cobaltstrike | f159a022d3595bb974aba80ee654327c26a7e6e3fcb1790f02256cad54c93d2e

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
30-01-2025 08:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

72101d0ebd907beee85b8bad28e10b42
SHA1

b98365f52de2a57f8bdbef2d2b239321b42be393
SHA256

f159a022d3595bb974aba80ee654327c26a7e6e3fcb1790f02256cad54c93d2e
SHA512

66897dd5679e35b0c797bdaa325f501501e9b888dcb1ed084bf6fd65233ca9489cee0a06b2b824b1aadca6f8a5445f2663f0127bfd996949882901ea8e4460cb
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUL:T+q56utgpPF8u/7L

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012257-3.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c5-16.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018703-34.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186bf-36.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019603-48.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09a-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41c-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41a-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a355-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a303-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07a-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a071-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb8-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9a-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db5-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019da9-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d40-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d18-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c50-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c32-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019999-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ed-89.dat	cobalt_reflective_dll
behavioral1/files/0x0030000000017021-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001969b-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019659-71.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-63.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-57.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001925b-45.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c9-20.dat	cobalt_reflective_dll
behavioral1/files/0x0033000000018650-21.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2816-0-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x000d000000012257-3.dat	xmrig
behavioral1/files/0x00060000000186c5-16.dat	xmrig
behavioral1/files/0x0008000000018703-34.dat	xmrig
behavioral1/files/0x00060000000186bf-36.dat	xmrig
behavioral1/memory/1916-38-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2140-40-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/files/0x0005000000019603-48.dat	xmrig
behavioral1/memory/560-51-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2152-65-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2712-64-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2084-72-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2596-78-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2676-83-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2120-90-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x000500000001a09a-146.dat	xmrig
behavioral1/memory/2120-1325-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2676-654-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2596-470-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2816-246-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41c-165.dat	xmrig
behavioral1/files/0x000500000001a41a-160.dat	xmrig
behavioral1/files/0x000500000001a355-156.dat	xmrig
behavioral1/files/0x000500000001a303-152.dat	xmrig
behavioral1/files/0x000500000001a07a-144.dat	xmrig
behavioral1/files/0x000500000001a071-140.dat	xmrig
behavioral1/files/0x0005000000019fb8-136.dat	xmrig
behavioral1/files/0x0005000000019f9a-132.dat	xmrig
behavioral1/files/0x0005000000019db5-128.dat	xmrig
behavioral1/files/0x0005000000019da9-124.dat	xmrig
behavioral1/files/0x0005000000019d40-120.dat	xmrig
behavioral1/files/0x0005000000019d18-116.dat	xmrig
behavioral1/files/0x0005000000019c50-112.dat	xmrig
behavioral1/files/0x0005000000019c36-108.dat	xmrig
behavioral1/files/0x0005000000019c34-105.dat	xmrig
behavioral1/files/0x0005000000019c32-100.dat	xmrig
behavioral1/files/0x0005000000019999-96.dat	xmrig
behavioral1/files/0x00050000000196ed-89.dat	xmrig
behavioral1/files/0x0030000000017021-82.dat	xmrig
behavioral1/files/0x000500000001969b-77.dat	xmrig
behavioral1/files/0x0005000000019659-71.dat	xmrig
behavioral1/memory/1916-68-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x0005000000019615-63.dat	xmrig
behavioral1/memory/1084-58-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019605-57.dat	xmrig
behavioral1/memory/2728-54-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2564-47-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/3000-46-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/files/0x000700000001925b-45.dat	xmrig
behavioral1/memory/2816-42-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x00060000000186c9-20.dat	xmrig
behavioral1/files/0x0033000000018650-21.dat	xmrig
behavioral1/memory/2712-35-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2816-33-0x00000000022B0000-0x0000000002604000-memory.dmp	xmrig
behavioral1/memory/2864-32-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2728-27-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/3000-11-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/3000-3073-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2728-3082-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2864-3086-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2712-3089-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/560-3563-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2120-3550-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2152-3568-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3000	ehQDBlH.exe
2728	LNryQXx.exe
2864	qFoulgn.exe
2712	sXPRuTZ.exe
1916	THKzoOO.exe
2140	jIDKJVB.exe
2564	ujRitSU.exe
560	GfTVTJY.exe
1084	tIRYMzB.exe
2152	eSsOqKM.exe
2084	OAiQCgd.exe
2596	WfRBDNH.exe
2676	MMNMsaf.exe
2120	ZmkaOnX.exe
2896	CutbZdI.exe
2544	OgAxcet.exe
2732	mbEvZPN.exe
2636	ZvYotzx.exe
1564	JhmFeJz.exe
1596	CkDbtpP.exe
2008	BciQNqZ.exe
1960	JSHWQbh.exe
2256	YlxfcUF.exe
2272	Hacbhmi.exe
2608	PGOTyDY.exe
2144	ZNQSWQB.exe
2312	CRxqbnd.exe
2072	CKeakNZ.exe
1100	kyTYlNQ.exe
1940	MbVbxfe.exe
896	WDiJBVI.exe
1740	BBfnWzi.exe
1504	PIzufjR.exe
1608	tmQNPag.exe
2656	VwhZPZF.exe
2652	CHHDiHt.exe
840	EOeCNEq.exe
1600	CnLCvwG.exe
1676	RhCoKTx.exe
1660	QZWnBMp.exe
2484	cDUscNa.exe
1348	MupXnAk.exe
1520	EZFFlox.exe
1672	oZjtIIx.exe
1032	ETmAfLs.exe
960	dfKJAmo.exe
860	qSgsWUO.exe
2628	pSPXQpE.exe
1412	yPLbQDd.exe
1812	nBESytO.exe
1604	FlBfouR.exe
2616	TVKboXZ.exe
1764	KJTZmkA.exe
1804	qjWYmap.exe
988	DrehKtd.exe
2096	aZJLlgp.exe
1928	sXTYdfP.exe
688	rkyvLxq.exe
1752	bFxrHme.exe
876	qOjkNLp.exe
1316	JKvvtIT.exe
1992	IobmEjy.exe
1580	FBgoiRo.exe
2236	QPpOvyn.exe

Loads dropped DLL 64 IoCs

pid	Process
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2816-0-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x000d000000012257-3.dat	upx
behavioral1/files/0x00060000000186c5-16.dat	upx
behavioral1/files/0x0008000000018703-34.dat	upx
behavioral1/files/0x00060000000186bf-36.dat	upx
behavioral1/memory/1916-38-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2140-40-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/files/0x0005000000019603-48.dat	upx
behavioral1/memory/560-51-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2152-65-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2712-64-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2084-72-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2596-78-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2676-83-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2120-90-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x000500000001a09a-146.dat	upx
behavioral1/memory/2120-1325-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2676-654-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2596-470-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/files/0x000500000001a41c-165.dat	upx
behavioral1/files/0x000500000001a41a-160.dat	upx
behavioral1/files/0x000500000001a355-156.dat	upx
behavioral1/files/0x000500000001a303-152.dat	upx
behavioral1/files/0x000500000001a07a-144.dat	upx
behavioral1/files/0x000500000001a071-140.dat	upx
behavioral1/files/0x0005000000019fb8-136.dat	upx
behavioral1/files/0x0005000000019f9a-132.dat	upx
behavioral1/files/0x0005000000019db5-128.dat	upx
behavioral1/files/0x0005000000019da9-124.dat	upx
behavioral1/files/0x0005000000019d40-120.dat	upx
behavioral1/files/0x0005000000019d18-116.dat	upx
behavioral1/files/0x0005000000019c50-112.dat	upx
behavioral1/files/0x0005000000019c36-108.dat	upx
behavioral1/files/0x0005000000019c34-105.dat	upx
behavioral1/files/0x0005000000019c32-100.dat	upx
behavioral1/files/0x0005000000019999-96.dat	upx
behavioral1/files/0x00050000000196ed-89.dat	upx
behavioral1/files/0x0030000000017021-82.dat	upx
behavioral1/files/0x000500000001969b-77.dat	upx
behavioral1/files/0x0005000000019659-71.dat	upx
behavioral1/memory/1916-68-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x0005000000019615-63.dat	upx
behavioral1/memory/1084-58-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x0005000000019605-57.dat	upx
behavioral1/memory/2728-54-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2564-47-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/3000-46-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/files/0x000700000001925b-45.dat	upx
behavioral1/memory/2816-42-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x00060000000186c9-20.dat	upx
behavioral1/files/0x0033000000018650-21.dat	upx
behavioral1/memory/2712-35-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2864-32-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2728-27-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/3000-11-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/3000-3073-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2728-3082-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2864-3086-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2712-3089-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/560-3563-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2120-3550-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2152-3568-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2596-3565-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2676-3821-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vsNoSgI.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kjHCQMH.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GbIDrxy.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aHRJbJb.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jvQqsgq.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xSfBwxs.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tgWZiwJ.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oJxyuVp.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmPXfEr.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSaufae.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kCKPjXE.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rNOwYtq.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nhAwErJ.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pMBYUXF.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TzNLNyc.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iXZXgBm.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\htBHPMw.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fRuRPjH.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZllCGMz.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxLoYug.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RvtntTM.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FSKrArS.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nzBtOlc.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RvSgcEB.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZOovydu.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DPiHusA.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bCfzyZz.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GcGbzWW.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OxmbInv.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xcQVixe.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RuEiBqI.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dtuCoqe.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJVkgej.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RGwsHEm.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tIMOeVE.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vHJSnix.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tANbwJh.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eRBdiKg.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WlbZCHT.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\StPxffl.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\acefebv.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qQxAFla.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EOeCNEq.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zoLkJKZ.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XrCsKhR.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BksRHUT.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EXYvlXB.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qAyAiqG.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XwNKCAz.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYsFKwQ.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xyDyptx.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SBrHGeJ.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fGctuzG.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JsbqFtx.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VrrSIiY.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aSrIFTl.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YvTNNWr.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYHqmLM.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jQPpfJZ.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MbVbxfe.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ACokfbR.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ipTcfcB.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bPawwGu.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMBSfqw.exe	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 3000	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2816 wrote to memory of 3000	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2816 wrote to memory of 3000	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2816 wrote to memory of 2728	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2816 wrote to memory of 2728	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2816 wrote to memory of 2728	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2816 wrote to memory of 1916	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2816 wrote to memory of 1916	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2816 wrote to memory of 1916	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2816 wrote to memory of 2864	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2816 wrote to memory of 2864	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2816 wrote to memory of 2864	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2816 wrote to memory of 2140	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2816 wrote to memory of 2140	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2816 wrote to memory of 2140	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2816 wrote to memory of 2712	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2816 wrote to memory of 2712	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2816 wrote to memory of 2712	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2816 wrote to memory of 2564	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2816 wrote to memory of 2564	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2816 wrote to memory of 2564	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2816 wrote to memory of 560	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2816 wrote to memory of 560	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2816 wrote to memory of 560	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2816 wrote to memory of 1084	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2816 wrote to memory of 1084	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2816 wrote to memory of 1084	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2816 wrote to memory of 2152	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2816 wrote to memory of 2152	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2816 wrote to memory of 2152	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2816 wrote to memory of 2084	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2816 wrote to memory of 2084	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2816 wrote to memory of 2084	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2816 wrote to memory of 2596	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2816 wrote to memory of 2596	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2816 wrote to memory of 2596	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2816 wrote to memory of 2676	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2816 wrote to memory of 2676	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2816 wrote to memory of 2676	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2816 wrote to memory of 2120	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2816 wrote to memory of 2120	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2816 wrote to memory of 2120	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2816 wrote to memory of 2896	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2816 wrote to memory of 2896	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2816 wrote to memory of 2896	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2816 wrote to memory of 2544	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2816 wrote to memory of 2544	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2816 wrote to memory of 2544	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2816 wrote to memory of 2732	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2816 wrote to memory of 2732	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2816 wrote to memory of 2732	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2816 wrote to memory of 2636	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2816 wrote to memory of 2636	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2816 wrote to memory of 2636	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2816 wrote to memory of 1564	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2816 wrote to memory of 1564	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2816 wrote to memory of 1564	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2816 wrote to memory of 1596	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2816 wrote to memory of 1596	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2816 wrote to memory of 1596	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2816 wrote to memory of 2008	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2816 wrote to memory of 2008	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2816 wrote to memory of 2008	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2816 wrote to memory of 1960	2816	2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-30_72101d0ebd907beee85b8bad28e10b42_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Windows\System\ehQDBlH.exe
  C:\Windows\System\ehQDBlH.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\LNryQXx.exe
  C:\Windows\System\LNryQXx.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\THKzoOO.exe
  C:\Windows\System\THKzoOO.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\qFoulgn.exe
  C:\Windows\System\qFoulgn.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\jIDKJVB.exe
  C:\Windows\System\jIDKJVB.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\sXPRuTZ.exe
  C:\Windows\System\sXPRuTZ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\ujRitSU.exe
  C:\Windows\System\ujRitSU.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\GfTVTJY.exe
  C:\Windows\System\GfTVTJY.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\tIRYMzB.exe
  C:\Windows\System\tIRYMzB.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\eSsOqKM.exe
  C:\Windows\System\eSsOqKM.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\OAiQCgd.exe
  C:\Windows\System\OAiQCgd.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\WfRBDNH.exe
  C:\Windows\System\WfRBDNH.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\MMNMsaf.exe
  C:\Windows\System\MMNMsaf.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\ZmkaOnX.exe
  C:\Windows\System\ZmkaOnX.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\CutbZdI.exe
  C:\Windows\System\CutbZdI.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\OgAxcet.exe
  C:\Windows\System\OgAxcet.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\mbEvZPN.exe
  C:\Windows\System\mbEvZPN.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\ZvYotzx.exe
  C:\Windows\System\ZvYotzx.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\JhmFeJz.exe
  C:\Windows\System\JhmFeJz.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\CkDbtpP.exe
  C:\Windows\System\CkDbtpP.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\BciQNqZ.exe
  C:\Windows\System\BciQNqZ.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\JSHWQbh.exe
  C:\Windows\System\JSHWQbh.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\YlxfcUF.exe
  C:\Windows\System\YlxfcUF.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\Hacbhmi.exe
  C:\Windows\System\Hacbhmi.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\PGOTyDY.exe
  C:\Windows\System\PGOTyDY.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\ZNQSWQB.exe
  C:\Windows\System\ZNQSWQB.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\CRxqbnd.exe
  C:\Windows\System\CRxqbnd.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\CKeakNZ.exe
  C:\Windows\System\CKeakNZ.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\kyTYlNQ.exe
  C:\Windows\System\kyTYlNQ.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\MbVbxfe.exe
  C:\Windows\System\MbVbxfe.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\WDiJBVI.exe
  C:\Windows\System\WDiJBVI.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\BBfnWzi.exe
  C:\Windows\System\BBfnWzi.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\PIzufjR.exe
  C:\Windows\System\PIzufjR.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\tmQNPag.exe
  C:\Windows\System\tmQNPag.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\VwhZPZF.exe
  C:\Windows\System\VwhZPZF.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\CHHDiHt.exe
  C:\Windows\System\CHHDiHt.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\EOeCNEq.exe
  C:\Windows\System\EOeCNEq.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\CnLCvwG.exe
  C:\Windows\System\CnLCvwG.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\RhCoKTx.exe
  C:\Windows\System\RhCoKTx.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\QZWnBMp.exe
  C:\Windows\System\QZWnBMp.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\cDUscNa.exe
  C:\Windows\System\cDUscNa.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\MupXnAk.exe
  C:\Windows\System\MupXnAk.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\EZFFlox.exe
  C:\Windows\System\EZFFlox.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\oZjtIIx.exe
  C:\Windows\System\oZjtIIx.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\ETmAfLs.exe
  C:\Windows\System\ETmAfLs.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\dfKJAmo.exe
  C:\Windows\System\dfKJAmo.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\qSgsWUO.exe
  C:\Windows\System\qSgsWUO.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\pSPXQpE.exe
  C:\Windows\System\pSPXQpE.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\yPLbQDd.exe
  C:\Windows\System\yPLbQDd.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\nBESytO.exe
  C:\Windows\System\nBESytO.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\FlBfouR.exe
  C:\Windows\System\FlBfouR.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\TVKboXZ.exe
  C:\Windows\System\TVKboXZ.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\KJTZmkA.exe
  C:\Windows\System\KJTZmkA.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\qjWYmap.exe
  C:\Windows\System\qjWYmap.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\DrehKtd.exe
  C:\Windows\System\DrehKtd.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\aZJLlgp.exe
  C:\Windows\System\aZJLlgp.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\sXTYdfP.exe
  C:\Windows\System\sXTYdfP.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\rkyvLxq.exe
  C:\Windows\System\rkyvLxq.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\bFxrHme.exe
  C:\Windows\System\bFxrHme.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\qOjkNLp.exe
  C:\Windows\System\qOjkNLp.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\JKvvtIT.exe
  C:\Windows\System\JKvvtIT.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\IobmEjy.exe
  C:\Windows\System\IobmEjy.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\FBgoiRo.exe
  C:\Windows\System\FBgoiRo.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\QPpOvyn.exe
  C:\Windows\System\QPpOvyn.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\bPawwGu.exe
  C:\Windows\System\bPawwGu.exe
  2⤵
  PID:1372
- C:\Windows\System\FisLzyt.exe
  C:\Windows\System\FisLzyt.exe
  2⤵
  PID:2416
- C:\Windows\System\RGKKrEB.exe
  C:\Windows\System\RGKKrEB.exe
  2⤵
  PID:2968
- C:\Windows\System\bgFACXq.exe
  C:\Windows\System\bgFACXq.exe
  2⤵
  PID:1648
- C:\Windows\System\LvKURSv.exe
  C:\Windows\System\LvKURSv.exe
  2⤵
  PID:2704
- C:\Windows\System\gqCuuiT.exe
  C:\Windows\System\gqCuuiT.exe
  2⤵
  PID:776
- C:\Windows\System\HOnVcbL.exe
  C:\Windows\System\HOnVcbL.exe
  2⤵
  PID:836
- C:\Windows\System\qxRZXXk.exe
  C:\Windows\System\qxRZXXk.exe
  2⤵
  PID:2424
- C:\Windows\System\IbcQTBD.exe
  C:\Windows\System\IbcQTBD.exe
  2⤵
  PID:2920
- C:\Windows\System\ncFxesD.exe
  C:\Windows\System\ncFxesD.exe
  2⤵
  PID:2912
- C:\Windows\System\zKRlhJW.exe
  C:\Windows\System\zKRlhJW.exe
  2⤵
  PID:2296
- C:\Windows\System\gGSMfXh.exe
  C:\Windows\System\gGSMfXh.exe
  2⤵
  PID:3044
- C:\Windows\System\SduPLJa.exe
  C:\Windows\System\SduPLJa.exe
  2⤵
  PID:2212
- C:\Windows\System\ONuBZqg.exe
  C:\Windows\System\ONuBZqg.exe
  2⤵
  PID:2196
- C:\Windows\System\crZfOFp.exe
  C:\Windows\System\crZfOFp.exe
  2⤵
  PID:2476
- C:\Windows\System\jODuKBZ.exe
  C:\Windows\System\jODuKBZ.exe
  2⤵
  PID:2056
- C:\Windows\System\IuEAgJj.exe
  C:\Windows\System\IuEAgJj.exe
  2⤵
  PID:2316
- C:\Windows\System\aFRGqJH.exe
  C:\Windows\System\aFRGqJH.exe
  2⤵
  PID:920
- C:\Windows\System\hQsDZPO.exe
  C:\Windows\System\hQsDZPO.exe
  2⤵
  PID:1620
- C:\Windows\System\yHIIQLY.exe
  C:\Windows\System\yHIIQLY.exe
  2⤵
  PID:984
- C:\Windows\System\DAMeiLB.exe
  C:\Windows\System\DAMeiLB.exe
  2⤵
  PID:1332
- C:\Windows\System\KqLrobS.exe
  C:\Windows\System\KqLrobS.exe
  2⤵
  PID:1948
- C:\Windows\System\XtFTLLN.exe
  C:\Windows\System\XtFTLLN.exe
  2⤵
  PID:1712
- C:\Windows\System\rlKgXex.exe
  C:\Windows\System\rlKgXex.exe
  2⤵
  PID:1036
- C:\Windows\System\RbzIaXv.exe
  C:\Windows\System\RbzIaXv.exe
  2⤵
  PID:1924
- C:\Windows\System\riNylVv.exe
  C:\Windows\System\riNylVv.exe
  2⤵
  PID:2804
- C:\Windows\System\UKNVmTW.exe
  C:\Windows\System\UKNVmTW.exe
  2⤵
  PID:1832
- C:\Windows\System\XKCCVRU.exe
  C:\Windows\System\XKCCVRU.exe
  2⤵
  PID:808
- C:\Windows\System\GJsIheB.exe
  C:\Windows\System\GJsIheB.exe
  2⤵
  PID:3184
- C:\Windows\System\TAJfBSs.exe
  C:\Windows\System\TAJfBSs.exe
  2⤵
  PID:3204
- C:\Windows\System\EGXhhuA.exe
  C:\Windows\System\EGXhhuA.exe
  2⤵
  PID:3224
- C:\Windows\System\oQhfBYc.exe
  C:\Windows\System\oQhfBYc.exe
  2⤵
  PID:3244
- C:\Windows\System\gadVjpF.exe
  C:\Windows\System\gadVjpF.exe
  2⤵
  PID:3264
- C:\Windows\System\nXTmscb.exe
  C:\Windows\System\nXTmscb.exe
  2⤵
  PID:3284
- C:\Windows\System\QkyzIAf.exe
  C:\Windows\System\QkyzIAf.exe
  2⤵
  PID:3304
- C:\Windows\System\XWYwgzd.exe
  C:\Windows\System\XWYwgzd.exe
  2⤵
  PID:3324
- C:\Windows\System\TskdEAU.exe
  C:\Windows\System\TskdEAU.exe
  2⤵
  PID:3344
- C:\Windows\System\eGuBNEa.exe
  C:\Windows\System\eGuBNEa.exe
  2⤵
  PID:3360
- C:\Windows\System\pFOHMOz.exe
  C:\Windows\System\pFOHMOz.exe
  2⤵
  PID:3384
- C:\Windows\System\ZQFuXtL.exe
  C:\Windows\System\ZQFuXtL.exe
  2⤵
  PID:3404
- C:\Windows\System\GUdrWSo.exe
  C:\Windows\System\GUdrWSo.exe
  2⤵
  PID:3424
- C:\Windows\System\drSTPyP.exe
  C:\Windows\System\drSTPyP.exe
  2⤵
  PID:3444
- C:\Windows\System\EKnopRb.exe
  C:\Windows\System\EKnopRb.exe
  2⤵
  PID:3464
- C:\Windows\System\gNXAbpu.exe
  C:\Windows\System\gNXAbpu.exe
  2⤵
  PID:3484
- C:\Windows\System\XlVjnUG.exe
  C:\Windows\System\XlVjnUG.exe
  2⤵
  PID:3504
- C:\Windows\System\cYnsSUk.exe
  C:\Windows\System\cYnsSUk.exe
  2⤵
  PID:3524
- C:\Windows\System\UvoiTNY.exe
  C:\Windows\System\UvoiTNY.exe
  2⤵
  PID:3544
- C:\Windows\System\tgWZiwJ.exe
  C:\Windows\System\tgWZiwJ.exe
  2⤵
  PID:3564
- C:\Windows\System\oOjuIyh.exe
  C:\Windows\System\oOjuIyh.exe
  2⤵
  PID:3584
- C:\Windows\System\xUHUFwP.exe
  C:\Windows\System\xUHUFwP.exe
  2⤵
  PID:3604
- C:\Windows\System\acIlZuX.exe
  C:\Windows\System\acIlZuX.exe
  2⤵
  PID:3624
- C:\Windows\System\bvDiMiT.exe
  C:\Windows\System\bvDiMiT.exe
  2⤵
  PID:3644
- C:\Windows\System\IMVTTBg.exe
  C:\Windows\System\IMVTTBg.exe
  2⤵
  PID:3664
- C:\Windows\System\HCyrrHs.exe
  C:\Windows\System\HCyrrHs.exe
  2⤵
  PID:3684
- C:\Windows\System\VtwBhXB.exe
  C:\Windows\System\VtwBhXB.exe
  2⤵
  PID:3704
- C:\Windows\System\yhNvZia.exe
  C:\Windows\System\yhNvZia.exe
  2⤵
  PID:3724
- C:\Windows\System\QWuNkHF.exe
  C:\Windows\System\QWuNkHF.exe
  2⤵
  PID:3744
- C:\Windows\System\oTPQGdQ.exe
  C:\Windows\System\oTPQGdQ.exe
  2⤵
  PID:3764
- C:\Windows\System\YYckOBb.exe
  C:\Windows\System\YYckOBb.exe
  2⤵
  PID:3784
- C:\Windows\System\lwBwYKD.exe
  C:\Windows\System\lwBwYKD.exe
  2⤵
  PID:3804
- C:\Windows\System\rqSPIbL.exe
  C:\Windows\System\rqSPIbL.exe
  2⤵
  PID:3824
- C:\Windows\System\ZXuafEL.exe
  C:\Windows\System\ZXuafEL.exe
  2⤵
  PID:3848
- C:\Windows\System\sjuaLAn.exe
  C:\Windows\System\sjuaLAn.exe
  2⤵
  PID:3868
- C:\Windows\System\iVSzOCJ.exe
  C:\Windows\System\iVSzOCJ.exe
  2⤵
  PID:3888
- C:\Windows\System\NJBNVUz.exe
  C:\Windows\System\NJBNVUz.exe
  2⤵
  PID:3908
- C:\Windows\System\kBMLKyC.exe
  C:\Windows\System\kBMLKyC.exe
  2⤵
  PID:3928
- C:\Windows\System\SWRAudV.exe
  C:\Windows\System\SWRAudV.exe
  2⤵
  PID:3948
- C:\Windows\System\XrIHZvQ.exe
  C:\Windows\System\XrIHZvQ.exe
  2⤵
  PID:3968
- C:\Windows\System\ksUtgKS.exe
  C:\Windows\System\ksUtgKS.exe
  2⤵
  PID:3988
- C:\Windows\System\QNSTtyw.exe
  C:\Windows\System\QNSTtyw.exe
  2⤵
  PID:4008
- C:\Windows\System\ZIxUmRC.exe
  C:\Windows\System\ZIxUmRC.exe
  2⤵
  PID:4028
- C:\Windows\System\oZqcfNa.exe
  C:\Windows\System\oZqcfNa.exe
  2⤵
  PID:4048
- C:\Windows\System\gSPHUNA.exe
  C:\Windows\System\gSPHUNA.exe
  2⤵
  PID:4068
- C:\Windows\System\yYqGOJC.exe
  C:\Windows\System\yYqGOJC.exe
  2⤵
  PID:4088
- C:\Windows\System\XFfiYNd.exe
  C:\Windows\System\XFfiYNd.exe
  2⤵
  PID:2264
- C:\Windows\System\XPsHVOq.exe
  C:\Windows\System\XPsHVOq.exe
  2⤵
  PID:2772
- C:\Windows\System\ygaRdbD.exe
  C:\Windows\System\ygaRdbD.exe
  2⤵
  PID:2036
- C:\Windows\System\XkhAusc.exe
  C:\Windows\System\XkhAusc.exe
  2⤵
  PID:1204
- C:\Windows\System\BNGHJXx.exe
  C:\Windows\System\BNGHJXx.exe
  2⤵
  PID:3036
- C:\Windows\System\iPpVodn.exe
  C:\Windows\System\iPpVodn.exe
  2⤵
  PID:2040
- C:\Windows\System\fhgFppA.exe
  C:\Windows\System\fhgFppA.exe
  2⤵
  PID:612
- C:\Windows\System\lNFnwTz.exe
  C:\Windows\System\lNFnwTz.exe
  2⤵
  PID:2996
- C:\Windows\System\fEZEQAH.exe
  C:\Windows\System\fEZEQAH.exe
  2⤵
  PID:1192
- C:\Windows\System\phRxkrX.exe
  C:\Windows\System\phRxkrX.exe
  2⤵
  PID:1632
- C:\Windows\System\oJxyuVp.exe
  C:\Windows\System\oJxyuVp.exe
  2⤵
  PID:2308
- C:\Windows\System\SBgdCCH.exe
  C:\Windows\System\SBgdCCH.exe
  2⤵
  PID:1936
- C:\Windows\System\LBpUZMM.exe
  C:\Windows\System\LBpUZMM.exe
  2⤵
  PID:880
- C:\Windows\System\wSiDRGw.exe
  C:\Windows\System\wSiDRGw.exe
  2⤵
  PID:1784
- C:\Windows\System\HEdtjet.exe
  C:\Windows\System\HEdtjet.exe
  2⤵
  PID:2168
- C:\Windows\System\jMixIhO.exe
  C:\Windows\System\jMixIhO.exe
  2⤵
  PID:2112
- C:\Windows\System\IjHzAOY.exe
  C:\Windows\System\IjHzAOY.exe
  2⤵
  PID:3088
- C:\Windows\System\LWqaHbu.exe
  C:\Windows\System\LWqaHbu.exe
  2⤵
  PID:3112
- C:\Windows\System\xVwzqCA.exe
  C:\Windows\System\xVwzqCA.exe
  2⤵
  PID:3132
- C:\Windows\System\ukfjjtg.exe
  C:\Windows\System\ukfjjtg.exe
  2⤵
  PID:3152
- C:\Windows\System\fkRKUJI.exe
  C:\Windows\System\fkRKUJI.exe
  2⤵
  PID:3176
- C:\Windows\System\qRKOEsX.exe
  C:\Windows\System\qRKOEsX.exe
  2⤵
  PID:3196
- C:\Windows\System\aclkSko.exe
  C:\Windows\System\aclkSko.exe
  2⤵
  PID:3240
- C:\Windows\System\sqFxehC.exe
  C:\Windows\System\sqFxehC.exe
  2⤵
  PID:3292
- C:\Windows\System\WlOBxXu.exe
  C:\Windows\System\WlOBxXu.exe
  2⤵
  PID:3296
- C:\Windows\System\MNrpYUl.exe
  C:\Windows\System\MNrpYUl.exe
  2⤵
  PID:3340
- C:\Windows\System\ELGnoFA.exe
  C:\Windows\System\ELGnoFA.exe
  2⤵
  PID:3352
- C:\Windows\System\hEXBdBV.exe
  C:\Windows\System\hEXBdBV.exe
  2⤵
  PID:3400
- C:\Windows\System\ERTPdvV.exe
  C:\Windows\System\ERTPdvV.exe
  2⤵
  PID:3452
- C:\Windows\System\UUkgRZP.exe
  C:\Windows\System\UUkgRZP.exe
  2⤵
  PID:3472
- C:\Windows\System\EtHUmxE.exe
  C:\Windows\System\EtHUmxE.exe
  2⤵
  PID:3496
- C:\Windows\System\nuZxsfg.exe
  C:\Windows\System\nuZxsfg.exe
  2⤵
  PID:3520
- C:\Windows\System\nshmIpH.exe
  C:\Windows\System\nshmIpH.exe
  2⤵
  PID:3572
- C:\Windows\System\xlQwUzz.exe
  C:\Windows\System\xlQwUzz.exe
  2⤵
  PID:3612
- C:\Windows\System\YUucocp.exe
  C:\Windows\System\YUucocp.exe
  2⤵
  PID:3636
- C:\Windows\System\rNdciMz.exe
  C:\Windows\System\rNdciMz.exe
  2⤵
  PID:3692
- C:\Windows\System\poRJkbi.exe
  C:\Windows\System\poRJkbi.exe
  2⤵
  PID:3696
- C:\Windows\System\LfLusXz.exe
  C:\Windows\System\LfLusXz.exe
  2⤵
  PID:3716
- C:\Windows\System\LVAdiys.exe
  C:\Windows\System\LVAdiys.exe
  2⤵
  PID:3772
- C:\Windows\System\OYAcJQp.exe
  C:\Windows\System\OYAcJQp.exe
  2⤵
  PID:3796
- C:\Windows\System\RFmUyRS.exe
  C:\Windows\System\RFmUyRS.exe
  2⤵
  PID:3856
- C:\Windows\System\GhZZVzI.exe
  C:\Windows\System\GhZZVzI.exe
  2⤵
  PID:3876
- C:\Windows\System\rkxhneA.exe
  C:\Windows\System\rkxhneA.exe
  2⤵
  PID:3900
- C:\Windows\System\IOIbaKH.exe
  C:\Windows\System\IOIbaKH.exe
  2⤵
  PID:3924
- C:\Windows\System\eDXPWOL.exe
  C:\Windows\System\eDXPWOL.exe
  2⤵
  PID:3960
- C:\Windows\System\ljXydwc.exe
  C:\Windows\System\ljXydwc.exe
  2⤵
  PID:4000
- C:\Windows\System\EVTKUkv.exe
  C:\Windows\System\EVTKUkv.exe
  2⤵
  PID:4044
- C:\Windows\System\fALFSZU.exe
  C:\Windows\System\fALFSZU.exe
  2⤵
  PID:2540
- C:\Windows\System\nxbXEBy.exe
  C:\Windows\System\nxbXEBy.exe
  2⤵
  PID:2408
- C:\Windows\System\fFktSus.exe
  C:\Windows\System\fFktSus.exe
  2⤵
  PID:2668
- C:\Windows\System\QrHVDho.exe
  C:\Windows\System\QrHVDho.exe
  2⤵
  PID:2828
- C:\Windows\System\OVeDAGz.exe
  C:\Windows\System\OVeDAGz.exe
  2⤵
  PID:916
- C:\Windows\System\KNwpvDw.exe
  C:\Windows\System\KNwpvDw.exe
  2⤵
  PID:1508
- C:\Windows\System\HRfrFGR.exe
  C:\Windows\System\HRfrFGR.exe
  2⤵
  PID:2124
- C:\Windows\System\balmxUA.exe
  C:\Windows\System\balmxUA.exe
  2⤵
  PID:1848
- C:\Windows\System\CRgOOpo.exe
  C:\Windows\System\CRgOOpo.exe
  2⤵
  PID:264
- C:\Windows\System\ZVXRlqr.exe
  C:\Windows\System\ZVXRlqr.exe
  2⤵
  PID:2932
- C:\Windows\System\YCXaKtV.exe
  C:\Windows\System\YCXaKtV.exe
  2⤵
  PID:2288
- C:\Windows\System\UKZgHXa.exe
  C:\Windows\System\UKZgHXa.exe
  2⤵
  PID:3128
- C:\Windows\System\XLXdqxQ.exe
  C:\Windows\System\XLXdqxQ.exe
  2⤵
  PID:3168
- C:\Windows\System\WlsdJwn.exe
  C:\Windows\System\WlsdJwn.exe
  2⤵
  PID:3200
- C:\Windows\System\kyutmHs.exe
  C:\Windows\System\kyutmHs.exe
  2⤵
  PID:3252
- C:\Windows\System\QBYIjat.exe
  C:\Windows\System\QBYIjat.exe
  2⤵
  PID:3280
- C:\Windows\System\XNlBPiA.exe
  C:\Windows\System\XNlBPiA.exe
  2⤵
  PID:3380
- C:\Windows\System\NqMhASd.exe
  C:\Windows\System\NqMhASd.exe
  2⤵
  PID:3416
- C:\Windows\System\qxnfZfi.exe
  C:\Windows\System\qxnfZfi.exe
  2⤵
  PID:3436
- C:\Windows\System\wtJyUqk.exe
  C:\Windows\System\wtJyUqk.exe
  2⤵
  PID:3536
- C:\Windows\System\wOugSbb.exe
  C:\Windows\System\wOugSbb.exe
  2⤵
  PID:3576
- C:\Windows\System\XqTIeiU.exe
  C:\Windows\System\XqTIeiU.exe
  2⤵
  PID:3616
- C:\Windows\System\rpGDmEG.exe
  C:\Windows\System\rpGDmEG.exe
  2⤵
  PID:3676
- C:\Windows\System\NrKjoap.exe
  C:\Windows\System\NrKjoap.exe
  2⤵
  PID:3752
- C:\Windows\System\rWUCdMn.exe
  C:\Windows\System\rWUCdMn.exe
  2⤵
  PID:3792
- C:\Windows\System\wBkvHVA.exe
  C:\Windows\System\wBkvHVA.exe
  2⤵
  PID:3904
- C:\Windows\System\xukqzFa.exe
  C:\Windows\System\xukqzFa.exe
  2⤵
  PID:3944
- C:\Windows\System\SkBwWuu.exe
  C:\Windows\System\SkBwWuu.exe
  2⤵
  PID:3964
- C:\Windows\System\HkGPHdr.exe
  C:\Windows\System\HkGPHdr.exe
  2⤵
  PID:4036
- C:\Windows\System\bBHFuqO.exe
  C:\Windows\System\bBHFuqO.exe
  2⤵
  PID:1536
- C:\Windows\System\MdyJjSR.exe
  C:\Windows\System\MdyJjSR.exe
  2⤵
  PID:2552
- C:\Windows\System\xUsqfJu.exe
  C:\Windows\System\xUsqfJu.exe
  2⤵
  PID:1284
- C:\Windows\System\NsKXLlC.exe
  C:\Windows\System\NsKXLlC.exe
  2⤵
  PID:1592
- C:\Windows\System\eXZIitX.exe
  C:\Windows\System\eXZIitX.exe
  2⤵
  PID:2148
- C:\Windows\System\EJcvYnb.exe
  C:\Windows\System\EJcvYnb.exe
  2⤵
  PID:3040
- C:\Windows\System\HTHczLk.exe
  C:\Windows\System\HTHczLk.exe
  2⤵
  PID:1340
- C:\Windows\System\pVSYvuE.exe
  C:\Windows\System\pVSYvuE.exe
  2⤵
  PID:3144
- C:\Windows\System\aKobUGf.exe
  C:\Windows\System\aKobUGf.exe
  2⤵
  PID:3192
- C:\Windows\System\FwWPzIz.exe
  C:\Windows\System\FwWPzIz.exe
  2⤵
  PID:3368
- C:\Windows\System\QNmoWUq.exe
  C:\Windows\System\QNmoWUq.exe
  2⤵
  PID:3456
- C:\Windows\System\XvqPHKf.exe
  C:\Windows\System\XvqPHKf.exe
  2⤵
  PID:3492
- C:\Windows\System\qAyAiqG.exe
  C:\Windows\System\qAyAiqG.exe
  2⤵
  PID:3596
- C:\Windows\System\lPnTeDD.exe
  C:\Windows\System\lPnTeDD.exe
  2⤵
  PID:3656
- C:\Windows\System\vxmnnRM.exe
  C:\Windows\System\vxmnnRM.exe
  2⤵
  PID:3776
- C:\Windows\System\FGoJbZL.exe
  C:\Windows\System\FGoJbZL.exe
  2⤵
  PID:4104
- C:\Windows\System\gxZYUNm.exe
  C:\Windows\System\gxZYUNm.exe
  2⤵
  PID:4124
- C:\Windows\System\puBkXEE.exe
  C:\Windows\System\puBkXEE.exe
  2⤵
  PID:4144
- C:\Windows\System\mVuAQZY.exe
  C:\Windows\System\mVuAQZY.exe
  2⤵
  PID:4164
- C:\Windows\System\PyEGwfF.exe
  C:\Windows\System\PyEGwfF.exe
  2⤵
  PID:4184
- C:\Windows\System\UIWKnKT.exe
  C:\Windows\System\UIWKnKT.exe
  2⤵
  PID:4204
- C:\Windows\System\mgysbLS.exe
  C:\Windows\System\mgysbLS.exe
  2⤵
  PID:4224
- C:\Windows\System\vZvkpod.exe
  C:\Windows\System\vZvkpod.exe
  2⤵
  PID:4244
- C:\Windows\System\ShEkxOG.exe
  C:\Windows\System\ShEkxOG.exe
  2⤵
  PID:4264
- C:\Windows\System\Xxwxmbr.exe
  C:\Windows\System\Xxwxmbr.exe
  2⤵
  PID:4284
- C:\Windows\System\fwIVWuP.exe
  C:\Windows\System\fwIVWuP.exe
  2⤵
  PID:4300
- C:\Windows\System\GbiJyta.exe
  C:\Windows\System\GbiJyta.exe
  2⤵
  PID:4324
- C:\Windows\System\UmBeEGs.exe
  C:\Windows\System\UmBeEGs.exe
  2⤵
  PID:4344
- C:\Windows\System\PAjzLwq.exe
  C:\Windows\System\PAjzLwq.exe
  2⤵
  PID:4364
- C:\Windows\System\KucFpVc.exe
  C:\Windows\System\KucFpVc.exe
  2⤵
  PID:4384
- C:\Windows\System\JFQdAXW.exe
  C:\Windows\System\JFQdAXW.exe
  2⤵
  PID:4404
- C:\Windows\System\hdDEQXN.exe
  C:\Windows\System\hdDEQXN.exe
  2⤵
  PID:4424
- C:\Windows\System\osgoVTd.exe
  C:\Windows\System\osgoVTd.exe
  2⤵
  PID:4444
- C:\Windows\System\FaEHJdr.exe
  C:\Windows\System\FaEHJdr.exe
  2⤵
  PID:4460
- C:\Windows\System\ErcsLiv.exe
  C:\Windows\System\ErcsLiv.exe
  2⤵
  PID:4484
- C:\Windows\System\gDTjxgp.exe
  C:\Windows\System\gDTjxgp.exe
  2⤵
  PID:4500
- C:\Windows\System\VDIVDgq.exe
  C:\Windows\System\VDIVDgq.exe
  2⤵
  PID:4524
- C:\Windows\System\yqUmCJV.exe
  C:\Windows\System\yqUmCJV.exe
  2⤵
  PID:4540
- C:\Windows\System\OJQZSjv.exe
  C:\Windows\System\OJQZSjv.exe
  2⤵
  PID:4564
- C:\Windows\System\bjwcLCP.exe
  C:\Windows\System\bjwcLCP.exe
  2⤵
  PID:4580
- C:\Windows\System\RjENkZE.exe
  C:\Windows\System\RjENkZE.exe
  2⤵
  PID:4604
- C:\Windows\System\BCKmkOe.exe
  C:\Windows\System\BCKmkOe.exe
  2⤵
  PID:4624
- C:\Windows\System\ILflLhg.exe
  C:\Windows\System\ILflLhg.exe
  2⤵
  PID:4644
- C:\Windows\System\mCrziQv.exe
  C:\Windows\System\mCrziQv.exe
  2⤵
  PID:4660
- C:\Windows\System\NAIwUHa.exe
  C:\Windows\System\NAIwUHa.exe
  2⤵
  PID:4684
- C:\Windows\System\JsbqFtx.exe
  C:\Windows\System\JsbqFtx.exe
  2⤵
  PID:4700
- C:\Windows\System\ryNZzyf.exe
  C:\Windows\System\ryNZzyf.exe
  2⤵
  PID:4724
- C:\Windows\System\TltAqdQ.exe
  C:\Windows\System\TltAqdQ.exe
  2⤵
  PID:4744
- C:\Windows\System\ordKnaU.exe
  C:\Windows\System\ordKnaU.exe
  2⤵
  PID:4764
- C:\Windows\System\yplJTow.exe
  C:\Windows\System\yplJTow.exe
  2⤵
  PID:4784
- C:\Windows\System\wzKpcJo.exe
  C:\Windows\System\wzKpcJo.exe
  2⤵
  PID:4804
- C:\Windows\System\vIPYHiK.exe
  C:\Windows\System\vIPYHiK.exe
  2⤵
  PID:4824
- C:\Windows\System\EBdeHpm.exe
  C:\Windows\System\EBdeHpm.exe
  2⤵
  PID:4844
- C:\Windows\System\lyLLfGB.exe
  C:\Windows\System\lyLLfGB.exe
  2⤵
  PID:4864
- C:\Windows\System\wnEJjsL.exe
  C:\Windows\System\wnEJjsL.exe
  2⤵
  PID:4884
- C:\Windows\System\JofFIbZ.exe
  C:\Windows\System\JofFIbZ.exe
  2⤵
  PID:4904
- C:\Windows\System\paSueiK.exe
  C:\Windows\System\paSueiK.exe
  2⤵
  PID:4924
- C:\Windows\System\idmzUSS.exe
  C:\Windows\System\idmzUSS.exe
  2⤵
  PID:4944
- C:\Windows\System\wFEhVNc.exe
  C:\Windows\System\wFEhVNc.exe
  2⤵
  PID:4964
- C:\Windows\System\ipTcfcB.exe
  C:\Windows\System\ipTcfcB.exe
  2⤵
  PID:4984
- C:\Windows\System\OsjhShf.exe
  C:\Windows\System\OsjhShf.exe
  2⤵
  PID:5004
- C:\Windows\System\lAAJYkk.exe
  C:\Windows\System\lAAJYkk.exe
  2⤵
  PID:5024
- C:\Windows\System\fUYazyB.exe
  C:\Windows\System\fUYazyB.exe
  2⤵
  PID:5044
- C:\Windows\System\oTyGmjH.exe
  C:\Windows\System\oTyGmjH.exe
  2⤵
  PID:5064
- C:\Windows\System\SMaTIpY.exe
  C:\Windows\System\SMaTIpY.exe
  2⤵
  PID:5084
- C:\Windows\System\SplRltv.exe
  C:\Windows\System\SplRltv.exe
  2⤵
  PID:5104
- C:\Windows\System\nocZwXa.exe
  C:\Windows\System\nocZwXa.exe
  2⤵
  PID:3896
- C:\Windows\System\NdFnXEs.exe
  C:\Windows\System\NdFnXEs.exe
  2⤵
  PID:3996
- C:\Windows\System\DIKTJor.exe
  C:\Windows\System\DIKTJor.exe
  2⤵
  PID:2536
- C:\Windows\System\lYitHAj.exe
  C:\Windows\System\lYitHAj.exe
  2⤵
  PID:2632
- C:\Windows\System\WWNUfSp.exe
  C:\Windows\System\WWNUfSp.exe
  2⤵
  PID:628
- C:\Windows\System\wspCVZL.exe
  C:\Windows\System\wspCVZL.exe
  2⤵
  PID:2480
- C:\Windows\System\tbUZvkh.exe
  C:\Windows\System\tbUZvkh.exe
  2⤵
  PID:3160
- C:\Windows\System\jcNPGLA.exe
  C:\Windows\System\jcNPGLA.exe
  2⤵
  PID:3276
- C:\Windows\System\JKQFJrk.exe
  C:\Windows\System\JKQFJrk.exe
  2⤵
  PID:3412
- C:\Windows\System\ACuQVGZ.exe
  C:\Windows\System\ACuQVGZ.exe
  2⤵
  PID:3480
- C:\Windows\System\AhhTEtz.exe
  C:\Windows\System\AhhTEtz.exe
  2⤵
  PID:3672
- C:\Windows\System\GZYJPMl.exe
  C:\Windows\System\GZYJPMl.exe
  2⤵
  PID:4100
- C:\Windows\System\EAKyfsq.exe
  C:\Windows\System\EAKyfsq.exe
  2⤵
  PID:4140
- C:\Windows\System\RLnWDqE.exe
  C:\Windows\System\RLnWDqE.exe
  2⤵
  PID:4172
- C:\Windows\System\ccMVQiz.exe
  C:\Windows\System\ccMVQiz.exe
  2⤵
  PID:4196
- C:\Windows\System\IWevVbW.exe
  C:\Windows\System\IWevVbW.exe
  2⤵
  PID:4240
- C:\Windows\System\Ihfewzn.exe
  C:\Windows\System\Ihfewzn.exe
  2⤵
  PID:4252
- C:\Windows\System\yYCaMng.exe
  C:\Windows\System\yYCaMng.exe
  2⤵
  PID:4312
- C:\Windows\System\fWBFjFF.exe
  C:\Windows\System\fWBFjFF.exe
  2⤵
  PID:4292
- C:\Windows\System\jPoZAoV.exe
  C:\Windows\System\jPoZAoV.exe
  2⤵
  PID:4336
- C:\Windows\System\sIvCiEC.exe
  C:\Windows\System\sIvCiEC.exe
  2⤵
  PID:4396
- C:\Windows\System\FRMBeBH.exe
  C:\Windows\System\FRMBeBH.exe
  2⤵
  PID:4412
- C:\Windows\System\FpnNOEW.exe
  C:\Windows\System\FpnNOEW.exe
  2⤵
  PID:4468
- C:\Windows\System\JbgaQcH.exe
  C:\Windows\System\JbgaQcH.exe
  2⤵
  PID:4516
- C:\Windows\System\lJhaIkv.exe
  C:\Windows\System\lJhaIkv.exe
  2⤵
  PID:2012
- C:\Windows\System\ZeJcghw.exe
  C:\Windows\System\ZeJcghw.exe
  2⤵
  PID:4548
- C:\Windows\System\iYsssOo.exe
  C:\Windows\System\iYsssOo.exe
  2⤵
  PID:4536
- C:\Windows\System\TbJuvJk.exe
  C:\Windows\System\TbJuvJk.exe
  2⤵
  PID:4596
- C:\Windows\System\MdLrIcS.exe
  C:\Windows\System\MdLrIcS.exe
  2⤵
  PID:4620
- C:\Windows\System\unnZgtd.exe
  C:\Windows\System\unnZgtd.exe
  2⤵
  PID:4676
- C:\Windows\System\qBtbOpO.exe
  C:\Windows\System\qBtbOpO.exe
  2⤵
  PID:4656
- C:\Windows\System\krlvdKj.exe
  C:\Windows\System\krlvdKj.exe
  2⤵
  PID:4692
- C:\Windows\System\cdTLQrr.exe
  C:\Windows\System\cdTLQrr.exe
  2⤵
  PID:4752
- C:\Windows\System\vDeFQzj.exe
  C:\Windows\System\vDeFQzj.exe
  2⤵
  PID:4796
- C:\Windows\System\QbZKhyL.exe
  C:\Windows\System\QbZKhyL.exe
  2⤵
  PID:4840
- C:\Windows\System\RfRMfxE.exe
  C:\Windows\System\RfRMfxE.exe
  2⤵
  PID:4872
- C:\Windows\System\XZMsIxa.exe
  C:\Windows\System\XZMsIxa.exe
  2⤵
  PID:4856
- C:\Windows\System\gpyicMt.exe
  C:\Windows\System\gpyicMt.exe
  2⤵
  PID:4892
- C:\Windows\System\wIVtUQw.exe
  C:\Windows\System\wIVtUQw.exe
  2⤵
  PID:4932
- C:\Windows\System\uBhfUln.exe
  C:\Windows\System\uBhfUln.exe
  2⤵
  PID:4992
- C:\Windows\System\qQhoSFn.exe
  C:\Windows\System\qQhoSFn.exe
  2⤵
  PID:4980
- C:\Windows\System\UBpjdWk.exe
  C:\Windows\System\UBpjdWk.exe
  2⤵
  PID:5036
- C:\Windows\System\UeMtovl.exe
  C:\Windows\System\UeMtovl.exe
  2⤵
  PID:5080
- C:\Windows\System\riZDnaE.exe
  C:\Windows\System\riZDnaE.exe
  2⤵
  PID:5100
- C:\Windows\System\LQNeLKi.exe
  C:\Windows\System\LQNeLKi.exe
  2⤵
  PID:4060
- C:\Windows\System\LmRQXXW.exe
  C:\Windows\System\LmRQXXW.exe
  2⤵
  PID:1872
- C:\Windows\System\ikCDztv.exe
  C:\Windows\System\ikCDztv.exe
  2⤵
  PID:4080
- C:\Windows\System\HpUrDRE.exe
  C:\Windows\System\HpUrDRE.exe
  2⤵
  PID:3096
- C:\Windows\System\xltHvuf.exe
  C:\Windows\System\xltHvuf.exe
  2⤵
  PID:3232
- C:\Windows\System\QJdtkKB.exe
  C:\Windows\System\QJdtkKB.exe
  2⤵
  PID:3556
- C:\Windows\System\jpUXXpY.exe
  C:\Windows\System\jpUXXpY.exe
  2⤵
  PID:4120
- C:\Windows\System\wuBYfWf.exe
  C:\Windows\System\wuBYfWf.exe
  2⤵
  PID:3816
- C:\Windows\System\qapTeJn.exe
  C:\Windows\System\qapTeJn.exe
  2⤵
  PID:4200
- C:\Windows\System\uaiGfdK.exe
  C:\Windows\System\uaiGfdK.exe
  2⤵
  PID:4236
- C:\Windows\System\feOBnND.exe
  C:\Windows\System\feOBnND.exe
  2⤵
  PID:4276
- C:\Windows\System\QaeSnoP.exe
  C:\Windows\System\QaeSnoP.exe
  2⤵
  PID:4400
- C:\Windows\System\zOgEIKb.exe
  C:\Windows\System\zOgEIKb.exe
  2⤵
  PID:4436
- C:\Windows\System\AylRBJz.exe
  C:\Windows\System\AylRBJz.exe
  2⤵
  PID:2964
- C:\Windows\System\XZNBSif.exe
  C:\Windows\System\XZNBSif.exe
  2⤵
  PID:4480
- C:\Windows\System\aNIcCdZ.exe
  C:\Windows\System\aNIcCdZ.exe
  2⤵
  PID:4496
- C:\Windows\System\OaCCcrx.exe
  C:\Windows\System\OaCCcrx.exe
  2⤵
  PID:4588
- C:\Windows\System\JlLmnOR.exe
  C:\Windows\System\JlLmnOR.exe
  2⤵
  PID:1856
- C:\Windows\System\ODmyYXY.exe
  C:\Windows\System\ODmyYXY.exe
  2⤵
  PID:4672
- C:\Windows\System\dinwTQK.exe
  C:\Windows\System\dinwTQK.exe
  2⤵
  PID:4712
- C:\Windows\System\JYRMouO.exe
  C:\Windows\System\JYRMouO.exe
  2⤵
  PID:480
- C:\Windows\System\rEIJKPT.exe
  C:\Windows\System\rEIJKPT.exe
  2⤵
  PID:4800
- C:\Windows\System\VHDFYag.exe
  C:\Windows\System\VHDFYag.exe
  2⤵
  PID:4860
- C:\Windows\System\CTiHUPO.exe
  C:\Windows\System\CTiHUPO.exe
  2⤵
  PID:4920
- C:\Windows\System\gvHuJOz.exe
  C:\Windows\System\gvHuJOz.exe
  2⤵
  PID:2620
- C:\Windows\System\bkWpNmF.exe
  C:\Windows\System\bkWpNmF.exe
  2⤵
  PID:4936
- C:\Windows\System\IwyYcgu.exe
  C:\Windows\System\IwyYcgu.exe
  2⤵
  PID:936
- C:\Windows\System\Dqjmeiy.exe
  C:\Windows\System\Dqjmeiy.exe
  2⤵
  PID:1688
- C:\Windows\System\LyPOynk.exe
  C:\Windows\System\LyPOynk.exe
  2⤵
  PID:5092
- C:\Windows\System\nGWDbTc.exe
  C:\Windows\System\nGWDbTc.exe
  2⤵
  PID:3956
- C:\Windows\System\InfMhHl.exe
  C:\Windows\System\InfMhHl.exe
  2⤵
  PID:3100
- C:\Windows\System\HrKspKO.exe
  C:\Windows\System\HrKspKO.exe
  2⤵
  PID:3720
- C:\Windows\System\rkVIXzJ.exe
  C:\Windows\System\rkVIXzJ.exe
  2⤵
  PID:3740
- C:\Windows\System\FdboJEY.exe
  C:\Windows\System\FdboJEY.exe
  2⤵
  PID:4116
- C:\Windows\System\AXMTbvO.exe
  C:\Windows\System\AXMTbvO.exe
  2⤵
  PID:4296
- C:\Windows\System\qfepzON.exe
  C:\Windows\System\qfepzON.exe
  2⤵
  PID:4316
- C:\Windows\System\SNsMyGp.exe
  C:\Windows\System\SNsMyGp.exe
  2⤵
  PID:2160
- C:\Windows\System\zIzspfM.exe
  C:\Windows\System\zIzspfM.exe
  2⤵
  PID:2336
- C:\Windows\System\IlwTPET.exe
  C:\Windows\System\IlwTPET.exe
  2⤵
  PID:4532
- C:\Windows\System\gFIaAEz.exe
  C:\Windows\System\gFIaAEz.exe
  2⤵
  PID:4456
- C:\Windows\System\XdOfbXp.exe
  C:\Windows\System\XdOfbXp.exe
  2⤵
  PID:4680
- C:\Windows\System\ZIGjZCY.exe
  C:\Windows\System\ZIGjZCY.exe
  2⤵
  PID:4636
- C:\Windows\System\ElchIoF.exe
  C:\Windows\System\ElchIoF.exe
  2⤵
  PID:2004
- C:\Windows\System\GnXnDCI.exe
  C:\Windows\System\GnXnDCI.exe
  2⤵
  PID:4852
- C:\Windows\System\caeDdCT.exe
  C:\Windows\System\caeDdCT.exe
  2⤵
  PID:4912
- C:\Windows\System\PQdsAHl.exe
  C:\Windows\System\PQdsAHl.exe
  2⤵
  PID:4972
- C:\Windows\System\wZwAiYC.exe
  C:\Windows\System\wZwAiYC.exe
  2⤵
  PID:5116
- C:\Windows\System\PoqjLDG.exe
  C:\Windows\System\PoqjLDG.exe
  2⤵
  PID:3976
- C:\Windows\System\aSpktka.exe
  C:\Windows\System\aSpktka.exe
  2⤵
  PID:908
- C:\Windows\System\PVwzChJ.exe
  C:\Windows\System\PVwzChJ.exe
  2⤵
  PID:2248
- C:\Windows\System\MePWqOS.exe
  C:\Windows\System\MePWqOS.exe
  2⤵
  PID:2400
- C:\Windows\System\tqJxiDJ.exe
  C:\Windows\System\tqJxiDJ.exe
  2⤵
  PID:3032
- C:\Windows\System\hiXOChu.exe
  C:\Windows\System\hiXOChu.exe
  2⤵
  PID:4216
- C:\Windows\System\kJEhISW.exe
  C:\Windows\System\kJEhISW.exe
  2⤵
  PID:2748
- C:\Windows\System\OccFEsc.exe
  C:\Windows\System\OccFEsc.exe
  2⤵
  PID:2468
- C:\Windows\System\AbESvKr.exe
  C:\Windows\System\AbESvKr.exe
  2⤵
  PID:4632
- C:\Windows\System\SHmSQSz.exe
  C:\Windows\System\SHmSQSz.exe
  2⤵
  PID:4740
- C:\Windows\System\ZWqFkfS.exe
  C:\Windows\System\ZWqFkfS.exe
  2⤵
  PID:4952
- C:\Windows\System\wZzyWAH.exe
  C:\Windows\System\wZzyWAH.exe
  2⤵
  PID:3860
- C:\Windows\System\VKHPHAG.exe
  C:\Windows\System\VKHPHAG.exe
  2⤵
  PID:1140
- C:\Windows\System\tANbwJh.exe
  C:\Windows\System\tANbwJh.exe
  2⤵
  PID:4272
- C:\Windows\System\NeeaNId.exe
  C:\Windows\System\NeeaNId.exe
  2⤵
  PID:2764
- C:\Windows\System\ChMqjPS.exe
  C:\Windows\System\ChMqjPS.exe
  2⤵
  PID:4376
- C:\Windows\System\IUktuyK.exe
  C:\Windows\System\IUktuyK.exe
  2⤵
  PID:4592
- C:\Windows\System\pTLAOxV.exe
  C:\Windows\System\pTLAOxV.exe
  2⤵
  PID:5140
- C:\Windows\System\TXFkuew.exe
  C:\Windows\System\TXFkuew.exe
  2⤵
  PID:5160
- C:\Windows\System\gkRtRBy.exe
  C:\Windows\System\gkRtRBy.exe
  2⤵
  PID:5180
- C:\Windows\System\VjdIfei.exe
  C:\Windows\System\VjdIfei.exe
  2⤵
  PID:5200
- C:\Windows\System\BOBVFgI.exe
  C:\Windows\System\BOBVFgI.exe
  2⤵
  PID:5220
- C:\Windows\System\ATVtMSN.exe
  C:\Windows\System\ATVtMSN.exe
  2⤵
  PID:5240
- C:\Windows\System\zTjyHMj.exe
  C:\Windows\System\zTjyHMj.exe
  2⤵
  PID:5260
- C:\Windows\System\jzHmOkp.exe
  C:\Windows\System\jzHmOkp.exe
  2⤵
  PID:5280
- C:\Windows\System\HUSHpeM.exe
  C:\Windows\System\HUSHpeM.exe
  2⤵
  PID:5300
- C:\Windows\System\YTagFJa.exe
  C:\Windows\System\YTagFJa.exe
  2⤵
  PID:5320
- C:\Windows\System\imAYiRk.exe
  C:\Windows\System\imAYiRk.exe
  2⤵
  PID:5340
- C:\Windows\System\vZAcNSl.exe
  C:\Windows\System\vZAcNSl.exe
  2⤵
  PID:5360
- C:\Windows\System\WoFUWAp.exe
  C:\Windows\System\WoFUWAp.exe
  2⤵
  PID:5380
- C:\Windows\System\PoJwecH.exe
  C:\Windows\System\PoJwecH.exe
  2⤵
  PID:5400
- C:\Windows\System\BgbcVxQ.exe
  C:\Windows\System\BgbcVxQ.exe
  2⤵
  PID:5420
- C:\Windows\System\GhiLfPp.exe
  C:\Windows\System\GhiLfPp.exe
  2⤵
  PID:5440
- C:\Windows\System\HafYxbR.exe
  C:\Windows\System\HafYxbR.exe
  2⤵
  PID:5460
- C:\Windows\System\aHAeRfK.exe
  C:\Windows\System\aHAeRfK.exe
  2⤵
  PID:5480
- C:\Windows\System\SmzNbGg.exe
  C:\Windows\System\SmzNbGg.exe
  2⤵
  PID:5500
- C:\Windows\System\TWdylui.exe
  C:\Windows\System\TWdylui.exe
  2⤵
  PID:5524
- C:\Windows\System\DMvPqXE.exe
  C:\Windows\System\DMvPqXE.exe
  2⤵
  PID:5544
- C:\Windows\System\PJJfSay.exe
  C:\Windows\System\PJJfSay.exe
  2⤵
  PID:5564
- C:\Windows\System\qnuamED.exe
  C:\Windows\System\qnuamED.exe
  2⤵
  PID:5584
- C:\Windows\System\DZjyjTc.exe
  C:\Windows\System\DZjyjTc.exe
  2⤵
  PID:5604
- C:\Windows\System\AWvkGli.exe
  C:\Windows\System\AWvkGli.exe
  2⤵
  PID:5620
- C:\Windows\System\DbVYgka.exe
  C:\Windows\System\DbVYgka.exe
  2⤵
  PID:5640
- C:\Windows\System\vRAPndW.exe
  C:\Windows\System\vRAPndW.exe
  2⤵
  PID:5660
- C:\Windows\System\xpZHNNO.exe
  C:\Windows\System\xpZHNNO.exe
  2⤵
  PID:5684
- C:\Windows\System\WmLUtAk.exe
  C:\Windows\System\WmLUtAk.exe
  2⤵
  PID:5700
- C:\Windows\System\wHcpFaI.exe
  C:\Windows\System\wHcpFaI.exe
  2⤵
  PID:5720
- C:\Windows\System\mHMzfMo.exe
  C:\Windows\System\mHMzfMo.exe
  2⤵
  PID:5736
- C:\Windows\System\dJSkGii.exe
  C:\Windows\System\dJSkGii.exe
  2⤵
  PID:5752
- C:\Windows\System\NiLQiyl.exe
  C:\Windows\System\NiLQiyl.exe
  2⤵
  PID:5768
- C:\Windows\System\GpMqmUr.exe
  C:\Windows\System\GpMqmUr.exe
  2⤵
  PID:5784
- C:\Windows\System\EpBaUnU.exe
  C:\Windows\System\EpBaUnU.exe
  2⤵
  PID:5804
- C:\Windows\System\tqRlKEO.exe
  C:\Windows\System\tqRlKEO.exe
  2⤵
  PID:5820
- C:\Windows\System\dYHfDLX.exe
  C:\Windows\System\dYHfDLX.exe
  2⤵
  PID:5852
- C:\Windows\System\lNfZRvd.exe
  C:\Windows\System\lNfZRvd.exe
  2⤵
  PID:5876
- C:\Windows\System\fKyXffj.exe
  C:\Windows\System\fKyXffj.exe
  2⤵
  PID:5904
- C:\Windows\System\pzaUlAg.exe
  C:\Windows\System\pzaUlAg.exe
  2⤵
  PID:5924
- C:\Windows\System\RPAfMqg.exe
  C:\Windows\System\RPAfMqg.exe
  2⤵
  PID:5944
- C:\Windows\System\UTUJqtg.exe
  C:\Windows\System\UTUJqtg.exe
  2⤵
  PID:5960
- C:\Windows\System\mVyPxUv.exe
  C:\Windows\System\mVyPxUv.exe
  2⤵
  PID:5980
- C:\Windows\System\kBtKVYH.exe
  C:\Windows\System\kBtKVYH.exe
  2⤵
  PID:6000
- C:\Windows\System\LrXVnNv.exe
  C:\Windows\System\LrXVnNv.exe
  2⤵
  PID:6020
- C:\Windows\System\grDiwVQ.exe
  C:\Windows\System\grDiwVQ.exe
  2⤵
  PID:6044
- C:\Windows\System\PQSyzyC.exe
  C:\Windows\System\PQSyzyC.exe
  2⤵
  PID:6060
- C:\Windows\System\foNxxSk.exe
  C:\Windows\System\foNxxSk.exe
  2⤵
  PID:6076
- C:\Windows\System\mQOYuvT.exe
  C:\Windows\System\mQOYuvT.exe
  2⤵
  PID:6092
- C:\Windows\System\gffeeDM.exe
  C:\Windows\System\gffeeDM.exe
  2⤵
  PID:6112
- C:\Windows\System\SyPpPrN.exe
  C:\Windows\System\SyPpPrN.exe
  2⤵
  PID:6128
- C:\Windows\System\AecKKLH.exe
  C:\Windows\System\AecKKLH.exe
  2⤵
  PID:816
- C:\Windows\System\lgvyfYI.exe
  C:\Windows\System\lgvyfYI.exe
  2⤵
  PID:4720
- C:\Windows\System\TZgHYVG.exe
  C:\Windows\System\TZgHYVG.exe
  2⤵
  PID:4996
- C:\Windows\System\ykPPfqo.exe
  C:\Windows\System\ykPPfqo.exe
  2⤵
  PID:5072
- C:\Windows\System\TfjVtqd.exe
  C:\Windows\System\TfjVtqd.exe
  2⤵
  PID:4360
- C:\Windows\System\brFTvzF.exe
  C:\Windows\System\brFTvzF.exe
  2⤵
  PID:4156
- C:\Windows\System\PrXEdEP.exe
  C:\Windows\System\PrXEdEP.exe
  2⤵
  PID:3016
- C:\Windows\System\vdCviSt.exe
  C:\Windows\System\vdCviSt.exe
  2⤵
  PID:5156
- C:\Windows\System\WosKzWS.exe
  C:\Windows\System\WosKzWS.exe
  2⤵
  PID:5208
- C:\Windows\System\vUGjgQa.exe
  C:\Windows\System\vUGjgQa.exe
  2⤵
  PID:5192
- C:\Windows\System\rxmflGk.exe
  C:\Windows\System\rxmflGk.exe
  2⤵
  PID:5248
- C:\Windows\System\pZSJXvg.exe
  C:\Windows\System\pZSJXvg.exe
  2⤵
  PID:1984
- C:\Windows\System\xREyweI.exe
  C:\Windows\System\xREyweI.exe
  2⤵
  PID:5272
- C:\Windows\System\iMdyyDm.exe
  C:\Windows\System\iMdyyDm.exe
  2⤵
  PID:5328
- C:\Windows\System\gUjQEHp.exe
  C:\Windows\System\gUjQEHp.exe
  2⤵
  PID:5356
- C:\Windows\System\mNtUFjQ.exe
  C:\Windows\System\mNtUFjQ.exe
  2⤵
  PID:5372
- C:\Windows\System\KTCAzWt.exe
  C:\Windows\System\KTCAzWt.exe
  2⤵
  PID:5408
- C:\Windows\System\RvSgcEB.exe
  C:\Windows\System\RvSgcEB.exe
  2⤵
  PID:5436
- C:\Windows\System\mfRDlNT.exe
  C:\Windows\System\mfRDlNT.exe
  2⤵
  PID:5452
- C:\Windows\System\ZjAnjHc.exe
  C:\Windows\System\ZjAnjHc.exe
  2⤵
  PID:2688
- C:\Windows\System\uHDMqQN.exe
  C:\Windows\System\uHDMqQN.exe
  2⤵
  PID:592
- C:\Windows\System\FSKrArS.exe
  C:\Windows\System\FSKrArS.exe
  2⤵
  PID:1860
- C:\Windows\System\BcvWlmG.exe
  C:\Windows\System\BcvWlmG.exe
  2⤵
  PID:5576
- C:\Windows\System\UtinULU.exe
  C:\Windows\System\UtinULU.exe
  2⤵
  PID:5596
- C:\Windows\System\pCaAYEI.exe
  C:\Windows\System\pCaAYEI.exe
  2⤵
  PID:5600
- C:\Windows\System\iAbUpgO.exe
  C:\Windows\System\iAbUpgO.exe
  2⤵
  PID:5636
- C:\Windows\System\pcVGowA.exe
  C:\Windows\System\pcVGowA.exe
  2⤵
  PID:5680
- C:\Windows\System\GcvxBZv.exe
  C:\Windows\System\GcvxBZv.exe
  2⤵
  PID:1652
- C:\Windows\System\iFOTvfE.exe
  C:\Windows\System\iFOTvfE.exe
  2⤵
  PID:5732
- C:\Windows\System\ajopeyb.exe
  C:\Windows\System\ajopeyb.exe
  2⤵
  PID:5792
- C:\Windows\System\QtTDLlj.exe
  C:\Windows\System\QtTDLlj.exe
  2⤵
  PID:5716
- C:\Windows\System\mYlVDKD.exe
  C:\Windows\System\mYlVDKD.exe
  2⤵
  PID:5836
- C:\Windows\System\gfhOcRj.exe
  C:\Windows\System\gfhOcRj.exe
  2⤵
  PID:5884
- C:\Windows\System\ubTTaVS.exe
  C:\Windows\System\ubTTaVS.exe
  2⤵
  PID:5868
- C:\Windows\System\lTeqSoz.exe
  C:\Windows\System\lTeqSoz.exe
  2⤵
  PID:5872
- C:\Windows\System\tRElVuX.exe
  C:\Windows\System\tRElVuX.exe
  2⤵
  PID:5896
- C:\Windows\System\crBtUdV.exe
  C:\Windows\System\crBtUdV.exe
  2⤵
  PID:5932
- C:\Windows\System\CmPXfEr.exe
  C:\Windows\System\CmPXfEr.exe
  2⤵
  PID:5920
- C:\Windows\System\KigXQAy.exe
  C:\Windows\System\KigXQAy.exe
  2⤵
  PID:5972
- C:\Windows\System\LJEnoEa.exe
  C:\Windows\System\LJEnoEa.exe
  2⤵
  PID:5952
- C:\Windows\System\BCRnVTa.exe
  C:\Windows\System\BCRnVTa.exe
  2⤵
  PID:6016
- C:\Windows\System\UugGGIr.exe
  C:\Windows\System\UugGGIr.exe
  2⤵
  PID:6040
- C:\Windows\System\MmyVDSp.exe
  C:\Windows\System\MmyVDSp.exe
  2⤵
  PID:6088
- C:\Windows\System\SYQSgeJ.exe
  C:\Windows\System\SYQSgeJ.exe
  2⤵
  PID:2132
- C:\Windows\System\KWiEQrJ.exe
  C:\Windows\System\KWiEQrJ.exe
  2⤵
  PID:4916
- C:\Windows\System\UGlrOkP.exe
  C:\Windows\System\UGlrOkP.exe
  2⤵
  PID:4380
- C:\Windows\System\Cqqdoqd.exe
  C:\Windows\System\Cqqdoqd.exe
  2⤵
  PID:5196
- C:\Windows\System\cnItksW.exe
  C:\Windows\System\cnItksW.exe
  2⤵
  PID:6072
- C:\Windows\System\reDIguv.exe
  C:\Windows\System\reDIguv.exe
  2⤵
  PID:6136
- C:\Windows\System\PnvONuL.exe
  C:\Windows\System\PnvONuL.exe
  2⤵
  PID:4976
- C:\Windows\System\SDPBamX.exe
  C:\Windows\System\SDPBamX.exe
  2⤵
  PID:5316
- C:\Windows\System\YoMOfSI.exe
  C:\Windows\System\YoMOfSI.exe
  2⤵
  PID:5492
- C:\Windows\System\uVcuBXc.exe
  C:\Windows\System\uVcuBXc.exe
  2⤵
  PID:5512
- C:\Windows\System\wHKqRpN.exe
  C:\Windows\System\wHKqRpN.exe
  2⤵
  PID:1892
- C:\Windows\System\ASokFlX.exe
  C:\Windows\System\ASokFlX.exe
  2⤵
  PID:3020
- C:\Windows\System\AogFkTc.exe
  C:\Windows\System\AogFkTc.exe
  2⤵
  PID:5172
- C:\Windows\System\xgfHQtb.exe
  C:\Windows\System\xgfHQtb.exe
  2⤵
  PID:5296
- C:\Windows\System\eUGcgGR.exe
  C:\Windows\System\eUGcgGR.exe
  2⤵
  PID:2720
- C:\Windows\System\zXcjcWz.exe
  C:\Windows\System\zXcjcWz.exe
  2⤵
  PID:376
- C:\Windows\System\txgHNjT.exe
  C:\Windows\System\txgHNjT.exe
  2⤵
  PID:5656
- C:\Windows\System\ccpzVPh.exe
  C:\Windows\System\ccpzVPh.exe
  2⤵
  PID:1668
- C:\Windows\System\EcqzjTe.exe
  C:\Windows\System\EcqzjTe.exe
  2⤵
  PID:3064
- C:\Windows\System\RsCRYyu.exe
  C:\Windows\System\RsCRYyu.exe
  2⤵
  PID:2364
- C:\Windows\System\ICcGPnY.exe
  C:\Windows\System\ICcGPnY.exe
  2⤵
  PID:2128
- C:\Windows\System\toZGybT.exe
  C:\Windows\System\toZGybT.exe
  2⤵
  PID:2600
- C:\Windows\System\iUeDvNt.exe
  C:\Windows\System\iUeDvNt.exe
  2⤵
  PID:5988
- C:\Windows\System\VqVYrfw.exe
  C:\Windows\System\VqVYrfw.exe
  2⤵
  PID:2204
- C:\Windows\System\vsNoSgI.exe
  C:\Windows\System\vsNoSgI.exe
  2⤵
  PID:2348
- C:\Windows\System\WjMZuqa.exe
  C:\Windows\System\WjMZuqa.exe
  2⤵
  PID:5800
- C:\Windows\System\KkiayLM.exe
  C:\Windows\System\KkiayLM.exe
  2⤵
  PID:5368
- C:\Windows\System\dUcQhXD.exe
  C:\Windows\System\dUcQhXD.exe
  2⤵
  PID:5848
- C:\Windows\System\WJuBYqu.exe
  C:\Windows\System\WJuBYqu.exe
  2⤵
  PID:5832
- C:\Windows\System\KQIvnQT.exe
  C:\Windows\System\KQIvnQT.exe
  2⤵
  PID:2356
- C:\Windows\System\JgogqsG.exe
  C:\Windows\System\JgogqsG.exe
  2⤵
  PID:6012
- C:\Windows\System\HdxrprQ.exe
  C:\Windows\System\HdxrprQ.exe
  2⤵
  PID:5888
- C:\Windows\System\mMMWrmz.exe
  C:\Windows\System\mMMWrmz.exe
  2⤵
  PID:6108
- C:\Windows\System\jKlhYJI.exe
  C:\Windows\System\jKlhYJI.exe
  2⤵
  PID:4084
- C:\Windows\System\kHOKvKM.exe
  C:\Windows\System\kHOKvKM.exe
  2⤵
  PID:5392
- C:\Windows\System\ocOVDpZ.exe
  C:\Windows\System\ocOVDpZ.exe
  2⤵
  PID:5536
- C:\Windows\System\QwWsbTJ.exe
  C:\Windows\System\QwWsbTJ.exe
  2⤵
  PID:5652
- C:\Windows\System\dIRmkGd.exe
  C:\Windows\System\dIRmkGd.exe
  2⤵
  PID:5516
- C:\Windows\System\WgwYOtl.exe
  C:\Windows\System\WgwYOtl.exe
  2⤵
  PID:2992
- C:\Windows\System\ehYouUm.exe
  C:\Windows\System\ehYouUm.exe
  2⤵
  PID:5288
- C:\Windows\System\VwxPDNd.exe
  C:\Windows\System\VwxPDNd.exe
  2⤵
  PID:3832
- C:\Windows\System\ZCYHlZV.exe
  C:\Windows\System\ZCYHlZV.exe
  2⤵
  PID:2388
- C:\Windows\System\GXBYEkd.exe
  C:\Windows\System\GXBYEkd.exe
  2⤵
  PID:1768
- C:\Windows\System\vYpBgZQ.exe
  C:\Windows\System\vYpBgZQ.exe
  2⤵
  PID:2904
- C:\Windows\System\LcdLkSu.exe
  C:\Windows\System\LcdLkSu.exe
  2⤵
  PID:3372
- C:\Windows\System\ZYXvbVM.exe
  C:\Windows\System\ZYXvbVM.exe
  2⤵
  PID:6152
- C:\Windows\System\ZJmlLhu.exe
  C:\Windows\System\ZJmlLhu.exe
  2⤵
  PID:6168
- C:\Windows\System\BpoqHvq.exe
  C:\Windows\System\BpoqHvq.exe
  2⤵
  PID:6184
- C:\Windows\System\dheWxgm.exe
  C:\Windows\System\dheWxgm.exe
  2⤵
  PID:6200
- C:\Windows\System\rNOwYtq.exe
  C:\Windows\System\rNOwYtq.exe
  2⤵
  PID:6280
- C:\Windows\System\rqDdztu.exe
  C:\Windows\System\rqDdztu.exe
  2⤵
  PID:6300
- C:\Windows\System\hyvgedP.exe
  C:\Windows\System\hyvgedP.exe
  2⤵
  PID:6328
- C:\Windows\System\HRIyeRs.exe
  C:\Windows\System\HRIyeRs.exe
  2⤵
  PID:6352
- C:\Windows\System\euJxWWN.exe
  C:\Windows\System\euJxWWN.exe
  2⤵
  PID:6368
- C:\Windows\System\ZtLwMhz.exe
  C:\Windows\System\ZtLwMhz.exe
  2⤵
  PID:6408
- C:\Windows\System\CzFtZGl.exe
  C:\Windows\System\CzFtZGl.exe
  2⤵
  PID:6448
- C:\Windows\System\aFGnonv.exe
  C:\Windows\System\aFGnonv.exe
  2⤵
  PID:6464
- C:\Windows\System\mgUBTli.exe
  C:\Windows\System\mgUBTli.exe
  2⤵
  PID:6480
- C:\Windows\System\uENegKE.exe
  C:\Windows\System\uENegKE.exe
  2⤵
  PID:6500
- C:\Windows\System\aMgwXlR.exe
  C:\Windows\System\aMgwXlR.exe
  2⤵
  PID:6528
- C:\Windows\System\aNQjblo.exe
  C:\Windows\System\aNQjblo.exe
  2⤵
  PID:6548
- C:\Windows\System\bVluhVY.exe
  C:\Windows\System\bVluhVY.exe
  2⤵
  PID:6564
- C:\Windows\System\GhDBRpw.exe
  C:\Windows\System\GhDBRpw.exe
  2⤵
  PID:6580
- C:\Windows\System\pnnspJf.exe
  C:\Windows\System\pnnspJf.exe
  2⤵
  PID:6596
- C:\Windows\System\NUHTWPr.exe
  C:\Windows\System\NUHTWPr.exe
  2⤵
  PID:6612
- C:\Windows\System\cCwFNSP.exe
  C:\Windows\System\cCwFNSP.exe
  2⤵
  PID:6628
- C:\Windows\System\KHVoTDN.exe
  C:\Windows\System\KHVoTDN.exe
  2⤵
  PID:6664
- C:\Windows\System\iGZJZxD.exe
  C:\Windows\System\iGZJZxD.exe
  2⤵
  PID:6680
- C:\Windows\System\MRoYVem.exe
  C:\Windows\System\MRoYVem.exe
  2⤵
  PID:6696
- C:\Windows\System\TEoGXke.exe
  C:\Windows\System\TEoGXke.exe
  2⤵
  PID:6716
- C:\Windows\System\aGPquKb.exe
  C:\Windows\System\aGPquKb.exe
  2⤵
  PID:6732
- C:\Windows\System\tkRfjVW.exe
  C:\Windows\System\tkRfjVW.exe
  2⤵
  PID:6748
- C:\Windows\System\oQAzvIm.exe
  C:\Windows\System\oQAzvIm.exe
  2⤵
  PID:6764
- C:\Windows\System\zCjyjTI.exe
  C:\Windows\System\zCjyjTI.exe
  2⤵
  PID:6780
- C:\Windows\System\WoybbvT.exe
  C:\Windows\System\WoybbvT.exe
  2⤵
  PID:6800
- C:\Windows\System\IYAzOzl.exe
  C:\Windows\System\IYAzOzl.exe
  2⤵
  PID:6816
- C:\Windows\System\TDAvMLd.exe
  C:\Windows\System\TDAvMLd.exe
  2⤵
  PID:6832
- C:\Windows\System\ctbHjGo.exe
  C:\Windows\System\ctbHjGo.exe
  2⤵
  PID:6848
- C:\Windows\System\yoeLuoj.exe
  C:\Windows\System\yoeLuoj.exe
  2⤵
  PID:6864
- C:\Windows\System\oqdDQjw.exe
  C:\Windows\System\oqdDQjw.exe
  2⤵
  PID:6880
- C:\Windows\System\hAFmngJ.exe
  C:\Windows\System\hAFmngJ.exe
  2⤵
  PID:6896
- C:\Windows\System\UYBCTyZ.exe
  C:\Windows\System\UYBCTyZ.exe
  2⤵
  PID:6912
- C:\Windows\System\JiBYsyx.exe
  C:\Windows\System\JiBYsyx.exe
  2⤵
  PID:6928
- C:\Windows\System\HxLoYug.exe
  C:\Windows\System\HxLoYug.exe
  2⤵
  PID:6948
- C:\Windows\System\CGCCtot.exe
  C:\Windows\System\CGCCtot.exe
  2⤵
  PID:6964
- C:\Windows\System\dgHcnPc.exe
  C:\Windows\System\dgHcnPc.exe
  2⤵
  PID:6984
- C:\Windows\System\aNNwwgq.exe
  C:\Windows\System\aNNwwgq.exe
  2⤵
  PID:7000
- C:\Windows\System\pMgYDoa.exe
  C:\Windows\System\pMgYDoa.exe
  2⤵
  PID:7016
- C:\Windows\System\YXGjJhN.exe
  C:\Windows\System\YXGjJhN.exe
  2⤵
  PID:7032
- C:\Windows\System\Giqakly.exe
  C:\Windows\System\Giqakly.exe
  2⤵
  PID:7052
- C:\Windows\System\fLafqUU.exe
  C:\Windows\System\fLafqUU.exe
  2⤵
  PID:7092
- C:\Windows\System\KYndnPq.exe
  C:\Windows\System\KYndnPq.exe
  2⤵
  PID:7112
- C:\Windows\System\mpbcBcy.exe
  C:\Windows\System\mpbcBcy.exe
  2⤵
  PID:7132
- C:\Windows\System\DFnXPWl.exe
  C:\Windows\System\DFnXPWl.exe
  2⤵
  PID:7156
- C:\Windows\System\rDXaLqN.exe
  C:\Windows\System\rDXaLqN.exe
  2⤵
  PID:6056
- C:\Windows\System\aSjBNoA.exe
  C:\Windows\System\aSjBNoA.exe
  2⤵
  PID:5560
- C:\Windows\System\GsdmvVX.exe
  C:\Windows\System\GsdmvVX.exe
  2⤵
  PID:2780
- C:\Windows\System\NDLUlIg.exe
  C:\Windows\System\NDLUlIg.exe
  2⤵
  PID:6192
- C:\Windows\System\lnmhLDW.exe
  C:\Windows\System\lnmhLDW.exe
  2⤵
  PID:6212
- C:\Windows\System\dIyrtVY.exe
  C:\Windows\System\dIyrtVY.exe
  2⤵
  PID:6180
- C:\Windows\System\vIMAkZF.exe
  C:\Windows\System\vIMAkZF.exe
  2⤵
  PID:3108
- C:\Windows\System\GfwHtZi.exe
  C:\Windows\System\GfwHtZi.exe
  2⤵
  PID:5456
- C:\Windows\System\XFAkuQo.exe
  C:\Windows\System\XFAkuQo.exe
  2⤵
  PID:5148
- C:\Windows\System\wkCzPfd.exe
  C:\Windows\System\wkCzPfd.exe
  2⤵
  PID:5712
- C:\Windows\System\cPtKTPk.exe
  C:\Windows\System\cPtKTPk.exe
  2⤵
  PID:2368
- C:\Windows\System\FNifKEI.exe
  C:\Windows\System\FNifKEI.exe
  2⤵
  PID:6344
- C:\Windows\System\NFHRTAd.exe
  C:\Windows\System\NFHRTAd.exe
  2⤵
  PID:6220
- C:\Windows\System\JQApYie.exe
  C:\Windows\System\JQApYie.exe
  2⤵
  PID:6240
- C:\Windows\System\JbycOTQ.exe
  C:\Windows\System\JbycOTQ.exe
  2⤵
  PID:6256
- C:\Windows\System\GUzpyNK.exe
  C:\Windows\System\GUzpyNK.exe
  2⤵
  PID:6276
- C:\Windows\System\shfjzZd.exe
  C:\Windows\System\shfjzZd.exe
  2⤵
  PID:6324
- C:\Windows\System\rAixJOR.exe
  C:\Windows\System\rAixJOR.exe
  2⤵
  PID:6396
- C:\Windows\System\uVZVVze.exe
  C:\Windows\System\uVZVVze.exe
  2⤵
  PID:6420
- C:\Windows\System\cEzxnUY.exe
  C:\Windows\System\cEzxnUY.exe
  2⤵
  PID:6436
- C:\Windows\System\WHqjcMn.exe
  C:\Windows\System\WHqjcMn.exe
  2⤵
  PID:6492
- C:\Windows\System\jbcSfel.exe
  C:\Windows\System\jbcSfel.exe
  2⤵
  PID:6476
- C:\Windows\System\fHNvfsF.exe
  C:\Windows\System\fHNvfsF.exe
  2⤵
  PID:6540
- C:\Windows\System\GuTfBco.exe
  C:\Windows\System\GuTfBco.exe
  2⤵
  PID:6556
- C:\Windows\System\rDVVZum.exe
  C:\Windows\System\rDVVZum.exe
  2⤵
  PID:6608
- C:\Windows\System\xVwORfM.exe
  C:\Windows\System\xVwORfM.exe
  2⤵
  PID:6588
- C:\Windows\System\NmHfAot.exe
  C:\Windows\System\NmHfAot.exe
  2⤵
  PID:6656
- C:\Windows\System\LhEWcCl.exe
  C:\Windows\System\LhEWcCl.exe
  2⤵
  PID:6692
- C:\Windows\System\tIDrSEP.exe
  C:\Windows\System\tIDrSEP.exe
  2⤵
  PID:6856
- C:\Windows\System\OeiMYQo.exe
  C:\Windows\System\OeiMYQo.exe
  2⤵
  PID:6920
- C:\Windows\System\iJScJbe.exe
  C:\Windows\System\iJScJbe.exe
  2⤵
  PID:7060
- C:\Windows\System\stILdbX.exe
  C:\Windows\System\stILdbX.exe
  2⤵
  PID:7028
- C:\Windows\System\Fsfdnvd.exe
  C:\Windows\System\Fsfdnvd.exe
  2⤵
  PID:7080
- C:\Windows\System\NiLCzoz.exe
  C:\Windows\System\NiLCzoz.exe
  2⤵
  PID:7128
- C:\Windows\System\pMFWYfh.exe
  C:\Windows\System\pMFWYfh.exe
  2⤵
  PID:6744
- C:\Windows\System\pfKncvQ.exe
  C:\Windows\System\pfKncvQ.exe
  2⤵
  PID:7140
- C:\Windows\System\OuwQPAY.exe
  C:\Windows\System\OuwQPAY.exe
  2⤵
  PID:7044
- C:\Windows\System\HOaZsmH.exe
  C:\Windows\System\HOaZsmH.exe
  2⤵
  PID:6908
- C:\Windows\System\kaAFMiK.exe
  C:\Windows\System\kaAFMiK.exe
  2⤵
  PID:6776
- C:\Windows\System\ZgVyatl.exe
  C:\Windows\System\ZgVyatl.exe
  2⤵
  PID:6976
- C:\Windows\System\dgZmtUd.exe
  C:\Windows\System\dgZmtUd.exe
  2⤵
  PID:6812
- C:\Windows\System\KGDMcHr.exe
  C:\Windows\System\KGDMcHr.exe
  2⤵
  PID:1092
- C:\Windows\System\ymXLfOZ.exe
  C:\Windows\System\ymXLfOZ.exe
  2⤵
  PID:5812
- C:\Windows\System\ZjUGTdi.exe
  C:\Windows\System\ZjUGTdi.exe
  2⤵
  PID:5916
- C:\Windows\System\qnyGIdC.exe
  C:\Windows\System\qnyGIdC.exe
  2⤵
  PID:6148
- C:\Windows\System\XqWLZWC.exe
  C:\Windows\System\XqWLZWC.exe
  2⤵
  PID:5060
- C:\Windows\System\SRJqXBU.exe
  C:\Windows\System\SRJqXBU.exe
  2⤵
  PID:6124
- C:\Windows\System\RcLeyKK.exe
  C:\Windows\System\RcLeyKK.exe
  2⤵
  PID:6384
- C:\Windows\System\dISvzYY.exe
  C:\Windows\System\dISvzYY.exe
  2⤵
  PID:5476
- C:\Windows\System\XudZsAC.exe
  C:\Windows\System\XudZsAC.exe
  2⤵
  PID:5396
- C:\Windows\System\XQlQpkA.exe
  C:\Windows\System\XQlQpkA.exe
  2⤵
  PID:6320
- C:\Windows\System\VrrSIiY.exe
  C:\Windows\System\VrrSIiY.exe
  2⤵
  PID:6796
- C:\Windows\System\HRLUWoG.exe
  C:\Windows\System\HRLUWoG.exe
  2⤵
  PID:6544
- C:\Windows\System\oyAdmtY.exe
  C:\Windows\System\oyAdmtY.exe
  2⤵
  PID:6888
- C:\Windows\System\xlVUZyK.exe
  C:\Windows\System\xlVUZyK.exe
  2⤵
  PID:6624
- C:\Windows\System\GhjdAiG.exe
  C:\Windows\System\GhjdAiG.exe
  2⤵
  PID:7008
- C:\Windows\System\zhFVXMt.exe
  C:\Windows\System\zhFVXMt.exe
  2⤵
  PID:6704
- C:\Windows\System\WZKbTqy.exe
  C:\Windows\System\WZKbTqy.exe
  2⤵
  PID:5268
- C:\Windows\System\CnbckRQ.exe
  C:\Windows\System\CnbckRQ.exe
  2⤵
  PID:6940
- C:\Windows\System\dBIzkJl.exe
  C:\Windows\System\dBIzkJl.exe
  2⤵
  PID:5708
- C:\Windows\System\jHBMFXx.exe
  C:\Windows\System\jHBMFXx.exe
  2⤵
  PID:5692
- C:\Windows\System\csAirNs.exe
  C:\Windows\System\csAirNs.exe
  2⤵
  PID:2924
- C:\Windows\System\OstPXHR.exe
  C:\Windows\System\OstPXHR.exe
  2⤵
  PID:1800
- C:\Windows\System\OIeaHst.exe
  C:\Windows\System\OIeaHst.exe
  2⤵
  PID:5648
- C:\Windows\System\qiTgVJk.exe
  C:\Windows\System\qiTgVJk.exe
  2⤵
  PID:6228
- C:\Windows\System\baFCuIy.exe
  C:\Windows\System\baFCuIy.exe
  2⤵
  PID:6272
- C:\Windows\System\gNtdTfV.exe
  C:\Windows\System\gNtdTfV.exe
  2⤵
  PID:6428
- C:\Windows\System\STaEdyv.exe
  C:\Windows\System\STaEdyv.exe
  2⤵
  PID:5912
- C:\Windows\System\IxFqTxb.exe
  C:\Windows\System\IxFqTxb.exe
  2⤵
  PID:1736
- C:\Windows\System\tvnalry.exe
  C:\Windows\System\tvnalry.exe
  2⤵
  PID:7068
- C:\Windows\System\dTsomUN.exe
  C:\Windows\System\dTsomUN.exe
  2⤵
  PID:6980
- C:\Windows\System\wDKvBck.exe
  C:\Windows\System\wDKvBck.exe
  2⤵
  PID:7108
- C:\Windows\System\ANgFgxO.exe
  C:\Windows\System\ANgFgxO.exe
  2⤵
  PID:2432
- C:\Windows\System\gdTloZC.exe
  C:\Windows\System\gdTloZC.exe
  2⤵
  PID:6208
- C:\Windows\System\tIUgbtb.exe
  C:\Windows\System\tIUgbtb.exe
  2⤵
  PID:7148
- C:\Windows\System\QMBDdFe.exe
  C:\Windows\System\QMBDdFe.exe
  2⤵
  PID:2740
- C:\Windows\System\edwMXfb.exe
  C:\Windows\System\edwMXfb.exe
  2⤵
  PID:2440
- C:\Windows\System\XwNKCAz.exe
  C:\Windows\System\XwNKCAz.exe
  2⤵
  PID:832
- C:\Windows\System\gtnmaFB.exe
  C:\Windows\System\gtnmaFB.exe
  2⤵
  PID:5976
- C:\Windows\System\OtKNZCI.exe
  C:\Windows\System\OtKNZCI.exe
  2⤵
  PID:2216
- C:\Windows\System\YJgRsZn.exe
  C:\Windows\System\YJgRsZn.exe
  2⤵
  PID:6828
- C:\Windows\System\cNMHnQG.exe
  C:\Windows\System\cNMHnQG.exe
  2⤵
  PID:6944
- C:\Windows\System\dmKupZo.exe
  C:\Windows\System\dmKupZo.exe
  2⤵
  PID:1944
- C:\Windows\System\JrWHRJt.exe
  C:\Windows\System\JrWHRJt.exe
  2⤵
  PID:2244
- C:\Windows\System\YREIZKA.exe
  C:\Windows\System\YREIZKA.exe
  2⤵
  PID:6296
- C:\Windows\System\UfjNOeH.exe
  C:\Windows\System\UfjNOeH.exe
  2⤵
  PID:6644
- C:\Windows\System\XoqJSOa.exe
  C:\Windows\System\XoqJSOa.exe
  2⤵
  PID:6392
- C:\Windows\System\FEVnoNx.exe
  C:\Windows\System\FEVnoNx.exe
  2⤵
  PID:6380
- C:\Windows\System\KVQnPid.exe
  C:\Windows\System\KVQnPid.exe
  2⤵
  PID:6560
- C:\Windows\System\NweeqwQ.exe
  C:\Windows\System\NweeqwQ.exe
  2⤵
  PID:7104
- C:\Windows\System\aZjqzho.exe
  C:\Windows\System\aZjqzho.exe
  2⤵
  PID:1040
- C:\Windows\System\VCaHwlc.exe
  C:\Windows\System\VCaHwlc.exe
  2⤵
  PID:2232
- C:\Windows\System\hxcCXKu.exe
  C:\Windows\System\hxcCXKu.exe
  2⤵
  PID:1640
- C:\Windows\System\qktOLFu.exe
  C:\Windows\System\qktOLFu.exe
  2⤵
  PID:7184
- C:\Windows\System\uUxmUvT.exe
  C:\Windows\System\uUxmUvT.exe
  2⤵
  PID:7200
- C:\Windows\System\CDhzxsb.exe
  C:\Windows\System\CDhzxsb.exe
  2⤵
  PID:7216
- C:\Windows\System\rLXRaDd.exe
  C:\Windows\System\rLXRaDd.exe
  2⤵
  PID:7240
- C:\Windows\System\TySWhqj.exe
  C:\Windows\System\TySWhqj.exe
  2⤵
  PID:7264
- C:\Windows\System\sbXgSbZ.exe
  C:\Windows\System\sbXgSbZ.exe
  2⤵
  PID:7280
- C:\Windows\System\fXqBlBU.exe
  C:\Windows\System\fXqBlBU.exe
  2⤵
  PID:7304
- C:\Windows\System\MTrrXtl.exe
  C:\Windows\System\MTrrXtl.exe
  2⤵
  PID:7328
- C:\Windows\System\AZzSppH.exe
  C:\Windows\System\AZzSppH.exe
  2⤵
  PID:7356
- C:\Windows\System\driWOIx.exe
  C:\Windows\System\driWOIx.exe
  2⤵
  PID:7372
- C:\Windows\System\BpYRoCO.exe
  C:\Windows\System\BpYRoCO.exe
  2⤵
  PID:7388
- C:\Windows\System\ESYEKgv.exe
  C:\Windows\System\ESYEKgv.exe
  2⤵
  PID:7408
- C:\Windows\System\OVbDFhE.exe
  C:\Windows\System\OVbDFhE.exe
  2⤵
  PID:7428
- C:\Windows\System\xNqGvrG.exe
  C:\Windows\System\xNqGvrG.exe
  2⤵
  PID:7444
- C:\Windows\System\ywmClQs.exe
  C:\Windows\System\ywmClQs.exe
  2⤵
  PID:7460
- C:\Windows\System\EDBdaLy.exe
  C:\Windows\System\EDBdaLy.exe
  2⤵
  PID:7476
- C:\Windows\System\THNAnPj.exe
  C:\Windows\System\THNAnPj.exe
  2⤵
  PID:7496
- C:\Windows\System\sLsSEIb.exe
  C:\Windows\System\sLsSEIb.exe
  2⤵
  PID:7512
- C:\Windows\System\ssFwhfx.exe
  C:\Windows\System\ssFwhfx.exe
  2⤵
  PID:7536
- C:\Windows\System\dDQIaxT.exe
  C:\Windows\System\dDQIaxT.exe
  2⤵
  PID:7552
- C:\Windows\System\RzsSVsN.exe
  C:\Windows\System\RzsSVsN.exe
  2⤵
  PID:7584
- C:\Windows\System\wawhzgY.exe
  C:\Windows\System\wawhzgY.exe
  2⤵
  PID:7600
- C:\Windows\System\eqieKnq.exe
  C:\Windows\System\eqieKnq.exe
  2⤵
  PID:7616
- C:\Windows\System\AOkurSo.exe
  C:\Windows\System\AOkurSo.exe
  2⤵
  PID:7632
- C:\Windows\System\mqzKrVk.exe
  C:\Windows\System\mqzKrVk.exe
  2⤵
  PID:7656
- C:\Windows\System\bcdSjHp.exe
  C:\Windows\System\bcdSjHp.exe
  2⤵
  PID:7672
- C:\Windows\System\CbupJlR.exe
  C:\Windows\System\CbupJlR.exe
  2⤵
  PID:7700
- C:\Windows\System\klGctCj.exe
  C:\Windows\System\klGctCj.exe
  2⤵
  PID:7720
- C:\Windows\System\WHQIYLf.exe
  C:\Windows\System\WHQIYLf.exe
  2⤵
  PID:7748
- C:\Windows\System\WRWNAiX.exe
  C:\Windows\System\WRWNAiX.exe
  2⤵
  PID:7764
- C:\Windows\System\FYwovXL.exe
  C:\Windows\System\FYwovXL.exe
  2⤵
  PID:7780
- C:\Windows\System\gdczlDn.exe
  C:\Windows\System\gdczlDn.exe
  2⤵
  PID:7796
- C:\Windows\System\OnBohoF.exe
  C:\Windows\System\OnBohoF.exe
  2⤵
  PID:7816
- C:\Windows\System\CjlbIQz.exe
  C:\Windows\System\CjlbIQz.exe
  2⤵
  PID:7864
- C:\Windows\System\wdXrjFR.exe
  C:\Windows\System\wdXrjFR.exe
  2⤵
  PID:7880
- C:\Windows\System\FAguOCu.exe
  C:\Windows\System\FAguOCu.exe
  2⤵
  PID:7896
- C:\Windows\System\FftOCIW.exe
  C:\Windows\System\FftOCIW.exe
  2⤵
  PID:7924
- C:\Windows\System\LYgnnhP.exe
  C:\Windows\System\LYgnnhP.exe
  2⤵
  PID:7940
- C:\Windows\System\oyuRThx.exe
  C:\Windows\System\oyuRThx.exe
  2⤵
  PID:7956
- C:\Windows\System\xAzOcSA.exe
  C:\Windows\System\xAzOcSA.exe
  2⤵
  PID:7976
- C:\Windows\System\muZNjPT.exe
  C:\Windows\System\muZNjPT.exe
  2⤵
  PID:7992
- C:\Windows\System\waMaTYv.exe
  C:\Windows\System\waMaTYv.exe
  2⤵
  PID:8012
- C:\Windows\System\iePdanf.exe
  C:\Windows\System\iePdanf.exe
  2⤵
  PID:8036
- C:\Windows\System\UceuwsP.exe
  C:\Windows\System\UceuwsP.exe
  2⤵
  PID:8060
- C:\Windows\System\HXvOZPs.exe
  C:\Windows\System\HXvOZPs.exe
  2⤵
  PID:8076
- C:\Windows\System\DSakMSo.exe
  C:\Windows\System\DSakMSo.exe
  2⤵
  PID:8092
- C:\Windows\System\gXdnWXv.exe
  C:\Windows\System\gXdnWXv.exe
  2⤵
  PID:8108
- C:\Windows\System\BmMBKjx.exe
  C:\Windows\System\BmMBKjx.exe
  2⤵
  PID:8128
- C:\Windows\System\tXqXrgv.exe
  C:\Windows\System\tXqXrgv.exe
  2⤵
  PID:8144
- C:\Windows\System\TTiAAtd.exe
  C:\Windows\System\TTiAAtd.exe
  2⤵
  PID:8168
- C:\Windows\System\RIwfYFU.exe
  C:\Windows\System\RIwfYFU.exe
  2⤵
  PID:6216
- C:\Windows\System\wwTEtAx.exe
  C:\Windows\System\wwTEtAx.exe
  2⤵
  PID:5348
- C:\Windows\System\ubQzaqj.exe
  C:\Windows\System\ubQzaqj.exe
  2⤵
  PID:7072
- C:\Windows\System\TgDCVfb.exe
  C:\Windows\System\TgDCVfb.exe
  2⤵
  PID:7228
- C:\Windows\System\KGdSIgQ.exe
  C:\Windows\System\KGdSIgQ.exe
  2⤵
  PID:2276
- C:\Windows\System\nNRAvcq.exe
  C:\Windows\System\nNRAvcq.exe
  2⤵
  PID:7252
- C:\Windows\System\WjqckGA.exe
  C:\Windows\System\WjqckGA.exe
  2⤵
  PID:7336
- C:\Windows\System\kkBfHZt.exe
  C:\Windows\System\kkBfHZt.exe
  2⤵
  PID:7384
- C:\Windows\System\tbuGrpi.exe
  C:\Windows\System\tbuGrpi.exe
  2⤵
  PID:7456
- C:\Windows\System\BvUKsuv.exe
  C:\Windows\System\BvUKsuv.exe
  2⤵
  PID:7524
- C:\Windows\System\YRrQClG.exe
  C:\Windows\System\YRrQClG.exe
  2⤵
  PID:7312
- C:\Windows\System\lmJEipo.exe
  C:\Windows\System\lmJEipo.exe
  2⤵
  PID:7612
- C:\Windows\System\OCYFOuO.exe
  C:\Windows\System\OCYFOuO.exe
  2⤵
  PID:7364
- C:\Windows\System\cooFpXX.exe
  C:\Windows\System\cooFpXX.exe
  2⤵
  PID:7680
- C:\Windows\System\SNcMobm.exe
  C:\Windows\System\SNcMobm.exe
  2⤵
  PID:7708
- C:\Windows\System\inJsOpC.exe
  C:\Windows\System\inJsOpC.exe
  2⤵
  PID:7508
- C:\Windows\System\LCmhxRE.exe
  C:\Windows\System\LCmhxRE.exe
  2⤵
  PID:7596
- C:\Windows\System\axVOkBR.exe
  C:\Windows\System\axVOkBR.exe
  2⤵
  PID:7664
- C:\Windows\System\LcEZUwl.exe
  C:\Windows\System\LcEZUwl.exe
  2⤵
  PID:7716
- C:\Windows\System\BXXBJru.exe
  C:\Windows\System\BXXBJru.exe
  2⤵
  PID:7776
- C:\Windows\System\BuTcMJU.exe
  C:\Windows\System\BuTcMJU.exe
  2⤵
  PID:7876
- C:\Windows\System\cJVkgej.exe
  C:\Windows\System\cJVkgej.exe
  2⤵
  PID:7920
- C:\Windows\System\JQOHwNi.exe
  C:\Windows\System\JQOHwNi.exe
  2⤵
  PID:7824
- C:\Windows\System\GzFDRIX.exe
  C:\Windows\System\GzFDRIX.exe
  2⤵
  PID:8024
- C:\Windows\System\TADLzrc.exe
  C:\Windows\System\TADLzrc.exe
  2⤵
  PID:7828
- C:\Windows\System\HzFVhVY.exe
  C:\Windows\System\HzFVhVY.exe
  2⤵
  PID:7832
- C:\Windows\System\XPbpbHP.exe
  C:\Windows\System\XPbpbHP.exe
  2⤵
  PID:8136
- C:\Windows\System\rackkYP.exe
  C:\Windows\System\rackkYP.exe
  2⤵
  PID:8188
- C:\Windows\System\sgADxZg.exe
  C:\Windows\System\sgADxZg.exe
  2⤵
  PID:7840
- C:\Windows\System\MSnNoIv.exe
  C:\Windows\System\MSnNoIv.exe
  2⤵
  PID:7180
- C:\Windows\System\oUtByKG.exe
  C:\Windows\System\oUtByKG.exe
  2⤵
  PID:8052
- C:\Windows\System\jhTHgNA.exe
  C:\Windows\System\jhTHgNA.exe
  2⤵
  PID:6876
- C:\Windows\System\hSfAQCt.exe
  C:\Windows\System\hSfAQCt.exe
  2⤵
  PID:7892
- C:\Windows\System\BWjRTkq.exe
  C:\Windows\System\BWjRTkq.exe
  2⤵
  PID:7964
- C:\Windows\System\AypShQN.exe
  C:\Windows\System\AypShQN.exe
  2⤵
  PID:8000
- C:\Windows\System\ypXpeAB.exe
  C:\Windows\System\ypXpeAB.exe
  2⤵
  PID:8008
- C:\Windows\System\jgLDTTH.exe
  C:\Windows\System\jgLDTTH.exe
  2⤵
  PID:8116
- C:\Windows\System\eZBvxUL.exe
  C:\Windows\System\eZBvxUL.exe
  2⤵
  PID:8152
- C:\Windows\System\AyzPamG.exe
  C:\Windows\System\AyzPamG.exe
  2⤵
  PID:7316
- C:\Windows\System\iWeFjlI.exe
  C:\Windows\System\iWeFjlI.exe
  2⤵
  PID:7224
- C:\Windows\System\wgIvOjp.exe
  C:\Windows\System\wgIvOjp.exe
  2⤵
  PID:7260
- C:\Windows\System\RARDEat.exe
  C:\Windows\System\RARDEat.exe
  2⤵
  PID:7668
- C:\Windows\System\QeYoIzN.exe
  C:\Windows\System\QeYoIzN.exe
  2⤵
  PID:7380
- C:\Windows\System\IIdQPuc.exe
  C:\Windows\System\IIdQPuc.exe
  2⤵
  PID:7564
- C:\Windows\System\tClasyx.exe
  C:\Windows\System\tClasyx.exe
  2⤵
  PID:7648
- C:\Windows\System\wJWARWu.exe
  C:\Windows\System\wJWARWu.exe
  2⤵
  PID:7628
- C:\Windows\System\YqreBBh.exe
  C:\Windows\System\YqreBBh.exe
  2⤵
  PID:7812
- C:\Windows\System\OeWgfKh.exe
  C:\Windows\System\OeWgfKh.exe
  2⤵
  PID:7852
- C:\Windows\System\wLsefRH.exe
  C:\Windows\System\wLsefRH.exe
  2⤵
  PID:8104
- C:\Windows\System\QayVEAG.exe
  C:\Windows\System\QayVEAG.exe
  2⤵
  PID:7532
- C:\Windows\System\yZhMHAe.exe
  C:\Windows\System\yZhMHAe.exe
  2⤵
  PID:8088
- C:\Windows\System\dpqPTvX.exe
  C:\Windows\System\dpqPTvX.exe
  2⤵
  PID:7684
- C:\Windows\System\KGAWkiq.exe
  C:\Windows\System\KGAWkiq.exe
  2⤵
  PID:8020
- C:\Windows\System\MtMhcPu.exe
  C:\Windows\System\MtMhcPu.exe
  2⤵
  PID:7740
- C:\Windows\System\zRgVnQc.exe
  C:\Windows\System\zRgVnQc.exe
  2⤵
  PID:7256
- C:\Windows\System\iAlLSbt.exe
  C:\Windows\System\iAlLSbt.exe
  2⤵
  PID:7772
- C:\Windows\System\tVIurto.exe
  C:\Windows\System\tVIurto.exe
  2⤵
  PID:8068
- C:\Windows\System\GjxgKIM.exe
  C:\Windows\System\GjxgKIM.exe
  2⤵
  PID:8196
- C:\Windows\System\njnBKYU.exe
  C:\Windows\System\njnBKYU.exe
  2⤵
  PID:8216
- C:\Windows\System\opPWQDK.exe
  C:\Windows\System\opPWQDK.exe
  2⤵
  PID:8236
- C:\Windows\System\YNjxFXn.exe
  C:\Windows\System\YNjxFXn.exe
  2⤵
  PID:8252
- C:\Windows\System\ahQhCqd.exe
  C:\Windows\System\ahQhCqd.exe
  2⤵
  PID:8276
- C:\Windows\System\jeRkpNC.exe
  C:\Windows\System\jeRkpNC.exe
  2⤵
  PID:8296
- C:\Windows\System\ShqLobU.exe
  C:\Windows\System\ShqLobU.exe
  2⤵
  PID:8316
- C:\Windows\System\xxGVHht.exe
  C:\Windows\System\xxGVHht.exe
  2⤵
  PID:8332
- C:\Windows\System\oXanXAd.exe
  C:\Windows\System\oXanXAd.exe
  2⤵
  PID:8356
- C:\Windows\System\jvQqsgq.exe
  C:\Windows\System\jvQqsgq.exe
  2⤵
  PID:8384
- C:\Windows\System\KIHlNMv.exe
  C:\Windows\System\KIHlNMv.exe
  2⤵
  PID:8408
- C:\Windows\System\zwetaQj.exe
  C:\Windows\System\zwetaQj.exe
  2⤵
  PID:8428
- C:\Windows\System\ZLRytKy.exe
  C:\Windows\System\ZLRytKy.exe
  2⤵
  PID:8456
- C:\Windows\System\kbHoYVN.exe
  C:\Windows\System\kbHoYVN.exe
  2⤵
  PID:8476
- C:\Windows\System\FdJzqyb.exe
  C:\Windows\System\FdJzqyb.exe
  2⤵
  PID:8492
- C:\Windows\System\QhyriWp.exe
  C:\Windows\System\QhyriWp.exe
  2⤵
  PID:8512
- C:\Windows\System\oQlVCdN.exe
  C:\Windows\System\oQlVCdN.exe
  2⤵
  PID:8532
- C:\Windows\System\JfrdCRA.exe
  C:\Windows\System\JfrdCRA.exe
  2⤵
  PID:8552
- C:\Windows\System\DMQwexe.exe
  C:\Windows\System\DMQwexe.exe
  2⤵
  PID:8572
- C:\Windows\System\wmUsxgL.exe
  C:\Windows\System\wmUsxgL.exe
  2⤵
  PID:8636
- C:\Windows\System\wUPNnEN.exe
  C:\Windows\System\wUPNnEN.exe
  2⤵
  PID:8656
- C:\Windows\System\aOZjDve.exe
  C:\Windows\System\aOZjDve.exe
  2⤵
  PID:8672
- C:\Windows\System\GtmzGEl.exe
  C:\Windows\System\GtmzGEl.exe
  2⤵
  PID:8688
- C:\Windows\System\yLHCBBK.exe
  C:\Windows\System\yLHCBBK.exe
  2⤵
  PID:8704
- C:\Windows\System\ZTkgPMD.exe
  C:\Windows\System\ZTkgPMD.exe
  2⤵
  PID:8732
- C:\Windows\System\hDJrrhg.exe
  C:\Windows\System\hDJrrhg.exe
  2⤵
  PID:8748
- C:\Windows\System\YAbcHTQ.exe
  C:\Windows\System\YAbcHTQ.exe
  2⤵
  PID:8764
- C:\Windows\System\vpRDSbX.exe
  C:\Windows\System\vpRDSbX.exe
  2⤵
  PID:8780
- C:\Windows\System\aNuoILq.exe
  C:\Windows\System\aNuoILq.exe
  2⤵
  PID:8804
- C:\Windows\System\yaqBNvo.exe
  C:\Windows\System\yaqBNvo.exe
  2⤵
  PID:8820
- C:\Windows\System\eblWXtg.exe
  C:\Windows\System\eblWXtg.exe
  2⤵
  PID:8836
- C:\Windows\System\LZNPzHP.exe
  C:\Windows\System\LZNPzHP.exe
  2⤵
  PID:8852
- C:\Windows\System\KEKMusI.exe
  C:\Windows\System\KEKMusI.exe
  2⤵
  PID:8908
- C:\Windows\System\fRKWsAT.exe
  C:\Windows\System\fRKWsAT.exe
  2⤵
  PID:8924
- C:\Windows\System\PkpvwJi.exe
  C:\Windows\System\PkpvwJi.exe
  2⤵
  PID:8940
- C:\Windows\System\OsAhjAw.exe
  C:\Windows\System\OsAhjAw.exe
  2⤵
  PID:8960
- C:\Windows\System\qZUhCBV.exe
  C:\Windows\System\qZUhCBV.exe
  2⤵
  PID:8976
- C:\Windows\System\kZOnguN.exe
  C:\Windows\System\kZOnguN.exe
  2⤵
  PID:8996
- C:\Windows\System\SCUUlkF.exe
  C:\Windows\System\SCUUlkF.exe
  2⤵
  PID:9012
- C:\Windows\System\EtIDIyP.exe
  C:\Windows\System\EtIDIyP.exe
  2⤵
  PID:9028
- C:\Windows\System\FFAODFB.exe
  C:\Windows\System\FFAODFB.exe
  2⤵
  PID:9048
- C:\Windows\System\CrjkOrW.exe
  C:\Windows\System\CrjkOrW.exe
  2⤵
  PID:9068
- C:\Windows\System\jiAbEDE.exe
  C:\Windows\System\jiAbEDE.exe
  2⤵
  PID:9088
- C:\Windows\System\cCQFGEk.exe
  C:\Windows\System\cCQFGEk.exe
  2⤵
  PID:9124
- C:\Windows\System\vlxjeSj.exe
  C:\Windows\System\vlxjeSj.exe
  2⤵
  PID:9140
- C:\Windows\System\SRYquOw.exe
  C:\Windows\System\SRYquOw.exe
  2⤵
  PID:9164
- C:\Windows\System\xoIIFQe.exe
  C:\Windows\System\xoIIFQe.exe
  2⤵
  PID:9180
- C:\Windows\System\TSagfNW.exe
  C:\Windows\System\TSagfNW.exe
  2⤵
  PID:9200
- C:\Windows\System\KzEWCnm.exe
  C:\Windows\System\KzEWCnm.exe
  2⤵
  PID:8204
- C:\Windows\System\wIYeovs.exe
  C:\Windows\System\wIYeovs.exe
  2⤵
  PID:8244
- C:\Windows\System\hZaFPxi.exe
  C:\Windows\System\hZaFPxi.exe
  2⤵
  PID:7436
- C:\Windows\System\tcsZLnt.exe
  C:\Windows\System\tcsZLnt.exe
  2⤵
  PID:7440
- C:\Windows\System\iyykZxv.exe
  C:\Windows\System\iyykZxv.exe
  2⤵
  PID:8368
- C:\Windows\System\fpzFLQt.exe
  C:\Windows\System\fpzFLQt.exe
  2⤵
  PID:8380
- C:\Windows\System\ecHZnqB.exe
  C:\Windows\System\ecHZnqB.exe
  2⤵
  PID:7208
- C:\Windows\System\KrPZklh.exe
  C:\Windows\System\KrPZklh.exe
  2⤵
  PID:8160
- C:\Windows\System\HMatVFC.exe
  C:\Windows\System\HMatVFC.exe
  2⤵
  PID:7644
- C:\Windows\System\qikJfcP.exe
  C:\Windows\System\qikJfcP.exe
  2⤵
  PID:8416
- C:\Windows\System\VEzCAcD.exe
  C:\Windows\System\VEzCAcD.exe
  2⤵
  PID:8176
- C:\Windows\System\FFyveUO.exe
  C:\Windows\System\FFyveUO.exe
  2⤵
  PID:7492
- C:\Windows\System\SghuNDF.exe
  C:\Windows\System\SghuNDF.exe
  2⤵
  PID:7732
- C:\Windows\System\UYEpiGf.exe
  C:\Windows\System\UYEpiGf.exe
  2⤵
  PID:7744
- C:\Windows\System\BKEiGnC.exe
  C:\Windows\System\BKEiGnC.exe
  2⤵
  PID:8308
- C:\Windows\System\CTDtdXR.exe
  C:\Windows\System\CTDtdXR.exe
  2⤵
  PID:8348
- C:\Windows\System\rmRHOdj.exe
  C:\Windows\System\rmRHOdj.exe
  2⤵
  PID:8504
- C:\Windows\System\eBpzcFw.exe
  C:\Windows\System\eBpzcFw.exe
  2⤵
  PID:8232
- C:\Windows\System\fLcrxDl.exe
  C:\Windows\System\fLcrxDl.exe
  2⤵
  PID:8540
- C:\Windows\System\kOlXvov.exe
  C:\Windows\System\kOlXvov.exe
  2⤵
  PID:8452
- C:\Windows\System\RyyUmEm.exe
  C:\Windows\System\RyyUmEm.exe
  2⤵
  PID:8548
- C:\Windows\System\xtlemUc.exe
  C:\Windows\System\xtlemUc.exe
  2⤵
  PID:8592
- C:\Windows\System\RGbWKuz.exe
  C:\Windows\System\RGbWKuz.exe
  2⤵
  PID:7712
- C:\Windows\System\TbWdvwL.exe
  C:\Windows\System\TbWdvwL.exe
  2⤵
  PID:8696
- C:\Windows\System\Qhzbftx.exe
  C:\Windows\System\Qhzbftx.exe
  2⤵
  PID:8816
- C:\Windows\System\dxioLZJ.exe
  C:\Windows\System\dxioLZJ.exe
  2⤵
  PID:8680
- C:\Windows\System\YuKeGVM.exe
  C:\Windows\System\YuKeGVM.exe
  2⤵
  PID:8716
- C:\Windows\System\kqIRKep.exe
  C:\Windows\System\kqIRKep.exe
  2⤵
  PID:8760
- C:\Windows\System\JGEbGjH.exe
  C:\Windows\System\JGEbGjH.exe
  2⤵
  PID:8864
- C:\Windows\System\mewtOlM.exe
  C:\Windows\System\mewtOlM.exe
  2⤵
  PID:1000
- C:\Windows\System\eouqgAN.exe
  C:\Windows\System\eouqgAN.exe
  2⤵
  PID:8900
- C:\Windows\System\ZDFMNxh.exe
  C:\Windows\System\ZDFMNxh.exe
  2⤵
  PID:8948
- C:\Windows\System\nNnlfNB.exe
  C:\Windows\System\nNnlfNB.exe
  2⤵
  PID:8988
- C:\Windows\System\gkOVXVw.exe
  C:\Windows\System\gkOVXVw.exe
  2⤵
  PID:9056
- C:\Windows\System\WcFvucg.exe
  C:\Windows\System\WcFvucg.exe
  2⤵
  PID:8972
- C:\Windows\System\SGhLfcb.exe
  C:\Windows\System\SGhLfcb.exe
  2⤵
  PID:9044
- C:\Windows\System\bCmBBYc.exe
  C:\Windows\System\bCmBBYc.exe
  2⤵
  PID:9108
- C:\Windows\System\mOnKgMx.exe
  C:\Windows\System\mOnKgMx.exe
  2⤵
  PID:9152
- C:\Windows\System\aXhGgdE.exe
  C:\Windows\System\aXhGgdE.exe
  2⤵
  PID:9136
- C:\Windows\System\byumSZN.exe
  C:\Windows\System\byumSZN.exe
  2⤵
  PID:7912
- C:\Windows\System\oAwSFFJ.exe
  C:\Windows\System\oAwSFFJ.exe
  2⤵
  PID:7952
- C:\Windows\System\hMSfRXQ.exe
  C:\Windows\System\hMSfRXQ.exe
  2⤵
  PID:8288
- C:\Windows\System\dHKiNeE.exe
  C:\Windows\System\dHKiNeE.exe
  2⤵
  PID:8364
- C:\Windows\System\SkkrZOM.exe
  C:\Windows\System\SkkrZOM.exe
  2⤵
  PID:6592
- C:\Windows\System\erWLdHq.exe
  C:\Windows\System\erWLdHq.exe
  2⤵
  PID:7520
- C:\Windows\System\vRrgtel.exe
  C:\Windows\System\vRrgtel.exe
  2⤵
  PID:5776
- C:\Windows\System\DrSxbEt.exe
  C:\Windows\System\DrSxbEt.exe
  2⤵
  PID:8420
- C:\Windows\System\yDiCOTT.exe
  C:\Windows\System\yDiCOTT.exe
  2⤵
  PID:9112
- C:\Windows\System\JVJvWMn.exe
  C:\Windows\System\JVJvWMn.exe
  2⤵
  PID:7300
- C:\Windows\System\kyERCBf.exe
  C:\Windows\System\kyERCBf.exe
  2⤵
  PID:7352
- C:\Windows\System\BRxqFNR.exe
  C:\Windows\System\BRxqFNR.exe
  2⤵
  PID:8524
- C:\Windows\System\oMlrAQL.exe
  C:\Windows\System\oMlrAQL.exe
  2⤵
  PID:8444
- C:\Windows\System\SfcnMJw.exe
  C:\Windows\System\SfcnMJw.exe
  2⤵
  PID:8528
- C:\Windows\System\YmZmUsT.exe
  C:\Windows\System\YmZmUsT.exe
  2⤵
  PID:8584
- C:\Windows\System\NDJlYoZ.exe
  C:\Windows\System\NDJlYoZ.exe
  2⤵
  PID:8772
- C:\Windows\System\WnccXtV.exe
  C:\Windows\System\WnccXtV.exe
  2⤵
  PID:8652
- C:\Windows\System\NERhQMS.exe
  C:\Windows\System\NERhQMS.exe
  2⤵
  PID:8792
- C:\Windows\System\pGPpvak.exe
  C:\Windows\System\pGPpvak.exe
  2⤵
  PID:8832
- C:\Windows\System\lJVnSej.exe
  C:\Windows\System\lJVnSej.exe
  2⤵
  PID:8896
- C:\Windows\System\iMqfrPD.exe
  C:\Windows\System\iMqfrPD.exe
  2⤵
  PID:9020
- C:\Windows\System\inTlwbQ.exe
  C:\Windows\System\inTlwbQ.exe
  2⤵
  PID:8936
- C:\Windows\System\cMmttLV.exe
  C:\Windows\System\cMmttLV.exe
  2⤵
  PID:9040
- C:\Windows\System\kqQMiNH.exe
  C:\Windows\System\kqQMiNH.exe
  2⤵
  PID:9120
- C:\Windows\System\dpHLAHN.exe
  C:\Windows\System\dpHLAHN.exe
  2⤵
  PID:9176
- C:\Windows\System\cyNKKmm.exe
  C:\Windows\System\cyNKKmm.exe
  2⤵
  PID:8208
- C:\Windows\System\WLvjNzQ.exe
  C:\Windows\System\WLvjNzQ.exe
  2⤵
  PID:8180
- C:\Windows\System\zInCzcV.exe
  C:\Windows\System\zInCzcV.exe
  2⤵
  PID:2100
- C:\Windows\System\phvxEKR.exe
  C:\Windows\System\phvxEKR.exe
  2⤵
  PID:8084
- C:\Windows\System\xNyHdHl.exe
  C:\Windows\System\xNyHdHl.exe
  2⤵
  PID:7948
- C:\Windows\System\RPDdzYn.exe
  C:\Windows\System\RPDdzYn.exe
  2⤵
  PID:8344
- C:\Windows\System\yeebakp.exe
  C:\Windows\System\yeebakp.exe
  2⤵
  PID:8580
- C:\Windows\System\KEGOYll.exe
  C:\Windows\System\KEGOYll.exe
  2⤵
  PID:8520
- C:\Windows\System\SprGUKZ.exe
  C:\Windows\System\SprGUKZ.exe
  2⤵
  PID:8740
- C:\Windows\System\nneZYjO.exe
  C:\Windows\System\nneZYjO.exe
  2⤵
  PID:8744
- C:\Windows\System\rYvbchF.exe
  C:\Windows\System\rYvbchF.exe
  2⤵
  PID:8876
- C:\Windows\System\rDGuXMx.exe
  C:\Windows\System\rDGuXMx.exe
  2⤵
  PID:8916
- C:\Windows\System\dokWqXi.exe
  C:\Windows\System\dokWqXi.exe
  2⤵
  PID:9080
- C:\Windows\System\dCGWWzC.exe
  C:\Windows\System\dCGWWzC.exe
  2⤵
  PID:9188
- C:\Windows\System\YjUdVwx.exe
  C:\Windows\System\YjUdVwx.exe
  2⤵
  PID:7908
- C:\Windows\System\SKhTSls.exe
  C:\Windows\System\SKhTSls.exe
  2⤵
  PID:7936
- C:\Windows\System\IJCDNRW.exe
  C:\Windows\System\IJCDNRW.exe
  2⤵
  PID:8228
- C:\Windows\System\zoLkJKZ.exe
  C:\Windows\System\zoLkJKZ.exe
  2⤵
  PID:8376
- C:\Windows\System\hSbnCTt.exe
  C:\Windows\System\hSbnCTt.exe
  2⤵
  PID:8424
- C:\Windows\System\wIFWqrp.exe
  C:\Windows\System\wIFWqrp.exe
  2⤵
  PID:8484
- C:\Windows\System\OQAqSmI.exe
  C:\Windows\System\OQAqSmI.exe
  2⤵
  PID:8632
- C:\Windows\System\cziVVpl.exe
  C:\Windows\System\cziVVpl.exe
  2⤵
  PID:8668
- C:\Windows\System\sXVSDjE.exe
  C:\Windows\System\sXVSDjE.exe
  2⤵
  PID:8952
- C:\Windows\System\kLSLivW.exe
  C:\Windows\System\kLSLivW.exe
  2⤵
  PID:9148
- C:\Windows\System\osJsRwM.exe
  C:\Windows\System\osJsRwM.exe
  2⤵
  PID:8292
- C:\Windows\System\GkMYyia.exe
  C:\Windows\System\GkMYyia.exe
  2⤵
  PID:8564
- C:\Windows\System\zecSCmC.exe
  C:\Windows\System\zecSCmC.exe
  2⤵
  PID:8848
- C:\Windows\System\VUryQZS.exe
  C:\Windows\System\VUryQZS.exe
  2⤵
  PID:9036
- C:\Windows\System\imKTYsp.exe
  C:\Windows\System\imKTYsp.exe
  2⤵
  PID:7988
- C:\Windows\System\oZPKpTa.exe
  C:\Windows\System\oZPKpTa.exe
  2⤵
  PID:9240
- C:\Windows\System\rkknzEN.exe
  C:\Windows\System\rkknzEN.exe
  2⤵
  PID:9256
- C:\Windows\System\EIzaYlu.exe
  C:\Windows\System\EIzaYlu.exe
  2⤵
  PID:9272
- C:\Windows\System\XVHOWzU.exe
  C:\Windows\System\XVHOWzU.exe
  2⤵
  PID:9288
- C:\Windows\System\uFNLzBA.exe
  C:\Windows\System\uFNLzBA.exe
  2⤵
  PID:9304
- C:\Windows\System\MxpxWrL.exe
  C:\Windows\System\MxpxWrL.exe
  2⤵
  PID:9320
- C:\Windows\System\YtnLXpT.exe
  C:\Windows\System\YtnLXpT.exe
  2⤵
  PID:9344
- C:\Windows\System\AOfvzwQ.exe
  C:\Windows\System\AOfvzwQ.exe
  2⤵
  PID:9364
- C:\Windows\System\HiuiIcH.exe
  C:\Windows\System\HiuiIcH.exe
  2⤵
  PID:9380
- C:\Windows\System\eZISkzN.exe
  C:\Windows\System\eZISkzN.exe
  2⤵
  PID:9396
- C:\Windows\System\KesIDVu.exe
  C:\Windows\System\KesIDVu.exe
  2⤵
  PID:9420
- C:\Windows\System\PGlRpcl.exe
  C:\Windows\System\PGlRpcl.exe
  2⤵
  PID:9440
- C:\Windows\System\TzxyYTx.exe
  C:\Windows\System\TzxyYTx.exe
  2⤵
  PID:9460
- C:\Windows\System\csgHkRk.exe
  C:\Windows\System\csgHkRk.exe
  2⤵
  PID:9476
- C:\Windows\System\ACokfbR.exe
  C:\Windows\System\ACokfbR.exe
  2⤵
  PID:9500
- C:\Windows\System\pepwebr.exe
  C:\Windows\System\pepwebr.exe
  2⤵
  PID:9516
- C:\Windows\System\MidwSXJ.exe
  C:\Windows\System\MidwSXJ.exe
  2⤵
  PID:9544
- C:\Windows\System\sHRkBcs.exe
  C:\Windows\System\sHRkBcs.exe
  2⤵
  PID:9560
- C:\Windows\System\iTaDxSc.exe
  C:\Windows\System\iTaDxSc.exe
  2⤵
  PID:9580
- C:\Windows\System\wNcqfeB.exe
  C:\Windows\System\wNcqfeB.exe
  2⤵
  PID:9604
- C:\Windows\System\cghLflV.exe
  C:\Windows\System\cghLflV.exe
  2⤵
  PID:9620
- C:\Windows\System\ZOovydu.exe
  C:\Windows\System\ZOovydu.exe
  2⤵
  PID:9636
- C:\Windows\System\ufouuWF.exe
  C:\Windows\System\ufouuWF.exe
  2⤵
  PID:9656
- C:\Windows\System\dKHEOJd.exe
  C:\Windows\System\dKHEOJd.exe
  2⤵
  PID:9684
- C:\Windows\System\xmEFakM.exe
  C:\Windows\System\xmEFakM.exe
  2⤵
  PID:9700
- C:\Windows\System\lAsEKWY.exe
  C:\Windows\System\lAsEKWY.exe
  2⤵
  PID:9724
- C:\Windows\System\llDovXV.exe
  C:\Windows\System\llDovXV.exe
  2⤵
  PID:9748
- C:\Windows\System\RGwsHEm.exe
  C:\Windows\System\RGwsHEm.exe
  2⤵
  PID:9776
- C:\Windows\System\XyalAJv.exe
  C:\Windows\System\XyalAJv.exe
  2⤵
  PID:9812
- C:\Windows\System\GhJjlZI.exe
  C:\Windows\System\GhJjlZI.exe
  2⤵
  PID:9828
- C:\Windows\System\jdOqqTu.exe
  C:\Windows\System\jdOqqTu.exe
  2⤵
  PID:9844
- C:\Windows\System\TrpuKQT.exe
  C:\Windows\System\TrpuKQT.exe
  2⤵
  PID:9860
- C:\Windows\System\XrCsKhR.exe
  C:\Windows\System\XrCsKhR.exe
  2⤵
  PID:9876
- C:\Windows\System\XnRdksD.exe
  C:\Windows\System\XnRdksD.exe
  2⤵
  PID:9896
- C:\Windows\System\yTvBiEI.exe
  C:\Windows\System\yTvBiEI.exe
  2⤵
  PID:9912
- C:\Windows\System\hYLDoTt.exe
  C:\Windows\System\hYLDoTt.exe
  2⤵
  PID:9944
- C:\Windows\System\nvRHayJ.exe
  C:\Windows\System\nvRHayJ.exe
  2⤵
  PID:9960
- C:\Windows\System\kojRrfh.exe
  C:\Windows\System\kojRrfh.exe
  2⤵
  PID:9980
- C:\Windows\System\hevFPuQ.exe
  C:\Windows\System\hevFPuQ.exe
  2⤵
  PID:9996
- C:\Windows\System\XZdZhZb.exe
  C:\Windows\System\XZdZhZb.exe
  2⤵
  PID:10016
- C:\Windows\System\wpdqKiZ.exe
  C:\Windows\System\wpdqKiZ.exe
  2⤵
  PID:10036
- C:\Windows\System\qUiJHbI.exe
  C:\Windows\System\qUiJHbI.exe
  2⤵
  PID:10056
- C:\Windows\System\sYcVllO.exe
  C:\Windows\System\sYcVllO.exe
  2⤵
  PID:10072
- C:\Windows\System\BuUPFOg.exe
  C:\Windows\System\BuUPFOg.exe
  2⤵
  PID:10100
- C:\Windows\System\OzTDhpW.exe
  C:\Windows\System\OzTDhpW.exe
  2⤵
  PID:10120
- C:\Windows\System\cRfPNBk.exe
  C:\Windows\System\cRfPNBk.exe
  2⤵
  PID:10144
- C:\Windows\System\VVXZtig.exe
  C:\Windows\System\VVXZtig.exe
  2⤵
  PID:10160
- C:\Windows\System\mCnJXbI.exe
  C:\Windows\System\mCnJXbI.exe
  2⤵
  PID:10184
- C:\Windows\System\vrUsFow.exe
  C:\Windows\System\vrUsFow.exe
  2⤵
  PID:10204
- C:\Windows\System\zRBpPjo.exe
  C:\Windows\System\zRBpPjo.exe
  2⤵
  PID:10228
- C:\Windows\System\DefsPiI.exe
  C:\Windows\System\DefsPiI.exe
  2⤵
  PID:8796
- C:\Windows\System\azsrxmM.exe
  C:\Windows\System\azsrxmM.exe
  2⤵
  PID:9232
- C:\Windows\System\hdcTTqI.exe
  C:\Windows\System\hdcTTqI.exe
  2⤵
  PID:9376
- C:\Windows\System\cmSmTLD.exe
  C:\Windows\System\cmSmTLD.exe
  2⤵
  PID:7452
- C:\Windows\System\kFuJIwD.exe
  C:\Windows\System\kFuJIwD.exe
  2⤵
  PID:9484
- C:\Windows\System\qgFOjoX.exe
  C:\Windows\System\qgFOjoX.exe
  2⤵
  PID:9540
- C:\Windows\System\GRcZaYi.exe
  C:\Windows\System\GRcZaYi.exe
  2⤵
  PID:9356
- C:\Windows\System\XntfaWF.exe
  C:\Windows\System\XntfaWF.exe
  2⤵
  PID:9644
- C:\Windows\System\yxVVahy.exe
  C:\Windows\System\yxVVahy.exe
  2⤵
  PID:7968
- C:\Windows\System\YdIhSRO.exe
  C:\Windows\System\YdIhSRO.exe
  2⤵
  PID:9696
- C:\Windows\System\ZVVXxnU.exe
  C:\Windows\System\ZVVXxnU.exe
  2⤵
  PID:9508
- C:\Windows\System\FnWdnvV.exe
  C:\Windows\System\FnWdnvV.exe
  2⤵
  PID:8468
- C:\Windows\System\HxHzUHv.exe
  C:\Windows\System\HxHzUHv.exe
  2⤵
  PID:8920
- C:\Windows\System\LxUlaln.exe
  C:\Windows\System\LxUlaln.exe
  2⤵
  PID:9352
- C:\Windows\System\XLPMUCM.exe
  C:\Windows\System\XLPMUCM.exe
  2⤵
  PID:9628
- C:\Windows\System\EPzAFSh.exe
  C:\Windows\System\EPzAFSh.exe
  2⤵
  PID:9716
- C:\Windows\System\BSxQIIk.exe
  C:\Windows\System\BSxQIIk.exe
  2⤵
  PID:9428
- C:\Windows\System\SJHzDGb.exe
  C:\Windows\System\SJHzDGb.exe
  2⤵
  PID:9588
- C:\Windows\System\FRKgEYq.exe
  C:\Windows\System\FRKgEYq.exe
  2⤵
  PID:9664
- C:\Windows\System\skcVyiE.exe
  C:\Windows\System\skcVyiE.exe
  2⤵
  PID:9796
- C:\Windows\System\rwanigd.exe
  C:\Windows\System\rwanigd.exe
  2⤵
  PID:9836
- C:\Windows\System\XnMkdgi.exe
  C:\Windows\System\XnMkdgi.exe
  2⤵
  PID:9908
- C:\Windows\System\vynTNoY.exe
  C:\Windows\System\vynTNoY.exe
  2⤵
  PID:9992
- C:\Windows\System\KqFbOjd.exe
  C:\Windows\System\KqFbOjd.exe
  2⤵
  PID:10116
- C:\Windows\System\fcaRrwH.exe
  C:\Windows\System\fcaRrwH.exe
  2⤵
  PID:10192
- C:\Windows\System\COcIrAh.exe
  C:\Windows\System\COcIrAh.exe
  2⤵
  PID:8340
- C:\Windows\System\oPooLoT.exe
  C:\Windows\System\oPooLoT.exe
  2⤵
  PID:10044
- C:\Windows\System\GnpWvfy.exe
  C:\Windows\System\GnpWvfy.exe
  2⤵
  PID:10172
- C:\Windows\System\jkmhaGV.exe
  C:\Windows\System\jkmhaGV.exe
  2⤵
  PID:9968
- C:\Windows\System\xjzUzSF.exe
  C:\Windows\System\xjzUzSF.exe
  2⤵
  PID:9936
- C:\Windows\System\NAAcCiZ.exe
  C:\Windows\System\NAAcCiZ.exe
  2⤵
  PID:10096
- C:\Windows\System\SaUkpCf.exe
  C:\Windows\System\SaUkpCf.exe
  2⤵
  PID:9892
- C:\Windows\System\lcxflNL.exe
  C:\Windows\System\lcxflNL.exe
  2⤵
  PID:9852
- C:\Windows\System\cttHvqm.exe
  C:\Windows\System\cttHvqm.exe
  2⤵
  PID:9296
- C:\Windows\System\CkaQVWl.exe
  C:\Windows\System\CkaQVWl.exe
  2⤵
  PID:9340
- C:\Windows\System\YWOnvFc.exe
  C:\Windows\System\YWOnvFc.exe
  2⤵
  PID:9452
- C:\Windows\System\sRraPNC.exe
  C:\Windows\System\sRraPNC.exe
  2⤵
  PID:9652
- C:\Windows\System\iXZXgBm.exe
  C:\Windows\System\iXZXgBm.exe
  2⤵
  PID:9732
- C:\Windows\System\ZxJxelo.exe
  C:\Windows\System\ZxJxelo.exe
  2⤵
  PID:8984
- C:\Windows\System\kAYnuxS.exe
  C:\Windows\System\kAYnuxS.exe
  2⤵
  PID:9616
- C:\Windows\System\DmaqbJa.exe
  C:\Windows\System\DmaqbJa.exe
  2⤵
  PID:9720
- C:\Windows\System\xbjIZhG.exe
  C:\Windows\System\xbjIZhG.exe
  2⤵
  PID:9104
- C:\Windows\System\HzNLhno.exe
  C:\Windows\System\HzNLhno.exe
  2⤵
  PID:9252
- C:\Windows\System\JjkJovS.exe
  C:\Windows\System\JjkJovS.exe
  2⤵
  PID:9552
- C:\Windows\System\EyLVPpg.exe
  C:\Windows\System\EyLVPpg.exe
  2⤵
  PID:9756
- C:\Windows\System\egOpMoa.exe
  C:\Windows\System\egOpMoa.exe
  2⤵
  PID:9768
- C:\Windows\System\FdmIRRE.exe
  C:\Windows\System\FdmIRRE.exe
  2⤵
  PID:9772
- C:\Windows\System\OkyitEv.exe
  C:\Windows\System\OkyitEv.exe
  2⤵
  PID:9868
- C:\Windows\System\UdCGDdB.exe
  C:\Windows\System\UdCGDdB.exe
  2⤵
  PID:9820
- C:\Windows\System\XWKlgRP.exe
  C:\Windows\System\XWKlgRP.exe
  2⤵
  PID:10152
- C:\Windows\System\hBqdLNs.exe
  C:\Windows\System\hBqdLNs.exe
  2⤵
  PID:10196
- C:\Windows\System\bSaufae.exe
  C:\Windows\System\bSaufae.exe
  2⤵
  PID:10224
- C:\Windows\System\pHByQka.exe
  C:\Windows\System\pHByQka.exe
  2⤵
  PID:9956
- C:\Windows\System\YvTNNWr.exe
  C:\Windows\System\YvTNNWr.exe
  2⤵
  PID:9884
- C:\Windows\System\GWcuTWy.exe
  C:\Windows\System\GWcuTWy.exe
  2⤵
  PID:10212
- C:\Windows\System\vpzkHki.exe
  C:\Windows\System\vpzkHki.exe
  2⤵
  PID:9576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BBfnWzi.exe

Filesize
6.0MB

MD5
1871f9f3198343e0384627f37baaf56c

SHA1
4c30c67092cfb8b1ceb0baefeff01422b838a798

SHA256
035422a3750211d19ba46dad5d30f3dc15c3de2fcbdb48e3075a56665001a19e

SHA512
c3c2daf65747f88c9a4fd7f8dad6aef5ff45d312ba60f26dea260ee1c2709a794d723b00b09e0a8c06550f58651b7283b2cf0691a173a52b78027552cb7fe5ad

Download Submit
C:\Windows\system\BciQNqZ.exe

Filesize
6.0MB

MD5
64c8977745d999facbe999e4e16e4cf3

SHA1
6222ab942d32d36f8cb375582be80994f4f0b697

SHA256
7fa485cdc07f1dd0c1fdf54852d3672c0058f04e5336f586531a1ded10843d04

SHA512
640a76aad4e5c880f81f3a774930f6e7c71877bebe61e401428f8a978952bcf7353e1cc66d21eec7a1cfb34ffd1a547448d9f05f1ef3c212fb703db9ea13b9fa

Download Submit
C:\Windows\system\CRxqbnd.exe

Filesize
6.0MB

MD5
f4ca06713bbade1452078695df8b8aae

SHA1
23a3c54631ba4ab67f0abad18abbc75b27c30350

SHA256
b283e85cf1a919c2cd3a5fb4cd338e457d88e37de9623f77525aa93a538d714e

SHA512
704ce15112db2ab4545aa701183fb11788a3a35df83a137c5afd78e4df980d4c16e967e809e7b774039245b770c5886b2c46d6873da462189c8e1f957819ab8b

Download Submit
C:\Windows\system\CkDbtpP.exe

Filesize
6.0MB

MD5
0b78600dcd7fbeb9d1f6bf3fe9a950e2

SHA1
2d2cadaf344cdbe0b9f5d83d823c06b03b8c00e0

SHA256
e933ba6c3ccc7db393e0eff184da1f69870c4b921f808ee5aa85fe2390f14c94

SHA512
37dbfa0fbdc507328d4214f2d4aa6cb2d70ad4bc70097d7bb40d0a0ac885177d9d258bf0bbf0538f59c0cad0ce6adc142a2a7a16057a3827a46da61c88962cc4

Download Submit
C:\Windows\system\CutbZdI.exe

Filesize
6.0MB

MD5
eb4f2d486aa860842306c4435ff999d1

SHA1
242670b664cdd79ef1c08a49ce8c8134b520dcdc

SHA256
dc1be229831d1e66fc43c13ca57264c08d4c4769ff0ed58012a06d30e4fc1d6c

SHA512
8c70f592cdba0e3a063a7c9d09383bf047d81bf5866da682868d9492cb0c6959e163c8ce854e5c3d8a7ebea5f354af29b036d1f9cdcf3a86c42dcc81a499c6d2

Download Submit
C:\Windows\system\Hacbhmi.exe

Filesize
6.0MB

MD5
b8cd3a38a88d71bcb5f301167fa541d7

SHA1
0f8bd9a18f49f7d41c4ec3283b39b0329e09cfbe

SHA256
0ac4d493e302fc82954dc421d046afb5890f32e88edda61479800305b7b4a7e1

SHA512
968d6acf8f522384d855475ba3876cbc90fc3e6507e9d167120989e03c5c812f9de594331c711407568d711f16b729d0cdfeb3fc5a92fc29ee2645269f810a10

Download Submit
C:\Windows\system\JSHWQbh.exe

Filesize
6.0MB

MD5
67b0e8c11108ba90e1d17cb4b6b0b4a1

SHA1
99db3f8254fa6bf85160e01ff07f4237405ed69f

SHA256
a6a4f12d87ac403292a2631fbc4c1a1b60ef9397718283e900c8efe60d1eeb4b

SHA512
a1b21b1cdb0065f0115a3f8eda1d50288aeb6b9b467173183c3356284ea4ea143f3e4f62afb4536d291783c4ff31cfd3d6fd1a6f3ec23cb8968386e8cd985d3c

Download Submit
C:\Windows\system\JhmFeJz.exe

Filesize
6.0MB

MD5
645a43165248ec361e75964082a026c8

SHA1
197b309ae145ba85e05ed460d2a03c0bddd76234

SHA256
6c19bc02bd174ab0daf5276b46bd8a1b8729a024cb65f080e83a5bf42b40bdbc

SHA512
fcf723cf756c1852afa802b9b5388672c38549268ed0594b9e1a857edc3ae6df1fb7818332d42f65dbb9863ce88c745f622ad287f2a7bf18c6fb90d48b4a07c0

Download Submit
C:\Windows\system\LNryQXx.exe

Filesize
6.0MB

MD5
92a7b88075662d8166b2f3a6de49d1b1

SHA1
f070eeed64dac2a89f4cf709745ca42dac2be6a1

SHA256
5c90c4bfa275ab577e35f2a9e9c8a8b7bd090d9d237492d1b12e63c97dbe58b6

SHA512
8e07b049a0824ba35c35e5666024ed287d13d51ad594f96eee75615f8d6f8fcdfbadc6cb3a0d39bf9a543ed8e42320e44494848dae9654b8ce4466a265c8cca2

Download Submit
C:\Windows\system\MMNMsaf.exe

Filesize
6.0MB

MD5
76da0094ab183d2ef8bb0e128fead574

SHA1
b40fed6ec4adf69b74abea0c95b0ea78a8462a17

SHA256
84331c0d84384d6866c66537038f13c090adcc3cd87ed363dddd5873788a6b9a

SHA512
78d04cda1fee91252bb01311fe326c4e3d96c2c8d250a220233c8fd45855fe1a8eeced0b69e82a64a58946d16eef7cc99d8bdcfdf4f9688ab3fda1e6d1257299

Download Submit
C:\Windows\system\MbVbxfe.exe

Filesize
6.0MB

MD5
74f70e4569001fdc25768b0144dfd837

SHA1
0bba23d1f707ffc92c4372eb1d790578011ddbe3

SHA256
281c46bccec7e4c16636cf70953826eaad1087ecec33098c4800d32d972600f9

SHA512
4e23d0eb8ee72bee618bc02a8197d989c083be8ce80f733aa5a894bba413ac76b482adc1b5f07f900b9013f4761fb5a264c6efe54ac43f143593b574aa8051a4

Download Submit
C:\Windows\system\OAiQCgd.exe

Filesize
6.0MB

MD5
1eff18530e7e1dbc11283a8f2bd566d9

SHA1
2dd33f5c7ecf0d99f2ce8d376c260be66840ab11

SHA256
914e2724f2b023fa85d29c3325f840c0a042a8dc484c05ac36b1ea4c8853e415

SHA512
e08547ebfed80a497b8a1999ff4386177a6d90fb9435aa16983aa0a32e59825d926bc3f837274e1d12938064633062600ff68eeb060bc70d192faee616aa52a2

Download Submit
C:\Windows\system\OgAxcet.exe

Filesize
6.0MB

MD5
0bc3225437db0463a6b57f3da7482344

SHA1
0c3c17de83458969dda0789cef99f3c92a67e4d0

SHA256
f84b732ad8f911a6fb7f844a7536afab5edccfb73fbe66d5ff669be9af04f284

SHA512
0e7de982463f55f4872e303c5d7bca5418f4c4d138e99d0d30ef176c20e8f22fde828654a5a0837d17309b8aee6487a3ddaf4a3053dfb4fb8fd29d2609724f4c

Download Submit
C:\Windows\system\PGOTyDY.exe

Filesize
6.0MB

MD5
81a4bd6dc90e6bd70f5f0245817a8ab0

SHA1
b6a8595e8a06b51ad78d1959ad417a7436d4b86a

SHA256
6711f91b9f44f6bea7dfa4a3126e85e38db4939f07652e7b5cc28f3201e600ec

SHA512
9ca3374857df03f71d9e5089739573a7da7e4aea7e53f7e14d498d65c64a369aa69da2298f880b0d69c6e22841657c8f021a392e67d87f79ed1786c13636cb88

Download Submit
C:\Windows\system\THKzoOO.exe

Filesize
6.0MB

MD5
397a6941bf12539cc2fa99e5419ca018

SHA1
7cd990ae85e420f85f4aa6bba08abd7bd9e8cc56

SHA256
bba4bd7300bd65a38b0a9a57247dbe8ad2a25e18ebfe25e6351f39b6f9032719

SHA512
8d12bb04f4bae14b8447b6c78319e2c3b9a0251d3c6c91f0a46d10399e6e26c4ddff190c680e399d80540617fb57151b1220f807cf1c23baa295d8242876d0af

Download Submit
C:\Windows\system\WDiJBVI.exe

Filesize
6.0MB

MD5
f43dc0577d7a3ec0ba422a107fa47b31

SHA1
ba42b260dc3773fc338dae40747a739281601d70

SHA256
d4621a37d87a16072ec2a912daa4599b90714f6be1e5474e2155c7df2adcddc2

SHA512
b003c7dc52cd29b3f6087748fa86103214461efa965e098c6907baa8a306dcb4d396af18099470462dd06f0be0a5abb249174f6a6221f41ca6045174c3810a8e

Download Submit
C:\Windows\system\WfRBDNH.exe

Filesize
6.0MB

MD5
3d436de94d31cb463d2312866bc5a30a

SHA1
160409d17f8cbffc657e7df150f407c4f8bc9267

SHA256
f495dabecd2e7582f4e8849f13d1598ed6e84bb8bfe42dc65129bc611f349ac9

SHA512
d1c5816658ab2b9de963e5170738e09581a2d9bdf159cdba38fa5aa84c384ef8d50c857205f0ea3b63b79144d3af350169bcd09ff09664928d7c8498c19a9504

Download Submit
C:\Windows\system\YlxfcUF.exe

Filesize
6.0MB

MD5
94c898f59b4ed8e11ef88fe78eacf966

SHA1
fc5480c4c359ceaa59078637f150111465402bd3

SHA256
794f43b7ecfb40ee8a66a7aaf3481a114f5c7e0aae2203b677e32b9a54be4342

SHA512
a865e8bceabdf395ab86272517600cfe7581ed910cda8bb9b39546e1bef4f2b4075c9be0395ef0070f3528f025f6de2c9aec52801b729fba28d6e23771453ade

Download Submit
C:\Windows\system\ZNQSWQB.exe

Filesize
6.0MB

MD5
e2cd2b226aea53b7bb776495668d78d6

SHA1
4750132f7ff53f40f4cf3d2ecf03fe4b7ef29b0d

SHA256
07e07abf6fc995398e51b6b401c2fbb977b26d726ffe65c6bd35b22df57cb656

SHA512
dcb32393e9eaeeacf3e35e857368e54206c1f21dfeaa2f7749a76a56bde995208210ab420a299a109bac4cdd2dda672c8fbd6d58312b2f4563e88ad545e91c39

Download Submit
C:\Windows\system\ZmkaOnX.exe

Filesize
6.0MB

MD5
ffb84e057a099f873a43469e5d65b7dc

SHA1
cd7a41defd940191b49e6430c4aeeb47c72c31b8

SHA256
4f3ef7e69d8f851a5167f0ebad1f5454d6e3f766043896836935a2efa06eb4b2

SHA512
23bdb75d2e4dda4dc8c146024af7f81d4dc77e48799b4d9914be18d317f6e7fb90048c585f295d4bb7f699824f4102f3e68f9865c471dd0ba589286eabce0e7f

Download Submit
C:\Windows\system\ZvYotzx.exe

Filesize
6.0MB

MD5
4f70dd3adf9d2e28dd747540ea7a3746

SHA1
a380036e56d2e55c525f7ab53be8a29a46d314e2

SHA256
f0673f6c8d8a73e3c109d03913bb11b5eb6958e6ef040a5069ac4ac254f4dc82

SHA512
6f63f4102b481f4cfe67e60562ddb6d5000839f5c2afd1d22973249a970fe137c9a1c11cc3971c60f476466953fb8fcdc01851544da9b377a5df02d5a8a8e633

Download Submit
C:\Windows\system\eSsOqKM.exe

Filesize
6.0MB

MD5
554a899e134eab3e0e0be68f36e0cd1e

SHA1
3386590eb253320d0f48170cfa9ec24e7854ad72

SHA256
76273d0266e35d4e242df2726e6035aa0109eeb0bd7d6e9f8fa237c4c3df3c06

SHA512
dbfca095f9555fcff99e76ebdae206e702f9e035652630be88b57322ad27c925bc5a9bb2001ec2ea746776396fcaf16d39257e019461b3a7e4eda2a2d988ee80

Download Submit
C:\Windows\system\kyTYlNQ.exe

Filesize
6.0MB

MD5
6ecc260368129056c96602fdaf7c9410

SHA1
f69e98f76d2647dd64c2792a0e24ce16a5d6e7d9

SHA256
e705e247c54f2986ef1b52229bd9f48525c67d3417013c71839e4bcf13babf96

SHA512
c42a6bb3c8daff3a967cde5aa2ca63e39f62250079cff383668225fdebfe810ba06908f6f7c6fbc25b40d19d150880f42e444a051246510fb1fb482d55d0251c

Download Submit
C:\Windows\system\mbEvZPN.exe

Filesize
6.0MB

MD5
45a69caa24a69d6925e7abb2c3ba299a

SHA1
5db00c191c35da14e907b33f369b079ff7ffae4b

SHA256
8daf627461f8a0679ec70439381fe197084e066d515e6e80cbba613ea59773ee

SHA512
b854b28a57983dbdc837032904a8c5c1335f9d4c258e699c41a57c8ad01e4c0c601d686286d905df7110b580ff57d8fd32743ef9e91a283f2fae72705f631b40

Download Submit
C:\Windows\system\sXPRuTZ.exe

Filesize
6.0MB

MD5
cb57c538698639bf0b74ed1df86c36ce

SHA1
508eb75bf6b39b0bf2e1804d6ddef5b9a46f3f63

SHA256
7bdbeb88621acb848053caa5877d54e081a84579e7547e5961891b421c0bd89b

SHA512
55d1289a4a0f48d0032ccfa0b162ace58f91f2b3b776c197d4c9a733330cf609ff6dda9149ea0958e756de2a5295df2ac7b2f0db4211f1708a9529c2288d2256

Download Submit
C:\Windows\system\tIRYMzB.exe

Filesize
6.0MB

MD5
9ff326fe54e4293db473fd7dffa0bf55

SHA1
2a18853fd194d35cb0a630bcbf67ff0e2256161e

SHA256
05d3e15a3713a6000b4b9803130406bb69fbb90bd55416cc74e321fba5c7fff8

SHA512
61c4b7fa4fdd211fb489bd77a9c7b36a9eafa8ad015148a0260516ced6ddc387d0c05d4cde294dfb4d0ac9c1022967bbcc0e45e3c6d7b8b5f61a9b41dc8d679e

Download Submit
C:\Windows\system\ujRitSU.exe

Filesize
6.0MB

MD5
c38168bf3e7abb0a85349df8b974278c

SHA1
4fde0d59824e6efaad926cab2117f4618cf105e6

SHA256
35b96aec12f2738a54504c39b36c320928041c20f288a713764e2d363394ae97

SHA512
7533d109d748ef226e2751a43c2d8e667120eca47312499cf2720426204021149f282f569cc0d7e43dd96dda4ffa99a296c58209e7fcc3811d0fb5b7764c8dc5

Download Submit
C:\Windows\system\zpAGXdP.exe

Filesize
8B

MD5
e9b9d4456995fdbb972201645f5a003e

SHA1
59ff4fd3e6e20ca27ef8b8646785eafac866ef42

SHA256
d19e84f60a1ea3dc2bb5a90823bcd7fef5d7421b98e8a8f9f37f8e802bcefd43

SHA512
1b351b45cebf548b5f75bfaad655faf1be5d0d9d42c673cb65feb96286b2181f306f16fc77c1a0892f2591ea6141869f3fa4cdc9da166ca630c2be6b0ad9bd77

Download Submit
\Windows\system\CKeakNZ.exe

Filesize
6.0MB

MD5
fa48c62ff8bf8d92d3cfecb900f740c7

SHA1
596d944f9a1ba6632d4f6ac5f0dffb47d292c24c

SHA256
1c19acb40b8e3b91511cdb83712591821735a227ca1b624a32c9bb7d92a6465e

SHA512
bcb32616288ac1c4c89fbd39fb2ac0c9f33a62293056b627d471710197fa9760e19bc2afffe841dd78d7c099c704ec8b45a8ce5bbcb657f8a5a170185fdba8d4

Download Submit
\Windows\system\GfTVTJY.exe

Filesize
6.0MB

MD5
11c2d7096ede92869c0ee69e14f7b7ac

SHA1
5dcac511be01b3a2704488343b0ba1254800b8eb

SHA256
efdb73311be56b2d1f539d4f46a7b19ebcfb949f06f168c464f668f9956c6634

SHA512
3127dde01ae8eb2ce09811e32cd1c35f0e82793f855ba72647998d425bfb9f21a117b7ac836059501cdf45062c296f33a8fe960408d248cf7964cd208574b0ee

Download Submit
\Windows\system\ehQDBlH.exe

Filesize
6.0MB

MD5
947c05504dfb34f2bd83a4e05fabcc4d

SHA1
d801de457ff095f6f288754f4dc83148440b2ab3

SHA256
86fa8733cec79eb2998b8edc8db1c8d585236764b6c75ecd2f8618ccb3d47b95

SHA512
693d5fb8772bde9f9974627ba83e5efcd7c290c7ff4b94bc928d46f33e69048d6ff2f620dae3df0d79e3744e2b1e8d25dd56cd1cd9a73e8c28fa39dd4362a98a

Download Submit
\Windows\system\jIDKJVB.exe

Filesize
6.0MB

MD5
a3ad9d63886085b77d7913fdd9ce071f

SHA1
f02f380b8ac7888251c2411a42c086c6f5798bd9

SHA256
fe957359045e53c81cd7a0a6c093e1e3024a202c1c52ab48d814c805b695f102

SHA512
ae7d49a9b5b5383d658bae9cd3fc9932780e57ad908e3fb1a73c6ffab7328d9e9587edc719d0b2fed7fa8ada73fa33e99515011d42981fba4cb8d8cdd6ed6069

Download Submit
\Windows\system\qFoulgn.exe

Filesize
6.0MB

MD5
d304ba5169a8f8bf1a4edf65cdc51ad2

SHA1
81dd38fe8a979d7e7b5c345e9b679b5d171bedbf

SHA256
f4ef044d36b69ff01bdc1fc3a0fc0600bdd05d13b693a4d975fcef86a27aaebe

SHA512
2b638053a7c89ca9a4d1deac5cf9d19be6c3dff22f87425c3ecfb89b3c65f8cde9e27cf0037fb169104a1c675d737c2572ff09097254f863fe8ec83182f216e2

Download Submit
memory/560-51-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/560-3563-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/1084-3819-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1084-58-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-68-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1916-38-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1916-4721-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2084-3825-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2084-72-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2120-3550-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1325-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2120-90-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2140-40-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2140-3847-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2152-3568-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2152-65-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3850-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-47-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-78-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2596-470-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3565-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2676-83-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2676-654-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2676-3821-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2712-64-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3089-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2712-35-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3082-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-27-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-54-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-741-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2816-93-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2816-15-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2816-33-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2816-19-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2816-31-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2816-55-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1417-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2816-0-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-61-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2816-563-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2816-69-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2816-80-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2816-86-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-87-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2816-42-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-94-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2816-246-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2864-3086-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2864-32-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/3000-3073-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/3000-11-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/3000-46-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download