cobaltstrike | 9cc0801dd0963c0bfb159078237910d75a72fa40fee8ae81636e7f971fd6008f

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
30-01-2025 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

74d976b92d9c8b9c8bc579460d3b3b78
SHA1

43fb60d16a042dc7edde862d9c8a3d8ed96c769f
SHA256

9cc0801dd0963c0bfb159078237910d75a72fa40fee8ae81636e7f971fd6008f
SHA512

b8c0af75e1252c92a5ebe107b9881c36cc3a84fd090cd214880c980bd1f8004a64a61c69a860f1f1ef08cd024d68dd6869d6d07e7159b1d1495e1e106d2a40e0
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU+:T+q56utgpPF8u/7+

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001225f-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015fe0-7.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000161fb-14.dat	cobalt_reflective_dll
behavioral1/files/0x000a0000000163b8-18.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001653a-25.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001678f-27.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000169f5-34.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d71-45.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016e1d-49.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017355-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018634-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ad-153.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019080-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018741-135.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d66-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001919c-149.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017520-120.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017447-110.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001907c-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018636-134.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018617-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017467-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017429-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017420-100.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173ab-95.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173a3-90.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739f-85.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017349-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017342-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f45-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d5a-41.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016be6-37.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000164b1-22.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 43 IoCs

miner

resource	yara_rule
behavioral1/memory/2388-0-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/files/0x000c00000001225f-3.dat	xmrig
behavioral1/files/0x0008000000015fe0-7.dat	xmrig
behavioral1/files/0x00080000000161fb-14.dat	xmrig
behavioral1/files/0x000a0000000163b8-18.dat	xmrig
behavioral1/files/0x000700000001653a-25.dat	xmrig
behavioral1/files/0x000700000001678f-27.dat	xmrig
behavioral1/files/0x00080000000169f5-34.dat	xmrig
behavioral1/files/0x0006000000016d71-45.dat	xmrig
behavioral1/files/0x0006000000016e1d-49.dat	xmrig
behavioral1/files/0x0006000000017355-80.dat	xmrig
behavioral1/files/0x0005000000018634-150.dat	xmrig
behavioral1/memory/2680-2215-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2108-2330-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2884-2372-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2388-2375-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2356-2272-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x00050000000191ad-153.dat	xmrig
behavioral1/files/0x0006000000019080-144.dat	xmrig
behavioral1/files/0x0005000000018741-135.dat	xmrig
behavioral1/files/0x0009000000015d66-159.dat	xmrig
behavioral1/files/0x000500000001919c-149.dat	xmrig
behavioral1/files/0x0006000000017520-120.dat	xmrig
behavioral1/files/0x0006000000017447-110.dat	xmrig
behavioral1/files/0x000600000001907c-140.dat	xmrig
behavioral1/files/0x0005000000018636-134.dat	xmrig
behavioral1/files/0x0009000000018617-125.dat	xmrig
behavioral1/files/0x0006000000017467-115.dat	xmrig
behavioral1/files/0x0006000000017429-105.dat	xmrig
behavioral1/files/0x0006000000017420-100.dat	xmrig
behavioral1/files/0x00060000000173ab-95.dat	xmrig
behavioral1/files/0x00060000000173a3-90.dat	xmrig
behavioral1/files/0x000600000001739f-85.dat	xmrig
behavioral1/files/0x0006000000017349-75.dat	xmrig
behavioral1/files/0x0006000000017342-70.dat	xmrig
behavioral1/files/0x0006000000016f45-65.dat	xmrig
behavioral1/files/0x0006000000016d5a-41.dat	xmrig
behavioral1/files/0x0008000000016be6-37.dat	xmrig
behavioral1/files/0x00070000000164b1-22.dat	xmrig
behavioral1/memory/2388-2879-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2356-3839-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2680-3840-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2108-3843-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1616	QnGucSR.exe
2680	eDzRXdZ.exe
2356	CrFiELZ.exe
2108	VfByCJU.exe
2884	nSjcLNo.exe
2124	QcmMQdu.exe
2292	yYBEDDW.exe
2704	wnZKtxR.exe
2812	LtsKbev.exe
2836	QzhwxFL.exe
1204	zdolScK.exe
2716	AIonYcm.exe
2736	gjMehLA.exe
1564	HtoihmU.exe
2620	GVBrqoB.exe
2720	hxxeJqx.exe
2440	HiqfXbf.exe
2024	aGdSZzf.exe
1536	rGwCBqa.exe
2996	nTrWjuG.exe
2976	hEPjdER.exe
2944	xzKnAJD.exe
2932	SXsLsms.exe
1120	rjfbZXq.exe
1444	nJCuxzW.exe
480	RWZKaZd.exe
1356	XWPahmT.exe
1012	OoaHcwN.exe
3040	WPwkwos.exe
596	FnurtDz.exe
2640	UojqwfC.exe
2560	VUblQNc.exe
2224	ibuNHIH.exe
1228	mrXbvhw.exe
1716	ZcQRhgn.exe
1608	smWPHKJ.exe
1292	NPZYjtN.exe
1932	krxAnUw.exe
236	SXzKKPE.exe
1828	CHZSXXy.exe
1632	yCDUrFW.exe
1696	FmgFqvd.exe
908	LrllDui.exe
2152	Opnvaui.exe
1316	zyUSpJU.exe
2344	qIZxWUc.exe
2488	MjTwMoj.exe
1668	pANjBMU.exe
980	ZHLRjlp.exe
556	DPOwXzR.exe
2428	KojChDD.exe
1972	oFBtXzA.exe
1036	zYyfAEG.exe
1732	fQaHCZl.exe
2476	gpIEFeD.exe
1512	UVkayCj.exe
2340	ScoCtgR.exe
340	QbuAXJj.exe
872	HVsJwxn.exe
2172	hjNDeqR.exe
2796	hKPNdFW.exe
2608	WKeeQHt.exe
2872	tsadRdP.exe
772	sZaDwHi.exe

Loads dropped DLL 64 IoCs

pid	Process
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 42 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2388-0-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/files/0x000c00000001225f-3.dat	upx
behavioral1/files/0x0008000000015fe0-7.dat	upx
behavioral1/files/0x00080000000161fb-14.dat	upx
behavioral1/files/0x000a0000000163b8-18.dat	upx
behavioral1/files/0x000700000001653a-25.dat	upx
behavioral1/files/0x000700000001678f-27.dat	upx
behavioral1/files/0x00080000000169f5-34.dat	upx
behavioral1/files/0x0006000000016d71-45.dat	upx
behavioral1/files/0x0006000000016e1d-49.dat	upx
behavioral1/files/0x0006000000017355-80.dat	upx
behavioral1/files/0x0005000000018634-150.dat	upx
behavioral1/memory/2680-2215-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2108-2330-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2884-2372-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2356-2272-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x00050000000191ad-153.dat	upx
behavioral1/files/0x0006000000019080-144.dat	upx
behavioral1/files/0x0005000000018741-135.dat	upx
behavioral1/files/0x0009000000015d66-159.dat	upx
behavioral1/files/0x000500000001919c-149.dat	upx
behavioral1/files/0x0006000000017520-120.dat	upx
behavioral1/files/0x0006000000017447-110.dat	upx
behavioral1/files/0x000600000001907c-140.dat	upx
behavioral1/files/0x0005000000018636-134.dat	upx
behavioral1/files/0x0009000000018617-125.dat	upx
behavioral1/files/0x0006000000017467-115.dat	upx
behavioral1/files/0x0006000000017429-105.dat	upx
behavioral1/files/0x0006000000017420-100.dat	upx
behavioral1/files/0x00060000000173ab-95.dat	upx
behavioral1/files/0x00060000000173a3-90.dat	upx
behavioral1/files/0x000600000001739f-85.dat	upx
behavioral1/files/0x0006000000017349-75.dat	upx
behavioral1/files/0x0006000000017342-70.dat	upx
behavioral1/files/0x0006000000016f45-65.dat	upx
behavioral1/files/0x0006000000016d5a-41.dat	upx
behavioral1/files/0x0008000000016be6-37.dat	upx
behavioral1/files/0x00070000000164b1-22.dat	upx
behavioral1/memory/2388-2879-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2356-3839-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2680-3840-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2108-3843-0x000000013F540000-0x000000013F894000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gORGgBa.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UbKVaNJ.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pSBWDFq.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KkDwtqw.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\swmeaqr.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FjhnowO.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\grVEOCd.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DsaargJ.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HiPYJmx.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LFzcLtM.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kcDHfMw.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zyYbUBG.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ItpHNIy.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RHEeahm.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hzhGAep.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jaxoaGW.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wPDMMQQ.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ocjzlnv.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gbOuWAU.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RRuIhKM.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BJWosGQ.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nNpydwG.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\avyYoBA.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nzcVbzH.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eFlnSFw.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KojChDD.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xlkjXMj.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aEmvEip.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ynuQDwE.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\paZpxGF.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oXppJba.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wKrlhfk.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WEgqHQC.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GMmoDGz.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqQxuya.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tvtowiF.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QcqzmKE.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EJHDaSV.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GdEKofc.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZyZjHj.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DlLyhRW.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uOtrNPL.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oFBtXzA.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oikYRsc.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PNNOBqM.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hnlQanq.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YPESOXj.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FZMicpf.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fcWlvjg.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rQSmofF.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CwrkkLj.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UsooRKE.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\afRkgKw.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GVBrqoB.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aGdSZzf.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHLRjlp.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pXrHyFF.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pmJroqQ.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uDzkxyl.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LmfKVYf.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mSRGYao.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GbUjJRu.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xzKnAJD.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OuIIhJQ.exe	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 1616	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2388 wrote to memory of 1616	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2388 wrote to memory of 1616	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2388 wrote to memory of 2680	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2388 wrote to memory of 2680	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2388 wrote to memory of 2680	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2388 wrote to memory of 2356	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2388 wrote to memory of 2356	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2388 wrote to memory of 2356	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2388 wrote to memory of 2108	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2388 wrote to memory of 2108	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2388 wrote to memory of 2108	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2388 wrote to memory of 2884	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2388 wrote to memory of 2884	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2388 wrote to memory of 2884	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2388 wrote to memory of 2124	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2388 wrote to memory of 2124	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2388 wrote to memory of 2124	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2388 wrote to memory of 2292	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2388 wrote to memory of 2292	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2388 wrote to memory of 2292	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2388 wrote to memory of 2704	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2388 wrote to memory of 2704	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2388 wrote to memory of 2704	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2388 wrote to memory of 2812	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2388 wrote to memory of 2812	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2388 wrote to memory of 2812	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2388 wrote to memory of 2836	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2388 wrote to memory of 2836	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2388 wrote to memory of 2836	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2388 wrote to memory of 1204	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2388 wrote to memory of 1204	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2388 wrote to memory of 1204	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2388 wrote to memory of 2716	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2388 wrote to memory of 2716	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2388 wrote to memory of 2716	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2388 wrote to memory of 2736	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2388 wrote to memory of 2736	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2388 wrote to memory of 2736	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2388 wrote to memory of 1564	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2388 wrote to memory of 1564	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2388 wrote to memory of 1564	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2388 wrote to memory of 2620	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2388 wrote to memory of 2620	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2388 wrote to memory of 2620	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2388 wrote to memory of 2720	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2388 wrote to memory of 2720	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2388 wrote to memory of 2720	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2388 wrote to memory of 2440	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2388 wrote to memory of 2440	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2388 wrote to memory of 2440	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2388 wrote to memory of 2024	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2388 wrote to memory of 2024	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2388 wrote to memory of 2024	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2388 wrote to memory of 1536	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2388 wrote to memory of 1536	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2388 wrote to memory of 1536	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2388 wrote to memory of 2996	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2388 wrote to memory of 2996	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2388 wrote to memory of 2996	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2388 wrote to memory of 2976	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2388 wrote to memory of 2976	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2388 wrote to memory of 2976	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2388 wrote to memory of 2944	2388	2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-30_74d976b92d9c8b9c8bc579460d3b3b78_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\System\QnGucSR.exe
  C:\Windows\System\QnGucSR.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\eDzRXdZ.exe
  C:\Windows\System\eDzRXdZ.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\CrFiELZ.exe
  C:\Windows\System\CrFiELZ.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\VfByCJU.exe
  C:\Windows\System\VfByCJU.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\nSjcLNo.exe
  C:\Windows\System\nSjcLNo.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\QcmMQdu.exe
  C:\Windows\System\QcmMQdu.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\yYBEDDW.exe
  C:\Windows\System\yYBEDDW.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\wnZKtxR.exe
  C:\Windows\System\wnZKtxR.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\LtsKbev.exe
  C:\Windows\System\LtsKbev.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\QzhwxFL.exe
  C:\Windows\System\QzhwxFL.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\zdolScK.exe
  C:\Windows\System\zdolScK.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\AIonYcm.exe
  C:\Windows\System\AIonYcm.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\gjMehLA.exe
  C:\Windows\System\gjMehLA.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\HtoihmU.exe
  C:\Windows\System\HtoihmU.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\GVBrqoB.exe
  C:\Windows\System\GVBrqoB.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\hxxeJqx.exe
  C:\Windows\System\hxxeJqx.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\HiqfXbf.exe
  C:\Windows\System\HiqfXbf.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\aGdSZzf.exe
  C:\Windows\System\aGdSZzf.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\rGwCBqa.exe
  C:\Windows\System\rGwCBqa.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\nTrWjuG.exe
  C:\Windows\System\nTrWjuG.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\hEPjdER.exe
  C:\Windows\System\hEPjdER.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\xzKnAJD.exe
  C:\Windows\System\xzKnAJD.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\SXsLsms.exe
  C:\Windows\System\SXsLsms.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\rjfbZXq.exe
  C:\Windows\System\rjfbZXq.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\nJCuxzW.exe
  C:\Windows\System\nJCuxzW.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\WPwkwos.exe
  C:\Windows\System\WPwkwos.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\RWZKaZd.exe
  C:\Windows\System\RWZKaZd.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\UojqwfC.exe
  C:\Windows\System\UojqwfC.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\XWPahmT.exe
  C:\Windows\System\XWPahmT.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\VUblQNc.exe
  C:\Windows\System\VUblQNc.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\OoaHcwN.exe
  C:\Windows\System\OoaHcwN.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\ibuNHIH.exe
  C:\Windows\System\ibuNHIH.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\FnurtDz.exe
  C:\Windows\System\FnurtDz.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\ZcQRhgn.exe
  C:\Windows\System\ZcQRhgn.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\mrXbvhw.exe
  C:\Windows\System\mrXbvhw.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\NPZYjtN.exe
  C:\Windows\System\NPZYjtN.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\smWPHKJ.exe
  C:\Windows\System\smWPHKJ.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\krxAnUw.exe
  C:\Windows\System\krxAnUw.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\SXzKKPE.exe
  C:\Windows\System\SXzKKPE.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\CHZSXXy.exe
  C:\Windows\System\CHZSXXy.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\yCDUrFW.exe
  C:\Windows\System\yCDUrFW.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\FmgFqvd.exe
  C:\Windows\System\FmgFqvd.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\LrllDui.exe
  C:\Windows\System\LrllDui.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\Opnvaui.exe
  C:\Windows\System\Opnvaui.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\zyUSpJU.exe
  C:\Windows\System\zyUSpJU.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\qIZxWUc.exe
  C:\Windows\System\qIZxWUc.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\MjTwMoj.exe
  C:\Windows\System\MjTwMoj.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\pANjBMU.exe
  C:\Windows\System\pANjBMU.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\ZHLRjlp.exe
  C:\Windows\System\ZHLRjlp.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\DPOwXzR.exe
  C:\Windows\System\DPOwXzR.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\KojChDD.exe
  C:\Windows\System\KojChDD.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\oFBtXzA.exe
  C:\Windows\System\oFBtXzA.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\zYyfAEG.exe
  C:\Windows\System\zYyfAEG.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\fQaHCZl.exe
  C:\Windows\System\fQaHCZl.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\gpIEFeD.exe
  C:\Windows\System\gpIEFeD.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\UVkayCj.exe
  C:\Windows\System\UVkayCj.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\ScoCtgR.exe
  C:\Windows\System\ScoCtgR.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\QbuAXJj.exe
  C:\Windows\System\QbuAXJj.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\HVsJwxn.exe
  C:\Windows\System\HVsJwxn.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\hjNDeqR.exe
  C:\Windows\System\hjNDeqR.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\hKPNdFW.exe
  C:\Windows\System\hKPNdFW.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\WKeeQHt.exe
  C:\Windows\System\WKeeQHt.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\tsadRdP.exe
  C:\Windows\System\tsadRdP.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\ohWuKeq.exe
  C:\Windows\System\ohWuKeq.exe
  2⤵
  PID:2928
- C:\Windows\System\sZaDwHi.exe
  C:\Windows\System\sZaDwHi.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\FzXyPqh.exe
  C:\Windows\System\FzXyPqh.exe
  2⤵
  PID:2616
- C:\Windows\System\DbySeLg.exe
  C:\Windows\System\DbySeLg.exe
  2⤵
  PID:1224
- C:\Windows\System\oikYRsc.exe
  C:\Windows\System\oikYRsc.exe
  2⤵
  PID:2372
- C:\Windows\System\UBxceSF.exe
  C:\Windows\System\UBxceSF.exe
  2⤵
  PID:2824
- C:\Windows\System\sJMOEKt.exe
  C:\Windows\System\sJMOEKt.exe
  2⤵
  PID:1432
- C:\Windows\System\FnkJEaq.exe
  C:\Windows\System\FnkJEaq.exe
  2⤵
  PID:1956
- C:\Windows\System\ogtarTu.exe
  C:\Windows\System\ogtarTu.exe
  2⤵
  PID:3008
- C:\Windows\System\WMSuRAN.exe
  C:\Windows\System\WMSuRAN.exe
  2⤵
  PID:2924
- C:\Windows\System\IQadrnj.exe
  C:\Windows\System\IQadrnj.exe
  2⤵
  PID:2660
- C:\Windows\System\EjGGunZ.exe
  C:\Windows\System\EjGGunZ.exe
  2⤵
  PID:3064
- C:\Windows\System\ullswiK.exe
  C:\Windows\System\ullswiK.exe
  2⤵
  PID:1996
- C:\Windows\System\QgmMhKY.exe
  C:\Windows\System\QgmMhKY.exe
  2⤵
  PID:404
- C:\Windows\System\mHXaCuL.exe
  C:\Windows\System\mHXaCuL.exe
  2⤵
  PID:1244
- C:\Windows\System\WOAhmaQ.exe
  C:\Windows\System\WOAhmaQ.exe
  2⤵
  PID:1880
- C:\Windows\System\MPEvOkF.exe
  C:\Windows\System\MPEvOkF.exe
  2⤵
  PID:2464
- C:\Windows\System\vtunysD.exe
  C:\Windows\System\vtunysD.exe
  2⤵
  PID:2260
- C:\Windows\System\vagrGRs.exe
  C:\Windows\System\vagrGRs.exe
  2⤵
  PID:832
- C:\Windows\System\AMiXKSF.exe
  C:\Windows\System\AMiXKSF.exe
  2⤵
  PID:564
- C:\Windows\System\PUJJjfq.exe
  C:\Windows\System\PUJJjfq.exe
  2⤵
  PID:2284
- C:\Windows\System\TzLisZz.exe
  C:\Windows\System\TzLisZz.exe
  2⤵
  PID:1396
- C:\Windows\System\Vdckbuw.exe
  C:\Windows\System\Vdckbuw.exe
  2⤵
  PID:268
- C:\Windows\System\qbkIJSU.exe
  C:\Windows\System\qbkIJSU.exe
  2⤵
  PID:2184
- C:\Windows\System\yBafPth.exe
  C:\Windows\System\yBafPth.exe
  2⤵
  PID:2456
- C:\Windows\System\QNdeWXE.exe
  C:\Windows\System\QNdeWXE.exe
  2⤵
  PID:1528
- C:\Windows\System\CFVeYNe.exe
  C:\Windows\System\CFVeYNe.exe
  2⤵
  PID:2168
- C:\Windows\System\WBuIcCi.exe
  C:\Windows\System\WBuIcCi.exe
  2⤵
  PID:1612
- C:\Windows\System\SOsUPWK.exe
  C:\Windows\System\SOsUPWK.exe
  2⤵
  PID:1524
- C:\Windows\System\iUfHqRA.exe
  C:\Windows\System\iUfHqRA.exe
  2⤵
  PID:2280
- C:\Windows\System\hKzFwDT.exe
  C:\Windows\System\hKzFwDT.exe
  2⤵
  PID:2756
- C:\Windows\System\eWpUHKL.exe
  C:\Windows\System\eWpUHKL.exe
  2⤵
  PID:2912
- C:\Windows\System\WgupYnT.exe
  C:\Windows\System\WgupYnT.exe
  2⤵
  PID:2644
- C:\Windows\System\jLxZpbk.exe
  C:\Windows\System\jLxZpbk.exe
  2⤵
  PID:2636
- C:\Windows\System\raILBNv.exe
  C:\Windows\System\raILBNv.exe
  2⤵
  PID:2828
- C:\Windows\System\OuIIhJQ.exe
  C:\Windows\System\OuIIhJQ.exe
  2⤵
  PID:1940
- C:\Windows\System\xAOeFuc.exe
  C:\Windows\System\xAOeFuc.exe
  2⤵
  PID:2936
- C:\Windows\System\abuPMRx.exe
  C:\Windows\System\abuPMRx.exe
  2⤵
  PID:2316
- C:\Windows\System\urmePDD.exe
  C:\Windows\System\urmePDD.exe
  2⤵
  PID:2060
- C:\Windows\System\BWfZYPp.exe
  C:\Windows\System\BWfZYPp.exe
  2⤵
  PID:1172
- C:\Windows\System\qDdokhd.exe
  C:\Windows\System\qDdokhd.exe
  2⤵
  PID:664
- C:\Windows\System\SCOyZbr.exe
  C:\Windows\System\SCOyZbr.exe
  2⤵
  PID:1652
- C:\Windows\System\iTzaWIs.exe
  C:\Windows\System\iTzaWIs.exe
  2⤵
  PID:1640
- C:\Windows\System\xygNhLc.exe
  C:\Windows\System\xygNhLc.exe
  2⤵
  PID:752
- C:\Windows\System\zikXfAk.exe
  C:\Windows\System\zikXfAk.exe
  2⤵
  PID:2080
- C:\Windows\System\nqdIprh.exe
  C:\Windows\System\nqdIprh.exe
  2⤵
  PID:2112
- C:\Windows\System\BZtroBd.exe
  C:\Windows\System\BZtroBd.exe
  2⤵
  PID:2252
- C:\Windows\System\WLFygBa.exe
  C:\Windows\System\WLFygBa.exe
  2⤵
  PID:1420
- C:\Windows\System\ZKmTopG.exe
  C:\Windows\System\ZKmTopG.exe
  2⤵
  PID:3080
- C:\Windows\System\fXTmVtB.exe
  C:\Windows\System\fXTmVtB.exe
  2⤵
  PID:3100
- C:\Windows\System\gORGgBa.exe
  C:\Windows\System\gORGgBa.exe
  2⤵
  PID:3120
- C:\Windows\System\mVUpaqq.exe
  C:\Windows\System\mVUpaqq.exe
  2⤵
  PID:3140
- C:\Windows\System\LjZIXLc.exe
  C:\Windows\System\LjZIXLc.exe
  2⤵
  PID:3160
- C:\Windows\System\yDzRZry.exe
  C:\Windows\System\yDzRZry.exe
  2⤵
  PID:3180
- C:\Windows\System\FLwdYYT.exe
  C:\Windows\System\FLwdYYT.exe
  2⤵
  PID:3200
- C:\Windows\System\bdpzfjY.exe
  C:\Windows\System\bdpzfjY.exe
  2⤵
  PID:3220
- C:\Windows\System\xZmDclb.exe
  C:\Windows\System\xZmDclb.exe
  2⤵
  PID:3240
- C:\Windows\System\PIxgvYF.exe
  C:\Windows\System\PIxgvYF.exe
  2⤵
  PID:3260
- C:\Windows\System\JxNWNLg.exe
  C:\Windows\System\JxNWNLg.exe
  2⤵
  PID:3280
- C:\Windows\System\RaLbsgD.exe
  C:\Windows\System\RaLbsgD.exe
  2⤵
  PID:3300
- C:\Windows\System\IYPvTdG.exe
  C:\Windows\System\IYPvTdG.exe
  2⤵
  PID:3320
- C:\Windows\System\DOLDKEF.exe
  C:\Windows\System\DOLDKEF.exe
  2⤵
  PID:3340
- C:\Windows\System\eInsVZt.exe
  C:\Windows\System\eInsVZt.exe
  2⤵
  PID:3360
- C:\Windows\System\XHsGKix.exe
  C:\Windows\System\XHsGKix.exe
  2⤵
  PID:3380
- C:\Windows\System\tTktdOo.exe
  C:\Windows\System\tTktdOo.exe
  2⤵
  PID:3400
- C:\Windows\System\kEnVTOH.exe
  C:\Windows\System\kEnVTOH.exe
  2⤵
  PID:3420
- C:\Windows\System\Khayfve.exe
  C:\Windows\System\Khayfve.exe
  2⤵
  PID:3440
- C:\Windows\System\uUvcwTh.exe
  C:\Windows\System\uUvcwTh.exe
  2⤵
  PID:3460
- C:\Windows\System\WEgqHQC.exe
  C:\Windows\System\WEgqHQC.exe
  2⤵
  PID:3480
- C:\Windows\System\vKDTWXI.exe
  C:\Windows\System\vKDTWXI.exe
  2⤵
  PID:3500
- C:\Windows\System\oHjBLrG.exe
  C:\Windows\System\oHjBLrG.exe
  2⤵
  PID:3520
- C:\Windows\System\bKMzYSN.exe
  C:\Windows\System\bKMzYSN.exe
  2⤵
  PID:3540
- C:\Windows\System\XvkuAZh.exe
  C:\Windows\System\XvkuAZh.exe
  2⤵
  PID:3560
- C:\Windows\System\qrCWdPj.exe
  C:\Windows\System\qrCWdPj.exe
  2⤵
  PID:3580
- C:\Windows\System\WajSSpx.exe
  C:\Windows\System\WajSSpx.exe
  2⤵
  PID:3600
- C:\Windows\System\cLTWiye.exe
  C:\Windows\System\cLTWiye.exe
  2⤵
  PID:3620
- C:\Windows\System\fmCmLoe.exe
  C:\Windows\System\fmCmLoe.exe
  2⤵
  PID:3640
- C:\Windows\System\rrfIlMy.exe
  C:\Windows\System\rrfIlMy.exe
  2⤵
  PID:3660
- C:\Windows\System\RwriIAV.exe
  C:\Windows\System\RwriIAV.exe
  2⤵
  PID:3680
- C:\Windows\System\zUUXhJD.exe
  C:\Windows\System\zUUXhJD.exe
  2⤵
  PID:3700
- C:\Windows\System\dKGvLnR.exe
  C:\Windows\System\dKGvLnR.exe
  2⤵
  PID:3720
- C:\Windows\System\bXQoTbr.exe
  C:\Windows\System\bXQoTbr.exe
  2⤵
  PID:3740
- C:\Windows\System\jUCmcrL.exe
  C:\Windows\System\jUCmcrL.exe
  2⤵
  PID:3760
- C:\Windows\System\YEervNJ.exe
  C:\Windows\System\YEervNJ.exe
  2⤵
  PID:3780
- C:\Windows\System\nMzMeNC.exe
  C:\Windows\System\nMzMeNC.exe
  2⤵
  PID:3800
- C:\Windows\System\woaUbqS.exe
  C:\Windows\System\woaUbqS.exe
  2⤵
  PID:3820
- C:\Windows\System\SuAeFUh.exe
  C:\Windows\System\SuAeFUh.exe
  2⤵
  PID:3840
- C:\Windows\System\xrWWQIv.exe
  C:\Windows\System\xrWWQIv.exe
  2⤵
  PID:3860
- C:\Windows\System\XgwWNUx.exe
  C:\Windows\System\XgwWNUx.exe
  2⤵
  PID:3880
- C:\Windows\System\IBeTBEa.exe
  C:\Windows\System\IBeTBEa.exe
  2⤵
  PID:3900
- C:\Windows\System\ItpHNIy.exe
  C:\Windows\System\ItpHNIy.exe
  2⤵
  PID:3920
- C:\Windows\System\tzCZWDw.exe
  C:\Windows\System\tzCZWDw.exe
  2⤵
  PID:3940
- C:\Windows\System\tXnOpOV.exe
  C:\Windows\System\tXnOpOV.exe
  2⤵
  PID:3960
- C:\Windows\System\InXLcVY.exe
  C:\Windows\System\InXLcVY.exe
  2⤵
  PID:3980
- C:\Windows\System\ZEpBWCI.exe
  C:\Windows\System\ZEpBWCI.exe
  2⤵
  PID:4000
- C:\Windows\System\nvqJYWY.exe
  C:\Windows\System\nvqJYWY.exe
  2⤵
  PID:4020
- C:\Windows\System\ZXiHtlg.exe
  C:\Windows\System\ZXiHtlg.exe
  2⤵
  PID:4040
- C:\Windows\System\BbFLncU.exe
  C:\Windows\System\BbFLncU.exe
  2⤵
  PID:4060
- C:\Windows\System\HiPYJmx.exe
  C:\Windows\System\HiPYJmx.exe
  2⤵
  PID:4080
- C:\Windows\System\gSffrFx.exe
  C:\Windows\System\gSffrFx.exe
  2⤵
  PID:1840
- C:\Windows\System\aEdImta.exe
  C:\Windows\System\aEdImta.exe
  2⤵
  PID:1544
- C:\Windows\System\mMEFuQD.exe
  C:\Windows\System\mMEFuQD.exe
  2⤵
  PID:2752
- C:\Windows\System\gCEKQLs.exe
  C:\Windows\System\gCEKQLs.exe
  2⤵
  PID:2604
- C:\Windows\System\fUgFwMG.exe
  C:\Windows\System\fUgFwMG.exe
  2⤵
  PID:1960
- C:\Windows\System\jkDoaCM.exe
  C:\Windows\System\jkDoaCM.exe
  2⤵
  PID:1984
- C:\Windows\System\mYeBSIy.exe
  C:\Windows\System\mYeBSIy.exe
  2⤵
  PID:2004
- C:\Windows\System\duRlXTI.exe
  C:\Windows\System\duRlXTI.exe
  2⤵
  PID:1280
- C:\Windows\System\eOKJTAj.exe
  C:\Windows\System\eOKJTAj.exe
  2⤵
  PID:956
- C:\Windows\System\tjWfLPN.exe
  C:\Windows\System\tjWfLPN.exe
  2⤵
  PID:1468
- C:\Windows\System\YTCqtZD.exe
  C:\Windows\System\YTCqtZD.exe
  2⤵
  PID:2064
- C:\Windows\System\IauJoEF.exe
  C:\Windows\System\IauJoEF.exe
  2⤵
  PID:2492
- C:\Windows\System\UyMclrb.exe
  C:\Windows\System\UyMclrb.exe
  2⤵
  PID:2052
- C:\Windows\System\jCpWodq.exe
  C:\Windows\System\jCpWodq.exe
  2⤵
  PID:3092
- C:\Windows\System\ZLPLFDc.exe
  C:\Windows\System\ZLPLFDc.exe
  2⤵
  PID:3156
- C:\Windows\System\zDibhSx.exe
  C:\Windows\System\zDibhSx.exe
  2⤵
  PID:3168
- C:\Windows\System\hAdefFi.exe
  C:\Windows\System\hAdefFi.exe
  2⤵
  PID:3192
- C:\Windows\System\xGuvYdf.exe
  C:\Windows\System\xGuvYdf.exe
  2⤵
  PID:3236
- C:\Windows\System\wtEyrJI.exe
  C:\Windows\System\wtEyrJI.exe
  2⤵
  PID:3252
- C:\Windows\System\XSGoISr.exe
  C:\Windows\System\XSGoISr.exe
  2⤵
  PID:3296
- C:\Windows\System\LFzcLtM.exe
  C:\Windows\System\LFzcLtM.exe
  2⤵
  PID:3336
- C:\Windows\System\djUwuTg.exe
  C:\Windows\System\djUwuTg.exe
  2⤵
  PID:3368
- C:\Windows\System\gYavseE.exe
  C:\Windows\System\gYavseE.exe
  2⤵
  PID:3392
- C:\Windows\System\Yuiqwxv.exe
  C:\Windows\System\Yuiqwxv.exe
  2⤵
  PID:3412
- C:\Windows\System\FUVvUiA.exe
  C:\Windows\System\FUVvUiA.exe
  2⤵
  PID:3468
- C:\Windows\System\emOvqGT.exe
  C:\Windows\System\emOvqGT.exe
  2⤵
  PID:3492
- C:\Windows\System\QoWArzB.exe
  C:\Windows\System\QoWArzB.exe
  2⤵
  PID:3536
- C:\Windows\System\CKRboxk.exe
  C:\Windows\System\CKRboxk.exe
  2⤵
  PID:3568
- C:\Windows\System\pXrHyFF.exe
  C:\Windows\System\pXrHyFF.exe
  2⤵
  PID:3592
- C:\Windows\System\pmJroqQ.exe
  C:\Windows\System\pmJroqQ.exe
  2⤵
  PID:3636
- C:\Windows\System\MeKnUyz.exe
  C:\Windows\System\MeKnUyz.exe
  2⤵
  PID:3652
- C:\Windows\System\GYRJsoE.exe
  C:\Windows\System\GYRJsoE.exe
  2⤵
  PID:3692
- C:\Windows\System\bPKxeLW.exe
  C:\Windows\System\bPKxeLW.exe
  2⤵
  PID:3732
- C:\Windows\System\gydETyE.exe
  C:\Windows\System\gydETyE.exe
  2⤵
  PID:3768
- C:\Windows\System\ZBntZzw.exe
  C:\Windows\System\ZBntZzw.exe
  2⤵
  PID:3772
- C:\Windows\System\gEwYDHI.exe
  C:\Windows\System\gEwYDHI.exe
  2⤵
  PID:3836
- C:\Windows\System\OsVZJEn.exe
  C:\Windows\System\OsVZJEn.exe
  2⤵
  PID:3852
- C:\Windows\System\nLvcFOB.exe
  C:\Windows\System\nLvcFOB.exe
  2⤵
  PID:3916
- C:\Windows\System\eSOnOcI.exe
  C:\Windows\System\eSOnOcI.exe
  2⤵
  PID:3928
- C:\Windows\System\veCJQrb.exe
  C:\Windows\System\veCJQrb.exe
  2⤵
  PID:3952
- C:\Windows\System\xgKxWUL.exe
  C:\Windows\System\xgKxWUL.exe
  2⤵
  PID:3996
- C:\Windows\System\deckrZg.exe
  C:\Windows\System\deckrZg.exe
  2⤵
  PID:4032
- C:\Windows\System\orPjBCp.exe
  C:\Windows\System\orPjBCp.exe
  2⤵
  PID:4068
- C:\Windows\System\gkNfNkP.exe
  C:\Windows\System\gkNfNkP.exe
  2⤵
  PID:1836
- C:\Windows\System\PNNOBqM.exe
  C:\Windows\System\PNNOBqM.exe
  2⤵
  PID:2860
- C:\Windows\System\IrztRgf.exe
  C:\Windows\System\IrztRgf.exe
  2⤵
  PID:2624
- C:\Windows\System\glDSfgt.exe
  C:\Windows\System\glDSfgt.exe
  2⤵
  PID:2236
- C:\Windows\System\pjLwRMC.exe
  C:\Windows\System\pjLwRMC.exe
  2⤵
  PID:884
- C:\Windows\System\elLhtrZ.exe
  C:\Windows\System\elLhtrZ.exe
  2⤵
  PID:292
- C:\Windows\System\QcqzmKE.exe
  C:\Windows\System\QcqzmKE.exe
  2⤵
  PID:1824
- C:\Windows\System\fCEoDqf.exe
  C:\Windows\System\fCEoDqf.exe
  2⤵
  PID:1952
- C:\Windows\System\GHttQQR.exe
  C:\Windows\System\GHttQQR.exe
  2⤵
  PID:3136
- C:\Windows\System\xKswNjR.exe
  C:\Windows\System\xKswNjR.exe
  2⤵
  PID:3228
- C:\Windows\System\FNZQoiO.exe
  C:\Windows\System\FNZQoiO.exe
  2⤵
  PID:3256
- C:\Windows\System\FZEUXOP.exe
  C:\Windows\System\FZEUXOP.exe
  2⤵
  PID:3356
- C:\Windows\System\IusvlgD.exe
  C:\Windows\System\IusvlgD.exe
  2⤵
  PID:3372
- C:\Windows\System\DaqNsDU.exe
  C:\Windows\System\DaqNsDU.exe
  2⤵
  PID:3448
- C:\Windows\System\cRKkVrM.exe
  C:\Windows\System\cRKkVrM.exe
  2⤵
  PID:3488
- C:\Windows\System\TjVOpXU.exe
  C:\Windows\System\TjVOpXU.exe
  2⤵
  PID:3572
- C:\Windows\System\FWgWurl.exe
  C:\Windows\System\FWgWurl.exe
  2⤵
  PID:3612
- C:\Windows\System\HMTLPvI.exe
  C:\Windows\System\HMTLPvI.exe
  2⤵
  PID:3656
- C:\Windows\System\hnlQanq.exe
  C:\Windows\System\hnlQanq.exe
  2⤵
  PID:3712
- C:\Windows\System\rLyKqfL.exe
  C:\Windows\System\rLyKqfL.exe
  2⤵
  PID:3828
- C:\Windows\System\GsNQqGk.exe
  C:\Windows\System\GsNQqGk.exe
  2⤵
  PID:3856
- C:\Windows\System\oQiZRMb.exe
  C:\Windows\System\oQiZRMb.exe
  2⤵
  PID:3896
- C:\Windows\System\uwkHtmc.exe
  C:\Windows\System\uwkHtmc.exe
  2⤵
  PID:3956
- C:\Windows\System\UcaGXxN.exe
  C:\Windows\System\UcaGXxN.exe
  2⤵
  PID:4008
- C:\Windows\System\DlXKoeB.exe
  C:\Windows\System\DlXKoeB.exe
  2⤵
  PID:4052
- C:\Windows\System\aSuCvDS.exe
  C:\Windows\System\aSuCvDS.exe
  2⤵
  PID:2832
- C:\Windows\System\OvWEjbt.exe
  C:\Windows\System\OvWEjbt.exe
  2⤵
  PID:2656
- C:\Windows\System\uDzkxyl.exe
  C:\Windows\System\uDzkxyl.exe
  2⤵
  PID:1176
- C:\Windows\System\zPiErfB.exe
  C:\Windows\System\zPiErfB.exe
  2⤵
  PID:1424
- C:\Windows\System\hlwDRcb.exe
  C:\Windows\System\hlwDRcb.exe
  2⤵
  PID:4104
- C:\Windows\System\rjJnIEp.exe
  C:\Windows\System\rjJnIEp.exe
  2⤵
  PID:4124
- C:\Windows\System\kmBiBzz.exe
  C:\Windows\System\kmBiBzz.exe
  2⤵
  PID:4148
- C:\Windows\System\nPMoVkD.exe
  C:\Windows\System\nPMoVkD.exe
  2⤵
  PID:4168
- C:\Windows\System\XxknhXk.exe
  C:\Windows\System\XxknhXk.exe
  2⤵
  PID:4188
- C:\Windows\System\XAozDRG.exe
  C:\Windows\System\XAozDRG.exe
  2⤵
  PID:4208
- C:\Windows\System\DvIpEKG.exe
  C:\Windows\System\DvIpEKG.exe
  2⤵
  PID:4228
- C:\Windows\System\AhLmDUF.exe
  C:\Windows\System\AhLmDUF.exe
  2⤵
  PID:4248
- C:\Windows\System\mAYyscP.exe
  C:\Windows\System\mAYyscP.exe
  2⤵
  PID:4268
- C:\Windows\System\vLPzXYV.exe
  C:\Windows\System\vLPzXYV.exe
  2⤵
  PID:4284
- C:\Windows\System\IwbGMzr.exe
  C:\Windows\System\IwbGMzr.exe
  2⤵
  PID:4308
- C:\Windows\System\xllnfgS.exe
  C:\Windows\System\xllnfgS.exe
  2⤵
  PID:4324
- C:\Windows\System\TgSwNGI.exe
  C:\Windows\System\TgSwNGI.exe
  2⤵
  PID:4344
- C:\Windows\System\zytzdVC.exe
  C:\Windows\System\zytzdVC.exe
  2⤵
  PID:4368
- C:\Windows\System\RHEeahm.exe
  C:\Windows\System\RHEeahm.exe
  2⤵
  PID:4388
- C:\Windows\System\FMrVCiO.exe
  C:\Windows\System\FMrVCiO.exe
  2⤵
  PID:4408
- C:\Windows\System\boKyMsW.exe
  C:\Windows\System\boKyMsW.exe
  2⤵
  PID:4428
- C:\Windows\System\FHrULhX.exe
  C:\Windows\System\FHrULhX.exe
  2⤵
  PID:4448
- C:\Windows\System\CEUEBCN.exe
  C:\Windows\System\CEUEBCN.exe
  2⤵
  PID:4468
- C:\Windows\System\afEyFHv.exe
  C:\Windows\System\afEyFHv.exe
  2⤵
  PID:4488
- C:\Windows\System\ElzthhJ.exe
  C:\Windows\System\ElzthhJ.exe
  2⤵
  PID:4508
- C:\Windows\System\ujaXwOY.exe
  C:\Windows\System\ujaXwOY.exe
  2⤵
  PID:4528
- C:\Windows\System\JfmnfUy.exe
  C:\Windows\System\JfmnfUy.exe
  2⤵
  PID:4548
- C:\Windows\System\DIGOYMg.exe
  C:\Windows\System\DIGOYMg.exe
  2⤵
  PID:4568
- C:\Windows\System\OQEcFKp.exe
  C:\Windows\System\OQEcFKp.exe
  2⤵
  PID:4592
- C:\Windows\System\PYfbBxV.exe
  C:\Windows\System\PYfbBxV.exe
  2⤵
  PID:4612
- C:\Windows\System\wVmFpLK.exe
  C:\Windows\System\wVmFpLK.exe
  2⤵
  PID:4628
- C:\Windows\System\QwOBGkc.exe
  C:\Windows\System\QwOBGkc.exe
  2⤵
  PID:4648
- C:\Windows\System\NqQoZIx.exe
  C:\Windows\System\NqQoZIx.exe
  2⤵
  PID:4672
- C:\Windows\System\dBYUPvO.exe
  C:\Windows\System\dBYUPvO.exe
  2⤵
  PID:4688
- C:\Windows\System\SkkUCTI.exe
  C:\Windows\System\SkkUCTI.exe
  2⤵
  PID:4712
- C:\Windows\System\ikNifkj.exe
  C:\Windows\System\ikNifkj.exe
  2⤵
  PID:4732
- C:\Windows\System\FoJzmKN.exe
  C:\Windows\System\FoJzmKN.exe
  2⤵
  PID:4752
- C:\Windows\System\DysLGHG.exe
  C:\Windows\System\DysLGHG.exe
  2⤵
  PID:4768
- C:\Windows\System\uFCEVEZ.exe
  C:\Windows\System\uFCEVEZ.exe
  2⤵
  PID:4792
- C:\Windows\System\zhnNwFL.exe
  C:\Windows\System\zhnNwFL.exe
  2⤵
  PID:4812
- C:\Windows\System\QWbFUFI.exe
  C:\Windows\System\QWbFUFI.exe
  2⤵
  PID:4832
- C:\Windows\System\pxsqWKS.exe
  C:\Windows\System\pxsqWKS.exe
  2⤵
  PID:4848
- C:\Windows\System\sePpYCT.exe
  C:\Windows\System\sePpYCT.exe
  2⤵
  PID:4872
- C:\Windows\System\GMvFHFD.exe
  C:\Windows\System\GMvFHFD.exe
  2⤵
  PID:4888
- C:\Windows\System\RISiaST.exe
  C:\Windows\System\RISiaST.exe
  2⤵
  PID:4912
- C:\Windows\System\QoCgIbO.exe
  C:\Windows\System\QoCgIbO.exe
  2⤵
  PID:4932
- C:\Windows\System\raxfndI.exe
  C:\Windows\System\raxfndI.exe
  2⤵
  PID:4948
- C:\Windows\System\KkDwtqw.exe
  C:\Windows\System\KkDwtqw.exe
  2⤵
  PID:4972
- C:\Windows\System\thAEglW.exe
  C:\Windows\System\thAEglW.exe
  2⤵
  PID:4992
- C:\Windows\System\iTWgKUF.exe
  C:\Windows\System\iTWgKUF.exe
  2⤵
  PID:5012
- C:\Windows\System\iAnFGSK.exe
  C:\Windows\System\iAnFGSK.exe
  2⤵
  PID:5032
- C:\Windows\System\ilDhiPZ.exe
  C:\Windows\System\ilDhiPZ.exe
  2⤵
  PID:5052
- C:\Windows\System\GuNvaDN.exe
  C:\Windows\System\GuNvaDN.exe
  2⤵
  PID:5072
- C:\Windows\System\nlfTTvt.exe
  C:\Windows\System\nlfTTvt.exe
  2⤵
  PID:5088
- C:\Windows\System\EJHDaSV.exe
  C:\Windows\System\EJHDaSV.exe
  2⤵
  PID:5104
- C:\Windows\System\JnYQhaB.exe
  C:\Windows\System\JnYQhaB.exe
  2⤵
  PID:3132
- C:\Windows\System\MluygKo.exe
  C:\Windows\System\MluygKo.exe
  2⤵
  PID:3288
- C:\Windows\System\YxDrMAy.exe
  C:\Windows\System\YxDrMAy.exe
  2⤵
  PID:3388
- C:\Windows\System\NitJAAC.exe
  C:\Windows\System\NitJAAC.exe
  2⤵
  PID:3472
- C:\Windows\System\zYOCeCM.exe
  C:\Windows\System\zYOCeCM.exe
  2⤵
  PID:3456
- C:\Windows\System\aTcOYkG.exe
  C:\Windows\System\aTcOYkG.exe
  2⤵
  PID:3696
- C:\Windows\System\LnBSmgQ.exe
  C:\Windows\System\LnBSmgQ.exe
  2⤵
  PID:3716
- C:\Windows\System\BZvWJfp.exe
  C:\Windows\System\BZvWJfp.exe
  2⤵
  PID:3908
- C:\Windows\System\tvIaySE.exe
  C:\Windows\System\tvIaySE.exe
  2⤵
  PID:3932
- C:\Windows\System\RQtHbvF.exe
  C:\Windows\System\RQtHbvF.exe
  2⤵
  PID:4012
- C:\Windows\System\UcfSVku.exe
  C:\Windows\System\UcfSVku.exe
  2⤵
  PID:2244
- C:\Windows\System\iNRwWJS.exe
  C:\Windows\System\iNRwWJS.exe
  2⤵
  PID:2548
- C:\Windows\System\TZCZwuT.exe
  C:\Windows\System\TZCZwuT.exe
  2⤵
  PID:2068
- C:\Windows\System\OVwEDUY.exe
  C:\Windows\System\OVwEDUY.exe
  2⤵
  PID:4136
- C:\Windows\System\VHhpMTE.exe
  C:\Windows\System\VHhpMTE.exe
  2⤵
  PID:4184
- C:\Windows\System\yPwROos.exe
  C:\Windows\System\yPwROos.exe
  2⤵
  PID:4156
- C:\Windows\System\mTDshKd.exe
  C:\Windows\System\mTDshKd.exe
  2⤵
  PID:4200
- C:\Windows\System\GjAXiQs.exe
  C:\Windows\System\GjAXiQs.exe
  2⤵
  PID:4260
- C:\Windows\System\JzSDmIs.exe
  C:\Windows\System\JzSDmIs.exe
  2⤵
  PID:4296
- C:\Windows\System\Karocfj.exe
  C:\Windows\System\Karocfj.exe
  2⤵
  PID:4280
- C:\Windows\System\zVXcsEj.exe
  C:\Windows\System\zVXcsEj.exe
  2⤵
  PID:4416
- C:\Windows\System\AybYiyh.exe
  C:\Windows\System\AybYiyh.exe
  2⤵
  PID:4316
- C:\Windows\System\qhGcpRT.exe
  C:\Windows\System\qhGcpRT.exe
  2⤵
  PID:4464
- C:\Windows\System\yoeUOVn.exe
  C:\Windows\System\yoeUOVn.exe
  2⤵
  PID:4440
- C:\Windows\System\kraGzVF.exe
  C:\Windows\System\kraGzVF.exe
  2⤵
  PID:4500
- C:\Windows\System\LmfKVYf.exe
  C:\Windows\System\LmfKVYf.exe
  2⤵
  PID:4484
- C:\Windows\System\rLtMwGo.exe
  C:\Windows\System\rLtMwGo.exe
  2⤵
  PID:4576
- C:\Windows\System\aWguGCs.exe
  C:\Windows\System\aWguGCs.exe
  2⤵
  PID:4564
- C:\Windows\System\ocjzlnv.exe
  C:\Windows\System\ocjzlnv.exe
  2⤵
  PID:4608
- C:\Windows\System\jlHPdmV.exe
  C:\Windows\System\jlHPdmV.exe
  2⤵
  PID:4640
- C:\Windows\System\YwMWOZG.exe
  C:\Windows\System\YwMWOZG.exe
  2⤵
  PID:4708
- C:\Windows\System\ilqyGUP.exe
  C:\Windows\System\ilqyGUP.exe
  2⤵
  PID:4740
- C:\Windows\System\akVaYyB.exe
  C:\Windows\System\akVaYyB.exe
  2⤵
  PID:4784
- C:\Windows\System\bAQYJTk.exe
  C:\Windows\System\bAQYJTk.exe
  2⤵
  PID:4780
- C:\Windows\System\umZhDlm.exe
  C:\Windows\System\umZhDlm.exe
  2⤵
  PID:4860
- C:\Windows\System\NATWcTQ.exe
  C:\Windows\System\NATWcTQ.exe
  2⤵
  PID:4804
- C:\Windows\System\LLjFtDs.exe
  C:\Windows\System\LLjFtDs.exe
  2⤵
  PID:4908
- C:\Windows\System\wqiWztM.exe
  C:\Windows\System\wqiWztM.exe
  2⤵
  PID:4920
- C:\Windows\System\aWKHdOB.exe
  C:\Windows\System\aWKHdOB.exe
  2⤵
  PID:4988
- C:\Windows\System\afRkgKw.exe
  C:\Windows\System\afRkgKw.exe
  2⤵
  PID:4960
- C:\Windows\System\JFRiDbL.exe
  C:\Windows\System\JFRiDbL.exe
  2⤵
  PID:5024
- C:\Windows\System\gAITbJd.exe
  C:\Windows\System\gAITbJd.exe
  2⤵
  PID:5064
- C:\Windows\System\OltIFHN.exe
  C:\Windows\System\OltIFHN.exe
  2⤵
  PID:3148
- C:\Windows\System\uaDCoEL.exe
  C:\Windows\System\uaDCoEL.exe
  2⤵
  PID:3112
- C:\Windows\System\SbGHqlA.exe
  C:\Windows\System\SbGHqlA.exe
  2⤵
  PID:3316
- C:\Windows\System\DEgbHAN.exe
  C:\Windows\System\DEgbHAN.exe
  2⤵
  PID:3312
- C:\Windows\System\RCETOCr.exe
  C:\Windows\System\RCETOCr.exe
  2⤵
  PID:3728
- C:\Windows\System\bEIomhS.exe
  C:\Windows\System\bEIomhS.exe
  2⤵
  PID:3788
- C:\Windows\System\CRfvtbe.exe
  C:\Windows\System\CRfvtbe.exe
  2⤵
  PID:3756
- C:\Windows\System\tevZsBo.exe
  C:\Windows\System\tevZsBo.exe
  2⤵
  PID:660
- C:\Windows\System\shXNbDa.exe
  C:\Windows\System\shXNbDa.exe
  2⤵
  PID:4140
- C:\Windows\System\czkUYqA.exe
  C:\Windows\System\czkUYqA.exe
  2⤵
  PID:4132
- C:\Windows\System\EbXwICc.exe
  C:\Windows\System\EbXwICc.exe
  2⤵
  PID:4244
- C:\Windows\System\LZMKQDi.exe
  C:\Windows\System\LZMKQDi.exe
  2⤵
  PID:4196
- C:\Windows\System\xPgVpbD.exe
  C:\Windows\System\xPgVpbD.exe
  2⤵
  PID:4336
- C:\Windows\System\TjetehX.exe
  C:\Windows\System\TjetehX.exe
  2⤵
  PID:4404
- C:\Windows\System\LcqwJha.exe
  C:\Windows\System\LcqwJha.exe
  2⤵
  PID:4540
- C:\Windows\System\pARftzm.exe
  C:\Windows\System\pARftzm.exe
  2⤵
  PID:4380
- C:\Windows\System\qbZXptg.exe
  C:\Windows\System\qbZXptg.exe
  2⤵
  PID:4584
- C:\Windows\System\ITXYQQd.exe
  C:\Windows\System\ITXYQQd.exe
  2⤵
  PID:4680
- C:\Windows\System\GCEeHyE.exe
  C:\Windows\System\GCEeHyE.exe
  2⤵
  PID:4520
- C:\Windows\System\LUjMkOf.exe
  C:\Windows\System\LUjMkOf.exe
  2⤵
  PID:4516
- C:\Windows\System\GORPTgW.exe
  C:\Windows\System\GORPTgW.exe
  2⤵
  PID:4880
- C:\Windows\System\gBouUEM.exe
  C:\Windows\System\gBouUEM.exe
  2⤵
  PID:4704
- C:\Windows\System\ZspGZax.exe
  C:\Windows\System\ZspGZax.exe
  2⤵
  PID:4776
- C:\Windows\System\RBqNrPu.exe
  C:\Windows\System\RBqNrPu.exe
  2⤵
  PID:4856
- C:\Windows\System\QkwJBxa.exe
  C:\Windows\System\QkwJBxa.exe
  2⤵
  PID:3332
- C:\Windows\System\cZEWEyj.exe
  C:\Windows\System\cZEWEyj.exe
  2⤵
  PID:4980
- C:\Windows\System\BBifHdt.exe
  C:\Windows\System\BBifHdt.exe
  2⤵
  PID:5004
- C:\Windows\System\nYdVzOb.exe
  C:\Windows\System\nYdVzOb.exe
  2⤵
  PID:1788
- C:\Windows\System\QDXihMg.exe
  C:\Windows\System\QDXihMg.exe
  2⤵
  PID:3268
- C:\Windows\System\PYHQXsG.exe
  C:\Windows\System\PYHQXsG.exe
  2⤵
  PID:3000
- C:\Windows\System\stFTODT.exe
  C:\Windows\System\stFTODT.exe
  2⤵
  PID:3972
- C:\Windows\System\EFtVuOH.exe
  C:\Windows\System\EFtVuOH.exe
  2⤵
  PID:4028
- C:\Windows\System\gnjSKQB.exe
  C:\Windows\System\gnjSKQB.exe
  2⤵
  PID:4320
- C:\Windows\System\bLQQBvn.exe
  C:\Windows\System\bLQQBvn.exe
  2⤵
  PID:4256
- C:\Windows\System\IKqEZNS.exe
  C:\Windows\System\IKqEZNS.exe
  2⤵
  PID:4544
- C:\Windows\System\hOQvVzu.exe
  C:\Windows\System\hOQvVzu.exe
  2⤵
  PID:4460
- C:\Windows\System\TaubFEu.exe
  C:\Windows\System\TaubFEu.exe
  2⤵
  PID:4420
- C:\Windows\System\qtiyOZh.exe
  C:\Windows\System\qtiyOZh.exe
  2⤵
  PID:4696
- C:\Windows\System\VikRTtO.exe
  C:\Windows\System\VikRTtO.exe
  2⤵
  PID:4764
- C:\Windows\System\sVnTqTj.exe
  C:\Windows\System\sVnTqTj.exe
  2⤵
  PID:4600
- C:\Windows\System\ZErWenK.exe
  C:\Windows\System\ZErWenK.exe
  2⤵
  PID:4900
- C:\Windows\System\EdHnjOA.exe
  C:\Windows\System\EdHnjOA.exe
  2⤵
  PID:3328
- C:\Windows\System\UbKVaNJ.exe
  C:\Windows\System\UbKVaNJ.exe
  2⤵
  PID:3616
- C:\Windows\System\NSZZzrJ.exe
  C:\Windows\System\NSZZzrJ.exe
  2⤵
  PID:3172
- C:\Windows\System\FqnBpDj.exe
  C:\Windows\System\FqnBpDj.exe
  2⤵
  PID:1136
- C:\Windows\System\CeUJsSU.exe
  C:\Windows\System\CeUJsSU.exe
  2⤵
  PID:4116
- C:\Windows\System\uNQnWKC.exe
  C:\Windows\System\uNQnWKC.exe
  2⤵
  PID:5128
- C:\Windows\System\vVEcfTw.exe
  C:\Windows\System\vVEcfTw.exe
  2⤵
  PID:5152
- C:\Windows\System\uuQVusR.exe
  C:\Windows\System\uuQVusR.exe
  2⤵
  PID:5176
- C:\Windows\System\zhcPVFU.exe
  C:\Windows\System\zhcPVFU.exe
  2⤵
  PID:5196
- C:\Windows\System\BWqnIUY.exe
  C:\Windows\System\BWqnIUY.exe
  2⤵
  PID:5216
- C:\Windows\System\igWTpwO.exe
  C:\Windows\System\igWTpwO.exe
  2⤵
  PID:5236
- C:\Windows\System\rciEPvw.exe
  C:\Windows\System\rciEPvw.exe
  2⤵
  PID:5252
- C:\Windows\System\VbqXMae.exe
  C:\Windows\System\VbqXMae.exe
  2⤵
  PID:5276
- C:\Windows\System\SZrTSDh.exe
  C:\Windows\System\SZrTSDh.exe
  2⤵
  PID:5296
- C:\Windows\System\mGHrbui.exe
  C:\Windows\System\mGHrbui.exe
  2⤵
  PID:5316
- C:\Windows\System\QmYDisJ.exe
  C:\Windows\System\QmYDisJ.exe
  2⤵
  PID:5336
- C:\Windows\System\uBdnbsZ.exe
  C:\Windows\System\uBdnbsZ.exe
  2⤵
  PID:5356
- C:\Windows\System\djPMVzC.exe
  C:\Windows\System\djPMVzC.exe
  2⤵
  PID:5376
- C:\Windows\System\jmCHqUR.exe
  C:\Windows\System\jmCHqUR.exe
  2⤵
  PID:5396
- C:\Windows\System\kDPvrZE.exe
  C:\Windows\System\kDPvrZE.exe
  2⤵
  PID:5416
- C:\Windows\System\BzuqAFf.exe
  C:\Windows\System\BzuqAFf.exe
  2⤵
  PID:5436
- C:\Windows\System\lQJPODV.exe
  C:\Windows\System\lQJPODV.exe
  2⤵
  PID:5456
- C:\Windows\System\bBgMeIl.exe
  C:\Windows\System\bBgMeIl.exe
  2⤵
  PID:5476
- C:\Windows\System\lahaavI.exe
  C:\Windows\System\lahaavI.exe
  2⤵
  PID:5492
- C:\Windows\System\jPHtsuR.exe
  C:\Windows\System\jPHtsuR.exe
  2⤵
  PID:5516
- C:\Windows\System\tEnJBNS.exe
  C:\Windows\System\tEnJBNS.exe
  2⤵
  PID:5532
- C:\Windows\System\Tjpdnpy.exe
  C:\Windows\System\Tjpdnpy.exe
  2⤵
  PID:5556
- C:\Windows\System\LpWTJvD.exe
  C:\Windows\System\LpWTJvD.exe
  2⤵
  PID:5576
- C:\Windows\System\HtlTihZ.exe
  C:\Windows\System\HtlTihZ.exe
  2⤵
  PID:5596
- C:\Windows\System\ZYgKYAx.exe
  C:\Windows\System\ZYgKYAx.exe
  2⤵
  PID:5616
- C:\Windows\System\pyUlzzr.exe
  C:\Windows\System\pyUlzzr.exe
  2⤵
  PID:5636
- C:\Windows\System\xPpzZkE.exe
  C:\Windows\System\xPpzZkE.exe
  2⤵
  PID:5656
- C:\Windows\System\FEznNPX.exe
  C:\Windows\System\FEznNPX.exe
  2⤵
  PID:5676
- C:\Windows\System\gLBqOOb.exe
  C:\Windows\System\gLBqOOb.exe
  2⤵
  PID:5692
- C:\Windows\System\rbRsZhO.exe
  C:\Windows\System\rbRsZhO.exe
  2⤵
  PID:5716
- C:\Windows\System\ySCGIYX.exe
  C:\Windows\System\ySCGIYX.exe
  2⤵
  PID:5732
- C:\Windows\System\QuhpmAC.exe
  C:\Windows\System\QuhpmAC.exe
  2⤵
  PID:5756
- C:\Windows\System\LfrFaaX.exe
  C:\Windows\System\LfrFaaX.exe
  2⤵
  PID:5772
- C:\Windows\System\VGvosgp.exe
  C:\Windows\System\VGvosgp.exe
  2⤵
  PID:5796
- C:\Windows\System\vNYFout.exe
  C:\Windows\System\vNYFout.exe
  2⤵
  PID:5812
- C:\Windows\System\xlkjXMj.exe
  C:\Windows\System\xlkjXMj.exe
  2⤵
  PID:5836
- C:\Windows\System\hEtacQE.exe
  C:\Windows\System\hEtacQE.exe
  2⤵
  PID:5856
- C:\Windows\System\HAEbTWO.exe
  C:\Windows\System\HAEbTWO.exe
  2⤵
  PID:5876
- C:\Windows\System\lWYvSyp.exe
  C:\Windows\System\lWYvSyp.exe
  2⤵
  PID:5896
- C:\Windows\System\WXMRRVz.exe
  C:\Windows\System\WXMRRVz.exe
  2⤵
  PID:5916
- C:\Windows\System\RMblcPv.exe
  C:\Windows\System\RMblcPv.exe
  2⤵
  PID:5936
- C:\Windows\System\iRXUtdD.exe
  C:\Windows\System\iRXUtdD.exe
  2⤵
  PID:5956
- C:\Windows\System\fmRiXCI.exe
  C:\Windows\System\fmRiXCI.exe
  2⤵
  PID:5976
- C:\Windows\System\acFynWk.exe
  C:\Windows\System\acFynWk.exe
  2⤵
  PID:5996
- C:\Windows\System\mQdHosX.exe
  C:\Windows\System\mQdHosX.exe
  2⤵
  PID:6016
- C:\Windows\System\lftLFhk.exe
  C:\Windows\System\lftLFhk.exe
  2⤵
  PID:6036
- C:\Windows\System\oaeTbSr.exe
  C:\Windows\System\oaeTbSr.exe
  2⤵
  PID:6056
- C:\Windows\System\gIOJtZA.exe
  C:\Windows\System\gIOJtZA.exe
  2⤵
  PID:6076
- C:\Windows\System\eTcVoiR.exe
  C:\Windows\System\eTcVoiR.exe
  2⤵
  PID:6100
- C:\Windows\System\PPqvfNA.exe
  C:\Windows\System\PPqvfNA.exe
  2⤵
  PID:6120
- C:\Windows\System\NXqFgoN.exe
  C:\Windows\System\NXqFgoN.exe
  2⤵
  PID:6140
- C:\Windows\System\zYRVWhX.exe
  C:\Windows\System\zYRVWhX.exe
  2⤵
  PID:4384
- C:\Windows\System\YPESOXj.exe
  C:\Windows\System\YPESOXj.exe
  2⤵
  PID:4524
- C:\Windows\System\qCjtsON.exe
  C:\Windows\System\qCjtsON.exe
  2⤵
  PID:4824
- C:\Windows\System\FRQtNqc.exe
  C:\Windows\System\FRQtNqc.exe
  2⤵
  PID:4476
- C:\Windows\System\YZeynaA.exe
  C:\Windows\System\YZeynaA.exe
  2⤵
  PID:5040
- C:\Windows\System\ZWJOXfK.exe
  C:\Windows\System\ZWJOXfK.exe
  2⤵
  PID:5048
- C:\Windows\System\PTKEsEa.exe
  C:\Windows\System\PTKEsEa.exe
  2⤵
  PID:3976
- C:\Windows\System\QqPjRpq.exe
  C:\Windows\System\QqPjRpq.exe
  2⤵
  PID:5148
- C:\Windows\System\HsgrTGj.exe
  C:\Windows\System\HsgrTGj.exe
  2⤵
  PID:5192
- C:\Windows\System\gekoYtU.exe
  C:\Windows\System\gekoYtU.exe
  2⤵
  PID:5164
- C:\Windows\System\VLqMBdm.exe
  C:\Windows\System\VLqMBdm.exe
  2⤵
  PID:5208
- C:\Windows\System\QXobjHX.exe
  C:\Windows\System\QXobjHX.exe
  2⤵
  PID:5272
- C:\Windows\System\ciBdumK.exe
  C:\Windows\System\ciBdumK.exe
  2⤵
  PID:5292
- C:\Windows\System\VTrMCGH.exe
  C:\Windows\System\VTrMCGH.exe
  2⤵
  PID:5352
- C:\Windows\System\PTzbYwJ.exe
  C:\Windows\System\PTzbYwJ.exe
  2⤵
  PID:5364
- C:\Windows\System\GnmblYS.exe
  C:\Windows\System\GnmblYS.exe
  2⤵
  PID:5388
- C:\Windows\System\Vniwyps.exe
  C:\Windows\System\Vniwyps.exe
  2⤵
  PID:5412
- C:\Windows\System\RVhKnQv.exe
  C:\Windows\System\RVhKnQv.exe
  2⤵
  PID:5472
- C:\Windows\System\nxdathr.exe
  C:\Windows\System\nxdathr.exe
  2⤵
  PID:5448
- C:\Windows\System\aIWCTKR.exe
  C:\Windows\System\aIWCTKR.exe
  2⤵
  PID:5544
- C:\Windows\System\qkirVzW.exe
  C:\Windows\System\qkirVzW.exe
  2⤵
  PID:5584
- C:\Windows\System\SNJcemx.exe
  C:\Windows\System\SNJcemx.exe
  2⤵
  PID:5568
- C:\Windows\System\ADKjYbb.exe
  C:\Windows\System\ADKjYbb.exe
  2⤵
  PID:5608
- C:\Windows\System\DsGLiaF.exe
  C:\Windows\System\DsGLiaF.exe
  2⤵
  PID:5652
- C:\Windows\System\iGYUYPx.exe
  C:\Windows\System\iGYUYPx.exe
  2⤵
  PID:5712
- C:\Windows\System\tASkqWg.exe
  C:\Windows\System\tASkqWg.exe
  2⤵
  PID:5744
- C:\Windows\System\FQquJiT.exe
  C:\Windows\System\FQquJiT.exe
  2⤵
  PID:5780
- C:\Windows\System\HzQZAtn.exe
  C:\Windows\System\HzQZAtn.exe
  2⤵
  PID:5784
- C:\Windows\System\fcfiEoE.exe
  C:\Windows\System\fcfiEoE.exe
  2⤵
  PID:5804
- C:\Windows\System\KkKhTRH.exe
  C:\Windows\System\KkKhTRH.exe
  2⤵
  PID:5848
- C:\Windows\System\miKsgdv.exe
  C:\Windows\System\miKsgdv.exe
  2⤵
  PID:5892
- C:\Windows\System\GdEKofc.exe
  C:\Windows\System\GdEKofc.exe
  2⤵
  PID:5924
- C:\Windows\System\XZURnVT.exe
  C:\Windows\System\XZURnVT.exe
  2⤵
  PID:5964
- C:\Windows\System\SnnzIqN.exe
  C:\Windows\System\SnnzIqN.exe
  2⤵
  PID:5968
- C:\Windows\System\JzxzLuc.exe
  C:\Windows\System\JzxzLuc.exe
  2⤵
  PID:6012
- C:\Windows\System\hoJoCOO.exe
  C:\Windows\System\hoJoCOO.exe
  2⤵
  PID:6072
- C:\Windows\System\skVIfiA.exe
  C:\Windows\System\skVIfiA.exe
  2⤵
  PID:6096
- C:\Windows\System\BLqxZin.exe
  C:\Windows\System\BLqxZin.exe
  2⤵
  PID:4276
- C:\Windows\System\upFfcrt.exe
  C:\Windows\System\upFfcrt.exe
  2⤵
  PID:4656
- C:\Windows\System\teLrrIi.exe
  C:\Windows\System\teLrrIi.exe
  2⤵
  PID:4884
- C:\Windows\System\iMqXJXX.exe
  C:\Windows\System\iMqXJXX.exe
  2⤵
  PID:4744
- C:\Windows\System\zZnHAyT.exe
  C:\Windows\System\zZnHAyT.exe
  2⤵
  PID:2016
- C:\Windows\System\VniZPKr.exe
  C:\Windows\System\VniZPKr.exe
  2⤵
  PID:4340
- C:\Windows\System\jxqAJjO.exe
  C:\Windows\System\jxqAJjO.exe
  2⤵
  PID:5232
- C:\Windows\System\bngACiT.exe
  C:\Windows\System\bngACiT.exe
  2⤵
  PID:5268
- C:\Windows\System\YnwWKkf.exe
  C:\Windows\System\YnwWKkf.exe
  2⤵
  PID:5312
- C:\Windows\System\dMiJiuE.exe
  C:\Windows\System\dMiJiuE.exe
  2⤵
  PID:5332
- C:\Windows\System\SMqFDLD.exe
  C:\Windows\System\SMqFDLD.exe
  2⤵
  PID:5404
- C:\Windows\System\LfuWhtt.exe
  C:\Windows\System\LfuWhtt.exe
  2⤵
  PID:5452
- C:\Windows\System\VktAlqN.exe
  C:\Windows\System\VktAlqN.exe
  2⤵
  PID:5540
- C:\Windows\System\hisFVky.exe
  C:\Windows\System\hisFVky.exe
  2⤵
  PID:5572
- C:\Windows\System\kmEAqvo.exe
  C:\Windows\System\kmEAqvo.exe
  2⤵
  PID:5668
- C:\Windows\System\ZqvWPHE.exe
  C:\Windows\System\ZqvWPHE.exe
  2⤵
  PID:5748
- C:\Windows\System\WcWdUjl.exe
  C:\Windows\System\WcWdUjl.exe
  2⤵
  PID:5728
- C:\Windows\System\HBtZkVc.exe
  C:\Windows\System\HBtZkVc.exe
  2⤵
  PID:5764
- C:\Windows\System\cosZRqi.exe
  C:\Windows\System\cosZRqi.exe
  2⤵
  PID:5868
- C:\Windows\System\FCesvUo.exe
  C:\Windows\System\FCesvUo.exe
  2⤵
  PID:5944
- C:\Windows\System\lAwNljS.exe
  C:\Windows\System\lAwNljS.exe
  2⤵
  PID:6024
- C:\Windows\System\GAdsMPe.exe
  C:\Windows\System\GAdsMPe.exe
  2⤵
  PID:6044
- C:\Windows\System\RQeESVl.exe
  C:\Windows\System\RQeESVl.exe
  2⤵
  PID:6064
- C:\Windows\System\DetMjCn.exe
  C:\Windows\System\DetMjCn.exe
  2⤵
  PID:6112
- C:\Windows\System\pQrboTC.exe
  C:\Windows\System\pQrboTC.exe
  2⤵
  PID:4828
- C:\Windows\System\vjNziDU.exe
  C:\Windows\System\vjNziDU.exe
  2⤵
  PID:5008
- C:\Windows\System\pkpHSfG.exe
  C:\Windows\System\pkpHSfG.exe
  2⤵
  PID:5204
- C:\Windows\System\jxvvmOO.exe
  C:\Windows\System\jxvvmOO.exe
  2⤵
  PID:5160
- C:\Windows\System\GLGXzBU.exe
  C:\Windows\System\GLGXzBU.exe
  2⤵
  PID:5324
- C:\Windows\System\dOZaiVN.exe
  C:\Windows\System\dOZaiVN.exe
  2⤵
  PID:5500
- C:\Windows\System\DkkQvVQ.exe
  C:\Windows\System\DkkQvVQ.exe
  2⤵
  PID:5392
- C:\Windows\System\BmKEwKI.exe
  C:\Windows\System\BmKEwKI.exe
  2⤵
  PID:5672
- C:\Windows\System\sdwsOJi.exe
  C:\Windows\System\sdwsOJi.exe
  2⤵
  PID:5824
- C:\Windows\System\yFqRkvL.exe
  C:\Windows\System\yFqRkvL.exe
  2⤵
  PID:5864
- C:\Windows\System\MauTRof.exe
  C:\Windows\System\MauTRof.exe
  2⤵
  PID:5992
- C:\Windows\System\OSqUagS.exe
  C:\Windows\System\OSqUagS.exe
  2⤵
  PID:6032
- C:\Windows\System\leVyOMB.exe
  C:\Windows\System\leVyOMB.exe
  2⤵
  PID:6052
- C:\Windows\System\auKzTVb.exe
  C:\Windows\System\auKzTVb.exe
  2⤵
  PID:4964
- C:\Windows\System\nXWOXEV.exe
  C:\Windows\System\nXWOXEV.exe
  2⤵
  PID:6156
- C:\Windows\System\IgRrQzC.exe
  C:\Windows\System\IgRrQzC.exe
  2⤵
  PID:6176
- C:\Windows\System\EUDxlvP.exe
  C:\Windows\System\EUDxlvP.exe
  2⤵
  PID:6196
- C:\Windows\System\XEuKaXp.exe
  C:\Windows\System\XEuKaXp.exe
  2⤵
  PID:6216
- C:\Windows\System\QtvxYFQ.exe
  C:\Windows\System\QtvxYFQ.exe
  2⤵
  PID:6236
- C:\Windows\System\etNuZbS.exe
  C:\Windows\System\etNuZbS.exe
  2⤵
  PID:6256
- C:\Windows\System\yhaDykb.exe
  C:\Windows\System\yhaDykb.exe
  2⤵
  PID:6276
- C:\Windows\System\xDaPCZa.exe
  C:\Windows\System\xDaPCZa.exe
  2⤵
  PID:6296
- C:\Windows\System\SITSgDW.exe
  C:\Windows\System\SITSgDW.exe
  2⤵
  PID:6320
- C:\Windows\System\pyZxnwI.exe
  C:\Windows\System\pyZxnwI.exe
  2⤵
  PID:6340
- C:\Windows\System\fdxGTWI.exe
  C:\Windows\System\fdxGTWI.exe
  2⤵
  PID:6356
- C:\Windows\System\oNfwauD.exe
  C:\Windows\System\oNfwauD.exe
  2⤵
  PID:6380
- C:\Windows\System\djXRaRO.exe
  C:\Windows\System\djXRaRO.exe
  2⤵
  PID:6400
- C:\Windows\System\rWwSjrZ.exe
  C:\Windows\System\rWwSjrZ.exe
  2⤵
  PID:6420
- C:\Windows\System\LzwETog.exe
  C:\Windows\System\LzwETog.exe
  2⤵
  PID:6440
- C:\Windows\System\tHtokAi.exe
  C:\Windows\System\tHtokAi.exe
  2⤵
  PID:6460
- C:\Windows\System\roXemnA.exe
  C:\Windows\System\roXemnA.exe
  2⤵
  PID:6480
- C:\Windows\System\fnrtcqh.exe
  C:\Windows\System\fnrtcqh.exe
  2⤵
  PID:6500
- C:\Windows\System\DjMQbRU.exe
  C:\Windows\System\DjMQbRU.exe
  2⤵
  PID:6516
- C:\Windows\System\tKJmkDR.exe
  C:\Windows\System\tKJmkDR.exe
  2⤵
  PID:6540
- C:\Windows\System\ltedWCC.exe
  C:\Windows\System\ltedWCC.exe
  2⤵
  PID:6556
- C:\Windows\System\wZyZjHj.exe
  C:\Windows\System\wZyZjHj.exe
  2⤵
  PID:6576
- C:\Windows\System\dTzjDxB.exe
  C:\Windows\System\dTzjDxB.exe
  2⤵
  PID:6596
- C:\Windows\System\hwtfIzb.exe
  C:\Windows\System\hwtfIzb.exe
  2⤵
  PID:6620
- C:\Windows\System\XWRuVPw.exe
  C:\Windows\System\XWRuVPw.exe
  2⤵
  PID:6640
- C:\Windows\System\jUZkMKt.exe
  C:\Windows\System\jUZkMKt.exe
  2⤵
  PID:6660
- C:\Windows\System\EWZxEBP.exe
  C:\Windows\System\EWZxEBP.exe
  2⤵
  PID:6680
- C:\Windows\System\fRAEjgt.exe
  C:\Windows\System\fRAEjgt.exe
  2⤵
  PID:6700
- C:\Windows\System\KrUjFsG.exe
  C:\Windows\System\KrUjFsG.exe
  2⤵
  PID:6720
- C:\Windows\System\OMfAXLJ.exe
  C:\Windows\System\OMfAXLJ.exe
  2⤵
  PID:6740
- C:\Windows\System\jlnyqRA.exe
  C:\Windows\System\jlnyqRA.exe
  2⤵
  PID:6756
- C:\Windows\System\KtWVdTC.exe
  C:\Windows\System\KtWVdTC.exe
  2⤵
  PID:6780
- C:\Windows\System\UDHHUbl.exe
  C:\Windows\System\UDHHUbl.exe
  2⤵
  PID:6800
- C:\Windows\System\ktdiaMN.exe
  C:\Windows\System\ktdiaMN.exe
  2⤵
  PID:6816
- C:\Windows\System\xunkYMH.exe
  C:\Windows\System\xunkYMH.exe
  2⤵
  PID:6836
- C:\Windows\System\uJXeudu.exe
  C:\Windows\System\uJXeudu.exe
  2⤵
  PID:6856
- C:\Windows\System\MFPcWLu.exe
  C:\Windows\System\MFPcWLu.exe
  2⤵
  PID:6876
- C:\Windows\System\ApeWtEx.exe
  C:\Windows\System\ApeWtEx.exe
  2⤵
  PID:6896
- C:\Windows\System\YhEkHcY.exe
  C:\Windows\System\YhEkHcY.exe
  2⤵
  PID:6916
- C:\Windows\System\MJPFMbX.exe
  C:\Windows\System\MJPFMbX.exe
  2⤵
  PID:6932
- C:\Windows\System\HFGiNtW.exe
  C:\Windows\System\HFGiNtW.exe
  2⤵
  PID:6956
- C:\Windows\System\rzWhZYi.exe
  C:\Windows\System\rzWhZYi.exe
  2⤵
  PID:6972
- C:\Windows\System\qkaBDgV.exe
  C:\Windows\System\qkaBDgV.exe
  2⤵
  PID:6996
- C:\Windows\System\goQyCbY.exe
  C:\Windows\System\goQyCbY.exe
  2⤵
  PID:7016
- C:\Windows\System\LRbnCaG.exe
  C:\Windows\System\LRbnCaG.exe
  2⤵
  PID:7040
- C:\Windows\System\QolKpTH.exe
  C:\Windows\System\QolKpTH.exe
  2⤵
  PID:7060
- C:\Windows\System\SWZqStu.exe
  C:\Windows\System\SWZqStu.exe
  2⤵
  PID:7076
- C:\Windows\System\FKLXLkO.exe
  C:\Windows\System\FKLXLkO.exe
  2⤵
  PID:7096
- C:\Windows\System\XGDCgOS.exe
  C:\Windows\System\XGDCgOS.exe
  2⤵
  PID:7116
- C:\Windows\System\ISKyZCH.exe
  C:\Windows\System\ISKyZCH.exe
  2⤵
  PID:7132
- C:\Windows\System\UZICzqn.exe
  C:\Windows\System\UZICzqn.exe
  2⤵
  PID:7156
- C:\Windows\System\uUkKPiP.exe
  C:\Windows\System\uUkKPiP.exe
  2⤵
  PID:5124
- C:\Windows\System\UfHMYao.exe
  C:\Windows\System\UfHMYao.exe
  2⤵
  PID:5308
- C:\Windows\System\ciVpfco.exe
  C:\Windows\System\ciVpfco.exe
  2⤵
  PID:5284
- C:\Windows\System\bbSSYnj.exe
  C:\Windows\System\bbSSYnj.exe
  2⤵
  PID:5612
- C:\Windows\System\WdqZNPP.exe
  C:\Windows\System\WdqZNPP.exe
  2⤵
  PID:5792
- C:\Windows\System\JuEUbHc.exe
  C:\Windows\System\JuEUbHc.exe
  2⤵
  PID:5988
- C:\Windows\System\bdliYWl.exe
  C:\Windows\System\bdliYWl.exe
  2⤵
  PID:5928
- C:\Windows\System\sjPOeaU.exe
  C:\Windows\System\sjPOeaU.exe
  2⤵
  PID:3088
- C:\Windows\System\qSULuPY.exe
  C:\Windows\System\qSULuPY.exe
  2⤵
  PID:6168
- C:\Windows\System\vIUCRFt.exe
  C:\Windows\System\vIUCRFt.exe
  2⤵
  PID:6188
- C:\Windows\System\kgNxrwP.exe
  C:\Windows\System\kgNxrwP.exe
  2⤵
  PID:6248
- C:\Windows\System\lRSGAMe.exe
  C:\Windows\System\lRSGAMe.exe
  2⤵
  PID:6292
- C:\Windows\System\NWNnpam.exe
  C:\Windows\System\NWNnpam.exe
  2⤵
  PID:6328
- C:\Windows\System\aHRpRIb.exe
  C:\Windows\System\aHRpRIb.exe
  2⤵
  PID:6364
- C:\Windows\System\XbEAuDa.exe
  C:\Windows\System\XbEAuDa.exe
  2⤵
  PID:6348
- C:\Windows\System\bdoDaim.exe
  C:\Windows\System\bdoDaim.exe
  2⤵
  PID:6452
- C:\Windows\System\ImPqPUM.exe
  C:\Windows\System\ImPqPUM.exe
  2⤵
  PID:6428
- C:\Windows\System\JwERgNY.exe
  C:\Windows\System\JwERgNY.exe
  2⤵
  PID:6476
- C:\Windows\System\keZEWno.exe
  C:\Windows\System\keZEWno.exe
  2⤵
  PID:6528
- C:\Windows\System\CUuzyHA.exe
  C:\Windows\System\CUuzyHA.exe
  2⤵
  PID:6564
- C:\Windows\System\mXjXrNm.exe
  C:\Windows\System\mXjXrNm.exe
  2⤵
  PID:6616
- C:\Windows\System\hzhGAep.exe
  C:\Windows\System\hzhGAep.exe
  2⤵
  PID:6656
- C:\Windows\System\WFTuJte.exe
  C:\Windows\System\WFTuJte.exe
  2⤵
  PID:6592
- C:\Windows\System\AVupLYb.exe
  C:\Windows\System\AVupLYb.exe
  2⤵
  PID:6628
- C:\Windows\System\nKlxDHK.exe
  C:\Windows\System\nKlxDHK.exe
  2⤵
  PID:6732
- C:\Windows\System\mIruimV.exe
  C:\Windows\System\mIruimV.exe
  2⤵
  PID:6672
- C:\Windows\System\sSywFVT.exe
  C:\Windows\System\sSywFVT.exe
  2⤵
  PID:6716
- C:\Windows\System\jYROkKF.exe
  C:\Windows\System\jYROkKF.exe
  2⤵
  PID:6788
- C:\Windows\System\WIbkXJW.exe
  C:\Windows\System\WIbkXJW.exe
  2⤵
  PID:6852
- C:\Windows\System\aoyYvbV.exe
  C:\Windows\System\aoyYvbV.exe
  2⤵
  PID:6928
- C:\Windows\System\FEGmEAc.exe
  C:\Windows\System\FEGmEAc.exe
  2⤵
  PID:6964
- C:\Windows\System\sCQzomo.exe
  C:\Windows\System\sCQzomo.exe
  2⤵
  PID:7012
- C:\Windows\System\pPZEbry.exe
  C:\Windows\System\pPZEbry.exe
  2⤵
  PID:7048
- C:\Windows\System\eLPzldZ.exe
  C:\Windows\System\eLPzldZ.exe
  2⤵
  PID:7092
- C:\Windows\System\ASRdqOr.exe
  C:\Windows\System\ASRdqOr.exe
  2⤵
  PID:6988
- C:\Windows\System\fBFGnJz.exe
  C:\Windows\System\fBFGnJz.exe
  2⤵
  PID:6984
- C:\Windows\System\UcbppTz.exe
  C:\Windows\System\UcbppTz.exe
  2⤵
  PID:5428
- C:\Windows\System\OoWAKNt.exe
  C:\Windows\System\OoWAKNt.exe
  2⤵
  PID:7068
- C:\Windows\System\pyQepVm.exe
  C:\Windows\System\pyQepVm.exe
  2⤵
  PID:5904
- C:\Windows\System\swmeaqr.exe
  C:\Windows\System\swmeaqr.exe
  2⤵
  PID:7140
- C:\Windows\System\RHsHFnK.exe
  C:\Windows\System\RHsHFnK.exe
  2⤵
  PID:5172
- C:\Windows\System\eZgEjom.exe
  C:\Windows\System\eZgEjom.exe
  2⤵
  PID:6252
- C:\Windows\System\rckGLSC.exe
  C:\Windows\System\rckGLSC.exe
  2⤵
  PID:5488
- C:\Windows\System\eCnjQUH.exe
  C:\Windows\System\eCnjQUH.exe
  2⤵
  PID:6184
- C:\Windows\System\QQMXPjN.exe
  C:\Windows\System\QQMXPjN.exe
  2⤵
  PID:6376
- C:\Windows\System\FphrNZW.exe
  C:\Windows\System\FphrNZW.exe
  2⤵
  PID:6524
- C:\Windows\System\UhGGiyo.exe
  C:\Windows\System\UhGGiyo.exe
  2⤵
  PID:6284
- C:\Windows\System\aEmvEip.exe
  C:\Windows\System\aEmvEip.exe
  2⤵
  PID:6632
- C:\Windows\System\iCERDrG.exe
  C:\Windows\System\iCERDrG.exe
  2⤵
  PID:6232
- C:\Windows\System\wfvtpnO.exe
  C:\Windows\System\wfvtpnO.exe
  2⤵
  PID:6312
- C:\Windows\System\CmiXDMw.exe
  C:\Windows\System\CmiXDMw.exe
  2⤵
  PID:6456
- C:\Windows\System\pYWMMpL.exe
  C:\Windows\System\pYWMMpL.exe
  2⤵
  PID:6468
- C:\Windows\System\qRWljZB.exe
  C:\Windows\System\qRWljZB.exe
  2⤵
  PID:6552
- C:\Windows\System\nIYcRUD.exe
  C:\Windows\System\nIYcRUD.exe
  2⤵
  PID:6696
- C:\Windows\System\nxPTTEp.exe
  C:\Windows\System\nxPTTEp.exe
  2⤵
  PID:6752
- C:\Windows\System\HPYOYOd.exe
  C:\Windows\System\HPYOYOd.exe
  2⤵
  PID:6944
- C:\Windows\System\pGYfpyH.exe
  C:\Windows\System\pGYfpyH.exe
  2⤵
  PID:6948
- C:\Windows\System\UmwXANz.exe
  C:\Windows\System\UmwXANz.exe
  2⤵
  PID:7084
- C:\Windows\System\fmRgmQJ.exe
  C:\Windows\System\fmRgmQJ.exe
  2⤵
  PID:7112
- C:\Windows\System\CGONTDM.exe
  C:\Windows\System\CGONTDM.exe
  2⤵
  PID:6888
- C:\Windows\System\GpJtKOf.exe
  C:\Windows\System\GpJtKOf.exe
  2⤵
  PID:7148
- C:\Windows\System\YwJpHkK.exe
  C:\Windows\System\YwJpHkK.exe
  2⤵
  PID:6108
- C:\Windows\System\jTzDvht.exe
  C:\Windows\System\jTzDvht.exe
  2⤵
  PID:6612
- C:\Windows\System\zBqmXCG.exe
  C:\Windows\System\zBqmXCG.exe
  2⤵
  PID:5528
- C:\Windows\System\yvZXXua.exe
  C:\Windows\System\yvZXXua.exe
  2⤵
  PID:6152
- C:\Windows\System\IQfzTNs.exe
  C:\Windows\System\IQfzTNs.exe
  2⤵
  PID:5948
- C:\Windows\System\BWpkbgJ.exe
  C:\Windows\System\BWpkbgJ.exe
  2⤵
  PID:6448
- C:\Windows\System\NayEmsT.exe
  C:\Windows\System\NayEmsT.exe
  2⤵
  PID:6668
- C:\Windows\System\eZmbkpq.exe
  C:\Windows\System\eZmbkpq.exe
  2⤵
  PID:6952
- C:\Windows\System\ogOZBtD.exe
  C:\Windows\System\ogOZBtD.exe
  2⤵
  PID:6832
- C:\Windows\System\wKQRZZv.exe
  C:\Windows\System\wKQRZZv.exe
  2⤵
  PID:6316
- C:\Windows\System\geQVcEi.exe
  C:\Windows\System\geQVcEi.exe
  2⤵
  PID:7088
- C:\Windows\System\FuGCzMv.exe
  C:\Windows\System\FuGCzMv.exe
  2⤵
  PID:5548
- C:\Windows\System\fjyzZvc.exe
  C:\Windows\System\fjyzZvc.exe
  2⤵
  PID:6588
- C:\Windows\System\vtRzmxk.exe
  C:\Windows\System\vtRzmxk.exe
  2⤵
  PID:6904
- C:\Windows\System\XRtVqHB.exe
  C:\Windows\System\XRtVqHB.exe
  2⤵
  PID:7036
- C:\Windows\System\zUnTrqi.exe
  C:\Windows\System\zUnTrqi.exe
  2⤵
  PID:6228
- C:\Windows\System\tbGVBhU.exe
  C:\Windows\System\tbGVBhU.exe
  2⤵
  PID:5588
- C:\Windows\System\DwjrMyA.exe
  C:\Windows\System\DwjrMyA.exe
  2⤵
  PID:6244
- C:\Windows\System\axmGlzY.exe
  C:\Windows\System\axmGlzY.exe
  2⤵
  PID:6776
- C:\Windows\System\EudGOKv.exe
  C:\Windows\System\EudGOKv.exe
  2⤵
  PID:6812
- C:\Windows\System\AiboDwM.exe
  C:\Windows\System\AiboDwM.exe
  2⤵
  PID:6532
- C:\Windows\System\OoaLtoF.exe
  C:\Windows\System\OoaLtoF.exe
  2⤵
  PID:6912
- C:\Windows\System\wgiWZSe.exe
  C:\Windows\System\wgiWZSe.exe
  2⤵
  PID:6164
- C:\Windows\System\JsbOMFT.exe
  C:\Windows\System\JsbOMFT.exe
  2⤵
  PID:7184
- C:\Windows\System\hqgOZSE.exe
  C:\Windows\System\hqgOZSE.exe
  2⤵
  PID:7212
- C:\Windows\System\hqIpHhB.exe
  C:\Windows\System\hqIpHhB.exe
  2⤵
  PID:7228
- C:\Windows\System\kQEINjk.exe
  C:\Windows\System\kQEINjk.exe
  2⤵
  PID:7252
- C:\Windows\System\OWbTudh.exe
  C:\Windows\System\OWbTudh.exe
  2⤵
  PID:7268
- C:\Windows\System\gbOuWAU.exe
  C:\Windows\System\gbOuWAU.exe
  2⤵
  PID:7296
- C:\Windows\System\ZZMDUhp.exe
  C:\Windows\System\ZZMDUhp.exe
  2⤵
  PID:7312
- C:\Windows\System\ObxbeEj.exe
  C:\Windows\System\ObxbeEj.exe
  2⤵
  PID:7336
- C:\Windows\System\OagniuY.exe
  C:\Windows\System\OagniuY.exe
  2⤵
  PID:7352
- C:\Windows\System\BnLzdoh.exe
  C:\Windows\System\BnLzdoh.exe
  2⤵
  PID:7372
- C:\Windows\System\JmkiNuw.exe
  C:\Windows\System\JmkiNuw.exe
  2⤵
  PID:7392
- C:\Windows\System\xUAHMVC.exe
  C:\Windows\System\xUAHMVC.exe
  2⤵
  PID:7412
- C:\Windows\System\suTLXce.exe
  C:\Windows\System\suTLXce.exe
  2⤵
  PID:7436
- C:\Windows\System\pbITjPJ.exe
  C:\Windows\System\pbITjPJ.exe
  2⤵
  PID:7456
- C:\Windows\System\NGRPKmK.exe
  C:\Windows\System\NGRPKmK.exe
  2⤵
  PID:7476
- C:\Windows\System\qMWPaER.exe
  C:\Windows\System\qMWPaER.exe
  2⤵
  PID:7500
- C:\Windows\System\YdpGqXw.exe
  C:\Windows\System\YdpGqXw.exe
  2⤵
  PID:7516
- C:\Windows\System\gSgDhMN.exe
  C:\Windows\System\gSgDhMN.exe
  2⤵
  PID:7536
- C:\Windows\System\sChXShV.exe
  C:\Windows\System\sChXShV.exe
  2⤵
  PID:7556
- C:\Windows\System\sGfPhtO.exe
  C:\Windows\System\sGfPhtO.exe
  2⤵
  PID:7580
- C:\Windows\System\WiRWkPF.exe
  C:\Windows\System\WiRWkPF.exe
  2⤵
  PID:7596
- C:\Windows\System\HaHVpDE.exe
  C:\Windows\System\HaHVpDE.exe
  2⤵
  PID:7616
- C:\Windows\System\NTbUdmO.exe
  C:\Windows\System\NTbUdmO.exe
  2⤵
  PID:7632
- C:\Windows\System\HVqMmne.exe
  C:\Windows\System\HVqMmne.exe
  2⤵
  PID:7652
- C:\Windows\System\xZWYFfy.exe
  C:\Windows\System\xZWYFfy.exe
  2⤵
  PID:7672
- C:\Windows\System\GWoDsBy.exe
  C:\Windows\System\GWoDsBy.exe
  2⤵
  PID:7692
- C:\Windows\System\ynuQDwE.exe
  C:\Windows\System\ynuQDwE.exe
  2⤵
  PID:7712
- C:\Windows\System\vXPaCpb.exe
  C:\Windows\System\vXPaCpb.exe
  2⤵
  PID:7736
- C:\Windows\System\XLDPvpK.exe
  C:\Windows\System\XLDPvpK.exe
  2⤵
  PID:7752
- C:\Windows\System\JcWpoyv.exe
  C:\Windows\System\JcWpoyv.exe
  2⤵
  PID:7776
- C:\Windows\System\UrcxnGj.exe
  C:\Windows\System\UrcxnGj.exe
  2⤵
  PID:7792
- C:\Windows\System\sZbmpqQ.exe
  C:\Windows\System\sZbmpqQ.exe
  2⤵
  PID:7812
- C:\Windows\System\SUvnCPN.exe
  C:\Windows\System\SUvnCPN.exe
  2⤵
  PID:7828
- C:\Windows\System\WXwTMBH.exe
  C:\Windows\System\WXwTMBH.exe
  2⤵
  PID:7848
- C:\Windows\System\iZsItIJ.exe
  C:\Windows\System\iZsItIJ.exe
  2⤵
  PID:7864
- C:\Windows\System\wGfbjyI.exe
  C:\Windows\System\wGfbjyI.exe
  2⤵
  PID:7880
- C:\Windows\System\eJSVHjB.exe
  C:\Windows\System\eJSVHjB.exe
  2⤵
  PID:7952
- C:\Windows\System\IOJXPNR.exe
  C:\Windows\System\IOJXPNR.exe
  2⤵
  PID:7972
- C:\Windows\System\SXywNiG.exe
  C:\Windows\System\SXywNiG.exe
  2⤵
  PID:8000
- C:\Windows\System\nDaPwFW.exe
  C:\Windows\System\nDaPwFW.exe
  2⤵
  PID:8016
- C:\Windows\System\paZpxGF.exe
  C:\Windows\System\paZpxGF.exe
  2⤵
  PID:8104
- C:\Windows\System\dppsVYB.exe
  C:\Windows\System\dppsVYB.exe
  2⤵
  PID:8120
- C:\Windows\System\kmTndZj.exe
  C:\Windows\System\kmTndZj.exe
  2⤵
  PID:8136
- C:\Windows\System\OudmiTR.exe
  C:\Windows\System\OudmiTR.exe
  2⤵
  PID:8152
- C:\Windows\System\tTnYwRg.exe
  C:\Windows\System\tTnYwRg.exe
  2⤵
  PID:8168
- C:\Windows\System\qrfhNIg.exe
  C:\Windows\System\qrfhNIg.exe
  2⤵
  PID:8188
- C:\Windows\System\uKWUItB.exe
  C:\Windows\System\uKWUItB.exe
  2⤵
  PID:6604
- C:\Windows\System\hOZZTpc.exe
  C:\Windows\System\hOZZTpc.exe
  2⤵
  PID:6648
- C:\Windows\System\zzNszbx.exe
  C:\Windows\System\zzNszbx.exe
  2⤵
  PID:328
- C:\Windows\System\nGBuWKB.exe
  C:\Windows\System\nGBuWKB.exe
  2⤵
  PID:7224
- C:\Windows\System\zZtwLsf.exe
  C:\Windows\System\zZtwLsf.exe
  2⤵
  PID:7260
- C:\Windows\System\wjeRdfi.exe
  C:\Windows\System\wjeRdfi.exe
  2⤵
  PID:6396
- C:\Windows\System\kyuCVvO.exe
  C:\Windows\System\kyuCVvO.exe
  2⤵
  PID:7264
- C:\Windows\System\qQuTFcZ.exe
  C:\Windows\System\qQuTFcZ.exe
  2⤵
  PID:5444
- C:\Windows\System\HyqprYs.exe
  C:\Windows\System\HyqprYs.exe
  2⤵
  PID:7240
- C:\Windows\System\rngbsRR.exe
  C:\Windows\System\rngbsRR.exe
  2⤵
  PID:7236
- C:\Windows\System\qsFdtWU.exe
  C:\Windows\System\qsFdtWU.exe
  2⤵
  PID:7280
- C:\Windows\System\hicNPLg.exe
  C:\Windows\System\hicNPLg.exe
  2⤵
  PID:2816
- C:\Windows\System\OasNjSy.exe
  C:\Windows\System\OasNjSy.exe
  2⤵
  PID:7328
- C:\Windows\System\VJZyChi.exe
  C:\Windows\System\VJZyChi.exe
  2⤵
  PID:7428
- C:\Windows\System\hfEUPuA.exe
  C:\Windows\System\hfEUPuA.exe
  2⤵
  PID:7468
- C:\Windows\System\hZitWYW.exe
  C:\Windows\System\hZitWYW.exe
  2⤵
  PID:7552
- C:\Windows\System\YwgHOrt.exe
  C:\Windows\System\YwgHOrt.exe
  2⤵
  PID:7484
- C:\Windows\System\INtTpxV.exe
  C:\Windows\System\INtTpxV.exe
  2⤵
  PID:7668
- C:\Windows\System\qfSXlxp.exe
  C:\Windows\System\qfSXlxp.exe
  2⤵
  PID:7704
- C:\Windows\System\YIInlMV.exe
  C:\Windows\System\YIInlMV.exe
  2⤵
  PID:7784
- C:\Windows\System\CpQjVVu.exe
  C:\Windows\System\CpQjVVu.exe
  2⤵
  PID:7824
- C:\Windows\System\NrDouMs.exe
  C:\Windows\System\NrDouMs.exe
  2⤵
  PID:7608
- C:\Windows\System\mCLejIK.exe
  C:\Windows\System\mCLejIK.exe
  2⤵
  PID:7860
- C:\Windows\System\kfVdqhp.exe
  C:\Windows\System\kfVdqhp.exe
  2⤵
  PID:7720
- C:\Windows\System\uIYjKal.exe
  C:\Windows\System\uIYjKal.exe
  2⤵
  PID:7896
- C:\Windows\System\ybIejGa.exe
  C:\Windows\System\ybIejGa.exe
  2⤵
  PID:7808
- C:\Windows\System\ZWMVRvu.exe
  C:\Windows\System\ZWMVRvu.exe
  2⤵
  PID:7804
- C:\Windows\System\IeBHujT.exe
  C:\Windows\System\IeBHujT.exe
  2⤵
  PID:7840
- C:\Windows\System\XxyVdzJ.exe
  C:\Windows\System\XxyVdzJ.exe
  2⤵
  PID:7936
- C:\Windows\System\iuOstBR.exe
  C:\Windows\System\iuOstBR.exe
  2⤵
  PID:2176
- C:\Windows\System\cKhCdvO.exe
  C:\Windows\System\cKhCdvO.exe
  2⤵
  PID:2452
- C:\Windows\System\PQHSlaS.exe
  C:\Windows\System\PQHSlaS.exe
  2⤵
  PID:8100
- C:\Windows\System\ydPZltA.exe
  C:\Windows\System\ydPZltA.exe
  2⤵
  PID:8116
- C:\Windows\System\DhPDOaJ.exe
  C:\Windows\System\DhPDOaJ.exe
  2⤵
  PID:8128
- C:\Windows\System\frWyLCK.exe
  C:\Windows\System\frWyLCK.exe
  2⤵
  PID:6692
- C:\Windows\System\zDIGbKF.exe
  C:\Windows\System\zDIGbKF.exe
  2⤵
  PID:6172
- C:\Windows\System\mLmjHwN.exe
  C:\Windows\System\mLmjHwN.exe
  2⤵
  PID:8148
- C:\Windows\System\skhRbWZ.exe
  C:\Windows\System\skhRbWZ.exe
  2⤵
  PID:6192
- C:\Windows\System\EIANiZj.exe
  C:\Windows\System\EIANiZj.exe
  2⤵
  PID:7204
- C:\Windows\System\LDFIjSX.exe
  C:\Windows\System\LDFIjSX.exe
  2⤵
  PID:7368
- C:\Windows\System\KyzPZjy.exe
  C:\Windows\System\KyzPZjy.exe
  2⤵
  PID:6332
- C:\Windows\System\GhFLJNy.exe
  C:\Windows\System\GhFLJNy.exe
  2⤵
  PID:7388
- C:\Windows\System\bULHwjA.exe
  C:\Windows\System\bULHwjA.exe
  2⤵
  PID:7400
- C:\Windows\System\szBfSam.exe
  C:\Windows\System\szBfSam.exe
  2⤵
  PID:1688
- C:\Windows\System\pSBWDFq.exe
  C:\Windows\System\pSBWDFq.exe
  2⤵
  PID:7464
- C:\Windows\System\okpuuSc.exe
  C:\Windows\System\okpuuSc.exe
  2⤵
  PID:532
- C:\Windows\System\HnyDlyh.exe
  C:\Windows\System\HnyDlyh.exe
  2⤵
  PID:7512
- C:\Windows\System\xdMksJF.exe
  C:\Windows\System\xdMksJF.exe
  2⤵
  PID:7576
- C:\Windows\System\eQzPtut.exe
  C:\Windows\System\eQzPtut.exe
  2⤵
  PID:1844
- C:\Windows\System\dULabXu.exe
  C:\Windows\System\dULabXu.exe
  2⤵
  PID:7528
- C:\Windows\System\ZEELhwS.exe
  C:\Windows\System\ZEELhwS.exe
  2⤵
  PID:2568
- C:\Windows\System\mJoftEG.exe
  C:\Windows\System\mJoftEG.exe
  2⤵
  PID:7892
- C:\Windows\System\abzQPIm.exe
  C:\Windows\System\abzQPIm.exe
  2⤵
  PID:2212
- C:\Windows\System\VZbZcMK.exe
  C:\Windows\System\VZbZcMK.exe
  2⤵
  PID:7876
- C:\Windows\System\QXMIDta.exe
  C:\Windows\System\QXMIDta.exe
  2⤵
  PID:2732
- C:\Windows\System\FDBQNDA.exe
  C:\Windows\System\FDBQNDA.exe
  2⤵
  PID:7764
- C:\Windows\System\RkQYJqv.exe
  C:\Windows\System\RkQYJqv.exe
  2⤵
  PID:7908
- C:\Windows\System\jaxoaGW.exe
  C:\Windows\System\jaxoaGW.exe
  2⤵
  PID:7968
- C:\Windows\System\ihNMNTc.exe
  C:\Windows\System\ihNMNTc.exe
  2⤵
  PID:8088
- C:\Windows\System\zitkpOI.exe
  C:\Windows\System\zitkpOI.exe
  2⤵
  PID:2348
- C:\Windows\System\rHdZgIr.exe
  C:\Windows\System\rHdZgIr.exe
  2⤵
  PID:2528
- C:\Windows\System\ptZbWfi.exe
  C:\Windows\System\ptZbWfi.exe
  2⤵
  PID:6412
- C:\Windows\System\FyWaPhA.exe
  C:\Windows\System\FyWaPhA.exe
  2⤵
  PID:1188
- C:\Windows\System\SveVoee.exe
  C:\Windows\System\SveVoee.exe
  2⤵
  PID:6392
- C:\Windows\System\zNwwkcF.exe
  C:\Windows\System\zNwwkcF.exe
  2⤵
  PID:6488
- C:\Windows\System\wETMZZi.exe
  C:\Windows\System\wETMZZi.exe
  2⤵
  PID:7004
- C:\Windows\System\PSErOAq.exe
  C:\Windows\System\PSErOAq.exe
  2⤵
  PID:7628
- C:\Windows\System\FjhnowO.exe
  C:\Windows\System\FjhnowO.exe
  2⤵
  PID:2856
- C:\Windows\System\PNdtcvH.exe
  C:\Windows\System\PNdtcvH.exe
  2⤵
  PID:7820
- C:\Windows\System\UZtVkJW.exe
  C:\Windows\System\UZtVkJW.exe
  2⤵
  PID:7640
- C:\Windows\System\kubCKQk.exe
  C:\Windows\System\kubCKQk.exe
  2⤵
  PID:2668
- C:\Windows\System\jHuNRtO.exe
  C:\Windows\System\jHuNRtO.exe
  2⤵
  PID:2596
- C:\Windows\System\anFQTYf.exe
  C:\Windows\System\anFQTYf.exe
  2⤵
  PID:7988
- C:\Windows\System\ZOlXnjK.exe
  C:\Windows\System\ZOlXnjK.exe
  2⤵
  PID:6272
- C:\Windows\System\cRhyUJa.exe
  C:\Windows\System\cRhyUJa.exe
  2⤵
  PID:7604
- C:\Windows\System\oJfOsPc.exe
  C:\Windows\System\oJfOsPc.exe
  2⤵
  PID:304
- C:\Windows\System\XmBipxa.exe
  C:\Windows\System\XmBipxa.exe
  2⤵
  PID:2748
- C:\Windows\System\YRWatEm.exe
  C:\Windows\System\YRWatEm.exe
  2⤵
  PID:8144
- C:\Windows\System\ezBlmfV.exe
  C:\Windows\System\ezBlmfV.exe
  2⤵
  PID:2968
- C:\Windows\System\wBIRCWJ.exe
  C:\Windows\System\wBIRCWJ.exe
  2⤵
  PID:2780
- C:\Windows\System\adUQlrx.exe
  C:\Windows\System\adUQlrx.exe
  2⤵
  PID:2096
- C:\Windows\System\uIPHcAi.exe
  C:\Windows\System\uIPHcAi.exe
  2⤵
  PID:7360
- C:\Windows\System\CQVjCgo.exe
  C:\Windows\System\CQVjCgo.exe
  2⤵
  PID:7664
- C:\Windows\System\cqpFLQW.exe
  C:\Windows\System\cqpFLQW.exe
  2⤵
  PID:7768
- C:\Windows\System\VtrgPpQ.exe
  C:\Windows\System\VtrgPpQ.exe
  2⤵
  PID:7420
- C:\Windows\System\ORkMcHQ.exe
  C:\Windows\System\ORkMcHQ.exe
  2⤵
  PID:7592
- C:\Windows\System\JOUlyyD.exe
  C:\Windows\System\JOUlyyD.exe
  2⤵
  PID:7308
- C:\Windows\System\vNSiGRv.exe
  C:\Windows\System\vNSiGRv.exe
  2⤵
  PID:8204
- C:\Windows\System\smAPKVR.exe
  C:\Windows\System\smAPKVR.exe
  2⤵
  PID:8220
- C:\Windows\System\NMHMULy.exe
  C:\Windows\System\NMHMULy.exe
  2⤵
  PID:8236
- C:\Windows\System\VYkeYfG.exe
  C:\Windows\System\VYkeYfG.exe
  2⤵
  PID:8252
- C:\Windows\System\YhMDpwt.exe
  C:\Windows\System\YhMDpwt.exe
  2⤵
  PID:8268
- C:\Windows\System\sniOWQr.exe
  C:\Windows\System\sniOWQr.exe
  2⤵
  PID:8288
- C:\Windows\System\PsQVNje.exe
  C:\Windows\System\PsQVNje.exe
  2⤵
  PID:8304
- C:\Windows\System\ARBmuQU.exe
  C:\Windows\System\ARBmuQU.exe
  2⤵
  PID:8328
- C:\Windows\System\izuQQLI.exe
  C:\Windows\System\izuQQLI.exe
  2⤵
  PID:8348
- C:\Windows\System\bBCfOYB.exe
  C:\Windows\System\bBCfOYB.exe
  2⤵
  PID:8364
- C:\Windows\System\TwKpyxZ.exe
  C:\Windows\System\TwKpyxZ.exe
  2⤵
  PID:8388
- C:\Windows\System\QzWdINu.exe
  C:\Windows\System\QzWdINu.exe
  2⤵
  PID:8432
- C:\Windows\System\eokmuFn.exe
  C:\Windows\System\eokmuFn.exe
  2⤵
  PID:8448
- C:\Windows\System\yuKaxKu.exe
  C:\Windows\System\yuKaxKu.exe
  2⤵
  PID:8464
- C:\Windows\System\IlBszse.exe
  C:\Windows\System\IlBszse.exe
  2⤵
  PID:8480
- C:\Windows\System\NOPSxpR.exe
  C:\Windows\System\NOPSxpR.exe
  2⤵
  PID:8516
- C:\Windows\System\xDeeNUD.exe
  C:\Windows\System\xDeeNUD.exe
  2⤵
  PID:8596
- C:\Windows\System\zhACgvJ.exe
  C:\Windows\System\zhACgvJ.exe
  2⤵
  PID:8612
- C:\Windows\System\fcWlvjg.exe
  C:\Windows\System\fcWlvjg.exe
  2⤵
  PID:8628
- C:\Windows\System\AETJquC.exe
  C:\Windows\System\AETJquC.exe
  2⤵
  PID:8644
- C:\Windows\System\ecyNFlN.exe
  C:\Windows\System\ecyNFlN.exe
  2⤵
  PID:8660
- C:\Windows\System\PWPyEZg.exe
  C:\Windows\System\PWPyEZg.exe
  2⤵
  PID:8680
- C:\Windows\System\piEqcUc.exe
  C:\Windows\System\piEqcUc.exe
  2⤵
  PID:8708
- C:\Windows\System\UfDbhAP.exe
  C:\Windows\System\UfDbhAP.exe
  2⤵
  PID:8740
- C:\Windows\System\rdFtQYM.exe
  C:\Windows\System\rdFtQYM.exe
  2⤵
  PID:8756
- C:\Windows\System\MYvlqvt.exe
  C:\Windows\System\MYvlqvt.exe
  2⤵
  PID:8772
- C:\Windows\System\IIDmxXR.exe
  C:\Windows\System\IIDmxXR.exe
  2⤵
  PID:8800
- C:\Windows\System\FZMicpf.exe
  C:\Windows\System\FZMicpf.exe
  2⤵
  PID:8820
- C:\Windows\System\GzqrccJ.exe
  C:\Windows\System\GzqrccJ.exe
  2⤵
  PID:8836
- C:\Windows\System\cOCaGbA.exe
  C:\Windows\System\cOCaGbA.exe
  2⤵
  PID:8852
- C:\Windows\System\SjXUYEf.exe
  C:\Windows\System\SjXUYEf.exe
  2⤵
  PID:8880
- C:\Windows\System\ZkEcJRq.exe
  C:\Windows\System\ZkEcJRq.exe
  2⤵
  PID:8896
- C:\Windows\System\tOcljyE.exe
  C:\Windows\System\tOcljyE.exe
  2⤵
  PID:8912
- C:\Windows\System\ZgowgsW.exe
  C:\Windows\System\ZgowgsW.exe
  2⤵
  PID:8928
- C:\Windows\System\kWfbHbL.exe
  C:\Windows\System\kWfbHbL.exe
  2⤵
  PID:8944
- C:\Windows\System\xeQWgzw.exe
  C:\Windows\System\xeQWgzw.exe
  2⤵
  PID:8960
- C:\Windows\System\UTXofZB.exe
  C:\Windows\System\UTXofZB.exe
  2⤵
  PID:8976
- C:\Windows\System\tdfFiuv.exe
  C:\Windows\System\tdfFiuv.exe
  2⤵
  PID:8992
- C:\Windows\System\BhrxtIv.exe
  C:\Windows\System\BhrxtIv.exe
  2⤵
  PID:9008
- C:\Windows\System\RRuIhKM.exe
  C:\Windows\System\RRuIhKM.exe
  2⤵
  PID:9024
- C:\Windows\System\ZJZoynM.exe
  C:\Windows\System\ZJZoynM.exe
  2⤵
  PID:9040
- C:\Windows\System\MYTJSxn.exe
  C:\Windows\System\MYTJSxn.exe
  2⤵
  PID:9056
- C:\Windows\System\JnEmXNl.exe
  C:\Windows\System\JnEmXNl.exe
  2⤵
  PID:9072
- C:\Windows\System\djFcBlY.exe
  C:\Windows\System\djFcBlY.exe
  2⤵
  PID:9092
- C:\Windows\System\IQmuhcK.exe
  C:\Windows\System\IQmuhcK.exe
  2⤵
  PID:9108
- C:\Windows\System\ayltVdx.exe
  C:\Windows\System\ayltVdx.exe
  2⤵
  PID:9124
- C:\Windows\System\AWxWxPF.exe
  C:\Windows\System\AWxWxPF.exe
  2⤵
  PID:9140
- C:\Windows\System\bOZGsPp.exe
  C:\Windows\System\bOZGsPp.exe
  2⤵
  PID:9156
- C:\Windows\System\CXdWutp.exe
  C:\Windows\System\CXdWutp.exe
  2⤵
  PID:9172
- C:\Windows\System\xPEwgSy.exe
  C:\Windows\System\xPEwgSy.exe
  2⤵
  PID:9188
- C:\Windows\System\hvemVdU.exe
  C:\Windows\System\hvemVdU.exe
  2⤵
  PID:9204
- C:\Windows\System\cItJaUJ.exe
  C:\Windows\System\cItJaUJ.exe
  2⤵
  PID:7432
- C:\Windows\System\ooDkqZm.exe
  C:\Windows\System\ooDkqZm.exe
  2⤵
  PID:2688
- C:\Windows\System\ivJlgXv.exe
  C:\Windows\System\ivJlgXv.exe
  2⤵
  PID:7524
- C:\Windows\System\zArejaa.exe
  C:\Windows\System\zArejaa.exe
  2⤵
  PID:7992
- C:\Windows\System\ffSULSU.exe
  C:\Windows\System\ffSULSU.exe
  2⤵
  PID:7244
- C:\Windows\System\VLVcJFN.exe
  C:\Windows\System\VLVcJFN.exe
  2⤵
  PID:8164
- C:\Windows\System\MpoRvxj.exe
  C:\Windows\System\MpoRvxj.exe
  2⤵
  PID:2804
- C:\Windows\System\epwuYGT.exe
  C:\Windows\System\epwuYGT.exe
  2⤵
  PID:2084
- C:\Windows\System\HrOxHfQ.exe
  C:\Windows\System\HrOxHfQ.exe
  2⤵
  PID:8196
- C:\Windows\System\UwvIXRy.exe
  C:\Windows\System\UwvIXRy.exe
  2⤵
  PID:8260
- C:\Windows\System\DsBMWsT.exe
  C:\Windows\System\DsBMWsT.exe
  2⤵
  PID:8296
- C:\Windows\System\MDxpcnz.exe
  C:\Windows\System\MDxpcnz.exe
  2⤵
  PID:8248
- C:\Windows\System\xKzlTYz.exe
  C:\Windows\System\xKzlTYz.exe
  2⤵
  PID:8320
- C:\Windows\System\bNnBLdF.exe
  C:\Windows\System\bNnBLdF.exe
  2⤵
  PID:8396
- C:\Windows\System\BJWosGQ.exe
  C:\Windows\System\BJWosGQ.exe
  2⤵
  PID:8412
- C:\Windows\System\CosFuLk.exe
  C:\Windows\System\CosFuLk.exe
  2⤵
  PID:8424
- C:\Windows\System\vTyVsXC.exe
  C:\Windows\System\vTyVsXC.exe
  2⤵
  PID:8372
- C:\Windows\System\MkdkaWT.exe
  C:\Windows\System\MkdkaWT.exe
  2⤵
  PID:8476
- C:\Windows\System\yORquQz.exe
  C:\Windows\System\yORquQz.exe
  2⤵
  PID:8496
- C:\Windows\System\pVsvPLa.exe
  C:\Windows\System\pVsvPLa.exe
  2⤵
  PID:8532
- C:\Windows\System\YHFvxPp.exe
  C:\Windows\System\YHFvxPp.exe
  2⤵
  PID:8556
- C:\Windows\System\cALgbJr.exe
  C:\Windows\System\cALgbJr.exe
  2⤵
  PID:8552
- C:\Windows\System\MUFedKh.exe
  C:\Windows\System\MUFedKh.exe
  2⤵
  PID:8608
- C:\Windows\System\RUpLFvr.exe
  C:\Windows\System\RUpLFvr.exe
  2⤵
  PID:8656
- C:\Windows\System\nNpydwG.exe
  C:\Windows\System\nNpydwG.exe
  2⤵
  PID:8692
- C:\Windows\System\VRivMJN.exe
  C:\Windows\System\VRivMJN.exe
  2⤵
  PID:8716
- C:\Windows\System\wmyDiAc.exe
  C:\Windows\System\wmyDiAc.exe
  2⤵
  PID:8732
- C:\Windows\System\QemvxLm.exe
  C:\Windows\System\QemvxLm.exe
  2⤵
  PID:8784
- C:\Windows\System\DnszbWl.exe
  C:\Windows\System\DnszbWl.exe
  2⤵
  PID:8668
- C:\Windows\System\SQXqYeo.exe
  C:\Windows\System\SQXqYeo.exe
  2⤵
  PID:8796
- C:\Windows\System\RviCgQS.exe
  C:\Windows\System\RviCgQS.exe
  2⤵
  PID:8312
- C:\Windows\System\qvKBiFL.exe
  C:\Windows\System\qvKBiFL.exe
  2⤵
  PID:8844
- C:\Windows\System\DlLyhRW.exe
  C:\Windows\System\DlLyhRW.exe
  2⤵
  PID:8864
- C:\Windows\System\bsYbjyn.exe
  C:\Windows\System\bsYbjyn.exe
  2⤵
  PID:8936
- C:\Windows\System\LNVsJeA.exe
  C:\Windows\System\LNVsJeA.exe
  2⤵
  PID:9000
- C:\Windows\System\LnYDJYr.exe
  C:\Windows\System\LnYDJYr.exe
  2⤵
  PID:9064
- C:\Windows\System\datMwww.exe
  C:\Windows\System\datMwww.exe
  2⤵
  PID:9132
- C:\Windows\System\giORfux.exe
  C:\Windows\System\giORfux.exe
  2⤵
  PID:9196
- C:\Windows\System\eAwNsGV.exe
  C:\Windows\System\eAwNsGV.exe
  2⤵
  PID:2600
- C:\Windows\System\RBhEDjl.exe
  C:\Windows\System\RBhEDjl.exe
  2⤵
  PID:2728
- C:\Windows\System\fwvgHBe.exe
  C:\Windows\System\fwvgHBe.exe
  2⤵
  PID:8264
- C:\Windows\System\ylBIBqe.exe
  C:\Windows\System\ylBIBqe.exe
  2⤵
  PID:2532
- C:\Windows\System\hXwOgig.exe
  C:\Windows\System\hXwOgig.exe
  2⤵
  PID:9020
- C:\Windows\System\XthvJJH.exe
  C:\Windows\System\XthvJJH.exe
  2⤵
  PID:8888
- C:\Windows\System\DKxAOjp.exe
  C:\Windows\System\DKxAOjp.exe
  2⤵
  PID:2368
- C:\Windows\System\mbmIaQO.exe
  C:\Windows\System\mbmIaQO.exe
  2⤵
  PID:8924
- C:\Windows\System\EosRVTh.exe
  C:\Windows\System\EosRVTh.exe
  2⤵
  PID:9048
- C:\Windows\System\ogIxxgJ.exe
  C:\Windows\System\ogIxxgJ.exe
  2⤵
  PID:7332
- C:\Windows\System\rQSmofF.exe
  C:\Windows\System\rQSmofF.exe
  2⤵
  PID:8676
- C:\Windows\System\CfuCvWq.exe
  C:\Windows\System\CfuCvWq.exe
  2⤵
  PID:8280
- C:\Windows\System\URMIdVJ.exe
  C:\Windows\System\URMIdVJ.exe
  2⤵
  PID:8872
- C:\Windows\System\wslHmCX.exe
  C:\Windows\System\wslHmCX.exe
  2⤵
  PID:9032
- C:\Windows\System\hbbbxdH.exe
  C:\Windows\System\hbbbxdH.exe
  2⤵
  PID:9036
- C:\Windows\System\mIeNZsU.exe
  C:\Windows\System\mIeNZsU.exe
  2⤵
  PID:8216
- C:\Windows\System\RnMzWfp.exe
  C:\Windows\System\RnMzWfp.exe
  2⤵
  PID:8232
- C:\Windows\System\UFtbhty.exe
  C:\Windows\System\UFtbhty.exe
  2⤵
  PID:9120
- C:\Windows\System\JqiFAtn.exe
  C:\Windows\System\JqiFAtn.exe
  2⤵
  PID:8920
- C:\Windows\System\vMYZfRp.exe
  C:\Windows\System\vMYZfRp.exe
  2⤵
  PID:8988
- C:\Windows\System\vdYrXzE.exe
  C:\Windows\System\vdYrXzE.exe
  2⤵
  PID:440
- C:\Windows\System\ATrnIEP.exe
  C:\Windows\System\ATrnIEP.exe
  2⤵
  PID:8356
- C:\Windows\System\DdUjJTR.exe
  C:\Windows\System\DdUjJTR.exe
  2⤵
  PID:8380
- C:\Windows\System\DFzumBI.exe
  C:\Windows\System\DFzumBI.exe
  2⤵
  PID:8488
- C:\Windows\System\ZDNIkuf.exe
  C:\Windows\System\ZDNIkuf.exe
  2⤵
  PID:8568
- C:\Windows\System\HdyEMjL.exe
  C:\Windows\System\HdyEMjL.exe
  2⤵
  PID:8640
- C:\Windows\System\KAgjJvq.exe
  C:\Windows\System\KAgjJvq.exe
  2⤵
  PID:8752
- C:\Windows\System\QygCvgD.exe
  C:\Windows\System\QygCvgD.exe
  2⤵
  PID:8764
- C:\Windows\System\rHjvXFx.exe
  C:\Windows\System\rHjvXFx.exe
  2⤵
  PID:8768
- C:\Windows\System\zbKAORY.exe
  C:\Windows\System\zbKAORY.exe
  2⤵
  PID:8508
- C:\Windows\System\UeITuiX.exe
  C:\Windows\System\UeITuiX.exe
  2⤵
  PID:8544
- C:\Windows\System\oXppJba.exe
  C:\Windows\System\oXppJba.exe
  2⤵
  PID:8792
- C:\Windows\System\eIKOudZ.exe
  C:\Windows\System\eIKOudZ.exe
  2⤵
  PID:9164
- C:\Windows\System\JIIPsLK.exe
  C:\Windows\System\JIIPsLK.exe
  2⤵
  PID:8908
- C:\Windows\System\WfeSkVy.exe
  C:\Windows\System\WfeSkVy.exe
  2⤵
  PID:9152
- C:\Windows\System\EJnLqIR.exe
  C:\Windows\System\EJnLqIR.exe
  2⤵
  PID:2992
- C:\Windows\System\WfHaorD.exe
  C:\Windows\System\WfHaorD.exe
  2⤵
  PID:8284
- C:\Windows\System\hFofPpE.exe
  C:\Windows\System\hFofPpE.exe
  2⤵
  PID:8384
- C:\Windows\System\tdKlKdm.exe
  C:\Windows\System\tdKlKdm.exe
  2⤵
  PID:8672
- C:\Windows\System\CKqMnhd.exe
  C:\Windows\System\CKqMnhd.exe
  2⤵
  PID:8564
- C:\Windows\System\DmxVMgb.exe
  C:\Windows\System\DmxVMgb.exe
  2⤵
  PID:6924
- C:\Windows\System\ckNoooy.exe
  C:\Windows\System\ckNoooy.exe
  2⤵
  PID:8460
- C:\Windows\System\AAQaEbs.exe
  C:\Windows\System\AAQaEbs.exe
  2⤵
  PID:8832
- C:\Windows\System\sCqFGKL.exe
  C:\Windows\System\sCqFGKL.exe
  2⤵
  PID:8420
- C:\Windows\System\PqQEDgH.exe
  C:\Windows\System\PqQEDgH.exe
  2⤵
  PID:8408
- C:\Windows\System\CetBPUl.exe
  C:\Windows\System\CetBPUl.exe
  2⤵
  PID:8244
- C:\Windows\System\sKbUiCq.exe
  C:\Windows\System\sKbUiCq.exe
  2⤵
  PID:7444
- C:\Windows\System\jiYXxaD.exe
  C:\Windows\System\jiYXxaD.exe
  2⤵
  PID:8492
- C:\Windows\System\uuKaupY.exe
  C:\Windows\System\uuKaupY.exe
  2⤵
  PID:8588
- C:\Windows\System\BWTjlsO.exe
  C:\Windows\System\BWTjlsO.exe
  2⤵
  PID:8860
- C:\Windows\System\kFQFTqE.exe
  C:\Windows\System\kFQFTqE.exe
  2⤵
  PID:9180
- C:\Windows\System\sZFEIky.exe
  C:\Windows\System\sZFEIky.exe
  2⤵
  PID:7548
- C:\Windows\System\AYQSwiT.exe
  C:\Windows\System\AYQSwiT.exe
  2⤵
  PID:8200
- C:\Windows\System\EbkTVpC.exe
  C:\Windows\System\EbkTVpC.exe
  2⤵
  PID:8984
- C:\Windows\System\xoNMjlB.exe
  C:\Windows\System\xoNMjlB.exe
  2⤵
  PID:9220
- C:\Windows\System\MWOlCoa.exe
  C:\Windows\System\MWOlCoa.exe
  2⤵
  PID:9236
- C:\Windows\System\aIVHzif.exe
  C:\Windows\System\aIVHzif.exe
  2⤵
  PID:9252
- C:\Windows\System\oxeoQGa.exe
  C:\Windows\System\oxeoQGa.exe
  2⤵
  PID:9268
- C:\Windows\System\EFVtTHg.exe
  C:\Windows\System\EFVtTHg.exe
  2⤵
  PID:9284
- C:\Windows\System\dgAFHwQ.exe
  C:\Windows\System\dgAFHwQ.exe
  2⤵
  PID:9300
- C:\Windows\System\hdxdVOQ.exe
  C:\Windows\System\hdxdVOQ.exe
  2⤵
  PID:9316
- C:\Windows\System\QgdNXqd.exe
  C:\Windows\System\QgdNXqd.exe
  2⤵
  PID:9332
- C:\Windows\System\uGwZgdB.exe
  C:\Windows\System\uGwZgdB.exe
  2⤵
  PID:9348
- C:\Windows\System\WQuQfIz.exe
  C:\Windows\System\WQuQfIz.exe
  2⤵
  PID:9364
- C:\Windows\System\wHiJVid.exe
  C:\Windows\System\wHiJVid.exe
  2⤵
  PID:9380
- C:\Windows\System\FBzshWK.exe
  C:\Windows\System\FBzshWK.exe
  2⤵
  PID:9396
- C:\Windows\System\MRtgrVi.exe
  C:\Windows\System\MRtgrVi.exe
  2⤵
  PID:9412
- C:\Windows\System\eetpBSD.exe
  C:\Windows\System\eetpBSD.exe
  2⤵
  PID:9432
- C:\Windows\System\rJJyHFo.exe
  C:\Windows\System\rJJyHFo.exe
  2⤵
  PID:9448
- C:\Windows\System\NKFTtES.exe
  C:\Windows\System\NKFTtES.exe
  2⤵
  PID:9480
- C:\Windows\System\hTTEsig.exe
  C:\Windows\System\hTTEsig.exe
  2⤵
  PID:9496
- C:\Windows\System\KljBYhA.exe
  C:\Windows\System\KljBYhA.exe
  2⤵
  PID:9524
- C:\Windows\System\EMSzRwy.exe
  C:\Windows\System\EMSzRwy.exe
  2⤵
  PID:9540
- C:\Windows\System\WoUmnQM.exe
  C:\Windows\System\WoUmnQM.exe
  2⤵
  PID:9560
- C:\Windows\System\ewPtruA.exe
  C:\Windows\System\ewPtruA.exe
  2⤵
  PID:9580
- C:\Windows\System\YHCrmVi.exe
  C:\Windows\System\YHCrmVi.exe
  2⤵
  PID:9600
- C:\Windows\System\mSRGYao.exe
  C:\Windows\System\mSRGYao.exe
  2⤵
  PID:9624
- C:\Windows\System\oiRitei.exe
  C:\Windows\System\oiRitei.exe
  2⤵
  PID:9644
- C:\Windows\System\RKRunqR.exe
  C:\Windows\System\RKRunqR.exe
  2⤵
  PID:9664
- C:\Windows\System\ZViGElN.exe
  C:\Windows\System\ZViGElN.exe
  2⤵
  PID:9680
- C:\Windows\System\WlNZkfq.exe
  C:\Windows\System\WlNZkfq.exe
  2⤵
  PID:9700
- C:\Windows\System\UvoyTIr.exe
  C:\Windows\System\UvoyTIr.exe
  2⤵
  PID:9724
- C:\Windows\System\raWMohU.exe
  C:\Windows\System\raWMohU.exe
  2⤵
  PID:9740
- C:\Windows\System\awHEUkQ.exe
  C:\Windows\System\awHEUkQ.exe
  2⤵
  PID:9756
- C:\Windows\System\ryycUBE.exe
  C:\Windows\System\ryycUBE.exe
  2⤵
  PID:9772
- C:\Windows\System\IfBlNWE.exe
  C:\Windows\System\IfBlNWE.exe
  2⤵
  PID:9792
- C:\Windows\System\jEYpINk.exe
  C:\Windows\System\jEYpINk.exe
  2⤵
  PID:9812
- C:\Windows\System\XAYIXUF.exe
  C:\Windows\System\XAYIXUF.exe
  2⤵
  PID:9828
- C:\Windows\System\kfbBeEM.exe
  C:\Windows\System\kfbBeEM.exe
  2⤵
  PID:9844
- C:\Windows\System\AdBkDoc.exe
  C:\Windows\System\AdBkDoc.exe
  2⤵
  PID:9860
- C:\Windows\System\avyYoBA.exe
  C:\Windows\System\avyYoBA.exe
  2⤵
  PID:9880
- C:\Windows\System\sLeJOxk.exe
  C:\Windows\System\sLeJOxk.exe
  2⤵
  PID:9900
- C:\Windows\System\CnVMNLZ.exe
  C:\Windows\System\CnVMNLZ.exe
  2⤵
  PID:9924
- C:\Windows\System\baGGEdK.exe
  C:\Windows\System\baGGEdK.exe
  2⤵
  PID:9940
- C:\Windows\System\lZEXIdh.exe
  C:\Windows\System\lZEXIdh.exe
  2⤵
  PID:9960
- C:\Windows\System\FlEVBtM.exe
  C:\Windows\System\FlEVBtM.exe
  2⤵
  PID:9976
- C:\Windows\System\FgYcMmd.exe
  C:\Windows\System\FgYcMmd.exe
  2⤵
  PID:9992
- C:\Windows\System\dEfTQYy.exe
  C:\Windows\System\dEfTQYy.exe
  2⤵
  PID:10008
- C:\Windows\System\sQeWejQ.exe
  C:\Windows\System\sQeWejQ.exe
  2⤵
  PID:10024
- C:\Windows\System\IiLnWIL.exe
  C:\Windows\System\IiLnWIL.exe
  2⤵
  PID:10044
- C:\Windows\System\sMXabVI.exe
  C:\Windows\System\sMXabVI.exe
  2⤵
  PID:10060
- C:\Windows\System\eawdbxJ.exe
  C:\Windows\System\eawdbxJ.exe
  2⤵
  PID:10076
- C:\Windows\System\lHDaknA.exe
  C:\Windows\System\lHDaknA.exe
  2⤵
  PID:10092
- C:\Windows\System\nRRtgpS.exe
  C:\Windows\System\nRRtgpS.exe
  2⤵
  PID:10108
- C:\Windows\System\YsijrPY.exe
  C:\Windows\System\YsijrPY.exe
  2⤵
  PID:10124
- C:\Windows\System\RzxmiUK.exe
  C:\Windows\System\RzxmiUK.exe
  2⤵
  PID:10140
- C:\Windows\System\ObJCbGT.exe
  C:\Windows\System\ObJCbGT.exe
  2⤵
  PID:10156
- C:\Windows\System\XvUzjLK.exe
  C:\Windows\System\XvUzjLK.exe
  2⤵
  PID:10172
- C:\Windows\System\FhiWsYw.exe
  C:\Windows\System\FhiWsYw.exe
  2⤵
  PID:10188
- C:\Windows\System\wKrlhfk.exe
  C:\Windows\System\wKrlhfk.exe
  2⤵
  PID:10204
- C:\Windows\System\IPaiJsm.exe
  C:\Windows\System\IPaiJsm.exe
  2⤵
  PID:10220
- C:\Windows\System\FuIhwTp.exe
  C:\Windows\System\FuIhwTp.exe
  2⤵
  PID:10236
- C:\Windows\System\nckmpqP.exe
  C:\Windows\System\nckmpqP.exe
  2⤵
  PID:8404
- C:\Windows\System\TBYNytq.exe
  C:\Windows\System\TBYNytq.exe
  2⤵
  PID:976
- C:\Windows\System\vmNwEgj.exe
  C:\Windows\System\vmNwEgj.exe
  2⤵
  PID:9260
- C:\Windows\System\XdMmxfO.exe
  C:\Windows\System\XdMmxfO.exe
  2⤵
  PID:9296
- C:\Windows\System\ekBYZHQ.exe
  C:\Windows\System\ekBYZHQ.exe
  2⤵
  PID:9328
- C:\Windows\System\FHzHTYd.exe
  C:\Windows\System\FHzHTYd.exe
  2⤵
  PID:9428
- C:\Windows\System\DhEGdOc.exe
  C:\Windows\System\DhEGdOc.exe
  2⤵
  PID:9472
- C:\Windows\System\IDxTpqG.exe
  C:\Windows\System\IDxTpqG.exe
  2⤵
  PID:9508
- C:\Windows\System\YeKgMSL.exe
  C:\Windows\System\YeKgMSL.exe
  2⤵
  PID:9548
- C:\Windows\System\nzcVbzH.exe
  C:\Windows\System\nzcVbzH.exe
  2⤵
  PID:9592
- C:\Windows\System\TefzKFq.exe
  C:\Windows\System\TefzKFq.exe
  2⤵
  PID:9596
- C:\Windows\System\fcFItcs.exe
  C:\Windows\System\fcFItcs.exe
  2⤵
  PID:9672
- C:\Windows\System\aLRhmhu.exe
  C:\Windows\System\aLRhmhu.exe
  2⤵
  PID:9716
- C:\Windows\System\GUYzISr.exe
  C:\Windows\System\GUYzISr.exe
  2⤵
  PID:9248
- C:\Windows\System\sQsbWQw.exe
  C:\Windows\System\sQsbWQw.exe
  2⤵
  PID:9608
- C:\Windows\System\CoIlXWZ.exe
  C:\Windows\System\CoIlXWZ.exe
  2⤵
  PID:9820
- C:\Windows\System\jadFYMj.exe
  C:\Windows\System\jadFYMj.exe
  2⤵
  PID:9344
- C:\Windows\System\umQPPVR.exe
  C:\Windows\System\umQPPVR.exe
  2⤵
  PID:9376
- C:\Windows\System\XsODCxP.exe
  C:\Windows\System\XsODCxP.exe
  2⤵
  PID:9492
- C:\Windows\System\CLKnWXn.exe
  C:\Windows\System\CLKnWXn.exe
  2⤵
  PID:9612
- C:\Windows\System\MxlrSry.exe
  C:\Windows\System\MxlrSry.exe
  2⤵
  PID:9656
- C:\Windows\System\KjhgDAF.exe
  C:\Windows\System\KjhgDAF.exe
  2⤵
  PID:9732
- C:\Windows\System\vPSqRfu.exe
  C:\Windows\System\vPSqRfu.exe
  2⤵
  PID:9808
- C:\Windows\System\cUMSLXA.exe
  C:\Windows\System\cUMSLXA.exe
  2⤵
  PID:988
- C:\Windows\System\gHhpumD.exe
  C:\Windows\System\gHhpumD.exe
  2⤵
  PID:9888
- C:\Windows\System\SZYxVgc.exe
  C:\Windows\System\SZYxVgc.exe
  2⤵
  PID:9932
- C:\Windows\System\sdQfzhf.exe
  C:\Windows\System\sdQfzhf.exe
  2⤵
  PID:9916
- C:\Windows\System\OyHuyZU.exe
  C:\Windows\System\OyHuyZU.exe
  2⤵
  PID:10004
- C:\Windows\System\SVgzTkY.exe
  C:\Windows\System\SVgzTkY.exe
  2⤵
  PID:10040
- C:\Windows\System\PpFpjoc.exe
  C:\Windows\System\PpFpjoc.exe
  2⤵
  PID:9984
- C:\Windows\System\NnpKHAf.exe
  C:\Windows\System\NnpKHAf.exe
  2⤵
  PID:10104
- C:\Windows\System\GMmoDGz.exe
  C:\Windows\System\GMmoDGz.exe
  2⤵
  PID:10056
- C:\Windows\System\ULgnJdm.exe
  C:\Windows\System\ULgnJdm.exe
  2⤵
  PID:10084
- C:\Windows\System\AsHQxnS.exe
  C:\Windows\System\AsHQxnS.exe
  2⤵
  PID:10148
- C:\Windows\System\jQZBkNx.exe
  C:\Windows\System\jQZBkNx.exe
  2⤵
  PID:10212
- C:\Windows\System\icgUPlx.exe
  C:\Windows\System\icgUPlx.exe
  2⤵
  PID:9228
- C:\Windows\System\UtfceOV.exe
  C:\Windows\System\UtfceOV.exe
  2⤵
  PID:10200
- C:\Windows\System\RrtkcOs.exe
  C:\Windows\System\RrtkcOs.exe
  2⤵
  PID:9292
- C:\Windows\System\ryFcRQf.exe
  C:\Windows\System\ryFcRQf.exe
  2⤵
  PID:9388
- C:\Windows\System\spEBsEX.exe
  C:\Windows\System\spEBsEX.exe
  2⤵
  PID:9588
- C:\Windows\System\QOarBeL.exe
  C:\Windows\System\QOarBeL.exe
  2⤵
  PID:9280
- C:\Windows\System\STXzucF.exe
  C:\Windows\System\STXzucF.exe
  2⤵
  PID:9572
- C:\Windows\System\oCrrazC.exe
  C:\Windows\System\oCrrazC.exe
  2⤵
  PID:9576
- C:\Windows\System\gdhUzMo.exe
  C:\Windows\System\gdhUzMo.exe
  2⤵
  PID:9800
- C:\Windows\System\waHDgMN.exe
  C:\Windows\System\waHDgMN.exe
  2⤵
  PID:9876
- C:\Windows\System\CwrkkLj.exe
  C:\Windows\System\CwrkkLj.exe
  2⤵
  PID:10100
- C:\Windows\System\msxPnUS.exe
  C:\Windows\System\msxPnUS.exe
  2⤵
  PID:10164
- C:\Windows\System\FAGflOz.exe
  C:\Windows\System\FAGflOz.exe
  2⤵
  PID:9780
- C:\Windows\System\jyAzchB.exe
  C:\Windows\System\jyAzchB.exe
  2⤵
  PID:8696
- C:\Windows\System\YWVhFhD.exe
  C:\Windows\System\YWVhFhD.exe
  2⤵
  PID:9920
- C:\Windows\System\gPJcoYs.exe
  C:\Windows\System\gPJcoYs.exe
  2⤵
  PID:10052
- C:\Windows\System\NTlrcOh.exe
  C:\Windows\System\NTlrcOh.exe
  2⤵
  PID:10120
- C:\Windows\System\YXLJiva.exe
  C:\Windows\System\YXLJiva.exe
  2⤵
  PID:9464
- C:\Windows\System\UDxsmWN.exe
  C:\Windows\System\UDxsmWN.exe
  2⤵
  PID:9632
- C:\Windows\System\NeUwvXR.exe
  C:\Windows\System\NeUwvXR.exe
  2⤵
  PID:9640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AIonYcm.exe

Filesize
6.0MB

MD5
d7262dac7d2a6d4d7e03eb83f014d7e7

SHA1
ea337b6f18b18c74aad43b0c2deba4951cee9fb7

SHA256
fff3769f9ab3f24737c669af0759d349133ee3fef96226a162824f7b2c19a907

SHA512
952869145bbde05bf1e8019dfd744b32e820d4a9e3c5e0bd8776994c850e2ad7a927466039be35987bd1f393a8d95a249f591981cd41ee2cefbcb9c19f282642

Download Submit
C:\Windows\system\CrFiELZ.exe

Filesize
6.0MB

MD5
759c62ed7a4935c044ee45894613f717

SHA1
35be96a7fe14542fbf317923a5836be3be92a5e3

SHA256
e04f5db0be08fe0933cbcd56dac445241c999863bdcc288dc904e262c0396331

SHA512
184be2b482167b61587e071df8db61dfa9149e23d281d60b0312025692739dd87096a169ee48bc31302ace70876c06146a116ef5d738bb66d603f484fcc62a0c

Download Submit
C:\Windows\system\FnurtDz.exe

Filesize
6.0MB

MD5
e938d2d40a3eb49bba418822535435cd

SHA1
b712a46a14c4c80491a4e633f970b55a67e8b99d

SHA256
bfb8171beec55c7b6bb8915a726debeca296d70defb977cec0a033e16954f5eb

SHA512
66717e99bea293c7431353bd84d74405d032f884ebd32db47f06e7ca05efed895c649559e93cf766090bf76f3dd5493e4c22216b1d599f6e62cb028a0fd9ee14

Download Submit
C:\Windows\system\GVBrqoB.exe

Filesize
6.0MB

MD5
a57a7fea5646fbed38ddef78a0900570

SHA1
9a9b9fbd790dcc50101299708b18fd42cf778726

SHA256
69b9d0bdd75c786ba5690563f2b24c074d8f50c384eb9dd89c5ee754b2f9f2cb

SHA512
44e102ba78b837ed27ce904b801dffad64d8928a2c19e3ac197e7d8c1cd74707291541fbf635c3d19e50c81971c921e41570ce9625f0f36f69c8675880c90782

Download Submit
C:\Windows\system\HiqfXbf.exe

Filesize
6.0MB

MD5
7aa16c3c472e77c617850d894950782a

SHA1
33a9bbc2dc8b401ef4f6e2d28bda0a0b16f3fd81

SHA256
25f5664b9e729977e7dc9a104f2826ed36d27bcc22ad8d11b83679c086de920e

SHA512
7c98b12bb7727ff244ce19728f7f0aa8d14219061ec0e2ab8133c232a4a8f74f91e89f26b8004b3f9290c378390dcdfe09a6d2e71e1e73a059d0ae96ed62ba7f

Download Submit
C:\Windows\system\HtoihmU.exe

Filesize
6.0MB

MD5
cd4e161755a30bbec2efadb5866ecadd

SHA1
ae7677186fb3755d465a71849412466c44741116

SHA256
a7b03cea8e484f640a85484fce511cdedda327420d0a5429caafcc707b6bc6b4

SHA512
4a8161c548b0f09522d21f1f10fae538530532c6f60b383fdd019f8a5e8b273bb0e0055ad7f9104a0036ef82abbbb01fc7ff86abd23b6ed1b3b64510a0b32392

Download Submit
C:\Windows\system\LtsKbev.exe

Filesize
6.0MB

MD5
0d2ee9b50b0d4c539ff50349af01592c

SHA1
c007ef585bbd6bc20220dfbfcb80ce51d76f88f3

SHA256
0cbae6b4bf59c233e48c740af360682cd32cba4508c284ef0ecbc6c407ccfe20

SHA512
ac050ffef4cc19bbbe636d38e5d292c834072249d54173dcfbc3b2c011dd0c14815327acf702c2747b74dcdda82a30b97f909b290a13be2851f122e3f310c82f

Download Submit
C:\Windows\system\OoaHcwN.exe

Filesize
6.0MB

MD5
676ad57962579242b9ed27044d22fdd7

SHA1
1f5115b75bc93c767cc285afc5ca59cbee5a34ee

SHA256
48d7827bd18ae68fc5be5ccd86408414ecd6a47ec88c72ea3ae610b9d9033e6b

SHA512
19df08c3ca4d56127351ef4a474167cfe1b642a79517648189ec82f566db6b397bcd7239687ca01b07898f841680cad325fbf7c97793b2befec3923710316737

Download Submit
C:\Windows\system\QcmMQdu.exe

Filesize
6.0MB

MD5
55e5f5601a780029da496d5d1be34aa3

SHA1
a52d4d375f34d2b6d9b0ef95fe2cd2a1b09fe18d

SHA256
ae2538d007df8348663986b658ac157d3c0446a2629e6c4341870381f4fc06ed

SHA512
5b99c2a7ab0c587bd94bede64df12b04c6860b8abaf6c4bc5acd3ce0ace7996c1bbae600885f497bd93c6fe4cc41cafd4fd29355081cd60cd6a5afc4694181ff

Download Submit
C:\Windows\system\QzhwxFL.exe

Filesize
6.0MB

MD5
2775ac317454ee9e081b5d2a41e02fe9

SHA1
a096f7b5da7996ac568438ad65ea72b9f275eb26

SHA256
9be8ce651998300d111ad57f96d90e818f7c21a97a1b9dec654e4471c36d31ce

SHA512
4142e3a116decb3334c1d1b1fe05cd0e3fd7b88cdb3c9693493a5e66358ba6034ef7fdd7c0bfb47bf1ec42aabe7fe2975f8558b2fa0857fbcc3382ab7e6fcae8

Download Submit
C:\Windows\system\RWZKaZd.exe

Filesize
6.0MB

MD5
51e02458a021a21f35a787c0f4bb6d16

SHA1
8403b1a81ee50153e9ecb65efe3d26e5c053b36e

SHA256
ea918702ffe69bf202406a18bb5938d4c57c0e1170a444613962ac882593180f

SHA512
7a86c03ac1d974d891f00bbee215ff061f078aa4c005144d0de03521644721604f268477afd7c451f21bd365ae6edf4658d1997909f057ef3d34f85bdd1e9eb5

Download Submit
C:\Windows\system\SXsLsms.exe

Filesize
6.0MB

MD5
9fcd1000ef349d9933f4a98d84106084

SHA1
38c93c3546316b5cd635bd3b471835db94b0d11b

SHA256
92fce0d329bbcfa81b8d5d92da0fbcb1b4b0e504acc582d41399dbcd0db4e667

SHA512
95a2d7cd4ca2efc0fc891c5158b09043e5d85842e5d69639b74eca92d1f8361595017e5a6c92e6e3a89bf80ff5b14e891d0a986dcd01052b51f1ce4e5df27e46

Download Submit
C:\Windows\system\VfByCJU.exe

Filesize
6.0MB

MD5
a0afd3c2782a4aaf0f2159c9d4961eca

SHA1
c4ff2d312e4e833d632959d55f06ef7ed44b7edb

SHA256
18a5c693c4467ee1655385dd371606291abe7cb596f2f1e4d00206f3558b0f52

SHA512
7038146954ddd5582d3e9bf3a7712a0d18e41617309601304b2c692c37a10c4282cde720afaf339b20a8911bd8e57aa672ad8b2d5586687fb9f66ad4e4c33743

Download Submit
C:\Windows\system\WPwkwos.exe

Filesize
6.0MB

MD5
5b514c715b477e0a8e6d2706fbbc86d5

SHA1
b15188450960740a9ad2832f0caceb544a9892b6

SHA256
b03f580c529951e086fa718b5851d6abbef5931512912fa75a225db03e4f7be9

SHA512
3c5538094d375f90de817c2dc6f77c14dcdba373a9d95ad04a58220d2de8a89023dc8f8e22f823beb45618e0c74718e65e53b1d4d9c8e4bad59f1020db4884f5

Download Submit
C:\Windows\system\XWPahmT.exe

Filesize
6.0MB

MD5
421820f7eeb3e72d4f4f85542f6e6fe5

SHA1
2cb6d26a4d94762922720ffc650a2773d1f5e33b

SHA256
71e6625ee4a1ebdff04e05b4bc0f074ba2a2dd918ec5ba0e5ffe59f998de16f0

SHA512
b4419f44e6472bf92781e5424c0a16ca4df83c0e6cefb5d9a7e985c5ad834f021641e18e193130340480ea1fcf746021260ed90a62bfd9b4f6fb81dbd6d5137d

Download Submit
C:\Windows\system\aGdSZzf.exe

Filesize
6.0MB

MD5
bb19c52a546600474e9b1fe6b1acbae9

SHA1
203ac250e40e31d252d6b4cfeaea981069f55770

SHA256
080e5cd945fb27e608d5a8ee35337cac7d6ecf0d658faf3bfeb318e0336acd20

SHA512
414c41b9c56b1800e5074e1a7279565b5e06aea812cb88f2ab228e2bf20514f7b1d391f10fe993407c5aa106b032795204b0868c7d1d53a31592ce22c381688d

Download Submit
C:\Windows\system\gjMehLA.exe

Filesize
6.0MB

MD5
5606f539d48ec5c40410cb0c262401d6

SHA1
4b456f4c8557df8207fabb6586687b918f204726

SHA256
f35bf6314dbd19a9a86340e340a39d1d02c2e94f84c303dc415651f58d940d7e

SHA512
b5b1e3f1e42e96658fb45a643df28863112822ee0cd576579888659bbd50df2948c78633104d6dd32c6c8a01f2e1fa0f17e0b5601f132497e00afd62beb00c14

Download Submit
C:\Windows\system\hEPjdER.exe

Filesize
6.0MB

MD5
19a126244ca2e1c13ec120980d5c485e

SHA1
155aa258d2b5c95bbc0d8fb1094b227919a435d6

SHA256
b3d6d1d1da53d27cc1bbec151d6354a95ad56b24503afd3a1df33bde1fd4d2c3

SHA512
8236c0d84efa753601cf9ad2778ca019b3454f871a1c1006450fddf01b175c34c2d43d987e7950e8607f7febb09e97aa98cbb11e93db9734969d5deaedc13b85

Download Submit
C:\Windows\system\hxxeJqx.exe

Filesize
6.0MB

MD5
04d04d9a673a8c9401d28f6f81149970

SHA1
f8ee5773195f4e2c46285d7283d751dba8c75741

SHA256
e47b55a6fd233fca7e4811c2e869777ea2fafc4f1df5b5a67b30641489a3d59e

SHA512
b1d10c9f0ede228ba5e4f2f514d4131aa448045ce0e9c9038b9cf7de47878e477a76ad79d1b8514f34714d453068069bc4d85d1a45b00b7c019f0e0bf18a8c95

Download Submit
C:\Windows\system\nJCuxzW.exe

Filesize
6.0MB

MD5
1040a2837438b78f38096a5c2bd55309

SHA1
65876dadb88e8c4d5b5aff70619e2dd5a866397a

SHA256
7a178ff12a814f906147093578c61f7c89250d34b258b392762b789c9c1dcfb8

SHA512
4a9f2eb2646d1ba8fdf977341e550f4f39f96bd22e95bf1c09c0a9eee123cc15a8b430baa39a93e62797e92b7eb06624830b07ef464bedd9583f54a23df50db3

Download Submit
C:\Windows\system\nSjcLNo.exe

Filesize
6.0MB

MD5
9bf0d7e68bfe7c50aa960fc8c7be7e88

SHA1
8df2445d5b00ddf0e53599814435562c059c68da

SHA256
62920637a1c091da90107e6d0a2739001e726b1da2a3816eaa838d5aa92a95f3

SHA512
1ff37e067dc93fde11a32e104f839eb6989a35802617898da7be4bcc045d61b6436af025d584d34c1bb59b23b1d7c16d282546e99186121c8db1d8238569788b

Download Submit
C:\Windows\system\nTrWjuG.exe

Filesize
6.0MB

MD5
a4c0b0664c2ed9c17660b00bebf3ba0f

SHA1
466c503f0686f85221719df3b34a9bb1e44d904b

SHA256
e371614d38aba4c6aa91af7649615c809b161f2d3afa63a4f0d354cc1d483a51

SHA512
7dd124bd1c7e6caf83b2635c50b3d4d890a77d2fb17e17ac467bd78c624f88715a9413e78870906e3ca221e6ceb765a18f8f2a1991287446bbc908ca941339b7

Download Submit
C:\Windows\system\rGwCBqa.exe

Filesize
6.0MB

MD5
0e98f396a50c54f0bca3aa89bc47c0be

SHA1
15697891e9404cf43093bade2e0d7b93f1f506e2

SHA256
2e2b0f97b8f1f4a312d206ba259ea7f620d0c585d97b911a78b622680ac4baad

SHA512
cadb3495953646acbd473a8dbd341b5d988942187a7c81475f81556706927080a74ae70808bfb89fac4f17cfb4c96ae8a9e33001795b45923785506f4469c5a3

Download Submit
C:\Windows\system\rjfbZXq.exe

Filesize
6.0MB

MD5
f402080b0239c8a5ee4c264a88f2bb60

SHA1
ac490c4ec7a577d8c38065fdc927a8438a9479eb

SHA256
9ae42c082b147ca4af89ca9d174d42fb4f4df6515dc8d0a4918c604ccf27bb7a

SHA512
563c8565cc412d02923aed7cdc467d3e0ca5fa0121110c158e30e613aebcc8e2c4bc14f14b49837436ed80dd8ebe9afac97d132d9777b93b9289d3038a523c0c

Download Submit
C:\Windows\system\wnZKtxR.exe

Filesize
6.0MB

MD5
4be797e380c52c50dcf5cb50ef7e9ff5

SHA1
8e681707c3e4424c7a11c40bdb3e968a7c5df791

SHA256
6df7f1aac7667c37f741078b6febe3c9b5dd34281409f65e7ba93f6eb522a9a5

SHA512
f4a47a9d80011c063d90d11a4a9d8ec7222ab4de8e3610a4589ed03f0e95ee23aaab19000b3e77ec834039075f6932bae236cc30d6334367b025cab048abf335

Download Submit
C:\Windows\system\xzKnAJD.exe

Filesize
6.0MB

MD5
23f61da87486254075438a26368837d9

SHA1
715d65577fe6e5563b47139dadfd4797a09309ff

SHA256
e52ea5c09be9239b5daf0f7756d8932bc06ea10785adc2324aea636b7bfb26a9

SHA512
dc7a07e71bf707135799461a02522ac7aae69b45b6de1ea9d070d0583da41175a31c1d87c63a2c7f592913c796f0f2f476657f0f31a6985a497eb566dea711e4

Download Submit
C:\Windows\system\zdolScK.exe

Filesize
6.0MB

MD5
344fdc00df23cb4b2199c6ba57488a92

SHA1
2157668dc927378a3634e093366ddc8c60b84150

SHA256
c54b14d2c611faf5212cd7dd811bf503f3fbdfba608b4ca7a79a6c387f7d3a28

SHA512
425485e0261aef9c640e5bd0b65a21fdb4c22b0faac4653477a48db427614bb1996393373035eab9b3eb50a43eda38e02e5cc30620de3f244f7c6f24ac6b9166

Download Submit
\Windows\system\QnGucSR.exe

Filesize
6.0MB

MD5
5eacb8d3eb85ca70e054005193639067

SHA1
2cd8fd25b9dbd4c014e400f2ccb0eca3cbbee95d

SHA256
1b5539022b55d6b3aab8132fd41ad57b4f41d5939679ece30a9d4b26b1b664ba

SHA512
6a5ff158f5e9f6bcd51bebf44f0dffafdb65f93c5a4a57ce82f89f1567a7c8173ee73c4b3d2360ad5704260316d2342b0fe7181cb17af3532ff49253d964ce91

Download Submit
\Windows\system\UojqwfC.exe

Filesize
6.0MB

MD5
e3cb4a10c65f2434f9a2d04397088ce2

SHA1
cc6e63f077b3f94b2a5471ff9a594b609ff3b371

SHA256
38067a9cbd0d93cea1678d5741c992b28745cebed67cf769c20e8202fa1b3e1e

SHA512
0acfef144b2b80e871a613438362f94dc8aacf3190982bb6566085ac1229ed9cbf8314c778bac8cb78e025fd04939f810ff0e69741cc56101b2eb024c69eb046

Download Submit
\Windows\system\VUblQNc.exe

Filesize
6.0MB

MD5
afb2f04545e725981638461d7fdf2fe0

SHA1
0e3604108b44a21cf6636a9943fc5572d33b8ccf

SHA256
10862ae90a69faa226da4435c57fcd34cd07679e4b85fe7c3e56a265eba4de87

SHA512
3326060cc52b9bb5f543e4845a34bf54072e211c97bbeeb3620ef60429f6377c5eed84a81ce8332f54271035539b6c052e700f5e77a472d0081fd20b905c8568

Download Submit
\Windows\system\eDzRXdZ.exe

Filesize
6.0MB

MD5
343b41ba1d467c54890c864845fb1d3c

SHA1
4333082f669c3ebfe09899f8857668cac3b76b74

SHA256
b60b372863071ce11e6dad9daa5691b9907dded72b2ea93cc844550b76caedd1

SHA512
c3f874c4cc5923d8c4de9ae87b29b08fb27c03e3af27480e2811122e34a765c5e241cd1b727a80ad44cba50188863a928f99b41bc71c49697a787ae89b011f48

Download Submit
\Windows\system\ibuNHIH.exe

Filesize
6.0MB

MD5
a65ff1dabeef0650696656eca059a53c

SHA1
6a2cc0ee4398fd8c2089c936206a8d151047fc71

SHA256
a0d00141a2fb37a8b951910c9b2b9295115149623be6a19aff44756b4bfb28c6

SHA512
31de88a4e19d7724b5120fce74b8a2904923f41fc43bc056e2632111e8765c4c1066225c5e06dff4d5876eaf62601b80bf15441762c4e57b280a107505fb1267

Download Submit
\Windows\system\yYBEDDW.exe

Filesize
6.0MB

MD5
6f0f15396ac11d14f4951cbcada88606

SHA1
321883e2eef9042487c310cb9d4e8ec9c2e95aa7

SHA256
1e17ddb15bbceed9a493586f5a0b9cdd76fcec59c67e6f352414ebf438a50cc2

SHA512
4933cc60ba7fba1912882c4d87dfaa1a037b3870940cd4c2fd8d57ba1c54d685b4fce6b307165ad5050575992836684da0160f04099a78437563bb53b240d739

Download Submit
memory/2108-3843-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2108-2330-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2356-3839-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2356-2272-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2388-2351-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2388-0-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2388-2375-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-2226-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2388-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2388-2879-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2388-2883-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2388-2124-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2388-2274-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2680-2215-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3840-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-2372-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download