cobaltstrike | 6a6586c9da13eb3588130d69cb1aed76c27f6e39d9e7abfb09b4a6773eaf5868

Analysis

max time kernel
150s
max time network
21s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
10-12-2024 11:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0facf545defef576385df7b483cb0ef2
SHA1

3d99bf36c15be54b2227d0f67f85eb334a3ed509
SHA256

6a6586c9da13eb3588130d69cb1aed76c27f6e39d9e7abfb09b4a6773eaf5868
SHA512

19ee2b4f6d28dfdc0437e8c3e86c42c997e19b57af48989a72a017dd246ce9a1841f18716147edb78e440ff99a881df47cd9c418c2d1838b9511999b7457f8e7
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUY:T+q56utgpPF8u/7Y

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fd-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019608-10.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001960a-20.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001961c-22.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000196a1-36.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019667-34.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d9-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e2-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e8-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4f1-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4f7-198.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ef-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ed-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4eb-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e6-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e4-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e0-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4db-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d7-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4de-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d5-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d3-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d1-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cf-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cd-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cb-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c9-87.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c7-79.dat	cobalt_reflective_dll
behavioral1/files/0x002e000000019604-72.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019c3c-64.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019c34-56.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019926-49.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1096-0-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-3.dat	xmrig
behavioral1/files/0x0007000000019608-10.dat	xmrig
behavioral1/files/0x000700000001960a-20.dat	xmrig
behavioral1/memory/2836-21-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2104-15-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x000700000001961c-22.dat	xmrig
behavioral1/memory/2956-29-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/1476-12-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/files/0x00060000000196a1-36.dat	xmrig
behavioral1/memory/1096-40-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2224-35-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019667-34.dat	xmrig
behavioral1/memory/2836-57-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2820-58-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2224-73-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2736-106-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4d9-139.dat	xmrig
behavioral1/files/0x000500000001a4e2-158.dat	xmrig
behavioral1/files/0x000500000001a4e8-174.dat	xmrig
behavioral1/memory/2684-756-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/404-602-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/1700-428-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/1556-266-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2748-207-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4f1-194.dat	xmrig
behavioral1/files/0x000500000001a4f7-198.dat	xmrig
behavioral1/files/0x000500000001a4ef-188.dat	xmrig
behavioral1/files/0x000500000001a4ed-184.dat	xmrig
behavioral1/files/0x000500000001a4eb-178.dat	xmrig
behavioral1/files/0x000500000001a4e6-168.dat	xmrig
behavioral1/files/0x000500000001a4e4-164.dat	xmrig
behavioral1/files/0x000500000001a4e0-154.dat	xmrig
behavioral1/files/0x000500000001a4db-143.dat	xmrig
behavioral1/files/0x000500000001a4d7-133.dat	xmrig
behavioral1/files/0x000500000001a4de-148.dat	xmrig
behavioral1/files/0x000500000001a4d5-129.dat	xmrig
behavioral1/files/0x000500000001a4d3-123.dat	xmrig
behavioral1/files/0x000500000001a4d1-119.dat	xmrig
behavioral1/files/0x000500000001a4cf-113.dat	xmrig
behavioral1/memory/2684-107-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4cd-105.dat	xmrig
behavioral1/memory/404-97-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2820-96-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4cb-95.dat	xmrig
behavioral1/memory/1700-89-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2072-88-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4c9-87.dat	xmrig
behavioral1/memory/1556-81-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/3032-80-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4c7-79.dat	xmrig
behavioral1/memory/2748-74-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x002e000000019604-72.dat	xmrig
behavioral1/memory/2736-66-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2956-65-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x0008000000019c3c-64.dat	xmrig
behavioral1/files/0x0008000000019c34-56.dat	xmrig
behavioral1/memory/2072-50-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019926-49.dat	xmrig
behavioral1/memory/1476-46-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/3032-41-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2104-3372-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/3032-3394-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2224-3412-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1476	DJzcGVJ.exe
2104	XtzLfZr.exe
2836	NcvXoHH.exe
2956	VTpWyds.exe
2224	OkeGTNp.exe
3032	eyBefTA.exe
2072	HkROQTB.exe
2820	cOSUDRE.exe
2736	BETpyPB.exe
2748	ICwpaet.exe
1556	ZDYboIU.exe
1700	irydjut.exe
404	NcftEvW.exe
2684	RrdlghT.exe
2912	emaDdFi.exe
1496	HoNWdmx.exe
2280	uNCGwBJ.exe
2136	nqAiXUT.exe
2524	qkeYaGd.exe
1924	tCWPZyZ.exe
1288	iCULxkw.exe
1656	qUsWWvY.exe
1660	rbbnlOb.exe
2372	QzhqFsI.exe
2396	TdHiSxE.exe
2776	OUJxkfQ.exe
1628	fLdtUGf.exe
2452	xbwSPLw.exe
924	POxTDFv.exe
800	JajOFNl.exe
1740	buMXhpL.exe
1616	wdXhVnu.exe
2572	kZDqcdf.exe
2296	tiAdLGf.exe
2152	lDCFLhT.exe
1664	jZDySdO.exe
2040	qrPqOdS.exe
1864	kiYCaqy.exe
1588	zWyNxmK.exe
1112	vFJqWpo.exe
2456	jwpxnPB.exe
2320	tDcvQJA.exe
376	qJxJuEj.exe
2052	zDJoMmS.exe
336	lRTPLDm.exe
1056	fzbHbvp.exe
676	hGGRWLU.exe
1504	MEANdgt.exe
1584	EziEagW.exe
576	NGoPNgm.exe
2816	QrQCdSq.exe
2984	ZqYgzGb.exe
3020	ooOyRsB.exe
2708	mmSWBxl.exe
2700	XENSoVB.exe
1352	siXjrAU.exe
2476	rFkwkmg.exe
636	PjFdtRf.exe
2340	waqRpBy.exe
2948	FfCsRbQ.exe
2540	wStFdlX.exe
2184	TEyjrDV.exe
2408	UrzmqBw.exe
1848	SjOWdhb.exe

Loads dropped DLL 64 IoCs

pid	Process
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1096-0-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-3.dat	upx
behavioral1/files/0x0007000000019608-10.dat	upx
behavioral1/files/0x000700000001960a-20.dat	upx
behavioral1/memory/2836-21-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2104-15-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x000700000001961c-22.dat	upx
behavioral1/memory/2956-29-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/1476-12-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/files/0x00060000000196a1-36.dat	upx
behavioral1/memory/1096-40-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2224-35-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x0006000000019667-34.dat	upx
behavioral1/memory/2836-57-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2820-58-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2224-73-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2736-106-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x000500000001a4d9-139.dat	upx
behavioral1/files/0x000500000001a4e2-158.dat	upx
behavioral1/files/0x000500000001a4e8-174.dat	upx
behavioral1/memory/2684-756-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/404-602-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/1700-428-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/1556-266-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2748-207-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x000500000001a4f1-194.dat	upx
behavioral1/files/0x000500000001a4f7-198.dat	upx
behavioral1/files/0x000500000001a4ef-188.dat	upx
behavioral1/files/0x000500000001a4ed-184.dat	upx
behavioral1/files/0x000500000001a4eb-178.dat	upx
behavioral1/files/0x000500000001a4e6-168.dat	upx
behavioral1/files/0x000500000001a4e4-164.dat	upx
behavioral1/files/0x000500000001a4e0-154.dat	upx
behavioral1/files/0x000500000001a4db-143.dat	upx
behavioral1/files/0x000500000001a4d7-133.dat	upx
behavioral1/files/0x000500000001a4de-148.dat	upx
behavioral1/files/0x000500000001a4d5-129.dat	upx
behavioral1/files/0x000500000001a4d3-123.dat	upx
behavioral1/files/0x000500000001a4d1-119.dat	upx
behavioral1/files/0x000500000001a4cf-113.dat	upx
behavioral1/memory/2684-107-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x000500000001a4cd-105.dat	upx
behavioral1/memory/404-97-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2820-96-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x000500000001a4cb-95.dat	upx
behavioral1/memory/1700-89-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2072-88-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x000500000001a4c9-87.dat	upx
behavioral1/memory/1556-81-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/3032-80-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x000500000001a4c7-79.dat	upx
behavioral1/memory/2748-74-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x002e000000019604-72.dat	upx
behavioral1/memory/2736-66-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2956-65-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x0008000000019c3c-64.dat	upx
behavioral1/files/0x0008000000019c34-56.dat	upx
behavioral1/memory/2072-50-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x0006000000019926-49.dat	upx
behavioral1/memory/1476-46-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/3032-41-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2104-3372-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/3032-3394-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2224-3412-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\THxyTHo.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UIbQJqJ.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KYIUjUv.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xcZaupy.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XEtWtVh.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IFiUXKW.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OgoBQTJ.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CedPdaJ.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sOsFQOs.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOQfcOD.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aHInoxX.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zDXUVih.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMwATWp.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AlPbjAb.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\piYaTYq.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sXgcMuw.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xVwKYnc.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ufQngLO.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYFEsUG.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HZvEyyy.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CvDqxbW.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ctzqPUf.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DtTfYUQ.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSLHpwx.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lwjbgdO.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bsafxxX.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SmWfaMB.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gwUmyzP.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AmWnoJy.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fjgKymi.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QPYNswz.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LumRenY.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TLEbQao.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cWTQEQg.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WrWAznp.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JcLYSBh.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UQIcPjV.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ojqnkrm.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zvjLXPK.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\koClGrz.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bOQQRNO.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QolBaHd.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtvWMgT.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vhDkuSv.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mYQHWZd.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QsfMtQq.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EnElkeO.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VuPOUri.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wLsEOmG.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JdGveeI.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LdChjgA.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qDLWnsz.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RDmJEkU.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMLNFen.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KaexsHN.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjWjKgy.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zssibLo.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KSnsTsK.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KvGujgG.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SAmNZAi.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GaRTVDx.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jnQgXGY.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HkjUmSf.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TUYeMeZ.exe	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 1476	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1096 wrote to memory of 1476	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1096 wrote to memory of 1476	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1096 wrote to memory of 2104	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1096 wrote to memory of 2104	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1096 wrote to memory of 2104	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1096 wrote to memory of 2836	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1096 wrote to memory of 2836	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1096 wrote to memory of 2836	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1096 wrote to memory of 2956	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1096 wrote to memory of 2956	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1096 wrote to memory of 2956	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1096 wrote to memory of 2224	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1096 wrote to memory of 2224	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1096 wrote to memory of 2224	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1096 wrote to memory of 3032	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1096 wrote to memory of 3032	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1096 wrote to memory of 3032	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1096 wrote to memory of 2072	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1096 wrote to memory of 2072	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1096 wrote to memory of 2072	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1096 wrote to memory of 2820	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1096 wrote to memory of 2820	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1096 wrote to memory of 2820	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1096 wrote to memory of 2736	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1096 wrote to memory of 2736	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1096 wrote to memory of 2736	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1096 wrote to memory of 2748	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1096 wrote to memory of 2748	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1096 wrote to memory of 2748	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1096 wrote to memory of 1556	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1096 wrote to memory of 1556	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1096 wrote to memory of 1556	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1096 wrote to memory of 1700	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1096 wrote to memory of 1700	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1096 wrote to memory of 1700	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1096 wrote to memory of 404	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1096 wrote to memory of 404	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1096 wrote to memory of 404	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1096 wrote to memory of 2684	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1096 wrote to memory of 2684	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1096 wrote to memory of 2684	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1096 wrote to memory of 2912	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1096 wrote to memory of 2912	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1096 wrote to memory of 2912	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1096 wrote to memory of 1496	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1096 wrote to memory of 1496	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1096 wrote to memory of 1496	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1096 wrote to memory of 2280	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1096 wrote to memory of 2280	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1096 wrote to memory of 2280	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1096 wrote to memory of 2136	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1096 wrote to memory of 2136	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1096 wrote to memory of 2136	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1096 wrote to memory of 2524	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1096 wrote to memory of 2524	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1096 wrote to memory of 2524	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1096 wrote to memory of 1924	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1096 wrote to memory of 1924	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1096 wrote to memory of 1924	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1096 wrote to memory of 1288	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1096 wrote to memory of 1288	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1096 wrote to memory of 1288	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1096 wrote to memory of 1656	1096	2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-10_0facf545defef576385df7b483cb0ef2_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Windows\System\DJzcGVJ.exe
  C:\Windows\System\DJzcGVJ.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\XtzLfZr.exe
  C:\Windows\System\XtzLfZr.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\NcvXoHH.exe
  C:\Windows\System\NcvXoHH.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\VTpWyds.exe
  C:\Windows\System\VTpWyds.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\OkeGTNp.exe
  C:\Windows\System\OkeGTNp.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\eyBefTA.exe
  C:\Windows\System\eyBefTA.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\HkROQTB.exe
  C:\Windows\System\HkROQTB.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\cOSUDRE.exe
  C:\Windows\System\cOSUDRE.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\BETpyPB.exe
  C:\Windows\System\BETpyPB.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\ICwpaet.exe
  C:\Windows\System\ICwpaet.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\ZDYboIU.exe
  C:\Windows\System\ZDYboIU.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\irydjut.exe
  C:\Windows\System\irydjut.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\NcftEvW.exe
  C:\Windows\System\NcftEvW.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\RrdlghT.exe
  C:\Windows\System\RrdlghT.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\emaDdFi.exe
  C:\Windows\System\emaDdFi.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\HoNWdmx.exe
  C:\Windows\System\HoNWdmx.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\uNCGwBJ.exe
  C:\Windows\System\uNCGwBJ.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\nqAiXUT.exe
  C:\Windows\System\nqAiXUT.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\qkeYaGd.exe
  C:\Windows\System\qkeYaGd.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\tCWPZyZ.exe
  C:\Windows\System\tCWPZyZ.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\iCULxkw.exe
  C:\Windows\System\iCULxkw.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\qUsWWvY.exe
  C:\Windows\System\qUsWWvY.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\rbbnlOb.exe
  C:\Windows\System\rbbnlOb.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\QzhqFsI.exe
  C:\Windows\System\QzhqFsI.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\TdHiSxE.exe
  C:\Windows\System\TdHiSxE.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\OUJxkfQ.exe
  C:\Windows\System\OUJxkfQ.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\fLdtUGf.exe
  C:\Windows\System\fLdtUGf.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\xbwSPLw.exe
  C:\Windows\System\xbwSPLw.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\POxTDFv.exe
  C:\Windows\System\POxTDFv.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\JajOFNl.exe
  C:\Windows\System\JajOFNl.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\buMXhpL.exe
  C:\Windows\System\buMXhpL.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\wdXhVnu.exe
  C:\Windows\System\wdXhVnu.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\kZDqcdf.exe
  C:\Windows\System\kZDqcdf.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\tiAdLGf.exe
  C:\Windows\System\tiAdLGf.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\lDCFLhT.exe
  C:\Windows\System\lDCFLhT.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\jZDySdO.exe
  C:\Windows\System\jZDySdO.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\qrPqOdS.exe
  C:\Windows\System\qrPqOdS.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\kiYCaqy.exe
  C:\Windows\System\kiYCaqy.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\zWyNxmK.exe
  C:\Windows\System\zWyNxmK.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\vFJqWpo.exe
  C:\Windows\System\vFJqWpo.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\jwpxnPB.exe
  C:\Windows\System\jwpxnPB.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\tDcvQJA.exe
  C:\Windows\System\tDcvQJA.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\qJxJuEj.exe
  C:\Windows\System\qJxJuEj.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\zDJoMmS.exe
  C:\Windows\System\zDJoMmS.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\lRTPLDm.exe
  C:\Windows\System\lRTPLDm.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\fzbHbvp.exe
  C:\Windows\System\fzbHbvp.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\hGGRWLU.exe
  C:\Windows\System\hGGRWLU.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\MEANdgt.exe
  C:\Windows\System\MEANdgt.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\EziEagW.exe
  C:\Windows\System\EziEagW.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\NGoPNgm.exe
  C:\Windows\System\NGoPNgm.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\QrQCdSq.exe
  C:\Windows\System\QrQCdSq.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\ZqYgzGb.exe
  C:\Windows\System\ZqYgzGb.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\ooOyRsB.exe
  C:\Windows\System\ooOyRsB.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\mmSWBxl.exe
  C:\Windows\System\mmSWBxl.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\XENSoVB.exe
  C:\Windows\System\XENSoVB.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\siXjrAU.exe
  C:\Windows\System\siXjrAU.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\rFkwkmg.exe
  C:\Windows\System\rFkwkmg.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\PjFdtRf.exe
  C:\Windows\System\PjFdtRf.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\waqRpBy.exe
  C:\Windows\System\waqRpBy.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\FfCsRbQ.exe
  C:\Windows\System\FfCsRbQ.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\wStFdlX.exe
  C:\Windows\System\wStFdlX.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\TEyjrDV.exe
  C:\Windows\System\TEyjrDV.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\UrzmqBw.exe
  C:\Windows\System\UrzmqBw.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\SjOWdhb.exe
  C:\Windows\System\SjOWdhb.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\aCDxUcr.exe
  C:\Windows\System\aCDxUcr.exe
  2⤵
  PID:2160
- C:\Windows\System\JzYflrm.exe
  C:\Windows\System\JzYflrm.exe
  2⤵
  PID:1608
- C:\Windows\System\ghriZpL.exe
  C:\Windows\System\ghriZpL.exe
  2⤵
  PID:2444
- C:\Windows\System\VDMHZxc.exe
  C:\Windows\System\VDMHZxc.exe
  2⤵
  PID:692
- C:\Windows\System\LPfFHOh.exe
  C:\Windows\System\LPfFHOh.exe
  2⤵
  PID:864
- C:\Windows\System\IjmjbLD.exe
  C:\Windows\System\IjmjbLD.exe
  2⤵
  PID:1160
- C:\Windows\System\OnkQqrJ.exe
  C:\Windows\System\OnkQqrJ.exe
  2⤵
  PID:1676
- C:\Windows\System\iCiRWMe.exe
  C:\Windows\System\iCiRWMe.exe
  2⤵
  PID:1868
- C:\Windows\System\fVmayze.exe
  C:\Windows\System\fVmayze.exe
  2⤵
  PID:2352
- C:\Windows\System\AZkRZiL.exe
  C:\Windows\System\AZkRZiL.exe
  2⤵
  PID:1552
- C:\Windows\System\rxVeCUk.exe
  C:\Windows\System\rxVeCUk.exe
  2⤵
  PID:1896
- C:\Windows\System\IXiyqDM.exe
  C:\Windows\System\IXiyqDM.exe
  2⤵
  PID:1972
- C:\Windows\System\oQXhEVB.exe
  C:\Windows\System\oQXhEVB.exe
  2⤵
  PID:1240
- C:\Windows\System\SEMmtBk.exe
  C:\Windows\System\SEMmtBk.exe
  2⤵
  PID:2080
- C:\Windows\System\TsujWKv.exe
  C:\Windows\System\TsujWKv.exe
  2⤵
  PID:1548
- C:\Windows\System\XIHBYMe.exe
  C:\Windows\System\XIHBYMe.exe
  2⤵
  PID:2892
- C:\Windows\System\SzJMMAD.exe
  C:\Windows\System\SzJMMAD.exe
  2⤵
  PID:2220
- C:\Windows\System\kMlCYcP.exe
  C:\Windows\System\kMlCYcP.exe
  2⤵
  PID:3012
- C:\Windows\System\enMZkVw.exe
  C:\Windows\System\enMZkVw.exe
  2⤵
  PID:2236
- C:\Windows\System\llGQAce.exe
  C:\Windows\System\llGQAce.exe
  2⤵
  PID:2468
- C:\Windows\System\klXdwWD.exe
  C:\Windows\System\klXdwWD.exe
  2⤵
  PID:3048
- C:\Windows\System\WLxcsnr.exe
  C:\Windows\System\WLxcsnr.exe
  2⤵
  PID:2304
- C:\Windows\System\BCfHlkI.exe
  C:\Windows\System\BCfHlkI.exe
  2⤵
  PID:1144
- C:\Windows\System\BYYLXBn.exe
  C:\Windows\System\BYYLXBn.exe
  2⤵
  PID:844
- C:\Windows\System\IBGyeuS.exe
  C:\Windows\System\IBGyeuS.exe
  2⤵
  PID:696
- C:\Windows\System\qlCSSPA.exe
  C:\Windows\System\qlCSSPA.exe
  2⤵
  PID:2636
- C:\Windows\System\ACDBKmJ.exe
  C:\Windows\System\ACDBKmJ.exe
  2⤵
  PID:1512
- C:\Windows\System\mhgeFYc.exe
  C:\Windows\System\mhgeFYc.exe
  2⤵
  PID:2376
- C:\Windows\System\pGxojJD.exe
  C:\Windows\System\pGxojJD.exe
  2⤵
  PID:1704
- C:\Windows\System\JtudBfO.exe
  C:\Windows\System\JtudBfO.exe
  2⤵
  PID:1188
- C:\Windows\System\mhcCBNk.exe
  C:\Windows\System\mhcCBNk.exe
  2⤵
  PID:1720
- C:\Windows\System\JQLmaTG.exe
  C:\Windows\System\JQLmaTG.exe
  2⤵
  PID:548
- C:\Windows\System\FbIcNiv.exe
  C:\Windows\System\FbIcNiv.exe
  2⤵
  PID:1900
- C:\Windows\System\fibMhPN.exe
  C:\Windows\System\fibMhPN.exe
  2⤵
  PID:1488
- C:\Windows\System\zpgPsKS.exe
  C:\Windows\System\zpgPsKS.exe
  2⤵
  PID:2920
- C:\Windows\System\FRwwgLg.exe
  C:\Windows\System\FRwwgLg.exe
  2⤵
  PID:2176
- C:\Windows\System\siUNILX.exe
  C:\Windows\System\siUNILX.exe
  2⤵
  PID:3080
- C:\Windows\System\NteIpHK.exe
  C:\Windows\System\NteIpHK.exe
  2⤵
  PID:3100
- C:\Windows\System\Swkijra.exe
  C:\Windows\System\Swkijra.exe
  2⤵
  PID:3120
- C:\Windows\System\JErGyqu.exe
  C:\Windows\System\JErGyqu.exe
  2⤵
  PID:3136
- C:\Windows\System\NYaNYYq.exe
  C:\Windows\System\NYaNYYq.exe
  2⤵
  PID:3160
- C:\Windows\System\qrcroTL.exe
  C:\Windows\System\qrcroTL.exe
  2⤵
  PID:3180
- C:\Windows\System\xjqxzpI.exe
  C:\Windows\System\xjqxzpI.exe
  2⤵
  PID:3200
- C:\Windows\System\tWrUYnN.exe
  C:\Windows\System\tWrUYnN.exe
  2⤵
  PID:3224
- C:\Windows\System\cWxzElU.exe
  C:\Windows\System\cWxzElU.exe
  2⤵
  PID:3244
- C:\Windows\System\gfwCBfa.exe
  C:\Windows\System\gfwCBfa.exe
  2⤵
  PID:3264
- C:\Windows\System\EFjPnaf.exe
  C:\Windows\System\EFjPnaf.exe
  2⤵
  PID:3284
- C:\Windows\System\FkOgjIH.exe
  C:\Windows\System\FkOgjIH.exe
  2⤵
  PID:3304
- C:\Windows\System\QOOvWpC.exe
  C:\Windows\System\QOOvWpC.exe
  2⤵
  PID:3324
- C:\Windows\System\RSDKbMJ.exe
  C:\Windows\System\RSDKbMJ.exe
  2⤵
  PID:3344
- C:\Windows\System\TcJuTUn.exe
  C:\Windows\System\TcJuTUn.exe
  2⤵
  PID:3364
- C:\Windows\System\AWaXeSq.exe
  C:\Windows\System\AWaXeSq.exe
  2⤵
  PID:3384
- C:\Windows\System\fSdEZfN.exe
  C:\Windows\System\fSdEZfN.exe
  2⤵
  PID:3408
- C:\Windows\System\FarKbyh.exe
  C:\Windows\System\FarKbyh.exe
  2⤵
  PID:3428
- C:\Windows\System\JJUmaPW.exe
  C:\Windows\System\JJUmaPW.exe
  2⤵
  PID:3448
- C:\Windows\System\wNcWKAx.exe
  C:\Windows\System\wNcWKAx.exe
  2⤵
  PID:3468
- C:\Windows\System\ZwaHhsJ.exe
  C:\Windows\System\ZwaHhsJ.exe
  2⤵
  PID:3488
- C:\Windows\System\UotaZeE.exe
  C:\Windows\System\UotaZeE.exe
  2⤵
  PID:3508
- C:\Windows\System\vFPxfSU.exe
  C:\Windows\System\vFPxfSU.exe
  2⤵
  PID:3528
- C:\Windows\System\JshLctQ.exe
  C:\Windows\System\JshLctQ.exe
  2⤵
  PID:3548
- C:\Windows\System\xnuMJNB.exe
  C:\Windows\System\xnuMJNB.exe
  2⤵
  PID:3568
- C:\Windows\System\XSXmRFS.exe
  C:\Windows\System\XSXmRFS.exe
  2⤵
  PID:3584
- C:\Windows\System\dMLmOoP.exe
  C:\Windows\System\dMLmOoP.exe
  2⤵
  PID:3604
- C:\Windows\System\dOygNKw.exe
  C:\Windows\System\dOygNKw.exe
  2⤵
  PID:3624
- C:\Windows\System\tZwYUCp.exe
  C:\Windows\System\tZwYUCp.exe
  2⤵
  PID:3644
- C:\Windows\System\ikdYDnI.exe
  C:\Windows\System\ikdYDnI.exe
  2⤵
  PID:3668
- C:\Windows\System\ppTuqtA.exe
  C:\Windows\System\ppTuqtA.exe
  2⤵
  PID:3688
- C:\Windows\System\GghDecj.exe
  C:\Windows\System\GghDecj.exe
  2⤵
  PID:3708
- C:\Windows\System\WTzgvNX.exe
  C:\Windows\System\WTzgvNX.exe
  2⤵
  PID:3728
- C:\Windows\System\yrxXuzV.exe
  C:\Windows\System\yrxXuzV.exe
  2⤵
  PID:3748
- C:\Windows\System\OlxdhQp.exe
  C:\Windows\System\OlxdhQp.exe
  2⤵
  PID:3768
- C:\Windows\System\PzZDqEy.exe
  C:\Windows\System\PzZDqEy.exe
  2⤵
  PID:3788
- C:\Windows\System\mxSqxwe.exe
  C:\Windows\System\mxSqxwe.exe
  2⤵
  PID:3812
- C:\Windows\System\zAklLqQ.exe
  C:\Windows\System\zAklLqQ.exe
  2⤵
  PID:3832
- C:\Windows\System\UPdqCDu.exe
  C:\Windows\System\UPdqCDu.exe
  2⤵
  PID:3852
- C:\Windows\System\WQzCnUY.exe
  C:\Windows\System\WQzCnUY.exe
  2⤵
  PID:3868
- C:\Windows\System\hXyvGWn.exe
  C:\Windows\System\hXyvGWn.exe
  2⤵
  PID:3892
- C:\Windows\System\UPslcac.exe
  C:\Windows\System\UPslcac.exe
  2⤵
  PID:3912
- C:\Windows\System\hsczSKL.exe
  C:\Windows\System\hsczSKL.exe
  2⤵
  PID:3932
- C:\Windows\System\acsMIVF.exe
  C:\Windows\System\acsMIVF.exe
  2⤵
  PID:3952
- C:\Windows\System\sQPprbx.exe
  C:\Windows\System\sQPprbx.exe
  2⤵
  PID:3972
- C:\Windows\System\zhOnWDd.exe
  C:\Windows\System\zhOnWDd.exe
  2⤵
  PID:3992
- C:\Windows\System\vCeczic.exe
  C:\Windows\System\vCeczic.exe
  2⤵
  PID:4012
- C:\Windows\System\eydcWVb.exe
  C:\Windows\System\eydcWVb.exe
  2⤵
  PID:4032
- C:\Windows\System\BjXDOXE.exe
  C:\Windows\System\BjXDOXE.exe
  2⤵
  PID:4052
- C:\Windows\System\jIjyGHp.exe
  C:\Windows\System\jIjyGHp.exe
  2⤵
  PID:4072
- C:\Windows\System\LekLlOp.exe
  C:\Windows\System\LekLlOp.exe
  2⤵
  PID:4092
- C:\Windows\System\tNbZOoj.exe
  C:\Windows\System\tNbZOoj.exe
  2⤵
  PID:3044
- C:\Windows\System\qHDRUcv.exe
  C:\Windows\System\qHDRUcv.exe
  2⤵
  PID:2232
- C:\Windows\System\AhCpNmq.exe
  C:\Windows\System\AhCpNmq.exe
  2⤵
  PID:1648
- C:\Windows\System\tFcCuUE.exe
  C:\Windows\System\tFcCuUE.exe
  2⤵
  PID:1788
- C:\Windows\System\LlKhWes.exe
  C:\Windows\System\LlKhWes.exe
  2⤵
  PID:2432
- C:\Windows\System\ZKZyvAJ.exe
  C:\Windows\System\ZKZyvAJ.exe
  2⤵
  PID:1712
- C:\Windows\System\SHiLZkH.exe
  C:\Windows\System\SHiLZkH.exe
  2⤵
  PID:1148
- C:\Windows\System\WbRLcmI.exe
  C:\Windows\System\WbRLcmI.exe
  2⤵
  PID:1580
- C:\Windows\System\aTotAqs.exe
  C:\Windows\System\aTotAqs.exe
  2⤵
  PID:3076
- C:\Windows\System\SzHJlmf.exe
  C:\Windows\System\SzHJlmf.exe
  2⤵
  PID:3108
- C:\Windows\System\vySTMuy.exe
  C:\Windows\System\vySTMuy.exe
  2⤵
  PID:3144
- C:\Windows\System\gwWBymK.exe
  C:\Windows\System\gwWBymK.exe
  2⤵
  PID:3168
- C:\Windows\System\gbaWJoQ.exe
  C:\Windows\System\gbaWJoQ.exe
  2⤵
  PID:3192
- C:\Windows\System\cZQFvDd.exe
  C:\Windows\System\cZQFvDd.exe
  2⤵
  PID:3220
- C:\Windows\System\aJCKDdG.exe
  C:\Windows\System\aJCKDdG.exe
  2⤵
  PID:3276
- C:\Windows\System\GpIPsgl.exe
  C:\Windows\System\GpIPsgl.exe
  2⤵
  PID:3316
- C:\Windows\System\VPUOmKo.exe
  C:\Windows\System\VPUOmKo.exe
  2⤵
  PID:3340
- C:\Windows\System\dHZVAMO.exe
  C:\Windows\System\dHZVAMO.exe
  2⤵
  PID:3392
- C:\Windows\System\ySEAyvc.exe
  C:\Windows\System\ySEAyvc.exe
  2⤵
  PID:3372
- C:\Windows\System\nhWtdpf.exe
  C:\Windows\System\nhWtdpf.exe
  2⤵
  PID:3424
- C:\Windows\System\jiHICzk.exe
  C:\Windows\System\jiHICzk.exe
  2⤵
  PID:3460
- C:\Windows\System\tsabmwI.exe
  C:\Windows\System\tsabmwI.exe
  2⤵
  PID:3520
- C:\Windows\System\GtzJmUx.exe
  C:\Windows\System\GtzJmUx.exe
  2⤵
  PID:3536
- C:\Windows\System\wuVMqUl.exe
  C:\Windows\System\wuVMqUl.exe
  2⤵
  PID:3592
- C:\Windows\System\tQTcQGC.exe
  C:\Windows\System\tQTcQGC.exe
  2⤵
  PID:3636
- C:\Windows\System\TUYeMeZ.exe
  C:\Windows\System\TUYeMeZ.exe
  2⤵
  PID:3656
- C:\Windows\System\kiiqRpu.exe
  C:\Windows\System\kiiqRpu.exe
  2⤵
  PID:3660
- C:\Windows\System\URUPyQG.exe
  C:\Windows\System\URUPyQG.exe
  2⤵
  PID:3724
- C:\Windows\System\DQhwDFZ.exe
  C:\Windows\System\DQhwDFZ.exe
  2⤵
  PID:3756
- C:\Windows\System\lwMvaZP.exe
  C:\Windows\System\lwMvaZP.exe
  2⤵
  PID:3776
- C:\Windows\System\kpuVYoF.exe
  C:\Windows\System\kpuVYoF.exe
  2⤵
  PID:3780
- C:\Windows\System\wkQybhX.exe
  C:\Windows\System\wkQybhX.exe
  2⤵
  PID:3844
- C:\Windows\System\LQNDVah.exe
  C:\Windows\System\LQNDVah.exe
  2⤵
  PID:3888
- C:\Windows\System\ohRmIGD.exe
  C:\Windows\System\ohRmIGD.exe
  2⤵
  PID:3928
- C:\Windows\System\YQahHKu.exe
  C:\Windows\System\YQahHKu.exe
  2⤵
  PID:3940
- C:\Windows\System\BEkLIlE.exe
  C:\Windows\System\BEkLIlE.exe
  2⤵
  PID:3944
- C:\Windows\System\nHJNyDg.exe
  C:\Windows\System\nHJNyDg.exe
  2⤵
  PID:3988
- C:\Windows\System\pxgBarq.exe
  C:\Windows\System\pxgBarq.exe
  2⤵
  PID:4028
- C:\Windows\System\gzmjZSy.exe
  C:\Windows\System\gzmjZSy.exe
  2⤵
  PID:4084
- C:\Windows\System\HDhtgvR.exe
  C:\Windows\System\HDhtgvR.exe
  2⤵
  PID:2900
- C:\Windows\System\fZfXlGH.exe
  C:\Windows\System\fZfXlGH.exe
  2⤵
  PID:1528
- C:\Windows\System\NOwOYhP.exe
  C:\Windows\System\NOwOYhP.exe
  2⤵
  PID:1416
- C:\Windows\System\lKpubOr.exe
  C:\Windows\System\lKpubOr.exe
  2⤵
  PID:1064
- C:\Windows\System\ZOvoQYc.exe
  C:\Windows\System\ZOvoQYc.exe
  2⤵
  PID:2944
- C:\Windows\System\LoUWWQh.exe
  C:\Windows\System\LoUWWQh.exe
  2⤵
  PID:2548
- C:\Windows\System\XaDIcmW.exe
  C:\Windows\System\XaDIcmW.exe
  2⤵
  PID:3092
- C:\Windows\System\moppvLT.exe
  C:\Windows\System\moppvLT.exe
  2⤵
  PID:3240
- C:\Windows\System\aBgtkxI.exe
  C:\Windows\System\aBgtkxI.exe
  2⤵
  PID:3256
- C:\Windows\System\vcgeODw.exe
  C:\Windows\System\vcgeODw.exe
  2⤵
  PID:3272
- C:\Windows\System\SiYtudW.exe
  C:\Windows\System\SiYtudW.exe
  2⤵
  PID:3336
- C:\Windows\System\YgXYnLK.exe
  C:\Windows\System\YgXYnLK.exe
  2⤵
  PID:3440
- C:\Windows\System\vxdPNcC.exe
  C:\Windows\System\vxdPNcC.exe
  2⤵
  PID:3476
- C:\Windows\System\IUNpaxC.exe
  C:\Windows\System\IUNpaxC.exe
  2⤵
  PID:3560
- C:\Windows\System\aXBSEMR.exe
  C:\Windows\System\aXBSEMR.exe
  2⤵
  PID:3580
- C:\Windows\System\eABTHWz.exe
  C:\Windows\System\eABTHWz.exe
  2⤵
  PID:3612
- C:\Windows\System\vDjNNzM.exe
  C:\Windows\System\vDjNNzM.exe
  2⤵
  PID:3696
- C:\Windows\System\vsBwUoB.exe
  C:\Windows\System\vsBwUoB.exe
  2⤵
  PID:3700
- C:\Windows\System\SiJWhiq.exe
  C:\Windows\System\SiJWhiq.exe
  2⤵
  PID:3804
- C:\Windows\System\dXzBgDE.exe
  C:\Windows\System\dXzBgDE.exe
  2⤵
  PID:3920
- C:\Windows\System\kZMIGhh.exe
  C:\Windows\System\kZMIGhh.exe
  2⤵
  PID:3968
- C:\Windows\System\jBdHXPb.exe
  C:\Windows\System\jBdHXPb.exe
  2⤵
  PID:3980
- C:\Windows\System\QiuzSVr.exe
  C:\Windows\System\QiuzSVr.exe
  2⤵
  PID:4040
- C:\Windows\System\YvWihHz.exe
  C:\Windows\System\YvWihHz.exe
  2⤵
  PID:4080
- C:\Windows\System\bUYaDgx.exe
  C:\Windows\System\bUYaDgx.exe
  2⤵
  PID:988
- C:\Windows\System\HOSNSNG.exe
  C:\Windows\System\HOSNSNG.exe
  2⤵
  PID:556
- C:\Windows\System\NvNHBWg.exe
  C:\Windows\System\NvNHBWg.exe
  2⤵
  PID:2092
- C:\Windows\System\RtHYRql.exe
  C:\Windows\System\RtHYRql.exe
  2⤵
  PID:3208
- C:\Windows\System\YQZAWlJ.exe
  C:\Windows\System\YQZAWlJ.exe
  2⤵
  PID:3332
- C:\Windows\System\NbBLhcA.exe
  C:\Windows\System\NbBLhcA.exe
  2⤵
  PID:3312
- C:\Windows\System\AlAhUCc.exe
  C:\Windows\System\AlAhUCc.exe
  2⤵
  PID:3524
- C:\Windows\System\jnQgXGY.exe
  C:\Windows\System\jnQgXGY.exe
  2⤵
  PID:4104
- C:\Windows\System\uHfjtLs.exe
  C:\Windows\System\uHfjtLs.exe
  2⤵
  PID:4124
- C:\Windows\System\IuDQqDE.exe
  C:\Windows\System\IuDQqDE.exe
  2⤵
  PID:4144
- C:\Windows\System\AtPFgPC.exe
  C:\Windows\System\AtPFgPC.exe
  2⤵
  PID:4164
- C:\Windows\System\dFYkzvb.exe
  C:\Windows\System\dFYkzvb.exe
  2⤵
  PID:4184
- C:\Windows\System\bnruEfg.exe
  C:\Windows\System\bnruEfg.exe
  2⤵
  PID:4204
- C:\Windows\System\UgBnsKV.exe
  C:\Windows\System\UgBnsKV.exe
  2⤵
  PID:4224
- C:\Windows\System\rlgOHpy.exe
  C:\Windows\System\rlgOHpy.exe
  2⤵
  PID:4244
- C:\Windows\System\jULyQvW.exe
  C:\Windows\System\jULyQvW.exe
  2⤵
  PID:4264
- C:\Windows\System\yEWGAZF.exe
  C:\Windows\System\yEWGAZF.exe
  2⤵
  PID:4284
- C:\Windows\System\sSgIazV.exe
  C:\Windows\System\sSgIazV.exe
  2⤵
  PID:4304
- C:\Windows\System\VbuDrBa.exe
  C:\Windows\System\VbuDrBa.exe
  2⤵
  PID:4324
- C:\Windows\System\lZaffVz.exe
  C:\Windows\System\lZaffVz.exe
  2⤵
  PID:4344
- C:\Windows\System\soOeTzL.exe
  C:\Windows\System\soOeTzL.exe
  2⤵
  PID:4364
- C:\Windows\System\KpRDjor.exe
  C:\Windows\System\KpRDjor.exe
  2⤵
  PID:4384
- C:\Windows\System\wujAgqC.exe
  C:\Windows\System\wujAgqC.exe
  2⤵
  PID:4404
- C:\Windows\System\cFfjyBZ.exe
  C:\Windows\System\cFfjyBZ.exe
  2⤵
  PID:4424
- C:\Windows\System\oSZlAbj.exe
  C:\Windows\System\oSZlAbj.exe
  2⤵
  PID:4444
- C:\Windows\System\rMIBvCX.exe
  C:\Windows\System\rMIBvCX.exe
  2⤵
  PID:4464
- C:\Windows\System\XfnoGbE.exe
  C:\Windows\System\XfnoGbE.exe
  2⤵
  PID:4484
- C:\Windows\System\BJQzPpI.exe
  C:\Windows\System\BJQzPpI.exe
  2⤵
  PID:4504
- C:\Windows\System\cKMdeCq.exe
  C:\Windows\System\cKMdeCq.exe
  2⤵
  PID:4524
- C:\Windows\System\TUeJDdL.exe
  C:\Windows\System\TUeJDdL.exe
  2⤵
  PID:4544
- C:\Windows\System\KrLIIYz.exe
  C:\Windows\System\KrLIIYz.exe
  2⤵
  PID:4564
- C:\Windows\System\jpzPfKV.exe
  C:\Windows\System\jpzPfKV.exe
  2⤵
  PID:4584
- C:\Windows\System\wiyAWXT.exe
  C:\Windows\System\wiyAWXT.exe
  2⤵
  PID:4604
- C:\Windows\System\pXqVwOa.exe
  C:\Windows\System\pXqVwOa.exe
  2⤵
  PID:4624
- C:\Windows\System\bsyDGgg.exe
  C:\Windows\System\bsyDGgg.exe
  2⤵
  PID:4644
- C:\Windows\System\GtVdoHq.exe
  C:\Windows\System\GtVdoHq.exe
  2⤵
  PID:4664
- C:\Windows\System\VcdtnHu.exe
  C:\Windows\System\VcdtnHu.exe
  2⤵
  PID:4684
- C:\Windows\System\dArTGhM.exe
  C:\Windows\System\dArTGhM.exe
  2⤵
  PID:4704
- C:\Windows\System\THxyTHo.exe
  C:\Windows\System\THxyTHo.exe
  2⤵
  PID:4724
- C:\Windows\System\CSrElEL.exe
  C:\Windows\System\CSrElEL.exe
  2⤵
  PID:4744
- C:\Windows\System\qgYvkWX.exe
  C:\Windows\System\qgYvkWX.exe
  2⤵
  PID:4764
- C:\Windows\System\vVKkJMn.exe
  C:\Windows\System\vVKkJMn.exe
  2⤵
  PID:4784
- C:\Windows\System\JZBsxxQ.exe
  C:\Windows\System\JZBsxxQ.exe
  2⤵
  PID:4804
- C:\Windows\System\TEhpSSb.exe
  C:\Windows\System\TEhpSSb.exe
  2⤵
  PID:4824
- C:\Windows\System\LPGebMA.exe
  C:\Windows\System\LPGebMA.exe
  2⤵
  PID:4844
- C:\Windows\System\RldYoLD.exe
  C:\Windows\System\RldYoLD.exe
  2⤵
  PID:4864
- C:\Windows\System\oCveeNz.exe
  C:\Windows\System\oCveeNz.exe
  2⤵
  PID:4884
- C:\Windows\System\usnrLTw.exe
  C:\Windows\System\usnrLTw.exe
  2⤵
  PID:4904
- C:\Windows\System\zDpcJjn.exe
  C:\Windows\System\zDpcJjn.exe
  2⤵
  PID:4924
- C:\Windows\System\JBGyfHX.exe
  C:\Windows\System\JBGyfHX.exe
  2⤵
  PID:4948
- C:\Windows\System\CqHbOiC.exe
  C:\Windows\System\CqHbOiC.exe
  2⤵
  PID:4968
- C:\Windows\System\cvmbLuR.exe
  C:\Windows\System\cvmbLuR.exe
  2⤵
  PID:4988
- C:\Windows\System\BosJyzz.exe
  C:\Windows\System\BosJyzz.exe
  2⤵
  PID:5008
- C:\Windows\System\MhyEwyB.exe
  C:\Windows\System\MhyEwyB.exe
  2⤵
  PID:5028
- C:\Windows\System\IvcOuZe.exe
  C:\Windows\System\IvcOuZe.exe
  2⤵
  PID:5048
- C:\Windows\System\AYVtXvO.exe
  C:\Windows\System\AYVtXvO.exe
  2⤵
  PID:5068
- C:\Windows\System\JPMPagH.exe
  C:\Windows\System\JPMPagH.exe
  2⤵
  PID:5088
- C:\Windows\System\CBmuRuT.exe
  C:\Windows\System\CBmuRuT.exe
  2⤵
  PID:5108
- C:\Windows\System\AnGFutX.exe
  C:\Windows\System\AnGFutX.exe
  2⤵
  PID:3464
- C:\Windows\System\JJnJbiF.exe
  C:\Windows\System\JJnJbiF.exe
  2⤵
  PID:3632
- C:\Windows\System\PgBUKmk.exe
  C:\Windows\System\PgBUKmk.exe
  2⤵
  PID:3820
- C:\Windows\System\BKjVeoE.exe
  C:\Windows\System\BKjVeoE.exe
  2⤵
  PID:2976
- C:\Windows\System\aAoYRiX.exe
  C:\Windows\System\aAoYRiX.exe
  2⤵
  PID:3884
- C:\Windows\System\KNYqcLA.exe
  C:\Windows\System\KNYqcLA.exe
  2⤵
  PID:3908
- C:\Windows\System\fppAwGt.exe
  C:\Windows\System\fppAwGt.exe
  2⤵
  PID:4024
- C:\Windows\System\cfQdaZt.exe
  C:\Windows\System\cfQdaZt.exe
  2⤵
  PID:2664
- C:\Windows\System\dFFEZsd.exe
  C:\Windows\System\dFFEZsd.exe
  2⤵
  PID:3088
- C:\Windows\System\lOOcpRi.exe
  C:\Windows\System\lOOcpRi.exe
  2⤵
  PID:2972
- C:\Windows\System\yjpTWEg.exe
  C:\Windows\System\yjpTWEg.exe
  2⤵
  PID:3280
- C:\Windows\System\rfJdXyr.exe
  C:\Windows\System\rfJdXyr.exe
  2⤵
  PID:3444
- C:\Windows\System\lReVydV.exe
  C:\Windows\System\lReVydV.exe
  2⤵
  PID:4120
- C:\Windows\System\ptkYrMM.exe
  C:\Windows\System\ptkYrMM.exe
  2⤵
  PID:4160
- C:\Windows\System\jZUPJIQ.exe
  C:\Windows\System\jZUPJIQ.exe
  2⤵
  PID:4192
- C:\Windows\System\alPhxhV.exe
  C:\Windows\System\alPhxhV.exe
  2⤵
  PID:4216
- C:\Windows\System\fORcVxR.exe
  C:\Windows\System\fORcVxR.exe
  2⤵
  PID:4260
- C:\Windows\System\TpiunyX.exe
  C:\Windows\System\TpiunyX.exe
  2⤵
  PID:4292
- C:\Windows\System\lmQfXbw.exe
  C:\Windows\System\lmQfXbw.exe
  2⤵
  PID:4316
- C:\Windows\System\kLGDKEN.exe
  C:\Windows\System\kLGDKEN.exe
  2⤵
  PID:4336
- C:\Windows\System\ltPozhX.exe
  C:\Windows\System\ltPozhX.exe
  2⤵
  PID:4400
- C:\Windows\System\ZxJxPlV.exe
  C:\Windows\System\ZxJxPlV.exe
  2⤵
  PID:4420
- C:\Windows\System\bxBpXiA.exe
  C:\Windows\System\bxBpXiA.exe
  2⤵
  PID:4452
- C:\Windows\System\FdpCgHz.exe
  C:\Windows\System\FdpCgHz.exe
  2⤵
  PID:4476
- C:\Windows\System\pKwVEeG.exe
  C:\Windows\System\pKwVEeG.exe
  2⤵
  PID:4496
- C:\Windows\System\GJtPyNA.exe
  C:\Windows\System\GJtPyNA.exe
  2⤵
  PID:4552
- C:\Windows\System\rSlFegJ.exe
  C:\Windows\System\rSlFegJ.exe
  2⤵
  PID:4580
- C:\Windows\System\aqQFyBV.exe
  C:\Windows\System\aqQFyBV.exe
  2⤵
  PID:2896
- C:\Windows\System\KIwPTCt.exe
  C:\Windows\System\KIwPTCt.exe
  2⤵
  PID:4616
- C:\Windows\System\fIOcodE.exe
  C:\Windows\System\fIOcodE.exe
  2⤵
  PID:4652
- C:\Windows\System\RrnsQWN.exe
  C:\Windows\System\RrnsQWN.exe
  2⤵
  PID:2216
- C:\Windows\System\UJEPaIK.exe
  C:\Windows\System\UJEPaIK.exe
  2⤵
  PID:4716
- C:\Windows\System\AtxVRcj.exe
  C:\Windows\System\AtxVRcj.exe
  2⤵
  PID:4760
- C:\Windows\System\BtmxmXo.exe
  C:\Windows\System\BtmxmXo.exe
  2⤵
  PID:4792
- C:\Windows\System\mnjdGGk.exe
  C:\Windows\System\mnjdGGk.exe
  2⤵
  PID:4840
- C:\Windows\System\LLVEphN.exe
  C:\Windows\System\LLVEphN.exe
  2⤵
  PID:4880
- C:\Windows\System\haVdOew.exe
  C:\Windows\System\haVdOew.exe
  2⤵
  PID:4912
- C:\Windows\System\IPFEZgI.exe
  C:\Windows\System\IPFEZgI.exe
  2⤵
  PID:4916
- C:\Windows\System\gxqtEFL.exe
  C:\Windows\System\gxqtEFL.exe
  2⤵
  PID:4964
- C:\Windows\System\pmuERcY.exe
  C:\Windows\System\pmuERcY.exe
  2⤵
  PID:5004
- C:\Windows\System\vhdcbeo.exe
  C:\Windows\System\vhdcbeo.exe
  2⤵
  PID:5020
- C:\Windows\System\zBtOXXE.exe
  C:\Windows\System\zBtOXXE.exe
  2⤵
  PID:5076
- C:\Windows\System\MPhxVvm.exe
  C:\Windows\System\MPhxVvm.exe
  2⤵
  PID:5096
- C:\Windows\System\sYPEBnr.exe
  C:\Windows\System\sYPEBnr.exe
  2⤵
  PID:3544
- C:\Windows\System\QxFxZOL.exe
  C:\Windows\System\QxFxZOL.exe
  2⤵
  PID:3744
- C:\Windows\System\wDuEWiP.exe
  C:\Windows\System\wDuEWiP.exe
  2⤵
  PID:3800
- C:\Windows\System\ZnhoPJk.exe
  C:\Windows\System\ZnhoPJk.exe
  2⤵
  PID:2128
- C:\Windows\System\toSJWLN.exe
  C:\Windows\System\toSJWLN.exe
  2⤵
  PID:2264
- C:\Windows\System\iXXJOQd.exe
  C:\Windows\System\iXXJOQd.exe
  2⤵
  PID:3152
- C:\Windows\System\IOZKzwu.exe
  C:\Windows\System\IOZKzwu.exe
  2⤵
  PID:3404
- C:\Windows\System\UlxmiLX.exe
  C:\Windows\System\UlxmiLX.exe
  2⤵
  PID:3376
- C:\Windows\System\wJfGCvp.exe
  C:\Windows\System\wJfGCvp.exe
  2⤵
  PID:4176
- C:\Windows\System\DOWBECO.exe
  C:\Windows\System\DOWBECO.exe
  2⤵
  PID:4240
- C:\Windows\System\qCyMJfx.exe
  C:\Windows\System\qCyMJfx.exe
  2⤵
  PID:4276
- C:\Windows\System\ovjapUW.exe
  C:\Windows\System\ovjapUW.exe
  2⤵
  PID:4352
- C:\Windows\System\aeEUxKs.exe
  C:\Windows\System\aeEUxKs.exe
  2⤵
  PID:4380
- C:\Windows\System\bMEZdLW.exe
  C:\Windows\System\bMEZdLW.exe
  2⤵
  PID:4416
- C:\Windows\System\PbEXQPy.exe
  C:\Windows\System\PbEXQPy.exe
  2⤵
  PID:4472
- C:\Windows\System\KSnsTsK.exe
  C:\Windows\System\KSnsTsK.exe
  2⤵
  PID:4540
- C:\Windows\System\UJAtpDj.exe
  C:\Windows\System\UJAtpDj.exe
  2⤵
  PID:3064
- C:\Windows\System\mPzDFAs.exe
  C:\Windows\System\mPzDFAs.exe
  2⤵
  PID:4680
- C:\Windows\System\cNehzMR.exe
  C:\Windows\System\cNehzMR.exe
  2⤵
  PID:4720
- C:\Windows\System\VSWQuNX.exe
  C:\Windows\System\VSWQuNX.exe
  2⤵
  PID:4752
- C:\Windows\System\RxiRihW.exe
  C:\Windows\System\RxiRihW.exe
  2⤵
  PID:4780
- C:\Windows\System\IusHFUQ.exe
  C:\Windows\System\IusHFUQ.exe
  2⤵
  PID:4860
- C:\Windows\System\pzuSevw.exe
  C:\Windows\System\pzuSevw.exe
  2⤵
  PID:4956
- C:\Windows\System\NPOmyZp.exe
  C:\Windows\System\NPOmyZp.exe
  2⤵
  PID:4976
- C:\Windows\System\weKKQGz.exe
  C:\Windows\System\weKKQGz.exe
  2⤵
  PID:5044
- C:\Windows\System\XrWuutV.exe
  C:\Windows\System\XrWuutV.exe
  2⤵
  PID:5084
- C:\Windows\System\hYyBpTt.exe
  C:\Windows\System\hYyBpTt.exe
  2⤵
  PID:5116
- C:\Windows\System\LoHBLsY.exe
  C:\Windows\System\LoHBLsY.exe
  2⤵
  PID:5132
- C:\Windows\System\XcWvGOX.exe
  C:\Windows\System\XcWvGOX.exe
  2⤵
  PID:5152
- C:\Windows\System\xNiEDCR.exe
  C:\Windows\System\xNiEDCR.exe
  2⤵
  PID:5172
- C:\Windows\System\XXOeWqZ.exe
  C:\Windows\System\XXOeWqZ.exe
  2⤵
  PID:5192
- C:\Windows\System\SvhYwkM.exe
  C:\Windows\System\SvhYwkM.exe
  2⤵
  PID:5212
- C:\Windows\System\WmsBHke.exe
  C:\Windows\System\WmsBHke.exe
  2⤵
  PID:5232
- C:\Windows\System\uNxHkuH.exe
  C:\Windows\System\uNxHkuH.exe
  2⤵
  PID:5252
- C:\Windows\System\LVFoayY.exe
  C:\Windows\System\LVFoayY.exe
  2⤵
  PID:5272
- C:\Windows\System\wpqKrBn.exe
  C:\Windows\System\wpqKrBn.exe
  2⤵
  PID:5292
- C:\Windows\System\udujpeg.exe
  C:\Windows\System\udujpeg.exe
  2⤵
  PID:5312
- C:\Windows\System\XcIecqg.exe
  C:\Windows\System\XcIecqg.exe
  2⤵
  PID:5332
- C:\Windows\System\utvVUAc.exe
  C:\Windows\System\utvVUAc.exe
  2⤵
  PID:5352
- C:\Windows\System\xqNhXxp.exe
  C:\Windows\System\xqNhXxp.exe
  2⤵
  PID:5372
- C:\Windows\System\hMFCjKZ.exe
  C:\Windows\System\hMFCjKZ.exe
  2⤵
  PID:5392
- C:\Windows\System\BArLPIL.exe
  C:\Windows\System\BArLPIL.exe
  2⤵
  PID:5412
- C:\Windows\System\scKwtXg.exe
  C:\Windows\System\scKwtXg.exe
  2⤵
  PID:5432
- C:\Windows\System\JEeDUHS.exe
  C:\Windows\System\JEeDUHS.exe
  2⤵
  PID:5452
- C:\Windows\System\BwUaCdD.exe
  C:\Windows\System\BwUaCdD.exe
  2⤵
  PID:5472
- C:\Windows\System\SXUqAHx.exe
  C:\Windows\System\SXUqAHx.exe
  2⤵
  PID:5492
- C:\Windows\System\ORDPhcW.exe
  C:\Windows\System\ORDPhcW.exe
  2⤵
  PID:5512
- C:\Windows\System\JsEhJKt.exe
  C:\Windows\System\JsEhJKt.exe
  2⤵
  PID:5532
- C:\Windows\System\GVFqVfv.exe
  C:\Windows\System\GVFqVfv.exe
  2⤵
  PID:5552
- C:\Windows\System\bqQWSTW.exe
  C:\Windows\System\bqQWSTW.exe
  2⤵
  PID:5572
- C:\Windows\System\PMVkBue.exe
  C:\Windows\System\PMVkBue.exe
  2⤵
  PID:5592
- C:\Windows\System\DrKyrRK.exe
  C:\Windows\System\DrKyrRK.exe
  2⤵
  PID:5612
- C:\Windows\System\AxoKGsu.exe
  C:\Windows\System\AxoKGsu.exe
  2⤵
  PID:5632
- C:\Windows\System\SJPdsRK.exe
  C:\Windows\System\SJPdsRK.exe
  2⤵
  PID:5656
- C:\Windows\System\UpDQizd.exe
  C:\Windows\System\UpDQizd.exe
  2⤵
  PID:5676
- C:\Windows\System\zMpRCEU.exe
  C:\Windows\System\zMpRCEU.exe
  2⤵
  PID:5696
- C:\Windows\System\oTdnTJD.exe
  C:\Windows\System\oTdnTJD.exe
  2⤵
  PID:5716
- C:\Windows\System\vEbjdaX.exe
  C:\Windows\System\vEbjdaX.exe
  2⤵
  PID:5736
- C:\Windows\System\NAVolaj.exe
  C:\Windows\System\NAVolaj.exe
  2⤵
  PID:5756
- C:\Windows\System\xDPKpLO.exe
  C:\Windows\System\xDPKpLO.exe
  2⤵
  PID:5776
- C:\Windows\System\MZqwqxd.exe
  C:\Windows\System\MZqwqxd.exe
  2⤵
  PID:5796
- C:\Windows\System\bJpDrEs.exe
  C:\Windows\System\bJpDrEs.exe
  2⤵
  PID:5816
- C:\Windows\System\bGAQqlA.exe
  C:\Windows\System\bGAQqlA.exe
  2⤵
  PID:5836
- C:\Windows\System\SjJWdhn.exe
  C:\Windows\System\SjJWdhn.exe
  2⤵
  PID:5856
- C:\Windows\System\PVYYzRK.exe
  C:\Windows\System\PVYYzRK.exe
  2⤵
  PID:5876
- C:\Windows\System\HPpJwOg.exe
  C:\Windows\System\HPpJwOg.exe
  2⤵
  PID:5896
- C:\Windows\System\HOmbvMq.exe
  C:\Windows\System\HOmbvMq.exe
  2⤵
  PID:5916
- C:\Windows\System\tMwINwh.exe
  C:\Windows\System\tMwINwh.exe
  2⤵
  PID:5936
- C:\Windows\System\vUlcopl.exe
  C:\Windows\System\vUlcopl.exe
  2⤵
  PID:5956
- C:\Windows\System\IasUdLx.exe
  C:\Windows\System\IasUdLx.exe
  2⤵
  PID:5976
- C:\Windows\System\nsZPMhh.exe
  C:\Windows\System\nsZPMhh.exe
  2⤵
  PID:5996
- C:\Windows\System\UaMPGkX.exe
  C:\Windows\System\UaMPGkX.exe
  2⤵
  PID:6016
- C:\Windows\System\LLCGNvT.exe
  C:\Windows\System\LLCGNvT.exe
  2⤵
  PID:6040
- C:\Windows\System\sRRlDiO.exe
  C:\Windows\System\sRRlDiO.exe
  2⤵
  PID:6060
- C:\Windows\System\ruPsqPG.exe
  C:\Windows\System\ruPsqPG.exe
  2⤵
  PID:6080
- C:\Windows\System\mtDjzxY.exe
  C:\Windows\System\mtDjzxY.exe
  2⤵
  PID:6100
- C:\Windows\System\ZbambLn.exe
  C:\Windows\System\ZbambLn.exe
  2⤵
  PID:6120
- C:\Windows\System\QAzdGAF.exe
  C:\Windows\System\QAzdGAF.exe
  2⤵
  PID:6140
- C:\Windows\System\orysBvx.exe
  C:\Windows\System\orysBvx.exe
  2⤵
  PID:3904
- C:\Windows\System\BRWcVwb.exe
  C:\Windows\System\BRWcVwb.exe
  2⤵
  PID:4048
- C:\Windows\System\EbXmBYZ.exe
  C:\Windows\System\EbXmBYZ.exe
  2⤵
  PID:3112
- C:\Windows\System\yfBtNNH.exe
  C:\Windows\System\yfBtNNH.exe
  2⤵
  PID:4196
- C:\Windows\System\gxAhFFE.exe
  C:\Windows\System\gxAhFFE.exe
  2⤵
  PID:4236
- C:\Windows\System\drvsoCm.exe
  C:\Windows\System\drvsoCm.exe
  2⤵
  PID:4320
- C:\Windows\System\mNicQer.exe
  C:\Windows\System\mNicQer.exe
  2⤵
  PID:4360
- C:\Windows\System\rnLVWMc.exe
  C:\Windows\System\rnLVWMc.exe
  2⤵
  PID:4456
- C:\Windows\System\atJfiSE.exe
  C:\Windows\System\atJfiSE.exe
  2⤵
  PID:4596
- C:\Windows\System\hiamvnE.exe
  C:\Windows\System\hiamvnE.exe
  2⤵
  PID:4672
- C:\Windows\System\HHXLxgT.exe
  C:\Windows\System\HHXLxgT.exe
  2⤵
  PID:4776
- C:\Windows\System\GKYFPeh.exe
  C:\Windows\System\GKYFPeh.exe
  2⤵
  PID:4872
- C:\Windows\System\QOvbZjC.exe
  C:\Windows\System\QOvbZjC.exe
  2⤵
  PID:5000
- C:\Windows\System\FUrZpHA.exe
  C:\Windows\System\FUrZpHA.exe
  2⤵
  PID:5080
- C:\Windows\System\BBsJIRm.exe
  C:\Windows\System\BBsJIRm.exe
  2⤵
  PID:5128
- C:\Windows\System\VIFTbsh.exe
  C:\Windows\System\VIFTbsh.exe
  2⤵
  PID:5148
- C:\Windows\System\AAgxrxF.exe
  C:\Windows\System\AAgxrxF.exe
  2⤵
  PID:5200
- C:\Windows\System\ZWpRCfK.exe
  C:\Windows\System\ZWpRCfK.exe
  2⤵
  PID:2740
- C:\Windows\System\yWksKvl.exe
  C:\Windows\System\yWksKvl.exe
  2⤵
  PID:5224
- C:\Windows\System\oFnFbuf.exe
  C:\Windows\System\oFnFbuf.exe
  2⤵
  PID:5280
- C:\Windows\System\OfEywIz.exe
  C:\Windows\System\OfEywIz.exe
  2⤵
  PID:5300
- C:\Windows\System\mAVHtSy.exe
  C:\Windows\System\mAVHtSy.exe
  2⤵
  PID:5324
- C:\Windows\System\wMFyNVw.exe
  C:\Windows\System\wMFyNVw.exe
  2⤵
  PID:5344
- C:\Windows\System\rQxHXje.exe
  C:\Windows\System\rQxHXje.exe
  2⤵
  PID:5388
- C:\Windows\System\hFdlVnP.exe
  C:\Windows\System\hFdlVnP.exe
  2⤵
  PID:5428
- C:\Windows\System\URacPJM.exe
  C:\Windows\System\URacPJM.exe
  2⤵
  PID:5460
- C:\Windows\System\WPKcCkM.exe
  C:\Windows\System\WPKcCkM.exe
  2⤵
  PID:5464
- C:\Windows\System\kMxYtMc.exe
  C:\Windows\System\kMxYtMc.exe
  2⤵
  PID:5528
- C:\Windows\System\QxIyhev.exe
  C:\Windows\System\QxIyhev.exe
  2⤵
  PID:5560
- C:\Windows\System\UeRQzpE.exe
  C:\Windows\System\UeRQzpE.exe
  2⤵
  PID:5604
- C:\Windows\System\AgQjklh.exe
  C:\Windows\System\AgQjklh.exe
  2⤵
  PID:5628
- C:\Windows\System\AieGiIE.exe
  C:\Windows\System\AieGiIE.exe
  2⤵
  PID:5664
- C:\Windows\System\FRNpcVV.exe
  C:\Windows\System\FRNpcVV.exe
  2⤵
  PID:5668
- C:\Windows\System\KTOpJuO.exe
  C:\Windows\System\KTOpJuO.exe
  2⤵
  PID:5712
- C:\Windows\System\TWDuJwY.exe
  C:\Windows\System\TWDuJwY.exe
  2⤵
  PID:5764
- C:\Windows\System\XIUjiDY.exe
  C:\Windows\System\XIUjiDY.exe
  2⤵
  PID:5792
- C:\Windows\System\zzTEwTt.exe
  C:\Windows\System\zzTEwTt.exe
  2⤵
  PID:5824
- C:\Windows\System\BpbkNcz.exe
  C:\Windows\System\BpbkNcz.exe
  2⤵
  PID:5828
- C:\Windows\System\GOQbevY.exe
  C:\Windows\System\GOQbevY.exe
  2⤵
  PID:5892
- C:\Windows\System\sPkIlLc.exe
  C:\Windows\System\sPkIlLc.exe
  2⤵
  PID:5912
- C:\Windows\System\ZpAwLFQ.exe
  C:\Windows\System\ZpAwLFQ.exe
  2⤵
  PID:5948
- C:\Windows\System\fugTIdF.exe
  C:\Windows\System\fugTIdF.exe
  2⤵
  PID:6004
- C:\Windows\System\GOnxehg.exe
  C:\Windows\System\GOnxehg.exe
  2⤵
  PID:6024
- C:\Windows\System\bXFroov.exe
  C:\Windows\System\bXFroov.exe
  2⤵
  PID:2796
- C:\Windows\System\eXmkctq.exe
  C:\Windows\System\eXmkctq.exe
  2⤵
  PID:6072
- C:\Windows\System\CzCmoqF.exe
  C:\Windows\System\CzCmoqF.exe
  2⤵
  PID:6112
- C:\Windows\System\RYtWkLn.exe
  C:\Windows\System\RYtWkLn.exe
  2⤵
  PID:3828
- C:\Windows\System\YafCpSE.exe
  C:\Windows\System\YafCpSE.exe
  2⤵
  PID:2060
- C:\Windows\System\BLvPmCp.exe
  C:\Windows\System\BLvPmCp.exe
  2⤵
  PID:3296
- C:\Windows\System\mOoEpcd.exe
  C:\Windows\System\mOoEpcd.exe
  2⤵
  PID:4272
- C:\Windows\System\DtTfYUQ.exe
  C:\Windows\System\DtTfYUQ.exe
  2⤵
  PID:4392
- C:\Windows\System\xxBarVD.exe
  C:\Windows\System\xxBarVD.exe
  2⤵
  PID:4536
- C:\Windows\System\mDMRyiu.exe
  C:\Windows\System\mDMRyiu.exe
  2⤵
  PID:4612
- C:\Windows\System\NsFfuzu.exe
  C:\Windows\System\NsFfuzu.exe
  2⤵
  PID:4796
- C:\Windows\System\XrPPXRi.exe
  C:\Windows\System\XrPPXRi.exe
  2⤵
  PID:4984
- C:\Windows\System\yLRTqfF.exe
  C:\Windows\System\yLRTqfF.exe
  2⤵
  PID:6032
- C:\Windows\System\dabKhIr.exe
  C:\Windows\System\dabKhIr.exe
  2⤵
  PID:5168
- C:\Windows\System\WPGVifA.exe
  C:\Windows\System\WPGVifA.exe
  2⤵
  PID:5208
- C:\Windows\System\nLIOgbU.exe
  C:\Windows\System\nLIOgbU.exe
  2⤵
  PID:5260
- C:\Windows\System\gNfxTrw.exe
  C:\Windows\System\gNfxTrw.exe
  2⤵
  PID:5268
- C:\Windows\System\tlusSLH.exe
  C:\Windows\System\tlusSLH.exe
  2⤵
  PID:5348
- C:\Windows\System\hisoYnW.exe
  C:\Windows\System\hisoYnW.exe
  2⤵
  PID:5420
- C:\Windows\System\HlLeGWb.exe
  C:\Windows\System\HlLeGWb.exe
  2⤵
  PID:2772
- C:\Windows\System\WaXJCBI.exe
  C:\Windows\System\WaXJCBI.exe
  2⤵
  PID:5488
- C:\Windows\System\oLgnvpK.exe
  C:\Windows\System\oLgnvpK.exe
  2⤵
  PID:5588
- C:\Windows\System\bvAVHdV.exe
  C:\Windows\System\bvAVHdV.exe
  2⤵
  PID:5624
- C:\Windows\System\VPZSjKq.exe
  C:\Windows\System\VPZSjKq.exe
  2⤵
  PID:5692
- C:\Windows\System\lIuFGwJ.exe
  C:\Windows\System\lIuFGwJ.exe
  2⤵
  PID:5748
- C:\Windows\System\wLsEOmG.exe
  C:\Windows\System\wLsEOmG.exe
  2⤵
  PID:5768
- C:\Windows\System\NOMnJEg.exe
  C:\Windows\System\NOMnJEg.exe
  2⤵
  PID:5808
- C:\Windows\System\deuxnSi.exe
  C:\Windows\System\deuxnSi.exe
  2⤵
  PID:1636
- C:\Windows\System\IKhuDPE.exe
  C:\Windows\System\IKhuDPE.exe
  2⤵
  PID:5924
- C:\Windows\System\HvYuDze.exe
  C:\Windows\System\HvYuDze.exe
  2⤵
  PID:5984
- C:\Windows\System\sKCuxyQ.exe
  C:\Windows\System\sKCuxyQ.exe
  2⤵
  PID:5988
- C:\Windows\System\fryOkbG.exe
  C:\Windows\System\fryOkbG.exe
  2⤵
  PID:6116
- C:\Windows\System\YRGlxha.exe
  C:\Windows\System\YRGlxha.exe
  2⤵
  PID:1980
- C:\Windows\System\MuBkPEa.exe
  C:\Windows\System\MuBkPEa.exe
  2⤵
  PID:2172
- C:\Windows\System\bPRIehu.exe
  C:\Windows\System\bPRIehu.exe
  2⤵
  PID:1332
- C:\Windows\System\WTZVeLz.exe
  C:\Windows\System\WTZVeLz.exe
  2⤵
  PID:4172
- C:\Windows\System\zIGtjSB.exe
  C:\Windows\System\zIGtjSB.exe
  2⤵
  PID:4480
- C:\Windows\System\rRzwyCn.exe
  C:\Windows\System\rRzwyCn.exe
  2⤵
  PID:4740
- C:\Windows\System\CuMgYEV.exe
  C:\Windows\System\CuMgYEV.exe
  2⤵
  PID:2276
- C:\Windows\System\ilhrUNL.exe
  C:\Windows\System\ilhrUNL.exe
  2⤵
  PID:4892
- C:\Windows\System\WSQlPTF.exe
  C:\Windows\System\WSQlPTF.exe
  2⤵
  PID:5160
- C:\Windows\System\aHhAhSS.exe
  C:\Windows\System\aHhAhSS.exe
  2⤵
  PID:5164
- C:\Windows\System\FECEQTJ.exe
  C:\Windows\System\FECEQTJ.exe
  2⤵
  PID:5328
- C:\Windows\System\yIHDKaL.exe
  C:\Windows\System\yIHDKaL.exe
  2⤵
  PID:2724
- C:\Windows\System\jHkQYFY.exe
  C:\Windows\System\jHkQYFY.exe
  2⤵
  PID:5444
- C:\Windows\System\CFNCTFv.exe
  C:\Windows\System\CFNCTFv.exe
  2⤵
  PID:5484
- C:\Windows\System\CtVNoHg.exe
  C:\Windows\System\CtVNoHg.exe
  2⤵
  PID:5584
- C:\Windows\System\oQANMav.exe
  C:\Windows\System\oQANMav.exe
  2⤵
  PID:1520
- C:\Windows\System\BYoFzzS.exe
  C:\Windows\System\BYoFzzS.exe
  2⤵
  PID:2464
- C:\Windows\System\ghzWIIp.exe
  C:\Windows\System\ghzWIIp.exe
  2⤵
  PID:656
- C:\Windows\System\LltUSjG.exe
  C:\Windows\System\LltUSjG.exe
  2⤵
  PID:5952
- C:\Windows\System\aXjxDTk.exe
  C:\Windows\System\aXjxDTk.exe
  2⤵
  PID:5944
- C:\Windows\System\HztdfWP.exe
  C:\Windows\System\HztdfWP.exe
  2⤵
  PID:6068
- C:\Windows\System\KBnpJzi.exe
  C:\Windows\System\KBnpJzi.exe
  2⤵
  PID:6132
- C:\Windows\System\JGRfeBB.exe
  C:\Windows\System\JGRfeBB.exe
  2⤵
  PID:4372
- C:\Windows\System\EFHCtBJ.exe
  C:\Windows\System\EFHCtBJ.exe
  2⤵
  PID:4636
- C:\Windows\System\NKsxfuU.exe
  C:\Windows\System\NKsxfuU.exe
  2⤵
  PID:6160
- C:\Windows\System\UEOKupf.exe
  C:\Windows\System\UEOKupf.exe
  2⤵
  PID:6180
- C:\Windows\System\kpWFaEv.exe
  C:\Windows\System\kpWFaEv.exe
  2⤵
  PID:6200
- C:\Windows\System\zjDozUI.exe
  C:\Windows\System\zjDozUI.exe
  2⤵
  PID:6220
- C:\Windows\System\nfKGYdO.exe
  C:\Windows\System\nfKGYdO.exe
  2⤵
  PID:6240
- C:\Windows\System\sWdSUFd.exe
  C:\Windows\System\sWdSUFd.exe
  2⤵
  PID:6264
- C:\Windows\System\lbWSujg.exe
  C:\Windows\System\lbWSujg.exe
  2⤵
  PID:6284
- C:\Windows\System\QKuypBJ.exe
  C:\Windows\System\QKuypBJ.exe
  2⤵
  PID:6304
- C:\Windows\System\yneUxEl.exe
  C:\Windows\System\yneUxEl.exe
  2⤵
  PID:6324
- C:\Windows\System\JUFGOvk.exe
  C:\Windows\System\JUFGOvk.exe
  2⤵
  PID:6344
- C:\Windows\System\txLlSMk.exe
  C:\Windows\System\txLlSMk.exe
  2⤵
  PID:6364
- C:\Windows\System\VsAwqsK.exe
  C:\Windows\System\VsAwqsK.exe
  2⤵
  PID:6384
- C:\Windows\System\FaWMqss.exe
  C:\Windows\System\FaWMqss.exe
  2⤵
  PID:6408
- C:\Windows\System\qklcmgX.exe
  C:\Windows\System\qklcmgX.exe
  2⤵
  PID:6428
- C:\Windows\System\puUUKDm.exe
  C:\Windows\System\puUUKDm.exe
  2⤵
  PID:6448
- C:\Windows\System\QmzdriC.exe
  C:\Windows\System\QmzdriC.exe
  2⤵
  PID:6468
- C:\Windows\System\SLNcDNw.exe
  C:\Windows\System\SLNcDNw.exe
  2⤵
  PID:6488
- C:\Windows\System\WbvesAo.exe
  C:\Windows\System\WbvesAo.exe
  2⤵
  PID:6508
- C:\Windows\System\SFnetLS.exe
  C:\Windows\System\SFnetLS.exe
  2⤵
  PID:6528
- C:\Windows\System\BXtgacx.exe
  C:\Windows\System\BXtgacx.exe
  2⤵
  PID:6548
- C:\Windows\System\ZrJxjuV.exe
  C:\Windows\System\ZrJxjuV.exe
  2⤵
  PID:6568
- C:\Windows\System\xUqCfIK.exe
  C:\Windows\System\xUqCfIK.exe
  2⤵
  PID:6588
- C:\Windows\System\XlYEkAY.exe
  C:\Windows\System\XlYEkAY.exe
  2⤵
  PID:6608
- C:\Windows\System\LxKJNIJ.exe
  C:\Windows\System\LxKJNIJ.exe
  2⤵
  PID:6628
- C:\Windows\System\juecvjH.exe
  C:\Windows\System\juecvjH.exe
  2⤵
  PID:6648
- C:\Windows\System\vxPGokT.exe
  C:\Windows\System\vxPGokT.exe
  2⤵
  PID:6668
- C:\Windows\System\IYzYkcQ.exe
  C:\Windows\System\IYzYkcQ.exe
  2⤵
  PID:6688
- C:\Windows\System\AqsaBjd.exe
  C:\Windows\System\AqsaBjd.exe
  2⤵
  PID:6708
- C:\Windows\System\ZipjQWu.exe
  C:\Windows\System\ZipjQWu.exe
  2⤵
  PID:6728
- C:\Windows\System\mrRqhZc.exe
  C:\Windows\System\mrRqhZc.exe
  2⤵
  PID:6748
- C:\Windows\System\IiCYSBw.exe
  C:\Windows\System\IiCYSBw.exe
  2⤵
  PID:6768
- C:\Windows\System\DKXFXPn.exe
  C:\Windows\System\DKXFXPn.exe
  2⤵
  PID:6788
- C:\Windows\System\SwoVTtj.exe
  C:\Windows\System\SwoVTtj.exe
  2⤵
  PID:6808
- C:\Windows\System\FTGSdPD.exe
  C:\Windows\System\FTGSdPD.exe
  2⤵
  PID:6828
- C:\Windows\System\KvMRhpf.exe
  C:\Windows\System\KvMRhpf.exe
  2⤵
  PID:6848
- C:\Windows\System\gbFbSsO.exe
  C:\Windows\System\gbFbSsO.exe
  2⤵
  PID:6868
- C:\Windows\System\xXsOmPk.exe
  C:\Windows\System\xXsOmPk.exe
  2⤵
  PID:6888
- C:\Windows\System\qJTuRPR.exe
  C:\Windows\System\qJTuRPR.exe
  2⤵
  PID:6908
- C:\Windows\System\iFyTTwZ.exe
  C:\Windows\System\iFyTTwZ.exe
  2⤵
  PID:6928
- C:\Windows\System\sISpihw.exe
  C:\Windows\System\sISpihw.exe
  2⤵
  PID:6948
- C:\Windows\System\wsXvfOd.exe
  C:\Windows\System\wsXvfOd.exe
  2⤵
  PID:6968
- C:\Windows\System\oYFEsUG.exe
  C:\Windows\System\oYFEsUG.exe
  2⤵
  PID:6988
- C:\Windows\System\BQonxYN.exe
  C:\Windows\System\BQonxYN.exe
  2⤵
  PID:7008
- C:\Windows\System\dkOSwPd.exe
  C:\Windows\System\dkOSwPd.exe
  2⤵
  PID:7028
- C:\Windows\System\NfwjBUo.exe
  C:\Windows\System\NfwjBUo.exe
  2⤵
  PID:7048
- C:\Windows\System\pidVwWS.exe
  C:\Windows\System\pidVwWS.exe
  2⤵
  PID:7068
- C:\Windows\System\niXgLvT.exe
  C:\Windows\System\niXgLvT.exe
  2⤵
  PID:7088
- C:\Windows\System\DGBJwwJ.exe
  C:\Windows\System\DGBJwwJ.exe
  2⤵
  PID:7108
- C:\Windows\System\mWGxbbE.exe
  C:\Windows\System\mWGxbbE.exe
  2⤵
  PID:7128
- C:\Windows\System\CmPxMQV.exe
  C:\Windows\System\CmPxMQV.exe
  2⤵
  PID:7148
- C:\Windows\System\ofNUDVH.exe
  C:\Windows\System\ofNUDVH.exe
  2⤵
  PID:2528
- C:\Windows\System\SAtsfFO.exe
  C:\Windows\System\SAtsfFO.exe
  2⤵
  PID:4944
- C:\Windows\System\UQIcPjV.exe
  C:\Windows\System\UQIcPjV.exe
  2⤵
  PID:5140
- C:\Windows\System\WGaYatd.exe
  C:\Windows\System\WGaYatd.exe
  2⤵
  PID:5244
- C:\Windows\System\uUdLFby.exe
  C:\Windows\System\uUdLFby.exe
  2⤵
  PID:5380
- C:\Windows\System\jHAdgIV.exe
  C:\Windows\System\jHAdgIV.exe
  2⤵
  PID:5608
- C:\Windows\System\mhqURYL.exe
  C:\Windows\System\mhqURYL.exe
  2⤵
  PID:5852
- C:\Windows\System\sWIauXb.exe
  C:\Windows\System\sWIauXb.exe
  2⤵
  PID:5832
- C:\Windows\System\iTqHzMv.exe
  C:\Windows\System\iTqHzMv.exe
  2⤵
  PID:4116
- C:\Windows\System\yHWRHrQ.exe
  C:\Windows\System\yHWRHrQ.exe
  2⤵
  PID:6092
- C:\Windows\System\GaBjzLV.exe
  C:\Windows\System\GaBjzLV.exe
  2⤵
  PID:1672
- C:\Windows\System\CVcZxwB.exe
  C:\Windows\System\CVcZxwB.exe
  2⤵
  PID:6148
- C:\Windows\System\HxOnDJO.exe
  C:\Windows\System\HxOnDJO.exe
  2⤵
  PID:6188
- C:\Windows\System\KWRYPDi.exe
  C:\Windows\System\KWRYPDi.exe
  2⤵
  PID:6192
- C:\Windows\System\FxzYtmu.exe
  C:\Windows\System\FxzYtmu.exe
  2⤵
  PID:6236
- C:\Windows\System\lvOgjWQ.exe
  C:\Windows\System\lvOgjWQ.exe
  2⤵
  PID:6272
- C:\Windows\System\svOlpHX.exe
  C:\Windows\System\svOlpHX.exe
  2⤵
  PID:6296
- C:\Windows\System\jLKnYuZ.exe
  C:\Windows\System\jLKnYuZ.exe
  2⤵
  PID:6352
- C:\Windows\System\CCyMHiv.exe
  C:\Windows\System\CCyMHiv.exe
  2⤵
  PID:6372
- C:\Windows\System\fOpQCYf.exe
  C:\Windows\System\fOpQCYf.exe
  2⤵
  PID:6400
- C:\Windows\System\KJLicUA.exe
  C:\Windows\System\KJLicUA.exe
  2⤵
  PID:6440
- C:\Windows\System\LVneWaR.exe
  C:\Windows\System\LVneWaR.exe
  2⤵
  PID:6476
- C:\Windows\System\UafSdql.exe
  C:\Windows\System\UafSdql.exe
  2⤵
  PID:6504
- C:\Windows\System\frBQqeS.exe
  C:\Windows\System\frBQqeS.exe
  2⤵
  PID:6556
- C:\Windows\System\TlpzfPe.exe
  C:\Windows\System\TlpzfPe.exe
  2⤵
  PID:6576
- C:\Windows\System\gDXgVPr.exe
  C:\Windows\System\gDXgVPr.exe
  2⤵
  PID:6580
- C:\Windows\System\IwzVNjH.exe
  C:\Windows\System\IwzVNjH.exe
  2⤵
  PID:6624
- C:\Windows\System\tNDVLIw.exe
  C:\Windows\System\tNDVLIw.exe
  2⤵
  PID:6676
- C:\Windows\System\LCOITHk.exe
  C:\Windows\System\LCOITHk.exe
  2⤵
  PID:6704
- C:\Windows\System\FWNGQBI.exe
  C:\Windows\System\FWNGQBI.exe
  2⤵
  PID:6736
- C:\Windows\System\BeMIkou.exe
  C:\Windows\System\BeMIkou.exe
  2⤵
  PID:6760
- C:\Windows\System\jgYTEuP.exe
  C:\Windows\System\jgYTEuP.exe
  2⤵
  PID:6804
- C:\Windows\System\QNabSaG.exe
  C:\Windows\System\QNabSaG.exe
  2⤵
  PID:6836
- C:\Windows\System\LrTKGQm.exe
  C:\Windows\System\LrTKGQm.exe
  2⤵
  PID:6876
- C:\Windows\System\xBOrSuU.exe
  C:\Windows\System\xBOrSuU.exe
  2⤵
  PID:6896
- C:\Windows\System\ArwSajP.exe
  C:\Windows\System\ArwSajP.exe
  2⤵
  PID:6920
- C:\Windows\System\TPVwhPh.exe
  C:\Windows\System\TPVwhPh.exe
  2⤵
  PID:6940
- C:\Windows\System\oSLHpwx.exe
  C:\Windows\System\oSLHpwx.exe
  2⤵
  PID:6996
- C:\Windows\System\FuzXIFY.exe
  C:\Windows\System\FuzXIFY.exe
  2⤵
  PID:7036
- C:\Windows\System\mAJgdES.exe
  C:\Windows\System\mAJgdES.exe
  2⤵
  PID:7064
- C:\Windows\System\ohnCmah.exe
  C:\Windows\System\ohnCmah.exe
  2⤵
  PID:7096
- C:\Windows\System\jsBMhLd.exe
  C:\Windows\System\jsBMhLd.exe
  2⤵
  PID:7120
- C:\Windows\System\NslZFEk.exe
  C:\Windows\System\NslZFEk.exe
  2⤵
  PID:7164
- C:\Windows\System\frurRif.exe
  C:\Windows\System\frurRif.exe
  2⤵
  PID:4600
- C:\Windows\System\nVAfqXe.exe
  C:\Windows\System\nVAfqXe.exe
  2⤵
  PID:4572
- C:\Windows\System\lSILjpX.exe
  C:\Windows\System\lSILjpX.exe
  2⤵
  PID:2124
- C:\Windows\System\aoFvlwQ.exe
  C:\Windows\System\aoFvlwQ.exe
  2⤵
  PID:5732
- C:\Windows\System\LVynzxd.exe
  C:\Windows\System\LVynzxd.exe
  2⤵
  PID:2332
- C:\Windows\System\ASJLsDY.exe
  C:\Windows\System\ASJLsDY.exe
  2⤵
  PID:6076
- C:\Windows\System\hEMTiAc.exe
  C:\Windows\System\hEMTiAc.exe
  2⤵
  PID:6168
- C:\Windows\System\DSAVbzL.exe
  C:\Windows\System\DSAVbzL.exe
  2⤵
  PID:6228
- C:\Windows\System\bwVXXkK.exe
  C:\Windows\System\bwVXXkK.exe
  2⤵
  PID:6252
- C:\Windows\System\yZVSKkN.exe
  C:\Windows\System\yZVSKkN.exe
  2⤵
  PID:6340
- C:\Windows\System\dowOqvL.exe
  C:\Windows\System\dowOqvL.exe
  2⤵
  PID:6316
- C:\Windows\System\DjfpmBh.exe
  C:\Windows\System\DjfpmBh.exe
  2⤵
  PID:6380
- C:\Windows\System\GsuzsBC.exe
  C:\Windows\System\GsuzsBC.exe
  2⤵
  PID:6516
- C:\Windows\System\gsJojDT.exe
  C:\Windows\System\gsJojDT.exe
  2⤵
  PID:6560
- C:\Windows\System\LaesPNp.exe
  C:\Windows\System\LaesPNp.exe
  2⤵
  PID:6644
- C:\Windows\System\PkkLWPL.exe
  C:\Windows\System\PkkLWPL.exe
  2⤵
  PID:6660
- C:\Windows\System\KHrnUrz.exe
  C:\Windows\System\KHrnUrz.exe
  2⤵
  PID:6680
- C:\Windows\System\GGplrth.exe
  C:\Windows\System\GGplrth.exe
  2⤵
  PID:6740
- C:\Windows\System\RgaajqL.exe
  C:\Windows\System\RgaajqL.exe
  2⤵
  PID:6824
- C:\Windows\System\YrLLAtZ.exe
  C:\Windows\System\YrLLAtZ.exe
  2⤵
  PID:6880
- C:\Windows\System\rGPQpLL.exe
  C:\Windows\System\rGPQpLL.exe
  2⤵
  PID:6900
- C:\Windows\System\YPOnsyZ.exe
  C:\Windows\System\YPOnsyZ.exe
  2⤵
  PID:6964
- C:\Windows\System\IkHKFng.exe
  C:\Windows\System\IkHKFng.exe
  2⤵
  PID:6984
- C:\Windows\System\KnGeOge.exe
  C:\Windows\System\KnGeOge.exe
  2⤵
  PID:7056
- C:\Windows\System\oqSIJbg.exe
  C:\Windows\System\oqSIJbg.exe
  2⤵
  PID:7144
- C:\Windows\System\pUsxodC.exe
  C:\Windows\System\pUsxodC.exe
  2⤵
  PID:5400
- C:\Windows\System\PddJLXg.exe
  C:\Windows\System\PddJLXg.exe
  2⤵
  PID:5204
- C:\Windows\System\sRDoAWI.exe
  C:\Windows\System\sRDoAWI.exe
  2⤵
  PID:5564
- C:\Windows\System\ieXJmVg.exe
  C:\Windows\System\ieXJmVg.exe
  2⤵
  PID:5992
- C:\Windows\System\yniBqKM.exe
  C:\Windows\System\yniBqKM.exe
  2⤵
  PID:4396
- C:\Windows\System\gaQlzWP.exe
  C:\Windows\System\gaQlzWP.exe
  2⤵
  PID:6248
- C:\Windows\System\OEclFRz.exe
  C:\Windows\System\OEclFRz.exe
  2⤵
  PID:6436
- C:\Windows\System\cxoKTHm.exe
  C:\Windows\System\cxoKTHm.exe
  2⤵
  PID:6420
- C:\Windows\System\EskjRgQ.exe
  C:\Windows\System\EskjRgQ.exe
  2⤵
  PID:6460
- C:\Windows\System\pBgWXVv.exe
  C:\Windows\System\pBgWXVv.exe
  2⤵
  PID:6536
- C:\Windows\System\VDWcjMx.exe
  C:\Windows\System\VDWcjMx.exe
  2⤵
  PID:6756
- C:\Windows\System\jUNhqjN.exe
  C:\Windows\System\jUNhqjN.exe
  2⤵
  PID:6260
- C:\Windows\System\gPgTuTf.exe
  C:\Windows\System\gPgTuTf.exe
  2⤵
  PID:6844
- C:\Windows\System\JgVjLbQ.exe
  C:\Windows\System\JgVjLbQ.exe
  2⤵
  PID:7020
- C:\Windows\System\uiHorow.exe
  C:\Windows\System\uiHorow.exe
  2⤵
  PID:6976
- C:\Windows\System\ortksEr.exe
  C:\Windows\System\ortksEr.exe
  2⤵
  PID:7124
- C:\Windows\System\ufQngLO.exe
  C:\Windows\System\ufQngLO.exe
  2⤵
  PID:5040
- C:\Windows\System\imCxOWF.exe
  C:\Windows\System\imCxOWF.exe
  2⤵
  PID:4300
- C:\Windows\System\RlLxfDC.exe
  C:\Windows\System\RlLxfDC.exe
  2⤵
  PID:2952
- C:\Windows\System\PQwZRlf.exe
  C:\Windows\System\PQwZRlf.exe
  2⤵
  PID:6292
- C:\Windows\System\vzpMSOQ.exe
  C:\Windows\System\vzpMSOQ.exe
  2⤵
  PID:7184
- C:\Windows\System\BHtkEkm.exe
  C:\Windows\System\BHtkEkm.exe
  2⤵
  PID:7204
- C:\Windows\System\nYKRPxp.exe
  C:\Windows\System\nYKRPxp.exe
  2⤵
  PID:7224
- C:\Windows\System\LDhsdrB.exe
  C:\Windows\System\LDhsdrB.exe
  2⤵
  PID:7240
- C:\Windows\System\bGNRypz.exe
  C:\Windows\System\bGNRypz.exe
  2⤵
  PID:7264
- C:\Windows\System\TchDwwF.exe
  C:\Windows\System\TchDwwF.exe
  2⤵
  PID:7284
- C:\Windows\System\bRKoJdO.exe
  C:\Windows\System\bRKoJdO.exe
  2⤵
  PID:7304
- C:\Windows\System\IEPqnBl.exe
  C:\Windows\System\IEPqnBl.exe
  2⤵
  PID:7324
- C:\Windows\System\KuTMfaa.exe
  C:\Windows\System\KuTMfaa.exe
  2⤵
  PID:7344
- C:\Windows\System\WHtlyCY.exe
  C:\Windows\System\WHtlyCY.exe
  2⤵
  PID:7364
- C:\Windows\System\JFpTvWL.exe
  C:\Windows\System\JFpTvWL.exe
  2⤵
  PID:7416
- C:\Windows\System\ydmEeIt.exe
  C:\Windows\System\ydmEeIt.exe
  2⤵
  PID:7436
- C:\Windows\System\FUKmQgb.exe
  C:\Windows\System\FUKmQgb.exe
  2⤵
  PID:7460
- C:\Windows\System\CINoHpx.exe
  C:\Windows\System\CINoHpx.exe
  2⤵
  PID:7484
- C:\Windows\System\xGpPitf.exe
  C:\Windows\System\xGpPitf.exe
  2⤵
  PID:7508
- C:\Windows\System\SYEstRK.exe
  C:\Windows\System\SYEstRK.exe
  2⤵
  PID:7532
- C:\Windows\System\lAiIDIq.exe
  C:\Windows\System\lAiIDIq.exe
  2⤵
  PID:7556
- C:\Windows\System\JKNvCMG.exe
  C:\Windows\System\JKNvCMG.exe
  2⤵
  PID:7580
- C:\Windows\System\xNGatyp.exe
  C:\Windows\System\xNGatyp.exe
  2⤵
  PID:7604
- C:\Windows\System\brfFgbp.exe
  C:\Windows\System\brfFgbp.exe
  2⤵
  PID:7628
- C:\Windows\System\JYxIyGN.exe
  C:\Windows\System\JYxIyGN.exe
  2⤵
  PID:7648
- C:\Windows\System\sIKEYXg.exe
  C:\Windows\System\sIKEYXg.exe
  2⤵
  PID:7668
- C:\Windows\System\ZVZNvie.exe
  C:\Windows\System\ZVZNvie.exe
  2⤵
  PID:7688
- C:\Windows\System\mtLYgum.exe
  C:\Windows\System\mtLYgum.exe
  2⤵
  PID:7708
- C:\Windows\System\mPcXsUm.exe
  C:\Windows\System\mPcXsUm.exe
  2⤵
  PID:7728
- C:\Windows\System\YliPiOY.exe
  C:\Windows\System\YliPiOY.exe
  2⤵
  PID:7748
- C:\Windows\System\xAiTHDC.exe
  C:\Windows\System\xAiTHDC.exe
  2⤵
  PID:7772
- C:\Windows\System\oOvuFgF.exe
  C:\Windows\System\oOvuFgF.exe
  2⤵
  PID:7792
- C:\Windows\System\lJItBpG.exe
  C:\Windows\System\lJItBpG.exe
  2⤵
  PID:7812
- C:\Windows\System\DSEztKl.exe
  C:\Windows\System\DSEztKl.exe
  2⤵
  PID:7832
- C:\Windows\System\FPgFezb.exe
  C:\Windows\System\FPgFezb.exe
  2⤵
  PID:7852
- C:\Windows\System\zWlCWlh.exe
  C:\Windows\System\zWlCWlh.exe
  2⤵
  PID:7872
- C:\Windows\System\kZctAWB.exe
  C:\Windows\System\kZctAWB.exe
  2⤵
  PID:7892
- C:\Windows\System\UgPTbBi.exe
  C:\Windows\System\UgPTbBi.exe
  2⤵
  PID:7912
- C:\Windows\System\SfWXBCm.exe
  C:\Windows\System\SfWXBCm.exe
  2⤵
  PID:7932
- C:\Windows\System\uEsHgry.exe
  C:\Windows\System\uEsHgry.exe
  2⤵
  PID:7952
- C:\Windows\System\bGEbrgG.exe
  C:\Windows\System\bGEbrgG.exe
  2⤵
  PID:7972
- C:\Windows\System\XBQeRFg.exe
  C:\Windows\System\XBQeRFg.exe
  2⤵
  PID:7992
- C:\Windows\System\ajzKexk.exe
  C:\Windows\System\ajzKexk.exe
  2⤵
  PID:8012
- C:\Windows\System\lZQQilZ.exe
  C:\Windows\System\lZQQilZ.exe
  2⤵
  PID:8032
- C:\Windows\System\piYaTYq.exe
  C:\Windows\System\piYaTYq.exe
  2⤵
  PID:8052
- C:\Windows\System\doceIKr.exe
  C:\Windows\System\doceIKr.exe
  2⤵
  PID:8072
- C:\Windows\System\doOoyev.exe
  C:\Windows\System\doOoyev.exe
  2⤵
  PID:8092
- C:\Windows\System\NLxgZbh.exe
  C:\Windows\System\NLxgZbh.exe
  2⤵
  PID:8112
- C:\Windows\System\fortalr.exe
  C:\Windows\System\fortalr.exe
  2⤵
  PID:8132
- C:\Windows\System\rcgzBtZ.exe
  C:\Windows\System\rcgzBtZ.exe
  2⤵
  PID:8152
- C:\Windows\System\CBkRYTk.exe
  C:\Windows\System\CBkRYTk.exe
  2⤵
  PID:8172
- C:\Windows\System\wLIEJoK.exe
  C:\Windows\System\wLIEJoK.exe
  2⤵
  PID:6332
- C:\Windows\System\jQzrcod.exe
  C:\Windows\System\jQzrcod.exe
  2⤵
  PID:6464
- C:\Windows\System\NyujMWH.exe
  C:\Windows\System\NyujMWH.exe
  2⤵
  PID:6616
- C:\Windows\System\mfEVeeg.exe
  C:\Windows\System\mfEVeeg.exe
  2⤵
  PID:6784
- C:\Windows\System\leJFVAo.exe
  C:\Windows\System\leJFVAo.exe
  2⤵
  PID:7024
- C:\Windows\System\rXRsots.exe
  C:\Windows\System\rXRsots.exe
  2⤵
  PID:1988
- C:\Windows\System\MnZGObH.exe
  C:\Windows\System\MnZGObH.exe
  2⤵
  PID:5688
- C:\Windows\System\vOwWhtu.exe
  C:\Windows\System\vOwWhtu.exe
  2⤵
  PID:3216
- C:\Windows\System\mLAAgZy.exe
  C:\Windows\System\mLAAgZy.exe
  2⤵
  PID:2004
- C:\Windows\System\ohjWCna.exe
  C:\Windows\System\ohjWCna.exe
  2⤵
  PID:7180
- C:\Windows\System\SpnsxWM.exe
  C:\Windows\System\SpnsxWM.exe
  2⤵
  PID:7196
- C:\Windows\System\nwiUbeZ.exe
  C:\Windows\System\nwiUbeZ.exe
  2⤵
  PID:7248
- C:\Windows\System\fPdJTTV.exe
  C:\Windows\System\fPdJTTV.exe
  2⤵
  PID:3068
- C:\Windows\System\gMxhvki.exe
  C:\Windows\System\gMxhvki.exe
  2⤵
  PID:7292
- C:\Windows\System\zNGcczJ.exe
  C:\Windows\System\zNGcczJ.exe
  2⤵
  PID:7316
- C:\Windows\System\UhctRBR.exe
  C:\Windows\System\UhctRBR.exe
  2⤵
  PID:7360
- C:\Windows\System\jnXRnjs.exe
  C:\Windows\System\jnXRnjs.exe
  2⤵
  PID:3236
- C:\Windows\System\HQKMcdV.exe
  C:\Windows\System\HQKMcdV.exe
  2⤵
  PID:3004
- C:\Windows\System\VDPKkLe.exe
  C:\Windows\System\VDPKkLe.exe
  2⤵
  PID:7432
- C:\Windows\System\SerhLow.exe
  C:\Windows\System\SerhLow.exe
  2⤵
  PID:7480
- C:\Windows\System\sUKIrvV.exe
  C:\Windows\System\sUKIrvV.exe
  2⤵
  PID:7540
- C:\Windows\System\GOPkcho.exe
  C:\Windows\System\GOPkcho.exe
  2⤵
  PID:7520
- C:\Windows\System\pgyGjmW.exe
  C:\Windows\System\pgyGjmW.exe
  2⤵
  PID:7576
- C:\Windows\System\IfViLwT.exe
  C:\Windows\System\IfViLwT.exe
  2⤵
  PID:7644
- C:\Windows\System\CiXpFoL.exe
  C:\Windows\System\CiXpFoL.exe
  2⤵
  PID:7664
- C:\Windows\System\BCyMeBF.exe
  C:\Windows\System\BCyMeBF.exe
  2⤵
  PID:7716
- C:\Windows\System\dTSVzjU.exe
  C:\Windows\System\dTSVzjU.exe
  2⤵
  PID:7724
- C:\Windows\System\SvFGbGt.exe
  C:\Windows\System\SvFGbGt.exe
  2⤵
  PID:2144
- C:\Windows\System\mkkUejB.exe
  C:\Windows\System\mkkUejB.exe
  2⤵
  PID:7788
- C:\Windows\System\GCrIXsb.exe
  C:\Windows\System\GCrIXsb.exe
  2⤵
  PID:7820
- C:\Windows\System\EJFwktJ.exe
  C:\Windows\System\EJFwktJ.exe
  2⤵
  PID:1668
- C:\Windows\System\Lzixofr.exe
  C:\Windows\System\Lzixofr.exe
  2⤵
  PID:7880
- C:\Windows\System\Kjdczmw.exe
  C:\Windows\System\Kjdczmw.exe
  2⤵
  PID:7900
- C:\Windows\System\exFleGS.exe
  C:\Windows\System\exFleGS.exe
  2⤵
  PID:7960
- C:\Windows\System\RcxnbAd.exe
  C:\Windows\System\RcxnbAd.exe
  2⤵
  PID:7980
- C:\Windows\System\NTJGjPj.exe
  C:\Windows\System\NTJGjPj.exe
  2⤵
  PID:8020
- C:\Windows\System\qMvIRZc.exe
  C:\Windows\System\qMvIRZc.exe
  2⤵
  PID:8044
- C:\Windows\System\VQmWPcx.exe
  C:\Windows\System\VQmWPcx.exe
  2⤵
  PID:8100
- C:\Windows\System\whyhhoX.exe
  C:\Windows\System\whyhhoX.exe
  2⤵
  PID:1744
- C:\Windows\System\SaKxOdm.exe
  C:\Windows\System\SaKxOdm.exe
  2⤵
  PID:8140
- C:\Windows\System\dTmLHYu.exe
  C:\Windows\System\dTmLHYu.exe
  2⤵
  PID:2288
- C:\Windows\System\tOQfcOD.exe
  C:\Windows\System\tOQfcOD.exe
  2⤵
  PID:8180
- C:\Windows\System\aWMwcGh.exe
  C:\Windows\System\aWMwcGh.exe
  2⤵
  PID:6656
- C:\Windows\System\UwesOrw.exe
  C:\Windows\System\UwesOrw.exe
  2⤵
  PID:6696
- C:\Windows\System\DVMpdNe.exe
  C:\Windows\System\DVMpdNe.exe
  2⤵
  PID:7140
- C:\Windows\System\bJDmepc.exe
  C:\Windows\System\bJDmepc.exe
  2⤵
  PID:7084
- C:\Windows\System\pCBHmFe.exe
  C:\Windows\System\pCBHmFe.exe
  2⤵
  PID:3676
- C:\Windows\System\ZOvGaCj.exe
  C:\Windows\System\ZOvGaCj.exe
  2⤵
  PID:2992
- C:\Windows\System\WaCzHig.exe
  C:\Windows\System\WaCzHig.exe
  2⤵
  PID:7172
- C:\Windows\System\EUkRLhK.exe
  C:\Windows\System\EUkRLhK.exe
  2⤵
  PID:7192
- C:\Windows\System\PKiYgjG.exe
  C:\Windows\System\PKiYgjG.exe
  2⤵
  PID:2068
- C:\Windows\System\GwBaHgo.exe
  C:\Windows\System\GwBaHgo.exe
  2⤵
  PID:7232
- C:\Windows\System\cyazYxS.exe
  C:\Windows\System\cyazYxS.exe
  2⤵
  PID:7312
- C:\Windows\System\DyJaglc.exe
  C:\Windows\System\DyJaglc.exe
  2⤵
  PID:7412
- C:\Windows\System\SZEtZkY.exe
  C:\Windows\System\SZEtZkY.exe
  2⤵
  PID:7452
- C:\Windows\System\CIHyMHM.exe
  C:\Windows\System\CIHyMHM.exe
  2⤵
  PID:7496
- C:\Windows\System\naYKdgG.exe
  C:\Windows\System\naYKdgG.exe
  2⤵
  PID:1480
- C:\Windows\System\GDDvxaf.exe
  C:\Windows\System\GDDvxaf.exe
  2⤵
  PID:7588
- C:\Windows\System\FABLXUP.exe
  C:\Windows\System\FABLXUP.exe
  2⤵
  PID:7660
- C:\Windows\System\YPrlKQz.exe
  C:\Windows\System\YPrlKQz.exe
  2⤵
  PID:7616
- C:\Windows\System\kYNGRxs.exe
  C:\Windows\System\kYNGRxs.exe
  2⤵
  PID:596
- C:\Windows\System\rgyWqIq.exe
  C:\Windows\System\rgyWqIq.exe
  2⤵
  PID:7700
- C:\Windows\System\vWYVhYj.exe
  C:\Windows\System\vWYVhYj.exe
  2⤵
  PID:1256
- C:\Windows\System\GaRTVDx.exe
  C:\Windows\System\GaRTVDx.exe
  2⤵
  PID:1292
- C:\Windows\System\yjuVHfO.exe
  C:\Windows\System\yjuVHfO.exe
  2⤵
  PID:7868
- C:\Windows\System\dwynhmt.exe
  C:\Windows\System\dwynhmt.exe
  2⤵
  PID:580
- C:\Windows\System\JCANutc.exe
  C:\Windows\System\JCANutc.exe
  2⤵
  PID:7884
- C:\Windows\System\XZVJqYZ.exe
  C:\Windows\System\XZVJqYZ.exe
  2⤵
  PID:7948
- C:\Windows\System\BidUUMw.exe
  C:\Windows\System\BidUUMw.exe
  2⤵
  PID:1960
- C:\Windows\System\FSWangJ.exe
  C:\Windows\System\FSWangJ.exe
  2⤵
  PID:2168
- C:\Windows\System\UDciUIO.exe
  C:\Windows\System\UDciUIO.exe
  2⤵
  PID:936
- C:\Windows\System\nNuERDh.exe
  C:\Windows\System\nNuERDh.exe
  2⤵
  PID:7944
- C:\Windows\System\eMOLRHT.exe
  C:\Windows\System\eMOLRHT.exe
  2⤵
  PID:8060
- C:\Windows\System\CedPdaJ.exe
  C:\Windows\System\CedPdaJ.exe
  2⤵
  PID:8024
- C:\Windows\System\FrlaZDm.exe
  C:\Windows\System\FrlaZDm.exe
  2⤵
  PID:8164
- C:\Windows\System\sxOTxIx.exe
  C:\Windows\System\sxOTxIx.exe
  2⤵
  PID:6520
- C:\Windows\System\ewcbykc.exe
  C:\Windows\System\ewcbykc.exe
  2⤵
  PID:7216
- C:\Windows\System\prdlYrr.exe
  C:\Windows\System\prdlYrr.exe
  2⤵
  PID:8144
- C:\Windows\System\DigRFLA.exe
  C:\Windows\System\DigRFLA.exe
  2⤵
  PID:7764
- C:\Windows\System\tobCfqa.exe
  C:\Windows\System\tobCfqa.exe
  2⤵
  PID:2420
- C:\Windows\System\AQtAfeg.exe
  C:\Windows\System\AQtAfeg.exe
  2⤵
  PID:7372
- C:\Windows\System\cWlfsEH.exe
  C:\Windows\System\cWlfsEH.exe
  2⤵
  PID:7448
- C:\Windows\System\vrtJpIE.exe
  C:\Windows\System\vrtJpIE.exe
  2⤵
  PID:7596
- C:\Windows\System\uadXjrq.exe
  C:\Windows\System\uadXjrq.exe
  2⤵
  PID:7280
- C:\Windows\System\IRHsGKe.exe
  C:\Windows\System\IRHsGKe.exe
  2⤵
  PID:7684
- C:\Windows\System\vzswQoz.exe
  C:\Windows\System\vzswQoz.exe
  2⤵
  PID:2716
- C:\Windows\System\MqJZJpT.exe
  C:\Windows\System\MqJZJpT.exe
  2⤵
  PID:7744
- C:\Windows\System\DWHMJZO.exe
  C:\Windows\System\DWHMJZO.exe
  2⤵
  PID:7720
- C:\Windows\System\thZnteE.exe
  C:\Windows\System\thZnteE.exe
  2⤵
  PID:7904
- C:\Windows\System\soHDTBU.exe
  C:\Windows\System\soHDTBU.exe
  2⤵
  PID:7804
- C:\Windows\System\GjbzYGV.exe
  C:\Windows\System\GjbzYGV.exe
  2⤵
  PID:896
- C:\Windows\System\vnPZCig.exe
  C:\Windows\System\vnPZCig.exe
  2⤵
  PID:560
- C:\Windows\System\xvJMfJT.exe
  C:\Windows\System\xvJMfJT.exe
  2⤵
  PID:2180
- C:\Windows\System\JcLYSBh.exe
  C:\Windows\System\JcLYSBh.exe
  2⤵
  PID:920
- C:\Windows\System\HbeDQiI.exe
  C:\Windows\System\HbeDQiI.exe
  2⤵
  PID:8064
- C:\Windows\System\ZjGjrfh.exe
  C:\Windows\System\ZjGjrfh.exe
  2⤵
  PID:7272
- C:\Windows\System\jQkzYHr.exe
  C:\Windows\System\jQkzYHr.exe
  2⤵
  PID:8120
- C:\Windows\System\IoXNIAS.exe
  C:\Windows\System\IoXNIAS.exe
  2⤵
  PID:6336
- C:\Windows\System\pyEEhWx.exe
  C:\Windows\System\pyEEhWx.exe
  2⤵
  PID:8124
- C:\Windows\System\vElpwVH.exe
  C:\Windows\System\vElpwVH.exe
  2⤵
  PID:3056
- C:\Windows\System\uMbEqhE.exe
  C:\Windows\System\uMbEqhE.exe
  2⤵
  PID:7500
- C:\Windows\System\sPfJEEX.exe
  C:\Windows\System\sPfJEEX.exe
  2⤵
  PID:2916
- C:\Windows\System\ssbwUWP.exe
  C:\Windows\System\ssbwUWP.exe
  2⤵
  PID:7548
- C:\Windows\System\SXlaCDD.exe
  C:\Windows\System\SXlaCDD.exe
  2⤵
  PID:7928
- C:\Windows\System\lLCORqL.exe
  C:\Windows\System\lLCORqL.exe
  2⤵
  PID:7844
- C:\Windows\System\ZoqKSsg.exe
  C:\Windows\System\ZoqKSsg.exe
  2⤵
  PID:1760
- C:\Windows\System\LLyrRAI.exe
  C:\Windows\System\LLyrRAI.exe
  2⤵
  PID:7800
- C:\Windows\System\glDEEbu.exe
  C:\Windows\System\glDEEbu.exe
  2⤵
  PID:6604
- C:\Windows\System\MwlWYZE.exe
  C:\Windows\System\MwlWYZE.exe
  2⤵
  PID:8008
- C:\Windows\System\jptwyXw.exe
  C:\Windows\System\jptwyXw.exe
  2⤵
  PID:8088
- C:\Windows\System\kFoqvHL.exe
  C:\Windows\System\kFoqvHL.exe
  2⤵
  PID:444
- C:\Windows\System\MqnDbYY.exe
  C:\Windows\System\MqnDbYY.exe
  2⤵
  PID:7656
- C:\Windows\System\BFAMyLa.exe
  C:\Windows\System\BFAMyLa.exe
  2⤵
  PID:2392
- C:\Windows\System\dGKEVQT.exe
  C:\Windows\System\dGKEVQT.exe
  2⤵
  PID:2932
- C:\Windows\System\toCNZXC.exe
  C:\Windows\System\toCNZXC.exe
  2⤵
  PID:7424
- C:\Windows\System\WrWAznp.exe
  C:\Windows\System\WrWAznp.exe
  2⤵
  PID:916
- C:\Windows\System\srqMNII.exe
  C:\Windows\System\srqMNII.exe
  2⤵
  PID:7340
- C:\Windows\System\GHfCeRX.exe
  C:\Windows\System\GHfCeRX.exe
  2⤵
  PID:868
- C:\Windows\System\FWSrwPt.exe
  C:\Windows\System\FWSrwPt.exe
  2⤵
  PID:5868
- C:\Windows\System\sNrwXrV.exe
  C:\Windows\System\sNrwXrV.exe
  2⤵
  PID:7000
- C:\Windows\System\SNgXiLL.exe
  C:\Windows\System\SNgXiLL.exe
  2⤵
  PID:1852
- C:\Windows\System\EWBEygI.exe
  C:\Windows\System\EWBEygI.exe
  2⤵
  PID:8040
- C:\Windows\System\zYqlvUW.exe
  C:\Windows\System\zYqlvUW.exe
  2⤵
  PID:7200
- C:\Windows\System\ssWNYHr.exe
  C:\Windows\System\ssWNYHr.exe
  2⤵
  PID:7592
- C:\Windows\System\rRUpaKp.exe
  C:\Windows\System\rRUpaKp.exe
  2⤵
  PID:760
- C:\Windows\System\CQoRGwj.exe
  C:\Windows\System\CQoRGwj.exe
  2⤵
  PID:8200
- C:\Windows\System\ctrSAno.exe
  C:\Windows\System\ctrSAno.exe
  2⤵
  PID:8216
- C:\Windows\System\IvKaSok.exe
  C:\Windows\System\IvKaSok.exe
  2⤵
  PID:8232
- C:\Windows\System\NtZVXCr.exe
  C:\Windows\System\NtZVXCr.exe
  2⤵
  PID:8248
- C:\Windows\System\HquTIgh.exe
  C:\Windows\System\HquTIgh.exe
  2⤵
  PID:8264
- C:\Windows\System\wyZtYez.exe
  C:\Windows\System\wyZtYez.exe
  2⤵
  PID:8280
- C:\Windows\System\gYBYIay.exe
  C:\Windows\System\gYBYIay.exe
  2⤵
  PID:8308
- C:\Windows\System\XnYlHxl.exe
  C:\Windows\System\XnYlHxl.exe
  2⤵
  PID:8336
- C:\Windows\System\dqmujRc.exe
  C:\Windows\System\dqmujRc.exe
  2⤵
  PID:8360
- C:\Windows\System\dYYpZTZ.exe
  C:\Windows\System\dYYpZTZ.exe
  2⤵
  PID:8380
- C:\Windows\System\iUIYFIN.exe
  C:\Windows\System\iUIYFIN.exe
  2⤵
  PID:8396
- C:\Windows\System\awlxEQj.exe
  C:\Windows\System\awlxEQj.exe
  2⤵
  PID:8412
- C:\Windows\System\skPvTWI.exe
  C:\Windows\System\skPvTWI.exe
  2⤵
  PID:8448
- C:\Windows\System\vgyhZvK.exe
  C:\Windows\System\vgyhZvK.exe
  2⤵
  PID:8464
- C:\Windows\System\OkltiSx.exe
  C:\Windows\System\OkltiSx.exe
  2⤵
  PID:8480
- C:\Windows\System\nlPuLLF.exe
  C:\Windows\System\nlPuLLF.exe
  2⤵
  PID:8496
- C:\Windows\System\wlxlNEe.exe
  C:\Windows\System\wlxlNEe.exe
  2⤵
  PID:8512
- C:\Windows\System\tmcSwQn.exe
  C:\Windows\System\tmcSwQn.exe
  2⤵
  PID:8536
- C:\Windows\System\acLJLRw.exe
  C:\Windows\System\acLJLRw.exe
  2⤵
  PID:8556
- C:\Windows\System\VcUyadh.exe
  C:\Windows\System\VcUyadh.exe
  2⤵
  PID:8576
- C:\Windows\System\RbuWnHb.exe
  C:\Windows\System\RbuWnHb.exe
  2⤵
  PID:8600
- C:\Windows\System\oziBjDk.exe
  C:\Windows\System\oziBjDk.exe
  2⤵
  PID:8620
- C:\Windows\System\fkgVtCX.exe
  C:\Windows\System\fkgVtCX.exe
  2⤵
  PID:8636
- C:\Windows\System\FzfKaDB.exe
  C:\Windows\System\FzfKaDB.exe
  2⤵
  PID:8664
- C:\Windows\System\zHpNbVw.exe
  C:\Windows\System\zHpNbVw.exe
  2⤵
  PID:8688
- C:\Windows\System\ATCnRRT.exe
  C:\Windows\System\ATCnRRT.exe
  2⤵
  PID:8712
- C:\Windows\System\ZpcgcVC.exe
  C:\Windows\System\ZpcgcVC.exe
  2⤵
  PID:8732
- C:\Windows\System\QnBvIpJ.exe
  C:\Windows\System\QnBvIpJ.exe
  2⤵
  PID:8748
- C:\Windows\System\UsBtjVb.exe
  C:\Windows\System\UsBtjVb.exe
  2⤵
  PID:8764
- C:\Windows\System\uorZPGk.exe
  C:\Windows\System\uorZPGk.exe
  2⤵
  PID:8780
- C:\Windows\System\xlbLEaJ.exe
  C:\Windows\System\xlbLEaJ.exe
  2⤵
  PID:8800
- C:\Windows\System\iChdUYq.exe
  C:\Windows\System\iChdUYq.exe
  2⤵
  PID:8816
- C:\Windows\System\grLFTxw.exe
  C:\Windows\System\grLFTxw.exe
  2⤵
  PID:8856
- C:\Windows\System\vINuyHP.exe
  C:\Windows\System\vINuyHP.exe
  2⤵
  PID:8872
- C:\Windows\System\gwjDqRp.exe
  C:\Windows\System\gwjDqRp.exe
  2⤵
  PID:8892
- C:\Windows\System\NHlpXQZ.exe
  C:\Windows\System\NHlpXQZ.exe
  2⤵
  PID:8912
- C:\Windows\System\mpaJdKK.exe
  C:\Windows\System\mpaJdKK.exe
  2⤵
  PID:8932
- C:\Windows\System\qszjQNj.exe
  C:\Windows\System\qszjQNj.exe
  2⤵
  PID:8948
- C:\Windows\System\gXjgHvI.exe
  C:\Windows\System\gXjgHvI.exe
  2⤵
  PID:8964
- C:\Windows\System\alKCkLm.exe
  C:\Windows\System\alKCkLm.exe
  2⤵
  PID:8980
- C:\Windows\System\SaLJizf.exe
  C:\Windows\System\SaLJizf.exe
  2⤵
  PID:8996
- C:\Windows\System\RhSnOpq.exe
  C:\Windows\System\RhSnOpq.exe
  2⤵
  PID:9016
- C:\Windows\System\YoxUODe.exe
  C:\Windows\System\YoxUODe.exe
  2⤵
  PID:9032
- C:\Windows\System\xicrePa.exe
  C:\Windows\System\xicrePa.exe
  2⤵
  PID:9052
- C:\Windows\System\dolbraw.exe
  C:\Windows\System\dolbraw.exe
  2⤵
  PID:9072
- C:\Windows\System\CxPfsME.exe
  C:\Windows\System\CxPfsME.exe
  2⤵
  PID:9096
- C:\Windows\System\sxiIYPQ.exe
  C:\Windows\System\sxiIYPQ.exe
  2⤵
  PID:9116
- C:\Windows\System\InGjxfz.exe
  C:\Windows\System\InGjxfz.exe
  2⤵
  PID:9132
- C:\Windows\System\xFrzwwW.exe
  C:\Windows\System\xFrzwwW.exe
  2⤵
  PID:9152
- C:\Windows\System\ApQweiU.exe
  C:\Windows\System\ApQweiU.exe
  2⤵
  PID:9200
- C:\Windows\System\eKKGZsP.exe
  C:\Windows\System\eKKGZsP.exe
  2⤵
  PID:8196
- C:\Windows\System\IVwQAhc.exe
  C:\Windows\System\IVwQAhc.exe
  2⤵
  PID:7320
- C:\Windows\System\zFlalXc.exe
  C:\Windows\System\zFlalXc.exe
  2⤵
  PID:8256
- C:\Windows\System\xKhQXpJ.exe
  C:\Windows\System\xKhQXpJ.exe
  2⤵
  PID:8296
- C:\Windows\System\ExIFiGL.exe
  C:\Windows\System\ExIFiGL.exe
  2⤵
  PID:8276
- C:\Windows\System\LNjrbqQ.exe
  C:\Windows\System\LNjrbqQ.exe
  2⤵
  PID:8316
- C:\Windows\System\XjwLwLR.exe
  C:\Windows\System\XjwLwLR.exe
  2⤵
  PID:8348
- C:\Windows\System\NlZgdah.exe
  C:\Windows\System\NlZgdah.exe
  2⤵
  PID:8392
- C:\Windows\System\FiSyiGd.exe
  C:\Windows\System\FiSyiGd.exe
  2⤵
  PID:8404
- C:\Windows\System\WmDPeSs.exe
  C:\Windows\System\WmDPeSs.exe
  2⤵
  PID:8476
- C:\Windows\System\eTUvmSg.exe
  C:\Windows\System\eTUvmSg.exe
  2⤵
  PID:8548
- C:\Windows\System\kxWQIqu.exe
  C:\Windows\System\kxWQIqu.exe
  2⤵
  PID:8488
- C:\Windows\System\gbutRhj.exe
  C:\Windows\System\gbutRhj.exe
  2⤵
  PID:8532
- C:\Windows\System\QCqhwUD.exe
  C:\Windows\System\QCqhwUD.exe
  2⤵
  PID:8632
- C:\Windows\System\fAVwezd.exe
  C:\Windows\System\fAVwezd.exe
  2⤵
  PID:8644
- C:\Windows\System\OvemRuI.exe
  C:\Windows\System\OvemRuI.exe
  2⤵
  PID:8676
- C:\Windows\System\pLSmYrI.exe
  C:\Windows\System\pLSmYrI.exe
  2⤵
  PID:8424
- C:\Windows\System\FlXplxf.exe
  C:\Windows\System\FlXplxf.exe
  2⤵
  PID:8728
- C:\Windows\System\CvYafHs.exe
  C:\Windows\System\CvYafHs.exe
  2⤵
  PID:8760
- C:\Windows\System\dqOqXdo.exe
  C:\Windows\System\dqOqXdo.exe
  2⤵
  PID:8772
- C:\Windows\System\bytKZQy.exe
  C:\Windows\System\bytKZQy.exe
  2⤵
  PID:8828
- C:\Windows\System\IzYDjYE.exe
  C:\Windows\System\IzYDjYE.exe
  2⤵
  PID:8852
- C:\Windows\System\gZCzfhV.exe
  C:\Windows\System\gZCzfhV.exe
  2⤵
  PID:8884
- C:\Windows\System\CISIEJA.exe
  C:\Windows\System\CISIEJA.exe
  2⤵
  PID:8704
- C:\Windows\System\MDdUlPP.exe
  C:\Windows\System\MDdUlPP.exe
  2⤵
  PID:8908
- C:\Windows\System\mlenqyq.exe
  C:\Windows\System\mlenqyq.exe
  2⤵
  PID:8972
- C:\Windows\System\mlsrXqW.exe
  C:\Windows\System\mlsrXqW.exe
  2⤵
  PID:9068
- C:\Windows\System\QpMJaEr.exe
  C:\Windows\System\QpMJaEr.exe
  2⤵
  PID:9012
- C:\Windows\System\lxYCRZw.exe
  C:\Windows\System\lxYCRZw.exe
  2⤵
  PID:9084
- C:\Windows\System\eiZyzMj.exe
  C:\Windows\System\eiZyzMj.exe
  2⤵
  PID:9128
- C:\Windows\System\WvVjHLn.exe
  C:\Windows\System\WvVjHLn.exe
  2⤵
  PID:8848
- C:\Windows\System\vzFeSlO.exe
  C:\Windows\System\vzFeSlO.exe
  2⤵
  PID:9192
- C:\Windows\System\AACceKP.exe
  C:\Windows\System\AACceKP.exe
  2⤵
  PID:8240
- C:\Windows\System\rRpAzBp.exe
  C:\Windows\System\rRpAzBp.exe
  2⤵
  PID:2768
- C:\Windows\System\jyMLpXk.exe
  C:\Windows\System\jyMLpXk.exe
  2⤵
  PID:8352
- C:\Windows\System\oTWqpxt.exe
  C:\Windows\System\oTWqpxt.exe
  2⤵
  PID:8244
- C:\Windows\System\ANqRJxw.exe
  C:\Windows\System\ANqRJxw.exe
  2⤵
  PID:8544
- C:\Windows\System\qtAaeux.exe
  C:\Windows\System\qtAaeux.exe
  2⤵
  PID:8444
- C:\Windows\System\ekWfULK.exe
  C:\Windows\System\ekWfULK.exe
  2⤵
  PID:8596
- C:\Windows\System\kFcEkQH.exe
  C:\Windows\System\kFcEkQH.exe
  2⤵
  PID:8572
- C:\Windows\System\RUNpYiV.exe
  C:\Windows\System\RUNpYiV.exe
  2⤵
  PID:8616
- C:\Windows\System\owOLVQR.exe
  C:\Windows\System\owOLVQR.exe
  2⤵
  PID:8672
- C:\Windows\System\NPRGGth.exe
  C:\Windows\System\NPRGGth.exe
  2⤵
  PID:8756
- C:\Windows\System\cYTJaRx.exe
  C:\Windows\System\cYTJaRx.exe
  2⤵
  PID:8880
- C:\Windows\System\kGYrcDP.exe
  C:\Windows\System\kGYrcDP.exe
  2⤵
  PID:8988
- C:\Windows\System\CVKsmeb.exe
  C:\Windows\System\CVKsmeb.exe
  2⤵
  PID:9112
- C:\Windows\System\kpfDorN.exe
  C:\Windows\System\kpfDorN.exe
  2⤵
  PID:8924
- C:\Windows\System\bveTPod.exe
  C:\Windows\System\bveTPod.exe
  2⤵
  PID:9140
- C:\Windows\System\HZvEyyy.exe
  C:\Windows\System\HZvEyyy.exe
  2⤵
  PID:9008
- C:\Windows\System\HgjeRtj.exe
  C:\Windows\System\HgjeRtj.exe
  2⤵
  PID:9168
- C:\Windows\System\FEXvhxZ.exe
  C:\Windows\System\FEXvhxZ.exe
  2⤵
  PID:8300
- C:\Windows\System\HOWaPXf.exe
  C:\Windows\System\HOWaPXf.exe
  2⤵
  PID:9180
- C:\Windows\System\nQjJRxY.exe
  C:\Windows\System\nQjJRxY.exe
  2⤵
  PID:8428
- C:\Windows\System\wqJAuwW.exe
  C:\Windows\System\wqJAuwW.exe
  2⤵
  PID:8840
- C:\Windows\System\GyLftvt.exe
  C:\Windows\System\GyLftvt.exe
  2⤵
  PID:8588
- C:\Windows\System\vnzsOHN.exe
  C:\Windows\System\vnzsOHN.exe
  2⤵
  PID:8524
- C:\Windows\System\OlAjPxT.exe
  C:\Windows\System\OlAjPxT.exe
  2⤵
  PID:8744
- C:\Windows\System\GnvwZdq.exe
  C:\Windows\System\GnvwZdq.exe
  2⤵
  PID:8868
- C:\Windows\System\ChCMeIc.exe
  C:\Windows\System\ChCMeIc.exe
  2⤵
  PID:8720
- C:\Windows\System\EGYgnjP.exe
  C:\Windows\System\EGYgnjP.exe
  2⤵
  PID:8812
- C:\Windows\System\VnXGCTV.exe
  C:\Windows\System\VnXGCTV.exe
  2⤵
  PID:9148
- C:\Windows\System\TOOCKLg.exe
  C:\Windows\System\TOOCKLg.exe
  2⤵
  PID:9092
- C:\Windows\System\LKkTGOG.exe
  C:\Windows\System\LKkTGOG.exe
  2⤵
  PID:8212
- C:\Windows\System\UvWOftc.exe
  C:\Windows\System\UvWOftc.exe
  2⤵
  PID:5360
- C:\Windows\System\GmxDfGA.exe
  C:\Windows\System\GmxDfGA.exe
  2⤵
  PID:8440
- C:\Windows\System\hMiSNuy.exe
  C:\Windows\System\hMiSNuy.exe
  2⤵
  PID:8520
- C:\Windows\System\xzjXwOc.exe
  C:\Windows\System\xzjXwOc.exe
  2⤵
  PID:9028
- C:\Windows\System\UIbQJqJ.exe
  C:\Windows\System\UIbQJqJ.exe
  2⤵
  PID:8836
- C:\Windows\System\pgopsOo.exe
  C:\Windows\System\pgopsOo.exe
  2⤵
  PID:9080
- C:\Windows\System\RDavOjZ.exe
  C:\Windows\System\RDavOjZ.exe
  2⤵
  PID:9212
- C:\Windows\System\HAYKXzL.exe
  C:\Windows\System\HAYKXzL.exe
  2⤵
  PID:8904
- C:\Windows\System\abGlxuY.exe
  C:\Windows\System\abGlxuY.exe
  2⤵
  PID:8508
- C:\Windows\System\tDhKeKW.exe
  C:\Windows\System\tDhKeKW.exe
  2⤵
  PID:9228
- C:\Windows\System\CxjPBxw.exe
  C:\Windows\System\CxjPBxw.exe
  2⤵
  PID:9244
- C:\Windows\System\xfwWYII.exe
  C:\Windows\System\xfwWYII.exe
  2⤵
  PID:9292
- C:\Windows\System\oJmklOP.exe
  C:\Windows\System\oJmklOP.exe
  2⤵
  PID:9308
- C:\Windows\System\ZdoTwrO.exe
  C:\Windows\System\ZdoTwrO.exe
  2⤵
  PID:9324
- C:\Windows\System\jrMeCNK.exe
  C:\Windows\System\jrMeCNK.exe
  2⤵
  PID:9340
- C:\Windows\System\fBHkbIJ.exe
  C:\Windows\System\fBHkbIJ.exe
  2⤵
  PID:9356
- C:\Windows\System\dvMZRhF.exe
  C:\Windows\System\dvMZRhF.exe
  2⤵
  PID:9372
- C:\Windows\System\JwpjCVe.exe
  C:\Windows\System\JwpjCVe.exe
  2⤵
  PID:9400
- C:\Windows\System\qDWkzVS.exe
  C:\Windows\System\qDWkzVS.exe
  2⤵
  PID:9424
- C:\Windows\System\ZBrgHlU.exe
  C:\Windows\System\ZBrgHlU.exe
  2⤵
  PID:9452
- C:\Windows\System\EryYzaz.exe
  C:\Windows\System\EryYzaz.exe
  2⤵
  PID:9468
- C:\Windows\System\VGorwyq.exe
  C:\Windows\System\VGorwyq.exe
  2⤵
  PID:9492
- C:\Windows\System\rUmGcuN.exe
  C:\Windows\System\rUmGcuN.exe
  2⤵
  PID:9508
- C:\Windows\System\hVphYOT.exe
  C:\Windows\System\hVphYOT.exe
  2⤵
  PID:9528
- C:\Windows\System\oSZhKzn.exe
  C:\Windows\System\oSZhKzn.exe
  2⤵
  PID:9552
- C:\Windows\System\pKmSCQm.exe
  C:\Windows\System\pKmSCQm.exe
  2⤵
  PID:9572
- C:\Windows\System\gtUfTkW.exe
  C:\Windows\System\gtUfTkW.exe
  2⤵
  PID:9592
- C:\Windows\System\tkqluvM.exe
  C:\Windows\System\tkqluvM.exe
  2⤵
  PID:9616
- C:\Windows\System\THIqzgq.exe
  C:\Windows\System\THIqzgq.exe
  2⤵
  PID:9636
- C:\Windows\System\YsKeXLP.exe
  C:\Windows\System\YsKeXLP.exe
  2⤵
  PID:9656
- C:\Windows\System\cbPrlrP.exe
  C:\Windows\System\cbPrlrP.exe
  2⤵
  PID:9676
- C:\Windows\System\TBkxRZh.exe
  C:\Windows\System\TBkxRZh.exe
  2⤵
  PID:9692
- C:\Windows\System\BmMdHWI.exe
  C:\Windows\System\BmMdHWI.exe
  2⤵
  PID:9708
- C:\Windows\System\mMwlfJh.exe
  C:\Windows\System\mMwlfJh.exe
  2⤵
  PID:9724
- C:\Windows\System\ORXQTIY.exe
  C:\Windows\System\ORXQTIY.exe
  2⤵
  PID:9748
- C:\Windows\System\pqIAOuU.exe
  C:\Windows\System\pqIAOuU.exe
  2⤵
  PID:9768
- C:\Windows\System\SUDoTYs.exe
  C:\Windows\System\SUDoTYs.exe
  2⤵
  PID:9792
- C:\Windows\System\OHolYsB.exe
  C:\Windows\System\OHolYsB.exe
  2⤵
  PID:9812
- C:\Windows\System\pHXOHrj.exe
  C:\Windows\System\pHXOHrj.exe
  2⤵
  PID:9832
- C:\Windows\System\PYHidch.exe
  C:\Windows\System\PYHidch.exe
  2⤵
  PID:9852
- C:\Windows\System\VGoYhju.exe
  C:\Windows\System\VGoYhju.exe
  2⤵
  PID:9872
- C:\Windows\System\pvSbAWZ.exe
  C:\Windows\System\pvSbAWZ.exe
  2⤵
  PID:9888
- C:\Windows\System\weBaWTW.exe
  C:\Windows\System\weBaWTW.exe
  2⤵
  PID:9916
- C:\Windows\System\zfmfLyu.exe
  C:\Windows\System\zfmfLyu.exe
  2⤵
  PID:9932
- C:\Windows\System\xZDpdKn.exe
  C:\Windows\System\xZDpdKn.exe
  2⤵
  PID:9948
- C:\Windows\System\rkLziPg.exe
  C:\Windows\System\rkLziPg.exe
  2⤵
  PID:9968
- C:\Windows\System\tYynFpV.exe
  C:\Windows\System\tYynFpV.exe
  2⤵
  PID:9984
- C:\Windows\System\ozmedrM.exe
  C:\Windows\System\ozmedrM.exe
  2⤵
  PID:10012
- C:\Windows\System\YEkEupz.exe
  C:\Windows\System\YEkEupz.exe
  2⤵
  PID:10028
- C:\Windows\System\UWWGvod.exe
  C:\Windows\System\UWWGvod.exe
  2⤵
  PID:10048
- C:\Windows\System\RPTCGjQ.exe
  C:\Windows\System\RPTCGjQ.exe
  2⤵
  PID:10064
- C:\Windows\System\xdFpjLY.exe
  C:\Windows\System\xdFpjLY.exe
  2⤵
  PID:10084
- C:\Windows\System\qIYTHfc.exe
  C:\Windows\System\qIYTHfc.exe
  2⤵
  PID:10104
- C:\Windows\System\aPcyGsw.exe
  C:\Windows\System\aPcyGsw.exe
  2⤵
  PID:10132
- C:\Windows\System\lHwwBfs.exe
  C:\Windows\System\lHwwBfs.exe
  2⤵
  PID:10152
- C:\Windows\System\diGZsSw.exe
  C:\Windows\System\diGZsSw.exe
  2⤵
  PID:10172
- C:\Windows\System\dxxdddT.exe
  C:\Windows\System\dxxdddT.exe
  2⤵
  PID:10192
- C:\Windows\System\xKbkwZR.exe
  C:\Windows\System\xKbkwZR.exe
  2⤵
  PID:10208
- C:\Windows\System\jhFsPgh.exe
  C:\Windows\System\jhFsPgh.exe
  2⤵
  PID:10224
- C:\Windows\System\YRZxlqI.exe
  C:\Windows\System\YRZxlqI.exe
  2⤵
  PID:9224
- C:\Windows\System\NYUuWXe.exe
  C:\Windows\System\NYUuWXe.exe
  2⤵
  PID:8408
- C:\Windows\System\GbtoUgC.exe
  C:\Windows\System\GbtoUgC.exe
  2⤵
  PID:8224
- C:\Windows\System\FROKQGv.exe
  C:\Windows\System\FROKQGv.exe
  2⤵
  PID:9060
- C:\Windows\System\vmVdFvj.exe
  C:\Windows\System\vmVdFvj.exe
  2⤵
  PID:9256
- C:\Windows\System\JYmejwE.exe
  C:\Windows\System\JYmejwE.exe
  2⤵
  PID:9280
- C:\Windows\System\tGHAKeu.exe
  C:\Windows\System\tGHAKeu.exe
  2⤵
  PID:9304
- C:\Windows\System\adtlZbr.exe
  C:\Windows\System\adtlZbr.exe
  2⤵
  PID:9348
- C:\Windows\System\szNnumU.exe
  C:\Windows\System\szNnumU.exe
  2⤵
  PID:9396
- C:\Windows\System\iuVYEwL.exe
  C:\Windows\System\iuVYEwL.exe
  2⤵
  PID:9440
- C:\Windows\System\cauVdlw.exe
  C:\Windows\System\cauVdlw.exe
  2⤵
  PID:9368
- C:\Windows\System\OFmjBxQ.exe
  C:\Windows\System\OFmjBxQ.exe
  2⤵
  PID:9460
- C:\Windows\System\qxlyLBg.exe
  C:\Windows\System\qxlyLBg.exe
  2⤵
  PID:9536
- C:\Windows\System\PSVoMdH.exe
  C:\Windows\System\PSVoMdH.exe
  2⤵
  PID:9568
- C:\Windows\System\URwKPtV.exe
  C:\Windows\System\URwKPtV.exe
  2⤵
  PID:9584
- C:\Windows\System\aqoGXYo.exe
  C:\Windows\System\aqoGXYo.exe
  2⤵
  PID:9612
- C:\Windows\System\xAGQBSg.exe
  C:\Windows\System\xAGQBSg.exe
  2⤵
  PID:9644
- C:\Windows\System\WaRFHEy.exe
  C:\Windows\System\WaRFHEy.exe
  2⤵
  PID:9684
- C:\Windows\System\HckheSh.exe
  C:\Windows\System\HckheSh.exe
  2⤵
  PID:9720
- C:\Windows\System\RcOEZkc.exe
  C:\Windows\System\RcOEZkc.exe
  2⤵
  PID:9744
- C:\Windows\System\OpoyxHK.exe
  C:\Windows\System\OpoyxHK.exe
  2⤵
  PID:9800
- C:\Windows\System\ACXvIst.exe
  C:\Windows\System\ACXvIst.exe
  2⤵
  PID:9824
- C:\Windows\System\UllCBgy.exe
  C:\Windows\System\UllCBgy.exe
  2⤵
  PID:9844
- C:\Windows\System\vQOmTsV.exe
  C:\Windows\System\vQOmTsV.exe
  2⤵
  PID:9884
- C:\Windows\System\hdkRbkK.exe
  C:\Windows\System\hdkRbkK.exe
  2⤵
  PID:9908
- C:\Windows\System\bfzHfpj.exe
  C:\Windows\System\bfzHfpj.exe
  2⤵
  PID:9964
- C:\Windows\System\RIYzOZB.exe
  C:\Windows\System\RIYzOZB.exe
  2⤵
  PID:9944
- C:\Windows\System\SJtSNWb.exe
  C:\Windows\System\SJtSNWb.exe
  2⤵
  PID:9976
- C:\Windows\System\utooKqX.exe
  C:\Windows\System\utooKqX.exe
  2⤵
  PID:10060
- C:\Windows\System\WKudWmJ.exe
  C:\Windows\System\WKudWmJ.exe
  2⤵
  PID:10128
- C:\Windows\System\IJOJQTv.exe
  C:\Windows\System\IJOJQTv.exe
  2⤵
  PID:10116
- C:\Windows\System\BfEzavM.exe
  C:\Windows\System\BfEzavM.exe
  2⤵
  PID:10232
- C:\Windows\System\ZxpXDnF.exe
  C:\Windows\System\ZxpXDnF.exe
  2⤵
  PID:8460
- C:\Windows\System\tNlRxZz.exe
  C:\Windows\System\tNlRxZz.exe
  2⤵
  PID:10188
- C:\Windows\System\klthQuq.exe
  C:\Windows\System\klthQuq.exe
  2⤵
  PID:10216
- C:\Windows\System\FwFizoN.exe
  C:\Windows\System\FwFizoN.exe
  2⤵
  PID:9300
- C:\Windows\System\ycTZkUh.exe
  C:\Windows\System\ycTZkUh.exe
  2⤵
  PID:9364
- C:\Windows\System\dUxzTwu.exe
  C:\Windows\System\dUxzTwu.exe
  2⤵
  PID:9336
- C:\Windows\System\aIGHYec.exe
  C:\Windows\System\aIGHYec.exe
  2⤵
  PID:9632
- C:\Windows\System\RLjguHf.exe
  C:\Windows\System\RLjguHf.exe
  2⤵
  PID:9704
- C:\Windows\System\NFCwdyb.exe
  C:\Windows\System\NFCwdyb.exe
  2⤵
  PID:9764
- C:\Windows\System\nULMTKA.exe
  C:\Windows\System\nULMTKA.exe
  2⤵
  PID:9788
- C:\Windows\System\lINEuQW.exe
  C:\Windows\System\lINEuQW.exe
  2⤵
  PID:9268
- C:\Windows\System\PxfDoDH.exe
  C:\Windows\System\PxfDoDH.exe
  2⤵
  PID:9848
- C:\Windows\System\nRLqTbv.exe
  C:\Windows\System\nRLqTbv.exe
  2⤵
  PID:9464
- C:\Windows\System\bEZDRXV.exe
  C:\Windows\System\bEZDRXV.exe
  2⤵
  PID:9560
- C:\Windows\System\CvDqxbW.exe
  C:\Windows\System\CvDqxbW.exe
  2⤵
  PID:9284
- C:\Windows\System\delhYiF.exe
  C:\Windows\System\delhYiF.exe
  2⤵
  PID:9648
- C:\Windows\System\teFSfOs.exe
  C:\Windows\System\teFSfOs.exe
  2⤵
  PID:9956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BETpyPB.exe

Filesize
6.0MB

MD5
17750c25e53227b2058e9149925b1336

SHA1
9275a086c492965cfb68d38d90088b29e83038bf

SHA256
1bcf04a8cdbe4902b803bd6e2103e86cb68c0f034613b0552e299ce760b39729

SHA512
f77d83de5e4aef970242ff254b2d78bc117072a5130b3d724c2d89fd8ae21af54903f9d3db128f3ead402df949f6801614a335375e7c5f876b16f0aa8e36a09a

Download Submit
C:\Windows\system\HkROQTB.exe

Filesize
6.0MB

MD5
558b47330d3a00bc79b0f8283c1444a8

SHA1
ccbf454f2db9899c81dd5c51e41b2bb8eed37efa

SHA256
bb8211d952d95080864e4e5a70ee36120756e18e81dd317d312102e51f45d0b8

SHA512
3186fc6db8b3534df6bbbaa6b2cf996e39671978f7888970136d615523dcd25a7d1d1caf8d7cfb54e45327d3e8ae751d4ae374bd4098b139755de9c5ddc4ef03

Download Submit
C:\Windows\system\HoNWdmx.exe

Filesize
6.0MB

MD5
b4021cf5bff11ee14dcd9e5033f665ee

SHA1
5bbe7303e1978cbae36f2c17ad7cc1eaa1a12776

SHA256
657efe9902bcc0868fb7818ec6f9b1ef6636c3537c54214b5e8bab12290d49e6

SHA512
8ce6521a6b3fa373b6ea89f742cb343c01172fd05907227151c1560ee8aaab0fb989d41522e37a6c03669413de66e2009659b598f669523ef64bff5f644eaec3

Download Submit
C:\Windows\system\ICwpaet.exe

Filesize
6.0MB

MD5
77de591b3e793d7cc99f64cf96f1bb40

SHA1
3b8867259a30c9ed4f9cf590e520541d357599a9

SHA256
55a1430ff974681bc969e79bda9bb15e2304ad957e8a5b84ca89529043656eb2

SHA512
1f4dcb8e932bb59e27552e9ed52a7db7e9272bf026709ae6103fdb3bb86844815667864010d2397d48bd536de047c619f31ef0c847a7fa18e7096191a33d77de

Download Submit
C:\Windows\system\JajOFNl.exe

Filesize
6.0MB

MD5
363ceaaf83af25803cfa719a3c0651bb

SHA1
43dd7775b9f1d72fb009a3eda9ff1b2a70019869

SHA256
5f218a14f82e119a6cf73e2f4d01e917cc620e4a64871896768b5471bc30d404

SHA512
a2e2e4cadd30639591de4da3326300446a1f73bd9303771aabacdc9461cb5c95fbd1a79f5134a059ea52101c7e5a709d418788b1edd42ad7ab25aa74613794a5

Download Submit
C:\Windows\system\NcftEvW.exe

Filesize
6.0MB

MD5
7c8e9124fc5fd467a8703e204fbd95c6

SHA1
05883791d7751a4ef61c0ed7c83911ad98af7b8e

SHA256
82f39219640f2a02c5743be3b43369a9d75669e0353e1842bf5126e62db4cb1f

SHA512
0a47a6fc71a93de9f7738130fee0d41531a43739b7ffa8cb7f88ff547329c4e36c24794f30e0064a7cf63588a0ec649ac9e1f57194f840cc6d67769f2792ce91

Download Submit
C:\Windows\system\NcvXoHH.exe

Filesize
6.0MB

MD5
4e7ec6d64ad06b22746c94311eff3810

SHA1
60ae58451cb508f5124ab4953e82e2f7a196a009

SHA256
4f324c4cc03d9dfeb4b8e07334308f52ee95b2390feefa1e5fb80ccbee0f5edb

SHA512
8f54c01e589d10ff9b84519dd6463d0ac4a7482853b851cf4bc0945183c3fd78aea907ea35fb531a6d0eb348db0e595bc3e7bec2fa0232e1cf1fb3d7f22ac05e

Download Submit
C:\Windows\system\OUJxkfQ.exe

Filesize
6.0MB

MD5
1a28e1b45bef61b18c298e00ae209e0e

SHA1
9c2f6861cd73530d6fd0d879fe65e76206d6a0ff

SHA256
4d06eb9bfd1567296a9e3cb8c7835c1ae46de1ddfa9c917d2dd128c626ffaf11

SHA512
61c568f46a1d86c943fabad5f78caf73a0d92b9e89c2851861e369eaf97efe4f6dcd4f549350e20af212255d5de72337b12334673b63f21b0047299c6bbebe41

Download Submit
C:\Windows\system\OkeGTNp.exe

Filesize
6.0MB

MD5
16c3d9561f2c62636fb7cd1efc241258

SHA1
52b63a4a8114924156876fd0576f9a680b4b71d2

SHA256
4341ffb2daf56decebf5bf51d2ef82218c1d4e6a41ff814e28ce9eed27080629

SHA512
bd8b77baa0e09b2bf5e4bcb519ba6cbb394661e14d8994ede891658ba356ef4bf5a012e431c7a4d2ac8ce2a53930e4c0251504a525c7767a483290b46fe0a9b7

Download Submit
C:\Windows\system\POxTDFv.exe

Filesize
6.0MB

MD5
18b3a72df4f691e10deabb724e5ba824

SHA1
814d41d8fb727bf11d69ab375259e3490ce49b0b

SHA256
4452f9a274268fa389c0d3b19107895515eb182b23cae2fe24d619fabb00260b

SHA512
876617f5992c74f1cff29793d5b4e4d0e7d9db8a1ddea19860ac0a911eb793b5acf73fa6dc5c7fd55fb04c0b15cb5960312db962c7c6257392c63ac2981c52d8

Download Submit
C:\Windows\system\QzhqFsI.exe

Filesize
6.0MB

MD5
e48ed2fee9cf6462c36b3b866f2ae207

SHA1
85b753207c0718236eb309331a61bbf25a2927cb

SHA256
60b75f767338dadf92f7663fecf1f1bd1ec27aab6c1d0ecaf30a4759ab4dd00d

SHA512
7b105a54ee3232691bb8e41c184818c479d6f8ebf4df83dc80d12eee31a52ca289fe466da81c41efed823ca29b5cb7166dd4f5164b8c6fb72c777f6ac4cc1764

Download Submit
C:\Windows\system\RrdlghT.exe

Filesize
6.0MB

MD5
389f2b7be766be8d8ff3ce172f172631

SHA1
33924738df65c00284f10dee72aec354d4b4ce6d

SHA256
7a8f949bff327e9407ea03287d0a7eb3c9d3f2de05f2052d3ff9c0ea148cfa1f

SHA512
d26c6eb1bb78c0424729353cf95a3466bc2a1bd510790d8bad50f9b1466314a4e298fdde4709ad1e223f9162811d497f7b85eba87a057a3ac6fc3d86400b6e04

Download Submit
C:\Windows\system\TdHiSxE.exe

Filesize
6.0MB

MD5
fd99eb05f032f11922ea44e36a2a4c68

SHA1
cf7d36ed2191c979714bebc6383824002f9571e5

SHA256
c5589165683e5b0215e3ef29d42aea46f160660708f739baa4d9c99022d04e0e

SHA512
457cfe51818a10f573a1e838f1d2d80cad1c85b23c33ec6ea43af1705ae8ced9d6b16ead59d760b4b67ead79ce371c80f955cd7593ae577f3742eee6fef42a93

Download Submit
C:\Windows\system\XrkRbVs.exe

Filesize
8B

MD5
14b461b76be1e9871da49ef1975dc011

SHA1
7d1bd1c0f3fc14ae3ca169cc09d763b97dedd229

SHA256
8f2185d3ee39cd7c66d0c259dc9a4e7be92634a2a60b4f89f14e5391a16dcb27

SHA512
d49f8cda5d955c3963b04a45ce15e3ca3f26df346e854766aee0a0ffdb4ce5a05a6ff8ad4941ce8d2dd010d66f688457e4003d7a55455fede82e00f9f8e97373

Download Submit
C:\Windows\system\XtzLfZr.exe

Filesize
6.0MB

MD5
720dd33ea4ef4ae5ed02c59599e2811a

SHA1
99e8ba11ae6cdd1a66571d3b09eab9c91c751bca

SHA256
8654afed8c1fe4709e1a2b0079de0365a1e3203c44f43a7a070ec0d72dc72e0c

SHA512
e549eb29bdf255a1c597c81e6e539cb44bbe1f3e2d914e2cf23b31ebb0e729103a3e39f1fa30f393f0f5c92122fe05c8425d0bcef3d8bf0e654e0f93b9175a0a

Download Submit
C:\Windows\system\ZDYboIU.exe

Filesize
6.0MB

MD5
f467be307706022a45c27107fa469ab9

SHA1
57fa56d28db8f21c169e7ed654922693f146e5b8

SHA256
a6eb4fa23b85fd7ee7b377027a151ed87f5f4d7a2248c59c1d0cd6c0c8bd94c3

SHA512
0965f1c50334c582b1d30aecdea99a4dacf4f3120222fa5dc250daf97fea6631286e1456c0df22b1e65c432c3c447883f9d8a8b253cc847d10d5db466e0f9935

Download Submit
C:\Windows\system\buMXhpL.exe

Filesize
6.0MB

MD5
b3a54cfe00eb238d56bdb599dcd4dec8

SHA1
95700dd2cb374d2aef15c9bca3ea6ee3c49ebe09

SHA256
37a4eae045dc31cdf497b580acd5c60d76afd90c7bd2bd78c986506e5b1feb0e

SHA512
927644a786d59a70f0d9a252c7bbd3c76b0a1adab4d25afdc576a56612446eba1d11365983c99d6734c40d81f79546195e9d7c747257401f0e727b8becf12eaa

Download Submit
C:\Windows\system\cOSUDRE.exe

Filesize
6.0MB

MD5
d8b71235a7cd0c41f1a639a095351942

SHA1
3864ad54ed1c7d84755104a99272c9b84744d041

SHA256
495f625103181010ab06df625dcd501c7ee2877176ce09fba761316509e89a63

SHA512
6e55f60cfcb0c0685ace83574329afa1322dcb31524ff7d8a5a24eb31a953dcc34a20f5dc50be047611ce133fc2b44b59a6dc76c9116700c590f2045b94b3483

Download Submit
C:\Windows\system\emaDdFi.exe

Filesize
6.0MB

MD5
afcfc6b5055060d94e3c3da9611bd2e3

SHA1
d9423b5b039e5e39a4b200a0b4b33514c5480318

SHA256
cb40d04c255b6cad3586bfe426afcd55b345b32b4e86d1cb3851b8d4e289e36c

SHA512
b354e01aab81d5f56efee157193116f6b232be64431b087dece0f281a7a017cf772e57948bbff9888542fe0e41aeefaa59932c6e4227db65eb7d5c48251b5354

Download Submit
C:\Windows\system\fLdtUGf.exe

Filesize
6.0MB

MD5
9246b3794b15e33c6edccb7f2ffa162d

SHA1
17a95c8ef5f65b75cf5d4fd9870c4ecfda9f16a0

SHA256
62831d1b61eccd25cb6fa5475a24f13e9c7e13016629ee59bb87bb8f47ba1f1d

SHA512
e9aa424c4591d794ccf1b16b1f88d42a08d91cb68b55cdd54e35f691895ff1f5ac59ddecebdc66b427c5393ca59377f93ca76e065baba78b22fbc7220eea0865

Download Submit
C:\Windows\system\iCULxkw.exe

Filesize
6.0MB

MD5
b3915f82f7f9e47a13edc404ad269d68

SHA1
edf3c3f6691ff37c6b3b968955720a7ea1064a2d

SHA256
7529b41f4cfcd2860e1727ca0434704d31328c56db52c918eac29739f9d117cc

SHA512
47d5daaa325a2ce2d46e71e60b63b11e3edd293d394d9619f6c265ccb888932d8cee0e9f94e3500acb32335bafd38ae9da6759cbf84e83fd097c77aa28817fa9

Download Submit
C:\Windows\system\irydjut.exe

Filesize
6.0MB

MD5
fd5becc890d8c493eef3cb69137f5d3a

SHA1
de91e91d3fb81469e572547b0426e0dedea9ce4d

SHA256
69c4f02eb5a8427629a3d0a793affc6ea80d5d39ab77029c43c57529d7417217

SHA512
b68823e7c4110eb86d191bb8a26d5d65af48baa1f6a4061bc7f8dd3293365181029f987dd5fd56ba54e271841ccb6a72082595f8864e01de0485c67e1a623be7

Download Submit
C:\Windows\system\nqAiXUT.exe

Filesize
6.0MB

MD5
ef4410a8a600f7e1a1961547244bb7af

SHA1
30b337116f870a586ce2666c7d65b0d48e36aa0b

SHA256
d82a6e149f48c7948490d2f648add8bf3e90ceb6f9a6e243f8b589eebced3a85

SHA512
01f29501ca0ae9cd8d9fa35430ec73afb1afa658a5dfe2bc5d5529cfacabd6ff9f714f1ce2385c9822ef1b2c3aff228088e8825fd56b60fe51bd42ca3529de75

Download Submit
C:\Windows\system\qUsWWvY.exe

Filesize
6.0MB

MD5
5248bc6bf7a0aefb350b208b3ef1f741

SHA1
faf8ac8cc78e18932ba942afb34bc1d6929b448e

SHA256
54f99ea98062421aecde939ba485522a8f94a7419b7968487b4192b26e1cf559

SHA512
cb44b46541e1c215be4a4149041add29837096b7f79873c6deff6ecf997d8bec2eee0814be5096d6149a73de07532969206795e63078af3bcb339e8cb587e857

Download Submit
C:\Windows\system\qkeYaGd.exe

Filesize
6.0MB

MD5
f423266e3d529daf09412b7e3ca940b8

SHA1
eefc7e94447d13d5293ad3cc52ae9365e4c7623a

SHA256
0d2a0444f579ef7591b782dabfed1a2b6c6104346ff453058b701ce8bc71dd51

SHA512
299c1f05ce6c653a56b36801f4ee9cde9e426019f2f157f317312e8405363818203dbdb3fdd2c00da4509ef2429236e54db33f97a7bd17285ae3cb013cbeb3fb

Download Submit
C:\Windows\system\rbbnlOb.exe

Filesize
6.0MB

MD5
8b2115a45654bb9ae0fb9b2f3769258f

SHA1
6c3ed2d37ab23a9142af463df89232d4711f5dbe

SHA256
2aec76d71be7e5e6dd6755da9b6c2308cd074b033196b5551675c51e19ffa040

SHA512
490240ca622c4adeb90d6f1a2a1715dc3fef54908234cb09939cf637838c70ce31493fa4af580abfc8437161a1e01f317466b635bc59d9a9529175df6f43a83c

Download Submit
C:\Windows\system\tCWPZyZ.exe

Filesize
6.0MB

MD5
f61ef8fca0c6d40420f049acc75d4803

SHA1
97c2dae4cb9a12f9274ab024fdda5e33da14be51

SHA256
b81554ce6e8f5d9ffea6bc7c687355c9a540032314771bde6df19519464fdc9f

SHA512
430db3432914cce9682d6c82f6275da4167ffb26a568df25056051501484cfed1be1092ea51eea696bd5e75640b5cccde0e2817c7df89a8d163a260a5e64c8c7

Download Submit
C:\Windows\system\uNCGwBJ.exe

Filesize
6.0MB

MD5
5c118c73c15bd0962e0d5a693ef880ea

SHA1
e3c349a854684b79967decde35e72a53c2890047

SHA256
117e08c3b22e62b0f7405103518e8492403e915e80522efb22cd090b54f7f67f

SHA512
a15455a9a8baf281285460c809548ca9615b666369fe02bccc2d5b9e1b11f28d16a473cd56f6aeae8c7b878b751ccd16cd485b2952287f5fa0ad22f69954f335

Download Submit
C:\Windows\system\wdXhVnu.exe

Filesize
6.0MB

MD5
d4c500c5bdb4c0ddbd327e35c0eed42e

SHA1
16592590cea127927cbc4e25d2a12e079b54f06a

SHA256
57ae0b2ce7db7504d15fa4c1d7aec1d1dc294fa3d9f8eced78e39447ffa7e7bc

SHA512
1fe325037d0be983fbbafd872a736d59d8e68afd1e17a249c3bdeec6b2bba10a0966e7ee70548def244a9f7a1912301b73702683a967102075f6ce013dff5ca8

Download Submit
C:\Windows\system\xbwSPLw.exe

Filesize
6.0MB

MD5
314980bbba649981a59f08bc45d5558a

SHA1
ec30d4120a5f2f0661dc1eca1e04527aebbb7fec

SHA256
ab9b04fc593892dce46a9b2ba55cb729929fb9442a57a82be9b8ec1cbbee0db6

SHA512
9bc2d4d9cbf578a3dbf9c7daaea32e54485838ab51879459411395f9377a520bfeb897786ae494debe82b88c8080c0949dc9cdcabaf12d814ddff747e0238490

Download Submit
\Windows\system\DJzcGVJ.exe

Filesize
6.0MB

MD5
66f492618f0ded3f9885446d30e6b158

SHA1
9612e2e72bbba505de96bff22cdbdced2c804834

SHA256
f9593c5d0af5f287dd9b6c2a3d71447506eea4cb8f2ae2dfcef1a896b6e97dd9

SHA512
c4985163b50c3a5e491125e09b5350abecc2585a498e91380cbd783450643d0946c107fb2696be74ddb5ad16deceddd7cd73255ccc006efb7c562d9b57e2895b

Download Submit
\Windows\system\VTpWyds.exe

Filesize
6.0MB

MD5
b462ad8bdaac67b1a8f57ca6ed008574

SHA1
b50dc0b9e433c07fa7c1c5cee0687dcc5788e8b3

SHA256
bea5035927e063761e9afa3d27d4fc541863b4e13f7116d15e4e6401e1e7ceea

SHA512
1b1b2ecd3cc4e4972b4c052fc3ab6bd3b182939be1712b1cfe124422a08dfa8d952313eb97427bd9426e7e0d91478e3ec20bfe460e6a0d74fa55ccedc08fe11a

Download Submit
\Windows\system\eyBefTA.exe

Filesize
6.0MB

MD5
188c01f612f83f1dac0967ce37ebbee9

SHA1
13bba1c1f010b60512f59725fc4c624791f91c70

SHA256
3444c2b43b86c6a7191c81b93158d8d0bd05b7de5139e54eaa0e55a3f7cab3db

SHA512
c27037c8c4732af172fad3103b32ad45a12501b122458464e7ade4bd093eb5eec5e25d79951b331ded67da1405be361e62a4c2fa0a15554696bb43c7eb31768c

Download Submit
memory/404-97-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/404-602-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/404-3444-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/1096-93-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-92-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/1096-31-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-40-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1096-37-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-238-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1096-53-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/1096-17-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-517-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-61-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1096-69-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-16-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-111-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-110-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-77-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1096-25-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-102-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-101-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1096-900-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-0-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-693-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1476-46-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1476-3431-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1476-12-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1556-3442-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1556-81-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1556-266-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1700-89-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/1700-428-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/1700-3443-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2072-88-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-3429-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-50-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-15-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2104-3372-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2224-73-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-35-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-3412-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-756-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2684-107-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3445-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3437-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2736-66-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2736-106-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2748-74-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2748-207-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3436-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2820-58-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3424-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2820-96-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3435-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-21-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-57-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-3423-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-65-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-29-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-3394-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-41-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-80-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download