cobaltstrike | 5b6589419528fb81d58072dda8ed52e96ca5d2a26dd819e7e6c355774e81aa70

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 01:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

808af52bbda9a3f23a0481d55a6d8349
SHA1

293d7b4092e0f4770e17462a36e61c661e87335d
SHA256

5b6589419528fb81d58072dda8ed52e96ca5d2a26dd819e7e6c355774e81aa70
SHA512

1aaa896bd5610121b7acabacdc031f0daff0ec1e22644a25aea3110dfb0bc2b41d1370b3ff89e0cae03e1ebf64117d85441905d47b3624b3dce7f6c985e640ff
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU7:T+q56utgpPF8u/77

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001226d-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d9a-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dbe-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd1-19.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ea4-29.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173f1-51.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019256-83.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001928c-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a5-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944d-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019423-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019397-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019442-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936b-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019353-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019356-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-63.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-67.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-57.dat	cobalt_reflective_dll
behavioral1/files/0x0035000000016d3e-44.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173da-49.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001706d-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016eca-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 55 IoCs

miner

resource	yara_rule
behavioral1/memory/1400-0-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/files/0x000c00000001226d-6.dat	xmrig
behavioral1/files/0x0008000000016d9a-8.dat	xmrig
behavioral1/memory/1400-17-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2816-18-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016dbe-10.dat	xmrig
behavioral1/files/0x0008000000016dd1-19.dat	xmrig
behavioral1/files/0x0007000000016ea4-29.dat	xmrig
behavioral1/files/0x00080000000173f1-51.dat	xmrig
behavioral1/files/0x000500000001922c-73.dat	xmrig
behavioral1/files/0x0005000000019256-83.dat	xmrig
behavioral1/files/0x000500000001928c-106.dat	xmrig
behavioral1/files/0x00050000000193a5-136.dat	xmrig
behavioral1/memory/2796-1654-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x000500000001944d-162.dat	xmrig
behavioral1/files/0x0005000000019438-161.dat	xmrig
behavioral1/files/0x0005000000019423-138.dat	xmrig
behavioral1/files/0x0005000000019397-130.dat	xmrig
behavioral1/files/0x0005000000019442-154.dat	xmrig
behavioral1/files/0x0005000000019426-144.dat	xmrig
behavioral1/files/0x000500000001936b-123.dat	xmrig
behavioral1/files/0x000500000001937b-127.dat	xmrig
behavioral1/files/0x0005000000019353-113.dat	xmrig
behavioral1/files/0x0005000000019284-102.dat	xmrig
behavioral1/files/0x0005000000019263-101.dat	xmrig
behavioral1/files/0x0005000000019356-117.dat	xmrig
behavioral1/files/0x0005000000019266-97.dat	xmrig
behavioral1/files/0x0005000000019259-88.dat	xmrig
behavioral1/files/0x0005000000019244-77.dat	xmrig
behavioral1/files/0x00050000000191d4-63.dat	xmrig
behavioral1/files/0x00050000000191ff-67.dat	xmrig
behavioral1/files/0x00060000000190e0-57.dat	xmrig
behavioral1/files/0x0035000000016d3e-44.dat	xmrig
behavioral1/files/0x00080000000173da-49.dat	xmrig
behavioral1/files/0x000700000001706d-39.dat	xmrig
behavioral1/files/0x0007000000016eca-33.dat	xmrig
behavioral1/memory/2572-1785-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2588-1917-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/1400-1919-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2556-2344-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2744-3721-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2796-3724-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2620-3797-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2644-3796-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2588-3855-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2384-3853-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2548-3868-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2408-3869-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2572-3895-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2556-3894-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2816-3953-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/1436-3890-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2592-3889-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2032-3888-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/1400-3887-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2744	nwqGini.exe
2816	gtBFtnb.exe
2796	UBQICcg.exe
2384	UtCSLRZ.exe
2572	gXUIIfM.exe
2588	kuAMZVM.exe
2556	WSWVeDq.exe
2620	NwLjUAj.exe
2592	djofYcd.exe
2548	TRpOhjc.exe
1436	JYzULNl.exe
2644	LTrLUrH.exe
2032	YhcQODr.exe
2408	woYKMlB.exe
2060	HFSrXpx.exe
684	QVYrncE.exe
2088	QijMSTm.exe
584	swFiEEz.exe
356	pDlnuLp.exe
1720	bzUqcOv.exe
2012	KNRjkqH.exe
2732	kfqNyQJ.exe
1332	ABddxHS.exe
1652	qAuVwwq.exe
1960	bRlodYA.exe
2364	DPkDRKT.exe
2104	WPkHoDk.exe
2916	NAgPUVe.exe
2036	IiTfFFr.exe
2040	SKfmvMA.exe
2392	CTDIvkE.exe
1112	LqHhfsu.exe
2120	vzOqxRV.exe
1000	FQNWUFB.exe
2168	tgwqeYa.exe
1824	FgycXmF.exe
1368	nOayEdL.exe
1868	YdgdhVh.exe
1708	cQESMZw.exe
960	GZhGRTV.exe
2332	qCGRfoi.exe
1544	eAmhRjG.exe
1684	JPqFEyX.exe
1748	zFNVFJB.exe
1752	VnljvoC.exe
620	IGjFyzO.exe
2504	hwPIcHm.exe
2256	WWkdyfa.exe
3044	pwENxpK.exe
2940	bulaPlj.exe
2936	vsdcizC.exe
1196	amOsqyy.exe
2520	BArDOsH.exe
2344	PoawSwn.exe
2072	rjUfVdS.exe
1996	iLDvzCI.exe
908	IglMnvx.exe
2948	hiitKiT.exe
1584	IvtTXWa.exe
2804	qGSxVdz.exe
1588	XtutLqp.exe
2860	MqGKDFu.exe
2596	JhtWStv.exe
2680	WvGQcIw.exe

Loads dropped DLL 64 IoCs

pid	Process
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 53 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1400-0-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/files/0x000c00000001226d-6.dat	upx
behavioral1/files/0x0008000000016d9a-8.dat	upx
behavioral1/memory/2816-18-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/files/0x0008000000016dbe-10.dat	upx
behavioral1/files/0x0008000000016dd1-19.dat	upx
behavioral1/files/0x0007000000016ea4-29.dat	upx
behavioral1/files/0x00080000000173f1-51.dat	upx
behavioral1/files/0x000500000001922c-73.dat	upx
behavioral1/files/0x0005000000019256-83.dat	upx
behavioral1/files/0x000500000001928c-106.dat	upx
behavioral1/files/0x00050000000193a5-136.dat	upx
behavioral1/memory/2796-1654-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x000500000001944d-162.dat	upx
behavioral1/files/0x0005000000019438-161.dat	upx
behavioral1/files/0x0005000000019423-138.dat	upx
behavioral1/files/0x0005000000019397-130.dat	upx
behavioral1/files/0x0005000000019442-154.dat	upx
behavioral1/files/0x0005000000019426-144.dat	upx
behavioral1/files/0x000500000001936b-123.dat	upx
behavioral1/files/0x000500000001937b-127.dat	upx
behavioral1/files/0x0005000000019353-113.dat	upx
behavioral1/files/0x0005000000019284-102.dat	upx
behavioral1/files/0x0005000000019263-101.dat	upx
behavioral1/files/0x0005000000019356-117.dat	upx
behavioral1/files/0x0005000000019266-97.dat	upx
behavioral1/files/0x0005000000019259-88.dat	upx
behavioral1/files/0x0005000000019244-77.dat	upx
behavioral1/files/0x00050000000191d4-63.dat	upx
behavioral1/files/0x00050000000191ff-67.dat	upx
behavioral1/files/0x00060000000190e0-57.dat	upx
behavioral1/files/0x0035000000016d3e-44.dat	upx
behavioral1/files/0x00080000000173da-49.dat	upx
behavioral1/files/0x000700000001706d-39.dat	upx
behavioral1/files/0x0007000000016eca-33.dat	upx
behavioral1/memory/2572-1785-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2588-1917-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2556-2344-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2744-3721-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2796-3724-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2620-3797-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2644-3796-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2588-3855-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2384-3853-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2548-3868-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2408-3869-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2572-3895-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2556-3894-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2816-3953-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/1436-3890-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2592-3889-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2032-3888-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/1400-3887-0x000000013F810000-0x000000013FB64000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qrkgCRZ.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYfdyFD.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NAgPUVe.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eyGRyfg.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FnocyRe.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JOyxjYN.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fJZvLtZ.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNIFQbM.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yMrSrLW.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EXwtJGP.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tEHOJdG.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DyAWbUF.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MEsSBkf.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HUbVLbL.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RiwofUc.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\egfGWPl.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AWwtWwf.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVQAucs.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RhsfMag.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GBBMmYq.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SIQjBzl.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRBykhV.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oZOmeIG.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jyIArXm.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xrlnzpB.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZfBXkNb.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOOYBWQ.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NTriSgA.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OyTQdRi.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BRWwiAd.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cfTkLmA.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ROlZKFE.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGVywUO.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kuAMZVM.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gBYsXNi.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DBQalZJ.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gGhTqbb.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nDukbtb.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GeCHtuS.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vEvycQz.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MlMixVe.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tvoxPjQ.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYpGkXb.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gvmqmwN.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zFNVFJB.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LMmUpCb.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TtjuXia.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qkYxKWw.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RQjBako.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xVtzwRP.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tfGxxMV.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GuHaeeB.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZUNMowM.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dnTdSDu.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OkNdpfJ.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btHQHNI.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qcXgdKT.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vNjVVRb.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VkgwyET.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TgEQpit.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hCHtfXt.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KDNJymX.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oDgdwOp.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EHlnotO.exe	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 2744	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1400 wrote to memory of 2744	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1400 wrote to memory of 2744	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1400 wrote to memory of 2816	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1400 wrote to memory of 2816	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1400 wrote to memory of 2816	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1400 wrote to memory of 2796	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1400 wrote to memory of 2796	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1400 wrote to memory of 2796	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1400 wrote to memory of 2384	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1400 wrote to memory of 2384	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1400 wrote to memory of 2384	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1400 wrote to memory of 2572	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1400 wrote to memory of 2572	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1400 wrote to memory of 2572	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1400 wrote to memory of 2588	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1400 wrote to memory of 2588	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1400 wrote to memory of 2588	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1400 wrote to memory of 2556	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1400 wrote to memory of 2556	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1400 wrote to memory of 2556	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1400 wrote to memory of 2620	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1400 wrote to memory of 2620	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1400 wrote to memory of 2620	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1400 wrote to memory of 2592	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1400 wrote to memory of 2592	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1400 wrote to memory of 2592	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1400 wrote to memory of 2548	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1400 wrote to memory of 2548	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1400 wrote to memory of 2548	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1400 wrote to memory of 1436	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1400 wrote to memory of 1436	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1400 wrote to memory of 1436	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1400 wrote to memory of 2644	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1400 wrote to memory of 2644	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1400 wrote to memory of 2644	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1400 wrote to memory of 2032	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1400 wrote to memory of 2032	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1400 wrote to memory of 2032	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1400 wrote to memory of 2408	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1400 wrote to memory of 2408	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1400 wrote to memory of 2408	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1400 wrote to memory of 2060	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1400 wrote to memory of 2060	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1400 wrote to memory of 2060	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1400 wrote to memory of 684	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1400 wrote to memory of 684	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1400 wrote to memory of 684	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1400 wrote to memory of 2088	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1400 wrote to memory of 2088	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1400 wrote to memory of 2088	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1400 wrote to memory of 356	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1400 wrote to memory of 356	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1400 wrote to memory of 356	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1400 wrote to memory of 584	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1400 wrote to memory of 584	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1400 wrote to memory of 584	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1400 wrote to memory of 1720	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1400 wrote to memory of 1720	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1400 wrote to memory of 1720	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1400 wrote to memory of 2012	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1400 wrote to memory of 2012	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1400 wrote to memory of 2012	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1400 wrote to memory of 2732	1400	2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_808af52bbda9a3f23a0481d55a6d8349_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Windows\System\nwqGini.exe
  C:\Windows\System\nwqGini.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\gtBFtnb.exe
  C:\Windows\System\gtBFtnb.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\UBQICcg.exe
  C:\Windows\System\UBQICcg.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\UtCSLRZ.exe
  C:\Windows\System\UtCSLRZ.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\gXUIIfM.exe
  C:\Windows\System\gXUIIfM.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\kuAMZVM.exe
  C:\Windows\System\kuAMZVM.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\WSWVeDq.exe
  C:\Windows\System\WSWVeDq.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\NwLjUAj.exe
  C:\Windows\System\NwLjUAj.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\djofYcd.exe
  C:\Windows\System\djofYcd.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\TRpOhjc.exe
  C:\Windows\System\TRpOhjc.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\JYzULNl.exe
  C:\Windows\System\JYzULNl.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\LTrLUrH.exe
  C:\Windows\System\LTrLUrH.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\YhcQODr.exe
  C:\Windows\System\YhcQODr.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\woYKMlB.exe
  C:\Windows\System\woYKMlB.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\HFSrXpx.exe
  C:\Windows\System\HFSrXpx.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\QVYrncE.exe
  C:\Windows\System\QVYrncE.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\QijMSTm.exe
  C:\Windows\System\QijMSTm.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\pDlnuLp.exe
  C:\Windows\System\pDlnuLp.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\swFiEEz.exe
  C:\Windows\System\swFiEEz.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\bzUqcOv.exe
  C:\Windows\System\bzUqcOv.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\KNRjkqH.exe
  C:\Windows\System\KNRjkqH.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\kfqNyQJ.exe
  C:\Windows\System\kfqNyQJ.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\ABddxHS.exe
  C:\Windows\System\ABddxHS.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\qAuVwwq.exe
  C:\Windows\System\qAuVwwq.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\bRlodYA.exe
  C:\Windows\System\bRlodYA.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\NAgPUVe.exe
  C:\Windows\System\NAgPUVe.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\DPkDRKT.exe
  C:\Windows\System\DPkDRKT.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\SKfmvMA.exe
  C:\Windows\System\SKfmvMA.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\WPkHoDk.exe
  C:\Windows\System\WPkHoDk.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\CTDIvkE.exe
  C:\Windows\System\CTDIvkE.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\IiTfFFr.exe
  C:\Windows\System\IiTfFFr.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\LqHhfsu.exe
  C:\Windows\System\LqHhfsu.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\vzOqxRV.exe
  C:\Windows\System\vzOqxRV.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\tgwqeYa.exe
  C:\Windows\System\tgwqeYa.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\FQNWUFB.exe
  C:\Windows\System\FQNWUFB.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\nOayEdL.exe
  C:\Windows\System\nOayEdL.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\FgycXmF.exe
  C:\Windows\System\FgycXmF.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\YdgdhVh.exe
  C:\Windows\System\YdgdhVh.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\cQESMZw.exe
  C:\Windows\System\cQESMZw.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\GZhGRTV.exe
  C:\Windows\System\GZhGRTV.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\qCGRfoi.exe
  C:\Windows\System\qCGRfoi.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\JPqFEyX.exe
  C:\Windows\System\JPqFEyX.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\eAmhRjG.exe
  C:\Windows\System\eAmhRjG.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\VnljvoC.exe
  C:\Windows\System\VnljvoC.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\zFNVFJB.exe
  C:\Windows\System\zFNVFJB.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\IGjFyzO.exe
  C:\Windows\System\IGjFyzO.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\hwPIcHm.exe
  C:\Windows\System\hwPIcHm.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\pwENxpK.exe
  C:\Windows\System\pwENxpK.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\WWkdyfa.exe
  C:\Windows\System\WWkdyfa.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\vsdcizC.exe
  C:\Windows\System\vsdcizC.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\bulaPlj.exe
  C:\Windows\System\bulaPlj.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\amOsqyy.exe
  C:\Windows\System\amOsqyy.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\BArDOsH.exe
  C:\Windows\System\BArDOsH.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\iLDvzCI.exe
  C:\Windows\System\iLDvzCI.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\PoawSwn.exe
  C:\Windows\System\PoawSwn.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\IglMnvx.exe
  C:\Windows\System\IglMnvx.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\rjUfVdS.exe
  C:\Windows\System\rjUfVdS.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\hiitKiT.exe
  C:\Windows\System\hiitKiT.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\IvtTXWa.exe
  C:\Windows\System\IvtTXWa.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\XtutLqp.exe
  C:\Windows\System\XtutLqp.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\qGSxVdz.exe
  C:\Windows\System\qGSxVdz.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\WvGQcIw.exe
  C:\Windows\System\WvGQcIw.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\MqGKDFu.exe
  C:\Windows\System\MqGKDFu.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\inyfxBE.exe
  C:\Windows\System\inyfxBE.exe
  2⤵
  PID:2656
- C:\Windows\System\JhtWStv.exe
  C:\Windows\System\JhtWStv.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\dhyUqka.exe
  C:\Windows\System\dhyUqka.exe
  2⤵
  PID:2028
- C:\Windows\System\NRKatpv.exe
  C:\Windows\System\NRKatpv.exe
  2⤵
  PID:1528
- C:\Windows\System\cKRpePw.exe
  C:\Windows\System\cKRpePw.exe
  2⤵
  PID:2372
- C:\Windows\System\mizRHXt.exe
  C:\Windows\System\mizRHXt.exe
  2⤵
  PID:1536
- C:\Windows\System\mDPOPia.exe
  C:\Windows\System\mDPOPia.exe
  2⤵
  PID:2316
- C:\Windows\System\HUbVLbL.exe
  C:\Windows\System\HUbVLbL.exe
  2⤵
  PID:2532
- C:\Windows\System\MyMYmYk.exe
  C:\Windows\System\MyMYmYk.exe
  2⤵
  PID:2276
- C:\Windows\System\qEIIGLj.exe
  C:\Windows\System\qEIIGLj.exe
  2⤵
  PID:236
- C:\Windows\System\eWzrCOE.exe
  C:\Windows\System\eWzrCOE.exe
  2⤵
  PID:1956
- C:\Windows\System\vxfrhcu.exe
  C:\Windows\System\vxfrhcu.exe
  2⤵
  PID:2868
- C:\Windows\System\ogAInqA.exe
  C:\Windows\System\ogAInqA.exe
  2⤵
  PID:2396
- C:\Windows\System\dTtsyEq.exe
  C:\Windows\System\dTtsyEq.exe
  2⤵
  PID:2788
- C:\Windows\System\KsrkACH.exe
  C:\Windows\System\KsrkACH.exe
  2⤵
  PID:2524
- C:\Windows\System\eNizZYd.exe
  C:\Windows\System\eNizZYd.exe
  2⤵
  PID:2160
- C:\Windows\System\RGNnWwK.exe
  C:\Windows\System\RGNnWwK.exe
  2⤵
  PID:1808
- C:\Windows\System\EDuoBLE.exe
  C:\Windows\System\EDuoBLE.exe
  2⤵
  PID:2268
- C:\Windows\System\JtvoflJ.exe
  C:\Windows\System\JtvoflJ.exe
  2⤵
  PID:2800
- C:\Windows\System\yEmBOcN.exe
  C:\Windows\System\yEmBOcN.exe
  2⤵
  PID:1872
- C:\Windows\System\EWocNFA.exe
  C:\Windows\System\EWocNFA.exe
  2⤵
  PID:3068
- C:\Windows\System\SFwONTc.exe
  C:\Windows\System\SFwONTc.exe
  2⤵
  PID:2000
- C:\Windows\System\FzhTXgk.exe
  C:\Windows\System\FzhTXgk.exe
  2⤵
  PID:2424
- C:\Windows\System\hobDXzg.exe
  C:\Windows\System\hobDXzg.exe
  2⤵
  PID:3040
- C:\Windows\System\IWvISNp.exe
  C:\Windows\System\IWvISNp.exe
  2⤵
  PID:2828
- C:\Windows\System\EXlrLnP.exe
  C:\Windows\System\EXlrLnP.exe
  2⤵
  PID:2452
- C:\Windows\System\tsTHmqw.exe
  C:\Windows\System\tsTHmqw.exe
  2⤵
  PID:2440
- C:\Windows\System\UfKJMPT.exe
  C:\Windows\System\UfKJMPT.exe
  2⤵
  PID:1784
- C:\Windows\System\LfxAGLu.exe
  C:\Windows\System\LfxAGLu.exe
  2⤵
  PID:824
- C:\Windows\System\iMmTztT.exe
  C:\Windows\System\iMmTztT.exe
  2⤵
  PID:1704
- C:\Windows\System\PEDPWoH.exe
  C:\Windows\System\PEDPWoH.exe
  2⤵
  PID:2508
- C:\Windows\System\uNrsaDw.exe
  C:\Windows\System\uNrsaDw.exe
  2⤵
  PID:1948
- C:\Windows\System\KlEWwsU.exe
  C:\Windows\System\KlEWwsU.exe
  2⤵
  PID:2684
- C:\Windows\System\kKbMlqV.exe
  C:\Windows\System\kKbMlqV.exe
  2⤵
  PID:2988
- C:\Windows\System\fzowkYd.exe
  C:\Windows\System\fzowkYd.exe
  2⤵
  PID:2820
- C:\Windows\System\zfGwtqQ.exe
  C:\Windows\System\zfGwtqQ.exe
  2⤵
  PID:2640
- C:\Windows\System\yFqcnLc.exe
  C:\Windows\System\yFqcnLc.exe
  2⤵
  PID:2428
- C:\Windows\System\pUjPxMc.exe
  C:\Windows\System\pUjPxMc.exe
  2⤵
  PID:556
- C:\Windows\System\mQFRANy.exe
  C:\Windows\System\mQFRANy.exe
  2⤵
  PID:2228
- C:\Windows\System\nmZXgKl.exe
  C:\Windows\System\nmZXgKl.exe
  2⤵
  PID:1364
- C:\Windows\System\VjcupzC.exe
  C:\Windows\System\VjcupzC.exe
  2⤵
  PID:2736
- C:\Windows\System\knOIzYR.exe
  C:\Windows\System\knOIzYR.exe
  2⤵
  PID:2984
- C:\Windows\System\bNJTdHB.exe
  C:\Windows\System\bNJTdHB.exe
  2⤵
  PID:3028
- C:\Windows\System\JejWmRp.exe
  C:\Windows\System\JejWmRp.exe
  2⤵
  PID:1304
- C:\Windows\System\MzOUcIM.exe
  C:\Windows\System\MzOUcIM.exe
  2⤵
  PID:996
- C:\Windows\System\RWBmmTD.exe
  C:\Windows\System\RWBmmTD.exe
  2⤵
  PID:596
- C:\Windows\System\uiesoNd.exe
  C:\Windows\System\uiesoNd.exe
  2⤵
  PID:1272
- C:\Windows\System\riJrGCV.exe
  C:\Windows\System\riJrGCV.exe
  2⤵
  PID:2184
- C:\Windows\System\EvGnzjX.exe
  C:\Windows\System\EvGnzjX.exe
  2⤵
  PID:1532
- C:\Windows\System\tOlAZib.exe
  C:\Windows\System\tOlAZib.exe
  2⤵
  PID:2652
- C:\Windows\System\guWVsAl.exe
  C:\Windows\System\guWVsAl.exe
  2⤵
  PID:1700
- C:\Windows\System\yWchZiB.exe
  C:\Windows\System\yWchZiB.exe
  2⤵
  PID:1772
- C:\Windows\System\xncZnsS.exe
  C:\Windows\System\xncZnsS.exe
  2⤵
  PID:2904
- C:\Windows\System\nIfDbSN.exe
  C:\Windows\System\nIfDbSN.exe
  2⤵
  PID:2324
- C:\Windows\System\vNUnQxd.exe
  C:\Windows\System\vNUnQxd.exe
  2⤵
  PID:2464
- C:\Windows\System\tvEamJW.exe
  C:\Windows\System\tvEamJW.exe
  2⤵
  PID:2544
- C:\Windows\System\fxFHbEo.exe
  C:\Windows\System\fxFHbEo.exe
  2⤵
  PID:1044
- C:\Windows\System\aVwGmxX.exe
  C:\Windows\System\aVwGmxX.exe
  2⤵
  PID:1764
- C:\Windows\System\bPfOAen.exe
  C:\Windows\System\bPfOAen.exe
  2⤵
  PID:2848
- C:\Windows\System\rNQnxJA.exe
  C:\Windows\System\rNQnxJA.exe
  2⤵
  PID:1876
- C:\Windows\System\VmoggWU.exe
  C:\Windows\System\VmoggWU.exe
  2⤵
  PID:3088
- C:\Windows\System\alPsuvy.exe
  C:\Windows\System\alPsuvy.exe
  2⤵
  PID:3104
- C:\Windows\System\oPqcOiY.exe
  C:\Windows\System\oPqcOiY.exe
  2⤵
  PID:3124
- C:\Windows\System\dcIRsWt.exe
  C:\Windows\System\dcIRsWt.exe
  2⤵
  PID:3144
- C:\Windows\System\bPwGZuc.exe
  C:\Windows\System\bPwGZuc.exe
  2⤵
  PID:3164
- C:\Windows\System\gibGOJS.exe
  C:\Windows\System\gibGOJS.exe
  2⤵
  PID:3184
- C:\Windows\System\jPBqppU.exe
  C:\Windows\System\jPBqppU.exe
  2⤵
  PID:3208
- C:\Windows\System\DfiXgfN.exe
  C:\Windows\System\DfiXgfN.exe
  2⤵
  PID:3232
- C:\Windows\System\GTnuSMc.exe
  C:\Windows\System\GTnuSMc.exe
  2⤵
  PID:3248
- C:\Windows\System\hKBGoYG.exe
  C:\Windows\System\hKBGoYG.exe
  2⤵
  PID:3268
- C:\Windows\System\nraIOxm.exe
  C:\Windows\System\nraIOxm.exe
  2⤵
  PID:3288
- C:\Windows\System\zmECdqy.exe
  C:\Windows\System\zmECdqy.exe
  2⤵
  PID:3304
- C:\Windows\System\zfCIcQa.exe
  C:\Windows\System\zfCIcQa.exe
  2⤵
  PID:3320
- C:\Windows\System\WNvfIUX.exe
  C:\Windows\System\WNvfIUX.exe
  2⤵
  PID:3340
- C:\Windows\System\zBHueqg.exe
  C:\Windows\System\zBHueqg.exe
  2⤵
  PID:3360
- C:\Windows\System\dvdpFoz.exe
  C:\Windows\System\dvdpFoz.exe
  2⤵
  PID:3376
- C:\Windows\System\IcxOvDy.exe
  C:\Windows\System\IcxOvDy.exe
  2⤵
  PID:3392
- C:\Windows\System\ubQooRU.exe
  C:\Windows\System\ubQooRU.exe
  2⤵
  PID:3416
- C:\Windows\System\GPyTsGD.exe
  C:\Windows\System\GPyTsGD.exe
  2⤵
  PID:3432
- C:\Windows\System\oQeEjyX.exe
  C:\Windows\System\oQeEjyX.exe
  2⤵
  PID:3476
- C:\Windows\System\KSoJzIg.exe
  C:\Windows\System\KSoJzIg.exe
  2⤵
  PID:3492
- C:\Windows\System\GpNFglz.exe
  C:\Windows\System\GpNFglz.exe
  2⤵
  PID:3512
- C:\Windows\System\eyGRyfg.exe
  C:\Windows\System\eyGRyfg.exe
  2⤵
  PID:3528
- C:\Windows\System\FnocyRe.exe
  C:\Windows\System\FnocyRe.exe
  2⤵
  PID:3548
- C:\Windows\System\Slxbpam.exe
  C:\Windows\System\Slxbpam.exe
  2⤵
  PID:3564
- C:\Windows\System\nnFkJjU.exe
  C:\Windows\System\nnFkJjU.exe
  2⤵
  PID:3588
- C:\Windows\System\wgYRVRs.exe
  C:\Windows\System\wgYRVRs.exe
  2⤵
  PID:3608
- C:\Windows\System\EbFaRWs.exe
  C:\Windows\System\EbFaRWs.exe
  2⤵
  PID:3636
- C:\Windows\System\jNqvHKH.exe
  C:\Windows\System\jNqvHKH.exe
  2⤵
  PID:3656
- C:\Windows\System\INNjRzV.exe
  C:\Windows\System\INNjRzV.exe
  2⤵
  PID:3672
- C:\Windows\System\tvlCPsB.exe
  C:\Windows\System\tvlCPsB.exe
  2⤵
  PID:3696
- C:\Windows\System\ehWDxAt.exe
  C:\Windows\System\ehWDxAt.exe
  2⤵
  PID:3712
- C:\Windows\System\mpePqjS.exe
  C:\Windows\System\mpePqjS.exe
  2⤵
  PID:3736
- C:\Windows\System\qupxVMz.exe
  C:\Windows\System\qupxVMz.exe
  2⤵
  PID:3756
- C:\Windows\System\igzEnfs.exe
  C:\Windows\System\igzEnfs.exe
  2⤵
  PID:3772
- C:\Windows\System\qlnacvq.exe
  C:\Windows\System\qlnacvq.exe
  2⤵
  PID:3796
- C:\Windows\System\JiWKswi.exe
  C:\Windows\System\JiWKswi.exe
  2⤵
  PID:3812
- C:\Windows\System\LlvkStn.exe
  C:\Windows\System\LlvkStn.exe
  2⤵
  PID:3832
- C:\Windows\System\NAmONSD.exe
  C:\Windows\System\NAmONSD.exe
  2⤵
  PID:3852
- C:\Windows\System\GRNJBHS.exe
  C:\Windows\System\GRNJBHS.exe
  2⤵
  PID:3868
- C:\Windows\System\MEevfqr.exe
  C:\Windows\System\MEevfqr.exe
  2⤵
  PID:3884
- C:\Windows\System\WVFFpbO.exe
  C:\Windows\System\WVFFpbO.exe
  2⤵
  PID:3900
- C:\Windows\System\qCiWbrc.exe
  C:\Windows\System\qCiWbrc.exe
  2⤵
  PID:3936
- C:\Windows\System\EUiRQCJ.exe
  C:\Windows\System\EUiRQCJ.exe
  2⤵
  PID:3952
- C:\Windows\System\ZTJmTDP.exe
  C:\Windows\System\ZTJmTDP.exe
  2⤵
  PID:3972
- C:\Windows\System\eQlzEyi.exe
  C:\Windows\System\eQlzEyi.exe
  2⤵
  PID:3992
- C:\Windows\System\lBWbodf.exe
  C:\Windows\System\lBWbodf.exe
  2⤵
  PID:4012
- C:\Windows\System\JyaxWOI.exe
  C:\Windows\System\JyaxWOI.exe
  2⤵
  PID:4032
- C:\Windows\System\ZruHGiP.exe
  C:\Windows\System\ZruHGiP.exe
  2⤵
  PID:4052
- C:\Windows\System\mlDBdIS.exe
  C:\Windows\System\mlDBdIS.exe
  2⤵
  PID:4076
- C:\Windows\System\fJZvLtZ.exe
  C:\Windows\System\fJZvLtZ.exe
  2⤵
  PID:4092
- C:\Windows\System\gPffAGO.exe
  C:\Windows\System\gPffAGO.exe
  2⤵
  PID:1612
- C:\Windows\System\sgmDDVa.exe
  C:\Windows\System\sgmDDVa.exe
  2⤵
  PID:2400
- C:\Windows\System\vdtDkAJ.exe
  C:\Windows\System\vdtDkAJ.exe
  2⤵
  PID:968
- C:\Windows\System\xCcFknR.exe
  C:\Windows\System\xCcFknR.exe
  2⤵
  PID:660
- C:\Windows\System\tIZevKm.exe
  C:\Windows\System\tIZevKm.exe
  2⤵
  PID:1012
- C:\Windows\System\XoSOIoH.exe
  C:\Windows\System\XoSOIoH.exe
  2⤵
  PID:1064
- C:\Windows\System\TzoHyhE.exe
  C:\Windows\System\TzoHyhE.exe
  2⤵
  PID:2724
- C:\Windows\System\BYlcaKE.exe
  C:\Windows\System\BYlcaKE.exe
  2⤵
  PID:2112
- C:\Windows\System\ZWuJWgr.exe
  C:\Windows\System\ZWuJWgr.exe
  2⤵
  PID:1456
- C:\Windows\System\ZzrlRNK.exe
  C:\Windows\System\ZzrlRNK.exe
  2⤵
  PID:3116
- C:\Windows\System\WXcejWx.exe
  C:\Windows\System\WXcejWx.exe
  2⤵
  PID:1132
- C:\Windows\System\ZfBXkNb.exe
  C:\Windows\System\ZfBXkNb.exe
  2⤵
  PID:2928
- C:\Windows\System\sgceNwU.exe
  C:\Windows\System\sgceNwU.exe
  2⤵
  PID:3240
- C:\Windows\System\GLRnqTZ.exe
  C:\Windows\System\GLRnqTZ.exe
  2⤵
  PID:3276
- C:\Windows\System\HHFOZid.exe
  C:\Windows\System\HHFOZid.exe
  2⤵
  PID:3176
- C:\Windows\System\RgxtIqy.exe
  C:\Windows\System\RgxtIqy.exe
  2⤵
  PID:3316
- C:\Windows\System\tRFxpxS.exe
  C:\Windows\System\tRFxpxS.exe
  2⤵
  PID:3356
- C:\Windows\System\ZlbUFUs.exe
  C:\Windows\System\ZlbUFUs.exe
  2⤵
  PID:3228
- C:\Windows\System\PsygjPb.exe
  C:\Windows\System\PsygjPb.exe
  2⤵
  PID:3428
- C:\Windows\System\RruXPWS.exe
  C:\Windows\System\RruXPWS.exe
  2⤵
  PID:3408
- C:\Windows\System\WonURQn.exe
  C:\Windows\System\WonURQn.exe
  2⤵
  PID:3372
- C:\Windows\System\jARfKih.exe
  C:\Windows\System\jARfKih.exe
  2⤵
  PID:3484
- C:\Windows\System\FAsBIRi.exe
  C:\Windows\System\FAsBIRi.exe
  2⤵
  PID:3444
- C:\Windows\System\nshzFfn.exe
  C:\Windows\System\nshzFfn.exe
  2⤵
  PID:3464
- C:\Windows\System\xIdBUim.exe
  C:\Windows\System\xIdBUim.exe
  2⤵
  PID:3500
- C:\Windows\System\PDufngj.exe
  C:\Windows\System\PDufngj.exe
  2⤵
  PID:3544
- C:\Windows\System\YbqvnDI.exe
  C:\Windows\System\YbqvnDI.exe
  2⤵
  PID:3580
- C:\Windows\System\DjtoxRr.exe
  C:\Windows\System\DjtoxRr.exe
  2⤵
  PID:3536
- C:\Windows\System\PMtCAnQ.exe
  C:\Windows\System\PMtCAnQ.exe
  2⤵
  PID:3720
- C:\Windows\System\qYNVvCi.exe
  C:\Windows\System\qYNVvCi.exe
  2⤵
  PID:3632
- C:\Windows\System\txogVvj.exe
  C:\Windows\System\txogVvj.exe
  2⤵
  PID:3704
- C:\Windows\System\oLMYJDY.exe
  C:\Windows\System\oLMYJDY.exe
  2⤵
  PID:3752
- C:\Windows\System\QgtrquK.exe
  C:\Windows\System\QgtrquK.exe
  2⤵
  PID:3840
- C:\Windows\System\UMdfrgy.exe
  C:\Windows\System\UMdfrgy.exe
  2⤵
  PID:3876
- C:\Windows\System\fibzwKg.exe
  C:\Windows\System\fibzwKg.exe
  2⤵
  PID:3864
- C:\Windows\System\sFvJoFz.exe
  C:\Windows\System\sFvJoFz.exe
  2⤵
  PID:3924
- C:\Windows\System\xcUVARv.exe
  C:\Windows\System\xcUVARv.exe
  2⤵
  PID:3932
- C:\Windows\System\sEkLjRi.exe
  C:\Windows\System\sEkLjRi.exe
  2⤵
  PID:4008
- C:\Windows\System\tfkpvQd.exe
  C:\Windows\System\tfkpvQd.exe
  2⤵
  PID:3948
- C:\Windows\System\aFDlMBC.exe
  C:\Windows\System\aFDlMBC.exe
  2⤵
  PID:4088
- C:\Windows\System\eubZfmu.exe
  C:\Windows\System\eubZfmu.exe
  2⤵
  PID:2124
- C:\Windows\System\yfHJSTZ.exe
  C:\Windows\System\yfHJSTZ.exe
  2⤵
  PID:2840
- C:\Windows\System\aXdEBqf.exe
  C:\Windows\System\aXdEBqf.exe
  2⤵
  PID:1388
- C:\Windows\System\mgIsalD.exe
  C:\Windows\System\mgIsalD.exe
  2⤵
  PID:2872
- C:\Windows\System\JSjQRNU.exe
  C:\Windows\System\JSjQRNU.exe
  2⤵
  PID:1608
- C:\Windows\System\wGvwGCk.exe
  C:\Windows\System\wGvwGCk.exe
  2⤵
  PID:2448
- C:\Windows\System\krGHSmy.exe
  C:\Windows\System\krGHSmy.exe
  2⤵
  PID:2760
- C:\Windows\System\RVWFHAD.exe
  C:\Windows\System\RVWFHAD.exe
  2⤵
  PID:2780
- C:\Windows\System\ZBaIGRG.exe
  C:\Windows\System\ZBaIGRG.exe
  2⤵
  PID:2456
- C:\Windows\System\hdCOHgI.exe
  C:\Windows\System\hdCOHgI.exe
  2⤵
  PID:3196
- C:\Windows\System\slDADiW.exe
  C:\Windows\System\slDADiW.exe
  2⤵
  PID:3280
- C:\Windows\System\wPCXMjR.exe
  C:\Windows\System\wPCXMjR.exe
  2⤵
  PID:3400
- C:\Windows\System\pkFxbtc.exe
  C:\Windows\System\pkFxbtc.exe
  2⤵
  PID:3328
- C:\Windows\System\czevogv.exe
  C:\Windows\System\czevogv.exe
  2⤵
  PID:3096
- C:\Windows\System\MZpKhuw.exe
  C:\Windows\System\MZpKhuw.exe
  2⤵
  PID:3384
- C:\Windows\System\BRWwiAd.exe
  C:\Windows\System\BRWwiAd.exe
  2⤵
  PID:3560
- C:\Windows\System\DmygBMq.exe
  C:\Windows\System\DmygBMq.exe
  2⤵
  PID:3508
- C:\Windows\System\yNIFQbM.exe
  C:\Windows\System\yNIFQbM.exe
  2⤵
  PID:3616
- C:\Windows\System\htnvymc.exe
  C:\Windows\System\htnvymc.exe
  2⤵
  PID:3732
- C:\Windows\System\gzFbuWU.exe
  C:\Windows\System\gzFbuWU.exe
  2⤵
  PID:3764
- C:\Windows\System\aXDoYbm.exe
  C:\Windows\System\aXDoYbm.exe
  2⤵
  PID:3748
- C:\Windows\System\wASKNaY.exe
  C:\Windows\System\wASKNaY.exe
  2⤵
  PID:3824
- C:\Windows\System\RmSAwyf.exe
  C:\Windows\System\RmSAwyf.exe
  2⤵
  PID:3912
- C:\Windows\System\XRHMyYP.exe
  C:\Windows\System\XRHMyYP.exe
  2⤵
  PID:3964
- C:\Windows\System\gxIYwVg.exe
  C:\Windows\System\gxIYwVg.exe
  2⤵
  PID:4048
- C:\Windows\System\QCPunzG.exe
  C:\Windows\System\QCPunzG.exe
  2⤵
  PID:4044
- C:\Windows\System\ngJkdQY.exe
  C:\Windows\System\ngJkdQY.exe
  2⤵
  PID:4060
- C:\Windows\System\fTYxTps.exe
  C:\Windows\System\fTYxTps.exe
  2⤵
  PID:4020
- C:\Windows\System\xAMXHLa.exe
  C:\Windows\System\xAMXHLa.exe
  2⤵
  PID:3084
- C:\Windows\System\kRIVyee.exe
  C:\Windows\System\kRIVyee.exe
  2⤵
  PID:2540
- C:\Windows\System\edjSYQa.exe
  C:\Windows\System\edjSYQa.exe
  2⤵
  PID:3192
- C:\Windows\System\HTZHRtA.exe
  C:\Windows\System\HTZHRtA.exe
  2⤵
  PID:3204
- C:\Windows\System\ZNXagSO.exe
  C:\Windows\System\ZNXagSO.exe
  2⤵
  PID:3312
- C:\Windows\System\BYSHSms.exe
  C:\Windows\System\BYSHSms.exe
  2⤵
  PID:3388
- C:\Windows\System\elIssGg.exe
  C:\Windows\System\elIssGg.exe
  2⤵
  PID:3556
- C:\Windows\System\gdFynEK.exe
  C:\Windows\System\gdFynEK.exe
  2⤵
  PID:3604
- C:\Windows\System\JWKFwgd.exe
  C:\Windows\System\JWKFwgd.exe
  2⤵
  PID:3540
- C:\Windows\System\tVCsRjP.exe
  C:\Windows\System\tVCsRjP.exe
  2⤵
  PID:3572
- C:\Windows\System\RiwofUc.exe
  C:\Windows\System\RiwofUc.exe
  2⤵
  PID:3668
- C:\Windows\System\FFEzsMe.exe
  C:\Windows\System\FFEzsMe.exe
  2⤵
  PID:3920
- C:\Windows\System\jPizMTB.exe
  C:\Windows\System\jPizMTB.exe
  2⤵
  PID:3908
- C:\Windows\System\npoNaar.exe
  C:\Windows\System\npoNaar.exe
  2⤵
  PID:4108
- C:\Windows\System\YNjfxnx.exe
  C:\Windows\System\YNjfxnx.exe
  2⤵
  PID:4132
- C:\Windows\System\YlJoUHI.exe
  C:\Windows\System\YlJoUHI.exe
  2⤵
  PID:4152
- C:\Windows\System\JSSXQeY.exe
  C:\Windows\System\JSSXQeY.exe
  2⤵
  PID:4176
- C:\Windows\System\Wieyfbo.exe
  C:\Windows\System\Wieyfbo.exe
  2⤵
  PID:4204
- C:\Windows\System\gBYsXNi.exe
  C:\Windows\System\gBYsXNi.exe
  2⤵
  PID:4220
- C:\Windows\System\RxPAZyq.exe
  C:\Windows\System\RxPAZyq.exe
  2⤵
  PID:4244
- C:\Windows\System\iahRrNE.exe
  C:\Windows\System\iahRrNE.exe
  2⤵
  PID:4268
- C:\Windows\System\oogWGJn.exe
  C:\Windows\System\oogWGJn.exe
  2⤵
  PID:4284
- C:\Windows\System\hMlwLsc.exe
  C:\Windows\System\hMlwLsc.exe
  2⤵
  PID:4300
- C:\Windows\System\xqdljgS.exe
  C:\Windows\System\xqdljgS.exe
  2⤵
  PID:4324
- C:\Windows\System\OfruOyY.exe
  C:\Windows\System\OfruOyY.exe
  2⤵
  PID:4344
- C:\Windows\System\jpVqYrM.exe
  C:\Windows\System\jpVqYrM.exe
  2⤵
  PID:4364
- C:\Windows\System\TBLapkc.exe
  C:\Windows\System\TBLapkc.exe
  2⤵
  PID:4384
- C:\Windows\System\BvuFqfX.exe
  C:\Windows\System\BvuFqfX.exe
  2⤵
  PID:4400
- C:\Windows\System\nsISGoL.exe
  C:\Windows\System\nsISGoL.exe
  2⤵
  PID:4428
- C:\Windows\System\DvHoKEP.exe
  C:\Windows\System\DvHoKEP.exe
  2⤵
  PID:4444
- C:\Windows\System\zsRaBxq.exe
  C:\Windows\System\zsRaBxq.exe
  2⤵
  PID:4464
- C:\Windows\System\qaKkoDu.exe
  C:\Windows\System\qaKkoDu.exe
  2⤵
  PID:4484
- C:\Windows\System\aThdqqk.exe
  C:\Windows\System\aThdqqk.exe
  2⤵
  PID:4508
- C:\Windows\System\ssYMxyc.exe
  C:\Windows\System\ssYMxyc.exe
  2⤵
  PID:4528
- C:\Windows\System\DBQalZJ.exe
  C:\Windows\System\DBQalZJ.exe
  2⤵
  PID:4548
- C:\Windows\System\TGJCTfp.exe
  C:\Windows\System\TGJCTfp.exe
  2⤵
  PID:4564
- C:\Windows\System\qhsHnUu.exe
  C:\Windows\System\qhsHnUu.exe
  2⤵
  PID:4584
- C:\Windows\System\WDdeYxW.exe
  C:\Windows\System\WDdeYxW.exe
  2⤵
  PID:4600
- C:\Windows\System\CipqpmY.exe
  C:\Windows\System\CipqpmY.exe
  2⤵
  PID:4620
- C:\Windows\System\gjlxcPg.exe
  C:\Windows\System\gjlxcPg.exe
  2⤵
  PID:4644
- C:\Windows\System\oICMDry.exe
  C:\Windows\System\oICMDry.exe
  2⤵
  PID:4668
- C:\Windows\System\dMEZzzv.exe
  C:\Windows\System\dMEZzzv.exe
  2⤵
  PID:4684
- C:\Windows\System\mdwMptM.exe
  C:\Windows\System\mdwMptM.exe
  2⤵
  PID:4704
- C:\Windows\System\amdQNbf.exe
  C:\Windows\System\amdQNbf.exe
  2⤵
  PID:4720
- C:\Windows\System\vtJYwev.exe
  C:\Windows\System\vtJYwev.exe
  2⤵
  PID:4740
- C:\Windows\System\emEtMcN.exe
  C:\Windows\System\emEtMcN.exe
  2⤵
  PID:4756
- C:\Windows\System\JlPWlNL.exe
  C:\Windows\System\JlPWlNL.exe
  2⤵
  PID:4788
- C:\Windows\System\jRTmScn.exe
  C:\Windows\System\jRTmScn.exe
  2⤵
  PID:4804
- C:\Windows\System\IOvUwTl.exe
  C:\Windows\System\IOvUwTl.exe
  2⤵
  PID:4824
- C:\Windows\System\yHyNtwB.exe
  C:\Windows\System\yHyNtwB.exe
  2⤵
  PID:4844
- C:\Windows\System\aaeWGou.exe
  C:\Windows\System\aaeWGou.exe
  2⤵
  PID:4860
- C:\Windows\System\epnbXGm.exe
  C:\Windows\System\epnbXGm.exe
  2⤵
  PID:4880
- C:\Windows\System\VYKkKsR.exe
  C:\Windows\System\VYKkKsR.exe
  2⤵
  PID:4896
- C:\Windows\System\HKFDwQE.exe
  C:\Windows\System\HKFDwQE.exe
  2⤵
  PID:4920
- C:\Windows\System\gvOdYsQ.exe
  C:\Windows\System\gvOdYsQ.exe
  2⤵
  PID:4944
- C:\Windows\System\sMtazAN.exe
  C:\Windows\System\sMtazAN.exe
  2⤵
  PID:4968
- C:\Windows\System\MQdyFBs.exe
  C:\Windows\System\MQdyFBs.exe
  2⤵
  PID:4984
- C:\Windows\System\jMRDUFi.exe
  C:\Windows\System\jMRDUFi.exe
  2⤵
  PID:5004
- C:\Windows\System\UFTmhLN.exe
  C:\Windows\System\UFTmhLN.exe
  2⤵
  PID:5024
- C:\Windows\System\GxdCZQb.exe
  C:\Windows\System\GxdCZQb.exe
  2⤵
  PID:5044
- C:\Windows\System\GDZCwWA.exe
  C:\Windows\System\GDZCwWA.exe
  2⤵
  PID:5060
- C:\Windows\System\NLilgNd.exe
  C:\Windows\System\NLilgNd.exe
  2⤵
  PID:5088
- C:\Windows\System\GMVGWVG.exe
  C:\Windows\System\GMVGWVG.exe
  2⤵
  PID:5108
- C:\Windows\System\pzKPNva.exe
  C:\Windows\System\pzKPNva.exe
  2⤵
  PID:4028
- C:\Windows\System\uCEjhPH.exe
  C:\Windows\System\uCEjhPH.exe
  2⤵
  PID:3968
- C:\Windows\System\DTFYMmP.exe
  C:\Windows\System\DTFYMmP.exe
  2⤵
  PID:2016
- C:\Windows\System\nMwINLg.exe
  C:\Windows\System\nMwINLg.exe
  2⤵
  PID:2156
- C:\Windows\System\DypSpez.exe
  C:\Windows\System\DypSpez.exe
  2⤵
  PID:3300
- C:\Windows\System\SEMDZNe.exe
  C:\Windows\System\SEMDZNe.exe
  2⤵
  PID:3472
- C:\Windows\System\dLDAZrh.exe
  C:\Windows\System\dLDAZrh.exe
  2⤵
  PID:3224
- C:\Windows\System\QUnneza.exe
  C:\Windows\System\QUnneza.exe
  2⤵
  PID:3628
- C:\Windows\System\IhPtAEx.exe
  C:\Windows\System\IhPtAEx.exe
  2⤵
  PID:4104
- C:\Windows\System\GxOSqHx.exe
  C:\Windows\System\GxOSqHx.exe
  2⤵
  PID:3648
- C:\Windows\System\PHaHsZX.exe
  C:\Windows\System\PHaHsZX.exe
  2⤵
  PID:4128
- C:\Windows\System\fEWpcHj.exe
  C:\Windows\System\fEWpcHj.exe
  2⤵
  PID:3960
- C:\Windows\System\TmHTjwr.exe
  C:\Windows\System\TmHTjwr.exe
  2⤵
  PID:4196
- C:\Windows\System\gdXJLOt.exe
  C:\Windows\System\gdXJLOt.exe
  2⤵
  PID:4232
- C:\Windows\System\qAWSfNi.exe
  C:\Windows\System\qAWSfNi.exe
  2⤵
  PID:4320
- C:\Windows\System\DXZXDJd.exe
  C:\Windows\System\DXZXDJd.exe
  2⤵
  PID:4260
- C:\Windows\System\QuFPbFS.exe
  C:\Windows\System\QuFPbFS.exe
  2⤵
  PID:4296
- C:\Windows\System\pDDaTcu.exe
  C:\Windows\System\pDDaTcu.exe
  2⤵
  PID:4332
- C:\Windows\System\UnAiRil.exe
  C:\Windows\System\UnAiRil.exe
  2⤵
  PID:4412
- C:\Windows\System\RcuxQSO.exe
  C:\Windows\System\RcuxQSO.exe
  2⤵
  PID:4440
- C:\Windows\System\uTZlyAO.exe
  C:\Windows\System\uTZlyAO.exe
  2⤵
  PID:4520
- C:\Windows\System\RYROjGU.exe
  C:\Windows\System\RYROjGU.exe
  2⤵
  PID:4492
- C:\Windows\System\NTTXztP.exe
  C:\Windows\System\NTTXztP.exe
  2⤵
  PID:4496
- C:\Windows\System\pdHSPfY.exe
  C:\Windows\System\pdHSPfY.exe
  2⤵
  PID:4596
- C:\Windows\System\jwqiWUd.exe
  C:\Windows\System\jwqiWUd.exe
  2⤵
  PID:4536
- C:\Windows\System\KAGCOug.exe
  C:\Windows\System\KAGCOug.exe
  2⤵
  PID:4676
- C:\Windows\System\ziwrVnT.exe
  C:\Windows\System\ziwrVnT.exe
  2⤵
  PID:4652
- C:\Windows\System\XPejTSm.exe
  C:\Windows\System\XPejTSm.exe
  2⤵
  PID:4752
- C:\Windows\System\hfQgAgT.exe
  C:\Windows\System\hfQgAgT.exe
  2⤵
  PID:4660
- C:\Windows\System\EUuPCkq.exe
  C:\Windows\System\EUuPCkq.exe
  2⤵
  PID:4832
- C:\Windows\System\WVakTYc.exe
  C:\Windows\System\WVakTYc.exe
  2⤵
  PID:4840
- C:\Windows\System\JJCfOxi.exe
  C:\Windows\System\JJCfOxi.exe
  2⤵
  PID:4780
- C:\Windows\System\ddbGfhc.exe
  C:\Windows\System\ddbGfhc.exe
  2⤵
  PID:4816
- C:\Windows\System\zoUJCXs.exe
  C:\Windows\System\zoUJCXs.exe
  2⤵
  PID:4960
- C:\Windows\System\eLjesGr.exe
  C:\Windows\System\eLjesGr.exe
  2⤵
  PID:5000
- C:\Windows\System\WpdRwec.exe
  C:\Windows\System\WpdRwec.exe
  2⤵
  PID:4856
- C:\Windows\System\joXwDMS.exe
  C:\Windows\System\joXwDMS.exe
  2⤵
  PID:4940
- C:\Windows\System\dIcxXRj.exe
  C:\Windows\System\dIcxXRj.exe
  2⤵
  PID:5068
- C:\Windows\System\XEdLhaT.exe
  C:\Windows\System\XEdLhaT.exe
  2⤵
  PID:5116
- C:\Windows\System\iMoqhxe.exe
  C:\Windows\System\iMoqhxe.exe
  2⤵
  PID:5012
- C:\Windows\System\qYfpNcc.exe
  C:\Windows\System\qYfpNcc.exe
  2⤵
  PID:5100
- C:\Windows\System\ghyDkwo.exe
  C:\Windows\System\ghyDkwo.exe
  2⤵
  PID:2884
- C:\Windows\System\MZMIIlU.exe
  C:\Windows\System\MZMIIlU.exe
  2⤵
  PID:3460
- C:\Windows\System\Iaptznv.exe
  C:\Windows\System\Iaptznv.exe
  2⤵
  PID:1056
- C:\Windows\System\BvjMvFR.exe
  C:\Windows\System\BvjMvFR.exe
  2⤵
  PID:3804
- C:\Windows\System\zZbhYoq.exe
  C:\Windows\System\zZbhYoq.exe
  2⤵
  PID:4140
- C:\Windows\System\DqHHAgK.exe
  C:\Windows\System\DqHHAgK.exe
  2⤵
  PID:4124
- C:\Windows\System\zcGIHbe.exe
  C:\Windows\System\zcGIHbe.exe
  2⤵
  PID:3784
- C:\Windows\System\XAqdzBY.exe
  C:\Windows\System\XAqdzBY.exe
  2⤵
  PID:4228
- C:\Windows\System\NliSoZi.exe
  C:\Windows\System\NliSoZi.exe
  2⤵
  PID:4240
- C:\Windows\System\IOxvjqh.exe
  C:\Windows\System\IOxvjqh.exe
  2⤵
  PID:4316
- C:\Windows\System\NqxmjTk.exe
  C:\Windows\System\NqxmjTk.exe
  2⤵
  PID:4396
- C:\Windows\System\KEWnHbF.exe
  C:\Windows\System\KEWnHbF.exe
  2⤵
  PID:4372
- C:\Windows\System\aSGywCx.exe
  C:\Windows\System\aSGywCx.exe
  2⤵
  PID:4424
- C:\Windows\System\UcbwmAA.exe
  C:\Windows\System\UcbwmAA.exe
  2⤵
  PID:4560
- C:\Windows\System\hUIrOZh.exe
  C:\Windows\System\hUIrOZh.exe
  2⤵
  PID:4592
- C:\Windows\System\UWjsupN.exe
  C:\Windows\System\UWjsupN.exe
  2⤵
  PID:4616
- C:\Windows\System\GmtjVKC.exe
  C:\Windows\System\GmtjVKC.exe
  2⤵
  PID:4656
- C:\Windows\System\UNFtvRC.exe
  C:\Windows\System\UNFtvRC.exe
  2⤵
  PID:4692
- C:\Windows\System\EHlnotO.exe
  C:\Windows\System\EHlnotO.exe
  2⤵
  PID:4732
- C:\Windows\System\fVulZHM.exe
  C:\Windows\System\fVulZHM.exe
  2⤵
  PID:4904
- C:\Windows\System\XRBykhV.exe
  C:\Windows\System\XRBykhV.exe
  2⤵
  PID:4912
- C:\Windows\System\aGHflLA.exe
  C:\Windows\System\aGHflLA.exe
  2⤵
  PID:5040
- C:\Windows\System\AcIxrdV.exe
  C:\Windows\System\AcIxrdV.exe
  2⤵
  PID:5036
- C:\Windows\System\VdxpuqI.exe
  C:\Windows\System\VdxpuqI.exe
  2⤵
  PID:4040
- C:\Windows\System\MqeODMP.exe
  C:\Windows\System\MqeODMP.exe
  2⤵
  PID:5020
- C:\Windows\System\BUORbRN.exe
  C:\Windows\System\BUORbRN.exe
  2⤵
  PID:2616
- C:\Windows\System\kpPhEiF.exe
  C:\Windows\System\kpPhEiF.exe
  2⤵
  PID:4000
- C:\Windows\System\WWxiZRG.exe
  C:\Windows\System\WWxiZRG.exe
  2⤵
  PID:3828
- C:\Windows\System\PYhawTg.exe
  C:\Windows\System\PYhawTg.exe
  2⤵
  PID:4172
- C:\Windows\System\CYCYjtO.exe
  C:\Windows\System\CYCYjtO.exe
  2⤵
  PID:4308
- C:\Windows\System\QKmrNrN.exe
  C:\Windows\System\QKmrNrN.exe
  2⤵
  PID:4380
- C:\Windows\System\JvGjQcz.exe
  C:\Windows\System\JvGjQcz.exe
  2⤵
  PID:4516
- C:\Windows\System\NbDLODM.exe
  C:\Windows\System\NbDLODM.exe
  2⤵
  PID:4504
- C:\Windows\System\PQyGsRF.exe
  C:\Windows\System\PQyGsRF.exe
  2⤵
  PID:4748
- C:\Windows\System\asJkXSR.exe
  C:\Windows\System\asJkXSR.exe
  2⤵
  PID:4716
- C:\Windows\System\kLaXcWd.exe
  C:\Windows\System\kLaXcWd.exe
  2⤵
  PID:4736
- C:\Windows\System\DHTxnkO.exe
  C:\Windows\System\DHTxnkO.exe
  2⤵
  PID:4992
- C:\Windows\System\aoyJmPx.exe
  C:\Windows\System\aoyJmPx.exe
  2⤵
  PID:4928
- C:\Windows\System\JBqVJhC.exe
  C:\Windows\System\JBqVJhC.exe
  2⤵
  PID:5084
- C:\Windows\System\gUGNRuz.exe
  C:\Windows\System\gUGNRuz.exe
  2⤵
  PID:2208
- C:\Windows\System\GulwfWa.exe
  C:\Windows\System\GulwfWa.exe
  2⤵
  PID:4144
- C:\Windows\System\ddALXjw.exe
  C:\Windows\System\ddALXjw.exe
  2⤵
  PID:3988
- C:\Windows\System\yBmiksd.exe
  C:\Windows\System\yBmiksd.exe
  2⤵
  PID:4116
- C:\Windows\System\JkvYDIc.exe
  C:\Windows\System\JkvYDIc.exe
  2⤵
  PID:4480
- C:\Windows\System\vaRofJt.exe
  C:\Windows\System\vaRofJt.exe
  2⤵
  PID:2568
- C:\Windows\System\jZoAaaP.exe
  C:\Windows\System\jZoAaaP.exe
  2⤵
  PID:4416
- C:\Windows\System\DXBtMpP.exe
  C:\Windows\System\DXBtMpP.exe
  2⤵
  PID:5124
- C:\Windows\System\hnstZgv.exe
  C:\Windows\System\hnstZgv.exe
  2⤵
  PID:5148
- C:\Windows\System\LMmUpCb.exe
  C:\Windows\System\LMmUpCb.exe
  2⤵
  PID:5168
- C:\Windows\System\dHXtLsc.exe
  C:\Windows\System\dHXtLsc.exe
  2⤵
  PID:5188
- C:\Windows\System\nQgIAwL.exe
  C:\Windows\System\nQgIAwL.exe
  2⤵
  PID:5208
- C:\Windows\System\gbdfWQJ.exe
  C:\Windows\System\gbdfWQJ.exe
  2⤵
  PID:5228
- C:\Windows\System\kkVdbGC.exe
  C:\Windows\System\kkVdbGC.exe
  2⤵
  PID:5252
- C:\Windows\System\OVQAucs.exe
  C:\Windows\System\OVQAucs.exe
  2⤵
  PID:5272
- C:\Windows\System\OrvAccY.exe
  C:\Windows\System\OrvAccY.exe
  2⤵
  PID:5292
- C:\Windows\System\wGRDlYW.exe
  C:\Windows\System\wGRDlYW.exe
  2⤵
  PID:5308
- C:\Windows\System\FXVvoEb.exe
  C:\Windows\System\FXVvoEb.exe
  2⤵
  PID:5328
- C:\Windows\System\ADKOLbw.exe
  C:\Windows\System\ADKOLbw.exe
  2⤵
  PID:5348
- C:\Windows\System\NIlEXLf.exe
  C:\Windows\System\NIlEXLf.exe
  2⤵
  PID:5368
- C:\Windows\System\pZIrXWw.exe
  C:\Windows\System\pZIrXWw.exe
  2⤵
  PID:5388
- C:\Windows\System\brlwzfF.exe
  C:\Windows\System\brlwzfF.exe
  2⤵
  PID:5412
- C:\Windows\System\YRWiEos.exe
  C:\Windows\System\YRWiEos.exe
  2⤵
  PID:5432
- C:\Windows\System\ATeimyW.exe
  C:\Windows\System\ATeimyW.exe
  2⤵
  PID:5448
- C:\Windows\System\JHrlQGY.exe
  C:\Windows\System\JHrlQGY.exe
  2⤵
  PID:5472
- C:\Windows\System\RQUmgWt.exe
  C:\Windows\System\RQUmgWt.exe
  2⤵
  PID:5492
- C:\Windows\System\SLgUCqe.exe
  C:\Windows\System\SLgUCqe.exe
  2⤵
  PID:5512
- C:\Windows\System\vJyskeR.exe
  C:\Windows\System\vJyskeR.exe
  2⤵
  PID:5532
- C:\Windows\System\zsqdmcY.exe
  C:\Windows\System\zsqdmcY.exe
  2⤵
  PID:5552
- C:\Windows\System\ltaMEFW.exe
  C:\Windows\System\ltaMEFW.exe
  2⤵
  PID:5572
- C:\Windows\System\VLQsKpq.exe
  C:\Windows\System\VLQsKpq.exe
  2⤵
  PID:5592
- C:\Windows\System\pYZoqCa.exe
  C:\Windows\System\pYZoqCa.exe
  2⤵
  PID:5612
- C:\Windows\System\QCCrirV.exe
  C:\Windows\System\QCCrirV.exe
  2⤵
  PID:5632
- C:\Windows\System\trnQODD.exe
  C:\Windows\System\trnQODD.exe
  2⤵
  PID:5648
- C:\Windows\System\oGPHtOC.exe
  C:\Windows\System\oGPHtOC.exe
  2⤵
  PID:5672
- C:\Windows\System\VAqwCTZ.exe
  C:\Windows\System\VAqwCTZ.exe
  2⤵
  PID:5692
- C:\Windows\System\FvaEJSy.exe
  C:\Windows\System\FvaEJSy.exe
  2⤵
  PID:5708
- C:\Windows\System\BIRkTKv.exe
  C:\Windows\System\BIRkTKv.exe
  2⤵
  PID:5728
- C:\Windows\System\btHQHNI.exe
  C:\Windows\System\btHQHNI.exe
  2⤵
  PID:5748
- C:\Windows\System\QiBLCjo.exe
  C:\Windows\System\QiBLCjo.exe
  2⤵
  PID:5768
- C:\Windows\System\FvCZkzy.exe
  C:\Windows\System\FvCZkzy.exe
  2⤵
  PID:5788
- C:\Windows\System\EeefPgI.exe
  C:\Windows\System\EeefPgI.exe
  2⤵
  PID:5812
- C:\Windows\System\fSTEUgA.exe
  C:\Windows\System\fSTEUgA.exe
  2⤵
  PID:5832
- C:\Windows\System\gGhTqbb.exe
  C:\Windows\System\gGhTqbb.exe
  2⤵
  PID:5848
- C:\Windows\System\HJYFGAL.exe
  C:\Windows\System\HJYFGAL.exe
  2⤵
  PID:5872
- C:\Windows\System\WPpOtaM.exe
  C:\Windows\System\WPpOtaM.exe
  2⤵
  PID:5892
- C:\Windows\System\gfJzUei.exe
  C:\Windows\System\gfJzUei.exe
  2⤵
  PID:5912
- C:\Windows\System\AIHphnp.exe
  C:\Windows\System\AIHphnp.exe
  2⤵
  PID:5932
- C:\Windows\System\YOeupAW.exe
  C:\Windows\System\YOeupAW.exe
  2⤵
  PID:5948
- C:\Windows\System\CYBYSFG.exe
  C:\Windows\System\CYBYSFG.exe
  2⤵
  PID:5964
- C:\Windows\System\ueOHrpk.exe
  C:\Windows\System\ueOHrpk.exe
  2⤵
  PID:5992
- C:\Windows\System\JJPpihO.exe
  C:\Windows\System\JJPpihO.exe
  2⤵
  PID:6008
- C:\Windows\System\DxMAyCg.exe
  C:\Windows\System\DxMAyCg.exe
  2⤵
  PID:6032
- C:\Windows\System\KHRmiCv.exe
  C:\Windows\System\KHRmiCv.exe
  2⤵
  PID:6052
- C:\Windows\System\QvOrgrW.exe
  C:\Windows\System\QvOrgrW.exe
  2⤵
  PID:6072
- C:\Windows\System\wlsgNJx.exe
  C:\Windows\System\wlsgNJx.exe
  2⤵
  PID:6092
- C:\Windows\System\ePDsaEJ.exe
  C:\Windows\System\ePDsaEJ.exe
  2⤵
  PID:6112
- C:\Windows\System\UDOblSf.exe
  C:\Windows\System\UDOblSf.exe
  2⤵
  PID:6128
- C:\Windows\System\XaimgLQ.exe
  C:\Windows\System\XaimgLQ.exe
  2⤵
  PID:4696
- C:\Windows\System\ZqdrVJS.exe
  C:\Windows\System\ZqdrVJS.exe
  2⤵
  PID:4812
- C:\Windows\System\TgEQpit.exe
  C:\Windows\System\TgEQpit.exe
  2⤵
  PID:4976
- C:\Windows\System\ZpTGfHy.exe
  C:\Windows\System\ZpTGfHy.exe
  2⤵
  PID:2756
- C:\Windows\System\CXoMAZf.exe
  C:\Windows\System\CXoMAZf.exe
  2⤵
  PID:2672
- C:\Windows\System\KbDbxYF.exe
  C:\Windows\System\KbDbxYF.exe
  2⤵
  PID:4188
- C:\Windows\System\ZFSXGAH.exe
  C:\Windows\System\ZFSXGAH.exe
  2⤵
  PID:5144
- C:\Windows\System\jeZRLQD.exe
  C:\Windows\System\jeZRLQD.exe
  2⤵
  PID:5184
- C:\Windows\System\sKtSiiE.exe
  C:\Windows\System\sKtSiiE.exe
  2⤵
  PID:4768
- C:\Windows\System\MEwSmpY.exe
  C:\Windows\System\MEwSmpY.exe
  2⤵
  PID:5220
- C:\Windows\System\XNsMdiU.exe
  C:\Windows\System\XNsMdiU.exe
  2⤵
  PID:5240
- C:\Windows\System\QpYnEfo.exe
  C:\Windows\System\QpYnEfo.exe
  2⤵
  PID:5280
- C:\Windows\System\qcXgdKT.exe
  C:\Windows\System\qcXgdKT.exe
  2⤵
  PID:5336
- C:\Windows\System\cBKtegz.exe
  C:\Windows\System\cBKtegz.exe
  2⤵
  PID:5316
- C:\Windows\System\ZlcoCQh.exe
  C:\Windows\System\ZlcoCQh.exe
  2⤵
  PID:5396
- C:\Windows\System\kBNWvZf.exe
  C:\Windows\System\kBNWvZf.exe
  2⤵
  PID:5428
- C:\Windows\System\OwetSAL.exe
  C:\Windows\System\OwetSAL.exe
  2⤵
  PID:5460
- C:\Windows\System\LymIgeP.exe
  C:\Windows\System\LymIgeP.exe
  2⤵
  PID:5464
- C:\Windows\System\FzeIKax.exe
  C:\Windows\System\FzeIKax.exe
  2⤵
  PID:5484
- C:\Windows\System\XgycsuE.exe
  C:\Windows\System\XgycsuE.exe
  2⤵
  PID:5520
- C:\Windows\System\ewHSJFw.exe
  C:\Windows\System\ewHSJFw.exe
  2⤵
  PID:5584
- C:\Windows\System\yBbLzFE.exe
  C:\Windows\System\yBbLzFE.exe
  2⤵
  PID:5620
- C:\Windows\System\tJIUVWw.exe
  C:\Windows\System\tJIUVWw.exe
  2⤵
  PID:5660
- C:\Windows\System\vNjVVRb.exe
  C:\Windows\System\vNjVVRb.exe
  2⤵
  PID:5644
- C:\Windows\System\MWcWLDC.exe
  C:\Windows\System\MWcWLDC.exe
  2⤵
  PID:5684
- C:\Windows\System\VkNGMom.exe
  C:\Windows\System\VkNGMom.exe
  2⤵
  PID:5776
- C:\Windows\System\lWxjYWY.exe
  C:\Windows\System\lWxjYWY.exe
  2⤵
  PID:5720
- C:\Windows\System\HrpEpMV.exe
  C:\Windows\System\HrpEpMV.exe
  2⤵
  PID:5800
- C:\Windows\System\SDNtOKs.exe
  C:\Windows\System\SDNtOKs.exe
  2⤵
  PID:5856
- C:\Windows\System\UVBcspj.exe
  C:\Windows\System\UVBcspj.exe
  2⤵
  PID:5868
- C:\Windows\System\ksJDmgg.exe
  C:\Windows\System\ksJDmgg.exe
  2⤵
  PID:5908
- C:\Windows\System\aRITKQq.exe
  C:\Windows\System\aRITKQq.exe
  2⤵
  PID:5928
- C:\Windows\System\ORsBpKq.exe
  C:\Windows\System\ORsBpKq.exe
  2⤵
  PID:5980
- C:\Windows\System\PaqyfZq.exe
  C:\Windows\System\PaqyfZq.exe
  2⤵
  PID:6020
- C:\Windows\System\EZvXFll.exe
  C:\Windows\System\EZvXFll.exe
  2⤵
  PID:6024
- C:\Windows\System\nJrDwQN.exe
  C:\Windows\System\nJrDwQN.exe
  2⤵
  PID:6108
- C:\Windows\System\wzyIfZO.exe
  C:\Windows\System\wzyIfZO.exe
  2⤵
  PID:6088
- C:\Windows\System\RQjBako.exe
  C:\Windows\System\RQjBako.exe
  2⤵
  PID:5032
- C:\Windows\System\BGcdwFm.exe
  C:\Windows\System\BGcdwFm.exe
  2⤵
  PID:6120
- C:\Windows\System\nDukbtb.exe
  C:\Windows\System\nDukbtb.exe
  2⤵
  PID:4252
- C:\Windows\System\iGhYsUR.exe
  C:\Windows\System\iGhYsUR.exe
  2⤵
  PID:5132
- C:\Windows\System\lMwiMuG.exe
  C:\Windows\System\lMwiMuG.exe
  2⤵
  PID:2704
- C:\Windows\System\rnpzbrR.exe
  C:\Windows\System\rnpzbrR.exe
  2⤵
  PID:4800
- C:\Windows\System\fngofcH.exe
  C:\Windows\System\fngofcH.exe
  2⤵
  PID:5196
- C:\Windows\System\iTwTfaz.exe
  C:\Windows\System\iTwTfaz.exe
  2⤵
  PID:5300
- C:\Windows\System\XwnAKQt.exe
  C:\Windows\System\XwnAKQt.exe
  2⤵
  PID:5384
- C:\Windows\System\zGneoBV.exe
  C:\Windows\System\zGneoBV.exe
  2⤵
  PID:5380
- C:\Windows\System\oBdyUyc.exe
  C:\Windows\System\oBdyUyc.exe
  2⤵
  PID:5400
- C:\Windows\System\hvCURMY.exe
  C:\Windows\System\hvCURMY.exe
  2⤵
  PID:2720
- C:\Windows\System\RErOXhn.exe
  C:\Windows\System\RErOXhn.exe
  2⤵
  PID:5540
- C:\Windows\System\ldwbgDj.exe
  C:\Windows\System\ldwbgDj.exe
  2⤵
  PID:5580
- C:\Windows\System\cWNcrNt.exe
  C:\Windows\System\cWNcrNt.exe
  2⤵
  PID:5624
- C:\Windows\System\LKtrdko.exe
  C:\Windows\System\LKtrdko.exe
  2⤵
  PID:5704
- C:\Windows\System\ngdOgfj.exe
  C:\Windows\System\ngdOgfj.exe
  2⤵
  PID:5760
- C:\Windows\System\NUsyCrP.exe
  C:\Windows\System\NUsyCrP.exe
  2⤵
  PID:5824
- C:\Windows\System\sBSmtet.exe
  C:\Windows\System\sBSmtet.exe
  2⤵
  PID:5860
- C:\Windows\System\dgXuPMO.exe
  C:\Windows\System\dgXuPMO.exe
  2⤵
  PID:5884
- C:\Windows\System\sOhViAX.exe
  C:\Windows\System\sOhViAX.exe
  2⤵
  PID:5976
- C:\Windows\System\HtHfjqO.exe
  C:\Windows\System\HtHfjqO.exe
  2⤵
  PID:5956
- C:\Windows\System\DPBHmEI.exe
  C:\Windows\System\DPBHmEI.exe
  2⤵
  PID:6048
- C:\Windows\System\SooxrkG.exe
  C:\Windows\System\SooxrkG.exe
  2⤵
  PID:6136
- C:\Windows\System\GsfiNpf.exe
  C:\Windows\System\GsfiNpf.exe
  2⤵
  PID:2980
- C:\Windows\System\QSZkQnf.exe
  C:\Windows\System\QSZkQnf.exe
  2⤵
  PID:4764
- C:\Windows\System\DpKubCe.exe
  C:\Windows\System\DpKubCe.exe
  2⤵
  PID:4500
- C:\Windows\System\kQlEVTJ.exe
  C:\Windows\System\kQlEVTJ.exe
  2⤵
  PID:5268
- C:\Windows\System\dWPFRQw.exe
  C:\Windows\System\dWPFRQw.exe
  2⤵
  PID:5224
- C:\Windows\System\pNpTGhX.exe
  C:\Windows\System\pNpTGhX.exe
  2⤵
  PID:5248
- C:\Windows\System\qIucgdP.exe
  C:\Windows\System\qIucgdP.exe
  2⤵
  PID:5420
- C:\Windows\System\DIblMMJ.exe
  C:\Windows\System\DIblMMJ.exe
  2⤵
  PID:5588
- C:\Windows\System\yFPvNli.exe
  C:\Windows\System\yFPvNli.exe
  2⤵
  PID:5504
- C:\Windows\System\LsvUJFY.exe
  C:\Windows\System\LsvUJFY.exe
  2⤵
  PID:5568
- C:\Windows\System\hpmdhuv.exe
  C:\Windows\System\hpmdhuv.exe
  2⤵
  PID:5784
- C:\Windows\System\CoZFpTy.exe
  C:\Windows\System\CoZFpTy.exe
  2⤵
  PID:5844
- C:\Windows\System\TtjuXia.exe
  C:\Windows\System\TtjuXia.exe
  2⤵
  PID:2608
- C:\Windows\System\kPtFYut.exe
  C:\Windows\System\kPtFYut.exe
  2⤵
  PID:5920
- C:\Windows\System\jrqDqKA.exe
  C:\Windows\System\jrqDqKA.exe
  2⤵
  PID:6100
- C:\Windows\System\RmfWany.exe
  C:\Windows\System\RmfWany.exe
  2⤵
  PID:6044
- C:\Windows\System\sCbnQmY.exe
  C:\Windows\System\sCbnQmY.exe
  2⤵
  PID:5052
- C:\Windows\System\EZOWaMm.exe
  C:\Windows\System\EZOWaMm.exe
  2⤵
  PID:5180
- C:\Windows\System\JxgzDNV.exe
  C:\Windows\System\JxgzDNV.exe
  2⤵
  PID:4280
- C:\Windows\System\dxsuBFn.exe
  C:\Windows\System\dxsuBFn.exe
  2⤵
  PID:5376
- C:\Windows\System\JjfKqEY.exe
  C:\Windows\System\JjfKqEY.exe
  2⤵
  PID:5408
- C:\Windows\System\pjPyhGW.exe
  C:\Windows\System\pjPyhGW.exe
  2⤵
  PID:1448
- C:\Windows\System\VkgwyET.exe
  C:\Windows\System\VkgwyET.exe
  2⤵
  PID:5656
- C:\Windows\System\nYUTidc.exe
  C:\Windows\System\nYUTidc.exe
  2⤵
  PID:5564
- C:\Windows\System\UnYrKEl.exe
  C:\Windows\System\UnYrKEl.exe
  2⤵
  PID:5764
- C:\Windows\System\diCHApt.exe
  C:\Windows\System\diCHApt.exe
  2⤵
  PID:5796
- C:\Windows\System\iwTGBqi.exe
  C:\Windows\System\iwTGBqi.exe
  2⤵
  PID:1004
- C:\Windows\System\GuSwIBT.exe
  C:\Windows\System\GuSwIBT.exe
  2⤵
  PID:1156
- C:\Windows\System\qLEfUmR.exe
  C:\Windows\System\qLEfUmR.exe
  2⤵
  PID:6028
- C:\Windows\System\NkiAGNC.exe
  C:\Windows\System\NkiAGNC.exe
  2⤵
  PID:5364
- C:\Windows\System\yOFCrff.exe
  C:\Windows\System\yOFCrff.exe
  2⤵
  PID:5700
- C:\Windows\System\YXWiTPs.exe
  C:\Windows\System\YXWiTPs.exe
  2⤵
  PID:1648
- C:\Windows\System\gMfKfSy.exe
  C:\Windows\System\gMfKfSy.exe
  2⤵
  PID:4212
- C:\Windows\System\wkYZDeY.exe
  C:\Windows\System\wkYZDeY.exe
  2⤵
  PID:2604
- C:\Windows\System\oAJsjub.exe
  C:\Windows\System\oAJsjub.exe
  2⤵
  PID:5600
- C:\Windows\System\ZzvDFDY.exe
  C:\Windows\System\ZzvDFDY.exe
  2⤵
  PID:4956
- C:\Windows\System\AlDoNQL.exe
  C:\Windows\System\AlDoNQL.exe
  2⤵
  PID:5804
- C:\Windows\System\vrliZNI.exe
  C:\Windows\System\vrliZNI.exe
  2⤵
  PID:4024
- C:\Windows\System\nRBfVIl.exe
  C:\Windows\System\nRBfVIl.exe
  2⤵
  PID:6004
- C:\Windows\System\jFqbnSC.exe
  C:\Windows\System\jFqbnSC.exe
  2⤵
  PID:2216
- C:\Windows\System\UsWrefP.exe
  C:\Windows\System\UsWrefP.exe
  2⤵
  PID:5548
- C:\Windows\System\vcsVdyK.exe
  C:\Windows\System\vcsVdyK.exe
  2⤵
  PID:2716
- C:\Windows\System\lRqMebX.exe
  C:\Windows\System\lRqMebX.exe
  2⤵
  PID:2660
- C:\Windows\System\jyDWokO.exe
  C:\Windows\System\jyDWokO.exe
  2⤵
  PID:1168
- C:\Windows\System\KqAWYpq.exe
  C:\Windows\System\KqAWYpq.exe
  2⤵
  PID:852
- C:\Windows\System\GuHaeeB.exe
  C:\Windows\System\GuHaeeB.exe
  2⤵
  PID:1164
- C:\Windows\System\wuXNfUs.exe
  C:\Windows\System\wuXNfUs.exe
  2⤵
  PID:448
- C:\Windows\System\hYTmpDW.exe
  C:\Windows\System\hYTmpDW.exe
  2⤵
  PID:4908
- C:\Windows\System\LpbiGzD.exe
  C:\Windows\System\LpbiGzD.exe
  2⤵
  PID:1488
- C:\Windows\System\ljKFwrt.exe
  C:\Windows\System\ljKFwrt.exe
  2⤵
  PID:2128
- C:\Windows\System\YZGEgwx.exe
  C:\Windows\System\YZGEgwx.exe
  2⤵
  PID:1516
- C:\Windows\System\OEYGSXl.exe
  C:\Windows\System\OEYGSXl.exe
  2⤵
  PID:2252
- C:\Windows\System\bQGgDjf.exe
  C:\Windows\System\bQGgDjf.exe
  2⤵
  PID:6160
- C:\Windows\System\OiRlyIF.exe
  C:\Windows\System\OiRlyIF.exe
  2⤵
  PID:6176
- C:\Windows\System\tkUmJzj.exe
  C:\Windows\System\tkUmJzj.exe
  2⤵
  PID:6192
- C:\Windows\System\egfGWPl.exe
  C:\Windows\System\egfGWPl.exe
  2⤵
  PID:6208
- C:\Windows\System\YUnlMNr.exe
  C:\Windows\System\YUnlMNr.exe
  2⤵
  PID:6224
- C:\Windows\System\qkYxKWw.exe
  C:\Windows\System\qkYxKWw.exe
  2⤵
  PID:6240
- C:\Windows\System\gMlKekA.exe
  C:\Windows\System\gMlKekA.exe
  2⤵
  PID:6256
- C:\Windows\System\XiqGkZF.exe
  C:\Windows\System\XiqGkZF.exe
  2⤵
  PID:6272
- C:\Windows\System\TmIPlgT.exe
  C:\Windows\System\TmIPlgT.exe
  2⤵
  PID:6288
- C:\Windows\System\KIirBgH.exe
  C:\Windows\System\KIirBgH.exe
  2⤵
  PID:6308
- C:\Windows\System\AWwtWwf.exe
  C:\Windows\System\AWwtWwf.exe
  2⤵
  PID:6324
- C:\Windows\System\wHPGFSO.exe
  C:\Windows\System\wHPGFSO.exe
  2⤵
  PID:6340
- C:\Windows\System\OrIBeEv.exe
  C:\Windows\System\OrIBeEv.exe
  2⤵
  PID:6388
- C:\Windows\System\qKefDAE.exe
  C:\Windows\System\qKefDAE.exe
  2⤵
  PID:6432
- C:\Windows\System\rNwofCB.exe
  C:\Windows\System\rNwofCB.exe
  2⤵
  PID:6448
- C:\Windows\System\FPsuPpb.exe
  C:\Windows\System\FPsuPpb.exe
  2⤵
  PID:6468
- C:\Windows\System\ykLiNvR.exe
  C:\Windows\System\ykLiNvR.exe
  2⤵
  PID:6488
- C:\Windows\System\qyWHZKT.exe
  C:\Windows\System\qyWHZKT.exe
  2⤵
  PID:6508
- C:\Windows\System\RuerNFi.exe
  C:\Windows\System\RuerNFi.exe
  2⤵
  PID:6524
- C:\Windows\System\dmwizvK.exe
  C:\Windows\System\dmwizvK.exe
  2⤵
  PID:6544
- C:\Windows\System\EHzPZDk.exe
  C:\Windows\System\EHzPZDk.exe
  2⤵
  PID:6560
- C:\Windows\System\lFVojXI.exe
  C:\Windows\System\lFVojXI.exe
  2⤵
  PID:6576
- C:\Windows\System\TvxsWQn.exe
  C:\Windows\System\TvxsWQn.exe
  2⤵
  PID:6592
- C:\Windows\System\aORCBnJ.exe
  C:\Windows\System\aORCBnJ.exe
  2⤵
  PID:6640
- C:\Windows\System\yUsQnbk.exe
  C:\Windows\System\yUsQnbk.exe
  2⤵
  PID:6660
- C:\Windows\System\HlZPDIw.exe
  C:\Windows\System\HlZPDIw.exe
  2⤵
  PID:6676
- C:\Windows\System\NmFNwvb.exe
  C:\Windows\System\NmFNwvb.exe
  2⤵
  PID:6692
- C:\Windows\System\pCFshQY.exe
  C:\Windows\System\pCFshQY.exe
  2⤵
  PID:6708
- C:\Windows\System\qMotXKL.exe
  C:\Windows\System\qMotXKL.exe
  2⤵
  PID:6724
- C:\Windows\System\xDmHZQY.exe
  C:\Windows\System\xDmHZQY.exe
  2⤵
  PID:6740
- C:\Windows\System\bSizCZU.exe
  C:\Windows\System\bSizCZU.exe
  2⤵
  PID:6756
- C:\Windows\System\TuKshtV.exe
  C:\Windows\System\TuKshtV.exe
  2⤵
  PID:6772
- C:\Windows\System\HCVMeWD.exe
  C:\Windows\System\HCVMeWD.exe
  2⤵
  PID:6788
- C:\Windows\System\rkPdeoN.exe
  C:\Windows\System\rkPdeoN.exe
  2⤵
  PID:6804
- C:\Windows\System\FNRmdhU.exe
  C:\Windows\System\FNRmdhU.exe
  2⤵
  PID:6820
- C:\Windows\System\tOOYBWQ.exe
  C:\Windows\System\tOOYBWQ.exe
  2⤵
  PID:6836
- C:\Windows\System\lqMIFer.exe
  C:\Windows\System\lqMIFer.exe
  2⤵
  PID:6852
- C:\Windows\System\HSROhMa.exe
  C:\Windows\System\HSROhMa.exe
  2⤵
  PID:6928
- C:\Windows\System\WOQubnM.exe
  C:\Windows\System\WOQubnM.exe
  2⤵
  PID:6948
- C:\Windows\System\HSwOxFs.exe
  C:\Windows\System\HSwOxFs.exe
  2⤵
  PID:6964
- C:\Windows\System\vQYvKrb.exe
  C:\Windows\System\vQYvKrb.exe
  2⤵
  PID:6980
- C:\Windows\System\LmmaAuN.exe
  C:\Windows\System\LmmaAuN.exe
  2⤵
  PID:6996
- C:\Windows\System\AGMBRof.exe
  C:\Windows\System\AGMBRof.exe
  2⤵
  PID:7012
- C:\Windows\System\PpYPuxY.exe
  C:\Windows\System\PpYPuxY.exe
  2⤵
  PID:7028
- C:\Windows\System\dnsSihv.exe
  C:\Windows\System\dnsSihv.exe
  2⤵
  PID:7044
- C:\Windows\System\lVJWiUL.exe
  C:\Windows\System\lVJWiUL.exe
  2⤵
  PID:7100
- C:\Windows\System\mFIDyMT.exe
  C:\Windows\System\mFIDyMT.exe
  2⤵
  PID:7116
- C:\Windows\System\zyKStuH.exe
  C:\Windows\System\zyKStuH.exe
  2⤵
  PID:7132
- C:\Windows\System\xfFlVoY.exe
  C:\Windows\System\xfFlVoY.exe
  2⤵
  PID:7148
- C:\Windows\System\JMCyyfA.exe
  C:\Windows\System\JMCyyfA.exe
  2⤵
  PID:7164
- C:\Windows\System\SqiRTjy.exe
  C:\Windows\System\SqiRTjy.exe
  2⤵
  PID:6016
- C:\Windows\System\ftIiJiJ.exe
  C:\Windows\System\ftIiJiJ.exe
  2⤵
  PID:600
- C:\Windows\System\hhfOPZg.exe
  C:\Windows\System\hhfOPZg.exe
  2⤵
  PID:1944
- C:\Windows\System\dYVgEUR.exe
  C:\Windows\System\dYVgEUR.exe
  2⤵
  PID:6148
- C:\Windows\System\QaMrcVG.exe
  C:\Windows\System\QaMrcVG.exe
  2⤵
  PID:6336
- C:\Windows\System\nyppMrA.exe
  C:\Windows\System\nyppMrA.exe
  2⤵
  PID:6268
- C:\Windows\System\vfCmrZS.exe
  C:\Windows\System\vfCmrZS.exe
  2⤵
  PID:6216
- C:\Windows\System\dmqvRnv.exe
  C:\Windows\System\dmqvRnv.exe
  2⤵
  PID:6408
- C:\Windows\System\XgpLzPr.exe
  C:\Windows\System\XgpLzPr.exe
  2⤵
  PID:5900
- C:\Windows\System\VvEvOUA.exe
  C:\Windows\System\VvEvOUA.exe
  2⤵
  PID:6348
- C:\Windows\System\TLARELP.exe
  C:\Windows\System\TLARELP.exe
  2⤵
  PID:6372
- C:\Windows\System\kGakJRo.exe
  C:\Windows\System\kGakJRo.exe
  2⤵
  PID:6152
- C:\Windows\System\oowqOON.exe
  C:\Windows\System\oowqOON.exe
  2⤵
  PID:6368
- C:\Windows\System\NOOgocX.exe
  C:\Windows\System\NOOgocX.exe
  2⤵
  PID:6400
- C:\Windows\System\VZjSFpf.exe
  C:\Windows\System\VZjSFpf.exe
  2⤵
  PID:6516
- C:\Windows\System\aaBhVTN.exe
  C:\Windows\System\aaBhVTN.exe
  2⤵
  PID:6556
- C:\Windows\System\ATDuAqD.exe
  C:\Windows\System\ATDuAqD.exe
  2⤵
  PID:6532
- C:\Windows\System\ODChZer.exe
  C:\Windows\System\ODChZer.exe
  2⤵
  PID:6572
- C:\Windows\System\tAtccul.exe
  C:\Windows\System\tAtccul.exe
  2⤵
  PID:6624
- C:\Windows\System\LPCPBBB.exe
  C:\Windows\System\LPCPBBB.exe
  2⤵
  PID:6700
- C:\Windows\System\cItOSdW.exe
  C:\Windows\System\cItOSdW.exe
  2⤵
  PID:6764
- C:\Windows\System\DYSkGgd.exe
  C:\Windows\System\DYSkGgd.exe
  2⤵
  PID:6828
- C:\Windows\System\yshFzrH.exe
  C:\Windows\System\yshFzrH.exe
  2⤵
  PID:6844
- C:\Windows\System\bUwsHjl.exe
  C:\Windows\System\bUwsHjl.exe
  2⤵
  PID:6480
- C:\Windows\System\TaXgXqv.exe
  C:\Windows\System\TaXgXqv.exe
  2⤵
  PID:6892
- C:\Windows\System\MFQeNIZ.exe
  C:\Windows\System\MFQeNIZ.exe
  2⤵
  PID:6912
- C:\Windows\System\JOyxjYN.exe
  C:\Windows\System\JOyxjYN.exe
  2⤵
  PID:6944
- C:\Windows\System\tJDZagx.exe
  C:\Windows\System\tJDZagx.exe
  2⤵
  PID:7008
- C:\Windows\System\EXwtJGP.exe
  C:\Windows\System\EXwtJGP.exe
  2⤵
  PID:7020
- C:\Windows\System\EdPONOv.exe
  C:\Windows\System\EdPONOv.exe
  2⤵
  PID:6988
- C:\Windows\System\XRxXSaZ.exe
  C:\Windows\System\XRxXSaZ.exe
  2⤵
  PID:7056
- C:\Windows\System\Zkfwcwk.exe
  C:\Windows\System\Zkfwcwk.exe
  2⤵
  PID:5500
- C:\Windows\System\zVsvDXG.exe
  C:\Windows\System\zVsvDXG.exe
  2⤵
  PID:7124
- C:\Windows\System\nLOWQBr.exe
  C:\Windows\System\nLOWQBr.exe
  2⤵
  PID:6304
- C:\Windows\System\thjhagE.exe
  C:\Windows\System\thjhagE.exe
  2⤵
  PID:5972
- C:\Windows\System\AYtvYBL.exe
  C:\Windows\System\AYtvYBL.exe
  2⤵
  PID:6184
- C:\Windows\System\GeCHtuS.exe
  C:\Windows\System\GeCHtuS.exe
  2⤵
  PID:7156
- C:\Windows\System\GQoDyoe.exe
  C:\Windows\System\GQoDyoe.exe
  2⤵
  PID:6484
- C:\Windows\System\JqWZNlK.exe
  C:\Windows\System\JqWZNlK.exe
  2⤵
  PID:6204
- C:\Windows\System\haNCmAR.exe
  C:\Windows\System\haNCmAR.exe
  2⤵
  PID:6612
- C:\Windows\System\uRbvjDK.exe
  C:\Windows\System\uRbvjDK.exe
  2⤵
  PID:6316
- C:\Windows\System\iooeHBP.exe
  C:\Windows\System\iooeHBP.exe
  2⤵
  PID:6620
- C:\Windows\System\zDMRvsU.exe
  C:\Windows\System\zDMRvsU.exe
  2⤵
  PID:6456
- C:\Windows\System\qnjfCwQ.exe
  C:\Windows\System\qnjfCwQ.exe
  2⤵
  PID:6540
- C:\Windows\System\iWRCPpi.exe
  C:\Windows\System\iWRCPpi.exe
  2⤵
  PID:6656
- C:\Windows\System\gTTTBnI.exe
  C:\Windows\System\gTTTBnI.exe
  2⤵
  PID:6816
- C:\Windows\System\RPlhKFb.exe
  C:\Windows\System\RPlhKFb.exe
  2⤵
  PID:6500
- C:\Windows\System\YgSNLJC.exe
  C:\Windows\System\YgSNLJC.exe
  2⤵
  PID:6716
- C:\Windows\System\XdGUUDz.exe
  C:\Windows\System\XdGUUDz.exe
  2⤵
  PID:6672
- C:\Windows\System\DDygkjX.exe
  C:\Windows\System\DDygkjX.exe
  2⤵
  PID:6872
- C:\Windows\System\cIPKOdY.exe
  C:\Windows\System\cIPKOdY.exe
  2⤵
  PID:7004
- C:\Windows\System\RgtgKvS.exe
  C:\Windows\System\RgtgKvS.exe
  2⤵
  PID:6956
- C:\Windows\System\OSbhkdy.exe
  C:\Windows\System\OSbhkdy.exe
  2⤵
  PID:2792
- C:\Windows\System\LCRKzPY.exe
  C:\Windows\System\LCRKzPY.exe
  2⤵
  PID:6252
- C:\Windows\System\lWCuTlg.exe
  C:\Windows\System\lWCuTlg.exe
  2⤵
  PID:6420
- C:\Windows\System\LAuSrUC.exe
  C:\Windows\System\LAuSrUC.exe
  2⤵
  PID:6632
- C:\Windows\System\gOLMIDw.exe
  C:\Windows\System\gOLMIDw.exe
  2⤵
  PID:6888
- C:\Windows\System\rqkHXjv.exe
  C:\Windows\System\rqkHXjv.exe
  2⤵
  PID:6172
- C:\Windows\System\iqNflXR.exe
  C:\Windows\System\iqNflXR.exe
  2⤵
  PID:6364
- C:\Windows\System\WlsGnCB.exe
  C:\Windows\System\WlsGnCB.exe
  2⤵
  PID:6616
- C:\Windows\System\NkdKIOz.exe
  C:\Windows\System\NkdKIOz.exe
  2⤵
  PID:6736
- C:\Windows\System\bEYWlEI.exe
  C:\Windows\System\bEYWlEI.exe
  2⤵
  PID:6784
- C:\Windows\System\mCRsEbY.exe
  C:\Windows\System\mCRsEbY.exe
  2⤵
  PID:7060
- C:\Windows\System\CiPgzPS.exe
  C:\Windows\System\CiPgzPS.exe
  2⤵
  PID:7076
- C:\Windows\System\fmuQuxB.exe
  C:\Windows\System\fmuQuxB.exe
  2⤵
  PID:6904
- C:\Windows\System\UrHHKfo.exe
  C:\Windows\System\UrHHKfo.exe
  2⤵
  PID:5176
- C:\Windows\System\xVtzwRP.exe
  C:\Windows\System\xVtzwRP.exe
  2⤵
  PID:7144
- C:\Windows\System\YOILGex.exe
  C:\Windows\System\YOILGex.exe
  2⤵
  PID:6356
- C:\Windows\System\fwfFBEh.exe
  C:\Windows\System\fwfFBEh.exe
  2⤵
  PID:6960
- C:\Windows\System\iSyxtXw.exe
  C:\Windows\System\iSyxtXw.exe
  2⤵
  PID:7180
- C:\Windows\System\hltpJYO.exe
  C:\Windows\System\hltpJYO.exe
  2⤵
  PID:7196
- C:\Windows\System\OKQtVvi.exe
  C:\Windows\System\OKQtVvi.exe
  2⤵
  PID:7212
- C:\Windows\System\dbHuRYc.exe
  C:\Windows\System\dbHuRYc.exe
  2⤵
  PID:7228
- C:\Windows\System\OweMZRP.exe
  C:\Windows\System\OweMZRP.exe
  2⤵
  PID:7244
- C:\Windows\System\tCIttiR.exe
  C:\Windows\System\tCIttiR.exe
  2⤵
  PID:7260
- C:\Windows\System\nrMFaUa.exe
  C:\Windows\System\nrMFaUa.exe
  2⤵
  PID:7276
- C:\Windows\System\uFASqgB.exe
  C:\Windows\System\uFASqgB.exe
  2⤵
  PID:7292
- C:\Windows\System\zznwrPY.exe
  C:\Windows\System\zznwrPY.exe
  2⤵
  PID:7308
- C:\Windows\System\oZOmeIG.exe
  C:\Windows\System\oZOmeIG.exe
  2⤵
  PID:7324
- C:\Windows\System\szkiYZf.exe
  C:\Windows\System\szkiYZf.exe
  2⤵
  PID:7340
- C:\Windows\System\eRFvQgo.exe
  C:\Windows\System\eRFvQgo.exe
  2⤵
  PID:7356
- C:\Windows\System\DFKCipL.exe
  C:\Windows\System\DFKCipL.exe
  2⤵
  PID:7372
- C:\Windows\System\XhypUAs.exe
  C:\Windows\System\XhypUAs.exe
  2⤵
  PID:7388
- C:\Windows\System\OkGkfcl.exe
  C:\Windows\System\OkGkfcl.exe
  2⤵
  PID:7408
- C:\Windows\System\EDjdszs.exe
  C:\Windows\System\EDjdszs.exe
  2⤵
  PID:7424
- C:\Windows\System\fSRGwBg.exe
  C:\Windows\System\fSRGwBg.exe
  2⤵
  PID:7440
- C:\Windows\System\yMrSrLW.exe
  C:\Windows\System\yMrSrLW.exe
  2⤵
  PID:7460
- C:\Windows\System\DAiqHxB.exe
  C:\Windows\System\DAiqHxB.exe
  2⤵
  PID:7476
- C:\Windows\System\oqqREqt.exe
  C:\Windows\System\oqqREqt.exe
  2⤵
  PID:7492
- C:\Windows\System\MdbiAHR.exe
  C:\Windows\System\MdbiAHR.exe
  2⤵
  PID:7508
- C:\Windows\System\jxrbZug.exe
  C:\Windows\System\jxrbZug.exe
  2⤵
  PID:7524
- C:\Windows\System\olPbbot.exe
  C:\Windows\System\olPbbot.exe
  2⤵
  PID:7540
- C:\Windows\System\tkyOvjx.exe
  C:\Windows\System\tkyOvjx.exe
  2⤵
  PID:7556
- C:\Windows\System\uTRbIYF.exe
  C:\Windows\System\uTRbIYF.exe
  2⤵
  PID:7572
- C:\Windows\System\BHwyniZ.exe
  C:\Windows\System\BHwyniZ.exe
  2⤵
  PID:7588
- C:\Windows\System\juoKvhb.exe
  C:\Windows\System\juoKvhb.exe
  2⤵
  PID:7604
- C:\Windows\System\QPnASjo.exe
  C:\Windows\System\QPnASjo.exe
  2⤵
  PID:7620
- C:\Windows\System\mPbdVck.exe
  C:\Windows\System\mPbdVck.exe
  2⤵
  PID:7636
- C:\Windows\System\UkmUQvd.exe
  C:\Windows\System\UkmUQvd.exe
  2⤵
  PID:7652
- C:\Windows\System\jJvFjPu.exe
  C:\Windows\System\jJvFjPu.exe
  2⤵
  PID:7668
- C:\Windows\System\ejsUTVN.exe
  C:\Windows\System\ejsUTVN.exe
  2⤵
  PID:7684
- C:\Windows\System\rmvGrkF.exe
  C:\Windows\System\rmvGrkF.exe
  2⤵
  PID:7700
- C:\Windows\System\WhmKqjo.exe
  C:\Windows\System\WhmKqjo.exe
  2⤵
  PID:7716
- C:\Windows\System\FMlbrrT.exe
  C:\Windows\System\FMlbrrT.exe
  2⤵
  PID:7732
- C:\Windows\System\ZgATLpc.exe
  C:\Windows\System\ZgATLpc.exe
  2⤵
  PID:7748
- C:\Windows\System\DYFqUuU.exe
  C:\Windows\System\DYFqUuU.exe
  2⤵
  PID:7764
- C:\Windows\System\iBgCXoD.exe
  C:\Windows\System\iBgCXoD.exe
  2⤵
  PID:7780
- C:\Windows\System\shqvxEN.exe
  C:\Windows\System\shqvxEN.exe
  2⤵
  PID:7796
- C:\Windows\System\qoOAHOX.exe
  C:\Windows\System\qoOAHOX.exe
  2⤵
  PID:7812
- C:\Windows\System\zZwvSHB.exe
  C:\Windows\System\zZwvSHB.exe
  2⤵
  PID:7828
- C:\Windows\System\EuLBMva.exe
  C:\Windows\System\EuLBMva.exe
  2⤵
  PID:7844
- C:\Windows\System\jBqilTM.exe
  C:\Windows\System\jBqilTM.exe
  2⤵
  PID:7860
- C:\Windows\System\kCacsEP.exe
  C:\Windows\System\kCacsEP.exe
  2⤵
  PID:7876
- C:\Windows\System\utfLMgZ.exe
  C:\Windows\System\utfLMgZ.exe
  2⤵
  PID:7892
- C:\Windows\System\OeaVDry.exe
  C:\Windows\System\OeaVDry.exe
  2⤵
  PID:7908
- C:\Windows\System\DzfdgGS.exe
  C:\Windows\System\DzfdgGS.exe
  2⤵
  PID:7928
- C:\Windows\System\jAUkQKI.exe
  C:\Windows\System\jAUkQKI.exe
  2⤵
  PID:7944
- C:\Windows\System\WXqDpzh.exe
  C:\Windows\System\WXqDpzh.exe
  2⤵
  PID:7964
- C:\Windows\System\XvlgXqW.exe
  C:\Windows\System\XvlgXqW.exe
  2⤵
  PID:7980
- C:\Windows\System\yVGrCFl.exe
  C:\Windows\System\yVGrCFl.exe
  2⤵
  PID:7996
- C:\Windows\System\bWRVEsj.exe
  C:\Windows\System\bWRVEsj.exe
  2⤵
  PID:8012
- C:\Windows\System\nZVqUSm.exe
  C:\Windows\System\nZVqUSm.exe
  2⤵
  PID:8028
- C:\Windows\System\lKyZyOB.exe
  C:\Windows\System\lKyZyOB.exe
  2⤵
  PID:8044
- C:\Windows\System\YfwpwBc.exe
  C:\Windows\System\YfwpwBc.exe
  2⤵
  PID:8060
- C:\Windows\System\pavEBcn.exe
  C:\Windows\System\pavEBcn.exe
  2⤵
  PID:8076
- C:\Windows\System\azCILoC.exe
  C:\Windows\System\azCILoC.exe
  2⤵
  PID:8092
- C:\Windows\System\psnjqOo.exe
  C:\Windows\System\psnjqOo.exe
  2⤵
  PID:8108
- C:\Windows\System\tEHOJdG.exe
  C:\Windows\System\tEHOJdG.exe
  2⤵
  PID:8124
- C:\Windows\System\zDuvZkK.exe
  C:\Windows\System\zDuvZkK.exe
  2⤵
  PID:8140
- C:\Windows\System\ljIExIj.exe
  C:\Windows\System\ljIExIj.exe
  2⤵
  PID:8156
- C:\Windows\System\YNCUSbv.exe
  C:\Windows\System\YNCUSbv.exe
  2⤵
  PID:8172
- C:\Windows\System\gCdBexM.exe
  C:\Windows\System\gCdBexM.exe
  2⤵
  PID:8188
- C:\Windows\System\HEYWoaY.exe
  C:\Windows\System\HEYWoaY.exe
  2⤵
  PID:6684
- C:\Windows\System\fGPiDmx.exe
  C:\Windows\System\fGPiDmx.exe
  2⤵
  PID:6440
- C:\Windows\System\kmenJQV.exe
  C:\Windows\System\kmenJQV.exe
  2⤵
  PID:6476
- C:\Windows\System\iWBciob.exe
  C:\Windows\System\iWBciob.exe
  2⤵
  PID:7068
- C:\Windows\System\dGQGTau.exe
  C:\Windows\System\dGQGTau.exe
  2⤵
  PID:6976
- C:\Windows\System\oIGUXuc.exe
  C:\Windows\System\oIGUXuc.exe
  2⤵
  PID:7172
- C:\Windows\System\CYMesjI.exe
  C:\Windows\System\CYMesjI.exe
  2⤵
  PID:6636
- C:\Windows\System\rqMmZqM.exe
  C:\Windows\System\rqMmZqM.exe
  2⤵
  PID:7192
- C:\Windows\System\nQWSmKB.exe
  C:\Windows\System\nQWSmKB.exe
  2⤵
  PID:7272
- C:\Windows\System\IQYUvkZ.exe
  C:\Windows\System\IQYUvkZ.exe
  2⤵
  PID:7304
- C:\Windows\System\fzymtmR.exe
  C:\Windows\System\fzymtmR.exe
  2⤵
  PID:7368
- C:\Windows\System\BvfXEsV.exe
  C:\Windows\System\BvfXEsV.exe
  2⤵
  PID:7288
- C:\Windows\System\DoEdQIv.exe
  C:\Windows\System\DoEdQIv.exe
  2⤵
  PID:7352
- C:\Windows\System\MolyOss.exe
  C:\Windows\System\MolyOss.exe
  2⤵
  PID:7420
- C:\Windows\System\tRzeaFB.exe
  C:\Windows\System\tRzeaFB.exe
  2⤵
  PID:7488
- C:\Windows\System\lvjFbrF.exe
  C:\Windows\System\lvjFbrF.exe
  2⤵
  PID:7552
- C:\Windows\System\REnKxAS.exe
  C:\Windows\System\REnKxAS.exe
  2⤵
  PID:7436
- C:\Windows\System\IwHiyoT.exe
  C:\Windows\System\IwHiyoT.exe
  2⤵
  PID:7648
- C:\Windows\System\jCsRSHO.exe
  C:\Windows\System\jCsRSHO.exe
  2⤵
  PID:7404
- C:\Windows\System\pQrRqVH.exe
  C:\Windows\System\pQrRqVH.exe
  2⤵
  PID:7744
- C:\Windows\System\ouomXVl.exe
  C:\Windows\System\ouomXVl.exe
  2⤵
  PID:7628
- C:\Windows\System\sGXUGRP.exe
  C:\Windows\System\sGXUGRP.exe
  2⤵
  PID:7664
- C:\Windows\System\fYnaUbI.exe
  C:\Windows\System\fYnaUbI.exe
  2⤵
  PID:7568
- C:\Windows\System\tEscjxR.exe
  C:\Windows\System\tEscjxR.exe
  2⤵
  PID:7696
- C:\Windows\System\XmtNjjC.exe
  C:\Windows\System\XmtNjjC.exe
  2⤵
  PID:7760
- C:\Windows\System\eurNoBk.exe
  C:\Windows\System\eurNoBk.exe
  2⤵
  PID:7776
- C:\Windows\System\MkcAWtJ.exe
  C:\Windows\System\MkcAWtJ.exe
  2⤵
  PID:7868
- C:\Windows\System\ArMlrkf.exe
  C:\Windows\System\ArMlrkf.exe
  2⤵
  PID:7792
- C:\Windows\System\TOlaSyT.exe
  C:\Windows\System\TOlaSyT.exe
  2⤵
  PID:7852
- C:\Windows\System\ZgkHvjU.exe
  C:\Windows\System\ZgkHvjU.exe
  2⤵
  PID:7924
- C:\Windows\System\KyZQbcY.exe
  C:\Windows\System\KyZQbcY.exe
  2⤵
  PID:7976
- C:\Windows\System\nhCesul.exe
  C:\Windows\System\nhCesul.exe
  2⤵
  PID:8040
- C:\Windows\System\qrgJoEL.exe
  C:\Windows\System\qrgJoEL.exe
  2⤵
  PID:8068
- C:\Windows\System\ItBWtJR.exe
  C:\Windows\System\ItBWtJR.exe
  2⤵
  PID:8132
- C:\Windows\System\PDkxSBR.exe
  C:\Windows\System\PDkxSBR.exe
  2⤵
  PID:7088
- C:\Windows\System\NyokcDr.exe
  C:\Windows\System\NyokcDr.exe
  2⤵
  PID:8020
- C:\Windows\System\XbirPlH.exe
  C:\Windows\System\XbirPlH.exe
  2⤵
  PID:6668
- C:\Windows\System\VGsxrwG.exe
  C:\Windows\System\VGsxrwG.exe
  2⤵
  PID:7224
- C:\Windows\System\QXrnoir.exe
  C:\Windows\System\QXrnoir.exe
  2⤵
  PID:8088
- C:\Windows\System\iimhshp.exe
  C:\Windows\System\iimhshp.exe
  2⤵
  PID:8152
- C:\Windows\System\KAINmyh.exe
  C:\Windows\System\KAINmyh.exe
  2⤵
  PID:1792
- C:\Windows\System\RixUMao.exe
  C:\Windows\System\RixUMao.exe
  2⤵
  PID:6652
- C:\Windows\System\MXKhluJ.exe
  C:\Windows\System\MXKhluJ.exe
  2⤵
  PID:7300
- C:\Windows\System\eOxlXIQ.exe
  C:\Windows\System\eOxlXIQ.exe
  2⤵
  PID:7416
- C:\Windows\System\gXSkcHR.exe
  C:\Windows\System\gXSkcHR.exe
  2⤵
  PID:7584
- C:\Windows\System\GqrFcVf.exe
  C:\Windows\System\GqrFcVf.exe
  2⤵
  PID:7348
- C:\Windows\System\XZNZgSp.exe
  C:\Windows\System\XZNZgSp.exe
  2⤵
  PID:7400
- C:\Windows\System\ypLlahC.exe
  C:\Windows\System\ypLlahC.exe
  2⤵
  PID:7564
- C:\Windows\System\cwnBysC.exe
  C:\Windows\System\cwnBysC.exe
  2⤵
  PID:7644
- C:\Windows\System\XnSNMJb.exe
  C:\Windows\System\XnSNMJb.exe
  2⤵
  PID:7824
- C:\Windows\System\enCylIz.exe
  C:\Windows\System\enCylIz.exe
  2⤵
  PID:7972
- C:\Windows\System\oExALBB.exe
  C:\Windows\System\oExALBB.exe
  2⤵
  PID:8100
- C:\Windows\System\wGPboMn.exe
  C:\Windows\System\wGPboMn.exe
  2⤵
  PID:7632
- C:\Windows\System\chkIDsg.exe
  C:\Windows\System\chkIDsg.exe
  2⤵
  PID:8164
- C:\Windows\System\vNLIrom.exe
  C:\Windows\System\vNLIrom.exe
  2⤵
  PID:8056
- C:\Windows\System\vLiXvvu.exe
  C:\Windows\System\vLiXvvu.exe
  2⤵
  PID:7188
- C:\Windows\System\RJTpILq.exe
  C:\Windows\System\RJTpILq.exe
  2⤵
  PID:6424
- C:\Windows\System\QBIultm.exe
  C:\Windows\System\QBIultm.exe
  2⤵
  PID:7988
- C:\Windows\System\gXrxaGE.exe
  C:\Windows\System\gXrxaGE.exe
  2⤵
  PID:8120
- C:\Windows\System\rRjGjdv.exe
  C:\Windows\System\rRjGjdv.exe
  2⤵
  PID:7600
- C:\Windows\System\dsqAwFA.exe
  C:\Windows\System\dsqAwFA.exe
  2⤵
  PID:7320
- C:\Windows\System\SNzwrht.exe
  C:\Windows\System\SNzwrht.exe
  2⤵
  PID:7680
- C:\Windows\System\hqKzZnZ.exe
  C:\Windows\System\hqKzZnZ.exe
  2⤵
  PID:8052
- C:\Windows\System\YZLFNPi.exe
  C:\Windows\System\YZLFNPi.exe
  2⤵
  PID:7820
- C:\Windows\System\AfHSWJD.exe
  C:\Windows\System\AfHSWJD.exe
  2⤵
  PID:8184
- C:\Windows\System\WSzlJLM.exe
  C:\Windows\System\WSzlJLM.exe
  2⤵
  PID:7888
- C:\Windows\System\HYokwME.exe
  C:\Windows\System\HYokwME.exe
  2⤵
  PID:7884
- C:\Windows\System\tyKUbcK.exe
  C:\Windows\System\tyKUbcK.exe
  2⤵
  PID:7384
- C:\Windows\System\VBZTJzK.exe
  C:\Windows\System\VBZTJzK.exe
  2⤵
  PID:7772
- C:\Windows\System\ORsLkvG.exe
  C:\Windows\System\ORsLkvG.exe
  2⤵
  PID:8208
- C:\Windows\System\hCHtfXt.exe
  C:\Windows\System\hCHtfXt.exe
  2⤵
  PID:8224
- C:\Windows\System\YUdGexC.exe
  C:\Windows\System\YUdGexC.exe
  2⤵
  PID:8240
- C:\Windows\System\eFZhsVY.exe
  C:\Windows\System\eFZhsVY.exe
  2⤵
  PID:8256
- C:\Windows\System\DyAWbUF.exe
  C:\Windows\System\DyAWbUF.exe
  2⤵
  PID:8272
- C:\Windows\System\fcAlfVU.exe
  C:\Windows\System\fcAlfVU.exe
  2⤵
  PID:8288
- C:\Windows\System\JwWKpKK.exe
  C:\Windows\System\JwWKpKK.exe
  2⤵
  PID:8304
- C:\Windows\System\uvhMtCU.exe
  C:\Windows\System\uvhMtCU.exe
  2⤵
  PID:8320
- C:\Windows\System\iCRqBrg.exe
  C:\Windows\System\iCRqBrg.exe
  2⤵
  PID:8336
- C:\Windows\System\lOgpzTz.exe
  C:\Windows\System\lOgpzTz.exe
  2⤵
  PID:8352
- C:\Windows\System\sLNEemZ.exe
  C:\Windows\System\sLNEemZ.exe
  2⤵
  PID:8368
- C:\Windows\System\nDgftKP.exe
  C:\Windows\System\nDgftKP.exe
  2⤵
  PID:8384
- C:\Windows\System\tveiOyV.exe
  C:\Windows\System\tveiOyV.exe
  2⤵
  PID:8400
- C:\Windows\System\JWJQjro.exe
  C:\Windows\System\JWJQjro.exe
  2⤵
  PID:8416
- C:\Windows\System\icIhPvm.exe
  C:\Windows\System\icIhPvm.exe
  2⤵
  PID:8432
- C:\Windows\System\jyWNpFa.exe
  C:\Windows\System\jyWNpFa.exe
  2⤵
  PID:8452
- C:\Windows\System\dmxauPV.exe
  C:\Windows\System\dmxauPV.exe
  2⤵
  PID:8468
- C:\Windows\System\OYspDOi.exe
  C:\Windows\System\OYspDOi.exe
  2⤵
  PID:8484
- C:\Windows\System\WhWPdBd.exe
  C:\Windows\System\WhWPdBd.exe
  2⤵
  PID:8500
- C:\Windows\System\mjVcGsz.exe
  C:\Windows\System\mjVcGsz.exe
  2⤵
  PID:8516
- C:\Windows\System\BtIwcYp.exe
  C:\Windows\System\BtIwcYp.exe
  2⤵
  PID:8532
- C:\Windows\System\zaTqvdV.exe
  C:\Windows\System\zaTqvdV.exe
  2⤵
  PID:8548
- C:\Windows\System\HRYlgal.exe
  C:\Windows\System\HRYlgal.exe
  2⤵
  PID:8564
- C:\Windows\System\NtXWCyA.exe
  C:\Windows\System\NtXWCyA.exe
  2⤵
  PID:8580
- C:\Windows\System\NvElpLQ.exe
  C:\Windows\System\NvElpLQ.exe
  2⤵
  PID:8596
- C:\Windows\System\rNvVmwh.exe
  C:\Windows\System\rNvVmwh.exe
  2⤵
  PID:8612
- C:\Windows\System\UigOtso.exe
  C:\Windows\System\UigOtso.exe
  2⤵
  PID:8628
- C:\Windows\System\ngmFXWS.exe
  C:\Windows\System\ngmFXWS.exe
  2⤵
  PID:8644
- C:\Windows\System\HTHPwtX.exe
  C:\Windows\System\HTHPwtX.exe
  2⤵
  PID:8660
- C:\Windows\System\wOTMwfV.exe
  C:\Windows\System\wOTMwfV.exe
  2⤵
  PID:8676
- C:\Windows\System\aBrjtWs.exe
  C:\Windows\System\aBrjtWs.exe
  2⤵
  PID:8692
- C:\Windows\System\TKTdovX.exe
  C:\Windows\System\TKTdovX.exe
  2⤵
  PID:8708
- C:\Windows\System\XPwEhpv.exe
  C:\Windows\System\XPwEhpv.exe
  2⤵
  PID:8724
- C:\Windows\System\BdbWVGs.exe
  C:\Windows\System\BdbWVGs.exe
  2⤵
  PID:8740
- C:\Windows\System\FQcSJJU.exe
  C:\Windows\System\FQcSJJU.exe
  2⤵
  PID:8756
- C:\Windows\System\nSQNLnF.exe
  C:\Windows\System\nSQNLnF.exe
  2⤵
  PID:8772
- C:\Windows\System\GISieuI.exe
  C:\Windows\System\GISieuI.exe
  2⤵
  PID:8788
- C:\Windows\System\tWGfAAP.exe
  C:\Windows\System\tWGfAAP.exe
  2⤵
  PID:8804
- C:\Windows\System\rzMgWSF.exe
  C:\Windows\System\rzMgWSF.exe
  2⤵
  PID:8820
- C:\Windows\System\HwmOmUh.exe
  C:\Windows\System\HwmOmUh.exe
  2⤵
  PID:8836
- C:\Windows\System\axzKOmx.exe
  C:\Windows\System\axzKOmx.exe
  2⤵
  PID:8852
- C:\Windows\System\eIXXfgW.exe
  C:\Windows\System\eIXXfgW.exe
  2⤵
  PID:8868
- C:\Windows\System\SZZcitt.exe
  C:\Windows\System\SZZcitt.exe
  2⤵
  PID:8884
- C:\Windows\System\aurmzGn.exe
  C:\Windows\System\aurmzGn.exe
  2⤵
  PID:8900
- C:\Windows\System\GPiJwqE.exe
  C:\Windows\System\GPiJwqE.exe
  2⤵
  PID:8916
- C:\Windows\System\OUtSSKr.exe
  C:\Windows\System\OUtSSKr.exe
  2⤵
  PID:8932
- C:\Windows\System\tyEzXar.exe
  C:\Windows\System\tyEzXar.exe
  2⤵
  PID:8948
- C:\Windows\System\cqFSthF.exe
  C:\Windows\System\cqFSthF.exe
  2⤵
  PID:8964
- C:\Windows\System\RcZJdnu.exe
  C:\Windows\System\RcZJdnu.exe
  2⤵
  PID:8980
- C:\Windows\System\jYvBEIJ.exe
  C:\Windows\System\jYvBEIJ.exe
  2⤵
  PID:8996
- C:\Windows\System\OBBEoqj.exe
  C:\Windows\System\OBBEoqj.exe
  2⤵
  PID:9012
- C:\Windows\System\mTIpKVF.exe
  C:\Windows\System\mTIpKVF.exe
  2⤵
  PID:9028
- C:\Windows\System\gkBubNc.exe
  C:\Windows\System\gkBubNc.exe
  2⤵
  PID:9044
- C:\Windows\System\jJArRmb.exe
  C:\Windows\System\jJArRmb.exe
  2⤵
  PID:9060
- C:\Windows\System\ADOfyPi.exe
  C:\Windows\System\ADOfyPi.exe
  2⤵
  PID:9080
- C:\Windows\System\ThimxdI.exe
  C:\Windows\System\ThimxdI.exe
  2⤵
  PID:9096
- C:\Windows\System\RqffQnj.exe
  C:\Windows\System\RqffQnj.exe
  2⤵
  PID:9112
- C:\Windows\System\dzrCVyN.exe
  C:\Windows\System\dzrCVyN.exe
  2⤵
  PID:9128
- C:\Windows\System\ldPFfxR.exe
  C:\Windows\System\ldPFfxR.exe
  2⤵
  PID:9144
- C:\Windows\System\NMkRHcd.exe
  C:\Windows\System\NMkRHcd.exe
  2⤵
  PID:9160
- C:\Windows\System\BnbAUuZ.exe
  C:\Windows\System\BnbAUuZ.exe
  2⤵
  PID:9176
- C:\Windows\System\DZAZVYe.exe
  C:\Windows\System\DZAZVYe.exe
  2⤵
  PID:9192
- C:\Windows\System\qCfJltu.exe
  C:\Windows\System\qCfJltu.exe
  2⤵
  PID:9208
- C:\Windows\System\KNKyUWn.exe
  C:\Windows\System\KNKyUWn.exe
  2⤵
  PID:7940
- C:\Windows\System\MEDxrNn.exe
  C:\Windows\System\MEDxrNn.exe
  2⤵
  PID:7364
- C:\Windows\System\vVukDAM.exe
  C:\Windows\System\vVukDAM.exe
  2⤵
  PID:7536
- C:\Windows\System\VPwdXTo.exe
  C:\Windows\System\VPwdXTo.exe
  2⤵
  PID:8236
- C:\Windows\System\REyfYDi.exe
  C:\Windows\System\REyfYDi.exe
  2⤵
  PID:8200
- C:\Windows\System\tclVzJS.exe
  C:\Windows\System\tclVzJS.exe
  2⤵
  PID:8296
- C:\Windows\System\USUnvAS.exe
  C:\Windows\System\USUnvAS.exe
  2⤵
  PID:8360
- C:\Windows\System\rhxauyw.exe
  C:\Windows\System\rhxauyw.exe
  2⤵
  PID:8424
- C:\Windows\System\wqLxeqi.exe
  C:\Windows\System\wqLxeqi.exe
  2⤵
  PID:8284
- C:\Windows\System\xGWtziU.exe
  C:\Windows\System\xGWtziU.exe
  2⤵
  PID:8344
- C:\Windows\System\DDUNqsH.exe
  C:\Windows\System\DDUNqsH.exe
  2⤵
  PID:8480
- C:\Windows\System\YHlTTmQ.exe
  C:\Windows\System\YHlTTmQ.exe
  2⤵
  PID:8252
- C:\Windows\System\ygfzPMY.exe
  C:\Windows\System\ygfzPMY.exe
  2⤵
  PID:8540
- C:\Windows\System\YBLMeBY.exe
  C:\Windows\System\YBLMeBY.exe
  2⤵
  PID:8492
- C:\Windows\System\vUBXcbf.exe
  C:\Windows\System\vUBXcbf.exe
  2⤵
  PID:8640
- C:\Windows\System\SotHwEm.exe
  C:\Windows\System\SotHwEm.exe
  2⤵
  PID:8524
- C:\Windows\System\kTcVFsl.exe
  C:\Windows\System\kTcVFsl.exe
  2⤵
  PID:8732
- C:\Windows\System\LshDtGP.exe
  C:\Windows\System\LshDtGP.exe
  2⤵
  PID:8588
- C:\Windows\System\gvTCbHC.exe
  C:\Windows\System\gvTCbHC.exe
  2⤵
  PID:8656
- C:\Windows\System\XUaOWOc.exe
  C:\Windows\System\XUaOWOc.exe
  2⤵
  PID:8688
- C:\Windows\System\ZtHajwU.exe
  C:\Windows\System\ZtHajwU.exe
  2⤵
  PID:8796
- C:\Windows\System\KPikBxw.exe
  C:\Windows\System\KPikBxw.exe
  2⤵
  PID:8832
- C:\Windows\System\XHvzPxY.exe
  C:\Windows\System\XHvzPxY.exe
  2⤵
  PID:8896
- C:\Windows\System\dHXuiJR.exe
  C:\Windows\System\dHXuiJR.exe
  2⤵
  PID:8960
- C:\Windows\System\ukESaFH.exe
  C:\Windows\System\ukESaFH.exe
  2⤵
  PID:8752
- C:\Windows\System\ONhlhCI.exe
  C:\Windows\System\ONhlhCI.exe
  2⤵
  PID:9004
- C:\Windows\System\ewFPSRH.exe
  C:\Windows\System\ewFPSRH.exe
  2⤵
  PID:8876
- C:\Windows\System\dmySEmW.exe
  C:\Windows\System\dmySEmW.exe
  2⤵
  PID:8940
- C:\Windows\System\hIpgpZD.exe
  C:\Windows\System\hIpgpZD.exe
  2⤵
  PID:9008
- C:\Windows\System\kWBpzXS.exe
  C:\Windows\System\kWBpzXS.exe
  2⤵
  PID:9040
- C:\Windows\System\uIQWFle.exe
  C:\Windows\System\uIQWFle.exe
  2⤵
  PID:9088
- C:\Windows\System\XvqDofg.exe
  C:\Windows\System\XvqDofg.exe
  2⤵
  PID:9152
- C:\Windows\System\qhvcevh.exe
  C:\Windows\System\qhvcevh.exe
  2⤵
  PID:6380
- C:\Windows\System\SZuNSLs.exe
  C:\Windows\System\SZuNSLs.exe
  2⤵
  PID:9172
- C:\Windows\System\sUZbjAc.exe
  C:\Windows\System\sUZbjAc.exe
  2⤵
  PID:8332
- C:\Windows\System\RhsfMag.exe
  C:\Windows\System\RhsfMag.exe
  2⤵
  PID:8216
- C:\Windows\System\MSOBnnm.exe
  C:\Windows\System\MSOBnnm.exe
  2⤵
  PID:9200
- C:\Windows\System\hqiShRu.exe
  C:\Windows\System\hqiShRu.exe
  2⤵
  PID:8036
- C:\Windows\System\mPFJujh.exe
  C:\Windows\System\mPFJujh.exe
  2⤵
  PID:8460
- C:\Windows\System\CIiNNTw.exe
  C:\Windows\System\CIiNNTw.exe
  2⤵
  PID:8316
- C:\Windows\System\cBZNjTu.exe
  C:\Windows\System\cBZNjTu.exe
  2⤵
  PID:8440
- C:\Windows\System\PKCKnXH.exe
  C:\Windows\System\PKCKnXH.exe
  2⤵
  PID:8636
- C:\Windows\System\AHxxeIp.exe
  C:\Windows\System\AHxxeIp.exe
  2⤵
  PID:8652
- C:\Windows\System\rjgOZAE.exe
  C:\Windows\System\rjgOZAE.exe
  2⤵
  PID:8892
- C:\Windows\System\lKIVrME.exe
  C:\Windows\System\lKIVrME.exe
  2⤵
  PID:8684
- C:\Windows\System\xAidQcK.exe
  C:\Windows\System\xAidQcK.exe
  2⤵
  PID:8976
- C:\Windows\System\ebJiVwj.exe
  C:\Windows\System\ebJiVwj.exe
  2⤵
  PID:9188
- C:\Windows\System\cgvfttn.exe
  C:\Windows\System\cgvfttn.exe
  2⤵
  PID:8220
- C:\Windows\System\rzXjfpR.exe
  C:\Windows\System\rzXjfpR.exe
  2⤵
  PID:8700
- C:\Windows\System\jBXOBFQ.exe
  C:\Windows\System\jBXOBFQ.exe
  2⤵
  PID:8704
- C:\Windows\System\GECuGum.exe
  C:\Windows\System\GECuGum.exe
  2⤵
  PID:8828
- C:\Windows\System\JNyZZNg.exe
  C:\Windows\System\JNyZZNg.exe
  2⤵
  PID:8780
- C:\Windows\System\sTPFfwn.exe
  C:\Windows\System\sTPFfwn.exe
  2⤵
  PID:2272
- C:\Windows\System\vLaLqzA.exe
  C:\Windows\System\vLaLqzA.exe
  2⤵
  PID:9124
- C:\Windows\System\bhTvzum.exe
  C:\Windows\System\bhTvzum.exe
  2⤵
  PID:6248
- C:\Windows\System\LluQuji.exe
  C:\Windows\System\LluQuji.exe
  2⤵
  PID:8476
- C:\Windows\System\OONmiia.exe
  C:\Windows\System\OONmiia.exe
  2⤵
  PID:1816
- C:\Windows\System\YktFbQI.exe
  C:\Windows\System\YktFbQI.exe
  2⤵
  PID:2480
- C:\Windows\System\goDnZGO.exe
  C:\Windows\System\goDnZGO.exe
  2⤵
  PID:8972
- C:\Windows\System\LwVkLkL.exe
  C:\Windows\System\LwVkLkL.exe
  2⤵
  PID:8576
- C:\Windows\System\bSGEazW.exe
  C:\Windows\System\bSGEazW.exe
  2⤵
  PID:9068
- C:\Windows\System\qTXtsjf.exe
  C:\Windows\System\qTXtsjf.exe
  2⤵
  PID:8624
- C:\Windows\System\fIGsaoI.exe
  C:\Windows\System\fIGsaoI.exe
  2⤵
  PID:8768
- C:\Windows\System\ZrXPcdk.exe
  C:\Windows\System\ZrXPcdk.exe
  2⤵
  PID:9108
- C:\Windows\System\nQWxoHm.exe
  C:\Windows\System\nQWxoHm.exe
  2⤵
  PID:8464
- C:\Windows\System\UmLeBXj.exe
  C:\Windows\System\UmLeBXj.exe
  2⤵
  PID:8848
- C:\Windows\System\MLthXTU.exe
  C:\Windows\System\MLthXTU.exe
  2⤵
  PID:8496
- C:\Windows\System\DpEwKSJ.exe
  C:\Windows\System\DpEwKSJ.exe
  2⤵
  PID:9184
- C:\Windows\System\VtkAYqt.exe
  C:\Windows\System\VtkAYqt.exe
  2⤵
  PID:8396
- C:\Windows\System\iWMVxVB.exe
  C:\Windows\System\iWMVxVB.exe
  2⤵
  PID:7284
- C:\Windows\System\VyNELDQ.exe
  C:\Windows\System\VyNELDQ.exe
  2⤵
  PID:8864
- C:\Windows\System\APTIozg.exe
  C:\Windows\System\APTIozg.exe
  2⤵
  PID:9232
- C:\Windows\System\opAaJsi.exe
  C:\Windows\System\opAaJsi.exe
  2⤵
  PID:9248
- C:\Windows\System\sYWSXyj.exe
  C:\Windows\System\sYWSXyj.exe
  2⤵
  PID:9264
- C:\Windows\System\IbMalXs.exe
  C:\Windows\System\IbMalXs.exe
  2⤵
  PID:9280
- C:\Windows\System\lszBLdn.exe
  C:\Windows\System\lszBLdn.exe
  2⤵
  PID:9296
- C:\Windows\System\FsvLYWN.exe
  C:\Windows\System\FsvLYWN.exe
  2⤵
  PID:9312
- C:\Windows\System\pUZfjTJ.exe
  C:\Windows\System\pUZfjTJ.exe
  2⤵
  PID:9328
- C:\Windows\System\Rxioqzx.exe
  C:\Windows\System\Rxioqzx.exe
  2⤵
  PID:9344
- C:\Windows\System\ZtZZSSd.exe
  C:\Windows\System\ZtZZSSd.exe
  2⤵
  PID:9360
- C:\Windows\System\snlJIUV.exe
  C:\Windows\System\snlJIUV.exe
  2⤵
  PID:9376
- C:\Windows\System\ugGXHAd.exe
  C:\Windows\System\ugGXHAd.exe
  2⤵
  PID:9392
- C:\Windows\System\cfTkLmA.exe
  C:\Windows\System\cfTkLmA.exe
  2⤵
  PID:9408
- C:\Windows\System\xSgAtbb.exe
  C:\Windows\System\xSgAtbb.exe
  2⤵
  PID:9424
- C:\Windows\System\ZKjerto.exe
  C:\Windows\System\ZKjerto.exe
  2⤵
  PID:9440
- C:\Windows\System\XiWtmsw.exe
  C:\Windows\System\XiWtmsw.exe
  2⤵
  PID:9468
- C:\Windows\System\AioneFP.exe
  C:\Windows\System\AioneFP.exe
  2⤵
  PID:9620
- C:\Windows\System\ZWKFwmK.exe
  C:\Windows\System\ZWKFwmK.exe
  2⤵
  PID:9644
- C:\Windows\System\JnJofhM.exe
  C:\Windows\System\JnJofhM.exe
  2⤵
  PID:9660
- C:\Windows\System\bITlIpf.exe
  C:\Windows\System\bITlIpf.exe
  2⤵
  PID:9696
- C:\Windows\System\EvzrCBX.exe
  C:\Windows\System\EvzrCBX.exe
  2⤵
  PID:9712
- C:\Windows\System\rQOJtNH.exe
  C:\Windows\System\rQOJtNH.exe
  2⤵
  PID:9728
- C:\Windows\System\DyaGtUR.exe
  C:\Windows\System\DyaGtUR.exe
  2⤵
  PID:9744
- C:\Windows\System\lEfwrLs.exe
  C:\Windows\System\lEfwrLs.exe
  2⤵
  PID:9760
- C:\Windows\System\FoibcLG.exe
  C:\Windows\System\FoibcLG.exe
  2⤵
  PID:9776
- C:\Windows\System\SlYTCmU.exe
  C:\Windows\System\SlYTCmU.exe
  2⤵
  PID:9792
- C:\Windows\System\EpvoEFt.exe
  C:\Windows\System\EpvoEFt.exe
  2⤵
  PID:9808
- C:\Windows\System\iymGlkg.exe
  C:\Windows\System\iymGlkg.exe
  2⤵
  PID:9824
- C:\Windows\System\qrkgCRZ.exe
  C:\Windows\System\qrkgCRZ.exe
  2⤵
  PID:9840
- C:\Windows\System\JvdjaHX.exe
  C:\Windows\System\JvdjaHX.exe
  2⤵
  PID:9856
- C:\Windows\System\GBBMmYq.exe
  C:\Windows\System\GBBMmYq.exe
  2⤵
  PID:9872
- C:\Windows\System\HkVPFtK.exe
  C:\Windows\System\HkVPFtK.exe
  2⤵
  PID:9888
- C:\Windows\System\jDhJamf.exe
  C:\Windows\System\jDhJamf.exe
  2⤵
  PID:9904
- C:\Windows\System\wBEfGip.exe
  C:\Windows\System\wBEfGip.exe
  2⤵
  PID:9920
- C:\Windows\System\wqUxSkp.exe
  C:\Windows\System\wqUxSkp.exe
  2⤵
  PID:9936
- C:\Windows\System\AJGuWNU.exe
  C:\Windows\System\AJGuWNU.exe
  2⤵
  PID:9964
- C:\Windows\System\YdPdxeF.exe
  C:\Windows\System\YdPdxeF.exe
  2⤵
  PID:9984
- C:\Windows\System\kwMAKUH.exe
  C:\Windows\System\kwMAKUH.exe
  2⤵
  PID:10004
- C:\Windows\System\gNjwhWs.exe
  C:\Windows\System\gNjwhWs.exe
  2⤵
  PID:10020
- C:\Windows\System\alpjpJl.exe
  C:\Windows\System\alpjpJl.exe
  2⤵
  PID:10036
- C:\Windows\System\XBXJrKH.exe
  C:\Windows\System\XBXJrKH.exe
  2⤵
  PID:10052
- C:\Windows\System\lzxlfGY.exe
  C:\Windows\System\lzxlfGY.exe
  2⤵
  PID:10076
- C:\Windows\System\QrscVmK.exe
  C:\Windows\System\QrscVmK.exe
  2⤵
  PID:10096
- C:\Windows\System\iJXVQsh.exe
  C:\Windows\System\iJXVQsh.exe
  2⤵
  PID:10112
- C:\Windows\System\QMSJZuk.exe
  C:\Windows\System\QMSJZuk.exe
  2⤵
  PID:10128
- C:\Windows\System\mPZUowt.exe
  C:\Windows\System\mPZUowt.exe
  2⤵
  PID:10144
- C:\Windows\System\KNsnijd.exe
  C:\Windows\System\KNsnijd.exe
  2⤵
  PID:10160
- C:\Windows\System\hefMaYZ.exe
  C:\Windows\System\hefMaYZ.exe
  2⤵
  PID:10192
- C:\Windows\System\sjfCTqZ.exe
  C:\Windows\System\sjfCTqZ.exe
  2⤵
  PID:10224
- C:\Windows\System\NIcUuac.exe
  C:\Windows\System\NIcUuac.exe
  2⤵
  PID:8412
- C:\Windows\System\tMImXuV.exe
  C:\Windows\System\tMImXuV.exe
  2⤵
  PID:9304
- C:\Windows\System\bBESJmF.exe
  C:\Windows\System\bBESJmF.exe
  2⤵
  PID:9168
- C:\Windows\System\RNGVVdd.exe
  C:\Windows\System\RNGVVdd.exe
  2⤵
  PID:9228
- C:\Windows\System\xJwPOec.exe
  C:\Windows\System\xJwPOec.exe
  2⤵
  PID:9288
- C:\Windows\System\CjRxcmT.exe
  C:\Windows\System\CjRxcmT.exe
  2⤵
  PID:9356
- C:\Windows\System\lYGnQev.exe
  C:\Windows\System\lYGnQev.exe
  2⤵
  PID:9436
- C:\Windows\System\QlxTEEK.exe
  C:\Windows\System\QlxTEEK.exe
  2⤵
  PID:9496
- C:\Windows\System\kHbHLDc.exe
  C:\Windows\System\kHbHLDc.exe
  2⤵
  PID:9484
- C:\Windows\System\mIWmgPX.exe
  C:\Windows\System\mIWmgPX.exe
  2⤵
  PID:9600
- C:\Windows\System\weeuqsf.exe
  C:\Windows\System\weeuqsf.exe
  2⤵
  PID:9584
- C:\Windows\System\XiHngRu.exe
  C:\Windows\System\XiHngRu.exe
  2⤵
  PID:9752
- C:\Windows\System\CNedHFx.exe
  C:\Windows\System\CNedHFx.exe
  2⤵
  PID:9768
- C:\Windows\System\hlBsSxL.exe
  C:\Windows\System\hlBsSxL.exe
  2⤵
  PID:9652
- C:\Windows\System\hwkirep.exe
  C:\Windows\System\hwkirep.exe
  2⤵
  PID:9864
- C:\Windows\System\LRwIUyZ.exe
  C:\Windows\System\LRwIUyZ.exe
  2⤵
  PID:9816
- C:\Windows\System\XMZauzO.exe
  C:\Windows\System\XMZauzO.exe
  2⤵
  PID:9900
- C:\Windows\System\rEEdDYc.exe
  C:\Windows\System\rEEdDYc.exe
  2⤵
  PID:9972
- C:\Windows\System\EtWXVRy.exe
  C:\Windows\System\EtWXVRy.exe
  2⤵
  PID:10016
- C:\Windows\System\ARHFNAg.exe
  C:\Windows\System\ARHFNAg.exe
  2⤵
  PID:9912
- C:\Windows\System\mfDyVJV.exe
  C:\Windows\System\mfDyVJV.exe
  2⤵
  PID:9952
- C:\Windows\System\gplFPMp.exe
  C:\Windows\System\gplFPMp.exe
  2⤵
  PID:9996
- C:\Windows\System\enWTwqD.exe
  C:\Windows\System\enWTwqD.exe
  2⤵
  PID:10060
- C:\Windows\System\dnlIAHK.exe
  C:\Windows\System\dnlIAHK.exe
  2⤵
  PID:10092
- C:\Windows\System\WpNJMXF.exe
  C:\Windows\System\WpNJMXF.exe
  2⤵
  PID:10168
- C:\Windows\System\LceLhPv.exe
  C:\Windows\System\LceLhPv.exe
  2⤵
  PID:10152
- C:\Windows\System\RqhWrfe.exe
  C:\Windows\System\RqhWrfe.exe
  2⤵
  PID:10176
- C:\Windows\System\fvuDwXD.exe
  C:\Windows\System\fvuDwXD.exe
  2⤵
  PID:10220
- C:\Windows\System\YxwBjoK.exe
  C:\Windows\System\YxwBjoK.exe
  2⤵
  PID:10232
- C:\Windows\System\SpVqlmI.exe
  C:\Windows\System\SpVqlmI.exe
  2⤵
  PID:9512
- C:\Windows\System\phnIdJy.exe
  C:\Windows\System\phnIdJy.exe
  2⤵
  PID:9336
- C:\Windows\System\tHXGwph.exe
  C:\Windows\System\tHXGwph.exe
  2⤵
  PID:9400
- C:\Windows\System\MUlwKWR.exe
  C:\Windows\System\MUlwKWR.exe
  2⤵
  PID:9272
- C:\Windows\System\endvpgC.exe
  C:\Windows\System\endvpgC.exe
  2⤵
  PID:9260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ABddxHS.exe

Filesize
6.0MB

MD5
62fb612559f9e7c709db64e441740b9e

SHA1
49c3a9faccf9653cd99a2f858288c7bc2e6857dd

SHA256
d270fa874daad62b829a0b78d32d0d27c04aee0e22c4cbb013e7265df62cc8e9

SHA512
96e5880c69b4eadfae00c97f83f5a667006cc19c06cd582f47bec052dbdef1e1f35e73e21e7d1f3bd234139b7a0d00084ff0a161472978faf7f14b62b22d2431

Download Submit
C:\Windows\system\CTDIvkE.exe

Filesize
6.0MB

MD5
e1d4dea5e13bb8a15aa370ab402de84a

SHA1
8152a8f92645e8b81fe30f68ff73203332d9a152

SHA256
3f8752ad6a1d615b04da06bdc4abe561d083e2aeddd39c1f39f316af920b74a5

SHA512
cf45086b23c056d446386eacec9ca55b17926d07e1f5a27651425378ff0faa7eb67f368b11a5c8440541a28fc9abedc17899c500a5c6a57edce9de8f5e968d11

Download Submit
C:\Windows\system\DPkDRKT.exe

Filesize
6.0MB

MD5
fa33fd6c7a096e8d262e64e8cb25c403

SHA1
3e156ca531d52636f3bcf912d46863ca007e8030

SHA256
012ad923c1f7adf2e1c6d2219a2879d04975d0107d23943392b9ce9184f163bf

SHA512
f45c45d6d0eda6de5758205940b022c6360c6e00e18c41fbe0903fea8aab592b430f6fafd99073b6a21af36263e05e4113bca358908b8f7a7b1a44f745cab791

Download Submit
C:\Windows\system\HFSrXpx.exe

Filesize
6.0MB

MD5
f467a7e46b2372afe765aa040b0d8f15

SHA1
d9fb3ef5e84756805ada50b1c7223ad410045fc4

SHA256
70b174478881cbe603fdc5738c85f5049880dc2886903f551d576a2ecb3981d2

SHA512
002de13d273a04b1205215b7a303b9f637650dd9ce35fe85d2afa6de133264205122a6742697cb663aff3d8847ead221931c2d3a4f0a4650167f851b04b02262

Download Submit
C:\Windows\system\IiTfFFr.exe

Filesize
6.0MB

MD5
68aee14008461a97bbf7f96c541077f5

SHA1
f7850a5a2f9ddc879f5d557f374257b5a71bec69

SHA256
66c386734e01d40ce763ff22b86f11abc690acd5d7fc99137ef9549f637efccb

SHA512
c2ae234f0c1d4152e24232ea198080c8a02c1619ef1c738cc9480ee98eb48e1e44124652fe1337299ea2ca5af61717076a54987736daec17386e2e7d988e4f1a

Download Submit
C:\Windows\system\JYzULNl.exe

Filesize
6.0MB

MD5
7b46fe91f8866f1a2881c31e38bce807

SHA1
004d68226dd52e1cc94736db7aae95255d7c83d5

SHA256
467175c9cc3816eec997e438cac26bc879fde33416b0a008ffdeb6452a43059b

SHA512
6fe24cb4aa002e4552b4d6b44496d0cad847cab8d76835aa77170e21e69ec67e3a2a1b14730e9978869b26ac65ebb6a7bb4d85aa453ecf14aee180459c9d33a2

Download Submit
C:\Windows\system\KNRjkqH.exe

Filesize
6.0MB

MD5
246ad0d178257facaa0353df655bd1d2

SHA1
17de977bc88bea61339db99fd04c5de1a6b95bbc

SHA256
2f74a267f36450b17546ddbb8a0deee6ba87273b4cb3b0e800be171beff17dd0

SHA512
d6fe886bda0ddf1983cda1e9352730e4aa3cea90939b64c72a74d651fdd7896a83aee6be35858b232537096a741593056f0d3358b81c990d4dddaf413b22d25a

Download Submit
C:\Windows\system\LTrLUrH.exe

Filesize
6.0MB

MD5
8c46e8be89e29cf4d00234f6901cc696

SHA1
71a3e827bba16749026894653bbe329895f2ddc4

SHA256
291495fa65cccffa55875d3c9eef6e1d3b63fd849a6ae7f1308a9469deea5e41

SHA512
2f60dc5dc90b0a8427b037c67ed358b01bc96c9d2bdb5e060758d762451fe5c4a6c500db23461356aa42a43eef4c16792c68a254c8e4e2497b5e8400bff578f9

Download Submit
C:\Windows\system\LqHhfsu.exe

Filesize
6.0MB

MD5
abff4257c2c482a27f9d6575cc734c20

SHA1
74a0dd39525a7a2f05cceb22b551619cfc6c4f93

SHA256
e1c0c3160b8141ec5f3acd62d900518cd8830db3d30c39daca5e52b06bcd0d9b

SHA512
af270690b0838abb7b2042ea35149b08275c8492b5bf866af0f26257c6afe5538f4eb127fcac6461aa357ee7901d0bbb7164694c061e7bc593bbb9ef8ea3378a

Download Submit
C:\Windows\system\NwLjUAj.exe

Filesize
6.0MB

MD5
01510ca890e5c63f7ebb6a8a7b904aa1

SHA1
77e4acff8b3431855d5ae23696510be422ae99bf

SHA256
9f3549339759e8240133d2423ac8cd84aedc419beeede3b0d4a608b79e17fef8

SHA512
740ab92f46506a38ef9875fb729a11e739120f3e3e9100fdeac1ebf64c91df4d5bcb2d54f4395f130d7c23fbba5a0d2a2a645bb5012ef227d25125f8ab33761f

Download Submit
C:\Windows\system\QVYrncE.exe

Filesize
6.0MB

MD5
2bb2832ab3740a293994ac56122bb902

SHA1
8d7c9f222574267bf5fbf9e3083ee8146759c63d

SHA256
8388d4f2899b76cf2b132d7710f718e8ba2a86b72307c20109e5e371cc5c25ed

SHA512
62ad67c37fa66c3c7268caaf51e01e7d95dee0a88fc74f30b639d47ffcf90b8c10bf63483e30b6cf887275da644eaf76083cd98b5993193042026af59faf3e22

Download Submit
C:\Windows\system\QijMSTm.exe

Filesize
6.0MB

MD5
75df5d1248cce31a46066bf3974c0dd4

SHA1
fe89ece249ecc0e0446c9771df79af3f11bca1ba

SHA256
f0d8cfce923852c176225a4a0243bae5cbe483a4da21b0c42c2828e1e91708a2

SHA512
db50ecc832ddec6b30b3c146586401073989e88f26fda5c08de54468abacf4af86486f1e3670df3384b2d8d4039fa8e960895def3f145db3d58f145737720a15

Download Submit
C:\Windows\system\UBQICcg.exe

Filesize
6.0MB

MD5
7e3fab935935a9bd41944ec909c35555

SHA1
b05e1f199e702ae31d401e1b5c72edd35ccf4ff5

SHA256
bbf981aae708834dffd6c5c472718bfe0a12950634502ac4fe0e855573ca7dd1

SHA512
dd3637c5db5d810621a7b2477f38f81127e62050f8b07f835f458d014c280847df5be7af3767a01f882697e4d7923d6892511b2b6fb6bfddf0055065cf85a14b

Download Submit
C:\Windows\system\WPkHoDk.exe

Filesize
6.0MB

MD5
495690ba203cbfea316e1688818918d6

SHA1
c165152b711446495c52a1a75184270c29affad5

SHA256
2d13ceeeb75c7fefbd6c5d8d8c7666b9264b6ef6c5c72a3ea94309908e18cad7

SHA512
89e9758692af200290c1c2d019bcde8b9c608ccd2625c319b1625eabdb2ecb6c5a5c388abd398211a8d6d7c82693720d21fa722a59a1fcebe3df3c39a9052c0e

Download Submit
C:\Windows\system\WSWVeDq.exe

Filesize
6.0MB

MD5
f3ed89259bcb4ed183e78f0ed486c8cb

SHA1
47f22c3811e87544d5b60cd2cb8eadf050d6a438

SHA256
d4f7029dd43b7d033f3cb594eb3ccaf36c501a5992f19f19c5f336d0658a97f9

SHA512
1a4a6075fd268f57fe9e835ef6be7e20c413c79797999c1dbaf08bf4794a1965d9627264241098388cf741833551460bc32d2c8c4fe16bda3d7d709512fdbb4a

Download Submit
C:\Windows\system\YhcQODr.exe

Filesize
6.0MB

MD5
6fa0705afa112e16bb392052b0e70dcc

SHA1
bed8f52edb3bd42b6b56c85c81093b1cb46b83c6

SHA256
6f259d70579f2eb28cef60dac15b97349a933aef0a01a1e49737c754d93becdd

SHA512
649e1954a7a4cd09030e530e598bea33d3f0bcd25a141604f26edfc592907fbb0a78dfb08bfb992033e0e6da39f520a7153723ef0eb170ef46a32909779063a0

Download Submit
C:\Windows\system\bRlodYA.exe

Filesize
6.0MB

MD5
ebda315e0f36e15fb30c213092413032

SHA1
e0be62d7a7566b3ec1655631ad515e2fe2c492ef

SHA256
5a67bf142cc938cb5421833f5244df36e3f0d2d88ff1d60da9eee8200d81575b

SHA512
509642569e0b0f68e4851a04f5824204d080ddca5254322ce7311d8dd1e518ef051c9b8bd61bacf6dedafa08aabd7a9a294e22dd1322c1d27f7fd1710d4c9818

Download Submit
C:\Windows\system\bzUqcOv.exe

Filesize
6.0MB

MD5
106dee72d6586997fe94db4ab7a0ca36

SHA1
05cfffba69ff4d5d908475547f8884307c4532cd

SHA256
0cc318b0bfb0d3cc0b660ce56a169bf50a5ecfd0ed4207e562f0878915ca47be

SHA512
60aa1c3013ed676b81001d8a16c7c47fdc0b7f479ca69ae06c082c6f4463bde7ca26691409242e2549f8d965b02b71b2593b4bc41b8ec94ad982f404ffe91cfa

Download Submit
C:\Windows\system\djofYcd.exe

Filesize
6.0MB

MD5
b0e912b6401a4af6280a8fa87d55189e

SHA1
e96a69d5a8ba72fb9449cf9f994b265cce53cf74

SHA256
263707726f1e49e681fff29199a17b33b955f1706c66e5b97f7ad8580c5935c3

SHA512
c4d5fc137f7768b43f02a98b6dfb95aab4a1b0590292f6739b34234ea3c34aaad3a9e25d1001f58c7c41ee9f3c2929e5d7490d8bfe7b1177782a308e74d620b6

Download Submit
C:\Windows\system\gXUIIfM.exe

Filesize
6.0MB

MD5
a14f325cfcf0b5f11d26052bb05e8b37

SHA1
d5082c58095432cfbd194d1f1088695933890e9d

SHA256
5ee387ba353732b31b1b7bb3b375f1d8e898d76e106f277180a43a74f272c914

SHA512
92da01822c4bea12e4910209c20d520683d5b6034220c43103ca6f9fc459b008b6617825c15299f8721f90f4c6e8ba7c5636613f1cf130139afa2db4abbe4d47

Download Submit
C:\Windows\system\kfqNyQJ.exe

Filesize
6.0MB

MD5
f515eb280e8508145a7a8d47abba2695

SHA1
242c732bad97d16c0b39ef6ab6706b830910df0d

SHA256
69a9613a6e9991e9159cf428c7f9908d9af6f6ed802fff70aca01e2051f0bb4f

SHA512
08ce312b4f37f57bc654d1de67323ec06eca7040178c6c98485af7c6255911f8265ed16bbccfd6ec47befc8a93f9332382c9525b180fcbb9ebf8302dda98873f

Download Submit
C:\Windows\system\kuAMZVM.exe

Filesize
6.0MB

MD5
828747ce4c1c75f98bd663a1c73ef8a4

SHA1
f4d7ce0eac47d27966b54bbf286e9f941466f06a

SHA256
c555332d4146fbd74a872b9486cb5dafab0d8e1cba243de0e0b559a42eed6d48

SHA512
434e94de43c963e45a481e2ad8426d1750bd9f07ab853aa1d4181c9cfa078be8901778aa176d6cd29b915418b68e2fffcf9b077e7f096c25511dfc703271a5e2

Download Submit
C:\Windows\system\nwqGini.exe

Filesize
6.0MB

MD5
83840820f41e611b89ec31ef0c99bc63

SHA1
38568de1580cc877c491d607b39f99fcd0e532fa

SHA256
536cd2175e23c69967bedb796f24170509abedb06fbb1107f33166dfe1a2dc90

SHA512
8fa67acfd718e51f24a3d96fc51ca61e3771f412dc8ceb379a6bba15c54985f52a44892522cbdeb6f8a7e180bd65824ba7b77931a69e0b04612c83ad0c39b35d

Download Submit
C:\Windows\system\pDlnuLp.exe

Filesize
6.0MB

MD5
b7dbe3e5795d1afea1a553198d2e7b9e

SHA1
7b9b021322bb3ee4adbdbe0cfad8d06be658e0b2

SHA256
a3710044d9035671c1af68092badfd0a9c92431bda337329d37595eca8cfe334

SHA512
76170f6572a6cdac13dd75a853f46019a9bda6758ec05520675d9f7dd63fb90b58a8dd39c8dc4ba2e2b456d61747f44b88276aa2a87a0d11edc365069f24476f

Download Submit
C:\Windows\system\qAuVwwq.exe

Filesize
6.0MB

MD5
114d730334dfefcd55c8369a4a04943c

SHA1
d2a9c710e5d6b2b1fd6f0f7eb4dd5a952a67ad7e

SHA256
2d6e87529e383b472667311886a422fcbf37c0f5169b155675936e803deb0c89

SHA512
410968dcf34944a4c6c0ffc6126a56b6adad19ebb65345c160af1b0925efcd0e713f37720b3bb650352eca9614d8124f316aac150c94896b91f6138f2e115bf2

Download Submit
C:\Windows\system\swFiEEz.exe

Filesize
6.0MB

MD5
a5f0653ebb5ce0f42c80b3b9df0c5050

SHA1
1640d8f8da8cc25e53be4da411725dcf2e00a525

SHA256
44d63c7b9d980945ccd913b6aca62098160fa0c9cfd6668a0d826091ff143cd5

SHA512
aa38ba7fe1bc370030ef4b71095413a4b963eaa8127ac9665e7afd30c95e012a1cd75ae02dd163fdcd1987f17acd97584961425e39317bbaa48126a7655d569a

Download Submit
C:\Windows\system\woYKMlB.exe

Filesize
6.0MB

MD5
17be553f5c5f57e9798a258ce0b2de59

SHA1
afb84abde21590f4e8f0437cfd0496df9ab1a676

SHA256
4faf1d00655466a4b1412f1bf093661687be12182c60fac496606891c883e9be

SHA512
c6660a6d830c41555ca6ba44d936e3469bb244f75d1bfbeb636b28fc25b80fbbad8d462498b50dd373b7b15c3dfada34dd780f847a6344a8cca66b7ec5b90037

Download Submit
\Windows\system\NAgPUVe.exe

Filesize
6.0MB

MD5
9b4554f7f9b89df321d7f375ae615150

SHA1
8ecdb0c3c5d4664a7847e78f9aebb0c5cd59703c

SHA256
1e51608e23dc8db16db33f6c559b5cd21c8c174c3a7bb94d759a19d9f90bb6c0

SHA512
934dedbb45dcbe493e594bc03c7173e630d5c35ec568cc8e05e2052f74f3ce9d29f1d894af4728a8fd632556063b67c592fd65030d3432031a1f72e294cebc8b

Download Submit
\Windows\system\SKfmvMA.exe

Filesize
6.0MB

MD5
9c258785a45aa6f2caa41ab1fd8971b0

SHA1
f5cb4839ea79437b6eac6048439738ef0630588a

SHA256
90ff94657630b07116e5b594c295149d3d69c6bcacbcd2395fdc390a4e516653

SHA512
17d1c046ca2060fb3f0a7b632f6df2e69ed39b17bd799c7ac5d920026d504837ffb8688115b61ec38cf32016e39084cd459c1a917f7af95a1f861b6c6880af6b

Download Submit
\Windows\system\TRpOhjc.exe

Filesize
6.0MB

MD5
c2eb132172fc295cae78320f94816e37

SHA1
805289fa8fba02a6b3a48c0b5b4a149b7cd9fad4

SHA256
c462157f08566921a378bad2fc0397dd3bf4076e25630fda316bd87fb538fec4

SHA512
756c0ea781f2fd32d3318bd1923b4b4749e382921e51a2d7d49b029a87f3db99340c7758c8c9216a53e0a2b1865b61a131f13a9a229b2149320b2dc3abc8e58f

Download Submit
\Windows\system\UtCSLRZ.exe

Filesize
6.0MB

MD5
9a285960923c60491149c83352403477

SHA1
510880bb26ad2298b643689ee5cf5411a25d880a

SHA256
510e57b3402bb1e1cce3ab2255476798e0e0a0cadfa00d59f33ae7b707a5f956

SHA512
8120253d0dd6ae27b0b8cd82780c1a959dcbf9700124bf739174ece312c9aa65f8370941c04ec74db456c91561f02da6e4689e7f1a506805a3803cfa699f5c1f

Download Submit
\Windows\system\gtBFtnb.exe

Filesize
6.0MB

MD5
f52c20fae3466bd9c586e4b12253f301

SHA1
2fde6dd76bd88f15fd8cebee98c14b4c6be0cb79

SHA256
86721fb3c3b2fea9c94d4a3efab8e50f1d2f9f20a02d5b3e324c49799b986e3b

SHA512
4de5f420ab8613e0766fd4da262262d3699d1e53a0c7004d06c49da5a582776c671c11614c88bd181184c40222cd0696f95aa3c78fe233f1e638b45393b92fb2

Download Submit
memory/1400-1657-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/1400-0-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/1400-3887-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/1400-1919-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/1400-17-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/1400-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1400-23-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/1400-1788-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/1436-3890-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2032-3888-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2384-3853-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2408-3869-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-3868-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2556-2344-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2556-3894-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2572-1785-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-3895-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-3855-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-1917-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-3889-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2620-3797-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3796-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3721-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3724-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2796-1654-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3953-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-18-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download