows\System\teekcmy.exe
  2⤵
  PID:3944
- C:\Windows\System\vvPwyJb.exe
  C:\Windows\System\vvPwyJb.exe
  2⤵
  PID:3964
- C:\Windows\System\viuRfTK.exe
  C:\Windows\System\viuRfTK.exe
  2⤵
  PID:3984
- C:\Windows\System\bOFfHAg.exe
  C:\Windows\System\bOFfHAg.exe
  2⤵
  PID:4004
- C:\Windows\System\NSzWFhf.exe
  C:\Windows\System\NSzWFhf.exe
  2⤵
  PID:4024
- C:\Windows\System\avsQKMS.exe
  C:\Windows\System\avsQKMS.exe
  2⤵
  PID:4044
- C:\Windows\System\brQjmkb.exe
  C:\Windows\System\brQjmkb.exe
  2⤵
  PID:4064
- C:\Windows\System\OgxIJOw.exe
  C:\Windows\System\OgxIJOw.exe
  2⤵
  PID:4084
- C:\Windows\System\VWEtsdc.exe
  C:\Windows\System\VWEtsdc.exe
  2⤵
  PID:3064
- C:\Windows\System\DpNqajA.exe
  C:\Windows\System\DpNqajA.exe
  2⤵
  PID:1824
- C:\Windows\System\sglnYTV.exe
  C:\Windows\System\sglnYTV.exe
  2⤵
  PID:832
- C:\Windows\System\oJDhjUv.exe
  C:\Windows\System\oJDhjUv.exe
  2⤵
  PID:1896
- C:\Windows\System\ijUirKH.exe
  C:\Windows\System\ijUirKH.exe
  2⤵
  PID:1168
- C:\Windows\System\jDnLMSc.exe
  C:\Windows\System\jDnLMSc.exe
  2⤵
  PID:1552
- C:\Windows\System\AutNPHI.exe
  C:\Windows\System\AutNPHI.exe
  2⤵
  PID:2376
- C:\Windows\System\MzxtQtr.exe
  C:\Windows\System\MzxtQtr.exe
  2⤵
  PID:1652
- C:\Windows\System\eqatKLL.exe
  C:\Windows\System\eqatKLL.exe
  2⤵
  PID:1828
- C:\Windows\System\bfFXmpW.exe
  C:\Windows\System\bfFXmpW.exe
  2⤵
  PID:2056
- C:\Windows\System\juaNfWk.exe
  C:\Windows\System\juaNfWk.exe
  2⤵
  PID:2980
- C:\Windows\System\VzhPCDI.exe
  C:\Windows\System\VzhPCDI.exe
  2⤵
  PID:3108
- C:\Windows\System\iEiLjJG.exe
  C:\Windows\System\iEiLjJG.exe
  2⤵
  PID:3128
- C:\Windows\System\khCtWbg.exe
  C:\Windows\System\khCtWbg.exe
  2⤵
  PID:3152
- C:\Windows\System\yrYuVmD.exe
  C:\Windows\System\yrYuVmD.exe
  2⤵
  PID:3172
- C:\Windows\System\cbtZHgg.exe
  C:\Windows\System\cbtZHgg.exe
  2⤵
  PID:3236
- C:\Windows\System\hhSpaHo.exe
  C:\Windows\System\hhSpaHo.exe
  2⤵
  PID:3276
- C:\Windows\System\dNIVhXp.exe
  C:\Windows\System\dNIVhXp.exe
  2⤵
  PID:3312
- C:\Windows\System\RWzjChi.exe
  C:\Windows\System\RWzjChi.exe
  2⤵
  PID:3352
- C:\Windows\System\ZkoXDbG.exe
  C:\Windows\System\ZkoXDbG.exe
  2⤵
  PID:3376
- C:\Windows\System\ahOEnnD.exe
  C:\Windows\System\ahOEnnD.exe
  2⤵
  PID:3428
- C:\Windows\System\RYoaBxn.exe
  C:\Windows\System\RYoaBxn.exe
  2⤵
  PID:3432
- C:\Windows\System\sHZSDNd.exe
  C:\Windows\System\sHZSDNd.exe
  2⤵
  PID:3456
- C:\Windows\System\exSqPTW.exe
  C:\Windows\System\exSqPTW.exe
  2⤵
  PID:3492
- C:\Windows\System\DkZnsed.exe
  C:\Windows\System\DkZnsed.exe
  2⤵
  PID:3536
- C:\Windows\System\HIcUtkl.exe
  C:\Windows\System\HIcUtkl.exe
  2⤵
  PID:3580
- C:\Windows\System\ZKYCZxw.exe
  C:\Windows\System\ZKYCZxw.exe
  2⤵
  PID:3576
- C:\Windows\System\jFltHer.exe
  C:\Windows\System\jFltHer.exe
  2⤵
  PID:3616
- C:\Windows\System\HjfnLEl.exe
  C:\Windows\System\HjfnLEl.exe
  2⤵
  PID:3656
- C:\Windows\System\xAbUkdD.exe
  C:\Windows\System\xAbUkdD.exe
  2⤵
  PID:3712
- C:\Windows\System\BpGwOfE.exe
  C:\Windows\System\BpGwOfE.exe
  2⤵
  PID:3740
- C:\Windows\System\gxJsPTO.exe
  C:\Windows\System\gxJsPTO.exe
  2⤵
  PID:3772
- C:\Windows\System\wjlQgXo.exe
  C:\Windows\System\wjlQgXo.exe
  2⤵
  PID:3832
- C:\Windows\System\sqiNzCH.exe
  C:\Windows\System\sqiNzCH.exe
  2⤵
  PID:3816
- C:\Windows\System\brPUFhf.exe
  C:\Windows\System\brPUFhf.exe
  2⤵
  PID:3880
- C:\Windows\System\BTOrhgB.exe
  C:\Windows\System\BTOrhgB.exe
  2⤵
  PID:3920
- C:\Windows\System\bQPRZES.exe
  C:\Windows\System\bQPRZES.exe
  2⤵
  PID:3932
- C:\Windows\System\jzPfOhy.exe
  C:\Windows\System\jzPfOhy.exe
  2⤵
  PID:3992
- C:\Windows\System\XDOwchF.exe
  C:\Windows\System\XDOwchF.exe
  2⤵
  PID:3980
- C:\Windows\System\yOmbJpQ.exe
  C:\Windows\System\yOmbJpQ.exe
  2⤵
  PID:4016
- C:\Windows\System\vVOpLny.exe
  C:\Windows\System\vVOpLny.exe
  2⤵
  PID:4056
- C:\Windows\System\WCFyoCF.exe
  C:\Windows\System\WCFyoCF.exe
  2⤵
  PID:1760
- C:\Windows\System\OCTiyjD.exe
  C:\Windows\System\OCTiyjD.exe
  2⤵
  PID:492
- C:\Windows\System\ggtjaas.exe
  C:\Windows\System\ggtjaas.exe
  2⤵
  PID:1812
- C:\Windows\System\HQcxtOt.exe
  C:\Windows\System\HQcxtOt.exe
  2⤵
  PID:1080
- C:\Windows\System\bIDGhdu.exe
  C:\Windows\System\bIDGhdu.exe
  2⤵
  PID:2012
- C:\Windows\System\CHEJrfo.exe
  C:\Windows\System\CHEJrfo.exe
  2⤵
  PID:308
- C:\Windows\System\QGNxrxs.exe
  C:\Windows\System\QGNxrxs.exe
  2⤵
  PID:2824
- C:\Windows\System\Lxvuyqv.exe
  C:\Windows\System\Lxvuyqv.exe
  2⤵
  PID:3092
- C:\Windows\System\xtTJAEE.exe
  C:\Windows\System\xtTJAEE.exe
  2⤵
  PID:3168
- C:\Windows\System\oKynefP.exe
  C:\Windows\System\oKynefP.exe
  2⤵
  PID:3308
- C:\Windows\System\AtFcnxk.exe
  C:\Windows\System\AtFcnxk.exe
  2⤵
  PID:3288
- C:\Windows\System\DMNrhTw.exe
  C:\Windows\System\DMNrhTw.exe
  2⤵
  PID:3344
- C:\Windows\System\LZsnBAn.exe
  C:\Windows\System\LZsnBAn.exe
  2⤵
  PID:3436
- C:\Windows\System\NwJKOPL.exe
  C:\Windows\System\NwJKOPL.exe
  2⤵
  PID:3508
- C:\Windows\System\bpPIXil.exe
  C:\Windows\System\bpPIXil.exe
  2⤵
  PID:3560
- C:\Windows\System\SvSGAKn.exe
  C:\Windows\System\SvSGAKn.exe
  2⤵
  PID:3632
- C:\Windows\System\ogRIiBs.exe
  C:\Windows\System\ogRIiBs.exe
  2⤵
  PID:3596
- C:\Windows\System\XVcvnPp.exe
  C:\Windows\System\XVcvnPp.exe
  2⤵
  PID:3652
- C:\Windows\System\WxxhsuJ.exe
  C:\Windows\System\WxxhsuJ.exe
  2⤵
  PID:3752
- C:\Windows\System\OwmsPOk.exe
  C:\Windows\System\OwmsPOk.exe
  2⤵
  PID:3820
- C:\Windows\System\zTmJzEp.exe
  C:\Windows\System\zTmJzEp.exe
  2⤵
  PID:3912
- C:\Windows\System\ggwrQWe.exe
  C:\Windows\System\ggwrQWe.exe
  2⤵
  PID:3896
- C:\Windows\System\neOFKJd.exe
  C:\Windows\System\neOFKJd.exe
  2⤵
  PID:3996
- C:\Windows\System\odaiqbF.exe
  C:\Windows\System\odaiqbF.exe
  2⤵
  PID:4036
- C:\Windows\System\xVCsoVK.exe
  C:\Windows\System\xVCsoVK.exe
  2⤵
  PID:4052
- C:\Windows\System\ztEdDMc.exe
  C:\Windows\System\ztEdDMc.exe
  2⤵
  PID:2184
- C:\Windows\System\HPZxAgj.exe
  C:\Windows\System\HPZxAgj.exe
  2⤵
  PID:972
- C:\Windows\System\bpiPyBl.exe
  C:\Windows\System\bpiPyBl.exe
  2⤵
  PID:1604
- C:\Windows\System\mtKATDC.exe
  C:\Windows\System\mtKATDC.exe
  2⤵
  PID:2540
- C:\Windows\System\vSovroc.exe
  C:\Windows\System\vSovroc.exe
  2⤵
  PID:3196
- C:\Windows\System\feklglo.exe
  C:\Windows\System\feklglo.exe
  2⤵
  PID:3268
- C:\Windows\System\Nfehcqd.exe
  C:\Windows\System\Nfehcqd.exe
  2⤵
  PID:3392
- C:\Windows\System\YNDHTVz.exe
  C:\Windows\System\YNDHTVz.exe
  2⤵
  PID:3488
- C:\Windows\System\UnIcczT.exe
  C:\Windows\System\UnIcczT.exe
  2⤵
  PID:3512
- C:\Windows\System\VLiUkRV.exe
  C:\Windows\System\VLiUkRV.exe
  2⤵
  PID:4116
- C:\Windows\System\vnhgOAn.exe
  C:\Windows\System\vnhgOAn.exe
  2⤵
  PID:4136
- C:\Windows\System\RzuTzra.exe
  C:\Windows\System\RzuTzra.exe
  2⤵
  PID:4156
- C:\Windows\System\RyRupVU.exe
  C:\Windows\System\RyRupVU.exe
  2⤵
  PID:4176
- C:\Windows\System\nWnJryv.exe
  C:\Windows\System\nWnJryv.exe
  2⤵
  PID:4196
- C:\Windows\System\oHGDZGW.exe
  C:\Windows\System\oHGDZGW.exe
  2⤵
  PID:4216
- C:\Windows\System\LxZWbcn.exe
  C:\Windows\System\LxZWbcn.exe
  2⤵
  PID:4236
- C:\Windows\System\VzbOiQO.exe
  C:\Windows\System\VzbOiQO.exe
  2⤵
  PID:4256
- C:\Windows\System\uloXzIY.exe
  C:\Windows\System\uloXzIY.exe
  2⤵
  PID:4276
- C:\Windows\System\eCZXRwf.exe
  C:\Windows\System\eCZXRwf.exe
  2⤵
  PID:4296
- C:\Windows\System\DilSzhs.exe
  C:\Windows\System\DilSzhs.exe
  2⤵
  PID:4316
- C:\Windows\System\SCPmyoM.exe
  C:\Windows\System\SCPmyoM.exe
  2⤵
  PID:4336
- C:\Windows\System\UDfLPnp.exe
  C:\Windows\System\UDfLPnp.exe
  2⤵
  PID:4356
- C:\Windows\System\ZXoTmpX.exe
  C:\Windows\System\ZXoTmpX.exe
  2⤵
  PID:4376
- C:\Windows\System\wiUtpKN.exe
  C:\Windows\System\wiUtpKN.exe
  2⤵
  PID:4392
- C:\Windows\System\BtTsFVd.exe
  C:\Windows\System\BtTsFVd.exe
  2⤵
  PID:4416
- C:\Windows\System\lpQIMVj.exe
  C:\Windows\System\lpQIMVj.exe
  2⤵
  PID:4436
- C:\Windows\System\uIehZsA.exe
  C:\Windows\System\uIehZsA.exe
  2⤵
  PID:4456
- C:\Windows\System\vNwUXDm.exe
  C:\Windows\System\vNwUXDm.exe
  2⤵
  PID:4476
- C:\Windows\System\MEeHzRQ.exe
  C:\Windows\System\MEeHzRQ.exe
  2⤵
  PID:4496
- C:\Windows\System\Dmrhked.exe
  C:\Windows\System\Dmrhked.exe
  2⤵
  PID:4516
- C:\Windows\System\OGzyuGL.exe
  C:\Windows\System\OGzyuGL.exe
  2⤵
  PID:4536
- C:\Windows\System\QBkzrsf.exe
  C:\Windows\System\QBkzrsf.exe
  2⤵
  PID:4556
- C:\Windows\System\mSmLlJa.exe
  C:\Windows\System\mSmLlJa.exe
  2⤵
  PID:4576
- C:\Windows\System\msJqtsH.exe
  C:\Windows\System\msJqtsH.exe
  2⤵
  PID:4596
- C:\Windows\System\HvroMpL.exe
  C:\Windows\System\HvroMpL.exe
  2⤵
  PID:4616
- C:\Windows\System\hcwEFSW.exe
  C:\Windows\System\hcwEFSW.exe
  2⤵
  PID:4636
- C:\Windows\System\yfAvBvd.exe
  C:\Windows\System\yfAvBvd.exe
  2⤵
  PID:4652
- C:\Windows\System\uzjKWIV.exe
  C:\Windows\System\uzjKWIV.exe
  2⤵
  PID:4676
- C:\Windows\System\bDmTqVc.exe
  C:\Windows\System\bDmTqVc.exe
  2⤵
  PID:4696
- C:\Windows\System\LtpjyLO.exe
  C:\Windows\System\LtpjyLO.exe
  2⤵
  PID:4716
- C:\Windows\System\aQeRLJA.exe
  C:\Windows\System\aQeRLJA.exe
  2⤵
  PID:4736
- C:\Windows\System\cZEOhhB.exe
  C:\Windows\System\cZEOhhB.exe
  2⤵
  PID:4756
- C:\Windows\System\ShrBzNH.exe
  C:\Windows\System\ShrBzNH.exe
  2⤵
  PID:4780
- C:\Windows\System\xTvmQMR.exe
  C:\Windows\System\xTvmQMR.exe
  2⤵
  PID:4800
- C:\Windows\System\fxpFvpW.exe
  C:\Windows\System\fxpFvpW.exe
  2⤵
  PID:4820
- C:\Windows\System\eLcNTfx.exe
  C:\Windows\System\eLcNTfx.exe
  2⤵
  PID:4840
- C:\Windows\System\ZClVdCz.exe
  C:\Windows\System\ZClVdCz.exe
  2⤵
  PID:4860
- C:\Windows\System\NEMRJRs.exe
  C:\Windows\System\NEMRJRs.exe
  2⤵
  PID:4880
- C:\Windows\System\AlSlldY.exe
  C:\Windows\System\AlSlldY.exe
  2⤵
  PID:4900
- C:\Windows\System\jsdAqiX.exe
  C:\Windows\System\jsdAqiX.exe
  2⤵
  PID:4920
- C:\Windows\System\vuCnAlr.exe
  C:\Windows\System\vuCnAlr.exe
  2⤵
  PID:4940
- C:\Windows\System\wnvHnBu.exe
  C:\Windows\System\wnvHnBu.exe
  2⤵
  PID:4960
- C:\Windows\System\CcNzGXG.exe
  C:\Windows\System\CcNzGXG.exe
  2⤵
  PID:4980
- C:\Windows\System\qojPUFm.exe
  C:\Windows\System\qojPUFm.exe
  2⤵
  PID:5000
- C:\Windows\System\ZTEoDIg.exe
  C:\Windows\System\ZTEoDIg.exe
  2⤵
  PID:5020
- C:\Windows\System\JqwPLoA.exe
  C:\Windows\System\JqwPLoA.exe
  2⤵
  PID:5040
- C:\Windows\System\BGJtTER.exe
  C:\Windows\System\BGJtTER.exe
  2⤵
  PID:5060
- C:\Windows\System\khOVGfo.exe
  C:\Windows\System\khOVGfo.exe
  2⤵
  PID:5080
- C:\Windows\System\WkKZrxo.exe
  C:\Windows\System\WkKZrxo.exe
  2⤵
  PID:5100
- C:\Windows\System\yuODsQY.exe
  C:\Windows\System\yuODsQY.exe
  2⤵
  PID:3640
- C:\Windows\System\laxWfbM.exe
  C:\Windows\System\laxWfbM.exe
  2⤵
  PID:3680
- C:\Windows\System\pidvwBC.exe
  C:\Windows\System\pidvwBC.exe
  2⤵
  PID:3756
- C:\Windows\System\ZLtYQeK.exe
  C:\Windows\System\ZLtYQeK.exe
  2⤵
  PID:3900
- C:\Windows\System\HChhAnQ.exe
  C:\Windows\System\HChhAnQ.exe
  2⤵
  PID:3952
- C:\Windows\System\jpXWpzc.exe
  C:\Windows\System\jpXWpzc.exe
  2⤵
  PID:3976
- C:\Windows\System\JfsTfAT.exe
  C:\Windows\System\JfsTfAT.exe
  2⤵
  PID:2788
- C:\Windows\System\bgfqnnk.exe
  C:\Windows\System\bgfqnnk.exe
  2⤵
  PID:2492
- C:\Windows\System\PmdkWpG.exe
  C:\Windows\System\PmdkWpG.exe
  2⤵
  PID:3112
- C:\Windows\System\mfIjBco.exe
  C:\Windows\System\mfIjBco.exe
  2⤵
  PID:3252
- C:\Windows\System\LBJaXPx.exe
  C:\Windows\System\LBJaXPx.exe
  2⤵
  PID:3396
- C:\Windows\System\tLJKGBc.exe
  C:\Windows\System\tLJKGBc.exe
  2⤵
  PID:4112
- C:\Windows\System\qhKBOIg.exe
  C:\Windows\System\qhKBOIg.exe
  2⤵
  PID:4128
- C:\Windows\System\awkrplr.exe
  C:\Windows\System\awkrplr.exe
  2⤵
  PID:4168
- C:\Windows\System\oITnEtt.exe
  C:\Windows\System\oITnEtt.exe
  2⤵
  PID:4224
- C:\Windows\System\DSAjrjy.exe
  C:\Windows\System\DSAjrjy.exe
  2⤵
  PID:4244
- C:\Windows\System\DcqAgUZ.exe
  C:\Windows\System\DcqAgUZ.exe
  2⤵
  PID:4268
- C:\Windows\System\gbLZjfD.exe
  C:\Windows\System\gbLZjfD.exe
  2⤵
  PID:4288
- C:\Windows\System\sbkKDpy.exe
  C:\Windows\System\sbkKDpy.exe
  2⤵
  PID:4352
- C:\Windows\System\iwCKYmn.exe
  C:\Windows\System\iwCKYmn.exe
  2⤵
  PID:4388
- C:\Windows\System\JqCJTwM.exe
  C:\Windows\System\JqCJTwM.exe
  2⤵
  PID:4412
- C:\Windows\System\KHGeiVf.exe
  C:\Windows\System\KHGeiVf.exe
  2⤵
  PID:4444
- C:\Windows\System\KCQmkBx.exe
  C:\Windows\System\KCQmkBx.exe
  2⤵
  PID:4468
- C:\Windows\System\JAFchoF.exe
  C:\Windows\System\JAFchoF.exe
  2⤵
  PID:4488
- C:\Windows\System\qEVmNyF.exe
  C:\Windows\System\qEVmNyF.exe
  2⤵
  PID:3476
- C:\Windows\System\fOVLfFX.exe
  C:\Windows\System\fOVLfFX.exe
  2⤵
  PID:4564
- C:\Windows\System\QQjIyhi.exe
  C:\Windows\System\QQjIyhi.exe
  2⤵
  PID:4588
- C:\Windows\System\cdFgPBd.exe
  C:\Windows\System\cdFgPBd.exe
  2⤵
  PID:4632
- C:\Windows\System\oxBpoXQ.exe
  C:\Windows\System\oxBpoXQ.exe
  2⤵
  PID:4644
- C:\Windows\System\KSpOVrH.exe
  C:\Windows\System\KSpOVrH.exe
  2⤵
  PID:4688
- C:\Windows\System\bhYcXLZ.exe
  C:\Windows\System\bhYcXLZ.exe
  2⤵
  PID:4752
- C:\Windows\System\QaDVoTd.exe
  C:\Windows\System\QaDVoTd.exe
  2⤵
  PID:4764
- C:\Windows\System\GWoXqrG.exe
  C:\Windows\System\GWoXqrG.exe
  2⤵
  PID:4808
- C:\Windows\System\DMXctWD.exe
  C:\Windows\System\DMXctWD.exe
  2⤵
  PID:4832
- C:\Windows\System\UWkqhbB.exe
  C:\Windows\System\UWkqhbB.exe
  2⤵
  PID:4876
- C:\Windows\System\BAMbnNf.exe
  C:\Windows\System\BAMbnNf.exe
  2⤵
  PID:4892
- C:\Windows\System\cgiWBRx.exe
  C:\Windows\System\cgiWBRx.exe
  2⤵
  PID:4948
- C:\Windows\System\zMPnxWC.exe
  C:\Windows\System\zMPnxWC.exe
  2⤵
  PID:4988
- C:\Windows\System\KysoenD.exe
  C:\Windows\System\KysoenD.exe
  2⤵
  PID:5008
- C:\Windows\System\QGLUSpG.exe
  C:\Windows\System\QGLUSpG.exe
  2⤵
  PID:5032
- C:\Windows\System\kdUpsBw.exe
  C:\Windows\System\kdUpsBw.exe
  2⤵
  PID:5052
- C:\Windows\System\kNCszJU.exe
  C:\Windows\System\kNCszJU.exe
  2⤵
  PID:5088
- C:\Windows\System\TkXtvMr.exe
  C:\Windows\System\TkXtvMr.exe
  2⤵
  PID:3600
- C:\Windows\System\MdQxyHw.exe
  C:\Windows\System\MdQxyHw.exe
  2⤵
  PID:3852
- C:\Windows\System\MNfaCMd.exe
  C:\Windows\System\MNfaCMd.exe
  2⤵
  PID:4060
- C:\Windows\System\YUbAckC.exe
  C:\Windows\System\YUbAckC.exe
  2⤵
  PID:820
- C:\Windows\System\neQqZfY.exe
  C:\Windows\System\neQqZfY.exe
  2⤵
  PID:3116
- C:\Windows\System\YHvHqrE.exe
  C:\Windows\System\YHvHqrE.exe
  2⤵
  PID:3412
- C:\Windows\System\wNGayTb.exe
  C:\Windows\System\wNGayTb.exe
  2⤵
  PID:4132
- C:\Windows\System\gYrfMTb.exe
  C:\Windows\System\gYrfMTb.exe
  2⤵
  PID:4192
- C:\Windows\System\VNXCnfT.exe
  C:\Windows\System\VNXCnfT.exe
  2⤵
  PID:4232
- C:\Windows\System\NDdLzTj.exe
  C:\Windows\System\NDdLzTj.exe
  2⤵
  PID:4228
- C:\Windows\System\pYirshi.exe
  C:\Windows\System\pYirshi.exe
  2⤵
  PID:4304
- C:\Windows\System\PGEiSgx.exe
  C:\Windows\System\PGEiSgx.exe
  2⤵
  PID:4400
- C:\Windows\System\tUpqSVN.exe
  C:\Windows\System\tUpqSVN.exe
  2⤵
  PID:4432
- C:\Windows\System\yANBlzF.exe
  C:\Windows\System\yANBlzF.exe
  2⤵
  PID:1164
- C:\Windows\System\aJobBuC.exe
  C:\Windows\System\aJobBuC.exe
  2⤵
  PID:4528
- C:\Windows\System\cMJWsKD.exe
  C:\Windows\System\cMJWsKD.exe
  2⤵
  PID:4552
- C:\Windows\System\aKmuRCi.exe
  C:\Windows\System\aKmuRCi.exe
  2⤵
  PID:4608
- C:\Windows\System\OrxWuWX.exe
  C:\Windows\System\OrxWuWX.exe
  2⤵
  PID:4744
- C:\Windows\System\NFwwWne.exe
  C:\Windows\System\NFwwWne.exe
  2⤵
  PID:4792
- C:\Windows\System\NwsPGKh.exe
  C:\Windows\System\NwsPGKh.exe
  2⤵
  PID:4816
- C:\Windows\System\yKQfGaK.exe
  C:\Windows\System\yKQfGaK.exe
  2⤵
  PID:4888
- C:\Windows\System\ihvghYq.exe
  C:\Windows\System\ihvghYq.exe
  2⤵
  PID:4928
- C:\Windows\System\bUudpOU.exe
  C:\Windows\System\bUudpOU.exe
  2⤵
  PID:4996
- C:\Windows\System\WRaiZcI.exe
  C:\Windows\System\WRaiZcI.exe
  2⤵
  PID:5012
- C:\Windows\System\VCrQUzM.exe
  C:\Windows\System\VCrQUzM.exe
  2⤵
  PID:3692
- C:\Windows\System\vRnxBSN.exe
  C:\Windows\System\vRnxBSN.exe
  2⤵
  PID:3860
- C:\Windows\System\xogkdDr.exe
  C:\Windows\System\xogkdDr.exe
  2⤵
  PID:2728
- C:\Windows\System\oNwMSmA.exe
  C:\Windows\System\oNwMSmA.exe
  2⤵
  PID:2804
- C:\Windows\System\oHksXqI.exe
  C:\Windows\System\oHksXqI.exe
  2⤵
  PID:2552
- C:\Windows\System\skqQhNX.exe
  C:\Windows\System\skqQhNX.exe
  2⤵
  PID:4164
- C:\Windows\System\xiyRhBa.exe
  C:\Windows\System\xiyRhBa.exe
  2⤵
  PID:4248
- C:\Windows\System\kpxKcKO.exe
  C:\Windows\System\kpxKcKO.exe
  2⤵
  PID:4364
- C:\Windows\System\JjkjCJv.exe
  C:\Windows\System\JjkjCJv.exe
  2⤵
  PID:4532
- C:\Windows\System\HWOaPaw.exe
  C:\Windows\System\HWOaPaw.exe
  2⤵
  PID:4584
- C:\Windows\System\nJaOmnP.exe
  C:\Windows\System\nJaOmnP.exe
  2⤵
  PID:4672
- C:\Windows\System\GEDrRcX.exe
  C:\Windows\System\GEDrRcX.exe
  2⤵
  PID:5136
- C:\Windows\System\HLtJBhU.exe
  C:\Windows\System\HLtJBhU.exe
  2⤵
  PID:5156
- C:\Windows\System\LXzRZIE.exe
  C:\Windows\System\LXzRZIE.exe
  2⤵
  PID:5176
- C:\Windows\System\boYacuU.exe
  C:\Windows\System\boYacuU.exe
  2⤵
  PID:5196
- C:\Windows\System\SAaenpB.exe
  C:\Windows\System\SAaenpB.exe
  2⤵
  PID:5216
- C:\Windows\System\GwUWvtD.exe
  C:\Windows\System\GwUWvtD.exe
  2⤵
  PID:5236
- C:\Windows\System\cMcVePa.exe
  C:\Windows\System\cMcVePa.exe
  2⤵
  PID:5256
- C:\Windows\System\nxcbEfn.exe
  C:\Windows\System\nxcbEfn.exe
  2⤵
  PID:5276
- C:\Windows\System\ZuAumLA.exe
  C:\Windows\System\ZuAumLA.exe
  2⤵
  PID:5296
- C:\Windows\System\fdpPDMt.exe
  C:\Windows\System\fdpPDMt.exe
  2⤵
  PID:5316
- C:\Windows\System\kzNOnva.exe
  C:\Windows\System\kzNOnva.exe
  2⤵
  PID:5336
- C:\Windows\System\LdwmfxP.exe
  C:\Windows\System\LdwmfxP.exe
  2⤵
  PID:5356
- C:\Windows\System\QbALqiL.exe
  C:\Windows\System\QbALqiL.exe
  2⤵
  PID:5376
- C:\Windows\System\tfJVlAb.exe
  C:\Windows\System\tfJVlAb.exe
  2⤵
  PID:5396
- C:\Windows\System\VayUEzb.exe
  C:\Windows\System\VayUEzb.exe
  2⤵
  PID:5416
- C:\Windows\System\UBLvnfx.exe
  C:\Windows\System\UBLvnfx.exe
  2⤵
  PID:5436
- C:\Windows\System\ULGdUta.exe
  C:\Windows\System\ULGdUta.exe
  2⤵
  PID:5456
- C:\Windows\System\NXszwNe.exe
  C:\Windows\System\NXszwNe.exe
  2⤵
  PID:5476
- C:\Windows\System\SJbLMZA.exe
  C:\Windows\System\SJbLMZA.exe
  2⤵
  PID:5496
- C:\Windows\System\sVrPALj.exe
  C:\Windows\System\sVrPALj.exe
  2⤵
  PID:5516
- C:\Windows\System\teREJSN.exe
  C:\Windows\System\teREJSN.exe
  2⤵
  PID:5536
- C:\Windows\System\reTcGxZ.exe
  C:\Windows\System\reTcGxZ.exe
  2⤵
  PID:5556
- C:\Windows\System\KFgVdGr.exe
  C:\Windows\System\KFgVdGr.exe
  2⤵
  PID:5576
- C:\Windows\System\fBhURpi.exe
  C:\Windows\System\fBhURpi.exe
  2⤵
  PID:5596
- C:\Windows\System\eskSNIe.exe
  C:\Windows\System\eskSNIe.exe
  2⤵
  PID:5616
- C:\Windows\System\GxwXllS.exe
  C:\Windows\System\GxwXllS.exe
  2⤵
  PID:5636
- C:\Windows\System\wngCVwL.exe
  C:\Windows\System\wngCVwL.exe
  2⤵
  PID:5656
- C:\Windows\System\mZGmCZK.exe
  C:\Windows\System\mZGmCZK.exe
  2⤵
  PID:5676
- C:\Windows\System\OLVkftR.exe
  C:\Windows\System\OLVkftR.exe
  2⤵
  PID:5696
- C:\Windows\System\xDiQERt.exe
  C:\Windows\System\xDiQERt.exe
  2⤵
  PID:5716
- C:\Windows\System\SekQVzY.exe
  C:\Windows\System\SekQVzY.exe
  2⤵
  PID:5736
- C:\Windows\System\xuVwfMH.exe
  C:\Windows\System\xuVwfMH.exe
  2⤵
  PID:5756
- C:\Windows\System\nnYLsEN.exe
  C:\Windows\System\nnYLsEN.exe
  2⤵
  PID:5776
- C:\Windows\System\OWMAnIW.exe
  C:\Windows\System\OWMAnIW.exe
  2⤵
  PID:5796
- C:\Windows\System\djDwXof.exe
  C:\Windows\System\djDwXof.exe
  2⤵
  PID:5812
- C:\Windows\System\ETDJhsP.exe
  C:\Windows\System\ETDJhsP.exe
  2⤵
  PID:5836
- C:\Windows\System\cvmrasS.exe
  C:\Windows\System\cvmrasS.exe
  2⤵
  PID:5856
- C:\Windows\System\aNcPjQi.exe
  C:\Windows\System\aNcPjQi.exe
  2⤵
  PID:5876
- C:\Windows\System\LDtaRJj.exe
  C:\Windows\System\LDtaRJj.exe
  2⤵
  PID:5900
- C:\Windows\System\YdYwYgz.exe
  C:\Windows\System\YdYwYgz.exe
  2⤵
  PID:5920
- C:\Windows\System\bqxAsEC.exe
  C:\Windows\System\bqxAsEC.exe
  2⤵
  PID:5936
- C:\Windows\System\namiPoi.exe
  C:\Windows\System\namiPoi.exe
  2⤵
  PID:5960
- C:\Windows\System\xIXZswB.exe
  C:\Windows\System\xIXZswB.exe
  2⤵
  PID:5984
- C:\Windows\System\FdszvlW.exe
  C:\Windows\System\FdszvlW.exe
  2⤵
  PID:6004
- C:\Windows\System\pCibwYP.exe
  C:\Windows\System\pCibwYP.exe
  2⤵
  PID:6024
- C:\Windows\System\YnTsKfA.exe
  C:\Windows\System\YnTsKfA.exe
  2⤵
  PID:6044
- C:\Windows\System\YhcRxmW.exe
  C:\Windows\System\YhcRxmW.exe
  2⤵
  PID:6064
- C:\Windows\System\oygrLUj.exe
  C:\Windows\System\oygrLUj.exe
  2⤵
  PID:6084
- C:\Windows\System\nomuKJW.exe
  C:\Windows\System\nomuKJW.exe
  2⤵
  PID:6104
- C:\Windows\System\AQbfztq.exe
  C:\Windows\System\AQbfztq.exe
  2⤵
  PID:6124
- C:\Windows\System\KCwxxCf.exe
  C:\Windows\System\KCwxxCf.exe
  2⤵
  PID:4692
- C:\Windows\System\tlkWphx.exe
  C:\Windows\System\tlkWphx.exe
  2⤵
  PID:4856
- C:\Windows\System\eNURkcT.exe
  C:\Windows\System\eNURkcT.exe
  2⤵
  PID:4788
- C:\Windows\System\aFQmxNj.exe
  C:\Windows\System\aFQmxNj.exe
  2⤵
  PID:4936
- C:\Windows\System\nJEvePP.exe
  C:\Windows\System\nJEvePP.exe
  2⤵
  PID:5056
- C:\Windows\System\vcLRLDC.exe
  C:\Windows\System\vcLRLDC.exe
  2⤵
  PID:3760
- C:\Windows\System\EPnesnd.exe
  C:\Windows\System\EPnesnd.exe
  2⤵
  PID:2524
- C:\Windows\System\WBkKFAx.exe
  C:\Windows\System\WBkKFAx.exe
  2⤵
  PID:4172
- C:\Windows\System\XttLVZQ.exe
  C:\Windows\System\XttLVZQ.exe
  2⤵
  PID:4208
- C:\Windows\System\xdhykFq.exe
  C:\Windows\System\xdhykFq.exe
  2⤵
  PID:4312
- C:\Windows\System\WEqGhor.exe
  C:\Windows\System\WEqGhor.exe
  2⤵
  PID:4592
- C:\Windows\System\IsusxtB.exe
  C:\Windows\System\IsusxtB.exe
  2⤵
  PID:5132
- C:\Windows\System\aEmLwws.exe
  C:\Windows\System\aEmLwws.exe
  2⤵
  PID:5164
- C:\Windows\System\fjWYIIg.exe
  C:\Windows\System\fjWYIIg.exe
  2⤵
  PID:5204
- C:\Windows\System\UjNaFJI.exe
  C:\Windows\System\UjNaFJI.exe
  2⤵
  PID:5228
- C:\Windows\System\OaIoMcV.exe
  C:\Windows\System\OaIoMcV.exe
  2⤵
  PID:5272
- C:\Windows\System\zJYUxRp.exe
  C:\Windows\System\zJYUxRp.exe
  2⤵
  PID:5292
- C:\Windows\System\ofYMkJg.exe
  C:\Windows\System\ofYMkJg.exe
  2⤵
  PID:5352
- C:\Windows\System\YiZlMOa.exe
  C:\Windows\System\YiZlMOa.exe
  2⤵
  PID:5348
- C:\Windows\System\ajaPKjU.exe
  C:\Windows\System\ajaPKjU.exe
  2⤵
  PID:5368
- C:\Windows\System\drgLMWR.exe
  C:\Windows\System\drgLMWR.exe
  2⤵
  PID:5408
- C:\Windows\System\YAruzil.exe
  C:\Windows\System\YAruzil.exe
  2⤵
  PID:5472
- C:\Windows\System\CQoJFZC.exe
  C:\Windows\System\CQoJFZC.exe
  2⤵
  PID:5484
- C:\Windows\System\CFSaDmT.exe
  C:\Windows\System\CFSaDmT.exe
  2⤵
  PID:5524
- C:\Windows\System\DoLsuFC.exe
  C:\Windows\System\DoLsuFC.exe
  2⤵
  PID:5548
- C:\Windows\System\ZVlOEka.exe
  C:\Windows\System\ZVlOEka.exe
  2⤵
  PID:5572
- C:\Windows\System\NtcJSKz.exe
  C:\Windows\System\NtcJSKz.exe
  2⤵
  PID:5624
- C:\Windows\System\sWSSckh.exe
  C:\Windows\System\sWSSckh.exe
  2⤵
  PID:5664
- C:\Windows\System\geYpNJj.exe
  C:\Windows\System\geYpNJj.exe
  2⤵
  PID:5712
- C:\Windows\System\TyivBGx.exe
  C:\Windows\System\TyivBGx.exe
  2⤵
  PID:5732
- C:\Windows\System\YuFvbhd.exe
  C:\Windows\System\YuFvbhd.exe
  2⤵
  PID:5764
- C:\Windows\System\HONQyJe.exe
  C:\Windows\System\HONQyJe.exe
  2⤵
  PID:5788
- C:\Windows\System\bpBPniP.exe
  C:\Windows\System\bpBPniP.exe
  2⤵
  PID:5808
- C:\Windows\System\vIMXOxs.exe
  C:\Windows\System\vIMXOxs.exe
  2⤵
  PID:5852
- C:\Windows\System\HhblbGO.exe
  C:\Windows\System\HhblbGO.exe
  2⤵
  PID:5896
- C:\Windows\System\rkROOza.exe
  C:\Windows\System\rkROOza.exe
  2⤵
  PID:5932
- C:\Windows\System\hNWPSoJ.exe
  C:\Windows\System\hNWPSoJ.exe
  2⤵
  PID:6000
- C:\Windows\System\jjBkjsS.exe
  C:\Windows\System\jjBkjsS.exe
  2⤵
  PID:6012
- C:\Windows\System\qUryULD.exe
  C:\Windows\System\qUryULD.exe
  2⤵
  PID:6036
- C:\Windows\System\mKpNmeY.exe
  C:\Windows\System\mKpNmeY.exe
  2⤵
  PID:6080
- C:\Windows\System\DsxzKqI.exe
  C:\Windows\System\DsxzKqI.exe
  2⤵
  PID:4704
- C:\Windows\System\kcnrdaF.exe
  C:\Windows\System\kcnrdaF.exe
  2⤵
  PID:4968
- C:\Windows\System\YfBVBRR.exe
  C:\Windows\System\YfBVBRR.exe
  2⤵
  PID:6136
- C:\Windows\System\qSgPRoA.exe
  C:\Windows\System\qSgPRoA.exe
  2⤵
  PID:3792
- C:\Windows\System\rdoLTfk.exe
  C:\Windows\System\rdoLTfk.exe
  2⤵
  PID:5068
- C:\Windows\System\pQvHifo.exe
  C:\Windows\System\pQvHifo.exe
  2⤵
  PID:2704
- C:\Windows\System\HaXrotN.exe
  C:\Windows\System\HaXrotN.exe
  2⤵
  PID:4492
- C:\Windows\System\gaRJzcu.exe
  C:\Windows\System\gaRJzcu.exe
  2⤵
  PID:4204
- C:\Windows\System\rTrCagt.exe
  C:\Windows\System\rTrCagt.exe
  2⤵
  PID:5192
- C:\Windows\System\bHDNnOX.exe
  C:\Windows\System\bHDNnOX.exe
  2⤵
  PID:5148
- C:\Windows\System\gkOBaZM.exe
  C:\Windows\System\gkOBaZM.exe
  2⤵
  PID:5224
- C:\Windows\System\JcXvOid.exe
  C:\Windows\System\JcXvOid.exe
  2⤵
  PID:5312
- C:\Windows\System\GSaBHcN.exe
  C:\Windows\System\GSaBHcN.exe
  2⤵
  PID:5428
- C:\Windows\System\nnbWCWe.exe
  C:\Windows\System\nnbWCWe.exe
  2⤵
  PID:5444
- C:\Windows\System\gWUaFap.exe
  C:\Windows\System\gWUaFap.exe
  2⤵
  PID:5388
- C:\Windows\System\BQMoOea.exe
  C:\Windows\System\BQMoOea.exe
  2⤵
  PID:5448
- C:\Windows\System\HhbDYYc.exe
  C:\Windows\System\HhbDYYc.exe
  2⤵
  PID:5528
- C:\Windows\System\KBSXgCD.exe
  C:\Windows\System\KBSXgCD.exe
  2⤵
  PID:5588
- C:\Windows\System\lNMuBKa.exe
  C:\Windows\System\lNMuBKa.exe
  2⤵
  PID:5668
- C:\Windows\System\wcUwKtu.exe
  C:\Windows\System\wcUwKtu.exe
  2⤵
  PID:5704
- C:\Windows\System\DXmcMzF.exe
  C:\Windows\System\DXmcMzF.exe
  2⤵
  PID:5792
- C:\Windows\System\crhQNBS.exe
  C:\Windows\System\crhQNBS.exe
  2⤵
  PID:5912
- C:\Windows\System\WXTcIZY.exe
  C:\Windows\System\WXTcIZY.exe
  2⤵
  PID:5944
- C:\Windows\System\eQqtukF.exe
  C:\Windows\System\eQqtukF.exe
  2⤵
  PID:5996
- C:\Windows\System\NlikSDr.exe
  C:\Windows\System\NlikSDr.exe
  2⤵
  PID:6060
- C:\Windows\System\likAhlK.exe
  C:\Windows\System\likAhlK.exe
  2⤵
  PID:6096
- C:\Windows\System\taLJcvZ.exe
  C:\Windows\System\taLJcvZ.exe
  2⤵
  PID:4992
- C:\Windows\System\pvjkhou.exe
  C:\Windows\System\pvjkhou.exe
  2⤵
  PID:6140
- C:\Windows\System\pJExLGH.exe
  C:\Windows\System\pJExLGH.exe
  2⤵
  PID:5028
- C:\Windows\System\MEHoPGL.exe
  C:\Windows\System\MEHoPGL.exe
  2⤵
  PID:4408
- C:\Windows\System\tgWHdIe.exe
  C:\Windows\System\tgWHdIe.exe
  2⤵
  PID:5184
- C:\Windows\System\bMhHcZY.exe
  C:\Windows\System\bMhHcZY.exe
  2⤵
  PID:5344
- C:\Windows\System\LQAdTVP.exe
  C:\Windows\System\LQAdTVP.exe
  2⤵
  PID:5308
- C:\Windows\System\bIjQOCX.exe
  C:\Windows\System\bIjQOCX.exe
  2⤵
  PID:5372
- C:\Windows\System\Dogpota.exe
  C:\Windows\System\Dogpota.exe
  2⤵
  PID:5488
- C:\Windows\System\GUDFLCM.exe
  C:\Windows\System\GUDFLCM.exe
  2⤵
  PID:5584
- C:\Windows\System\rlFjEko.exe
  C:\Windows\System\rlFjEko.exe
  2⤵
  PID:5612
- C:\Windows\System\cOnhIwk.exe
  C:\Windows\System\cOnhIwk.exe
  2⤵
  PID:5784
- C:\Windows\System\QdpGJSy.exe
  C:\Windows\System\QdpGJSy.exe
  2⤵
  PID:5916
- C:\Windows\System\obzGFOp.exe
  C:\Windows\System\obzGFOp.exe
  2⤵
  PID:6156
- C:\Windows\System\itZeLxc.exe
  C:\Windows\System\itZeLxc.exe
  2⤵
  PID:6176
- C:\Windows\System\MBPuEhw.exe
  C:\Windows\System\MBPuEhw.exe
  2⤵
  PID:6196
- C:\Windows\System\GmpKnBJ.exe
  C:\Windows\System\GmpKnBJ.exe
  2⤵
  PID:6216
- C:\Windows\System\ryHYdmt.exe
  C:\Windows\System\ryHYdmt.exe
  2⤵
  PID:6236
- C:\Windows\System\jWXaeSQ.exe
  C:\Windows\System\jWXaeSQ.exe
  2⤵
  PID:6256
- C:\Windows\System\NNuAQYe.exe
  C:\Windows\System\NNuAQYe.exe
  2⤵
  PID:6276
- C:\Windows\System\NlXRMVB.exe
  C:\Windows\System\NlXRMVB.exe
  2⤵
  PID:6296
- C:\Windows\System\WyUHxog.exe
  C:\Windows\System\WyUHxog.exe
  2⤵
  PID:6316
- C:\Windows\System\JlEDrfQ.exe
  C:\Windows\System\JlEDrfQ.exe
  2⤵
  PID:6336
- C:\Windows\System\JRRGVhV.exe
  C:\Windows\System\JRRGVhV.exe
  2⤵
  PID:6356
- C:\Windows\System\tFESsYk.exe
  C:\Windows\System\tFESsYk.exe
  2⤵
  PID:6376
- C:\Windows\System\hYpbiZv.exe
  C:\Windows\System\hYpbiZv.exe
  2⤵
  PID:6396
- C:\Windows\System\ZlpatpO.exe
  C:\Windows\System\ZlpatpO.exe
  2⤵
  PID:6420
- C:\Windows\System\CgJNAIA.exe
  C:\Windows\System\CgJNAIA.exe
  2⤵
  PID:6440
- C:\Windows\System\mZTWWyF.exe
  C:\Windows\System\mZTWWyF.exe
  2⤵
  PID:6460
- C:\Windows\System\AiSEeJY.exe
  C:\Windows\System\AiSEeJY.exe
  2⤵
  PID:6480
- C:\Windows\System\gPvNHLs.exe
  C:\Windows\System\gPvNHLs.exe
  2⤵
  PID:6496
- C:\Windows\System\zqcXYvB.exe
  C:\Windows\System\zqcXYvB.exe
  2⤵
  PID:6520
- C:\Windows\System\RxepCsx.exe
  C:\Windows\System\RxepCsx.exe
  2⤵
  PID:6540
- C:\Windows\System\RyCoGLY.exe
  C:\Windows\System\RyCoGLY.exe
  2⤵
  PID:6560
- C:\Windows\System\KsjJqqK.exe
  C:\Windows\System\KsjJqqK.exe
  2⤵
  PID:6580
- C:\Windows\System\ViiHmrM.exe
  C:\Windows\System\ViiHmrM.exe
  2⤵
  PID:6600
- C:\Windows\System\oTAiXvF.exe
  C:\Windows\System\oTAiXvF.exe
  2⤵
  PID:6620
- C:\Windows\System\Vjmccjh.exe
  C:\Windows\System\Vjmccjh.exe
  2⤵
  PID:6640
- C:\Windows\System\ibvisLX.exe
  C:\Windows\System\ibvisLX.exe
  2⤵
  PID:6660
- C:\Windows\System\dmioKYB.exe
  C:\Windows\System\dmioKYB.exe
  2⤵
  PID:6680
- C:\Windows\System\ZgpNQrw.exe
  C:\Windows\System\ZgpNQrw.exe
  2⤵
  PID:6700
- C:\Windows\System\IAgCpXD.exe
  C:\Windows\System\IAgCpXD.exe
  2⤵
  PID:6720
- C:\Windows\System\psBdaxl.exe
  C:\Windows\System\psBdaxl.exe
  2⤵
  PID:6740
- C:\Windows\System\SwzZnZk.exe
  C:\Windows\System\SwzZnZk.exe
  2⤵
  PID:6760
- C:\Windows\System\SPYTjvd.exe
  C:\Windows\System\SPYTjvd.exe
  2⤵
  PID:6780
- C:\Windows\System\CTjwcop.exe
  C:\Windows\System\CTjwcop.exe
  2⤵
  PID:6800
- C:\Windows\System\ABcXCDi.exe
  C:\Windows\System\ABcXCDi.exe
  2⤵
  PID:6820
- C:\Windows\System\vHNBEAc.exe
  C:\Windows\System\vHNBEAc.exe
  2⤵
  PID:6840
- C:\Windows\System\DDuBsIp.exe
  C:\Windows\System\DDuBsIp.exe
  2⤵
  PID:6860
- C:\Windows\System\FOhcpNA.exe
  C:\Windows\System\FOhcpNA.exe
  2⤵
  PID:6880
- C:\Windows\System\DgfsBgv.exe
  C:\Windows\System\DgfsBgv.exe
  2⤵
  PID:6900
- C:\Windows\System\uGzPpTs.exe
  C:\Windows\System\uGzPpTs.exe
  2⤵
  PID:6920
- C:\Windows\System\HZzMaIE.exe
  C:\Windows\System\HZzMaIE.exe
  2⤵
  PID:6940
- C:\Windows\System\iQXQnPk.exe
  C:\Windows\System\iQXQnPk.exe
  2⤵
  PID:6964
- C:\Windows\System\NnnvSza.exe
  C:\Windows\System\NnnvSza.exe
  2⤵
  PID:6984
- C:\Windows\System\NcfjBDx.exe
  C:\Windows\System\NcfjBDx.exe
  2⤵
  PID:7004
- C:\Windows\System\RdKUEqb.exe
  C:\Windows\System\RdKUEqb.exe
  2⤵
  PID:7024
- C:\Windows\System\ljifGZI.exe
  C:\Windows\System\ljifGZI.exe
  2⤵
  PID:7044
- C:\Windows\System\dvzCKRe.exe
  C:\Windows\System\dvzCKRe.exe
  2⤵
  PID:7064
- C:\Windows\System\TKuHxhY.exe
  C:\Windows\System\TKuHxhY.exe
  2⤵
  PID:7084
- C:\Windows\System\qZqbHTm.exe
  C:\Windows\System\qZqbHTm.exe
  2⤵
  PID:7104
- C:\Windows\System\rFSljNz.exe
  C:\Windows\System\rFSljNz.exe
  2⤵
  PID:7124
- C:\Windows\System\oBktxLx.exe
  C:\Windows\System\oBktxLx.exe
  2⤵
  PID:7144
- C:\Windows\System\SlHuwmQ.exe
  C:\Windows\System\SlHuwmQ.exe
  2⤵
  PID:7164
- C:\Windows\System\FEasmVN.exe
  C:\Windows\System\FEasmVN.exe
  2⤵
  PID:5980
- C:\Windows\System\uYJSRdO.exe
  C:\Windows\System\uYJSRdO.exe
  2⤵
  PID:5972
- C:\Windows\System\skifTBr.exe
  C:\Windows\System\skifTBr.exe
  2⤵
  PID:6092
- C:\Windows\System\MKUJRIb.exe
  C:\Windows\System\MKUJRIb.exe
  2⤵
  PID:3528
- C:\Windows\System\ctSxpvI.exe
  C:\Windows\System\ctSxpvI.exe
  2⤵
  PID:4384
- C:\Windows\System\YobNCgW.exe
  C:\Windows\System\YobNCgW.exe
  2⤵
  PID:4660
- C:\Windows\System\GflVyni.exe
  C:\Windows\System\GflVyni.exe
  2⤵
  PID:5384
- C:\Windows\System\ilUNzxZ.exe
  C:\Windows\System\ilUNzxZ.exe
  2⤵
  PID:5452
- C:\Windows\System\kVbmMaA.exe
  C:\Windows\System\kVbmMaA.exe
  2⤵
  PID:5592
- C:\Windows\System\MsLyVYo.exe
  C:\Windows\System\MsLyVYo.exe
  2⤵
  PID:5728
- C:\Windows\System\OGusgMC.exe
  C:\Windows\System\OGusgMC.exe
  2⤵
  PID:6184
- C:\Windows\System\fWdLtof.exe
  C:\Windows\System\fWdLtof.exe
  2⤵
  PID:6188
- C:\Windows\System\RuQiMRd.exe
  C:\Windows\System\RuQiMRd.exe
  2⤵
  PID:6208
- C:\Windows\System\yBDyHbj.exe
  C:\Windows\System\yBDyHbj.exe
  2⤵
  PID:6248
- C:\Windows\System\ANeJqwe.exe
  C:\Windows\System\ANeJqwe.exe
  2⤵
  PID:6288
- C:\Windows\System\UqJkbHS.exe
  C:\Windows\System\UqJkbHS.exe
  2⤵
  PID:6352
- C:\Windows\System\HHReYEn.exe
  C:\Windows\System\HHReYEn.exe
  2⤵
  PID:6384
- C:\Windows\System\DIzNAGP.exe
  C:\Windows\System\DIzNAGP.exe
  2⤵
  PID:6404
- C:\Windows\System\yjlmjGI.exe
  C:\Windows\System\yjlmjGI.exe
  2⤵
  PID:6432
- C:\Windows\System\OnSAOUZ.exe
  C:\Windows\System\OnSAOUZ.exe
  2⤵
  PID:6456
- C:\Windows\System\xtcZWXg.exe
  C:\Windows\System\xtcZWXg.exe
  2⤵
  PID:6516
- C:\Windows\System\dxXbVlH.exe
  C:\Windows\System\dxXbVlH.exe
  2⤵
  PID:6552
- C:\Windows\System\zczAavN.exe
  C:\Windows\System\zczAavN.exe
  2⤵
  PID:6576
- C:\Windows\System\HPrCODl.exe
  C:\Windows\System\HPrCODl.exe
  2⤵
  PID:6608
- C:\Windows\System\tNkkHyV.exe
  C:\Windows\System\tNkkHyV.exe
  2⤵
  PID:6632
- C:\Windows\System\ThPwoje.exe
  C:\Windows\System\ThPwoje.exe
  2⤵
  PID:6648
- C:\Windows\System\vjxiNxj.exe
  C:\Windows\System\vjxiNxj.exe
  2⤵
  PID:6716
- C:\Windows\System\xvxJleq.exe
  C:\Windows\System\xvxJleq.exe
  2⤵
  PID:6732
- C:\Windows\System\yPYJQYy.exe
  C:\Windows\System\yPYJQYy.exe
  2⤵
  PID:6796
- C:\Windows\System\xPQdQkt.exe
  C:\Windows\System\xPQdQkt.exe
  2⤵
  PID:6828
- C:\Windows\System\dtuVETP.exe
  C:\Windows\System\dtuVETP.exe
  2⤵
  PID:6848
- C:\Windows\System\dfabdrH.exe
  C:\Windows\System\dfabdrH.exe
  2⤵
  PID:6872
- C:\Windows\System\qKmPrmG.exe
  C:\Windows\System\qKmPrmG.exe
  2⤵
  PID:6916
- C:\Windows\System\ZTxOhUC.exe
  C:\Windows\System\ZTxOhUC.exe
  2⤵
  PID:6948
- C:\Windows\System\wjubmql.exe
  C:\Windows\System\wjubmql.exe
  2⤵
  PID:6992
- C:\Windows\System\UOjLukt.exe
  C:\Windows\System\UOjLukt.exe
  2⤵
  PID:7012
- C:\Windows\System\rhEKFFE.exe
  C:\Windows\System\rhEKFFE.exe
  2⤵
  PID:6412
- C:\Windows\System\kesqYes.exe
  C:\Windows\System\kesqYes.exe
  2⤵
  PID:7080
- C:\Windows\System\ZvVClLk.exe
  C:\Windows\System\ZvVClLk.exe
  2⤵
  PID:7116
- C:\Windows\System\LXoaord.exe
  C:\Windows\System\LXoaord.exe
  2⤵
  PID:7140
- C:\Windows\System\elGnNVZ.exe
  C:\Windows\System\elGnNVZ.exe
  2⤵
  PID:5948
- C:\Windows\System\zBrFkXv.exe
  C:\Windows\System\zBrFkXv.exe
  2⤵
  PID:4748
- C:\Windows\System\sqCUrAn.exe
  C:\Windows\System\sqCUrAn.exe
  2⤵
  PID:6120
- C:\Windows\System\RwDBpyG.exe
  C:\Windows\System\RwDBpyG.exe
  2⤵
  PID:4188
- C:\Windows\System\uEFLWOt.exe
  C:\Windows\System\uEFLWOt.exe
  2⤵
  PID:5508
- C:\Windows\System\MtVhzaP.exe
  C:\Windows\System\MtVhzaP.exe
  2⤵
  PID:5868
- C:\Windows\System\MMWmcGh.exe
  C:\Windows\System\MMWmcGh.exe
  2⤵
  PID:6164
- C:\Windows\System\MaextkZ.exe
  C:\Windows\System\MaextkZ.exe
  2⤵
  PID:6244
- C:\Windows\System\KeigDqU.exe
  C:\Windows\System\KeigDqU.exe
  2⤵
  PID:6264
- C:\Windows\System\PcGlTqF.exe
  C:\Windows\System\PcGlTqF.exe
  2⤵
  PID:6292
- C:\Windows\System\hpCrapl.exe
  C:\Windows\System\hpCrapl.exe
  2⤵
  PID:6364
- C:\Windows\System\wnvaLfZ.exe
  C:\Windows\System\wnvaLfZ.exe
  2⤵
  PID:6408
- C:\Windows\System\EPvqWIj.exe
  C:\Windows\System\EPvqWIj.exe
  2⤵
  PID:6488
- C:\Windows\System\TNuXRcV.exe
  C:\Windows\System\TNuXRcV.exe
  2⤵
  PID:6504
- C:\Windows\System\rfsJFRa.exe
  C:\Windows\System\rfsJFRa.exe
  2⤵
  PID:6596
- C:\Windows\System\amXINBz.exe
  C:\Windows\System\amXINBz.exe
  2⤵
  PID:2108
- C:\Windows\System\lyCXsyj.exe
  C:\Windows\System\lyCXsyj.exe
  2⤵
  PID:6736
- C:\Windows\System\YSsKCeH.exe
  C:\Windows\System\YSsKCeH.exe
  2⤵
  PID:6708
- C:\Windows\System\nnqBMYv.exe
  C:\Windows\System\nnqBMYv.exe
  2⤵
  PID:6752
- C:\Windows\System\RCwAvMt.exe
  C:\Windows\System\RCwAvMt.exe
  2⤵
  PID:6832
- C:\Windows\System\hbUWBpF.exe
  C:\Windows\System\hbUWBpF.exe
  2⤵
  PID:2544
- C:\Windows\System\DWuTJJn.exe
  C:\Windows\System\DWuTJJn.exe
  2⤵
  PID:6908
- C:\Windows\System\iKfhtqi.exe
  C:\Windows\System\iKfhtqi.exe
  2⤵
  PID:7072
- C:\Windows\System\NUZEDtr.exe
  C:\Windows\System\NUZEDtr.exe
  2⤵
  PID:7016
- C:\Windows\System\UEqxCOE.exe
  C:\Windows\System\UEqxCOE.exe
  2⤵
  PID:6076
- C:\Windows\System\JZBsoeT.exe
  C:\Windows\System\JZBsoeT.exe
  2⤵
  PID:5952
- C:\Windows\System\NBXFPKs.exe
  C:\Windows\System\NBXFPKs.exe
  2⤵
  PID:3936
- C:\Windows\System\oYFoVdl.exe
  C:\Windows\System\oYFoVdl.exe
  2⤵
  PID:5232
- C:\Windows\System\YdajBzf.exe
  C:\Windows\System\YdajBzf.exe
  2⤵
  PID:6148
- C:\Windows\System\ZNpuEQe.exe
  C:\Windows\System\ZNpuEQe.exe
  2⤵
  PID:6212
- C:\Windows\System\ckBLbFT.exe
  C:\Windows\System\ckBLbFT.exe
  2⤵
  PID:6388
- C:\Windows\System\TGPKYRT.exe
  C:\Windows\System\TGPKYRT.exe
  2⤵
  PID:6368
- C:\Windows\System\FIyFxpA.exe
  C:\Windows\System\FIyFxpA.exe
  2⤵
  PID:6528
- C:\Windows\System\JiZHHXV.exe
  C:\Windows\System\JiZHHXV.exe
  2⤵
  PID:6436
- C:\Windows\System\KditAeY.exe
  C:\Windows\System\KditAeY.exe
  2⤵
  PID:6592
- C:\Windows\System\XHLoADA.exe
  C:\Windows\System\XHLoADA.exe
  2⤵
  PID:6712
- C:\Windows\System\cuOBzls.exe
  C:\Windows\System\cuOBzls.exe
  2⤵
  PID:6768
- C:\Windows\System\HwIYWfg.exe
  C:\Windows\System\HwIYWfg.exe
  2⤵
  PID:7060
- C:\Windows\System\DWVrfSC.exe
  C:\Windows\System\DWVrfSC.exe
  2⤵
  PID:7120
- C:\Windows\System\XqSuSdT.exe
  C:\Windows\System\XqSuSdT.exe
  2⤵
  PID:7096
- C:\Windows\System\YoCzeWA.exe
  C:\Windows\System\YoCzeWA.exe
  2⤵
  PID:7188
- C:\Windows\System\rZxyqGm.exe
  C:\Windows\System\rZxyqGm.exe
  2⤵
  PID:7204
- C:\Windows\System\AMWZUwh.exe
  C:\Windows\System\AMWZUwh.exe
  2⤵
  PID:7228
- C:\Windows\System\SeHOCUb.exe
  C:\Windows\System\SeHOCUb.exe
  2⤵
  PID:7252
- C:\Windows\System\GRcJQFM.exe
  C:\Windows\System\GRcJQFM.exe
  2⤵
  PID:7272
- C:\Windows\System\IweAqUN.exe
  C:\Windows\System\IweAqUN.exe
  2⤵
  PID:7292
- C:\Windows\System\pUeHavR.exe
  C:\Windows\System\pUeHavR.exe
  2⤵
  PID:7312
- C:\Windows\System\isAbGCu.exe
  C:\Windows\System\isAbGCu.exe
  2⤵
  PID:7332
- C:\Windows\System\RHWAJIc.exe
  C:\Windows\System\RHWAJIc.exe
  2⤵
  PID:7352
- C:\Windows\System\GmQJpGV.exe
  C:\Windows\System\GmQJpGV.exe
  2⤵
  PID:7372
- C:\Windows\System\DgoXBDk.exe
  C:\Windows\System\DgoXBDk.exe
  2⤵
  PID:7392
- C:\Windows\System\HLdIjay.exe
  C:\Windows\System\HLdIjay.exe
  2⤵
  PID:7412
- C:\Windows\System\DMPnWzT.exe
  C:\Windows\System\DMPnWzT.exe
  2⤵
  PID:7432
- C:\Windows\System\ZZbMHaJ.exe
  C:\Windows\System\ZZbMHaJ.exe
  2⤵
  PID:7452
- C:\Windows\System\FVtQIRp.exe
  C:\Windows\System\FVtQIRp.exe
  2⤵
  PID:7472
- C:\Windows\System\NTXfCIi.exe
  C:\Windows\System\NTXfCIi.exe
  2⤵
  PID:7488
- C:\Windows\System\bgyTiWP.exe
  C:\Windows\System\bgyTiWP.exe
  2⤵
  PID:7512
- C:\Windows\System\KXvQMzB.exe
  C:\Windows\System\KXvQMzB.exe
  2⤵
  PID:7532
- C:\Windows\System\HcMFqsg.exe
  C:\Windows\System\HcMFqsg.exe
  2⤵
  PID:7552
- C:\Windows\System\mQcNhZN.exe
  C:\Windows\System\mQcNhZN.exe
  2⤵
  PID:7572
- C:\Windows\System\VHzSDfL.exe
  C:\Windows\System\VHzSDfL.exe
  2⤵
  PID:7592
- C:\Windows\System\TpWCiNS.exe
  C:\Windows\System\TpWCiNS.exe
  2⤵
  PID:7612
- C:\Windows\System\AstNCaB.exe
  C:\Windows\System\AstNCaB.exe
  2⤵
  PID:7632
- C:\Windows\System\DLVDJrB.exe
  C:\Windows\System\DLVDJrB.exe
  2⤵
  PID:7652
- C:\Windows\System\KAjbkCZ.exe
  C:\Windows\System\KAjbkCZ.exe
  2⤵
  PID:7672
- C:\Windows\System\MxEgwZk.exe
  C:\Windows\System\MxEgwZk.exe
  2⤵
  PID:7688
- C:\Windows\System\tTBTdot.exe
  C:\Windows\System\tTBTdot.exe
  2⤵
  PID:7708
- C:\Windows\System\MOnfweK.exe
  C:\Windows\System\MOnfweK.exe
  2⤵
  PID:7732
- C:\Windows\System\vkDmBib.exe
  C:\Windows\System\vkDmBib.exe
  2⤵
  PID:7752
- C:\Windows\System\FZoTMMz.exe
  C:\Windows\System\FZoTMMz.exe
  2⤵
  PID:7772
- C:\Windows\System\scZnYLf.exe
  C:\Windows\System\scZnYLf.exe
  2⤵
  PID:7792
- C:\Windows\System\bYiCqWH.exe
  C:\Windows\System\bYiCqWH.exe
  2⤵
  PID:7812
- C:\Windows\System\dSIQEce.exe
  C:\Windows\System\dSIQEce.exe
  2⤵
  PID:7832
- C:\Windows\System\HFCyxDO.exe
  C:\Windows\System\HFCyxDO.exe
  2⤵
  PID:7852
- C:\Windows\System\xRISuQE.exe
  C:\Windows\System\xRISuQE.exe
  2⤵
  PID:7872
- C:\Windows\System\SkMbdPQ.exe
  C:\Windows\System\SkMbdPQ.exe
  2⤵
  PID:7896
- C:\Windows\System\nwbIuhP.exe
  C:\Windows\System\nwbIuhP.exe
  2⤵
  PID:7916
- C:\Windows\System\rblLBjE.exe
  C:\Windows\System\rblLBjE.exe
  2⤵
  PID:7936
- C:\Windows\System\sLxqiaF.exe
  C:\Windows\System\sLxqiaF.exe
  2⤵
  PID:7956
- C:\Windows\System\QPygpdi.exe
  C:\Windows\System\QPygpdi.exe
  2⤵
  PID:7976
- C:\Windows\System\EQRYCMl.exe
  C:\Windows\System\EQRYCMl.exe
  2⤵
  PID:7996
- C:\Windows\System\lgEZNcL.exe
  C:\Windows\System\lgEZNcL.exe
  2⤵
  PID:8016
- C:\Windows\System\sWUEpRQ.exe
  C:\Windows\System\sWUEpRQ.exe
  2⤵
  PID:8036
- C:\Windows\System\TjfsGiQ.exe
  C:\Windows\System\TjfsGiQ.exe
  2⤵
  PID:8056
- C:\Windows\System\RwwJqtY.exe
  C:\Windows\System\RwwJqtY.exe
  2⤵
  PID:8076
- C:\Windows\System\ntHgxVa.exe
  C:\Windows\System\ntHgxVa.exe
  2⤵
  PID:8092
- C:\Windows\System\UVTCDZx.exe
  C:\Windows\System\UVTCDZx.exe
  2⤵
  PID:8116
- C:\Windows\System\KJtnuIy.exe
  C:\Windows\System\KJtnuIy.exe
  2⤵
  PID:8136
- C:\Windows\System\GJGYLyi.exe
  C:\Windows\System\GJGYLyi.exe
  2⤵
  PID:8156
- C:\Windows\System\xsROrRE.exe
  C:\Windows\System\xsROrRE.exe
  2⤵
  PID:8176
- C:\Windows\System\bnSnzYx.exe
  C:\Windows\System\bnSnzYx.exe
  2⤵
  PID:6040
- C:\Windows\System\EEDGqFC.exe
  C:\Windows\System\EEDGqFC.exe
  2⤵
  PID:1728
- C:\Windows\System\iHEChIm.exe
  C:\Windows\System\iHEChIm.exe
  2⤵
  PID:6072
- C:\Windows\System\ZHAdxiB.exe
  C:\Windows\System\ZHAdxiB.exe
  2⤵
  PID:5652
- C:\Windows\System\bxzPuGu.exe
  C:\Windows\System\bxzPuGu.exe
  2⤵
  PID:5644
- C:\Windows\System\WSRwpVy.exe
  C:\Windows\System\WSRwpVy.exe
  2⤵
  PID:6548
- C:\Windows\System\dTKytXQ.exe
  C:\Windows\System\dTKytXQ.exe
  2⤵
  PID:6696
- C:\Windows\System\XAtpoHC.exe
  C:\Windows\System\XAtpoHC.exe
  2⤵
  PID:6788
- C:\Windows\System\ggYmDMC.exe
  C:\Windows\System\ggYmDMC.exe
  2⤵
  PID:6956
- C:\Windows\System\ClufJIw.exe
  C:\Windows\System\ClufJIw.exe
  2⤵
  PID:7200
- C:\Windows\System\IuKplWH.exe
  C:\Windows\System\IuKplWH.exe
  2⤵
  PID:7236
- C:\Windows\System\RwZYMGg.exe
  C:\Windows\System\RwZYMGg.exe
  2⤵
  PID:7220
- C:\Windows\System\NFffhDt.exe
  C:\Windows\System\NFffhDt.exe
  2⤵
  PID:7280
- C:\Windows\System\zSpcZhy.exe
  C:\Windows\System\zSpcZhy.exe
  2⤵
  PID:7328
- C:\Windows\System\dfwTunT.exe
  C:\Windows\System\dfwTunT.exe
  2⤵
  PID:7360
- C:\Windows\System\iyFTUhh.exe
  C:\Windows\System\iyFTUhh.exe
  2⤵
  PID:7348
- C:\Windows\System\TEFshXH.exe
  C:\Windows\System\TEFshXH.exe
  2⤵
  PID:7388
- C:\Windows\System\WigqQLg.exe
  C:\Windows\System\WigqQLg.exe
  2⤵
  PID:7448
- C:\Windows\System\GrvGOIZ.exe
  C:\Windows\System\GrvGOIZ.exe
  2⤵
  PID:7484
- C:\Windows\System\ehScVPC.exe
  C:\Windows\System\ehScVPC.exe
  2⤵
  PID:7500
- C:\Windows\System\SVqBYKX.exe
  C:\Windows\System\SVqBYKX.exe
  2⤵
  PID:7568
- C:\Windows\System\TlUHmWL.exe
  C:\Windows\System\TlUHmWL.exe
  2⤵
  PID:7544
- C:\Windows\System\kSEXboC.exe
  C:\Windows\System\kSEXboC.exe
  2⤵
  PID:7580
- C:\Windows\System\UVPDWvK.exe
  C:\Windows\System\UVPDWvK.exe
  2⤵
  PID:7620
- C:\Windows\System\kxFoAeK.exe
  C:\Windows\System\kxFoAeK.exe
  2⤵
  PID:7628
- C:\Windows\System\pRyobio.exe
  C:\Windows\System\pRyobio.exe
  2⤵
  PID:7680
- C:\Windows\System\OJZGvbF.exe
  C:\Windows\System\OJZGvbF.exe
  2⤵
  PID:7700
- C:\Windows\System\dtOagrr.exe
  C:\Windows\System\dtOagrr.exe
  2⤵
  PID:7740
- C:\Windows\System\tCdcdzy.exe
  C:\Windows\System\tCdcdzy.exe
  2⤵
  PID:7808
- C:\Windows\System\GuLLiWG.exe
  C:\Windows\System\GuLLiWG.exe
  2⤵
  PID:7840
- C:\Windows\System\ffPNiqS.exe
  C:\Windows\System\ffPNiqS.exe
  2⤵
  PID:7820
- C:\Windows\System\RivCDaw.exe
  C:\Windows\System\RivCDaw.exe
  2⤵
  PID:7888
- C:\Windows\System\ZRFIZaT.exe
  C:\Windows\System\ZRFIZaT.exe
  2⤵
  PID:7932
- C:\Windows\System\YCLqMJj.exe
  C:\Windows\System\YCLqMJj.exe
  2⤵
  PID:2772
- C:\Windows\System\nzQepzy.exe
  C:\Windows\System\nzQepzy.exe
  2⤵
  PID:8004
- C:\Windows\System\hGxQdKq.exe
  C:\Windows\System\hGxQdKq.exe
  2⤵
  PID:8008
- C:\Windows\System\qykKmxz.exe
  C:\Windows\System\qykKmxz.exe
  2⤵
  PID:8032
- C:\Windows\System\oyUVawj.exe
  C:\Windows\System\oyUVawj.exe
  2⤵
  PID:8064
- C:\Windows\System\CFxNQWU.exe
  C:\Windows\System\CFxNQWU.exe
  2⤵
  PID:8104
- C:\Windows\System\fMMwTEF.exe
  C:\Windows\System\fMMwTEF.exe
  2⤵
  PID:8164
- C:\Windows\System\QrLyeJk.exe
  C:\Windows\System\QrLyeJk.exe
  2⤵
  PID:7152
- C:\Windows\System\fJIrmey.exe
  C:\Windows\System\fJIrmey.exe
  2⤵
  PID:8184
- C:\Windows\System\mftKokh.exe
  C:\Windows\System\mftKokh.exe
  2⤵
  PID:5288
- C:\Windows\System\CiXJaBW.exe
  C:\Windows\System\CiXJaBW.exe
  2⤵
  PID:5424
- C:\Windows\System\IZgeVQf.exe
  C:\Windows\System\IZgeVQf.exe
  2⤵
  PID:6772
- C:\Windows\System\klpOegK.exe
  C:\Windows\System\klpOegK.exe
  2⤵
  PID:6960
- C:\Windows\System\bAKfbgL.exe
  C:\Windows\System\bAKfbgL.exe
  2⤵
  PID:2964
- C:\Windows\System\IxcQTyI.exe
  C:\Windows\System\IxcQTyI.exe
  2⤵
  PID:6852
- C:\Windows\System\HEsKfXo.exe
  C:\Windows\System\HEsKfXo.exe
  2⤵
  PID:7300
- C:\Windows\System\AnSCyxy.exe
  C:\Windows\System\AnSCyxy.exe
  2⤵
  PID:7320
- C:\Windows\System\nchmZLQ.exe
  C:\Windows\System\nchmZLQ.exe
  2⤵
  PID:7340
- C:\Windows\System\PaSWXpO.exe
  C:\Windows\System\PaSWXpO.exe
  2⤵
  PID:7380
- C:\Windows\System\VQPMRGv.exe
  C:\Windows\System\VQPMRGv.exe
  2⤵
  PID:7480
- C:\Windows\System\cbmNcSp.exe
  C:\Windows\System\cbmNcSp.exe
  2⤵
  PID:2876
- C:\Windows\System\HshgBqm.exe
  C:\Windows\System\HshgBqm.exe
  2⤵
  PID:7588
- C:\Windows\System\LxyVszU.exe
  C:\Windows\System\LxyVszU.exe
  2⤵
  PID:7524
- C:\Windows\System\KEEIGaO.exe
  C:\Windows\System\KEEIGaO.exe
  2⤵
  PID:2480
- C:\Windows\System\RputPfe.exe
  C:\Windows\System\RputPfe.exe
  2⤵
  PID:7668
- C:\Windows\System\SHUcMmI.exe
  C:\Windows\System\SHUcMmI.exe
  2⤵
  PID:2784
- C:\Windows\System\nNtmjXo.exe
  C:\Windows\System\nNtmjXo.exe
  2⤵
  PID:7728
- C:\Windows\System\eoTebyL.exe
  C:\Windows\System\eoTebyL.exe
  2⤵
  PID:7824
- C:\Windows\System\kyVBERu.exe
  C:\Windows\System\kyVBERu.exe
  2⤵
  PID:7868
- C:\Windows\System\dGvJqWq.exe
  C:\Windows\System\dGvJqWq.exe
  2⤵
  PID:7984
- C:\Windows\System\eDycxdi.exe
  C:\Windows\System\eDycxdi.exe
  2⤵
  PID:7944
- C:\Windows\System\zTsmSCX.exe
  C:\Windows\System\zTsmSCX.exe
  2⤵
  PID:2836
- C:\Windows\System\ohSFEcB.exe
  C:\Windows\System\ohSFEcB.exe
  2⤵
  PID:8048
- C:\Windows\System\FBxctyq.exe
  C:\Windows\System\FBxctyq.exe
  2⤵
  PID:8072
- C:\Windows\System\WyPTjPT.exe
  C:\Windows\System\WyPTjPT.exe
  2⤵
  PID:2688
- C:\Windows\System\FERtCqE.exe
  C:\Windows\System\FERtCqE.exe
  2⤵
  PID:6224
- C:\Windows\System\epGRSXS.exe
  C:\Windows\System\epGRSXS.exe
  2⤵
  PID:6932
- C:\Windows\System\RwOZyRJ.exe
  C:\Windows\System\RwOZyRJ.exe
  2⤵
  PID:6756
- C:\Windows\System\uFNigIH.exe
  C:\Windows\System\uFNigIH.exe
  2⤵
  PID:7196
- C:\Windows\System\oKdvysi.exe
  C:\Windows\System\oKdvysi.exe
  2⤵
  PID:7260
- C:\Windows\System\ptmEzJr.exe
  C:\Windows\System\ptmEzJr.exe
  2⤵
  PID:2132
- C:\Windows\System\uoBuEwz.exe
  C:\Windows\System\uoBuEwz.exe
  2⤵
  PID:2144
- C:\Windows\System\ptbufBu.exe
  C:\Windows\System\ptbufBu.exe
  2⤵
  PID:2960
- C:\Windows\System\OpTlhDD.exe
  C:\Windows\System\OpTlhDD.exe
  2⤵
  PID:7400
- C:\Windows\System\oEafrqF.exe
  C:\Windows\System\oEafrqF.exe
  2⤵
  PID:7540
- C:\Windows\System\FDqsjfx.exe
  C:\Windows\System\FDqsjfx.exe
  2⤵
  PID:1816
- C:\Windows\System\CddAJAZ.exe
  C:\Windows\System\CddAJAZ.exe
  2⤵
  PID:7564
- C:\Windows\System\fnOMpfV.exe
  C:\Windows\System\fnOMpfV.exe
  2⤵
  PID:7720
- C:\Windows\System\pnScPxf.exe
  C:\Windows\System\pnScPxf.exe
  2⤵
  PID:7844
- C:\Windows\System\zFsirlK.exe
  C:\Windows\System\zFsirlK.exe
  2⤵
  PID:7964
- C:\Windows\System\MWTdNBp.exe
  C:\Windows\System\MWTdNBp.exe
  2⤵
  PID:7908
- C:\Windows\System\HjuJkLY.exe
  C:\Windows\System\HjuJkLY.exe
  2⤵
  PID:2496
- C:\Windows\System\axSEBHF.exe
  C:\Windows\System\axSEBHF.exe
  2⤵
  PID:7992
- C:\Windows\System\jaOYUbP.exe
  C:\Windows\System\jaOYUbP.exe
  2⤵
  PID:2752
- C:\Windows\System\fEVYrYS.exe
  C:\Windows\System\fEVYrYS.exe
  2⤵
  PID:8152
- C:\Windows\System\jMZeryI.exe
  C:\Windows\System\jMZeryI.exe
  2⤵
  PID:6668
- C:\Windows\System\nHkbNdK.exe
  C:\Windows\System\nHkbNdK.exe
  2⤵
  PID:7180
- C:\Windows\System\Wkluwpr.exe
  C:\Windows\System\Wkluwpr.exe
  2⤵
  PID:6308
- C:\Windows\System\NZayGLE.exe
  C:\Windows\System\NZayGLE.exe
  2⤵
  PID:2660
- C:\Windows\System\QEefrYh.exe
  C:\Windows\System\QEefrYh.exe
  2⤵
  PID:6776
- C:\Windows\System\eleszxe.exe
  C:\Windows\System\eleszxe.exe
  2⤵
  PID:7284
- C:\Windows\System\fTgNUNb.exe
  C:\Windows\System\fTgNUNb.exe
  2⤵
  PID:1884
- C:\Windows\System\RAGZBuc.exe
  C:\Windows\System\RAGZBuc.exe
  2⤵
  PID:2716
- C:\Windows\System\gYACQhI.exe
  C:\Windows\System\gYACQhI.exe
  2⤵
  PID:1892
- C:\Windows\System\phuAyYo.exe
  C:\Windows\System\phuAyYo.exe
  2⤵
  PID:7308
- C:\Windows\System\UaxTmDD.exe
  C:\Windows\System\UaxTmDD.exe
  2⤵
  PID:444
- C:\Windows\System\PElMKHJ.exe
  C:\Windows\System\PElMKHJ.exe
  2⤵
  PID:7784
- C:\Windows\System\LSRmmrV.exe
  C:\Windows\System\LSRmmrV.exe
  2⤵
  PID:7748
- C:\Windows\System\TViOevd.exe
  C:\Windows\System\TViOevd.exe
  2⤵
  PID:1796
- C:\Windows\System\SGMNeVp.exe
  C:\Windows\System\SGMNeVp.exe
  2⤵
  PID:2640
- C:\Windows\System\sKPolAb.exe
  C:\Windows\System\sKPolAb.exe
  2⤵
  PID:2192
- C:\Windows\System\kvjqvkI.exe
  C:\Windows\System\kvjqvkI.exe
  2⤵
  PID:2624
- C:\Windows\System\iVilFAA.exe
  C:\Windows\System\iVilFAA.exe
  2⤵
  PID:576
- C:\Windows\System\XRtblCP.exe
  C:\Windows\System\XRtblCP.exe
  2⤵
  PID:7496
- C:\Windows\System\rfTAupD.exe
  C:\Windows\System\rfTAupD.exe
  2⤵
  PID:1764
- C:\Windows\System\sTkjUgW.exe
  C:\Windows\System\sTkjUgW.exe
  2⤵
  PID:6268
- C:\Windows\System\jZCaiDd.exe
  C:\Windows\System\jZCaiDd.exe
  2⤵
  PID:1524
- C:\Windows\System\NGoIDAW.exe
  C:\Windows\System\NGoIDAW.exe
  2⤵
  PID:2792
- C:\Windows\System\nPRRUCS.exe
  C:\Windows\System\nPRRUCS.exe
  2⤵
  PID:8168
- C:\Windows\System\yPfZXgd.exe
  C:\Windows\System\yPfZXgd.exe
  2⤵
  PID:7184
- C:\Windows\System\ZjUTPfu.exe
  C:\Windows\System\ZjUTPfu.exe
  2⤵
  PID:5168
- C:\Windows\System\BDatkCR.exe
  C:\Windows\System\BDatkCR.exe
  2⤵
  PID:1800
- C:\Windows\System\PaWuODn.exe
  C:\Windows\System\PaWuODn.exe
  2⤵
  PID:7584
- C:\Windows\System\CnmRdGz.exe
  C:\Windows\System\CnmRdGz.exe
  2⤵
  PID:8208
- C:\Windows\System\RyqSgLZ.exe
  C:\Windows\System\RyqSgLZ.exe
  2⤵
  PID:8224
- C:\Windows\System\eMaGPrO.exe
  C:\Windows\System\eMaGPrO.exe
  2⤵
  PID:8244
- C:\Windows\System\DJkJqLJ.exe
  C:\Windows\System\DJkJqLJ.exe
  2⤵
  PID:8268
- C:\Windows\System\GVnXLVt.exe
  C:\Windows\System\GVnXLVt.exe
  2⤵
  PID:8284
- C:\Windows\System\nUedtnf.exe
  C:\Windows\System\nUedtnf.exe
  2⤵
  PID:8300
- C:\Windows\System\hGZrAsl.exe
  C:\Windows\System\hGZrAsl.exe
  2⤵
  PID:8316
- C:\Windows\System\DmXzetQ.exe
  C:\Windows\System\DmXzetQ.exe
  2⤵
  PID:8336
- C:\Windows\System\jxgLcjQ.exe
  C:\Windows\System\jxgLcjQ.exe
  2⤵
  PID:8356
- C:\Windows\System\AOygWOO.exe
  C:\Windows\System\AOygWOO.exe
  2⤵
  PID:8512
- C:\Windows\System\qRFgDEB.exe
  C:\Windows\System\qRFgDEB.exe
  2⤵
  PID:8536
- C:\Windows\System\FpvLbak.exe
  C:\Windows\System\FpvLbak.exe
  2⤵
  PID:8552
- C:\Windows\System\lCNwNmp.exe
  C:\Windows\System\lCNwNmp.exe
  2⤵
  PID:8576
- C:\Windows\System\jHZPhzL.exe
  C:\Windows\System\jHZPhzL.exe
  2⤵
  PID:8592
- C:\Windows\System\eCofcuz.exe
  C:\Windows\System\eCofcuz.exe
  2⤵
  PID:8608
- C:\Windows\System\JPDOTPr.exe
  C:\Windows\System\JPDOTPr.exe
  2⤵
  PID:8624
- C:\Windows\System\iEEVAqd.exe
  C:\Windows\System\iEEVAqd.exe
  2⤵
  PID:8640
- C:\Windows\System\EXRDGDy.exe
  C:\Windows\System\EXRDGDy.exe
  2⤵
  PID:8660
- C:\Windows\System\hCDGoGm.exe
  C:\Windows\System\hCDGoGm.exe
  2⤵
  PID:8676
- C:\Windows\System\nsGcxOa.exe
  C:\Windows\System\nsGcxOa.exe
  2⤵
  PID:8696
- C:\Windows\System\RnBZFVy.exe
  C:\Windows\System\RnBZFVy.exe
  2⤵
  PID:8720
- C:\Windows\System\PVKMrKY.exe
  C:\Windows\System\PVKMrKY.exe
  2⤵
  PID:8736
- C:\Windows\System\eeCaxzg.exe
  C:\Windows\System\eeCaxzg.exe
  2⤵
  PID:8760
- C:\Windows\System\WEZKIiH.exe
  C:\Windows\System\WEZKIiH.exe
  2⤵
  PID:8776
- C:\Windows\System\QxDSbqU.exe
  C:\Windows\System\QxDSbqU.exe
  2⤵
  PID:8796
- C:\Windows\System\ECXxFoY.exe
  C:\Windows\System\ECXxFoY.exe
  2⤵
  PID:8812
- C:\Windows\System\RxJMKjW.exe
  C:\Windows\System\RxJMKjW.exe
  2⤵
  PID:8828
- C:\Windows\System\PMvOGUu.exe
  C:\Windows\System\PMvOGUu.exe
  2⤵
  PID:8848
- C:\Windows\System\RRLfoBT.exe
  C:\Windows\System\RRLfoBT.exe
  2⤵
  PID:8876
- C:\Windows\System\YaYgQKJ.exe
  C:\Windows\System\YaYgQKJ.exe
  2⤵
  PID:8896
- C:\Windows\System\pGYLsCv.exe
  C:\Windows\System\pGYLsCv.exe
  2⤵
  PID:8912
- C:\Windows\System\ZpIZPbH.exe
  C:\Windows\System\ZpIZPbH.exe
  2⤵
  PID:8932
- C:\Windows\System\HOnuhMH.exe
  C:\Windows\System\HOnuhMH.exe
  2⤵
  PID:8948
- C:\Windows\System\GUbhcuf.exe
  C:\Windows\System\GUbhcuf.exe
  2⤵
  PID:8964
- C:\Windows\System\hvafiCq.exe
  C:\Windows\System\hvafiCq.exe
  2⤵
  PID:8988
- C:\Windows\System\vJqOrbk.exe
  C:\Windows\System\vJqOrbk.exe
  2⤵
  PID:9004
- C:\Windows\System\XrXbBPH.exe
  C:\Windows\System\XrXbBPH.exe
  2⤵
  PID:9024
- C:\Windows\System\wfGscDt.exe
  C:\Windows\System\wfGscDt.exe
  2⤵
  PID:9040
- C:\Windows\System\kaMJxvO.exe
  C:\Windows\System\kaMJxvO.exe
  2⤵
  PID:9060
- C:\Windows\System\YfLDCiM.exe
  C:\Windows\System\YfLDCiM.exe
  2⤵
  PID:9076
- C:\Windows\System\DXXADFA.exe
  C:\Windows\System\DXXADFA.exe
  2⤵
  PID:9092
- C:\Windows\System\meGcSxb.exe
  C:\Windows\System\meGcSxb.exe
  2⤵
  PID:9108
- C:\Windows\System\ndmfgXL.exe
  C:\Windows\System\ndmfgXL.exe
  2⤵
  PID:9124
- C:\Windows\System\ntEjzgp.exe
  C:\Windows\System\ntEjzgp.exe
  2⤵
  PID:9140
- C:\Windows\System\IXSxPSU.exe
  C:\Windows\System\IXSxPSU.exe
  2⤵
  PID:1776
- C:\Windows\System\SONpdKX.exe
  C:\Windows\System\SONpdKX.exe
  2⤵
  PID:7724
- C:\Windows\System\ulvHHxj.exe
  C:\Windows\System\ulvHHxj.exe
  2⤵
  PID:7924
- C:\Windows\System\wTuzdDq.exe
  C:\Windows\System\wTuzdDq.exe
  2⤵
  PID:7800
- C:\Windows\System\duuLpnV.exe
  C:\Windows\System\duuLpnV.exe
  2⤵
  PID:6972
- C:\Windows\System\grjQWmr.exe
  C:\Windows\System\grjQWmr.exe
  2⤵
  PID:2224
- C:\Windows\System\msQwpbM.exe
  C:\Windows\System\msQwpbM.exe
  2⤵
  PID:8200
- C:\Windows\System\KEgTfda.exe
  C:\Windows\System\KEgTfda.exe
  2⤵
  PID:8276
- C:\Windows\System\aRixPzA.exe
  C:\Windows\System\aRixPzA.exe
  2⤵
  PID:8332
- C:\Windows\System\ceElRGU.exe
  C:\Windows\System\ceElRGU.exe
  2⤵
  PID:8384
- C:\Windows\System\FCYnrCf.exe
  C:\Windows\System\FCYnrCf.exe
  2⤵
  PID:8464
- C:\Windows\System\LuEprEY.exe
  C:\Windows\System\LuEprEY.exe
  2⤵
  PID:8480
- C:\Windows\System\vTQSljA.exe
  C:\Windows\System\vTQSljA.exe
  2⤵
  PID:8196
- C:\Windows\System\rYRnqoV.exe
  C:\Windows\System\rYRnqoV.exe
  2⤵
  PID:8504
- C:\Windows\System\nSsyxrI.exe
  C:\Windows\System\nSsyxrI.exe
  2⤵
  PID:8548
- C:\Windows\System\PyEjdbB.exe
  C:\Windows\System\PyEjdbB.exe
  2⤵
  PID:8604
- C:\Windows\System\XVdhSSa.exe
  C:\Windows\System\XVdhSSa.exe
  2⤵
  PID:8636
- C:\Windows\System\mESufgi.exe
  C:\Windows\System\mESufgi.exe
  2⤵
  PID:8648
- C:\Windows\System\wKlzneb.exe
  C:\Windows\System\wKlzneb.exe
  2⤵
  PID:8684
- C:\Windows\System\DrEBbYm.exe
  C:\Windows\System\DrEBbYm.exe
  2⤵
  PID:8732
- C:\Windows\System\yzZYbkq.exe
  C:\Windows\System\yzZYbkq.exe
  2⤵
  PID:8804
- C:\Windows\System\YhUCjea.exe
  C:\Windows\System\YhUCjea.exe
  2⤵
  PID:8840
- C:\Windows\System\QuwqhPB.exe
  C:\Windows\System\QuwqhPB.exe
  2⤵
  PID:8892
- C:\Windows\System\csMhwoz.exe
  C:\Windows\System\csMhwoz.exe
  2⤵
  PID:8956
- C:\Windows\System\TBhizdU.exe
  C:\Windows\System\TBhizdU.exe
  2⤵
  PID:9032
- C:\Windows\System\MAPPRbC.exe
  C:\Windows\System\MAPPRbC.exe
  2⤵
  PID:9100
- C:\Windows\System\WIqjpva.exe
  C:\Windows\System\WIqjpva.exe
  2⤵
  PID:9136
- C:\Windows\System\agKeDGz.exe
  C:\Windows\System\agKeDGz.exe
  2⤵
  PID:9012
- C:\Windows\System\IyuTXOY.exe
  C:\Windows\System\IyuTXOY.exe
  2⤵
  PID:8708
- C:\Windows\System\dpeScdb.exe
  C:\Windows\System\dpeScdb.exe
  2⤵
  PID:8748
- C:\Windows\System\glnOVWK.exe
  C:\Windows\System\glnOVWK.exe
  2⤵
  PID:9016
- C:\Windows\System\WxeNtcX.exe
  C:\Windows\System\WxeNtcX.exe
  2⤵
  PID:8860
- C:\Windows\System\twsHXEJ.exe
  C:\Windows\System\twsHXEJ.exe
  2⤵
  PID:8976
- C:\Windows\System\KeRXncE.exe
  C:\Windows\System\KeRXncE.exe
  2⤵
  PID:9056
- C:\Windows\System\JeSVGWc.exe
  C:\Windows\System\JeSVGWc.exe
  2⤵
  PID:9148
- C:\Windows\System\NwYPwfO.exe
  C:\Windows\System\NwYPwfO.exe
  2⤵
  PID:7880
- C:\Windows\System\XVjTXkl.exe
  C:\Windows\System\XVjTXkl.exe
  2⤵
  PID:2360
- C:\Windows\System\vUDtOfz.exe
  C:\Windows\System\vUDtOfz.exe
  2⤵
  PID:8240
- C:\Windows\System\QxlCxSh.exe
  C:\Windows\System\QxlCxSh.exe
  2⤵
  PID:8204
- C:\Windows\System\CPDqlaU.exe
  C:\Windows\System\CPDqlaU.exe
  2⤵
  PID:8308
- C:\Windows\System\MjnanXa.exe
  C:\Windows\System\MjnanXa.exe
  2⤵
  PID:8472
- C:\Windows\System\tLSNoNE.exe
  C:\Windows\System\tLSNoNE.exe
  2⤵
  PID:8532
- C:\Windows\System\znyODgS.exe
  C:\Windows\System\znyODgS.exe
  2⤵
  PID:8456
- C:\Windows\System\mHUxyvW.exe
  C:\Windows\System\mHUxyvW.exe
  2⤵
  PID:8564
- C:\Windows\System\ALsAaxb.exe
  C:\Windows\System\ALsAaxb.exe
  2⤵
  PID:8692
- C:\Windows\System\UnuMGjA.exe
  C:\Windows\System\UnuMGjA.exe
  2⤵
  PID:8928
- C:\Windows\System\kToCTJZ.exe
  C:\Windows\System\kToCTJZ.exe
  2⤵
  PID:8632
- C:\Windows\System\jNnPTxj.exe
  C:\Windows\System\jNnPTxj.exe
  2⤵
  PID:8656
- C:\Windows\System\RqWHcTb.exe
  C:\Windows\System\RqWHcTb.exe
  2⤵
  PID:9068
- C:\Windows\System\bRPSKPx.exe
  C:\Windows\System\bRPSKPx.exe
  2⤵
  PID:8824
- C:\Windows\System\FWDHhNG.exe
  C:\Windows\System\FWDHhNG.exe
  2⤵
  PID:8756
- C:\Windows\System\fRujfPw.exe
  C:\Windows\System\fRujfPw.exe
  2⤵
  PID:8908
- C:\Windows\System\rmYSQZB.exe
  C:\Windows\System\rmYSQZB.exe
  2⤵
  PID:8872
- C:\Windows\System\MauqzNu.exe
  C:\Windows\System\MauqzNu.exe
  2⤵
  PID:9088
- C:\Windows\System\DlVQVrf.exe
  C:\Windows\System\DlVQVrf.exe
  2⤵
  PID:9168
- C:\Windows\System\impIPXS.exe
  C:\Windows\System\impIPXS.exe
  2⤵
  PID:9188
- C:\Windows\System\eNUZEZj.exe
  C:\Windows\System\eNUZEZj.exe
  2⤵
  PID:9196
- C:\Windows\System\xQlnJMc.exe
  C:\Windows\System\xQlnJMc.exe
  2⤵
  PID:8108
- C:\Windows\System\kEaotrK.exe
  C:\Windows\System\kEaotrK.exe
  2⤵
  PID:8292
- C:\Windows\System\ruIbgZC.exe
  C:\Windows\System\ruIbgZC.exe
  2⤵
  PID:8836
- C:\Windows\System\GTRiRwc.exe
  C:\Windows\System\GTRiRwc.exe
  2⤵
  PID:8744
- C:\Windows\System\QnWxqXo.exe
  C:\Windows\System\QnWxqXo.exe
  2⤵
  PID:9072
- C:\Windows\System\KTBsZhe.exe
  C:\Windows\System\KTBsZhe.exe
  2⤵
  PID:9212
- C:\Windows\System\LRgWtTO.exe
  C:\Windows\System\LRgWtTO.exe
  2⤵
  PID:7704
- C:\Windows\System\qpLshcG.exe
  C:\Windows\System\qpLshcG.exe
  2⤵
  PID:8256
- C:\Windows\System\HwJISnW.exe
  C:\Windows\System\HwJISnW.exe
  2⤵
  PID:8364
- C:\Windows\System\ZnAELQh.exe
  C:\Windows\System\ZnAELQh.exe
  2⤵
  PID:8924
- C:\Windows\System\aPPvReb.exe
  C:\Windows\System\aPPvReb.exe
  2⤵
  PID:9120
- C:\Windows\System\qYgedrw.exe
  C:\Windows\System\qYgedrw.exe
  2⤵
  PID:1356
- C:\Windows\System\GvWOJLK.exe
  C:\Windows\System\GvWOJLK.exe
  2⤵
  PID:8672
- C:\Windows\System\tIkUaRH.exe
  C:\Windows\System\tIkUaRH.exe
  2⤵
  PID:8328
- C:\Windows\System\NowHdPV.exe
  C:\Windows\System\NowHdPV.exe
  2⤵
  PID:8772
- C:\Windows\System\ivgFHQV.exe
  C:\Windows\System\ivgFHQV.exe
  2⤵
  PID:9104
- C:\Windows\System\OYnLQjT.exe
  C:\Windows\System\OYnLQjT.exe
  2⤵
  PID:8112
- C:\Windows\System\ezpboDa.exe
  C:\Windows\System\ezpboDa.exe
  2⤵
  PID:9116
- C:\Windows\System\PKJBPum.exe
  C:\Windows\System\PKJBPum.exe
  2⤵
  PID:8500
- C:\Windows\System\BTBkTZY.exe
  C:\Windows\System\BTBkTZY.exe
  2⤵
  PID:8888
- C:\Windows\System\JHscxaW.exe
  C:\Windows\System\JHscxaW.exe
  2⤵
  PID:2672
- C:\Windows\System\MzzXpdQ.exe
  C:\Windows\System\MzzXpdQ.exe
  2⤵
  PID:9180
- C:\Windows\System\dLacZJY.exe
  C:\Windows\System\dLacZJY.exe
  2⤵
  PID:8584
- C:\Windows\System\CdBtZpv.exe
  C:\Windows\System\CdBtZpv.exe
  2⤵
  PID:9224
- C:\Windows\System\WOCocsX.exe
  C:\Windows\System\WOCocsX.exe
  2⤵
  PID:9240
- C:\Windows\System\ZrHGKLO.exe
  C:\Windows\System\ZrHGKLO.exe
  2⤵
  PID:9256
- C:\Windows\System\SyGeKoU.exe
  C:\Windows\System\SyGeKoU.exe
  2⤵
  PID:9272
- C:\Windows\System\GwFNLWP.exe
  C:\Windows\System\GwFNLWP.exe
  2⤵
  PID:9288
- C:\Windows\System\tCxTtWj.exe
  C:\Windows\System\tCxTtWj.exe
  2⤵
  PID:9304
- C:\Windows\System\itKoqSW.exe
  C:\Windows\System\itKoqSW.exe
  2⤵
  PID:9320
- C:\Windows\System\vfeoCXt.exe
  C:\Windows\System\vfeoCXt.exe
  2⤵
  PID:9336
- C:\Windows\System\GNFyPNg.exe
  C:\Windows\System\GNFyPNg.exe
  2⤵
  PID:9356
- C:\Windows\System\waULvNw.exe
  C:\Windows\System\waULvNw.exe
  2⤵
  PID:9412
- C:\Windows\System\VttKhTs.exe
  C:\Windows\System\VttKhTs.exe
  2⤵
  PID:9428
- C:\Windows\System\oIZjSaw.exe
  C:\Windows\System\oIZjSaw.exe
  2⤵
  PID:9448
- C:\Windows\System\JVAZExR.exe
  C:\Windows\System\JVAZExR.exe
  2⤵
  PID:9464
- C:\Windows\System\UXpphpp.exe
  C:\Windows\System\UXpphpp.exe
  2⤵
  PID:9480
- C:\Windows\System\BvWhBfG.exe
  C:\Windows\System\BvWhBfG.exe
  2⤵
  PID:9496
- C:\Windows\System\dJvsTHL.exe
  C:\Windows\System\dJvsTHL.exe
  2⤵
  PID:9512
- C:\Windows\System\KGGKRmk.exe
  C:\Windows\System\KGGKRmk.exe
  2⤵
  PID:9528
- C:\Windows\System\wHuhOBM.exe
  C:\Windows\System\wHuhOBM.exe
  2⤵
  PID:9544
- C:\Windows\System\GSHExgW.exe
  C:\Windows\System\GSHExgW.exe
  2⤵
  PID:9560
- C:\Windows\System\TTVbPSg.exe
  C:\Windows\System\TTVbPSg.exe
  2⤵
  PID:9576
- C:\Windows\System\czbAoKj.exe
  C:\Windows\System\czbAoKj.exe
  2⤵
  PID:9596
- C:\Windows\System\oQnLNMZ.exe
  C:\Windows\System\oQnLNMZ.exe
  2⤵
  PID:9616
- C:\Windows\System\DBbbCMW.exe
  C:\Windows\System\DBbbCMW.exe
  2⤵
  PID:9632
- C:\Windows\System\bGmIsnA.exe
  C:\Windows\System\bGmIsnA.exe
  2⤵
  PID:9652
- C:\Windows\System\ASUkkuj.exe
  C:\Windows\System\ASUkkuj.exe
  2⤵
  PID:9672
- C:\Windows\System\vZokPHK.exe
  C:\Windows\System\vZokPHK.exe
  2⤵
  PID:9692
- C:\Windows\System\ePtHoNI.exe
  C:\Windows\System\ePtHoNI.exe
  2⤵
  PID:9716
- C:\Windows\System\lAIRafI.exe
  C:\Windows\System\lAIRafI.exe
  2⤵
  PID:9736
- C:\Windows\System\FiZxTio.exe
  C:\Windows\System\FiZxTio.exe
  2⤵
  PID:9764
- C:\Windows\System\vDrvDvB.exe
  C:\Windows\System\vDrvDvB.exe
  2⤵
  PID:9824
- C:\Windows\System\LqcKZbX.exe
  C:\Windows\System\LqcKZbX.exe
  2⤵
  PID:9848
- C:\Windows\System\AqvVrwZ.exe
  C:\Windows\System\AqvVrwZ.exe
  2⤵
  PID:9864
- C:\Windows\System\KCrPrnf.exe
  C:\Windows\System\KCrPrnf.exe
  2⤵
  PID:9880
- C:\Windows\System\VmffCyc.exe
  C:\Windows\System\VmffCyc.exe
  2⤵
  PID:9896
- C:\Windows\System\DBAMxRN.exe
  C:\Windows\System\DBAMxRN.exe
  2⤵
  PID:9912
- C:\Windows\System\PqxXgCv.exe
  C:\Windows\System\PqxXgCv.exe
  2⤵
  PID:9928
- C:\Windows\System\DwSoAEm.exe
  C:\Windows\System\DwSoAEm.exe
  2⤵
  PID:9944
- C:\Windows\System\rHcXhaa.exe
  C:\Windows\System\rHcXhaa.exe
  2⤵
  PID:9960
- C:\Windows\System\xNGHTMQ.exe
  C:\Windows\System\xNGHTMQ.exe
  2⤵
  PID:9976
- C:\Windows\System\pOvWeko.exe
  C:\Windows\System\pOvWeko.exe
  2⤵
  PID:10036
- C:\Windows\System\SWcWBtP.exe
  C:\Windows\System\SWcWBtP.exe
  2⤵
  PID:10056
- C:\Windows\System\aegkXgB.exe
  C:\Windows\System\aegkXgB.exe
  2⤵
  PID:10072
- C:\Windows\System\JpicVce.exe
  C:\Windows\System\JpicVce.exe
  2⤵
  PID:10096
- C:\Windows\System\GiCxDOj.exe
  C:\Windows\System\GiCxDOj.exe
  2⤵
  PID:10112
- C:\Windows\System\hUfDUKX.exe
  C:\Windows\System\hUfDUKX.exe
  2⤵
  PID:10128
- C:\Windows\System\UbsahZe.exe
  C:\Windows\System\UbsahZe.exe
  2⤵
  PID:10148
- C:\Windows\System\xXQCjBv.exe
  C:\Windows\System\xXQCjBv.exe
  2⤵
  PID:10164
- C:\Windows\System\oNzUKTo.exe
  C:\Windows\System\oNzUKTo.exe
  2⤵
  PID:10180
- C:\Windows\System\eWqabuY.exe
  C:\Windows\System\eWqabuY.exe
  2⤵
  PID:10196
- C:\Windows\System\bXOBkTS.exe
  C:\Windows\System\bXOBkTS.exe
  2⤵
  PID:10224
- C:\Windows\System\uIEJjwX.exe
  C:\Windows\System\uIEJjwX.exe
  2⤵
  PID:9200
- C:\Windows\System\GIUibha.exe
  C:\Windows\System\GIUibha.exe
  2⤵
  PID:9236
- C:\Windows\System\GLKAneZ.exe
  C:\Windows\System\GLKAneZ.exe
  2⤵
  PID:9328
- C:\Windows\System\OjsIxBW.exe
  C:\Windows\System\OjsIxBW.exe
  2⤵
  PID:2344
- C:\Windows\System\PYwfRJg.exe
  C:\Windows\System\PYwfRJg.exe
  2⤵
  PID:9252
- C:\Windows\System\OYWvDyZ.exe
  C:\Windows\System\OYWvDyZ.exe
  2⤵
  PID:9344
- C:\Windows\System\XAYoDFy.exe
  C:\Windows\System\XAYoDFy.exe
  2⤵
  PID:9368
- C:\Windows\System\DTzcDOh.exe
  C:\Windows\System\DTzcDOh.exe
  2⤵
  PID:9388
- C:\Windows\System\TWlodNf.exe
  C:\Windows\System\TWlodNf.exe
  2⤵
  PID:9392
- C:\Windows\System\SsvarcA.exe
  C:\Windows\System\SsvarcA.exe
  2⤵
  PID:9444
- C:\Windows\System\opXXDSn.exe
  C:\Windows\System\opXXDSn.exe
  2⤵
  PID:9536
- C:\Windows\System\cAoNowr.exe
  C:\Windows\System\cAoNowr.exe
  2⤵
  PID:9648
- C:\Windows\System\RJgPeaX.exe
  C:\Windows\System\RJgPeaX.exe
  2⤵
  PID:9604
- C:\Windows\System\FXGiNAk.exe
  C:\Windows\System\FXGiNAk.exe
  2⤵
  PID:9556
- C:\Windows\System\elABQxW.exe
  C:\Windows\System\elABQxW.exe
  2⤵
  PID:9424
- C:\Windows\System\rlSvnTI.exe
  C:\Windows\System\rlSvnTI.exe
  2⤵
  PID:9552
- C:\Windows\System\cUHVkeJ.exe
  C:\Windows\System\cUHVkeJ.exe
  2⤵
  PID:9624
- C:\Windows\System\cVtdino.exe
  C:\Windows\System\cVtdino.exe
  2⤵
  PID:9704
- C:\Windows\System\eSRcwfX.exe
  C:\Windows\System\eSRcwfX.exe
  2⤵
  PID:9748
- C:\Windows\System\nnpJTkN.exe
  C:\Windows\System\nnpJTkN.exe
  2⤵
  PID:9780
- C:\Windows\System\INNkMcx.exe
  C:\Windows\System\INNkMcx.exe
  2⤵
  PID:9804
- C:\Windows\System\AMnFXaU.exe
  C:\Windows\System\AMnFXaU.exe
  2⤵
  PID:9832
- C:\Windows\System\HfUhuTd.exe
  C:\Windows\System\HfUhuTd.exe
  2⤵
  PID:9860
- C:\Windows\System\VEmNqTk.exe
  C:\Windows\System\VEmNqTk.exe
  2⤵
  PID:9956
- C:\Windows\System\lWGeNoX.exe
  C:\Windows\System\lWGeNoX.exe
  2⤵
  PID:10000
- C:\Windows\System\fcRySpd.exe
  C:\Windows\System\fcRySpd.exe
  2⤵
  PID:9840
- C:\Windows\System\dxflGzW.exe
  C:\Windows\System\dxflGzW.exe
  2⤵
  PID:9908
- C:\Windows\System\VxTQOKL.exe
  C:\Windows\System\VxTQOKL.exe
  2⤵
  PID:9756
- C:\Windows\System\apGvrnh.exe
  C:\Windows\System\apGvrnh.exe
  2⤵
  PID:10016
- C:\Windows\System\xYDnsAn.exe
  C:\Windows\System\xYDnsAn.exe
  2⤵
  PID:10068
- C:\Windows\System\cbnhTBN.exe
  C:\Windows\System\cbnhTBN.exe
  2⤵
  PID:10104
- C:\Windows\System\uYvRYdm.exe
  C:\Windows\System\uYvRYdm.exe
  2⤵
  PID:10192
- C:\Windows\System\EEijDqU.exe
  C:\Windows\System\EEijDqU.exe
  2⤵
  PID:9312
- C:\Windows\System\CLfMnLA.exe
  C:\Windows\System\CLfMnLA.exe
  2⤵
  PID:9440
- C:\Windows\System\lCUKjSj.exe
  C:\Windows\System\lCUKjSj.exe
  2⤵
  PID:9644
- C:\Windows\System\PAPNILT.exe
  C:\Windows\System\PAPNILT.exe
  2⤵
  PID:9724
- C:\Windows\System\xSWHKTX.exe
  C:\Windows\System\xSWHKTX.exe
  2⤵
  PID:9892
- C:\Windows\System\tDMmEoY.exe
  C:\Windows\System\tDMmEoY.exe
  2⤵
  PID:9772
- C:\Windows\System\OwsKGuB.exe
  C:\Windows\System\OwsKGuB.exe
  2⤵
  PID:9752
- C:\Windows\System\IpySwZc.exe
  C:\Windows\System\IpySwZc.exe
  2⤵
  PID:9972
- C:\Windows\System\eaKbUoz.exe
  C:\Windows\System\eaKbUoz.exe
  2⤵
  PID:9988
- C:\Windows\System\pKosTaF.exe
  C:\Windows\System\pKosTaF.exe
  2⤵
  PID:10064
- C:\Windows\System\NbHPKjs.exe
  C:\Windows\System\NbHPKjs.exe
  2⤵
  PID:10136
- C:\Windows\System\nuLmkRT.exe
  C:\Windows\System\nuLmkRT.exe
  2⤵
  PID:9492
- C:\Windows\System\yXRwNnn.exe
  C:\Windows\System\yXRwNnn.exe
  2⤵
  PID:9712
- C:\Windows\System\aihLTEz.exe
  C:\Windows\System\aihLTEz.exe
  2⤵
  PID:9792
- C:\Windows\System\lqjzdfv.exe
  C:\Windows\System\lqjzdfv.exe
  2⤵
  PID:9856
- C:\Windows\System\HAnxgVu.exe
  C:\Windows\System\HAnxgVu.exe
  2⤵
  PID:9904
- C:\Windows\System\rrUtlKU.exe
  C:\Windows\System\rrUtlKU.exe
  2⤵
  PID:10092
- C:\Windows\System\koIRPxZ.exe
  C:\Windows\System\koIRPxZ.exe
  2⤵
  PID:9408
- C:\Windows\System\iOhgWuh.exe
  C:\Windows\System\iOhgWuh.exe
  2⤵
  PID:9184
- C:\Windows\System\kfdczMi.exe
  C:\Windows\System\kfdczMi.exe
  2⤵
  PID:10232
- C:\Windows\System\aZnECgb.exe
  C:\Windows\System\aZnECgb.exe
  2⤵
  PID:9812
- C:\Windows\System\TVHslOA.exe
  C:\Windows\System\TVHslOA.exe
  2⤵
  PID:10048
- C:\Windows\System\HiyQTpE.exe
  C:\Windows\System\HiyQTpE.exe
  2⤵
  PID:10156
- C:\Windows\System\ytwDnPN.exe
  C:\Windows\System\ytwDnPN.exe
  2⤵
  PID:9508
- C:\Windows\System\Mxpnwxz.exe
  C:\Windows\System\Mxpnwxz.exe
  2⤵
  PID:9920
- C:\Windows\System\oLYyIPm.exe
  C:\Windows\System\oLYyIPm.exe
  2⤵
  PID:9248
- C:\Windows\System\njOvJYx.exe
  C:\Windows\System\njOvJYx.exe
  2⤵
  PID:9788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AlIDEGl.exe

Filesize
6.0MB

MD5
722c67d03b262ed0c9772ac63efa89e8

SHA1
74f38097601c7b2cd0a72eaf3b974bc0346abb29

SHA256
352fdfcdc817202e821114fa3bfb1281d42df9a6efdb13c5b2cc7690565c2122

SHA512
d5a23c6245242d8e0ba845e924d959eb3b072c6ff1cd29789ececd5c99652ec328130c2d4643ebeb55212f96b9ef70bd037548aba1e5c234e033111e8f964534

Download Submit
C:\Windows\system\AqxwQnE.exe

Filesize
6.0MB

MD5
ea0de6035197b38997dffa6ed5a9ab65

SHA1
a2fc20579ed57724397642ca50c18648a9d01e5a

SHA256
694b475936f513ad13726ceecda5ccc98108ae6aaae1f637db1d62b8fa648061

SHA512
a2867095b644d4543628e6f0b7ee27f19dd24202f9d04559a5fde294b2929dddac91c27edc898029ad9e02bd601dfbb910c1e01f586721cc96993f2ad8be726e

Download Submit
C:\Windows\system\DCHkOUK.exe

Filesize
6.0MB

MD5
ae5cf66be92429ffdf20d5b9552c6371

SHA1
bf7a6f35ceb5795d6b1b49984bca0bb5f4e1e06c

SHA256
388c800e0b221424382e06ace1de38c6946c496634e0b745b20c95becd4ddead

SHA512
5c9e37d3833cdde8aefb466696c7acb3237f6099ef18703eb4088aea427752d8f2e8123049148c5ff9f438c79f44af67f0828a6983a7d0d794120dd132542ac5

Download Submit
C:\Windows\system\FGZKueU.exe

Filesize
6.0MB

MD5
09ff35faec47fd97f92d28c4181b0e7a

SHA1
928bf0adc4b40ded39aeb6e389fb86a0eee32dc0

SHA256
28436e81942e544a49df51e925863cf90878bb42aef65ea2697dfe0cd1e920d3

SHA512
9a3ed28f3c9d9d27e085b10b6d5bcaed5fa0a8da58d121c29cea7598a71465b263f8d9f402087943b980cfe63a2d9b01ebc29fb2ece49edbb809c18e6398eecd

Download Submit
C:\Windows\system\GWJBVTx.exe

Filesize
6.0MB

MD5
f977a54c10b59a2596727115078e0cdb

SHA1
24dc734cc3d260283fd6ae703cf097a48101a959

SHA256
afe9ed14c023e73f809db4a1d13766017cf96d962b5e1cc5b9b0736f06ef3e78

SHA512
f27017ae6a1ad671eacfe11b8c0ddeb6bc668f52e0939f24cb9d7f82cb254dcba3c25152385336c08efbbc7e5b9d0c49b0f14c24ea379218246580753a51907a

Download Submit
C:\Windows\system\HFgLxma.exe

Filesize
6.0MB

MD5
ed01813d24c4bebd65d1edffec3953eb

SHA1
e466d226eb6b18afe47b8352482c87ea3f5ce3a8

SHA256
69b5daca08b454d810f977681dd24c7f13e23a4c8f99fcde1ed4060a84955786

SHA512
45ce3061b422f4c58f8a515f23837e49092232408bcb64d017c35ec52e53469eb4ea9ebbe4d0d8abc49dbdb17ec51f9dbade51f17719e465b8cf432ceea289f0

Download Submit
C:\Windows\system\JJXVtdv.exe

Filesize
6.0MB

MD5
ad331e64d36980b789ccbabb14c80ca2

SHA1
f625b77f17d11a5be032623c47b18f850003018c

SHA256
62e59189066e04ba8affe56dfbde441b60f19a638300bb45e9928aa2ef1b2dad

SHA512
005d14e75bd899fb31cea7e158da9294b49557351ab1bd829751eb2bce1a47a9b4ae71007c451aa93fd63d3a779b5e2681cbf6d6bd39d533a448b23a3cf6ad8d

Download Submit
C:\Windows\system\LQGXcwm.exe

Filesize
6.0MB

MD5
63ed0b3ebd0b31c3af3e466bbb5515a2

SHA1
2164506fb22134a6e9ba75cd0e67d67838c6713a

SHA256
52109c1c21bb7fdc1d40e8ad4a169e509e26913172e09912101c63a93741baea

SHA512
759da852c6391a98f1cc9b96071682c389b541bd89a624ba5ae05460fa8b47fa55773f86adfede235bb7851d6271d763a602f72375ba7796b7a853a2d73134d4

Download Submit
C:\Windows\system\QJYxPHv.exe

Filesize
6.0MB

MD5
4d4a1de7394924673b1b2460b6e351f5

SHA1
e0c60f652763b56304bc2d71043c5b8c29b39b6a

SHA256
a3d82054ebb50ab82a00a587b772635456a77f0bb8daf691b77415642db00850

SHA512
f78b7b889558ff85387c93f964bc29abaca469b5fd18b304fe7b19c784b79a1a28b57d8b2f8916b48d81a4a4f6004b6e907a865c85925e420bd6f10b5f46cc1a

Download Submit
C:\Windows\system\VochYWR.exe

Filesize
6.0MB

MD5
a6630b1ba162f13311b53445dfb4687b

SHA1
b17188473836533b49bbf6174afe71e52368a45b

SHA256
9e6633fa94bbbcf623de5c53adc7290d2e667e88e73ee6a5feadba371fb40416

SHA512
5631bf11a25fcb93c9e9d61a1bfffa0c04fbc3674f6f7a0075bb4002fcb7b1b1709a2de76f60a8eea896f44011dead4c0f10ae3433d41d86fe4cc9101996383d

Download Submit
C:\Windows\system\cCeFIct.exe

Filesize
6.0MB

MD5
85207a0ec6d72f90255f7fc0dd9576b0

SHA1
2307221d5f5cdbcbac7737b994e0e2113fb32eb8

SHA256
bbda14c4aa3abffb707a7e3675d87d03a3829cbfae1fb77e7e8a71ab28d1ee92

SHA512
11a9572595231f31407b1dfa9bbc6c84413da485f20ada6a110908da48c910f8fd57a989a514b908c6d055d773198e19e2c9efb829810c61887e220a3dbdd223

Download Submit
C:\Windows\system\eAoBXhq.exe

Filesize
6.0MB

MD5
b7b2ad152645beaa12b64d7dd89ea377

SHA1
1f9f7ae69b2603b4fe831077f48b9ce28dd418eb

SHA256
7e4a89f461aad047d0bcf126bac9cdefd0f1d22d937bc98ed7ec33a7674516e7

SHA512
c65afa3df0b6c48067bd4ee8333ad398778ef88c361aeadee388bfd70f445ad02a7f0bf2cd597f5069450ee4559f71a62d0f79686fcb4c9de48d9c2462fd95a6

Download Submit
C:\Windows\system\fFWrgWN.exe

Filesize
6.0MB

MD5
c950bdb0f268ba88f66580f3c7d911c3

SHA1
c40b42d6544f909ecba648804e9827f0fe49ce26

SHA256
13d01b8054aaf259bc6f4cce1ec1a5ace57109e0d1d9aa8cf69fef3aab512a32

SHA512
cacd20a1fd56663c36dda67a47fce1eedaed779ee0e7ba0074fbfaa0eb1b4bd48dc85798975f18d67920cc95f8066f7ab80621c5fc0b0cb4496d4879616b8f27

Download Submit
C:\Windows\system\hOpttFG.exe

Filesize
6.0MB

MD5
b522a0ea9f6219538229eae001b4942a

SHA1
cb40d04149fb6a03300b109a026215110512fd4d

SHA256
6096688941defe850c6467f187b47268888b8bacadcd40a233c43183fe9bb6ef

SHA512
26948c92f8455816cd1b05183e5df0ecb54424b6df4b2fb3168284bc5fc1929065f1f2d3d67a14e4c3279018a5f8e8b9e51e4b15fd89438635ec8360278c06d9

Download Submit
C:\Windows\system\kuDEuMJ.exe

Filesize
6.0MB

MD5
7901c91aef8f436473134f664347c058

SHA1
e09895ff3a25752566154ee41eaa76da1179c621

SHA256
16bbd44aee8ce4a3b75b15a0308f17a7e53726b6535d2b2c7b1e804f728d73a5

SHA512
cb32d415b5db035189b841db8c564f61e48eade3c89bdaf1fb657f73d9ed8647e80e921ab38430b0cf59c1b05697227a042c63cc3f1680d06bae467168e42a09

Download Submit
C:\Windows\system\lhvjERN.exe

Filesize
6.0MB

MD5
9f9e4e4b3c90507b1639500abc65df50

SHA1
1011d45a76944df360f89d612b1e195368097622

SHA256
05ae8711ea05f624d7a3b91360802b675d1403417f738bca515688b46c1f054f

SHA512
2ea7399e4a3eb3e4af1aec523ef1c458b94d02993bc5f4204066490ddc02cdd898d8c3f7273963a51cf6767c7c6fd4b94cd026f0a6dc2ed8f29c898d5c371a8f

Download Submit
C:\Windows\system\muAVIGL.exe

Filesize
6.0MB

MD5
9b6fee86d3db158629ea337afe2bd25c

SHA1
0e803cf10932e7259587508db6bdea19504f32ea

SHA256
053fbfb942ebea5ce860f4d86f962b0d7ad0690adc36043ffc40c9c71fbe6808

SHA512
60640660da99b97187569d41c44153c3781bac6b5527efce130a0e40542f8f032bacd92854b609ccabea3811a77cec884f3ef4be672be99f39724602ef265f6a

Download Submit
C:\Windows\system\qxZougt.exe

Filesize
6.0MB

MD5
e5b75f83ceaa5ebe591f44e919f237c5

SHA1
df37f6c1dde86444b1fed6aae080b55c7d60003c

SHA256
510637cf4e33aa2b0e08a0490f7e6dcc8dc39419c78952388d64e382281dac7a

SHA512
afcb267aa77556b42be1c9c6ae53f88c9c36a2256189ba44cde026da22a17246f82b59cf4bc5d717e2ab3204611a8976a0df05dc24f27baef642f01642e7a01c

Download Submit
C:\Windows\system\rIMBbna.exe

Filesize
6.0MB

MD5
ee403665116b834652c617d54190c3e2

SHA1
d88641a589678e9716b61d6cc323091da12b1168

SHA256
1d0ffddfd9baec0e60e76319003baa4ab8f1a4e6e351db67cca1c8f913130476

SHA512
9cd22d91e24014ba27d9808a81668bb97abffe03cda2b2ffa7b35e1b5035310766491a2a53db4f1b244d788a63b706a177215b2e298308fe36cba9b9ba4066c5

Download Submit
C:\Windows\system\rNhxHII.exe

Filesize
6.0MB

MD5
d1da084d3f8f448457f980f9bc9a2379

SHA1
26a0644381ef34e9e9107fb4ad1e29da54fe7e83

SHA256
4d3ccdc5ba7cfd190699989cf61b3dca96c857259a3fdc9c96925a1e459a05a4

SHA512
3dec86d7f78f43463fc03e4343995f5c9ba31bdf92e9c9058b5ada1e5c96b8b3b930bde220676d19518fad376cab90a8c3aa9d0857e9d67c773a7090e9cb0de5

Download Submit
C:\Windows\system\vvhGCtF.exe

Filesize
6.0MB

MD5
15b50a2f9ae087ae031388855fbf29d7

SHA1
aa34c44b87d251456ff58e826d7779a546957776

SHA256
a1cd4f5bed0a316f74167f621d86fdd33195a22749ad0421794b8321cb27c15d

SHA512
45c878959225ec54faaddfd3406350884669598c260365e6322e95681c6d624de2e0096706d66ba48b7df0c977262788e3613318784dd0db5146001af69b771c

Download Submit
C:\Windows\system\xwZJTSS.exe

Filesize
6.0MB

MD5
8e0fa31fe0371324b4378155589ad622

SHA1
5f7baf99fe8340f14cf2f738dddb6400d37fd13e

SHA256
c8ffaf0b4b50d972c0473cc60acebd5dcdcdb811ab1d215b3f402f4ed6f1dbc4

SHA512
7d8198f587134aee63eeed51cfd49e97d524e2418f5a2b0c58c348f09f09a547852f34e0a803132d4c8866f085d1b02139912ca326a27f674e5a5eac09762036

Download Submit
C:\Windows\system\yERoKZw.exe

Filesize
6.0MB

MD5
1daf10925d91da4162a9dfed53dc05a1

SHA1
d5668464fc4eed78ea0fb36c7380929bfcbc721f

SHA256
987555894bdc8b67547ab9e0b11af9b1e5ba4e80b9ada79f5ea93ed0aa93dfcb

SHA512
1d1fcdc288f9caefcc48a93e568ac620086da6943de0fefc7d3372db0ed79e9a6df0823e6ac6d3a563ef4a141e37ff8071158324889d0071cfa62c3fbd625df4

Download Submit
C:\Windows\system\yvVbfSt.exe

Filesize
6.0MB

MD5
b3e379b2d715737539e781d659abac05

SHA1
ecb69f2e9db61e199620b6ccfc7b7a9e08e17344

SHA256
a685b77cd5906826e0b3e166bf0c3f24b520bcc13901a598d366f76d10eed290

SHA512
0d9428bf69df473617241837d5240afde20aa995a47fc6c4fba90c7550c670b7f01cfb99fcb6e879f74828775c8ee0d128076adab667d538f326c747f3a09b25

Download Submit
\Windows\system\AeBhTzW.exe

Filesize
6.0MB

MD5
1be9f081d923a6ceca14fc3fb65df2ab

SHA1
0e69e23acbf3781e78f37ebd7cf135eed9351d7a

SHA256
1e76da501cdb0251edfe755fc1adb2281fbc438e0e119a31c74a2674da260685

SHA512
0f5a4160f84478acb5f089f47c100b74c2eac93b6718386b9a869f37b4e544ccedb2a971699222c7f8c3dc6fe49ac9d90aee6eee6ce057caef932e3834d85e07

Download Submit
\Windows\system\CZIuVjS.exe

Filesize
6.0MB

MD5
0d42176900cf2bc1701e2bb1b3779ebd

SHA1
67b65cef7a4e5636dcc5f870f34d6e2a3283d91d

SHA256
0b409dfbb0c5cce3e7b694997ed0b1dfe02298dd28a40363cadfb6fe995ab5ca

SHA512
54b5b407da154d63af9033e5d959ba5b14a446fe2dd02e688fdb03c10471e69073b71ab0c77e8fed970a1bc7267345a948cf3caa44e21002b15cd35dd74e424a

Download Submit
\Windows\system\UXlKPOP.exe

Filesize
6.0MB

MD5
fca41d4d0797b45bfde2be90982140a6

SHA1
16cc2126d04a96857eba6b44e36f758a4e497e52

SHA256
a1e0c30b52243844461cfbd8b6da3c797a9767c9e02a682c38cc34400f018ea4

SHA512
bb39f20e5af75acf708238808db9d519c629b6d135fcf5525d286424f373fa438a6cc9ce4f4dbc07c87b9bec92dec45c7fb0317aea0c0b30d4b5a3c8fa935bda

Download Submit
\Windows\system\VpruukK.exe

Filesize
6.0MB

MD5
f99adb14203c6f5d78f8978d28e897a5

SHA1
f55f4a38172862c5793e1234ef1d9659a08c2969

SHA256
85d6c9f97ae932e6696b9ba4db7fa641cb56f24a95c7254c5a2f1e9cdb64be09

SHA512
cbc1e70b330fcb484721745e6f2f4b8fb202f81c8bce63253d5a0dccf10a7ac7949368e85ab61354b6f31dfeeace7c340d4b203d115d206f4046a7d72592b329

Download Submit
\Windows\system\WDAtlAL.exe

Filesize
6.0MB

MD5
569f94d27e7e37f55eb2733b021b88f3

SHA1
f27509d24e419f141dce8cb2ac6a3ff1949200cb

SHA256
42b21fe54c92f1155ba6c54651107423a2eaefe34a7d72aaf8a7676829d598d6

SHA512
96dfbee0243f0e125fffbb09dd50c55431f4a7f8e84714ac1ebd11330a204bc1141c9a8c0d501d67de79dda75125513b7a7397621b8282b188dfda7e620dd0ca

Download Submit
\Windows\system\aJsfRMm.exe

Filesize
6.0MB

MD5
ad0256c020fe907437bed9b4b10093f2

SHA1
7feec0b194677dc17a9f20be300dee303ba0920b

SHA256
22c28951a3da17c0aabec3112e946f8511aed3a31d304f2806a77725bd009527

SHA512
2122532852d07d1b017fde6ce661bb9f6ecb8ea3873fb110074588e0bea52f6d5770814774f462efdd392d9c3cac55b454333b0a98b09e49f39e08fbdd7ae4ab

Download Submit
\Windows\system\gdMVAQd.exe

Filesize
6.0MB

MD5
cfe3c843e598da8b6a778155a040a5b0

SHA1
4a3e15dbf79a70f48e72b7f13e9bcc423507c6b7

SHA256
ba41428f34a74944c79a1860317d6541ca61b1d19a32ab54d3bac2bf182230b2

SHA512
dac9223198602f98d33c1a8a2e5a4a302ccc40c7dadcd4633ea0623e06642344ec6ca3d5a49795e89dd7662e3545b4801f55704bc63ba017a160862875e24828

Download Submit
\Windows\system\jIXkEjo.exe

Filesize
6.0MB

MD5
28642626647dcf9a54b13b2941b377fe

SHA1
7938120ca18ec844bf4e7d9fb2e7afbc643dea94

SHA256
e772ebb94bc548caf6ac5678db411c46699b60f673c1a89b2b509bff0ce7e06d

SHA512
238fa63ce8046cb562ab9990f6ecb0d0495d9ca4d5332ff233b31547a0355923f6b0c53a70f43abf45d5f1e429e3553330f0c20f60e25e2abb5144de7bbf8bbb

Download Submit
\Windows\system\kvdqvHK.exe

Filesize
6.0MB

MD5
3f672348ed362f5a4e482ca61015a76f

SHA1
5847736451739228478a50a3c5b2a899c416cd7a

SHA256
f9a010d6ca122ef1e00dcf6e6d19a014ad2359df68dc52daf1b6a25c1ab4e6a3

SHA512
aff08009c2a29a6ebebcd7079c65b6825e898d5029eb87408e3393d5d52218be827071c54b034a61a02cc5eb4c144632e9f2979abc8173f3319ff101d7e4e551

Download Submit
memory/2100-2431-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2100-3648-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2216-2316-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-3661-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-2987-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-3647-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-2466-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-0-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-3118-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2467-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2888-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2889-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2420-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2420-2468-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2470-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2420-3133-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2420-3169-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2420-3166-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2440-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-3649-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-2982-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-12-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download