cobaltstrike | 761f1aa750e326535776f009110592fe4fa75d8ff59115e463e70bce0415b4f3

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26/01/2025, 00:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b41ac7f4953adeb45059e54afa4bba60
SHA1

929f846152fcc26cb235e743a645042673ba63df
SHA256

761f1aa750e326535776f009110592fe4fa75d8ff59115e463e70bce0415b4f3
SHA512

cfdc7525e04d3528b50cc1bc35c367de3671dfe84c73f17e55370485192619b420da18ce72ea829afa3adcbf7b3eb99fadc4a902d792ff7fc2a3651cb8b74b22
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUz:T+q56utgpPF8u/7z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012272-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016141-21.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000160da-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016399-32.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df8-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f02-80.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015df1-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-159.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-199.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-194.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-189.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-184.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-175.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-144.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-139.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-134.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-129.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017570-124.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174b4-115.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174f8-118.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707f-97.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df5-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edc-70.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000162e4-57.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001660e-40.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015fa6-17.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016de9-49.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/276-0-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x000d000000012272-3.dat	xmrig
behavioral1/memory/316-8-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x0007000000016141-21.dat	xmrig
behavioral1/memory/276-25-0x0000000002240000-0x0000000002594000-memory.dmp	xmrig
behavioral1/files/0x00070000000160da-27.dat	xmrig
behavioral1/files/0x0007000000016399-32.dat	xmrig
behavioral1/memory/2112-39-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2936-51-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x0006000000016df8-60.dat	xmrig
behavioral1/memory/2940-68-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016f02-80.dat	xmrig
behavioral1/memory/1700-85-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/316-42-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x0009000000015df1-104.dat	xmrig
behavioral1/files/0x0005000000018706-149.dat	xmrig
behavioral1/files/0x000500000001871c-159.dat	xmrig
behavioral1/files/0x0006000000018be7-169.dat	xmrig
behavioral1/memory/2864-1073-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/276-1137-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/1460-866-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2568-634-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/1700-519-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2580-334-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x0005000000019237-199.dat	xmrig
behavioral1/files/0x0005000000019203-194.dat	xmrig
behavioral1/files/0x0006000000019056-189.dat	xmrig
behavioral1/files/0x0006000000018fdf-184.dat	xmrig
behavioral1/files/0x0006000000018d7b-175.dat	xmrig
behavioral1/files/0x0006000000018d83-179.dat	xmrig
behavioral1/files/0x0005000000018745-164.dat	xmrig
behavioral1/files/0x000500000001870c-154.dat	xmrig
behavioral1/files/0x0005000000018697-144.dat	xmrig
behavioral1/files/0x000d000000018683-139.dat	xmrig
behavioral1/files/0x00060000000175f7-134.dat	xmrig
behavioral1/files/0x00060000000175f1-129.dat	xmrig
behavioral1/files/0x0006000000017570-124.dat	xmrig
behavioral1/files/0x00060000000174b4-115.dat	xmrig
behavioral1/memory/276-111-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2940-110-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x00060000000174f8-118.dat	xmrig
behavioral1/memory/1460-100-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2772-98-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x000600000001707f-97.dat	xmrig
behavioral1/memory/2864-106-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2580-79-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/276-78-0x0000000002240000-0x0000000002594000-memory.dmp	xmrig
behavioral1/memory/2112-77-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016df5-76.dat	xmrig
behavioral1/files/0x0006000000016edc-70.dat	xmrig
behavioral1/memory/2772-58-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x00070000000162e4-57.dat	xmrig
behavioral1/memory/2076-53-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2828-105-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x000900000001660e-40.dat	xmrig
behavioral1/memory/2936-90-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2352-28-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015fa6-17.dat	xmrig
behavioral1/memory/2828-65-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2352-61-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016de9-49.dat	xmrig
behavioral1/memory/276-38-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2852-26-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2076-22-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
316	YGmqPvL.exe
2076	fwonMHV.exe
2852	fjkQseh.exe
2352	RZywNzT.exe
2112	FJOOkoP.exe
2936	szKGZrm.exe
2772	iYZHusO.exe
2828	PmlwNmp.exe
2940	xQYmwky.exe
2580	RKGMYFI.exe
1700	dLnmnNT.exe
2568	ZUKGzEq.exe
1460	WJovoay.exe
2864	bFMmApV.exe
1284	THduMVc.exe
1564	oOmYrep.exe
2868	yHHvSbi.exe
580	odRSrLC.exe
1280	mdEakIb.exe
2900	LkVpCWY.exe
280	TGGnpXH.exe
1620	NYYtlzB.exe
3020	BTiRoRg.exe
2908	dCqzbwP.exe
2140	TnsAjgq.exe
1604	oepHeEm.exe
352	rFdzcvr.exe
1872	ltbMEmz.exe
1312	oBGTrQc.exe
1316	bEySSnv.exe
1756	QdwCOjN.exe
848	sNIBrGT.exe
2428	gbdygSO.exe
1532	YorjfzK.exe
1712	gqgxPfs.exe
2504	itFEbEm.exe
2212	JecciUv.exe
1520	QxCxddG.exe
2280	efAvsWu.exe
1852	xYzcmPh.exe
2344	wxkmYQl.exe
1976	bGSxhcD.exe
376	gnRBkxn.exe
1868	zSveilt.exe
2028	OMVgvyp.exe
1580	ZkIYddj.exe
2016	jPOxMkT.exe
1692	TqABYsa.exe
2652	VUJgrYO.exe
2720	GjYHdyH.exe
2596	qcuaeTk.exe
3036	RHGQLXW.exe
484	kFHyVZy.exe
2276	mArKnav.exe
2616	HmQyfMK.exe
2884	gcqzPTC.exe
2540	xZGjIzz.exe
824	JXJkigd.exe
764	gUXSlpg.exe
2252	arnUcqN.exe
1048	lFqeFaG.exe
1948	moTrfhX.exe
3008	PdcLvcm.exe
844	RzfLxOW.exe

Loads dropped DLL 64 IoCs

pid	Process
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/276-0-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x000d000000012272-3.dat	upx
behavioral1/memory/316-8-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x0007000000016141-21.dat	upx
behavioral1/files/0x00070000000160da-27.dat	upx
behavioral1/files/0x0007000000016399-32.dat	upx
behavioral1/memory/2112-39-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2936-51-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x0006000000016df8-60.dat	upx
behavioral1/memory/2940-68-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x0006000000016f02-80.dat	upx
behavioral1/memory/1700-85-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/316-42-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x0009000000015df1-104.dat	upx
behavioral1/files/0x0005000000018706-149.dat	upx
behavioral1/files/0x000500000001871c-159.dat	upx
behavioral1/files/0x0006000000018be7-169.dat	upx
behavioral1/memory/2864-1073-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/1460-866-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2568-634-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/1700-519-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2580-334-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x0005000000019237-199.dat	upx
behavioral1/files/0x0005000000019203-194.dat	upx
behavioral1/files/0x0006000000019056-189.dat	upx
behavioral1/files/0x0006000000018fdf-184.dat	upx
behavioral1/files/0x0006000000018d7b-175.dat	upx
behavioral1/files/0x0006000000018d83-179.dat	upx
behavioral1/files/0x0005000000018745-164.dat	upx
behavioral1/files/0x000500000001870c-154.dat	upx
behavioral1/files/0x0005000000018697-144.dat	upx
behavioral1/files/0x000d000000018683-139.dat	upx
behavioral1/files/0x00060000000175f7-134.dat	upx
behavioral1/files/0x00060000000175f1-129.dat	upx
behavioral1/files/0x0006000000017570-124.dat	upx
behavioral1/files/0x00060000000174b4-115.dat	upx
behavioral1/memory/2940-110-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x00060000000174f8-118.dat	upx
behavioral1/memory/1460-100-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2772-98-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x000600000001707f-97.dat	upx
behavioral1/memory/2864-106-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2580-79-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2112-77-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/files/0x0006000000016df5-76.dat	upx
behavioral1/files/0x0006000000016edc-70.dat	upx
behavioral1/memory/2772-58-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x00070000000162e4-57.dat	upx
behavioral1/memory/2076-53-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2828-105-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x000900000001660e-40.dat	upx
behavioral1/memory/2936-90-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2352-28-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x0008000000015fa6-17.dat	upx
behavioral1/memory/2828-65-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2352-61-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x0008000000016de9-49.dat	upx
behavioral1/memory/276-38-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2852-26-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2076-22-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/316-4004-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2936-4003-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2852-4006-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2828-4010-0x000000013F900000-0x000000013FC54000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\IelwCVh.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HSwOBWr.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tVcEcsh.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LJOHwKm.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RlHzReu.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ypJvHlg.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gEXLkHb.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GAPXbvz.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXOjitM.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFYeudu.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yyQLshV.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXdClJS.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QeALnnW.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\usHmaWU.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GZgqcQl.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GUUGfdr.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhGiXXZ.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qjKxVlE.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPYwGlr.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hCgajEI.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yPXmyrZ.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iIXiWBT.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PbgpgHk.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nmrzksE.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HbloZnd.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YmPVtyY.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PzZgvCK.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KtgFjOz.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TZJKmeU.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGKFuEv.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\beyYEJY.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWGmNOs.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KurLeyJ.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YqvGYzD.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hDLiNcU.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lsBjfOH.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UsgbDPH.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wCISbjU.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sEQiDiX.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sUWcswD.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RXMCmLF.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LGCQRzT.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rAadqLi.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NfXqygf.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cwSpHuz.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\htYJatW.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pCgMUKU.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NgugZrT.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zoCwhAu.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WcwIqAn.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AwPLuij.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HljdBZp.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gAbDoPj.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FoDyvsY.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hpFkxtA.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TZjEyNa.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FNZbyVB.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WVcOWNA.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TcNKdQX.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNHDbSU.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZXxVSD.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYDZcTN.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NzzkpjK.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQDMEbi.exe	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 276 wrote to memory of 316	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 276 wrote to memory of 316	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 276 wrote to memory of 316	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 276 wrote to memory of 2076	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 276 wrote to memory of 2076	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 276 wrote to memory of 2076	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 276 wrote to memory of 2352	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 276 wrote to memory of 2352	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 276 wrote to memory of 2352	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 276 wrote to memory of 2852	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 276 wrote to memory of 2852	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 276 wrote to memory of 2852	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 276 wrote to memory of 2772	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 276 wrote to memory of 2772	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 276 wrote to memory of 2772	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 276 wrote to memory of 2112	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 276 wrote to memory of 2112	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 276 wrote to memory of 2112	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 276 wrote to memory of 2940	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 276 wrote to memory of 2940	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 276 wrote to memory of 2940	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 276 wrote to memory of 2936	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 276 wrote to memory of 2936	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 276 wrote to memory of 2936	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 276 wrote to memory of 2580	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 276 wrote to memory of 2580	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 276 wrote to memory of 2580	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 276 wrote to memory of 2828	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 276 wrote to memory of 2828	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 276 wrote to memory of 2828	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 276 wrote to memory of 2568	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 276 wrote to memory of 2568	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 276 wrote to memory of 2568	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 276 wrote to memory of 1700	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 276 wrote to memory of 1700	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 276 wrote to memory of 1700	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 276 wrote to memory of 1460	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 276 wrote to memory of 1460	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 276 wrote to memory of 1460	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 276 wrote to memory of 2864	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 276 wrote to memory of 2864	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 276 wrote to memory of 2864	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 276 wrote to memory of 1284	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 276 wrote to memory of 1284	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 276 wrote to memory of 1284	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 276 wrote to memory of 1564	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 276 wrote to memory of 1564	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 276 wrote to memory of 1564	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 276 wrote to memory of 2868	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 276 wrote to memory of 2868	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 276 wrote to memory of 2868	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 276 wrote to memory of 580	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 276 wrote to memory of 580	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 276 wrote to memory of 580	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 276 wrote to memory of 1280	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 276 wrote to memory of 1280	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 276 wrote to memory of 1280	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 276 wrote to memory of 2900	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 276 wrote to memory of 2900	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 276 wrote to memory of 2900	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 276 wrote to memory of 280	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	53
PID 276 wrote to memory of 280	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	53
PID 276 wrote to memory of 280	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	53
PID 276 wrote to memory of 1620	276	2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe	54

C:\Users\Admin\AppData\Local\Temp\2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-26_b41ac7f4953adeb45059e54afa4bba60_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:276
- C:\Windows\System\YGmqPvL.exe
  C:\Windows\System\YGmqPvL.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\fwonMHV.exe
  C:\Windows\System\fwonMHV.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\RZywNzT.exe
  C:\Windows\System\RZywNzT.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\fjkQseh.exe
  C:\Windows\System\fjkQseh.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\iYZHusO.exe
  C:\Windows\System\iYZHusO.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\FJOOkoP.exe
  C:\Windows\System\FJOOkoP.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\xQYmwky.exe
  C:\Windows\System\xQYmwky.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\szKGZrm.exe
  C:\Windows\System\szKGZrm.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\RKGMYFI.exe
  C:\Windows\System\RKGMYFI.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\PmlwNmp.exe
  C:\Windows\System\PmlwNmp.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\ZUKGzEq.exe
  C:\Windows\System\ZUKGzEq.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\dLnmnNT.exe
  C:\Windows\System\dLnmnNT.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\WJovoay.exe
  C:\Windows\System\WJovoay.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\bFMmApV.exe
  C:\Windows\System\bFMmApV.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\THduMVc.exe
  C:\Windows\System\THduMVc.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\oOmYrep.exe
  C:\Windows\System\oOmYrep.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\yHHvSbi.exe
  C:\Windows\System\yHHvSbi.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\odRSrLC.exe
  C:\Windows\System\odRSrLC.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\mdEakIb.exe
  C:\Windows\System\mdEakIb.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\LkVpCWY.exe
  C:\Windows\System\LkVpCWY.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\TGGnpXH.exe
  C:\Windows\System\TGGnpXH.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\NYYtlzB.exe
  C:\Windows\System\NYYtlzB.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\BTiRoRg.exe
  C:\Windows\System\BTiRoRg.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\dCqzbwP.exe
  C:\Windows\System\dCqzbwP.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\TnsAjgq.exe
  C:\Windows\System\TnsAjgq.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\oepHeEm.exe
  C:\Windows\System\oepHeEm.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\rFdzcvr.exe
  C:\Windows\System\rFdzcvr.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\ltbMEmz.exe
  C:\Windows\System\ltbMEmz.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\oBGTrQc.exe
  C:\Windows\System\oBGTrQc.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\bEySSnv.exe
  C:\Windows\System\bEySSnv.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\QdwCOjN.exe
  C:\Windows\System\QdwCOjN.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\sNIBrGT.exe
  C:\Windows\System\sNIBrGT.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\gbdygSO.exe
  C:\Windows\System\gbdygSO.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\YorjfzK.exe
  C:\Windows\System\YorjfzK.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\gqgxPfs.exe
  C:\Windows\System\gqgxPfs.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\itFEbEm.exe
  C:\Windows\System\itFEbEm.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\JecciUv.exe
  C:\Windows\System\JecciUv.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\QxCxddG.exe
  C:\Windows\System\QxCxddG.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\efAvsWu.exe
  C:\Windows\System\efAvsWu.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\xYzcmPh.exe
  C:\Windows\System\xYzcmPh.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\wxkmYQl.exe
  C:\Windows\System\wxkmYQl.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\bGSxhcD.exe
  C:\Windows\System\bGSxhcD.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\gnRBkxn.exe
  C:\Windows\System\gnRBkxn.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\zSveilt.exe
  C:\Windows\System\zSveilt.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\OMVgvyp.exe
  C:\Windows\System\OMVgvyp.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\ZkIYddj.exe
  C:\Windows\System\ZkIYddj.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\jPOxMkT.exe
  C:\Windows\System\jPOxMkT.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\TqABYsa.exe
  C:\Windows\System\TqABYsa.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\VUJgrYO.exe
  C:\Windows\System\VUJgrYO.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\GjYHdyH.exe
  C:\Windows\System\GjYHdyH.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\qcuaeTk.exe
  C:\Windows\System\qcuaeTk.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\RHGQLXW.exe
  C:\Windows\System\RHGQLXW.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\kFHyVZy.exe
  C:\Windows\System\kFHyVZy.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\mArKnav.exe
  C:\Windows\System\mArKnav.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\HmQyfMK.exe
  C:\Windows\System\HmQyfMK.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\gcqzPTC.exe
  C:\Windows\System\gcqzPTC.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\xZGjIzz.exe
  C:\Windows\System\xZGjIzz.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\JXJkigd.exe
  C:\Windows\System\JXJkigd.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\gUXSlpg.exe
  C:\Windows\System\gUXSlpg.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\arnUcqN.exe
  C:\Windows\System\arnUcqN.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\lFqeFaG.exe
  C:\Windows\System\lFqeFaG.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\moTrfhX.exe
  C:\Windows\System\moTrfhX.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\PdcLvcm.exe
  C:\Windows\System\PdcLvcm.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\RzfLxOW.exe
  C:\Windows\System\RzfLxOW.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\rZXjTpq.exe
  C:\Windows\System\rZXjTpq.exe
  2⤵
  PID:1708
- C:\Windows\System\MNWrFlf.exe
  C:\Windows\System\MNWrFlf.exe
  2⤵
  PID:928
- C:\Windows\System\NmGvARk.exe
  C:\Windows\System\NmGvARk.exe
  2⤵
  PID:2960
- C:\Windows\System\DouxEyn.exe
  C:\Windows\System\DouxEyn.exe
  2⤵
  PID:1340
- C:\Windows\System\tfDkbFc.exe
  C:\Windows\System\tfDkbFc.exe
  2⤵
  PID:1348
- C:\Windows\System\gDMKRBh.exe
  C:\Windows\System\gDMKRBh.exe
  2⤵
  PID:2488
- C:\Windows\System\wCauhGs.exe
  C:\Windows\System\wCauhGs.exe
  2⤵
  PID:348
- C:\Windows\System\QrBpDHb.exe
  C:\Windows\System\QrBpDHb.exe
  2⤵
  PID:2084
- C:\Windows\System\BUyrrkn.exe
  C:\Windows\System\BUyrrkn.exe
  2⤵
  PID:1628
- C:\Windows\System\mzTjmxn.exe
  C:\Windows\System\mzTjmxn.exe
  2⤵
  PID:896
- C:\Windows\System\hZOrkjA.exe
  C:\Windows\System\hZOrkjA.exe
  2⤵
  PID:2316
- C:\Windows\System\jaKSDFd.exe
  C:\Windows\System\jaKSDFd.exe
  2⤵
  PID:2124
- C:\Windows\System\ofSZWMI.exe
  C:\Windows\System\ofSZWMI.exe
  2⤵
  PID:1704
- C:\Windows\System\yVcYSOF.exe
  C:\Windows\System\yVcYSOF.exe
  2⤵
  PID:2588
- C:\Windows\System\POwDZZb.exe
  C:\Windows\System\POwDZZb.exe
  2⤵
  PID:2520
- C:\Windows\System\CnPoytN.exe
  C:\Windows\System\CnPoytN.exe
  2⤵
  PID:2856
- C:\Windows\System\AANGeHD.exe
  C:\Windows\System\AANGeHD.exe
  2⤵
  PID:2700
- C:\Windows\System\xrZbMNm.exe
  C:\Windows\System\xrZbMNm.exe
  2⤵
  PID:592
- C:\Windows\System\vROoJDn.exe
  C:\Windows\System\vROoJDn.exe
  2⤵
  PID:1104
- C:\Windows\System\wypyIRJ.exe
  C:\Windows\System\wypyIRJ.exe
  2⤵
  PID:1720
- C:\Windows\System\VFNWtnG.exe
  C:\Windows\System\VFNWtnG.exe
  2⤵
  PID:1116
- C:\Windows\System\nRPQCCQ.exe
  C:\Windows\System\nRPQCCQ.exe
  2⤵
  PID:2508
- C:\Windows\System\wgSNipE.exe
  C:\Windows\System\wgSNipE.exe
  2⤵
  PID:648
- C:\Windows\System\pKGoGUh.exe
  C:\Windows\System\pKGoGUh.exe
  2⤵
  PID:1416
- C:\Windows\System\vJyrzlf.exe
  C:\Windows\System\vJyrzlf.exe
  2⤵
  PID:1836
- C:\Windows\System\QuREkpL.exe
  C:\Windows\System\QuREkpL.exe
  2⤵
  PID:1244
- C:\Windows\System\UgTmavH.exe
  C:\Windows\System\UgTmavH.exe
  2⤵
  PID:2460
- C:\Windows\System\qcPHpkc.exe
  C:\Windows\System\qcPHpkc.exe
  2⤵
  PID:1752
- C:\Windows\System\msJwhZf.exe
  C:\Windows\System\msJwhZf.exe
  2⤵
  PID:2120
- C:\Windows\System\FUXklip.exe
  C:\Windows\System\FUXklip.exe
  2⤵
  PID:2492
- C:\Windows\System\siIWPAA.exe
  C:\Windows\System\siIWPAA.exe
  2⤵
  PID:2564
- C:\Windows\System\wPZVljI.exe
  C:\Windows\System\wPZVljI.exe
  2⤵
  PID:2592
- C:\Windows\System\khxCaMO.exe
  C:\Windows\System\khxCaMO.exe
  2⤵
  PID:3084
- C:\Windows\System\XhWcCaR.exe
  C:\Windows\System\XhWcCaR.exe
  2⤵
  PID:3104
- C:\Windows\System\JvjNbSN.exe
  C:\Windows\System\JvjNbSN.exe
  2⤵
  PID:3124
- C:\Windows\System\iJOwAEo.exe
  C:\Windows\System\iJOwAEo.exe
  2⤵
  PID:3144
- C:\Windows\System\jfEAjAg.exe
  C:\Windows\System\jfEAjAg.exe
  2⤵
  PID:3164
- C:\Windows\System\njTRTGE.exe
  C:\Windows\System\njTRTGE.exe
  2⤵
  PID:3180
- C:\Windows\System\HxzhISV.exe
  C:\Windows\System\HxzhISV.exe
  2⤵
  PID:3200
- C:\Windows\System\jkVteQP.exe
  C:\Windows\System\jkVteQP.exe
  2⤵
  PID:3220
- C:\Windows\System\hwBbKoF.exe
  C:\Windows\System\hwBbKoF.exe
  2⤵
  PID:3240
- C:\Windows\System\tqtOrrU.exe
  C:\Windows\System\tqtOrrU.exe
  2⤵
  PID:3260
- C:\Windows\System\bOTgNzE.exe
  C:\Windows\System\bOTgNzE.exe
  2⤵
  PID:3284
- C:\Windows\System\zPviCnd.exe
  C:\Windows\System\zPviCnd.exe
  2⤵
  PID:3300
- C:\Windows\System\KuDjYwU.exe
  C:\Windows\System\KuDjYwU.exe
  2⤵
  PID:3324
- C:\Windows\System\hVFwjDE.exe
  C:\Windows\System\hVFwjDE.exe
  2⤵
  PID:3340
- C:\Windows\System\IsMiHEN.exe
  C:\Windows\System\IsMiHEN.exe
  2⤵
  PID:3360
- C:\Windows\System\MKvMUGl.exe
  C:\Windows\System\MKvMUGl.exe
  2⤵
  PID:3380
- C:\Windows\System\QcGPNvO.exe
  C:\Windows\System\QcGPNvO.exe
  2⤵
  PID:3404
- C:\Windows\System\ABbWkZo.exe
  C:\Windows\System\ABbWkZo.exe
  2⤵
  PID:3420
- C:\Windows\System\lswEhoJ.exe
  C:\Windows\System\lswEhoJ.exe
  2⤵
  PID:3440
- C:\Windows\System\ewGRqGi.exe
  C:\Windows\System\ewGRqGi.exe
  2⤵
  PID:3460
- C:\Windows\System\dGHLJkX.exe
  C:\Windows\System\dGHLJkX.exe
  2⤵
  PID:3484
- C:\Windows\System\BUAJFoC.exe
  C:\Windows\System\BUAJFoC.exe
  2⤵
  PID:3500
- C:\Windows\System\ssxUQSz.exe
  C:\Windows\System\ssxUQSz.exe
  2⤵
  PID:3520
- C:\Windows\System\BFulcEx.exe
  C:\Windows\System\BFulcEx.exe
  2⤵
  PID:3540
- C:\Windows\System\eIEUrid.exe
  C:\Windows\System\eIEUrid.exe
  2⤵
  PID:3568
- C:\Windows\System\pwDAczg.exe
  C:\Windows\System\pwDAczg.exe
  2⤵
  PID:3584
- C:\Windows\System\wxfbHkE.exe
  C:\Windows\System\wxfbHkE.exe
  2⤵
  PID:3604
- C:\Windows\System\OPQUkOX.exe
  C:\Windows\System\OPQUkOX.exe
  2⤵
  PID:3624
- C:\Windows\System\kUxLiIm.exe
  C:\Windows\System\kUxLiIm.exe
  2⤵
  PID:3644
- C:\Windows\System\WdaKRtD.exe
  C:\Windows\System\WdaKRtD.exe
  2⤵
  PID:3664
- C:\Windows\System\rNLjxxG.exe
  C:\Windows\System\rNLjxxG.exe
  2⤵
  PID:3684
- C:\Windows\System\hWySkaJ.exe
  C:\Windows\System\hWySkaJ.exe
  2⤵
  PID:3704
- C:\Windows\System\PmCXrgi.exe
  C:\Windows\System\PmCXrgi.exe
  2⤵
  PID:3724
- C:\Windows\System\oigFKBk.exe
  C:\Windows\System\oigFKBk.exe
  2⤵
  PID:3748
- C:\Windows\System\kYdvCJX.exe
  C:\Windows\System\kYdvCJX.exe
  2⤵
  PID:3768
- C:\Windows\System\vrmBTSl.exe
  C:\Windows\System\vrmBTSl.exe
  2⤵
  PID:3788
- C:\Windows\System\fuxrlBb.exe
  C:\Windows\System\fuxrlBb.exe
  2⤵
  PID:3808
- C:\Windows\System\kkZikWf.exe
  C:\Windows\System\kkZikWf.exe
  2⤵
  PID:3828
- C:\Windows\System\rRjCJgp.exe
  C:\Windows\System\rRjCJgp.exe
  2⤵
  PID:3848
- C:\Windows\System\eiPSTtq.exe
  C:\Windows\System\eiPSTtq.exe
  2⤵
  PID:3868
- C:\Windows\System\lEsylOR.exe
  C:\Windows\System\lEsylOR.exe
  2⤵
  PID:3888
- C:\Windows\System\wNAOwvn.exe
  C:\Windows\System\wNAOwvn.exe
  2⤵
  PID:3904
- C:\Windows\System\bSqQVcY.exe
  C:\Windows\System\bSqQVcY.exe
  2⤵
  PID:3928
- C:\Windows\System\AoeAugI.exe
  C:\Windows\System\AoeAugI.exe
  2⤵
  PID:3952
- C:\Windows\System\ZhXpVAL.exe
  C:\Windows\System\ZhXpVAL.exe
  2⤵
  PID:3972
- C:\Windows\System\dIyaPSR.exe
  C:\Windows\System\dIyaPSR.exe
  2⤵
  PID:3992
- C:\Windows\System\RSBAxFJ.exe
  C:\Windows\System\RSBAxFJ.exe
  2⤵
  PID:4012
- C:\Windows\System\eVsFNmH.exe
  C:\Windows\System\eVsFNmH.exe
  2⤵
  PID:4032
- C:\Windows\System\jcIkJaj.exe
  C:\Windows\System\jcIkJaj.exe
  2⤵
  PID:4052
- C:\Windows\System\kJwmhJM.exe
  C:\Windows\System\kJwmhJM.exe
  2⤵
  PID:4072
- C:\Windows\System\ThDvORh.exe
  C:\Windows\System\ThDvORh.exe
  2⤵
  PID:4092
- C:\Windows\System\lusTYMZ.exe
  C:\Windows\System\lusTYMZ.exe
  2⤵
  PID:2636
- C:\Windows\System\RgeFixt.exe
  C:\Windows\System\RgeFixt.exe
  2⤵
  PID:2200
- C:\Windows\System\iEPitIO.exe
  C:\Windows\System\iEPitIO.exe
  2⤵
  PID:2904
- C:\Windows\System\bWAdGND.exe
  C:\Windows\System\bWAdGND.exe
  2⤵
  PID:1820
- C:\Windows\System\jHdupia.exe
  C:\Windows\System\jHdupia.exe
  2⤵
  PID:1308
- C:\Windows\System\nEJCqmn.exe
  C:\Windows\System\nEJCqmn.exe
  2⤵
  PID:2356
- C:\Windows\System\PRoGHfh.exe
  C:\Windows\System\PRoGHfh.exe
  2⤵
  PID:2228
- C:\Windows\System\HHMmkEB.exe
  C:\Windows\System\HHMmkEB.exe
  2⤵
  PID:1588
- C:\Windows\System\QtVVUGQ.exe
  C:\Windows\System\QtVVUGQ.exe
  2⤵
  PID:1684
- C:\Windows\System\DCrZYsw.exe
  C:\Windows\System\DCrZYsw.exe
  2⤵
  PID:3116
- C:\Windows\System\FWLhXUX.exe
  C:\Windows\System\FWLhXUX.exe
  2⤵
  PID:3156
- C:\Windows\System\MtWOvBr.exe
  C:\Windows\System\MtWOvBr.exe
  2⤵
  PID:3188
- C:\Windows\System\QECugHS.exe
  C:\Windows\System\QECugHS.exe
  2⤵
  PID:3228
- C:\Windows\System\UdatuPB.exe
  C:\Windows\System\UdatuPB.exe
  2⤵
  PID:3268
- C:\Windows\System\viviNjq.exe
  C:\Windows\System\viviNjq.exe
  2⤵
  PID:3276
- C:\Windows\System\FQCxdPN.exe
  C:\Windows\System\FQCxdPN.exe
  2⤵
  PID:3356
- C:\Windows\System\CDJjYwJ.exe
  C:\Windows\System\CDJjYwJ.exe
  2⤵
  PID:3256
- C:\Windows\System\lIkSNDG.exe
  C:\Windows\System\lIkSNDG.exe
  2⤵
  PID:3400
- C:\Windows\System\DeiskXZ.exe
  C:\Windows\System\DeiskXZ.exe
  2⤵
  PID:3372
- C:\Windows\System\IKEfHRE.exe
  C:\Windows\System\IKEfHRE.exe
  2⤵
  PID:3476
- C:\Windows\System\jzbSIXP.exe
  C:\Windows\System\jzbSIXP.exe
  2⤵
  PID:3416
- C:\Windows\System\UKHQzlC.exe
  C:\Windows\System\UKHQzlC.exe
  2⤵
  PID:3456
- C:\Windows\System\fVIwdEH.exe
  C:\Windows\System\fVIwdEH.exe
  2⤵
  PID:3492
- C:\Windows\System\dZscHPK.exe
  C:\Windows\System\dZscHPK.exe
  2⤵
  PID:3536
- C:\Windows\System\jukSMhx.exe
  C:\Windows\System\jukSMhx.exe
  2⤵
  PID:3580
- C:\Windows\System\wjkExRM.exe
  C:\Windows\System\wjkExRM.exe
  2⤵
  PID:3616
- C:\Windows\System\vtAXHSO.exe
  C:\Windows\System\vtAXHSO.exe
  2⤵
  PID:3656
- C:\Windows\System\WswSJkT.exe
  C:\Windows\System\WswSJkT.exe
  2⤵
  PID:3696
- C:\Windows\System\UxGTTqe.exe
  C:\Windows\System\UxGTTqe.exe
  2⤵
  PID:3700
- C:\Windows\System\jTwJBTi.exe
  C:\Windows\System\jTwJBTi.exe
  2⤵
  PID:3776
- C:\Windows\System\cPWlHGm.exe
  C:\Windows\System\cPWlHGm.exe
  2⤵
  PID:3780
- C:\Windows\System\aQJYgys.exe
  C:\Windows\System\aQJYgys.exe
  2⤵
  PID:3856
- C:\Windows\System\wPrVLJu.exe
  C:\Windows\System\wPrVLJu.exe
  2⤵
  PID:3860
- C:\Windows\System\ZnjIitJ.exe
  C:\Windows\System\ZnjIitJ.exe
  2⤵
  PID:3896
- C:\Windows\System\MaEXZSU.exe
  C:\Windows\System\MaEXZSU.exe
  2⤵
  PID:3964
- C:\Windows\System\xYQVwYE.exe
  C:\Windows\System\xYQVwYE.exe
  2⤵
  PID:4008
- C:\Windows\System\kpBLOSG.exe
  C:\Windows\System\kpBLOSG.exe
  2⤵
  PID:3988
- C:\Windows\System\dxUUVJE.exe
  C:\Windows\System\dxUUVJE.exe
  2⤵
  PID:4088
- C:\Windows\System\bRMkIFd.exe
  C:\Windows\System\bRMkIFd.exe
  2⤵
  PID:4060
- C:\Windows\System\OGeiiAI.exe
  C:\Windows\System\OGeiiAI.exe
  2⤵
  PID:2912
- C:\Windows\System\uqSEvGR.exe
  C:\Windows\System\uqSEvGR.exe
  2⤵
  PID:788
- C:\Windows\System\inbprBc.exe
  C:\Windows\System\inbprBc.exe
  2⤵
  PID:2524
- C:\Windows\System\AAyhOiu.exe
  C:\Windows\System\AAyhOiu.exe
  2⤵
  PID:2944
- C:\Windows\System\YnUeHyZ.exe
  C:\Windows\System\YnUeHyZ.exe
  2⤵
  PID:2816
- C:\Windows\System\UGVdbpq.exe
  C:\Windows\System\UGVdbpq.exe
  2⤵
  PID:2008
- C:\Windows\System\fOKtRKF.exe
  C:\Windows\System\fOKtRKF.exe
  2⤵
  PID:3152
- C:\Windows\System\qrKYbAC.exe
  C:\Windows\System\qrKYbAC.exe
  2⤵
  PID:3280
- C:\Windows\System\ltTAWzb.exe
  C:\Windows\System\ltTAWzb.exe
  2⤵
  PID:3136
- C:\Windows\System\QwrHcqm.exe
  C:\Windows\System\QwrHcqm.exe
  2⤵
  PID:3296
- C:\Windows\System\cdWXzjM.exe
  C:\Windows\System\cdWXzjM.exe
  2⤵
  PID:3336
- C:\Windows\System\IuekmEM.exe
  C:\Windows\System\IuekmEM.exe
  2⤵
  PID:3368
- C:\Windows\System\zHJsjKe.exe
  C:\Windows\System\zHJsjKe.exe
  2⤵
  PID:3428
- C:\Windows\System\EelQKtf.exe
  C:\Windows\System\EelQKtf.exe
  2⤵
  PID:3532
- C:\Windows\System\ymfgGdz.exe
  C:\Windows\System\ymfgGdz.exe
  2⤵
  PID:3560
- C:\Windows\System\VKBfKPo.exe
  C:\Windows\System\VKBfKPo.exe
  2⤵
  PID:3576
- C:\Windows\System\cLNbTPV.exe
  C:\Windows\System\cLNbTPV.exe
  2⤵
  PID:3764
- C:\Windows\System\zcsZHIK.exe
  C:\Windows\System\zcsZHIK.exe
  2⤵
  PID:3844
- C:\Windows\System\tChukhw.exe
  C:\Windows\System\tChukhw.exe
  2⤵
  PID:3736
- C:\Windows\System\YRSbbPo.exe
  C:\Windows\System\YRSbbPo.exe
  2⤵
  PID:3920
- C:\Windows\System\PBIwEtn.exe
  C:\Windows\System\PBIwEtn.exe
  2⤵
  PID:3944
- C:\Windows\System\KvdSBpO.exe
  C:\Windows\System\KvdSBpO.exe
  2⤵
  PID:3900
- C:\Windows\System\fSJinNn.exe
  C:\Windows\System\fSJinNn.exe
  2⤵
  PID:4048
- C:\Windows\System\qvuSzfP.exe
  C:\Windows\System\qvuSzfP.exe
  2⤵
  PID:1988
- C:\Windows\System\ySBPXBN.exe
  C:\Windows\System\ySBPXBN.exe
  2⤵
  PID:996
- C:\Windows\System\bbMeznd.exe
  C:\Windows\System\bbMeznd.exe
  2⤵
  PID:2052
- C:\Windows\System\FvgNPxH.exe
  C:\Windows\System\FvgNPxH.exe
  2⤵
  PID:3132
- C:\Windows\System\FxZHHDc.exe
  C:\Windows\System\FxZHHDc.exe
  2⤵
  PID:3320
- C:\Windows\System\vEzLZYa.exe
  C:\Windows\System\vEzLZYa.exe
  2⤵
  PID:3248
- C:\Windows\System\kYAFFqU.exe
  C:\Windows\System\kYAFFqU.exe
  2⤵
  PID:3140
- C:\Windows\System\suawDTX.exe
  C:\Windows\System\suawDTX.exe
  2⤵
  PID:3436
- C:\Windows\System\sNiCHkt.exe
  C:\Windows\System\sNiCHkt.exe
  2⤵
  PID:3636
- C:\Windows\System\xSpPLgV.exe
  C:\Windows\System\xSpPLgV.exe
  2⤵
  PID:3720
- C:\Windows\System\rIoeOfU.exe
  C:\Windows\System\rIoeOfU.exe
  2⤵
  PID:3740
- C:\Windows\System\OxBjEuq.exe
  C:\Windows\System\OxBjEuq.exe
  2⤵
  PID:3620
- C:\Windows\System\wCISbjU.exe
  C:\Windows\System\wCISbjU.exe
  2⤵
  PID:3912
- C:\Windows\System\pKBxNeS.exe
  C:\Windows\System\pKBxNeS.exe
  2⤵
  PID:4112
- C:\Windows\System\NuygDZC.exe
  C:\Windows\System\NuygDZC.exe
  2⤵
  PID:4132
- C:\Windows\System\YwqAOhM.exe
  C:\Windows\System\YwqAOhM.exe
  2⤵
  PID:4152
- C:\Windows\System\XEZlpXl.exe
  C:\Windows\System\XEZlpXl.exe
  2⤵
  PID:4168
- C:\Windows\System\TawDauW.exe
  C:\Windows\System\TawDauW.exe
  2⤵
  PID:4188
- C:\Windows\System\fHhKGQi.exe
  C:\Windows\System\fHhKGQi.exe
  2⤵
  PID:4212
- C:\Windows\System\YVvojge.exe
  C:\Windows\System\YVvojge.exe
  2⤵
  PID:4232
- C:\Windows\System\QMqqLxe.exe
  C:\Windows\System\QMqqLxe.exe
  2⤵
  PID:4248
- C:\Windows\System\eALPJpv.exe
  C:\Windows\System\eALPJpv.exe
  2⤵
  PID:4272
- C:\Windows\System\NfpMigt.exe
  C:\Windows\System\NfpMigt.exe
  2⤵
  PID:4292
- C:\Windows\System\vhsvzKW.exe
  C:\Windows\System\vhsvzKW.exe
  2⤵
  PID:4312
- C:\Windows\System\bRPQQLD.exe
  C:\Windows\System\bRPQQLD.exe
  2⤵
  PID:4332
- C:\Windows\System\xwROhFi.exe
  C:\Windows\System\xwROhFi.exe
  2⤵
  PID:4352
- C:\Windows\System\cPrVQTp.exe
  C:\Windows\System\cPrVQTp.exe
  2⤵
  PID:4368
- C:\Windows\System\lNZlLYx.exe
  C:\Windows\System\lNZlLYx.exe
  2⤵
  PID:4388
- C:\Windows\System\ljQdSBb.exe
  C:\Windows\System\ljQdSBb.exe
  2⤵
  PID:4412
- C:\Windows\System\kdWiNMp.exe
  C:\Windows\System\kdWiNMp.exe
  2⤵
  PID:4432
- C:\Windows\System\fFcLckE.exe
  C:\Windows\System\fFcLckE.exe
  2⤵
  PID:4448
- C:\Windows\System\zAgnsOa.exe
  C:\Windows\System\zAgnsOa.exe
  2⤵
  PID:4472
- C:\Windows\System\PtAJQZK.exe
  C:\Windows\System\PtAJQZK.exe
  2⤵
  PID:4488
- C:\Windows\System\GRahsDg.exe
  C:\Windows\System\GRahsDg.exe
  2⤵
  PID:4512
- C:\Windows\System\OYacbcm.exe
  C:\Windows\System\OYacbcm.exe
  2⤵
  PID:4532
- C:\Windows\System\wsmvopu.exe
  C:\Windows\System\wsmvopu.exe
  2⤵
  PID:4552
- C:\Windows\System\LHNQslG.exe
  C:\Windows\System\LHNQslG.exe
  2⤵
  PID:4568
- C:\Windows\System\cOYlyKQ.exe
  C:\Windows\System\cOYlyKQ.exe
  2⤵
  PID:4588
- C:\Windows\System\eOLrkDR.exe
  C:\Windows\System\eOLrkDR.exe
  2⤵
  PID:4608
- C:\Windows\System\IkqQyvi.exe
  C:\Windows\System\IkqQyvi.exe
  2⤵
  PID:4628
- C:\Windows\System\DjoWoQc.exe
  C:\Windows\System\DjoWoQc.exe
  2⤵
  PID:4652
- C:\Windows\System\rLFeNPH.exe
  C:\Windows\System\rLFeNPH.exe
  2⤵
  PID:4672
- C:\Windows\System\LWfrUSj.exe
  C:\Windows\System\LWfrUSj.exe
  2⤵
  PID:4692
- C:\Windows\System\WaxPRnn.exe
  C:\Windows\System\WaxPRnn.exe
  2⤵
  PID:4712
- C:\Windows\System\qVMXZHd.exe
  C:\Windows\System\qVMXZHd.exe
  2⤵
  PID:4732
- C:\Windows\System\tXGNenI.exe
  C:\Windows\System\tXGNenI.exe
  2⤵
  PID:4756
- C:\Windows\System\lRHSWyl.exe
  C:\Windows\System\lRHSWyl.exe
  2⤵
  PID:4780
- C:\Windows\System\ITJnltH.exe
  C:\Windows\System\ITJnltH.exe
  2⤵
  PID:4800
- C:\Windows\System\ycfnilV.exe
  C:\Windows\System\ycfnilV.exe
  2⤵
  PID:4820
- C:\Windows\System\UaFGyTF.exe
  C:\Windows\System\UaFGyTF.exe
  2⤵
  PID:4840
- C:\Windows\System\JMnFfSP.exe
  C:\Windows\System\JMnFfSP.exe
  2⤵
  PID:4860
- C:\Windows\System\fcPFOXX.exe
  C:\Windows\System\fcPFOXX.exe
  2⤵
  PID:4880
- C:\Windows\System\FDdWXWI.exe
  C:\Windows\System\FDdWXWI.exe
  2⤵
  PID:4900
- C:\Windows\System\fuYmEgq.exe
  C:\Windows\System\fuYmEgq.exe
  2⤵
  PID:4920
- C:\Windows\System\rqKHDIh.exe
  C:\Windows\System\rqKHDIh.exe
  2⤵
  PID:4940
- C:\Windows\System\DLoZZAZ.exe
  C:\Windows\System\DLoZZAZ.exe
  2⤵
  PID:4960
- C:\Windows\System\cUlWhuv.exe
  C:\Windows\System\cUlWhuv.exe
  2⤵
  PID:4980
- C:\Windows\System\cZsnZFA.exe
  C:\Windows\System\cZsnZFA.exe
  2⤵
  PID:5000
- C:\Windows\System\OeYKXon.exe
  C:\Windows\System\OeYKXon.exe
  2⤵
  PID:5016
- C:\Windows\System\fglwslz.exe
  C:\Windows\System\fglwslz.exe
  2⤵
  PID:5040
- C:\Windows\System\QzzKZwr.exe
  C:\Windows\System\QzzKZwr.exe
  2⤵
  PID:5060
- C:\Windows\System\FNZbyVB.exe
  C:\Windows\System\FNZbyVB.exe
  2⤵
  PID:5080
- C:\Windows\System\YQVpyzT.exe
  C:\Windows\System\YQVpyzT.exe
  2⤵
  PID:5100
- C:\Windows\System\TGcbLRH.exe
  C:\Windows\System\TGcbLRH.exe
  2⤵
  PID:3980
- C:\Windows\System\WiAXRzo.exe
  C:\Windows\System\WiAXRzo.exe
  2⤵
  PID:3312
- C:\Windows\System\jSWVuKm.exe
  C:\Windows\System\jSWVuKm.exe
  2⤵
  PID:3016
- C:\Windows\System\eLJNknZ.exe
  C:\Windows\System\eLJNknZ.exe
  2⤵
  PID:2400
- C:\Windows\System\yKNfhcC.exe
  C:\Windows\System\yKNfhcC.exe
  2⤵
  PID:3388
- C:\Windows\System\CkRIbFe.exe
  C:\Windows\System\CkRIbFe.exe
  2⤵
  PID:3192
- C:\Windows\System\DTcdixI.exe
  C:\Windows\System\DTcdixI.exe
  2⤵
  PID:3712
- C:\Windows\System\UxeGOQr.exe
  C:\Windows\System\UxeGOQr.exe
  2⤵
  PID:3804
- C:\Windows\System\OuJorTj.exe
  C:\Windows\System\OuJorTj.exe
  2⤵
  PID:856
- C:\Windows\System\kwZyDTa.exe
  C:\Windows\System\kwZyDTa.exe
  2⤵
  PID:3592
- C:\Windows\System\xdmqPWG.exe
  C:\Windows\System\xdmqPWG.exe
  2⤵
  PID:4140
- C:\Windows\System\GqVKiVf.exe
  C:\Windows\System\GqVKiVf.exe
  2⤵
  PID:4176
- C:\Windows\System\kkPCsJe.exe
  C:\Windows\System\kkPCsJe.exe
  2⤵
  PID:4220
- C:\Windows\System\RQmFmSJ.exe
  C:\Windows\System\RQmFmSJ.exe
  2⤵
  PID:4164
- C:\Windows\System\PlyOOwt.exe
  C:\Windows\System\PlyOOwt.exe
  2⤵
  PID:4268
- C:\Windows\System\SMWrbtv.exe
  C:\Windows\System\SMWrbtv.exe
  2⤵
  PID:4244
- C:\Windows\System\iknFkMy.exe
  C:\Windows\System\iknFkMy.exe
  2⤵
  PID:4340
- C:\Windows\System\VdCaRRe.exe
  C:\Windows\System\VdCaRRe.exe
  2⤵
  PID:4344
- C:\Windows\System\knaxpDs.exe
  C:\Windows\System\knaxpDs.exe
  2⤵
  PID:4380
- C:\Windows\System\pGLrvUX.exe
  C:\Windows\System\pGLrvUX.exe
  2⤵
  PID:4420
- C:\Windows\System\fKuYifn.exe
  C:\Windows\System\fKuYifn.exe
  2⤵
  PID:4456
- C:\Windows\System\FcUjFiH.exe
  C:\Windows\System\FcUjFiH.exe
  2⤵
  PID:4496
- C:\Windows\System\pZIethN.exe
  C:\Windows\System\pZIethN.exe
  2⤵
  PID:4508
- C:\Windows\System\yXqENgk.exe
  C:\Windows\System\yXqENgk.exe
  2⤵
  PID:4524
- C:\Windows\System\mPyKqLV.exe
  C:\Windows\System\mPyKqLV.exe
  2⤵
  PID:4580
- C:\Windows\System\VtptDwM.exe
  C:\Windows\System\VtptDwM.exe
  2⤵
  PID:4624
- C:\Windows\System\UQmwfdU.exe
  C:\Windows\System\UQmwfdU.exe
  2⤵
  PID:4660
- C:\Windows\System\iWcDLNk.exe
  C:\Windows\System\iWcDLNk.exe
  2⤵
  PID:4644
- C:\Windows\System\kLOsRpB.exe
  C:\Windows\System\kLOsRpB.exe
  2⤵
  PID:4684
- C:\Windows\System\XrmeIoY.exe
  C:\Windows\System\XrmeIoY.exe
  2⤵
  PID:4752
- C:\Windows\System\zdpQLYP.exe
  C:\Windows\System\zdpQLYP.exe
  2⤵
  PID:4792
- C:\Windows\System\UNmxRVM.exe
  C:\Windows\System\UNmxRVM.exe
  2⤵
  PID:4808
- C:\Windows\System\PLFvCqJ.exe
  C:\Windows\System\PLFvCqJ.exe
  2⤵
  PID:4868
- C:\Windows\System\pgCjEac.exe
  C:\Windows\System\pgCjEac.exe
  2⤵
  PID:4872
- C:\Windows\System\RlHzReu.exe
  C:\Windows\System\RlHzReu.exe
  2⤵
  PID:2660
- C:\Windows\System\BzKGGLK.exe
  C:\Windows\System\BzKGGLK.exe
  2⤵
  PID:4948
- C:\Windows\System\BdBHyur.exe
  C:\Windows\System\BdBHyur.exe
  2⤵
  PID:4928
- C:\Windows\System\YlvLakr.exe
  C:\Windows\System\YlvLakr.exe
  2⤵
  PID:4996
- C:\Windows\System\CCxwKkU.exe
  C:\Windows\System\CCxwKkU.exe
  2⤵
  PID:5024
- C:\Windows\System\PzZgvCK.exe
  C:\Windows\System\PzZgvCK.exe
  2⤵
  PID:5076
- C:\Windows\System\ktCWduz.exe
  C:\Windows\System\ktCWduz.exe
  2⤵
  PID:5072
- C:\Windows\System\OlcRcaY.exe
  C:\Windows\System\OlcRcaY.exe
  2⤵
  PID:5092
- C:\Windows\System\XcEjFcP.exe
  C:\Windows\System\XcEjFcP.exe
  2⤵
  PID:4064
- C:\Windows\System\FsoRAes.exe
  C:\Windows\System\FsoRAes.exe
  2⤵
  PID:268
- C:\Windows\System\WpvjIYE.exe
  C:\Windows\System\WpvjIYE.exe
  2⤵
  PID:2080
- C:\Windows\System\lYnEQUc.exe
  C:\Windows\System\lYnEQUc.exe
  2⤵
  PID:3232
- C:\Windows\System\DVauJZW.exe
  C:\Windows\System\DVauJZW.exe
  2⤵
  PID:3916
- C:\Windows\System\dFVciRl.exe
  C:\Windows\System\dFVciRl.exe
  2⤵
  PID:3676
- C:\Windows\System\aHUsBHx.exe
  C:\Windows\System\aHUsBHx.exe
  2⤵
  PID:4200
- C:\Windows\System\Wekkoru.exe
  C:\Windows\System\Wekkoru.exe
  2⤵
  PID:4300
- C:\Windows\System\DEbVLeo.exe
  C:\Windows\System\DEbVLeo.exe
  2⤵
  PID:4308
- C:\Windows\System\XprSCfD.exe
  C:\Windows\System\XprSCfD.exe
  2⤵
  PID:4384
- C:\Windows\System\EvgTBNn.exe
  C:\Windows\System\EvgTBNn.exe
  2⤵
  PID:4284
- C:\Windows\System\TiermHh.exe
  C:\Windows\System\TiermHh.exe
  2⤵
  PID:4440
- C:\Windows\System\sQRrTae.exe
  C:\Windows\System\sQRrTae.exe
  2⤵
  PID:4584
- C:\Windows\System\KPUDMMd.exe
  C:\Windows\System\KPUDMMd.exe
  2⤵
  PID:4468
- C:\Windows\System\RZHNvzL.exe
  C:\Windows\System\RZHNvzL.exe
  2⤵
  PID:1676
- C:\Windows\System\eWZBZyz.exe
  C:\Windows\System\eWZBZyz.exe
  2⤵
  PID:4704
- C:\Windows\System\WGecAQI.exe
  C:\Windows\System\WGecAQI.exe
  2⤵
  PID:4728
- C:\Windows\System\KGxmZYk.exe
  C:\Windows\System\KGxmZYk.exe
  2⤵
  PID:4664
- C:\Windows\System\EqCQpXD.exe
  C:\Windows\System\EqCQpXD.exe
  2⤵
  PID:2800
- C:\Windows\System\FEulmpB.exe
  C:\Windows\System\FEulmpB.exe
  2⤵
  PID:4772
- C:\Windows\System\AgzpmWm.exe
  C:\Windows\System\AgzpmWm.exe
  2⤵
  PID:4952
- C:\Windows\System\gmJdPeu.exe
  C:\Windows\System\gmJdPeu.exe
  2⤵
  PID:2024
- C:\Windows\System\MAAjqBq.exe
  C:\Windows\System\MAAjqBq.exe
  2⤵
  PID:5052
- C:\Windows\System\JISZwlH.exe
  C:\Windows\System\JISZwlH.exe
  2⤵
  PID:4988
- C:\Windows\System\vHrLleR.exe
  C:\Windows\System\vHrLleR.exe
  2⤵
  PID:4040
- C:\Windows\System\NRRrMSA.exe
  C:\Windows\System\NRRrMSA.exe
  2⤵
  PID:5108
- C:\Windows\System\rGlNwAC.exe
  C:\Windows\System\rGlNwAC.exe
  2⤵
  PID:3680
- C:\Windows\System\eRjbKgj.exe
  C:\Windows\System\eRjbKgj.exe
  2⤵
  PID:3512
- C:\Windows\System\gQvKGhq.exe
  C:\Windows\System\gQvKGhq.exe
  2⤵
  PID:4144
- C:\Windows\System\GuoTfMs.exe
  C:\Windows\System\GuoTfMs.exe
  2⤵
  PID:4260
- C:\Windows\System\sApghRi.exe
  C:\Windows\System\sApghRi.exe
  2⤵
  PID:4160
- C:\Windows\System\bYvosbN.exe
  C:\Windows\System\bYvosbN.exe
  2⤵
  PID:4320
- C:\Windows\System\sULRjdN.exe
  C:\Windows\System\sULRjdN.exe
  2⤵
  PID:2704
- C:\Windows\System\eqsilkS.exe
  C:\Windows\System\eqsilkS.exe
  2⤵
  PID:4404
- C:\Windows\System\gXonRDI.exe
  C:\Windows\System\gXonRDI.exe
  2⤵
  PID:4636
- C:\Windows\System\utPknJR.exe
  C:\Windows\System\utPknJR.exe
  2⤵
  PID:4520
- C:\Windows\System\WbNzihr.exe
  C:\Windows\System\WbNzihr.exe
  2⤵
  PID:2716
- C:\Windows\System\huKTAXr.exe
  C:\Windows\System\huKTAXr.exe
  2⤵
  PID:4540
- C:\Windows\System\gTRukDs.exe
  C:\Windows\System\gTRukDs.exe
  2⤵
  PID:4596
- C:\Windows\System\JHnHXtg.exe
  C:\Windows\System\JHnHXtg.exe
  2⤵
  PID:4972
- C:\Windows\System\oJsdMLt.exe
  C:\Windows\System\oJsdMLt.exe
  2⤵
  PID:4748
- C:\Windows\System\zOrYjNr.exe
  C:\Windows\System\zOrYjNr.exe
  2⤵
  PID:5116
- C:\Windows\System\MbpZOMm.exe
  C:\Windows\System\MbpZOMm.exe
  2⤵
  PID:4120
- C:\Windows\System\jGIMmMn.exe
  C:\Windows\System\jGIMmMn.exe
  2⤵
  PID:2340
- C:\Windows\System\cwSpHuz.exe
  C:\Windows\System\cwSpHuz.exe
  2⤵
  PID:1936
- C:\Windows\System\CorpwBE.exe
  C:\Windows\System\CorpwBE.exe
  2⤵
  PID:4360
- C:\Windows\System\fuJkjcd.exe
  C:\Windows\System\fuJkjcd.exe
  2⤵
  PID:4640
- C:\Windows\System\yIXerDA.exe
  C:\Windows\System\yIXerDA.exe
  2⤵
  PID:4328
- C:\Windows\System\ynOwDcX.exe
  C:\Windows\System\ynOwDcX.exe
  2⤵
  PID:4768
- C:\Windows\System\UHGFZbT.exe
  C:\Windows\System\UHGFZbT.exe
  2⤵
  PID:2684
- C:\Windows\System\CBiUwwS.exe
  C:\Windows\System\CBiUwwS.exe
  2⤵
  PID:4484
- C:\Windows\System\GkGjorU.exe
  C:\Windows\System\GkGjorU.exe
  2⤵
  PID:5068
- C:\Windows\System\avGWNJg.exe
  C:\Windows\System\avGWNJg.exe
  2⤵
  PID:5012
- C:\Windows\System\YNMzmUa.exe
  C:\Windows\System\YNMzmUa.exe
  2⤵
  PID:4744
- C:\Windows\System\AsAymGs.exe
  C:\Windows\System\AsAymGs.exe
  2⤵
  PID:2020
- C:\Windows\System\FiUOOdg.exe
  C:\Windows\System\FiUOOdg.exe
  2⤵
  PID:4956
- C:\Windows\System\uKgqKTO.exe
  C:\Windows\System\uKgqKTO.exe
  2⤵
  PID:2896
- C:\Windows\System\AYwcbPh.exe
  C:\Windows\System\AYwcbPh.exe
  2⤵
  PID:2752
- C:\Windows\System\AfPhNar.exe
  C:\Windows\System\AfPhNar.exe
  2⤵
  PID:2844
- C:\Windows\System\ZprPCac.exe
  C:\Windows\System\ZprPCac.exe
  2⤵
  PID:4832
- C:\Windows\System\mEdyCaA.exe
  C:\Windows\System\mEdyCaA.exe
  2⤵
  PID:4764
- C:\Windows\System\blvemjE.exe
  C:\Windows\System\blvemjE.exe
  2⤵
  PID:5144
- C:\Windows\System\wQfgDKA.exe
  C:\Windows\System\wQfgDKA.exe
  2⤵
  PID:5164
- C:\Windows\System\sjohRSi.exe
  C:\Windows\System\sjohRSi.exe
  2⤵
  PID:5180
- C:\Windows\System\xmalJDs.exe
  C:\Windows\System\xmalJDs.exe
  2⤵
  PID:5200
- C:\Windows\System\PdEiuSN.exe
  C:\Windows\System\PdEiuSN.exe
  2⤵
  PID:5220
- C:\Windows\System\TQcgnqi.exe
  C:\Windows\System\TQcgnqi.exe
  2⤵
  PID:5240
- C:\Windows\System\oeIgEBO.exe
  C:\Windows\System\oeIgEBO.exe
  2⤵
  PID:5260
- C:\Windows\System\eyXPmag.exe
  C:\Windows\System\eyXPmag.exe
  2⤵
  PID:5276
- C:\Windows\System\zdKfzur.exe
  C:\Windows\System\zdKfzur.exe
  2⤵
  PID:5300
- C:\Windows\System\okWRqSX.exe
  C:\Windows\System\okWRqSX.exe
  2⤵
  PID:5316
- C:\Windows\System\gIZKgEx.exe
  C:\Windows\System\gIZKgEx.exe
  2⤵
  PID:5340
- C:\Windows\System\oeAFsqO.exe
  C:\Windows\System\oeAFsqO.exe
  2⤵
  PID:5360
- C:\Windows\System\SBmLXvX.exe
  C:\Windows\System\SBmLXvX.exe
  2⤵
  PID:5384
- C:\Windows\System\lXEqhJV.exe
  C:\Windows\System\lXEqhJV.exe
  2⤵
  PID:5404
- C:\Windows\System\VjhusJx.exe
  C:\Windows\System\VjhusJx.exe
  2⤵
  PID:5424
- C:\Windows\System\hgMXJkC.exe
  C:\Windows\System\hgMXJkC.exe
  2⤵
  PID:5444
- C:\Windows\System\rLgNxrC.exe
  C:\Windows\System\rLgNxrC.exe
  2⤵
  PID:5460
- C:\Windows\System\sOkpXqk.exe
  C:\Windows\System\sOkpXqk.exe
  2⤵
  PID:5480
- C:\Windows\System\foRFZwi.exe
  C:\Windows\System\foRFZwi.exe
  2⤵
  PID:5504
- C:\Windows\System\vnczkJu.exe
  C:\Windows\System\vnczkJu.exe
  2⤵
  PID:5524
- C:\Windows\System\SYkIqBl.exe
  C:\Windows\System\SYkIqBl.exe
  2⤵
  PID:5540
- C:\Windows\System\nMacjER.exe
  C:\Windows\System\nMacjER.exe
  2⤵
  PID:5556
- C:\Windows\System\Pfmjlyf.exe
  C:\Windows\System\Pfmjlyf.exe
  2⤵
  PID:5580
- C:\Windows\System\oVjvIGb.exe
  C:\Windows\System\oVjvIGb.exe
  2⤵
  PID:5604
- C:\Windows\System\vUYDhEX.exe
  C:\Windows\System\vUYDhEX.exe
  2⤵
  PID:5624
- C:\Windows\System\tcuyLFc.exe
  C:\Windows\System\tcuyLFc.exe
  2⤵
  PID:5640
- C:\Windows\System\LzwtMKv.exe
  C:\Windows\System\LzwtMKv.exe
  2⤵
  PID:5664
- C:\Windows\System\aLTzwYd.exe
  C:\Windows\System\aLTzwYd.exe
  2⤵
  PID:5684
- C:\Windows\System\smRoTxH.exe
  C:\Windows\System\smRoTxH.exe
  2⤵
  PID:5704
- C:\Windows\System\edeJnrx.exe
  C:\Windows\System\edeJnrx.exe
  2⤵
  PID:5724
- C:\Windows\System\kxZerns.exe
  C:\Windows\System\kxZerns.exe
  2⤵
  PID:5744
- C:\Windows\System\OjrCZRn.exe
  C:\Windows\System\OjrCZRn.exe
  2⤵
  PID:5768
- C:\Windows\System\SvSWFmn.exe
  C:\Windows\System\SvSWFmn.exe
  2⤵
  PID:5788
- C:\Windows\System\WcLwKit.exe
  C:\Windows\System\WcLwKit.exe
  2⤵
  PID:5808
- C:\Windows\System\AoESdWO.exe
  C:\Windows\System\AoESdWO.exe
  2⤵
  PID:5828
- C:\Windows\System\agOagPB.exe
  C:\Windows\System\agOagPB.exe
  2⤵
  PID:5848
- C:\Windows\System\vTIAnal.exe
  C:\Windows\System\vTIAnal.exe
  2⤵
  PID:5868
- C:\Windows\System\PCZkHzv.exe
  C:\Windows\System\PCZkHzv.exe
  2⤵
  PID:5888
- C:\Windows\System\jbFKTIx.exe
  C:\Windows\System\jbFKTIx.exe
  2⤵
  PID:5904
- C:\Windows\System\xOlrAnF.exe
  C:\Windows\System\xOlrAnF.exe
  2⤵
  PID:5928
- C:\Windows\System\PwRRtDD.exe
  C:\Windows\System\PwRRtDD.exe
  2⤵
  PID:5944
- C:\Windows\System\SYGdzee.exe
  C:\Windows\System\SYGdzee.exe
  2⤵
  PID:5968
- C:\Windows\System\BNLSALD.exe
  C:\Windows\System\BNLSALD.exe
  2⤵
  PID:5984
- C:\Windows\System\OPpCDsj.exe
  C:\Windows\System\OPpCDsj.exe
  2⤵
  PID:6008
- C:\Windows\System\ulYzVJz.exe
  C:\Windows\System\ulYzVJz.exe
  2⤵
  PID:6024
- C:\Windows\System\gFbbjPv.exe
  C:\Windows\System\gFbbjPv.exe
  2⤵
  PID:6044
- C:\Windows\System\tSBHxKK.exe
  C:\Windows\System\tSBHxKK.exe
  2⤵
  PID:6064
- C:\Windows\System\EZVbZCg.exe
  C:\Windows\System\EZVbZCg.exe
  2⤵
  PID:6084
- C:\Windows\System\oIEvgZS.exe
  C:\Windows\System\oIEvgZS.exe
  2⤵
  PID:6104
- C:\Windows\System\YYOFHtw.exe
  C:\Windows\System\YYOFHtw.exe
  2⤵
  PID:6124
- C:\Windows\System\yYwBgxd.exe
  C:\Windows\System\yYwBgxd.exe
  2⤵
  PID:4688
- C:\Windows\System\CvmtroQ.exe
  C:\Windows\System\CvmtroQ.exe
  2⤵
  PID:4668
- C:\Windows\System\WSFFFxC.exe
  C:\Windows\System\WSFFFxC.exe
  2⤵
  PID:4648
- C:\Windows\System\jQWVsuQ.exe
  C:\Windows\System\jQWVsuQ.exe
  2⤵
  PID:1324
- C:\Windows\System\GxfWnyg.exe
  C:\Windows\System\GxfWnyg.exe
  2⤵
  PID:4204
- C:\Windows\System\yDJbBCU.exe
  C:\Windows\System\yDJbBCU.exe
  2⤵
  PID:5028
- C:\Windows\System\WxZLkox.exe
  C:\Windows\System\WxZLkox.exe
  2⤵
  PID:4812
- C:\Windows\System\qrBVJuL.exe
  C:\Windows\System\qrBVJuL.exe
  2⤵
  PID:5188
- C:\Windows\System\gRROoTJ.exe
  C:\Windows\System\gRROoTJ.exe
  2⤵
  PID:5232
- C:\Windows\System\GbkeYWr.exe
  C:\Windows\System\GbkeYWr.exe
  2⤵
  PID:5272
- C:\Windows\System\VPMIvWk.exe
  C:\Windows\System\VPMIvWk.exe
  2⤵
  PID:5256
- C:\Windows\System\rwBvlUo.exe
  C:\Windows\System\rwBvlUo.exe
  2⤵
  PID:5288
- C:\Windows\System\WgpBZFV.exe
  C:\Windows\System\WgpBZFV.exe
  2⤵
  PID:4460
- C:\Windows\System\uFSoENT.exe
  C:\Windows\System\uFSoENT.exe
  2⤵
  PID:5372
- C:\Windows\System\ZWNRubb.exe
  C:\Windows\System\ZWNRubb.exe
  2⤵
  PID:5376
- C:\Windows\System\GRxAXhl.exe
  C:\Windows\System\GRxAXhl.exe
  2⤵
  PID:5440
- C:\Windows\System\RhAzPQl.exe
  C:\Windows\System\RhAzPQl.exe
  2⤵
  PID:5476
- C:\Windows\System\mzskKQk.exe
  C:\Windows\System\mzskKQk.exe
  2⤵
  PID:5456
- C:\Windows\System\eEJKTPR.exe
  C:\Windows\System\eEJKTPR.exe
  2⤵
  PID:5500
- C:\Windows\System\IDQffvi.exe
  C:\Windows\System\IDQffvi.exe
  2⤵
  PID:5588
- C:\Windows\System\sRPQkmo.exe
  C:\Windows\System\sRPQkmo.exe
  2⤵
  PID:5576
- C:\Windows\System\NEeWhIl.exe
  C:\Windows\System\NEeWhIl.exe
  2⤵
  PID:5612
- C:\Windows\System\klrfMRj.exe
  C:\Windows\System\klrfMRj.exe
  2⤵
  PID:5680
- C:\Windows\System\HIxoLVV.exe
  C:\Windows\System\HIxoLVV.exe
  2⤵
  PID:5720
- C:\Windows\System\kpRVMDa.exe
  C:\Windows\System\kpRVMDa.exe
  2⤵
  PID:5696
- C:\Windows\System\joBXyxA.exe
  C:\Windows\System\joBXyxA.exe
  2⤵
  PID:5756
- C:\Windows\System\lHyyLMn.exe
  C:\Windows\System\lHyyLMn.exe
  2⤵
  PID:5836
- C:\Windows\System\smUXarM.exe
  C:\Windows\System\smUXarM.exe
  2⤵
  PID:5840
- C:\Windows\System\wiVFcHs.exe
  C:\Windows\System\wiVFcHs.exe
  2⤵
  PID:852
- C:\Windows\System\jWhjCPx.exe
  C:\Windows\System\jWhjCPx.exe
  2⤵
  PID:5860
- C:\Windows\System\rDhnHQh.exe
  C:\Windows\System\rDhnHQh.exe
  2⤵
  PID:5960
- C:\Windows\System\rVGHqdc.exe
  C:\Windows\System\rVGHqdc.exe
  2⤵
  PID:5992
- C:\Windows\System\aaJnmJW.exe
  C:\Windows\System\aaJnmJW.exe
  2⤵
  PID:5940
- C:\Windows\System\ftWiQNy.exe
  C:\Windows\System\ftWiQNy.exe
  2⤵
  PID:2308
- C:\Windows\System\kAlieFd.exe
  C:\Windows\System\kAlieFd.exe
  2⤵
  PID:6076
- C:\Windows\System\ZDudJyM.exe
  C:\Windows\System\ZDudJyM.exe
  2⤵
  PID:6056
- C:\Windows\System\dwNAjnh.exe
  C:\Windows\System\dwNAjnh.exe
  2⤵
  PID:3800
- C:\Windows\System\REEnWjI.exe
  C:\Windows\System\REEnWjI.exe
  2⤵
  PID:6096
- C:\Windows\System\hCrNkwV.exe
  C:\Windows\System\hCrNkwV.exe
  2⤵
  PID:3412
- C:\Windows\System\PetYflH.exe
  C:\Windows\System\PetYflH.exe
  2⤵
  PID:3096
- C:\Windows\System\jipFQUN.exe
  C:\Windows\System\jipFQUN.exe
  2⤵
  PID:4128
- C:\Windows\System\rQHgUsT.exe
  C:\Windows\System\rQHgUsT.exe
  2⤵
  PID:5132
- C:\Windows\System\VYYMYBW.exe
  C:\Windows\System\VYYMYBW.exe
  2⤵
  PID:5172
- C:\Windows\System\bRxirQx.exe
  C:\Windows\System\bRxirQx.exe
  2⤵
  PID:5284
- C:\Windows\System\KfioguM.exe
  C:\Windows\System\KfioguM.exe
  2⤵
  PID:5392
- C:\Windows\System\oxVhmyg.exe
  C:\Windows\System\oxVhmyg.exe
  2⤵
  PID:5252
- C:\Windows\System\GJbNreQ.exe
  C:\Windows\System\GJbNreQ.exe
  2⤵
  PID:2824
- C:\Windows\System\SPqKinQ.exe
  C:\Windows\System\SPqKinQ.exe
  2⤵
  PID:5492
- C:\Windows\System\ckOKrfE.exe
  C:\Windows\System\ckOKrfE.exe
  2⤵
  PID:5352
- C:\Windows\System\OXOrVgD.exe
  C:\Windows\System\OXOrVgD.exe
  2⤵
  PID:2832
- C:\Windows\System\ELaaLkr.exe
  C:\Windows\System\ELaaLkr.exe
  2⤵
  PID:5520
- C:\Windows\System\ZKKLxoM.exe
  C:\Windows\System\ZKKLxoM.exe
  2⤵
  PID:5532
- C:\Windows\System\ScQPyPF.exe
  C:\Windows\System\ScQPyPF.exe
  2⤵
  PID:5672
- C:\Windows\System\UcCfJZi.exe
  C:\Windows\System\UcCfJZi.exe
  2⤵
  PID:5732
- C:\Windows\System\HOMMmVW.exe
  C:\Windows\System\HOMMmVW.exe
  2⤵
  PID:5736
- C:\Windows\System\hOAUdZT.exe
  C:\Windows\System\hOAUdZT.exe
  2⤵
  PID:5844
- C:\Windows\System\yiPlfzs.exe
  C:\Windows\System\yiPlfzs.exe
  2⤵
  PID:5864
- C:\Windows\System\XZWwksG.exe
  C:\Windows\System\XZWwksG.exe
  2⤵
  PID:5956
- C:\Windows\System\KuzqOqr.exe
  C:\Windows\System\KuzqOqr.exe
  2⤵
  PID:6040
- C:\Windows\System\imBasdx.exe
  C:\Windows\System\imBasdx.exe
  2⤵
  PID:6036
- C:\Windows\System\EYwqrwy.exe
  C:\Windows\System\EYwqrwy.exe
  2⤵
  PID:5980
- C:\Windows\System\cMacpvd.exe
  C:\Windows\System\cMacpvd.exe
  2⤵
  PID:6092
- C:\Windows\System\tUcCEHW.exe
  C:\Windows\System\tUcCEHW.exe
  2⤵
  PID:4256
- C:\Windows\System\pQVplia.exe
  C:\Windows\System\pQVplia.exe
  2⤵
  PID:2620
- C:\Windows\System\RlWpNQE.exe
  C:\Windows\System\RlWpNQE.exe
  2⤵
  PID:1044
- C:\Windows\System\daJvnLL.exe
  C:\Windows\System\daJvnLL.exe
  2⤵
  PID:5128
- C:\Windows\System\yXDkNIQ.exe
  C:\Windows\System\yXDkNIQ.exe
  2⤵
  PID:2780
- C:\Windows\System\TuFLQhp.exe
  C:\Windows\System\TuFLQhp.exe
  2⤵
  PID:3924
- C:\Windows\System\HrWNsBP.exe
  C:\Windows\System\HrWNsBP.exe
  2⤵
  PID:5488
- C:\Windows\System\HldfjOF.exe
  C:\Windows\System\HldfjOF.exe
  2⤵
  PID:5380
- C:\Windows\System\HZiozLy.exe
  C:\Windows\System\HZiozLy.exe
  2⤵
  PID:5632
- C:\Windows\System\sljaPOZ.exe
  C:\Windows\System\sljaPOZ.exe
  2⤵
  PID:2148
- C:\Windows\System\OkWbKnL.exe
  C:\Windows\System\OkWbKnL.exe
  2⤵
  PID:5572
- C:\Windows\System\hYwUqjC.exe
  C:\Windows\System\hYwUqjC.exe
  2⤵
  PID:3760
- C:\Windows\System\pwJUuOa.exe
  C:\Windows\System\pwJUuOa.exe
  2⤵
  PID:5884
- C:\Windows\System\QynexMD.exe
  C:\Windows\System\QynexMD.exe
  2⤵
  PID:3032
- C:\Windows\System\lRsOXIV.exe
  C:\Windows\System\lRsOXIV.exe
  2⤵
  PID:5896
- C:\Windows\System\GQERdTC.exe
  C:\Windows\System\GQERdTC.exe
  2⤵
  PID:6080
- C:\Windows\System\xQCmzwV.exe
  C:\Windows\System\xQCmzwV.exe
  2⤵
  PID:2132
- C:\Windows\System\vRVQCQx.exe
  C:\Windows\System\vRVQCQx.exe
  2⤵
  PID:5764
- C:\Windows\System\EfzZqQa.exe
  C:\Windows\System\EfzZqQa.exe
  2⤵
  PID:1528
- C:\Windows\System\atZAsbB.exe
  C:\Windows\System\atZAsbB.exe
  2⤵
  PID:5136
- C:\Windows\System\CtAlbnF.exe
  C:\Windows\System\CtAlbnF.exe
  2⤵
  PID:5212
- C:\Windows\System\XmJGciI.exe
  C:\Windows\System\XmJGciI.exe
  2⤵
  PID:2744
- C:\Windows\System\dnYyCEJ.exe
  C:\Windows\System\dnYyCEJ.exe
  2⤵
  PID:5552
- C:\Windows\System\RdqJoln.exe
  C:\Windows\System\RdqJoln.exe
  2⤵
  PID:5636
- C:\Windows\System\MOgsGTI.exe
  C:\Windows\System\MOgsGTI.exe
  2⤵
  PID:5656
- C:\Windows\System\KCGKWZi.exe
  C:\Windows\System\KCGKWZi.exe
  2⤵
  PID:5568
- C:\Windows\System\bTVBlFc.exe
  C:\Windows\System\bTVBlFc.exe
  2⤵
  PID:5924
- C:\Windows\System\NWqWFWl.exe
  C:\Windows\System\NWqWFWl.exe
  2⤵
  PID:5976
- C:\Windows\System\tTEwlYG.exe
  C:\Windows\System\tTEwlYG.exe
  2⤵
  PID:5936
- C:\Windows\System\heIpDAy.exe
  C:\Windows\System\heIpDAy.exe
  2⤵
  PID:1924
- C:\Windows\System\LLnUMBj.exe
  C:\Windows\System\LLnUMBj.exe
  2⤵
  PID:2872
- C:\Windows\System\uWrVdtQ.exe
  C:\Windows\System\uWrVdtQ.exe
  2⤵
  PID:2804
- C:\Windows\System\hgNXGvK.exe
  C:\Windows\System\hgNXGvK.exe
  2⤵
  PID:5216
- C:\Windows\System\zGJBsNh.exe
  C:\Windows\System\zGJBsNh.exe
  2⤵
  PID:5452
- C:\Windows\System\TszNsbv.exe
  C:\Windows\System\TszNsbv.exe
  2⤵
  PID:5600
- C:\Windows\System\tbHPZzD.exe
  C:\Windows\System\tbHPZzD.exe
  2⤵
  PID:5616
- C:\Windows\System\NfPHFSV.exe
  C:\Windows\System\NfPHFSV.exe
  2⤵
  PID:2788
- C:\Windows\System\SVtELDm.exe
  C:\Windows\System\SVtELDm.exe
  2⤵
  PID:5780
- C:\Windows\System\UAExgdT.exe
  C:\Windows\System\UAExgdT.exe
  2⤵
  PID:5880
- C:\Windows\System\OlvPGMo.exe
  C:\Windows\System\OlvPGMo.exe
  2⤵
  PID:3024
- C:\Windows\System\hhqwrGA.exe
  C:\Windows\System\hhqwrGA.exe
  2⤵
  PID:1864
- C:\Windows\System\abeVOZx.exe
  C:\Windows\System\abeVOZx.exe
  2⤵
  PID:924
- C:\Windows\System\eJpSRZU.exe
  C:\Windows\System\eJpSRZU.exe
  2⤵
  PID:1600
- C:\Windows\System\HFGGpzP.exe
  C:\Windows\System\HFGGpzP.exe
  2⤵
  PID:1612
- C:\Windows\System\yMYTERY.exe
  C:\Windows\System\yMYTERY.exe
  2⤵
  PID:1780
- C:\Windows\System\skBgbXm.exe
  C:\Windows\System\skBgbXm.exe
  2⤵
  PID:2584
- C:\Windows\System\UGsAWZc.exe
  C:\Windows\System\UGsAWZc.exe
  2⤵
  PID:3332
- C:\Windows\System\LxMjaKd.exe
  C:\Windows\System\LxMjaKd.exe
  2⤵
  PID:1972
- C:\Windows\System\giIGOhu.exe
  C:\Windows\System\giIGOhu.exe
  2⤵
  PID:1356
- C:\Windows\System\inbXowS.exe
  C:\Windows\System\inbXowS.exe
  2⤵
  PID:536
- C:\Windows\System\aFXzWvk.exe
  C:\Windows\System\aFXzWvk.exe
  2⤵
  PID:620
- C:\Windows\System\dvFerqn.exe
  C:\Windows\System\dvFerqn.exe
  2⤵
  PID:320
- C:\Windows\System\eNeDaLF.exe
  C:\Windows\System\eNeDaLF.exe
  2⤵
  PID:560
- C:\Windows\System\JlyLIYW.exe
  C:\Windows\System\JlyLIYW.exe
  2⤵
  PID:3692
- C:\Windows\System\prFjrTA.exe
  C:\Windows\System\prFjrTA.exe
  2⤵
  PID:2888
- C:\Windows\System\FDyRRWj.exe
  C:\Windows\System\FDyRRWj.exe
  2⤵
  PID:2688
- C:\Windows\System\PkfrxKy.exe
  C:\Windows\System\PkfrxKy.exe
  2⤵
  PID:1984
- C:\Windows\System\NLPmKMI.exe
  C:\Windows\System\NLPmKMI.exe
  2⤵
  PID:1980
- C:\Windows\System\zQWuGxL.exe
  C:\Windows\System\zQWuGxL.exe
  2⤵
  PID:3068
- C:\Windows\System\qLOHRyH.exe
  C:\Windows\System\qLOHRyH.exe
  2⤵
  PID:6000
- C:\Windows\System\adQIKHO.exe
  C:\Windows\System\adQIKHO.exe
  2⤵
  PID:3056
- C:\Windows\System\TkirlYR.exe
  C:\Windows\System\TkirlYR.exe
  2⤵
  PID:5156
- C:\Windows\System\koRTDuR.exe
  C:\Windows\System\koRTDuR.exe
  2⤵
  PID:1816
- C:\Windows\System\ZhxcDvu.exe
  C:\Windows\System\ZhxcDvu.exe
  2⤵
  PID:5336
- C:\Windows\System\dFTWRPU.exe
  C:\Windows\System\dFTWRPU.exe
  2⤵
  PID:6160
- C:\Windows\System\bGGsegI.exe
  C:\Windows\System\bGGsegI.exe
  2⤵
  PID:6180
- C:\Windows\System\yVWvHyI.exe
  C:\Windows\System\yVWvHyI.exe
  2⤵
  PID:6196
- C:\Windows\System\XqweFEP.exe
  C:\Windows\System\XqweFEP.exe
  2⤵
  PID:6216
- C:\Windows\System\eDGTqeu.exe
  C:\Windows\System\eDGTqeu.exe
  2⤵
  PID:6232
- C:\Windows\System\FMEuNbf.exe
  C:\Windows\System\FMEuNbf.exe
  2⤵
  PID:6252
- C:\Windows\System\EnPTgNH.exe
  C:\Windows\System\EnPTgNH.exe
  2⤵
  PID:6268
- C:\Windows\System\dxDqQLB.exe
  C:\Windows\System\dxDqQLB.exe
  2⤵
  PID:6284
- C:\Windows\System\HNzKXcw.exe
  C:\Windows\System\HNzKXcw.exe
  2⤵
  PID:6300
- C:\Windows\System\noXPvaz.exe
  C:\Windows\System\noXPvaz.exe
  2⤵
  PID:6320
- C:\Windows\System\GjqFuYL.exe
  C:\Windows\System\GjqFuYL.exe
  2⤵
  PID:6336
- C:\Windows\System\WFfGxCr.exe
  C:\Windows\System\WFfGxCr.exe
  2⤵
  PID:6372
- C:\Windows\System\HowrDSY.exe
  C:\Windows\System\HowrDSY.exe
  2⤵
  PID:6400
- C:\Windows\System\PMknGaT.exe
  C:\Windows\System\PMknGaT.exe
  2⤵
  PID:6420
- C:\Windows\System\IoRvPEV.exe
  C:\Windows\System\IoRvPEV.exe
  2⤵
  PID:6436
- C:\Windows\System\gAVIQOF.exe
  C:\Windows\System\gAVIQOF.exe
  2⤵
  PID:6476
- C:\Windows\System\phGTgII.exe
  C:\Windows\System\phGTgII.exe
  2⤵
  PID:6492
- C:\Windows\System\CWDbgYh.exe
  C:\Windows\System\CWDbgYh.exe
  2⤵
  PID:6512
- C:\Windows\System\SlxctOZ.exe
  C:\Windows\System\SlxctOZ.exe
  2⤵
  PID:6528
- C:\Windows\System\YDCdbET.exe
  C:\Windows\System\YDCdbET.exe
  2⤵
  PID:6544
- C:\Windows\System\SssIdEh.exe
  C:\Windows\System\SssIdEh.exe
  2⤵
  PID:6560
- C:\Windows\System\kCJaJPT.exe
  C:\Windows\System\kCJaJPT.exe
  2⤵
  PID:6588
- C:\Windows\System\WvhYzpa.exe
  C:\Windows\System\WvhYzpa.exe
  2⤵
  PID:6604
- C:\Windows\System\SAZzAXT.exe
  C:\Windows\System\SAZzAXT.exe
  2⤵
  PID:6624
- C:\Windows\System\TupWNaT.exe
  C:\Windows\System\TupWNaT.exe
  2⤵
  PID:6644
- C:\Windows\System\aOMwQYX.exe
  C:\Windows\System\aOMwQYX.exe
  2⤵
  PID:6664
- C:\Windows\System\FRozGcr.exe
  C:\Windows\System\FRozGcr.exe
  2⤵
  PID:6680
- C:\Windows\System\qwalQUL.exe
  C:\Windows\System\qwalQUL.exe
  2⤵
  PID:6720
- C:\Windows\System\FJrGyFp.exe
  C:\Windows\System\FJrGyFp.exe
  2⤵
  PID:6736
- C:\Windows\System\GVbktOI.exe
  C:\Windows\System\GVbktOI.exe
  2⤵
  PID:6756
- C:\Windows\System\rjCFBnu.exe
  C:\Windows\System\rjCFBnu.exe
  2⤵
  PID:6776
- C:\Windows\System\iIyTzYe.exe
  C:\Windows\System\iIyTzYe.exe
  2⤵
  PID:6792
- C:\Windows\System\yYETWAY.exe
  C:\Windows\System\yYETWAY.exe
  2⤵
  PID:6812
- C:\Windows\System\PNCaIgZ.exe
  C:\Windows\System\PNCaIgZ.exe
  2⤵
  PID:6832
- C:\Windows\System\sqWhOQK.exe
  C:\Windows\System\sqWhOQK.exe
  2⤵
  PID:6856
- C:\Windows\System\KNMwqji.exe
  C:\Windows\System\KNMwqji.exe
  2⤵
  PID:6872
- C:\Windows\System\MQLwVOx.exe
  C:\Windows\System\MQLwVOx.exe
  2⤵
  PID:6888
- C:\Windows\System\OYAkPNQ.exe
  C:\Windows\System\OYAkPNQ.exe
  2⤵
  PID:6904
- C:\Windows\System\jpaIfek.exe
  C:\Windows\System\jpaIfek.exe
  2⤵
  PID:6920
- C:\Windows\System\MdkBgtr.exe
  C:\Windows\System\MdkBgtr.exe
  2⤵
  PID:6936
- C:\Windows\System\sXkxriO.exe
  C:\Windows\System\sXkxriO.exe
  2⤵
  PID:6952
- C:\Windows\System\dthtAFK.exe
  C:\Windows\System\dthtAFK.exe
  2⤵
  PID:6976
- C:\Windows\System\fAmhDMR.exe
  C:\Windows\System\fAmhDMR.exe
  2⤵
  PID:7000
- C:\Windows\System\pKFtqfx.exe
  C:\Windows\System\pKFtqfx.exe
  2⤵
  PID:7020
- C:\Windows\System\fjKSTtW.exe
  C:\Windows\System\fjKSTtW.exe
  2⤵
  PID:7056
- C:\Windows\System\XYkfhUJ.exe
  C:\Windows\System\XYkfhUJ.exe
  2⤵
  PID:7072
- C:\Windows\System\HMgtQso.exe
  C:\Windows\System\HMgtQso.exe
  2⤵
  PID:7088
- C:\Windows\System\DfxQRPu.exe
  C:\Windows\System\DfxQRPu.exe
  2⤵
  PID:7104
- C:\Windows\System\YcFIeZu.exe
  C:\Windows\System\YcFIeZu.exe
  2⤵
  PID:7120
- C:\Windows\System\yuKMZOg.exe
  C:\Windows\System\yuKMZOg.exe
  2⤵
  PID:7148
- C:\Windows\System\HVrxyoK.exe
  C:\Windows\System\HVrxyoK.exe
  2⤵
  PID:7164
- C:\Windows\System\vrgKaKM.exe
  C:\Windows\System\vrgKaKM.exe
  2⤵
  PID:1876
- C:\Windows\System\BJfXAmm.exe
  C:\Windows\System\BJfXAmm.exe
  2⤵
  PID:5564
- C:\Windows\System\EtSEjLi.exe
  C:\Windows\System\EtSEjLi.exe
  2⤵
  PID:6204
- C:\Windows\System\sEQiDiX.exe
  C:\Windows\System\sEQiDiX.exe
  2⤵
  PID:6244
- C:\Windows\System\VJreros.exe
  C:\Windows\System\VJreros.exe
  2⤵
  PID:6344
- C:\Windows\System\IjlcAED.exe
  C:\Windows\System\IjlcAED.exe
  2⤵
  PID:6364
- C:\Windows\System\ePkcZLh.exe
  C:\Windows\System\ePkcZLh.exe
  2⤵
  PID:6292
- C:\Windows\System\qCKcSZQ.exe
  C:\Windows\System\qCKcSZQ.exe
  2⤵
  PID:6444
- C:\Windows\System\RhqACiW.exe
  C:\Windows\System\RhqACiW.exe
  2⤵
  PID:6460
- C:\Windows\System\PmepEgI.exe
  C:\Windows\System\PmepEgI.exe
  2⤵
  PID:6472
- C:\Windows\System\eaXMwqL.exe
  C:\Windows\System\eaXMwqL.exe
  2⤵
  PID:6504
- C:\Windows\System\oPrQWxX.exe
  C:\Windows\System\oPrQWxX.exe
  2⤵
  PID:6568
- C:\Windows\System\XAuDxYq.exe
  C:\Windows\System\XAuDxYq.exe
  2⤵
  PID:6584
- C:\Windows\System\HuLTPFL.exe
  C:\Windows\System\HuLTPFL.exe
  2⤵
  PID:6596
- C:\Windows\System\mCYiiuy.exe
  C:\Windows\System\mCYiiuy.exe
  2⤵
  PID:6632
- C:\Windows\System\ilzBGei.exe
  C:\Windows\System\ilzBGei.exe
  2⤵
  PID:6656
- C:\Windows\System\PinaaDQ.exe
  C:\Windows\System\PinaaDQ.exe
  2⤵
  PID:6692
- C:\Windows\System\uVWVWtX.exe
  C:\Windows\System\uVWVWtX.exe
  2⤵
  PID:6672
- C:\Windows\System\FLTWbCS.exe
  C:\Windows\System\FLTWbCS.exe
  2⤵
  PID:6712
- C:\Windows\System\hhVwbUF.exe
  C:\Windows\System\hhVwbUF.exe
  2⤵
  PID:6748
- C:\Windows\System\zbqwEAY.exe
  C:\Windows\System\zbqwEAY.exe
  2⤵
  PID:6800
- C:\Windows\System\RGTpXnI.exe
  C:\Windows\System\RGTpXnI.exe
  2⤵
  PID:6848
- C:\Windows\System\XeQvtnc.exe
  C:\Windows\System\XeQvtnc.exe
  2⤵
  PID:6880
- C:\Windows\System\hOnYVQl.exe
  C:\Windows\System\hOnYVQl.exe
  2⤵
  PID:6900
- C:\Windows\System\pyGqVoB.exe
  C:\Windows\System\pyGqVoB.exe
  2⤵
  PID:6968
- C:\Windows\System\ZaRsjyi.exe
  C:\Windows\System\ZaRsjyi.exe
  2⤵
  PID:6944
- C:\Windows\System\WFBBPuJ.exe
  C:\Windows\System\WFBBPuJ.exe
  2⤵
  PID:6996
- C:\Windows\System\rRsipvF.exe
  C:\Windows\System\rRsipvF.exe
  2⤵
  PID:6912
- C:\Windows\System\xDDvmBn.exe
  C:\Windows\System\xDDvmBn.exe
  2⤵
  PID:7044
- C:\Windows\System\TPjhKNc.exe
  C:\Windows\System\TPjhKNc.exe
  2⤵
  PID:7084
- C:\Windows\System\xmzJczN.exe
  C:\Windows\System\xmzJczN.exe
  2⤵
  PID:7068
- C:\Windows\System\SgkNlvR.exe
  C:\Windows\System\SgkNlvR.exe
  2⤵
  PID:7132
- C:\Windows\System\JtnUucj.exe
  C:\Windows\System\JtnUucj.exe
  2⤵
  PID:6156
- C:\Windows\System\bZmdCIc.exe
  C:\Windows\System\bZmdCIc.exe
  2⤵
  PID:7160
- C:\Windows\System\dRsAPOk.exe
  C:\Windows\System\dRsAPOk.exe
  2⤵
  PID:2264
- C:\Windows\System\otdVyfX.exe
  C:\Windows\System\otdVyfX.exe
  2⤵
  PID:6352
- C:\Windows\System\DNIgENY.exe
  C:\Windows\System\DNIgENY.exe
  2⤵
  PID:6228
- C:\Windows\System\MGlJEYz.exe
  C:\Windows\System\MGlJEYz.exe
  2⤵
  PID:6428
- C:\Windows\System\HEUpkLj.exe
  C:\Windows\System\HEUpkLj.exe
  2⤵
  PID:6408
- C:\Windows\System\GYHlMhU.exe
  C:\Windows\System\GYHlMhU.exe
  2⤵
  PID:6484
- C:\Windows\System\SyCOcNC.exe
  C:\Windows\System\SyCOcNC.exe
  2⤵
  PID:6580
- C:\Windows\System\axwKNKc.exe
  C:\Windows\System\axwKNKc.exe
  2⤵
  PID:6616
- C:\Windows\System\RVuMIrZ.exe
  C:\Windows\System\RVuMIrZ.exe
  2⤵
  PID:6700
- C:\Windows\System\gMHhKOZ.exe
  C:\Windows\System\gMHhKOZ.exe
  2⤵
  PID:6620
- C:\Windows\System\WFwLgHh.exe
  C:\Windows\System\WFwLgHh.exe
  2⤵
  PID:6884
- C:\Windows\System\CxvxGbE.exe
  C:\Windows\System\CxvxGbE.exe
  2⤵
  PID:7032
- C:\Windows\System\MedZTkc.exe
  C:\Windows\System\MedZTkc.exe
  2⤵
  PID:7036
- C:\Windows\System\bNIyprn.exe
  C:\Windows\System\bNIyprn.exe
  2⤵
  PID:6820
- C:\Windows\System\ivRDZNy.exe
  C:\Windows\System\ivRDZNy.exe
  2⤵
  PID:6768
- C:\Windows\System\GqUzhLE.exe
  C:\Windows\System\GqUzhLE.exe
  2⤵
  PID:6964
- C:\Windows\System\LKupvSV.exe
  C:\Windows\System\LKupvSV.exe
  2⤵
  PID:6788
- C:\Windows\System\vABjZQM.exe
  C:\Windows\System\vABjZQM.exe
  2⤵
  PID:6688
- C:\Windows\System\aeqzlST.exe
  C:\Windows\System\aeqzlST.exe
  2⤵
  PID:7064
- C:\Windows\System\mOyDbkQ.exe
  C:\Windows\System\mOyDbkQ.exe
  2⤵
  PID:7128
- C:\Windows\System\VmdpAuk.exe
  C:\Windows\System\VmdpAuk.exe
  2⤵
  PID:6332
- C:\Windows\System\fvxBplI.exe
  C:\Windows\System\fvxBplI.exe
  2⤵
  PID:6468
- C:\Windows\System\mUwpsdk.exe
  C:\Windows\System\mUwpsdk.exe
  2⤵
  PID:6840
- C:\Windows\System\eYJjgdz.exe
  C:\Windows\System\eYJjgdz.exe
  2⤵
  PID:6152
- C:\Windows\System\wYvTyze.exe
  C:\Windows\System\wYvTyze.exe
  2⤵
  PID:6192
- C:\Windows\System\fcJAQMf.exe
  C:\Windows\System\fcJAQMf.exe
  2⤵
  PID:6416
- C:\Windows\System\biIBqIO.exe
  C:\Windows\System\biIBqIO.exe
  2⤵
  PID:6852
- C:\Windows\System\kihzysH.exe
  C:\Windows\System\kihzysH.exe
  2⤵
  PID:6176
- C:\Windows\System\QDaLBgN.exe
  C:\Windows\System\QDaLBgN.exe
  2⤵
  PID:6540
- C:\Windows\System\bNzcmrd.exe
  C:\Windows\System\bNzcmrd.exe
  2⤵
  PID:7012
- C:\Windows\System\TbPjdJn.exe
  C:\Windows\System\TbPjdJn.exe
  2⤵
  PID:6984
- C:\Windows\System\oPmeMkv.exe
  C:\Windows\System\oPmeMkv.exe
  2⤵
  PID:7100
- C:\Windows\System\qQtuTbs.exe
  C:\Windows\System\qQtuTbs.exe
  2⤵
  PID:6556
- C:\Windows\System\grgAyKC.exe
  C:\Windows\System\grgAyKC.exe
  2⤵
  PID:6864
- C:\Windows\System\TNKTsKk.exe
  C:\Windows\System\TNKTsKk.exe
  2⤵
  PID:6764
- C:\Windows\System\hpvybJf.exe
  C:\Windows\System\hpvybJf.exe
  2⤵
  PID:7052
- C:\Windows\System\PUHkqfJ.exe
  C:\Windows\System\PUHkqfJ.exe
  2⤵
  PID:6536
- C:\Windows\System\MdkfKsa.exe
  C:\Windows\System\MdkfKsa.exe
  2⤵
  PID:6708
- C:\Windows\System\BreJoAX.exe
  C:\Windows\System\BreJoAX.exe
  2⤵
  PID:7184
- C:\Windows\System\oBihhFv.exe
  C:\Windows\System\oBihhFv.exe
  2⤵
  PID:7200
- C:\Windows\System\xUcGXey.exe
  C:\Windows\System\xUcGXey.exe
  2⤵
  PID:7216
- C:\Windows\System\tLnMgfi.exe
  C:\Windows\System\tLnMgfi.exe
  2⤵
  PID:7232
- C:\Windows\System\hOQNVpO.exe
  C:\Windows\System\hOQNVpO.exe
  2⤵
  PID:7248
- C:\Windows\System\ouyxulg.exe
  C:\Windows\System\ouyxulg.exe
  2⤵
  PID:7264
- C:\Windows\System\NYfAcbL.exe
  C:\Windows\System\NYfAcbL.exe
  2⤵
  PID:7280
- C:\Windows\System\kqPEVkJ.exe
  C:\Windows\System\kqPEVkJ.exe
  2⤵
  PID:7296
- C:\Windows\System\CuyPNQQ.exe
  C:\Windows\System\CuyPNQQ.exe
  2⤵
  PID:7316
- C:\Windows\System\YwMyxsI.exe
  C:\Windows\System\YwMyxsI.exe
  2⤵
  PID:7332
- C:\Windows\System\Aqdnhwz.exe
  C:\Windows\System\Aqdnhwz.exe
  2⤵
  PID:7348
- C:\Windows\System\giJowoE.exe
  C:\Windows\System\giJowoE.exe
  2⤵
  PID:7364
- C:\Windows\System\ZIXuvtX.exe
  C:\Windows\System\ZIXuvtX.exe
  2⤵
  PID:7380
- C:\Windows\System\uOjZwlq.exe
  C:\Windows\System\uOjZwlq.exe
  2⤵
  PID:7396
- C:\Windows\System\zyjCbnd.exe
  C:\Windows\System\zyjCbnd.exe
  2⤵
  PID:7412
- C:\Windows\System\mKKoyaJ.exe
  C:\Windows\System\mKKoyaJ.exe
  2⤵
  PID:7428
- C:\Windows\System\wTgOlbd.exe
  C:\Windows\System\wTgOlbd.exe
  2⤵
  PID:7444
- C:\Windows\System\rZXxVSD.exe
  C:\Windows\System\rZXxVSD.exe
  2⤵
  PID:7464
- C:\Windows\System\GruHdUh.exe
  C:\Windows\System\GruHdUh.exe
  2⤵
  PID:7488
- C:\Windows\System\fYkRvSA.exe
  C:\Windows\System\fYkRvSA.exe
  2⤵
  PID:7504
- C:\Windows\System\kkKJSEp.exe
  C:\Windows\System\kkKJSEp.exe
  2⤵
  PID:7520
- C:\Windows\System\XFPBpJa.exe
  C:\Windows\System\XFPBpJa.exe
  2⤵
  PID:7536
- C:\Windows\System\MEIiDHg.exe
  C:\Windows\System\MEIiDHg.exe
  2⤵
  PID:7552
- C:\Windows\System\JuOXtBL.exe
  C:\Windows\System\JuOXtBL.exe
  2⤵
  PID:7572
- C:\Windows\System\UDnXtJJ.exe
  C:\Windows\System\UDnXtJJ.exe
  2⤵
  PID:7588
- C:\Windows\System\sUWOyBz.exe
  C:\Windows\System\sUWOyBz.exe
  2⤵
  PID:7604
- C:\Windows\System\EBUfNUH.exe
  C:\Windows\System\EBUfNUH.exe
  2⤵
  PID:7620
- C:\Windows\System\GZCkkQr.exe
  C:\Windows\System\GZCkkQr.exe
  2⤵
  PID:7636
- C:\Windows\System\RkKAmAc.exe
  C:\Windows\System\RkKAmAc.exe
  2⤵
  PID:7652
- C:\Windows\System\LboCkYK.exe
  C:\Windows\System\LboCkYK.exe
  2⤵
  PID:7668
- C:\Windows\System\FNZhLLL.exe
  C:\Windows\System\FNZhLLL.exe
  2⤵
  PID:7684
- C:\Windows\System\VqWxrNT.exe
  C:\Windows\System\VqWxrNT.exe
  2⤵
  PID:7700
- C:\Windows\System\sUWcswD.exe
  C:\Windows\System\sUWcswD.exe
  2⤵
  PID:7720
- C:\Windows\System\IzCKLnK.exe
  C:\Windows\System\IzCKLnK.exe
  2⤵
  PID:7736
- C:\Windows\System\KtgFjOz.exe
  C:\Windows\System\KtgFjOz.exe
  2⤵
  PID:7752
- C:\Windows\System\hIyRlUf.exe
  C:\Windows\System\hIyRlUf.exe
  2⤵
  PID:7768
- C:\Windows\System\eTqfbqe.exe
  C:\Windows\System\eTqfbqe.exe
  2⤵
  PID:7784
- C:\Windows\System\gKqobUG.exe
  C:\Windows\System\gKqobUG.exe
  2⤵
  PID:7800
- C:\Windows\System\epiMlwP.exe
  C:\Windows\System\epiMlwP.exe
  2⤵
  PID:7816
- C:\Windows\System\tvisVQZ.exe
  C:\Windows\System\tvisVQZ.exe
  2⤵
  PID:7832
- C:\Windows\System\chZrvxZ.exe
  C:\Windows\System\chZrvxZ.exe
  2⤵
  PID:7848
- C:\Windows\System\mnjpXMP.exe
  C:\Windows\System\mnjpXMP.exe
  2⤵
  PID:7864
- C:\Windows\System\gJkbXxz.exe
  C:\Windows\System\gJkbXxz.exe
  2⤵
  PID:7880
- C:\Windows\System\IelwCVh.exe
  C:\Windows\System\IelwCVh.exe
  2⤵
  PID:7896
- C:\Windows\System\lJiIZbi.exe
  C:\Windows\System\lJiIZbi.exe
  2⤵
  PID:7916
- C:\Windows\System\WUEhQxh.exe
  C:\Windows\System\WUEhQxh.exe
  2⤵
  PID:7932
- C:\Windows\System\WZPvqKF.exe
  C:\Windows\System\WZPvqKF.exe
  2⤵
  PID:7948
- C:\Windows\System\OONOcIk.exe
  C:\Windows\System\OONOcIk.exe
  2⤵
  PID:7964
- C:\Windows\System\CdLCXek.exe
  C:\Windows\System\CdLCXek.exe
  2⤵
  PID:7980
- C:\Windows\System\tnKUgFw.exe
  C:\Windows\System\tnKUgFw.exe
  2⤵
  PID:7996
- C:\Windows\System\YQRhFFl.exe
  C:\Windows\System\YQRhFFl.exe
  2⤵
  PID:8012
- C:\Windows\System\AaFWqjO.exe
  C:\Windows\System\AaFWqjO.exe
  2⤵
  PID:8028
- C:\Windows\System\glIsKZB.exe
  C:\Windows\System\glIsKZB.exe
  2⤵
  PID:8044
- C:\Windows\System\pkcnLtG.exe
  C:\Windows\System\pkcnLtG.exe
  2⤵
  PID:8060
- C:\Windows\System\KeMqLti.exe
  C:\Windows\System\KeMqLti.exe
  2⤵
  PID:8076
- C:\Windows\System\lmjpKJl.exe
  C:\Windows\System\lmjpKJl.exe
  2⤵
  PID:8092
- C:\Windows\System\uDxFJhQ.exe
  C:\Windows\System\uDxFJhQ.exe
  2⤵
  PID:8108
- C:\Windows\System\LIywjjQ.exe
  C:\Windows\System\LIywjjQ.exe
  2⤵
  PID:8124
- C:\Windows\System\qQkuwxw.exe
  C:\Windows\System\qQkuwxw.exe
  2⤵
  PID:8140
- C:\Windows\System\psviXCk.exe
  C:\Windows\System\psviXCk.exe
  2⤵
  PID:8156
- C:\Windows\System\JTGHfJg.exe
  C:\Windows\System\JTGHfJg.exe
  2⤵
  PID:8176
- C:\Windows\System\nUVBzsk.exe
  C:\Windows\System\nUVBzsk.exe
  2⤵
  PID:6360
- C:\Windows\System\VbDzvWl.exe
  C:\Windows\System\VbDzvWl.exe
  2⤵
  PID:6260
- C:\Windows\System\sPLbXYh.exe
  C:\Windows\System\sPLbXYh.exe
  2⤵
  PID:7144
- C:\Windows\System\JBBgXkt.exe
  C:\Windows\System\JBBgXkt.exe
  2⤵
  PID:7048
- C:\Windows\System\SPnRcmN.exe
  C:\Windows\System\SPnRcmN.exe
  2⤵
  PID:7212
- C:\Windows\System\tecaSMb.exe
  C:\Windows\System\tecaSMb.exe
  2⤵
  PID:7276
- C:\Windows\System\PucjwKw.exe
  C:\Windows\System\PucjwKw.exe
  2⤵
  PID:7228
- C:\Windows\System\gZnmfKK.exe
  C:\Windows\System\gZnmfKK.exe
  2⤵
  PID:7324
- C:\Windows\System\cPBJNsC.exe
  C:\Windows\System\cPBJNsC.exe
  2⤵
  PID:7344
- C:\Windows\System\qVdEptw.exe
  C:\Windows\System\qVdEptw.exe
  2⤵
  PID:7408
- C:\Windows\System\lWCxNgX.exe
  C:\Windows\System\lWCxNgX.exe
  2⤵
  PID:7472
- C:\Windows\System\HyIKcHt.exe
  C:\Windows\System\HyIKcHt.exe
  2⤵
  PID:7480
- C:\Windows\System\imAKvPZ.exe
  C:\Windows\System\imAKvPZ.exe
  2⤵
  PID:7544
- C:\Windows\System\GlHeUAe.exe
  C:\Windows\System\GlHeUAe.exe
  2⤵
  PID:7612
- C:\Windows\System\LZqrsgW.exe
  C:\Windows\System\LZqrsgW.exe
  2⤵
  PID:7360
- C:\Windows\System\VDqCYWG.exe
  C:\Windows\System\VDqCYWG.exe
  2⤵
  PID:7452
- C:\Windows\System\KPmPlUx.exe
  C:\Windows\System\KPmPlUx.exe
  2⤵
  PID:7496
- C:\Windows\System\EYQknUa.exe
  C:\Windows\System\EYQknUa.exe
  2⤵
  PID:7564
- C:\Windows\System\CBOOrWi.exe
  C:\Windows\System\CBOOrWi.exe
  2⤵
  PID:7632
- C:\Windows\System\RJLIyhG.exe
  C:\Windows\System\RJLIyhG.exe
  2⤵
  PID:7664
- C:\Windows\System\CXXuPqU.exe
  C:\Windows\System\CXXuPqU.exe
  2⤵
  PID:7696
- C:\Windows\System\yaCHgdy.exe
  C:\Windows\System\yaCHgdy.exe
  2⤵
  PID:7760
- C:\Windows\System\EtKPvWb.exe
  C:\Windows\System\EtKPvWb.exe
  2⤵
  PID:7776
- C:\Windows\System\XTPuNzP.exe
  C:\Windows\System\XTPuNzP.exe
  2⤵
  PID:7808
- C:\Windows\System\Kneesrm.exe
  C:\Windows\System\Kneesrm.exe
  2⤵
  PID:7856
- C:\Windows\System\IUHbJLj.exe
  C:\Windows\System\IUHbJLj.exe
  2⤵
  PID:7872
- C:\Windows\System\fNryWib.exe
  C:\Windows\System\fNryWib.exe
  2⤵
  PID:7892
- C:\Windows\System\TdrMBhg.exe
  C:\Windows\System\TdrMBhg.exe
  2⤵
  PID:7944
- C:\Windows\System\GejJomS.exe
  C:\Windows\System\GejJomS.exe
  2⤵
  PID:7960
- C:\Windows\System\hJDTgTz.exe
  C:\Windows\System\hJDTgTz.exe
  2⤵
  PID:8024
- C:\Windows\System\hHhPYWD.exe
  C:\Windows\System\hHhPYWD.exe
  2⤵
  PID:7976
- C:\Windows\System\PpdrLaI.exe
  C:\Windows\System\PpdrLaI.exe
  2⤵
  PID:8040
- C:\Windows\System\VIgkZeN.exe
  C:\Windows\System\VIgkZeN.exe
  2⤵
  PID:8084
- C:\Windows\System\jrVQhGe.exe
  C:\Windows\System\jrVQhGe.exe
  2⤵
  PID:8148
- C:\Windows\System\KoAuaig.exe
  C:\Windows\System\KoAuaig.exe
  2⤵
  PID:8120
- C:\Windows\System\QrVLtWK.exe
  C:\Windows\System\QrVLtWK.exe
  2⤵
  PID:5416
- C:\Windows\System\uUrhwdY.exe
  C:\Windows\System\uUrhwdY.exe
  2⤵
  PID:8172
- C:\Windows\System\OpXDXXK.exe
  C:\Windows\System\OpXDXXK.exe
  2⤵
  PID:7180
- C:\Windows\System\DeuHSTE.exe
  C:\Windows\System\DeuHSTE.exe
  2⤵
  PID:7260
- C:\Windows\System\QMLylZA.exe
  C:\Windows\System\QMLylZA.exe
  2⤵
  PID:7404
- C:\Windows\System\djRMIUV.exe
  C:\Windows\System\djRMIUV.exe
  2⤵
  PID:7440
- C:\Windows\System\MToSVsq.exe
  C:\Windows\System\MToSVsq.exe
  2⤵
  PID:7512
- C:\Windows\System\RWIHdHd.exe
  C:\Windows\System\RWIHdHd.exe
  2⤵
  PID:7528
- C:\Windows\System\hDRYzPM.exe
  C:\Windows\System\hDRYzPM.exe
  2⤵
  PID:7516
- C:\Windows\System\yyQLshV.exe
  C:\Windows\System\yyQLshV.exe
  2⤵
  PID:7732
- C:\Windows\System\DUaOMai.exe
  C:\Windows\System\DUaOMai.exe
  2⤵
  PID:7748
- C:\Windows\System\xqklxrg.exe
  C:\Windows\System\xqklxrg.exe
  2⤵
  PID:7828
- C:\Windows\System\VnHILoU.exe
  C:\Windows\System\VnHILoU.exe
  2⤵
  PID:7912
- C:\Windows\System\tHdJGDX.exe
  C:\Windows\System\tHdJGDX.exe
  2⤵
  PID:8020
- C:\Windows\System\XmfJQbp.exe
  C:\Windows\System\XmfJQbp.exe
  2⤵
  PID:8072
- C:\Windows\System\zSkMfVW.exe
  C:\Windows\System\zSkMfVW.exe
  2⤵
  PID:8132
- C:\Windows\System\YfJRaFK.exe
  C:\Windows\System\YfJRaFK.exe
  2⤵
  PID:6868
- C:\Windows\System\oMFHWxd.exe
  C:\Windows\System\oMFHWxd.exe
  2⤵
  PID:8164
- C:\Windows\System\HsjboEh.exe
  C:\Windows\System\HsjboEh.exe
  2⤵
  PID:7308
- C:\Windows\System\pjdfoLR.exe
  C:\Windows\System\pjdfoLR.exe
  2⤵
  PID:7272
- C:\Windows\System\FNGnhyl.exe
  C:\Windows\System\FNGnhyl.exe
  2⤵
  PID:7596
- C:\Windows\System\maEpQEH.exe
  C:\Windows\System\maEpQEH.exe
  2⤵
  PID:7728
- C:\Windows\System\EyjUMnn.exe
  C:\Windows\System\EyjUMnn.exe
  2⤵
  PID:7824
- C:\Windows\System\STemcJw.exe
  C:\Windows\System\STemcJw.exe
  2⤵
  PID:8036
- C:\Windows\System\jcvMiYa.exe
  C:\Windows\System\jcvMiYa.exe
  2⤵
  PID:7340
- C:\Windows\System\MKUGpqB.exe
  C:\Windows\System\MKUGpqB.exe
  2⤵
  PID:8200
- C:\Windows\System\ZofaxKd.exe
  C:\Windows\System\ZofaxKd.exe
  2⤵
  PID:8216
- C:\Windows\System\yPiyLam.exe
  C:\Windows\System\yPiyLam.exe
  2⤵
  PID:8232
- C:\Windows\System\ckkSpHP.exe
  C:\Windows\System\ckkSpHP.exe
  2⤵
  PID:8248
- C:\Windows\System\RnOJoZG.exe
  C:\Windows\System\RnOJoZG.exe
  2⤵
  PID:8264
- C:\Windows\System\TZJKmeU.exe
  C:\Windows\System\TZJKmeU.exe
  2⤵
  PID:8280
- C:\Windows\System\HmtIVbj.exe
  C:\Windows\System\HmtIVbj.exe
  2⤵
  PID:8296
- C:\Windows\System\DoEDjmA.exe
  C:\Windows\System\DoEDjmA.exe
  2⤵
  PID:8312
- C:\Windows\System\tqKfOvS.exe
  C:\Windows\System\tqKfOvS.exe
  2⤵
  PID:8328
- C:\Windows\System\xAMfOwl.exe
  C:\Windows\System\xAMfOwl.exe
  2⤵
  PID:8344
- C:\Windows\System\VXMBfAx.exe
  C:\Windows\System\VXMBfAx.exe
  2⤵
  PID:8360
- C:\Windows\System\IjVHMTR.exe
  C:\Windows\System\IjVHMTR.exe
  2⤵
  PID:8376
- C:\Windows\System\CcDpYQO.exe
  C:\Windows\System\CcDpYQO.exe
  2⤵
  PID:8392
- C:\Windows\System\qnEMort.exe
  C:\Windows\System\qnEMort.exe
  2⤵
  PID:8408
- C:\Windows\System\AbKfByd.exe
  C:\Windows\System\AbKfByd.exe
  2⤵
  PID:8424
- C:\Windows\System\vqtNYQj.exe
  C:\Windows\System\vqtNYQj.exe
  2⤵
  PID:8440
- C:\Windows\System\giuFXep.exe
  C:\Windows\System\giuFXep.exe
  2⤵
  PID:8456
- C:\Windows\System\jPRSwir.exe
  C:\Windows\System\jPRSwir.exe
  2⤵
  PID:8472
- C:\Windows\System\mKFCSks.exe
  C:\Windows\System\mKFCSks.exe
  2⤵
  PID:8488
- C:\Windows\System\xrSWcsI.exe
  C:\Windows\System\xrSWcsI.exe
  2⤵
  PID:8508
- C:\Windows\System\QEJFLCi.exe
  C:\Windows\System\QEJFLCi.exe
  2⤵
  PID:8524
- C:\Windows\System\uoTOZMK.exe
  C:\Windows\System\uoTOZMK.exe
  2⤵
  PID:8540
- C:\Windows\System\lMZUlNR.exe
  C:\Windows\System\lMZUlNR.exe
  2⤵
  PID:8556
- C:\Windows\System\JWkncVJ.exe
  C:\Windows\System\JWkncVJ.exe
  2⤵
  PID:8572
- C:\Windows\System\ezYVWOc.exe
  C:\Windows\System\ezYVWOc.exe
  2⤵
  PID:8588
- C:\Windows\System\sAeEHLF.exe
  C:\Windows\System\sAeEHLF.exe
  2⤵
  PID:8604
- C:\Windows\System\xMaEteJ.exe
  C:\Windows\System\xMaEteJ.exe
  2⤵
  PID:8620
- C:\Windows\System\fFamryk.exe
  C:\Windows\System\fFamryk.exe
  2⤵
  PID:8636
- C:\Windows\System\shVQEzn.exe
  C:\Windows\System\shVQEzn.exe
  2⤵
  PID:8652
- C:\Windows\System\xaziRXC.exe
  C:\Windows\System\xaziRXC.exe
  2⤵
  PID:8668
- C:\Windows\System\TwYmftM.exe
  C:\Windows\System\TwYmftM.exe
  2⤵
  PID:8684
- C:\Windows\System\rfPSGjx.exe
  C:\Windows\System\rfPSGjx.exe
  2⤵
  PID:8700
- C:\Windows\System\VhKYNzU.exe
  C:\Windows\System\VhKYNzU.exe
  2⤵
  PID:8716
- C:\Windows\System\FBhAkdJ.exe
  C:\Windows\System\FBhAkdJ.exe
  2⤵
  PID:8732
- C:\Windows\System\FEuukUj.exe
  C:\Windows\System\FEuukUj.exe
  2⤵
  PID:8748
- C:\Windows\System\acOyGcT.exe
  C:\Windows\System\acOyGcT.exe
  2⤵
  PID:8764
- C:\Windows\System\GVLmeur.exe
  C:\Windows\System\GVLmeur.exe
  2⤵
  PID:8804
- C:\Windows\System\RIpSBOe.exe
  C:\Windows\System\RIpSBOe.exe
  2⤵
  PID:8836
- C:\Windows\System\DDismKO.exe
  C:\Windows\System\DDismKO.exe
  2⤵
  PID:8868
- C:\Windows\System\QBTcLdP.exe
  C:\Windows\System\QBTcLdP.exe
  2⤵
  PID:8884
- C:\Windows\System\dqdvvWx.exe
  C:\Windows\System\dqdvvWx.exe
  2⤵
  PID:8900
- C:\Windows\System\NKQiUiI.exe
  C:\Windows\System\NKQiUiI.exe
  2⤵
  PID:8920
- C:\Windows\System\atABzGq.exe
  C:\Windows\System\atABzGq.exe
  2⤵
  PID:8936
- C:\Windows\System\qfxUFkl.exe
  C:\Windows\System\qfxUFkl.exe
  2⤵
  PID:8952
- C:\Windows\System\wMPpWVi.exe
  C:\Windows\System\wMPpWVi.exe
  2⤵
  PID:8968
- C:\Windows\System\DqgogwQ.exe
  C:\Windows\System\DqgogwQ.exe
  2⤵
  PID:8984
- C:\Windows\System\MRFLVtX.exe
  C:\Windows\System\MRFLVtX.exe
  2⤵
  PID:9000
- C:\Windows\System\wFgWzXW.exe
  C:\Windows\System\wFgWzXW.exe
  2⤵
  PID:9016
- C:\Windows\System\fnCMAKM.exe
  C:\Windows\System\fnCMAKM.exe
  2⤵
  PID:9032
- C:\Windows\System\lLsuGhL.exe
  C:\Windows\System\lLsuGhL.exe
  2⤵
  PID:9048
- C:\Windows\System\TUrNbZc.exe
  C:\Windows\System\TUrNbZc.exe
  2⤵
  PID:9064
- C:\Windows\System\ZPSDACW.exe
  C:\Windows\System\ZPSDACW.exe
  2⤵
  PID:9080
- C:\Windows\System\ziyuEgz.exe
  C:\Windows\System\ziyuEgz.exe
  2⤵
  PID:9096
- C:\Windows\System\pBAuwoV.exe
  C:\Windows\System\pBAuwoV.exe
  2⤵
  PID:9112
- C:\Windows\System\HVXXjZC.exe
  C:\Windows\System\HVXXjZC.exe
  2⤵
  PID:9128
- C:\Windows\System\hAWceeC.exe
  C:\Windows\System\hAWceeC.exe
  2⤵
  PID:9144
- C:\Windows\System\wflKnid.exe
  C:\Windows\System\wflKnid.exe
  2⤵
  PID:9160
- C:\Windows\System\cwVXHqm.exe
  C:\Windows\System\cwVXHqm.exe
  2⤵
  PID:9176
- C:\Windows\System\exUYcTH.exe
  C:\Windows\System\exUYcTH.exe
  2⤵
  PID:9196
- C:\Windows\System\znSlKLs.exe
  C:\Windows\System\znSlKLs.exe
  2⤵
  PID:7840
- C:\Windows\System\RIfviRd.exe
  C:\Windows\System\RIfviRd.exe
  2⤵
  PID:7744
- C:\Windows\System\XyNtTBb.exe
  C:\Windows\System\XyNtTBb.exe
  2⤵
  PID:7972
- C:\Windows\System\RzBAlqM.exe
  C:\Windows\System\RzBAlqM.exe
  2⤵
  PID:7244
- C:\Windows\System\TYcxzpa.exe
  C:\Windows\System\TYcxzpa.exe
  2⤵
  PID:7376
- C:\Windows\System\NLYOhRh.exe
  C:\Windows\System\NLYOhRh.exe
  2⤵
  PID:8240
- C:\Windows\System\CwRHngf.exe
  C:\Windows\System\CwRHngf.exe
  2⤵
  PID:8304
- C:\Windows\System\llziCWX.exe
  C:\Windows\System\llziCWX.exe
  2⤵
  PID:8008
- C:\Windows\System\LurDSZi.exe
  C:\Windows\System\LurDSZi.exe
  2⤵
  PID:8228
- C:\Windows\System\RuKLOka.exe
  C:\Windows\System\RuKLOka.exe
  2⤵
  PID:8292
- C:\Windows\System\qgtffGX.exe
  C:\Windows\System\qgtffGX.exe
  2⤵
  PID:8340
- C:\Windows\System\Nofvjge.exe
  C:\Windows\System\Nofvjge.exe
  2⤵
  PID:8388
- C:\Windows\System\nvvELyy.exe
  C:\Windows\System\nvvELyy.exe
  2⤵
  PID:8452
- C:\Windows\System\YIrpHpf.exe
  C:\Windows\System\YIrpHpf.exe
  2⤵
  PID:8432
- C:\Windows\System\LePVLad.exe
  C:\Windows\System\LePVLad.exe
  2⤵
  PID:8356
- C:\Windows\System\kOoHxXe.exe
  C:\Windows\System\kOoHxXe.exe
  2⤵
  PID:6824
- C:\Windows\System\gDYiYUI.exe
  C:\Windows\System\gDYiYUI.exe
  2⤵
  PID:8504
- C:\Windows\System\XKNrhjU.exe
  C:\Windows\System\XKNrhjU.exe
  2⤵
  PID:8568
- C:\Windows\System\DcgazxF.exe
  C:\Windows\System\DcgazxF.exe
  2⤵
  PID:8632
- C:\Windows\System\noVxaby.exe
  C:\Windows\System\noVxaby.exe
  2⤵
  PID:8580
- C:\Windows\System\iTvGoME.exe
  C:\Windows\System\iTvGoME.exe
  2⤵
  PID:8644
- C:\Windows\System\jgNLKJl.exe
  C:\Windows\System\jgNLKJl.exe
  2⤵
  PID:8692
- C:\Windows\System\mXqmoGl.exe
  C:\Windows\System\mXqmoGl.exe
  2⤵
  PID:8724
- C:\Windows\System\eEGffYd.exe
  C:\Windows\System\eEGffYd.exe
  2⤵
  PID:8744
- C:\Windows\System\FqwASZO.exe
  C:\Windows\System\FqwASZO.exe
  2⤵
  PID:8780
- C:\Windows\System\dBghaZR.exe
  C:\Windows\System\dBghaZR.exe
  2⤵
  PID:8796
- C:\Windows\System\kqLWOBS.exe
  C:\Windows\System\kqLWOBS.exe
  2⤵
  PID:8820
- C:\Windows\System\SMXYnFN.exe
  C:\Windows\System\SMXYnFN.exe
  2⤵
  PID:8876
- C:\Windows\System\jwmnanO.exe
  C:\Windows\System\jwmnanO.exe
  2⤵
  PID:8860
- C:\Windows\System\Lyfjhfs.exe
  C:\Windows\System\Lyfjhfs.exe
  2⤵
  PID:8896
- C:\Windows\System\NOlTDYB.exe
  C:\Windows\System\NOlTDYB.exe
  2⤵
  PID:8916
- C:\Windows\System\buXAjWD.exe
  C:\Windows\System\buXAjWD.exe
  2⤵
  PID:8964
- C:\Windows\System\HEqekRo.exe
  C:\Windows\System\HEqekRo.exe
  2⤵
  PID:8980
- C:\Windows\System\hPAPkxC.exe
  C:\Windows\System\hPAPkxC.exe
  2⤵
  PID:9072
- C:\Windows\System\XeBhsrc.exe
  C:\Windows\System\XeBhsrc.exe
  2⤵
  PID:9104
- C:\Windows\System\OKtDaOX.exe
  C:\Windows\System\OKtDaOX.exe
  2⤵
  PID:9088
- C:\Windows\System\fCeRMjo.exe
  C:\Windows\System\fCeRMjo.exe
  2⤵
  PID:9140
- C:\Windows\System\EXKWYNO.exe
  C:\Windows\System\EXKWYNO.exe
  2⤵
  PID:9060
- C:\Windows\System\ghDOYMY.exe
  C:\Windows\System\ghDOYMY.exe
  2⤵
  PID:9188
- C:\Windows\System\pGIfReC.exe
  C:\Windows\System\pGIfReC.exe
  2⤵
  PID:7716
- C:\Windows\System\GJYbkPe.exe
  C:\Windows\System\GJYbkPe.exe
  2⤵
  PID:8196
- C:\Windows\System\uSpWcYO.exe
  C:\Windows\System\uSpWcYO.exe
  2⤵
  PID:8324
- C:\Windows\System\JGgHMuR.exe
  C:\Windows\System\JGgHMuR.exe
  2⤵
  PID:8468
- C:\Windows\System\KFfzrwm.exe
  C:\Windows\System\KFfzrwm.exe
  2⤵
  PID:8352
- C:\Windows\System\aEGpZyx.exe
  C:\Windows\System\aEGpZyx.exe
  2⤵
  PID:8628
- C:\Windows\System\hLoktrG.exe
  C:\Windows\System\hLoktrG.exe
  2⤵
  PID:8516
- C:\Windows\System\mmCLdnq.exe
  C:\Windows\System\mmCLdnq.exe
  2⤵
  PID:8664
- C:\Windows\System\ZXMKKgX.exe
  C:\Windows\System\ZXMKKgX.exe
  2⤵
  PID:8772
- C:\Windows\System\oodVMDF.exe
  C:\Windows\System\oodVMDF.exe
  2⤵
  PID:8852
- C:\Windows\System\qttbhpI.exe
  C:\Windows\System\qttbhpI.exe
  2⤵
  PID:8756
- C:\Windows\System\nYNoRMq.exe
  C:\Windows\System\nYNoRMq.exe
  2⤵
  PID:8828
- C:\Windows\System\dAVdjoG.exe
  C:\Windows\System\dAVdjoG.exe
  2⤵
  PID:8944
- C:\Windows\System\uQUBomh.exe
  C:\Windows\System\uQUBomh.exe
  2⤵
  PID:9136
- C:\Windows\System\YKCTqnZ.exe
  C:\Windows\System\YKCTqnZ.exe
  2⤵
  PID:8892
- C:\Windows\System\OKFXZam.exe
  C:\Windows\System\OKFXZam.exe
  2⤵
  PID:8928
- C:\Windows\System\xMFEIDb.exe
  C:\Windows\System\xMFEIDb.exe
  2⤵
  PID:8188
- C:\Windows\System\KhLFszQ.exe
  C:\Windows\System\KhLFszQ.exe
  2⤵
  PID:8960
- C:\Windows\System\fxyFfqE.exe
  C:\Windows\System\fxyFfqE.exe
  2⤵
  PID:7628
- C:\Windows\System\vanaGxp.exe
  C:\Windows\System\vanaGxp.exe
  2⤵
  PID:8212
- C:\Windows\System\yRBToGz.exe
  C:\Windows\System\yRBToGz.exe
  2⤵
  PID:8420
- C:\Windows\System\ROEtPNQ.exe
  C:\Windows\System\ROEtPNQ.exe
  2⤵
  PID:8816
- C:\Windows\System\NUjwPaB.exe
  C:\Windows\System\NUjwPaB.exe
  2⤵
  PID:8564
- C:\Windows\System\IVqcoSC.exe
  C:\Windows\System\IVqcoSC.exe
  2⤵
  PID:8992
- C:\Windows\System\dioEWSh.exe
  C:\Windows\System\dioEWSh.exe
  2⤵
  PID:8676
- C:\Windows\System\mLjeBcO.exe
  C:\Windows\System\mLjeBcO.exe
  2⤵
  PID:9156
- C:\Windows\System\PayHJIh.exe
  C:\Windows\System\PayHJIh.exe
  2⤵
  PID:8208
- C:\Windows\System\TvHhWwr.exe
  C:\Windows\System\TvHhWwr.exe
  2⤵
  PID:8464
- C:\Windows\System\AoUwgGe.exe
  C:\Windows\System\AoUwgGe.exe
  2⤵
  PID:8740
- C:\Windows\System\mkJmlEY.exe
  C:\Windows\System\mkJmlEY.exe
  2⤵
  PID:8600
- C:\Windows\System\mSRuPVs.exe
  C:\Windows\System\mSRuPVs.exe
  2⤵
  PID:8404
- C:\Windows\System\rkPqCRL.exe
  C:\Windows\System\rkPqCRL.exe
  2⤵
  PID:7888
- C:\Windows\System\HIeBXSY.exe
  C:\Windows\System\HIeBXSY.exe
  2⤵
  PID:9040
- C:\Windows\System\DKgtFQN.exe
  C:\Windows\System\DKgtFQN.exe
  2⤵
  PID:8136
- C:\Windows\System\sxTxYdc.exe
  C:\Windows\System\sxTxYdc.exe
  2⤵
  PID:9212
- C:\Windows\System\FmWsPmy.exe
  C:\Windows\System\FmWsPmy.exe
  2⤵
  PID:9348
- C:\Windows\System\ZHEuWHi.exe
  C:\Windows\System\ZHEuWHi.exe
  2⤵
  PID:9364
- C:\Windows\System\mBdmLZs.exe
  C:\Windows\System\mBdmLZs.exe
  2⤵
  PID:9424
- C:\Windows\System\oYtKSOE.exe
  C:\Windows\System\oYtKSOE.exe
  2⤵
  PID:9472
- C:\Windows\System\IFHssqb.exe
  C:\Windows\System\IFHssqb.exe
  2⤵
  PID:9504
- C:\Windows\System\ErLPJOT.exe
  C:\Windows\System\ErLPJOT.exe
  2⤵
  PID:9544
- C:\Windows\System\htYJatW.exe
  C:\Windows\System\htYJatW.exe
  2⤵
  PID:9572
- C:\Windows\System\yTuemYv.exe
  C:\Windows\System\yTuemYv.exe
  2⤵
  PID:9588
- C:\Windows\System\hbKMTPB.exe
  C:\Windows\System\hbKMTPB.exe
  2⤵
  PID:9608
- C:\Windows\System\vtHRoZo.exe
  C:\Windows\System\vtHRoZo.exe
  2⤵
  PID:9628
- C:\Windows\System\jPfIdNW.exe
  C:\Windows\System\jPfIdNW.exe
  2⤵
  PID:9652
- C:\Windows\System\nZtcvQV.exe
  C:\Windows\System\nZtcvQV.exe
  2⤵
  PID:9672
- C:\Windows\System\QSHEBgc.exe
  C:\Windows\System\QSHEBgc.exe
  2⤵
  PID:9692
- C:\Windows\System\vCYUDYq.exe
  C:\Windows\System\vCYUDYq.exe
  2⤵
  PID:9708
- C:\Windows\System\iDEOjHQ.exe
  C:\Windows\System\iDEOjHQ.exe
  2⤵
  PID:9740
- C:\Windows\System\huOSlrx.exe
  C:\Windows\System\huOSlrx.exe
  2⤵
  PID:9760
- C:\Windows\System\GGoWyKW.exe
  C:\Windows\System\GGoWyKW.exe
  2⤵
  PID:9780
- C:\Windows\System\qUBdivP.exe
  C:\Windows\System\qUBdivP.exe
  2⤵
  PID:9828
- C:\Windows\System\sSPNZvk.exe
  C:\Windows\System\sSPNZvk.exe
  2⤵
  PID:9884
- C:\Windows\System\IaQBqbI.exe
  C:\Windows\System\IaQBqbI.exe
  2⤵
  PID:9904
- C:\Windows\System\ANYmUzX.exe
  C:\Windows\System\ANYmUzX.exe
  2⤵
  PID:9920
- C:\Windows\System\KxCDKRV.exe
  C:\Windows\System\KxCDKRV.exe
  2⤵
  PID:9936
- C:\Windows\System\QNMULEB.exe
  C:\Windows\System\QNMULEB.exe
  2⤵
  PID:9952
- C:\Windows\System\UNbbBZD.exe
  C:\Windows\System\UNbbBZD.exe
  2⤵
  PID:9976
- C:\Windows\System\pYgCFHW.exe
  C:\Windows\System\pYgCFHW.exe
  2⤵
  PID:9992
- C:\Windows\System\ndxhsNz.exe
  C:\Windows\System\ndxhsNz.exe
  2⤵
  PID:10008
- C:\Windows\System\VAVVyJk.exe
  C:\Windows\System\VAVVyJk.exe
  2⤵
  PID:10048
- C:\Windows\System\AHYMqCT.exe
  C:\Windows\System\AHYMqCT.exe
  2⤵
  PID:10080
- C:\Windows\System\qZBtBeN.exe
  C:\Windows\System\qZBtBeN.exe
  2⤵
  PID:10104
- C:\Windows\System\KzbXaEN.exe
  C:\Windows\System\KzbXaEN.exe
  2⤵
  PID:10124
- C:\Windows\System\CpkQpds.exe
  C:\Windows\System\CpkQpds.exe
  2⤵
  PID:10140
- C:\Windows\System\gfPTeMy.exe
  C:\Windows\System\gfPTeMy.exe
  2⤵
  PID:10172
- C:\Windows\System\cvkDFGT.exe
  C:\Windows\System\cvkDFGT.exe
  2⤵
  PID:10200
- C:\Windows\System\rUATEMr.exe
  C:\Windows\System\rUATEMr.exe
  2⤵
  PID:10220
- C:\Windows\System\WjsAIWl.exe
  C:\Windows\System\WjsAIWl.exe
  2⤵
  PID:9228
- C:\Windows\System\lWFNqRL.exe
  C:\Windows\System\lWFNqRL.exe
  2⤵
  PID:9264
- C:\Windows\System\uXLMqeH.exe
  C:\Windows\System\uXLMqeH.exe
  2⤵
  PID:9288
- C:\Windows\System\pYZCTXj.exe
  C:\Windows\System\pYZCTXj.exe
  2⤵
  PID:9300
- C:\Windows\System\HzGluvu.exe
  C:\Windows\System\HzGluvu.exe
  2⤵
  PID:9320
- C:\Windows\System\DPGfoHs.exe
  C:\Windows\System\DPGfoHs.exe
  2⤵
  PID:9336
- C:\Windows\System\nMQIZEA.exe
  C:\Windows\System\nMQIZEA.exe
  2⤵
  PID:9404
- C:\Windows\System\RfGXRKD.exe
  C:\Windows\System\RfGXRKD.exe
  2⤵
  PID:9432
- C:\Windows\System\bKqitmu.exe
  C:\Windows\System\bKqitmu.exe
  2⤵
  PID:9456
- C:\Windows\System\eojaKNv.exe
  C:\Windows\System\eojaKNv.exe
  2⤵
  PID:9480
- C:\Windows\System\hdVaoNn.exe
  C:\Windows\System\hdVaoNn.exe
  2⤵
  PID:9488
- C:\Windows\System\QyECHyC.exe
  C:\Windows\System\QyECHyC.exe
  2⤵
  PID:9516
- C:\Windows\System\rthHihu.exe
  C:\Windows\System\rthHihu.exe
  2⤵
  PID:9532
- C:\Windows\System\yAKcfTf.exe
  C:\Windows\System\yAKcfTf.exe
  2⤵
  PID:9556
- C:\Windows\System\mOXZHyg.exe
  C:\Windows\System\mOXZHyg.exe
  2⤵
  PID:9580
- C:\Windows\System\TJrRlOi.exe
  C:\Windows\System\TJrRlOi.exe
  2⤵
  PID:9600
- C:\Windows\System\rAMPcab.exe
  C:\Windows\System\rAMPcab.exe
  2⤵
  PID:9624
- C:\Windows\System\yzWtZnN.exe
  C:\Windows\System\yzWtZnN.exe
  2⤵
  PID:9660
- C:\Windows\System\DxHtcLa.exe
  C:\Windows\System\DxHtcLa.exe
  2⤵
  PID:9688
- C:\Windows\System\IoJGbKD.exe
  C:\Windows\System\IoJGbKD.exe
  2⤵
  PID:9700
- C:\Windows\System\JKyqgSE.exe
  C:\Windows\System\JKyqgSE.exe
  2⤵
  PID:9768
- C:\Windows\System\bZgzBpC.exe
  C:\Windows\System\bZgzBpC.exe
  2⤵
  PID:9800
- C:\Windows\System\LakQuuX.exe
  C:\Windows\System\LakQuuX.exe
  2⤵
  PID:10120
- C:\Windows\System\MaylLld.exe
  C:\Windows\System\MaylLld.exe
  2⤵
  PID:10184
- C:\Windows\System\LllVrFL.exe
  C:\Windows\System\LllVrFL.exe
  2⤵
  PID:10192
- C:\Windows\System\wiMohwo.exe
  C:\Windows\System\wiMohwo.exe
  2⤵
  PID:8448
- C:\Windows\System\ZttWVcJ.exe
  C:\Windows\System\ZttWVcJ.exe
  2⤵
  PID:9224
- C:\Windows\System\qaTbCmZ.exe
  C:\Windows\System\qaTbCmZ.exe
  2⤵
  PID:9724
- C:\Windows\System\cpjdLvk.exe
  C:\Windows\System\cpjdLvk.exe
  2⤵
  PID:10228
- C:\Windows\System\qgDRLBg.exe
  C:\Windows\System\qgDRLBg.exe
  2⤵
  PID:10212
- C:\Windows\System\qCtECmM.exe
  C:\Windows\System\qCtECmM.exe
  2⤵
  PID:9280
- C:\Windows\System\sSFXxQp.exe
  C:\Windows\System\sSFXxQp.exe
  2⤵
  PID:9312
- C:\Windows\System\QgfxICp.exe
  C:\Windows\System\QgfxICp.exe
  2⤵
  PID:9372
- C:\Windows\System\tyxFIcx.exe
  C:\Windows\System\tyxFIcx.exe
  2⤵
  PID:9388
- C:\Windows\System\fHtobka.exe
  C:\Windows\System\fHtobka.exe
  2⤵
  PID:9436
- C:\Windows\System\UWLXshz.exe
  C:\Windows\System\UWLXshz.exe
  2⤵
  PID:9500
- C:\Windows\System\HFrjLjQ.exe
  C:\Windows\System\HFrjLjQ.exe
  2⤵
  PID:9564
- C:\Windows\System\cgEmPLk.exe
  C:\Windows\System\cgEmPLk.exe
  2⤵
  PID:9596
- C:\Windows\System\wECtDGQ.exe
  C:\Windows\System\wECtDGQ.exe
  2⤵
  PID:9512
- C:\Windows\System\bqpOWmv.exe
  C:\Windows\System\bqpOWmv.exe
  2⤵
  PID:9748
- C:\Windows\System\jQQfPNt.exe
  C:\Windows\System\jQQfPNt.exe
  2⤵
  PID:9868
- C:\Windows\System\frwhHIk.exe
  C:\Windows\System\frwhHIk.exe
  2⤵
  PID:9892
- C:\Windows\System\ENwfqVx.exe
  C:\Windows\System\ENwfqVx.exe
  2⤵
  PID:10072
- C:\Windows\System\RxwTegj.exe
  C:\Windows\System\RxwTegj.exe
  2⤵
  PID:9964
- C:\Windows\System\QaxPexZ.exe
  C:\Windows\System\QaxPexZ.exe
  2⤵
  PID:9988
- C:\Windows\System\XfcvVPr.exe
  C:\Windows\System\XfcvVPr.exe
  2⤵
  PID:10036
- C:\Windows\System\ehUotrV.exe
  C:\Windows\System\ehUotrV.exe
  2⤵
  PID:10004
- C:\Windows\System\VUTvGoL.exe
  C:\Windows\System\VUTvGoL.exe
  2⤵
  PID:10068
- C:\Windows\System\fccbcVk.exe
  C:\Windows\System\fccbcVk.exe
  2⤵
  PID:10112
- C:\Windows\System\xQetpoc.exe
  C:\Windows\System\xQetpoc.exe
  2⤵
  PID:10180
- C:\Windows\System\CLzmxkz.exe
  C:\Windows\System\CLzmxkz.exe
  2⤵
  PID:10236
- C:\Windows\System\FryRtWy.exe
  C:\Windows\System\FryRtWy.exe
  2⤵
  PID:7992
- C:\Windows\System\GZgqcQl.exe
  C:\Windows\System\GZgqcQl.exe
  2⤵
  PID:9260
- C:\Windows\System\xQdQDwt.exe
  C:\Windows\System\xQdQDwt.exe
  2⤵
  PID:9400
- C:\Windows\System\nRKzRUf.exe
  C:\Windows\System\nRKzRUf.exe
  2⤵
  PID:9416
- C:\Windows\System\PhWcQya.exe
  C:\Windows\System\PhWcQya.exe
  2⤵
  PID:9376
- C:\Windows\System\dzTCFRu.exe
  C:\Windows\System\dzTCFRu.exe
  2⤵
  PID:9824
- C:\Windows\System\YNsAPzh.exe
  C:\Windows\System\YNsAPzh.exe
  2⤵
  PID:9568
- C:\Windows\System\WiKxOek.exe
  C:\Windows\System\WiKxOek.exe
  2⤵
  PID:9664
- C:\Windows\System\QlNTBDU.exe
  C:\Windows\System\QlNTBDU.exe
  2⤵
  PID:9856
- C:\Windows\System\fKyLgQH.exe
  C:\Windows\System\fKyLgQH.exe
  2⤵
  PID:9944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BTiRoRg.exe

Filesize
6.0MB

MD5
388a3661739a661861e3f83d4bd209e5

SHA1
9f6aa700f8501bc1b7b6c80ae052731361c6f47b

SHA256
a0099563bef41bd0bc8184c3c783c2ad0fbbc172041cc319f409132a9964223a

SHA512
e43d818b83687f30ba1c4f7a6789a445615cd49a338cb3b2ec8ed06704e02bdd8bd866cc4a108f991010f23654d5c8daf7006aabd08f203c54b75cabbfa91955

Download Submit
C:\Windows\system\LkVpCWY.exe

Filesize
6.0MB

MD5
a24a8e0cdfc0b4044340a132df9dc08f

SHA1
86f2835994a3d0e121a269b99b2b363b08bac759

SHA256
8791f7fcd6978b236b33dd4213492b60e1ebd70fd63649f0269c28a879d16f05

SHA512
8bc9494e3e8e08321ff2343dd14e962bfa876c74f9223401b733cad9d9bbcdf4cdebb0ee133e34df068b011e4d0f531030766bd9991cd8ae0b4a2bd3e44c7699

Download Submit
C:\Windows\system\NYYtlzB.exe

Filesize
6.0MB

MD5
04c7ab65b6414fd1549ee0e44f462363

SHA1
05de5cf19991f2152c99cc2ad999be7acb35ae2f

SHA256
89fe2d705317859ba02117946b6323868dcd8472bf1e9f946dbbacefec7602a6

SHA512
849ceb3e50143382d43e48bacdf0db7bfb474d0f48d9eba1baae6709b4760c8aad8baf2979cee0715aade9f20d12fdd4635f21569de3edb7c290443a0558eb24

Download Submit
C:\Windows\system\QdwCOjN.exe

Filesize
6.0MB

MD5
5744e12f06b370fae2d193e16e5550b6

SHA1
057609c253518a2d92ea8eb39251e528f664b2ec

SHA256
db9e20883cefbbc9e32941050ea0214d1e65b5b72c36955fd0374898eeb86a24

SHA512
465cff320c4d5dfd9e27686afc44ea03056ac309adcb719e7d1df8c6e2fd6e1ed4d1d055aed4700e923c4a99495a2bcfc9497edaa9f34b41e9e037398867df61

Download Submit
C:\Windows\system\RKGMYFI.exe

Filesize
6.0MB

MD5
48e0d01a29e46bb5d839ba8365281dce

SHA1
d4d165e78c968b3a1db734560f444c4740ff485a

SHA256
f28d0f5751667296fd0c9193575e4560822c59f3ca2b511fe76b6574490360fd

SHA512
ddabe0ab30209dfeefab42e6b100368ea9a47c342ec967ce601699e1c289aa03d0cd64e81353b20d1dd91a5c0b67eda031ccf829238ff727528c23d72d1b7adb

Download Submit
C:\Windows\system\RZywNzT.exe

Filesize
6.0MB

MD5
3b0c0663d4a692a7d0b86ba4aace8e9b

SHA1
cd8b73830102ab2059d0a17fb3253fa1b2aa8781

SHA256
853389531b3cfac771711fad8b7ca51f5c1c7975c11d1bbe4282c001a151841f

SHA512
5f4f25347ccdd65fc59cc377c03b4018cb402419ad9f41fac59cb7261e029af25d1d26701af995e6260bc72cc2c7c2b83f8631d99b41223f972e40e099adf0a4

Download Submit
C:\Windows\system\TGGnpXH.exe

Filesize
6.0MB

MD5
47f33b14e884c2b4127b0cc6902001e3

SHA1
b5fe8f6697abd8be3df9af36b77c74a1cdd33c24

SHA256
33208d069a4d5fc3527674d00d63bc7eb1ff4a269ba069c31564632910367848

SHA512
057c274694caf90b1619a5e45ba352f52e3b0e3302d15796e23a34527b985a5e5392f49253f19d872d0e8620fa491ff5d00c5ea2e8e186afd227a4b6a968d485

Download Submit
C:\Windows\system\THduMVc.exe

Filesize
6.0MB

MD5
a3cfd366afecf3f1bbfe07622521a710

SHA1
2e85722454ab773d18d102cc10741279c1f192bc

SHA256
96ffe03f4eff78bc9a9793ba13570903c93fa23c6ebf78cda0ded657007d6a76

SHA512
e86962069d87c4043c13a38ab830bf520977f3ac4400d1478b1dcb978de700ed6955725452435a821ae24c52a60eb840426bec5b77948fca7299f39672a5a27e

Download Submit
C:\Windows\system\TnsAjgq.exe

Filesize
6.0MB

MD5
53e373f7455cd2e7185f0b69c0c07352

SHA1
c82f675592dcbca907b170eb3f86f29a5331cfcf

SHA256
1c6a92515a3d3a5ec3309be50580f4c023133cc40d8f281d2a3f080a270d2534

SHA512
dd30c0d2b79c999be07f0be5aacf281020eb0f33683722931d7166e40ce9d23a101715da8d92a3fd62f625d0491e68066c2b5be1d5b1c8ab5f695227de173cd5

Download Submit
C:\Windows\system\VrqXNhC.exe

Filesize
8B

MD5
0b305402a097835aad3f2fa0818d402a

SHA1
672336e427a92cab5cba6b4775f93bc8fde74f1e

SHA256
0cfff047129afee86f9d9b59549c9fc3a0bef9ca26189c4f5540edf1be32dd08

SHA512
7b284013ed4200d107562db97cddd2ddd29937303c3b8a2a2e952659b391e6eb094a87ca44516c556a4d548556b2a19ea2363be7474cbc501f3a1420e04c9760

Download Submit
C:\Windows\system\WJovoay.exe

Filesize
6.0MB

MD5
296859aea4afae94ed5c4fd1b6d906bf

SHA1
eee13d5751e858d97ac9c8cc7c9032a02631f0b8

SHA256
248d285bde2ab12f265b7b00f361015a24fdb9cac54ad60ad230c5d6a9c0d0de

SHA512
827181b1043b7bf154d2c62f1ab71d577aa00b4e104e64239d2e130ac1700702bbf02470434b7b43e4d35f489700d237bd2043b4a68eb87f362cf811e2eb27e3

Download Submit
C:\Windows\system\bEySSnv.exe

Filesize
6.0MB

MD5
20ea7a8c32289bf9b6f024a2f513c828

SHA1
23aa7e984443c05252bb39bcf89fb0dd9f977a68

SHA256
780e3938ab51bcd288bfe381467daeb5c66dd8a37e1783a6f3f49efbc91645a8

SHA512
af70a73bed8d7b15f5ad990a29658d95db926fc61115e64f53ae248717719392330441e75b6b03e54cad34f30fbfdc3db938d3f6b76a64b063f014b71f377eef

Download Submit
C:\Windows\system\bFMmApV.exe

Filesize
6.0MB

MD5
12bd4c11f79cfaac964d4861764d2730

SHA1
fe237b405e67ef266d5e8462a4beefece4c7d1c1

SHA256
9c540c0d5fa7b6f5f5eb6adc8b159f77ce1fc75669a660cb43273772ee8ec4e8

SHA512
a14cb97a810f8c49a21b0ab04675bbe2de94ea65918febba1dfbe8679982a2eef89afa4b13b7fb9a562e5bfd6926f5a4f9f73ab4afaaae3e8155b55675f904bc

Download Submit
C:\Windows\system\dCqzbwP.exe

Filesize
6.0MB

MD5
8a7b0af4ff27b0bbb826559febf6a07e

SHA1
fb579763a3bdd9b10101e815c7a54850952de541

SHA256
a4f34ee3e687ca3acb175805915d6f1c76d532145a260b0d69279e64e2de672e

SHA512
9475beffb6678ec58f35a8e873419093e502961c2b95b477edc60a1a84b204a3f416e1ad607cca5322d9b4e2b7c53a9d3f89b57d2397031ae1766152ef7b1996

Download Submit
C:\Windows\system\fjkQseh.exe

Filesize
6.0MB

MD5
bcbeb08e3ae3d7c76180bf73aad4d96d

SHA1
9f6ad9d9b5581b4ef63f7ec72e5a0a3f5034a8aa

SHA256
e5a3ec4a51abd2b3647d81aae2eeda423b43541744d2974cfaa11eaf43a8091b

SHA512
6b63926d2c7495a0e2b9e6a5f6062bef33ce41df11abed25a887b34ea92b5ea06f02222483f7197840a803a2e93ae2feb303f50e2778aa15087817972a1d55a9

Download Submit
C:\Windows\system\fwonMHV.exe

Filesize
6.0MB

MD5
27eb206c4897da95adeaabcbfdd5c84b

SHA1
2649038eff638b96fe57b234f741cd6bf56b7849

SHA256
d7b4fe296987a246db32755313ae31b7ae42daaaec105e98ad2fc65a6c0cd089

SHA512
20bc795887a3c50f1bba5eade293d800e66e1161153e12712b50a739c8ea668fad4204a8ba52a7aa1f6cbd7dc72165f0a213f8938f2c32c0f60ad292f123bc80

Download Submit
C:\Windows\system\iYZHusO.exe

Filesize
6.0MB

MD5
11fec8f9c715f4de7febbb8901669530

SHA1
0557291bf405d36e49f4311c8fde536163b8092d

SHA256
870c94bce1a04d05aec0f79e16e86142e0615a0dedd3948ff86447ee9c360195

SHA512
8a42584b881e06c1c449132b6ab1f93fe1a25316efb4012a9068628938b21311b97d6488e6d226d4cde7ccf772d841d4600d69ec069336893a996309cb75c380

Download Submit
C:\Windows\system\ltbMEmz.exe

Filesize
6.0MB

MD5
02fceaec207106ce0e86b996ca2b1603

SHA1
7dd098a03ed82017f4b193a3d281330160f2c0f2

SHA256
088d3ef111c4312a0619e8444b7d54c9dd3779649fed359e1109c12547d525e1

SHA512
68c355a7dbca02cb9fe39a6cc63b7f8c99b43aeedff4976989dcb4603a80ae67ad7b4612044ad08954ee16f03f73585cbffa1e35df343330263e7997b0aea2b9

Download Submit
C:\Windows\system\mdEakIb.exe

Filesize
6.0MB

MD5
2d077c5e24146780bc858153d2d2bb35

SHA1
5776e7a268ab2426588372d467ec5cdda31ea9da

SHA256
4ec1485cbdfe61546ef8b6e592b1bd69c710860d34ee867af3bdb6ecf781c0f8

SHA512
e3dbab6a545aa633fbdd3e450f2f4734a03d54f18baf847113f478b3c117e1e13ed74d57602b4a1a8361f54b95c940d64bceeda178007efa006d8a2198518d74

Download Submit
C:\Windows\system\oBGTrQc.exe

Filesize
6.0MB

MD5
fa26814540284813607d479ed900bd36

SHA1
3fd7c9a95e025bd1ba75e89c6068c89b1ae0a9fc

SHA256
7d4cab41350bc955b6ca3f16b5357bcc7d0f574f447fa271f1374d62125caf7c

SHA512
ab22bdf5c111f9708ce369d73e89bc73979fd06b08e9eba8bbddb105f05a70c89c21800b35efdde187f96a950a7f82d2784b17b0ba0e6ff94fb65a6ade71e91f

Download Submit
C:\Windows\system\oOmYrep.exe

Filesize
6.0MB

MD5
c641d5fb9a4b56ca6a2a3e0f309b1f16

SHA1
85f35905010dc7458c72d835dec31e199c539f9a

SHA256
7bf8264dba392e6b369769d771e5f5c92d4b2c80ae6a228934d288ce4db1343e

SHA512
5f5847190bbcbf16a800937aae320cbcaf54a3508f7a2ae75ebf893ea0b7e8dc6fbd03e26e9a872ea1310dbdce21adef8b3a70489ae28774ebecb6273cd0fedd

Download Submit
C:\Windows\system\odRSrLC.exe

Filesize
6.0MB

MD5
7b3c28d383a12970e9a7cb588dcebc60

SHA1
bb266039dd68cb3faa79231f5f79ce358de0aaed

SHA256
a8d6382b814c5ae43e2329380d9a5cbb51a38e35745f71280211c8929f35f7b8

SHA512
a7373a942822e05e38cfbe3efd3cfabf8d43f968d753e115bd32626ae60a6127428ebe0a597eed2e00c80ef522fef778cda758a3cb2f8d4c004b73c3aaf4d2cf

Download Submit
C:\Windows\system\oepHeEm.exe

Filesize
6.0MB

MD5
c4cace76463b5420a0d87d8a58149c00

SHA1
aff16b4f8e23c033ec68f768d86d1fe23bfb4c0c

SHA256
271dc99fd0086ed44cf9be35dbc33eca1ab299409b3e6f367c0967f99ebfd800

SHA512
327a54623056abe3a36c9b868cb5edd668335bdb8f40e6f19878d7515f2287e4994a0650fc982f73006a586b5a9b5ae094e05b243b3cccc2ac061e093037bfc7

Download Submit
C:\Windows\system\rFdzcvr.exe

Filesize
6.0MB

MD5
68e62f9f967ad6a3f71d6da27403f6e1

SHA1
b5537c32a5a69db9f1a4c29c0bd52e8b6fb8e81d

SHA256
a629a6a9dd5ac3253f07f2388ccf948ea417dcc41ce3bdc3f412c55ae4912848

SHA512
742afbef537f6daadc812f95720d2e2bf34527556aaf4c6c5375b624186c47e6bacfb7662a31126400dc3f82a0c637e34a9ccb623004680685b6e47b49dc5225

Download Submit
C:\Windows\system\sNIBrGT.exe

Filesize
6.0MB

MD5
2a21e964ce75eaf648335b5954c40f6c

SHA1
aaffd5d8a25342af99322967a76765e412d6a67d

SHA256
7107df0aab631f0b0fcaca2f70047c962e25fef2922dad471a8bbe6e355de1b8

SHA512
db4a76b19fe2885be6bacbfc5ae1d78e1e3c33715cacd220790eb364be5868fa04a3ea790d25ceb3a7b41155ceef25ab63f49776ccc332d3f07abb391c06045f

Download Submit
C:\Windows\system\szKGZrm.exe

Filesize
6.0MB

MD5
9d0414a4909766a4a49c1e8b6bdf991d

SHA1
688bcb80028c7c6202a277ff1875c47d256833d7

SHA256
8be13bfce1c1ab3c67022bc5ab73ed69c5b8345efa8861dddfffbdc5a555d2f9

SHA512
daa41eb74e472f28eabe3bc579e4996bb9e47573e069c67b9bf4144609d2a36f3d2a80a0de3e06501fc2ad5847062da12dbbc3932b48e825a84e08530c252a87

Download Submit
C:\Windows\system\yHHvSbi.exe

Filesize
6.0MB

MD5
1e34c14b20a806eaebbc21184fc6195d

SHA1
02756454bd12fc6b91b4e480bfc5141ff026fb4e

SHA256
89d7e4a9b061cba6aa8f281eeb6fb3edb8ae7e99d668cc5edf0b0fe01d6a6887

SHA512
fdb229854402240b53ad6a597af12a54e07e386473ecc5fc746ebd588f9f5303f19558e42d67e349b983678f24e89ae8dc87ce76693b2b26aa1148b9e16b75f9

Download Submit
\Windows\system\FJOOkoP.exe

Filesize
6.0MB

MD5
8ea63cdf5d8f338be99afd0b21326396

SHA1
f5415ebdf369c380d66c59d116b5c21a5653d7f4

SHA256
d8c82b0ca9282f496168bee15170b1b3f8fe013ad170cc237e252065b291059a

SHA512
7c16a455411caa3fccd732667f332fa85a3cdb631a2d0620454c6ebb808c918f4e65d007b3a631b93d6ab4d612d7b888eef8bcf3fda85a0b8f5c373f2560d2e8

Download Submit
\Windows\system\PmlwNmp.exe

Filesize
6.0MB

MD5
2e677861f34fda3ee1ea37b8471b4b0d

SHA1
ba84aa3a433e93e89e2c996476ccf559743732f1

SHA256
e874b876d8fd570f2667b9133396f24e1ad85421c269af529cf3a37d454de5d8

SHA512
3b2abae67637deb73a9a2d96c37ae7a475ffa5871a7682447ba09ff42ad8f407e16d868be0a67e427f07eebd716f03e1cbdb97e9432fa38a95d8166c97025ebf

Download Submit
\Windows\system\YGmqPvL.exe

Filesize
6.0MB

MD5
6bc5e9ed26af8c1d5721d557a20308f9

SHA1
ddbec5b3111901ff81b681b7f6655e3dbe8ac642

SHA256
a255c010d151246197b46bda472823f42eebe9e1a07d2a9b9f49f8d441a11b9a

SHA512
d890c755248a864357d6db32d8a2c675ebfedc2bc04b010e79ef3d86d45d2ebde0cc09b581ea1163c9843a71a4f359d7324bde6d9575a2b5c022e100340e3a98

Download Submit
\Windows\system\ZUKGzEq.exe

Filesize
6.0MB

MD5
e9ec755ecf1e4fc3f635d98825b49f61

SHA1
ae29269e58975a77ae6968f36bc33156ad74b4d7

SHA256
3f1dcc21521ca8d3aa2eb287de99a0b8020caeddf2633677cc07052c9c8a6aea

SHA512
29ac2fc385b61c5c31da438bd2ef02db9c23bf24d8f1fc7ee0bcac9869738517a6810d37309efcffda519d649f17a60128e24902e5d8a50a77953e610744086c

Download Submit
\Windows\system\dLnmnNT.exe

Filesize
6.0MB

MD5
f5c0b0543c8fb25cac5290d5dd9901a2

SHA1
fbcb671dae9ce87196c9e7cedd751de4f80c2073

SHA256
cb09e02d6254b96a61c46fdfdadfd03367b1aed31fabfab5c1709339114b4aaa

SHA512
02bfaeedc6c556636b4009e86d02b220da5255ac4516ce87fdf08d09f154ff2b07368f507e1f851e3fa48845d74854b591417c5ef42ba66a4afe89b37a82db88

Download Submit
\Windows\system\xQYmwky.exe

Filesize
6.0MB

MD5
fa7f90a9157ea689612a49d012363d4d

SHA1
8b14ba4a62e439554850cba54dc11b09a0b5024e

SHA256
b1891246de7eb3c8fa3e41592bf75da2be3a8272c210f2f88586d1f6f9aadbbb

SHA512
22d14729b48699b18feb708ad4e1a99cbe8557f0637650b735e5f50dbebe60433dde4b3bf241d2656dd8710a15c67262f525ae70002c6c37283c83bed6d0bf84

Download Submit
memory/276-16-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/276-25-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/276-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/276-36-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/276-750-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/276-38-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/276-1137-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/276-47-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/276-81-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/276-0-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/276-111-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/276-12-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/276-84-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/276-102-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/276-99-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/276-54-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/276-64-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/276-93-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/276-92-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/276-50-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/276-71-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/276-78-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/316-4004-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/316-8-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/316-42-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1460-4026-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/1460-866-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/1460-100-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/1700-519-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1700-4018-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1700-85-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2076-53-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2076-22-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2076-4009-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2112-39-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-77-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-4008-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-28-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-4014-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-61-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-634-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2568-4028-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2580-334-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2580-79-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2580-4027-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2772-58-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2772-4015-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2772-98-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2828-105-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2828-4010-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2828-65-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2852-4006-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2852-26-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2864-1073-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2864-106-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2864-4017-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2936-90-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2936-4003-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2936-51-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2940-4025-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-68-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-110-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download