cobaltstrike | c0458cb17a9be2a0ee3df2b1ebf923af3a829c73ef0f2547df44c7c25eb7b751

Analysis

max time kernel
149s
max time network
27s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-09-2024 07:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

62e9e190d8fb2ba5502f6bc63765d564
SHA1

8073389013134a9f27eef8a524b32cb929fc607e
SHA256

c0458cb17a9be2a0ee3df2b1ebf923af3a829c73ef0f2547df44c7c25eb7b751
SHA512

77797a53ac7cc451d121cf3d52b98b18e5c16760dc6bf3f044db2ce52bfe67a07064e692d1abba91dca9ce7b75c9247294257504d9b499105e30c8eaa4971c69
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUB:T+q56utgpPF8u/7B

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012261-6.dat	cobalt_reflective_dll
behavioral1/files/0x002a00000001870b-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018afc-10.dat	cobalt_reflective_dll
behavioral1/files/0x002b000000018710-33.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b03-26.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b54-36.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fcd-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019074-126.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191bb-144.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019206-180.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000192d3-190.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000192ad-184.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191ed-170.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191f7-176.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191c8-153.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191d2-150.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001919b-135.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191da-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019044-119.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191b3-142.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001915a-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001904d-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001903d-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019028-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018ffa-91.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b64-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b5d-74.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001901a-101.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b62-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fe2-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fca-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b58-43.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/584-0-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/files/0x000b000000012261-6.dat	xmrig
behavioral1/files/0x002a00000001870b-8.dat	xmrig
behavioral1/files/0x0008000000018afc-10.dat	xmrig
behavioral1/memory/2324-22-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2940-21-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2848-19-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x002b000000018710-33.dat	xmrig
behavioral1/files/0x0006000000018b03-26.dat	xmrig
behavioral1/memory/2560-29-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/files/0x0006000000018b54-36.dat	xmrig
behavioral1/files/0x0005000000018fcd-78.dat	xmrig
behavioral1/files/0x0005000000019074-126.dat	xmrig
behavioral1/files/0x00040000000191bb-144.dat	xmrig
behavioral1/memory/2880-167-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x0004000000019206-180.dat	xmrig
behavioral1/memory/2756-262-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/584-598-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2000-1819-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2756-1820-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/336-1818-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2848-1742-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2324-1668-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2940-1671-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2560-1828-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/1692-2012-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2452-2108-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/1244-2001-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/1716-1951-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2728-1931-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2652-1898-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2880-1823-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/584-697-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/1244-523-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2000-377-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/336-192-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x00040000000192d3-190.dat	xmrig
behavioral1/files/0x00040000000192ad-184.dat	xmrig
behavioral1/files/0x00040000000191ed-170.dat	xmrig
behavioral1/files/0x00040000000191f7-176.dat	xmrig
behavioral1/files/0x00040000000191c8-153.dat	xmrig
behavioral1/files/0x00040000000191d2-150.dat	xmrig
behavioral1/files/0x000400000001919b-135.dat	xmrig
behavioral1/files/0x00040000000191da-156.dat	xmrig
behavioral1/files/0x0005000000019044-119.dat	xmrig
behavioral1/files/0x00040000000191b3-142.dat	xmrig
behavioral1/files/0x000400000001915a-133.dat	xmrig
behavioral1/files/0x000500000001904d-124.dat	xmrig
behavioral1/files/0x000500000001903d-114.dat	xmrig
behavioral1/files/0x0005000000019028-110.dat	xmrig
behavioral1/memory/1692-106-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2848-96-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/1244-94-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018ffa-91.dat	xmrig
behavioral1/memory/584-105-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b64-76.dat	xmrig
behavioral1/files/0x0006000000018b5d-74.dat	xmrig
behavioral1/files/0x000500000001901a-101.dat	xmrig
behavioral1/files/0x0007000000018b62-54.dat	xmrig
behavioral1/memory/336-47-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/584-90-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/584-89-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2452-88-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/1716-87-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2324	NoKIith.exe
2848	FMYNisN.exe
2940	ywBaPJD.exe
2560	SDAsxYQ.exe
2880	bqpjbcH.exe
336	LYnUQFX.exe
2756	wKqzoWd.exe
2000	HNpPdcz.exe
2728	uFUHOzB.exe
2652	NJThWZM.exe
1716	zwUoQUP.exe
2452	MHUPSDg.exe
1244	oNUUUSX.exe
1692	KukAyis.exe
2096	vdrgoOr.exe
2888	DWnEYbP.exe
1968	EyNCDjB.exe
576	Dqwiyxq.exe
612	lDeZpgC.exe
2292	odyINnN.exe
972	KCnyOeO.exe
324	bbYFlAG.exe
2412	oPXsyVi.exe
2356	eyTUTAl.exe
1252	VNyFtPf.exe
924	pIovhjY.exe
1144	mfuKDwo.exe
264	rnBdNue.exe
2380	IIUEbot.exe
2004	zmGQOkd.exe
892	fONhGsq.exe
2288	qqxiznZ.exe
1552	bxsabIq.exe
752	UeZnjMh.exe
2792	nIVscsT.exe
1948	VoFVzXt.exe
1544	RzYaLMW.exe
2700	KDiSzNA.exe
2516	GjBQGka.exe
1496	assBOWU.exe
1964	pwbsfKt.exe
2552	ddqnSfv.exe
2208	zIkrExC.exe
1904	fGomORO.exe
1980	zbUfewP.exe
668	aGZvzWQ.exe
2636	LFkCgnU.exe
1972	lxepbve.exe
1660	GsvlpKo.exe
872	TRCbUSh.exe
1136	KSZkmiZ.exe
1616	jgvXKNo.exe
1060	CANrjGx.exe
2964	ZgzLaFb.exe
1728	QQRAxUT.exe
1468	IkSWrzG.exe
2416	lczYFOd.exe
3068	kpTcWBe.exe
1612	AcXGcYP.exe
2064	DCoppJP.exe
2808	ogJSCYq.exe
1512	mnHjICj.exe
2720	nCofWWO.exe
2272	Izorbxz.exe

Loads dropped DLL 64 IoCs

pid	Process
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/584-0-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/files/0x000b000000012261-6.dat	upx
behavioral1/files/0x002a00000001870b-8.dat	upx
behavioral1/files/0x0008000000018afc-10.dat	upx
behavioral1/memory/2324-22-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2940-21-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2848-19-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x002b000000018710-33.dat	upx
behavioral1/files/0x0006000000018b03-26.dat	upx
behavioral1/memory/2560-29-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/files/0x0006000000018b54-36.dat	upx
behavioral1/files/0x0005000000018fcd-78.dat	upx
behavioral1/files/0x0005000000019074-126.dat	upx
behavioral1/files/0x00040000000191bb-144.dat	upx
behavioral1/memory/2880-167-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x0004000000019206-180.dat	upx
behavioral1/memory/2756-262-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2000-1819-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2756-1820-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/336-1818-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2848-1742-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2324-1668-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2940-1671-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2560-1828-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/1692-2012-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2452-2108-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/1244-2001-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/1716-1951-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2728-1931-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2652-1898-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2880-1823-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/1244-523-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2000-377-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/336-192-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x00040000000192d3-190.dat	upx
behavioral1/files/0x00040000000192ad-184.dat	upx
behavioral1/files/0x00040000000191ed-170.dat	upx
behavioral1/files/0x00040000000191f7-176.dat	upx
behavioral1/files/0x00040000000191c8-153.dat	upx
behavioral1/files/0x00040000000191d2-150.dat	upx
behavioral1/files/0x000400000001919b-135.dat	upx
behavioral1/files/0x00040000000191da-156.dat	upx
behavioral1/files/0x0005000000019044-119.dat	upx
behavioral1/files/0x00040000000191b3-142.dat	upx
behavioral1/files/0x000400000001915a-133.dat	upx
behavioral1/files/0x000500000001904d-124.dat	upx
behavioral1/files/0x000500000001903d-114.dat	upx
behavioral1/files/0x0005000000019028-110.dat	upx
behavioral1/memory/1692-106-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2848-96-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/1244-94-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/files/0x0005000000018ffa-91.dat	upx
behavioral1/files/0x0007000000018b64-76.dat	upx
behavioral1/files/0x0006000000018b5d-74.dat	upx
behavioral1/files/0x000500000001901a-101.dat	upx
behavioral1/files/0x0007000000018b62-54.dat	upx
behavioral1/memory/336-47-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/584-89-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2452-88-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/1716-87-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2652-86-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2728-85-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x0005000000018fe2-83.dat	upx
behavioral1/memory/2000-65-0x000000013F800000-0x000000013FB54000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MEAtUEp.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cvSJouB.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tTLynkJ.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xmXsRFS.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PAyxofP.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mjlrIob.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vVzbaFK.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vikCgpo.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UsoTrIW.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EKfaKLR.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LJxkQFy.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ttideyu.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SKvsfWe.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OXEeDhQ.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OLbsTZS.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ukdZoBQ.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FaPaQyg.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JrjEaoL.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rviQwQd.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRucZas.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgDHBHv.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFgwYFy.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhDeIeF.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ginilfD.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oqAfWbj.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFyyVTu.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\crvngZZ.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnMhRNC.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JwACJIg.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FlHOkFA.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mvJqlef.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SpqoHzc.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rDFBRkW.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dMYBxLp.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WWsjDnP.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zToZXAl.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cYsaiLL.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\endJjIH.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oVCNJCP.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LzAXNjq.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\evPyHQS.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yBNdyoA.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fCwKiqd.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ADAPwer.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJZKHNA.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cPHawrb.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MEsZTrQ.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdsvkRE.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ObrsOsu.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWZYCYZ.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DdMZTrU.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OmmRMaS.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FWMVbmE.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NCYMPpl.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\raKOIPG.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dAcneBu.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rAxzwdw.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xvgYMlC.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BxMqUIg.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bqohbFi.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\soHyTPu.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgRpqBa.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mMZTDiy.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QivNalQ.exe	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 584 wrote to memory of 2324	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 584 wrote to memory of 2324	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 584 wrote to memory of 2324	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 584 wrote to memory of 2848	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 584 wrote to memory of 2848	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 584 wrote to memory of 2848	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 584 wrote to memory of 2940	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 584 wrote to memory of 2940	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 584 wrote to memory of 2940	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 584 wrote to memory of 2560	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 584 wrote to memory of 2560	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 584 wrote to memory of 2560	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 584 wrote to memory of 2880	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 584 wrote to memory of 2880	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 584 wrote to memory of 2880	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 584 wrote to memory of 2728	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 584 wrote to memory of 2728	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 584 wrote to memory of 2728	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 584 wrote to memory of 336	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 584 wrote to memory of 336	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 584 wrote to memory of 336	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 584 wrote to memory of 2652	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 584 wrote to memory of 2652	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 584 wrote to memory of 2652	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 584 wrote to memory of 2756	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 584 wrote to memory of 2756	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 584 wrote to memory of 2756	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 584 wrote to memory of 1716	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 584 wrote to memory of 1716	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 584 wrote to memory of 1716	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 584 wrote to memory of 2000	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 584 wrote to memory of 2000	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 584 wrote to memory of 2000	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 584 wrote to memory of 2452	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 584 wrote to memory of 2452	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 584 wrote to memory of 2452	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 584 wrote to memory of 1244	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 584 wrote to memory of 1244	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 584 wrote to memory of 1244	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 584 wrote to memory of 2096	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 584 wrote to memory of 2096	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 584 wrote to memory of 2096	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 584 wrote to memory of 1692	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 584 wrote to memory of 1692	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 584 wrote to memory of 1692	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 584 wrote to memory of 2888	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 584 wrote to memory of 2888	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 584 wrote to memory of 2888	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 584 wrote to memory of 1968	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 584 wrote to memory of 1968	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 584 wrote to memory of 1968	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 584 wrote to memory of 576	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 584 wrote to memory of 576	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 584 wrote to memory of 576	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 584 wrote to memory of 612	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 584 wrote to memory of 612	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 584 wrote to memory of 612	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 584 wrote to memory of 2292	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 584 wrote to memory of 2292	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 584 wrote to memory of 2292	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 584 wrote to memory of 972	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 584 wrote to memory of 972	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 584 wrote to memory of 972	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 584 wrote to memory of 1252	584	2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-22_62e9e190d8fb2ba5502f6bc63765d564_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:584
- C:\Windows\System\NoKIith.exe
  C:\Windows\System\NoKIith.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\FMYNisN.exe
  C:\Windows\System\FMYNisN.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\ywBaPJD.exe
  C:\Windows\System\ywBaPJD.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\SDAsxYQ.exe
  C:\Windows\System\SDAsxYQ.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\bqpjbcH.exe
  C:\Windows\System\bqpjbcH.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\uFUHOzB.exe
  C:\Windows\System\uFUHOzB.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\LYnUQFX.exe
  C:\Windows\System\LYnUQFX.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\NJThWZM.exe
  C:\Windows\System\NJThWZM.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\wKqzoWd.exe
  C:\Windows\System\wKqzoWd.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\zwUoQUP.exe
  C:\Windows\System\zwUoQUP.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\HNpPdcz.exe
  C:\Windows\System\HNpPdcz.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\MHUPSDg.exe
  C:\Windows\System\MHUPSDg.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\oNUUUSX.exe
  C:\Windows\System\oNUUUSX.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\vdrgoOr.exe
  C:\Windows\System\vdrgoOr.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\KukAyis.exe
  C:\Windows\System\KukAyis.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\DWnEYbP.exe
  C:\Windows\System\DWnEYbP.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\EyNCDjB.exe
  C:\Windows\System\EyNCDjB.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\Dqwiyxq.exe
  C:\Windows\System\Dqwiyxq.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\lDeZpgC.exe
  C:\Windows\System\lDeZpgC.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\odyINnN.exe
  C:\Windows\System\odyINnN.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\KCnyOeO.exe
  C:\Windows\System\KCnyOeO.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\VNyFtPf.exe
  C:\Windows\System\VNyFtPf.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\bbYFlAG.exe
  C:\Windows\System\bbYFlAG.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\pIovhjY.exe
  C:\Windows\System\pIovhjY.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\oPXsyVi.exe
  C:\Windows\System\oPXsyVi.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\mfuKDwo.exe
  C:\Windows\System\mfuKDwo.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\eyTUTAl.exe
  C:\Windows\System\eyTUTAl.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\rnBdNue.exe
  C:\Windows\System\rnBdNue.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\IIUEbot.exe
  C:\Windows\System\IIUEbot.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\zmGQOkd.exe
  C:\Windows\System\zmGQOkd.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\fONhGsq.exe
  C:\Windows\System\fONhGsq.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\qqxiznZ.exe
  C:\Windows\System\qqxiznZ.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\bxsabIq.exe
  C:\Windows\System\bxsabIq.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\UeZnjMh.exe
  C:\Windows\System\UeZnjMh.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\nIVscsT.exe
  C:\Windows\System\nIVscsT.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\VoFVzXt.exe
  C:\Windows\System\VoFVzXt.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\RzYaLMW.exe
  C:\Windows\System\RzYaLMW.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\KDiSzNA.exe
  C:\Windows\System\KDiSzNA.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\GjBQGka.exe
  C:\Windows\System\GjBQGka.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\ddqnSfv.exe
  C:\Windows\System\ddqnSfv.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\assBOWU.exe
  C:\Windows\System\assBOWU.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\fGomORO.exe
  C:\Windows\System\fGomORO.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\pwbsfKt.exe
  C:\Windows\System\pwbsfKt.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\zbUfewP.exe
  C:\Windows\System\zbUfewP.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\zIkrExC.exe
  C:\Windows\System\zIkrExC.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\aGZvzWQ.exe
  C:\Windows\System\aGZvzWQ.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\LFkCgnU.exe
  C:\Windows\System\LFkCgnU.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\CANrjGx.exe
  C:\Windows\System\CANrjGx.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\lxepbve.exe
  C:\Windows\System\lxepbve.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\QQRAxUT.exe
  C:\Windows\System\QQRAxUT.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\GsvlpKo.exe
  C:\Windows\System\GsvlpKo.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\IkSWrzG.exe
  C:\Windows\System\IkSWrzG.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\TRCbUSh.exe
  C:\Windows\System\TRCbUSh.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\kpTcWBe.exe
  C:\Windows\System\kpTcWBe.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\KSZkmiZ.exe
  C:\Windows\System\KSZkmiZ.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\AcXGcYP.exe
  C:\Windows\System\AcXGcYP.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\jgvXKNo.exe
  C:\Windows\System\jgvXKNo.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\DCoppJP.exe
  C:\Windows\System\DCoppJP.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\ZgzLaFb.exe
  C:\Windows\System\ZgzLaFb.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\ogJSCYq.exe
  C:\Windows\System\ogJSCYq.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\lczYFOd.exe
  C:\Windows\System\lczYFOd.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\mnHjICj.exe
  C:\Windows\System\mnHjICj.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\nCofWWO.exe
  C:\Windows\System\nCofWWO.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\caNTPar.exe
  C:\Windows\System\caNTPar.exe
  2⤵
  PID:2476
- C:\Windows\System\Izorbxz.exe
  C:\Windows\System\Izorbxz.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\VyOvISY.exe
  C:\Windows\System\VyOvISY.exe
  2⤵
  PID:3060
- C:\Windows\System\BtWUFkK.exe
  C:\Windows\System\BtWUFkK.exe
  2⤵
  PID:828
- C:\Windows\System\YdogjTy.exe
  C:\Windows\System\YdogjTy.exe
  2⤵
  PID:680
- C:\Windows\System\VgLGrZT.exe
  C:\Windows\System\VgLGrZT.exe
  2⤵
  PID:2460
- C:\Windows\System\itXCvIj.exe
  C:\Windows\System\itXCvIj.exe
  2⤵
  PID:2092
- C:\Windows\System\MCVlVHQ.exe
  C:\Windows\System\MCVlVHQ.exe
  2⤵
  PID:1012
- C:\Windows\System\WYECKJf.exe
  C:\Windows\System\WYECKJf.exe
  2⤵
  PID:840
- C:\Windows\System\gVeaAHt.exe
  C:\Windows\System\gVeaAHt.exe
  2⤵
  PID:2372
- C:\Windows\System\evtrpJN.exe
  C:\Windows\System\evtrpJN.exe
  2⤵
  PID:1888
- C:\Windows\System\JadrZcl.exe
  C:\Windows\System\JadrZcl.exe
  2⤵
  PID:1588
- C:\Windows\System\BelgPNY.exe
  C:\Windows\System\BelgPNY.exe
  2⤵
  PID:900
- C:\Windows\System\YxYAMzx.exe
  C:\Windows\System\YxYAMzx.exe
  2⤵
  PID:1680
- C:\Windows\System\WcyusUj.exe
  C:\Windows\System\WcyusUj.exe
  2⤵
  PID:1784
- C:\Windows\System\yGJcNQe.exe
  C:\Windows\System\yGJcNQe.exe
  2⤵
  PID:1956
- C:\Windows\System\dhMpkXq.exe
  C:\Windows\System\dhMpkXq.exe
  2⤵
  PID:2528
- C:\Windows\System\crvngZZ.exe
  C:\Windows\System\crvngZZ.exe
  2⤵
  PID:1428
- C:\Windows\System\mxBXKuZ.exe
  C:\Windows\System\mxBXKuZ.exe
  2⤵
  PID:2264
- C:\Windows\System\yAfhAMM.exe
  C:\Windows\System\yAfhAMM.exe
  2⤵
  PID:1128
- C:\Windows\System\daKUIWX.exe
  C:\Windows\System\daKUIWX.exe
  2⤵
  PID:2240
- C:\Windows\System\eWmzrRF.exe
  C:\Windows\System\eWmzrRF.exe
  2⤵
  PID:2816
- C:\Windows\System\SjgXmGz.exe
  C:\Windows\System\SjgXmGz.exe
  2⤵
  PID:2024
- C:\Windows\System\KPiyHSm.exe
  C:\Windows\System\KPiyHSm.exe
  2⤵
  PID:572
- C:\Windows\System\NcWMfae.exe
  C:\Windows\System\NcWMfae.exe
  2⤵
  PID:2532
- C:\Windows\System\pRXzHGp.exe
  C:\Windows\System\pRXzHGp.exe
  2⤵
  PID:1740
- C:\Windows\System\mBpJHiU.exe
  C:\Windows\System\mBpJHiU.exe
  2⤵
  PID:2908
- C:\Windows\System\cpBJOBY.exe
  C:\Windows\System\cpBJOBY.exe
  2⤵
  PID:2956
- C:\Windows\System\OENGDgc.exe
  C:\Windows\System\OENGDgc.exe
  2⤵
  PID:2736
- C:\Windows\System\KzdEZAf.exe
  C:\Windows\System\KzdEZAf.exe
  2⤵
  PID:2680
- C:\Windows\System\svoarAz.exe
  C:\Windows\System\svoarAz.exe
  2⤵
  PID:2872
- C:\Windows\System\fTJbURZ.exe
  C:\Windows\System\fTJbURZ.exe
  2⤵
  PID:1640
- C:\Windows\System\TmJhEFY.exe
  C:\Windows\System\TmJhEFY.exe
  2⤵
  PID:3040
- C:\Windows\System\mGHFtCx.exe
  C:\Windows\System\mGHFtCx.exe
  2⤵
  PID:1892
- C:\Windows\System\MuoxDtS.exe
  C:\Windows\System\MuoxDtS.exe
  2⤵
  PID:1652
- C:\Windows\System\qrUHoyU.exe
  C:\Windows\System\qrUHoyU.exe
  2⤵
  PID:2116
- C:\Windows\System\qqZIqds.exe
  C:\Windows\System\qqZIqds.exe
  2⤵
  PID:2420
- C:\Windows\System\Vmmweet.exe
  C:\Windows\System\Vmmweet.exe
  2⤵
  PID:1164
- C:\Windows\System\iEhlWEj.exe
  C:\Windows\System\iEhlWEj.exe
  2⤵
  PID:2168
- C:\Windows\System\NZpLSWO.exe
  C:\Windows\System\NZpLSWO.exe
  2⤵
  PID:308
- C:\Windows\System\nezxInj.exe
  C:\Windows\System\nezxInj.exe
  2⤵
  PID:2600
- C:\Windows\System\nnOphzA.exe
  C:\Windows\System\nnOphzA.exe
  2⤵
  PID:3092
- C:\Windows\System\NKsnWwg.exe
  C:\Windows\System\NKsnWwg.exe
  2⤵
  PID:3112
- C:\Windows\System\ecqDzgI.exe
  C:\Windows\System\ecqDzgI.exe
  2⤵
  PID:3132
- C:\Windows\System\qQyqheq.exe
  C:\Windows\System\qQyqheq.exe
  2⤵
  PID:3152
- C:\Windows\System\vTJPqyO.exe
  C:\Windows\System\vTJPqyO.exe
  2⤵
  PID:3172
- C:\Windows\System\zoFIxsD.exe
  C:\Windows\System\zoFIxsD.exe
  2⤵
  PID:3196
- C:\Windows\System\aWaFnwK.exe
  C:\Windows\System\aWaFnwK.exe
  2⤵
  PID:3216
- C:\Windows\System\rFAPjvw.exe
  C:\Windows\System\rFAPjvw.exe
  2⤵
  PID:3236
- C:\Windows\System\FToyofP.exe
  C:\Windows\System\FToyofP.exe
  2⤵
  PID:3256
- C:\Windows\System\EKyyPTI.exe
  C:\Windows\System\EKyyPTI.exe
  2⤵
  PID:3276
- C:\Windows\System\bnNhttc.exe
  C:\Windows\System\bnNhttc.exe
  2⤵
  PID:3296
- C:\Windows\System\nfrCjIl.exe
  C:\Windows\System\nfrCjIl.exe
  2⤵
  PID:3316
- C:\Windows\System\VoIvvdM.exe
  C:\Windows\System\VoIvvdM.exe
  2⤵
  PID:3332
- C:\Windows\System\JYICniO.exe
  C:\Windows\System\JYICniO.exe
  2⤵
  PID:3348
- C:\Windows\System\zaxzzgE.exe
  C:\Windows\System\zaxzzgE.exe
  2⤵
  PID:3364
- C:\Windows\System\NyaQzao.exe
  C:\Windows\System\NyaQzao.exe
  2⤵
  PID:3388
- C:\Windows\System\SJtUlSu.exe
  C:\Windows\System\SJtUlSu.exe
  2⤵
  PID:3412
- C:\Windows\System\RpuiBTb.exe
  C:\Windows\System\RpuiBTb.exe
  2⤵
  PID:3432
- C:\Windows\System\qgYyFTu.exe
  C:\Windows\System\qgYyFTu.exe
  2⤵
  PID:3452
- C:\Windows\System\YtUMeSg.exe
  C:\Windows\System\YtUMeSg.exe
  2⤵
  PID:3476
- C:\Windows\System\IFNMhtN.exe
  C:\Windows\System\IFNMhtN.exe
  2⤵
  PID:3496
- C:\Windows\System\xIXrTXY.exe
  C:\Windows\System\xIXrTXY.exe
  2⤵
  PID:3516
- C:\Windows\System\DxIdIRq.exe
  C:\Windows\System\DxIdIRq.exe
  2⤵
  PID:3536
- C:\Windows\System\HjlJQka.exe
  C:\Windows\System\HjlJQka.exe
  2⤵
  PID:3556
- C:\Windows\System\fNbtNtD.exe
  C:\Windows\System\fNbtNtD.exe
  2⤵
  PID:3576
- C:\Windows\System\yEDKKeL.exe
  C:\Windows\System\yEDKKeL.exe
  2⤵
  PID:3600
- C:\Windows\System\OeiYDWC.exe
  C:\Windows\System\OeiYDWC.exe
  2⤵
  PID:3620
- C:\Windows\System\soHyTPu.exe
  C:\Windows\System\soHyTPu.exe
  2⤵
  PID:3640
- C:\Windows\System\brsPRkK.exe
  C:\Windows\System\brsPRkK.exe
  2⤵
  PID:3660
- C:\Windows\System\dEVdmRz.exe
  C:\Windows\System\dEVdmRz.exe
  2⤵
  PID:3680
- C:\Windows\System\xbHiAag.exe
  C:\Windows\System\xbHiAag.exe
  2⤵
  PID:3700
- C:\Windows\System\ArSIJUt.exe
  C:\Windows\System\ArSIJUt.exe
  2⤵
  PID:3716
- C:\Windows\System\TmGwOpw.exe
  C:\Windows\System\TmGwOpw.exe
  2⤵
  PID:3740
- C:\Windows\System\HLgSeOo.exe
  C:\Windows\System\HLgSeOo.exe
  2⤵
  PID:3760
- C:\Windows\System\EjikxPM.exe
  C:\Windows\System\EjikxPM.exe
  2⤵
  PID:3780
- C:\Windows\System\tTJIxwf.exe
  C:\Windows\System\tTJIxwf.exe
  2⤵
  PID:3800
- C:\Windows\System\QGiVIyu.exe
  C:\Windows\System\QGiVIyu.exe
  2⤵
  PID:3820
- C:\Windows\System\xKcAhGI.exe
  C:\Windows\System\xKcAhGI.exe
  2⤵
  PID:3844
- C:\Windows\System\soeilrO.exe
  C:\Windows\System\soeilrO.exe
  2⤵
  PID:3864
- C:\Windows\System\AWCkgdK.exe
  C:\Windows\System\AWCkgdK.exe
  2⤵
  PID:3880
- C:\Windows\System\oupAdvn.exe
  C:\Windows\System\oupAdvn.exe
  2⤵
  PID:3900
- C:\Windows\System\aijBOpU.exe
  C:\Windows\System\aijBOpU.exe
  2⤵
  PID:3924
- C:\Windows\System\wuuKVed.exe
  C:\Windows\System\wuuKVed.exe
  2⤵
  PID:3940
- C:\Windows\System\QmDTtyO.exe
  C:\Windows\System\QmDTtyO.exe
  2⤵
  PID:3960
- C:\Windows\System\nNbrCBz.exe
  C:\Windows\System\nNbrCBz.exe
  2⤵
  PID:3984
- C:\Windows\System\ukdZoBQ.exe
  C:\Windows\System\ukdZoBQ.exe
  2⤵
  PID:4000
- C:\Windows\System\AnMXCAk.exe
  C:\Windows\System\AnMXCAk.exe
  2⤵
  PID:4024
- C:\Windows\System\nSaCMQl.exe
  C:\Windows\System\nSaCMQl.exe
  2⤵
  PID:4044
- C:\Windows\System\CtLBILG.exe
  C:\Windows\System\CtLBILG.exe
  2⤵
  PID:4064
- C:\Windows\System\aELhOOk.exe
  C:\Windows\System\aELhOOk.exe
  2⤵
  PID:4088
- C:\Windows\System\bRBPtLc.exe
  C:\Windows\System\bRBPtLc.exe
  2⤵
  PID:1020
- C:\Windows\System\sAWahmh.exe
  C:\Windows\System\sAWahmh.exe
  2⤵
  PID:2996
- C:\Windows\System\aGIBXut.exe
  C:\Windows\System\aGIBXut.exe
  2⤵
  PID:1120
- C:\Windows\System\dgLQsVD.exe
  C:\Windows\System\dgLQsVD.exe
  2⤵
  PID:520
- C:\Windows\System\XXZZfiv.exe
  C:\Windows\System\XXZZfiv.exe
  2⤵
  PID:884
- C:\Windows\System\gMMuMxX.exe
  C:\Windows\System\gMMuMxX.exe
  2⤵
  PID:1704
- C:\Windows\System\oByHsBS.exe
  C:\Windows\System\oByHsBS.exe
  2⤵
  PID:2056
- C:\Windows\System\ODuVOFr.exe
  C:\Windows\System\ODuVOFr.exe
  2⤵
  PID:3020
- C:\Windows\System\vzgPzHm.exe
  C:\Windows\System\vzgPzHm.exe
  2⤵
  PID:2100
- C:\Windows\System\izITGDB.exe
  C:\Windows\System\izITGDB.exe
  2⤵
  PID:1628
- C:\Windows\System\fsBDgmZ.exe
  C:\Windows\System\fsBDgmZ.exe
  2⤵
  PID:1100
- C:\Windows\System\NJfvVzs.exe
  C:\Windows\System\NJfvVzs.exe
  2⤵
  PID:1260
- C:\Windows\System\zlNFTid.exe
  C:\Windows\System\zlNFTid.exe
  2⤵
  PID:3100
- C:\Windows\System\qTvIxZM.exe
  C:\Windows\System\qTvIxZM.exe
  2⤵
  PID:3144
- C:\Windows\System\srhxVeC.exe
  C:\Windows\System\srhxVeC.exe
  2⤵
  PID:288
- C:\Windows\System\UDCZyOj.exe
  C:\Windows\System\UDCZyOj.exe
  2⤵
  PID:3088
- C:\Windows\System\QtXDPIG.exe
  C:\Windows\System\QtXDPIG.exe
  2⤵
  PID:3160
- C:\Windows\System\zJdUeqT.exe
  C:\Windows\System\zJdUeqT.exe
  2⤵
  PID:3212
- C:\Windows\System\kuHCPIy.exe
  C:\Windows\System\kuHCPIy.exe
  2⤵
  PID:2120
- C:\Windows\System\zVyEBmb.exe
  C:\Windows\System\zVyEBmb.exe
  2⤵
  PID:3244
- C:\Windows\System\savAPFn.exe
  C:\Windows\System\savAPFn.exe
  2⤵
  PID:3312
- C:\Windows\System\kBxILfE.exe
  C:\Windows\System\kBxILfE.exe
  2⤵
  PID:3372
- C:\Windows\System\hoarmDl.exe
  C:\Windows\System\hoarmDl.exe
  2⤵
  PID:3324
- C:\Windows\System\tVuxQWh.exe
  C:\Windows\System\tVuxQWh.exe
  2⤵
  PID:3400
- C:\Windows\System\pvtPADn.exe
  C:\Windows\System\pvtPADn.exe
  2⤵
  PID:3460
- C:\Windows\System\qXnRgvO.exe
  C:\Windows\System\qXnRgvO.exe
  2⤵
  PID:3444
- C:\Windows\System\UhsVivf.exe
  C:\Windows\System\UhsVivf.exe
  2⤵
  PID:3512
- C:\Windows\System\xWZYCYZ.exe
  C:\Windows\System\xWZYCYZ.exe
  2⤵
  PID:3532
- C:\Windows\System\ndRloCR.exe
  C:\Windows\System\ndRloCR.exe
  2⤵
  PID:3596
- C:\Windows\System\DqWrmDB.exe
  C:\Windows\System\DqWrmDB.exe
  2⤵
  PID:3632
- C:\Windows\System\dwPwpMC.exe
  C:\Windows\System\dwPwpMC.exe
  2⤵
  PID:3668
- C:\Windows\System\JgjtPkD.exe
  C:\Windows\System\JgjtPkD.exe
  2⤵
  PID:3708
- C:\Windows\System\odDzbHG.exe
  C:\Windows\System\odDzbHG.exe
  2⤵
  PID:3724
- C:\Windows\System\QQebblY.exe
  C:\Windows\System\QQebblY.exe
  2⤵
  PID:3752
- C:\Windows\System\oORezGN.exe
  C:\Windows\System\oORezGN.exe
  2⤵
  PID:3792
- C:\Windows\System\PvEvTMn.exe
  C:\Windows\System\PvEvTMn.exe
  2⤵
  PID:3768
- C:\Windows\System\qawPQMV.exe
  C:\Windows\System\qawPQMV.exe
  2⤵
  PID:3872
- C:\Windows\System\CpLxQeJ.exe
  C:\Windows\System\CpLxQeJ.exe
  2⤵
  PID:3860
- C:\Windows\System\lqOfJCl.exe
  C:\Windows\System\lqOfJCl.exe
  2⤵
  PID:3888
- C:\Windows\System\EXmPbtu.exe
  C:\Windows\System\EXmPbtu.exe
  2⤵
  PID:3956
- C:\Windows\System\jFcBcKF.exe
  C:\Windows\System\jFcBcKF.exe
  2⤵
  PID:4072
- C:\Windows\System\onXprDt.exe
  C:\Windows\System\onXprDt.exe
  2⤵
  PID:3972
- C:\Windows\System\DaShbRO.exe
  C:\Windows\System\DaShbRO.exe
  2⤵
  PID:3976
- C:\Windows\System\QCDwWHZ.exe
  C:\Windows\System\QCDwWHZ.exe
  2⤵
  PID:1256
- C:\Windows\System\cvBWPSB.exe
  C:\Windows\System\cvBWPSB.exe
  2⤵
  PID:320
- C:\Windows\System\bSOxwSE.exe
  C:\Windows\System\bSOxwSE.exe
  2⤵
  PID:4060
- C:\Windows\System\ZeiaoAF.exe
  C:\Windows\System\ZeiaoAF.exe
  2⤵
  PID:1116
- C:\Windows\System\ZAKUhQD.exe
  C:\Windows\System\ZAKUhQD.exe
  2⤵
  PID:1928
- C:\Windows\System\AwmzoVr.exe
  C:\Windows\System\AwmzoVr.exe
  2⤵
  PID:3004
- C:\Windows\System\MKtYAYH.exe
  C:\Windows\System\MKtYAYH.exe
  2⤵
  PID:1560
- C:\Windows\System\OLFNnIM.exe
  C:\Windows\System\OLFNnIM.exe
  2⤵
  PID:2548
- C:\Windows\System\aqXuwcY.exe
  C:\Windows\System\aqXuwcY.exe
  2⤵
  PID:764
- C:\Windows\System\KxztiKM.exe
  C:\Windows\System\KxztiKM.exe
  2⤵
  PID:3180
- C:\Windows\System\EjGITzS.exe
  C:\Windows\System\EjGITzS.exe
  2⤵
  PID:2948
- C:\Windows\System\zZrZbGi.exe
  C:\Windows\System\zZrZbGi.exe
  2⤵
  PID:3124
- C:\Windows\System\QPzGwuH.exe
  C:\Windows\System\QPzGwuH.exe
  2⤵
  PID:3360
- C:\Windows\System\OADgiDD.exe
  C:\Windows\System\OADgiDD.exe
  2⤵
  PID:3552
- C:\Windows\System\WMkDHPE.exe
  C:\Windows\System\WMkDHPE.exe
  2⤵
  PID:3676
- C:\Windows\System\NWXPwIq.exe
  C:\Windows\System\NWXPwIq.exe
  2⤵
  PID:3224
- C:\Windows\System\tISrcBQ.exe
  C:\Windows\System\tISrcBQ.exe
  2⤵
  PID:3304
- C:\Windows\System\GBSDGjo.exe
  C:\Windows\System\GBSDGjo.exe
  2⤵
  PID:3832
- C:\Windows\System\JwACJIg.exe
  C:\Windows\System\JwACJIg.exe
  2⤵
  PID:3248
- C:\Windows\System\OYrXzRm.exe
  C:\Windows\System\OYrXzRm.exe
  2⤵
  PID:3504
- C:\Windows\System\QgbXscn.exe
  C:\Windows\System\QgbXscn.exe
  2⤵
  PID:3572
- C:\Windows\System\kmXqmZE.exe
  C:\Windows\System\kmXqmZE.exe
  2⤵
  PID:3612
- C:\Windows\System\RyeStZs.exe
  C:\Windows\System\RyeStZs.exe
  2⤵
  PID:4020
- C:\Windows\System\bKdfvzD.exe
  C:\Windows\System\bKdfvzD.exe
  2⤵
  PID:3732
- C:\Windows\System\wHZyfrl.exe
  C:\Windows\System\wHZyfrl.exe
  2⤵
  PID:3812
- C:\Windows\System\lyainDT.exe
  C:\Windows\System\lyainDT.exe
  2⤵
  PID:1168
- C:\Windows\System\yOdRAUq.exe
  C:\Windows\System\yOdRAUq.exe
  2⤵
  PID:3980
- C:\Windows\System\uPpwQoF.exe
  C:\Windows\System\uPpwQoF.exe
  2⤵
  PID:2820
- C:\Windows\System\doKHpzs.exe
  C:\Windows\System\doKHpzs.exe
  2⤵
  PID:4032
- C:\Windows\System\pPHJNbA.exe
  C:\Windows\System\pPHJNbA.exe
  2⤵
  PID:1756
- C:\Windows\System\xDwhGpt.exe
  C:\Windows\System\xDwhGpt.exe
  2⤵
  PID:3188
- C:\Windows\System\JoXsJJF.exe
  C:\Windows\System\JoXsJJF.exe
  2⤵
  PID:1668
- C:\Windows\System\DENuhHf.exe
  C:\Windows\System\DENuhHf.exe
  2⤵
  PID:2392
- C:\Windows\System\QgtYhiO.exe
  C:\Windows\System\QgtYhiO.exe
  2⤵
  PID:3636
- C:\Windows\System\hVkFWit.exe
  C:\Windows\System\hVkFWit.exe
  2⤵
  PID:3344
- C:\Windows\System\wTTdnIR.exe
  C:\Windows\System\wTTdnIR.exe
  2⤵
  PID:3584
- C:\Windows\System\kgzdSmq.exe
  C:\Windows\System\kgzdSmq.exe
  2⤵
  PID:3648
- C:\Windows\System\OPldpHl.exe
  C:\Windows\System\OPldpHl.exe
  2⤵
  PID:3696
- C:\Windows\System\AMzCsmr.exe
  C:\Windows\System\AMzCsmr.exe
  2⤵
  PID:3484
- C:\Windows\System\iuAunuC.exe
  C:\Windows\System\iuAunuC.exe
  2⤵
  PID:4108
- C:\Windows\System\vVzbaFK.exe
  C:\Windows\System\vVzbaFK.exe
  2⤵
  PID:4128
- C:\Windows\System\qAEaVrn.exe
  C:\Windows\System\qAEaVrn.exe
  2⤵
  PID:4148
- C:\Windows\System\jjJzxhE.exe
  C:\Windows\System\jjJzxhE.exe
  2⤵
  PID:4164
- C:\Windows\System\XsszJQm.exe
  C:\Windows\System\XsszJQm.exe
  2⤵
  PID:4184
- C:\Windows\System\DsjmoKa.exe
  C:\Windows\System\DsjmoKa.exe
  2⤵
  PID:4204
- C:\Windows\System\cYsaiLL.exe
  C:\Windows\System\cYsaiLL.exe
  2⤵
  PID:4228
- C:\Windows\System\YTEAmOR.exe
  C:\Windows\System\YTEAmOR.exe
  2⤵
  PID:4244
- C:\Windows\System\JJXJsIR.exe
  C:\Windows\System\JJXJsIR.exe
  2⤵
  PID:4264
- C:\Windows\System\EPblyyV.exe
  C:\Windows\System\EPblyyV.exe
  2⤵
  PID:4284
- C:\Windows\System\qDhjmNg.exe
  C:\Windows\System\qDhjmNg.exe
  2⤵
  PID:4300
- C:\Windows\System\uOtDkbp.exe
  C:\Windows\System\uOtDkbp.exe
  2⤵
  PID:4316
- C:\Windows\System\KmxLXKp.exe
  C:\Windows\System\KmxLXKp.exe
  2⤵
  PID:4340
- C:\Windows\System\ZECeRUi.exe
  C:\Windows\System\ZECeRUi.exe
  2⤵
  PID:4364
- C:\Windows\System\LqopIeS.exe
  C:\Windows\System\LqopIeS.exe
  2⤵
  PID:4384
- C:\Windows\System\KeVYZgK.exe
  C:\Windows\System\KeVYZgK.exe
  2⤵
  PID:4404
- C:\Windows\System\OksFCTh.exe
  C:\Windows\System\OksFCTh.exe
  2⤵
  PID:4420
- C:\Windows\System\wuguQyE.exe
  C:\Windows\System\wuguQyE.exe
  2⤵
  PID:4436
- C:\Windows\System\cjlolwt.exe
  C:\Windows\System\cjlolwt.exe
  2⤵
  PID:4456
- C:\Windows\System\HQLOLKg.exe
  C:\Windows\System\HQLOLKg.exe
  2⤵
  PID:4472
- C:\Windows\System\qRFwFXe.exe
  C:\Windows\System\qRFwFXe.exe
  2⤵
  PID:4492
- C:\Windows\System\zWrerDR.exe
  C:\Windows\System\zWrerDR.exe
  2⤵
  PID:4512
- C:\Windows\System\ibjIXxl.exe
  C:\Windows\System\ibjIXxl.exe
  2⤵
  PID:4532
- C:\Windows\System\mgTvAkd.exe
  C:\Windows\System\mgTvAkd.exe
  2⤵
  PID:4548
- C:\Windows\System\IiTxoWS.exe
  C:\Windows\System\IiTxoWS.exe
  2⤵
  PID:4572
- C:\Windows\System\SGeSHdx.exe
  C:\Windows\System\SGeSHdx.exe
  2⤵
  PID:4588
- C:\Windows\System\DhDeIeF.exe
  C:\Windows\System\DhDeIeF.exe
  2⤵
  PID:4612
- C:\Windows\System\gThWmiT.exe
  C:\Windows\System\gThWmiT.exe
  2⤵
  PID:4636
- C:\Windows\System\HBmUYHs.exe
  C:\Windows\System\HBmUYHs.exe
  2⤵
  PID:4652
- C:\Windows\System\HNFbkmp.exe
  C:\Windows\System\HNFbkmp.exe
  2⤵
  PID:4676
- C:\Windows\System\GfQISSO.exe
  C:\Windows\System\GfQISSO.exe
  2⤵
  PID:4696
- C:\Windows\System\nNSgtUm.exe
  C:\Windows\System\nNSgtUm.exe
  2⤵
  PID:4712
- C:\Windows\System\ZOXGtZm.exe
  C:\Windows\System\ZOXGtZm.exe
  2⤵
  PID:4728
- C:\Windows\System\rRdnvAq.exe
  C:\Windows\System\rRdnvAq.exe
  2⤵
  PID:4752
- C:\Windows\System\vZtvMak.exe
  C:\Windows\System\vZtvMak.exe
  2⤵
  PID:4772
- C:\Windows\System\NINuRGu.exe
  C:\Windows\System\NINuRGu.exe
  2⤵
  PID:4788
- C:\Windows\System\xJVVHWQ.exe
  C:\Windows\System\xJVVHWQ.exe
  2⤵
  PID:4812
- C:\Windows\System\ehCfSOS.exe
  C:\Windows\System\ehCfSOS.exe
  2⤵
  PID:4832
- C:\Windows\System\ezmJBnl.exe
  C:\Windows\System\ezmJBnl.exe
  2⤵
  PID:4856
- C:\Windows\System\AJQCBUo.exe
  C:\Windows\System\AJQCBUo.exe
  2⤵
  PID:4876
- C:\Windows\System\UHECqCx.exe
  C:\Windows\System\UHECqCx.exe
  2⤵
  PID:4896
- C:\Windows\System\oGMUcuR.exe
  C:\Windows\System\oGMUcuR.exe
  2⤵
  PID:4920
- C:\Windows\System\quUDLqW.exe
  C:\Windows\System\quUDLqW.exe
  2⤵
  PID:4936
- C:\Windows\System\VmwbITe.exe
  C:\Windows\System\VmwbITe.exe
  2⤵
  PID:4976
- C:\Windows\System\xNYojrf.exe
  C:\Windows\System\xNYojrf.exe
  2⤵
  PID:5004
- C:\Windows\System\vpVuCdr.exe
  C:\Windows\System\vpVuCdr.exe
  2⤵
  PID:5024
- C:\Windows\System\OXbnDhM.exe
  C:\Windows\System\OXbnDhM.exe
  2⤵
  PID:5044
- C:\Windows\System\NXnGpBR.exe
  C:\Windows\System\NXnGpBR.exe
  2⤵
  PID:5060
- C:\Windows\System\ZiRkTCN.exe
  C:\Windows\System\ZiRkTCN.exe
  2⤵
  PID:5084
- C:\Windows\System\PkoLOGG.exe
  C:\Windows\System\PkoLOGG.exe
  2⤵
  PID:5104
- C:\Windows\System\LXWDlmk.exe
  C:\Windows\System\LXWDlmk.exe
  2⤵
  PID:1584
- C:\Windows\System\exYJrhd.exe
  C:\Windows\System\exYJrhd.exe
  2⤵
  PID:3608
- C:\Windows\System\HrspUzb.exe
  C:\Windows\System\HrspUzb.exe
  2⤵
  PID:3948
- C:\Windows\System\pOUuyoR.exe
  C:\Windows\System\pOUuyoR.exe
  2⤵
  PID:2784
- C:\Windows\System\YxcNDNl.exe
  C:\Windows\System\YxcNDNl.exe
  2⤵
  PID:2944
- C:\Windows\System\AeofFFe.exe
  C:\Windows\System\AeofFFe.exe
  2⤵
  PID:3140
- C:\Windows\System\wcvLCzF.exe
  C:\Windows\System\wcvLCzF.exe
  2⤵
  PID:3468
- C:\Windows\System\gZMQfgU.exe
  C:\Windows\System\gZMQfgU.exe
  2⤵
  PID:4120
- C:\Windows\System\xJadMqM.exe
  C:\Windows\System\xJadMqM.exe
  2⤵
  PID:4200
- C:\Windows\System\WAEMhae.exe
  C:\Windows\System\WAEMhae.exe
  2⤵
  PID:4272
- C:\Windows\System\yttZJEb.exe
  C:\Windows\System\yttZJEb.exe
  2⤵
  PID:4360
- C:\Windows\System\OxlDAlB.exe
  C:\Windows\System\OxlDAlB.exe
  2⤵
  PID:4396
- C:\Windows\System\CCiZjJd.exe
  C:\Windows\System\CCiZjJd.exe
  2⤵
  PID:1052
- C:\Windows\System\ghqvnfk.exe
  C:\Windows\System\ghqvnfk.exe
  2⤵
  PID:2584
- C:\Windows\System\aCHcLqy.exe
  C:\Windows\System\aCHcLqy.exe
  2⤵
  PID:692
- C:\Windows\System\dbvikNL.exe
  C:\Windows\System\dbvikNL.exe
  2⤵
  PID:4584
- C:\Windows\System\KFywcNM.exe
  C:\Windows\System\KFywcNM.exe
  2⤵
  PID:4620
- C:\Windows\System\zxOQSag.exe
  C:\Windows\System\zxOQSag.exe
  2⤵
  PID:4660
- C:\Windows\System\MeyHVGJ.exe
  C:\Windows\System\MeyHVGJ.exe
  2⤵
  PID:4708
- C:\Windows\System\CYvhbCn.exe
  C:\Windows\System\CYvhbCn.exe
  2⤵
  PID:3776
- C:\Windows\System\gBEvziX.exe
  C:\Windows\System\gBEvziX.exe
  2⤵
  PID:4144
- C:\Windows\System\BtRrhNS.exe
  C:\Windows\System\BtRrhNS.exe
  2⤵
  PID:4216
- C:\Windows\System\jPbGhrE.exe
  C:\Windows\System\jPbGhrE.exe
  2⤵
  PID:3064
- C:\Windows\System\OXEeDhQ.exe
  C:\Windows\System\OXEeDhQ.exe
  2⤵
  PID:4260
- C:\Windows\System\wzGtyJB.exe
  C:\Windows\System\wzGtyJB.exe
  2⤵
  PID:4336
- C:\Windows\System\qjvNNVW.exe
  C:\Windows\System\qjvNNVW.exe
  2⤵
  PID:4412
- C:\Windows\System\fnDjZct.exe
  C:\Windows\System\fnDjZct.exe
  2⤵
  PID:4452
- C:\Windows\System\fpvkSLK.exe
  C:\Windows\System\fpvkSLK.exe
  2⤵
  PID:4520
- C:\Windows\System\nXUtoLC.exe
  C:\Windows\System\nXUtoLC.exe
  2⤵
  PID:4872
- C:\Windows\System\cWMygsC.exe
  C:\Windows\System\cWMygsC.exe
  2⤵
  PID:4556
- C:\Windows\System\VLoCbFp.exe
  C:\Windows\System\VLoCbFp.exe
  2⤵
  PID:4600
- C:\Windows\System\QTVhqxL.exe
  C:\Windows\System\QTVhqxL.exe
  2⤵
  PID:4804
- C:\Windows\System\OVZtbEw.exe
  C:\Windows\System\OVZtbEw.exe
  2⤵
  PID:4944
- C:\Windows\System\CDllCJP.exe
  C:\Windows\System\CDllCJP.exe
  2⤵
  PID:4928
- C:\Windows\System\vzkpKFA.exe
  C:\Windows\System\vzkpKFA.exe
  2⤵
  PID:4800
- C:\Windows\System\wWSSiPU.exe
  C:\Windows\System\wWSSiPU.exe
  2⤵
  PID:4688
- C:\Windows\System\FXVdyDR.exe
  C:\Windows\System\FXVdyDR.exe
  2⤵
  PID:4972
- C:\Windows\System\ksLMPiw.exe
  C:\Windows\System\ksLMPiw.exe
  2⤵
  PID:5020
- C:\Windows\System\SPyWbAC.exe
  C:\Windows\System\SPyWbAC.exe
  2⤵
  PID:4996
- C:\Windows\System\HRgEZEc.exe
  C:\Windows\System\HRgEZEc.exe
  2⤵
  PID:5040
- C:\Windows\System\hOxaWvX.exe
  C:\Windows\System\hOxaWvX.exe
  2⤵
  PID:5068
- C:\Windows\System\ZcRKHZu.exe
  C:\Windows\System\ZcRKHZu.exe
  2⤵
  PID:3420
- C:\Windows\System\XuXNFvN.exe
  C:\Windows\System\XuXNFvN.exe
  2⤵
  PID:3268
- C:\Windows\System\nPbfauA.exe
  C:\Windows\System\nPbfauA.exe
  2⤵
  PID:4160
- C:\Windows\System\gxwPzNh.exe
  C:\Windows\System\gxwPzNh.exe
  2⤵
  PID:4312
- C:\Windows\System\IyLfeBC.exe
  C:\Windows\System\IyLfeBC.exe
  2⤵
  PID:3548
- C:\Windows\System\tYzcqdJ.exe
  C:\Windows\System\tYzcqdJ.exe
  2⤵
  PID:3836
- C:\Windows\System\LXUMQcx.exe
  C:\Windows\System\LXUMQcx.exe
  2⤵
  PID:4704
- C:\Windows\System\vHLFTPe.exe
  C:\Windows\System\vHLFTPe.exe
  2⤵
  PID:2424
- C:\Windows\System\oPSdatP.exe
  C:\Windows\System\oPSdatP.exe
  2⤵
  PID:2028
- C:\Windows\System\udHVseM.exe
  C:\Windows\System\udHVseM.exe
  2⤵
  PID:864
- C:\Windows\System\CXKXTtd.exe
  C:\Windows\System\CXKXTtd.exe
  2⤵
  PID:4784
- C:\Windows\System\HrgrMJG.exe
  C:\Windows\System\HrgrMJG.exe
  2⤵
  PID:4324
- C:\Windows\System\MQFstNL.exe
  C:\Windows\System\MQFstNL.exe
  2⤵
  PID:4444
- C:\Windows\System\NlEhbDE.exe
  C:\Windows\System\NlEhbDE.exe
  2⤵
  PID:3056
- C:\Windows\System\JWhwxnt.exe
  C:\Windows\System\JWhwxnt.exe
  2⤵
  PID:4608
- C:\Windows\System\mBWqJGu.exe
  C:\Windows\System\mBWqJGu.exe
  2⤵
  PID:4952
- C:\Windows\System\uxGGjFV.exe
  C:\Windows\System\uxGGjFV.exe
  2⤵
  PID:4844
- C:\Windows\System\rVIOter.exe
  C:\Windows\System\rVIOter.exe
  2⤵
  PID:4840
- C:\Windows\System\PeRriFX.exe
  C:\Windows\System\PeRriFX.exe
  2⤵
  PID:4968
- C:\Windows\System\tRyCLcw.exe
  C:\Windows\System\tRyCLcw.exe
  2⤵
  PID:5092
- C:\Windows\System\UibJHJg.exe
  C:\Windows\System\UibJHJg.exe
  2⤵
  PID:2616
- C:\Windows\System\cnaVCUj.exe
  C:\Windows\System\cnaVCUj.exe
  2⤵
  PID:5072
- C:\Windows\System\NZDkXRw.exe
  C:\Windows\System\NZDkXRw.exe
  2⤵
  PID:2976
- C:\Windows\System\Abncnks.exe
  C:\Windows\System\Abncnks.exe
  2⤵
  PID:2108
- C:\Windows\System\rAxzwdw.exe
  C:\Windows\System\rAxzwdw.exe
  2⤵
  PID:3052
- C:\Windows\System\evPyHQS.exe
  C:\Windows\System\evPyHQS.exe
  2⤵
  PID:2740
- C:\Windows\System\yoYTLLa.exe
  C:\Windows\System\yoYTLLa.exe
  2⤵
  PID:1432
- C:\Windows\System\RWnebif.exe
  C:\Windows\System\RWnebif.exe
  2⤵
  PID:2812
- C:\Windows\System\xvgYMlC.exe
  C:\Windows\System\xvgYMlC.exe
  2⤵
  PID:2760
- C:\Windows\System\tZZjBLJ.exe
  C:\Windows\System\tZZjBLJ.exe
  2⤵
  PID:1988
- C:\Windows\System\pCGFCdL.exe
  C:\Windows\System\pCGFCdL.exe
  2⤵
  PID:3012
- C:\Windows\System\QZavNPt.exe
  C:\Windows\System\QZavNPt.exe
  2⤵
  PID:1440
- C:\Windows\System\xTuQXoT.exe
  C:\Windows\System\xTuQXoT.exe
  2⤵
  PID:1580
- C:\Windows\System\QSYEkEX.exe
  C:\Windows\System\QSYEkEX.exe
  2⤵
  PID:4540
- C:\Windows\System\MISGZWQ.exe
  C:\Windows\System\MISGZWQ.exe
  2⤵
  PID:2924
- C:\Windows\System\kJZKHNA.exe
  C:\Windows\System\kJZKHNA.exe
  2⤵
  PID:2256
- C:\Windows\System\HCtAXYs.exe
  C:\Windows\System\HCtAXYs.exe
  2⤵
  PID:2132
- C:\Windows\System\aIoflBi.exe
  C:\Windows\System\aIoflBi.exe
  2⤵
  PID:804
- C:\Windows\System\OkMtbBq.exe
  C:\Windows\System\OkMtbBq.exe
  2⤵
  PID:1992
- C:\Windows\System\atPeooj.exe
  C:\Windows\System\atPeooj.exe
  2⤵
  PID:2124
- C:\Windows\System\QfCWHex.exe
  C:\Windows\System\QfCWHex.exe
  2⤵
  PID:3440
- C:\Windows\System\JGobvNe.exe
  C:\Windows\System\JGobvNe.exe
  2⤵
  PID:3288
- C:\Windows\System\yBNdyoA.exe
  C:\Windows\System\yBNdyoA.exe
  2⤵
  PID:588
- C:\Windows\System\WfHSELH.exe
  C:\Windows\System\WfHSELH.exe
  2⤵
  PID:4736
- C:\Windows\System\ZiGlyRd.exe
  C:\Windows\System\ZiGlyRd.exe
  2⤵
  PID:4672
- C:\Windows\System\OJeByJH.exe
  C:\Windows\System\OJeByJH.exe
  2⤵
  PID:4100
- C:\Windows\System\LQWjhcJ.exe
  C:\Windows\System\LQWjhcJ.exe
  2⤵
  PID:2176
- C:\Windows\System\BlKeril.exe
  C:\Windows\System\BlKeril.exe
  2⤵
  PID:4448
- C:\Windows\System\HsOVBCb.exe
  C:\Windows\System\HsOVBCb.exe
  2⤵
  PID:4820
- C:\Windows\System\TeWtpUU.exe
  C:\Windows\System\TeWtpUU.exe
  2⤵
  PID:4596
- C:\Windows\System\JrjEaoL.exe
  C:\Windows\System\JrjEaoL.exe
  2⤵
  PID:5016
- C:\Windows\System\BmaXUvH.exe
  C:\Windows\System\BmaXUvH.exe
  2⤵
  PID:4956
- C:\Windows\System\xFSbVwc.exe
  C:\Windows\System\xFSbVwc.exe
  2⤵
  PID:5100
- C:\Windows\System\sCnhHXa.exe
  C:\Windows\System\sCnhHXa.exe
  2⤵
  PID:3376
- C:\Windows\System\MKiApUh.exe
  C:\Windows\System\MKiApUh.exe
  2⤵
  PID:2088
- C:\Windows\System\WqqdKuJ.exe
  C:\Windows\System\WqqdKuJ.exe
  2⤵
  PID:2068
- C:\Windows\System\NeBGLKj.exe
  C:\Windows\System\NeBGLKj.exe
  2⤵
  PID:2388
- C:\Windows\System\aDkKBYR.exe
  C:\Windows\System\aDkKBYR.exe
  2⤵
  PID:2628
- C:\Windows\System\tjfrgNz.exe
  C:\Windows\System\tjfrgNz.exe
  2⤵
  PID:2216
- C:\Windows\System\ujGHxXd.exe
  C:\Windows\System\ujGHxXd.exe
  2⤵
  PID:3840
- C:\Windows\System\tTLynkJ.exe
  C:\Windows\System\tTLynkJ.exe
  2⤵
  PID:4156
- C:\Windows\System\FQvqema.exe
  C:\Windows\System\FQvqema.exe
  2⤵
  PID:1960
- C:\Windows\System\vfzRwEo.exe
  C:\Windows\System\vfzRwEo.exe
  2⤵
  PID:960
- C:\Windows\System\mxgVtwT.exe
  C:\Windows\System\mxgVtwT.exe
  2⤵
  PID:1200
- C:\Windows\System\oxsLHCJ.exe
  C:\Windows\System\oxsLHCJ.exe
  2⤵
  PID:4664
- C:\Windows\System\WSPaPzY.exe
  C:\Windows\System\WSPaPzY.exe
  2⤵
  PID:968
- C:\Windows\System\QivNalQ.exe
  C:\Windows\System\QivNalQ.exe
  2⤵
  PID:4488
- C:\Windows\System\IlWbzPY.exe
  C:\Windows\System\IlWbzPY.exe
  2⤵
  PID:2220
- C:\Windows\System\hxAylrV.exe
  C:\Windows\System\hxAylrV.exe
  2⤵
  PID:4740
- C:\Windows\System\GQlgyDr.exe
  C:\Windows\System\GQlgyDr.exe
  2⤵
  PID:4796
- C:\Windows\System\qDfxFID.exe
  C:\Windows\System\qDfxFID.exe
  2⤵
  PID:4692
- C:\Windows\System\mQEeIQv.exe
  C:\Windows\System\mQEeIQv.exe
  2⤵
  PID:3184
- C:\Windows\System\LWcqqOP.exe
  C:\Windows\System\LWcqqOP.exe
  2⤵
  PID:1868
- C:\Windows\System\ezOJyrK.exe
  C:\Windows\System\ezOJyrK.exe
  2⤵
  PID:2868
- C:\Windows\System\niZUDOI.exe
  C:\Windows\System\niZUDOI.exe
  2⤵
  PID:5080
- C:\Windows\System\FzEiSyM.exe
  C:\Windows\System\FzEiSyM.exe
  2⤵
  PID:1800
- C:\Windows\System\EmzuWMz.exe
  C:\Windows\System\EmzuWMz.exe
  2⤵
  PID:2596
- C:\Windows\System\qPNTCOX.exe
  C:\Windows\System\qPNTCOX.exe
  2⤵
  PID:2440
- C:\Windows\System\alXpUxf.exe
  C:\Windows\System\alXpUxf.exe
  2⤵
  PID:1732
- C:\Windows\System\VvpVwvV.exe
  C:\Windows\System\VvpVwvV.exe
  2⤵
  PID:1216
- C:\Windows\System\YxGCRVE.exe
  C:\Windows\System\YxGCRVE.exe
  2⤵
  PID:4376
- C:\Windows\System\VshKPeM.exe
  C:\Windows\System\VshKPeM.exe
  2⤵
  PID:1084
- C:\Windows\System\lknGioo.exe
  C:\Windows\System\lknGioo.exe
  2⤵
  PID:4932
- C:\Windows\System\YUvLylN.exe
  C:\Windows\System\YUvLylN.exe
  2⤵
  PID:3028
- C:\Windows\System\bBwgatu.exe
  C:\Windows\System\bBwgatu.exe
  2⤵
  PID:2780
- C:\Windows\System\hlSdwBN.exe
  C:\Windows\System\hlSdwBN.exe
  2⤵
  PID:2184
- C:\Windows\System\lLORdsF.exe
  C:\Windows\System\lLORdsF.exe
  2⤵
  PID:3856
- C:\Windows\System\oOnEjcW.exe
  C:\Windows\System\oOnEjcW.exe
  2⤵
  PID:2328
- C:\Windows\System\cQJnZkn.exe
  C:\Windows\System\cQJnZkn.exe
  2⤵
  PID:916
- C:\Windows\System\lIaLCRQ.exe
  C:\Windows\System\lIaLCRQ.exe
  2⤵
  PID:568
- C:\Windows\System\sjLurFM.exe
  C:\Windows\System\sjLurFM.exe
  2⤵
  PID:4852
- C:\Windows\System\GRAhvdZ.exe
  C:\Windows\System\GRAhvdZ.exe
  2⤵
  PID:1080
- C:\Windows\System\ibAhYNY.exe
  C:\Windows\System\ibAhYNY.exe
  2⤵
  PID:5128
- C:\Windows\System\vWppgCd.exe
  C:\Windows\System\vWppgCd.exe
  2⤵
  PID:5148
- C:\Windows\System\cFhLlDR.exe
  C:\Windows\System\cFhLlDR.exe
  2⤵
  PID:5184
- C:\Windows\System\DMbQSBw.exe
  C:\Windows\System\DMbQSBw.exe
  2⤵
  PID:5200
- C:\Windows\System\APpWRZE.exe
  C:\Windows\System\APpWRZE.exe
  2⤵
  PID:5224
- C:\Windows\System\hFuGBde.exe
  C:\Windows\System\hFuGBde.exe
  2⤵
  PID:5240
- C:\Windows\System\YqdrmyX.exe
  C:\Windows\System\YqdrmyX.exe
  2⤵
  PID:5264
- C:\Windows\System\SZHJbdD.exe
  C:\Windows\System\SZHJbdD.exe
  2⤵
  PID:5280
- C:\Windows\System\tYEtMKK.exe
  C:\Windows\System\tYEtMKK.exe
  2⤵
  PID:5296
- C:\Windows\System\EZzczOH.exe
  C:\Windows\System\EZzczOH.exe
  2⤵
  PID:5312
- C:\Windows\System\rUBADeD.exe
  C:\Windows\System\rUBADeD.exe
  2⤵
  PID:5344
- C:\Windows\System\JPpvIMx.exe
  C:\Windows\System\JPpvIMx.exe
  2⤵
  PID:5360
- C:\Windows\System\OKoqnol.exe
  C:\Windows\System\OKoqnol.exe
  2⤵
  PID:5380
- C:\Windows\System\xWHupEh.exe
  C:\Windows\System\xWHupEh.exe
  2⤵
  PID:5396
- C:\Windows\System\kOsvjwu.exe
  C:\Windows\System\kOsvjwu.exe
  2⤵
  PID:5420
- C:\Windows\System\dSrqrMX.exe
  C:\Windows\System\dSrqrMX.exe
  2⤵
  PID:5436
- C:\Windows\System\tBrTzqP.exe
  C:\Windows\System\tBrTzqP.exe
  2⤵
  PID:5452
- C:\Windows\System\WXWVZxq.exe
  C:\Windows\System\WXWVZxq.exe
  2⤵
  PID:5468
- C:\Windows\System\LtIHgsc.exe
  C:\Windows\System\LtIHgsc.exe
  2⤵
  PID:5492
- C:\Windows\System\JHvztfS.exe
  C:\Windows\System\JHvztfS.exe
  2⤵
  PID:5508
- C:\Windows\System\amfiVVN.exe
  C:\Windows\System\amfiVVN.exe
  2⤵
  PID:5532
- C:\Windows\System\pAFImow.exe
  C:\Windows\System\pAFImow.exe
  2⤵
  PID:5564
- C:\Windows\System\RpIZqsH.exe
  C:\Windows\System\RpIZqsH.exe
  2⤵
  PID:5584
- C:\Windows\System\bVZiiSH.exe
  C:\Windows\System\bVZiiSH.exe
  2⤵
  PID:5604
- C:\Windows\System\ROlgilZ.exe
  C:\Windows\System\ROlgilZ.exe
  2⤵
  PID:5624
- C:\Windows\System\xqYlTjy.exe
  C:\Windows\System\xqYlTjy.exe
  2⤵
  PID:5644
- C:\Windows\System\ukXKSYs.exe
  C:\Windows\System\ukXKSYs.exe
  2⤵
  PID:5664
- C:\Windows\System\iWPVqjo.exe
  C:\Windows\System\iWPVqjo.exe
  2⤵
  PID:5684
- C:\Windows\System\VTAYfaK.exe
  C:\Windows\System\VTAYfaK.exe
  2⤵
  PID:5708
- C:\Windows\System\ginilfD.exe
  C:\Windows\System\ginilfD.exe
  2⤵
  PID:5724
- C:\Windows\System\cMLnurn.exe
  C:\Windows\System\cMLnurn.exe
  2⤵
  PID:5740
- C:\Windows\System\cYAfOKx.exe
  C:\Windows\System\cYAfOKx.exe
  2⤵
  PID:5776
- C:\Windows\System\CUTuIDv.exe
  C:\Windows\System\CUTuIDv.exe
  2⤵
  PID:5800
- C:\Windows\System\RRrCVOK.exe
  C:\Windows\System\RRrCVOK.exe
  2⤵
  PID:5816
- C:\Windows\System\mDWmBAf.exe
  C:\Windows\System\mDWmBAf.exe
  2⤵
  PID:5832
- C:\Windows\System\WLKMFSF.exe
  C:\Windows\System\WLKMFSF.exe
  2⤵
  PID:5848
- C:\Windows\System\ULFiyGM.exe
  C:\Windows\System\ULFiyGM.exe
  2⤵
  PID:5876
- C:\Windows\System\ptoWasd.exe
  C:\Windows\System\ptoWasd.exe
  2⤵
  PID:5896
- C:\Windows\System\KBJtOeX.exe
  C:\Windows\System\KBJtOeX.exe
  2⤵
  PID:5912
- C:\Windows\System\tBOYPfo.exe
  C:\Windows\System\tBOYPfo.exe
  2⤵
  PID:5928
- C:\Windows\System\hvtxsla.exe
  C:\Windows\System\hvtxsla.exe
  2⤵
  PID:5944
- C:\Windows\System\AwqapLJ.exe
  C:\Windows\System\AwqapLJ.exe
  2⤵
  PID:5988
- C:\Windows\System\lmWZopj.exe
  C:\Windows\System\lmWZopj.exe
  2⤵
  PID:6008
- C:\Windows\System\VgOrxqJ.exe
  C:\Windows\System\VgOrxqJ.exe
  2⤵
  PID:6024
- C:\Windows\System\cBhVFxD.exe
  C:\Windows\System\cBhVFxD.exe
  2⤵
  PID:6044
- C:\Windows\System\ZIMEZcX.exe
  C:\Windows\System\ZIMEZcX.exe
  2⤵
  PID:6064
- C:\Windows\System\BlKTuWQ.exe
  C:\Windows\System\BlKTuWQ.exe
  2⤵
  PID:6080
- C:\Windows\System\kANbbJf.exe
  C:\Windows\System\kANbbJf.exe
  2⤵
  PID:6096
- C:\Windows\System\fbgYtLx.exe
  C:\Windows\System\fbgYtLx.exe
  2⤵
  PID:6116
- C:\Windows\System\IGFCxkO.exe
  C:\Windows\System\IGFCxkO.exe
  2⤵
  PID:6132
- C:\Windows\System\qrlVQPL.exe
  C:\Windows\System\qrlVQPL.exe
  2⤵
  PID:4888
- C:\Windows\System\vMzwEMG.exe
  C:\Windows\System\vMzwEMG.exe
  2⤵
  PID:5156
- C:\Windows\System\HpRdGwE.exe
  C:\Windows\System\HpRdGwE.exe
  2⤵
  PID:5180
- C:\Windows\System\pRpXWGQ.exe
  C:\Windows\System\pRpXWGQ.exe
  2⤵
  PID:2396
- C:\Windows\System\DyYOpBE.exe
  C:\Windows\System\DyYOpBE.exe
  2⤵
  PID:4916
- C:\Windows\System\SfpBYtd.exe
  C:\Windows\System\SfpBYtd.exe
  2⤵
  PID:5208
- C:\Windows\System\cJFeWvJ.exe
  C:\Windows\System\cJFeWvJ.exe
  2⤵
  PID:5220
- C:\Windows\System\mroCFcw.exe
  C:\Windows\System\mroCFcw.exe
  2⤵
  PID:5340
- C:\Windows\System\NxJNwRv.exe
  C:\Windows\System\NxJNwRv.exe
  2⤵
  PID:5372
- C:\Windows\System\bHAwcIG.exe
  C:\Windows\System\bHAwcIG.exe
  2⤵
  PID:5416
- C:\Windows\System\bVygdFz.exe
  C:\Windows\System\bVygdFz.exe
  2⤵
  PID:5196
- C:\Windows\System\PZKjqGQ.exe
  C:\Windows\System\PZKjqGQ.exe
  2⤵
  PID:5488
- C:\Windows\System\vDTGauh.exe
  C:\Windows\System\vDTGauh.exe
  2⤵
  PID:5528
- C:\Windows\System\IQsSyAs.exe
  C:\Windows\System\IQsSyAs.exe
  2⤵
  PID:5388
- C:\Windows\System\FtUOmec.exe
  C:\Windows\System\FtUOmec.exe
  2⤵
  PID:5552
- C:\Windows\System\NhYBRzR.exe
  C:\Windows\System\NhYBRzR.exe
  2⤵
  PID:5464
- C:\Windows\System\jqcbSiZ.exe
  C:\Windows\System\jqcbSiZ.exe
  2⤵
  PID:5544
- C:\Windows\System\cJbwlQl.exe
  C:\Windows\System\cJbwlQl.exe
  2⤵
  PID:5576
- C:\Windows\System\wDLOqIF.exe
  C:\Windows\System\wDLOqIF.exe
  2⤵
  PID:5656
- C:\Windows\System\inZxLuO.exe
  C:\Windows\System\inZxLuO.exe
  2⤵
  PID:5632
- C:\Windows\System\AmSKtdi.exe
  C:\Windows\System\AmSKtdi.exe
  2⤵
  PID:5636
- C:\Windows\System\JtOpOCX.exe
  C:\Windows\System\JtOpOCX.exe
  2⤵
  PID:5716
- C:\Windows\System\HSPpyoe.exe
  C:\Windows\System\HSPpyoe.exe
  2⤵
  PID:5720
- C:\Windows\System\CwlmoWH.exe
  C:\Windows\System\CwlmoWH.exe
  2⤵
  PID:5768
- C:\Windows\System\raKOIPG.exe
  C:\Windows\System\raKOIPG.exe
  2⤵
  PID:5784
- C:\Windows\System\OgrwfsE.exe
  C:\Windows\System\OgrwfsE.exe
  2⤵
  PID:5828
- C:\Windows\System\dywUGFK.exe
  C:\Windows\System\dywUGFK.exe
  2⤵
  PID:5868
- C:\Windows\System\DchxNYP.exe
  C:\Windows\System\DchxNYP.exe
  2⤵
  PID:5840
- C:\Windows\System\WUCnIMf.exe
  C:\Windows\System\WUCnIMf.exe
  2⤵
  PID:5892
- C:\Windows\System\AxSAOKr.exe
  C:\Windows\System\AxSAOKr.exe
  2⤵
  PID:5960
- C:\Windows\System\rggtSnO.exe
  C:\Windows\System\rggtSnO.exe
  2⤵
  PID:5940
- C:\Windows\System\jGVzztW.exe
  C:\Windows\System\jGVzztW.exe
  2⤵
  PID:6056
- C:\Windows\System\DUqnghh.exe
  C:\Windows\System\DUqnghh.exe
  2⤵
  PID:6124
- C:\Windows\System\VHfEUkm.exe
  C:\Windows\System\VHfEUkm.exe
  2⤵
  PID:920
- C:\Windows\System\KFDhbne.exe
  C:\Windows\System\KFDhbne.exe
  2⤵
  PID:4484
- C:\Windows\System\TNLCsUP.exe
  C:\Windows\System\TNLCsUP.exe
  2⤵
  PID:5168
- C:\Windows\System\iXTYYmX.exe
  C:\Windows\System\iXTYYmX.exe
  2⤵
  PID:5012
- C:\Windows\System\TULfEff.exe
  C:\Windows\System\TULfEff.exe
  2⤵
  PID:5216
- C:\Windows\System\YqQMVLT.exe
  C:\Windows\System\YqQMVLT.exe
  2⤵
  PID:5368
- C:\Windows\System\vrCnlZi.exe
  C:\Windows\System\vrCnlZi.exe
  2⤵
  PID:5144
- C:\Windows\System\AFgwYFy.exe
  C:\Windows\System\AFgwYFy.exe
  2⤵
  PID:5448
- C:\Windows\System\ABEFXqV.exe
  C:\Windows\System\ABEFXqV.exe
  2⤵
  PID:5292
- C:\Windows\System\fkYMblK.exe
  C:\Windows\System\fkYMblK.exe
  2⤵
  PID:5516
- C:\Windows\System\ikDqSnE.exe
  C:\Windows\System\ikDqSnE.exe
  2⤵
  PID:5572
- C:\Windows\System\AKUAybC.exe
  C:\Windows\System\AKUAybC.exe
  2⤵
  PID:5596
- C:\Windows\System\HZEUOvt.exe
  C:\Windows\System\HZEUOvt.exe
  2⤵
  PID:5756
- C:\Windows\System\xnoreXM.exe
  C:\Windows\System\xnoreXM.exe
  2⤵
  PID:5704
- C:\Windows\System\TwYZeJG.exe
  C:\Windows\System\TwYZeJG.exe
  2⤵
  PID:5924
- C:\Windows\System\YSRTGFf.exe
  C:\Windows\System\YSRTGFf.exe
  2⤵
  PID:5504
- C:\Windows\System\qvdCSRd.exe
  C:\Windows\System\qvdCSRd.exe
  2⤵
  PID:5672
- C:\Windows\System\ZKUWYtX.exe
  C:\Windows\System\ZKUWYtX.exe
  2⤵
  PID:5864
- C:\Windows\System\TKNuaOM.exe
  C:\Windows\System\TKNuaOM.exe
  2⤵
  PID:5952
- C:\Windows\System\RNdnmOi.exe
  C:\Windows\System\RNdnmOi.exe
  2⤵
  PID:6088
- C:\Windows\System\HWNIpur.exe
  C:\Windows\System\HWNIpur.exe
  2⤵
  PID:6104
- C:\Windows\System\AwKrVwR.exe
  C:\Windows\System\AwKrVwR.exe
  2⤵
  PID:5260
- C:\Windows\System\DdMZTrU.exe
  C:\Windows\System\DdMZTrU.exe
  2⤵
  PID:6004
- C:\Windows\System\iDSJwzm.exe
  C:\Windows\System\iDSJwzm.exe
  2⤵
  PID:6140
- C:\Windows\System\mWgswVK.exe
  C:\Windows\System\mWgswVK.exe
  2⤵
  PID:5404
- C:\Windows\System\mxoGAoo.exe
  C:\Windows\System\mxoGAoo.exe
  2⤵
  PID:6128
- C:\Windows\System\cjzvdeV.exe
  C:\Windows\System\cjzvdeV.exe
  2⤵
  PID:5520
- C:\Windows\System\AxxTdhQ.exe
  C:\Windows\System\AxxTdhQ.exe
  2⤵
  PID:5696
- C:\Windows\System\dBhKfXd.exe
  C:\Windows\System\dBhKfXd.exe
  2⤵
  PID:5252
- C:\Windows\System\VjxmoXW.exe
  C:\Windows\System\VjxmoXW.exe
  2⤵
  PID:5908
- C:\Windows\System\AhfTLQp.exe
  C:\Windows\System\AhfTLQp.exe
  2⤵
  PID:6092
- C:\Windows\System\FEDEEOB.exe
  C:\Windows\System\FEDEEOB.exe
  2⤵
  PID:6032
- C:\Windows\System\UHGGKOk.exe
  C:\Windows\System\UHGGKOk.exe
  2⤵
  PID:5428
- C:\Windows\System\XSdZihL.exe
  C:\Windows\System\XSdZihL.exe
  2⤵
  PID:5548
- C:\Windows\System\IlCLnzm.exe
  C:\Windows\System\IlCLnzm.exe
  2⤵
  PID:5332
- C:\Windows\System\TxyAnQY.exe
  C:\Windows\System\TxyAnQY.exe
  2⤵
  PID:5760
- C:\Windows\System\cbWBOEu.exe
  C:\Windows\System\cbWBOEu.exe
  2⤵
  PID:2180
- C:\Windows\System\FhmwThT.exe
  C:\Windows\System\FhmwThT.exe
  2⤵
  PID:5792
- C:\Windows\System\hikNVmO.exe
  C:\Windows\System\hikNVmO.exe
  2⤵
  PID:6040
- C:\Windows\System\VVYMQWE.exe
  C:\Windows\System\VVYMQWE.exe
  2⤵
  PID:5256
- C:\Windows\System\VDFwmxZ.exe
  C:\Windows\System\VDFwmxZ.exe
  2⤵
  PID:1096
- C:\Windows\System\nuKTBxy.exe
  C:\Windows\System\nuKTBxy.exe
  2⤵
  PID:5652
- C:\Windows\System\EYNuHMu.exe
  C:\Windows\System\EYNuHMu.exe
  2⤵
  PID:5476
- C:\Windows\System\bbCEYZD.exe
  C:\Windows\System\bbCEYZD.exe
  2⤵
  PID:5172
- C:\Windows\System\AQVssYe.exe
  C:\Windows\System\AQVssYe.exe
  2⤵
  PID:5592
- C:\Windows\System\AeZKgMu.exe
  C:\Windows\System\AeZKgMu.exe
  2⤵
  PID:5212
- C:\Windows\System\tLoiiHl.exe
  C:\Windows\System\tLoiiHl.exe
  2⤵
  PID:5888
- C:\Windows\System\xmXsRFS.exe
  C:\Windows\System\xmXsRFS.exe
  2⤵
  PID:5680
- C:\Windows\System\Bloohfp.exe
  C:\Windows\System\Bloohfp.exe
  2⤵
  PID:2144
- C:\Windows\System\dMbTRmH.exe
  C:\Windows\System\dMbTRmH.exe
  2⤵
  PID:6148
- C:\Windows\System\RbkCFws.exe
  C:\Windows\System\RbkCFws.exe
  2⤵
  PID:6164
- C:\Windows\System\SKRiEqu.exe
  C:\Windows\System\SKRiEqu.exe
  2⤵
  PID:6180
- C:\Windows\System\qGfTYfu.exe
  C:\Windows\System\qGfTYfu.exe
  2⤵
  PID:6196
- C:\Windows\System\DayFibo.exe
  C:\Windows\System\DayFibo.exe
  2⤵
  PID:6212
- C:\Windows\System\aLsXodc.exe
  C:\Windows\System\aLsXodc.exe
  2⤵
  PID:6228
- C:\Windows\System\yCELbJT.exe
  C:\Windows\System\yCELbJT.exe
  2⤵
  PID:6244
- C:\Windows\System\bLJYKJu.exe
  C:\Windows\System\bLJYKJu.exe
  2⤵
  PID:6260
- C:\Windows\System\pjqbjdW.exe
  C:\Windows\System\pjqbjdW.exe
  2⤵
  PID:6280
- C:\Windows\System\NAAMOMa.exe
  C:\Windows\System\NAAMOMa.exe
  2⤵
  PID:6296
- C:\Windows\System\iGmIoSd.exe
  C:\Windows\System\iGmIoSd.exe
  2⤵
  PID:6312
- C:\Windows\System\JdXwfsM.exe
  C:\Windows\System\JdXwfsM.exe
  2⤵
  PID:6328
- C:\Windows\System\NIeqCdk.exe
  C:\Windows\System\NIeqCdk.exe
  2⤵
  PID:6344
- C:\Windows\System\BeavBWx.exe
  C:\Windows\System\BeavBWx.exe
  2⤵
  PID:6360
- C:\Windows\System\paESRfg.exe
  C:\Windows\System\paESRfg.exe
  2⤵
  PID:6376
- C:\Windows\System\cdwckOg.exe
  C:\Windows\System\cdwckOg.exe
  2⤵
  PID:6392
- C:\Windows\System\SoUOhsr.exe
  C:\Windows\System\SoUOhsr.exe
  2⤵
  PID:6408
- C:\Windows\System\wQCQbNo.exe
  C:\Windows\System\wQCQbNo.exe
  2⤵
  PID:6424
- C:\Windows\System\kPphpvM.exe
  C:\Windows\System\kPphpvM.exe
  2⤵
  PID:6440
- C:\Windows\System\IAbWNTU.exe
  C:\Windows\System\IAbWNTU.exe
  2⤵
  PID:6456
- C:\Windows\System\iZUwZtc.exe
  C:\Windows\System\iZUwZtc.exe
  2⤵
  PID:6472
- C:\Windows\System\KILDbHT.exe
  C:\Windows\System\KILDbHT.exe
  2⤵
  PID:6488
- C:\Windows\System\MkuOqOW.exe
  C:\Windows\System\MkuOqOW.exe
  2⤵
  PID:6504
- C:\Windows\System\SqlAytt.exe
  C:\Windows\System\SqlAytt.exe
  2⤵
  PID:6520
- C:\Windows\System\Fhzaaqh.exe
  C:\Windows\System\Fhzaaqh.exe
  2⤵
  PID:6536
- C:\Windows\System\PAyxofP.exe
  C:\Windows\System\PAyxofP.exe
  2⤵
  PID:6552
- C:\Windows\System\VRMOilW.exe
  C:\Windows\System\VRMOilW.exe
  2⤵
  PID:6568
- C:\Windows\System\jrTDyTa.exe
  C:\Windows\System\jrTDyTa.exe
  2⤵
  PID:6584
- C:\Windows\System\LaMjZjQ.exe
  C:\Windows\System\LaMjZjQ.exe
  2⤵
  PID:6600
- C:\Windows\System\FXAByuX.exe
  C:\Windows\System\FXAByuX.exe
  2⤵
  PID:6620
- C:\Windows\System\VHorVbK.exe
  C:\Windows\System\VHorVbK.exe
  2⤵
  PID:6636
- C:\Windows\System\kHoYINw.exe
  C:\Windows\System\kHoYINw.exe
  2⤵
  PID:6652
- C:\Windows\System\rytQdrb.exe
  C:\Windows\System\rytQdrb.exe
  2⤵
  PID:6668
- C:\Windows\System\kuCyQRO.exe
  C:\Windows\System\kuCyQRO.exe
  2⤵
  PID:6684
- C:\Windows\System\udfGYlS.exe
  C:\Windows\System\udfGYlS.exe
  2⤵
  PID:6700
- C:\Windows\System\endJjIH.exe
  C:\Windows\System\endJjIH.exe
  2⤵
  PID:6716
- C:\Windows\System\CQzJjzy.exe
  C:\Windows\System\CQzJjzy.exe
  2⤵
  PID:6732
- C:\Windows\System\fycKddn.exe
  C:\Windows\System\fycKddn.exe
  2⤵
  PID:6748
- C:\Windows\System\bPRYpRS.exe
  C:\Windows\System\bPRYpRS.exe
  2⤵
  PID:6764
- C:\Windows\System\rviQwQd.exe
  C:\Windows\System\rviQwQd.exe
  2⤵
  PID:6780
- C:\Windows\System\tmFoJFd.exe
  C:\Windows\System\tmFoJFd.exe
  2⤵
  PID:6796
- C:\Windows\System\BJhhKVK.exe
  C:\Windows\System\BJhhKVK.exe
  2⤵
  PID:6812
- C:\Windows\System\oyihWan.exe
  C:\Windows\System\oyihWan.exe
  2⤵
  PID:6828
- C:\Windows\System\yoraikX.exe
  C:\Windows\System\yoraikX.exe
  2⤵
  PID:6844
- C:\Windows\System\yRbvAHo.exe
  C:\Windows\System\yRbvAHo.exe
  2⤵
  PID:6860
- C:\Windows\System\xJXqwnx.exe
  C:\Windows\System\xJXqwnx.exe
  2⤵
  PID:6896
- C:\Windows\System\jjRzOyS.exe
  C:\Windows\System\jjRzOyS.exe
  2⤵
  PID:6916
- C:\Windows\System\IthEpFN.exe
  C:\Windows\System\IthEpFN.exe
  2⤵
  PID:6932
- C:\Windows\System\UYgqZxb.exe
  C:\Windows\System\UYgqZxb.exe
  2⤵
  PID:6952
- C:\Windows\System\rbzGMcG.exe
  C:\Windows\System\rbzGMcG.exe
  2⤵
  PID:6968
- C:\Windows\System\Ptzbozl.exe
  C:\Windows\System\Ptzbozl.exe
  2⤵
  PID:6984
- C:\Windows\System\vAJSOlK.exe
  C:\Windows\System\vAJSOlK.exe
  2⤵
  PID:7000
- C:\Windows\System\RjIuNna.exe
  C:\Windows\System\RjIuNna.exe
  2⤵
  PID:7016
- C:\Windows\System\kVuBgHx.exe
  C:\Windows\System\kVuBgHx.exe
  2⤵
  PID:7032
- C:\Windows\System\fAMQOHr.exe
  C:\Windows\System\fAMQOHr.exe
  2⤵
  PID:7048
- C:\Windows\System\DuSXNix.exe
  C:\Windows\System\DuSXNix.exe
  2⤵
  PID:7064
- C:\Windows\System\dwTLfwi.exe
  C:\Windows\System\dwTLfwi.exe
  2⤵
  PID:7080
- C:\Windows\System\NlVaGjK.exe
  C:\Windows\System\NlVaGjK.exe
  2⤵
  PID:7096
- C:\Windows\System\FICHJvN.exe
  C:\Windows\System\FICHJvN.exe
  2⤵
  PID:7112
- C:\Windows\System\dABopkw.exe
  C:\Windows\System\dABopkw.exe
  2⤵
  PID:7128
- C:\Windows\System\mKNawTK.exe
  C:\Windows\System\mKNawTK.exe
  2⤵
  PID:7144
- C:\Windows\System\qbTxiqa.exe
  C:\Windows\System\qbTxiqa.exe
  2⤵
  PID:7160
- C:\Windows\System\mlCoMpi.exe
  C:\Windows\System\mlCoMpi.exe
  2⤵
  PID:6172
- C:\Windows\System\ZQJMmum.exe
  C:\Windows\System\ZQJMmum.exe
  2⤵
  PID:6188
- C:\Windows\System\EeySILk.exe
  C:\Windows\System\EeySILk.exe
  2⤵
  PID:6256
- C:\Windows\System\vibUhzd.exe
  C:\Windows\System\vibUhzd.exe
  2⤵
  PID:6304
- C:\Windows\System\hzGEyiO.exe
  C:\Windows\System\hzGEyiO.exe
  2⤵
  PID:6252
- C:\Windows\System\zcnrtlK.exe
  C:\Windows\System\zcnrtlK.exe
  2⤵
  PID:6336
- C:\Windows\System\TxpJibQ.exe
  C:\Windows\System\TxpJibQ.exe
  2⤵
  PID:6356
- C:\Windows\System\PyCgPeZ.exe
  C:\Windows\System\PyCgPeZ.exe
  2⤵
  PID:6372
- C:\Windows\System\oiJFWgu.exe
  C:\Windows\System\oiJFWgu.exe
  2⤵
  PID:6384
- C:\Windows\System\QBrcOqS.exe
  C:\Windows\System\QBrcOqS.exe
  2⤵
  PID:6448
- C:\Windows\System\DIWoNnb.exe
  C:\Windows\System\DIWoNnb.exe
  2⤵
  PID:6484
- C:\Windows\System\mUTSbto.exe
  C:\Windows\System\mUTSbto.exe
  2⤵
  PID:6512
- C:\Windows\System\ThJnPKD.exe
  C:\Windows\System\ThJnPKD.exe
  2⤵
  PID:6560
- C:\Windows\System\rdupoAs.exe
  C:\Windows\System\rdupoAs.exe
  2⤵
  PID:6548
- C:\Windows\System\aMzTLEQ.exe
  C:\Windows\System\aMzTLEQ.exe
  2⤵
  PID:6596
- C:\Windows\System\cPVoCPF.exe
  C:\Windows\System\cPVoCPF.exe
  2⤵
  PID:6648
- C:\Windows\System\jCONQpK.exe
  C:\Windows\System\jCONQpK.exe
  2⤵
  PID:6632
- C:\Windows\System\JuJMlBU.exe
  C:\Windows\System\JuJMlBU.exe
  2⤵
  PID:6696
- C:\Windows\System\AsYoejd.exe
  C:\Windows\System\AsYoejd.exe
  2⤵
  PID:6756
- C:\Windows\System\hmNFzjz.exe
  C:\Windows\System\hmNFzjz.exe
  2⤵
  PID:6792
- C:\Windows\System\zfZLyTk.exe
  C:\Windows\System\zfZLyTk.exe
  2⤵
  PID:6772
- C:\Windows\System\WJledeV.exe
  C:\Windows\System\WJledeV.exe
  2⤵
  PID:6804
- C:\Windows\System\UfHPmoK.exe
  C:\Windows\System\UfHPmoK.exe
  2⤵
  PID:6868
- C:\Windows\System\mmrckDk.exe
  C:\Windows\System\mmrckDk.exe
  2⤵
  PID:6888
- C:\Windows\System\EOPnKgn.exe
  C:\Windows\System\EOPnKgn.exe
  2⤵
  PID:6908
- C:\Windows\System\DeGTKJW.exe
  C:\Windows\System\DeGTKJW.exe
  2⤵
  PID:6976
- C:\Windows\System\BYURcKd.exe
  C:\Windows\System\BYURcKd.exe
  2⤵
  PID:6928
- C:\Windows\System\nPqYvIs.exe
  C:\Windows\System\nPqYvIs.exe
  2⤵
  PID:7040
- C:\Windows\System\vUuTFqC.exe
  C:\Windows\System\vUuTFqC.exe
  2⤵
  PID:7028
- C:\Windows\System\BmfgMCy.exe
  C:\Windows\System\BmfgMCy.exe
  2⤵
  PID:6992
- C:\Windows\System\hDVrZEJ.exe
  C:\Windows\System\hDVrZEJ.exe
  2⤵
  PID:7092
- C:\Windows\System\FStXSez.exe
  C:\Windows\System\FStXSez.exe
  2⤵
  PID:5620
- C:\Windows\System\mwbfJJf.exe
  C:\Windows\System\mwbfJJf.exe
  2⤵
  PID:6072
- C:\Windows\System\FlHOkFA.exe
  C:\Windows\System\FlHOkFA.exe
  2⤵
  PID:5796
- C:\Windows\System\eOtAyva.exe
  C:\Windows\System\eOtAyva.exe
  2⤵
  PID:6240
- C:\Windows\System\IRDdKTS.exe
  C:\Windows\System\IRDdKTS.exe
  2⤵
  PID:6224
- C:\Windows\System\LSHyBSZ.exe
  C:\Windows\System\LSHyBSZ.exe
  2⤵
  PID:6352
- C:\Windows\System\iVYvIEv.exe
  C:\Windows\System\iVYvIEv.exe
  2⤵
  PID:6436
- C:\Windows\System\XSQSnvl.exe
  C:\Windows\System\XSQSnvl.exe
  2⤵
  PID:6468
- C:\Windows\System\JQXlWxG.exe
  C:\Windows\System\JQXlWxG.exe
  2⤵
  PID:5356
- C:\Windows\System\GeYUnUE.exe
  C:\Windows\System\GeYUnUE.exe
  2⤵
  PID:6516
- C:\Windows\System\GGAMBka.exe
  C:\Windows\System\GGAMBka.exe
  2⤵
  PID:6680
- C:\Windows\System\pkpDykO.exe
  C:\Windows\System\pkpDykO.exe
  2⤵
  PID:6664
- C:\Windows\System\GdsbxYE.exe
  C:\Windows\System\GdsbxYE.exe
  2⤵
  PID:5996
- C:\Windows\System\yomlzKv.exe
  C:\Windows\System\yomlzKv.exe
  2⤵
  PID:6808
- C:\Windows\System\JeMgRLe.exe
  C:\Windows\System\JeMgRLe.exe
  2⤵
  PID:7012
- C:\Windows\System\DxgXmYJ.exe
  C:\Windows\System\DxgXmYJ.exe
  2⤵
  PID:6872
- C:\Windows\System\bGhyphY.exe
  C:\Windows\System\bGhyphY.exe
  2⤵
  PID:7140
- C:\Windows\System\INDGlqU.exe
  C:\Windows\System\INDGlqU.exe
  2⤵
  PID:5772
- C:\Windows\System\jeMGscU.exe
  C:\Windows\System\jeMGscU.exe
  2⤵
  PID:7088
- C:\Windows\System\CCBRDYq.exe
  C:\Windows\System\CCBRDYq.exe
  2⤵
  PID:5524
- C:\Windows\System\REsKbSc.exe
  C:\Windows\System\REsKbSc.exe
  2⤵
  PID:6324
- C:\Windows\System\hNScYIa.exe
  C:\Windows\System\hNScYIa.exe
  2⤵
  PID:6432
- C:\Windows\System\INXVxBX.exe
  C:\Windows\System\INXVxBX.exe
  2⤵
  PID:6692
- C:\Windows\System\AUVflfI.exe
  C:\Windows\System\AUVflfI.exe
  2⤵
  PID:6836
- C:\Windows\System\tdybPGM.exe
  C:\Windows\System\tdybPGM.exe
  2⤵
  PID:6788
- C:\Windows\System\IJbfAlg.exe
  C:\Windows\System\IJbfAlg.exe
  2⤵
  PID:7156
- C:\Windows\System\rbQWFUb.exe
  C:\Windows\System\rbQWFUb.exe
  2⤵
  PID:6292
- C:\Windows\System\nDDVIxy.exe
  C:\Windows\System\nDDVIxy.exe
  2⤵
  PID:6644
- C:\Windows\System\EZNFGXw.exe
  C:\Windows\System\EZNFGXw.exe
  2⤵
  PID:7180
- C:\Windows\System\weFQhof.exe
  C:\Windows\System\weFQhof.exe
  2⤵
  PID:7196
- C:\Windows\System\HBWFtSH.exe
  C:\Windows\System\HBWFtSH.exe
  2⤵
  PID:7212
- C:\Windows\System\zEGixew.exe
  C:\Windows\System\zEGixew.exe
  2⤵
  PID:7228
- C:\Windows\System\VWTpZjn.exe
  C:\Windows\System\VWTpZjn.exe
  2⤵
  PID:7244
- C:\Windows\System\mrdoMaA.exe
  C:\Windows\System\mrdoMaA.exe
  2⤵
  PID:7260
- C:\Windows\System\MRuQUbK.exe
  C:\Windows\System\MRuQUbK.exe
  2⤵
  PID:7276
- C:\Windows\System\sdubeGm.exe
  C:\Windows\System\sdubeGm.exe
  2⤵
  PID:7292
- C:\Windows\System\xIOFKqM.exe
  C:\Windows\System\xIOFKqM.exe
  2⤵
  PID:7308
- C:\Windows\System\hwqwPlh.exe
  C:\Windows\System\hwqwPlh.exe
  2⤵
  PID:7328
- C:\Windows\System\WuRRqXW.exe
  C:\Windows\System\WuRRqXW.exe
  2⤵
  PID:7344
- C:\Windows\System\CWNoAri.exe
  C:\Windows\System\CWNoAri.exe
  2⤵
  PID:7360
- C:\Windows\System\JDtYdKx.exe
  C:\Windows\System\JDtYdKx.exe
  2⤵
  PID:7376
- C:\Windows\System\dQXxrHA.exe
  C:\Windows\System\dQXxrHA.exe
  2⤵
  PID:7392
- C:\Windows\System\vOBsnhc.exe
  C:\Windows\System\vOBsnhc.exe
  2⤵
  PID:7412
- C:\Windows\System\qphOpQM.exe
  C:\Windows\System\qphOpQM.exe
  2⤵
  PID:7428
- C:\Windows\System\vOOYuWn.exe
  C:\Windows\System\vOOYuWn.exe
  2⤵
  PID:7444
- C:\Windows\System\pxlnBZF.exe
  C:\Windows\System\pxlnBZF.exe
  2⤵
  PID:7460
- C:\Windows\System\GjLQEmd.exe
  C:\Windows\System\GjLQEmd.exe
  2⤵
  PID:7476
- C:\Windows\System\FZZnlPh.exe
  C:\Windows\System\FZZnlPh.exe
  2⤵
  PID:7492
- C:\Windows\System\VkqTWOA.exe
  C:\Windows\System\VkqTWOA.exe
  2⤵
  PID:7508
- C:\Windows\System\cqcQjnl.exe
  C:\Windows\System\cqcQjnl.exe
  2⤵
  PID:7524
- C:\Windows\System\GqmjjFO.exe
  C:\Windows\System\GqmjjFO.exe
  2⤵
  PID:7540
- C:\Windows\System\XFeAFhn.exe
  C:\Windows\System\XFeAFhn.exe
  2⤵
  PID:7556
- C:\Windows\System\QOoWJWx.exe
  C:\Windows\System\QOoWJWx.exe
  2⤵
  PID:7572
- C:\Windows\System\sjjTCdl.exe
  C:\Windows\System\sjjTCdl.exe
  2⤵
  PID:7588
- C:\Windows\System\dLmoEXy.exe
  C:\Windows\System\dLmoEXy.exe
  2⤵
  PID:7608
- C:\Windows\System\EbibUPj.exe
  C:\Windows\System\EbibUPj.exe
  2⤵
  PID:7624
- C:\Windows\System\ccMfcxF.exe
  C:\Windows\System\ccMfcxF.exe
  2⤵
  PID:7640
- C:\Windows\System\PrBIDrc.exe
  C:\Windows\System\PrBIDrc.exe
  2⤵
  PID:7656
- C:\Windows\System\vMfemRy.exe
  C:\Windows\System\vMfemRy.exe
  2⤵
  PID:7672
- C:\Windows\System\KyuetRx.exe
  C:\Windows\System\KyuetRx.exe
  2⤵
  PID:7688
- C:\Windows\System\OASfPCU.exe
  C:\Windows\System\OASfPCU.exe
  2⤵
  PID:7704
- C:\Windows\System\OsZZHCK.exe
  C:\Windows\System\OsZZHCK.exe
  2⤵
  PID:7720
- C:\Windows\System\vFmeubL.exe
  C:\Windows\System\vFmeubL.exe
  2⤵
  PID:7736
- C:\Windows\System\RCFiCVk.exe
  C:\Windows\System\RCFiCVk.exe
  2⤵
  PID:7752
- C:\Windows\System\OrNeEpQ.exe
  C:\Windows\System\OrNeEpQ.exe
  2⤵
  PID:7768
- C:\Windows\System\huOOCoG.exe
  C:\Windows\System\huOOCoG.exe
  2⤵
  PID:7784
- C:\Windows\System\SViDFFX.exe
  C:\Windows\System\SViDFFX.exe
  2⤵
  PID:7800
- C:\Windows\System\CyaJOVq.exe
  C:\Windows\System\CyaJOVq.exe
  2⤵
  PID:7816
- C:\Windows\System\HagcKPn.exe
  C:\Windows\System\HagcKPn.exe
  2⤵
  PID:7832
- C:\Windows\System\WApViyd.exe
  C:\Windows\System\WApViyd.exe
  2⤵
  PID:7848
- C:\Windows\System\ffxrIDT.exe
  C:\Windows\System\ffxrIDT.exe
  2⤵
  PID:7864
- C:\Windows\System\DiujvQD.exe
  C:\Windows\System\DiujvQD.exe
  2⤵
  PID:7880
- C:\Windows\System\gHgNZgY.exe
  C:\Windows\System\gHgNZgY.exe
  2⤵
  PID:7896
- C:\Windows\System\pPkCyQJ.exe
  C:\Windows\System\pPkCyQJ.exe
  2⤵
  PID:7912
- C:\Windows\System\ZwjzrQV.exe
  C:\Windows\System\ZwjzrQV.exe
  2⤵
  PID:7928
- C:\Windows\System\qyaImWv.exe
  C:\Windows\System\qyaImWv.exe
  2⤵
  PID:7944
- C:\Windows\System\NNfZgAt.exe
  C:\Windows\System\NNfZgAt.exe
  2⤵
  PID:7960
- C:\Windows\System\cSHSCtP.exe
  C:\Windows\System\cSHSCtP.exe
  2⤵
  PID:7976
- C:\Windows\System\MSKEWZt.exe
  C:\Windows\System\MSKEWZt.exe
  2⤵
  PID:7992
- C:\Windows\System\qYicwts.exe
  C:\Windows\System\qYicwts.exe
  2⤵
  PID:8008
- C:\Windows\System\KEdDsZI.exe
  C:\Windows\System\KEdDsZI.exe
  2⤵
  PID:8024
- C:\Windows\System\JVBZufF.exe
  C:\Windows\System\JVBZufF.exe
  2⤵
  PID:8040
- C:\Windows\System\CBzzBMh.exe
  C:\Windows\System\CBzzBMh.exe
  2⤵
  PID:8056
- C:\Windows\System\ONkiZRy.exe
  C:\Windows\System\ONkiZRy.exe
  2⤵
  PID:8072
- C:\Windows\System\qAGgHNQ.exe
  C:\Windows\System\qAGgHNQ.exe
  2⤵
  PID:8088
- C:\Windows\System\sKrjzzy.exe
  C:\Windows\System\sKrjzzy.exe
  2⤵
  PID:8108
- C:\Windows\System\BiKSkwc.exe
  C:\Windows\System\BiKSkwc.exe
  2⤵
  PID:8124
- C:\Windows\System\GHjwROw.exe
  C:\Windows\System\GHjwROw.exe
  2⤵
  PID:8140
- C:\Windows\System\LqMDsIn.exe
  C:\Windows\System\LqMDsIn.exe
  2⤵
  PID:8156
- C:\Windows\System\BZvGkQz.exe
  C:\Windows\System\BZvGkQz.exe
  2⤵
  PID:7732
- C:\Windows\System\zatUKfY.exe
  C:\Windows\System\zatUKfY.exe
  2⤵
  PID:7776
- C:\Windows\System\aChpBZq.exe
  C:\Windows\System\aChpBZq.exe
  2⤵
  PID:7760
- C:\Windows\System\nIJDTHw.exe
  C:\Windows\System\nIJDTHw.exe
  2⤵
  PID:7872
- C:\Windows\System\jEyTFnh.exe
  C:\Windows\System\jEyTFnh.exe
  2⤵
  PID:7908
- C:\Windows\System\OmmRMaS.exe
  C:\Windows\System\OmmRMaS.exe
  2⤵
  PID:7828
- C:\Windows\System\zNvZPhR.exe
  C:\Windows\System\zNvZPhR.exe
  2⤵
  PID:7920
- C:\Windows\System\svqMDrD.exe
  C:\Windows\System\svqMDrD.exe
  2⤵
  PID:7956
- C:\Windows\System\xnhPWHc.exe
  C:\Windows\System\xnhPWHc.exe
  2⤵
  PID:7988
- C:\Windows\System\fpHLrAj.exe
  C:\Windows\System\fpHLrAj.exe
  2⤵
  PID:8084
- C:\Windows\System\lkwxUko.exe
  C:\Windows\System\lkwxUko.exe
  2⤵
  PID:8116
- C:\Windows\System\aBZuVSF.exe
  C:\Windows\System\aBZuVSF.exe
  2⤵
  PID:8000
- C:\Windows\System\WiLlnOp.exe
  C:\Windows\System\WiLlnOp.exe
  2⤵
  PID:8064
- C:\Windows\System\aREQhrO.exe
  C:\Windows\System\aREQhrO.exe
  2⤵
  PID:8152
- C:\Windows\System\nmUDvIv.exe
  C:\Windows\System\nmUDvIv.exe
  2⤵
  PID:8172
- C:\Windows\System\sczdCEq.exe
  C:\Windows\System\sczdCEq.exe
  2⤵
  PID:6724
- C:\Windows\System\ZIQmZjM.exe
  C:\Windows\System\ZIQmZjM.exe
  2⤵
  PID:7152
- C:\Windows\System\xlsDmvU.exe
  C:\Windows\System\xlsDmvU.exe
  2⤵
  PID:6892
- C:\Windows\System\xUlaEvZ.exe
  C:\Windows\System\xUlaEvZ.exe
  2⤵
  PID:7008
- C:\Windows\System\iGlxCth.exe
  C:\Windows\System\iGlxCth.exe
  2⤵
  PID:6944
- C:\Windows\System\cRkKazX.exe
  C:\Windows\System\cRkKazX.exe
  2⤵
  PID:6884
- C:\Windows\System\nEHdvoB.exe
  C:\Windows\System\nEHdvoB.exe
  2⤵
  PID:7208
- C:\Windows\System\QqvocbR.exe
  C:\Windows\System\QqvocbR.exe
  2⤵
  PID:7268
- C:\Windows\System\SCWDJLE.exe
  C:\Windows\System\SCWDJLE.exe
  2⤵
  PID:7300
- C:\Windows\System\cPHawrb.exe
  C:\Windows\System\cPHawrb.exe
  2⤵
  PID:7316
- C:\Windows\System\eZTOXdC.exe
  C:\Windows\System\eZTOXdC.exe
  2⤵
  PID:7408
- C:\Windows\System\DamGUao.exe
  C:\Windows\System\DamGUao.exe
  2⤵
  PID:7368
- C:\Windows\System\qmIvHlE.exe
  C:\Windows\System\qmIvHlE.exe
  2⤵
  PID:7384
- C:\Windows\System\VcnZxCO.exe
  C:\Windows\System\VcnZxCO.exe
  2⤵
  PID:7440
- C:\Windows\System\BFgnGnf.exe
  C:\Windows\System\BFgnGnf.exe
  2⤵
  PID:7500
- C:\Windows\System\whKNHsu.exe
  C:\Windows\System\whKNHsu.exe
  2⤵
  PID:7452
- C:\Windows\System\KPzDzSe.exe
  C:\Windows\System\KPzDzSe.exe
  2⤵
  PID:7516
- C:\Windows\System\xGmcpSu.exe
  C:\Windows\System\xGmcpSu.exe
  2⤵
  PID:7324
- C:\Windows\System\CFlkMuT.exe
  C:\Windows\System\CFlkMuT.exe
  2⤵
  PID:7548
- C:\Windows\System\cmDFRaJ.exe
  C:\Windows\System\cmDFRaJ.exe
  2⤵
  PID:7616
- C:\Windows\System\ExeZskV.exe
  C:\Windows\System\ExeZskV.exe
  2⤵
  PID:7632
- C:\Windows\System\HZTEcRq.exe
  C:\Windows\System\HZTEcRq.exe
  2⤵
  PID:7668
- C:\Windows\System\rtzifzH.exe
  C:\Windows\System\rtzifzH.exe
  2⤵
  PID:7684
- C:\Windows\System\htahZni.exe
  C:\Windows\System\htahZni.exe
  2⤵
  PID:7812
- C:\Windows\System\HwHzqyV.exe
  C:\Windows\System\HwHzqyV.exe
  2⤵
  PID:7792
- C:\Windows\System\EkOuELn.exe
  C:\Windows\System\EkOuELn.exe
  2⤵
  PID:7856
- C:\Windows\System\SoNIyyz.exe
  C:\Windows\System\SoNIyyz.exe
  2⤵
  PID:7860
- C:\Windows\System\vghIsma.exe
  C:\Windows\System\vghIsma.exe
  2⤵
  PID:7972
- C:\Windows\System\BtZPPbD.exe
  C:\Windows\System\BtZPPbD.exe
  2⤵
  PID:8036
- C:\Windows\System\yPCFytJ.exe
  C:\Windows\System\yPCFytJ.exe
  2⤵
  PID:8184
- C:\Windows\System\ivQJrYT.exe
  C:\Windows\System\ivQJrYT.exe
  2⤵
  PID:6760
- C:\Windows\System\WaXIghG.exe
  C:\Windows\System\WaXIghG.exe
  2⤵
  PID:7604
- C:\Windows\System\PKPrkeU.exe
  C:\Windows\System\PKPrkeU.exe
  2⤵
  PID:7204
- C:\Windows\System\HHsZXYo.exe
  C:\Windows\System\HHsZXYo.exe
  2⤵
  PID:7236
- C:\Windows\System\HVRfCKW.exe
  C:\Windows\System\HVRfCKW.exe
  2⤵
  PID:7220
- C:\Windows\System\owOrgrI.exe
  C:\Windows\System\owOrgrI.exe
  2⤵
  PID:7240
- C:\Windows\System\QKSapFc.exe
  C:\Windows\System\QKSapFc.exe
  2⤵
  PID:7468
- C:\Windows\System\oAvFBif.exe
  C:\Windows\System\oAvFBif.exe
  2⤵
  PID:7532
- C:\Windows\System\ROmBDqT.exe
  C:\Windows\System\ROmBDqT.exe
  2⤵
  PID:7536
- C:\Windows\System\dGwjIjh.exe
  C:\Windows\System\dGwjIjh.exe
  2⤵
  PID:7568
- C:\Windows\System\CSwbTko.exe
  C:\Windows\System\CSwbTko.exe
  2⤵
  PID:7808
- C:\Windows\System\cYwfThg.exe
  C:\Windows\System\cYwfThg.exe
  2⤵
  PID:7716
- C:\Windows\System\nKiAvsM.exe
  C:\Windows\System\nKiAvsM.exe
  2⤵
  PID:7940
- C:\Windows\System\zwdQJxK.exe
  C:\Windows\System\zwdQJxK.exe
  2⤵
  PID:7700
- C:\Windows\System\qTbDUcb.exe
  C:\Windows\System\qTbDUcb.exe
  2⤵
  PID:8136
- C:\Windows\System\QvuXeBz.exe
  C:\Windows\System\QvuXeBz.exe
  2⤵
  PID:7600
- C:\Windows\System\sZvEmJt.exe
  C:\Windows\System\sZvEmJt.exe
  2⤵
  PID:7120
- C:\Windows\System\rZsVXvK.exe
  C:\Windows\System\rZsVXvK.exe
  2⤵
  PID:7172
- C:\Windows\System\CcZclMi.exe
  C:\Windows\System\CcZclMi.exe
  2⤵
  PID:7484
- C:\Windows\System\UvDsgrg.exe
  C:\Windows\System\UvDsgrg.exe
  2⤵
  PID:7340
- C:\Windows\System\RhbyICj.exe
  C:\Windows\System\RhbyICj.exe
  2⤵
  PID:7584
- C:\Windows\System\DSRidTq.exe
  C:\Windows\System\DSRidTq.exe
  2⤵
  PID:7844
- C:\Windows\System\cmhZorO.exe
  C:\Windows\System\cmhZorO.exe
  2⤵
  PID:8120
- C:\Windows\System\wXxHHQL.exe
  C:\Windows\System\wXxHHQL.exe
  2⤵
  PID:8188
- C:\Windows\System\KhgpWdk.exe
  C:\Windows\System\KhgpWdk.exe
  2⤵
  PID:7252
- C:\Windows\System\rJkUGqb.exe
  C:\Windows\System\rJkUGqb.exe
  2⤵
  PID:8176
- C:\Windows\System\AgrDVuw.exe
  C:\Windows\System\AgrDVuw.exe
  2⤵
  PID:8052
- C:\Windows\System\zFwSABr.exe
  C:\Windows\System\zFwSABr.exe
  2⤵
  PID:8200
- C:\Windows\System\ovASTpP.exe
  C:\Windows\System\ovASTpP.exe
  2⤵
  PID:8216
- C:\Windows\System\vDRIcwl.exe
  C:\Windows\System\vDRIcwl.exe
  2⤵
  PID:8232
- C:\Windows\System\xshyYzb.exe
  C:\Windows\System\xshyYzb.exe
  2⤵
  PID:8252
- C:\Windows\System\ktDYeyZ.exe
  C:\Windows\System\ktDYeyZ.exe
  2⤵
  PID:8272
- C:\Windows\System\jtuwYWm.exe
  C:\Windows\System\jtuwYWm.exe
  2⤵
  PID:8288
- C:\Windows\System\wFcenKZ.exe
  C:\Windows\System\wFcenKZ.exe
  2⤵
  PID:8304
- C:\Windows\System\hBbsjuY.exe
  C:\Windows\System\hBbsjuY.exe
  2⤵
  PID:8320
- C:\Windows\System\pESKMox.exe
  C:\Windows\System\pESKMox.exe
  2⤵
  PID:8340
- C:\Windows\System\LPWWmvn.exe
  C:\Windows\System\LPWWmvn.exe
  2⤵
  PID:8356
- C:\Windows\System\inwEjiu.exe
  C:\Windows\System\inwEjiu.exe
  2⤵
  PID:8372
- C:\Windows\System\MBwmMsp.exe
  C:\Windows\System\MBwmMsp.exe
  2⤵
  PID:8392
- C:\Windows\System\oSENzoJ.exe
  C:\Windows\System\oSENzoJ.exe
  2⤵
  PID:8408
- C:\Windows\System\QTgvRIm.exe
  C:\Windows\System\QTgvRIm.exe
  2⤵
  PID:8424
- C:\Windows\System\TxtTVzo.exe
  C:\Windows\System\TxtTVzo.exe
  2⤵
  PID:8440
- C:\Windows\System\NMnVTfs.exe
  C:\Windows\System\NMnVTfs.exe
  2⤵
  PID:8456
- C:\Windows\System\HAFMGaP.exe
  C:\Windows\System\HAFMGaP.exe
  2⤵
  PID:8472
- C:\Windows\System\FWMVbmE.exe
  C:\Windows\System\FWMVbmE.exe
  2⤵
  PID:8488
- C:\Windows\System\AYodedS.exe
  C:\Windows\System\AYodedS.exe
  2⤵
  PID:8504
- C:\Windows\System\UzzHjEx.exe
  C:\Windows\System\UzzHjEx.exe
  2⤵
  PID:8520
- C:\Windows\System\oSBUbxr.exe
  C:\Windows\System\oSBUbxr.exe
  2⤵
  PID:8536
- C:\Windows\System\qXEwTdc.exe
  C:\Windows\System\qXEwTdc.exe
  2⤵
  PID:8552
- C:\Windows\System\nqCITcj.exe
  C:\Windows\System\nqCITcj.exe
  2⤵
  PID:8568
- C:\Windows\System\mvJqlef.exe
  C:\Windows\System\mvJqlef.exe
  2⤵
  PID:8588
- C:\Windows\System\OkcsxVy.exe
  C:\Windows\System\OkcsxVy.exe
  2⤵
  PID:8604
- C:\Windows\System\sFaavfH.exe
  C:\Windows\System\sFaavfH.exe
  2⤵
  PID:8620
- C:\Windows\System\nyzJsGN.exe
  C:\Windows\System\nyzJsGN.exe
  2⤵
  PID:8636
- C:\Windows\System\xzOrbbc.exe
  C:\Windows\System\xzOrbbc.exe
  2⤵
  PID:8652
- C:\Windows\System\YWgdgmq.exe
  C:\Windows\System\YWgdgmq.exe
  2⤵
  PID:8668
- C:\Windows\System\fpCvnmQ.exe
  C:\Windows\System\fpCvnmQ.exe
  2⤵
  PID:8684
- C:\Windows\System\ktPwpal.exe
  C:\Windows\System\ktPwpal.exe
  2⤵
  PID:8700
- C:\Windows\System\KVTNXea.exe
  C:\Windows\System\KVTNXea.exe
  2⤵
  PID:8716
- C:\Windows\System\CENkzDf.exe
  C:\Windows\System\CENkzDf.exe
  2⤵
  PID:8732
- C:\Windows\System\ROsAlgu.exe
  C:\Windows\System\ROsAlgu.exe
  2⤵
  PID:8748
- C:\Windows\System\iizNCGa.exe
  C:\Windows\System\iizNCGa.exe
  2⤵
  PID:8764
- C:\Windows\System\eMTdJMV.exe
  C:\Windows\System\eMTdJMV.exe
  2⤵
  PID:8780
- C:\Windows\System\CdFyoaV.exe
  C:\Windows\System\CdFyoaV.exe
  2⤵
  PID:8796
- C:\Windows\System\xKJNtkD.exe
  C:\Windows\System\xKJNtkD.exe
  2⤵
  PID:8812
- C:\Windows\System\NMdkLHM.exe
  C:\Windows\System\NMdkLHM.exe
  2⤵
  PID:8828
- C:\Windows\System\oqAfWbj.exe
  C:\Windows\System\oqAfWbj.exe
  2⤵
  PID:8844
- C:\Windows\System\MKXLwBl.exe
  C:\Windows\System\MKXLwBl.exe
  2⤵
  PID:8860
- C:\Windows\System\cEoxKDW.exe
  C:\Windows\System\cEoxKDW.exe
  2⤵
  PID:8876
- C:\Windows\System\zTnAmjd.exe
  C:\Windows\System\zTnAmjd.exe
  2⤵
  PID:8892
- C:\Windows\System\OXhPjmd.exe
  C:\Windows\System\OXhPjmd.exe
  2⤵
  PID:8908
- C:\Windows\System\VIYejdQ.exe
  C:\Windows\System\VIYejdQ.exe
  2⤵
  PID:8924
- C:\Windows\System\rWBszRq.exe
  C:\Windows\System\rWBszRq.exe
  2⤵
  PID:8940
- C:\Windows\System\WfKTNGg.exe
  C:\Windows\System\WfKTNGg.exe
  2⤵
  PID:8956
- C:\Windows\System\bQEIElg.exe
  C:\Windows\System\bQEIElg.exe
  2⤵
  PID:8972
- C:\Windows\System\bKXINTY.exe
  C:\Windows\System\bKXINTY.exe
  2⤵
  PID:8988
- C:\Windows\System\UnGYmBy.exe
  C:\Windows\System\UnGYmBy.exe
  2⤵
  PID:9004
- C:\Windows\System\lAMsNTK.exe
  C:\Windows\System\lAMsNTK.exe
  2⤵
  PID:9024
- C:\Windows\System\tMUpiAz.exe
  C:\Windows\System\tMUpiAz.exe
  2⤵
  PID:9040
- C:\Windows\System\NBDRrWY.exe
  C:\Windows\System\NBDRrWY.exe
  2⤵
  PID:9056
- C:\Windows\System\QwLYTly.exe
  C:\Windows\System\QwLYTly.exe
  2⤵
  PID:9072
- C:\Windows\System\zWiJKce.exe
  C:\Windows\System\zWiJKce.exe
  2⤵
  PID:9088
- C:\Windows\System\mKbTJfx.exe
  C:\Windows\System\mKbTJfx.exe
  2⤵
  PID:9104
- C:\Windows\System\zlXamAj.exe
  C:\Windows\System\zlXamAj.exe
  2⤵
  PID:9120
- C:\Windows\System\DGwUcCI.exe
  C:\Windows\System\DGwUcCI.exe
  2⤵
  PID:9136
- C:\Windows\System\lSbhTke.exe
  C:\Windows\System\lSbhTke.exe
  2⤵
  PID:9156
- C:\Windows\System\BaljIxH.exe
  C:\Windows\System\BaljIxH.exe
  2⤵
  PID:9172
- C:\Windows\System\qqWVxBp.exe
  C:\Windows\System\qqWVxBp.exe
  2⤵
  PID:9188
- C:\Windows\System\LfoAUfz.exe
  C:\Windows\System\LfoAUfz.exe
  2⤵
  PID:9204
- C:\Windows\System\tfJyWvo.exe
  C:\Windows\System\tfJyWvo.exe
  2⤵
  PID:7664
- C:\Windows\System\yGGxpjx.exe
  C:\Windows\System\yGGxpjx.exe
  2⤵
  PID:7564
- C:\Windows\System\QnANsLn.exe
  C:\Windows\System\QnANsLn.exe
  2⤵
  PID:7352
- C:\Windows\System\JUqEtsJ.exe
  C:\Windows\System\JUqEtsJ.exe
  2⤵
  PID:8208
- C:\Windows\System\OHcmrkT.exe
  C:\Windows\System\OHcmrkT.exe
  2⤵
  PID:8268
- C:\Windows\System\Edgasch.exe
  C:\Windows\System\Edgasch.exe
  2⤵
  PID:8244
- C:\Windows\System\sUYUMpp.exe
  C:\Windows\System\sUYUMpp.exe
  2⤵
  PID:8316
- C:\Windows\System\FxObNPG.exe
  C:\Windows\System\FxObNPG.exe
  2⤵
  PID:8336
- C:\Windows\System\MKgUoMK.exe
  C:\Windows\System\MKgUoMK.exe
  2⤵
  PID:8388
- C:\Windows\System\uThsPtt.exe
  C:\Windows\System\uThsPtt.exe
  2⤵
  PID:8384
- C:\Windows\System\TCwOYBJ.exe
  C:\Windows\System\TCwOYBJ.exe
  2⤵
  PID:8448
- C:\Windows\System\DYBZnnP.exe
  C:\Windows\System\DYBZnnP.exe
  2⤵
  PID:8484
- C:\Windows\System\cmNLIyo.exe
  C:\Windows\System\cmNLIyo.exe
  2⤵
  PID:8500
- C:\Windows\System\WDfHyTb.exe
  C:\Windows\System\WDfHyTb.exe
  2⤵
  PID:8516
- C:\Windows\System\lsrbevj.exe
  C:\Windows\System\lsrbevj.exe
  2⤵
  PID:8584
- C:\Windows\System\OeIObyf.exe
  C:\Windows\System\OeIObyf.exe
  2⤵
  PID:8676
- C:\Windows\System\QTnHqgU.exe
  C:\Windows\System\QTnHqgU.exe
  2⤵
  PID:8708
- C:\Windows\System\VfndIuA.exe
  C:\Windows\System\VfndIuA.exe
  2⤵
  PID:8632
- C:\Windows\System\VzQZRHd.exe
  C:\Windows\System\VzQZRHd.exe
  2⤵
  PID:8660
- C:\Windows\System\khKXlTF.exe
  C:\Windows\System\khKXlTF.exe
  2⤵
  PID:8744
- C:\Windows\System\LeMycLs.exe
  C:\Windows\System\LeMycLs.exe
  2⤵
  PID:8760
- C:\Windows\System\BojrbFB.exe
  C:\Windows\System\BojrbFB.exe
  2⤵
  PID:748
- C:\Windows\System\zphtYsQ.exe
  C:\Windows\System\zphtYsQ.exe
  2⤵
  PID:8824
- C:\Windows\System\ZzrXESF.exe
  C:\Windows\System\ZzrXESF.exe
  2⤵
  PID:8888
- C:\Windows\System\caliAuz.exe
  C:\Windows\System\caliAuz.exe
  2⤵
  PID:8916
- C:\Windows\System\nbQVTxs.exe
  C:\Windows\System\nbQVTxs.exe
  2⤵
  PID:8952
- C:\Windows\System\XRucZas.exe
  C:\Windows\System\XRucZas.exe
  2⤵
  PID:9020
- C:\Windows\System\WDYvPmx.exe
  C:\Windows\System\WDYvPmx.exe
  2⤵
  PID:8904
- C:\Windows\System\PrsuOEW.exe
  C:\Windows\System\PrsuOEW.exe
  2⤵
  PID:8964
- C:\Windows\System\plzdKDC.exe
  C:\Windows\System\plzdKDC.exe
  2⤵
  PID:9048
- C:\Windows\System\TsegLCv.exe
  C:\Windows\System\TsegLCv.exe
  2⤵
  PID:9152
- C:\Windows\System\JjDCyfl.exe
  C:\Windows\System\JjDCyfl.exe
  2⤵
  PID:8080
- C:\Windows\System\iFYeNhT.exe
  C:\Windows\System\iFYeNhT.exe
  2⤵
  PID:9196
- C:\Windows\System\jXpdXAH.exe
  C:\Windows\System\jXpdXAH.exe
  2⤵
  PID:8228
- C:\Windows\System\DKxDPoU.exe
  C:\Windows\System\DKxDPoU.exe
  2⤵
  PID:8648
- C:\Windows\System\rOAhdfj.exe
  C:\Windows\System\rOAhdfj.exe
  2⤵
  PID:8628
- C:\Windows\System\aUbbDtm.exe
  C:\Windows\System\aUbbDtm.exe
  2⤵
  PID:8580
- C:\Windows\System\vZsLcql.exe
  C:\Windows\System\vZsLcql.exe
  2⤵
  PID:9064
- C:\Windows\System\MRZNSuh.exe
  C:\Windows\System\MRZNSuh.exe
  2⤵
  PID:9052
- C:\Windows\System\CfYyCzv.exe
  C:\Windows\System\CfYyCzv.exe
  2⤵
  PID:7400
- C:\Windows\System\fkrUqSw.exe
  C:\Windows\System\fkrUqSw.exe
  2⤵
  PID:2536
- C:\Windows\System\OabsHCe.exe
  C:\Windows\System\OabsHCe.exe
  2⤵
  PID:9212
- C:\Windows\System\YHPwTnD.exe
  C:\Windows\System\YHPwTnD.exe
  2⤵
  PID:9168
- C:\Windows\System\IeOoXaX.exe
  C:\Windows\System\IeOoXaX.exe
  2⤵
  PID:8260
- C:\Windows\System\sfTuENS.exe
  C:\Windows\System\sfTuENS.exe
  2⤵
  PID:8380
- C:\Windows\System\Amxnqwo.exe
  C:\Windows\System\Amxnqwo.exe
  2⤵
  PID:8600
- C:\Windows\System\enwsIIs.exe
  C:\Windows\System\enwsIIs.exe
  2⤵
  PID:8548
- C:\Windows\System\yMpNJvJ.exe
  C:\Windows\System\yMpNJvJ.exe
  2⤵
  PID:8564
- C:\Windows\System\XmoCfmS.exe
  C:\Windows\System\XmoCfmS.exe
  2⤵
  PID:8852
- C:\Windows\System\eEHGNOA.exe
  C:\Windows\System\eEHGNOA.exe
  2⤵
  PID:8776
- C:\Windows\System\dWZupqX.exe
  C:\Windows\System\dWZupqX.exe
  2⤵
  PID:8948
- C:\Windows\System\EKdUDrh.exe
  C:\Windows\System\EKdUDrh.exe
  2⤵
  PID:1748
- C:\Windows\System\nFhOMoK.exe
  C:\Windows\System\nFhOMoK.exe
  2⤵
  PID:9184
- C:\Windows\System\TfSDydi.exe
  C:\Windows\System\TfSDydi.exe
  2⤵
  PID:8436
- C:\Windows\System\rgedEeZ.exe
  C:\Windows\System\rgedEeZ.exe
  2⤵
  PID:8420
- C:\Windows\System\RvJFXHI.exe
  C:\Windows\System\RvJFXHI.exe
  2⤵
  PID:8712
- C:\Windows\System\fdsdmCB.exe
  C:\Windows\System\fdsdmCB.exe
  2⤵
  PID:7188
- C:\Windows\System\zwkEHth.exe
  C:\Windows\System\zwkEHth.exe
  2⤵
  PID:9276
- C:\Windows\System\xtbfpcZ.exe
  C:\Windows\System\xtbfpcZ.exe
  2⤵
  PID:9292
- C:\Windows\System\oVCNJCP.exe
  C:\Windows\System\oVCNJCP.exe
  2⤵
  PID:9308
- C:\Windows\System\LHsZNEP.exe
  C:\Windows\System\LHsZNEP.exe
  2⤵
  PID:9324
- C:\Windows\System\JweZcHG.exe
  C:\Windows\System\JweZcHG.exe
  2⤵
  PID:9340
- C:\Windows\System\hKyVuAA.exe
  C:\Windows\System\hKyVuAA.exe
  2⤵
  PID:9356
- C:\Windows\System\RHaHVcG.exe
  C:\Windows\System\RHaHVcG.exe
  2⤵
  PID:9372
- C:\Windows\System\DYGMLov.exe
  C:\Windows\System\DYGMLov.exe
  2⤵
  PID:9388
- C:\Windows\System\NQbYNOO.exe
  C:\Windows\System\NQbYNOO.exe
  2⤵
  PID:9404
- C:\Windows\System\ZqYzhWa.exe
  C:\Windows\System\ZqYzhWa.exe
  2⤵
  PID:9420
- C:\Windows\System\YQDaLeZ.exe
  C:\Windows\System\YQDaLeZ.exe
  2⤵
  PID:9436
- C:\Windows\System\WgRpqBa.exe
  C:\Windows\System\WgRpqBa.exe
  2⤵
  PID:9452
- C:\Windows\System\GeoaaCg.exe
  C:\Windows\System\GeoaaCg.exe
  2⤵
  PID:9468
- C:\Windows\System\oUciCCl.exe
  C:\Windows\System\oUciCCl.exe
  2⤵
  PID:9484
- C:\Windows\System\ANVWmrC.exe
  C:\Windows\System\ANVWmrC.exe
  2⤵
  PID:9500
- C:\Windows\System\EKfaKLR.exe
  C:\Windows\System\EKfaKLR.exe
  2⤵
  PID:9516
- C:\Windows\System\FypyxQG.exe
  C:\Windows\System\FypyxQG.exe
  2⤵
  PID:9532
- C:\Windows\System\xOKVpzD.exe
  C:\Windows\System\xOKVpzD.exe
  2⤵
  PID:9548
- C:\Windows\System\LzAXNjq.exe
  C:\Windows\System\LzAXNjq.exe
  2⤵
  PID:9568
- C:\Windows\System\Xrvgpul.exe
  C:\Windows\System\Xrvgpul.exe
  2⤵
  PID:9584
- C:\Windows\System\zLqbZnf.exe
  C:\Windows\System\zLqbZnf.exe
  2⤵
  PID:9600
- C:\Windows\System\QiACRkq.exe
  C:\Windows\System\QiACRkq.exe
  2⤵
  PID:9616
- C:\Windows\System\SpqoHzc.exe
  C:\Windows\System\SpqoHzc.exe
  2⤵
  PID:9632
- C:\Windows\System\EfRqROG.exe
  C:\Windows\System\EfRqROG.exe
  2⤵
  PID:9648
- C:\Windows\System\SiEjAYg.exe
  C:\Windows\System\SiEjAYg.exe
  2⤵
  PID:9664
- C:\Windows\System\ecPSFgh.exe
  C:\Windows\System\ecPSFgh.exe
  2⤵
  PID:9680
- C:\Windows\System\ZMzJgJb.exe
  C:\Windows\System\ZMzJgJb.exe
  2⤵
  PID:9696
- C:\Windows\System\qRrkMTb.exe
  C:\Windows\System\qRrkMTb.exe
  2⤵
  PID:9712
- C:\Windows\System\hvaLRSb.exe
  C:\Windows\System\hvaLRSb.exe
  2⤵
  PID:9728
- C:\Windows\System\wsTnMcx.exe
  C:\Windows\System\wsTnMcx.exe
  2⤵
  PID:9744
- C:\Windows\System\QiIbkmO.exe
  C:\Windows\System\QiIbkmO.exe
  2⤵
  PID:9760
- C:\Windows\System\JJFXXYY.exe
  C:\Windows\System\JJFXXYY.exe
  2⤵
  PID:9776
- C:\Windows\System\QkSbfai.exe
  C:\Windows\System\QkSbfai.exe
  2⤵
  PID:9792
- C:\Windows\System\OUgLWjZ.exe
  C:\Windows\System\OUgLWjZ.exe
  2⤵
  PID:9808
- C:\Windows\System\moOkMcB.exe
  C:\Windows\System\moOkMcB.exe
  2⤵
  PID:9824
- C:\Windows\System\dsPCEdK.exe
  C:\Windows\System\dsPCEdK.exe
  2⤵
  PID:9840
- C:\Windows\System\VxXWbHK.exe
  C:\Windows\System\VxXWbHK.exe
  2⤵
  PID:9856
- C:\Windows\System\eKiYVAn.exe
  C:\Windows\System\eKiYVAn.exe
  2⤵
  PID:9872
- C:\Windows\System\QwarEeT.exe
  C:\Windows\System\QwarEeT.exe
  2⤵
  PID:9888
- C:\Windows\System\TrNUnJz.exe
  C:\Windows\System\TrNUnJz.exe
  2⤵
  PID:9904
- C:\Windows\System\kWNPmJc.exe
  C:\Windows\System\kWNPmJc.exe
  2⤵
  PID:9920
- C:\Windows\System\vrtZZls.exe
  C:\Windows\System\vrtZZls.exe
  2⤵
  PID:9936
- C:\Windows\System\cFLQSSa.exe
  C:\Windows\System\cFLQSSa.exe
  2⤵
  PID:9952
- C:\Windows\System\mMZTDiy.exe
  C:\Windows\System\mMZTDiy.exe
  2⤵
  PID:9968
- C:\Windows\System\vYiEEYQ.exe
  C:\Windows\System\vYiEEYQ.exe
  2⤵
  PID:9984
- C:\Windows\System\kZEmPQl.exe
  C:\Windows\System\kZEmPQl.exe
  2⤵
  PID:10000
- C:\Windows\System\AAVJqFz.exe
  C:\Windows\System\AAVJqFz.exe
  2⤵
  PID:10016
- C:\Windows\System\HDZoXFi.exe
  C:\Windows\System\HDZoXFi.exe
  2⤵
  PID:10032
- C:\Windows\System\BTMqwXq.exe
  C:\Windows\System\BTMqwXq.exe
  2⤵
  PID:10048
- C:\Windows\System\jfURPZZ.exe
  C:\Windows\System\jfURPZZ.exe
  2⤵
  PID:10064
- C:\Windows\System\gXVyWFH.exe
  C:\Windows\System\gXVyWFH.exe
  2⤵
  PID:10084
- C:\Windows\System\KApSUxM.exe
  C:\Windows\System\KApSUxM.exe
  2⤵
  PID:10100
- C:\Windows\System\QjQEOOZ.exe
  C:\Windows\System\QjQEOOZ.exe
  2⤵
  PID:10116
- C:\Windows\System\tUSMkNR.exe
  C:\Windows\System\tUSMkNR.exe
  2⤵
  PID:10132
- C:\Windows\System\uWQPwbY.exe
  C:\Windows\System\uWQPwbY.exe
  2⤵
  PID:10148
- C:\Windows\System\XIONmKV.exe
  C:\Windows\System\XIONmKV.exe
  2⤵
  PID:10164
- C:\Windows\System\tnYuJsU.exe
  C:\Windows\System\tnYuJsU.exe
  2⤵
  PID:10180
- C:\Windows\System\yZEHGNB.exe
  C:\Windows\System\yZEHGNB.exe
  2⤵
  PID:10196
- C:\Windows\System\fzZEsdb.exe
  C:\Windows\System\fzZEsdb.exe
  2⤵
  PID:10216
- C:\Windows\System\rDFBRkW.exe
  C:\Windows\System\rDFBRkW.exe
  2⤵
  PID:10232
- C:\Windows\System\lZMwauD.exe
  C:\Windows\System\lZMwauD.exe
  2⤵
  PID:8756
- C:\Windows\System\DPoWsIX.exe
  C:\Windows\System\DPoWsIX.exe
  2⤵
  PID:9100
- C:\Windows\System\TEQsCwt.exe
  C:\Windows\System\TEQsCwt.exe
  2⤵
  PID:9080
- C:\Windows\System\ZjyhTwh.exe
  C:\Windows\System\ZjyhTwh.exe
  2⤵
  PID:8312
- C:\Windows\System\mrzqqKc.exe
  C:\Windows\System\mrzqqKc.exe
  2⤵
  PID:8400
- C:\Windows\System\OzbshtF.exe
  C:\Windows\System\OzbshtF.exe
  2⤵
  PID:8740
- C:\Windows\System\UnQSuMQ.exe
  C:\Windows\System\UnQSuMQ.exe
  2⤵
  PID:9144
- C:\Windows\System\nBafSKb.exe
  C:\Windows\System\nBafSKb.exe
  2⤵
  PID:8532
- C:\Windows\System\cGGyNdC.exe
  C:\Windows\System\cGGyNdC.exe
  2⤵
  PID:8932
- C:\Windows\System\avLumaC.exe
  C:\Windows\System\avLumaC.exe
  2⤵
  PID:9224
- C:\Windows\System\ZrXNZXq.exe
  C:\Windows\System\ZrXNZXq.exe
  2⤵
  PID:9236
- C:\Windows\System\zXvWiuk.exe
  C:\Windows\System\zXvWiuk.exe
  2⤵
  PID:9248
- C:\Windows\System\YEeADRM.exe
  C:\Windows\System\YEeADRM.exe
  2⤵
  PID:9260
- C:\Windows\System\BtQVzum.exe
  C:\Windows\System\BtQVzum.exe
  2⤵
  PID:9220
- C:\Windows\System\jCtcLaH.exe
  C:\Windows\System\jCtcLaH.exe
  2⤵
  PID:9348
- C:\Windows\System\DmIxMWA.exe
  C:\Windows\System\DmIxMWA.exe
  2⤵
  PID:9384
- C:\Windows\System\cdrBdMF.exe
  C:\Windows\System\cdrBdMF.exe
  2⤵
  PID:9368
- C:\Windows\System\SNuuCly.exe
  C:\Windows\System\SNuuCly.exe
  2⤵
  PID:9432
- C:\Windows\System\BbBQyin.exe
  C:\Windows\System\BbBQyin.exe
  2⤵
  PID:9464
- C:\Windows\System\KUPvxDS.exe
  C:\Windows\System\KUPvxDS.exe
  2⤵
  PID:9448
- C:\Windows\System\AVchLVo.exe
  C:\Windows\System\AVchLVo.exe
  2⤵
  PID:9508
- C:\Windows\System\ixIMchj.exe
  C:\Windows\System\ixIMchj.exe
  2⤵
  PID:9496
- C:\Windows\System\aBLVkdW.exe
  C:\Windows\System\aBLVkdW.exe
  2⤵
  PID:9624
- C:\Windows\System\zPQztYD.exe
  C:\Windows\System\zPQztYD.exe
  2⤵
  PID:9596
- C:\Windows\System\baGzugC.exe
  C:\Windows\System\baGzugC.exe
  2⤵
  PID:9640
- C:\Windows\System\jJrSHNk.exe
  C:\Windows\System\jJrSHNk.exe
  2⤵
  PID:9692
- C:\Windows\System\PxhzXXO.exe
  C:\Windows\System\PxhzXXO.exe
  2⤵
  PID:9676
- C:\Windows\System\gLbsIoH.exe
  C:\Windows\System\gLbsIoH.exe
  2⤵
  PID:9768
- C:\Windows\System\cLUqEMw.exe
  C:\Windows\System\cLUqEMw.exe
  2⤵
  PID:9784
- C:\Windows\System\LoGTeOr.exe
  C:\Windows\System\LoGTeOr.exe
  2⤵
  PID:9832
- C:\Windows\System\etxqIwM.exe
  C:\Windows\System\etxqIwM.exe
  2⤵
  PID:9816
- C:\Windows\System\nxDQMaV.exe
  C:\Windows\System\nxDQMaV.exe
  2⤵
  PID:9884
- C:\Windows\System\osmmUPX.exe
  C:\Windows\System\osmmUPX.exe
  2⤵
  PID:9928
- C:\Windows\System\yDgbPIO.exe
  C:\Windows\System\yDgbPIO.exe
  2⤵
  PID:9964
- C:\Windows\System\hTrRuIA.exe
  C:\Windows\System\hTrRuIA.exe
  2⤵
  PID:9976
- C:\Windows\System\SmNROiY.exe
  C:\Windows\System\SmNROiY.exe
  2⤵
  PID:10008
- C:\Windows\System\DiKafJT.exe
  C:\Windows\System\DiKafJT.exe
  2⤵
  PID:10024
- C:\Windows\System\luyalok.exe
  C:\Windows\System\luyalok.exe
  2⤵
  PID:10040
- C:\Windows\System\ioAJDIz.exe
  C:\Windows\System\ioAJDIz.exe
  2⤵
  PID:10076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DWnEYbP.exe

Filesize
6.0MB

MD5
d21a41bcdb2120719d30d31c18644860

SHA1
e6acef69a730e1643b818490f7787a4527afde1e

SHA256
fa83627a87b6227b3e6ec5ed644211bc416a17646b4a5d2f7d48d1b5337c1865

SHA512
19c15d0bd9063882a9e5916d1357716a243464f402fdb32ef7b068a4c5ff7d385a2e225f08f4be67b0a784305924ff4b770b52d469463888fb81296e293c4bf9

Download Submit
C:\Windows\system\Dqwiyxq.exe

Filesize
6.0MB

MD5
50df79b01df1b86df07fd26a8d3104c2

SHA1
62e242891642a0227bda55f3cd21c683966bae1d

SHA256
ac27b73395a2a3b8e3253603256959bbba45b75302e79bbd80313939342e552f

SHA512
ead74f8de5bb6ccdd6b0ae23dad26b79d0be2490eb02e625bae9a68979fb2baebbefdd58beea08a1b7787e59f96c5a8a4ae9552ea67c34da7180e6192b1e7127

Download Submit
C:\Windows\system\EyNCDjB.exe

Filesize
6.0MB

MD5
fb26dd3a143a8fd02dfdd37d9018a4e2

SHA1
84e9bf39611fcee496086ec59dfafc0df89f2cf2

SHA256
e88b05d55c497bee8d0654b814ce371c87315eb2999c3b4f96dd7d6ec10418eb

SHA512
a1d96d6552d90d861937440121d206e10eaed8ac34b245e81a69e8c6536dbb4cca759e8ba7c076499af666be24c8b8690922252f7f0b3f7be524b37c6ad4a6e1

Download Submit
C:\Windows\system\HNpPdcz.exe

Filesize
6.0MB

MD5
b4496a78b560b8ad500b6ca7c60ae594

SHA1
824f290769ab645ba777fafe57a4b24664d1f82c

SHA256
3b9f61972c0f7de75fb25e568b8ffa6fcdd860f621e89e53150accf2ffcc4381

SHA512
1a5464af6916143489a759f90d94383c461d16d67dc478cb3cb2f7c0f2a27cec274bc9d9dc557ac5dfebf122d32f3ed5e84cad292864fe83e4cb01b34478b573

Download Submit
C:\Windows\system\IIUEbot.exe

Filesize
6.0MB

MD5
654ef5e6273393a0a8a413d7efa56d2f

SHA1
25b6394564c079de25b241400f395e69100a7d83

SHA256
aa8f4849a7e85be725c296fb1b625b55654755a78b0b78f79830bf9f3dad8312

SHA512
52666ff18c30af97aa3f1b57b606f2c7ff90806518c077ba0ebb873dc735c736c1bc0fd8d69905753b3124973b715abfc8ee6e1c7f3e73e76ded3753604ebca0

Download Submit
C:\Windows\system\KCnyOeO.exe

Filesize
6.0MB

MD5
bd221e72e95867a0c147b027e24af9c9

SHA1
7688f3a768113777597afd5d0f4dc5c9ab23fba1

SHA256
c4a252b00acdd8f4c641b9ab9ecc5326696b2d270f80397a765d1ecc9c00f400

SHA512
03a8eab39f4c0295f9f4793d107d3fe1ff2216aa557d24b2a4295fe16125e2cc1833447bfd73cdcae703d39a5c0900dea082cddbc9d419f908fe0e7fdc903d03

Download Submit
C:\Windows\system\KukAyis.exe

Filesize
6.0MB

MD5
b3bb82d4c933f4600b8fc6008918b37f

SHA1
efdeca9d66de9081564d38ba61d3d11310ed71b2

SHA256
c3439d4f54cc55f8fbf47a6de571fa92fdc6332fe1b8f90d91603e2ab51640a6

SHA512
a255b051699e626699235c971f191cfc26260ff805ebf10699cd08974bde4e2f894a27b368d1d0cbccb8ec0c958bfd76c08505d0a646c495011e747b7f324440

Download Submit
C:\Windows\system\LYnUQFX.exe

Filesize
6.0MB

MD5
02dd7297bd76ae58b050ca608d3487ec

SHA1
68005ba23c72f0fda808d9f602adf7d72e66af7b

SHA256
5a98df8b3ab830dc7b277d77a3af475ad5f838f47f9cbf8f0b32062f9154d85f

SHA512
6198c8c88260d096b8502fe77d8f168292c14b8b7d3251e2dbe5b5ebe2ac0b3d2706af8d1675181bc6e11000d43a3ee7c5674958939389643adac21935f9ad42

Download Submit
C:\Windows\system\MHUPSDg.exe

Filesize
6.0MB

MD5
14c18a47723f31d65f39c630287b2e5c

SHA1
e45f8f92c061b3f4993b2239e13ad4923dea3202

SHA256
61cf8ded44146627645d1fa1c3f872d24d1893753f9092884c63aaac6ffd53eb

SHA512
443f378490ef8018d69c788a7cafe2e0572d4d5b75a93fa450eca9ed4a9a7cc8fa9725a0d8a863f3c5bdb6fe56e8dd23be81a7168bf3b370a3000f7ab75cec48

Download Submit
C:\Windows\system\NJThWZM.exe

Filesize
6.0MB

MD5
2c863d060917c3a76ade92617325da72

SHA1
d2858d87a52cbc8d48b4da7396118921cb90fab6

SHA256
9cd623e43fa667a1310c0dfbc0126a6a7407e8e66721a9109645aab463192413

SHA512
85c2d0256e913615b0dde63bb0fb6f59f5c809fdd591d5d55119638632f94321b1614e977c6f77d9273af24b7c83bd6a9b6024a6de65ec3e7c44d1258d252f1a

Download Submit
C:\Windows\system\NoKIith.exe

Filesize
6.0MB

MD5
6d320eaa4350aa62a9056e0e03bd2622

SHA1
a98bf3410290d9734be2d2d16139f28c855e4a99

SHA256
4c466fe7097af767f2eb999d8d04920784f0981fa932f46d146cf78534e4751e

SHA512
a12bdcfa0f17f74828d819b3aee33ea80bd6bebcf1b2ac2763d8ac6093b43b8325fe8bc8b039185c04d3496d3208a848fd3b829d97c71a99e4eb6bddf88d076f

Download Submit
C:\Windows\system\SDAsxYQ.exe

Filesize
6.0MB

MD5
eadc81ee40e6fc38d9332a06113b4ee9

SHA1
3c0fcb82160742e9bfd16b795778aa6315c04300

SHA256
beb54aaade22c9a9f8b7ccf231a2d8f5a80dcc967744b1605e234fc34e3b331d

SHA512
e9bf5e6fcbe2d0021f11a4d6c01ec7b3ed722819446c9ecc4a53c9428d4ee9e3bbc49cfc6036c69eeb65f9ba4413de3c607fc03ceb82d76a7f0f6a9060170376

Download Submit
C:\Windows\system\bbYFlAG.exe

Filesize
6.0MB

MD5
19913d423d837e102fef1857153c368a

SHA1
67a8c75129d4b54915f6a14b5bfddd79984ac9a4

SHA256
b919bb34922297190fcb66e0ce1f3e52f22444f3735e3ca9854659014f211a82

SHA512
c61baef8f6234e44a6c16ee7deadc9f024ff7604378fb018f6f8caf2ad0d846649e0b948a1c9a840f6a79d0f6b719efa01a228924c0056721e9fd5b7f9091bf8

Download Submit
C:\Windows\system\bqpjbcH.exe

Filesize
6.0MB

MD5
fe012355390bf10e9c0e8f0751c45de1

SHA1
1276fad58c8a51307cc123fa6d7ed19031fe9c79

SHA256
8d1ee0ba1b6ad62ef4ea147be01966930291505cbff70f5d12686c87622b8fbe

SHA512
5f18f06b704951db7a7b6bb6697d4666fd45f3dc52994d49ac856ee935d19c6512c5ac83713b09674431ca49f59971eefb05304b598fe1922a4d585defde5555

Download Submit
C:\Windows\system\eyTUTAl.exe

Filesize
6.0MB

MD5
511af5e6d54f7d673680140c2f5a5036

SHA1
3b6073292d2cce0c8cd64d77d79107c933a33781

SHA256
e057573b50fe7873fca808684ad61420ef70213ece86eeb4a5580995c4b8f06e

SHA512
13533d937611e2889a4655aec64837436134f565c9004c04656c52dbd0a9a2565c0629138783a9c9de919e433f0c0c600630d1190c111dedb9b2f4576432fbbe

Download Submit
C:\Windows\system\fONhGsq.exe

Filesize
6.0MB

MD5
43ef286981c0814594c31baeacc53c2f

SHA1
d4f1ee5d1989d43d46d5e339189692765bf9d139

SHA256
fa70669792e64489ff73c1744d82281e7c0eb37cf339149f0bf6b5cdbdc13f08

SHA512
810ee0195ebf5aeb4878bbe25b333de1d53e4ccdcc73d55288e6bcf68fe68cc74d86fb67129d4290160673a1b2738032a7de5e03ce2e51fb4a1e1d906088878c

Download Submit
C:\Windows\system\lDeZpgC.exe

Filesize
6.0MB

MD5
614742933966199c075206ad2ff980cd

SHA1
2ce00bccfd864dd3e4ef0edc7a6f4830bb80c65d

SHA256
d27f173c34732c030674f498eb308fcfe4c0e309e193af269352d9db1c63803e

SHA512
7ec6171e13ae3991e014182415c17e30d49cc764f5f56ec81db31ecdd1f31106ee75f1b96817b4bfe49319bcca02d3c6af2d9da0c05eb5ad8136a14f8a4e7851

Download Submit
C:\Windows\system\oNUUUSX.exe

Filesize
6.0MB

MD5
f52d1dc8828a89f9974726806629968a

SHA1
90430f1c59a6ca39b246b3c134b34b43ed384fd4

SHA256
e3eda90f62a4d43b94596685ba870dd44891941f3be49c162760fd8269c0604f

SHA512
dad70a10832c9f2cee3360646e3487d47d6e501b105988195100d23897ce2c423598e2d558b714e999024c11764050a581f7394215e3c345f0347a795a46ecd4

Download Submit
C:\Windows\system\oPXsyVi.exe

Filesize
6.0MB

MD5
f4f272b5254b57c549cbfbbee8b6383b

SHA1
10f0b716166b677d2eacafe510183e9b66bd21e8

SHA256
c777eba141b46ce5a210e0a4056ca7158b32e44394b64a647f5adf6ac37a3f4a

SHA512
15a96cafa9ae533d743f6994283a1cfbb1fb3136ae3000c63a46ed9d2a0ec06a342561ae45c7fe204f08d19e76c3730d54c490b1086c18af89642b62b2bd16e4

Download Submit
C:\Windows\system\qqxiznZ.exe

Filesize
6.0MB

MD5
04ff6a7096b166fb7fb57d49a787a6cc

SHA1
11559cc4835be99c2bb64de8032dde7d5e77ba6d

SHA256
787a74cace005a016aad45bc22c66900ef4ef0076c4b80e3cc622c5dd28c5dee

SHA512
2a3b3bbec462717af5a7a1731229334ff17852fb3cc5d289320ebdf5f810a634ddd9c1d1061aabd6fdc17ca80b28ccbda261b4970fa68ae7185a1205dcdb31e8

Download Submit
C:\Windows\system\rnBdNue.exe

Filesize
6.0MB

MD5
44d6061f44182d31f4f97a94970e70f5

SHA1
96d72b592505a457ec3c6e952c2e17640f07eeda

SHA256
45c77f39028657d1b1bd9a775342dff5714a28324a138b375a091069ac2f680e

SHA512
a33b7e3e0d464a3e2ee1121d90fb6a5713c72a98c40813d64722403c528f00c72db4e1f0b0b3e1b2c6ff96ef514adf0259e589e321a066c341c7ba5868174556

Download Submit
C:\Windows\system\wKqzoWd.exe

Filesize
6.0MB

MD5
410aff62332d05b11f54cb78d53dad54

SHA1
277a5ddc68bf517ef6d788ad546d80377db25ac0

SHA256
c88bd093855d9cdbec99161ffe679c819baad2a30f921380600841c5f6408e82

SHA512
6bd075f9236d25eea6f0ef6f4788591b4d6f0432397ecfbc52d645b8640851bdde4440015c4216233269cad40e50a6e4ba9a5e13ec86c7bdca2e3468bf6cd1b9

Download Submit
C:\Windows\system\ywBaPJD.exe

Filesize
6.0MB

MD5
662be8c7d2796f8fbb30743dc1f6f026

SHA1
3b95644d7b3243cd814d6bf03eb6f4acc4ae7899

SHA256
39c7e7a982e759d063a31ef6ecc1196f65b7fd8f6859c6ff596e9114ec0f147b

SHA512
b2cfc4719ed8c536151d2d1b1bff0c353795c67a1c240d477f4592df0f2d5019bbf3312328fad062b82c6972d687aa3a507dcfe0f2c0485cd948afab4938b215

Download Submit
C:\Windows\system\zmGQOkd.exe

Filesize
6.0MB

MD5
0f02ead61cbb5f980b290d5abf6d2004

SHA1
d7989c5255d110fe4c498f688ba658d892b78e75

SHA256
e89ea0cd51c7d7f585d2f5d67f1471f4bcf7df98168291a5973d7482e7e0be83

SHA512
1124b9a034aac8719740b1a89a435fc1452546ec5bf004e3f627ed56ba3f82765f4bc075c7db1f6cc90b172aecf7bcc2d1ec897e5af387958b7b3d11f9b004ee

Download Submit
C:\Windows\system\zwUoQUP.exe

Filesize
6.0MB

MD5
34022dd1c4bdcfdb77ff0b1233e22195

SHA1
a2ddfd5da30a0691029651388f6bca7f103a2703

SHA256
f8d6ed5c41a7f254ddf77bf0c8d7bce72571448e7968327081201d4385cf1167

SHA512
ef6631a29f0f771616e12540a7e860a643b0fb7aa0d49e7ca93458089b33913415b7bac871bf04287c1abd3ce96961564c828a6fef409ffb55cc787dfcc86355

Download Submit
\Windows\system\FMYNisN.exe

Filesize
6.0MB

MD5
1c4aec530a15127da520703aff7ea256

SHA1
3754c90a0be5ddab2514d0eb8b9fa77cb6d62846

SHA256
3a123cadfe1dce9ea2e3d1c569f43876fc015c43cc1e6068bad3a43e969a9f1e

SHA512
6e981e15a2ec70cdff0bb2a26cd58904093118c9e9d96e0e3903b4a386cc68bfffdaed31144b07b4add5915b0f4e40b288e4b246f6f529db5e4e4271560bb8b8

Download Submit
\Windows\system\VNyFtPf.exe

Filesize
6.0MB

MD5
2f5600f99fab4b471cee9f37eb7bf236

SHA1
dc897fe5fc137099ef9ad80443e4b3d7c36cd92b

SHA256
a15164a42f48848dec0dccd180182378d03163a0e3627defec0fe3fea018f167

SHA512
998d1e3ae76ffc9a9b982a7111b776f75f624615d780b9ff48f8c2b3aa54e32aa27d9ffe9e08b5fa05b7d9456cd21e8a71d99c01f74e385ca18e8ff11279e4a7

Download Submit
\Windows\system\mfuKDwo.exe

Filesize
6.0MB

MD5
e336ed2f8baf2cc4a4ec9b8c6a16e6fd

SHA1
71bc5a5b25da45f41d4df8bbbbfb9a530617f284

SHA256
c6f2debc112e4d8cb36a71b2b46f696e1ce6d2a692fad55b7b02e809b88bd0c7

SHA512
4fcffcd562d6070146694bb3e5f26702e27cf78459e096771bff120cf24e90dbe178b8647533f656f4ed41cc4a2ff4ce0fb832d290dfae2681e4fb579b993a91

Download Submit
\Windows\system\odyINnN.exe

Filesize
6.0MB

MD5
d1ce0e6050bd6e29c637236c254de5a2

SHA1
6facba441fb9e798eac02d663e0c99f665d22082

SHA256
b07985b80cc9d81472d203cf9c1f2625c2ab2012f1b86fc4fb106133c783227b

SHA512
a8be5ccb931fd5deef3ff9b2638f915b511a4c247edc97a65a5b765550f239418b540f6a7f730fab5a46f1b236f43317bd551a2e921962b3c46718be7ad557b2

Download Submit
\Windows\system\pIovhjY.exe

Filesize
6.0MB

MD5
d6038a6647ea3e6d570ce01d4dfc7633

SHA1
5625551154fa4b7a1927b02e13e5acc1ed2e1404

SHA256
5490e770f4cc1b92c1dbfc07f404f3b86139629992164118a9958f25f0fff971

SHA512
1e30caeb21b69f277996cdf73b0ad95dfc39dcef05cb1e6df0b96a4d8f8cbabb49ed702db85a0939744a139e1619c74c6e29116f3f8def9ea424cd8c5e94d85f

Download Submit
\Windows\system\uFUHOzB.exe

Filesize
6.0MB

MD5
5aafaba46876ecef2f231c1c4373ca79

SHA1
25995d8998f15e97fbf6f4758e0496b7ec5c1ec1

SHA256
1c966b0f704c6e5312b66f9c3169c14a77c52210e9602aa122c7ccbfcb49e94f

SHA512
12a1d2acfcc03b79a1e42a2fd0e281277e73d2e57710b000a6a86da741aec8d35e26a929f35bf0ce5dc4469af4bb4e96e6fba1519f51d0bd37edf0da3f0a3f6b

Download Submit
\Windows\system\vdrgoOr.exe

Filesize
6.0MB

MD5
7a77e50918464874ba06ccba7a36f087

SHA1
1eae288a46f87c16e479474e7fc66ed3032d037d

SHA256
a11cf4898a887fecff70b81cc32126c08a6c4f34c52d9943decbd48bc18ab0fb

SHA512
c619b7dbf9f720805ea6d2ecf42a06d3308252b977c4410445cd250850fc70d9e608d908596517d21f2a4cbeb51be5d312586312a7e7e21880f9bdf6b8ba9c4c

Download Submit
memory/336-192-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/336-1818-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/336-47-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/584-62-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/584-63-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/584-380-0x0000000002570000-0x00000000028C4000-memory.dmp

Filesize
3.3MB

Download
memory/584-90-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/584-697-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/584-84-0x0000000002570000-0x00000000028C4000-memory.dmp

Filesize
3.3MB

Download
memory/584-598-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/584-0-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/584-64-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/584-89-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/584-95-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/584-59-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/584-51-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/584-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/584-34-0x0000000002570000-0x00000000028C4000-memory.dmp

Filesize
3.3MB

Download
memory/584-105-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/584-17-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/584-28-0x0000000002570000-0x00000000028C4000-memory.dmp

Filesize
3.3MB

Download
memory/584-20-0x0000000002570000-0x00000000028C4000-memory.dmp

Filesize
3.3MB

Download
memory/1244-523-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1244-94-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1244-2001-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-106-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/1692-2012-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/1716-1951-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1716-87-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2000-1819-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2000-65-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2000-377-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2324-22-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-1668-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-88-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2452-2108-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2560-1828-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2560-29-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2652-1898-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-86-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-85-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-1931-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-61-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2756-262-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1820-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2848-19-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-96-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-1742-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-167-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2880-1823-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2880-35-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2940-21-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2940-1671-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download