cobaltstrike | d497c1a965fcfc2ec14b582ed9ba2c4d052d072d22583572d777c567cb37f289

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16/02/2025, 23:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

f915199b1c7813d3bf1f510549a363f7
SHA1

0fb8ec28d34cddce66191c4cfcc5af9cba2fd982
SHA256

d497c1a965fcfc2ec14b582ed9ba2c4d052d072d22583572d777c567cb37f289
SHA512

d321da1ba26337f204bf214ba414df6de054c27b0056463cbf8e2d7d75cf4f46f5ef56130cb99e217548ce4a4388750430c83d595ac303f4fa1279f4a9061bd4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU6:T+q56utgpPF8u/76

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000016d63-6.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000120f6-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d69-19.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d6d-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016de0-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dea-38.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016eb4-42.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019379-81.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193ac-93.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019456-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019467-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194fc-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019496-122.dat	cobalt_reflective_dll
behavioral1/files/0x0034000000016d3f-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942c-97.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-89.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939d-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a9-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019279-69.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926a-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-61.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-57.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-53.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019227-49.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017047-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dd9-29.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2816-0-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d63-6.dat	xmrig
behavioral1/memory/2140-12-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x00090000000120f6-10.dat	xmrig
behavioral1/memory/2892-15-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d69-19.dat	xmrig
behavioral1/files/0x0008000000016d6d-23.dat	xmrig
behavioral1/files/0x0007000000016de0-33.dat	xmrig
behavioral1/files/0x0007000000016dea-38.dat	xmrig
behavioral1/files/0x0008000000016eb4-42.dat	xmrig
behavioral1/files/0x0005000000019379-81.dat	xmrig
behavioral1/files/0x00050000000193ac-93.dat	xmrig
behavioral1/files/0x0005000000019438-101.dat	xmrig
behavioral1/files/0x0005000000019456-105.dat	xmrig
behavioral1/memory/2752-107-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001945c-111.dat	xmrig
behavioral1/files/0x0005000000019467-118.dat	xmrig
behavioral1/files/0x00050000000194fc-138.dat	xmrig
behavioral1/memory/2608-670-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2236-668-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2468-692-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2700-678-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/1944-720-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/1008-813-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/560-1734-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2816-1751-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2816-1750-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/memory/2124-1747-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2816-1727-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/1572-1725-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/1404-1718-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ef-134.dat	xmrig
behavioral1/files/0x00050000000194d0-130.dat	xmrig
behavioral1/files/0x00050000000194ad-126.dat	xmrig
behavioral1/files/0x0005000000019496-122.dat	xmrig
behavioral1/files/0x0034000000016d3f-114.dat	xmrig
behavioral1/files/0x000500000001942c-97.dat	xmrig
behavioral1/files/0x00050000000193a4-89.dat	xmrig
behavioral1/files/0x000500000001939d-85.dat	xmrig
behavioral1/files/0x00050000000192a9-77.dat	xmrig
behavioral1/files/0x0005000000019284-73.dat	xmrig
behavioral1/files/0x0005000000019279-69.dat	xmrig
behavioral1/files/0x000500000001926a-65.dat	xmrig
behavioral1/files/0x0005000000019261-61.dat	xmrig
behavioral1/files/0x000500000001925e-57.dat	xmrig
behavioral1/files/0x000500000001922c-53.dat	xmrig
behavioral1/files/0x0005000000019227-49.dat	xmrig
behavioral1/files/0x0008000000017047-45.dat	xmrig
behavioral1/files/0x0007000000016dd9-29.dat	xmrig
behavioral1/memory/1540-24-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2816-2475-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2140-2636-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2892-2673-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/1540-2737-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2752-2738-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2236-2826-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/1944-2843-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2816-2848-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2816-2858-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/memory/2816-2854-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2468-2836-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2700-2832-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2816-2831-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/memory/2892-3693-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2140	BxERPTj.exe
2892	tiAhgBn.exe
1540	yKhAxJS.exe
2752	oJEeRvV.exe
2236	tUAWjxe.exe
2608	UIMhsMA.exe
2700	TsIjcxT.exe
2468	eaDXxDy.exe
1944	uUrVvpX.exe
1008	VhvpElz.exe
1404	fTJLwYi.exe
1572	CzdPYgi.exe
560	VYrguSY.exe
2124	zkNDwQf.exe
2368	NVoRnZH.exe
2488	jzRDcBh.exe
2388	iHDviTo.exe
2976	ZjdFELW.exe
2924	ESfhrqj.exe
2936	vWbLvLA.exe
2920	HuDUOoz.exe
3000	uBhmAMB.exe
2764	OykheRB.exe
1584	mjTxRqG.exe
2280	NwBzNYO.exe
2196	HQDgltj.exe
2028	pYKGpZH.exe
2508	dtLnVho.exe
2240	sFEekNw.exe
1396	HvsGsKI.exe
672	owItWeu.exe
1480	ndsrLde.exe
1016	VipLZWj.exe
1588	fVgZVWT.exe
2224	YzmHdPR.exe
1728	rYwCTIP.exe
1928	NqYjSuG.exe
1900	hfAfrOi.exe
796	RuGlRlL.exe
1288	NDbHXcA.exe
2144	gYAuGqX.exe
1792	TpIFbDp.exe
2080	FvmTQaq.exe
1476	tcVvAYM.exe
992	AlXcOuO.exe
1708	EhSBBvn.exe
2456	zMwpuAF.exe
908	uZGcqci.exe
1576	RcVBybm.exe
2312	bCXZUpT.exe
980	owfweDo.exe
316	aSaUvdI.exe
2004	NpuUWNv.exe
776	asewdQI.exe
556	OMxjaqN.exe
1680	qglzeCi.exe
2484	eDEKyEU.exe
1964	zrpNYAX.exe
1888	IshLtPG.exe
900	zodNDJv.exe
888	kSyhjzA.exe
2788	RxdLpes.exe
2056	JOBEGFy.exe
2732	QTYWWhW.exe

Loads dropped DLL 64 IoCs

pid	Process
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2816-0-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/files/0x0008000000016d63-6.dat	upx
behavioral1/memory/2140-12-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x00090000000120f6-10.dat	upx
behavioral1/memory/2892-15-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x0007000000016d69-19.dat	upx
behavioral1/files/0x0008000000016d6d-23.dat	upx
behavioral1/files/0x0007000000016de0-33.dat	upx
behavioral1/files/0x0007000000016dea-38.dat	upx
behavioral1/files/0x0008000000016eb4-42.dat	upx
behavioral1/files/0x0005000000019379-81.dat	upx
behavioral1/files/0x00050000000193ac-93.dat	upx
behavioral1/files/0x0005000000019438-101.dat	upx
behavioral1/files/0x0005000000019456-105.dat	upx
behavioral1/memory/2752-107-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/files/0x000500000001945c-111.dat	upx
behavioral1/files/0x0005000000019467-118.dat	upx
behavioral1/files/0x00050000000194fc-138.dat	upx
behavioral1/memory/2608-670-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2236-668-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2468-692-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2700-678-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/1944-720-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/1008-813-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/560-1734-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2124-1747-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/1572-1725-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/1404-1718-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/files/0x00050000000194ef-134.dat	upx
behavioral1/files/0x00050000000194d0-130.dat	upx
behavioral1/files/0x00050000000194ad-126.dat	upx
behavioral1/files/0x0005000000019496-122.dat	upx
behavioral1/files/0x0034000000016d3f-114.dat	upx
behavioral1/files/0x000500000001942c-97.dat	upx
behavioral1/files/0x00050000000193a4-89.dat	upx
behavioral1/files/0x000500000001939d-85.dat	upx
behavioral1/files/0x00050000000192a9-77.dat	upx
behavioral1/files/0x0005000000019284-73.dat	upx
behavioral1/files/0x0005000000019279-69.dat	upx
behavioral1/files/0x000500000001926a-65.dat	upx
behavioral1/files/0x0005000000019261-61.dat	upx
behavioral1/files/0x000500000001925e-57.dat	upx
behavioral1/files/0x000500000001922c-53.dat	upx
behavioral1/files/0x0005000000019227-49.dat	upx
behavioral1/files/0x0008000000017047-45.dat	upx
behavioral1/files/0x0007000000016dd9-29.dat	upx
behavioral1/memory/1540-24-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2816-2475-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2140-2636-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2892-2673-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/1540-2737-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2752-2738-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2236-2826-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/1944-2843-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2468-2836-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2700-2832-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2892-3693-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2140-3701-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/1540-3712-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2752-3711-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2236-4027-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/1572-4029-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/1008-4028-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2608-4030-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hQrmsVZ.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JAVcsdd.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TTfRuPO.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IkVCeDW.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WpKcFTE.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yGflVwc.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mUBUvjJ.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DcXkzHA.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZEHESQ.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iPyPDTX.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\okvHySq.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AgHZvAO.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CdnLpqN.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\flMUrBy.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zodNDJv.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YmzidJJ.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uWMEnCl.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ShxWAcG.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xwjBiYQ.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NHiJxej.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TIFkoJL.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PxYeeqm.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wElpkHN.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Bgwoino.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jaRcgSY.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Jckaofl.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QRWNhNO.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HNaCExo.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFXjlWj.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zkStPUX.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OykheRB.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxVxnqv.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QtJkuBJ.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\urAvEVA.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mrqrRpv.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzHUClr.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oQTIFJv.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SdmQpNj.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wsFaYsn.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZvIdArd.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LvsfmGH.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FoWHDTu.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qyoDnCi.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fBbfyHV.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\monVjNl.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lLHukvL.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BxhQnlK.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\spfJCKd.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VofWMbj.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbEZVkJ.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rBPrUTS.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpgjrFj.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UHBPTHc.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IKipFYR.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QUJCwpw.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SBWXKam.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XkMQydB.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdwnAnf.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XFVHQoR.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tfOjpYy.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kGuQDrC.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MzoXXml.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\omBkUfW.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqNnnoM.exe	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2140	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2816 wrote to memory of 2140	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2816 wrote to memory of 2140	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2816 wrote to memory of 2892	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2816 wrote to memory of 2892	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2816 wrote to memory of 2892	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2816 wrote to memory of 1540	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2816 wrote to memory of 1540	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2816 wrote to memory of 1540	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2816 wrote to memory of 2752	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2816 wrote to memory of 2752	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2816 wrote to memory of 2752	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2816 wrote to memory of 2236	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2816 wrote to memory of 2236	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2816 wrote to memory of 2236	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2816 wrote to memory of 2608	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2816 wrote to memory of 2608	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2816 wrote to memory of 2608	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2816 wrote to memory of 2700	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2816 wrote to memory of 2700	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2816 wrote to memory of 2700	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2816 wrote to memory of 2468	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2816 wrote to memory of 2468	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2816 wrote to memory of 2468	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2816 wrote to memory of 1944	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2816 wrote to memory of 1944	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2816 wrote to memory of 1944	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2816 wrote to memory of 1008	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2816 wrote to memory of 1008	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2816 wrote to memory of 1008	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2816 wrote to memory of 1404	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2816 wrote to memory of 1404	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2816 wrote to memory of 1404	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2816 wrote to memory of 1572	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2816 wrote to memory of 1572	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2816 wrote to memory of 1572	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2816 wrote to memory of 560	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2816 wrote to memory of 560	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2816 wrote to memory of 560	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2816 wrote to memory of 2124	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2816 wrote to memory of 2124	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2816 wrote to memory of 2124	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2816 wrote to memory of 2368	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2816 wrote to memory of 2368	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2816 wrote to memory of 2368	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2816 wrote to memory of 2488	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2816 wrote to memory of 2488	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2816 wrote to memory of 2488	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2816 wrote to memory of 2388	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2816 wrote to memory of 2388	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2816 wrote to memory of 2388	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2816 wrote to memory of 2976	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2816 wrote to memory of 2976	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2816 wrote to memory of 2976	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2816 wrote to memory of 2924	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2816 wrote to memory of 2924	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2816 wrote to memory of 2924	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2816 wrote to memory of 2936	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2816 wrote to memory of 2936	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2816 wrote to memory of 2936	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2816 wrote to memory of 2920	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2816 wrote to memory of 2920	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2816 wrote to memory of 2920	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2816 wrote to memory of 3000	2816	2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-16_f915199b1c7813d3bf1f510549a363f7_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Windows\System\BxERPTj.exe
  C:\Windows\System\BxERPTj.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\tiAhgBn.exe
  C:\Windows\System\tiAhgBn.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\yKhAxJS.exe
  C:\Windows\System\yKhAxJS.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\oJEeRvV.exe
  C:\Windows\System\oJEeRvV.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\tUAWjxe.exe
  C:\Windows\System\tUAWjxe.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\UIMhsMA.exe
  C:\Windows\System\UIMhsMA.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\TsIjcxT.exe
  C:\Windows\System\TsIjcxT.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\eaDXxDy.exe
  C:\Windows\System\eaDXxDy.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\uUrVvpX.exe
  C:\Windows\System\uUrVvpX.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\VhvpElz.exe
  C:\Windows\System\VhvpElz.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\fTJLwYi.exe
  C:\Windows\System\fTJLwYi.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\CzdPYgi.exe
  C:\Windows\System\CzdPYgi.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\VYrguSY.exe
  C:\Windows\System\VYrguSY.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\zkNDwQf.exe
  C:\Windows\System\zkNDwQf.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\NVoRnZH.exe
  C:\Windows\System\NVoRnZH.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\jzRDcBh.exe
  C:\Windows\System\jzRDcBh.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\iHDviTo.exe
  C:\Windows\System\iHDviTo.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\ZjdFELW.exe
  C:\Windows\System\ZjdFELW.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\ESfhrqj.exe
  C:\Windows\System\ESfhrqj.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\vWbLvLA.exe
  C:\Windows\System\vWbLvLA.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\HuDUOoz.exe
  C:\Windows\System\HuDUOoz.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\uBhmAMB.exe
  C:\Windows\System\uBhmAMB.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\OykheRB.exe
  C:\Windows\System\OykheRB.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\mjTxRqG.exe
  C:\Windows\System\mjTxRqG.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\NwBzNYO.exe
  C:\Windows\System\NwBzNYO.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\HQDgltj.exe
  C:\Windows\System\HQDgltj.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\pYKGpZH.exe
  C:\Windows\System\pYKGpZH.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\dtLnVho.exe
  C:\Windows\System\dtLnVho.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\sFEekNw.exe
  C:\Windows\System\sFEekNw.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\HvsGsKI.exe
  C:\Windows\System\HvsGsKI.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\owItWeu.exe
  C:\Windows\System\owItWeu.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\ndsrLde.exe
  C:\Windows\System\ndsrLde.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\VipLZWj.exe
  C:\Windows\System\VipLZWj.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\fVgZVWT.exe
  C:\Windows\System\fVgZVWT.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\YzmHdPR.exe
  C:\Windows\System\YzmHdPR.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\rYwCTIP.exe
  C:\Windows\System\rYwCTIP.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\NqYjSuG.exe
  C:\Windows\System\NqYjSuG.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\hfAfrOi.exe
  C:\Windows\System\hfAfrOi.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\RuGlRlL.exe
  C:\Windows\System\RuGlRlL.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\NDbHXcA.exe
  C:\Windows\System\NDbHXcA.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\gYAuGqX.exe
  C:\Windows\System\gYAuGqX.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\TpIFbDp.exe
  C:\Windows\System\TpIFbDp.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\FvmTQaq.exe
  C:\Windows\System\FvmTQaq.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\tcVvAYM.exe
  C:\Windows\System\tcVvAYM.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\AlXcOuO.exe
  C:\Windows\System\AlXcOuO.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\EhSBBvn.exe
  C:\Windows\System\EhSBBvn.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\zMwpuAF.exe
  C:\Windows\System\zMwpuAF.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\uZGcqci.exe
  C:\Windows\System\uZGcqci.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\RcVBybm.exe
  C:\Windows\System\RcVBybm.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\bCXZUpT.exe
  C:\Windows\System\bCXZUpT.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\owfweDo.exe
  C:\Windows\System\owfweDo.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\aSaUvdI.exe
  C:\Windows\System\aSaUvdI.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\NpuUWNv.exe
  C:\Windows\System\NpuUWNv.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\asewdQI.exe
  C:\Windows\System\asewdQI.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\OMxjaqN.exe
  C:\Windows\System\OMxjaqN.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\qglzeCi.exe
  C:\Windows\System\qglzeCi.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\eDEKyEU.exe
  C:\Windows\System\eDEKyEU.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\zrpNYAX.exe
  C:\Windows\System\zrpNYAX.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\IshLtPG.exe
  C:\Windows\System\IshLtPG.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\zodNDJv.exe
  C:\Windows\System\zodNDJv.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\kSyhjzA.exe
  C:\Windows\System\kSyhjzA.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\RxdLpes.exe
  C:\Windows\System\RxdLpes.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\JOBEGFy.exe
  C:\Windows\System\JOBEGFy.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\QTYWWhW.exe
  C:\Windows\System\QTYWWhW.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\ksOBbgD.exe
  C:\Windows\System\ksOBbgD.exe
  2⤵
  PID:1520
- C:\Windows\System\smVQmfH.exe
  C:\Windows\System\smVQmfH.exe
  2⤵
  PID:1632
- C:\Windows\System\aaXdgCc.exe
  C:\Windows\System\aaXdgCc.exe
  2⤵
  PID:2584
- C:\Windows\System\hIwdgPx.exe
  C:\Windows\System\hIwdgPx.exe
  2⤵
  PID:2956
- C:\Windows\System\kRzCAKi.exe
  C:\Windows\System\kRzCAKi.exe
  2⤵
  PID:2632
- C:\Windows\System\aOsitfU.exe
  C:\Windows\System\aOsitfU.exe
  2⤵
  PID:2572
- C:\Windows\System\lvaCDiv.exe
  C:\Windows\System\lvaCDiv.exe
  2⤵
  PID:2652
- C:\Windows\System\BJCvWFM.exe
  C:\Windows\System\BJCvWFM.exe
  2⤵
  PID:1844
- C:\Windows\System\mByFdGl.exe
  C:\Windows\System\mByFdGl.exe
  2⤵
  PID:588
- C:\Windows\System\WJyNTbF.exe
  C:\Windows\System\WJyNTbF.exe
  2⤵
  PID:1780
- C:\Windows\System\giWUqAy.exe
  C:\Windows\System\giWUqAy.exe
  2⤵
  PID:2360
- C:\Windows\System\ZIUSvuN.exe
  C:\Windows\System\ZIUSvuN.exe
  2⤵
  PID:276
- C:\Windows\System\KEoDhKu.exe
  C:\Windows\System\KEoDhKu.exe
  2⤵
  PID:2560
- C:\Windows\System\gQBIzmQ.exe
  C:\Windows\System\gQBIzmQ.exe
  2⤵
  PID:2664
- C:\Windows\System\NAiCSLq.exe
  C:\Windows\System\NAiCSLq.exe
  2⤵
  PID:2840
- C:\Windows\System\xKVcRCt.exe
  C:\Windows\System\xKVcRCt.exe
  2⤵
  PID:1504
- C:\Windows\System\RzCgGsy.exe
  C:\Windows\System\RzCgGsy.exe
  2⤵
  PID:2548
- C:\Windows\System\rispqzk.exe
  C:\Windows\System\rispqzk.exe
  2⤵
  PID:2712
- C:\Windows\System\aDhUQHc.exe
  C:\Windows\System\aDhUQHc.exe
  2⤵
  PID:2420
- C:\Windows\System\WxSGwkn.exe
  C:\Windows\System\WxSGwkn.exe
  2⤵
  PID:2164
- C:\Windows\System\EqvcjpY.exe
  C:\Windows\System\EqvcjpY.exe
  2⤵
  PID:780
- C:\Windows\System\gQlwSbu.exe
  C:\Windows\System\gQlwSbu.exe
  2⤵
  PID:1872
- C:\Windows\System\lnoGGar.exe
  C:\Windows\System\lnoGGar.exe
  2⤵
  PID:1836
- C:\Windows\System\JpLxGLr.exe
  C:\Windows\System\JpLxGLr.exe
  2⤵
  PID:1924
- C:\Windows\System\RQKtlpa.exe
  C:\Windows\System\RQKtlpa.exe
  2⤵
  PID:1464
- C:\Windows\System\Bgwoino.exe
  C:\Windows\System\Bgwoino.exe
  2⤵
  PID:1720
- C:\Windows\System\XIGUogW.exe
  C:\Windows\System\XIGUogW.exe
  2⤵
  PID:1676
- C:\Windows\System\ZcwxNsN.exe
  C:\Windows\System\ZcwxNsN.exe
  2⤵
  PID:1660
- C:\Windows\System\aMmgcLs.exe
  C:\Windows\System\aMmgcLs.exe
  2⤵
  PID:1868
- C:\Windows\System\JhdxAkj.exe
  C:\Windows\System\JhdxAkj.exe
  2⤵
  PID:1140
- C:\Windows\System\gkyjKbn.exe
  C:\Windows\System\gkyjKbn.exe
  2⤵
  PID:2352
- C:\Windows\System\XHsfUGT.exe
  C:\Windows\System\XHsfUGT.exe
  2⤵
  PID:1788
- C:\Windows\System\eVfbbUY.exe
  C:\Windows\System\eVfbbUY.exe
  2⤵
  PID:2504
- C:\Windows\System\omCHPNx.exe
  C:\Windows\System\omCHPNx.exe
  2⤵
  PID:772
- C:\Windows\System\XMZOTpw.exe
  C:\Windows\System\XMZOTpw.exe
  2⤵
  PID:1424
- C:\Windows\System\mEouAIz.exe
  C:\Windows\System\mEouAIz.exe
  2⤵
  PID:2136
- C:\Windows\System\EeNHYKu.exe
  C:\Windows\System\EeNHYKu.exe
  2⤵
  PID:2288
- C:\Windows\System\lhnZzvy.exe
  C:\Windows\System\lhnZzvy.exe
  2⤵
  PID:2740
- C:\Windows\System\CvJaXoG.exe
  C:\Windows\System\CvJaXoG.exe
  2⤵
  PID:2820
- C:\Windows\System\yKTBLFk.exe
  C:\Windows\System\yKTBLFk.exe
  2⤵
  PID:484
- C:\Windows\System\TrUIdVQ.exe
  C:\Windows\System\TrUIdVQ.exe
  2⤵
  PID:2524
- C:\Windows\System\lIJkTKX.exe
  C:\Windows\System\lIJkTKX.exe
  2⤵
  PID:2928
- C:\Windows\System\lNCfufi.exe
  C:\Windows\System\lNCfufi.exe
  2⤵
  PID:2832
- C:\Windows\System\cTGVXZF.exe
  C:\Windows\System\cTGVXZF.exe
  2⤵
  PID:3016
- C:\Windows\System\AVtUokT.exe
  C:\Windows\System\AVtUokT.exe
  2⤵
  PID:1956
- C:\Windows\System\QnEwBAW.exe
  C:\Windows\System\QnEwBAW.exe
  2⤵
  PID:2444
- C:\Windows\System\cvNyIHd.exe
  C:\Windows\System\cvNyIHd.exe
  2⤵
  PID:2464
- C:\Windows\System\AvAxkhq.exe
  C:\Windows\System\AvAxkhq.exe
  2⤵
  PID:1548
- C:\Windows\System\NQwqQRw.exe
  C:\Windows\System\NQwqQRw.exe
  2⤵
  PID:1472
- C:\Windows\System\MzuaibU.exe
  C:\Windows\System\MzuaibU.exe
  2⤵
  PID:1916
- C:\Windows\System\NLycvFL.exe
  C:\Windows\System\NLycvFL.exe
  2⤵
  PID:2024
- C:\Windows\System\Phgjujs.exe
  C:\Windows\System\Phgjujs.exe
  2⤵
  PID:1544
- C:\Windows\System\THcHYLc.exe
  C:\Windows\System\THcHYLc.exe
  2⤵
  PID:2180
- C:\Windows\System\tfOjpYy.exe
  C:\Windows\System\tfOjpYy.exe
  2⤵
  PID:2104
- C:\Windows\System\IzTjWWK.exe
  C:\Windows\System\IzTjWWK.exe
  2⤵
  PID:2400
- C:\Windows\System\zbphyUl.exe
  C:\Windows\System\zbphyUl.exe
  2⤵
  PID:2724
- C:\Windows\System\ScfPTnX.exe
  C:\Windows\System\ScfPTnX.exe
  2⤵
  PID:2620
- C:\Windows\System\eaZJaNo.exe
  C:\Windows\System\eaZJaNo.exe
  2⤵
  PID:2944
- C:\Windows\System\mjIoNDJ.exe
  C:\Windows\System\mjIoNDJ.exe
  2⤵
  PID:2736
- C:\Windows\System\ndThTWj.exe
  C:\Windows\System\ndThTWj.exe
  2⤵
  PID:2324
- C:\Windows\System\ZCdBWXL.exe
  C:\Windows\System\ZCdBWXL.exe
  2⤵
  PID:2344
- C:\Windows\System\ngIViUp.exe
  C:\Windows\System\ngIViUp.exe
  2⤵
  PID:284
- C:\Windows\System\WGvGkEE.exe
  C:\Windows\System\WGvGkEE.exe
  2⤵
  PID:712
- C:\Windows\System\VofWMbj.exe
  C:\Windows\System\VofWMbj.exe
  2⤵
  PID:2092
- C:\Windows\System\inHyHqB.exe
  C:\Windows\System\inHyHqB.exe
  2⤵
  PID:2716
- C:\Windows\System\vpgjrFj.exe
  C:\Windows\System\vpgjrFj.exe
  2⤵
  PID:2868
- C:\Windows\System\nMPWNOp.exe
  C:\Windows\System\nMPWNOp.exe
  2⤵
  PID:2336
- C:\Windows\System\BngajQG.exe
  C:\Windows\System\BngajQG.exe
  2⤵
  PID:864
- C:\Windows\System\PJfegrq.exe
  C:\Windows\System\PJfegrq.exe
  2⤵
  PID:1524
- C:\Windows\System\monVjNl.exe
  C:\Windows\System\monVjNl.exe
  2⤵
  PID:1240
- C:\Windows\System\tGEySFs.exe
  C:\Windows\System\tGEySFs.exe
  2⤵
  PID:1696
- C:\Windows\System\opSTtDD.exe
  C:\Windows\System\opSTtDD.exe
  2⤵
  PID:600
- C:\Windows\System\ASwuVAU.exe
  C:\Windows\System\ASwuVAU.exe
  2⤵
  PID:3080
- C:\Windows\System\YXqPFGq.exe
  C:\Windows\System\YXqPFGq.exe
  2⤵
  PID:3096
- C:\Windows\System\tnJziJO.exe
  C:\Windows\System\tnJziJO.exe
  2⤵
  PID:3112
- C:\Windows\System\kBijeaN.exe
  C:\Windows\System\kBijeaN.exe
  2⤵
  PID:3128
- C:\Windows\System\FZacyig.exe
  C:\Windows\System\FZacyig.exe
  2⤵
  PID:3144
- C:\Windows\System\AjUKbCB.exe
  C:\Windows\System\AjUKbCB.exe
  2⤵
  PID:3160
- C:\Windows\System\AQCJqon.exe
  C:\Windows\System\AQCJqon.exe
  2⤵
  PID:3176
- C:\Windows\System\noqxkeJ.exe
  C:\Windows\System\noqxkeJ.exe
  2⤵
  PID:3192
- C:\Windows\System\yTAWHCJ.exe
  C:\Windows\System\yTAWHCJ.exe
  2⤵
  PID:3208
- C:\Windows\System\HkkArvy.exe
  C:\Windows\System\HkkArvy.exe
  2⤵
  PID:3224
- C:\Windows\System\xDIKoXN.exe
  C:\Windows\System\xDIKoXN.exe
  2⤵
  PID:3240
- C:\Windows\System\UHMudnL.exe
  C:\Windows\System\UHMudnL.exe
  2⤵
  PID:3256
- C:\Windows\System\PEbWzjh.exe
  C:\Windows\System\PEbWzjh.exe
  2⤵
  PID:3272
- C:\Windows\System\kkNEQUg.exe
  C:\Windows\System\kkNEQUg.exe
  2⤵
  PID:3288
- C:\Windows\System\qofQqCz.exe
  C:\Windows\System\qofQqCz.exe
  2⤵
  PID:3304
- C:\Windows\System\VlQwqDv.exe
  C:\Windows\System\VlQwqDv.exe
  2⤵
  PID:3320
- C:\Windows\System\gXjImoI.exe
  C:\Windows\System\gXjImoI.exe
  2⤵
  PID:3336
- C:\Windows\System\FeaQBwU.exe
  C:\Windows\System\FeaQBwU.exe
  2⤵
  PID:3352
- C:\Windows\System\Btrgegd.exe
  C:\Windows\System\Btrgegd.exe
  2⤵
  PID:3368
- C:\Windows\System\wDYgGlz.exe
  C:\Windows\System\wDYgGlz.exe
  2⤵
  PID:3384
- C:\Windows\System\tlyiWZk.exe
  C:\Windows\System\tlyiWZk.exe
  2⤵
  PID:3400
- C:\Windows\System\qeaVhpz.exe
  C:\Windows\System\qeaVhpz.exe
  2⤵
  PID:3416
- C:\Windows\System\PkYqGHN.exe
  C:\Windows\System\PkYqGHN.exe
  2⤵
  PID:3432
- C:\Windows\System\UzNzfYY.exe
  C:\Windows\System\UzNzfYY.exe
  2⤵
  PID:3448
- C:\Windows\System\xAYcSMy.exe
  C:\Windows\System\xAYcSMy.exe
  2⤵
  PID:3464
- C:\Windows\System\hmujKtC.exe
  C:\Windows\System\hmujKtC.exe
  2⤵
  PID:3480
- C:\Windows\System\izOgYkK.exe
  C:\Windows\System\izOgYkK.exe
  2⤵
  PID:3496
- C:\Windows\System\zTknaLJ.exe
  C:\Windows\System\zTknaLJ.exe
  2⤵
  PID:3512
- C:\Windows\System\TFdSyjS.exe
  C:\Windows\System\TFdSyjS.exe
  2⤵
  PID:3528
- C:\Windows\System\SPmAvtM.exe
  C:\Windows\System\SPmAvtM.exe
  2⤵
  PID:3544
- C:\Windows\System\iwBAzzW.exe
  C:\Windows\System\iwBAzzW.exe
  2⤵
  PID:3560
- C:\Windows\System\MAzSZBp.exe
  C:\Windows\System\MAzSZBp.exe
  2⤵
  PID:3576
- C:\Windows\System\FDdAxDi.exe
  C:\Windows\System\FDdAxDi.exe
  2⤵
  PID:3592
- C:\Windows\System\vBgOWMY.exe
  C:\Windows\System\vBgOWMY.exe
  2⤵
  PID:3608
- C:\Windows\System\fWIGHQi.exe
  C:\Windows\System\fWIGHQi.exe
  2⤵
  PID:3624
- C:\Windows\System\FSakPJE.exe
  C:\Windows\System\FSakPJE.exe
  2⤵
  PID:3640
- C:\Windows\System\RIQLBmr.exe
  C:\Windows\System\RIQLBmr.exe
  2⤵
  PID:3656
- C:\Windows\System\AwJVxjW.exe
  C:\Windows\System\AwJVxjW.exe
  2⤵
  PID:3672
- C:\Windows\System\dKmBWNH.exe
  C:\Windows\System\dKmBWNH.exe
  2⤵
  PID:3688
- C:\Windows\System\CYsRtVG.exe
  C:\Windows\System\CYsRtVG.exe
  2⤵
  PID:3704
- C:\Windows\System\MQeFHcQ.exe
  C:\Windows\System\MQeFHcQ.exe
  2⤵
  PID:3720
- C:\Windows\System\eqYuyNn.exe
  C:\Windows\System\eqYuyNn.exe
  2⤵
  PID:3736
- C:\Windows\System\ygScyoW.exe
  C:\Windows\System\ygScyoW.exe
  2⤵
  PID:3752
- C:\Windows\System\CLvEGLx.exe
  C:\Windows\System\CLvEGLx.exe
  2⤵
  PID:3768
- C:\Windows\System\OsEpllU.exe
  C:\Windows\System\OsEpllU.exe
  2⤵
  PID:3784
- C:\Windows\System\TuWgtux.exe
  C:\Windows\System\TuWgtux.exe
  2⤵
  PID:3800
- C:\Windows\System\cqgTLxp.exe
  C:\Windows\System\cqgTLxp.exe
  2⤵
  PID:3816
- C:\Windows\System\dBbiRTX.exe
  C:\Windows\System\dBbiRTX.exe
  2⤵
  PID:3832
- C:\Windows\System\kVRNnGI.exe
  C:\Windows\System\kVRNnGI.exe
  2⤵
  PID:3848
- C:\Windows\System\lHncDLU.exe
  C:\Windows\System\lHncDLU.exe
  2⤵
  PID:3864
- C:\Windows\System\oTQAIDk.exe
  C:\Windows\System\oTQAIDk.exe
  2⤵
  PID:3880
- C:\Windows\System\leNncDc.exe
  C:\Windows\System\leNncDc.exe
  2⤵
  PID:3896
- C:\Windows\System\mUBUvjJ.exe
  C:\Windows\System\mUBUvjJ.exe
  2⤵
  PID:3912
- C:\Windows\System\DcXkzHA.exe
  C:\Windows\System\DcXkzHA.exe
  2⤵
  PID:3928
- C:\Windows\System\afoGrZb.exe
  C:\Windows\System\afoGrZb.exe
  2⤵
  PID:3944
- C:\Windows\System\ybHNRxU.exe
  C:\Windows\System\ybHNRxU.exe
  2⤵
  PID:3960
- C:\Windows\System\XWwPAXs.exe
  C:\Windows\System\XWwPAXs.exe
  2⤵
  PID:3976
- C:\Windows\System\TxgCizf.exe
  C:\Windows\System\TxgCizf.exe
  2⤵
  PID:3992
- C:\Windows\System\cYxNxjR.exe
  C:\Windows\System\cYxNxjR.exe
  2⤵
  PID:4008
- C:\Windows\System\AjvYvkh.exe
  C:\Windows\System\AjvYvkh.exe
  2⤵
  PID:4024
- C:\Windows\System\WOlsyEh.exe
  C:\Windows\System\WOlsyEh.exe
  2⤵
  PID:4040
- C:\Windows\System\NvdwCQY.exe
  C:\Windows\System\NvdwCQY.exe
  2⤵
  PID:4056
- C:\Windows\System\otdSiuT.exe
  C:\Windows\System\otdSiuT.exe
  2⤵
  PID:4072
- C:\Windows\System\JEUSXuF.exe
  C:\Windows\System\JEUSXuF.exe
  2⤵
  PID:4088
- C:\Windows\System\RIOQVtR.exe
  C:\Windows\System\RIOQVtR.exe
  2⤵
  PID:1648
- C:\Windows\System\uigJJdY.exe
  C:\Windows\System\uigJJdY.exe
  2⤵
  PID:3108
- C:\Windows\System\PWKykWu.exe
  C:\Windows\System\PWKykWu.exe
  2⤵
  PID:3136
- C:\Windows\System\oaoIbhi.exe
  C:\Windows\System\oaoIbhi.exe
  2⤵
  PID:3168
- C:\Windows\System\YdSZaDu.exe
  C:\Windows\System\YdSZaDu.exe
  2⤵
  PID:3184
- C:\Windows\System\TvPFroh.exe
  C:\Windows\System\TvPFroh.exe
  2⤵
  PID:3216
- C:\Windows\System\eLTgHqC.exe
  C:\Windows\System\eLTgHqC.exe
  2⤵
  PID:3264
- C:\Windows\System\JHAReHJ.exe
  C:\Windows\System\JHAReHJ.exe
  2⤵
  PID:3296
- C:\Windows\System\jzapADy.exe
  C:\Windows\System\jzapADy.exe
  2⤵
  PID:3328
- C:\Windows\System\egCabTL.exe
  C:\Windows\System\egCabTL.exe
  2⤵
  PID:3360
- C:\Windows\System\dBOHGkd.exe
  C:\Windows\System\dBOHGkd.exe
  2⤵
  PID:3392
- C:\Windows\System\YVnHfgl.exe
  C:\Windows\System\YVnHfgl.exe
  2⤵
  PID:3424
- C:\Windows\System\NoCHZVC.exe
  C:\Windows\System\NoCHZVC.exe
  2⤵
  PID:3444
- C:\Windows\System\GPFxvHx.exe
  C:\Windows\System\GPFxvHx.exe
  2⤵
  PID:3472
- C:\Windows\System\qpeXXPJ.exe
  C:\Windows\System\qpeXXPJ.exe
  2⤵
  PID:3520
- C:\Windows\System\lLHukvL.exe
  C:\Windows\System\lLHukvL.exe
  2⤵
  PID:3540
- C:\Windows\System\SXvJfZz.exe
  C:\Windows\System\SXvJfZz.exe
  2⤵
  PID:3572
- C:\Windows\System\sOruHCN.exe
  C:\Windows\System\sOruHCN.exe
  2⤵
  PID:3616
- C:\Windows\System\QlqbagU.exe
  C:\Windows\System\QlqbagU.exe
  2⤵
  PID:3648
- C:\Windows\System\hGAcHoD.exe
  C:\Windows\System\hGAcHoD.exe
  2⤵
  PID:3680
- C:\Windows\System\gYHaycY.exe
  C:\Windows\System\gYHaycY.exe
  2⤵
  PID:3696
- C:\Windows\System\NwfmvfR.exe
  C:\Windows\System\NwfmvfR.exe
  2⤵
  PID:3728
- C:\Windows\System\kRRXXWO.exe
  C:\Windows\System\kRRXXWO.exe
  2⤵
  PID:1360
- C:\Windows\System\eNEpNxc.exe
  C:\Windows\System\eNEpNxc.exe
  2⤵
  PID:3764
- C:\Windows\System\XcdPqyD.exe
  C:\Windows\System\XcdPqyD.exe
  2⤵
  PID:3812
- C:\Windows\System\LbTHtpU.exe
  C:\Windows\System\LbTHtpU.exe
  2⤵
  PID:3828
- C:\Windows\System\hQVVrHB.exe
  C:\Windows\System\hQVVrHB.exe
  2⤵
  PID:3860
- C:\Windows\System\DjLJcHl.exe
  C:\Windows\System\DjLJcHl.exe
  2⤵
  PID:3892
- C:\Windows\System\jdBIRgJ.exe
  C:\Windows\System\jdBIRgJ.exe
  2⤵
  PID:3924
- C:\Windows\System\Lewlous.exe
  C:\Windows\System\Lewlous.exe
  2⤵
  PID:3972
- C:\Windows\System\gtUMXzQ.exe
  C:\Windows\System\gtUMXzQ.exe
  2⤵
  PID:3988
- C:\Windows\System\nEWyKFp.exe
  C:\Windows\System\nEWyKFp.exe
  2⤵
  PID:4032
- C:\Windows\System\lWdZZmF.exe
  C:\Windows\System\lWdZZmF.exe
  2⤵
  PID:4064
- C:\Windows\System\usFkwXt.exe
  C:\Windows\System\usFkwXt.exe
  2⤵
  PID:2552
- C:\Windows\System\BkXQzVq.exe
  C:\Windows\System\BkXQzVq.exe
  2⤵
  PID:3076
- C:\Windows\System\txiYozw.exe
  C:\Windows\System\txiYozw.exe
  2⤵
  PID:3172
- C:\Windows\System\ukRuEIC.exe
  C:\Windows\System\ukRuEIC.exe
  2⤵
  PID:3204
- C:\Windows\System\eiZumwo.exe
  C:\Windows\System\eiZumwo.exe
  2⤵
  PID:3300
- C:\Windows\System\EaKlVAj.exe
  C:\Windows\System\EaKlVAj.exe
  2⤵
  PID:3332
- C:\Windows\System\lWOYxGN.exe
  C:\Windows\System\lWOYxGN.exe
  2⤵
  PID:3428
- C:\Windows\System\mkLATaW.exe
  C:\Windows\System\mkLATaW.exe
  2⤵
  PID:3492
- C:\Windows\System\oTmGGnj.exe
  C:\Windows\System\oTmGGnj.exe
  2⤵
  PID:3556
- C:\Windows\System\oGUTgLw.exe
  C:\Windows\System\oGUTgLw.exe
  2⤵
  PID:3620
- C:\Windows\System\byhhSpg.exe
  C:\Windows\System\byhhSpg.exe
  2⤵
  PID:3664
- C:\Windows\System\NsdiZzF.exe
  C:\Windows\System\NsdiZzF.exe
  2⤵
  PID:3712
- C:\Windows\System\falpuWO.exe
  C:\Windows\System\falpuWO.exe
  2⤵
  PID:3780
- C:\Windows\System\nJJhMRd.exe
  C:\Windows\System\nJJhMRd.exe
  2⤵
  PID:3844
- C:\Windows\System\kYzSXZJ.exe
  C:\Windows\System\kYzSXZJ.exe
  2⤵
  PID:2812
- C:\Windows\System\JPXkVaC.exe
  C:\Windows\System\JPXkVaC.exe
  2⤵
  PID:3940
- C:\Windows\System\RLKqepk.exe
  C:\Windows\System\RLKqepk.exe
  2⤵
  PID:2088
- C:\Windows\System\XGCTJvm.exe
  C:\Windows\System\XGCTJvm.exe
  2⤵
  PID:2804
- C:\Windows\System\OnTyiBv.exe
  C:\Windows\System\OnTyiBv.exe
  2⤵
  PID:4080
- C:\Windows\System\zEHuLzC.exe
  C:\Windows\System\zEHuLzC.exe
  2⤵
  PID:3236
- C:\Windows\System\tzqUxpB.exe
  C:\Windows\System\tzqUxpB.exe
  2⤵
  PID:3348
- C:\Windows\System\RPBMGYU.exe
  C:\Windows\System\RPBMGYU.exe
  2⤵
  PID:3380
- C:\Windows\System\wZEHESQ.exe
  C:\Windows\System\wZEHESQ.exe
  2⤵
  PID:3524
- C:\Windows\System\KdNmyLp.exe
  C:\Windows\System\KdNmyLp.exe
  2⤵
  PID:3668
- C:\Windows\System\vsCbktm.exe
  C:\Windows\System\vsCbktm.exe
  2⤵
  PID:3732
- C:\Windows\System\OfEIgYp.exe
  C:\Windows\System\OfEIgYp.exe
  2⤵
  PID:3908
- C:\Windows\System\lSyPshJ.exe
  C:\Windows\System\lSyPshJ.exe
  2⤵
  PID:3956
- C:\Windows\System\PSliftN.exe
  C:\Windows\System\PSliftN.exe
  2⤵
  PID:3152
- C:\Windows\System\HxIphmE.exe
  C:\Windows\System\HxIphmE.exe
  2⤵
  PID:2628
- C:\Windows\System\OxiYytY.exe
  C:\Windows\System\OxiYytY.exe
  2⤵
  PID:2916
- C:\Windows\System\ekDjPQv.exe
  C:\Windows\System\ekDjPQv.exe
  2⤵
  PID:3796
- C:\Windows\System\JdgbJjn.exe
  C:\Windows\System\JdgbJjn.exe
  2⤵
  PID:2796
- C:\Windows\System\VcwKUkV.exe
  C:\Windows\System\VcwKUkV.exe
  2⤵
  PID:4048
- C:\Windows\System\pEggBbC.exe
  C:\Windows\System\pEggBbC.exe
  2⤵
  PID:2604
- C:\Windows\System\sXCHHul.exe
  C:\Windows\System\sXCHHul.exe
  2⤵
  PID:3632
- C:\Windows\System\nGodNTU.exe
  C:\Windows\System\nGodNTU.exe
  2⤵
  PID:3280
- C:\Windows\System\MWhlJkq.exe
  C:\Windows\System\MWhlJkq.exe
  2⤵
  PID:3460
- C:\Windows\System\yufIcPm.exe
  C:\Windows\System\yufIcPm.exe
  2⤵
  PID:4108
- C:\Windows\System\kZgcnAo.exe
  C:\Windows\System\kZgcnAo.exe
  2⤵
  PID:4124
- C:\Windows\System\hHrJadM.exe
  C:\Windows\System\hHrJadM.exe
  2⤵
  PID:4140
- C:\Windows\System\fGtPWLx.exe
  C:\Windows\System\fGtPWLx.exe
  2⤵
  PID:4156
- C:\Windows\System\RNwkQNy.exe
  C:\Windows\System\RNwkQNy.exe
  2⤵
  PID:4172
- C:\Windows\System\TwoyeXF.exe
  C:\Windows\System\TwoyeXF.exe
  2⤵
  PID:4188
- C:\Windows\System\xiiUazq.exe
  C:\Windows\System\xiiUazq.exe
  2⤵
  PID:4204
- C:\Windows\System\kawXmAD.exe
  C:\Windows\System\kawXmAD.exe
  2⤵
  PID:4220
- C:\Windows\System\UqVElvo.exe
  C:\Windows\System\UqVElvo.exe
  2⤵
  PID:4236
- C:\Windows\System\ynkYRsT.exe
  C:\Windows\System\ynkYRsT.exe
  2⤵
  PID:4252
- C:\Windows\System\eOKOpwQ.exe
  C:\Windows\System\eOKOpwQ.exe
  2⤵
  PID:4268
- C:\Windows\System\tdxwYYg.exe
  C:\Windows\System\tdxwYYg.exe
  2⤵
  PID:4284
- C:\Windows\System\TLvaRMS.exe
  C:\Windows\System\TLvaRMS.exe
  2⤵
  PID:4300
- C:\Windows\System\BVjRhhR.exe
  C:\Windows\System\BVjRhhR.exe
  2⤵
  PID:4316
- C:\Windows\System\rNGGuyX.exe
  C:\Windows\System\rNGGuyX.exe
  2⤵
  PID:4348
- C:\Windows\System\baXoNAw.exe
  C:\Windows\System\baXoNAw.exe
  2⤵
  PID:4456
- C:\Windows\System\MhSJQWv.exe
  C:\Windows\System\MhSJQWv.exe
  2⤵
  PID:4572
- C:\Windows\System\dpYHOrw.exe
  C:\Windows\System\dpYHOrw.exe
  2⤵
  PID:4776
- C:\Windows\System\PPxeSSw.exe
  C:\Windows\System\PPxeSSw.exe
  2⤵
  PID:5048
- C:\Windows\System\SvySaBN.exe
  C:\Windows\System\SvySaBN.exe
  2⤵
  PID:4180
- C:\Windows\System\qwxdJez.exe
  C:\Windows\System\qwxdJez.exe
  2⤵
  PID:2340
- C:\Windows\System\Cuxdrqi.exe
  C:\Windows\System\Cuxdrqi.exe
  2⤵
  PID:2988
- C:\Windows\System\okUWQlk.exe
  C:\Windows\System\okUWQlk.exe
  2⤵
  PID:4276
- C:\Windows\System\GsjyqkJ.exe
  C:\Windows\System\GsjyqkJ.exe
  2⤵
  PID:4356
- C:\Windows\System\BTeoIFw.exe
  C:\Windows\System\BTeoIFw.exe
  2⤵
  PID:4376
- C:\Windows\System\CuGZyGk.exe
  C:\Windows\System\CuGZyGk.exe
  2⤵
  PID:4420
- C:\Windows\System\ACcDKwz.exe
  C:\Windows\System\ACcDKwz.exe
  2⤵
  PID:3024
- C:\Windows\System\hVPAYaG.exe
  C:\Windows\System\hVPAYaG.exe
  2⤵
  PID:2376
- C:\Windows\System\cdUViyt.exe
  C:\Windows\System\cdUViyt.exe
  2⤵
  PID:4472
- C:\Windows\System\EcVWVWi.exe
  C:\Windows\System\EcVWVWi.exe
  2⤵
  PID:2932
- C:\Windows\System\QznTuHu.exe
  C:\Windows\System\QznTuHu.exe
  2⤵
  PID:4492
- C:\Windows\System\OEuRfHA.exe
  C:\Windows\System\OEuRfHA.exe
  2⤵
  PID:4508
- C:\Windows\System\mdKOVCI.exe
  C:\Windows\System\mdKOVCI.exe
  2⤵
  PID:4512
- C:\Windows\System\UHBPTHc.exe
  C:\Windows\System\UHBPTHc.exe
  2⤵
  PID:4532
- C:\Windows\System\eVxBnNd.exe
  C:\Windows\System\eVxBnNd.exe
  2⤵
  PID:4560
- C:\Windows\System\LiHIThS.exe
  C:\Windows\System\LiHIThS.exe
  2⤵
  PID:4584
- C:\Windows\System\bnXJtCC.exe
  C:\Windows\System\bnXJtCC.exe
  2⤵
  PID:4596
- C:\Windows\System\jgaQHGF.exe
  C:\Windows\System\jgaQHGF.exe
  2⤵
  PID:2836
- C:\Windows\System\BJUWPhJ.exe
  C:\Windows\System\BJUWPhJ.exe
  2⤵
  PID:4616
- C:\Windows\System\hVcQQQN.exe
  C:\Windows\System\hVcQQQN.exe
  2⤵
  PID:4632
- C:\Windows\System\RwScqAE.exe
  C:\Windows\System\RwScqAE.exe
  2⤵
  PID:4648
- C:\Windows\System\EdJFXsi.exe
  C:\Windows\System\EdJFXsi.exe
  2⤵
  PID:2452
- C:\Windows\System\BdEkPUm.exe
  C:\Windows\System\BdEkPUm.exe
  2⤵
  PID:1168
- C:\Windows\System\WYLPULU.exe
  C:\Windows\System\WYLPULU.exe
  2⤵
  PID:4676
- C:\Windows\System\PjRlpTI.exe
  C:\Windows\System\PjRlpTI.exe
  2⤵
  PID:4692
- C:\Windows\System\hQEplVs.exe
  C:\Windows\System\hQEplVs.exe
  2⤵
  PID:4704
- C:\Windows\System\BqjnqIX.exe
  C:\Windows\System\BqjnqIX.exe
  2⤵
  PID:4720
- C:\Windows\System\eTEdEhn.exe
  C:\Windows\System\eTEdEhn.exe
  2⤵
  PID:4744
- C:\Windows\System\CgWaWaX.exe
  C:\Windows\System\CgWaWaX.exe
  2⤵
  PID:264
- C:\Windows\System\HowkqEs.exe
  C:\Windows\System\HowkqEs.exe
  2⤵
  PID:2460
- C:\Windows\System\bFFOwEE.exe
  C:\Windows\System\bFFOwEE.exe
  2⤵
  PID:2188
- C:\Windows\System\MEevEbJ.exe
  C:\Windows\System\MEevEbJ.exe
  2⤵
  PID:4928
- C:\Windows\System\ZXJWBZF.exe
  C:\Windows\System\ZXJWBZF.exe
  2⤵
  PID:4796
- C:\Windows\System\BSQLptL.exe
  C:\Windows\System\BSQLptL.exe
  2⤵
  PID:4812
- C:\Windows\System\kYurnGs.exe
  C:\Windows\System\kYurnGs.exe
  2⤵
  PID:4828
- C:\Windows\System\jUhrpOn.exe
  C:\Windows\System\jUhrpOn.exe
  2⤵
  PID:4832
- C:\Windows\System\qYeALWH.exe
  C:\Windows\System\qYeALWH.exe
  2⤵
  PID:4848
- C:\Windows\System\vDUYKrp.exe
  C:\Windows\System\vDUYKrp.exe
  2⤵
  PID:4864
- C:\Windows\System\nnFwzsX.exe
  C:\Windows\System\nnFwzsX.exe
  2⤵
  PID:4880
- C:\Windows\System\VpdChLp.exe
  C:\Windows\System\VpdChLp.exe
  2⤵
  PID:4900
- C:\Windows\System\AbEZVkJ.exe
  C:\Windows\System\AbEZVkJ.exe
  2⤵
  PID:4956
- C:\Windows\System\ihXvNNS.exe
  C:\Windows\System\ihXvNNS.exe
  2⤵
  PID:4964
- C:\Windows\System\YuzkOfx.exe
  C:\Windows\System\YuzkOfx.exe
  2⤵
  PID:4980
- C:\Windows\System\cqDuKiU.exe
  C:\Windows\System\cqDuKiU.exe
  2⤵
  PID:1192
- C:\Windows\System\FeyKmiQ.exe
  C:\Windows\System\FeyKmiQ.exe
  2⤵
  PID:5016
- C:\Windows\System\QVmSDha.exe
  C:\Windows\System\QVmSDha.exe
  2⤵
  PID:5032
- C:\Windows\System\HUsntuI.exe
  C:\Windows\System\HUsntuI.exe
  2⤵
  PID:5036
- C:\Windows\System\UqyLnXx.exe
  C:\Windows\System\UqyLnXx.exe
  2⤵
  PID:5068
- C:\Windows\System\yvpTMit.exe
  C:\Windows\System\yvpTMit.exe
  2⤵
  PID:5084
- C:\Windows\System\VLyNCRG.exe
  C:\Windows\System\VLyNCRG.exe
  2⤵
  PID:5092
- C:\Windows\System\pjDUVOF.exe
  C:\Windows\System\pjDUVOF.exe
  2⤵
  PID:5112
- C:\Windows\System\EOHGqES.exe
  C:\Windows\System\EOHGqES.exe
  2⤵
  PID:4184
- C:\Windows\System\hbXlbJR.exe
  C:\Windows\System\hbXlbJR.exe
  2⤵
  PID:580
- C:\Windows\System\MyuZhxH.exe
  C:\Windows\System\MyuZhxH.exe
  2⤵
  PID:4392
- C:\Windows\System\JuxRjtT.exe
  C:\Windows\System\JuxRjtT.exe
  2⤵
  PID:4344
- C:\Windows\System\SWktHmE.exe
  C:\Windows\System\SWktHmE.exe
  2⤵
  PID:4232
- C:\Windows\System\rLdAaMs.exe
  C:\Windows\System\rLdAaMs.exe
  2⤵
  PID:4292
- C:\Windows\System\oBWzsto.exe
  C:\Windows\System\oBWzsto.exe
  2⤵
  PID:4336
- C:\Windows\System\AkCBccG.exe
  C:\Windows\System\AkCBccG.exe
  2⤵
  PID:4372
- C:\Windows\System\cbrkkfB.exe
  C:\Windows\System\cbrkkfB.exe
  2⤵
  PID:4264
- C:\Windows\System\jymvGEu.exe
  C:\Windows\System\jymvGEu.exe
  2⤵
  PID:2316
- C:\Windows\System\oQTIFJv.exe
  C:\Windows\System\oQTIFJv.exe
  2⤵
  PID:2808
- C:\Windows\System\SjdXecM.exe
  C:\Windows\System\SjdXecM.exe
  2⤵
  PID:4504
- C:\Windows\System\lYWDaWS.exe
  C:\Windows\System\lYWDaWS.exe
  2⤵
  PID:2428
- C:\Windows\System\bpmFZpw.exe
  C:\Windows\System\bpmFZpw.exe
  2⤵
  PID:2184
- C:\Windows\System\PCTyqnI.exe
  C:\Windows\System\PCTyqnI.exe
  2⤵
  PID:292
- C:\Windows\System\NVMSRrD.exe
  C:\Windows\System\NVMSRrD.exe
  2⤵
  PID:4568
- C:\Windows\System\LnowkhY.exe
  C:\Windows\System\LnowkhY.exe
  2⤵
  PID:4604
- C:\Windows\System\lMNmRhx.exe
  C:\Windows\System\lMNmRhx.exe
  2⤵
  PID:4656
- C:\Windows\System\OtIIYjA.exe
  C:\Windows\System\OtIIYjA.exe
  2⤵
  PID:4644
- C:\Windows\System\KCbavQS.exe
  C:\Windows\System\KCbavQS.exe
  2⤵
  PID:576
- C:\Windows\System\porkjlC.exe
  C:\Windows\System\porkjlC.exe
  2⤵
  PID:4688
- C:\Windows\System\zvDmnbU.exe
  C:\Windows\System\zvDmnbU.exe
  2⤵
  PID:4756
- C:\Windows\System\pQYgLUy.exe
  C:\Windows\System\pQYgLUy.exe
  2⤵
  PID:4764
- C:\Windows\System\WQncPZY.exe
  C:\Windows\System\WQncPZY.exe
  2⤵
  PID:4824
- C:\Windows\System\VlmpJNq.exe
  C:\Windows\System\VlmpJNq.exe
  2⤵
  PID:4800
- C:\Windows\System\mdNMpaO.exe
  C:\Windows\System\mdNMpaO.exe
  2⤵
  PID:4844
- C:\Windows\System\dCZEkcX.exe
  C:\Windows\System\dCZEkcX.exe
  2⤵
  PID:4896
- C:\Windows\System\AxSPkzu.exe
  C:\Windows\System\AxSPkzu.exe
  2⤵
  PID:4924
- C:\Windows\System\qfoOwgE.exe
  C:\Windows\System\qfoOwgE.exe
  2⤵
  PID:4992
- C:\Windows\System\SPkSMtH.exe
  C:\Windows\System\SPkSMtH.exe
  2⤵
  PID:2272
- C:\Windows\System\CnfcZQH.exe
  C:\Windows\System\CnfcZQH.exe
  2⤵
  PID:5080
- C:\Windows\System\pQcVcgs.exe
  C:\Windows\System\pQcVcgs.exe
  2⤵
  PID:3600
- C:\Windows\System\jJfrSAJ.exe
  C:\Windows\System\jJfrSAJ.exe
  2⤵
  PID:4340
- C:\Windows\System\dYmstBj.exe
  C:\Windows\System\dYmstBj.exe
  2⤵
  PID:2644
- C:\Windows\System\QdgnSLk.exe
  C:\Windows\System\QdgnSLk.exe
  2⤵
  PID:4416
- C:\Windows\System\LaBVmIj.exe
  C:\Windows\System\LaBVmIj.exe
  2⤵
  PID:4432
- C:\Windows\System\XYFwYRT.exe
  C:\Windows\System\XYFwYRT.exe
  2⤵
  PID:2648
- C:\Windows\System\QyWWIEC.exe
  C:\Windows\System\QyWWIEC.exe
  2⤵
  PID:4324
- C:\Windows\System\zeRqUMq.exe
  C:\Windows\System\zeRqUMq.exe
  2⤵
  PID:4624
- C:\Windows\System\AHIzjQs.exe
  C:\Windows\System\AHIzjQs.exe
  2⤵
  PID:2148
- C:\Windows\System\iPyPDTX.exe
  C:\Windows\System\iPyPDTX.exe
  2⤵
  PID:4772
- C:\Windows\System\mgKBuZX.exe
  C:\Windows\System\mgKBuZX.exe
  2⤵
  PID:4820
- C:\Windows\System\OplZiGr.exe
  C:\Windows\System\OplZiGr.exe
  2⤵
  PID:4944
- C:\Windows\System\EUJfjnk.exe
  C:\Windows\System\EUJfjnk.exe
  2⤵
  PID:4856
- C:\Windows\System\KnjHHhn.exe
  C:\Windows\System\KnjHHhn.exe
  2⤵
  PID:2968
- C:\Windows\System\UKgnpOU.exe
  C:\Windows\System\UKgnpOU.exe
  2⤵
  PID:5028
- C:\Windows\System\kGuQDrC.exe
  C:\Windows\System\kGuQDrC.exe
  2⤵
  PID:4952
- C:\Windows\System\NrdrdXO.exe
  C:\Windows\System\NrdrdXO.exe
  2⤵
  PID:5096
- C:\Windows\System\aGDKunm.exe
  C:\Windows\System\aGDKunm.exe
  2⤵
  PID:2592
- C:\Windows\System\pPmMxaL.exe
  C:\Windows\System\pPmMxaL.exe
  2⤵
  PID:4400
- C:\Windows\System\RcKUwCS.exe
  C:\Windows\System\RcKUwCS.exe
  2⤵
  PID:4480
- C:\Windows\System\odGRkLd.exe
  C:\Windows\System\odGRkLd.exe
  2⤵
  PID:4296
- C:\Windows\System\yzXFFWd.exe
  C:\Windows\System\yzXFFWd.exe
  2⤵
  PID:4164
- C:\Windows\System\kxVxnqv.exe
  C:\Windows\System\kxVxnqv.exe
  2⤵
  PID:4640
- C:\Windows\System\uWMEnCl.exe
  C:\Windows\System\uWMEnCl.exe
  2⤵
  PID:2784
- C:\Windows\System\oUTuaot.exe
  C:\Windows\System\oUTuaot.exe
  2⤵
  PID:1976
- C:\Windows\System\zeBEtbg.exe
  C:\Windows\System\zeBEtbg.exe
  2⤵
  PID:4524
- C:\Windows\System\TaKchfj.exe
  C:\Windows\System\TaKchfj.exe
  2⤵
  PID:4752
- C:\Windows\System\NDmHtmF.exe
  C:\Windows\System\NDmHtmF.exe
  2⤵
  PID:4932
- C:\Windows\System\PtphYtO.exe
  C:\Windows\System\PtphYtO.exe
  2⤵
  PID:4728
- C:\Windows\System\uQBumjm.exe
  C:\Windows\System\uQBumjm.exe
  2⤵
  PID:4916
- C:\Windows\System\PnSWSLY.exe
  C:\Windows\System\PnSWSLY.exe
  2⤵
  PID:4136
- C:\Windows\System\JFzSGEV.exe
  C:\Windows\System\JFzSGEV.exe
  2⤵
  PID:2380
- C:\Windows\System\qVOqjwB.exe
  C:\Windows\System\qVOqjwB.exe
  2⤵
  PID:2624
- C:\Windows\System\ueFrXpn.exe
  C:\Windows\System\ueFrXpn.exe
  2⤵
  PID:4168
- C:\Windows\System\NlxkypD.exe
  C:\Windows\System\NlxkypD.exe
  2⤵
  PID:4484
- C:\Windows\System\WyycvGe.exe
  C:\Windows\System\WyycvGe.exe
  2⤵
  PID:2964
- C:\Windows\System\PywlaJT.exe
  C:\Windows\System\PywlaJT.exe
  2⤵
  PID:5056
- C:\Windows\System\jYdktcv.exe
  C:\Windows\System\jYdktcv.exe
  2⤵
  PID:4876
- C:\Windows\System\QtJkuBJ.exe
  C:\Windows\System\QtJkuBJ.exe
  2⤵
  PID:4792
- C:\Windows\System\toJGbmJ.exe
  C:\Windows\System\toJGbmJ.exe
  2⤵
  PID:5040
- C:\Windows\System\xGNjMPV.exe
  C:\Windows\System\xGNjMPV.exe
  2⤵
  PID:4628
- C:\Windows\System\HRLpcsU.exe
  C:\Windows\System\HRLpcsU.exe
  2⤵
  PID:5104
- C:\Windows\System\UzPLlVv.exe
  C:\Windows\System\UzPLlVv.exe
  2⤵
  PID:2792
- C:\Windows\System\bYbQHDX.exe
  C:\Windows\System\bYbQHDX.exe
  2⤵
  PID:4684
- C:\Windows\System\YKVUwtx.exe
  C:\Windows\System\YKVUwtx.exe
  2⤵
  PID:5012
- C:\Windows\System\lwggwmq.exe
  C:\Windows\System\lwggwmq.exe
  2⤵
  PID:4116
- C:\Windows\System\AVmTIkJ.exe
  C:\Windows\System\AVmTIkJ.exe
  2⤵
  PID:5132
- C:\Windows\System\TuBnyyV.exe
  C:\Windows\System\TuBnyyV.exe
  2⤵
  PID:5148
- C:\Windows\System\TwtydwZ.exe
  C:\Windows\System\TwtydwZ.exe
  2⤵
  PID:5164
- C:\Windows\System\wWOwTMp.exe
  C:\Windows\System\wWOwTMp.exe
  2⤵
  PID:5180
- C:\Windows\System\vuaBXAM.exe
  C:\Windows\System\vuaBXAM.exe
  2⤵
  PID:5196
- C:\Windows\System\WUfVFwP.exe
  C:\Windows\System\WUfVFwP.exe
  2⤵
  PID:5212
- C:\Windows\System\GRmOWCG.exe
  C:\Windows\System\GRmOWCG.exe
  2⤵
  PID:5228
- C:\Windows\System\ShxWAcG.exe
  C:\Windows\System\ShxWAcG.exe
  2⤵
  PID:5244
- C:\Windows\System\nInxLwq.exe
  C:\Windows\System\nInxLwq.exe
  2⤵
  PID:5260
- C:\Windows\System\lInYhMP.exe
  C:\Windows\System\lInYhMP.exe
  2⤵
  PID:5276
- C:\Windows\System\KXEMiEX.exe
  C:\Windows\System\KXEMiEX.exe
  2⤵
  PID:5292
- C:\Windows\System\vLdqkMd.exe
  C:\Windows\System\vLdqkMd.exe
  2⤵
  PID:5308
- C:\Windows\System\VBgXmgv.exe
  C:\Windows\System\VBgXmgv.exe
  2⤵
  PID:5324
- C:\Windows\System\JHbprNB.exe
  C:\Windows\System\JHbprNB.exe
  2⤵
  PID:5340
- C:\Windows\System\iWWGtXY.exe
  C:\Windows\System\iWWGtXY.exe
  2⤵
  PID:5360
- C:\Windows\System\qyoDnCi.exe
  C:\Windows\System\qyoDnCi.exe
  2⤵
  PID:5376
- C:\Windows\System\ZgDqWMc.exe
  C:\Windows\System\ZgDqWMc.exe
  2⤵
  PID:5400
- C:\Windows\System\QycFbxu.exe
  C:\Windows\System\QycFbxu.exe
  2⤵
  PID:5416
- C:\Windows\System\uuSbTiX.exe
  C:\Windows\System\uuSbTiX.exe
  2⤵
  PID:5432
- C:\Windows\System\vlNUljL.exe
  C:\Windows\System\vlNUljL.exe
  2⤵
  PID:5448
- C:\Windows\System\MLaxMkg.exe
  C:\Windows\System\MLaxMkg.exe
  2⤵
  PID:5464
- C:\Windows\System\sqpcwhg.exe
  C:\Windows\System\sqpcwhg.exe
  2⤵
  PID:5480
- C:\Windows\System\EcuoJjW.exe
  C:\Windows\System\EcuoJjW.exe
  2⤵
  PID:5504
- C:\Windows\System\VWpfrPa.exe
  C:\Windows\System\VWpfrPa.exe
  2⤵
  PID:5520
- C:\Windows\System\dUtzdsv.exe
  C:\Windows\System\dUtzdsv.exe
  2⤵
  PID:5536
- C:\Windows\System\QEewPMJ.exe
  C:\Windows\System\QEewPMJ.exe
  2⤵
  PID:5552
- C:\Windows\System\XdHbDFg.exe
  C:\Windows\System\XdHbDFg.exe
  2⤵
  PID:5568
- C:\Windows\System\RLjePvA.exe
  C:\Windows\System\RLjePvA.exe
  2⤵
  PID:5584
- C:\Windows\System\VhyKTzA.exe
  C:\Windows\System\VhyKTzA.exe
  2⤵
  PID:5600
- C:\Windows\System\qNcQCYy.exe
  C:\Windows\System\qNcQCYy.exe
  2⤵
  PID:5616
- C:\Windows\System\DoEGXFS.exe
  C:\Windows\System\DoEGXFS.exe
  2⤵
  PID:5632
- C:\Windows\System\skmJBox.exe
  C:\Windows\System\skmJBox.exe
  2⤵
  PID:5648
- C:\Windows\System\EXsTbfn.exe
  C:\Windows\System\EXsTbfn.exe
  2⤵
  PID:5664
- C:\Windows\System\ZmAjdLE.exe
  C:\Windows\System\ZmAjdLE.exe
  2⤵
  PID:5680
- C:\Windows\System\XdpCuhU.exe
  C:\Windows\System\XdpCuhU.exe
  2⤵
  PID:5700
- C:\Windows\System\YFESLfw.exe
  C:\Windows\System\YFESLfw.exe
  2⤵
  PID:5716
- C:\Windows\System\rDSRvwc.exe
  C:\Windows\System\rDSRvwc.exe
  2⤵
  PID:5732
- C:\Windows\System\cLyLIFa.exe
  C:\Windows\System\cLyLIFa.exe
  2⤵
  PID:5748
- C:\Windows\System\vHnATkZ.exe
  C:\Windows\System\vHnATkZ.exe
  2⤵
  PID:5764
- C:\Windows\System\PngjcNt.exe
  C:\Windows\System\PngjcNt.exe
  2⤵
  PID:5788
- C:\Windows\System\QpwIkrd.exe
  C:\Windows\System\QpwIkrd.exe
  2⤵
  PID:5808
- C:\Windows\System\WYsjSFB.exe
  C:\Windows\System\WYsjSFB.exe
  2⤵
  PID:5824
- C:\Windows\System\qsigxdO.exe
  C:\Windows\System\qsigxdO.exe
  2⤵
  PID:5840
- C:\Windows\System\AuyMsBu.exe
  C:\Windows\System\AuyMsBu.exe
  2⤵
  PID:5856
- C:\Windows\System\jaRcgSY.exe
  C:\Windows\System\jaRcgSY.exe
  2⤵
  PID:5872
- C:\Windows\System\OPnTqfj.exe
  C:\Windows\System\OPnTqfj.exe
  2⤵
  PID:5888
- C:\Windows\System\NhdBYap.exe
  C:\Windows\System\NhdBYap.exe
  2⤵
  PID:5904
- C:\Windows\System\QBhwRcq.exe
  C:\Windows\System\QBhwRcq.exe
  2⤵
  PID:5924
- C:\Windows\System\BJOYHEL.exe
  C:\Windows\System\BJOYHEL.exe
  2⤵
  PID:5940
- C:\Windows\System\okvHySq.exe
  C:\Windows\System\okvHySq.exe
  2⤵
  PID:5956
- C:\Windows\System\nKDIgig.exe
  C:\Windows\System\nKDIgig.exe
  2⤵
  PID:5976
- C:\Windows\System\jFLcIdS.exe
  C:\Windows\System\jFLcIdS.exe
  2⤵
  PID:5992
- C:\Windows\System\bjHfhbL.exe
  C:\Windows\System\bjHfhbL.exe
  2⤵
  PID:6012
- C:\Windows\System\FpQnIOM.exe
  C:\Windows\System\FpQnIOM.exe
  2⤵
  PID:6032
- C:\Windows\System\TyXGGGZ.exe
  C:\Windows\System\TyXGGGZ.exe
  2⤵
  PID:6048
- C:\Windows\System\hRUsxSK.exe
  C:\Windows\System\hRUsxSK.exe
  2⤵
  PID:6068
- C:\Windows\System\OyvQFFX.exe
  C:\Windows\System\OyvQFFX.exe
  2⤵
  PID:6084
- C:\Windows\System\pIXnbaz.exe
  C:\Windows\System\pIXnbaz.exe
  2⤵
  PID:6100
- C:\Windows\System\uFgQIij.exe
  C:\Windows\System\uFgQIij.exe
  2⤵
  PID:6116
- C:\Windows\System\MvCyQfw.exe
  C:\Windows\System\MvCyQfw.exe
  2⤵
  PID:6132
- C:\Windows\System\komgkDS.exe
  C:\Windows\System\komgkDS.exe
  2⤵
  PID:4248
- C:\Windows\System\MzoXXml.exe
  C:\Windows\System\MzoXXml.exe
  2⤵
  PID:5124
- C:\Windows\System\wyIrWzQ.exe
  C:\Windows\System\wyIrWzQ.exe
  2⤵
  PID:5144
- C:\Windows\System\uygdtDe.exe
  C:\Windows\System\uygdtDe.exe
  2⤵
  PID:5220
- C:\Windows\System\TTfRuPO.exe
  C:\Windows\System\TTfRuPO.exe
  2⤵
  PID:5252
- C:\Windows\System\eGrmTTH.exe
  C:\Windows\System\eGrmTTH.exe
  2⤵
  PID:5240
- C:\Windows\System\SRlAjOL.exe
  C:\Windows\System\SRlAjOL.exe
  2⤵
  PID:5284
- C:\Windows\System\aEiAalD.exe
  C:\Windows\System\aEiAalD.exe
  2⤵
  PID:4996
- C:\Windows\System\QnUZehg.exe
  C:\Windows\System\QnUZehg.exe
  2⤵
  PID:5348
- C:\Windows\System\DUIKIJx.exe
  C:\Windows\System\DUIKIJx.exe
  2⤵
  PID:4556
- C:\Windows\System\hpZrgqY.exe
  C:\Windows\System\hpZrgqY.exe
  2⤵
  PID:5372
- C:\Windows\System\PtEgooe.exe
  C:\Windows\System\PtEgooe.exe
  2⤵
  PID:5424
- C:\Windows\System\bzNQZSc.exe
  C:\Windows\System\bzNQZSc.exe
  2⤵
  PID:5460
- C:\Windows\System\ADdBJjO.exe
  C:\Windows\System\ADdBJjO.exe
  2⤵
  PID:5444
- C:\Windows\System\Jckaofl.exe
  C:\Windows\System\Jckaofl.exe
  2⤵
  PID:5496
- C:\Windows\System\wKwUHqh.exe
  C:\Windows\System\wKwUHqh.exe
  2⤵
  PID:5532
- C:\Windows\System\atjMPYN.exe
  C:\Windows\System\atjMPYN.exe
  2⤵
  PID:5592
- C:\Windows\System\jXrNNSS.exe
  C:\Windows\System\jXrNNSS.exe
  2⤵
  PID:5544
- C:\Windows\System\RDeSPRN.exe
  C:\Windows\System\RDeSPRN.exe
  2⤵
  PID:5576
- C:\Windows\System\HAFTIFw.exe
  C:\Windows\System\HAFTIFw.exe
  2⤵
  PID:5640
- C:\Windows\System\qPjeqjR.exe
  C:\Windows\System\qPjeqjR.exe
  2⤵
  PID:5696
- C:\Windows\System\wZAPuzw.exe
  C:\Windows\System\wZAPuzw.exe
  2⤵
  PID:5708
- C:\Windows\System\QRWNhNO.exe
  C:\Windows\System\QRWNhNO.exe
  2⤵
  PID:5756
- C:\Windows\System\JQXOhjv.exe
  C:\Windows\System\JQXOhjv.exe
  2⤵
  PID:5832
- C:\Windows\System\qLZjjVH.exe
  C:\Windows\System\qLZjjVH.exe
  2⤵
  PID:5776
- C:\Windows\System\VGfRgxZ.exe
  C:\Windows\System\VGfRgxZ.exe
  2⤵
  PID:5744
- C:\Windows\System\LSaftHD.exe
  C:\Windows\System\LSaftHD.exe
  2⤵
  PID:5900
- C:\Windows\System\YqPKRVN.exe
  C:\Windows\System\YqPKRVN.exe
  2⤵
  PID:5920
- C:\Windows\System\vvWSJUU.exe
  C:\Windows\System\vvWSJUU.exe
  2⤵
  PID:5912
- C:\Windows\System\TpKLLzD.exe
  C:\Windows\System\TpKLLzD.exe
  2⤵
  PID:6000
- C:\Windows\System\PagKeSI.exe
  C:\Windows\System\PagKeSI.exe
  2⤵
  PID:6044
- C:\Windows\System\uboOftD.exe
  C:\Windows\System\uboOftD.exe
  2⤵
  PID:5988
- C:\Windows\System\aiiHkLg.exe
  C:\Windows\System\aiiHkLg.exe
  2⤵
  PID:6108
- C:\Windows\System\LjMfTHB.exe
  C:\Windows\System\LjMfTHB.exe
  2⤵
  PID:6024
- C:\Windows\System\AgHZvAO.exe
  C:\Windows\System\AgHZvAO.exe
  2⤵
  PID:6092
- C:\Windows\System\DfnHdKf.exe
  C:\Windows\System\DfnHdKf.exe
  2⤵
  PID:5140
- C:\Windows\System\YOyutEm.exe
  C:\Windows\System\YOyutEm.exe
  2⤵
  PID:5268
- C:\Windows\System\xaaKcSC.exe
  C:\Windows\System\xaaKcSC.exe
  2⤵
  PID:5332
- C:\Windows\System\yergyOi.exe
  C:\Windows\System\yergyOi.exe
  2⤵
  PID:5352
- C:\Windows\System\IYdbtWP.exe
  C:\Windows\System\IYdbtWP.exe
  2⤵
  PID:5172
- C:\Windows\System\zTRMiLc.exe
  C:\Windows\System\zTRMiLc.exe
  2⤵
  PID:5236
- C:\Windows\System\PRYhXYj.exe
  C:\Windows\System\PRYhXYj.exe
  2⤵
  PID:5412
- C:\Windows\System\StzQGrq.exe
  C:\Windows\System\StzQGrq.exe
  2⤵
  PID:5560
- C:\Windows\System\IKipFYR.exe
  C:\Windows\System\IKipFYR.exe
  2⤵
  PID:5512
- C:\Windows\System\RqBykxn.exe
  C:\Windows\System\RqBykxn.exe
  2⤵
  PID:5660
- C:\Windows\System\MGYqlWb.exe
  C:\Windows\System\MGYqlWb.exe
  2⤵
  PID:5728
- C:\Windows\System\kqyUGaC.exe
  C:\Windows\System\kqyUGaC.exe
  2⤵
  PID:5676
- C:\Windows\System\ruLNnKe.exe
  C:\Windows\System\ruLNnKe.exe
  2⤵
  PID:5864
- C:\Windows\System\WenRQbH.exe
  C:\Windows\System\WenRQbH.exe
  2⤵
  PID:5896
- C:\Windows\System\MNxWtwk.exe
  C:\Windows\System\MNxWtwk.exe
  2⤵
  PID:5916
- C:\Windows\System\quBtkJC.exe
  C:\Windows\System\quBtkJC.exe
  2⤵
  PID:4660
- C:\Windows\System\XHTuecR.exe
  C:\Windows\System\XHTuecR.exe
  2⤵
  PID:5952
- C:\Windows\System\ceDJLRi.exe
  C:\Windows\System\ceDJLRi.exe
  2⤵
  PID:6080
- C:\Windows\System\lcUqjhU.exe
  C:\Windows\System\lcUqjhU.exe
  2⤵
  PID:6064
- C:\Windows\System\dguxvBf.exe
  C:\Windows\System\dguxvBf.exe
  2⤵
  PID:5192
- C:\Windows\System\nxlCOmD.exe
  C:\Windows\System\nxlCOmD.exe
  2⤵
  PID:5044
- C:\Windows\System\IMwMirt.exe
  C:\Windows\System\IMwMirt.exe
  2⤵
  PID:5304
- C:\Windows\System\pmDtHwO.exe
  C:\Windows\System\pmDtHwO.exe
  2⤵
  PID:5204
- C:\Windows\System\KeBYiOM.exe
  C:\Windows\System\KeBYiOM.exe
  2⤵
  PID:5476
- C:\Windows\System\QUJCwpw.exe
  C:\Windows\System\QUJCwpw.exe
  2⤵
  PID:5528
- C:\Windows\System\AEyHqSn.exe
  C:\Windows\System\AEyHqSn.exe
  2⤵
  PID:5608
- C:\Windows\System\YAxtsIE.exe
  C:\Windows\System\YAxtsIE.exe
  2⤵
  PID:5804
- C:\Windows\System\RreUShp.exe
  C:\Windows\System\RreUShp.exe
  2⤵
  PID:5964
- C:\Windows\System\NaZZRwW.exe
  C:\Windows\System\NaZZRwW.exe
  2⤵
  PID:4440
- C:\Windows\System\qxuPEsm.exe
  C:\Windows\System\qxuPEsm.exe
  2⤵
  PID:6124
- C:\Windows\System\xwjBiYQ.exe
  C:\Windows\System\xwjBiYQ.exe
  2⤵
  PID:5272
- C:\Windows\System\jifHMcE.exe
  C:\Windows\System\jifHMcE.exe
  2⤵
  PID:2200
- C:\Windows\System\XeqEFXx.exe
  C:\Windows\System\XeqEFXx.exe
  2⤵
  PID:5628
- C:\Windows\System\ZvFGvGL.exe
  C:\Windows\System\ZvFGvGL.exe
  2⤵
  PID:5784
- C:\Windows\System\LSUqViG.exe
  C:\Windows\System\LSUqViG.exe
  2⤵
  PID:6040
- C:\Windows\System\ZUyKITp.exe
  C:\Windows\System\ZUyKITp.exe
  2⤵
  PID:6060
- C:\Windows\System\wjryWML.exe
  C:\Windows\System\wjryWML.exe
  2⤵
  PID:6152
- C:\Windows\System\ctByVHS.exe
  C:\Windows\System\ctByVHS.exe
  2⤵
  PID:6168
- C:\Windows\System\huraquT.exe
  C:\Windows\System\huraquT.exe
  2⤵
  PID:6184
- C:\Windows\System\aKvRgQw.exe
  C:\Windows\System\aKvRgQw.exe
  2⤵
  PID:6200
- C:\Windows\System\hmJlXnl.exe
  C:\Windows\System\hmJlXnl.exe
  2⤵
  PID:6216
- C:\Windows\System\UUNOCLu.exe
  C:\Windows\System\UUNOCLu.exe
  2⤵
  PID:6232
- C:\Windows\System\pjfSsnH.exe
  C:\Windows\System\pjfSsnH.exe
  2⤵
  PID:6248
- C:\Windows\System\enocwmj.exe
  C:\Windows\System\enocwmj.exe
  2⤵
  PID:6264
- C:\Windows\System\vsnznCI.exe
  C:\Windows\System\vsnznCI.exe
  2⤵
  PID:6284
- C:\Windows\System\CdZZRDs.exe
  C:\Windows\System\CdZZRDs.exe
  2⤵
  PID:6300
- C:\Windows\System\pgBMqgY.exe
  C:\Windows\System\pgBMqgY.exe
  2⤵
  PID:6316
- C:\Windows\System\oQWrWeC.exe
  C:\Windows\System\oQWrWeC.exe
  2⤵
  PID:6332
- C:\Windows\System\UbsulLi.exe
  C:\Windows\System\UbsulLi.exe
  2⤵
  PID:6348
- C:\Windows\System\jlRQpTS.exe
  C:\Windows\System\jlRQpTS.exe
  2⤵
  PID:6364
- C:\Windows\System\LoNnacz.exe
  C:\Windows\System\LoNnacz.exe
  2⤵
  PID:6380
- C:\Windows\System\OzrKerx.exe
  C:\Windows\System\OzrKerx.exe
  2⤵
  PID:6396
- C:\Windows\System\GccVZiU.exe
  C:\Windows\System\GccVZiU.exe
  2⤵
  PID:6412
- C:\Windows\System\urAvEVA.exe
  C:\Windows\System\urAvEVA.exe
  2⤵
  PID:6428
- C:\Windows\System\nkrcPcF.exe
  C:\Windows\System\nkrcPcF.exe
  2⤵
  PID:6444
- C:\Windows\System\mBWcuWl.exe
  C:\Windows\System\mBWcuWl.exe
  2⤵
  PID:6460
- C:\Windows\System\PgiThgz.exe
  C:\Windows\System\PgiThgz.exe
  2⤵
  PID:6476
- C:\Windows\System\VVXxktt.exe
  C:\Windows\System\VVXxktt.exe
  2⤵
  PID:6492
- C:\Windows\System\FjWvMEC.exe
  C:\Windows\System\FjWvMEC.exe
  2⤵
  PID:6508
- C:\Windows\System\ktKnDLY.exe
  C:\Windows\System\ktKnDLY.exe
  2⤵
  PID:6524
- C:\Windows\System\GPRsYpU.exe
  C:\Windows\System\GPRsYpU.exe
  2⤵
  PID:6540
- C:\Windows\System\mfduXod.exe
  C:\Windows\System\mfduXod.exe
  2⤵
  PID:6556
- C:\Windows\System\sPiIAhX.exe
  C:\Windows\System\sPiIAhX.exe
  2⤵
  PID:6576
- C:\Windows\System\EwmyMan.exe
  C:\Windows\System\EwmyMan.exe
  2⤵
  PID:6600
- C:\Windows\System\eoFEgNB.exe
  C:\Windows\System\eoFEgNB.exe
  2⤵
  PID:6616
- C:\Windows\System\inpIgiM.exe
  C:\Windows\System\inpIgiM.exe
  2⤵
  PID:6636
- C:\Windows\System\XKPrUWP.exe
  C:\Windows\System\XKPrUWP.exe
  2⤵
  PID:6652
- C:\Windows\System\tgDyUkH.exe
  C:\Windows\System\tgDyUkH.exe
  2⤵
  PID:6668
- C:\Windows\System\HfByrSb.exe
  C:\Windows\System\HfByrSb.exe
  2⤵
  PID:6684
- C:\Windows\System\OfoPaRl.exe
  C:\Windows\System\OfoPaRl.exe
  2⤵
  PID:6700
- C:\Windows\System\MYDzEHb.exe
  C:\Windows\System\MYDzEHb.exe
  2⤵
  PID:6716
- C:\Windows\System\qvjQOVI.exe
  C:\Windows\System\qvjQOVI.exe
  2⤵
  PID:6732
- C:\Windows\System\jyGhFog.exe
  C:\Windows\System\jyGhFog.exe
  2⤵
  PID:6748
- C:\Windows\System\mWAnKKJ.exe
  C:\Windows\System\mWAnKKJ.exe
  2⤵
  PID:6764
- C:\Windows\System\EcYKRdS.exe
  C:\Windows\System\EcYKRdS.exe
  2⤵
  PID:6780
- C:\Windows\System\zLEkqPl.exe
  C:\Windows\System\zLEkqPl.exe
  2⤵
  PID:6796
- C:\Windows\System\qroiIBv.exe
  C:\Windows\System\qroiIBv.exe
  2⤵
  PID:6816
- C:\Windows\System\nSVrMjs.exe
  C:\Windows\System\nSVrMjs.exe
  2⤵
  PID:6840
- C:\Windows\System\iaihfWx.exe
  C:\Windows\System\iaihfWx.exe
  2⤵
  PID:6856
- C:\Windows\System\CbdnNCd.exe
  C:\Windows\System\CbdnNCd.exe
  2⤵
  PID:6872
- C:\Windows\System\nsLqNNd.exe
  C:\Windows\System\nsLqNNd.exe
  2⤵
  PID:6888
- C:\Windows\System\TwexlDU.exe
  C:\Windows\System\TwexlDU.exe
  2⤵
  PID:6904
- C:\Windows\System\VjTiRnw.exe
  C:\Windows\System\VjTiRnw.exe
  2⤵
  PID:6920
- C:\Windows\System\DBOqBEh.exe
  C:\Windows\System\DBOqBEh.exe
  2⤵
  PID:6936
- C:\Windows\System\KNSOBSh.exe
  C:\Windows\System\KNSOBSh.exe
  2⤵
  PID:6952
- C:\Windows\System\QSNGOOw.exe
  C:\Windows\System\QSNGOOw.exe
  2⤵
  PID:6968
- C:\Windows\System\NYEiaxs.exe
  C:\Windows\System\NYEiaxs.exe
  2⤵
  PID:6984
- C:\Windows\System\zyfHvEB.exe
  C:\Windows\System\zyfHvEB.exe
  2⤵
  PID:7000
- C:\Windows\System\gBfXivC.exe
  C:\Windows\System\gBfXivC.exe
  2⤵
  PID:7016
- C:\Windows\System\qxDSuTw.exe
  C:\Windows\System\qxDSuTw.exe
  2⤵
  PID:7032
- C:\Windows\System\pgHXhnJ.exe
  C:\Windows\System\pgHXhnJ.exe
  2⤵
  PID:7048
- C:\Windows\System\UPprmEm.exe
  C:\Windows\System\UPprmEm.exe
  2⤵
  PID:7064
- C:\Windows\System\gkcBqHZ.exe
  C:\Windows\System\gkcBqHZ.exe
  2⤵
  PID:7080
- C:\Windows\System\nCBiQnY.exe
  C:\Windows\System\nCBiQnY.exe
  2⤵
  PID:7096
- C:\Windows\System\irUeQSS.exe
  C:\Windows\System\irUeQSS.exe
  2⤵
  PID:7112
- C:\Windows\System\omBkUfW.exe
  C:\Windows\System\omBkUfW.exe
  2⤵
  PID:7128
- C:\Windows\System\hUxabod.exe
  C:\Windows\System\hUxabod.exe
  2⤵
  PID:7144
- C:\Windows\System\JdaVeiT.exe
  C:\Windows\System\JdaVeiT.exe
  2⤵
  PID:7160
- C:\Windows\System\SqNnnoM.exe
  C:\Windows\System\SqNnnoM.exe
  2⤵
  PID:4488
- C:\Windows\System\YtYPgpK.exe
  C:\Windows\System\YtYPgpK.exe
  2⤵
  PID:6192
- C:\Windows\System\ITzZris.exe
  C:\Windows\System\ITzZris.exe
  2⤵
  PID:884
- C:\Windows\System\ynOEtgy.exe
  C:\Windows\System\ynOEtgy.exe
  2⤵
  PID:5644
- C:\Windows\System\HmvVPnV.exe
  C:\Windows\System\HmvVPnV.exe
  2⤵
  PID:6292
- C:\Windows\System\KuMxMwO.exe
  C:\Windows\System\KuMxMwO.exe
  2⤵
  PID:6328
- C:\Windows\System\EuUlALg.exe
  C:\Windows\System\EuUlALg.exe
  2⤵
  PID:6280
- C:\Windows\System\mrqrRpv.exe
  C:\Windows\System\mrqrRpv.exe
  2⤵
  PID:6388
- C:\Windows\System\JroGNtx.exe
  C:\Windows\System\JroGNtx.exe
  2⤵
  PID:6180
- C:\Windows\System\XULGTds.exe
  C:\Windows\System\XULGTds.exe
  2⤵
  PID:6372
- C:\Windows\System\tOVDMwI.exe
  C:\Windows\System\tOVDMwI.exe
  2⤵
  PID:6424
- C:\Windows\System\pZzAoDx.exe
  C:\Windows\System\pZzAoDx.exe
  2⤵
  PID:6408
- C:\Windows\System\cjAWNZJ.exe
  C:\Windows\System\cjAWNZJ.exe
  2⤵
  PID:6436
- C:\Windows\System\NlFOKce.exe
  C:\Windows\System\NlFOKce.exe
  2⤵
  PID:6500
- C:\Windows\System\KlUMMKb.exe
  C:\Windows\System\KlUMMKb.exe
  2⤵
  PID:6548
- C:\Windows\System\QIdyfOi.exe
  C:\Windows\System\QIdyfOi.exe
  2⤵
  PID:6588
- C:\Windows\System\UnAPmfb.exe
  C:\Windows\System\UnAPmfb.exe
  2⤵
  PID:6608
- C:\Windows\System\NHiJxej.exe
  C:\Windows\System\NHiJxej.exe
  2⤵
  PID:6624
- C:\Windows\System\eZRlSnT.exe
  C:\Windows\System\eZRlSnT.exe
  2⤵
  PID:6664
- C:\Windows\System\JjfTtqO.exe
  C:\Windows\System\JjfTtqO.exe
  2⤵
  PID:6644
- C:\Windows\System\aYRLIDx.exe
  C:\Windows\System\aYRLIDx.exe
  2⤵
  PID:6708
- C:\Windows\System\yLyWDPN.exe
  C:\Windows\System\yLyWDPN.exe
  2⤵
  PID:6760
- C:\Windows\System\noPoQGJ.exe
  C:\Windows\System\noPoQGJ.exe
  2⤵
  PID:6776
- C:\Windows\System\QgnSFmp.exe
  C:\Windows\System\QgnSFmp.exe
  2⤵
  PID:6744
- C:\Windows\System\tdVZuvq.exe
  C:\Windows\System\tdVZuvq.exe
  2⤵
  PID:6864
- C:\Windows\System\RuiYDcz.exe
  C:\Windows\System\RuiYDcz.exe
  2⤵
  PID:6900
- C:\Windows\System\IkVCeDW.exe
  C:\Windows\System\IkVCeDW.exe
  2⤵
  PID:6848
- C:\Windows\System\kEQSNUz.exe
  C:\Windows\System\kEQSNUz.exe
  2⤵
  PID:6928
- C:\Windows\System\qRNpHkp.exe
  C:\Windows\System\qRNpHkp.exe
  2⤵
  PID:7056
- C:\Windows\System\XwEfuSa.exe
  C:\Windows\System\XwEfuSa.exe
  2⤵
  PID:7024
- C:\Windows\System\qzZkmIW.exe
  C:\Windows\System\qzZkmIW.exe
  2⤵
  PID:6208
- C:\Windows\System\TmeVXzq.exe
  C:\Windows\System\TmeVXzq.exe
  2⤵
  PID:5224
- C:\Windows\System\QijIEYR.exe
  C:\Windows\System\QijIEYR.exe
  2⤵
  PID:6456
- C:\Windows\System\hYgmBCw.exe
  C:\Windows\System\hYgmBCw.exe
  2⤵
  PID:6404
- C:\Windows\System\kWlRuoS.exe
  C:\Windows\System\kWlRuoS.exe
  2⤵
  PID:6612
- C:\Windows\System\wzXwqVP.exe
  C:\Windows\System\wzXwqVP.exe
  2⤵
  PID:6812
- C:\Windows\System\AtAnMGK.exe
  C:\Windows\System\AtAnMGK.exe
  2⤵
  PID:6660
- C:\Windows\System\WKeHeop.exe
  C:\Windows\System\WKeHeop.exe
  2⤵
  PID:6944
- C:\Windows\System\OZfBUzS.exe
  C:\Windows\System\OZfBUzS.exe
  2⤵
  PID:6832
- C:\Windows\System\sJMAbcW.exe
  C:\Windows\System\sJMAbcW.exe
  2⤵
  PID:6836
- C:\Windows\System\vqPkqjL.exe
  C:\Windows\System\vqPkqjL.exe
  2⤵
  PID:6804
- C:\Windows\System\uFfeRAI.exe
  C:\Windows\System\uFfeRAI.exe
  2⤵
  PID:6520
- C:\Windows\System\zHwZQOi.exe
  C:\Windows\System\zHwZQOi.exe
  2⤵
  PID:6976
- C:\Windows\System\EWLeVYu.exe
  C:\Windows\System\EWLeVYu.exe
  2⤵
  PID:7532
- C:\Windows\System\RAMmwfy.exe
  C:\Windows\System\RAMmwfy.exe
  2⤵
  PID:7548
- C:\Windows\System\JwESnul.exe
  C:\Windows\System\JwESnul.exe
  2⤵
  PID:7564
- C:\Windows\System\zPkKsiQ.exe
  C:\Windows\System\zPkKsiQ.exe
  2⤵
  PID:7580
- C:\Windows\System\XdSMqoS.exe
  C:\Windows\System\XdSMqoS.exe
  2⤵
  PID:7700
- C:\Windows\System\YazrYnF.exe
  C:\Windows\System\YazrYnF.exe
  2⤵
  PID:7740
- C:\Windows\System\TMYhdTL.exe
  C:\Windows\System\TMYhdTL.exe
  2⤵
  PID:7764
- C:\Windows\System\XmTPUcU.exe
  C:\Windows\System\XmTPUcU.exe
  2⤵
  PID:7800
- C:\Windows\System\SIthQuR.exe
  C:\Windows\System\SIthQuR.exe
  2⤵
  PID:7828
- C:\Windows\System\SBWXKam.exe
  C:\Windows\System\SBWXKam.exe
  2⤵
  PID:7852
- C:\Windows\System\PbYEZYs.exe
  C:\Windows\System\PbYEZYs.exe
  2⤵
  PID:7868
- C:\Windows\System\ANafaGM.exe
  C:\Windows\System\ANafaGM.exe
  2⤵
  PID:7884
- C:\Windows\System\mvVXRfg.exe
  C:\Windows\System\mvVXRfg.exe
  2⤵
  PID:7900
- C:\Windows\System\pUQLrJF.exe
  C:\Windows\System\pUQLrJF.exe
  2⤵
  PID:7916
- C:\Windows\System\PpyqJHz.exe
  C:\Windows\System\PpyqJHz.exe
  2⤵
  PID:7932
- C:\Windows\System\maaXgFW.exe
  C:\Windows\System\maaXgFW.exe
  2⤵
  PID:7948
- C:\Windows\System\PXniqof.exe
  C:\Windows\System\PXniqof.exe
  2⤵
  PID:7964
- C:\Windows\System\EgiGglA.exe
  C:\Windows\System\EgiGglA.exe
  2⤵
  PID:7984
- C:\Windows\System\omrfnQm.exe
  C:\Windows\System\omrfnQm.exe
  2⤵
  PID:8000
- C:\Windows\System\TIFkoJL.exe
  C:\Windows\System\TIFkoJL.exe
  2⤵
  PID:8016
- C:\Windows\System\RJLAjZm.exe
  C:\Windows\System\RJLAjZm.exe
  2⤵
  PID:8032
- C:\Windows\System\NqZKlDj.exe
  C:\Windows\System\NqZKlDj.exe
  2⤵
  PID:8048
- C:\Windows\System\dNUbWXD.exe
  C:\Windows\System\dNUbWXD.exe
  2⤵
  PID:8064
- C:\Windows\System\HirVkBf.exe
  C:\Windows\System\HirVkBf.exe
  2⤵
  PID:8080
- C:\Windows\System\TBqghXk.exe
  C:\Windows\System\TBqghXk.exe
  2⤵
  PID:8096
- C:\Windows\System\yxJnTwa.exe
  C:\Windows\System\yxJnTwa.exe
  2⤵
  PID:8112
- C:\Windows\System\FSGhZbp.exe
  C:\Windows\System\FSGhZbp.exe
  2⤵
  PID:8128
- C:\Windows\System\PUYAQqP.exe
  C:\Windows\System\PUYAQqP.exe
  2⤵
  PID:8144
- C:\Windows\System\ZMRDcHY.exe
  C:\Windows\System\ZMRDcHY.exe
  2⤵
  PID:8160
- C:\Windows\System\DzlCKiJ.exe
  C:\Windows\System\DzlCKiJ.exe
  2⤵
  PID:8176
- C:\Windows\System\VIzmRoV.exe
  C:\Windows\System\VIzmRoV.exe
  2⤵
  PID:6996
- C:\Windows\System\NxjtZPd.exe
  C:\Windows\System\NxjtZPd.exe
  2⤵
  PID:6896
- C:\Windows\System\XtxXHWg.exe
  C:\Windows\System\XtxXHWg.exe
  2⤵
  PID:6564
- C:\Windows\System\PBdPTfx.exe
  C:\Windows\System\PBdPTfx.exe
  2⤵
  PID:6164
- C:\Windows\System\VGIRqcP.exe
  C:\Windows\System\VGIRqcP.exe
  2⤵
  PID:6224
- C:\Windows\System\JtqVVFr.exe
  C:\Windows\System\JtqVVFr.exe
  2⤵
  PID:6008
- C:\Windows\System\rOyjPap.exe
  C:\Windows\System\rOyjPap.exe
  2⤵
  PID:6240
- C:\Windows\System\cnAVXwy.exe
  C:\Windows\System\cnAVXwy.exe
  2⤵
  PID:1492
- C:\Windows\System\MpLAPxB.exe
  C:\Windows\System\MpLAPxB.exe
  2⤵
  PID:7060
- C:\Windows\System\AdmnPaE.exe
  C:\Windows\System\AdmnPaE.exe
  2⤵
  PID:7076
- C:\Windows\System\evNlWie.exe
  C:\Windows\System\evNlWie.exe
  2⤵
  PID:7184
- C:\Windows\System\JuYZkyM.exe
  C:\Windows\System\JuYZkyM.exe
  2⤵
  PID:7200
- C:\Windows\System\ilNNlGm.exe
  C:\Windows\System\ilNNlGm.exe
  2⤵
  PID:7216
- C:\Windows\System\TbFcuhu.exe
  C:\Windows\System\TbFcuhu.exe
  2⤵
  PID:7232
- C:\Windows\System\bSUvFDN.exe
  C:\Windows\System\bSUvFDN.exe
  2⤵
  PID:7248
- C:\Windows\System\cMIzAoh.exe
  C:\Windows\System\cMIzAoh.exe
  2⤵
  PID:7264
- C:\Windows\System\PREwBRC.exe
  C:\Windows\System\PREwBRC.exe
  2⤵
  PID:7280
- C:\Windows\System\hUxGkAq.exe
  C:\Windows\System\hUxGkAq.exe
  2⤵
  PID:7300
- C:\Windows\System\pyLPVfM.exe
  C:\Windows\System\pyLPVfM.exe
  2⤵
  PID:7312
- C:\Windows\System\UBjZAqG.exe
  C:\Windows\System\UBjZAqG.exe
  2⤵
  PID:7332
- C:\Windows\System\lQKiYEm.exe
  C:\Windows\System\lQKiYEm.exe
  2⤵
  PID:7344
- C:\Windows\System\jQqruzO.exe
  C:\Windows\System\jQqruzO.exe
  2⤵
  PID:7360
- C:\Windows\System\GTtOHpw.exe
  C:\Windows\System\GTtOHpw.exe
  2⤵
  PID:7376
- C:\Windows\System\krrjNtF.exe
  C:\Windows\System\krrjNtF.exe
  2⤵
  PID:7392
- C:\Windows\System\yXrKFYl.exe
  C:\Windows\System\yXrKFYl.exe
  2⤵
  PID:7408
- C:\Windows\System\EFJquhW.exe
  C:\Windows\System\EFJquhW.exe
  2⤵
  PID:7424
- C:\Windows\System\grxOnHj.exe
  C:\Windows\System\grxOnHj.exe
  2⤵
  PID:7440
- C:\Windows\System\etfrPGK.exe
  C:\Windows\System\etfrPGK.exe
  2⤵
  PID:7456
- C:\Windows\System\McKqXVv.exe
  C:\Windows\System\McKqXVv.exe
  2⤵
  PID:7472
- C:\Windows\System\laKgFHx.exe
  C:\Windows\System\laKgFHx.exe
  2⤵
  PID:7488
- C:\Windows\System\jBVcjiu.exe
  C:\Windows\System\jBVcjiu.exe
  2⤵
  PID:7504
- C:\Windows\System\FoWHDTu.exe
  C:\Windows\System\FoWHDTu.exe
  2⤵
  PID:7520
- C:\Windows\System\WdEUCJj.exe
  C:\Windows\System\WdEUCJj.exe
  2⤵
  PID:7632
- C:\Windows\System\bHUBSVu.exe
  C:\Windows\System\bHUBSVu.exe
  2⤵
  PID:7652
- C:\Windows\System\aaxzvUN.exe
  C:\Windows\System\aaxzvUN.exe
  2⤵
  PID:7668
- C:\Windows\System\NBnDjBG.exe
  C:\Windows\System\NBnDjBG.exe
  2⤵
  PID:7684
- C:\Windows\System\KBfStjz.exe
  C:\Windows\System\KBfStjz.exe
  2⤵
  PID:7756
- C:\Windows\System\gDbtEvi.exe
  C:\Windows\System\gDbtEvi.exe
  2⤵
  PID:7808
- C:\Windows\System\AwNKaaz.exe
  C:\Windows\System\AwNKaaz.exe
  2⤵
  PID:7576
- C:\Windows\System\BayZDxR.exe
  C:\Windows\System\BayZDxR.exe
  2⤵
  PID:7724
- C:\Windows\System\KdnfFyo.exe
  C:\Windows\System\KdnfFyo.exe
  2⤵
  PID:7780
- C:\Windows\System\PeDFYMO.exe
  C:\Windows\System\PeDFYMO.exe
  2⤵
  PID:7796
- C:\Windows\System\PqdxmRc.exe
  C:\Windows\System\PqdxmRc.exe
  2⤵
  PID:7844
- C:\Windows\System\npuySwr.exe
  C:\Windows\System\npuySwr.exe
  2⤵
  PID:7716
- C:\Windows\System\GLRBvms.exe
  C:\Windows\System\GLRBvms.exe
  2⤵
  PID:7944
- C:\Windows\System\EaQHtFN.exe
  C:\Windows\System\EaQHtFN.exe
  2⤵
  PID:7896
- C:\Windows\System\lQdDagf.exe
  C:\Windows\System\lQdDagf.exe
  2⤵
  PID:7960
- C:\Windows\System\zQlkRui.exe
  C:\Windows\System\zQlkRui.exe
  2⤵
  PID:8028
- C:\Windows\System\jtsELKY.exe
  C:\Windows\System\jtsELKY.exe
  2⤵
  PID:8056
- C:\Windows\System\mJEJzJt.exe
  C:\Windows\System\mJEJzJt.exe
  2⤵
  PID:8152
- C:\Windows\System\eoGUzjM.exe
  C:\Windows\System\eoGUzjM.exe
  2⤵
  PID:8188
- C:\Windows\System\PTWCLIB.exe
  C:\Windows\System\PTWCLIB.exe
  2⤵
  PID:8012
- C:\Windows\System\jyVuAvn.exe
  C:\Windows\System\jyVuAvn.exe
  2⤵
  PID:8076
- C:\Windows\System\mHwlPGW.exe
  C:\Windows\System\mHwlPGW.exe
  2⤵
  PID:8136
- C:\Windows\System\OETafly.exe
  C:\Windows\System\OETafly.exe
  2⤵
  PID:6596
- C:\Windows\System\OntlpJL.exe
  C:\Windows\System\OntlpJL.exe
  2⤵
  PID:7104
- C:\Windows\System\KOaTjdr.exe
  C:\Windows\System\KOaTjdr.exe
  2⤵
  PID:6324
- C:\Windows\System\UROKWHo.exe
  C:\Windows\System\UROKWHo.exe
  2⤵
  PID:7140
- C:\Windows\System\qrKYaZn.exe
  C:\Windows\System\qrKYaZn.exe
  2⤵
  PID:6340
- C:\Windows\System\KukstGQ.exe
  C:\Windows\System\KukstGQ.exe
  2⤵
  PID:6756
- C:\Windows\System\mHiHisC.exe
  C:\Windows\System\mHiHisC.exe
  2⤵
  PID:7088
- C:\Windows\System\rgNLbKh.exe
  C:\Windows\System\rgNLbKh.exe
  2⤵
  PID:7212
- C:\Windows\System\cbFegNh.exe
  C:\Windows\System\cbFegNh.exe
  2⤵
  PID:7244
- C:\Windows\System\IUGvrhS.exe
  C:\Windows\System\IUGvrhS.exe
  2⤵
  PID:7308
- C:\Windows\System\nKlJyXq.exe
  C:\Windows\System\nKlJyXq.exe
  2⤵
  PID:7288
- C:\Windows\System\QTZvDOY.exe
  C:\Windows\System\QTZvDOY.exe
  2⤵
  PID:7336
- C:\Windows\System\fCOcLWF.exe
  C:\Windows\System\fCOcLWF.exe
  2⤵
  PID:7324
- C:\Windows\System\zRjLAVu.exe
  C:\Windows\System\zRjLAVu.exe
  2⤵
  PID:7372
- C:\Windows\System\HvTWizh.exe
  C:\Windows\System\HvTWizh.exe
  2⤵
  PID:7432
- C:\Windows\System\onSyhoA.exe
  C:\Windows\System\onSyhoA.exe
  2⤵
  PID:7460
- C:\Windows\System\eaFWqFU.exe
  C:\Windows\System\eaFWqFU.exe
  2⤵
  PID:7820
- C:\Windows\System\bSmngDa.exe
  C:\Windows\System\bSmngDa.exe
  2⤵
  PID:7560
- C:\Windows\System\hxJSPgi.exe
  C:\Windows\System\hxJSPgi.exe
  2⤵
  PID:7600
- C:\Windows\System\pZbRybK.exe
  C:\Windows\System\pZbRybK.exe
  2⤵
  PID:7616
- C:\Windows\System\bvLPFsb.exe
  C:\Windows\System\bvLPFsb.exe
  2⤵
  PID:7908
- C:\Windows\System\BmtCnOn.exe
  C:\Windows\System\BmtCnOn.exe
  2⤵
  PID:7912
- C:\Windows\System\EEsBHrp.exe
  C:\Windows\System\EEsBHrp.exe
  2⤵
  PID:8060
- C:\Windows\System\sDZLeAP.exe
  C:\Windows\System\sDZLeAP.exe
  2⤵
  PID:8168
- C:\Windows\System\AqbzMMU.exe
  C:\Windows\System\AqbzMMU.exe
  2⤵
  PID:6276
- C:\Windows\System\GSnfDfo.exe
  C:\Windows\System\GSnfDfo.exe
  2⤵
  PID:7040
- C:\Windows\System\BOHbWqt.exe
  C:\Windows\System\BOHbWqt.exe
  2⤵
  PID:7044
- C:\Windows\System\NhlXvfc.exe
  C:\Windows\System\NhlXvfc.exe
  2⤵
  PID:6420
- C:\Windows\System\JXVVNzF.exe
  C:\Windows\System\JXVVNzF.exe
  2⤵
  PID:7192
- C:\Windows\System\AzNcZNo.exe
  C:\Windows\System\AzNcZNo.exe
  2⤵
  PID:8108
- C:\Windows\System\NAoCDIE.exe
  C:\Windows\System\NAoCDIE.exe
  2⤵
  PID:7260
- C:\Windows\System\EIxFBOS.exe
  C:\Windows\System\EIxFBOS.exe
  2⤵
  PID:7448
- C:\Windows\System\hrNunah.exe
  C:\Windows\System\hrNunah.exe
  2⤵
  PID:7388
- C:\Windows\System\iLjrLQK.exe
  C:\Windows\System\iLjrLQK.exe
  2⤵
  PID:7592
- C:\Windows\System\DHgBLGJ.exe
  C:\Windows\System\DHgBLGJ.exe
  2⤵
  PID:8040
- C:\Windows\System\fRQrGwr.exe
  C:\Windows\System\fRQrGwr.exe
  2⤵
  PID:6584
- C:\Windows\System\HHDREPx.exe
  C:\Windows\System\HHDREPx.exe
  2⤵
  PID:7680
- C:\Windows\System\jLreAFE.exe
  C:\Windows\System\jLreAFE.exe
  2⤵
  PID:7752
- C:\Windows\System\MvIyVda.exe
  C:\Windows\System\MvIyVda.exe
  2⤵
  PID:7644
- C:\Windows\System\ZJKNFrj.exe
  C:\Windows\System\ZJKNFrj.exe
  2⤵
  PID:8120
- C:\Windows\System\DXYuxUv.exe
  C:\Windows\System\DXYuxUv.exe
  2⤵
  PID:6728
- C:\Windows\System\RaFvRwG.exe
  C:\Windows\System\RaFvRwG.exe
  2⤵
  PID:7108
- C:\Windows\System\fMuJBmu.exe
  C:\Windows\System\fMuJBmu.exe
  2⤵
  PID:8104
- C:\Windows\System\BEzmUyM.exe
  C:\Windows\System\BEzmUyM.exe
  2⤵
  PID:6536
- C:\Windows\System\sjKABOy.exe
  C:\Windows\System\sjKABOy.exe
  2⤵
  PID:7612
- C:\Windows\System\FExDlvf.exe
  C:\Windows\System\FExDlvf.exe
  2⤵
  PID:7732
- C:\Windows\System\OLhHQDC.exe
  C:\Windows\System\OLhHQDC.exe
  2⤵
  PID:6980
- C:\Windows\System\pOwvYwY.exe
  C:\Windows\System\pOwvYwY.exe
  2⤵
  PID:7648
- C:\Windows\System\FNAEgcM.exe
  C:\Windows\System\FNAEgcM.exe
  2⤵
  PID:7276
- C:\Windows\System\BtZQPeR.exe
  C:\Windows\System\BtZQPeR.exe
  2⤵
  PID:6740
- C:\Windows\System\fkQxahl.exe
  C:\Windows\System\fkQxahl.exe
  2⤵
  PID:7136
- C:\Windows\System\VGccwDM.exe
  C:\Windows\System\VGccwDM.exe
  2⤵
  PID:7692
- C:\Windows\System\uVhbIOI.exe
  C:\Windows\System\uVhbIOI.exe
  2⤵
  PID:7512
- C:\Windows\System\FWAEcZk.exe
  C:\Windows\System\FWAEcZk.exe
  2⤵
  PID:8172
- C:\Windows\System\vAOEtqG.exe
  C:\Windows\System\vAOEtqG.exe
  2⤵
  PID:7008
- C:\Windows\System\aOjaGHa.exe
  C:\Windows\System\aOjaGHa.exe
  2⤵
  PID:5868
- C:\Windows\System\ifHbGZX.exe
  C:\Windows\System\ifHbGZX.exe
  2⤵
  PID:7824
- C:\Windows\System\sYNWskw.exe
  C:\Windows\System\sYNWskw.exe
  2⤵
  PID:7928
- C:\Windows\System\sbwIfyM.exe
  C:\Windows\System\sbwIfyM.exe
  2⤵
  PID:7640
- C:\Windows\System\toFAWyq.exe
  C:\Windows\System\toFAWyq.exe
  2⤵
  PID:8200
- C:\Windows\System\DuUTGpH.exe
  C:\Windows\System\DuUTGpH.exe
  2⤵
  PID:8216
- C:\Windows\System\eIwZpra.exe
  C:\Windows\System\eIwZpra.exe
  2⤵
  PID:8240
- C:\Windows\System\RrmKpMy.exe
  C:\Windows\System\RrmKpMy.exe
  2⤵
  PID:8260
- C:\Windows\System\azPIVLA.exe
  C:\Windows\System\azPIVLA.exe
  2⤵
  PID:8280
- C:\Windows\System\XkMQydB.exe
  C:\Windows\System\XkMQydB.exe
  2⤵
  PID:8316
- C:\Windows\System\dQNatJt.exe
  C:\Windows\System\dQNatJt.exe
  2⤵
  PID:8336
- C:\Windows\System\TyVBavv.exe
  C:\Windows\System\TyVBavv.exe
  2⤵
  PID:8352
- C:\Windows\System\cBmRBby.exe
  C:\Windows\System\cBmRBby.exe
  2⤵
  PID:8368
- C:\Windows\System\YmGKkkL.exe
  C:\Windows\System\YmGKkkL.exe
  2⤵
  PID:8392
- C:\Windows\System\iFBUZrc.exe
  C:\Windows\System\iFBUZrc.exe
  2⤵
  PID:8408
- C:\Windows\System\yLHWkWM.exe
  C:\Windows\System\yLHWkWM.exe
  2⤵
  PID:8444
- C:\Windows\System\EWdgQGL.exe
  C:\Windows\System\EWdgQGL.exe
  2⤵
  PID:8460
- C:\Windows\System\rNrkgzx.exe
  C:\Windows\System\rNrkgzx.exe
  2⤵
  PID:8480
- C:\Windows\System\QgCJhFl.exe
  C:\Windows\System\QgCJhFl.exe
  2⤵
  PID:8504
- C:\Windows\System\uBAspbq.exe
  C:\Windows\System\uBAspbq.exe
  2⤵
  PID:8524
- C:\Windows\System\hiendOJ.exe
  C:\Windows\System\hiendOJ.exe
  2⤵
  PID:8544
- C:\Windows\System\ZyXWMxz.exe
  C:\Windows\System\ZyXWMxz.exe
  2⤵
  PID:8560
- C:\Windows\System\vyvbTvt.exe
  C:\Windows\System\vyvbTvt.exe
  2⤵
  PID:8580
- C:\Windows\System\sotvnsC.exe
  C:\Windows\System\sotvnsC.exe
  2⤵
  PID:8596
- C:\Windows\System\AvPxQnQ.exe
  C:\Windows\System\AvPxQnQ.exe
  2⤵
  PID:8616
- C:\Windows\System\JUOtohz.exe
  C:\Windows\System\JUOtohz.exe
  2⤵
  PID:8632
- C:\Windows\System\QWtLupP.exe
  C:\Windows\System\QWtLupP.exe
  2⤵
  PID:8648
- C:\Windows\System\JXJTenv.exe
  C:\Windows\System\JXJTenv.exe
  2⤵
  PID:8680
- C:\Windows\System\VSGxcWy.exe
  C:\Windows\System\VSGxcWy.exe
  2⤵
  PID:8700
- C:\Windows\System\FnQrwze.exe
  C:\Windows\System\FnQrwze.exe
  2⤵
  PID:8720
- C:\Windows\System\hQrmsVZ.exe
  C:\Windows\System\hQrmsVZ.exe
  2⤵
  PID:8748
- C:\Windows\System\knKOOaG.exe
  C:\Windows\System\knKOOaG.exe
  2⤵
  PID:8764
- C:\Windows\System\WenupjQ.exe
  C:\Windows\System\WenupjQ.exe
  2⤵
  PID:8780
- C:\Windows\System\gsMathH.exe
  C:\Windows\System\gsMathH.exe
  2⤵
  PID:8796
- C:\Windows\System\KUhDike.exe
  C:\Windows\System\KUhDike.exe
  2⤵
  PID:8824
- C:\Windows\System\EJrOiAr.exe
  C:\Windows\System\EJrOiAr.exe
  2⤵
  PID:8840
- C:\Windows\System\fmYJbDD.exe
  C:\Windows\System\fmYJbDD.exe
  2⤵
  PID:8856
- C:\Windows\System\vRvMudh.exe
  C:\Windows\System\vRvMudh.exe
  2⤵
  PID:8872
- C:\Windows\System\HXObLUs.exe
  C:\Windows\System\HXObLUs.exe
  2⤵
  PID:8888
- C:\Windows\System\PlJbaHM.exe
  C:\Windows\System\PlJbaHM.exe
  2⤵
  PID:8908
- C:\Windows\System\iRayyRi.exe
  C:\Windows\System\iRayyRi.exe
  2⤵
  PID:8932
- C:\Windows\System\EIfgpYW.exe
  C:\Windows\System\EIfgpYW.exe
  2⤵
  PID:8952
- C:\Windows\System\HIzERVB.exe
  C:\Windows\System\HIzERVB.exe
  2⤵
  PID:8972
- C:\Windows\System\lmurcsx.exe
  C:\Windows\System\lmurcsx.exe
  2⤵
  PID:8988
- C:\Windows\System\AATCXYy.exe
  C:\Windows\System\AATCXYy.exe
  2⤵
  PID:9004
- C:\Windows\System\AHoBqaB.exe
  C:\Windows\System\AHoBqaB.exe
  2⤵
  PID:9020
- C:\Windows\System\uThrcRX.exe
  C:\Windows\System\uThrcRX.exe
  2⤵
  PID:9064
- C:\Windows\System\ghfTXDf.exe
  C:\Windows\System\ghfTXDf.exe
  2⤵
  PID:9096
- C:\Windows\System\mmlWozo.exe
  C:\Windows\System\mmlWozo.exe
  2⤵
  PID:9112
- C:\Windows\System\rEVkCCb.exe
  C:\Windows\System\rEVkCCb.exe
  2⤵
  PID:9132
- C:\Windows\System\gdTUgsQ.exe
  C:\Windows\System\gdTUgsQ.exe
  2⤵
  PID:9148
- C:\Windows\System\YtShgws.exe
  C:\Windows\System\YtShgws.exe
  2⤵
  PID:9168
- C:\Windows\System\atWdbZQ.exe
  C:\Windows\System\atWdbZQ.exe
  2⤵
  PID:9184
- C:\Windows\System\ETeHUpt.exe
  C:\Windows\System\ETeHUpt.exe
  2⤵
  PID:9208
- C:\Windows\System\idDeqZq.exe
  C:\Windows\System\idDeqZq.exe
  2⤵
  PID:7468
- C:\Windows\System\koPyEdY.exe
  C:\Windows\System\koPyEdY.exe
  2⤵
  PID:8268
- C:\Windows\System\AQeEGpK.exe
  C:\Windows\System\AQeEGpK.exe
  2⤵
  PID:8328
- C:\Windows\System\jwaoJiF.exe
  C:\Windows\System\jwaoJiF.exe
  2⤵
  PID:8364
- C:\Windows\System\AxnJvQQ.exe
  C:\Windows\System\AxnJvQQ.exe
  2⤵
  PID:8404
- C:\Windows\System\EavSPYO.exe
  C:\Windows\System\EavSPYO.exe
  2⤵
  PID:8252
- C:\Windows\System\mLDEVzp.exe
  C:\Windows\System\mLDEVzp.exe
  2⤵
  PID:8296
- C:\Windows\System\QTlFPpi.exe
  C:\Windows\System\QTlFPpi.exe
  2⤵
  PID:8376
- C:\Windows\System\cZPeoLA.exe
  C:\Windows\System\cZPeoLA.exe
  2⤵
  PID:8436
- C:\Windows\System\PsujVUG.exe
  C:\Windows\System\PsujVUG.exe
  2⤵
  PID:8420
- C:\Windows\System\MnTLTmW.exe
  C:\Windows\System\MnTLTmW.exe
  2⤵
  PID:8472
- C:\Windows\System\TciSULV.exe
  C:\Windows\System\TciSULV.exe
  2⤵
  PID:4540
- C:\Windows\System\ABGqEEd.exe
  C:\Windows\System\ABGqEEd.exe
  2⤵
  PID:8520
- C:\Windows\System\BPVAaxI.exe
  C:\Windows\System\BPVAaxI.exe
  2⤵
  PID:8612
- C:\Windows\System\yzGtmKc.exe
  C:\Windows\System\yzGtmKc.exe
  2⤵
  PID:8644
- C:\Windows\System\OQduRwL.exe
  C:\Windows\System\OQduRwL.exe
  2⤵
  PID:8676
- C:\Windows\System\igruluz.exe
  C:\Windows\System\igruluz.exe
  2⤵
  PID:8716
- C:\Windows\System\pHrgjDn.exe
  C:\Windows\System\pHrgjDn.exe
  2⤵
  PID:8664
- C:\Windows\System\OeVvWsG.exe
  C:\Windows\System\OeVvWsG.exe
  2⤵
  PID:8736
- C:\Windows\System\ZPnokJb.exe
  C:\Windows\System\ZPnokJb.exe
  2⤵
  PID:8804
- C:\Windows\System\YkcrJbB.exe
  C:\Windows\System\YkcrJbB.exe
  2⤵
  PID:8848
- C:\Windows\System\Koaiwdj.exe
  C:\Windows\System\Koaiwdj.exe
  2⤵
  PID:8920
- C:\Windows\System\HEwsUkS.exe
  C:\Windows\System\HEwsUkS.exe
  2⤵
  PID:8960
- C:\Windows\System\dYpwatl.exe
  C:\Windows\System\dYpwatl.exe
  2⤵
  PID:9032
- C:\Windows\System\LxIsApw.exe
  C:\Windows\System\LxIsApw.exe
  2⤵
  PID:9044
- C:\Windows\System\FkXuavk.exe
  C:\Windows\System\FkXuavk.exe
  2⤵
  PID:9060
- C:\Windows\System\VqeREio.exe
  C:\Windows\System\VqeREio.exe
  2⤵
  PID:8984
- C:\Windows\System\IkTaapJ.exe
  C:\Windows\System\IkTaapJ.exe
  2⤵
  PID:8864
- C:\Windows\System\qYOJcIe.exe
  C:\Windows\System\qYOJcIe.exe
  2⤵
  PID:9080
- C:\Windows\System\VLVBuCi.exe
  C:\Windows\System\VLVBuCi.exe
  2⤵
  PID:9108
- C:\Windows\System\KdfsUAf.exe
  C:\Windows\System\KdfsUAf.exe
  2⤵
  PID:9156
- C:\Windows\System\XnvlZuC.exe
  C:\Windows\System\XnvlZuC.exe
  2⤵
  PID:9160
- C:\Windows\System\YutNFlZ.exe
  C:\Windows\System\YutNFlZ.exe
  2⤵
  PID:7776
- C:\Windows\System\MiTCdTc.exe
  C:\Windows\System\MiTCdTc.exe
  2⤵
  PID:8024
- C:\Windows\System\QdCchjj.exe
  C:\Windows\System\QdCchjj.exe
  2⤵
  PID:8232
- C:\Windows\System\VgcvMpu.exe
  C:\Windows\System\VgcvMpu.exe
  2⤵
  PID:8228
- C:\Windows\System\UejgtIS.exe
  C:\Windows\System\UejgtIS.exe
  2⤵
  PID:8292
- C:\Windows\System\DsOgALT.exe
  C:\Windows\System\DsOgALT.exe
  2⤵
  PID:8424
- C:\Windows\System\nmuBMgf.exe
  C:\Windows\System\nmuBMgf.exe
  2⤵
  PID:8432
- C:\Windows\System\DYiIDpT.exe
  C:\Windows\System\DYiIDpT.exe
  2⤵
  PID:8496
- C:\Windows\System\uNXFQFQ.exe
  C:\Windows\System\uNXFQFQ.exe
  2⤵
  PID:8608
- C:\Windows\System\PphcSYw.exe
  C:\Windows\System\PphcSYw.exe
  2⤵
  PID:8588
- C:\Windows\System\QKHjfOg.exe
  C:\Windows\System\QKHjfOg.exe
  2⤵
  PID:8692
- C:\Windows\System\uQSZUea.exe
  C:\Windows\System\uQSZUea.exe
  2⤵
  PID:8628
- C:\Windows\System\dnjdmAF.exe
  C:\Windows\System\dnjdmAF.exe
  2⤵
  PID:8744
- C:\Windows\System\sqSTYxp.exe
  C:\Windows\System\sqSTYxp.exe
  2⤵
  PID:8812
- C:\Windows\System\wTrYfKM.exe
  C:\Windows\System\wTrYfKM.exe
  2⤵
  PID:8880
- C:\Windows\System\AXsNbuS.exe
  C:\Windows\System\AXsNbuS.exe
  2⤵
  PID:8788
- C:\Windows\System\smssRPB.exe
  C:\Windows\System\smssRPB.exe
  2⤵
  PID:8996
- C:\Windows\System\llelizd.exe
  C:\Windows\System\llelizd.exe
  2⤵
  PID:9048
- C:\Windows\System\BtkjaRy.exe
  C:\Windows\System\BtkjaRy.exe
  2⤵
  PID:8896
- C:\Windows\System\xgvGWuK.exe
  C:\Windows\System\xgvGWuK.exe
  2⤵
  PID:9104
- C:\Windows\System\rJWXsAp.exe
  C:\Windows\System\rJWXsAp.exe
  2⤵
  PID:9180
- C:\Windows\System\gbKIXTY.exe
  C:\Windows\System\gbKIXTY.exe
  2⤵
  PID:8224
- C:\Windows\System\YgNyBLL.exe
  C:\Windows\System\YgNyBLL.exe
  2⤵
  PID:7880
- C:\Windows\System\sItftGi.exe
  C:\Windows\System\sItftGi.exe
  2⤵
  PID:8308
- C:\Windows\System\VhpcXhh.exe
  C:\Windows\System\VhpcXhh.exe
  2⤵
  PID:8428
- C:\Windows\System\icFimHG.exe
  C:\Windows\System\icFimHG.exe
  2⤵
  PID:8568
- C:\Windows\System\wdkPxzF.exe
  C:\Windows\System\wdkPxzF.exe
  2⤵
  PID:8712
- C:\Windows\System\TzkxpFu.exe
  C:\Windows\System\TzkxpFu.exe
  2⤵
  PID:9028
- C:\Windows\System\ebNyvqz.exe
  C:\Windows\System\ebNyvqz.exe
  2⤵
  PID:8832
- C:\Windows\System\aoochRp.exe
  C:\Windows\System\aoochRp.exe
  2⤵
  PID:8288
- C:\Windows\System\VSNIOHl.exe
  C:\Windows\System\VSNIOHl.exe
  2⤵
  PID:8360
- C:\Windows\System\qYeGjfi.exe
  C:\Windows\System\qYeGjfi.exe
  2⤵
  PID:8604
- C:\Windows\System\LkgENzN.exe
  C:\Windows\System\LkgENzN.exe
  2⤵
  PID:8660
- C:\Windows\System\lydtoha.exe
  C:\Windows\System\lydtoha.exe
  2⤵
  PID:7544
- C:\Windows\System\CzNNLDb.exe
  C:\Windows\System\CzNNLDb.exe
  2⤵
  PID:9200
- C:\Windows\System\JhRIUwJ.exe
  C:\Windows\System\JhRIUwJ.exe
  2⤵
  PID:8820
- C:\Windows\System\RpdmAVQ.exe
  C:\Windows\System\RpdmAVQ.exe
  2⤵
  PID:8868
- C:\Windows\System\OhfdGvP.exe
  C:\Windows\System\OhfdGvP.exe
  2⤵
  PID:8416
- C:\Windows\System\yEHZfNv.exe
  C:\Windows\System\yEHZfNv.exe
  2⤵
  PID:9120
- C:\Windows\System\tdwxXiR.exe
  C:\Windows\System\tdwxXiR.exe
  2⤵
  PID:9056
- C:\Windows\System\vDMrPFE.exe
  C:\Windows\System\vDMrPFE.exe
  2⤵
  PID:7124
- C:\Windows\System\SdmQpNj.exe
  C:\Windows\System\SdmQpNj.exe
  2⤵
  PID:8772
- C:\Windows\System\mTNUhqO.exe
  C:\Windows\System\mTNUhqO.exe
  2⤵
  PID:9220
- C:\Windows\System\NTfQdMo.exe
  C:\Windows\System\NTfQdMo.exe
  2⤵
  PID:9236
- C:\Windows\System\iWxSIPr.exe
  C:\Windows\System\iWxSIPr.exe
  2⤵
  PID:9252
- C:\Windows\System\IetzYdw.exe
  C:\Windows\System\IetzYdw.exe
  2⤵
  PID:9268
- C:\Windows\System\riiWWcv.exe
  C:\Windows\System\riiWWcv.exe
  2⤵
  PID:9300
- C:\Windows\System\sRazNSN.exe
  C:\Windows\System\sRazNSN.exe
  2⤵
  PID:9316
- C:\Windows\System\nRQfoZP.exe
  C:\Windows\System\nRQfoZP.exe
  2⤵
  PID:9344
- C:\Windows\System\zAofpFB.exe
  C:\Windows\System\zAofpFB.exe
  2⤵
  PID:9360
- C:\Windows\System\jbIJiez.exe
  C:\Windows\System\jbIJiez.exe
  2⤵
  PID:9384
- C:\Windows\System\ULnLEVt.exe
  C:\Windows\System\ULnLEVt.exe
  2⤵
  PID:9400
- C:\Windows\System\lhjCOPW.exe
  C:\Windows\System\lhjCOPW.exe
  2⤵
  PID:9428
- C:\Windows\System\MshDtIG.exe
  C:\Windows\System\MshDtIG.exe
  2⤵
  PID:9444
- C:\Windows\System\QorRMIo.exe
  C:\Windows\System\QorRMIo.exe
  2⤵
  PID:9460
- C:\Windows\System\gbYkRhR.exe
  C:\Windows\System\gbYkRhR.exe
  2⤵
  PID:9476
- C:\Windows\System\YlEWmTI.exe
  C:\Windows\System\YlEWmTI.exe
  2⤵
  PID:9496
- C:\Windows\System\CdnLpqN.exe
  C:\Windows\System\CdnLpqN.exe
  2⤵
  PID:9512
- C:\Windows\System\mcwUiSt.exe
  C:\Windows\System\mcwUiSt.exe
  2⤵
  PID:9548
- C:\Windows\System\puwnzok.exe
  C:\Windows\System\puwnzok.exe
  2⤵
  PID:9568
- C:\Windows\System\HNaCExo.exe
  C:\Windows\System\HNaCExo.exe
  2⤵
  PID:9588
- C:\Windows\System\hPQynqt.exe
  C:\Windows\System\hPQynqt.exe
  2⤵
  PID:9608
- C:\Windows\System\Egsislw.exe
  C:\Windows\System\Egsislw.exe
  2⤵
  PID:9624
- C:\Windows\System\akPSTlE.exe
  C:\Windows\System\akPSTlE.exe
  2⤵
  PID:9644
- C:\Windows\System\uYsXJTs.exe
  C:\Windows\System\uYsXJTs.exe
  2⤵
  PID:9672
- C:\Windows\System\WMhukMX.exe
  C:\Windows\System\WMhukMX.exe
  2⤵
  PID:9688
- C:\Windows\System\VtfOlyG.exe
  C:\Windows\System\VtfOlyG.exe
  2⤵
  PID:9712
- C:\Windows\System\KmExjJQ.exe
  C:\Windows\System\KmExjJQ.exe
  2⤵
  PID:9728
- C:\Windows\System\jSVaEqX.exe
  C:\Windows\System\jSVaEqX.exe
  2⤵
  PID:9744
- C:\Windows\System\ZilDMSI.exe
  C:\Windows\System\ZilDMSI.exe
  2⤵
  PID:9764
- C:\Windows\System\AjdbwzC.exe
  C:\Windows\System\AjdbwzC.exe
  2⤵
  PID:9780
- C:\Windows\System\DkWeXpt.exe
  C:\Windows\System\DkWeXpt.exe
  2⤵
  PID:9800
- C:\Windows\System\sbFjXRh.exe
  C:\Windows\System\sbFjXRh.exe
  2⤵
  PID:9820
- C:\Windows\System\VciTCnA.exe
  C:\Windows\System\VciTCnA.exe
  2⤵
  PID:9840
- C:\Windows\System\ndoXvtI.exe
  C:\Windows\System\ndoXvtI.exe
  2⤵
  PID:9860
- C:\Windows\System\caxmvUo.exe
  C:\Windows\System\caxmvUo.exe
  2⤵
  PID:9876
- C:\Windows\System\flMUrBy.exe
  C:\Windows\System\flMUrBy.exe
  2⤵
  PID:9900
- C:\Windows\System\oaOcJDu.exe
  C:\Windows\System\oaOcJDu.exe
  2⤵
  PID:9940
- C:\Windows\System\bwNwQzu.exe
  C:\Windows\System\bwNwQzu.exe
  2⤵
  PID:9960
- C:\Windows\System\cQxehcx.exe
  C:\Windows\System\cQxehcx.exe
  2⤵
  PID:9980
- C:\Windows\System\FmAgxuR.exe
  C:\Windows\System\FmAgxuR.exe
  2⤵
  PID:9996
- C:\Windows\System\heqMjFs.exe
  C:\Windows\System\heqMjFs.exe
  2⤵
  PID:10016
- C:\Windows\System\gbAftIF.exe
  C:\Windows\System\gbAftIF.exe
  2⤵
  PID:10040
- C:\Windows\System\Kdsjmtq.exe
  C:\Windows\System\Kdsjmtq.exe
  2⤵
  PID:10060
- C:\Windows\System\lWUCoVA.exe
  C:\Windows\System\lWUCoVA.exe
  2⤵
  PID:10076
- C:\Windows\System\PaTYlRI.exe
  C:\Windows\System\PaTYlRI.exe
  2⤵
  PID:10096
- C:\Windows\System\XkoHDQJ.exe
  C:\Windows\System\XkoHDQJ.exe
  2⤵
  PID:10112
- C:\Windows\System\vISFgdg.exe
  C:\Windows\System\vISFgdg.exe
  2⤵
  PID:10140
- C:\Windows\System\JByMYFj.exe
  C:\Windows\System\JByMYFj.exe
  2⤵
  PID:10156
- C:\Windows\System\OrSGRha.exe
  C:\Windows\System\OrSGRha.exe
  2⤵
  PID:10176
- C:\Windows\System\CLyStbe.exe
  C:\Windows\System\CLyStbe.exe
  2⤵
  PID:10192
- C:\Windows\System\crkKDvy.exe
  C:\Windows\System\crkKDvy.exe
  2⤵
  PID:10212
- C:\Windows\System\GGWtrWR.exe
  C:\Windows\System\GGWtrWR.exe
  2⤵
  PID:10236
- C:\Windows\System\cdwnAnf.exe
  C:\Windows\System\cdwnAnf.exe
  2⤵
  PID:9248
- C:\Windows\System\PTzNmmw.exe
  C:\Windows\System\PTzNmmw.exe
  2⤵
  PID:9228
- C:\Windows\System\fJaDjkA.exe
  C:\Windows\System\fJaDjkA.exe
  2⤵
  PID:9296
- C:\Windows\System\hNSNuJQ.exe
  C:\Windows\System\hNSNuJQ.exe
  2⤵
  PID:9308
- C:\Windows\System\cEWGRrT.exe
  C:\Windows\System\cEWGRrT.exe
  2⤵
  PID:9340
- C:\Windows\System\GQTgmco.exe
  C:\Windows\System\GQTgmco.exe
  2⤵
  PID:9376
- C:\Windows\System\ckBvOeJ.exe
  C:\Windows\System\ckBvOeJ.exe
  2⤵
  PID:9416
- C:\Windows\System\JVLdqLd.exe
  C:\Windows\System\JVLdqLd.exe
  2⤵
  PID:9412
- C:\Windows\System\YbpQLvv.exe
  C:\Windows\System\YbpQLvv.exe
  2⤵
  PID:9520
- C:\Windows\System\MRCIxin.exe
  C:\Windows\System\MRCIxin.exe
  2⤵
  PID:9540
- C:\Windows\System\UMWdIlS.exe
  C:\Windows\System\UMWdIlS.exe
  2⤵
  PID:9468
- C:\Windows\System\zKOPBzU.exe
  C:\Windows\System\zKOPBzU.exe
  2⤵
  PID:9580
- C:\Windows\System\faRWyvS.exe
  C:\Windows\System\faRWyvS.exe
  2⤵
  PID:9664
- C:\Windows\System\BxhQnlK.exe
  C:\Windows\System\BxhQnlK.exe
  2⤵
  PID:9668
- C:\Windows\System\rhtkBtq.exe
  C:\Windows\System\rhtkBtq.exe
  2⤵
  PID:9700
- C:\Windows\System\Lqlklfi.exe
  C:\Windows\System\Lqlklfi.exe
  2⤵
  PID:9776
- C:\Windows\System\auxVcsH.exe
  C:\Windows\System\auxVcsH.exe
  2⤵
  PID:9848
- C:\Windows\System\NdHVzQg.exe
  C:\Windows\System\NdHVzQg.exe
  2⤵
  PID:9888
- C:\Windows\System\tXvdBJd.exe
  C:\Windows\System\tXvdBJd.exe
  2⤵
  PID:9720
- C:\Windows\System\QxjvpYn.exe
  C:\Windows\System\QxjvpYn.exe
  2⤵
  PID:9836
- C:\Windows\System\IFsfgoU.exe
  C:\Windows\System\IFsfgoU.exe
  2⤵
  PID:9908
- C:\Windows\System\AWNvobo.exe
  C:\Windows\System\AWNvobo.exe
  2⤵
  PID:9932
- C:\Windows\System\PCtavBT.exe
  C:\Windows\System\PCtavBT.exe
  2⤵
  PID:8312
- C:\Windows\System\UmiqQJN.exe
  C:\Windows\System\UmiqQJN.exe
  2⤵
  PID:9972
- C:\Windows\System\sCpLoOd.exe
  C:\Windows\System\sCpLoOd.exe
  2⤵
  PID:10008
- C:\Windows\System\QUQORDT.exe
  C:\Windows\System\QUQORDT.exe
  2⤵
  PID:10036
- C:\Windows\System\uNTVBij.exe
  C:\Windows\System\uNTVBij.exe
  2⤵
  PID:10072
- C:\Windows\System\veeIvpU.exe
  C:\Windows\System\veeIvpU.exe
  2⤵
  PID:10108
- C:\Windows\System\eeehdPt.exe
  C:\Windows\System\eeehdPt.exe
  2⤵
  PID:10152
- C:\Windows\System\RVtHHCq.exe
  C:\Windows\System\RVtHHCq.exe
  2⤵
  PID:10228
- C:\Windows\System\SeTmWqz.exe
  C:\Windows\System\SeTmWqz.exe
  2⤵
  PID:10208
- C:\Windows\System\jmNvoVc.exe
  C:\Windows\System\jmNvoVc.exe
  2⤵
  PID:8740
- C:\Windows\System\GhkqueZ.exe
  C:\Windows\System\GhkqueZ.exe
  2⤵
  PID:9176
- C:\Windows\System\GDwNszl.exe
  C:\Windows\System\GDwNszl.exe
  2⤵
  PID:8728
- C:\Windows\System\BFXjlWj.exe
  C:\Windows\System\BFXjlWj.exe
  2⤵
  PID:9380
- C:\Windows\System\JhNssBP.exe
  C:\Windows\System\JhNssBP.exe
  2⤵
  PID:9536
- C:\Windows\System\vxObLbY.exe
  C:\Windows\System\vxObLbY.exe
  2⤵
  PID:9328
- C:\Windows\System\XIJLgul.exe
  C:\Windows\System\XIJLgul.exe
  2⤵
  PID:9576
- C:\Windows\System\zbpRUyW.exe
  C:\Windows\System\zbpRUyW.exe
  2⤵
  PID:9660
- C:\Windows\System\UCyVwpa.exe
  C:\Windows\System\UCyVwpa.exe
  2⤵
  PID:9436
- C:\Windows\System\bnuyDCX.exe
  C:\Windows\System\bnuyDCX.exe
  2⤵
  PID:9640
- C:\Windows\System\EEAqgBT.exe
  C:\Windows\System\EEAqgBT.exe
  2⤵
  PID:9816
- C:\Windows\System\ZdvCwYN.exe
  C:\Windows\System\ZdvCwYN.exe
  2⤵
  PID:9884
- C:\Windows\System\OQQlgxz.exe
  C:\Windows\System\OQQlgxz.exe
  2⤵
  PID:9792
- C:\Windows\System\WDEITdK.exe
  C:\Windows\System\WDEITdK.exe
  2⤵
  PID:9832
- C:\Windows\System\ieeHZAY.exe
  C:\Windows\System\ieeHZAY.exe
  2⤵
  PID:8208
- C:\Windows\System\nbXLgxy.exe
  C:\Windows\System\nbXLgxy.exe
  2⤵
  PID:9968
- C:\Windows\System\rMycYdQ.exe
  C:\Windows\System\rMycYdQ.exe
  2⤵
  PID:10088
- C:\Windows\System\dczjRdX.exe
  C:\Windows\System\dczjRdX.exe
  2⤵
  PID:9948
- C:\Windows\System\hBvqNqC.exe
  C:\Windows\System\hBvqNqC.exe
  2⤵
  PID:8492
- C:\Windows\System\umuRYtp.exe
  C:\Windows\System\umuRYtp.exe
  2⤵
  PID:10124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BxERPTj.exe

Filesize
6.0MB

MD5
e3317376e397f19886919c8c79b24291

SHA1
48c5f4b372fe7a4c0110df4f45d4e5256ea12657

SHA256
d82d4c50126eb85d2a012d3496dcf9e34bfcabe9566220fe2139ecb468b64024

SHA512
13c8e35312e81e273d3037ceb1c29b80a7c33ccf53af022731a64e4689b4311f648e1d99f2589daf880dffee0bcd18c5738cd016435a617eca337abd6c98c406

Download Submit
C:\Windows\system\CzdPYgi.exe

Filesize
6.0MB

MD5
2e4cb42afd60b3f545a8e4d21ce78bf2

SHA1
0484d074d9443579b351bc097c3e6f4efb47343c

SHA256
f0d48c1ab67d22bf6dd5f4231e1dafffb9b7bbf559890512689df3a77c60b6a9

SHA512
0e4c6cc9003ed44350937f794ff955a3bd7a02a21f0dc5cd6b1d3a355ad4c6a8a3f873819cc332904db90192ab4d56395c2e1e8e541cd6bcc1daf116955de48b

Download Submit
C:\Windows\system\ESfhrqj.exe

Filesize
6.1MB

MD5
eaecade32208cf4261faa8083439a835

SHA1
037711887022e5db556d8f5b24f219d986aecf2c

SHA256
a39c6c02b752e7864e22a6f9ec44b265803143b7d23b5c363e9b38d5fb0f67ea

SHA512
2370d296be5ac7e111219b70966654fe771b636f24742adbc5d737a8209687866a434f279627bfacf80a0cd4aebf3cb9f27438e48bbf6f98b46713a339eda3f8

Download Submit
C:\Windows\system\HQDgltj.exe

Filesize
6.1MB

MD5
f989744f7a2995cd001f0b60f6151468

SHA1
1e75196e1125aedbf6d942eb1c0dbfb659b253b5

SHA256
0f1d9b7565752a996bb036c3bbbb105379bd9964cbfd8506131e9f584bc66bd9

SHA512
e41e20212cdd43d23f66da0a96f0cd707c1a93810942ae54bff61a232ea3d1fda0b5c2045673254f22315250358811702b9295a557ec3d0a4b788537bcbd3a69

Download Submit
C:\Windows\system\HuDUOoz.exe

Filesize
6.1MB

MD5
ff1c49b0f37687bb8f0c0c0b2a2069c0

SHA1
4a6e8b41635a7e2b883c539ca0a66d696d6393c5

SHA256
d53414518a3a071800f920d36d3f2f618671d76e1d84e87b940421d41205ed70

SHA512
d458004a5a2837d54a29fd83d451cdae5173b72be1c98bf98a5a5b74c87b030f04ec72246d5dc5d9c6ae29322b7b5e9bd6c0b89c1310af0b59afe59a56574021

Download Submit
C:\Windows\system\HvsGsKI.exe

Filesize
6.1MB

MD5
513fec4f0825eb5d02c6c93543b4ad46

SHA1
fb050caee4526774511b2a2b513dcf51a4600906

SHA256
da285c08a272ed44a9178d0c2548a3b5e17a6af52bf607ca1ca79f94d2239245

SHA512
5fdba2171dd0c829e93e4e5008896057b2d9b2b4b2e3f915c00b8990a5f903575460ab20feefcd5b67b829c2d328bda0082a94c6c5374a48648350e2dbaaf3a4

Download Submit
C:\Windows\system\NVoRnZH.exe

Filesize
6.1MB

MD5
6cf24afef90246d009f31c940d989a52

SHA1
ad69fad93a5e4e67312c344829b5091d2320f33f

SHA256
d8bc90df7a5409aa6e3170b3643e9ffb2b37d990789594846bcf481635b997e0

SHA512
4a5c20157395e960b1c398ae1ea3b1394199b0bb49c4d1542fc3dfb7772c7cb9018b2d59016e2ac8406646bf575ede109f7a77e5b02b32116f88b5009432d2e5

Download Submit
C:\Windows\system\NwBzNYO.exe

Filesize
6.1MB

MD5
59806ee1ab9673b2c35b376ac0e72452

SHA1
6d33bfd78d10b98320325350920daa85e1c07dd6

SHA256
bf4b0afeaf59450e30071382924f87b85e91cadca77cc399c5f6a1c5da319d84

SHA512
1ab2efb02b3cd2a01cbdfd7ba0628a05135a00a6fc42fccc524b87bf1db47288e16684051bbe8754f23f87762b8b1425a646e6a40726aaaaa8fb04c49b8df77e

Download Submit
C:\Windows\system\OykheRB.exe

Filesize
6.1MB

MD5
a4b97d0c64f0cb272a875b9dd5ceeb83

SHA1
3886a9349895cd61bae111882c236cd5e6a6158f

SHA256
9c5e12e26d44771546618cb47bb902dee7114aacddd44e632b153ac6ad6523ad

SHA512
e297bc8a2b885b6d729a4ab5464c9a78b26f740ed388d9f8e98dd15221385766dcbf453536fe792b59b6f089a9e5e4fcbbaccf9605840b07b37482db8444f20f

Download Submit
C:\Windows\system\TsIjcxT.exe

Filesize
6.0MB

MD5
a4a2fc299988c63b5fd18183bda937d8

SHA1
e30697cf2973d8160d5d6925a278f103eb77cc9b

SHA256
6dd7edfee1838f1c6667799ba4963ef4972e06425f7abcf350abaa43d6a5a154

SHA512
f427a6472e012eeaef3a3b3b896fb988387927369ca43d399e2ecfc68c4254812546f7ef03e99f8e3edabf9e15e75637b923ac5b7a187dda853de05e836b10fe

Download Submit
C:\Windows\system\UIMhsMA.exe

Filesize
6.0MB

MD5
96f5bf644a25b1aee34b24ada1bb5d3d

SHA1
5f84adb73ac234d5636a9f73dea88dfb214c563d

SHA256
d0cb40ff95183696e28cd81a5dfe61818c42d4b8382474ed4c47ec31f60dfb5d

SHA512
d507d9706bf0595edf751f31b3e36e5629c04a762217a427bcb096721300fe69bf796e0860dd99ab61ea7abec38a1d3f0c3086490c5f8022f34c33e3458341b6

Download Submit
C:\Windows\system\VYrguSY.exe

Filesize
6.0MB

MD5
3f9f4becf3fa1f8088d1b697bdf95dec

SHA1
820dc08b63316b63dc9134ef0924d4dd04c54522

SHA256
10bd8fe8dec72e5bdbc9ff4a7d43065a0bece831fad59d3fbada54ca03273260

SHA512
df7a3d7ed2d4aaf6f81da9b5e9234b88e42175a3f468141e0be7e5b367d4961df539414e21a3c3f3282f5e646ff7b54c1c2b0356d8abe2d99d922c44b9edec17

Download Submit
C:\Windows\system\VhvpElz.exe

Filesize
6.0MB

MD5
f421ffcf4073c98a73ef0a2c935f4ef7

SHA1
5ccbfec14c2a7313050d94eb2243726ca8d9911e

SHA256
62cc6ccf695ba5914edd7e4f77be68d3fd9e954be7699dc35f8e923f263d5f1c

SHA512
5b967443fdbc1446c59d2c6a87903e519cfe557a10a34bd19422ede44d6c21b0cc3eb8daf9a71e6004265a6139ef0b78045fdef003d97bf11a2bb42ad884e5c1

Download Submit
C:\Windows\system\ZjdFELW.exe

Filesize
6.1MB

MD5
73f47eea87a1052dea68f9e41ba8c6a4

SHA1
2a4ef8091ed64071831e757cad2dad9d9c662108

SHA256
a48a5e749e6e5f357e73259a94bc63df8a4328b689566d26649ac9997f029462

SHA512
2e38f824e66717cc8dcae5ef1db0d9d11a60d7e518d5728918bdbb080ae877c006e4d59fe55d2a056e8e4bf2e123f7eedf2a809fa8559227e727b71347c3e602

Download Submit
C:\Windows\system\dtLnVho.exe

Filesize
6.1MB

MD5
46518d4349e4f505c38f987139bb94b1

SHA1
69b9db6b584593b906b370d7ead0a9eaf9ae1a1e

SHA256
9eab9bedc9f3c4676916dd01e0b2f85b59a10e2370d9629cd7bfa3f0263b472e

SHA512
8fc9213f03f692c4c428cd433d4209d9345aba50c949433e073541372ae053681dba5c4316777ebf13818fabd7fe2122c6a4a153745b51d94c4e2c9357b8a320

Download Submit
C:\Windows\system\eaDXxDy.exe

Filesize
6.0MB

MD5
fbc8e9ca371f3015cc2b8d39d4dd2ebd

SHA1
e720f2622a60b83ae397951db471b583cdc4c309

SHA256
22d06946c1c0fd4b177df3f54f1e54f74c64523f06e296fbb2cb61de883c78d7

SHA512
2af02ad97fc91fbe76a1eccb18e0795f2f2dbc7ee86057233bea9241211e1aaf0b1c6f7148bd51a863eed56c24ad9b4afe67fb58cfb2aa454232781319e4984e

Download Submit
C:\Windows\system\fTJLwYi.exe

Filesize
6.0MB

MD5
e19fa97e64d3a004ef24a66ab5f9cbb4

SHA1
2259a163ce27d13c96d16e321481bc5132f3e2fd

SHA256
723a66f2451ebc087c9c53937ff4de50c5d69f39a0caa53e3d953883d0dfbc88

SHA512
e00650cc2a040f2ace6118cb469b5cedf5752430e72ff046fc13c316cf5a6756962fcf234d504cac140145119fb9ed27e9119fd6d1071a92e2ae2c1322489a93

Download Submit
C:\Windows\system\iHDviTo.exe

Filesize
6.1MB

MD5
96a2988b0ce69c34b9f09e63d0613868

SHA1
c752d252be19b09c82696072559cb8a07f3e5450

SHA256
59f6ed1a11a4063a6c3b6a00eb34507824717614ccd0a6e26d66c2df2278351b

SHA512
29d75c8e29e859b04e3c410af968dc84ca56e83dd6a0a5aa9c4290dbdca036624e511cda0c9a34175a43e89dde128ec7f858b5660555da69a902139a0d1e1de4

Download Submit
C:\Windows\system\jzRDcBh.exe

Filesize
6.1MB

MD5
c34be5e1818be977d81891d3bd51771f

SHA1
06ea3db30cc06a3636e69f7bda94663dbe4a251b

SHA256
71721b47b90889b0cb9680e990254008d41aaa97364b6ba0dc30fdfb619452ab

SHA512
da24862a3e4fbe551d67349f6a17bf6c32d6ee36d114e72446eca7c83ef2145ebdc57e12a1159ca3a5a7190397945b0bd37b200a0f6a5a18a14a09186629a146

Download Submit
C:\Windows\system\mjTxRqG.exe

Filesize
6.1MB

MD5
290929917f8de61afefbdecb38ddd9e8

SHA1
ad91836bbaf09d918eaa8cb2f080e562f062c119

SHA256
0b521998dfc32021fd7dfec4c288e222382e1df3a4e20b3d54b1cc20d78a7a97

SHA512
978421a22584d544d380ba6dd64182dc579b3509d5fdc60404b613ab1efc0fb59ab290659c28e205b7444c463ea86e0b51124f3c6f4aa6780608cffe09c2d0d9

Download Submit
C:\Windows\system\ndsrLde.exe

Filesize
6.1MB

MD5
790964004f0b1a423daf97cd5efce251

SHA1
9c6bd3fc8db0a16db82b693bcbc021581ea42c77

SHA256
c33e009cc78b0e4a4d83c24c4bbd95c6582da527de9fa90c4bc749708e98748f

SHA512
aecf3bfd3bb4313fd632d344eb8e3c532753869c712cdc473a75c1775f31ee03697858becdc5ff3091c898cfd6e7ce27e4f2e186d263d831c08af3ae21f47327

Download Submit
C:\Windows\system\oJEeRvV.exe

Filesize
6.0MB

MD5
7e001ccbd494602b7cd67cf9d4afe964

SHA1
d10d006b3eff1f5fa72237681bfa1bf0f776bb2f

SHA256
44bfb919ed3e14662a945adb65602414cf2f32f70224c0b6df3ebf579ebf3473

SHA512
c0c7e1f4938901008c3350f3d633a660e94af37093c6d917e117a7b46f055621a36c06a217cad676e99f620b1e17395f1833675ab546f7e96aa919814a8f3f0b

Download Submit
C:\Windows\system\owItWeu.exe

Filesize
6.1MB

MD5
1285b531326f4f7f214873f8a0c4362b

SHA1
05a0e6c238c10e136eed6dbf5a7f361604cafe31

SHA256
ed50836949c5a57957fc034e27c753abc5af725169022984f5a92c6427501d4e

SHA512
77ccc461940455d5c4a27f5965239adfc9ac9a4f68ec1170c71d75957591d5e63098c75cfc72a265a0f8f7f9f34db7099a6a0c3d08841460e562cffb67026eb4

Download Submit
C:\Windows\system\pYKGpZH.exe

Filesize
6.1MB

MD5
1026adc6d0a3a5249321bfcc718ac639

SHA1
92835763c48a692db17b7ac4576a9c40f4144702

SHA256
9f3b5b90b43a29dc208eab8f8de36da623aa8bdbd7af5db7780affd75555fea9

SHA512
fc0a4443e145eb2a25951c6415c73e3c61a3efa3db0acb8be619dabdd7cb270682a3eff5863a7e3a5654f1d8d952a677572fa1ea4a126a0814c5ca2ed9d015ea

Download Submit
C:\Windows\system\sFEekNw.exe

Filesize
6.1MB

MD5
947b2479a6159d97e518c71c7bd49105

SHA1
a8d971f68726e5de222cbb7425344c2468a0a143

SHA256
c0a9cd160feea5bd9569407bb6659b412bd22335cf546c460714c72c6911779d

SHA512
f2d45d62d9b3524291629d4805980209c7ad44767dbb0f0eb4813e33b9342d5edf2bd54d935fec0fa6b3ccb6f5ebe614ddef8810e0360da581bbc1f1145685c9

Download Submit
C:\Windows\system\tUAWjxe.exe

Filesize
6.0MB

MD5
cb26c0f1c60c403dd9f483bf9d04706b

SHA1
cce9b0b66d7834837465bb457e2c0cc3ea510b89

SHA256
a2d33c5ea5561e0b2da984ad946e31805109212f548b787e60b927245e545236

SHA512
1842b2279fc60d1fb426efed2e318878597443cf1c63f5404a0dc536fee005246f079698f4ad6b614e549ddf753948d4b773a6b1c8232e09cb504575876d2c1d

Download Submit
C:\Windows\system\uBhmAMB.exe

Filesize
6.1MB

MD5
4abec336416fbacc8161903a310bc10e

SHA1
5551dbb857b25adadb188bfab59b256e69ce51ef

SHA256
2fff3a392c7b9ad65b260ffb8f55664d1cb8311b4d0409b01ea825ea873734aa

SHA512
a2480ad4f8af073cfc725f36da338bfbc29a25b395d451ec8745008c358b5667a2a242e2cddbed8ba33f9a4f9366ef5b847c5fb4af273cc11c70e3fe5371e3b2

Download Submit
C:\Windows\system\uUrVvpX.exe

Filesize
6.0MB

MD5
b5b34c557ed3acc397a895e3a5f3b441

SHA1
fa48f1f55a0ab935626afb1d06331f5be02d724e

SHA256
d1b59f76212b04751497c58c3d16097e8cab4ef3d5594edfc7023e989a511217

SHA512
40491f05b53640a9e783cc1f50def556cd10a469d09865f7194d1f7e6a606ef7e82a10148cc04af393a184a14f3ea5b91091e3dee20536c032497bb413b8e8ff

Download Submit
C:\Windows\system\vWbLvLA.exe

Filesize
6.1MB

MD5
04fbf5e4fac10839bb3f2751ac21a052

SHA1
1023c371b5df0ce26a704cc72db6409bda54019a

SHA256
d97ba5f6901aee5c3c216fc948ebff1bb54fbdbb9614eb26ab345807b1cefafa

SHA512
d2e480d012eb9b68119c0207eedd2b2a8df16520944355cba348f0c17ee297c3af966e834d8bfd93fee45116984ea697aac342cd4b6ec252fd9fdad28b2b27e4

Download Submit
C:\Windows\system\yKhAxJS.exe

Filesize
6.0MB

MD5
b1c93a1acbb6c1832908efbbe17915a9

SHA1
90233ee0c06fafed1cab4edbbd61fd12a558d0bb

SHA256
851adba629c915ec0a791d3177c3811ba20b1c3b00c51efc1976bfb9276d0f44

SHA512
5e2e084296b08e3cb0ca07e1cf2f53a4282f234d6c2ee896b7a5258ea758ce2748c9b652a06bbb80db9dabef4c2345606aed088b5d9caad4b41008e3cc0abd28

Download Submit
C:\Windows\system\zkNDwQf.exe

Filesize
6.1MB

MD5
8a0076b308f4c7cb7b638f64c237bdcb

SHA1
8b657389067986947dcd392864235a3d1bad2d7b

SHA256
c3a91803e55938275321dc43ec5c98be31343c9afcd09aa697f17b4a2ef98ed4

SHA512
272ad64b8488ab110caf7f57af182c22827c186b1e0f158fce254a20c84a0f23206f25a883dbf281c90497c7b698f599a097c071b7073deb68d833994cb8d53d

Download Submit
\Windows\system\tiAhgBn.exe

Filesize
6.0MB

MD5
81572b50ddd651b5a210133a5df24e81

SHA1
af6b2ff4de0f68ab50c58896ca7f89d9fe7d598a

SHA256
7fdc3f6a112149cd301c2dcf073d7202998a84cb082e5db644dd8a816ad128b9

SHA512
e5f64c1c2a0c634bb9150c539e779ce6a922c352937c256902de0f5b0bc6f81e68c123b4f1b58e1d5aeb860eb8c796075906afe1c5df17fdb8eac6b67a04c1ac

Download Submit
memory/560-4031-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/560-1734-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1008-4028-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1008-813-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1404-4036-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/1404-1718-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/1540-24-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/1540-3712-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/1540-2737-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/1572-1725-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1572-4029-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-2843-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/1944-4035-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/1944-720-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1747-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2124-4032-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2140-12-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2140-3701-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2140-2636-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2236-4027-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-668-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-2826-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-692-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-4034-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-2836-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-4030-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2608-670-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2700-678-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2700-4033-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2832-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3711-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-2738-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-107-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2831-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2930-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2828-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2839-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-696-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2848-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2862-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2860-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2868-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2858-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2854-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2475-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2834-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1739-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1686-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2816-0-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2816-8-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2928-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-679-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1722-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-669-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2816-671-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1752-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1751-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-803-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1727-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1750-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-15-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3693-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2673-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download