cobaltstrike | b22a155851f4bdd68bd18909b23918baea866fc01586743bf070ab5e704b5003

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-02-2025 06:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b7454815cfd36b26ac0a940ebf3ccbd0
SHA1

a1eee6ce6f2f69eb2bb052a0ded70f7b5d7d421a
SHA256

b22a155851f4bdd68bd18909b23918baea866fc01586743bf070ab5e704b5003
SHA512

c96c610ca30e428a2b66599e8bdbfa107513d9e39e621b3be1d55b72471cec5478236b3165b106c87361aad6caeb5eb38e9923c073b03b6bbdb5e4f97dc9defd
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUX:T+q56utgpPF8u/7X

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00090000000120f1-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016fdf-8.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000171a8-15.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173a9-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017492-26.dat	cobalt_reflective_dll
behavioral1/files/0x000e000000018676-36.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000186e4-40.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-45.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-50.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950c-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019582-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-55.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174cc-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 52 IoCs

miner

resource	yara_rule
behavioral1/memory/2572-0-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/files/0x00090000000120f1-6.dat	xmrig
behavioral1/files/0x0008000000016fdf-8.dat	xmrig
behavioral1/files/0x00080000000171a8-15.dat	xmrig
behavioral1/files/0x00080000000173a9-18.dat	xmrig
behavioral1/files/0x0007000000017492-26.dat	xmrig
behavioral1/files/0x000e000000018676-36.dat	xmrig
behavioral1/files/0x00080000000186e4-40.dat	xmrig
behavioral1/files/0x0005000000019350-45.dat	xmrig
behavioral1/files/0x00050000000193b4-50.dat	xmrig
behavioral1/files/0x00050000000193e1-60.dat	xmrig
behavioral1/files/0x000500000001941e-65.dat	xmrig
behavioral1/files/0x000500000001950c-95.dat	xmrig
behavioral1/files/0x0005000000019609-111.dat	xmrig
behavioral1/files/0x000500000001961d-156.dat	xmrig
behavioral1/files/0x0005000000019619-147.dat	xmrig
behavioral1/files/0x000500000001961f-161.dat	xmrig
behavioral1/files/0x0005000000019615-135.dat	xmrig
behavioral1/files/0x0005000000019611-128.dat	xmrig
behavioral1/files/0x000500000001961b-152.dat	xmrig
behavioral1/files/0x0005000000019617-141.dat	xmrig
behavioral1/files/0x000500000001960d-121.dat	xmrig
behavioral1/files/0x0005000000019613-133.dat	xmrig
behavioral1/files/0x000500000001960f-125.dat	xmrig
behavioral1/files/0x000500000001960b-115.dat	xmrig
behavioral1/files/0x00050000000195c5-105.dat	xmrig
behavioral1/files/0x0005000000019582-100.dat	xmrig
behavioral1/files/0x0005000000019461-90.dat	xmrig
behavioral1/files/0x000500000001944f-85.dat	xmrig
behavioral1/files/0x0005000000019441-80.dat	xmrig
behavioral1/files/0x0005000000019431-75.dat	xmrig
behavioral1/files/0x0005000000019427-70.dat	xmrig
behavioral1/files/0x00050000000193c2-55.dat	xmrig
behavioral1/files/0x00070000000174cc-30.dat	xmrig
behavioral1/memory/1412-2125-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2800-2174-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/1908-2255-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2800-3893-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2640-3894-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2004-3898-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/1412-3897-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2632-3896-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2804-3895-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2116-3900-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2892-3901-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2748-3902-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2716-3906-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2860-3905-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2900-3961-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2908-3980-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2572-4076-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/1908-3907-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2004	rQgKDye.exe
1412	dacXpRY.exe
2800	CllZvbS.exe
1908	hVCDrYs.exe
2860	UriHHHX.exe
2908	PWkIkCk.exe
2716	SqLUKbL.exe
2900	lVStzzA.exe
2804	eGJGJHE.exe
2640	ENwuEgj.exe
2748	BPmSuNM.exe
2892	RqIeYKl.exe
2632	eIqeDzD.exe
2116	WqyLane.exe
1928	HoEMqtl.exe
2156	UaSEUQU.exe
2928	oIvNtzL.exe
2952	vBnAXJi.exe
2680	KEoGuHV.exe
2828	GjQmfMU.exe
2968	sqZHqaz.exe
1676	ONUMAob.exe
1556	VBIOHll.exe
1612	gxfYvSG.exe
1056	moYeTbv.exe
308	UAzKknR.exe
1756	oZyVckI.exe
2508	nPozQhZ.exe
2084	ifcuMJa.exe
1496	BrLdeAz.exe
404	JBNZGYl.exe
2060	jePSBTj.exe
2176	DggaQms.exe
1956	gCZmJfm.exe
1752	PKnOnrg.exe
1332	KQJqvCa.exe
1596	hZfTqgi.exe
612	QwyQzGU.exe
268	qNkCbbI.exe
1768	XGPZVlr.exe
2044	WfUTRrV.exe
1724	OtfBCbg.exe
900	frmCoMc.exe
2484	UzBmwan.exe
2448	qseugLE.exe
1244	XUsbzhi.exe
2148	QuxhNCu.exe
2452	AqqMziM.exe
2712	VygRqed.exe
2856	bTPqjoS.exe
2432	vwWajal.exe
1984	FZFvKvK.exe
1740	DKizzhV.exe
2340	dSjZdOH.exe
1616	ycJYZyS.exe
1580	SqzRdTT.exe
2016	UYRWJUf.exe
2276	JltqwQN.exe
2380	IqSCRbv.exe
2180	HNtlvAX.exe
2752	yTsDcMm.exe
1932	zuAigBV.exe
2096	VxOHniz.exe
2036	TgcrTzu.exe

Loads dropped DLL 64 IoCs

pid	Process
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 52 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2572-0-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/files/0x00090000000120f1-6.dat	upx
behavioral1/files/0x0008000000016fdf-8.dat	upx
behavioral1/files/0x00080000000171a8-15.dat	upx
behavioral1/files/0x00080000000173a9-18.dat	upx
behavioral1/files/0x0007000000017492-26.dat	upx
behavioral1/files/0x000e000000018676-36.dat	upx
behavioral1/files/0x00080000000186e4-40.dat	upx
behavioral1/files/0x0005000000019350-45.dat	upx
behavioral1/files/0x00050000000193b4-50.dat	upx
behavioral1/files/0x00050000000193e1-60.dat	upx
behavioral1/files/0x000500000001941e-65.dat	upx
behavioral1/files/0x000500000001950c-95.dat	upx
behavioral1/files/0x0005000000019609-111.dat	upx
behavioral1/files/0x000500000001961d-156.dat	upx
behavioral1/files/0x0005000000019619-147.dat	upx
behavioral1/files/0x000500000001961f-161.dat	upx
behavioral1/files/0x0005000000019615-135.dat	upx
behavioral1/files/0x0005000000019611-128.dat	upx
behavioral1/files/0x000500000001961b-152.dat	upx
behavioral1/files/0x0005000000019617-141.dat	upx
behavioral1/files/0x000500000001960d-121.dat	upx
behavioral1/files/0x0005000000019613-133.dat	upx
behavioral1/files/0x000500000001960f-125.dat	upx
behavioral1/files/0x000500000001960b-115.dat	upx
behavioral1/files/0x00050000000195c5-105.dat	upx
behavioral1/files/0x0005000000019582-100.dat	upx
behavioral1/files/0x0005000000019461-90.dat	upx
behavioral1/files/0x000500000001944f-85.dat	upx
behavioral1/files/0x0005000000019441-80.dat	upx
behavioral1/files/0x0005000000019431-75.dat	upx
behavioral1/files/0x0005000000019427-70.dat	upx
behavioral1/files/0x00050000000193c2-55.dat	upx
behavioral1/files/0x00070000000174cc-30.dat	upx
behavioral1/memory/1412-2125-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2800-2174-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/1908-2255-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2800-3893-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2640-3894-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2004-3898-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/1412-3897-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2632-3896-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2804-3895-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2116-3900-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2892-3901-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2748-3902-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2716-3906-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2860-3905-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2900-3961-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2908-3980-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2572-4076-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/1908-3907-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VMMcNpT.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hDdyRWL.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qmlwUsK.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgPLHjT.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YdLRwFC.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZCXvyR.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JoKYXyq.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jTYJDaV.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\onlxgtF.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kBlpspx.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbwAbnr.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Xxgaofi.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fHAGAad.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ONUMAob.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVdKbUg.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TaKKCCo.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tgCeOHd.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mZaEYRT.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SNLBGij.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaSEUQU.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FapHHuc.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JDgvvND.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KqpYiff.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVITWYO.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\grUjVur.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RtKCVTy.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QXXkQdq.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RvQKDUk.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qXoLQIe.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LffJYPz.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NphMktf.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NAoUqDW.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ixmBQCq.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hqfLkZE.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWFLVxs.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PkQqbUd.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jcENUGP.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hfZtGhV.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Wzmtlbh.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WcOyRcB.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JaPVhoE.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WhxceQB.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tAopyEO.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYwWyZc.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hGkLoMA.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LoQoiIU.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMBfXeV.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxpYHgd.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SKYlpId.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkqBZBx.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GrFErGk.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eIgPoTU.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wDMKAlL.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YKVssed.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZhGnIED.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oIvNtzL.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JrlSvXU.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vZGsxHf.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dLflWEt.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WHQUINk.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJbIPgI.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xQermjc.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sonnCXC.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AEvtGaZ.exe	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 2004	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2572 wrote to memory of 2004	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2572 wrote to memory of 2004	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2572 wrote to memory of 1412	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2572 wrote to memory of 1412	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2572 wrote to memory of 1412	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2572 wrote to memory of 2800	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2572 wrote to memory of 2800	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2572 wrote to memory of 2800	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2572 wrote to memory of 1908	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2572 wrote to memory of 1908	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2572 wrote to memory of 1908	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2572 wrote to memory of 2860	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2572 wrote to memory of 2860	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2572 wrote to memory of 2860	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2572 wrote to memory of 2908	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2572 wrote to memory of 2908	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2572 wrote to memory of 2908	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2572 wrote to memory of 2716	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2572 wrote to memory of 2716	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2572 wrote to memory of 2716	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2572 wrote to memory of 2900	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2572 wrote to memory of 2900	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2572 wrote to memory of 2900	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2572 wrote to memory of 2804	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2572 wrote to memory of 2804	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2572 wrote to memory of 2804	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2572 wrote to memory of 2640	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2572 wrote to memory of 2640	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2572 wrote to memory of 2640	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2572 wrote to memory of 2748	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2572 wrote to memory of 2748	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2572 wrote to memory of 2748	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2572 wrote to memory of 2892	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2572 wrote to memory of 2892	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2572 wrote to memory of 2892	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2572 wrote to memory of 2632	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2572 wrote to memory of 2632	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2572 wrote to memory of 2632	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2572 wrote to memory of 2116	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2572 wrote to memory of 2116	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2572 wrote to memory of 2116	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2572 wrote to memory of 1928	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2572 wrote to memory of 1928	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2572 wrote to memory of 1928	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2572 wrote to memory of 2156	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2572 wrote to memory of 2156	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2572 wrote to memory of 2156	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2572 wrote to memory of 2928	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2572 wrote to memory of 2928	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2572 wrote to memory of 2928	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2572 wrote to memory of 2952	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2572 wrote to memory of 2952	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2572 wrote to memory of 2952	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2572 wrote to memory of 2680	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2572 wrote to memory of 2680	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2572 wrote to memory of 2680	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2572 wrote to memory of 2828	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2572 wrote to memory of 2828	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2572 wrote to memory of 2828	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2572 wrote to memory of 2968	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2572 wrote to memory of 2968	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2572 wrote to memory of 2968	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2572 wrote to memory of 1676	2572	2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-02_b7454815cfd36b26ac0a940ebf3ccbd0_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Windows\System\rQgKDye.exe
  C:\Windows\System\rQgKDye.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\dacXpRY.exe
  C:\Windows\System\dacXpRY.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\CllZvbS.exe
  C:\Windows\System\CllZvbS.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\hVCDrYs.exe
  C:\Windows\System\hVCDrYs.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\UriHHHX.exe
  C:\Windows\System\UriHHHX.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\PWkIkCk.exe
  C:\Windows\System\PWkIkCk.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\SqLUKbL.exe
  C:\Windows\System\SqLUKbL.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\lVStzzA.exe
  C:\Windows\System\lVStzzA.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\eGJGJHE.exe
  C:\Windows\System\eGJGJHE.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\ENwuEgj.exe
  C:\Windows\System\ENwuEgj.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\BPmSuNM.exe
  C:\Windows\System\BPmSuNM.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\RqIeYKl.exe
  C:\Windows\System\RqIeYKl.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\eIqeDzD.exe
  C:\Windows\System\eIqeDzD.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\WqyLane.exe
  C:\Windows\System\WqyLane.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\HoEMqtl.exe
  C:\Windows\System\HoEMqtl.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\UaSEUQU.exe
  C:\Windows\System\UaSEUQU.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\oIvNtzL.exe
  C:\Windows\System\oIvNtzL.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\vBnAXJi.exe
  C:\Windows\System\vBnAXJi.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\KEoGuHV.exe
  C:\Windows\System\KEoGuHV.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\GjQmfMU.exe
  C:\Windows\System\GjQmfMU.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\sqZHqaz.exe
  C:\Windows\System\sqZHqaz.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\ONUMAob.exe
  C:\Windows\System\ONUMAob.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\VBIOHll.exe
  C:\Windows\System\VBIOHll.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\gxfYvSG.exe
  C:\Windows\System\gxfYvSG.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\moYeTbv.exe
  C:\Windows\System\moYeTbv.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\nPozQhZ.exe
  C:\Windows\System\nPozQhZ.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\UAzKknR.exe
  C:\Windows\System\UAzKknR.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\ifcuMJa.exe
  C:\Windows\System\ifcuMJa.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\oZyVckI.exe
  C:\Windows\System\oZyVckI.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\jePSBTj.exe
  C:\Windows\System\jePSBTj.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\BrLdeAz.exe
  C:\Windows\System\BrLdeAz.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\DggaQms.exe
  C:\Windows\System\DggaQms.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\JBNZGYl.exe
  C:\Windows\System\JBNZGYl.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\KQJqvCa.exe
  C:\Windows\System\KQJqvCa.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\gCZmJfm.exe
  C:\Windows\System\gCZmJfm.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\hZfTqgi.exe
  C:\Windows\System\hZfTqgi.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\PKnOnrg.exe
  C:\Windows\System\PKnOnrg.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\QwyQzGU.exe
  C:\Windows\System\QwyQzGU.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\qNkCbbI.exe
  C:\Windows\System\qNkCbbI.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\XGPZVlr.exe
  C:\Windows\System\XGPZVlr.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\WfUTRrV.exe
  C:\Windows\System\WfUTRrV.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\OtfBCbg.exe
  C:\Windows\System\OtfBCbg.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\frmCoMc.exe
  C:\Windows\System\frmCoMc.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\UzBmwan.exe
  C:\Windows\System\UzBmwan.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\qseugLE.exe
  C:\Windows\System\qseugLE.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\XUsbzhi.exe
  C:\Windows\System\XUsbzhi.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\QuxhNCu.exe
  C:\Windows\System\QuxhNCu.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\AqqMziM.exe
  C:\Windows\System\AqqMziM.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\VygRqed.exe
  C:\Windows\System\VygRqed.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\vwWajal.exe
  C:\Windows\System\vwWajal.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\bTPqjoS.exe
  C:\Windows\System\bTPqjoS.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\FZFvKvK.exe
  C:\Windows\System\FZFvKvK.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\DKizzhV.exe
  C:\Windows\System\DKizzhV.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\ycJYZyS.exe
  C:\Windows\System\ycJYZyS.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\dSjZdOH.exe
  C:\Windows\System\dSjZdOH.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\JltqwQN.exe
  C:\Windows\System\JltqwQN.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\SqzRdTT.exe
  C:\Windows\System\SqzRdTT.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\IqSCRbv.exe
  C:\Windows\System\IqSCRbv.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\UYRWJUf.exe
  C:\Windows\System\UYRWJUf.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\HNtlvAX.exe
  C:\Windows\System\HNtlvAX.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\yTsDcMm.exe
  C:\Windows\System\yTsDcMm.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\VxOHniz.exe
  C:\Windows\System\VxOHniz.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\zuAigBV.exe
  C:\Windows\System\zuAigBV.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\TgcrTzu.exe
  C:\Windows\System\TgcrTzu.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\xpTijhd.exe
  C:\Windows\System\xpTijhd.exe
  2⤵
  PID:2616
- C:\Windows\System\NEIzfAT.exe
  C:\Windows\System\NEIzfAT.exe
  2⤵
  PID:2684
- C:\Windows\System\HiPROck.exe
  C:\Windows\System\HiPROck.exe
  2⤵
  PID:2516
- C:\Windows\System\PsQFwTu.exe
  C:\Windows\System\PsQFwTu.exe
  2⤵
  PID:2672
- C:\Windows\System\bfkQZGp.exe
  C:\Windows\System\bfkQZGp.exe
  2⤵
  PID:2948
- C:\Windows\System\HBEJQNe.exe
  C:\Windows\System\HBEJQNe.exe
  2⤵
  PID:2700
- C:\Windows\System\SKYlpId.exe
  C:\Windows\System\SKYlpId.exe
  2⤵
  PID:2316
- C:\Windows\System\GuiQLVl.exe
  C:\Windows\System\GuiQLVl.exe
  2⤵
  PID:2972
- C:\Windows\System\uVdKbUg.exe
  C:\Windows\System\uVdKbUg.exe
  2⤵
  PID:704
- C:\Windows\System\nkQOUcA.exe
  C:\Windows\System\nkQOUcA.exe
  2⤵
  PID:2708
- C:\Windows\System\mhCOQWN.exe
  C:\Windows\System\mhCOQWN.exe
  2⤵
  PID:352
- C:\Windows\System\GHBeByJ.exe
  C:\Windows\System\GHBeByJ.exe
  2⤵
  PID:1920
- C:\Windows\System\YDEmchv.exe
  C:\Windows\System\YDEmchv.exe
  2⤵
  PID:1516
- C:\Windows\System\rrTxDjI.exe
  C:\Windows\System\rrTxDjI.exe
  2⤵
  PID:2320
- C:\Windows\System\jRtysmJ.exe
  C:\Windows\System\jRtysmJ.exe
  2⤵
  PID:1744
- C:\Windows\System\buphOBi.exe
  C:\Windows\System\buphOBi.exe
  2⤵
  PID:2028
- C:\Windows\System\FWgZgep.exe
  C:\Windows\System\FWgZgep.exe
  2⤵
  PID:1492
- C:\Windows\System\zSxqQyr.exe
  C:\Windows\System\zSxqQyr.exe
  2⤵
  PID:1668
- C:\Windows\System\gLaJhkn.exe
  C:\Windows\System\gLaJhkn.exe
  2⤵
  PID:880
- C:\Windows\System\MuiYhtX.exe
  C:\Windows\System\MuiYhtX.exe
  2⤵
  PID:1528
- C:\Windows\System\FtZxzGC.exe
  C:\Windows\System\FtZxzGC.exe
  2⤵
  PID:2456
- C:\Windows\System\NtlcbHA.exe
  C:\Windows\System\NtlcbHA.exe
  2⤵
  PID:1444
- C:\Windows\System\obwraDn.exe
  C:\Windows\System\obwraDn.exe
  2⤵
  PID:1992
- C:\Windows\System\oghEvbW.exe
  C:\Windows\System\oghEvbW.exe
  2⤵
  PID:2224
- C:\Windows\System\qafuBtO.exe
  C:\Windows\System\qafuBtO.exe
  2⤵
  PID:692
- C:\Windows\System\pebqMMm.exe
  C:\Windows\System\pebqMMm.exe
  2⤵
  PID:2332
- C:\Windows\System\EGOYbjS.exe
  C:\Windows\System\EGOYbjS.exe
  2⤵
  PID:1584
- C:\Windows\System\anMqVem.exe
  C:\Windows\System\anMqVem.exe
  2⤵
  PID:2460
- C:\Windows\System\YBCjcwv.exe
  C:\Windows\System\YBCjcwv.exe
  2⤵
  PID:2420
- C:\Windows\System\HoRlyrY.exe
  C:\Windows\System\HoRlyrY.exe
  2⤵
  PID:2280
- C:\Windows\System\vgZGUQd.exe
  C:\Windows\System\vgZGUQd.exe
  2⤵
  PID:2732
- C:\Windows\System\LpQYYMI.exe
  C:\Windows\System\LpQYYMI.exe
  2⤵
  PID:2940
- C:\Windows\System\DuxWnoP.exe
  C:\Windows\System\DuxWnoP.exe
  2⤵
  PID:2768
- C:\Windows\System\qLbLhzR.exe
  C:\Windows\System\qLbLhzR.exe
  2⤵
  PID:2164
- C:\Windows\System\RQunoKn.exe
  C:\Windows\System\RQunoKn.exe
  2⤵
  PID:1592
- C:\Windows\System\xEmEbgo.exe
  C:\Windows\System\xEmEbgo.exe
  2⤵
  PID:464
- C:\Windows\System\wdFOgZf.exe
  C:\Windows\System\wdFOgZf.exe
  2⤵
  PID:1624
- C:\Windows\System\jDXMzGa.exe
  C:\Windows\System\jDXMzGa.exe
  2⤵
  PID:1340
- C:\Windows\System\PbgRjjm.exe
  C:\Windows\System\PbgRjjm.exe
  2⤵
  PID:1140
- C:\Windows\System\srBlmxD.exe
  C:\Windows\System\srBlmxD.exe
  2⤵
  PID:2564
- C:\Windows\System\YgTNlPN.exe
  C:\Windows\System\YgTNlPN.exe
  2⤵
  PID:2596
- C:\Windows\System\uuzhNXb.exe
  C:\Windows\System\uuzhNXb.exe
  2⤵
  PID:1068
- C:\Windows\System\CQLxulP.exe
  C:\Windows\System\CQLxulP.exe
  2⤵
  PID:1540
- C:\Windows\System\tuBUfVT.exe
  C:\Windows\System\tuBUfVT.exe
  2⤵
  PID:2500
- C:\Windows\System\XxHjarE.exe
  C:\Windows\System\XxHjarE.exe
  2⤵
  PID:2204
- C:\Windows\System\lubfqoU.exe
  C:\Windows\System\lubfqoU.exe
  2⤵
  PID:1156
- C:\Windows\System\uanAzHA.exe
  C:\Windows\System\uanAzHA.exe
  2⤵
  PID:884
- C:\Windows\System\oUeMUzU.exe
  C:\Windows\System\oUeMUzU.exe
  2⤵
  PID:2936
- C:\Windows\System\BkqBZBx.exe
  C:\Windows\System\BkqBZBx.exe
  2⤵
  PID:2848
- C:\Windows\System\OpiEJRV.exe
  C:\Windows\System\OpiEJRV.exe
  2⤵
  PID:2872
- C:\Windows\System\dOVXgPY.exe
  C:\Windows\System\dOVXgPY.exe
  2⤵
  PID:2836
- C:\Windows\System\iLMpQwD.exe
  C:\Windows\System\iLMpQwD.exe
  2⤵
  PID:3008
- C:\Windows\System\mnusisq.exe
  C:\Windows\System\mnusisq.exe
  2⤵
  PID:1904
- C:\Windows\System\jsUIsxR.exe
  C:\Windows\System\jsUIsxR.exe
  2⤵
  PID:1816
- C:\Windows\System\NmmNpXo.exe
  C:\Windows\System\NmmNpXo.exe
  2⤵
  PID:3100
- C:\Windows\System\xSeYIWs.exe
  C:\Windows\System\xSeYIWs.exe
  2⤵
  PID:3116
- C:\Windows\System\yUBrufG.exe
  C:\Windows\System\yUBrufG.exe
  2⤵
  PID:3136
- C:\Windows\System\kgFNoxV.exe
  C:\Windows\System\kgFNoxV.exe
  2⤵
  PID:3156
- C:\Windows\System\HxpYHgd.exe
  C:\Windows\System\HxpYHgd.exe
  2⤵
  PID:3176
- C:\Windows\System\YxoDeTK.exe
  C:\Windows\System\YxoDeTK.exe
  2⤵
  PID:3196
- C:\Windows\System\OPESRug.exe
  C:\Windows\System\OPESRug.exe
  2⤵
  PID:3216
- C:\Windows\System\SJAoaxw.exe
  C:\Windows\System\SJAoaxw.exe
  2⤵
  PID:3236
- C:\Windows\System\MLDEKJy.exe
  C:\Windows\System\MLDEKJy.exe
  2⤵
  PID:3256
- C:\Windows\System\RYtMTcg.exe
  C:\Windows\System\RYtMTcg.exe
  2⤵
  PID:3272
- C:\Windows\System\JWErHCi.exe
  C:\Windows\System\JWErHCi.exe
  2⤵
  PID:3292
- C:\Windows\System\pbAtlnY.exe
  C:\Windows\System\pbAtlnY.exe
  2⤵
  PID:3312
- C:\Windows\System\gszPNdg.exe
  C:\Windows\System\gszPNdg.exe
  2⤵
  PID:3332
- C:\Windows\System\ejBmdkq.exe
  C:\Windows\System\ejBmdkq.exe
  2⤵
  PID:3352
- C:\Windows\System\uszUloZ.exe
  C:\Windows\System\uszUloZ.exe
  2⤵
  PID:3368
- C:\Windows\System\JoqGXCm.exe
  C:\Windows\System\JoqGXCm.exe
  2⤵
  PID:3388
- C:\Windows\System\QaArXbM.exe
  C:\Windows\System\QaArXbM.exe
  2⤵
  PID:3408
- C:\Windows\System\TYfxNvB.exe
  C:\Windows\System\TYfxNvB.exe
  2⤵
  PID:3428
- C:\Windows\System\oEcuRmE.exe
  C:\Windows\System\oEcuRmE.exe
  2⤵
  PID:3444
- C:\Windows\System\FEoxxEA.exe
  C:\Windows\System\FEoxxEA.exe
  2⤵
  PID:3464
- C:\Windows\System\KgrwEnO.exe
  C:\Windows\System\KgrwEnO.exe
  2⤵
  PID:3488
- C:\Windows\System\ckdLigl.exe
  C:\Windows\System\ckdLigl.exe
  2⤵
  PID:3516
- C:\Windows\System\VdQlSGS.exe
  C:\Windows\System\VdQlSGS.exe
  2⤵
  PID:3532
- C:\Windows\System\qmlwUsK.exe
  C:\Windows\System\qmlwUsK.exe
  2⤵
  PID:3552
- C:\Windows\System\tAopyEO.exe
  C:\Windows\System\tAopyEO.exe
  2⤵
  PID:3576
- C:\Windows\System\ZyNVmqw.exe
  C:\Windows\System\ZyNVmqw.exe
  2⤵
  PID:3596
- C:\Windows\System\cnvtDSY.exe
  C:\Windows\System\cnvtDSY.exe
  2⤵
  PID:3612
- C:\Windows\System\KBnhmyf.exe
  C:\Windows\System\KBnhmyf.exe
  2⤵
  PID:3628
- C:\Windows\System\RGCPfUs.exe
  C:\Windows\System\RGCPfUs.exe
  2⤵
  PID:3648
- C:\Windows\System\DLeLfnu.exe
  C:\Windows\System\DLeLfnu.exe
  2⤵
  PID:3664
- C:\Windows\System\hgdBVoI.exe
  C:\Windows\System\hgdBVoI.exe
  2⤵
  PID:3680
- C:\Windows\System\VoZMNrZ.exe
  C:\Windows\System\VoZMNrZ.exe
  2⤵
  PID:3704
- C:\Windows\System\xJOdwGV.exe
  C:\Windows\System\xJOdwGV.exe
  2⤵
  PID:3724
- C:\Windows\System\sFsHISc.exe
  C:\Windows\System\sFsHISc.exe
  2⤵
  PID:3756
- C:\Windows\System\vyMmLPS.exe
  C:\Windows\System\vyMmLPS.exe
  2⤵
  PID:3772
- C:\Windows\System\MzXzmKh.exe
  C:\Windows\System\MzXzmKh.exe
  2⤵
  PID:3796
- C:\Windows\System\JKSpbTy.exe
  C:\Windows\System\JKSpbTy.exe
  2⤵
  PID:3812
- C:\Windows\System\wpyLtfJ.exe
  C:\Windows\System\wpyLtfJ.exe
  2⤵
  PID:3828
- C:\Windows\System\IlMjuDw.exe
  C:\Windows\System\IlMjuDw.exe
  2⤵
  PID:3856
- C:\Windows\System\tpjEewV.exe
  C:\Windows\System\tpjEewV.exe
  2⤵
  PID:3876
- C:\Windows\System\HVKQVNw.exe
  C:\Windows\System\HVKQVNw.exe
  2⤵
  PID:3892
- C:\Windows\System\coyAqkf.exe
  C:\Windows\System\coyAqkf.exe
  2⤵
  PID:3908
- C:\Windows\System\GGIXWam.exe
  C:\Windows\System\GGIXWam.exe
  2⤵
  PID:3928
- C:\Windows\System\SaqrpMt.exe
  C:\Windows\System\SaqrpMt.exe
  2⤵
  PID:3948
- C:\Windows\System\dnUbNtT.exe
  C:\Windows\System\dnUbNtT.exe
  2⤵
  PID:3968
- C:\Windows\System\fHAGAad.exe
  C:\Windows\System\fHAGAad.exe
  2⤵
  PID:3988
- C:\Windows\System\AdRNSnk.exe
  C:\Windows\System\AdRNSnk.exe
  2⤵
  PID:4004
- C:\Windows\System\gpiduUT.exe
  C:\Windows\System\gpiduUT.exe
  2⤵
  PID:4036
- C:\Windows\System\JkTVjQi.exe
  C:\Windows\System\JkTVjQi.exe
  2⤵
  PID:4056
- C:\Windows\System\FtEzFhO.exe
  C:\Windows\System\FtEzFhO.exe
  2⤵
  PID:4072
- C:\Windows\System\CgZrdEV.exe
  C:\Windows\System\CgZrdEV.exe
  2⤵
  PID:4088
- C:\Windows\System\XVLfZCb.exe
  C:\Windows\System\XVLfZCb.exe
  2⤵
  PID:1184
- C:\Windows\System\cyEyUtp.exe
  C:\Windows\System\cyEyUtp.exe
  2⤵
  PID:636
- C:\Windows\System\MYwWyZc.exe
  C:\Windows\System\MYwWyZc.exe
  2⤵
  PID:1860
- C:\Windows\System\UbRPFKK.exe
  C:\Windows\System\UbRPFKK.exe
  2⤵
  PID:2980
- C:\Windows\System\ZTJkRMW.exe
  C:\Windows\System\ZTJkRMW.exe
  2⤵
  PID:2012
- C:\Windows\System\LlMCJSz.exe
  C:\Windows\System\LlMCJSz.exe
  2⤵
  PID:1628
- C:\Windows\System\YbmDXmO.exe
  C:\Windows\System\YbmDXmO.exe
  2⤵
  PID:2724
- C:\Windows\System\ixmBQCq.exe
  C:\Windows\System\ixmBQCq.exe
  2⤵
  PID:1552
- C:\Windows\System\VkTpQHJ.exe
  C:\Windows\System\VkTpQHJ.exe
  2⤵
  PID:2844
- C:\Windows\System\CSTeeJs.exe
  C:\Windows\System\CSTeeJs.exe
  2⤵
  PID:3144
- C:\Windows\System\ApmQqnR.exe
  C:\Windows\System\ApmQqnR.exe
  2⤵
  PID:3096
- C:\Windows\System\wZCXvyR.exe
  C:\Windows\System\wZCXvyR.exe
  2⤵
  PID:3184
- C:\Windows\System\qfpkqKZ.exe
  C:\Windows\System\qfpkqKZ.exe
  2⤵
  PID:3228
- C:\Windows\System\vtgURcb.exe
  C:\Windows\System\vtgURcb.exe
  2⤵
  PID:3124
- C:\Windows\System\pvDTSzi.exe
  C:\Windows\System\pvDTSzi.exe
  2⤵
  PID:3304
- C:\Windows\System\ICmapwu.exe
  C:\Windows\System\ICmapwu.exe
  2⤵
  PID:3380
- C:\Windows\System\UHxBBPd.exe
  C:\Windows\System\UHxBBPd.exe
  2⤵
  PID:3452
- C:\Windows\System\NrFcyvO.exe
  C:\Windows\System\NrFcyvO.exe
  2⤵
  PID:3248
- C:\Windows\System\GtCJcHX.exe
  C:\Windows\System\GtCJcHX.exe
  2⤵
  PID:3284
- C:\Windows\System\GcbbsSp.exe
  C:\Windows\System\GcbbsSp.exe
  2⤵
  PID:3504
- C:\Windows\System\tEdNAVS.exe
  C:\Windows\System\tEdNAVS.exe
  2⤵
  PID:3544
- C:\Windows\System\PbZeSrj.exe
  C:\Windows\System\PbZeSrj.exe
  2⤵
  PID:3620
- C:\Windows\System\PdnDEVA.exe
  C:\Windows\System\PdnDEVA.exe
  2⤵
  PID:3404
- C:\Windows\System\nJMULIH.exe
  C:\Windows\System\nJMULIH.exe
  2⤵
  PID:3476
- C:\Windows\System\ljdROlA.exe
  C:\Windows\System\ljdROlA.exe
  2⤵
  PID:3624
- C:\Windows\System\lYzbHNf.exe
  C:\Windows\System\lYzbHNf.exe
  2⤵
  PID:3700
- C:\Windows\System\GVUopWi.exe
  C:\Windows\System\GVUopWi.exe
  2⤵
  PID:3736
- C:\Windows\System\MCHiyZc.exe
  C:\Windows\System\MCHiyZc.exe
  2⤵
  PID:3644
- C:\Windows\System\cNDKTkW.exe
  C:\Windows\System\cNDKTkW.exe
  2⤵
  PID:3792
- C:\Windows\System\TRikAnT.exe
  C:\Windows\System\TRikAnT.exe
  2⤵
  PID:3868
- C:\Windows\System\jKNwJMn.exe
  C:\Windows\System\jKNwJMn.exe
  2⤵
  PID:3676
- C:\Windows\System\rxxHPFt.exe
  C:\Windows\System\rxxHPFt.exe
  2⤵
  PID:3944
- C:\Windows\System\POdOUaG.exe
  C:\Windows\System\POdOUaG.exe
  2⤵
  PID:3984
- C:\Windows\System\yQwcybE.exe
  C:\Windows\System\yQwcybE.exe
  2⤵
  PID:3768
- C:\Windows\System\YMTbqzP.exe
  C:\Windows\System\YMTbqzP.exe
  2⤵
  PID:3836
- C:\Windows\System\ufnmqaw.exe
  C:\Windows\System\ufnmqaw.exe
  2⤵
  PID:4012
- C:\Windows\System\mdnXcyR.exe
  C:\Windows\System\mdnXcyR.exe
  2⤵
  PID:4032
- C:\Windows\System\QLCIgHP.exe
  C:\Windows\System\QLCIgHP.exe
  2⤵
  PID:3960
- C:\Windows\System\rkyqHBT.exe
  C:\Windows\System\rkyqHBT.exe
  2⤵
  PID:3956
- C:\Windows\System\wUkBZvz.exe
  C:\Windows\System\wUkBZvz.exe
  2⤵
  PID:576
- C:\Windows\System\gwCjCaO.exe
  C:\Windows\System\gwCjCaO.exe
  2⤵
  PID:4044
- C:\Windows\System\jjaTGYI.exe
  C:\Windows\System\jjaTGYI.exe
  2⤵
  PID:808
- C:\Windows\System\oMhdoGC.exe
  C:\Windows\System\oMhdoGC.exe
  2⤵
  PID:2960
- C:\Windows\System\xFWDgGZ.exe
  C:\Windows\System\xFWDgGZ.exe
  2⤵
  PID:3044
- C:\Windows\System\jfcnrsr.exe
  C:\Windows\System\jfcnrsr.exe
  2⤵
  PID:1356
- C:\Windows\System\MZTjVSj.exe
  C:\Windows\System\MZTjVSj.exe
  2⤵
  PID:1028
- C:\Windows\System\XbMsHNt.exe
  C:\Windows\System\XbMsHNt.exe
  2⤵
  PID:3088
- C:\Windows\System\qpsCBuG.exe
  C:\Windows\System\qpsCBuG.exe
  2⤵
  PID:3224
- C:\Windows\System\alPuFAL.exe
  C:\Windows\System\alPuFAL.exe
  2⤵
  PID:3416
- C:\Windows\System\hLfUBtN.exe
  C:\Windows\System\hLfUBtN.exe
  2⤵
  PID:3348
- C:\Windows\System\nyXXayq.exe
  C:\Windows\System\nyXXayq.exe
  2⤵
  PID:3244
- C:\Windows\System\ISGtyNY.exe
  C:\Windows\System\ISGtyNY.exe
  2⤵
  PID:3164
- C:\Windows\System\VezXjLP.exe
  C:\Windows\System\VezXjLP.exe
  2⤵
  PID:3328
- C:\Windows\System\tsOKafX.exe
  C:\Windows\System\tsOKafX.exe
  2⤵
  PID:3472
- C:\Windows\System\zQshOoB.exe
  C:\Windows\System\zQshOoB.exe
  2⤵
  PID:3528
- C:\Windows\System\WhxceQB.exe
  C:\Windows\System\WhxceQB.exe
  2⤵
  PID:3780
- C:\Windows\System\qrZAGnt.exe
  C:\Windows\System\qrZAGnt.exe
  2⤵
  PID:3716
- C:\Windows\System\CHbAbqN.exe
  C:\Windows\System\CHbAbqN.exe
  2⤵
  PID:3572
- C:\Windows\System\SMtscEQ.exe
  C:\Windows\System\SMtscEQ.exe
  2⤵
  PID:3568
- C:\Windows\System\EGpKWMY.exe
  C:\Windows\System\EGpKWMY.exe
  2⤵
  PID:3864
- C:\Windows\System\SqceZaS.exe
  C:\Windows\System\SqceZaS.exe
  2⤵
  PID:3640
- C:\Windows\System\RMRFHOh.exe
  C:\Windows\System\RMRFHOh.exe
  2⤵
  PID:3888
- C:\Windows\System\VUUchrY.exe
  C:\Windows\System\VUUchrY.exe
  2⤵
  PID:3852
- C:\Windows\System\nPeNFtj.exe
  C:\Windows\System\nPeNFtj.exe
  2⤵
  PID:4048
- C:\Windows\System\WpZnroP.exe
  C:\Windows\System\WpZnroP.exe
  2⤵
  PID:2760
- C:\Windows\System\aNheVRt.exe
  C:\Windows\System\aNheVRt.exe
  2⤵
  PID:2480
- C:\Windows\System\dayZoKO.exe
  C:\Windows\System\dayZoKO.exe
  2⤵
  PID:3056
- C:\Windows\System\dNztqIn.exe
  C:\Windows\System\dNztqIn.exe
  2⤵
  PID:2528
- C:\Windows\System\isCpDwC.exe
  C:\Windows\System\isCpDwC.exe
  2⤵
  PID:1708
- C:\Windows\System\RPDtXta.exe
  C:\Windows\System\RPDtXta.exe
  2⤵
  PID:3376
- C:\Windows\System\soPHzBr.exe
  C:\Windows\System\soPHzBr.exe
  2⤵
  PID:3500
- C:\Windows\System\lVlViwD.exe
  C:\Windows\System\lVlViwD.exe
  2⤵
  PID:3484
- C:\Windows\System\cQVUMMv.exe
  C:\Windows\System\cQVUMMv.exe
  2⤵
  PID:3660
- C:\Windows\System\zEtziCw.exe
  C:\Windows\System\zEtziCw.exe
  2⤵
  PID:3132
- C:\Windows\System\PZWvnWv.exe
  C:\Windows\System\PZWvnWv.exe
  2⤵
  PID:3976
- C:\Windows\System\psHtlAX.exe
  C:\Windows\System\psHtlAX.exe
  2⤵
  PID:3604
- C:\Windows\System\vZtPsrB.exe
  C:\Windows\System\vZtPsrB.exe
  2⤵
  PID:1632
- C:\Windows\System\jXsAwni.exe
  C:\Windows\System\jXsAwni.exe
  2⤵
  PID:3712
- C:\Windows\System\oGdtWYq.exe
  C:\Windows\System\oGdtWYq.exe
  2⤵
  PID:1360
- C:\Windows\System\YLmgFmW.exe
  C:\Windows\System\YLmgFmW.exe
  2⤵
  PID:4108
- C:\Windows\System\MQJHrwN.exe
  C:\Windows\System\MQJHrwN.exe
  2⤵
  PID:4132
- C:\Windows\System\fGexXxq.exe
  C:\Windows\System\fGexXxq.exe
  2⤵
  PID:4152
- C:\Windows\System\nESkixA.exe
  C:\Windows\System\nESkixA.exe
  2⤵
  PID:4172
- C:\Windows\System\GesakWM.exe
  C:\Windows\System\GesakWM.exe
  2⤵
  PID:4192
- C:\Windows\System\hWRWGqQ.exe
  C:\Windows\System\hWRWGqQ.exe
  2⤵
  PID:4212
- C:\Windows\System\wuaIXCR.exe
  C:\Windows\System\wuaIXCR.exe
  2⤵
  PID:4228
- C:\Windows\System\BkhsWkP.exe
  C:\Windows\System\BkhsWkP.exe
  2⤵
  PID:4252
- C:\Windows\System\OwyFurR.exe
  C:\Windows\System\OwyFurR.exe
  2⤵
  PID:4276
- C:\Windows\System\IhHYcun.exe
  C:\Windows\System\IhHYcun.exe
  2⤵
  PID:4292
- C:\Windows\System\lBkaaAV.exe
  C:\Windows\System\lBkaaAV.exe
  2⤵
  PID:4316
- C:\Windows\System\MniumpT.exe
  C:\Windows\System\MniumpT.exe
  2⤵
  PID:4336
- C:\Windows\System\ZePakWi.exe
  C:\Windows\System\ZePakWi.exe
  2⤵
  PID:4356
- C:\Windows\System\lODjNHK.exe
  C:\Windows\System\lODjNHK.exe
  2⤵
  PID:4372
- C:\Windows\System\wmTeKEL.exe
  C:\Windows\System\wmTeKEL.exe
  2⤵
  PID:4388
- C:\Windows\System\PqTeKNk.exe
  C:\Windows\System\PqTeKNk.exe
  2⤵
  PID:4412
- C:\Windows\System\FKxXRFG.exe
  C:\Windows\System\FKxXRFG.exe
  2⤵
  PID:4432
- C:\Windows\System\VIWZVoS.exe
  C:\Windows\System\VIWZVoS.exe
  2⤵
  PID:4460
- C:\Windows\System\qenrByF.exe
  C:\Windows\System\qenrByF.exe
  2⤵
  PID:4480
- C:\Windows\System\CqIkqeZ.exe
  C:\Windows\System\CqIkqeZ.exe
  2⤵
  PID:4496
- C:\Windows\System\GqsBUWc.exe
  C:\Windows\System\GqsBUWc.exe
  2⤵
  PID:4516
- C:\Windows\System\sfLSJKk.exe
  C:\Windows\System\sfLSJKk.exe
  2⤵
  PID:4540
- C:\Windows\System\dFjvCfR.exe
  C:\Windows\System\dFjvCfR.exe
  2⤵
  PID:4556
- C:\Windows\System\tDbdbXq.exe
  C:\Windows\System\tDbdbXq.exe
  2⤵
  PID:4576
- C:\Windows\System\BDkRvVf.exe
  C:\Windows\System\BDkRvVf.exe
  2⤵
  PID:4596
- C:\Windows\System\PFiPXtb.exe
  C:\Windows\System\PFiPXtb.exe
  2⤵
  PID:4616
- C:\Windows\System\DdHRyDP.exe
  C:\Windows\System\DdHRyDP.exe
  2⤵
  PID:4636
- C:\Windows\System\CYCMmmH.exe
  C:\Windows\System\CYCMmmH.exe
  2⤵
  PID:4656
- C:\Windows\System\FaHINTQ.exe
  C:\Windows\System\FaHINTQ.exe
  2⤵
  PID:4676
- C:\Windows\System\CUZrlrq.exe
  C:\Windows\System\CUZrlrq.exe
  2⤵
  PID:4700
- C:\Windows\System\oBPMirS.exe
  C:\Windows\System\oBPMirS.exe
  2⤵
  PID:4720
- C:\Windows\System\iqMXHbB.exe
  C:\Windows\System\iqMXHbB.exe
  2⤵
  PID:4740
- C:\Windows\System\TQDjmPW.exe
  C:\Windows\System\TQDjmPW.exe
  2⤵
  PID:4760
- C:\Windows\System\zErwuEz.exe
  C:\Windows\System\zErwuEz.exe
  2⤵
  PID:4776
- C:\Windows\System\UskpUbd.exe
  C:\Windows\System\UskpUbd.exe
  2⤵
  PID:4800
- C:\Windows\System\krbkxSj.exe
  C:\Windows\System\krbkxSj.exe
  2⤵
  PID:4820
- C:\Windows\System\DNVWfmP.exe
  C:\Windows\System\DNVWfmP.exe
  2⤵
  PID:4840
- C:\Windows\System\etamzyi.exe
  C:\Windows\System\etamzyi.exe
  2⤵
  PID:4856
- C:\Windows\System\EHkkWnX.exe
  C:\Windows\System\EHkkWnX.exe
  2⤵
  PID:4880
- C:\Windows\System\nxKOUAJ.exe
  C:\Windows\System\nxKOUAJ.exe
  2⤵
  PID:4900
- C:\Windows\System\YTBpxDN.exe
  C:\Windows\System\YTBpxDN.exe
  2⤵
  PID:4916
- C:\Windows\System\pJdQJxH.exe
  C:\Windows\System\pJdQJxH.exe
  2⤵
  PID:4936
- C:\Windows\System\JoKYXyq.exe
  C:\Windows\System\JoKYXyq.exe
  2⤵
  PID:4956
- C:\Windows\System\DBoNcXT.exe
  C:\Windows\System\DBoNcXT.exe
  2⤵
  PID:4976
- C:\Windows\System\QwFpggX.exe
  C:\Windows\System\QwFpggX.exe
  2⤵
  PID:4996
- C:\Windows\System\OeJrIWQ.exe
  C:\Windows\System\OeJrIWQ.exe
  2⤵
  PID:5016
- C:\Windows\System\XjxQaeG.exe
  C:\Windows\System\XjxQaeG.exe
  2⤵
  PID:5036
- C:\Windows\System\ZoEeztY.exe
  C:\Windows\System\ZoEeztY.exe
  2⤵
  PID:5056
- C:\Windows\System\JiqwEUE.exe
  C:\Windows\System\JiqwEUE.exe
  2⤵
  PID:5076
- C:\Windows\System\SbWJWhp.exe
  C:\Windows\System\SbWJWhp.exe
  2⤵
  PID:5092
- C:\Windows\System\vJMLDML.exe
  C:\Windows\System\vJMLDML.exe
  2⤵
  PID:5112
- C:\Windows\System\PCinlQk.exe
  C:\Windows\System\PCinlQk.exe
  2⤵
  PID:4084
- C:\Windows\System\JJaNQhO.exe
  C:\Windows\System\JJaNQhO.exe
  2⤵
  PID:3540
- C:\Windows\System\oDWftyp.exe
  C:\Windows\System\oDWftyp.exe
  2⤵
  PID:3824
- C:\Windows\System\AJlxkuL.exe
  C:\Windows\System\AJlxkuL.exe
  2⤵
  PID:3496
- C:\Windows\System\QxhBtjT.exe
  C:\Windows\System\QxhBtjT.exe
  2⤵
  PID:4000
- C:\Windows\System\pEatsqO.exe
  C:\Windows\System\pEatsqO.exe
  2⤵
  PID:3340
- C:\Windows\System\ONfpXYL.exe
  C:\Windows\System\ONfpXYL.exe
  2⤵
  PID:4020
- C:\Windows\System\EuQKrKR.exe
  C:\Windows\System\EuQKrKR.exe
  2⤵
  PID:4128
- C:\Windows\System\hxNtQDu.exe
  C:\Windows\System\hxNtQDu.exe
  2⤵
  PID:4164
- C:\Windows\System\LcBgVtU.exe
  C:\Windows\System\LcBgVtU.exe
  2⤵
  PID:3764
- C:\Windows\System\tycfeqy.exe
  C:\Windows\System\tycfeqy.exe
  2⤵
  PID:4144
- C:\Windows\System\kADkLKd.exe
  C:\Windows\System\kADkLKd.exe
  2⤵
  PID:4184
- C:\Windows\System\qNkFTPl.exe
  C:\Windows\System\qNkFTPl.exe
  2⤵
  PID:4148
- C:\Windows\System\KTomwtz.exe
  C:\Windows\System\KTomwtz.exe
  2⤵
  PID:4328
- C:\Windows\System\rFKwvwq.exe
  C:\Windows\System\rFKwvwq.exe
  2⤵
  PID:4268
- C:\Windows\System\AukRFjM.exe
  C:\Windows\System\AukRFjM.exe
  2⤵
  PID:4304
- C:\Windows\System\wzBWsDJ.exe
  C:\Windows\System\wzBWsDJ.exe
  2⤵
  PID:4352
- C:\Windows\System\BpVkiZK.exe
  C:\Windows\System\BpVkiZK.exe
  2⤵
  PID:4312
- C:\Windows\System\LnnnUkH.exe
  C:\Windows\System\LnnnUkH.exe
  2⤵
  PID:4452
- C:\Windows\System\KcemnKf.exe
  C:\Windows\System\KcemnKf.exe
  2⤵
  PID:4488
- C:\Windows\System\CzAPXrM.exe
  C:\Windows\System\CzAPXrM.exe
  2⤵
  PID:4476
- C:\Windows\System\vSLLlnX.exe
  C:\Windows\System\vSLLlnX.exe
  2⤵
  PID:4564
- C:\Windows\System\LzdwQKQ.exe
  C:\Windows\System\LzdwQKQ.exe
  2⤵
  PID:4568
- C:\Windows\System\cetGXyR.exe
  C:\Windows\System\cetGXyR.exe
  2⤵
  PID:4588
- C:\Windows\System\YDjjRZE.exe
  C:\Windows\System\YDjjRZE.exe
  2⤵
  PID:4644
- C:\Windows\System\neswJhm.exe
  C:\Windows\System\neswJhm.exe
  2⤵
  PID:4692
- C:\Windows\System\AaRsEnc.exe
  C:\Windows\System\AaRsEnc.exe
  2⤵
  PID:4708
- C:\Windows\System\iHrcStg.exe
  C:\Windows\System\iHrcStg.exe
  2⤵
  PID:4732
- C:\Windows\System\CvxtYMH.exe
  C:\Windows\System\CvxtYMH.exe
  2⤵
  PID:4752
- C:\Windows\System\waAXKLB.exe
  C:\Windows\System\waAXKLB.exe
  2⤵
  PID:4848
- C:\Windows\System\OEJeXpm.exe
  C:\Windows\System\OEJeXpm.exe
  2⤵
  PID:4788
- C:\Windows\System\FFhXCBJ.exe
  C:\Windows\System\FFhXCBJ.exe
  2⤵
  PID:4896
- C:\Windows\System\BEYYKzz.exe
  C:\Windows\System\BEYYKzz.exe
  2⤵
  PID:4876
- C:\Windows\System\ivhSzET.exe
  C:\Windows\System\ivhSzET.exe
  2⤵
  PID:4964
- C:\Windows\System\LoqukqM.exe
  C:\Windows\System\LoqukqM.exe
  2⤵
  PID:4952
- C:\Windows\System\nrmqbRU.exe
  C:\Windows\System\nrmqbRU.exe
  2⤵
  PID:5044
- C:\Windows\System\uSxrrRL.exe
  C:\Windows\System\uSxrrRL.exe
  2⤵
  PID:4984
- C:\Windows\System\ZWvxlIr.exe
  C:\Windows\System\ZWvxlIr.exe
  2⤵
  PID:5032
- C:\Windows\System\FCzVPXn.exe
  C:\Windows\System\FCzVPXn.exe
  2⤵
  PID:5068
- C:\Windows\System\cUhtURc.exe
  C:\Windows\System\cUhtURc.exe
  2⤵
  PID:3904
- C:\Windows\System\iXzTisF.exe
  C:\Windows\System\iXzTisF.exe
  2⤵
  PID:3424
- C:\Windows\System\QllSgse.exe
  C:\Windows\System\QllSgse.exe
  2⤵
  PID:1640
- C:\Windows\System\jtBraSp.exe
  C:\Windows\System\jtBraSp.exe
  2⤵
  PID:3808
- C:\Windows\System\egtGDxG.exe
  C:\Windows\System\egtGDxG.exe
  2⤵
  PID:4160
- C:\Windows\System\krZsOkH.exe
  C:\Windows\System\krZsOkH.exe
  2⤵
  PID:4204
- C:\Windows\System\ZqEbLxw.exe
  C:\Windows\System\ZqEbLxw.exe
  2⤵
  PID:4100
- C:\Windows\System\UwBLNsa.exe
  C:\Windows\System\UwBLNsa.exe
  2⤵
  PID:4284
- C:\Windows\System\HnuIpsl.exe
  C:\Windows\System\HnuIpsl.exe
  2⤵
  PID:4224
- C:\Windows\System\jXZkBQB.exe
  C:\Windows\System\jXZkBQB.exe
  2⤵
  PID:4368
- C:\Windows\System\yJgJZSd.exe
  C:\Windows\System\yJgJZSd.exe
  2⤵
  PID:4344
- C:\Windows\System\pEvdqbV.exe
  C:\Windows\System\pEvdqbV.exe
  2⤵
  PID:4420
- C:\Windows\System\ZloaCEA.exe
  C:\Windows\System\ZloaCEA.exe
  2⤵
  PID:4492
- C:\Windows\System\GrFErGk.exe
  C:\Windows\System\GrFErGk.exe
  2⤵
  PID:4504
- C:\Windows\System\wobSjQK.exe
  C:\Windows\System\wobSjQK.exe
  2⤵
  PID:4628
- C:\Windows\System\swKNWnT.exe
  C:\Windows\System\swKNWnT.exe
  2⤵
  PID:4664
- C:\Windows\System\VbRhZaW.exe
  C:\Windows\System\VbRhZaW.exe
  2⤵
  PID:4772
- C:\Windows\System\qZqXwYu.exe
  C:\Windows\System\qZqXwYu.exe
  2⤵
  PID:4712
- C:\Windows\System\PfmezTx.exe
  C:\Windows\System\PfmezTx.exe
  2⤵
  PID:4816
- C:\Windows\System\fVJcaiI.exe
  C:\Windows\System\fVJcaiI.exe
  2⤵
  PID:4812
- C:\Windows\System\uWQskqb.exe
  C:\Windows\System\uWQskqb.exe
  2⤵
  PID:4948
- C:\Windows\System\QKBDSav.exe
  C:\Windows\System\QKBDSav.exe
  2⤵
  PID:5048
- C:\Windows\System\ZbESrIT.exe
  C:\Windows\System\ZbESrIT.exe
  2⤵
  PID:5084
- C:\Windows\System\VBhpDCB.exe
  C:\Windows\System\VBhpDCB.exe
  2⤵
  PID:3884
- C:\Windows\System\cqXzGNE.exe
  C:\Windows\System\cqXzGNE.exe
  2⤵
  PID:2068
- C:\Windows\System\zdtevIX.exe
  C:\Windows\System\zdtevIX.exe
  2⤵
  PID:4120
- C:\Windows\System\pSZfhRV.exe
  C:\Windows\System\pSZfhRV.exe
  2⤵
  PID:1812
- C:\Windows\System\ZpEkyBq.exe
  C:\Windows\System\ZpEkyBq.exe
  2⤵
  PID:3524
- C:\Windows\System\SKVoVMY.exe
  C:\Windows\System\SKVoVMY.exe
  2⤵
  PID:3788
- C:\Windows\System\TfTudYm.exe
  C:\Windows\System\TfTudYm.exe
  2⤵
  PID:4612
- C:\Windows\System\TaKKCCo.exe
  C:\Windows\System\TaKKCCo.exe
  2⤵
  PID:4180
- C:\Windows\System\kkKkvwn.exe
  C:\Windows\System\kkKkvwn.exe
  2⤵
  PID:4324
- C:\Windows\System\QSUnuCS.exe
  C:\Windows\System\QSUnuCS.exe
  2⤵
  PID:4872
- C:\Windows\System\QXXkQdq.exe
  C:\Windows\System\QXXkQdq.exe
  2⤵
  PID:4888
- C:\Windows\System\wdfauET.exe
  C:\Windows\System\wdfauET.exe
  2⤵
  PID:4104
- C:\Windows\System\FapHHuc.exe
  C:\Windows\System\FapHHuc.exe
  2⤵
  PID:4792
- C:\Windows\System\qIgAqTN.exe
  C:\Windows\System\qIgAqTN.exe
  2⤵
  PID:4932
- C:\Windows\System\YePoKaG.exe
  C:\Windows\System\YePoKaG.exe
  2⤵
  PID:5028
- C:\Windows\System\JjMtrmN.exe
  C:\Windows\System\JjMtrmN.exe
  2⤵
  PID:4244
- C:\Windows\System\mwsuAPz.exe
  C:\Windows\System\mwsuAPz.exe
  2⤵
  PID:4424
- C:\Windows\System\touwlbh.exe
  C:\Windows\System\touwlbh.exe
  2⤵
  PID:5140
- C:\Windows\System\EwTltXf.exe
  C:\Windows\System\EwTltXf.exe
  2⤵
  PID:5160
- C:\Windows\System\vZGsxHf.exe
  C:\Windows\System\vZGsxHf.exe
  2⤵
  PID:5180
- C:\Windows\System\PHLkJXn.exe
  C:\Windows\System\PHLkJXn.exe
  2⤵
  PID:5200
- C:\Windows\System\BCgMPzW.exe
  C:\Windows\System\BCgMPzW.exe
  2⤵
  PID:5216
- C:\Windows\System\vMTYoZA.exe
  C:\Windows\System\vMTYoZA.exe
  2⤵
  PID:5240
- C:\Windows\System\KPDYXge.exe
  C:\Windows\System\KPDYXge.exe
  2⤵
  PID:5260
- C:\Windows\System\CvAvdFQ.exe
  C:\Windows\System\CvAvdFQ.exe
  2⤵
  PID:5280
- C:\Windows\System\LZXxhPk.exe
  C:\Windows\System\LZXxhPk.exe
  2⤵
  PID:5300
- C:\Windows\System\demdJmi.exe
  C:\Windows\System\demdJmi.exe
  2⤵
  PID:5320
- C:\Windows\System\kIdIfAw.exe
  C:\Windows\System\kIdIfAw.exe
  2⤵
  PID:5340
- C:\Windows\System\MZyNWoa.exe
  C:\Windows\System\MZyNWoa.exe
  2⤵
  PID:5360
- C:\Windows\System\qbhmLdi.exe
  C:\Windows\System\qbhmLdi.exe
  2⤵
  PID:5380
- C:\Windows\System\FBMztui.exe
  C:\Windows\System\FBMztui.exe
  2⤵
  PID:5400
- C:\Windows\System\EdtUWBP.exe
  C:\Windows\System\EdtUWBP.exe
  2⤵
  PID:5420
- C:\Windows\System\TJLdnUU.exe
  C:\Windows\System\TJLdnUU.exe
  2⤵
  PID:5440
- C:\Windows\System\QoAeMqc.exe
  C:\Windows\System\QoAeMqc.exe
  2⤵
  PID:5460
- C:\Windows\System\Cxedlmb.exe
  C:\Windows\System\Cxedlmb.exe
  2⤵
  PID:5480
- C:\Windows\System\KYfxsio.exe
  C:\Windows\System\KYfxsio.exe
  2⤵
  PID:5500
- C:\Windows\System\xQzRggh.exe
  C:\Windows\System\xQzRggh.exe
  2⤵
  PID:5520
- C:\Windows\System\nPEpjnL.exe
  C:\Windows\System\nPEpjnL.exe
  2⤵
  PID:5540
- C:\Windows\System\rXoXuhz.exe
  C:\Windows\System\rXoXuhz.exe
  2⤵
  PID:5560
- C:\Windows\System\GEQySBd.exe
  C:\Windows\System\GEQySBd.exe
  2⤵
  PID:5580
- C:\Windows\System\edUmYIy.exe
  C:\Windows\System\edUmYIy.exe
  2⤵
  PID:5600
- C:\Windows\System\cgTrkST.exe
  C:\Windows\System\cgTrkST.exe
  2⤵
  PID:5620
- C:\Windows\System\wFVKnuv.exe
  C:\Windows\System\wFVKnuv.exe
  2⤵
  PID:5640
- C:\Windows\System\XZAvgnC.exe
  C:\Windows\System\XZAvgnC.exe
  2⤵
  PID:5660
- C:\Windows\System\ucfMLjd.exe
  C:\Windows\System\ucfMLjd.exe
  2⤵
  PID:5680
- C:\Windows\System\RuKIzcn.exe
  C:\Windows\System\RuKIzcn.exe
  2⤵
  PID:5700
- C:\Windows\System\WYiHdpo.exe
  C:\Windows\System\WYiHdpo.exe
  2⤵
  PID:5720
- C:\Windows\System\FfQssIK.exe
  C:\Windows\System\FfQssIK.exe
  2⤵
  PID:5740
- C:\Windows\System\pJPxFCI.exe
  C:\Windows\System\pJPxFCI.exe
  2⤵
  PID:5760
- C:\Windows\System\SLUhIwf.exe
  C:\Windows\System\SLUhIwf.exe
  2⤵
  PID:5780
- C:\Windows\System\zCGpkKH.exe
  C:\Windows\System\zCGpkKH.exe
  2⤵
  PID:5800
- C:\Windows\System\NyUFGKR.exe
  C:\Windows\System\NyUFGKR.exe
  2⤵
  PID:5824
- C:\Windows\System\eCHphph.exe
  C:\Windows\System\eCHphph.exe
  2⤵
  PID:5844
- C:\Windows\System\vScASlV.exe
  C:\Windows\System\vScASlV.exe
  2⤵
  PID:5860
- C:\Windows\System\RitIDTN.exe
  C:\Windows\System\RitIDTN.exe
  2⤵
  PID:5884
- C:\Windows\System\BZYsKmj.exe
  C:\Windows\System\BZYsKmj.exe
  2⤵
  PID:5904
- C:\Windows\System\OkLZEAG.exe
  C:\Windows\System\OkLZEAG.exe
  2⤵
  PID:5924
- C:\Windows\System\IOtFINY.exe
  C:\Windows\System\IOtFINY.exe
  2⤵
  PID:5944
- C:\Windows\System\KETVrCv.exe
  C:\Windows\System\KETVrCv.exe
  2⤵
  PID:5964
- C:\Windows\System\ijEFMlF.exe
  C:\Windows\System\ijEFMlF.exe
  2⤵
  PID:5984
- C:\Windows\System\GUfBQwI.exe
  C:\Windows\System\GUfBQwI.exe
  2⤵
  PID:6004
- C:\Windows\System\vgOMnwM.exe
  C:\Windows\System\vgOMnwM.exe
  2⤵
  PID:6024
- C:\Windows\System\DdHmsuU.exe
  C:\Windows\System\DdHmsuU.exe
  2⤵
  PID:6044
- C:\Windows\System\ugQhtNS.exe
  C:\Windows\System\ugQhtNS.exe
  2⤵
  PID:6064
- C:\Windows\System\wlorWVt.exe
  C:\Windows\System\wlorWVt.exe
  2⤵
  PID:6084
- C:\Windows\System\VoWVHCA.exe
  C:\Windows\System\VoWVHCA.exe
  2⤵
  PID:6104
- C:\Windows\System\tAvJwQX.exe
  C:\Windows\System\tAvJwQX.exe
  2⤵
  PID:6124
- C:\Windows\System\UwGnSkl.exe
  C:\Windows\System\UwGnSkl.exe
  2⤵
  PID:1144
- C:\Windows\System\rfQVwFT.exe
  C:\Windows\System\rfQVwFT.exe
  2⤵
  PID:4532
- C:\Windows\System\xCovBjd.exe
  C:\Windows\System\xCovBjd.exe
  2⤵
  PID:4748
- C:\Windows\System\JXiNywz.exe
  C:\Windows\System\JXiNywz.exe
  2⤵
  PID:4428
- C:\Windows\System\bLJuXPo.exe
  C:\Windows\System\bLJuXPo.exe
  2⤵
  PID:928
- C:\Windows\System\NHlqpCE.exe
  C:\Windows\System\NHlqpCE.exe
  2⤵
  PID:4668
- C:\Windows\System\oCIqbgJ.exe
  C:\Windows\System\oCIqbgJ.exe
  2⤵
  PID:5004
- C:\Windows\System\gBDMtML.exe
  C:\Windows\System\gBDMtML.exe
  2⤵
  PID:5100
- C:\Windows\System\tgCeOHd.exe
  C:\Windows\System\tgCeOHd.exe
  2⤵
  PID:5136
- C:\Windows\System\SJlgAfW.exe
  C:\Windows\System\SJlgAfW.exe
  2⤵
  PID:5196
- C:\Windows\System\DEsgkRy.exe
  C:\Windows\System\DEsgkRy.exe
  2⤵
  PID:5224
- C:\Windows\System\CcCALcT.exe
  C:\Windows\System\CcCALcT.exe
  2⤵
  PID:5232
- C:\Windows\System\FNswdjD.exe
  C:\Windows\System\FNswdjD.exe
  2⤵
  PID:5272
- C:\Windows\System\FkaPTlp.exe
  C:\Windows\System\FkaPTlp.exe
  2⤵
  PID:5296
- C:\Windows\System\CmRMbLg.exe
  C:\Windows\System\CmRMbLg.exe
  2⤵
  PID:5328
- C:\Windows\System\NkPEewa.exe
  C:\Windows\System\NkPEewa.exe
  2⤵
  PID:5368
- C:\Windows\System\iLolzgW.exe
  C:\Windows\System\iLolzgW.exe
  2⤵
  PID:5392
- C:\Windows\System\wDfiuMz.exe
  C:\Windows\System\wDfiuMz.exe
  2⤵
  PID:5412
- C:\Windows\System\nSpjCmC.exe
  C:\Windows\System\nSpjCmC.exe
  2⤵
  PID:5456
- C:\Windows\System\wGbfEdr.exe
  C:\Windows\System\wGbfEdr.exe
  2⤵
  PID:5516
- C:\Windows\System\CrKxFiV.exe
  C:\Windows\System\CrKxFiV.exe
  2⤵
  PID:5492
- C:\Windows\System\MnYkwXK.exe
  C:\Windows\System\MnYkwXK.exe
  2⤵
  PID:5552
- C:\Windows\System\KVRaaLq.exe
  C:\Windows\System\KVRaaLq.exe
  2⤵
  PID:5572
- C:\Windows\System\AdQAQgc.exe
  C:\Windows\System\AdQAQgc.exe
  2⤵
  PID:5612
- C:\Windows\System\YznCqNG.exe
  C:\Windows\System\YznCqNG.exe
  2⤵
  PID:5676
- C:\Windows\System\mTRPEaU.exe
  C:\Windows\System\mTRPEaU.exe
  2⤵
  PID:5716
- C:\Windows\System\ovSkrdz.exe
  C:\Windows\System\ovSkrdz.exe
  2⤵
  PID:5728
- C:\Windows\System\EoAXPcO.exe
  C:\Windows\System\EoAXPcO.exe
  2⤵
  PID:5752
- C:\Windows\System\mDFlflL.exe
  C:\Windows\System\mDFlflL.exe
  2⤵
  PID:5772
- C:\Windows\System\jTDSgHI.exe
  C:\Windows\System\jTDSgHI.exe
  2⤵
  PID:5840
- C:\Windows\System\jpozgCd.exe
  C:\Windows\System\jpozgCd.exe
  2⤵
  PID:5880
- C:\Windows\System\oejecBD.exe
  C:\Windows\System\oejecBD.exe
  2⤵
  PID:5920
- C:\Windows\System\tvNWrLA.exe
  C:\Windows\System\tvNWrLA.exe
  2⤵
  PID:5932
- C:\Windows\System\XfHtCiS.exe
  C:\Windows\System\XfHtCiS.exe
  2⤵
  PID:5956
- C:\Windows\System\pWQVIji.exe
  C:\Windows\System\pWQVIji.exe
  2⤵
  PID:5976
- C:\Windows\System\nZfxlpB.exe
  C:\Windows\System\nZfxlpB.exe
  2⤵
  PID:6040
- C:\Windows\System\AQkazyu.exe
  C:\Windows\System\AQkazyu.exe
  2⤵
  PID:6060
- C:\Windows\System\jxeUGAL.exe
  C:\Windows\System\jxeUGAL.exe
  2⤵
  PID:6100
- C:\Windows\System\gpNbymh.exe
  C:\Windows\System\gpNbymh.exe
  2⤵
  PID:4444
- C:\Windows\System\UrHlzqV.exe
  C:\Windows\System\UrHlzqV.exe
  2⤵
  PID:4608
- C:\Windows\System\hSveypl.exe
  C:\Windows\System\hSveypl.exe
  2⤵
  PID:1152
- C:\Windows\System\SvgIQQC.exe
  C:\Windows\System\SvgIQQC.exe
  2⤵
  PID:5064
- C:\Windows\System\Dfpyjxg.exe
  C:\Windows\System\Dfpyjxg.exe
  2⤵
  PID:4928
- C:\Windows\System\sHsFvAj.exe
  C:\Windows\System\sHsFvAj.exe
  2⤵
  PID:5156
- C:\Windows\System\CrfdEMY.exe
  C:\Windows\System\CrfdEMY.exe
  2⤵
  PID:5192
- C:\Windows\System\JfFlXAQ.exe
  C:\Windows\System\JfFlXAQ.exe
  2⤵
  PID:1788
- C:\Windows\System\dEPARLI.exe
  C:\Windows\System\dEPARLI.exe
  2⤵
  PID:5308
- C:\Windows\System\JcZmrOm.exe
  C:\Windows\System\JcZmrOm.exe
  2⤵
  PID:5312
- C:\Windows\System\nEswUgj.exe
  C:\Windows\System\nEswUgj.exe
  2⤵
  PID:5376
- C:\Windows\System\IDWYoAp.exe
  C:\Windows\System\IDWYoAp.exe
  2⤵
  PID:5448
- C:\Windows\System\DOGrRAf.exe
  C:\Windows\System\DOGrRAf.exe
  2⤵
  PID:5536
- C:\Windows\System\XHtuWEx.exe
  C:\Windows\System\XHtuWEx.exe
  2⤵
  PID:5588
- C:\Windows\System\MEEFLVN.exe
  C:\Windows\System\MEEFLVN.exe
  2⤵
  PID:5628
- C:\Windows\System\gZZXIkY.exe
  C:\Windows\System\gZZXIkY.exe
  2⤵
  PID:5708
- C:\Windows\System\iaezprl.exe
  C:\Windows\System\iaezprl.exe
  2⤵
  PID:5712
- C:\Windows\System\MqywyVH.exe
  C:\Windows\System\MqywyVH.exe
  2⤵
  PID:5796
- C:\Windows\System\gYunCyI.exe
  C:\Windows\System\gYunCyI.exe
  2⤵
  PID:5872
- C:\Windows\System\DdYyJTJ.exe
  C:\Windows\System\DdYyJTJ.exe
  2⤵
  PID:5900
- C:\Windows\System\udCBEHf.exe
  C:\Windows\System\udCBEHf.exe
  2⤵
  PID:5936
- C:\Windows\System\ZktjWpY.exe
  C:\Windows\System\ZktjWpY.exe
  2⤵
  PID:6016
- C:\Windows\System\RIDYzMK.exe
  C:\Windows\System\RIDYzMK.exe
  2⤵
  PID:6112
- C:\Windows\System\qJMHOLz.exe
  C:\Windows\System\qJMHOLz.exe
  2⤵
  PID:6136
- C:\Windows\System\xECQuCD.exe
  C:\Windows\System\xECQuCD.exe
  2⤵
  PID:4584
- C:\Windows\System\kSbkoqv.exe
  C:\Windows\System\kSbkoqv.exe
  2⤵
  PID:4288
- C:\Windows\System\XkeWOXh.exe
  C:\Windows\System\XkeWOXh.exe
  2⤵
  PID:4836
- C:\Windows\System\eIgPoTU.exe
  C:\Windows\System\eIgPoTU.exe
  2⤵
  PID:5152
- C:\Windows\System\VAejCHn.exe
  C:\Windows\System\VAejCHn.exe
  2⤵
  PID:5268
- C:\Windows\System\ETuyJje.exe
  C:\Windows\System\ETuyJje.exe
  2⤵
  PID:5472
- C:\Windows\System\YXePses.exe
  C:\Windows\System\YXePses.exe
  2⤵
  PID:5532
- C:\Windows\System\mcVVgsV.exe
  C:\Windows\System\mcVVgsV.exe
  2⤵
  PID:5452
- C:\Windows\System\QYCzJOu.exe
  C:\Windows\System\QYCzJOu.exe
  2⤵
  PID:1912
- C:\Windows\System\iqOnUIk.exe
  C:\Windows\System\iqOnUIk.exe
  2⤵
  PID:5776
- C:\Windows\System\FUSnClp.exe
  C:\Windows\System\FUSnClp.exe
  2⤵
  PID:5756
- C:\Windows\System\lbzYAhd.exe
  C:\Windows\System\lbzYAhd.exe
  2⤵
  PID:6072
- C:\Windows\System\xyrkSYU.exe
  C:\Windows\System\xyrkSYU.exe
  2⤵
  PID:6120
- C:\Windows\System\UDXaZFp.exe
  C:\Windows\System\UDXaZFp.exe
  2⤵
  PID:6076
- C:\Windows\System\IHdDXqu.exe
  C:\Windows\System\IHdDXqu.exe
  2⤵
  PID:4300
- C:\Windows\System\XdlGYqj.exe
  C:\Windows\System\XdlGYqj.exe
  2⤵
  PID:6116
- C:\Windows\System\eCsGyyz.exe
  C:\Windows\System\eCsGyyz.exe
  2⤵
  PID:5396
- C:\Windows\System\fUCjCyx.exe
  C:\Windows\System\fUCjCyx.exe
  2⤵
  PID:6160
- C:\Windows\System\MhnFtEM.exe
  C:\Windows\System\MhnFtEM.exe
  2⤵
  PID:6180
- C:\Windows\System\bRFknhg.exe
  C:\Windows\System\bRFknhg.exe
  2⤵
  PID:6200
- C:\Windows\System\OysNttu.exe
  C:\Windows\System\OysNttu.exe
  2⤵
  PID:6220
- C:\Windows\System\UNwxFyo.exe
  C:\Windows\System\UNwxFyo.exe
  2⤵
  PID:6240
- C:\Windows\System\QierbFG.exe
  C:\Windows\System\QierbFG.exe
  2⤵
  PID:6260
- C:\Windows\System\qJQLxhQ.exe
  C:\Windows\System\qJQLxhQ.exe
  2⤵
  PID:6284
- C:\Windows\System\ReJxbTa.exe
  C:\Windows\System\ReJxbTa.exe
  2⤵
  PID:6304
- C:\Windows\System\RvQKDUk.exe
  C:\Windows\System\RvQKDUk.exe
  2⤵
  PID:6324
- C:\Windows\System\UPybsGK.exe
  C:\Windows\System\UPybsGK.exe
  2⤵
  PID:6344
- C:\Windows\System\toDUhGz.exe
  C:\Windows\System\toDUhGz.exe
  2⤵
  PID:6364
- C:\Windows\System\olNKfKO.exe
  C:\Windows\System\olNKfKO.exe
  2⤵
  PID:6384
- C:\Windows\System\fNVFKNS.exe
  C:\Windows\System\fNVFKNS.exe
  2⤵
  PID:6404
- C:\Windows\System\WdDSyWH.exe
  C:\Windows\System\WdDSyWH.exe
  2⤵
  PID:6424
- C:\Windows\System\TGHmzhY.exe
  C:\Windows\System\TGHmzhY.exe
  2⤵
  PID:6444
- C:\Windows\System\JzBmOaR.exe
  C:\Windows\System\JzBmOaR.exe
  2⤵
  PID:6464
- C:\Windows\System\gdrvaxL.exe
  C:\Windows\System\gdrvaxL.exe
  2⤵
  PID:6484
- C:\Windows\System\QjAWnXL.exe
  C:\Windows\System\QjAWnXL.exe
  2⤵
  PID:6504
- C:\Windows\System\shWkZaw.exe
  C:\Windows\System\shWkZaw.exe
  2⤵
  PID:6524
- C:\Windows\System\thHsDPL.exe
  C:\Windows\System\thHsDPL.exe
  2⤵
  PID:6544
- C:\Windows\System\TBntXQa.exe
  C:\Windows\System\TBntXQa.exe
  2⤵
  PID:6564
- C:\Windows\System\ogPTAlh.exe
  C:\Windows\System\ogPTAlh.exe
  2⤵
  PID:6584
- C:\Windows\System\YmQkurD.exe
  C:\Windows\System\YmQkurD.exe
  2⤵
  PID:6604
- C:\Windows\System\DkteRhi.exe
  C:\Windows\System\DkteRhi.exe
  2⤵
  PID:6624
- C:\Windows\System\xbDsevN.exe
  C:\Windows\System\xbDsevN.exe
  2⤵
  PID:6644
- C:\Windows\System\LwvHuDz.exe
  C:\Windows\System\LwvHuDz.exe
  2⤵
  PID:6664
- C:\Windows\System\wVMcYPr.exe
  C:\Windows\System\wVMcYPr.exe
  2⤵
  PID:6684
- C:\Windows\System\FjPBbeC.exe
  C:\Windows\System\FjPBbeC.exe
  2⤵
  PID:6704
- C:\Windows\System\dmLIGCJ.exe
  C:\Windows\System\dmLIGCJ.exe
  2⤵
  PID:6724
- C:\Windows\System\mCEeoZP.exe
  C:\Windows\System\mCEeoZP.exe
  2⤵
  PID:6744
- C:\Windows\System\JDgvvND.exe
  C:\Windows\System\JDgvvND.exe
  2⤵
  PID:6764
- C:\Windows\System\DPjSves.exe
  C:\Windows\System\DPjSves.exe
  2⤵
  PID:6784
- C:\Windows\System\gtsvReu.exe
  C:\Windows\System\gtsvReu.exe
  2⤵
  PID:6804
- C:\Windows\System\ZLeRLWp.exe
  C:\Windows\System\ZLeRLWp.exe
  2⤵
  PID:6824
- C:\Windows\System\wPTcTsH.exe
  C:\Windows\System\wPTcTsH.exe
  2⤵
  PID:6844
- C:\Windows\System\JuvNccW.exe
  C:\Windows\System\JuvNccW.exe
  2⤵
  PID:6864
- C:\Windows\System\JQSLyXU.exe
  C:\Windows\System\JQSLyXU.exe
  2⤵
  PID:6884
- C:\Windows\System\VfGfVtT.exe
  C:\Windows\System\VfGfVtT.exe
  2⤵
  PID:6904
- C:\Windows\System\urkvBPF.exe
  C:\Windows\System\urkvBPF.exe
  2⤵
  PID:6924
- C:\Windows\System\pEoPYsd.exe
  C:\Windows\System\pEoPYsd.exe
  2⤵
  PID:6944
- C:\Windows\System\PjnidZl.exe
  C:\Windows\System\PjnidZl.exe
  2⤵
  PID:6964
- C:\Windows\System\uLReCKB.exe
  C:\Windows\System\uLReCKB.exe
  2⤵
  PID:6984
- C:\Windows\System\tyjonXi.exe
  C:\Windows\System\tyjonXi.exe
  2⤵
  PID:7004
- C:\Windows\System\msIpmzS.exe
  C:\Windows\System\msIpmzS.exe
  2⤵
  PID:7024
- C:\Windows\System\sVEKzfL.exe
  C:\Windows\System\sVEKzfL.exe
  2⤵
  PID:7044
- C:\Windows\System\FyBPZHq.exe
  C:\Windows\System\FyBPZHq.exe
  2⤵
  PID:7064
- C:\Windows\System\wDMKAlL.exe
  C:\Windows\System\wDMKAlL.exe
  2⤵
  PID:7084
- C:\Windows\System\tEPunpY.exe
  C:\Windows\System\tEPunpY.exe
  2⤵
  PID:7104
- C:\Windows\System\BLqnlpc.exe
  C:\Windows\System\BLqnlpc.exe
  2⤵
  PID:7124
- C:\Windows\System\mQsOfkS.exe
  C:\Windows\System\mQsOfkS.exe
  2⤵
  PID:7144
- C:\Windows\System\UYqVpdv.exe
  C:\Windows\System\UYqVpdv.exe
  2⤵
  PID:7164
- C:\Windows\System\DvGulAC.exe
  C:\Windows\System\DvGulAC.exe
  2⤵
  PID:5632
- C:\Windows\System\iFyVdGV.exe
  C:\Windows\System\iFyVdGV.exe
  2⤵
  PID:5596
- C:\Windows\System\TfWnUlp.exe
  C:\Windows\System\TfWnUlp.exe
  2⤵
  PID:5668
- C:\Windows\System\PJSyddI.exe
  C:\Windows\System\PJSyddI.exe
  2⤵
  PID:5856
- C:\Windows\System\jPnDVbO.exe
  C:\Windows\System\jPnDVbO.exe
  2⤵
  PID:2704
- C:\Windows\System\KiLqoZl.exe
  C:\Windows\System\KiLqoZl.exe
  2⤵
  PID:5176
- C:\Windows\System\hwWbFzA.exe
  C:\Windows\System\hwWbFzA.exe
  2⤵
  PID:6156
- C:\Windows\System\qNUdIBR.exe
  C:\Windows\System\qNUdIBR.exe
  2⤵
  PID:6168
- C:\Windows\System\AEVUnYW.exe
  C:\Windows\System\AEVUnYW.exe
  2⤵
  PID:6192
- C:\Windows\System\VHgjFRb.exe
  C:\Windows\System\VHgjFRb.exe
  2⤵
  PID:6236
- C:\Windows\System\oHuBJRh.exe
  C:\Windows\System\oHuBJRh.exe
  2⤵
  PID:6268
- C:\Windows\System\hLcbjLj.exe
  C:\Windows\System\hLcbjLj.exe
  2⤵
  PID:2888
- C:\Windows\System\KXYDzwP.exe
  C:\Windows\System\KXYDzwP.exe
  2⤵
  PID:6340
- C:\Windows\System\IfPWKlF.exe
  C:\Windows\System\IfPWKlF.exe
  2⤵
  PID:2876
- C:\Windows\System\plXfyfp.exe
  C:\Windows\System\plXfyfp.exe
  2⤵
  PID:6400
- C:\Windows\System\IDlxrIR.exe
  C:\Windows\System\IDlxrIR.exe
  2⤵
  PID:6416
- C:\Windows\System\mZaEYRT.exe
  C:\Windows\System\mZaEYRT.exe
  2⤵
  PID:6456
- C:\Windows\System\MBNMoFA.exe
  C:\Windows\System\MBNMoFA.exe
  2⤵
  PID:6500
- C:\Windows\System\zkeBYay.exe
  C:\Windows\System\zkeBYay.exe
  2⤵
  PID:6532
- C:\Windows\System\UYVcDFn.exe
  C:\Windows\System\UYVcDFn.exe
  2⤵
  PID:6556
- C:\Windows\System\DgMeTtp.exe
  C:\Windows\System\DgMeTtp.exe
  2⤵
  PID:6576
- C:\Windows\System\fczQFoH.exe
  C:\Windows\System\fczQFoH.exe
  2⤵
  PID:6616
- C:\Windows\System\MQFpOCZ.exe
  C:\Windows\System\MQFpOCZ.exe
  2⤵
  PID:6660
- C:\Windows\System\qYcNWKH.exe
  C:\Windows\System\qYcNWKH.exe
  2⤵
  PID:6712
- C:\Windows\System\dLflWEt.exe
  C:\Windows\System\dLflWEt.exe
  2⤵
  PID:6732
- C:\Windows\System\RmqZQJk.exe
  C:\Windows\System\RmqZQJk.exe
  2⤵
  PID:6736
- C:\Windows\System\vFpXuQn.exe
  C:\Windows\System\vFpXuQn.exe
  2⤵
  PID:6780
- C:\Windows\System\zffDADF.exe
  C:\Windows\System\zffDADF.exe
  2⤵
  PID:6816
- C:\Windows\System\vOavJZv.exe
  C:\Windows\System\vOavJZv.exe
  2⤵
  PID:6856
- C:\Windows\System\CLFsMno.exe
  C:\Windows\System\CLFsMno.exe
  2⤵
  PID:6892
- C:\Windows\System\WkIbFOE.exe
  C:\Windows\System\WkIbFOE.exe
  2⤵
  PID:6932
- C:\Windows\System\WnvQfHj.exe
  C:\Windows\System\WnvQfHj.exe
  2⤵
  PID:6940
- C:\Windows\System\BCAEftk.exe
  C:\Windows\System\BCAEftk.exe
  2⤵
  PID:6980
- C:\Windows\System\btfnuWy.exe
  C:\Windows\System\btfnuWy.exe
  2⤵
  PID:7036
- C:\Windows\System\WHQUINk.exe
  C:\Windows\System\WHQUINk.exe
  2⤵
  PID:7016
- C:\Windows\System\VszXgNV.exe
  C:\Windows\System\VszXgNV.exe
  2⤵
  PID:7060
- C:\Windows\System\GnxKWXG.exe
  C:\Windows\System\GnxKWXG.exe
  2⤵
  PID:7120
- C:\Windows\System\LzmgloB.exe
  C:\Windows\System\LzmgloB.exe
  2⤵
  PID:7132
- C:\Windows\System\NorKrUX.exe
  C:\Windows\System\NorKrUX.exe
  2⤵
  PID:5488
- C:\Windows\System\XGaZsvl.exe
  C:\Windows\System\XGaZsvl.exe
  2⤵
  PID:5332
- C:\Windows\System\KyEzONU.exe
  C:\Windows\System\KyEzONU.exe
  2⤵
  PID:4624
- C:\Windows\System\aLCyqAq.exe
  C:\Windows\System\aLCyqAq.exe
  2⤵
  PID:5896
- C:\Windows\System\mUUbXfr.exe
  C:\Windows\System\mUUbXfr.exe
  2⤵
  PID:5208
- C:\Windows\System\RoIfYtQ.exe
  C:\Windows\System\RoIfYtQ.exe
  2⤵
  PID:6212
- C:\Windows\System\EGPJmvG.exe
  C:\Windows\System\EGPJmvG.exe
  2⤵
  PID:6300
- C:\Windows\System\RZQMTUK.exe
  C:\Windows\System\RZQMTUK.exe
  2⤵
  PID:6248
- C:\Windows\System\KrHkQPJ.exe
  C:\Windows\System\KrHkQPJ.exe
  2⤵
  PID:6356
- C:\Windows\System\ZqTkNJg.exe
  C:\Windows\System\ZqTkNJg.exe
  2⤵
  PID:6376
- C:\Windows\System\pYucydR.exe
  C:\Windows\System\pYucydR.exe
  2⤵
  PID:6440
- C:\Windows\System\jTYJDaV.exe
  C:\Windows\System\jTYJDaV.exe
  2⤵
  PID:6512
- C:\Windows\System\DRPtGKT.exe
  C:\Windows\System\DRPtGKT.exe
  2⤵
  PID:6536
- C:\Windows\System\HjTdMVo.exe
  C:\Windows\System\HjTdMVo.exe
  2⤵
  PID:6676
- C:\Windows\System\fLKhgsf.exe
  C:\Windows\System\fLKhgsf.exe
  2⤵
  PID:6672
- C:\Windows\System\AccEfKr.exe
  C:\Windows\System\AccEfKr.exe
  2⤵
  PID:6696
- C:\Windows\System\YKVssed.exe
  C:\Windows\System\YKVssed.exe
  2⤵
  PID:2660
- C:\Windows\System\ZWNlHMl.exe
  C:\Windows\System\ZWNlHMl.exe
  2⤵
  PID:6812
- C:\Windows\System\cvWNjgp.exe
  C:\Windows\System\cvWNjgp.exe
  2⤵
  PID:6876
- C:\Windows\System\ZLjDNFM.exe
  C:\Windows\System\ZLjDNFM.exe
  2⤵
  PID:6916
- C:\Windows\System\nASiKwz.exe
  C:\Windows\System\nASiKwz.exe
  2⤵
  PID:2720
- C:\Windows\System\RmBHMqq.exe
  C:\Windows\System\RmBHMqq.exe
  2⤵
  PID:7012
- C:\Windows\System\heJfBUI.exe
  C:\Windows\System\heJfBUI.exe
  2⤵
  PID:7052
- C:\Windows\System\LnrKYNh.exe
  C:\Windows\System\LnrKYNh.exe
  2⤵
  PID:7156
- C:\Windows\System\ZeJdBlD.exe
  C:\Windows\System\ZeJdBlD.exe
  2⤵
  PID:7136
- C:\Windows\System\iHavtpa.exe
  C:\Windows\System\iHavtpa.exe
  2⤵
  PID:5428
- C:\Windows\System\TgRGxjR.exe
  C:\Windows\System\TgRGxjR.exe
  2⤵
  PID:5996
- C:\Windows\System\HMDqPTq.exe
  C:\Windows\System\HMDqPTq.exe
  2⤵
  PID:1808
- C:\Windows\System\omRgYFi.exe
  C:\Windows\System\omRgYFi.exe
  2⤵
  PID:6216
- C:\Windows\System\TofWrhK.exe
  C:\Windows\System\TofWrhK.exe
  2⤵
  PID:2796
- C:\Windows\System\mPdNbeV.exe
  C:\Windows\System\mPdNbeV.exe
  2⤵
  PID:6332
- C:\Windows\System\UdTmLcM.exe
  C:\Windows\System\UdTmLcM.exe
  2⤵
  PID:6480
- C:\Windows\System\QGnilHi.exe
  C:\Windows\System\QGnilHi.exe
  2⤵
  PID:6492
- C:\Windows\System\MZYdQJZ.exe
  C:\Windows\System\MZYdQJZ.exe
  2⤵
  PID:6560
- C:\Windows\System\ixhxEZo.exe
  C:\Windows\System\ixhxEZo.exe
  2⤵
  PID:6656
- C:\Windows\System\KdVBmYj.exe
  C:\Windows\System\KdVBmYj.exe
  2⤵
  PID:6760
- C:\Windows\System\JzVNiCF.exe
  C:\Windows\System\JzVNiCF.exe
  2⤵
  PID:6832
- C:\Windows\System\CWEWqWu.exe
  C:\Windows\System\CWEWqWu.exe
  2⤵
  PID:6960
- C:\Windows\System\axsStND.exe
  C:\Windows\System\axsStND.exe
  2⤵
  PID:6900
- C:\Windows\System\yMDhuuq.exe
  C:\Windows\System\yMDhuuq.exe
  2⤵
  PID:6956
- C:\Windows\System\HePbkuU.exe
  C:\Windows\System\HePbkuU.exe
  2⤵
  PID:7152
- C:\Windows\System\uIFPvIX.exe
  C:\Windows\System\uIFPvIX.exe
  2⤵
  PID:2144
- C:\Windows\System\gHarSbY.exe
  C:\Windows\System\gHarSbY.exe
  2⤵
  PID:5732
- C:\Windows\System\jmXeobD.exe
  C:\Windows\System\jmXeobD.exe
  2⤵
  PID:2688
- C:\Windows\System\sSojVoo.exe
  C:\Windows\System\sSojVoo.exe
  2⤵
  PID:6172
- C:\Windows\System\JAOLrBm.exe
  C:\Windows\System\JAOLrBm.exe
  2⤵
  PID:6380
- C:\Windows\System\gEJRbza.exe
  C:\Windows\System\gEJRbza.exe
  2⤵
  PID:3028
- C:\Windows\System\HLBPbmg.exe
  C:\Windows\System\HLBPbmg.exe
  2⤵
  PID:6620
- C:\Windows\System\MyZGnVy.exe
  C:\Windows\System\MyZGnVy.exe
  2⤵
  PID:3020
- C:\Windows\System\xbDPvIn.exe
  C:\Windows\System\xbDPvIn.exe
  2⤵
  PID:6800
- C:\Windows\System\TPcDNoV.exe
  C:\Windows\System\TPcDNoV.exe
  2⤵
  PID:6820
- C:\Windows\System\iRQzGLV.exe
  C:\Windows\System\iRQzGLV.exe
  2⤵
  PID:6992
- C:\Windows\System\iFkoVTd.exe
  C:\Windows\System\iFkoVTd.exe
  2⤵
  PID:2664
- C:\Windows\System\qAZDXvS.exe
  C:\Windows\System\qAZDXvS.exe
  2⤵
  PID:700
- C:\Windows\System\kHQayyM.exe
  C:\Windows\System\kHQayyM.exe
  2⤵
  PID:5736
- C:\Windows\System\BVJpaJG.exe
  C:\Windows\System\BVJpaJG.exe
  2⤵
  PID:2304
- C:\Windows\System\hGkLoMA.exe
  C:\Windows\System\hGkLoMA.exe
  2⤵
  PID:1720
- C:\Windows\System\pTvAdlq.exe
  C:\Windows\System\pTvAdlq.exe
  2⤵
  PID:2580
- C:\Windows\System\kjBoucG.exe
  C:\Windows\System\kjBoucG.exe
  2⤵
  PID:6316
- C:\Windows\System\iXErLbI.exe
  C:\Windows\System\iXErLbI.exe
  2⤵
  PID:6516
- C:\Windows\System\BCgBgif.exe
  C:\Windows\System\BCgBgif.exe
  2⤵
  PID:2076
- C:\Windows\System\toSsnna.exe
  C:\Windows\System\toSsnna.exe
  2⤵
  PID:6996
- C:\Windows\System\psNhEhs.exe
  C:\Windows\System\psNhEhs.exe
  2⤵
  PID:7092
- C:\Windows\System\nyrfkfx.exe
  C:\Windows\System\nyrfkfx.exe
  2⤵
  PID:2772
- C:\Windows\System\yswLGMW.exe
  C:\Windows\System\yswLGMW.exe
  2⤵
  PID:6476
- C:\Windows\System\QOfyIwk.exe
  C:\Windows\System\QOfyIwk.exe
  2⤵
  PID:2348
- C:\Windows\System\kAXqJZb.exe
  C:\Windows\System\kAXqJZb.exe
  2⤵
  PID:1032
- C:\Windows\System\nRGGhNh.exe
  C:\Windows\System\nRGGhNh.exe
  2⤵
  PID:6520
- C:\Windows\System\dVeImuE.exe
  C:\Windows\System\dVeImuE.exe
  2⤵
  PID:6720
- C:\Windows\System\ERlxXII.exe
  C:\Windows\System\ERlxXII.exe
  2⤵
  PID:1076
- C:\Windows\System\qXoLQIe.exe
  C:\Windows\System\qXoLQIe.exe
  2⤵
  PID:3996
- C:\Windows\System\QQoqoPL.exe
  C:\Windows\System\QQoqoPL.exe
  2⤵
  PID:2824
- C:\Windows\System\jsuVTLn.exe
  C:\Windows\System\jsuVTLn.exe
  2⤵
  PID:6152
- C:\Windows\System\EAmgeYD.exe
  C:\Windows\System\EAmgeYD.exe
  2⤵
  PID:3068
- C:\Windows\System\GuYfsPJ.exe
  C:\Windows\System\GuYfsPJ.exe
  2⤵
  PID:2964
- C:\Windows\System\MnCOPIV.exe
  C:\Windows\System\MnCOPIV.exe
  2⤵
  PID:2896
- C:\Windows\System\bOeLPQe.exe
  C:\Windows\System\bOeLPQe.exe
  2⤵
  PID:2840
- C:\Windows\System\UzvFlWt.exe
  C:\Windows\System\UzvFlWt.exe
  2⤵
  PID:7184
- C:\Windows\System\wLtNuDg.exe
  C:\Windows\System\wLtNuDg.exe
  2⤵
  PID:7200
- C:\Windows\System\jDnnFIS.exe
  C:\Windows\System\jDnnFIS.exe
  2⤵
  PID:7216
- C:\Windows\System\ZLtgLcY.exe
  C:\Windows\System\ZLtgLcY.exe
  2⤵
  PID:7232
- C:\Windows\System\KdizsyX.exe
  C:\Windows\System\KdizsyX.exe
  2⤵
  PID:7248
- C:\Windows\System\LyaOwaV.exe
  C:\Windows\System\LyaOwaV.exe
  2⤵
  PID:7264
- C:\Windows\System\HefWshE.exe
  C:\Windows\System\HefWshE.exe
  2⤵
  PID:7280
- C:\Windows\System\LaplDRF.exe
  C:\Windows\System\LaplDRF.exe
  2⤵
  PID:7300
- C:\Windows\System\XOSBBiQ.exe
  C:\Windows\System\XOSBBiQ.exe
  2⤵
  PID:7320
- C:\Windows\System\YdLRwFC.exe
  C:\Windows\System\YdLRwFC.exe
  2⤵
  PID:7336
- C:\Windows\System\EGnywKT.exe
  C:\Windows\System\EGnywKT.exe
  2⤵
  PID:7352
- C:\Windows\System\uksqWZm.exe
  C:\Windows\System\uksqWZm.exe
  2⤵
  PID:7368
- C:\Windows\System\vFFpwdt.exe
  C:\Windows\System\vFFpwdt.exe
  2⤵
  PID:7384
- C:\Windows\System\QcnqsWZ.exe
  C:\Windows\System\QcnqsWZ.exe
  2⤵
  PID:7400
- C:\Windows\System\MQsdjkV.exe
  C:\Windows\System\MQsdjkV.exe
  2⤵
  PID:7416
- C:\Windows\System\evShsPI.exe
  C:\Windows\System\evShsPI.exe
  2⤵
  PID:7432
- C:\Windows\System\rMFQXMq.exe
  C:\Windows\System\rMFQXMq.exe
  2⤵
  PID:7452
- C:\Windows\System\oNwMmpv.exe
  C:\Windows\System\oNwMmpv.exe
  2⤵
  PID:7468
- C:\Windows\System\XMqVJnm.exe
  C:\Windows\System\XMqVJnm.exe
  2⤵
  PID:7484
- C:\Windows\System\ftQebKe.exe
  C:\Windows\System\ftQebKe.exe
  2⤵
  PID:7500
- C:\Windows\System\glSyPTO.exe
  C:\Windows\System\glSyPTO.exe
  2⤵
  PID:7516
- C:\Windows\System\MBLNtAw.exe
  C:\Windows\System\MBLNtAw.exe
  2⤵
  PID:7532
- C:\Windows\System\GHQGNix.exe
  C:\Windows\System\GHQGNix.exe
  2⤵
  PID:7576
- C:\Windows\System\QKTgTAG.exe
  C:\Windows\System\QKTgTAG.exe
  2⤵
  PID:7592
- C:\Windows\System\LiVYIdw.exe
  C:\Windows\System\LiVYIdw.exe
  2⤵
  PID:7612
- C:\Windows\System\BwCSdBV.exe
  C:\Windows\System\BwCSdBV.exe
  2⤵
  PID:7632
- C:\Windows\System\RhqFhXj.exe
  C:\Windows\System\RhqFhXj.exe
  2⤵
  PID:7648
- C:\Windows\System\PrIKXHm.exe
  C:\Windows\System\PrIKXHm.exe
  2⤵
  PID:7664
- C:\Windows\System\SAmZvBa.exe
  C:\Windows\System\SAmZvBa.exe
  2⤵
  PID:7680
- C:\Windows\System\wYWZwqW.exe
  C:\Windows\System\wYWZwqW.exe
  2⤵
  PID:7696
- C:\Windows\System\OYGWykA.exe
  C:\Windows\System\OYGWykA.exe
  2⤵
  PID:7712
- C:\Windows\System\LSNVmru.exe
  C:\Windows\System\LSNVmru.exe
  2⤵
  PID:7728
- C:\Windows\System\ylIMNYL.exe
  C:\Windows\System\ylIMNYL.exe
  2⤵
  PID:7744
- C:\Windows\System\iYyWiYS.exe
  C:\Windows\System\iYyWiYS.exe
  2⤵
  PID:7760
- C:\Windows\System\onlxgtF.exe
  C:\Windows\System\onlxgtF.exe
  2⤵
  PID:7776
- C:\Windows\System\nhqFpje.exe
  C:\Windows\System\nhqFpje.exe
  2⤵
  PID:7792
- C:\Windows\System\hylxDTM.exe
  C:\Windows\System\hylxDTM.exe
  2⤵
  PID:7808
- C:\Windows\System\jzzCAhG.exe
  C:\Windows\System\jzzCAhG.exe
  2⤵
  PID:7824
- C:\Windows\System\fkmAjWE.exe
  C:\Windows\System\fkmAjWE.exe
  2⤵
  PID:7840
- C:\Windows\System\LffJYPz.exe
  C:\Windows\System\LffJYPz.exe
  2⤵
  PID:7856
- C:\Windows\System\hzvtrOl.exe
  C:\Windows\System\hzvtrOl.exe
  2⤵
  PID:7872
- C:\Windows\System\RUmjQnw.exe
  C:\Windows\System\RUmjQnw.exe
  2⤵
  PID:7888
- C:\Windows\System\yWFnrJo.exe
  C:\Windows\System\yWFnrJo.exe
  2⤵
  PID:7936
- C:\Windows\System\etlhlyy.exe
  C:\Windows\System\etlhlyy.exe
  2⤵
  PID:7952
- C:\Windows\System\HvtACtS.exe
  C:\Windows\System\HvtACtS.exe
  2⤵
  PID:7968
- C:\Windows\System\oPoQhQs.exe
  C:\Windows\System\oPoQhQs.exe
  2⤵
  PID:7984
- C:\Windows\System\NVaRlLl.exe
  C:\Windows\System\NVaRlLl.exe
  2⤵
  PID:8000
- C:\Windows\System\bzSqwgv.exe
  C:\Windows\System\bzSqwgv.exe
  2⤵
  PID:8020
- C:\Windows\System\sIbPkzG.exe
  C:\Windows\System\sIbPkzG.exe
  2⤵
  PID:8036
- C:\Windows\System\PmnmEZd.exe
  C:\Windows\System\PmnmEZd.exe
  2⤵
  PID:8052
- C:\Windows\System\xLbTnTf.exe
  C:\Windows\System\xLbTnTf.exe
  2⤵
  PID:8068
- C:\Windows\System\neaibHY.exe
  C:\Windows\System\neaibHY.exe
  2⤵
  PID:8084
- C:\Windows\System\veHKDGb.exe
  C:\Windows\System\veHKDGb.exe
  2⤵
  PID:8100
- C:\Windows\System\jOpociq.exe
  C:\Windows\System\jOpociq.exe
  2⤵
  PID:8116
- C:\Windows\System\zkKgpVz.exe
  C:\Windows\System\zkKgpVz.exe
  2⤵
  PID:8132
- C:\Windows\System\NiDhhvx.exe
  C:\Windows\System\NiDhhvx.exe
  2⤵
  PID:8148
- C:\Windows\System\rwWqLyT.exe
  C:\Windows\System\rwWqLyT.exe
  2⤵
  PID:8164
- C:\Windows\System\zIunjAO.exe
  C:\Windows\System\zIunjAO.exe
  2⤵
  PID:8180
- C:\Windows\System\ojyLiDh.exe
  C:\Windows\System\ojyLiDh.exe
  2⤵
  PID:7176
- C:\Windows\System\QnZtsms.exe
  C:\Windows\System\QnZtsms.exe
  2⤵
  PID:7212
- C:\Windows\System\RWTooPW.exe
  C:\Windows\System\RWTooPW.exe
  2⤵
  PID:7192
- C:\Windows\System\MKYmmvV.exe
  C:\Windows\System\MKYmmvV.exe
  2⤵
  PID:7260
- C:\Windows\System\hQRNfNz.exe
  C:\Windows\System\hQRNfNz.exe
  2⤵
  PID:7292
- C:\Windows\System\wOBtTHH.exe
  C:\Windows\System\wOBtTHH.exe
  2⤵
  PID:7380
- C:\Windows\System\dRjcHnu.exe
  C:\Windows\System\dRjcHnu.exe
  2⤵
  PID:7448
- C:\Windows\System\VMMcNpT.exe
  C:\Windows\System\VMMcNpT.exe
  2⤵
  PID:7328
- C:\Windows\System\bqwqyPV.exe
  C:\Windows\System\bqwqyPV.exe
  2⤵
  PID:7392
- C:\Windows\System\mFCZAGR.exe
  C:\Windows\System\mFCZAGR.exe
  2⤵
  PID:7476
- C:\Windows\System\ZzlpkSH.exe
  C:\Windows\System\ZzlpkSH.exe
  2⤵
  PID:7512
- C:\Windows\System\MzcHAFK.exe
  C:\Windows\System\MzcHAFK.exe
  2⤵
  PID:7496
- C:\Windows\System\MDUgKNP.exe
  C:\Windows\System\MDUgKNP.exe
  2⤵
  PID:7564
- C:\Windows\System\paHscQH.exe
  C:\Windows\System\paHscQH.exe
  2⤵
  PID:7600
- C:\Windows\System\zzZGcpx.exe
  C:\Windows\System\zzZGcpx.exe
  2⤵
  PID:7640
- C:\Windows\System\bdyhihn.exe
  C:\Windows\System\bdyhihn.exe
  2⤵
  PID:7676
- C:\Windows\System\VAWFfJi.exe
  C:\Windows\System\VAWFfJi.exe
  2⤵
  PID:1548
- C:\Windows\System\AQDEDLY.exe
  C:\Windows\System\AQDEDLY.exe
  2⤵
  PID:7724
- C:\Windows\System\NOnrffh.exe
  C:\Windows\System\NOnrffh.exe
  2⤵
  PID:7788
- C:\Windows\System\LkHOOnO.exe
  C:\Windows\System\LkHOOnO.exe
  2⤵
  PID:7852
- C:\Windows\System\ZhGnIED.exe
  C:\Windows\System\ZhGnIED.exe
  2⤵
  PID:7884
- C:\Windows\System\WEuyzhO.exe
  C:\Windows\System\WEuyzhO.exe
  2⤵
  PID:7804
- C:\Windows\System\OBfIJmd.exe
  C:\Windows\System\OBfIJmd.exe
  2⤵
  PID:7740
- C:\Windows\System\KjwmDAT.exe
  C:\Windows\System\KjwmDAT.exe
  2⤵
  PID:7900
- C:\Windows\System\XBfBAAq.exe
  C:\Windows\System\XBfBAAq.exe
  2⤵
  PID:7924
- C:\Windows\System\OWCYmNB.exe
  C:\Windows\System\OWCYmNB.exe
  2⤵
  PID:7932
- C:\Windows\System\FAnDiZz.exe
  C:\Windows\System\FAnDiZz.exe
  2⤵
  PID:7980
- C:\Windows\System\BYxSpnM.exe
  C:\Windows\System\BYxSpnM.exe
  2⤵
  PID:7996
- C:\Windows\System\uLuBGAX.exe
  C:\Windows\System\uLuBGAX.exe
  2⤵
  PID:8060
- C:\Windows\System\JgPLHjT.exe
  C:\Windows\System\JgPLHjT.exe
  2⤵
  PID:8124
- C:\Windows\System\MXWHTDc.exe
  C:\Windows\System\MXWHTDc.exe
  2⤵
  PID:8188
- C:\Windows\System\LYERfsh.exe
  C:\Windows\System\LYERfsh.exe
  2⤵
  PID:7288
- C:\Windows\System\GNzYwyp.exe
  C:\Windows\System\GNzYwyp.exe
  2⤵
  PID:7440
- C:\Windows\System\svVmRgm.exe
  C:\Windows\System\svVmRgm.exe
  2⤵
  PID:7508
- C:\Windows\System\QfXXevh.exe
  C:\Windows\System\QfXXevh.exe
  2⤵
  PID:7588
- C:\Windows\System\qQTceSF.exe
  C:\Windows\System\qQTceSF.exe
  2⤵
  PID:7708
- C:\Windows\System\JcpUadA.exe
  C:\Windows\System\JcpUadA.exe
  2⤵
  PID:7688
- C:\Windows\System\vidnqWd.exe
  C:\Windows\System\vidnqWd.exe
  2⤵
  PID:7908
- C:\Windows\System\anHwcKC.exe
  C:\Windows\System\anHwcKC.exe
  2⤵
  PID:8016
- C:\Windows\System\vOMOqgl.exe
  C:\Windows\System\vOMOqgl.exe
  2⤵
  PID:7916
- C:\Windows\System\nVEwOpn.exe
  C:\Windows\System\nVEwOpn.exe
  2⤵
  PID:7412
- C:\Windows\System\paHyxxE.exe
  C:\Windows\System\paHyxxE.exe
  2⤵
  PID:7548
- C:\Windows\System\PYZLDbS.exe
  C:\Windows\System\PYZLDbS.exe
  2⤵
  PID:7976
- C:\Windows\System\VGpNGir.exe
  C:\Windows\System\VGpNGir.exe
  2⤵
  PID:7692
- C:\Windows\System\gxFmdLW.exe
  C:\Windows\System\gxFmdLW.exe
  2⤵
  PID:8204
- C:\Windows\System\ZdUOCgx.exe
  C:\Windows\System\ZdUOCgx.exe
  2⤵
  PID:8220
- C:\Windows\System\widFERH.exe
  C:\Windows\System\widFERH.exe
  2⤵
  PID:8236
- C:\Windows\System\SGVftPu.exe
  C:\Windows\System\SGVftPu.exe
  2⤵
  PID:8252
- C:\Windows\System\ZyHgQKn.exe
  C:\Windows\System\ZyHgQKn.exe
  2⤵
  PID:8268
- C:\Windows\System\IprxoqP.exe
  C:\Windows\System\IprxoqP.exe
  2⤵
  PID:8284
- C:\Windows\System\merEnZS.exe
  C:\Windows\System\merEnZS.exe
  2⤵
  PID:8300
- C:\Windows\System\iaBgrGD.exe
  C:\Windows\System\iaBgrGD.exe
  2⤵
  PID:8316
- C:\Windows\System\kdcKhCI.exe
  C:\Windows\System\kdcKhCI.exe
  2⤵
  PID:8332
- C:\Windows\System\tHIDrTw.exe
  C:\Windows\System\tHIDrTw.exe
  2⤵
  PID:8348
- C:\Windows\System\QGnovLQ.exe
  C:\Windows\System\QGnovLQ.exe
  2⤵
  PID:8364
- C:\Windows\System\JIAhidg.exe
  C:\Windows\System\JIAhidg.exe
  2⤵
  PID:8380
- C:\Windows\System\xEVTJVw.exe
  C:\Windows\System\xEVTJVw.exe
  2⤵
  PID:8396
- C:\Windows\System\wxcAVVI.exe
  C:\Windows\System\wxcAVVI.exe
  2⤵
  PID:8412
- C:\Windows\System\fQxPqJD.exe
  C:\Windows\System\fQxPqJD.exe
  2⤵
  PID:8428
- C:\Windows\System\NSyDWEj.exe
  C:\Windows\System\NSyDWEj.exe
  2⤵
  PID:8444
- C:\Windows\System\LoQoiIU.exe
  C:\Windows\System\LoQoiIU.exe
  2⤵
  PID:8464
- C:\Windows\System\uhLmbQS.exe
  C:\Windows\System\uhLmbQS.exe
  2⤵
  PID:8480
- C:\Windows\System\eorENUd.exe
  C:\Windows\System\eorENUd.exe
  2⤵
  PID:8496
- C:\Windows\System\fDEVXiQ.exe
  C:\Windows\System\fDEVXiQ.exe
  2⤵
  PID:8512
- C:\Windows\System\KAqdOgX.exe
  C:\Windows\System\KAqdOgX.exe
  2⤵
  PID:8528
- C:\Windows\System\gWkyCsI.exe
  C:\Windows\System\gWkyCsI.exe
  2⤵
  PID:8544
- C:\Windows\System\HuHYhwR.exe
  C:\Windows\System\HuHYhwR.exe
  2⤵
  PID:8560
- C:\Windows\System\ESbRjTO.exe
  C:\Windows\System\ESbRjTO.exe
  2⤵
  PID:8576
- C:\Windows\System\NSheqNJ.exe
  C:\Windows\System\NSheqNJ.exe
  2⤵
  PID:8592
- C:\Windows\System\rRRzLYs.exe
  C:\Windows\System\rRRzLYs.exe
  2⤵
  PID:8608
- C:\Windows\System\BogQHSB.exe
  C:\Windows\System\BogQHSB.exe
  2⤵
  PID:8624
- C:\Windows\System\maQAavJ.exe
  C:\Windows\System\maQAavJ.exe
  2⤵
  PID:8640
- C:\Windows\System\ZQhZzwh.exe
  C:\Windows\System\ZQhZzwh.exe
  2⤵
  PID:8656
- C:\Windows\System\WwwVfnh.exe
  C:\Windows\System\WwwVfnh.exe
  2⤵
  PID:8672
- C:\Windows\System\iwfnzKW.exe
  C:\Windows\System\iwfnzKW.exe
  2⤵
  PID:8688
- C:\Windows\System\THyPgxf.exe
  C:\Windows\System\THyPgxf.exe
  2⤵
  PID:8704
- C:\Windows\System\NodnxQA.exe
  C:\Windows\System\NodnxQA.exe
  2⤵
  PID:8720
- C:\Windows\System\IpnwQQO.exe
  C:\Windows\System\IpnwQQO.exe
  2⤵
  PID:8740
- C:\Windows\System\MlAFsPo.exe
  C:\Windows\System\MlAFsPo.exe
  2⤵
  PID:8756
- C:\Windows\System\tSxwxVn.exe
  C:\Windows\System\tSxwxVn.exe
  2⤵
  PID:8772
- C:\Windows\System\pWfVOkl.exe
  C:\Windows\System\pWfVOkl.exe
  2⤵
  PID:8788
- C:\Windows\System\FRzhvZk.exe
  C:\Windows\System\FRzhvZk.exe
  2⤵
  PID:8804
- C:\Windows\System\tispaKC.exe
  C:\Windows\System\tispaKC.exe
  2⤵
  PID:8820
- C:\Windows\System\wuCepVv.exe
  C:\Windows\System\wuCepVv.exe
  2⤵
  PID:8836
- C:\Windows\System\ZQRWrHI.exe
  C:\Windows\System\ZQRWrHI.exe
  2⤵
  PID:8852
- C:\Windows\System\ssYTOVJ.exe
  C:\Windows\System\ssYTOVJ.exe
  2⤵
  PID:8868
- C:\Windows\System\xznGtvX.exe
  C:\Windows\System\xznGtvX.exe
  2⤵
  PID:8884
- C:\Windows\System\YqkSdVN.exe
  C:\Windows\System\YqkSdVN.exe
  2⤵
  PID:8900
- C:\Windows\System\OSvZeWm.exe
  C:\Windows\System\OSvZeWm.exe
  2⤵
  PID:8916
- C:\Windows\System\dTtpXye.exe
  C:\Windows\System\dTtpXye.exe
  2⤵
  PID:8932
- C:\Windows\System\JWaUhNl.exe
  C:\Windows\System\JWaUhNl.exe
  2⤵
  PID:8948
- C:\Windows\System\DKIntII.exe
  C:\Windows\System\DKIntII.exe
  2⤵
  PID:8964
- C:\Windows\System\yfeiwQX.exe
  C:\Windows\System\yfeiwQX.exe
  2⤵
  PID:8980
- C:\Windows\System\QJCbvrB.exe
  C:\Windows\System\QJCbvrB.exe
  2⤵
  PID:8996
- C:\Windows\System\YKwRMga.exe
  C:\Windows\System\YKwRMga.exe
  2⤵
  PID:9012
- C:\Windows\System\KViGvnp.exe
  C:\Windows\System\KViGvnp.exe
  2⤵
  PID:9028
- C:\Windows\System\tczULNL.exe
  C:\Windows\System\tczULNL.exe
  2⤵
  PID:9044
- C:\Windows\System\gTbZYMl.exe
  C:\Windows\System\gTbZYMl.exe
  2⤵
  PID:9060
- C:\Windows\System\bxWeVyF.exe
  C:\Windows\System\bxWeVyF.exe
  2⤵
  PID:9076
- C:\Windows\System\FsgfTnE.exe
  C:\Windows\System\FsgfTnE.exe
  2⤵
  PID:9092
- C:\Windows\System\bktEHVm.exe
  C:\Windows\System\bktEHVm.exe
  2⤵
  PID:9108
- C:\Windows\System\BBTZyME.exe
  C:\Windows\System\BBTZyME.exe
  2⤵
  PID:9124
- C:\Windows\System\Wzmtlbh.exe
  C:\Windows\System\Wzmtlbh.exe
  2⤵
  PID:9140
- C:\Windows\System\bZaHIzP.exe
  C:\Windows\System\bZaHIzP.exe
  2⤵
  PID:9156
- C:\Windows\System\kqKDiqR.exe
  C:\Windows\System\kqKDiqR.exe
  2⤵
  PID:9172
- C:\Windows\System\knxBCJS.exe
  C:\Windows\System\knxBCJS.exe
  2⤵
  PID:9188
- C:\Windows\System\PgJZmwA.exe
  C:\Windows\System\PgJZmwA.exe
  2⤵
  PID:9204
- C:\Windows\System\tQeTURw.exe
  C:\Windows\System\tQeTURw.exe
  2⤵
  PID:8200
- C:\Windows\System\ZfBHVPy.exe
  C:\Windows\System\ZfBHVPy.exe
  2⤵
  PID:8232
- C:\Windows\System\xmwgkLs.exe
  C:\Windows\System\xmwgkLs.exe
  2⤵
  PID:8296
- C:\Windows\System\GXQLQfr.exe
  C:\Windows\System\GXQLQfr.exe
  2⤵
  PID:8008
- C:\Windows\System\KqpYiff.exe
  C:\Windows\System\KqpYiff.exe
  2⤵
  PID:8420
- C:\Windows\System\dtvWcAT.exe
  C:\Windows\System\dtvWcAT.exe
  2⤵
  PID:8452
- C:\Windows\System\FbJHYyn.exe
  C:\Windows\System\FbJHYyn.exe
  2⤵
  PID:8176
- C:\Windows\System\eMKcMOk.exe
  C:\Windows\System\eMKcMOk.exe
  2⤵
  PID:7348
- C:\Windows\System\yIxcCkq.exe
  C:\Windows\System\yIxcCkq.exe
  2⤵
  PID:7376
- C:\Windows\System\CeHYnJW.exe
  C:\Windows\System\CeHYnJW.exe
  2⤵
  PID:7428
- C:\Windows\System\avvIxHO.exe
  C:\Windows\System\avvIxHO.exe
  2⤵
  PID:8276
- C:\Windows\System\vMBfXeV.exe
  C:\Windows\System\vMBfXeV.exe
  2⤵
  PID:7552
- C:\Windows\System\SsTydgW.exe
  C:\Windows\System\SsTydgW.exe
  2⤵
  PID:7660
- C:\Windows\System\uBPzWTH.exe
  C:\Windows\System\uBPzWTH.exe
  2⤵
  PID:7800
- C:\Windows\System\gkPvQWH.exe
  C:\Windows\System\gkPvQWH.exe
  2⤵
  PID:8096
- C:\Windows\System\hiiUMxn.exe
  C:\Windows\System\hiiUMxn.exe
  2⤵
  PID:7228
- C:\Windows\System\gStWILI.exe
  C:\Windows\System\gStWILI.exe
  2⤵
  PID:7316
- C:\Windows\System\uJhmNSL.exe
  C:\Windows\System\uJhmNSL.exe
  2⤵
  PID:8244
- C:\Windows\System\aYZQZbt.exe
  C:\Windows\System\aYZQZbt.exe
  2⤵
  PID:8344
- C:\Windows\System\khidhkB.exe
  C:\Windows\System\khidhkB.exe
  2⤵
  PID:8436
- C:\Windows\System\PzjxVws.exe
  C:\Windows\System\PzjxVws.exe
  2⤵
  PID:8492
- C:\Windows\System\eZeirGO.exe
  C:\Windows\System\eZeirGO.exe
  2⤵
  PID:8552
- C:\Windows\System\gnBqSSe.exe
  C:\Windows\System\gnBqSSe.exe
  2⤵
  PID:8536
- C:\Windows\System\jCFElmR.exe
  C:\Windows\System\jCFElmR.exe
  2⤵
  PID:8572
- C:\Windows\System\elZQEZE.exe
  C:\Windows\System\elZQEZE.exe
  2⤵
  PID:8616
- C:\Windows\System\SNxtasI.exe
  C:\Windows\System\SNxtasI.exe
  2⤵
  PID:8680
- C:\Windows\System\AsZRvul.exe
  C:\Windows\System\AsZRvul.exe
  2⤵
  PID:8632
- C:\Windows\System\lgGTpVe.exe
  C:\Windows\System\lgGTpVe.exe
  2⤵
  PID:8696
- C:\Windows\System\KpFrBnS.exe
  C:\Windows\System\KpFrBnS.exe
  2⤵
  PID:8780
- C:\Windows\System\torokSq.exe
  C:\Windows\System\torokSq.exe
  2⤵
  PID:8816
- C:\Windows\System\qEWzfrv.exe
  C:\Windows\System\qEWzfrv.exe
  2⤵
  PID:8876
- C:\Windows\System\tErBXAX.exe
  C:\Windows\System\tErBXAX.exe
  2⤵
  PID:7736
- C:\Windows\System\DDtIYHJ.exe
  C:\Windows\System\DDtIYHJ.exe
  2⤵
  PID:8736
- C:\Windows\System\Frntxpc.exe
  C:\Windows\System\Frntxpc.exe
  2⤵
  PID:8832
- C:\Windows\System\cQKHoxp.exe
  C:\Windows\System\cQKHoxp.exe
  2⤵
  PID:8896
- C:\Windows\System\YUjGqQt.exe
  C:\Windows\System\YUjGqQt.exe
  2⤵
  PID:8976
- C:\Windows\System\UMVQpkp.exe
  C:\Windows\System\UMVQpkp.exe
  2⤵
  PID:8972
- C:\Windows\System\qCLwMYx.exe
  C:\Windows\System\qCLwMYx.exe
  2⤵
  PID:8960
- C:\Windows\System\qLYVADY.exe
  C:\Windows\System\qLYVADY.exe
  2⤵
  PID:9024
- C:\Windows\System\myLTFqb.exe
  C:\Windows\System\myLTFqb.exe
  2⤵
  PID:9104
- C:\Windows\System\OwvqKfR.exe
  C:\Windows\System\OwvqKfR.exe
  2⤵
  PID:9148
- C:\Windows\System\lfIMLBX.exe
  C:\Windows\System\lfIMLBX.exe
  2⤵
  PID:9152
- C:\Windows\System\DrVVpih.exe
  C:\Windows\System\DrVVpih.exe
  2⤵
  PID:9184
- C:\Windows\System\ISyayor.exe
  C:\Windows\System\ISyayor.exe
  2⤵
  PID:9196
- C:\Windows\System\pHBspZn.exe
  C:\Windows\System\pHBspZn.exe
  2⤵
  PID:8076
- C:\Windows\System\mlVZztr.exe
  C:\Windows\System\mlVZztr.exe
  2⤵
  PID:8392
- C:\Windows\System\HNoTZzy.exe
  C:\Windows\System\HNoTZzy.exe
  2⤵
  PID:8144
- C:\Windows\System\hjktviY.exe
  C:\Windows\System\hjktviY.exe
  2⤵
  PID:7196
- C:\Windows\System\HXLEJmp.exe
  C:\Windows\System\HXLEJmp.exe
  2⤵
  PID:7672
- C:\Windows\System\ZRWVoMx.exe
  C:\Windows\System\ZRWVoMx.exe
  2⤵
  PID:8372
- C:\Windows\System\oWEePwA.exe
  C:\Windows\System\oWEePwA.exe
  2⤵
  PID:8044
- C:\Windows\System\cJbIPgI.exe
  C:\Windows\System\cJbIPgI.exe
  2⤵
  PID:8048
- C:\Windows\System\MotmAEz.exe
  C:\Windows\System\MotmAEz.exe
  2⤵
  PID:8472
- C:\Windows\System\BbKUteq.exe
  C:\Windows\System\BbKUteq.exe
  2⤵
  PID:8648
- C:\Windows\System\wYiFADb.exe
  C:\Windows\System\wYiFADb.exe
  2⤵
  PID:8784
- C:\Windows\System\YqIErqe.exe
  C:\Windows\System\YqIErqe.exe
  2⤵
  PID:8768
- C:\Windows\System\hqfLkZE.exe
  C:\Windows\System\hqfLkZE.exe
  2⤵
  PID:8460
- C:\Windows\System\Fqpiyzf.exe
  C:\Windows\System\Fqpiyzf.exe
  2⤵
  PID:8712
- C:\Windows\System\svHrByQ.exe
  C:\Windows\System\svHrByQ.exe
  2⤵
  PID:8584
- C:\Windows\System\SHWJbry.exe
  C:\Windows\System\SHWJbry.exe
  2⤵
  PID:8728
- C:\Windows\System\QYxDwJG.exe
  C:\Windows\System\QYxDwJG.exe
  2⤵
  PID:8864
- C:\Windows\System\GzGaXUE.exe
  C:\Windows\System\GzGaXUE.exe
  2⤵
  PID:8988
- C:\Windows\System\ueDudJd.exe
  C:\Windows\System\ueDudJd.exe
  2⤵
  PID:9056
- C:\Windows\System\UEmjFKr.exe
  C:\Windows\System\UEmjFKr.exe
  2⤵
  PID:8292
- C:\Windows\System\aBJiNFH.exe
  C:\Windows\System\aBJiNFH.exe
  2⤵
  PID:8424
- C:\Windows\System\VONNWHB.exe
  C:\Windows\System\VONNWHB.exe
  2⤵
  PID:9116
- C:\Windows\System\WCmZKOU.exe
  C:\Windows\System\WCmZKOU.exe
  2⤵
  PID:7772
- C:\Windows\System\ExknwIm.exe
  C:\Windows\System\ExknwIm.exe
  2⤵
  PID:8264
- C:\Windows\System\WfBUadL.exe
  C:\Windows\System\WfBUadL.exe
  2⤵
  PID:8212
- C:\Windows\System\vrjgMvb.exe
  C:\Windows\System\vrjgMvb.exe
  2⤵
  PID:8908
- C:\Windows\System\JVITWYO.exe
  C:\Windows\System\JVITWYO.exe
  2⤵
  PID:8604
- C:\Windows\System\kBlpspx.exe
  C:\Windows\System\kBlpspx.exe
  2⤵
  PID:9004
- C:\Windows\System\XZQovXi.exe
  C:\Windows\System\XZQovXi.exe
  2⤵
  PID:9168
- C:\Windows\System\YEnxCGH.exe
  C:\Windows\System\YEnxCGH.exe
  2⤵
  PID:8928
- C:\Windows\System\HGuFctc.exe
  C:\Windows\System\HGuFctc.exe
  2⤵
  PID:9136
- C:\Windows\System\lEfMZEJ.exe
  C:\Windows\System\lEfMZEJ.exe
  2⤵
  PID:8568
- C:\Windows\System\UCOZmyb.exe
  C:\Windows\System\UCOZmyb.exe
  2⤵
  PID:8796
- C:\Windows\System\tQSTgOG.exe
  C:\Windows\System\tQSTgOG.exe
  2⤵
  PID:7948
- C:\Windows\System\gtjtyKo.exe
  C:\Windows\System\gtjtyKo.exe
  2⤵
  PID:7572
- C:\Windows\System\FihtOXI.exe
  C:\Windows\System\FihtOXI.exe
  2⤵
  PID:8636
- C:\Windows\System\UhjhJch.exe
  C:\Windows\System\UhjhJch.exe
  2⤵
  PID:8800
- C:\Windows\System\ZnsCujx.exe
  C:\Windows\System\ZnsCujx.exe
  2⤵
  PID:8476
- C:\Windows\System\CaKqiLI.exe
  C:\Windows\System\CaKqiLI.exe
  2⤵
  PID:8312
- C:\Windows\System\urkYSEb.exe
  C:\Windows\System\urkYSEb.exe
  2⤵
  PID:8388
- C:\Windows\System\nAqDtqf.exe
  C:\Windows\System\nAqDtqf.exe
  2⤵
  PID:9232
- C:\Windows\System\HNEwDJl.exe
  C:\Windows\System\HNEwDJl.exe
  2⤵
  PID:9248
- C:\Windows\System\vRGXzSf.exe
  C:\Windows\System\vRGXzSf.exe
  2⤵
  PID:9264
- C:\Windows\System\lZydWku.exe
  C:\Windows\System\lZydWku.exe
  2⤵
  PID:9280
- C:\Windows\System\SPqPlIu.exe
  C:\Windows\System\SPqPlIu.exe
  2⤵
  PID:9296
- C:\Windows\System\BZRPwTD.exe
  C:\Windows\System\BZRPwTD.exe
  2⤵
  PID:9312
- C:\Windows\System\WhzvmsU.exe
  C:\Windows\System\WhzvmsU.exe
  2⤵
  PID:9328
- C:\Windows\System\ldoDkqD.exe
  C:\Windows\System\ldoDkqD.exe
  2⤵
  PID:9344
- C:\Windows\System\DyWfdjR.exe
  C:\Windows\System\DyWfdjR.exe
  2⤵
  PID:9360
- C:\Windows\System\KglnosH.exe
  C:\Windows\System\KglnosH.exe
  2⤵
  PID:9376
- C:\Windows\System\uBIcJyE.exe
  C:\Windows\System\uBIcJyE.exe
  2⤵
  PID:9392
- C:\Windows\System\xQermjc.exe
  C:\Windows\System\xQermjc.exe
  2⤵
  PID:9408
- C:\Windows\System\ZqcZfxw.exe
  C:\Windows\System\ZqcZfxw.exe
  2⤵
  PID:9424
- C:\Windows\System\JKyxjiG.exe
  C:\Windows\System\JKyxjiG.exe
  2⤵
  PID:9444
- C:\Windows\System\HhfLLbh.exe
  C:\Windows\System\HhfLLbh.exe
  2⤵
  PID:9464
- C:\Windows\System\DprSKtC.exe
  C:\Windows\System\DprSKtC.exe
  2⤵
  PID:9480
- C:\Windows\System\xvdPsaC.exe
  C:\Windows\System\xvdPsaC.exe
  2⤵
  PID:9496
- C:\Windows\System\oOSAuma.exe
  C:\Windows\System\oOSAuma.exe
  2⤵
  PID:9512
- C:\Windows\System\LmNGfXx.exe
  C:\Windows\System\LmNGfXx.exe
  2⤵
  PID:9528
- C:\Windows\System\tYEirbJ.exe
  C:\Windows\System\tYEirbJ.exe
  2⤵
  PID:9544
- C:\Windows\System\qdrGEnP.exe
  C:\Windows\System\qdrGEnP.exe
  2⤵
  PID:9560
- C:\Windows\System\FQsEBKO.exe
  C:\Windows\System\FQsEBKO.exe
  2⤵
  PID:9576
- C:\Windows\System\kqBqjQm.exe
  C:\Windows\System\kqBqjQm.exe
  2⤵
  PID:9592
- C:\Windows\System\GWfUIzO.exe
  C:\Windows\System\GWfUIzO.exe
  2⤵
  PID:9608
- C:\Windows\System\uZuJjNP.exe
  C:\Windows\System\uZuJjNP.exe
  2⤵
  PID:9624
- C:\Windows\System\nEmhElA.exe
  C:\Windows\System\nEmhElA.exe
  2⤵
  PID:9640
- C:\Windows\System\cFkMKzt.exe
  C:\Windows\System\cFkMKzt.exe
  2⤵
  PID:9656
- C:\Windows\System\sDRaVIP.exe
  C:\Windows\System\sDRaVIP.exe
  2⤵
  PID:9672
- C:\Windows\System\IwYpEhH.exe
  C:\Windows\System\IwYpEhH.exe
  2⤵
  PID:9688
- C:\Windows\System\sonnCXC.exe
  C:\Windows\System\sonnCXC.exe
  2⤵
  PID:9704
- C:\Windows\System\lNsePHv.exe
  C:\Windows\System\lNsePHv.exe
  2⤵
  PID:9720
- C:\Windows\System\sGayPTo.exe
  C:\Windows\System\sGayPTo.exe
  2⤵
  PID:9736
- C:\Windows\System\OHFvKhn.exe
  C:\Windows\System\OHFvKhn.exe
  2⤵
  PID:9752
- C:\Windows\System\XIfwrIW.exe
  C:\Windows\System\XIfwrIW.exe
  2⤵
  PID:9768
- C:\Windows\System\LSJYOlD.exe
  C:\Windows\System\LSJYOlD.exe
  2⤵
  PID:9784
- C:\Windows\System\OycmJcP.exe
  C:\Windows\System\OycmJcP.exe
  2⤵
  PID:9800
- C:\Windows\System\IIxOIwl.exe
  C:\Windows\System\IIxOIwl.exe
  2⤵
  PID:9816
- C:\Windows\System\zZmeDZn.exe
  C:\Windows\System\zZmeDZn.exe
  2⤵
  PID:9832
- C:\Windows\System\WwLGFFQ.exe
  C:\Windows\System\WwLGFFQ.exe
  2⤵
  PID:9848
- C:\Windows\System\VtfLbvN.exe
  C:\Windows\System\VtfLbvN.exe
  2⤵
  PID:9864
- C:\Windows\System\DBMppqR.exe
  C:\Windows\System\DBMppqR.exe
  2⤵
  PID:9880
- C:\Windows\System\mSdxfjL.exe
  C:\Windows\System\mSdxfjL.exe
  2⤵
  PID:9896
- C:\Windows\System\XmeBOwc.exe
  C:\Windows\System\XmeBOwc.exe
  2⤵
  PID:9912
- C:\Windows\System\rnjhcOn.exe
  C:\Windows\System\rnjhcOn.exe
  2⤵
  PID:9928
- C:\Windows\System\hpvuuLK.exe
  C:\Windows\System\hpvuuLK.exe
  2⤵
  PID:9944
- C:\Windows\System\pSCmRxv.exe
  C:\Windows\System\pSCmRxv.exe
  2⤵
  PID:9960
- C:\Windows\System\BpHHrLs.exe
  C:\Windows\System\BpHHrLs.exe
  2⤵
  PID:9976
- C:\Windows\System\WoEOLgg.exe
  C:\Windows\System\WoEOLgg.exe
  2⤵
  PID:9992
- C:\Windows\System\BdGCzGR.exe
  C:\Windows\System\BdGCzGR.exe
  2⤵
  PID:10008
- C:\Windows\System\GMpuoLQ.exe
  C:\Windows\System\GMpuoLQ.exe
  2⤵
  PID:10024
- C:\Windows\System\SNLBGij.exe
  C:\Windows\System\SNLBGij.exe
  2⤵
  PID:10040
- C:\Windows\System\wdadARk.exe
  C:\Windows\System\wdadARk.exe
  2⤵
  PID:10056
- C:\Windows\System\typMlMj.exe
  C:\Windows\System\typMlMj.exe
  2⤵
  PID:10072
- C:\Windows\System\FPLELfz.exe
  C:\Windows\System\FPLELfz.exe
  2⤵
  PID:10088
- C:\Windows\System\PAnzyYH.exe
  C:\Windows\System\PAnzyYH.exe
  2⤵
  PID:10104
- C:\Windows\System\HJqvoxv.exe
  C:\Windows\System\HJqvoxv.exe
  2⤵
  PID:10124
- C:\Windows\System\kQufQPq.exe
  C:\Windows\System\kQufQPq.exe
  2⤵
  PID:10140
- C:\Windows\System\hyRXpbi.exe
  C:\Windows\System\hyRXpbi.exe
  2⤵
  PID:10156
- C:\Windows\System\zvTVFqJ.exe
  C:\Windows\System\zvTVFqJ.exe
  2⤵
  PID:10192
- C:\Windows\System\mWTzIOW.exe
  C:\Windows\System\mWTzIOW.exe
  2⤵
  PID:10228
- C:\Windows\System\anjUidn.exe
  C:\Windows\System\anjUidn.exe
  2⤵
  PID:8508
- C:\Windows\System\UPDsQjF.exe
  C:\Windows\System\UPDsQjF.exe
  2⤵
  PID:9052
- C:\Windows\System\RrGnYQT.exe
  C:\Windows\System\RrGnYQT.exe
  2⤵
  PID:9272
- C:\Windows\System\DnEgZeM.exe
  C:\Windows\System\DnEgZeM.exe
  2⤵
  PID:9260
- C:\Windows\System\PCiIXid.exe
  C:\Windows\System\PCiIXid.exe
  2⤵
  PID:9288
- C:\Windows\System\iIImuGR.exe
  C:\Windows\System\iIImuGR.exe
  2⤵
  PID:9368
- C:\Windows\System\HIDLaiL.exe
  C:\Windows\System\HIDLaiL.exe
  2⤵
  PID:9404
- C:\Windows\System\MfKBxBU.exe
  C:\Windows\System\MfKBxBU.exe
  2⤵
  PID:9324
- C:\Windows\System\HwBrZXd.exe
  C:\Windows\System\HwBrZXd.exe
  2⤵
  PID:9384
- C:\Windows\System\ZyfqfIs.exe
  C:\Windows\System\ZyfqfIs.exe
  2⤵
  PID:9460
- C:\Windows\System\iqjStse.exe
  C:\Windows\System\iqjStse.exe
  2⤵
  PID:9540
- C:\Windows\System\gjjqxTB.exe
  C:\Windows\System\gjjqxTB.exe
  2⤵
  PID:9556
- C:\Windows\System\mjsOLyH.exe
  C:\Windows\System\mjsOLyH.exe
  2⤵
  PID:9600
- C:\Windows\System\VwRyUgR.exe
  C:\Windows\System\VwRyUgR.exe
  2⤵
  PID:9604
- C:\Windows\System\pIsiUNY.exe
  C:\Windows\System\pIsiUNY.exe
  2⤵
  PID:9668
- C:\Windows\System\CuwFkHS.exe
  C:\Windows\System\CuwFkHS.exe
  2⤵
  PID:9760
- C:\Windows\System\FfZfWdT.exe
  C:\Windows\System\FfZfWdT.exe
  2⤵
  PID:9824
- C:\Windows\System\JrlSvXU.exe
  C:\Windows\System\JrlSvXU.exe
  2⤵
  PID:9780
- C:\Windows\System\DOgniSS.exe
  C:\Windows\System\DOgniSS.exe
  2⤵
  PID:9840
- C:\Windows\System\vWErjkA.exe
  C:\Windows\System\vWErjkA.exe
  2⤵
  PID:9812
- C:\Windows\System\PIbonDp.exe
  C:\Windows\System\PIbonDp.exe
  2⤵
  PID:9716
- C:\Windows\System\FxjUHtj.exe
  C:\Windows\System\FxjUHtj.exe
  2⤵
  PID:9892
- C:\Windows\System\buydrOp.exe
  C:\Windows\System\buydrOp.exe
  2⤵
  PID:9872
- C:\Windows\System\qOtUleA.exe
  C:\Windows\System\qOtUleA.exe
  2⤵
  PID:9844
- C:\Windows\System\UJOvZBW.exe
  C:\Windows\System\UJOvZBW.exe
  2⤵
  PID:9968
- C:\Windows\System\IdceVCq.exe
  C:\Windows\System\IdceVCq.exe
  2⤵
  PID:10016
- C:\Windows\System\OnLsxPz.exe
  C:\Windows\System\OnLsxPz.exe
  2⤵
  PID:10000
- C:\Windows\System\sMMBpSH.exe
  C:\Windows\System\sMMBpSH.exe
  2⤵
  PID:10032
- C:\Windows\System\zTgrevl.exe
  C:\Windows\System\zTgrevl.exe
  2⤵
  PID:10112
- C:\Windows\System\aqiZVya.exe
  C:\Windows\System\aqiZVya.exe
  2⤵
  PID:10096
- C:\Windows\System\extLAWf.exe
  C:\Windows\System\extLAWf.exe
  2⤵
  PID:10164
- C:\Windows\System\YfJPKTf.exe
  C:\Windows\System\YfJPKTf.exe
  2⤵
  PID:10176
- C:\Windows\System\vPwOztF.exe
  C:\Windows\System\vPwOztF.exe
  2⤵
  PID:10220
- C:\Windows\System\ywcetVC.exe
  C:\Windows\System\ywcetVC.exe
  2⤵
  PID:10204
- C:\Windows\System\BvfWymX.exe
  C:\Windows\System\BvfWymX.exe
  2⤵
  PID:8196
- C:\Windows\System\jcaiRti.exe
  C:\Windows\System\jcaiRti.exe
  2⤵
  PID:9304
- C:\Windows\System\PsVOuVq.exe
  C:\Windows\System\PsVOuVq.exe
  2⤵
  PID:9476
- C:\Windows\System\bhTENbj.exe
  C:\Windows\System\bhTENbj.exe
  2⤵
  PID:9340
- C:\Windows\System\WOBNaGG.exe
  C:\Windows\System\WOBNaGG.exe
  2⤵
  PID:9352
- C:\Windows\System\WyfVnih.exe
  C:\Windows\System\WyfVnih.exe
  2⤵
  PID:9256
- C:\Windows\System\IMpGsha.exe
  C:\Windows\System\IMpGsha.exe
  2⤵
  PID:9520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BPmSuNM.exe

Filesize
6.0MB

MD5
215bc1bba3a5c1d73a285bd31ab6e383

SHA1
bf99623249b64a37e1a7a516fda7a601af1fb99a

SHA256
cf0cc3204ac5c16a3bfa14864e51de6e124ff94ec37f13b410f0fb02875c8184

SHA512
2b5477985a3cbd938d54efb74e1dcc765af1794fc9fa4bf19b7f9221f763c5f83826139e24d1014436db131e126ca665fdce71d92313648b83ff38af40fc956a

Download Submit
C:\Windows\system\BrLdeAz.exe

Filesize
6.0MB

MD5
5c78999eaaf217658426f512c59cf56b

SHA1
5504d4d7cda6dc9ec0a78d5f7e44845b4ee76a78

SHA256
7c04e8494a3ede54eadad371693e465b89cfceacd8c056ae51251abe008a05ef

SHA512
557ecfa35ec293857d11c40a87e3877e9cbe68f94620c2505e3d7ecd7467bf0b09feba646f8f4c8bf5939a93fa3964751628abe6589fbb371d94c504f0d818b0

Download Submit
C:\Windows\system\CllZvbS.exe

Filesize
6.0MB

MD5
b272e2b0981534db0f2c5af9f25a7146

SHA1
948db3c7ce04cc7f77b529d3bd1744eac2d86d24

SHA256
d1eaaf5a5d0fff2490c3182da30767b00ae5868917382087cdaee55b78a08995

SHA512
9fae96a62808cc0dcc53e2d5b555a728687a29605ed774151502b62bc568a8d4e2eca21d78609c51e4bf8d1bd31d0572f86c47e420280c2be70d2090fd84f27c

Download Submit
C:\Windows\system\ENwuEgj.exe

Filesize
6.0MB

MD5
3b490b16bc1c889833620d06eda19e0a

SHA1
b3c888d79166dd26fb730b4c1c65354c2939aec0

SHA256
4e659f99648b3bdda774c5607ad7c3b1155fe4491ec7cb53e0c74d765541ea7f

SHA512
08b94d24ef3304206225368bfe6aec7c2124aa533f1152aa3b42f22f02bc851962f8574689f1be100371c08a0499eda7458ac11287d30de0f244055c52ce5c96

Download Submit
C:\Windows\system\GjQmfMU.exe

Filesize
6.0MB

MD5
f7c0468d61c26517b59c82dde5917a46

SHA1
a41290681ce27c6f9f5b49bdd5dfa6e25548b9b9

SHA256
5b32324e78a7146ad671db39321af457855ece1685b806c150f8e011a3a316d1

SHA512
4b5e8b4a81c0d1e1e79f0f47884b2e8efd45f67894c407a9aebd922e49601b7bf7d1d91e7f04bbb3179c98c3a03791bcd40b142752ccbd375a3fc7d67de79001

Download Submit
C:\Windows\system\HoEMqtl.exe

Filesize
6.0MB

MD5
43da3e2d54201ed203e0e0771bd3c22b

SHA1
f07c354c56267e172d0b77adcdaf430e9f68eb21

SHA256
6b5dc7bb2b80383b0d802442facd71d9d78d56dfd9007596cfacd7ad67ae332a

SHA512
dd0c9f3c1223d2bea789f20e2d7fb7dd0f8142d8f89bbbdebccc351731d8221d2a9a083043e6be28c0fb0f28028d282a6a40122d754846943e0e8a762a2475c4

Download Submit
C:\Windows\system\JBNZGYl.exe

Filesize
6.0MB

MD5
a61ba7f3a238577863f93af71c878ad2

SHA1
d34232ebabcfcd7451b88b5d8a1f67f280813c1e

SHA256
b07640f761e990ff27e98fd0ce1191b8b8b625a21961d0eed73681d5f01b7ec7

SHA512
97ed0cc00408f9edcec0e728caefabef136e9922477793f8fda14556ccf666dce69d8d3cc9f7eeb7a74cb25bf8f9503f52cc82a380c2c536c32fe94d8c247ceb

Download Submit
C:\Windows\system\KEoGuHV.exe

Filesize
6.0MB

MD5
248a0f19f1299a29e62dc791a9e28c47

SHA1
7bbd8fd5cd87ee61f9ac0707cbf55d1de639a49a

SHA256
c3403ba7886d2bae456fbabcf83ef7e79c15118f967bd60a8a4363474ed377a7

SHA512
01f62079cadc2b3a17ced7e7782390d70fb1868d54ef9fae01a70f6b682f50c46166d6a9cc62ff4e840a64941b82ea2946fb2ad2dd00a62fe6937312cb9735d2

Download Submit
C:\Windows\system\ONUMAob.exe

Filesize
6.0MB

MD5
cc93c55abc720bd2672621387868bdf6

SHA1
6bd8f3f1fd922e15e4338062c21fcaf8f6a582da

SHA256
cf4129d5b4801a4a9ba50939e4a34f81160f333842116d9d82217f3116c25373

SHA512
54968bceb92e060884489f79578d2ad117f66ed5a15c96176c916c1d76f1b68723e0ca72352ba43b8a78618a5b3887530c8382a52780443ca31222f67d6b309e

Download Submit
C:\Windows\system\PWkIkCk.exe

Filesize
6.0MB

MD5
fe41b8bb7cc26137ab887e595cdecb92

SHA1
6942d88037a9b38f248853478fd57fa6a479b356

SHA256
e704918bc395ceb9c8e47bb69b8f2fe8237ae7586893a176317d2ba13d9e3239

SHA512
4a0025216a92340ae3b41d7372fc61565df966cf69acd15ae3813bb5ffc476d7c60b1dc0cd9ce58da5c48329a473837849b226327b63ad0e878a7c5c023a252e

Download Submit
C:\Windows\system\RqIeYKl.exe

Filesize
6.0MB

MD5
fe60eb54f5c69bf0ff3d60b9171ac245

SHA1
b2aa5d7d059a130e225cf02a083472ecc99f3605

SHA256
76ec4a9eb92c8fae35d483353f08dcb91c6fa4014ddb35553b743cfecf68f868

SHA512
e7e42a8f4eb7f163407c6da1a655c7883957ab751626ad210af33bb08d14cfdc66f9819d0a3a3eef03d77146b6dcc5d01c5ee80478710c301d09f4e53fe4bcfe

Download Submit
C:\Windows\system\SqLUKbL.exe

Filesize
6.0MB

MD5
911ffefb3d747a11b548ee287a11ad48

SHA1
faed1fe428e59d35807192a0df88db701f816215

SHA256
6bd19af8b56f248a55ad8b1dad509e95b67d42ad96113f20c9ed7e1baa281daa

SHA512
ff98d7a8145d570d6548ebaa20e72b845dd85a4a76b90361dc6e413b6cc08b67fe86d537974addae515a1c022c118386cf60fd92bf72d80df022fe20f817a09a

Download Submit
C:\Windows\system\UAzKknR.exe

Filesize
6.0MB

MD5
0d6eb9e66ad167de47ecabf1b6d783a1

SHA1
79e96c48cf2873cf698ec6db6e71cac2775c16a8

SHA256
56933efff13165ca76486fcd56a081ec8286a7e85d406c12ea6613469941250b

SHA512
d793de242dd7caa2f0bddc8cdc5cffb6ae60b33d4b451bc3387266b792ae0e03eb0ba3e9fe5f4e2155cb0946a4451bca560671c19f4beb41745222f80bef7f57

Download Submit
C:\Windows\system\UaSEUQU.exe

Filesize
6.0MB

MD5
f9acd1108f81993aa161165d6d9f0404

SHA1
ce9a4d061346a1912397b304735e51a6ef67266d

SHA256
26db4b63eace11ef37d9a74d79317f7252ba4332f7805aa7926268741306a463

SHA512
0730aaaaca3de5b6b40787b370383c108136b5800bac287ea05934901cdf02b6b0d40f2816971c3cd4cd64d591804ab00bdfd4749088e4f169c62d2bef89e097

Download Submit
C:\Windows\system\UriHHHX.exe

Filesize
6.0MB

MD5
bc0bdac405c176d8dbaf4d7c55cdc9c5

SHA1
d293509156f96d40992ad49aa652fbfffd76988b

SHA256
6ce69e5c839c7b27ca5ea94d1f8504bbe907c06634a0d60aeb6282970a182bfe

SHA512
d05387a49f40519ab41ce2ba11d62c3a808a1e73e786e441336f99988cebd61bd9fd498821a46c92406e331b0e8fc0376e6d77922baa34367a9d17d61e8d66db

Download Submit
C:\Windows\system\VBIOHll.exe

Filesize
6.0MB

MD5
8090f0c200efca0fab22b1c65d239c5a

SHA1
d08f33876a46ccb30b18324c079610aba0d0f688

SHA256
a95714158ef64927dddd93044fb2f46f639a861d8dbaa50b57d662f57cea496c

SHA512
c1d60c29b23d676dc4159e0e5716ae6f1dd17e38b1fd47934724c6fda95b148a65f10c42ff0234deeeca04f76577edbbd43092f756e9e0d0f6985bcbd249f786

Download Submit
C:\Windows\system\WqyLane.exe

Filesize
6.0MB

MD5
dca467588a344adaff4edddcc9eabe02

SHA1
030132c241dfbbdaf99f6bf9b748302284e8c032

SHA256
e2a1409c90ab5efd010397cfa8e6ab31f0fd1f8c46944ca41a5212baf459cb13

SHA512
a0d1527f3de7fe78781c13c48af1803bafab295837d6038cef099e5d4beba1e3d8dd255857373838c1297e53e1cc0a392270dd7de0a898e7d871ec9f9a552f9f

Download Submit
C:\Windows\system\eGJGJHE.exe

Filesize
6.0MB

MD5
b268e139d5006b45a8db2917fc7cf388

SHA1
8d7046ef427d34db9dc9c9202d8d48ad02641c6d

SHA256
c17cfa575659be0ed8622389b7e15f0473fb7e14f376c3f1f19115c61d313698

SHA512
0866b561be8d130e25108a50be834c5189683f816bbb8519401a0b1d984d04319a8df752cd9f8ec35d2ea299d9a3edb65f6213bb4970b92be67a05deab4bece2

Download Submit
C:\Windows\system\eIqeDzD.exe

Filesize
6.0MB

MD5
0e0f23152241817ebf46d9314d542f5e

SHA1
f0380ff2768de3942968887fb99812853f8ace88

SHA256
0a68ae016d5ef28a297201692c6f95a24086fcf3340c95217af86f89663ec9bb

SHA512
facbc51e03143492b7bd34c0a768c65db8f8b0e0b57ff1a3ce493dacd46a1f669660e4701222916645c1ea0602623204e8afee60c8cddd95ab82abe75af5e4a7

Download Submit
C:\Windows\system\gxfYvSG.exe

Filesize
6.0MB

MD5
ea0a017ccc910a743adac119324eea8f

SHA1
4194b6951bed22dd8d9da2841c76296a0b0e5be1

SHA256
4e5b8dca18329e0a0ee1208d68e0d6a03eca4c016ac52a2d1f29a3caf410eb47

SHA512
6064d07e5c6f8bee6c6f76dbb78d14fffb2ca803017b92dcf9bf0873a578d16801062aeb6b0d38cd1e037d63f6cb5a4386254241a0401e68be9a7486c619fc8c

Download Submit
C:\Windows\system\lVStzzA.exe

Filesize
6.0MB

MD5
0fa6d22fa7f53c1287c09690fcb3629a

SHA1
22b20f14aa500fc77c025e36e1c56661d5b1d5cc

SHA256
5da9d3d55df716b89c9e330ba6a1a11051776bd340bfee480e552b520812a25a

SHA512
c3e62706484bf39c9e1092456c5667e66f683e022afd4078c1aa3db107ae3773f9781c1a6c2a3fe064dde7d0eac696d8bb2148450dfc4fc6d5f6455636a5a89b

Download Submit
C:\Windows\system\moYeTbv.exe

Filesize
6.0MB

MD5
def5efce0ea1b3b177c201c3c8cfe218

SHA1
d448024903ab5f3a43a4089077dad5551473580a

SHA256
4a28f7edb59ceea1e623402f4de551bc67c7d198b55b9d9d8e558c76d3d4814f

SHA512
1b9197c25c106b1a608c624d9b1014702c2553738156bd8c92fb602c647f1915bdc7c3742a8e93446a1dbd12a684fa779c0ce48e6293ceb9d4bd43a717b29220

Download Submit
C:\Windows\system\oIvNtzL.exe

Filesize
6.0MB

MD5
baf3d5c0fd2577f07b199f5ee85fe492

SHA1
6cc7c1af07b069d87f72984464d80b14d6e5ac84

SHA256
087c059d1c6d48ab744e1787ff8854ec9945020fe9187c380d80239abb6743c7

SHA512
2e9aff3912bf9147d009f537787ec61da5c9375f061c7559c04526a444b59100fbd541f162cedc69ec039bcc1c1708e6aae1b083ca7ff68caa5e8048a422dd92

Download Submit
C:\Windows\system\oZyVckI.exe

Filesize
6.0MB

MD5
1dc7a74e95864e9628df528d3ebb65e7

SHA1
15f748d9ca52c5374c254bb9f798dd0ae7496091

SHA256
ca3314c371fdbcdbcdd00030ccf4c14d7e018f0157c2339bc89856ea3f8c065e

SHA512
24c11269b9db29b1b4b0975cefa505dbb10c79e5a7f1b086f762e63044acb767c7bfe612d4d66435dbb2e2195c8f2ca91e729c044091d42112f2338b95e02c2a

Download Submit
C:\Windows\system\rQgKDye.exe

Filesize
6.0MB

MD5
38378e5287438f505f87e24369cfecd3

SHA1
8789c1b081fd4ad78b4edb5094c5f2f7374556fa

SHA256
072434e59b508c26b4313753e94e3bb3e4f5a58239ee4e2c87ea12aeddf01898

SHA512
2288fd239be6353fa81af277fb414d6413803d3fd2526870bbdf716c63ceb1921ffb741393c563a1fa7c5c5be5cf985817eeb1f5a5f49fa76b05ebec422a2a0b

Download Submit
C:\Windows\system\sqZHqaz.exe

Filesize
6.0MB

MD5
0736bf507724544fe26f881c3b87837c

SHA1
362ab36c00822d20344021d186c4a0ae0ef1e2ec

SHA256
e866d60292da706ccd86c4f9de52605be954e5f6ebce14c86eefd1b420b9df74

SHA512
70cda2c6269da0caad21cdf78b9aa47cbfb2fdf8816f2647b3eb303c30b95af7c86b93744845017a00353877a5259db10067dbda2c2d5d0c668a3351f08965e0

Download Submit
C:\Windows\system\vBnAXJi.exe

Filesize
6.0MB

MD5
43e97ecb18bd8e5325b3c18f20fb0580

SHA1
36a6cc9911053352d1b93a0d3671c090dcc62220

SHA256
3ebdd2094f789d336807f17fbe24d22693bc5222e7641de8373d44e487f7ea5d

SHA512
d35b62e338d59d3b7a3966a8ddf0afee827a063fac1484878ce3fef7888a726b03d051879934cacee44c10ef06293b923fa0b6e32269ab62b59e56174f2aab0e

Download Submit
\Windows\system\DggaQms.exe

Filesize
6.0MB

MD5
0bd22c95a2e6b6f4844223a15a112ef8

SHA1
f2cdf6c332fbe66b65df27fbd0bf46f38636d51b

SHA256
1de23fde3124ec00a58ce9f089847f5d6681bea082685c2cacc8715ea0176457

SHA512
fdded3f3b3d1c510228bd5b7ed423a12b44a5456f3abca04a435016ad3b0b6f81b92fcdbda46177cd977749ea81198626b17f188dd01da9e5ae626b0b44934af

Download Submit
\Windows\system\dacXpRY.exe

Filesize
6.0MB

MD5
4e2534f5bf2d046bf889f958a78ab04c

SHA1
b85747ff7a97dc553908921648f2a55a1a75b93a

SHA256
caa021a61ba1decc2d185949ce2e5d1e97da70f902b1ed69bd0f16d42308da1d

SHA512
a1a9a68d8bd1ce5c207bacdca2e212e2a6110d37934e442191d760506a24b30b0dfc666e9e4f297f96b5bdc748f55bc55310fbd2ddfaebbb0fd9ed20ccaaf23e

Download Submit
\Windows\system\hVCDrYs.exe

Filesize
6.0MB

MD5
75199b468e8953a3a4e44e3fbc5528b1

SHA1
cad252040c1639e88af4389bcb3bf6849f69a0f7

SHA256
097fc1c9bcade65ac2f5c91a85648faa2c5e62c00228cb06ba6069e67189515e

SHA512
f6c226a93168eca9092fbc6c766adfe3114839059af9c4c095f6f8c848c200a589a13fca31fd3ef98e83218d826017d519a3a35afeb9bf680633e5688d1c0015

Download Submit
\Windows\system\ifcuMJa.exe

Filesize
6.0MB

MD5
ff659f2333891be2556f2c005a36aecc

SHA1
aed8707238c69db7db5a9ac14108199ea33f6e7b

SHA256
c87c30d284b643eb05ab21677ab076f7ac23c8bf02e9fc885022617934be4572

SHA512
5e1d4adceccc1eead26cf9517922ea9ab9094199fb5824e29ec1ef87191132b8f72ab5bbd3ab5a84343a5d80299df2889ed5bdcdb18918630ae171ee54cadb53

Download Submit
\Windows\system\jePSBTj.exe

Filesize
6.0MB

MD5
2e18bcd3544daf1da71ee8e9b87cc846

SHA1
21539dccc78f921dfc33e40d2a483d2df6fc171d

SHA256
1c8ea3899d2df91c65e574c741cfc0c3567abcf0fd0298650a636185a93fc4c9

SHA512
a31f8a07ef929b629e23f7a2343e7f0bc09527f9fabb1c88fd4dd60856e64f24fe872c765d678b9ec1d1463294cd79e2c5398f52a296a438d2c41645d85df224

Download Submit
\Windows\system\nPozQhZ.exe

Filesize
6.0MB

MD5
c8df2b3292698b13eaa68221d9dde08f

SHA1
a38e0c496ca0695c4ba8fa2e8f6ae93e75fc3edc

SHA256
f0eb43e30462b5fef9fef69ffc64dbabf0d1f813f2ef1ab68626aff301b7b91e

SHA512
87aab611ba39994958e452b39470672461063d48d76ef11e532301855cf0f526b4b2e95d662be2ffea19c38db0f4d5ac059c8fe6f82c14ecd64faaea428bb8fa

Download Submit
memory/1412-3897-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1412-2125-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1908-3907-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-2255-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-3898-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-3900-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2572-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2572-2175-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2126-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2075-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2572-4076-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2572-0-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2572-3986-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3896-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3894-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3906-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3902-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3893-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2800-2174-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3895-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3905-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3901-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-3961-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2908-3980-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download