cobaltstrike | 681fc2c9849e9e42e5d39c65606d64a131937342e43799c72c202713b18c8367

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/01/2025, 05:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

e998cdd5a9fb7dccbb3d31e6eee256b3
SHA1

061ed1d65e58173ecd4428c31850ce6db38bbc27
SHA256

681fc2c9849e9e42e5d39c65606d64a131937342e43799c72c202713b18c8367
SHA512

94af15df91b27dec2b925b2acb070a1989ae13ac650303ba22e9698e95ab789968bd14fc73c7b73edbc9d964228749f6a20b0abf2e502e8307587c6283fd566f
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUb:eOl56utgpPF8u/7b

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cc9-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cd1-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ce5-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cf2-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d04-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d0e-36.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016a47-48.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c58-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cd3-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d24-100.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739a-156.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-128.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173e4-159.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739c-151.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f9c-144.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dc8-136.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fb-162.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d47-120.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173aa-154.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016e74-141.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dad-133.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d50-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3f-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d36-110.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d2e-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d1b-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d13-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d0b-85.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cfe-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ca2-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c4e-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c3d-55.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000167dc-45.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d2a-41.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 38 IoCs

miner

resource	yara_rule
behavioral1/memory/2428-0-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0008000000015cc9-8.dat	xmrig
behavioral1/files/0x0008000000015cd1-15.dat	xmrig
behavioral1/files/0x0007000000015ce5-18.dat	xmrig
behavioral1/files/0x0007000000015cf2-26.dat	xmrig
behavioral1/files/0x0007000000015d04-30.dat	xmrig
behavioral1/files/0x0007000000015d0e-36.dat	xmrig
behavioral1/files/0x0006000000016a47-48.dat	xmrig
behavioral1/files/0x0006000000016c58-65.dat	xmrig
behavioral1/files/0x0006000000016cd3-75.dat	xmrig
behavioral1/files/0x0006000000016d24-100.dat	xmrig
behavioral1/files/0x000600000001739a-156.dat	xmrig
behavioral1/files/0x0006000000016d9f-128.dat	xmrig
behavioral1/files/0x00060000000173e4-159.dat	xmrig
behavioral1/files/0x000600000001739c-151.dat	xmrig
behavioral1/files/0x0006000000016f9c-144.dat	xmrig
behavioral1/files/0x0006000000016dc8-136.dat	xmrig
behavioral1/files/0x00060000000173fb-162.dat	xmrig
behavioral1/files/0x0006000000016d47-120.dat	xmrig
behavioral1/files/0x00060000000173aa-154.dat	xmrig
behavioral1/files/0x0006000000016e74-141.dat	xmrig
behavioral1/files/0x0006000000016dad-133.dat	xmrig
behavioral1/files/0x0006000000016d50-125.dat	xmrig
behavioral1/files/0x0006000000016d3f-115.dat	xmrig
behavioral1/files/0x0006000000016d36-110.dat	xmrig
behavioral1/files/0x0006000000016d2e-105.dat	xmrig
behavioral1/files/0x0006000000016d1b-95.dat	xmrig
behavioral1/files/0x0006000000016d13-90.dat	xmrig
behavioral1/files/0x0006000000016d0b-85.dat	xmrig
behavioral1/files/0x0006000000016cfe-80.dat	xmrig
behavioral1/files/0x0006000000016ca2-70.dat	xmrig
behavioral1/files/0x0006000000016c4e-60.dat	xmrig
behavioral1/files/0x0006000000016c3d-55.dat	xmrig
behavioral1/files/0x00080000000167dc-45.dat	xmrig
behavioral1/files/0x0009000000015d2a-41.dat	xmrig
behavioral1/memory/2428-3073-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/1728-3993-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3044	aBMnAxl.exe
1728	XlRXauS.exe
2100	ntrSZyF.exe
2228	pdFHVez.exe
3068	cNijPCJ.exe
1052	AnxhITk.exe
2744	qMfosPx.exe
2840	QvqXVzN.exe
2768	RBjTBfG.exe
2740	wYSUCiw.exe
2872	BCCGKgS.exe
1056	vjPKcGl.exe
2860	QIgGvbC.exe
1996	JzrMNhH.exe
2644	sKQUXEf.exe
3048	nRNzhlh.exe
984	YzVIvdq.exe
2160	hqHbyPZ.exe
1872	PIMywLW.exe
1284	bfDpBGE.exe
2856	JrFLuMF.exe
1428	yNxnVBa.exe
864	DkewQeS.exe
1904	ZIexbFI.exe
2444	jUnbeIv.exe
2936	aSYTiZB.exe
2096	VmmhskZ.exe
2940	wXshYnh.exe
352	jivdgMU.exe
904	XQzyasw.exe
304	zQYXfbE.exe
1624	xzinxWL.exe
2212	RiQCbbt.exe
2496	SonmDWN.exe
2020	AOYGNXv.exe
764	cqWeIiq.exe
620	fCxgMsd.exe
692	IkFmpgS.exe
1688	fRuOvGH.exe
1560	gqshRnj.exe
1784	HBfLZtA.exe
2520	eBeTMCH.exe
2804	SwhwbkI.exe
2272	EhsmLvL.exe
1488	brWAbGO.exe
2284	tefTnbH.exe
2984	ceTVeIR.exe
2476	xgYMRcr.exe
1980	phjLjIT.exe
1312	grWKHcq.exe
1496	ycLKegD.exe
860	CoCYTsB.exe
2396	eTGoWEf.exe
1584	RXFhBbl.exe
2908	OJrxjeN.exe
1612	uyqOGgn.exe
2220	XMQEmnd.exe
2704	OMgdhdL.exe
2868	yzamSCV.exe
2888	zhxycvP.exe
2536	fIYsDnL.exe
2820	VEzHCMT.exe
2760	DduQnOH.exe
2892	euYPTHR.exe

Loads dropped DLL 64 IoCs

pid	Process
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 38 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2428-0-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0008000000015cc9-8.dat	upx
behavioral1/files/0x0008000000015cd1-15.dat	upx
behavioral1/files/0x0007000000015ce5-18.dat	upx
behavioral1/files/0x0007000000015cf2-26.dat	upx
behavioral1/files/0x0007000000015d04-30.dat	upx
behavioral1/files/0x0007000000015d0e-36.dat	upx
behavioral1/files/0x0006000000016a47-48.dat	upx
behavioral1/files/0x0006000000016c58-65.dat	upx
behavioral1/files/0x0006000000016cd3-75.dat	upx
behavioral1/files/0x0006000000016d24-100.dat	upx
behavioral1/files/0x000600000001739a-156.dat	upx
behavioral1/files/0x0006000000016d9f-128.dat	upx
behavioral1/files/0x00060000000173e4-159.dat	upx
behavioral1/files/0x000600000001739c-151.dat	upx
behavioral1/files/0x0006000000016f9c-144.dat	upx
behavioral1/files/0x0006000000016dc8-136.dat	upx
behavioral1/files/0x00060000000173fb-162.dat	upx
behavioral1/files/0x0006000000016d47-120.dat	upx
behavioral1/files/0x00060000000173aa-154.dat	upx
behavioral1/files/0x0006000000016e74-141.dat	upx
behavioral1/files/0x0006000000016dad-133.dat	upx
behavioral1/files/0x0006000000016d50-125.dat	upx
behavioral1/files/0x0006000000016d3f-115.dat	upx
behavioral1/files/0x0006000000016d36-110.dat	upx
behavioral1/files/0x0006000000016d2e-105.dat	upx
behavioral1/files/0x0006000000016d1b-95.dat	upx
behavioral1/files/0x0006000000016d13-90.dat	upx
behavioral1/files/0x0006000000016d0b-85.dat	upx
behavioral1/files/0x0006000000016cfe-80.dat	upx
behavioral1/files/0x0006000000016ca2-70.dat	upx
behavioral1/files/0x0006000000016c4e-60.dat	upx
behavioral1/files/0x0006000000016c3d-55.dat	upx
behavioral1/files/0x00080000000167dc-45.dat	upx
behavioral1/files/0x0009000000015d2a-41.dat	upx
behavioral1/memory/2428-3073-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/1728-3993-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kauTUYS.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bVSTSFQ.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WAhCljF.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QTfdknQ.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NWBppTU.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WTfPuoL.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TCAuKHG.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\luTtaZQ.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNsZhLu.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fyLHzhp.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZIBeioP.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aBMnAxl.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UyPQGYy.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OEubZMR.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMpNBPL.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vojGrpN.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vVQQBoj.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQzNQuA.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wYSUCiw.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WHpLDzc.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\reDZWiv.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SPtwWQw.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FBWgkUK.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YhAuAYT.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XicTdtx.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaJvQsy.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RsMxPbI.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qQQxocM.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNxnVBa.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qZCRLtx.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NmTTgwa.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OiYgMUI.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CZvahue.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RliHKaz.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nERRrOx.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WNpmMWV.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UzQRwoW.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\grWKHcq.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMUvYei.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ULAfrVT.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RquAWzi.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHgSdQd.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OWFFBMx.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tVyRikZ.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AENgwfH.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FghdrDe.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DeViRdV.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RKhjlkm.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sfyvoXD.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXoyROs.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZopfyB.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tBowAUq.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WXhDiMi.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bjGeScn.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJgfKid.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QKTCWnL.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JoUsgBi.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDclhtx.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jivdgMU.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dblJSBg.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XwWnuUR.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ofLSlFU.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UPjqlgk.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NOUKluv.exe	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 3044	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2428 wrote to memory of 3044	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2428 wrote to memory of 3044	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2428 wrote to memory of 1728	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2428 wrote to memory of 1728	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2428 wrote to memory of 1728	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2428 wrote to memory of 2100	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2428 wrote to memory of 2100	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2428 wrote to memory of 2100	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2428 wrote to memory of 2228	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2428 wrote to memory of 2228	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2428 wrote to memory of 2228	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2428 wrote to memory of 3068	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2428 wrote to memory of 3068	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2428 wrote to memory of 3068	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2428 wrote to memory of 1052	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2428 wrote to memory of 1052	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2428 wrote to memory of 1052	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2428 wrote to memory of 2744	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2428 wrote to memory of 2744	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2428 wrote to memory of 2744	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2428 wrote to memory of 2840	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2428 wrote to memory of 2840	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2428 wrote to memory of 2840	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2428 wrote to memory of 2768	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2428 wrote to memory of 2768	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2428 wrote to memory of 2768	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2428 wrote to memory of 2740	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2428 wrote to memory of 2740	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2428 wrote to memory of 2740	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2428 wrote to memory of 2872	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2428 wrote to memory of 2872	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2428 wrote to memory of 2872	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2428 wrote to memory of 1056	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2428 wrote to memory of 1056	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2428 wrote to memory of 1056	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2428 wrote to memory of 2860	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2428 wrote to memory of 2860	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2428 wrote to memory of 2860	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2428 wrote to memory of 1996	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2428 wrote to memory of 1996	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2428 wrote to memory of 1996	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2428 wrote to memory of 2644	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2428 wrote to memory of 2644	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2428 wrote to memory of 2644	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2428 wrote to memory of 3048	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2428 wrote to memory of 3048	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2428 wrote to memory of 3048	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2428 wrote to memory of 984	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2428 wrote to memory of 984	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2428 wrote to memory of 984	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2428 wrote to memory of 2160	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2428 wrote to memory of 2160	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2428 wrote to memory of 2160	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2428 wrote to memory of 1872	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2428 wrote to memory of 1872	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2428 wrote to memory of 1872	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2428 wrote to memory of 1284	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2428 wrote to memory of 1284	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2428 wrote to memory of 1284	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2428 wrote to memory of 2856	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2428 wrote to memory of 2856	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2428 wrote to memory of 2856	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2428 wrote to memory of 1428	2428	2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_e998cdd5a9fb7dccbb3d31e6eee256b3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Windows\System\aBMnAxl.exe
  C:\Windows\System\aBMnAxl.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\XlRXauS.exe
  C:\Windows\System\XlRXauS.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\ntrSZyF.exe
  C:\Windows\System\ntrSZyF.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\pdFHVez.exe
  C:\Windows\System\pdFHVez.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\cNijPCJ.exe
  C:\Windows\System\cNijPCJ.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\AnxhITk.exe
  C:\Windows\System\AnxhITk.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\qMfosPx.exe
  C:\Windows\System\qMfosPx.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\QvqXVzN.exe
  C:\Windows\System\QvqXVzN.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\RBjTBfG.exe
  C:\Windows\System\RBjTBfG.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\wYSUCiw.exe
  C:\Windows\System\wYSUCiw.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\BCCGKgS.exe
  C:\Windows\System\BCCGKgS.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\vjPKcGl.exe
  C:\Windows\System\vjPKcGl.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\QIgGvbC.exe
  C:\Windows\System\QIgGvbC.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\JzrMNhH.exe
  C:\Windows\System\JzrMNhH.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\sKQUXEf.exe
  C:\Windows\System\sKQUXEf.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\nRNzhlh.exe
  C:\Windows\System\nRNzhlh.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\YzVIvdq.exe
  C:\Windows\System\YzVIvdq.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\hqHbyPZ.exe
  C:\Windows\System\hqHbyPZ.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\PIMywLW.exe
  C:\Windows\System\PIMywLW.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\bfDpBGE.exe
  C:\Windows\System\bfDpBGE.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\JrFLuMF.exe
  C:\Windows\System\JrFLuMF.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\yNxnVBa.exe
  C:\Windows\System\yNxnVBa.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\DkewQeS.exe
  C:\Windows\System\DkewQeS.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\ZIexbFI.exe
  C:\Windows\System\ZIexbFI.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\jUnbeIv.exe
  C:\Windows\System\jUnbeIv.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\wXshYnh.exe
  C:\Windows\System\wXshYnh.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\aSYTiZB.exe
  C:\Windows\System\aSYTiZB.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\RiQCbbt.exe
  C:\Windows\System\RiQCbbt.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\VmmhskZ.exe
  C:\Windows\System\VmmhskZ.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\SonmDWN.exe
  C:\Windows\System\SonmDWN.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\jivdgMU.exe
  C:\Windows\System\jivdgMU.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\AOYGNXv.exe
  C:\Windows\System\AOYGNXv.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\XQzyasw.exe
  C:\Windows\System\XQzyasw.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\cqWeIiq.exe
  C:\Windows\System\cqWeIiq.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\zQYXfbE.exe
  C:\Windows\System\zQYXfbE.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\fCxgMsd.exe
  C:\Windows\System\fCxgMsd.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\xzinxWL.exe
  C:\Windows\System\xzinxWL.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\IkFmpgS.exe
  C:\Windows\System\IkFmpgS.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\fRuOvGH.exe
  C:\Windows\System\fRuOvGH.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\gqshRnj.exe
  C:\Windows\System\gqshRnj.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\HBfLZtA.exe
  C:\Windows\System\HBfLZtA.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\eBeTMCH.exe
  C:\Windows\System\eBeTMCH.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\SwhwbkI.exe
  C:\Windows\System\SwhwbkI.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\EhsmLvL.exe
  C:\Windows\System\EhsmLvL.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\brWAbGO.exe
  C:\Windows\System\brWAbGO.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\tefTnbH.exe
  C:\Windows\System\tefTnbH.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\ceTVeIR.exe
  C:\Windows\System\ceTVeIR.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\xgYMRcr.exe
  C:\Windows\System\xgYMRcr.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\phjLjIT.exe
  C:\Windows\System\phjLjIT.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\grWKHcq.exe
  C:\Windows\System\grWKHcq.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\ycLKegD.exe
  C:\Windows\System\ycLKegD.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\CoCYTsB.exe
  C:\Windows\System\CoCYTsB.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\eTGoWEf.exe
  C:\Windows\System\eTGoWEf.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\OJrxjeN.exe
  C:\Windows\System\OJrxjeN.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\RXFhBbl.exe
  C:\Windows\System\RXFhBbl.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\uyqOGgn.exe
  C:\Windows\System\uyqOGgn.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\XMQEmnd.exe
  C:\Windows\System\XMQEmnd.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\fIYsDnL.exe
  C:\Windows\System\fIYsDnL.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\OMgdhdL.exe
  C:\Windows\System\OMgdhdL.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\VEzHCMT.exe
  C:\Windows\System\VEzHCMT.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\yzamSCV.exe
  C:\Windows\System\yzamSCV.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\DduQnOH.exe
  C:\Windows\System\DduQnOH.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\zhxycvP.exe
  C:\Windows\System\zhxycvP.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\euYPTHR.exe
  C:\Windows\System\euYPTHR.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\ZOwrNHT.exe
  C:\Windows\System\ZOwrNHT.exe
  2⤵
  PID:2608
- C:\Windows\System\FETxofG.exe
  C:\Windows\System\FETxofG.exe
  2⤵
  PID:2896
- C:\Windows\System\rkMyvQy.exe
  C:\Windows\System\rkMyvQy.exe
  2⤵
  PID:852
- C:\Windows\System\SGyHbdU.exe
  C:\Windows\System\SGyHbdU.exe
  2⤵
  PID:1740
- C:\Windows\System\kthCBYz.exe
  C:\Windows\System\kthCBYz.exe
  2⤵
  PID:1820
- C:\Windows\System\SAStulV.exe
  C:\Windows\System\SAStulV.exe
  2⤵
  PID:2196
- C:\Windows\System\JcLVEMf.exe
  C:\Windows\System\JcLVEMf.exe
  2⤵
  PID:2508
- C:\Windows\System\KXhAVQi.exe
  C:\Windows\System\KXhAVQi.exe
  2⤵
  PID:1308
- C:\Windows\System\nuGKNAD.exe
  C:\Windows\System\nuGKNAD.exe
  2⤵
  PID:2524
- C:\Windows\System\WKXLNLh.exe
  C:\Windows\System\WKXLNLh.exe
  2⤵
  PID:1956
- C:\Windows\System\BhApanR.exe
  C:\Windows\System\BhApanR.exe
  2⤵
  PID:2796
- C:\Windows\System\eRrjJnU.exe
  C:\Windows\System\eRrjJnU.exe
  2⤵
  PID:1892
- C:\Windows\System\XtgZRZZ.exe
  C:\Windows\System\XtgZRZZ.exe
  2⤵
  PID:940
- C:\Windows\System\MqqWuGM.exe
  C:\Windows\System\MqqWuGM.exe
  2⤵
  PID:2004
- C:\Windows\System\TXSuyux.exe
  C:\Windows\System\TXSuyux.exe
  2⤵
  PID:1696
- C:\Windows\System\HEMothx.exe
  C:\Windows\System\HEMothx.exe
  2⤵
  PID:900
- C:\Windows\System\tBowAUq.exe
  C:\Windows\System\tBowAUq.exe
  2⤵
  PID:2076
- C:\Windows\System\UCbxPiV.exe
  C:\Windows\System\UCbxPiV.exe
  2⤵
  PID:1336
- C:\Windows\System\qJEQkUx.exe
  C:\Windows\System\qJEQkUx.exe
  2⤵
  PID:2376
- C:\Windows\System\JLVLSdA.exe
  C:\Windows\System\JLVLSdA.exe
  2⤵
  PID:896
- C:\Windows\System\ljENOyi.exe
  C:\Windows\System\ljENOyi.exe
  2⤵
  PID:744
- C:\Windows\System\uygMwEr.exe
  C:\Windows\System\uygMwEr.exe
  2⤵
  PID:1508
- C:\Windows\System\FmaCnlK.exe
  C:\Windows\System\FmaCnlK.exe
  2⤵
  PID:800
- C:\Windows\System\AJySLHs.exe
  C:\Windows\System\AJySLHs.exe
  2⤵
  PID:2580
- C:\Windows\System\kauTUYS.exe
  C:\Windows\System\kauTUYS.exe
  2⤵
  PID:1604
- C:\Windows\System\oXDlDbL.exe
  C:\Windows\System\oXDlDbL.exe
  2⤵
  PID:1620
- C:\Windows\System\zXZnGvV.exe
  C:\Windows\System\zXZnGvV.exe
  2⤵
  PID:2436
- C:\Windows\System\gOwTzlS.exe
  C:\Windows\System\gOwTzlS.exe
  2⤵
  PID:2976
- C:\Windows\System\BzPZxzr.exe
  C:\Windows\System\BzPZxzr.exe
  2⤵
  PID:2648
- C:\Windows\System\pERkPBF.exe
  C:\Windows\System\pERkPBF.exe
  2⤵
  PID:2832
- C:\Windows\System\dbIPoHT.exe
  C:\Windows\System\dbIPoHT.exe
  2⤵
  PID:2628
- C:\Windows\System\MprbDrh.exe
  C:\Windows\System\MprbDrh.exe
  2⤵
  PID:3060
- C:\Windows\System\tMabDGr.exe
  C:\Windows\System\tMabDGr.exe
  2⤵
  PID:492
- C:\Windows\System\WRhWWIM.exe
  C:\Windows\System\WRhWWIM.exe
  2⤵
  PID:1292
- C:\Windows\System\fbJaLKP.exe
  C:\Windows\System\fbJaLKP.exe
  2⤵
  PID:832
- C:\Windows\System\fHyVPje.exe
  C:\Windows\System\fHyVPje.exe
  2⤵
  PID:1636
- C:\Windows\System\zGbGaPx.exe
  C:\Windows\System\zGbGaPx.exe
  2⤵
  PID:668
- C:\Windows\System\NYtgryH.exe
  C:\Windows\System\NYtgryH.exe
  2⤵
  PID:876
- C:\Windows\System\CiIvdtP.exe
  C:\Windows\System\CiIvdtP.exe
  2⤵
  PID:2292
- C:\Windows\System\uKMwCIV.exe
  C:\Windows\System\uKMwCIV.exe
  2⤵
  PID:316
- C:\Windows\System\KDDhjYn.exe
  C:\Windows\System\KDDhjYn.exe
  2⤵
  PID:1716
- C:\Windows\System\bVSTSFQ.exe
  C:\Windows\System\bVSTSFQ.exe
  2⤵
  PID:1516
- C:\Windows\System\MdTkaKX.exe
  C:\Windows\System\MdTkaKX.exe
  2⤵
  PID:1552
- C:\Windows\System\pwmafBE.exe
  C:\Windows\System\pwmafBE.exe
  2⤵
  PID:2724
- C:\Windows\System\LLaaVBC.exe
  C:\Windows\System\LLaaVBC.exe
  2⤵
  PID:2260
- C:\Windows\System\GqTgnRv.exe
  C:\Windows\System\GqTgnRv.exe
  2⤵
  PID:1512
- C:\Windows\System\yecQdaU.exe
  C:\Windows\System\yecQdaU.exe
  2⤵
  PID:1720
- C:\Windows\System\WVRBQHr.exe
  C:\Windows\System\WVRBQHr.exe
  2⤵
  PID:1432
- C:\Windows\System\luEdcnj.exe
  C:\Windows\System\luEdcnj.exe
  2⤵
  PID:3092
- C:\Windows\System\LTKmlDT.exe
  C:\Windows\System\LTKmlDT.exe
  2⤵
  PID:3112
- C:\Windows\System\BRLLrjA.exe
  C:\Windows\System\BRLLrjA.exe
  2⤵
  PID:3132
- C:\Windows\System\jDEPETK.exe
  C:\Windows\System\jDEPETK.exe
  2⤵
  PID:3152
- C:\Windows\System\BNHaxus.exe
  C:\Windows\System\BNHaxus.exe
  2⤵
  PID:3172
- C:\Windows\System\hlWzDtT.exe
  C:\Windows\System\hlWzDtT.exe
  2⤵
  PID:3192
- C:\Windows\System\jVrOiQo.exe
  C:\Windows\System\jVrOiQo.exe
  2⤵
  PID:3212
- C:\Windows\System\JDHFjPt.exe
  C:\Windows\System\JDHFjPt.exe
  2⤵
  PID:3232
- C:\Windows\System\engzGIa.exe
  C:\Windows\System\engzGIa.exe
  2⤵
  PID:3252
- C:\Windows\System\BmSNBFs.exe
  C:\Windows\System\BmSNBFs.exe
  2⤵
  PID:3272
- C:\Windows\System\SHMNEiG.exe
  C:\Windows\System\SHMNEiG.exe
  2⤵
  PID:3292
- C:\Windows\System\llwjgQL.exe
  C:\Windows\System\llwjgQL.exe
  2⤵
  PID:3312
- C:\Windows\System\iIjNUeh.exe
  C:\Windows\System\iIjNUeh.exe
  2⤵
  PID:3332
- C:\Windows\System\LSKiVLW.exe
  C:\Windows\System\LSKiVLW.exe
  2⤵
  PID:3352
- C:\Windows\System\EhkVAaX.exe
  C:\Windows\System\EhkVAaX.exe
  2⤵
  PID:3372
- C:\Windows\System\grxAknD.exe
  C:\Windows\System\grxAknD.exe
  2⤵
  PID:3392
- C:\Windows\System\eWbGRhv.exe
  C:\Windows\System\eWbGRhv.exe
  2⤵
  PID:3412
- C:\Windows\System\bGfrvWM.exe
  C:\Windows\System\bGfrvWM.exe
  2⤵
  PID:3432
- C:\Windows\System\XumAEkT.exe
  C:\Windows\System\XumAEkT.exe
  2⤵
  PID:3452
- C:\Windows\System\JWTGyVu.exe
  C:\Windows\System\JWTGyVu.exe
  2⤵
  PID:3472
- C:\Windows\System\RBsdgYZ.exe
  C:\Windows\System\RBsdgYZ.exe
  2⤵
  PID:3492
- C:\Windows\System\JrhlNnu.exe
  C:\Windows\System\JrhlNnu.exe
  2⤵
  PID:3512
- C:\Windows\System\ZaiZthi.exe
  C:\Windows\System\ZaiZthi.exe
  2⤵
  PID:3532
- C:\Windows\System\LrdBPLJ.exe
  C:\Windows\System\LrdBPLJ.exe
  2⤵
  PID:3552
- C:\Windows\System\PowjuNU.exe
  C:\Windows\System\PowjuNU.exe
  2⤵
  PID:3572
- C:\Windows\System\JwdSiVa.exe
  C:\Windows\System\JwdSiVa.exe
  2⤵
  PID:3592
- C:\Windows\System\pMYNYAS.exe
  C:\Windows\System\pMYNYAS.exe
  2⤵
  PID:3612
- C:\Windows\System\YRyWryM.exe
  C:\Windows\System\YRyWryM.exe
  2⤵
  PID:3632
- C:\Windows\System\DdBigZC.exe
  C:\Windows\System\DdBigZC.exe
  2⤵
  PID:3652
- C:\Windows\System\qTryQeD.exe
  C:\Windows\System\qTryQeD.exe
  2⤵
  PID:3672
- C:\Windows\System\IeqSdYQ.exe
  C:\Windows\System\IeqSdYQ.exe
  2⤵
  PID:3692
- C:\Windows\System\aLcOOyY.exe
  C:\Windows\System\aLcOOyY.exe
  2⤵
  PID:3712
- C:\Windows\System\VhpWCPa.exe
  C:\Windows\System\VhpWCPa.exe
  2⤵
  PID:3732
- C:\Windows\System\gCvoCyH.exe
  C:\Windows\System\gCvoCyH.exe
  2⤵
  PID:3752
- C:\Windows\System\lPlkiwv.exe
  C:\Windows\System\lPlkiwv.exe
  2⤵
  PID:3772
- C:\Windows\System\dxvEfHJ.exe
  C:\Windows\System\dxvEfHJ.exe
  2⤵
  PID:3792
- C:\Windows\System\qMUvYei.exe
  C:\Windows\System\qMUvYei.exe
  2⤵
  PID:3812
- C:\Windows\System\AyTSLXG.exe
  C:\Windows\System\AyTSLXG.exe
  2⤵
  PID:3832
- C:\Windows\System\xxyHVnD.exe
  C:\Windows\System\xxyHVnD.exe
  2⤵
  PID:3852
- C:\Windows\System\iuDMVvs.exe
  C:\Windows\System\iuDMVvs.exe
  2⤵
  PID:3872
- C:\Windows\System\AWPpTjW.exe
  C:\Windows\System\AWPpTjW.exe
  2⤵
  PID:3892
- C:\Windows\System\RnQKVbo.exe
  C:\Windows\System\RnQKVbo.exe
  2⤵
  PID:3912
- C:\Windows\System\ZYLctCP.exe
  C:\Windows\System\ZYLctCP.exe
  2⤵
  PID:3932
- C:\Windows\System\pETXLHw.exe
  C:\Windows\System\pETXLHw.exe
  2⤵
  PID:3952
- C:\Windows\System\aoVJssw.exe
  C:\Windows\System\aoVJssw.exe
  2⤵
  PID:3972
- C:\Windows\System\qWrtazu.exe
  C:\Windows\System\qWrtazu.exe
  2⤵
  PID:3992
- C:\Windows\System\BbDLYGw.exe
  C:\Windows\System\BbDLYGw.exe
  2⤵
  PID:4012
- C:\Windows\System\DsjobFv.exe
  C:\Windows\System\DsjobFv.exe
  2⤵
  PID:4032
- C:\Windows\System\ZmwTHYr.exe
  C:\Windows\System\ZmwTHYr.exe
  2⤵
  PID:4052
- C:\Windows\System\xHdHjok.exe
  C:\Windows\System\xHdHjok.exe
  2⤵
  PID:4072
- C:\Windows\System\PdDJpjJ.exe
  C:\Windows\System\PdDJpjJ.exe
  2⤵
  PID:4092
- C:\Windows\System\RRyutiR.exe
  C:\Windows\System\RRyutiR.exe
  2⤵
  PID:2184
- C:\Windows\System\qsJNwxW.exe
  C:\Windows\System\qsJNwxW.exe
  2⤵
  PID:2684
- C:\Windows\System\bRMIuYl.exe
  C:\Windows\System\bRMIuYl.exe
  2⤵
  PID:2320
- C:\Windows\System\cZVaMzk.exe
  C:\Windows\System\cZVaMzk.exe
  2⤵
  PID:1900
- C:\Windows\System\zqgMxkm.exe
  C:\Windows\System\zqgMxkm.exe
  2⤵
  PID:444
- C:\Windows\System\HGjauHT.exe
  C:\Windows\System\HGjauHT.exe
  2⤵
  PID:1096
- C:\Windows\System\voWmuOk.exe
  C:\Windows\System\voWmuOk.exe
  2⤵
  PID:1672
- C:\Windows\System\qqpYjGw.exe
  C:\Windows\System\qqpYjGw.exe
  2⤵
  PID:2472
- C:\Windows\System\MJnYHzH.exe
  C:\Windows\System\MJnYHzH.exe
  2⤵
  PID:308
- C:\Windows\System\yirsipB.exe
  C:\Windows\System\yirsipB.exe
  2⤵
  PID:3052
- C:\Windows\System\dwmIfjQ.exe
  C:\Windows\System\dwmIfjQ.exe
  2⤵
  PID:1824
- C:\Windows\System\mzYGErb.exe
  C:\Windows\System\mzYGErb.exe
  2⤵
  PID:3084
- C:\Windows\System\YVwYEDJ.exe
  C:\Windows\System\YVwYEDJ.exe
  2⤵
  PID:3128
- C:\Windows\System\wJBklRU.exe
  C:\Windows\System\wJBklRU.exe
  2⤵
  PID:3168
- C:\Windows\System\zeXbxQc.exe
  C:\Windows\System\zeXbxQc.exe
  2⤵
  PID:3220
- C:\Windows\System\oWxJerw.exe
  C:\Windows\System\oWxJerw.exe
  2⤵
  PID:3248
- C:\Windows\System\OANphAc.exe
  C:\Windows\System\OANphAc.exe
  2⤵
  PID:3280
- C:\Windows\System\snWAfJn.exe
  C:\Windows\System\snWAfJn.exe
  2⤵
  PID:3304
- C:\Windows\System\GjTKqjm.exe
  C:\Windows\System\GjTKqjm.exe
  2⤵
  PID:3324
- C:\Windows\System\MRDCeYc.exe
  C:\Windows\System\MRDCeYc.exe
  2⤵
  PID:3364
- C:\Windows\System\wYUaOAa.exe
  C:\Windows\System\wYUaOAa.exe
  2⤵
  PID:3404
- C:\Windows\System\ubfwvkp.exe
  C:\Windows\System\ubfwvkp.exe
  2⤵
  PID:3448
- C:\Windows\System\ojtyidV.exe
  C:\Windows\System\ojtyidV.exe
  2⤵
  PID:3480
- C:\Windows\System\CJMGBYM.exe
  C:\Windows\System\CJMGBYM.exe
  2⤵
  PID:3504
- C:\Windows\System\IXBuerb.exe
  C:\Windows\System\IXBuerb.exe
  2⤵
  PID:3524
- C:\Windows\System\zBOLgoX.exe
  C:\Windows\System\zBOLgoX.exe
  2⤵
  PID:3580
- C:\Windows\System\pNxDnXV.exe
  C:\Windows\System\pNxDnXV.exe
  2⤵
  PID:3604
- C:\Windows\System\DnnXshd.exe
  C:\Windows\System\DnnXshd.exe
  2⤵
  PID:3660
- C:\Windows\System\SjkKfrZ.exe
  C:\Windows\System\SjkKfrZ.exe
  2⤵
  PID:3680
- C:\Windows\System\pfcfdyz.exe
  C:\Windows\System\pfcfdyz.exe
  2⤵
  PID:3684
- C:\Windows\System\aATPRqW.exe
  C:\Windows\System\aATPRqW.exe
  2⤵
  PID:3724
- C:\Windows\System\Twpqrem.exe
  C:\Windows\System\Twpqrem.exe
  2⤵
  PID:3780
- C:\Windows\System\DPXsArh.exe
  C:\Windows\System\DPXsArh.exe
  2⤵
  PID:3804
- C:\Windows\System\ypdkyih.exe
  C:\Windows\System\ypdkyih.exe
  2⤵
  PID:3848
- C:\Windows\System\bzMqXJM.exe
  C:\Windows\System\bzMqXJM.exe
  2⤵
  PID:3880
- C:\Windows\System\LVBcGhm.exe
  C:\Windows\System\LVBcGhm.exe
  2⤵
  PID:3904
- C:\Windows\System\BnagITw.exe
  C:\Windows\System\BnagITw.exe
  2⤵
  PID:3924
- C:\Windows\System\uIkPvSb.exe
  C:\Windows\System\uIkPvSb.exe
  2⤵
  PID:3988
- C:\Windows\System\XicTdtx.exe
  C:\Windows\System\XicTdtx.exe
  2⤵
  PID:4004
- C:\Windows\System\NjlVwGH.exe
  C:\Windows\System\NjlVwGH.exe
  2⤵
  PID:4048
- C:\Windows\System\MPhgJup.exe
  C:\Windows\System\MPhgJup.exe
  2⤵
  PID:4080
- C:\Windows\System\SkbaOCG.exe
  C:\Windows\System\SkbaOCG.exe
  2⤵
  PID:4084
- C:\Windows\System\axgleSz.exe
  C:\Windows\System\axgleSz.exe
  2⤵
  PID:2516
- C:\Windows\System\wOiicdB.exe
  C:\Windows\System\wOiicdB.exe
  2⤵
  PID:2032
- C:\Windows\System\aNRZRhq.exe
  C:\Windows\System\aNRZRhq.exe
  2⤵
  PID:2264
- C:\Windows\System\OGqfvRg.exe
  C:\Windows\System\OGqfvRg.exe
  2⤵
  PID:3028
- C:\Windows\System\vpRssgt.exe
  C:\Windows\System\vpRssgt.exe
  2⤵
  PID:2600
- C:\Windows\System\ULvEflR.exe
  C:\Windows\System\ULvEflR.exe
  2⤵
  PID:1896
- C:\Windows\System\fkjnxMQ.exe
  C:\Windows\System\fkjnxMQ.exe
  2⤵
  PID:3100
- C:\Windows\System\zjNyBUR.exe
  C:\Windows\System\zjNyBUR.exe
  2⤵
  PID:3160
- C:\Windows\System\AGkbnuN.exe
  C:\Windows\System\AGkbnuN.exe
  2⤵
  PID:3260
- C:\Windows\System\mNQCMBt.exe
  C:\Windows\System\mNQCMBt.exe
  2⤵
  PID:3340
- C:\Windows\System\hiSqVBH.exe
  C:\Windows\System\hiSqVBH.exe
  2⤵
  PID:3360
- C:\Windows\System\dXEtqlD.exe
  C:\Windows\System\dXEtqlD.exe
  2⤵
  PID:3400
- C:\Windows\System\SqhvFyc.exe
  C:\Windows\System\SqhvFyc.exe
  2⤵
  PID:3424
- C:\Windows\System\TkahtjB.exe
  C:\Windows\System\TkahtjB.exe
  2⤵
  PID:3540
- C:\Windows\System\BTCKvws.exe
  C:\Windows\System\BTCKvws.exe
  2⤵
  PID:3564
- C:\Windows\System\eYIqZDo.exe
  C:\Windows\System\eYIqZDo.exe
  2⤵
  PID:3640
- C:\Windows\System\luTtaZQ.exe
  C:\Windows\System\luTtaZQ.exe
  2⤵
  PID:3700
- C:\Windows\System\PHOtUQC.exe
  C:\Windows\System\PHOtUQC.exe
  2⤵
  PID:3708
- C:\Windows\System\XysahJc.exe
  C:\Windows\System\XysahJc.exe
  2⤵
  PID:3808
- C:\Windows\System\jqemLtY.exe
  C:\Windows\System\jqemLtY.exe
  2⤵
  PID:3824
- C:\Windows\System\XdKBVBD.exe
  C:\Windows\System\XdKBVBD.exe
  2⤵
  PID:3928
- C:\Windows\System\varlZxC.exe
  C:\Windows\System\varlZxC.exe
  2⤵
  PID:3984
- C:\Windows\System\qZCRLtx.exe
  C:\Windows\System\qZCRLtx.exe
  2⤵
  PID:4028
- C:\Windows\System\RiRFpRS.exe
  C:\Windows\System\RiRFpRS.exe
  2⤵
  PID:4044
- C:\Windows\System\sRGbNSg.exe
  C:\Windows\System\sRGbNSg.exe
  2⤵
  PID:4088
- C:\Windows\System\XxWIzlT.exe
  C:\Windows\System\XxWIzlT.exe
  2⤵
  PID:1264
- C:\Windows\System\uJqRbNv.exe
  C:\Windows\System\uJqRbNv.exe
  2⤵
  PID:1596
- C:\Windows\System\qftloFt.exe
  C:\Windows\System\qftloFt.exe
  2⤵
  PID:3148
- C:\Windows\System\wksPkxL.exe
  C:\Windows\System\wksPkxL.exe
  2⤵
  PID:3180
- C:\Windows\System\AnEoOjE.exe
  C:\Windows\System\AnEoOjE.exe
  2⤵
  PID:3224
- C:\Windows\System\NXLFfMa.exe
  C:\Windows\System\NXLFfMa.exe
  2⤵
  PID:3308
- C:\Windows\System\uiyUQTD.exe
  C:\Windows\System\uiyUQTD.exe
  2⤵
  PID:4112
- C:\Windows\System\GbJrThz.exe
  C:\Windows\System\GbJrThz.exe
  2⤵
  PID:4132
- C:\Windows\System\NmkyLxM.exe
  C:\Windows\System\NmkyLxM.exe
  2⤵
  PID:4152
- C:\Windows\System\CVjHydn.exe
  C:\Windows\System\CVjHydn.exe
  2⤵
  PID:4172
- C:\Windows\System\IRtzXva.exe
  C:\Windows\System\IRtzXva.exe
  2⤵
  PID:4192
- C:\Windows\System\CpqVvDz.exe
  C:\Windows\System\CpqVvDz.exe
  2⤵
  PID:4212
- C:\Windows\System\PTXvgxL.exe
  C:\Windows\System\PTXvgxL.exe
  2⤵
  PID:4232
- C:\Windows\System\riheiyf.exe
  C:\Windows\System\riheiyf.exe
  2⤵
  PID:4252
- C:\Windows\System\rlareNG.exe
  C:\Windows\System\rlareNG.exe
  2⤵
  PID:4272
- C:\Windows\System\OvgZuGn.exe
  C:\Windows\System\OvgZuGn.exe
  2⤵
  PID:4292
- C:\Windows\System\vaDBrMB.exe
  C:\Windows\System\vaDBrMB.exe
  2⤵
  PID:4312
- C:\Windows\System\PcfaHCG.exe
  C:\Windows\System\PcfaHCG.exe
  2⤵
  PID:4332
- C:\Windows\System\dhRQLlV.exe
  C:\Windows\System\dhRQLlV.exe
  2⤵
  PID:4352
- C:\Windows\System\nUNXxCl.exe
  C:\Windows\System\nUNXxCl.exe
  2⤵
  PID:4372
- C:\Windows\System\mwusVgF.exe
  C:\Windows\System\mwusVgF.exe
  2⤵
  PID:4392
- C:\Windows\System\YTJkAip.exe
  C:\Windows\System\YTJkAip.exe
  2⤵
  PID:4412
- C:\Windows\System\kVJPngR.exe
  C:\Windows\System\kVJPngR.exe
  2⤵
  PID:4432
- C:\Windows\System\CZvahue.exe
  C:\Windows\System\CZvahue.exe
  2⤵
  PID:4452
- C:\Windows\System\sfyvoXD.exe
  C:\Windows\System\sfyvoXD.exe
  2⤵
  PID:4472
- C:\Windows\System\oLAMwCp.exe
  C:\Windows\System\oLAMwCp.exe
  2⤵
  PID:4492
- C:\Windows\System\vZFXCLd.exe
  C:\Windows\System\vZFXCLd.exe
  2⤵
  PID:4512
- C:\Windows\System\EqRXlkn.exe
  C:\Windows\System\EqRXlkn.exe
  2⤵
  PID:4532
- C:\Windows\System\TttgYRp.exe
  C:\Windows\System\TttgYRp.exe
  2⤵
  PID:4552
- C:\Windows\System\SGaQuux.exe
  C:\Windows\System\SGaQuux.exe
  2⤵
  PID:4572
- C:\Windows\System\HVLsmNc.exe
  C:\Windows\System\HVLsmNc.exe
  2⤵
  PID:4592
- C:\Windows\System\TVyaeSQ.exe
  C:\Windows\System\TVyaeSQ.exe
  2⤵
  PID:4612
- C:\Windows\System\ceTRfkn.exe
  C:\Windows\System\ceTRfkn.exe
  2⤵
  PID:4632
- C:\Windows\System\MKYnape.exe
  C:\Windows\System\MKYnape.exe
  2⤵
  PID:4652
- C:\Windows\System\yugWTCT.exe
  C:\Windows\System\yugWTCT.exe
  2⤵
  PID:4672
- C:\Windows\System\WHpLDzc.exe
  C:\Windows\System\WHpLDzc.exe
  2⤵
  PID:4692
- C:\Windows\System\RdneCzn.exe
  C:\Windows\System\RdneCzn.exe
  2⤵
  PID:4712
- C:\Windows\System\Wuykjhz.exe
  C:\Windows\System\Wuykjhz.exe
  2⤵
  PID:4732
- C:\Windows\System\eXBwGJK.exe
  C:\Windows\System\eXBwGJK.exe
  2⤵
  PID:4752
- C:\Windows\System\ARYLgNs.exe
  C:\Windows\System\ARYLgNs.exe
  2⤵
  PID:4772
- C:\Windows\System\RMpjvSq.exe
  C:\Windows\System\RMpjvSq.exe
  2⤵
  PID:4792
- C:\Windows\System\KnLgvKb.exe
  C:\Windows\System\KnLgvKb.exe
  2⤵
  PID:4812
- C:\Windows\System\apxzRfr.exe
  C:\Windows\System\apxzRfr.exe
  2⤵
  PID:4832
- C:\Windows\System\LEZcvoy.exe
  C:\Windows\System\LEZcvoy.exe
  2⤵
  PID:4852
- C:\Windows\System\IAqsNXx.exe
  C:\Windows\System\IAqsNXx.exe
  2⤵
  PID:4872
- C:\Windows\System\reDZWiv.exe
  C:\Windows\System\reDZWiv.exe
  2⤵
  PID:4892
- C:\Windows\System\oPclzsz.exe
  C:\Windows\System\oPclzsz.exe
  2⤵
  PID:4912
- C:\Windows\System\zFYfLQi.exe
  C:\Windows\System\zFYfLQi.exe
  2⤵
  PID:4932
- C:\Windows\System\LYmUnrt.exe
  C:\Windows\System\LYmUnrt.exe
  2⤵
  PID:4952
- C:\Windows\System\VutejkB.exe
  C:\Windows\System\VutejkB.exe
  2⤵
  PID:4972
- C:\Windows\System\BejREvZ.exe
  C:\Windows\System\BejREvZ.exe
  2⤵
  PID:4992
- C:\Windows\System\XdQduKs.exe
  C:\Windows\System\XdQduKs.exe
  2⤵
  PID:5016
- C:\Windows\System\RoWTQKW.exe
  C:\Windows\System\RoWTQKW.exe
  2⤵
  PID:5036
- C:\Windows\System\ujrjrpY.exe
  C:\Windows\System\ujrjrpY.exe
  2⤵
  PID:5056
- C:\Windows\System\DENkorX.exe
  C:\Windows\System\DENkorX.exe
  2⤵
  PID:5076
- C:\Windows\System\DjDoGaL.exe
  C:\Windows\System\DjDoGaL.exe
  2⤵
  PID:5096
- C:\Windows\System\XFPvJWI.exe
  C:\Windows\System\XFPvJWI.exe
  2⤵
  PID:5116
- C:\Windows\System\HsqApGQ.exe
  C:\Windows\System\HsqApGQ.exe
  2⤵
  PID:3468
- C:\Windows\System\wbeHkCa.exe
  C:\Windows\System\wbeHkCa.exe
  2⤵
  PID:3508
- C:\Windows\System\WXhDiMi.exe
  C:\Windows\System\WXhDiMi.exe
  2⤵
  PID:3600
- C:\Windows\System\YoDSnxP.exe
  C:\Windows\System\YoDSnxP.exe
  2⤵
  PID:3740
- C:\Windows\System\MbMTBDm.exe
  C:\Windows\System\MbMTBDm.exe
  2⤵
  PID:3840
- C:\Windows\System\sjtSEjB.exe
  C:\Windows\System\sjtSEjB.exe
  2⤵
  PID:3948
- C:\Windows\System\nxfhXPk.exe
  C:\Windows\System\nxfhXPk.exe
  2⤵
  PID:3968
- C:\Windows\System\NKdcyXX.exe
  C:\Windows\System\NKdcyXX.exe
  2⤵
  PID:4064
- C:\Windows\System\swtmmvS.exe
  C:\Windows\System\swtmmvS.exe
  2⤵
  PID:2756
- C:\Windows\System\cprLjzb.exe
  C:\Windows\System\cprLjzb.exe
  2⤵
  PID:3108
- C:\Windows\System\tXbgpqR.exe
  C:\Windows\System\tXbgpqR.exe
  2⤵
  PID:3204
- C:\Windows\System\CjpRTCg.exe
  C:\Windows\System\CjpRTCg.exe
  2⤵
  PID:4100
- C:\Windows\System\QTvBPZj.exe
  C:\Windows\System\QTvBPZj.exe
  2⤵
  PID:4124
- C:\Windows\System\KploZrE.exe
  C:\Windows\System\KploZrE.exe
  2⤵
  PID:4144
- C:\Windows\System\cDyMLyq.exe
  C:\Windows\System\cDyMLyq.exe
  2⤵
  PID:4184
- C:\Windows\System\tHqFmpX.exe
  C:\Windows\System\tHqFmpX.exe
  2⤵
  PID:4228
- C:\Windows\System\kJAuzRY.exe
  C:\Windows\System\kJAuzRY.exe
  2⤵
  PID:4268
- C:\Windows\System\rTdIAJW.exe
  C:\Windows\System\rTdIAJW.exe
  2⤵
  PID:4300
- C:\Windows\System\mceYzzp.exe
  C:\Windows\System\mceYzzp.exe
  2⤵
  PID:4324
- C:\Windows\System\jnrGkUp.exe
  C:\Windows\System\jnrGkUp.exe
  2⤵
  PID:4344
- C:\Windows\System\mSBNsfv.exe
  C:\Windows\System\mSBNsfv.exe
  2⤵
  PID:4384
- C:\Windows\System\eCjLHEg.exe
  C:\Windows\System\eCjLHEg.exe
  2⤵
  PID:4424
- C:\Windows\System\jEUymMo.exe
  C:\Windows\System\jEUymMo.exe
  2⤵
  PID:4460
- C:\Windows\System\QCqSMzb.exe
  C:\Windows\System\QCqSMzb.exe
  2⤵
  PID:4500
- C:\Windows\System\GILQiea.exe
  C:\Windows\System\GILQiea.exe
  2⤵
  PID:4524
- C:\Windows\System\ylWzUQR.exe
  C:\Windows\System\ylWzUQR.exe
  2⤵
  PID:4568
- C:\Windows\System\SZqZmFs.exe
  C:\Windows\System\SZqZmFs.exe
  2⤵
  PID:4608
- C:\Windows\System\WiEifFS.exe
  C:\Windows\System\WiEifFS.exe
  2⤵
  PID:4640
- C:\Windows\System\ngYRTBs.exe
  C:\Windows\System\ngYRTBs.exe
  2⤵
  PID:4668
- C:\Windows\System\dRafvNy.exe
  C:\Windows\System\dRafvNy.exe
  2⤵
  PID:4700
- C:\Windows\System\ErAoDpI.exe
  C:\Windows\System\ErAoDpI.exe
  2⤵
  PID:4724
- C:\Windows\System\voneZgG.exe
  C:\Windows\System\voneZgG.exe
  2⤵
  PID:4744
- C:\Windows\System\eLpLLmJ.exe
  C:\Windows\System\eLpLLmJ.exe
  2⤵
  PID:4800
- C:\Windows\System\eBNeeUr.exe
  C:\Windows\System\eBNeeUr.exe
  2⤵
  PID:4840
- C:\Windows\System\TcQHDoc.exe
  C:\Windows\System\TcQHDoc.exe
  2⤵
  PID:4868
- C:\Windows\System\suijQOf.exe
  C:\Windows\System\suijQOf.exe
  2⤵
  PID:4900
- C:\Windows\System\kbUDxgy.exe
  C:\Windows\System\kbUDxgy.exe
  2⤵
  PID:4924
- C:\Windows\System\UUfhYZL.exe
  C:\Windows\System\UUfhYZL.exe
  2⤵
  PID:4968
- C:\Windows\System\pVHtpbV.exe
  C:\Windows\System\pVHtpbV.exe
  2⤵
  PID:4984
- C:\Windows\System\iRExQAO.exe
  C:\Windows\System\iRExQAO.exe
  2⤵
  PID:5032
- C:\Windows\System\WZDOfEv.exe
  C:\Windows\System\WZDOfEv.exe
  2⤵
  PID:5072
- C:\Windows\System\ARsHQps.exe
  C:\Windows\System\ARsHQps.exe
  2⤵
  PID:5104
- C:\Windows\System\BDKZCCK.exe
  C:\Windows\System\BDKZCCK.exe
  2⤵
  PID:3464
- C:\Windows\System\dXibOsi.exe
  C:\Windows\System\dXibOsi.exe
  2⤵
  PID:3628
- C:\Windows\System\WTfPuoL.exe
  C:\Windows\System\WTfPuoL.exe
  2⤵
  PID:3828
- C:\Windows\System\iuiGICJ.exe
  C:\Windows\System\iuiGICJ.exe
  2⤵
  PID:3884
- C:\Windows\System\UyPQGYy.exe
  C:\Windows\System\UyPQGYy.exe
  2⤵
  PID:2288
- C:\Windows\System\JznknPp.exe
  C:\Windows\System\JznknPp.exe
  2⤵
  PID:2952
- C:\Windows\System\ukKgPZE.exe
  C:\Windows\System\ukKgPZE.exe
  2⤵
  PID:3240
- C:\Windows\System\seMNuNb.exe
  C:\Windows\System\seMNuNb.exe
  2⤵
  PID:4104
- C:\Windows\System\vuFMMZS.exe
  C:\Windows\System\vuFMMZS.exe
  2⤵
  PID:4188
- C:\Windows\System\PkrCeQl.exe
  C:\Windows\System\PkrCeQl.exe
  2⤵
  PID:4240
- C:\Windows\System\JNmmESk.exe
  C:\Windows\System\JNmmESk.exe
  2⤵
  PID:4288
- C:\Windows\System\lmrBXBt.exe
  C:\Windows\System\lmrBXBt.exe
  2⤵
  PID:4380
- C:\Windows\System\bZIqrqA.exe
  C:\Windows\System\bZIqrqA.exe
  2⤵
  PID:4448
- C:\Windows\System\lAukSYO.exe
  C:\Windows\System\lAukSYO.exe
  2⤵
  PID:4444
- C:\Windows\System\gmiZThB.exe
  C:\Windows\System\gmiZThB.exe
  2⤵
  PID:4504
- C:\Windows\System\DnCzTFR.exe
  C:\Windows\System\DnCzTFR.exe
  2⤵
  PID:4580
- C:\Windows\System\QAHsavq.exe
  C:\Windows\System\QAHsavq.exe
  2⤵
  PID:4620
- C:\Windows\System\MsgZheB.exe
  C:\Windows\System\MsgZheB.exe
  2⤵
  PID:4704
- C:\Windows\System\OGUGziC.exe
  C:\Windows\System\OGUGziC.exe
  2⤵
  PID:4748
- C:\Windows\System\MMeSyFq.exe
  C:\Windows\System\MMeSyFq.exe
  2⤵
  PID:4788
- C:\Windows\System\umGBvDE.exe
  C:\Windows\System\umGBvDE.exe
  2⤵
  PID:4820
- C:\Windows\System\RxUbhPp.exe
  C:\Windows\System\RxUbhPp.exe
  2⤵
  PID:4864
- C:\Windows\System\fhGbrRv.exe
  C:\Windows\System\fhGbrRv.exe
  2⤵
  PID:4944
- C:\Windows\System\GqyXJKR.exe
  C:\Windows\System\GqyXJKR.exe
  2⤵
  PID:5044
- C:\Windows\System\IEoOdhE.exe
  C:\Windows\System\IEoOdhE.exe
  2⤵
  PID:5092
- C:\Windows\System\UFNPTTi.exe
  C:\Windows\System\UFNPTTi.exe
  2⤵
  PID:5108
- C:\Windows\System\ZeaLwNk.exe
  C:\Windows\System\ZeaLwNk.exe
  2⤵
  PID:3500
- C:\Windows\System\rADztbz.exe
  C:\Windows\System\rADztbz.exe
  2⤵
  PID:4000
- C:\Windows\System\AowtOUV.exe
  C:\Windows\System\AowtOUV.exe
  2⤵
  PID:1680
- C:\Windows\System\xejftEk.exe
  C:\Windows\System\xejftEk.exe
  2⤵
  PID:3300
- C:\Windows\System\aTMIEcJ.exe
  C:\Windows\System\aTMIEcJ.exe
  2⤵
  PID:4204
- C:\Windows\System\rlrjypv.exe
  C:\Windows\System\rlrjypv.exe
  2⤵
  PID:4264
- C:\Windows\System\yFDSXge.exe
  C:\Windows\System\yFDSXge.exe
  2⤵
  PID:4328
- C:\Windows\System\oaibiGf.exe
  C:\Windows\System\oaibiGf.exe
  2⤵
  PID:4480
- C:\Windows\System\pppzzVh.exe
  C:\Windows\System\pppzzVh.exe
  2⤵
  PID:4544
- C:\Windows\System\GrSwElQ.exe
  C:\Windows\System\GrSwElQ.exe
  2⤵
  PID:4680
- C:\Windows\System\WCDwzfb.exe
  C:\Windows\System\WCDwzfb.exe
  2⤵
  PID:5128
- C:\Windows\System\EpQbZCi.exe
  C:\Windows\System\EpQbZCi.exe
  2⤵
  PID:5148
- C:\Windows\System\ywCGWaY.exe
  C:\Windows\System\ywCGWaY.exe
  2⤵
  PID:5168
- C:\Windows\System\MCPzSmi.exe
  C:\Windows\System\MCPzSmi.exe
  2⤵
  PID:5188
- C:\Windows\System\RiObCdf.exe
  C:\Windows\System\RiObCdf.exe
  2⤵
  PID:5208
- C:\Windows\System\WbwKZBi.exe
  C:\Windows\System\WbwKZBi.exe
  2⤵
  PID:5228
- C:\Windows\System\IonLRsI.exe
  C:\Windows\System\IonLRsI.exe
  2⤵
  PID:5248
- C:\Windows\System\NTRPvjt.exe
  C:\Windows\System\NTRPvjt.exe
  2⤵
  PID:5268
- C:\Windows\System\jfEaKSj.exe
  C:\Windows\System\jfEaKSj.exe
  2⤵
  PID:5288
- C:\Windows\System\QKxGdiq.exe
  C:\Windows\System\QKxGdiq.exe
  2⤵
  PID:5308
- C:\Windows\System\eXhWnUY.exe
  C:\Windows\System\eXhWnUY.exe
  2⤵
  PID:5328
- C:\Windows\System\xWbEFwf.exe
  C:\Windows\System\xWbEFwf.exe
  2⤵
  PID:5348
- C:\Windows\System\hKUchBW.exe
  C:\Windows\System\hKUchBW.exe
  2⤵
  PID:5368
- C:\Windows\System\WvsFeUp.exe
  C:\Windows\System\WvsFeUp.exe
  2⤵
  PID:5388
- C:\Windows\System\sLaYdkI.exe
  C:\Windows\System\sLaYdkI.exe
  2⤵
  PID:5408
- C:\Windows\System\udcTqAa.exe
  C:\Windows\System\udcTqAa.exe
  2⤵
  PID:5432
- C:\Windows\System\hLocxgr.exe
  C:\Windows\System\hLocxgr.exe
  2⤵
  PID:5452
- C:\Windows\System\UmvPVuz.exe
  C:\Windows\System\UmvPVuz.exe
  2⤵
  PID:5472
- C:\Windows\System\QKDyAfr.exe
  C:\Windows\System\QKDyAfr.exe
  2⤵
  PID:5492
- C:\Windows\System\YbMvzgX.exe
  C:\Windows\System\YbMvzgX.exe
  2⤵
  PID:5512
- C:\Windows\System\CFsUrqv.exe
  C:\Windows\System\CFsUrqv.exe
  2⤵
  PID:5532
- C:\Windows\System\RLwDdYo.exe
  C:\Windows\System\RLwDdYo.exe
  2⤵
  PID:5552
- C:\Windows\System\IZxlTpV.exe
  C:\Windows\System\IZxlTpV.exe
  2⤵
  PID:5572
- C:\Windows\System\xvrTULV.exe
  C:\Windows\System\xvrTULV.exe
  2⤵
  PID:5592
- C:\Windows\System\NmTTgwa.exe
  C:\Windows\System\NmTTgwa.exe
  2⤵
  PID:5612
- C:\Windows\System\DZQjRjN.exe
  C:\Windows\System\DZQjRjN.exe
  2⤵
  PID:5632
- C:\Windows\System\ETIzSlY.exe
  C:\Windows\System\ETIzSlY.exe
  2⤵
  PID:5652
- C:\Windows\System\JyiHJRn.exe
  C:\Windows\System\JyiHJRn.exe
  2⤵
  PID:5672
- C:\Windows\System\IMEbUPb.exe
  C:\Windows\System\IMEbUPb.exe
  2⤵
  PID:5692
- C:\Windows\System\qEudcQl.exe
  C:\Windows\System\qEudcQl.exe
  2⤵
  PID:5712
- C:\Windows\System\pSjxMKb.exe
  C:\Windows\System\pSjxMKb.exe
  2⤵
  PID:5732
- C:\Windows\System\ixHJwUD.exe
  C:\Windows\System\ixHJwUD.exe
  2⤵
  PID:5752
- C:\Windows\System\WClnobx.exe
  C:\Windows\System\WClnobx.exe
  2⤵
  PID:5772
- C:\Windows\System\XwUXybR.exe
  C:\Windows\System\XwUXybR.exe
  2⤵
  PID:5792
- C:\Windows\System\SluJRpz.exe
  C:\Windows\System\SluJRpz.exe
  2⤵
  PID:5812
- C:\Windows\System\QUqmIiU.exe
  C:\Windows\System\QUqmIiU.exe
  2⤵
  PID:5832
- C:\Windows\System\ycSacYJ.exe
  C:\Windows\System\ycSacYJ.exe
  2⤵
  PID:5852
- C:\Windows\System\XrkjNyI.exe
  C:\Windows\System\XrkjNyI.exe
  2⤵
  PID:5872
- C:\Windows\System\BNsZhLu.exe
  C:\Windows\System\BNsZhLu.exe
  2⤵
  PID:5892
- C:\Windows\System\uAsiKHp.exe
  C:\Windows\System\uAsiKHp.exe
  2⤵
  PID:5912
- C:\Windows\System\aubrnjP.exe
  C:\Windows\System\aubrnjP.exe
  2⤵
  PID:5932
- C:\Windows\System\lhenphT.exe
  C:\Windows\System\lhenphT.exe
  2⤵
  PID:5952
- C:\Windows\System\XZgyZTS.exe
  C:\Windows\System\XZgyZTS.exe
  2⤵
  PID:5972
- C:\Windows\System\zVgXWKh.exe
  C:\Windows\System\zVgXWKh.exe
  2⤵
  PID:5992
- C:\Windows\System\hukzQTU.exe
  C:\Windows\System\hukzQTU.exe
  2⤵
  PID:6012
- C:\Windows\System\ibmBwEY.exe
  C:\Windows\System\ibmBwEY.exe
  2⤵
  PID:6032
- C:\Windows\System\QGndkqQ.exe
  C:\Windows\System\QGndkqQ.exe
  2⤵
  PID:6052
- C:\Windows\System\dblJSBg.exe
  C:\Windows\System\dblJSBg.exe
  2⤵
  PID:6072
- C:\Windows\System\kiMdPkh.exe
  C:\Windows\System\kiMdPkh.exe
  2⤵
  PID:6092
- C:\Windows\System\pvkuZgO.exe
  C:\Windows\System\pvkuZgO.exe
  2⤵
  PID:6112
- C:\Windows\System\fyLHzhp.exe
  C:\Windows\System\fyLHzhp.exe
  2⤵
  PID:6132
- C:\Windows\System\PTkyeSe.exe
  C:\Windows\System\PTkyeSe.exe
  2⤵
  PID:4784
- C:\Windows\System\nthSeTV.exe
  C:\Windows\System\nthSeTV.exe
  2⤵
  PID:4888
- C:\Windows\System\htEZNqR.exe
  C:\Windows\System\htEZNqR.exe
  2⤵
  PID:4960
- C:\Windows\System\IbnWfqb.exe
  C:\Windows\System\IbnWfqb.exe
  2⤵
  PID:5048
- C:\Windows\System\fcKZkkU.exe
  C:\Windows\System\fcKZkkU.exe
  2⤵
  PID:3624
- C:\Windows\System\vQDsJkM.exe
  C:\Windows\System\vQDsJkM.exe
  2⤵
  PID:3960
- C:\Windows\System\uvpBYtC.exe
  C:\Windows\System\uvpBYtC.exe
  2⤵
  PID:4120
- C:\Windows\System\QVtDUyT.exe
  C:\Windows\System\QVtDUyT.exe
  2⤵
  PID:4360
- C:\Windows\System\lunGpus.exe
  C:\Windows\System\lunGpus.exe
  2⤵
  PID:4348
- C:\Windows\System\PrIogDD.exe
  C:\Windows\System\PrIogDD.exe
  2⤵
  PID:4588
- C:\Windows\System\uVBlQpg.exe
  C:\Windows\System\uVBlQpg.exe
  2⤵
  PID:4660
- C:\Windows\System\BxSscSM.exe
  C:\Windows\System\BxSscSM.exe
  2⤵
  PID:5156
- C:\Windows\System\GaUZekc.exe
  C:\Windows\System\GaUZekc.exe
  2⤵
  PID:5184
- C:\Windows\System\NeiuvIx.exe
  C:\Windows\System\NeiuvIx.exe
  2⤵
  PID:5216
- C:\Windows\System\tBUHlaW.exe
  C:\Windows\System\tBUHlaW.exe
  2⤵
  PID:5240
- C:\Windows\System\ULAfrVT.exe
  C:\Windows\System\ULAfrVT.exe
  2⤵
  PID:5284
- C:\Windows\System\YrstQvg.exe
  C:\Windows\System\YrstQvg.exe
  2⤵
  PID:5304
- C:\Windows\System\FUsaaJL.exe
  C:\Windows\System\FUsaaJL.exe
  2⤵
  PID:5364
- C:\Windows\System\eyWqVYj.exe
  C:\Windows\System\eyWqVYj.exe
  2⤵
  PID:5396
- C:\Windows\System\rjRsjke.exe
  C:\Windows\System\rjRsjke.exe
  2⤵
  PID:5440
- C:\Windows\System\JLIwxZV.exe
  C:\Windows\System\JLIwxZV.exe
  2⤵
  PID:5460
- C:\Windows\System\gzaxSTm.exe
  C:\Windows\System\gzaxSTm.exe
  2⤵
  PID:5484
- C:\Windows\System\xhmQXJy.exe
  C:\Windows\System\xhmQXJy.exe
  2⤵
  PID:5504
- C:\Windows\System\RKPFabq.exe
  C:\Windows\System\RKPFabq.exe
  2⤵
  PID:5560
- C:\Windows\System\etDMqXm.exe
  C:\Windows\System\etDMqXm.exe
  2⤵
  PID:5588
- C:\Windows\System\wyTwebg.exe
  C:\Windows\System\wyTwebg.exe
  2⤵
  PID:5640
- C:\Windows\System\TcBkURs.exe
  C:\Windows\System\TcBkURs.exe
  2⤵
  PID:5660
- C:\Windows\System\Hwvxnae.exe
  C:\Windows\System\Hwvxnae.exe
  2⤵
  PID:5684
- C:\Windows\System\HALVGMK.exe
  C:\Windows\System\HALVGMK.exe
  2⤵
  PID:5728
- C:\Windows\System\ncwHoPP.exe
  C:\Windows\System\ncwHoPP.exe
  2⤵
  PID:5744
- C:\Windows\System\MrbjCvl.exe
  C:\Windows\System\MrbjCvl.exe
  2⤵
  PID:5788
- C:\Windows\System\KteKcjZ.exe
  C:\Windows\System\KteKcjZ.exe
  2⤵
  PID:5840
- C:\Windows\System\Dqarocg.exe
  C:\Windows\System\Dqarocg.exe
  2⤵
  PID:5880
- C:\Windows\System\VSmCpRx.exe
  C:\Windows\System\VSmCpRx.exe
  2⤵
  PID:5884
- C:\Windows\System\xTITQFI.exe
  C:\Windows\System\xTITQFI.exe
  2⤵
  PID:5928
- C:\Windows\System\ScKlufN.exe
  C:\Windows\System\ScKlufN.exe
  2⤵
  PID:5944
- C:\Windows\System\DVkdKPa.exe
  C:\Windows\System\DVkdKPa.exe
  2⤵
  PID:5984
- C:\Windows\System\ndmnPoB.exe
  C:\Windows\System\ndmnPoB.exe
  2⤵
  PID:6028
- C:\Windows\System\uDLgWVm.exe
  C:\Windows\System\uDLgWVm.exe
  2⤵
  PID:6060
- C:\Windows\System\LNJIjMj.exe
  C:\Windows\System\LNJIjMj.exe
  2⤵
  PID:6064
- C:\Windows\System\wwDlyky.exe
  C:\Windows\System\wwDlyky.exe
  2⤵
  PID:6124
- C:\Windows\System\TAkdvlD.exe
  C:\Windows\System\TAkdvlD.exe
  2⤵
  PID:4780
- C:\Windows\System\KlXAxhy.exe
  C:\Windows\System\KlXAxhy.exe
  2⤵
  PID:5064
- C:\Windows\System\NiaBqck.exe
  C:\Windows\System\NiaBqck.exe
  2⤵
  PID:3384
- C:\Windows\System\SPtwWQw.exe
  C:\Windows\System\SPtwWQw.exe
  2⤵
  PID:1712
- C:\Windows\System\yqWNLGu.exe
  C:\Windows\System\yqWNLGu.exe
  2⤵
  PID:4168
- C:\Windows\System\HHAIODe.exe
  C:\Windows\System\HHAIODe.exe
  2⤵
  PID:4484
- C:\Windows\System\DmsqkeG.exe
  C:\Windows\System\DmsqkeG.exe
  2⤵
  PID:4688
- C:\Windows\System\SUTtWma.exe
  C:\Windows\System\SUTtWma.exe
  2⤵
  PID:5176
- C:\Windows\System\eexUOwH.exe
  C:\Windows\System\eexUOwH.exe
  2⤵
  PID:5220
- C:\Windows\System\zLniGda.exe
  C:\Windows\System\zLniGda.exe
  2⤵
  PID:5296
- C:\Windows\System\ALxrrzB.exe
  C:\Windows\System\ALxrrzB.exe
  2⤵
  PID:5336
- C:\Windows\System\kvKLzwl.exe
  C:\Windows\System\kvKLzwl.exe
  2⤵
  PID:5416
- C:\Windows\System\HJZXrkz.exe
  C:\Windows\System\HJZXrkz.exe
  2⤵
  PID:5444
- C:\Windows\System\vddZFiS.exe
  C:\Windows\System\vddZFiS.exe
  2⤵
  PID:5540
- C:\Windows\System\XwWnuUR.exe
  C:\Windows\System\XwWnuUR.exe
  2⤵
  PID:5564
- C:\Windows\System\acBCOjv.exe
  C:\Windows\System\acBCOjv.exe
  2⤵
  PID:5628
- C:\Windows\System\OEubZMR.exe
  C:\Windows\System\OEubZMR.exe
  2⤵
  PID:5664
- C:\Windows\System\cKKUdrf.exe
  C:\Windows\System\cKKUdrf.exe
  2⤵
  PID:5748
- C:\Windows\System\kbWGYyU.exe
  C:\Windows\System\kbWGYyU.exe
  2⤵
  PID:5808
- C:\Windows\System\aSMZreU.exe
  C:\Windows\System\aSMZreU.exe
  2⤵
  PID:5824
- C:\Windows\System\IEVbnMA.exe
  C:\Windows\System\IEVbnMA.exe
  2⤵
  PID:5904
- C:\Windows\System\YKTvaxA.exe
  C:\Windows\System\YKTvaxA.exe
  2⤵
  PID:5964
- C:\Windows\System\InQzaLT.exe
  C:\Windows\System\InQzaLT.exe
  2⤵
  PID:6004
- C:\Windows\System\RliHKaz.exe
  C:\Windows\System\RliHKaz.exe
  2⤵
  PID:6084
- C:\Windows\System\OqnyGjB.exe
  C:\Windows\System\OqnyGjB.exe
  2⤵
  PID:4828
- C:\Windows\System\WdYcGbH.exe
  C:\Windows\System\WdYcGbH.exe
  2⤵
  PID:4928
- C:\Windows\System\FdfrJbD.exe
  C:\Windows\System\FdfrJbD.exe
  2⤵
  PID:5068
- C:\Windows\System\GQqXpaR.exe
  C:\Windows\System\GQqXpaR.exe
  2⤵
  PID:4628
- C:\Windows\System\BhKNsQL.exe
  C:\Windows\System\BhKNsQL.exe
  2⤵
  PID:5136
- C:\Windows\System\utaNTdB.exe
  C:\Windows\System\utaNTdB.exe
  2⤵
  PID:5180
- C:\Windows\System\PfvWSZs.exe
  C:\Windows\System\PfvWSZs.exe
  2⤵
  PID:5356
- C:\Windows\System\dqesNTC.exe
  C:\Windows\System\dqesNTC.exe
  2⤵
  PID:5384
- C:\Windows\System\sVSLahS.exe
  C:\Windows\System\sVSLahS.exe
  2⤵
  PID:5520
- C:\Windows\System\BAVAfhV.exe
  C:\Windows\System\BAVAfhV.exe
  2⤵
  PID:5604
- C:\Windows\System\udfAUdY.exe
  C:\Windows\System\udfAUdY.exe
  2⤵
  PID:6160
- C:\Windows\System\OYnHdwq.exe
  C:\Windows\System\OYnHdwq.exe
  2⤵
  PID:6180
- C:\Windows\System\irRTHcE.exe
  C:\Windows\System\irRTHcE.exe
  2⤵
  PID:6200
- C:\Windows\System\QzQiIRw.exe
  C:\Windows\System\QzQiIRw.exe
  2⤵
  PID:6220
- C:\Windows\System\SKoRCpt.exe
  C:\Windows\System\SKoRCpt.exe
  2⤵
  PID:6240
- C:\Windows\System\xWBiyUb.exe
  C:\Windows\System\xWBiyUb.exe
  2⤵
  PID:6260
- C:\Windows\System\VdYqdGn.exe
  C:\Windows\System\VdYqdGn.exe
  2⤵
  PID:6280
- C:\Windows\System\WJODfke.exe
  C:\Windows\System\WJODfke.exe
  2⤵
  PID:6300
- C:\Windows\System\wAaPlAO.exe
  C:\Windows\System\wAaPlAO.exe
  2⤵
  PID:6320
- C:\Windows\System\QHcCAgU.exe
  C:\Windows\System\QHcCAgU.exe
  2⤵
  PID:6340
- C:\Windows\System\gRHqigX.exe
  C:\Windows\System\gRHqigX.exe
  2⤵
  PID:6360
- C:\Windows\System\kZfVMfc.exe
  C:\Windows\System\kZfVMfc.exe
  2⤵
  PID:6380
- C:\Windows\System\FBWgkUK.exe
  C:\Windows\System\FBWgkUK.exe
  2⤵
  PID:6400
- C:\Windows\System\miZKgmX.exe
  C:\Windows\System\miZKgmX.exe
  2⤵
  PID:6420
- C:\Windows\System\TtMEpnQ.exe
  C:\Windows\System\TtMEpnQ.exe
  2⤵
  PID:6440
- C:\Windows\System\HhTNYLN.exe
  C:\Windows\System\HhTNYLN.exe
  2⤵
  PID:6460
- C:\Windows\System\AaYWuzo.exe
  C:\Windows\System\AaYWuzo.exe
  2⤵
  PID:6480
- C:\Windows\System\YLbzlus.exe
  C:\Windows\System\YLbzlus.exe
  2⤵
  PID:6500
- C:\Windows\System\EPuNSNI.exe
  C:\Windows\System\EPuNSNI.exe
  2⤵
  PID:6520
- C:\Windows\System\JBNOmDz.exe
  C:\Windows\System\JBNOmDz.exe
  2⤵
  PID:6540
- C:\Windows\System\wTCrJLS.exe
  C:\Windows\System\wTCrJLS.exe
  2⤵
  PID:6560
- C:\Windows\System\VsISlvq.exe
  C:\Windows\System\VsISlvq.exe
  2⤵
  PID:6580
- C:\Windows\System\omwQJxP.exe
  C:\Windows\System\omwQJxP.exe
  2⤵
  PID:6600
- C:\Windows\System\CPQkWCI.exe
  C:\Windows\System\CPQkWCI.exe
  2⤵
  PID:6620
- C:\Windows\System\uShQlUJ.exe
  C:\Windows\System\uShQlUJ.exe
  2⤵
  PID:6640
- C:\Windows\System\wbnQiRW.exe
  C:\Windows\System\wbnQiRW.exe
  2⤵
  PID:6660
- C:\Windows\System\cBYuqkl.exe
  C:\Windows\System\cBYuqkl.exe
  2⤵
  PID:6680
- C:\Windows\System\jmdooUP.exe
  C:\Windows\System\jmdooUP.exe
  2⤵
  PID:6700
- C:\Windows\System\VakpiAy.exe
  C:\Windows\System\VakpiAy.exe
  2⤵
  PID:6720
- C:\Windows\System\wggTATi.exe
  C:\Windows\System\wggTATi.exe
  2⤵
  PID:6740
- C:\Windows\System\rjFIFVK.exe
  C:\Windows\System\rjFIFVK.exe
  2⤵
  PID:6760
- C:\Windows\System\TaejPoC.exe
  C:\Windows\System\TaejPoC.exe
  2⤵
  PID:6780
- C:\Windows\System\MkokpSj.exe
  C:\Windows\System\MkokpSj.exe
  2⤵
  PID:6800
- C:\Windows\System\SwlwCBY.exe
  C:\Windows\System\SwlwCBY.exe
  2⤵
  PID:6820
- C:\Windows\System\VZPldEH.exe
  C:\Windows\System\VZPldEH.exe
  2⤵
  PID:6840
- C:\Windows\System\tAwBBmk.exe
  C:\Windows\System\tAwBBmk.exe
  2⤵
  PID:6860
- C:\Windows\System\riSIXGj.exe
  C:\Windows\System\riSIXGj.exe
  2⤵
  PID:6880
- C:\Windows\System\bhfgEzG.exe
  C:\Windows\System\bhfgEzG.exe
  2⤵
  PID:6900
- C:\Windows\System\KXoyROs.exe
  C:\Windows\System\KXoyROs.exe
  2⤵
  PID:6920
- C:\Windows\System\HCjlhKj.exe
  C:\Windows\System\HCjlhKj.exe
  2⤵
  PID:6940
- C:\Windows\System\JPmsNzt.exe
  C:\Windows\System\JPmsNzt.exe
  2⤵
  PID:6964
- C:\Windows\System\BIUVeaP.exe
  C:\Windows\System\BIUVeaP.exe
  2⤵
  PID:6984
- C:\Windows\System\tyeJfBt.exe
  C:\Windows\System\tyeJfBt.exe
  2⤵
  PID:7004
- C:\Windows\System\cJTJguq.exe
  C:\Windows\System\cJTJguq.exe
  2⤵
  PID:7024
- C:\Windows\System\HGucNVz.exe
  C:\Windows\System\HGucNVz.exe
  2⤵
  PID:7044
- C:\Windows\System\mOOQZce.exe
  C:\Windows\System\mOOQZce.exe
  2⤵
  PID:7064
- C:\Windows\System\ruBbXGp.exe
  C:\Windows\System\ruBbXGp.exe
  2⤵
  PID:7084
- C:\Windows\System\rZmpMYw.exe
  C:\Windows\System\rZmpMYw.exe
  2⤵
  PID:7104
- C:\Windows\System\mWkNZKt.exe
  C:\Windows\System\mWkNZKt.exe
  2⤵
  PID:7124
- C:\Windows\System\wxdxvFg.exe
  C:\Windows\System\wxdxvFg.exe
  2⤵
  PID:7144
- C:\Windows\System\ZoxUcEj.exe
  C:\Windows\System\ZoxUcEj.exe
  2⤵
  PID:7164
- C:\Windows\System\wDJvrZj.exe
  C:\Windows\System\wDJvrZj.exe
  2⤵
  PID:5740
- C:\Windows\System\sLXofjv.exe
  C:\Windows\System\sLXofjv.exe
  2⤵
  PID:5804
- C:\Windows\System\GpLLAdS.exe
  C:\Windows\System\GpLLAdS.exe
  2⤵
  PID:5828
- C:\Windows\System\VOmiDMo.exe
  C:\Windows\System\VOmiDMo.exe
  2⤵
  PID:6020
- C:\Windows\System\PFBTpOs.exe
  C:\Windows\System\PFBTpOs.exe
  2⤵
  PID:6044
- C:\Windows\System\gBqgMUs.exe
  C:\Windows\System\gBqgMUs.exe
  2⤵
  PID:4980
- C:\Windows\System\esnONvo.exe
  C:\Windows\System\esnONvo.exe
  2⤵
  PID:2216
- C:\Windows\System\UAoNMAo.exe
  C:\Windows\System\UAoNMAo.exe
  2⤵
  PID:5124
- C:\Windows\System\xadsPpJ.exe
  C:\Windows\System\xadsPpJ.exe
  2⤵
  PID:5316
- C:\Windows\System\mgHhyCQ.exe
  C:\Windows\System\mgHhyCQ.exe
  2⤵
  PID:5376
- C:\Windows\System\DnARQDt.exe
  C:\Windows\System\DnARQDt.exe
  2⤵
  PID:5608
- C:\Windows\System\SqxqTkJ.exe
  C:\Windows\System\SqxqTkJ.exe
  2⤵
  PID:6188
- C:\Windows\System\ozuYhSZ.exe
  C:\Windows\System\ozuYhSZ.exe
  2⤵
  PID:6192
- C:\Windows\System\ecTuVZB.exe
  C:\Windows\System\ecTuVZB.exe
  2⤵
  PID:6236
- C:\Windows\System\ClHFqSY.exe
  C:\Windows\System\ClHFqSY.exe
  2⤵
  PID:6276
- C:\Windows\System\ZyDjsEc.exe
  C:\Windows\System\ZyDjsEc.exe
  2⤵
  PID:6296
- C:\Windows\System\BivssNX.exe
  C:\Windows\System\BivssNX.exe
  2⤵
  PID:6348
- C:\Windows\System\FQOrfnO.exe
  C:\Windows\System\FQOrfnO.exe
  2⤵
  PID:6368
- C:\Windows\System\QudaswX.exe
  C:\Windows\System\QudaswX.exe
  2⤵
  PID:6392
- C:\Windows\System\pGwLeRG.exe
  C:\Windows\System\pGwLeRG.exe
  2⤵
  PID:6436
- C:\Windows\System\mIeIkCd.exe
  C:\Windows\System\mIeIkCd.exe
  2⤵
  PID:6452
- C:\Windows\System\wHCtbkW.exe
  C:\Windows\System\wHCtbkW.exe
  2⤵
  PID:6496
- C:\Windows\System\sPKUWFC.exe
  C:\Windows\System\sPKUWFC.exe
  2⤵
  PID:6536
- C:\Windows\System\qlYxyUB.exe
  C:\Windows\System\qlYxyUB.exe
  2⤵
  PID:6568
- C:\Windows\System\mumVRdS.exe
  C:\Windows\System\mumVRdS.exe
  2⤵
  PID:6572
- C:\Windows\System\cPvkEzy.exe
  C:\Windows\System\cPvkEzy.exe
  2⤵
  PID:6616
- C:\Windows\System\zgrLxYE.exe
  C:\Windows\System\zgrLxYE.exe
  2⤵
  PID:6668
- C:\Windows\System\mpytygQ.exe
  C:\Windows\System\mpytygQ.exe
  2⤵
  PID:6688
- C:\Windows\System\IKLxnPC.exe
  C:\Windows\System\IKLxnPC.exe
  2⤵
  PID:6712
- C:\Windows\System\biXRZpY.exe
  C:\Windows\System\biXRZpY.exe
  2⤵
  PID:6756
- C:\Windows\System\tddZiyl.exe
  C:\Windows\System\tddZiyl.exe
  2⤵
  PID:6772
- C:\Windows\System\PoAtxzm.exe
  C:\Windows\System\PoAtxzm.exe
  2⤵
  PID:6816
- C:\Windows\System\FYrTPfz.exe
  C:\Windows\System\FYrTPfz.exe
  2⤵
  PID:6868
- C:\Windows\System\PBDIlCq.exe
  C:\Windows\System\PBDIlCq.exe
  2⤵
  PID:6888
- C:\Windows\System\tKYfuOq.exe
  C:\Windows\System\tKYfuOq.exe
  2⤵
  PID:6912
- C:\Windows\System\DqzDbEn.exe
  C:\Windows\System\DqzDbEn.exe
  2⤵
  PID:6960
- C:\Windows\System\bjCSuCS.exe
  C:\Windows\System\bjCSuCS.exe
  2⤵
  PID:6980
- C:\Windows\System\wJsmMwf.exe
  C:\Windows\System\wJsmMwf.exe
  2⤵
  PID:7016
- C:\Windows\System\SQfnBUV.exe
  C:\Windows\System\SQfnBUV.exe
  2⤵
  PID:7072
- C:\Windows\System\KPVjJfX.exe
  C:\Windows\System\KPVjJfX.exe
  2⤵
  PID:7112
- C:\Windows\System\CTPulyu.exe
  C:\Windows\System\CTPulyu.exe
  2⤵
  PID:7132
- C:\Windows\System\MAsrnuX.exe
  C:\Windows\System\MAsrnuX.exe
  2⤵
  PID:7156
- C:\Windows\System\TqHyZRg.exe
  C:\Windows\System\TqHyZRg.exe
  2⤵
  PID:5708
- C:\Windows\System\SjnEdLU.exe
  C:\Windows\System\SjnEdLU.exe
  2⤵
  PID:5864
- C:\Windows\System\UaJvQsy.exe
  C:\Windows\System\UaJvQsy.exe
  2⤵
  PID:3040
- C:\Windows\System\YLqGEjD.exe
  C:\Windows\System\YLqGEjD.exe
  2⤵
  PID:3868
- C:\Windows\System\PKlFJcP.exe
  C:\Windows\System\PKlFJcP.exe
  2⤵
  PID:5276
- C:\Windows\System\RlOMcRW.exe
  C:\Windows\System\RlOMcRW.exe
  2⤵
  PID:5380
- C:\Windows\System\xWaEJdH.exe
  C:\Windows\System\xWaEJdH.exe
  2⤵
  PID:5488
- C:\Windows\System\QKqinWc.exe
  C:\Windows\System\QKqinWc.exe
  2⤵
  PID:6216
- C:\Windows\System\NMCIynO.exe
  C:\Windows\System\NMCIynO.exe
  2⤵
  PID:6268
- C:\Windows\System\nERRrOx.exe
  C:\Windows\System\nERRrOx.exe
  2⤵
  PID:6352
- C:\Windows\System\DwENOBT.exe
  C:\Windows\System\DwENOBT.exe
  2⤵
  PID:6332
- C:\Windows\System\jAdvPmq.exe
  C:\Windows\System\jAdvPmq.exe
  2⤵
  PID:6396
- C:\Windows\System\rCYXPZR.exe
  C:\Windows\System\rCYXPZR.exe
  2⤵
  PID:6508
- C:\Windows\System\mFqiMFH.exe
  C:\Windows\System\mFqiMFH.exe
  2⤵
  PID:6556
- C:\Windows\System\bUMEISj.exe
  C:\Windows\System\bUMEISj.exe
  2⤵
  PID:6608
- C:\Windows\System\SgbTdNE.exe
  C:\Windows\System\SgbTdNE.exe
  2⤵
  PID:6636
- C:\Windows\System\pJhYokO.exe
  C:\Windows\System\pJhYokO.exe
  2⤵
  PID:6696
- C:\Windows\System\Nzpwzms.exe
  C:\Windows\System\Nzpwzms.exe
  2⤵
  PID:6736
- C:\Windows\System\KnMupjM.exe
  C:\Windows\System\KnMupjM.exe
  2⤵
  PID:6776
- C:\Windows\System\aXJwyxb.exe
  C:\Windows\System\aXJwyxb.exe
  2⤵
  PID:6872
- C:\Windows\System\FXrytqj.exe
  C:\Windows\System\FXrytqj.exe
  2⤵
  PID:6916
- C:\Windows\System\JCgQkgU.exe
  C:\Windows\System\JCgQkgU.exe
  2⤵
  PID:7020
- C:\Windows\System\fVLRzho.exe
  C:\Windows\System\fVLRzho.exe
  2⤵
  PID:7092
- C:\Windows\System\VDrOJwr.exe
  C:\Windows\System\VDrOJwr.exe
  2⤵
  PID:7052
- C:\Windows\System\xfLdhQG.exe
  C:\Windows\System\xfLdhQG.exe
  2⤵
  PID:7136
- C:\Windows\System\RquAWzi.exe
  C:\Windows\System\RquAWzi.exe
  2⤵
  PID:5920
- C:\Windows\System\UhfXVyo.exe
  C:\Windows\System\UhfXVyo.exe
  2⤵
  PID:6128
- C:\Windows\System\NnkSnwX.exe
  C:\Windows\System\NnkSnwX.exe
  2⤵
  PID:4860
- C:\Windows\System\xgOCGZb.exe
  C:\Windows\System\xgOCGZb.exe
  2⤵
  PID:5528
- C:\Windows\System\CZtEfju.exe
  C:\Windows\System\CZtEfju.exe
  2⤵
  PID:6228
- C:\Windows\System\dHEqPZr.exe
  C:\Windows\System\dHEqPZr.exe
  2⤵
  PID:6248
- C:\Windows\System\ZRTqwlT.exe
  C:\Windows\System\ZRTqwlT.exe
  2⤵
  PID:6328
- C:\Windows\System\Hxtwnjl.exe
  C:\Windows\System\Hxtwnjl.exe
  2⤵
  PID:6552
- C:\Windows\System\bjGeScn.exe
  C:\Windows\System\bjGeScn.exe
  2⤵
  PID:6596
- C:\Windows\System\aFgIRNY.exe
  C:\Windows\System\aFgIRNY.exe
  2⤵
  PID:6692
- C:\Windows\System\sUirmsg.exe
  C:\Windows\System\sUirmsg.exe
  2⤵
  PID:6748
- C:\Windows\System\vmssSmd.exe
  C:\Windows\System\vmssSmd.exe
  2⤵
  PID:6808
- C:\Windows\System\HjIdFvV.exe
  C:\Windows\System\HjIdFvV.exe
  2⤵
  PID:7180
- C:\Windows\System\QLZMIEu.exe
  C:\Windows\System\QLZMIEu.exe
  2⤵
  PID:7200
- C:\Windows\System\TCAuKHG.exe
  C:\Windows\System\TCAuKHG.exe
  2⤵
  PID:7220
- C:\Windows\System\WAfcWsQ.exe
  C:\Windows\System\WAfcWsQ.exe
  2⤵
  PID:7244
- C:\Windows\System\eXBphyI.exe
  C:\Windows\System\eXBphyI.exe
  2⤵
  PID:7264
- C:\Windows\System\WSDCeKf.exe
  C:\Windows\System\WSDCeKf.exe
  2⤵
  PID:7288
- C:\Windows\System\iXFKNDA.exe
  C:\Windows\System\iXFKNDA.exe
  2⤵
  PID:7308
- C:\Windows\System\Xysbqrc.exe
  C:\Windows\System\Xysbqrc.exe
  2⤵
  PID:7324
- C:\Windows\System\CSkQrAk.exe
  C:\Windows\System\CSkQrAk.exe
  2⤵
  PID:7348
- C:\Windows\System\OKJXDbe.exe
  C:\Windows\System\OKJXDbe.exe
  2⤵
  PID:7368
- C:\Windows\System\wlwUNPh.exe
  C:\Windows\System\wlwUNPh.exe
  2⤵
  PID:7388
- C:\Windows\System\DQcHfeC.exe
  C:\Windows\System\DQcHfeC.exe
  2⤵
  PID:7408
- C:\Windows\System\qooWyPu.exe
  C:\Windows\System\qooWyPu.exe
  2⤵
  PID:7424
- C:\Windows\System\FyTnnkm.exe
  C:\Windows\System\FyTnnkm.exe
  2⤵
  PID:7448
- C:\Windows\System\MoKuQKY.exe
  C:\Windows\System\MoKuQKY.exe
  2⤵
  PID:7468
- C:\Windows\System\bTjARPS.exe
  C:\Windows\System\bTjARPS.exe
  2⤵
  PID:7484
- C:\Windows\System\oeRMzwW.exe
  C:\Windows\System\oeRMzwW.exe
  2⤵
  PID:7508
- C:\Windows\System\jJUTInA.exe
  C:\Windows\System\jJUTInA.exe
  2⤵
  PID:7524
- C:\Windows\System\ZnCuLSh.exe
  C:\Windows\System\ZnCuLSh.exe
  2⤵
  PID:7540
- C:\Windows\System\PfEKvtm.exe
  C:\Windows\System\PfEKvtm.exe
  2⤵
  PID:7564
- C:\Windows\System\ausTkbD.exe
  C:\Windows\System\ausTkbD.exe
  2⤵
  PID:7584
- C:\Windows\System\YyMMQjo.exe
  C:\Windows\System\YyMMQjo.exe
  2⤵
  PID:7608
- C:\Windows\System\UVSqTcC.exe
  C:\Windows\System\UVSqTcC.exe
  2⤵
  PID:7624
- C:\Windows\System\EawnJVf.exe
  C:\Windows\System\EawnJVf.exe
  2⤵
  PID:7644
- C:\Windows\System\nTmrZOB.exe
  C:\Windows\System\nTmrZOB.exe
  2⤵
  PID:7668
- C:\Windows\System\QKvzDrC.exe
  C:\Windows\System\QKvzDrC.exe
  2⤵
  PID:7688
- C:\Windows\System\zBtmeSU.exe
  C:\Windows\System\zBtmeSU.exe
  2⤵
  PID:7708
- C:\Windows\System\pZShDjz.exe
  C:\Windows\System\pZShDjz.exe
  2⤵
  PID:7728
- C:\Windows\System\BxCVTeS.exe
  C:\Windows\System\BxCVTeS.exe
  2⤵
  PID:7748
- C:\Windows\System\YCybnix.exe
  C:\Windows\System\YCybnix.exe
  2⤵
  PID:7768
- C:\Windows\System\DMyCbIY.exe
  C:\Windows\System\DMyCbIY.exe
  2⤵
  PID:7788
- C:\Windows\System\XjLmBtp.exe
  C:\Windows\System\XjLmBtp.exe
  2⤵
  PID:7808
- C:\Windows\System\giBdvet.exe
  C:\Windows\System\giBdvet.exe
  2⤵
  PID:7824
- C:\Windows\System\TRsRdwA.exe
  C:\Windows\System\TRsRdwA.exe
  2⤵
  PID:7844
- C:\Windows\System\IKTlBVo.exe
  C:\Windows\System\IKTlBVo.exe
  2⤵
  PID:7868
- C:\Windows\System\yZMUQGw.exe
  C:\Windows\System\yZMUQGw.exe
  2⤵
  PID:7888
- C:\Windows\System\fwHFHHE.exe
  C:\Windows\System\fwHFHHE.exe
  2⤵
  PID:7908
- C:\Windows\System\nymJOpH.exe
  C:\Windows\System\nymJOpH.exe
  2⤵
  PID:7924
- C:\Windows\System\oPIBVSh.exe
  C:\Windows\System\oPIBVSh.exe
  2⤵
  PID:7948
- C:\Windows\System\BDirmSC.exe
  C:\Windows\System\BDirmSC.exe
  2⤵
  PID:7968
- C:\Windows\System\OdJGAxT.exe
  C:\Windows\System\OdJGAxT.exe
  2⤵
  PID:7988
- C:\Windows\System\cQYCrNi.exe
  C:\Windows\System\cQYCrNi.exe
  2⤵
  PID:8008
- C:\Windows\System\KWiZEeh.exe
  C:\Windows\System\KWiZEeh.exe
  2⤵
  PID:8024
- C:\Windows\System\hWQTgwH.exe
  C:\Windows\System\hWQTgwH.exe
  2⤵
  PID:8048
- C:\Windows\System\mjPqSUW.exe
  C:\Windows\System\mjPqSUW.exe
  2⤵
  PID:8068
- C:\Windows\System\ZJDkATs.exe
  C:\Windows\System\ZJDkATs.exe
  2⤵
  PID:8088
- C:\Windows\System\teugLEq.exe
  C:\Windows\System\teugLEq.exe
  2⤵
  PID:8108
- C:\Windows\System\vBGItgl.exe
  C:\Windows\System\vBGItgl.exe
  2⤵
  PID:8124
- C:\Windows\System\MJjWVDe.exe
  C:\Windows\System\MJjWVDe.exe
  2⤵
  PID:8140
- C:\Windows\System\kBzvEZl.exe
  C:\Windows\System\kBzvEZl.exe
  2⤵
  PID:8168
- C:\Windows\System\NOQMKTp.exe
  C:\Windows\System\NOQMKTp.exe
  2⤵
  PID:8188
- C:\Windows\System\iqumuWf.exe
  C:\Windows\System\iqumuWf.exe
  2⤵
  PID:6948
- C:\Windows\System\QhnCMYf.exe
  C:\Windows\System\QhnCMYf.exe
  2⤵
  PID:7036
- C:\Windows\System\tEGMwon.exe
  C:\Windows\System\tEGMwon.exe
  2⤵
  PID:7096
- C:\Windows\System\JzdIzES.exe
  C:\Windows\System\JzdIzES.exe
  2⤵
  PID:5968
- C:\Windows\System\hTBKCEV.exe
  C:\Windows\System\hTBKCEV.exe
  2⤵
  PID:5260
- C:\Windows\System\xAllHiU.exe
  C:\Windows\System\xAllHiU.exe
  2⤵
  PID:5600
- C:\Windows\System\TLDiqod.exe
  C:\Windows\System\TLDiqod.exe
  2⤵
  PID:6336
- C:\Windows\System\TaxnZtm.exe
  C:\Windows\System\TaxnZtm.exe
  2⤵
  PID:6456
- C:\Windows\System\hRdtPHq.exe
  C:\Windows\System\hRdtPHq.exe
  2⤵
  PID:6588
- C:\Windows\System\BUDbfOk.exe
  C:\Windows\System\BUDbfOk.exe
  2⤵
  PID:6652
- C:\Windows\System\hXftLmD.exe
  C:\Windows\System\hXftLmD.exe
  2⤵
  PID:6852
- C:\Windows\System\bmsnnjf.exe
  C:\Windows\System\bmsnnjf.exe
  2⤵
  PID:7196
- C:\Windows\System\YfOUXQx.exe
  C:\Windows\System\YfOUXQx.exe
  2⤵
  PID:7296
- C:\Windows\System\TqcmSan.exe
  C:\Windows\System\TqcmSan.exe
  2⤵
  PID:7300
- C:\Windows\System\ORKzAKT.exe
  C:\Windows\System\ORKzAKT.exe
  2⤵
  PID:7344
- C:\Windows\System\envpEgm.exe
  C:\Windows\System\envpEgm.exe
  2⤵
  PID:7384
- C:\Windows\System\JPxANHC.exe
  C:\Windows\System\JPxANHC.exe
  2⤵
  PID:7356
- C:\Windows\System\KHcPewN.exe
  C:\Windows\System\KHcPewN.exe
  2⤵
  PID:7404
- C:\Windows\System\CoyxKHX.exe
  C:\Windows\System\CoyxKHX.exe
  2⤵
  PID:7460
- C:\Windows\System\OdzZLyv.exe
  C:\Windows\System\OdzZLyv.exe
  2⤵
  PID:7496
- C:\Windows\System\zxwqZfg.exe
  C:\Windows\System\zxwqZfg.exe
  2⤵
  PID:7516
- C:\Windows\System\UtDtbYQ.exe
  C:\Windows\System\UtDtbYQ.exe
  2⤵
  PID:7552
- C:\Windows\System\ECDEVEz.exe
  C:\Windows\System\ECDEVEz.exe
  2⤵
  PID:7556
- C:\Windows\System\ofLSlFU.exe
  C:\Windows\System\ofLSlFU.exe
  2⤵
  PID:7620
- C:\Windows\System\MCYpkMe.exe
  C:\Windows\System\MCYpkMe.exe
  2⤵
  PID:7696
- C:\Windows\System\OiYgMUI.exe
  C:\Windows\System\OiYgMUI.exe
  2⤵
  PID:7684
- C:\Windows\System\GZpVljN.exe
  C:\Windows\System\GZpVljN.exe
  2⤵
  PID:7716
- C:\Windows\System\PPsqneu.exe
  C:\Windows\System\PPsqneu.exe
  2⤵
  PID:7784
- C:\Windows\System\EFbcySa.exe
  C:\Windows\System\EFbcySa.exe
  2⤵
  PID:7764
- C:\Windows\System\rmNaSFO.exe
  C:\Windows\System\rmNaSFO.exe
  2⤵
  PID:7852
- C:\Windows\System\KksFtnr.exe
  C:\Windows\System\KksFtnr.exe
  2⤵
  PID:7856
- C:\Windows\System\YoOEncT.exe
  C:\Windows\System\YoOEncT.exe
  2⤵
  PID:7896
- C:\Windows\System\vUWxlXD.exe
  C:\Windows\System\vUWxlXD.exe
  2⤵
  PID:7932
- C:\Windows\System\aRqfHta.exe
  C:\Windows\System\aRqfHta.exe
  2⤵
  PID:7920
- C:\Windows\System\VVgTPho.exe
  C:\Windows\System\VVgTPho.exe
  2⤵
  PID:7984
- C:\Windows\System\rzDtSgu.exe
  C:\Windows\System\rzDtSgu.exe
  2⤵
  PID:8004
- C:\Windows\System\CueMEDU.exe
  C:\Windows\System\CueMEDU.exe
  2⤵
  PID:8056
- C:\Windows\System\dElaIJo.exe
  C:\Windows\System\dElaIJo.exe
  2⤵
  PID:1164
- C:\Windows\System\rmPTFcH.exe
  C:\Windows\System\rmPTFcH.exe
  2⤵
  PID:8100
- C:\Windows\System\KJnRYzY.exe
  C:\Windows\System\KJnRYzY.exe
  2⤵
  PID:8120
- C:\Windows\System\QSgBYAD.exe
  C:\Windows\System\QSgBYAD.exe
  2⤵
  PID:8184
- C:\Windows\System\ZYKKDTW.exe
  C:\Windows\System\ZYKKDTW.exe
  2⤵
  PID:7076
- C:\Windows\System\ReXFwJv.exe
  C:\Windows\System\ReXFwJv.exe
  2⤵
  PID:5624
- C:\Windows\System\IPGlugK.exe
  C:\Windows\System\IPGlugK.exe
  2⤵
  PID:5264
- C:\Windows\System\YXaMkfn.exe
  C:\Windows\System\YXaMkfn.exe
  2⤵
  PID:3888
- C:\Windows\System\EmXixvy.exe
  C:\Windows\System\EmXixvy.exe
  2⤵
  PID:6448
- C:\Windows\System\wShtBip.exe
  C:\Windows\System\wShtBip.exe
  2⤵
  PID:2104
- C:\Windows\System\dFFFyJn.exe
  C:\Windows\System\dFFFyJn.exe
  2⤵
  PID:7256
- C:\Windows\System\ZfWGzmj.exe
  C:\Windows\System\ZfWGzmj.exe
  2⤵
  PID:7192
- C:\Windows\System\PpOCWKL.exe
  C:\Windows\System\PpOCWKL.exe
  2⤵
  PID:7188
- C:\Windows\System\zIBWrDd.exe
  C:\Windows\System\zIBWrDd.exe
  2⤵
  PID:7360
- C:\Windows\System\HYVRbMw.exe
  C:\Windows\System\HYVRbMw.exe
  2⤵
  PID:7396
- C:\Windows\System\LMwSvhK.exe
  C:\Windows\System\LMwSvhK.exe
  2⤵
  PID:7504
- C:\Windows\System\DCQABlc.exe
  C:\Windows\System\DCQABlc.exe
  2⤵
  PID:7572
- C:\Windows\System\GqUqLId.exe
  C:\Windows\System\GqUqLId.exe
  2⤵
  PID:7580
- C:\Windows\System\CcZVRwF.exe
  C:\Windows\System\CcZVRwF.exe
  2⤵
  PID:7636
- C:\Windows\System\EEFJUDJ.exe
  C:\Windows\System\EEFJUDJ.exe
  2⤵
  PID:7664
- C:\Windows\System\kEhEDPc.exe
  C:\Windows\System\kEhEDPc.exe
  2⤵
  PID:7700
- C:\Windows\System\AizCipG.exe
  C:\Windows\System\AizCipG.exe
  2⤵
  PID:7804
- C:\Windows\System\tuFwsqD.exe
  C:\Windows\System\tuFwsqD.exe
  2⤵
  PID:7832
- C:\Windows\System\AWmSMbH.exe
  C:\Windows\System\AWmSMbH.exe
  2⤵
  PID:7836
- C:\Windows\System\kJgfKid.exe
  C:\Windows\System\kJgfKid.exe
  2⤵
  PID:7944
- C:\Windows\System\jrDSWwY.exe
  C:\Windows\System\jrDSWwY.exe
  2⤵
  PID:7976
- C:\Windows\System\qRSDVkv.exe
  C:\Windows\System\qRSDVkv.exe
  2⤵
  PID:7956
- C:\Windows\System\WDgCYJF.exe
  C:\Windows\System\WDgCYJF.exe
  2⤵
  PID:8116
- C:\Windows\System\HANAEGw.exe
  C:\Windows\System\HANAEGw.exe
  2⤵
  PID:8076
- C:\Windows\System\aWTJxfl.exe
  C:\Windows\System\aWTJxfl.exe
  2⤵
  PID:6932
- C:\Windows\System\eQmMeIj.exe
  C:\Windows\System\eQmMeIj.exe
  2⤵
  PID:7160
- C:\Windows\System\hRpPENu.exe
  C:\Windows\System\hRpPENu.exe
  2⤵
  PID:6024
- C:\Windows\System\DIsNekw.exe
  C:\Windows\System\DIsNekw.exe
  2⤵
  PID:6312
- C:\Windows\System\AUANuHB.exe
  C:\Windows\System\AUANuHB.exe
  2⤵
  PID:7272
- C:\Windows\System\HmjJHbb.exe
  C:\Windows\System\HmjJHbb.exe
  2⤵
  PID:7236
- C:\Windows\System\BDZBTnV.exe
  C:\Windows\System\BDZBTnV.exe
  2⤵
  PID:7376
- C:\Windows\System\DcmRDCA.exe
  C:\Windows\System\DcmRDCA.exe
  2⤵
  PID:7420
- C:\Windows\System\AYfCXEw.exe
  C:\Windows\System\AYfCXEw.exe
  2⤵
  PID:7480
- C:\Windows\System\FuxJYpU.exe
  C:\Windows\System\FuxJYpU.exe
  2⤵
  PID:7704
- C:\Windows\System\kTmwXDk.exe
  C:\Windows\System\kTmwXDk.exe
  2⤵
  PID:7640
- C:\Windows\System\RCIFmBe.exe
  C:\Windows\System\RCIFmBe.exe
  2⤵
  PID:2108
- C:\Windows\System\xdPgUYd.exe
  C:\Windows\System\xdPgUYd.exe
  2⤵
  PID:7880
- C:\Windows\System\RsMxPbI.exe
  C:\Windows\System\RsMxPbI.exe
  2⤵
  PID:2036
- C:\Windows\System\HReAfmN.exe
  C:\Windows\System\HReAfmN.exe
  2⤵
  PID:8104
- C:\Windows\System\PnzKNvJ.exe
  C:\Windows\System\PnzKNvJ.exe
  2⤵
  PID:8040
- C:\Windows\System\WuOYVWo.exe
  C:\Windows\System\WuOYVWo.exe
  2⤵
  PID:2772
- C:\Windows\System\YIIyWIn.exe
  C:\Windows\System\YIIyWIn.exe
  2⤵
  PID:6140
- C:\Windows\System\HoBulxI.exe
  C:\Windows\System\HoBulxI.exe
  2⤵
  PID:6372
- C:\Windows\System\BBVwMol.exe
  C:\Windows\System\BBVwMol.exe
  2⤵
  PID:7416
- C:\Windows\System\ARAoXVZ.exe
  C:\Windows\System\ARAoXVZ.exe
  2⤵
  PID:7464
- C:\Windows\System\IwTbvQN.exe
  C:\Windows\System\IwTbvQN.exe
  2⤵
  PID:7616
- C:\Windows\System\oNPiuFf.exe
  C:\Windows\System\oNPiuFf.exe
  2⤵
  PID:7800
- C:\Windows\System\hwJOjuJ.exe
  C:\Windows\System\hwJOjuJ.exe
  2⤵
  PID:8208
- C:\Windows\System\jVvbywn.exe
  C:\Windows\System\jVvbywn.exe
  2⤵
  PID:8224
- C:\Windows\System\VUVpODN.exe
  C:\Windows\System\VUVpODN.exe
  2⤵
  PID:8244
- C:\Windows\System\WiowqDk.exe
  C:\Windows\System\WiowqDk.exe
  2⤵
  PID:8268
- C:\Windows\System\pTYOdiY.exe
  C:\Windows\System\pTYOdiY.exe
  2⤵
  PID:8288
- C:\Windows\System\ItzqaSi.exe
  C:\Windows\System\ItzqaSi.exe
  2⤵
  PID:8308
- C:\Windows\System\zpqDhfJ.exe
  C:\Windows\System\zpqDhfJ.exe
  2⤵
  PID:8328
- C:\Windows\System\WEcKOty.exe
  C:\Windows\System\WEcKOty.exe
  2⤵
  PID:8348
- C:\Windows\System\JQVAXoU.exe
  C:\Windows\System\JQVAXoU.exe
  2⤵
  PID:8368
- C:\Windows\System\LYVSGNQ.exe
  C:\Windows\System\LYVSGNQ.exe
  2⤵
  PID:8388
- C:\Windows\System\rTTKiME.exe
  C:\Windows\System\rTTKiME.exe
  2⤵
  PID:8408
- C:\Windows\System\krFhBbh.exe
  C:\Windows\System\krFhBbh.exe
  2⤵
  PID:8428
- C:\Windows\System\WHYTEnh.exe
  C:\Windows\System\WHYTEnh.exe
  2⤵
  PID:8448
- C:\Windows\System\dUWlTJa.exe
  C:\Windows\System\dUWlTJa.exe
  2⤵
  PID:8468
- C:\Windows\System\ldeBzuf.exe
  C:\Windows\System\ldeBzuf.exe
  2⤵
  PID:8488
- C:\Windows\System\tIJJCak.exe
  C:\Windows\System\tIJJCak.exe
  2⤵
  PID:8508
- C:\Windows\System\NKjohCW.exe
  C:\Windows\System\NKjohCW.exe
  2⤵
  PID:8524
- C:\Windows\System\GFWWTvj.exe
  C:\Windows\System\GFWWTvj.exe
  2⤵
  PID:8544
- C:\Windows\System\zHgSdQd.exe
  C:\Windows\System\zHgSdQd.exe
  2⤵
  PID:8568
- C:\Windows\System\Rverdbv.exe
  C:\Windows\System\Rverdbv.exe
  2⤵
  PID:8592
- C:\Windows\System\LewpMMo.exe
  C:\Windows\System\LewpMMo.exe
  2⤵
  PID:8612
- C:\Windows\System\KFBwBAE.exe
  C:\Windows\System\KFBwBAE.exe
  2⤵
  PID:8632
- C:\Windows\System\CksNQLN.exe
  C:\Windows\System\CksNQLN.exe
  2⤵
  PID:8652
- C:\Windows\System\BjrydNP.exe
  C:\Windows\System\BjrydNP.exe
  2⤵
  PID:8672
- C:\Windows\System\AYavirp.exe
  C:\Windows\System\AYavirp.exe
  2⤵
  PID:8692
- C:\Windows\System\rdJgzvr.exe
  C:\Windows\System\rdJgzvr.exe
  2⤵
  PID:8712
- C:\Windows\System\suegGPh.exe
  C:\Windows\System\suegGPh.exe
  2⤵
  PID:8732
- C:\Windows\System\lATfOum.exe
  C:\Windows\System\lATfOum.exe
  2⤵
  PID:8752
- C:\Windows\System\OWFFBMx.exe
  C:\Windows\System\OWFFBMx.exe
  2⤵
  PID:8772
- C:\Windows\System\EdmFLXN.exe
  C:\Windows\System\EdmFLXN.exe
  2⤵
  PID:8788
- C:\Windows\System\ylJpcYI.exe
  C:\Windows\System\ylJpcYI.exe
  2⤵
  PID:8812
- C:\Windows\System\FMuhLik.exe
  C:\Windows\System\FMuhLik.exe
  2⤵
  PID:8832
- C:\Windows\System\WQkLFok.exe
  C:\Windows\System\WQkLFok.exe
  2⤵
  PID:8852
- C:\Windows\System\jcIRyVA.exe
  C:\Windows\System\jcIRyVA.exe
  2⤵
  PID:8872
- C:\Windows\System\UPjqlgk.exe
  C:\Windows\System\UPjqlgk.exe
  2⤵
  PID:8892
- C:\Windows\System\GfPwwFX.exe
  C:\Windows\System\GfPwwFX.exe
  2⤵
  PID:8912
- C:\Windows\System\aURyHQe.exe
  C:\Windows\System\aURyHQe.exe
  2⤵
  PID:8932
- C:\Windows\System\EGtxjDU.exe
  C:\Windows\System\EGtxjDU.exe
  2⤵
  PID:8952
- C:\Windows\System\DAyyWmA.exe
  C:\Windows\System\DAyyWmA.exe
  2⤵
  PID:8972
- C:\Windows\System\XpaEhOo.exe
  C:\Windows\System\XpaEhOo.exe
  2⤵
  PID:8992
- C:\Windows\System\DrtImiX.exe
  C:\Windows\System\DrtImiX.exe
  2⤵
  PID:9020
- C:\Windows\System\TJIXIYO.exe
  C:\Windows\System\TJIXIYO.exe
  2⤵
  PID:9036
- C:\Windows\System\SuSXZjZ.exe
  C:\Windows\System\SuSXZjZ.exe
  2⤵
  PID:9056
- C:\Windows\System\RgPlcQS.exe
  C:\Windows\System\RgPlcQS.exe
  2⤵
  PID:9080
- C:\Windows\System\zemMuGV.exe
  C:\Windows\System\zemMuGV.exe
  2⤵
  PID:9096
- C:\Windows\System\qfkjmCe.exe
  C:\Windows\System\qfkjmCe.exe
  2⤵
  PID:9116
- C:\Windows\System\OWnrIrQ.exe
  C:\Windows\System\OWnrIrQ.exe
  2⤵
  PID:9136
- C:\Windows\System\sqrciKU.exe
  C:\Windows\System\sqrciKU.exe
  2⤵
  PID:9152
- C:\Windows\System\QMOrYXv.exe
  C:\Windows\System\QMOrYXv.exe
  2⤵
  PID:9172
- C:\Windows\System\ENVhBUl.exe
  C:\Windows\System\ENVhBUl.exe
  2⤵
  PID:9188
- C:\Windows\System\OLBaFrK.exe
  C:\Windows\System\OLBaFrK.exe
  2⤵
  PID:9204
- C:\Windows\System\pvONBAS.exe
  C:\Windows\System\pvONBAS.exe
  2⤵
  PID:7776
- C:\Windows\System\cfaDkHv.exe
  C:\Windows\System\cfaDkHv.exe
  2⤵
  PID:7864
- C:\Windows\System\LvyIAyQ.exe
  C:\Windows\System\LvyIAyQ.exe
  2⤵
  PID:8020
- C:\Windows\System\MRNeNYO.exe
  C:\Windows\System\MRNeNYO.exe
  2⤵
  PID:7996
- C:\Windows\System\fTrCeFm.exe
  C:\Windows\System\fTrCeFm.exe
  2⤵
  PID:6632
- C:\Windows\System\bXYFXVF.exe
  C:\Windows\System\bXYFXVF.exe
  2⤵
  PID:7500
- C:\Windows\System\mvHMKuL.exe
  C:\Windows\System\mvHMKuL.exe
  2⤵
  PID:6416
- C:\Windows\System\MxYbQXI.exe
  C:\Windows\System\MxYbQXI.exe
  2⤵
  PID:7332
- C:\Windows\System\HabfTkv.exe
  C:\Windows\System\HabfTkv.exe
  2⤵
  PID:2668
- C:\Windows\System\vfCLRns.exe
  C:\Windows\System\vfCLRns.exe
  2⤵
  PID:2064
- C:\Windows\System\eloOhxQ.exe
  C:\Windows\System\eloOhxQ.exe
  2⤵
  PID:8232
- C:\Windows\System\JpEujRV.exe
  C:\Windows\System\JpEujRV.exe
  2⤵
  PID:8220
- C:\Windows\System\GBCisGR.exe
  C:\Windows\System\GBCisGR.exe
  2⤵
  PID:8404
- C:\Windows\System\NyPyNWF.exe
  C:\Windows\System\NyPyNWF.exe
  2⤵
  PID:8376
- C:\Windows\System\kvnfpbx.exe
  C:\Windows\System\kvnfpbx.exe
  2⤵
  PID:8436
- C:\Windows\System\lPlzFep.exe
  C:\Windows\System\lPlzFep.exe
  2⤵
  PID:2360
- C:\Windows\System\wHVFXhO.exe
  C:\Windows\System\wHVFXhO.exe
  2⤵
  PID:8496
- C:\Windows\System\kiqkMWz.exe
  C:\Windows\System\kiqkMWz.exe
  2⤵
  PID:8500
- C:\Windows\System\pLRKTYu.exe
  C:\Windows\System\pLRKTYu.exe
  2⤵
  PID:8564
- C:\Windows\System\iiIrpkN.exe
  C:\Windows\System\iiIrpkN.exe
  2⤵
  PID:8600
- C:\Windows\System\WhlpkTm.exe
  C:\Windows\System\WhlpkTm.exe
  2⤵
  PID:8584
- C:\Windows\System\tedSeJN.exe
  C:\Windows\System\tedSeJN.exe
  2⤵
  PID:8620
- C:\Windows\System\QKTCWnL.exe
  C:\Windows\System\QKTCWnL.exe
  2⤵
  PID:8688
- C:\Windows\System\yFSCRjy.exe
  C:\Windows\System\yFSCRjy.exe
  2⤵
  PID:8664
- C:\Windows\System\avZrwFU.exe
  C:\Windows\System\avZrwFU.exe
  2⤵
  PID:8724
- C:\Windows\System\ZEKfQRS.exe
  C:\Windows\System\ZEKfQRS.exe
  2⤵
  PID:2244
- C:\Windows\System\oEvKhxd.exe
  C:\Windows\System\oEvKhxd.exe
  2⤵
  PID:8740
- C:\Windows\System\odCOBWh.exe
  C:\Windows\System\odCOBWh.exe
  2⤵
  PID:788
- C:\Windows\System\RUVbUKu.exe
  C:\Windows\System\RUVbUKu.exe
  2⤵
  PID:8784
- C:\Windows\System\JwKCyiR.exe
  C:\Windows\System\JwKCyiR.exe
  2⤵
  PID:2224
- C:\Windows\System\IEKxQRs.exe
  C:\Windows\System\IEKxQRs.exe
  2⤵
  PID:1524
- C:\Windows\System\UFuGQkl.exe
  C:\Windows\System\UFuGQkl.exe
  2⤵
  PID:8824
- C:\Windows\System\CDnqMJn.exe
  C:\Windows\System\CDnqMJn.exe
  2⤵
  PID:8920
- C:\Windows\System\YhAuAYT.exe
  C:\Windows\System\YhAuAYT.exe
  2⤵
  PID:8924
- C:\Windows\System\DSgVJKz.exe
  C:\Windows\System\DSgVJKz.exe
  2⤵
  PID:8948
- C:\Windows\System\PuUmROb.exe
  C:\Windows\System\PuUmROb.exe
  2⤵
  PID:1296
- C:\Windows\System\YJaeofU.exe
  C:\Windows\System\YJaeofU.exe
  2⤵
  PID:9008
- C:\Windows\System\JoUsgBi.exe
  C:\Windows\System\JoUsgBi.exe
  2⤵
  PID:2712
- C:\Windows\System\cDiSlcf.exe
  C:\Windows\System\cDiSlcf.exe
  2⤵
  PID:2488
- C:\Windows\System\PqeyocC.exe
  C:\Windows\System\PqeyocC.exe
  2⤵
  PID:9016
- C:\Windows\System\PIkAcoo.exe
  C:\Windows\System\PIkAcoo.exe
  2⤵
  PID:9032
- C:\Windows\System\QDGVKTE.exe
  C:\Windows\System\QDGVKTE.exe
  2⤵
  PID:9132
- C:\Windows\System\bOgiHBb.exe
  C:\Windows\System\bOgiHBb.exe
  2⤵
  PID:9168
- C:\Windows\System\DtrOxyO.exe
  C:\Windows\System\DtrOxyO.exe
  2⤵
  PID:8060
- C:\Windows\System\QlKcLJU.exe
  C:\Windows\System\QlKcLJU.exe
  2⤵
  PID:6992
- C:\Windows\System\wPtqqvs.exe
  C:\Windows\System\wPtqqvs.exe
  2⤵
  PID:9048
- C:\Windows\System\OMzNPWx.exe
  C:\Windows\System\OMzNPWx.exe
  2⤵
  PID:9076
- C:\Windows\System\sjhvmif.exe
  C:\Windows\System\sjhvmif.exe
  2⤵
  PID:9144
- C:\Windows\System\oEiciED.exe
  C:\Windows\System\oEiciED.exe
  2⤵
  PID:7252
- C:\Windows\System\bYxokyr.exe
  C:\Windows\System\bYxokyr.exe
  2⤵
  PID:8284
- C:\Windows\System\XjvGwiR.exe
  C:\Windows\System\XjvGwiR.exe
  2⤵
  PID:1968
- C:\Windows\System\kSOetOc.exe
  C:\Windows\System\kSOetOc.exe
  2⤵
  PID:1480
- C:\Windows\System\vlehrYg.exe
  C:\Windows\System\vlehrYg.exe
  2⤵
  PID:8356
- C:\Windows\System\XaFLeMe.exe
  C:\Windows\System\XaFLeMe.exe
  2⤵
  PID:2720
- C:\Windows\System\JzvtOzP.exe
  C:\Windows\System\JzvtOzP.exe
  2⤵
  PID:8440
- C:\Windows\System\ciEwVms.exe
  C:\Windows\System\ciEwVms.exe
  2⤵
  PID:8516
- C:\Windows\System\FRyvCtV.exe
  C:\Windows\System\FRyvCtV.exe
  2⤵
  PID:1796
- C:\Windows\System\VBUlmMM.exe
  C:\Windows\System\VBUlmMM.exe
  2⤵
  PID:8576
- C:\Windows\System\fvgXyQE.exe
  C:\Windows\System\fvgXyQE.exe
  2⤵
  PID:8640
- C:\Windows\System\ZycSmcE.exe
  C:\Windows\System\ZycSmcE.exe
  2⤵
  PID:8764
- C:\Windows\System\UTtCSMd.exe
  C:\Windows\System\UTtCSMd.exe
  2⤵
  PID:8728
- C:\Windows\System\awvNLaK.exe
  C:\Windows\System\awvNLaK.exe
  2⤵
  PID:2776
- C:\Windows\System\PGrnBak.exe
  C:\Windows\System\PGrnBak.exe
  2⤵
  PID:2660
- C:\Windows\System\QpotaUw.exe
  C:\Windows\System\QpotaUw.exe
  2⤵
  PID:8780
- C:\Windows\System\uDoaJWT.exe
  C:\Windows\System\uDoaJWT.exe
  2⤵
  PID:8880
- C:\Windows\System\zTYwhtB.exe
  C:\Windows\System\zTYwhtB.exe
  2⤵
  PID:8900
- C:\Windows\System\eWxrhvx.exe
  C:\Windows\System\eWxrhvx.exe
  2⤵
  PID:2716
- C:\Windows\System\DRUzsiH.exe
  C:\Windows\System\DRUzsiH.exe
  2⤵
  PID:2652
- C:\Windows\System\xoaGQDn.exe
  C:\Windows\System\xoaGQDn.exe
  2⤵
  PID:9128
- C:\Windows\System\IWmhmEb.exe
  C:\Windows\System\IWmhmEb.exe
  2⤵
  PID:9044
- C:\Windows\System\fQZtkZB.exe
  C:\Windows\System\fQZtkZB.exe
  2⤵
  PID:7228
- C:\Windows\System\qUoeHge.exe
  C:\Windows\System\qUoeHge.exe
  2⤵
  PID:9160
- C:\Windows\System\cQeQgtV.exe
  C:\Windows\System\cQeQgtV.exe
  2⤵
  PID:8252
- C:\Windows\System\IvGHeFP.exe
  C:\Windows\System\IvGHeFP.exe
  2⤵
  PID:8032
- C:\Windows\System\uvvnPmQ.exe
  C:\Windows\System\uvvnPmQ.exe
  2⤵
  PID:8264
- C:\Windows\System\tVyRikZ.exe
  C:\Windows\System\tVyRikZ.exe
  2⤵
  PID:2192
- C:\Windows\System\KQLkCvL.exe
  C:\Windows\System\KQLkCvL.exe
  2⤵
  PID:2672
- C:\Windows\System\lbmBZLQ.exe
  C:\Windows\System\lbmBZLQ.exe
  2⤵
  PID:8628
- C:\Windows\System\daULGrd.exe
  C:\Windows\System\daULGrd.exe
  2⤵
  PID:8660
- C:\Windows\System\HnoPMCW.exe
  C:\Windows\System\HnoPMCW.exe
  2⤵
  PID:8300
- C:\Windows\System\OLAbzZo.exe
  C:\Windows\System\OLAbzZo.exe
  2⤵
  PID:8588
- C:\Windows\System\aPEGTWO.exe
  C:\Windows\System\aPEGTWO.exe
  2⤵
  PID:2864
- C:\Windows\System\zPfIRnk.exe
  C:\Windows\System\zPfIRnk.exe
  2⤵
  PID:8800
- C:\Windows\System\FqnYbfx.exe
  C:\Windows\System\FqnYbfx.exe
  2⤵
  PID:1748
- C:\Windows\System\ZYhoacv.exe
  C:\Windows\System\ZYhoacv.exe
  2⤵
  PID:8860
- C:\Windows\System\JRucDnm.exe
  C:\Windows\System\JRucDnm.exe
  2⤵
  PID:7432
- C:\Windows\System\SYTnwPR.exe
  C:\Windows\System\SYTnwPR.exe
  2⤵
  PID:264
- C:\Windows\System\TEwZlhS.exe
  C:\Windows\System\TEwZlhS.exe
  2⤵
  PID:9052
- C:\Windows\System\oDiBxUL.exe
  C:\Windows\System\oDiBxUL.exe
  2⤵
  PID:9212
- C:\Windows\System\GOXVoDp.exe
  C:\Windows\System\GOXVoDp.exe
  2⤵
  PID:9164
- C:\Windows\System\KBsBTxF.exe
  C:\Windows\System\KBsBTxF.exe
  2⤵
  PID:8320
- C:\Windows\System\MAoDtgD.exe
  C:\Windows\System\MAoDtgD.exe
  2⤵
  PID:8200
- C:\Windows\System\eOMkaLZ.exe
  C:\Windows\System\eOMkaLZ.exe
  2⤵
  PID:8768
- C:\Windows\System\NBxRwcT.exe
  C:\Windows\System\NBxRwcT.exe
  2⤵
  PID:2440
- C:\Windows\System\ZKIIgyH.exe
  C:\Windows\System\ZKIIgyH.exe
  2⤵
  PID:8460
- C:\Windows\System\IcXtUvj.exe
  C:\Windows\System\IcXtUvj.exe
  2⤵
  PID:9000
- C:\Windows\System\fClmZwK.exe
  C:\Windows\System\fClmZwK.exe
  2⤵
  PID:8808
- C:\Windows\System\LVjqjcf.exe
  C:\Windows\System\LVjqjcf.exe
  2⤵
  PID:1848
- C:\Windows\System\mMKtmfQ.exe
  C:\Windows\System\mMKtmfQ.exe
  2⤵
  PID:8944
- C:\Windows\System\AENgwfH.exe
  C:\Windows\System\AENgwfH.exe
  2⤵
  PID:2464
- C:\Windows\System\eYVIDlO.exe
  C:\Windows\System\eYVIDlO.exe
  2⤵
  PID:7960
- C:\Windows\System\dLOTNdC.exe
  C:\Windows\System\dLOTNdC.exe
  2⤵
  PID:8236
- C:\Windows\System\wTRNZPb.exe
  C:\Windows\System\wTRNZPb.exe
  2⤵
  PID:2640
- C:\Windows\System\NbZebap.exe
  C:\Windows\System\NbZebap.exe
  2⤵
  PID:9232
- C:\Windows\System\FghdrDe.exe
  C:\Windows\System\FghdrDe.exe
  2⤵
  PID:9248
- C:\Windows\System\LZCzviQ.exe
  C:\Windows\System\LZCzviQ.exe
  2⤵
  PID:9264
- C:\Windows\System\kYlnbHG.exe
  C:\Windows\System\kYlnbHG.exe
  2⤵
  PID:9280
- C:\Windows\System\DWOXZCj.exe
  C:\Windows\System\DWOXZCj.exe
  2⤵
  PID:9304
- C:\Windows\System\xFlVTnG.exe
  C:\Windows\System\xFlVTnG.exe
  2⤵
  PID:9320
- C:\Windows\System\GnPbqTG.exe
  C:\Windows\System\GnPbqTG.exe
  2⤵
  PID:9344
- C:\Windows\System\RhitrtR.exe
  C:\Windows\System\RhitrtR.exe
  2⤵
  PID:9360
- C:\Windows\System\zTaqIzC.exe
  C:\Windows\System\zTaqIzC.exe
  2⤵
  PID:9376
- C:\Windows\System\SVdYPMJ.exe
  C:\Windows\System\SVdYPMJ.exe
  2⤵
  PID:9408
- C:\Windows\System\ONLBWUJ.exe
  C:\Windows\System\ONLBWUJ.exe
  2⤵
  PID:9428
- C:\Windows\System\wiEyiIH.exe
  C:\Windows\System\wiEyiIH.exe
  2⤵
  PID:9444
- C:\Windows\System\xMAfLvL.exe
  C:\Windows\System\xMAfLvL.exe
  2⤵
  PID:9464
- C:\Windows\System\suqpRdZ.exe
  C:\Windows\System\suqpRdZ.exe
  2⤵
  PID:9480
- C:\Windows\System\HHLAAnY.exe
  C:\Windows\System\HHLAAnY.exe
  2⤵
  PID:9496
- C:\Windows\System\XQLoNjq.exe
  C:\Windows\System\XQLoNjq.exe
  2⤵
  PID:9512
- C:\Windows\System\rkGApgc.exe
  C:\Windows\System\rkGApgc.exe
  2⤵
  PID:9536
- C:\Windows\System\KjKeubH.exe
  C:\Windows\System\KjKeubH.exe
  2⤵
  PID:9568
- C:\Windows\System\VqsFSuv.exe
  C:\Windows\System\VqsFSuv.exe
  2⤵
  PID:9584
- C:\Windows\System\GVySWGL.exe
  C:\Windows\System\GVySWGL.exe
  2⤵
  PID:9600
- C:\Windows\System\BZCFjPm.exe
  C:\Windows\System\BZCFjPm.exe
  2⤵
  PID:9632
- C:\Windows\System\DSaWjir.exe
  C:\Windows\System\DSaWjir.exe
  2⤵
  PID:9712
- C:\Windows\System\NTdJRrz.exe
  C:\Windows\System\NTdJRrz.exe
  2⤵
  PID:9728
- C:\Windows\System\mirvEJH.exe
  C:\Windows\System\mirvEJH.exe
  2⤵
  PID:9748
- C:\Windows\System\YizfYus.exe
  C:\Windows\System\YizfYus.exe
  2⤵
  PID:9764
- C:\Windows\System\jGXpXWY.exe
  C:\Windows\System\jGXpXWY.exe
  2⤵
  PID:9780
- C:\Windows\System\fEQUuDz.exe
  C:\Windows\System\fEQUuDz.exe
  2⤵
  PID:9796
- C:\Windows\System\QbDQlkK.exe
  C:\Windows\System\QbDQlkK.exe
  2⤵
  PID:9816
- C:\Windows\System\GhgluSP.exe
  C:\Windows\System\GhgluSP.exe
  2⤵
  PID:9832
- C:\Windows\System\Zeguntq.exe
  C:\Windows\System\Zeguntq.exe
  2⤵
  PID:9856
- C:\Windows\System\RlhicUN.exe
  C:\Windows\System\RlhicUN.exe
  2⤵
  PID:9876
- C:\Windows\System\wAwqtAq.exe
  C:\Windows\System\wAwqtAq.exe
  2⤵
  PID:9892
- C:\Windows\System\DYCXJiS.exe
  C:\Windows\System\DYCXJiS.exe
  2⤵
  PID:9908
- C:\Windows\System\chOyGvG.exe
  C:\Windows\System\chOyGvG.exe
  2⤵
  PID:9924
- C:\Windows\System\LdBHPUQ.exe
  C:\Windows\System\LdBHPUQ.exe
  2⤵
  PID:9944
- C:\Windows\System\gGFOhdp.exe
  C:\Windows\System\gGFOhdp.exe
  2⤵
  PID:9996
- C:\Windows\System\lKxtScX.exe
  C:\Windows\System\lKxtScX.exe
  2⤵
  PID:10012
- C:\Windows\System\sMMZAzU.exe
  C:\Windows\System\sMMZAzU.exe
  2⤵
  PID:10032
- C:\Windows\System\pdbuLuu.exe
  C:\Windows\System\pdbuLuu.exe
  2⤵
  PID:10052
- C:\Windows\System\jMOblYN.exe
  C:\Windows\System\jMOblYN.exe
  2⤵
  PID:10068
- C:\Windows\System\qxGZwRM.exe
  C:\Windows\System\qxGZwRM.exe
  2⤵
  PID:10084
- C:\Windows\System\koMtAmI.exe
  C:\Windows\System\koMtAmI.exe
  2⤵
  PID:10100
- C:\Windows\System\CFsKTJP.exe
  C:\Windows\System\CFsKTJP.exe
  2⤵
  PID:10116
- C:\Windows\System\LAnNWxD.exe
  C:\Windows\System\LAnNWxD.exe
  2⤵
  PID:10132
- C:\Windows\System\wCodADA.exe
  C:\Windows\System\wCodADA.exe
  2⤵
  PID:10148
- C:\Windows\System\BIZdglh.exe
  C:\Windows\System\BIZdglh.exe
  2⤵
  PID:10164
- C:\Windows\System\JyELeHV.exe
  C:\Windows\System\JyELeHV.exe
  2⤵
  PID:10180
- C:\Windows\System\TRfANEO.exe
  C:\Windows\System\TRfANEO.exe
  2⤵
  PID:10196
- C:\Windows\System\WweKkDy.exe
  C:\Windows\System\WweKkDy.exe
  2⤵
  PID:10212
- C:\Windows\System\iqRsUhB.exe
  C:\Windows\System\iqRsUhB.exe
  2⤵
  PID:8804
- C:\Windows\System\eODiIwZ.exe
  C:\Windows\System\eODiIwZ.exe
  2⤵
  PID:9224
- C:\Windows\System\uIRcVNT.exe
  C:\Windows\System\uIRcVNT.exe
  2⤵
  PID:7576
- C:\Windows\System\zvWhbQT.exe
  C:\Windows\System\zvWhbQT.exe
  2⤵
  PID:9296
- C:\Windows\System\KJmwsTJ.exe
  C:\Windows\System\KJmwsTJ.exe
  2⤵
  PID:9340
- C:\Windows\System\xGWxZwY.exe
  C:\Windows\System\xGWxZwY.exe
  2⤵
  PID:9452
- C:\Windows\System\KZSAlIl.exe
  C:\Windows\System\KZSAlIl.exe
  2⤵
  PID:2512
- C:\Windows\System\xdDbnSd.exe
  C:\Windows\System\xdDbnSd.exe
  2⤵
  PID:9532
- C:\Windows\System\sShyEFM.exe
  C:\Windows\System\sShyEFM.exe
  2⤵
  PID:7740
- C:\Windows\System\VrdRivJ.exe
  C:\Windows\System\VrdRivJ.exe
  2⤵
  PID:9272
- C:\Windows\System\jMrQCAa.exe
  C:\Windows\System\jMrQCAa.exe
  2⤵
  PID:9404
- C:\Windows\System\NOUKluv.exe
  C:\Windows\System\NOUKluv.exe
  2⤵
  PID:9476
- C:\Windows\System\BxXMqHN.exe
  C:\Windows\System\BxXMqHN.exe
  2⤵
  PID:9580
- C:\Windows\System\WNpmMWV.exe
  C:\Windows\System\WNpmMWV.exe
  2⤵
  PID:9616
- C:\Windows\System\JvNgbcu.exe
  C:\Windows\System\JvNgbcu.exe
  2⤵
  PID:1556
- C:\Windows\System\wenRyPt.exe
  C:\Windows\System\wenRyPt.exe
  2⤵
  PID:9648
- C:\Windows\System\QvYstEi.exe
  C:\Windows\System\QvYstEi.exe
  2⤵
  PID:9664
- C:\Windows\System\txtcwgu.exe
  C:\Windows\System\txtcwgu.exe
  2⤵
  PID:9680
- C:\Windows\System\rVlhgde.exe
  C:\Windows\System\rVlhgde.exe
  2⤵
  PID:9644
- C:\Windows\System\wJVtCLb.exe
  C:\Windows\System\wJVtCLb.exe
  2⤵
  PID:9756
- C:\Windows\System\gFrpYxd.exe
  C:\Windows\System\gFrpYxd.exe
  2⤵
  PID:9824
- C:\Windows\System\ElGXHFM.exe
  C:\Windows\System\ElGXHFM.exe
  2⤵
  PID:9872
- C:\Windows\System\lRDetxU.exe
  C:\Windows\System\lRDetxU.exe
  2⤵
  PID:9776
- C:\Windows\System\Eaxwdcf.exe
  C:\Windows\System\Eaxwdcf.exe
  2⤵
  PID:9848
- C:\Windows\System\EAWwaTn.exe
  C:\Windows\System\EAWwaTn.exe
  2⤵
  PID:9936
- C:\Windows\System\SgFojJh.exe
  C:\Windows\System\SgFojJh.exe
  2⤵
  PID:9932
- C:\Windows\System\sSggbJe.exe
  C:\Windows\System\sSggbJe.exe
  2⤵
  PID:9972
- C:\Windows\System\aKHUWCa.exe
  C:\Windows\System\aKHUWCa.exe
  2⤵
  PID:9416
- C:\Windows\System\IaxbDtE.exe
  C:\Windows\System\IaxbDtE.exe
  2⤵
  PID:10044
- C:\Windows\System\fBSFAcN.exe
  C:\Windows\System\fBSFAcN.exe
  2⤵
  PID:10108
- C:\Windows\System\gVEsvJh.exe
  C:\Windows\System\gVEsvJh.exe
  2⤵
  PID:10228
- C:\Windows\System\tAzfACZ.exe
  C:\Windows\System\tAzfACZ.exe
  2⤵
  PID:10064
- C:\Windows\System\iEPNUyc.exe
  C:\Windows\System\iEPNUyc.exe
  2⤵
  PID:10192
- C:\Windows\System\wxMjiLY.exe
  C:\Windows\System\wxMjiLY.exe
  2⤵
  PID:10188
- C:\Windows\System\ntQvrPf.exe
  C:\Windows\System\ntQvrPf.exe
  2⤵
  PID:7796
- C:\Windows\System\EQJKCwQ.exe
  C:\Windows\System\EQJKCwQ.exe
  2⤵
  PID:9420
- C:\Windows\System\jGqFnIh.exe
  C:\Windows\System\jGqFnIh.exe
  2⤵
  PID:8532
- C:\Windows\System\zmkppxk.exe
  C:\Windows\System\zmkppxk.exe
  2⤵
  PID:9332
- C:\Windows\System\quQLAWF.exe
  C:\Windows\System\quQLAWF.exe
  2⤵
  PID:9520
- C:\Windows\System\ngAgZiu.exe
  C:\Windows\System\ngAgZiu.exe
  2⤵
  PID:9148
- C:\Windows\System\ABbPkEn.exe
  C:\Windows\System\ABbPkEn.exe
  2⤵
  PID:1860
- C:\Windows\System\NGkGrMn.exe
  C:\Windows\System\NGkGrMn.exe
  2⤵
  PID:9388
- C:\Windows\System\MWvUyxB.exe
  C:\Windows\System\MWvUyxB.exe
  2⤵
  PID:9440
- C:\Windows\System\lAtzGbi.exe
  C:\Windows\System\lAtzGbi.exe
  2⤵
  PID:9552
- C:\Windows\System\QtmfmHK.exe
  C:\Windows\System\QtmfmHK.exe
  2⤵
  PID:9592
- C:\Windows\System\SMdXMPm.exe
  C:\Windows\System\SMdXMPm.exe
  2⤵
  PID:9696
- C:\Windows\System\xYQUgOX.exe
  C:\Windows\System\xYQUgOX.exe
  2⤵
  PID:9724
- C:\Windows\System\BmsMkXe.exe
  C:\Windows\System\BmsMkXe.exe
  2⤵
  PID:9812
- C:\Windows\System\EqfVnvO.exe
  C:\Windows\System\EqfVnvO.exe
  2⤵
  PID:9940
- C:\Windows\System\LUcBcGe.exe
  C:\Windows\System\LUcBcGe.exe
  2⤵
  PID:10076
- C:\Windows\System\pnTMIZw.exe
  C:\Windows\System\pnTMIZw.exe
  2⤵
  PID:9884
- C:\Windows\System\qFilpap.exe
  C:\Windows\System\qFilpap.exe
  2⤵
  PID:10020
- C:\Windows\System\IRfsCeN.exe
  C:\Windows\System\IRfsCeN.exe
  2⤵
  PID:10176
- C:\Windows\System\mZYDobA.exe
  C:\Windows\System\mZYDobA.exe
  2⤵
  PID:10092
- C:\Windows\System\AGVkeAb.exe
  C:\Windows\System\AGVkeAb.exe
  2⤵
  PID:10024
- C:\Windows\System\UMQzrwA.exe
  C:\Windows\System\UMQzrwA.exe
  2⤵
  PID:10128
- C:\Windows\System\WLacAdb.exe
  C:\Windows\System\WLacAdb.exe
  2⤵
  PID:8380
- C:\Windows\System\zZcNGUe.exe
  C:\Windows\System\zZcNGUe.exe
  2⤵
  PID:9352
- C:\Windows\System\uvXxQKv.exe
  C:\Windows\System\uvXxQKv.exe
  2⤵
  PID:9548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AnxhITk.exe

Filesize
6.1MB

MD5
49f80fcb19b3c29940fe8b4a0c36e02a

SHA1
721b3d50dcf41c4852bff4433e174933a91a47ad

SHA256
0417d4fc054be9bfaf28647d89317454fd3d4281424212ab308eaa14b3726533

SHA512
26b2c279dbc23ec82d6b71ee36c855406c07ab1c24f4e0ae7712b8f99a400c65a442e0718d80d989d0e340ec2958d529e4910d1a59a2f2a487136686b72d314d

Download Submit
C:\Windows\system\BCCGKgS.exe

Filesize
6.1MB

MD5
a658495bc30641bd43790344e9b072c9

SHA1
c41c50de90abbb8b10dc0995363e7a345d92ca77

SHA256
e67cdae127ebcc6acb2d24895c883c631fe56d45488997bc6bab8ebeb3fafa85

SHA512
3081a76c9388192a8348b1cf40a13fa1fa8fd3eb0a513093cce66acb8db7577a1841a4e13f27d0b8fe121c3f9b9c05027843d28965480e72828eefa9ec38ba28

Download Submit
C:\Windows\system\DkewQeS.exe

Filesize
6.1MB

MD5
0a64ce7b511e2438ab6d813a9b926a2f

SHA1
b4f51407b745496a662a0fa259ead686d3f570a7

SHA256
52d67c406419ff72b181b5f11e45225e17c29b443542449e88d800eb15b577ee

SHA512
ec6a8620e9dfb7f162efb95d14b292d52602eda3e50f6135a5858fc26508f747511e5acfeae7fa7e498dbe3ddadf9d4ad0be6c6ca1ffa87113d4f68e3c451d8e

Download Submit
C:\Windows\system\JrFLuMF.exe

Filesize
6.1MB

MD5
83cde3ed8460656f6dca0860becaac92

SHA1
8bcdbaf7a6c9d3c63adc1c40cd53d7ace8009200

SHA256
f408c203cf9fa05785edb299502c16b6167cd4eb4f3543c2c64da9e7a5b6a6cc

SHA512
ea56d3e6d0ef32d8374830886f08b6a3f67b30282ee3371ac227dc57a5e8d2fce2578430b5435d544181bd1802bfaa9e8de31e674e9294962f856d2f0e4fddda

Download Submit
C:\Windows\system\JzrMNhH.exe

Filesize
6.1MB

MD5
78b594b3c2d7ea60ba34dcd7c03b71a2

SHA1
2b0623c0e6de22d79235509b7fa3ead45a6df670

SHA256
bfbfd952cbbd94d5fe302f22c93708367d53c5a56b763948ac9871082bde31ee

SHA512
36a685c6b48668ba7294d9ad8454a5b6764f05a411fd8a9a46bbd5908b6b2a2bf0f74b7c109005e0ed017be04d570d667c86c4f43346675df5905a1ed619d420

Download Submit
C:\Windows\system\PIMywLW.exe

Filesize
6.1MB

MD5
ee23928e21bb788c820874716ac91b93

SHA1
6f2eeec61deffdcfa8bd1236e7b666edca0a8b0b

SHA256
185cf0a21094eee8a7594d6046baeb719df3db92fb51a6ffc75d791d9da756a1

SHA512
dea8a036a6965d51e555d2c7b61807f3e121f5c05cbe7a0f8210bc5c85e9c930c196d5f85a5afcc91587871afcf88e37b3b112d8c14a0e10cca8f5f697f0f77e

Download Submit
C:\Windows\system\QIgGvbC.exe

Filesize
6.1MB

MD5
7824a14834f80a6881de9ed75d012485

SHA1
eb1391e98fd8fe39579e4d911f6924e2b543e21e

SHA256
34c30e62285f7ba0e9cf846ed9c9d8a39fad898652c1e766061af0fc50514ff1

SHA512
55a36a3f6201ec8bfe902b0eddcd530a8593fb80b826c474c4a1ae212ec7c5b8beb146f9bdd145447bddaaa6f440bbb52bb43710fea8bc223b9d858ea5223d20

Download Submit
C:\Windows\system\QvqXVzN.exe

Filesize
6.1MB

MD5
1f8621974647d2924810ef774ff70979

SHA1
6dd282ae7a949c91d606faf9d20833647808452e

SHA256
04d48dbb1104c7a76176b9f3522e49a0b23ac838b9ec45b6be4888b04f7374c9

SHA512
d46a61ba668a6536752a762fd697a56fb6707d31c3a1ebdcf28c2ffcd04cc68859840f4b4747e8e1f1b326d185e709a13ae196a5dc7289adb249bf99cb8c531c

Download Submit
C:\Windows\system\RBjTBfG.exe

Filesize
6.1MB

MD5
0fb636e74f9c923c8f8daf13377d32da

SHA1
64b6d7657a96fef9ed971ed8260de78c4fa161e4

SHA256
cc93331e49cbdeceb34376dc11a6840b19f285087f5dc221552f59ac8d4ce943

SHA512
54e122afc99ee51ad00e3e3f5bd81453455a440fd51955b95533811452bfc7a6ffc2ce005be506521db1fc6aec1658f3942b75579a7ac5f356101623e2098858

Download Submit
C:\Windows\system\VmmhskZ.exe

Filesize
6.1MB

MD5
3315679a3960445008421b4c495ed36d

SHA1
374be317134a60e0a01e099bd2a9dc3e875f575b

SHA256
96dad3f641824b02067823f1c918546699fa8cba1bb4ef5f8349dcfd36fec42d

SHA512
c49e696c270ac704b85bc9f63cc0476109de56ecfd9e8fde2714b50292c3db6801a6ac8a5d74a9f3b4f03dd9198488b9fd285d6c3632185c6e61144eef7dfa62

Download Submit
C:\Windows\system\YzVIvdq.exe

Filesize
6.1MB

MD5
3fbf6f1baef593984876d2312059bf3f

SHA1
5bfa90a6d2ee24ec2a8a5c6785f75c8e25b014ce

SHA256
7dcfb5a09332954efb875f9d5a6399294712b7e48f1fc765a3d61635adcff1c0

SHA512
0732cb1c26029fa1dc0c633389d394a3cf6e0f166b4fc3d1801b7efe53f592c46a0fc21e2e2cba40a9a97b1ffcc12b937ee422ec1c29624c2efe7f2fae7de50a

Download Submit
C:\Windows\system\ZIexbFI.exe

Filesize
6.1MB

MD5
8befeed6e460f0377ee86337f23d1452

SHA1
2c08a185aa7db6868afb25f64240cc38dd2b4dec

SHA256
470dd2b53086e48f1d58a8ca5483d1a11bbc8db234183705828d57d69771dadd

SHA512
cd66bd5263efaec2759952ac2ce55d0145b6742d80d1b5c97e7d3c4932dcee77dee43a2440be0cab0ebb11f4b9b603e7e90381440553b2dead31a9df6536c282

Download Submit
C:\Windows\system\aBMnAxl.exe

Filesize
6.1MB

MD5
a9bcea984474ad157612418c0989bae9

SHA1
0ae20c26874e15decb590a9374dccc55820a8e28

SHA256
badcc7556a251a7bbbf2a7cb632a4ae5950d03d0ee5c5b7c90bd2f1ee59d5e5d

SHA512
9365e323b4f21b426c3d5cd7ed8c4f2cb42242cdbc5256502b0097b7f5a72d93a29056ae94e57ff0e5af708808507abb881494de85e507a8bc3bac4ede03f04c

Download Submit
C:\Windows\system\aSYTiZB.exe

Filesize
6.1MB

MD5
4b1751d4b27fcc5615c824f3d6b04d14

SHA1
fef6b55728f63cfbd727645a9132a0126aadf4da

SHA256
69416317a83e729bb7750a423581157d201a9c0b42231aa578afcd467a61be02

SHA512
19fd0f2fda8875616ee8f5aac9f693086f0cdb8479838abd7976dc0e307e86c967e3929d9513208358e828eeed225b269e6ef76557da7050bcb0a51509555c9a

Download Submit
C:\Windows\system\bfDpBGE.exe

Filesize
6.1MB

MD5
0a1d1a421249aba75fd4b85e56c25d56

SHA1
85815194b6cd3ce411ac1b2a31a7467b43b86d99

SHA256
ccf552c4e344a46297f180065ae8cba9af00d00999f4f2b7ccc18f7fb5eed148

SHA512
80a62223a0f69a123e0a16b10b47d0fa5818178ced20f07de5bfae2ac1aa933b0e0490649680b933d5e2ab92623450655b85807d3b8cd436fb5ad484eb7e930f

Download Submit
C:\Windows\system\cNijPCJ.exe

Filesize
6.1MB

MD5
e14a8f99ccd700223a3d8bf983cb9aa8

SHA1
c38c10431c292bc1d2a3450b888e2074a26c7a82

SHA256
1d3e5b2ccb27baba987ed1955d78b8b1b9ed013e222400f2d9a793de69842ac2

SHA512
216d798fdaaf190a46e4c310276c8de8c136991f32228b4104625b0605deb978bad8a9222a7302845feb415b8f61a7891ec040daf8512098fe1112a689eebd39

Download Submit
C:\Windows\system\hqHbyPZ.exe

Filesize
6.1MB

MD5
1d0572df6feaf145be14036b5992af91

SHA1
5c4b3fc2090f8a9d0a54c15212f5512ae717e492

SHA256
58742c1b5cdbc04e90f44026473e12f9aa049cdf4c682ef1999ca7e03a925a1c

SHA512
306fe6621200ee24ad23cb8804c9330fedb30d140e0c2a76dd265043b034520e71c72257a792c4846ca00fd7769a92de927cee01c9a553538d05f5ef01180558

Download Submit
C:\Windows\system\jUnbeIv.exe

Filesize
6.1MB

MD5
d88f26df624143cba9fb1e11df190bf0

SHA1
8fa95c9b9f2770a55a6d4a73a64af0cc42d82b56

SHA256
248953a349e70ba9dcc4763a744c8d14a47c3cd9ea299ccf858529b3f174d48a

SHA512
3b64b78139d39d333a8aaa9ef713f51ec54940b0d542c638d68581db136e406d5f8ee2db790d373b46d05ca648d8267523f812253932e91215dba3eebdff1a82

Download Submit
C:\Windows\system\jivdgMU.exe

Filesize
6.1MB

MD5
90ab006f1f80a40b0e7a37800166d32b

SHA1
25c9a78cceadc08ce45c7276197869a872a325d8

SHA256
feab011f2a873b416bb15ae01f49099d4daf9c1475337453c9cb045cb9659bcd

SHA512
9caae2ab897608e9bd705b63c3bf18ad3c9c19b807cb0124107592d370d11666e3b8a0d713f366053e8a2dfac3beb78bd210cca0578c4fee906d26d1c74aadea

Download Submit
C:\Windows\system\nRNzhlh.exe

Filesize
6.1MB

MD5
295030bca964487f0d7ac368589b4584

SHA1
f311f26f90ed6c996380504bfc9f14fa180e9d93

SHA256
9513ad9d312891098d33950e6ea6759053e8535ae2a6352459d16416f87ef7df

SHA512
20753d122a7512325aee8f747a2f430aba9a21d752a731da932433b5a365092f2b8675fd3e66a57430f14c1ebad6322adc8df03280d0666ae000eaf6f8ae7384

Download Submit
C:\Windows\system\ntrSZyF.exe

Filesize
6.1MB

MD5
e29c2ddb4a46526c598a382c6936d5dd

SHA1
9f37fbd60cc2a3078377a4a4b33a0ae794ee1144

SHA256
0275270ce31d8b49f69207b7c4104113908f97a07641b960515849561eb63a46

SHA512
d23624ade9d7bed6e09447d2d70ca4437dd1e3a13582d1bffe5d7d5a3589a29060266c3deb04942bddc1f3f14cb02818d1a704038431319bfb35b6226f29167a

Download Submit
C:\Windows\system\qMfosPx.exe

Filesize
6.1MB

MD5
b5a54d5caf15822c05372699ccff7551

SHA1
4b64a3679ebc94891400e5ecfb97e19459d7aeef

SHA256
485aeff9a4b3e4a18e14b6501cc6486f2f695c0ec1fddf52706ff3da65c0ff46

SHA512
de22494a6f92fd4fa3508849534fcf5d4fe807decf5c202ac0bfe9b5887206cea2438155405f03685ef758cca6dd153519b996a4c07861601f5988262a9d575e

Download Submit
C:\Windows\system\sKQUXEf.exe

Filesize
6.1MB

MD5
3d86bbdb71c50c6a36efc62c78b695c1

SHA1
74b37abaf691daad4c7a29360f94eddbfe5bba7d

SHA256
7edf7f7847cf2bac45db9403ff9c7fb66c943766384ce105b0ba7169b5a8eab6

SHA512
02b20cc118608903e394893c24128cce79e96be356f2a1ea8e5a36e15585913ad36a4e0cdb443acc7ac67b4f4ca11bff1bbd9c3fdfa34944c9ecdfe0645d4bee

Download Submit
C:\Windows\system\vjPKcGl.exe

Filesize
6.1MB

MD5
3d31b07848d71a736dff8642ace528fa

SHA1
11c217f67868692a1d61ea795f6bcbbbc7cd34c4

SHA256
6caf3fd2d27f991fef563ce2d7137a4b49210c741fdd38d61020e0dbee6a442a

SHA512
4da58772d83e13db940c469e7f31a1ece7fd9d4931a0002411f1086b5ed8fad03c6b99d694f34b9466e8f8e93814294f36f14b85edb92acc904b7c54742985fc

Download Submit
C:\Windows\system\yNxnVBa.exe

Filesize
6.1MB

MD5
d5eb2e3725b110ba166e1d896e8ba271

SHA1
36135be1e6880535ff64a379f7dce99e6e75bc2f

SHA256
a6a613cf4f86a849f0caa0d5723a22c878edde9611d6d766822c2ec0c8dfdc57

SHA512
8550b341a5e9dea4f304496d556231e8fdd78764b2b16a168041fd44911fcb43bd1061ab794969b8325b5e13b9bf26e126ab401649b3e26ed45dc46f0aea0af7

Download Submit
\Windows\system\AOYGNXv.exe

Filesize
6.1MB

MD5
c2c7d86b32ee58da3fde4e956e25befe

SHA1
79f56d6a679347b7288795155dbbf9e4bdcfa220

SHA256
8f4ef32560dd51eac2003b90907659424dc5f47a7765e7c9380a9f3d7728fa2b

SHA512
3631190dab5dad9291741233bc94c7da944fdccfe6385bff3553ecf5b0e4a98b672e9ce63faa877219cc5f7d850348fe4a421eb4a1111594d61696cd391c9ea5

Download Submit
\Windows\system\RiQCbbt.exe

Filesize
6.1MB

MD5
627a79f6ff53fefe643ff70a23e36216

SHA1
99881d2d0bd0faa5df69c7fe47538302151df894

SHA256
65e40208eaab595e6a6092fe9ef5ba600f46a17a960785b84e9bd167967f7f52

SHA512
feda4adbd26751ecd407eecc6ee242f79611def8d9f9c23ba5c402e6093258bcdd445547f1f2db740f81ff7ec37aeffb82ef4792aa17c11083da26e0f306c269

Download Submit
\Windows\system\SonmDWN.exe

Filesize
6.1MB

MD5
b6e0d6d3c2bfbc0767ccd2841df48b95

SHA1
ec715f71f32d033d9d4428d4e9012040d5f79028

SHA256
629f70ce3000b6ea8a95b3b0e1dce7747cc80f1077fc64272d2527a1dcd3756d

SHA512
fd366d356e47d6f292cb559e22ddca1454d5f9a7c212845e1e296a95d7e987421a721df9cc62c98950aa31bbe92c19e352f9ecf0fe431dc747b58465101afae9

Download Submit
\Windows\system\XQzyasw.exe

Filesize
6.1MB

MD5
e5ffe5770f926aac3e2140c6cc14848d

SHA1
7aca5674824f99981b4280faa339ce9194d8d7c9

SHA256
671ebeb148bde17cc9ce47164f8a3b5053c8e2aad2c306508a3d75b1f98032ea

SHA512
b60d8d7250bc87fd3d7c899f6d6f1a1b30ab19c2c1bb762d2e6aad072718a4ff3dd26013ebc1b606a1123e65778bae55595c495182d5dd49c37a0f4b5ea8b4c7

Download Submit
\Windows\system\XlRXauS.exe

Filesize
6.1MB

MD5
247392f2ea7bab8af81ada25e103bed1

SHA1
99425180beea7dab55e760b8a9ebca578488efd7

SHA256
f5fd97959f24e077700f3f30e124165e96664d7573b191b720920109cee95663

SHA512
cd19e7b44e46fa6e450e07a5d9ac3cff1c32b787ee323e1e41d8f92943367863421c542c054260ba808e9f66945b2d610eb11cf64c793a4a63491511dcc4542e

Download Submit
\Windows\system\cqWeIiq.exe

Filesize
6.1MB

MD5
ca41d1a4812c8bbb53aeaf2a87178566

SHA1
77577245700fdb11af7baa3ed7b063e555b2f8d8

SHA256
8c83a6edfbae69f72a403f65fdb5a2ee99334171674918b49886508b5d5af1d2

SHA512
d8e7157f4ac8f2055cd672e57ffa45bc7c8339b9350f873670aafad6fd4671e3278ce5e02a994889d070b1023c829887844ab66fbe1ed4950358a8ee2bff9ead

Download Submit
\Windows\system\pdFHVez.exe

Filesize
6.1MB

MD5
2eeea9113ff31b48243c5de3e516f02f

SHA1
828aa720583937d8e52f11da38c530a27f5a8fbe

SHA256
a669c3a6117207a07cce75f26276e0cb0bea11a4e54f774317d6e706132749f1

SHA512
aa6a1472e4c79d26f69c0400d6ad6ed484601d7bb8bef4585230266a2f6dba86c138091236c1ef4099ceab53d006bc4938769969b7a756a3c7d562659c20ff6a

Download Submit
\Windows\system\wXshYnh.exe

Filesize
6.1MB

MD5
307465e1ed8bbb82af5bf4bbf7da94d9

SHA1
af3869306edaad8808e8c336183adbb28ac1de6a

SHA256
eabb863b7c4f4728ea029b0d4c0ab14a50c0e8aabf6c483b206d5f7a061ab7df

SHA512
fe99b6fc443539709b3e66ff7a181834c08c162086e96863f476c9090b2aeecf8df5a50dd0982c8b0eef868ff9b7a73dc36699a8dbbb5ec332eb9ddf73c4ab69

Download Submit
\Windows\system\wYSUCiw.exe

Filesize
6.1MB

MD5
225a13a6e5661f427ce38b5cf0c9703c

SHA1
66872af6ca0145d89c9ac363c14ea6840cde5a61

SHA256
9068bc9785dfbbc94fb3ff28f45601a5e76a60cb8199082ec9e917221dadeb35

SHA512
6b76f1c6aa0614c74e1a4d8bd3151c6a3304fb2dadc49fdcf91e33f79d7b8015a2039c491c18fc49c059dc9378bb90dc9a9ae633465d80987eda5d252c31428a

Download Submit
\Windows\system\zQYXfbE.exe

Filesize
6.1MB

MD5
f3ede0fff20e52d4e8f4d5e55287c091

SHA1
9d1aa99a9dc7e97be1d512bcb831aa71f0b8b3b7

SHA256
ba331600296b72739f4107317de675bff4b5556ca51c1696a13fd23e7024b148

SHA512
9de7dbf057b7f8074f6e58ee7a08e234f0f1ad7e38ee4cfed4cf1ec0db278cd0ac3c9cf031e5c36624d77e17965546d3ea21fb7c293d4c01a8587da2165cb2f0

Download Submit
memory/1728-3993-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-0-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-1-0x0000000000480000-0x0000000000490000-memory.dmp

Filesize
64KB

Download
memory/2428-2470-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2428-3074-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2428-3073-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-3174-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download